subtree updates

meta-openembedded: 4dbbef7a39..9953ca1ac0:
  Andreas Cord-Landwehr (1):
        freerdp: provide cmake integration

  BELOUARGA Mohamed (1):
        Monocypher: Correct source URI and license

  Clément Péron (2):
        abseil-cpp: rename recipe to follow the version
        protobuf: upgrade 4.23.4 -> 4.25.2

  Fabio Estevam (1):
        v4l-utils: Remove unneeded musl patch

  Gassner, Tobias.ext (1):
        softhsm_2.6.1.bb fixing p11-kit module path, adding softhsm2.module to FILES

  Gianfranco Costamagna (1):
        vbxguestdrivers: upgrade 7.0.12 -> 7.0.14

  Khem Raj (4):
        Revert "rng-tools: move from oe-core to meta-oe"
        python3-pillow: Correct branch parameter in SRC_URI
        python3-multidict: Make it work with python 3.12
        python3-multidict: Fix running ptests

  Markus Volk (6):
        eog: update 45.1 -> 45.2
        file-roller: update 43.0 -> 43.1
        gvfs: update 1.52.1 -> 1.52.2
        gjs: update 1.78.1 -> 1.78.2
        mozjs: update 115.2.0 -> 115.6.0
        pipewire: update 1.0.0 -> 1.0.1

  Michael Haener (1):
        nginx: add http sub module feature

  Pablo Saavedra (1):
        libbacktrace: fix sdk installation

  Peter Marko (2):
        protobuf-c: change branch to master
        srecord: fix malformed patch upstream status

  Ross Burton (1):
        mozjs-115: fix the build on ARMv5

  Yi Zhao (1):
        samba: upgrade 4.19.3 -> 4.19.4

  Yoann Congal (3):
        packagegroup-meta-oe: remove mongodb
        python3-coverage: add native and nativesdk BBCLASSEXTEND
        python3-pytest-cov: Add missing python3-pytest RDEPENDS

  alperak (8):
        fmt: upgrade 10.1.1 -> 10.2.1
        gerbera: upgrade 1.12.1 -> 2.0.0
        spdlog: upgrade 1.12 -> 1.13
        libebml: upgrade 1.4.4 -> 1.4.5
        lcms: upgrade 2.15 -> 2.16
        libkcapi: upgrade 1.4.0 -> 1.5.0
        icewm: upgrade 3.4.4 -> 3.4.5
        libreport: upgrade 2.17.8 -> 2.17.11

meta-raspberrypi: b859bc3eca..9c901bf170:
  Damiano Ferrari (2):
        rpi-config: Add CAN0_INTERRUPT_PIN and CAN1_INTERRUPT_PIN variable
        docs: add info on how to set different CAN interrupt pins

  Florin Sarbu (1):
        Add Raspberry Pi 5

  Leon Anavi (7):
        rpi-base.inc: Add vc4-kms-v3d-pi5.dtbo
        u-boot_%.bbappend: Skip for Raspberry Pi 5
        rpi-config: Reduce config.txt size
        linux-raspberrypi.inc: bcm2712_defconfig for rpi5
        conf/machine/raspberrypi5.conf: kernel_2712.img
        conf/machine/raspberrypi5.conf: ttyAMA10
        conf/machine/raspberrypi5.conf: Use "Image"

poky: 7af374c90c..348d9aba33:
  Alejandro Hernandez Samaniego (1):
        newlib: Upgrade 4.3.0 -> 4.4.0

  Alexander Kanavin (1):
        shadow: replace static linking with dynamic libraries in a custom location and bundled with shadow

  Anuj Mittal (4):
        bluez5: upgrade 5.71 -> 5.72
        cronie: upgrade 1.7.0 -> 1.7.1
        libpsl: upgrade 0.21.2 -> 0.21.5
        grub2: upgrade 2.06 -> 2.12

  Bruce Ashfield (12):
        linux-yocto/6.6: update to v6.6.11
        linux-yocto/6.6: update CVE exclusions
        linux-yocto/6.1: update to v6.1.72
        linux-yocto/6.1: update CVE exclusions
        linux-yocto/6.6: cfg: arm: introduce page size fragments
        linux-yocto/6.6: security/cfg: add configs to harden protection
        linux-yocto/6.1: security/cfg: add configs to harden protection
        linux-yocto/6.6: update to v6.6.12
        linux-yocto/6.6: update CVE exclusions
        linux-yocto/6.1: update to v6.1.73
        linux-yocto/6.1: update CVE exclusions
        linux-yocto/6.1: drop recipes

  Chen Qi (5):
        oeqa/selftest: add test case to cover 'devtool modify -n' for a git recipe
        systemd: refresh musl patches for v255.1
        systemd: upgrade to 255.1
        systemd-boot: upgrade to 255.1
        rootfs-postcommands.bbclass: ignore comment mismatch in systemd_user_check

  Etienne Cordonnier (1):
        cmake.bbclass: add Darwin support

  Fabio Estevam (2):
        weston: Update to 13.0.0
        pulseaudio: Update to 17.0

  Jiang Kai (4):
        debianutils: upgrade 5.15 -> 5.16
        enchant2: upgrade 2.6.4 -> 2.6.5
        libsecret: upgrade 0.21.1 -> 0.21.2
        libxrandr: upgrade 1.5.3 -> 1.5.4

  Joe Slater (1):
        eudev: modify predictable network if name search

  Jonathan GUILLOT (1):
        udev-extraconf: fix unmount directories containing octal-escaped chars

  Julien Stephan (3):
        externalsrc: fix task dependency for do_populate_lic
        devtool: modify: add support for multiple source in SRC_URI
        oeqa/selftest/devtool: add test for recipes with multiple sources in SRC_URI

  Kai Kang (2):
        nativesdk-cairo: fix build error
        p11-kit: fix parallel build failures

  Kevin Hao (2):
        yocto-bsp: Bump the default kernel to v6.6
        yocto-bsp: Drop the support for v6.1 kernel

  Khem Raj (4):
        libgudev: Pass export-dynamic to linker directly.
        coreutils: Fix build with clang
        glibc: Do not enable CET on 32bit x86
        rust: Re-write RPATHs in the copies llvm-config

  Pavel Zhukov (1):
        mdadm: Disable ptests

  Peter Marko (1):
        zlib: ignore CVE-2023-6992

  Richard Purdie (7):
        qemu: add PACKAGECONFIG for sndio
        poky-altcfg: Update PREFERRED_VERSION for kerenl
        xev: Drop diet libx11 related patch
        libxcomposite: Drop obsolete patch
        python3-subunit: Add missing module dependency
        qemu: Upgrade 8.1.2 -> 8.2.0
        qemu: Fix segfaults in webkitgtk:do_compile on debian11

  Robert Yang (1):
        autoconf: 2.72d -> 2.72e

  Ross Burton (7):
        cve_check: handle CVE_STATUS being set to the empty string
        cve_check: cleanup logging
        xserver-xorg: add PACKAGECONFIG for xvfb
        xserver-xorg: disable xvfb by default
        libssh2: backport fix for CVE-2023-48795
        bitbake: bitbake: Version bump for inherit_defer addition
        sanity: require bitbake 2.7.2 for the inherit_defer statement

  Ryan Eatmon (1):
        python3-yamllint: Add recipe

  Simone Weiß (2):
        tune-core2: Update qemu cpu to supported model
        gcc: Update status of CVE-2023-4039

  Thomas Perrot (1):
        opensbi: bump to 1.4

  Timotheus Giuliani (1):
        linux-firmware: fix mediatek MT76x empty license package

  Vincent Davis Jr (1):
        shaderc: update commit hash to v2023.7

  Wang Mingyu (2):
        python3-subunit: upgrade 1.4.2 -> 1.4.4
        libtest-warnings-perl: upgrade 0.031 -> 0.032

  William Hauser (1):
        native.bbclass: base_libdir unique from libdir

  William Lyu (1):
        perl: Fix perl-module-* being ignored via COMPLEMENTARY_GLOB

  Yash Shinde (7):
        rust: Fetch cargo from rust-snapshot dir.
        rust: detect user-specified custom targets in compiletest
        rust: Enable RUSTC_BOOTSTRAP to use nightly features during rust oe-selftest.
        rust: Fix assertion failure error on oe-selftest
        rust: Add new tests in the exclude list for rust oe-selftest
        rust: Remove the test cases whose parent dir is also present in the exclude list
        rust: Enable rust oe-selftest.

  Yogita Urade (1):
        tiff: fix CVE-2023-6228

meta-arm: 1cad3c3813..6bb1fc8d8c:
  Harsimran Singh Tungal (1):
        n1sdp:arm-bsp/optee: Update optee to v4.0

  Ross Burton (1):
        arm-bsp/linux-yocto: add 6.1 recipe

Change-Id: Ib4cc4e128e4d41f3329cf83a0d5e8539ef07ebe3
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
diff --git a/poky/meta/classes-recipe/cmake.bbclass b/poky/meta/classes-recipe/cmake.bbclass
index d978b88..1e353f6 100644
--- a/poky/meta/classes-recipe/cmake.bbclass
+++ b/poky/meta/classes-recipe/cmake.bbclass
@@ -72,6 +72,8 @@
 OECMAKE_TARGET_INSTALL ?= "install"
 
 def map_host_os_to_system_name(host_os):
+    if host_os.startswith('darwin'):
+        return 'Darwin'
     if host_os.startswith('mingw'):
         return 'Windows'
     if host_os.startswith('linux'):
diff --git a/poky/meta/classes-recipe/native.bbclass b/poky/meta/classes-recipe/native.bbclass
index cfd299d..84a3ec6 100644
--- a/poky/meta/classes-recipe/native.bbclass
+++ b/poky/meta/classes-recipe/native.bbclass
@@ -77,7 +77,7 @@
 
 bindir = "${STAGING_BINDIR_NATIVE}"
 sbindir = "${STAGING_SBINDIR_NATIVE}"
-base_libdir = "${STAGING_LIBDIR_NATIVE}"
+base_libdir = "${STAGING_BASE_LIBDIR_NATIVE}"
 libdir = "${STAGING_LIBDIR_NATIVE}"
 includedir = "${STAGING_INCDIR_NATIVE}"
 sysconfdir = "${STAGING_ETCDIR_NATIVE}"
diff --git a/poky/meta/classes-recipe/rootfs-postcommands.bbclass b/poky/meta/classes-recipe/rootfs-postcommands.bbclass
index 163c7f4..3d05ff3 100644
--- a/poky/meta/classes-recipe/rootfs-postcommands.bbclass
+++ b/poky/meta/classes-recipe/rootfs-postcommands.bbclass
@@ -106,12 +106,11 @@
     # user and e_user must not have None values. Unset values must be '-'.
     (name, uid, gid, comment, homedir, ushell) = user
     (e_name, e_uid, e_gid, e_comment, e_homedir, e_ushell) = e_user
-    # Ignore 'uid', 'gid' or 'comment' if they are not set
+    # Ignore 'uid', 'gid' or 'homedir' if they are not set
     # Ignore 'shell' and 'ushell' if one is not set
     return name == e_name \
         and (uid == '-' or uid == e_uid) \
         and (gid == '-' or gid == e_gid) \
-        and (comment == '-' or e_comment == '-' or comment.lower() == e_comment.lower()) \
         and (homedir == '-' or e_homedir == '-' or homedir == e_homedir) \
         and (ushell == '-' or e_ushell == '-' or ushell == e_ushell)
 
diff --git a/poky/meta/classes/externalsrc.bbclass b/poky/meta/classes/externalsrc.bbclass
index a54f316..70e27a8 100644
--- a/poky/meta/classes/externalsrc.bbclass
+++ b/poky/meta/classes/externalsrc.bbclass
@@ -104,6 +104,7 @@
         # If we deltask do_patch, there's no dependency to ensure do_unpack gets run, so add one
         # Note that we cannot use d.appendVarFlag() here because deps is expected to be a list object, not a string
         d.setVarFlag('do_configure', 'deps', (d.getVarFlag('do_configure', 'deps', False) or []) + ['do_unpack'])
+        d.setVarFlag('do_populate_lic', 'deps', (d.getVarFlag('do_populate_lic', 'deps', False) or []) + ['do_unpack'])
 
         for task in d.getVar("SRCTREECOVEREDTASKS").split():
             if local_srcuri and task in fetch_tasks:
diff --git a/poky/meta/conf/distro/include/init-manager-systemd.inc b/poky/meta/conf/distro/include/init-manager-systemd.inc
index 595d1f2..0a76647 100644
--- a/poky/meta/conf/distro/include/init-manager-systemd.inc
+++ b/poky/meta/conf/distro/include/init-manager-systemd.inc
@@ -5,3 +5,5 @@
 VIRTUAL-RUNTIME_initscripts ??= "systemd-compat-units"
 VIRTUAL-RUNTIME_login_manager ??= "shadow-base"
 VIRTUAL-RUNTIME_dev_manager ??= "systemd"
+# systemd hardcodes /root in its source codes, other values are not offically supported
+ROOT_HOME ?= "/root"
diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc
index 8dc63b1..b0625a1 100644
--- a/poky/meta/conf/distro/include/maintainers.inc
+++ b/poky/meta/conf/distro/include/maintainers.inc
@@ -724,6 +724,7 @@
 RECIPE_MAINTAINER:pn-python3-webcolors = "Bruce Ashfield <bruce.ashfield@gmail.com>"
 RECIPE_MAINTAINER:pn-python3-wheel = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-xmltodict = "Leon Anavi <leon.anavi@konsulko.com>"
+RECIPE_MAINTAINER:pn-python3-yamllint = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-zipp = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-qemu = "Richard Purdie <richard.purdie@linuxfoundation.org>"
 RECIPE_MAINTAINER:pn-qemu-helper-native = "Richard Purdie <richard.purdie@linuxfoundation.org>"
diff --git a/poky/meta/conf/distro/include/no-static-libs.inc b/poky/meta/conf/distro/include/no-static-libs.inc
index 8898d53..7535992 100644
--- a/poky/meta/conf/distro/include/no-static-libs.inc
+++ b/poky/meta/conf/distro/include/no-static-libs.inc
@@ -21,11 +21,6 @@
 # needed by rust
 DISABLE_STATIC:pn-musl = ""
 
