master: subtree updates oct 4 2023

poky: 61531cd395..e444d2bed0:
  Adrian Freihofer (3):
        lib/oe/utils: Refactor to make multiprocess_launch callable without d
        lib/oe/package: Refactor to make strip_execs callable without d
        oeqa/selftest/devtool: Refactor runqemu pre-requisites

  Alexander Kanavin (69):
        cargo-c-native: fix version check
        igt-gpu-tools: do not write shortened git commit hash into binaries
        curl: build and run the full set of ptests
        ptest: report tests that were killed on timeout
        perl: use 64 bit integers across all targets
        perl: ensure all failures are caught
        strace: parallelize ptest
        strace: remove from time64.inc exception list
        busybox: enable 64 bit shell arithmetic (via long long type)
        openssl: parallelize tests
        openssl: ensure all ptest fails are caught
        glibc-tests: rename to glibc-y2038-tests
        sysstat: merge .inc into .bb
        sysstat: update 12.6.2 -> 12.7.4
        glib-2.0: update 2.76.4 -> 2.78.0
        ovmf: update edk2-stable202305 -> edk2-stable202308
        libdnf: update 0.70.1 -> 0.71.0
        liburi-perl: update 5.17 -> 5.21
        python3-pygobject: update 3.44.1 -> 3.46.0
        go-helloworld: update to latest revision
        gzip: update 1.12 -> 1.13
        procps: update 4.0.3 -> 4.0.4
        screen: update 4.9.0 -> 4.9.1
        gobject-introspection: update 1.76.1 -> 1.78.0
        igt-gpu-tools: update 1.27.1 -> 1.28
        libva-utils: update 2.19.0 -> 2.20.0
        piglit: update to latest revision
        groff: add a patch to resolve build races
        groff: fix another build race via backport
        systemd: upgrade 254 -> 254.4
        util-linux: upgrade 2.39.1 -> 2.39.2
        cmake: upgrade 3.27.4 -> 3.27.5
        jquery: upgrade 3.7.0 -> 3.7.1
        python3-setuptools-rust: upgrade 1.6.0 -> 1.7.0
        vulkan: upgrade 1.3.250.0 -> 1.3.261.1
        libxcb: upgrade 1.15 -> 1.16
        xcb-proto: upgrade 1.15.2 -> 1.16.0
        boost: upgrade 1.82.0 -> 1.83.0
        btrfs-tools: upgrade 6.3.3 -> 6.5.1
        createrepo-c: upgrade 0.21.1 -> 1.0.0
        debianutils: upgrade 5.12 -> 5.13
        diffoscope: upgrade 244 -> 249
        ethtool: upgrade 6.3 -> 6.5
        font-util: upgrade 1.4.0 -> 1.4.1
        freetype: upgrade 2.13.1 -> 2.13.2
        ghostscript: upgrade 10.01.2 -> 10.02.0
        iproute2: upgrade 6.4.0 -> 6.5.0
        json-c: upgrade 0.16 -> 0.17
        kmscube: upgrade to latest revision
        libarchive: upgrade 3.7.1 -> 3.7.2
        libsdl2: upgrade 2.28.0 -> 2.28.3
        libsolv: upgrade 0.7.24 -> 0.7.25
        man-pages: upgrade 6.04 -> 6.05.01
        meson: upgrade 1.1.1 -> 1.2.1
        mmc-utils: upgrade to latest revision
        mtd-utils: upgrade 2.1.5 -> 2.1.6
        puzzles: upgrade to latest revision
        python3-dtschema: upgrade 2023.6.1 -> 2023.7
        python3-git: upgrade 3.1.35 -> 3.1.36
        python3-libarchive-c: upgrade 4.0 -> 5.0
        python3-setuptools: upgrade 68.2.1 -> 68.2.2
        python3-sphinx: upgrade 7.2.5 -> 7.2.6
        seatd: upgrade 0.7.0 -> 0.8.0
        sqlite3: upgrade 3.43.0 -> 3.43.1
        tiff: upgrade 4.5.1 -> 4.6.0
        vala: upgrade 0.56.8 -> 0.56.13
        xf86-input-libinput: upgrade 1.3.0 -> 1.4.0
        xwayland: upgrade 23.1.2 -> 23.2.1
        python3-setuptools-scm: fix upstream version check

  Alexandre Belloni (1):
        python3: fix SoB on patch

  Antoine Lubineau (1):
        cve-check: add CVSS vector string to CVE database and reports

  Bruce Ashfield (9):
        linux-yocto/6.4: update to v6.4.15
        linux-yocto/6.1: update to v6.1.52
        linux-yocto/6.4: update to v6.4.16
        linux-yocto/6.1: update to v6.1.53
        linux-yocto/6.1: update to v6.1.55
        linux-yocto-dev: update to v6.6-rcX
        linux-yocto: introduce 6.5 reference kernel recipes
        linux-libc-headers: uprev to v6.5
        linux-libc-headers: default to 6.5

  Charles-Antoine Couret (1):
        systemd-boot-cfg: add .conf suffix to default entry label

  Chen Qi (1):
        python3: add cpython to CVE_PRODUCT

  Daniel Semkowicz (2):
        wic: bootimg-partition: Fix file name in debug message
        uboot-extlinux-config.bbclass: Add missing variable descriptions

  Deepthi Hemraj (2):
        binutils: stable 2.41 branch updates.
        glibc: stable 2.38 branch updates.

  Denys Dmytriyenko (2):
        bitbake.conf: add MACHINE to SDK_NAME
        spdx: use TOOLCHAIN_OUTPUTNAME for SDK filename prefix

  Derek Straka (1):
        pypi.bbclass: Update the upstream checks to automatically replace '_' with '-'

  Eilís 'pidge' Ní Fhlannagáin (2):
        lib/oe/package_managegment: Add nativesdk-intercept PATH
        update_mandb: deb fails due to missing man cache

  Etienne Cordonnier (1):
        bitbake: bitbake-worker/runqueue: Avoid unnecessary bytes object copies

  Insu Park (1):
        bitbake: data: Add missing dependency handling of remove operator

  Jan Garcia (1):
        insane.bbclass: Count raw bytes in shebang-size

  Joshua Watt (6):
        classes/create-spdx-2.2: Add extra debugging for missing package files
        nfs-utils: Don't start nfs-statsd.service without exports
        nfs-utils: Add StateDirectory for systemd services
        bitbake: utils: Add path_is_descendant()
        bitbake: fetch2: git: Use path_is_descendant() instead of path for repo check
        classes/create-spdx-2.2: Show error if document is not found

  Julien Stephan (1):
        bitbake: bitbake: cooker: add a new function to retrieve task signatures

  Kai Kang (2):
        goarch.bbclass: not compatible with riscv32
        adwaita-icon-theme: 43 -> 45.0

  Khem Raj (25):
        perl: Add packageconfig for setlocale functionality differences
        libc-test: Run as non-root user
        coreutils: Upgrade to 9.4
        coreutils: Add config.h to ptest package
        gettext: Add missing dependency on gawk autoconf
        util-linux: Disable failing tests on musl
        Revert "util-linux: scanf_cv_alloc_modifier changed from 'as' -> 'ms'"
        util-linux: Fix lscpu on musl
        qemu: Add PACKAGECONFIG for dax
        llvm: Upgrade to 17.0.1
        oeqa: Use 2.14 release of cpio instead of 2.13
        musl: Update to latest
        bsd-headers: Define __CONCAT and __STRING
        mesa: Update clang-17 patch to upstream v2
        musl-legacy-error: Add recipe
        elfutils: Depend on musl-legacy-error for musl targets
        debugedit: Use musl-legacy-error
        systemd: Drop two upstreamed musl patches
        systemd: Refresh patches to avoid patch-fuzz
        glib-2.0: Enable possible locales with musl for ptests
        glib-2.0: Remove failing ptests on musl
        llvm: Upgrade to 17.0.2
        createrepo-c: Fix function declaration bug found with clang
        mesa: Simplify llvm-17 patch
        mesa: Fix native build on hosts with llvm-dev installed

  Lee Chee Yang (2):
        bind: update to 9.18.19
        cups: fix CVE-2023-4504

  Markus Volk (8):
        mesa: upgrade 23.1.3 -> 23.1.7
        libportal: upgrade 0.6 -> 0.7.1
        appstream: import recipe from meta-oe
        libadwaita: upgrade 1.3.4 -> 1.4.0
        maintainers.inc: add missing entries for appstream and libxmlb
        libxmlb: import recipe from meta-oe
        pulseaudio: dont include consolekit for systemd
        mesa: Upgrade 23.1.7 -> 23.1.8

  Marta Rybczynska (3):
        python3-ply: add to nativesdk
        python3-isodate: add homepage
        python3-rdflib: add homepage

  Martin Jansa (3):
        gcc: backport a fix for ICE caused by CVE-2023-4039.patch
        fontcache.bbclass: avoid native recipes depending on target fontconfig
        multilib_script.bbclass: expand script name as well

  Matthias Schnelte (1):
        bitbake: fetch2: Adds vscode devcontainer support

  Michael Opdenacker (18):
        base: add newline before LICENSE_FLAGS_DETAILS
        dev-manual: new-recipe.rst fix inconsistency with contributor guide
        contributor-guide: recipe-style-guide: add Upstream-Status
        dev-manual: licenses: update license manifest location
        dev-manual: licenses: mention SPDX for license compliance
        dev-manual: disk-space: improve wording for obsolete sstate cache files
        sdk-manual: extensible.rst: fix multiple formatting issues
        alsa-lib: upgrade 1.2.9 -> 1.2.10
        alsa-utils: upgrade 1.2.9 -> 1.2.10
        shadow: fix patch Upstream-Status
        libevent: fix patch Upstream-Status
        alsa-utils: update patch Upstream-Status
        alsa-lib: fix patch Upstream-Status
        lib/oe/qa: remove obsolete "Accepted" string for Upstream-Status
        lib/oe/qa: update guidelines link for Upstream-Status
        bsp-guide: bsp.rst: replace reference to wiki
        dev-manual: new-recipe.rst: replace reference to wiki
        maintainers.inc: add self for flac recipe

  Mikko Rapeli (9):
        openssh: update Upstream-Status to Denied in test logging patch
        openssh: improve banner ptest failure logging
        testimage.bbclass: detect slirp from TEST_RUNQEMUPARAMS
        oeqa dnf_runtime.py: fix HTTP server IP address and port
        oeqa selftest runtime_test.py: append to TEST_RUNQEMUPARAMS
        selftest runtime_test.py: add testimage.bbclass slirp test
        openssh: capture logs in run-ptest
        testimage.bbclass: remove QEMU_USE_SLIRP variable
        oeqa/selftest/context.py: check git command return values

  Ninad Palsule (1):
        kernel-fitImage: Strip path component from dtb

  Peter Kjellerstedt (7):
        libsoup-2.4: Only specify --cross-file when building for target
        libsoup: Only specify --cross-file when building for target
        bitbake: tinfoil: Do not fail when logging is disabled and full config is used
        bitbake: bitbake-getvar: Make --quiet work with --recipe
        bitbake: bitbake-getvar: Make --value imply --quiet
        bitbake: bitbake-getvar: Add a (suppressable) error for undefined variables
        bitbake: bitbake-getvar: Treat undefined variables as empty with --value

  Peter Marko (2):
        openssl: Upgrade 3.1.2 -> 3.1.3
        json-c: define CVE_VERSION

  Qiu Tingting (1):
        tar: add ptest support

  Richard Purdie (34):
        bitbake.conf: Add IMAGE_BASENAME to SDK_NAME
        vim: Upgrade 9.0.1664 -> 9.0.1894
        defaultsetup: Inherit create-spdx by default
        oeqa/selftest/runtime_test: No need to use append with TEST_RUNQEMUPARAMS
        devtool/build_sdk: Drop unused imports
        bitbake: lib: Drop inotify support and replace with mtime checks
        bitbake: server/process: Disable the flush() call in server logging
        recipetool/devtool: Ensure server knows about changed files
        lttng-tools: Upgrade 2.13.10 -> 2.13.11
        oeqa/selftest/wic: Improve assertTrue calls
        elfutils: Fix reproducibility issue with bunzip2
        bitbake: cooker: Drop unneeded flush calls
        sstate: Fix nativesdk entry in SSTATE_ARCHS
        multilib: fix SSTATE_ARCHS for multilib usage
        license/license_image: Fix license file layout to avoid overlapping files
        oeqa/selftest/bbtests: Improve and update test_non_gplv3
        create-spdx/sbom: Ensure files don't overlap between machines
        sstate: Stop allowing overlapping symlinks from sstate
        recipes: Drop remaining PR values from recipes
        bitbake.conf: No longer support PR from filename
        oeqa/selftest: Fix broken symlink removal handling
        oeqa/selftest/reproducible: Avoid oe-selftest startup delays
        oeqa: Streamline oe-selftest startup time
        oeqa/selftest/oescripts: Avoid variable access at module load
        bitbake: codeparser: Update debug variable reference
        contributor-guide/style-guide: Refer to recipes, not packages
        contributor-guide/style-guide: Add a note about task idempotence
        lib: Import packagedata oe module by default
        oeqa/runner: Ensure class setup errors are shown to bitbake logging
        create-spdx: Ensure it is clear where the message comes from
        oeqa/utils/gitarchive: Handle broken commit counts in results repo
        python3-numpy: Fix reproducibility issue
        scritps/runqemu: Ensure we only have two serial ports
        glibc: Pull in stable branch fixes

  Robert Joslyn (2):
        curl: Update from 8.2.1 to 8.3.0
        curl: Skip tests marked flaky

  Robert Yang (1):
        libxcrypt-compat: Remove libcrypt.so to fix conflict with libcrypt

  Roland Hieber (7):
        template: fix typo in section header
        ref-manual: point outdated link to the new location
        contributor-guide: recipe-style-guide: add more patch tagging examples
        contributor-guide: recipe-style-guide: add section about CVE patches
        contributor-guide: discourage marking patches as Inappropriate
        contributor-guide: deprecate "Accepted" patch status
        contributor-guide: style-guide: discourage using Pending patch status

  Ross Burton (19):
        packagegroup-core-x11-xserver: add modesetting driver to default XSERVER
        machine/qemu*: add modesetting drivers to XSERVER
        beaglebone-yocto: remove redundant XSERVER assignment
        gcc: Fix -fstack-protector issue on aarch64
        testimage: respect target/server IPs when using slirp
        manuals: document LICENSE_FLAGS_DETAILS
        linux-yocto: update CVE ignores
        libwebp: upgrade to 1.3.2
        oeqa/runtime/parselogs: remove unused imports
        oeqa/runtime/parselogs: don't bother to show target hardware information
        oeqa/runtime/parselogs: remove obsolete LSB testing support
        oeqa/runtime/parselogs: inline single-caller functions
        oeqa/runtime/parselogs: improve find call
        oeqa/runtime/parselogs: don't pass around members
        oeqa/runtime/parselogs: move some variables out of global scope
        oeqa/runtime/parselogs: select the correct machine-specific ignores early
        oeqa/runtime/parselogs: parse the logs with Python, not grep
        webkitgtk: reduce size of -dbg package
        bitbake: bitbake/lib: spawn server/worker using the current Python interpreter

  Samantha Jalabert (14):
        python3-isodate: Copy recipe from meta-python
        python3-booleanpy: Copy recipe from meta-python
        python3-beartype: add recipe
        python3-click: Copy recipe from meta-python
        ptest-packagelists.inc: add python test click
        python3-license-expression: Copy recipe from meta-python
        ptest-packagelists.inc: add python test license-expression
        python3-rdflib: Copy recipe from meta-python
        python3-uritools: add recipe
        python3-xmltodict: Copy recipe from meta-python
        ptest-packagelists.inc: add python test xmltodict
        python3-spdx-tools: add recipe
        qa: Add selftest for python3-spdx-tools
        maintainers.inc: add python3-spdx-tools and dependencies

  Sean Nyekjaer (1):
        gcc: depend on zstd

  Stefan Tauner (1):
        gdb: fix RDEPENDS for PACKAGECONFIG[tui]

  Stephan Wurm (1):
        python3-jsonschema: Update homepage URL

  Tim Orling (1):
        python3-cryptography{-vectors}: upgrade to 41.0.4

  Trevor Gamblin (6):
        patchtest: Add tests from patchtest oe repo
        patchtest/selftest: remove configurable target
        patchtest: add requirements.txt
        patchtest: Add README.md for selftests
        python3-ptest: skip test_input_no_stdout_fileno
        patchtest/selftest: only split resultlines once

  Ulrich Ölmann (1):
        packagegroup-base: clean up setting packagegroup-machine-base's SUMMARY

  Wang Mingyu (36):
        alsa-ucm-conf: upgrade 1.2.9 -> 1.2.10
        at-spi2-core: upgrade 2.48.3 -> 2.48.4
        dbus: upgrade 1.14.8 -> 1.14.10
        debianutils: upgrade 5.8 -> 5.12
        dnf: upgrade 4.16.1 -> 4.17.0
        harfbuzz: upgrade 8.1.1 -> 8.2.0
        kexec-tools: upgrade 2.0.26 -> 2.0.27
        libinput: upgrade 1.23.0 -> 1.24.0
        libnl: upgrade 3.7.0 -> 3.8.0
        nghttp2: upgrade 1.55.1 -> 1.56.0
        ccache: upgrade 4.8.2 -> 4.8.3
        pkgconf: upgrade 2.0.2 -> 2.0.3
        python3-git: upgrade 3.1.34 -> 3.1.35
        python3-hypothesis: upgrade 6.84.0 -> 6.84.3
        python3-pyelftools: upgrade 0.29 -> 0.30
        python3-pytest: upgrade 7.4.1 -> 7.4.2
        python3-setuptools: upgrade 68.1.2 -> 68.2.1
        strace: upgrade 6.4 -> 6.5
        stress-ng: upgrade 0.16.04 -> 0.16.05
        wayland-utils: upgrade 1.1.0 -> 1.2.0
        wireless-regdb: upgrade 2023.05.03 -> 2023.09.01
        at-spi2-core: upgrade 2.48.4 -> 2.50.0
        enchant2: upgrade 2.5.0 -> 2.6.1
        harfbuzz: upgrade 8.2.0 -> 8.2.1
        kbd: upgrade 2.6.2 -> 2.6.3
        libsecret: upgrade 0.21.0 -> 0.21.1
        gobject-introspection: upgrade 1.78.0 -> 1.78.1
        python3-numpy: upgrade 1.25.2 -> 1.26.0
        python3-hypothesis: upgrade 6.84.3 -> 6.86.2
        python3-pycryptodome: upgrade 3.18.0 -> 3.19.0
        python3-pycryptodomex: upgrade 3.18.0 -> 3.19.0
        python3-smmap: upgrade 5.0.0 -> 6.0.0
        python3-trove-classifiers: upgrade 2023.8.7 -> 2023.9.19
        python3-typing-extensions: upgrade 4.7.1 -> 4.8.0
        python3-urllib3: upgrade 2.0.4 -> 2.0.5
        python3-zipp: upgrade 3.16.2 -> 3.17.0

  Yash Shinde (1):
        glibc: fix CVE-2023-4527

  Yogita Urade (2):
        tiff: fix CVE-2023-40745
        tiff: fix CVE-2023-41175

meta-openembedded: eff1b182c1..ea42cec2ec:
  Alex Kiernan (2):
        mdns: Upgrade 1790.80.10 -> 2200.0.8
        jq: Upgrade 1.6+git -> 1.7

  Archana Polampalli (2):
        python3-appdirs: print ptest results in unified format
        nodejs: upgrade 18.17.1 -> 20.5.1

  Armin Kuster (1):
        openldap: update to 2.5.16.

  Bruce Ashfield (2):
        zfs: update to v2.2.0-rc4
        vboxguestdrivers: fix kernel v6.5 build

  Chi Xu (1):
        mariadb: Add ptest support

  Clément Péron (6):
        etcd-cpp-apiv3: upgrade 0.14.3 -> 0.15.3
        devtools: grpc: bump to 1.56.2
        protobuf: upgrade 4.22.2 -> 4.23.4
        protobuf-c: bump to next release to support protobuf 4.23.x
        mariadb: add missing <cstdint> in rocksdb string_util.h
        etcd-cpp-apiv3: fix build when gRPC is cross compiled

  Daniel Semkowicz (2):
        cockpit: Move packagekit to a separate package
        cockpit: Move apps to a separate package

  Derek Straka (54):
        python3-absl: Update version 1.4.0 -> 2.0.0
        python3-brotli: Update version 1.0.9 -> 1.1.0
        python3-cachecontrol: Update version 0.13.0 -> 0.13.1
        python3-cantools: Update version 38.0.2 -> 39.2.0
        python3-cerberus: Update version 1.3.4 -> 1.3.5
        python3-configshell-fb: Update version 1.1.29 -> 1.1.30
        python3-custom-inherit: Update version 2.3.1 -> 2.4.1
        python3-distlib: Update version 0.3.6 -> 0.3.7
        python3-fasteners: Update version 0.18 -> 0.19
        python3-filelock: Update version 3.12.0 -> 3.12.4
        python3-bleak: Update version 0.20.2 -> 0.21.1
        python3-dynamic-dispatch: Correct the upstream regex check for version upgrades
        python3-google-api-python-client: Update version 2.99.0 -> 2.100.0
        python3-sqlalchemy: Upgrade 2.0.20 -> 2.0.21
        python3-netaddr: Update version 0.8.0 -> 0.9.0
        python3-msgpack: Update version 1.0.5 -> 1.0.6
        python3-protobuf: Update version 4.24.2 -> 4.24.3
        python3-gevent: Update version 23.7.0 -> 23.9.1
        python3-langtable: Update version 0.0.63 -> 0.0.64
        python3-posix-ipc: Update version 1.0.5 -> 1.1.1
        python3-websocket-client: Update version 1.5.3 -> 1.6.3
        python3-web3: Update version 6.9.0 -> 6.10.0
        python3-apiflask: Update version 2.0.1 -> 2.0.2
        python3-argh: Update version 0.29.3 -> 0.29.4
        python3-async-timeout: remove old version of the library
        python3-pydantic: Update version 1.10.7 -> 2.4.1
        python3-pyhamcrest: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
        python3-pyasn1-modules: Update version 0.2.8 -> 0.3.0
        python-pyiface: Update version from git -> 0.0.11
        python3-pymysql: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
        python3-pymysql: update verion 1.0.2 -> 1.1.0
        python3-pyproj: update version 3.6.0 -> 3.6.1
        python3-pyproject-api: update version 1.5.1 -> 1.6.1
        python3-redis: update version 5.0.0 -> 5.0.1
        python3-traitlets: update version 5.9.0 -> 5.10.1
        python3-xxhash: update version 3.2.0 -> 3.3.0
        python3-pyzmq: update version 25.0.0 -> 25.1.1
        python3-cachecontrol: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
        python3-flask-babel: update version 2.0.0 -> 3.1.0
        python3-idna-ssl: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
        python3-ninja-syntax: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
        python3-prettytable: update version 3.6.0 -> 3.9.0
        python3-pytz-deprecation-shim: Remove outdated recipe meant to be a short lived shim
        python3-tzlocal: Remove dependency on pytz_deprecation_shim removed in release 5.0
        python3-astroid: update version 2.16.6 -> 3.0.0
        python3-flask: update version 2.3.2 -> 2.3.3
        python3-google-api-core: update version 2.12.0
        python3-google-api-python-client: update version 2.100.0 -> 2.101.0
        python3-google-auth: update version 2.23.0 -> 2.23.1
        python3-parse-type: update version 0.5.2 -> 0.6.2
        python3-nacl: Add recipe for the latest release of PyNaCl
        python3-botocore: add recipe for latest version of botocore
        python3-boto3: add recipe for latest version of boto3
        python3-flask-cors: add initial version of the recipe for 4.0.0

  Etienne Cordonnier (1):
        uutils-coreutils: upgrade 0.0.20 -> 0.0.21

  Gianfranco Costamagna (3):
        mosquitto: do not automatically depend on dlt-daemon, it's a non-mandatory logging system
        mosquitto: upgrade 2.0.15 -> 2.0.17
        mosquitto: upgrade 2.0.17 -> 2.0.18

  Jeffrey Pautler (1):
        bolt: disable CVE checking for this recipe

  Jonas Gorski (1):
        frr: upgrade 8.4.4 -> 9.0.1

  Julian Haller (1):
        openct: Fix typo in SUMMARY variable

  Kai Kang (1):
        ostree: not compatible with riscv32 when ptest enabled

  Khem Raj (25):
        vlc: Fix build with gettext 0.22+
        usbguard: Enable seccomp if distro features have it
        sharutils: Check for intmax_t using configure
        poco: Add pass/fail ststus into logs
        mongodb: Add rdep on tzdata-core
        mongodb: Upgrade to 4.4.24
        meta-oe-ptest-image-poco: Increase size tp 1G
        poco: Fix ptest runtime errors
        poco: Do not enable MongoDB packageconfig by default
        plocate: Upgrade to 1.1.19 release
        xscreensaver: Add osuosl backup MIRROR
        mozjs-115: Apply autoconf tuple mismatch fix
        cpp-netlib: Fix build with boost 1.80+
        cpp-netlib: Fix buildpaths in generated cmake files
        python3-pybluez: Fix patch upstream-status
        python3-pynetlinux: Fix patch upstream-status
        libnet-idn-encode: Add recipe
        libio-socket-ssl-perl: Change libnet-libidn-perl->libnet-idn-encode rdep for ptests
        libnfs: Drop -Wno-implicit-function-declaration
        webkitgtk3: Do not use musttail with clang on arm
        fftw: Fix ptest result reporting
        nodejs: Fix ptest result reporting
        relayd: Update to latest tip of trunk
        relayd: Fix build with clang
        kernel-selftest: Build headers before compiling tests

  Lee Chee Yang (8):
        libsdl: fix CVE-2022-34568
        keepalived: 2.2.2 -> 2.2.8
        irssi: 1.4.2 -> 1.4.4
        iniparser: Fix CVE-2023-33461
        opensc: fix CVE-2023-2977
        x11vnc: Fix CVE-2020-29074
        libvncserver: update to 0.9.14
        ntpsec: 1.2.2 -> 1.2.2a

  Markus Volk (48):
        libei: add recipe
        libxmlb: update 0.3.10 -> 0.3.14
        appstream: update 0.16.2 -> 0.16.3
        webrtc-audio-processing: add recipe for 1.x
        pipewire: upgrade 0.3.79 -> 0.3.80
        evolution-data-server: upgrade 3.48.3 -> 3.50.0
        appstream: remove workaround for cross-compile
        libxmlb: fix a reproducibility and runtime issue with ptest
        tracker-miners: upgrade 3.5.0 -> 3.6.0
        mozjs: upgrade 102.9.0 -> 102.15.0
        tecla: add recipe
        polkit: upgrade 122 -> 123
        tracker: upgrade 3.5.1 -> 3.6.0
        libxmlb: remove recipe
        appstream: remove recipe
        gvfs: upgrade 1.51.90 -> 1.52.0
        mutter: upgrade 44.3 -> 45.0
        xdg-desktop-portal: upgrade 1.16.0 -> 1.18.0
        gnome-boxes: upgrade 44.2 -> 45.0
        gnome-session: upgrade 44.0 -> 45.0
        gnome-text-editor: upgrade 44.0 -> 45.0
        gnome-shell: upgrade 44.3 -> 45.0
        eog: upgrade 44.3 -> 45.0
        gnome-calculator: upgrade 44.0 -> 45.0
        xdg-desktop-portal-gnome: upgrade 44.1 -> 45.0
        gnome-calendar: upgrade 44.0 -> 45.0
        gnome-software: upgrade 44.4 -> 45.0
        zenity: upgrade 3.44.0 -> 3.44.2
        gnome-system-monitor: upgrade 44.0 -> 45.0
        webkitgtk: upgrade 2.40.5 -> 2.42.0
        gnome-control-center: upgrade 44.3 -> 45.0
        gnome-settings-daemon: upgrade 44.1 -> 45.0
        tracker: add missing Upstream-Status
        gdm: upgrade 44.1 -> 45.0.1
        gnome-calendar: fix reproducibility issue
        exiv2: Upgrade 0.27.6 -> 0.28.0
        gexiv: Upgrade 0.14.0 -> 0.14.2
        gjs: Upgrade 1.76.1 -> 1.78.0
        mozjs: add recipe for v115
        evince: Upgrade 44.2 -> 45.0
        Nautilus: Upgrade 44.2.1 -> 45.0
        gedit: Upgrade 44.2 -> 46.1
        tepl: Upgrade 6.4.0 -> 6.8.0
        libblockdev: Upgrade 2.28 -> 3.03
        udisks2: Upgrade 2.9.4 -> 2.10.1
        mozjs: Upgrade 102.15.0 -> 102.15.1
        libnfs: dont install libnfs-config.cmake
        gnome-remote-desktop: Upgrade 44.2 -> 45.0

  Martin Jansa (20):
        webrtc-audio-processing: Fix build with -Werror=return-type
        freeglut: return x11 to REQUIRED_DISTRO_FEATURES
        packagegroup-meta-multimedia: restore x11 restriction for projucer
        btrfsmaintenance: move btrfs-tools dependency from build-time to run-time
        btrfsmaintenance: drop allarch
        ttf-google-fira: exclude siggen dependency on fontconfig
        cukinia: drop allarch
        mdio-tools: exclude siggen dependency on mdio-netlink
        ot-br-posix: exclude siggen dependency on ipset
        mongodb: add and fix Upstream-Status
        mongodb: Fix build on 32bit
        gupnp: fix build with meson-1.2.0
        minifi-cpp, mozjs-115, redis-7.2.1, pv: add missing Upstream-Status
        mozjs: fix filename in MULTILIB_SCRIPTS
        gupnp-tools: fix build with meson-1.2.0
        gnome-tweaks, networkmanager-fortisslvpn, libesmtp, json-schema-validator, python3-pybluez, python3-pynetlinux, apache2: Fix Malformed Upstream-Status
        mozjs: use PV in MULTILIB_SCRIPTS
        mosquitto, etcd-cpp-apiv3: add missing Upstream-Status
        meta-oe/dynamic-layers: add Upstream-Status where missing
        meta-oe/dynamic-layers: add one more missing Upstream-Status and fix one malformed

  Michał Iwanicki (1):
        python3-pyu2f: add recipe

  Mingli Yu (4):
        minifi-cpp: Remove the buildpath issue
        hdf5: Upgrade to 1.14.2
        vlock: Use EXTRA_CFLAGS
        mozjs-102: Remove the buildpath

  Richard Leitner (2):
        python3-shellingham: add recipe for v1.5.3
        python3-autoflake: add recipe for v2.2.1

  Ross Burton (1):
        webkitgtk3: reduce size of -dbg package

  Sam Van Den Berge (6):
        python3-flask-jwt-extended: add recipe
        python3-flask-marshmallow: add recipe
        python3-apispec: add recipe
        python3-flask-httpauth: add recipe
        python3-webargs: add recipe
        python3-apiflask: add recipe

  Samantha Jalabert (6):
        Remove python3-rdflib
        Remove python3-license-expression
        Remove python3-xmltodict
        Remove python3-booleanpy
        Remove python3-click
        Remove python3-isodate

  Samuli Piippo (1):
        protobuf: stage protoc binary to sysroot

  Sanjay Chitroda (1):
        netkit-telnet: Fix CVE-2022-39028

  Trevor Gamblin (1):
        python3-aiofiles: upgrade 23.1.0 -> 23.2.1

  Vyacheslav Yurkov (3):
        overlayfs-tools: Drop unneeded dependency
        overlayfs-tools: Bump up the version
        overlayfs-tools: Install fsck binary

  Wang Mingyu (42):
        freerdp: upgrade 2.10.0 -> 2.11.0
        boost-sml: upgrade 1.1.8 -> 1.1.9
        ctags: upgrade 6.0.20230827.0 -> 6.0.20230917.0
        dovecot: upgrade 2.3.20 -> 2.3.21
        freerdp: upgrade 2.11.0 -> 2.11.1
        gensio: upgrade 2.7.5 -> 2.7.6
        geoclue: upgrade 2.7.0 -> 2.7.1
        hwloc: upgrade 2.9.2 -> 2.9.3
        iperf3: upgrade 3.14 -> 3.15
        libcloudproviders: upgrade 0.3.2 -> 0.3.4
        libdeflate: upgrade 1.18 -> 1.19
        libglvnd: upgrade 1.6.0 -> 1.7.0
        libtommath: upgrade 1.2.0 -> 1.2.1
        libcoap: upgrade 4.3.1 -> 4.3.3
        python3-antlr4-runtime: upgrade 4.13.0 -> 4.13.1
        python3-lazy: upgrade 1.5 -> 1.6
        python3-pyfanotify: upgrade 0.2.0 -> 0.2.1
        psqlodbc: upgrade 15.00.0000 -> 16.00.0000
        python3-argcomplete: upgrade 3.1.1 -> 3.1.2
        python3-bitstring: upgrade 4.1.1 -> 4.1.2
        python3-cmake: upgrade 3.27.4.1 -> 3.27.5
        python3-coverage: upgrade 7.3.0 -> 7.3.1
        python3-engineio: upgrade 4.7.0 -> 4.7.1
        python3-eth-utils: upgrade 2.2.0 -> 2.2.1
        python3-flask-migrate: upgrade 4.0.4 -> 4.0.5
        python3-flask-socketio: upgrade 5.3.5 -> 5.3.6
        python3-google-api-python-client: upgrade 2.97.0 -> 2.99.0
        python3-google-auth: upgrade 2.22.0 -> 2.23.0
        python3-pillow: upgrade 10.0.0 -> 10.0.1
        python3-pymisp: upgrade 2.4.175 -> 2.4.176
        python3-pymodbus: upgrade 3.5.0 -> 3.5.2
        python3-rapidjson: upgrade 1.10 -> 1.11
        python3-rich: upgrade 13.5.2 -> 13.5.3
        python3-term: upgrade 2.4 -> 2.5
        python3-tox: upgrade 4.11.1 -> 4.11.3
        python3-typeguard: upgrade 4.1.3 -> 4.1.5
        python3-types-setuptools: upgrade 68.1.0.1 -> 68.2.0.0
        python3-virtualenv: upgrade 20.24.4 -> 20.24.5
        python3-xlsxwriter: upgrade 3.1.2 -> 3.1.3
        python3-zeroconf: upgrade 0.97.0 -> 0.112.0
        redis: upgrade 7.2.0 -> 7.2.1
        remmina: upgrade 1.4.31 -> 1.4.32

  Xiangyu Chen (3):
        mosh: add support of protobuf 4.22.x
        protobuf: upgrade 3.21.12 -> 4.22.2
        protobuf-c: add support of protobuf 4.22.x

  Yi Zhao (1):
        audit: upgrade 3.1.1 -> 3.1.2

meta-arm: bd0953cc60..95789365f7:
  Abdellatif El Khlifi (2):
        arm-bsp/trusted-firmware-a: corstone1000: enable ERRATA_A35_855472
        arm-bsp/u-boot: corstone1000: purge U-Boot specific DT nodes before Linux

  Adam Johnston (1):
        arm-bsp/trusted-firmware-a: Fix BL32 path if usrmerge enabled

  Divin Raj (1):
        ci,doc,kas,arm-bsp,arm: Remove support for fvp-baser-aemv8r64 machine

  Emekcan Aras (6):
        arm-bsp/optee-os: corstone1000: Handling logging syscall correctly
        CI: Add meta-secure-core
        CI: Include meta-secure-core in corstone1000
        kas: corstone1000: add meta-secure-core
        arm-bsp/u-boot: corstone1000: introduce authenticated capsule update
        arm-bsp/trusted-firmware-m: Enable authenticated capsule update

  Javier Tia (2):
        optee-client: start tee-supplicant.service when teeprivX dev is detected
        libts: tee-udev.rules: Change ownership to tee group

  Jon Mason (5):
        arm/edk2: update to edk2-stable202308
        arm/trusted-firmware-m: update to 1.8.1
        arm/opencsd: update to v1.4.1
        arm/scp-firmware: update to v2.13.0
        README: remove reference to meta-arm-autonomy

  Khem Raj (1):
        layer.conf: update LAYERSERIES_COMPAT for nanbield

  Mariam Elshakfy (2):
        arm-bsp/optee-os: N1SDP upgrade optee-os to 3.22
        arm-bsp/optee-os: N1SDP upgrade tadevkit and optee-test to 3.22

  Peter Hoyes (2):
        CI: Allow a GitHub container registry mirror to be specified
        CI: Make update-repos more resilient to network issues

  Ross Burton (15):
        arm/generic-arm64: move SERIAL_CONSOLES to generic-arm64
        arm/qemu-generic-arm64: force off KVM in qemu
        arm/generic-arm64: set XSERVER to install the modesetting driver
        CI: remove redundant variables in testimage.yml
        arm-bsp: change port mapping for SSH to port 2222
        arm/apply_local_src_patches: allow use in multiple directories
        arm/trusted-services: pass through CMake generator
        arm/trusted-services: add missing pkgconfig inherit
        arm/trusted-services/ts-remote-test: move binary to $bindir
        arm/trusted-services/ts-sp-env-test: add missing DEPENDS
        arm/trusted-services/ts-sp-env-test: remove
        arm/trusted-services: use apply_local_src_patches
        arm/trusted-services: upgrade nanopb and fix build races
        CI: use a venv for sphinx
        CI: upgrade to Kas 4 container

  Xueliang Zhong (2):
        arm-bsp/n1sdp: update to linux yocto kernel 6.4
        arm-bsp/corstone1000: bump kernel version to v6.4

meta-security: 1856a7cf43..aca6d4a9e7:
  Armin Kuster (10):
        suricata: fix build issue.
        suricata: Update to 7.0.0
        sssd: Update to 2.9.2
        openscap: update to 1.3.9
        python3-privacyidea: update to 3.8.1
        lkrg-module: update to 0.9.7
        libhtp: update to 0.5.45
        swtpm: update 0.8.1
        lynis: Update to 3.0.9
        scap-security-guide: Drop Poky patch and update to tip

  John Broadbent (1):
        libhoth: Update

meta-raspberrypi: 6501ec892c..482d864b8f:
  Joshua Watt (1):
        rpi-base: Fix wic image kernel dependency

  Khem Raj (5):
        userland: Update to trunk from 20230419
        linux-raspberrypi: Upgrade 6.1 release to latest point release 6.1.54
        linux-firmware-rpidistro: Update to 20230210-5_bpo11+1
        bluez-firmware-rpidistro: Update to 1.2-4+rpt10
        raspberrypi-firmware: Update to 20230509~buster

  Martin Jansa (1):
        layer.conf: update LAYERSERIES_COMPAT for nanbield

Change-Id: Id75112a3b0be4bd150dc5d9a28c01982ed48200e
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/poky/meta/classes-global/base.bbclass b/poky/meta/classes-global/base.bbclass
index 7c774d2..f57f9cf 100644
--- a/poky/meta/classes-global/base.bbclass
+++ b/poky/meta/classes-global/base.bbclass
@@ -527,7 +527,7 @@
                 message = "Has a restricted license '%s' which is not listed in your LICENSE_FLAGS_ACCEPTED." % unmatched
                 details = d.getVarFlag("LICENSE_FLAGS_DETAILS", unmatched)
                 if details:
-                    message += details
+                    message += "\n" + details
             bb.debug(1, "Skipping %s: %s" % (pn, message))
             raise bb.parse.SkipRecipe(message)
 
diff --git a/poky/meta/classes-global/insane.bbclass b/poky/meta/classes-global/insane.bbclass
index 2e53778..5743d91 100644
--- a/poky/meta/classes-global/insane.bbclass
+++ b/poky/meta/classes-global/insane.bbclass
@@ -97,9 +97,8 @@
         return
 
     if stanza.startswith(b'#!'):
-        #Shebang not found
         try:
-            stanza = stanza.decode("utf-8")
+            stanza.decode("utf-8")
         except UnicodeDecodeError:
             #If it is not a text file, it is not a script
             return
diff --git a/poky/meta/classes-global/license.bbclass b/poky/meta/classes-global/license.bbclass
index 23625f0..b2e0d3f 100644
--- a/poky/meta/classes-global/license.bbclass
+++ b/poky/meta/classes-global/license.bbclass
@@ -29,7 +29,7 @@
     lic_files_paths = find_license_files(d)
 
     # The base directory we wrangle licenses to
-    destdir = os.path.join(d.getVar('LICSSTATEDIR'), d.getVar('PN'))
+    destdir = os.path.join(d.getVar('LICSSTATEDIR'), d.getVar('SSTATE_PKGARCH'), d.getVar('PN'))
     copy_license_files(lic_files_paths, destdir)
     info = get_recipe_info(d)
     with open(os.path.join(destdir, "recipeinfo"), "w") as f:
diff --git a/poky/meta/classes-global/sstate.bbclass b/poky/meta/classes-global/sstate.bbclass
index c501984..2676f18 100644
--- a/poky/meta/classes-global/sstate.bbclass
+++ b/poky/meta/classes-global/sstate.bbclass
@@ -55,8 +55,6 @@
 SSTATE_EXTRAPATH[vardepvalue] = ""
 SSTATE_EXTRAPATHWILDCARD[vardepvalue] = ""
 
-# For multilib rpm the allarch packagegroup files can overwrite (in theory they're identical)
-SSTATE_ALLOW_OVERLAP_FILES = "${DEPLOY_DIR}/licenses/"
 # Avoid docbook/sgml catalog warnings for now
 SSTATE_ALLOW_OVERLAP_FILES += "${STAGING_ETCDIR_NATIVE}/sgml ${STAGING_DATADIR_NATIVE}/sgml"
 # sdk-provides-dummy-nativesdk and nativesdk-buildtools-perl-dummy overlap for different SDKMACHINE
@@ -85,14 +83,15 @@
 
 BB_HASHFILENAME = "False ${SSTATE_PKGSPEC} ${SSTATE_SWSPEC}"
 
+SSTATE_ARCHS_TUNEPKG ??= "${TUNE_PKGARCH}"
 SSTATE_ARCHS = " \
     ${BUILD_ARCH} \
     ${BUILD_ARCH}_${ORIGNATIVELSBSTRING} \
     ${BUILD_ARCH}_${SDK_ARCH}_${SDK_OS} \
     ${SDK_ARCH}_${SDK_OS} \
-    ${SDK_ARCH}_${PACKAGE_ARCH} \
+    ${SDK_ARCH}_${SDK_ARCH}-${SDKPKGSUFFIX} \
     allarch \
-    ${PACKAGE_ARCH} \
+    ${SSTATE_ARCHS_TUNEPKG} \
     ${PACKAGE_EXTRA_ARCHS} \
     ${MACHINE_ARCH}"
 SSTATE_ARCHS[vardepsexclude] = "ORIGNATIVELSBSTRING"
@@ -268,7 +267,7 @@
     overlap_allowed = (d.getVar("SSTATE_ALLOW_OVERLAP_FILES") or "").split()
     match = []
     for f in sharedfiles:
-        if os.path.exists(f) and not os.path.islink(f):
+        if os.path.exists(f):
             f = os.path.normpath(f)
             realmatch = True
             for w in overlap_allowed:
@@ -278,36 +277,18 @@
                     break
             if realmatch:
                 match.append(f)
-                sstate_search_cmd = "grep -rlF '%s' %s --exclude=master.list | sed -e 's:^.*/::'" % (f, d.expand("${SSTATE_MANIFESTS}"))
+                sstate_search_cmd = "grep -rlF '%s' %s --exclude=index-* | sed -e 's:^.*/::'" % (f, d.expand("${SSTATE_MANIFESTS}"))
                 search_output = subprocess.Popen(sstate_search_cmd, shell=True, stdout=subprocess.PIPE).communicate()[0]
                 if search_output:
                     match.append("  (matched in %s)" % search_output.decode('utf-8').rstrip())
                 else:
                     match.append("  (not matched to any task)")
     if match:
-        bb.error("The recipe %s is trying to install files into a shared " \
-          "area when those files already exist. Those files and their manifest " \
-          "location are:\n  %s\nPlease verify which recipe should provide the " \
-          "above files.\n\nThe build has stopped, as continuing in this scenario WILL " \
-          "break things - if not now, possibly in the future (we've seen builds fail " \
-          "several months later). If the system knew how to recover from this " \
-          "automatically it would, however there are several different scenarios " \
-          "which can result in this and we don't know which one this is. It may be " \
-          "you have switched providers of something like virtual/kernel (e.g. from " \
-          "linux-yocto to linux-yocto-dev), in that case you need to execute the " \
-          "clean task for both recipes and it will resolve this error. It may be " \
-          "you changed DISTRO_FEATURES from systemd to udev or vice versa. Cleaning " \
-          "those recipes should again resolve this error, however switching " \
-          "DISTRO_FEATURES on an existing build directory is not supported - you " \
-          "should really clean out tmp and rebuild (reusing sstate should be safe). " \
-          "It could be the overlapping files detected are harmless in which case " \
-          "adding them to SSTATE_ALLOW_OVERLAP_FILES may be the correct solution. It could " \
-          "also be your build is including two different conflicting versions of " \
-          "things (e.g. bluez 4 and bluez 5 and the correct solution for that would " \
-          "be to resolve the conflict. If in doubt, please ask on the mailing list, " \
-          "sharing the error and filelist above." % \
+        bb.fatal("Recipe %s is trying to install files into a shared " \
+          "area when those files already exist. The files and the manifests listing " \
+          "them are:\n  %s\n"
+          "Please adjust the recipes so only one recipe provides a given file. " % \
           (d.getVar('PN'), "\n  ".join(match)))
-        bb.fatal("If the above message is too much, the simpler version is you're advised to wipe out tmp and rebuild (reusing sstate is fine). That will likely fix things in most (but not all) cases.")
 
     if ss['fixmedir'] and os.path.exists(ss['fixmedir'] + "/fixmepath.cmd"):
         sharedfiles.append(ss['fixmedir'] + "/fixmepath.cmd")
diff --git a/poky/meta/classes-global/staging.bbclass b/poky/meta/classes-global/staging.bbclass
index 3a300c3..d229f40 100644
--- a/poky/meta/classes-global/staging.bbclass
+++ b/poky/meta/classes-global/staging.bbclass
@@ -92,7 +92,8 @@
     qa_already_stripped = 'already-stripped' in (d.getVar('INSANE_SKIP:' + pn) or "").split()
     strip_cmd = d.getVar("STRIP")
 
-    oe.package.strip_execs(pn, dstdir, strip_cmd, libdir, base_libdir, d,
+    max_process = oe.utils.get_bb_number_threads(d)
+    oe.package.strip_execs(pn, dstdir, strip_cmd, libdir, base_libdir, max_process,
                            qa_already_stripped=qa_already_stripped)
 }
 
diff --git a/poky/meta/classes-recipe/fontcache.bbclass b/poky/meta/classes-recipe/fontcache.bbclass
index 0d496b7..6f49783 100644
--- a/poky/meta/classes-recipe/fontcache.bbclass
+++ b/poky/meta/classes-recipe/fontcache.bbclass
@@ -13,6 +13,7 @@
 inherit qemu
 
 FONT_PACKAGES ??= "${PN}"
+FONT_PACKAGES:class-native = ""
 FONT_EXTRA_RDEPENDS ?= "${MLPREFIX}fontconfig-utils"
 FONTCONFIG_CACHE_DIR ?= "${localstatedir}/cache/fontconfig"
 FONTCONFIG_CACHE_PARAMS ?= "-v"
diff --git a/poky/meta/classes-recipe/goarch.bbclass b/poky/meta/classes-recipe/goarch.bbclass
index e3555e1..5fb6051 100644
--- a/poky/meta/classes-recipe/goarch.bbclass
+++ b/poky/meta/classes-recipe/goarch.bbclass
@@ -54,6 +54,7 @@
 COMPATIBLE_HOST:powerpc = "null"
 COMPATIBLE_HOST:powerpc64 = "null"
 COMPATIBLE_HOST:mipsarchn32 = "null"
+COMPATIBLE_HOST:riscv32 = "null"
 
 ARM_INSTRUCTION_SET:armv4 = "arm"
 ARM_INSTRUCTION_SET:armv5 = "arm"
diff --git a/poky/meta/classes-recipe/image.bbclass b/poky/meta/classes-recipe/image.bbclass
index 4f00162..7231fad 100644
--- a/poky/meta/classes-recipe/image.bbclass
+++ b/poky/meta/classes-recipe/image.bbclass
@@ -96,6 +96,7 @@
 PID = "${@os.getpid()}"
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
+SSTATE_ARCHS_TUNEPKG = "${@all_multilib_tune_values(d, 'TUNE_PKGARCH')}"
 
 LDCONFIGDEPEND ?= "ldconfig-native:do_populate_sysroot"
 LDCONFIGDEPEND:libc-musl = ""
diff --git a/poky/meta/classes-recipe/kernel-fitimage.bbclass b/poky/meta/classes-recipe/kernel-fitimage.bbclass
index 13e8947..7e30a5d 100644
--- a/poky/meta/classes-recipe/kernel-fitimage.bbclass
+++ b/poky/meta/classes-recipe/kernel-fitimage.bbclass
@@ -599,6 +599,11 @@
 				DTB_PATH="${KERNEL_OUTPUT_DIR}/$DTB"
 			fi
 
+		        # Strip off the path component from the filename
+			if "${@'false' if oe.types.boolean(d.getVar('KERNEL_DTBVENDORED')) else 'true'}"; then
+			    DTB=`basename $DTB`
+			fi
+
 			# Set the default dtb image if it exists in the devicetree.
 			if [ ${FIT_CONF_DEFAULT_DTB} = $DTB ];then
 				default_dtb_image=$(echo "$DTB" | tr '/' '_')
diff --git a/poky/meta/classes-recipe/license_image.bbclass b/poky/meta/classes-recipe/license_image.bbclass
index fc859c7..19b3dc5 100644
--- a/poky/meta/classes-recipe/license_image.bbclass
+++ b/poky/meta/classes-recipe/license_image.bbclass
@@ -18,7 +18,7 @@
 
 python write_package_manifest() {
     # Get list of installed packages
-    license_image_dir = d.expand('${LICENSE_DIRECTORY}/${IMAGE_NAME}')
+    license_image_dir = d.expand('${LICENSE_DIRECTORY}/${SSTATE_PKGARCH}/${IMAGE_NAME}')
     bb.utils.mkdirhier(license_image_dir)
     from oe.rootfs import image_list_installed_packages
     from oe.utils import format_pkg_list
@@ -49,7 +49,7 @@
             pkg_dic[pkg_name]["LICENSE"] = pkg_dic[pkg_name][pkg_lic_name]
 
     rootfs_license_manifest = os.path.join(d.getVar('LICENSE_DIRECTORY'),
-                        d.getVar('IMAGE_NAME'), 'license.manifest')
+                        d.getVar('SSTATE_PKGARCH'), d.getVar('IMAGE_NAME'), 'license.manifest')
     write_license_files(d, rootfs_license_manifest, pkg_dic, rootfs=True)
 }
 
@@ -59,6 +59,8 @@
 
     bad_licenses = (d.getVar("INCOMPATIBLE_LICENSE") or "").split()
     bad_licenses = expand_wildcard_licenses(d, bad_licenses)
+    pkgarchs = d.getVar("SSTATE_ARCHS").split()
+    pkgarchs.reverse()
 
     exceptions = (d.getVar("INCOMPATIBLE_LICENSE_EXCEPTIONS") or "").split()
     with open(license_manifest, "w") as license_file:
@@ -98,9 +100,13 @@
                 license_file.write("FILES: %s\n\n" % pkg_dic[pkg]["FILES"])
 
             for lic in pkg_dic[pkg]["LICENSES"]:
-                lic_file = os.path.join(d.getVar('LICENSE_DIRECTORY'),
-                                        pkg_dic[pkg]["PN"], "generic_%s" % 
-                                        re.sub(r'\+', '', lic))
+                for pkgarch in pkgarchs:
+                    lic_file = os.path.join(d.getVar('LICENSE_DIRECTORY'),
+                                            pkgarch,
+                                            pkg_dic[pkg]["PN"], "generic_%s" %
+                                            re.sub(r'\+', '', lic))
+                    if os.path.exists(lic_file):
+                        break
                 # add explicity avoid of CLOSED license because isn't generic
                 if lic == "CLOSED":
                    continue
@@ -130,8 +136,13 @@
             for pkg in sorted(pkg_dic):
                 pkg_rootfs_license_dir = os.path.join(rootfs_license_dir, pkg)
                 bb.utils.mkdirhier(pkg_rootfs_license_dir)
-                pkg_license_dir = os.path.join(d.getVar('LICENSE_DIRECTORY'),
-                                            pkg_dic[pkg]["PN"]) 
+                for pkgarch in pkgarchs:
+                    pkg_license_dir = os.path.join(d.getVar('LICENSE_DIRECTORY'),
+                                                   pkgarch, pkg_dic[pkg]["PN"])
+                    if os.path.exists(pkg_license_dir):
+                        break
+                if not os.path.exists(pkg_license_dir ):
+                    bb.fatal("Couldn't find license information for dependency %s" % pkg)
 
                 pkg_manifest_licenses = [canonical_license(d, lic) \
                         for lic in pkg_dic[pkg]["LICENSES"]]
@@ -183,7 +194,7 @@
                     os.lchown(p, 0, 0)
                     os.chmod(p, stat.S_IRWXU | stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH)
 
-
+write_license_files[vardepsexclude] = "SSTATE_ARCHS"
 
 def license_deployed_manifest(d):
     """
@@ -195,6 +206,8 @@
     dep_dic = {}
     man_dic = {}
     lic_dir = d.getVar("LICENSE_DIRECTORY")
+    pkgarchs = d.getVar("SSTATE_ARCHS").split()
+    pkgarchs.reverse()
 
     dep_dic = get_deployed_dependencies(d)
     for dep in dep_dic.keys():
@@ -204,12 +217,19 @@
         man_dic[dep]["PN"] = dep
         man_dic[dep]["FILES"] = \
             " ".join(get_deployed_files(dep_dic[dep]))
-        with open(os.path.join(lic_dir, dep, "recipeinfo"), "r") as f:
+
+        for pkgarch in pkgarchs:
+            licfile = os.path.join(lic_dir, pkgarch, dep, "recipeinfo")
+            if os.path.exists(licfile):
+                break
+        if not os.path.exists(licfile):
+            bb.fatal("Couldn't find license information for dependency %s" % dep)
+        with open(licfile, "r") as f:
             for line in f.readlines():
                 key,val = line.split(": ", 1)
                 man_dic[dep][key] = val[:-1]
 
-    lic_manifest_dir = os.path.join(d.getVar('LICENSE_DIRECTORY'),
+    lic_manifest_dir = os.path.join(d.getVar('LICENSE_DIRECTORY'), d.getVar('SSTATE_PKGARCH'),
                                     d.getVar('IMAGE_NAME'))
     bb.utils.mkdirhier(lic_manifest_dir)
     image_license_manifest = os.path.join(lic_manifest_dir, 'image_license.manifest')
@@ -217,7 +237,7 @@
 
     link_name = d.getVar('IMAGE_LINK_NAME')
     if link_name:
-        lic_manifest_symlink_dir = os.path.join(d.getVar('LICENSE_DIRECTORY'),
+        lic_manifest_symlink_dir = os.path.join(d.getVar('LICENSE_DIRECTORY'), d.getVar('SSTATE_PKGARCH'),
                                     link_name)
         # remove old symlink
         if os.path.islink(lic_manifest_symlink_dir):
@@ -227,6 +247,8 @@
         if lic_manifest_dir != lic_manifest_symlink_dir:
             os.symlink(lic_manifest_dir, lic_manifest_symlink_dir)
 
+license_deployed_manifest[vardepsexclude] = "SSTATE_ARCHS"
+
 def get_deployed_dependencies(d):
     """
     Get all the deployed dependencies of an image
@@ -255,7 +277,7 @@
                 break
 
     return deploy
-get_deployed_dependencies[vardepsexclude] = "BB_TASKDEPDATA"
+get_deployed_dependencies[vardepsexclude] = "BB_TASKDEPDATA SSTATE_ARCHS"
 
 def get_deployed_files(man_file):
     """
diff --git a/poky/meta/classes-recipe/multilib_script.bbclass b/poky/meta/classes-recipe/multilib_script.bbclass
index 7011526..e6f0249 100644
--- a/poky/meta/classes-recipe/multilib_script.bbclass
+++ b/poky/meta/classes-recipe/multilib_script.bbclass
@@ -31,10 +31,11 @@
     for entry in (d.getVar("MULTILIB_SCRIPTS", False) or "").split():
         pkg, script = entry.split(":")
         epkg = d.expand(pkg)
-        scriptname = os.path.basename(script)
+        escript = d.expand(script)
+        scriptname = os.path.basename(escript)
         d.appendVar("ALTERNATIVE:" + epkg, " " + scriptname + " ")
-        d.setVarFlag("ALTERNATIVE_LINK_NAME", scriptname, script)
-        d.setVarFlag("ALTERNATIVE_TARGET", scriptname, script + "-${MULTILIB_SUFFIX}")
-        d.appendVar("multilibscript_rename",  "\n	mv ${PKGD}" + script + " ${PKGD}" + script + "-${MULTILIB_SUFFIX}")
-        d.appendVar("FILES:" + epkg, " " + script + "-${MULTILIB_SUFFIX}")
+        d.setVarFlag("ALTERNATIVE_LINK_NAME", scriptname, escript)
+        d.setVarFlag("ALTERNATIVE_TARGET", scriptname, escript + "-${MULTILIB_SUFFIX}")
+        d.appendVar("multilibscript_rename",  "\n	mv ${PKGD}" + escript + " ${PKGD}" + escript + "-${MULTILIB_SUFFIX}")
+        d.appendVar("FILES:" + epkg, " " + escript + "-${MULTILIB_SUFFIX}")
 }
diff --git a/poky/meta/classes-recipe/pypi.bbclass b/poky/meta/classes-recipe/pypi.bbclass
index f510bfe..b8c18cc 100644
--- a/poky/meta/classes-recipe/pypi.bbclass
+++ b/poky/meta/classes-recipe/pypi.bbclass
@@ -30,7 +30,9 @@
 SRC_URI:prepend = "${PYPI_SRC_URI} "
 S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}"
 
-UPSTREAM_CHECK_URI ?= "https://pypi.org/project/${PYPI_PACKAGE}/"
-UPSTREAM_CHECK_REGEX ?= "/${PYPI_PACKAGE}/(?P<pver>(\d+[\.\-_]*)+)/"
+# Replace any '_' characters in the pypi URI with '-'s to follow the PyPi website naming conventions
+UPSTREAM_CHECK_PYPI_PACKAGE ?= "${@d.getVar('PYPI_PACKAGE').replace('_', '-')}"
+UPSTREAM_CHECK_URI ?= "https://pypi.org/project/${UPSTREAM_CHECK_PYPI_PACKAGE}/"
+UPSTREAM_CHECK_REGEX ?= "/${UPSTREAM_CHECK_PYPI_PACKAGE}/(?P<pver>(\d+[\.\-_]*)+)/"
 
 CVE_PRODUCT ?= "python:${PYPI_PACKAGE}"
diff --git a/poky/meta/classes-recipe/systemd-boot-cfg.bbclass b/poky/meta/classes-recipe/systemd-boot-cfg.bbclass
index 366dd23..12da41e 100644
--- a/poky/meta/classes-recipe/systemd-boot-cfg.bbclass
+++ b/poky/meta/classes-recipe/systemd-boot-cfg.bbclass
@@ -35,7 +35,7 @@
         bb.fatal('Unable to open %s' % cfile)
 
     cfgfile.write('# Automatically created by OE\n')
-    cfgfile.write('default %s\n' % (labels.split()[0]))
+    cfgfile.write('default %s.conf\n' % (labels.split()[0]))
     timeout = d.getVar('SYSTEMD_BOOT_TIMEOUT')
     if timeout:
         cfgfile.write('timeout %s\n' % timeout)
diff --git a/poky/meta/classes-recipe/testimage.bbclass b/poky/meta/classes-recipe/testimage.bbclass
index e306834..7c56fe9 100644
--- a/poky/meta/classes-recipe/testimage.bbclass
+++ b/poky/meta/classes-recipe/testimage.bbclass
@@ -322,7 +322,7 @@
     ovmf = d.getVar("QEMU_USE_OVMF")
 
     slirp = False
-    if d.getVar("QEMU_USE_SLIRP"):
+    if bb.utils.contains('TEST_RUNQEMUPARAMS', 'slirp', True, False, d):
         slirp = True
 
     # TODO: We use the current implementation of qemu runner because of
@@ -369,10 +369,21 @@
     # runtime use network for download projects for build
     export_proxies(d)
 
+    if slirp:
+        # Default to 127.0.0.1 and let the runner identify the port forwarding
+        # (as OEQemuTarget does), but allow overriding.
+        target_ip = d.getVar("TEST_TARGET_IP") or "127.0.0.1"
+        # Default to 10.0.2.2 as this is the IP that the guest has with the
+        # default qemu slirp networking configuration, but allow overriding.
+        server_ip = d.getVar("TEST_SERVER_IP") or "10.0.2.2"
+    else:
+        target_ip = d.getVar("TEST_TARGET_IP")
+        server_ip = d.getVar("TEST_SERVER_IP")
+
     # the robot dance
     target = OERuntimeTestContextExecutor.getTarget(
-        d.getVar("TEST_TARGET"), logger, d.getVar("TEST_TARGET_IP"),
-        d.getVar("TEST_SERVER_IP"), **target_kwargs)
+        d.getVar("TEST_TARGET"), logger, target_ip,
+        server_ip, **target_kwargs)
 
     # test context
     tc = OERuntimeTestContext(td, logger, target, image_packages, extract_dir)
diff --git a/poky/meta/classes-recipe/uboot-extlinux-config.bbclass b/poky/meta/classes-recipe/uboot-extlinux-config.bbclass
index 653e583..f752c16 100644
--- a/poky/meta/classes-recipe/uboot-extlinux-config.bbclass
+++ b/poky/meta/classes-recipe/uboot-extlinux-config.bbclass
@@ -6,6 +6,8 @@
 #
 # External variables:
 #
+# UBOOT_EXTLINUX                   - Set to "1" to enable generation
+#                                    of extlinux.conf using this class.
 # UBOOT_EXTLINUX_CONSOLE           - Set to "console=ttyX" to change kernel boot
 #                                    default console.
 # UBOOT_EXTLINUX_LABELS            - A list of targets for the automatic config.
@@ -20,7 +22,8 @@
 # UBOOT_EXTLINUX_TIMEOUT           - Timeout before DEFAULT selection is made.
 #                                    Measured in 1/10 of a second.
 # UBOOT_EXTLINUX_DEFAULT_LABEL     - Target to be selected by default after
-#                                    the timeout period
+#                                    the timeout period.
+# UBOOT_EXTLINUX_CONFIG            - Output file.
 #
 # If there's only one label system will boot automatically and menu won't be
 # created. If you want to use more than one labels, e.g linux and alternate,
diff --git a/poky/meta/classes/create-spdx-2.2.bbclass b/poky/meta/classes/create-spdx-2.2.bbclass
index aed1a94..b0aef80 100644
--- a/poky/meta/classes/create-spdx-2.2.bbclass
+++ b/poky/meta/classes/create-spdx-2.2.bbclass
@@ -302,7 +302,8 @@
             if file_path.lstrip("/") == pkg_file.fileName.lstrip("/"):
                 break
         else:
-            bb.fatal("No package file found for %s" % str(file_path))
+            bb.fatal("No package file found for %s in %s; SPDX found: %s" % (str(file_path), package,
+                " ".join(p.fileName for p in package_files)))
             continue
 
         for debugsrc in file_data["debugsrc"]:
@@ -348,6 +349,8 @@
 
     deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
     spdx_deps_file = Path(d.getVar("SPDXDEPS"))
+    package_archs = d.getVar("SSTATE_ARCHS").split()
+    package_archs.reverse()
 
     dep_recipes = []
 
@@ -355,7 +358,9 @@
         deps = json.load(f)
 
     for dep_pn, dep_hashfn in deps:
-        dep_recipe_path = oe.sbom.doc_path_by_hashfn(deploy_dir_spdx, "recipe-" + dep_pn, dep_hashfn)
+        dep_recipe_path = oe.sbom.doc_find_by_hashfn(deploy_dir_spdx, package_archs, "recipe-" + dep_pn, dep_hashfn)
+        if not dep_recipe_path:
+            bb.fatal("Cannot find any SPDX file for recipe %s, %s" % (dep_pn, dep_hashfn))
 
         spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_recipe_path)
 
@@ -384,6 +389,7 @@
 
     return dep_recipes
 
+collect_dep_recipes[vardepsexclude] = "SSTATE_ARCHS"
 
 def collect_dep_sources(d, dep_recipes):
     import oe.sbom
@@ -532,6 +538,7 @@
     include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1"
     archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1"
     archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1"
+    pkg_arch = d.getVar("SSTATE_PKGARCH")
 
     creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
 
@@ -619,7 +626,7 @@
 
     dep_recipes = collect_dep_recipes(d, doc, recipe)
 
-    doc_sha1 = oe.sbom.write_doc(d, doc, d.getVar("SSTATE_PKGARCH"), "recipes", indent=get_json_indent(d))
+    doc_sha1 = oe.sbom.write_doc(d, doc, pkg_arch, "recipes", indent=get_json_indent(d))
     dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe))
 
     recipe_ref = oe.spdx.SPDXExternalDocumentRef()
@@ -684,7 +691,7 @@
 
             add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources)
 
-            oe.sbom.write_doc(d, package_doc, d.getVar("SSTATE_PKGARCH"), "packages", indent=get_json_indent(d))
+            oe.sbom.write_doc(d, package_doc, pkg_arch, "packages", indent=get_json_indent(d))
 }
 do_create_spdx[vardepsexclude] += "BB_NUMBER_THREADS"
 # NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source
@@ -755,6 +762,9 @@
     creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
 
     providers = collect_package_providers(d)
+    pkg_arch = d.getVar("SSTATE_PKGARCH")
+    package_archs = d.getVar("SSTATE_ARCHS").split()
+    package_archs.reverse()
 
     if not is_native:
         bb.build.exec_func("read_subpackage_metadata", d)
@@ -771,7 +781,7 @@
             if not oe.packagedata.packaged(package, localdata):
                 continue
 
-            pkg_spdx_path = oe.sbom.doc_path(deploy_dir_spdx, pkg_name, d.getVar("SSTATE_PKGARCH"), "packages")
+            pkg_spdx_path = oe.sbom.doc_path(deploy_dir_spdx, pkg_name, pkg_arch, "packages")
 
             package_doc, package_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path)
 
@@ -826,7 +836,9 @@
                 if dep in dep_package_cache:
                     (dep_spdx_package, dep_package_ref) = dep_package_cache[dep]
                 else:
-                    dep_path = oe.sbom.doc_path_by_hashfn(deploy_dir_spdx, dep_pkg, dep_hashfn)
+                    dep_path = oe.sbom.doc_find_by_hashfn(deploy_dir_spdx, package_archs, dep_pkg, dep_hashfn)
+                    if not dep_path:
+                        bb.fatal("No SPDX file found for package %s, %s" % (dep_pkg, dep_hashfn))
 
                     spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_path)
 
@@ -854,10 +866,10 @@
                 )
                 seen_deps.add(dep)
 
-            oe.sbom.write_doc(d, runtime_doc, d.getVar("SSTATE_PKGARCH"), "runtime", spdx_deploy, indent=get_json_indent(d))
+            oe.sbom.write_doc(d, runtime_doc, pkg_arch, "runtime", spdx_deploy, indent=get_json_indent(d))
 }
 
-do_create_runtime_spdx[vardepsexclude] += "OVERRIDES"
+do_create_runtime_spdx[vardepsexclude] += "OVERRIDES SSTATE_ARCHS"
 
 addtask do_create_runtime_spdx after do_create_spdx before do_build do_rm_work
 SSTATETASKS += "do_create_runtime_spdx"
@@ -974,7 +986,7 @@
     from pathlib import Path
     from oe.sdk import sdk_list_installed_packages
 
-    sdk_name = d.getVar("SDK_NAME") + "-" + sdk_type
+    sdk_name = d.getVar("TOOLCHAIN_OUTPUTNAME") + "-" + sdk_type
     sdk_deploydir = Path(d.getVar("SDKDEPLOYDIR"))
     sdk_spdxid = oe.sbom.get_sdk_spdxid(sdk_name)
     sdk_packages = sdk_list_installed_packages(d, sdk_type == "target")
@@ -992,6 +1004,8 @@
     import bb.compress.zstd
 
     providers = collect_package_providers(d)
+    package_archs = d.getVar("SSTATE_ARCHS").split()
+    package_archs.reverse()
 
     creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
     deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
@@ -1017,11 +1031,14 @@
 
     for name in sorted(packages.keys()):
         if name not in providers:
-            bb.fatal("Unable to find provider for '%s'" % name)
+            bb.fatal("Unable to find SPDX provider for '%s'" % name)
 
         pkg_name, pkg_hashfn = providers[name]
 
-        pkg_spdx_path = oe.sbom.doc_path_by_hashfn(deploy_dir_spdx, pkg_name, pkg_hashfn)
+        pkg_spdx_path = oe.sbom.doc_find_by_hashfn(deploy_dir_spdx, package_archs, pkg_name, pkg_hashfn)
+        if not pkg_spdx_path:
+            bb.fatal("No SPDX file found for package %s, %s" % (pkg_name, pkg_hashfn))
+
         pkg_doc, pkg_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path)
 
         for p in pkg_doc.packages:
@@ -1038,7 +1055,10 @@
         else:
             bb.fatal("Unable to find package with name '%s' in SPDX file %s" % (name, pkg_spdx_path))
 
-        runtime_spdx_path = oe.sbom.doc_path_by_hashfn(deploy_dir_spdx, "runtime-" + name, pkg_hashfn)
+        runtime_spdx_path = oe.sbom.doc_find_by_hashfn(deploy_dir_spdx, package_archs, "runtime-" + name, pkg_hashfn)
+        if not runtime_spdx_path:
+            bb.fatal("No runtime SPDX document found for %s, %s" % (name, pkg_hashfn))
+
         runtime_doc, runtime_doc_sha1 = oe.sbom.read_doc(runtime_spdx_path)
 
         runtime_ref = oe.spdx.SPDXExternalDocumentRef()
@@ -1110,7 +1130,9 @@
                     })
 
                 for ref in doc.externalDocumentRefs:
-                    ref_path = oe.sbom.doc_path_by_namespace(deploy_dir_spdx, ref.spdxDocument)
+                    ref_path = oe.sbom.doc_find_by_namespace(deploy_dir_spdx, package_archs, ref.spdxDocument)
+                    if not ref_path:
+                        bb.fatal("Cannot find any SPDX file for document %s" % ref.spdxDocument)
                     collect_spdx_document(ref_path)
 
             collect_spdx_document(image_spdx_path)
@@ -1133,4 +1155,4 @@
 
             tar.addfile(info, fileobj=index_str)
 
-combine_spdx[vardepsexclude] += "BB_NUMBER_THREADS"
+combine_spdx[vardepsexclude] += "BB_NUMBER_THREADS SSTATE_ARCHS"
diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass
index 55ae298..b55f429 100644
--- a/poky/meta/classes/cve-check.bbclass
+++ b/poky/meta/classes/cve-check.bbclass
@@ -32,7 +32,7 @@
 CVE_VERSION ??= "${PV}"
 
 CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db"
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-1.db"
 CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
 
 CVE_CHECK_LOG ?= "${T}/cve.log"
@@ -442,6 +442,7 @@
             cve_data[row[0]]["scorev3"] = row[3]
             cve_data[row[0]]["modified"] = row[4]
             cve_data[row[0]]["vector"] = row[5]
+            cve_data[row[0]]["vectorString"] = row[6]
         cursor.close()
     conn.close()
     return cve_data
@@ -507,6 +508,7 @@
         write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"]
         write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"]
         write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
+        write_string += "VECTORSTRING: %s\n" % cve_data[cve]["vectorString"]
         write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
 
     if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1":
@@ -623,6 +625,7 @@
             "scorev2" : cve_data[cve]["scorev2"],
             "scorev3" : cve_data[cve]["scorev3"],
             "vector" : cve_data[cve]["vector"],
+            "vectorString" : cve_data[cve]["vectorString"],
             "status" : status,
             "link": issue_link
         }
diff --git a/poky/meta/classes/multilib.bbclass b/poky/meta/classes/multilib.bbclass
index 8a1a51a..d80a34c 100644
--- a/poky/meta/classes/multilib.bbclass
+++ b/poky/meta/classes/multilib.bbclass
@@ -30,6 +30,9 @@
         if val:
             e.data.setVar(name + "_MULTILIB_ORIGINAL", val)
 
+    # We nearly don't need this but dependencies on NON_MULTILIB_RECIPES don't work without it
+    d.setVar("SSTATE_ARCHS_TUNEPKG", "${@all_multilib_tune_values(d, 'TUNE_PKGARCH')}")
+
     overrides = e.data.getVar("OVERRIDES", False)
     pn = e.data.getVar("PN", False)
     overrides = overrides.replace("pn-${PN}", "pn-${PN}:pn-" + pn)
diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf
index 0bcc821..21d6c8b 100644
--- a/poky/meta/conf/bitbake.conf
+++ b/poky/meta/conf/bitbake.conf
@@ -237,7 +237,7 @@
 
 PN = "${@bb.parse.vars_from_file(d.getVar('FILE', False),d)[0] or 'defaultpkgname'}"
 PV = "${@bb.parse.vars_from_file(d.getVar('FILE', False),d)[1] or '1.0'}"
-PR = "${@bb.parse.vars_from_file(d.getVar('FILE', False),d)[2] or 'r0'}"
+PR = "r0"
 PE = ""
 PF = "${PN}-${EXTENDPE}${PV}-${PR}"
 EXTENDPE = "${@['','${PE}_'][int(d.getVar('PE') or 0) > 0]}"
@@ -459,7 +459,7 @@
 ##################################################################
 
 SDK_NAME_PREFIX ?= "oecore"
-SDK_NAME = "${SDK_NAME_PREFIX}-${SDK_ARCH}-${TUNE_PKGARCH}"
+SDK_NAME = "${SDK_NAME_PREFIX}-${IMAGE_BASENAME}-${SDK_ARCH}-${TUNE_PKGARCH}-${MACHINE}"
 SDKPATH = "/usr/local/oe-sdk-hardcoded-buildpath"
 SDKPATHNATIVE = "${SDKPATH}/sysroots/${SDK_SYS}"
 # The path to default to installing the SDK to
@@ -975,5 +975,6 @@
 oe.sstatesig.find_sstate_manifest[vardepsexclude] = "BBEXTENDCURR BBEXTENDVARIANT OVERRIDES PACKAGE_EXTRA_ARCHS"
 oe.utils.get_multilib_datastore[vardepsexclude] = "DEFAULTTUNE_MULTILIB_ORIGINAL OVERRIDES"
 oe.path.format_display[vardepsexclude] = "TOPDIR"
-oe.utils.multiprocess_launch[vardepsexclude] = "BB_NUMBER_THREADS"
+oe.utils.get_bb_number_threads[vardepsexclude] = "BB_NUMBER_THREADS"
 oe.packagedata.emit_pkgdata[vardepsexclude] = "BB_NUMBER_THREADS"
+oe.packagedata.read_subpkgdata_extended[vardepsexclude] = "BB_NUMBER_THREADS"
diff --git a/poky/meta/conf/distro/defaultsetup.conf b/poky/meta/conf/distro/defaultsetup.conf
index 1abb509..90b6805 100644
--- a/poky/meta/conf/distro/defaultsetup.conf
+++ b/poky/meta/conf/distro/defaultsetup.conf
@@ -14,7 +14,7 @@
 
 USER_CLASSES ?= ""
 PACKAGE_CLASSES ?= "package_ipk"
-INHERIT_DISTRO ?= "debian devshell sstate license remove-libtool"
+INHERIT_DISTRO ?= "debian devshell sstate license remove-libtool create-spdx"
 INHERIT += "${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO}"
 
 INIT_MANAGER ??= "none"
diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc
index 3619588..dcc507b 100644
--- a/poky/meta/conf/distro/include/maintainers.inc
+++ b/poky/meta/conf/distro/include/maintainers.inc
@@ -38,6 +38,7 @@
 RECIPE_MAINTAINER:pn-alsa-topology-conf = "Michael Opdenacker <michael.opdenacker@bootlin.com>"
 RECIPE_MAINTAINER:pn-alsa-ucm-conf = "Michael Opdenacker <michael.opdenacker@bootlin.com>"
 RECIPE_MAINTAINER:pn-alsa-utils = "Michael Opdenacker <michael.opdenacker@bootlin.com>"
+RECIPE_MAINTAINER:pn-appstream = "Markus Volk <f_l_k@t-online.de>"
 RECIPE_MAINTAINER:pn-apr = "Hongxu Jia <hongxu.jia@windriver.com>"
 RECIPE_MAINTAINER:pn-apr-util = "Hongxu Jia <hongxu.jia@windriver.com>"
 RECIPE_MAINTAINER:pn-apt = "Unassigned <unassigned@yoctoproject.org>"
@@ -172,7 +173,7 @@
 RECIPE_MAINTAINER:pn-ffmpeg = "Alexander Kanavin <alex.kanavin@gmail.com>"
 RECIPE_MAINTAINER:pn-file = "Yi Zhao <yi.zhao@windriver.com>"
 RECIPE_MAINTAINER:pn-findutils = "Chen Qi <Qi.Chen@windriver.com>"
-RECIPE_MAINTAINER:pn-flac = "Unassigned <unassigned@yoctoproject.org>"
+RECIPE_MAINTAINER:pn-flac = "Michael Opdenacker <michael.opdenacker@bootlin.com>"
 RECIPE_MAINTAINER:pn-flex = "Chen Qi <Qi.Chen@windriver.com>"
 RECIPE_MAINTAINER:pn-font-alias = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-font-util = "Unassigned <unassigned@yoctoproject.org>"
@@ -208,7 +209,7 @@
 RECIPE_MAINTAINER:pn-glibc-locale = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-glibc-mtrace = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-glibc-scripts = "Khem Raj <raj.khem@gmail.com>"
-RECIPE_MAINTAINER:pn-glibc-tests = "Lukasz Majewski <lukma@denx.de>"
+RECIPE_MAINTAINER:pn-glibc-y2038-tests = "Lukasz Majewski <lukma@denx.de>"
 RECIPE_MAINTAINER:pn-glibc-testsuite = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-gmp = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-glslang = "Jose Quaresma <quaresma.jose@gmail.com>"
@@ -447,6 +448,7 @@
 RECIPE_MAINTAINER:pn-libxml-sax-perl = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-libxml-simple-perl = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-libxml2 = "Hongxu Jia <hongxu.jia@windriver.com>"
+RECIPE_MAINTAINER:pn-libxmlb = "Markus Volk <f_l_k@t-online.de>"
 RECIPE_MAINTAINER:pn-libxmu = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-libxpm = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-libxrandr = "Unassigned <unassigned@yoctoproject.org>"
@@ -529,6 +531,7 @@
 RECIPE_MAINTAINER:pn-mtdev = "Anuj Mittal <anuj.mittal@intel.com>"
 RECIPE_MAINTAINER:pn-mtools = "Anuj Mittal <anuj.mittal@intel.com>"
 RECIPE_MAINTAINER:pn-musl = "Khem Raj <raj.khem@gmail.com>"
+RECIPE_MAINTAINER:pn-musl-legacy-error = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-musl-locales = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-musl-obstack = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-musl-utils = "Khem Raj <raj.khem@gmail.com>"
@@ -604,11 +607,14 @@
 RECIPE_MAINTAINER:pn-python3-attrs = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-babel = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-bcrypt = "Tim Orling <tim.orling@konsulko.com>"
+RECIPE_MAINTAINER:pn-python3-beartype = "Marta Rybczynska <mrybczynska@syslinbit.com>"
+RECIPE_MAINTAINER:pn-python3-booleanpy = "zhengrq.fnst <zhengrq.fnst@fujitsu.com>"
 RECIPE_MAINTAINER:pn-python3-build = "Ross Burton <ross.burton@arm.com>"
 RECIPE_MAINTAINER:pn-python3-calver = "Trevor Gamblin <tgamblin@baylibre.com>"
 RECIPE_MAINTAINER:pn-python3-certifi = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-cffi = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-chardet = "Tim Orling <tim.orling@konsulko.com>"
+RECIPE_MAINTAINER:pn-python3-click = "Wang Mingyu <wangmy@fujitsu.com>"
 RECIPE_MAINTAINER:pn-python3-cryptography = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-cryptography-vectors = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-cython = "Trevor Gamblin <tgamblin@baylibre.com>"
@@ -636,10 +642,12 @@
 RECIPE_MAINTAINER:pn-python3-iniconfig = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-iniparse = "Trevor Gamblin <tgamblin@baylibre.com>"
 RECIPE_MAINTAINER:pn-python3-iso8601 = "Tim Orling <tim.orling@konsulko.com>"
+RECIPE_MAINTAINER:pn-python3-isodate = "Leon Anavi <leon.anavi@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-installer = "Ross Burton <ross.burton@arm.com>"
 RECIPE_MAINTAINER:pn-python3-jinja2 = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER:pn-python3-jsonpointer = "Bruce Ashfield <bruce.ashfield@gmail.com>"
 RECIPE_MAINTAINER:pn-python3-jsonschema = "Bruce Ashfield <bruce.ashfield@gmail.com>"
+RECIPE_MAINTAINER:pn-python3-license-expression = "Wang Mingyu <wangmy@fujitsu.com>"
 RECIPE_MAINTAINER:pn-python3-libarchive-c = "Joshua Watt <JPEWhacker@gmail.com>"
 RECIPE_MAINTAINER:pn-python3-lxml = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-python3-magic = "Joshua Watt <JPEWhacker@gmail.com>"
@@ -675,6 +683,7 @@
 RECIPE_MAINTAINER:pn-python3-pytest-subtests = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-pytz = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-pyyaml = "Tim Orling <tim.orling@konsulko.com>"
+RECIPE_MAINTAINER:pn-python3-rdflib = "Wang Mingyu <wangmy@fujitsu.com>"
 RECIPE_MAINTAINER:pn-python3-requests = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-rfc3339-validator = "Bruce Ashfield <bruce.ashfield@gmail.com>"
 RECIPE_MAINTAINER:pn-python3-rfc3986-validator = "Bruce Ashfield <bruce.ashfield@gmail.com>"
@@ -690,6 +699,7 @@
 RECIPE_MAINTAINER:pn-python3-smmap = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-python3-snowballstemmer = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-sortedcontainers = "Tim Orling <tim.orling@konsulko.com>"
+RECIPE_MAINTAINER:pn-python3-spdx-tools = "Marta Rybczynska <mrybczynska@syslinbit.com>"
 RECIPE_MAINTAINER:pn-python3-sphinx = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-sphinxcontrib-qthelp = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-sphinxcontrib-devhelp = "Tim Orling <tim.orling@konsulko.com>"
@@ -706,11 +716,13 @@
 RECIPE_MAINTAINER:pn-python3-typing-extensions = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-typogrify = "Alexander Kanavin <alex.kanavin@gmail.com>"
 RECIPE_MAINTAINER:pn-python3-unittest-automake-output = "Ross Burton <ross.burton@arm.com>"
+RECIPE_MAINTAINER:pn-python3-uritools = "Marta Rybczynska <mrybczynska@syslinbit.com>"
 RECIPE_MAINTAINER:pn-python3-urllib3 = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-vcversioner = "Bruce Ashfield <bruce.ashfield@gmail.com>"
 RECIPE_MAINTAINER:pn-python3-wcwidth = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-webcolors = "Bruce Ashfield <bruce.ashfield@gmail.com>"
 RECIPE_MAINTAINER:pn-python3-wheel = "Tim Orling <tim.orling@konsulko.com>"
+RECIPE_MAINTAINER:pn-python3-xmltodict = "Leon Anavi <leon.anavi@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-zipp = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-qemu = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER:pn-qemu-helper-native = "Richard Purdie <richard.purdie@linuxfoundation.org>"
diff --git a/poky/meta/conf/distro/include/ptest-packagelists.inc b/poky/meta/conf/distro/include/ptest-packagelists.inc
index 9160103..fc42f95 100644
--- a/poky/meta/conf/distro/include/ptest-packagelists.inc
+++ b/poky/meta/conf/distro/include/ptest-packagelists.inc
@@ -47,6 +47,7 @@
     libxml-sax-base-perl \
     libxml-simple-perl \
     libxml2 \
+    libxmlb \
     logrotate \
     lua \
     lzo \
@@ -77,8 +78,8 @@
     zlib \
     libexif \
 "
-PTESTS_FAST:append:libc-glibc = " glibc-tests"
-PTESTS_PROBLEMS:remove:libc-glibc = "glibc-tests"
+PTESTS_FAST:append:libc-glibc = " glibc-y2038-tests"
+PTESTS_PROBLEMS:remove:libc-glibc = "glibc-y2038-tests"
 PTESTS_FAST:remove:mips64 = "qemu"
 PTESTS_PROBLEMS:append:mips64 = " qemu"
 PTESTS_FAST:remove:riscv32 = "qemu"
@@ -108,7 +109,10 @@
     perl \
     python3-cryptography \
     python3 \
+    python3-click \
+    python3-xmltodict \
     strace \
+    tar \
     tcl \
     util-linux \
     valgrind \
@@ -140,5 +144,6 @@
     libpam \
     libseccomp \
     numactl \
+    python3-license-expression \
     python3-numpy \
 "
diff --git a/poky/meta/conf/distro/include/tcmode-default.inc b/poky/meta/conf/distro/include/tcmode-default.inc
index 69280fd..707402e 100644
--- a/poky/meta/conf/distro/include/tcmode-default.inc
+++ b/poky/meta/conf/distro/include/tcmode-default.inc
@@ -21,10 +21,10 @@
 BINUVERSION ?= "2.41%"
 GDBVERSION ?= "13.%"
 GLIBCVERSION ?= "2.38%"
-LINUXLIBCVERSION ?= "6.4%"
+LINUXLIBCVERSION ?= "6.5%"
 QEMUVERSION ?= "8.1%"
 GOVERSION ?= "1.20%"
-LLVMVERSION ?= "16.%"
+LLVMVERSION ?= "17.%"
 RUSTVERSION ?= "1.70%"
 
 PREFERRED_VERSION_gcc ?= "${GCCVERSION}"
diff --git a/poky/meta/conf/distro/include/time64.inc b/poky/meta/conf/distro/include/time64.inc
index bc0c722..2e85753 100644
--- a/poky/meta/conf/distro/include/time64.inc
+++ b/poky/meta/conf/distro/include/time64.inc
@@ -19,7 +19,7 @@
 TARGET_CC_ARCH:append:x86 = "${@bb.utils.contains('TUNE_FEATURES', 'm32', '${GLIBC_64BIT_TIME_FLAGS}', '', d)}"
 
 GLIBC_64BIT_TIME_FLAGS:pn-glibc = ""
-GLIBC_64BIT_TIME_FLAGS:pn-glibc-tests = ""
+GLIBC_64BIT_TIME_FLAGS:pn-glibc-y2038-tests = ""
 GLIBC_64BIT_TIME_FLAGS:pn-glibc-testsuite = ""
 # pipewire-v4l2 explicitly sets _FILE_OFFSET_BITS=32 to get access to
 # both 32 and 64 bit file APIs.  But it does not handle the time side?
@@ -32,13 +32,11 @@
 # Undefines _FILE_OFFSET_BITS on purpose in
 # libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cpp
 GLIBC_64BIT_TIME_FLAGS:pn-gcc-sanitizers = ""
-# https://github.com/strace/strace/issues/250
-GLIBC_64BIT_TIME_FLAGS:pn-strace = ""
 
 # Caused by the flags exceptions above
 INSANE_SKIP:append:pn-gcc-sanitizers = " 32bit-time"
 INSANE_SKIP:append:pn-glibc = " 32bit-time"
-INSANE_SKIP:append:pn-glibc-tests = " 32bit-time"
+INSANE_SKIP:append:pn-glibc-y2038-tests = " 32bit-time"
 INSANE_SKIP:append:pn-pulseaudio = " 32bit-time"
 
 # Strace has tests that call 32 bit API directly, which is fair enough, e.g.
diff --git a/poky/meta/conf/machine/include/qemu.inc b/poky/meta/conf/machine/include/qemu.inc
index 0d71bcb..14feb86 100644
--- a/poky/meta/conf/machine/include/qemu.inc
+++ b/poky/meta/conf/machine/include/qemu.inc
@@ -8,6 +8,7 @@
 XSERVER ?= "xserver-xorg \
             ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'mesa-driver-swrast xserver-xorg-extension-glx', '', d)} \
             xf86-video-fbdev \
+            xf86-video-modesetting \
             "
 
 MACHINE_FEATURES = "alsa bluetooth usbgadget screen vfat"
diff --git a/poky/meta/lib/oe/__init__.py b/poky/meta/lib/oe/__init__.py
index 47be7b5..da7cbab 100644
--- a/poky/meta/lib/oe/__init__.py
+++ b/poky/meta/lib/oe/__init__.py
@@ -7,6 +7,6 @@
 from pkgutil import extend_path
 __path__ = extend_path(__path__, __name__)
 
-BBIMPORTS = ["data", "path", "utils", "types", "package", \
+BBIMPORTS = ["data", "path", "utils", "types", "package", "packagedata", \
              "packagegroup", "sstatesig", "lsb", "cachedpath", "license", \
              "qa", "reproducible", "rust", "buildcfg"]
diff --git a/poky/meta/lib/oe/package.py b/poky/meta/lib/oe/package.py
index 9d70925..1dd20f8 100644
--- a/poky/meta/lib/oe/package.py
+++ b/poky/meta/lib/oe/package.py
@@ -114,7 +114,7 @@
             return start == magic
     return False
 
-def strip_execs(pn, dstdir, strip_cmd, libdir, base_libdir, d, qa_already_stripped=False):
+def strip_execs(pn, dstdir, strip_cmd, libdir, base_libdir, max_process, qa_already_stripped=False):
     """
     Strip executable code (like executables, shared libraries) _in_place_
     - Based on sysroot_strip in staging.bbclass
@@ -122,6 +122,7 @@
     :param strip_cmd: Strip command (usually ${STRIP})
     :param libdir: ${libdir} - strip .so files in this directory
     :param base_libdir: ${base_libdir} - strip .so files in this directory
+    :param max_process: number of stripping processes started in parallel
     :param qa_already_stripped: Set to True if already-stripped' in ${INSANE_SKIP}
     This is for proper logging and messages only.
     """
@@ -164,7 +165,7 @@
                 # ...but is it ELF, and is it already stripped?
                 checkelf.append(file)
                 inodecache[file] = s.st_ino
-    results = oe.utils.multiprocess_launch(is_elf, checkelf, d)
+    results = oe.utils.multiprocess_launch_mp(is_elf, checkelf, max_process)
     for (file, elf_file) in results:
                 #elf_file = is_elf(file)
                 if elf_file & 1:
@@ -192,7 +193,7 @@
         elf_file = int(elffiles[file])
         sfiles.append((file, elf_file, strip_cmd))
 
-    oe.utils.multiprocess_launch(runstrip, sfiles, d)
+    oe.utils.multiprocess_launch_mp(runstrip, sfiles, max_process)
 
 
 def file_translate(file):
diff --git a/poky/meta/lib/oe/package_manager/deb/sdk.py b/poky/meta/lib/oe/package_manager/deb/sdk.py
index 653e42a..6f30050 100644
--- a/poky/meta/lib/oe/package_manager/deb/sdk.py
+++ b/poky/meta/lib/oe/package_manager/deb/sdk.py
@@ -69,7 +69,12 @@
 
         self.target_pm.run_pre_post_installs()
 
+        env_bkp = os.environ.copy()
+        os.environ['PATH'] = self.d.expand("${COREBASE}/scripts/nativesdk-intercept") + \
+                             os.pathsep + os.environ["PATH"]
+
         self.target_pm.run_intercepts(populate_sdk='target')
+        os.environ.update(env_bkp)
 
         execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_TARGET_COMMAND"))
 
diff --git a/poky/meta/lib/oe/package_manager/ipk/sdk.py b/poky/meta/lib/oe/package_manager/ipk/sdk.py
index 6a1f167..cc7a7ed 100644
--- a/poky/meta/lib/oe/package_manager/ipk/sdk.py
+++ b/poky/meta/lib/oe/package_manager/ipk/sdk.py
@@ -63,7 +63,12 @@
 
         self.target_pm.install_complementary(self.d.getVar('SDKIMAGE_INSTALL_COMPLEMENTARY'))
 
+        env_bkp = os.environ.copy()
+        os.environ['PATH'] = self.d.expand("${COREBASE}/scripts/nativesdk-intercept") + \
+                             os.pathsep + os.environ["PATH"]
+
         self.target_pm.run_intercepts(populate_sdk='target')
+        os.environ.update(env_bkp)
 
         execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_TARGET_COMMAND"))
 
diff --git a/poky/meta/lib/oe/package_manager/rpm/sdk.py b/poky/meta/lib/oe/package_manager/rpm/sdk.py
index 85df6e9..ea79fe0 100644
--- a/poky/meta/lib/oe/package_manager/rpm/sdk.py
+++ b/poky/meta/lib/oe/package_manager/rpm/sdk.py
@@ -67,7 +67,12 @@
 
         self.target_pm.install_complementary(self.d.getVar('SDKIMAGE_INSTALL_COMPLEMENTARY'))
 
+        env_bkp = os.environ.copy()
+        os.environ['PATH'] = self.d.expand("${COREBASE}/scripts/nativesdk-intercept") + \
+                             os.pathsep + os.environ["PATH"]
+
         self.target_pm.run_intercepts(populate_sdk='target')
+        os.environ.update(env_bkp)
 
         execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_TARGET_COMMAND"))
 
diff --git a/poky/meta/lib/oe/qa.py b/poky/meta/lib/oe/qa.py
index de98063..f8ae3c7 100644
--- a/poky/meta/lib/oe/qa.py
+++ b/poky/meta/lib/oe/qa.py
@@ -216,8 +216,8 @@
 def check_upstream_status(fullpath):
     import re
     kinda_status_re = re.compile(r"^.*upstream.*status.*$", re.IGNORECASE | re.MULTILINE)
-    strict_status_re = re.compile(r"^Upstream-Status: (Pending|Submitted|Denied|Accepted|Inappropriate|Backport|Inactive-Upstream)( .+)?$", re.MULTILINE)
-    guidelines = "https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines#Patch_Header_Recommendations:_Upstream-Status"
+    strict_status_re = re.compile(r"^Upstream-Status: (Pending|Submitted|Denied|Inappropriate|Backport|Inactive-Upstream)( .+)?$", re.MULTILINE)
+    guidelines = "https://docs.yoctoproject.org/contributor-guide/recipe-style-guide.html#patch-upstream-status"
 
     with open(fullpath, encoding='utf-8', errors='ignore') as f:
         file_content = f.read()
diff --git a/poky/meta/lib/oe/sbom.py b/poky/meta/lib/oe/sbom.py
index 1130fa6..fd4b689 100644
--- a/poky/meta/lib/oe/sbom.py
+++ b/poky/meta/lib/oe/sbom.py
@@ -38,16 +38,34 @@
     return "SPDXRef-SDK-%s" % sdk
 
 
-def doc_path_by_namespace(spdx_deploy, doc_namespace):
-    return spdx_deploy / "by-namespace" / doc_namespace.replace("/", "_")
+def _doc_path_by_namespace(spdx_deploy, arch, doc_namespace):
+    return spdx_deploy / "by-namespace" / arch / doc_namespace.replace("/", "_")
 
 
-def doc_path_by_hashfn(spdx_deploy, doc_name, hashfn):
-    return spdx_deploy / "by-hash" / hashfn.split()[1] / (doc_name + ".spdx.json")
+def doc_find_by_namespace(spdx_deploy, search_arches, doc_namespace):
+    for pkgarch in search_arches:
+        p = _doc_path_by_namespace(spdx_deploy, pkgarch, doc_namespace)
+        if os.path.exists(p):
+            return p
+    return None
+
+
+def _doc_path_by_hashfn(spdx_deploy, arch, doc_name, hashfn):
+    return (
+        spdx_deploy / "by-hash" / arch / hashfn.split()[1] / (doc_name + ".spdx.json")
+    )
+
+
+def doc_find_by_hashfn(spdx_deploy, search_arches, doc_name, hashfn):
+    for pkgarch in search_arches:
+        p = _doc_path_by_hashfn(spdx_deploy, pkgarch, doc_name, hashfn)
+        if os.path.exists(p):
+            return p
+    return None
 
 
 def doc_path(spdx_deploy, doc_name, arch, subdir):
-    return spdx_deploy / arch/ subdir / (doc_name + ".spdx.json")
+    return spdx_deploy / arch / subdir / (doc_name + ".spdx.json")
 
 
 def write_doc(d, spdx_doc, arch, subdir, spdx_deploy=None, indent=None):
@@ -61,11 +79,13 @@
     with dest.open("wb") as f:
         doc_sha1 = spdx_doc.to_json(f, sort_keys=True, indent=indent)
 
-    l = doc_path_by_namespace(spdx_deploy, spdx_doc.documentNamespace)
+    l = _doc_path_by_namespace(spdx_deploy, arch, spdx_doc.documentNamespace)
     l.parent.mkdir(exist_ok=True, parents=True)
     l.symlink_to(os.path.relpath(dest, l.parent))
 
-    l = doc_path_by_hashfn(spdx_deploy, spdx_doc.name, d.getVar("BB_HASHFILENAME"))
+    l = _doc_path_by_hashfn(
+        spdx_deploy, arch, spdx_doc.name, d.getVar("BB_HASHFILENAME")
+    )
     l.parent.mkdir(exist_ok=True, parents=True)
     l.symlink_to(os.path.relpath(dest, l.parent))
 
diff --git a/poky/meta/lib/oe/utils.py b/poky/meta/lib/oe/utils.py
index 1658f35..a3b1bb1 100644
--- a/poky/meta/lib/oe/utils.py
+++ b/poky/meta/lib/oe/utils.py
@@ -264,10 +264,17 @@
         bb.note("Executing %s ..." % cmd)
         bb.build.exec_func(cmd, d)
 
-# For each item in items, call the function 'target' with item as the first 
+def get_bb_number_threads(d):
+    return int(d.getVar("BB_NUMBER_THREADS") or os.cpu_count() or 1)
+
+def multiprocess_launch(target, items, d, extraargs=None):
+    max_process = get_bb_number_threads(d)
+    return multiprocess_launch_mp(target, items, max_process, extraargs)
+
+# For each item in items, call the function 'target' with item as the first
 # argument, extraargs as the other arguments and handle any exceptions in the
 # parent thread
-def multiprocess_launch(target, items, d, extraargs=None):
+def multiprocess_launch_mp(target, items, max_process, extraargs=None):
 
     class ProcessLaunch(multiprocessing.Process):
         def __init__(self, *args, **kwargs):
@@ -302,7 +309,6 @@
             self.update()
             return self._result
 
-    max_process = int(d.getVar("BB_NUMBER_THREADS") or os.cpu_count() or 1)
     launched = []
     errors = []
     results = []
diff --git a/poky/meta/lib/oeqa/core/runner.py b/poky/meta/lib/oeqa/core/runner.py
index 5077eb8..a86a706 100644
--- a/poky/meta/lib/oeqa/core/runner.py
+++ b/poky/meta/lib/oeqa/core/runner.py
@@ -44,6 +44,7 @@
         self.endtime = {}
         self.progressinfo = {}
         self.extraresults = {}
+        self.shownmsg = []
 
         # Inject into tc so that TestDepends decorator can see results
         tc.results = self
@@ -74,6 +75,7 @@
             for (scase, msg) in getattr(self, t):
                 if test.id() == scase.id():
                     self.tc.logger.info(str(msg))
+                    self.shownmsg.append(test.id())
                     break
 
     def logSummary(self, component, context_msg=''):
@@ -169,7 +171,6 @@
 
     def logDetails(self, json_file_dir=None, configuration=None, result_id=None,
             dump_streams=False):
-        self.tc.logger.info("RESULTS:")
 
         result = self.extraresults
         logs = {}
@@ -193,6 +194,10 @@
             report = {'status': status}
             if log:
                 report['log'] = log
+                # Class setup failures wouldn't enter stopTest so would never display
+                if case.id() not in self.shownmsg:
+                    self.tc.logger.info("Failure (%s) for %s:\n" % (status, case.id()) + log)
+
             if duration:
                 report['duration'] = duration
 
@@ -215,6 +220,7 @@
                 report['stderr'] = stderr
             result[case.id()] = report
 
+        self.tc.logger.info("RESULTS:")
         for i in ['PASSED', 'SKIPPED', 'EXPECTEDFAIL', 'ERROR', 'FAILED', 'UNKNOWN']:
             if i not in logs:
                 continue
diff --git a/poky/meta/lib/oeqa/core/utils/concurrencytest.py b/poky/meta/lib/oeqa/core/utils/concurrencytest.py
index 4f77589..5e20b0e 100644
--- a/poky/meta/lib/oeqa/core/utils/concurrencytest.py
+++ b/poky/meta/lib/oeqa/core/utils/concurrencytest.py
@@ -193,11 +193,12 @@
 #
 class ConcurrentTestSuite(unittest.TestSuite):
 
-    def __init__(self, suite, processes, setupfunc, removefunc):
+    def __init__(self, suite, processes, setupfunc, removefunc, bb_vars):
         super(ConcurrentTestSuite, self).__init__([suite])
         self.processes = processes
         self.setupfunc = setupfunc
         self.removefunc = removefunc
+        self.bb_vars = bb_vars
 
     def run(self, result):
         testservers, totaltests = fork_for_tests(self.processes, self)
@@ -243,7 +244,7 @@
 def fork_for_tests(concurrency_num, suite):
     testservers = []
     if 'BUILDDIR' in os.environ:
-        selftestdir = get_test_layer()
+        selftestdir = get_test_layer(suite.bb_vars['BBLAYERS'])
 
     test_blocks = partition_tests(suite, concurrency_num)
     # Clear the tests from the original suite so it doesn't keep them alive
diff --git a/poky/meta/lib/oeqa/runtime/cases/buildcpio.py b/poky/meta/lib/oeqa/runtime/cases/buildcpio.py
index 3728855..ce122eb 100644
--- a/poky/meta/lib/oeqa/runtime/cases/buildcpio.py
+++ b/poky/meta/lib/oeqa/runtime/cases/buildcpio.py
@@ -14,7 +14,7 @@
 
     @classmethod
     def setUpClass(cls):
-        uri = 'https://downloads.yoctoproject.org/mirror/sources/cpio-2.13.tar.gz'
+        uri = 'https://downloads.yoctoproject.org/mirror/sources/cpio-2.14.tar.gz'
         cls.project = TargetBuildProject(cls.tc.target,
                                          uri,
                                          dl_dir = cls.tc.td['DL_DIR'])
diff --git a/poky/meta/lib/oeqa/runtime/cases/go.py b/poky/meta/lib/oeqa/runtime/cases/go.py
index 7514d10..39a80f4 100644
--- a/poky/meta/lib/oeqa/runtime/cases/go.py
+++ b/poky/meta/lib/oeqa/runtime/cases/go.py
@@ -18,4 +18,4 @@
         self.assertEqual(status, 0, msg=msg)
 
         msg = 'Incorrect output: %s' % output
-        self.assertEqual(output, "Hello, Go examples!", msg=msg)
+        self.assertEqual(output, "Hello, world!", msg=msg)
diff --git a/poky/meta/lib/oeqa/runtime/cases/parselogs.py b/poky/meta/lib/oeqa/runtime/cases/parselogs.py
index e67d375..a805edd 100644
--- a/poky/meta/lib/oeqa/runtime/cases/parselogs.py
+++ b/poky/meta/lib/oeqa/runtime/cases/parselogs.py
@@ -4,17 +4,12 @@
 # SPDX-License-Identifier: MIT
 #
 
+import collections
 import os
 
-from subprocess import check_output
 from shutil import rmtree
 from oeqa.runtime.case import OERuntimeTestCase
 from oeqa.core.decorator.depends import OETestDepends
-from oeqa.core.decorator.data import skipIfDataVar
-from oeqa.runtime.decorator.package import OEHasPackage
-
-#in the future these lists could be moved outside of module
-errors = ["error", "cannot", "can\'t", "failed"]
 
 common_errors = [
     "(WW) warning, (EE) error, (NI) not implemented, (??) unknown.",
@@ -69,11 +64,9 @@
     "xf86OpenConsole: Switching VT failed",
     "Failed to read LoaderConfigTimeoutOneShot variable, ignoring: Operation not supported",
     "Failed to read LoaderEntryOneShot variable, ignoring: Operation not supported",
+    "invalid BAR (can't size)",
     ]
 
-video_related = [
-]
-
 x86_common = [
     '[drm:psb_do_init] *ERROR* Debug is',
     'wrong ELF class',
@@ -105,16 +98,13 @@
     'default' : common_errors,
     'qemux86' : [
         'Failed to access perfctr msr (MSR',
-        'pci 0000:00:00.0: [Firmware Bug]: reg 0x..: invalid BAR (can\'t size)',
         ] + qemux86_common,
     'qemux86-64' : qemux86_common,
     'qemumips' : [
         'Failed to load module "glx"',
-        'pci 0000:00:00.0: [Firmware Bug]: reg 0x..: invalid BAR (can\'t size)',
         'cacheinfo: Failed to find cpu0 device node',
         ] + common_errors,
     'qemumips64' : [
-        'pci 0000:00:00.0: [Firmware Bug]: reg 0x..: invalid BAR (can\'t size)',
         'cacheinfo: Failed to find cpu0 device node',
          ] + common_errors,
     'qemuppc' : [
@@ -206,17 +196,19 @@
         ] + common_errors,
 }
 
-log_locations = ["/var/log/","/var/log/dmesg", "/tmp/dmesg_output.log"]
-
 class ParseLogsTest(OERuntimeTestCase):
 
+    # Which log files should be collected
+    log_locations = ["/var/log/", "/var/log/dmesg", "/tmp/dmesg_output.log"]
+
+    # The keywords that identify error messages in the log files
+    errors = ["error", "cannot", "can't", "failed"]
+
     @classmethod
     def setUpClass(cls):
-        cls.errors = errors
-
         # When systemd is enabled we need to notice errors on
         # circular dependencies in units.
-        if 'systemd' in cls.td.get('DISTRO_FEATURES', ''):
+        if 'systemd' in cls.td.get('DISTRO_FEATURES'):
             cls.errors.extend([
                 'Found ordering cycle on',
                 'Breaking ordering cycle by deleting job',
@@ -224,48 +216,13 @@
                 'Ordering cycle found, skipping',
                 ])
 
-        cls.ignore_errors = ignore_errors
-        cls.log_locations = log_locations
-        cls.msg = ''
-        is_lsb, _ = cls.tc.target.run("which LSB_Test.sh")
-        if is_lsb == 0:
-            for machine in cls.ignore_errors:
-                cls.ignore_errors[machine] = cls.ignore_errors[machine] \
-                                             + video_related
+        cls.errors = [s.casefold() for s in cls.errors]
 
-    def getMachine(self):
-        return self.td.get('MACHINE', '')
-
-    def getWorkdir(self):
-        return self.td.get('WORKDIR', '')
-
-    # Get some information on the CPU of the machine to display at the
-    # beginning of the output. This info might be useful in some cases.
-    def getHardwareInfo(self):
-        hwi = ""
-        cmd = ('cat /proc/cpuinfo | grep "model name" | head -n1 | '
-               " awk 'BEGIN{FS=\":\"}{print $2}'")
-        _, cpu_name = self.target.run(cmd)
-
-        cmd = ('cat /proc/cpuinfo | grep "cpu cores" | head -n1 | '
-               "awk {'print $4'}")
-        _, cpu_physical_cores = self.target.run(cmd)
-
-        cmd = 'cat /proc/cpuinfo | grep "processor" | wc -l'
-        _, cpu_logical_cores = self.target.run(cmd)
-
-        _, cpu_arch = self.target.run('uname -m')
-
-        hwi += 'Machine information: \n'
-        hwi += '*******************************\n'
-        hwi += 'Machine name: ' + self.getMachine() + '\n'
-        hwi += 'CPU: ' + str(cpu_name) + '\n'
-        hwi += 'Arch: ' + str(cpu_arch)+ '\n'
-        hwi += 'Physical cores: ' + str(cpu_physical_cores) + '\n'
-        hwi += 'Logical cores: ' + str(cpu_logical_cores) + '\n'
-        hwi += '*******************************\n'
-
-        return hwi
+        try:
+            cls.ignore_errors = [s.casefold() for s in ignore_errors[cls.td.get('MACHINE')]]
+        except KeyError:
+            cls.logger.info('No ignore list found for this machine, using default')
+            cls.ignore_errors = [s.casefold() for s in ignore_errors['default']]
 
     # Go through the log locations provided and if it's a folder
     # create a list with all the .log files in it, if it's a file
@@ -273,23 +230,23 @@
     def getLogList(self, log_locations):
         logs = []
         for location in log_locations:
-            status, _ = self.target.run('test -f ' + str(location))
+            status, _ = self.target.run('test -f %s' % location)
             if status == 0:
-                logs.append(str(location))
+                logs.append(location)
             else:
-                status, _ = self.target.run('test -d ' + str(location))
+                status, _ = self.target.run('test -d %s' % location)
                 if status == 0:
-                    cmd = 'find ' + str(location) + '/*.log -maxdepth 1 -type f'
+                    cmd = 'find %s -name \\*.log -maxdepth 1 -type f' % location
                     status, output = self.target.run(cmd)
                     if status == 0:
                         output = output.splitlines()
                         for logfile in output:
-                            logs.append(os.path.join(location, str(logfile)))
+                            logs.append(os.path.join(location, logfile))
         return logs
 
     # Copy the log files to be parsed locally
     def transfer_logs(self, log_list):
-        workdir = self.getWorkdir()
+        workdir = self.td.get('WORKDIR')
         self.target_logs = workdir + '/' + 'target_logs'
         target_logs = self.target_logs
         if os.path.exists(target_logs):
@@ -306,65 +263,55 @@
         logs = [f for f in dir_files if os.path.isfile(f)]
         return logs
 
-    # Build the grep command to be used with filters and exclusions
-    def build_grepcmd(self, errors, ignore_errors, log):
-        grepcmd = 'grep '
-        grepcmd += '-Ei "'
-        for error in errors:
-            grepcmd += r'\<' + error + r'\>' + '|'
-        grepcmd = grepcmd[:-1]
-        grepcmd += '" ' + str(log) + " | grep -Eiv \'"
+    def get_context(self, lines, index, before=6, after=3):
+        """
+        Given a set of lines and the index of the line that is important, return
+        a number of lines surrounding that line.
+        """
+        last = len(lines)
 
-        try:
-            errorlist = ignore_errors[self.getMachine()]
-        except KeyError:
-            self.msg += 'No ignore list found for this machine, using default\n'
-            errorlist = ignore_errors['default']
+        start = index - before
+        end = index + after + 1
 
-        for ignore_error in errorlist:
-            ignore_error = ignore_error.replace('(', r'\(')
-            ignore_error = ignore_error.replace(')', r'\)')
-            ignore_error = ignore_error.replace("'", '.')
-            ignore_error = ignore_error.replace('?', r'\?')
-            ignore_error = ignore_error.replace('[', r'\[')
-            ignore_error = ignore_error.replace(']', r'\]')
-            ignore_error = ignore_error.replace('*', r'\*')
-            ignore_error = ignore_error.replace('0-9', '[0-9]')
-            grepcmd += ignore_error + '|'
-        grepcmd = grepcmd[:-1]
-        grepcmd += "\'"
+        if start < 0:
+            end -= start
+            start = 0
+        if end > last:
+            start -= end - last
+            end = last
 
-        return grepcmd
+        return lines[start:end]
 
-    # Grep only the errors so that their context could be collected.
-    # Default context is 10 lines before and after the error itself
-    def parse_logs(self, errors, ignore_errors, logs,
-                   lines_before = 10, lines_after = 10):
-        results = {}
-        rez = []
-        grep_output = ''
+    def test_get_context(self):
+        """
+        A test case for the test case.
+        """
+        lines = list(range(0,10))
+        self.assertEqual(self.get_context(lines, 0, 2, 1), [0, 1, 2, 3])
+        self.assertEqual(self.get_context(lines, 5, 2, 1), [3, 4, 5, 6])
+        self.assertEqual(self.get_context(lines, 9, 2, 1), [6, 7, 8, 9])
+
+    def parse_logs(self, logs, lines_before=10, lines_after=10):
+        """
+        Search the log files @logs looking for error lines (marked by
+        @self.errors), ignoring anything listed in @self.ignore_errors.
+
+        Returns a dictionary of log filenames to a dictionary of error lines to
+        the error context (controlled by @lines_before and @lines_after).
+        """
+        results = collections.defaultdict(dict)
 
         for log in logs:
-            result = None
-            thegrep = self.build_grepcmd(errors, ignore_errors, log)
+            with open(log) as f:
+                lines = f.readlines()
 
-            try:
-                result = check_output(thegrep, shell=True).decode('utf-8')
-            except:
-                pass
+            for i, line in enumerate(lines):
+                line = line.strip()
+                line_lower = line.casefold()
 
-            if result is not None:
-                results[log] = {}
-                rez = result.splitlines()
-
-                for xrez in rez:
-                    try:
-                        cmd = ['grep', '-F', xrez, '-B', str(lines_before)]
-                        cmd += ['-A', str(lines_after), log]
-                        grep_output = check_output(cmd).decode('utf-8')
-                    except:
-                        pass
-                    results[log][xrez]=grep_output
+                if any(keyword in line_lower for keyword in self.errors):
+                    if not any(ignore in line_lower for ignore in self.ignore_errors):
+                        results[log][line] = "".join(self.get_context(lines, i, lines_before, lines_after))
 
         return results
 
@@ -377,17 +324,18 @@
     def test_parselogs(self):
         self.write_dmesg()
         log_list = self.get_local_log_list(self.log_locations)
-        result = self.parse_logs(self.errors, self.ignore_errors, log_list)
-        print(self.getHardwareInfo())
+        result = self.parse_logs(log_list)
+
         errcount = 0
+        self.msg = ""
         for log in result:
             self.msg += 'Log: ' + log + '\n'
             self.msg += '-----------------------\n'
             for error in result[log]:
                 errcount += 1
-                self.msg += 'Central error: ' + str(error) + '\n'
+                self.msg += 'Central error: ' + error + '\n'
                 self.msg +=  '***********************\n'
-                self.msg +=  result[str(log)][str(error)] + '\n'
+                self.msg +=  result[log][error] + '\n'
                 self.msg +=  '***********************\n'
         self.msg += '%s errors found in logs.' % errcount
         self.assertEqual(errcount, 0, msg=self.msg)
diff --git a/poky/meta/lib/oeqa/runtime/cases/ptest.py b/poky/meta/lib/oeqa/runtime/cases/ptest.py
index 23a71ea..fbaeb84 100644
--- a/poky/meta/lib/oeqa/runtime/cases/ptest.py
+++ b/poky/meta/lib/oeqa/runtime/cases/ptest.py
@@ -96,7 +96,7 @@
         failed_tests = {}
 
         for section in sections:
-            if 'exitcode' in sections[section].keys():
+            if 'exitcode' in sections[section].keys() or 'timeout' in sections[section].keys():
                 failed_tests[section] = sections[section]["log"]
 
         for section in results:
diff --git a/poky/meta/lib/oeqa/sdk/cases/buildcpio.py b/poky/meta/lib/oeqa/sdk/cases/buildcpio.py
index c42c670..33b946f 100644
--- a/poky/meta/lib/oeqa/sdk/cases/buildcpio.py
+++ b/poky/meta/lib/oeqa/sdk/cases/buildcpio.py
@@ -19,10 +19,10 @@
     """
     def test_cpio(self):
         with tempfile.TemporaryDirectory(prefix="cpio-", dir=self.tc.sdk_dir) as testdir:
-            tarball = self.fetch(testdir, self.td["DL_DIR"], "https://ftp.gnu.org/gnu/cpio/cpio-2.13.tar.gz")
+            tarball = self.fetch(testdir, self.td["DL_DIR"], "https://ftp.gnu.org/gnu/cpio/cpio-2.14.tar.gz")
 
             dirs = {}
-            dirs["source"] = os.path.join(testdir, "cpio-2.13")
+            dirs["source"] = os.path.join(testdir, "cpio-2.14")
             dirs["build"] = os.path.join(testdir, "build")
             dirs["install"] = os.path.join(testdir, "install")
 
diff --git a/poky/meta/lib/oeqa/selftest/cases/bbtests.py b/poky/meta/lib/oeqa/selftest/cases/bbtests.py
index 31aa568..d242352 100644
--- a/poky/meta/lib/oeqa/selftest/cases/bbtests.py
+++ b/poky/meta/lib/oeqa/selftest/cases/bbtests.py
@@ -236,8 +236,11 @@
         result = bitbake('selftest-ed', ignore_status=True)
         self.assertEqual(result.status, 0, "Bitbake failed, exit code %s, output %s" % (result.status, result.output))
         lic_dir = get_bb_var('LICENSE_DIRECTORY')
-        self.assertFalse(os.path.isfile(os.path.join(lic_dir, 'selftest-ed/generic_GPL-3.0-or-later')))
-        self.assertTrue(os.path.isfile(os.path.join(lic_dir, 'selftest-ed/generic_GPL-2.0-or-later')))
+        arch = get_bb_var('SSTATE_PKGARCH')
+        filename = os.path.join(lic_dir, arch, 'selftest-ed', 'generic_GPL-3.0-or-later')
+        self.assertFalse(os.path.isfile(filename), msg="License file %s exists and shouldn't" % filename)
+        filename = os.path.join(lic_dir, arch, 'selftest-ed', 'generic_GPL-2.0-or-later')
+        self.assertTrue(os.path.isfile(filename), msg="License file %s doesn't exist" % filename)
 
     def test_setscene_only(self):
         """ Bitbake option to restore from sstate only within a build (i.e. execute no real tasks, only setscene)"""
diff --git a/poky/meta/lib/oeqa/selftest/cases/devtool.py b/poky/meta/lib/oeqa/selftest/cases/devtool.py
index a2b77e5..b577f6d 100644
--- a/poky/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/poky/meta/lib/oeqa/selftest/cases/devtool.py
@@ -256,6 +256,31 @@
         if remaining_removelines:
             self.fail('Expected removed lines not found: %s' % remaining_removelines)
 
+    def _check_runqemu_prerequisites(self):
+        """Check runqemu is available
+
+        Whilst some tests would seemingly be better placed as a runtime test,
+        unfortunately the runtime tests run under bitbake and you can't run
+        devtool within bitbake (since devtool needs to run bitbake itself).
+        Additionally we are testing build-time functionality as well, so
+        really this has to be done as an oe-selftest test.
+        """
+        machine = get_bb_var('MACHINE')
+        if not machine.startswith('qemu'):
+            self.skipTest('This test only works with qemu machines')
+        if not os.path.exists('/etc/runqemu-nosudo'):
+            self.skipTest('You must set up tap devices with scripts/runqemu-gen-tapdevs before running this test')
+        result = runCmd('PATH="$PATH:/sbin:/usr/sbin" ip tuntap show', ignore_status=True)
+        if result.status != 0:
+            result = runCmd('PATH="$PATH:/sbin:/usr/sbin" ifconfig -a', ignore_status=True)
+            if result.status != 0:
+                self.skipTest('Failed to determine if tap devices exist with ifconfig or ip: %s' % result.output)
+        for line in result.output.splitlines():
+            if line.startswith('tap'):
+                break
+        else:
+            self.skipTest('No tap devices found - you must set up tap devices with scripts/runqemu-gen-tapdevs before running this test')
+
     def _test_devtool_add_git_url(self, git_url, version, pn, resulting_src_uri):
         self.track_for_cleanup(self.workspacedir)
         self.add_command_to_tearDown('bitbake-layers remove-layer */workspace')
@@ -1616,28 +1641,7 @@
 
     @OETestTag("runqemu")
     def test_devtool_deploy_target(self):
-        # NOTE: Whilst this test would seemingly be better placed as a runtime test,
-        # unfortunately the runtime tests run under bitbake and you can't run
-        # devtool within bitbake (since devtool needs to run bitbake itself).
-        # Additionally we are testing build-time functionality as well, so
-        # really this has to be done as an oe-selftest test.
-        #
-        # Check preconditions
-        machine = get_bb_var('MACHINE')
-        if not machine.startswith('qemu'):
-            self.skipTest('This test only works with qemu machines')
-        if not os.path.exists('/etc/runqemu-nosudo'):
-            self.skipTest('You must set up tap devices with scripts/runqemu-gen-tapdevs before running this test')
-        result = runCmd('PATH="$PATH:/sbin:/usr/sbin" ip tuntap show', ignore_status=True)
-        if result.status != 0:
-            result = runCmd('PATH="$PATH:/sbin:/usr/sbin" ifconfig -a', ignore_status=True)
-            if result.status != 0:
-                self.skipTest('Failed to determine if tap devices exist with ifconfig or ip: %s' % result.output)
-        for line in result.output.splitlines():
-            if line.startswith('tap'):
-                break
-        else:
-            self.skipTest('No tap devices found - you must set up tap devices with scripts/runqemu-gen-tapdevs before running this test')
+        self._check_runqemu_prerequisites()
         self.assertTrue(not os.path.exists(self.workspacedir), 'This test cannot be run with a workspace directory under the build directory')
         # Definitions
         testrecipe = 'mdadm'
diff --git a/poky/meta/lib/oeqa/selftest/cases/meta_ide.py b/poky/meta/lib/oeqa/selftest/cases/meta_ide.py
index 59270fb..e446d93 100644
--- a/poky/meta/lib/oeqa/selftest/cases/meta_ide.py
+++ b/poky/meta/lib/oeqa/selftest/cases/meta_ide.py
@@ -44,7 +44,7 @@
     def test_meta_ide_can_build_cpio_project(self):
         dl_dir = self.td.get('DL_DIR', None)
         self.project = SDKBuildProject(self.tmpdir_metaideQA + "/cpio/", self.environment_script_path,
-                        "https://ftp.gnu.org/gnu/cpio/cpio-2.13.tar.gz",
+                        "https://ftp.gnu.org/gnu/cpio/cpio-2.14.tar.gz",
                         self.tmpdir_metaideQA, self.td['DATETIME'], dl_dir=dl_dir)
         self.project.download_archive()
         self.assertEqual(self.project.run_configure('$CONFIGURE_FLAGS --disable-maintainer-mode','sed -i -e "/char \*program_name/d" src/global.c;'), 0,
diff --git a/poky/meta/lib/oeqa/selftest/cases/oescripts.py b/poky/meta/lib/oeqa/selftest/cases/oescripts.py
index 7d3a00e..f69efcc 100644
--- a/poky/meta/lib/oeqa/selftest/cases/oescripts.py
+++ b/poky/meta/lib/oeqa/selftest/cases/oescripts.py
@@ -36,18 +36,16 @@
         if expected_endlines:
             self.fail('Missing expected line endings:\n  %s' % '\n  '.join(expected_endlines))
 
-class OEScriptTests(OESelftestTestCase):
-    scripts_dir = os.path.join(get_bb_var('COREBASE'), 'scripts')
-
 @unittest.skipUnless(importlib.util.find_spec("cairo"), "Python cairo module is not present")
-class OEPybootchartguyTests(OEScriptTests):
+class OEPybootchartguyTests(OESelftestTestCase):
 
     @classmethod
     def setUpClass(cls):
-        super(OEScriptTests, cls).setUpClass()
+        super().setUpClass()
         bitbake("core-image-minimal -c rootfs -f")
         cls.tmpdir = get_bb_var('TMPDIR')
         cls.buildstats = cls.tmpdir + "/buildstats/" + sorted(os.listdir(cls.tmpdir + "/buildstats"))[-1]
+        cls.scripts_dir = os.path.join(get_bb_var('COREBASE'), 'scripts')
 
     def test_pybootchartguy_help(self):
         runCmd('%s/pybootchartgui/pybootchartgui.py  --help' % self.scripts_dir)
@@ -65,7 +63,12 @@
         self.assertTrue(os.path.exists(self.tmpdir + "/charts.pdf"))
 
 
-class OEGitproxyTests(OEScriptTests):
+class OEGitproxyTests(OESelftestTestCase):
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.scripts_dir = os.path.join(get_bb_var('COREBASE'), 'scripts')
 
     def test_oegitproxy_help(self):
         try:
@@ -126,7 +129,13 @@
         result = runCmd("oe-run-native qemu-helper-native qemu-oe-bridge-helper --help")
         self.assertIn("Helper function to find and exec qemu-bridge-helper", result.output)
 
-class OEListPackageconfigTests(OEScriptTests):
+class OEListPackageconfigTests(OESelftestTestCase):
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.scripts_dir = os.path.join(get_bb_var('COREBASE'), 'scripts')
+
     #oe-core.scripts.List_all_the_PACKAGECONFIG's_flags
     def check_endlines(self, results,  expected_endlines): 
         for line in results.output.splitlines():
diff --git a/poky/meta/lib/oeqa/selftest/cases/reproducible.py b/poky/meta/lib/oeqa/selftest/cases/reproducible.py
index 4c6ed4e..84c6c3a 100644
--- a/poky/meta/lib/oeqa/selftest/cases/reproducible.py
+++ b/poky/meta/lib/oeqa/selftest/cases/reproducible.py
@@ -128,23 +128,17 @@
 class ReproducibleTests(OESelftestTestCase):
     # Test the reproducibility of whatever is built between sstate_targets and targets
 
-    package_classes = get_bb_var("OEQA_REPRODUCIBLE_TEST_PACKAGE")
-    if package_classes:
-        package_classes = package_classes.split()
-    else:
-        package_classes = ['deb', 'ipk', 'rpm']
+    package_classes = ['deb', 'ipk', 'rpm']
 
     # Maximum report size, in bytes
     max_report_size = 250 * 1024 * 1024
 
     # targets are the things we want to test the reproducibility of
-    targets = get_bb_var("OEQA_REPRODUCIBLE_TEST_TARGET")
-    if targets:
-        targets = targets.split()
-    else:
-        targets = ['core-image-minimal', 'core-image-sato', 'core-image-full-cmdline', 'core-image-weston', 'world']
+    targets = ['core-image-minimal', 'core-image-sato', 'core-image-full-cmdline', 'core-image-weston', 'world']
+
     # sstate targets are things to pull from sstate to potentially cut build/debugging time
-    sstate_targets = (get_bb_var("OEQA_REPRODUCIBLE_TEST_SSTATE_TARGETS") or "").split()
+    sstate_targets = []
+
     save_results = False
     if 'OEQA_DEBUGGING_SAVED_OUTPUT' in os.environ:
         save_results = os.environ['OEQA_DEBUGGING_SAVED_OUTPUT']
@@ -159,11 +153,20 @@
 
     def setUpLocal(self):
         super().setUpLocal()
-        needed_vars = ['TOPDIR', 'TARGET_PREFIX', 'BB_NUMBER_THREADS', 'BB_HASHSERVE']
+        needed_vars = ['TOPDIR', 'TARGET_PREFIX', 'BB_NUMBER_THREADS', 'BB_HASHSERVE', 'OEQA_REPRODUCIBLE_TEST_PACKAGE', 'OEQA_REPRODUCIBLE_TEST_TARGET', 'OEQA_REPRODUCIBLE_TEST_SSTATE_TARGETS']
         bb_vars = get_bb_vars(needed_vars)
         for v in needed_vars:
             setattr(self, v.lower(), bb_vars[v])
 
+        if bb_vars['OEQA_REPRODUCIBLE_TEST_PACKAGE']:
+            self.package_classes = bb_vars['OEQA_REPRODUCIBLE_TEST_PACKAGE'].split()
+
+        if bb_vars['OEQA_REPRODUCIBLE_TEST_TARGET']:
+            self.targets = bb_vars['OEQA_REPRODUCIBLE_TEST_TARGET'].split()
+
+        if bb_vars['OEQA_REPRODUCIBLE_TEST_SSTATE_TARGETS']:
+            self.sstate_targets = bb_vars['OEQA_REPRODUCIBLE_TEST_SSTATE_TARGETS'].split()
+
         self.extraresults = {}
         self.extraresults.setdefault('reproducible.rawlogs', {})['log'] = ''
         self.extraresults.setdefault('reproducible', {}).setdefault('files', {})
diff --git a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
index 463679d..12000aa 100644
--- a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
+++ b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
@@ -129,6 +129,22 @@
         bitbake('core-image-full-cmdline socat')
         bitbake('-c testimage core-image-full-cmdline')
 
+    def test_testimage_slirp(self):
+        """
+        Summary: Check basic testimage functionality with qemu and slirp networking.
+        """
+
+        features = '''
+IMAGE_CLASSES:append = " testimage"
+IMAGE_FEATURES:append = " ssh-server-dropbear"
+IMAGE_ROOTFS_EXTRA_SPACE:append = "${@bb.utils.contains("IMAGE_CLASSES", "testimage", " + 5120", "", d)}"
+TEST_RUNQEMUPARAMS += " slirp"
+'''
+        self.write_config(features)
+
+        bitbake('core-image-minimal')
+        bitbake('-c testimage core-image-minimal')
+
     def test_testimage_dnf(self):
         """
         Summary: Check package feeds functionality for dnf
@@ -236,11 +252,11 @@
         features += 'TEST_SUITES = "ping ssh virgl"\n'
         features += 'IMAGE_FEATURES:append = " ssh-server-dropbear"\n'
         features += 'IMAGE_INSTALL:append = " kmscube"\n'
-        features_gtk = features + 'TEST_RUNQEMUPARAMS = "gtk gl"\n'
+        features_gtk = features + 'TEST_RUNQEMUPARAMS += " gtk gl"\n'
         self.write_config(features_gtk)
         bitbake('core-image-minimal')
         bitbake('-c testimage core-image-minimal')
-        features_sdl = features + 'TEST_RUNQEMUPARAMS = "sdl gl"\n'
+        features_sdl = features + 'TEST_RUNQEMUPARAMS += " sdl gl"\n'
         self.write_config(features_sdl)
         bitbake('core-image-minimal')
         bitbake('-c testimage core-image-minimal')
@@ -268,7 +284,7 @@
         features += 'TEST_SUITES = "ping ssh virgl"\n'
         features += 'IMAGE_FEATURES:append = " ssh-server-dropbear"\n'
         features += 'IMAGE_INSTALL:append = " kmscube"\n'
-        features += 'TEST_RUNQEMUPARAMS = "egl-headless"\n'
+        features += 'TEST_RUNQEMUPARAMS += " egl-headless"\n'
         self.write_config(features)
         bitbake('core-image-minimal')
         bitbake('-c testimage core-image-minimal')
diff --git a/poky/meta/lib/oeqa/selftest/cases/spdx.py b/poky/meta/lib/oeqa/selftest/cases/spdx.py
new file mode 100644
index 0000000..05fc4e3
--- /dev/null
+++ b/poky/meta/lib/oeqa/selftest/cases/spdx.py
@@ -0,0 +1,54 @@
+#
+# Copyright OpenEmbedded Contributors
+#
+# SPDX-License-Identifier: MIT
+#
+
+import json
+import os
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import bitbake, get_bb_var, runCmd
+
+class SPDXCheck(OESelftestTestCase):
+
+    @classmethod
+    def setUpClass(cls):
+        super(SPDXCheck, cls).setUpClass()
+        bitbake("python3-spdx-tools-native")
+        bitbake("-c addto_recipe_sysroot python3-spdx-tools-native")
+
+    def check_recipe_spdx(self, high_level_dir, spdx_file, target_name):
+        config = """
+INHERIT += "create-spdx"
+"""
+        self.write_config(config)
+
+        deploy_dir = get_bb_var("DEPLOY_DIR")
+        machine_var = get_bb_var("MACHINE")
+        # qemux86-64 creates the directory qemux86_64
+        machine_dir = machine_var.replace("-", "_")
+
+        full_file_path = os.path.join(deploy_dir, "spdx", machine_dir, high_level_dir, spdx_file)
+
+        try:
+            os.remove(full_file_path)
+        except FileNotFoundError:
+            pass
+
+        bitbake("%s -c create_spdx" % target_name)
+
+        def check_spdx_json(filename):
+            with open(filename) as f:
+                report = json.load(f)
+                self.assertNotEqual(report, None)
+                self.assertNotEqual(report["SPDXID"], None)
+
+            python = os.path.join(get_bb_var('STAGING_BINDIR', 'python3-spdx-tools-native'), 'nativepython3')
+            validator = os.path.join(get_bb_var('STAGING_BINDIR', 'python3-spdx-tools-native'), 'pyspdxtools')
+            result = runCmd("{} {} -i {}".format(python, validator, filename))
+
+        self.assertExists(full_file_path)
+        result = check_spdx_json(full_file_path)
+
+    def test_spdx_base_files(self):
+        self.check_recipe_spdx("packages", "base-files.spdx.json", "base-files")
diff --git a/poky/meta/lib/oeqa/selftest/cases/wic.py b/poky/meta/lib/oeqa/selftest/cases/wic.py
index aa61349..b4866bc 100644
--- a/poky/meta/lib/oeqa/selftest/cases/wic.py
+++ b/poky/meta/lib/oeqa/selftest/cases/wic.py
@@ -729,7 +729,7 @@
         wicout = glob(os.path.join(self.resultdir, "wictestdisk-*.direct"))
         self.assertEqual(1, len(wicout))
         size = os.path.getsize(wicout[0])
-        self.assertTrue(size > extraspace)
+        self.assertTrue(size > extraspace, msg="Extra space not present (%s vs %s)" % (size, extraspace))
 
     def test_no_table(self):
         """Test --no-table wks option."""
@@ -773,7 +773,7 @@
         basename = bb_vars['IMAGE_BASENAME']
         self.assertEqual(basename, image)
         path = os.path.join(imgdatadir, basename) + '.env'
-        self.assertTrue(os.path.isfile(path))
+        self.assertTrue(os.path.isfile(path), msg="File %s wasn't generated as expected" % path)
 
         wicvars = set(bb_vars['WICVARS'].split())
         # filter out optional variables
@@ -786,7 +786,7 @@
             # test if variables used by wic present in the .env file
             for var in wicvars:
                 self.assertTrue(var in content, "%s is not in .env file" % var)
-                self.assertTrue(content[var])
+                self.assertTrue(content[var], "%s doesn't have a value (%s)" % (var, content[var]))
 
     def test_image_vars_dir_short(self):
         """Test image vars directory selection -v option"""
@@ -833,8 +833,8 @@
         # pointing to existing files
         for suffix in ('wic', 'manifest'):
             path = prefix + suffix
-            self.assertTrue(os.path.islink(path))
-            self.assertTrue(os.path.isfile(os.path.realpath(path)))
+            self.assertTrue(os.path.islink(path), msg="Link %s wasn't generated as expected" % path)
+            self.assertTrue(os.path.isfile(os.path.realpath(path)), msg="File linked to by %s wasn't generated as expected" % path)
 
