subtree updates

poky: ee0d001b81..4161dbbbd6:
  Aatir Manzur (1):
        docs: add CONVERSION_CMD definition

  Ahmed Hossam (1):
        insane.bbclass: host-user-contaminated: Correct per package home path

  Alejandro Hernandez Samaniego (1):
        package.bbclass: Fix base directory for debugsource files when using externalsrc

  Alex Kiernan (1):
        python3-cryptography: Cleanup DEPENDS/RDEPENDS

  Alexander Kanavin (53):
        mesa: update 22.0.3 -> 22.1.2
        python3-numpy: update 1.22.3 -> 1.22.4
        python3-setuptools: update 62.3.2 -> 62.5.0
        vulkan: upgrade 1.3.211.0 -> 1.3.216.0
        lttng-modules: update 2.13.3 -> 2.13.4
        go: update 1.18.2 -> 1.18.3
        ell: update 0.50 -> 0.51
        libdrm: update 2.4.110 -> 2.4.111
        diffoscope: upgrade 215 -> 216
        dos2unix: upgrade 7.4.2 -> 7.4.3
        librsvg: upgrade 2.54.3 -> 2.54.4
        puzzles: upgrade to latest revision
        sudo: upgrade 1.9.10 -> 1.9.11p2
        wireless-regdb: upgrade 2022.04.08 -> 2022.06.06
        x264: upgrade to latest revision
        python3-requests: upgrade 2.27.1 -> 2.28.0
        oeqa/sdk: drop the nativesdk-python 2.x test
        python3-hatch-vcs: fix upstream version check
        at: take tarballs from debian
        pango: exclude 1.9x versions which are 2.x pre-releases.
        adwaita-icon-theme: upgrade 41.0 -> 42.0
        rust: update 1.60.0 -> 1.62.0
        weston: update 10.0.0 -> 10.0.1
        python3-setuptools-scm: upgrade 6.4.2 -> 7.0.3
        waffle: correctly request wayland-scanner executable
        openssl: update 3.0.4 -> 3.0.5
        diffoscope: upgrade 216 -> 217
        glib-2.0: upgrade 2.72.2 -> 2.72.3
        glib-networking: upgrade 2.72.0 -> 2.72.1
        gstreamer1.0: upgrade 1.20.2 -> 1.20.3
        harfbuzz: upgrade 4.3.0 -> 4.4.1
        kmod: upgrade 29 -> 30
        libsoup: upgrade 3.0.6 -> 3.0.7
        mesa: upgrade 22.1.2 -> 22.1.3
        mpg123: upgrade 1.29.3 -> 1.30.0
        nghttp2: upgrade 1.47.0 -> 1.48.0
        piglit: upgrade to latest revision
        pulseaudio: upgrade 16.0 -> 16.1
        python3-cffi: upgrade 1.15.0 -> 1.15.1
        python3-cryptography: upgrade 37.0.2 -> 37.0.3
        python3-cryptography-vectors: upgrade 37.0.2 -> 37.0.3
        python3-hatchling: upgrade 1.3.0 -> 1.3.1
        python3-hypothesis: upgrade 6.46.11 -> 6.48.2
        python3-jsonschema: upgrade 4.6.0 -> 4.6.1
        python3-mako: upgrade 1.2.0 -> 1.2.1
        python3-pycryptodomex: upgrade 3.14.1 -> 3.15.0
        python3-requests: upgrade 2.28.0 -> 2.28.1
        python3-setuptools: upgrade 62.5.0 -> 62.6.0
        python3-sphinx: upgrade 5.0.0 -> 5.0.2
        xcb-proto: upgrade 1.15 -> 1.15.2
        procps: restrict version check to 3.x
        ncurses: mark upstream version as unknown
        wayland: update 1.20.0 -> 1.21.0

  Alexandre Belloni (1):
        oeqa/selftest/bbtests: Update message lookup for test_git_unpack_nonetwork_fail

  Aryaman Gupta (5):
        buildstats.py: enable collection of /proc/pressure data
        pybootchartgui: render cpu and io pressure
        buildstats.bbclass: correct sampling of system stats
        buildstats.py: close /proc/pressure/cpu file descriptor
        buildperf/base.py: skip reduced_proc_pressure directory

  Bruce Ashfield (29):
        perf: fix reproducibility in 5.19+
        linux-yocto/5.10: update to v5.10.121
        linux-yocto/5.15: update to v5.15.46
        linux-yocto/5.15: update to v5.15.48
        linux-yocto/5.10: update to v5.10.123
        linux-yocto-dev: bump to v5.19-rc
        linux-yocto/5.15: drop obselete GPIO sysfs ABI
        lttng-modules: fix 5.19+ build
        kernel-devsrc: fix reproducibility and buildpaths QA warning
        linux-yocto/5.15: update to v5.15.52
        linux-yocto/5.10: update to v5.10.128
        kernel-devsrc: ppc32: fix reproducibility
        linux-yocto/5.15: fix qemuppc buildpaths warning
        linux-yocto/5.15: fix build_OID_registry buildpaths warning
        yocto-bsps: update to v5.10.128 and buildpaths fixes
        yocto-bsps: update to v5.15.52 and buildpaths fixes
        linux-yocto/5.10: fix build_OID_registry/conmakehash buildpaths warning
        linux-yocto/5.10: fix buildpaths issue with gen-mach-types
        linux-yocto/5.15: fix buildpaths issue with gen-mach-types
        yocto-bsps/5.10: fix buildpaths issue with gen-mach-types
        yocto-bsps/5.15: fix buildpaths issue with gen-mach-types
        linux-yocto/5.15: update to v5.15.54
        linux-yocto/5.15: fix buildpaths issue with pnmtologo
        linux-yocto/5.10: update to v5.10.130
        linux-yocto/5.10: fix buildpaths issue with pnmtologo
        yocto-bsps/5.10: fix buildpaths issue with pnmtologo
        yocto-bsps/5.15: fix buildpaths issue with pnmtologo
        yocto-bsps: update to v5.15.54
        yocto-bsps: update to v5.10.130

  Christoph Lauer (1):
        package.bbclass: Avoid stripping signed kernel modules in splitdebuginfo

  David Bagonyi (1):
        sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity

  Dmitry Baryshkov (1):
        linux-firmware: upgrade 20220509 -> 20220610

  Enrico Scholz (6):
        npm: replace 'npm pack' call by 'tar czf'
        npm: return content of 'package.json' in 'npm_pack'
        npm: take 'version' directly from 'package.json'
        npm: disable 'audit' + 'fund'
        lib:npm_registry: initial checkin
        npm: use npm_registry to cache package

  Federico Pellegrin (1):
        signing-keys: fix RDEPENDS to signing-keys-dev

  Gennaro Iorio (1):
        bitbake: fetch2: gitsm: fix incorrect handling of git submodule relative urls

  He Zhe (1):
        curl: Fix build failure for qemuriscv64

  Jacob Kroon (1):
        bitbake: bitbake-user-manual: Correct description of the ??= operator

  Jose Quaresma (3):
        archiver: don't use machine variables in shared recipes
        sstate: Use the python3 ThreadPoolExecutor instead of the OE ThreadedPool
        oe/utils: remove the ThreadedPool

  Joshua Watt (1):
        classes/create-spdx: Add SPDX_PRETTY option

  Kai Kang (1):
        glibc-tests: not clear BBCLASSEXTEND

  Khem Raj (2):
        libmodule-build-perl: Use env utility to find perl interpreter
        ltp: Remove -mfpmath=sse on x86

  Luca Ceresoli (1):
        llvm: add PACKAGECONFIG[optviewer]

  Lucas Stach (1):
        perf: sort-pmuevents: really keep array terminators

  Marius Kriegerowski (1):
        scriptutils: fix style to be more PEP8 compliant

  Marta Rybczynska (2):
        cve-check: add support for Ignored CVEs
        oeqa/selftest/cve_check: add tests for Ignored and partial reports

  Martin Jansa (3):
        mesa: backport a patch to support compositors without zwp_linux_dmabuf_v1 again
        wic: fix WicError message
        bitbake: fetch2/git: show SRCREV and git repo in error message about fixed SRCREV

  Maxime Roussin-Bélanger (1):
        libffi: fix native build being not portable

  Michael Halstead (2):
        releases: include 3.1.17
        releases: include 4.0.2

  Michael Opdenacker (18):
        rootfs-postcommands.bbclass: correct comments
        dev-manual: mention the new CVE patch metrics page
        dev-manual: fix references to BitBake user manual
        docs: standards.md: add more rules: line wrapping and variables
        doc: standard for bulleted lists
        ref-manual: add description for the "sysroot" term
        manuals: update host tool requirements
        ref-manual: document SSTATE_EXCLUDEDEPS_SYSROOT
        ref-manual: document SYSTEMD_DEFAULT_TARGET
        ref-manual: IMAGE_FEATURES: add allow-root-login and correct allow-empty-password
        ref-manual: correct description of empty-root-passwd in IMAGE_FEATURES
        bitbake: doc: bitbake-user-manual: add explicit target for crates fetcher
        bitbake: doc: bitbake-user-manual: document npm and npmsw fetchers
        dev-manual: NPM packages: minor grammar fix
        manuals: switch to the sstate mirror shared between all versions
        manuals: replace hyphens with em dashes
        dev-manual: update section about creating NPM packages
        dev-manual: improve screenshot resolution

  Ming Liu (3):
        udev-extraconf: fix some systemd automount issues
        meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE
        udev-extraconf:mount.sh: fix path mismatching issues

  Mingli Yu (1):
        vim: not adjust script pathnames for native scripts either

  Muhammad Hamza (6):
        initramfs-framework: move storage mounts to actual rootfs
        udev-extraconf/mount.sh: add LABELs to mountpoints
        udev-extraconf/mount.sh: save mount name in our tmp filecache
        udev-extraconf/mount.sh: only mount devices on hotplug
        udev-extraconf: force systemd-udevd to use shared MountFlags
        udev-extraconf/mount.sh: ignore lvm in automount

  Nick Potenski (1):
        systemd: systemd-systemctl: Support instance conf files during enable

  Ola x Nilsson (1):
        bitbake: ConfHandler: Remove lingering close

  Pascal Bach (1):
        bin_package: install into base_prefix

  Paul Eggleton (4):
        devtool: ignore pn- overrides when determining SRC_URI overrides
        patch: handle if S points to a subdirectory of a git repo
        devtool: finish: handle patching when S points to subdir of a git repo
        oe-selftest: devtool: test modify git recipe building from a subdir

  Paulo Neves (14):
        python: Avoid shebang overflow on python-config.py
        gtk-doc: Fix potential shebang overflow on gtkdoc-mkhtml2
        ref-manual: SYSTEMD_SERVICE allows multiple services
        ref-manual: SYSTEMD_SERVICE overrides depend on SYSTEMD_PACKAGES
        insane.bbclass: Make do_qa_staging check shebangs
        oeqa/selftest: Add test for shebang overflow
        oeqa/selftest: Test staged .la and .pc files
        utils: Add cmdline_shebang_wrapper util.
        libcheck: Fix too long shebang for native case.
        utils: create_cmdline_shebang_wrapper whitespace and sed refactor
        utils: create_cmdline_shebang_wrapper preserve permission and ownership
        oeqa/sysroot.py: Check bitbake return status
        bitbake: fetch: bb.fatal when trying to checksum non-existing files
        oeqa: test_invalid_recipe_src_uri expect parse time error

  Pavel Zhukov (4):
        systemd: Add missed sys/file.h includes for musl
        systemd: Rebase patches on v251
        bitbake: tests/fetch: Add test for broken mirror tarball
        systemd: update upstream status of merged patches

  Peter Bergin (2):
        systemd: add packageconfig for sysext
        rust: fix issue building cross-canadian tools for aarch64 on x86_64

  Peter Kjellerstedt (2):
        ref-manual: Add documentation for INCOMPATIBLE_LICENSE_EXCEPTIONS
        base.bbclass: Correct the test for obsolete license exceptions

  Peter Marko (1):
        alsa-state: correct license

  Pgowda (1):
        binutils : CVE-2019-1010204

  Quentin Schulz (3):
        docs: releases: move hardknott and honister to outdated section
        docs: conf.py: bump minimum Sphinx version requirement
        Revert "docs: conf.py: fix cve extlinks caption for sphinx <4.0"

  Raju Kumar Pothuraju (2):
        runqemu: add QB_KERNEL_CMDLINE
        kernel-uboot.bbclass: Use vmlinux.initramfs when INITRAMFS_IMAGE_BUNDLE set