-# needed by shadow-native to build static executables, particularly useradd
-DISABLE_STATIC:pn-attr-native = ""
-DISABLE_STATIC:pn-libbsd-native = ""
-DISABLE_STATIC:pn-libmd-native = ""
-
 EXTRA_OECONF:append = "${DISABLE_STATIC}"
 
 EXTRA_OECMAKE:append:pn-libical = " -DSHARED_ONLY=True"
diff --git a/poky/meta/conf/distro/include/ptest-packagelists.inc b/poky/meta/conf/distro/include/ptest-packagelists.inc
index ef6f471..a1643c5 100644
--- a/poky/meta/conf/distro/include/ptest-packagelists.inc
+++ b/poky/meta/conf/distro/include/ptest-packagelists.inc
@@ -104,7 +104,6 @@
     libgcrypt \
     libmodule-build-perl \
     lttng-tools \
-    mdadm \
     openssh \
     openssl \
     parted \
@@ -135,6 +134,7 @@
 #    ifupdown \ # Tested separately in lib/oeqa/selftest/cases/imagefeatures.py
 #    libinput \ # Tests need an unloaded system to be reliable
 #    libpam \ # Needs pam DISTRO_FEATURE
+#    mdadm \ # tests are flaky in AB.
 #    numactl \ # qemu not (yet) configured for numa; all tests are skipped
 #    libseccomp \ #  tests failed: 38; add to slow tests once addressed
 #    python3-numpy \ # requires even more RAM and (possibly) disk space; multiple failures
@@ -147,6 +147,7 @@
     libinput \
     libpam \
     libseccomp \
+    mdadm \
     numactl \
     python3-license-expression \
     python3-numpy \
diff --git a/poky/meta/conf/distro/include/tcmode-default.inc b/poky/meta/conf/distro/include/tcmode-default.inc
index 3720a4c5..a12b202 100644
--- a/poky/meta/conf/distro/include/tcmode-default.inc
+++ b/poky/meta/conf/distro/include/tcmode-default.inc
@@ -22,7 +22,7 @@
 GDBVERSION ?= "14.%"
 GLIBCVERSION ?= "2.38%"
 LINUXLIBCVERSION ?= "6.6%"
-QEMUVERSION ?= "8.1%"
+QEMUVERSION ?= "8.2%"
 GOVERSION ?= "1.20%"
 LLVMVERSION ?= "17.%"
 RUSTVERSION ?= "1.74%"
diff --git a/poky/meta/conf/machine/include/x86/tune-core2.inc b/poky/meta/conf/machine/include/x86/tune-core2.inc
index 97b7c1b..082fd4e 100644
--- a/poky/meta/conf/machine/include/x86/tune-core2.inc
+++ b/poky/meta/conf/machine/include/x86/tune-core2.inc
@@ -21,18 +21,18 @@
 BASE_LIB:tune-core2-32 = "lib"
 TUNE_PKGARCH:tune-core2-32 = "core2-32"
 PACKAGE_EXTRA_ARCHS:tune-core2-32 = "${PACKAGE_EXTRA_ARCHS:tune-i686} core2-32"
-QEMU_EXTRAOPTIONS_core2-32 = " -cpu n270"
+QEMU_EXTRAOPTIONS_core2-32 = " -cpu Nehalem,check=false"
 
 AVAILTUNES += "core2-64"
 TUNE_FEATURES:tune-core2-64 = "${TUNE_FEATURES:tune-x86-64} core2"
 BASE_LIB:tune-core2-64 = "lib64"
 TUNE_PKGARCH:tune-core2-64 = "core2-64"
 PACKAGE_EXTRA_ARCHS:tune-core2-64 = "${PACKAGE_EXTRA_ARCHS:tune-x86-64} core2-64"
-QEMU_EXTRAOPTIONS_core2-64 = " -cpu core2duo"
+QEMU_EXTRAOPTIONS_core2-64 = " -cpu Nehalem,check=false"
 
 AVAILTUNES += "core2-64-x32"
 TUNE_FEATURES:tune-core2-64-x32 = "${TUNE_FEATURES:tune-x86-64-x32} core2"
 BASE_LIB:tune-core2-64-x32 = "libx32"
 TUNE_PKGARCH:tune-core2-64-x32 = "core2-64-x32"
 PACKAGE_EXTRA_ARCHS:tune-core2-64-x32 = "${PACKAGE_EXTRA_ARCHS:tune-x86-64-x32} core2-64-x32"
-QEMU_EXTRAOPTIONS_core2-64-x32 = " -cpu core2duo"
+QEMU_EXTRAOPTIONS_core2-64-x32 = " -cpu Nehalem,check=false"
diff --git a/poky/meta/conf/sanity.conf b/poky/meta/conf/sanity.conf
index 435455d..c3e6c51 100644
--- a/poky/meta/conf/sanity.conf
+++ b/poky/meta/conf/sanity.conf
@@ -3,7 +3,7 @@
 # See sanity.bbclass
 #
 # Expert users can confirm their sanity with "touch conf/sanity.conf"
-BB_MIN_VERSION = "2.7.1"
+BB_MIN_VERSION = "2.7.2"
 
 SANITY_ABIFILE = "${TMPDIR}/abi_version"
 
diff --git a/poky/meta/lib/oe/cve_check.py b/poky/meta/lib/oe/cve_check.py
index 3fa77bf..ed5c714 100644
--- a/poky/meta/lib/oe/cve_check.py
+++ b/poky/meta/lib/oe/cve_check.py
@@ -79,20 +79,19 @@
     import re
     import oe.patch
 
-    pn = d.getVar("PN")
-    cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+")
+    cve_match = re.compile(r"CVE:( CVE-\d{4}-\d+)+")
 
     # Matches the last "CVE-YYYY-ID" in the file name, also if written
     # in lowercase. Possible to have multiple CVE IDs in a single
     # file name, but only the last one will be detected from the file name.
     # However, patch files contents addressing multiple CVE IDs are supported
     # (cve_match regular expression)
-
-    cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)")
+    cve_file_name_match = re.compile(r".*(CVE-\d{4}-\d+)", re.IGNORECASE)
 
     patched_cves = set()
-    bb.debug(2, "Looking for patches that solves CVEs for %s" % pn)
-    for url in oe.patch.src_patches(d):
+    patches = oe.patch.src_patches(d)
+    bb.debug(2, "Scanning %d patches for CVEs" % len(patches))
+    for url in patches:
         patch_file = bb.fetch.decodeurl(url)[2]
 
         # Check patch file name for CVE ID
@@ -100,7 +99,7 @@
         if fname_match:
             cve = fname_match.group(1).upper()
             patched_cves.add(cve)
-            bb.debug(2, "Found CVE %s from patch file name %s" % (cve, patch_file))
+            bb.debug(2, "Found %s from patch file name %s" % (cve, patch_file))
 
         # Remote patches won't be present and compressed patches won't be
         # unpacked, so say we're not scanning them
@@ -231,7 +230,7 @@
     Convert CVE_STATUS into status, detail and description.
     """
     status = d.getVarFlag("CVE_STATUS", cve)
-    if status is None:
+    if not status:
         return ("", "", "")
 
     status_split = status.split(':', 1)
@@ -240,7 +239,7 @@
 
     status_mapping = d.getVarFlag("CVE_CHECK_STATUSMAP", detail)
     if status_mapping is None:
-        bb.warn('Invalid detail %s for CVE_STATUS[%s] = "%s", fallback to Unpatched' % (detail, cve, status))
+        bb.warn('Invalid detail "%s" for CVE_STATUS[%s] = "%s", fallback to Unpatched' % (detail, cve, status))
         status_mapping = "Unpatched"
 
     return (status_mapping, detail, description)
diff --git a/poky/meta/lib/oeqa/selftest/cases/devtool.py b/poky/meta/lib/oeqa/selftest/cases/devtool.py
index a877720..15249b7 100644
--- a/poky/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/poky/meta/lib/oeqa/selftest/cases/devtool.py
@@ -917,6 +917,28 @@
         # Try building
         bitbake(testrecipe)
 
+    def test_devtool_modify_git_no_extract(self):
+        # Check preconditions
+        testrecipe = 'psplash'
+        src_uri = get_bb_var('SRC_URI', testrecipe)
+        self.assertIn('git://', src_uri, 'This test expects the %s recipe to be a git recipe' % testrecipe)
+        # Clean up anything in the workdir/sysroot/sstate cache
+        bitbake('%s -c cleansstate' % testrecipe)
+        # Try modifying a recipe
+        tempdir = tempfile.mkdtemp(prefix='devtoolqa')
+        self.track_for_cleanup(tempdir)
+        self.track_for_cleanup(self.workspacedir)
+        self.add_command_to_tearDown('bitbake -c clean %s' % testrecipe)
+        self.add_command_to_tearDown('bitbake-layers remove-layer */workspace')
+        result = runCmd('git clone https://git.yoctoproject.org/psplash %s && devtool modify -n %s %s' % (tempdir, testrecipe, tempdir))
+        self.assertExists(os.path.join(self.workspacedir, 'conf', 'layer.conf'), 'Workspace directory not created. devtool output: %s' % result.output)
+        matches = glob.glob(os.path.join(self.workspacedir, 'appends', 'psplash_*.bbappend'))
+        self.assertTrue(matches, 'bbappend not created')
+        # Test devtool status
+        result = runCmd('devtool status')
+        self.assertIn(testrecipe, result.output)
+        self.assertIn(tempdir, result.output)
+
     def test_devtool_modify_git_crates_subpath(self):
         # This tests two things in devtool context:
         #   - that we support local git dependencies for cargo based recipe
@@ -1086,6 +1108,32 @@
         check('devtool-override-qemuarm', 'This is a test for qemuarm\n')
         check('devtool-override-qemux86', 'This is a test for qemux86\n')
 
+    def test_devtool_modify_multiple_sources(self):
+        # This test check that recipes fetching several sources can be used with devtool modify/build
+        # Check preconditions
+        testrecipe = 'bzip2'
+        src_uri = get_bb_var('SRC_URI', testrecipe)
+        src1 = 'https://' in src_uri
+        src2 = 'git://' in src_uri
+        self.assertTrue(src1 and src2, 'This test expects the %s recipe to fetch both a git source and a tarball and it seems that it no longer does' % testrecipe)
+        # Clean up anything in the workdir/sysroot/sstate cache
+        bitbake('%s -c cleansstate' % testrecipe)
+        # Try modifying a recipe
+        tempdir = tempfile.mkdtemp(prefix='devtoolqa')
+        self.track_for_cleanup(tempdir)
+        self.track_for_cleanup(self.workspacedir)
+        self.add_command_to_tearDown('bitbake -c clean %s' % testrecipe)
+        self.add_command_to_tearDown('bitbake-layers remove-layer */workspace')
+        result = runCmd('devtool modify %s -x %s' % (testrecipe, tempdir))
+        self.assertEqual(result.status, 0, "Could not modify recipe %s. Output: %s" % (testrecipe, result.output))
+        # Test devtool status
+        result = runCmd('devtool status')
+        self.assertIn(testrecipe, result.output)
+        self.assertIn(tempdir, result.output)
+        # Try building
+        result = bitbake(testrecipe)
+        self.assertEqual(result.status, 0, "Bitbake failed, exit code %s, output %s" % (result.status, result.output))
+
 class DevtoolUpdateTests(DevtoolBase):
 
     def test_devtool_update_recipe(self):
diff --git a/poky/meta/lib/oeqa/selftest/cases/rust.py b/poky/meta/lib/oeqa/selftest/cases/rust.py
index 6dbc517..164ad11 100644
--- a/poky/meta/lib/oeqa/selftest/cases/rust.py
+++ b/poky/meta/lib/oeqa/selftest/cases/rust.py
@@ -40,7 +40,12 @@
 class RustSelfTestSystemEmulated(OESelftestTestCase, OEPTestResultTestCase):
     def test_rust(self, *args, **kwargs):
         # Disable Rust Oe-selftest
-        self.skipTest("The Rust Oe-selftest is disabled.")
+        #self.skipTest("The Rust Oe-selftest is disabled.")
+
+        # Skip mips32 target since it is unstable with rust tests
+        machine = get_bb_var('MACHINE')
+        if machine == "qemumips":
+            self.skipTest("The mips32 target is skipped for Rust Oe-selftest.")
 