     # TODO this should work on aarch64
     @skipIfNotArch(['i586', 'i686', 'x86_64'])
@@ -1104,7 +1104,7 @@
         self.remove_config(config)
         bb_vars = get_bb_vars(['DEPLOY_DIR_IMAGE', 'IMAGE_LINK_NAME'], image)
         image_path = os.path.join(bb_vars['DEPLOY_DIR_IMAGE'], '%s.wic' % bb_vars['IMAGE_LINK_NAME'])
-        self.assertTrue(os.path.exists(image_path))
+        self.assertTrue(os.path.exists(image_path), msg="Image file %s wasn't generated as expected" % image_path)
 
         sysroot = get_bb_var('RECIPE_SYSROOT_NATIVE', 'wic-tools')
 
@@ -1345,11 +1345,11 @@
             orig_sizes = [int(line.split()[3]) for line in orig.output.split('\n')[1:]]
             exp_sizes = [int(line.split()[3]) for line in exp.output.split('\n')[1:]]
             self.assertEqual(orig_sizes[0], exp_sizes[0]) # first partition is not resized
-            self.assertTrue(orig_sizes[1] < exp_sizes[1])
+            self.assertTrue(orig_sizes[1] < exp_sizes[1], msg="Parition size wasn't enlarged (%s vs %s)" % (orig_sizes[1], exp_sizes[1]))
 
             # Check if all free space is partitioned
             result = runCmd("%s/usr/sbin/sfdisk -F %s" % (sysroot, new_image_path))
-            self.assertTrue("0 B, 0 bytes, 0 sectors" in result.output)
+            self.assertIn("0 B, 0 bytes, 0 sectors", result.output)
 
             os.rename(image_path, image_path + '.bak')
             os.rename(new_image_path, image_path)
@@ -1433,7 +1433,7 @@
             # check if file is there
             result = runCmd("wic ls %s:1/ -n %s" % (images[0], sysroot))
             self.assertEqual(7, len(result.output.split('\n')))
-            self.assertTrue(os.path.basename(testfile.name) in result.output)
+            self.assertIn(os.path.basename(testfile.name), result.output)
 
             # prepare directory
             testdir = os.path.join(self.resultdir, 'wic-test-cp-dir')
@@ -1447,13 +1447,13 @@
             # check if directory is there
             result = runCmd("wic ls %s:1/ -n %s" % (images[0], sysroot))
             self.assertEqual(8, len(result.output.split('\n')))
-            self.assertTrue(os.path.basename(testdir) in result.output)
+            self.assertIn(os.path.basename(testdir), result.output)
 
             # copy the file from the partition and check if it success
             dest = '%s-cp' % testfile.name
             runCmd("wic cp %s:1/%s %s -n %s" % (images[0],
                     os.path.basename(testfile.name), dest, sysroot))
-            self.assertTrue(os.path.exists(dest))
+            self.assertTrue(os.path.exists(dest), msg="File %s wasn't generated as expected" % dest)
 
 
     def test_wic_rm(self):
@@ -1497,7 +1497,7 @@
         # list directory content of the second ext4 partition
         result = runCmd("wic ls %s:2/ -n %s" % (images[0], sysroot))
         self.assertTrue(set(['bin', 'home', 'proc', 'usr', 'var', 'dev', 'lib', 'sbin']).issubset(
-                            set(line.split()[-1] for line in result.output.split('\n') if line)))
+                            set(line.split()[-1] for line in result.output.split('\n') if line)), msg="Expected directories not present %s" % result.output)
 
     def test_wic_cp_ext(self):
         """Test copy files and directories to the ext partition."""
@@ -1512,7 +1512,7 @@
         # list directory content of the ext4 partition
         result = runCmd("wic ls %s:2/ -n %s" % (images[0], sysroot))
         dirs = set(line.split()[-1] for line in result.output.split('\n') if line)
-        self.assertTrue(set(['bin', 'home', 'proc', 'usr', 'var', 'dev', 'lib', 'sbin']).issubset(dirs))
+        self.assertTrue(set(['bin', 'home', 'proc', 'usr', 'var', 'dev', 'lib', 'sbin']).issubset(dirs), msg="Expected directories not present %s" % dirs)
 
         with NamedTemporaryFile("w", suffix=".wic-cp") as testfile:
             testfile.write("test")
@@ -1527,12 +1527,12 @@
 
             # check if the file to copy is in the partition
             result = runCmd("wic ls %s:2/etc/ -n %s" % (images[0], sysroot))
-            self.assertTrue('fstab' in [line.split()[-1] for line in result.output.split('\n') if line])
+            self.assertIn('fstab', [line.split()[-1] for line in result.output.split('\n') if line])
 
             # copy file from the partition, replace the temporary file content with it and
             # check for the file size to validate the copy
             runCmd("wic cp %s:2/etc/fstab %s -n %s" % (images[0], testfile.name, sysroot))
-            self.assertTrue(os.stat(testfile.name).st_size > 0)
+            self.assertTrue(os.stat(testfile.name).st_size > 0, msg="Filesize not as expected %s" % os.stat(testfile.name).st_size)
 
 
     def test_wic_rm_ext(self):
@@ -1547,18 +1547,18 @@
 
         # list directory content of the /etc directory on ext4 partition
         result = runCmd("wic ls %s:2/etc/ -n %s" % (images[0], sysroot))
-        self.assertTrue('fstab' in [line.split()[-1] for line in result.output.split('\n') if line])
+        self.assertIn('fstab', [line.split()[-1] for line in result.output.split('\n') if line])
 
         # remove file
         runCmd("wic rm %s:2/etc/fstab -n %s" % (images[0], sysroot))
 
         # check if it's removed
         result = runCmd("wic ls %s:2/etc/ -n %s" % (images[0], sysroot))
-        self.assertTrue('fstab' not in [line.split()[-1] for line in result.output.split('\n') if line])
+        self.assertNotIn('fstab', [line.split()[-1] for line in result.output.split('\n') if line])
 
         # remove non-empty directory
         runCmd("wic rm -r %s:2/etc/ -n %s" % (images[0], sysroot))
 
         # check if it's removed
         result = runCmd("wic ls %s:2/ -n %s" % (images[0], sysroot))
-        self.assertTrue('etc' not in [line.split()[-1] for line in result.output.split('\n') if line])
+        self.assertNotIn('etc', [line.split()[-1] for line in result.output.split('\n') if line])
diff --git a/poky/meta/lib/oeqa/selftest/context.py b/poky/meta/lib/oeqa/selftest/context.py
index bd03e76..5a09aee 100644
--- a/poky/meta/lib/oeqa/selftest/context.py
+++ b/poky/meta/lib/oeqa/selftest/context.py
@@ -35,12 +35,13 @@
     return result
 
 class NonConcurrentTestSuite(unittest.TestSuite):
-    def __init__(self, suite, processes, setupfunc, removefunc):
+    def __init__(self, suite, processes, setupfunc, removefunc, bb_vars):
         super().__init__([suite])
         self.processes = processes
         self.suite = suite
         self.setupfunc = setupfunc
         self.removefunc = removefunc
+        self.bb_vars = bb_vars
 
     def run(self, result):
         (builddir, newbuilddir) = self.setupfunc("-st", None, self.suite)
@@ -79,16 +80,15 @@
         else:
             self.removebuilddir = removebuilddir
 
+    def set_variables(self, vars):
+        self.bb_vars = vars
+
     def setup_builddir(self, suffix, selftestdir, suite):
-        # Get SSTATE_DIR from the parent build dir
-        with bb.tinfoil.Tinfoil(tracking=True) as tinfoil:
-            tinfoil.prepare(quiet=2, config_only=True)
-            d = tinfoil.config_data
-            sstatedir = str(d.getVar('SSTATE_DIR'))
+        sstatedir = self.bb_vars['SSTATE_DIR']
 
         builddir = os.environ['BUILDDIR']
         if not selftestdir:
-            selftestdir = get_test_layer()
+            selftestdir = get_test_layer(self.bb_vars['BBLAYERS'])
         if self.newbuilddir:
             newbuilddir = os.path.join(self.newbuilddir, 'build' + suffix)
         else:
@@ -104,7 +104,7 @@
         oe.path.copytree(builddir + "/cache", newbuilddir + "/cache")
         oe.path.copytree(selftestdir, newselftestdir)
 
-        subprocess.check_output("git init; git add *; git commit -a -m 'initial'", cwd=newselftestdir, shell=True)
+        subprocess.check_output("git init && git add * && git commit -a -m 'initial'", cwd=newselftestdir, shell=True)
 
         # Tried to used bitbake-layers add/remove but it requires recipe parsing and hence is too slow
         subprocess.check_output("sed %s/conf/bblayers.conf -i -e 's#%s#%s#g'" % (newbuilddir, selftestdir, newselftestdir), cwd=newbuilddir, shell=True)
@@ -155,9 +155,9 @@
         if processes:
             from oeqa.core.utils.concurrencytest import ConcurrentTestSuite
 
-            return ConcurrentTestSuite(suites, processes, self.setup_builddir, self.removebuilddir)
+            return ConcurrentTestSuite(suites, processes, self.setup_builddir, self.removebuilddir, self.bb_vars)
         else:
-            return NonConcurrentTestSuite(suites, processes, self.setup_builddir, self.removebuilddir)
+            return NonConcurrentTestSuite(suites, processes, self.setup_builddir, self.removebuilddir, self.bb_vars)
 
     def runTests(self, processes=None, machine=None, skips=[]):
         if machine:
@@ -270,7 +270,7 @@
 
         builddir = os.environ.get("BUILDDIR")
         self.tc_kwargs['init']['config_paths'] = {}
-        self.tc_kwargs['init']['config_paths']['testlayer_path'] = get_test_layer()
+        self.tc_kwargs['init']['config_paths']['testlayer_path'] = get_test_layer(bbvars["BBLAYERS"])
         self.tc_kwargs['init']['config_paths']['builddir'] = builddir
         self.tc_kwargs['init']['config_paths']['localconf'] = os.path.join(builddir, "conf/local.conf")
         self.tc_kwargs['init']['config_paths']['bblayers'] = os.path.join(builddir, "conf/bblayers.conf")
@@ -310,10 +310,10 @@
                 meta_selftestdir = os.path.join(
                     self.tc.td["BBLAYERS_FETCH_DIR"], 'meta-selftest')
                 if os.path.isdir(meta_selftestdir):
-                    runCmd("bitbake-layers add-layer %s" %meta_selftestdir)
+                    runCmd("bitbake-layers add-layer %s" % meta_selftestdir)
                     # reload data is needed because a meta-selftest layer was add
                     self.tc.td = get_bb_vars()
-                    self.tc.config_paths['testlayer_path'] = get_test_layer()
+                    self.tc.config_paths['testlayer_path'] = get_test_layer(self.tc.td["BBLAYERS"])
                 else:
                     self.tc.logger.error("could not locate meta-selftest in:\n%s" % meta_selftestdir)
                     raise OEQAPreRun
@@ -351,8 +351,15 @@
 
         _add_layer_libs()
 
-        self.tc.logger.info("Running bitbake -e to test the configuration is valid/parsable")
-        runCmd("bitbake -e")
+        self.tc.logger.info("Checking base configuration is valid/parsable")
+
+        with bb.tinfoil.Tinfoil(tracking=True) as tinfoil:
+            tinfoil.prepare(quiet=2, config_only=True)
+            d = tinfoil.config_data
+            vars = {}
+            vars['SSTATE_DIR'] = str(d.getVar('SSTATE_DIR'))
+            vars['BBLAYERS'] = str(d.getVar('BBLAYERS'))
+        self.tc.set_variables(vars)
 
     def get_json_result_dir(self, args):
         json_result_dir = os.path.join(self.tc.td["LOG_DIR"], 'oeqa')
@@ -437,7 +444,7 @@
             output_link = os.path.join(os.path.dirname(args.output_log),
                     "%s-results.log" % self.name)
             if os.path.lexists(output_link):
-                os.remove(output_link)
+                os.unlink(output_link)
             os.symlink(args.output_log, output_link)
 
         return rc
diff --git a/poky/meta/lib/oeqa/utils/commands.py b/poky/meta/lib/oeqa/utils/commands.py
index c1f5338..575e380 100644
--- a/poky/meta/lib/oeqa/utils/commands.py
+++ b/poky/meta/lib/oeqa/utils/commands.py
@@ -285,8 +285,10 @@
 def get_bb_var(var, target=None, postconfig=None):
     return get_bb_vars([var], target, postconfig)[var]
 
-def get_test_layer():
-    layers = get_bb_var("BBLAYERS").split()
+def get_test_layer(bblayers=None):
+    if bblayers is None:
+        bblayers = get_bb_var("BBLAYERS")
+    layers = bblayers.split()
     testlayer = None
     for l in layers:
         if '~' in l:
diff --git a/poky/meta/lib/oeqa/utils/gitarchive.py b/poky/meta/lib/oeqa/utils/gitarchive.py
index 64448f4..f9c1526 100644
--- a/poky/meta/lib/oeqa/utils/gitarchive.py
+++ b/poky/meta/lib/oeqa/utils/gitarchive.py
@@ -255,7 +255,15 @@
         if not commit in revs:
             revs[commit] = TestedRev(commit, commit_num, [tag])
         else:
-            assert commit_num == revs[commit].commit_number, "Commit numbers do not match"
+            if commit_num != revs[commit].commit_number:
+                # Historically we have incorrect commit counts of '1' in the repo so fix these up
+                if int(revs[commit].commit_number) < 5:
+                    tags = revs[commit].tags
+                    revs[commit] = TestedRev(commit, commit_num, [tags])
+                elif int(commit_num) < 5:
+                    pass
+                else:
+                    sys.exit("Commit numbers for commit %s don't match (%s vs %s)" % (commit, commit_num, revs[commit].commit_number))
             revs[commit].tags.append(tag)
 
     # Return in sorted table
diff --git a/poky/meta/lib/patchtest/README.md b/poky/meta/lib/patchtest/README.md
new file mode 100644
index 0000000..f66613c
--- /dev/null
+++ b/poky/meta/lib/patchtest/README.md
@@ -0,0 +1,20 @@
+# patchtest selftests for openembedded-core
+
+This directory provides a test suite and selftest script for use with the
+patchtest repository: https://git.yoctoproject.org/patchtest/
+
+To setup for use:
+
+1. Clone https://git.openembedded.org/openembedded-core (this repo) and https://git.openembedded.org/bitbake/
+2. Clone https://git.yoctoproject.org/patchtest
+3. Install the necessary Python modules: in meta/lib/patchtest or the patchtest
+   repo, do `pip install -r requirements.txt`
+4. Add patchtest to PATH: `export PATH=/path/to/patchtest/repo:$PATH`
+5. Initialize the environment: `source oe-init-build-env`
+6. Add meta-selftest to bblayers.conf: `bitbake-layers add-layer
+   /path/to/meta-selftest/` (the selftests use this layer's recipes as test
+   targets)
+7. Finally, run the selftest script: `./meta/lib/patchtest/selftest/selftest`
+
+For more information on using patchtest, see the patchtest repo at
+https://git.yoctoproject.org/patchtest/.
diff --git a/poky/meta/lib/patchtest/requirements.txt b/poky/meta/lib/patchtest/requirements.txt
new file mode 100644
index 0000000..785aa46
--- /dev/null
+++ b/poky/meta/lib/patchtest/requirements.txt
@@ -0,0 +1,4 @@
+jinja2
+pylint
+pyparsing>=3.0.9
+unidiff
diff --git a/poky/meta/lib/patchtest/selftest/files/Author.test_author_valid.1.fail b/poky/meta/lib/patchtest/selftest/files/Author.test_author_valid.1.fail
new file mode 100644
index 0000000..0c40cdc
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/Author.test_author_valid.1.fail
@@ -0,0 +1,32 @@
+From 1fbb446d1849b1208012cbdae5d85d228cdbe4a6 Mon Sep 17 00:00:00 2001
+From: First Last <first.last@example.com>
+Date: Tue, 29 Aug 2023 13:32:24 -0400
+Subject: [PATCH] selftest-hello: add a summary
+
+This patch should fail the selftests because the author address is from the
+invalid "example.com".
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../recipes-test/selftest-hello/selftest-hello_1.0.bb          | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..491f0a3df7 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -1,3 +1,4 @@
++SUMMARY = "A cool sample"
+ DESCRIPTION = "Simple helloworld application -- selftest variant"
+ SECTION = "examples"
+ LICENSE = "MIT"
+@@ -16,4 +17,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/Author.test_author_valid.1.pass b/poky/meta/lib/patchtest/selftest/files/Author.test_author_valid.1.pass
new file mode 100644
index 0000000..cbb8ef2
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/Author.test_author_valid.1.pass
@@ -0,0 +1,31 @@
+From 1fbb446d1849b1208012cbdae5d85d228cdbe4a6 Mon Sep 17 00:00:00 2001
+From: First Last <first.last@address.com>
+Date: Tue, 29 Aug 2023 13:32:24 -0400
+Subject: [PATCH] selftest-hello: add a summary
+
+This patch should pass the selftests because the author address is in a valid format.
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../recipes-test/selftest-hello/selftest-hello_1.0.bb          | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..491f0a3df7 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -1,3 +1,4 @@
++SUMMARY = "A cool sample"
+ DESCRIPTION = "Simple helloworld application -- selftest variant"
+ SECTION = "examples"
+ LICENSE = "MIT"
+@@ -16,4 +17,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/Author.test_author_valid.2.fail b/poky/meta/lib/patchtest/selftest/files/Author.test_author_valid.2.fail
new file mode 100644
index 0000000..3e2b81b
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/Author.test_author_valid.2.fail
@@ -0,0 +1,31 @@
+From 1fbb446d1849b1208012cbdae5d85d228cdbe4a6 Mon Sep 17 00:00:00 2001
+From: Upgrade Helper <auh@auh.yoctoproject.org>
+Date: Tue, 29 Aug 2023 13:32:24 -0400
+Subject: [PATCH] selftest-hello: add a summary
+
+This patch should fail the selftests because AUH is an invalid sender.
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../recipes-test/selftest-hello/selftest-hello_1.0.bb          | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..491f0a3df7 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -1,3 +1,4 @@
++SUMMARY = "A cool sample"
+ DESCRIPTION = "Simple helloworld application -- selftest variant"
+ SECTION = "examples"
+ LICENSE = "MIT"
+@@ -16,4 +17,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/Author.test_author_valid.2.pass b/poky/meta/lib/patchtest/selftest/files/Author.test_author_valid.2.pass
new file mode 100644
index 0000000..f84e126
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/Author.test_author_valid.2.pass
@@ -0,0 +1,31 @@
+From 1fbb446d1849b1208012cbdae5d85d228cdbe4a6 Mon Sep 17 00:00:00 2001
+From: First Last <averylongemailaddressthatishardtoread.from@address.com>
+Date: Tue, 29 Aug 2023 13:32:24 -0400
+Subject: [PATCH] selftest-hello: add a summary
+
+This patch should pass the selftests because the author address is in a valid format.
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../recipes-test/selftest-hello/selftest-hello_1.0.bb          | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..491f0a3df7 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -1,3 +1,4 @@
++SUMMARY = "A cool sample"
+ DESCRIPTION = "Simple helloworld application -- selftest variant"
+ SECTION = "examples"
+ LICENSE = "MIT"
+@@ -16,4 +17,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/Bugzilla.test_bugzilla_entry_format.fail b/poky/meta/lib/patchtest/selftest/files/Bugzilla.test_bugzilla_entry_format.fail
new file mode 100644
index 0000000..80f409e
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/Bugzilla.test_bugzilla_entry_format.fail
@@ -0,0 +1,25 @@
+From fdfd605e565d874502522c4b70b786c8c5aa0bad Mon Sep 17 00:00:00 2001
+From: name@somedomain.com <email@address.com>
+Date: Fri, 17 Feb 2017 16:29:21 -0600
+Subject: [PATCH] README: adds 'foo' to the header
+
+This test patch adds 'foo' to the header
+
+[YOCTO 1234]
+
+Signed-off-by: Daniela Plascencia <daniela.plascencia@linux.intel.com>
+---
+ README | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/README b/README
+index 521916cd4f..cdf29dcea3 100644
+--- a/README
++++ b/README
+@@ -1,3 +1,4 @@
++**** FOO ****
+ OpenEmbedded-Core
+ =================
+
+--
+2.11.0
diff --git a/poky/meta/lib/patchtest/selftest/files/Bugzilla.test_bugzilla_entry_format.pass b/poky/meta/lib/patchtest/selftest/files/Bugzilla.test_bugzilla_entry_format.pass
new file mode 100644
index 0000000..2648b03
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/Bugzilla.test_bugzilla_entry_format.pass
@@ -0,0 +1,25 @@
+From fdfd605e565d874502522c4b70b786c8c5aa0bad Mon Sep 17 00:00:00 2001
+From: name@somedomain.com <email@address.com>
+Date: Fri, 17 Feb 2017 16:29:21 -0600
+Subject: [PATCH] README: adds 'foo' to the header
+
+This test patch adds 'foo' to the header
+
+[YOCTO #1234]
+
+Signed-off-by: Daniela Plascencia <daniela.plascencia@linux.intel.com>
+---
+ README | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/README b/README
+index 521916cd4f..cdf29dcea3 100644
+--- a/README
++++ b/README
+@@ -1,3 +1,4 @@
++**** FOO ****
+ OpenEmbedded-Core
+ =================
+
+--
+2.11.0
diff --git a/poky/meta/lib/patchtest/selftest/files/CVE.test_cve_presence_in_commit_message.fail b/poky/meta/lib/patchtest/selftest/files/CVE.test_cve_presence_in_commit_message.fail
new file mode 100644
index 0000000..d40b8a9
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/CVE.test_cve_presence_in_commit_message.fail
@@ -0,0 +1,72 @@
+From 14d72f6973270f78455a8628143f2cff90e8f41e Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Tue, 29 Aug 2023 14:12:27 -0400
+Subject: [PATCH] selftest-hello: fix CVE-1234-56789
+
+This patch should fail the test for CVE presence in the mbox commit message.
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../selftest-hello/files/CVE-1234-56789.patch | 27 +++++++++++++++++++
+ .../selftest-hello/selftest-hello_1.0.bb      |  6 +++--
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+ create mode 100644 meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+new file mode 100644
+index 0000000000..869cfb6fe5
+--- /dev/null
++++ b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+@@ -0,0 +1,27 @@
++From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
++From: Trevor Gamblin <tgamblin@baylibre.com>
++Date: Tue, 29 Aug 2023 14:08:20 -0400
++Subject: [PATCH] Fix CVE-NOT-REAL
++
++CVE: CVE-1234-56789
++Upstream-Status: Backport(http://example.com/example)
++
++Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
++---
++ strlen.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++diff --git a/strlen.c b/strlen.c
++index 1788f38..83d7918 100644
++--- a/strlen.c
+++++ b/strlen.c
++@@ -8,6 +8,7 @@ int main() {
++ 
++ 	printf("%d\n", str_len(string1));
++ 	printf("%d\n", str_len(string2));
+++	printf("CVE FIXED!!!\n");
++ 
++ 	return 0;
++ }
++-- 
++2.41.0
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..76975a6729 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -3,7 +3,9 @@ SECTION = "examples"
+ LICENSE = "MIT"
+ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+ 
+-SRC_URI = "file://helloworld.c"
++SRC_URI = "file://helloworld.c \
++           file://CVE-1234-56789.patch \
++           "
+ 
+ S = "${WORKDIR}"
+ 
+@@ -16,4 +18,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/CVE.test_cve_presence_in_commit_message.pass b/poky/meta/lib/patchtest/selftest/files/CVE.test_cve_presence_in_commit_message.pass
new file mode 100644
index 0000000..433c7a4
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/CVE.test_cve_presence_in_commit_message.pass
@@ -0,0 +1,74 @@
+From 14d72f6973270f78455a8628143f2cff90e8f41e Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Tue, 29 Aug 2023 14:12:27 -0400
+Subject: [PATCH] selftest-hello: fix CVE-1234-56789
+
+This test should pass the mbox cve tag test.
+
+CVE: CVE-1234-56789
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../selftest-hello/files/CVE-1234-56789.patch | 27 +++++++++++++++++++
+ .../selftest-hello/selftest-hello_1.0.bb      |  6 +++--
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+ create mode 100644 meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+new file mode 100644
+index 0000000000..869cfb6fe5
+--- /dev/null
++++ b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+@@ -0,0 +1,27 @@
++From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
++From: Trevor Gamblin <tgamblin@baylibre.com>
++Date: Tue, 29 Aug 2023 14:08:20 -0400
++Subject: [PATCH] Fix CVE-NOT-REAL
++
++CVE: CVE-1234-56789
++Upstream-Status: Backport(http://example.com/example)
++
++Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
++---
++ strlen.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++diff --git a/strlen.c b/strlen.c
++index 1788f38..83d7918 100644
++--- a/strlen.c
+++++ b/strlen.c
++@@ -8,6 +8,7 @@ int main() {
++ 
++ 	printf("%d\n", str_len(string1));
++ 	printf("%d\n", str_len(string2));
+++	printf("CVE FIXED!!!\n");
++ 
++ 	return 0;
++ }
++-- 
++2.41.0
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..76975a6729 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -3,7 +3,9 @@ SECTION = "examples"
+ LICENSE = "MIT"
+ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+ 
+-SRC_URI = "file://helloworld.c"
++SRC_URI = "file://helloworld.c \
++           file://CVE-1234-56789.patch \
++           "
+ 
+ S = "${WORKDIR}"
+ 
+@@ -16,4 +18,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/CVE.test_cve_tag_format.fail b/poky/meta/lib/patchtest/selftest/files/CVE.test_cve_tag_format.fail
new file mode 100644
index 0000000..c763a75
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/CVE.test_cve_tag_format.fail
@@ -0,0 +1,73 @@
+From 35ccee3cee96fb29514475279248078d88907231 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Tue, 29 Aug 2023 14:12:27 -0400
+Subject: [PATCH] selftest-hello: fix CVE-1234-56789
+
+CVE: CVE-BAD-FORMAT
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../files/0001-Fix-CVE-1234-56789.patch       | 27 +++++++++++++++++++
+ .../selftest-hello/selftest-hello_1.0.bb      |  6 +++--
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+ create mode 100644 meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+new file mode 100644
+index 0000000000..9219b8db62
+--- /dev/null
++++ b/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+@@ -0,0 +1,27 @@
++From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
++From: Trevor Gamblin <tgamblin@baylibre.com>
++Date: Tue, 29 Aug 2023 14:08:20 -0400
++Subject: [PATCH] Fix CVE-NOT-REAL
++
++CVE: CVE-BAD-FORMAT
++Upstream-Status: Backport(http://example.com/example)
++
++Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
++---
++ strlen.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++diff --git a/strlen.c b/strlen.c
++index 1788f38..83d7918 100644
++--- a/strlen.c
+++++ b/strlen.c
++@@ -8,6 +8,7 @@ int main() {
++ 
++ 	printf("%d\n", str_len(string1));
++ 	printf("%d\n", str_len(string2));
+++	printf("CVE FIXED!!!\n");
++ 
++ 	return 0;
++ }
++-- 
++2.41.0
++
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..76975a6729 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -3,7 +3,9 @@ SECTION = "examples"
+ LICENSE = "MIT"
+ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+ 
+-SRC_URI = "file://helloworld.c"
++SRC_URI = "file://helloworld.c \
++           file://CVE-1234-56789.patch \
++           "
+ 
+ S = "${WORKDIR}"
+ 
+@@ -16,4 +18,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/CVE.test_cve_tag_format.pass b/poky/meta/lib/patchtest/selftest/files/CVE.test_cve_tag_format.pass
new file mode 100644
index 0000000..ef60170
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/CVE.test_cve_tag_format.pass
@@ -0,0 +1,73 @@
+From 35ccee3cee96fb29514475279248078d88907231 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Tue, 29 Aug 2023 14:12:27 -0400
+Subject: [PATCH] selftest-hello: fix CVE-1234-56789
+
+CVE: CVE-1234-56789
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../files/0001-Fix-CVE-1234-56789.patch       | 27 +++++++++++++++++++
+ .../selftest-hello/selftest-hello_1.0.bb      |  6 +++--
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+ create mode 100644 meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+new file mode 100644
+index 0000000000..9219b8db62
+--- /dev/null
++++ b/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+@@ -0,0 +1,27 @@
++From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
++From: Trevor Gamblin <tgamblin@baylibre.com>
++Date: Tue, 29 Aug 2023 14:08:20 -0400
++Subject: [PATCH] Fix CVE-NOT-REAL
++
++CVE: CVE-1234-56789
++Upstream-Status: Backport(http://example.com/example)
++
++Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
++---
++ strlen.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++diff --git a/strlen.c b/strlen.c
++index 1788f38..83d7918 100644
++--- a/strlen.c
+++++ b/strlen.c
++@@ -8,6 +8,7 @@ int main() {
++ 
++ 	printf("%d\n", str_len(string1));
++ 	printf("%d\n", str_len(string2));
+++	printf("CVE FIXED!!!\n");
++ 
++ 	return 0;
++ }
++-- 
++2.41.0
++
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..76975a6729 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -3,7 +3,9 @@ SECTION = "examples"
+ LICENSE = "MIT"
+ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+ 
+-SRC_URI = "file://helloworld.c"
++SRC_URI = "file://helloworld.c \
++           file://CVE-1234-56789.patch \
++           "
+ 
+ S = "${WORKDIR}"
+ 
+@@ -16,4 +18,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/CommitMessage.test_commit_message_presence.fail b/poky/meta/lib/patchtest/selftest/files/CommitMessage.test_commit_message_presence.fail
new file mode 100644
index 0000000..93ca0f9
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/CommitMessage.test_commit_message_presence.fail
@@ -0,0 +1,22 @@
+From 0a52a62c9430c05d22cb7f46380488f2280b69bb Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Fri, 1 Sep 2023 08:56:14 -0400
+Subject: [PATCH] README.OE-Core.md: add foo
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ README.OE-Core.md | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/README.OE-Core.md b/README.OE-Core.md
+index 2f2127fb03..48464252c8 100644
+--- a/README.OE-Core.md
++++ b/README.OE-Core.md
+@@ -1,3 +1,4 @@
++** FOO **
+ OpenEmbedded-Core
+ =================
+ 
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/CommitMessage.test_commit_message_presence.pass b/poky/meta/lib/patchtest/selftest/files/CommitMessage.test_commit_message_presence.pass
new file mode 100644
index 0000000..5e3dcbd
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/CommitMessage.test_commit_message_presence.pass
@@ -0,0 +1,24 @@
+From 0a52a62c9430c05d22cb7f46380488f2280b69bb Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Fri, 1 Sep 2023 08:56:14 -0400
+Subject: [PATCH] README.OE-Core.md: add foo
+
+This is a commit message
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ README.OE-Core.md | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/README.OE-Core.md b/README.OE-Core.md
+index 2f2127fb03..48464252c8 100644
+--- a/README.OE-Core.md
++++ b/README.OE-Core.md
+@@ -1,3 +1,4 @@
++** FOO **
+ OpenEmbedded-Core
+ =================
+ 
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/LicFilesChkSum.test_lic_files_chksum_modified_not_mentioned.fail b/poky/meta/lib/patchtest/selftest/files/LicFilesChkSum.test_lic_files_chksum_modified_not_mentioned.fail
new file mode 100644
index 0000000..ab6c52c
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/LicFilesChkSum.test_lic_files_chksum_modified_not_mentioned.fail
@@ -0,0 +1,37 @@
+From f89919ea86d38404dd621521680a0162367bb965 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Wed, 6 Sep 2023 09:09:27 -0400
+Subject: [PATCH] selftest-hello: update LIC_FILES_CHKSUM
+
+This test should fail the
+test_metadata_lic_files_chksum.LicFilesChkSum.test_lic_files_chksum_modified_not_mentioned
+test.
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../recipes-test/selftest-hello/selftest-hello_1.0.bb         | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..65dda40aba 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -1,7 +1,7 @@
+ DESCRIPTION = "Simple helloworld application -- selftest variant"
+ SECTION = "examples"
+ LICENSE = "MIT"
+-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
++LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f303"
+ 
+ SRC_URI = "file://helloworld.c"
+ 
+@@ -16,4 +16,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/LicFilesChkSum.test_lic_files_chksum_modified_not_mentioned.pass b/poky/meta/lib/patchtest/selftest/files/LicFilesChkSum.test_lic_files_chksum_modified_not_mentioned.pass
new file mode 100644
index 0000000..99d9f14
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/LicFilesChkSum.test_lic_files_chksum_modified_not_mentioned.pass
@@ -0,0 +1,39 @@
+From f89919ea86d38404dd621521680a0162367bb965 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Wed, 6 Sep 2023 09:09:27 -0400
+Subject: [PATCH] selftest-hello: update LIC_FILES_CHKSUM
+
+License-Update: Fix checksum
+
+This test should pass the
+test_metadata_lic_files_chksum.LicFilesChkSum.test_lic_files_chksum_modified_not_mentioned
+test.
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../recipes-test/selftest-hello/selftest-hello_1.0.bb         | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..65dda40aba 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -1,7 +1,7 @@
+ DESCRIPTION = "Simple helloworld application -- selftest variant"
+ SECTION = "examples"
+ LICENSE = "MIT"
+-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
++LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f303"
+ 
+ SRC_URI = "file://helloworld.c"
+ 
+@@ -16,4 +16,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/LicFilesChkSum.test_lic_files_chksum_presence.fail b/poky/meta/lib/patchtest/selftest/files/LicFilesChkSum.test_lic_files_chksum_presence.fail
new file mode 100644
index 0000000..e14d644
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/LicFilesChkSum.test_lic_files_chksum_presence.fail
@@ -0,0 +1,53 @@
+From 66430e7c6fbd5187b66560909a510e136fed91c0 Mon Sep 17 00:00:00 2001
+From: Daniela Plascencia <daniela.plascencia@linux.intel.com>
+Date: Thu, 23 Feb 2017 10:34:27 -0600
+Subject: [PATCH] meta: adding hello-yocto recipe
+
+This is a sample recipe
+
+Signed-off-by: Daniela Plascencia <daniela.plascencia@linux.intel.com>
+---
+ .../hello-world/hello-world/hello_world.c      |  5 +++++
+ .../hello-world/hello-world_1.0.bb             | 18 ++++++++++++++++++
+ 2 files changed, 23 insertions(+)
+ create mode 100644 meta/recipes-devtools/hello-world/hello-world/hello_world.c
+ create mode 100644 meta/recipes-devtools/hello-world/hello-world_1.0.bb
+
+diff --git a/meta/recipes-devtools/hello-world/hello-world/hello_world.c b/meta/recipes-devtools/hello-world/hello-world/hello_world.c
+new file mode 100644
+index 0000000000..0d59f57d4c
+--- /dev/null
++++ b/meta/recipes-devtools/hello-world/hello-world/hello_world.c
+@@ -0,0 +1,5 @@
++#include <stdio.h>
++
++int main(){
++    printf("Hello World\n");
++}
+diff --git a/meta/recipes-devtools/hello-world/hello-world_1.0.bb b/meta/recipes-devtools/hello-world/hello-world_1.0.bb
+new file mode 100644
+index 0000000000..3c990c108a
+--- /dev/null
++++ b/meta/recipes-devtools/hello-world/hello-world_1.0.bb
+@@ -0,0 +1,18 @@
++SUMMARY = "This is a sample summary"
++DESCRIPTION = "This is a sample description"
++HOMEPAGE = "https://sample.com/this-is-a-sample"
++LICENSE = "MIT"
++
++SRC_URI += "file://hello_world.c"
++
++SRC_URI[md5sum] = "4ee21e9dcc9b5b6012c23038734e1632"
++SRC_URI[sha256sum] = "edef2bbde0fbf0d88232782a0eded323f483a0519d6fde9a3b1809056fd35f3e"
++
++do_compile(){
++    ${CC} -o hello_world ../hello_world.c
++}
++
++do_install(){
++    install -d ${D}${bindir}
++    install -m +x hello_world ${D}${bindir}/hello_world
++}
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/LicFilesChkSum.test_lic_files_chksum_presence.pass b/poky/meta/lib/patchtest/selftest/files/LicFilesChkSum.test_lic_files_chksum_presence.pass
new file mode 100644
index 0000000..b8da16d
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/LicFilesChkSum.test_lic_files_chksum_presence.pass
@@ -0,0 +1,54 @@
+From 5144d2ba1aa763312c047dd5f8901368cff79da6 Mon Sep 17 00:00:00 2001
+From: Daniela Plascencia <daniela.plascencia@linux.intel.com>
+Date: Thu, 23 Feb 2017 10:34:27 -0600
+Subject: [PATCH] meta: adding hello-yocto recipe
+
+This is a sample recipe
+
+Signed-off-by: Daniela Plascencia <daniela.plascencia@linux.intel.com>
+---
+ .../hello-world/hello-world/hello_world.c     |  5 +++++
+ .../hello-world/hello-world_1.0.bb            | 19 +++++++++++++++++++
+ 2 files changed, 24 insertions(+)
+ create mode 100644 meta/recipes-devtools/hello-world/hello-world/hello_world.c
+ create mode 100644 meta/recipes-devtools/hello-world/hello-world_1.0.bb
+
+diff --git a/meta/recipes-devtools/hello-world/hello-world/hello_world.c b/meta/recipes-devtools/hello-world/hello-world/hello_world.c
+new file mode 100644
+index 0000000000..0d59f57d4c
+--- /dev/null
++++ b/meta/recipes-devtools/hello-world/hello-world/hello_world.c
+@@ -0,0 +1,5 @@
++#include <stdio.h>
++
++int main(){
++    printf("Hello World\n");
++}
+diff --git a/meta/recipes-devtools/hello-world/hello-world_1.0.bb b/meta/recipes-devtools/hello-world/hello-world_1.0.bb
+new file mode 100644
+index 0000000000..44d888c82a
+--- /dev/null
++++ b/meta/recipes-devtools/hello-world/hello-world_1.0.bb
+@@ -0,0 +1,19 @@
++SUMMARY = "This is a sample summary"
++DESCRIPTION = "This is a sample description"
++HOMEPAGE = "https://sample.com/this-is-a-sample"
++LICENSE = "MIT"
++LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
++
++SRC_URI += "file://hello_world.c"
++
++SRC_URI[md5sum] = "4ee21e9dcc9b5b6012c23038734e1632"
++SRC_URI[sha256sum] = "edef2bbde0fbf0d88232782a0eded323f483a0519d6fde9a3b1809056fd35f3e"
++
++do_compile(){
++    ${CC} -o hello_world ../hello_world.c
++}
++
++do_install(){
++    install -d ${D}${bindir}
++    install -m +x hello_world ${D}${bindir}/hello_world
++}
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/MboxFormat.test_mbox_format.1.fail b/poky/meta/lib/patchtest/selftest/files/MboxFormat.test_mbox_format.1.fail
new file mode 100644
index 0000000..9cc4aab
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/MboxFormat.test_mbox_format.1.fail
@@ -0,0 +1,36 @@
+From d12db4cfa913b0e7a4b5bd858d3019acc53ce426 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Wed, 30 Aug 2023 12:15:00 -0400
+Subject: [PATCH] selftest-hello: upgrade 1.0 -> 1.1
+
+This test should fail the mbox formatting test and the merge on head
+test.
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../{selftest-hello_1.0.bb => selftest-hello_1.1.bb}           | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+ rename meta-selftest/recipes-test/selftest-hello/{selftest-hello_1.0.bb => selftest-hello_1.1.bb} (88%)
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.1.bb
+similarity index 88%
+rename from meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+rename to meta-selftest/recipes-test/selftest-hello/selftest-hello_1.1.bb
+index 547587bef4..acc388ec2c 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.1.bb
+@@ -1,3 +1,4 @@
+%+SUMMARY = "Hello!"
+ DESCRIPTION = "Simple helloworld application -- selftest variant"
+ SECTION = "examples"
+ LICENSE = "MIT"
+@@ -16,4 +17,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/MboxFormat.test_mbox_format.2.fail b/poky/meta/lib/patchtest/selftest/files/MboxFormat.test_mbox_format.2.fail
new file mode 100644
index 0000000..eca1c60
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/MboxFormat.test_mbox_format.2.fail
@@ -0,0 +1,35 @@
+From d12db4cfa913b0e7a4b5bd858d3019acc53ce426 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Wed, 30 Aug 2023 12:15:00 -0400
+Subject: [PATCH] selftest-hello: upgrade 1.0 -> 1.1
+
+This test should fail the merge-on-head and mbox formatting tests.
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../{selftest-hello_1.0.bb => selftest-hello_1.1.bb}           | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+ rename meta-selftest/recipes-test/selftest-hello/{selftest-hello_1.0.bb => selftest-hello_1.1.bb} (88%)
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.1.bb
+similarity index 88%
+rename from meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+rename to meta-selftest/recipes-test/selftest-hello/selftest-hello_1.1.bb
+index 547587bef4..acc388ec2c 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.1.bb
+@@ -1,3 +1,4 @@
+%+SUMMARY = "Hello!"
+ DESCRIPTION = "Simple helloworld application -- selftest variant"
+ SECTION = "examples"
+ LICENSE = "MIT"
+@@ -16,4 +17,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/MboxFormat.test_mbox_format.pass b/poky/meta/lib/patchtest/selftest/files/MboxFormat.test_mbox_format.pass
new file mode 100644
index 0000000..33940ad
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/MboxFormat.test_mbox_format.pass
@@ -0,0 +1,33 @@
+From d12db4cfa913b0e7a4b5bd858d3019acc53ce426 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Wed, 30 Aug 2023 12:15:00 -0400
+Subject: [PATCH] selftest-hello: upgrade 1.0 -> 1.1
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../{selftest-hello_1.0.bb => selftest-hello_1.1.bb}           | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+ rename meta-selftest/recipes-test/selftest-hello/{selftest-hello_1.0.bb => selftest-hello_1.1.bb} (88%)
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.1.bb
+similarity index 88%
+rename from meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+rename to meta-selftest/recipes-test/selftest-hello/selftest-hello_1.1.bb
+index 547587bef4..acc388ec2c 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.1.bb
+@@ -1,3 +1,4 @@
++SUMMARY = "Hello!"
+ DESCRIPTION = "Simple helloworld application -- selftest variant"
+ SECTION = "examples"
+ LICENSE = "MIT"
+@@ -16,4 +17,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/Merge.test_series_merge_on_head.fail b/poky/meta/lib/patchtest/selftest/files/Merge.test_series_merge_on_head.fail
new file mode 100644
index 0000000..49bd1f8
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/Merge.test_series_merge_on_head.fail
@@ -0,0 +1,41 @@
+From 55208224f492af0ad929555ffc9b95ff1d301c5f Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Thu, 17 Aug 2023 15:02:38 -0400
+Subject: [PATCH] python3-dtc: upgrade 1.6.1 -> 1.7.0
+
+Changelog: https://kernel.googlesource.com/pub/scm/utils/dtc/dtc/+log/039a99414e778332d8f9c04cbd3072e1dcc62798
+
+Remove custom PV from the recipe since the relevant functionality is in
+1.7.0:
+
+[tgamblin@megalith dtc]$ git tag --contains c001fc01a43e7a06447c06ea3d50bd60641322b8
+v1.7.0
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+---
+ .../python/{python3-dtc_1.6.1.bb => python3-dtc_1.7.0.bb}      | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+ rename meta/recipes-devtools/python/{python3-dtc_1.6.1.bb => python3-dtc_1.7.0.bb} (92%)
+
+diff --git a/meta/recipes-devtools/python/python3-dtc_1.6.1.bb b/meta/recipes-devtools/python/python3-dtc_1.7.0.bb
+similarity index 92%
+rename from meta/recipes-devtools/python/python3-dtc_1.6.1.bb
+rename to meta/recipes-devtools/python/python3-dtc_1.7.0.bb
+index 95ab0be474..85e48d4694 100644
+--- a/meta/recipes-devtools/python/python3-dtc_1.6.1.bb
++++ b/meta/recipes-devtools/python/python3-dtc_1.7.0.bb
+@@ -14,9 +14,8 @@ UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
+ 
+ LIC_FILES_CHKSUM = "file://pylibfdt/libfdt.i;beginline=1;endline=6;md5=afda088c974174a29108c8d80b5dce90"
+ 
+-SRCREV = "c001fc01a43e7a06447c06ea3d50bd60641322b8"
++SRCREV = "039a99414e778332d8f9c04cbd3072e1dcc62798"
+ 
+-PV = "1.6.1+git"
+ S = "${WORKDIR}/git"
+ 
+ PYPA_WHEEL = "${S}/dist/libfdt-1.6.2*.whl"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/Merge.test_series_merge_on_head.pass b/poky/meta/lib/patchtest/selftest/files/Merge.test_series_merge_on_head.pass
new file mode 100644
index 0000000..2a72457
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/Merge.test_series_merge_on_head.pass
@@ -0,0 +1,35 @@
+From d12db4cfa913b0e7a4b5bd858d3019acc53ce426 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Wed, 30 Aug 2023 12:15:00 -0400
+Subject: [PATCH] selftest-hello: upgrade 1.0 -> 1.1
+
+This file should pass the test_series_merge_on_head test.
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../{selftest-hello_1.0.bb => selftest-hello_1.1.bb}           | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+ rename meta-selftest/recipes-test/selftest-hello/{selftest-hello_1.0.bb => selftest-hello_1.1.bb} (88%)
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.1.bb
+similarity index 88%
+rename from meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+rename to meta-selftest/recipes-test/selftest-hello/selftest-hello_1.1.bb
+index 547587bef4..acc388ec2c 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.1.bb
+@@ -1,3 +1,4 @@
++SUMMARY = "Hello!"
+ DESCRIPTION = "Simple helloworld application -- selftest variant"
+ SECTION = "examples"
+ LICENSE = "MIT"
+@@ -16,4 +17,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/PatchSignedOffBy.test_signed_off_by_presence.fail b/poky/meta/lib/patchtest/selftest/files/PatchSignedOffBy.test_signed_off_by_presence.fail
new file mode 100644
index 0000000..ce8bf7b
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/PatchSignedOffBy.test_signed_off_by_presence.fail
@@ -0,0 +1,71 @@
+From 5a2d0ac780a0f4c046fb1a3c3463d3e726f191cb Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Tue, 29 Aug 2023 14:12:27 -0400
+Subject: [PATCH] selftest-hello: fix CVE-1234-56789
+
+CVE: CVE-1234-56789
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../selftest-hello/files/CVE-1234-56789.patch | 26 +++++++++++++++++++
+ .../selftest-hello/selftest-hello_1.0.bb      |  6 +++--
+ 2 files changed, 30 insertions(+), 2 deletions(-)
+ create mode 100644 meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+new file mode 100644
+index 0000000000..92a5b65a53
+--- /dev/null
++++ b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+@@ -0,0 +1,26 @@
++From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
++From: Trevor Gamblin <tgamblin@baylibre.com>
++Date: Tue, 29 Aug 2023 14:08:20 -0400
++Subject: [PATCH] Fix CVE-NOT-REAL
++
++CVE: CVE-1234-56789
++Upstream-Status: Backport(http://example.com/example)
++
++---
++ strlen.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++diff --git a/strlen.c b/strlen.c
++index 1788f38..83d7918 100644
++--- a/strlen.c
+++++ b/strlen.c
++@@ -8,6 +8,7 @@ int main() {
++ 
++ 	printf("%d\n", str_len(string1));
++ 	printf("%d\n", str_len(string2));
+++	printf("CVE FIXED!!!\n");
++ 
++ 	return 0;
++ }
++-- 
++2.41.0
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..76975a6729 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -3,7 +3,9 @@ SECTION = "examples"
+ LICENSE = "MIT"
+ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+ 
+-SRC_URI = "file://helloworld.c"
++SRC_URI = "file://helloworld.c \
++           file://CVE-1234-56789.patch \
++           "
+ 
+ S = "${WORKDIR}"
+ 
+@@ -16,4 +18,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/PatchSignedOffBy.test_signed_off_by_presence.pass b/poky/meta/lib/patchtest/selftest/files/PatchSignedOffBy.test_signed_off_by_presence.pass
new file mode 100644
index 0000000..ea34c76
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/PatchSignedOffBy.test_signed_off_by_presence.pass
@@ -0,0 +1,72 @@
+From 14d72f6973270f78455a8628143f2cff90e8f41e Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Tue, 29 Aug 2023 14:12:27 -0400
+Subject: [PATCH] selftest-hello: fix CVE-1234-56789
+
+CVE: CVE-1234-56789
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../selftest-hello/files/CVE-1234-56789.patch | 27 +++++++++++++++++++
+ .../selftest-hello/selftest-hello_1.0.bb      |  6 +++--
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+ create mode 100644 meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+new file mode 100644
+index 0000000000..869cfb6fe5
+--- /dev/null
++++ b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+@@ -0,0 +1,27 @@
++From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
++From: Trevor Gamblin <tgamblin@baylibre.com>
++Date: Tue, 29 Aug 2023 14:08:20 -0400
++Subject: [PATCH] Fix CVE-NOT-REAL
++
++CVE: CVE-1234-56789
++Upstream-Status: Backport(http://example.com/example)
++
++Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
++---
++ strlen.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++diff --git a/strlen.c b/strlen.c
++index 1788f38..83d7918 100644
++--- a/strlen.c
+++++ b/strlen.c
++@@ -8,6 +8,7 @@ int main() {
++ 
++ 	printf("%d\n", str_len(string1));
++ 	printf("%d\n", str_len(string2));
+++	printf("CVE FIXED!!!\n");
++ 
++ 	return 0;
++ }
++-- 
++2.41.0
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..76975a6729 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -3,7 +3,9 @@ SECTION = "examples"
+ LICENSE = "MIT"
+ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+ 
+-SRC_URI = "file://helloworld.c"
++SRC_URI = "file://helloworld.c \
++           file://CVE-1234-56789.patch \
++           "
+ 
+ S = "${WORKDIR}"
+ 
+@@ -16,4 +18,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/Shortlog.test_shortlog_format.fail b/poky/meta/lib/patchtest/selftest/files/Shortlog.test_shortlog_format.fail
new file mode 100644
index 0000000..cdbbc61
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/Shortlog.test_shortlog_format.fail
@@ -0,0 +1,73 @@
+From 35ccee3cee96fb29514475279248078d88907231 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Tue, 29 Aug 2023 14:12:27 -0400
+Subject: [PATCH] selftest-hello% fix CVE-1234-56789
+
+CVE: CVE-1234-56789
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../files/0001-Fix-CVE-1234-56789.patch       | 27 +++++++++++++++++++
+ .../selftest-hello/selftest-hello_1.0.bb      |  6 +++--
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+ create mode 100644 meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+new file mode 100644
+index 0000000000..9219b8db62
+--- /dev/null
++++ b/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+@@ -0,0 +1,27 @@
++From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
++From: Trevor Gamblin <tgamblin@baylibre.com>
++Date: Tue, 29 Aug 2023 14:08:20 -0400
++Subject: [PATCH] Fix CVE-NOT-REAL
++
++CVE: CVE-1234-56789
++Upstream-Status: Backport(http://example.com/example)
++
++Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
++---
++ strlen.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++diff --git a/strlen.c b/strlen.c
++index 1788f38..83d7918 100644
++--- a/strlen.c
+++++ b/strlen.c
++@@ -8,6 +8,7 @@ int main() {
++ 
++ 	printf("%d\n", str_len(string1));
++ 	printf("%d\n", str_len(string2));
+++	printf("CVE FIXED!!!\n");
++ 
++ 	return 0;
++ }
++-- 
++2.41.0
++
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..76975a6729 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -3,7 +3,9 @@ SECTION = "examples"
+ LICENSE = "MIT"
+ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+ 
+-SRC_URI = "file://helloworld.c"
++SRC_URI = "file://helloworld.c \
++           file://CVE-1234-56789.patch \
++           "
+ 
+ S = "${WORKDIR}"
+ 
+@@ -16,4 +18,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/Shortlog.test_shortlog_format.pass b/poky/meta/lib/patchtest/selftest/files/Shortlog.test_shortlog_format.pass
new file mode 100644
index 0000000..ef60170
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/Shortlog.test_shortlog_format.pass
@@ -0,0 +1,73 @@
+From 35ccee3cee96fb29514475279248078d88907231 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Tue, 29 Aug 2023 14:12:27 -0400
+Subject: [PATCH] selftest-hello: fix CVE-1234-56789
+
+CVE: CVE-1234-56789
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../files/0001-Fix-CVE-1234-56789.patch       | 27 +++++++++++++++++++
+ .../selftest-hello/selftest-hello_1.0.bb      |  6 +++--
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+ create mode 100644 meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+new file mode 100644
+index 0000000000..9219b8db62
+--- /dev/null
++++ b/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+@@ -0,0 +1,27 @@
++From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
++From: Trevor Gamblin <tgamblin@baylibre.com>
++Date: Tue, 29 Aug 2023 14:08:20 -0400
++Subject: [PATCH] Fix CVE-NOT-REAL
++
++CVE: CVE-1234-56789
++Upstream-Status: Backport(http://example.com/example)
++
++Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
++---
++ strlen.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++diff --git a/strlen.c b/strlen.c
++index 1788f38..83d7918 100644
++--- a/strlen.c
+++++ b/strlen.c
++@@ -8,6 +8,7 @@ int main() {
++ 
++ 	printf("%d\n", str_len(string1));
++ 	printf("%d\n", str_len(string2));
+++	printf("CVE FIXED!!!\n");
++ 
++ 	return 0;
++ }
++-- 
++2.41.0
++
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..76975a6729 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -3,7 +3,9 @@ SECTION = "examples"
+ LICENSE = "MIT"
+ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+ 
+-SRC_URI = "file://helloworld.c"
++SRC_URI = "file://helloworld.c \
++           file://CVE-1234-56789.patch \
++           "
+ 
+ S = "${WORKDIR}"
+ 
+@@ -16,4 +18,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/Shortlog.test_shortlog_length.fail b/poky/meta/lib/patchtest/selftest/files/Shortlog.test_shortlog_length.fail
new file mode 100644
index 0000000..247b2a8
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/Shortlog.test_shortlog_length.fail
@@ -0,0 +1,73 @@
+From 35ccee3cee96fb29514475279248078d88907231 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Tue, 29 Aug 2023 14:12:27 -0400
+Subject: [PATCH] selftest-hello: this is a very long commit shortlog with way too many words included in it to pass the test
+
+CVE: CVE-1234-56789
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../files/0001-Fix-CVE-1234-56789.patch       | 27 +++++++++++++++++++
+ .../selftest-hello/selftest-hello_1.0.bb      |  6 +++--
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+ create mode 100644 meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+new file mode 100644
+index 0000000000..9219b8db62
+--- /dev/null
++++ b/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+@@ -0,0 +1,27 @@
++From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
++From: Trevor Gamblin <tgamblin@baylibre.com>
++Date: Tue, 29 Aug 2023 14:08:20 -0400
++Subject: [PATCH] Fix CVE-NOT-REAL
++
++CVE: CVE-1234-56789
++Upstream-Status: Backport(http://example.com/example)
++
++Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
++---
++ strlen.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++diff --git a/strlen.c b/strlen.c
++index 1788f38..83d7918 100644
++--- a/strlen.c
+++++ b/strlen.c
++@@ -8,6 +8,7 @@ int main() {
++ 
++ 	printf("%d\n", str_len(string1));
++ 	printf("%d\n", str_len(string2));
+++	printf("CVE FIXED!!!\n");
++ 
++ 	return 0;
++ }
++-- 
++2.41.0
++
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..76975a6729 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -3,7 +3,9 @@ SECTION = "examples"
+ LICENSE = "MIT"
+ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+ 
+-SRC_URI = "file://helloworld.c"
++SRC_URI = "file://helloworld.c \
++           file://CVE-1234-56789.patch \
++           "
+ 
+ S = "${WORKDIR}"
+ 
+@@ -16,4 +18,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/Shortlog.test_shortlog_length.pass b/poky/meta/lib/patchtest/selftest/files/Shortlog.test_shortlog_length.pass
new file mode 100644
index 0000000..ef60170
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/Shortlog.test_shortlog_length.pass
@@ -0,0 +1,73 @@
+From 35ccee3cee96fb29514475279248078d88907231 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Tue, 29 Aug 2023 14:12:27 -0400
+Subject: [PATCH] selftest-hello: fix CVE-1234-56789
+
+CVE: CVE-1234-56789
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../files/0001-Fix-CVE-1234-56789.patch       | 27 +++++++++++++++++++
+ .../selftest-hello/selftest-hello_1.0.bb      |  6 +++--
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+ create mode 100644 meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+new file mode 100644
+index 0000000000..9219b8db62
+--- /dev/null
++++ b/meta-selftest/recipes-test/selftest-hello/files/0001-Fix-CVE-1234-56789.patch
+@@ -0,0 +1,27 @@
++From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
++From: Trevor Gamblin <tgamblin@baylibre.com>
++Date: Tue, 29 Aug 2023 14:08:20 -0400
++Subject: [PATCH] Fix CVE-NOT-REAL
++
++CVE: CVE-1234-56789
++Upstream-Status: Backport(http://example.com/example)
++
++Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
++---
++ strlen.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++diff --git a/strlen.c b/strlen.c
++index 1788f38..83d7918 100644
++--- a/strlen.c
+++++ b/strlen.c
++@@ -8,6 +8,7 @@ int main() {
++ 
++ 	printf("%d\n", str_len(string1));
++ 	printf("%d\n", str_len(string2));
+++	printf("CVE FIXED!!!\n");
++ 
++ 	return 0;
++ }
++-- 
++2.41.0
++
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..76975a6729 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -3,7 +3,9 @@ SECTION = "examples"
+ LICENSE = "MIT"
+ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+ 
+-SRC_URI = "file://helloworld.c"
++SRC_URI = "file://helloworld.c \
++           file://CVE-1234-56789.patch \
++           "
+ 
+ S = "${WORKDIR}"
+ 
+@@ -16,4 +18,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/SignedOffBy.test_signed_off_by_presence.1.fail b/poky/meta/lib/patchtest/selftest/files/SignedOffBy.test_signed_off_by_presence.1.fail
new file mode 100644
index 0000000..35d92ae
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/SignedOffBy.test_signed_off_by_presence.1.fail
@@ -0,0 +1,71 @@
+From 14d72f6973270f78455a8628143f2cff90e8f41e Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Tue, 29 Aug 2023 14:12:27 -0400
+Subject: [PATCH] selftest-hello: fix CVE-1234-56789
+
+CVE: CVE-1234-56789
+
+---
+ .../selftest-hello/files/CVE-1234-56789.patch | 27 +++++++++++++++++++
+ .../selftest-hello/selftest-hello_1.0.bb      |  6 +++--
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+ create mode 100644 meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+new file mode 100644
+index 0000000000..869cfb6fe5
+--- /dev/null
++++ b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+@@ -0,0 +1,27 @@
++From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
++From: Trevor Gamblin <tgamblin@baylibre.com>
++Date: Tue, 29 Aug 2023 14:08:20 -0400
++Subject: [PATCH] Fix CVE-NOT-REAL
++
++CVE: CVE-1234-56789
++Upstream-Status: Backport(http://example.com/example)
++
++Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
++---
++ strlen.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++diff --git a/strlen.c b/strlen.c
++index 1788f38..83d7918 100644
++--- a/strlen.c
+++++ b/strlen.c
++@@ -8,6 +8,7 @@ int main() {
++ 
++ 	printf("%d\n", str_len(string1));
++ 	printf("%d\n", str_len(string2));
+++	printf("CVE FIXED!!!\n");
++ 
++ 	return 0;
++ }
++-- 
++2.41.0
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..76975a6729 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -3,7 +3,9 @@ SECTION = "examples"
+ LICENSE = "MIT"
+ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+ 
+-SRC_URI = "file://helloworld.c"
++SRC_URI = "file://helloworld.c \
++           file://CVE-1234-56789.patch \
++           "
+ 
+ S = "${WORKDIR}"
+ 
+@@ -16,4 +18,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/SignedOffBy.test_signed_off_by_presence.2.fail b/poky/meta/lib/patchtest/selftest/files/SignedOffBy.test_signed_off_by_presence.2.fail
new file mode 100644
index 0000000..68f38de
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/SignedOffBy.test_signed_off_by_presence.2.fail
@@ -0,0 +1,72 @@
+From 14d72f6973270f78455a8628143f2cff90e8f41e Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Tue, 29 Aug 2023 14:12:27 -0400
+Subject: [PATCH] selftest-hello: fix CVE-1234-56789
+
+CVE: CVE-1234-56789
+
+Approved: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../selftest-hello/files/CVE-1234-56789.patch | 27 +++++++++++++++++++
+ .../selftest-hello/selftest-hello_1.0.bb      |  6 +++--
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+ create mode 100644 meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+new file mode 100644
+index 0000000000..869cfb6fe5
+--- /dev/null
++++ b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+@@ -0,0 +1,27 @@
++From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
++From: Trevor Gamblin <tgamblin@baylibre.com>
++Date: Tue, 29 Aug 2023 14:08:20 -0400
++Subject: [PATCH] Fix CVE-NOT-REAL
++
++CVE: CVE-1234-56789
++Upstream-Status: Backport(http://example.com/example)
++
++Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
++---
++ strlen.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++diff --git a/strlen.c b/strlen.c
++index 1788f38..83d7918 100644
++--- a/strlen.c
+++++ b/strlen.c
++@@ -8,6 +8,7 @@ int main() {
++ 
++ 	printf("%d\n", str_len(string1));
++ 	printf("%d\n", str_len(string2));
+++	printf("CVE FIXED!!!\n");
++ 
++ 	return 0;
++ }
++-- 
++2.41.0
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..76975a6729 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -3,7 +3,9 @@ SECTION = "examples"
+ LICENSE = "MIT"
+ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+ 
+-SRC_URI = "file://helloworld.c"
++SRC_URI = "file://helloworld.c \
++           file://CVE-1234-56789.patch \
++           "
+ 
+ S = "${WORKDIR}"
+ 
+@@ -16,4 +18,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/SignedOffBy.test_signed_off_by_presence.pass b/poky/meta/lib/patchtest/selftest/files/SignedOffBy.test_signed_off_by_presence.pass
new file mode 100644
index 0000000..ea34c76
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/SignedOffBy.test_signed_off_by_presence.pass
@@ -0,0 +1,72 @@
+From 14d72f6973270f78455a8628143f2cff90e8f41e Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Tue, 29 Aug 2023 14:12:27 -0400
+Subject: [PATCH] selftest-hello: fix CVE-1234-56789
+
+CVE: CVE-1234-56789
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../selftest-hello/files/CVE-1234-56789.patch | 27 +++++++++++++++++++
+ .../selftest-hello/selftest-hello_1.0.bb      |  6 +++--
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+ create mode 100644 meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+new file mode 100644
+index 0000000000..869cfb6fe5
+--- /dev/null
++++ b/meta-selftest/recipes-test/selftest-hello/files/CVE-1234-56789.patch
+@@ -0,0 +1,27 @@
++From b26a31186e6ee2eb1f506d5f2f9394d327a0df2f Mon Sep 17 00:00:00 2001
++From: Trevor Gamblin <tgamblin@baylibre.com>
++Date: Tue, 29 Aug 2023 14:08:20 -0400
++Subject: [PATCH] Fix CVE-NOT-REAL
++
++CVE: CVE-1234-56789
++Upstream-Status: Backport(http://example.com/example)
++
++Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
++---
++ strlen.c | 1 +
++ 1 file changed, 1 insertion(+)
++
++diff --git a/strlen.c b/strlen.c
++index 1788f38..83d7918 100644
++--- a/strlen.c
+++++ b/strlen.c
++@@ -8,6 +8,7 @@ int main() {
++ 
++ 	printf("%d\n", str_len(string1));
++ 	printf("%d\n", str_len(string2));
+++	printf("CVE FIXED!!!\n");
++ 
++ 	return 0;
++ }
++-- 
++2.41.0
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..76975a6729 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -3,7 +3,9 @@ SECTION = "examples"
+ LICENSE = "MIT"
+ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+ 
+-SRC_URI = "file://helloworld.c"
++SRC_URI = "file://helloworld.c \
++           file://CVE-1234-56789.patch \
++           "
+ 
+ S = "${WORKDIR}"
+ 
+@@ -16,4 +18,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/SrcUri.test_src_uri_left_files.fail b/poky/meta/lib/patchtest/selftest/files/SrcUri.test_src_uri_left_files.fail
new file mode 100644
index 0000000..983b6e0
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/SrcUri.test_src_uri_left_files.fail
@@ -0,0 +1,35 @@
+From 4ab06b5f81455249cd5e89d2cce9863803b5ecb5 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Fri, 8 Sep 2023 14:41:00 -0400
+Subject: [PATCH] selftest-hello: remove helloworld.c
+
+This should fail the test_src_uri_left_files selftest.
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../recipes-test/selftest-hello/selftest-hello_1.0.bb         | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..f6817f05bc 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -3,8 +3,6 @@ SECTION = "examples"
+ LICENSE = "MIT"
+ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+ 
+-SRC_URI = "file://helloworld.c"
+-
+ S = "${WORKDIR}"
+ 
+ do_compile() {
+@@ -16,4 +14,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/SrcUri.test_src_uri_left_files.pass b/poky/meta/lib/patchtest/selftest/files/SrcUri.test_src_uri_left_files.pass
new file mode 100644
index 0000000..1f1a77e
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/SrcUri.test_src_uri_left_files.pass
@@ -0,0 +1,51 @@
+From 6c7ac367a873bf827c19b81085c943eace917a99 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Fri, 8 Sep 2023 14:41:00 -0400
+Subject: [PATCH] selftest-hello: remove helloworld.c
+
+This should pass the test_src_uri_left_files selftest.
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ .../recipes-test/selftest-hello/files/helloworld.c        | 8 --------
+ .../recipes-test/selftest-hello/selftest-hello_1.0.bb     | 4 +---
+ 2 files changed, 1 insertion(+), 11 deletions(-)
+ delete mode 100644 meta-selftest/recipes-test/selftest-hello/files/helloworld.c
+
+diff --git a/meta-selftest/recipes-test/selftest-hello/files/helloworld.c b/meta-selftest/recipes-test/selftest-hello/files/helloworld.c
+deleted file mode 100644
+index fc7169b7b8..0000000000
+--- a/meta-selftest/recipes-test/selftest-hello/files/helloworld.c
++++ /dev/null
+@@ -1,8 +0,0 @@
+-#include <stdio.h>
+-
+-int main(void)
+-{
+-	printf("Hello world!\n");
+-
+-	return 0;
+-}
+diff --git a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+index 547587bef4..f6817f05bc 100644
+--- a/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
++++ b/meta-selftest/recipes-test/selftest-hello/selftest-hello_1.0.bb
+@@ -3,8 +3,6 @@ SECTION = "examples"
+ LICENSE = "MIT"
+ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+ 
+-SRC_URI = "file://helloworld.c"
+-
+ S = "${WORKDIR}"
+ 
+ do_compile() {
+@@ -16,4 +14,4 @@ do_install() {
+ 	install -m 0755 helloworld ${D}${bindir}
+ }
+ 
+-BBCLASSEXTEND = "native nativesdk"
+\ No newline at end of file
++BBCLASSEXTEND = "native nativesdk"
+-- 
+2.41.0
+
diff --git a/poky/meta/lib/patchtest/selftest/files/Summary.test_summary_presence.fail b/poky/meta/lib/patchtest/selftest/files/Summary.test_summary_presence.fail
new file mode 100644
index 0000000..2d2b4e6
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/Summary.test_summary_presence.fail
@@ -0,0 +1,46 @@
+From e29da5faa74409be394caa09d9f3b7b60f8592b9 Mon Sep 17 00:00:00 2001
+From: Daniela Plascencia <daniela.plascencia@linux.intel.com>
+Date: Thu, 23 Feb 2017 10:34:27 -0600
+Subject: [PATCH] meta: adding hello-yocto recipe
+
+This is a sample recipe
+
+Signed-off-by: Daniela Plascencia <daniela.plascencia@linux.intel.com>
+---
+ meta/recipes-devtools/hello-world/hello-world/hello_world.c |  5 +++++
+ meta/recipes-devtools/hello-world/hello-world_1.0.bb        | 12 ++++++++++++
+ 2 files changed, 17 insertions(+)
+ create mode 100644 meta/recipes-devtools/hello-world/hello-world/hello_world.c
+ create mode 100644 meta/recipes-devtools/hello-world/hello-world_1.0.bb
+
+diff --git a/meta/recipes-devtools/hello-world/hello-world/hello_world.c b/meta/recipes-devtools/hello-world/hello-world/hello_world.c
+new file mode 100644
+index 0000000000..0d59f57d4c
+--- /dev/null
++++ b/meta/recipes-devtools/hello-world/hello-world/hello_world.c
+@@ -0,0 +1,5 @@
++#include <stdio.h>
++
++int main(){
++    printf("Hello World\n");
++}
+diff --git a/meta/recipes-devtools/hello-world/hello-world_1.0.bb b/meta/recipes-devtools/hello-world/hello-world_1.0.bb
+new file mode 100644
+index 0000000000..c4e1359217
+--- /dev/null
++++ b/meta/recipes-devtools/hello-world/hello-world_1.0.bb
+@@ -0,0 +1,12 @@
++LICENSE = "CLOSED"
++
++SRC_URI += "file://hello_world.c"
++
++do_compile(){
++    ${CC} -o hello_world ../hello_world.c
++}
++
++do_install(){
++    install -d ${D}${bindir}
++    install -m +x hello_world ${D}${bindir}/hello_world
++}
+--
+2.11.0
diff --git a/poky/meta/lib/patchtest/selftest/files/Summary.test_summary_presence.pass b/poky/meta/lib/patchtest/selftest/files/Summary.test_summary_presence.pass
new file mode 100644
index 0000000..55f0309
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/files/Summary.test_summary_presence.pass
@@ -0,0 +1,49 @@
+From 0cd2fed12ce4b7b071edde12aec4481ad7a6f107 Mon Sep 17 00:00:00 2001
+From: Daniela Plascencia <daniela.plascencia@linux.intel.com>
+Date: Thu, 23 Feb 2017 10:34:27 -0600
+Subject: [PATCH] meta: adding hello-yocto recipe
+
+This is a sample recipe
+
+Signed-off-by: Daniela Plascencia <daniela.plascencia@linux.intel.com>
+---
+ .../hello-world/hello-world/hello_world.c                 |  5 +++++
+ meta/recipes-devtools/hello-world/hello-world_1.0.bb      | 15 +++++++++++++++
+ 2 files changed, 20 insertions(+)
+ create mode 100644 meta/recipes-devtools/hello-world/hello-world/hello_world.c
+ create mode 100644 meta/recipes-devtools/hello-world/hello-world_1.0.bb
+
+diff --git a/meta/recipes-devtools/hello-world/hello-world/hello_world.c b/meta/recipes-devtools/hello-world/hello-world/hello_world.c
+new file mode 100644
+index 0000000000..0d59f57d4c
+--- /dev/null
++++ b/meta/recipes-devtools/hello-world/hello-world/hello_world.c
+@@ -0,0 +1,5 @@
++#include <stdio.h>
++
++int main(){
++    printf("Hello World\n");
++}
+diff --git a/meta/recipes-devtools/hello-world/hello-world_1.0.bb b/meta/recipes-devtools/hello-world/hello-world_1.0.bb
+new file mode 100644
+index 0000000000..c54283eece
+--- /dev/null
++++ b/meta/recipes-devtools/hello-world/hello-world_1.0.bb
+@@ -0,0 +1,15 @@
++SUMMARY = "This is a sample summary"
++DESCRIPTION = "This is a sample description"
++HOMEPAGE = "https://sample.com/this-is-a-sample"
++LICENSE = "CLOSED"
++
++SRC_URI += "file://hello_world.c"
++
++do_compile(){
++    ${CC} -o hello_world ../hello_world.c
++}
++
++do_install(){
++    install -d ${D}${bindir}
++    install -m +x hello_world ${D}${bindir}/hello_world
++}
+--
+2.11.0
diff --git a/poky/meta/lib/patchtest/selftest/selftest b/poky/meta/lib/patchtest/selftest/selftest
new file mode 100755
index 0000000..d2b61e9
--- /dev/null
+++ b/poky/meta/lib/patchtest/selftest/selftest
@@ -0,0 +1,89 @@
+#!/usr/bin/env python3
+
+# Test every patch from files folder and output error on failure
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import os
+import subprocess
+import sys
+
+currentdir = os.path.dirname(os.path.abspath(__file__))
+patchesdir = os.path.join(currentdir, 'files')
+topdir     = os.path.dirname(currentdir)
+parentdir  = os.path.dirname(topdir)
+
+# path to the repo root
+repodir = os.path.dirname(os.path.dirname(parentdir))
+
+def print_results(passcount, skipcount, failcount, xpasscount, xfailcount, errorcount):
+    total = passcount + skipcount + failcount + xpasscount + xfailcount + errorcount
+    print("============================================================================")
+    print("Testsuite summary for %s" % os.path.basename(topdir))
+    print("============================================================================")
+    print("# TOTAL: %s" % str(total))
+    print("# XPASS: %s" % str(xpasscount))
+    print("# XFAIL: %s" % str(xfailcount))
+    print("# PASS: %s" % str(passcount))
+    print("# FAIL: %s" % str(failcount))
+    print("# SKIP: %s" % str(skipcount))
+    print("# ERROR: %s" % str(errorcount))
+    print("============================================================================")
+
+# Once the tests are in oe-core, we can remove the testdir param and use os.path.dirname to get relative paths
+def test(root, patch):
+    res = True
+    patchpath = os.path.abspath(os.path.join(root, patch))
+    
+    cmd     = 'patchtest %s %s/tests --patch %s' % (repodir, topdir, patchpath)
+    results = subprocess.check_output(cmd, stderr=subprocess.STDOUT, universal_newlines=True, shell=True)
+
+    return results
+
+if __name__ == '__main__':
+    passcount = 0
+    failcount = 0
+    skipcount = 0
+    xpasscount = 0
+    xfailcount = 0
+    errorcount = 0
+
+    results = None
+        
+    for root, dirs, patches in os.walk(patchesdir):
+        for patch in patches:
+            results = test(root, patch)
+
+            a = patch.split('.')
+            klass, testname = a[0], a[1]
+            expected_result = a[-1]
+            testid          = ".%s.%s" % (klass,testname)
+
+            for resultline in results.splitlines():
+                if testid in resultline:
+                    result, _ = resultline.split(' ', 1)
+
+                    if expected_result.upper() == "FAIL" and result.upper() == "FAIL":
+                        xfailcount = xfailcount + 1
+                        print("XFAIL: %s (file: %s)" % (testid.strip("."), os.path.basename(patch)))
+                    elif expected_result.upper() == "PASS" and result.upper() == "PASS":
+                        xpasscount = xpasscount + 1
+                        print("XPASS: %s (file: %s)" % (testid.strip("."), os.path.basename(patch)))
+                    else:
+                        print("%s: %s (%s)" % (result.upper(), testid.strip("."), os.path.basename(patch)))
+                        if result.upper() == "PASS":
+                            passcount = passcount + 1
+                        elif result.upper() == "FAIL":
+                            failcount = failcount + 1
+                        elif result.upper() == "SKIP":
+                            skipcount = skipcount + 1
+                        else:
+                            print("Bad result on test %s against %s" % (testid.strip("."), os.path.basename(patch)))
+                            errorcount = errorcount + 1
+                    break
+            else:
+                print ("No test for=%s" % patch)
+
+    print_results(passcount, skipcount, failcount, xpasscount, xfailcount, errorcount)
diff --git a/poky/meta/lib/patchtest/tests/__init__.py b/poky/meta/lib/patchtest/tests/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/__init__.py
diff --git a/poky/meta/lib/patchtest/tests/base.py b/poky/meta/lib/patchtest/tests/base.py
new file mode 100644
index 0000000..27db380
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/base.py
@@ -0,0 +1,239 @@
+# Base class to be used by all test cases defined in the suite
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import unittest
+import logging
+import json
+import unidiff
+from data import PatchTestInput
+import mailbox
+import collections
+import sys
+import os
+import re
+
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), 'pyparsing'))
+
+logger = logging.getLogger('patchtest')
+debug=logger.debug
+info=logger.info
+warn=logger.warn
+error=logger.error
+
+Commit = collections.namedtuple('Commit', ['author', 'subject', 'commit_message', 'shortlog', 'payload'])
+
+class PatchtestOEError(Exception):
+    """Exception for handling patchtest-oe errors"""
+    def __init__(self, message, exitcode=1):
+        super().__init__(message)
+        self.exitcode = exitcode
+
+class Base(unittest.TestCase):
+    # if unit test fails, fail message will throw at least the following JSON: {"id": <testid>}
+
+    endcommit_messages_regex = re.compile('\(From \w+-\w+ rev:|(?<!\S)Signed-off-by|(?<!\S)---\n')
+    patchmetadata_regex   = re.compile('-{3} \S+|\+{3} \S+|@{2} -\d+,\d+ \+\d+,\d+ @{2} \S+')
+
+
+    @staticmethod
+    def msg_to_commit(msg):
+        payload = msg.get_payload()
+        return Commit(subject=msg['subject'].replace('\n', ' ').replace('  ', ' '),
+                      author=msg.get('From'),
+                      shortlog=Base.shortlog(msg['subject']),
+                      commit_message=Base.commit_message(payload),
+                      payload=payload)
+
+    @staticmethod
+    def commit_message(payload):
+        commit_message = payload.__str__()
+        match = Base.endcommit_messages_regex.search(payload)
+        if match:
+            commit_message = payload[:match.start()]
+        return commit_message
+
+    @staticmethod
+    def shortlog(shlog):
+        # remove possible prefix (between brackets) before colon
+        start = shlog.find(']', 0, shlog.find(':'))
+        # remove also newlines and spaces at both sides
+        return shlog[start + 1:].replace('\n', '').strip()
+
+    @classmethod
+    def setUpClass(cls):
+
+        # General objects: mailbox.mbox and patchset
+        cls.mbox = mailbox.mbox(PatchTestInput.repo.patch)
+
+        # Patch may be malformed, so try parsing it
+        cls.unidiff_parse_error = ''
+        cls.patchset = None
+        try:
+            cls.patchset = unidiff.PatchSet.from_filename(PatchTestInput.repo.patch, encoding=u'UTF-8')
+        except unidiff.UnidiffParseError as upe:
+            cls.patchset = []
+            cls.unidiff_parse_error = str(upe)
+
+        # Easy to iterate list of commits
+        cls.commits = []
+        for msg in cls.mbox:
+            if msg['subject'] and msg.get_payload():
+                cls.commits.append(Base.msg_to_commit(msg))
+
+        cls.setUpClassLocal()
+
+    @classmethod
+    def tearDownClass(cls):
+        cls.tearDownClassLocal()
+
+    @classmethod
+    def setUpClassLocal(cls):
+        pass
+
+    @classmethod
+    def tearDownClassLocal(cls):
+        pass
+
+    def fail(self, issue, fix=None, commit=None, data=None):
+        """ Convert to a JSON string failure data"""
+        value = {'id': self.id(),
+                 'issue': issue}
+
+        if fix:
+            value['fix'] = fix
+        if commit:
+            value['commit'] = {'subject': commit.subject,
+                               'shortlog': commit.shortlog}
+
+        # extend return value with other useful info
+        if data:
+            value['data'] = data
+
+        return super(Base, self).fail(json.dumps(value))
+
+    def skip(self, issue, data=None):
+        """ Convert the skip string to JSON"""
+        value = {'id': self.id(),
+                 'issue': issue}
+
+        # extend return value with other useful info
+        if data:
+            value['data'] = data
+
+        return super(Base, self).skipTest(json.dumps(value))
+
+    def shortid(self):
+        return self.id().split('.')[-1]
+
+    def __str__(self):
+        return json.dumps({'id': self.id()})
+
+class Metadata(Base):
+    @classmethod
+    def setUpClassLocal(cls):
+        cls.tinfoil = cls.setup_tinfoil()
+
+        # get info about added/modified/remove recipes
+        cls.added, cls.modified, cls.removed = cls.get_metadata_stats(cls.patchset)
+
+    @classmethod
+    def tearDownClassLocal(cls):
+        cls.tinfoil.shutdown()
+
+    @classmethod
+    def setup_tinfoil(cls, config_only=False):
+        """Initialize tinfoil api from bitbake"""
+
+        # import relevant libraries
+        try:
+            scripts_path = os.path.join(PatchTestInput.repodir, 'scripts', 'lib')
+            if scripts_path not in sys.path:
+                sys.path.insert(0, scripts_path)
+            import scriptpath
+            scriptpath.add_bitbake_lib_path()
+            import bb.tinfoil
+        except ImportError:
+            raise PatchtestOEError('Could not import tinfoil module')
+
+        orig_cwd = os.path.abspath(os.curdir)
+
+        # Load tinfoil
+        tinfoil = None
+        try:
+            builddir = os.environ.get('BUILDDIR')
+            if not builddir:
+                logger.warn('Bitbake environment not loaded?')
+                return tinfoil
+            os.chdir(builddir)
+            tinfoil = bb.tinfoil.Tinfoil()
+            tinfoil.prepare(config_only=config_only)
+        except bb.tinfoil.TinfoilUIException as te:
+            if tinfoil:
+                tinfoil.shutdown()
+            raise PatchtestOEError('Could not prepare properly tinfoil (TinfoilUIException)')
+        except Exception as e:
+            if tinfoil:
+                tinfoil.shutdown()
+            raise e
+        finally:
+            os.chdir(orig_cwd)
+
+        return tinfoil
+
+    @classmethod
+    def get_metadata_stats(cls, patchset):
+        """Get lists of added, modified and removed metadata files"""
+
+        def find_pn(data, path):
+            """Find the PN from data"""
+            pn = None
+            pn_native = None
+            for _path, _pn in data:
+                if path in _path:
+                    if 'native' in _pn:
+                        # store the native PN but look for the non-native one first
+                        pn_native = _pn
+                    else:
+                        pn = _pn
+                        break
+            else:
+                # sent the native PN if found previously
+                if pn_native:
+                    return pn_native
+
+                # on renames (usually upgrades), we need to check (FILE) base names
+                # because the unidiff library does not provided the new filename, just the modified one
+                # and tinfoil datastore, once the patch is merged, will contain the new filename
+                path_basename = path.split('_')[0]
+                for _path, _pn in data:
+                    _path_basename = _path.split('_')[0]
+                    if path_basename == _path_basename:
+                        pn = _pn
+            return pn
+
+        if not cls.tinfoil:
+            cls.tinfoil = cls.setup_tinfoil()
+
+        added_paths, modified_paths, removed_paths = [], [], []
+        added, modified, removed = [], [], []
+
+        # get metadata filename additions, modification and removals
+        for patch in patchset:
+            if patch.path.endswith('.bb') or patch.path.endswith('.bbappend') or patch.path.endswith('.inc'):
+                if patch.is_added_file:
+                    added_paths.append(os.path.join(os.path.abspath(PatchTestInput.repodir), patch.path))
+                elif patch.is_modified_file:
+                    modified_paths.append(os.path.join(os.path.abspath(PatchTestInput.repodir), patch.path))
+                elif patch.is_removed_file:
+                    removed_paths.append(os.path.join(os.path.abspath(PatchTestInput.repodir), patch.path))
+
+        data = cls.tinfoil.cooker.recipecaches[''].pkg_fn.items()
+
+        added = [find_pn(data,path) for path in added_paths]
+        modified = [find_pn(data,path) for path in modified_paths]
+        removed = [find_pn(data,path) for path in removed_paths]
+
+        return [a for a in added if a], [m for m in modified if m], [r for r in removed if r]
diff --git a/poky/meta/lib/patchtest/tests/pyparsing/common.py b/poky/meta/lib/patchtest/tests/pyparsing/common.py
new file mode 100644
index 0000000..9d37b04
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/pyparsing/common.py
@@ -0,0 +1,26 @@
+# common pyparsing variables
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import pyparsing
+
+# general
+colon = pyparsing.Literal(":")
+start = pyparsing.LineStart()
+end   = pyparsing.LineEnd()
+at = pyparsing.Literal("@")
+lessthan = pyparsing.Literal("<")
+greaterthan = pyparsing.Literal(">")
+opensquare = pyparsing.Literal("[")
+closesquare = pyparsing.Literal("]")
+inappropriate = pyparsing.CaselessLiteral("Inappropriate")
+submitted = pyparsing.CaselessLiteral("Submitted")
+
+# word related
+nestexpr = pyparsing.nestedExpr(opener='[', closer=']')
+inappropriateinfo = pyparsing.Literal("Inappropriate") + nestexpr
+submittedinfo = pyparsing.Literal("Submitted") + nestexpr
+word = pyparsing.Word(pyparsing.alphas)
+worddot = pyparsing.Word(pyparsing.alphas+".")
diff --git a/poky/meta/lib/patchtest/tests/pyparsing/parse_cve_tags.py b/poky/meta/lib/patchtest/tests/pyparsing/parse_cve_tags.py
new file mode 100644
index 0000000..dd7131a
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/pyparsing/parse_cve_tags.py
@@ -0,0 +1,18 @@
+# signed-off-by pyparsing definition
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+
+import pyparsing
+import common
+
+name = pyparsing.Regex('\S+.*(?= <)')
+username = pyparsing.OneOrMore(common.worddot)
+domain = pyparsing.OneOrMore(common.worddot)
+cve = pyparsing.Regex('CVE\-\d{4}\-\d+')
+cve_mark = pyparsing.Literal("CVE:")
+
+cve_tag = pyparsing.AtLineStart(cve_mark + cve)
+patch_cve_tag = pyparsing.AtLineStart("+" + cve_mark + cve)
diff --git a/poky/meta/lib/patchtest/tests/pyparsing/parse_shortlog.py b/poky/meta/lib/patchtest/tests/pyparsing/parse_shortlog.py
new file mode 100644
index 0000000..26e9612
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/pyparsing/parse_shortlog.py
@@ -0,0 +1,14 @@
+# subject pyparsing definition
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+# NOTE:This is an oversimplified syntax of the mbox's summary
+
+import pyparsing
+import common
+
+target        = pyparsing.OneOrMore(pyparsing.Word(pyparsing.printables.replace(':','')))
+summary       = pyparsing.OneOrMore(pyparsing.Word(pyparsing.printables))
+shortlog       = common.start + target + common.colon + summary + common.end
diff --git a/poky/meta/lib/patchtest/tests/pyparsing/parse_signed_off_by.py b/poky/meta/lib/patchtest/tests/pyparsing/parse_signed_off_by.py
new file mode 100644
index 0000000..c8a4351
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/pyparsing/parse_signed_off_by.py
@@ -0,0 +1,22 @@
+# signed-off-by pyparsing definition
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+
+import pyparsing
+import common
+
+name = pyparsing.Regex('\S+.*(?= <)')
+username = pyparsing.OneOrMore(common.worddot)
+domain = pyparsing.OneOrMore(common.worddot)
+
+# taken from https://pyparsing-public.wikispaces.com/Helpful+Expressions
+email = pyparsing.Regex(r"(?P<user>[A-Za-z0-9._%+-]+)@(?P<hostname>[A-Za-z0-9.-]+)\.(?P<domain>[A-Za-z]{2,})")
+
+email_enclosed = common.lessthan + email + common.greaterthan
+
+signed_off_by_mark = pyparsing.Literal("Signed-off-by:")
+signed_off_by = pyparsing.AtLineStart(signed_off_by_mark + name + email_enclosed)
+patch_signed_off_by = pyparsing.AtLineStart("+" + signed_off_by_mark + name + email_enclosed)
diff --git a/poky/meta/lib/patchtest/tests/pyparsing/parse_upstream_status.py b/poky/meta/lib/patchtest/tests/pyparsing/parse_upstream_status.py
new file mode 100644
index 0000000..d63567e
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/pyparsing/parse_upstream_status.py
@@ -0,0 +1,24 @@
+# upstream-status pyparsing definition
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+
+import common
+import pyparsing
+
+upstream_status_literal_valid_status = ["Pending", "Backport", "Denied", "Inappropriate", "Submitted"]
+upstream_status_nonliteral_valid_status = ["Pending", "Backport", "Denied", "Inappropriate [reason]", "Submitted [where]"]
+
+upstream_status_valid_status = pyparsing.Or(
+    [pyparsing.Literal(status) for status in upstream_status_literal_valid_status]
+)
+
+upstream_status_mark         = pyparsing.Literal("Upstream-Status")
+inappropriate_status_mark    = common.inappropriate
+submitted_status_mark        = common.submitted
+
+upstream_status              = common.start + upstream_status_mark + common.colon + upstream_status_valid_status
+upstream_status_inappropriate_info = common.start + upstream_status_mark + common.colon + common.inappropriateinfo
+upstream_status_submitted_info = common.start + upstream_status_mark + common.colon + common.submittedinfo
diff --git a/poky/meta/lib/patchtest/tests/test_mbox_author.py b/poky/meta/lib/patchtest/tests/test_mbox_author.py
new file mode 100644
index 0000000..6c79f16
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_mbox_author.py
@@ -0,0 +1,29 @@
+# Checks related to the patch's author
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import base
+import re
+
+class Author(base.Base):
+
+    auh_email = '<auh@auh.yoctoproject.org>'
+
+    invalids = [re.compile("^Upgrade Helper.+"),
+                re.compile(re.escape(auh_email)),
+                re.compile("uh@not\.set"),
+                re.compile("\S+@example\.com")]
+
+
+    def test_author_valid(self):
+        for commit in self.commits:
+            for invalid in self.invalids:
+                if invalid.search(commit.author):
+                    self.fail('Invalid author %s' % commit.author, 'Resend the series with a valid patch\'s author', commit)
+
+    def test_non_auh_upgrade(self):
+        for commit in self.commits:
+            if self.auh_email in commit.payload:
+                self.fail('Invalid author %s in commit message' % self.auh_email, 'Resend the series with a valid patch\'s author', commit)
diff --git a/poky/meta/lib/patchtest/tests/test_mbox_bugzilla.py b/poky/meta/lib/patchtest/tests/test_mbox_bugzilla.py
new file mode 100644
index 0000000..e8de48b
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_mbox_bugzilla.py
@@ -0,0 +1,22 @@
+# Checks related to the patch's bugzilla tag
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import re
+import base
+
+class Bugzilla(base.Base):
+    rexp_detect     = re.compile("\[\s?YOCTO.*\]", re.IGNORECASE)
+    rexp_validation = re.compile("\[(\s?YOCTO\s?#\s?(\d+)\s?,?)+\]", re.IGNORECASE)
+
+    def test_bugzilla_entry_format(self):
+        for commit in Bugzilla.commits:
+            for line in commit.commit_message.splitlines():
+                if self.rexp_detect.match(line):
+                    if not self.rexp_validation.match(line):
+                        self.fail('Yocto Project bugzilla tag is not correctly formatted',
+                                  'Specify bugzilla ID in commit description with format: "[YOCTO #<bugzilla ID>]"',
+                                  commit)
+
diff --git a/poky/meta/lib/patchtest/tests/test_mbox_cve.py b/poky/meta/lib/patchtest/tests/test_mbox_cve.py
new file mode 100644
index 0000000..f99194c
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_mbox_cve.py
@@ -0,0 +1,49 @@
+# Checks related to the patch's CVE lines
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+import base
+import os
+import parse_cve_tags
+import re
+
+class CVE(base.Base):
+
+    revert_shortlog_regex = re.compile('Revert\s+".*"')
+    prog = parse_cve_tags.cve_tag
+
+    def setUp(self):
+        if self.unidiff_parse_error:
+            self.skip('Parse error %s' % self.unidiff_parse_error)
+
+        # we are just interested in series that introduce CVE patches, thus discard other
+        # possibilities: modification to current CVEs, patch directly introduced into the
+        # recipe, upgrades already including the CVE, etc.
+        new_cves = [p for p in self.patchset if p.path.endswith('.patch') and p.is_added_file]
+        if not new_cves:
+            self.skip('No new CVE patches introduced')
+
+    def test_cve_presence_in_commit_message(self):
+        for commit in CVE.commits:
+            # skip those patches that revert older commits, these do not required the tag presence
+            if self.revert_shortlog_regex.match(commit.shortlog):
+                continue
+            if not self.prog.search_string(commit.payload):
+                self.fail('Missing or incorrectly formatted CVE tag in mbox',
+                          'Correct or include the CVE tag in the mbox with format: "CVE: CVE-YYYY-XXXX"',
+                          commit)
diff --git a/poky/meta/lib/patchtest/tests/test_mbox_description.py b/poky/meta/lib/patchtest/tests/test_mbox_description.py
new file mode 100644
index 0000000..7addc6b
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_mbox_description.py
@@ -0,0 +1,17 @@
+# Checks related to the patch's commit_message
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import base
+
+class CommitMessage(base.Base):
+
+    def test_commit_message_presence(self):
+        for commit in CommitMessage.commits:
+            if not commit.commit_message.strip():
+                self.fail('Patch is missing a descriptive commit message',
+                          'Please include a commit message on your patch explaining the change (most importantly why the change is being made)',
+                          commit)
+
diff --git a/poky/meta/lib/patchtest/tests/test_mbox_format.py b/poky/meta/lib/patchtest/tests/test_mbox_format.py
new file mode 100644
index 0000000..85c452c
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_mbox_format.py
@@ -0,0 +1,16 @@
+# Checks correct parsing of mboxes
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import base
+import re
+
+class MboxFormat(base.Base):
+
+    def test_mbox_format(self):
+        if self.unidiff_parse_error:
+            self.fail('Series cannot be parsed correctly due to malformed diff lines',
+                      'Create the series again using git-format-patch and ensure it can be applied using git am',
+                      data=[('Diff line', re.sub('^.+:\s(?<!$)','',self.unidiff_parse_error))])
diff --git a/poky/meta/lib/patchtest/tests/test_mbox_mailinglist.py b/poky/meta/lib/patchtest/tests/test_mbox_mailinglist.py
new file mode 100644
index 0000000..de38e20
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_mbox_mailinglist.py
@@ -0,0 +1,64 @@
+# Check if the series was intended for other project (not OE-Core)
+#
+# Copyright (C) 2017 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import subprocess
+import collections
+import base
+import re
+from data import PatchTestInput
+
+class MailingList(base.Base):
+
+    # base paths of main yocto project sub-projects
+    paths = {
+        'oe-core': ['meta-selftest', 'meta-skeleton', 'meta', 'scripts'],
+        'bitbake': ['bitbake'],
+        'documentation': ['documentation'],
+        'poky': ['meta-poky','meta-yocto-bsp'],
+        'oe': ['meta-gpe', 'meta-gnome', 'meta-efl', 'meta-networking', 'meta-multimedia','meta-initramfs', 'meta-ruby', 'contrib', 'meta-xfce', 'meta-filesystems', 'meta-perl', 'meta-webserver', 'meta-systemd', 'meta-oe', 'meta-python']
+        }
+
+    # scripts folder is a mix of oe-core and poky, most is oe-core code except:
+    poky_scripts = ['scripts/yocto-bsp', 'scripts/yocto-kernel', 'scripts/yocto-layer', 'scripts/lib/bsp']
+
+    Project = collections.namedtuple('Project', ['name', 'listemail', 'gitrepo', 'paths'])
+
+    bitbake = Project(name='Bitbake', listemail='bitbake-devel@lists.openembedded.org', gitrepo='http://git.openembedded.org/bitbake/', paths=paths['bitbake'])
+    doc     = Project(name='Documentantion', listemail='yocto@yoctoproject.org', gitrepo='http://git.yoctoproject.org/cgit/cgit.cgi/yocto-docs/', paths=paths['documentation'])
+    poky    = Project(name='Poky', listemail='poky@yoctoproject.org', gitrepo='http://git.yoctoproject.org/cgit/cgit.cgi/poky/', paths=paths['poky'])
+    oe      = Project(name='oe', listemail='openembedded-devel@lists.openembedded.org', gitrepo='http://git.openembedded.org/meta-openembedded/', paths=paths['oe'])
+
+
+    def test_target_mailing_list(self):
+        """In case of merge failure, check for other targeted projects"""
+        if PatchTestInput.repo.ismerged:
+            self.skip('Series merged, no reason to check other mailing lists')
+
+        # a meta project may be indicted in the message subject, if this is the case, just fail
+        # TODO: there may be other project with no-meta prefix, we also need to detect these
+        project_regex = re.compile("\[(?P<project>meta-.+)\]")
+        for commit in MailingList.commits:
+            match = project_regex.match(commit.subject)
+            if match:
+                self.fail('Series sent to the wrong mailing list',
+                          'Check the project\'s README (%s) and send the patch to the indicated list' % match.group('project'),
+                          commit)
+
+        for patch in self.patchset:
+            folders = patch.path.split('/')
+            base_path = folders[0]
+            for project in [self.bitbake, self.doc, self.oe, self.poky]:
+                if base_path in  project.paths:
+                    self.fail('Series sent to the wrong mailing list or some patches from the series correspond to different mailing lists', 'Send the series again to the correct mailing list (ML)',
+                              data=[('Suggested ML', '%s [%s]' % (project.listemail, project.gitrepo)),
+                                    ('Patch\'s path:', patch.path)])
+
+            # check for poky's scripts code
+            if base_path.startswith('scripts'):
+                for poky_file in self.poky_scripts:
+                    if patch.path.startswith(poky_file):
+                        self.fail('Series sent to the wrong mailing list or some patches from the series correspond to different mailing lists', 'Send the series again to the correct mailing list (ML)',
+                                  data=[('Suggested ML', '%s [%s]' % (self.poky.listemail, self.poky.gitrepo)),('Patch\'s path:', patch.path)])
diff --git a/poky/meta/lib/patchtest/tests/test_mbox_merge.py b/poky/meta/lib/patchtest/tests/test_mbox_merge.py
new file mode 100644
index 0000000..c8b6718
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_mbox_merge.py
@@ -0,0 +1,25 @@
+# Check if mbox was merged by patchtest
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import subprocess
+import base
+from data import PatchTestInput
+
+def headlog():
+    output = subprocess.check_output(
+        "cd %s; git log --pretty='%%h#%%aN#%%cD:#%%s' -1" % PatchTestInput.repodir,
+        universal_newlines=True,
+        shell=True
+        )
+    return output.split('#')
+
+class Merge(base.Base):
+    def test_series_merge_on_head(self):
+        if not PatchTestInput.repo.ismerged:
+            commithash, author, date, shortlog = headlog()
+            self.fail('Series does not apply on top of target branch',
+                      'Rebase your series on top of targeted branch',
+                      data=[('Targeted branch', '%s (currently at %s)' % (PatchTestInput.repo.branch, commithash))])
diff --git a/poky/meta/lib/patchtest/tests/test_mbox_shortlog.py b/poky/meta/lib/patchtest/tests/test_mbox_shortlog.py
new file mode 100644
index 0000000..b6c2a20
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_mbox_shortlog.py
@@ -0,0 +1,41 @@
+# Checks related to the patch's  summary
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import base
+import parse_shortlog
+import pyparsing
+
+maxlength = 90
+
+class Shortlog(base.Base):
+
+    def test_shortlog_format(self):
+        for commit in Shortlog.commits:
+            shortlog = commit.shortlog
+            if not shortlog.strip():
+                self.skip('Empty shortlog, no reason to execute shortlog format test')
+            else:
+                # no reason to re-check on revert shortlogs
+                if shortlog.startswith('Revert "'):
+                    continue
+                try:
+                    parse_shortlog.shortlog.parseString(shortlog)
+                except pyparsing.ParseException as pe:
+                    self.fail('Shortlog does not follow expected format',
+                              'Commit shortlog (first line of commit message) should follow the format "<target>: <summary>"',
+                              commit)
+
+    def test_shortlog_length(self):
+        for commit in Shortlog.commits:
+            # no reason to re-check on revert shortlogs
+            shortlog = commit.shortlog
+            if shortlog.startswith('Revert "'):
+                continue
+            l = len(shortlog)
+            if l > maxlength:
+                self.fail('Commit shortlog is too long',
+                          'Edit shortlog so that it is %d characters or less (currently %d characters)' % (maxlength, l),
+                          commit)
diff --git a/poky/meta/lib/patchtest/tests/test_mbox_signed_off_by.py b/poky/meta/lib/patchtest/tests/test_mbox_signed_off_by.py
new file mode 100644
index 0000000..6458951
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_mbox_signed_off_by.py
@@ -0,0 +1,28 @@
+# Checks related to the patch's signed-off-by lines
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import base
+import parse_signed_off_by
+import re
+
+class SignedOffBy(base.Base):
+
+    revert_shortlog_regex = re.compile('Revert\s+".*"')
+
+    @classmethod
+    def setUpClassLocal(cls):
+        # match self.mark with no '+' preceding it
+        cls.prog = parse_signed_off_by.signed_off_by
+
+    def test_signed_off_by_presence(self):
+        for commit in SignedOffBy.commits:
+            # skip those patches that revert older commits, these do not required the tag presence
+            if self.revert_shortlog_regex.match(commit.shortlog):
+                continue
+            if not SignedOffBy.prog.search_string(commit.payload):
+                self.fail('Patch is missing Signed-off-by',
+                          'Sign off the patch (either manually or with "git commit --amend -s")',
+                          commit)
diff --git a/poky/meta/lib/patchtest/tests/test_metadata_lic_files_chksum.py b/poky/meta/lib/patchtest/tests/test_metadata_lic_files_chksum.py
new file mode 100644
index 0000000..e9a5b6b
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_metadata_lic_files_chksum.py
@@ -0,0 +1,82 @@
+# Checks related to the patch's LIC_FILES_CHKSUM  metadata variable
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import base
+import re
+from data import PatchTestInput, PatchTestDataStore
+
+class LicFilesChkSum(base.Metadata):
+    metadata = 'LIC_FILES_CHKSUM'
+    license  = 'LICENSE'
+    closed   = 'CLOSED'
+    lictag   = 'License-Update'
+    lictag_re  = re.compile("^%s:" % lictag, re.MULTILINE)
+
+    def setUp(self):
+        # these tests just make sense on patches that can be merged
+        if not PatchTestInput.repo.canbemerged:
+            self.skip('Patch cannot be merged')
+
+    def test_lic_files_chksum_presence(self):
+        if not self.added:
+            self.skip('No added recipes, skipping test')
+
+        for pn in self.added:
+            rd = self.tinfoil.parse_recipe(pn)
+            pathname = rd.getVar('FILE')
+            # we are not interested in images
+            if '/images/' in pathname:
+                continue
+            lic_files_chksum = rd.getVar(self.metadata)
+            if rd.getVar(self.license) == self.closed:
+                continue
+            if not lic_files_chksum:
+                self.fail('%s is missing in newly added recipe' % self.metadata,
+                          'Specify the variable %s in %s' % (self.metadata, pn))
+
+    def pretest_lic_files_chksum_modified_not_mentioned(self):
+        if not self.modified:
+            self.skip('No modified recipes, skipping pretest')
+        # get the proper metadata values
+        for pn in self.modified:
+            rd = self.tinfoil.parse_recipe(pn)
+            pathname = rd.getVar('FILE')
+            # we are not interested in images
+            if '/images/' in pathname:
+                continue
+            PatchTestDataStore['%s-%s-%s' % (self.shortid(),self.metadata,pn)] = rd.getVar(self.metadata)
+
+    def test_lic_files_chksum_modified_not_mentioned(self):
+        if not self.modified:
+            self.skip('No modified recipes, skipping test')
+
+        # get the proper metadata values
+        for pn in self.modified:
+            rd = self.tinfoil.parse_recipe(pn)
+            pathname = rd.getVar('FILE')
+            # we are not interested in images
+            if '/images/' in pathname:
+                continue
+            PatchTestDataStore['%s-%s-%s' % (self.shortid(),self.metadata,pn)] = rd.getVar(self.metadata)
+        # compare if there were changes between pre-merge and merge
+        for pn in self.modified:
+            pretest = PatchTestDataStore['pre%s-%s-%s' % (self.shortid(),self.metadata, pn)]
+            test    = PatchTestDataStore['%s-%s-%s' % (self.shortid(),self.metadata, pn)]
+
+            # TODO: this is workaround to avoid false-positives when pretest metadata is empty (not reason found yet)
+            # For more info, check bug 12284
+            if not pretest:
+                return
+
+            if pretest != test:
+                # if any patch on the series contain reference on the metadata, fail
+                for commit in self.commits:
+                    if self.lictag_re.search(commit.commit_message):
+                       break
+                else:
+                    self.fail('LIC_FILES_CHKSUM changed on target %s but there is no "%s" tag in commit message' % (pn, self.lictag),
+                              'Include "%s: <description>" into the commit message with a brief description' % self.lictag,
+                              data=[('Current checksum', pretest), ('New checksum', test)])
diff --git a/poky/meta/lib/patchtest/tests/test_metadata_license.py b/poky/meta/lib/patchtest/tests/test_metadata_license.py
new file mode 100644
index 0000000..16604db
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_metadata_license.py
@@ -0,0 +1,55 @@
+# Checks related to the patch's LIC_FILES_CHKSUM  metadata variable
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import base
+import os
+from data import PatchTestInput
+
+class License(base.Metadata):
+    metadata = 'LICENSE'
+    invalid_license = 'PATCHTESTINVALID'
+
+    def setUp(self):
+        # these tests just make sense on patches that can be merged
+        if not PatchTestInput.repo.canbemerged:
+            self.skip('Patch cannot be merged')
+
+    def test_license_presence(self):
+        if not self.added:
+            self.skip('No added recipes, skipping test')
+
+        # TODO: this is a workaround so we can parse the recipe not
+        # containing the LICENSE var: add some default license instead
+        # of INVALID into auto.conf, then remove this line at the end
+        auto_conf = os.path.join(os.environ.get('BUILDDIR'), 'conf', 'auto.conf')
+        open_flag = 'w'
+        if os.path.exists(auto_conf):
+            open_flag = 'a'
+        with open(auto_conf, open_flag) as fd:
+            for pn in self.added:
+                fd.write('LICENSE ??= "%s"\n' % self.invalid_license)
+
+        no_license = False
+        for pn in self.added:
+            rd = self.tinfoil.parse_recipe(pn)
+            license = rd.getVar(self.metadata)
+            if license == self.invalid_license:
+                no_license = True
+                break
+
+        # remove auto.conf line or the file itself
+        if open_flag == 'w':
+            os.remove(auto_conf)
+        else:
+            fd = open(auto_conf, 'r')
+            lines = fd.readlines()
+            fd.close()
+            with open(auto_conf, 'w') as fd:
+                fd.write(''.join(lines[:-1]))
+
+        if no_license:
+            self.fail('Recipe does not have the LICENSE field set', 'Include a LICENSE into the new recipe')
+
diff --git a/poky/meta/lib/patchtest/tests/test_metadata_max_length.py b/poky/meta/lib/patchtest/tests/test_metadata_max_length.py
new file mode 100644
index 0000000..04a5e23
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_metadata_max_length.py
@@ -0,0 +1,26 @@
+# Checks related to patch line lengths
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import base
+import re
+
+class MaxLength(base.Base):
+    add_mark = re.compile('\+ ')
+    max_length = 200
+
+    def test_max_line_length(self):
+        for patch in self.patchset:
+            # for the moment, we are just interested in metadata
+            if patch.path.endswith('.patch'):
+                continue
+            payload = str(patch)
+            for line in payload.splitlines():
+                if self.add_mark.match(line):
+                    current_line_length = len(line[1:])
+                    if current_line_length > self.max_length:
+                        self.fail('Patch line too long (current length %s)' % current_line_length,
+                                  'Shorten the corresponding patch line (max length supported %s)' % self.max_length,
+                                  data=[('Patch', patch.path), ('Line', '%s ...' % line[0:80])])
diff --git a/poky/meta/lib/patchtest/tests/test_metadata_src_uri.py b/poky/meta/lib/patchtest/tests/test_metadata_src_uri.py
new file mode 100644
index 0000000..718229d
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_metadata_src_uri.py
@@ -0,0 +1,75 @@
+# Checks related to the patch's SRC_URI metadata variable
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import subprocess
+import base
+import re
+import os
+from data import PatchTestInput, PatchTestDataStore
+
+class SrcUri(base.Metadata):
+
+    metadata  = 'SRC_URI'
+    md5sum    = 'md5sum'
+    sha256sum = 'sha256sum'
+    git_regex = re.compile('^git\:\/\/.*')
+
+    def setUp(self):
+        # these tests just make sense on patches that can be merged
+        if not PatchTestInput.repo.canbemerged:
+            self.skip('Patch cannot be merged')
+
+    def pretest_src_uri_left_files(self):
+        if not self.modified:
+            self.skip('No modified recipes, skipping pretest')
+
+        # get the proper metadata values
+        for pn in self.modified:
+            # we are not interested in images
+            if 'core-image' in pn:
+                continue
+            rd = self.tinfoil.parse_recipe(pn)
+            PatchTestDataStore['%s-%s-%s' % (self.shortid(), self.metadata, pn)] = rd.getVar(self.metadata)
+
+    def test_src_uri_left_files(self):
+        if not self.modified:
+            self.skip('No modified recipes, skipping pretest')
+
+        # get the proper metadata values
+        for pn in self.modified:
+            # we are not interested in images
+            if 'core-image' in pn:
+                continue
+            rd = self.tinfoil.parse_recipe(pn)
+            PatchTestDataStore['%s-%s-%s' % (self.shortid(), self.metadata, pn)] = rd.getVar(self.metadata)
+
+        for pn in self.modified:
+            pretest_src_uri = PatchTestDataStore['pre%s-%s-%s' % (self.shortid(), self.metadata, pn)].split()
+            test_src_uri    = PatchTestDataStore['%s-%s-%s' % (self.shortid(), self.metadata, pn)].split()
+
+            pretest_files = set([os.path.basename(patch) for patch in pretest_src_uri if patch.startswith('file://')])
+            test_files    = set([os.path.basename(patch) for patch in test_src_uri    if patch.startswith('file://')])
+
+            # check if files were removed
+            if len(test_files) < len(pretest_files):
+
+                # get removals from patchset
+                filesremoved_from_patchset = set()
+                for patch in self.patchset:
+                    if patch.is_removed_file:
+                        filesremoved_from_patchset.add(os.path.basename(patch.path))
+
+                # get the deleted files from the SRC_URI
+                filesremoved_from_usr_uri = pretest_files - test_files
+
+                # finally, get those patches removed at SRC_URI and not removed from the patchset
+                # TODO: we are not taking into account  renames, so test may raise false positives
+                not_removed = filesremoved_from_usr_uri - filesremoved_from_patchset
+                if not_removed:
+                    self.fail('Patches not removed from tree',
+                              'Amend the patch containing the software patch file removal',
+                              data=[('Patch', f) for f in not_removed])
+
diff --git a/poky/meta/lib/patchtest/tests/test_metadata_summary.py b/poky/meta/lib/patchtest/tests/test_metadata_summary.py
new file mode 100644
index 0000000..931b267
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_metadata_summary.py
@@ -0,0 +1,32 @@
+# Checks related to the patch's summary metadata variable
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import base
+from data import PatchTestInput
+
+class Summary(base.Metadata):
+    metadata = 'SUMMARY'
+
+    def setUp(self):
+        # these tests just make sense on patches that can be merged
+        if not PatchTestInput.repo.canbemerged:
+            self.skip('Patch cannot be merged')
+
+    def test_summary_presence(self):
+        if not self.added:
+            self.skip('No added recipes, skipping test')
+
+        for pn in self.added:
+            # we are not interested in images
+            if 'core-image' in pn:
+                continue
+            rd = self.tinfoil.parse_recipe(pn)
+            summary = rd.getVar(self.metadata)
+
+            # "${PN} version ${PN}-${PR}" is the default, so fail if default
+            if summary.startswith('%s version' % pn):
+                self.fail('%s is missing in newly added recipe' % self.metadata,
+                          'Specify the variable %s in %s' % (self.metadata, pn))
diff --git a/poky/meta/lib/patchtest/tests/test_patch_cve.py b/poky/meta/lib/patchtest/tests/test_patch_cve.py
new file mode 100644
index 0000000..46ed9ef
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_patch_cve.py
@@ -0,0 +1,51 @@
+# Checks related to the patch's CVE lines
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+import base
+import os
+import re
+
+class CVE(base.Base):
+
+    re_cve_pattern = re.compile("CVE\-\d{4}\-\d+", re.IGNORECASE)
+    re_cve_payload_tag     = re.compile("\+CVE:(\s+CVE\-\d{4}\-\d+)+")
+
+    def setUp(self):
+        if self.unidiff_parse_error:
+            self.skip('Parse error %s' % self.unidiff_parse_error)
+
+        # we are just interested in series that introduce CVE patches, thus discard other
+        # possibilities: modification to current CVEs, patch directly introduced into the
+        # recipe, upgrades already including the CVE, etc.
+        new_cves = [p for p in self.patchset if p.path.endswith('.patch') and p.is_added_file]
+        if not new_cves:
+            self.skip('No new CVE patches introduced')
+
+    def test_cve_tag_format(self):
+        for commit in CVE.commits:
+            if self.re_cve_pattern.search(commit.shortlog) or self.re_cve_pattern.search(commit.commit_message):
+                tag_found = False
+                for line in commit.payload.splitlines():
+                    if self.re_cve_payload_tag.match(line):
+                        tag_found = True
+                        break
+                if not tag_found:
+                    self.fail('Missing or incorrectly formatted CVE tag in included patch file',
+                              'Correct or include the CVE tag on cve patch with format: "CVE: CVE-YYYY-XXXX"',
+                              commit)
diff --git a/poky/meta/lib/patchtest/tests/test_patch_signed_off_by.py b/poky/meta/lib/patchtest/tests/test_patch_signed_off_by.py
new file mode 100644
index 0000000..4855d6d
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_patch_signed_off_by.py
@@ -0,0 +1,43 @@
+# Checks related to the patch's signed-off-by lines
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import base
+import parse_signed_off_by
+import re
+
+class PatchSignedOffBy(base.Base):
+
+    @classmethod
+    def setUpClassLocal(cls):
+        cls.newpatches = []
+        # get just those relevant patches: new software patches
+        for patch in cls.patchset:
+            if patch.path.endswith('.patch') and patch.is_added_file:
+                cls.newpatches.append(patch)
+
+        cls.mark = str(parse_signed_off_by.signed_off_by_mark).strip('"')
+
+        # match PatchSignedOffBy.mark with '+' preceding it
+        cls.prog = parse_signed_off_by.patch_signed_off_by
+
+    def setUp(self):
+        if self.unidiff_parse_error:
+            self.skip('Parse error %s' % self.unidiff_parse_error)
+
+    def test_signed_off_by_presence(self):
+        if not PatchSignedOffBy.newpatches:
+            self.skip("There are no new software patches, no reason to test %s presence" % PatchSignedOffBy.mark)
+
+        for newpatch in PatchSignedOffBy.newpatches:
+            payload = newpatch.__str__()
+            for line in payload.splitlines():
+                if self.patchmetadata_regex.match(line):
+                    continue
+                if PatchSignedOffBy.prog.search_string(payload):
+                    break
+            else:
+                self.fail('A patch file has been added, but does not have a Signed-off-by tag',
+                          'Sign off the added patch file (%s)' % newpatch.path)
diff --git a/poky/meta/lib/patchtest/tests/test_patch_upstream_status.py b/poky/meta/lib/patchtest/tests/test_patch_upstream_status.py
new file mode 100644
index 0000000..eda5353
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_patch_upstream_status.py
@@ -0,0 +1,64 @@
+# Checks related to the patch's upstream-status lines
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import base
+import parse_upstream_status
+import pyparsing
+import os
+
+class PatchUpstreamStatus(base.Base):
+
+    upstream_status_regex = pyparsing.AtLineStart("+" + "Upstream-Status")
+
+    @classmethod
+    def setUpClassLocal(cls):
+        cls.newpatches = []
+        # get just those relevant patches: new software patches
+        for patch in cls.patchset:
+            if patch.path.endswith('.patch') and patch.is_added_file:
+                cls.newpatches.append(patch)
+
+    def setUp(self):
+        if self.unidiff_parse_error:
+            self.skip('Python-unidiff parse error')
+        self.valid_status    = ', '.join(parse_upstream_status.upstream_status_nonliteral_valid_status)
+        self.standard_format = 'Upstream-Status: <Valid status>'
+
+    def test_upstream_status_presence_format(self):
+        if not PatchUpstreamStatus.newpatches:
+            self.skip("There are no new software patches, no reason to test Upstream-Status presence/format")
+
+        for newpatch in PatchUpstreamStatus.newpatches:
+            payload = newpatch.__str__()
+            if not self.upstream_status_regex.search_string(payload):
+                self.fail('Added patch file is missing Upstream-Status in the header',
+                          'Add Upstream-Status: <Valid status> to the header of %s' % newpatch.path,
+                          data=[('Standard format', self.standard_format), ('Valid status', self.valid_status)])
+            for line in payload.splitlines():
+                if self.patchmetadata_regex.match(line):
+                    continue
+                if self.upstream_status_regex.search_string(line):
+                        if parse_upstream_status.inappropriate_status_mark.searchString(line):
+                            try:
+                                parse_upstream_status.upstream_status_inappropriate_info.parseString(line.lstrip('+'))
+                            except pyparsing.ParseException as pe:
+                                self.fail('Upstream-Status is Inappropriate, but no reason was provided',
+                                          'Include a brief reason why %s is inappropriate' % os.path.basename(newpatch.path),
+                                          data=[('Current', pe.pstr), ('Standard format', 'Upstream-Status: Inappropriate [reason]')])
+                        elif parse_upstream_status.submitted_status_mark.searchString(line):
+                            try:
+                                parse_upstream_status.upstream_status_submitted_info.parseString(line.lstrip('+'))
+                            except pyparsing.ParseException as pe:
+                                self.fail('Upstream-Status is Submitted, but it is not mentioned where',
+                                          'Include where %s was submitted' % os.path.basename(newpatch.path),
+                                          data=[('Current', pe.pstr), ('Standard format', 'Upstream-Status: Submitted [where]')])
+                        else:
+                            try:
+                                parse_upstream_status.upstream_status.parseString(line.lstrip('+'))
+                            except pyparsing.ParseException as pe:
+                                self.fail('Upstream-Status is in incorrect format',
+                                          'Fix Upstream-Status format in %s' % os.path.basename(newpatch.path),
+                                          data=[('Current', pe.pstr), ('Standard format', self.standard_format), ('Valid status', self.valid_status)])
diff --git a/poky/meta/lib/patchtest/tests/test_python_pylint.py b/poky/meta/lib/patchtest/tests/test_python_pylint.py
new file mode 100644
index 0000000..ea8efb7
--- /dev/null
+++ b/poky/meta/lib/patchtest/tests/test_python_pylint.py
@@ -0,0 +1,61 @@
+# Checks related to the python code done with pylint
+#
+# Copyright (C) 2016 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0
+
+import base
+from data import PatchTestInput
+import pylint.epylint as lint
+
+class PyLint(base.Base):
+    pythonpatches  = []
+    pylint_pretest = {}
+    pylint_test    = {}
+    pylint_options = " -E --disable='E0611, E1101, F0401, E0602' --msg-template='L:{line} F:{module} I:{msg}'"
+
+    @classmethod
+    def setUpClassLocal(cls):
+        # get just those patches touching python files
+        cls.pythonpatches = []
+        for patch in cls.patchset:
+            if patch.path.endswith('.py'):
+                if not patch.is_removed_file:
+                    cls.pythonpatches.append(patch)
+
+    def setUp(self):
+        if self.unidiff_parse_error:
+            self.skip('Python-unidiff parse error')
+        if not PatchTestInput.repo.canbemerged:
+            self.skip('Patch cannot be merged, no reason to execute the test method')
+        if not PyLint.pythonpatches:
+            self.skip('No python related patches, skipping test')
+
+    def pretest_pylint(self):
+        for pythonpatch in self.pythonpatches:
+            if pythonpatch.is_modified_file:
+                (pylint_stdout, pylint_stderr) = lint.py_run(command_options = pythonpatch.path + self.pylint_options, return_std=True)
+                for line in pylint_stdout.readlines():
+                    if not '*' in line:
+                        if line.strip():
+                            self.pylint_pretest[line.strip().split(' ',1)[0]] = line.strip().split(' ',1)[1]
+
+    def test_pylint(self):
+        for pythonpatch in self.pythonpatches:
+            # a condition checking whether a file is renamed or not
+            # unidiff doesn't support this yet
+            if pythonpatch.target_file is not pythonpatch.path:
+                path = pythonpatch.target_file[2:]
+            else:
+                path = pythonpatch.path
+            (pylint_stdout, pylint_stderr) = lint.py_run(command_options = path + self.pylint_options, return_std=True)
+            for line in pylint_stdout.readlines():
+                    if not '*' in line:
+                        if line.strip():
+                            self.pylint_test[line.strip().split(' ',1)[0]] = line.strip().split(' ',1)[1]
+
+        for issue in self.pylint_test:
+             if self.pylint_test[issue] not in self.pylint_pretest.values():
+                 self.fail('Errors in your Python code were encountered',
+                           'Correct the lines introduced by your patch',
+                           data=[('Output', 'Please, fix the listed issues:'), ('', issue + ' ' + self.pylint_test[issue])])
diff --git a/poky/meta/recipes-bsp/alsa-state/alsa-state.bb b/poky/meta/recipes-bsp/alsa-state/alsa-state.bb
index 27b2ecc..bd7f610 100644
--- a/poky/meta/recipes-bsp/alsa-state/alsa-state.bb
+++ b/poky/meta/recipes-bsp/alsa-state/alsa-state.bb
@@ -14,7 +14,6 @@
     file://alsa-state-init;beginline=3;endline=4;md5=3ff7ecbf534d7d503941abe8e268ef50 \
 "
 PV = "0.2.0"
-PR = "r5"
 
 SRC_URI = "\
   file://asound.conf \
diff --git a/poky/meta/recipes-bsp/formfactor/formfactor_0.0.bb b/poky/meta/recipes-bsp/formfactor/formfactor_0.0.bb
index ea1fa4c..1eaf307 100644
--- a/poky/meta/recipes-bsp/formfactor/formfactor_0.0.bb
+++ b/poky/meta/recipes-bsp/formfactor/formfactor_0.0.bb
@@ -5,7 +5,6 @@
 SECTION = "base"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
-PR = "r45"
 
 SRC_URI = "file://config file://machconfig"
 S = "${WORKDIR}"
diff --git a/poky/meta/recipes-bsp/keymaps/keymaps_1.0.bb b/poky/meta/recipes-bsp/keymaps/keymaps_1.0.bb
index 84d09cb..3d5d127 100644
--- a/poky/meta/recipes-bsp/keymaps/keymaps_1.0.bb
+++ b/poky/meta/recipes-bsp/keymaps/keymaps_1.0.bb
@@ -7,7 +7,6 @@
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://keymap.sh;beginline=5;endline=5;md5=829e563511c9a1d6d41f17a7a4989d6a"
 PACKAGE_ARCH = "${MACHINE_ARCH}"
-PR = "r31"
 
 INHIBIT_DEFAULT_DEPS = "1"
 
diff --git a/poky/meta/recipes-bsp/libacpi/libacpi_0.2.bb b/poky/meta/recipes-bsp/libacpi/libacpi_0.2.bb
index 6d4be76..6aae34b 100644
--- a/poky/meta/recipes-bsp/libacpi/libacpi_0.2.bb
+++ b/poky/meta/recipes-bsp/libacpi/libacpi_0.2.bb
@@ -5,7 +5,6 @@
 HOMEPAGE = "http://www.ngolde.de/libacpi.html"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=fec17f82f16630adf2dfb7d2a46f21c5"
-PR = "r6"
 
 SRC_URI = "http://www.ngolde.de/download/libacpi-${PV}.tar.gz \
 	   file://makefile-fix.patch \
diff --git a/poky/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb b/poky/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
index a34fb4e..63edcbd 100644
--- a/poky/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
+++ b/poky/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
@@ -10,7 +10,6 @@
 			file://src/lrz.c;beginline=1;endline=10;md5=5276956373ff7d8758837f6399a1045f"
 SECTION = "console/network"
 DEPENDS = ""
-PR = "r6"
 
 SRC_URI = "http://www.ohse.de/uwe/releases/lrzsz-${PV}.tar.gz \
            file://autotools-update.patch \
diff --git a/poky/meta/recipes-bsp/pm-utils/pm-utils_1.4.1.bb b/poky/meta/recipes-bsp/pm-utils/pm-utils_1.4.1.bb
index 2c3ade9..c7b95e5 100644
--- a/poky/meta/recipes-bsp/pm-utils/pm-utils_1.4.1.bb
+++ b/poky/meta/recipes-bsp/pm-utils/pm-utils_1.4.1.bb
@@ -6,7 +6,6 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
                     file://src/pm-pmu.c;beginline=1;endline=22;md5=3c1ddbc54e735fb4a0386e14c78a3147"
 
-PR = "r1"
 
 SRC_URI = "http://pm-utils.freedesktop.org/releases/pm-utils-${PV}.tar.gz"
 
diff --git a/poky/meta/recipes-bsp/setserial/setserial_2.17.bb b/poky/meta/recipes-bsp/setserial/setserial_2.17.bb
index 8e4bb62..98ab451 100644
--- a/poky/meta/recipes-bsp/setserial/setserial_2.17.bb
+++ b/poky/meta/recipes-bsp/setserial/setserial_2.17.bb
@@ -5,7 +5,6 @@
 
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://version.h;beginline=1;endline=6;md5=2e7c59cb9e57e356ae81f50f4e4dfd99"
-PR = "r3"
 
 DEPENDS += "groff-native"
 
diff --git a/poky/meta/recipes-bsp/usbinit/usbinit.bb b/poky/meta/recipes-bsp/usbinit/usbinit.bb
index ffaca4b..3a50b83 100644
--- a/poky/meta/recipes-bsp/usbinit/usbinit.bb
+++ b/poky/meta/recipes-bsp/usbinit/usbinit.bb
@@ -7,7 +7,6 @@
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://${WORKDIR}/COPYING.GPL;md5=751419260aa954499f7abaabaa882bbe"
 
-PR = "r3"
 
 SRC_URI = "file://usb-gether \
            file://COPYING.GPL"
diff --git a/poky/meta/recipes-bsp/v86d/v86d_0.1.10.bb b/poky/meta/recipes-bsp/v86d/v86d_0.1.10.bb
index b4fe362..6151f0a 100644
--- a/poky/meta/recipes-bsp/v86d/v86d_0.1.10.bb
+++ b/poky/meta/recipes-bsp/v86d/v86d_0.1.10.bb
@@ -7,7 +7,6 @@
 LIC_FILES_CHKSUM = "file://README;md5=94ac1971e4f2309dc322d598e7b1f7dd"
 
 RRECOMMENDS:${PN} = "kernel-module-uvesafb"
-PR = "r2"
 
 SRC_URI = "http://snapshot.debian.org/archive/debian/20110427T035506Z/pool/main/v/${BPN}/${BPN}_${PV}.orig.tar.gz \
            file://Update-x86emu-from-X.org.patch \
diff --git a/poky/meta/recipes-connectivity/bind/bind_9.18.18.bb b/poky/meta/recipes-connectivity/bind/bind_9.18.19.bb
similarity index 97%
rename from poky/meta/recipes-connectivity/bind/bind_9.18.18.bb
rename to poky/meta/recipes-connectivity/bind/bind_9.18.19.bb
index e74e685..8124c5c 100644
--- a/poky/meta/recipes-connectivity/bind/bind_9.18.18.bb
+++ b/poky/meta/recipes-connectivity/bind/bind_9.18.19.bb
@@ -20,7 +20,7 @@
            file://0001-avoid-start-failure-with-bind-user.patch \
            "
 
-SRC_URI[sha256sum] = "d735cdc127a6c5709bde475b5bf16fa2133f36fdba202f7c3c37d134e5192160"
+SRC_URI[sha256sum] = "115e09c05439bebade1d272eda08fa88eb3b60129edef690588c87a4d27612cc"
 
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
 # follow the ESV versions divisible by 2
diff --git a/poky/meta/recipes-connectivity/connman/connman-conf.bb b/poky/meta/recipes-connectivity/connman/connman-conf.bb
index 7959ed8..a1a0e08 100644
--- a/poky/meta/recipes-connectivity/connman/connman-conf.bb
+++ b/poky/meta/recipes-connectivity/connman/connman-conf.bb
@@ -4,7 +4,6 @@
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
 
-PR = "r2"
 
 SRC_URI = "file://main.conf \
           "
diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2/0001-bridge-mdb.c-include-limits.h.patch b/poky/meta/recipes-connectivity/iproute2/iproute2/0001-bridge-mdb.c-include-limits.h.patch
deleted file mode 100644
index f9a0e35..0000000
--- a/poky/meta/recipes-connectivity/iproute2/iproute2/0001-bridge-mdb.c-include-limits.h.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From b13f04c0c685b6d2474aa7d97e191531f327bc45 Mon Sep 17 00:00:00 2001
-From: Trevor Gamblin <tgamblin@baylibre.com>
-Date: Thu, 20 Jul 2023 14:32:23 -0400
-Subject: [PATCH] bridge/mdb.c: include limits.h
-
-Upstream-Status: Submitted
-(https://lore.kernel.org/netdev/20230720203726.2316251-1-tgamblin@baylibre.com/)
-
-While building iproute2 6.4.0 with musl using Yocto Project, errors such
-as the following were encountered:
-
-| mdb.c: In function 'mdb_parse_vni':
-| mdb.c:666:47: error: 'ULONG_MAX' undeclared (first use in this function)
-|   666 |         if ((endptr && *endptr) || vni_num == ULONG_MAX)
-|       |                                               ^~~~~~~~~
-| mdb.c:666:47: note: 'ULONG_MAX' is defined in header '<limits.h>'; did you forget to '#include <limits.h>'?
-
-Include limits.h in bridge/mdb.c to fix this issue. This change is based
-on one in Alpine Linux, but the author there had no plans to submit:
-https://git.alpinelinux.org/aports/commit/main/iproute2/include.patch?id=bd46efb8a8da54948639cebcfa5b37bd608f1069
-
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
----
- bridge/mdb.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/bridge/mdb.c b/bridge/mdb.c
-index fbb4f704..18793458 100644
---- a/bridge/mdb.c
-+++ b/bridge/mdb.c
-@@ -15,6 +15,7 @@
- #include <string.h>
- #include <arpa/inet.h>
- #include <netdb.h>
-+#include <limits.h>
- 
- #include "libnetlink.h"
- #include "utils.h"
--- 
-2.41.0
-
diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2_6.4.0.bb b/poky/meta/recipes-connectivity/iproute2/iproute2_6.5.0.bb
similarity index 93%
rename from poky/meta/recipes-connectivity/iproute2/iproute2_6.4.0.bb
rename to poky/meta/recipes-connectivity/iproute2/iproute2_6.5.0.bb
index 32e2f81..2b28b10 100644
--- a/poky/meta/recipes-connectivity/iproute2/iproute2_6.4.0.bb
+++ b/poky/meta/recipes-connectivity/iproute2/iproute2_6.5.0.bb
@@ -13,10 +13,9 @@
 
 SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
            file://0001-libc-compat.h-add-musl-workaround.patch \
-           file://0001-bridge-mdb.c-include-limits.h.patch \
            "
 
-SRC_URI[sha256sum] = "4c51b8decbc7e4da159ffb066f590cfb93dbf9af7ff86b1647ce42b7c179a272"
+SRC_URI[sha256sum] = "a70179085fa1b96d3c33b040c809b75e2b57563adc505a4ad05e2609df373463"
 
 inherit update-alternatives bash-completion pkgconfig
 
@@ -37,6 +36,7 @@
     DOCDIR=${docdir}/iproute2 \
     SUBDIRS='${IPROUTE2_MAKE_SUBDIRS}' \
     SBINDIR='${base_sbindir}' \
+    CONF_USR_DIR='${libdir}/iproute2' \
     LIBDIR='${libdir}' \
     CCOPTS='${CFLAGS}' \
 "
@@ -82,7 +82,7 @@
                       ${base_sbindir}/ctstat \
                       ${base_sbindir}/rtstat"
 FILES:${PN}-ifstat = "${base_sbindir}/ifstat"
-FILES:${PN}-ip = "${base_sbindir}/ip.${PN} ${sysconfdir}/iproute2"
+FILES:${PN}-ip = "${base_sbindir}/ip.* ${libdir}/iproute2"
 FILES:${PN}-genl = "${base_sbindir}/genl"
 FILES:${PN}-rtacct = "${base_sbindir}/rtacct"
 FILES:${PN}-nstat = "${base_sbindir}/nstat"
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
index c01415d..ebfe64b 100644
--- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
@@ -12,6 +12,7 @@
 EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
 ExecStart=@SBINDIR@/rpc.mountd -F $MOUNTD_OPTS
 LimitNOFILE=@HIGH_RLIMIT_NOFILE@
+StateDirectory=nfs
 
 [Install]
 WantedBy=multi-user.target
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
index 5c845b7..15ceee0 100644
--- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
@@ -18,6 +18,7 @@
 ExecStopPost=@SBINDIR@/exportfs -f
 ExecReload=@SBINDIR@/exportfs -r
 RemainAfterExit=yes
+StateDirectory=nfs
 
 [Install]
 WantedBy=multi-user.target
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
index 4fa64e1..b519194 100644
--- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
@@ -4,11 +4,13 @@
 Conflicts=umount.target
 Requires=nss-lookup.target rpcbind.service
 After=network.target nss-lookup.target rpcbind.service
+ConditionPathExists=@SYSCONFDIR@/exports
 
 [Service]
 EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
 ExecStart=@SBINDIR@/rpc.statd -F $STATD_OPTS
 LimitNOFILE=@HIGH_RLIMIT_NOFILE@
+StateDirectory=nfs
 