  Richard Purdie (42):
        gcc-source: Fix incorrect task dependencies from ${B}
        vim: Upgrade 8.2.5034 -> 8.2.5083
        local.conf.sample: Update sstate url to new 'all' path
        ref/dev-manual: Update multiconfig documentation
        oeqa/runtime/scp: Disable scp test for dropbear
        unzip: Port debian fixes for two CVEs
        elfutils/flex: Disable parallel make ptest compile
        bitbake: server/process: Fix logging issues where only the first message was displayed
        coreutils: Tweak packaging variable names for coreutils-dev
        packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation
        bitbake.conf/recipes: Introduce add DEV_PKG_DEPENDENCY to change RDEPENDS:${PN}-dev
        bitbake.conf: Change -dev RDEPENDS to RRECOMMENDS
        vim: 8.2.5083 -> 9.0.0005
        ncurses: 6.3 -> 6.3+20220423
        oe-selftest-image: Ensure the image has sftp as well as dropbear
        cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm)
        openssl: Upgrade 3.0.3 -> 3.0.4
        insane: Fix buildpaths test to work with special devices
        go: Filter build paths on staticly linked arches
        glibc-tests: Avoid reproducibility issues
        gperf: Add a patch to work around reproducibility issues
        bitbake: ConfHandler/BBHandler: Improve comment error messages and add tests
        icon-naming-utils: Resurrect for sato-icon-theme
        sato-icon-theme: Add back with support for scalable icons
        lua: Fix multilib buildpath reproducibility issues
        vala: Fix on target wrapper buildpaths issue
        gtk-doc: Remove hardcoded buildpath
        gperf: Switch to upstream patch
        qemu: Avoid accidental librdmacm linkage
        kernel-arch: Fix buildpaths leaking into external module compiles
        qemu: Fix slirp determinism issue
        qemu: Add PACKAGECONFIG for brlapi
        gcc-runtime: Fix build when using gold
        insane: Add buildpaths to WARN_QA by default
        insane: Reword staging to refer to populate_sysroot
        bitbake: fetch2: Ensure directory exists before creating symlink
        bitbake: fetch2: Drop DL_DIR fallback for local file fetcher
        oeqa/selftest/sstatetests: Update test to work with bitbake changes
        gcc-runtime: Fix missing MLPREFIX in debug mappings
        insane: Drop debug exclusion from buildpaths test
        selftest/runtime_test/virgl: Disable for all almalinux
        local.conf.sample: Mention other MACHINE options may exist

  Robert Joslyn (1):
        curl: Update to 7.84.0

  Ross Burton (24):
        python3: fix a race condition in the test_socket.testSockName test
        Add python3-editables (from meta-python)
        Add python3-pathspec (from meta-python)
        Add python3-hatchling (from meta-oe)
        python3-hatch-vcs: add new recipe
        python3-jsonschema: upgrade 4.5.1 -> 4.6.0
        package_manager: Change complementary package handling to not include soft dependencies
        cups: ignore CVE-2022-26691
        cve-check: hook cleanup to the BuildCompleted event, not CookerExit
        busybox: fix CVE-2022-30065
        ncurses: use GitHub mirror, not Debian's packaging
        ltp: remove open-posix-testsuite build logs
        tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058
        perl: don't install Makefile.old into perl-ptest
        vim: upgrade to 9.0.0021
        ltp: fix builds when host ld doesn't know about target ELF formats
        python3-setuptools-scm: add missing python3-typing-extensions dependency
        python3-flit-core: bootstrap explicitly
        python3-installer: bootstrap by installing installer with installer
        python3-picobuild: add new recipe
        python_pep517: use picobuild instead of manually calling the API
        classes: remove obsolete PEP517_BUILD_API
        python3-hatchling: remove PEP517_BUILD_API
        documentation: remove obsolete PEP517_BUILD_API

  Steve Sakoman (3):
        qemu: add PACKAGECONFIG for capstone
        qemu: Avoid accidental libvdeplug linkage
        ruby: add PACKAGECONFIG for capstone

  Sundeep KOKKONDA (2):
        glibc: stable 2.35 branch updates
        binutils : stable 2.38 branch updates

  Thomas Perrot (1):
        opensbi: Update to v1.1

  Thomas Roos (1):
        recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG

  Xu Huan (2):
        python3: upgrade 3.10.4 -> 3.10.5
        python3-magic: upgrade 0.4.26 -> 0.4.27

  Yi Zhao (2):
        popt: fix override syntax in RDEPENDS
        git: fix override syntax in RDEPENDS

  Yogesh Tyagi (2):
        testimage : remove curl-ptest from rpm index
        curl : Add ptest

  Yue Tao (1):
        gnupg: upgrade to 2.3.7 to fix CVE-2022-34903

  Yulong (Kevin) Liu (1):
        python3-pyasn1: Eliminated ptest deprecation warnings

  aatir (1):
        docs: make DISTRO_FEATURES description more explicit

  niko.mauno@vaisala.com (3):
        ptest.bbclass: Honor PARALLEL_MAKE, PARALLEL_MAKEINST
        valgrind: Drop redundant oe_runmake parameter
        strace: Drop redundant oe_runmake parameter

  pgowda (1):
        gcc: Backport a fix for gcc bug 105039

  ssuesens (3):
        weston.py: added xwayland test
        weston.init: enabled xwayland
        xwayland.weston-start: adaption of X11-unix folder

  wangmy (57):
        btrfs-tools: upgrade 5.18 -> 5.18.1
        ethtool: upgrade 5.17 -> 5.18
        file: upgrade 5.41 -> 5.42
        libx11: upgrade 1.8 -> 1.8.1
        lighttpd: upgrade 1.4.64 -> 1.4.65
        gnu-config: update to latest version
        musl-obstack: upgrade 1.1 -> 1.2
        piglit: upgrade to latest revision
        stress-ng: upgrade 0.14.01 -> 0.14.02
        erofs-utils: upgrade 1.4 -> 1.5
        alsa-lib: upgrade 1.2.7 -> 1.2.7.1
        alsa-plugins: upgrade 1.2.6 -> 1.2.7.1
        alsa-ucm-conf: upgrade 1.2.7 -> 1.2.7.1
        bind: upgrade 9.18.3 -> 9.18.4
        kbd: upgrade 2.5.0 -> 2.5.1
        libproxy: upgrade 0.4.17 -> 0.4.18
        python3-dbusmock: upgrade 0.27.5 -> 0.28.0
        sbc: upgrade 1.5 -> 2.0
        strace: upgrade 5.17 -> 5.18
        python3-chardet: upgrade 4.0.0 -> 5.0.0
        python3-importlib-metadata: upgrade 4.11.4 -> 4.12.0
        python3-babel: upgrade 2.10.1 -> 2.10.3
        python3-certifi: upgrade 2022.5.18.1 -> 2022.6.15
        python3-dbusmock: upgrade 0.28.0 -> 0.28.1
        python3-numpy: upgrade 1.22.4 -> 1.23.0
        python3-pycryptodome: upgrade 3.14.1 -> 3.15.0
        dmidecode: upgrade 3.3 -> 3.4
        git: upgrade 2.36.1 -> 2.37.0
        harfbuzz: upgrade 4.3.0 -> 4.4.0
        speexdsp: upgrade 1.2.0 -> 1.2.1
        speex: upgrade 1.2.0 -> 1.2.1
        repo: upgrade 2.26 -> 2.27
        sqlite3: upgrade 3.38.5 -> 3.39.0
        sudo: upgrade 1.9.11p2 -> 1.9.11p3
        createrepo-c: upgrade 0.20.0 -> 0.20.1
        gst-devtools: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-libav: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-omx: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-plugins-bad: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-plugins-base: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-plugins-good: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-plugins-ugly: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-python: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-rtsp-server: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-vaapi: upgrade 1.20.2 -> 1.20.3
        inetutils: upgrade 2.2 -> 2.3
        python3-atomicwrites: upgrade 1.4.0 -> 1.4.1
        python3-cryptography: upgrade 37.0.3 -> 37.0.4
        python3-cryptography-vectors: upgrade 37.0.3 -> 37.0.4
        python3-hatchling: upgrade 1.3.1 -> 1.5.0
        python3-imagesize: upgrade 1.3.0 -> 1.4.1
        python3-jsonschema: upgrade 4.6.1 -> 4.7.1
        python3-numpy: upgrade 1.23.0 -> 1.23.1
        python3-typing-extensions: upgrade 4.2.0 -> 4.3.0
        python3-urllib3: upgrade 1.26.9 -> 1.26.10
        init-system-helpers: upgrade 1.63 -> 1.64
        dpkg: upgrade 1.21.8 -> 1.21.9

meta-security: 8c6fe006a1..7ad5f6a9da:
  Armin Kuster (32):
        apparmor: fix ownership issues
        sssd:move to dynamic networking-layer
        layer.conf:add meta-netorking to BBFILES_DYNAMIC
        packagegroup-core-security: drop sssd
        packagegroup-core-security.bbappend: add sssd
        oeqa: fix checksec runtime test
        sssd: use example conf file
        oeqa: sssd.py fix tests
        sssd: update to 2.7.1
        security-test-image: auto include layers if present.
        smack-test: more py3 covertion
        oeqa: update smack runtime test
        aide: add a few more config options
        oeqa: add aide test
        libmhash: add native pkg support
        classes: add aide routines
        aide: add native support for build time db creation
        aide.conf: adjust to allow for build time db creation
        firejail: Add new package
        oeqa: Add a very basic firejail test
        packagegroup-core-security: add firejail
        security-test-image: add firejail and aide test suites
        oeqa/clamav drop depricated --list-mirror test
        oeqa: meta-tpm shut swtpm down before and after testing
        oeqa: shut done swtpm before and after testing
        ccs-tools: update to 1.8.9
        lynis: update to 3.0.8
        README: update email address
        packagegroup-core-security: skip mips firejail
        chipsec: update to 1.8.5
        security-build-image: add lkrg-module to build image
        lkrg: update to 0.9.3

  Jeremy A. Puhlman (2):
        clamav: make install owner match the added user name
        python3-privacyidea: add correct path to lib/privacyidea

  Jose Quaresma (1):
        meta-integrity: kernel-modsign: prevents splitting out debug symbols

  Yi Zhao (1):
        aide: fix typo

meta-openembedded: 11df15765c..31c10bd3e6:
  Adrian Freihofer (3):
        firewalld: update to 1.1.1 fixes ptest
        firewalld: upgrade 1.1.1 -> 1.2.0
        libqmi: upgrade 1.30.4 -> 1.30.8

  Akash Hadke (2):
        ntfs-3g-ntfsprogs: Set CVE_PRODUCT to "tuxera:ntfs-3g"
        iperf: Set CVE_PRODUCT to "iperf_project:iperf"

  Alex Kiernan (2):
        jansson: Upgrade 2.13.1 -> 2.14
        nftables: Upgrade 1.0.2 -> 1.0.4

  Alex Stewart (1):
        openvpn: distribute sample-config-files

  Andreas Müller (1):
        glmark2: Build with meson

  Andrej Valek (1):
        poco: upgrade 1.11.3 -> 1.12.0

  Andrew Davis (1):
        libsdl: The libsdl and libsdl2 are not virtual

  Ashish Sharma (1):
        netserver: don't change permissions on /dev/null

  Aurélien Bertron (1):
        fix(syslog-ng): warning about conf version

  Bartosz Golaszewski (1):
        python3-pybluez: fix a runtime issue with python 3.10

  Ben Powell (1):
        python3-can: Add typing-extensions dependency

  Changqing Li (3):
        chrony: create /var/lib/chrony by systemd-tmpfiles
        redis: upgrade 6.2.6 -> 6.2.7
        redis: upgrade 7.0.0 to 7.0.2

  Chen Qi (2):
        apache2: split out a new package apache2-utils
        ntfs-3g-ntfsprogs: upgrade to 2022.5.17

  Daide Li (1):
        python3-iperf: initial add 0.1.11

  Davide Gardenal (9):
        usrsctp: add CVE_VERSION to correctly check for CVEs
        ntp: ignore many CVEs
        openflow: ignore CVE-2018-1078
        emlog: ignore unrelated CVEs
        imagemagick: upgrade 7.0.10-25 -> 7.0.10-62
        wireshark: upgrade 3.4.11 -> 3.4.12
        thrift: add CVE_PRODUCT to fix CVE reporting
        spice: ignore patched CVEs
        quagga: ignore CVE-2016-4049

  Fabien Parent (1):
        gpsd-machine-conf: allow creation of an empty package

  Harshal (1):
        lldpd: upgrade 1.0.8 -> 1.0.14

  Hitendra Prajapati (1):
        cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

  Jan Vermaete (1):
        netdata: version bump 1.34.1 -> 1.35.0

  Javier Viguera (1):
        networkmanager: fix build with enabled ppp

  Jeremy Puhlman (1):
        freeradius: mutlilib fixes

  Jonas Gorski (1):
        abseil-cpp: do not enforce -mfpu=neon on arm

  Kai Kang (4):
        libdbi-perl: fix interpreter on shebang line
        libdev-checklib-perl: fix interpreter of script use-devel-checklib
        libparse-yapp-perl: update interpreter of yapp
        python3-flatbuffer: enable native

  Khem Raj (8):
        libxml++: Disable parallel make in ptest compile
        geos: Disable inlining
        php: Fix absolute paths to php in phar.phar scripts
        libspiro: Add recipe
        fontforge: Upgrade to 20220308
        opencv: Link with libatomic on mips
        fontforge: Use alternate way to detect libm
        opencv: Link with libatomic on rv32