         # build remote-test-server before image build
         recipe = "rust"
@@ -102,108 +107,10 @@
                             'tests/codegen/uninit-consts.rs',
                             'tests/pretty/raw-str-nonexpr.rs',
                             'tests/run-make',
-                            'tests/run-make/cdylib-fewer-symbols/foo.rs',
-                            'tests/run-make/doctests-keep-binaries/t.rs',
                             'tests/run-make-fulldeps',
-                            'tests/run-make/issue-22131/foo.rs',
-                            'tests/run-make/issue-36710/Makefile',
-                            'tests/run-make/issue-47551',
-                            'tests/run-make/pgo-branch-weights',
-                            'tests/run-make/pgo-gen',
-                            'tests/run-make/pgo-gen-lto',
-                            'tests/run-make/pgo-indirect-call-promotion',
-                            'tests/run-make/pgo-use',
-                            'tests/run-make/pointer-auth-link-with-c/Makefile',
-                            'tests/run-make/profile',
-                            'tests/run-make/static-pie',
-                            'tests/run-make/sysroot-crates-are-unstable',
-                            'tests/run-make/target-specs',
                             'tests/rustdoc',
-                            'tests/rustdoc/async-move-doctest.rs',
-                            'tests/rustdoc/async-trait.rs',
-                            'tests/rustdoc/auto-traits.rs',
-                            'tests/rustdoc/check-source-code-urls-to-def.rs',
-                            'tests/rustdoc/comment-in-doctest.rs',
-                            'tests/rustdoc/const-generics/const-generics-docs.rs',
-                            'tests/rustdoc/cross-crate-hidden-assoc-trait-items.rs',
-                            'tests/rustdoc/cross-crate-hidden-impl-parameter.rs',
-                            'tests/rustdoc/cross-crate-links.rs',
-                            'tests/rustdoc/cross-crate-primitive-doc.rs',
-                            'tests/rustdoc/doctest-manual-crate-name.rs',
-                            'tests/rustdoc/edition-doctest.rs',
-                            'tests/rustdoc/edition-flag.rs',
-                            'tests/rustdoc/elided-lifetime.rs',
-                            'tests/rustdoc/external-macro-src.rs',
-                            'tests/rustdoc/extern-html-root-url.rs',
-                            'tests/rustdoc/extern-impl-trait.rs',
-                            'tests/rustdoc/hide-unstable-trait.rs',
-                            'tests/rustdoc/inline_cross/add-docs.rs',
-                            'tests/rustdoc/inline_cross/default-trait-method.rs',
-                            'tests/rustdoc/inline_cross/dyn_trait.rs',
-                            'tests/rustdoc/inline_cross/impl_trait.rs',
-                            'tests/rustdoc/inline_cross/issue-24183.rs',
-                            'tests/rustdoc/inline_cross/macros.rs',
-                            'tests/rustdoc/inline_cross/trait-vis.rs',
-                            'tests/rustdoc/inline_cross/use_crate.rs',
-                            'tests/rustdoc/intra-doc-crate/self.rs',
-                            'tests/rustdoc/intra-doc/cross-crate/additional_doc.rs',
-                            'tests/rustdoc/intra-doc/cross-crate/basic.rs',
-                            'tests/rustdoc/intra-doc/cross-crate/crate.rs',
-                            'tests/rustdoc/intra-doc/cross-crate/hidden.rs',
-                            'tests/rustdoc/intra-doc/cross-crate/macro.rs',
-                            'tests/rustdoc/intra-doc/cross-crate/module.rs',
-                            'tests/rustdoc/intra-doc/cross-crate/submodule-inner.rs',
-                            'tests/rustdoc/intra-doc/cross-crate/submodule-outer.rs',
-                            'tests/rustdoc/intra-doc/cross-crate/traits.rs',
-                            'tests/rustdoc/intra-doc/extern-builtin-type-impl.rs',
-                            'tests/rustdoc/intra-doc/extern-crate-only-used-in-link.rs',
-                            'tests/rustdoc/intra-doc/extern-crate.rs',
-                            'tests/rustdoc/intra-doc/extern-inherent-impl.rs',
-                            'tests/rustdoc/intra-doc/extern-reference-link.rs',
-                            'tests/rustdoc/intra-doc/issue-103463.rs',
-                            'tests/rustdoc/intra-doc/issue-104145.rs',
-                            'tests/rustdoc/intra-doc/issue-66159.rs',
-                            'tests/rustdoc/intra-doc/pub-use.rs',
-                            'tests/rustdoc/intra-doc/reexport-additional-docs.rs',
-                            'tests/rustdoc/issue-18199.rs',
-                            'tests/rustdoc/issue-23106.rs',
-                            'tests/rustdoc/issue-23744.rs',
-                            'tests/rustdoc/issue-25944.rs',
-                            'tests/rustdoc/issue-30252.rs',
-                            'tests/rustdoc/issue-38129.rs',
-                            'tests/rustdoc/issue-40936.rs',
-                            'tests/rustdoc/issue-43153.rs',
-                            'tests/rustdoc/issue-46727.rs',
-                            'tests/rustdoc/issue-48377.rs',
-                            'tests/rustdoc/issue-48414.rs',
-                            'tests/rustdoc/issue-53689.rs',
-                            'tests/rustdoc/issue-54478-demo-allocator.rs',
-                            'tests/rustdoc/issue-57180.rs',
-                            'tests/rustdoc/issue-61592.rs',
-                            'tests/rustdoc/issue-73061-cross-crate-opaque-assoc-type.rs',
-                            'tests/rustdoc/issue-75588.rs',
-                            'tests/rustdoc/issue-85454.rs',
-                            'tests/rustdoc/issue-86620.rs',
                             'tests/rustdoc-json',
                             'tests/rustdoc-js-std',
-                            'tests/rustdoc/macro_pub_in_module.rs',
-                            'tests/rustdoc/masked.rs',
-                            'tests/rustdoc/normalize-assoc-item.rs',
-                            'tests/rustdoc/no-stack-overflow-25295.rs',
-                            'tests/rustdoc/primitive-reexport.rs',
-                            'tests/rustdoc/process-termination.rs',
-                            'tests/rustdoc/pub-extern-crate.rs',
-                            'tests/rustdoc/pub-use-extern-macros.rs',
-                            'tests/rustdoc/reexport-check.rs',
-                            'tests/rustdoc/reexport-dep-foreign-fn.rs',
-                            'tests/rustdoc/reexport-doc.rs',
-                            'tests/rustdoc/reexports-priv.rs',
-                            'tests/rustdoc/reexports.rs',
-                            'tests/rustdoc/rustc,-incoherent-impls.rs',
-                            'tests/rustdoc/test_option_check/bar.rs',
-                            'tests/rustdoc/test_option_check/test.rs',
-                            'tests/rustdoc/trait-alias-mention.rs',
-                            'tests/rustdoc/trait-visibility.rs',
                             'tests/rustdoc-ui/cfg-test.rs',
                             'tests/rustdoc-ui/check-cfg-test.rs',
                             'tests/rustdoc-ui/display-output.rs',
@@ -233,28 +140,6 @@
                             'tests/ui/debuginfo/debuginfo-emit-llvm-ir-and-split-debuginfo.rs',
                             'tests/ui/drop/dynamic-drop.rs',
                             'tests/ui/empty_global_asm.rs',
-                            'tests/ui-fulldeps/deriving-encodable-decodable-box.rs',
-                            'tests/ui-fulldeps/deriving-encodable-decodable-cell-refcell.rs',
-                            'tests/ui-fulldeps/deriving-global.rs',
-                            'tests/ui-fulldeps/deriving-hygiene.rs',
-                            'tests/ui-fulldeps/dropck_tarena_sound_drop.rs',
-                            'tests/ui-fulldeps/empty-struct-braces-derive.rs',
-                            'tests/ui-fulldeps/internal-lints/bad_opt_access.rs',
-                            'tests/ui-fulldeps/internal-lints/bad_opt_access.stderr',
-                            'tests/ui-fulldeps/internal-lints/default_hash_types.rs',
-                            'tests/ui-fulldeps/internal-lints/diagnostics.rs',
-                            'tests/ui-fulldeps/internal-lints/lint_pass_impl_without_macro.rs',
-                            'tests/ui-fulldeps/internal-lints/qualified_ty_ty_ctxt.rs',
-                            'tests/ui-fulldeps/internal-lints/query_stability.rs',
-                            'tests/ui-fulldeps/internal-lints/rustc_pass_by_value.rs',
-                            'tests/ui-fulldeps/internal-lints/ty_tykind_usage.rs',
-                            'tests/ui-fulldeps/issue-14021.rs',
-                            'tests/ui-fulldeps/lint-group-denied-lint-allowed.rs',
-                            'tests/ui-fulldeps/lint-group-forbid-always-trumps-cli.rs',
-                            'tests/ui-fulldeps/lint-pass-macros.rs',
-                            'tests/ui-fulldeps/regions-mock-tcx.rs',
-                            'tests/ui-fulldeps/rustc_encodable_hygiene.rs',
-                            'tests/ui-fulldeps/session-diagnostic/enforce_slug_naming.rs',
                             'tests/ui/functions-closures/fn-help-with-err.rs',
                             'tests/ui/linkage-attr/issue-10755.rs',
                             'tests/ui/macros/restricted-shadowing-legacy.rs',
@@ -262,7 +147,43 @@
                             'tests/ui/process/process-panic-after-fork.rs',
                             'tests/ui/process/process-sigpipe.rs',
                             'tests/ui/simd/target-feature-mixup.rs',
-                            'tests/ui/structs-enums/multiple-reprs.rs'
+                            'tests/ui/structs-enums/multiple-reprs.rs',
+                            'src/tools/jsondoclint',
+                            'src/tools/replace-version-placeholder',
+                            'tests/codegen/abi-efiapi.rs',
+                            'tests/codegen/abi-sysv64.rs',
+                            'tests/codegen/align-byval.rs',
+                            'tests/codegen/align-fn.rs',
+                            'tests/codegen/asm-powerpc-clobbers.rs',
+                            'tests/codegen/async-fn-debug-awaitee-field.rs',
+                            'tests/codegen/binary-search-index-no-bound-check.rs',
+                            'tests/codegen/call-metadata.rs',
+                            'tests/codegen/debug-column.rs',
+                            'tests/codegen/debug-limited.rs',
+                            'tests/codegen/debuginfo-generic-closure-env-names.rs',
+                            'tests/codegen/drop.rs',
+                            'tests/codegen/dst-vtable-align-nonzero.rs',
+                            'tests/codegen/enable-lto-unit-splitting.rs',
+                            'tests/codegen/enum/enum-u128.rs',
+                            'tests/codegen/fn-impl-trait-self.rs',
+                            'tests/codegen/inherit_overflow.rs',
+                            'tests/codegen/inline-function-args-debug-info.rs',
+                            'tests/codegen/intrinsics/mask.rs',
+                            'tests/codegen/intrinsics/transmute-niched.rs',
+                            'tests/codegen/issues/issue-73258.rs',
+                            'tests/codegen/issues/issue-75546.rs',
+                            'tests/codegen/issues/issue-77812.rs',
+                            'tests/codegen/issues/issue-98156-const-arg-temp-lifetime.rs',
+                            'tests/codegen/llvm-ident.rs',
+                            'tests/codegen/mainsubprogram.rs',
+                            'tests/codegen/move-operands.rs',
+                            'tests/codegen/repr/transparent-mips64.rs',
+                            'tests/mir-opt/',
+                            'tests/rustdoc-json',
+                            'tests/rustdoc-ui/doc-test-rustdoc-feature.rs',
+                            'tests/rustdoc-ui/no-run-flag.rs',
+                            'tests/ui-fulldeps/',
+                            'tests/ui/numbers-arithmetic/u128.rs'
                         ]
 
         exclude_fail_tests = " ".join([" --exclude " + item for item in exclude_list])
diff --git a/poky/meta/recipes-bsp/grub/files/0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch b/poky/meta/recipes-bsp/grub/files/0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch
index 6b73878..05a4697 100644
--- a/poky/meta/recipes-bsp/grub/files/0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch
+++ b/poky/meta/recipes-bsp/grub/files/0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch
@@ -1,4 +1,4 @@
-From 96d9aa55d29b24e2490d5647a9efc66940fc400f Mon Sep 17 00:00:00 2001
+From 006799e9c4babe8a8340a24501b253e759614a2d Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Wed, 13 Jan 2016 19:17:31 +0000
 Subject: [PATCH] Disable -mfpmath=sse as well when SSE is disabled
@@ -24,15 +24,16 @@
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 
 Upstream-Status: Pending
+
 ---
  configure.ac | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/configure.ac b/configure.ac
-index 7656f24..0868ea9 100644
+index cd667a2..8263876 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -824,7 +824,7 @@ fi
+@@ -846,7 +846,7 @@ fi
  if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ) && test "x$platform" != xemu; then
    # Some toolchains enable these features by default, but they need
    # registers that aren't set up properly in GRUB.
@@ -40,4 +41,4 @@
 +  TARGET_CFLAGS="$TARGET_CFLAGS -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow -mfpmath=387"
  fi
  
- # GRUB doesn't use float or doubles at all. Yet some toolchains may decide
+ if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ); then
diff --git a/poky/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch b/poky/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch
index 2f15a91..cafa711 100644
--- a/poky/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch
+++ b/poky/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch
@@ -1,4 +1,4 @@
-From e4c41db74b8972285cbdfe614c95c1ffd97d70e1 Mon Sep 17 00:00:00 2001
+From b47029e8e582d17c6874d2622fe1a5b834377dbb Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Fri, 26 Mar 2021 11:59:43 -0700
 Subject: [PATCH] RISC-V: Restore the typcast to 64bit type
@@ -17,15 +17,16 @@
 Cc: Chester Lin <clin@suse.com>
 Cc: Nikita Ermakov <arei@altlinux.org>
 Cc: Alistair Francis <alistair.francis@wdc.com>
+
 ---
  util/grub-mkimagexx.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
-index 00f49ccaa..ac677d03d 100644
+index e50b295..2f09255 100644
 --- a/util/grub-mkimagexx.c
 +++ b/util/grub-mkimagexx.c
-@@ -1242,7 +1242,7 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct section_metadata *smd,
+@@ -1310,7 +1310,7 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct section_metadata *smd,
  		  */
  