 [Install]
 WantedBy=multi-user.target
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch b/poky/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
deleted file mode 100644
index baa68dc..0000000
--- a/poky/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 554f7baed050f89ffc2a7192d3071e8c5420f6d3 Mon Sep 17 00:00:00 2001
-From: Mikko Rapeli <mikko.rapeli@linaro.org>
-Date: Fri, 25 Aug 2023 10:35:28 +0000
-Subject: [PATCH] openssh regress/Makefile: print logs if test fails
-
-Some tests are failing in CI runs and reproduction has failed. Print
-the captured sshd and ssh client logs if test fails. This should
-help to fix the root causes.
-
-Reference: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178
-
-Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
----
- regress/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/437]
-
-diff --git a/regress/Makefile b/regress/Makefile
-index d80bf59..a972dff 100644
---- a/regress/Makefile
-+++ b/regress/Makefile
-@@ -229,7 +229,7 @@ t-exec:	${LTESTS:=.sh}
- 		done; \
- 		if [ "x$${skip}" = "xno" ]; then \
- 			echo "run test $${TEST}" ... 1>&2; \
--			(env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
-+			(env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || (echo return value: $$?; echo capturing logs; cat *.log; exit 1); \
- 		else \
- 			echo skip test $${TEST} 1>&2; \
- 		fi; \
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch b/poky/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch
new file mode 100644
index 0000000..2c14014
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch
@@ -0,0 +1,61 @@
+From f5a4dacc987ca548fc86577c2dba121c86da3c34 Mon Sep 17 00:00:00 2001
+From: Mikko Rapeli <mikko.rapeli@linaro.org>
+Date: Mon, 11 Sep 2023 09:55:21 +0100
+Subject: [PATCH] regress/banner.sh: log input and output files on error
+
+Some test environments like yocto with qemu are seeing these
+tests failing. There may be additional error messages in the
+stderr of ssh cloent command. busybox cmp shows this error when
+first input file has less new line characters then second
+input file:
+
+cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in
+
+Logging the full banner.out will show what other error messages
+are captured in addition of the expected banner.
+
+Full log of a failing banner test runs is:
+
+run test banner.sh ...
+test banner: missing banner file
+test banner: size 0
+cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in
+banner size 0 mismatch
+test banner: size 10
+test banner: size 100
+cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in
+banner size 100 mismatch
+test banner: size 1000
+test banner: size 10000
+test banner: size 100000
+test banner: suppress banner (-q)
+FAIL:  banner
+return value: 1
+
+See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178
+
+Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
+---
+ regress/banner.sh | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+Upstream-Status: Denied [https://github.com/openssh/openssh-portable/pull/437]
+
+diff --git a/regress/banner.sh b/regress/banner.sh
+index a84feb5a..de84957a 100644
+--- a/regress/banner.sh
++++ b/regress/banner.sh
+@@ -32,7 +32,9 @@ for s in 0 10 100 1000 10000 100000 ; do
+ 	verbose "test $tid: size $s"
+ 	( ${SSH} -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \
+ 		cmp $OBJ/banner.in $OBJ/banner.out ) || \
+-		fail "banner size $s mismatch"
++		( verbose "Contents of $OBJ/banner.in:"; cat $OBJ/banner.in; \
++		  verbose "Contents of $OBJ/banner.out:"; cat $OBJ/banner.out; \
++		  fail "banner size $s mismatch" )
+ done
+ 
+ trace "test suppress banner (-q)"
+-- 
+2.34.1
+
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/run-ptest b/poky/meta/recipes-connectivity/openssh/openssh/run-ptest
index 8a9b770..1e6eec5 100755
--- a/poky/meta/recipes-connectivity/openssh/openssh/run-ptest
+++ b/poky/meta/recipes-connectivity/openssh/openssh/run-ptest
@@ -4,6 +4,20 @@
 export SKIP_UNIT=1
 
 cd regress
+
+# copied from openssh-portable/.github/run_test.sh
+output_failed_logs() {
+    for i in failed*.log; do
+        if [ -f "$i" ]; then
+            echo -------------------------------------------------------------------------
+            echo LOGFILE $i
+            cat $i
+            echo -------------------------------------------------------------------------
+        fi
+    done
+}
+trap output_failed_logs 0
+
 sed -i "/\t\tagent-ptrace /d" Makefile
 make -k BUILDDIR=`pwd`/.. .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \
         | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g'
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_9.4p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
index 2c85780..a38d9c2 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
+++ b/poky/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
@@ -24,7 +24,7 @@
            file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
            file://sshd_check_keys \
            file://add-test-support-for-busybox.patch \
-           file://0001-openssh-regress-Makefile-print-logs-if-test-fails.patch \
+           file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \
            "
 SRC_URI[sha256sum] = "3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85"
 
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/run-ptest b/poky/meta/recipes-connectivity/openssl/openssl/run-ptest
index 8dff791..c89ec5a 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl/run-ptest
+++ b/poky/meta/recipes-connectivity/openssl/openssl/run-ptest
@@ -9,4 +9,4 @@
 # OPENSSL_ENGINES is relative from the test binaries
 export OPENSSL_ENGINES=../engines
 
-perl ./test/run_tests.pl $* | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g'
+{ HARNESS_JOBS=4 perl ./test/run_tests.pl $* || echo "FAIL: openssl" ; } | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g'
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.1.2.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.1.3.bb
similarity index 98%
rename from poky/meta/recipes-connectivity/openssl/openssl_3.1.2.bb
rename to poky/meta/recipes-connectivity/openssl/openssl_3.1.3.bb
index 3f77c21..cc9452c 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl_3.1.2.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl_3.1.3.bb
@@ -18,7 +18,7 @@
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[sha256sum] = "a0ce69b8b97ea6a35b96875235aa453b966ba3cba8af2de23657d8b6767d6539"
+SRC_URI[sha256sum] = "f0316a2ebd89e7f2352976445458689f80302093788c466692fb2a188b2eacf6"
 
 inherit lib_package multilib_header multilib_script ptest perlnative manpages
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
diff --git a/poky/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/poky/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
index 8a6c297..099c58b 100644
--- a/poky/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
+++ b/poky/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
@@ -3,7 +3,6 @@
 DESCRIPTION = "PPP dail-in provides a point to point protocol (PPP), so that other computers can dial up to it and access connected networks."
 DEPENDS = "ppp"
 RDEPENDS:${PN} = "ppp"
-PR = "r8"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 
diff --git a/poky/meta/recipes-core/base-files/base-files_3.0.14.bb b/poky/meta/recipes-core/base-files/base-files_3.0.14.bb
index 0d38657..6ba3971 100644
--- a/poky/meta/recipes-core/base-files/base-files_3.0.14.bb
+++ b/poky/meta/recipes-core/base-files/base-files_3.0.14.bb
@@ -1,7 +1,6 @@
 SUMMARY = "Miscellaneous files for the base system"
 DESCRIPTION = "The base-files package creates the basic system directory structure and provides a small set of key configuration files for the system."
 SECTION = "base"
-PR = "r90"
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://licenses/GPL-2;md5=94d55d512a9ba36caa9b7df079bae19f"
 # Removed all license related tasks in this recipe as license.bbclass 
diff --git a/poky/meta/recipes-core/busybox/busybox/defconfig b/poky/meta/recipes-core/busybox/busybox/defconfig
index 3d36447..f3d545d 100644
--- a/poky/meta/recipes-core/busybox/busybox/defconfig
+++ b/poky/meta/recipes-core/busybox/busybox/defconfig
@@ -1190,7 +1190,7 @@
 # Options common to all shells
 #
 CONFIG_FEATURE_SH_MATH=y
-# CONFIG_FEATURE_SH_MATH_64 is not set
+CONFIG_FEATURE_SH_MATH_64=y
 CONFIG_FEATURE_SH_MATH_BASE=y
 CONFIG_FEATURE_SH_EXTRA_QUIET=y
 # CONFIG_FEATURE_SH_STANDALONE is not set
diff --git a/poky/meta/recipes-core/coreutils/coreutils/stdlib-mb-cur-max.patch b/poky/meta/recipes-core/coreutils/coreutils/stdlib-mb-cur-max.patch
deleted file mode 100644
index 732fa5b..0000000
--- a/poky/meta/recipes-core/coreutils/coreutils/stdlib-mb-cur-max.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From ca6c179226864bff23f2b062518cf885bb42ce56 Mon Sep 17 00:00:00 2001
-From: Bruno Haible <bruno@clisp.org>
-Date: Thu, 27 Apr 2023 15:26:37 +0200
-Subject: [PATCH] stdlib: Fix error when cross-compiling.
-
-Reported by Pierre Labastie <pierre.labastie@neuf.fr> in
-<https://lists.gnu.org/archive/html/bug-gnulib/2023-04/msg00220.html>.
-
-* m4/stdlib_h.m4 (gl_STDLIB_H): Provide a 4th argument to AC_RUN_IFELSE.
----
- ChangeLog      | 7 +++++++
- m4/stdlib_h.m4 | 4 ++--
- 2 files changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/m4/stdlib_h.m4 b/m4/stdlib_h.m4
-index 3274ea4948..f47c1eb37b 100644
---- a/m4/stdlib_h.m4
-+++ b/m4/stdlib_h.m4
-@@ -66,7 +66,7 @@ int main ()
-   return result;
- }]])],
-           [gl_cv_macro_MB_CUR_MAX_good=yes],
--          [gl_cv_macro_MB_CUR_MAX_good=no]
-+          [gl_cv_macro_MB_CUR_MAX_good=no],
-           [:])
-       fi
-     ])
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-core/coreutils/coreutils_9.3.bb b/poky/meta/recipes-core/coreutils/coreutils_9.4.bb
similarity index 97%
rename from poky/meta/recipes-core/coreutils/coreutils_9.3.bb
rename to poky/meta/recipes-core/coreutils/coreutils_9.4.bb
index ba38169..f210df2 100644
--- a/poky/meta/recipes-core/coreutils/coreutils_9.3.bb
+++ b/poky/meta/recipes-core/coreutils/coreutils_9.4.bb
@@ -16,11 +16,9 @@
 SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
            file://remove-usr-local-lib-from-m4.patch \
            file://0001-local.mk-fix-cross-compiling-problem.patch \
-           file://stdlib-mb-cur-max.patch \
            file://run-ptest \
            "
-
-SRC_URI[sha256sum] = "adbcfcfe899235b71e8768dcf07cd532520b7f54f9a8064843f8d199a904bbaa"
+SRC_URI[sha256sum] = "ea613a4cf44612326e917201bbbcdfbd301de21ffc3b59b6e5c07e040b275e52"
 
 # http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
 # 
@@ -183,6 +181,7 @@
     sed -i 's/ginstall/install/g'  `grep -R ginstall ${D}${PTEST_PATH}/tests | awk -F: '{print $1}' | uniq`
     install -d ${D}${PTEST_PATH}/build-aux
     install ${S}/build-aux/test-driver ${D}${PTEST_PATH}/build-aux/
+    install -Dm 0644 ${B}/lib/config.h ${D}${PTEST_PATH}/lib/config.h
     cp ${B}/Makefile ${D}${PTEST_PATH}/
     cp ${S}/init.cfg ${D}${PTEST_PATH}/
     cp -r ${B}/src ${D}${PTEST_PATH}/
diff --git a/poky/meta/recipes-core/dbus-wait/dbus-wait_git.bb b/poky/meta/recipes-core/dbus-wait/dbus-wait_git.bb
index 09ba515..1cdf07d 100644
--- a/poky/meta/recipes-core/dbus-wait/dbus-wait_git.bb
+++ b/poky/meta/recipes-core/dbus-wait/dbus-wait_git.bb
@@ -9,7 +9,6 @@
 
 SRCREV = "6cc6077a36fe2648a5f993fe7c16c9632f946517"
 PV = "0.1+git"
-PR = "r2"
 
 SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master;protocol=https"
 UPSTREAM_CHECK_COMMITS = "1"
diff --git a/poky/meta/recipes-core/dbus/dbus_1.14.8.bb b/poky/meta/recipes-core/dbus/dbus_1.14.10.bb
similarity index 98%
rename from poky/meta/recipes-core/dbus/dbus_1.14.8.bb
rename to poky/meta/recipes-core/dbus/dbus_1.14.10.bb
index 2dcbadd..2a256be 100644
--- a/poky/meta/recipes-core/dbus/dbus_1.14.8.bb
+++ b/poky/meta/recipes-core/dbus/dbus_1.14.10.bb
@@ -16,7 +16,7 @@
            file://dbus-1.init \
            "
 
-SRC_URI[sha256sum] = "a6bd5bac5cf19f0c3c594bdae2565a095696980a683a0ef37cb6212e093bde35"
+SRC_URI[sha256sum] = "ba1f21d2bd9d339da2d4aa8780c09df32fea87998b73da24f49ab9df1e36a50f"
 
 EXTRA_OECONF = "--disable-xml-docs \
                 --disable-doxygen-docs \
diff --git a/poky/meta/recipes-core/gettext/gettext_0.22.bb b/poky/meta/recipes-core/gettext/gettext_0.22.bb
index 71e8452..f5290ac 100644
--- a/poky/meta/recipes-core/gettext/gettext_0.22.bb
+++ b/poky/meta/recipes-core/gettext/gettext_0.22.bb
@@ -182,7 +182,7 @@
     fi
 }
 
-RDEPENDS:${PN}-ptest += "make xz bash"
+RDEPENDS:${PN}-ptest += "make xz bash gawk autoconf locale-base-de-de locale-base-fr-fr"
 RDEPENDS:${PN}-ptest:append:libc-glibc = "\
     glibc-gconv-big5 \
     glibc-charmap-big5 \
@@ -202,8 +202,6 @@
     glibc-charmap-euc-jp \
     glibc-gconv-gb18030 \
     glibc-charmap-gb18030 \
-    locale-base-de-de \
-    locale-base-fr-fr \
 "
 
 RRECOMMENDS:${PN}-ptest:append:libc-glibc = "\
diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-Do-not-write-bindir-into-pkg-config-files.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-Do-not-write-bindir-into-pkg-config-files.patch
index 9bdd99d..0d44ddf 100644
--- a/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-Do-not-write-bindir-into-pkg-config-files.patch
+++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-Do-not-write-bindir-into-pkg-config-files.patch
@@ -1,4 +1,4 @@
-From 4a41bf7b050168726cc4fad4c1c72fc7c18ab779 Mon Sep 17 00:00:00 2001
+From 9ec4eedeb3f67db0bff09f5d859318d05ff47964 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Fri, 15 Feb 2019 11:17:27 +0100
 Subject: [PATCH] Do not write $bindir into pkg-config files
@@ -16,46 +16,46 @@
  2 files changed, 11 insertions(+), 11 deletions(-)
 
 diff --git a/gio/meson.build b/gio/meson.build
-index 36b5bad..137e75a 100644
+index a320c0f..86ce7c4 100644
 --- a/gio/meson.build
 +++ b/gio/meson.build
-@@ -862,14 +862,14 @@ pkg.generate(libgio,
-                'schemasdir=' + join_paths('${datadir}', schemas_subdir),
-                'bindir=' + join_paths('${prefix}', get_option('bindir')),
-                'giomoduledir=' + pkgconfig_giomodulesdir,
--               'gio=' + join_paths('${bindir}', 'gio'),
--               'gio_querymodules=@0@'.format(pkgconfig_multiarch_bindir / 'gio-querymodules'),
--               'glib_compile_schemas=@0@'.format(pkgconfig_multiarch_bindir / 'glib-compile-schemas'),
--               'glib_compile_resources=' + join_paths('${bindir}', 'glib-compile-resources'),
--               'gdbus=' + join_paths('${bindir}', 'gdbus'),
--               'gdbus_codegen=' + join_paths('${bindir}', 'gdbus-codegen'),
--               'gresource=' + join_paths('${bindir}', 'gresource'),
--               'gsettings=' + join_paths('${bindir}', 'gsettings')],
-+               'gio=gio',
-+               'gio_querymodules=gio-querymodules',
-+               'glib_compile_schemas=glib-compile-schemas',
-+               'glib_compile_resources=glib-compile-resources',
-+               'gdbus=gdbus',
-+               'gdbus_codegen=gdbus-codegen',
-+               'gresource=gresource',
-+               'gsettings=gsettings'],
+@@ -884,14 +884,14 @@ pkg.generate(libgio,
+     'dtdsdir=' + '${datadir}' / dtds_subdir,
+     'bindir=' + '${prefix}' / get_option('bindir'),
+     'giomoduledir=' + pkgconfig_giomodulesdir,
+-    'gio=' + '${bindir}' / 'gio',
+-    'gio_querymodules=' + pkgconfig_multiarch_bindir / 'gio-querymodules',
+-    'glib_compile_schemas=' + pkgconfig_multiarch_bindir / 'glib-compile-schemas',
+-    'glib_compile_resources=' + '${bindir}' / 'glib-compile-resources',
+-    'gdbus=' + '${bindir}' /'gdbus',
+-    'gdbus_codegen=' + '${bindir}' / 'gdbus-codegen',
+-    'gresource=' + '${bindir}' / 'gresource',
+-    'gsettings=' + '${bindir}' / 'gsettings',
++    'gio=gio',
++    'gio_querymodules=gio-querymodules',
++    'glib_compile_schemas=glib-compile-schemas',
++    'glib_compile_resources=glib-compile-resources',
++    'gdbus=gdbus',
++    'gdbus_codegen=gdbus-codegen',
++    'gresource=gresource',
++    'gsettings=gsettings',
+   ],
    version : glib_version,
    install_dir : glib_pkgconfigreldir,
-   filebase : 'gio-2.0',
 diff --git a/glib/meson.build b/glib/meson.build
-index c365901..c3d6601 100644
+index c26a35e..1d8ca6b 100644
 --- a/glib/meson.build
 +++ b/glib/meson.build
-@@ -397,9 +397,9 @@ pkg.generate(libglib,
-   subdirs : ['glib-2.0'],
-   extra_cflags : ['-I${libdir}/glib-2.0/include'] + win32_cflags,
-   variables : ['bindir=' + join_paths('${prefix}', get_option('bindir')),
--               'glib_genmarshal=' + join_paths('${bindir}', 'glib-genmarshal'),
--               'gobject_query=' + join_paths('${bindir}', 'gobject-query'),
--               'glib_mkenums=' + join_paths('${bindir}', 'glib-mkenums')],
-+               'glib_genmarshal=glib-genmarshal',
-+               'gobject_query=gobject-query',
-+               'glib_mkenums=glib-mkenums'],
-   version : glib_version,
-   install_dir : glib_pkgconfigreldir,
-   filebase : 'glib-2.0',
+@@ -447,9 +447,9 @@ pkg.generate(libglib,
+   variables : [
+     'bindir=' + '${prefix}' / get_option('bindir'),
+     'datadir=' + '${prefix}' / get_option('datadir'),
+-    'glib_genmarshal=' + '${bindir}' / 'glib-genmarshal',
+-    'gobject_query=' + '${bindir}' / 'gobject-query',
+-    'glib_mkenums=' + '${bindir}' / 'glib-mkenums',
++    'glib_genmarshal=glib-genmarshal',
++    'gobject_query=gobject-query',
++    'glib_mkenums=glib-mkenums',
+     'glib_valgrind_suppressions=' + '${datadir}' /
+       valgrind_suppression_file_install_subdir /
+       fs.name(valgrind_suppression_file),
diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-gio-tests-portal-support-Fix-snap-test-ordering-race.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-gio-tests-portal-support-Fix-snap-test-ordering-race.patch
deleted file mode 100644
index 9e2bc13..0000000
--- a/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-gio-tests-portal-support-Fix-snap-test-ordering-race.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From f47503cc5ae10de6dee319ba6cff257eddabf33e Mon Sep 17 00:00:00 2001
-From: Richard Purdie <richard.purdie@linuxfoundation.org>
-Date: Tue, 30 May 2023 11:52:38 +0100
-Subject: [PATCH] gio/tests/portal-support: Fix snap test ordering race
-
-When the gnome test runner executes the tests, the test appear to execute in disk
-order. This means it sometimes works and sometimes we see breakage in portal-support-snap
-and portal-support-snap-classic.
-
-The issue is that some tests create config files but some don't. If they run
-in the wrong order, tests see config files they shouldn't and break.
-
-Fix this by deleting the files after each test run, properly cleaning up after
-themselves. The cleanup code is based upon gtestutils.c:rm_rf().
-
-Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/c63cf19d9a8a6ae315a7f9a3fe4ea60c8cf5dece]
-
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
----
- gio/tests/portal-support-snap-classic.c |  3 +++
- gio/tests/portal-support-snap.c         |  3 +++
- gio/tests/portal-support-utils.c        | 27 +++++++++++++++++++++++++
- gio/tests/portal-support-utils.h        |  2 ++
- 4 files changed, 35 insertions(+)
-
-diff --git a/gio/tests/portal-support-snap-classic.c b/gio/tests/portal-support-snap-classic.c
-index 8c0ed90c2..5b67865e7 100644
---- a/gio/tests/portal-support-snap-classic.c
-+++ b/gio/tests/portal-support-snap-classic.c
-@@ -66,6 +66,9 @@ tests_teardown (SetupData *setup_data,
-   else
-     g_unsetenv ("SNAP");
- 
-+  cleanup_snapfiles (setup_data->snap_path);
-+  cleanup_snapfiles (setup_data->bin_path);
-+
-   g_clear_pointer (&setup_data->old_path, g_free);
-   g_clear_pointer (&setup_data->old_snap, g_free);
- }
-diff --git a/gio/tests/portal-support-snap.c b/gio/tests/portal-support-snap.c
-index 7dd14d82f..cd904678f 100644
---- a/gio/tests/portal-support-snap.c
-+++ b/gio/tests/portal-support-snap.c
-@@ -67,6 +67,9 @@ tests_teardown (SetupData *setup_data,
-   else
-     g_unsetenv ("SNAP");
- 
-+  cleanup_snapfiles (setup_data->snap_path);
-+  cleanup_snapfiles (setup_data->bin_path);
-+
-   g_clear_pointer (&setup_data->old_path, g_free);
-   g_clear_pointer (&setup_data->old_snap, g_free);
- }
-diff --git a/gio/tests/portal-support-utils.c b/gio/tests/portal-support-utils.c
-index ae7073a3a..b7ee22630 100644
---- a/gio/tests/portal-support-utils.c
-+++ b/gio/tests/portal-support-utils.c
-@@ -26,6 +26,33 @@
- #include <glib.h>
- #include <glib/gstdio.h>
- 
-+
-+void
-+cleanup_snapfiles (const gchar *path)
-+{
-+  GDir *dir = NULL;
-+  const gchar *entry;
-+
-+  dir = g_dir_open (path, 0, NULL);
-+  if (dir == NULL)
-+    {
-+      /* Assume it’s a file. Ignore failure. */
-+      (void) g_remove (path);
-+      return;
-+    }
-+
-+  while ((entry = g_dir_read_name (dir)) != NULL)
-+    {
-+      gchar *sub_path = g_build_filename (path, entry, NULL);
-+      cleanup_snapfiles (sub_path);
-+      g_free (sub_path);
-+    }
-+
-+  g_dir_close (dir);
-+
-+  g_rmdir (path);
-+}
-+
- void
- create_fake_snapctl (const char *path,
-                      const char *supported_op)
-diff --git a/gio/tests/portal-support-utils.h b/gio/tests/portal-support-utils.h
-index 40c035b43..defbdcd4e 100644
---- a/gio/tests/portal-support-utils.h
-+++ b/gio/tests/portal-support-utils.h
-@@ -23,6 +23,8 @@
- 
- #include <glib.h>
- 
-+void cleanup_snapfiles (const gchar *path);
-+
- void create_fake_snap_yaml (const char *snap_path,
-                             gboolean is_classic);
- 
--- 
-2.39.2
-
diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-glocalfile-Sum-apparent-size-only-for-files-and-syml.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-glocalfile-Sum-apparent-size-only-for-files-and-syml.patch
deleted file mode 100644
index a881b25..0000000
--- a/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-glocalfile-Sum-apparent-size-only-for-files-and-syml.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-From d1a2117dc18dbcf87685891de7e2898108b66fc9 Mon Sep 17 00:00:00 2001
-From: Joan Bruguera <joanbrugueram@gmail.com>
-Date: Thu, 23 Mar 2023 02:24:30 +0000
-Subject: [PATCH] glocalfile: Sum apparent size only for files and symlinks
-
-Since GNU Coreutils 9.2 (commit 110bcd28386b1f47a4cd876098acb708fdcbbb25),
-`du --apparent-size` (including `du --bytes`) no longer counts all kinds of
-files (directories, FIFOs, etc.), but only those for which `st_size` in
-`struct stat` is defined by POSIX, namely regular files and symlinks
-(and also rarely supported memory objects).
-
-This aligns the behaviour of GLib's `G_FILE_MEASURE_APPARENT_SIZE` flag
-with the new GNU Coreutils `du` and correct POSIX use.
-
-Note that this may be a breaking change for some uses.
-
-Link: https://lists.gnu.org/archive/html/bug-coreutils/2023-03/msg00007.html
-Fixes: https://gitlab.gnome.org/GNOME/glib/-/issues/2965
-
-Upstream-Status: Backport
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- gio/gioenums.h   |  3 +++
- gio/glocalfile.c | 37 +++++++++++++++++++++++++++++++++++++
- 2 files changed, 40 insertions(+)
-
-diff --git a/gio/gioenums.h b/gio/gioenums.h
-index 7fd74a43e..c820cd36d 100644
---- a/gio/gioenums.h
-+++ b/gio/gioenums.h
-@@ -224,6 +224,9 @@ typedef enum {
-  *   sizes.  Normally, the block-size is used, if available, as this is a
-  *   more accurate representation of disk space used.
-  *   Compare with `du --apparent-size`.
-+ *   Since GLib 2.78. and similarly to `du` since GNU Coreutils 9.2, this will
-+ *   ignore the sizes of file types other than regular files and links, as the
-+ *   sizes of other file types are not specified in a standard way.
-  * @G_FILE_MEASURE_NO_XDEV: Do not cross mount point boundaries.
-  *   Compare with `du -x`.
-  *
-diff --git a/gio/glocalfile.c b/gio/glocalfile.c
-index 67d4b99fb..dbb56902d 100644
---- a/gio/glocalfile.c
-+++ b/gio/glocalfile.c
-@@ -86,6 +86,9 @@
- #define FILE_READ_ONLY_VOLUME           0x00080000
- #endif
- 
-+#ifndef S_ISREG
-+#define S_ISREG(m) (((m) & _S_IFMT) == _S_IFREG)
-+#endif
- #ifndef S_ISDIR
- #define S_ISDIR(m) (((m) & _S_IFMT) == _S_IFDIR)
- #endif
-@@ -2777,6 +2780,39 @@ g_local_file_measure_size_of_contents (gint           fd,
-                                        MeasureState  *state,
-                                        GError       **error);
- 
-+/*
-+ * _g_stat_is_size_usable:
-+ * @buf: a #GLocalFileStat.
-+ *
-+ * Checks if the file type is such that the `st_size` field of `struct stat` is
-+ * well-defined by POSIX.
-+ * (see https://pubs.opengroup.org/onlinepubs/009696799/basedefs/sys/stat.h.html)
-+ *
-+ * This behaviour is aligned with `du` from GNU Coreutils 9.2+
-+ * (see https://lists.gnu.org/archive/html/bug-coreutils/2023-03/msg00007.html)
-+ * and makes apparent size sums well-defined; formerly, they depended on the
-+ * implementation, and could differ across filesystems.
-+ *
-+ * Returns: %TRUE if the size field is well-defined, %FALSE otherwise.
-+ **/
-+inline static gboolean
-+_g_stat_is_size_usable (const GLocalFileStat *buf)
-+{
-+#ifndef HAVE_STATX
-+  /* Memory objects are defined by POSIX, but are not supported by statx nor Windows */
-+#ifdef S_TYPEISSHM
-+  if (S_TYPEISSHM (buf))
-+    return TRUE;
-+#endif
-+#ifdef S_TYPEISTMO
-+  if (S_TYPEISTMO (buf))
-+    return TRUE;
-+#endif
-+#endif
-+
-+  return S_ISREG (_g_stat_mode (buf)) || S_ISLNK (_g_stat_mode (buf));
-+}
-+
- static gboolean
- g_local_file_measure_size_of_file (gint           parent_fd,
-                                    GSList        *name,
-@@ -2836,6 +2872,7 @@ g_local_file_measure_size_of_file (gint           parent_fd,
-     state->disk_usage += _g_stat_blocks (&buf) * G_GUINT64_CONSTANT (512);
-   else
- #endif
-+  if (_g_stat_is_size_usable (&buf))
-     state->disk_usage += _g_stat_size (&buf);
- 
-   if (S_ISDIR (_g_stat_mode (&buf)))
--- 
-2.39.2
-
diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch
new file mode 100644
index 0000000..788f420
--- /dev/null
+++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch
@@ -0,0 +1,32 @@
+From 9aa9574861fad39d0679025e35fe1e188345f685 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Sat, 16 Sep 2023 22:28:27 +0200
+Subject: [PATCH] meson.build: do not enable pidfd features on native glib
+ builds
+
+We still use host distros like alma 8 with kernels older than 5.4,
+where these features are not implemented.
+
+Upstream-Status: Inappropriate [oe-core specific]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ meson.build | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/meson.build b/meson.build
+index 1c36993..bbf97fc 100644
+--- a/meson.build
++++ b/meson.build
+@@ -981,7 +981,8 @@ if cc.links('''#include <sys/syscall.h>
+                  waitid (P_PIDFD, 0, &child_info, WEXITED | WNOHANG);
+                  return 0;
+                }''', name : 'pidfd_open(2) system call')
+-  glib_conf.set('HAVE_PIDFD', 1)
++  #requires kernel 5.4+
++  #glib_conf.set('HAVE_PIDFD', 1)
+ endif
+ 
+ # Check for __uint128_t (gcc) by checking for 128-bit division
+-- 
+2.30.2
+
diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch
index 3dba599..841fede 100644
--- a/poky/meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch
+++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch
@@ -1,4 +1,4 @@
-From 38e401969a2ff8269919cbeacec733a67f041735 Mon Sep 17 00:00:00 2001
+From b90d13900dd2777c2ab90c5b0be1a872c10a17da Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Fri, 11 Mar 2016 15:35:55 +0000
 Subject: [PATCH] glib-2.0: relocate the GIO module directory for native builds
@@ -13,25 +13,28 @@
 
 Port patch to 2.48
 Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+
 ---
- gio/giomodule.c | 5 -----
- 1 file changed, 5 deletions(-)
+ gio/giomodule.c | 7 -------
+ 1 file changed, 7 deletions(-)
 
 diff --git a/gio/giomodule.c b/gio/giomodule.c
-index 11ce7d8..cc27ecd 100644
+index 17fabe6..8021208 100644
 --- a/gio/giomodule.c
 +++ b/gio/giomodule.c
-@@ -1271,9 +1271,6 @@ get_gio_module_dir (void)
+@@ -1271,11 +1271,6 @@ get_gio_module_dir (void)
        g_free (install_dir);
  #else
        module_dir = g_strdup (GIO_MODULE_DIR);
 -#ifdef __APPLE__
 -#include "TargetConditionals.h"
--#if TARGET_OS_OSX
+-/* Only auto-relocate on macOS, not watchOS etc; older macOS SDKs only define TARGET_OS_MAC */
+-#if (defined (TARGET_OS_OSX) && TARGET_OS_OSX) || \
+-     (!defined (TARGET_OS_OSX) && defined (TARGET_OS_MAC) && TARGET_OS_MAC)
  #include <dlfcn.h>
        {
          g_autofree gchar *path = NULL;
-@@ -1292,8 +1289,6 @@ get_gio_module_dir (void)
+@@ -1294,8 +1289,6 @@ get_gio_module_dir (void)
                }
            }
        }
@@ -40,6 +43,3 @@
  #endif
      }
  
--- 
-2.30.2
-
diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.4.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.78.0.bb
similarity index 86%
rename from poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.4.bb
rename to poky/meta/recipes-core/glib-2.0/glib-2.0_2.78.0.bb
index 64a3c6d..500e4e8 100644
--- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.4.bb
+++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.78.0.bb
@@ -14,12 +14,12 @@
            file://0001-Do-not-write-bindir-into-pkg-config-files.patch \
            file://0001-meson-Run-atomics-test-on-clang-as-well.patch \
            file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \
-           file://0001-gio-tests-portal-support-Fix-snap-test-ordering-race.patch \
-           file://0001-glocalfile-Sum-apparent-size-only-for-files-and-syml.patch \
            "
-SRC_URI:append:class-native = " file://relocate-modules.patch"
+SRC_URI:append:class-native = " file://relocate-modules.patch \ 
+                                file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \
+                              "
 
-SRC_URI[sha256sum] = "5a5a191c96836e166a7771f7ea6ca2b0069c603c7da3cba1cd38d1694a395dda"
+SRC_URI[sha256sum] = "44eaab8b720877ce303c5540b657b126f12dc94972d9880b52959f43fb537b30"
 
 # Find any meson cross files in FILESPATH that are relevant for the current
 # build (using siteinfo) and add them to EXTRA_OEMESON.
diff --git a/poky/meta/recipes-core/glib-2.0/glib.inc b/poky/meta/recipes-core/glib-2.0/glib.inc
index 878dd10..b946e79 100644
--- a/poky/meta/recipes-core/glib-2.0/glib.inc
+++ b/poky/meta/recipes-core/glib-2.0/glib.inc
@@ -54,6 +54,7 @@
                ${libdir}/gio \
                ${libexecdir}/*gio-querymodules \
                ${libexecdir}/*gio-launch-desktop \
+               ${datadir}/glib-2.0/dtds \
                ${datadir}/glib-2.0/schemas"
 
 FILES:${PN}-utils += "${bindir}/glib-genmarshal \
@@ -133,7 +134,13 @@
         # https://gitlab.gnome.org/GNOME/glib/-/issues/2810
         rm -f ${D}${datadir}/installed-tests/glib/thread-pool-slow.test
 }
-
+do_install:append:class-target:libc-musl () {
+        # Remove failing tests on musl libc systems, this helps set baseline for musl testing
+        # they remain to be rootcaused and fixed but marked known failures here.
+        for t in convert.test collate.test gdatetime.test date.test converter-stream.test option-context.test; do
+                rm -rf ${D}${datadir}/installed-tests/glib/$t
+        done
+}
 # As we do not build python3 for windows, makes no sense to ship the script that's using it
 do_install:append:mingw32() {
         rm -f ${D}${bindir}/gtester-report
@@ -170,6 +177,12 @@
             python3-modules \
             ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-dbusmock', '', d)} \
             ${PN}-codegen \
+            locale-base-de-de \
+            locale-base-es-es \
+            locale-base-en-gb \
+            locale-base-en-us \
+            locale-base-fr-fr \
+            locale-base-ru-ru \
            "
 
 RDEPENDS:${PN}-ptest:append:libc-glibc = "\
@@ -184,18 +197,12 @@
             glibc-gconv-iso8859-15 \
             glibc-charmap-invariant \
             glibc-localedata-translit-cjk-variants \
-            locale-base-tr-tr \
             locale-base-lt-lt \
             locale-base-ja-jp.euc-jp \
             locale-base-fa-ir \
-            locale-base-ru-ru \
-            locale-base-de-de \
             locale-base-hr-hr \
             locale-base-el-gr \
-            locale-base-fr-fr \
-            locale-base-es-es \
-            locale-base-en-gb \
-            locale-base-en-us \
             locale-base-pl-pl \
             locale-base-pl-pl.iso-8859-2 \
+            locale-base-tr-tr \
            "
diff --git a/poky/meta/recipes-core/glibc/glibc-version.inc b/poky/meta/recipes-core/glibc/glibc-version.inc
index a907444..19b98bc 100644
--- a/poky/meta/recipes-core/glibc/glibc-version.inc
+++ b/poky/meta/recipes-core/glibc/glibc-version.inc
@@ -1,8 +1,13 @@
 SRCBRANCH ?= "release/2.38/master"
 PV = "2.38+git"
-SRCREV_glibc ?= "1aed90c9c8f8be9f68b58e96b6e4cd0fc08eb2b1"
+SRCREV_glibc ?= "750a45a783906a19591fb8ff6b7841470f1f5701"
 SRCREV_localedef ?= "e0eca29583b9e0f62645c4316ced93cf4e4e26e1"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"
 
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.(?!90)\d+)*)"
+
+CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates"
+CVE_STATUS[CVE-2023-4911] = "fixed-version: Fixed in stable branch updates"
+CVE_STATUS[CVE-2023-4806] = "fixed-version: Fixed in stable branch updates"
+CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates"
diff --git a/poky/meta/recipes-core/glibc/glibc-tests_2.38.bb b/poky/meta/recipes-core/glibc/glibc-y2038-tests_2.38.bb
similarity index 96%
rename from poky/meta/recipes-core/glibc/glibc-tests_2.38.bb
rename to poky/meta/recipes-core/glibc/glibc-y2038-tests_2.38.bb
index 95eb774..be49ca4 100644
--- a/poky/meta/recipes-core/glibc/glibc-tests_2.38.bb
+++ b/poky/meta/recipes-core/glibc/glibc-y2038-tests_2.38.bb
@@ -8,7 +8,7 @@
 	file://run-ptest \
 "
 
-SUMMARY = "glibc tests to be run with ptest"
+SUMMARY = "glibc tests using time32/time64 interfaces to be run with ptest for the purpose of checking y2038 compatiblity"
 
 # Erase some variables already set by glibc_${PV}
 python __anonymous() {
diff --git a/poky/meta/recipes-core/glibc/ldconfig-native_2.12.1.bb b/poky/meta/recipes-core/glibc/ldconfig-native_2.12.1.bb
index e867ceb..4db67c3 100644
--- a/poky/meta/recipes-core/glibc/ldconfig-native_2.12.1.bb
+++ b/poky/meta/recipes-core/glibc/ldconfig-native_2.12.1.bb
@@ -18,7 +18,6 @@
            file://add-riscv-support.patch \
 "
 
-PR = "r2"
 
 FILESEXTRAPATHS =. "${FILE_DIRNAME}/${P}:"
 
diff --git a/poky/meta/recipes-core/images/core-image-ptest.bb b/poky/meta/recipes-core/images/core-image-ptest.bb
index b81ab7b..b6f5c2f 100644
--- a/poky/meta/recipes-core/images/core-image-ptest.bb
+++ b/poky/meta/recipes-core/images/core-image-ptest.bb
@@ -24,6 +24,9 @@
 IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1024288"
 IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-lttng-tools = "1524288"
 
+# tar-ptest in particular needs more space
+IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-tar = "1524288"
+
 # ptests need more memory than standard to avoid the OOM killer
 QB_MEM = "-m 1024"
 QB_MEM:virtclass-mcextend-lttng-tools = "-m 4096"
diff --git a/poky/meta/recipes-core/init-ifupdown/init-ifupdown_1.0.bb b/poky/meta/recipes-core/init-ifupdown/init-ifupdown_1.0.bb
index d39323d..409b1c0 100644
--- a/poky/meta/recipes-core/init-ifupdown/init-ifupdown_1.0.bb
+++ b/poky/meta/recipes-core/init-ifupdown/init-ifupdown_1.0.bb
@@ -4,7 +4,6 @@
 SECTION = "base"
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://${WORKDIR}/copyright;md5=3dd6192d306f582dee7687da3d8748ab"
-PR = "r7"
 
 inherit update-rc.d
 
diff --git a/poky/meta/recipes-core/initrdscripts/initramfs-boot_1.0.bb b/poky/meta/recipes-core/initrdscripts/initramfs-boot_1.0.bb
index ab460ac..198459f 100644
--- a/poky/meta/recipes-core/initrdscripts/initramfs-boot_1.0.bb
+++ b/poky/meta/recipes-core/initrdscripts/initramfs-boot_1.0.bb
@@ -3,7 +3,6 @@
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 SRC_URI = "file://init-boot.sh"
 
-PR = "r2"
 
 S = "${WORKDIR}"
 
diff --git a/poky/meta/recipes-core/initrdscripts/initramfs-framework_1.0.bb b/poky/meta/recipes-core/initrdscripts/initramfs-framework_1.0.bb
index 4e76e20..39ea51c 100644
--- a/poky/meta/recipes-core/initrdscripts/initramfs-framework_1.0.bb
+++ b/poky/meta/recipes-core/initrdscripts/initramfs-framework_1.0.bb
@@ -4,7 +4,6 @@
 RDEPENDS:${PN} += "${VIRTUAL-RUNTIME_base-utils}"
 RRECOMMENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog}"
 
-PR = "r4"
 
 inherit allarch
 
diff --git a/poky/meta/recipes-core/initrdscripts/initramfs-live-boot-tiny_1.0.bb b/poky/meta/recipes-core/initrdscripts/initramfs-live-boot-tiny_1.0.bb
index 59a5305..847dbc0 100644
--- a/poky/meta/recipes-core/initrdscripts/initramfs-live-boot-tiny_1.0.bb
+++ b/poky/meta/recipes-core/initrdscripts/initramfs-live-boot-tiny_1.0.bb
@@ -5,7 +5,6 @@
 RDEPENDS:${PN} = "busybox-mdev"
 SRC_URI = "file://init-live.sh"
 
-PR = "r12"
 
 S = "${WORKDIR}"
 
diff --git a/poky/meta/recipes-core/initrdscripts/initramfs-live-boot_1.0.bb b/poky/meta/recipes-core/initrdscripts/initramfs-live-boot_1.0.bb
index 8f56d7a..b3b991b 100644
--- a/poky/meta/recipes-core/initrdscripts/initramfs-live-boot_1.0.bb
+++ b/poky/meta/recipes-core/initrdscripts/initramfs-live-boot_1.0.bb
@@ -5,7 +5,6 @@
 RDEPENDS:${PN} = "udev udev-extraconf"
 SRC_URI = "file://init-live.sh"
 
-PR = "r12"
 
 S = "${WORKDIR}"
 
diff --git a/poky/meta/recipes-core/initrdscripts/initramfs-live-install-efi_1.0.bb b/poky/meta/recipes-core/initrdscripts/initramfs-live-install-efi_1.0.bb
index ecbd567..e10faad 100644
--- a/poky/meta/recipes-core/initrdscripts/initramfs-live-install-efi_1.0.bb
+++ b/poky/meta/recipes-core/initrdscripts/initramfs-live-install-efi_1.0.bb
@@ -3,7 +3,6 @@
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 SRC_URI = "file://init-install-efi.sh"
 
-PR = "r1"
 
 RDEPENDS:${PN} = "parted e2fsprogs-mke2fs dosfstools util-linux-blkid ${VIRTUAL-RUNTIME_base-utils}"
 RRECOMMENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog}"
diff --git a/poky/meta/recipes-core/initrdscripts/initramfs-live-install_1.0.bb b/poky/meta/recipes-core/initrdscripts/initramfs-live-install_1.0.bb
index 674d49e..9046d06 100644
--- a/poky/meta/recipes-core/initrdscripts/initramfs-live-install_1.0.bb
+++ b/poky/meta/recipes-core/initrdscripts/initramfs-live-install_1.0.bb
@@ -3,7 +3,6 @@
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 SRC_URI = "file://init-install.sh"
 
-PR = "r9"
 
 S = "${WORKDIR}"
 
diff --git a/poky/meta/recipes-core/initrdscripts/initramfs-module-install-efi_1.0.bb b/poky/meta/recipes-core/initrdscripts/initramfs-module-install-efi_1.0.bb
index fb19484..b749964 100644
--- a/poky/meta/recipes-core/initrdscripts/initramfs-module-install-efi_1.0.bb
+++ b/poky/meta/recipes-core/initrdscripts/initramfs-module-install-efi_1.0.bb
@@ -4,7 +4,6 @@
 RDEPENDS:${PN} = "initramfs-framework-base parted e2fsprogs-mke2fs dosfstools util-linux-blkid ${VIRTUAL-RUNTIME_base-utils}"
 RRECOMMENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog}"
 
-PR = "r4"
 
 SRC_URI = "file://init-install-efi.sh"
 
diff --git a/poky/meta/recipes-core/initrdscripts/initramfs-module-install_1.0.bb b/poky/meta/recipes-core/initrdscripts/initramfs-module-install_1.0.bb
index 0fc2c00..11db712 100644
--- a/poky/meta/recipes-core/initrdscripts/initramfs-module-install_1.0.bb
+++ b/poky/meta/recipes-core/initrdscripts/initramfs-module-install_1.0.bb
@@ -9,7 +9,6 @@
 COMPATIBLE_HOST:armv7a = 'null'
 COMPATIBLE_HOST:armv7ve = 'null'
 
-PR = "r1"
 
 SRC_URI = "file://init-install.sh"
 
diff --git a/poky/meta/recipes-core/initrdscripts/initramfs-module-setup-live_1.0.bb b/poky/meta/recipes-core/initrdscripts/initramfs-module-setup-live_1.0.bb
index d8ce024..48a779e 100644
--- a/poky/meta/recipes-core/initrdscripts/initramfs-module-setup-live_1.0.bb
+++ b/poky/meta/recipes-core/initrdscripts/initramfs-module-setup-live_1.0.bb
@@ -3,7 +3,6 @@
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 RDEPENDS:${PN} = "initramfs-framework-base udev-extraconf"
 
-PR = "r4"
 
 inherit allarch
 
diff --git a/poky/meta/recipes-core/initscripts/initscripts_1.0.bb b/poky/meta/recipes-core/initscripts/initscripts_1.0.bb
index 4dc477b..4b34c6a 100644
--- a/poky/meta/recipes-core/initscripts/initscripts_1.0.bb
+++ b/poky/meta/recipes-core/initscripts/initscripts_1.0.bb
@@ -4,7 +4,6 @@
 SECTION = "base"
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://functions;beginline=7;endline=7;md5=829e563511c9a1d6d41f17a7a4989d6a"
-PR = "r155"
 
 INHIBIT_DEFAULT_DEPS = "1"
 
diff --git a/poky/meta/recipes-core/kbd/kbd_2.6.2.bb b/poky/meta/recipes-core/kbd/kbd_2.6.3.bb
similarity index 94%
rename from poky/meta/recipes-core/kbd/kbd_2.6.2.bb
rename to poky/meta/recipes-core/kbd/kbd_2.6.3.bb
index abd039f..5287781 100644
--- a/poky/meta/recipes-core/kbd/kbd_2.6.2.bb
+++ b/poky/meta/recipes-core/kbd/kbd_2.6.3.bb
@@ -16,7 +16,7 @@
 SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/${BP}.tar.xz \
            "
 
-SRC_URI[sha256sum] = "33e3bb3c3f55933b10f053b14b5f69a2e24c28543e9ec7690246fe47628dd94f"
+SRC_URI[sha256sum] = "04996c08d7d1c460966fb244a3d3883352c2674b7ad522003d9f4ecb8ab48deb"
 
 EXTRA_OECONF = "--disable-tests"
 PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb
index ec9f9f4..d5546ce 100644
--- a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb
+++ b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb
@@ -13,6 +13,6 @@
 do_install:append () {
 	rm -rf ${D}${includedir}
 	rm -rf ${D}${libdir}/pkgconfig
+	rm -rf ${D}${libdir}/libcrypt.so
 	rm -rf ${D}${datadir}
 }
-
diff --git a/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb b/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 2f7dad7..d0321f1 100644
--- a/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -225,7 +225,7 @@
         c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
 
         c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
-            SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
+            SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)")
 
         c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
             VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
@@ -299,6 +299,7 @@
     """
 
     accessVector = None
+    vectorString = None
     cveId = elt['cve']['id']
     if elt['cve']['vulnStatus'] ==  "Rejected":
         return
@@ -309,25 +310,29 @@
     date = elt['cve']['lastModified']
     try:
         accessVector = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['accessVector']
+        vectorString = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['vectorString']
         cvssv2 = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['baseScore']
     except KeyError:
         cvssv2 = 0.0
     cvssv3 = None
     try:
         accessVector = accessVector or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['attackVector']
+        vectorString = vectorString or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['vectorString']
         cvssv3 = elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['baseScore']
     except KeyError:
         pass
     try:
         accessVector = accessVector or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['attackVector']
+        vectorString = vectorString or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['vectorString']
         cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore']
     except KeyError:
         pass
     accessVector = accessVector or "UNKNOWN"
+    vectorString = vectorString or "UNKNOWN"
     cvssv3 = cvssv3 or 0.0
 
-    conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
-                [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close()
+    conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?)",
+                [cveId, cveDesc, cvssv2, cvssv3, date, accessVector, vectorString]).close()
 
     try:
         for config in elt['cve']['configurations']:
diff --git a/poky/meta/recipes-core/meta/meta-environment.bb b/poky/meta/recipes-core/meta/meta-environment.bb
index 7118fb2..65436bc 100644
--- a/poky/meta/recipes-core/meta/meta-environment.bb
+++ b/poky/meta/recipes-core/meta/meta-environment.bb
@@ -1,6 +1,5 @@
 SUMMARY = "Package of environment files for SDK"
 LICENSE = "MIT"
-PR = "r8"
 
 EXCLUDE_FROM_WORLD = "1"
 
diff --git a/poky/meta/recipes-core/meta/meta-ide-support.bb b/poky/meta/recipes-core/meta/meta-ide-support.bb
index 7f349f6..d85aa12 100644
--- a/poky/meta/recipes-core/meta/meta-ide-support.bb
+++ b/poky/meta/recipes-core/meta/meta-ide-support.bb
@@ -3,7 +3,6 @@
 LICENSE = "MIT"
 
 DEPENDS = "virtual/libc gdb-cross-${TARGET_ARCH} qemu-native qemu-helper-native unfs3-native cmake-native autoconf-native automake-native meson-native intltool-native pkgconfig-native"
-PR = "r3"
 RM_WORK_EXCLUDE += "${PN}"
 
 inherit toolchain-scripts nopackages deploy testsdk
diff --git a/poky/meta/recipes-core/meta/meta-toolchain.bb b/poky/meta/recipes-core/meta/meta-toolchain.bb
index b02b066..260e039 100644
--- a/poky/meta/recipes-core/meta/meta-toolchain.bb
+++ b/poky/meta/recipes-core/meta/meta-toolchain.bb
@@ -1,6 +1,5 @@
 SUMMARY = "Meta package for building a installable toolchain"
 LICENSE = "MIT"
 
-PR = "r7"
 
 inherit populate_sdk
diff --git a/poky/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb b/poky/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb
index 4909401..bb4e746 100644
--- a/poky/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb
+++ b/poky/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb
@@ -36,7 +36,6 @@
     /usr/bin/perl \
     "
 
-PR = "r2"
 
 require dummy-sdk-package.inc
 
diff --git a/poky/meta/recipes-core/musl/bsd-headers/sys-cdefs.h b/poky/meta/recipes-core/musl/bsd-headers/sys-cdefs.h
index 209a623..841a5da 100644
--- a/poky/meta/recipes-core/musl/bsd-headers/sys-cdefs.h
+++ b/poky/meta/recipes-core/musl/bsd-headers/sys-cdefs.h
@@ -1,3 +1,6 @@
+#ifndef _SYS_CDEFS_H_
+#define _SYS_CDEFS_H_
+
 #warning usage of non-standard #include <sys/cdefs.h> is deprecated
 
 #undef __P
@@ -24,3 +27,8 @@
 # define __THROW
 # define __NTH(fct)     fct
 #endif
+
+#define __CONCAT(x,y)   x ## y
+#define __STRING(x)     #x
+
+#endif /* _SYS_CDEFS_H_ */
diff --git a/poky/meta/recipes-core/musl/libc-test/run-libc-ptests b/poky/meta/recipes-core/musl/libc-test/run-libc-ptests
new file mode 100644
index 0000000..0b4b687
--- /dev/null
+++ b/poky/meta/recipes-core/musl/libc-test/run-libc-ptests
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+set -e
+
+cd /opt/libc-test
+make cleanall
+make run || true
+
+echo ""
+echo "--- ptest result ---"
+# libc-test runs tests by module(e.g. src/api) and generates sub-module test
+# report(e.g. src/api/REPORT) first. After all tests finish, it generates the
+# consolidated report file src/REPORT.
+report="/opt/libc-test/src/REPORT"
+if ! [ -f "${report}" ]; then
+    echo "${report} not found!"
+    echo "FAIL: libc-test"
+    exit 1
+# libc-test prints error on failure and prints nothing on success.
+elif grep -q '^FAIL src.*\.exe.*' "${report}"; then
+    # Print test failure in ptest format.
+    # e.g. "FAIL src/api/main.exe [status 1]" -> "FAIL: api_main"
+    grep '^FAIL src.*\.exe.*' "${report}" \
+        | sed 's|^FAIL src/|FAIL: |;s|/|_|;s|\.exe.*\]||'
+    exit 1
+else
+    echo "PASS: libc-test"
+fi
diff --git a/poky/meta/recipes-core/musl/libc-test/run-ptest b/poky/meta/recipes-core/musl/libc-test/run-ptest
index 0b4b687..53cd34f 100644
--- a/poky/meta/recipes-core/musl/libc-test/run-ptest
+++ b/poky/meta/recipes-core/musl/libc-test/run-ptest
@@ -1,28 +1,3 @@
 #!/bin/sh
-
-set -e
-
-cd /opt/libc-test
-make cleanall
-make run || true
-
-echo ""
-echo "--- ptest result ---"
-# libc-test runs tests by module(e.g. src/api) and generates sub-module test
-# report(e.g. src/api/REPORT) first. After all tests finish, it generates the
-# consolidated report file src/REPORT.
-report="/opt/libc-test/src/REPORT"
-if ! [ -f "${report}" ]; then
-    echo "${report} not found!"
-    echo "FAIL: libc-test"
-    exit 1
-# libc-test prints error on failure and prints nothing on success.
-elif grep -q '^FAIL src.*\.exe.*' "${report}"; then
-    # Print test failure in ptest format.
-    # e.g. "FAIL src/api/main.exe [status 1]" -> "FAIL: api_main"
-    grep '^FAIL src.*\.exe.*' "${report}" \
-        | sed 's|^FAIL src/|FAIL: |;s|/|_|;s|\.exe.*\]||'
-    exit 1
-else
-    echo "PASS: libc-test"
-fi
+chown -R ptest:ptest /opt/libc-test
+ su -c ./run-libc-ptests ptest
diff --git a/poky/meta/recipes-core/musl/libc-test_git.bb b/poky/meta/recipes-core/musl/libc-test_git.bb
index e63abe8..619a959 100644
--- a/poky/meta/recipes-core/musl/libc-test_git.bb
+++ b/poky/meta/recipes-core/musl/libc-test_git.bb
@@ -13,6 +13,7 @@
 SRC_URI = " \
     git://repo.or.cz/libc-test;branch=master;protocol=https \
     file://run-ptest \
+    file://run-libc-ptests \
 "
 
 PV = "0+git"
@@ -48,5 +49,9 @@
     cp -r ${S}/src ${D}${install_path}
 }
 
+do_install_ptest_base:append() {
+    install -Dm 0755 ${WORKDIR}/run-libc-ptests ${D}${PTEST_PATH}/run-libc-ptests
+}
+
 COMPATIBLE_HOST = "null"
 COMPATIBLE_HOST:libc-musl = "(.*)"
diff --git a/poky/meta/recipes-core/musl/musl-legacy-error.bb b/poky/meta/recipes-core/musl/musl-legacy-error.bb
new file mode 100644
index 0000000..5ce5a23
--- /dev/null
+++ b/poky/meta/recipes-core/musl/musl-legacy-error.bb
@@ -0,0 +1,26 @@
+# Copyright (C) 2023 Khem Raj <raj.khem@gmail.com>
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+SUMMARY = "error API GNU extention implementation"
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://error.h;beginline=1;md5=2ee396b23e8507fbf8f98af0471a77c6"
+SECTION = "devel"
+
+SRC_URI = "file://error.h"
+
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+
+INHIBIT_DEFAULT_DEPS = "1"
+
+S = "${WORKDIR}"
+
+do_install() {
+	install -Dm 0644 ${S}/error.h -t ${D}${includedir}
+}
+#
+# We will skip parsing for non-musl systems
+#
+COMPATIBLE_HOST = ".*-musl.*"
+DEV_PKG_DEPENDENCY = ""
+RRECOMMENDS:${PN}-dbg = "${PN}-dev (= ${EXTENDPKGV})"
diff --git a/poky/meta/recipes-core/musl/musl-legacy-error/error.h b/poky/meta/recipes-core/musl/musl-legacy-error/error.h
new file mode 100644
index 0000000..9a4e1f8
--- /dev/null
+++ b/poky/meta/recipes-core/musl/musl-legacy-error/error.h
@@ -0,0 +1,60 @@
+#ifndef _ERROR_H_
+#define _ERROR_H_
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#warning usage of non-standard #include <error.h> is deprecated
+
+static unsigned int error_message_count = 0;
+
+static inline void error(int status, int errnum, const char* format, ...)
+{
+	/* should be fflush(stdout), but that's unspecified if stdout has been closed;
+	 * stick with fflush(NULL) for simplicity (glibc checks if the fd is still valid) */
+	fflush(NULL);
+
+	va_list ap;
+	fprintf(stderr, "%s: ", program_invocation_name);
+	va_start(ap, format);
+	vfprintf(stderr, format, ap);
+	va_end(ap);
+	if (errnum)
+		fprintf(stderr, ": %s", strerror(errnum));
+	fprintf(stderr, "\n");
+	error_message_count++;
+	if (status)
+		exit(status);
+}
+
+static int error_one_per_line = 0;
+
+static inline void error_at_line(int status, int errnum, const char *filename,
+		unsigned int linenum, const char *format, ...)
+{
+	va_list ap;
+	if (error_one_per_line) {
+		static const char *old_filename;
+		static int old_linenum;
+		if (linenum == old_linenum && filename == old_filename)
+			return;
+		old_filename = filename;
+		old_linenum = linenum;
+	}
+	fprintf(stderr, "%s: %s:%u: ", program_invocation_name, filename, linenum);
+	va_start(ap, format);
+	vfprintf(stderr, format, ap);
+	va_end(ap);
+	if (errnum)
+		fprintf(stderr, ": %s", strerror(errnum));
+	fprintf(stderr, "\n");
+	error_message_count++;
+	if (status)
+		exit(status);
+}
+
+
+#endif	/* _ERROR_H_ */
diff --git a/poky/meta/recipes-core/musl/musl_git.bb b/poky/meta/recipes-core/musl/musl_git.bb
index 4a4fe97..7dd949f 100644
--- a/poky/meta/recipes-core/musl/musl_git.bb
+++ b/poky/meta/recipes-core/musl/musl_git.bb
@@ -4,21 +4,17 @@
 require musl.inc
 inherit linuxloader
 
-SRCREV = "83b858f83b658bd34eca5d8ad4d145f673ae7e5e"
+SRCREV = "79bdacff83a6bd5b70ff5ae5eb8b6de82c2f7c30"
 
 BASEVER = "1.2.4"
 
 PV = "${BASEVER}+git"
 
-# mirror is at git://github.com/kraj/musl.git
-
-SRC_URI = "git://git.musl-libc.org/git/musl.git;branch=master;protocol=https \
+SRC_URI = "git://git.etalabs.net/git/musl;branch=master;protocol=https \
            file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \
            file://0002-ldso-Use-syslibdir-and-libdir-as-default-pathes-to-l.patch \
           "
 
-MIRRORS += "git://git.musl-libc.org/git/musl.git git://github.com/kraj/musl.git"
-
 S = "${WORKDIR}/git"
 
 PROVIDES += "virtual/libc virtual/libiconv virtual/libintl virtual/crypt"
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
index efabc8f..eeedc9e 100644
--- a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
+++ b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
@@ -1,7 +1,7 @@
-From 7675a67b8bb207de38ff5a9dc416e8b1028eb8ce Mon Sep 17 00:00:00 2001
+From ac9df4fb92965f1f95a5bdbde5f2f86d0c569711 Mon Sep 17 00:00:00 2001
 From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
 Date: Fri, 26 Jul 2019 17:34:26 -0400
-Subject: [PATCH 2/4] BaseTools: makefile: adjust to build in under bitbake
+Subject: [PATCH] BaseTools: makefile: adjust to build in under bitbake
 
 Prepend the build flags with those of bitbake. This is to build
 using the bitbake native sysroot include and library directories.
@@ -18,13 +18,13 @@
  1 file changed, 7 insertions(+), 8 deletions(-)
 
 diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile
-index 1bf003523b..28757aed63 100644
+index d369908a09..22c670f316 100644
 --- a/BaseTools/Source/C/Makefiles/header.makefile
 +++ b/BaseTools/Source/C/Makefiles/header.makefile
-@@ -82,35 +82,34 @@ $(error Bad HOST_ARCH)
- endif

+@@ -85,35 +85,34 @@ endif
  

  INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE)

+ INCLUDE += -I $(EDK2_PATH)/MdePkg/Include

 -CPPFLAGS = $(INCLUDE)

 +CPPFLAGS += $(INCLUDE)

  

diff --git a/poky/meta/recipes-core/ovmf/ovmf_git.bb b/poky/meta/recipes-core/ovmf/ovmf_git.bb
index 761c265..6bbe21a 100644
--- a/poky/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/poky/meta/recipes-core/ovmf/ovmf_git.bb
@@ -26,8 +26,8 @@
            file://0004-reproducible.patch \
            "
 
-PV = "edk2-stable202305"
-SRCREV = "ba91d0292e593df8528b66f99c1b0b14fadc8e16"
+PV = "edk2-stable202308"
+SRCREV = "819cfc6b42a68790a23509e4fcc58ceb70e1965e"
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)"
 
 inherit deploy
diff --git a/poky/meta/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bb b/poky/meta/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bb
index 9166a08..11e31dc 100644
--- a/poky/meta/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bb
+++ b/poky/meta/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bb
@@ -3,7 +3,6 @@
 #
 
 SUMMARY = "Host packages for the standalone SDK or external toolchain"
-PR = "r12"
 
 inherit packagegroup nativesdk
 
diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-base.bb b/poky/meta/recipes-core/packagegroups/packagegroup-base.bb
index eeb26ca..70a1035 100644
--- a/poky/meta/recipes-core/packagegroups/packagegroup-base.bb
+++ b/poky/meta/recipes-core/packagegroups/packagegroup-base.bb
@@ -1,5 +1,4 @@
 SUMMARY = "Merge machine and distro options to create a basic machine task/package"
-PR = "r83"
 
 #
 # packages which content depend on MACHINE_FEATURES need to be MACHINE_ARCH
@@ -130,7 +129,6 @@
 #
 # packages added by machine config
 #
-SUMMARY:packagegroup-machine-base = "${MACHINE} extras"
 SUMMARY:packagegroup-machine-base = "Extra packages required to fully support ${MACHINE} hardware"
 RDEPENDS:packagegroup-machine-base = "${MACHINE_EXTRA_RDEPENDS}"
 RRECOMMENDS:packagegroup-machine-base = "${MACHINE_EXTRA_RRECOMMENDS}"
diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-core-boot.bb b/poky/meta/recipes-core/packagegroups/packagegroup-core-boot.bb
index a7bad81..d96d2f5 100644
--- a/poky/meta/recipes-core/packagegroups/packagegroup-core-boot.bb
+++ b/poky/meta/recipes-core/packagegroups/packagegroup-core-boot.bb
@@ -4,7 +4,6 @@
 
 SUMMARY = "Minimal boot requirements"
 DESCRIPTION = "The minimal set of packages required to boot the system"
-PR = "r17"
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-core-nfs.bb b/poky/meta/recipes-core/packagegroups/packagegroup-core-nfs.bb
index 35beb3f..b8a7317 100644
--- a/poky/meta/recipes-core/packagegroups/packagegroup-core-nfs.bb
+++ b/poky/meta/recipes-core/packagegroups/packagegroup-core-nfs.bb
@@ -3,7 +3,6 @@
 #
 
 SUMMARY = "NFS package groups"
-PR = "r2"
 
 inherit packagegroup
 
diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-core-sdk.bb b/poky/meta/recipes-core/packagegroups/packagegroup-core-sdk.bb
index 104f354..84e1a41 100644
--- a/poky/meta/recipes-core/packagegroups/packagegroup-core-sdk.bb
+++ b/poky/meta/recipes-core/packagegroups/packagegroup-core-sdk.bb
@@ -3,7 +3,6 @@
 #
 
 SUMMARY = "Software development tools"
-PR = "r9"
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-core-ssh-dropbear.bb b/poky/meta/recipes-core/packagegroups/packagegroup-core-ssh-dropbear.bb
index d06c6a5..206292a 100644
--- a/poky/meta/recipes-core/packagegroups/packagegroup-core-ssh-dropbear.bb
+++ b/poky/meta/recipes-core/packagegroups/packagegroup-core-ssh-dropbear.bb
@@ -1,5 +1,4 @@
 SUMMARY = "Dropbear SSH client/server"
-PR = "r1"
 
 inherit packagegroup
 
diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-core-ssh-openssh.bb b/poky/meta/recipes-core/packagegroups/packagegroup-core-ssh-openssh.bb
index 846df12..392403f 100644
--- a/poky/meta/recipes-core/packagegroups/packagegroup-core-ssh-openssh.bb
+++ b/poky/meta/recipes-core/packagegroups/packagegroup-core-ssh-openssh.bb
@@ -1,5 +1,4 @@
 SUMMARY = "OpenSSH SSH client/server"
-PR = "r1"
 
 inherit packagegroup
 
diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-core-standalone-sdk-target.bb b/poky/meta/recipes-core/packagegroups/packagegroup-core-standalone-sdk-target.bb
index 5ebcbce..06fdda9 100644
--- a/poky/meta/recipes-core/packagegroups/packagegroup-core-standalone-sdk-target.bb
+++ b/poky/meta/recipes-core/packagegroups/packagegroup-core-standalone-sdk-target.bb
@@ -1,5 +1,4 @@
 SUMMARY = "Target packages for the standalone SDK"
-PR = "r8"
 
 PACKAGE_ARCH = "${TUNE_PKGARCH}"
 
diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-debug.bb b/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-debug.bb
index c75850a..56ff1d2 100644
--- a/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-debug.bb
+++ b/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-debug.bb
@@ -8,7 +8,6 @@
 
 inherit packagegroup
 
-PR = "r3"
 
 MTRACE = ""
 MTRACE:libc-glibc = "libc-mtrace"
diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb b/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb
index 6330200..62c22a3 100644
--- a/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb
+++ b/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb
@@ -4,7 +4,6 @@
 
 SUMMARY = "Profiling tools"
 
-PR = "r3"
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-testapps.bb b/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-testapps.bb
index 1fee1c9..34af40a 100644
--- a/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-testapps.bb
+++ b/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-testapps.bb
@@ -4,7 +4,6 @@
 
 SUMMARY = "Testing tools/applications"
 
-PR = "r2"
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb b/poky/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb
index dd000fd..ae34a8a 100644
--- a/poky/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb
+++ b/poky/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb
@@ -4,7 +4,6 @@
 
 SUMMARY = "Self-hosting"
 DESCRIPTION = "Packages required to run the build system"
-PR = "r13"
 
 PACKAGE_ARCH = "${TUNE_PKGARCH}"
 
diff --git a/poky/meta/recipes-core/seatd/seatd_0.7.0.bb b/poky/meta/recipes-core/seatd/seatd_0.8.0.bb
similarity index 95%
rename from poky/meta/recipes-core/seatd/seatd_0.7.0.bb
rename to poky/meta/recipes-core/seatd/seatd_0.8.0.bb
index 59ef6ad..14c5b1b 100644
--- a/poky/meta/recipes-core/seatd/seatd_0.7.0.bb
+++ b/poky/meta/recipes-core/seatd/seatd_0.8.0.bb
@@ -8,7 +8,7 @@
 
 SRC_URI = "git://git.sr.ht/~kennylevinsen/seatd;protocol=https;branch=master \
            file://init"
-SRCREV = "a803ba0502cccf147eec7fbcacd11c5b8643c0e0"
+SRCREV = "3e9ef69f14f630a719dd464f3c90a7932f1c8296"
 S = "${WORKDIR}/git"
 
 inherit meson pkgconfig update-rc.d
diff --git a/poky/meta/recipes-core/systemd/systemd-boot_254.bb b/poky/meta/recipes-core/systemd/systemd-boot_254.4.bb
similarity index 100%
rename from poky/meta/recipes-core/systemd/systemd-boot_254.bb
rename to poky/meta/recipes-core/systemd/systemd-boot_254.4.bb
diff --git a/poky/meta/recipes-core/systemd/systemd-compat-units.bb b/poky/meta/recipes-core/systemd/systemd-compat-units.bb
index 75b1045..253bc9f 100644
--- a/poky/meta/recipes-core/systemd/systemd-compat-units.bb
+++ b/poky/meta/recipes-core/systemd/systemd-compat-units.bb
@@ -2,7 +2,6 @@
 HOMEPAGE = "http://www.freedesktop.org/wiki/Software/systemd"
 LICENSE = "MIT"
 
-PR = "r29"
 
 PACKAGE_WRITE_DEPS += "systemd-systemctl-native"
 
diff --git a/poky/meta/recipes-core/systemd/systemd-machine-units_1.0.bb b/poky/meta/recipes-core/systemd/systemd-machine-units_1.0.bb
index 7e59e86..8df7ff7 100644
--- a/poky/meta/recipes-core/systemd/systemd-machine-units_1.0.bb
+++ b/poky/meta/recipes-core/systemd/systemd-machine-units_1.0.bb
@@ -5,7 +5,6 @@
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
-PR = "r19"
 
 inherit systemd features_check
 REQUIRED_DISTRO_FEATURES += "usrmerge"
diff --git a/poky/meta/recipes-core/systemd/systemd-serialgetty.bb b/poky/meta/recipes-core/systemd/systemd-serialgetty.bb
index c2c67e6..44a93ac 100644
--- a/poky/meta/recipes-core/systemd/systemd-serialgetty.bb
+++ b/poky/meta/recipes-core/systemd/systemd-serialgetty.bb
@@ -3,7 +3,6 @@
 LICENSE = "GPL-2.0-or-later"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
 
-PR = "r5"
 
 SERIAL_CONSOLES ?= "115200;ttyS0"
 SERIAL_TERM ?= "linux"
diff --git a/poky/meta/recipes-core/systemd/systemd-systemctl-native.bb b/poky/meta/recipes-core/systemd/systemd-systemctl-native.bb
index fadc843..54283bc 100644
--- a/poky/meta/recipes-core/systemd/systemd-systemctl-native.bb
+++ b/poky/meta/recipes-core/systemd/systemd-systemctl-native.bb
@@ -3,7 +3,6 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 
-PR = "r6"
 
 inherit native
 
diff --git a/poky/meta/recipes-core/systemd/systemd.inc b/poky/meta/recipes-core/systemd/systemd.inc
index e5686fb..3ba0b5f 100644
--- a/poky/meta/recipes-core/systemd/systemd.inc
+++ b/poky/meta/recipes-core/systemd/systemd.inc
@@ -14,10 +14,8 @@
 LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
                     file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
 
-SRCREV = "994c7978608a0bd9b317f4f74ff266dd50a3e74e"
+SRCREV = "2e7504449a51fb38db9cd2da391c6434f82def51"
 SRCBRANCH = "v254-stable"
-SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH} \
-           file://0001-elf2efi-Fix-header-size-calculation.patch \
-           "
+SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH}"
 
 S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-core/systemd/systemd/0001-elf2efi-Fix-header-size-calculation.patch b/poky/meta/recipes-core/systemd/systemd/0001-elf2efi-Fix-header-size-calculation.patch
deleted file mode 100644
index 0e8924d..0000000
--- a/poky/meta/recipes-core/systemd/systemd/0001-elf2efi-Fix-header-size-calculation.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From d082d6502fa86e08dda858933838dde0406b824f Mon Sep 17 00:00:00 2001
-From: Jan Janssen <medhefgo@web.de>
-Date: Sun, 30 Jul 2023 20:59:04 +0200
-Subject: [PATCH] elf2efi: Fix header size calculation
-
-The PE header size calculation failed to take the PE magic and coff
-header size into account, which will lead to header truncation if we are
-writing only 5 sections.
-
-Upstream-Status: Backport [https://github.com/systemd/systemd/commit/ee91e06a5841c30bc7306260528ef407e0ebbab3]
-
-Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
----
- tools/elf2efi.py | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/tools/elf2efi.py b/tools/elf2efi.py
-index e233c8e3ab..2e478940f5 100755
---- a/tools/elf2efi.py
-+++ b/tools/elf2efi.py
-@@ -210,6 +210,7 @@ FILE_ALIGNMENT = 512
- 
- # Nobody cares about DOS headers, so put the PE header right after.
- PE_OFFSET = 64
-+PE_MAGIC = b"PE\0\0"
- 
- 
- def align_to(x: int, align: int) -> int:
-@@ -304,7 +305,10 @@ def copy_sections(elf: ELFFile, opt: PeOptionalHeader) -> typing.List[PeSection]
- 
- 
- def apply_elf_relative_relocation(
--    reloc: ElfRelocation, image_base: int, sections: typing.List[PeSection], addend_size: int
-+    reloc: ElfRelocation,
-+    image_base: int,
-+    sections: typing.List[PeSection],
-+    addend_size: int,
- ):
-     # fmt: off
-     [target] = [
-@@ -439,7 +443,7 @@ def write_pe(
-     file.seek(0x3C, io.SEEK_SET)
-     file.write(PE_OFFSET.to_bytes(2, byteorder="little"))
-     file.seek(PE_OFFSET, io.SEEK_SET)
--    file.write(b"PE\0\0")
-+    file.write(PE_MAGIC)
-     file.write(coff)
-     file.write(opt)
- 
-@@ -453,6 +457,8 @@ def write_pe(
-         file.write(pe_s)
-         offset = align_to(offset + len(pe_s.data), FILE_ALIGNMENT)
- 
-+    assert file.tell() <= opt.SizeOfHeaders
-+
-     for pe_s in sections:
-         file.seek(pe_s.PointerToRawData, io.SEEK_SET)
-         file.write(pe_s.data)
-@@ -515,6 +521,8 @@ def elf2efi(args: argparse.Namespace):
- 
-     opt.SizeOfHeaders = align_to(
-         PE_OFFSET
-+        + len(PE_MAGIC)
-+        + sizeof(PeCoffHeader)
-         + coff.SizeOfOptionalHeader
-         + sizeof(PeSection) * max(coff.NumberOfSections, args.minimum_sections),
-         FILE_ALIGNMENT,
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-core/systemd/systemd/0014-Use-uintmax_t-for-handling-rlim_t.patch b/poky/meta/recipes-core/systemd/systemd/0014-Use-uintmax_t-for-handling-rlim_t.patch
index 1d50faa..2071f4f 100644
--- a/poky/meta/recipes-core/systemd/systemd/0014-Use-uintmax_t-for-handling-rlim_t.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0014-Use-uintmax_t-for-handling-rlim_t.patch
@@ -26,11 +26,9 @@
  src/core/execute.c      |  4 ++--
  3 files changed, 9 insertions(+), 15 deletions(-)
 
-diff --git a/src/basic/format-util.h b/src/basic/format-util.h
-index 8719df3e29..9becc96066 100644
 --- a/src/basic/format-util.h
 +++ b/src/basic/format-util.h
-@@ -34,13 +34,7 @@ assert_cc(sizeof(gid_t) == sizeof(uint32_t));
+@@ -34,13 +34,7 @@ assert_cc(sizeof(gid_t) == sizeof(uint32
  #  error Unknown timex member size
  #endif
  
@@ -45,11 +43,9 @@
  
  #if SIZEOF_DEV_T == 8
  #  define DEV_FMT "%" PRIu64
-diff --git a/src/basic/rlimit-util.c b/src/basic/rlimit-util.c
-index 33dfde9d6c..e018fd81fd 100644
 --- a/src/basic/rlimit-util.c
 +++ b/src/basic/rlimit-util.c
-@@ -44,7 +44,7 @@ int setrlimit_closest(int resource, const struct rlimit *rlim) {
+@@ -44,7 +44,7 @@ int setrlimit_closest(int resource, cons
              fixed.rlim_max == highest.rlim_max)
                  return 0;
  
@@ -58,7 +54,7 @@
  
          return RET_NERRNO(setrlimit(resource, &fixed));
  }
-@@ -307,13 +307,13 @@ int rlimit_format(const struct rlimit *rl, char **ret) {
+@@ -307,13 +307,13 @@ int rlimit_format(const struct rlimit *r
          if (rl->rlim_cur >= RLIM_INFINITY && rl->rlim_max >= RLIM_INFINITY)
                  r = free_and_strdup(&s, "infinity");
          else if (rl->rlim_cur >= RLIM_INFINITY)
@@ -76,20 +72,18 @@
          if (r < 0)
                  return -ENOMEM;
  
-@@ -403,7 +403,7 @@ int rlimit_nofile_safe(void) {
- 
-         rl.rlim_cur = FD_SETSIZE;
+@@ -407,7 +407,7 @@ int rlimit_nofile_safe(void) {
+         rl.rlim_max = MIN(rl.rlim_max, (rlim_t) read_nr_open());
+         rl.rlim_cur = MIN((rlim_t) FD_SETSIZE, rl.rlim_max);
          if (setrlimit(RLIMIT_NOFILE, &rl) < 0)
 -                return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", rl.rlim_cur);
 +                return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", (uintmax_t)rl.rlim_cur);
  
          return 1;
  }
-diff --git a/src/core/execute.c b/src/core/execute.c
-index 8ef76de9ab..ea1c203e43 100644
 --- a/src/core/execute.c
 +++ b/src/core/execute.c
-@@ -6667,9 +6667,9 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
+@@ -6707,9 +6707,9 @@ void exec_context_dump(const ExecContext
          for (unsigned i = 0; i < RLIM_NLIMITS; i++)
                  if (c->rlimit[i]) {
                          fprintf(f, "%sLimit%s: " RLIM_FMT "\n",
@@ -101,6 +95,3 @@
                  }
  
          if (c->ioprio_set) {
--- 
-2.39.2
-
diff --git a/poky/meta/recipes-core/systemd/systemd/0021-do-not-disable-buffer-in-writing-files.patch b/poky/meta/recipes-core/systemd/systemd/0021-do-not-disable-buffer-in-writing-files.patch
index ef6b534..c850872 100644
--- a/poky/meta/recipes-core/systemd/systemd/0021-do-not-disable-buffer-in-writing-files.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0021-do-not-disable-buffer-in-writing-files.patch
@@ -42,11 +42,9 @@
  src/vconsole/vconsole-setup.c        |  2 +-
  20 files changed, 36 insertions(+), 37 deletions(-)
 
-diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
-index 11b4375ed5..7d81a6007f 100644
 --- a/src/basic/cgroup-util.c
 +++ b/src/basic/cgroup-util.c
-@@ -400,7 +400,7 @@ int cg_kill_kernel_sigkill(const char *controller, const char *path) {
+@@ -400,7 +400,7 @@ int cg_kill_kernel_sigkill(const char *c
          if (r < 0)
                  return r;
  
@@ -55,7 +53,7 @@
          if (r < 0)
                  return r;
  
-@@ -806,7 +806,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
+@@ -806,7 +806,7 @@ int cg_install_release_agent(const char
  
          sc = strstrip(contents);
          if (isempty(sc)) {
@@ -64,7 +62,7 @@
                  if (r < 0)
                          return r;
          } else if (!path_equal(sc, agent))
-@@ -824,7 +824,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
+@@ -824,7 +824,7 @@ int cg_install_release_agent(const char
  
          sc = strstrip(contents);
          if (streq(sc, "0")) {
@@ -73,7 +71,7 @@
                  if (r < 0)
                          return r;
  
-@@ -851,7 +851,7 @@ int cg_uninstall_release_agent(const char *controller) {
+@@ -851,7 +851,7 @@ int cg_uninstall_release_agent(const cha
          if (r < 0)
                  return r;
  
@@ -82,7 +80,7 @@
          if (r < 0)
                  return r;
  
-@@ -861,7 +861,7 @@ int cg_uninstall_release_agent(const char *controller) {
+@@ -861,7 +861,7 @@ int cg_uninstall_release_agent(const cha
          if (r < 0)
                  return r;
  
@@ -91,7 +89,7 @@
          if (r < 0)
                  return r;
  
-@@ -1764,7 +1764,7 @@ int cg_set_attribute(const char *controller, const char *path, const char *attri
+@@ -1764,7 +1764,7 @@ int cg_set_attribute(const char *control
          if (r < 0)
                  return r;
  
@@ -100,11 +98,9 @@
  }
  
  int cg_get_attribute(const char *controller, const char *path, const char *attribute, char **ret) {
-diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c
-index f5c0e04cec..272b920022 100644
 --- a/src/basic/namespace-util.c
 +++ b/src/basic/namespace-util.c
-@@ -227,12 +227,12 @@ int userns_acquire(const char *uid_map, const char *gid_map) {
+@@ -227,12 +227,12 @@ int userns_acquire(const char *uid_map,
                  freeze();
  
          xsprintf(path, "/proc/" PID_FMT "/uid_map", pid);
@@ -119,11 +115,9 @@
          if (r < 0)
                  return log_error_errno(r, "Failed to write GID map: %m");
  
-diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c
-index 64a95dd866..12cd16db1c 100644
 --- a/src/basic/procfs-util.c
 +++ b/src/basic/procfs-util.c
-@@ -64,13 +64,13 @@ int procfs_tasks_set_limit(uint64_t limit) {
+@@ -64,13 +64,13 @@ int procfs_tasks_set_limit(uint64_t limi
           * decrease it, as threads-max is the much more relevant sysctl. */
          if (limit > pid_max-1) {
                  sprintf(buffer, "%" PRIu64, limit+1); /* Add one, since PID 0 is not a valid PID */
@@ -139,11 +133,9 @@
          if (r < 0) {
                  uint64_t threads_max;
  
-diff --git a/src/basic/sysctl-util.c b/src/basic/sysctl-util.c
-index b66a6622ae..8d1c93008a 100644
 --- a/src/basic/sysctl-util.c
 +++ b/src/basic/sysctl-util.c
-@@ -58,7 +58,7 @@ int sysctl_write(const char *property, const char *value) {
+@@ -58,7 +58,7 @@ int sysctl_write(const char *property, c
  
          log_debug("Setting '%s' to '%s'", p, value);
  
@@ -152,8 +144,6 @@
  }
  
  int sysctl_writef(const char *property, const char *format, ...) {
-diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c
-index e1ddf97914..df6e156f19 100644
 --- a/src/binfmt/binfmt.c
 +++ b/src/binfmt/binfmt.c
 @@ -30,7 +30,7 @@ static bool arg_unregister = false;
@@ -165,7 +155,7 @@
  }
  
  static int apply_rule(const char *filename, unsigned line, const char *rule) {
-@@ -58,7 +58,7 @@ static int apply_rule(const char *filename, unsigned line, const char *rule) {
+@@ -58,7 +58,7 @@ static int apply_rule(const char *filena
          if (r >= 0)
                  log_debug("%s:%u: Rule '%s' deleted.", filename, line, rulename);
  
@@ -183,11 +173,9 @@
                  if (r < 0)
                          log_warning_errno(r, "Failed to flush binfmt_misc rules, ignoring: %m");
                  else
-diff --git a/src/core/cgroup.c b/src/core/cgroup.c
-index 4cac3f6a89..bebe2cd120 100644
 --- a/src/core/cgroup.c
 +++ b/src/core/cgroup.c
-@@ -4349,7 +4349,7 @@ int unit_cgroup_freezer_action(Unit *u, FreezerAction action) {
+@@ -4349,7 +4349,7 @@ int unit_cgroup_freezer_action(Unit *u,
                          u->freezer_state = FREEZER_THAWING;
          }
  
@@ -196,11 +184,9 @@
          if (r < 0)
                  return r;
  
-diff --git a/src/core/main.c b/src/core/main.c
-index c0b8126d96..fe676320ba 100644
 --- a/src/core/main.c
 +++ b/src/core/main.c
-@@ -1737,7 +1737,7 @@ static void initialize_core_pattern(bool skip_setup) {
+@@ -1737,7 +1737,7 @@ static void initialize_core_pattern(bool
          if (getpid_cached() != 1)
                  return;
  
@@ -209,11 +195,9 @@
          if (r < 0)
                  log_warning_errno(r, "Failed to write '%s' to /proc/sys/kernel/core_pattern, ignoring: %m",
                                    arg_early_core_pattern);
-diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c
-index bcaa237c8d..4032bde19e 100644
 --- a/src/core/smack-setup.c
 +++ b/src/core/smack-setup.c
-@@ -319,17 +319,17 @@ int mac_smack_setup(bool *loaded_policy) {
+@@ -319,17 +319,17 @@ int mac_smack_setup(bool *loaded_policy)
          }
  
  #if HAVE_SMACK_RUN_LABEL
@@ -235,8 +219,6 @@
          if (r < 0)
                  log_warning_errno(r, "Failed to set SMACK netlabel rule \"127.0.0.1 -CIPSO\": %m");
  #endif
-diff --git a/src/home/homework.c b/src/home/homework.c
-index 28907386a4..f9e45349a7 100644
 --- a/src/home/homework.c
 +++ b/src/home/homework.c
 @@ -278,7 +278,7 @@ static void drop_caches_now(void) {
@@ -248,11 +230,9 @@
          if (r < 0)
                  log_warning_errno(r, "Failed to drop caches, ignoring: %m");
          else
-diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
-index 8c65ee3469..153edab081 100644
 --- a/src/libsystemd/sd-device/sd-device.c
 +++ b/src/libsystemd/sd-device/sd-device.c
-@@ -2515,7 +2515,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr,
+@@ -2515,7 +2515,7 @@ _public_ int sd_device_set_sysattr_value
          if (!value)
                  return -ENOMEM;
  
@@ -261,11 +241,9 @@
          if (r < 0) {
                  /* On failure, clear cache entry, as we do not know how it fails. */
                  device_remove_cached_sysattr_value(device, sysattr);
-diff --git a/src/nspawn/nspawn-cgroup.c b/src/nspawn/nspawn-cgroup.c
-index 0deb4ebb30..bae8eead9e 100644
 --- a/src/nspawn/nspawn-cgroup.c
 +++ b/src/nspawn/nspawn-cgroup.c
-@@ -122,7 +122,7 @@ int sync_cgroup(pid_t pid, CGroupUnified unified_requested, uid_t uid_shift) {
+@@ -122,7 +122,7 @@ int sync_cgroup(pid_t pid, CGroupUnified
          fn = strjoina(tree, cgroup, "/cgroup.procs");
  
          sprintf(pid_string, PID_FMT, pid);
@@ -274,8 +252,6 @@
          if (r < 0) {
                  log_error_errno(r, "Failed to move process: %m");
                  goto finish;
-diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
-index 36d336dfc8..8c5c69596b 100644
 --- a/src/nspawn/nspawn.c
 +++ b/src/nspawn/nspawn.c
 @@ -2774,7 +2774,7 @@ static int reset_audit_loginuid(void) {
@@ -305,8 +281,6 @@
          if (r < 0)
                  return log_error_errno(r, "Failed to write GID map: %m");
  
-diff --git a/src/shared/binfmt-util.c b/src/shared/binfmt-util.c
-index a26175474b..1413a9c72c 100644
 --- a/src/shared/binfmt-util.c
 +++ b/src/shared/binfmt-util.c
 @@ -46,7 +46,7 @@ int disable_binfmt(void) {
@@ -318,11 +292,9 @@
          if (r < 0)
                  return log_warning_errno(r, "Failed to unregister binfmt_misc entries: %m");
  
-diff --git a/src/shared/cgroup-setup.c b/src/shared/cgroup-setup.c
-index 2ea83f05d3..8626bb184c 100644
 --- a/src/shared/cgroup-setup.c
 +++ b/src/shared/cgroup-setup.c
-@@ -351,7 +351,7 @@ int cg_attach(const char *controller, const char *path, pid_t pid) {
+@@ -351,7 +351,7 @@ int cg_attach(const char *controller, co
  
          xsprintf(c, PID_FMT "\n", pid);
  
@@ -340,11 +312,9 @@
                          if (r < 0) {
                                  log_debug_errno(r, "Failed to %s controller %s for %s (%s): %m",
                                                  FLAGS_SET(mask, bit) ? "enable" : "disable", n, p, fs);
-diff --git a/src/shared/coredump-util.c b/src/shared/coredump-util.c
-index 3d2f179049..c1b6c170ac 100644
 --- a/src/shared/coredump-util.c
 +++ b/src/shared/coredump-util.c
-@@ -163,7 +163,7 @@ int set_coredump_filter(uint64_t value) {
+@@ -163,7 +163,7 @@ int set_coredump_filter(uint64_t value)
          xsprintf(t, "0x%"PRIx64, value);
  
          return write_string_file("/proc/self/coredump_filter", t,
@@ -353,11 +323,9 @@
  }
  
  /* Turn off core dumps but only if we're running outside of a container. */
-diff --git a/src/shared/sleep-util.c b/src/shared/sleep-util.c
-index d7277399fb..d06d636fcc 100644
 --- a/src/shared/sleep-util.c
 +++ b/src/shared/sleep-util.c
-@@ -1044,7 +1044,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) {
+@@ -1044,7 +1044,7 @@ int write_resume_config(dev_t devno, uin
  
          /* We write the offset first since it's safer. Note that this file is only available in 4.17+, so
           * fail gracefully if it doesn't exist and we're only overwriting it with 0. */
@@ -366,7 +334,7 @@
          if (r == -ENOENT) {
                  if (offset != 0)
                          return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-@@ -1060,7 +1060,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) {
+@@ -1060,7 +1060,7 @@ int write_resume_config(dev_t devno, uin
                  log_debug("Wrote resume_offset=%s for device '%s' to /sys/power/resume_offset.",
                            offset_str, device);
  
@@ -375,11 +343,9 @@
          if (r < 0)
                  return log_error_errno(r,
                                         "Failed to write device '%s' (%s) to /sys/power/resume: %m",
-diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c
-index b3b5c905ad..bbfa1973fd 100644
 --- a/src/shared/smack-util.c
 +++ b/src/shared/smack-util.c
-@@ -113,7 +113,7 @@ int mac_smack_apply_pid(pid_t pid, const char *label) {
+@@ -113,7 +113,7 @@ int mac_smack_apply_pid(pid_t pid, const
                  return 0;
  
          p = procfs_file_alloca(pid, "attr/current");
@@ -388,8 +354,6 @@
          if (r < 0)
                  return r;
  
-diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c
-index 765dd4974f..cd6afb001b 100644
 --- a/src/sleep/sleep.c
 +++ b/src/sleep/sleep.c
 @@ -139,7 +139,7 @@ static int write_mode(char **modes) {
@@ -401,7 +365,7 @@
                  if (k >= 0)
                          return 0;
  
-@@ -160,7 +160,7 @@ static int write_state(FILE **f, char **states) {
+@@ -160,7 +160,7 @@ static int write_state(FILE **f, char **
          STRV_FOREACH(state, states) {
                  int k;
  
@@ -410,11 +374,9 @@
                  if (k >= 0)
                          return 0;
                  log_debug_errno(k, "Failed to write '%s' to /sys/power/state: %m", *state);
-diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
-index 0ce79f815c..28aab475d0 100644
 --- a/src/udev/udev-rules.c
 +++ b/src/udev/udev-rules.c
-@@ -2634,7 +2634,6 @@ static int udev_rule_apply_token_to_event(
+@@ -2634,7 +2634,6 @@ static int udev_rule_apply_token_to_even
                  log_event_debug(dev, token, "ATTR '%s' writing '%s'", buf, value);
                  r = write_string_file(buf, value,
                                        WRITE_STRING_FILE_VERIFY_ON_FAILURE |
@@ -422,11 +384,9 @@
                                        WRITE_STRING_FILE_AVOID_NEWLINE |
                                        WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE);
                  if (r < 0)
-diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c
-index 7d3e9db73f..2d4a0c4c9d 100644
 --- a/src/vconsole/vconsole-setup.c
 +++ b/src/vconsole/vconsole-setup.c
-@@ -259,7 +259,7 @@ static int toggle_utf8_vc(const char *name, int fd, bool utf8) {
+@@ -260,7 +260,7 @@ static int toggle_utf8_vc(const char *na
  static int toggle_utf8_sysfs(bool utf8) {
          int r;
  
@@ -435,6 +395,3 @@
          if (r < 0)
                  return log_warning_errno(r, "Failed to %s sysfs UTF-8 flag: %m", enable_disable(utf8));
  
--- 
-2.39.2
-
diff --git a/poky/meta/recipes-core/systemd/systemd/0022-Handle-__cpu_mask-usage.patch b/poky/meta/recipes-core/systemd/systemd/0022-Handle-__cpu_mask-usage.patch
index 341543a..580aff3 100644
--- a/poky/meta/recipes-core/systemd/systemd/0022-Handle-__cpu_mask-usage.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0022-Handle-__cpu_mask-usage.patch
@@ -23,8 +23,6 @@
  src/test/test-sizeof.c    | 2 +-
  2 files changed, 3 insertions(+), 1 deletion(-)
 
-diff --git a/src/shared/cpu-set-util.h b/src/shared/cpu-set-util.h
-index 3c63a58826..4c2d4347fc 100644
 --- a/src/shared/cpu-set-util.h
 +++ b/src/shared/cpu-set-util.h
 @@ -6,6 +6,8 @@
@@ -36,8 +34,6 @@
  /* This wraps the libc interface with a variable to keep the allocated size. */
  typedef struct CPUSet {
          cpu_set_t *set;
-diff --git a/src/test/test-sizeof.c b/src/test/test-sizeof.c
-index 6cf92bffde..937d26ca55 100644
 --- a/src/test/test-sizeof.c
 +++ b/src/test/test-sizeof.c
 @@ -1,6 +1,5 @@
@@ -47,7 +43,7 @@
  #include <stdio.h>
  #include <string.h>
  #include <sys/resource.h>
-@@ -11,6 +10,7 @@
+@@ -12,6 +11,7 @@
  #include <float.h>
  
  #include "time-util.h"
@@ -55,6 +51,3 @@
  
  /* Print information about various types. Useful when diagnosing
   * gcc diagnostics on an unfamiliar architecture. */
--- 
-2.39.2
-
diff --git a/poky/meta/recipes-core/systemd/systemd/0025-include-sys-file.h-for-LOCK_EX.patch b/poky/meta/recipes-core/systemd/systemd/0025-include-sys-file.h-for-LOCK_EX.patch
deleted file mode 100644
index 7827cc1..0000000
--- a/poky/meta/recipes-core/systemd/systemd/0025-include-sys-file.h-for-LOCK_EX.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 2 Aug 2023 10:33:48 -0700
-Subject: [PATCH] include sys/file.h for LOCK_EX
-
-Fixes
-| ../git/src/basic/user-util.c:708:30: error: use of undeclared identifier 'LOCK_EX'; did you mean 'LOCK_BSD'?
-|   708 |         r = unposix_lock(fd, LOCK_EX);
-|       |                              ^~~~~~~
-|       |                              LOCK_BSD
-
-Upstream-Status: Backport [https://github.com/systemd/systemd/pull/28647]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- src/basic/user-util.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/basic/user-util.c b/src/basic/user-util.c
-index fe61a09005..5c39847733 100644
---- a/src/basic/user-util.c
-+++ b/src/basic/user-util.c
-@@ -6,6 +6,7 @@
- #include <stdint.h>
- #include <stdio.h>
- #include <stdlib.h>
-+#include <sys/file.h>
- #include <sys/stat.h>
- #include <unistd.h>
- #include <utmp.h>
diff --git a/poky/meta/recipes-core/systemd/systemd/0026-test-test-sizeof-Include-sys-timex.h-for-struct-time.patch b/poky/meta/recipes-core/systemd/systemd/0026-test-test-sizeof-Include-sys-timex.h-for-struct-time.patch
deleted file mode 100644
index f2130c8..0000000
--- a/poky/meta/recipes-core/systemd/systemd/0026-test-test-sizeof-Include-sys-timex.h-for-struct-time.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 2 Aug 2023 12:14:56 -0700
-Subject: [PATCH] test/test-sizeof: Include sys/timex.h for struct timex
-
-Fixes
-
-../git/src/test/test-sizeof.c:64:41: error: incomplete definition of type 'struct timex'
-   64 |         check(typeof(((struct timex *)0)->freq), SIZEOF_TIMEX_MEMBER);
-      |                      ~~~~~~~~~~~~~~~~~~~^
-
-Upstream-Status: Backport [https://github.com/systemd/systemd/pull/28651]
----
- src/test/test-sizeof.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/test/test-sizeof.c b/src/test/test-sizeof.c
-index 9d969cf8f1..b65c0bd370 100644
---- a/src/test/test-sizeof.c
-+++ b/src/test/test-sizeof.c
-@@ -4,6 +4,7 @@
- #include <string.h>
- #include <sys/resource.h>
- #include <sys/socket.h>
-+#include <sys/timex.h>
- #include <sys/types.h>
- 
- #define __STDC_WANT_IEC_60559_TYPES_EXT__
diff --git a/poky/meta/recipes-core/systemd/systemd/0027-include-missing-sys-file.h-for-LOCK_EX.patch b/poky/meta/recipes-core/systemd/systemd/0027-include-missing-sys-file.h-for-LOCK_EX.patch
deleted file mode 100644
index 1901480..0000000
--- a/poky/meta/recipes-core/systemd/systemd/0027-include-missing-sys-file.h-for-LOCK_EX.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 2 Aug 2023 12:18:24 -0700
-Subject: [PATCH] include missing sys/file.h for LOCK_EX
-
-Upstream-Status: Backport [https://github.com/systemd/systemd/pull/28651]
----
- src/core/execute.c            | 1 +
- src/shared/btrfs-util.c       | 1 +
- src/shared/copy.c             | 1 +
- src/test/test-btrfs.c         | 1 +
- src/test/test-fs-util.c       | 1 +
- src/test/test-lock-util.c     | 1 +
- src/vconsole/vconsole-setup.c | 1 +
- 7 files changed, 7 insertions(+)
-
-diff --git a/src/core/execute.c b/src/core/execute.c
-index 5b2ae861ff..2ebf19ffaa 100644
---- a/src/core/execute.c
-+++ b/src/core/execute.c
-@@ -4,6 +4,7 @@
- #include <fcntl.h>
- #include <poll.h>
- #include <sys/eventfd.h>
-+#include <sys/file.h>
- #include <sys/ioctl.h>
- #include <sys/mman.h>
- #include <sys/mount.h>
-diff --git a/src/shared/btrfs-util.c b/src/shared/btrfs-util.c
-index 5128b308ab..3ded95ea82 100644
---- a/src/shared/btrfs-util.c
-+++ b/src/shared/btrfs-util.c
-@@ -10,6 +10,7 @@
- #include <stddef.h>
- #include <stdio.h>
- #include <stdlib.h>
-+#include <sys/file.h>
- #include <sys/ioctl.h>
- #include <sys/sysmacros.h>
- #include <unistd.h>
-diff --git a/src/shared/copy.c b/src/shared/copy.c
-index 241a2d112b..7e47dc002c 100644
---- a/src/shared/copy.c
-+++ b/src/shared/copy.c
-@@ -6,6 +6,7 @@
- #include <stddef.h>
- #include <stdio.h>
- #include <stdlib.h>
-+#include <sys/file.h>
- #include <sys/ioctl.h>
- #include <sys/sendfile.h>
- #include <sys/xattr.h>
-diff --git a/src/test/test-btrfs.c b/src/test/test-btrfs.c
-index 95b7ef25d8..ba09563058 100644
---- a/src/test/test-btrfs.c
-+++ b/src/test/test-btrfs.c
-@@ -1,6 +1,7 @@
- /* SPDX-License-Identifier: LGPL-2.1-or-later */
- 
- #include <fcntl.h>
-+#include <sys/file.h>
- 
- #include "btrfs-util.h"
- #include "fd-util.h"
-diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
-index 1beba916a4..5de1eea0d4 100644
---- a/src/test/test-fs-util.c
-+++ b/src/test/test-fs-util.c
-@@ -1,5 +1,6 @@
- /* SPDX-License-Identifier: LGPL-2.1-or-later */
- 
-+#include <sys/file.h>
- #include <unistd.h>
- 
- #include "alloc-util.h"
-diff --git a/src/test/test-lock-util.c b/src/test/test-lock-util.c
-index a9a1b438ff..28fc54a5d6 100644
---- a/src/test/test-lock-util.c
-+++ b/src/test/test-lock-util.c
-@@ -1,5 +1,6 @@
- /* SPDX-License-Identifier: LGPL-2.1-or-later */
- 
-+#include <sys/file.h>
- #include <unistd.h>
- 
- #include "fd-util.h"
-diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c
-index d57d8b4001..86348d08c1 100644
---- a/src/vconsole/vconsole-setup.c
-+++ b/src/vconsole/vconsole-setup.c
-@@ -11,6 +11,7 @@
- #include <linux/vt.h>
- #include <stdbool.h>
- #include <stdlib.h>
-+#include <sys/file.h>
- #include <sys/ioctl.h>
- #include <sysexits.h>
- #include <termios.h>
diff --git a/poky/meta/recipes-core/systemd/systemd_254.bb b/poky/meta/recipes-core/systemd/systemd_254.4.bb
similarity index 99%
rename from poky/meta/recipes-core/systemd/systemd_254.bb
rename to poky/meta/recipes-core/systemd/systemd_254.4.bb
index 8d5cf13..77724eb 100644
--- a/poky/meta/recipes-core/systemd/systemd_254.bb
+++ b/poky/meta/recipes-core/systemd/systemd_254.4.bb
@@ -54,9 +54,6 @@
                file://0001-Adjust-for-musl-headers.patch \
                file://0006-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch \
                file://0003-errno-util-Make-STRERROR-portable-for-musl.patch \
-               file://0025-include-sys-file.h-for-LOCK_EX.patch \
-               file://0026-test-test-sizeof-Include-sys-timex.h-for-struct-time.patch \
-               file://0027-include-missing-sys-file.h-for-LOCK_EX.patch \
                file://0028-sd-event-Make-malloc_trim-conditional-on-glibc.patch \
                file://0029-shared-Do-not-use-malloc_info-on-musl.patch \
                "
diff --git a/poky/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb b/poky/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb
index 7aad2e2..b1f9cb4 100644
--- a/poky/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb
+++ b/poky/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb
@@ -2,7 +2,6 @@
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
 
-PR = "r10"
 
 SRC_URI = "file://inittab \
            file://start_getty"
diff --git a/poky/meta/recipes-core/util-linux/util-linux-libuuid_2.39.1.bb b/poky/meta/recipes-core/util-linux/util-linux-libuuid_2.39.2.bb
similarity index 100%
rename from poky/meta/recipes-core/util-linux/util-linux-libuuid_2.39.1.bb
rename to poky/meta/recipes-core/util-linux/util-linux-libuuid_2.39.2.bb
diff --git a/poky/meta/recipes-core/util-linux/util-linux.inc b/poky/meta/recipes-core/util-linux/util-linux.inc
index 99ce2a2..952a680 100644
--- a/poky/meta/recipes-core/util-linux/util-linux.inc
+++ b/poky/meta/recipes-core/util-linux/util-linux.inc
@@ -35,6 +35,7 @@
            file://run-ptest \
            file://display_testname_for_subtest.patch \
            file://avoid_parallel_tests.patch \
+           file://0001-lscpu-Use-4K-buffer-size-instead-of-BUFSIZ.patch \
            "
 
-SRC_URI[sha256sum] = "890ae8ff810247bd19e274df76e8371d202cda01ad277681b0ea88eeaa00286b"
+SRC_URI[sha256sum] = "87abdfaa8e490f8be6dde976f7c80b9b5ff9f301e1b67e3899e1f05a59a1531f"
diff --git a/poky/meta/recipes-core/util-linux/util-linux/0001-lscpu-Use-4K-buffer-size-instead-of-BUFSIZ.patch b/poky/meta/recipes-core/util-linux/util-linux/0001-lscpu-Use-4K-buffer-size-instead-of-BUFSIZ.patch
new file mode 100644
index 0000000..4d7487c
--- /dev/null
+++ b/poky/meta/recipes-core/util-linux/util-linux/0001-lscpu-Use-4K-buffer-size-instead-of-BUFSIZ.patch
@@ -0,0 +1,38 @@
+From 95b0405338440cf5cd6d4b2b5c66cda8bf381b28 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 15 Sep 2023 00:18:18 -0700
+Subject: [PATCH] lscpu: Use 4K buffer size instead of BUFSIZ
+
+Some lines in /proc/cpuinfo can be large e.g. flags and can then
+truncate them in displaying them
+
+BUFSIZ can vary quite a bit  e.g. glibc/linux systems its 8192
+but on musl/linux and OSX its 1024, on mingW it is 256, some tests e.g.
+x86_64-64cpu-linux6.2.tar.gz has added really long line for cpu flags
+line which is greater than 1024 characters and hence this test fails
+on musl because lscpu -s reports truncated string
+
+Upstream-Status: Submitted [https://github.com/util-linux/util-linux/pull/2492]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ sys-utils/lscpu-cputype.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/sys-utils/lscpu-cputype.c b/sys-utils/lscpu-cputype.c
+index 3fd5f7a3c..c8f72ab8a 100644
+--- a/sys-utils/lscpu-cputype.c
++++ b/sys-utils/lscpu-cputype.c
+@@ -462,7 +462,9 @@ static int cpuinfo_parse_cache(struct lscpu_cxt *cxt, int keynum, char *data)
+ int lscpu_read_cpuinfo(struct lscpu_cxt *cxt)
+ {
+ 	FILE *fp;
+-	char buf[BUFSIZ];
++	/* Used to be BUFSIZ which is small on some platforms e.g, musl,
++	 * therefore hardcode to 4K */
++	char buf[4096];
+ 	size_t i;
+ 	struct lscpu_cputype *ct;
+ 	struct cpuinfo_parser _pr = { .cxt = cxt }, *pr = &_pr;
+-- 
+2.42.0
+
diff --git a/poky/meta/recipes-core/util-linux/util-linux_2.39.1.bb b/poky/meta/recipes-core/util-linux/util-linux_2.39.2.bb
similarity index 97%
rename from poky/meta/recipes-core/util-linux/util-linux_2.39.1.bb
rename to poky/meta/recipes-core/util-linux/util-linux_2.39.2.bb
index c814055..927037a 100644
--- a/poky/meta/recipes-core/util-linux/util-linux_2.39.1.bb
+++ b/poky/meta/recipes-core/util-linux/util-linux_2.39.2.bb
@@ -62,7 +62,6 @@
 
 PACKAGES_DYNAMIC = "^${PN}-.*"
 
-CACHED_CONFIGUREVARS += "scanf_cv_alloc_modifier=ms"
 UTIL_LINUX_LIBDIR = "${libdir}"
 UTIL_LINUX_LIBDIR:class-target = "${base_libdir}"
 EXTRA_OECONF = "\
@@ -322,3 +321,12 @@
         rm -rf ${D}${PTEST_PATH}/tests/ts/chfn
     fi
 }
+
+# Delete tests not working on musl
+do_install_ptest:append:libc-musl() {
+    for t in tests/ts/col/multibyte \
+            tests/ts/lib/timeutils \
+            tests/ts/dmesg/limit; do
+        rm -rf ${D}${PTEST_PATH}/$t
+    done
+}
diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.41.inc b/poky/meta/recipes-devtools/binutils/binutils-2.41.inc
index 7ab2926..b4934c0 100644
--- a/poky/meta/recipes-devtools/binutils/binutils-2.41.inc
+++ b/poky/meta/recipes-devtools/binutils/binutils-2.41.inc
@@ -18,7 +18,7 @@
 
 UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
 
-SRCREV ?= "fd3cc73ee4a84df3ace3c0e470250a957e7d3468"
+SRCREV ?= "cb4c3555ac4cf8aaf0935cb6e4b09e6882436d21"
 BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https"
 SRC_URI = "\
      ${BINUTILS_GIT_URI} \
diff --git a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
index cce2f57..4d8ce4c 100644
--- a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
+++ b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
@@ -99,7 +99,6 @@
 S = "${WORKDIR}/git"
 SRCREV = "868a2afab9da34f32c007d773b77253c93104636"
 
-PR = "r1"
 
 inherit systemd update-rc.d python3native update-alternatives
 
diff --git a/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.3.3.bb b/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.5.1.bb
similarity index 97%
rename from poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.3.3.bb
rename to poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.5.1.bb
index e7a64e8..527e13d 100644
--- a/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.3.3.bb
+++ b/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.5.1.bb
@@ -18,7 +18,7 @@
 SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git;branch=master;protocol=https \
            file://0001-Add-a-possibility-to-specify-where-python-modules-ar.patch \
            "
-SRCREV = "bb0ca35245858f17a6ced97aade1dd8d70f9c9d7"
+SRCREV = "92d04d4780886a9850716e5529f1dace97779931"
 S = "${WORKDIR}/git"
 
 PACKAGECONFIG ??= " \
diff --git a/poky/meta/recipes-devtools/ccache/ccache_4.8.2.bb b/poky/meta/recipes-devtools/ccache/ccache_4.8.3.bb
similarity index 82%
rename from poky/meta/recipes-devtools/ccache/ccache_4.8.2.bb
rename to poky/meta/recipes-devtools/ccache/ccache_4.8.3.bb
index 22a6b38..03372aa 100644
--- a/poky/meta/recipes-devtools/ccache/ccache_4.8.2.bb
+++ b/poky/meta/recipes-devtools/ccache/ccache_4.8.3.bb
@@ -7,14 +7,14 @@
 SECTION = "devel"
 
 LICENSE = "GPL-3.0-or-later"
-LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=cd54b7abfc462470b0f505273c38f0ff"
+LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=6a6fe0ae4e57592b187ab72fa6d420ec"
 
 DEPENDS = "zstd"
 
 SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \
            file://0001-xxhash.h-Fix-build-with-gcc-12.patch \
            "
-SRC_URI[sha256sum] = "75eef15b8b9da48db9c91e1d0ff58b3645fc70c0e4ca2ef1b6825a12f21f217d"
+SRC_URI[sha256sum] = "d59dd569ad2bbc826c0bc335c8ebd73e78ed0f2f40ba6b30069347e63585d9ef"
 
 inherit cmake github-releases
 
diff --git a/poky/meta/recipes-devtools/cmake/cmake-native_3.27.4.bb b/poky/meta/recipes-devtools/cmake/cmake-native_3.27.5.bb
similarity index 100%
rename from poky/meta/recipes-devtools/cmake/cmake-native_3.27.4.bb
rename to poky/meta/recipes-devtools/cmake/cmake-native_3.27.5.bb
diff --git a/poky/meta/recipes-devtools/cmake/cmake.inc b/poky/meta/recipes-devtools/cmake/cmake.inc
index 430f13f..ef4eec5 100644
--- a/poky/meta/recipes-devtools/cmake/cmake.inc
+++ b/poky/meta/recipes-devtools/cmake/cmake.inc
@@ -19,7 +19,7 @@
 SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \
 "
 
-SRC_URI[sha256sum] = "0a905ca8635ca81aa152e123bdde7e54cbe764fdd9a70d62af44cad8b92967af"
+SRC_URI[sha256sum] = "5175e8fe1ca9b1dd09090130db7201968bcce1595971ff9e9998c2f0765004c9"
 
 UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/poky/meta/recipes-devtools/cmake/cmake_3.27.4.bb b/poky/meta/recipes-devtools/cmake/cmake_3.27.5.bb
similarity index 100%
rename from poky/meta/recipes-devtools/cmake/cmake_3.27.4.bb
rename to poky/meta/recipes-devtools/cmake/cmake_3.27.5.bb
diff --git a/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-Move-cr_compress_groupfile-outside-WITH_LIBMODULEMD.patch b/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-Move-cr_compress_groupfile-outside-WITH_LIBMODULEMD.patch
new file mode 100644
index 0000000..ea768e0
--- /dev/null
+++ b/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-Move-cr_compress_groupfile-outside-WITH_LIBMODULEMD.patch
@@ -0,0 +1,46 @@
+From 5326969acc0c7e9e3cabca202154e4120c0d2c2f Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 26 Sep 2023 14:52:11 -0700
+Subject: [PATCH] Move cr_compress_groupfile outside WITH_LIBMODULEMD
+
+This function is used in code which is not conditional under WITH_LIBMODULEMD
+therefore the declaration should also match its definition scope
+
+Fixes build issues flagged by clang
+
+src/createrepo_c.c:850:16: error: incompatible integer to pointer conversion initializing 'gchar *' (aka 'char *') with an
+ expression of type 'int' [-Wint-conversion]
+|   850 |         gchar *compressed_path = cr_compress_groupfile(cmd_options->groupfile_fullpath, tmp_out_repo, compression);
+|       |                ^                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Upstream-Status: Submitted [https://github.com/rpm-software-management/createrepo_c/pull/387]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/metadata_internal.h | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/metadata_internal.h b/src/metadata_internal.h
+index 8ba0576..ecfbac2 100644
+--- a/src/metadata_internal.h
++++ b/src/metadata_internal.h
+@@ -52,14 +52,14 @@ cr_metadata_load_modulemd(ModulemdModuleIndex **moduleindex,
+  * @param dest_dir      Path to directory where the compressed groupfile should be stored.
+  * @return              Path to the new compressed groupfile. Has to be freed by the caller.
+  */
++
++#endif /* WITH_LIBMODULEMD */
++
+ gchar *
+ cr_compress_groupfile(const char *groupfile,
+                       const char *dest_dir,
+                       cr_CompressionType compression);
+ 
+-
+-#endif /* WITH_LIBMODULEMD */
+-
+ #ifdef __cplusplus
+ }
+ #endif
+-- 
+2.42.0
+
diff --git a/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-src-cmd_parser.c-add-a-missing-parameter-name.patch b/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-src-cmd_parser.c-add-a-missing-parameter-name.patch
deleted file mode 100644
index 0d1c6b0..0000000
--- a/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-src-cmd_parser.c-add-a-missing-parameter-name.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 970b901e1999f415da8bac205f526c808ddad0ba Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Mon, 8 May 2023 10:40:43 +0200
-Subject: [PATCH] src/cmd_parser.c: add a missing parameter name
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This resolves the following error with older versions of gcc:
-| /srv/storage/alex/yocto/build-32/tmp/work/x86_64-linux/createrepo-c-native/0.21.1-r0/git/src/cmd_parser.c: In function ‘duplicated_nevra_option_parser’:
-| /srv/storage/alex/yocto/build-32/tmp/work/x86_64-linux/createrepo-c-native/0.21.1-r0/git/src/cmd_parser.c:76:32: error: parameter name omitted
-|    76 | duplicated_nevra_option_parser(const gchar *,
-|       |                                ^~~~~~~~~~~~~
-| /srv/storage/alex/yocto/build-32/tmp/work/x86_64-linux/createrepo-c-native/0.21.1-r0/git/src/cmd_parser.c:78:32: error: parameter name omitted
-|    78 |                                gpointer,
-|       |                                ^~~~~~~~
-
-Upstream-Status: Submitted [https://github.com/rpm-software-management/createrepo_c/pull/366]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- src/cmd_parser.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/cmd_parser.c b/src/cmd_parser.c
-index 97c9ea7..63af7ea 100644
---- a/src/cmd_parser.c
-+++ b/src/cmd_parser.c
-@@ -73,9 +73,9 @@ struct CmdOptions _cmd_options = {
- 
- 
- gboolean
--duplicated_nevra_option_parser(const gchar *,
-+duplicated_nevra_option_parser(const gchar *option_name,
-                                const gchar *value,
--                               gpointer,
-+                               gpointer data,
-                                GError **error)
- {
-     if (!g_strcmp0(value, "keep"))
diff --git a/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.21.1.bb b/poky/meta/recipes-devtools/createrepo-c/createrepo-c_1.0.0.bb
similarity index 92%
rename from poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.21.1.bb
rename to poky/meta/recipes-devtools/createrepo-c/createrepo-c_1.0.0.bb
index 57f23b8..f4e6549 100644
--- a/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.21.1.bb
+++ b/poky/meta/recipes-devtools/createrepo-c/createrepo-c_1.0.0.bb
@@ -7,11 +7,11 @@
 SRC_URI = "git://github.com/rpm-software-management/createrepo_c;branch=master;protocol=https \
            file://0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \
            file://0001-include-rpm-rpmstring.h.patch \
-           file://0001-src-cmd_parser.c-add-a-missing-parameter-name.patch \
            file://time64fix.patch \
+           file://0001-Move-cr_compress_groupfile-outside-WITH_LIBMODULEMD.patch \
            "
 
-SRCREV = "0652d7303ce236e596c83c29ccc9bee7868fce6e"
+SRCREV = "0cc13920991b2fb8f87fb9d352bd3394c2983289"
 
 S = "${WORKDIR}/git"
 
diff --git a/poky/meta/recipes-devtools/debugedit/debugedit_5.0.bb b/poky/meta/recipes-devtools/debugedit/debugedit_5.0.bb
index 257238f..63ad7ba 100644
--- a/poky/meta/recipes-devtools/debugedit/debugedit_5.0.bb
+++ b/poky/meta/recipes-devtools/debugedit/debugedit_5.0.bb
@@ -11,8 +11,7 @@
 
 SRC_URI = "https://sourceware.org/ftp/debugedit/${PV}/debugedit-${PV}.tar.xz"
 
-SRC_URI:append:libc-musl = " \
-           file://0001-tools-Add-error.h-for-non-glibc-case.patch \
+SRC_URI:append:libc-musl = "\
            file://0002-sepdebugcrcfix.c-do-not-use-64bit-variants.patch \
            file://0003-Makefile.am-do-not-update-manual.patch \
            "
@@ -20,6 +19,7 @@
 SRC_URI[sha256sum] = "e9ecd7d350bebae1f178ce6776ca19a648b6fe8fa22f5b3044b38d7899aa553e"
 
 DEPENDS = "elfutils"
+DEPENDS:append:libc-musl = " musl-legacy-error"
 
 inherit pkgconfig autotools
 
diff --git a/poky/meta/recipes-devtools/debugedit/files/0001-tools-Add-error.h-for-non-glibc-case.patch b/poky/meta/recipes-devtools/debugedit/files/0001-tools-Add-error.h-for-non-glibc-case.patch
deleted file mode 100644
index f6d64cb..0000000
--- a/poky/meta/recipes-devtools/debugedit/files/0001-tools-Add-error.h-for-non-glibc-case.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-From 4c797d3b559ba51bd9ccd9a2036245819acce843 Mon Sep 17 00:00:00 2001
-From: Chen Qi <Qi.Chen@windriver.com>
-Date: Thu, 23 Mar 2023 10:54:21 +0800
-Subject: [PATCH] tools: Add error.h for non-glibc case
-
-error is glibc specific API, so this patch will mostly not accepted
-upstream given that elfutils has been closely tied to glibc
-
-This is a OE specific workaround for musl.
-
-Upstream-Status: Inappropriate [OE Specific]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- tools/debugedit.c      |  7 ++++++-
- tools/error.h          | 27 +++++++++++++++++++++++++++
- tools/sepdebugcrcfix.c |  7 ++++++-
- 3 files changed, 39 insertions(+), 2 deletions(-)
- create mode 100644 tools/error.h
-
-diff --git a/tools/debugedit.c b/tools/debugedit.c
-index 668777a..a72c3c0 100644
---- a/tools/debugedit.c
-+++ b/tools/debugedit.c
-@@ -25,7 +25,6 @@
- #include <byteswap.h>
- #include <endian.h>
- #include <errno.h>
--#include <error.h>
- #include <limits.h>
- #include <string.h>
- #include <stdlib.h>
-@@ -40,6 +39,12 @@
- #include <gelf.h>
- #include <dwarf.h>
- 
-+#ifdef __GLIBC__
-+#include <error.h>
-+#else
-+#include "error.h"
-+#endif
-+
- #ifndef MAX
- #define MAX(m, n) ((m) < (n) ? (n) : (m))
- #endif
-diff --git a/tools/error.h b/tools/error.h
-new file mode 100644
-index 0000000..9b24418
---- /dev/null
-+++ b/tools/error.h
-@@ -0,0 +1,27 @@
-+#ifndef _ERROR_H_
-+#define _ERROR_H_
-+
-+#include <stdarg.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <errno.h>
-+
-+static unsigned int error_message_count = 0;
-+
-+static inline void error(int status, int errnum, const char* format, ...)
-+{
-+	va_list ap;
-+	fprintf(stderr, "%s: ", program_invocation_name);
-+	va_start(ap, format);
-+	vfprintf(stderr, format, ap);
-+	va_end(ap);
-+	if (errnum)
-+		fprintf(stderr, ": %s", strerror(errnum));
-+	fprintf(stderr, "\n");
-+	error_message_count++;
-+	if (status)
-+		exit(status);
-+}
-+
-+#endif        /* _ERROR_H_ */
-diff --git a/tools/sepdebugcrcfix.c b/tools/sepdebugcrcfix.c
-index da50e6c..c4a9d56 100644
---- a/tools/sepdebugcrcfix.c
-+++ b/tools/sepdebugcrcfix.c
-@@ -29,10 +29,15 @@
- #include <endian.h>
- #include <stdio.h>
- #include <stdlib.h>
--#include <error.h>
- #include <libelf.h>
- #include <gelf.h>
- 
-+#ifdef __GLIBC__
-+#include <error.h>
-+#else
-+#include "error.h"
-+#endif
-+
- #ifndef _
- #define _(x) x
- #endif
--- 
-2.17.1
-
diff --git a/poky/meta/recipes-devtools/devel-config/nfs-export-root.bb b/poky/meta/recipes-devtools/devel-config/nfs-export-root.bb
index 0aaec36..5e69962 100644
--- a/poky/meta/recipes-devtools/devel-config/nfs-export-root.bb
+++ b/poky/meta/recipes-devtools/devel-config/nfs-export-root.bb
@@ -3,7 +3,6 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 
-PR = "r1"
 
 SRC_URI = "file://exports"
 
diff --git a/poky/meta/recipes-devtools/dnf/dnf/0001-dnf-write-the-log-lock-to-root.patch b/poky/meta/recipes-devtools/dnf/dnf/0001-dnf-write-the-log-lock-to-root.patch
index 21b50de..eb0309d 100644
--- a/poky/meta/recipes-devtools/dnf/dnf/0001-dnf-write-the-log-lock-to-root.patch
+++ b/poky/meta/recipes-devtools/dnf/dnf/0001-dnf-write-the-log-lock-to-root.patch
@@ -1,4 +1,4 @@
-From 5e07c16a506b19cbb107d5e99fca41d679b23b9a Mon Sep 17 00:00:00 2001
+From 3bd0faf58cc9ad531e6b63d5660c4b8316e8daed Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Tue, 28 Apr 2020 15:55:00 +0200
 Subject: [PATCH] dnf: write the log lock to root
@@ -10,15 +10,16 @@
 
 Upstream-Status: Inappropriate [oe-core specific]
 Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
 ---
  dnf/logging.py | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/dnf/logging.py b/dnf/logging.py
-index bd660470..a9d808b1 100644
+index ef0b25f3..94610af6 100644
 --- a/dnf/logging.py
 +++ b/dnf/logging.py
-@@ -94,7 +94,7 @@ class MultiprocessRotatingFileHandler(logging.handlers.RotatingFileHandler):
+@@ -118,7 +118,7 @@ class MultiprocessRotatingFileHandler(logging.handlers.RotatingFileHandler):
      def __init__(self, filename, mode='a', maxBytes=0, backupCount=0, encoding=None, delay=False):
          super(MultiprocessRotatingFileHandler, self).__init__(
              filename, mode, maxBytes, backupCount, encoding, delay)
diff --git a/poky/meta/recipes-devtools/dnf/dnf_4.16.1.bb b/poky/meta/recipes-devtools/dnf/dnf_4.17.0.bb
similarity index 98%
rename from poky/meta/recipes-devtools/dnf/dnf_4.16.1.bb
rename to poky/meta/recipes-devtools/dnf/dnf_4.17.0.bb
index 9134411..ec4e48d 100644
--- a/poky/meta/recipes-devtools/dnf/dnf_4.16.1.bb
+++ b/poky/meta/recipes-devtools/dnf/dnf_4.17.0.bb
@@ -19,7 +19,7 @@
 
 SRC_URI:append:class-native = "file://0001-dnf-write-the-log-lock-to-root.patch"
 
-SRCREV = "94b7cc7956580405b219329541d6b40db6499cf1"
+SRCREV = "a31687c169095de1acb5c0a3762bf78993661776"
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)"
 
 S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-devtools/elfutils/elfutils_0.189.bb b/poky/meta/recipes-devtools/elfutils/elfutils_0.189.bb
index 236f8ce..d8bf82b 100644
--- a/poky/meta/recipes-devtools/elfutils/elfutils_0.189.bb
+++ b/poky/meta/recipes-devtools/elfutils/elfutils_0.189.bb
@@ -7,7 +7,7 @@
                     file://debuginfod/debuginfod-client.c;endline=28;md5=f0a7c3170776866ee94e8f9225a6ad79 \
                     "
 DEPENDS = "zlib virtual/libintl"
-DEPENDS:append:libc-musl = " argp-standalone fts musl-obstack "
+DEPENDS:append:libc-musl = " argp-standalone fts musl-legacy-error musl-obstack"
 # The Debian patches below are from:
 # http://ftp.de.debian.org/debian/pool/main/e/elfutils/elfutils_0.176-1.debian.tar.xz
 SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
@@ -24,7 +24,6 @@
            "
 SRC_URI:append:libc-musl = " \
            file://0003-musl-utils.patch \
-           file://0015-config-eu.am-do-not-use-Werror.patch \
            "
 SRC_URI[sha256sum] = "39bd8f1a338e2b7cd4abc3ff11a0eddc6e690f69578a57478d8179b4148708c8"
 
@@ -32,6 +31,9 @@
 
 EXTRA_OECONF = "--program-prefix=eu-"
 
+# Only used at runtime for make check but we want deterministic makefiles for ptest so hardcode
+CACHED_CONFIGUREVARS += "ac_cv_prog_HAVE_BUNZIP2=yes"
+
 BUILD_CFLAGS += "-Wno-error=stringop-overflow"
 
 DEPENDS_BZIP2 = "bzip2-replacement-native"
diff --git a/poky/meta/recipes-devtools/elfutils/files/0015-config-eu.am-do-not-use-Werror.patch b/poky/meta/recipes-devtools/elfutils/files/0015-config-eu.am-do-not-use-Werror.patch
deleted file mode 100644
index 9ee5801..0000000
--- a/poky/meta/recipes-devtools/elfutils/files/0015-config-eu.am-do-not-use-Werror.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From c209233857a73970d7a7dd8da664903570efc7ea Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Mon, 22 Jun 2020 21:35:16 +0000
-Subject: [PATCH] config/eu.am: do not use -Werror
-
-Due to re-definition of error() on musl, gcc starts throwing
-errors where none happen with glibc. Since upstream is not
-likely to be interested in musl builds, lets just disable
-Werror.
-
-Upstream-Status: Inappropriate [oe core specific]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
-
----
- config/eu.am | 2 --
- 1 file changed, 2 deletions(-)
-diff --git a/config/eu.am b/config/eu.am
-index e6c241f..4136e7c 100644
---- a/config/eu.am
-+++ b/config/eu.am
-@@ -99,7 +99,6 @@ AM_CFLAGS = -std=gnu99 -Wall -Wshadow -Wformat=2 \
- 	    $(LOGICAL_OP_WARNING) $(DUPLICATED_COND_WARNING) \
- 	    $(NULL_DEREFERENCE_WARNING) $(IMPLICIT_FALLTHROUGH_WARNING) \
- 	    $(USE_AFTER_FREE3_WARNING) \
--	    $(if $($(*F)_no_Werror),,-Werror) \
- 	    $(if $($(*F)_no_Wunused),,-Wunused -Wextra) \
- 	    $(if $($(*F)_no_Wstack_usage),,$(STACK_USAGE_WARNING)) \
- 	    $(if $($(*F)_no_Wpacked_not_aligned),$(NO_PACKED_NOT_ALIGNED_WARNING),) \
-@@ -109,7 +108,6 @@ AM_CXXFLAGS = -std=c++11 -Wall -Wshadow \
- 	   $(TRAMPOLINES_WARNING) \
- 	   $(LOGICAL_OP_WARNING) $(DUPLICATED_COND_WARNING) \
- 	   $(NULL_DEREFERENCE_WARNING) $(IMPLICIT_FALLTHROUGH_WARNING) \
--	   $(if $($(*F)_no_Werror),,-Werror) \
- 	   $(if $($(*F)_no_Wunused),,-Wunused -Wextra) \
- 	   $(if $($(*F)_no_Wstack_usage),,$(STACK_USAGE_WARNING)) \
- 	   $(if $($(*F)_no_Wpacked_not_aligned),$(NO_PACKED_NOT_ALIGNED_WARNING),) \
--- 
diff --git a/poky/meta/recipes-devtools/gcc/gcc-13.2.inc b/poky/meta/recipes-devtools/gcc/gcc-13.2.inc
index 7f97ecc..359db1e 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-13.2.inc
+++ b/poky/meta/recipes-devtools/gcc/gcc-13.2.inc
@@ -10,7 +10,7 @@
 
 FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc:${FILE_DIRNAME}/gcc/backport:"
 
-DEPENDS =+ "mpfr gmp libmpc zlib flex-native"
+DEPENDS =+ "mpfr gmp libmpc zlib zstd flex-native"
 NATIVEDEPS = "mpfr-native gmp-native libmpc-native zlib-native flex-native zstd-native"
 
 LICENSE = "GPL-3.0-with-GCC-exception & GPL-3.0-only"
@@ -64,7 +64,9 @@
            file://0022-libatomic-Do-not-enforce-march-on-aarch64.patch \
            file://0023-Fix-install-path-of-linux64.h.patch \
            file://0024-Avoid-hardcoded-build-paths-into-ppc-libgcc.patch \
-           file://0025-gcc-testsuite-mips.patch \
+           file://0025-gcc-testsuite-tweaks-for-mips-OE.patch \
+           file://CVE-2023-4039.patch \
+           file://0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch \
 "
 SRC_URI[sha256sum] = "e275e76442a6067341a27f04c5c6b83d8613144004c0413528863dc6b5c743da"
 
diff --git a/poky/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-mips.patch b/poky/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-tweaks-for-mips-OE.patch
similarity index 76%
rename from poky/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-mips.patch
rename to poky/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-tweaks-for-mips-OE.patch
index 49eaece..c405d8d 100644
--- a/poky/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-mips.patch
+++ b/poky/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-tweaks-for-mips-OE.patch
@@ -1,4 +1,7 @@
-gcc testsuite tweaks for mips/OE
+From f12acc6a383546d48da3bdfb2f25ca2adb7976d7 Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Date: Sun, 13 Aug 2023 10:24:05 +0100
+Subject: [PATCH] gcc testsuite tweaks for mips/OE
 
 Disable loongson-mmi runtine, qemu doesn't appear to fully support them even if some
 of the instruction decoding is there.
@@ -27,12 +30,70 @@
 discussion. Need to investigate why qemu-user passes the 'bad' instructions']
 
 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+---
+ gcc/testsuite/gcc.target/mips/mips.exp | 16 +++++++++
+ gcc/testsuite/lib/gcc-dg.exp           | 11 +++++++
+ gcc/testsuite/lib/target-supports.exp  | 45 ++++++++------------------
+ 3 files changed, 41 insertions(+), 31 deletions(-)
 
-Index: gcc-13.2.0/gcc/testsuite/lib/target-supports.exp
-===================================================================
---- gcc-13.2.0.orig/gcc/testsuite/lib/target-supports.exp
-+++ gcc-13.2.0/gcc/testsuite/lib/target-supports.exp
-@@ -2155,14 +2155,7 @@ proc check_mips_loongson_mmi_hw_availabl
+diff --git a/gcc/testsuite/gcc.target/mips/mips.exp b/gcc/testsuite/gcc.target/mips/mips.exp
+index 15d574202d3..2cef9709774 100644
+--- a/gcc/testsuite/gcc.target/mips/mips.exp
++++ b/gcc/testsuite/gcc.target/mips/mips.exp
+@@ -709,7 +709,23 @@ proc mips_first_unsupported_option { upstatus } {
+     global mips_option_tests
+     upvar $upstatus status
+ 
++    if { [mips_have_test_option_p status "-mmsa"] } {
++        verbose -log "Found -mmsa"
++	if { ![check_mips_msa_hw_available] } {
++	    verbose -log "No MSA avail"
++	    return "-mmsa"
++	}
++    }
++    if { [mips_have_test_option_p status "-mloongson-mmi"] } {
++        verbose -log "Found -mloonson-mmi"
++        if { ![check_mips_loongson_mmi_hw_available] } {
++	    verbose -log "No MMI avail"
++   	    return "-mloonson-mmi"
++	}
++    }
++
+     foreach { option code } [array get mips_option_tests] {
++
+ 	if { [mips_have_test_option_p status $option] } {
+ 	    regsub -all "\n" $code "\\n\\\n" asm
+ 	    # Use check_runtime from target-supports.exp, which caches
+diff --git a/gcc/testsuite/lib/gcc-dg.exp b/gcc/testsuite/lib/gcc-dg.exp
+index 9d79b9402e9..e0e5cbb1af8 100644
+--- a/gcc/testsuite/lib/gcc-dg.exp
++++ b/gcc/testsuite/lib/gcc-dg.exp
+@@ -240,9 +240,20 @@ proc schedule-cleanups { opts } {
+ 
+ proc gcc-dg-test-1 { target_compile prog do_what extra_tool_flags } {
+     # Set up the compiler flags, based on what we're going to do.
++    global do-what-limit
+ 
+     set options [list]
+ 
++    if [info exists do-what-limit] then {
++        # Demote run tests to $do-what-limit if set
++	switch $do_what {
++	    run {
++    	        set do_what $do-what-limit
++  		set dg-do-what $do-what-limit
++	    }
++        }
++    }
++
+     switch $do_what {
+ 	"preprocess" {
+ 	    set compile_type "preprocess"
+diff --git a/gcc/testsuite/lib/target-supports.exp b/gcc/testsuite/lib/target-supports.exp
+index 40f71e9ed8b..10e267fa16d 100644
+--- a/gcc/testsuite/lib/target-supports.exp
++++ b/gcc/testsuite/lib/target-supports.exp
+@@ -2155,14 +2155,7 @@ proc check_mips_loongson_mmi_hw_available { } {
  	if { !([istarget mips*-*-*]) } {
  	    expr 0
  	} else {
@@ -79,7 +140,7 @@
      }
    }]
  }
-@@ -9187,6 +9158,7 @@ proc is-effective-target-keyword { arg }
+@@ -9187,6 +9158,7 @@ proc is-effective-target-keyword { arg } {
  
  proc et-dg-runtest { runtest testcases flags default-extra-flags } {
      global dg-do-what-default
@@ -87,7 +148,7 @@
      global EFFECTIVE_TARGETS
      global et_index
  