  Leon Anavi (19):
        python3-traitlets: Upgrade 5.2.1 -> 5.3.0
        python3-humanize: Upgrade 4.1.0 -> 4.2.0
        python3-autobahn: Upgrade 22.4.2 -> 22.5.1
        python3-elementpath: Upgrade 2.5.0 -> 2.5.3
        python3-eth-hash: Upgrade 0.3.2 -> 0.3.3
        python3-serpent: Upgrade 1.40 -> 1.41
        python3-web3: Upgrade 5.29.1 -> 5.29.2
        python3-pika: Upgrade 1.2.1 -> 1.3.0
        python3-tabulate: Upgrade 0.8.9 -> 0.8.10
        python3-marshmallow: Upgrade 3.15.0 -> 3.17.0
        python3-pychromecast: Upgrade 12.1.3 -> 12.1.4
        python3-humanize: Upgrade 4.2.0 -> 4.2.3
        python3-tornado: Upgrade 6.1 -> 6.2
        python3-coverage: Upgrade 6.3.2 -> 6.4.1
        python3-email-validator: Upgrade 1.1.3 -> 1.2.1
        python3-networkx: Upgrade 2.7.1 -> 2.8.4
        python3-unidiff: Upgrade 0.7.3 -> 0.7.4
        python3-toolz: Upgrade 0.11.2 -> 0.12.0
        python3-ansi2html: Upgrade 1.7.0 -> 1.8.0

  Marcus Flyckt (1):
        python3-pyconnman: Add 'future' runtime dependency

  Markus Volk (1):
        flatbuffers: update to 2.0.6

  Martin Jansa (3):
        glmark2: fix compatibility with python-3.11
        leveldb: switch from master branch to main
        tesseract-lang: switch from master branch to main

  Mikko Rapeli (1):
        polkit: switch back to mozjs but leave duktape as PACKAGECONFIG option

  Mingli Yu (3):
        kronosnet: Fix build with gcc-12
        s-nail: Fix build with gcc-12
        mariadb: Upgrade to 10.8.3

  Pascal Bach (1):
        python3-pybind11: upgrade 2.8.1 -> 2.9.2

  Peter Kjellerstedt (1):
        cryptsetup: Add support for building without SSH tokens

  Ross Burton (5):
        python3-cbor2: upgrade 5.4.2 to 5.4.3
        cppzmq: fix -dev RDEPENDS
        python3-hatchling: remove (now in oe-core)
        python3-pathspec: remove (now in oe-core)
        python3-editables: remove (now in oe-core)

  Sakib Sajal (1):
        minicoredumper: retry elf parsing as long as needed

  Theodore A. Roth (1):
        crda: Depend on correct wireless-regdb package

  Wentao Zhang (1):
        protobuf-c: update to 1.4.1 fix CVE-2022-33070

  Xu Huan (20):
        python3-lxml: upgrade 4.8.0 -> 4.9.0
        python3-msgpack: upgrade 1.0.3 -> 1.0.4
        python3-protobuf: upgrade 3.20.1 -> 4.21.1
        python3-mypy: upgrade 0.960 -> 0.961
        python3-pylint: upgrade 2.13.9 -> 2.14.1
        python3-smbus2: upgrade 0.4.1 -> 0.4.2
        python3-pillow: upgrade 9.0.1 -> 9.1.1
        python3-pychromecast: upgrade 12.1.2 -> 12.1.3
        python3-pylint: upgrade 2.14.1 -> 2.14.3
        python3-pyscaffold: upgrade 4.2.2 -> 4.2.3
        python3-redis: upgrade 4.3.1 -> 4.3.3
        python3-aiohue: upgrade 4.4.1 -> 4.4.2
        python3-astroid: upgrade 2.11.5 -> 2.11.6
        python3-charset-normalizer: upgrade 2.0.12 -> 2.1.0
        python3-colorama: upgrade 0.4.4 -> 0.4.5
        python3-eth-typing: upgrade 3.0.0 -> 3.1.0
        python3-autobahn: upgrade 22.5.1 -> 22.6.1
        python3-awesomeversion: upgrade 22.5.2 -> 22.6.0
        python3-grpcio: upgrade 1.45.0 -> 1.47.0
        python3-lxml: upgrade 4.9.0 -> 4.9.1

  Yi Zhao (12):
        openldap: pass correct URANDOM_DEVICE to CPPFLAGS
        openvpn: eliminate build path from openvpn --version option
        grubby: fix syntax for ALTERNATIVE
        duktape: fix override syntax in RDEPENDS
        polkit-group-rule-udisks2: fix override syntax in RDEPENDS
        libcrypt-openssl-guess-perl: fix syntax for PROVIDES
        evince: fix typo for RRECOMMENDS
        blueman: fix typo for RRECOMMENDS
        dnsmasq: Security fix CVE-2022-0934
        strongswan: upgrade 5.9.5 -> 5.9.6
        openvpn: add PACKAGECONFIG for systemd
        openvpn: add PACKAGECONFIG for selinux

  Yue Tao (2):
        exo: upgrade 4.16.3 -> 4.16.4
        dlt-daemon: upgrade to commit 6a3bd901d8 to fix CVE-2022-31291

  Zoltán Böszörményi (5):
        opencv: Upgrade to version 4.6.0
        proj: Upgrade to 8.2.1
        python3-pyproj: New recipe for pyproj version 3.3.1
        geos: Upgrade to 3.9.3
        libspatialite: Upgrade to 5.0.1

  jybros (1):
        clinfo: use virtual opencl loader provider

  wangmy (72):
        python3-cantools: upgrade 37.0.7 -> 37.1.0
        python3-regex: upgrade 2022.4.24 -> 2022.6.2
        python3-sqlalchemy: upgrade 1.4.36 -> 1.4.37
        python3-twine: upgrade 4.0.0 -> 4.0.1
        python3-waitress: upgrade 2.1.1 -> 2.1.2
        python3-xmlschema: upgrade 1.11.0 -> 1.11.1
        gspell: upgrade 1.10.0 -> 1.11.1
        ctags: upgrade 5.9.20220529.0 -> 5.9.20220605.0
        feh: upgrade 3.8 -> 3.9
        inotify-tools: upgrade 3.22.1.0 -> 3.22.6.0
        apache2: upgrade 2.4.53 -> 2.4.54
        libnftnl: upgrade 1.2.1 -> 1.2.2
        nbdkit: upgrade 1.31.7 -> 1.31.8
        irssi: upgrade 1.2.3 -> 1.4.1
        musl-nscd: upgrade 1.0.2 -> 1.1.0
        rdma-core: upgrade 40.0 -> 41.0
        snort: upgrade 2.9.19 -> 2.9.20
        php: upgrade 8.1.6 -> 8.1.7
        poco: upgrade 1.11.2 -> 1.11.3
        pyxdg: upgrade 0.27 -> 0.28
        syslog-ng: upgrade 3.36.1 -> 3.37.1
        dnf-plugin-tui: Added postatinstall
        python3-dill: upgrade 0.3.4 -> 0.3.5.1
        python3-robotframework-seriallibrary: upgrade 0.3.1 -> 0.4.3
        python3-ujson: upgrade 5.1.0 -> 5.3.0
        python3-watchdog: upgrade 2.1.8 -> 2.1.9
        python3-websocket-client: upgrade 1.3.2 -> 1.3.3
        gnome-commander: upgrade 1.14.2 -> 1.14.3
        libwacom: upgrade 2.2.0 -> 2.3.0
        nbdkit: upgrade 1.31.8 -> 1.31.9
        googletest: upgrade 1.11.0 -> 1.12.0
        gperftools: upgrade 2.9.1 -> 2.10
        iwd: upgrade 1.27 -> 1.28
        libzip: upgrade 1.8.0 -> 1.9.0
        postgresql: upgrade 14.3 -> 14.4
        uftrace: upgrade 0.11 -> 0.12
        python3-googleapis-common-protos: upgrade 1.56.2 -> 1.56.3
        python3-ifaddr: upgrade 0.1.7 -> 0.2.0
        python3-jmespath: upgrade 1.0.0 -> 1.0.1
        python3-pandas: upgrade 1.4.2 -> 1.4.3
        python3-zeroconf: upgrade 0.38.6 -> 0.38.7
        geocode-glib: upgrade 3.26.2 -> 3.26.3
        gnome-bluetooth: upgrade 42.0 -> 42.1
        gnome-calculator: upgrade 42.0 -> 42.2
        gnome-text-editor: upgrade 42.1 -> 42.2
        gtk4: upgrade 4.6.4 -> 4.6.6
        gtksourceview5: upgrade 5.4.1 -> 5.4.2
        gvfs: upgrade 1.50.0 -> 1.50.2
        abseil-cpp: upgrade 20211102 -> 20220623
        capnproto: upgrade 0.9.1 -> 0.10.2
        ctags: upgrade 5.9.20220605.0 -> 5.9.20220703.0
        fwupd: upgrade 1.7.6 -> 1.8.1
        googletest: upgrade 1.12.0 -> 1.12.1
        nautilus: upgrade 42.1.1 -> 42.2
        nbdkit: upgrade 1.31.9 -> 1.31.10
        openconnect: upgrade 8.20 -> 9.01
        bats: upgrade 1.6.1 -> 1.7.0
        cloc: upgrade 1.92 -> 1.94
        hwdata: upgrade 0.360 -> 0.361
        libvpx: upgrade 1.11.0 -> 1.12.0
        libzip: upgrade 1.9.0 -> 1.9.2
        pegtl: upgrade 3.2.5 -> 3.2.6
        phoronix-test-suite: upgrade 10.8.3 -> 10.8.4
        poppler: upgrade 22.06.0 -> 22.07.0
        netdata: upgrade 1.35.0 -> 1.35.1
        evince: upgrade 42.2 -> 42.3
        gjs: upgrade 1.72.0 -> 1.72.1
        gnome-bluetooth: upgrade 42.1 -> 42.2
        libadwaita: upgrade 1.1.1 -> 1.1.2
        liburing: upgrade 2.1 -> 2.2
        libcrypt-openssl-rsa-perl: upgrade 0.32 -> 0.33
        libencode-perl: upgrade 3.17 -> 3.18

  zhengruoqin (23):
        python3-absl: upgrade 1.0.0 -> 1.1.0
        python3-alembic: upgrade 1.7.7 -> 1.8.0
        python3-asyncinotify: upgrade 2.0.3 -> 2.0.4
        python3-crc32c: upgrade 2.2.post0 -> 2.3
        python3-msk: upgrade 0.3.16 -> 0.4.0
        python3-bitstruct: upgrade 8.14.1 -> 8.15.1
        python3-google-api-python-client: upgrade 2.49.0 -> 2.50.0
        python3-google-auth: upgrade 2.6.6 -> 2.7.0
        python3-xmlschema: upgrade 1.11.1 -> 1.11.2
        python3-flask-wtf: upgrade 0.15.1 -> 1.0.1
        python3-gnupg: upgrade 0.4.8 -> 0.4.9
        python3-google-api-python-client: upgrade 2.50.0 -> 2.51.0
        python3-kiwisolver: upgrade 1.4.2 -> 1.4.3
        python3-nmap: upgrade 1.5.1 -> 1.5.4
        python3-asyncinotify: upgrade 2.0.4 -> 2.0.5
        python3-google-auth: upgrade 2.7.0 -> 2.8.0
        python3-protobuf: upgrade 4.21.1 -> 4.21.2
        python3-sqlalchemy: upgrade 1.4.37 -> 1.4.39
        python3-xmlschema: upgrade 1.11.2 -> 1.11.3
        python3-engineio: upgrade 4.3.2 -> 4.3.3
        python3-google-api-core: upgrade 2.8.0 -> 2.8.2
        python3-google-auth: upgrade 2.8.0 -> 2.9.0
        python3-grpcio-tools: upgrade 1.46.3 -> 1.47.0

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I22f0dab7f3253d77cc99fd462c6be45ddeb333cd
diff --git a/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/crda/crda_3.18.bb b/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/crda/crda_3.18.bb
index 9abfd61..a616557 100644
--- a/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/crda/crda_3.18.bb
+++ b/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/crda/crda_3.18.bb
@@ -36,4 +36,4 @@
     oe_runmake SBINDIR=${sbindir}/ install
 }
 