  		 sym_addr += addend;
@@ -34,6 +35,3 @@
  
  		 switch (ELF_R_TYPE (info))
  		   {
--- 
-2.31.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch b/poky/meta/recipes-bsp/grub/files/0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch
deleted file mode 100644
index 98142a7..0000000
--- a/poky/meta/recipes-bsp/grub/files/0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From eb486898dac8cbc29b2cc39f911b657c3417ae34 Mon Sep 17 00:00:00 2001
-From: Fangrui Song via Grub-devel <grub-devel@gnu.org>
-Date: Thu, 26 Aug 2021 09:02:31 -0700
-Subject: [PATCH 1/2] configure: Remove obsoleted -malign-{jumps, loops,
- functions}
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The GCC warns "cc1: warning: ‘-malign-loops’ is obsolete, use ‘-falign-loops’".
-The Clang silently ignores -malign-{jumps,loops,functions}.
-
-The preferred -falign-* forms have been supported since GCC 3.2. So, just
-remove -malign-{jumps,loops,functions}.
-
-Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=eb486898dac8cbc29b2cc39f911b657c3417ae34]
-Signed-off-by: Fangrui Song <maskray@google.com>
-Acked-by: Paul Menzel <pmenzel@molgen.mpg.de>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
----
- configure.ac | 9 ---------
- 1 file changed, 9 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index bee28dbeb..9a12151bd 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -805,17 +805,8 @@ if test "x$target_cpu" = xi386; then
- 	[grub_cv_cc_falign_loop=no])
-   ])
- 
--  AC_CACHE_CHECK([whether -malign-loops works], [grub_cv_cc_malign_loop], [
--    CFLAGS="$TARGET_CFLAGS -malign-loops=1 -Werror"
--    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
--        [grub_cv_cc_malign_loop=yes],
--	[grub_cv_cc_malign_loop=no])
--  ])
--
-   if test "x$grub_cv_cc_falign_loop" = xyes; then
-     TARGET_CFLAGS="$TARGET_CFLAGS -falign-jumps=1 -falign-loops=1 -falign-functions=1"
--  elif test "x$grub_cv_cc_malign_loop" = xyes; then
--    TARGET_CFLAGS="$TARGET_CFLAGS -malign-jumps=1 -malign-loops=1 -malign-functions=1"
-   fi
- fi
- 
--- 
-2.37.3
-
diff --git a/poky/meta/recipes-bsp/grub/files/0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch b/poky/meta/recipes-bsp/grub/files/0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch
deleted file mode 100644
index c575a31..0000000
--- a/poky/meta/recipes-bsp/grub/files/0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From f1217c803cec90813eb834dde7829f4961b2a2e4 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Thu, 17 Feb 2022 15:07:02 -0800
-Subject: [PATCH] configure.ac: Use _zicsr_zifencei extentions on riscv
-
-From version 2.38, binutils defaults to ISA spec version 20191213. This
-means that the csr read/write (csrr*/csrw*) instructions and fence.i
-instruction has separated from the `I` extension, become two standalone
-extensions: Zicsr and Zifencei.
-
-The fix is to specify those extensions explicitely in -march. Since we
-are now using binutils 2.38+ in OE this is ok, a more upstreamable fix for
-grub will be to detect these extentions, however thats not easy to
-implement
-
-Upstream-Status: Inappropriate [OE specific]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- configure.ac | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index c7fc55a..072f2c9 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -849,14 +849,14 @@ if test x"$platform" != xemu ; then
- 		         [grub_cv_target_cc_soft_float="-mgeneral-regs-only"], [])
-     fi
-     if test "x$target_cpu" = xriscv32; then
--       CFLAGS="$TARGET_CFLAGS -march=rv32imac -mabi=ilp32 -Werror"
-+       CFLAGS="$TARGET_CFLAGS -march=rv32imac_zicsr_zifencei -mabi=ilp32 -Werror"
-        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
--		         [grub_cv_target_cc_soft_float="-march=rv32imac -mabi=ilp32"], [])
-+		         [grub_cv_target_cc_soft_float="-march=rv32imac_zicsr_zifencei -mabi=ilp32"], [])
-     fi
-     if test "x$target_cpu" = xriscv64; then
--       CFLAGS="$TARGET_CFLAGS -march=rv64imac -mabi=lp64 -Werror"
-+       CFLAGS="$TARGET_CFLAGS -march=rv64imac_zicsr_zifencei -mabi=lp64 -Werror"
-        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
--		         [grub_cv_target_cc_soft_float="-march=rv64imac -mabi=lp64"], [])
-+		         [grub_cv_target_cc_soft_float="-march=rv64imac_zicsr_zifencei -mabi=lp64"], [])
-     fi
-     if test "x$target_cpu" = xia64; then
-        CFLAGS="$TARGET_CFLAGS -mno-inline-float-divide -mno-inline-sqrt -Werror"
--- 
-2.35.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch b/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
deleted file mode 100644
index efa00a3..0000000
--- a/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From 1f511ae054fe42dce7aedfbfe0f234fa1e0a7a3e Mon Sep 17 00:00:00 2001
-From: Zhang Boyang <zhangboyang.id@gmail.com>
-Date: Fri, 5 Aug 2022 00:51:20 +0800
-Subject: [PATCH] font: Fix size overflow in grub_font_get_glyph_internal()
-
-The length of memory allocation and file read may overflow. This patch
-fixes the problem by using safemath macros.
-
-There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe
-if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz().
-It is safe replacement for such code. It has safemath-like prototype.
-
-This patch also introduces grub_cast(value, pointer), it casts value to
-typeof(*pointer) then store the value to *pointer. It returns true when
-overflow occurs or false if there is no overflow. The semantics of arguments
-and return value are designed to be consistent with other safemath macros.
-
-Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport from
-[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532]
-
-Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
-
----
- grub-core/font/font.c   | 17 +++++++++++++----
- include/grub/bitmap.h   | 18 ++++++++++++++++++
- include/grub/safemath.h |  2 ++
- 3 files changed, 33 insertions(+), 4 deletions(-)
-
-diff --git a/grub-core/font/font.c b/grub-core/font/font.c
-index d09bb38..876b5b6 100644
---- a/grub-core/font/font.c
-+++ b/grub-core/font/font.c
-@@ -739,7 +739,8 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code)
-       grub_int16_t xoff;
-       grub_int16_t yoff;
-       grub_int16_t dwidth;
--      int len;
-+      grub_ssize_t len;
-+      grub_size_t sz;
- 
-       if (index_entry->glyph)
- 	/* Return cached glyph.  */
-@@ -766,9 +767,17 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code)
- 	  return 0;
- 	}
- 
--      len = (width * height + 7) / 8;
--      glyph = grub_malloc (sizeof (struct grub_font_glyph) + len);
--      if (!glyph)
-+      /* Calculate real struct size of current glyph. */
-+      if (grub_video_bitmap_calc_1bpp_bufsz (width, height, &len) ||
-+	  grub_add (sizeof (struct grub_font_glyph), len, &sz))
-+	{
-+	  remove_font (font);
-+	  return 0;
-+	}
-+
-+      /* Allocate and initialize the glyph struct. */
-+      glyph = grub_malloc (sz);
-+      if (glyph == NULL)
- 	{
- 	  remove_font (font);
- 	  return 0;
-diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h
-index 5728f8c..0d9603f 100644
---- a/include/grub/bitmap.h
-+++ b/include/grub/bitmap.h
-@@ -23,6 +23,7 @@
- #include <grub/symbol.h>
- #include <grub/types.h>
- #include <grub/video.h>
-+#include <grub/safemath.h>
- 
- struct grub_video_bitmap
- {
-@@ -79,6 +80,23 @@ grub_video_bitmap_get_height (struct grub_video_bitmap *bitmap)
-   return bitmap->mode_info.height;
- }
- 
-+/*
-+ * Calculate and store the size of data buffer of 1bit bitmap in result.
-+ * Equivalent to "*result = (width * height + 7) / 8" if no overflow occurs.
-+ * Return true when overflow occurs or false if there is no overflow.
-+ * This function is intentionally implemented as a macro instead of
-+ * an inline function. Although a bit awkward, it preserves data types for
-+ * safemath macros and reduces macro side effects as much as possible.
-+ *
-+ * XXX: Will report false overflow if width * height > UINT64_MAX.
-+ */
-+#define grub_video_bitmap_calc_1bpp_bufsz(width, height, result) \
-+({ \
-+  grub_uint64_t _bitmap_pixels; \
-+  grub_mul ((width), (height), &_bitmap_pixels) ? 1 : \
-+    grub_cast (_bitmap_pixels / GRUB_CHAR_BIT + !!(_bitmap_pixels % GRUB_CHAR_BIT), (result)); \
-+})
-+
- void EXPORT_FUNC (grub_video_bitmap_get_mode_info) (struct grub_video_bitmap *bitmap,
- 						    struct grub_video_mode_info *mode_info);
- 
-diff --git a/include/grub/safemath.h b/include/grub/safemath.h
-index c17b89b..bb0f826 100644
---- a/include/grub/safemath.h
-+++ b/include/grub/safemath.h
-@@ -30,6 +30,8 @@
- #define grub_sub(a, b, res)	__builtin_sub_overflow(a, b, res)
- #define grub_mul(a, b, res)	__builtin_mul_overflow(a, b, res)
- 
-+#define grub_cast(a, res)	grub_add ((a), 0, (res))
-+
- #else
- #error gcc 5.1 or newer or clang 3.8 or newer is required
- #endif
diff --git a/poky/meta/recipes-bsp/grub/files/0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch b/poky/meta/recipes-bsp/grub/files/0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch
deleted file mode 100644
index a44d139..0000000
--- a/poky/meta/recipes-bsp/grub/files/0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-It enable the metadata_csum_seed feature by default in e2fsprogs 1.47.0 and
-causes grub doesn't work. Backport patch to make grub support this feature.
-
-Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7fd5fef]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From 7fd5feff97c4b1f446f8fcf6d37aca0c64e7c763 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Fri, 11 Jun 2021 21:36:16 +0200
-Subject: [PATCH] fs/ext2: Ignore checksum seed incompat feature
-
-This incompat feature is used to denote that the filesystem stored its
-metadata checksum seed in the superblock. This is used to allow tune2fs
-changing the UUID on a mounted metdata_csum filesystem without having
-to rewrite all the disk metadata. However, the GRUB doesn't use the
-metadata checksum at all. So, it can just ignore this feature if it
-is enabled. This is consistent with the GRUB filesystem code in general
-which just does a best effort to access the filesystem's data.
-
-The checksum seed incompat feature has to be removed from the ignore
-list if the support for metadata checksum verification is added to the
-GRUB ext2 driver later.
-
-Suggested-by: Eric Sandeen <esandeen@redhat.com>
-Suggested-by: Lukas Czerner <lczerner@redhat.com>
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
-Reviewed-by: Lukas Czerner <lczerner@redhat.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
----
- grub-core/fs/ext2.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
-index e7dd78e66..4953a1591 100644
---- a/grub-core/fs/ext2.c
-+++ b/grub-core/fs/ext2.c
-@@ -103,6 +103,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
- #define EXT4_FEATURE_INCOMPAT_64BIT		0x0080
- #define EXT4_FEATURE_INCOMPAT_MMP		0x0100
- #define EXT4_FEATURE_INCOMPAT_FLEX_BG		0x0200
-+#define EXT4_FEATURE_INCOMPAT_CSUM_SEED		0x2000
- #define EXT4_FEATURE_INCOMPAT_ENCRYPT          0x10000
- 
- /* The set of back-incompatible features this driver DOES support. Add (OR)
-@@ -123,10 +124,15 @@ GRUB_MOD_LICENSE ("GPLv3+");
-  * mmp:            Not really back-incompatible - was added as such to
-  *                 avoid multiple read-write mounts. Safe to ignore for this
-  *                 RO driver.
-+ * checksum seed:  Not really back-incompatible - was added to allow tools
-+ *                 such as tune2fs to change the UUID on a mounted metadata
-+ *                 checksummed filesystem. Safe to ignore for now since the
-+ *                 driver doesn't support checksum verification. However, it
-+ *                 has to be removed from this list if the support is added later.
-  */
- #define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \
--				     | EXT4_FEATURE_INCOMPAT_MMP)
--
-+				     | EXT4_FEATURE_INCOMPAT_MMP \
-+				     | EXT4_FEATURE_INCOMPAT_CSUM_SEED)
- 
- #define EXT3_JOURNAL_MAGIC_NUMBER	0xc03b3998U
- 
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/0001-fs-fat-Don-t-error-when-mtime-is-0.patch b/poky/meta/recipes-bsp/grub/files/0001-fs-fat-Don-t-error-when-mtime-is-0.patch
deleted file mode 100644
index a5fbd58..0000000
--- a/poky/meta/recipes-bsp/grub/files/0001-fs-fat-Don-t-error-when-mtime-is-0.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From e43f3d93b28cce852c110c7a8e40d8311bcd8bb1 Mon Sep 17 00:00:00 2001
-From: Robbie Harwood <rharwood@redhat.com>
-Date: Fri, 15 Jul 2022 16:13:02 -0400
-Subject: [PATCH] fs/fat: Don't error when mtime is 0
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-In the wild, we occasionally see valid ESPs where some file modification
-times are 0. For instance:
-
-    ├── [Dec 31  1979]  EFI
-    │   ├── [Dec 31  1979]  BOOT
-    │   │   ├── [Dec 31  1979]  BOOTX64.EFI
-    │   │   └── [Dec 31  1979]  fbx64.efi
-    │   └── [Jun 27 02:41]  fedora
-    │       ├── [Dec 31  1979]  BOOTX64.CSV
-    │       ├── [Dec 31  1979]  fonts
-    │       ├── [Mar 14 03:35]  fw
-    │       │   ├── [Mar 14 03:35]  fwupd-359c1169-abd6-4a0d-8bce-e4d4713335c1.cap
-    │       │   ├── [Mar 14 03:34]  fwupd-9d255c4b-2d88-4861-860d-7ee52ade9463.cap
-    │       │   └── [Mar 14 03:34]  fwupd-b36438d8-9128-49d2-b280-487be02d948b.cap
-    │       ├── [Dec 31  1979]  fwupdx64.efi
-    │       ├── [May 10 10:47]  grub.cfg
-    │       ├── [Jun  3 12:38]  grub.cfg.new.new
-    │       ├── [May 10 10:41]  grub.cfg.old
-    │       ├── [Jun 27 02:41]  grubenv
-    │       ├── [Dec 31  1979]  grubx64.efi
-    │       ├── [Dec 31  1979]  mmx64.efi
-    │       ├── [Dec 31  1979]  shim.efi
-    │       ├── [Dec 31  1979]  shimx64.efi
-    │       └── [Dec 31  1979]  shimx64-fedora.efi
-    └── [Dec 31  1979]  FSCK0000.REC
-
-    5 directories, 17 files
-
-This causes grub-probe failure, which in turn causes grub-mkconfig
-failure. They are valid filesystems that appear intact, and the Linux
-FAT stack is able to mount and manipulate them without complaint.
-
-The check for mtime of 0 has been present since
-20def1a3c3952982395cd7c3ea7e78638527962b (fat: support file
-modification times).
-
-Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e43f3d93b28cce852c110c7a8e40d8311bcd8bb1]
-
-Signed-off-by: Robbie Harwood <rharwood@redhat.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Ming Liu <liu.ming50@gmail.com>
----
- grub-core/fs/fat.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/grub-core/fs/fat.c b/grub-core/fs/fat.c
-index 0951b2e63..c5efed724 100644
---- a/grub-core/fs/fat.c
-+++ b/grub-core/fs/fat.c
-@@ -1027,9 +1027,6 @@ grub_fat_dir (grub_device_t device, const char *path, grub_fs_dir_hook_t hook,
- 					  grub_le_to_cpu16 (ctxt.dir.w_date),
- 					  &info.mtime);
- #endif
--      if (info.mtimeset == 0)
--	grub_error (GRUB_ERR_OUT_OF_RANGE,
--		    "invalid modification timestamp for %s", path);
- 
-       if (hook (ctxt.filename, &info, hook_data))
- 	break;
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch b/poky/meta/recipes-bsp/grub/files/0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch
index 69b04aa..69dec76 100644
--- a/poky/meta/recipes-bsp/grub/files/0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch
+++ b/poky/meta/recipes-bsp/grub/files/0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch
@@ -1,4 +1,4 @@
-From 8f47ed4aaefba087b6ca76e59c9f832b6a0702bc Mon Sep 17 00:00:00 2001
+From a80592e20f6c4b928a22862f52f268ab9d9908b2 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Wed, 13 Jan 2016 19:28:00 +0000
 Subject: [PATCH] grub.d/10_linux.in: add oe's kernel name
@@ -20,10 +20,10 @@
  2 files changed, 4 insertions(+), 4 deletions(-)
 
 diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
-index 4532266..cba2617 100644
+index cc393be..8545cb6 100644
 --- a/util/grub.d/10_linux.in
 +++ b/util/grub.d/10_linux.in
-@@ -164,12 +164,12 @@ machine=`uname -m`
+@@ -166,12 +166,12 @@ machine=`uname -m`
  case "x$machine" in
      xi?86 | xx86_64)
  	list=
@@ -40,10 +40,10 @@
  	done ;;
  esac
 diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in
-index 96179ea..98d16ae 100644
+index 94dd8be..36cd554 100644
 --- a/util/grub.d/20_linux_xen.in
 +++ b/util/grub.d/20_linux_xen.in
-@@ -154,7 +154,7 @@ EOF
+@@ -181,7 +181,7 @@ EOF
  }
  
  linux_list=
diff --git a/poky/meta/recipes-bsp/grub/files/0001-risc-v-Handle-R_RISCV_CALL_PLT-reloc.patch b/poky/meta/recipes-bsp/grub/files/0001-risc-v-Handle-R_RISCV_CALL_PLT-reloc.patch
deleted file mode 100644
index f3f12b6..0000000
--- a/poky/meta/recipes-bsp/grub/files/0001-risc-v-Handle-R_RISCV_CALL_PLT-reloc.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 64be669638e198bc0c7c1a344547265dfacd2470 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 23 Jan 2023 15:29:02 -0800
-Subject: [PATCH] risc-v: Handle R_RISCV_CALL_PLT reloc
-
-GNU assembler starting 2.40 release always generates R_RISCV_CALL_PLT
-reloc for call in assembler [1], similarly llvm does not make
-distinction between R_RISCV_CALL_PLT and R_RISCV_CALL [2]
-
-Upstream-Status: Submitted [https://lists.gnu.org/archive/html/grub-devel/2023-02/msg00143.html]
-
-[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=70f35d72ef04cd23771875c1661c9975044a749c
-[2] https://reviews.llvm.org/D132530
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- grub-core/kern/riscv/dl.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/grub-core/kern/riscv/dl.c
-+++ b/grub-core/kern/riscv/dl.c
-@@ -188,6 +188,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t
- 	  break;
- 
- 	case R_RISCV_CALL:
-+	case R_RISCV_CALL_PLT:
- 	  {
- 	    grub_uint32_t *abs_place = place;
- 	    grub_ssize_t off = sym_addr - (grub_addr_t) place;
---- a/util/grub-mkimagexx.c
-+++ b/util/grub-mkimagexx.c
-@@ -1294,6 +1294,7 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, st
- 		     }
- 		     break;
- 		   case R_RISCV_CALL:
-+		   case R_RISCV_CALL_PLT:
- 		     {
- 		       grub_uint32_t hi20, lo12;
- 
-@@ -1725,6 +1726,7 @@ translate_relocation_pe (struct translat
- 	case R_RISCV_BRANCH:
- 	case R_RISCV_JAL:
- 	case R_RISCV_CALL:
-+	case R_RISCV_CALL_PLT:
- 	case R_RISCV_PCREL_HI20:
- 	case R_RISCV_PCREL_LO12_I:
- 	case R_RISCV_PCREL_LO12_S:
diff --git a/poky/meta/recipes-bsp/grub/files/0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch b/poky/meta/recipes-bsp/grub/files/0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch
deleted file mode 100644
index 437e5b2..0000000
--- a/poky/meta/recipes-bsp/grub/files/0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From e372dcb0d4541ee9b9682cde088ec87a7b238ca2 Mon Sep 17 00:00:00 2001
-From: Fangrui Song via Grub-devel <grub-devel@gnu.org>
-Date: Thu, 26 Aug 2021 09:02:32 -0700
-Subject: [PATCH 2/2] configure: Check for -falign-jumps=1 beside
- -falign-loops=1
-
-The Clang does not support -falign-jumps and only recently gained support
-for -falign-loops. The -falign-jumps=1 should be tested beside
--fliang-loops=1 to avoid passing unrecognized options to the Clang:
-
-  clang-14: error: optimization flag '-falign-jumps=1' is not supported [-Werror,-Wignored-optimization-argument]
-
-The -falign-functions=1 is supported by GCC 5.1.0/Clang 3.8.0. So, just
-add the option unconditionally.
-
-Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e372dcb0d4541ee9b9682cde088ec87a7b238ca2]
-Signed-off-by: Fangrui Song <maskray@google.com>
-Acked-by: Paul Menzel <pmenzel@molgen.mpg.de>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
----
- configure.ac | 15 ++++++++++++++-
- 1 file changed, 14 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 9a12151bd..eeb5d2211 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -798,6 +798,8 @@ fi
- 
- # Force no alignment to save space on i386.
- if test "x$target_cpu" = xi386; then
-+  TARGET_CFLAGS="$TARGET_CFLAGS -falign-functions=1"
-+
-   AC_CACHE_CHECK([whether -falign-loops works], [grub_cv_cc_falign_loop], [
-     CFLAGS="$TARGET_CFLAGS -falign-loops=1 -Werror"
-     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
-@@ -806,7 +808,18 @@ if test "x$target_cpu" = xi386; then
-   ])
- 
-   if test "x$grub_cv_cc_falign_loop" = xyes; then
--    TARGET_CFLAGS="$TARGET_CFLAGS -falign-jumps=1 -falign-loops=1 -falign-functions=1"
-+    TARGET_CFLAGS="$TARGET_CFLAGS -falign-loops=1"
-+  fi
-+
-+  AC_CACHE_CHECK([whether -falign-jumps works], [grub_cv_cc_falign_jumps], [
-+    CFLAGS="$TARGET_CFLAGS -falign-jumps=1 -Werror"
-+    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
-+        [grub_cv_cc_falign_jumps=yes],
-+        [grub_cv_cc_falign_jumps=no])
-+  ])
-+
-+  if test "x$grub_cv_cc_falign_jumps" = xyes; then
-+    TARGET_CFLAGS="$TARGET_CFLAGS -falign-jumps=1"
-   fi
- fi
- 
--- 
-2.37.3
-
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
deleted file mode 100644
index 7f7bb1a..0000000
--- a/poky/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
+++ /dev/null
@@ -1,179 +0,0 @@
-From e623866d9286410156e8b9d2c82d6253a1b22d08 Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Tue, 6 Jul 2021 18:51:35 +1000
-Subject: [PATCH] video/readers/png: Drop greyscale support to fix heap
- out-of-bounds write
-
-A 16-bit greyscale PNG without alpha is processed in the following loop:
-
-      for (i = 0; i < (data->image_width * data->image_height);
-	   i++, d1 += 4, d2 += 2)
-	{
-	  d1[R3] = d2[1];
-	  d1[G3] = d2[1];
-	  d1[B3] = d2[1];
-	}
-
-The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration,
-but there are only 3 bytes allocated for storage. This means that image
-data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes
-out of every 4 following the end of the image.
-
-This has existed since greyscale support was added in 2013 in commit
-3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale).
-
-Saving starfield.png as a 16-bit greyscale image without alpha in the gimp
-and attempting to load it causes grub-emu to crash - I don't think this code
-has ever worked.
-
-Delete all PNG greyscale support.
-
-Fixes: CVE-2021-3695
-
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport
-CVE: CVE-2021-3695
-
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e623866d9286410156e8b9d2c82d6253a1b22d08
-
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
----
- grub-core/video/readers/png.c | 87 +++--------------------------------
- 1 file changed, 7 insertions(+), 80 deletions(-)
-
-diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
-index 35ae553c8..a3161e25b 100644
---- a/grub-core/video/readers/png.c
-+++ b/grub-core/video/readers/png.c
-@@ -100,7 +100,7 @@ struct grub_png_data
- 
-   unsigned image_width, image_height;
-   int bpp, is_16bit;
--  int raw_bytes, is_gray, is_alpha, is_palette;
-+  int raw_bytes, is_alpha, is_palette;
-   int row_bytes, color_bits;
-   grub_uint8_t *image_data;
- 
-@@ -296,13 +296,13 @@ grub_png_decode_image_header (struct grub_png_data *data)
-     data->bpp = 3;
-   else
-     {
--      data->is_gray = 1;
--      data->bpp = 1;
-+      return grub_error (GRUB_ERR_BAD_FILE_TYPE,
-+			 "png: color type not supported");
-     }
- 
-   if ((color_bits != 8) && (color_bits != 16)
-       && (color_bits != 4
--	  || !(data->is_gray || data->is_palette)))
-+	  || !data->is_palette))
-     return grub_error (GRUB_ERR_BAD_FILE_TYPE,
-                        "png: bit depth must be 8 or 16");
- 
-@@ -331,7 +331,7 @@ grub_png_decode_image_header (struct grub_png_data *data)
-     }
- 
- #ifndef GRUB_CPU_WORDS_BIGENDIAN
--  if (data->is_16bit || data->is_gray || data->is_palette)
-+  if (data->is_16bit || data->is_palette)
- #endif
-     {
-       data->image_data = grub_calloc (data->image_height, data->row_bytes);
-@@ -899,27 +899,8 @@ grub_png_convert_image (struct grub_png_data *data)
-       int shift;
-       int mask = (1 << data->color_bits) - 1;
-       unsigned j;
--      if (data->is_gray)
--	{
--	  /* Generic formula is
--	     (0xff * i) / ((1U << data->color_bits) - 1)
--	     but for allowed bit depth of 1, 2 and for it's
--	     equivalent to
--	     (0xff / ((1U << data->color_bits) - 1)) * i
--	     Precompute the multipliers to avoid division.
--	  */
--
--	  const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 };
--	  for (i = 0; i < (1U << data->color_bits); i++)
--	    {
--	      grub_uint8_t col = multipliers[data->color_bits] * i;
--	      palette[i][0] = col;
--	      palette[i][1] = col;
--	      palette[i][2] = col;
--	    }
--	}
--      else
--	grub_memcpy (palette, data->palette, 3 << data->color_bits);
-+
-+      grub_memcpy (palette, data->palette, 3 << data->color_bits);
-       d1c = d1;
-       d2c = d2;
-       for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3,
-@@ -957,60 +938,6 @@ grub_png_convert_image (struct grub_png_data *data)
-       return;
-     }
- 
--  if (data->is_gray)
--    {
--      switch (data->bpp)
--	{
--	case 4:
--	  /* 16-bit gray with alpha.  */
--	  for (i = 0; i < (data->image_width * data->image_height);
--	       i++, d1 += 4, d2 += 4)
--	    {
--	      d1[R4] = d2[3];
--	      d1[G4] = d2[3];
--	      d1[B4] = d2[3];
--	      d1[A4] = d2[1];
--	    }
--	  break;
--	case 2:
--	  if (data->is_16bit)
--	    /* 16-bit gray without alpha.  */
--	    {
--	      for (i = 0; i < (data->image_width * data->image_height);
--		   i++, d1 += 4, d2 += 2)
--		{
--		  d1[R3] = d2[1];
--		  d1[G3] = d2[1];
--		  d1[B3] = d2[1];
--		}
--	    }
--	  else
--	    /* 8-bit gray with alpha.  */
--	    {
--	      for (i = 0; i < (data->image_width * data->image_height);
--		   i++, d1 += 4, d2 += 2)
--		{
--		  d1[R4] = d2[1];
--		  d1[G4] = d2[1];
--		  d1[B4] = d2[1];
--		  d1[A4] = d2[0];
--		}
--	    }
--	  break;
--	  /* 8-bit gray without alpha.  */
--	case 1:
--	  for (i = 0; i < (data->image_width * data->image_height);
--	       i++, d1 += 3, d2++)
--	    {
--	      d1[R3] = d2[0];
--	      d1[G3] = d2[0];
--	      d1[B3] = d2[0];
--	    }
--	  break;
--	}
--      return;
--    }
--
-     {
-   /* Only copy the upper 8 bit.  */
- #ifndef GRUB_CPU_WORDS_BIGENDIAN
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch
deleted file mode 100644
index f06514e..0000000
--- a/poky/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 210245129c932dc9e1c2748d9d35524fb95b5042 Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Tue, 6 Jul 2021 23:25:07 +1000
-Subject: [PATCH] video/readers/png: Avoid heap OOB R/W inserting huff table
- items
-
-In fuzzing we observed crashes where a code would attempt to be inserted
-into a huffman table before the start, leading to a set of heap OOB reads
-and writes as table entries with negative indices were shifted around and
-the new code written in.
-
-Catch the case where we would underflow the array and bail.
-
-Fixes: CVE-2021-3696
-
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport
-CVE: CVE-2021-3696
-
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=210245129c932dc9e1c2748d9d35524fb95b5042
-
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
----
- grub-core/video/readers/png.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
-index a3161e25b..d7ed5aa6c 100644
---- a/grub-core/video/readers/png.c
-+++ b/grub-core/video/readers/png.c
-@@ -438,6 +438,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len)
-   for (i = len; i < ht->max_length; i++)
-     n += ht->maxval[i];
- 
-+  if (n > ht->num_values)
-+    {
-+      grub_error (GRUB_ERR_BAD_FILE_TYPE,
-+		  "png: out of range inserting huffman table item");
-+      return;
-+    }
-+
-   for (i = 0; i < n; i++)
-     ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1];
- 
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch
deleted file mode 100644
index e9fc52d..0000000
--- a/poky/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From 22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6 Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Wed, 7 Jul 2021 15:38:19 +1000
-Subject: [PATCH] video/readers/jpeg: Block int underflow -> wild pointer write
-
-Certain 1 px wide images caused a wild pointer write in
-grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(),
-we have the following loop:
-
-for (; data->r1 < nr1 && (!data->dri || rst);
-     data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)
-
-We did not check if vb * width >= hb * nc1.
-
-On a 64-bit platform, if that turns out to be negative, it will underflow,
-be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so
-we see data->bitmap_ptr jump, e.g.:
-
-0x6180_0000_0480 to
-0x6181_0000_0498
-     ^
-     ~--- carry has occurred and this pointer is now far away from
-          any object.
-
-On a 32-bit platform, it will decrement the pointer, creating a pointer
-that won't crash but will overwrite random data.
-
-Catch the underflow and error out.
-
-Fixes: CVE-2021-3697
-
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport
-CVE: CVE-2021-3697
-
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6
-
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
----
- grub-core/video/readers/jpeg.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
-index 579bbe8a4..09596fbf5 100644
---- a/grub-core/video/readers/jpeg.c
-+++ b/grub-core/video/readers/jpeg.c
-@@ -23,6 +23,7 @@
- #include <grub/mm.h>
- #include <grub/misc.h>
- #include <grub/bufio.h>
-+#include <grub/safemath.h>
- 
- GRUB_MOD_LICENSE ("GPLv3+");
- 
-@@ -699,6 +700,7 @@ static grub_err_t
- grub_jpeg_decode_data (struct grub_jpeg_data *data)
- {
-   unsigned c1, vb, hb, nr1, nc1;
-+  unsigned stride_a, stride_b, stride;
-   int rst = data->dri;
-   grub_err_t err = GRUB_ERR_NONE;
- 
-@@ -711,8 +713,14 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
-     return grub_error (GRUB_ERR_BAD_FILE_TYPE,
- 		       "jpeg: attempted to decode data before start of stream");
- 
-+  if (grub_mul(vb, data->image_width, &stride_a) ||
-+      grub_mul(hb, nc1, &stride_b) ||
-+      grub_sub(stride_a, stride_b, &stride))
-+    return grub_error (GRUB_ERR_BAD_FILE_TYPE,
-+		       "jpeg: cannot decode image with these dimensions");
-+
-   for (; data->r1 < nr1 && (!data->dri || rst);
--       data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)
-+       data->r1++, data->bitmap_ptr += stride * 3)
-     for (c1 = 0;  c1 < nc1 && (!data->dri || rst);