-@@ -9194,6 +9166,7 @@ proc et-dg-runtest { runtest testcases f
+@@ -9194,6 +9166,7 @@ proc et-dg-runtest { runtest testcases flags default-extra-flags } {
  	foreach target $EFFECTIVE_TARGETS {
  	    set target_flags $flags
  	    set dg-do-what-default compile
@@ -95,7 +156,7 @@
  	    set et_index [lsearch -exact $EFFECTIVE_TARGETS $target]
  	    if { [info procs add_options_for_${target}] != [list] } {
  		set target_flags [add_options_for_${target} "$flags"]
-@@ -9201,8 +9174,10 @@ proc et-dg-runtest { runtest testcases f
+@@ -9201,8 +9174,10 @@ proc et-dg-runtest { runtest testcases flags default-extra-flags } {
  	    if { [info procs check_effective_target_${target}_runtime]
  		 != [list] && [check_effective_target_${target}_runtime] } {
  		set dg-do-what-default run
@@ -106,7 +167,7 @@
  	}
      } else {
  	set et_index 0
-@@ -10789,6 +10764,7 @@ proc check_effective_target_sigsetjmp {}
+@@ -10789,6 +10764,7 @@ proc check_effective_target_sigsetjmp {} {
  proc check_vect_support_and_set_flags { } {
      global DEFAULT_VECTCFLAGS
      global dg-do-what-default
@@ -114,7 +175,7 @@
      global EFFECTIVE_TARGETS
  
      if  [istarget powerpc-*paired*]  {
-@@ -10797,6 +10773,7 @@ proc check_vect_support_and_set_flags {
+@@ -10797,6 +10773,7 @@ proc check_vect_support_and_set_flags { } {
              set dg-do-what-default run
          } else {
              set dg-do-what-default compile
@@ -122,7 +183,7 @@
          }
      } elseif [istarget powerpc*-*-*] {
          # Skip targets not supporting -maltivec.
-@@ -10821,6 +10798,7 @@ proc check_vect_support_and_set_flags {
+@@ -10821,6 +10798,7 @@ proc check_vect_support_and_set_flags { } {
                  lappend DEFAULT_VECTCFLAGS "-mcpu=970"
              }
              set dg-do-what-default compile
@@ -130,7 +191,7 @@
          }
      } elseif { [istarget i?86-*-*] || [istarget x86_64-*-*] } {
          lappend DEFAULT_VECTCFLAGS "-msse2"
-@@ -10828,6 +10806,7 @@ proc check_vect_support_and_set_flags {
+@@ -10828,6 +10806,7 @@ proc check_vect_support_and_set_flags { } {
              set dg-do-what-default run
          } else {
              set dg-do-what-default compile
@@ -138,7 +199,7 @@
          }
      } elseif { [istarget mips*-*-*]
  	       && [check_effective_target_nomips16] } {
-@@ -10847,6 +10826,7 @@ proc check_vect_support_and_set_flags {
+@@ -10847,6 +10826,7 @@ proc check_vect_support_and_set_flags { } {
              set dg-do-what-default run
          } else {
              set dg-do-what-default compile
@@ -146,7 +207,7 @@
          }
      } elseif [istarget alpha*-*-*] {
          # Alpha's vectorization capabilities are extremely limited.
-@@ -10860,6 +10840,7 @@ proc check_vect_support_and_set_flags {
+@@ -10860,6 +10840,7 @@ proc check_vect_support_and_set_flags { } {
              set dg-do-what-default run
          } else {
              set dg-do-what-default compile
@@ -154,7 +215,7 @@
          }
      } elseif [istarget ia64-*-*] {
          set dg-do-what-default run
-@@ -10873,6 +10854,7 @@ proc check_vect_support_and_set_flags {
+@@ -10873,6 +10854,7 @@ proc check_vect_support_and_set_flags { } {
              set dg-do-what-default run
          } else {
              set dg-do-what-default compile
@@ -162,7 +223,7 @@
          }
      } elseif [istarget aarch64*-*-*] {
          set dg-do-what-default run
-@@ -10897,6 +10879,7 @@ proc check_vect_support_and_set_flags {
+@@ -10897,6 +10879,7 @@ proc check_vect_support_and_set_flags { } {
          } else {
  	    lappend DEFAULT_VECTCFLAGS "-march=z14" "-mzarch"
              set dg-do-what-default compile
@@ -170,56 +231,3 @@
          }
      } elseif [istarget amdgcn-*-*] {
          set dg-do-what-default run
-Index: gcc-13.2.0/gcc/testsuite/gcc.target/mips/mips.exp
-===================================================================
---- gcc-13.2.0.orig/gcc/testsuite/gcc.target/mips/mips.exp
-+++ gcc-13.2.0/gcc/testsuite/gcc.target/mips/mips.exp
-@@ -709,7 +709,23 @@ proc mips_first_unsupported_option { ups
-     global mips_option_tests
-     upvar $upstatus status
- 
-+    if { [mips_have_test_option_p status "-mmsa"] } {
-+        verbose -log "Found -mmsa"
-+	if { ![check_mips_msa_hw_available] } {
-+	    verbose -log "No MSA avail"
-+	    return "-mmsa"
-+	}
-+    }
-+    if { [mips_have_test_option_p status "-mloongson-mmi"] } {
-+        verbose -log "Found -mloonson-mmi"
-+        if { ![check_mips_loongson_mmi_hw_available] } {
-+	    verbose -log "No MMI avail"
-+   	    return "-mloonson-mmi"
-+	}
-+    }
-+
-     foreach { option code } [array get mips_option_tests] {
-+
- 	if { [mips_have_test_option_p status $option] } {
- 	    regsub -all "\n" $code "\\n\\\n" asm
- 	    # Use check_runtime from target-supports.exp, which caches
-Index: gcc-13.2.0/gcc/testsuite/lib/gcc-dg.exp
-===================================================================
---- gcc-13.2.0.orig/gcc/testsuite/lib/gcc-dg.exp
-+++ gcc-13.2.0/gcc/testsuite/lib/gcc-dg.exp
-@@ -240,9 +240,20 @@ proc schedule-cleanups { opts } {
- 
- proc gcc-dg-test-1 { target_compile prog do_what extra_tool_flags } {
-     # Set up the compiler flags, based on what we're going to do.
-+    global do-what-limit
- 
-     set options [list]
- 
-+    if [info exists do-what-limit] then {
-+        # Demote run tests to $do-what-limit if set
-+	switch $do_what {
-+	    run {
-+    	        set do_what $do-what-limit
-+  		set dg-do-what $do-what-limit
-+	    }
-+        }
-+    }
-+
-     switch $do_what {
- 	"preprocess" {
- 	    set compile_type "preprocess"
diff --git a/poky/meta/recipes-devtools/gcc/gcc/0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch b/poky/meta/recipes-devtools/gcc/gcc/0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch
new file mode 100644
index 0000000..a408a98
--- /dev/null
+++ b/poky/meta/recipes-devtools/gcc/gcc/0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch
@@ -0,0 +1,117 @@
+From adb60dc78e0da4877747f32347cee339364775be Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Fri, 15 Sep 2023 09:19:14 +0100
+Subject: [PATCH] aarch64: Fix loose ldpstp check [PR111411]
+
+aarch64_operands_ok_for_ldpstp contained the code:
+
+  /* One of the memory accesses must be a mempair operand.
+     If it is not the first one, they need to be swapped by the
+     peephole.  */
+  if (!aarch64_mem_pair_operand (mem_1, GET_MODE (mem_1))
+       && !aarch64_mem_pair_operand (mem_2, GET_MODE (mem_2)))
+    return false;
+
+But the requirement isn't just that one of the accesses must be a
+valid mempair operand.  It's that the lower access must be, since
+that's the access that will be used for the instruction operand.
+
+gcc/
+	PR target/111411
+	* config/aarch64/aarch64.cc (aarch64_operands_ok_for_ldpstp): Require
+	the lower memory access to a mem-pair operand.
+
+gcc/testsuite/
+	PR target/111411
+	* gcc.dg/rtl/aarch64/pr111411.c: New test.
+
+Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=2d38f45bcca62ca0c7afef4b579f82c5c2a01610]
+Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
+---
+ gcc/config/aarch64/aarch64.cc               |  8 ++-
+ gcc/testsuite/gcc.dg/rtl/aarch64/pr111411.c | 57 +++++++++++++++++++++
+ 2 files changed, 60 insertions(+), 5 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.dg/rtl/aarch64/pr111411.c
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index 6118a3354ac..9b1f791ca8b 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -26154,11 +26154,9 @@ aarch64_operands_ok_for_ldpstp (rtx *operands, bool load,
+   gcc_assert (known_eq (GET_MODE_SIZE (GET_MODE (mem_1)),
+ 			GET_MODE_SIZE (GET_MODE (mem_2))));
+ 
+-  /* One of the memory accesses must be a mempair operand.
+-     If it is not the first one, they need to be swapped by the
+-     peephole.  */
+-  if (!aarch64_mem_pair_operand (mem_1, GET_MODE (mem_1))
+-       && !aarch64_mem_pair_operand (mem_2, GET_MODE (mem_2)))
++  /* The lower memory access must be a mem-pair operand.  */
++  rtx lower_mem = reversed ? mem_2 : mem_1;
++  if (!aarch64_mem_pair_operand (lower_mem, GET_MODE (lower_mem)))
+     return false;
+ 
+   if (REG_P (reg_1) && FP_REGNUM_P (REGNO (reg_1)))
+diff --git a/gcc/testsuite/gcc.dg/rtl/aarch64/pr111411.c b/gcc/testsuite/gcc.dg/rtl/aarch64/pr111411.c
+new file mode 100644
+index 00000000000..ad07e9c6c89
+--- /dev/null
++++ b/gcc/testsuite/gcc.dg/rtl/aarch64/pr111411.c
+@@ -0,0 +1,57 @@
++/* { dg-do compile { target aarch64*-*-* } } */
++/* { dg-require-effective-target lp64 } */
++/* { dg-options "-O -fdisable-rtl-postreload -fpeephole2 -fno-schedule-fusion" } */
++
++extern int data[];
++
++void __RTL (startwith ("ira")) foo (void *ptr)
++{
++  (function "foo"
++    (param "ptr"
++      (DECL_RTL (reg/v:DI <0> [ ptr ]))
++      (DECL_RTL_INCOMING (reg/v:DI x0 [ ptr ]))
++    ) ;; param "ptr"
++    (insn-chain
++      (block 2
++	(edge-from entry (flags "FALLTHRU"))
++	(cnote 3 [bb 2] NOTE_INSN_BASIC_BLOCK)
++	(insn 4 (set (reg:DI <0>) (reg:DI x0)))
++	(insn 5 (set (reg:DI <1>)
++		     (plus:DI (reg:DI <0>) (const_int 768))))
++	(insn 6 (set (mem:SI (plus:DI (reg:DI <0>)
++				      (const_int 508)) [1 &data+508 S4 A4])
++		     (const_int 0)))
++	(insn 7 (set (mem:SI (plus:DI (reg:DI <1>)
++				      (const_int -256)) [1 &data+512 S4 A4])
++		     (const_int 0)))
++	(edge-to exit (flags "FALLTHRU"))
++      ) ;; block 2
++    ) ;; insn-chain
++  ) ;; function
++}
++
++void __RTL (startwith ("ira")) bar (void *ptr)
++{
++  (function "bar"
++    (param "ptr"
++      (DECL_RTL (reg/v:DI <0> [ ptr ]))
++      (DECL_RTL_INCOMING (reg/v:DI x0 [ ptr ]))
++    ) ;; param "ptr"
++    (insn-chain
++      (block 2
++	(edge-from entry (flags "FALLTHRU"))
++	(cnote 3 [bb 2] NOTE_INSN_BASIC_BLOCK)
++	(insn 4 (set (reg:DI <0>) (reg:DI x0)))
++	(insn 5 (set (reg:DI <1>)
++		     (plus:DI (reg:DI <0>) (const_int 768))))
++	(insn 6 (set (mem:SI (plus:DI (reg:DI <1>)
++				      (const_int -256)) [1 &data+512 S4 A4])
++		     (const_int 0)))
++	(insn 7 (set (mem:SI (plus:DI (reg:DI <0>)
++				      (const_int 508)) [1 &data+508 S4 A4])
++		     (const_int 0)))
++	(edge-to exit (flags "FALLTHRU"))
++      ) ;; block 2
++    ) ;; insn-chain
++  ) ;; function
++}
diff --git a/poky/meta/recipes-devtools/gcc/gcc/CVE-2023-4039.patch b/poky/meta/recipes-devtools/gcc/gcc/CVE-2023-4039.patch
new file mode 100644
index 0000000..81b5067
--- /dev/null
+++ b/poky/meta/recipes-devtools/gcc/gcc/CVE-2023-4039.patch
@@ -0,0 +1,3093 @@
+From: Richard Sandiford <richard.sandiford@arm.com>
+Subject: [PATCH 00/19] aarch64: Fix -fstack-protector issue
+Date: Tue, 12 Sep 2023 16:25:10 +0100
+
+This series of patches fixes deficiencies in GCC's -fstack-protector
+implementation for AArch64 when using dynamically allocated stack space.
+This is CVE-2023-4039.  See:
+
+https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64
+https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf
+
+for more details.
+
+The fix is to put the saved registers above the locals area when
+-fstack-protector is used.
+
+The series also fixes a stack-clash problem that I found while working
+on the CVE.  In unpatched sources, the stack-clash problem would only
+trigger for unrealistic numbers of arguments (8K 64-bit arguments, or an
+equivalent).  But it would be a more significant issue with the new
+-fstack-protector frame layout.  It's therefore important that both
+problems are fixed together.
+
+Some reorganisation of the code seemed necessary to fix the problems in a
+cleanish way.  The series is therefore quite long, but only a handful of
+patches should have any effect on code generation.
+
+See the individual patches for a detailed description.
+
+Tested on aarch64-linux-gnu. Pushed to trunk and to all active branches.
+I've also pushed backports to GCC 7+ to vendors/ARM/heads/CVE-2023-4039.
+
+CVE: CVE-2023-4039
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+  
+  
+From 71a2aa2127283f450c623d3604dbcabe0e14a8d4 Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:12 +0100
+Subject: [PATCH 01/19] aarch64: Use local frame vars in shrink-wrapping code
+
+aarch64_layout_frame uses a shorthand for referring to
+cfun->machine->frame:
+
+  aarch64_frame &frame = cfun->machine->frame;
+
+This patch does the same for some other heavy users of the structure.
+No functional change intended.
+
+gcc/
+	* config/aarch64/aarch64.cc (aarch64_save_callee_saves): Use
+	a local shorthand for cfun->machine->frame.
+	(aarch64_restore_callee_saves, aarch64_get_separate_components):
+	(aarch64_process_components): Likewise.
+	(aarch64_allocate_and_probe_stack_space): Likewise.
+	(aarch64_expand_prologue, aarch64_expand_epilogue): Likewise.
+	(aarch64_layout_frame): Use existing shorthand for one more case.
+---
+ gcc/config/aarch64/aarch64.cc | 123 ++++++++++++++++++----------------
+ 1 file changed, 64 insertions(+), 59 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index 822a2b49a46..5d473d161d9 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -8612,7 +8612,7 @@ aarch64_layout_frame (void)
+   frame.is_scs_enabled
+     = (!crtl->calls_eh_return
+        && sanitize_flags_p (SANITIZE_SHADOW_CALL_STACK)
+-       && known_ge (cfun->machine->frame.reg_offset[LR_REGNUM], 0));
++       && known_ge (frame.reg_offset[LR_REGNUM], 0));
+ 
+   /* When shadow call stack is enabled, the scs_pop in the epilogue will
+      restore x30, and we don't need to pop x30 again in the traditional
+@@ -9078,6 +9078,7 @@ aarch64_save_callee_saves (poly_int64 start_offset,
+ 			   unsigned start, unsigned limit, bool skip_wb,
+ 			   bool hard_fp_valid_p)
+ {
++  aarch64_frame &frame = cfun->machine->frame;
+   rtx_insn *insn;
+   unsigned regno;
+   unsigned regno2;
+@@ -9092,8 +9093,8 @@ aarch64_save_callee_saves (poly_int64 start_offset,
+       bool frame_related_p = aarch64_emit_cfi_for_reg_p (regno);
+ 
+       if (skip_wb
+-	  && (regno == cfun->machine->frame.wb_push_candidate1
+-	      || regno == cfun->machine->frame.wb_push_candidate2))
++	  && (regno == frame.wb_push_candidate1
++	      || regno == frame.wb_push_candidate2))
+ 	continue;
+ 
+       if (cfun->machine->reg_is_wrapped_separately[regno])
+@@ -9101,7 +9102,7 @@ aarch64_save_callee_saves (poly_int64 start_offset,
+ 
+       machine_mode mode = aarch64_reg_save_mode (regno);
+       reg = gen_rtx_REG (mode, regno);
+-      offset = start_offset + cfun->machine->frame.reg_offset[regno];
++      offset = start_offset + frame.reg_offset[regno];
+       rtx base_rtx = stack_pointer_rtx;
+       poly_int64 sp_offset = offset;
+ 
+@@ -9114,7 +9115,7 @@ aarch64_save_callee_saves (poly_int64 start_offset,
+ 	{
+ 	  gcc_assert (known_eq (start_offset, 0));
+ 	  poly_int64 fp_offset
+-	    = cfun->machine->frame.below_hard_fp_saved_regs_size;
++	    = frame.below_hard_fp_saved_regs_size;
+ 	  if (hard_fp_valid_p)
+ 	    base_rtx = hard_frame_pointer_rtx;
+ 	  else
+@@ -9136,8 +9137,7 @@ aarch64_save_callee_saves (poly_int64 start_offset,
+ 	  && (regno2 = aarch64_next_callee_save (regno + 1, limit)) <= limit
+ 	  && !cfun->machine->reg_is_wrapped_separately[regno2]
+ 	  && known_eq (GET_MODE_SIZE (mode),
+-		       cfun->machine->frame.reg_offset[regno2]
+-		       - cfun->machine->frame.reg_offset[regno]))
++		       frame.reg_offset[regno2] - frame.reg_offset[regno]))
+ 	{
+ 	  rtx reg2 = gen_rtx_REG (mode, regno2);
+ 	  rtx mem2;
+@@ -9187,6 +9187,7 @@ static void
+ aarch64_restore_callee_saves (poly_int64 start_offset, unsigned start,
+ 			      unsigned limit, bool skip_wb, rtx *cfi_ops)
+ {
++  aarch64_frame &frame = cfun->machine->frame;
+   unsigned regno;
+   unsigned regno2;
+   poly_int64 offset;
+@@ -9203,13 +9204,13 @@ aarch64_restore_callee_saves (poly_int64 start_offset, unsigned start,
+       rtx reg, mem;
+ 
+       if (skip_wb
+-	  && (regno == cfun->machine->frame.wb_pop_candidate1
+-	      || regno == cfun->machine->frame.wb_pop_candidate2))
++	  && (regno == frame.wb_pop_candidate1
++	      || regno == frame.wb_pop_candidate2))
+ 	continue;
+ 
+       machine_mode mode = aarch64_reg_save_mode (regno);
+       reg = gen_rtx_REG (mode, regno);
+-      offset = start_offset + cfun->machine->frame.reg_offset[regno];
++      offset = start_offset + frame.reg_offset[regno];
+       rtx base_rtx = stack_pointer_rtx;
+       if (mode == VNx2DImode && BYTES_BIG_ENDIAN)
+ 	aarch64_adjust_sve_callee_save_base (mode, base_rtx, anchor_reg,
+@@ -9220,8 +9221,7 @@ aarch64_restore_callee_saves (poly_int64 start_offset, unsigned start,
+ 	  && (regno2 = aarch64_next_callee_save (regno + 1, limit)) <= limit
+ 	  && !cfun->machine->reg_is_wrapped_separately[regno2]
+ 	  && known_eq (GET_MODE_SIZE (mode),
+-		       cfun->machine->frame.reg_offset[regno2]
+-		       - cfun->machine->frame.reg_offset[regno]))
++		       frame.reg_offset[regno2] - frame.reg_offset[regno]))
+ 	{
+ 	  rtx reg2 = gen_rtx_REG (mode, regno2);
+ 	  rtx mem2;
+@@ -9326,6 +9326,7 @@ offset_12bit_unsigned_scaled_p (machine_mode mode, poly_int64 offset)
+ static sbitmap
+ aarch64_get_separate_components (void)
+ {
++  aarch64_frame &frame = cfun->machine->frame;
+   sbitmap components = sbitmap_alloc (LAST_SAVED_REGNUM + 1);
+   bitmap_clear (components);
+ 
+@@ -9342,18 +9343,18 @@ aarch64_get_separate_components (void)
+ 	if (mode == VNx2DImode && BYTES_BIG_ENDIAN)
+ 	  continue;
+ 
+-	poly_int64 offset = cfun->machine->frame.reg_offset[regno];
++	poly_int64 offset = frame.reg_offset[regno];
+ 
+ 	/* If the register is saved in the first SVE save slot, we use
+ 	   it as a stack probe for -fstack-clash-protection.  */
+ 	if (flag_stack_clash_protection
+-	    && maybe_ne (cfun->machine->frame.below_hard_fp_saved_regs_size, 0)
++	    && maybe_ne (frame.below_hard_fp_saved_regs_size, 0)
+ 	    && known_eq (offset, 0))
+ 	  continue;
+ 
+ 	/* Get the offset relative to the register we'll use.  */
+ 	if (frame_pointer_needed)
+-	  offset -= cfun->machine->frame.below_hard_fp_saved_regs_size;
++	  offset -= frame.below_hard_fp_saved_regs_size;
+ 	else
+ 	  offset += crtl->outgoing_args_size;
+ 
+@@ -9372,11 +9373,11 @@ aarch64_get_separate_components (void)
+   /* If the spare predicate register used by big-endian SVE code
+      is call-preserved, it must be saved in the main prologue
+      before any saves that use it.  */
+-  if (cfun->machine->frame.spare_pred_reg != INVALID_REGNUM)
+-    bitmap_clear_bit (components, cfun->machine->frame.spare_pred_reg);
++  if (frame.spare_pred_reg != INVALID_REGNUM)
++    bitmap_clear_bit (components, frame.spare_pred_reg);
+ 
+-  unsigned reg1 = cfun->machine->frame.wb_push_candidate1;
+-  unsigned reg2 = cfun->machine->frame.wb_push_candidate2;
++  unsigned reg1 = frame.wb_push_candidate1;
++  unsigned reg2 = frame.wb_push_candidate2;
+   /* If registers have been chosen to be stored/restored with
+      writeback don't interfere with them to avoid having to output explicit
+      stack adjustment instructions.  */
+@@ -9485,6 +9486,7 @@ aarch64_get_next_set_bit (sbitmap bmp, unsigned int start)
+ static void
+ aarch64_process_components (sbitmap components, bool prologue_p)
+ {
++  aarch64_frame &frame = cfun->machine->frame;
+   rtx ptr_reg = gen_rtx_REG (Pmode, frame_pointer_needed
+ 			     ? HARD_FRAME_POINTER_REGNUM
+ 			     : STACK_POINTER_REGNUM);
+@@ -9499,9 +9501,9 @@ aarch64_process_components (sbitmap components, bool prologue_p)
+       machine_mode mode = aarch64_reg_save_mode (regno);
+       
+       rtx reg = gen_rtx_REG (mode, regno);
+-      poly_int64 offset = cfun->machine->frame.reg_offset[regno];
++      poly_int64 offset = frame.reg_offset[regno];
+       if (frame_pointer_needed)
+-	offset -= cfun->machine->frame.below_hard_fp_saved_regs_size;
++	offset -= frame.below_hard_fp_saved_regs_size;
+       else
+ 	offset += crtl->outgoing_args_size;
+ 
+@@ -9526,14 +9528,14 @@ aarch64_process_components (sbitmap components, bool prologue_p)
+ 	  break;
+ 	}
+ 
+-      poly_int64 offset2 = cfun->machine->frame.reg_offset[regno2];
++      poly_int64 offset2 = frame.reg_offset[regno2];
+       /* The next register is not of the same class or its offset is not
+ 	 mergeable with the current one into a pair.  */
+       if (aarch64_sve_mode_p (mode)
+ 	  || !satisfies_constraint_Ump (mem)
+ 	  || GP_REGNUM_P (regno) != GP_REGNUM_P (regno2)
+ 	  || (crtl->abi->id () == ARM_PCS_SIMD && FP_REGNUM_P (regno))
+-	  || maybe_ne ((offset2 - cfun->machine->frame.reg_offset[regno]),
++	  || maybe_ne ((offset2 - frame.reg_offset[regno]),
+ 		       GET_MODE_SIZE (mode)))
+ 	{
+ 	  insn = emit_insn (set);
+@@ -9555,7 +9557,7 @@ aarch64_process_components (sbitmap components, bool prologue_p)
+       /* REGNO2 can be saved/restored in a pair with REGNO.  */
+       rtx reg2 = gen_rtx_REG (mode, regno2);
+       if (frame_pointer_needed)
+-	offset2 -= cfun->machine->frame.below_hard_fp_saved_regs_size;
++	offset2 -= frame.below_hard_fp_saved_regs_size;
+       else
+ 	offset2 += crtl->outgoing_args_size;
+       rtx addr2 = plus_constant (Pmode, ptr_reg, offset2);
+@@ -9650,6 +9652,7 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2,
+ 					bool frame_related_p,
+ 					bool final_adjustment_p)
+ {
++  aarch64_frame &frame = cfun->machine->frame;
+   HOST_WIDE_INT guard_size
+     = 1 << param_stack_clash_protection_guard_size;
+   HOST_WIDE_INT guard_used_by_caller = STACK_CLASH_CALLER_GUARD;
+@@ -9670,25 +9673,25 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2,
+        register as a probe.  We can't assume that LR was saved at position 0
+        though, so treat any space below it as unprobed.  */
+   if (final_adjustment_p
+-      && known_eq (cfun->machine->frame.below_hard_fp_saved_regs_size, 0))
++      && known_eq (frame.below_hard_fp_saved_regs_size, 0))
+     {
+-      poly_int64 lr_offset = cfun->machine->frame.reg_offset[LR_REGNUM];
++      poly_int64 lr_offset = frame.reg_offset[LR_REGNUM];
+       if (known_ge (lr_offset, 0))
+ 	min_probe_threshold -= lr_offset.to_constant ();
+       else
+ 	gcc_assert (!flag_stack_clash_protection || known_eq (poly_size, 0));
+     }
+ 
+-  poly_int64 frame_size = cfun->machine->frame.frame_size;
++  poly_int64 frame_size = frame.frame_size;
+ 
+   /* We should always have a positive probe threshold.  */
+   gcc_assert (min_probe_threshold > 0);
+ 
+   if (flag_stack_clash_protection && !final_adjustment_p)
+     {
+-      poly_int64 initial_adjust = cfun->machine->frame.initial_adjust;
+-      poly_int64 sve_callee_adjust = cfun->machine->frame.sve_callee_adjust;
+-      poly_int64 final_adjust = cfun->machine->frame.final_adjust;
++      poly_int64 initial_adjust = frame.initial_adjust;
++      poly_int64 sve_callee_adjust = frame.sve_callee_adjust;
++      poly_int64 final_adjust = frame.final_adjust;
+ 
+       if (known_eq (frame_size, 0))
+ 	{
+@@ -9977,17 +9980,18 @@ aarch64_epilogue_uses (int regno)
+ void
+ aarch64_expand_prologue (void)
+ {
+-  poly_int64 frame_size = cfun->machine->frame.frame_size;
+-  poly_int64 initial_adjust = cfun->machine->frame.initial_adjust;
+-  HOST_WIDE_INT callee_adjust = cfun->machine->frame.callee_adjust;
+-  poly_int64 final_adjust = cfun->machine->frame.final_adjust;
+-  poly_int64 callee_offset = cfun->machine->frame.callee_offset;
+-  poly_int64 sve_callee_adjust = cfun->machine->frame.sve_callee_adjust;
++  aarch64_frame &frame = cfun->machine->frame;
++  poly_int64 frame_size = frame.frame_size;
++  poly_int64 initial_adjust = frame.initial_adjust;
++  HOST_WIDE_INT callee_adjust = frame.callee_adjust;
++  poly_int64 final_adjust = frame.final_adjust;
++  poly_int64 callee_offset = frame.callee_offset;
++  poly_int64 sve_callee_adjust = frame.sve_callee_adjust;
+   poly_int64 below_hard_fp_saved_regs_size
+-    = cfun->machine->frame.below_hard_fp_saved_regs_size;
+-  unsigned reg1 = cfun->machine->frame.wb_push_candidate1;
+-  unsigned reg2 = cfun->machine->frame.wb_push_candidate2;
+-  bool emit_frame_chain = cfun->machine->frame.emit_frame_chain;
++    = frame.below_hard_fp_saved_regs_size;
++  unsigned reg1 = frame.wb_push_candidate1;
++  unsigned reg2 = frame.wb_push_candidate2;
++  bool emit_frame_chain = frame.emit_frame_chain;
+   rtx_insn *insn;
+ 
+   if (flag_stack_clash_protection && known_eq (callee_adjust, 0))
+@@ -10018,7 +10022,7 @@ aarch64_expand_prologue (void)
+     }
+ 
+   /* Push return address to shadow call stack.  */
+-  if (cfun->machine->frame.is_scs_enabled)
++  if (frame.is_scs_enabled)
+     emit_insn (gen_scs_push ());
+ 
+   if (flag_stack_usage_info)
+@@ -10057,7 +10061,7 @@ aarch64_expand_prologue (void)
+ 
+   /* The offset of the frame chain record (if any) from the current SP.  */
+   poly_int64 chain_offset = (initial_adjust + callee_adjust
+-			     - cfun->machine->frame.hard_fp_offset);
++			     - frame.hard_fp_offset);
+   gcc_assert (known_ge (chain_offset, 0));
+ 
+   /* The offset of the bottom of the save area from the current SP.  */
+@@ -10160,16 +10164,17 @@ aarch64_use_return_insn_p (void)
+ void
+ aarch64_expand_epilogue (bool for_sibcall)
+ {
+-  poly_int64 initial_adjust = cfun->machine->frame.initial_adjust;
+-  HOST_WIDE_INT callee_adjust = cfun->machine->frame.callee_adjust;
+-  poly_int64 final_adjust = cfun->machine->frame.final_adjust;
+-  poly_int64 callee_offset = cfun->machine->frame.callee_offset;
+-  poly_int64 sve_callee_adjust = cfun->machine->frame.sve_callee_adjust;
++  aarch64_frame &frame = cfun->machine->frame;
++  poly_int64 initial_adjust = frame.initial_adjust;
++  HOST_WIDE_INT callee_adjust = frame.callee_adjust;
++  poly_int64 final_adjust = frame.final_adjust;
++  poly_int64 callee_offset = frame.callee_offset;
++  poly_int64 sve_callee_adjust = frame.sve_callee_adjust;
+   poly_int64 below_hard_fp_saved_regs_size
+-    = cfun->machine->frame.below_hard_fp_saved_regs_size;
+-  unsigned reg1 = cfun->machine->frame.wb_pop_candidate1;
+-  unsigned reg2 = cfun->machine->frame.wb_pop_candidate2;
+-  unsigned int last_gpr = (cfun->machine->frame.is_scs_enabled
++    = frame.below_hard_fp_saved_regs_size;
++  unsigned reg1 = frame.wb_pop_candidate1;
++  unsigned reg2 = frame.wb_pop_candidate2;
++  unsigned int last_gpr = (frame.is_scs_enabled
+ 			   ? R29_REGNUM : R30_REGNUM);
+   rtx cfi_ops = NULL;
+   rtx_insn *insn;
+@@ -10203,7 +10208,7 @@ aarch64_expand_epilogue (bool for_sibcall)
+   /* We need to add memory barrier to prevent read from deallocated stack.  */
+   bool need_barrier_p
+     = maybe_ne (get_frame_size ()
+-		+ cfun->machine->frame.saved_varargs_size, 0);
++		+ frame.saved_varargs_size, 0);
+ 
+   /* Emit a barrier to prevent loads from a deallocated stack.  */
+   if (maybe_gt (final_adjust, crtl->outgoing_args_size)
+@@ -10284,7 +10289,7 @@ aarch64_expand_epilogue (bool for_sibcall)
+     }
+ 
+   /* Pop return address from shadow call stack.  */
+-  if (cfun->machine->frame.is_scs_enabled)
++  if (frame.is_scs_enabled)
+     {
+       machine_mode mode = aarch64_reg_save_mode (R30_REGNUM);
+       rtx reg = gen_rtx_REG (mode, R30_REGNUM);
+@@ -12740,24 +12745,24 @@ aarch64_can_eliminate (const int from ATTRIBUTE_UNUSED, const int to)
+ poly_int64
+ aarch64_initial_elimination_offset (unsigned from, unsigned to)
+ {
++  aarch64_frame &frame = cfun->machine->frame;
++
+   if (to == HARD_FRAME_POINTER_REGNUM)
+     {
+       if (from == ARG_POINTER_REGNUM)
+-	return cfun->machine->frame.hard_fp_offset;
++	return frame.hard_fp_offset;
+ 
+       if (from == FRAME_POINTER_REGNUM)
+-	return cfun->machine->frame.hard_fp_offset
+-	       - cfun->machine->frame.locals_offset;
++	return frame.hard_fp_offset - frame.locals_offset;
+     }
+ 
+   if (to == STACK_POINTER_REGNUM)
+     {
+       if (from == FRAME_POINTER_REGNUM)
+-	  return cfun->machine->frame.frame_size
+-		 - cfun->machine->frame.locals_offset;
++	return frame.frame_size - frame.locals_offset;
+     }
+ 
+-  return cfun->machine->frame.frame_size;
++  return frame.frame_size;
+ }
+ 
+ 
+-- 
+2.34.1
+
+
+From 89a9fa287706c5011f61926eaf65e7b996b963a3 Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:12 +0100
+Subject: [PATCH 02/19] aarch64: Avoid a use of callee_offset
+
+When we emit the frame chain, i.e. when we reach Here in this statement
+of aarch64_expand_prologue:
+
+  if (emit_frame_chain)
+    {
+      // Here
+      ...
+    }
+
+the stack is in one of two states:
+
+- We've allocated up to the frame chain, but no more.
+
+- We've allocated the whole frame, and the frame chain is within easy
+  reach of the new SP.
+
+The offset of the frame chain from the current SP is available
+in aarch64_frame as callee_offset.  It is also available as the
+chain_offset local variable, where the latter is calculated from other
+data.  (However, chain_offset is not always equal to callee_offset when
+!emit_frame_chain, so chain_offset isn't redundant.)
+
+In c600df9a4060da3c6121ff4d0b93f179eafd69d1 I switched to using
+chain_offset for the initialisation of the hard frame pointer:
+
+       aarch64_add_offset (Pmode, hard_frame_pointer_rtx,
+-                         stack_pointer_rtx, callee_offset,
++                         stack_pointer_rtx, chain_offset,
+                          tmp1_rtx, tmp0_rtx, frame_pointer_needed);
+
+But the later REG_CFA_ADJUST_CFA handling still used callee_offset.
+
+I think the difference is harmless, but it's more logical for the
+CFA note to be in sync, and it's more convenient for later patches
+if it uses chain_offset.
+
+gcc/
+	* config/aarch64/aarch64.cc (aarch64_expand_prologue): Use
+	chain_offset rather than callee_offset.
+---
+ gcc/config/aarch64/aarch64.cc | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index 5d473d161d9..4f233c95140 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -9985,7 +9985,6 @@ aarch64_expand_prologue (void)
+   poly_int64 initial_adjust = frame.initial_adjust;
+   HOST_WIDE_INT callee_adjust = frame.callee_adjust;
+   poly_int64 final_adjust = frame.final_adjust;
+-  poly_int64 callee_offset = frame.callee_offset;
+   poly_int64 sve_callee_adjust = frame.sve_callee_adjust;
+   poly_int64 below_hard_fp_saved_regs_size
+     = frame.below_hard_fp_saved_regs_size;
+@@ -10098,8 +10097,7 @@ aarch64_expand_prologue (void)
+ 	     implicit.  */
+ 	  if (!find_reg_note (insn, REG_CFA_ADJUST_CFA, NULL_RTX))
+ 	    {
+-	      rtx src = plus_constant (Pmode, stack_pointer_rtx,
+-				       callee_offset);
++	      rtx src = plus_constant (Pmode, stack_pointer_rtx, chain_offset);
+ 	      add_reg_note (insn, REG_CFA_ADJUST_CFA,
+ 			    gen_rtx_SET (hard_frame_pointer_rtx, src));
+ 	    }
+-- 
+2.34.1
+
+
+From b36a2a78040722dab6124366c5d6baf8eaf80aef Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:13 +0100
+Subject: [PATCH 03/19] aarch64: Explicitly handle frames with no saved
+ registers
+
+If a frame has no saved registers, it can be allocated in one go.
+There is no need to treat the areas below and above the saved
+registers as separate.
+
+And if we allocate the frame in one go, it should be allocated
+as the initial_adjust rather than the final_adjust.  This allows the
+frame size to grow to guard_size - guard_used_by_caller before a stack
+probe is needed.  (A frame with no register saves is necessarily a
+leaf frame.)
+
+This is a no-op as thing stand, since a leaf function will have
+no outgoing arguments, and so all the frame will be above where
+the saved registers normally go.
+
+gcc/
+	* config/aarch64/aarch64.cc (aarch64_layout_frame): Explicitly
+	allocate the frame in one go if there are no saved registers.
+---
+ gcc/config/aarch64/aarch64.cc | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index 4f233c95140..37643041ffb 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -8639,9 +8639,11 @@ aarch64_layout_frame (void)
+ 
+   HOST_WIDE_INT const_size, const_outgoing_args_size, const_fp_offset;
+   HOST_WIDE_INT const_saved_regs_size;
+-  if (frame.frame_size.is_constant (&const_size)
+-      && const_size < max_push_offset
+-      && known_eq (frame.hard_fp_offset, const_size))
++  if (known_eq (frame.saved_regs_size, 0))
++    frame.initial_adjust = frame.frame_size;
++  else if (frame.frame_size.is_constant (&const_size)
++	   && const_size < max_push_offset
++	   && known_eq (frame.hard_fp_offset, const_size))
+     {
+       /* Simple, small frame with no outgoing arguments:
+ 
+-- 
+2.34.1
+
+
+From ada2ab0093596be707f23a3466ac82cff59fcffe Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:13 +0100
+Subject: [PATCH 04/19] aarch64: Add bytes_below_saved_regs to frame info
+
+The frame layout code currently hard-codes the assumption that
+the number of bytes below the saved registers is equal to the
+size of the outgoing arguments.  This patch abstracts that
+value into a new field of aarch64_frame.
+
+gcc/
+	* config/aarch64/aarch64.h (aarch64_frame::bytes_below_saved_regs): New
+	field.
+	* config/aarch64/aarch64.cc (aarch64_layout_frame): Initialize it,
+	and use it instead of crtl->outgoing_args_size.
+	(aarch64_get_separate_components): Use bytes_below_saved_regs instead
+	of outgoing_args_size.
+	(aarch64_process_components): Likewise.
+---
+ gcc/config/aarch64/aarch64.cc | 71 ++++++++++++++++++-----------------
+ gcc/config/aarch64/aarch64.h  |  5 +++
+ 2 files changed, 41 insertions(+), 35 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index 37643041ffb..dacc2b0e4dd 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -8478,6 +8478,8 @@ aarch64_layout_frame (void)
+   gcc_assert (crtl->is_leaf
+ 	      || maybe_ne (frame.reg_offset[R30_REGNUM], SLOT_NOT_REQUIRED));
+ 
++  frame.bytes_below_saved_regs = crtl->outgoing_args_size;
++
+   /* Now assign stack slots for the registers.  Start with the predicate
+      registers, since predicate LDR and STR have a relatively small
+      offset range.  These saves happen below the hard frame pointer.  */
+@@ -8582,18 +8584,18 @@ aarch64_layout_frame (void)
+ 
+   poly_int64 varargs_and_saved_regs_size = offset + frame.saved_varargs_size;
+ 
+-  poly_int64 above_outgoing_args
++  poly_int64 saved_regs_and_above
+     = aligned_upper_bound (varargs_and_saved_regs_size
+ 			   + get_frame_size (),
+ 			   STACK_BOUNDARY / BITS_PER_UNIT);
+ 
+   frame.hard_fp_offset
+-    = above_outgoing_args - frame.below_hard_fp_saved_regs_size;
++    = saved_regs_and_above - frame.below_hard_fp_saved_regs_size;
+ 
+   /* Both these values are already aligned.  */
+-  gcc_assert (multiple_p (crtl->outgoing_args_size,
++  gcc_assert (multiple_p (frame.bytes_below_saved_regs,
+ 			  STACK_BOUNDARY / BITS_PER_UNIT));
+-  frame.frame_size = above_outgoing_args + crtl->outgoing_args_size;
++  frame.frame_size = saved_regs_and_above + frame.bytes_below_saved_regs;
+ 
+   frame.locals_offset = frame.saved_varargs_size;
+ 
+@@ -8637,7 +8639,7 @@ aarch64_layout_frame (void)
+   else if (frame.wb_pop_candidate1 != INVALID_REGNUM)
+     max_push_offset = 256;
+ 
+-  HOST_WIDE_INT const_size, const_outgoing_args_size, const_fp_offset;
++  HOST_WIDE_INT const_size, const_below_saved_regs, const_fp_offset;
+   HOST_WIDE_INT const_saved_regs_size;
+   if (known_eq (frame.saved_regs_size, 0))
+     frame.initial_adjust = frame.frame_size;
+@@ -8645,31 +8647,31 @@ aarch64_layout_frame (void)
+ 	   && const_size < max_push_offset
+ 	   && known_eq (frame.hard_fp_offset, const_size))
+     {
+-      /* Simple, small frame with no outgoing arguments:
++      /* Simple, small frame with no data below the saved registers.
+ 
+ 	 stp reg1, reg2, [sp, -frame_size]!
+ 	 stp reg3, reg4, [sp, 16]  */
+       frame.callee_adjust = const_size;
+     }
+-  else if (crtl->outgoing_args_size.is_constant (&const_outgoing_args_size)
++  else if (frame.bytes_below_saved_regs.is_constant (&const_below_saved_regs)
+ 	   && frame.saved_regs_size.is_constant (&const_saved_regs_size)
+-	   && const_outgoing_args_size + const_saved_regs_size < 512
+-	   /* We could handle this case even with outgoing args, provided
+-	      that the number of args left us with valid offsets for all
+-	      predicate and vector save slots.  It's such a rare case that
+-	      it hardly seems worth the effort though.  */
+-	   && (!saves_below_hard_fp_p || const_outgoing_args_size == 0)
++	   && const_below_saved_regs + const_saved_regs_size < 512
++	   /* We could handle this case even with data below the saved
++	      registers, provided that that data left us with valid offsets
++	      for all predicate and vector save slots.  It's such a rare
++	      case that it hardly seems worth the effort though.  */
++	   && (!saves_below_hard_fp_p || const_below_saved_regs == 0)
+ 	   && !(cfun->calls_alloca
+ 		&& frame.hard_fp_offset.is_constant (&const_fp_offset)
+ 		&& const_fp_offset < max_push_offset))
+     {
+-      /* Frame with small outgoing arguments:
++      /* Frame with small area below the saved registers:
+ 
+ 	 sub sp, sp, frame_size
+-	 stp reg1, reg2, [sp, outgoing_args_size]
+-	 stp reg3, reg4, [sp, outgoing_args_size + 16]  */
++	 stp reg1, reg2, [sp, bytes_below_saved_regs]
++	 stp reg3, reg4, [sp, bytes_below_saved_regs + 16]  */
+       frame.initial_adjust = frame.frame_size;
+-      frame.callee_offset = const_outgoing_args_size;
++      frame.callee_offset = const_below_saved_regs;
+     }
+   else if (saves_below_hard_fp_p
+ 	   && known_eq (frame.saved_regs_size,
+@@ -8679,30 +8681,29 @@ aarch64_layout_frame (void)
+ 
+ 	 sub sp, sp, hard_fp_offset + below_hard_fp_saved_regs_size
+ 	 save SVE registers relative to SP
+-	 sub sp, sp, outgoing_args_size  */
++	 sub sp, sp, bytes_below_saved_regs  */
+       frame.initial_adjust = (frame.hard_fp_offset
+ 			      + frame.below_hard_fp_saved_regs_size);
+-      frame.final_adjust = crtl->outgoing_args_size;
++      frame.final_adjust = frame.bytes_below_saved_regs;
+     }
+   else if (frame.hard_fp_offset.is_constant (&const_fp_offset)
+ 	   && const_fp_offset < max_push_offset)
+     {
+-      /* Frame with large outgoing arguments or SVE saves, but with
+-	 a small local area:
++      /* Frame with large area below the saved registers, or with SVE saves,
++	 but with a small area above:
+ 
+ 	 stp reg1, reg2, [sp, -hard_fp_offset]!
+ 	 stp reg3, reg4, [sp, 16]
+ 	 [sub sp, sp, below_hard_fp_saved_regs_size]
+ 	 [save SVE registers relative to SP]
+-	 sub sp, sp, outgoing_args_size  */
++	 sub sp, sp, bytes_below_saved_regs  */
+       frame.callee_adjust = const_fp_offset;
+       frame.sve_callee_adjust = frame.below_hard_fp_saved_regs_size;
+-      frame.final_adjust = crtl->outgoing_args_size;
++      frame.final_adjust = frame.bytes_below_saved_regs;
+     }
+   else
+     {
+-      /* Frame with large local area and outgoing arguments or SVE saves,
+-	 using frame pointer:
++      /* General case:
+ 
+ 	 sub sp, sp, hard_fp_offset
+ 	 stp x29, x30, [sp, 0]
+@@ -8710,10 +8711,10 @@ aarch64_layout_frame (void)
+ 	 stp reg3, reg4, [sp, 16]
+ 	 [sub sp, sp, below_hard_fp_saved_regs_size]
+ 	 [save SVE registers relative to SP]
+-	 sub sp, sp, outgoing_args_size  */
++	 sub sp, sp, bytes_below_saved_regs  */
+       frame.initial_adjust = frame.hard_fp_offset;
+       frame.sve_callee_adjust = frame.below_hard_fp_saved_regs_size;
+-      frame.final_adjust = crtl->outgoing_args_size;
++      frame.final_adjust = frame.bytes_below_saved_regs;
+     }
+ 
+   /* Make sure the individual adjustments add up to the full frame size.  */
+@@ -9358,7 +9359,7 @@ aarch64_get_separate_components (void)
+ 	if (frame_pointer_needed)
+ 	  offset -= frame.below_hard_fp_saved_regs_size;
+ 	else
+-	  offset += crtl->outgoing_args_size;
++	  offset += frame.bytes_below_saved_regs;
+ 
+ 	/* Check that we can access the stack slot of the register with one
+ 	   direct load with no adjustments needed.  */
+@@ -9507,7 +9508,7 @@ aarch64_process_components (sbitmap components, bool prologue_p)
+       if (frame_pointer_needed)
+ 	offset -= frame.below_hard_fp_saved_regs_size;
+       else
+-	offset += crtl->outgoing_args_size;
++	offset += frame.bytes_below_saved_regs;
+ 
+       rtx addr = plus_constant (Pmode, ptr_reg, offset);
+       rtx mem = gen_frame_mem (mode, addr);
+@@ -9561,7 +9562,7 @@ aarch64_process_components (sbitmap components, bool prologue_p)
+       if (frame_pointer_needed)
+ 	offset2 -= frame.below_hard_fp_saved_regs_size;
+       else
+-	offset2 += crtl->outgoing_args_size;
++	offset2 += frame.bytes_below_saved_regs;
+       rtx addr2 = plus_constant (Pmode, ptr_reg, offset2);
+       rtx mem2 = gen_frame_mem (mode, addr2);
+       rtx set2 = prologue_p ? gen_rtx_SET (mem2, reg2)
+@@ -9635,10 +9636,10 @@ aarch64_stack_clash_protection_alloca_probe_range (void)
+    registers.  If POLY_SIZE is not large enough to require a probe this function
+    will only adjust the stack.  When allocating the stack space
+    FRAME_RELATED_P is then used to indicate if the allocation is frame related.
+-   FINAL_ADJUSTMENT_P indicates whether we are allocating the outgoing
+-   arguments.  If we are then we ensure that any allocation larger than the ABI
+-   defined buffer needs a probe so that the invariant of having a 1KB buffer is
+-   maintained.
++   FINAL_ADJUSTMENT_P indicates whether we are allocating the area below
++   the saved registers.  If we are then we ensure that any allocation
++   larger than the ABI defined buffer needs a probe so that the
++   invariant of having a 1KB buffer is maintained.
+ 
+    We emit barriers after each stack adjustment to prevent optimizations from
+    breaking the invariant that we never drop the stack more than a page.  This
+@@ -9847,7 +9848,7 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2,
+   /* Handle any residuals.  Residuals of at least MIN_PROBE_THRESHOLD have to
+      be probed.  This maintains the requirement that each page is probed at
+      least once.  For initial probing we probe only if the allocation is
+-     more than GUARD_SIZE - buffer, and for the outgoing arguments we probe
++     more than GUARD_SIZE - buffer, and below the saved registers we probe
+      if the amount is larger than buffer.  GUARD_SIZE - buffer + buffer ==
+      GUARD_SIZE.  This works that for any allocation that is large enough to
+      trigger a probe here, we'll have at least one, and if they're not large
+diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
+index 73b09e20508..0b6faa3ddf1 100644
+--- a/gcc/config/aarch64/aarch64.h
++++ b/gcc/config/aarch64/aarch64.h
+@@ -777,6 +777,11 @@ struct GTY (()) aarch64_frame
+   /* The size of the callee-save registers with a slot in REG_OFFSET.  */
+   poly_int64 saved_regs_size;
+ 
++  /* The number of bytes between the bottom of the static frame (the bottom
++     of the outgoing arguments) and the bottom of the register save area.
++     This value is always a multiple of STACK_BOUNDARY.  */
++  poly_int64 bytes_below_saved_regs;
++
+   /* The size of the callee-save registers with a slot in REG_OFFSET that
+      are saved below the hard frame pointer.  */
+   poly_int64 below_hard_fp_saved_regs_size;
+-- 
+2.34.1
+
+
+From 82f6b3e1b596ef0f4e3ac3bb9c6e88fb4458f402 Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:14 +0100
+Subject: [PATCH 05/19] aarch64: Add bytes_below_hard_fp to frame info
+
+Following on from the previous bytes_below_saved_regs patch, this one
+records the number of bytes that are below the hard frame pointer.
+This eventually replaces below_hard_fp_saved_regs_size.
+
+If a frame pointer is not needed, the epilogue adds final_adjust
+to the stack pointer before restoring registers:
+
+     aarch64_add_sp (tmp1_rtx, tmp0_rtx, final_adjust, true);
+
+Therefore, if the epilogue needs to restore the stack pointer from
+the hard frame pointer, the directly corresponding offset is:
+
+     -bytes_below_hard_fp + final_adjust
+
+i.e. go from the hard frame pointer to the bottom of the frame,
+then add the same amount as if we were using the stack pointer
+from the outset.
+
+gcc/
+	* config/aarch64/aarch64.h (aarch64_frame::bytes_below_hard_fp): New
+	field.
+	* config/aarch64/aarch64.cc (aarch64_layout_frame): Initialize it.
+	(aarch64_expand_epilogue): Use it instead of
+	below_hard_fp_saved_regs_size.
+---
+ gcc/config/aarch64/aarch64.cc | 6 +++---
+ gcc/config/aarch64/aarch64.h  | 5 +++++
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index dacc2b0e4dd..a3f7aabcc59 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -8530,6 +8530,7 @@ aarch64_layout_frame (void)
+      of the callee save area.  */
+   bool saves_below_hard_fp_p = maybe_ne (offset, 0);
+   frame.below_hard_fp_saved_regs_size = offset;
++  frame.bytes_below_hard_fp = offset + frame.bytes_below_saved_regs;
+   if (frame.emit_frame_chain)
+     {
+       /* FP and LR are placed in the linkage record.  */
+@@ -10171,8 +10172,7 @@ aarch64_expand_epilogue (bool for_sibcall)
+   poly_int64 final_adjust = frame.final_adjust;
+   poly_int64 callee_offset = frame.callee_offset;
+   poly_int64 sve_callee_adjust = frame.sve_callee_adjust;
+-  poly_int64 below_hard_fp_saved_regs_size
+-    = frame.below_hard_fp_saved_regs_size;
++  poly_int64 bytes_below_hard_fp = frame.bytes_below_hard_fp;
+   unsigned reg1 = frame.wb_pop_candidate1;
+   unsigned reg2 = frame.wb_pop_candidate2;
+   unsigned int last_gpr = (frame.is_scs_enabled
+@@ -10230,7 +10230,7 @@ aarch64_expand_epilogue (bool for_sibcall)
+        is restored on the instruction doing the writeback.  */
+     aarch64_add_offset (Pmode, stack_pointer_rtx,
+ 			hard_frame_pointer_rtx,
+-			-callee_offset - below_hard_fp_saved_regs_size,
++			-bytes_below_hard_fp + final_adjust,
+ 			tmp1_rtx, tmp0_rtx, callee_adjust == 0);
+   else
+      /* The case where we need to re-use the register here is very rare, so
+diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
+index 0b6faa3ddf1..4263d29d29d 100644
+--- a/gcc/config/aarch64/aarch64.h
++++ b/gcc/config/aarch64/aarch64.h
+@@ -786,6 +786,11 @@ struct GTY (()) aarch64_frame
+      are saved below the hard frame pointer.  */
+   poly_int64 below_hard_fp_saved_regs_size;
+ 
++  /* The number of bytes between the bottom of the static frame (the bottom
++     of the outgoing arguments) and the hard frame pointer.  This value is
++     always a multiple of STACK_BOUNDARY.  */
++  poly_int64 bytes_below_hard_fp;
++
+   /* Offset from the base of the frame (incomming SP) to the
+      top of the locals area.  This value is always a multiple of
+      STACK_BOUNDARY.  */
+-- 
+2.34.1
+
+
+From 86fa43e9fe4a8bf954f2919f07cbe3646d1d1df3 Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:14 +0100
+Subject: [PATCH 06/19] aarch64: Tweak aarch64_save/restore_callee_saves
+
+aarch64_save_callee_saves and aarch64_restore_callee_saves took
+a parameter called start_offset that gives the offset of the
+bottom of the saved register area from the current stack pointer.
+However, it's more convenient for later patches if we use the
+bottom of the entire frame as the reference point, rather than
+the bottom of the saved registers.
+
+Doing that removes the need for the callee_offset field.
+Other than that, this is not a win on its own.  It only really
+makes sense in combination with the follow-on patches.
+
+gcc/
+	* config/aarch64/aarch64.h (aarch64_frame::callee_offset): Delete.
+	* config/aarch64/aarch64.cc (aarch64_layout_frame): Remove
+	callee_offset handling.
+	(aarch64_save_callee_saves): Replace the start_offset parameter
+	with a bytes_below_sp parameter.
+	(aarch64_restore_callee_saves): Likewise.
+	(aarch64_expand_prologue): Update accordingly.
+	(aarch64_expand_epilogue): Likewise.
+---
+ gcc/config/aarch64/aarch64.cc | 56 +++++++++++++++++------------------
+ gcc/config/aarch64/aarch64.h  |  4 ---
+ 2 files changed, 28 insertions(+), 32 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index a3f7aabcc59..46ae5cf7673 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -8604,7 +8604,6 @@ aarch64_layout_frame (void)
+   frame.final_adjust = 0;
+   frame.callee_adjust = 0;
+   frame.sve_callee_adjust = 0;
+-  frame.callee_offset = 0;
+ 
+   frame.wb_pop_candidate1 = frame.wb_push_candidate1;
+   frame.wb_pop_candidate2 = frame.wb_push_candidate2;
+@@ -8672,7 +8671,6 @@ aarch64_layout_frame (void)
+ 	 stp reg1, reg2, [sp, bytes_below_saved_regs]
+ 	 stp reg3, reg4, [sp, bytes_below_saved_regs + 16]  */
+       frame.initial_adjust = frame.frame_size;
+-      frame.callee_offset = const_below_saved_regs;
+     }
+   else if (saves_below_hard_fp_p
+ 	   && known_eq (frame.saved_regs_size,
+@@ -9073,12 +9071,13 @@ aarch64_add_cfa_expression (rtx_insn *insn, rtx reg,
+ }
+ 
+ /* Emit code to save the callee-saved registers from register number START
+-   to LIMIT to the stack at the location starting at offset START_OFFSET,
+-   skipping any write-back candidates if SKIP_WB is true.  HARD_FP_VALID_P
+-   is true if the hard frame pointer has been set up.  */
++   to LIMIT to the stack.  The stack pointer is currently BYTES_BELOW_SP
++   bytes above the bottom of the static frame.  Skip any write-back
++   candidates if SKIP_WB is true.  HARD_FP_VALID_P is true if the hard
++   frame pointer has been set up.  */
+ 
+ static void
+-aarch64_save_callee_saves (poly_int64 start_offset,
++aarch64_save_callee_saves (poly_int64 bytes_below_sp,
+ 			   unsigned start, unsigned limit, bool skip_wb,
+ 			   bool hard_fp_valid_p)
+ {
+@@ -9106,7 +9105,9 @@ aarch64_save_callee_saves (poly_int64 start_offset,
+ 
+       machine_mode mode = aarch64_reg_save_mode (regno);
+       reg = gen_rtx_REG (mode, regno);
+-      offset = start_offset + frame.reg_offset[regno];
++      offset = (frame.reg_offset[regno]
++		+ frame.bytes_below_saved_regs
++		- bytes_below_sp);
+       rtx base_rtx = stack_pointer_rtx;
+       poly_int64 sp_offset = offset;
+ 
+@@ -9117,9 +9118,7 @@ aarch64_save_callee_saves (poly_int64 start_offset,
+       else if (GP_REGNUM_P (regno)
+ 	       && (!offset.is_constant (&const_offset) || const_offset >= 512))
+ 	{
+-	  gcc_assert (known_eq (start_offset, 0));
+-	  poly_int64 fp_offset
+-	    = frame.below_hard_fp_saved_regs_size;
++	  poly_int64 fp_offset = frame.bytes_below_hard_fp - bytes_below_sp;
+ 	  if (hard_fp_valid_p)
+ 	    base_rtx = hard_frame_pointer_rtx;
+ 	  else
+@@ -9183,12 +9182,13 @@ aarch64_save_callee_saves (poly_int64 start_offset,
+ }
+ 
+ /* Emit code to restore the callee registers from register number START
+-   up to and including LIMIT.  Restore from the stack offset START_OFFSET,
+-   skipping any write-back candidates if SKIP_WB is true.  Write the
+-   appropriate REG_CFA_RESTORE notes into CFI_OPS.  */
++   up to and including LIMIT.  The stack pointer is currently BYTES_BELOW_SP
++   bytes above the bottom of the static frame.  Skip any write-back
++   candidates if SKIP_WB is true.  Write the appropriate REG_CFA_RESTORE
++   notes into CFI_OPS.  */
+ 
+ static void
+-aarch64_restore_callee_saves (poly_int64 start_offset, unsigned start,
++aarch64_restore_callee_saves (poly_int64 bytes_below_sp, unsigned start,
+ 			      unsigned limit, bool skip_wb, rtx *cfi_ops)
+ {
+   aarch64_frame &frame = cfun->machine->frame;
+@@ -9214,7 +9214,9 @@ aarch64_restore_callee_saves (poly_int64 start_offset, unsigned start,
+ 
+       machine_mode mode = aarch64_reg_save_mode (regno);
+       reg = gen_rtx_REG (mode, regno);
+-      offset = start_offset + frame.reg_offset[regno];
++      offset = (frame.reg_offset[regno]
++		+ frame.bytes_below_saved_regs
++		- bytes_below_sp);
+       rtx base_rtx = stack_pointer_rtx;
+       if (mode == VNx2DImode && BYTES_BIG_ENDIAN)
+ 	aarch64_adjust_sve_callee_save_base (mode, base_rtx, anchor_reg,
+@@ -9990,8 +9992,6 @@ aarch64_expand_prologue (void)
+   HOST_WIDE_INT callee_adjust = frame.callee_adjust;
+   poly_int64 final_adjust = frame.final_adjust;
+   poly_int64 sve_callee_adjust = frame.sve_callee_adjust;
+-  poly_int64 below_hard_fp_saved_regs_size
+-    = frame.below_hard_fp_saved_regs_size;
+   unsigned reg1 = frame.wb_push_candidate1;
+   unsigned reg2 = frame.wb_push_candidate2;
+   bool emit_frame_chain = frame.emit_frame_chain;
+@@ -10067,8 +10067,8 @@ aarch64_expand_prologue (void)
+ 			     - frame.hard_fp_offset);
+   gcc_assert (known_ge (chain_offset, 0));
+ 
+-  /* The offset of the bottom of the save area from the current SP.  */
+-  poly_int64 saved_regs_offset = chain_offset - below_hard_fp_saved_regs_size;
++  /* The offset of the current SP from the bottom of the static frame.  */
++  poly_int64 bytes_below_sp = frame_size - initial_adjust - callee_adjust;
+ 
+   if (emit_frame_chain)
+     {
+@@ -10076,7 +10076,7 @@ aarch64_expand_prologue (void)
+ 	{
+ 	  reg1 = R29_REGNUM;
+ 	  reg2 = R30_REGNUM;
+-	  aarch64_save_callee_saves (saved_regs_offset, reg1, reg2,
++	  aarch64_save_callee_saves (bytes_below_sp, reg1, reg2,
+ 				     false, false);
+ 	}
+       else
+@@ -10116,7 +10116,7 @@ aarch64_expand_prologue (void)
+       emit_insn (gen_stack_tie (stack_pointer_rtx, hard_frame_pointer_rtx));
+     }
+ 
+-  aarch64_save_callee_saves (saved_regs_offset, R0_REGNUM, R30_REGNUM,
++  aarch64_save_callee_saves (bytes_below_sp, R0_REGNUM, R30_REGNUM,
+ 			     callee_adjust != 0 || emit_frame_chain,
+ 			     emit_frame_chain);
+   if (maybe_ne (sve_callee_adjust, 0))
+@@ -10126,16 +10126,17 @@ aarch64_expand_prologue (void)
+       aarch64_allocate_and_probe_stack_space (tmp1_rtx, tmp0_rtx,
+ 					      sve_callee_adjust,
+ 					      !frame_pointer_needed, false);
+-      saved_regs_offset += sve_callee_adjust;
++      bytes_below_sp -= sve_callee_adjust;
+     }
+-  aarch64_save_callee_saves (saved_regs_offset, P0_REGNUM, P15_REGNUM,
++  aarch64_save_callee_saves (bytes_below_sp, P0_REGNUM, P15_REGNUM,
+ 			     false, emit_frame_chain);
+-  aarch64_save_callee_saves (saved_regs_offset, V0_REGNUM, V31_REGNUM,
++  aarch64_save_callee_saves (bytes_below_sp, V0_REGNUM, V31_REGNUM,
+ 			     callee_adjust != 0 || emit_frame_chain,
+ 			     emit_frame_chain);
+ 
+   /* We may need to probe the final adjustment if it is larger than the guard
+      that is assumed by the called.  */
++  gcc_assert (known_eq (bytes_below_sp, final_adjust));
+   aarch64_allocate_and_probe_stack_space (tmp1_rtx, tmp0_rtx, final_adjust,
+ 					  !frame_pointer_needed, true);
+ }
+@@ -10170,7 +10171,6 @@ aarch64_expand_epilogue (bool for_sibcall)
+   poly_int64 initial_adjust = frame.initial_adjust;
+   HOST_WIDE_INT callee_adjust = frame.callee_adjust;
+   poly_int64 final_adjust = frame.final_adjust;
+-  poly_int64 callee_offset = frame.callee_offset;
+   poly_int64 sve_callee_adjust = frame.sve_callee_adjust;
+   poly_int64 bytes_below_hard_fp = frame.bytes_below_hard_fp;
+   unsigned reg1 = frame.wb_pop_candidate1;
+@@ -10240,9 +10240,9 @@ aarch64_expand_epilogue (bool for_sibcall)
+ 
+   /* Restore the vector registers before the predicate registers,
+      so that we can use P4 as a temporary for big-endian SVE frames.  */
+-  aarch64_restore_callee_saves (callee_offset, V0_REGNUM, V31_REGNUM,
++  aarch64_restore_callee_saves (final_adjust, V0_REGNUM, V31_REGNUM,
+ 				callee_adjust != 0, &cfi_ops);
+-  aarch64_restore_callee_saves (callee_offset, P0_REGNUM, P15_REGNUM,
++  aarch64_restore_callee_saves (final_adjust, P0_REGNUM, P15_REGNUM,
+ 				false, &cfi_ops);
+   if (maybe_ne (sve_callee_adjust, 0))
+     aarch64_add_sp (NULL_RTX, NULL_RTX, sve_callee_adjust, true);
+@@ -10250,7 +10250,7 @@ aarch64_expand_epilogue (bool for_sibcall)
+   /* When shadow call stack is enabled, the scs_pop in the epilogue will
+      restore x30, we don't need to restore x30 again in the traditional
+      way.  */
+-  aarch64_restore_callee_saves (callee_offset - sve_callee_adjust,
++  aarch64_restore_callee_saves (final_adjust + sve_callee_adjust,
+ 				R0_REGNUM, last_gpr,
+ 				callee_adjust != 0, &cfi_ops);
+ 
+diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
+index 4263d29d29d..fd820b1be4e 100644
+--- a/gcc/config/aarch64/aarch64.h
++++ b/gcc/config/aarch64/aarch64.h
+@@ -813,10 +813,6 @@ struct GTY (()) aarch64_frame
+      It is zero when no push is used.  */
+   HOST_WIDE_INT callee_adjust;
+ 
+-  /* The offset from SP to the callee-save registers after initial_adjust.
+-     It may be non-zero if no push is used (ie. callee_adjust == 0).  */
+-  poly_int64 callee_offset;
+-
+   /* The size of the stack adjustment before saving or after restoring
+      SVE registers.  */
+   poly_int64 sve_callee_adjust;
+-- 
+2.34.1
+
+
+From 8ae9181426f2700c2e5a2909487fa630e6fa406b Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:15 +0100
+Subject: [PATCH 07/19] aarch64: Only calculate chain_offset if there is a
+ chain
+
+After previous patches, it is no longer necessary to calculate
+a chain_offset in cases where there is no chain record.
+
+gcc/
+	* config/aarch64/aarch64.cc (aarch64_expand_prologue): Move the
+	calculation of chain_offset into the emit_frame_chain block.
+---
+ gcc/config/aarch64/aarch64.cc | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index 46ae5cf7673..0e9b9717c08 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -10062,16 +10062,16 @@ aarch64_expand_prologue (void)
+   if (callee_adjust != 0)
+     aarch64_push_regs (reg1, reg2, callee_adjust);
+ 
+-  /* The offset of the frame chain record (if any) from the current SP.  */
+-  poly_int64 chain_offset = (initial_adjust + callee_adjust
+-			     - frame.hard_fp_offset);
+-  gcc_assert (known_ge (chain_offset, 0));
+-
+   /* The offset of the current SP from the bottom of the static frame.  */
+   poly_int64 bytes_below_sp = frame_size - initial_adjust - callee_adjust;
+ 
+   if (emit_frame_chain)
+     {
++      /* The offset of the frame chain record (if any) from the current SP.  */
++      poly_int64 chain_offset = (initial_adjust + callee_adjust
++				 - frame.hard_fp_offset);
++      gcc_assert (known_ge (chain_offset, 0));
++
+       if (callee_adjust == 0)
+ 	{
+ 	  reg1 = R29_REGNUM;
+-- 
+2.34.1
+
+
+From 375794feb614cee1f41b710b9cc1b6f25da6c1cb Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:15 +0100
+Subject: [PATCH 08/19] aarch64: Rename locals_offset to bytes_above_locals
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+locals_offset was described as:
+
+  /* Offset from the base of the frame (incomming SP) to the
+     top of the locals area.  This value is always a multiple of
+     STACK_BOUNDARY.  */
+
+This is implicitly an “upside down” view of the frame: the incoming
+SP is at offset 0, and anything N bytes below the incoming SP is at
+offset N (rather than -N).
+
+However, reg_offset instead uses a “right way up” view; that is,
+it views offsets in address terms.  Something above X is at a
+positive offset from X and something below X is at a negative
+offset from X.
+
+Also, even on FRAME_GROWS_DOWNWARD targets like AArch64,
+target-independent code views offsets in address terms too:
+locals are allocated at negative offsets to virtual_stack_vars.
+
+It seems confusing to have *_offset fields of the same structure
+using different polarities like this.  This patch tries to avoid
+that by renaming locals_offset to bytes_above_locals.
+
+gcc/
+	* config/aarch64/aarch64.h (aarch64_frame::locals_offset): Rename to...
+	(aarch64_frame::bytes_above_locals): ...this.
+	* config/aarch64/aarch64.cc (aarch64_layout_frame)
+	(aarch64_initial_elimination_offset): Update accordingly.
+---
+ gcc/config/aarch64/aarch64.cc | 6 +++---
+ gcc/config/aarch64/aarch64.h  | 6 +++---
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index 0e9b9717c08..0a22f91520e 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -8598,7 +8598,7 @@ aarch64_layout_frame (void)
+ 			  STACK_BOUNDARY / BITS_PER_UNIT));
+   frame.frame_size = saved_regs_and_above + frame.bytes_below_saved_regs;
+ 
+-  frame.locals_offset = frame.saved_varargs_size;
++  frame.bytes_above_locals = frame.saved_varargs_size;
+ 
+   frame.initial_adjust = 0;
+   frame.final_adjust = 0;
+@@ -12754,13 +12754,13 @@ aarch64_initial_elimination_offset (unsigned from, unsigned to)
+ 	return frame.hard_fp_offset;
+ 
+       if (from == FRAME_POINTER_REGNUM)
+-	return frame.hard_fp_offset - frame.locals_offset;
++	return frame.hard_fp_offset - frame.bytes_above_locals;
+     }
+ 
+   if (to == STACK_POINTER_REGNUM)
+     {
+       if (from == FRAME_POINTER_REGNUM)
+-	return frame.frame_size - frame.locals_offset;
++	return frame.frame_size - frame.bytes_above_locals;
+     }
+ 
+   return frame.frame_size;
+diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
+index fd820b1be4e..7ae12d13e2b 100644
+--- a/gcc/config/aarch64/aarch64.h
++++ b/gcc/config/aarch64/aarch64.h
+@@ -791,10 +791,10 @@ struct GTY (()) aarch64_frame
+      always a multiple of STACK_BOUNDARY.  */
+   poly_int64 bytes_below_hard_fp;
+ 
+-  /* Offset from the base of the frame (incomming SP) to the
+-     top of the locals area.  This value is always a multiple of
++  /* The number of bytes between the top of the locals area and the top
++     of the frame (the incomming SP).  This value is always a multiple of
+      STACK_BOUNDARY.  */
+-  poly_int64 locals_offset;
++  poly_int64 bytes_above_locals;
+ 
+   /* Offset from the base of the frame (incomming SP) to the
+      hard_frame_pointer.  This value is always a multiple of
+-- 
+2.34.1
+
+
+From 1a9ea1c45c75615ffbfabe652b3598a1d7be2168 Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:16 +0100
+Subject: [PATCH 09/19] aarch64: Rename hard_fp_offset to bytes_above_hard_fp
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Similarly to the previous locals_offset patch, hard_fp_offset
+was described as:
+
+  /* Offset from the base of the frame (incomming SP) to the
+     hard_frame_pointer.  This value is always a multiple of
+     STACK_BOUNDARY.  */
+  poly_int64 hard_fp_offset;
+
+which again took an “upside-down” view: higher offsets meant lower
+addresses.  This patch renames the field to bytes_above_hard_fp instead.
+
+gcc/
+	* config/aarch64/aarch64.h (aarch64_frame::hard_fp_offset): Rename
+	to...
+	(aarch64_frame::bytes_above_hard_fp): ...this.
+	* config/aarch64/aarch64.cc (aarch64_layout_frame)
+	(aarch64_expand_prologue): Update accordingly.
+	(aarch64_initial_elimination_offset): Likewise.
+---
+ gcc/config/aarch64/aarch64.cc | 26 +++++++++++++-------------
+ gcc/config/aarch64/aarch64.h  |  6 +++---
+ 2 files changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index 0a22f91520e..95499ae49ba 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -8590,7 +8590,7 @@ aarch64_layout_frame (void)
+ 			   + get_frame_size (),
+ 			   STACK_BOUNDARY / BITS_PER_UNIT);
+ 
+-  frame.hard_fp_offset
++  frame.bytes_above_hard_fp
+     = saved_regs_and_above - frame.below_hard_fp_saved_regs_size;
+ 
+   /* Both these values are already aligned.  */
+@@ -8639,13 +8639,13 @@ aarch64_layout_frame (void)
+   else if (frame.wb_pop_candidate1 != INVALID_REGNUM)
+     max_push_offset = 256;
+ 
+-  HOST_WIDE_INT const_size, const_below_saved_regs, const_fp_offset;
++  HOST_WIDE_INT const_size, const_below_saved_regs, const_above_fp;
+   HOST_WIDE_INT const_saved_regs_size;
+   if (known_eq (frame.saved_regs_size, 0))
+     frame.initial_adjust = frame.frame_size;
+   else if (frame.frame_size.is_constant (&const_size)
+ 	   && const_size < max_push_offset
+-	   && known_eq (frame.hard_fp_offset, const_size))
++	   && known_eq (frame.bytes_above_hard_fp, const_size))
+     {
+       /* Simple, small frame with no data below the saved registers.
+ 
+@@ -8662,8 +8662,8 @@ aarch64_layout_frame (void)
+ 	      case that it hardly seems worth the effort though.  */
+ 	   && (!saves_below_hard_fp_p || const_below_saved_regs == 0)
+ 	   && !(cfun->calls_alloca
+-		&& frame.hard_fp_offset.is_constant (&const_fp_offset)
+-		&& const_fp_offset < max_push_offset))
++		&& frame.bytes_above_hard_fp.is_constant (&const_above_fp)
++		&& const_above_fp < max_push_offset))
+     {
+       /* Frame with small area below the saved registers:
+ 
+@@ -8681,12 +8681,12 @@ aarch64_layout_frame (void)
+ 	 sub sp, sp, hard_fp_offset + below_hard_fp_saved_regs_size
+ 	 save SVE registers relative to SP
+ 	 sub sp, sp, bytes_below_saved_regs  */
+-      frame.initial_adjust = (frame.hard_fp_offset
++      frame.initial_adjust = (frame.bytes_above_hard_fp
+ 			      + frame.below_hard_fp_saved_regs_size);
+       frame.final_adjust = frame.bytes_below_saved_regs;
+     }
+-  else if (frame.hard_fp_offset.is_constant (&const_fp_offset)
+-	   && const_fp_offset < max_push_offset)
++  else if (frame.bytes_above_hard_fp.is_constant (&const_above_fp)
++	   && const_above_fp < max_push_offset)
+     {
+       /* Frame with large area below the saved registers, or with SVE saves,
+ 	 but with a small area above:
+@@ -8696,7 +8696,7 @@ aarch64_layout_frame (void)
+ 	 [sub sp, sp, below_hard_fp_saved_regs_size]
+ 	 [save SVE registers relative to SP]
+ 	 sub sp, sp, bytes_below_saved_regs  */
+-      frame.callee_adjust = const_fp_offset;
++      frame.callee_adjust = const_above_fp;
+       frame.sve_callee_adjust = frame.below_hard_fp_saved_regs_size;
+       frame.final_adjust = frame.bytes_below_saved_regs;
+     }
+@@ -8711,7 +8711,7 @@ aarch64_layout_frame (void)
+ 	 [sub sp, sp, below_hard_fp_saved_regs_size]
+ 	 [save SVE registers relative to SP]
+ 	 sub sp, sp, bytes_below_saved_regs  */
+-      frame.initial_adjust = frame.hard_fp_offset;
++      frame.initial_adjust = frame.bytes_above_hard_fp;
+       frame.sve_callee_adjust = frame.below_hard_fp_saved_regs_size;
+       frame.final_adjust = frame.bytes_below_saved_regs;
+     }
+@@ -10069,7 +10069,7 @@ aarch64_expand_prologue (void)
+     {
+       /* The offset of the frame chain record (if any) from the current SP.  */
+       poly_int64 chain_offset = (initial_adjust + callee_adjust
+-				 - frame.hard_fp_offset);
++				 - frame.bytes_above_hard_fp);
+       gcc_assert (known_ge (chain_offset, 0));
+ 
+       if (callee_adjust == 0)
+@@ -12751,10 +12751,10 @@ aarch64_initial_elimination_offset (unsigned from, unsigned to)
+   if (to == HARD_FRAME_POINTER_REGNUM)
+     {
+       if (from == ARG_POINTER_REGNUM)
+-	return frame.hard_fp_offset;
++	return frame.bytes_above_hard_fp;
+ 
+       if (from == FRAME_POINTER_REGNUM)
+-	return frame.hard_fp_offset - frame.bytes_above_locals;
++	return frame.bytes_above_hard_fp - frame.bytes_above_locals;
+     }
+ 
+   if (to == STACK_POINTER_REGNUM)
+diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
+index 7ae12d13e2b..3808f49e9ca 100644
+--- a/gcc/config/aarch64/aarch64.h
++++ b/gcc/config/aarch64/aarch64.h
+@@ -796,10 +796,10 @@ struct GTY (()) aarch64_frame
+      STACK_BOUNDARY.  */
+   poly_int64 bytes_above_locals;
+ 
+-  /* Offset from the base of the frame (incomming SP) to the
+-     hard_frame_pointer.  This value is always a multiple of
++  /* The number of bytes between the hard_frame_pointer and the top of
++     the frame (the incomming SP).  This value is always a multiple of
+      STACK_BOUNDARY.  */
+-  poly_int64 hard_fp_offset;
++  poly_int64 bytes_above_hard_fp;
+ 
+   /* The size of the frame.  This value is the offset from base of the
+      frame (incomming SP) to the stack_pointer.  This value is always
+-- 
+2.34.1
+
+
+From d202ce1ecf60a36a3e1009917dd76109248ce9be Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:16 +0100
+Subject: [PATCH 10/19] aarch64: Tweak frame_size comment
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This patch fixes another case in which a value was described with
+an “upside-down” view.
+
+gcc/
+	* config/aarch64/aarch64.h (aarch64_frame::frame_size): Tweak comment.
+---
+ gcc/config/aarch64/aarch64.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
+index 3808f49e9ca..108a5731b0d 100644
+--- a/gcc/config/aarch64/aarch64.h
++++ b/gcc/config/aarch64/aarch64.h
+@@ -801,8 +801,8 @@ struct GTY (()) aarch64_frame
+      STACK_BOUNDARY.  */
+   poly_int64 bytes_above_hard_fp;
+ 
+-  /* The size of the frame.  This value is the offset from base of the
+-     frame (incomming SP) to the stack_pointer.  This value is always
++  /* The size of the frame, i.e. the number of bytes between the bottom
++     of the outgoing arguments and the incoming SP.  This value is always
+      a multiple of STACK_BOUNDARY.  */
+   poly_int64 frame_size;
+ 
+-- 
+2.34.1
+
+
+From f2b585375205b0a1802d79c682ba33766ecd1f0f Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:17 +0100
+Subject: [PATCH 11/19] aarch64: Measure reg_offset from the bottom of the
+ frame
+
+reg_offset was measured from the bottom of the saved register area.
+This made perfect sense with the original layout, since the bottom
+of the saved register area was also the hard frame pointer address.
+It became slightly less obvious with SVE, since we save SVE
+registers below the hard frame pointer, but it still made sense.
+
+However, if we want to allow different frame layouts, it's more
+convenient and obvious to measure reg_offset from the bottom of
+the frame.  After previous patches, it's also a slight simplification
+in its own right.
+
+gcc/
+	* config/aarch64/aarch64.h (aarch64_frame): Add comment above
+	reg_offset.
+	* config/aarch64/aarch64.cc (aarch64_layout_frame): Walk offsets
+	from the bottom of the frame, rather than the bottom of the saved
+	register area.  Measure reg_offset from the bottom of the frame
+	rather than the bottom of the saved register area.
+	(aarch64_save_callee_saves): Update accordingly.
+	(aarch64_restore_callee_saves): Likewise.
+	(aarch64_get_separate_components): Likewise.
+	(aarch64_process_components): Likewise.
+---
+ gcc/config/aarch64/aarch64.cc | 53 ++++++++++++++++-------------------
+ gcc/config/aarch64/aarch64.h  |  3 ++
+ 2 files changed, 27 insertions(+), 29 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index 95499ae49ba..af99807ef8a 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -8400,7 +8400,6 @@ aarch64_needs_frame_chain (void)
+ static void
+ aarch64_layout_frame (void)
+ {
+-  poly_int64 offset = 0;
+   int regno, last_fp_reg = INVALID_REGNUM;
+   machine_mode vector_save_mode = aarch64_reg_save_mode (V8_REGNUM);
+   poly_int64 vector_save_size = GET_MODE_SIZE (vector_save_mode);
+@@ -8478,7 +8477,9 @@ aarch64_layout_frame (void)
+   gcc_assert (crtl->is_leaf
+ 	      || maybe_ne (frame.reg_offset[R30_REGNUM], SLOT_NOT_REQUIRED));
+ 
+-  frame.bytes_below_saved_regs = crtl->outgoing_args_size;
++  poly_int64 offset = crtl->outgoing_args_size;
++  gcc_assert (multiple_p (offset, STACK_BOUNDARY / BITS_PER_UNIT));
++  frame.bytes_below_saved_regs = offset;
+ 
+   /* Now assign stack slots for the registers.  Start with the predicate
+      registers, since predicate LDR and STR have a relatively small
+@@ -8490,7 +8491,8 @@ aarch64_layout_frame (void)
+ 	offset += BYTES_PER_SVE_PRED;
+       }
+ 
+-  if (maybe_ne (offset, 0))
++  poly_int64 saved_prs_size = offset - frame.bytes_below_saved_regs;
++  if (maybe_ne (saved_prs_size, 0))
+     {
+       /* If we have any vector registers to save above the predicate registers,
+ 	 the offset of the vector register save slots need to be a multiple
+@@ -8508,10 +8510,10 @@ aarch64_layout_frame (void)
+ 	offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT);
+       else
+ 	{
+-	  if (known_le (offset, vector_save_size))
+-	    offset = vector_save_size;
+-	  else if (known_le (offset, vector_save_size * 2))
+-	    offset = vector_save_size * 2;
++	  if (known_le (saved_prs_size, vector_save_size))
++	    offset = frame.bytes_below_saved_regs + vector_save_size;
++	  else if (known_le (saved_prs_size, vector_save_size * 2))
++	    offset = frame.bytes_below_saved_regs + vector_save_size * 2;
+ 	  else
+ 	    gcc_unreachable ();
+ 	}
+@@ -8528,9 +8530,10 @@ aarch64_layout_frame (void)
+ 
+   /* OFFSET is now the offset of the hard frame pointer from the bottom
+      of the callee save area.  */
+-  bool saves_below_hard_fp_p = maybe_ne (offset, 0);
+-  frame.below_hard_fp_saved_regs_size = offset;
+-  frame.bytes_below_hard_fp = offset + frame.bytes_below_saved_regs;
++  frame.below_hard_fp_saved_regs_size = offset - frame.bytes_below_saved_regs;
++  bool saves_below_hard_fp_p
++    = maybe_ne (frame.below_hard_fp_saved_regs_size, 0);
++  frame.bytes_below_hard_fp = offset;
+   if (frame.emit_frame_chain)
+     {
+       /* FP and LR are placed in the linkage record.  */
+@@ -8581,9 +8584,10 @@ aarch64_layout_frame (void)
+ 
+   offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT);
+ 
+-  frame.saved_regs_size = offset;
++  frame.saved_regs_size = offset - frame.bytes_below_saved_regs;
+ 
+-  poly_int64 varargs_and_saved_regs_size = offset + frame.saved_varargs_size;
++  poly_int64 varargs_and_saved_regs_size
++    = frame.saved_regs_size + frame.saved_varargs_size;
+ 
+   poly_int64 saved_regs_and_above
+     = aligned_upper_bound (varargs_and_saved_regs_size
+@@ -9105,9 +9109,7 @@ aarch64_save_callee_saves (poly_int64 bytes_below_sp,
+ 
+       machine_mode mode = aarch64_reg_save_mode (regno);
+       reg = gen_rtx_REG (mode, regno);
+-      offset = (frame.reg_offset[regno]
+-		+ frame.bytes_below_saved_regs
+-		- bytes_below_sp);
++      offset = frame.reg_offset[regno] - bytes_below_sp;
+       rtx base_rtx = stack_pointer_rtx;
+       poly_int64 sp_offset = offset;
+ 
+@@ -9214,9 +9216,7 @@ aarch64_restore_callee_saves (poly_int64 bytes_below_sp, unsigned start,
+ 
+       machine_mode mode = aarch64_reg_save_mode (regno);
+       reg = gen_rtx_REG (mode, regno);
+-      offset = (frame.reg_offset[regno]
+-		+ frame.bytes_below_saved_regs
+-		- bytes_below_sp);
++      offset = frame.reg_offset[regno] - bytes_below_sp;
+       rtx base_rtx = stack_pointer_rtx;
+       if (mode == VNx2DImode && BYTES_BIG_ENDIAN)
+ 	aarch64_adjust_sve_callee_save_base (mode, base_rtx, anchor_reg,
+@@ -9355,14 +9355,12 @@ aarch64_get_separate_components (void)
+ 	   it as a stack probe for -fstack-clash-protection.  */
+ 	if (flag_stack_clash_protection
+ 	    && maybe_ne (frame.below_hard_fp_saved_regs_size, 0)
+-	    && known_eq (offset, 0))
++	    && known_eq (offset, frame.bytes_below_saved_regs))
+ 	  continue;
+ 
+ 	/* Get the offset relative to the register we'll use.  */
+ 	if (frame_pointer_needed)
+-	  offset -= frame.below_hard_fp_saved_regs_size;
+-	else
+-	  offset += frame.bytes_below_saved_regs;
++	  offset -= frame.bytes_below_hard_fp;
+ 
+ 	/* Check that we can access the stack slot of the register with one
+ 	   direct load with no adjustments needed.  */
+@@ -9509,9 +9507,7 @@ aarch64_process_components (sbitmap components, bool prologue_p)
+       rtx reg = gen_rtx_REG (mode, regno);
+       poly_int64 offset = frame.reg_offset[regno];
+       if (frame_pointer_needed)
+-	offset -= frame.below_hard_fp_saved_regs_size;
+-      else
+-	offset += frame.bytes_below_saved_regs;
++	offset -= frame.bytes_below_hard_fp;
+ 
+       rtx addr = plus_constant (Pmode, ptr_reg, offset);
+       rtx mem = gen_frame_mem (mode, addr);
+@@ -9563,9 +9559,7 @@ aarch64_process_components (sbitmap components, bool prologue_p)
+       /* REGNO2 can be saved/restored in a pair with REGNO.  */
+       rtx reg2 = gen_rtx_REG (mode, regno2);
+       if (frame_pointer_needed)
+-	offset2 -= frame.below_hard_fp_saved_regs_size;
+-      else
+-	offset2 += frame.bytes_below_saved_regs;
++	offset2 -= frame.bytes_below_hard_fp;
+       rtx addr2 = plus_constant (Pmode, ptr_reg, offset2);
+       rtx mem2 = gen_frame_mem (mode, addr2);
+       rtx set2 = prologue_p ? gen_rtx_SET (mem2, reg2)
+@@ -9681,7 +9675,8 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2,
+   if (final_adjustment_p
+       && known_eq (frame.below_hard_fp_saved_regs_size, 0))
+     {
+-      poly_int64 lr_offset = frame.reg_offset[LR_REGNUM];
++      poly_int64 lr_offset = (frame.reg_offset[LR_REGNUM]
++			      - frame.bytes_below_saved_regs);
+       if (known_ge (lr_offset, 0))
+ 	min_probe_threshold -= lr_offset.to_constant ();
+       else
+diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
+index 108a5731b0d..c8becb098c8 100644
+--- a/gcc/config/aarch64/aarch64.h
++++ b/gcc/config/aarch64/aarch64.h
+@@ -766,6 +766,9 @@ extern enum aarch64_processor aarch64_tune;
+ #ifdef HAVE_POLY_INT_H
+ struct GTY (()) aarch64_frame
+ {
++  /* The offset from the bottom of the static frame (the bottom of the
++     outgoing arguments) of each register save slot, or -2 if no save is
++     needed.  */
+   poly_int64 reg_offset[LAST_SAVED_REGNUM + 1];
+ 
+   /* The number of extra stack bytes taken up by register varargs.
+-- 
+2.34.1
+
+
+From 79faabda181d0d9fd29a3cf5726ba65bdee945b5 Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:17 +0100
+Subject: [PATCH 12/19] aarch64: Simplify top of frame allocation
+
+After previous patches, it no longer really makes sense to allocate
+the top of the frame in terms of varargs_and_saved_regs_size and
+saved_regs_and_above.
+
+gcc/
+	* config/aarch64/aarch64.cc (aarch64_layout_frame): Simplify
+	the allocation of the top of the frame.
+---
+ gcc/config/aarch64/aarch64.cc | 23 ++++++++---------------
+ 1 file changed, 8 insertions(+), 15 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index af99807ef8a..31b00094c2a 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -8586,23 +8586,16 @@ aarch64_layout_frame (void)
+ 
+   frame.saved_regs_size = offset - frame.bytes_below_saved_regs;
+ 
+-  poly_int64 varargs_and_saved_regs_size
+-    = frame.saved_regs_size + frame.saved_varargs_size;
+-
+-  poly_int64 saved_regs_and_above
+-    = aligned_upper_bound (varargs_and_saved_regs_size
+-			   + get_frame_size (),
+-			   STACK_BOUNDARY / BITS_PER_UNIT);
+-
+-  frame.bytes_above_hard_fp
+-    = saved_regs_and_above - frame.below_hard_fp_saved_regs_size;
++  offset += get_frame_size ();
++  offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT);
++  auto top_of_locals = offset;
+ 
+-  /* Both these values are already aligned.  */
+-  gcc_assert (multiple_p (frame.bytes_below_saved_regs,
+-			  STACK_BOUNDARY / BITS_PER_UNIT));
+-  frame.frame_size = saved_regs_and_above + frame.bytes_below_saved_regs;
++  offset += frame.saved_varargs_size;
++  gcc_assert (multiple_p (offset, STACK_BOUNDARY / BITS_PER_UNIT));
++  frame.frame_size = offset;
+ 
+-  frame.bytes_above_locals = frame.saved_varargs_size;
++  frame.bytes_above_hard_fp = frame.frame_size - frame.bytes_below_hard_fp;
++  frame.bytes_above_locals = frame.frame_size - top_of_locals;
+ 
+   frame.initial_adjust = 0;
+   frame.final_adjust = 0;
+-- 
+2.34.1
+
+
+From 4e62049e403b141e6f916176160dac8cbd65fe47 Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:18 +0100
+Subject: [PATCH 13/19] aarch64: Minor initial adjustment tweak
+
+This patch just changes a calculation of initial_adjust
+to one that makes it slightly more obvious that the total
+adjustment is frame.frame_size.
+
+gcc/
+	* config/aarch64/aarch64.cc (aarch64_layout_frame): Tweak
+	calculation of initial_adjust for frames in which all saves
+	are SVE saves.
+---
+ gcc/config/aarch64/aarch64.cc | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index 31b00094c2a..1aa79da0673 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -8675,11 +8675,10 @@ aarch64_layout_frame (void)
+     {
+       /* Frame in which all saves are SVE saves:
+ 
+-	 sub sp, sp, hard_fp_offset + below_hard_fp_saved_regs_size
++	 sub sp, sp, frame_size - bytes_below_saved_regs
+ 	 save SVE registers relative to SP
+ 	 sub sp, sp, bytes_below_saved_regs  */
+-      frame.initial_adjust = (frame.bytes_above_hard_fp
+-			      + frame.below_hard_fp_saved_regs_size);
++      frame.initial_adjust = frame.frame_size - frame.bytes_below_saved_regs;
+       frame.final_adjust = frame.bytes_below_saved_regs;
+     }
+   else if (frame.bytes_above_hard_fp.is_constant (&const_above_fp)
+-- 
+2.34.1
+
+
+From aaa1a0a5912d9e5d571e5f1c6f09ceac99544ab5 Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:18 +0100
+Subject: [PATCH 14/19] aarch64: Tweak stack clash boundary condition
+
+The AArch64 ABI says that, when stack clash protection is used,
+there can be a maximum of 1KiB of unprobed space at sp on entry
+to a function.  Therefore, we need to probe when allocating
+>= guard_size - 1KiB of data (>= rather than >).  This is what
+GCC does.
+
+If an allocation is exactly guard_size bytes, it is enough to allocate
+those bytes and probe once at offset 1024.  It isn't possible to use a
+single probe at any other offset: higher would conmplicate later code,
+by leaving more unprobed space than usual, while lower would risk
+leaving an entire page unprobed.  For simplicity, the code probes all
+allocations at offset 1024.
+
+Some register saves also act as probes.  If we need to allocate
+more space below the last such register save probe, we need to
+probe the allocation if it is > 1KiB.  Again, this allocation is
+then sometimes (but not always) probed at offset 1024.  This sort of
+allocation is currently only used for outgoing arguments, which are
+rarely this big.
+
+However, the code also probed if this final outgoing-arguments
+allocation was == 1KiB, rather than just > 1KiB.  This isn't
+necessary, since the register save then probes at offset 1024
+as required.  Continuing to probe allocations of exactly 1KiB
+would complicate later patches.
+
+gcc/
+	* config/aarch64/aarch64.cc (aarch64_allocate_and_probe_stack_space):
+	Don't probe final allocations that are exactly 1KiB in size (after
+	unprobed space above the final allocation has been deducted).
+
+gcc/testsuite/
+	* gcc.target/aarch64/stack-check-prologue-17.c: New test.
+---
+ gcc/config/aarch64/aarch64.cc                 |  4 +-
+ .../aarch64/stack-check-prologue-17.c         | 55 +++++++++++++++++++
+ 2 files changed, 58 insertions(+), 1 deletion(-)
+ create mode 100644 gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index 1aa79da0673..5cad847977a 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -9648,9 +9648,11 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2,
+   HOST_WIDE_INT guard_size
+     = 1 << param_stack_clash_protection_guard_size;
+   HOST_WIDE_INT guard_used_by_caller = STACK_CLASH_CALLER_GUARD;
++  HOST_WIDE_INT byte_sp_alignment = STACK_BOUNDARY / BITS_PER_UNIT;
++  gcc_assert (multiple_p (poly_size, byte_sp_alignment));
+   HOST_WIDE_INT min_probe_threshold
+     = (final_adjustment_p
+-       ? guard_used_by_caller
++       ? guard_used_by_caller + byte_sp_alignment
+        : guard_size - guard_used_by_caller);
+   /* When doing the final adjustment for the outgoing arguments, take into
+      account any unprobed space there is above the current SP.  There are
+diff --git a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c
+new file mode 100644
+index 00000000000..0d8a25d73a2
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c
+@@ -0,0 +1,55 @@
++/* { dg-options "-O2 -fstack-clash-protection -fomit-frame-pointer --param stack-clash-protection-guard-size=12" } */
++/* { dg-final { check-function-bodies "**" "" } } */
++
++void f(int, ...);
++void g();
++
++/*
++** test1:
++**	...
++**	str	x30, \[sp\]
++**	sub	sp, sp, #1024
++**	cbnz	w0, .*
++**	bl	g
++**	...
++*/
++int test1(int z) {
++  __uint128_t x = 0;
++  int y[0x400];
++  if (z)
++    {
++      f(0, 0, 0, 0, 0, 0, 0, &y,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x);
++    }
++  g();
++  return 1;
++}
++
++/*
++** test2:
++**	...
++**	str	x30, \[sp\]
++**	sub	sp, sp, #1040
++**	str	xzr, \[sp\]
++**	cbnz	w0, .*
++**	bl	g
++**	...
++*/
++int test2(int z) {
++  __uint128_t x = 0;
++  int y[0x400];
++  if (z)
++    {
++      f(0, 0, 0, 0, 0, 0, 0, &y,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x);
++    }
++  g();
++  return 1;
++}
+-- 
+2.34.1
+
+
+From 8433953434a7b58c0923140d39eb3c5988c1d097 Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:19 +0100
+Subject: [PATCH 15/19] aarch64: Put LR save probe in first 16 bytes
+
+-fstack-clash-protection uses the save of LR as a probe for the next
+allocation.  The next allocation could be:
+
+* another part of the static frame, e.g. when allocating SVE save slots
+  or outgoing arguments
+
+* an alloca in the same function
+
+* an allocation made by a callee function
+
+However, when -fomit-frame-pointer is used, the LR save slot is placed
+above the other GPR save slots.  It could therefore be up to 80 bytes
+above the base of the GPR save area (which is also the hard fp address).
+
+aarch64_allocate_and_probe_stack_space took this into account when
+deciding how much subsequent space could be allocated without needing
+a probe.  However, it interacted badly with:
+
+      /* If doing a small final adjustment, we always probe at offset 0.
+	 This is done to avoid issues when LR is not at position 0 or when
+	 the final adjustment is smaller than the probing offset.  */
+      else if (final_adjustment_p && rounded_size == 0)
+	residual_probe_offset = 0;
+
+which forces any allocation that is smaller than the guard page size
+to be probed at offset 0 rather than the usual offset 1024.  It was
+therefore possible to construct cases in which we had:
+
+* a probe using LR at SP + 80 bytes (or some other value >= 16)
+* an allocation of the guard page size - 16 bytes
+* a probe at SP + 0
+
+which allocates guard page size + 64 consecutive unprobed bytes.
+
+This patch requires the LR probe to be in the first 16 bytes of the
+save area when stack clash protection is active.  Doing it
+unconditionally would cause code-quality regressions.
+
+Putting LR before other registers prevents push/pop allocation
+when shadow call stacks are enabled, since LR is restored
+separately from the other callee-saved registers.
+
+The new comment doesn't say that the probe register is required
+to be LR, since a later patch removes that restriction.
+
+gcc/
+	* config/aarch64/aarch64.cc (aarch64_layout_frame): Ensure that
+	the LR save slot is in the first 16 bytes of the register save area.
+	Only form STP/LDP push/pop candidates if both registers are valid.
+	(aarch64_allocate_and_probe_stack_space): Remove workaround for
+	when LR was not in the first 16 bytes.
+
+gcc/testsuite/
+	* gcc.target/aarch64/stack-check-prologue-18.c: New test.
+	* gcc.target/aarch64/stack-check-prologue-19.c: Likewise.
+	* gcc.target/aarch64/stack-check-prologue-20.c: Likewise.
+---
+ gcc/config/aarch64/aarch64.cc                 |  72 ++++++-------
+ .../aarch64/stack-check-prologue-18.c         | 100 ++++++++++++++++++
+ .../aarch64/stack-check-prologue-19.c         | 100 ++++++++++++++++++
+ .../aarch64/stack-check-prologue-20.c         |   3 +
+ 4 files changed, 233 insertions(+), 42 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c
+ create mode 100644 gcc/testsuite/gcc.target/aarch64/stack-check-prologue-19.c
+ create mode 100644 gcc/testsuite/gcc.target/aarch64/stack-check-prologue-20.c
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index 5cad847977a..a765f92329d 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -8534,26 +8534,34 @@ aarch64_layout_frame (void)
+   bool saves_below_hard_fp_p
+     = maybe_ne (frame.below_hard_fp_saved_regs_size, 0);
+   frame.bytes_below_hard_fp = offset;
++
++  auto allocate_gpr_slot = [&](unsigned int regno)
++    {
++      frame.reg_offset[regno] = offset;
++      if (frame.wb_push_candidate1 == INVALID_REGNUM)
++	frame.wb_push_candidate1 = regno;
++      else if (frame.wb_push_candidate2 == INVALID_REGNUM)
++	frame.wb_push_candidate2 = regno;
++      offset += UNITS_PER_WORD;
++    };
++
+   if (frame.emit_frame_chain)
+     {
+       /* FP and LR are placed in the linkage record.  */
+-      frame.reg_offset[R29_REGNUM] = offset;
+-      frame.wb_push_candidate1 = R29_REGNUM;
+-      frame.reg_offset[R30_REGNUM] = offset + UNITS_PER_WORD;
+-      frame.wb_push_candidate2 = R30_REGNUM;
+-      offset += 2 * UNITS_PER_WORD;
++      allocate_gpr_slot (R29_REGNUM);
++      allocate_gpr_slot (R30_REGNUM);
+     }
++  else if (flag_stack_clash_protection
++	   && known_eq (frame.reg_offset[R30_REGNUM], SLOT_REQUIRED))
++    /* Put the LR save slot first, since it makes a good choice of probe
++       for stack clash purposes.  The idea is that the link register usually
++       has to be saved before a call anyway, and so we lose little by
++       stopping it from being individually shrink-wrapped.  */
++    allocate_gpr_slot (R30_REGNUM);
+ 
+   for (regno = R0_REGNUM; regno <= R30_REGNUM; regno++)
+     if (known_eq (frame.reg_offset[regno], SLOT_REQUIRED))
+-      {
+-	frame.reg_offset[regno] = offset;
+-	if (frame.wb_push_candidate1 == INVALID_REGNUM)
+-	  frame.wb_push_candidate1 = regno;
+-	else if (frame.wb_push_candidate2 == INVALID_REGNUM)
+-	  frame.wb_push_candidate2 = regno;
+-	offset += UNITS_PER_WORD;
+-      }
++      allocate_gpr_slot (regno);
+ 
+   poly_int64 max_int_offset = offset;
+   offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT);
+@@ -8631,10 +8639,13 @@ aarch64_layout_frame (void)
+      max_push_offset to 0, because no registers are popped at this time,
+      so callee_adjust cannot be adjusted.  */
+   HOST_WIDE_INT max_push_offset = 0;
+-  if (frame.wb_pop_candidate2 != INVALID_REGNUM)
+-    max_push_offset = 512;
+-  else if (frame.wb_pop_candidate1 != INVALID_REGNUM)
+-    max_push_offset = 256;
++  if (frame.wb_pop_candidate1 != INVALID_REGNUM)
++    {
++      if (frame.wb_pop_candidate2 != INVALID_REGNUM)
++	max_push_offset = 512;
++      else
++	max_push_offset = 256;
++    }
+ 
+   HOST_WIDE_INT const_size, const_below_saved_regs, const_above_fp;
+   HOST_WIDE_INT const_saved_regs_size;
+@@ -9654,29 +9665,6 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2,
+     = (final_adjustment_p
+        ? guard_used_by_caller + byte_sp_alignment
+        : guard_size - guard_used_by_caller);
+-  /* When doing the final adjustment for the outgoing arguments, take into
+-     account any unprobed space there is above the current SP.  There are
+-     two cases:
+-
+-     - When saving SVE registers below the hard frame pointer, we force
+-       the lowest save to take place in the prologue before doing the final
+-       adjustment (i.e. we don't allow the save to be shrink-wrapped).
+-       This acts as a probe at SP, so there is no unprobed space.
+-
+-     - When there are no SVE register saves, we use the store of the link
+-       register as a probe.  We can't assume that LR was saved at position 0
+-       though, so treat any space below it as unprobed.  */
+-  if (final_adjustment_p
+-      && known_eq (frame.below_hard_fp_saved_regs_size, 0))
+-    {
+-      poly_int64 lr_offset = (frame.reg_offset[LR_REGNUM]
+-			      - frame.bytes_below_saved_regs);
+-      if (known_ge (lr_offset, 0))
+-	min_probe_threshold -= lr_offset.to_constant ();
+-      else
+-	gcc_assert (!flag_stack_clash_protection || known_eq (poly_size, 0));
+-    }
+-
+   poly_int64 frame_size = frame.frame_size;
+ 
+   /* We should always have a positive probe threshold.  */
+@@ -9856,8 +9844,8 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2,
+       if (final_adjustment_p && rounded_size != 0)
+ 	min_probe_threshold = 0;
+       /* If doing a small final adjustment, we always probe at offset 0.
+-	 This is done to avoid issues when LR is not at position 0 or when
+-	 the final adjustment is smaller than the probing offset.  */
++	 This is done to avoid issues when the final adjustment is smaller
++	 than the probing offset.  */
+       else if (final_adjustment_p && rounded_size == 0)
+ 	residual_probe_offset = 0;
+ 
+diff --git a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c
+new file mode 100644
+index 00000000000..82447d20fff
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c
+@@ -0,0 +1,100 @@
++/* { dg-options "-O2 -fstack-clash-protection -fomit-frame-pointer --param stack-clash-protection-guard-size=12" } */
++/* { dg-final { check-function-bodies "**" "" } } */
++
++void f(int, ...);
++void g();
++
++/*
++** test1:
++**	...
++**	str	x30, \[sp\]
++**	sub	sp, sp, #4064
++**	str	xzr, \[sp\]
++**	cbnz	w0, .*
++**	bl	g
++**	...
++**	str	x26, \[sp, #?4128\]
++**	...
++*/
++int test1(int z) {
++  __uint128_t x = 0;
++  int y[0x400];
++  if (z)
++    {
++      asm volatile ("" :::
++		    "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26");
++      f(0, 0, 0, 0, 0, 0, 0, &y,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x);
++    }
++  g();
++  return 1;
++}
++
++/*
++** test2:
++**	...
++**	str	x30, \[sp\]
++**	sub	sp, sp, #1040
++**	str	xzr, \[sp\]
++**	cbnz	w0, .*
++**	bl	g
++**	...
++*/
++int test2(int z) {
++  __uint128_t x = 0;
++  int y[0x400];
++  if (z)
++    {
++      asm volatile ("" :::
++		    "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26");
++      f(0, 0, 0, 0, 0, 0, 0, &y,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x);
++    }
++  g();
++  return 1;
++}
++
++/*
++** test3:
++**	...
++**	str	x30, \[sp\]
++**	sub	sp, sp, #1024
++**	cbnz	w0, .*
++**	bl	g
++**	...
++*/
++int test3(int z) {
++  __uint128_t x = 0;
++  int y[0x400];
++  if (z)
++    {
++      asm volatile ("" :::
++		    "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26");
++      f(0, 0, 0, 0, 0, 0, 0, &y,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x);
++    }
++  g();
++  return 1;
++}
+diff --git a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-19.c b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-19.c
+new file mode 100644
+index 00000000000..73ac3e4e4eb
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-19.c
+@@ -0,0 +1,100 @@
++/* { dg-options "-O2 -fstack-clash-protection -fomit-frame-pointer --param stack-clash-protection-guard-size=12 -fsanitize=shadow-call-stack -ffixed-x18" } */
++/* { dg-final { check-function-bodies "**" "" } } */
++
++void f(int, ...);
++void g();
++
++/*
++** test1:
++**	...
++**	str	x30, \[sp\]
++**	sub	sp, sp, #4064
++**	str	xzr, \[sp\]
++**	cbnz	w0, .*
++**	bl	g
++**	...
++**	str	x26, \[sp, #?4128\]
++**	...
++*/
++int test1(int z) {
++  __uint128_t x = 0;
++  int y[0x400];
++  if (z)
++    {
++      asm volatile ("" :::
++		    "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26");
++      f(0, 0, 0, 0, 0, 0, 0, &y,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x);
++    }
++  g();
++  return 1;
++}
++
++/*
++** test2:
++**	...
++**	str	x30, \[sp\]
++**	sub	sp, sp, #1040
++**	str	xzr, \[sp\]
++**	cbnz	w0, .*
++**	bl	g
++**	...
++*/
++int test2(int z) {
++  __uint128_t x = 0;
++  int y[0x400];
++  if (z)
++    {
++      asm volatile ("" :::
++		    "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26");
++      f(0, 0, 0, 0, 0, 0, 0, &y,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x);
++    }
++  g();
++  return 1;
++}
++
++/*
++** test3:
++**	...
++**	str	x30, \[sp\]
++**	sub	sp, sp, #1024
++**	cbnz	w0, .*
++**	bl	g
++**	...
++*/
++int test3(int z) {
++  __uint128_t x = 0;
++  int y[0x400];
++  if (z)
++    {
++      asm volatile ("" :::
++		    "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26");
++      f(0, 0, 0, 0, 0, 0, 0, &y,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
++	x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x);
++    }
++  g();
++  return 1;
++}
+diff --git a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-20.c b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-20.c
+new file mode 100644
+index 00000000000..690aae8dfd5
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-20.c
+@@ -0,0 +1,3 @@
++/* { dg-options "-O2 -fstack-protector-all -fstack-clash-protection -fomit-frame-pointer --param stack-clash-protection-guard-size=12 -fsanitize=shadow-call-stack -ffixed-x18" } */
++
++#include "stack-check-prologue-19.c"
+-- 
+2.34.1
+
+
+From eea1759073e09dd1aefbc9a881601ab1eebfdd18 Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:19 +0100
+Subject: [PATCH 16/19] aarch64: Simplify probe of final frame allocation
+
+Previous patches ensured that the final frame allocation only needs
+a probe when the size is strictly greater than 1KiB.  It's therefore
+safe to use the normal 1024 probe offset in all cases.
+
+The main motivation for doing this is to simplify the code and
+remove the number of special cases.
+
+gcc/
+	* config/aarch64/aarch64.cc (aarch64_allocate_and_probe_stack_space):
+	Always probe the residual allocation at offset 1024, asserting
+	that that is in range.
+
+gcc/testsuite/
+	* gcc.target/aarch64/stack-check-prologue-17.c: Expect the probe
+	to be at offset 1024 rather than offset 0.
+	* gcc.target/aarch64/stack-check-prologue-18.c: Likewise.
+	* gcc.target/aarch64/stack-check-prologue-19.c: Likewise.
+---
+ gcc/config/aarch64/aarch64.cc                        | 12 ++++--------
+ .../gcc.target/aarch64/stack-check-prologue-17.c     |  2 +-
+ .../gcc.target/aarch64/stack-check-prologue-18.c     |  4 ++--
+ .../gcc.target/aarch64/stack-check-prologue-19.c     |  4 ++--
+ 4 files changed, 9 insertions(+), 13 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index a765f92329d..37809a306f7 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -9838,16 +9838,12 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2,
+      are still safe.  */
+   if (residual)
+     {
+-      HOST_WIDE_INT residual_probe_offset = guard_used_by_caller;
++      gcc_assert (guard_used_by_caller + byte_sp_alignment <= size);
++
+       /* If we're doing final adjustments, and we've done any full page
+ 	 allocations then any residual needs to be probed.  */
+       if (final_adjustment_p && rounded_size != 0)
+ 	min_probe_threshold = 0;
+-      /* If doing a small final adjustment, we always probe at offset 0.
+-	 This is done to avoid issues when the final adjustment is smaller
+-	 than the probing offset.  */
+-      else if (final_adjustment_p && rounded_size == 0)
+-	residual_probe_offset = 0;
+ 
+       aarch64_sub_sp (temp1, temp2, residual, frame_related_p);
+       if (residual >= min_probe_threshold)
+@@ -9858,8 +9854,8 @@ aarch64_allocate_and_probe_stack_space (rtx temp1, rtx temp2,
+ 		     HOST_WIDE_INT_PRINT_DEC " bytes, probing will be required."
+ 		     "\n", residual);
+ 
+-	    emit_stack_probe (plus_constant (Pmode, stack_pointer_rtx,
+-					     residual_probe_offset));
++	  emit_stack_probe (plus_constant (Pmode, stack_pointer_rtx,
++					   guard_used_by_caller));
+ 	  emit_insn (gen_blockage ());
+ 	}
+     }
+diff --git a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c
+index 0d8a25d73a2..f0ec1389771 100644
+--- a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c
++++ b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c
+@@ -33,7 +33,7 @@ int test1(int z) {
+ **	...
+ **	str	x30, \[sp\]
+ **	sub	sp, sp, #1040
+-**	str	xzr, \[sp\]
++**	str	xzr, \[sp, #?1024\]
+ **	cbnz	w0, .*
+ **	bl	g
+ **	...
+diff --git a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c
+index 82447d20fff..6383bec5ebc 100644
+--- a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c
++++ b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c
+@@ -9,7 +9,7 @@ void g();
+ **	...
+ **	str	x30, \[sp\]
+ **	sub	sp, sp, #4064
+-**	str	xzr, \[sp\]
++**	str	xzr, \[sp, #?1024\]
+ **	cbnz	w0, .*
+ **	bl	g
+ **	...
+@@ -50,7 +50,7 @@ int test1(int z) {
+ **	...
+ **	str	x30, \[sp\]
+ **	sub	sp, sp, #1040
+-**	str	xzr, \[sp\]
++**	str	xzr, \[sp, #?1024\]
+ **	cbnz	w0, .*
+ **	bl	g
+ **	...
+diff --git a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-19.c b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-19.c
+index 73ac3e4e4eb..562039b5e9b 100644
+--- a/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-19.c
++++ b/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-19.c
+@@ -9,7 +9,7 @@ void g();
+ **	...
+ **	str	x30, \[sp\]
+ **	sub	sp, sp, #4064
+-**	str	xzr, \[sp\]
++**	str	xzr, \[sp, #?1024\]
+ **	cbnz	w0, .*
+ **	bl	g
+ **	...
+@@ -50,7 +50,7 @@ int test1(int z) {
+ **	...
+ **	str	x30, \[sp\]
+ **	sub	sp, sp, #1040
+-**	str	xzr, \[sp\]
++**	str	xzr, \[sp, #?1024\]
+ **	cbnz	w0, .*
+ **	bl	g
+ **	...
+-- 
+2.34.1
+
+
+From 96d85187c3b9c9a7efc2fd698c3d452e80d8aa47 Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:20 +0100
+Subject: [PATCH 17/19] aarch64: Explicitly record probe registers in frame
+ info
+
+The stack frame is currently divided into three areas:
+
+A: the area above the hard frame pointer
+B: the SVE saves below the hard frame pointer
+C: the outgoing arguments
+
+If the stack frame is allocated in one chunk, the allocation needs a
+probe if the frame size is >= guard_size - 1KiB.  In addition, if the
+function is not a leaf function, it must probe an address no more than
+1KiB above the outgoing SP.  We ensured the second condition by
+
+(1) using single-chunk allocations for non-leaf functions only if
+    the link register save slot is within 512 bytes of the bottom
+    of the frame; and
+
+(2) using the link register save as a probe (meaning, for instance,
+    that it can't be individually shrink wrapped)
+
+If instead the stack is allocated in multiple chunks, then:
+
+* an allocation involving only the outgoing arguments (C above) requires
+  a probe if the allocation size is > 1KiB
+
+* any other allocation requires a probe if the allocation size
+  is >= guard_size - 1KiB
+
+* second and subsequent allocations require the previous allocation
+  to probe at the bottom of the allocated area, regardless of the size
+  of that previous allocation
+
+The final point means that, unlike for single allocations,
+it can be necessary to have both a non-SVE register probe and
+an SVE register probe.  For example:
+
+* allocate A, probe using a non-SVE register save
+* allocate B, probe using an SVE register save
+* allocate C
+
+The non-SVE register used in this case was again the link register.
+It was previously used even if the link register save slot was some
+bytes above the bottom of the non-SVE register saves, but an earlier
+patch avoided that by putting the link register save slot first.
+
+As a belt-and-braces fix, this patch explicitly records which
+probe registers we're using and allows the non-SVE probe to be
+whichever register comes first (as for SVE).
+
+The patch also avoids unnecessary probes in sve/pcs/stack_clash_3.c.
+
+gcc/
+	* config/aarch64/aarch64.h (aarch64_frame::sve_save_and_probe)
+	(aarch64_frame::hard_fp_save_and_probe): New fields.
+	* config/aarch64/aarch64.cc (aarch64_layout_frame): Initialize them.
+	Rather than asserting that a leaf function saves LR, instead assert
+	that a leaf function saves something.
+	(aarch64_get_separate_components): Prevent the chosen probe
+	registers from being individually shrink-wrapped.
+	(aarch64_allocate_and_probe_stack_space): Remove workaround for
+	probe registers that aren't at the bottom of the previous allocation.
+
+gcc/testsuite/
+	* gcc.target/aarch64/sve/pcs/stack_clash_3.c: Avoid redundant probes.
+---
+ gcc/config/aarch64/aarch64.cc                 | 68 +++++++++++++++----
+ gcc/config/aarch64/aarch64.h                  |  8 +++
+ .../aarch64/sve/pcs/stack_clash_3.c           |  6 +-
+ 3 files changed, 64 insertions(+), 18 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index 37809a306f7..6c59c39a639 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -8471,15 +8471,11 @@ aarch64_layout_frame (void)
+ 	&& !crtl->abi->clobbers_full_reg_p (regno))
+       frame.reg_offset[regno] = SLOT_REQUIRED;
+ 
+-  /* With stack-clash, LR must be saved in non-leaf functions.  The saving of
+-     LR counts as an implicit probe which allows us to maintain the invariant
+-     described in the comment at expand_prologue.  */
+-  gcc_assert (crtl->is_leaf
+-	      || maybe_ne (frame.reg_offset[R30_REGNUM], SLOT_NOT_REQUIRED));
+ 
+   poly_int64 offset = crtl->outgoing_args_size;
+   gcc_assert (multiple_p (offset, STACK_BOUNDARY / BITS_PER_UNIT));
+   frame.bytes_below_saved_regs = offset;
++  frame.sve_save_and_probe = INVALID_REGNUM;
+ 
+   /* Now assign stack slots for the registers.  Start with the predicate
+      registers, since predicate LDR and STR have a relatively small
+@@ -8487,6 +8483,8 @@ aarch64_layout_frame (void)
+   for (regno = P0_REGNUM; regno <= P15_REGNUM; regno++)
+     if (known_eq (frame.reg_offset[regno], SLOT_REQUIRED))
+       {
++	if (frame.sve_save_and_probe == INVALID_REGNUM)
++	  frame.sve_save_and_probe = regno;
+ 	frame.reg_offset[regno] = offset;
+ 	offset += BYTES_PER_SVE_PRED;
+       }
+@@ -8524,6 +8522,8 @@ aarch64_layout_frame (void)
+     for (regno = V0_REGNUM; regno <= V31_REGNUM; regno++)
+       if (known_eq (frame.reg_offset[regno], SLOT_REQUIRED))
+ 	{
++	  if (frame.sve_save_and_probe == INVALID_REGNUM)
++	    frame.sve_save_and_probe = regno;
+ 	  frame.reg_offset[regno] = offset;
+ 	  offset += vector_save_size;
+ 	}
+@@ -8533,10 +8533,18 @@ aarch64_layout_frame (void)
+   frame.below_hard_fp_saved_regs_size = offset - frame.bytes_below_saved_regs;
+   bool saves_below_hard_fp_p
+     = maybe_ne (frame.below_hard_fp_saved_regs_size, 0);
++  gcc_assert (!saves_below_hard_fp_p
++	      || (frame.sve_save_and_probe != INVALID_REGNUM
++		  && known_eq (frame.reg_offset[frame.sve_save_and_probe],
++			       frame.bytes_below_saved_regs)));
++
+   frame.bytes_below_hard_fp = offset;
++  frame.hard_fp_save_and_probe = INVALID_REGNUM;
+ 
+   auto allocate_gpr_slot = [&](unsigned int regno)
+     {
++      if (frame.hard_fp_save_and_probe == INVALID_REGNUM)
++	frame.hard_fp_save_and_probe = regno;
+       frame.reg_offset[regno] = offset;
+       if (frame.wb_push_candidate1 == INVALID_REGNUM)
+ 	frame.wb_push_candidate1 = regno;
+@@ -8570,6 +8578,8 @@ aarch64_layout_frame (void)
+   for (regno = V0_REGNUM; regno <= V31_REGNUM; regno++)
+     if (known_eq (frame.reg_offset[regno], SLOT_REQUIRED))
+       {
++	if (frame.hard_fp_save_and_probe == INVALID_REGNUM)
++	  frame.hard_fp_save_and_probe = regno;
+ 	/* If there is an alignment gap between integer and fp callee-saves,
+ 	   allocate the last fp register to it if possible.  */
+ 	if (regno == last_fp_reg
+@@ -8593,6 +8603,17 @@ aarch64_layout_frame (void)
+   offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT);
+ 
+   frame.saved_regs_size = offset - frame.bytes_below_saved_regs;
++  gcc_assert (known_eq (frame.saved_regs_size,
++			frame.below_hard_fp_saved_regs_size)
++	      || (frame.hard_fp_save_and_probe != INVALID_REGNUM
++		  && known_eq (frame.reg_offset[frame.hard_fp_save_and_probe],
++			       frame.bytes_below_hard_fp)));
++
++  /* With stack-clash, a register must be saved in non-leaf functions.
++     The saving of the bottommost register counts as an implicit probe,
++     which allows us to maintain the invariant described in the comment
++     at expand_prologue.  */
++  gcc_assert (crtl->is_leaf || maybe_ne (frame.saved_regs_size, 0));
+ 
+   offset += get_frame_size ();
+   offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT);
+@@ -8723,6 +8744,25 @@ aarch64_layout_frame (void)
+       frame.final_adjust = frame.bytes_below_saved_regs;
+     }
+ 
++  /* The frame is allocated in pieces, with each non-final piece
++     including a register save at offset 0 that acts as a probe for
++     the following piece.  In addition, the save of the bottommost register
++     acts as a probe for callees and allocas.  Roll back any probes that
++     aren't needed.
++
++     A probe isn't needed if it is associated with the final allocation
++     (including callees and allocas) that happens before the epilogue is
++     executed.  */
++  if (crtl->is_leaf
++      && !cfun->calls_alloca
++      && known_eq (frame.final_adjust, 0))
++    {
++      if (maybe_ne (frame.sve_callee_adjust, 0))
++	frame.sve_save_and_probe = INVALID_REGNUM;
++      else
++	frame.hard_fp_save_and_probe = INVALID_REGNUM;
++    }
++
+   /* Make sure the individual adjustments add up to the full frame size.  */
+   gcc_assert (known_eq (frame.initial_adjust
+ 			+ frame.callee_adjust
+@@ -9354,13 +9394,6 @@ aarch64_get_separate_components (void)
+ 
+ 	poly_int64 offset = frame.reg_offset[regno];
+ 
+-	/* If the register is saved in the first SVE save slot, we use
+-	   it as a stack probe for -fstack-clash-protection.  */
+-	if (flag_stack_clash_protection
+-	    && maybe_ne (frame.below_hard_fp_saved_regs_size, 0)
+-	    && known_eq (offset, frame.bytes_below_saved_regs))
+-	  continue;
+-
+ 	/* Get the offset relative to the register we'll use.  */
+ 	if (frame_pointer_needed)
+ 	  offset -= frame.bytes_below_hard_fp;
+@@ -9395,6 +9428,13 @@ aarch64_get_separate_components (void)
+ 
+   bitmap_clear_bit (components, LR_REGNUM);
+   bitmap_clear_bit (components, SP_REGNUM);
++  if (flag_stack_clash_protection)
++    {
++      if (frame.sve_save_and_probe != INVALID_REGNUM)
++	bitmap_clear_bit (components, frame.sve_save_and_probe);
++      if (frame.hard_fp_save_and_probe != INVALID_REGNUM)
++	bitmap_clear_bit (components, frame.hard_fp_save_and_probe);
++    }
+ 
+   return components;
+ }
+@@ -9931,8 +9971,8 @@ aarch64_epilogue_uses (int regno)
+    When probing is needed, we emit a probe at the start of the prologue
+    and every PARAM_STACK_CLASH_PROTECTION_GUARD_SIZE bytes thereafter.
+ 
+-   We have to track how much space has been allocated and the only stores
+-   to the stack we track as implicit probes are the FP/LR stores.
++   We can also use register saves as probes.  These are stored in
++   sve_save_and_probe and hard_fp_save_and_probe.
+ 
+    For outgoing arguments we probe if the size is larger than 1KB, such that
+    the ABI specified buffer is maintained for the next callee.
+diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
+index c8becb098c8..fbfb73545ba 100644
+--- a/gcc/config/aarch64/aarch64.h
++++ b/gcc/config/aarch64/aarch64.h
+@@ -863,6 +863,14 @@ struct GTY (()) aarch64_frame
+      This is the register they should use.  */
+   unsigned spare_pred_reg;
+ 
++  /* An SVE register that is saved below the hard frame pointer and that acts
++     as a probe for later allocations, or INVALID_REGNUM if none.  */
++  unsigned sve_save_and_probe;
++
++  /* A register that is saved at the hard frame pointer and that acts
++     as a probe for later allocations, or INVALID_REGNUM if none.  */
++  unsigned hard_fp_save_and_probe;
++
+   bool laid_out;
+ 
+   /* True if shadow call stack should be enabled for the current function.  */
+diff --git a/gcc/testsuite/gcc.target/aarch64/sve/pcs/stack_clash_3.c b/gcc/testsuite/gcc.target/aarch64/sve/pcs/stack_clash_3.c
+index 3e01ec36c3a..3530a0d504b 100644
+--- a/gcc/testsuite/gcc.target/aarch64/sve/pcs/stack_clash_3.c
++++ b/gcc/testsuite/gcc.target/aarch64/sve/pcs/stack_clash_3.c
+@@ -11,11 +11,10 @@
+ **	mov	x11, sp
+ **	...
+ **	sub	sp, sp, x13
+-**	str	p4, \[sp\]
+ **	cbz	w0, [^\n]*
++**	str	p4, \[sp\]
+ **	...
+ **	ptrue	p0\.b, all
+-**	ldr	p4, \[sp\]
+ **	addvl	sp, sp, #1
+ **	ldr	x24, \[sp\], 32
+ **	ret
+@@ -39,13 +38,12 @@ test_1 (int n)
+ **	mov	x11, sp
+ **	...
+ **	sub	sp, sp, x13
+-**	str	p4, \[sp\]
+ **	cbz	w0, [^\n]*
++**	str	p4, \[sp\]
+ **	str	p5, \[sp, #1, mul vl\]
+ **	str	p6, \[sp, #2, mul vl\]
+ **	...
+ **	ptrue	p0\.b, all
+-**	ldr	p4, \[sp\]
+ **	addvl	sp, sp, #1
+ **	ldr	x24, \[sp\], 32
+ **	ret
+-- 
+2.34.1
+
+
+From 56df065080950bb30dda9c260f71be54269bdda5 Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:20 +0100
+Subject: [PATCH 18/19] aarch64: Remove below_hard_fp_saved_regs_size
+
+After previous patches, it's no longer necessary to store
+saved_regs_size and below_hard_fp_saved_regs_size in the frame info.
+All measurements instead use the top or bottom of the frame as
+reference points.
+
+gcc/
+	* config/aarch64/aarch64.h (aarch64_frame::saved_regs_size)
+	(aarch64_frame::below_hard_fp_saved_regs_size): Delete.
+	* config/aarch64/aarch64.cc (aarch64_layout_frame): Update accordingly.
+---
+ gcc/config/aarch64/aarch64.cc | 45 ++++++++++++++++-------------------
+ gcc/config/aarch64/aarch64.h  |  7 ------
+ 2 files changed, 21 insertions(+), 31 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index 6c59c39a639..b95e805a8cc 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -8530,9 +8530,8 @@ aarch64_layout_frame (void)
+ 
+   /* OFFSET is now the offset of the hard frame pointer from the bottom
+      of the callee save area.  */
+-  frame.below_hard_fp_saved_regs_size = offset - frame.bytes_below_saved_regs;
+-  bool saves_below_hard_fp_p
+-    = maybe_ne (frame.below_hard_fp_saved_regs_size, 0);
++  auto below_hard_fp_saved_regs_size = offset - frame.bytes_below_saved_regs;
++  bool saves_below_hard_fp_p = maybe_ne (below_hard_fp_saved_regs_size, 0);
+   gcc_assert (!saves_below_hard_fp_p
+ 	      || (frame.sve_save_and_probe != INVALID_REGNUM
+ 		  && known_eq (frame.reg_offset[frame.sve_save_and_probe],
+@@ -8602,9 +8601,8 @@ aarch64_layout_frame (void)
+ 
+   offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT);
+ 
+-  frame.saved_regs_size = offset - frame.bytes_below_saved_regs;
+-  gcc_assert (known_eq (frame.saved_regs_size,
+-			frame.below_hard_fp_saved_regs_size)
++  auto saved_regs_size = offset - frame.bytes_below_saved_regs;
++  gcc_assert (known_eq (saved_regs_size, below_hard_fp_saved_regs_size)
+ 	      || (frame.hard_fp_save_and_probe != INVALID_REGNUM
+ 		  && known_eq (frame.reg_offset[frame.hard_fp_save_and_probe],
+ 			       frame.bytes_below_hard_fp)));
+@@ -8613,7 +8611,7 @@ aarch64_layout_frame (void)
+      The saving of the bottommost register counts as an implicit probe,
+      which allows us to maintain the invariant described in the comment
+      at expand_prologue.  */
+-  gcc_assert (crtl->is_leaf || maybe_ne (frame.saved_regs_size, 0));
++  gcc_assert (crtl->is_leaf || maybe_ne (saved_regs_size, 0));
+ 
+   offset += get_frame_size ();
+   offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT);
+@@ -8670,7 +8668,7 @@ aarch64_layout_frame (void)
+ 
+   HOST_WIDE_INT const_size, const_below_saved_regs, const_above_fp;
+   HOST_WIDE_INT const_saved_regs_size;
+-  if (known_eq (frame.saved_regs_size, 0))
++  if (known_eq (saved_regs_size, 0))
+     frame.initial_adjust = frame.frame_size;
+   else if (frame.frame_size.is_constant (&const_size)
+ 	   && const_size < max_push_offset
+@@ -8683,7 +8681,7 @@ aarch64_layout_frame (void)
+       frame.callee_adjust = const_size;
+     }
+   else if (frame.bytes_below_saved_regs.is_constant (&const_below_saved_regs)
+-	   && frame.saved_regs_size.is_constant (&const_saved_regs_size)
++	   && saved_regs_size.is_constant (&const_saved_regs_size)
+ 	   && const_below_saved_regs + const_saved_regs_size < 512
+ 	   /* We could handle this case even with data below the saved
+ 	      registers, provided that that data left us with valid offsets
+@@ -8702,8 +8700,7 @@ aarch64_layout_frame (void)
+       frame.initial_adjust = frame.frame_size;
+     }
+   else if (saves_below_hard_fp_p
+-	   && known_eq (frame.saved_regs_size,
+-			frame.below_hard_fp_saved_regs_size))
++	   && known_eq (saved_regs_size, below_hard_fp_saved_regs_size))
+     {
+       /* Frame in which all saves are SVE saves:
+ 
+@@ -8725,7 +8722,7 @@ aarch64_layout_frame (void)
+ 	 [save SVE registers relative to SP]
+ 	 sub sp, sp, bytes_below_saved_regs  */
+       frame.callee_adjust = const_above_fp;
+-      frame.sve_callee_adjust = frame.below_hard_fp_saved_regs_size;
++      frame.sve_callee_adjust = below_hard_fp_saved_regs_size;
+       frame.final_adjust = frame.bytes_below_saved_regs;
+     }
+   else
+@@ -8740,7 +8737,7 @@ aarch64_layout_frame (void)
+ 	 [save SVE registers relative to SP]
+ 	 sub sp, sp, bytes_below_saved_regs  */
+       frame.initial_adjust = frame.bytes_above_hard_fp;
+-      frame.sve_callee_adjust = frame.below_hard_fp_saved_regs_size;
++      frame.sve_callee_adjust = below_hard_fp_saved_regs_size;
+       frame.final_adjust = frame.bytes_below_saved_regs;
+     }
+ 
+@@ -9936,17 +9933,17 @@ aarch64_epilogue_uses (int regno)
+ 	|  local variables              | <-- frame_pointer_rtx
+ 	|                               |
+ 	+-------------------------------+
+-	|  padding                      | \
+-	+-------------------------------+  |
+-	|  callee-saved registers       |  | frame.saved_regs_size
+-	+-------------------------------+  |
+-	|  LR'                          |  |
+-	+-------------------------------+  |
+-	|  FP'                          |  |
+-	+-------------------------------+  |<- hard_frame_pointer_rtx (aligned)
+-	|  SVE vector registers         |  | \
+-	+-------------------------------+  |  | below_hard_fp_saved_regs_size
+-	|  SVE predicate registers      | /  /
++	|  padding                      |
++	+-------------------------------+
++	|  callee-saved registers       |
++	+-------------------------------+
++	|  LR'                          |
++	+-------------------------------+
++	|  FP'                          |
++	+-------------------------------+ <-- hard_frame_pointer_rtx (aligned)
++	|  SVE vector registers         |
++	+-------------------------------+
++	|  SVE predicate registers      |
+ 	+-------------------------------+
+ 	|  dynamic allocation           |
+ 	+-------------------------------+
+diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
+index fbfb73545ba..cfeaf4657ab 100644
+--- a/gcc/config/aarch64/aarch64.h
++++ b/gcc/config/aarch64/aarch64.h
+@@ -777,18 +777,11 @@ struct GTY (()) aarch64_frame
+      STACK_BOUNDARY.  */
+   HOST_WIDE_INT saved_varargs_size;
+ 
+-  /* The size of the callee-save registers with a slot in REG_OFFSET.  */
+-  poly_int64 saved_regs_size;
+-
+   /* The number of bytes between the bottom of the static frame (the bottom
+      of the outgoing arguments) and the bottom of the register save area.
+      This value is always a multiple of STACK_BOUNDARY.  */
+   poly_int64 bytes_below_saved_regs;
+ 
+-  /* The size of the callee-save registers with a slot in REG_OFFSET that
+-     are saved below the hard frame pointer.  */
+-  poly_int64 below_hard_fp_saved_regs_size;
+-
+   /* The number of bytes between the bottom of the static frame (the bottom
+      of the outgoing arguments) and the hard frame pointer.  This value is
+      always a multiple of STACK_BOUNDARY.  */
+-- 
+2.34.1
+
+
+From b96e66fd4ef3e36983969fb8cdd1956f551a074b Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 12 Sep 2023 16:07:21 +0100
+Subject: [PATCH 19/19] aarch64: Make stack smash canary protect saved
+ registers
+
+AArch64 normally puts the saved registers near the bottom of the frame,
+immediately above any dynamic allocations.  But this means that a
+stack-smash attack on those dynamic allocations could overwrite the
+saved registers without needing to reach as far as the stack smash
+canary.
+
+The same thing could also happen for variable-sized arguments that are
+passed by value, since those are allocated before a call and popped on
+return.
+
+This patch avoids that by putting the locals (and thus the canary) below
+the saved registers when stack smash protection is active.
+
+The patch fixes CVE-2023-4039.
+
+gcc/
+	* config/aarch64/aarch64.cc (aarch64_save_regs_above_locals_p):
+	New function.
+	(aarch64_layout_frame): Use it to decide whether locals should
+	go above or below the saved registers.
+	(aarch64_expand_prologue): Update stack layout comment.
+	Emit a stack tie after the final adjustment.
+
+gcc/testsuite/
+	* gcc.target/aarch64/stack-protector-8.c: New test.
+	* gcc.target/aarch64/stack-protector-9.c: Likewise.
+---
+ gcc/config/aarch64/aarch64.cc                 | 46 +++++++--
+ .../gcc.target/aarch64/stack-protector-8.c    | 95 +++++++++++++++++++
+ .../gcc.target/aarch64/stack-protector-9.c    | 33 +++++++
+ 3 files changed, 168 insertions(+), 6 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.target/aarch64/stack-protector-8.c
+ create mode 100644 gcc/testsuite/gcc.target/aarch64/stack-protector-9.c
+
+diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
+index b95e805a8cc..389c0e29353 100644
+--- a/gcc/config/aarch64/aarch64.cc
++++ b/gcc/config/aarch64/aarch64.cc
+@@ -8394,6 +8394,20 @@ aarch64_needs_frame_chain (void)
+   return aarch64_use_frame_pointer;
+ }
+ 
++/* Return true if the current function should save registers above
++   the locals area, rather than below it.  */
++
++static bool
++aarch64_save_regs_above_locals_p ()
++{
++  /* When using stack smash protection, make sure that the canary slot
++     comes between the locals and the saved registers.  Otherwise,
++     it would be possible for a carefully sized smash attack to change
++     the saved registers (particularly LR and FP) without reaching the
++     canary.  */
++  return crtl->stack_protect_guard;
++}
++
+ /* Mark the registers that need to be saved by the callee and calculate
+    the size of the callee-saved registers area and frame record (both FP
+    and LR may be omitted).  */
+@@ -8405,6 +8419,7 @@ aarch64_layout_frame (void)
+   poly_int64 vector_save_size = GET_MODE_SIZE (vector_save_mode);
+   bool frame_related_fp_reg_p = false;
+   aarch64_frame &frame = cfun->machine->frame;
++  poly_int64 top_of_locals = -1;
+ 
+   frame.emit_frame_chain = aarch64_needs_frame_chain ();
+ 
+@@ -8471,9 +8486,16 @@ aarch64_layout_frame (void)
+ 	&& !crtl->abi->clobbers_full_reg_p (regno))
+       frame.reg_offset[regno] = SLOT_REQUIRED;
+ 
++  bool regs_at_top_p = aarch64_save_regs_above_locals_p ();
+ 
+   poly_int64 offset = crtl->outgoing_args_size;
+   gcc_assert (multiple_p (offset, STACK_BOUNDARY / BITS_PER_UNIT));
++  if (regs_at_top_p)
++    {
++      offset += get_frame_size ();
++      offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT);
++      top_of_locals = offset;
++    }
+   frame.bytes_below_saved_regs = offset;
+   frame.sve_save_and_probe = INVALID_REGNUM;
+ 
+@@ -8613,15 +8635,18 @@ aarch64_layout_frame (void)
+      at expand_prologue.  */
+   gcc_assert (crtl->is_leaf || maybe_ne (saved_regs_size, 0));
+ 
+-  offset += get_frame_size ();
+-  offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT);
+-  auto top_of_locals = offset;
+-
++  if (!regs_at_top_p)
++    {
++      offset += get_frame_size ();
++      offset = aligned_upper_bound (offset, STACK_BOUNDARY / BITS_PER_UNIT);
++      top_of_locals = offset;
++    }
+   offset += frame.saved_varargs_size;
+   gcc_assert (multiple_p (offset, STACK_BOUNDARY / BITS_PER_UNIT));
+   frame.frame_size = offset;
+ 
+   frame.bytes_above_hard_fp = frame.frame_size - frame.bytes_below_hard_fp;
++  gcc_assert (known_ge (top_of_locals, 0));
+   frame.bytes_above_locals = frame.frame_size - top_of_locals;
+ 
+   frame.initial_adjust = 0;
+@@ -9930,10 +9955,10 @@ aarch64_epilogue_uses (int regno)
+ 	|  for register varargs         |
+ 	|                               |
+ 	+-------------------------------+
+-	|  local variables              | <-- frame_pointer_rtx
++	|  local variables (1)          | <-- frame_pointer_rtx
+ 	|                               |
+ 	+-------------------------------+
+-	|  padding                      |
++	|  padding (1)                  |
+ 	+-------------------------------+
+ 	|  callee-saved registers       |
+ 	+-------------------------------+
+@@ -9945,6 +9970,10 @@ aarch64_epilogue_uses (int regno)
+ 	+-------------------------------+
+ 	|  SVE predicate registers      |
+ 	+-------------------------------+
++	|  local variables (2)          |
++	+-------------------------------+
++	|  padding (2)                  |
++	+-------------------------------+
+ 	|  dynamic allocation           |
+ 	+-------------------------------+
+ 	|  padding                      |
+@@ -9954,6 +9983,9 @@ aarch64_epilogue_uses (int regno)
+ 	+-------------------------------+
+ 	|                               | <-- stack_pointer_rtx (aligned)
+ 
++   The regions marked (1) and (2) are mutually exclusive.  (2) is used
++   when aarch64_save_regs_above_locals_p is true.
++
+    Dynamic stack allocations via alloca() decrease stack_pointer_rtx
+    but leave frame_pointer_rtx and hard_frame_pointer_rtx
+    unchanged.
+@@ -10149,6 +10181,8 @@ aarch64_expand_prologue (void)
+   gcc_assert (known_eq (bytes_below_sp, final_adjust));
+   aarch64_allocate_and_probe_stack_space (tmp1_rtx, tmp0_rtx, final_adjust,
+ 					  !frame_pointer_needed, true);
++  if (emit_frame_chain && maybe_ne (final_adjust, 0))
++    emit_insn (gen_stack_tie (stack_pointer_rtx, hard_frame_pointer_rtx));
+ }
+ 
+ /* Return TRUE if we can use a simple_return insn.
+diff --git a/gcc/testsuite/gcc.target/aarch64/stack-protector-8.c b/gcc/testsuite/gcc.target/aarch64/stack-protector-8.c
+new file mode 100644
+index 00000000000..e71d820e365
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/aarch64/stack-protector-8.c
+@@ -0,0 +1,95 @@
++/* { dg-options " -O -fstack-protector-strong -mstack-protector-guard=sysreg -mstack-protector-guard-reg=tpidr2_el0 -mstack-protector-guard-offset=16" } */
++/* { dg-final { check-function-bodies "**" "" } } */
++
++void g(void *);
++__SVBool_t *h(void *);
++
++/*
++** test1:
++**	sub	sp, sp, #288
++**	stp	x29, x30, \[sp, #?272\]
++**	add	x29, sp, #?272
++**	mrs	(x[0-9]+), tpidr2_el0
++**	ldr	(x[0-9]+), \[\1, #?16\]
++**	str	\2, \[sp, #?264\]
++**	mov	\2, #?0
++**	add	x0, sp, #?8
++**	bl	g
++**	...
++**	mrs	.*
++**	...
++**	bne	.*
++**	...
++**	ldp	x29, x30, \[sp, #?272\]
++**	add	sp, sp, #?288
++**	ret
++**	bl	__stack_chk_fail
++*/
++int test1() {
++  int y[0x40];
++  g(y);
++  return 1;
++}
++
++/*
++** test2:
++**	stp	x29, x30, \[sp, #?-16\]!
++**	mov	x29, sp
++**	sub	sp, sp, #1040
++**	mrs	(x[0-9]+), tpidr2_el0
++**	ldr	(x[0-9]+), \[\1, #?16\]
++**	str	\2, \[sp, #?1032\]
++**	mov	\2, #?0
++**	add	x0, sp, #?8
++**	bl	g
++**	...
++**	mrs	.*
++**	...
++**	bne	.*
++**	...
++**	add	sp, sp, #?1040
++**	ldp	x29, x30, \[sp\], #?16
++**	ret
++**	bl	__stack_chk_fail
++*/
++int test2() {
++  int y[0x100];
++  g(y);
++  return 1;
++}
++
++#pragma GCC target "+sve"
++
++/*
++** test3:
++**	stp	x29, x30, \[sp, #?-16\]!
++**	mov	x29, sp
++**	addvl	sp, sp, #-18
++**	...
++**	str	p4, \[sp\]
++**	...
++**	sub	sp, sp, #272
++**	mrs	(x[0-9]+), tpidr2_el0
++**	ldr	(x[0-9]+), \[\1, #?16\]
++**	str	\2, \[sp, #?264\]
++**	mov	\2, #?0
++**	add	x0, sp, #?8
++**	bl	h
++**	...
++**	mrs	.*
++**	...
++**	bne	.*
++**	...
++**	add	sp, sp, #?272
++**	...
++**	ldr	p4, \[sp\]
++**	...
++**	addvl	sp, sp, #18
++**	ldp	x29, x30, \[sp\], #?16
++**	ret
++**	bl	__stack_chk_fail
++*/
++__SVBool_t test3() {
++  int y[0x40];
++  return *h(y);
++}
+diff --git a/gcc/testsuite/gcc.target/aarch64/stack-protector-9.c b/gcc/testsuite/gcc.target/aarch64/stack-protector-9.c
+new file mode 100644
+index 00000000000..58f322aa480
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/aarch64/stack-protector-9.c
+@@ -0,0 +1,33 @@
++/* { dg-options "-O2 -mcpu=neoverse-v1 -fstack-protector-all" } */
++/* { dg-final { check-function-bodies "**" "" } } */
++
++/*
++** main:
++**	...
++**	stp	x29, x30, \[sp, #?-[0-9]+\]!
++**	...
++**	sub	sp, sp, #[0-9]+
++**	...
++**	str	x[0-9]+, \[x29, #?-8\]
++**	...
++*/
++int f(const char *);
++void g(void *);
++int main(int argc, char* argv[])
++{
++  int a;
++  int b;
++  char c[2+f(argv[1])];
++  int d[0x100];
++  char y;
++
++  y=42; a=4; b=10;
++  c[0] = 'h'; c[1] = '\0';
++
++  c[f(argv[2])] = '\0';
++
++  __builtin_printf("%d %d\n%s\n", a, b, c);
++  g(d);
++
++  return 0;
++}
+-- 
+2.34.1
+
diff --git a/poky/meta/recipes-devtools/gdb/gdb-common.inc b/poky/meta/recipes-devtools/gdb/gdb-common.inc
index 12292f0..3349719 100644
--- a/poky/meta/recipes-devtools/gdb/gdb-common.inc
+++ b/poky/meta/recipes-devtools/gdb/gdb-common.inc
@@ -35,8 +35,7 @@
 PACKAGECONFIG[readline] = "--with-system-readline,--without-system-readline,readline"
 PACKAGECONFIG[python] = "--with-python=${WORKDIR}/python,--without-python,python3,python3-codecs"
 PACKAGECONFIG[babeltrace] = "--with-babeltrace,--without-babeltrace,babeltrace"
-# ncurses is already a hard DEPENDS, but would be added here if it weren't
-PACKAGECONFIG[tui] = "--enable-tui,--disable-tui"
+PACKAGECONFIG[tui] = "--enable-tui,--disable-tui,,ncurses-terminfo-base"
 PACKAGECONFIG[xz] = "--with-lzma --with-liblzma-prefix=${STAGING_DIR_HOST},--without-lzma,xz"
 PACKAGECONFIG[debuginfod] = "--with-debuginfod, --without-debuginfod, elfutils"
 
diff --git a/poky/meta/recipes-devtools/icecc-create-env/icecc-create-env_0.1.bb b/poky/meta/recipes-devtools/icecc-create-env/icecc-create-env_0.1.bb
index b716b02..1826c7a 100644
--- a/poky/meta/recipes-devtools/icecc-create-env/icecc-create-env_0.1.bb
+++ b/poky/meta/recipes-devtools/icecc-create-env/icecc-create-env_0.1.bb
@@ -7,7 +7,6 @@
 LICENSE = "GPL-2.0-or-later"
 LIC_FILES_CHKSUM = "file://icecc-create-env;beginline=2;endline=5;md5=ae1df3d6a058bfda40b66094c5f6065f"
 