-RDEPENDS:${PN} = "udev wireless-regdb-static"
+RDEPENDS:${PN} = "udev wireless-regdb"
diff --git a/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/files/run-ptest b/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/files/run-ptest
new file mode 100644
index 0000000..9d3ec79
--- /dev/null
+++ b/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/files/run-ptest
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+ret_val=0
+
+# Check if all the kernel modules are available
+FIREWALLD_KERNEL_MODULES="@@FIREWALLD_KERNEL_MODULES@@"
+for m in $FIREWALLD_KERNEL_MODULES; do
+    if modprobe $m; then
+        echo "PASS: loading $m"
+    else
+        echo "FAIL: loading $m"
+        ret_val=1
+    fi
+done
+
+# Run the test suite from firewalld
+# Failing testsuites: 203 226 241 250 270 280 281 282 285 286
+# Problem icmpv6 compared against ipv6-icmptype?
+/usr/share/firewalld/testsuite/testsuite -C /tmp -A || ret_val=1
+
+exit $ret_val
diff --git a/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_0.9.4.bb b/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_0.9.4.bb
deleted file mode 100644
index 1dea339..0000000
--- a/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_0.9.4.bb
+++ /dev/null
@@ -1,92 +0,0 @@
-SUMMARY = "Dynamic firewall daemon with a D-Bus interface"
-HOMEPAGE = "https://firewalld.org/"
-BUGTRACKER = "https://github.com/firewalld/firewalld/issues"
-UPSTREAM_CHECK_URI = "https://github.com/firewalld/firewalld/releases"
-LICENSE = "GPL-2.0-or-later"
-LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-
-SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \
-           file://firewalld.init \
-"
-SRC_URI[sha256sum] = "52c5e3d5b1e2efc0e86c22b2bc1f7fd80908cc2d8130157dc2a3517a59b0a760"
-
-# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4
-DEPENDS = "intltool-native glib-2.0-native nftables"
-
-inherit gettext autotools bash-completion pkgconfig python3native gsettings systemd update-rc.d
-
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
-PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_system_unitdir},--disable-systemd"
-PACKAGECONFIG[docs] = "--with-xml-catalog=${STAGING_ETCDIR_NATIVE}/xml/catalog,--disable-docs,libxslt-native docbook-xsl-stylesheets-native"
-
-PACKAGES += "${PN}-zsh-completion"
-
-# iptables, ip6tables, ebtables, and ipset *should* be unnecessary
-# when the nftables backend is available, because nftables supersedes all of them.
-# However we still need iptables and ip6tables to be available otherwise any
-# application relying on "direct passthrough" rules (such as docker) will break.
-# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by
-# the Red Hat-specific init script which we aren't using, so we disable that.
-EXTRA_OECONF = "\
-    --without-ipset \
-    --with-iptables=${sbindir}/iptables \
-    --with-iptables-restore=${sbindir}/iptables-restore \
-    --with-ip6tables=${sbindir}/ip6tables \
-    --with-ip6tables-restore=${sbindir}/ip6tables-restore \
-    --without-ebtables \
-    --without-ebtables-restore \
-    --disable-sysconfig \
-"
-
-INITSCRIPT_NAME = "firewalld"
-SYSTEMD_SERVICE:${PN} = "firewalld.service"
-
-do_install:append() {
-    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
-        :
-    else
-        # firewalld ships an init script but it contains Red Hat-isms, replace it with our own
-        rm -rf ${D}${sysconfdir}/rc.d/
-        install -d ${D}${sysconfdir}/init.d
-        install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld
-    fi
-
-    # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE
-    # so now we need to fix up any references to point at the proper path in the image.
-    # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools.
-    if [ ${PN} != "${BPN}-native" ]; then
-        sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \
-            ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
-    fi
-    sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \
-        ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
-
-    # This file contains Red Hat-isms. Modules get loaded without it.
-    rm -f ${D}${sysconfdir}/modprobe.d/firewalld-sysctls.conf
-}
-
-FILES:${PN} += "\
-    ${PYTHON_SITEPACKAGES_DIR}/firewall \
-    ${nonarch_libdir}/firewalld \
-    ${datadir}/dbus-1 \
-    ${datadir}/polkit-1 \
-    ${datadir}/metainfo \
-"
-FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions"
-
-RDEPENDS:${PN} = "\
-    nftables-python \
-    iptables \
-    python3-core \
-    python3-io \
-    python3-fcntl \
-    python3-shell \
-    python3-syslog \
-    python3-xml \
-    python3-dbus \
-    python3-slip-dbus \
-    python3-decorator \
-    python3-pygobject \
-    python3-json \
-    python3-ctypes \
-"
diff --git a/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb b/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb
new file mode 100644
index 0000000..987cc64
--- /dev/null
+++ b/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb
@@ -0,0 +1,310 @@
+SUMMARY = "Dynamic firewall daemon with a D-Bus interface"
+HOMEPAGE = "https://firewalld.org/"
+BUGTRACKER = "https://github.com/firewalld/firewalld/issues"
+UPSTREAM_CHECK_URI = "https://github.com/firewalld/firewalld/releases"
+LICENSE = "GPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+SRC_URI = "\
+    https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \
+    file://firewalld.init \
+    file://run-ptest \
+"
+SRC_URI[sha256sum] = "28fd90e88bda0dfd460f370f353474811b2e295d7eb27f0d7d18ffa3d786eeb7"
+
+# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4
+DEPENDS = "intltool-native glib-2.0-native nftables"
+
+inherit gettext autotools-brokensep bash-completion pkgconfig python3native python3-dir gsettings systemd update-rc.d ptest
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
+PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_system_unitdir},--disable-systemd"
+PACKAGECONFIG[docs] = "--with-xml-catalog=${STAGING_ETCDIR_NATIVE}/xml/catalog,--disable-docs,libxslt-native docbook-xsl-stylesheets-native"
+PACKAGECONFIG[ipset] = "--with-ipset=${sbindir}/ipset,--without-ipset,,ipset"
+PACKAGECONFIG[ebtables] = "--with-ebtables=${base_sbindir}/ebtables --with-ebtables-restore=${sbindir}/ebtables-legacy-restore,--without-ebtables --without-ebtables-restore,,ebtables"
+
+# Default logging configuration: mixed syslog file console
+FIREWALLD_DEFAULT_LOG_TARGET ??= "syslog"
+
+# The UIs are not yet tested and the dependencies are probably not quite correct yet.
+# Splitting into separate packages is beneficial so that no dead code is transferred
+# to the target device.
+# Without enabling qt5, the firewalld-config package is not usable.
+# Without enabling qt5 and gtk, the firewalld-applet package is not usable.
+PACKAGECONFIG[qt5] = ""
+PACKAGECONFIG[gtk] = ""
+
+PACKAGES =+ "python3-firewall ${PN}-applet ${PN}-config ${PN}-offline-cmd ${PN}-zsh-completion ${PN}-log-rotate"
+
+# iptables, ip6tables, ebtables, and ipset *should* be unnecessary
+# when the nftables backend is available, because nftables supersedes all of them.
+# However we still need iptables and ip6tables to be available otherwise any
+# application relying on "direct passthrough" rules (such as docker) will break.
+# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by
+# the Red Hat-specific init script which we aren't using, so we disable that.
+EXTRA_OECONF = "\
+    --with-iptables=${sbindir}/iptables \
+    --with-iptables-restore=${sbindir}/iptables-restore \
+    --with-ip6tables=${sbindir}/ip6tables \
+    --with-ip6tables-restore=${sbindir}/ip6tables-restore \
+    --disable-sysconfig \
+"
+
+INITSCRIPT_NAME = "firewalld"
+SYSTEMD_SERVICE:${PN} = "firewalld.service"
+
+# kernel modules loaded after ptest execution (linux-yocto 5.15)
+FIREWALLD_KERNEL_MODULES ?= "\
+    xt_tcpudp \
+    xt_TCPMSS \
+    xt_set \
+    xt_sctp \
+    xt_REDIRECT \
+    xt_pkttype \
+    xt_NFLOG \
+    xt_nat \
+    xt_MASQUERADE \
+    xt_mark \
+    xt_mac \
+    xt_LOG \
+    xt_limit \
+    xt_dccp \
+    xt_CT \
+    xt_conntrack \
+    xt_CHECKSUM \
+    nft_redir \
+    nft_objref \
+    nft_nat \
+    nft_masq \
+    nft_log \
+    nfnetlink_log \
+    nf_nat_tftp \
+    nf_nat_sip \
+    nf_nat_ftp \
+    nf_log_syslog \
+    nf_conntrack_tftp \
+    nf_conntrack_sip \
+    nf_conntrack_netbios_ns \
+    nf_conntrack_ftp \
+    nf_conntrack_broadcast \
+    ipt_REJECT \
+    ip6t_rpfilter \
+    ip6t_REJECT \
+    ip_set_hash_netport \
+    ip_set_hash_netnet \
+    ip_set_hash_netiface \
+    ip_set_hash_net \
+    ip_set_hash_mac \
+    ip_set_hash_ipportnet \
+    ip_set_hash_ipport \
+    ip_set_hash_ipmark \
+    ip_set_hash_ip \
+    ebt_ip6 \
+    nft_fib_inet \
+    nft_fib_ipv4 \
+    nft_fib_ipv6 \
+    nft_fib \
+    nft_reject_inet \
+    nf_reject_ipv4 \
+    nf_reject_ipv6 \
+    nft_reject \
+    nft_ct \
+    nft_chain_nat \
+    ebtable_nat \
+    ebtable_broute \
+    ip6table_nat \
+    ip6table_mangle \
+    ip6table_raw \
+    ip6table_security \
+    iptable_nat \
+    nf_nat \
+    nf_conntrack \
+    nf_defrag_ipv6 \
+    nf_defrag_ipv4 \
+    iptable_mangle \
+    iptable_raw \
+    iptable_security \
+    ip_set \
+    ebtable_filter \
+    ebtables \
+    ip6table_filter \
+    ip6_tables \
+    iptable_filter \
+    ip_tables \
+    x_tables \
+    sch_fq_codel \
+"
+
+do_configure:prepend() {
+    export DEFAULT_LOG_TARGET=${FIREWALLD_DEFAULT_LOG_TARGET}
+}
+
+do_install:append() {
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'false', 'true', d)}; then
+        # firewalld ships an init script but it contains Red Hat-isms, replace it with our own
+        rm -rf ${D}${sysconfdir}/rc.d/
+        install -d ${D}${sysconfdir}/init.d
+        install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld
+    fi
+
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'polkit', 'false', 'true', d)}; then
+        # Delete polkit profiles if polkit is not available
+        rm -rf ${D}${datadir}/polkit-1
+    fi
+
+    # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE
+    # so now we need to fix up any references to point at the proper path in the image.
+    # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools.
+    if [ ${PN} != "${BPN}-native" ]; then
+        sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \
+            ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
+    fi
+    sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \
+        ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
+
+    # This file contains Red Hat-isms. Modules get loaded without it.
+    rm -f ${D}${sysconfdir}/modprobe.d/firewalld-sysctls.conf
+}
+
+do_install_ptest:append() {
+    # Add kernel modules to the ptest script
+    if [ ${PTEST_ENABLED} = "1" ]; then
+        sed -i -e 's:@@FIREWALLD_KERNEL_MODULES@@:${FIREWALLD_KERNEL_MODULES}:g' \
+            ${D}${PTEST_PATH}/run-ptest
+    fi
+}
+
+SUMMARY:python3-firewall = "${SUMMARY} (Python3 bindings)"
+FILES:python3-firewall = "\
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/__pycache__/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/config/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/config/__pycache__/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/core/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/core/__pycache__/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/core/io/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/core/io/__pycache__/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/server/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/server/__pycache__/*.py* \
+"
+RDEPENDS:python3-firewall = "\
+    python3-dbus \
+    nftables-python \
+    python3-pygobject \
+"
+
+# Do not depend on QT5 layer and GTK deps if not explicitely required.
+FIREWALLD_QT5_RDEPENDS = "\
+    ${PN}-config \
+    hicolor-icon-theme \
+    python3-pyqt5 \
+    python3-pygobject \
+    libnotify \
+    networkmanager \
+"
+FIREWALLD_GTK_RDEPENDS = "\
+    gtk3 \
+"
+
+# A QT5 based UI
+SUMMARY:${PN}-config = "${SUMMARY} (configuration application)"
+FILES:${PN}-config = "\
+    ${bindir}/firewall-config \
+    ${datadir}/firewalld/firewall-config.glade \
+    ${datadir}/firewalld/gtk3_chooserbutton.py* \
+    ${datadir}/firewalld/gtk3_niceexpander.py* \
+    ${datadir}/applications/firewall-config.desktop \
+    ${datadir}/metainfo/firewall-config.appdata.xml \
+    ${datadir}/icons/hicolor/*/apps/firewall-config*.* \
+"
+RDEPENDS:${PN}-config += "\
+    python3-core \
+    python3-ctypes \
+    ${@bb.utils.contains('PACKAGECONFIG', 'qt5', '${FIREWALLD_QT5_RDEPENDS}', '', d)} \
+"
+
+# A GTK3 applet depending on the QT5 firewall-config UI
+SUMMARY:${PN}-applet = "${SUMMARY} (panel applet)"
+FILES:${PN}-applet += "\
+    ${bindir}/firewall-applet \
+    ${sysconfdir}/xdg/autostart/firewall-applet.desktop \
+    ${sysconfdir}/firewall/applet.conf \
+    ${datadir}/icons/hicolor/*/apps/firewall-applet*.* \
+"
+RDEPENDS:${PN}-applet += "\
+    python3-core \
+    python3-ctypes \
+    ${@bb.utils.contains('PACKAGECONFIG', 'qt5', '${FIREWALLD_QT5_RDEPENDS}', '', d)} \
+    ${@bb.utils.contains('PACKAGECONFIG', 'gtk', '${FIREWALLD_GTK_RDEPENDS}', '', d)} \
+"
+
+SUMMARY:${PN}-offline-cmd = "${SUMMARY} (offline configuration utility)"
+FILES:${PN}-offline-cmd += " \
+    ${bindir}/firewall-offline-cmd \
+"
+RDEPENDS:${PN}-offline-cmd += "python3-core"
+
+SUMMARY:${PN}-log-rotate = "${SUMMARY} (log-rotate configuration)"
+FILES:${PN}-log-rotate += "${sysconfdir}/logrotate.d"
+
+# To get allmost all tests passing
+# - Enable PACKAGECONFIG ipset, ebtable
+# - Enough RAM QB_MEM = "-m 8192" (used für fancy ipset tests)
+FILES:${PN}-ptest += "\
+    ${datadir}/firewalld/testsuite \
+"
+RDEPENDS:${PN}-ptest += "\
+    python3-unittest \
+    ${PN}-offline-cmd \
+    procps-ps \
+    iproute2 \
+"
+RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-utils glibc-localedata-en-us"
+
+FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions"
+
+FILES:${PN} += "\
+    ${PYTHON_SITEPACKAGES_DIR}/firewall \
+    ${nonarch_libdir}/firewalld \
+    ${datadir}/dbus-1 \
+    ${datadir}/polkit-1 \
+    ${datadir}/metainfo \
+    ${datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml \
+"
+RDEPENDS:${PN} += "\
+    python3-firewall \
+    iptables \
+    python3-core \
+    python3-io \
+    python3-fcntl \
+    python3-syslog \
+    python3-xml \
+    python3-json \
+    python3-ctypes \
+    python3-pprint \
+"
+# If firewalld writes a log file rotation is needed
+RRECOMMENDS:${PN} += "${@bb.utils.contains_any('FIREWALLD_DEFAULT_LOG_TARGET', [ 'mixed', 'file' ], '${PN}-log-rotate', '', d)}"
+
+# Add required kernel modules. With Yocto kernel 5.15 this currently means:
+# - features/nf_tables/nf_tables.scc
+# - features/netfilter/netfilter.scc
+# - cgl/features/audit/audit.scc
+# - cfg/net/ip6_nf.scc
+# - Plus:
+#   - ebtables
+#   - ipset
+#   - CONFIG_IP6_NF_SECURITY=m
+#   - CONFIG_IP6_NF_MATCH_RPFILTER=m
+#   - CONFIG_IP6_NF_TARGET_REJECT=m
+#   - CONFIG_NFT_OBJREF=m
+#   - CONFIG_NFT_FIB=m
+#   - CONFIG_NFT_FIB_INET=m
+#   - CONFIG_NFT_FIB_IPV4=m
+#   - CONFIG_NFT_FIB_IPV6=m
+#   - CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
+#   - CONFIG_NETFILTER_XT_SET=m
+def get_kernel_deps(d):
+    kmodules = (d.getVar('FIREWALLD_KERNEL_MODULES') or "").split()
+    return ' '.join([ 'kernel-module-' + mod.replace('_', '-').lower() for mod in kmodules ])
+RRECOMMENDS:${PN} += "${@get_kernel_deps(d)}"
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.2.4.bb b/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.2.4.bb
index d5aecee..1197520 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.2.4.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.2.4.bb
@@ -19,7 +19,7 @@
 SYSTEMD_SERVICE:${PN} = "${BPN}-mechanism.service"
 SYSTEMD_AUTO_ENABLE:${PN} = "disable"
 