- 	c1++, rst--, data->bitmap_ptr += hb * 3)
-       {
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
deleted file mode 100644
index dae26fd..0000000
--- a/poky/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 0adec29674561034771c13e446069b41ef41e4d4 Mon Sep 17 00:00:00 2001
-From: Michael Chang <mchang@suse.com>
-Date: Fri, 3 Dec 2021 16:13:28 +0800
-Subject: [PATCH] grub-mkconfig: Restore umask for the grub.cfg
-
-The commit ab2e53c8a (grub-mkconfig: Honor a symlink when generating
-configuration by grub-mkconfig) has inadvertently discarded umask for
-creating grub.cfg in the process of running grub-mkconfig. The resulting
-wrong permission (0644) would allow unprivileged users to read GRUB
-configuration file content. This presents a low confidentiality risk
-as grub.cfg may contain non-secured plain-text passwords.
-
-This patch restores the missing umask and sets the creation file mode
-to 0600 preventing unprivileged access.
-
-Fixes: CVE-2021-3981
-
-Signed-off-by: Michael Chang <mchang@suse.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport
-CVE: CVE-2021-3981
-
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0adec29674561034771c13e446069b41ef41e4d4
-
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
----
- util/grub-mkconfig.in | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
-index c3ea7612e..62335d027 100644
---- a/util/grub-mkconfig.in
-+++ b/util/grub-mkconfig.in
-@@ -301,7 +301,10 @@ and /etc/grub.d/* files or please file a bug report with
-     exit 1
-   else
-     # none of the children aborted with error, install the new grub.cfg
-+    oldumask=$(umask)
-+    umask 077
-     cat ${grub_cfg}.new > ${grub_cfg}
-+    umask $oldumask
-     rm -f ${grub_cfg}.new
-   fi
- fi
--- 
-2.31.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch
deleted file mode 100644
index 727c509..0000000
--- a/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From e8060722acf0bcca037982d7fb29472363ccdfd4 Mon Sep 17 00:00:00 2001
-From: Zhang Boyang <zhangboyang.id@gmail.com>
-Date: Fri, 5 Aug 2022 01:58:27 +0800
-Subject: [PATCH] font: Fix several integer overflows in
- grub_font_construct_glyph()
-
-This patch fixes several integer overflows in grub_font_construct_glyph().
-Glyphs of invalid size, zero or leading to an overflow, are rejected.
-The inconsistency between "glyph" and "max_glyph_size" when grub_malloc()
-returns NULL is fixed too.
-
-Fixes: CVE-2022-2601
-
-Reported-by: Zhang Boyang <zhangboyang.id@gmail.com>
-Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport from
-[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e]
-CVE: CVE-2022-2601
-
-Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
-
----
- grub-core/font/font.c | 29 +++++++++++++++++------------
- 1 file changed, 17 insertions(+), 12 deletions(-)
-
-diff --git a/grub-core/font/font.c b/grub-core/font/font.c
-index 876b5b6..0ff5525 100644
---- a/grub-core/font/font.c
-+++ b/grub-core/font/font.c
-@@ -1515,6 +1515,7 @@ grub_font_construct_glyph (grub_font_t hinted_font,
-   struct grub_video_signed_rect bounds;
-   static struct grub_font_glyph *glyph = 0;
-   static grub_size_t max_glyph_size = 0;
-+  grub_size_t cur_glyph_size;
- 
-   ensure_comb_space (glyph_id);
- 
-@@ -1531,29 +1532,33 @@ grub_font_construct_glyph (grub_font_t hinted_font,
-   if (!glyph_id->ncomb && !glyph_id->attributes)
-     return main_glyph;
- 
--  if (max_glyph_size < sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT)
-+  if (grub_video_bitmap_calc_1bpp_bufsz (bounds.width, bounds.height, &cur_glyph_size) ||
-+      grub_add (sizeof (*glyph), cur_glyph_size, &cur_glyph_size))
-+    return main_glyph;
-+
-+  if (max_glyph_size < cur_glyph_size)
-     {
-       grub_free (glyph);
--      max_glyph_size = (sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) * 2;
--      if (max_glyph_size < 8)
--	max_glyph_size = 8;
--      glyph = grub_malloc (max_glyph_size);
-+      if (grub_mul (cur_glyph_size, 2, &max_glyph_size))
-+	max_glyph_size = 0;
-+      glyph = max_glyph_size > 0 ? grub_malloc (max_glyph_size) : NULL;
-     }
-   if (!glyph)
-     {
-+      max_glyph_size = 0;
-       grub_errno = GRUB_ERR_NONE;
-       return main_glyph;
-     }
- 
--  grub_memset (glyph, 0, sizeof (*glyph)
--	       + (bounds.width * bounds.height
--		  + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT);
-+  grub_memset (glyph, 0, cur_glyph_size);
- 
-   glyph->font = main_glyph->font;
--  glyph->width = bounds.width;
--  glyph->height = bounds.height;
--  glyph->offset_x = bounds.x;
--  glyph->offset_y = bounds.y;
-+  if (bounds.width == 0 || bounds.height == 0 ||
-+      grub_cast (bounds.width, &glyph->width) ||
-+      grub_cast (bounds.height, &glyph->height) ||
-+      grub_cast (bounds.x, &glyph->offset_x) ||
-+      grub_cast (bounds.y, &glyph->offset_y))
-+    return main_glyph;
- 
-   if (glyph_id->attributes & GRUB_UNICODE_GLYPH_ATTRIBUTE_MIRROR)
-     grub_font_blit_glyph_mirror (glyph, main_glyph,
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch
deleted file mode 100644
index 8bf9090..0000000
--- a/poky/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 3e4817538de828319ba6d59ced2fbb9b5ca13287 Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Mon, 20 Dec 2021 19:41:21 +1100
-Subject: [PATCH] net/ip: Do IP fragment maths safely
-
-We can receive packets with invalid IP fragmentation information. This
-can lead to rsm->total_len underflowing and becoming very large.
-
-Then, in grub_netbuff_alloc(), we add to this very large number, which can
-cause it to overflow and wrap back around to a small positive number.
-The allocation then succeeds, but the resulting buffer is too small and
-subsequent operations can write past the end of the buffer.
-
-Catch the underflow here.
-
-Fixes: CVE-2022-28733
-
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport
-CVE: CVE-2022-28733
-
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3e4817538de828319ba6d59ced2fbb9b5ca13287
-
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
-
----
- grub-core/net/ip.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c
-index e3d62e97f..3c3d0be0e 100644
---- a/grub-core/net/ip.c
-+++ b/grub-core/net/ip.c
-@@ -25,6 +25,7 @@
- #include <grub/net/netbuff.h>
- #include <grub/mm.h>
- #include <grub/priority_queue.h>
-+#include <grub/safemath.h>
- #include <grub/time.h>
- 
- struct iphdr {
-@@ -512,7 +513,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb,
-     {
-       rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK)
- 			+ (nb->tail - nb->data));
--      rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t));
-+
-+      if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t),
-+		    &rsm->total_len))
-+	{
-+	  grub_dprintf ("net", "IP reassembly size underflow\n");
-+	  return GRUB_ERR_NONE;
-+	}
-+
-       rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len);
-       if (!rsm->asm_netbuff)
- 	{
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch
deleted file mode 100644
index f31167d..0000000
--- a/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Tue, 8 Mar 2022 19:04:40 +1100
-Subject: [PATCH] net/http: Error out on headers with LF without CR
-
-In a similar vein to the previous patch, parse_line() would write
-a NUL byte past the end of the buffer if there was an HTTP header
-with a LF rather than a CRLF.
-
-RFC-2616 says:
-
-  Many HTTP/1.1 header field values consist of words separated by LWS
-  or special characters. These special characters MUST be in a quoted
-  string to be used within a parameter value (as defined in section 3.6).
-
-We don't support quoted sections or continuation lines, etc.
-
-If we see an LF that's not part of a CRLF, bail out.
-
-Fixes: CVE-2022-28734
-
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport
-CVE: CVE-2022-28734
-
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4
-
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
----
- grub-core/net/http.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/grub-core/net/http.c b/grub-core/net/http.c
-index 33a0a28c4..9291a13e2 100644
---- a/grub-core/net/http.c
-+++ b/grub-core/net/http.c
-@@ -68,7 +68,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len)
-   char *end = ptr + len;
-   while (end > ptr && *(end - 1) == '\r')
-     end--;
-+
-+  /* LF without CR. */
-+  if (end == ptr + len)
-+    {
-+      data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR"));
-+      return GRUB_ERR_NONE;
-+    }
-   *end = 0;
-+
-   /* Trailing CRLF.  */
-   if (data->in_chunk_len == 1)
-     {
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch
deleted file mode 100644
index e0ca1ee..0000000
--- a/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From ec6bfd3237394c1c7dbf2fd73417173318d22f4b Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Tue, 8 Mar 2022 18:17:03 +1100
-Subject: [PATCH] net/http: Fix OOB write for split http headers
-
-GRUB has special code for handling an http header that is split
-across two packets.
-
-The code tracks the end of line by looking for a "\n" byte. The
-code for split headers has always advanced the pointer just past the
-end of the line, whereas the code that handles unsplit headers does
-not advance the pointer. This extra advance causes the length to be
-one greater, which breaks an assumption in parse_line(), leading to
-it writing a NUL byte one byte past the end of the buffer where we
-reconstruct the line from the two packets.
-
-It's conceivable that an attacker controlled set of packets could
-cause this to zero out the first byte of the "next" pointer of the
-grub_mm_region structure following the current_line buffer.
-
-Do not advance the pointer in the split header case.
-
-Fixes: CVE-2022-28734
-
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport
-CVE: CVE-2022-28734
-
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ec6bfd3237394c1c7dbf2fd73417173318d22f4b
-
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
----
- grub-core/net/http.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/grub-core/net/http.c b/grub-core/net/http.c
-index f8d7bf0cd..33a0a28c4 100644
---- a/grub-core/net/http.c
-+++ b/grub-core/net/http.c
-@@ -190,9 +190,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)),
- 	  int have_line = 1;
- 	  char *t;
- 	  ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data);
--	  if (ptr)
--	    ptr++;
--	  else
-+	  if (ptr == NULL)
- 	    {
- 	      have_line = 0;
- 	      ptr = (char *) nb->tail;
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
deleted file mode 100644
index 7a59f10..0000000
--- a/poky/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From 6fe755c5c07bb386fda58306bfd19e4a1c974c53 Mon Sep 17 00:00:00 2001
-From: Julian Andres Klode <julian.klode@canonical.com>
-Date: Thu, 2 Dec 2021 15:03:53 +0100
-Subject: [PATCH] kern/efi/sb: Reject non-kernel files in the shim_lock
- verifier
-
-We must not allow other verifiers to pass things like the GRUB modules.
-Instead of maintaining a blocklist, maintain an allowlist of things
-that we do not care about.
-
-This allowlist really should be made reusable, and shared by the
-lockdown verifier, but this is the minimal patch addressing
-security concerns where the TPM verifier was able to mark modules
-as verified (or the OpenPGP verifier for that matter), when it
-should not do so on shim-powered secure boot systems.
-
-Fixes: CVE-2022-28735
-
-Signed-off-by: Julian Andres Klode <julian.klode@canonical.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport
-CVE:CVE-2022-28735
-
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53
-
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
----
- grub-core/kern/efi/sb.c | 39 ++++++++++++++++++++++++++++++++++++---
- include/grub/verify.h   |  1 +
- 2 files changed, 37 insertions(+), 3 deletions(-)
-
-diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
-index c52ec6226..89c4bb3fd 100644
---- a/grub-core/kern/efi/sb.c
-+++ b/grub-core/kern/efi/sb.c
-@@ -119,10 +119,11 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)),
- 			 void **context __attribute__ ((unused)),
- 			 enum grub_verify_flags *flags)
- {
--  *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
-+  *flags = GRUB_VERIFY_FLAGS_NONE;
- 
-   switch (type & GRUB_FILE_TYPE_MASK)
-     {
-+    /* Files we check. */
-     case GRUB_FILE_TYPE_LINUX_KERNEL:
-     case GRUB_FILE_TYPE_MULTIBOOT_KERNEL:
-     case GRUB_FILE_TYPE_BSD_KERNEL:
-@@ -130,11 +131,43 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)),
-     case GRUB_FILE_TYPE_PLAN9_KERNEL:
-     case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE:
-       *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK;
-+      return GRUB_ERR_NONE;
- 
--      /* Fall through. */
-+    /* Files that do not affect secureboot state. */
-+    case GRUB_FILE_TYPE_NONE:
-+    case GRUB_FILE_TYPE_LOOPBACK:
-+    case GRUB_FILE_TYPE_LINUX_INITRD:
-+    case GRUB_FILE_TYPE_OPENBSD_RAMDISK:
-+    case GRUB_FILE_TYPE_XNU_RAMDISK:
-+    case GRUB_FILE_TYPE_SIGNATURE:
-+    case GRUB_FILE_TYPE_PUBLIC_KEY:
-+    case GRUB_FILE_TYPE_PUBLIC_KEY_TRUST:
-+    case GRUB_FILE_TYPE_PRINT_BLOCKLIST:
-+    case GRUB_FILE_TYPE_TESTLOAD:
-+    case GRUB_FILE_TYPE_GET_SIZE:
-+    case GRUB_FILE_TYPE_FONT:
-+    case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY:
-+    case GRUB_FILE_TYPE_CAT:
-+    case GRUB_FILE_TYPE_HEXCAT:
-+    case GRUB_FILE_TYPE_CMP:
-+    case GRUB_FILE_TYPE_HASHLIST:
-+    case GRUB_FILE_TYPE_TO_HASH:
-+    case GRUB_FILE_TYPE_KEYBOARD_LAYOUT:
-+    case GRUB_FILE_TYPE_PIXMAP:
-+    case GRUB_FILE_TYPE_GRUB_MODULE_LIST:
-+    case GRUB_FILE_TYPE_CONFIG:
-+    case GRUB_FILE_TYPE_THEME:
-+    case GRUB_FILE_TYPE_GETTEXT_CATALOG:
-+    case GRUB_FILE_TYPE_FS_SEARCH:
-+    case GRUB_FILE_TYPE_LOADENV:
-+    case GRUB_FILE_TYPE_SAVEENV:
-+    case GRUB_FILE_TYPE_VERIFY_SIGNATURE:
-+      *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
-+      return GRUB_ERR_NONE;
- 
-+    /* Other files. */
-     default:
--      return GRUB_ERR_NONE;
-+      return grub_error (GRUB_ERR_ACCESS_DENIED, N_("prohibited by secure boot policy"));
-     }
- }
- 
-diff --git a/include/grub/verify.h b/include/grub/verify.h
-index cd129c398..672ae1692 100644
---- a/include/grub/verify.h
-+++ b/include/grub/verify.h
-@@ -24,6 +24,7 @@
- 
- enum grub_verify_flags
-   {
-+    GRUB_VERIFY_FLAGS_NONE		= 0,
-     GRUB_VERIFY_FLAGS_SKIP_VERIFICATION	= 1,
-     GRUB_VERIFY_FLAGS_SINGLE_CHUNK	= 2,
-     /* Defer verification to another authority. */