-PR = "r2"
 
 DEPENDS = ""
 INHIBIT_DEFAULT_DEPS = "1"
diff --git a/poky/meta/recipes-devtools/jquery/jquery_3.7.0.bb b/poky/meta/recipes-devtools/jquery/jquery_3.7.1.bb
similarity index 81%
rename from poky/meta/recipes-devtools/jquery/jquery_3.7.0.bb
rename to poky/meta/recipes-devtools/jquery/jquery_3.7.1.bb
index eceed9c..33147b4 100644
--- a/poky/meta/recipes-devtools/jquery/jquery_3.7.0.bb
+++ b/poky/meta/recipes-devtools/jquery/jquery_3.7.1.bb
@@ -13,9 +13,9 @@
     https://code.jquery.com/${BP}.min.map;name=map;subdir=${BP} \
     "
 
-SRC_URI[js.sha256sum] = "265a924c42de4784cba8fd0e1bd77133bc833ea5f5a31fc77e08922c18fcfa43"
-SRC_URI[min.sha256sum] = "d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8"
-SRC_URI[map.sha256sum] = "cae47e834ee977975a48c851b165cc52ea916cc968ba7d280b1293f573cd1a48"
+SRC_URI[js.sha256sum] = "78a85aca2f0b110c29e0d2b137e09f0a1fb7a8e554b499f740d6744dc8962cfe"
+SRC_URI[min.sha256sum] = "fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a"
+SRC_URI[map.sha256sum] = "5e7d6d9c28b7f21006535e8875eb47e9667852a14c4624eed301c6cea19ae62b"
 
 UPSTREAM_CHECK_REGEX = "jquery-(?P<pver>\d+(\.\d+)+)\.js"
 
diff --git a/poky/meta/recipes-devtools/json-c/json-c/0001-Fix-build-with-clang-15.patch b/poky/meta/recipes-devtools/json-c/json-c/0001-Fix-build-with-clang-15.patch
deleted file mode 100644
index 215f4d8..0000000
--- a/poky/meta/recipes-devtools/json-c/json-c/0001-Fix-build-with-clang-15.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 0145b575ac1fe6a77e00d639864f26fc91ceb12f Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 13 Aug 2022 20:37:03 -0700
-Subject: [PATCH] Fix build with clang-15+
-
-Fixes
-json_util.c:63:35: error: a function declaration without a prototype is deprecated in all versions of C [-We
-rror,-Wstrict-prototypes]
-const char *json_util_get_last_err()
-                                  ^
-                                   void
-
-Upstream-Status: Backport [https://github.com/json-c/json-c/pull/783]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- json_util.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/json_util.c b/json_util.c
-index 952770a..83d9c68 100644
---- a/json_util.c
-+++ b/json_util.c
-@@ -60,7 +60,7 @@ static int _json_object_to_fd(int fd, struct json_object *obj, int flags, const
- 
- static char _last_err[256] = "";
- 
--const char *json_util_get_last_err()
-+const char *json_util_get_last_err(void)
- {
- 	if (_last_err[0] == '\0')
- 		return NULL;
--- 
-2.37.2
-
diff --git a/poky/meta/recipes-devtools/json-c/json-c/run-ptest b/poky/meta/recipes-devtools/json-c/json-c/run-ptest
index 9ee6095..2d0e94c 100644
--- a/poky/meta/recipes-devtools/json-c/json-c/run-ptest
+++ b/poky/meta/recipes-devtools/json-c/json-c/run-ptest
@@ -8,7 +8,7 @@
     # test_basic is not an own testcase, just
     # contains common code of other tests
     if [ "$i" != "test_basic.test" ]; then
-        if ./$i > json-c_test.log 2>&1 ; then
+        if ./$i >> json-c_test.log 2>&1 ; then
             echo PASS: $i
         else
             ret_val=1
diff --git a/poky/meta/recipes-devtools/json-c/json-c_0.16.bb b/poky/meta/recipes-devtools/json-c/json-c_0.17.bb
similarity index 71%
rename from poky/meta/recipes-devtools/json-c/json-c_0.16.bb
rename to poky/meta/recipes-devtools/json-c/json-c_0.17.bb
index 3aba41d..f4b7a32 100644
--- a/poky/meta/recipes-devtools/json-c/json-c_0.16.bb
+++ b/poky/meta/recipes-devtools/json-c/json-c_0.17.bb
@@ -4,12 +4,13 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=de54b60fbbc35123ba193fea8ee216f2"
 
-SRC_URI = " \
-    https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \
-    file://0001-Fix-build-with-clang-15.patch \
-    file://run-ptest \
-"
-SRC_URI[sha256sum] = "8e45ac8f96ec7791eaf3bb7ee50e9c2100bbbc87b8d0f1d030c5ba8a0288d96b"
+SRC_URI = "https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \
+           file://run-ptest \
+           "
+SRC_URI[sha256sum] = "7550914d58fb63b2c3546f3ccfbe11f1c094147bd31a69dcd23714d7956159e6"
+
+# NVD uses full tag name including date
+CVE_VERSION = "0.17-20230812"
 
 UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/tags"
 UPSTREAM_CHECK_REGEX = "json-c-(?P<pver>\d+(\.\d+)+)-\d+"
@@ -24,7 +25,7 @@
     install ${S}/tests/*.test ${D}/${PTEST_PATH}/tests
     install ${S}/tests/*.expected ${D}/${PTEST_PATH}/tests
     install ${S}/tests/test-defs.sh ${D}/${PTEST_PATH}/tests
-    install ${S}/tests/valid*json ${D}/${PTEST_PATH}/tests
+    install ${S}/tests/*json ${D}/${PTEST_PATH}/tests
 }
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-devtools/libdnf/libdnf/0001-Get-parameters-for-both-libsolv-and-libsolvext-libdn.patch b/poky/meta/recipes-devtools/libdnf/libdnf/0001-Get-parameters-for-both-libsolv-and-libsolvext-libdn.patch
index c7b2af8..08d0859 100644
--- a/poky/meta/recipes-devtools/libdnf/libdnf/0001-Get-parameters-for-both-libsolv-and-libsolvext-libdn.patch
+++ b/poky/meta/recipes-devtools/libdnf/libdnf/0001-Get-parameters-for-both-libsolv-and-libsolvext-libdn.patch
@@ -1,4 +1,4 @@
-From 9294cd19e5e3121fb8d37b44ee82dd7c4b3ab2c7 Mon Sep 17 00:00:00 2001
+From b87ae6860ea44996b677ad1c4a9793720b77c67c Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Tue, 7 Feb 2017 12:16:03 +0200
 Subject: [PATCH] Get parameters for both libsolv and libsolvext (libdnf is
@@ -13,15 +13,15 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index b722d4fb..ce88b9e3 100644
+index e99b28d0..548a9137 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -52,7 +52,7 @@ endif()
+@@ -51,7 +51,7 @@ endif()
+ 
  
  # build dependencies
- find_package(Gpgme REQUIRED)
 -PKG_CHECK_MODULES (LIBSOLV REQUIRED libsolv)
 +PKG_CHECK_MODULES (LIBSOLV REQUIRED libsolv libsolvext)
  set(LIBSOLV_LIBRARY ${LIBSOLV_LIBRARIES})
-
+ 
  
diff --git a/poky/meta/recipes-devtools/libdnf/libdnf/0004-Set-libsolv-variables-with-pkg-config-cmake-s-own-mo.patch b/poky/meta/recipes-devtools/libdnf/libdnf/0004-Set-libsolv-variables-with-pkg-config-cmake-s-own-mo.patch
index 643a5f3..32f2bb6 100644
--- a/poky/meta/recipes-devtools/libdnf/libdnf/0004-Set-libsolv-variables-with-pkg-config-cmake-s-own-mo.patch
+++ b/poky/meta/recipes-devtools/libdnf/libdnf/0004-Set-libsolv-variables-with-pkg-config-cmake-s-own-mo.patch
@@ -1,4 +1,4 @@
-From fbb181d25ad85778add7ed45b6aaf114e02d0f79 Mon Sep 17 00:00:00 2001
+From 0b8eceb9161711003cd25ab400cadde7c1601733 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Fri, 30 Dec 2016 18:24:50 +0200
 Subject: [PATCH] Set libsolv variables with pkg-config (cmake's own module
@@ -13,13 +13,13 @@
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 405dc4e8..53837448 100644
+index 6444c374..e99b28d0 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -52,7 +52,8 @@ endif()
+@@ -51,7 +51,8 @@ endif()
+ 
  
  # build dependencies
- find_package(Gpgme REQUIRED)
 -find_package(LibSolv 0.7.21 REQUIRED COMPONENTS ext)
 +PKG_CHECK_MODULES (LIBSOLV REQUIRED libsolv)
 +set(LIBSOLV_LIBRARY ${LIBSOLV_LIBRARIES})
diff --git a/poky/meta/recipes-devtools/libdnf/libdnf/enable_test_data_dir_set.patch b/poky/meta/recipes-devtools/libdnf/libdnf/enable_test_data_dir_set.patch
index e3784cc..8b1a597 100644
--- a/poky/meta/recipes-devtools/libdnf/libdnf/enable_test_data_dir_set.patch
+++ b/poky/meta/recipes-devtools/libdnf/libdnf/enable_test_data_dir_set.patch
@@ -1,4 +1,7 @@
-libdnf: allow reproducible binary builds
+From dc83a79053597546b2b42fcf578f3a7727b13f3b Mon Sep 17 00:00:00 2001
+From: Joe Slater <joe.slater@windriver.com>
+Date: Wed, 22 Jul 2020 13:31:11 -0700
+Subject: [PATCH] libdnf: allow reproducible binary builds
 
 Use a dummy directory for test data if not built WITH_TESTS.  Allow for overriding
 TESTDATADIR, since the default is guaranteed to be wrong for target builds.
@@ -7,11 +10,16 @@
 
 Signed-off-by: Joe Slater <joe.slater@windriver.com>
 
+---
+ CMakeLists.txt | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
 
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 548a9137..c378e7d9 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -133,7 +133,12 @@ add_definitions(-DG_LOG_DOMAIN=\\"libdnf
- add_definitions(-D_FILE_OFFSET_BITS=64)
+@@ -132,7 +132,12 @@ add_definitions(-DGETTEXT_DOMAIN=\\"libdnf\\")
+ add_definitions(-DG_LOG_DOMAIN=\\"libdnf\\")
  
  # tests
 -add_definitions(-DTESTDATADIR=\\"${CMAKE_SOURCE_DIR}/data/tests\\")
diff --git a/poky/meta/recipes-devtools/libdnf/libdnf_0.70.1.bb b/poky/meta/recipes-devtools/libdnf/libdnf_0.71.0.bb
similarity index 96%
rename from poky/meta/recipes-devtools/libdnf/libdnf_0.70.1.bb
rename to poky/meta/recipes-devtools/libdnf/libdnf_0.71.0.bb
index c44ae27..396a666 100644
--- a/poky/meta/recipes-devtools/libdnf/libdnf_0.70.1.bb
+++ b/poky/meta/recipes-devtools/libdnf/libdnf_0.71.0.bb
@@ -12,7 +12,7 @@
            file://0001-drop-FindPythonInstDir.cmake.patch \
            "
 
-SRCREV = "3b8e59ad8ed3a3eb736d8a2e16b4fc04313d1f12"
+SRCREV = "39098f39806becdc87cf93e03a49ae89a33e7ede"
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(?!4\.90)\d+(\.\d+)+)"
 
 S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-devtools/llvm/llvm/0007-llvm-allow-env-override-of-exe-path.patch b/poky/meta/recipes-devtools/llvm/llvm/0007-llvm-allow-env-override-of-exe-path.patch
index b01b864..add38b3 100644
--- a/poky/meta/recipes-devtools/llvm/llvm/0007-llvm-allow-env-override-of-exe-path.patch
+++ b/poky/meta/recipes-devtools/llvm/llvm/0007-llvm-allow-env-override-of-exe-path.patch
@@ -1,27 +1,26 @@
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-From 61b00e1e051e367f5483d7b5253b6c85a9e8a90f Mon Sep 17 00:00:00 2001
+From 588a8694c6540e31140c7e242bfb5e279d6ca08c Mon Sep 17 00:00:00 2001
 From: Martin Kelly <mkelly@xevo.com>
 Date: Fri, 19 May 2017 00:22:57 -0700
-Subject: [PATCH] llvm: allow env override of exe path
+Subject: [PATCH] llvm: allow env override of exe and libdir path
 
 When using a native llvm-config from inside a sysroot, we need llvm-config to
 return the libraries, include directories, etc. from inside the sysroot rather
 than from the native sysroot. Thus provide an env override for calling
 llvm-config from a target sysroot.
 
+Upstream-Status: Inappropriate [OE-specific]
+
 Signed-off-by: Martin Kelly <mkelly@xevo.com>
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 ---
- llvm/tools/llvm-config/llvm-config.cpp | 7 +++++++
- 1 file changed, 7 insertions(+)
+ llvm/tools/llvm-config/llvm-config.cpp | 25 +++++++++++++++++++------
+ 1 file changed, 19 insertions(+), 6 deletions(-)
 
 diff --git a/llvm/tools/llvm-config/llvm-config.cpp b/llvm/tools/llvm-config/llvm-config.cpp
-index 7ef7c46a262..a4f7ed82c7b 100644
+index e86eb2b44b10..7b2abf318dbe 100644
 --- a/llvm/tools/llvm-config/llvm-config.cpp
 +++ b/llvm/tools/llvm-config/llvm-config.cpp
-@@ -225,6 +225,13 @@ Typical components:\n\
+@@ -246,6 +246,13 @@ Typical components:\n\
  
  /// Compute the path to the main executable.
  std::string GetExecutablePath(const char *Argv0) {
@@ -35,3 +34,4 @@
    // This just needs to be some symbol in the binary; C++ doesn't
    // allow taking the address of ::main however.
    void *P = (void *)(intptr_t)GetExecutablePath;
+ 
diff --git a/poky/meta/recipes-devtools/llvm/llvm_git.bb b/poky/meta/recipes-devtools/llvm/llvm_git.bb
index f3d6f24..934f842 100644
--- a/poky/meta/recipes-devtools/llvm/llvm_git.bb
+++ b/poky/meta/recipes-devtools/llvm/llvm_git.bb
@@ -14,14 +14,14 @@
 
 inherit cmake pkgconfig
 
-PV = "16.0.6"
+PV = "17.0.2"
 
 MAJOR_VERSION = "${@oe.utils.trim_version("${PV}", 1)}"
 
 LLVM_RELEASE = "${PV}"
 
 BRANCH = "release/${MAJOR_VERSION}.x"
-SRCREV = "7cbf1a2591520c2491aa35339f227775f4d3adf6"
+SRCREV = "481358974fb0f732e33d503c224492a543f4d7bd"
 SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=https \
            file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \
            file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \
diff --git a/poky/meta/recipes-devtools/meson/meson/0001-Make-CPU-family-warnings-fatal.patch b/poky/meta/recipes-devtools/meson/meson/0001-Make-CPU-family-warnings-fatal.patch
index 848dccf..8fbcb5a 100644
--- a/poky/meta/recipes-devtools/meson/meson/0001-Make-CPU-family-warnings-fatal.patch
+++ b/poky/meta/recipes-devtools/meson/meson/0001-Make-CPU-family-warnings-fatal.patch
@@ -1,4 +1,4 @@
-From 6c4eef1d92e9e42fdbc888365cab3c95fb33c605 Mon Sep 17 00:00:00 2001
+From fcd3260c03f313676720e6219c5953d412fb0a2c Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Tue, 3 Jul 2018 13:59:09 +0100
 Subject: [PATCH] Make CPU family warnings fatal
@@ -7,15 +7,15 @@
 Signed-off-by: Ross Burton <ross.burton@intel.com>
 
 ---
- mesonbuild/envconfig.py   | 2 +-
- mesonbuild/environment.py | 4 +---
- 2 files changed, 2 insertions(+), 4 deletions(-)
+ mesonbuild/envconfig.py   | 4 ++--
+ mesonbuild/environment.py | 6 ++----
+ 2 files changed, 4 insertions(+), 6 deletions(-)
 
-Index: meson-0.60.2/mesonbuild/envconfig.py
-===================================================================
---- meson-0.60.2.orig/mesonbuild/envconfig.py
-+++ meson-0.60.2/mesonbuild/envconfig.py
-@@ -266,8 +266,8 @@ class MachineInfo(HoldableObject):
+diff --git a/mesonbuild/envconfig.py b/mesonbuild/envconfig.py
+index 7e0c567..a180065 100644
+--- a/mesonbuild/envconfig.py
++++ b/mesonbuild/envconfig.py
+@@ -284,8 +284,8 @@ class MachineInfo(HoldableObject):
                  'but is missing {}.'.format(minimum_literal - set(literal)))
  
          cpu_family = literal['cpu_family']
@@ -26,13 +26,13 @@
  
          endian = literal['endian']
          if endian not in ('little', 'big'):
-Index: meson-0.60.2/mesonbuild/environment.py
-===================================================================
---- meson-0.60.2.orig/mesonbuild/environment.py
-+++ meson-0.60.2/mesonbuild/environment.py
-@@ -354,10 +354,8 @@ def detect_cpu_family(compilers: Compile
-         if any_compiler_has_define(compilers, '__64BIT__'):
-             trial = 'ppc64'
+diff --git a/mesonbuild/environment.py b/mesonbuild/environment.py
+index e212c7a..9d2bff3 100644
+--- a/mesonbuild/environment.py
++++ b/mesonbuild/environment.py
+@@ -345,10 +345,8 @@ def detect_cpu_family(compilers: CompilersDict) -> str:
+         if compilers and not any_compiler_has_define(compilers, '__mips64'):
+             trial = 'mips'
  
 -    if trial not in known_cpu_families:
 -        mlog.warning(f'Unknown CPU family {trial!r}, please report this at '
diff --git a/poky/meta/recipes-devtools/meson/meson_1.1.1.bb b/poky/meta/recipes-devtools/meson/meson_1.2.1.bb
similarity index 98%
rename from poky/meta/recipes-devtools/meson/meson_1.1.1.bb
rename to poky/meta/recipes-devtools/meson/meson_1.2.1.bb
index dd97f93..fe45266 100644
--- a/poky/meta/recipes-devtools/meson/meson_1.1.1.bb
+++ b/poky/meta/recipes-devtools/meson/meson_1.2.1.bb
@@ -15,7 +15,7 @@
            file://0001-Make-CPU-family-warnings-fatal.patch \
            file://0002-Support-building-allarch-recipes-again.patch \
            "
-SRC_URI[sha256sum] = "d04b541f97ca439fb82fab7d0d480988be4bd4e62563a5ca35fadb5400727b1c"
+SRC_URI[sha256sum] = "b1db3a153087549497ee52b1c938d2134e0338214fe14f7efd16fecd57b639f5"
 
 inherit python_setuptools_build_meta github-releases
 
diff --git a/poky/meta/recipes-devtools/mmc/mmc-utils_git.bb b/poky/meta/recipes-devtools/mmc/mmc-utils_git.bb
index 879c179..2d02927 100644
--- a/poky/meta/recipes-devtools/mmc/mmc-utils_git.bb
+++ b/poky/meta/recipes-devtools/mmc/mmc-utils_git.bb
@@ -5,7 +5,7 @@
 LIC_FILES_CHKSUM = "file://mmc.c;beginline=1;endline=20;md5=fae32792e20f4d27ade1c5a762d16b7d"
 
 SRCBRANCH ?= "master"
-SRCREV = "958227890690290ee766aaad1b92f3413f67048c"
+SRCREV = "613495ecaca97a19fa7f8f3ea23306472b36453c"
 
 PV = "0.1+git"
 
diff --git a/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb b/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb
index cdcc766..4b27528 100644
--- a/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb
+++ b/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb
@@ -11,9 +11,9 @@
 DEPENDS = "zlib e2fsprogs util-linux"
 RDEPENDS:mtd-utils-tests += "bash"
 
-PV = "2.1.5"
+PV = "2.1.6"
 
-SRCREV = "3f3b4cc6c3120107e7aaa21c6415772a255ac49c"
+SRCREV = "219e741f40f4801bae263e0b581b64888d887b4a"
 SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master"
 
 S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-devtools/opkg/opkg-arch-config_1.0.bb b/poky/meta/recipes-devtools/opkg/opkg-arch-config_1.0.bb
index dc17de2..dfd66a1 100644
--- a/poky/meta/recipes-devtools/opkg/opkg-arch-config_1.0.bb
+++ b/poky/meta/recipes-devtools/opkg/opkg-arch-config_1.0.bb
@@ -2,7 +2,6 @@
 HOMEPAGE = "http://code.google.com/p/opkg/"
 LICENSE = "MIT"
 PACKAGE_ARCH = "${MACHINE_ARCH}"
-PR = "r1"
 
 S = "${WORKDIR}"
 
diff --git a/poky/meta/recipes-devtools/perl/files/run-ptest b/poky/meta/recipes-devtools/perl/files/run-ptest
index dad4d42..0547f81 100644
--- a/poky/meta/recipes-devtools/perl/files/run-ptest
+++ b/poky/meta/recipes-devtools/perl/files/run-ptest
@@ -1,2 +1,2 @@
 #!/bin/sh
-cd t && PERL_BUILD_PACKAGING=1 ./TEST | sed -u -e 's|\(.*\) .* ok$|PASS: \1|' -e 's|\(.*\) .* skipped|SKIP: \1|' -e 's|\(.*\) \.\(.*\)|FAIL: \1|'
+{ cd t && PERL_BUILD_PACKAGING=1 ./TEST || echo "FAIL: perl" ; } | sed -u -e 's|\(.*\) .* ok$|PASS: \1|' -e 's|\(.*\) .* skipped|SKIP: \1|' -e 's|\(.*\) \.\(.*\)|FAIL: \1|'
diff --git a/poky/meta/recipes-devtools/perl/liberror-perl_0.17029.bb b/poky/meta/recipes-devtools/perl/liberror-perl_0.17029.bb
index 9585dfc..e54bb11 100644
--- a/poky/meta/recipes-devtools/perl/liberror-perl_0.17029.bb
+++ b/poky/meta/recipes-devtools/perl/liberror-perl_0.17029.bb
@@ -9,7 +9,6 @@
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=8f3499d09ee74a050c0319391ff9d100"
 
-PR = "r1"
 
 DEPENDS += "perl"
 
diff --git a/poky/meta/recipes-devtools/perl/liburi-perl/0001-Skip-TODO-test-cases-that-fail.patch b/poky/meta/recipes-devtools/perl/liburi-perl/0001-Skip-TODO-test-cases-that-fail.patch
index 68ccd06..ed1f251 100644
--- a/poky/meta/recipes-devtools/perl/liburi-perl/0001-Skip-TODO-test-cases-that-fail.patch
+++ b/poky/meta/recipes-devtools/perl/liburi-perl/0001-Skip-TODO-test-cases-that-fail.patch
@@ -1,4 +1,4 @@
-From 858daa5047b00e7d5aa795302a9fad5504c8f0b9 Mon Sep 17 00:00:00 2001
+From 5a4271456104bdf027644c81c3a208cde5cf522e Mon Sep 17 00:00:00 2001
 From: Tim Orling <tim.orling@konsulko.com>
 Date: Thu, 17 Nov 2022 16:33:20 -0800
 Subject: [PATCH] Skip TODO test cases that fail
@@ -47,19 +47,19 @@
  {
      my $str = "http://foo/\xE9";
 diff --git a/t/iri.t b/t/iri.t
-index 2eb64b2..9c663c9 100644
+index cf983d6..884b36e 100644
 --- a/t/iri.t
 +++ b/t/iri.t
 @@ -6,7 +6,7 @@ use Test::More;
  use Config qw( %Config );
  
  if (defined $Config{useperlio}) {
--    plan tests=>26;
-+    plan tests=>24;
+-    plan tests=>30;
++    plan tests=>28;
  } else {
-     plan skip_all=>'this perl doesn\'t support PerlIO layers';
+     plan skip_all=>"this perl doesn't support PerlIO layers";
  }
-@@ -60,17 +60,17 @@ is $u->as_iri, "http://➡.ws/";
+@@ -67,17 +67,17 @@ is $u->as_iri, "http://➡.ws/";
  # draft-duerst-iri-bis.txt examples (section 3.7.1):
  is(URI->new("http://www.example.org/D%C3%BCrst")->as_iri, "http://www.example.org/D\xFCrst");
  is(URI->new("http://www.example.org/D%FCrst")->as_iri, "http://www.example.org/D%FCrst");
diff --git a/poky/meta/recipes-devtools/perl/liburi-perl_5.17.bb b/poky/meta/recipes-devtools/perl/liburi-perl_5.21.bb
similarity index 89%
rename from poky/meta/recipes-devtools/perl/liburi-perl_5.17.bb
rename to poky/meta/recipes-devtools/perl/liburi-perl_5.21.bb
index 5e15004..0356469 100644
--- a/poky/meta/recipes-devtools/perl/liburi-perl_5.17.bb
+++ b/poky/meta/recipes-devtools/perl/liburi-perl_5.21.bb
@@ -6,13 +6,13 @@
 SECTION = "libs"
 LICENSE = "Artistic-1.0 | GPL-1.0-or-later"
 
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d8ca5f628bf2cd180bc4fa044cb8ef41"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=9944b87af51186f848ae558344aded9f"
 
 SRC_URI = "${CPAN_MIRROR}/authors/id/O/OA/OALDERS/URI-${PV}.tar.gz \
            file://0001-Skip-TODO-test-cases-that-fail.patch \
            "
 
-SRC_URI[sha256sum] = "5f7e42b769cb27499113cfae4b786c37d49e7c7d32dbb469602cd808308568f8"
+SRC_URI[sha256sum] = "96265860cd61bde16e8415dcfbf108056de162caa0ac37f81eb695c9d2e0ab77"
 
 S = "${WORKDIR}/URI-${PV}"
 
diff --git a/poky/meta/recipes-devtools/perl/libxml-perl_0.08.bb b/poky/meta/recipes-devtools/perl/libxml-perl_0.08.bb
index 1b03e63..89acb64 100644
--- a/poky/meta/recipes-devtools/perl/libxml-perl_0.08.bb
+++ b/poky/meta/recipes-devtools/perl/libxml-perl_0.08.bb
@@ -6,7 +6,6 @@
 SUMMARY = "Collection of Perl modules for working with XML"
 SECTION = "libs"
 LICENSE = "Artistic-1.0 | GPL-1.0-or-later"
-PR = "r3"
 
 LIC_FILES_CHKSUM = "file://README;beginline=33;endline=35;md5=1705549eef7577a3d6ba71123a1f0ce8"
 
diff --git a/poky/meta/recipes-devtools/perl/perl_5.38.0.bb b/poky/meta/recipes-devtools/perl/perl_5.38.0.bb
index 2103a39..956e4d6 100644
--- a/poky/meta/recipes-devtools/perl/perl_5.38.0.bb
+++ b/poky/meta/recipes-devtools/perl/perl_5.38.0.bb
@@ -38,8 +38,10 @@
 PERL_LIB_VER = "${@'.'.join(d.getVar('PV').split('.')[0:2])}.0"
 
 PACKAGECONFIG ??= "gdbm"
+PACKAGECONFIG:append:libc-musl = " anylocale"
 PACKAGECONFIG[bdb] = ",-Ui_db,db"
 PACKAGECONFIG[gdbm] = ",-Ui_gdbm,gdbm"
+PACKAGECONFIG[anylocale] = "-Dd_setlocale_accepts_any_locale_name=define,,"
 
 # Don't generate comments in enc2xs output files. They are not reproducible
 export ENC2XS_NO_COMMENTS = "1"
@@ -56,6 +58,7 @@
 do_configure:class-target() {
     ./configure --prefix=${prefix} --libdir=${libdir} \
     --target=${TARGET_SYS} \
+    -Duse64bitint \
     -Duseshrplib \
     -Dusethreads \
     -Dsoname=libperl.so.5 \
diff --git a/poky/meta/recipes-devtools/pkgconf/pkgconf_2.0.2.bb b/poky/meta/recipes-devtools/pkgconf/pkgconf_2.0.3.bb
similarity index 96%
rename from poky/meta/recipes-devtools/pkgconf/pkgconf_2.0.2.bb
rename to poky/meta/recipes-devtools/pkgconf/pkgconf_2.0.3.bb
index c6badb1..5aa5a19 100644
--- a/poky/meta/recipes-devtools/pkgconf/pkgconf_2.0.2.bb
+++ b/poky/meta/recipes-devtools/pkgconf/pkgconf_2.0.3.bb
@@ -20,7 +20,7 @@
     file://pkg-config-native.in \
     file://pkg-config-esdk.in \
 "
-SRC_URI[sha256sum] = "ea5a25ef8f251eb5377ec0e21c75fb61894433cfbdbf0b2559ba33e4c2664401"
+SRC_URI[sha256sum] = "cabdf3c474529854f7ccce8573c5ac68ad34a7e621037535cbc3981f6b23836c"
 
 inherit autotools
 
diff --git a/poky/meta/recipes-devtools/python/python3-beartype_0.15.0.bb b/poky/meta/recipes-devtools/python/python3-beartype_0.15.0.bb
new file mode 100644
index 0000000..14eda1d
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-beartype_0.15.0.bb
@@ -0,0 +1,11 @@
+SUMMARY = "Unbearably fast runtime type checking in pure Python."
+HOMEPAGE = "https://beartype.readthedocs.io"
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=e40b52d8eb5553aa8f705cdd3f979d69"
+
+SRC_URI[sha256sum] = "2af6a8d8a7267ccf7d271e1a3bd908afbc025d2a09aa51123567d7d7b37438df"
+
+inherit setuptools3 pypi
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-devtools/python/python3-booleanpy_4.0.bb b/poky/meta/recipes-devtools/python/python3-booleanpy_4.0.bb
new file mode 100644
index 0000000..41fd3d9
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-booleanpy_4.0.bb
@@ -0,0 +1,13 @@
+SUMMARY = "Define boolean algebras, create and parse boolean expressions and create custom boolean DSL"
+HOMEPAGE = "https://github.com/bastikr/boolean.py"
+
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=d118b5feceee598ebeca76e13395c2bd"
+
+SRC_URI[sha256sum] = "17b9a181630e43dde1851d42bef546d616d5d9b4480357514597e78b203d06e4"
+
+PYPI_PACKAGE = "boolean.py"
+
+inherit pypi setuptools3
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-devtools/python/python3-click/run-ptest b/poky/meta/recipes-devtools/python/python3-click/run-ptest
new file mode 100644
index 0000000..b63c4de
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-click/run-ptest
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+pytest -o log_cli=true -o log_cli_level=INFO | sed -e 's/\[...%\]//g'| sed -e 's/PASSED/PASS/g'| sed -e 's/FAILED/FAIL/g'|sed -e 's/SKIPPED/SKIP/g'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS"){printf "%s: %s\n", $NF, $0}else{print}}'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS") {$NF="";print $0}else{print}}'
diff --git a/poky/meta/recipes-devtools/python/python3-click_8.1.7.bb b/poky/meta/recipes-devtools/python/python3-click_8.1.7.bb
new file mode 100644
index 0000000..a4ec6cd
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-click_8.1.7.bb
@@ -0,0 +1,39 @@
+SUMMARY = "A simple wrapper around optparse for powerful command line utilities."
+DESCRIPTION = "\
+Click is a Python package for creating beautiful command line interfaces \
+in a composable way with as little code as necessary. It's the "Command \
+Line Interface Creation Kit". It's highly configurable but comes with \
+sensible defaults out of the box."
+HOMEPAGE = "http://click.pocoo.org/"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=1fa98232fd645608937a0fdc82e999b8"
+
+SRC_URI[sha256sum] = "ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de"
+
+inherit pypi setuptools3 ptest
+
+SRC_URI += "file://run-ptest"
+
+RDEPENDS:${PN}-ptest += " \
+	${PYTHON_PN}-pytest \
+	${PYTHON_PN}-terminal \
+	${PYTHON_PN}-unixadmin \
+"
+
+do_install_ptest() {
+    install -d ${D}${PTEST_PATH}/tests
+    cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/
+    cp -rf ${S}/setup.cfg ${D}${PTEST_PATH}/
+    cp -rf ${S}/docs ${D}${PTEST_PATH}/
+}
+
+UPSTREAM_CHECK_REGEX = "click/(?P<pver>\d+(\.\d+)+)/"
+
+CLEANBROKEN = "1"
+
+RDEPENDS:${PN} += "\
+    ${PYTHON_PN}-io \
+    ${PYTHON_PN}-threading \
+    "
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.3.bb b/poky/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.4.bb
similarity index 90%
rename from poky/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.3.bb
rename to poky/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.4.bb
index 1b499e0..6b5d8ad 100644
--- a/poky/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.3.bb
+++ b/poky/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.4.bb
@@ -9,7 +9,7 @@
 # NOTE: Make sure to keep this recipe at the same version as python3-cryptography
 #       Upgrade both recipes at the same time
 
-SRC_URI[sha256sum] = "80de0452c4b34f56f5518e81ebd75b6b905f5728aaed521d42e41f4ebc8a43fb"
+SRC_URI[sha256sum] = "440af2813ea7aeb52181ec651a36d9ae8f0976e8b3a62b411a800fe6fa57a19e"
 
 PYPI_PACKAGE = "cryptography_vectors"
 
diff --git a/poky/meta/recipes-devtools/python/python3-cryptography_41.0.3.bb b/poky/meta/recipes-devtools/python/python3-cryptography_41.0.4.bb
similarity index 95%
rename from poky/meta/recipes-devtools/python/python3-cryptography_41.0.3.bb
rename to poky/meta/recipes-devtools/python/python3-cryptography_41.0.4.bb
index b6ea660..9497778 100644
--- a/poky/meta/recipes-devtools/python/python3-cryptography_41.0.3.bb
+++ b/poky/meta/recipes-devtools/python/python3-cryptography_41.0.4.bb
@@ -8,7 +8,7 @@
                    "
 LDSHARED += "-pthread"
 
-SRC_URI[sha256sum] = "6d192741113ef5e30d89dcb5b956ef4e1578f304708701b8b73d38e3e1461f34"
+SRC_URI[sha256sum] = "7febc3094125fc126a7f6fb1f420d0da639f3f32cb15c8ff0dc3997c4549f51a"
 
 SRC_URI += "file://0001-pyproject.toml-remove-benchmark-disable-option.patch \
             file://0001-Fix-include-directory-when-cross-compiling-9129.patch \
diff --git a/poky/meta/recipes-devtools/python/python3-dtschema_2023.6.1.bb b/poky/meta/recipes-devtools/python/python3-dtschema_2023.7.bb
similarity index 84%
rename from poky/meta/recipes-devtools/python/python3-dtschema_2023.6.1.bb
rename to poky/meta/recipes-devtools/python/python3-dtschema_2023.7.bb
index 0c2c156..c1dc3e0 100644
--- a/poky/meta/recipes-devtools/python/python3-dtschema_2023.6.1.bb
+++ b/poky/meta/recipes-devtools/python/python3-dtschema_2023.7.bb
@@ -7,7 +7,7 @@
 
 PYPI_PACKAGE = "dtschema"
 
-SRC_URI[sha256sum] = "d9dc11cea6a46ae2ee5ac4a5a1c7da7cb3704417cb390881820460f7c61eb784"
+SRC_URI[sha256sum] = "de7cd73a35244cf76a8cdd9919bbeb31f362aa5744f3c76c80e0e612489dd0c0"
 
 DEPENDS += "python3-setuptools-scm-native"
 RDEPENDS:${PN} += "\
diff --git a/poky/meta/recipes-devtools/python/python3-git_3.1.34.bb b/poky/meta/recipes-devtools/python/python3-git_3.1.36.bb
similarity index 92%
rename from poky/meta/recipes-devtools/python/python3-git_3.1.34.bb
rename to poky/meta/recipes-devtools/python/python3-git_3.1.36.bb
index 308c787..ab1b0f2 100644
--- a/poky/meta/recipes-devtools/python/python3-git_3.1.34.bb
+++ b/poky/meta/recipes-devtools/python/python3-git_3.1.36.bb
@@ -12,7 +12,7 @@
 
 inherit pypi python_setuptools_build_meta
 
-SRC_URI[sha256sum] = "85f7d365d1f6bf677ae51039c1ef67ca59091c7ebd5a3509aa399d4eda02d6dd"
+SRC_URI[sha256sum] = "4bb0c2a6995e85064140d31a33289aa5dce80133a23d36fcd372d716c54d3ebf"
 
 DEPENDS += " ${PYTHON_PN}-gitdb"
 
diff --git a/poky/meta/recipes-devtools/python/python3-hypothesis_6.84.0.bb b/poky/meta/recipes-devtools/python/python3-hypothesis_6.86.2.bb
similarity index 91%
rename from poky/meta/recipes-devtools/python/python3-hypothesis_6.84.0.bb
rename to poky/meta/recipes-devtools/python/python3-hypothesis_6.86.2.bb
index 8e3f6c0..6ec1457 100644
--- a/poky/meta/recipes-devtools/python/python3-hypothesis_6.84.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-hypothesis_6.86.2.bb
@@ -13,7 +13,7 @@
     file://test_rle.py \
     "
 
-SRC_URI[sha256sum] = "446ecc9665a23fc67a6d32bafbe4233d77fef10eb90d4ede8ab1e76474a63215"
+SRC_URI[sha256sum] = "e5d75d70f5a4fc372cddf03ec6141237a0a270ed106aeb2156a4984f06d37b0f"
 
 RDEPENDS:${PN} += " \
     python3-attrs \
diff --git a/poky/meta/recipes-devtools/python/python3-isodate_0.6.1.bb b/poky/meta/recipes-devtools/python/python3-isodate_0.6.1.bb
new file mode 100644
index 0000000..293fb08
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-isodate_0.6.1.bb
@@ -0,0 +1,16 @@
+SUMMARY = "ISO 8601 date/time parser"
+HOMEPAGE = "https://github.com/gweis/isodate/"
+SECTION = "devel/python"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://PKG-INFO;beginline=8;endline=8;md5=e910b35b0ef4e1f665b9a75d6afb7709"
+
+SRC_URI[sha256sum] = "48c5881de7e8b0a0d648cb024c8062dc84e7b840ed81e864c7614fd3c127bde9"
+
+inherit pypi setuptools3
+
+RDEPENDS:${PN} += " \
+    python3-numbers \
+    python3-six \
+"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-devtools/python/python3-jsonschema_4.17.3.bb b/poky/meta/recipes-devtools/python/python3-jsonschema_4.17.3.bb
index 24cde37..77f9492 100644
--- a/poky/meta/recipes-devtools/python/python3-jsonschema_4.17.3.bb
+++ b/poky/meta/recipes-devtools/python/python3-jsonschema_4.17.3.bb
@@ -1,5 +1,5 @@
 SUMMARY = "An implementation of JSON Schema validation for Python"
-HOMEPAGE = "https://github.com/Julian/jsonschema"
+HOMEPAGE = "https://github.com/python-jsonschema/jsonschema"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=7a60a81c146ec25599a3e1dabb8610a8 \
                     file://json/LICENSE;md5=9d4de43111d33570c8fe49b4cb0e01af"
diff --git a/poky/meta/recipes-devtools/python/python3-libarchive-c_4.0.bb b/poky/meta/recipes-devtools/python/python3-libarchive-c_5.0.bb
similarity index 85%
rename from poky/meta/recipes-devtools/python/python3-libarchive-c_4.0.bb
rename to poky/meta/recipes-devtools/python/python3-libarchive-c_5.0.bb
index 3c6bc1e..5ada76f 100644
--- a/poky/meta/recipes-devtools/python/python3-libarchive-c_4.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-libarchive-c_5.0.bb
@@ -9,7 +9,7 @@
 
 inherit pypi setuptools3
 
-SRC_URI[sha256sum] = "a5b41ade94ba58b198d778e68000f6b7de41da768de7140c984f71d7fa8416e5"
+SRC_URI[sha256sum] = "d673f56673d87ec740d1a328fa205cafad1d60f5daca4685594deb039d32b159"
 
 RDEPENDS:${PN} += "\
   libarchive \
diff --git a/poky/meta/recipes-devtools/python/python3-license-expression/run-ptest b/poky/meta/recipes-devtools/python/python3-license-expression/run-ptest
new file mode 100644
index 0000000..5cec711
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-license-expression/run-ptest
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+pytest
diff --git a/poky/meta/recipes-devtools/python/python3-license-expression_30.1.1.bb b/poky/meta/recipes-devtools/python/python3-license-expression_30.1.1.bb
new file mode 100644
index 0000000..31fb88d
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-license-expression_30.1.1.bb
@@ -0,0 +1,36 @@
+SUMMARY = "Utility library to parse, compare, simplify and normalize license expressions"
+HOMEPAGE = "https://github.com/nexB/license-expression"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://apache-2.0.LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
+
+SRC_URI[sha256sum] = "42375df653ad85e6f5b4b0385138b2dbea1f5d66360783d8625c3e4f97f11f0c"
+
+inherit pypi ptest python_setuptools_build_meta
+
+DEPENDS += "${PYTHON_PN}-setuptools-scm-native"
+
+RDEPENDS:${PN} += "\
+    ${PYTHON_PN}-booleanpy \
+    ${PYTHON_PN}-core \
+    ${PYTHON_PN}-json \
+    ${PYTHON_PN}-stringold \
+    ${PYTHON_PN}-logging \
+"
+
+BBCLASSEXTEND = "native nativesdk"
+
+SRC_URI += " \
+	file://run-ptest \
+"
+
+RDEPENDS:${PN}-ptest += " \
+	${PYTHON_PN}-pytest \
+"
+
+do_install_ptest() {
+    install -d ${D}${PTEST_PATH}/tests
+    install -d ${D}${PTEST_PATH}/src
+    cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/
+    cp -rf ${S}/src/* ${D}${PTEST_PATH}/src/
+}
diff --git a/poky/meta/recipes-devtools/python/python3-numpy/disable_blas.patch b/poky/meta/recipes-devtools/python/python3-numpy/disable_blas.patch
deleted file mode 100644
index 09d65e8..0000000
--- a/poky/meta/recipes-devtools/python/python3-numpy/disable_blas.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-We've seen reproducibility failures where it appears an extra -O3 compiler flag ends
-up in the multiarray library compilation. This can only really have come through
-extra_info since it only affects just this library. Rather than try and track
-down exactly where this came from in a rabbit warren of code, just disable
-this since we don't have any of the dependencies.
-
-Upstream-Status: Inappropriate [OE specific config hack]
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-
-Index: numpy-1.25.2/numpy/core/setup.py
-===================================================================
---- numpy-1.25.2.orig/numpy/core/setup.py
-+++ numpy-1.25.2/numpy/core/setup.py
-@@ -755,22 +755,7 @@ def configuration(parent_package='',top_
-             join('src', 'common', 'npy_cpu_features.c'),
-             ]
- 
--    if os.environ.get('NPY_USE_BLAS_ILP64', "0") != "0":
--        blas_info = get_info('blas_ilp64_opt', 2)
--    else:
--        blas_info = get_info('blas_opt', 0)
--
--    have_blas = blas_info and ('HAVE_CBLAS', None) in blas_info.get('define_macros', [])
--
--    if have_blas:
--        extra_info = blas_info
--        # These files are also in MANIFEST.in so that they are always in
--        # the source distribution independently of HAVE_CBLAS.
--        common_src.extend([join('src', 'common', 'cblasfuncs.c'),
--                           join('src', 'common', 'python_xerbla.c'),
--                          ])
--    else:
--        extra_info = {}
-+    extra_info = {}
- 
-     #######################################################################
-     #             _multiarray_umath module - multiarray part              #
diff --git a/poky/meta/recipes-devtools/python/python3-numpy/fix_reproducibility.patch b/poky/meta/recipes-devtools/python/python3-numpy/fix_reproducibility.patch
new file mode 100644
index 0000000..d952aed
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-numpy/fix_reproducibility.patch
@@ -0,0 +1,33 @@
+This regex decides whether to use O3 opimisation on numpy or not.
+
+It includes "od", which happens to be a substring of "reproducible"
+but not "qemux86-world". 
+
+The regex will run against all compiler options including things like:
+
+-fmacro-prefix-map=/XXX/build/tmp/work/core2-64-poky-linux/python3-numpy/1.26.0/numpy-1.26.0=/usr/src/debug/python3-numpy/1.26.0-r0
+
+i.e. including build paths.
+
+Reduce the regex to something deterministic for our builds, assuming
+nobody builds in /home/debug:full/
+
+The autobuilder race depended upon whether qemux86-world or the
+reproducible target ran first and won the race to populate sstate.
+
+Upstream-Status: Inappropriate [upstream have dropped distutils and switched to meson]
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: numpy-1.26.0/numpy/distutils/ccompiler_opt.py
+===================================================================
+--- numpy-1.26.0.orig/numpy/distutils/ccompiler_opt.py
++++ numpy-1.26.0/numpy/distutils/ccompiler_opt.py
+@@ -990,7 +990,7 @@ class _CCompiler:
+             ("cc_is_nocc",     "", ""),
+         )
+         detect_args = (
+-           ("cc_has_debug",  ".*(O0|Od|ggdb|coverage|debug:full).*", ""),
++           ("cc_has_debug",  ".*debug:full.*", ""),
+            ("cc_has_native",
+                 ".*(-march=native|-xHost|/QxHost|-mcpu=a64fx).*", ""),
+            # in case if the class run with -DNPY_DISABLE_OPTIMIZATION
diff --git a/poky/meta/recipes-devtools/python/python3-numpy_1.25.2.bb b/poky/meta/recipes-devtools/python/python3-numpy_1.26.0.bb
similarity index 92%
rename from poky/meta/recipes-devtools/python/python3-numpy_1.25.2.bb
rename to poky/meta/recipes-devtools/python/python3-numpy_1.26.0.bb
index 4793b23..4e1e34e 100644
--- a/poky/meta/recipes-devtools/python/python3-numpy_1.25.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-numpy_1.26.0.bb
@@ -3,17 +3,17 @@
 DESCRIPTION = "NumPy is the fundamental package needed for scientific computing with Python."
 SECTION = "devel/python"
 LICENSE = "BSD-3-Clause & BSD-2-Clause & PSF-2.0 & Apache-2.0 & MIT"
-LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=7614a5b0073688df53773ec6ec7fe81d"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a752eb20459cf74a9d84ee4825e8317c"
 
 SRCNAME = "numpy"
 
 SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${SRCNAME}-${PV}.tar.gz \
            file://0001-Don-t-search-usr-and-so-on-for-libraries-by-default-.patch \
            file://0001-numpy-core-Define-RISCV-32-support.patch \
-           file://disable_blas.patch \
+           file://fix_reproducibility.patch \
            file://run-ptest \
            "
-SRC_URI[sha256sum] = "fd608e19c8d7c55021dffd43bfe5492fab8cc105cc8986f813f8c3c048b38760"
+SRC_URI[sha256sum] = "f93fc78fe8bf15afe2b8d6b6499f1c73953169fad1e9a8dd086cdff3190e7fdf"
 
 GITHUB_BASE_URI = "https://github.com/numpy/numpy/releases"
 UPSTREAM_CHECK_REGEX = "releases/tag/v?(?P<pver>\d+(\.\d+)+)$"
diff --git a/poky/meta/recipes-devtools/python/python3-ply_3.11.bb b/poky/meta/recipes-devtools/python/python3-ply_3.11.bb
index 99c037b..4a559e4 100644
--- a/poky/meta/recipes-devtools/python/python3-ply_3.11.bb
+++ b/poky/meta/recipes-devtools/python/python3-ply_3.11.bb
@@ -15,4 +15,4 @@
     ${PYTHON_PN}-shell \
 "
 
-BBCLASSEXTEND = "native"
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-devtools/python/python3-pycryptodome_3.18.0.bb b/poky/meta/recipes-devtools/python/python3-pycryptodome_3.18.0.bb
deleted file mode 100644
index a1e4b42..0000000
--- a/poky/meta/recipes-devtools/python/python3-pycryptodome_3.18.0.bb
+++ /dev/null
@@ -1,5 +0,0 @@
-require python-pycryptodome.inc
-inherit setuptools3
-
-SRC_URI[sha256sum] = "c9adee653fc882d98956e33ca2c1fb582e23a8af7ac82fee75bd6113c55a0413"
-
diff --git a/poky/meta/recipes-devtools/python/python3-pycryptodome_3.19.0.bb b/poky/meta/recipes-devtools/python/python3-pycryptodome_3.19.0.bb
new file mode 100644
index 0000000..92fe1aa
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-pycryptodome_3.19.0.bb
@@ -0,0 +1,5 @@
+require python-pycryptodome.inc
+inherit setuptools3
+
+SRC_URI[sha256sum] = "bc35d463222cdb4dbebd35e0784155c81e161b9284e567e7e933d722e533331e"
+
diff --git a/poky/meta/recipes-devtools/python/python3-pycryptodomex_3.18.0.bb b/poky/meta/recipes-devtools/python/python3-pycryptodomex_3.19.0.bb
similarity index 69%
rename from poky/meta/recipes-devtools/python/python3-pycryptodomex_3.18.0.bb
rename to poky/meta/recipes-devtools/python/python3-pycryptodomex_3.19.0.bb
index cbbc17a..87aff01 100644
--- a/poky/meta/recipes-devtools/python/python3-pycryptodomex_3.18.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-pycryptodomex_3.19.0.bb
@@ -1,7 +1,7 @@
 require python-pycryptodome.inc
 inherit setuptools3
 
-SRC_URI[sha256sum] = "3e3ecb5fe979e7c1bb0027e518340acf7ee60415d79295e5251d13c68dde576e"
+SRC_URI[sha256sum] = "af83a554b3f077564229865c45af0791be008ac6469ef0098152139e6bd4b5b6"
 
 FILES:${PN}-tests = " \
     ${PYTHON_SITEPACKAGES_DIR}/Cryptodome/SelfTest/ \
diff --git a/poky/meta/recipes-devtools/python/python3-pyelftools_0.29.bb b/poky/meta/recipes-devtools/python/python3-pyelftools_0.30.bb
similarity index 82%
rename from poky/meta/recipes-devtools/python/python3-pyelftools_0.29.bb
rename to poky/meta/recipes-devtools/python/python3-pyelftools_0.30.bb
index c55682e..e976d6c 100644
--- a/poky/meta/recipes-devtools/python/python3-pyelftools_0.29.bb
+++ b/poky/meta/recipes-devtools/python/python3-pyelftools_0.30.bb
@@ -4,7 +4,7 @@
 LICENSE = "PD"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=5ce2a2b07fca326bc7c146d10105ccfc"
 
-SRC_URI[sha256sum] = "ec761596aafa16e282a31de188737e5485552469ac63b60cfcccf22263fd24ff"
+SRC_URI[sha256sum] = "2fc92b0d534f8b081f58c7c370967379123d8e00984deb53c209364efd575b40"
 
 PYPI_PACKAGE = "pyelftools"
 
diff --git a/poky/meta/recipes-devtools/python/python3-pygobject/0001-Do-not-build-tests.patch b/poky/meta/recipes-devtools/python/python3-pygobject/0001-Do-not-build-tests.patch
deleted file mode 100644
index 0f2465b..0000000
--- a/poky/meta/recipes-devtools/python/python3-pygobject/0001-Do-not-build-tests.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From c125a806de951359ab7e302b0584f7c92fa451ad Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Fri, 12 Apr 2019 16:25:58 +0200
-Subject: [PATCH] Do not build tests
-
-They require installing tests from g-i, which we do not do.
-
-Upstream-Status: Inappropriate [oe-core specific]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- meson.build | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/meson.build b/meson.build
-index 278fa16f..aacbd4a2 100644
---- a/meson.build
-+++ b/meson.build
-@@ -175,6 +175,6 @@ configure_file(input : 'PKG-INFO.in',
- subdir('gi')
- subdir('pygtkcompat')
- with_tests = get_option('tests')
--if with_tests
--subdir('tests')
--endif
-+#if with_tests
-+#subdir('tests')
-+#endif
--- 
-2.17.1
-
diff --git a/poky/meta/recipes-devtools/python/python3-pygobject_3.44.1.bb b/poky/meta/recipes-devtools/python/python3-pygobject_3.46.0.bb
similarity index 82%
rename from poky/meta/recipes-devtools/python/python3-pygobject_3.44.1.bb
rename to poky/meta/recipes-devtools/python/python3-pygobject_3.46.0.bb
index 797a7ce..28129fd 100644
--- a/poky/meta/recipes-devtools/python/python3-pygobject_3.44.1.bb
+++ b/poky/meta/recipes-devtools/python/python3-pygobject_3.46.0.bb
@@ -19,11 +19,8 @@
 
 SRCNAME="pygobject"
 
-SRC_URI = " \
-    http://ftp.gnome.org/pub/GNOME/sources/${SRCNAME}/${@gnome_verdir("${PV}")}/${SRCNAME}-${PV}.tar.xz \
-    file://0001-Do-not-build-tests.patch \
-"
-SRC_URI[sha256sum] = "3c6805d1321be90cc32e648215a562430e0d3d6edcda8f4c5e7a9daffcad5710"
+SRC_URI = "http://ftp.gnome.org/pub/GNOME/sources/${SRCNAME}/${@gnome_verdir("${PV}")}/${SRCNAME}-${PV}.tar.xz"
+SRC_URI[sha256sum] = "426008b2dad548c9af1c7b03b59df0440fde5c33f38fb5406b103a43d653cafc"
 
 S = "${WORKDIR}/${SRCNAME}-${PV}"
 
@@ -37,6 +34,7 @@
 # python3-pycairo is checked on configuration -> DEPENDS
 # we don't link against python3-pycairo -> RDEPENDS
 PACKAGECONFIG[cairo] = "-Dpycairo=enabled,-Dpycairo=disabled, cairo python3-pycairo, python3-pycairo"
+PACKAGECONFIG[tests] = "-Dtests=true,-Dtests=false,"
 
 BBCLASSEXTEND = "native"
 PACKAGECONFIG:class-native = ""
diff --git a/poky/meta/recipes-devtools/python/python3-pytest_7.4.1.bb b/poky/meta/recipes-devtools/python/python3-pytest_7.4.2.bb
similarity index 92%
rename from poky/meta/recipes-devtools/python/python3-pytest_7.4.1.bb
rename to poky/meta/recipes-devtools/python/python3-pytest_7.4.2.bb
index e9ded98..710aa51 100644
--- a/poky/meta/recipes-devtools/python/python3-pytest_7.4.1.bb
+++ b/poky/meta/recipes-devtools/python/python3-pytest_7.4.2.bb
@@ -5,7 +5,7 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=bd27e41b6550fe0fc45356d1d81ee37c"
 
-SRC_URI[sha256sum] = "2f2301e797521b23e4d2585a0a3d7b5e50fdddaaf7e7d6773ea26ddb17c213ab"
+SRC_URI[sha256sum] = "a766259cfab564a2ad52cb1aae1b881a75c3eb7e34ca3779697c23ed47c47069"
 
 DEPENDS += "python3-setuptools-scm-native"
 
diff --git a/poky/meta/recipes-devtools/python/python3-rdflib_7.0.0.bb b/poky/meta/recipes-devtools/python/python3-rdflib_7.0.0.bb
new file mode 100644
index 0000000..0951533
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-rdflib_7.0.0.bb
@@ -0,0 +1,21 @@
+SUMMARY = "RDFLib is a pure Python package for working with RDF"
+HOMEPAGE = "https://github.com/RDFLib/rdflib"
+SECTION = "devel/python"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=37d489c0cefe52a17e1d5007e196464a"
+
+SRC_URI[sha256sum] = "9995eb8569428059b8c1affd26b25eac510d64f5043d9ce8c84e0d0036e995ae"
+
+inherit pypi python_poetry_core
+
+RDEPENDS:${PN} += " \
+    ${PYTHON_PN}-isodate \
+    ${PYTHON_PN}-pyparsing \
+    ${PYTHON_PN}-logging \
+    ${PYTHON_PN}-numbers \
+    ${PYTHON_PN}-xml \
+    ${PYTHON_PN}-compression \
+    ${PYTHON_PN}-core \
+"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-devtools/python/python3-setuptools-rust_1.6.0.bb b/poky/meta/recipes-devtools/python/python3-setuptools-rust_1.7.0.bb
similarity index 80%
rename from poky/meta/recipes-devtools/python/python3-setuptools-rust_1.6.0.bb
rename to poky/meta/recipes-devtools/python/python3-setuptools-rust_1.7.0.bb
index f1da4b5..6392a4d 100644
--- a/poky/meta/recipes-devtools/python/python3-setuptools-rust_1.6.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-setuptools-rust_1.7.0.bb
@@ -12,11 +12,14 @@
 SRC_URI = "${PYPI_SRC_URI} \
            https://files.pythonhosted.org/packages/67/08/e1aa2c582c62ac76e4d60f8e454bd3bba933781a06a88b4e38797445822a/setuptools-rust-${PV}.tar.gz \
            "
-SRC_URI[sha256sum] = "c86e734deac330597998bfbc08da45187e6b27837e23bd91eadb320732392262"
+SRC_URI[sha256sum] = "c7100999948235a38ae7e555fe199aa66c253dc384b125f5d85473bf81eae3a3"
 
 inherit cargo pypi python_setuptools_build_meta
 
 DEPENDS += "python3-setuptools-scm-native python3-wheel-native"
+# remove when https://github.com/PyO3/setuptools-rust/commit/7ced8d2a8f36e1b4fc41b5544636defb7bd44bdf
+# is included
+DEPENDS += "python3-semantic-version-native"
 
 RDEPENDS:${PN} += " \
     python3-distutils \
diff --git a/poky/meta/recipes-devtools/python/python3-setuptools-scm_7.1.0.bb b/poky/meta/recipes-devtools/python/python3-setuptools-scm_7.1.0.bb
index 7961ff7..bb13c65 100644
--- a/poky/meta/recipes-devtools/python/python3-setuptools-scm_7.1.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-setuptools-scm_7.1.0.bb
@@ -9,7 +9,7 @@
 PYPI_PACKAGE = "setuptools_scm"
 inherit pypi python_setuptools_build_meta
 
-UPSTREAM_CHECK_REGEX = "setuptools_scm-(?P<pver>.*)\.tar"
+UPSTREAM_CHECK_REGEX = "scm-(?P<pver>.*)\.tar"
 
 DEPENDS += "python3-tomli-native python3-packaging-native python3-typing-extensions-native"
 
diff --git a/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch b/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch
index 84a9492..9b17dba 100644
--- a/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch
+++ b/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch
@@ -1,4 +1,4 @@
-From c90cc4a07ce6d2b7128e37d811d0c6bbc4b905a6 Mon Sep 17 00:00:00 2001
+From 519e2845014f04b4c23b5cf8f92fc4e5dcf40f20 Mon Sep 17 00:00:00 2001
 From: Hongxu Jia <hongxu.jia@windriver.com>
 Date: Tue, 17 Jul 2018 10:13:38 +0800
 Subject: [PATCH] conditionally do not fetch code by easy_install
diff --git a/poky/meta/recipes-devtools/python/python3-setuptools_68.1.2.bb b/poky/meta/recipes-devtools/python/python3-setuptools_68.2.2.bb
similarity index 94%
rename from poky/meta/recipes-devtools/python/python3-setuptools_68.1.2.bb
rename to poky/meta/recipes-devtools/python/python3-setuptools_68.2.2.bb
index a1e84b6..06957d7 100644
--- a/poky/meta/recipes-devtools/python/python3-setuptools_68.1.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-setuptools_68.2.2.bb
@@ -11,7 +11,7 @@
 SRC_URI += " \
             file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch"
 
-SRC_URI[sha256sum] = "3d4dfa6d95f1b101d695a6160a7626e15583af71a5f52176efa5d39a054d475d"
+SRC_URI[sha256sum] = "4ac1475276d2f1c48684874089fefcd83bd7162ddaafb81fac866ba0db282a87"
 
 DEPENDS += "${PYTHON_PN}"
 
diff --git a/poky/meta/recipes-devtools/python/python3-smmap_5.0.0.bb b/poky/meta/recipes-devtools/python/python3-smmap_6.0.0.bb
similarity index 87%
rename from poky/meta/recipes-devtools/python/python3-smmap_5.0.0.bb
rename to poky/meta/recipes-devtools/python/python3-smmap_6.0.0.bb
index ea131ef..02c43e0 100644
--- a/poky/meta/recipes-devtools/python/python3-smmap_5.0.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-smmap_6.0.0.bb
@@ -11,7 +11,7 @@
 
 PYPI_PACKAGE = "smmap"
 
-SRC_URI[sha256sum] = "c840e62059cd3be204b0c9c9f74be2c09d5648eddd4580d9314c3ecde0b30936"
+SRC_URI[sha256sum] = "8d79028ea6cc131da5eab099a5d95a998d43c6779956fffe3b455040911076da"
 
 RDEPENDS:${PN} += "${PYTHON_PN}-codecs \
                    ${PYTHON_PN}-mmap \
diff --git a/poky/meta/recipes-devtools/python/python3-spdx-tools_0.8.1.bb b/poky/meta/recipes-devtools/python/python3-spdx-tools_0.8.1.bb
new file mode 100644
index 0000000..f58a138
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-spdx-tools_0.8.1.bb
@@ -0,0 +1,28 @@
+SUMMARY = "Python tool to parse, validate and convert spdx files"
+HOMEPAGE = "https://github.com/spdx/tools-python"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=dc7f21ccff0f672f2a7cd6f412ae627d"
+
+SRC_URI[sha256sum] = "c83652cd65b5726058dcbdaab85839dbe484c43ea6f61046137516aa1b8428ae"
+
+BBCLASSEXTEND = "native nativesdk"
+
+inherit setuptools3 pypi
+
+# Dependency required for pyspdxtools : python3-click
+# Dependencies required for conversion to spdx3 : python3-semantic-version, python3-ply
+RDEPENDS:${PN} += "\
+  python3-core \
+  python3-beartype \
+  python3-click \
+  python3-datetime \
+  python3-json \
+  python3-license-expression \
+  python3-ply \
+  python3-pyyaml \
+  python3-rdflib \
+  python3-semantic-version \
+  python3-uritools \
+  python3-xmltodict \
+  "
diff --git a/poky/meta/recipes-devtools/python/python3-sphinx_7.2.5.bb b/poky/meta/recipes-devtools/python/python3-sphinx_7.2.6.bb
similarity index 91%
rename from poky/meta/recipes-devtools/python/python3-sphinx_7.2.5.bb
rename to poky/meta/recipes-devtools/python/python3-sphinx_7.2.6.bb
index f55cc5a..f4ed072 100644
--- a/poky/meta/recipes-devtools/python/python3-sphinx_7.2.5.bb
+++ b/poky/meta/recipes-devtools/python/python3-sphinx_7.2.6.bb
@@ -4,7 +4,7 @@
 LICENSE = "BSD-2-Clause & MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb6ac1b115a1ed24a12d9f15b633993"
 
-SRC_URI[sha256sum] = "1a9290001b75c497fd087e92b0334f1bbfa1a1ae7fddc084990c4b7bd1130b88"
+SRC_URI[sha256sum] = "9a5160e1ea90688d5963ba09a2dcd8bdd526620edbb65c328728f1b2228d5ab5"
 
 inherit python_flit_core pypi
 UPSTREAM_CHECK_REGEX = "/Sphinx/(?P<pver>(\d+[\.\-_]*)+)/"
diff --git a/poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.8.7.bb b/poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.9.19.bb
similarity index 86%
rename from poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.8.7.bb
rename to poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.9.19.bb
index 9aed0d6..aa062f6 100644
--- a/poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.8.7.bb
+++ b/poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.9.19.bb
@@ -3,7 +3,7 @@
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
 
-SRC_URI[sha256sum] = "c9f2a0a85d545e5362e967e4f069f56fddfd91215e22ffa48c66fb283521319a"
+SRC_URI[sha256sum] = "3e700af445c802f251ce2b741ee78d2e5dfa5ab8115b933b89ca631b414691c9"
 
 inherit pypi python_setuptools_build_meta ptest
 
diff --git a/poky/meta/recipes-devtools/python/python3-typing-extensions_4.7.1.bb b/poky/meta/recipes-devtools/python/python3-typing-extensions_4.8.0.bb
similarity index 90%
rename from poky/meta/recipes-devtools/python/python3-typing-extensions_4.7.1.bb
rename to poky/meta/recipes-devtools/python/python3-typing-extensions_4.8.0.bb
index 8ff77ba..33749a9 100644
--- a/poky/meta/recipes-devtools/python/python3-typing-extensions_4.7.1.bb
+++ b/poky/meta/recipes-devtools/python/python3-typing-extensions_4.8.0.bb
@@ -15,7 +15,7 @@
 # The name on PyPi is slightly different.
 PYPI_PACKAGE = "typing_extensions"
 
-SRC_URI[sha256sum] = "b75ddc264f0ba5615db7ba217daeb99701ad295353c45f9e95963337ceeeffb2"
+SRC_URI[sha256sum] = "df8e4339e9cb77357558cbdbceca33c303714cf861d1eef15e1070055ae8b7ef"
 
 inherit pypi python_flit_core
 
diff --git a/poky/meta/recipes-devtools/python/python3-uritools_4.0.2.bb b/poky/meta/recipes-devtools/python/python3-uritools_4.0.2.bb
new file mode 100644
index 0000000..5ffedcc
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-uritools_4.0.2.bb
@@ -0,0 +1,11 @@
+SUMMARY = "URI parsing, classification and composition"
+HOMEPAGE = "https://github.com/tkem/uritools/"
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=1ec55353c80c662e4255f8889a0ca558"
+
+SRC_URI[sha256sum] = "04df2b787d0eb76200e8319382a03562fbfe4741fd66c15506b08d3b8211d573"
+
+inherit setuptools3 pypi
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-devtools/python/python3-urllib3_2.0.4.bb b/poky/meta/recipes-devtools/python/python3-urllib3_2.0.5.bb
similarity index 87%
rename from poky/meta/recipes-devtools/python/python3-urllib3_2.0.4.bb
rename to poky/meta/recipes-devtools/python/python3-urllib3_2.0.5.bb
index 0abd2ad..9c15791 100644
--- a/poky/meta/recipes-devtools/python/python3-urllib3_2.0.4.bb
+++ b/poky/meta/recipes-devtools/python/python3-urllib3_2.0.5.bb
@@ -3,7 +3,7 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=52d273a3054ced561275d4d15260ecda"
 
-SRC_URI[sha256sum] = "8d22f86aae8ef5e410d4f539fde9ce6b2113a001bb4d189e0aed70642d602b11"
+SRC_URI[sha256sum] = "13abf37382ea2ce6fb744d4dad67838eec857c9f4f57009891805e0b5e123594"
 
 inherit pypi python_hatchling
 
diff --git a/poky/meta/recipes-devtools/python/python3-xmltodict/run-ptest b/poky/meta/recipes-devtools/python/python3-xmltodict/run-ptest
new file mode 100644
index 0000000..3385d68
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-xmltodict/run-ptest
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+pytest -o log_cli=true -o log_cli_level=INFO | sed -e 's/\[...%\]//g'| sed -e 's/PASSED/PASS/g'| sed -e 's/FAILED/FAIL/g'|sed -e 's/SKIPED/SKIP/g'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS"){printf "%s: %s\n", $NF, $0}else{print}}'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS") {$NF="";print $0}else{print}}'
diff --git a/poky/meta/recipes-devtools/python/python3-xmltodict_0.13.0.bb b/poky/meta/recipes-devtools/python/python3-xmltodict_0.13.0.bb
new file mode 100644
index 0000000..132aae8
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-xmltodict_0.13.0.bb
@@ -0,0 +1,31 @@
+SUMMARY = "Makes working with XML feel like you are working with JSON"
+HOMEPAGE = "https://github.com/martinblech/xmltodict"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=01441d50dc74476db58a41ac10cb9fa2"
+
+SRC_URI[sha256sum] = "341595a488e3e01a85a9d8911d8912fd922ede5fecc4dce437eb4b6c8d037e56"
+
+PYPI_PACKAGE = "xmltodict"
+
+BBCLASSEXTEND = "native nativesdk"
+
+inherit pypi setuptools3 ptest
+
+SRC_URI += " \
+	file://run-ptest \
+"
+
+RDEPENDS:${PN} += " \
+	${PYTHON_PN}-core \
+	${PYTHON_PN}-xml \
+	${PYTHON_PN}-io \
+"
+
+RDEPENDS:${PN}-ptest += " \
+	${PYTHON_PN}-pytest \
+"
+
+do_install_ptest() {
+	install -d ${D}${PTEST_PATH}/tests
+	cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/
+}
diff --git a/poky/meta/recipes-devtools/python/python3-zipp_3.16.2.bb b/poky/meta/recipes-devtools/python/python3-zipp_3.17.0.bb
similarity index 84%
rename from poky/meta/recipes-devtools/python/python3-zipp_3.16.2.bb
rename to poky/meta/recipes-devtools/python/python3-zipp_3.17.0.bb
index 9dff59f..11f3b5c 100644
--- a/poky/meta/recipes-devtools/python/python3-zipp_3.16.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-zipp_3.17.0.bb
@@ -3,7 +3,7 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=141643e11c48898150daa83802dbc65f"
 
-SRC_URI[sha256sum] = "ebc15946aa78bd63458992fc81ec3b6f7b1e92d51c35e6de1c3804e73b799147"
+SRC_URI[sha256sum] = "84e64a1c28cf7e91ed2078bb8cc8c259cb19b76942096c8d7b84947690cabaf0"
 
 DEPENDS += "${PYTHON_PN}-setuptools-scm-native"
 
diff --git a/poky/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch b/poky/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
new file mode 100644
index 0000000..ff695a4
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
@@ -0,0 +1,32 @@
+From 564d8f117fec7e573cbc10323655acefb12d143f Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <tgamblin@baylibre.com>
+Date: Fri, 15 Sep 2023 08:48:33 -0400
+Subject: [PATCH] skip no_stdout_fileno test due to load variability
+
+Skip test_input_no_stdout_fileno so that it doesn't fail on systems
+under heavy load.
+
+Upstream-Status: Inappropriate [OE-Specific]
+
+[YOCTO #15210]
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
+---
+ Lib/test/test_builtin.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Lib/test/test_builtin.py b/Lib/test/test_builtin.py
+index 9078c409cc..615955c057 100644
+--- a/Lib/test/test_builtin.py
++++ b/Lib/test/test_builtin.py
+@@ -2247,6 +2247,7 @@ def test_input_tty_non_ascii_unicode_errors(self):
+         # Check stdin/stdout error handler is used when invoking PyOS_Readline()
+         self.check_input_tty("prompté", b"quux\xe9", "ascii")
+ 
++    @unittest.skip("Test may fail under heavy load")
+     def test_input_no_stdout_fileno(self):
+         # Issue #24402: If stdin is the original terminal but stdout.fileno()
+         # fails, do not use the original stdout file descriptor
+-- 
+2.41.0
+
diff --git a/poky/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch b/poky/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
index 371021c..97150f2 100644
--- a/poky/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
+++ b/poky/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
@@ -9,7 +9,7 @@
 
 Upstream-Status: Inappropriate [oe-specific]
 
-Signed-off-by: Tim Orling <timothy.t.orlign@intel.com>
+Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
 
 ---
  Lib/ctypes/test/test_find.py | 2 ++
diff --git a/poky/meta/recipes-devtools/python/python3_3.11.5.bb b/poky/meta/recipes-devtools/python/python3_3.11.5.bb
index f5d9731..8e023c7 100644
--- a/poky/meta/recipes-devtools/python/python3_3.11.5.bb
+++ b/poky/meta/recipes-devtools/python/python3_3.11.5.bb
@@ -32,6 +32,7 @@
            file://deterministic_imports.patch \
            file://0001-Avoid-shebang-overflow-on-python-config.py.patch \
            file://0001-Update-test_sysconfig-for-posix_user-purelib.patch \
+           file://0001-skip-no_stdout_fileno-test-due-to-load-variability.patch \
            "
 
 SRC_URI:append:class-native = " \
@@ -45,7 +46,7 @@
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
 UPSTREAM_CHECK_URI = "https://www.python.org/downloads/source/"
 
-CVE_PRODUCT = "python"
+CVE_PRODUCT = "python cpython"
 
 CVE_STATUS[CVE-2007-4559] = "disputed: Upstream consider this expected behaviour"
 CVE_STATUS[CVE-2019-18348] = "not-applicable-config: This is not exploitable when glibc has CVE-2016-10739 fixed"
diff --git a/poky/meta/recipes-devtools/qemu/nativesdk-qemu-helper_1.0.bb b/poky/meta/recipes-devtools/qemu/nativesdk-qemu-helper_1.0.bb
index b100659..5d40784 100644
--- a/poky/meta/recipes-devtools/qemu/nativesdk-qemu-helper_1.0.bb
+++ b/poky/meta/recipes-devtools/qemu/nativesdk-qemu-helper_1.0.bb
@@ -4,7 +4,6 @@
                   nativesdk-python3-shell nativesdk-python3-fcntl nativesdk-python3-logging \
                 "
 
-PR = "r9"
 
 LIC_FILES_CHKSUM = "file://${COREBASE}/scripts/runqemu;beginline=5;endline=10;md5=ac2b489a58739c7628a2604698db5e7f"
 
diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
index 4d64ea4..1dfce0e 100644
--- a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
+++ b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
@@ -1,7 +1,6 @@
 SUMMARY = "Helper utilities needed by the runqemu script"
 LICENSE = "GPL-2.0-only"
 RDEPENDS:${PN} = "qemu-system-native"
-PR = "r1"
 
 LIC_FILES_CHKSUM = "file://${WORKDIR}/qemu-oe-bridge-helper.c;endline=4;md5=ae00a3bab86f2caaa8462eacda77f4d7"
 
diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc
index 15b963d..9664b74 100644
--- a/poky/meta/recipes-devtools/qemu/qemu.inc
+++ b/poky/meta/recipes-devtools/qemu/qemu.inc
@@ -195,6 +195,7 @@
 PACKAGECONFIG[alsa] = "--audio-drv-list=default,,alsa-lib"
 PACKAGECONFIG[epoxy] = "--enable-opengl,--disable-opengl,libepoxy"
 PACKAGECONFIG[lzo] = "--enable-lzo,--disable-lzo,lzo"
+PACKAGECONFIG[dax] = "--enable-libdaxctl,--disable-libdaxctl,ndctl"
 PACKAGECONFIG[numa] = "--enable-numa,--disable-numa,numactl"
 PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls"
 PACKAGECONFIG[bzip2] = "--enable-bzip2,--disable-bzip2,bzip2"
diff --git a/poky/meta/recipes-devtools/run-postinsts/run-postinsts_1.0.bb b/poky/meta/recipes-devtools/run-postinsts/run-postinsts_1.0.bb
index db353d6..72ba8c0 100644
--- a/poky/meta/recipes-devtools/run-postinsts/run-postinsts_1.0.bb
+++ b/poky/meta/recipes-devtools/run-postinsts/run-postinsts_1.0.bb
@@ -1,7 +1,6 @@
 SUMMARY = "Runs postinstall scripts on first boot of the target device"
 DESCRIPTION = "${SUMMARY}"
 SECTION = "devel"
-PR = "r10"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 
diff --git a/poky/meta/recipes-devtools/rust/cargo-c-native_0.9.18.bb b/poky/meta/recipes-devtools/rust/cargo-c-native_0.9.18.bb
index 4f34f50..f27ad83 100644
--- a/poky/meta/recipes-devtools/rust/cargo-c-native_0.9.18.bb
+++ b/poky/meta/recipes-devtools/rust/cargo-c-native_0.9.18.bb
@@ -5,12 +5,12 @@
     file://LICENSE;md5=384ed0e2e0b2dac094e51fbf93fdcbe0 \
 "
 
-PR = "r1"
 
 SRC_URI = " \
 	git://github.com/lu-zero/cargo-c.git;branch=master;protocol=https \
 	file://0001-Add-Cargo.lock-file.patch \
 "
+UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
 
 SRCREV = "4eaf39ebbbc9ab8f092adf487d5b53435511d619"
 S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-devtools/strace/strace/run-ptest b/poky/meta/recipes-devtools/strace/strace/run-ptest
index 86daed9..1224229 100755
--- a/poky/meta/recipes-devtools/strace/strace/run-ptest
+++ b/poky/meta/recipes-devtools/strace/strace/run-ptest
@@ -3,7 +3,7 @@
 set -u
 
 export TIMEOUT_DURATION=240
-make -B -C tests -k test-suite.log
+make -j4 -B -C tests -k test-suite.log
 res=$?
 if [ $res -ne 0 ]; then
     cat tests/test-suite.log
diff --git a/poky/meta/recipes-devtools/strace/strace_6.4.bb b/poky/meta/recipes-devtools/strace/strace_6.5.bb
similarity index 95%
rename from poky/meta/recipes-devtools/strace/strace_6.4.bb
rename to poky/meta/recipes-devtools/strace/strace_6.5.bb
index 2174790..8f90c35 100644
--- a/poky/meta/recipes-devtools/strace/strace_6.4.bb
+++ b/poky/meta/recipes-devtools/strace/strace_6.5.bb
@@ -15,7 +15,7 @@
            file://0001-configure-Use-autoconf-macro-to-detect-largefile-sup.patch \
            file://0002-tests-Replace-off64_t-with-off_t.patch \
            "
-SRC_URI[sha256sum] = "27987dbac57fdfd260c6db4dc8328df35c95c6867c8a3d4371d59cdcf4eb9238"
+SRC_URI[sha256sum] = "dfb051702389e1979a151892b5901afc9e93bbc1c70d84c906ade3224ca91980"
 
 inherit autotools ptest
 
diff --git a/poky/meta/recipes-devtools/syslinux/syslinux_6.04-pre2.bb b/poky/meta/recipes-devtools/syslinux/syslinux_6.04-pre2.bb
index 5604901..1931bfb 100644
--- a/poky/meta/recipes-devtools/syslinux/syslinux_6.04-pre2.bb
+++ b/poky/meta/recipes-devtools/syslinux/syslinux_6.04-pre2.bb
@@ -28,7 +28,6 @@
 SRC_URI[sha256sum] = "4441a5d593f85bb6e8d578cf6653fb4ec30f9e8f4a2315a3d8f2d0a8b3fadf94"
 
 # remove at next version upgrade or when output changes
-PR = "r1"
 
 RECIPE_NO_UPDATE_REASON = "6.04-pre3 is broken"
 UPSTREAM_CHECK_URI = "https://www.zytor.com/pub/syslinux/"
diff --git a/poky/meta/recipes-devtools/vala/vala_0.56.13.bb b/poky/meta/recipes-devtools/vala/vala_0.56.13.bb
new file mode 100644
index 0000000..0d43ac5
--- /dev/null
+++ b/poky/meta/recipes-devtools/vala/vala_0.56.13.bb
@@ -0,0 +1,3 @@
+require ${BPN}.inc
+
+SRC_URI[sha256sum] = "4988223036c7e1e4874c476d0de8bd9cbe500ee25ef19a76e560dc0b6d56ae07"
diff --git a/poky/meta/recipes-devtools/vala/vala_0.56.8.bb b/poky/meta/recipes-devtools/vala/vala_0.56.8.bb
deleted file mode 100644
index f55fb41..0000000
--- a/poky/meta/recipes-devtools/vala/vala_0.56.8.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require ${BPN}.inc
-
-SRC_URI[sha256sum] = "93f81dcfc6a93b77baa271d65e6be981ee3238ad451ef380af118e295d904bde"
diff --git a/poky/meta/recipes-extended/cups/cups.inc b/poky/meta/recipes-extended/cups/cups.inc
index 36feadd..fa32c38 100644
--- a/poky/meta/recipes-extended/cups/cups.inc
+++ b/poky/meta/recipes-extended/cups/cups.inc
@@ -15,6 +15,7 @@
            file://0004-cups-fix-multilib-install-file-conflicts.patch \
            file://volatiles.99_cups \
            file://cups-volatiles.conf \
+           file://CVE-2023-4504.patch \
            "
 
 GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
diff --git a/poky/meta/recipes-extended/cups/cups/CVE-2023-4504.patch b/poky/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
new file mode 100644
index 0000000..e52e43a
--- /dev/null
+++ b/poky/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
@@ -0,0 +1,42 @@
+CVE: CVE-2023-4504
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 ]
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+
+From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Wed, 20 Sep 2023 14:45:17 +0200
+Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504
+
+We didn't check for end of buffer if it looks there is an escaped
+character - check for NULL terminator there and if found, return NULL
+as return value and in `ptr`, because a lone backslash is not
+a valid PostScript character.
+---
+ cups/raster-interpret.c | 14 +++++++++++++-
+ 1 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c
+index 6fcf731b5..b8655c8c6 100644
+--- a/cups/raster-interpret.c
++++ b/cups/raster-interpret.c
+@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st,		/* I  - Stack */
+ 
+ 	    cur ++;
+ 
+-            if (*cur == 'b')
++	   /*
++	    * Return NULL if we reached NULL terminator, a lone backslash
++	    * is not a valid character in PostScript.
++	    */
++
++	    if (!*cur)
++	    {
++	      *ptr = NULL;
++
++	      return (NULL);
++	    }
++
++	    if (*cur == 'b')
+ 	      *valptr++ = '\b';
+ 	    else if (*cur == 'f')
+ 	      *valptr++ = '\f';
diff --git a/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch b/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch
index 5e90248..409c8de 100644
--- a/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch
+++ b/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch
@@ -1,4 +1,4 @@
-From 08f887f4bc65684397bf8ec30cc61d91d894deac Mon Sep 17 00:00:00 2001
+From 0c77437267601d40d7ce9efd87eb4b82a5675d2f Mon Sep 17 00:00:00 2001
 From: Tudor Florea <tudor.florea@enea.com>
 Date: Wed, 28 May 2014 18:59:54 +0200
 Subject: [PATCH] ethtool: use serial-tests config needed by ptest.
@@ -15,12 +15,12 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/configure.ac b/configure.ac
-index c1e0012..c460398 100644
+index 11efb99..b5ce018 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -2,7 +2,7 @@ dnl Process this file with autoconf to produce a configure script.
- AC_INIT(ethtool, 6.3, netdev@vger.kernel.org)
+@@ -3,7 +3,7 @@ AC_INIT(ethtool, 6.5, netdev@vger.kernel.org)
  AC_PREREQ(2.52)
+ AC_CONFIG_MACRO_DIR([m4])
  AC_CONFIG_SRCDIR([ethtool.c])
 -AM_INIT_AUTOMAKE([gnu subdir-objects])
 +AM_INIT_AUTOMAKE([gnu subdir-objects serial-tests])
diff --git a/poky/meta/recipes-extended/ethtool/ethtool_6.3.bb b/poky/meta/recipes-extended/ethtool/ethtool_6.5.bb
similarity index 93%
rename from poky/meta/recipes-extended/ethtool/ethtool_6.3.bb
rename to poky/meta/recipes-extended/ethtool/ethtool_6.5.bb
index 504e645..ef925e1 100644
--- a/poky/meta/recipes-extended/ethtool/ethtool_6.3.bb
+++ b/poky/meta/recipes-extended/ethtool/ethtool_6.5.bb
@@ -11,7 +11,7 @@
            file://avoid_parallel_tests.patch \
            "
 
-SRC_URI[sha256sum] = "342d37d3fe19da79d0276c4c69c34c61f1ad8f87b06514d664bf1eeb29bfd525"
+SRC_URI[sha256sum] = "aed41ca58b3129126f18429172064d214191d7e7ef52c6e3f6b2ff7503706c03"
 
 UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/software/network/ethtool/"
 
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/0001-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/0001-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch
deleted file mode 100644
index b29212f..0000000
--- a/poky/meta/recipes-extended/ghostscript/ghostscript/0001-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From d81b82c70bc1fb9991bb95f1201abb5dea55f57f Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Mon, 17 Jul 2023 14:06:37 +0100
-Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from
- devices/gdevpcx.c
-
-Bounds check the buffer, before dereferencing the pointer.
-
-CVE: CVE-2023-38559
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
----
- base/gdevdevn.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/base/gdevdevn.c b/base/gdevdevn.c
-index 7b14d9c71..6351fb77a 100644
---- a/base/gdevdevn.c
-+++ b/base/gdevdevn.c
-@@ -1983,7 +1983,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file
-         byte data = *from;
- 
-         from += step;
--        if (data != *from || from == end) {
-+        if (from >= end || data != *from) {
-             if (data >= 0xc0)
-                 gp_fputc(0xc1, file);
-         } else {
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_10.02.0.bb
similarity index 93%
rename from poky/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
rename to poky/meta/recipes-extended/ghostscript/ghostscript_10.02.0.bb
index 434170e..4bad0f8 100644
--- a/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript_10.02.0.bb
@@ -25,11 +25,10 @@
 SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${@gs_verdir("${PV}")}/${BPN}-${PV}.tar.gz \
            file://ghostscript-9.16-Werror-return-type.patch \
            file://avoid-host-contamination.patch \
-           file://0001-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch \
            file://configure.ac-add-option-to-explicitly-disable-neon.patch \
-"
+           "
 
-SRC_URI[sha256sum] = "a4cd61a07fec161bee35da0211a5e5cde8ff8a0aaf942fc0176715e499d21661"
+SRC_URI[sha256sum] = "e54062f166708d84ca82de9f8304a04344466080f936118b88082bd55ed6dc97"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3"
diff --git a/poky/meta/recipes-extended/go-examples/go-helloworld_0.1.bb b/poky/meta/recipes-extended/go-examples/go-helloworld_0.1.bb
index ce6ec08..98cd4d8 100644
--- a/poky/meta/recipes-extended/go-examples/go-helloworld_0.1.bb
+++ b/poky/meta/recipes-extended/go-examples/go-helloworld_0.1.bb
@@ -6,7 +6,7 @@
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
 
 SRC_URI = "git://go.googlesource.com/example;branch=master;protocol=https"
-SRCREV = "5bec756976671f30903223ec46ff8a70dced4954"
+SRCREV = "d9923f6970e9ba7e0d23aa9448ead71ea57235ae"
 UPSTREAM_CHECK_COMMITS = "1"
 
 GO_IMPORT = "golang.org/x/example"
diff --git a/poky/meta/recipes-extended/groff/files/0001-build-Fix-Savannah-64681-webpage.ps-deps.patch b/poky/meta/recipes-extended/groff/files/0001-build-Fix-Savannah-64681-webpage.ps-deps.patch
new file mode 100644
index 0000000..eae5dc9
--- /dev/null
+++ b/poky/meta/recipes-extended/groff/files/0001-build-Fix-Savannah-64681-webpage.ps-deps.patch
@@ -0,0 +1,51 @@
+From c75965053124149381ada3c394da74be078076cf Mon Sep 17 00:00:00 2001
+From: "G. Branden Robinson" <g.branden.robinson@gmail.com>
+Date: Sat, 16 Sep 2023 16:28:00 -0500
+Subject: [PATCH] [build]: Fix Savannah #64681 (webpage.ps deps).
+
+* doc/doc.am (doc/webpage.ps, doc/webpage.html): Update and parallelize
+  target dependencies.  Resolve race by requiring "grn" and "soelim" to
+  be built first.  Also add dependency on `$(TMAC_PACKAGE_MS)`.
+
+Fixes <https://savannah.gnu.org/bugs/?64681>.  Thanks to Alexander
+Kanavin for the report.
+
+ANNOUNCE: Acknowledge Alexander.
+
+Upstream-Status: Backport
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ doc/doc.am | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/doc/doc.am b/doc/doc.am
+index cddc51907..d3c9ab6b7 100644
+--- a/doc/doc.am
++++ b/doc/doc.am
+@@ -346,6 +346,9 @@ doc/pic.ps: $(doc_srcdir)/pic.ms eqn pic tbl
+ 	$(GROFF_V)$(MKDIR_P) `dirname $@` \
+ 	&& $(DOC_GROFF) -pet -Tps -ms $(doc_srcdir)/pic.ms >$@
+ 
++# groff(1)'s `-I` implies `-g` and `-s`, so we must depend on grn and
++# soelim even though the document doesn't require them.
++doc/webpage.ps: grn soelim
+ doc/webpage.ps: $(DOC_GNU_EPS) tmac/www.tmac tbl
+ doc/webpage.ps: $(doc_srcdir)/webpage.ms
+ 	$(GROFF_V)$(MKDIR_P) `dirname $@` \
+@@ -365,11 +368,12 @@ doc/pic.html: $(doc_srcdir)/pic.ms
+ 	&& $(DOC_GROFF) -pet -P-Ipic -P-Dimg -P-jpic -Thtml -ms \
+ 	  $(doc_srcdir)/pic.ms > pic.html
+ 
+-doc/webpage.html: tbl
+-doc/webpage.html: tmac/www.tmac
+-doc/webpage.html: $(DOC_GNU_EPS)
++# groff(1)'s `-I` implies `-g` and `-s`, so we must depend on grn and
++# soelim even though the document doesn't require them.
++doc/webpage.html: grn soelim
++doc/webpage.html: $(DOC_GNU_EPS) tmac/www.tmac tbl
+ doc/webpage.html: $(doc_srcdir)/groff.css
+-doc/webpage.html: $(doc_srcdir)/webpage.ms
++doc/webpage.html: $(doc_srcdir)/webpage.ms $(TMAC_PACKAGE_MS)
+ 	$(GROFF_V)$(MKDIR_P) $(doc_builddir) \
+ 	&& cd $(doc_builddir) \
+ 	&& $(DOC_GROFF) -t -I $(doc_srcdir) -P-jwebpage -P-nrb \
diff --git a/poky/meta/recipes-extended/groff/files/0001-build-meintro_fr.ps-depends-on-tbl.patch b/poky/meta/recipes-extended/groff/files/0001-build-meintro_fr.ps-depends-on-tbl.patch
new file mode 100644
index 0000000..3e81b86
--- /dev/null
+++ b/poky/meta/recipes-extended/groff/files/0001-build-meintro_fr.ps-depends-on-tbl.patch
@@ -0,0 +1,31 @@
+From f21e9f13beb57a1e0666edf9693d7c83f2189897 Mon Sep 17 00:00:00 2001
+From: "G. Branden Robinson" <g.branden.robinson@gmail.com>
+Date: Fri, 22 Sep 2023 01:27:57 -0500
+Subject: [PATCH] [build]: meintro_fr.ps depends on tbl.
+
+* doc/doc.am (doc/meintro_fr.ps): Depend on tbl, resolving race in
+  sufficiently parallelized builds.  Overlooked in commit 92349ae223,
+  2022-05-30.
+
+Fixes <https://savannah.gnu.org/bugs/?64695>.  Thanks to Alexander
+Kanavin for the report.
+
+Upstream-Status: Backport
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ doc/doc.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/doc/doc.am b/doc/doc.am
+index d3c9ab6b7..0f95c7774 100644
+--- a/doc/doc.am
++++ b/doc/doc.am
+@@ -334,7 +334,7 @@ SUFFIXES += .me.in .me
+ 
+ # Use '-K utf8', not '-k', in case 'configure' didn't find uchardet.
+ # The French translation uses tbl; its English counterpart does not.
+-doc/meintro_fr.ps: doc/meintro_fr.me preconv
++doc/meintro_fr.ps: doc/meintro_fr.me preconv tbl
+ 	$(GROFF_V)$(MKDIR_P) `dirname $@` \
+ 	&& $(DOC_GROFF) -K utf8 -t -Tps -me -mfr $< >$@
+ 
diff --git a/poky/meta/recipes-extended/groff/groff_1.23.0.bb b/poky/meta/recipes-extended/groff/groff_1.23.0.bb
index 1dcd0bb..0fc4f83 100644
--- a/poky/meta/recipes-extended/groff/groff_1.23.0.bb
+++ b/poky/meta/recipes-extended/groff/groff_1.23.0.bb
@@ -10,6 +10,8 @@
 SRC_URI = "${GNU_MIRROR}/groff/groff-${PV}.tar.gz \
            file://groff-not-search-fonts-on-build-host.patch \
            file://0001-Make-manpages-mulitlib-identical.patch \
+           file://0001-build-Fix-Savannah-64681-webpage.ps-deps.patch \
+           file://0001-build-meintro_fr.ps-depends-on-tbl.patch \
            "
 
 SRC_URI[sha256sum] = "6b9757f592b7518b4902eb6af7e54570bdccba37a871fddb2d30ae3863511c13"
diff --git a/poky/meta/recipes-extended/gzip/gzip-1.12/autoconf-2.73.patch b/poky/meta/recipes-extended/gzip/gzip-1.12/autoconf-2.73.patch
deleted file mode 100644
index 18f992b..0000000
--- a/poky/meta/recipes-extended/gzip/gzip-1.12/autoconf-2.73.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-The gnulib largefile macro needs updating to work with autoconf 2.73. Rather
-than the full code:
-
-https://git.savannah.gnu.org/cgit/gnulib.git/commit/m4/largefile.m4?id=f91f633858cf132e50924224c50d6264a92caabb
-
-Just tweak the exiting code to work with 2.73. The next gzip upgrade should
-update to new gnulib
-
-Upstream-Status: Inappropriate
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-
-Index: findutils-4.9.0/gl/m4/largefile.m4
-===================================================================
---- findutils-4.9.0.orig/m4/largefile.m4
-+++ findutils-4.9.0/m4/largefile.m4
-@@ -26,7 +26,7 @@ AC_DEFUN([gl_SET_LARGEFILE_SOURCE],
- # with _TIME_BITS.  Also, work around a problem in autoconf <= 2.69:
- # AC_SYS_LARGEFILE does not configure for large inodes on Mac OS X 10.5,
- # or configures them incorrectly in some cases.
--m4_version_prereq([2.70], [], [
-+m4_version_prereq([2.73], [], [
- 
- # _AC_SYS_LARGEFILE_TEST_INCLUDES
- # -------------------------------
diff --git a/poky/meta/recipes-extended/gzip/gzip-1.12/wrong-path-fix.patch b/poky/meta/recipes-extended/gzip/gzip-1.13/wrong-path-fix.patch
similarity index 100%
rename from poky/meta/recipes-extended/gzip/gzip-1.12/wrong-path-fix.patch
rename to poky/meta/recipes-extended/gzip/gzip-1.13/wrong-path-fix.patch
diff --git a/poky/meta/recipes-extended/gzip/gzip_1.12.bb b/poky/meta/recipes-extended/gzip/gzip_1.13.bb
similarity index 86%
rename from poky/meta/recipes-extended/gzip/gzip_1.12.bb
rename to poky/meta/recipes-extended/gzip/gzip_1.13.bb
index 35eb7c4..fd846b3 100644
--- a/poky/meta/recipes-extended/gzip/gzip_1.12.bb
+++ b/poky/meta/recipes-extended/gzip/gzip_1.13.bb
@@ -5,12 +5,11 @@
 LICENSE = "GPL-3.0-or-later"
 
 SRC_URI = "${GNU_MIRROR}/gzip/${BP}.tar.gz \
-           file://autoconf-2.73.patch \
            file://run-ptest \
-          "
+           "
 SRC_URI:append:class-target = " file://wrong-path-fix.patch"
 
-LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
+LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \
                     file://gzip.h;beginline=8;endline=20;md5=6e47caaa630e0c8bf9f1bc8d94a8ed0e"
 
 PROVIDES:append:class-native = " gzip-replacement-native"
@@ -39,4 +38,4 @@
             ${B}/tests/Makefile > ${D}${PTEST_PATH}/src/tests/Makefile
 }
 
-SRC_URI[sha256sum] = "5b4fb14d38314e09f2fc8a1c510e7cd540a3ea0e3eb9b0420046b82c3bf41085"
+SRC_URI[sha256sum] = "20fc818aeebae87cdbf209d35141ad9d3cf312b35a5e6be61bfcfbf9eddd212a"
diff --git a/poky/meta/recipes-extended/libarchive/libarchive_3.7.1.bb b/poky/meta/recipes-extended/libarchive/libarchive_3.7.2.bb
similarity index 96%
rename from poky/meta/recipes-extended/libarchive/libarchive_3.7.1.bb
rename to poky/meta/recipes-extended/libarchive/libarchive_3.7.2.bb
index e40c3e7..a09f607 100644
--- a/poky/meta/recipes-extended/libarchive/libarchive_3.7.1.bb
+++ b/poky/meta/recipes-extended/libarchive/libarchive_3.7.2.bb
@@ -32,7 +32,7 @@
 SRC_URI += "file://configurehack.patch"
 UPSTREAM_CHECK_URI = "http://libarchive.org/"
 
-SRC_URI[sha256sum] = "5d24e40819768f74daf846b99837fc53a3a9dcdf3ce1c2003fe0596db850f0f0"
+SRC_URI[sha256sum] = "df404eb7222cf30b4f8f93828677890a2986b66ff8bf39dac32a804e96ddf104"
 
 CVE_STATUS[CVE-2023-30571] = "upstream-wontfix: upstream has documented that reported function is not thread-safe"
 
diff --git a/poky/meta/recipes-extended/libsolv/libsolv_0.7.24.bb b/poky/meta/recipes-extended/libsolv/libsolv_0.7.25.bb
similarity index 84%
rename from poky/meta/recipes-extended/libsolv/libsolv_0.7.24.bb
rename to poky/meta/recipes-extended/libsolv/libsolv_0.7.25.bb
index 7c8f1fd..69cb3f7 100644
--- a/poky/meta/recipes-extended/libsolv/libsolv_0.7.24.bb
+++ b/poky/meta/recipes-extended/libsolv/libsolv_0.7.25.bb
@@ -6,13 +6,13 @@
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE.BSD;md5=62272bd11c97396d4aaf1c41bc11f7d8"
 
-DEPENDS = "expat zlib"
+DEPENDS = "expat zlib zstd"
 
 SRC_URI = "git://github.com/openSUSE/libsolv.git;branch=master;protocol=https \
            file://0001-utils-Conside-musl-when-wrapping-qsort_r.patch \
 "
 
-SRCREV = "4d05dca3974156faf2f025ca4a82b68904848307"
+SRCREV = "f1be8bf3dcc7dc14d331adbc97f337fa08e641c9"
 
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)"
 
@@ -23,7 +23,7 @@
 PACKAGECONFIG ??= "${@bb.utils.contains('PACKAGE_CLASSES','package_rpm','rpm','',d)}"
 PACKAGECONFIG[rpm] = "-DENABLE_RPMMD=ON -DENABLE_RPMDB=ON,,rpm"
 
-EXTRA_OECMAKE = "-DMULTI_SEMANTICS=ON -DENABLE_COMPLEX_DEPS=ON"
+EXTRA_OECMAKE = "-DMULTI_SEMANTICS=ON -DENABLE_COMPLEX_DEPS=ON -DENABLE_ZSTD_COMPRESSION=ON"
 
 PACKAGES =+ "${PN}-tools ${PN}ext"
 
diff --git a/poky/meta/recipes-extended/man-pages/man-pages_6.04.bb b/poky/meta/recipes-extended/man-pages/man-pages_6.05.01.bb
similarity index 91%
rename from poky/meta/recipes-extended/man-pages/man-pages_6.04.bb
rename to poky/meta/recipes-extended/man-pages/man-pages_6.05.01.bb
index fee57e3..2726ede 100644
--- a/poky/meta/recipes-extended/man-pages/man-pages_6.04.bb
+++ b/poky/meta/recipes-extended/man-pages/man-pages_6.05.01.bb
@@ -4,7 +4,7 @@
 HOMEPAGE = "http://www.kernel.org/pub/linux/docs/man-pages"
 LICENSE = "GPL-2.0-or-later & GPL-2.0-only & GPL-1.0-or-later & BSD-2-Clause & BSD-3-Clause & BSD-4-Clause & MIT"
 
-LIC_FILES_CHKSUM = "file://README;md5=5b7d7488344f5af8841dc13aaec49cdf \
+LIC_FILES_CHKSUM = "file://README;md5=cbd51cd3dd298230df8ddd4637e65c37 \
                     file://LICENSES/BSD-2-Clause.txt;md5=d0f280d1058e77e66264a9b9e10e6c89 \
                     file://LICENSES/BSD-3-Clause.txt;md5=71f739ef75581cae312e8c711bcdab16 \
                     file://LICENSES/BSD-4-Clause-UC.txt;md5=1da3cf8ad50cd8d5d1de3cfc53196d01 \
@@ -16,7 +16,7 @@
                     "
 SRC_URI = "${KERNELORG_MIRROR}/linux/docs/${BPN}/${BP}.tar.gz"
 
-SRC_URI[sha256sum] = "590623b99bf1f8ee958483c35cc0aaef2363e42998c4d927d1f705890d15d51e"
+SRC_URI[sha256sum] = "b2dd44ca0342b50923291f06bdba38c42438e10c04843ce1f731cf3f50631e0a"
 
 inherit manpages
 
diff --git a/poky/meta/recipes-extended/mingetty/mingetty_1.08.bb b/poky/meta/recipes-extended/mingetty/mingetty_1.08.bb
index 7a16c65..aa5a989 100644
--- a/poky/meta/recipes-extended/mingetty/mingetty_1.08.bb
+++ b/poky/meta/recipes-extended/mingetty/mingetty_1.08.bb
@@ -3,7 +3,6 @@
 HOMEPAGE = "http://sourceforge.net/projects/mingetty/"
 DESCRIPTION = "This is a small Linux console getty that is started on the Linux text console, asks for a login name and then tranfers over to login directory. Is extended to allow automatic login and starting any app."
 LICENSE = "GPL-2.0-only"
-PR = "r3"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=0c56db0143f4f80c369ee3af7425af6e"
 SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.gz"
diff --git a/poky/meta/recipes-extended/packagegroups/packagegroup-core-full-cmdline.bb b/poky/meta/recipes-extended/packagegroups/packagegroup-core-full-cmdline.bb
index b66617f..e9531fa 100644
--- a/poky/meta/recipes-extended/packagegroups/packagegroup-core-full-cmdline.bb
+++ b/poky/meta/recipes-extended/packagegroups/packagegroup-core-full-cmdline.bb
@@ -4,7 +4,6 @@
 
 SUMMARY = "Standard full-featured Linux system"
 DESCRIPTION = "Package group bringing in packages needed for a more traditional full-featured Linux system"
-PR = "r6"
 
 inherit packagegroup
 
diff --git a/poky/meta/recipes-extended/procps/procps/0001-po-fr.po-address-failures-with-gettext-0.22.patch b/poky/meta/recipes-extended/procps/procps/0001-po-fr.po-address-failures-with-gettext-0.22.patch
deleted file mode 100644
index 8055179..0000000
--- a/poky/meta/recipes-extended/procps/procps/0001-po-fr.po-address-failures-with-gettext-0.22.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 1d685477c254e5b10a81e32c87786e0f001b70f1 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Mon, 24 Jul 2023 18:06:51 +0200
-Subject: [PATCH] po/fr.po: address failures with gettext 0.22
-
-Specifically:
-| fr.1po:3027: 'msgstr' is not a valid C format string, unlike 'msgid'. Reason: In the directive number 4, the argument size specifier is invalid.
-| fr.1po:3820: 'msgstr' is not a valid C format string, unlike 'msgid'. Reason: In the directive number 1, the argument size specifier is invalid.
-
-Upstream-Status: Submitted [https://gitlab.com/procps-ng/procps/-/merge_requests/199]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- po/fr.po | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/po/fr.po b/po/fr.po
-index 715c2b69..700834e1 100644
---- a/po/fr.po
-+++ b/po/fr.po
-@@ -3800,7 +3800,7 @@ msgid ""
- "Type 'q' or <Esc> to continue "
- msgstr ""
- "Aide pour les commandes interactives~2 - %s\n"
--"Fenêtre ~1%s~6: ~1Mode cumulatif ~3%s~2.  ~1Système~6: ~1Délai ~3%.1lf "
-+"Fenêtre ~1%s~6: ~1Mode cumulatif ~3%s~2.  ~1Système~6: ~1Délai ~3%.1f "
- "secs~2; ~1Mode sûr ~3%s~2.\n"
- "\n"
- "  Z~5,~1B~5,E,e   Global: «~1Z~2» couleurs; «~1B~2» gras; «~1E~2»/«~1e~2» "
-@@ -4723,7 +4723,7 @@ msgstr " -v, --version  affiche les informations de version et sort\n"
- #: src/watch.c:486
- #, c-format
- msgid "Every %.1fs: "
--msgstr "Toutes les %.1lfs: "
-+msgstr "Toutes les %.1fs: "
- 
- #: src/watch.c:487
- #, c-format
diff --git a/poky/meta/recipes-extended/procps/procps/0001-src-w.c-use-utmp.h-only.patch b/poky/meta/recipes-extended/procps/procps/0001-src-w.c-use-utmp.h-only.patch
deleted file mode 100644
index 23c91ec..0000000
--- a/poky/meta/recipes-extended/procps/procps/0001-src-w.c-use-utmp.h-only.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From c41b3be62fbb78e0939fddaebad519360cbd8702 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Mon, 6 Mar 2023 09:27:57 +0100
-Subject: [PATCH] src/w.c: use only utmpx
-
-Nowadays this works both on musl and glibc systems, however on musl
-utmp.h is also needed to avoid the following failure:
-
-| ../git/src/w.c: In function 'print_from':
-| ../git/src/w.c:73:28: error: '__UT_HOSTSIZE' undeclared (first use in this function); did you mean 'UT_HOSTSIZE'?
-|    73 | #       define UT_HOSTSIZE __UT_HOSTSIZE
-|       |                            ^~~~~~~~~~~~~
-| ../git/src/w.c:233:64: note: in expansion of macro 'UT_HOSTSIZE'
-|   233 |                         print_display_or_interface(u->ut_host, UT_HOSTSIZE, fromlen - len);
-|       |                                                                ^~~~~~~~~~~
-|
-
-It is caused by including utmpx.h, but not utmp.h, which (on musl)
-lacks the needed definitions.
-
-I have verified that both musl and glibc based builds continue to work.
-
-Upstream-Status: Submitted [https://gitlab.com/procps-ng/procps/-/merge_requests/171]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
-
----
- src/w.c | 17 ++---------------
- 1 file changed, 2 insertions(+), 15 deletions(-)
-
-diff --git a/src/w.c b/src/w.c
-index 5e878f04..912c5df3 100644
---- a/src/w.c
-+++ b/src/w.c
-@@ -46,11 +46,8 @@
- #include <termios.h>
- #include <time.h>
- #include <unistd.h>
--#ifdef HAVE_UTMPX_H
--#	include <utmpx.h>
--#else
--#	include <utmp.h>
--#endif
-+#include <utmp.h>
-+#include <utmpx.h>
- #include <arpa/inet.h>
- 
- #include "c.h"
-@@ -63,17 +60,7 @@
- static int ignoreuser = 0;	/* for '-u' */
- static int oldstyle = 0;	/* for '-o' */
- 
--#ifdef HAVE_UTMPX_H
- typedef struct utmpx utmp_t;
--#else
--typedef struct utmp utmp_t;
--#endif
--
--#if !defined(UT_HOSTSIZE) || defined(__UT_HOSTSIZE)
--#	define UT_HOSTSIZE __UT_HOSTSIZE
--#	define UT_LINESIZE __UT_LINESIZE
--#	define UT_NAMESIZE __UT_NAMESIZE
--#endif
- 
- #ifdef W_SHOWFROM
- # define FROM_STRING "on"
diff --git a/poky/meta/recipes-extended/procps/procps/CVE-2023-4016.patch b/poky/meta/recipes-extended/procps/procps/CVE-2023-4016.patch
deleted file mode 100644
index 202fea9..0000000
--- a/poky/meta/recipes-extended/procps/procps/CVE-2023-4016.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 2c933ecba3bb1d3041a5a7a53a7b4078a6003413 Mon Sep 17 00:00:00 2001
-From: Craig Small <csmall@dropbear.xyz>
-Date: Thu, 10 Aug 2023 21:18:38 +1000
-Subject: [PATCH] ps: Fix possible buffer overflow in -C option
-
-ps allocates memory using malloc(length of arg * len of struct).
-In certain strange circumstances, the arg length could be very large
-and the multiplecation will overflow, allocating a small amount of
-memory.
-
-Subsequent strncpy() will then write into unallocated memory.
-The fix is to use calloc. It's slower but this is a one-time
-allocation. Other malloc(x * y) calls have also been replaced
-by calloc(x, y)
-
-References:
- https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016
- https://nvd.nist.gov/vuln/detail/CVE-2023-4016
- https://gitlab.com/procps-ng/procps/-/issues/297
- https://bugs.debian.org/1042887
-
-Signed-off-by: Craig Small <csmall@dropbear.xyz>
-
-CVE: CVE-2023-4016
-Upstream-Status: Backport [https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
----
- NEWS            | 1 +
- src/ps/parser.c | 8 ++++----
- 2 files changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/src/ps/parser.c b/src/ps/parser.c
-index 248aa741..15873dfa 100644
---- a/src/ps/parser.c
-+++ b/src/ps/parser.c
-@@ -189,7 +189,6 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s
-   const char *err;       /* error code that could or did happen */
-   /*** prepare to operate ***/
-   node = xmalloc(sizeof(selection_node));
--  node->u = xmalloc(strlen(arg)*sizeof(sel_union)); /* waste is insignificant */
-   node->n = 0;
-   buf = strdup(arg);
-   /*** sanity check and count items ***/
-@@ -210,6 +209,7 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s
-   } while (*++walk);
-   if(need_item) goto parse_error;
-   node->n = items;
-+  node->u = xcalloc(items, sizeof(sel_union));
-   /*** actually parse the list ***/
-   walk = buf;
-   while(items--){
-@@ -1050,15 +1050,15 @@ static const char *parse_trailing_pids(void){
-   thisarg = ps_argc - 1;   /* we must be at the end now */
- 
-   pidnode = xmalloc(sizeof(selection_node));
--  pidnode->u = xmalloc(i*sizeof(sel_union)); /* waste is insignificant */
-+  pidnode->u = xcalloc(i, sizeof(sel_union)); /* waste is insignificant */
-   pidnode->n = 0;
- 
-   grpnode = xmalloc(sizeof(selection_node));
--  grpnode->u = xmalloc(i*sizeof(sel_union)); /* waste is insignificant */
-+  grpnode->u = xcalloc(i,sizeof(sel_union)); /* waste is insignificant */
-   grpnode->n = 0;
- 
-   sidnode = xmalloc(sizeof(selection_node));
--  sidnode->u = xmalloc(i*sizeof(sel_union)); /* waste is insignificant */
-+  sidnode->u = xcalloc(i, sizeof(sel_union)); /* waste is insignificant */
-   sidnode->n = 0;
- 
-   while(i--){
--- 
-GitLab
-
diff --git a/poky/meta/recipes-extended/procps/procps_4.0.3.bb b/poky/meta/recipes-extended/procps/procps_4.0.4.bb
similarity index 93%
rename from poky/meta/recipes-extended/procps/procps_4.0.3.bb
rename to poky/meta/recipes-extended/procps/procps_4.0.4.bb
index 9ef679c..800384f 100644
--- a/poky/meta/recipes-extended/procps/procps_4.0.3.bb
+++ b/poky/meta/recipes-extended/procps/procps_4.0.4.bb
@@ -14,11 +14,8 @@
 
 SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https;branch=master \
            file://sysctl.conf \
-           file://0001-src-w.c-use-utmp.h-only.patch \
-           file://0001-po-fr.po-address-failures-with-gettext-0.22.patch \
-           file://CVE-2023-4016.patch \
            "
-SRCREV = "806eb270f217ff7e1e745c7bda2b002b5be74be4"
+SRCREV = "4ddcef2fd843170c8e2d59a83042978f41037a2b"
 
 S = "${WORKDIR}/git"
 
diff --git a/poky/meta/recipes-extended/screen/screen/0001-configure-Add-needed-system-headers-in-checks.patch b/poky/meta/recipes-extended/screen/screen/0001-configure-Add-needed-system-headers-in-checks.patch
deleted file mode 100644
index 8065994..0000000
--- a/poky/meta/recipes-extended/screen/screen/0001-configure-Add-needed-system-headers-in-checks.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-From 4e102de2e6204c1d8e8be00bb5ffd4587e70350c Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 15 Aug 2022 10:35:53 -0700
-Subject: [PATCH] configure: Add needed system headers in checks
-
-Newer compilers throw warnings when a funciton is used with implicit
-declaration and enabling -Werror can silently fail these tests and
-result in wrong configure results. Therefore add the needed headers in
-the AC_TRY_LINK macros
-
-	* configure.ac: Add missing system headers in AC_TRY_LINK.
-
-Upstream-Status: Submitted [https://lists.gnu.org/archive/html/screen-devel/2022-08/msg00000.html]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- configure.ac | 57 +++++++++++++++++++++++++++++++++++++++-------------
- 1 file changed, 43 insertions(+), 14 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index c0f02df..d308079 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -233,6 +233,7 @@ AC_CHECKING(BSD job jontrol)
- AC_TRY_LINK(
- [#include <sys/types.h>
- #include <sys/ioctl.h>
-+#include <unistd.h>
- ], [
- #ifdef POSIX
- tcsetpgrp(0, 0);
-@@ -250,12 +251,16 @@ dnl
- dnl    ****  setresuid(), setreuid(), seteuid()  ****
- dnl
- AC_CHECKING(setresuid)
--AC_TRY_LINK(,[
--setresuid(0, 0, 0);
-+AC_TRY_LINK([
-+#include <unistd.h>
-+],[
-+return setresuid(0, 0, 0);
- ], AC_DEFINE(HAVE_SETRESUID))
- AC_CHECKING(setreuid)
--AC_TRY_LINK(,[
--setreuid(0, 0);
-+AC_TRY_LINK([
-+#include <unistd.h>
-+],[
-+return setreuid(0, 0);
- ], AC_DEFINE(HAVE_SETREUID))
- dnl
- dnl seteuid() check:
-@@ -274,7 +279,9 @@ seteuid(0);
- 
- dnl execvpe
- AC_CHECKING(execvpe)
--AC_TRY_LINK(,[
-+AC_TRY_LINK([
-+    #include <unistd.h>
-+],[
-     execvpe(0, 0, 0);
- ], AC_DEFINE(HAVE_EXECVPE)
- CFLAGS="$CFLAGS -D_GNU_SOURCE")
-@@ -284,10 +291,18 @@ dnl    ****  select()  ****
- dnl
- 
- AC_CHECKING(select)
--AC_TRY_LINK(,[select(0, 0, 0, 0, 0);],, 
-+AC_TRY_LINK([
-+    #include <sys/select.h>
-+],[
-+    select(0, 0, 0, 0, 0);
-+],, 
- LIBS="$LIBS -lnet -lnsl"
- AC_CHECKING(select with $LIBS)
--AC_TRY_LINK(,[select(0, 0, 0, 0, 0);],, 
-+AC_TRY_LINK([
-+    #include <sys/select.h>
-+],[
-+    select(0, 0, 0, 0, 0);
-+],, 
- AC_MSG_ERROR(!!! no select - no screen))
- )
- dnl
-@@ -624,11 +639,19 @@ dnl
- dnl    ****  termcap or terminfo  ****
- dnl
- AC_CHECKING(for tgetent)
--AC_TRY_LINK(,tgetent((char *)0, (char *)0);,,
-+AC_TRY_LINK([
-+    #include <curses.h>
-+    #include <term.h>
-+],[
-+    tgetent((char *)0, (char *)0);
-+],,
- olibs="$LIBS"
- LIBS="-lcurses $olibs"
- AC_CHECKING(libcurses)
--AC_TRY_LINK(,[
-+AC_TRY_LINK([
-+    #include <curses.h>
-+    #include <term.h>
-+],[
- #ifdef __hpux
- __sorry_hpux_libcurses_is_totally_broken_in_10_10();
- #else
-@@ -871,7 +894,7 @@ test -f /usr/lib/libutil.a && LIBS="$LIBS -lutil"
- fi
- 
- AC_CHECKING(getloadavg)
--AC_TRY_LINK(,[getloadavg((double *)0, 0);],
-+AC_TRY_LINK([#include <stdlib.h>],[getloadavg((double *)0, 0);],
- AC_DEFINE(LOADAV_GETLOADAVG) load=1,
- if test "$cross_compiling" = no && test -f /usr/lib/libkvm.a ; then
- olibs="$LIBS"
-@@ -1109,10 +1132,10 @@ AC_CHECKING(IRIX sun library)
- AC_TRY_LINK(,,,LIBS="$oldlibs")
- 
- AC_CHECKING(syslog)
--AC_TRY_LINK(,[closelog();], , [oldlibs="$LIBS"
-+AC_TRY_LINK([#include <syslog.h>],[closelog();], , [oldlibs="$LIBS"
- LIBS="$LIBS -lbsd"
- AC_CHECKING(syslog in libbsd.a)
--AC_TRY_LINK(, [closelog();], AC_NOTE(- found.), [LIBS="$oldlibs"
-+AC_TRY_LINK([#include <syslog.h>], [closelog();], AC_NOTE(- found.), [LIBS="$oldlibs"
- AC_NOTE(- bad news: syslog missing.) AC_DEFINE(NOSYSLOG)])])
- 
- AC_EGREP_CPP(YES_IS_DEFINED,
-@@ -1149,7 +1172,7 @@ AC_CHECKING(getspnam)
- AC_TRY_LINK([#include <shadow.h>], [getspnam("x");],AC_DEFINE(SHADOWPW))
- 
- AC_CHECKING(getttyent)
--AC_TRY_LINK(,[getttyent();], AC_DEFINE(GETTTYENT))
-+AC_TRY_LINK([#include <ttyent.h>],[getttyent();], AC_DEFINE(GETTTYENT))
- 
- AC_CHECKING(fdwalk)
- AC_TRY_LINK([#include <stdlib.h>], [fdwalk(NULL, NULL);],AC_DEFINE(HAVE_FDWALK))
-@@ -1204,7 +1227,13 @@ main() {
- AC_SYS_LONG_FILE_NAMES
- 
- AC_MSG_CHECKING(for vsprintf)
--AC_TRY_LINK([#include <stdarg.h>],[va_list valist; vsprintf(0,0,valist);], AC_MSG_RESULT(yes);AC_DEFINE(USEVARARGS), AC_MSG_RESULT(no))
-+AC_TRY_LINK([
-+    #include <stdarg.h>
-+    #include <stdio.h>
-+],[
-+   va_list valist;
-+   vsprintf(0,0,valist);
-+], AC_MSG_RESULT(yes);AC_DEFINE(USEVARARGS), AC_MSG_RESULT(no))
- 
- AC_HEADER_DIRENT
- 
diff --git a/poky/meta/recipes-extended/screen/screen/signal-permission.patch b/poky/meta/recipes-extended/screen/screen/signal-permission.patch
deleted file mode 100644
index 77dc649..0000000
--- a/poky/meta/recipes-extended/screen/screen/signal-permission.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001
-From: Alexander Naumov <alexander_naumov@opensuse.org>
-Date: Mon, 30 Jan 2023 17:22:25 +0200
-Subject: fix: missing signal sending permission check on failed query messages
-
-Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
-
-CVE: CVE-2023-24626
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
----
- src/socket.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/src/socket.c b/src/socket.c
-index 147dc54..54d8cb8 100644
---- a/socket.c
-+++ b/socket.c
-@@ -1285,11 +1285,16 @@ ReceiveMsg()
-           else
-             queryflag = -1;
- 
--          Kill(m.m.command.apid,
-+          if (CheckPid(m.m.command.apid)) {
-+            Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
-+          }
-+          else {
-+            Kill(m.m.command.apid,
-                (queryflag >= 0)
-                    ? SIGCONT
-                    : SIG_BYE); /* Send SIG_BYE if an error happened */
--          queryflag = -1;
-+            queryflag = -1;
-+          }
-         }
-         break;
-       case MSG_COMMAND:
--- 
-cgit v1.1
-
diff --git a/poky/meta/recipes-extended/screen/screen_4.9.0.bb b/poky/meta/recipes-extended/screen/screen_4.9.1.bb
similarity index 89%
rename from poky/meta/recipes-extended/screen/screen_4.9.0.bb
rename to poky/meta/recipes-extended/screen/screen_4.9.1.bb
index 235cd8c..7b040e6 100644
--- a/poky/meta/recipes-extended/screen/screen_4.9.0.bb
+++ b/poky/meta/recipes-extended/screen/screen_4.9.1.bb
@@ -21,11 +21,9 @@
            file://0002-comm.h-now-depends-on-term.h.patch \
            file://0001-fix-for-multijob-build.patch \
            file://0001-Remove-more-compatibility-stuff.patch \
-           file://0001-configure-Add-needed-system-headers-in-checks.patch \
-           file://signal-permission.patch \
            "
 
-SRC_URI[sha256sum] = "f9335281bb4d1538ed078df78a20c2f39d3af9a4e91c57d084271e0289c730f4"
+SRC_URI[sha256sum] = "26cef3e3c42571c0d484ad6faf110c5c15091fbf872b06fa7aa4766c7405ac69"
 
 inherit autotools texinfo
 
diff --git a/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch b/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch
index 37ba5f3..89f9c05 100644
--- a/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch
+++ b/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch
@@ -7,7 +7,7 @@
     Login timed out message prints only first few bytes when write is immediately followed by exit.
     Calling exit from new handler provides enough time to display full message.
 