-RRECOMENDS_${PN} += "adwaita-icon-theme"
+RRECOMMENDS:${PN} += "adwaita-icon-theme"
 RDEPENDS:${PN} += " \
     python3-core \
     python3-dbus \
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
index da7e604..453e514 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
@@ -34,6 +34,8 @@
     file://check-openssl-cmds-in-script-bootstrap.patch \
 "
 
+raddbdir="${sysconfdir}/${MLPREFIX}raddb"
+
 SRCREV = "af428abda249b2279ba0582180985a9f6f4a144a"
 
 PARALLEL_MAKE = ""
@@ -48,6 +50,7 @@
         --with-docdir=${docdir}/freeradius-${PV} \
         --with-openssl-includes=${STAGING_INCDIR} \
         --with-openssl-libraries=${STAGING_LIBDIR} \
+        --with-raddbdir=${raddbdir} \
         --without-rlm_ippool \
         --without-rlm_cache_memcached \
         --without-rlm_counter \
@@ -98,7 +101,9 @@
 PACKAGECONFIG[rlm-eap-fast] = "--with-rlm_eap_fast, --without-rlm_eap_fast"
 PACKAGECONFIG[rlm-eap-pwd] = "--with-rlm_eap_pwd, --without-rlm_eap_pwd"
 
-inherit useradd autotools-brokensep update-rc.d systemd
+inherit useradd autotools-brokensep update-rc.d systemd multilib_script multilib_header
+
+MULTILIB_SCRIPTS = "${PN}:${sbindir}/checkrad"
 
 # This is not a cpan or python based package, but it needs some definitions
 # from cpan-base and python3-dir bbclasses for building rlm_perl and rlm_python
@@ -141,7 +146,7 @@
     oe_runmake install R=${D} INSTALLSTRIP=""
 
     # remove unsupported config files
-    rm -f ${D}/${sysconfdir}/raddb/experimental.conf
+    rm -f ${D}/${raddbdir}/experimental.conf
 
     # remove scripts that required Perl(DBI)
     rm -rf ${D}/${bindir}/radsqlrelay
@@ -153,7 +158,7 @@
     rm -rf ${D}/${localstatedir}/log/
     install -m 0644 ${WORKDIR}/volatiles.58_radiusd  ${D}${sysconfdir}/default/volatiles/58_radiusd
 
-    chown -R radiusd:radiusd ${D}/${sysconfdir}/raddb/
+    chown -R radiusd:radiusd ${D}/${raddbdir}
     chown -R radiusd:radiusd ${D}/${localstatedir}/lib/radiusd
 
     # For systemd
@@ -169,6 +174,9 @@
         install -d ${D}${sysconfdir}/tmpfiles.d/
         install -m 0644 ${WORKDIR}/radiusd-volatiles.conf ${D}${sysconfdir}/tmpfiles.d/radiusd.conf
     fi
+    oe_multilib_header freeradius/autoconf.h 
+    oe_multilib_header freeradius/missing.h
+    oe_multilib_header freeradius/radpaths.h
 }
 
 # This is only needed when we install/update on a running target.
@@ -183,7 +191,7 @@
         fi
 
         # Fix ownership for /etc/raddb/*, /var/lib/radiusd
-        chown -R radiusd:radiusd ${sysconfdir}/raddb
+        chown -R radiusd:radiusd ${raddbdir}
         chown -R radiusd:radiusd ${localstatedir}/lib/radiusd
     fi
 }
@@ -204,30 +212,30 @@
 FILES:${PN}-utils = "${bindir}/*"
 
 FILES:${PN}-ldap = "${libdir}/rlm_ldap.so* \
-    ${sysconfdir}/raddb/mods-available/ldap \
+    ${raddbdir}/mods-available/ldap \
 "
 
 FILES:${PN}-krb5 = "${libdir}/rlm_krb5.so* \
-    ${sysconfdir}/raddb/mods-available/krb5 \
+    ${raddbdir}/mods-available/krb5 \
 "
 
 FILES:${PN}-perl = "${libdir}/rlm_perl.so* \
-    ${sysconfdir}/raddb/mods-config/perl \
-    ${sysconfdir}/raddb/mods-available/perl \
+    ${raddbdir}/mods-config/perl \
+    ${raddbdir}/mods-available/perl \
 "
 
 FILES:${PN}-python = "${libdir}/rlm_python3.so* \
-    ${sysconfdir}/raddb/mods-config/python3 \
-    ${sysconfdir}/raddb/mods-available/python3 \
+    ${raddbdir}/mods-config/python3 \
+    ${raddbdir}/mods-available/python3 \
 "
 
 FILES:${PN}-mysql = "${libdir}/rlm_sql_mysql.so* \
-    ${sysconfdir}/raddb/mods-config/sql/*/mysql \
-    ${sysconfdir}/raddb/mods-available/sql \
+    ${raddbdir}/mods-config/sql/*/mysql \
+    ${raddbdir}/mods-available/sql \
 "
 
 FILES:${PN}-postgresql = "${libdir}/rlm_sql_postgresql.so* \
-    ${sysconfdir}/raddb/mods-config/sql/*/postgresql \
+    ${raddbdir}/mods-config/sql/*/postgresql \
 "
 
 FILES:${PN}-unixodbc = "${libdir}/rlm_sql_unixodbc.so*"
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.38.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.38.0.bb
index d52ad6e..c8fea5d 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.38.0.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.38.0.bb
@@ -86,7 +86,7 @@
 # consolekit is not picked by shlibs, so add it to RDEPENDS too
 PACKAGECONFIG[consolekit] = "-Dsession_tracking_consolekit=true,-Dsession_tracking_consolekit=false,consolekit,consolekit"
 PACKAGECONFIG[modemmanager] = "-Dmodem_manager=true,-Dmodem_manager=false,modemmanager mobile-broadband-provider-info"
-PACKAGECONFIG[ppp] = "-Dppp=true,-Dppp=false,ppp"
+PACKAGECONFIG[ppp] = "-Dppp=true -Dpppd=${sbindir}/pppd,-Dppp=false,ppp,ppp"
 PACKAGECONFIG[dnsmasq] = "-Ddnsmasq=${bindir}/dnsmasq"
 PACKAGECONFIG[nss] = "-Dcrypto=nss,,nss"
 PACKAGECONFIG[resolvconf] = "-Dresolvconf=${base_sbindir}/resolvconf,-Dresolvconf=no,,resolvconf"
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect_8.20.bb b/meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect_9.01.bb
similarity index 94%
rename from meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect_8.20.bb
rename to meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect_9.01.bb
index 022ba85..afdbdca 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect_8.20.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect_9.01.bb
@@ -5,7 +5,7 @@
 SRC_URI = " \
     git://git.infradead.org/users/dwmw2/openconnect.git;branch=master \
 "
-SRCREV = "03a3b9c76a9b6d0a65073b6bebbc1192e3445507"
+SRCREV = "5695cd6b0c7d42ca293ce0f00abcbe3d1ec4e609"
 
 DEPENDS = "vpnc libxml2 krb5 gettext-native"
 RDEPENDS:${PN} = "bash python3-core vpnc-script"
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.19.bb b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.20.bb
similarity index 97%
rename from meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.19.bb
rename to meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.20.bb
index 26b335d..c15c204 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.19.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.20.bb
@@ -14,7 +14,7 @@
     file://disable-run-test-program-while-cross-compiling.patch \
     file://configure.in-disable-tirpc-checking-for-fedora.patch \
 "
-SRC_URI[sha256sum] = "b12fc6db72afb58987a2bf1954b8f45bde02047c235513c7663857b9506369c7"
+SRC_URI[sha256sum] = "29400e13f53b1831e0b8b10ec1224a1cbaa6dc1533a5322a20dd80bb84b4981c"
 
 UPSTREAM_CHECK_URI = "https://www.snort.org/downloads"
 UPSTREAM_CHECK_REGEX = "snort-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb b/meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.14.bb
similarity index 93%
rename from meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb
rename to meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.14.bb
index cf2b156..eda0129 100644
--- a/meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb
+++ b/meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.14.bb
@@ -11,8 +11,7 @@
     file://lldpd.default \
     "
 