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch
deleted file mode 100644
index 5741e53..0000000
--- a/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 04c86e0bb7b58fc2f913f798cdb18934933e532d Mon Sep 17 00:00:00 2001
-From: Chris Coulson <chris.coulson@canonical.com>
-Date: Tue, 5 Apr 2022 11:48:58 +0100
-Subject: [PATCH] loader/efi/chainloader: Use grub_loader_set_ex()
-
-This ports the EFI chainloader to use grub_loader_set_ex() in order to fix
-a use-after-free bug that occurs when grub_cmd_chainloader() is executed
-more than once before a boot attempt is performed.
-
-Fixes: CVE-2022-28736
-
-Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport
-CVE: CVE-2022-28736
-
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=04c86e0bb7b58fc2f913f798cdb18934933e532d
-
-Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
----
- grub-core/loader/efi/chainloader.c | 16 +++++++---------
- 1 file changed, 7 insertions(+), 9 deletions(-)
-
-diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
-index d1602c89b..7557eb269 100644
---- a/grub-core/loader/efi/chainloader.c
-+++ b/grub-core/loader/efi/chainloader.c
-@@ -44,11 +44,10 @@ GRUB_MOD_LICENSE ("GPLv3+");
- 
- static grub_dl_t my_mod;
- 
--static grub_efi_handle_t image_handle;
--
- static grub_err_t
--grub_chainloader_unload (void)
-+grub_chainloader_unload (void *context)
- {
-+  grub_efi_handle_t image_handle = (grub_efi_handle_t) context;
-   grub_efi_loaded_image_t *loaded_image;
-   grub_efi_boot_services_t *b;
- 
-@@ -64,8 +63,9 @@ grub_chainloader_unload (void)
- }
- 
- static grub_err_t
--grub_chainloader_boot (void)
-+grub_chainloader_boot (void *context)
- {
-+  grub_efi_handle_t image_handle = (grub_efi_handle_t) context;
-   grub_efi_boot_services_t *b;
-   grub_efi_status_t status;
-   grub_efi_uintn_t exit_data_size;
-@@ -225,6 +225,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
-   grub_efi_physical_address_t address = 0;
-   grub_efi_uintn_t pages = 0;
-   grub_efi_char16_t *cmdline = NULL;
-+  grub_efi_handle_t image_handle = NULL;
- 
-   if (argc == 0)
-     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
-@@ -405,7 +406,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
-   efi_call_2 (b->free_pages, address, pages);
-   grub_free (file_path);
- 
--  grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0);
-+  grub_loader_set_ex (grub_chainloader_boot, grub_chainloader_unload, image_handle, 0);
-   return 0;
- 
-  fail:
-@@ -423,10 +424,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
-     efi_call_2 (b->free_pages, address, pages);
- 
-   if (image_handle != NULL)
--    {
--      efi_call_1 (b->unload_image, image_handle);
--      image_handle = NULL;
--    }
-+    efi_call_1 (b->unload_image, image_handle);
- 
-   grub_dl_unref (my_mod);
- 
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch
deleted file mode 100644
index 853efd0..0000000
--- a/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From fdbe7209152ad6f09a1166f64f162017f2145ba3 Mon Sep 17 00:00:00 2001
-From: Zhang Boyang <zhangboyang.id@gmail.com>
-Date: Mon, 24 Oct 2022 08:05:35 +0800
-Subject: [PATCH] font: Fix an integer underflow in blit_comb()
-
-The expression (ctx.bounds.height - combining_glyphs[i]->height) / 2 may
-evaluate to a very big invalid value even if both ctx.bounds.height and
-combining_glyphs[i]->height are small integers. For example, if
-ctx.bounds.height is 10 and combining_glyphs[i]->height is 12, this
-expression evaluates to 2147483647 (expected -1). This is because
-coordinates are allowed to be negative but ctx.bounds.height is an
-unsigned int. So, the subtraction operates on unsigned ints and
-underflows to a very big value. The division makes things even worse.
-The quotient is still an invalid value even if converted back to int.
-
-This patch fixes the problem by casting ctx.bounds.height to int. As
-a result the subtraction will operate on int and grub_uint16_t which
-will be promoted to an int. So, the underflow will no longer happen. Other
-uses of ctx.bounds.height (and ctx.bounds.width) are also casted to int,
-to ensure coordinates are always calculated on signed integers.
-
-Fixes: CVE-2022-3775
-
-Reported-by: Daniel Axtens <dja@axtens.net>
-Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport from
-[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af]
-CVE: CVE-2022-3775
-
-Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
-
----
- grub-core/font/font.c | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/grub-core/font/font.c b/grub-core/font/font.c
-index 0ff5525..7b1cbde 100644
---- a/grub-core/font/font.c
-+++ b/grub-core/font/font.c
-@@ -1206,12 +1206,12 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
-   ctx.bounds.height = main_glyph->height;
- 
-   above_rightx = main_glyph->offset_x + main_glyph->width;
--  above_righty = ctx.bounds.y + ctx.bounds.height;
-+  above_righty = ctx.bounds.y + (int) ctx.bounds.height;
- 
-   above_leftx = main_glyph->offset_x;
--  above_lefty = ctx.bounds.y + ctx.bounds.height;
-+  above_lefty = ctx.bounds.y + (int) ctx.bounds.height;
- 
--  below_rightx = ctx.bounds.x + ctx.bounds.width;
-+  below_rightx = ctx.bounds.x + (int) ctx.bounds.width;
-   below_righty = ctx.bounds.y;
- 
-   comb = grub_unicode_get_comb (glyph_id);
-@@ -1224,7 +1224,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
- 
-       if (!combining_glyphs[i])
- 	continue;
--      targetx = (ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x;
-+      targetx = ((int) ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x;
-       /* CGJ is to avoid diacritics reordering. */
-       if (comb[i].code
- 	  == GRUB_UNICODE_COMBINING_GRAPHEME_JOINER)
-@@ -1234,8 +1234,8 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
- 	case GRUB_UNICODE_COMB_OVERLAY:
- 	  do_blit (combining_glyphs[i],
- 		   targetx,
--		   (ctx.bounds.height - combining_glyphs[i]->height) / 2
--		   - (ctx.bounds.height + ctx.bounds.y), &ctx);
-+		   ((int) ctx.bounds.height - combining_glyphs[i]->height) / 2
-+		   - ((int) ctx.bounds.height + ctx.bounds.y), &ctx);
- 	  if (min_devwidth < combining_glyphs[i]->width)
- 	    min_devwidth = combining_glyphs[i]->width;
- 	  break;
-@@ -1308,7 +1308,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
- 	  /* Fallthrough.  */
- 	case GRUB_UNICODE_STACK_ATTACHED_ABOVE:
- 	  do_blit (combining_glyphs[i], targetx,
--		   -(ctx.bounds.height + ctx.bounds.y + space
-+		   -((int) ctx.bounds.height + ctx.bounds.y + space
- 		     + combining_glyphs[i]->height), &ctx);
- 	  if (min_devwidth < combining_glyphs[i]->width)
- 	    min_devwidth = combining_glyphs[i]->width;
-@@ -1316,7 +1316,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
- 
- 	case GRUB_UNICODE_COMB_HEBREW_DAGESH:
- 	  do_blit (combining_glyphs[i], targetx,
--		   -(ctx.bounds.height / 2 + ctx.bounds.y
-+		   -((int) ctx.bounds.height / 2 + ctx.bounds.y
- 		     + combining_glyphs[i]->height / 2), &ctx);
- 	  if (min_devwidth < combining_glyphs[i]->width)
- 	    min_devwidth = combining_glyphs[i]->width;
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2023-4692.patch b/poky/meta/recipes-bsp/grub/files/CVE-2023-4692.patch
deleted file mode 100644
index 305fcc9..0000000
--- a/poky/meta/recipes-bsp/grub/files/CVE-2023-4692.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 43651027d24e62a7a463254165e1e46e42aecdea Mon Sep 17 00:00:00 2001
-From: Maxim Suhanov <dfirblog@gmail.com>
-Date: Mon, 28 Aug 2023 16:31:57 +0300
-Subject: [PATCH] fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute
- for the $MFT file
-
-When parsing an extremely fragmented $MFT file, i.e., the file described
-using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer
-containing bytes read from the underlying drive to store sector numbers,
-which are consumed later to read data from these sectors into another buffer.
-
-These sectors numbers, two 32-bit integers, are always stored at predefined
-offsets, 0x10 and 0x14, relative to first byte of the selected entry within
-the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem.
-
-However, when parsing a specially-crafted file system image, this may cause
-the NTFS code to write these integers beyond the buffer boundary, likely
-causing the GRUB memory allocator to misbehave or fail. These integers contain
-values which are controlled by on-disk structures of the NTFS file system.
-
-Such modification and resulting misbehavior may touch a memory range not
-assigned to the GRUB and owned by firmware or another EFI application/driver.
-
-This fix introduces checks to ensure that these sector numbers are never
-written beyond the boundary.
-
-Fixes: CVE-2023-4692
-
-Upstream-Status: Backport from 
-[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=43651027d24e62a7a463254165e1e46e42aecdea]
-CVE: CVE-2023-4692
-
-Reported-by: Maxim Suhanov <dfirblog@gmail.com>
-Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
----
- grub-core/fs/ntfs.c | 18 +++++++++++++++++-
- 1 file changed, 17 insertions(+), 1 deletion(-)
-
-diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
-index bbdbe24..c3c4db1 100644
---- a/grub-core/fs/ntfs.c
-+++ b/grub-core/fs/ntfs.c
-@@ -184,7 +184,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
-     }
-   if (at->attr_end)
-     {
--      grub_uint8_t *pa;
-+      grub_uint8_t *pa, *pa_end;
- 
-       at->emft_buf = grub_malloc (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
-       if (at->emft_buf == NULL)
-@@ -209,11 +209,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
- 	    }
- 	  at->attr_nxt = at->edat_buf;
- 	  at->attr_end = at->edat_buf + u32at (pa, 0x30);
-+	  pa_end = at->edat_buf + n;
- 	}
-       else
- 	{
- 	  at->attr_nxt = at->attr_end + u16at (pa, 0x14);
- 	  at->attr_end = at->attr_end + u32at (pa, 4);
-+	  pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
- 	}
-       at->flags |= GRUB_NTFS_AF_ALST;
-       while (at->attr_nxt < at->attr_end)
-@@ -230,6 +232,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
- 	  at->flags |= GRUB_NTFS_AF_GPOS;
- 	  at->attr_cur = at->attr_nxt;
- 	  pa = at->attr_cur;
-+
-+	  if ((pa >= pa_end) || (pa_end - pa < 0x18))
-+	    {
-+	      grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list");
-+	      return NULL;
-+	    }
-+
- 	  grub_set_unaligned32 ((char *) pa + 0x10,
- 				grub_cpu_to_le32 (at->mft->data->mft_start));
- 	  grub_set_unaligned32 ((char *) pa + 0x14,
-@@ -240,6 +249,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
- 	    {
- 	      if (*pa != attr)
- 		break;
-+
-+              if ((pa >= pa_end) || (pa_end - pa < 0x18))
-+                {
-+	          grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list");
-+	          return NULL;
-+	        }
-+
- 	      if (read_attr
- 		  (at, pa + 0x10,
- 		   u32at (pa, 0x10) * (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR),
--- 
-cgit v1.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2023-4693.patch b/poky/meta/recipes-bsp/grub/files/CVE-2023-4693.patch
deleted file mode 100644
index 420fe92..0000000
--- a/poky/meta/recipes-bsp/grub/files/CVE-2023-4693.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 0ed2458cc4eff6d9a9199527e2a0b6d445802f94 Mon Sep 17 00:00:00 2001
-From: Maxim Suhanov <dfirblog@...>
-Date: Mon, 28 Aug 2023 16:32:33 +0300
-Subject: fs/ntfs: Fix an OOB read when reading data from the resident $DATA
- attribute
-
-When reading a file containing resident data, i.e., the file data is stored in
-the $DATA attribute within the NTFS file record, not in external clusters,
-there are no checks that this resident data actually fits the corresponding
-file record segment.
-
-When parsing a specially-crafted file system image, the current NTFS code will
-read the file data from an arbitrary, attacker-chosen memory offset and of
-arbitrary, attacker-chosen length.
-
-This allows an attacker to display arbitrary chunks of memory, which could
-contain sensitive information like password hashes or even plain-text,
-obfuscated passwords from BS EFI variables.
-
-This fix implements a check to ensure that resident data is read from the
-corresponding file record segment only.
-
-Fixes: CVE-2023-4693
-
-Upstream-Status: Backport from 
-[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0ed2458cc4eff6d9a9199527e2a0b6d445802f94]
-CVE: CVE-2023-4693
-
-Reported-by: Maxim Suhanov <dfirblog@...>
-Signed-off-by: Maxim Suhanov <dfirblog@...>
-Reviewed-by: Daniel Kiper <daniel.kiper@...>
-Signed-off-by: Xiangyu Chen <xiangyu.chen@...>
----
- grub-core/fs/ntfs.c | 13 ++++++++++++-
- 1 file changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
-index c3c4db1..a68e173 100644
---- a/grub-core/fs/ntfs.c
-+++ b/grub-core/fs/ntfs.c
-@@ -401,7 +401,18 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest,
-     {
-       if (ofs + len > u32at (pa, 0x10))
- 	return grub_error (GRUB_ERR_BAD_FS, "read out of range");
--      grub_memcpy (dest, pa + u32at (pa, 0x14) + ofs, len);
-+
-+      if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
-+	return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large");
-+
-+      if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
-+	return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
-+
-+      if (u16at (pa, 0x14) + u32at (pa, 0x10) >
-+	  (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa)
-+	return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
-+
-+      grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len);
-       return 0;
-     }
- 
--- 
-cgit v1.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch b/poky/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch
index 1323a54..f8dfda9 100644
--- a/poky/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch
+++ b/poky/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch
@@ -1,4 +1,4 @@
-From 8790aa8bea736f52341a0430ff3e317d3be0f99b Mon Sep 17 00:00:00 2001
+From 14c1d0459fb3561e627d3a5f6e91a0d2f7b4aa45 Mon Sep 17 00:00:00 2001
 From: Naveen Saini <naveen.kumar.saini@intel.com>
 Date: Mon, 15 Mar 2021 14:44:15 +0800
 Subject: [PATCH] autogen.sh: exclude .pc from po/POTFILES.in
@@ -14,15 +14,16 @@
 Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
 Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
+
 ---
  autogen.sh | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/autogen.sh b/autogen.sh
-index 31b0ced7e..c63ae766c 100755
+index 195daa5..773b7b4 100755
 --- a/autogen.sh
 +++ b/autogen.sh
-@@ -13,7 +13,7 @@ fi
+@@ -26,7 +26,7 @@ fi
  export LC_COLLATE=C
  unset LC_ALL
  