-Upstream-Status: Accepted [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c]
+Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c]
 
 diff --git a/src/login.c b/src/login.c
 index 116e2cb3..c55f4de0 100644
diff --git a/poky/meta/recipes-extended/shadow/shadow-securetty_4.6.bb b/poky/meta/recipes-extended/shadow/shadow-securetty_4.6.bb
index c78f888..fe51ea1 100644
--- a/poky/meta/recipes-extended/shadow/shadow-securetty_4.6.bb
+++ b/poky/meta/recipes-extended/shadow/shadow-securetty_4.6.bb
@@ -5,7 +5,6 @@
 
 INHIBIT_DEFAULT_DEPS = "1"
 
-PR = "r3"
 
 SRC_URI = "file://securetty"
 
diff --git a/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb b/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
index 6580bd9..00ab58b 100644
--- a/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
+++ b/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
@@ -7,7 +7,6 @@
 
 DEPENDS = "base-passwd"
 
-PR = "r3"
 
 # The sole purpose of this recipe is to provide the /etc/login.defs
 # file for the target sysroot - needed so the shadow-native utilities
diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng_0.16.04.bb b/poky/meta/recipes-extended/stress-ng/stress-ng_0.16.05.bb
similarity index 94%
rename from poky/meta/recipes-extended/stress-ng/stress-ng_0.16.04.bb
rename to poky/meta/recipes-extended/stress-ng/stress-ng_0.16.05.bb
index af84339..1a1e9e4 100644
--- a/poky/meta/recipes-extended/stress-ng/stress-ng_0.16.04.bb
+++ b/poky/meta/recipes-extended/stress-ng/stress-ng_0.16.05.bb
@@ -7,7 +7,7 @@
 
 SRC_URI = "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master \
            "
-SRCREV = "95777d7cf32de9fc88c452a968ae2ae23ed269c2"
+SRCREV = "aea6f3306f4676a7f7e8d8c507f811ef3d0244c5"
 S = "${WORKDIR}/git"
 
 DEPENDS = "coreutils-native libbsd"
diff --git a/poky/meta/recipes-extended/sysstat/sysstat/0001-configure.in-remove-check-for-chkconfig.patch b/poky/meta/recipes-extended/sysstat/sysstat/0001-configure.in-remove-check-for-chkconfig.patch
index 4067bb9..84383f9 100644
--- a/poky/meta/recipes-extended/sysstat/sysstat/0001-configure.in-remove-check-for-chkconfig.patch
+++ b/poky/meta/recipes-extended/sysstat/sysstat/0001-configure.in-remove-check-for-chkconfig.patch
@@ -1,7 +1,7 @@
 From 1590cc614aaf0fb81cd804414d6c9d5a9227352c Mon Sep 17 00:00:00 2001
 From: Wenlin Kang <wenlin.kang@windriver.com>
 Date: Tue, 5 Nov 2019 16:16:44 +0800
-Subject: [PATCH] configure.in: remove check for chkconfig
+Subject: [PATCH] configure.ac: remove check for chkconfig
 
 chkconfig can't work on cross-platform, so should remove check for it.
 
@@ -9,13 +9,13 @@
 
 Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
 ---
- configure.in | 3 ++-
+ configure.ac | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)
 
-diff --git a/configure.in b/configure.in
+diff --git a/configure.ac b/configure.ac
 index 48b9a31..cedeb43 100644
---- a/configure.in
-+++ b/configure.in
+--- a/configure.ac
++++ b/configure.ac
 @@ -42,7 +42,8 @@ AC_SUBST(VER_JSON)
  AC_SUBST(VER_XML)
  
diff --git a/poky/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch b/poky/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch
deleted file mode 100644
index a7b51f3..0000000
--- a/poky/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 0764cb56df4a5afdf04980c9eb6735f789f5aa42 Mon Sep 17 00:00:00 2001
-From: Pavel Kopylov <pkopylov@cloudlinux.com>
-Date: Wed, 17 May 2023 11:33:45 +0200
-Subject: [PATCH] Fix an overflow which is still possible for some values.
-
-CVE: CVE-2023-33204
-Upstream-Status: Backport [https://github.com/sysstat/sysstat/commit/954ff2e2673c]
-
-Backport Changes:
-Adopt additional changes as per following merge commit of pull request:
-https://github.com/sysstat/sysstat/commit/6f8dc568e6ab
-
-Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
-Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
----
- common.c | 14 ++++++++------
- 1 file changed, 8 insertions(+), 6 deletions(-)
-
-diff --git a/common.c b/common.c
-index a3d31a5..138920c 100644
---- a/common.c
-+++ b/common.c
-@@ -447,15 +447,17 @@ int check_dir(char *dirname)
- void check_overflow(unsigned int val1, unsigned int val2,
- 		    unsigned int val3)
- {
--	if ((unsigned long long) val1 * (unsigned long long) val2 *
--	    (unsigned long long) val3 > UINT_MAX) {
-+	if ((val1 != 0) && (val2 != 0) && (val3 != 0) &&
-+		(((unsigned long long)UINT_MAX / (unsigned long long)val1 <
-+		(unsigned long long)val2) ||
-+		((unsigned long long)UINT_MAX / ((unsigned long long)val1 *
-+		(unsigned long long)val2) < (unsigned long long)val3))) {
- #ifdef DEBUG
--		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
--			__FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 *
--			(unsigned long long) val3);
-+		fprintf(stderr, "%s: Overflow detected (%u,%u,%u). Aborting...\n",
-+			__FUNCTION__, val1, val2, val3);
- #endif
- 	exit(4);
--		}
-+	}
- }
- 
- #ifndef SOURCE_SADC
diff --git a/poky/meta/recipes-extended/sysstat/sysstat_12.6.2.bb b/poky/meta/recipes-extended/sysstat/sysstat_12.6.2.bb
deleted file mode 100644
index b5014ea..0000000
--- a/poky/meta/recipes-extended/sysstat/sysstat_12.6.2.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-require sysstat.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb"
-
-SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \
-            file://CVE-2023-33204.patch \
-            "
-
-SRC_URI[sha256sum] = "3e77134aedaa6fc57d9745da67edfd8990e19adee71ac47196229261c563fb48"
diff --git a/poky/meta/recipes-extended/sysstat/sysstat.inc b/poky/meta/recipes-extended/sysstat/sysstat_12.7.4.bb
similarity index 85%
rename from poky/meta/recipes-extended/sysstat/sysstat.inc
rename to poky/meta/recipes-extended/sysstat/sysstat_12.7.4.bb
index 7733772..134fd5c 100644
--- a/poky/meta/recipes-extended/sysstat/sysstat.inc
+++ b/poky/meta/recipes-extended/sysstat/sysstat_12.7.4.bb
@@ -1,20 +1,24 @@
 SUMMARY = "System performance tools"
 DESCRIPTION = "The sysstat utilities are a collection of performance monitoring tools for Linux."
-HOMEPAGE = "http://sebastien.godard.pagesperso-orange.fr/"
+HOMEPAGE = "https://sysstat.github.io/"
 LICENSE = "GPL-2.0-or-later"
 SECTION = "console/utils"
 
-SRC_URI = "http://pagesperso-orange.fr/sebastien.godard/${BP}.tar.xz \
+SRC_URI = "git://github.com/sysstat/sysstat.git;protocol=https;branch=master \
            file://99_sysstat \
            file://sysstat.service \
+           file://0001-configure.in-remove-check-for-chkconfig.patch \
           "
 
-UPSTREAM_CHECK_URI = "http://sebastien.godard.pagesperso-orange.fr/download.html"
+LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb"
+
+SRCREV = "1df0d61306ae826c896a5cf6f665d58c671c0498"
+S = "${WORKDIR}/git"
 
 DEPENDS += "base-passwd"
 
 # autotools-brokensep as this package doesn't use automake
-inherit autotools-brokensep gettext systemd upstream-version-is-even
+inherit autotools-brokensep gettext systemd
 
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
 PACKAGECONFIG[lm-sensors] = "--enable-sensors,--disable-sensors,lmsensors,lmsensors-libsensors"
@@ -69,3 +73,4 @@
 FILES:${PN} += "${systemd_system_unitdir} ${nonarch_base_libdir}/systemd"
 
 TARGET_CC_ARCH += "${LDFLAGS}"
+
diff --git a/poky/meta/recipes-extended/tar/tar/0001-tests-fix-TESTSUITE_AT.patch b/poky/meta/recipes-extended/tar/tar/0001-tests-fix-TESTSUITE_AT.patch
new file mode 100644
index 0000000..27d4d9a
--- /dev/null
+++ b/poky/meta/recipes-extended/tar/tar/0001-tests-fix-TESTSUITE_AT.patch
@@ -0,0 +1,228 @@
+From 39849e9d91f477d3fb839f93cd0815d0cb3273e9 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Tue, 18 Jul 2023 09:15:03 -0700
+Subject: tests: fix TESTSUITE_AT
+
+Problem reported by Lukas Javorsky <ljavorsk@redhat.com> in:
+https://lists.gnu.org/r/bug-tar/2023-07/msg00002.html
+* tests/Makefile.am (TESTSUITE_AT): Add exclude17.at, exclude18.at.
+Remove compress.m4; all uses changed.  Add a comment saying how
+to rederive this.  Sort.
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/tar.git/commit/?id=39849e9d91f477d3fb839f93cd0815d0cb3273e9]
+---
+ tests/Makefile.am | 93 ++++++++++++++++++++++++++++---------------------------
+ 1 file changed, 48 insertions(+), 45 deletions(-)
+
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 4a8f501..1884b72 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -45,21 +45,24 @@ $(srcdir)/package.m4: $(top_srcdir)/configure.ac
+ ## Test suite.  ##
+ ## ------------ ##
+ 
++# You can generate the body of this macro with the following shell command:
++# LC_ALL=C ls *.at */*.at | sed -e 's/^/ /' -e '$!s/$/\\/'
+ TESTSUITE_AT = \
+- testsuite.at\
+- compress.m4\
+  T-cd.at\
+  T-dir00.at\
+  T-dir01.at\
+  T-empty.at\
++ T-mult.at\
++ T-nest.at\
++ T-nonl.at\
+  T-null.at\
+  T-null2.at\
+  T-rec.at\
+  T-recurse.at\
+  T-zfile.at\
+- T-nonl.at\
+- T-mult.at\
+- T-nest.at\
++ acls01.at\
++ acls02.at\
++ acls03.at\
+  add-file.at\
+  append.at\
+  append01.at\
+@@ -68,14 +71,15 @@ TESTSUITE_AT = \
+  append04.at\
+  append05.at\
+  backup01.at\
+- chtype.at\
+- comprec.at\
+- comperr.at\
++ capabs_raw01.at\
+  checkpoint/defaults.at\
+- checkpoint/interval.at\
+- checkpoint/dot.at\
+  checkpoint/dot-compat.at\
+  checkpoint/dot-int.at\
++ checkpoint/dot.at\
++ checkpoint/interval.at\
++ chtype.at\
++ comperr.at\
++ comprec.at\
+  delete01.at\
+  delete02.at\
+  delete03.at\
+@@ -83,6 +87,8 @@ TESTSUITE_AT = \
+  delete05.at\
+  delete06.at\
+  difflink.at\
++ dirrem01.at\
++ dirrem02.at\
+  exclude.at\
+  exclude01.at\
+  exclude02.at\
+@@ -100,6 +106,8 @@ TESTSUITE_AT = \
+  exclude14.at\
+  exclude15.at\
+  exclude16.at\
++ exclude17.at\
++ exclude18.at\
+  extrac01.at\
+  extrac02.at\
+  extrac03.at\
+@@ -127,11 +135,9 @@ TESTSUITE_AT = \
+  extrac25.at\
+  filerem01.at\
+  filerem02.at\
+- dirrem01.at\
+- dirrem02.at\
+- gzip.at\
+  grow.at\
+- incremental.at\
++ gzip.at\
++ ignfail.at\
+  incr01.at\
+  incr02.at\
+  incr03.at\
+@@ -143,8 +149,8 @@ TESTSUITE_AT = \
+  incr09.at\
+  incr10.at\
+  incr11.at\
++ incremental.at\
+  indexfile.at\
+- ignfail.at\
+  label01.at\
+  label02.at\
+  label03.at\
+@@ -188,22 +194,16 @@ TESTSUITE_AT = \
+  opcomp04.at\
+  opcomp05.at\
+  opcomp06.at\
+- positional01.at\
+- positional02.at\
+- positional03.at\
+  options.at\
+  options02.at\
+  options03.at\
+  owner.at\
+  pipe.at\
+- recurse.at\
++ positional01.at\
++ positional02.at\
++ positional03.at\
+  recurs02.at\
+- rename01.at\
+- rename02.at\
+- rename03.at\
+- rename04.at\
+- rename05.at\
+- rename06.at\
++ recurse.at\
+  remfiles01.at\
+  remfiles02.at\
+  remfiles03.at\
+@@ -226,11 +226,19 @@ TESTSUITE_AT = \
+  remfiles09b.at\
+  remfiles09c.at\
+  remfiles10.at\
++ rename01.at\
++ rename02.at\
++ rename03.at\
++ rename04.at\
++ rename05.at\
++ rename06.at\
+  same-order01.at\
+  same-order02.at\
++ selacl01.at\
++ selnx01.at\
+  shortfile.at\
+- shortupd.at\
+  shortrec.at\
++ shortupd.at\
+  sigpipe.at\
+  sparse01.at\
+  sparse02.at\
+@@ -247,6 +255,13 @@ TESTSUITE_AT = \
+  sptrcreat.at\
+  sptrdiff00.at\
+  sptrdiff01.at\
++ star/gtarfail.at\
++ star/gtarfail2.at\
++ star/multi-fail.at\
++ star/pax-big-10g.at\
++ star/ustar-big-2g.at\
++ star/ustar-big-8g.at\
++ testsuite.at\
+  time01.at\
+  time02.at\
+  truncate.at\
+@@ -255,21 +270,11 @@ TESTSUITE_AT = \
+  update02.at\
+  update03.at\
+  update04.at\
+- volsize.at\
+- volume.at\
+  verbose.at\
+  verify.at\
+  version.at\
+- xform-h.at\
+- xform01.at\
+- xform02.at\
+- xform03.at\
+- star/gtarfail.at\
+- star/gtarfail2.at\
+- star/multi-fail.at\
+- star/ustar-big-2g.at\
+- star/ustar-big-8g.at\
+- star/pax-big-10g.at\
++ volsize.at\
++ volume.at\
+  xattr01.at\
+  xattr02.at\
+  xattr03.at\
+@@ -278,12 +283,10 @@ TESTSUITE_AT = \
+  xattr06.at\
+  xattr07.at\
+  xattr08.at\
+- acls01.at\
+- acls02.at\
+- acls03.at\
+- selnx01.at\
+- selacl01.at\
+- capabs_raw01.at
++ xform-h.at\
++ xform01.at\
++ xform02.at\
++ xform03.at
+ 
+ distclean-local:
+ 	-rm -rf download
+@@ -291,7 +294,7 @@ distclean-local:
+ TESTSUITE = $(srcdir)/testsuite
+ 
+ AUTOTEST = $(AUTOM4TE) --language=autotest
+-$(TESTSUITE): package.m4 $(TESTSUITE_AT)
++$(TESTSUITE): compress.m4 package.m4 $(TESTSUITE_AT)
+ 	$(AUTOTEST) -I $(srcdir) testsuite.at -o $@.tmp
+ 	mv $@.tmp $@
+ 
+-- 
+cgit v1.1
+
diff --git a/poky/meta/recipes-extended/tar/tar/0002-tests-check-for-recently-fixed-bug.patch b/poky/meta/recipes-extended/tar/tar/0002-tests-check-for-recently-fixed-bug.patch
new file mode 100644
index 0000000..6cd8c55
--- /dev/null
+++ b/poky/meta/recipes-extended/tar/tar/0002-tests-check-for-recently-fixed-bug.patch
@@ -0,0 +1,60 @@
+From 0f0722df45ec520d0dac7c9ad7e69165e9140931 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Fri, 7 Oct 2022 15:22:07 -0700
+Subject: tests: check for recently-fixed bug
+
+* tests/exclude17.at: New file.
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/tar.git/commit/?id=0f0722df45ec520d0dac7c9ad7e69165e9140931]
+
+Signed-off-by: Qiu Tingting <qiutt@fujitsu.com>
+
+---
+ tests/exclude17.at | 35 +++++++++++++++++++++++++++++++++++
+ 1 files changed, 35 insertions(+)
+ create mode 100644 tests/exclude17.at
+
+diff --git a/tests/exclude17.at b/tests/exclude17.at
+new file mode 100644
+index 0000000..4162b2b
+--- /dev/null
++++ b/tests/exclude17.at
+@@ -0,0 +1,35 @@
++# Process this file with autom4te to create testsuite. -*- Autotest -*-
++#
++# Test suite for GNU tar.
++# Copyright 2013-2022 Free Software Foundation, Inc.
++
++# This file is part of GNU tar.
++
++# GNU tar is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3 of the License, or
++# (at your option) any later version.
++
++# GNU tar is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++AT_SETUP([--exclude-vcs-ignores memory allocation])
++AT_KEYWORDS([exclude exclude17])
++
++AT_TAR_CHECK([
++mkdir dir
++cd dir
++echo '*.o' >.cvsignore
++tar -cf - --exclude-vcs-ignores . | tar -tf -
++],
++[0],
++[./
++./.cvsignore
++])
++
++AT_CLEANUP
+-- 
+cgit v1.1
+
diff --git a/poky/meta/recipes-extended/tar/tar/0003-Exclude-VCS-directory-with-writing-from-an-archive.patch b/poky/meta/recipes-extended/tar/tar/0003-Exclude-VCS-directory-with-writing-from-an-archive.patch
new file mode 100644
index 0000000..577a9ba
--- /dev/null
+++ b/poky/meta/recipes-extended/tar/tar/0003-Exclude-VCS-directory-with-writing-from-an-archive.patch
@@ -0,0 +1,112 @@
+From 4f814e0e4c673f86dc65a557f7e55f6b5efd1529 Mon Sep 17 00:00:00 2001
+From: Anton Makrushin <makrusan@gmail.com>
+Date: Mon, 20 Mar 2023 20:05:42 +0530
+Subject: Exclude VCS directory with writing from an archive
+
+See https://savannah.gnu.org/bugs/?62859
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/tar.git/commit/?id=4f814e0e4c673f86dc65a557f7e55f6b5efd1529]
+
+Signed-off-by: Qiu Tingting <qiutt@fujitsu.com>
+
+---
+ tests/exclude18.at | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 files changed, 87 insertions(+)
+ create mode 100644 tests/exclude18.at
+
+diff --git a/tests/exclude18.at b/tests/exclude18.at
+new file mode 100644
+index 0000000..64aaa52
+--- /dev/null
++++ b/tests/exclude18.at
+@@ -0,0 +1,87 @@
++# Process this file with autom4te to create testsuite. -*- Autotest -*-
++
++# Test suite for GNU tar.
++# Copyright 2004-2023 Free Software Foundation, Inc.
++
++# This file is part of GNU tar.
++
++# GNU tar is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3 of the License, or
++# (at your option) any later version.
++
++# GNU tar is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++# Test --exclude-vcs option with subcommands: EXTRACT, LIST, DIFF.
++# Check VCS directory with files, and empty.
++#
++# Ref: https://savannah.gnu.org/bugs/?62859
++# Wed 03 Aug 2022 04:06:28 PM UTC, original submission:  Quote
++# Mohamed Akram <mohdakram>
++# > The --exclude-vcs flag seems to exclude .gitignore but not .git when
++# extracting.
++
++AT_SETUP([--exclude-vcs extract list compare])
++AT_KEYWORDS([exclude-vcs extract list compare exclude18])
++
++AT_TAR_CHECK([
++AT_SORT_PREREQ
++mkdir gitrepo
++cd gitrepo
++
++# Make an empty VCS directory:
++mkdir .svn
++
++# Make a VCS directory with a file:
++mkdir .git
++touch .git/_A
++
++# Make a VCS file:
++touch .gitignore
++
++# Make non-VCS files:
++touch .git_B
++touch _C
++
++# Create an archive, include VCS:
++cd ..
++tar -cf gitrepo.tar gitrepo
++rm -r gitrepo
++
++echo Extract:
++tar -xvf gitrepo.tar --exclude-vcs | sort
++
++echo
++echo List:
++tar -tf gitrepo.tar --exclude-vcs | sort
++
++echo
++echo Diff:
++tar -dvf gitrepo.tar --exclude-vcs gitrepo | sort
++
++],
++[0],
++[Extract:
++gitrepo/
++gitrepo/.git_B
++gitrepo/_C
++
++List:
++gitrepo/
++gitrepo/.git_B
++gitrepo/_C
++
++Diff:
++gitrepo/
++gitrepo/.git_B
++gitrepo/_C
++],
++[])
++
++AT_CLEANUP
+-- 
+cgit v1.1
+
diff --git a/poky/meta/recipes-extended/tar/tar/run-ptest b/poky/meta/recipes-extended/tar/tar/run-ptest
new file mode 100644
index 0000000..185b33d
--- /dev/null
+++ b/poky/meta/recipes-extended/tar/tar/run-ptest
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# Define tar test work dir
+WORKDIR=@PTEST_PATH@/tests/
+
+# Run test
+cd ${WORKDIR}
+./atconfig ./atlocal ./testsuite
+
+# clear log
+rm -rf testsuite.dir
+rm -rf testsuite.log
+
+./testsuite --am-fmt
diff --git a/poky/meta/recipes-extended/tar/tar_1.35.bb b/poky/meta/recipes-extended/tar/tar_1.35.bb
index 4dbd418..c7bd1d1 100644
--- a/poky/meta/recipes-extended/tar/tar_1.35.bb
+++ b/poky/meta/recipes-extended/tar/tar_1.35.bb
@@ -42,6 +42,40 @@
     fi
 }
 
+# add for ptest support
+SRC_URI += " \
+    file://run-ptest \
+    file://0001-tests-fix-TESTSUITE_AT.patch \
+    file://0002-tests-check-for-recently-fixed-bug.patch \
+    file://0003-Exclude-VCS-directory-with-writing-from-an-archive.patch \
+"
+
+inherit ptest
+
+do_compile_ptest() {
+    oe_runmake -C ${B}/gnu/ check
+    oe_runmake -C ${B}/lib/ check
+    oe_runmake -C ${B}/rmt/ check
+    oe_runmake -C ${B}/src/ check
+    rm -rf ${S}/tests/testsuite
+    oe_runmake -C ${B}/tests/ testsuite
+    oe_runmake -C ${B}/tests/ genfile checkseekhole ckmtime
+}
+
+do_install_ptest() {
+    install -d ${D}${PTEST_PATH}/tests/
+    install --mode=755 ${B}/tests/atconfig ${D}${PTEST_PATH}/tests/
+    sed -i "/abs_/d" ${D}${PTEST_PATH}/tests/atconfig
+    echo "abs_builddir=${PTEST_PATH}/tests/" >> ${D}${PTEST_PATH}/tests/atconfig
+    install --mode=755 ${B}/tests/atlocal ${D}${PTEST_PATH}/tests/
+    sed -i "/PATH=/d" ${D}${PTEST_PATH}/tests/atlocal
+    install --mode=755 ${B}/tests/genfile ${D}${PTEST_PATH}/tests/
+    install --mode=755 ${B}/tests/checkseekhole ${D}${PTEST_PATH}/tests/
+    install --mode=755 ${B}/tests/ckmtime ${D}${PTEST_PATH}/tests/
+    install --mode=755 ${S}/tests/testsuite ${D}${PTEST_PATH}/tests/
+    sed -i "s#@PTEST_PATH@#${PTEST_PATH}#g" ${D}${PTEST_PATH}/run-ptest
+}
+
 PACKAGES =+ "${PN}-rmt"
 
 FILES:${PN}-rmt = "${sbindir}/rmt*"
diff --git a/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb b/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb
index 8137d25..c655da1 100644
--- a/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb
+++ b/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb
@@ -6,7 +6,6 @@
 
 LICENSE = "BSD-1-Clause"
 LIC_FILES_CHKSUM = "file://DISCLAIMER;md5=071bd69cb78b18888ea5e3da5c3127fa"
-PR ="r10"
 
 DEPENDS += "libnsl2"
 
diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
index a53663d..27076d5 100644
--- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -5,7 +5,6 @@
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=94caec5a51ef55ef711ee4e8b1c69e29"
 PE = "1"
-PR = "r5"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/unzip60.tar.gz \
 	file://avoid-strip.patch \
diff --git a/poky/meta/recipes-extended/watchdog/watchdog_5.16.bb b/poky/meta/recipes-extended/watchdog/watchdog_5.16.bb
index 6031dca..5325cca 100644
--- a/poky/meta/recipes-extended/watchdog/watchdog_5.16.bb
+++ b/poky/meta/recipes-extended/watchdog/watchdog_5.16.bb
@@ -21,7 +21,6 @@
 
 # Can be dropped when the output next changes, avoids failures after
 # reproducibility issues
-PR = "r1"
 
 UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/watchdog/files/watchdog/"
 UPSTREAM_CHECK_REGEX = "/watchdog/(?P<pver>(\d+[\.\-_]*)+)/"
diff --git a/poky/meta/recipes-extended/which/which_2.21.bb b/poky/meta/recipes-extended/which/which_2.21.bb
index c8a5073..7786137 100644
--- a/poky/meta/recipes-extended/which/which_2.21.bb
+++ b/poky/meta/recipes-extended/which/which_2.21.bb
@@ -13,7 +13,6 @@
 
 inherit autotools texinfo update-alternatives
 
-PR = "r3"
 
 EXTRA_OECONF = "--disable-iberty"
 
diff --git a/poky/meta/recipes-extended/zip/zip_3.0.bb b/poky/meta/recipes-extended/zip/zip_3.0.bb
index 3425e8e..70df5ab 100644
--- a/poky/meta/recipes-extended/zip/zip_3.0.bb
+++ b/poky/meta/recipes-extended/zip/zip_3.0.bb
@@ -6,7 +6,6 @@
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=04d43c5d70b496c032308106e26ae17d"
 
-PR = "r2"
 
 S = "${WORKDIR}/zip30"
 
diff --git a/poky/meta/recipes-gnome/gnome/adwaita-icon-theme/0001-Don-t-use-AC_CANONICAL_HOST.patch b/poky/meta/recipes-gnome/gnome/adwaita-icon-theme/0001-Don-t-use-AC_CANONICAL_HOST.patch
deleted file mode 100644
index 0a1487f..0000000
--- a/poky/meta/recipes-gnome/gnome/adwaita-icon-theme/0001-Don-t-use-AC_CANONICAL_HOST.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From e1a12b73c25d1ad0f267b22ac5d799bc1fbd0fa4 Mon Sep 17 00:00:00 2001
-From: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Date: Tue, 30 May 2017 14:55:49 +0300
-Subject: [PATCH] Don't use AC_CANONICAL_HOST
-
-This won't work when building allarch (and is only used to find out if
-target is windows).
-
-Upstream-Status: Inappropriate [embedded specific]
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
-
----
- configure.ac | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 6ddc49b..39752bb 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -3,7 +3,6 @@ AC_PREREQ(2.53)
- 
- AC_INIT([adwaita-icon-theme], [43],
-         [http://bugzilla.gnome.org/enter_bug.cgi?product=adwaita-icon-theme])
--AC_CANONICAL_HOST
- AC_CONFIG_MACRO_DIR([m4])
- AC_CONFIG_SRCDIR([index.theme.in])
- 
diff --git a/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_43.bb b/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_43.bb
deleted file mode 100644
index 8cb4d14..0000000
--- a/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_43.bb
+++ /dev/null
@@ -1,40 +0,0 @@
-SUMMARY = "GTK+ icon theme"
-DESCRIPTION = "The Adwaita icon theme is the default icon theme of the GNOME desktop \
-This package package contains an icon theme for Gtk+ 3 applications."
-HOMEPAGE = "https://gitlab.gnome.org/GNOME/adwaita-icon-theme"
-BUGTRACKER = "https://gitlab.gnome.org/GNOME/adwaita-icon-theme/issues"
-SECTION = "x11/gnome"
-
-LICENSE = "LGPL-3.0-only | CC-BY-SA-3.0"
-LIC_FILES_CHKSUM = "file://COPYING;md5=c84cac88e46fc07647ea07e6c24eeb7c \
-                    file://COPYING_CCBYSA3;md5=96143d33de3a79321b1006c4e8ed07e7 \
-                    file://COPYING_LGPL;md5=e6a600fd5e1d9cbde2d983680233ad02"
-
-inherit allarch autotools pkgconfig gettext gtk-icon-cache gnomebase
-
-SRC_URI += " file://0001-Don-t-use-AC_CANONICAL_HOST.patch"
-
-SRC_URI[archive.sha256sum] = "2e3ac77d32a6aa5554155df37e8f0a0dd54fc5a65fd721e88d505f970da32ec6"
-
-DEPENDS += "librsvg-native"
-
-PACKAGES = "${PN}-cursors ${PN}-symbolic-hires ${PN}-symbolic ${PN}-hires ${PN}"
-
-RREPLACES:${PN} = "gnome-icon-theme"
-RCONFLICTS:${PN} = "gnome-icon-theme"
-RPROVIDES:${PN} = "gnome-icon-theme"
-
-FILES:${PN}-cursors = "${prefix}/share/icons/Adwaita/cursors/"
-FILES:${PN}-symbolic-hires = "${prefix}/share/icons/Adwaita/96x96/*/*.symbolic.png \
-                              ${prefix}/share/icons/Adwaita/64x64/*/*.symbolic.png \
-                              ${prefix}/share/icons/Adwaita/48x48/*/*.symbolic.png \
-                              ${prefix}/share/icons/Adwaita/32x32/*/*.symbolic.png"
-FILES:${PN}-symbolic = "${prefix}/share/icons/Adwaita/16x16/*/*.symbolic.png \
-                        ${prefix}/share/icons/Adwaita/24x24/*/*.symbolic.png \
-                        ${prefix}/share/icons/Adwaita/scalable/*/*-symbolic*.svg"
-FILES:${PN}-hires = "${prefix}/share/icons/Adwaita/256x256/ \
-                     ${prefix}/share/icons/Adwaita/512x512/"
-FILES:${PN} = "${prefix}/share/icons/Adwaita/ \
-               ${prefix}/share/pkgconfig/adwaita-icon-theme.pc"
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_45.0.bb b/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_45.0.bb
new file mode 100644
index 0000000..4dbcced
--- /dev/null
+++ b/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_45.0.bb
@@ -0,0 +1,30 @@
+SUMMARY = "GTK+ icon theme"
+DESCRIPTION = "The Adwaita icon theme is the default icon theme of the GNOME desktop \
+This package package contains an icon theme for Gtk+ 3 applications."
+HOMEPAGE = "https://gitlab.gnome.org/GNOME/adwaita-icon-theme"
+BUGTRACKER = "https://gitlab.gnome.org/GNOME/adwaita-icon-theme/issues"
+SECTION = "x11/gnome"
+
+LICENSE = "LGPL-3.0-only | CC-BY-SA-3.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=c84cac88e46fc07647ea07e6c24eeb7c \
+                    file://COPYING_CCBYSA3;md5=96143d33de3a79321b1006c4e8ed07e7 \
+                    file://COPYING_LGPL;md5=e6a600fd5e1d9cbde2d983680233ad02"
+
+GNOMEBASEBUILDCLASS = "meson"
+inherit gnomebase allarch gtk-icon-cache
+
+SRC_URI[archive.sha256sum] = "2442bfb06f4e6cc95bf6e2682fdff98fa5eddc688751b9d6215c623cb4e42ff1"
+
+DEPENDS += "librsvg-native"
+
+PACKAGES =+ "${PN}-cursors ${PN}-symbolic"
+
+RREPLACES:${PN} = "gnome-icon-theme"
+RCONFLICTS:${PN} = "gnome-icon-theme"
+RPROVIDES:${PN} = "gnome-icon-theme"
+
+FILES:${PN}-cursors = "${datadir}/icons/Adwaita/cursors/"
+FILES:${PN}-symbolic = "${datadir}/icons/Adwaita/symbolic*/"
+FILES:${PN}-doc += "${datadir}/licenses/adwaita-icon-theme"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection/0001-Relocate-the-repository-directory-for-native-builds.patch b/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection/0001-Relocate-the-repository-directory-for-native-builds.patch
index 9ba8bcf..c9e1aff 100644
--- a/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection/0001-Relocate-the-repository-directory-for-native-builds.patch
+++ b/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection/0001-Relocate-the-repository-directory-for-native-builds.patch
@@ -1,4 +1,4 @@
-From 2c31944eabbb42a86a4ddaa2998a3b100a13138d Mon Sep 17 00:00:00 2001
+From aeb5532f8be42d42f4e8725ca42e239b36983a4d Mon Sep 17 00:00:00 2001
 From: Sascha Silbe <x-yo17@se-silbe.de>
 Date: Fri, 8 Jun 2018 13:55:10 +0200
 Subject: [PATCH] Relocate the repository directory for native builds
diff --git a/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection/0001-g-ir-tool-template.in-fix-girdir-path.patch b/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection/0001-g-ir-tool-template.in-fix-girdir-path.patch
deleted file mode 100644
index 5c78649..0000000
--- a/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection/0001-g-ir-tool-template.in-fix-girdir-path.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From b01b448613b76f9acefdfd89ee01686dc7a67df4 Mon Sep 17 00:00:00 2001
-From: Chen Qi <Qi.Chen@windriver.com>
-Date: Tue, 13 Jul 2021 02:05:11 -0700
-Subject: [PATCH] g-ir-tool-template.in: fix girdir path
-
-In case gir_dir_prefix is set, it's possible that g-ir-scanner
-cannot find the .gir files. This is because that the girdir
-is set to gir_dir_prefix, which is wrong. It's not a prefix,
-it the actual gir dir.
-
-Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/gobject-introspection/-/merge_requests/329]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- tools/g-ir-tool-template.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tools/g-ir-tool-template.in b/tools/g-ir-tool-template.in
-index 6e98f52e..62c07c31 100755
---- a/tools/g-ir-tool-template.in
-+++ b/tools/g-ir-tool-template.in
-@@ -55,7 +55,7 @@ builtins.__dict__['DATADIR'] = datadir
- 
- # Respect gir_dir_prefix
- girdir = ''
--girdir = os.path.abspath(os.path.join(filedir, '..', '@gir_dir_prefix@'))
-+girdir = os.path.abspath(os.path.join(filedir, '..', '@gir_dir_prefix@', 'gir-1.0'))
- builtins.__dict__['GIRDIR'] = [girdir]
- 
- # Again, relative paths first so that the installation prefix is relocatable
--- 
-2.30.2
-
diff --git a/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.76.1.bb b/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.78.1.bb
similarity index 97%
rename from poky/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.76.1.bb
rename to poky/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.78.1.bb
index 6d00633..2c6fb7a 100644
--- a/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.76.1.bb
+++ b/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.78.1.bb
@@ -14,10 +14,9 @@
                     "
 
 SRC_URI = "${GNOME_MIRROR}/${BPN}/${@oe.utils.trim_version("${PV}", 2)}/${BPN}-${PV}.tar.xz \
-           file://0001-g-ir-tool-template.in-fix-girdir-path.patch \
            "
 
-SRC_URI[sha256sum] = "196178bf64345501dcdc4d8469b36aa6fe80489354efe71cb7cb8ab82a3738bf"
+SRC_URI[sha256sum] = "bd7babd99af7258e76819e45ba4a6bc399608fe762d83fde3cac033c50841bb4"
 
 SRC_URI:append:class-native = " file://0001-Relocate-the-repository-directory-for-native-builds.patch"
 
diff --git a/poky/meta/recipes-gnome/libadwaita/libadwaita_1.3.4.bb b/poky/meta/recipes-gnome/libadwaita/libadwaita_1.4.0.bb
similarity index 74%
rename from poky/meta/recipes-gnome/libadwaita/libadwaita_1.3.4.bb
rename to poky/meta/recipes-gnome/libadwaita/libadwaita_1.4.0.bb
index 2abc8d9..d8aa2cd 100644
--- a/poky/meta/recipes-gnome/libadwaita/libadwaita_1.3.4.bb
+++ b/poky/meta/recipes-gnome/libadwaita/libadwaita_1.4.0.bb
@@ -7,11 +7,12 @@
 
 DEPENDS = " \
     gtk4 \
+    appstream \
 "
 
 inherit gnomebase gobject-introspection gi-docgen vala features_check
 
-SRC_URI[archive.sha256sum] = "801ccaf3a760213b59ebb9b8185327df225049544aee68a1340b165710acb1bd"
+SRC_URI[archive.sha256sum] = "e51a098a54d43568218fc48fcf52e80e36f469b3ce912d8ce9c308a37e9f47c2"
 
 ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
 REQUIRED_DISTRO_FEATURES = "opengl"
@@ -23,3 +24,5 @@
 PACKAGECONFIG[examples] = "-Dexamples=true,-Dexamples=false"
 
 FILES:${PN} += "${datadir}/metainfo"
+
+EXTRA_OEMESON += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', '-Dvapi=true', '-Dvapi=false', d)}"
diff --git a/poky/meta/recipes-gnome/libportal/libportal_0.6.bb b/poky/meta/recipes-gnome/libportal/libportal_0.7.1.bb
similarity index 81%
rename from poky/meta/recipes-gnome/libportal/libportal_0.6.bb
rename to poky/meta/recipes-gnome/libportal/libportal_0.7.1.bb
index bf38fc8..22e4555 100644
--- a/poky/meta/recipes-gnome/libportal/libportal_0.6.bb
+++ b/poky/meta/recipes-gnome/libportal/libportal_0.7.1.bb
@@ -7,7 +7,7 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=3000208d539ec061b899bce1d9ce9404"
 
 SRC_URI = "git://github.com/flatpak/${BPN}.git;protocol=https;branch=main"
-SRCREV = "13df0b887a7eb7b0f9b14069561a41f62e813155"
+SRCREV = "e9ed3a50cdde321eaf42361212480a66eb94a57a"
 S = "${WORKDIR}/git"
 
 inherit meson gi-docgen gobject-introspection vala features_check pkgconfig
@@ -17,4 +17,4 @@
 
 DEPENDS += "glib-2.0 glib-2.0-native gtk+3 ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'gtk4', '', d)}"
 
-EXTRA_OEMESON = "-Dbackends=gtk3${@bb.utils.contains('DISTRO_FEATURES', 'opengl', ',gtk4', '', d)}"
+EXTRA_OEMESON = "${@bb.utils.contains('GI_DATA_ENABLED', 'True', '-Dvapi=true', '-Dvapi=false', d)} -Dbackend-qt5=disabled"
diff --git a/poky/meta/recipes-gnome/libsecret/libsecret_0.21.0.bb b/poky/meta/recipes-gnome/libsecret/libsecret_0.21.1.bb
similarity index 91%
rename from poky/meta/recipes-gnome/libsecret/libsecret_0.21.0.bb
rename to poky/meta/recipes-gnome/libsecret/libsecret_0.21.1.bb
index 8f560f9..6310247 100644
--- a/poky/meta/recipes-gnome/libsecret/libsecret_0.21.0.bb
+++ b/poky/meta/recipes-gnome/libsecret/libsecret_0.21.1.bb
@@ -14,7 +14,7 @@
 
 DEPENDS += "glib-2.0 libgcrypt gettext-native"
 
-SRC_URI[archive.sha256sum] = "2735b29d1cc0e5b12ba90bee88bd21774ac8db4ae1a4b716f46c409c19a14613"
+SRC_URI[archive.sha256sum] = "674f51323a5f74e4cb7e3277da68b5afddd333eca25bc9fd2d820a92972f90b1"
 
 GTKDOC_MESON_OPTION = 'gtk_doc'
 
diff --git a/poky/meta/recipes-gnome/libxmlb/libxmlb/0001-xb-selftest.c-hardcode-G_TEST_SRCDIR.patch b/poky/meta/recipes-gnome/libxmlb/libxmlb/0001-xb-selftest.c-hardcode-G_TEST_SRCDIR.patch
new file mode 100644
index 0000000..da8ce68
--- /dev/null
+++ b/poky/meta/recipes-gnome/libxmlb/libxmlb/0001-xb-selftest.c-hardcode-G_TEST_SRCDIR.patch
@@ -0,0 +1,35 @@
+From dc208bafc57c1ccaa0ca260f99c8b4c976271ebc Mon Sep 17 00:00:00 2001
+From: Markus Volk <f_l_k@t-online.de>
+Date: Sat, 16 Sep 2023 14:02:57 +0200
+Subject: [PATCH] xb-self-test.c: hardcode G_TEST_SRCDIR
+
+This avoids:
+ libxmlb-0.3.14-r0 do_package_qa: QA Issue: File
+ /usr/libexec/installed-tests/libxmlb/xb-self-test in package libxmlb-ptest
+ contains reference to TMPDIR [buildpaths]
+
+and also fixes the runtime for the ptest.
+
+Upstream-Status: Inappropriate [oe-specific]
+
+Signed-off-by: Markus Volk <f_l_k@t-online.de>
+---
+ src/xb-self-test.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/xb-self-test.c b/src/xb-self-test.c
+index 47d9728..8b3dd0e 100644
+--- a/src/xb-self-test.c
++++ b/src/xb-self-test.c
+@@ -2870,7 +2870,7 @@ xb_speed_func(void)
+ int
+ main(int argc, char **argv)
+ {
+-	g_setenv("G_TEST_SRCDIR", SRCDIR, FALSE);
++	g_setenv("G_TEST_SRCDIR", "/usr/libexec/installed-tests/libxmlb", FALSE);
+ 
+ 	g_test_init(&argc, &argv, NULL);
+ 
+-- 
+2.41.0
+
diff --git a/poky/meta/recipes-gnome/libxmlb/libxmlb/run-ptest b/poky/meta/recipes-gnome/libxmlb/libxmlb/run-ptest
new file mode 100644
index 0000000..6d0bb95
--- /dev/null
+++ b/poky/meta/recipes-gnome/libxmlb/libxmlb/run-ptest
@@ -0,0 +1,3 @@
+#! /bin/sh
+
+gnome-desktop-testing-runner libxmlb
diff --git a/poky/meta/recipes-gnome/libxmlb/libxmlb_0.3.14.bb b/poky/meta/recipes-gnome/libxmlb/libxmlb_0.3.14.bb
new file mode 100644
index 0000000..1d3b0de
--- /dev/null
+++ b/poky/meta/recipes-gnome/libxmlb/libxmlb_0.3.14.bb
@@ -0,0 +1,25 @@
+SUMMARY = "A library to help create and query binary XML blobs"
+HOMEPAGE = "https://github.com/hughsie/libxmlb"
+LICENSE = "LGPL-2.1-only"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=1803fa9c2c3ce8cb06b4861d75310742"
+
+SRC_URI = " \
+	git://github.com/hughsie/libxmlb.git;branch=main;protocol=https \
+	file://0001-xb-selftest.c-hardcode-G_TEST_SRCDIR.patch \
+	file://run-ptest \
+"
+SRCREV = "aa577b276adc66564f5777f9a522ca3bf0bfa65e"
+S = "${WORKDIR}/git"
+
+DEPENDS = "glib-2.0 xz zstd"
+
+inherit gobject-introspection gtk-doc meson ptest-gnome lib_package pkgconfig
+
+PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
+PACKAGECONFIG[tests] = "-Dtests=true,-Dtests=false"
+
+GTKDOC_MESON_OPTION = "gtkdoc"
+
+FILES:${PN} += "${datadir}"
+
+BBCLASSEXTEND = "native"
diff --git a/poky/meta/recipes-graphics/builder/builder_0.1.bb b/poky/meta/recipes-graphics/builder/builder_0.1.bb
index 1700015..52c9351 100644
--- a/poky/meta/recipes-graphics/builder/builder_0.1.bb
+++ b/poky/meta/recipes-graphics/builder/builder_0.1.bb
@@ -1,7 +1,6 @@
 SUMMARY = "New user to do specific job"
 DESCRIPTION = "This recipe create a new user named ${PN}, who is used for specific jobs like building. The task can be auto started via mini X"
 SECTION = "x11"
-PR = "r6"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://builder_session.sh;endline=5;md5=84796c3c41785d86100fdabcbdade00e"
 
diff --git a/poky/meta/recipes-graphics/freetype/freetype_2.13.1.bb b/poky/meta/recipes-graphics/freetype/freetype_2.13.2.bb
similarity index 95%
rename from poky/meta/recipes-graphics/freetype/freetype_2.13.1.bb
rename to poky/meta/recipes-graphics/freetype/freetype_2.13.2.bb
index 5b1c520..4e7a0ad 100644
--- a/poky/meta/recipes-graphics/freetype/freetype_2.13.1.bb
+++ b/poky/meta/recipes-graphics/freetype/freetype_2.13.2.bb
@@ -14,7 +14,7 @@
                     "
 
 SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "ea67e3b019b1104d1667aa274f5dc307d8cbd606b399bc32df308a77f1a564bf"
+SRC_URI[sha256sum] = "12991c4e55c506dd7f9b765933e62fd2be2e06d421505d7950a132e4f1bb484d"
 
 UPSTREAM_CHECK_REGEX = "freetype-(?P<pver>\d+(\.\d+)+)"
 
diff --git a/poky/meta/recipes-graphics/glslang/glslang_1.3.250.0.bb b/poky/meta/recipes-graphics/glslang/glslang_1.3.261.1.bb
similarity index 95%
rename from poky/meta/recipes-graphics/glslang/glslang_1.3.250.0.bb
rename to poky/meta/recipes-graphics/glslang/glslang_1.3.261.1.bb
index 6e9c666..e607045 100644
--- a/poky/meta/recipes-graphics/glslang/glslang_1.3.250.0.bb
+++ b/poky/meta/recipes-graphics/glslang/glslang_1.3.261.1.bb
@@ -8,7 +8,7 @@
 LICENSE = "BSD-3-Clause & BSD-2-Clause & MIT & Apache-2.0 & GPL-3-with-bison-exception"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=2a2b5acd7bc4844964cfda45fe807dc3"
 
-SRCREV = "d1517d64cfca91f573af1bf7341dc3a5113349c0"
+SRCREV = "76b52ebf77833908dc4c0dd6c70a9c357ac720bd"
 SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https;branch=main \
            file://0001-generate-glslang-pkg-config.patch \
            "
diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.1.1.bb b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.1.bb
similarity index 95%
rename from poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.1.1.bb
rename to poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.1.bb
index 9422db2..df41af2 100644
--- a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.1.1.bb
+++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.1.bb
@@ -9,7 +9,7 @@
                     "
 
 SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "0305ad702e11906a5fc0c1ba11c270b7f64a8f5390d676aacfd71db129d6565f"
+SRC_URI[sha256sum] = "0fec78f98c9c8faf228957a201c8846f809452c20f8445eb092a1ba6f22dbea5"
 
 DEPENDS += "glib-2.0-native"
 
diff --git a/poky/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools/0001-Support-procps-4.x.patch b/poky/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools/0001-Support-procps-4.x.patch
deleted file mode 100644
index fe9663b..0000000
--- a/poky/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools/0001-Support-procps-4.x.patch
+++ /dev/null
@@ -1,502 +0,0 @@
-From 524e58f3b2f9e4702293af66f6768755b300e8d3 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Thu, 2 Mar 2023 13:59:13 +0100
-Subject: [PATCH] Support procps 4.x
-
-Upstream-Status: Submitted [https://gitlab.freedesktop.org/drm/igt-gpu-tools/-/issues/116#note_1785522]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- lib/igt_aux.c   | 238 ++++++++++++++++++++++++++++++++++++++++--------
- lib/meson.build |   7 +-
- meson.build     |  10 +-
- 3 files changed, 215 insertions(+), 40 deletions(-)
-
-diff --git a/lib/igt_aux.c b/lib/igt_aux.c
-index 15e30440..d23c9a40 100644
---- a/lib/igt_aux.c
-+++ b/lib/igt_aux.c
-@@ -52,8 +52,16 @@
- #include <assert.h>
- #include <grp.h>
- 
-+#ifdef HAVE_LIBPROCPS
- #include <proc/readproc.h>
-+#endif
-+#ifdef HAVE_LIBPROC2
-+#include <libproc2/pids.h>
-+#endif
-+
- #include <libudev.h>
-+#include <linux/limits.h>
-+#include <dirent.h>
- 
- #include "drmtest.h"
- #include "i915_drm.h"
-@@ -1217,6 +1225,7 @@ void igt_unlock_mem(void)
-  */
- int igt_is_process_running(const char *comm)
- {
-+#if HAVE_LIBPROCPS
- 	PROCTAB *proc;
- 	proc_t *proc_info;
- 	bool found = false;
-@@ -1235,6 +1244,26 @@ int igt_is_process_running(const char *comm)
- 
- 	closeproc(proc);
- 	return found;
-+#endif
-+#ifdef HAVE_LIBPROC2
-+	enum pids_item Item[] = { PIDS_CMD };
-+	struct pids_info *info = NULL;
-+	struct pids_stack *stack;
-+	char *pid_comm;
-+	bool found = false;
-+
-+	if (procps_pids_new(&info, Item, 1) < 0)
-+	    return false;
-+	while ((stack = procps_pids_get(info, PIDS_FETCH_TASKS_ONLY))) {
-+	    pid_comm = PIDS_VAL(0, str, stack, info);
-+	    if (!strncasecmp(pid_comm, comm, strlen(pid_comm))) {
-+		found = true;
-+		break;
-+	    }
-+	}
-+	procps_pids_unref(&info);
-+	return found;
-+#endif
- }
- 
- /**
-@@ -1251,6 +1280,7 @@ int igt_is_process_running(const char *comm)
-  */
- int igt_terminate_process(int sig, const char *comm)
- {
-+#ifdef HAVE_LIBPROCPS
- 	PROCTAB *proc;
- 	proc_t *proc_info;
- 	int err = 0;
-@@ -1272,6 +1302,29 @@ int igt_terminate_process(int sig, const char *comm)
- 
- 	closeproc(proc);
- 	return err;
-+#endif
-+#ifdef HAVE_LIBPROC2
-+	enum pids_item Items[] = { PIDS_ID_PID, PIDS_CMD };
-+	struct pids_info *info = NULL;
-+	struct pids_stack *stack;
-+	char *pid_comm;
-+	int pid;
-+	int err = 0;
-+
-+	if (procps_pids_new(&info, Items, 2) < 0)
-+		return -errno;
-+	while ((stack = procps_pids_get(info, PIDS_FETCH_TASKS_ONLY))) {
-+		pid = PIDS_VAL(0, s_int, stack, info);
-+		pid_comm = PIDS_VAL(1, str, stack, info);
-+		if (!strncasecmp(pid_comm, comm, strlen(pid_comm))) {
-+			if (kill(pid, sig) < 0)
-+				err = -errno;
-+			break;
-+		}
-+	}
-+	procps_pids_unref(&info);
-+	return err;
-+#endif
- }
- 
- struct pinfo {
-@@ -1341,9 +1394,9 @@ igt_show_stat_header(void)
- }
- 
- static void
--igt_show_stat(proc_t *info, int *state, const char *fn)
-+igt_show_stat(const pid_t tid, const char *cmd, int *state, const char *fn)
- {
--	struct pinfo p = { .pid = info->tid, .comm = info->cmd, .fn = fn };
-+	struct pinfo p = { .pid = tid, .comm = cmd, .fn = fn };
- 
- 	if (!*state)
- 		igt_show_stat_header();
-@@ -1353,7 +1406,7 @@ igt_show_stat(proc_t *info, int *state, const char *fn)
- }
- 
- static void
--__igt_lsof_fds(proc_t *proc_info, int *state, char *proc_path, const char *dir)
-+__igt_lsof_fds(const pid_t tid, const char *cmd, int *state, char *proc_path, const char *dir)
- {
- 	struct dirent *d;
- 	struct stat st;
-@@ -1400,7 +1453,7 @@ again:
- 		dirn = dirname(copy_fd_lnk);
- 
- 		if (!strncmp(dir, dirn, strlen(dir)))
--			igt_show_stat(proc_info, state, fd_lnk);
-+			igt_show_stat(tid, cmd, state, fd_lnk);
- 
- 		free(copy_fd_lnk);
- 		free(fd_lnk);
-@@ -1416,13 +1469,14 @@ again:
- static void
- __igt_lsof(const char *dir)
- {
--	PROCTAB *proc;
--	proc_t *proc_info;
--
- 	char path[30];
- 	char *name_lnk;
- 	struct stat st;
- 	int state = 0;
-+#ifdef HAVE_LIBPROCPS
-+	PROCTAB *proc;
-+	proc_t *proc_info;
-+
- 
- 	proc = openproc(PROC_FILLCOM | PROC_FILLSTAT | PROC_FILLARG);
- 	igt_assert(proc != NULL);
-@@ -1456,6 +1510,44 @@ __igt_lsof(const char *dir)
- 	}
- 
- 	closeproc(proc);
-+#endif
-+#ifdef HAVE_LIBPROC2
-+	enum pids_item Items[] = { PIDS_ID_PID, PIDS_CMD };
-+	struct pids_info *info = NULL;
-+	struct pids_stack *stack;
-+
-+	if (procps_pids_new(&info, Items, 2) < 0)
-+		return;
-+	while ((stack = procps_pids_get(info, PIDS_FETCH_TASKS_ONLY))) {
-+		ssize_t read;
-+		int tid = PIDS_VAL(0, s_int, stack, info);
-+		char *pid_comm = PIDS_VAL(1, str, stack, info);
-+
-+		/* check current working directory */
-+		memset(path, 0, sizeof(path));
-+		snprintf(path, sizeof(path), "/proc/%d/cwd", tid);
-+
-+		if (stat(path, &st) == -1)
-+			continue;
-+
-+		name_lnk = malloc(st.st_size + 1);
-+
-+		igt_assert((read = readlink(path, name_lnk, st.st_size + 1)));
-+		name_lnk[read] = '\0';
-+
-+		if (!strncmp(dir, name_lnk, strlen(dir)))
-+			igt_show_stat(tid, pid_comm, &state, name_lnk);
-+
-+		/* check also fd, seems that lsof(8) doesn't look here */
-+		memset(path, 0, sizeof(path));
-+		snprintf(path, sizeof(path), "/proc/%d/fd", tid);
-+
-+		__igt_lsof_fds(tid, pid_comm, &state, path, dir);
-+
-+		free(name_lnk);
-+	}
-+	procps_pids_unref(&info);
-+#endif
- }
- 
- /**
-@@ -1490,7 +1582,7 @@ igt_lsof(const char *dpath)
- 	free(sanitized);
- }
- 
--static void pulseaudio_unload_module(proc_t *proc_info)
-+static void pulseaudio_unload_module(const uid_t euid, const gid_t egid)
- {
- 	struct igt_helper_process pa_proc = {};
- 	char xdg_dir[PATH_MAX];
-@@ -1498,14 +1590,14 @@ static void pulseaudio_unload_module(proc_t *proc_info)
- 	struct passwd *pw;
- 
- 	igt_fork_helper(&pa_proc) {
--		pw = getpwuid(proc_info->euid);
-+		pw = getpwuid(euid);
- 		homedir = pw->pw_dir;
--		snprintf(xdg_dir, sizeof(xdg_dir), "/run/user/%d", proc_info->euid);
-+		snprintf(xdg_dir, sizeof(xdg_dir), "/run/user/%d", euid);
- 
- 		igt_info("Request pulseaudio to stop using audio device\n");
- 
--		setgid(proc_info->egid);
--		setuid(proc_info->euid);
-+		setgid(egid);
-+		setuid(euid);
- 		clearenv();
- 		setenv("HOME", homedir, 1);
- 		setenv("XDG_RUNTIME_DIR",xdg_dir, 1);
-@@ -1524,10 +1616,12 @@ static void pipewire_reserve_wait(void)
- 	char xdg_dir[PATH_MAX];
- 	const char *homedir;
- 	struct passwd *pw;
--	proc_t *proc_info;
--	PROCTAB *proc;
-+	int tid=0, euid, egid;
- 
-+#ifdef HAVE_LIBPROCPS
- 	igt_fork_helper(&pw_reserve_proc) {
-+		proc_t *proc_info;
-+		PROCTAB *proc;
- 		igt_info("Preventing pipewire-pulse to use the audio drivers\n");
- 
- 		proc = openproc(PROC_FILLCOM | PROC_FILLSTAT | PROC_FILLARG);
-@@ -1539,21 +1633,44 @@ static void pipewire_reserve_wait(void)
- 			freeproc(proc_info);
- 		}
- 		closeproc(proc);
-+		tid = proc_info->tid;
-+		euid = proc_info->euid;
-+		egid = proc_info->egid;
-+		freeproc(proc_info);
-+#endif
-+#ifdef HAVE_LIBPROC2
-+	igt_fork(child, 1) {
-+		enum pids_item Items[] = { PIDS_ID_PID, PIDS_ID_EUID, PIDS_ID_EGID };
-+		enum rel_items { EU_PID, EU_EUID, EU_EGID };
-+		struct pids_info *info = NULL;
-+		struct pids_stack *stack;
-+
-+		igt_info("Preventing pipewire-pulse to use the audio drivers\n");
-+
-+		if (procps_pids_new(&info, Items, 3) < 0)
-+		    return;
-+		while ((stack = procps_pids_get(info, PIDS_FETCH_TASKS_ONLY))) {
-+			tid = PIDS_VAL(EU_PID, s_int, stack, info);
-+			if (pipewire_pulse_pid == tid)
-+				break;
-+		}
-+		euid = PIDS_VAL(EU_EUID, s_int, stack, info);
-+		egid = PIDS_VAL(EU_EGID, s_int, stack, info);
-+		procps_pids_unref(&info);
-+#endif
- 
- 		/* Sanity check: if it can't find the process, it means it has gone */
--		if (pipewire_pulse_pid != proc_info->tid)
-+		if (pipewire_pulse_pid != tid)
- 			exit(0);
- 
--		pw = getpwuid(proc_info->euid);
-+		pw = getpwuid(euid);
- 		homedir = pw->pw_dir;
--		snprintf(xdg_dir, sizeof(xdg_dir), "/run/user/%d", proc_info->euid);
--		setgid(proc_info->egid);
--		setuid(proc_info->euid);
-+		snprintf(xdg_dir, sizeof(xdg_dir), "/run/user/%d", euid);
-+		setgid(egid);
-+		setuid(euid);
- 		clearenv();
- 		setenv("HOME", homedir, 1);
- 		setenv("XDG_RUNTIME_DIR",xdg_dir, 1);
--		freeproc(proc_info);
--
- 		/*
- 		 * pw-reserve will run in background. It will only exit when
- 		 * igt_kill_children() is called later on. So, it shouldn't
-@@ -1570,9 +1687,7 @@ static void pipewire_reserve_wait(void)
- int pipewire_pulse_start_reserve(void)
- {
- 	bool is_pw_reserve_running = false;
--	proc_t *proc_info;
- 	int attempts = 0;
--	PROCTAB *proc;
- 
- 	if (!pipewire_pulse_pid)
- 		return 0;
-@@ -1584,6 +1699,10 @@ int pipewire_pulse_start_reserve(void)
- 	 * pipewire version 0.3.50 or upper.
- 	 */
- 	for (attempts = 0; attempts < PIPEWIRE_RESERVE_MAX_TIME; attempts++) {
-+#ifdef HAVE_LIBPROCPS
-+		proc_t *proc_info;
-+		PROCTAB *proc;
-+
- 		usleep(1000);
- 		proc = openproc(PROC_FILLCOM | PROC_FILLSTAT | PROC_FILLARG);
- 		igt_assert(proc != NULL);
-@@ -1598,6 +1717,25 @@ int pipewire_pulse_start_reserve(void)
- 			freeproc(proc_info);
- 		}
- 		closeproc(proc);
-+#endif
-+#ifdef HAVE_LIBPROC2
-+		enum pids_item Items[] = { PIDS_ID_PID, PIDS_CMD };
-+		struct pids_info *info = NULL;
-+		struct pids_stack *stack;
-+
-+		usleep(1000);
-+
-+		if (procps_pids_new(&info, Items, 2) < 0)
-+			return 1;
-+		while ((stack = procps_pids_get(info, PIDS_FETCH_TASKS_ONLY))) {
-+			if (!strcmp(PIDS_VAL(1, str, stack, info), "pw-reserve")) {
-+				is_pw_reserve_running = true;
-+				pipewire_pw_reserve_pid = PIDS_VAL(0, s_int, stack, info);
-+				break;
-+			}
-+		}
-+		procps_pids_unref(&info);
-+#endif
- 		if (is_pw_reserve_running)
- 			break;
- 	}
-@@ -1645,7 +1783,7 @@ void pipewire_pulse_stop_reserve(void)
-  * If the check fails, it means that the process can simply be killed.
-  */
- static int
--__igt_lsof_audio_and_kill_proc(proc_t *proc_info, char *proc_path)
-+__igt_lsof_audio_and_kill_proc(const pid_t tid, const char *cmd, const uid_t euid, const gid_t egid, char *proc_path)
- {
- 	const char *audio_dev = "/dev/snd/";
- 	char path[PATH_MAX * 2];
-@@ -1670,10 +1808,10 @@ __igt_lsof_audio_and_kill_proc(proc_t *proc_info, char *proc_path)
- 	 * 2) unload/unbind the the audio driver(s);
- 	 * 3) stop the pw-reserve thread.
- 	 */
--	if (!strcmp(proc_info->cmd, "pipewire-pulse")) {
-+	if (!strcmp(cmd, "pipewire-pulse")) {
- 		igt_info("process %d (%s) is using audio device. Should be requested to stop using them.\n",
--			 proc_info->tid, proc_info->cmd);
--		pipewire_pulse_pid = proc_info->tid;
-+			 tid, cmd);
-+		pipewire_pulse_pid = tid;
- 		return 0;
- 	}
- 	/*
-@@ -1685,9 +1823,9 @@ __igt_lsof_audio_and_kill_proc(proc_t *proc_info, char *proc_path)
- 	 * will respawn them. So, just ignore here, they'll honor pw-reserve,
- 	 * when the time comes.
- 	 */
--	if (!strcmp(proc_info->cmd, "pipewire-media-session"))
-+	if (!strcmp(cmd, "pipewire-media-session"))
- 		return 0;
--	if (!strcmp(proc_info->cmd, "wireplumber"))
-+	if (!strcmp(cmd, "wireplumber"))
- 		return 0;
- 
- 	dp = opendir(proc_path);
-@@ -1723,22 +1861,22 @@ __igt_lsof_audio_and_kill_proc(proc_t *proc_info, char *proc_path)
- 		 * enough to unbind audio modules and won't cause race issues
- 		 * with systemd trying to reload it.
- 		 */
--		if (!strcmp(proc_info->cmd, "pulseaudio")) {
--			pulseaudio_unload_module(proc_info);
-+		if (!strcmp(cmd, "pulseaudio")) {
-+			pulseaudio_unload_module(euid, egid);
- 			break;
- 		}
- 
- 		/* For all other processes, just kill them */
- 		igt_info("process %d (%s) is using audio device. Should be terminated.\n",
--				proc_info->tid, proc_info->cmd);
-+				tid, cmd);
- 
--		if (kill(proc_info->tid, SIGTERM) < 0) {
-+		if (kill(tid, SIGTERM) < 0) {
- 			igt_info("Fail to terminate %s (pid: %d) with SIGTERM\n",
--				proc_info->cmd, proc_info->tid);
--			if (kill(proc_info->tid, SIGABRT) < 0) {
-+				cmd, tid);
-+			if (kill(tid, SIGABRT) < 0) {
- 				fail++;
- 				igt_info("Fail to terminate %s (pid: %d) with SIGABRT\n",
--					proc_info->cmd, proc_info->tid);
-+					cmd, tid);
- 			}
- 		}
- 
-@@ -1760,9 +1898,10 @@ int
- igt_lsof_kill_audio_processes(void)
- {
- 	char path[PATH_MAX];
-+	int fail = 0;
-+#ifdef HAVE_LIBPROCPS
- 	proc_t *proc_info;
- 	PROCTAB *proc;
--	int fail = 0;
- 
- 	proc = openproc(PROC_FILLCOM | PROC_FILLSTAT | PROC_FILLARG);
- 	igt_assert(proc != NULL);
-@@ -1772,12 +1911,35 @@ igt_lsof_kill_audio_processes(void)
- 		if (snprintf(path, sizeof(path), "/proc/%d/fd", proc_info->tid) < 1)
- 			fail++;
- 		else
--			fail += __igt_lsof_audio_and_kill_proc(proc_info, path);
-+			fail += __igt_lsof_audio_and_kill_proc(proc_info->pid, proc_info->cmd, proc_info->euid, proc_info->egid, path);
- 
- 		freeproc(proc_info);
- 	}
- 	closeproc(proc);
-+#endif
-+#ifdef HAVE_LIBPROC2
-+	enum pids_item Items[] = { PIDS_ID_PID, PIDS_CMD, PIDS_ID_EUID, PIDS_ID_EGID };
-+	enum rel_items { EU_PID, EU_CMD, EU_EUID, EU_EGID };
-+	struct pids_info *info = NULL;
-+	struct pids_stack *stack;
-+	pid_t tid;
-+
-+	if (procps_pids_new(&info, Items, 4) < 0)
-+		return 1;
-+	while ((stack = procps_pids_get(info, PIDS_FETCH_TASKS_ONLY))) {
-+		tid = PIDS_VAL(EU_PID, s_int, stack, info);
- 
-+		if (snprintf(path, sizeof(path), "/proc/%d/fd", tid) < 1)
-+			fail++;
-+		else
-+			fail += __igt_lsof_audio_and_kill_proc(tid,
-+				PIDS_VAL(EU_CMD, str, stack, info),
-+				PIDS_VAL(EU_EUID, s_int, stack, info),
-+				PIDS_VAL(EU_EGID, s_int, stack, info),
-+				path);
-+	}
-+	procps_pids_unref(&info);
-+#endif
- 	return fail;
- }
- 
-diff --git a/lib/meson.build b/lib/meson.build
-index cc784686..90591e0e 100644
---- a/lib/meson.build
-+++ b/lib/meson.build
-@@ -105,7 +105,6 @@ lib_deps = [
- 	libdrm,
- 	libdw,
- 	libkmod,
--	libprocps,
- 	libudev,
- 	math,
- 	pciaccess,
-@@ -169,6 +168,12 @@ if chamelium.found()
- 	lib_sources += 'monitor_edids/monitor_edids_helper.c'
- endif
- 
-+if libprocps.found()
-+	lib_deps += libprocps
-+else
-+	lib_deps += libproc2
-+endif
-+
- if get_option('srcdir') != ''
-     srcdir = join_paths(get_option('srcdir'), 'tests')
- else
-diff --git a/meson.build b/meson.build
-index e7a68503..309b0af3 100644
---- a/meson.build
-+++ b/meson.build
-@@ -120,7 +120,15 @@ build_info += 'With libdrm: ' + ','.join(libdrm_info)
- 
- pciaccess = dependency('pciaccess', version : '>=0.10')
- libkmod = dependency('libkmod')
--libprocps = dependency('libprocps', required : true)
-+libprocps = dependency('libprocps', required : false)
-+libproc2 = dependency('libproc2', required : false)
-+if libprocps.found()
-+  config.set('HAVE_LIBPROCPS', 1)
-+elif libproc2.found()
-+  config.set('HAVE_LIBPROC2', 1)
-+else
-+  error('Either libprocps or libproc2 is required')
-+endif
- 
- libunwind = dependency('libunwind', required : get_option('libunwind'))
- build_info += 'With libunwind: @0@'.format(libunwind.found())
diff --git a/poky/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb b/poky/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb
index f4799fb..529b374 100644
--- a/poky/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb
+++ b/poky/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb
@@ -9,12 +9,10 @@
 
 inherit meson pkgconfig
 
-SRCREV = "2b29e8ac07fbcfadc48b9d60e4d736a6e3b289ab"
-PV = "1.27.1"
+SRCREV = "31ec677ca24e7ed86e35f367f40a29d3d9f51c06"
+PV = "1.28"
 
-SRC_URI = "git://gitlab.freedesktop.org/drm/igt-gpu-tools.git;protocol=https;branch=master \
-           file://0001-Support-procps-4.x.patch \
-           "
+SRC_URI = "git://gitlab.freedesktop.org/drm/igt-gpu-tools.git;protocol=https;branch=master"
 
 S = "${WORKDIR}/git"
 
@@ -26,7 +24,7 @@
 
 PACKAGECONFIG[chamelium] = "-Dchamelium=enabled,-Dchamelium=disabled,gsl xmlrpc-c"
 
-EXTRA_OEMESON = "-Ddocs=disabled -Drunner=enabled -Dsrcdir=/usr/src/debug/${PN}/${PV}-${PR}/git/"
+EXTRA_OEMESON = "-Ddocs=disabled -Drunner=enabled -Dsrcdir=/usr/src/debug/${PN}/${PV}-${PR}/git/ -Dversion_hash=${PV}"
 COMPATIBLE_HOST = "(x86_64.*|i.86.*|arm.*|aarch64).*-linux"
 COMPATIBLE_HOST:libc-musl:class-target = "null"
 SECURITY_LDFLAGS = "${SECURITY_X_LDFLAGS}"
diff --git a/poky/meta/recipes-graphics/kmscube/kmscube_git.bb b/poky/meta/recipes-graphics/kmscube/kmscube_git.bb
index b385ff7..4cdc0f0 100644
--- a/poky/meta/recipes-graphics/kmscube/kmscube_git.bb
+++ b/poky/meta/recipes-graphics/kmscube/kmscube_git.bb
@@ -10,7 +10,7 @@
 
 LIC_FILES_CHKSUM = "file://kmscube.c;beginline=1;endline=23;md5=8b309d4ee67b7315ff7381270dd631fb"
 
-SRCREV = "53ea71efe63470cf698726d983e9da5748a754a1"
+SRCREV = "ea6c5d1eeefbfb0a1c27ab74a6e4621f1d9adf4c"
 SRC_URI = "git://gitlab.freedesktop.org/mesa/kmscube;branch=master;protocol=https"
 
 UPSTREAM_CHECK_COMMITS = "1"
diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.28.0.bb b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.28.3.bb
similarity index 97%
rename from poky/meta/recipes-graphics/libsdl2/libsdl2_2.28.0.bb
rename to poky/meta/recipes-graphics/libsdl2/libsdl2_2.28.3.bb
index 1228217..f866a36 100644
--- a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.28.0.bb
+++ b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.28.3.bb
@@ -25,7 +25,7 @@
 
 S = "${WORKDIR}/SDL2-${PV}"
 
-SRC_URI[sha256sum] = "d215ae4541e69d628953711496cd7b0e8b8d5c8d811d5b0f98fdc7fd1422998a"
+SRC_URI[sha256sum] = "7acb8679652701a2504d734e2ba7543ec1a83e310498ddd22fd44bf965eb5518"
 
 inherit cmake lib_package binconfig-disabled pkgconfig upstream-version-is-even
 
diff --git a/poky/meta/recipes-graphics/libva/libva-utils_2.19.0.bb b/poky/meta/recipes-graphics/libva/libva-utils_2.20.0.bb
similarity index 90%
rename from poky/meta/recipes-graphics/libva/libva-utils_2.19.0.bb
rename to poky/meta/recipes-graphics/libva/libva-utils_2.20.0.bb
index acb25a3..2e1fd09 100644
--- a/poky/meta/recipes-graphics/libva/libva-utils_2.19.0.bb
+++ b/poky/meta/recipes-graphics/libva/libva-utils_2.20.0.bb
@@ -14,8 +14,8 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b148fc8adf19dc9aec17cf9cd29a9a5e"
 
-SRC_URI = "git://github.com/intel/libva-utils.git;branch=v2.19-branch;protocol=https"
-SRCREV = "5bf107ec4f7b18a6457d23abf57560dfb382a751"
+SRC_URI = "git://github.com/intel/libva-utils.git;branch=v2.20-branch;protocol=https"
+SRCREV = "0c8373e62af3e4d9a3831334c5402ad255797e67"
 S = "${WORKDIR}/git"
 
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))$"
diff --git a/poky/meta/recipes-graphics/matchbox-session/matchbox-session_0.1.bb b/poky/meta/recipes-graphics/matchbox-session/matchbox-session_0.1.bb
index 1a16ed4..d1f0a67 100644
--- a/poky/meta/recipes-graphics/matchbox-session/matchbox-session_0.1.bb
+++ b/poky/meta/recipes-graphics/matchbox-session/matchbox-session_0.1.bb
@@ -12,7 +12,6 @@
 SRC_URI = "file://matchbox-session"
 S = "${WORKDIR}"
 
-PR = "r4"
 
 inherit update-alternatives
 
diff --git a/poky/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch b/poky/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch
index 3631a91..1657081 100644
--- a/poky/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch
+++ b/poky/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch
@@ -1,4 +1,4 @@
-From 865762e0a767a121206d818bdd58301afbf30104 Mon Sep 17 00:00:00 2001
+From c8e9776abc3dfd3f2411797a90a03e7fa16263ef Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Fri, 23 Jun 2023 01:20:38 -0700
 Subject: [PATCH] gallium: Fix build with llvm 17
@@ -10,11 +10,9 @@
 Upstream-Status: Submitted [https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/23827]
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 ---
- src/gallium/auxiliary/gallivm/lp_bld_init.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
+ src/gallium/auxiliary/gallivm/lp_bld_init.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
 
-diff --git a/src/gallium/auxiliary/gallivm/lp_bld_init.c b/src/gallium/auxiliary/gallivm/lp_bld_init.c
-index 24d0823..3d4573e 100644
 --- a/src/gallium/auxiliary/gallivm/lp_bld_init.c
 +++ b/src/gallium/auxiliary/gallivm/lp_bld_init.c
 @@ -42,8 +42,10 @@
@@ -29,6 +27,14 @@
  #include <llvm-c/Transforms/Utils.h>
  #endif
  #include <llvm-c/BitWriter.h>
--- 
-2.41.0
-
+@@ -53,8 +55,10 @@
+ #if LLVM_VERSION_MAJOR <= 8 && (DETECT_ARCH_AARCH64 || DETECT_ARCH_ARM || DETECT_ARCH_S390 || DETECT_ARCH_MIPS64)
+ #include <llvm-c/Transforms/IPO.h>
+ #endif
++#if LLVM_VERSION_MAJOR < 17
+ #include <llvm-c/Transforms/Coroutines.h>
+ #endif
++#endif
+ 
+ unsigned gallivm_perf = 0;
+ 
diff --git a/poky/meta/recipes-graphics/mesa/files/0001-meson-Disable-cmake-dependency-detector-for-llvm.patch b/poky/meta/recipes-graphics/mesa/files/0001-meson-Disable-cmake-dependency-detector-for-llvm.patch
new file mode 100644
index 0000000..4cded05
--- /dev/null
+++ b/poky/meta/recipes-graphics/mesa/files/0001-meson-Disable-cmake-dependency-detector-for-llvm.patch
@@ -0,0 +1,42 @@
+From 00d41cd5aa3f4b494dc276c9b4ccdc096310c91f Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 28 Sep 2023 15:34:22 -0700
+Subject: [PATCH] meson: use llvm-config instead of cmake to fix linking errors with meson 1.2.1
+
+meson dependency auto dependency detection uses cmake and then
+config-tool to process dependencies, in mesa the logic to detect llvm is
+using auto detection which means if it finds cmake then it will try to
+use cmake method. Cmake method works ok except a case when llvm-dev
+package is installed on the build host then it generates its own
+native.meson file and ignores OE supplied meson.native file which has
+correct llvm-config tool specified which is pointing to llvm-config from
+native sysroot. The generated meson.native file points to one found in
+/usr/bin and there onwards detector finds native install of llvm and
+configures that into building native mesa package.
+
+Since cmake detector does not always work, disable it by default and use
+config-tool which works in all cases. This is suggested in below issues
+too
+
+A similar issue is open in meson upstream [1] and mesa [2]
+
+[1] https://github.com/mesonbuild/meson/issues/10483
+[2] https://gitlab.freedesktop.org/mesa/mesa/-/issues/6738
+
+Upstream-Status: Submitted [https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/25438]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ meson.build | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/meson.build
++++ b/meson.build
+@@ -1659,6 +1659,7 @@ with_llvm = false
+ if _llvm.allowed()
+   dep_llvm = dependency(
+     'llvm',
++    method : host_machine.system() == 'windows' ? 'auto' : 'config-tool',
+     version : _llvm_version,
+     modules : llvm_modules,
+     optional_modules : llvm_optional_modules,
diff --git a/poky/meta/recipes-graphics/mesa/mesa-gl_23.1.3.bb b/poky/meta/recipes-graphics/mesa/mesa-gl_23.1.8.bb
similarity index 100%
rename from poky/meta/recipes-graphics/mesa/mesa-gl_23.1.3.bb
rename to poky/meta/recipes-graphics/mesa/mesa-gl_23.1.8.bb
diff --git a/poky/meta/recipes-graphics/mesa/mesa.inc b/poky/meta/recipes-graphics/mesa/mesa.inc
index 83535eb..4e82450 100644
--- a/poky/meta/recipes-graphics/mesa/mesa.inc
+++ b/poky/meta/recipes-graphics/mesa/mesa.inc
@@ -19,9 +19,10 @@
            file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \
            file://0001-gallium-Fix-build-with-llvm-17.patch \
            file://0001-intel-Allow-using-intel_clc-from-the-system.patch \
+           file://0001-meson-Disable-cmake-dependency-detector-for-llvm.patch \
            "
 
-SRC_URI[sha256sum] = "2f6d7381bc10fbd2d6263ad1022785b8b511046c1a904162f8f7da18eea8aed9"
+SRC_URI[sha256sum] = "45434ff91a709844130a3174d9c0ef39c6b50725b2bb0c13e736f36134db14ad"
 
 UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P<pver>\d+(\.\d+)+)"
 
diff --git a/poky/meta/recipes-graphics/mesa/mesa_23.1.3.bb b/poky/meta/recipes-graphics/mesa/mesa_23.1.8.bb
similarity index 100%
rename from poky/meta/recipes-graphics/mesa/mesa_23.1.3.bb
rename to poky/meta/recipes-graphics/mesa/mesa_23.1.8.bb
diff --git a/poky/meta/recipes-graphics/mini-x-session/mini-x-session_0.1.bb b/poky/meta/recipes-graphics/mini-x-session/mini-x-session_0.1.bb
index 12c72ed..ba81d0b 100644
--- a/poky/meta/recipes-graphics/mini-x-session/mini-x-session_0.1.bb
+++ b/poky/meta/recipes-graphics/mini-x-session/mini-x-session_0.1.bb
@@ -3,7 +3,6 @@
 HOMEPAGE = "http://www.yoctoproject.org"
 BUGTRACKER = "http://bugzilla.pokylinux.org"
 
-PR = "r4"
 
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://mini-x-session;endline=5;md5=b6430bffbcf05f9760e72938826b7487"
diff --git a/poky/meta/recipes-graphics/packagegroups/packagegroup-core-weston.bb b/poky/meta/recipes-graphics/packagegroups/packagegroup-core-weston.bb
index 0ce91ca..dd302c8 100644
--- a/poky/meta/recipes-graphics/packagegroups/packagegroup-core-weston.bb
+++ b/poky/meta/recipes-graphics/packagegroups/packagegroup-core-weston.bb
@@ -1,6 +1,5 @@
 SUMMARY = "Basic Weston compositor setup"
 DESCRIPTION = "Packages required to set up a basic working Weston session"
-PR = "r1"
 
 inherit packagegroup features_check
 
diff --git a/poky/meta/recipes-graphics/packagegroups/packagegroup-core-x11-base.bb b/poky/meta/recipes-graphics/packagegroups/packagegroup-core-x11-base.bb
index 0185c93..db6242a 100644
--- a/poky/meta/recipes-graphics/packagegroups/packagegroup-core-x11-base.bb
+++ b/poky/meta/recipes-graphics/packagegroups/packagegroup-core-x11-base.bb
@@ -1,6 +1,5 @@
 SUMMARY = "Basic X11 session"
 DESCRIPTION = "Packages required to set up a basic working X11 session"
-PR = "r1"
 
 inherit packagegroup features_check
 # rdepends on matchbox-wm
diff --git a/poky/meta/recipes-graphics/packagegroups/packagegroup-core-x11-xserver.bb b/poky/meta/recipes-graphics/packagegroups/packagegroup-core-x11-xserver.bb
index 3bb308f..ebc1330 100644
--- a/poky/meta/recipes-graphics/packagegroups/packagegroup-core-x11-xserver.bb
+++ b/poky/meta/recipes-graphics/packagegroups/packagegroup-core-x11-xserver.bb
@@ -3,7 +3,6 @@
 #
 
 SUMMARY = "X11 display server"
-PR = "r40"
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
@@ -11,7 +10,10 @@
 # rdepends on XSERVER
 REQUIRED_DISTRO_FEATURES = "x11"
 
-XSERVER ?= "xserver-xorg xf86-video-fbdev"
+XSERVER ?= "xserver-xorg \
+            xf86-video-fbdev \
+            xf86-video-modesetting \
+            "
 XSERVERCODECS ?= ""
 
 RDEPENDS:${PN} = "\
diff --git a/poky/meta/recipes-graphics/packagegroups/packagegroup-core-x11.bb b/poky/meta/recipes-graphics/packagegroups/packagegroup-core-x11.bb
index 9ca058b..91db7ed 100644
--- a/poky/meta/recipes-graphics/packagegroups/packagegroup-core-x11.bb
+++ b/poky/meta/recipes-graphics/packagegroups/packagegroup-core-x11.bb
@@ -2,7 +2,6 @@
 # Copyright (C) 2011 Intel Corporation
 #
 
-PR = "r40"
 
 inherit packagegroup features_check
 REQUIRED_DISTRO_FEATURES = "x11"
diff --git a/poky/meta/recipes-graphics/piglit/piglit/0001-cmake-install-bash-completions-in-the-right-place.patch b/poky/meta/recipes-graphics/piglit/piglit/0001-cmake-install-bash-completions-in-the-right-place.patch
deleted file mode 100644
index e07e810..0000000
--- a/poky/meta/recipes-graphics/piglit/piglit/0001-cmake-install-bash-completions-in-the-right-place.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 26faa2c157a27a18a9f767976730fe0c115e3af4 Mon Sep 17 00:00:00 2001
-From: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Date: Wed, 13 Jul 2016 19:19:02 +0300
-Subject: [PATCH] cmake: install bash-completions in the right place
-
-The completionsdir variable is a full path and should not be
-prefixed.
-
-This does mean the files may be installed outside of
-CMAKE_INSTALL_PREFIX -- the alternative is more difficult and
-means that bash completion files may be installed where
-bash-completion can't find them.
-
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Upstream-Status: Submitted [mailing list]
----
- CMakeLists.txt | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 8e2abba..784a8f9 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -532,7 +532,7 @@ install (
- if (BASH_COMPLETION_FOUND)
- 	install(
- 		FILES completions/bash/piglit
--		DESTINATION ${CMAKE_INSTALL_PREFIX}/${BASH_COMPLETION_COMPLETIONSDIR}/
-+		DESTINATION ${BASH_COMPLETION_COMPLETIONSDIR}/
- 	)
- endif (BASH_COMPLETION_FOUND)
- 
--- 
-2.8.1
-
diff --git a/poky/meta/recipes-graphics/piglit/piglit_git.bb b/poky/meta/recipes-graphics/piglit/piglit_git.bb
index 62cada7..69294c6 100644
--- a/poky/meta/recipes-graphics/piglit/piglit_git.bb
+++ b/poky/meta/recipes-graphics/piglit/piglit_git.bb
@@ -7,14 +7,13 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=b2beded7103a3d8a442a2a0391d607b0"
 
 SRC_URI = "git://gitlab.freedesktop.org/mesa/piglit.git;protocol=https;branch=main \
-           file://0001-cmake-install-bash-completions-in-the-right-place.patch \
            file://0002-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch \
            file://0003-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch \
            file://0001-tests-Fix-narrowing-errors-seen-with-clang.patch \
            "
 UPSTREAM_CHECK_COMMITS = "1"
 
-SRCREV = "5036601c43fff63f7be5cd8ad7b319a5c1f6652c"
+SRCREV = "71c21b1157c4f9a96453bdfcb9f4dda091360afd"
 # (when PV goes above 1.0 remove the trailing r)
 PV = "1.0+gitr"
 
diff --git a/poky/meta/recipes-graphics/spir/spirv-headers_1.3.250.0.bb b/poky/meta/recipes-graphics/spir/spirv-headers_1.3.261.1.bb
similarity index 92%
rename from poky/meta/recipes-graphics/spir/spirv-headers_1.3.250.0.bb
rename to poky/meta/recipes-graphics/spir/spirv-headers_1.3.261.1.bb
index d0a2e2e..945f087 100644
--- a/poky/meta/recipes-graphics/spir/spirv-headers_1.3.250.0.bb
+++ b/poky/meta/recipes-graphics/spir/spirv-headers_1.3.261.1.bb
@@ -4,7 +4,7 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c938b85bceb8fb26c1a807f28a52ae2d"
 
-SRCREV = "268a061764ee69f09a477a695bf6a11ffe311b8d"
+SRCREV = "124a9665e464ef98b8b718d572d5f329311061eb"
 SRC_URI = "git://github.com/KhronosGroup/SPIRV-Headers;protocol=https;branch=main"
 PE = "1"
 # These recipes need to be updated in lockstep with each other:
diff --git a/poky/meta/recipes-graphics/spir/spirv-tools_1.3.250.0.bb b/poky/meta/recipes-graphics/spir/spirv-tools_1.3.261.1.bb
similarity index 96%
rename from poky/meta/recipes-graphics/spir/spirv-tools_1.3.250.0.bb
rename to poky/meta/recipes-graphics/spir/spirv-tools_1.3.261.1.bb
index bde6ddd..6904288 100644
--- a/poky/meta/recipes-graphics/spir/spirv-tools_1.3.250.0.bb
+++ b/poky/meta/recipes-graphics/spir/spirv-tools_1.3.261.1.bb
@@ -7,7 +7,7 @@
 LICENSE  = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
-SRCREV = "e7c6084fd1d6d6f5ac393e842728d8be309688ca"
+SRCREV = "e553b884c7c9febaa4e52334f683641fb5f196a0"
 SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;branch=main;protocol=https"
 PE = "1"
 # These recipes need to be updated in lockstep with each other:
diff --git a/poky/meta/recipes-graphics/startup-notification/startup-notification_0.12.bb b/poky/meta/recipes-graphics/startup-notification/startup-notification_0.12.bb
index efd426f..aa18881 100644
--- a/poky/meta/recipes-graphics/startup-notification/startup-notification_0.12.bb
+++ b/poky/meta/recipes-graphics/startup-notification/startup-notification_0.12.bb
@@ -13,7 +13,6 @@
                     file://libsn/sn-common.h;endline=23;md5=6d05bc0ebdcf5513a6e77cb26e8cd7e2 \
                     file://test/test-boilerplate.h;endline=23;md5=923e706b2a70586176eead261cc5bb98"
 
-PR = "r2"
 
 SECTION = "libs"
 
diff --git a/poky/meta/recipes-graphics/ttf-fonts/ttf-bitstream-vera_1.10.bb b/poky/meta/recipes-graphics/ttf-fonts/ttf-bitstream-vera_1.10.bb
index d3d1cfd..0fc075a 100644
--- a/poky/meta/recipes-graphics/ttf-fonts/ttf-bitstream-vera_1.10.bb
+++ b/poky/meta/recipes-graphics/ttf-fonts/ttf-bitstream-vera_1.10.bb
@@ -8,7 +8,6 @@
 SECTION = "x11/fonts"
 LICENSE = "BitstreamVera"
 LIC_FILES_CHKSUM = "file://COPYRIGHT.TXT;md5=27d7484b1e18d0ee4ce538644a3f04be"
-PR = "r8"
 
 inherit allarch fontcache
 
diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-headers_1.3.250.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-headers_1.3.261.1.bb
similarity index 85%
rename from poky/meta/recipes-graphics/vulkan/vulkan-headers_1.3.250.0.bb
rename to poky/meta/recipes-graphics/vulkan/vulkan-headers_1.3.261.1.bb
index 2970767..01eb14b 100644
--- a/poky/meta/recipes-graphics/vulkan/vulkan-headers_1.3.250.0.bb
+++ b/poky/meta/recipes-graphics/vulkan/vulkan-headers_1.3.261.1.bb
@@ -7,11 +7,11 @@
 BUGTRACKER = "https://github.com/KhronosGroup/Vulkan-Headers"
 SECTION = "libs"
 
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b83ef96387f14655fc854ddc3c6bd57"
+LICENSE = "Apache-2.0 & MIT"
+LIC_FILES_CHKSUM = "file://LICENSE.md;md5=1bc355d8c4196f774c8b87ed1a8dd625"
 SRC_URI = "git://github.com/KhronosGroup/Vulkan-Headers.git;branch=main;protocol=https"
 
-SRCREV = "9e61870ecbd32514113b467e0a0c46f60ed222c7"
+SRCREV = "85c2334e92e215cce34e8e0ed8b2dce4700f4a50"
 
 S = "${WORKDIR}/git"
 
diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-loader_1.3.250.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-loader_1.3.261.1.bb
similarity index 94%
rename from poky/meta/recipes-graphics/vulkan/vulkan-loader_1.3.250.0.bb
rename to poky/meta/recipes-graphics/vulkan/vulkan-loader_1.3.261.1.bb
index 456c973..01cbeaf 100644
--- a/poky/meta/recipes-graphics/vulkan/vulkan-loader_1.3.250.0.bb
+++ b/poky/meta/recipes-graphics/vulkan/vulkan-loader_1.3.261.1.bb
@@ -9,8 +9,8 @@
 
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=7dbefed23242760aa3475ee42801c5ac"
-SRC_URI = "git://github.com/KhronosGroup/Vulkan-Loader.git;branch=sdk-1.3.250;protocol=https"
-SRCREV = "f372068d09fc13bcf54b8c81274f37aa5f46aea3"
+SRC_URI = "git://github.com/KhronosGroup/Vulkan-Loader.git;branch=main;protocol=https"
+SRCREV = "afdd025ead2b63b2c73d900ab128a2d3b512cdf0"
 
 S = "${WORKDIR}/git"
 
diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-tools/0001-scripts-CMakeLists.txt-do-not-make-special-arrangeme.patch b/poky/meta/recipes-graphics/vulkan/vulkan-tools/0001-scripts-CMakeLists.txt-do-not-make-special-arrangeme.patch
deleted file mode 100644
index 6b70a1e..0000000
--- a/poky/meta/recipes-graphics/vulkan/vulkan-tools/0001-scripts-CMakeLists.txt-do-not-make-special-arrangeme.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 9060e916ca05d34b56c62f2be0b4a77dd104e2aa Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Fri, 2 Jun 2023 14:13:00 +0200
-Subject: [PATCH] scripts/CMakeLists.txt: append to CMAKE_FIND_ROOT_PATH
- instead of replacing it
-
-Resetting CMAKE_FIND_ROOT_PATH in particular breaks builds in Yocto
-(which is a major cross compiling framework).
-
-Upstream-Status: Submitted [https://github.com/KhronosGroup/Vulkan-Tools/pull/808]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
-
----
- scripts/CMakeLists.txt | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt
-index 5b979d43..19a58bf9 100644
---- a/scripts/CMakeLists.txt
-+++ b/scripts/CMakeLists.txt
-@@ -114,7 +114,7 @@ if (MOLTENVK_REPO_ROOT)
- endif()
- 
- if (CMAKE_CROSSCOMPILING)
--    set(CMAKE_FIND_ROOT_PATH ${CMAKE_PREFIX_PATH} PARENT_SCOPE)
-+    set(CMAKE_FIND_ROOT_PATH ${CMAKE_FIND_ROOT_PATH} ${CMAKE_PREFIX_PATH} PARENT_SCOPE)
- else()
-     set(CMAKE_PREFIX_PATH ${CMAKE_PREFIX_PATH} PARENT_SCOPE)
- endif()
diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-tools_1.3.250.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-tools_1.3.261.1.bb
similarity index 89%
rename from poky/meta/recipes-graphics/vulkan/vulkan-tools_1.3.250.0.bb
rename to poky/meta/recipes-graphics/vulkan/vulkan-tools_1.3.261.1.bb
index 0346b38..7a7edc9 100644
--- a/poky/meta/recipes-graphics/vulkan/vulkan-tools_1.3.250.0.bb
+++ b/poky/meta/recipes-graphics/vulkan/vulkan-tools_1.3.261.1.bb
@@ -6,10 +6,8 @@
 
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b83ef96387f14655fc854ddc3c6bd57"
-SRC_URI = "git://github.com/KhronosGroup/Vulkan-Tools.git;branch=main;protocol=https \
-           file://0001-scripts-CMakeLists.txt-do-not-make-special-arrangeme.patch \
-           "
-SRCREV = "695887a994ef9cc00a7aa3f9c00b31a56ea79534"
+SRC_URI = "git://github.com/KhronosGroup/Vulkan-Tools.git;branch=main;protocol=https"
+SRCREV = "a7da7027ca9fd0901639f02619c226da9c6036f1"
 
 S = "${WORKDIR}/git"
 
diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers/0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers/0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch
deleted file mode 100644
index 4db686f..0000000
--- a/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers/0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From ea7b9e6fc0b3f45d6032ce624bed85bbde5ec0bf Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Wed, 21 Jun 2023 20:03:03 +0200
-Subject: [PATCH] scripts/CMakeLists.txt: append to CMAKE_FIND_ROOT_PATH
- instead of replacing it
-
-Resetting CMAKE_FIND_ROOT_PATH in particular breaks builds in Yocto
-(which is a major cross compiling framework).
-
-Upstream-Status: Backport [https://github.com/KhronosGroup/Vulkan-ValidationLayers/commit/e1b11dc7856765cf45a283ac805ea5066c81cd9b]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- scripts/CMakeLists.txt | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt
-index 94c8528c8..cd86c54eb 100644
---- a/scripts/CMakeLists.txt
-+++ b/scripts/CMakeLists.txt
-@@ -124,7 +124,7 @@ if (MIMALLOC_INSTALL_DIR)
- endif()
- 
- if (CMAKE_CROSSCOMPILING)
--    set(CMAKE_FIND_ROOT_PATH ${CMAKE_PREFIX_PATH} PARENT_SCOPE)
-+    set(CMAKE_FIND_ROOT_PATH ${CMAKE_FIND_ROOT_PATH} ${CMAKE_PREFIX_PATH} PARENT_SCOPE)
- else()
-     set(CMAKE_PREFIX_PATH ${CMAKE_PREFIX_PATH} PARENT_SCOPE)
- endif()
diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.250.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.261.1.bb
similarity index 85%
rename from poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.250.0.bb
rename to poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.261.1.bb
index 62c6343..1e2a0ac 100644
--- a/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.250.0.bb
+++ b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.261.1.bb
@@ -5,13 +5,11 @@
 BUGTRACKER = "https://github.com/KhronosGroup/Vulkan-ValidationLayers"
 SECTION = "libs"
 
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8df9e8826734226d08cb412babfa599c"
+LICENSE = "Apache-2.0 & MIT"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=cd3c0bc366cd9b6a906e22f0bcb5910f"
 
-SRC_URI = "git://git@github.com/KhronosGroup/Vulkan-ValidationLayers.git;branch=sdk-1.3.250;protocol=https \
-           file://0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch \
-           "
-SRCREV = "1541e00a63cd125f15d231d5a8059ebe66503b25"
+SRC_URI = "git://git@github.com/KhronosGroup/Vulkan-ValidationLayers.git;branch=sdk-1.3.261;protocol=https"
+SRCREV = "628cd310bef6d54b4e6b25b5ac2ed013473409d6"
 
 S = "${WORKDIR}/git"
 
diff --git a/poky/meta/recipes-graphics/wayland/files/0001-wayland-info-Fix-build-without-libdrm.patch b/poky/meta/recipes-graphics/wayland/files/0001-wayland-info-Fix-build-without-libdrm.patch
deleted file mode 100644
index 86c44d4..0000000
--- a/poky/meta/recipes-graphics/wayland/files/0001-wayland-info-Fix-build-without-libdrm.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From c79a3fb51718c4286b74edf0f758df9219994844 Mon Sep 17 00:00:00 2001
-From: Olivier Fourdan <ofourdan@redhat.com>
-Date: Wed, 14 Sep 2022 09:07:10 +0200
-Subject: [PATCH] wayland-info: Fix build without libdrm
-
-wayland-info can optionally use libdrm to provide a description of the
-dmabuf format modifiers.
-
-When not using libdrm however, the build fails because "dev_t" is not
-defined.
-
-The definition of "dev_t" comes from <sys/types.h> which is included
-from <libdrm.h>, which is not included without libdrm support, hence the
-build failure.
-
-Simply include <sys/types.h> unconditionally to make sure "dev_t" is
-defined regardless of libdrm support, to fix the build failure.
-
-Closes: https://gitlab.freedesktop.org/wayland/wayland-utils/-/issues/6
-Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
-Fixes: 240cb739 - "Add support for linux_dmabuf version 4"
-Reviewed-by: Simon Ser <contact@emersion.fr>
-Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
-
-Upstream-Status: Backport [https://gitlab.freedesktop.org/wayland/wayland-utils/-/commit/baa65ba9f62e6a05c32b9202b524158a21f24245]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- wayland-info/wayland-info.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/wayland-info/wayland-info.c b/wayland-info/wayland-info.c
-index 53cd04b..98ff205 100644
---- a/wayland-info/wayland-info.c
-+++ b/wayland-info/wayland-info.c
-@@ -34,6 +34,7 @@
- #include <ctype.h>
- #include <unistd.h>
- #include <sys/mman.h>
-+#include <sys/types.h>
- 
- #include <wayland-client.h>
- #if HAVE_HUMAN_FORMAT_MODIFIER
diff --git a/poky/meta/recipes-graphics/wayland/libinput_1.23.0.bb b/poky/meta/recipes-graphics/wayland/libinput_1.24.0.bb
similarity index 96%
rename from poky/meta/recipes-graphics/wayland/libinput_1.23.0.bb
rename to poky/meta/recipes-graphics/wayland/libinput_1.24.0.bb
index b83d5fd..49a1da2 100644
--- a/poky/meta/recipes-graphics/wayland/libinput_1.23.0.bb
+++ b/poky/meta/recipes-graphics/wayland/libinput_1.24.0.bb
@@ -15,7 +15,7 @@
 SRC_URI = "git://gitlab.freedesktop.org/libinput/libinput.git;protocol=https;branch=main \
            file://run-ptest \
            "
-SRCREV = "0b005eb64b12603e65a620a77c67ec62fd03f413"
+SRCREV = "1680f2fbaa63a91739012c6b57988ab1918ea0b7"
 S = "${WORKDIR}/git"
 
 UPSTREAM_CHECK_REGEX = "libinput-(?P<pver>\d+\.\d+\.(?!9\d+)\d+)"
diff --git a/poky/meta/recipes-graphics/wayland/wayland-utils_1.1.0.bb b/poky/meta/recipes-graphics/wayland/wayland-utils_1.2.0.bb
similarity index 77%
rename from poky/meta/recipes-graphics/wayland/wayland-utils_1.1.0.bb
rename to poky/meta/recipes-graphics/wayland/wayland-utils_1.2.0.bb
index 48e1409..657f67f 100644
--- a/poky/meta/recipes-graphics/wayland/wayland-utils_1.1.0.bb
+++ b/poky/meta/recipes-graphics/wayland/wayland-utils_1.2.0.bb
@@ -9,10 +9,8 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=548a66038a77415e1df51118625e832f \
                    "
 
-SRC_URI = "https://gitlab.freedesktop.org/wayland/wayland-utils/-/releases/${PV}/downloads/${BPN}-${PV}.tar.xz \
-           file://0001-wayland-info-Fix-build-without-libdrm.patch \
-           "
-SRC_URI[sha256sum] = "9e685863025b4feade36d53bbc8e31b43e26498be743dea84c7a84912959410a"
+SRC_URI = "https://gitlab.freedesktop.org/wayland/wayland-utils/-/releases/${PV}/downloads/${BPN}-${PV}.tar.xz"
+SRC_URI[sha256sum] = "d9278c22554586881802540751bcc42569262bf80cd9ac9b0fd12ff4bd09a9e4"
 
 UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html"
 
diff --git a/poky/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb b/poky/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
index 3cc8e9e..671c0a2 100644
--- a/poky/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
+++ b/poky/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
@@ -2,7 +2,6 @@
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
 SECTION = "x11"
-PR = "r31"
 
 SRC_URI = "file://xserver-nodm \
            file://Xserver \
diff --git a/poky/meta/recipes-graphics/xinput-calibrator/pointercal-xinput_0.0.bb b/poky/meta/recipes-graphics/xinput-calibrator/pointercal-xinput_0.0.bb
index b77c940..5c9742f 100644
--- a/poky/meta/recipes-graphics/xinput-calibrator/pointercal-xinput_0.0.bb
+++ b/poky/meta/recipes-graphics/xinput-calibrator/pointercal-xinput_0.0.bb
@@ -5,7 +5,6 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 
-PR = "r7"
 
 SRC_URI = "file://pointercal.xinput"
 S = "${WORKDIR}"
diff --git a/poky/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb b/poky/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb
index 05f07c1..7b49668 100644
--- a/poky/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb
+++ b/poky/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb
@@ -5,7 +5,6 @@
 DEPENDS = "virtual/libx11 libxi libxrandr"
 
 PV = "0.7.5+git"
-PR = "r6"
 
 inherit autotools pkgconfig features_check
 # depends on virtual/libx11
diff --git a/poky/meta/recipes-graphics/xorg-driver/xf86-input-libinput_1.3.0.bb b/poky/meta/recipes-graphics/xorg-driver/xf86-input-libinput_1.4.0.bb
similarity index 76%
rename from poky/meta/recipes-graphics/xorg-driver/xf86-input-libinput_1.3.0.bb
rename to poky/meta/recipes-graphics/xorg-driver/xf86-input-libinput_1.4.0.bb
index 892046e..92272c3 100644
--- a/poky/meta/recipes-graphics/xorg-driver/xf86-input-libinput_1.3.0.bb
+++ b/poky/meta/recipes-graphics/xorg-driver/xf86-input-libinput_1.4.0.bb
@@ -7,6 +7,6 @@
 DEPENDS += "libinput"
 
 XORG_DRIVER_COMPRESSOR = ".tar.xz"
-SRC_URI[sha256sum] = "1446ba20a22bc968b5a4a0b4dbc3b8e037c50d9c59ac75fa3f7fc506c58c1abb"
+SRC_URI[sha256sum] = "3a3d14cd895dc75b59ae2783b888031956a0bac7a1eff16d240dbb9d5df3e398"
 
 FILES:${PN} += "${datadir}/X11/xorg.conf.d"
diff --git a/poky/meta/recipes-graphics/xorg-font/font-util_1.4.0.bb b/poky/meta/recipes-graphics/xorg-font/font-util_1.4.1.bb
similarity index 60%
rename from poky/meta/recipes-graphics/xorg-font/font-util_1.4.0.bb
rename to poky/meta/recipes-graphics/xorg-font/font-util_1.4.1.bb
index db82104..0c65927 100644
--- a/poky/meta/recipes-graphics/xorg-font/font-util_1.4.0.bb
+++ b/poky/meta/recipes-graphics/xorg-font/font-util_1.4.1.bb
@@ -2,12 +2,12 @@
 
 require xorg-font-common.inc
 
-#Unicode is MIT
-LICENSE = "MIT & MIT & BSD-4-Clause & BSD-2-Clause"
-LIC_FILES_CHKSUM = "file://COPYING;md5=5df208ec65eb84ce5bb8d82d8f3b9675 \
+LICENSE = "Unicode-TOU & BSD-4-Clause & BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://COPYING;md5=2a9e705c00e463c8d294f90486852e06 \
                     file://ucs2any.c;endline=28;md5=8357dc567fc628bd12696f15b2a33bcb \
                     file://bdftruncate.c;endline=26;md5=4f82ffc101a1b165eae9c6998abff937 \
-                    file://map-ISO8859-1;beginline=9;endline=23;md5=1cecb984063248f29ffe5c46f5c04f34"
+                    file://map-ISO8859-1;beginline=1;endline=4;md5=9c9c1d525d29c0e82b5c99edbb8e71c1 \
+                    "
 
 DEPENDS = "encodings util-macros"
 DEPENDS:class-native = "util-macros-native"
@@ -16,7 +16,7 @@
 
 BBCLASSEXTEND = "native"
 
-SRC_URI[sha256sum] = "9f724bf940128c7e39f7252bd961cd38cfac2359de2100a8bed696bf40d40f7d"
+SRC_URI[sha256sum] = "5c9f64123c194b150fee89049991687386e6ff36ef2af7b80ba53efaf368cc95"
 
 SYSROOT_DIRS_IGNORE:remove = "${datadir}/fonts"
 
diff --git a/poky/meta/recipes-graphics/xorg-font/xorg-minimal-fonts.bb b/poky/meta/recipes-graphics/xorg-font/xorg-minimal-fonts.bb
index babde4b..d32ef77 100644
--- a/poky/meta/recipes-graphics/xorg-font/xorg-minimal-fonts.bb
+++ b/poky/meta/recipes-graphics/xorg-font/xorg-minimal-fonts.bb
@@ -13,7 +13,6 @@
 SOURCE_DATE_EPOCH = "1613559011"
 
 PE = "1"
-PR = "r4"
 
 inherit allarch features_check
 
diff --git a/poky/meta/recipes-graphics/xorg-lib/libxcb_1.15.bb b/poky/meta/recipes-graphics/xorg-lib/libxcb_1.16.bb
similarity index 92%
rename from poky/meta/recipes-graphics/xorg-lib/libxcb_1.15.bb
rename to poky/meta/recipes-graphics/xorg-lib/libxcb_1.16.bb
index 411f51a..04b1eaa 100644
--- a/poky/meta/recipes-graphics/xorg-lib/libxcb_1.15.bb
+++ b/poky/meta/recipes-graphics/xorg-lib/libxcb_1.16.bb
@@ -12,7 +12,7 @@
 SRC_URI = "http://xcb.freedesktop.org/dist/libxcb-${PV}.tar.xz \
            file://0001-use-_Alignof-to-avoid-UB-in-ALIGNOF.patch"
 
-SRC_URI[sha256sum] = "cc38744f817cf6814c847e2df37fcb8997357d72fa4bcbc228ae0fe47219a059"
+SRC_URI[sha256sum] = "4348566aa0fbf196db5e0a576321c65966189210cb51328ea2bb2be39c711d71"
 
 BBCLASSEXTEND = "native nativesdk"
 
diff --git a/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb b/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.16.0.bb
similarity index 92%
rename from poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb
rename to poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.16.0.bb
index e60e795..67c1e8d 100644
--- a/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb
+++ b/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.16.0.bb
@@ -15,7 +15,7 @@
            file://0001-xcb-proto.pc.in-reinstate-libdir.patch \
            file://0001-Fix-install-conflict-when-enable-multilib.patch \
            "
-SRC_URI[sha256sum] = "7072beb1f680a2fe3f9e535b797c146d22528990c72f63ddb49d2f350a3653ed"
+SRC_URI[sha256sum] = "a75a1848ad2a89a82d841a51be56ce988ff3c63a8d6bf4383ae3219d8d915119"
 
 inherit autotools pkgconfig python3native
 
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb
index f82a696..03f14ce 100644
--- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb
@@ -3,7 +3,6 @@
 SECTION = "x11/base"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
-PR = "r33"
 
 SRC_URI = "file://xorg.conf"
 
diff --git a/poky/meta/recipes-graphics/xrestop/xrestop_0.4.bb b/poky/meta/recipes-graphics/xrestop/xrestop_0.4.bb
index 0b5ab50..a6b6c42 100644
--- a/poky/meta/recipes-graphics/xrestop/xrestop_0.4.bb
+++ b/poky/meta/recipes-graphics/xrestop/xrestop_0.4.bb
@@ -10,7 +10,6 @@
                     file://xrestop.c;endline=18;md5=730876c30f0d8a928676bcd1242a3b35"
 
 SECTION = "x11/utils"
-PR = "r3"
 
 DEPENDS = "libxres libxext virtual/libx11 ncurses"
 
diff --git a/poky/meta/recipes-graphics/xwayland/xwayland_23.1.2.bb b/poky/meta/recipes-graphics/xwayland/xwayland_23.2.1.bb
similarity index 95%
rename from poky/meta/recipes-graphics/xwayland/xwayland_23.1.2.bb
rename to poky/meta/recipes-graphics/xwayland/xwayland_23.2.1.bb
index de51653..e97a921 100644
--- a/poky/meta/recipes-graphics/xwayland/xwayland_23.1.2.bb
+++ b/poky/meta/recipes-graphics/xwayland/xwayland_23.2.1.bb
@@ -10,7 +10,7 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880"
 
 SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz"
-SRC_URI[sha256sum] = "bd25d8498ee4d77874fda125127e2db37fc332531febc966231ea06fae8cf77f"
+SRC_URI[sha256sum] = "eebc2692c3aa80617d78428bc6ec7b91b254a98214d2a70e997098503cd6ef90"
 
 UPSTREAM_CHECK_REGEX = "xwayland-(?P<pver>\d+(\.(?!90\d)\d+)+)\.tar"
 
diff --git a/poky/meta/recipes-kernel/kexec/kexec-tools_2.0.26.bb b/poky/meta/recipes-kernel/kexec/kexec-tools_2.0.27.bb
similarity index 96%
rename from poky/meta/recipes-kernel/kexec/kexec-tools_2.0.26.bb
rename to poky/meta/recipes-kernel/kexec/kexec-tools_2.0.27.bb
index 11a3c4f..9b9864d 100644
--- a/poky/meta/recipes-kernel/kexec/kexec-tools_2.0.26.bb
+++ b/poky/meta/recipes-kernel/kexec/kexec-tools_2.0.27.bb
@@ -19,7 +19,7 @@
            file://0001-arm64-kexec-disabled-check-if-kaslr-seed-dtb-propert.patch \
            "
 
-SRC_URI[sha256sum] = "89bdd941542c64fec16311858df304ed3a3908c1a60874d69df5d9bf1611e062"
+SRC_URI[sha256sum] = "410f89057d1f4cd2b0477b6c2035ec2c52e21c185e90742bbae8b4f78a7077a5"
 
 inherit autotools update-rc.d systemd
 
diff --git a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.4.bb b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.5.bb
similarity index 83%
rename from poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.4.bb
rename to poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.5.bb
index c523154..fa90274 100644
--- a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.4.bb
+++ b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.5.bb
@@ -12,6 +12,6 @@
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
-SRC_URI[sha256sum] = "8fa0588f0c2ceca44cac77a0e39ba48c9f00a6b9dc69761c02a5d3efac8da7f3"
+SRC_URI[sha256sum] = "7a574bbc20802ea76b52ca7faf07267f72045e861b18915c5272a98c27abf884"
 
 
diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index 41ee8bc..88c7e45 100644
--- a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-09-07 15:29:54.983415+00:00 for version 6.1.51
+# Generated at 2023-09-30 07:26:16.988526+00:00 for version 6.1.55
 
 python check_kernel_cve_status_version() {
-    this_version = "6.1.51"
+    this_version = "6.1.55"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -3450,6 +3450,8 @@
 
 CVE_STATUS[CVE-2020-36694] = "fixed-version: Fixed from version 5.10"
 
+CVE_STATUS[CVE-2020-36766] = "fixed-version: Fixed from version 5.9rc1"
+
 CVE_STATUS[CVE-2020-3702] = "fixed-version: Fixed from version 5.12rc1"
 
 CVE_STATUS[CVE-2020-4788] = "fixed-version: Fixed from version 5.10rc5"
@@ -4518,9 +4520,9 @@
 
 CVE_STATUS[CVE-2022-43945] = "fixed-version: Fixed from version 6.1rc1"
 
-# CVE-2022-44032 has no known resolution
+# CVE-2022-44032 needs backporting (fixed from 6.4rc1)
 
-# CVE-2022-44033 has no known resolution
+# CVE-2022-44033 needs backporting (fixed from 6.4rc1)
 
 # CVE-2022-44034 has no known resolution
 
@@ -4532,13 +4534,13 @@
 
 # CVE-2022-45885 has no known resolution
 
-# CVE-2022-45886 has no known resolution
+CVE_STATUS[CVE-2022-45886] = "cpe-stable-backport: Backported in 6.1.33"
 
-# CVE-2022-45887 has no known resolution
+CVE_STATUS[CVE-2022-45887] = "cpe-stable-backport: Backported in 6.1.33"
 
 # CVE-2022-45888 needs backporting (fixed from 6.2rc1)
 
-# CVE-2022-45919 has no known resolution
+CVE_STATUS[CVE-2022-45919] = "cpe-stable-backport: Backported in 6.1.33"
 
 CVE_STATUS[CVE-2022-45934] = "fixed-version: Fixed from version 6.1"
 
@@ -4644,7 +4646,7 @@
 
 # CVE-2023-1193 has no known resolution
 
-# CVE-2023-1194 has no known resolution
+CVE_STATUS[CVE-2023-1194] = "cpe-stable-backport: Backported in 6.1.34"
 
 CVE_STATUS[CVE-2023-1195] = "fixed-version: Fixed from version 6.1rc3"
 
@@ -4786,7 +4788,7 @@
 
 CVE_STATUS[CVE-2023-23586] = "fixed-version: Fixed from version 5.12rc1"
 
-# CVE-2023-2430 needs backporting (fixed from 6.2rc5)
+CVE_STATUS[CVE-2023-2430] = "cpe-stable-backport: Backported in 6.1.50"
 
 CVE_STATUS[CVE-2023-2483] = "cpe-stable-backport: Backported in 6.1.22"
 
@@ -4794,6 +4796,8 @@
 
 CVE_STATUS[CVE-2023-2513] = "fixed-version: Fixed from version 6.0rc1"
 
+CVE_STATUS[CVE-2023-25775] = "cpe-stable-backport: Backported in 6.1.53"
+
 CVE_STATUS[CVE-2023-2598] = "fixed-version: only affects 6.3rc1 onwards"
 
 # CVE-2023-26242 has no known resolution
@@ -4848,7 +4852,7 @@
 
 # CVE-2023-31082 has no known resolution
 
-# CVE-2023-31083 has no known resolution
+# CVE-2023-31083 needs backporting (fixed from 6.6rc1)
 
 # CVE-2023-31084 needs backporting (fixed from 6.4rc3)
 
@@ -4962,7 +4966,7 @@
 
 # CVE-2023-3640 has no known resolution
 
-# CVE-2023-37453 has no known resolution
+CVE_STATUS[CVE-2023-37453] = "fixed-version: only affects 6.3rc1 onwards"
 
 # CVE-2023-37454 has no known resolution
 
@@ -4972,6 +4976,8 @@
 
 CVE_STATUS[CVE-2023-3776] = "cpe-stable-backport: Backported in 6.1.40"
 
+CVE_STATUS[CVE-2023-3777] = "cpe-stable-backport: Backported in 6.1.42"
+
 CVE_STATUS[CVE-2023-3812] = "fixed-version: Fixed from version 6.1rc4"
 
 CVE_STATUS[CVE-2023-38409] = "cpe-stable-backport: Backported in 6.1.25"
@@ -4992,10 +4998,18 @@
 
 CVE_STATUS[CVE-2023-3863] = "cpe-stable-backport: Backported in 6.1.39"
 
+CVE_STATUS[CVE-2023-3865] = "cpe-stable-backport: Backported in 6.1.36"
+
+CVE_STATUS[CVE-2023-3866] = "cpe-stable-backport: Backported in 6.1.36"
+
+CVE_STATUS[CVE-2023-3867] = "cpe-stable-backport: Backported in 6.1.40"
+
 CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42"
 
 # CVE-2023-4010 has no known resolution
 
+CVE_STATUS[CVE-2023-4015] = "cpe-stable-backport: Backported in 6.1.43"
+
 CVE_STATUS[CVE-2023-40283] = "cpe-stable-backport: Backported in 6.1.45"
 
 CVE_STATUS[CVE-2023-4128] = "cpe-stable-backport: Backported in 6.1.45"
@@ -5012,8 +5026,22 @@
 
 CVE_STATUS[CVE-2023-4194] = "fixed-version: only affects 6.3rc1 onwards"
 
+CVE_STATUS[CVE-2023-4206] = "cpe-stable-backport: Backported in 6.1.45"
+
+CVE_STATUS[CVE-2023-4207] = "cpe-stable-backport: Backported in 6.1.45"
+
+CVE_STATUS[CVE-2023-4208] = "cpe-stable-backport: Backported in 6.1.45"
+
+# CVE-2023-4244 needs backporting (fixed from 6.5rc7)
+
 CVE_STATUS[CVE-2023-4273] = "cpe-stable-backport: Backported in 6.1.45"
 
+CVE_STATUS[CVE-2023-42752] = "cpe-stable-backport: Backported in 6.1.53"
+
+CVE_STATUS[CVE-2023-42753] = "cpe-stable-backport: Backported in 6.1.53"
+
+CVE_STATUS[CVE-2023-42755] = "cpe-stable-backport: Backported in 6.1.55"
+
 CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed from version 5.19rc1"
 
 CVE_STATUS[CVE-2023-4387] = "fixed-version: Fixed from version 5.18"
@@ -5024,3 +5052,21 @@
 
 CVE_STATUS[CVE-2023-4459] = "fixed-version: Fixed from version 5.18"
 
+# CVE-2023-4563 needs backporting (fixed from 6.5rc6)
+
+CVE_STATUS[CVE-2023-4569] = "cpe-stable-backport: Backported in 6.1.47"
+
+CVE_STATUS[CVE-2023-4611] = "fixed-version: only affects 6.4rc1 onwards"
+
+# CVE-2023-4622 needs backporting (fixed from 6.5rc1)
+
+CVE_STATUS[CVE-2023-4623] = "cpe-stable-backport: Backported in 6.1.53"
+
+CVE_STATUS[CVE-2023-4881] = "cpe-stable-backport: Backported in 6.1.54"
+
+CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54"
+
+# CVE-2023-5158 has no known resolution
+
+# CVE-2023-5197 needs backporting (fixed from 6.6rc3)
+
diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.4.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.4.inc
index 5a5eb9a..eacb706 100644
--- a/poky/meta/recipes-kernel/linux/cve-exclusion_6.4.inc
+++ b/poky/meta/recipes-kernel/linux/cve-exclusion_6.4.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-09-07 15:30:03.897686+00:00 for version 6.4.14
+# Generated at 2023-09-30 07:24:59.900581+00:00 for version 6.4.16
 
 python check_kernel_cve_status_version() {
-    this_version = "6.4.14"
+    this_version = "6.4.16"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -3450,6 +3450,8 @@
 
 CVE_STATUS[CVE-2020-36694] = "fixed-version: Fixed from version 5.10"
 
+CVE_STATUS[CVE-2020-36766] = "fixed-version: Fixed from version 5.9rc1"
+
 CVE_STATUS[CVE-2020-3702] = "fixed-version: Fixed from version 5.12rc1"
 
 CVE_STATUS[CVE-2020-4788] = "fixed-version: Fixed from version 5.10rc5"
@@ -4518,9 +4520,9 @@
 
 CVE_STATUS[CVE-2022-43945] = "fixed-version: Fixed from version 6.1rc1"
 
-# CVE-2022-44032 has no known resolution
+CVE_STATUS[CVE-2022-44032] = "fixed-version: Fixed from version 6.4rc1"
 
-# CVE-2022-44033 has no known resolution
+CVE_STATUS[CVE-2022-44033] = "fixed-version: Fixed from version 6.4rc1"
 
 # CVE-2022-44034 has no known resolution
 
@@ -4532,13 +4534,13 @@
 
 # CVE-2022-45885 has no known resolution
 
-# CVE-2022-45886 has no known resolution
+CVE_STATUS[CVE-2022-45886] = "fixed-version: Fixed from version 6.4rc3"
 
-# CVE-2022-45887 has no known resolution
+CVE_STATUS[CVE-2022-45887] = "fixed-version: Fixed from version 6.4rc3"
 
 CVE_STATUS[CVE-2022-45888] = "fixed-version: Fixed from version 6.2rc1"
 
-# CVE-2022-45919 has no known resolution
+CVE_STATUS[CVE-2022-45919] = "fixed-version: Fixed from version 6.4rc3"
 
 CVE_STATUS[CVE-2022-45934] = "fixed-version: Fixed from version 6.1"
 
@@ -4644,7 +4646,7 @@
 
 # CVE-2023-1193 has no known resolution
 
-# CVE-2023-1194 has no known resolution
+CVE_STATUS[CVE-2023-1194] = "fixed-version: Fixed from version 6.4rc6"
 
 CVE_STATUS[CVE-2023-1195] = "fixed-version: Fixed from version 6.1rc3"
 
@@ -4794,6 +4796,8 @@
 
 CVE_STATUS[CVE-2023-2513] = "fixed-version: Fixed from version 6.0rc1"
 
+CVE_STATUS[CVE-2023-25775] = "cpe-stable-backport: Backported in 6.4.16"
+
 CVE_STATUS[CVE-2023-2598] = "fixed-version: Fixed from version 6.4rc1"
 
 # CVE-2023-26242 has no known resolution
@@ -4848,7 +4852,7 @@
 
 # CVE-2023-31082 has no known resolution
 
-# CVE-2023-31083 has no known resolution
+# CVE-2023-31083 needs backporting (fixed from 6.6rc1)
 
 CVE_STATUS[CVE-2023-31084] = "fixed-version: Fixed from version 6.4rc3"
 
@@ -4962,7 +4966,7 @@
 
 # CVE-2023-3640 has no known resolution
 
-# CVE-2023-37453 has no known resolution
+CVE_STATUS[CVE-2023-37453] = "cpe-stable-backport: Backported in 6.4.16"
 
 # CVE-2023-37454 has no known resolution
 
@@ -4972,6 +4976,8 @@
 
 CVE_STATUS[CVE-2023-3776] = "cpe-stable-backport: Backported in 6.4.5"
 
+CVE_STATUS[CVE-2023-3777] = "cpe-stable-backport: Backported in 6.4.7"
+
 CVE_STATUS[CVE-2023-3812] = "fixed-version: Fixed from version 6.1rc4"
 
 CVE_STATUS[CVE-2023-38409] = "fixed-version: Fixed from version 6.3rc7"
@@ -4992,10 +4998,18 @@
 
 CVE_STATUS[CVE-2023-3863] = "cpe-stable-backport: Backported in 6.4.4"
 
+CVE_STATUS[CVE-2023-3865] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-3866] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-3867] = "cpe-stable-backport: Backported in 6.4.5"
+
 CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.4.7"
 
 # CVE-2023-4010 has no known resolution
 
+CVE_STATUS[CVE-2023-4015] = "cpe-stable-backport: Backported in 6.4.8"
+
 CVE_STATUS[CVE-2023-40283] = "cpe-stable-backport: Backported in 6.4.10"
 
 CVE_STATUS[CVE-2023-4128] = "cpe-stable-backport: Backported in 6.4.10"
@@ -5012,8 +5026,22 @@
 
 CVE_STATUS[CVE-2023-4194] = "cpe-stable-backport: Backported in 6.4.10"
 
+CVE_STATUS[CVE-2023-4206] = "cpe-stable-backport: Backported in 6.4.10"
+
+CVE_STATUS[CVE-2023-4207] = "cpe-stable-backport: Backported in 6.4.10"
+
+CVE_STATUS[CVE-2023-4208] = "cpe-stable-backport: Backported in 6.4.10"
+
+CVE_STATUS[CVE-2023-4244] = "cpe-stable-backport: Backported in 6.4.12"
+
 CVE_STATUS[CVE-2023-4273] = "cpe-stable-backport: Backported in 6.4.10"
 
+CVE_STATUS[CVE-2023-42752] = "cpe-stable-backport: Backported in 6.4.16"
+
+CVE_STATUS[CVE-2023-42753] = "cpe-stable-backport: Backported in 6.4.16"
+
+CVE_STATUS[CVE-2023-42755] = "fixed-version: Fixed from version 6.3rc1"
+
 CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed from version 5.19rc1"
 
 CVE_STATUS[CVE-2023-4387] = "fixed-version: Fixed from version 5.18"
@@ -5024,3 +5052,21 @@
 
 CVE_STATUS[CVE-2023-4459] = "fixed-version: Fixed from version 5.18"
 