-SRC_URI[md5sum] = "000042dbf5b445f750b5ba01ab25c8ba"
-SRC_URI[sha256sum] = "98d200e76e30f6262c4a4493148c1840827898329146a57a34f8f0f928ca3def"
+SRC_URI[sha256sum] = "a74819214f116a5dbc407a3d490caa01ba401a249517ac826a374059c12d12e8"
 
 inherit autotools update-rc.d useradd systemd pkgconfig bash-completion
 
diff --git a/meta-openembedded/meta-networking/recipes-extended/kronosnet/kronosnet/0001-links.c-Fix-build-with-gcc-12.patch b/meta-openembedded/meta-networking/recipes-extended/kronosnet/kronosnet/0001-links.c-Fix-build-with-gcc-12.patch
new file mode 100644
index 0000000..e59501c
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-extended/kronosnet/kronosnet/0001-links.c-Fix-build-with-gcc-12.patch
@@ -0,0 +1,40 @@
+From a8aac8f3fd8b07fde8f5dc0aa9ece54a46d24425 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Thu, 9 Jun 2022 16:03:06 +0800
+Subject: [PATCH] links.c: Fix build with gcc-12
+
+Fixes:
+  | /build/tmp-glibc/work/corei7-64-wrs-linux/kronosnet/1.22-r0/recipe-sysroot/usr/include/bits/string_fortified.h:59:10: error: 'link' may be used uninitialized [-Werror=maybe-uninitialized]
+  |    59 |   return __builtin___memset_chk (__dest, __ch, __len,
+  |       |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+  |    60 |                                  __glibc_objsize0 (__dest));
+  |       |                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~
+  | ../../git/libknet/links.c: In function 'knet_link_set_config':
+  | ../../git/libknet/links.c:108:27: note: 'link' was declared here
+  |   108 |         struct knet_link *link;
+  |       |                           ^~~~
+  | cc1: all warnings being treated as errors
+
+Upstream-Status: Submitted[https://github.com/kronosnet/kronosnet/pull/382]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ libknet/links.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libknet/links.c b/libknet/links.c
+index 8cb1621b..0ef42b79 100644
+--- a/libknet/links.c
++++ b/libknet/links.c
+@@ -105,7 +105,7 @@ int knet_link_set_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t l
+ {
+ 	int savederrno = 0, err = 0, i, wipelink = 0, link_idx;
+ 	struct knet_host *host, *tmp_host;
+-	struct knet_link *link;
++	struct knet_link *link = NULL;
+ 
+ 	if (!_is_valid_handle(knet_h)) {
+ 		return -1;
+-- 
+2.25.1
+
diff --git a/meta-openembedded/meta-networking/recipes-extended/kronosnet/kronosnet_1.22.bb b/meta-openembedded/meta-networking/recipes-extended/kronosnet/kronosnet_1.22.bb
index ad0a00e..0b0bc29 100644
--- a/meta-openembedded/meta-networking/recipes-extended/kronosnet/kronosnet_1.22.bb
+++ b/meta-openembedded/meta-networking/recipes-extended/kronosnet/kronosnet_1.22.bb
@@ -14,6 +14,7 @@
 SRCREV = "0123ecebce0ad6aba3cdb320027192e15fd71e23"
 SRC_URI = "git://github.com/kronosnet/kronosnet;protocol=https;branch=stable1 \
            file://0001-libknet-tests-Correct-include-path-for-poll.h.patch \
+           file://0001-links.c-Fix-build-with-gcc-12.patch \
            "
 
 UPSTREAM_CHECK_URI = "https://github.com/kronosnet/kronosnet/releases"
diff --git a/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.1.bb b/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.2.bb
similarity index 95%
rename from meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.1.bb
rename to meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.2.bb
index 4447963..3eca92d 100644
--- a/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.1.bb
+++ b/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.2.bb
@@ -4,7 +4,7 @@
 SECTION = "libs"
 DEPENDS = "libmnl"
 
-SRCREV = "09456c720e9c00eecc08e41ac6b7c291b3821ee5"
+SRCREV = "f6575131e60ab10f131ea3ff36f69af2b6c3f614"
 SRC_URI = "git://git.netfilter.org/libnftnl;branch=master \
            file://0001-avoid-naming-local-function-as-one-of-printf-family.patch \
            file://0001-configure.ac-Add-serial-tests.patch \
diff --git a/meta-openembedded/meta-networking/recipes-filter/nftables/nftables/0001-examples-compile-with-make-check-and-add-AM_CPPFLAGS.patch b/meta-openembedded/meta-networking/recipes-filter/nftables/nftables/0001-examples-compile-with-make-check-and-add-AM_CPPFLAGS.patch
deleted file mode 100644
index 65ab2df..0000000
--- a/meta-openembedded/meta-networking/recipes-filter/nftables/nftables/0001-examples-compile-with-make-check-and-add-AM_CPPFLAGS.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 18a08fb7f0443f8bde83393bd6f69e23a04246b3 Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Tue, 22 Feb 2022 00:56:36 +0100
-Subject: [PATCH] examples: compile with `make check' and add AM_CPPFLAGS
-
-Compile examples via `make check' like libnftnl does. Use AM_CPPFLAGS to
-specify local headers via -I.
-
-Unfortunately, `make distcheck' did not catch this compile time error in
-my system, since it was using the nftables/libnftables.h file of the
-previous nftables release.
-
-Fixes: 5b364657a35f ("build: missing SUBIRS update")
-Fixes: caf2a6ad2d22 ("examples: add libnftables example program")
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
-Upstream-Status: Backport
-[http://git.netfilter.org/nftables/commit/?id=18a08fb7f0443f8bde83393bd6f69e23a04246b3]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- examples/Makefile.am | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/examples/Makefile.am b/examples/Makefile.am
-index c972170d..3b8b0b67 100644
---- a/examples/Makefile.am
-+++ b/examples/Makefile.am
-@@ -1,4 +1,6 @@
--noinst_PROGRAMS	= nft-buffer		\
-+check_PROGRAMS	= nft-buffer		\
- 		  nft-json-file
- 
-+AM_CPPFLAGS = -I$(top_srcdir)/include
-+
- LDADD = $(top_builddir)/src/libnftables.la
--- 
-2.25.1
-
diff --git a/meta-openembedded/meta-networking/recipes-filter/nftables/nftables/0001-nftables-python-Split-root-from-prefix.patch b/meta-openembedded/meta-networking/recipes-filter/nftables/nftables/0001-nftables-python-Split-root-from-prefix.patch
new file mode 100644
index 0000000..377b29f
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-filter/nftables/nftables/0001-nftables-python-Split-root-from-prefix.patch
@@ -0,0 +1,44 @@
+From c7513195a72b2e5be5c9c439cc606eb5dcc3fb7a Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alex.kiernan@gmail.com>
+Date: Tue, 12 Jul 2022 17:44:34 +0100
+Subject: [PATCH] nftables: python: Split root from prefix
+
+The buildpaths QA check fails when python is enabled:
+
+  WARNING: nftables-1.0.4-r0 do_package_qa: QA Issue: File /usr/lib/python3.10/site-packages/nftables/__pycache__/nftables.cpython-310.pyc in package nftables-python contains reference to TMPDIR
+  File /usr/lib/python3.10/site-packages/nftables/__pycache__/__init__.cpython-310.pyc in package nftables-python contains reference to TMPDIR [buildpaths]
+
+Upstream-Status: Pending
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ py/Makefile.am | 2 +-
+ py/setup.py    | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/py/Makefile.am b/py/Makefile.am
+index 215ecd9e4751..a827cca10135 100644
+--- a/py/Makefile.am
++++ b/py/Makefile.am
+@@ -7,7 +7,7 @@ all-local:
+ install-exec-local:
+ 	cd $(srcdir) && \
+ 		$(PYTHON_BIN) setup.py build --build-base $(abs_builddir) \
+-		install --prefix $(DESTDIR)$(prefix)
++		install --root $(DESTDIR) --prefix $(prefix)
+ 
+ uninstall-local:
+ 	rm -rf $(DESTDIR)$(prefix)/lib*/python*/site-packages/nftables
+diff --git a/py/setup.py b/py/setup.py
+index 72fc8fd98b26..976aec583b71 100755
+--- a/py/setup.py
++++ b/py/setup.py
+@@ -1,5 +1,5 @@
+ #!/usr/bin/env python
+-from distutils.core import setup
++from setuptools._distutils.core import setup
+ from nftables import NFTABLES_VERSION
+ 
+ setup(name='nftables',
+-- 
+2.35.1
+
diff --git a/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb b/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.4.bb
similarity index 69%
rename from meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb
rename to meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.4.bb
index e078be7..3466e16 100644
--- a/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb
+++ b/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.4.bb
@@ -6,26 +6,27 @@
 DEPENDS = "libmnl libnftnl bison-native \
            ${@bb.utils.contains('PACKAGECONFIG', 'mini-gmp', '', 'gmp', d)}"
 
-# Ensure we reject the 0.099 version by matching at least two dots
-UPSTREAM_CHECK_REGEX = "nftables-(?P<pver>\d+(\.\d+){2,}).tar.bz2"
-
 SRC_URI = "http://www.netfilter.org/projects/nftables/files/${BP}.tar.bz2 \
-           file://0001-examples-compile-with-make-check-and-add-AM_CPPFLAGS.patch \
+           file://0001-nftables-python-Split-root-from-prefix.patch \
            file://run-ptest \
           "
 
-SRC_URI[sha256sum] = "0b28a36ffcf4567b841de7bd3f37918b1fed27859eb48bdec51e1f7a83954c02"
+SRC_URI[sha256sum] = "927fb1fea1f685a328c10cf791eb655d7e1ed49d310eea5cb3101dfd8d6cba35"
 
 inherit autotools manpages pkgconfig ptest
 
-PACKAGECONFIG ??= "python readline json"
+PACKAGECONFIG ?= "python readline json"
+PACKAGECONFIG[editline] = "--with-cli=editline, , libedit, , , linenoise readline"
 PACKAGECONFIG[json] = "--with-json, --without-json, jansson"
+PACKAGECONFIG[linenoise] = "--with-cli=linenoise, , linenoise, , , editline readline"
 PACKAGECONFIG[manpages] = "--enable-man-doc, --disable-man-doc, asciidoc-native"
 PACKAGECONFIG[mini-gmp] = "--with-mini-gmp, --without-mini-gmp"
-PACKAGECONFIG[python] = "--enable-python --with-python-bin=${PYTHON}, --with-python-bin="", python3"
-PACKAGECONFIG[readline] = "--with-cli=readline, --without-cli, readline"
+PACKAGECONFIG[python] = "--enable-python --with-python-bin=${PYTHON}, --disable-python, python3-setuptools-native"
+PACKAGECONFIG[readline] = "--with-cli=readline, , readline, , , editline linenoise"
 PACKAGECONFIG[xtables] = "--with-xtables, --without-xtables, iptables"
 
+EXTRA_OECONF = "${@bb.utils.contains_any('PACKAGECONFIG', 'editline linenoise readline', '', '--without-cli', d)}"
+
 inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3native', '', d)}
 
 RRECOMMENDS:${PN} += "kernel-module-nf-tables"
@@ -34,7 +35,7 @@
 FILES:${PN}-python = "${nonarch_libdir}/${PYTHON_DIR}"
 RDEPENDS:${PN}-python = "python3-core python3-json ${PN}"
 
-RDEPENDS:${PN}-ptest += " make bash python3-core python3-ctypes python3-json python3-misc util-linux"
+RDEPENDS:${PN}-ptest += " ${PN}-python make bash python3-core python3-ctypes python3-json python3-misc util-linux"
 
 TESTDIR = "tests"
 
@@ -46,7 +47,6 @@
     mkdir -p ${D}${PTEST_PATH}/src/.libs
     cp -rf ${B}/src/.libs/* ${D}${PTEST_PATH}/src/.libs
     cp -rf ${B}/src/.libs/nft ${D}${PTEST_PATH}/src/
-    cp -rf ${S}/py ${D}${PTEST_PATH}
     cp -rf ${S}/${TESTDIR} ${D}${PTEST_PATH}/${TESTDIR}
     sed -i 's#/usr/bin/python#/usr/bin/python3#' ${D}${PTEST_PATH}/${TESTDIR}/json_echo/run-test.py
     sed -i 's#/usr/bin/env python#/usr/bin/env python3#' ${D}${PTEST_PATH}/${TESTDIR}/py/nft-test.py
diff --git a/meta-openembedded/meta-networking/recipes-protocols/openflow/openflow.inc b/meta-openembedded/meta-networking/recipes-protocols/openflow/openflow.inc
index 15eb65a..ccafaf0 100644
--- a/meta-openembedded/meta-networking/recipes-protocols/openflow/openflow.inc
+++ b/meta-openembedded/meta-networking/recipes-protocols/openflow/openflow.inc
@@ -53,3 +53,7 @@
 }
 
 FILES:${PN} += "${nonarch_libdir}/tmpfiles.d"
+
+# This CVE is not for this product but cve-check assumes it is
+# because two CPE collides when checking the NVD database
+CVE_CHECK_IGNORE = "CVE-2018-1078"
diff --git a/meta-openembedded/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb b/meta-openembedded/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
index a7697a1..984264a 100644
--- a/meta-openembedded/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
+++ b/meta-openembedded/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
@@ -2,3 +2,7 @@
 
 SRC_URI[md5sum] = "eced21b054d71c9e1b7c6ac43286a166"
 SRC_URI[sha256sum] = "e364c082c3309910e1eb7b068bf39ee298e2f2f3f31a6431a5c115193bd653d3"
+
+CVE_CHECK_IGNORE += "\
+    CVE-2016-4049 \
+"
diff --git a/meta-openembedded/meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb b/meta-openembedded/meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb
index 4f8e4d4..dcfa740 100644
--- a/meta-openembedded/meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb
+++ b/meta-openembedded/meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb
@@ -23,3 +23,5 @@
 PACKAGECONFIG[inet6] = "--enable-inet6,--disable-inet6,"
 