+CVE_STATUS[CVE-2023-4563] = "cpe-stable-backport: Backported in 6.4.11"
+
+CVE_STATUS[CVE-2023-4569] = "cpe-stable-backport: Backported in 6.4.12"
+
+CVE_STATUS[CVE-2023-4611] = "cpe-stable-backport: Backported in 6.4.8"
+
+# CVE-2023-4622 needs backporting (fixed from 6.5rc1)
+
+CVE_STATUS[CVE-2023-4623] = "cpe-stable-backport: Backported in 6.4.16"
+
+# CVE-2023-4881 needs backporting (fixed from 6.6rc1)
+
+# CVE-2023-4921 needs backporting (fixed from 6.6rc1)
+
+# CVE-2023-5158 has no known resolution
+
+# CVE-2023-5197 needs backporting (fixed from 6.6rc3)
+
diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.5.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.5.inc
new file mode 100644
index 0000000..c88b6f7
--- /dev/null
+++ b/poky/meta/recipes-kernel/linux/cve-exclusion_6.5.inc
@@ -0,0 +1,5072 @@
+
+# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
+# Generated at 2023-09-29 00:20:42.494116+00:00 for version 6.5.5
+
+python check_kernel_cve_status_version() {
+    this_version = "6.5.5"
+    kernel_version = d.getVar("LINUX_VERSION")
+    if kernel_version != this_version:
+        bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
+}
+do_cve_check[prefuncs] += "check_kernel_cve_status_version"
+
+CVE_STATUS[CVE-2003-1604] = "fixed-version: Fixed from version 2.6.12rc2"
+
+CVE_STATUS[CVE-2004-0230] = "fixed-version: Fixed from version 3.6rc1"
+
+# CVE-2005-3660 has no known resolution
+
+CVE_STATUS[CVE-2006-3635] = "fixed-version: Fixed from version 2.6.26rc5"
+
+CVE_STATUS[CVE-2006-5331] = "fixed-version: Fixed from version 2.6.19rc3"
+
+CVE_STATUS[CVE-2006-6128] = "fixed-version: Fixed from version 2.6.19rc2"
+
+# CVE-2007-3719 has no known resolution
+
+CVE_STATUS[CVE-2007-4774] = "fixed-version: Fixed from version 2.6.12rc2"
+
+CVE_STATUS[CVE-2007-6761] = "fixed-version: Fixed from version 2.6.24rc6"
+
+CVE_STATUS[CVE-2007-6762] = "fixed-version: Fixed from version 2.6.20rc5"
+
+# CVE-2008-2544 has no known resolution
+
+# CVE-2008-4609 has no known resolution
+
+CVE_STATUS[CVE-2008-7316] = "fixed-version: Fixed from version 2.6.25rc1"
+
+CVE_STATUS[CVE-2009-2692] = "fixed-version: Fixed from version 2.6.31rc6"
+
+CVE_STATUS[CVE-2010-0008] = "fixed-version: Fixed from version 2.6.23rc9"
+
+CVE_STATUS[CVE-2010-3432] = "fixed-version: Fixed from version 2.6.36rc5"
+
+# CVE-2010-4563 has no known resolution
+
+CVE_STATUS[CVE-2010-4648] = "fixed-version: Fixed from version 2.6.37rc6"
+
+CVE_STATUS[CVE-2010-5313] = "fixed-version: Fixed from version 2.6.38rc1"
+
+# CVE-2010-5321 has no known resolution
+
+CVE_STATUS[CVE-2010-5328] = "fixed-version: Fixed from version 2.6.35rc1"
+
+CVE_STATUS[CVE-2010-5329] = "fixed-version: Fixed from version 2.6.39rc1"
+
+CVE_STATUS[CVE-2010-5331] = "fixed-version: Fixed from version 2.6.34rc7"
+
+CVE_STATUS[CVE-2010-5332] = "fixed-version: Fixed from version 2.6.37rc1"
+
+CVE_STATUS[CVE-2011-4098] = "fixed-version: Fixed from version 3.2rc1"
+
+CVE_STATUS[CVE-2011-4131] = "fixed-version: Fixed from version 3.3rc1"
+
+CVE_STATUS[CVE-2011-4915] = "fixed-version: Fixed from version 3.2rc1"
+
+# CVE-2011-4916 has no known resolution
+
+# CVE-2011-4917 has no known resolution
+
+CVE_STATUS[CVE-2011-5321] = "fixed-version: Fixed from version 3.2rc1"
+
+CVE_STATUS[CVE-2011-5327] = "fixed-version: Fixed from version 3.1rc1"
+
+CVE_STATUS[CVE-2012-0957] = "fixed-version: Fixed from version 3.7rc2"
+
+CVE_STATUS[CVE-2012-2119] = "fixed-version: Fixed from version 3.5rc1"
+
+CVE_STATUS[CVE-2012-2136] = "fixed-version: Fixed from version 3.5rc1"
+
+CVE_STATUS[CVE-2012-2137] = "fixed-version: Fixed from version 3.5rc2"
+
+CVE_STATUS[CVE-2012-2313] = "fixed-version: Fixed from version 3.4rc6"
+
+CVE_STATUS[CVE-2012-2319] = "fixed-version: Fixed from version 3.4rc6"
+
+CVE_STATUS[CVE-2012-2372] = "fixed-version: Fixed from version 3.13rc4"
+
+CVE_STATUS[CVE-2012-2375] = "fixed-version: Fixed from version 3.4rc1"
+
+CVE_STATUS[CVE-2012-2390] = "fixed-version: Fixed from version 3.5rc1"
+
+CVE_STATUS[CVE-2012-2669] = "fixed-version: Fixed from version 3.5rc4"
+
+CVE_STATUS[CVE-2012-2744] = "fixed-version: Fixed from version 2.6.34rc1"
+
+CVE_STATUS[CVE-2012-2745] = "fixed-version: Fixed from version 3.4rc3"
+
+CVE_STATUS[CVE-2012-3364] = "fixed-version: Fixed from version 3.5rc6"
+
+CVE_STATUS[CVE-2012-3375] = "fixed-version: Fixed from version 3.4rc5"
+
+CVE_STATUS[CVE-2012-3400] = "fixed-version: Fixed from version 3.5rc5"
+
+CVE_STATUS[CVE-2012-3412] = "fixed-version: Fixed from version 3.6rc2"
+
+CVE_STATUS[CVE-2012-3430] = "fixed-version: Fixed from version 3.6rc1"
+
+CVE_STATUS[CVE-2012-3510] = "fixed-version: Fixed from version 2.6.19rc4"
+
+CVE_STATUS[CVE-2012-3511] = "fixed-version: Fixed from version 3.5rc6"
+
+CVE_STATUS[CVE-2012-3520] = "fixed-version: Fixed from version 3.6rc3"
+
+CVE_STATUS[CVE-2012-3552] = "fixed-version: Fixed from version 3.0rc1"
+
+# Skipping CVE-2012-4220, no affected_versions
+
+# Skipping CVE-2012-4221, no affected_versions
+
+# Skipping CVE-2012-4222, no affected_versions
+
+CVE_STATUS[CVE-2012-4398] = "fixed-version: Fixed from version 3.4rc1"
+
+CVE_STATUS[CVE-2012-4444] = "fixed-version: Fixed from version 2.6.36rc4"
+
+CVE_STATUS[CVE-2012-4461] = "fixed-version: Fixed from version 3.7rc6"
+
+CVE_STATUS[CVE-2012-4467] = "fixed-version: Fixed from version 3.6rc5"
+
+CVE_STATUS[CVE-2012-4508] = "fixed-version: Fixed from version 3.7rc3"
+
+CVE_STATUS[CVE-2012-4530] = "fixed-version: Fixed from version 3.8rc1"
+
+# CVE-2012-4542 has no known resolution
+
+CVE_STATUS[CVE-2012-4565] = "fixed-version: Fixed from version 3.7rc4"
+
+CVE_STATUS[CVE-2012-5374] = "fixed-version: Fixed from version 3.8rc1"
+
+CVE_STATUS[CVE-2012-5375] = "fixed-version: Fixed from version 3.8rc1"
+
+CVE_STATUS[CVE-2012-5517] = "fixed-version: Fixed from version 3.6rc1"
+
+CVE_STATUS[CVE-2012-6536] = "fixed-version: Fixed from version 3.6rc7"
+
+CVE_STATUS[CVE-2012-6537] = "fixed-version: Fixed from version 3.6rc7"
+
+CVE_STATUS[CVE-2012-6538] = "fixed-version: Fixed from version 3.6rc7"
+
+CVE_STATUS[CVE-2012-6539] = "fixed-version: Fixed from version 3.6rc3"
+
+CVE_STATUS[CVE-2012-6540] = "fixed-version: Fixed from version 3.6rc3"
+
+CVE_STATUS[CVE-2012-6541] = "fixed-version: Fixed from version 3.6rc3"
+
+CVE_STATUS[CVE-2012-6542] = "fixed-version: Fixed from version 3.6rc3"
+
+CVE_STATUS[CVE-2012-6543] = "fixed-version: Fixed from version 3.6rc3"
+
+CVE_STATUS[CVE-2012-6544] = "fixed-version: Fixed from version 3.6rc3"
+
+CVE_STATUS[CVE-2012-6545] = "fixed-version: Fixed from version 3.6rc3"
+
+CVE_STATUS[CVE-2012-6546] = "fixed-version: Fixed from version 3.6rc3"
+
+CVE_STATUS[CVE-2012-6547] = "fixed-version: Fixed from version 3.6rc1"
+
+CVE_STATUS[CVE-2012-6548] = "fixed-version: Fixed from version 3.6rc1"
+
+CVE_STATUS[CVE-2012-6549] = "fixed-version: Fixed from version 3.6rc1"
+
+CVE_STATUS[CVE-2012-6638] = "fixed-version: Fixed from version 3.3rc1"
+
+CVE_STATUS[CVE-2012-6647] = "fixed-version: Fixed from version 3.6rc2"
+
+CVE_STATUS[CVE-2012-6657] = "fixed-version: Fixed from version 3.6"
+
+CVE_STATUS[CVE-2012-6689] = "fixed-version: Fixed from version 3.6rc5"
+
+CVE_STATUS[CVE-2012-6701] = "fixed-version: Fixed from version 3.5rc1"
+
+CVE_STATUS[CVE-2012-6703] = "fixed-version: Fixed from version 3.7rc1"
+
+CVE_STATUS[CVE-2012-6704] = "fixed-version: Fixed from version 3.5rc1"
+
+CVE_STATUS[CVE-2012-6712] = "fixed-version: Fixed from version 3.4rc1"
+
+CVE_STATUS[CVE-2013-0160] = "fixed-version: Fixed from version 3.9rc1"
+
+CVE_STATUS[CVE-2013-0190] = "fixed-version: Fixed from version 3.8rc5"
+
+CVE_STATUS[CVE-2013-0216] = "fixed-version: Fixed from version 3.8rc7"
+
+CVE_STATUS[CVE-2013-0217] = "fixed-version: Fixed from version 3.8rc7"
+
+CVE_STATUS[CVE-2013-0228] = "fixed-version: Fixed from version 3.8"
+
+CVE_STATUS[CVE-2013-0231] = "fixed-version: Fixed from version 3.8rc7"
+
+CVE_STATUS[CVE-2013-0268] = "fixed-version: Fixed from version 3.8rc6"
+
+CVE_STATUS[CVE-2013-0290] = "fixed-version: Fixed from version 3.8"
+
+CVE_STATUS[CVE-2013-0309] = "fixed-version: Fixed from version 3.7rc1"
+
+CVE_STATUS[CVE-2013-0310] = "fixed-version: Fixed from version 3.5"
+
+CVE_STATUS[CVE-2013-0311] = "fixed-version: Fixed from version 3.7rc8"
+
+CVE_STATUS[CVE-2013-0313] = "fixed-version: Fixed from version 3.8rc5"
+
+CVE_STATUS[CVE-2013-0343] = "fixed-version: Fixed from version 3.11rc7"
+
+CVE_STATUS[CVE-2013-0349] = "fixed-version: Fixed from version 3.8rc6"
+
+CVE_STATUS[CVE-2013-0871] = "fixed-version: Fixed from version 3.8rc5"
+
+CVE_STATUS[CVE-2013-0913] = "fixed-version: Fixed from version 3.9rc4"
+
+CVE_STATUS[CVE-2013-0914] = "fixed-version: Fixed from version 3.9rc3"
+
+CVE_STATUS[CVE-2013-1059] = "fixed-version: Fixed from version 3.11rc1"
+
+CVE_STATUS[CVE-2013-1763] = "fixed-version: Fixed from version 3.9rc1"
+
+CVE_STATUS[CVE-2013-1767] = "fixed-version: Fixed from version 3.9rc1"
+
+CVE_STATUS[CVE-2013-1772] = "fixed-version: Fixed from version 3.5rc1"
+
+CVE_STATUS[CVE-2013-1773] = "fixed-version: Fixed from version 3.3rc1"
+
+CVE_STATUS[CVE-2013-1774] = "fixed-version: Fixed from version 3.8rc5"
+
+CVE_STATUS[CVE-2013-1792] = "fixed-version: Fixed from version 3.9rc3"
+
+CVE_STATUS[CVE-2013-1796] = "fixed-version: Fixed from version 3.9rc4"
+
+CVE_STATUS[CVE-2013-1797] = "fixed-version: Fixed from version 3.9rc4"
+
+CVE_STATUS[CVE-2013-1798] = "fixed-version: Fixed from version 3.9rc4"
+
+CVE_STATUS[CVE-2013-1819] = "fixed-version: Fixed from version 3.8rc6"
+
+CVE_STATUS[CVE-2013-1826] = "fixed-version: Fixed from version 3.6rc7"
+
+CVE_STATUS[CVE-2013-1827] = "fixed-version: Fixed from version 3.6rc3"
+
+CVE_STATUS[CVE-2013-1828] = "fixed-version: Fixed from version 3.9rc2"
+
+CVE_STATUS[CVE-2013-1848] = "fixed-version: Fixed from version 3.9rc3"
+
+CVE_STATUS[CVE-2013-1858] = "fixed-version: Fixed from version 3.9rc3"
+
+CVE_STATUS[CVE-2013-1860] = "fixed-version: Fixed from version 3.9rc3"
+
+CVE_STATUS[CVE-2013-1928] = "fixed-version: Fixed from version 3.7rc3"
+
+CVE_STATUS[CVE-2013-1929] = "fixed-version: Fixed from version 3.9rc6"
+
+# Skipping CVE-2013-1935, no affected_versions
+
+CVE_STATUS[CVE-2013-1943] = "fixed-version: Fixed from version 3.0rc1"
+
+CVE_STATUS[CVE-2013-1956] = "fixed-version: Fixed from version 3.9rc5"
+
+CVE_STATUS[CVE-2013-1957] = "fixed-version: Fixed from version 3.9rc5"
+
+CVE_STATUS[CVE-2013-1958] = "fixed-version: Fixed from version 3.9rc5"
+
+CVE_STATUS[CVE-2013-1959] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-1979] = "fixed-version: Fixed from version 3.9rc8"
+
+CVE_STATUS[CVE-2013-2015] = "fixed-version: Fixed from version 3.8rc2"
+
+CVE_STATUS[CVE-2013-2017] = "fixed-version: Fixed from version 2.6.34"
+
+CVE_STATUS[CVE-2013-2058] = "fixed-version: Fixed from version 3.8rc4"
+
+CVE_STATUS[CVE-2013-2094] = "fixed-version: Fixed from version 3.9rc8"
+
+CVE_STATUS[CVE-2013-2128] = "fixed-version: Fixed from version 2.6.34rc4"
+
+CVE_STATUS[CVE-2013-2140] = "fixed-version: Fixed from version 3.11rc3"
+
+CVE_STATUS[CVE-2013-2141] = "fixed-version: Fixed from version 3.9rc8"
+
+CVE_STATUS[CVE-2013-2146] = "fixed-version: Fixed from version 3.9rc8"
+
+CVE_STATUS[CVE-2013-2147] = "fixed-version: Fixed from version 3.12rc3"
+
+CVE_STATUS[CVE-2013-2148] = "fixed-version: Fixed from version 3.11rc1"
+
+CVE_STATUS[CVE-2013-2164] = "fixed-version: Fixed from version 3.11rc1"
+
+# Skipping CVE-2013-2188, no affected_versions
+
+CVE_STATUS[CVE-2013-2206] = "fixed-version: Fixed from version 3.9rc4"
+
+# Skipping CVE-2013-2224, no affected_versions
+
+CVE_STATUS[CVE-2013-2232] = "fixed-version: Fixed from version 3.10"
+
+CVE_STATUS[CVE-2013-2234] = "fixed-version: Fixed from version 3.10"
+
+CVE_STATUS[CVE-2013-2237] = "fixed-version: Fixed from version 3.9rc6"
+
+# Skipping CVE-2013-2239, no affected_versions
+
+CVE_STATUS[CVE-2013-2546] = "fixed-version: Fixed from version 3.9rc1"
+
+CVE_STATUS[CVE-2013-2547] = "fixed-version: Fixed from version 3.9rc1"
+
+CVE_STATUS[CVE-2013-2548] = "fixed-version: Fixed from version 3.9rc1"
+
+CVE_STATUS[CVE-2013-2596] = "fixed-version: Fixed from version 3.9rc8"
+
+CVE_STATUS[CVE-2013-2634] = "fixed-version: Fixed from version 3.9rc3"
+
+CVE_STATUS[CVE-2013-2635] = "fixed-version: Fixed from version 3.9rc3"
+
+CVE_STATUS[CVE-2013-2636] = "fixed-version: Fixed from version 3.9rc3"
+
+CVE_STATUS[CVE-2013-2850] = "fixed-version: Fixed from version 3.10rc4"
+
+CVE_STATUS[CVE-2013-2851] = "fixed-version: Fixed from version 3.11rc1"
+
+CVE_STATUS[CVE-2013-2852] = "fixed-version: Fixed from version 3.10rc6"
+
+CVE_STATUS[CVE-2013-2888] = "fixed-version: Fixed from version 3.12rc1"
+
+CVE_STATUS[CVE-2013-2889] = "fixed-version: Fixed from version 3.12rc2"
+
+CVE_STATUS[CVE-2013-2890] = "fixed-version: Fixed from version 3.12rc2"
+
+CVE_STATUS[CVE-2013-2891] = "fixed-version: Fixed from version 3.12rc2"
+
+CVE_STATUS[CVE-2013-2892] = "fixed-version: Fixed from version 3.12rc1"
+
+CVE_STATUS[CVE-2013-2893] = "fixed-version: Fixed from version 3.12rc2"
+
+CVE_STATUS[CVE-2013-2894] = "fixed-version: Fixed from version 3.12rc2"
+
+CVE_STATUS[CVE-2013-2895] = "fixed-version: Fixed from version 3.12rc2"
+
+CVE_STATUS[CVE-2013-2896] = "fixed-version: Fixed from version 3.12rc1"
+
+CVE_STATUS[CVE-2013-2897] = "fixed-version: Fixed from version 3.12rc2"
+
+CVE_STATUS[CVE-2013-2898] = "fixed-version: Fixed from version 3.12rc1"
+
+CVE_STATUS[CVE-2013-2899] = "fixed-version: Fixed from version 3.12rc1"
+
+CVE_STATUS[CVE-2013-2929] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-2930] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-3076] = "fixed-version: Fixed from version 3.9"
+
+CVE_STATUS[CVE-2013-3222] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3223] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3224] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3225] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3226] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3227] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3228] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3229] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3230] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3231] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3232] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3233] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3234] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3235] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3236] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3237] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3301] = "fixed-version: Fixed from version 3.9rc7"
+
+CVE_STATUS[CVE-2013-3302] = "fixed-version: Fixed from version 3.8rc3"
+
+CVE_STATUS[CVE-2013-4125] = "fixed-version: Fixed from version 3.11rc1"
+
+CVE_STATUS[CVE-2013-4127] = "fixed-version: Fixed from version 3.11rc1"
+
+CVE_STATUS[CVE-2013-4129] = "fixed-version: Fixed from version 3.11rc1"
+
+CVE_STATUS[CVE-2013-4162] = "fixed-version: Fixed from version 3.11rc1"
+
+CVE_STATUS[CVE-2013-4163] = "fixed-version: Fixed from version 3.11rc1"
+
+CVE_STATUS[CVE-2013-4205] = "fixed-version: Fixed from version 3.11rc5"
+
+CVE_STATUS[CVE-2013-4220] = "fixed-version: Fixed from version 3.10rc4"
+
+CVE_STATUS[CVE-2013-4247] = "fixed-version: Fixed from version 3.10rc5"
+
+CVE_STATUS[CVE-2013-4254] = "fixed-version: Fixed from version 3.11rc6"
+
+CVE_STATUS[CVE-2013-4270] = "fixed-version: Fixed from version 3.12rc4"
+
+CVE_STATUS[CVE-2013-4299] = "fixed-version: Fixed from version 3.12rc6"
+
+CVE_STATUS[CVE-2013-4300] = "fixed-version: Fixed from version 3.11"
+
+CVE_STATUS[CVE-2013-4312] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2013-4343] = "fixed-version: Fixed from version 3.12rc2"
+
+CVE_STATUS[CVE-2013-4345] = "fixed-version: Fixed from version 3.13rc2"
+
+CVE_STATUS[CVE-2013-4348] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-4350] = "fixed-version: Fixed from version 3.12rc2"
+
+CVE_STATUS[CVE-2013-4387] = "fixed-version: Fixed from version 3.12rc4"
+
+CVE_STATUS[CVE-2013-4470] = "fixed-version: Fixed from version 3.12rc7"
+
+CVE_STATUS[CVE-2013-4483] = "fixed-version: Fixed from version 3.10rc1"
+
+CVE_STATUS[CVE-2013-4511] = "fixed-version: Fixed from version 3.12"
+
+CVE_STATUS[CVE-2013-4512] = "fixed-version: Fixed from version 3.12"
+
+CVE_STATUS[CVE-2013-4513] = "fixed-version: Fixed from version 3.12"
+
+CVE_STATUS[CVE-2013-4514] = "fixed-version: Fixed from version 3.12"
+
+CVE_STATUS[CVE-2013-4515] = "fixed-version: Fixed from version 3.12"
+
+CVE_STATUS[CVE-2013-4516] = "fixed-version: Fixed from version 3.12"
+
+CVE_STATUS[CVE-2013-4563] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-4579] = "fixed-version: Fixed from version 3.13rc7"
+
+CVE_STATUS[CVE-2013-4587] = "fixed-version: Fixed from version 3.13rc4"
+
+CVE_STATUS[CVE-2013-4588] = "fixed-version: Fixed from version 2.6.33rc4"
+
+CVE_STATUS[CVE-2013-4591] = "fixed-version: Fixed from version 3.8rc1"
+
+CVE_STATUS[CVE-2013-4592] = "fixed-version: Fixed from version 3.7rc1"
+
+# Skipping CVE-2013-4737, no affected_versions
+
+# Skipping CVE-2013-4738, no affected_versions
+
+# Skipping CVE-2013-4739, no affected_versions
+
+CVE_STATUS[CVE-2013-5634] = "fixed-version: Fixed from version 3.10rc5"
+
+CVE_STATUS[CVE-2013-6282] = "fixed-version: Fixed from version 3.6rc6"
+
+CVE_STATUS[CVE-2013-6367] = "fixed-version: Fixed from version 3.13rc4"
+
+CVE_STATUS[CVE-2013-6368] = "fixed-version: Fixed from version 3.13rc4"
+
+CVE_STATUS[CVE-2013-6376] = "fixed-version: Fixed from version 3.13rc4"
+
+CVE_STATUS[CVE-2013-6378] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-6380] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-6381] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-6382] = "fixed-version: Fixed from version 3.13rc4"
+
+CVE_STATUS[CVE-2013-6383] = "fixed-version: Fixed from version 3.12"
+
+# Skipping CVE-2013-6392, no affected_versions
+
+CVE_STATUS[CVE-2013-6431] = "fixed-version: Fixed from version 3.12rc1"
+
+CVE_STATUS[CVE-2013-6432] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-6885] = "fixed-version: Fixed from version 3.14rc1"
+
+CVE_STATUS[CVE-2013-7026] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-7027] = "fixed-version: Fixed from version 3.12rc7"
+
+CVE_STATUS[CVE-2013-7263] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-7264] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-7265] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-7266] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-7267] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-7268] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-7269] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-7270] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-7271] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-7281] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-7339] = "fixed-version: Fixed from version 3.13rc7"
+
+CVE_STATUS[CVE-2013-7348] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2013-7421] = "fixed-version: Fixed from version 3.19rc1"
+
+# CVE-2013-7445 has no known resolution
+
+CVE_STATUS[CVE-2013-7446] = "fixed-version: Fixed from version 4.4rc4"
+
+CVE_STATUS[CVE-2013-7470] = "fixed-version: Fixed from version 3.12rc7"
+
+CVE_STATUS[CVE-2014-0038] = "fixed-version: Fixed from version 3.14rc1"
+
+CVE_STATUS[CVE-2014-0049] = "fixed-version: Fixed from version 3.14rc5"
+
+CVE_STATUS[CVE-2014-0055] = "fixed-version: Fixed from version 3.14"
+
+CVE_STATUS[CVE-2014-0069] = "fixed-version: Fixed from version 3.14rc4"
+
+CVE_STATUS[CVE-2014-0077] = "fixed-version: Fixed from version 3.14"
+
+CVE_STATUS[CVE-2014-0100] = "fixed-version: Fixed from version 3.14rc7"
+
+CVE_STATUS[CVE-2014-0101] = "fixed-version: Fixed from version 3.14rc6"
+
+CVE_STATUS[CVE-2014-0102] = "fixed-version: Fixed from version 3.14rc6"
+
+CVE_STATUS[CVE-2014-0131] = "fixed-version: Fixed from version 3.14rc7"
+
+CVE_STATUS[CVE-2014-0155] = "fixed-version: Fixed from version 3.15rc2"
+
+CVE_STATUS[CVE-2014-0181] = "fixed-version: Fixed from version 3.15rc5"
+
+CVE_STATUS[CVE-2014-0196] = "fixed-version: Fixed from version 3.15rc5"
+
+CVE_STATUS[CVE-2014-0203] = "fixed-version: Fixed from version 2.6.33rc5"
+
+CVE_STATUS[CVE-2014-0205] = "fixed-version: Fixed from version 2.6.37rc1"
+
+CVE_STATUS[CVE-2014-0206] = "fixed-version: Fixed from version 3.16rc3"
+
+# Skipping CVE-2014-0972, no affected_versions
+
+CVE_STATUS[CVE-2014-1438] = "fixed-version: Fixed from version 3.13"
+
+CVE_STATUS[CVE-2014-1444] = "fixed-version: Fixed from version 3.12rc7"
+
+CVE_STATUS[CVE-2014-1445] = "fixed-version: Fixed from version 3.12rc7"
+
+CVE_STATUS[CVE-2014-1446] = "fixed-version: Fixed from version 3.13rc7"
+
+CVE_STATUS[CVE-2014-1690] = "fixed-version: Fixed from version 3.13rc8"
+
+CVE_STATUS[CVE-2014-1737] = "fixed-version: Fixed from version 3.15rc5"
+
+CVE_STATUS[CVE-2014-1738] = "fixed-version: Fixed from version 3.15rc5"
+
+CVE_STATUS[CVE-2014-1739] = "fixed-version: Fixed from version 3.15rc6"
+
+CVE_STATUS[CVE-2014-1874] = "fixed-version: Fixed from version 3.14rc2"
+
+CVE_STATUS[CVE-2014-2038] = "fixed-version: Fixed from version 3.14rc1"
+
+CVE_STATUS[CVE-2014-2039] = "fixed-version: Fixed from version 3.14rc3"
+
+CVE_STATUS[CVE-2014-2309] = "fixed-version: Fixed from version 3.14rc7"
+
+CVE_STATUS[CVE-2014-2523] = "fixed-version: Fixed from version 3.14rc1"
+
+CVE_STATUS[CVE-2014-2568] = "fixed-version: Fixed from version 3.14"
+
+CVE_STATUS[CVE-2014-2580] = "fixed-version: Fixed from version 3.15rc1"
+
+CVE_STATUS[CVE-2014-2672] = "fixed-version: Fixed from version 3.14rc6"
+
+CVE_STATUS[CVE-2014-2673] = "fixed-version: Fixed from version 3.14rc6"
+
+CVE_STATUS[CVE-2014-2678] = "fixed-version: Fixed from version 3.15rc1"
+
+CVE_STATUS[CVE-2014-2706] = "fixed-version: Fixed from version 3.14rc6"
+
+CVE_STATUS[CVE-2014-2739] = "fixed-version: Fixed from version 3.15rc1"
+
+CVE_STATUS[CVE-2014-2851] = "fixed-version: Fixed from version 3.15rc2"
+
+CVE_STATUS[CVE-2014-2889] = "fixed-version: Fixed from version 3.2rc7"
+
+CVE_STATUS[CVE-2014-3122] = "fixed-version: Fixed from version 3.15rc1"
+
+CVE_STATUS[CVE-2014-3144] = "fixed-version: Fixed from version 3.15rc2"
+
+CVE_STATUS[CVE-2014-3145] = "fixed-version: Fixed from version 3.15rc2"
+
+CVE_STATUS[CVE-2014-3153] = "fixed-version: Fixed from version 3.15"
+
+CVE_STATUS[CVE-2014-3180] = "fixed-version: Fixed from version 3.17rc4"
+
+CVE_STATUS[CVE-2014-3181] = "fixed-version: Fixed from version 3.17rc3"
+
+CVE_STATUS[CVE-2014-3182] = "fixed-version: Fixed from version 3.17rc2"
+
+CVE_STATUS[CVE-2014-3183] = "fixed-version: Fixed from version 3.17rc2"
+
+CVE_STATUS[CVE-2014-3184] = "fixed-version: Fixed from version 3.17rc2"
+
+CVE_STATUS[CVE-2014-3185] = "fixed-version: Fixed from version 3.17rc3"
+
+CVE_STATUS[CVE-2014-3186] = "fixed-version: Fixed from version 3.17rc3"
+
+# Skipping CVE-2014-3519, no affected_versions
+
+CVE_STATUS[CVE-2014-3534] = "fixed-version: Fixed from version 3.16rc7"
+
+CVE_STATUS[CVE-2014-3535] = "fixed-version: Fixed from version 2.6.36rc1"
+
+CVE_STATUS[CVE-2014-3601] = "fixed-version: Fixed from version 3.17rc2"
+
+CVE_STATUS[CVE-2014-3610] = "fixed-version: Fixed from version 3.18rc2"
+
+CVE_STATUS[CVE-2014-3611] = "fixed-version: Fixed from version 3.18rc2"
+
+CVE_STATUS[CVE-2014-3631] = "fixed-version: Fixed from version 3.17rc5"
+
+CVE_STATUS[CVE-2014-3645] = "fixed-version: Fixed from version 3.12rc1"
+
+CVE_STATUS[CVE-2014-3646] = "fixed-version: Fixed from version 3.18rc2"
+
+CVE_STATUS[CVE-2014-3647] = "fixed-version: Fixed from version 3.18rc2"
+
+CVE_STATUS[CVE-2014-3673] = "fixed-version: Fixed from version 3.18rc1"
+
+CVE_STATUS[CVE-2014-3687] = "fixed-version: Fixed from version 3.18rc1"
+
+CVE_STATUS[CVE-2014-3688] = "fixed-version: Fixed from version 3.18rc1"
+
+CVE_STATUS[CVE-2014-3690] = "fixed-version: Fixed from version 3.18rc1"
+
+CVE_STATUS[CVE-2014-3917] = "fixed-version: Fixed from version 3.16rc1"
+
+CVE_STATUS[CVE-2014-3940] = "fixed-version: Fixed from version 3.15"
+
+CVE_STATUS[CVE-2014-4014] = "fixed-version: Fixed from version 3.16rc1"
+
+CVE_STATUS[CVE-2014-4027] = "fixed-version: Fixed from version 3.14rc1"
+
+CVE_STATUS[CVE-2014-4157] = "fixed-version: Fixed from version 3.15rc1"
+
+CVE_STATUS[CVE-2014-4171] = "fixed-version: Fixed from version 3.16rc3"
+
+# Skipping CVE-2014-4322, no affected_versions
+
+# Skipping CVE-2014-4323, no affected_versions
+
+CVE_STATUS[CVE-2014-4508] = "fixed-version: Fixed from version 3.16rc3"
+
+CVE_STATUS[CVE-2014-4608] = "fixed-version: Fixed from version 3.18rc1"
+
+CVE_STATUS[CVE-2014-4611] = "fixed-version: Fixed from version 3.16rc3"
+
+CVE_STATUS[CVE-2014-4652] = "fixed-version: Fixed from version 3.16rc2"
+
+CVE_STATUS[CVE-2014-4653] = "fixed-version: Fixed from version 3.16rc2"
+
+CVE_STATUS[CVE-2014-4654] = "fixed-version: Fixed from version 3.16rc2"
+
+CVE_STATUS[CVE-2014-4655] = "fixed-version: Fixed from version 3.16rc2"
+
+CVE_STATUS[CVE-2014-4656] = "fixed-version: Fixed from version 3.16rc2"
+
+CVE_STATUS[CVE-2014-4667] = "fixed-version: Fixed from version 3.16rc1"
+
+CVE_STATUS[CVE-2014-4699] = "fixed-version: Fixed from version 3.16rc4"
+
+CVE_STATUS[CVE-2014-4943] = "fixed-version: Fixed from version 3.16rc6"
+
+CVE_STATUS[CVE-2014-5045] = "fixed-version: Fixed from version 3.16rc7"
+
+CVE_STATUS[CVE-2014-5077] = "fixed-version: Fixed from version 3.16"
+
+CVE_STATUS[CVE-2014-5206] = "fixed-version: Fixed from version 3.17rc1"
+
+CVE_STATUS[CVE-2014-5207] = "fixed-version: Fixed from version 3.17rc1"
+
+# Skipping CVE-2014-5332, no affected_versions
+
+CVE_STATUS[CVE-2014-5471] = "fixed-version: Fixed from version 3.17rc2"
+
+CVE_STATUS[CVE-2014-5472] = "fixed-version: Fixed from version 3.17rc2"
+
+CVE_STATUS[CVE-2014-6410] = "fixed-version: Fixed from version 3.17rc5"
+
+CVE_STATUS[CVE-2014-6416] = "fixed-version: Fixed from version 3.17rc5"
+
+CVE_STATUS[CVE-2014-6417] = "fixed-version: Fixed from version 3.17rc5"
+
+CVE_STATUS[CVE-2014-6418] = "fixed-version: Fixed from version 3.17rc5"
+
+CVE_STATUS[CVE-2014-7145] = "fixed-version: Fixed from version 3.17rc2"
+
+# Skipping CVE-2014-7207, no affected_versions
+
+CVE_STATUS[CVE-2014-7283] = "fixed-version: Fixed from version 3.15rc1"
+
+CVE_STATUS[CVE-2014-7284] = "fixed-version: Fixed from version 3.15rc7"
+
+CVE_STATUS[CVE-2014-7822] = "fixed-version: Fixed from version 3.16rc1"
+
+CVE_STATUS[CVE-2014-7825] = "fixed-version: Fixed from version 3.18rc3"
+
+CVE_STATUS[CVE-2014-7826] = "fixed-version: Fixed from version 3.18rc3"
+
+CVE_STATUS[CVE-2014-7841] = "fixed-version: Fixed from version 3.18rc5"
+
+CVE_STATUS[CVE-2014-7842] = "fixed-version: Fixed from version 3.18rc1"
+
+CVE_STATUS[CVE-2014-7843] = "fixed-version: Fixed from version 3.18rc5"
+
+CVE_STATUS[CVE-2014-7970] = "fixed-version: Fixed from version 3.18rc1"
+
+CVE_STATUS[CVE-2014-7975] = "fixed-version: Fixed from version 3.18rc1"
+
+CVE_STATUS[CVE-2014-8086] = "fixed-version: Fixed from version 3.18rc3"
+
+CVE_STATUS[CVE-2014-8133] = "fixed-version: Fixed from version 3.19rc1"
+
+CVE_STATUS[CVE-2014-8134] = "fixed-version: Fixed from version 3.19rc1"
+
+CVE_STATUS[CVE-2014-8159] = "fixed-version: Fixed from version 4.0rc7"
+
+CVE_STATUS[CVE-2014-8160] = "fixed-version: Fixed from version 3.18rc1"
+
+CVE_STATUS[CVE-2014-8171] = "fixed-version: Fixed from version 3.12rc1"
+
+CVE_STATUS[CVE-2014-8172] = "fixed-version: Fixed from version 3.13rc1"
+
+CVE_STATUS[CVE-2014-8173] = "fixed-version: Fixed from version 3.13rc5"
+
+# Skipping CVE-2014-8181, no affected_versions
+
+CVE_STATUS[CVE-2014-8369] = "fixed-version: Fixed from version 3.18rc2"
+
+CVE_STATUS[CVE-2014-8480] = "fixed-version: Fixed from version 3.18rc2"
+
+CVE_STATUS[CVE-2014-8481] = "fixed-version: Fixed from version 3.18rc2"
+
+CVE_STATUS[CVE-2014-8559] = "fixed-version: Fixed from version 3.19rc1"
+
+CVE_STATUS[CVE-2014-8709] = "fixed-version: Fixed from version 3.14rc3"
+
+CVE_STATUS[CVE-2014-8884] = "fixed-version: Fixed from version 3.18rc1"
+
+CVE_STATUS[CVE-2014-8989] = "fixed-version: Fixed from version 3.19rc1"
+
+CVE_STATUS[CVE-2014-9090] = "fixed-version: Fixed from version 3.18rc6"
+
+CVE_STATUS[CVE-2014-9322] = "fixed-version: Fixed from version 3.18rc6"
+
+CVE_STATUS[CVE-2014-9419] = "fixed-version: Fixed from version 3.19rc1"
+
+CVE_STATUS[CVE-2014-9420] = "fixed-version: Fixed from version 3.19rc1"
+
+CVE_STATUS[CVE-2014-9428] = "fixed-version: Fixed from version 3.19rc3"
+
+CVE_STATUS[CVE-2014-9529] = "fixed-version: Fixed from version 3.19rc4"
+
+CVE_STATUS[CVE-2014-9584] = "fixed-version: Fixed from version 3.19rc3"
+
+CVE_STATUS[CVE-2014-9585] = "fixed-version: Fixed from version 3.19rc4"
+
+CVE_STATUS[CVE-2014-9644] = "fixed-version: Fixed from version 3.19rc1"
+
+CVE_STATUS[CVE-2014-9683] = "fixed-version: Fixed from version 3.19rc1"
+
+CVE_STATUS[CVE-2014-9710] = "fixed-version: Fixed from version 3.19rc1"
+
+CVE_STATUS[CVE-2014-9715] = "fixed-version: Fixed from version 3.15rc1"
+
+CVE_STATUS[CVE-2014-9717] = "fixed-version: Fixed from version 4.1rc1"
+
+CVE_STATUS[CVE-2014-9728] = "fixed-version: Fixed from version 3.19rc3"
+
+CVE_STATUS[CVE-2014-9729] = "fixed-version: Fixed from version 3.19rc3"
+
+CVE_STATUS[CVE-2014-9730] = "fixed-version: Fixed from version 3.19rc3"
+
+CVE_STATUS[CVE-2014-9731] = "fixed-version: Fixed from version 3.19rc3"
+
+# Skipping CVE-2014-9777, no affected_versions
+
+# Skipping CVE-2014-9778, no affected_versions
+
+# Skipping CVE-2014-9779, no affected_versions
+
+# Skipping CVE-2014-9780, no affected_versions
+
+# Skipping CVE-2014-9781, no affected_versions
+
+# Skipping CVE-2014-9782, no affected_versions
+
+# Skipping CVE-2014-9783, no affected_versions
+
+# Skipping CVE-2014-9784, no affected_versions
+
+# Skipping CVE-2014-9785, no affected_versions
+
+# Skipping CVE-2014-9786, no affected_versions
+
+# Skipping CVE-2014-9787, no affected_versions
+
+# Skipping CVE-2014-9788, no affected_versions
+
+# Skipping CVE-2014-9789, no affected_versions
+
+CVE_STATUS[CVE-2014-9803] = "fixed-version: Fixed from version 3.16rc1"
+
+# Skipping CVE-2014-9863, no affected_versions
+
+# Skipping CVE-2014-9864, no affected_versions
+
+# Skipping CVE-2014-9865, no affected_versions
+
+# Skipping CVE-2014-9866, no affected_versions
+
+# Skipping CVE-2014-9867, no affected_versions
+
+# Skipping CVE-2014-9868, no affected_versions
+
+# Skipping CVE-2014-9869, no affected_versions
+
+CVE_STATUS[CVE-2014-9870] = "fixed-version: Fixed from version 3.11rc1"
+
+# Skipping CVE-2014-9871, no affected_versions
+
+# Skipping CVE-2014-9872, no affected_versions
+
+# Skipping CVE-2014-9873, no affected_versions
+
+# Skipping CVE-2014-9874, no affected_versions
+
+# Skipping CVE-2014-9875, no affected_versions
+
+# Skipping CVE-2014-9876, no affected_versions
+
+# Skipping CVE-2014-9877, no affected_versions
+
+# Skipping CVE-2014-9878, no affected_versions
+
+# Skipping CVE-2014-9879, no affected_versions
+
+# Skipping CVE-2014-9880, no affected_versions
+
+# Skipping CVE-2014-9881, no affected_versions
+
+# Skipping CVE-2014-9882, no affected_versions
+
+# Skipping CVE-2014-9883, no affected_versions
+
+# Skipping CVE-2014-9884, no affected_versions
+
+# Skipping CVE-2014-9885, no affected_versions
+
+# Skipping CVE-2014-9886, no affected_versions
+
+# Skipping CVE-2014-9887, no affected_versions
+
+CVE_STATUS[CVE-2014-9888] = "fixed-version: Fixed from version 3.13rc1"
+
+# Skipping CVE-2014-9889, no affected_versions
+
+# Skipping CVE-2014-9890, no affected_versions
+
+# Skipping CVE-2014-9891, no affected_versions
+
+# Skipping CVE-2014-9892, no affected_versions
+
+# Skipping CVE-2014-9893, no affected_versions
+
+# Skipping CVE-2014-9894, no affected_versions
+
+CVE_STATUS[CVE-2014-9895] = "fixed-version: Fixed from version 3.11rc1"
+
+# Skipping CVE-2014-9896, no affected_versions
+
+# Skipping CVE-2014-9897, no affected_versions
+
+# Skipping CVE-2014-9898, no affected_versions
+
+# Skipping CVE-2014-9899, no affected_versions
+
+# Skipping CVE-2014-9900, no affected_versions
+
+CVE_STATUS[CVE-2014-9903] = "fixed-version: Fixed from version 3.14rc4"
+
+CVE_STATUS[CVE-2014-9904] = "fixed-version: Fixed from version 3.17rc1"
+
+CVE_STATUS[CVE-2014-9914] = "fixed-version: Fixed from version 3.16rc1"
+
+CVE_STATUS[CVE-2014-9922] = "fixed-version: Fixed from version 3.18rc2"
+
+CVE_STATUS[CVE-2014-9940] = "fixed-version: Fixed from version 3.19rc1"
+
+CVE_STATUS[CVE-2015-0239] = "fixed-version: Fixed from version 3.19rc6"
+
+CVE_STATUS[CVE-2015-0274] = "fixed-version: Fixed from version 3.15rc5"
+
+CVE_STATUS[CVE-2015-0275] = "fixed-version: Fixed from version 4.1rc1"
+
+# Skipping CVE-2015-0777, no affected_versions
+
+# Skipping CVE-2015-1328, no affected_versions
+
+CVE_STATUS[CVE-2015-1333] = "fixed-version: Fixed from version 4.2rc5"
+
+CVE_STATUS[CVE-2015-1339] = "fixed-version: Fixed from version 4.4rc5"
+
+CVE_STATUS[CVE-2015-1350] = "fixed-version: Fixed from version 4.9rc1"
+
+CVE_STATUS[CVE-2015-1420] = "fixed-version: Fixed from version 4.1rc7"
+
+CVE_STATUS[CVE-2015-1421] = "fixed-version: Fixed from version 3.19rc7"
+
+CVE_STATUS[CVE-2015-1465] = "fixed-version: Fixed from version 3.19rc7"
+
+CVE_STATUS[CVE-2015-1573] = "fixed-version: Fixed from version 3.19rc5"
+
+CVE_STATUS[CVE-2015-1593] = "fixed-version: Fixed from version 4.0rc1"
+
+CVE_STATUS[CVE-2015-1805] = "fixed-version: Fixed from version 3.16rc1"
+
+CVE_STATUS[CVE-2015-2041] = "fixed-version: Fixed from version 3.19rc7"
+
+CVE_STATUS[CVE-2015-2042] = "fixed-version: Fixed from version 3.19"
+
+CVE_STATUS[CVE-2015-2150] = "fixed-version: Fixed from version 4.0rc4"
+
+CVE_STATUS[CVE-2015-2666] = "fixed-version: Fixed from version 4.0rc1"
+
+CVE_STATUS[CVE-2015-2672] = "fixed-version: Fixed from version 4.0rc3"
+
+CVE_STATUS[CVE-2015-2686] = "fixed-version: Fixed from version 4.0rc6"
+
+CVE_STATUS[CVE-2015-2830] = "fixed-version: Fixed from version 4.0rc3"
+
+# CVE-2015-2877 has no known resolution
+
+CVE_STATUS[CVE-2015-2922] = "fixed-version: Fixed from version 4.0rc7"
+
+CVE_STATUS[CVE-2015-2925] = "fixed-version: Fixed from version 4.3rc1"
+
+CVE_STATUS[CVE-2015-3212] = "fixed-version: Fixed from version 4.2rc1"
+
+CVE_STATUS[CVE-2015-3214] = "fixed-version: Fixed from version 2.6.33rc8"
+
+CVE_STATUS[CVE-2015-3288] = "fixed-version: Fixed from version 4.2rc2"
+
+CVE_STATUS[CVE-2015-3290] = "fixed-version: Fixed from version 4.2rc3"
+
+CVE_STATUS[CVE-2015-3291] = "fixed-version: Fixed from version 4.2rc3"
+
+CVE_STATUS[CVE-2015-3331] = "fixed-version: Fixed from version 4.0rc5"
+
+# Skipping CVE-2015-3332, no affected_versions
+
+CVE_STATUS[CVE-2015-3339] = "fixed-version: Fixed from version 4.1rc1"
+
+CVE_STATUS[CVE-2015-3636] = "fixed-version: Fixed from version 4.1rc2"
+
+CVE_STATUS[CVE-2015-4001] = "fixed-version: Fixed from version 4.1rc7"
+
+CVE_STATUS[CVE-2015-4002] = "fixed-version: Fixed from version 4.1rc7"
+
+CVE_STATUS[CVE-2015-4003] = "fixed-version: Fixed from version 4.1rc7"
+
+CVE_STATUS[CVE-2015-4004] = "fixed-version: Fixed from version 4.3rc1"
+
+CVE_STATUS[CVE-2015-4036] = "fixed-version: Fixed from version 4.0rc1"
+
+CVE_STATUS[CVE-2015-4167] = "fixed-version: Fixed from version 4.0rc1"
+
+CVE_STATUS[CVE-2015-4170] = "fixed-version: Fixed from version 3.13rc5"
+
+CVE_STATUS[CVE-2015-4176] = "fixed-version: Fixed from version 4.1rc1"
+
+CVE_STATUS[CVE-2015-4177] = "fixed-version: Fixed from version 4.1rc1"
+
+CVE_STATUS[CVE-2015-4178] = "fixed-version: Fixed from version 4.1rc1"
+
+CVE_STATUS[CVE-2015-4692] = "fixed-version: Fixed from version 4.2rc1"
+
+CVE_STATUS[CVE-2015-4700] = "fixed-version: Fixed from version 4.1rc6"
+
+CVE_STATUS[CVE-2015-5156] = "fixed-version: Fixed from version 4.2rc7"
+
+CVE_STATUS[CVE-2015-5157] = "fixed-version: Fixed from version 4.2rc3"
+
+CVE_STATUS[CVE-2015-5257] = "fixed-version: Fixed from version 4.3rc3"
+
+CVE_STATUS[CVE-2015-5283] = "fixed-version: Fixed from version 4.3rc3"
+
+CVE_STATUS[CVE-2015-5307] = "fixed-version: Fixed from version 4.4rc1"
+
+CVE_STATUS[CVE-2015-5327] = "fixed-version: Fixed from version 4.4rc1"
+
+CVE_STATUS[CVE-2015-5364] = "fixed-version: Fixed from version 4.1rc7"
+
+CVE_STATUS[CVE-2015-5366] = "fixed-version: Fixed from version 4.1rc7"
+
+CVE_STATUS[CVE-2015-5697] = "fixed-version: Fixed from version 4.2rc6"
+
+CVE_STATUS[CVE-2015-5706] = "fixed-version: Fixed from version 4.1rc3"
+
+CVE_STATUS[CVE-2015-5707] = "fixed-version: Fixed from version 4.1rc1"
+
+CVE_STATUS[CVE-2015-6252] = "fixed-version: Fixed from version 4.2rc5"
+
+CVE_STATUS[CVE-2015-6526] = "fixed-version: Fixed from version 4.1rc1"
+
+# CVE-2015-6619 has no known resolution
+
+# CVE-2015-6646 has no known resolution
+
+CVE_STATUS[CVE-2015-6937] = "fixed-version: Fixed from version 4.3rc1"
+
+# Skipping CVE-2015-7312, no affected_versions
+
+CVE_STATUS[CVE-2015-7509] = "fixed-version: Fixed from version 3.7rc1"
+
+CVE_STATUS[CVE-2015-7513] = "fixed-version: Fixed from version 4.4rc7"
+
+CVE_STATUS[CVE-2015-7515] = "fixed-version: Fixed from version 4.4rc6"
+
+CVE_STATUS[CVE-2015-7550] = "fixed-version: Fixed from version 4.4rc8"
+
+# Skipping CVE-2015-7553, no affected_versions
+
+CVE_STATUS[CVE-2015-7566] = "fixed-version: Fixed from version 4.5rc2"
+
+CVE_STATUS[CVE-2015-7613] = "fixed-version: Fixed from version 4.3rc4"
+
+CVE_STATUS[CVE-2015-7799] = "fixed-version: Fixed from version 4.4rc1"
+
+CVE_STATUS[CVE-2015-7833] = "fixed-version: Fixed from version 4.6rc6"
+
+# Skipping CVE-2015-7837, no affected_versions
+
+CVE_STATUS[CVE-2015-7872] = "fixed-version: Fixed from version 4.3rc7"
+
+CVE_STATUS[CVE-2015-7884] = "fixed-version: Fixed from version 4.4rc1"
+
+CVE_STATUS[CVE-2015-7885] = "fixed-version: Fixed from version 4.4rc1"
+
+CVE_STATUS[CVE-2015-7990] = "fixed-version: Fixed from version 4.4rc4"
+
+# Skipping CVE-2015-8019, no affected_versions
+
+CVE_STATUS[CVE-2015-8104] = "fixed-version: Fixed from version 4.4rc1"
+
+CVE_STATUS[CVE-2015-8215] = "fixed-version: Fixed from version 4.0rc3"
+
+CVE_STATUS[CVE-2015-8324] = "fixed-version: Fixed from version 2.6.34rc1"
+
+CVE_STATUS[CVE-2015-8374] = "fixed-version: Fixed from version 4.4rc1"
+
+CVE_STATUS[CVE-2015-8539] = "fixed-version: Fixed from version 4.4rc3"
+
+CVE_STATUS[CVE-2015-8543] = "fixed-version: Fixed from version 4.4rc6"
+
+CVE_STATUS[CVE-2015-8550] = "fixed-version: Fixed from version 4.4rc6"
+
+CVE_STATUS[CVE-2015-8551] = "fixed-version: Fixed from version 4.4rc6"
+
+CVE_STATUS[CVE-2015-8552] = "fixed-version: Fixed from version 4.4rc6"
+
+CVE_STATUS[CVE-2015-8553] = "fixed-version: Fixed from version 4.4rc6"
+
+CVE_STATUS[CVE-2015-8569] = "fixed-version: Fixed from version 4.4rc6"
+
+CVE_STATUS[CVE-2015-8575] = "fixed-version: Fixed from version 4.4rc6"
+
+CVE_STATUS[CVE-2015-8660] = "fixed-version: Fixed from version 4.4rc4"
+
+CVE_STATUS[CVE-2015-8709] = "fixed-version: Fixed from version 4.10rc1"
+
+CVE_STATUS[CVE-2015-8746] = "fixed-version: Fixed from version 4.3rc1"
+
+CVE_STATUS[CVE-2015-8767] = "fixed-version: Fixed from version 4.3rc4"
+
+CVE_STATUS[CVE-2015-8785] = "fixed-version: Fixed from version 4.4rc5"
+
+CVE_STATUS[CVE-2015-8787] = "fixed-version: Fixed from version 4.4rc1"
+
+CVE_STATUS[CVE-2015-8812] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2015-8816] = "fixed-version: Fixed from version 4.4rc6"
+
+CVE_STATUS[CVE-2015-8830] = "fixed-version: Fixed from version 4.1rc1"
+
+CVE_STATUS[CVE-2015-8839] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2015-8844] = "fixed-version: Fixed from version 4.4rc3"
+
+CVE_STATUS[CVE-2015-8845] = "fixed-version: Fixed from version 4.4rc3"
+
+# Skipping CVE-2015-8937, no affected_versions
+
+# Skipping CVE-2015-8938, no affected_versions
+
+# Skipping CVE-2015-8939, no affected_versions
+
+# Skipping CVE-2015-8940, no affected_versions
+
+# Skipping CVE-2015-8941, no affected_versions
+
+# Skipping CVE-2015-8942, no affected_versions
+
+# Skipping CVE-2015-8943, no affected_versions
+
+# Skipping CVE-2015-8944, no affected_versions
+
+CVE_STATUS[CVE-2015-8950] = "fixed-version: Fixed from version 4.1rc2"
+
+CVE_STATUS[CVE-2015-8952] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2015-8953] = "fixed-version: Fixed from version 4.3"
+
+CVE_STATUS[CVE-2015-8955] = "fixed-version: Fixed from version 4.1rc1"
+
+CVE_STATUS[CVE-2015-8956] = "fixed-version: Fixed from version 4.2rc1"
+
+CVE_STATUS[CVE-2015-8961] = "fixed-version: Fixed from version 4.4rc1"
+
+CVE_STATUS[CVE-2015-8962] = "fixed-version: Fixed from version 4.4rc1"
+
+CVE_STATUS[CVE-2015-8963] = "fixed-version: Fixed from version 4.4"
+
+CVE_STATUS[CVE-2015-8964] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2015-8966] = "fixed-version: Fixed from version 4.4rc8"
+
+CVE_STATUS[CVE-2015-8967] = "fixed-version: Fixed from version 4.0rc1"
+
+CVE_STATUS[CVE-2015-8970] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2015-9004] = "fixed-version: Fixed from version 3.19rc7"
+
+CVE_STATUS[CVE-2015-9016] = "fixed-version: Fixed from version 4.3rc1"
+
+CVE_STATUS[CVE-2015-9289] = "fixed-version: Fixed from version 4.2rc1"
+
+CVE_STATUS[CVE-2016-0617] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2016-0723] = "fixed-version: Fixed from version 4.5rc2"
+
+CVE_STATUS[CVE-2016-0728] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2016-0758] = "fixed-version: Fixed from version 4.6"
+
+# Skipping CVE-2016-0774, no affected_versions
+
+CVE_STATUS[CVE-2016-0821] = "fixed-version: Fixed from version 4.3rc1"
+
+CVE_STATUS[CVE-2016-0823] = "fixed-version: Fixed from version 4.0rc5"
+
+CVE_STATUS[CVE-2016-10044] = "fixed-version: Fixed from version 4.8rc7"
+
+CVE_STATUS[CVE-2016-10088] = "fixed-version: Fixed from version 4.10rc1"
+
+CVE_STATUS[CVE-2016-10147] = "fixed-version: Fixed from version 4.9"
+
+CVE_STATUS[CVE-2016-10150] = "fixed-version: Fixed from version 4.9rc8"
+
+CVE_STATUS[CVE-2016-10153] = "fixed-version: Fixed from version 4.10rc1"
+
+CVE_STATUS[CVE-2016-10154] = "fixed-version: Fixed from version 4.10rc1"
+
+CVE_STATUS[CVE-2016-10200] = "fixed-version: Fixed from version 4.9rc7"
+
+CVE_STATUS[CVE-2016-10208] = "fixed-version: Fixed from version 4.10rc1"
+
+CVE_STATUS[CVE-2016-10229] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2016-10318] = "fixed-version: Fixed from version 4.8rc6"
+
+CVE_STATUS[CVE-2016-10723] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2016-10741] = "fixed-version: Fixed from version 4.10rc1"
+
+CVE_STATUS[CVE-2016-10764] = "fixed-version: Fixed from version 4.10rc1"
+
+CVE_STATUS[CVE-2016-10905] = "fixed-version: Fixed from version 4.8rc1"
+
+CVE_STATUS[CVE-2016-10906] = "fixed-version: Fixed from version 4.5rc6"
+
+CVE_STATUS[CVE-2016-10907] = "fixed-version: Fixed from version 4.9rc1"
+
+CVE_STATUS[CVE-2016-1237] = "fixed-version: Fixed from version 4.7rc5"
+
+CVE_STATUS[CVE-2016-1575] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2016-1576] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2016-1583] = "fixed-version: Fixed from version 4.7rc3"
+
+CVE_STATUS[CVE-2016-2053] = "fixed-version: Fixed from version 4.3rc1"
+
+CVE_STATUS[CVE-2016-2069] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2016-2070] = "fixed-version: Fixed from version 4.4"
+
+CVE_STATUS[CVE-2016-2085] = "fixed-version: Fixed from version 4.5rc4"
+
+CVE_STATUS[CVE-2016-2117] = "fixed-version: Fixed from version 4.6rc5"
+
+CVE_STATUS[CVE-2016-2143] = "fixed-version: Fixed from version 4.5"
+
+CVE_STATUS[CVE-2016-2184] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2016-2185] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2016-2186] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2016-2187] = "fixed-version: Fixed from version 4.6rc5"
+
+CVE_STATUS[CVE-2016-2188] = "fixed-version: Fixed from version 4.11rc2"
+
+CVE_STATUS[CVE-2016-2383] = "fixed-version: Fixed from version 4.5rc4"
+
+CVE_STATUS[CVE-2016-2384] = "fixed-version: Fixed from version 4.5rc4"
+
+CVE_STATUS[CVE-2016-2543] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2016-2544] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2016-2545] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2016-2546] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2016-2547] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2016-2548] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2016-2549] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2016-2550] = "fixed-version: Fixed from version 4.5rc4"
+
+CVE_STATUS[CVE-2016-2782] = "fixed-version: Fixed from version 4.5rc2"
+
+CVE_STATUS[CVE-2016-2847] = "fixed-version: Fixed from version 4.5rc1"
+
+# Skipping CVE-2016-2853, no affected_versions
+
+# Skipping CVE-2016-2854, no affected_versions
+
+CVE_STATUS[CVE-2016-3044] = "fixed-version: Fixed from version 4.5"
+
+CVE_STATUS[CVE-2016-3070] = "fixed-version: Fixed from version 4.4rc1"
+
+CVE_STATUS[CVE-2016-3134] = "fixed-version: Fixed from version 4.6rc2"
+
+CVE_STATUS[CVE-2016-3135] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2016-3136] = "fixed-version: Fixed from version 4.6rc3"
+
+CVE_STATUS[CVE-2016-3137] = "fixed-version: Fixed from version 4.6rc3"
+
+CVE_STATUS[CVE-2016-3138] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2016-3139] = "fixed-version: Fixed from version 3.17rc1"
+
+CVE_STATUS[CVE-2016-3140] = "fixed-version: Fixed from version 4.6rc3"
+
+CVE_STATUS[CVE-2016-3156] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2016-3157] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2016-3672] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2016-3689] = "fixed-version: Fixed from version 4.6rc1"
+
+# Skipping CVE-2016-3695, no affected_versions
+
+# Skipping CVE-2016-3699, no affected_versions
+
+# Skipping CVE-2016-3707, no affected_versions
+
+CVE_STATUS[CVE-2016-3713] = "fixed-version: Fixed from version 4.7rc1"
+
+# CVE-2016-3775 has no known resolution
+
+# CVE-2016-3802 has no known resolution
+
+# CVE-2016-3803 has no known resolution
+
+CVE_STATUS[CVE-2016-3841] = "fixed-version: Fixed from version 4.4rc4"
+
+CVE_STATUS[CVE-2016-3857] = "fixed-version: Fixed from version 4.8rc2"
+
+CVE_STATUS[CVE-2016-3951] = "fixed-version: Fixed from version 4.5"
+
+CVE_STATUS[CVE-2016-3955] = "fixed-version: Fixed from version 4.6rc3"
+
+CVE_STATUS[CVE-2016-3961] = "fixed-version: Fixed from version 4.6rc5"
+
+CVE_STATUS[CVE-2016-4440] = "fixed-version: Fixed from version 4.7rc1"
+
+CVE_STATUS[CVE-2016-4470] = "fixed-version: Fixed from version 4.7rc4"
+
+CVE_STATUS[CVE-2016-4482] = "fixed-version: Fixed from version 4.7rc1"
+
+CVE_STATUS[CVE-2016-4485] = "fixed-version: Fixed from version 4.6"
+
+CVE_STATUS[CVE-2016-4486] = "fixed-version: Fixed from version 4.6"
+
+CVE_STATUS[CVE-2016-4557] = "fixed-version: Fixed from version 4.6rc6"
+
+CVE_STATUS[CVE-2016-4558] = "fixed-version: Fixed from version 4.6rc7"
+
+CVE_STATUS[CVE-2016-4565] = "fixed-version: Fixed from version 4.6rc6"
+
+CVE_STATUS[CVE-2016-4568] = "fixed-version: Fixed from version 4.6rc6"
+
+CVE_STATUS[CVE-2016-4569] = "fixed-version: Fixed from version 4.7rc1"
+
+CVE_STATUS[CVE-2016-4578] = "fixed-version: Fixed from version 4.7rc1"
+
+CVE_STATUS[CVE-2016-4580] = "fixed-version: Fixed from version 4.6"
+
+CVE_STATUS[CVE-2016-4581] = "fixed-version: Fixed from version 4.6rc7"
+
+CVE_STATUS[CVE-2016-4794] = "fixed-version: Fixed from version 4.7rc4"
+
+CVE_STATUS[CVE-2016-4805] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2016-4913] = "fixed-version: Fixed from version 4.6"
+
+CVE_STATUS[CVE-2016-4951] = "fixed-version: Fixed from version 4.7rc1"
+
+CVE_STATUS[CVE-2016-4997] = "fixed-version: Fixed from version 4.7rc1"
+
+CVE_STATUS[CVE-2016-4998] = "fixed-version: Fixed from version 4.7rc1"
+
+CVE_STATUS[CVE-2016-5195] = "fixed-version: Fixed from version 4.9rc2"
+
+CVE_STATUS[CVE-2016-5243] = "fixed-version: Fixed from version 4.7rc3"
+
+CVE_STATUS[CVE-2016-5244] = "fixed-version: Fixed from version 4.7rc3"
+
+# Skipping CVE-2016-5340, no affected_versions
+
+# Skipping CVE-2016-5342, no affected_versions
+
+# Skipping CVE-2016-5343, no affected_versions
+
+# Skipping CVE-2016-5344, no affected_versions
+
+CVE_STATUS[CVE-2016-5400] = "fixed-version: Fixed from version 4.7"
+
+CVE_STATUS[CVE-2016-5412] = "fixed-version: Fixed from version 4.8rc1"
+
+CVE_STATUS[CVE-2016-5696] = "fixed-version: Fixed from version 4.7"
+
+CVE_STATUS[CVE-2016-5728] = "fixed-version: Fixed from version 4.7rc1"
+
+CVE_STATUS[CVE-2016-5828] = "fixed-version: Fixed from version 4.7rc6"
+
+CVE_STATUS[CVE-2016-5829] = "fixed-version: Fixed from version 4.7rc5"
+
+# CVE-2016-5870 has no known resolution
+
+CVE_STATUS[CVE-2016-6130] = "fixed-version: Fixed from version 4.6rc6"
+
+CVE_STATUS[CVE-2016-6136] = "fixed-version: Fixed from version 4.8rc1"
+
+CVE_STATUS[CVE-2016-6156] = "fixed-version: Fixed from version 4.7rc7"
+
+CVE_STATUS[CVE-2016-6162] = "fixed-version: Fixed from version 4.7"
+
+CVE_STATUS[CVE-2016-6187] = "fixed-version: Fixed from version 4.7rc7"
+
+CVE_STATUS[CVE-2016-6197] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2016-6198] = "fixed-version: Fixed from version 4.6"
+
+CVE_STATUS[CVE-2016-6213] = "fixed-version: Fixed from version 4.9rc1"
+
+CVE_STATUS[CVE-2016-6327] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2016-6480] = "fixed-version: Fixed from version 4.8rc3"
+
+CVE_STATUS[CVE-2016-6516] = "fixed-version: Fixed from version 4.8rc1"
+
+# Skipping CVE-2016-6753, no affected_versions
+
+CVE_STATUS[CVE-2016-6786] = "fixed-version: Fixed from version 4.0rc1"
+
+CVE_STATUS[CVE-2016-6787] = "fixed-version: Fixed from version 4.0rc1"
+
+CVE_STATUS[CVE-2016-6828] = "fixed-version: Fixed from version 4.8rc5"
+
+CVE_STATUS[CVE-2016-7039] = "fixed-version: Fixed from version 4.9rc4"
+
+CVE_STATUS[CVE-2016-7042] = "fixed-version: Fixed from version 4.9rc3"
+
+CVE_STATUS[CVE-2016-7097] = "fixed-version: Fixed from version 4.9rc1"
+
+CVE_STATUS[CVE-2016-7117] = "fixed-version: Fixed from version 4.6rc1"
+
+# Skipping CVE-2016-7118, no affected_versions
+
+CVE_STATUS[CVE-2016-7425] = "fixed-version: Fixed from version 4.9rc1"
+
+CVE_STATUS[CVE-2016-7910] = "fixed-version: Fixed from version 4.8rc1"
+
+CVE_STATUS[CVE-2016-7911] = "fixed-version: Fixed from version 4.7rc7"
+
+CVE_STATUS[CVE-2016-7912] = "fixed-version: Fixed from version 4.6rc5"
+
+CVE_STATUS[CVE-2016-7913] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2016-7914] = "fixed-version: Fixed from version 4.6rc4"
+
+CVE_STATUS[CVE-2016-7915] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2016-7916] = "fixed-version: Fixed from version 4.6rc7"
+
+CVE_STATUS[CVE-2016-7917] = "fixed-version: Fixed from version 4.5rc6"
+
+CVE_STATUS[CVE-2016-8399] = "fixed-version: Fixed from version 4.9"
+
+# Skipping CVE-2016-8401, no affected_versions
+
+# Skipping CVE-2016-8402, no affected_versions
+
+# Skipping CVE-2016-8403, no affected_versions
+
+# Skipping CVE-2016-8404, no affected_versions
+
+CVE_STATUS[CVE-2016-8405] = "fixed-version: Fixed from version 4.10rc6"
+
+# Skipping CVE-2016-8406, no affected_versions
+
+# Skipping CVE-2016-8407, no affected_versions
+
+CVE_STATUS[CVE-2016-8630] = "fixed-version: Fixed from version 4.9rc4"
+
+CVE_STATUS[CVE-2016-8632] = "fixed-version: Fixed from version 4.9rc8"
+
+CVE_STATUS[CVE-2016-8633] = "fixed-version: Fixed from version 4.9rc4"
+
+CVE_STATUS[CVE-2016-8636] = "fixed-version: Fixed from version 4.10rc8"
+
+CVE_STATUS[CVE-2016-8645] = "fixed-version: Fixed from version 4.9rc6"
+
+CVE_STATUS[CVE-2016-8646] = "fixed-version: Fixed from version 4.4rc1"
+
+CVE_STATUS[CVE-2016-8650] = "fixed-version: Fixed from version 4.9rc7"
+
+CVE_STATUS[CVE-2016-8655] = "fixed-version: Fixed from version 4.9rc8"
+
+CVE_STATUS[CVE-2016-8658] = "fixed-version: Fixed from version 4.8rc7"
+
+# CVE-2016-8660 has no known resolution
+
+CVE_STATUS[CVE-2016-8666] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2016-9083] = "fixed-version: Fixed from version 4.9rc4"
+
+CVE_STATUS[CVE-2016-9084] = "fixed-version: Fixed from version 4.9rc4"
+
+CVE_STATUS[CVE-2016-9120] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2016-9178] = "fixed-version: Fixed from version 4.8rc7"
+
+CVE_STATUS[CVE-2016-9191] = "fixed-version: Fixed from version 4.10rc4"
+
+CVE_STATUS[CVE-2016-9313] = "fixed-version: Fixed from version 4.9rc3"
+
+CVE_STATUS[CVE-2016-9555] = "fixed-version: Fixed from version 4.9rc4"
+
+CVE_STATUS[CVE-2016-9576] = "fixed-version: Fixed from version 4.9"
+
+CVE_STATUS[CVE-2016-9588] = "fixed-version: Fixed from version 4.10rc1"
+
+CVE_STATUS[CVE-2016-9604] = "fixed-version: Fixed from version 4.11rc8"
+
+# Skipping CVE-2016-9644, no affected_versions
+
+CVE_STATUS[CVE-2016-9685] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2016-9754] = "fixed-version: Fixed from version 4.7rc1"
+
+CVE_STATUS[CVE-2016-9755] = "fixed-version: Fixed from version 4.9rc8"
+
+CVE_STATUS[CVE-2016-9756] = "fixed-version: Fixed from version 4.9rc7"
+
+CVE_STATUS[CVE-2016-9777] = "fixed-version: Fixed from version 4.9rc7"
+
+CVE_STATUS[CVE-2016-9793] = "fixed-version: Fixed from version 4.9rc8"
+
+CVE_STATUS[CVE-2016-9794] = "fixed-version: Fixed from version 4.7rc1"
+
+CVE_STATUS[CVE-2016-9806] = "fixed-version: Fixed from version 4.7rc1"
+
+CVE_STATUS[CVE-2016-9919] = "fixed-version: Fixed from version 4.9rc8"
+
+# Skipping CVE-2017-0403, no affected_versions
+
+# Skipping CVE-2017-0404, no affected_versions
+
+# Skipping CVE-2017-0426, no affected_versions
+
+# Skipping CVE-2017-0427, no affected_versions
+
+# CVE-2017-0507 has no known resolution
+
+# CVE-2017-0508 has no known resolution
+
+# Skipping CVE-2017-0510, no affected_versions
+
+# Skipping CVE-2017-0528, no affected_versions
+
+# Skipping CVE-2017-0537, no affected_versions
+
+# CVE-2017-0564 has no known resolution
+
+CVE_STATUS[CVE-2017-0605] = "fixed-version: Fixed from version 4.12rc1"
+
+CVE_STATUS[CVE-2017-0627] = "fixed-version: Fixed from version 4.14rc1"
+
+# CVE-2017-0630 has no known resolution
+
+# CVE-2017-0749 has no known resolution
+
+CVE_STATUS[CVE-2017-0750] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2017-0786] = "fixed-version: Fixed from version 4.14rc4"
+
+CVE_STATUS[CVE-2017-0861] = "fixed-version: Fixed from version 4.15rc3"
+
+CVE_STATUS[CVE-2017-1000] = "fixed-version: Fixed from version 4.13rc5"
+
+CVE_STATUS[CVE-2017-1000111] = "fixed-version: Fixed from version 4.13rc5"
+
+CVE_STATUS[CVE-2017-1000112] = "fixed-version: Fixed from version 4.13rc5"
+
+CVE_STATUS[CVE-2017-1000251] = "fixed-version: Fixed from version 4.14rc1"
+
+CVE_STATUS[CVE-2017-1000252] = "fixed-version: Fixed from version 4.14rc1"
+
+CVE_STATUS[CVE-2017-1000253] = "fixed-version: Fixed from version 4.1rc1"
+
+CVE_STATUS[CVE-2017-1000255] = "fixed-version: Fixed from version 4.14rc5"
+
+CVE_STATUS[CVE-2017-1000363] = "fixed-version: Fixed from version 4.12rc2"
+
+CVE_STATUS[CVE-2017-1000364] = "fixed-version: Fixed from version 4.12rc6"
+
+CVE_STATUS[CVE-2017-1000365] = "fixed-version: Fixed from version 4.12rc7"
+
+CVE_STATUS[CVE-2017-1000370] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2017-1000371] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2017-1000379] = "fixed-version: Fixed from version 4.12rc6"
+
+CVE_STATUS[CVE-2017-1000380] = "fixed-version: Fixed from version 4.12rc5"
+
+CVE_STATUS[CVE-2017-1000405] = "fixed-version: Fixed from version 4.15rc2"
+
+CVE_STATUS[CVE-2017-1000407] = "fixed-version: Fixed from version 4.15rc3"
+
+CVE_STATUS[CVE-2017-1000410] = "fixed-version: Fixed from version 4.15rc8"
+
+CVE_STATUS[CVE-2017-10661] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2017-10662] = "fixed-version: Fixed from version 4.12rc1"
+
+CVE_STATUS[CVE-2017-10663] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2017-10810] = "fixed-version: Fixed from version 4.12rc1"
+
+CVE_STATUS[CVE-2017-10911] = "fixed-version: Fixed from version 4.12rc7"
+
+CVE_STATUS[CVE-2017-11089] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2017-11176] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2017-11472] = "fixed-version: Fixed from version 4.12rc1"
+
+CVE_STATUS[CVE-2017-11473] = "fixed-version: Fixed from version 4.13rc2"
+
+CVE_STATUS[CVE-2017-11600] = "fixed-version: Fixed from version 4.13"
+
+CVE_STATUS[CVE-2017-12134] = "fixed-version: Fixed from version 4.13rc6"
+
+CVE_STATUS[CVE-2017-12146] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2017-12153] = "fixed-version: Fixed from version 4.14rc2"
+
+CVE_STATUS[CVE-2017-12154] = "fixed-version: Fixed from version 4.14rc1"
+
+CVE_STATUS[CVE-2017-12168] = "fixed-version: Fixed from version 4.9rc6"
+
+CVE_STATUS[CVE-2017-12188] = "fixed-version: Fixed from version 4.14rc5"
+
+CVE_STATUS[CVE-2017-12190] = "fixed-version: Fixed from version 4.14rc5"
+
+CVE_STATUS[CVE-2017-12192] = "fixed-version: Fixed from version 4.14rc3"
+
+CVE_STATUS[CVE-2017-12193] = "fixed-version: Fixed from version 4.14rc7"
+
+CVE_STATUS[CVE-2017-12762] = "fixed-version: Fixed from version 4.13rc4"
+
+CVE_STATUS[CVE-2017-13080] = "fixed-version: Fixed from version 4.14rc6"
+
+CVE_STATUS[CVE-2017-13166] = "fixed-version: Fixed from version 4.16rc1"
+
+CVE_STATUS[CVE-2017-13167] = "fixed-version: Fixed from version 4.5rc4"
+
+CVE_STATUS[CVE-2017-13168] = "fixed-version: Fixed from version 4.18rc4"
+
+CVE_STATUS[CVE-2017-13215] = "fixed-version: Fixed from version 4.5rc1"
+
+CVE_STATUS[CVE-2017-13216] = "fixed-version: Fixed from version 4.15rc8"
+
+CVE_STATUS[CVE-2017-13220] = "fixed-version: Fixed from version 3.19rc3"
+
+# CVE-2017-13221 has no known resolution
+
+# CVE-2017-13222 has no known resolution
+
+CVE_STATUS[CVE-2017-13305] = "fixed-version: Fixed from version 4.12rc5"
+
+CVE_STATUS[CVE-2017-13686] = "fixed-version: Fixed from version 4.13rc7"
+
+# CVE-2017-13693 has no known resolution
+
+# CVE-2017-13694 has no known resolution
+
+CVE_STATUS[CVE-2017-13695] = "fixed-version: Fixed from version 4.17rc1"
+
+CVE_STATUS[CVE-2017-13715] = "fixed-version: Fixed from version 4.3rc1"
+
+CVE_STATUS[CVE-2017-14051] = "fixed-version: Fixed from version 4.14rc1"
+
+CVE_STATUS[CVE-2017-14106] = "fixed-version: Fixed from version 4.12rc3"
+
+CVE_STATUS[CVE-2017-14140] = "fixed-version: Fixed from version 4.13rc6"
+
+CVE_STATUS[CVE-2017-14156] = "fixed-version: Fixed from version 4.14rc1"
+
+CVE_STATUS[CVE-2017-14340] = "fixed-version: Fixed from version 4.14rc1"
+
+CVE_STATUS[CVE-2017-14489] = "fixed-version: Fixed from version 4.14rc3"
+
+CVE_STATUS[CVE-2017-14497] = "fixed-version: Fixed from version 4.13"
+
+CVE_STATUS[CVE-2017-14954] = "fixed-version: Fixed from version 4.14rc3"
+
+CVE_STATUS[CVE-2017-14991] = "fixed-version: Fixed from version 4.14rc2"
+
+CVE_STATUS[CVE-2017-15102] = "fixed-version: Fixed from version 4.9rc1"
+
+CVE_STATUS[CVE-2017-15115] = "fixed-version: Fixed from version 4.14rc6"
+
+CVE_STATUS[CVE-2017-15116] = "fixed-version: Fixed from version 4.2rc1"
+
+CVE_STATUS[CVE-2017-15121] = "fixed-version: Fixed from version 3.11rc1"
+
+CVE_STATUS[CVE-2017-15126] = "fixed-version: Fixed from version 4.14rc4"
+
+CVE_STATUS[CVE-2017-15127] = "fixed-version: Fixed from version 4.13rc5"
+
+CVE_STATUS[CVE-2017-15128] = "fixed-version: Fixed from version 4.14rc8"
+
+CVE_STATUS[CVE-2017-15129] = "fixed-version: Fixed from version 4.15rc5"
+
+CVE_STATUS[CVE-2017-15265] = "fixed-version: Fixed from version 4.14rc5"
+
+CVE_STATUS[CVE-2017-15274] = "fixed-version: Fixed from version 4.12rc5"
+
+CVE_STATUS[CVE-2017-15299] = "fixed-version: Fixed from version 4.14rc6"
+
+CVE_STATUS[CVE-2017-15306] = "fixed-version: Fixed from version 4.14rc7"
+
+CVE_STATUS[CVE-2017-15537] = "fixed-version: Fixed from version 4.14rc3"
+
+CVE_STATUS[CVE-2017-15649] = "fixed-version: Fixed from version 4.14rc4"
+
+CVE_STATUS[CVE-2017-15868] = "fixed-version: Fixed from version 3.19rc3"
+
+CVE_STATUS[CVE-2017-15951] = "fixed-version: Fixed from version 4.14rc6"
+
+CVE_STATUS[CVE-2017-16525] = "fixed-version: Fixed from version 4.14rc5"
+
+CVE_STATUS[CVE-2017-16526] = "fixed-version: Fixed from version 4.14rc4"
+
+CVE_STATUS[CVE-2017-16527] = "fixed-version: Fixed from version 4.14rc5"
+
+CVE_STATUS[CVE-2017-16528] = "fixed-version: Fixed from version 4.14rc1"
+
+CVE_STATUS[CVE-2017-16529] = "fixed-version: Fixed from version 4.14rc4"
+
+CVE_STATUS[CVE-2017-16530] = "fixed-version: Fixed from version 4.14rc4"
+
+CVE_STATUS[CVE-2017-16531] = "fixed-version: Fixed from version 4.14rc4"
+
+CVE_STATUS[CVE-2017-16532] = "fixed-version: Fixed from version 4.14rc5"
+
+CVE_STATUS[CVE-2017-16533] = "fixed-version: Fixed from version 4.14rc5"
+
+CVE_STATUS[CVE-2017-16534] = "fixed-version: Fixed from version 4.14rc4"
+
+CVE_STATUS[CVE-2017-16535] = "fixed-version: Fixed from version 4.14rc6"
+
+CVE_STATUS[CVE-2017-16536] = "fixed-version: Fixed from version 4.15rc1"
+
+CVE_STATUS[CVE-2017-16537] = "fixed-version: Fixed from version 4.15rc1"
+
+CVE_STATUS[CVE-2017-16538] = "fixed-version: Fixed from version 4.16rc1"
+
+CVE_STATUS[CVE-2017-16643] = "fixed-version: Fixed from version 4.14rc7"
+
+CVE_STATUS[CVE-2017-16644] = "fixed-version: Fixed from version 4.16rc1"
+
+CVE_STATUS[CVE-2017-16645] = "fixed-version: Fixed from version 4.14rc6"
+
+CVE_STATUS[CVE-2017-16646] = "fixed-version: Fixed from version 4.15rc1"
+
+CVE_STATUS[CVE-2017-16647] = "fixed-version: Fixed from version 4.14"
+
+CVE_STATUS[CVE-2017-16648] = "fixed-version: Fixed from version 4.15rc1"
+
+CVE_STATUS[CVE-2017-16649] = "fixed-version: Fixed from version 4.14"
+
+CVE_STATUS[CVE-2017-16650] = "fixed-version: Fixed from version 4.14"
+
+CVE_STATUS[CVE-2017-16911] = "fixed-version: Fixed from version 4.15rc4"
+
+CVE_STATUS[CVE-2017-16912] = "fixed-version: Fixed from version 4.15rc4"
+
+CVE_STATUS[CVE-2017-16913] = "fixed-version: Fixed from version 4.15rc4"
+
+CVE_STATUS[CVE-2017-16914] = "fixed-version: Fixed from version 4.15rc4"
+
+CVE_STATUS[CVE-2017-16939] = "fixed-version: Fixed from version 4.14rc7"
+
+CVE_STATUS[CVE-2017-16994] = "fixed-version: Fixed from version 4.15rc1"
+
+CVE_STATUS[CVE-2017-16995] = "fixed-version: Fixed from version 4.15rc5"
+
+CVE_STATUS[CVE-2017-16996] = "fixed-version: Fixed from version 4.15rc5"
+
+CVE_STATUS[CVE-2017-17052] = "fixed-version: Fixed from version 4.13rc7"
+
+CVE_STATUS[CVE-2017-17053] = "fixed-version: Fixed from version 4.13rc7"
+
+CVE_STATUS[CVE-2017-17448] = "fixed-version: Fixed from version 4.15rc4"
+
+CVE_STATUS[CVE-2017-17449] = "fixed-version: Fixed from version 4.15rc4"
+
+CVE_STATUS[CVE-2017-17450] = "fixed-version: Fixed from version 4.15rc4"
+
+CVE_STATUS[CVE-2017-17558] = "fixed-version: Fixed from version 4.15rc4"
+
+CVE_STATUS[CVE-2017-17712] = "fixed-version: Fixed from version 4.15rc4"
+
+CVE_STATUS[CVE-2017-17741] = "fixed-version: Fixed from version 4.15rc5"
+
+CVE_STATUS[CVE-2017-17805] = "fixed-version: Fixed from version 4.15rc4"
+
+CVE_STATUS[CVE-2017-17806] = "fixed-version: Fixed from version 4.15rc4"
+
+CVE_STATUS[CVE-2017-17807] = "fixed-version: Fixed from version 4.15rc3"
+
+CVE_STATUS[CVE-2017-17852] = "fixed-version: Fixed from version 4.15rc5"
+
+CVE_STATUS[CVE-2017-17853] = "fixed-version: Fixed from version 4.15rc5"
+
+CVE_STATUS[CVE-2017-17854] = "fixed-version: Fixed from version 4.15rc5"
+
+CVE_STATUS[CVE-2017-17855] = "fixed-version: Fixed from version 4.15rc5"
+
+CVE_STATUS[CVE-2017-17856] = "fixed-version: Fixed from version 4.15rc5"
+
+CVE_STATUS[CVE-2017-17857] = "fixed-version: Fixed from version 4.15rc5"
+
+CVE_STATUS[CVE-2017-17862] = "fixed-version: Fixed from version 4.15rc1"
+
+CVE_STATUS[CVE-2017-17863] = "fixed-version: Fixed from version 4.15rc5"
+
+CVE_STATUS[CVE-2017-17864] = "fixed-version: Fixed from version 4.15rc5"
+
+CVE_STATUS[CVE-2017-17975] = "fixed-version: Fixed from version 4.17rc1"
+
+CVE_STATUS[CVE-2017-18017] = "fixed-version: Fixed from version 4.11rc7"
+
+CVE_STATUS[CVE-2017-18075] = "fixed-version: Fixed from version 4.15rc7"
+
+CVE_STATUS[CVE-2017-18079] = "fixed-version: Fixed from version 4.13rc1"
+
+# CVE-2017-18169 has no known resolution
+
+CVE_STATUS[CVE-2017-18174] = "fixed-version: Fixed from version 4.7rc1"
+
+CVE_STATUS[CVE-2017-18193] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2017-18200] = "fixed-version: Fixed from version 4.14rc5"
+
+CVE_STATUS[CVE-2017-18202] = "fixed-version: Fixed from version 4.15rc2"
+
+CVE_STATUS[CVE-2017-18203] = "fixed-version: Fixed from version 4.15rc1"
+
+CVE_STATUS[CVE-2017-18204] = "fixed-version: Fixed from version 4.15rc1"
+
+CVE_STATUS[CVE-2017-18208] = "fixed-version: Fixed from version 4.15rc2"
+
+CVE_STATUS[CVE-2017-18216] = "fixed-version: Fixed from version 4.15rc1"
+
+CVE_STATUS[CVE-2017-18218] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2017-18221] = "fixed-version: Fixed from version 4.12rc4"
+
+CVE_STATUS[CVE-2017-18222] = "fixed-version: Fixed from version 4.12rc1"
+
+CVE_STATUS[CVE-2017-18224] = "fixed-version: Fixed from version 4.15rc1"
+
+CVE_STATUS[CVE-2017-18232] = "fixed-version: Fixed from version 4.16rc1"
+
+CVE_STATUS[CVE-2017-18241] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2017-18249] = "fixed-version: Fixed from version 4.12rc1"
+
+CVE_STATUS[CVE-2017-18255] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2017-18257] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2017-18261] = "fixed-version: Fixed from version 4.13rc6"
+
+CVE_STATUS[CVE-2017-18270] = "fixed-version: Fixed from version 4.14rc3"
+
+CVE_STATUS[CVE-2017-18344] = "fixed-version: Fixed from version 4.15rc4"
+
+CVE_STATUS[CVE-2017-18360] = "fixed-version: Fixed from version 4.12rc2"
+
+CVE_STATUS[CVE-2017-18379] = "fixed-version: Fixed from version 4.14rc3"
+
+CVE_STATUS[CVE-2017-18509] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2017-18549] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2017-18550] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2017-18551] = "fixed-version: Fixed from version 4.15rc9"
+
+CVE_STATUS[CVE-2017-18552] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2017-18595] = "fixed-version: Fixed from version 4.15rc6"
+
+CVE_STATUS[CVE-2017-2583] = "fixed-version: Fixed from version 4.10rc4"
+
+CVE_STATUS[CVE-2017-2584] = "fixed-version: Fixed from version 4.10rc4"
+
+CVE_STATUS[CVE-2017-2596] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2017-2618] = "fixed-version: Fixed from version 4.10rc8"
+
+CVE_STATUS[CVE-2017-2634] = "fixed-version: Fixed from version 2.6.25rc1"
+
+CVE_STATUS[CVE-2017-2636] = "fixed-version: Fixed from version 4.11rc2"
+
+CVE_STATUS[CVE-2017-2647] = "fixed-version: Fixed from version 3.18rc1"
+
+CVE_STATUS[CVE-2017-2671] = "fixed-version: Fixed from version 4.11rc6"
+
+CVE_STATUS[CVE-2017-5123] = "fixed-version: Fixed from version 4.14rc5"
+
+CVE_STATUS[CVE-2017-5546] = "fixed-version: Fixed from version 4.10rc4"
+
+CVE_STATUS[CVE-2017-5547] = "fixed-version: Fixed from version 4.10rc5"
+
+CVE_STATUS[CVE-2017-5548] = "fixed-version: Fixed from version 4.10rc5"
+
+CVE_STATUS[CVE-2017-5549] = "fixed-version: Fixed from version 4.10rc4"
+
+CVE_STATUS[CVE-2017-5550] = "fixed-version: Fixed from version 4.10rc4"
+
+CVE_STATUS[CVE-2017-5551] = "fixed-version: Fixed from version 4.10rc4"
+
+CVE_STATUS[CVE-2017-5576] = "fixed-version: Fixed from version 4.10rc6"
+
+CVE_STATUS[CVE-2017-5577] = "fixed-version: Fixed from version 4.10rc6"
+
+CVE_STATUS[CVE-2017-5669] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2017-5715] = "fixed-version: Fixed from version 4.15rc8"
+
+CVE_STATUS[CVE-2017-5753] = "fixed-version: Fixed from version 4.15rc8"
+
+CVE_STATUS[CVE-2017-5754] = "fixed-version: Fixed from version 4.16rc1"
+
+CVE_STATUS[CVE-2017-5897] = "fixed-version: Fixed from version 4.10rc8"
+
+CVE_STATUS[CVE-2017-5967] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2017-5970] = "fixed-version: Fixed from version 4.10rc8"
+
+CVE_STATUS[CVE-2017-5972] = "fixed-version: Fixed from version 4.4rc1"
+
+CVE_STATUS[CVE-2017-5986] = "fixed-version: Fixed from version 4.10rc8"
+
+CVE_STATUS[CVE-2017-6001] = "fixed-version: Fixed from version 4.10rc4"
+
+CVE_STATUS[CVE-2017-6074] = "fixed-version: Fixed from version 4.10"
+
+CVE_STATUS[CVE-2017-6214] = "fixed-version: Fixed from version 4.10rc8"
+
+CVE_STATUS[CVE-2017-6345] = "fixed-version: Fixed from version 4.10"
+
+CVE_STATUS[CVE-2017-6346] = "fixed-version: Fixed from version 4.10"
+
+CVE_STATUS[CVE-2017-6347] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2017-6348] = "fixed-version: Fixed from version 4.10"
+
+CVE_STATUS[CVE-2017-6353] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2017-6874] = "fixed-version: Fixed from version 4.11rc2"
+
+CVE_STATUS[CVE-2017-6951] = "fixed-version: Fixed from version 3.18rc1"
+
+CVE_STATUS[CVE-2017-7184] = "fixed-version: Fixed from version 4.11rc5"
+
+CVE_STATUS[CVE-2017-7187] = "fixed-version: Fixed from version 4.11rc5"
+
+CVE_STATUS[CVE-2017-7261] = "fixed-version: Fixed from version 4.11rc6"
+
+CVE_STATUS[CVE-2017-7273] = "fixed-version: Fixed from version 4.10rc4"
+
+CVE_STATUS[CVE-2017-7277] = "fixed-version: Fixed from version 4.11rc4"
+
+CVE_STATUS[CVE-2017-7294] = "fixed-version: Fixed from version 4.11rc6"
+
+CVE_STATUS[CVE-2017-7308] = "fixed-version: Fixed from version 4.11rc6"
+
+CVE_STATUS[CVE-2017-7346] = "fixed-version: Fixed from version 4.12rc5"
+
+# CVE-2017-7369 has no known resolution
+
+CVE_STATUS[CVE-2017-7374] = "fixed-version: Fixed from version 4.11rc4"
+
+CVE_STATUS[CVE-2017-7472] = "fixed-version: Fixed from version 4.11rc8"
+
+CVE_STATUS[CVE-2017-7477] = "fixed-version: Fixed from version 4.11"
+
+CVE_STATUS[CVE-2017-7482] = "fixed-version: Fixed from version 4.12rc7"
+
+CVE_STATUS[CVE-2017-7487] = "fixed-version: Fixed from version 4.12rc1"
+
+CVE_STATUS[CVE-2017-7495] = "fixed-version: Fixed from version 4.7rc1"
+
+CVE_STATUS[CVE-2017-7518] = "fixed-version: Fixed from version 4.12rc7"
+
+CVE_STATUS[CVE-2017-7533] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2017-7541] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2017-7542] = "fixed-version: Fixed from version 4.13rc2"
+
+CVE_STATUS[CVE-2017-7558] = "fixed-version: Fixed from version 4.13"
+
+CVE_STATUS[CVE-2017-7616] = "fixed-version: Fixed from version 4.11rc6"
+
+CVE_STATUS[CVE-2017-7618] = "fixed-version: Fixed from version 4.11rc8"
+
+CVE_STATUS[CVE-2017-7645] = "fixed-version: Fixed from version 4.11"
+
+CVE_STATUS[CVE-2017-7889] = "fixed-version: Fixed from version 4.11rc7"
+
+CVE_STATUS[CVE-2017-7895] = "fixed-version: Fixed from version 4.11"
+
+CVE_STATUS[CVE-2017-7979] = "fixed-version: Fixed from version 4.11rc8"
+
+CVE_STATUS[CVE-2017-8061] = "fixed-version: Fixed from version 4.11rc4"
+
+CVE_STATUS[CVE-2017-8062] = "fixed-version: Fixed from version 4.11rc2"
+
+CVE_STATUS[CVE-2017-8063] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2017-8064] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2017-8065] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2017-8066] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2017-8067] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2017-8068] = "fixed-version: Fixed from version 4.10rc8"
+
+CVE_STATUS[CVE-2017-8069] = "fixed-version: Fixed from version 4.10rc8"
+
+CVE_STATUS[CVE-2017-8070] = "fixed-version: Fixed from version 4.10rc8"
+
+CVE_STATUS[CVE-2017-8071] = "fixed-version: Fixed from version 4.10rc7"
+
+CVE_STATUS[CVE-2017-8072] = "fixed-version: Fixed from version 4.10rc7"
+
+CVE_STATUS[CVE-2017-8106] = "fixed-version: Fixed from version 3.16rc1"
+
+CVE_STATUS[CVE-2017-8240] = "fixed-version: Fixed from version 3.19rc6"
+
+# CVE-2017-8242 has no known resolution
+
+# CVE-2017-8244 has no known resolution
+
+# CVE-2017-8245 has no known resolution
+
+# CVE-2017-8246 has no known resolution
+
+CVE_STATUS[CVE-2017-8797] = "fixed-version: Fixed from version 4.12rc1"
+
+CVE_STATUS[CVE-2017-8824] = "fixed-version: Fixed from version 4.15rc3"
+
+CVE_STATUS[CVE-2017-8831] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2017-8890] = "fixed-version: Fixed from version 4.12rc1"
+
+CVE_STATUS[CVE-2017-8924] = "fixed-version: Fixed from version 4.11rc2"
+
+CVE_STATUS[CVE-2017-8925] = "fixed-version: Fixed from version 4.11rc2"
+
+CVE_STATUS[CVE-2017-9059] = "fixed-version: Fixed from version 4.12rc1"
+
+CVE_STATUS[CVE-2017-9074] = "fixed-version: Fixed from version 4.12rc2"
+
+CVE_STATUS[CVE-2017-9075] = "fixed-version: Fixed from version 4.12rc2"
+
+CVE_STATUS[CVE-2017-9076] = "fixed-version: Fixed from version 4.12rc2"
+
+CVE_STATUS[CVE-2017-9077] = "fixed-version: Fixed from version 4.12rc2"
+
+CVE_STATUS[CVE-2017-9150] = "fixed-version: Fixed from version 4.12rc1"
+
+CVE_STATUS[CVE-2017-9211] = "fixed-version: Fixed from version 4.12rc3"
+
+CVE_STATUS[CVE-2017-9242] = "fixed-version: Fixed from version 4.12rc3"
+
+CVE_STATUS[CVE-2017-9605] = "fixed-version: Fixed from version 4.12rc5"
+
+CVE_STATUS[CVE-2017-9725] = "fixed-version: Fixed from version 4.3rc7"
+
+CVE_STATUS[CVE-2017-9984] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2017-9985] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2017-9986] = "fixed-version: Fixed from version 4.15rc1"
+
+CVE_STATUS[CVE-2018-1000004] = "fixed-version: Fixed from version 4.15rc9"
+
+CVE_STATUS[CVE-2018-1000026] = "fixed-version: Fixed from version 4.16rc1"
+
+CVE_STATUS[CVE-2018-1000028] = "fixed-version: Fixed from version 4.15"
+
+CVE_STATUS[CVE-2018-1000199] = "fixed-version: Fixed from version 4.16"
+
+CVE_STATUS[CVE-2018-1000200] = "fixed-version: Fixed from version 4.17rc5"
+
+CVE_STATUS[CVE-2018-1000204] = "fixed-version: Fixed from version 4.17rc7"
+
+CVE_STATUS[CVE-2018-10021] = "fixed-version: Fixed from version 4.16rc7"
+
+CVE_STATUS[CVE-2018-10074] = "fixed-version: Fixed from version 4.16rc7"
+
+CVE_STATUS[CVE-2018-10087] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2018-10124] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2018-10322] = "fixed-version: Fixed from version 4.17rc4"
+
+CVE_STATUS[CVE-2018-10323] = "fixed-version: Fixed from version 4.17rc4"
+
+CVE_STATUS[CVE-2018-1065] = "fixed-version: Fixed from version 4.16rc3"
+
+CVE_STATUS[CVE-2018-1066] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2018-10675] = "fixed-version: Fixed from version 4.13rc6"
+
+CVE_STATUS[CVE-2018-1068] = "fixed-version: Fixed from version 4.16rc5"
+
+CVE_STATUS[CVE-2018-10840] = "fixed-version: Fixed from version 4.18rc1"
+
+CVE_STATUS[CVE-2018-10853] = "fixed-version: Fixed from version 4.18rc1"
+
+CVE_STATUS[CVE-2018-1087] = "fixed-version: Fixed from version 4.16rc7"
+
+# CVE-2018-10872 has no known resolution
+
+CVE_STATUS[CVE-2018-10876] = "fixed-version: Fixed from version 4.18rc4"
+
+CVE_STATUS[CVE-2018-10877] = "fixed-version: Fixed from version 4.18rc4"
+
+CVE_STATUS[CVE-2018-10878] = "fixed-version: Fixed from version 4.18rc4"
+
+CVE_STATUS[CVE-2018-10879] = "fixed-version: Fixed from version 4.18rc4"
+
+CVE_STATUS[CVE-2018-10880] = "fixed-version: Fixed from version 4.18rc4"
+
+CVE_STATUS[CVE-2018-10881] = "fixed-version: Fixed from version 4.18rc4"
+
+CVE_STATUS[CVE-2018-10882] = "fixed-version: Fixed from version 4.18rc4"
+
+CVE_STATUS[CVE-2018-10883] = "fixed-version: Fixed from version 4.18rc4"
+
+CVE_STATUS[CVE-2018-10901] = "fixed-version: Fixed from version 2.6.36rc1"
+
+CVE_STATUS[CVE-2018-10902] = "fixed-version: Fixed from version 4.18rc6"
+
+CVE_STATUS[CVE-2018-1091] = "fixed-version: Fixed from version 4.14rc2"
+
+CVE_STATUS[CVE-2018-1092] = "fixed-version: Fixed from version 4.17rc1"
+
+CVE_STATUS[CVE-2018-1093] = "fixed-version: Fixed from version 4.17rc1"
+
+CVE_STATUS[CVE-2018-10938] = "fixed-version: Fixed from version 4.13rc5"
+
+CVE_STATUS[CVE-2018-1094] = "fixed-version: Fixed from version 4.17rc1"
+
+CVE_STATUS[CVE-2018-10940] = "fixed-version: Fixed from version 4.17rc3"
+
+CVE_STATUS[CVE-2018-1095] = "fixed-version: Fixed from version 4.17rc1"
+
+CVE_STATUS[CVE-2018-1108] = "fixed-version: Fixed from version 4.17rc2"
+
+CVE_STATUS[CVE-2018-1118] = "fixed-version: Fixed from version 4.18rc1"
+
+CVE_STATUS[CVE-2018-1120] = "fixed-version: Fixed from version 4.17rc6"
+
+# CVE-2018-1121 has no known resolution
+
+CVE_STATUS[CVE-2018-11232] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2018-1128] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-1129] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-1130] = "fixed-version: Fixed from version 4.16rc7"
+
+CVE_STATUS[CVE-2018-11412] = "fixed-version: Fixed from version 4.18rc1"
+
+CVE_STATUS[CVE-2018-11506] = "fixed-version: Fixed from version 4.17rc7"
+
+CVE_STATUS[CVE-2018-11508] = "fixed-version: Fixed from version 4.17rc5"
+
+# CVE-2018-11987 has no known resolution
+
+CVE_STATUS[CVE-2018-12126] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2018-12127] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2018-12130] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2018-12207] = "fixed-version: Fixed from version 5.4rc2"
+
+CVE_STATUS[CVE-2018-12232] = "fixed-version: Fixed from version 4.18rc1"
+
+CVE_STATUS[CVE-2018-12233] = "fixed-version: Fixed from version 4.18rc2"
+
+CVE_STATUS[CVE-2018-12633] = "fixed-version: Fixed from version 4.18rc1"
+
+CVE_STATUS[CVE-2018-12714] = "fixed-version: Fixed from version 4.18rc2"
+
+CVE_STATUS[CVE-2018-12896] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-12904] = "fixed-version: Fixed from version 4.18rc1"
+
+# CVE-2018-12928 has no known resolution
+
+# CVE-2018-12929 has no known resolution
+
+# CVE-2018-12930 has no known resolution
+
+# CVE-2018-12931 has no known resolution
+
+CVE_STATUS[CVE-2018-13053] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-13093] = "fixed-version: Fixed from version 4.18rc1"
+
+CVE_STATUS[CVE-2018-13094] = "fixed-version: Fixed from version 4.18rc1"
+
+CVE_STATUS[CVE-2018-13095] = "fixed-version: Fixed from version 4.18rc3"
+
+CVE_STATUS[CVE-2018-13096] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-13097] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-13098] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-13099] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-13100] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-13405] = "fixed-version: Fixed from version 4.18rc4"
+
+CVE_STATUS[CVE-2018-13406] = "fixed-version: Fixed from version 4.18rc1"
+
+CVE_STATUS[CVE-2018-14609] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-14610] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-14611] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-14612] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-14613] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-14614] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-14615] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-14616] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-14617] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-14619] = "fixed-version: Fixed from version 4.15rc4"
+
+CVE_STATUS[CVE-2018-14625] = "fixed-version: Fixed from version 4.20rc6"
+
+CVE_STATUS[CVE-2018-14633] = "fixed-version: Fixed from version 4.19rc6"
+
+CVE_STATUS[CVE-2018-14634] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2018-14641] = "fixed-version: Fixed from version 4.19rc4"
+
+CVE_STATUS[CVE-2018-14646] = "fixed-version: Fixed from version 4.15rc8"
+
+CVE_STATUS[CVE-2018-14656] = "fixed-version: Fixed from version 4.19rc2"
+
+CVE_STATUS[CVE-2018-14678] = "fixed-version: Fixed from version 4.18rc8"
+
+CVE_STATUS[CVE-2018-14734] = "fixed-version: Fixed from version 4.18rc1"
+
+CVE_STATUS[CVE-2018-15471] = "fixed-version: Fixed from version 4.19rc7"
+
+CVE_STATUS[CVE-2018-15572] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-15594] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-16276] = "fixed-version: Fixed from version 4.18rc5"
+
+CVE_STATUS[CVE-2018-16597] = "fixed-version: Fixed from version 4.8rc1"
+
+CVE_STATUS[CVE-2018-16658] = "fixed-version: Fixed from version 4.19rc2"
+
+CVE_STATUS[CVE-2018-16862] = "fixed-version: Fixed from version 4.20rc5"
+
+CVE_STATUS[CVE-2018-16871] = "fixed-version: Fixed from version 4.20rc3"
+
+CVE_STATUS[CVE-2018-16880] = "fixed-version: Fixed from version 5.0rc5"
+
+CVE_STATUS[CVE-2018-16882] = "fixed-version: Fixed from version 4.20"
+
+CVE_STATUS[CVE-2018-16884] = "fixed-version: Fixed from version 5.0rc1"
+
+# CVE-2018-16885 has no known resolution
+
+CVE_STATUS[CVE-2018-17182] = "fixed-version: Fixed from version 4.19rc4"
+
+CVE_STATUS[CVE-2018-17972] = "fixed-version: Fixed from version 4.19rc7"
+
+# CVE-2018-17977 has no known resolution
+
+CVE_STATUS[CVE-2018-18021] = "fixed-version: Fixed from version 4.19rc7"
+
+CVE_STATUS[CVE-2018-18281] = "fixed-version: Fixed from version 4.19"
+
+CVE_STATUS[CVE-2018-18386] = "fixed-version: Fixed from version 4.15rc6"
+
+CVE_STATUS[CVE-2018-18397] = "fixed-version: Fixed from version 4.20rc5"
+
+CVE_STATUS[CVE-2018-18445] = "fixed-version: Fixed from version 4.19rc7"
+
+CVE_STATUS[CVE-2018-18559] = "fixed-version: Fixed from version 4.15rc2"
+
+# CVE-2018-18653 has no known resolution
+
+CVE_STATUS[CVE-2018-18690] = "fixed-version: Fixed from version 4.17rc4"
+
+CVE_STATUS[CVE-2018-18710] = "fixed-version: Fixed from version 4.20rc1"
+
+CVE_STATUS[CVE-2018-18955] = "fixed-version: Fixed from version 4.20rc2"
+
+CVE_STATUS[CVE-2018-19406] = "fixed-version: Fixed from version 4.20rc5"
+
+CVE_STATUS[CVE-2018-19407] = "fixed-version: Fixed from version 4.20rc5"
+
+CVE_STATUS[CVE-2018-19824] = "fixed-version: Fixed from version 4.20rc6"
+
+CVE_STATUS[CVE-2018-19854] = "fixed-version: Fixed from version 4.20rc3"
+
+CVE_STATUS[CVE-2018-19985] = "fixed-version: Fixed from version 4.20"
+
+CVE_STATUS[CVE-2018-20169] = "fixed-version: Fixed from version 4.20rc6"
+
+CVE_STATUS[CVE-2018-20449] = "fixed-version: Fixed from version 4.15rc2"
+
+CVE_STATUS[CVE-2018-20509] = "fixed-version: Fixed from version 4.14rc1"
+
+CVE_STATUS[CVE-2018-20510] = "fixed-version: Fixed from version 4.16rc3"
+
+CVE_STATUS[CVE-2018-20511] = "fixed-version: Fixed from version 4.19rc5"
+
+CVE_STATUS[CVE-2018-20669] = "fixed-version: Fixed from version 5.0rc1"
+
+CVE_STATUS[CVE-2018-20784] = "fixed-version: Fixed from version 5.0rc1"
+
+CVE_STATUS[CVE-2018-20836] = "fixed-version: Fixed from version 4.20rc1"
+
+CVE_STATUS[CVE-2018-20854] = "fixed-version: Fixed from version 4.20rc1"
+
+CVE_STATUS[CVE-2018-20855] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-20856] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-20961] = "fixed-version: Fixed from version 4.17rc1"
+
+CVE_STATUS[CVE-2018-20976] = "fixed-version: Fixed from version 4.18rc1"
+
+CVE_STATUS[CVE-2018-21008] = "fixed-version: Fixed from version 4.18rc1"
+
+CVE_STATUS[CVE-2018-25015] = "fixed-version: Fixed from version 4.15rc9"
+
+CVE_STATUS[CVE-2018-25020] = "fixed-version: Fixed from version 4.17rc7"
+
+# CVE-2018-3574 has no known resolution
+
+CVE_STATUS[CVE-2018-3620] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-3639] = "fixed-version: Fixed from version 4.17rc7"
+
+CVE_STATUS[CVE-2018-3646] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-3665] = "fixed-version: Fixed from version 3.7rc1"
+
+CVE_STATUS[CVE-2018-3693] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-5332] = "fixed-version: Fixed from version 4.15rc8"
+
+CVE_STATUS[CVE-2018-5333] = "fixed-version: Fixed from version 4.15rc8"
+
+CVE_STATUS[CVE-2018-5344] = "fixed-version: Fixed from version 4.15rc8"
+
+CVE_STATUS[CVE-2018-5390] = "fixed-version: Fixed from version 4.18rc7"
+
+CVE_STATUS[CVE-2018-5391] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-5703] = "fixed-version: Fixed from version 4.16rc5"
+
+CVE_STATUS[CVE-2018-5750] = "fixed-version: Fixed from version 4.16rc1"
+
+CVE_STATUS[CVE-2018-5803] = "fixed-version: Fixed from version 4.16rc1"
+
+CVE_STATUS[CVE-2018-5814] = "fixed-version: Fixed from version 4.17rc6"
+
+CVE_STATUS[CVE-2018-5848] = "fixed-version: Fixed from version 4.16rc1"
+
+# Skipping CVE-2018-5856, no affected_versions
+
+CVE_STATUS[CVE-2018-5873] = "fixed-version: Fixed from version 4.11rc8"
+
+CVE_STATUS[CVE-2018-5953] = "fixed-version: Fixed from version 4.15rc2"
+
+CVE_STATUS[CVE-2018-5995] = "fixed-version: Fixed from version 4.15rc2"
+
+CVE_STATUS[CVE-2018-6412] = "fixed-version: Fixed from version 4.16rc5"
+
+CVE_STATUS[CVE-2018-6554] = "fixed-version: Fixed from version 4.17rc1"
+
+CVE_STATUS[CVE-2018-6555] = "fixed-version: Fixed from version 4.17rc1"
+
+# CVE-2018-6559 has no known resolution
+
+CVE_STATUS[CVE-2018-6927] = "fixed-version: Fixed from version 4.15rc9"
+
+CVE_STATUS[CVE-2018-7191] = "fixed-version: Fixed from version 4.14rc6"
+
+CVE_STATUS[CVE-2018-7273] = "fixed-version: Fixed from version 4.15rc2"
+
+CVE_STATUS[CVE-2018-7480] = "fixed-version: Fixed from version 4.11rc1"
+
+CVE_STATUS[CVE-2018-7492] = "fixed-version: Fixed from version 4.15rc3"
+
+CVE_STATUS[CVE-2018-7566] = "fixed-version: Fixed from version 4.16rc2"
+
+CVE_STATUS[CVE-2018-7740] = "fixed-version: Fixed from version 4.16rc7"
+
+CVE_STATUS[CVE-2018-7754] = "fixed-version: Fixed from version 4.15rc2"
+
+CVE_STATUS[CVE-2018-7755] = "fixed-version: Fixed from version 4.19rc5"
+
+CVE_STATUS[CVE-2018-7757] = "fixed-version: Fixed from version 4.16rc1"
+
+CVE_STATUS[CVE-2018-7995] = "fixed-version: Fixed from version 4.16rc5"
+
+CVE_STATUS[CVE-2018-8043] = "fixed-version: Fixed from version 4.16rc1"
+
+CVE_STATUS[CVE-2018-8087] = "fixed-version: Fixed from version 4.16rc1"
+
+CVE_STATUS[CVE-2018-8781] = "fixed-version: Fixed from version 4.16rc7"
+
+CVE_STATUS[CVE-2018-8822] = "fixed-version: Fixed from version 4.16rc7"
+
+CVE_STATUS[CVE-2018-8897] = "fixed-version: Fixed from version 4.16rc7"
+
+CVE_STATUS[CVE-2018-9363] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2018-9385] = "fixed-version: Fixed from version 4.17rc3"
+
+CVE_STATUS[CVE-2018-9415] = "fixed-version: Fixed from version 4.17rc3"
+
+CVE_STATUS[CVE-2018-9422] = "fixed-version: Fixed from version 4.6rc1"
+
+CVE_STATUS[CVE-2018-9465] = "fixed-version: Fixed from version 4.15rc6"
+
+CVE_STATUS[CVE-2018-9516] = "fixed-version: Fixed from version 4.18rc5"
+
+CVE_STATUS[CVE-2018-9517] = "fixed-version: Fixed from version 4.14rc1"
+
+CVE_STATUS[CVE-2018-9518] = "fixed-version: Fixed from version 4.16rc3"
+
+CVE_STATUS[CVE-2018-9568] = "fixed-version: Fixed from version 4.14rc4"
+
+CVE_STATUS[CVE-2019-0136] = "fixed-version: Fixed from version 5.2rc6"
+
+CVE_STATUS[CVE-2019-0145] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-0146] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-0147] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-0148] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-0149] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-0154] = "fixed-version: Fixed from version 5.4rc8"
+
+CVE_STATUS[CVE-2019-0155] = "fixed-version: Fixed from version 5.4rc8"
+
+CVE_STATUS[CVE-2019-10124] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-10125] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-10126] = "fixed-version: Fixed from version 5.2rc6"
+
+# CVE-2019-10140 has no known resolution
+
+CVE_STATUS[CVE-2019-10142] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-10207] = "fixed-version: Fixed from version 5.3rc3"
+
+CVE_STATUS[CVE-2019-10220] = "fixed-version: Fixed from version 5.4rc2"
+
+CVE_STATUS[CVE-2019-10638] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-10639] = "fixed-version: Fixed from version 5.1rc4"
+
+CVE_STATUS[CVE-2019-11085] = "fixed-version: Fixed from version 5.0rc3"
+
+CVE_STATUS[CVE-2019-11091] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-11135] = "fixed-version: Fixed from version 5.4rc8"
+
+CVE_STATUS[CVE-2019-11190] = "fixed-version: Fixed from version 4.8rc5"
+
+CVE_STATUS[CVE-2019-11191] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-1125] = "fixed-version: Fixed from version 5.3rc4"
+
+CVE_STATUS[CVE-2019-11477] = "fixed-version: Fixed from version 5.2rc6"
+
+CVE_STATUS[CVE-2019-11478] = "fixed-version: Fixed from version 5.2rc6"
+
+CVE_STATUS[CVE-2019-11479] = "fixed-version: Fixed from version 5.2rc6"
+
+CVE_STATUS[CVE-2019-11486] = "fixed-version: Fixed from version 5.1rc4"
+
+CVE_STATUS[CVE-2019-11487] = "fixed-version: Fixed from version 5.1rc5"
+
+CVE_STATUS[CVE-2019-11599] = "fixed-version: Fixed from version 5.1rc6"
+
+CVE_STATUS[CVE-2019-11683] = "fixed-version: Fixed from version 5.1"
+
+CVE_STATUS[CVE-2019-11810] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-11811] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-11815] = "fixed-version: Fixed from version 5.1rc4"
+
+CVE_STATUS[CVE-2019-11833] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-11884] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-12378] = "fixed-version: Fixed from version 5.2rc3"
+
+CVE_STATUS[CVE-2019-12379] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-12380] = "fixed-version: Fixed from version 5.2rc3"
+
+CVE_STATUS[CVE-2019-12381] = "fixed-version: Fixed from version 5.2rc3"
+
+CVE_STATUS[CVE-2019-12382] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-12454] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-12455] = "fixed-version: Fixed from version 5.3rc1"
+
+# CVE-2019-12456 has no known resolution
+
+CVE_STATUS[CVE-2019-12614] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-12615] = "fixed-version: Fixed from version 5.2rc4"
+
+CVE_STATUS[CVE-2019-12817] = "fixed-version: Fixed from version 5.2rc7"
+
+CVE_STATUS[CVE-2019-12818] = "fixed-version: Fixed from version 5.0"
+
+CVE_STATUS[CVE-2019-12819] = "fixed-version: Fixed from version 5.0rc8"
+
+CVE_STATUS[CVE-2019-12881] = "fixed-version: Fixed from version 4.18rc1"
+
+CVE_STATUS[CVE-2019-12984] = "fixed-version: Fixed from version 5.2rc6"
+
+CVE_STATUS[CVE-2019-13233] = "fixed-version: Fixed from version 5.2rc4"
+
+CVE_STATUS[CVE-2019-13272] = "fixed-version: Fixed from version 5.2"
+
+CVE_STATUS[CVE-2019-13631] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-13648] = "fixed-version: Fixed from version 5.3rc2"
+
+CVE_STATUS[CVE-2019-14283] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-14284] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-14615] = "fixed-version: Fixed from version 5.5rc7"
+
+CVE_STATUS[CVE-2019-14763] = "fixed-version: Fixed from version 4.17rc1"
+
+CVE_STATUS[CVE-2019-14814] = "fixed-version: Fixed from version 5.3"
+
+CVE_STATUS[CVE-2019-14815] = "fixed-version: Fixed from version 5.3"
+
+CVE_STATUS[CVE-2019-14816] = "fixed-version: Fixed from version 5.3"
+
+CVE_STATUS[CVE-2019-14821] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-14835] = "fixed-version: Fixed from version 5.3"
+
+CVE_STATUS[CVE-2019-14895] = "fixed-version: Fixed from version 5.5rc3"
+
+CVE_STATUS[CVE-2019-14896] = "fixed-version: Fixed from version 5.5"
+
+CVE_STATUS[CVE-2019-14897] = "fixed-version: Fixed from version 5.5"
+
+# CVE-2019-14898 has no known resolution
+
+CVE_STATUS[CVE-2019-14901] = "fixed-version: Fixed from version 5.5rc3"
+
+CVE_STATUS[CVE-2019-15030] = "fixed-version: Fixed from version 5.3rc8"
+
+CVE_STATUS[CVE-2019-15031] = "fixed-version: Fixed from version 5.3rc8"
+
+CVE_STATUS[CVE-2019-15090] = "fixed-version: Fixed from version 5.2rc2"
+
+CVE_STATUS[CVE-2019-15098] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-15099] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-15117] = "fixed-version: Fixed from version 5.3rc5"
+
+CVE_STATUS[CVE-2019-15118] = "fixed-version: Fixed from version 5.3rc5"
+
+CVE_STATUS[CVE-2019-15211] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-15212] = "fixed-version: Fixed from version 5.2rc3"
+
+CVE_STATUS[CVE-2019-15213] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-15214] = "fixed-version: Fixed from version 5.1rc6"
+
+CVE_STATUS[CVE-2019-15215] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-15216] = "fixed-version: Fixed from version 5.1"
+
+CVE_STATUS[CVE-2019-15217] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-15218] = "fixed-version: Fixed from version 5.2rc3"
+
+CVE_STATUS[CVE-2019-15219] = "fixed-version: Fixed from version 5.2rc3"
+
+CVE_STATUS[CVE-2019-15220] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-15221] = "fixed-version: Fixed from version 5.2"
+
+CVE_STATUS[CVE-2019-15222] = "fixed-version: Fixed from version 5.3rc3"
+
+CVE_STATUS[CVE-2019-15223] = "fixed-version: Fixed from version 5.2rc3"
+
+# CVE-2019-15239 has no known resolution
+
+# CVE-2019-15290 has no known resolution
+
+CVE_STATUS[CVE-2019-15291] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-15292] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-15504] = "fixed-version: Fixed from version 5.3"
+
+CVE_STATUS[CVE-2019-15505] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-15538] = "fixed-version: Fixed from version 5.3rc6"
+
+CVE_STATUS[CVE-2019-15666] = "fixed-version: Fixed from version 5.1"
+
+# CVE-2019-15791 has no known resolution
+
+# CVE-2019-15792 has no known resolution
+
+# CVE-2019-15793 has no known resolution
+
+CVE_STATUS[CVE-2019-15794] = "fixed-version: Fixed from version 5.12"
+
+CVE_STATUS[CVE-2019-15807] = "fixed-version: Fixed from version 5.2rc3"
+
+# CVE-2019-15902 has no known resolution
+
+CVE_STATUS[CVE-2019-15916] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-15917] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-15918] = "fixed-version: Fixed from version 5.1rc6"
+
+CVE_STATUS[CVE-2019-15919] = "fixed-version: Fixed from version 5.1rc6"
+
+CVE_STATUS[CVE-2019-15920] = "fixed-version: Fixed from version 5.1rc6"
+
+CVE_STATUS[CVE-2019-15921] = "fixed-version: Fixed from version 5.1rc3"
+
+CVE_STATUS[CVE-2019-15922] = "fixed-version: Fixed from version 5.1rc4"
+
+CVE_STATUS[CVE-2019-15923] = "fixed-version: Fixed from version 5.1rc4"
+
+CVE_STATUS[CVE-2019-15924] = "fixed-version: Fixed from version 5.1rc4"
+
+CVE_STATUS[CVE-2019-15925] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-15926] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-15927] = "fixed-version: Fixed from version 5.0rc2"
+
+# CVE-2019-16089 has no known resolution
+
+CVE_STATUS[CVE-2019-16229] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-16230] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-16231] = "fixed-version: Fixed from version 5.4rc6"
+
+CVE_STATUS[CVE-2019-16232] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-16233] = "fixed-version: Fixed from version 5.4rc5"
+
+CVE_STATUS[CVE-2019-16234] = "fixed-version: Fixed from version 5.4rc4"
+
+CVE_STATUS[CVE-2019-16413] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-16714] = "fixed-version: Fixed from version 5.3rc7"
+
+CVE_STATUS[CVE-2019-16746] = "fixed-version: Fixed from version 5.4rc2"
+
+CVE_STATUS[CVE-2019-16921] = "fixed-version: Fixed from version 4.17rc1"
+
+CVE_STATUS[CVE-2019-16994] = "fixed-version: Fixed from version 5.0"
+
+CVE_STATUS[CVE-2019-16995] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-17052] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-17053] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-17054] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-17055] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-17056] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-17075] = "fixed-version: Fixed from version 5.4rc3"
+
+CVE_STATUS[CVE-2019-17133] = "fixed-version: Fixed from version 5.4rc4"
+
+CVE_STATUS[CVE-2019-17351] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-17666] = "fixed-version: Fixed from version 5.4rc6"
+
+CVE_STATUS[CVE-2019-18198] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-18282] = "fixed-version: Fixed from version 5.4rc6"
+
+CVE_STATUS[CVE-2019-18660] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-18675] = "fixed-version: Fixed from version 4.17rc5"
+
+# CVE-2019-18680 has no known resolution
+
+CVE_STATUS[CVE-2019-18683] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-18786] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-18805] = "fixed-version: Fixed from version 5.1rc7"
+
+CVE_STATUS[CVE-2019-18806] = "fixed-version: Fixed from version 5.4rc2"
+
+CVE_STATUS[CVE-2019-18807] = "fixed-version: Fixed from version 5.4rc2"
+
+CVE_STATUS[CVE-2019-18808] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-18809] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-18810] = "fixed-version: Fixed from version 5.4rc2"
+
+CVE_STATUS[CVE-2019-18811] = "fixed-version: Fixed from version 5.4rc7"
+
+CVE_STATUS[CVE-2019-18812] = "fixed-version: Fixed from version 5.4rc7"
+
+CVE_STATUS[CVE-2019-18813] = "fixed-version: Fixed from version 5.4rc6"
+
+CVE_STATUS[CVE-2019-18814] = "fixed-version: Fixed from version 5.7rc7"
+
+CVE_STATUS[CVE-2019-18885] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-19036] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-19037] = "fixed-version: Fixed from version 5.5rc3"
+
+CVE_STATUS[CVE-2019-19039] = "fixed-version: Fixed from version 5.7rc1"
+
+CVE_STATUS[CVE-2019-19043] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19044] = "fixed-version: Fixed from version 5.4rc6"
+
+CVE_STATUS[CVE-2019-19045] = "fixed-version: Fixed from version 5.4rc6"
+
+CVE_STATUS[CVE-2019-19046] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19047] = "fixed-version: Fixed from version 5.4rc6"
+
+CVE_STATUS[CVE-2019-19048] = "fixed-version: Fixed from version 5.4rc3"
+
+CVE_STATUS[CVE-2019-19049] = "fixed-version: Fixed from version 5.4rc5"
+
+CVE_STATUS[CVE-2019-19050] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19051] = "fixed-version: Fixed from version 5.4rc6"
+
+CVE_STATUS[CVE-2019-19052] = "fixed-version: Fixed from version 5.4rc7"
+
+CVE_STATUS[CVE-2019-19053] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19054] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19055] = "fixed-version: Fixed from version 5.4rc4"
+
+CVE_STATUS[CVE-2019-19056] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19057] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19058] = "fixed-version: Fixed from version 5.4rc4"
+
+CVE_STATUS[CVE-2019-19059] = "fixed-version: Fixed from version 5.4rc4"
+
+CVE_STATUS[CVE-2019-19060] = "fixed-version: Fixed from version 5.4rc3"
+
+CVE_STATUS[CVE-2019-19061] = "fixed-version: Fixed from version 5.4rc3"
+
+CVE_STATUS[CVE-2019-19062] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19063] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19064] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19065] = "fixed-version: Fixed from version 5.4rc3"
+
+CVE_STATUS[CVE-2019-19066] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19067] = "fixed-version: Fixed from version 5.4rc2"
+
+CVE_STATUS[CVE-2019-19068] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19069] = "fixed-version: Fixed from version 5.4rc3"
+
+CVE_STATUS[CVE-2019-19070] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19071] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19072] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-19073] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-19074] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-19075] = "fixed-version: Fixed from version 5.4rc2"
+
+CVE_STATUS[CVE-2019-19076] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-19077] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-19078] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19079] = "fixed-version: Fixed from version 5.3"
+
+CVE_STATUS[CVE-2019-19080] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-19081] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-19082] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-19083] = "fixed-version: Fixed from version 5.4rc2"
+
+CVE_STATUS[CVE-2019-19227] = "fixed-version: Fixed from version 5.1rc3"
+
+CVE_STATUS[CVE-2019-19241] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19252] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19318] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-19319] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-19332] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19338] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19377] = "fixed-version: Fixed from version 5.7rc1"
+
+# CVE-2019-19378 has no known resolution
+
+CVE_STATUS[CVE-2019-19447] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19448] = "fixed-version: Fixed from version 5.9rc1"
+
+CVE_STATUS[CVE-2019-19449] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2019-19462] = "fixed-version: Fixed from version 5.8rc1"
+
+CVE_STATUS[CVE-2019-19523] = "fixed-version: Fixed from version 5.4rc3"
+
+CVE_STATUS[CVE-2019-19524] = "fixed-version: Fixed from version 5.4rc8"
+
+CVE_STATUS[CVE-2019-19525] = "fixed-version: Fixed from version 5.4rc2"
+
+CVE_STATUS[CVE-2019-19526] = "fixed-version: Fixed from version 5.4rc4"
+
+CVE_STATUS[CVE-2019-19527] = "fixed-version: Fixed from version 5.3rc4"
+
+CVE_STATUS[CVE-2019-19528] = "fixed-version: Fixed from version 5.4rc3"
+
+CVE_STATUS[CVE-2019-19529] = "fixed-version: Fixed from version 5.4rc7"
+
+CVE_STATUS[CVE-2019-19530] = "fixed-version: Fixed from version 5.3rc5"
+
+CVE_STATUS[CVE-2019-19531] = "fixed-version: Fixed from version 5.3rc4"
+
+CVE_STATUS[CVE-2019-19532] = "fixed-version: Fixed from version 5.4rc6"
+
+CVE_STATUS[CVE-2019-19533] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-19534] = "fixed-version: Fixed from version 5.4rc7"
+
+CVE_STATUS[CVE-2019-19535] = "fixed-version: Fixed from version 5.3rc4"
+
+CVE_STATUS[CVE-2019-19536] = "fixed-version: Fixed from version 5.3rc4"
+
+CVE_STATUS[CVE-2019-19537] = "fixed-version: Fixed from version 5.3rc5"
+
+CVE_STATUS[CVE-2019-19543] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-19602] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19767] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2019-19768] = "fixed-version: Fixed from version 5.6rc4"
+
+CVE_STATUS[CVE-2019-19769] = "fixed-version: Fixed from version 5.6rc5"
+
+CVE_STATUS[CVE-2019-19770] = "fixed-version: Fixed from version 5.9rc1"
+
+CVE_STATUS[CVE-2019-19807] = "fixed-version: Fixed from version 5.4rc7"
+
+CVE_STATUS[CVE-2019-19813] = "fixed-version: Fixed from version 5.2rc1"
+
+# CVE-2019-19814 has no known resolution
+
+CVE_STATUS[CVE-2019-19815] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2019-19816] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-19922] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-19927] = "fixed-version: Fixed from version 5.1rc6"
+
+CVE_STATUS[CVE-2019-19947] = "fixed-version: Fixed from version 5.5rc3"
+
+CVE_STATUS[CVE-2019-19965] = "fixed-version: Fixed from version 5.5rc2"
+
+CVE_STATUS[CVE-2019-19966] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-1999] = "fixed-version: Fixed from version 5.1rc3"
+
+CVE_STATUS[CVE-2019-20054] = "fixed-version: Fixed from version 5.1rc3"
+
+CVE_STATUS[CVE-2019-20095] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-20096] = "fixed-version: Fixed from version 5.1rc4"
+
+CVE_STATUS[CVE-2019-2024] = "fixed-version: Fixed from version 4.16rc1"
+
+CVE_STATUS[CVE-2019-2025] = "fixed-version: Fixed from version 4.20rc5"
+
+CVE_STATUS[CVE-2019-20422] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-2054] = "fixed-version: Fixed from version 4.8rc1"
+
+CVE_STATUS[CVE-2019-20636] = "fixed-version: Fixed from version 5.5rc6"
+
+# CVE-2019-20794 has no known resolution
+
+CVE_STATUS[CVE-2019-20806] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-20810] = "fixed-version: Fixed from version 5.6rc1"
+
+CVE_STATUS[CVE-2019-20811] = "fixed-version: Fixed from version 5.1rc3"
+
+CVE_STATUS[CVE-2019-20812] = "fixed-version: Fixed from version 5.5rc3"
+
+CVE_STATUS[CVE-2019-20908] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2019-20934] = "fixed-version: Fixed from version 5.3rc2"
+
+CVE_STATUS[CVE-2019-2101] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-2181] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-2182] = "fixed-version: Fixed from version 4.16rc3"
+
+CVE_STATUS[CVE-2019-2213] = "fixed-version: Fixed from version 5.2rc6"
+
+CVE_STATUS[CVE-2019-2214] = "fixed-version: Fixed from version 5.3rc2"
+
+CVE_STATUS[CVE-2019-2215] = "fixed-version: Fixed from version 4.16rc1"
+
+CVE_STATUS[CVE-2019-25044] = "fixed-version: Fixed from version 5.2rc4"
+
+CVE_STATUS[CVE-2019-25045] = "fixed-version: Fixed from version 5.1"
+
+CVE_STATUS[CVE-2019-3016] = "fixed-version: Fixed from version 5.6rc1"
+
+CVE_STATUS[CVE-2019-3459] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-3460] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-3701] = "fixed-version: Fixed from version 5.0rc3"
+
+CVE_STATUS[CVE-2019-3819] = "fixed-version: Fixed from version 5.0rc6"
+
+CVE_STATUS[CVE-2019-3837] = "fixed-version: Fixed from version 3.18rc1"
+
+CVE_STATUS[CVE-2019-3846] = "fixed-version: Fixed from version 5.2rc6"
+
+CVE_STATUS[CVE-2019-3874] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-3882] = "fixed-version: Fixed from version 5.1rc4"
+
+CVE_STATUS[CVE-2019-3887] = "fixed-version: Fixed from version 5.1rc4"
+
+CVE_STATUS[CVE-2019-3892] = "fixed-version: Fixed from version 5.1rc6"
+
+CVE_STATUS[CVE-2019-3896] = "fixed-version: Fixed from version 2.6.35rc1"
+
+CVE_STATUS[CVE-2019-3900] = "fixed-version: Fixed from version 5.2rc4"
+
+CVE_STATUS[CVE-2019-3901] = "fixed-version: Fixed from version 4.6rc6"
+
+CVE_STATUS[CVE-2019-5108] = "fixed-version: Fixed from version 5.3"
+
+# Skipping CVE-2019-5489, no affected_versions
+
+CVE_STATUS[CVE-2019-6133] = "fixed-version: Fixed from version 5.0rc2"
+
+CVE_STATUS[CVE-2019-6974] = "fixed-version: Fixed from version 5.0rc6"
+
+CVE_STATUS[CVE-2019-7221] = "fixed-version: Fixed from version 5.0rc6"
+
+CVE_STATUS[CVE-2019-7222] = "fixed-version: Fixed from version 5.0rc6"
+
+CVE_STATUS[CVE-2019-7308] = "fixed-version: Fixed from version 5.0rc3"
+
+CVE_STATUS[CVE-2019-8912] = "fixed-version: Fixed from version 5.0rc8"
+
+CVE_STATUS[CVE-2019-8956] = "fixed-version: Fixed from version 5.0rc6"
+
+CVE_STATUS[CVE-2019-8980] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-9003] = "fixed-version: Fixed from version 5.0rc4"
+
+CVE_STATUS[CVE-2019-9162] = "fixed-version: Fixed from version 5.0rc7"
+
+CVE_STATUS[CVE-2019-9213] = "fixed-version: Fixed from version 5.0"
+
+CVE_STATUS[CVE-2019-9245] = "fixed-version: Fixed from version 5.0rc1"
+
+CVE_STATUS[CVE-2019-9444] = "fixed-version: Fixed from version 4.15rc2"
+
+CVE_STATUS[CVE-2019-9445] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-9453] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2019-9454] = "fixed-version: Fixed from version 4.15rc9"
+
+CVE_STATUS[CVE-2019-9455] = "fixed-version: Fixed from version 5.0rc1"
+
+CVE_STATUS[CVE-2019-9456] = "fixed-version: Fixed from version 4.16rc6"
+
+CVE_STATUS[CVE-2019-9457] = "fixed-version: Fixed from version 4.13rc1"
+
+CVE_STATUS[CVE-2019-9458] = "fixed-version: Fixed from version 4.19rc7"
+
+CVE_STATUS[CVE-2019-9466] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-9500] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-9503] = "fixed-version: Fixed from version 5.1rc1"
+
+CVE_STATUS[CVE-2019-9506] = "fixed-version: Fixed from version 5.2"
+
+CVE_STATUS[CVE-2019-9857] = "fixed-version: Fixed from version 5.1rc2"
+
+CVE_STATUS[CVE-2020-0009] = "fixed-version: Fixed from version 5.6rc3"
+
+CVE_STATUS[CVE-2020-0030] = "fixed-version: Fixed from version 4.16rc3"
+
+CVE_STATUS[CVE-2020-0041] = "fixed-version: Fixed from version 5.5rc2"
+
+CVE_STATUS[CVE-2020-0066] = "fixed-version: Fixed from version 4.3rc7"
+
+CVE_STATUS[CVE-2020-0067] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2020-0110] = "fixed-version: Fixed from version 5.6rc2"
+
+CVE_STATUS[CVE-2020-0255] = "fixed-version: Fixed from version 5.7rc4"
+
+CVE_STATUS[CVE-2020-0305] = "fixed-version: Fixed from version 5.5rc6"
+
+# CVE-2020-0347 has no known resolution
+
+CVE_STATUS[CVE-2020-0404] = "fixed-version: Fixed from version 5.6rc1"
+
+CVE_STATUS[CVE-2020-0423] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2020-0427] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2020-0429] = "fixed-version: Fixed from version 4.14rc4"
+
+CVE_STATUS[CVE-2020-0430] = "fixed-version: Fixed from version 4.18rc1"
+
+CVE_STATUS[CVE-2020-0431] = "fixed-version: Fixed from version 5.5rc6"
+
+CVE_STATUS[CVE-2020-0432] = "fixed-version: Fixed from version 5.6rc1"
+
+CVE_STATUS[CVE-2020-0433] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2020-0435] = "fixed-version: Fixed from version 4.19rc1"
+
+CVE_STATUS[CVE-2020-0444] = "fixed-version: Fixed from version 5.6rc4"
+
+CVE_STATUS[CVE-2020-0465] = "fixed-version: Fixed from version 5.9rc4"
+
+CVE_STATUS[CVE-2020-0466] = "fixed-version: Fixed from version 5.9rc2"
+
+CVE_STATUS[CVE-2020-0543] = "fixed-version: Fixed from version 5.8rc1"
+
+CVE_STATUS[CVE-2020-10135] = "fixed-version: Fixed from version 5.8rc1"
+
+CVE_STATUS[CVE-2020-10690] = "fixed-version: Fixed from version 5.5rc5"
+
+# CVE-2020-10708 has no known resolution
+
+CVE_STATUS[CVE-2020-10711] = "fixed-version: Fixed from version 5.7rc6"
+
+CVE_STATUS[CVE-2020-10720] = "fixed-version: Fixed from version 5.2rc3"
+
+CVE_STATUS[CVE-2020-10732] = "fixed-version: Fixed from version 5.7"
+
+CVE_STATUS[CVE-2020-10742] = "fixed-version: Fixed from version 3.16rc1"
+
+CVE_STATUS[CVE-2020-10751] = "fixed-version: Fixed from version 5.7rc4"
+
+CVE_STATUS[CVE-2020-10757] = "fixed-version: Fixed from version 5.8rc1"
+
+CVE_STATUS[CVE-2020-10766] = "fixed-version: Fixed from version 5.8rc1"
+
+CVE_STATUS[CVE-2020-10767] = "fixed-version: Fixed from version 5.8rc1"
+
+CVE_STATUS[CVE-2020-10768] = "fixed-version: Fixed from version 5.8rc1"
+
+CVE_STATUS[CVE-2020-10769] = "fixed-version: Fixed from version 5.0rc3"
+
+CVE_STATUS[CVE-2020-10773] = "fixed-version: Fixed from version 5.4rc6"
+
+# CVE-2020-10774 has no known resolution
+
+CVE_STATUS[CVE-2020-10781] = "fixed-version: Fixed from version 5.8rc6"
+
+CVE_STATUS[CVE-2020-10942] = "fixed-version: Fixed from version 5.6rc4"
+
+CVE_STATUS[CVE-2020-11494] = "fixed-version: Fixed from version 5.7rc1"
+
+CVE_STATUS[CVE-2020-11565] = "fixed-version: Fixed from version 5.7rc1"
+
+CVE_STATUS[CVE-2020-11608] = "fixed-version: Fixed from version 5.7rc1"
+
+CVE_STATUS[CVE-2020-11609] = "fixed-version: Fixed from version 5.7rc1"
+
+CVE_STATUS[CVE-2020-11668] = "fixed-version: Fixed from version 5.7rc1"
+
+CVE_STATUS[CVE-2020-11669] = "fixed-version: Fixed from version 5.2rc1"
+
+# CVE-2020-11725 has no known resolution
+
+CVE_STATUS[CVE-2020-11884] = "fixed-version: Fixed from version 5.7rc4"
+
+# CVE-2020-11935 has no known resolution
+
+CVE_STATUS[CVE-2020-12114] = "fixed-version: Fixed from version 5.3rc1"
+
+CVE_STATUS[CVE-2020-12351] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2020-12352] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2020-12362] = "fixed-version: Fixed from version 5.11rc1"
+
+CVE_STATUS[CVE-2020-12363] = "fixed-version: Fixed from version 5.11rc1"
+
+CVE_STATUS[CVE-2020-12364] = "fixed-version: Fixed from version 5.11rc1"
+
+CVE_STATUS[CVE-2020-12464] = "fixed-version: Fixed from version 5.7rc3"
+
+CVE_STATUS[CVE-2020-12465] = "fixed-version: Fixed from version 5.6rc6"
+
+CVE_STATUS[CVE-2020-12652] = "fixed-version: Fixed from version 5.5rc7"
+
+CVE_STATUS[CVE-2020-12653] = "fixed-version: Fixed from version 5.6rc1"
+
+CVE_STATUS[CVE-2020-12654] = "fixed-version: Fixed from version 5.6rc1"
+
+CVE_STATUS[CVE-2020-12655] = "fixed-version: Fixed from version 5.7rc1"
+
+CVE_STATUS[CVE-2020-12656] = "fixed-version: Fixed from version 5.8rc1"
+
+CVE_STATUS[CVE-2020-12657] = "fixed-version: Fixed from version 5.7rc1"
+
+CVE_STATUS[CVE-2020-12659] = "fixed-version: Fixed from version 5.7rc2"
+
+CVE_STATUS[CVE-2020-12768] = "fixed-version: Fixed from version 5.6rc4"
+
+CVE_STATUS[CVE-2020-12769] = "fixed-version: Fixed from version 5.5rc6"
+
+CVE_STATUS[CVE-2020-12770] = "fixed-version: Fixed from version 5.7rc3"
+
+CVE_STATUS[CVE-2020-12771] = "fixed-version: Fixed from version 5.8rc2"
+
+CVE_STATUS[CVE-2020-12826] = "fixed-version: Fixed from version 5.7rc1"
+
+CVE_STATUS[CVE-2020-12888] = "fixed-version: Fixed from version 5.8rc1"
+
+CVE_STATUS[CVE-2020-12912] = "fixed-version: Fixed from version 5.10rc4"
+
+CVE_STATUS[CVE-2020-13143] = "fixed-version: Fixed from version 5.7rc6"
+
+CVE_STATUS[CVE-2020-13974] = "fixed-version: Fixed from version 5.8rc1"
+
+# CVE-2020-14304 has no known resolution
+
+CVE_STATUS[CVE-2020-14305] = "fixed-version: Fixed from version 4.12rc1"
+
+CVE_STATUS[CVE-2020-14314] = "fixed-version: Fixed from version 5.9rc2"
+
+CVE_STATUS[CVE-2020-14331] = "fixed-version: Fixed from version 5.9rc1"
+
+CVE_STATUS[CVE-2020-14351] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2020-14353] = "fixed-version: Fixed from version 4.14rc3"
+
+CVE_STATUS[CVE-2020-14356] = "fixed-version: Fixed from version 5.8rc5"
+
+CVE_STATUS[CVE-2020-14381] = "fixed-version: Fixed from version 5.6rc6"
+
+CVE_STATUS[CVE-2020-14385] = "fixed-version: Fixed from version 5.9rc4"
+
+CVE_STATUS[CVE-2020-14386] = "fixed-version: Fixed from version 5.9rc4"
+
+CVE_STATUS[CVE-2020-14390] = "fixed-version: Fixed from version 5.9rc6"
+
+CVE_STATUS[CVE-2020-14416] = "fixed-version: Fixed from version 5.5"
+
+CVE_STATUS[CVE-2020-15393] = "fixed-version: Fixed from version 5.8rc3"
+
+CVE_STATUS[CVE-2020-15436] = "fixed-version: Fixed from version 5.8rc2"
+
+CVE_STATUS[CVE-2020-15437] = "fixed-version: Fixed from version 5.8rc7"
+
+CVE_STATUS[CVE-2020-15780] = "fixed-version: Fixed from version 5.8rc3"
+
+# CVE-2020-15802 has no known resolution
+
+CVE_STATUS[CVE-2020-15852] = "fixed-version: Fixed from version 5.8rc6"
+
+CVE_STATUS[CVE-2020-16119] = "fixed-version: Fixed from version 5.15rc2"
+
+CVE_STATUS[CVE-2020-16120] = "fixed-version: Fixed from version 5.8rc1"
+
+CVE_STATUS[CVE-2020-16166] = "fixed-version: Fixed from version 5.8"
+
+CVE_STATUS[CVE-2020-1749] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2020-24394] = "fixed-version: Fixed from version 5.8rc4"
+
+CVE_STATUS[CVE-2020-24490] = "fixed-version: Fixed from version 5.8"
+
+# CVE-2020-24502 has no known resolution
+
+# CVE-2020-24503 has no known resolution
+
+CVE_STATUS[CVE-2020-24504] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2020-24586] = "fixed-version: Fixed from version 5.13rc4"
+
+CVE_STATUS[CVE-2020-24587] = "fixed-version: Fixed from version 5.13rc4"
+
+CVE_STATUS[CVE-2020-24588] = "fixed-version: Fixed from version 5.13rc4"
+
+CVE_STATUS[CVE-2020-25211] = "fixed-version: Fixed from version 5.9rc7"
+
+CVE_STATUS[CVE-2020-25212] = "fixed-version: Fixed from version 5.9rc1"
+
+# CVE-2020-25220 has no known resolution
+
+CVE_STATUS[CVE-2020-25221] = "fixed-version: Fixed from version 5.9rc4"
+
+CVE_STATUS[CVE-2020-25284] = "fixed-version: Fixed from version 5.9rc5"
+
+CVE_STATUS[CVE-2020-25285] = "fixed-version: Fixed from version 5.9rc4"
+
+CVE_STATUS[CVE-2020-25639] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2020-25641] = "fixed-version: Fixed from version 5.9rc4"
+
+CVE_STATUS[CVE-2020-25643] = "fixed-version: Fixed from version 5.9rc7"
+
+CVE_STATUS[CVE-2020-25645] = "fixed-version: Fixed from version 5.9rc7"
+
+CVE_STATUS[CVE-2020-25656] = "fixed-version: Fixed from version 5.10rc2"
+
+# CVE-2020-25661 has no known resolution
+
+# CVE-2020-25662 has no known resolution
+
+CVE_STATUS[CVE-2020-25668] = "fixed-version: Fixed from version 5.10rc3"
+
+CVE_STATUS[CVE-2020-25669] = "fixed-version: Fixed from version 5.10rc5"
+
+CVE_STATUS[CVE-2020-25670] = "fixed-version: Fixed from version 5.12rc7"
+
+CVE_STATUS[CVE-2020-25671] = "fixed-version: Fixed from version 5.12rc7"
+
+CVE_STATUS[CVE-2020-25672] = "fixed-version: Fixed from version 5.12rc7"
+
+CVE_STATUS[CVE-2020-25673] = "fixed-version: Fixed from version 5.12rc7"
+
+CVE_STATUS[CVE-2020-25704] = "fixed-version: Fixed from version 5.10rc3"
+
+CVE_STATUS[CVE-2020-25705] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2020-26088] = "fixed-version: Fixed from version 5.9rc1"
+
+CVE_STATUS[CVE-2020-26139] = "fixed-version: Fixed from version 5.13rc4"
+
+# CVE-2020-26140 has no known resolution
+
+CVE_STATUS[CVE-2020-26141] = "fixed-version: Fixed from version 5.13rc4"
+
+# CVE-2020-26142 has no known resolution
+
+# CVE-2020-26143 has no known resolution
+
+CVE_STATUS[CVE-2020-26145] = "fixed-version: Fixed from version 5.13rc4"
+
+CVE_STATUS[CVE-2020-26147] = "fixed-version: Fixed from version 5.13rc4"
+
+CVE_STATUS[CVE-2020-26541] = "fixed-version: Fixed from version 5.13rc1"
+
+CVE_STATUS[CVE-2020-26555] = "fixed-version: Fixed from version 5.13rc1"
+
+# CVE-2020-26556 has no known resolution
+
+# CVE-2020-26557 has no known resolution
+
+CVE_STATUS[CVE-2020-26558] = "fixed-version: Fixed from version 5.13rc1"
+
+# CVE-2020-26559 has no known resolution
+
+# CVE-2020-26560 has no known resolution
+
+CVE_STATUS[CVE-2020-27066] = "fixed-version: Fixed from version 5.6"
+
+CVE_STATUS[CVE-2020-27067] = "fixed-version: Fixed from version 4.14rc4"
+
+CVE_STATUS[CVE-2020-27068] = "fixed-version: Fixed from version 5.6rc2"
+
+CVE_STATUS[CVE-2020-27152] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2020-27170] = "fixed-version: Fixed from version 5.12rc5"
+
+CVE_STATUS[CVE-2020-27171] = "fixed-version: Fixed from version 5.12rc5"
+
+CVE_STATUS[CVE-2020-27194] = "fixed-version: Fixed from version 5.9"
+
+CVE_STATUS[CVE-2020-2732] = "fixed-version: Fixed from version 5.6rc4"
+
+# CVE-2020-27418 has no known resolution
+
+CVE_STATUS[CVE-2020-27673] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2020-27675] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2020-27777] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2020-27784] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2020-27786] = "fixed-version: Fixed from version 5.7rc6"
+
+CVE_STATUS[CVE-2020-27815] = "fixed-version: Fixed from version 5.11rc1"
+
+CVE_STATUS[CVE-2020-27820] = "fixed-version: Fixed from version 5.16rc1"
+
+CVE_STATUS[CVE-2020-27825] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2020-27830] = "fixed-version: Fixed from version 5.10rc7"
+
+CVE_STATUS[CVE-2020-27835] = "fixed-version: Fixed from version 5.10rc6"
+
+CVE_STATUS[CVE-2020-28097] = "fixed-version: Fixed from version 5.9rc6"
+
+CVE_STATUS[CVE-2020-28374] = "fixed-version: Fixed from version 5.11rc4"
+
+CVE_STATUS[CVE-2020-28588] = "fixed-version: Fixed from version 5.10rc7"
+
+CVE_STATUS[CVE-2020-28915] = "fixed-version: Fixed from version 5.9"
+
+CVE_STATUS[CVE-2020-28941] = "fixed-version: Fixed from version 5.10rc5"
+
+CVE_STATUS[CVE-2020-28974] = "fixed-version: Fixed from version 5.10rc3"
+
+CVE_STATUS[CVE-2020-29368] = "fixed-version: Fixed from version 5.8rc1"
+
+CVE_STATUS[CVE-2020-29369] = "fixed-version: Fixed from version 5.8rc7"
+
+CVE_STATUS[CVE-2020-29370] = "fixed-version: Fixed from version 5.6rc7"
+
+CVE_STATUS[CVE-2020-29371] = "fixed-version: Fixed from version 5.9rc2"
+
+CVE_STATUS[CVE-2020-29372] = "fixed-version: Fixed from version 5.7rc3"
+
+CVE_STATUS[CVE-2020-29373] = "fixed-version: Fixed from version 5.6rc2"
+
+CVE_STATUS[CVE-2020-29374] = "fixed-version: Fixed from version 5.8rc1"
+
+CVE_STATUS[CVE-2020-29534] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2020-29568] = "fixed-version: Fixed from version 5.11rc1"
+
+CVE_STATUS[CVE-2020-29569] = "fixed-version: Fixed from version 5.11rc1"
+
+CVE_STATUS[CVE-2020-29660] = "fixed-version: Fixed from version 5.10rc7"
+
+CVE_STATUS[CVE-2020-29661] = "fixed-version: Fixed from version 5.10rc7"
+
+CVE_STATUS[CVE-2020-35499] = "fixed-version: Fixed from version 5.11rc1"
+
+# CVE-2020-35501 has no known resolution
+
+CVE_STATUS[CVE-2020-35508] = "fixed-version: Fixed from version 5.10rc3"
+
+CVE_STATUS[CVE-2020-35513] = "fixed-version: Fixed from version 4.17rc1"
+
+CVE_STATUS[CVE-2020-35519] = "fixed-version: Fixed from version 5.10rc7"
+
+CVE_STATUS[CVE-2020-36158] = "fixed-version: Fixed from version 5.11rc1"
+
+CVE_STATUS[CVE-2020-36310] = "fixed-version: Fixed from version 5.8rc1"
+
+CVE_STATUS[CVE-2020-36311] = "fixed-version: Fixed from version 5.9rc5"
+
+CVE_STATUS[CVE-2020-36312] = "fixed-version: Fixed from version 5.9rc5"
+
+CVE_STATUS[CVE-2020-36313] = "fixed-version: Fixed from version 5.7rc1"
+
+CVE_STATUS[CVE-2020-36322] = "fixed-version: Fixed from version 5.11rc1"
+
+CVE_STATUS[CVE-2020-36385] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2020-36386] = "fixed-version: Fixed from version 5.9rc1"
+
+CVE_STATUS[CVE-2020-36387] = "fixed-version: Fixed from version 5.9rc1"
+
+CVE_STATUS[CVE-2020-36516] = "fixed-version: Fixed from version 5.17rc2"
+
+CVE_STATUS[CVE-2020-36557] = "fixed-version: Fixed from version 5.7rc1"
+
+CVE_STATUS[CVE-2020-36558] = "fixed-version: Fixed from version 5.6rc3"
+
+CVE_STATUS[CVE-2020-36691] = "fixed-version: Fixed from version 5.8rc1"
+
+CVE_STATUS[CVE-2020-36694] = "fixed-version: Fixed from version 5.10"
+
+CVE_STATUS[CVE-2020-36766] = "fixed-version: Fixed from version 5.9rc1"
+
+CVE_STATUS[CVE-2020-3702] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2020-4788] = "fixed-version: Fixed from version 5.10rc5"
+
+CVE_STATUS[CVE-2020-7053] = "fixed-version: Fixed from version 5.2rc1"
+
+CVE_STATUS[CVE-2020-8428] = "fixed-version: Fixed from version 5.5"
+
+CVE_STATUS[CVE-2020-8647] = "fixed-version: Fixed from version 5.6rc5"
+
+CVE_STATUS[CVE-2020-8648] = "fixed-version: Fixed from version 5.6rc3"
+
+CVE_STATUS[CVE-2020-8649] = "fixed-version: Fixed from version 5.6rc5"
+
+CVE_STATUS[CVE-2020-8694] = "fixed-version: Fixed from version 5.10rc4"
+
+# CVE-2020-8832 has no known resolution
+
+CVE_STATUS[CVE-2020-8834] = "fixed-version: Fixed from version 4.18rc1"
+
+CVE_STATUS[CVE-2020-8835] = "fixed-version: Fixed from version 5.7rc1"
+
+CVE_STATUS[CVE-2020-8992] = "fixed-version: Fixed from version 5.6rc2"
+
+CVE_STATUS[CVE-2020-9383] = "fixed-version: Fixed from version 5.6rc4"
+
+CVE_STATUS[CVE-2020-9391] = "fixed-version: Fixed from version 5.6rc3"
+
+CVE_STATUS[CVE-2021-0129] = "fixed-version: Fixed from version 5.13rc1"
+
+CVE_STATUS[CVE-2021-0342] = "fixed-version: Fixed from version 5.8rc1"
+
+# CVE-2021-0399 has no known resolution
+
+CVE_STATUS[CVE-2021-0447] = "fixed-version: Fixed from version 4.15rc1"
+
+CVE_STATUS[CVE-2021-0448] = "fixed-version: Fixed from version 5.9rc7"
+
+CVE_STATUS[CVE-2021-0512] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2021-0605] = "fixed-version: Fixed from version 5.8"
+
+# CVE-2021-0606 has no known resolution
+
+# CVE-2021-0695 has no known resolution
+
+CVE_STATUS[CVE-2021-0707] = "fixed-version: Fixed from version 5.11rc3"
+
+CVE_STATUS[CVE-2021-0920] = "fixed-version: Fixed from version 5.14rc4"
+
+# CVE-2021-0924 has no known resolution
+
+CVE_STATUS[CVE-2021-0929] = "fixed-version: Fixed from version 5.6rc1"
+
+CVE_STATUS[CVE-2021-0935] = "fixed-version: Fixed from version 4.16rc7"
+
+# CVE-2021-0936 has no known resolution
+
+CVE_STATUS[CVE-2021-0937] = "fixed-version: Fixed from version 5.12rc8"
+
+CVE_STATUS[CVE-2021-0938] = "fixed-version: Fixed from version 5.10rc4"
+
+CVE_STATUS[CVE-2021-0941] = "fixed-version: Fixed from version 5.12rc1"
+
+# CVE-2021-0961 has no known resolution
+
+CVE_STATUS[CVE-2021-1048] = "fixed-version: Fixed from version 5.9rc4"
+
+CVE_STATUS[CVE-2021-20177] = "fixed-version: Fixed from version 5.5rc1"
+
+CVE_STATUS[CVE-2021-20194] = "fixed-version: Fixed from version 5.10rc1"
+
+# CVE-2021-20219 has no known resolution
+
+CVE_STATUS[CVE-2021-20226] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2021-20239] = "fixed-version: Fixed from version 5.9rc1"
+
+CVE_STATUS[CVE-2021-20261] = "fixed-version: Fixed from version 4.5rc5"
+
+CVE_STATUS[CVE-2021-20265] = "fixed-version: Fixed from version 4.5rc3"
+
+CVE_STATUS[CVE-2021-20268] = "fixed-version: Fixed from version 5.11rc5"
+
+CVE_STATUS[CVE-2021-20292] = "fixed-version: Fixed from version 5.9rc1"
+
+CVE_STATUS[CVE-2021-20317] = "fixed-version: Fixed from version 5.4rc1"
+
+CVE_STATUS[CVE-2021-20320] = "fixed-version: Fixed from version 5.15rc3"
+
+CVE_STATUS[CVE-2021-20321] = "fixed-version: Fixed from version 5.15rc5"
+
+CVE_STATUS[CVE-2021-20322] = "fixed-version: Fixed from version 5.15rc1"
+
+CVE_STATUS[CVE-2021-21781] = "fixed-version: Fixed from version 5.11rc7"
+
+CVE_STATUS[CVE-2021-22543] = "fixed-version: Fixed from version 5.13"
+
+CVE_STATUS[CVE-2021-22555] = "fixed-version: Fixed from version 5.12rc8"
+
+CVE_STATUS[CVE-2021-22600] = "fixed-version: Fixed from version 5.16rc6"
+
+CVE_STATUS[CVE-2021-23133] = "fixed-version: Fixed from version 5.12rc8"
+
+CVE_STATUS[CVE-2021-23134] = "fixed-version: Fixed from version 5.13rc1"
+
+CVE_STATUS[CVE-2021-26401] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2021-26708] = "fixed-version: Fixed from version 5.11rc7"
+
+CVE_STATUS[CVE-2021-26930] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2021-26931] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2021-26932] = "fixed-version: Fixed from version 5.12rc1"
+
+# CVE-2021-26934 has no known resolution
+
+CVE_STATUS[CVE-2021-27363] = "fixed-version: Fixed from version 5.12rc2"
+
+CVE_STATUS[CVE-2021-27364] = "fixed-version: Fixed from version 5.12rc2"
+
+CVE_STATUS[CVE-2021-27365] = "fixed-version: Fixed from version 5.12rc2"
+
+CVE_STATUS[CVE-2021-28038] = "fixed-version: Fixed from version 5.12rc2"
+
+CVE_STATUS[CVE-2021-28039] = "fixed-version: Fixed from version 5.12rc2"
+
+CVE_STATUS[CVE-2021-28375] = "fixed-version: Fixed from version 5.12rc3"
+
+CVE_STATUS[CVE-2021-28660] = "fixed-version: Fixed from version 5.12rc3"
+
+CVE_STATUS[CVE-2021-28688] = "fixed-version: Fixed from version 5.12rc6"
+
+CVE_STATUS[CVE-2021-28691] = "fixed-version: Fixed from version 5.13rc6"
+
+CVE_STATUS[CVE-2021-28711] = "fixed-version: Fixed from version 5.16rc7"
+
+CVE_STATUS[CVE-2021-28712] = "fixed-version: Fixed from version 5.16rc7"
+
+CVE_STATUS[CVE-2021-28713] = "fixed-version: Fixed from version 5.16rc7"
+
+CVE_STATUS[CVE-2021-28714] = "fixed-version: Fixed from version 5.16rc7"
+
+CVE_STATUS[CVE-2021-28715] = "fixed-version: Fixed from version 5.16rc7"
+
+CVE_STATUS[CVE-2021-28950] = "fixed-version: Fixed from version 5.12rc4"
+
+CVE_STATUS[CVE-2021-28951] = "fixed-version: Fixed from version 5.12rc2"
+
+CVE_STATUS[CVE-2021-28952] = "fixed-version: Fixed from version 5.12rc4"
+
+CVE_STATUS[CVE-2021-28964] = "fixed-version: Fixed from version 5.12rc4"
+
+CVE_STATUS[CVE-2021-28971] = "fixed-version: Fixed from version 5.12rc4"
+
+CVE_STATUS[CVE-2021-28972] = "fixed-version: Fixed from version 5.12rc4"
+
+CVE_STATUS[CVE-2021-29154] = "fixed-version: Fixed from version 5.12rc7"
+
+CVE_STATUS[CVE-2021-29155] = "fixed-version: Fixed from version 5.12rc8"
+
+CVE_STATUS[CVE-2021-29264] = "fixed-version: Fixed from version 5.12rc3"
+
+CVE_STATUS[CVE-2021-29265] = "fixed-version: Fixed from version 5.12rc3"
+
+CVE_STATUS[CVE-2021-29266] = "fixed-version: Fixed from version 5.12rc4"
+
+CVE_STATUS[CVE-2021-29646] = "fixed-version: Fixed from version 5.12rc5"
+
+CVE_STATUS[CVE-2021-29647] = "fixed-version: Fixed from version 5.12rc5"
+
+CVE_STATUS[CVE-2021-29648] = "fixed-version: Fixed from version 5.12rc5"
+
+CVE_STATUS[CVE-2021-29649] = "fixed-version: Fixed from version 5.12rc5"
+
+CVE_STATUS[CVE-2021-29650] = "fixed-version: Fixed from version 5.12rc5"
+
+CVE_STATUS[CVE-2021-29657] = "fixed-version: Fixed from version 5.12rc6"
+
+CVE_STATUS[CVE-2021-30002] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2021-30178] = "fixed-version: Fixed from version 5.12rc2"
+
+CVE_STATUS[CVE-2021-31440] = "fixed-version: Fixed from version 5.13rc1"
+
+CVE_STATUS[CVE-2021-3178] = "fixed-version: Fixed from version 5.11rc5"
+
+CVE_STATUS[CVE-2021-31829] = "fixed-version: Fixed from version 5.13rc1"
+
+CVE_STATUS[CVE-2021-31916] = "fixed-version: Fixed from version 5.12rc5"
+
+CVE_STATUS[CVE-2021-32078] = "fixed-version: Fixed from version 5.13rc1"
+
+CVE_STATUS[CVE-2021-32399] = "fixed-version: Fixed from version 5.13rc1"
+
+CVE_STATUS[CVE-2021-32606] = "fixed-version: Fixed from version 5.13rc4"
+
+CVE_STATUS[CVE-2021-33033] = "fixed-version: Fixed from version 5.12rc3"
+
+CVE_STATUS[CVE-2021-33034] = "fixed-version: Fixed from version 5.13rc1"
+
+CVE_STATUS[CVE-2021-33061] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2021-33098] = "fixed-version: Fixed from version 5.13rc4"
+
+CVE_STATUS[CVE-2021-33135] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2021-33200] = "fixed-version: Fixed from version 5.13rc4"
+
+CVE_STATUS[CVE-2021-3347] = "fixed-version: Fixed from version 5.11rc6"
+
+CVE_STATUS[CVE-2021-3348] = "fixed-version: Fixed from version 5.11rc6"
+
+CVE_STATUS[CVE-2021-33624] = "fixed-version: Fixed from version 5.13rc7"
+
+CVE_STATUS[CVE-2021-33655] = "fixed-version: Fixed from version 5.19rc6"
+
+CVE_STATUS[CVE-2021-33656] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2021-33909] = "fixed-version: Fixed from version 5.14rc3"
+
+CVE_STATUS[CVE-2021-3411] = "fixed-version: Fixed from version 5.10"
+
+CVE_STATUS[CVE-2021-3428] = "fixed-version: Fixed from version 5.9rc2"
+
+CVE_STATUS[CVE-2021-3444] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2021-34556] = "fixed-version: Fixed from version 5.14rc4"
+
+CVE_STATUS[CVE-2021-34693] = "fixed-version: Fixed from version 5.13rc7"
+
+CVE_STATUS[CVE-2021-3483] = "fixed-version: Fixed from version 5.12rc6"
+
+CVE_STATUS[CVE-2021-34866] = "fixed-version: Fixed from version 5.14"
+
+CVE_STATUS[CVE-2021-3489] = "fixed-version: Fixed from version 5.13rc4"
+
+CVE_STATUS[CVE-2021-3490] = "fixed-version: Fixed from version 5.13rc4"
+
+CVE_STATUS[CVE-2021-3491] = "fixed-version: Fixed from version 5.13rc1"
+
+# CVE-2021-3492 has no known resolution
+
+CVE_STATUS[CVE-2021-3493] = "fixed-version: Fixed from version 5.11rc1"
+
+CVE_STATUS[CVE-2021-34981] = "fixed-version: Fixed from version 5.14rc1"
+
+CVE_STATUS[CVE-2021-3501] = "fixed-version: Fixed from version 5.12rc8"
+
+CVE_STATUS[CVE-2021-35039] = "fixed-version: Fixed from version 5.13"
+
+CVE_STATUS[CVE-2021-3506] = "fixed-version: Fixed from version 5.13rc1"
+
+# CVE-2021-3542 has no known resolution
+
+CVE_STATUS[CVE-2021-3543] = "fixed-version: Fixed from version 5.13rc1"
+
+CVE_STATUS[CVE-2021-35477] = "fixed-version: Fixed from version 5.14rc4"
+
+CVE_STATUS[CVE-2021-3564] = "fixed-version: Fixed from version 5.13rc5"
+
+CVE_STATUS[CVE-2021-3573] = "fixed-version: Fixed from version 5.13rc5"
+
+CVE_STATUS[CVE-2021-3587] = "fixed-version: Fixed from version 5.13rc5"
+
+CVE_STATUS[CVE-2021-3600] = "fixed-version: Fixed from version 5.11"
+
+CVE_STATUS[CVE-2021-3609] = "fixed-version: Fixed from version 5.14rc1"
+
+CVE_STATUS[CVE-2021-3612] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2021-3635] = "fixed-version: Fixed from version 5.5rc7"
+
+CVE_STATUS[CVE-2021-3640] = "fixed-version: Fixed from version 5.16rc1"
+
+CVE_STATUS[CVE-2021-3653] = "fixed-version: Fixed from version 5.14rc7"
+
+CVE_STATUS[CVE-2021-3655] = "fixed-version: Fixed from version 5.14rc1"
+
+CVE_STATUS[CVE-2021-3656] = "fixed-version: Fixed from version 5.14rc7"
+
+CVE_STATUS[CVE-2021-3659] = "fixed-version: Fixed from version 5.12rc7"
+
+CVE_STATUS[CVE-2021-3669] = "fixed-version: Fixed from version 5.15rc1"
+
+CVE_STATUS[CVE-2021-3679] = "fixed-version: Fixed from version 5.14rc3"
+
+# CVE-2021-3714 has no known resolution
+
+CVE_STATUS[CVE-2021-3715] = "fixed-version: Fixed from version 5.6"
+
+CVE_STATUS[CVE-2021-37159] = "fixed-version: Fixed from version 5.14rc3"
+
+CVE_STATUS[CVE-2021-3732] = "fixed-version: Fixed from version 5.14rc6"
+
+CVE_STATUS[CVE-2021-3736] = "fixed-version: Fixed from version 5.15rc1"
+
+CVE_STATUS[CVE-2021-3739] = "fixed-version: Fixed from version 5.15rc1"
+
+CVE_STATUS[CVE-2021-3743] = "fixed-version: Fixed from version 5.13rc7"
+
+CVE_STATUS[CVE-2021-3744] = "fixed-version: Fixed from version 5.15rc4"
+
+CVE_STATUS[CVE-2021-3752] = "fixed-version: Fixed from version 5.16rc1"
+
+CVE_STATUS[CVE-2021-3753] = "fixed-version: Fixed from version 5.15rc1"
+
+CVE_STATUS[CVE-2021-37576] = "fixed-version: Fixed from version 5.14rc3"
+
+CVE_STATUS[CVE-2021-3759] = "fixed-version: Fixed from version 5.15rc1"
+
+CVE_STATUS[CVE-2021-3760] = "fixed-version: Fixed from version 5.15rc6"
+
+CVE_STATUS[CVE-2021-3764] = "fixed-version: Fixed from version 5.15rc4"
+
+CVE_STATUS[CVE-2021-3772] = "fixed-version: Fixed from version 5.15"
+
+CVE_STATUS[CVE-2021-38160] = "fixed-version: Fixed from version 5.14rc1"
+
+CVE_STATUS[CVE-2021-38166] = "fixed-version: Fixed from version 5.14rc6"
+
+CVE_STATUS[CVE-2021-38198] = "fixed-version: Fixed from version 5.13rc6"
+
+CVE_STATUS[CVE-2021-38199] = "fixed-version: Fixed from version 5.14rc1"
+
+CVE_STATUS[CVE-2021-38200] = "fixed-version: Fixed from version 5.13rc7"
+
+CVE_STATUS[CVE-2021-38201] = "fixed-version: Fixed from version 5.14rc1"
+
+CVE_STATUS[CVE-2021-38202] = "fixed-version: Fixed from version 5.14rc1"
+
+CVE_STATUS[CVE-2021-38203] = "fixed-version: Fixed from version 5.14rc2"
+
+CVE_STATUS[CVE-2021-38204] = "fixed-version: Fixed from version 5.14rc3"
+
+CVE_STATUS[CVE-2021-38205] = "fixed-version: Fixed from version 5.14rc1"
+
+CVE_STATUS[CVE-2021-38206] = "fixed-version: Fixed from version 5.13rc7"
+
+CVE_STATUS[CVE-2021-38207] = "fixed-version: Fixed from version 5.13rc7"
+
+CVE_STATUS[CVE-2021-38208] = "fixed-version: Fixed from version 5.13rc5"
+
+CVE_STATUS[CVE-2021-38209] = "fixed-version: Fixed from version 5.13rc1"
+
+CVE_STATUS[CVE-2021-38300] = "fixed-version: Fixed from version 5.15rc4"
+
+# CVE-2021-3847 has no known resolution
+
+# CVE-2021-3864 has no known resolution
+
+# CVE-2021-3892 has no known resolution
+
+CVE_STATUS[CVE-2021-3894] = "fixed-version: Fixed from version 5.15rc6"
+
+CVE_STATUS[CVE-2021-3896] = "fixed-version: Fixed from version 5.15rc6"
+
+CVE_STATUS[CVE-2021-3923] = "fixed-version: Fixed from version 5.16"
+
+CVE_STATUS[CVE-2021-39633] = "fixed-version: Fixed from version 5.14"
+
+CVE_STATUS[CVE-2021-39634] = "fixed-version: Fixed from version 5.9rc8"
+
+CVE_STATUS[CVE-2021-39636] = "fixed-version: Fixed from version 4.16rc1"
+
+CVE_STATUS[CVE-2021-39648] = "fixed-version: Fixed from version 5.11rc3"
+
+CVE_STATUS[CVE-2021-39656] = "fixed-version: Fixed from version 5.12rc3"
+
+CVE_STATUS[CVE-2021-39657] = "fixed-version: Fixed from version 5.11rc4"
+
+CVE_STATUS[CVE-2021-39685] = "fixed-version: Fixed from version 5.16rc5"
+
+CVE_STATUS[CVE-2021-39686] = "fixed-version: Fixed from version 5.16rc1"
+
+CVE_STATUS[CVE-2021-39698] = "fixed-version: Fixed from version 5.16rc5"
+
+CVE_STATUS[CVE-2021-39711] = "fixed-version: Fixed from version 4.18rc6"
+
+CVE_STATUS[CVE-2021-39713] = "fixed-version: Fixed from version 4.20rc1"
+
+CVE_STATUS[CVE-2021-39714] = "fixed-version: Fixed from version 4.12rc1"
+
+# CVE-2021-39800 has no known resolution
+
+# CVE-2021-39801 has no known resolution
+
+# CVE-2021-39802 has no known resolution
+
+CVE_STATUS[CVE-2021-4001] = "fixed-version: Fixed from version 5.16rc2"
+
+CVE_STATUS[CVE-2021-4002] = "fixed-version: Fixed from version 5.16rc3"
+
+CVE_STATUS[CVE-2021-4023] = "fixed-version: Fixed from version 5.15rc1"
+
+CVE_STATUS[CVE-2021-4028] = "fixed-version: Fixed from version 5.15rc4"
+
+CVE_STATUS[CVE-2021-4032] = "fixed-version: Fixed from version 5.15rc7"
+
+CVE_STATUS[CVE-2021-4037] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2021-40490] = "fixed-version: Fixed from version 5.15rc1"
+
+CVE_STATUS[CVE-2021-4083] = "fixed-version: Fixed from version 5.16rc4"
+
+CVE_STATUS[CVE-2021-4090] = "fixed-version: Fixed from version 5.16rc2"
+
+CVE_STATUS[CVE-2021-4093] = "fixed-version: Fixed from version 5.15rc7"
+
+CVE_STATUS[CVE-2021-4095] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2021-41073] = "fixed-version: Fixed from version 5.15rc2"
+
+CVE_STATUS[CVE-2021-4135] = "fixed-version: Fixed from version 5.16rc6"
+
+CVE_STATUS[CVE-2021-4148] = "fixed-version: Fixed from version 5.15"
+
+CVE_STATUS[CVE-2021-4149] = "fixed-version: Fixed from version 5.15rc6"
+
+CVE_STATUS[CVE-2021-4150] = "fixed-version: Fixed from version 5.15rc7"
+
+CVE_STATUS[CVE-2021-4154] = "fixed-version: Fixed from version 5.14rc2"
+
+CVE_STATUS[CVE-2021-4155] = "fixed-version: Fixed from version 5.16"
+
+CVE_STATUS[CVE-2021-4157] = "fixed-version: Fixed from version 5.13rc1"
+
+CVE_STATUS[CVE-2021-4159] = "fixed-version: Fixed from version 5.7rc1"
+
+CVE_STATUS[CVE-2021-41864] = "fixed-version: Fixed from version 5.15rc5"
+
+CVE_STATUS[CVE-2021-4197] = "fixed-version: Fixed from version 5.16"
+
+CVE_STATUS[CVE-2021-42008] = "fixed-version: Fixed from version 5.14rc7"
+
+CVE_STATUS[CVE-2021-4202] = "fixed-version: Fixed from version 5.16rc2"
+
+CVE_STATUS[CVE-2021-4203] = "fixed-version: Fixed from version 5.15rc4"
+
+CVE_STATUS[CVE-2021-4204] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2021-4218] = "fixed-version: Fixed from version 5.8rc1"
+
+CVE_STATUS[CVE-2021-42252] = "fixed-version: Fixed from version 5.15rc1"
+
+CVE_STATUS[CVE-2021-42327] = "fixed-version: Fixed from version 5.15"
+
+CVE_STATUS[CVE-2021-42739] = "fixed-version: Fixed from version 5.16rc1"
+
+CVE_STATUS[CVE-2021-43056] = "fixed-version: Fixed from version 5.15rc6"
+
+CVE_STATUS[CVE-2021-43057] = "fixed-version: Fixed from version 5.15rc3"
+
+CVE_STATUS[CVE-2021-43267] = "fixed-version: Fixed from version 5.15"
+
+CVE_STATUS[CVE-2021-43389] = "fixed-version: Fixed from version 5.15rc6"
+
+CVE_STATUS[CVE-2021-43975] = "fixed-version: Fixed from version 5.16rc2"
+
+CVE_STATUS[CVE-2021-43976] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2021-44733] = "fixed-version: Fixed from version 5.16rc7"
+
+CVE_STATUS[CVE-2021-44879] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2021-45095] = "fixed-version: Fixed from version 5.16rc6"
+
+CVE_STATUS[CVE-2021-45100] = "fixed-version: Fixed from version 5.16rc7"
+
+CVE_STATUS[CVE-2021-45402] = "fixed-version: Fixed from version 5.16rc6"
+
+CVE_STATUS[CVE-2021-45469] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2021-45480] = "fixed-version: Fixed from version 5.16rc6"
+
+CVE_STATUS[CVE-2021-45485] = "fixed-version: Fixed from version 5.14rc1"
+
+CVE_STATUS[CVE-2021-45486] = "fixed-version: Fixed from version 5.13rc1"
+
+CVE_STATUS[CVE-2021-45868] = "fixed-version: Fixed from version 5.16rc1"
+
+CVE_STATUS[CVE-2021-46283] = "fixed-version: Fixed from version 5.13rc7"
+
+CVE_STATUS[CVE-2022-0001] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2022-0002] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2022-0168] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-0171] = "fixed-version: Fixed from version 5.18rc4"
+
+CVE_STATUS[CVE-2022-0185] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2022-0264] = "fixed-version: Fixed from version 5.16rc6"
+
+CVE_STATUS[CVE-2022-0286] = "fixed-version: Fixed from version 5.14rc2"
+
+CVE_STATUS[CVE-2022-0322] = "fixed-version: Fixed from version 5.15rc6"
+
+CVE_STATUS[CVE-2022-0330] = "fixed-version: Fixed from version 5.17rc2"
+
+CVE_STATUS[CVE-2022-0382] = "fixed-version: Fixed from version 5.16"
+
+# CVE-2022-0400 has no known resolution
+
+CVE_STATUS[CVE-2022-0433] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2022-0435] = "fixed-version: Fixed from version 5.17rc4"
+
+CVE_STATUS[CVE-2022-0480] = "fixed-version: Fixed from version 5.15rc1"
+
+CVE_STATUS[CVE-2022-0487] = "fixed-version: Fixed from version 5.17rc4"
+
+CVE_STATUS[CVE-2022-0492] = "fixed-version: Fixed from version 5.17rc3"
+
+CVE_STATUS[CVE-2022-0494] = "fixed-version: Fixed from version 5.17rc5"
+
+CVE_STATUS[CVE-2022-0500] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2022-0516] = "fixed-version: Fixed from version 5.17rc4"
+
+CVE_STATUS[CVE-2022-0617] = "fixed-version: Fixed from version 5.17rc2"
+
+CVE_STATUS[CVE-2022-0644] = "fixed-version: Fixed from version 5.15rc7"
+
+CVE_STATUS[CVE-2022-0646] = "fixed-version: Fixed from version 5.17rc5"
+
+CVE_STATUS[CVE-2022-0742] = "fixed-version: Fixed from version 5.17rc7"
+
+CVE_STATUS[CVE-2022-0812] = "fixed-version: Fixed from version 5.8rc6"
+
+CVE_STATUS[CVE-2022-0847] = "fixed-version: Fixed from version 5.17rc6"
+
+CVE_STATUS[CVE-2022-0850] = "fixed-version: Fixed from version 5.14rc1"
+
+CVE_STATUS[CVE-2022-0854] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2022-0995] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2022-0998] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2022-1011] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2022-1012] = "fixed-version: Fixed from version 5.18rc6"
+
+CVE_STATUS[CVE-2022-1015] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-1016] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-1043] = "fixed-version: Fixed from version 5.14rc7"
+
+CVE_STATUS[CVE-2022-1048] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-1055] = "fixed-version: Fixed from version 5.17rc3"
+
+# CVE-2022-1116 has no known resolution
+
+CVE_STATUS[CVE-2022-1158] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-1184] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-1195] = "fixed-version: Fixed from version 5.16rc7"
+
+CVE_STATUS[CVE-2022-1198] = "fixed-version: Fixed from version 5.17rc6"
+
+CVE_STATUS[CVE-2022-1199] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2022-1204] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-1205] = "fixed-version: Fixed from version 5.18rc1"
+
+# CVE-2022-1247 has no known resolution
+
+CVE_STATUS[CVE-2022-1263] = "fixed-version: Fixed from version 5.18rc3"
+
+CVE_STATUS[CVE-2022-1280] = "fixed-version: Fixed from version 5.15rc1"
+
+CVE_STATUS[CVE-2022-1353] = "fixed-version: Fixed from version 5.17"
+
+CVE_STATUS[CVE-2022-1419] = "fixed-version: Fixed from version 5.6rc2"
+
+CVE_STATUS[CVE-2022-1462] = "fixed-version: Fixed from version 5.19rc7"
+
+CVE_STATUS[CVE-2022-1508] = "fixed-version: Fixed from version 5.15rc1"
+
+CVE_STATUS[CVE-2022-1516] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-1651] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-1652] = "fixed-version: Fixed from version 5.18rc6"
+
+CVE_STATUS[CVE-2022-1671] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-1678] = "fixed-version: Fixed from version 4.20rc1"
+
+CVE_STATUS[CVE-2022-1679] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-1729] = "fixed-version: Fixed from version 5.18"
+
+CVE_STATUS[CVE-2022-1734] = "fixed-version: Fixed from version 5.18rc6"
+
+CVE_STATUS[CVE-2022-1786] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2022-1789] = "fixed-version: Fixed from version 5.18"
+
+CVE_STATUS[CVE-2022-1836] = "fixed-version: Fixed from version 5.18rc5"
+
+CVE_STATUS[CVE-2022-1852] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-1882] = "fixed-version: Fixed from version 5.19rc8"
+
+CVE_STATUS[CVE-2022-1943] = "fixed-version: Fixed from version 5.18rc7"
+
+CVE_STATUS[CVE-2022-1966] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-1972] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-1973] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-1974] = "fixed-version: Fixed from version 5.18rc6"
+
+CVE_STATUS[CVE-2022-1975] = "fixed-version: Fixed from version 5.18rc6"
+
+CVE_STATUS[CVE-2022-1976] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-1998] = "fixed-version: Fixed from version 5.17rc3"
+
+CVE_STATUS[CVE-2022-20008] = "fixed-version: Fixed from version 5.17rc5"
+
+CVE_STATUS[CVE-2022-20132] = "fixed-version: Fixed from version 5.16rc5"
+
+CVE_STATUS[CVE-2022-20141] = "fixed-version: Fixed from version 5.15rc1"
+
+CVE_STATUS[CVE-2022-20148] = "fixed-version: Fixed from version 5.16rc1"
+
+CVE_STATUS[CVE-2022-20153] = "fixed-version: Fixed from version 5.13rc1"
+
+CVE_STATUS[CVE-2022-20154] = "fixed-version: Fixed from version 5.16rc8"
+
+CVE_STATUS[CVE-2022-20158] = "fixed-version: Fixed from version 5.17"
+
+CVE_STATUS[CVE-2022-20166] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2022-20368] = "fixed-version: Fixed from version 5.17"
+
+CVE_STATUS[CVE-2022-20369] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-20409] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2022-20421] = "fixed-version: Fixed from version 6.0rc4"
+
+CVE_STATUS[CVE-2022-20422] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-20423] = "fixed-version: Fixed from version 5.17"
+
+CVE_STATUS[CVE-2022-20424] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2022-20565] = "fixed-version: Fixed from version 5.9rc4"
+
+CVE_STATUS[CVE-2022-20566] = "fixed-version: Fixed from version 5.19"
+
+CVE_STATUS[CVE-2022-20567] = "fixed-version: Fixed from version 4.16rc5"
+
+CVE_STATUS[CVE-2022-20568] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2022-20572] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-2078] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-21123] = "fixed-version: Fixed from version 5.19rc3"
+
+CVE_STATUS[CVE-2022-21125] = "fixed-version: Fixed from version 5.19rc3"
+
+CVE_STATUS[CVE-2022-21166] = "fixed-version: Fixed from version 5.19rc3"
+
+CVE_STATUS[CVE-2022-21385] = "fixed-version: Fixed from version 4.20"
+
+CVE_STATUS[CVE-2022-21499] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-21505] = "fixed-version: Fixed from version 5.19rc8"
+
+CVE_STATUS[CVE-2022-2153] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-2196] = "fixed-version: Fixed from version 6.2rc1"
+
+# CVE-2022-2209 has no known resolution
+
+CVE_STATUS[CVE-2022-22942] = "fixed-version: Fixed from version 5.17rc2"
+
+CVE_STATUS[CVE-2022-23036] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2022-23037] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2022-23038] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2022-23039] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2022-23040] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2022-23041] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2022-23042] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2022-2308] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-2318] = "fixed-version: Fixed from version 5.19rc5"
+
+CVE_STATUS[CVE-2022-23222] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2022-2327] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2022-2380] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-23816] = "fixed-version: Fixed from version 5.19rc7"
+
+# CVE-2022-23825 has no known resolution
+
+CVE_STATUS[CVE-2022-23960] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2022-24122] = "fixed-version: Fixed from version 5.17rc2"
+
+CVE_STATUS[CVE-2022-24448] = "fixed-version: Fixed from version 5.17rc2"
+
+CVE_STATUS[CVE-2022-24958] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2022-24959] = "fixed-version: Fixed from version 5.17rc2"
+
+CVE_STATUS[CVE-2022-2503] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-25258] = "fixed-version: Fixed from version 5.17rc4"
+
+# CVE-2022-25265 has no known resolution
+
+CVE_STATUS[CVE-2022-25375] = "fixed-version: Fixed from version 5.17rc4"
+
+CVE_STATUS[CVE-2022-25636] = "fixed-version: Fixed from version 5.17rc6"
+
+CVE_STATUS[CVE-2022-2585] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-2586] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-2588] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-2590] = "fixed-version: Fixed from version 6.0rc3"
+
+CVE_STATUS[CVE-2022-2602] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-26365] = "fixed-version: Fixed from version 5.19rc6"
+
+CVE_STATUS[CVE-2022-26373] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-2639] = "fixed-version: Fixed from version 5.18rc4"
+
+CVE_STATUS[CVE-2022-26490] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2022-2663] = "fixed-version: Fixed from version 6.0rc5"
+
+# CVE-2022-26878 has no known resolution
+
+CVE_STATUS[CVE-2022-26966] = "fixed-version: Fixed from version 5.17rc6"
+
+CVE_STATUS[CVE-2022-27223] = "fixed-version: Fixed from version 5.17rc6"
+
+CVE_STATUS[CVE-2022-27666] = "fixed-version: Fixed from version 5.17rc8"
+
+CVE_STATUS[CVE-2022-27672] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-2785] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-27950] = "fixed-version: Fixed from version 5.17rc5"
+
+CVE_STATUS[CVE-2022-28356] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-28388] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-28389] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-28390] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-2873] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-28796] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-28893] = "fixed-version: Fixed from version 5.18rc2"
+
+CVE_STATUS[CVE-2022-2905] = "fixed-version: Fixed from version 6.0rc4"
+
+CVE_STATUS[CVE-2022-29156] = "fixed-version: Fixed from version 5.17rc6"
+
+CVE_STATUS[CVE-2022-2938] = "fixed-version: Fixed from version 5.17rc2"
+
+CVE_STATUS[CVE-2022-29581] = "fixed-version: Fixed from version 5.18rc4"
+
+CVE_STATUS[CVE-2022-29582] = "fixed-version: Fixed from version 5.18rc2"
+
+CVE_STATUS[CVE-2022-2959] = "fixed-version: Fixed from version 5.19rc1"
+
+# CVE-2022-2961 has no known resolution
+
+CVE_STATUS[CVE-2022-2964] = "fixed-version: Fixed from version 5.17rc4"
+
+CVE_STATUS[CVE-2022-2977] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-2978] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-29900] = "fixed-version: Fixed from version 5.19rc7"
+
+CVE_STATUS[CVE-2022-29901] = "fixed-version: Fixed from version 5.19rc7"
+
+CVE_STATUS[CVE-2022-2991] = "fixed-version: Fixed from version 5.15rc1"
+
+CVE_STATUS[CVE-2022-29968] = "fixed-version: Fixed from version 5.18rc5"
+
+CVE_STATUS[CVE-2022-3028] = "fixed-version: Fixed from version 6.0rc3"
+
+CVE_STATUS[CVE-2022-30594] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-3061] = "fixed-version: Fixed from version 5.18rc5"
+
+CVE_STATUS[CVE-2022-3077] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-3078] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-3103] = "fixed-version: Fixed from version 6.0rc3"
+
+CVE_STATUS[CVE-2022-3104] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-3105] = "fixed-version: Fixed from version 5.16"
+
+CVE_STATUS[CVE-2022-3106] = "fixed-version: Fixed from version 5.16rc6"
+
+CVE_STATUS[CVE-2022-3107] = "fixed-version: Fixed from version 5.17"
+
+CVE_STATUS[CVE-2022-3108] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2022-3110] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-3111] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-3112] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-3113] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-3114] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-3115] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-3169] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-3170] = "fixed-version: Fixed from version 6.0rc4"
+
+CVE_STATUS[CVE-2022-3176] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2022-3202] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-32250] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-32296] = "fixed-version: Fixed from version 5.18rc6"
+
+# CVE-2022-3238 has no known resolution
+
+CVE_STATUS[CVE-2022-3239] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2022-32981] = "fixed-version: Fixed from version 5.19rc2"
+
+CVE_STATUS[CVE-2022-3303] = "fixed-version: Fixed from version 6.0rc5"
+
+CVE_STATUS[CVE-2022-3344] = "fixed-version: Fixed from version 6.1rc7"
+
+CVE_STATUS[CVE-2022-33740] = "fixed-version: Fixed from version 5.19rc6"
+
+CVE_STATUS[CVE-2022-33741] = "fixed-version: Fixed from version 5.19rc6"
+
+CVE_STATUS[CVE-2022-33742] = "fixed-version: Fixed from version 5.19rc6"
+
+CVE_STATUS[CVE-2022-33743] = "fixed-version: Fixed from version 5.19rc6"
+
+CVE_STATUS[CVE-2022-33744] = "fixed-version: Fixed from version 5.19rc6"
+
+CVE_STATUS[CVE-2022-33981] = "fixed-version: Fixed from version 5.18rc5"
+
+CVE_STATUS[CVE-2022-3424] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2022-3435] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-34494] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-34495] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-34918] = "fixed-version: Fixed from version 5.19rc6"
+
+CVE_STATUS[CVE-2022-3521] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-3522] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-3523] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-3524] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-3526] = "fixed-version: Fixed from version 5.18rc3"
+
+CVE_STATUS[CVE-2022-3531] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2022-3532] = "fixed-version: Fixed from version 6.2rc1"
+
+# CVE-2022-3533 has no known resolution
+
+CVE_STATUS[CVE-2022-3534] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2022-3535] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-3541] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-3542] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-3543] = "fixed-version: Fixed from version 6.1rc1"
+
+# CVE-2022-3544 has no known resolution
+
+CVE_STATUS[CVE-2022-3545] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-3564] = "fixed-version: Fixed from version 6.1rc4"
+
+CVE_STATUS[CVE-2022-3565] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-3566] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-3567] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-3577] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-3586] = "fixed-version: Fixed from version 6.0rc5"
+
+CVE_STATUS[CVE-2022-3594] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-3595] = "fixed-version: Fixed from version 6.1rc1"
+
+# CVE-2022-3606 has no known resolution
+
+CVE_STATUS[CVE-2022-36123] = "fixed-version: Fixed from version 5.19rc6"
+
+CVE_STATUS[CVE-2022-3619] = "fixed-version: Fixed from version 6.1rc4"
+
+CVE_STATUS[CVE-2022-3621] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-3623] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-3624] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-3625] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-3628] = "fixed-version: Fixed from version 6.1rc5"
+
+CVE_STATUS[CVE-2022-36280] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2022-3629] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-3630] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-3633] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-3635] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-3636] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-3640] = "fixed-version: Fixed from version 6.1rc4"
+
+# CVE-2022-36402 has no known resolution
+
+# CVE-2022-3642 has no known resolution
+
+CVE_STATUS[CVE-2022-3643] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-3646] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-3649] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-36879] = "fixed-version: Fixed from version 5.19rc8"
+
+CVE_STATUS[CVE-2022-36946] = "fixed-version: Fixed from version 5.19"
+
+CVE_STATUS[CVE-2022-3707] = "fixed-version: Fixed from version 6.2rc3"
+
+# CVE-2022-38096 has no known resolution
+
+CVE_STATUS[CVE-2022-38457] = "fixed-version: Fixed from version 6.2rc4"
+
+CVE_STATUS[CVE-2022-3903] = "fixed-version: Fixed from version 6.1rc2"
+
+CVE_STATUS[CVE-2022-3910] = "fixed-version: Fixed from version 6.0rc6"
+
+CVE_STATUS[CVE-2022-39188] = "fixed-version: Fixed from version 5.19rc8"
+
+CVE_STATUS[CVE-2022-39189] = "fixed-version: Fixed from version 5.19rc2"
+
+CVE_STATUS[CVE-2022-39190] = "fixed-version: Fixed from version 6.0rc3"
+
+CVE_STATUS[CVE-2022-3977] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-39842] = "fixed-version: Fixed from version 5.19rc4"
+
+CVE_STATUS[CVE-2022-40133] = "fixed-version: Fixed from version 6.2rc4"
+
+CVE_STATUS[CVE-2022-40307] = "fixed-version: Fixed from version 6.0rc5"
+
+CVE_STATUS[CVE-2022-40476] = "fixed-version: Fixed from version 5.19rc4"
+
+CVE_STATUS[CVE-2022-40768] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-4095] = "fixed-version: Fixed from version 6.0rc4"
+
+CVE_STATUS[CVE-2022-40982] = "fixed-version: Fixed from version 6.5rc6"
+
+CVE_STATUS[CVE-2022-41218] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2022-41222] = "fixed-version: Fixed from version 5.14rc1"
+
+CVE_STATUS[CVE-2022-4127] = "fixed-version: Fixed from version 5.19rc6"
+
+CVE_STATUS[CVE-2022-4128] = "fixed-version: Fixed from version 5.19rc7"
+
+CVE_STATUS[CVE-2022-4129] = "fixed-version: Fixed from version 6.1rc6"
+
+CVE_STATUS[CVE-2022-4139] = "fixed-version: Fixed from version 6.1rc8"
+
+CVE_STATUS[CVE-2022-41674] = "fixed-version: Fixed from version 6.1rc1"
+
+# CVE-2022-41848 has no known resolution
+
+CVE_STATUS[CVE-2022-41849] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-41850] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-41858] = "fixed-version: Fixed from version 5.18rc2"
+
+CVE_STATUS[CVE-2022-42328] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-42329] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-42432] = "fixed-version: Fixed from version 6.0rc7"
+
+CVE_STATUS[CVE-2022-4269] = "fixed-version: Fixed from version 6.3rc1"
+
+CVE_STATUS[CVE-2022-42703] = "fixed-version: Fixed from version 6.0rc4"
+
+CVE_STATUS[CVE-2022-42719] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-42720] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-42721] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-42722] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-42895] = "fixed-version: Fixed from version 6.1rc4"
+
+CVE_STATUS[CVE-2022-42896] = "fixed-version: Fixed from version 6.1rc4"
+
+CVE_STATUS[CVE-2022-43750] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-4378] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-4379] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2022-4382] = "fixed-version: Fixed from version 6.2rc5"
+
+CVE_STATUS[CVE-2022-43945] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2022-44032] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2022-44033] = "fixed-version: Fixed from version 6.4rc1"
+
+# CVE-2022-44034 has no known resolution
+
+# CVE-2022-4543 has no known resolution
+
+CVE_STATUS[CVE-2022-45869] = "fixed-version: Fixed from version 6.1rc7"
+
+# CVE-2022-45884 has no known resolution
+
+# CVE-2022-45885 has no known resolution
+
+CVE_STATUS[CVE-2022-45886] = "fixed-version: Fixed from version 6.4rc3"
+
+CVE_STATUS[CVE-2022-45887] = "fixed-version: Fixed from version 6.4rc3"
+
+CVE_STATUS[CVE-2022-45888] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2022-45919] = "fixed-version: Fixed from version 6.4rc3"
+
+CVE_STATUS[CVE-2022-45934] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-4662] = "fixed-version: Fixed from version 6.0rc4"
+
+CVE_STATUS[CVE-2022-4696] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2022-4744] = "fixed-version: Fixed from version 5.16rc7"
+
+CVE_STATUS[CVE-2022-47518] = "fixed-version: Fixed from version 6.1rc8"
+
+CVE_STATUS[CVE-2022-47519] = "fixed-version: Fixed from version 6.1rc8"
+
+CVE_STATUS[CVE-2022-47520] = "fixed-version: Fixed from version 6.1rc8"
+
+CVE_STATUS[CVE-2022-47521] = "fixed-version: Fixed from version 6.1rc8"
+
+CVE_STATUS[CVE-2022-47929] = "fixed-version: Fixed from version 6.2rc4"
+
+CVE_STATUS[CVE-2022-47938] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-47939] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-47940] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2022-47941] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-47942] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-47943] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2022-47946] = "fixed-version: Fixed from version 5.12rc2"
+
+CVE_STATUS[CVE-2022-4842] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2022-48423] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2022-48424] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2022-48425] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2022-48502] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2023-0030] = "fixed-version: Fixed from version 5.0rc1"
+
+CVE_STATUS[CVE-2023-0045] = "fixed-version: Fixed from version 6.2rc3"
+
+CVE_STATUS[CVE-2023-0047] = "fixed-version: Fixed from version 5.16rc1"
+
+CVE_STATUS[CVE-2023-0122] = "fixed-version: Fixed from version 6.0rc4"
+
+CVE_STATUS[CVE-2023-0160] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-0179] = "fixed-version: Fixed from version 6.2rc5"
+
+CVE_STATUS[CVE-2023-0210] = "fixed-version: Fixed from version 6.2rc4"
+
+CVE_STATUS[CVE-2023-0240] = "fixed-version: Fixed from version 5.10rc1"
+
+CVE_STATUS[CVE-2023-0266] = "fixed-version: Fixed from version 6.2rc4"
+
+CVE_STATUS[CVE-2023-0386] = "fixed-version: Fixed from version 6.2rc6"
+
+CVE_STATUS[CVE-2023-0394] = "fixed-version: Fixed from version 6.2rc4"
+
+CVE_STATUS[CVE-2023-0458] = "fixed-version: Fixed from version 6.2rc5"
+
+CVE_STATUS[CVE-2023-0459] = "fixed-version: Fixed from version 6.3rc1"
+
+CVE_STATUS[CVE-2023-0461] = "fixed-version: Fixed from version 6.2rc3"
+
+CVE_STATUS[CVE-2023-0468] = "fixed-version: Fixed from version 6.1rc7"
+
+CVE_STATUS[CVE-2023-0469] = "fixed-version: Fixed from version 6.1rc7"
+
+CVE_STATUS[CVE-2023-0590] = "fixed-version: Fixed from version 6.1rc2"
+
+CVE_STATUS[CVE-2023-0597] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2023-0615] = "fixed-version: Fixed from version 6.1rc3"
+
+CVE_STATUS[CVE-2023-1032] = "fixed-version: Fixed from version 6.3rc2"
+
+CVE_STATUS[CVE-2023-1073] = "fixed-version: Fixed from version 6.2rc5"
+
+CVE_STATUS[CVE-2023-1074] = "fixed-version: Fixed from version 6.2rc6"
+
+CVE_STATUS[CVE-2023-1075] = "fixed-version: Fixed from version 6.2rc7"
+
+CVE_STATUS[CVE-2023-1076] = "fixed-version: Fixed from version 6.3rc1"
+
+CVE_STATUS[CVE-2023-1077] = "fixed-version: Fixed from version 6.3rc1"
+
+CVE_STATUS[CVE-2023-1078] = "fixed-version: Fixed from version 6.2rc8"
+
+CVE_STATUS[CVE-2023-1079] = "fixed-version: Fixed from version 6.3rc1"
+
+CVE_STATUS[CVE-2023-1095] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2023-1118] = "fixed-version: Fixed from version 6.3rc1"
+
+CVE_STATUS[CVE-2023-1192] = "fixed-version: Fixed from version 6.4rc1"
+
+# CVE-2023-1193 has no known resolution
+
+CVE_STATUS[CVE-2023-1194] = "fixed-version: Fixed from version 6.4rc6"
+
+CVE_STATUS[CVE-2023-1195] = "fixed-version: Fixed from version 6.1rc3"
+
+CVE_STATUS[CVE-2023-1206] = "fixed-version: Fixed from version 6.5rc4"
+
+CVE_STATUS[CVE-2023-1249] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2023-1252] = "fixed-version: Fixed from version 5.16rc1"
+
+CVE_STATUS[CVE-2023-1281] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2023-1295] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2023-1380] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-1382] = "fixed-version: Fixed from version 6.1rc7"
+
+CVE_STATUS[CVE-2023-1390] = "fixed-version: Fixed from version 5.11rc4"
+
+CVE_STATUS[CVE-2023-1513] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2023-1582] = "fixed-version: Fixed from version 5.17rc4"
+
+CVE_STATUS[CVE-2023-1583] = "fixed-version: Fixed from version 6.3rc4"
+
+CVE_STATUS[CVE-2023-1611] = "fixed-version: Fixed from version 6.3rc5"
+
+CVE_STATUS[CVE-2023-1637] = "fixed-version: Fixed from version 5.18rc2"
+
+CVE_STATUS[CVE-2023-1652] = "fixed-version: Fixed from version 6.2rc5"
+
+CVE_STATUS[CVE-2023-1670] = "fixed-version: Fixed from version 6.3rc4"
+
+CVE_STATUS[CVE-2023-1829] = "fixed-version: Fixed from version 6.3rc1"
+
+CVE_STATUS[CVE-2023-1838] = "fixed-version: Fixed from version 5.18"
+
+CVE_STATUS[CVE-2023-1855] = "fixed-version: Fixed from version 6.3rc3"
+
+CVE_STATUS[CVE-2023-1859] = "fixed-version: Fixed from version 6.3rc7"
+
+CVE_STATUS[CVE-2023-1872] = "fixed-version: Fixed from version 5.18rc2"
+
+CVE_STATUS[CVE-2023-1989] = "fixed-version: Fixed from version 6.3rc4"
+
+CVE_STATUS[CVE-2023-1990] = "fixed-version: Fixed from version 6.3rc3"
+
+CVE_STATUS[CVE-2023-1998] = "fixed-version: Fixed from version 6.3rc1"
+
+CVE_STATUS[CVE-2023-2002] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-2006] = "fixed-version: Fixed from version 6.1rc7"
+
+CVE_STATUS[CVE-2023-2007] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2023-2008] = "fixed-version: Fixed from version 5.19rc4"
+
+CVE_STATUS[CVE-2023-2019] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2023-20569] = "fixed-version: Fixed from version 6.5rc6"
+
+CVE_STATUS[CVE-2023-20588] = "fixed-version: Fixed from version 6.5rc6"
+
+CVE_STATUS[CVE-2023-20593] = "fixed-version: Fixed from version 6.5rc4"
+
+CVE_STATUS[CVE-2023-20928] = "fixed-version: Fixed from version 6.0rc1"
+
+# CVE-2023-20937 has no known resolution
+
+CVE_STATUS[CVE-2023-20938] = "fixed-version: Fixed from version 5.18rc5"
+
+# CVE-2023-20941 has no known resolution
+
+CVE_STATUS[CVE-2023-21102] = "fixed-version: Fixed from version 6.2rc4"
+
+CVE_STATUS[CVE-2023-21106] = "fixed-version: Fixed from version 6.2rc5"
+
+CVE_STATUS[CVE-2023-2124] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-21255] = "fixed-version: Fixed from version 6.4rc4"
+
+CVE_STATUS[CVE-2023-21264] = "fixed-version: Fixed from version 6.4rc5"
+
+# CVE-2023-21400 has no known resolution
+
+CVE_STATUS[CVE-2023-2156] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-2162] = "fixed-version: Fixed from version 6.2rc6"
+
+CVE_STATUS[CVE-2023-2163] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-2166] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2023-2176] = "fixed-version: Fixed from version 6.3rc1"
+
+CVE_STATUS[CVE-2023-2177] = "fixed-version: Fixed from version 5.19"
+
+CVE_STATUS[CVE-2023-2194] = "fixed-version: Fixed from version 6.3rc4"
+
+CVE_STATUS[CVE-2023-2235] = "fixed-version: Fixed from version 6.3rc3"
+
+CVE_STATUS[CVE-2023-2236] = "fixed-version: Fixed from version 6.1rc7"
+
+CVE_STATUS[CVE-2023-2248] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-2269] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-22995] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2023-22996] = "fixed-version: Fixed from version 5.18rc1"
+
+CVE_STATUS[CVE-2023-22997] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2023-22998] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2023-22999] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2023-23000] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2023-23001] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2023-23002] = "fixed-version: Fixed from version 5.17rc1"
+
+CVE_STATUS[CVE-2023-23003] = "fixed-version: Fixed from version 5.16rc6"
+
+CVE_STATUS[CVE-2023-23004] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2023-23005] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2023-23006] = "fixed-version: Fixed from version 5.16rc8"
+
+# CVE-2023-23039 has no known resolution
+
+CVE_STATUS[CVE-2023-23454] = "fixed-version: Fixed from version 6.2rc3"
+
+CVE_STATUS[CVE-2023-23455] = "fixed-version: Fixed from version 6.2rc3"
+
+CVE_STATUS[CVE-2023-23559] = "fixed-version: Fixed from version 6.2rc5"
+
+CVE_STATUS[CVE-2023-23586] = "fixed-version: Fixed from version 5.12rc1"
+
+CVE_STATUS[CVE-2023-2430] = "fixed-version: Fixed from version 6.2rc5"
+
+CVE_STATUS[CVE-2023-2483] = "fixed-version: Fixed from version 6.3rc4"
+
+CVE_STATUS[CVE-2023-25012] = "fixed-version: Fixed from version 6.3rc1"
+
+CVE_STATUS[CVE-2023-2513] = "fixed-version: Fixed from version 6.0rc1"
+
+# CVE-2023-25775 needs backporting (fixed from 6.6rc1)
+
+CVE_STATUS[CVE-2023-2598] = "fixed-version: Fixed from version 6.4rc1"
+
+# CVE-2023-26242 has no known resolution
+
+# CVE-2023-2640 has no known resolution
+
+CVE_STATUS[CVE-2023-26544] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2023-26545] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2023-26605] = "fixed-version: Fixed from version 6.1rc7"
+
+CVE_STATUS[CVE-2023-26606] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2023-26607] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2023-28327] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2023-28328] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2023-28410] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2023-28464] = "fixed-version: Fixed from version 6.3rc7"
+
+CVE_STATUS[CVE-2023-28466] = "fixed-version: Fixed from version 6.3rc2"
+
+CVE_STATUS[CVE-2023-2860] = "fixed-version: Fixed from version 6.0rc5"
+
+CVE_STATUS[CVE-2023-28772] = "fixed-version: Fixed from version 5.14rc1"
+
+CVE_STATUS[CVE-2023-28866] = "fixed-version: Fixed from version 6.3rc4"
+
+CVE_STATUS[CVE-2023-2898] = "fixed-version: Fixed from version 6.5rc1"
+
+CVE_STATUS[CVE-2023-2985] = "fixed-version: Fixed from version 6.3rc1"
+
+CVE_STATUS[CVE-2023-3006] = "fixed-version: Fixed from version 6.1rc1"
+
+# Skipping CVE-2023-3022, no affected_versions
+
+CVE_STATUS[CVE-2023-30456] = "fixed-version: Fixed from version 6.3rc3"
+
+CVE_STATUS[CVE-2023-30772] = "fixed-version: Fixed from version 6.3rc4"
+
+CVE_STATUS[CVE-2023-3090] = "fixed-version: Fixed from version 6.4rc2"
+
+CVE_STATUS[CVE-2023-3106] = "fixed-version: Fixed from version 4.8rc7"
+
+# Skipping CVE-2023-3108, no affected_versions
+
+# CVE-2023-31081 has no known resolution
+
+# CVE-2023-31082 has no known resolution
+
+# CVE-2023-31083 needs backporting (fixed from 6.6rc1)
+
+CVE_STATUS[CVE-2023-31084] = "fixed-version: Fixed from version 6.4rc3"
+
+# CVE-2023-31085 has no known resolution
+
+CVE_STATUS[CVE-2023-3111] = "fixed-version: Fixed from version 6.0rc2"
+
+CVE_STATUS[CVE-2023-3117] = "fixed-version: Fixed from version 6.4rc7"
+
+CVE_STATUS[CVE-2023-31248] = "fixed-version: Fixed from version 6.5rc2"
+
+CVE_STATUS[CVE-2023-3141] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-31436] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-3159] = "fixed-version: Fixed from version 5.18rc6"
+
+CVE_STATUS[CVE-2023-3161] = "fixed-version: Fixed from version 6.2rc7"
+
+CVE_STATUS[CVE-2023-3212] = "fixed-version: Fixed from version 6.4rc2"
+
+CVE_STATUS[CVE-2023-3220] = "fixed-version: Fixed from version 6.3rc1"
+
+CVE_STATUS[CVE-2023-32233] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-32247] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-32248] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-32250] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-32252] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-32254] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-32257] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-32258] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-32269] = "fixed-version: Fixed from version 6.2rc7"
+
+# CVE-2023-32629 has no known resolution
+
+CVE_STATUS[CVE-2023-3268] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-3269] = "fixed-version: Fixed from version 6.5rc1"
+
+CVE_STATUS[CVE-2023-3312] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-3317] = "fixed-version: Fixed from version 6.3rc6"
+
+CVE_STATUS[CVE-2023-33203] = "fixed-version: Fixed from version 6.3rc4"
+
+CVE_STATUS[CVE-2023-33250] = "fixed-version: Fixed from version 6.5rc1"
+
+CVE_STATUS[CVE-2023-33288] = "fixed-version: Fixed from version 6.3rc4"
+
+CVE_STATUS[CVE-2023-3338] = "fixed-version: Fixed from version 6.1rc1"
+
+CVE_STATUS[CVE-2023-3355] = "fixed-version: Fixed from version 6.3rc1"
+
+CVE_STATUS[CVE-2023-3357] = "fixed-version: Fixed from version 6.2rc1"
+
+CVE_STATUS[CVE-2023-3358] = "fixed-version: Fixed from version 6.2rc5"
+
+CVE_STATUS[CVE-2023-3359] = "fixed-version: Fixed from version 6.2rc7"
+
+CVE_STATUS[CVE-2023-3389] = "fixed-version: Fixed from version 6.0rc1"
+
+CVE_STATUS[CVE-2023-3390] = "fixed-version: Fixed from version 6.4rc7"
+
+CVE_STATUS[CVE-2023-33951] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-33952] = "fixed-version: Fixed from version 6.4rc1"
+
+# CVE-2023-3397 has no known resolution
+
+CVE_STATUS[CVE-2023-34255] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-34256] = "fixed-version: Fixed from version 6.4rc2"
+
+CVE_STATUS[CVE-2023-34319] = "fixed-version: Fixed from version 6.5rc6"
+
+CVE_STATUS[CVE-2023-3439] = "fixed-version: Fixed from version 5.18rc5"
+
+CVE_STATUS[CVE-2023-35001] = "fixed-version: Fixed from version 6.5rc2"
+
+CVE_STATUS[CVE-2023-3567] = "fixed-version: Fixed from version 6.2rc7"
+
+# CVE-2023-35693 has no known resolution
+
+CVE_STATUS[CVE-2023-35788] = "fixed-version: Fixed from version 6.4rc5"
+
+CVE_STATUS[CVE-2023-35823] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-35824] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-35826] = "fixed-version: Fixed from version 6.4rc1"
+
+# CVE-2023-35827 has no known resolution
+
+CVE_STATUS[CVE-2023-35828] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-35829] = "fixed-version: Fixed from version 6.4rc1"
+
+CVE_STATUS[CVE-2023-3609] = "fixed-version: Fixed from version 6.4rc7"
+
+CVE_STATUS[CVE-2023-3610] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-3611] = "fixed-version: Fixed from version 6.5rc2"
+
+# CVE-2023-3640 has no known resolution
+
+# CVE-2023-37453 needs backporting (fixed from 6.6rc1)
+
+# CVE-2023-37454 has no known resolution
+
+CVE_STATUS[CVE-2023-3772] = "fixed-version: Fixed from version 6.5rc7"
+
+CVE_STATUS[CVE-2023-3773] = "fixed-version: Fixed from version 6.5rc7"
+
+CVE_STATUS[CVE-2023-3776] = "fixed-version: Fixed from version 6.5rc2"
+
+CVE_STATUS[CVE-2023-3777] = "fixed-version: Fixed from version 6.5rc3"
+
+CVE_STATUS[CVE-2023-3812] = "fixed-version: Fixed from version 6.1rc4"
+
+CVE_STATUS[CVE-2023-38409] = "fixed-version: Fixed from version 6.3rc7"
+
+CVE_STATUS[CVE-2023-38426] = "fixed-version: Fixed from version 6.4rc3"
+
+CVE_STATUS[CVE-2023-38427] = "fixed-version: Fixed from version 6.4rc6"
+
+CVE_STATUS[CVE-2023-38428] = "fixed-version: Fixed from version 6.4rc3"
+
+CVE_STATUS[CVE-2023-38429] = "fixed-version: Fixed from version 6.4rc3"
+
+CVE_STATUS[CVE-2023-38430] = "fixed-version: Fixed from version 6.4rc6"
+
+CVE_STATUS[CVE-2023-38431] = "fixed-version: Fixed from version 6.4rc6"
+
+CVE_STATUS[CVE-2023-38432] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-3863] = "fixed-version: Fixed from version 6.5rc1"
+
+CVE_STATUS[CVE-2023-3865] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-3866] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-3867] = "fixed-version: Fixed from version 6.5rc1"
+
+CVE_STATUS[CVE-2023-4004] = "fixed-version: Fixed from version 6.5rc3"
+
+# CVE-2023-4010 has no known resolution
+
+CVE_STATUS[CVE-2023-4015] = "fixed-version: Fixed from version 6.5rc4"
+
+CVE_STATUS[CVE-2023-40283] = "fixed-version: Fixed from version 6.5rc1"
+
+CVE_STATUS[CVE-2023-4128] = "fixed-version: Fixed from version 6.5rc5"
+
+CVE_STATUS[CVE-2023-4132] = "fixed-version: Fixed from version 6.5rc1"
+
+CVE_STATUS[CVE-2023-4133] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-4134] = "fixed-version: Fixed from version 6.5rc1"
+
+CVE_STATUS[CVE-2023-4147] = "fixed-version: Fixed from version 6.5rc4"
+
+CVE_STATUS[CVE-2023-4155] = "fixed-version: Fixed from version 6.5rc6"
+
+CVE_STATUS[CVE-2023-4194] = "fixed-version: Fixed from version 6.5rc5"
+
+CVE_STATUS[CVE-2023-4206] = "fixed-version: Fixed from version 6.5rc5"
+
+CVE_STATUS[CVE-2023-4207] = "fixed-version: Fixed from version 6.5rc5"
+
+CVE_STATUS[CVE-2023-4208] = "fixed-version: Fixed from version 6.5rc5"
+
+CVE_STATUS[CVE-2023-4244] = "fixed-version: Fixed from version 6.5rc7"
+
+CVE_STATUS[CVE-2023-4273] = "fixed-version: Fixed from version 6.5rc5"
+
+# CVE-2023-42752 needs backporting (fixed from 6.6rc1)
+
+# CVE-2023-42753 needs backporting (fixed from 6.6rc1)
+
+CVE_STATUS[CVE-2023-42755] = "fixed-version: Fixed from version 6.3rc1"
+
+CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed from version 5.19rc1"
+
+CVE_STATUS[CVE-2023-4387] = "fixed-version: Fixed from version 5.18"
+
+CVE_STATUS[CVE-2023-4389] = "fixed-version: Fixed from version 5.18rc3"
+
+CVE_STATUS[CVE-2023-4394] = "fixed-version: Fixed from version 6.0rc3"
+
+CVE_STATUS[CVE-2023-4459] = "fixed-version: Fixed from version 5.18"
+
+CVE_STATUS[CVE-2023-4563] = "fixed-version: Fixed from version 6.5rc6"
+
+CVE_STATUS[CVE-2023-4569] = "fixed-version: Fixed from version 6.5rc7"
+
+CVE_STATUS[CVE-2023-4611] = "fixed-version: Fixed from version 6.5rc4"
+
+CVE_STATUS[CVE-2023-4622] = "fixed-version: Fixed from version 6.5rc1"
+
+# CVE-2023-4623 needs backporting (fixed from 6.6rc1)
+
+# CVE-2023-4881 needs backporting (fixed from 6.6rc1)
+
+# CVE-2023-4921 needs backporting (fixed from 6.6rc1)
+
+# CVE-2023-5158 has no known resolution
+
+# CVE-2023-5197 needs backporting (fixed from 6.6rc3)
+
diff --git a/poky/meta/recipes-kernel/linux/linux-dummy.bb b/poky/meta/recipes-kernel/linux/linux-dummy.bb
index 7c46f80..2396f46 100644
--- a/poky/meta/recipes-kernel/linux/linux-dummy.bb
+++ b/poky/meta/recipes-kernel/linux/linux-dummy.bb
@@ -28,7 +28,6 @@
 
 COMPATIBLE_HOST = ".*-linux"
 
-PR = "r1"
 
 SRC_URI = "file://COPYING.GPL"
 S = "${WORKDIR}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb b/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb
index 95e3592..b594427 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb
@@ -14,7 +14,7 @@
 # provide this .inc to set specific revisions
 include recipes-kernel/linux/linux-yocto-dev-revisions.inc
 
-KBRANCH = "v6.5/standard/base"
+KBRANCH = "v6.6/standard/base"
 KMETA = "kernel-meta"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-dev.git;branch=${KBRANCH};name=machine;protocol=https \
@@ -28,7 +28,7 @@
 SRCREV_machine ?= '${@oe.utils.conditional("PREFERRED_PROVIDER_virtual/kernel", "linux-yocto-dev", "${AUTOREV}", "29594404d7fe73cd80eaa4ee8c43dcc53970c60e", d)}'
 SRCREV_meta ?= '${@oe.utils.conditional("PREFERRED_PROVIDER_virtual/kernel", "linux-yocto-dev", "${AUTOREV}", "29594404d7fe73cd80eaa4ee8c43dcc53970c60e", d)}'
 
-LINUX_VERSION ?= "6.5"
+LINUX_VERSION ?= "6.6"
 LINUX_VERSION_EXTENSION ?= "-yoctodev-${LINUX_KERNEL_TYPE}"
 PV = "${LINUX_VERSION}+git"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
index 5a42da2..fd04c4c 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
@@ -14,13 +14,13 @@
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "ad7c05a03b8d70ee30ecce783a861cb96ea258cf"
-SRCREV_meta ?= "f845a7f37d7114230d6609e2bd630070f2f6cd9b"
+SRCREV_machine ?= "4b3040c1dc13aaac356ad4ef45a8926118c732d0"
+SRCREV_meta ?= "943c6fe5dac329c7e1c30d602788f409e692b3a8"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.1.51"
+LINUX_VERSION ?= "6.1.55"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb
index aacbea4..deb2eea 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb
@@ -14,13 +14,13 @@
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "06b99074bdc85095a2b3411dcade4a64a8e8f7c0"
-SRCREV_meta ?= "f12230a4c8a427af642be8196828a23f4562bc86"
+SRCREV_machine ?= "61c6d869af5ffb90ac64095eafdf8ba513eb21a6"
+SRCREV_meta ?= "13efe44fe9dd2626eaf6552288ea31770ec71cf1"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.4;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.4.14"
+LINUX_VERSION ?= "6.4.16"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.5.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.5.bb
new file mode 100644
index 0000000..9b09bae
--- /dev/null
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.5.bb
@@ -0,0 +1,48 @@
+KBRANCH ?= "v6.5/standard/preempt-rt/base"
+
+require recipes-kernel/linux/linux-yocto.inc
+
+# CVE exclusions
+include recipes-kernel/linux/cve-exclusion_6.5.inc
+
+# Skip processing of this recipe if it is not explicitly specified as the
+# PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying
+# to build multiple virtual/kernel providers, e.g. as dependency of
+# core-image-rt-sdk, core-image-rt.
+python () {
+    if d.getVar("KERNEL_PACKAGE_NAME") == "kernel" and d.getVar("PREFERRED_PROVIDER_virtual/kernel") != "linux-yocto-rt":
+        raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
+}
+
+SRCREV_machine ?= "6efddc0f385fb758e7eef43d9de133b1677eb72c"
+SRCREV_meta ?= "06cf3d8830fda41ff271eec7da6e3c8425df790f"
+
+SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
+           git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.5;destsuffix=${KMETA};protocol=https"
+
+LINUX_VERSION ?= "6.5.5"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
+
+DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
+DEPENDS += "openssl-native util-linux-native"
+
+PV = "${LINUX_VERSION}+git"
+
+KMETA = "kernel-meta"
+KCONF_BSP_AUDIT_LEVEL = "1"
+
+LINUX_KERNEL_TYPE = "preempt-rt"
+
+COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm|qemuarmv5|qemuarm64|qemuppc|qemumips)$"
+
+KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb"
+
+# Functionality flags
+KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc features/taskstats/taskstats.scc"
+KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
+KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc"
+KERNEL_FEATURES:append:qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
+KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
+KERNEL_FEATURES:append = "${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}"
+KERNEL_FEATURES:append = "${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
index 3fd9a0e..818c650 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
@@ -8,7 +8,7 @@
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.1.inc
 
-LINUX_VERSION ?= "6.1.51"
+LINUX_VERSION ?= "6.1.55"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf"
-SRCREV_meta ?= "f845a7f37d7114230d6609e2bd630070f2f6cd9b"
+SRCREV_machine ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_meta ?= "943c6fe5dac329c7e1c30d602788f409e692b3a8"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb
index c3a7a16..c81f230 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb
@@ -8,7 +8,7 @@
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.4.inc
 
-LINUX_VERSION ?= "6.4.14"
+LINUX_VERSION ?= "6.4.16"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "800df81fa2a8bacd6487a19115b3f89f34620249"
-SRCREV_meta ?= "f12230a4c8a427af642be8196828a23f4562bc86"
+SRCREV_machine ?= "ef91ff6a4be36037808af1ca786fdd557f265a1d"
+SRCREV_meta ?= "13efe44fe9dd2626eaf6552288ea31770ec71cf1"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.5.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.5.bb
new file mode 100644
index 0000000..5325fba
--- /dev/null
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.5.bb
@@ -0,0 +1,33 @@
+KBRANCH ?= "v6.5/standard/tiny/base"
+
+LINUX_KERNEL_TYPE = "tiny"
+KCONFIG_MODE = "--allnoconfig"
+
+require recipes-kernel/linux/linux-yocto.inc
+
+# CVE exclusions
+include recipes-kernel/linux/cve-exclusion_6.5.inc
+
+LINUX_VERSION ?= "6.5.5"
+LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
+
+DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
+DEPENDS += "openssl-native util-linux-native"
+
+KMETA = "kernel-meta"
+KCONF_BSP_AUDIT_LEVEL = "2"
+
+SRCREV_machine ?= "5b2595c3e0dce2912b32ef69aaaacd52cd0e720c"
+SRCREV_meta ?= "06cf3d8830fda41ff271eec7da6e3c8425df790f"
+
+PV = "${LINUX_VERSION}+git"
+
+SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
+           git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.5;destsuffix=${KMETA};protocol=https"
+
+COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm64|qemuarm|qemuarmv5)$"
+
+# Functionality flags
+KERNEL_FEATURES = ""
+
+KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb
index 3798ae3..a942d0c 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb
@@ -18,25 +18,25 @@
 KBRANCH:qemuloongarch64  ?= "v6.1/standard/base"
 KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "8c81de99a4b9f69345873b06077f9d4e1321298e"
-SRCREV_machine:qemuarm64 ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf"
-SRCREV_machine:qemuloongarch64 ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf"
-SRCREV_machine:qemumips ?= "733cb5842aeac106f5606df4da7c64a180f0c500"
-SRCREV_machine:qemuppc ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf"
-SRCREV_machine:qemuriscv64 ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf"
-SRCREV_machine:qemuriscv32 ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf"
-SRCREV_machine:qemux86 ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf"
-SRCREV_machine:qemux86-64 ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf"
-SRCREV_machine:qemumips64 ?= "1c11fe963667e9380725bef0650aeaea8544ea8b"
-SRCREV_machine ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf"
-SRCREV_meta ?= "f845a7f37d7114230d6609e2bd630070f2f6cd9b"
+SRCREV_machine:qemuarm ?= "cf771f6d6bc0344e048bdbf7d23d3aacbe3556d0"
+SRCREV_machine:qemuarm64 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_machine:qemuloongarch64 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_machine:qemumips ?= "4be1dcc270e6ddeea513af01d91ea3b48ec82470"
+SRCREV_machine:qemuppc ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_machine:qemuriscv64 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_machine:qemuriscv32 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_machine:qemux86 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_machine:qemux86-64 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_machine:qemumips64 ?= "aa0e978c979b84d620ad21132cfdbbf857be3878"
+SRCREV_machine ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_meta ?= "943c6fe5dac329c7e1c30d602788f409e692b3a8"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "c2cbfe5f51227dfe6ef7be013f0d56a32c040faa"
+SRCREV_machine:class-devupstream ?= "d23900f974e0fb995b36ef47283a5aa74ca25f51"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.1/base"
 
@@ -45,7 +45,7 @@
 SRC_URI += "file://0001-perf-cpumap-Make-counter-as-unsigned-ints.patch"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.1.51"
+LINUX_VERSION ?= "6.1.55"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.4.bb
index e959b2a..5afd7b1 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_6.4.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.4.bb
@@ -18,25 +18,25 @@
 KBRANCH:qemuloongarch64  ?= "v6.4/standard/base"
 KBRANCH:qemumips64 ?= "v6.4/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "0194f88dc4ac51536f9bb2bf751d256bc5fe5d69"
-SRCREV_machine:qemuarm64 ?= "800df81fa2a8bacd6487a19115b3f89f34620249"
-SRCREV_machine:qemuloongarch64 ?= "800df81fa2a8bacd6487a19115b3f89f34620249"
-SRCREV_machine:qemumips ?= "179200623f949dde2afeca75943700a2cd0684ab"
-SRCREV_machine:qemuppc ?= "800df81fa2a8bacd6487a19115b3f89f34620249"
-SRCREV_machine:qemuriscv64 ?= "800df81fa2a8bacd6487a19115b3f89f34620249"
-SRCREV_machine:qemuriscv32 ?= "800df81fa2a8bacd6487a19115b3f89f34620249"
-SRCREV_machine:qemux86 ?= "800df81fa2a8bacd6487a19115b3f89f34620249"
-SRCREV_machine:qemux86-64 ?= "800df81fa2a8bacd6487a19115b3f89f34620249"
-SRCREV_machine:qemumips64 ?= "4ce1ab0a4fce437802b0f7305289b036ffb4ccae"
-SRCREV_machine ?= "800df81fa2a8bacd6487a19115b3f89f34620249"
-SRCREV_meta ?= "f12230a4c8a427af642be8196828a23f4562bc86"
+SRCREV_machine:qemuarm ?= "871a4762a8f85550898b8992b29d5e1dbf60a459"
+SRCREV_machine:qemuarm64 ?= "ef91ff6a4be36037808af1ca786fdd557f265a1d"
+SRCREV_machine:qemuloongarch64 ?= "ef91ff6a4be36037808af1ca786fdd557f265a1d"
+SRCREV_machine:qemumips ?= "18bb71cbb388dd093c46d1777f607cfbf0d4c03b"
+SRCREV_machine:qemuppc ?= "ef91ff6a4be36037808af1ca786fdd557f265a1d"
+SRCREV_machine:qemuriscv64 ?= "ef91ff6a4be36037808af1ca786fdd557f265a1d"
+SRCREV_machine:qemuriscv32 ?= "ef91ff6a4be36037808af1ca786fdd557f265a1d"
+SRCREV_machine:qemux86 ?= "ef91ff6a4be36037808af1ca786fdd557f265a1d"
+SRCREV_machine:qemux86-64 ?= "ef91ff6a4be36037808af1ca786fdd557f265a1d"
+SRCREV_machine:qemumips64 ?= "5b9def2ea1065e44847b920c3a4185d0e5c22d58"
+SRCREV_machine ?= "ef91ff6a4be36037808af1ca786fdd557f265a1d"
+SRCREV_meta ?= "13efe44fe9dd2626eaf6552288ea31770ec71cf1"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "babc8be398c3a0701e52582f93bfba946e9e5f8e"
+SRCREV_machine:class-devupstream ?= "ae4e4fc35b4258626644c162a702e2bce2b79190"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.4/base"
 
@@ -44,7 +44,7 @@
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.4;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.4.14"
+LINUX_VERSION ?= "6.4.16"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.5.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.5.bb
new file mode 100644
index 0000000..b9ed4be
--- /dev/null
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.5.bb
@@ -0,0 +1,72 @@
+KBRANCH ?= "v6.5/standard/base"
+
+require recipes-kernel/linux/linux-yocto.inc
+
+# CVE exclusions
+include recipes-kernel/linux/cve-exclusion.inc
+include recipes-kernel/linux/cve-exclusion_6.5.inc
+
+# board specific branches
+KBRANCH:qemuarm  ?= "v6.5/standard/arm-versatile-926ejs"
+KBRANCH:qemuarm64 ?= "v6.5/standard/qemuarm64"
+KBRANCH:qemumips ?= "v6.5/standard/mti-malta32"
+KBRANCH:qemuppc  ?= "v6.5/standard/qemuppc"
+KBRANCH:qemuriscv64  ?= "v6.5/standard/base"
+KBRANCH:qemuriscv32  ?= "v6.5/standard/base"
+KBRANCH:qemux86  ?= "v6.5/standard/base"
+KBRANCH:qemux86-64 ?= "v6.5/standard/base"
+KBRANCH:qemuloongarch64  ?= "v6.5/standard/base"
+KBRANCH:qemumips64 ?= "v6.5/standard/mti-malta64"
+
+SRCREV_machine:qemuarm ?= "619d7b434792c35b501914d481eb3178d87b9f60"
+SRCREV_machine:qemuarm64 ?= "5b2595c3e0dce2912b32ef69aaaacd52cd0e720c"
+SRCREV_machine:qemuloongarch64 ?= "5b2595c3e0dce2912b32ef69aaaacd52cd0e720c"
+SRCREV_machine:qemumips ?= "622b9a83a51276528ddd38ec9c239b7ef7eac1ee"
+SRCREV_machine:qemuppc ?= "5b2595c3e0dce2912b32ef69aaaacd52cd0e720c"
+SRCREV_machine:qemuriscv64 ?= "5b2595c3e0dce2912b32ef69aaaacd52cd0e720c"
+SRCREV_machine:qemuriscv32 ?= "5b2595c3e0dce2912b32ef69aaaacd52cd0e720c"
+SRCREV_machine:qemux86 ?= "5b2595c3e0dce2912b32ef69aaaacd52cd0e720c"
+SRCREV_machine:qemux86-64 ?= "5b2595c3e0dce2912b32ef69aaaacd52cd0e720c"
+SRCREV_machine:qemumips64 ?= "72909f2a89c5bcd4e8ab9aaab280eb961b4e1282"
+SRCREV_machine ?= "5b2595c3e0dce2912b32ef69aaaacd52cd0e720c"
+SRCREV_meta ?= "06cf3d8830fda41ff271eec7da6e3c8425df790f"
+
+# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
+# get the <version>/base branch, which is pure upstream -stable, and the same
+# meta SRCREV as the linux-yocto-standard builds. Select your version using the
+# normal PREFERRED_VERSION settings.
+BBCLASSEXTEND = "devupstream:target"
+SRCREV_machine:class-devupstream ?= "2309983b0ac063045af3b01b0251dfd118d45449"
+PN:class-devupstream = "linux-yocto-upstream"
+KBRANCH:class-devupstream = "v6.5/base"
+
+SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH};protocol=https \
+           git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.5;destsuffix=${KMETA};protocol=https"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
+LINUX_VERSION ?= "6.5.5"
+
+PV = "${LINUX_VERSION}+git"
+
+KMETA = "kernel-meta"
+KCONF_BSP_AUDIT_LEVEL = "1"
+
+KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb"
+
+COMPATIBLE_MACHINE = "^(qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemuppc64|qemumips|qemumips64|qemux86-64|qemuriscv64|qemuriscv32|qemuloongarch64)$"
+
+# Functionality flags
+KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc"
+KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
+KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc cfg/net/mdio.scc"
+KERNEL_FEATURES:append:qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
+KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "", d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}"
+KERNEL_FEATURES:append:powerpc =" arch/powerpc/powerpc-debug.scc"
+KERNEL_FEATURES:append:powerpc64 =" arch/powerpc/powerpc-debug.scc"
+KERNEL_FEATURES:append:powerpc64le =" arch/powerpc/powerpc-debug.scc"
+
+INSANE_SKIP:kernel-vmlinux:qemuppc64 = "textrel"
+
diff --git a/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.10.bb b/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.11.bb
similarity index 98%
rename from poky/meta/recipes-kernel/lttng/lttng-tools_2.13.10.bb
rename to poky/meta/recipes-kernel/lttng/lttng-tools_2.13.11.bb
index 20e6375..44415fb 100644
--- a/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.10.bb
+++ b/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.11.bb
@@ -39,7 +39,7 @@
            file://0001-compat-Define-off64_t-as-off_t-on-linux.patch \
            "
 
-SRC_URI[sha256sum] = "e5d1095ec1322565f38f149346f71967496c281eacc51ec5c77994b850e7d335"
+SRC_URI[sha256sum] = "ac5baeef9fa690936b1ca01ecd1742da762c2c08511ff1b4e923938d94d0f979"
 
 inherit autotools ptest pkgconfig useradd python3-dir manpages systemd
 
diff --git a/poky/meta/recipes-kernel/modutils-initscripts/modutils-initscripts.bb b/poky/meta/recipes-kernel/modutils-initscripts/modutils-initscripts.bb
index 8f4fdd7..b630a40 100644
--- a/poky/meta/recipes-kernel/modutils-initscripts/modutils-initscripts.bb
+++ b/poky/meta/recipes-kernel/modutils-initscripts/modutils-initscripts.bb
@@ -4,7 +4,6 @@
 LIC_FILES_CHKSUM = "file://modutils.sh;beginline=3;endline=3;md5=b2dccaa94b3629a08bfb4f983cad6f89"
 SRC_URI = "file://modutils.sh"
 
-PR = "r7"
 
 S = "${WORKDIR}"
 
diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb
index e22a1be..675acfa 100644
--- a/poky/meta/recipes-kernel/perf/perf.bb
+++ b/poky/meta/recipes-kernel/perf/perf.bb
@@ -9,7 +9,6 @@
 
 LICENSE = "GPL-2.0-only"
 
-PR = "r9"
 
 PACKAGECONFIG ??= "python tui libunwind libtraceevent"
 PACKAGECONFIG[dwarf] = ",NO_DWARF=1"
diff --git a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.05.03.bb b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb
similarity index 94%
rename from poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.05.03.bb
rename to poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb
index cd3f52f..c09600e 100644
--- a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.05.03.bb
+++ b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb
@@ -5,7 +5,7 @@
 LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c"
 
 SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "f254d08ab3765aeae2b856222e11a95d44aef519a6663877c71ef68fae4c8c12"
+SRC_URI[sha256sum] = "26d4c2a727cc59239b84735aad856b7c7d0b04e30aa5c235c4f7f47f5f053491"
 
 inherit bin_package allarch
 
diff --git a/poky/meta/recipes-multimedia/alsa/alsa-lib/0001-global.h-move-__STRING-macro-outside-PIC-ifdef-block.patch b/poky/meta/recipes-multimedia/alsa/alsa-lib/0001-global.h-move-__STRING-macro-outside-PIC-ifdef-block.patch
new file mode 100644
index 0000000..9a7ba0d
--- /dev/null
+++ b/poky/meta/recipes-multimedia/alsa/alsa-lib/0001-global.h-move-__STRING-macro-outside-PIC-ifdef-block.patch
@@ -0,0 +1,52 @@
+From 10bd599970acc71c92f85eb08943eb8d3d702a9c Mon Sep 17 00:00:00 2001
+From: Michael Opdenacker <michael.opdenacker@bootlin.com>
+Date: Wed, 6 Sep 2023 15:16:44 +0200
+Subject: [PATCH] global.h: move __STRING() macro outside !PIC ifdef block
+
+From: Jaroslav Kysela <perex@perex.cz>
+
+It solves the musl libc compilation issue.
+
+control.c: In function 'snd_ctl_open_conf':
+../../include/global.h:98:36: warning: implicit declaration of function '__STRING' [-Wimplicit-function-declaratio]
+   98 | #define SND_DLSYM_VERSION(version) __STRING(version)
+      |                                    ^~~~~~~~
+
+Fixes: https://github.com/alsa-project/alsa-lib/issues/350
+Upstream-Status: Backport [https://github.com/alsa-project/alsa-lib/commit/10bd599970acc71c92f85eb08943eb8d3d702a9c]
+Signed-off-by: Jaroslav Kysela <perex@perex.cz>
+---
+ include/global.h | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/include/global.h b/include/global.h
+index dfe9bc2b..3ecaeee8 100644
+--- a/include/global.h
++++ b/include/global.h
+@@ -51,6 +51,11 @@ const char *snd_asoundlib_version(void);
+ #define ATTRIBUTE_UNUSED __attribute__ ((__unused__))
+ #endif
+ 
++#ifndef __STRING
++/** \brief Return 'x' argument as string */
++#define __STRING(x)     #x
++#endif
++
+ #ifdef PIC /* dynamic build */
+ 
+ /** \hideinitializer \brief Helper macro for #SND_DLSYM_BUILD_VERSION. */
+@@ -71,11 +76,6 @@ struct snd_dlsym_link {
+ 
+ extern struct snd_dlsym_link *snd_dlsym_start;
+ 
+-#ifndef __STRING
+-/** \brief Return 'x' argument as string */
+-#define __STRING(x)     #x
+-#endif
+-
+ /** \hideinitializer \brief Helper macro for #SND_DLSYM_BUILD_VERSION. */
+ #define __SND_DLSYM_VERSION(prefix, name, version) _ ## prefix ## name ## version
+ /**
+-- 
+2.34.1
+
diff --git a/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb b/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.10.bb
similarity index 88%
rename from poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb
rename to poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.10.bb
index d482e27..83bc687 100644
--- a/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb
+++ b/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.10.bb
@@ -9,8 +9,10 @@
                     file://src/socket.c;md5=285675b45e83f571c6a957fe4ab79c93;beginline=9;endline=24 \
                     "
 
-SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2"
-SRC_URI[sha256sum] = "dc9c643fdc4ccfd0572cc685858dd41e08afb583f30460b317e4188275f615b2"
+SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2 \
+           file://0001-global.h-move-__STRING-macro-outside-PIC-ifdef-block.patch \
+           "
+SRC_URI[sha256sum] = "c86a45a846331b1b0aa6e6be100be2a7aef92efd405cf6bac7eef8174baa920e"
 
 inherit autotools pkgconfig
 
diff --git a/poky/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.9.bb b/poky/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.10.bb
similarity index 89%
rename from poky/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.9.bb
rename to poky/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.10.bb
index 073e3b0..f4fd284 100644
--- a/poky/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.9.bb
+++ b/poky/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.10.bb
@@ -8,7 +8,7 @@
 LIC_FILES_CHKSUM = "file://LICENSE;md5=20d74d74db9741697903372ad001d3b4"
 
 SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2"
-SRC_URI[sha256sum] = "374f6833bfd77d0a4675e4aa2bfb79defe850e5a46a5d4542a45962f4b9e272a"
+SRC_URI[sha256sum] = "9c21e3f01ff00baa758df17e867cd36e24ebb41a6bec49737e99105e16f2ae97"
 # Something went wrong at upstream tarballing
 
 inherit allarch
diff --git a/poky/meta/recipes-multimedia/alsa/alsa-utils/0001-alsactl-add-define-to-compile-with-glibc-2.38.patch b/poky/meta/recipes-multimedia/alsa/alsa-utils/0001-alsactl-add-define-to-compile-with-glibc-2.38.patch
deleted file mode 100644
index 8c23fb2..0000000
--- a/poky/meta/recipes-multimedia/alsa/alsa-utils/0001-alsactl-add-define-to-compile-with-glibc-2.38.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From a610f4c21b083c0f9cf62ad2251dfadc98abb50e Mon Sep 17 00:00:00 2001
-From: Rudi Heitbaum <rudi@heitbaum.com>
-Date: Sat, 22 Jul 2023 15:36:09 +0000
-Subject: [PATCH] alsactl: add define to compile with glibc 2.38
-
-strlcat and strlcpy have been added to glibc 2.38.
-update the defines to use the glibc versions, and not conflict with
-string.h.
-
-ref:
-- https://sourceware.org/git/?p=glibc.git;a=commit;h=454a20c8756c9c1d55419153255fc7692b3d2199
-
-Fixes: https://github.com/alsa-project/alsa-utils/pull/225
-Signed-off-by: Jaroslav Kysela <perex@perex.cz>
-Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
-
-Upstream-Status: Backport [https://github.com/alsa-project/alsa-utils/commit/d6a71bfbde9e1710743d3a446c6ea3b41c45234e]
----
- alsactl/init_sysdeps.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/alsactl/init_sysdeps.c b/alsactl/init_sysdeps.c
-index 3aca1b4..f09b1ae 100644
---- a/alsactl/init_sysdeps.c
-+++ b/alsactl/init_sysdeps.c
-@@ -18,6 +18,7 @@
-  */
- 
- #if defined(__GLIBC__) && !(defined(__UCLIBC__) && defined(__USE_BSD))
-+#if !(__GLIBC_PREREQ(2, 38))
- static size_t strlcpy(char *dst, const char *src, size_t size)
- {
- 	size_t bytes = 0;
-@@ -60,4 +61,5 @@ static size_t strlcat(char *dst, const char *src, size_t size)
- 	*q = '\0';
- 	return bytes;
- }
-+#endif /* !(__GLIBC_PREREQ(2, 38)) */
- #endif /* __GLIBC__ */
diff --git a/poky/meta/recipes-multimedia/alsa/alsa-utils/0001-alsactl-fix-compilation-when-building-in-a-subdir.patch b/poky/meta/recipes-multimedia/alsa/alsa-utils/0001-alsactl-fix-compilation-when-building-in-a-subdir.patch
deleted file mode 100644
index 3b3fe53..0000000
--- a/poky/meta/recipes-multimedia/alsa/alsa-utils/0001-alsactl-fix-compilation-when-building-in-a-subdir.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 44636a7c5862538def0d2fac074772cc39a22a15 Mon Sep 17 00:00:00 2001
-From: Rudi Heitbaum <rudi@heitbaum.com>
-Date: Tue, 16 May 2023 02:27:59 +1000
-Subject: [PATCH] alsactl: fix compilation when building in a subdir
-
-Fixes: 613372d
-Fixes: cff2d1c
-
-Compile errors when building in a subdir:
-alsactl/alsactl.c:33:10: fatal error: os_compat.h: No such file or directory
-   33 | #include "os_compat.h"
-      |          ^~~~~~~~~~~~~
-alsactl/lock.c:34:10: fatal error: os_compat.h: No such file or directory
-   34 | #include "os_compat.h"
-      |          ^~~~~~~~~~~~~
-
-Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com>
-Upstream-Status: Submitted [https://github.com/alsa-project/alsa-utils/pull/213]
----
- alsactl/Makefile.am | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/alsactl/Makefile.am b/alsactl/Makefile.am
-index 80dba69d..fb32c4f3 100644
---- a/alsactl/Makefile.am
-+++ b/alsactl/Makefile.am
-@@ -9,6 +9,8 @@ EXTRA_DIST=alsactl.1 alsactl_init.xml
- 
- AM_CFLAGS = -D_GNU_SOURCE
- 
-+AM_CPPFLAGS = -I$(top_srcdir)/include
-+
- alsactl_SOURCES=alsactl.c state.c lock.c utils.c init_parse.c init_ucm.c \
- 		daemon.c monitor.c clean.c info.c
- 
diff --git a/poky/meta/recipes-multimedia/alsa/alsa-utils/0001-nhlt-nhlt-dmic-info.c-include-sys-types.h.patch b/poky/meta/recipes-multimedia/alsa/alsa-utils/0001-nhlt-nhlt-dmic-info.c-include-sys-types.h.patch
new file mode 100644
index 0000000..0ebf98b
--- /dev/null
+++ b/poky/meta/recipes-multimedia/alsa/alsa-utils/0001-nhlt-nhlt-dmic-info.c-include-sys-types.h.patch
@@ -0,0 +1,31 @@
+From 35a3382f3818d29b60f4c888e338189a4d93d0e5 Mon Sep 17 00:00:00 2001
+From: Michael Opdenacker <michael.opdenacker@bootlin.com>
+Date: Tue, 19 Sep 2023 11:47:50 +0200
+Subject: [PATCH] nhlt/nhlt-dmic-info.c: include sys/types.h
+
+To fix an issue compiling with the musl C library:
+nhlt-dmic-info.c: error: unknown type name 'u_int8_t'
+
+https://github.com/alsa-project/alsa-utils/issues/238
+
+Upstream-Status: Backport [https://github.com/alsa-project/alsa-utils/commit/0925ad7f09b2dc77015784f9ac2f5e34dd0dd5c3]
+Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
+---
+ nhlt/nhlt-dmic-info.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/nhlt/nhlt-dmic-info.c b/nhlt/nhlt-dmic-info.c
+index 3f6c64d..331555a 100644
+--- a/nhlt/nhlt-dmic-info.c
++++ b/nhlt/nhlt-dmic-info.c
+@@ -33,6 +33,7 @@
+ #include <fcntl.h>
+ #include <getopt.h>
+ #include <sys/stat.h>
++#include <sys/types.h>
+ #include <arpa/inet.h>
+ 
+ int debug = 0;
+-- 
+2.34.1
+
diff --git a/poky/meta/recipes-multimedia/alsa/alsa-utils/0001-topology.c-include-locale.h.patch b/poky/meta/recipes-multimedia/alsa/alsa-utils/0001-topology.c-include-locale.h.patch
new file mode 100644
index 0000000..e1c7470
--- /dev/null
+++ b/poky/meta/recipes-multimedia/alsa/alsa-utils/0001-topology.c-include-locale.h.patch
@@ -0,0 +1,31 @@
+From d8a8a9affd5726827ef3995652248595b4a8c87e Mon Sep 17 00:00:00 2001
+From: Michael Opdenacker <michael.opdenacker@bootlin.com>
+Date: Tue, 19 Sep 2023 11:27:46 +0200
+Subject: [PATCH] topology.c: include locale.h
+
+To fix an issue compiling with the musl C library:
+topology.c: error: 'LC_ALL' undeclared
+
+https://github.com/alsa-project/alsa-utils/issues/239
+
+Upstream-Status: Backport [https://github.com/alsa-project/alsa-utils/commit/8c229270f6bae83b705a03714c46067a7aa57b02]
+Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
+---
+ topology/topology.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/topology/topology.c b/topology/topology.c
+index 1840ffe..5d03a8b 100644
+--- a/topology/topology.c
++++ b/topology/topology.c
+@@ -32,6 +32,7 @@
+ #include <sys/stat.h>
+ #include <getopt.h>
+ #include <assert.h>
++#include <locale.h>
+ 
+ #include <alsa/asoundlib.h>
+ #include <alsa/topology.h>
+-- 
+2.34.1
+
diff --git a/poky/meta/recipes-multimedia/alsa/alsa-utils_1.2.9.bb b/poky/meta/recipes-multimedia/alsa/alsa-utils_1.2.10.bb
similarity index 92%
rename from poky/meta/recipes-multimedia/alsa/alsa-utils_1.2.9.bb
rename to poky/meta/recipes-multimedia/alsa/alsa-utils_1.2.10.bb
index af28f54..4e5ed8d 100644
--- a/poky/meta/recipes-multimedia/alsa/alsa-utils_1.2.9.bb
+++ b/poky/meta/recipes-multimedia/alsa/alsa-utils_1.2.10.bb
@@ -25,10 +25,10 @@
 
 # alsa-utils specified in SRC_URI due to alsa-utils-scripts recipe
 SRC_URI = "https://www.alsa-project.org/files/pub/utils/alsa-utils-${PV}.tar.bz2 \
-           file://0001-alsactl-fix-compilation-when-building-in-a-subdir.patch \
-           file://0001-alsactl-add-define-to-compile-with-glibc-2.38.patch \
-          "
-SRC_URI[sha256sum] = "e7623d4525595f92e11ce25ee9a97f2040a14c6e4dcd027aa96e06cbce7817bd"
+           file://0001-topology.c-include-locale.h.patch \
+           file://0001-nhlt-nhlt-dmic-info.c-include-sys-types.h.patch \
+           "
+SRC_URI[sha256sum] = "104b62ec7f02a7ce16ca779f4815616df1cc21933503783a9107b5944f83063a"
 
 # On build machines with python-docutils (not python3-docutils !!) installed
 # rst2man (not rst2man.py) is detected and compile fails with
@@ -57,6 +57,7 @@
              alsa-utils-alsaloop \
              alsa-utils-alsaucm \
              alsa-utils-scripts \
+             alsa-utils-nhltdmicinfo \
             "
 
 PACKAGES += "${ALSA_UTILS_PKGS}"
@@ -82,6 +83,7 @@
                ${sbindir}/alsa-info.sh \
                ${sbindir}/alsabat-test.sh \
               "
+FILES:alsa-utils-nhltdmicinfo = "${bindir}/nhlt-dmic-info"
 
 SUMMARY:alsa-utils-alsabat      = "Command-line sound tester for ALSA sound card driver"
 SUMMARY:alsa-utils-alsatplg     = "Converts topology text files into binary format for kernel"
@@ -98,6 +100,7 @@
 SUMMARY:alsa-utils-alsaloop     = "ALSA PCM loopback utility"
 SUMMARY:alsa-utils-alsaucm      = "ALSA Use Case Manager"
 SUMMARY:alsa-utils-scripts      = "Shell scripts that show help info and create ALSA configuration files"
+SUMMARY:alsa-utils-nhltdmicinfo = "Dumps microphone array information from ACPI NHLT table"
 
 RRECOMMENDS:alsa-utils-alsactl = "alsa-states"
 
diff --git a/poky/meta/recipes-multimedia/liba52/liba52_0.7.4.bb b/poky/meta/recipes-multimedia/liba52/liba52_0.7.4.bb
index f6bca4e..7a3b4a4 100644
--- a/poky/meta/recipes-multimedia/liba52/liba52_0.7.4.bb
+++ b/poky/meta/recipes-multimedia/liba52/liba52_0.7.4.bb
@@ -7,7 +7,6 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \
 			file://include/a52.h;beginline=1;endline=12;md5=81152ceb3562bf20a60d1b6018175dd1"
 SECTION = "libs"
-PR = "r4"
 
 inherit autotools
 
diff --git a/poky/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb b/poky/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb
index 178e1a9..11674af 100644
--- a/poky/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb
+++ b/poky/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb
@@ -7,7 +7,6 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=cf91718f59eb6a83d06dc7bcaf411132"
 DEPENDS = "libogg"
 
-PR = "r1"
 
 SRC_URI = "http://downloads.xiph.org/releases/theora/libtheora-${PV}.tar.bz2 \
            file://no-docs.patch"
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
similarity index 93%
rename from poky/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
rename to poky/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
index 6171a53..49984f1 100644
--- a/poky/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
+++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
@@ -8,9 +8,10 @@
 
 CVE_PRODUCT = "libtiff"
 
-SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz"
+SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
+           "
 
-SRC_URI[sha256sum] = "d7f38b6788e4a8f5da7940c5ac9424f494d8a79eba53d555f4a507167dca5e2b"
+SRC_URI[sha256sum] = "88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4b5d99a"
 
 # exclude betas
 UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
diff --git a/poky/meta/recipes-multimedia/pulseaudio/pulseaudio.inc b/poky/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
index 08a608b..2245a73 100644
--- a/poky/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
+++ b/poky/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
@@ -257,7 +257,7 @@
 
 # pulseaudio-module-console-kit is built whenever dbus is enabled by PACKAGECONFIG
 # but consolekit depends on libx11 and is available only for DISTRO with x11 in DISTRO_FEATURES
-RDEPENDS:pulseaudio-module-console-kit =+ "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'consolekit', '', d)}"
+RDEPENDS:pulseaudio-module-console-kit =+ "${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit x11', 'consolekit', '', d)}"
 RDEPENDS:pulseaudio-misc += "pulseaudio-module-cli-protocol-unix"
 
 FILES:${PN}-module-alsa-card += "${datadir}/pulseaudio/alsa-mixer"
diff --git a/poky/meta/recipes-multimedia/webp/libwebp_1.3.1.bb b/poky/meta/recipes-multimedia/webp/libwebp_1.3.2.bb
similarity index 95%
rename from poky/meta/recipes-multimedia/webp/libwebp_1.3.1.bb
rename to poky/meta/recipes-multimedia/webp/libwebp_1.3.2.bb
index b9e763b..63b0fd9 100644
--- a/poky/meta/recipes-multimedia/webp/libwebp_1.3.1.bb
+++ b/poky/meta/recipes-multimedia/webp/libwebp_1.3.2.bb
@@ -14,7 +14,7 @@
                     file://PATENTS;md5=c6926d0cb07d296f886ab6e0cc5a85b7"
 
 SRC_URI = "http://downloads.webmproject.org/releases/webp/${BP}.tar.gz"
-SRC_URI[sha256sum] = "b3779627c2dfd31e3d8c4485962c2efe17785ef975e2be5c8c0c9e6cd3c4ef66"
+SRC_URI[sha256sum] = "2a499607df669e40258e53d0ade8035ba4ec0175244869d1025d460562aa09b4"
 
 UPSTREAM_CHECK_URI = "http://downloads.webmproject.org/releases/webp/index.html"
 
diff --git a/poky/meta/recipes-sato/matchbox-sato/matchbox-session-sato_0.1.bb b/poky/meta/recipes-sato/matchbox-sato/matchbox-session-sato_0.1.bb
index 49bf30e..90734b6 100644
--- a/poky/meta/recipes-sato/matchbox-sato/matchbox-session-sato_0.1.bb
+++ b/poky/meta/recipes-sato/matchbox-sato/matchbox-session-sato_0.1.bb
@@ -7,7 +7,6 @@
 
 SECTION = "x11"
 RDEPENDS:${PN} = "formfactor matchbox-theme-sato matchbox-panel-2 matchbox-desktop matchbox-session gconf"
-PR = "r30"
 
 # This package is architecture specific because the session script is modified
 # based on the machine architecture.
diff --git a/poky/meta/recipes-sato/packagegroups/packagegroup-core-x11-sato.bb b/poky/meta/recipes-sato/packagegroups/packagegroup-core-x11-sato.bb
index 6866a4d..3f735e0 100644
--- a/poky/meta/recipes-sato/packagegroups/packagegroup-core-x11-sato.bb
+++ b/poky/meta/recipes-sato/packagegroups/packagegroup-core-x11-sato.bb
@@ -5,7 +5,6 @@
 SUMMARY = "Sato desktop"
 DESCRIPTION = "Packagegroups provide a convenient mechanism of bundling a collection of packages."
 HOMEPAGE = "https://www.yoctoproject.org/"
-PR = "r33"
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
diff --git a/poky/meta/recipes-sato/puzzles/puzzles_git.bb b/poky/meta/recipes-sato/puzzles/puzzles_git.bb
index 04338a6..d7089ef 100644
--- a/poky/meta/recipes-sato/puzzles/puzzles_git.bb
+++ b/poky/meta/recipes-sato/puzzles/puzzles_git.bb
@@ -10,7 +10,7 @@
 SRC_URI = "git://git.tartarus.org/simon/puzzles.git;branch=main;protocol=https"
 
 UPSTREAM_CHECK_COMMITS = "1"
-SRCREV = "b6c842a28cf6597df063fcff35079c3e3982381e"
+SRCREV = "2d9e414ee316b37143954150016e8f4f18358497"
 PE = "2"
 PV = "0.0+git"
 
diff --git a/poky/meta/recipes-sato/shutdown-desktop/shutdown-desktop.bb b/poky/meta/recipes-sato/shutdown-desktop/shutdown-desktop.bb
index 4bb896f..766f574 100644
--- a/poky/meta/recipes-sato/shutdown-desktop/shutdown-desktop.bb
+++ b/poky/meta/recipes-sato/shutdown-desktop/shutdown-desktop.bb
@@ -4,7 +4,6 @@
 
 SRC_URI = "file://shutdown.desktop"
 
-PR = "r1"
 
 S = "${WORKDIR}"
 
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk_2.40.5.bb b/poky/meta/recipes-sato/webkit/webkitgtk_2.40.5.bb
index a0c97aa..0c54f20 100644
--- a/poky/meta/recipes-sato/webkit/webkitgtk_2.40.5.bb
+++ b/poky/meta/recipes-sato/webkit/webkitgtk_2.40.5.bb
@@ -87,6 +87,10 @@
                  -DUSE_GTK4=ON \
                  "
 
+# Unless DEBUG_BUILD is enabled, pass -g1 to massively reduce the size of the
+# debug symbols (4.3GB to 700M at time of writing)
+DEBUG_FLAGS:append = "${@oe.utils.vartrue('DEBUG_BUILD', '', ' -g1', d)}"
+
 # Javascript JIT is not supported on ARC
 EXTRA_OECMAKE:append:arc = " -DENABLE_JIT=OFF "
 # By default 25-bit "medium" calls are used on ARC
diff --git a/poky/meta/recipes-support/appstream/appstream/0001-meson-do-not-rely-on-an-exe-wrapper.patch b/poky/meta/recipes-support/appstream/appstream/0001-meson-do-not-rely-on-an-exe-wrapper.patch
new file mode 100644
index 0000000..d4f2951
--- /dev/null
+++ b/poky/meta/recipes-support/appstream/appstream/0001-meson-do-not-rely-on-an-exe-wrapper.patch
@@ -0,0 +1,36 @@
+From 79bf322768990b28c29a9d907edcca52ff48e0b8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
+Date: Wed, 26 Jul 2023 23:21:10 +0400
+Subject: meson: do not rely on an exe wrapper
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+
+Upstream-Status: Backport [https://github.com/ximion/appstream/commit/79bf322768990b28c29a9d907edcca52ff48e0b8]
+---
+ data/meson.build | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/data/meson.build b/data/meson.build
+index aea0cb25..ec0e434f 100644
+--- a/data/meson.build
++++ b/data/meson.build
+@@ -7,6 +7,13 @@ install_data('its/metainfo.its',
+ install_data('its/metainfo.loc',
+               install_dir: join_paths(get_option('datadir'), 'gettext', 'its'))
+ 
++# Do not rely on an exe wrapper for rel-info, use the system one in that case
++if meson.is_cross_build()
++    dependency('appstream', version: '>=' + as_version, native: true,
++               not_found_message: 'Native appstream required for cross-building')
++    ascli_exe = find_program('appstreamcli')
++endif
++
+ # NOTE: We do not translate the release notes on purpose here.
+ # If you do want to give translators a chance to translate them,
+ # ascli news-to-metainfo needs to produce a temporary file to translate
+-- 
+2.41.0
+
diff --git a/poky/meta/recipes-support/appstream/appstream/0001-remove-hardcoded-path.patch b/poky/meta/recipes-support/appstream/appstream/0001-remove-hardcoded-path.patch
new file mode 100644
index 0000000..9cbfaca
--- /dev/null
+++ b/poky/meta/recipes-support/appstream/appstream/0001-remove-hardcoded-path.patch
@@ -0,0 +1,31 @@
+From 6ab00a4279823829a9b82dc9e4d055da4de88c6e Mon Sep 17 00:00:00 2001
+From: Markus Volk <f_l_k@t-online.de>
+Date: Mon, 12 Dec 2022 15:42:42 +0100
+Subject: [PATCH] remove hardcoded path
+
+Signed-off-by: Markus Volk <f_l_k@t-online.de>
+
+Dont include hardcoded path. This fixes:
+| cc1: error: include location "/usr/include" is unsafe for cross-compilation [-Werror=poison-system-directories]
+
+Upstream-Status: Inappropriate [oe-specific]
+---
+ meson.build       | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index fd0e3373..2f273ada 100644
+--- a/meson.build
++++ b/meson.build
+@@ -124,7 +124,7 @@ if get_option ('gir')
+     dependency('gobject-introspection-1.0', version: '>=1.56')
+ endif
+ 
+-stemmer_inc_dirs = include_directories(['/usr/include'])
++stemmer_inc_dirs = include_directories([''])
+ if get_option('stemming')
+     stemmer_lib = cc.find_library('stemmer', required: true)
+     if not cc.has_header('libstemmer.h')
+-- 
+2.34.1
+
diff --git a/poky/meta/recipes-support/appstream/appstream_0.16.3.bb b/poky/meta/recipes-support/appstream/appstream_0.16.3.bb
new file mode 100644
index 0000000..bde679e
--- /dev/null
+++ b/poky/meta/recipes-support/appstream/appstream_0.16.3.bb
@@ -0,0 +1,45 @@
+SUMMARY = "AppStream is a collaborative effort for making machine-readable software metadata easily available."
+HOMEPAGE = "https://github.com/ximion/appstream"
+LICENSE = "LGPL-2.1-only"
+LIC_FILES_CHKSUM = "file://COPYING;md5=435ed639f84d4585d93824e7da3d85da"
+
+DEPENDS = " \
+    appstream-native \
+    curl-native \
+    curl \
+    docbook-xml-dtd4-native \
+    gperf-native \
+    glib-2.0 \
+    libyaml \
+    libxml2 \
+    libxmlb \
+    libxslt-native \
+    itstool-native \
+    docbook-xsl-stylesheets-native \
+    python3-pygments-native \
+"
+
+inherit meson gobject-introspection gettext gtk-doc pkgconfig vala
+
+GIR_MESON_OPTION = "gir"
+GTKDOC_MESON_OPTION = "apidocs"
+
+SRC_URI = " \
+	https://www.freedesktop.org/software/appstream/releases/AppStream-${PV}.tar.xz \
+	file://0001-remove-hardcoded-path.patch \
+	file://0001-meson-do-not-rely-on-an-exe-wrapper.patch \
+"
+SRC_URI[sha256sum] = "081c917646e94d7221c9e4aae54dacda95a27c607fa93cd8e6344a2b318b98b1"
+
+S = "${WORKDIR}/AppStream-${PV}"
+
+PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
+
+PACKAGECONFIG[systemd] = "-Dsystemd=true,-Dsystemd=false,systemd"
+PACKAGECONFIG[stemming] = "-Dstemming=true,-Dstemming=false,libstemmer"
+
+FILES:${PN} += "${datadir}"
+
+EXTRA_OEMESON += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', '-Dvapi=true', '-Dvapi=false', d)}"
+
+BBCLASSEXTEND = "native"
diff --git a/poky/meta/recipes-support/atk/at-spi2-core_2.48.3.bb b/poky/meta/recipes-support/atk/at-spi2-core_2.50.0.bb
similarity index 94%
rename from poky/meta/recipes-support/atk/at-spi2-core_2.48.3.bb
rename to poky/meta/recipes-support/atk/at-spi2-core_2.50.0.bb
index 17b0e39..57958fb 100644
--- a/poky/meta/recipes-support/atk/at-spi2-core_2.48.3.bb
+++ b/poky/meta/recipes-support/atk/at-spi2-core_2.50.0.bb
@@ -11,7 +11,7 @@
 
 SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz"
 
-SRC_URI[sha256sum] = "37316df43ca9989ce539d54cf429a768c28bb38a0b34950beadd0421827edf55"
+SRC_URI[sha256sum] = "e9f5a8c8235c9dd963b2171de9120301129c677dde933955e1df618b949c4adc"
 
 DEPENDS = " \
 	dbus \
diff --git a/poky/meta/recipes-support/boost/boost-1.82.0.inc b/poky/meta/recipes-support/boost/boost-1.83.0.inc
similarity index 90%
rename from poky/meta/recipes-support/boost/boost-1.82.0.inc
rename to poky/meta/recipes-support/boost/boost-1.83.0.inc
index 39d3c9c..da275f1 100644
--- a/poky/meta/recipes-support/boost/boost-1.82.0.inc
+++ b/poky/meta/recipes-support/boost/boost-1.83.0.inc
@@ -12,7 +12,7 @@
 BOOST_P = "boost_${BOOST_VER}"
 
 SRC_URI = "https://boostorg.jfrog.io/artifactory/main/release/${PV}/source/${BOOST_P}.tar.bz2"
-SRC_URI[sha256sum] = "a6e1ab9b0860e6a2881dd7b21fe9f737a095e5f33a3a874afc6a345228597ee6"
+SRC_URI[sha256sum] = "6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e"
 
 UPSTREAM_CHECK_URI = "http://www.boost.org/users/download/"
 UPSTREAM_CHECK_REGEX = "release/(?P<pver>.*)/source/"
diff --git a/poky/meta/recipes-support/boost/boost-build-native_1.82.0.bb b/poky/meta/recipes-support/boost/boost-build-native_1.83.0.bb
similarity index 92%
rename from poky/meta/recipes-support/boost/boost-build-native_1.82.0.bb
rename to poky/meta/recipes-support/boost/boost-build-native_1.83.0.bb
index dcfb65e..a345bac 100644
--- a/poky/meta/recipes-support/boost/boost-build-native_1.82.0.bb
+++ b/poky/meta/recipes-support/boost/boost-build-native_1.83.0.bb
@@ -7,7 +7,7 @@
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c"
 
 SRC_URI = "git://github.com/boostorg/build;protocol=https;branch=master"
-SRCREV = "9f488e003a568dffe0caed05d86ed6f1a8f8c7f3"
+SRCREV = "8d86b9a85407d73d6e8c631771f18c2a237d2d71"
 PE = "1"
 
 UPSTREAM_CHECK_GITTAGREGEX = "boost-(?P<pver>(\d+(\.\d+)+))"
diff --git a/poky/meta/recipes-support/boost/boost_1.82.0.bb b/poky/meta/recipes-support/boost/boost_1.83.0.bb
similarity index 100%
rename from poky/meta/recipes-support/boost/boost_1.82.0.bb
rename to poky/meta/recipes-support/boost/boost_1.83.0.bb
diff --git a/poky/meta/recipes-support/curl/curl/disable-tests b/poky/meta/recipes-support/curl/curl/disable-tests
index b687b2b..fdac795 100644
--- a/poky/meta/recipes-support/curl/curl/disable-tests
+++ b/poky/meta/recipes-support/curl/curl/disable-tests
@@ -21,6 +21,7 @@
 # This test is scanning the source tree
 1222
 # These CRL tests need --libcurl option to be enabled
+1279
 1400
 1401
 1402
diff --git a/poky/meta/recipes-support/curl/curl/run-ptest b/poky/meta/recipes-support/curl/curl/run-ptest
index 2c74c58..8f9c20f 100644
--- a/poky/meta/recipes-support/curl/curl/run-ptest
+++ b/poky/meta/recipes-support/curl/curl/run-ptest
@@ -1,6 +1,6 @@
 #!/bin/sh
 cd tests
-{ ./runtests.pl -a -n -s || echo "FAIL: curl" ; } | sed \
+{ ./runtests.pl -a -n -s -j4 !flaky || echo "FAIL: curl" ; } | sed \
      -e 's|\([^ ]* *\) \([^ ]* *\)...OK|PASS: \1 \2|' \
      -e 's|\([^ ]* *\) \([^ ]* *\)...FAILED|FAIL: \1 \2|' \
      -e 's/Warning: test[0-9]\+ not present in tests\/data\/Makefile.inc//'
diff --git a/poky/meta/recipes-support/curl/curl_8.2.1.bb b/poky/meta/recipes-support/curl/curl_8.3.0.bb
similarity index 81%
rename from poky/meta/recipes-support/curl/curl_8.2.1.bb
rename to poky/meta/recipes-support/curl/curl_8.3.0.bb
index 068486a..646ac01 100644
--- a/poky/meta/recipes-support/curl/curl_8.2.1.bb
+++ b/poky/meta/recipes-support/curl/curl_8.3.0.bb
@@ -14,7 +14,7 @@
     file://run-ptest \
     file://disable-tests \
 "
-SRC_URI[sha256sum] = "dd322f6bd0a20e6cebdfd388f69e98c3d183bed792cf4713c8a7ef498cba4894"
+SRC_URI[sha256sum] = "376d627767d6c4f05105ab6d497b0d9aba7111770dd9d995225478209c37ea63"
 
 # Curl has used many names over the years...
 CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
@@ -24,21 +24,26 @@
 # Entropy source for random PACKAGECONFIG option
 RANDOM ?= "/dev/urandom"
 
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} libidn openssl proxy random threaded-resolver verbose zlib"
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} aws basic-auth bearer-auth digest-auth negotiate-auth libidn openssl proxy random threaded-resolver verbose zlib"
 PACKAGECONFIG:class-native = "ipv6 openssl proxy random threaded-resolver verbose zlib"
 PACKAGECONFIG:class-nativesdk = "ipv6 openssl proxy random threaded-resolver verbose zlib"
 
 # 'ares' and 'threaded-resolver' are mutually exclusive
 PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver"
+PACKAGECONFIG[aws] = "--enable-aws,--disable-aws"
+PACKAGECONFIG[basic-auth] = "--enable-basic-auth,--disable-basic-auth"
+PACKAGECONFIG[bearer-auth] = "--enable-bearer-auth,--disable-bearer-auth"
 PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli"
 PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual"
 # Don't use this in production
 PACKAGECONFIG[debug] = "--enable-debug,--disable-debug"
 PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
+PACKAGECONFIG[digest-auth] = "--enable-digest-auth,--disable-digest-auth"
 PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
 PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
 PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+PACKAGECONFIG[kerberos-auth] = "--enable-kerberos-auth,--disable-kerberos-auth"
 PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5"
 PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap"
 PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,openldap"
@@ -47,6 +52,7 @@
 PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
 PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls"
 PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt,"
+PACKAGECONFIG[negotiate-auth] = "--enable-negotiate-auth,--disable-negotiate-auth"
 PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
 PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl"
 PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"
@@ -56,7 +62,6 @@
 PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp,"
 PACKAGECONFIG[smb] = "--enable-smb,--disable-smb,"
 PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp,"
-PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss"
 PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet,"
 PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"
 PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares"
@@ -67,11 +72,10 @@
 EXTRA_OECONF = " \
     --disable-libcurl-option \
     --disable-ntlm-wb \
-    --enable-crypto-auth \
     --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
     --without-libpsl \
     --enable-optimize \
-    ${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls nss openssl', d) == '') else ''} \
+    ${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls openssl', d) == '') else ''} \
 "
 
 do_install:append:class-target() {
@@ -85,14 +89,18 @@
 }
 
 do_compile_ptest() {
-	oe_runmake test
-	oe_runmake -C ${B}/tests/server
+	oe_runmake -C ${B}/tests
 }
 
 do_install_ptest() {
 	cat  ${WORKDIR}/disable-tests >> ${S}/tests/data/DISABLED
 	rm -f ${B}/tests/configurehelp.pm
 	cp -rf ${B}/tests ${D}${PTEST_PATH}
+        rm -f ${D}${PTEST_PATH}/tests/libtest/.libs/libhostname.la
+        rm -f ${D}${PTEST_PATH}/tests/libtest/libhostname.la
+        mv ${D}${PTEST_PATH}/tests/libtest/.libs/* ${D}${PTEST_PATH}/tests/libtest/
+        mv ${D}${PTEST_PATH}/tests/libtest/libhostname.so ${D}${PTEST_PATH}/tests/libtest/.libs/
+        mv ${D}${PTEST_PATH}/tests/http/clients/.libs/* ${D}${PTEST_PATH}/tests/http/clients/
 	cp -rf ${S}/tests ${D}${PTEST_PATH}
 	find ${D}${PTEST_PATH}/ -type f -name Makefile.am -o -name Makefile.in -o -name Makefile -delete
 	install -d ${D}${PTEST_PATH}/src
diff --git a/poky/meta/recipes-support/db/db_5.3.28.bb b/poky/meta/recipes-support/db/db_5.3.28.bb
index c5427f5..a99d5ce 100644
--- a/poky/meta/recipes-support/db/db_5.3.28.bb
+++ b/poky/meta/recipes-support/db/db_5.3.28.bb
@@ -18,7 +18,6 @@
 CVE_PRODUCT = "oracle_berkeley_db berkeley_db"
 CVE_VERSION = "11.2.${PV}"
 
-PR = "r1"
 PE = "1"
 
 SRC_URI = "https://download.oracle.com/berkeley-db/db-${PV}.tar.gz"
diff --git a/poky/meta/recipes-support/debianutils/debianutils_5.8.bb b/poky/meta/recipes-support/debianutils/debianutils_5.13.bb
similarity index 97%
rename from poky/meta/recipes-support/debianutils/debianutils_5.8.bb
rename to poky/meta/recipes-support/debianutils/debianutils_5.13.bb
index fb17d2d..915277b 100644
--- a/poky/meta/recipes-support/debianutils/debianutils_5.8.bb
+++ b/poky/meta/recipes-support/debianutils/debianutils_5.13.bb
@@ -11,7 +11,7 @@
 SRC_URI = "git://salsa.debian.org/debian/debianutils.git;protocol=https;branch=master \
            "
 
-SRCREV = "69116b856177ceb270908103b5776f897d2863c3"
+SRCREV = "d49a78eb264c1b2ad3d0d6de8e1fb776bda9c943"
 
 inherit autotools update-alternatives
 
diff --git a/poky/meta/recipes-support/diffoscope/diffoscope_244.bb b/poky/meta/recipes-support/diffoscope/diffoscope_249.bb
similarity index 93%
rename from poky/meta/recipes-support/diffoscope/diffoscope_244.bb
rename to poky/meta/recipes-support/diffoscope/diffoscope_249.bb
index c17bd81..b679103 100644
--- a/poky/meta/recipes-support/diffoscope/diffoscope_244.bb
+++ b/poky/meta/recipes-support/diffoscope/diffoscope_249.bb
@@ -12,7 +12,7 @@
 
 inherit pypi setuptools3
 
-SRC_URI[sha256sum] = "8bee8bbb144cdb7ddfa21886d5ce1822220139241c9a53def09b4adc3340db93"
+SRC_URI[sha256sum] = "bc4d8cb3198025013784ef7e3fa61b7a642de39e5b790c45d7c29d153306fbdd"
 
 RDEPENDS:${PN} += "\
         binutils \
diff --git a/poky/meta/recipes-support/enchant/enchant2_2.5.0.bb b/poky/meta/recipes-support/enchant/enchant2_2.6.1.bb
similarity index 91%
rename from poky/meta/recipes-support/enchant/enchant2_2.5.0.bb
rename to poky/meta/recipes-support/enchant/enchant2_2.6.1.bb
index f5ec1ef..a3510a8 100644
--- a/poky/meta/recipes-support/enchant/enchant2_2.5.0.bb
+++ b/poky/meta/recipes-support/enchant/enchant2_2.6.1.bb
@@ -12,7 +12,7 @@
 inherit autotools pkgconfig github-releases
 
 SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/enchant-${PV}.tar.gz"
-SRC_URI[sha256sum] = "149e224cdd2ca825d874639578b6246e07f37d5b8f3970658a377a1ef46f2e15"
+SRC_URI[sha256sum] = "f24e12469137ae1d03140bb9032a47a5947c36f4d1e2f12b929061005eb15279"
 
 GITHUB_BASE_URI = "https://github.com/AbiWord/enchant/releases"
 
diff --git a/poky/meta/recipes-support/libevent/libevent/0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch b/poky/meta/recipes-support/libevent/libevent/0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch
index ea17e87..26b707a 100644
--- a/poky/meta/recipes-support/libevent/libevent/0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch
+++ b/poky/meta/recipes-support/libevent/libevent/0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch
@@ -6,7 +6,7 @@
 
 Fixes: #1193
 
-Upstream-Status: Accepted
+Upstream-Status: Backport [https://github.com/libevent/libevent/commit/3daebf308a01b4b2d3fb867be3d6631f7b5a2dbb]
 
 Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
 ---
diff --git a/poky/meta/recipes-support/libnl/libnl_3.7.0.bb b/poky/meta/recipes-support/libnl/libnl_3.8.0.bb
similarity index 95%
rename from poky/meta/recipes-support/libnl/libnl_3.7.0.bb
rename to poky/meta/recipes-support/libnl/libnl_3.8.0.bb
index 38d21ff..28b2e57 100644
--- a/poky/meta/recipes-support/libnl/libnl_3.7.0.bb
+++ b/poky/meta/recipes-support/libnl/libnl_3.8.0.bb
@@ -18,7 +18,7 @@
            file://run-ptest \
            "
 
-SRC_URI[sha256sum] = "9fe43ccbeeea72c653bdcf8c93332583135cda46a79507bfd0a483bb57f65939"
+SRC_URI[sha256sum] = "bb726c6d7a08b121978d73ff98425bf313fa26a27a331d465e4f1d7ec5b838c6"
 
 GITHUB_BASE_URI = "https://github.com/thom311/${BPN}/releases"
 UPSTREAM_CHECK_REGEX = "releases/tag/libnl(?P<pver>.+)"
diff --git a/poky/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/poky/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 5abeced..a605857 100644
--- a/poky/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/poky/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -40,7 +40,7 @@
 ntlm_auth = '${bindir}/ntlm_auth'
 EOF
 }
-EXTRA_OEMESON += "--cross-file ${WORKDIR}/soup.cross"
+EXTRA_OEMESON:append:class-target = " --cross-file ${WORKDIR}/soup.cross"
 
 EXTRA_OEMESON += "-Dvapi=disabled -Dtls_check=false"
 
diff --git a/poky/meta/recipes-support/libsoup/libsoup_3.4.2.bb b/poky/meta/recipes-support/libsoup/libsoup_3.4.2.bb
index ad86c89..3996ae6 100644
--- a/poky/meta/recipes-support/libsoup/libsoup_3.4.2.bb
+++ b/poky/meta/recipes-support/libsoup/libsoup_3.4.2.bb
@@ -37,7 +37,7 @@
 ntlm_auth = '${bindir}/ntlm_auth'
 EOF
 }
-EXTRA_OEMESON += "--cross-file ${WORKDIR}/soup.cross"
+EXTRA_OEMESON:append:class-target = " --cross-file ${WORKDIR}/soup.cross"
 
 EXTRA_OEMESON += "-Dvapi=disabled -Dtls_check=false"
 # Disable the test suites
diff --git a/poky/meta/recipes-support/nghttp2/nghttp2_1.55.1.bb b/poky/meta/recipes-support/nghttp2/nghttp2_1.56.0.bb
similarity index 91%
rename from poky/meta/recipes-support/nghttp2/nghttp2_1.55.1.bb
rename to poky/meta/recipes-support/nghttp2/nghttp2_1.56.0.bb
index 1be9a34..a011bd4 100644
--- a/poky/meta/recipes-support/nghttp2/nghttp2_1.55.1.bb
+++ b/poky/meta/recipes-support/nghttp2/nghttp2_1.56.0.bb
@@ -8,7 +8,7 @@
     ${GITHUB_BASE_URI}/download/v${PV}/nghttp2-${PV}.tar.xz \
     file://0001-fetch-ocsp-response-use-python3.patch \
 "
-SRC_URI[sha256sum] = "19490b7c8c2ded1cf7c3e3a54ef4304e3a7876ae2d950d60a81d0dc6053be419"
+SRC_URI[sha256sum] = "65eee8021e9d3620589a4a4e91ce9983d802b5229f78f3313770e13f4d2720e9"
 
 inherit cmake manpages python3native github-releases
 PACKAGECONFIG[manpages] = ""
diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.43.0.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.43.1.bb
similarity index 78%
rename from poky/meta/recipes-support/sqlite/sqlite3_3.43.0.bb
rename to poky/meta/recipes-support/sqlite/sqlite3_3.43.1.bb
index 84644a0..9314635 100644
--- a/poky/meta/recipes-support/sqlite/sqlite3_3.43.0.bb
+++ b/poky/meta/recipes-support/sqlite/sqlite3_3.43.1.bb
@@ -4,7 +4,7 @@
 LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
 
 SRC_URI = "http://www.sqlite.org/2023/sqlite-autoconf-${SQLITE_PV}.tar.gz"
-SRC_URI[sha256sum] = "49008dbf3afc04d4edc8ecfc34e4ead196973034293c997adad2f63f01762ae1"
+SRC_URI[sha256sum] = "39116c94e76630f22d54cd82c3cea308565f1715f716d1b2527f1c9c969ba4d9"
 
 CVE_STATUS[CVE-2023-36191] = "disputed: The error is a bug. It has been fixed upstream. But it is not a vulnerability"
 
diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc
index 8a399cd..5f55f59 100644
--- a/poky/meta/recipes-support/vim/vim.inc
+++ b/poky/meta/recipes-support/vim/vim.inc
@@ -10,7 +10,7 @@
 RSUGGESTS:${PN} = "diffutils"
 
 LICENSE = "Vim"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d1a651ab770b45d41c0f8cb5a8ca930e"
 
 SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
            file://disable_acl_header_check.patch \
@@ -19,8 +19,8 @@
            file://no-path-adjust.patch \
            "
 
-PV .= ".1664"
-SRCREV = "8154e642aa476e1a5d3de66c34e8289845b2b797"
+PV .= ".1894"
+SRCREV = "e5f7cd0a60d0eeab84f7aeb35c13d3af7e50072e"
 
 # Do not consider .z in x.y.z, as that is updated with every commit
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0"