 EXTRA_OECONF += "--disable-debug"
+
+CVE_VERSION = "0.9.3.0"
diff --git a/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.2.bb b/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.2.bb
index 57dd635..8ce9e1d 100644
--- a/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.2.bb
+++ b/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.2.bb
@@ -126,6 +126,10 @@
            ${D}${systemd_unitdir}/system/chronyd.service
     sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${sysconfdir}/init.d/chronyd
     sed -i 's!^EnvironmentFile=.*!EnvironmentFile=-${sysconfdir}/default/chronyd!' ${D}${systemd_unitdir}/system/chronyd.service
+
+    install -d ${D}${sysconfdir}/tmpfiles.d
+    echo "d /var/lib/chrony 0755 root root -" > ${D}${sysconfdir}/tmpfiles.d/chronyd.conf
+
 }
 
 FILES:${PN} = "${sbindir}/chronyd ${sysconfdir} ${localstatedir}/lib/chrony ${localstatedir}"
diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch
new file mode 100644
index 0000000..6bd734d
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch
@@ -0,0 +1,191 @@
+From 3cdecc159e0f417a2f8d43d99632af26beea630f Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 31 Mar 2022 21:35:20 +0100
+Subject: [PATCH] Fix write-after-free error in DHCPv6 code. CVE-2022-0934
+ refers.
+
+CVE: CVE-2022-0934
+
+Upstream-Status: Backport
+[https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=03345ecefe]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ CHANGELOG     |  3 +++
+ src/rfc3315.c | 48 +++++++++++++++++++++++++++---------------------
+ 2 files changed, 30 insertions(+), 21 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 5e54df9..a28da2a 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -1,4 +1,7 @@
+ version 2.86
++	Fix write-after-free error in DHCPv6 server code.
++	CVE-2022-0934 refers.
++
+ 	Handle DHCPREBIND requests in the DHCPv6 server code.
+ 	Thanks to Aichun Li for spotting this omission, and the initial
+ 	patch.
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index 5c2ff97..6ecfeeb 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -33,9 +33,9 @@ struct state {
+   unsigned int mac_len, mac_type;
+ };
+ 
+-static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, 
++static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, 
+ 			     struct in6_addr *client_addr, int is_unicast, time_t now);
+-static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now);
++static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now);
+ static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_opts);
+ static void log6_packet(struct state *state, char *type, struct in6_addr *addr, char *string);
+ static void log6_quiet(struct state *state, char *type, struct in6_addr *addr, char *string);
+@@ -104,12 +104,12 @@ unsigned short dhcp6_reply(struct dhcp_context *context, int interface, char *if
+ }
+ 
+ /* This cost me blood to write, it will probably cost you blood to understand - srk. */
+-static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, 
++static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, 
+ 			     struct in6_addr *client_addr, int is_unicast, time_t now)
+ {
+   void *end = inbuff + sz;
+   void *opts = inbuff + 34;
+-  int msg_type = *((unsigned char *)inbuff);
++  int msg_type = *inbuff;
+   unsigned char *outmsgtypep;
+   void *opt;
+   struct dhcp_vendor *vendor;
+@@ -259,15 +259,15 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
+   return 1;
+ }
+ 
+-static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now)
++static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now)
+ {
+   void *opt;
+-  int i, o, o1, start_opts;
++  int i, o, o1, start_opts, start_msg;
+   struct dhcp_opt *opt_cfg;
+   struct dhcp_netid *tagif;
+   struct dhcp_config *config = NULL;
+   struct dhcp_netid known_id, iface_id, v6_id;
+-  unsigned char *outmsgtypep;
++  unsigned char outmsgtype;
+   struct dhcp_vendor *vendor;
+   struct dhcp_context *context_tmp;
+   struct dhcp_mac *mac_opt;
+@@ -296,12 +296,13 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+   v6_id.next = state->tags;
+   state->tags = &v6_id;
+ 
+-  /* copy over transaction-id, and save pointer to message type */
+-  if (!(outmsgtypep = put_opt6(inbuff, 4)))
++  start_msg = save_counter(-1);
++  /* copy over transaction-id */
++  if (!put_opt6(inbuff, 4))
+     return 0;
+   start_opts = save_counter(-1);
+-  state->xid = outmsgtypep[3] | outmsgtypep[2] << 8 | outmsgtypep[1] << 16;
+-   
++  state->xid = inbuff[3] | inbuff[2] << 8 | inbuff[1] << 16;
++    
+   /* We're going to be linking tags from all context we use. 
+      mark them as unused so we don't link one twice and break the list */
+   for (context_tmp = state->context; context_tmp; context_tmp = context_tmp->current)
+@@ -347,7 +348,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+       (msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE))
+     
+     {  
+-      *outmsgtypep = DHCP6REPLY;
++      outmsgtype = DHCP6REPLY;
+       o1 = new_opt6(OPTION6_STATUS_CODE);
+       put_opt6_short(DHCP6USEMULTI);
+       put_opt6_string("Use multicast");
+@@ -619,11 +620,11 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ 	struct dhcp_netid *solicit_tags;
+ 	struct dhcp_context *c;
+ 	
+-	*outmsgtypep = DHCP6ADVERTISE;
++	outmsgtype = DHCP6ADVERTISE;
+ 	
+ 	if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0))
+ 	  {
+-	    *outmsgtypep = DHCP6REPLY;
++	    outmsgtype = DHCP6REPLY;
+ 	    state->lease_allocate = 1;
+ 	    o = new_opt6(OPTION6_RAPID_COMMIT);
+ 	    end_opt6(o);
+@@ -809,7 +810,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ 	int start = save_counter(-1);
+ 
+ 	/* set reply message type */
+-	*outmsgtypep = DHCP6REPLY;
++	outmsgtype = DHCP6REPLY;
+ 	state->lease_allocate = 1;
+ 
+ 	log6_quiet(state, "DHCPREQUEST", NULL, ignore ? _("ignored") : NULL);
+@@ -924,7 +925,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ 	int address_assigned = 0;
+ 
+ 	/* set reply message type */
+-	*outmsgtypep = DHCP6REPLY;
++	outmsgtype = DHCP6REPLY;
+ 	
+ 	log6_quiet(state, msg_type == DHCP6RENEW ? "DHCPRENEW" : "DHCPREBIND", NULL, NULL);
+ 
+@@ -1057,7 +1058,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ 	int good_addr = 0;
+ 
+ 	/* set reply message type */
+-	*outmsgtypep = DHCP6REPLY;
++	outmsgtype = DHCP6REPLY;
+ 	
+ 	log6_quiet(state, "DHCPCONFIRM", NULL, NULL);
+ 	
+@@ -1121,7 +1122,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ 	log6_quiet(state, "DHCPINFORMATION-REQUEST", NULL, ignore ? _("ignored") : state->hostname);
+ 	if (ignore)
+ 	  return 0;
+-	*outmsgtypep = DHCP6REPLY;
++	outmsgtype = DHCP6REPLY;
+ 	tagif = add_options(state, 1);
+ 	break;
+       }
+@@ -1130,7 +1131,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+     case DHCP6RELEASE:
+       {
+ 	/* set reply message type */
+-	*outmsgtypep = DHCP6REPLY;
++	outmsgtype = DHCP6REPLY;
+ 
+ 	log6_quiet(state, "DHCPRELEASE", NULL, NULL);
+ 
+@@ -1195,7 +1196,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+     case DHCP6DECLINE:
+       {
+ 	/* set reply message type */
+-	*outmsgtypep = DHCP6REPLY;
++	outmsgtype = DHCP6REPLY;
+ 	
+ 	log6_quiet(state, "DHCPDECLINE", NULL, NULL);
+ 
+@@ -1275,7 +1276,12 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+       }
+ 
+     }
+-  
++
++  /* Fill in the message type. Note that we store the offset,
++     not a direct pointer, since the packet memory may have been 
++     reallocated. */
++  ((unsigned char *)(daemon->outpacket.iov_base))[start_msg] = outmsgtype;
++
+   log_tags(tagif, state->xid);
+   log6_opts(0, state->xid, daemon->outpacket.iov_base + start_opts, daemon->outpacket.iov_base + save_counter(-1));
+   
+-- 
+2.25.1
+
diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb
index 31ca51e..0f7880c 100644
--- a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb
+++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb
@@ -3,5 +3,6 @@
 SRC_URI[dnsmasq-2.86.sha256sum] = "ef15f608a83ee2b1d1d2c1f11d089a7e0ac401ffb0991de73fc01ce5f290e512"
 SRC_URI += "\
     file://lua.patch \
+    file://CVE-2022-0934.patch \
 "
 
diff --git a/meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.31.7.bb b/meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.31.10.bb
similarity index 95%
rename from meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.31.7.bb
rename to meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.31.10.bb
index 2de32cc..07870bb 100644
--- a/meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.31.7.bb
+++ b/meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.31.10.bb
@@ -11,8 +11,7 @@
 
 SRC_URI = "git://github.com/libguestfs/nbdkit.git;protocol=https;branch=master \
 "
-
-SRCREV = "7c0e2d19d30eb0bd2e079febb5a2c31f65e5023d"
+SRCREV = "1c31e0e5397646ae3709b1fbfd9c3b47b904f254"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-openembedded/meta-networking/recipes-support/netperf/files/netserver_permissions.patch b/meta-openembedded/meta-networking/recipes-support/netperf/files/netserver_permissions.patch
new file mode 100644
index 0000000..5531636
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-support/netperf/files/netserver_permissions.patch
@@ -0,0 +1,29 @@
+From 78c9ae7d9a6735575bc72dd28a19b2bc3a251981 Mon Sep 17 00:00:00 2001
+From: Andrew Elble <aweits@rit.edu>
+Date: Mon, 8 Oct 2018 14:31:20 -0400
+Subject: [PATCH] netserver: don't change permissions on /dev/null
+
+the (now default) suppress_debug=1 changes permissions on /dev/null
+to 0644. Don't do this.
+
+Upstream-Status: Pending [https://github.com/HewlettPackard/netperf/pull/27/commits/78c9ae7d9a6735575bc72dd28a19b2bc3a251981]
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+---
+ src/netserver.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/netserver.c b/src/netserver.c
+index 00c8d23..86a1c45 100644
+--- a/src/netserver.c
++++ b/src/netserver.c
+@@ -278,7 +278,8 @@ open_debug_file()
+ 
+ #if !defined(WIN32)
+ 
+-  chmod(FileName,0644);
++  if (!suppress_debug)
++    chmod(FileName,0644);
+ 
+   /* redirect stdin to "/dev/null" */
+   rd_null_fp = fopen(NETPERF_NULL,"r");
diff --git a/meta-openembedded/meta-networking/recipes-support/netperf/netperf_git.bb b/meta-openembedded/meta-networking/recipes-support/netperf/netperf_git.bb
index 62ba966..06b2edd 100644
--- a/meta-openembedded/meta-networking/recipes-support/netperf/netperf_git.bb
+++ b/meta-openembedded/meta-networking/recipes-support/netperf/netperf_git.bb
@@ -14,6 +14,7 @@
            file://netserver.service \
            file://0001-netlib.c-Move-including-sched.h-out-og-function.patch \
            file://0001-nettest_omni-Remove-duplicate-variable-definitions.patch \
+           file://netserver_permissions.patch \
            "
 
 SRCREV = "3bc455b23f901dae377ca0a558e1e32aa56b31c4"
diff --git a/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb b/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
index fe2bd07..a30f720 100644
--- a/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
+++ b/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
@@ -29,7 +29,31 @@
 SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19"
 
 # CVE-2016-9312 is only for windows.
-CVE_CHECK_IGNORE += "CVE-2016-9312"
+# The other CVEs are not correctly identified because cve-check
+# is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference)
+CVE_CHECK_IGNORE += "\
+    CVE-2016-9312 \
+    CVE-2015-5146 \
+    CVE-2015-5300 \
+    CVE-2015-7975 \
+    CVE-2015-7976 \
+    CVE-2015-7977 \
+    CVE-2015-7978 \
+    CVE-2015-7979 \
+    CVE-2015-8138 \
+    CVE-2015-8139 \
+    CVE-2015-8140 \
+    CVE-2015-8158 \
+    CVE-2016-1547 \
+    CVE-2016-2516 \
+    CVE-2016-2517 \
+    CVE-2016-2519 \
+    CVE-2016-7429 \
+    CVE-2016-7433 \
+    CVE-2016-9310 \
+    CVE-2016-9311 \
+"
+
 
 inherit autotools update-rc.d useradd systemd pkgconfig
 
diff --git a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch
new file mode 100644
index 0000000..03b454d
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch
@@ -0,0 +1,48 @@
+From ea179d83b0aa62719d90748cd1fb260f40055f15 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Mon, 13 Jun 2022 22:44:28 +0800
+Subject: [PATCH] configure.ac: eliminate build path from openvpn --version
+ option
+
+Before the patch:
+$ openvpn  --version
+OpenVPN 2.5.7 x86_64-poky-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL]
+[snip]
+Compile time defines: enable_async_push=no enable_comp_stub=no
+[snip]
+with_crypto_library=openssl with_gnu_ld=yes
+with_libtool_sysroot=/buildarea/build/tmp/work/core2-64-poky-linux/openvpn/2.5.7-r0/recipe-sysroot
+with_mem_check=no with_openssl_engine=auto
+
+After the patch:
+$ openvpn  --version
+OpenVPN 2.5.7 x86_64-poky-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL]
+[snip]
+Compile time defines: enable_async_push=no enable_comp_stub=no
+[snip]
+with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no
+with_openssl_engine=auto
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 2f5f6bc..eddcbc5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1377,7 +1377,7 @@ if test "${enable_async_push}" = "yes"; then
+ 	esac
+ fi
+ 
+-CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
++CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*=' | grep -v 'libtool_sysroot'`"
+ AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
+ 
+ TAP_WIN_COMPONENT_ID="PRODUCT_TAP_WIN_COMPONENT_ID"
+-- 
+2.25.1
+
diff --git a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/openvpn b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/openvpn
old mode 100755
new mode 100644
diff --git a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/openvpn-volatile.conf b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/openvpn-volatile.conf
deleted file mode 100644
index 1205806..0000000
--- a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/openvpn-volatile.conf
+++ /dev/null
@@ -1 +0,0 @@
-d @LOCALSTATEDIR@/run/openvpn 0755 root root -
diff --git a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service
deleted file mode 100644
index 01dd2e8..0000000
--- a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
-After=syslog.target network.target
-
-[Service]
-PrivateTmp=true
-Type=forking
-PIDFile=/var/run/openvpn/%i.pid
-ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --cipher AES-256-GCM --data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb
index 3ed90a7..a28c73a 100644
--- a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb
+++ b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb
@@ -5,12 +5,12 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=b76abd82c14ee01cc34c4ff5e3627b89"
 DEPENDS = "lzo openssl iproute2 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
-inherit autotools systemd update-rc.d
+inherit autotools systemd update-rc.d pkgconfig
 
 SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \
+           file://0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch \
            file://openvpn \
-           file://openvpn@.service \
-           file://openvpn-volatile.conf"
+          "
 
 UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads"
 
@@ -19,9 +19,6 @@
 # CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn.
 CVE_CHECK_IGNORE += "CVE-2020-7224 CVE-2020-27569"
 
-SYSTEMD_SERVICE:${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service"
-SYSTEMD_AUTO_ENABLE = "disable"
-
 INITSCRIPT_PACKAGES = "${PN}"
 INITSCRIPT_NAME:${PN} = "openvpn"
 INITSCRIPT_PARAMS:${PN} = "start 10 2 3 4 5 . stop 70 0 1 6 ."
@@ -35,31 +32,36 @@
 # Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host.
 EXTRA_OECONF += "IPROUTE=${base_sbindir}/ip"
 
+EXTRA_OECONF += "SYSTEMD_UNIT_DIR=${systemd_system_unitdir} \
+                 TMPFILES_DIR=${nonarch_libdir}/tmpfiles.d \
+                "
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+                   ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
+                  "
+
+PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"
+PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux"
+
 do_install:append() {
     install -d ${D}/${sysconfdir}/init.d
     install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d
 
     install -d ${D}/${sysconfdir}/openvpn
+    install -d ${D}/${sysconfdir}/openvpn/server
+    install -d ${D}/${sysconfdir}/openvpn/client
+
     install -d ${D}/${sysconfdir}/openvpn/sample
-    install -m 755 ${S}/sample/sample-config-files/loopback-server  ${D}${sysconfdir}/openvpn/sample/loopback-server.conf
-    install -m 755 ${S}/sample/sample-config-files/loopback-client  ${D}${sysconfdir}/openvpn/sample/loopback-client.conf
+    install -m 644 ${S}/sample/sample-config-files/loopback-server  ${D}${sysconfdir}/openvpn/sample/loopback-server.conf
+    install -m 644 ${S}/sample/sample-config-files/loopback-client  ${D}${sysconfdir}/openvpn/sample/loopback-client.conf
+    install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-config-files
     install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-keys
+    install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-scripts
+    install -m 644 ${S}/sample/sample-config-files/* ${D}${sysconfdir}/openvpn/sample/sample-config-files
     install -m 644 ${S}/sample/sample-keys/* ${D}${sysconfdir}/openvpn/sample/sample-keys
+    install -m 644 ${S}/sample/sample-scripts/* ${D}${sysconfdir}/openvpn/sample/sample-scripts
 
-    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
-        install -d ${D}/${systemd_unitdir}/system
-        install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system
-        install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-server.service
-        install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-client.service
-
-        install -d ${D}/${localstatedir}
-        install -d ${D}/${localstatedir}/lib
-        install -d -m 710 ${D}/${localstatedir}/lib/openvpn
-
-        install -d ${D}${sysconfdir}/tmpfiles.d
-        install -m 0644 ${WORKDIR}/openvpn-volatile.conf ${D}${sysconfdir}/tmpfiles.d/openvpn.conf
-        sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/tmpfiles.d/openvpn.conf
-    fi
+    install -d -m 710 ${D}/${localstatedir}/lib/openvpn
 }
 
 PACKAGES =+ " ${PN}-sample "
@@ -67,9 +69,9 @@
 RRECOMMENDS:${PN} = "kernel-module-tun"
 
 FILES:${PN}-dbg += "${libdir}/openvpn/plugins/.debug"
-FILES:${PN} += "${systemd_unitdir}/system/openvpn@.service \
-                ${sysconfdir}/tmpfiles.d \
+FILES:${PN} += "${systemd_system_unitdir}/openvpn-server@.service \
+                ${systemd_system_unitdir}/openvpn-client@.service \
+                ${nonarch_libdir}/tmpfiles.d \
                "
-FILES:${PN}-sample += "${systemd_unitdir}/system/openvpn@loopback-server.service \
-                       ${systemd_unitdir}/system/openvpn@loopback-client.service \
-                       ${sysconfdir}/openvpn/sample/"
+FILES:${PN}-sample = "${sysconfdir}/openvpn/sample/ \
+                     "
diff --git a/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_40.0.bb b/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_41.0.bb
similarity index 95%
rename from meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_40.0.bb
rename to meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_41.0.bb
index c567e33..e5ecc5c 100644
--- a/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_40.0.bb
+++ b/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_41.0.bb
@@ -6,7 +6,7 @@
 RDEPENDS:${PN} = "bash perl"
 
 SRC_URI = "git://github.com/linux-rdma/rdma-core.git;branch=master;protocol=https"
-SRCREV = "a3e69268892bbd5ab30123748e89a26509a25ac5"
+SRCREV = "467363efbc0fea706752c1ba7a21c313823017e7"
 S = "${WORKDIR}/git"
 
 #Default Dual License https://github.com/linux-rdma/rdma-core/blob/master/COPYING.md
diff --git a/meta-openembedded/meta-networking/recipes-support/spice/spice_git.bb b/meta-openembedded/meta-networking/recipes-support/spice/spice_git.bb
index d9083bc..1887a55 100644
--- a/meta-openembedded/meta-networking/recipes-support/spice/spice_git.bb
+++ b/meta-openembedded/meta-networking/recipes-support/spice/spice_git.bb
@@ -30,6 +30,12 @@
 
 S = "${WORKDIR}/git"
 
+CVE_CHECK_IGNORE += "\
+    CVE-2016-0749 \
+    CVE-2016-2150 \
+    CVE-2018-10893 \
+"
+
 inherit autotools gettext python3native python3-dir pkgconfig
 
 DEPENDS += "spice-protocol jpeg pixman alsa-lib glib-2.0 python3-pyparsing-native python3-six-native glib-2.0-native"
diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch b/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch
new file mode 100644
index 0000000..e730fe1
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch
@@ -0,0 +1,31 @@
+From d23c0ea81e630af3cfda89aeeb52146c0c84c960 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Mon, 2 May 2022 09:31:49 +0200
+Subject: [PATCH] enum: Fix compiler warning
+
+Closes strongswan/strongswan#1025
+
+Upstream-Status: Backport
+[https://github.com/strongswan/strongswan/commit/d23c0ea81e630af3cfda89aeeb52146c0c84c960]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/libstrongswan/utils/enum.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libstrongswan/utils/enum.c b/src/libstrongswan/utils/enum.c
+index 79da450f0c..1e77489f6f 100644
+--- a/src/libstrongswan/utils/enum.c
++++ b/src/libstrongswan/utils/enum.c
+@@ -97,7 +97,7 @@ char *enum_flags_to_string(enum_name_t *e, u_int val, char *buf, size_t len)
+ 		return buf;
+ 	}
+ 
+-	if (snprintf(buf, len, e->names[0]) >= len)
++	if (snprintf(buf, len, "%s", e->names[0]) >= len)
+ 	{
+ 		return NULL;
+ 	}
+-- 
+2.25.1
+
diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch b/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch
deleted file mode 100644
index 7da48cd..0000000
--- a/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From 3eecd40cec6415fc033f8d9141ab652047e71524 Mon Sep 17 00:00:00 2001
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Wed, 23 Feb 2022 17:29:02 +0100
-Subject: [PATCH] openssl: Don't unload providers
-
-There is a conflict between atexit() handlers registered by OpenSSL and
-some executables (e.g. swanctl or pki) to deinitialize libstrongswan.
-Because plugins are usually loaded after atexit() has been called, the
-handler registered by OpenSSL will run before our handler.  So when the
-latter destroys the plugins it's a bad idea to try to access any OpenSSL
-objects as they might already be invalid.
-
-Fixes: f556fce16b60 ("openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.")
-Closes strongswan/strongswan#921
-
-Upstream-Status: Backport
-[https://github.com/strongswan/strongswan/commit/3eecd40cec6415fc033f8d9141ab652047e71524]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- .../plugins/openssl/openssl_plugin.c          | 27 +++----------------
- 1 file changed, 3 insertions(+), 24 deletions(-)
-
-diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
-index 6b4923649..1491d5cf8 100644
---- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
-@@ -16,7 +16,6 @@
- 
- #include <library.h>
- #include <utils/debug.h>
--#include <collections/array.h>
- #include <threading/thread.h>
- #include <threading/mutex.h>
- #include <threading/thread_value.h>
-@@ -74,13 +73,6 @@ struct private_openssl_plugin_t {
- 	 * public functions
- 	 */
- 	openssl_plugin_t public;
--
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
--	/**
--	 * Loaded providers
--	 */
--	array_t *providers;
--#endif
- };
- 
- /**
-@@ -887,15 +879,6 @@ METHOD(plugin_t, get_features, int,
- METHOD(plugin_t, destroy, void,
- 	private_openssl_plugin_t *this)
- {
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
--	OSSL_PROVIDER *provider;
--	while (array_remove(this->providers, ARRAY_TAIL, &provider))
--	{
--		OSSL_PROVIDER_unload(provider);
--	}
--	array_destroy(this->providers);
--#endif /* OPENSSL_VERSION_NUMBER */
--
- /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
-  * can't call it as we couldn't re-initialize the library (as required by the
-  * unit tests and the Android app) */
-@@ -1009,20 +992,16 @@ plugin_t *openssl_plugin_create()
- 			DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider");
- 			return NULL;
- 		}
--		array_insert_create(&this->providers, ARRAY_TAIL, fips);
- 		/* explicitly load the base provider containing encoding functions */
--		array_insert_create(&this->providers, ARRAY_TAIL,
--							OSSL_PROVIDER_load(NULL, "base"));
-+		OSSL_PROVIDER_load(NULL, "base");
- 	}
- 	else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
- 									 TRUE, lib->ns))
- 	{
- 		/* load the legacy provider for algorithms like MD4, DES, BF etc. */
--		array_insert_create(&this->providers, ARRAY_TAIL,
--							OSSL_PROVIDER_load(NULL, "legacy"));
-+		OSSL_PROVIDER_load(NULL, "legacy");
- 		/* explicitly load the default provider, as mentioned by crypto(7) */
--		array_insert_create(&this->providers, ARRAY_TAIL,
--							OSSL_PROVIDER_load(NULL, "default"));
-+		OSSL_PROVIDER_load(NULL, "default");
- 	}
- 	ossl_provider_names_t data = {};
- 	OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data);
--- 
-2.25.1
-
diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb
similarity index 97%
rename from meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb
rename to meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb
index cfb7b41..1b82dce 100644
--- a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb
+++ b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb
@@ -9,10 +9,10 @@
 DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', '  tpm2-tss', '', d)}"
 
 SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \
-           file://0001-openssl-Don-t-unload-providers.patch \
+           file://0001-enum-Fix-compiler-warning.patch \
            "
 
-SRC_URI[sha256sum] = "983e4ef4a4c6c9d69f5fe6707c7fe0b2b9a9291943bbf4e008faab6bf91c0bdd"
+SRC_URI[sha256sum] = "91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7"
 
 UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
similarity index 96%
rename from meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb
rename to meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
index f1dba22..38fdbce 100644
--- a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb
+++ b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
@@ -19,7 +19,7 @@
 
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
 
-SRC_URI[sha256sum] = "a0e227bce2cc3a51ef3301891a0243231990b52a39b68a84a6e32f69c4e75279"
+SRC_URI[sha256sum] = "881a13303e263b7dc7fe337534c8a541d4914552287879bed30bbe76c5bf68ca"
 
 PE = "1"