@@ -31,6 +32,3 @@
  find util -iname '*.in' ! -name Makefile.in  |sort > po/POTFILES-shell.in
  
  echo "Importing unicode..."
--- 
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch b/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch
deleted file mode 100644
index a2c0530..0000000
--- a/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch
+++ /dev/null
@@ -1,168 +0,0 @@
-From 14ceb3b3ff6db664649138442b6562c114dcf56e Mon Sep 17 00:00:00 2001
-From: Chris Coulson <chris.coulson@canonical.com>
-Date: Tue, 5 Apr 2022 10:58:28 +0100
-Subject: [PATCH] commands/boot: Add API to pass context to loader
-
-Loaders rely on global variables for saving context which is consumed
-in the boot hook and freed in the unload hook. In the case where a loader
-command is executed twice, calling grub_loader_set() a second time executes
-the unload hook, but in some cases this runs when the loader's global
-context has already been updated, resulting in the updated context being
-freed and potential use-after-free bugs when the boot hook is subsequently
-called.
-
-This adds a new API, grub_loader_set_ex(), which allows a loader to specify
-context that is passed to its boot and unload hooks. This is an alternative
-to requiring that loaders call grub_loader_unset() before mutating their
-global context.
-
-Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport
-
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=14ceb3b3ff6db664649138442b6562c114dcf56e
-
-Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
----
- grub-core/commands/boot.c | 66 ++++++++++++++++++++++++++++++++++-----
- include/grub/loader.h     |  5 +++
- 2 files changed, 63 insertions(+), 8 deletions(-)
-
-diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c
-index bbca81e94..61514788e 100644
---- a/grub-core/commands/boot.c
-+++ b/grub-core/commands/boot.c
-@@ -27,10 +27,20 @@
- 
- GRUB_MOD_LICENSE ("GPLv3+");
- 
--static grub_err_t (*grub_loader_boot_func) (void);
--static grub_err_t (*grub_loader_unload_func) (void);
-+static grub_err_t (*grub_loader_boot_func) (void *context);
-+static grub_err_t (*grub_loader_unload_func) (void *context);
-+static void *grub_loader_context;
- static int grub_loader_flags;
- 
-+struct grub_simple_loader_hooks
-+{
-+  grub_err_t (*boot) (void);
-+  grub_err_t (*unload) (void);
-+};
-+
-+/* Don't heap allocate this to avoid making grub_loader_set() fallible. */
-+static struct grub_simple_loader_hooks simple_loader_hooks;
-+
- struct grub_preboot
- {
-   grub_err_t (*preboot_func) (int);
-@@ -44,6 +54,29 @@ static int grub_loader_loaded;
- static struct grub_preboot *preboots_head = 0,
-   *preboots_tail = 0;
- 
-+static grub_err_t
-+grub_simple_boot_hook (void *context)
-+{
-+  struct grub_simple_loader_hooks *hooks;
-+
-+  hooks = (struct grub_simple_loader_hooks *) context;
-+  return hooks->boot ();
-+}
-+
-+static grub_err_t
-+grub_simple_unload_hook (void *context)
-+{
-+  struct grub_simple_loader_hooks *hooks;
-+  grub_err_t ret;
-+
-+  hooks = (struct grub_simple_loader_hooks *) context;
-+
-+  ret = hooks->unload ();
-+  grub_memset (hooks, 0, sizeof (*hooks));
-+
-+  return ret;
-+}
-+
- int
- grub_loader_is_loaded (void)
- {
-@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd)
- }
- 
- void
--grub_loader_set (grub_err_t (*boot) (void),
--		 grub_err_t (*unload) (void),
--		 int flags)
-+grub_loader_set_ex (grub_err_t (*boot) (void *context),
-+		    grub_err_t (*unload) (void *context),
-+		    void *context,
-+		    int flags)
- {
-   if (grub_loader_loaded && grub_loader_unload_func)
--    grub_loader_unload_func ();
-+    grub_loader_unload_func (grub_loader_context);
- 
-   grub_loader_boot_func = boot;
-   grub_loader_unload_func = unload;
-+  grub_loader_context = context;
-   grub_loader_flags = flags;
- 
-   grub_loader_loaded = 1;
- }
- 
-+void
-+grub_loader_set (grub_err_t (*boot) (void),
-+		 grub_err_t (*unload) (void),
-+		 int flags)
-+{
-+  grub_loader_set_ex (grub_simple_boot_hook,
-+		      grub_simple_unload_hook,
-+		      &simple_loader_hooks,
-+		      flags);
-+
-+  simple_loader_hooks.boot = boot;
-+  simple_loader_hooks.unload = unload;
-+}
-+
- void
- grub_loader_unset(void)
- {
-   if (grub_loader_loaded && grub_loader_unload_func)
--    grub_loader_unload_func ();
-+    grub_loader_unload_func (grub_loader_context);
- 
-   grub_loader_boot_func = 0;
-   grub_loader_unload_func = 0;
-+  grub_loader_context = 0;
- 
-   grub_loader_loaded = 0;
- }
-@@ -158,7 +208,7 @@ grub_loader_boot (void)
- 	  return err;
- 	}
-     }
--  err = (grub_loader_boot_func) ();
-+  err = (grub_loader_boot_func) (grub_loader_context);
- 
-   for (cur = preboots_tail; cur; cur = cur->prev)
-     if (! err)
-diff --git a/include/grub/loader.h b/include/grub/loader.h
-index b20864282..97f231054 100644
---- a/include/grub/loader.h
-+++ b/include/grub/loader.h
-@@ -40,6 +40,11 @@ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void),
- 				    grub_err_t (*unload) (void),
- 				    int flags);
- 
-+void EXPORT_FUNC (grub_loader_set_ex) (grub_err_t (*boot) (void *context),
-+				       grub_err_t (*unload) (void *context),
-+				       void *context,
-+				       int flags);
-+
- /* Unset current loader, if any.  */
- void EXPORT_FUNC (grub_loader_unset) (void);
- 
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/determinism.patch b/poky/meta/recipes-bsp/grub/files/determinism.patch
deleted file mode 100644
index 852b95a..0000000
--- a/poky/meta/recipes-bsp/grub/files/determinism.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From b6f9b3f6fa782807c4a7ec16ee8ef868cdfbf468 Mon Sep 17 00:00:00 2001
-From: Naveen Saini <naveen.kumar.saini@intel.com>
-Date: Mon, 15 Mar 2021 14:56:18 +0800
-Subject: [PATCH] The output in moddep.lst generated from syminfo.lst using
- genmoddep.awk is not deterministic since the order of the dependencies on
- each line can vary depending on how awk sorts the values in the array.
-
-Be deterministic in the output by sorting the dependencies on each line.
-
-Also, the output of the SOURCES lines in grub-core/Makefile.core.am, generated
-from grub-core/Makefile.core.def with gentpl.py is not deterministic due to
-missing sorting of the list used to generate it. Add such a sort.
-
-Also ensure the generated unidata.c file is deterministic by sorting the
-keys of the dict.
-
-Upstream-Status: Submitted [https://lists.gnu.org/archive/html/grub-devel/2023-06/index.html]
-Richard Purdie <richard.purdie@linuxfoundation.org>
-Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
----
- gentpl.py               | 1 +
- grub-core/genmoddep.awk | 4 +++-
- util/import_unicode.py  | 2 +-
- 3 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/gentpl.py b/gentpl.py
-index c86550d4f..589285192 100644
---- a/gentpl.py
-+++ b/gentpl.py
-@@ -568,6 +568,7 @@ def foreach_platform_value(defn, platform, suffix, closure):
-     for group in RMAP[platform]:
-         for value in defn.find_all(group + suffix):
-             r.append(closure(value))
-+    r.sort()
-     return ''.join(r)
- 
- def platform_conditional(platform, closure):
-diff --git a/grub-core/genmoddep.awk b/grub-core/genmoddep.awk
-index 04c2863e5..247436392 100644
---- a/grub-core/genmoddep.awk
-+++ b/grub-core/genmoddep.awk
-@@ -59,7 +59,9 @@ END {
-     }
-     modlist = ""
-     depcount[mod] = 0
--    for (depmod in uniqmods) {
-+    n = asorti(uniqmods, w)
-+    for (i = 1; i <= n; i++) {
-+      depmod = w[i]
-       modlist = modlist " " depmod;
-       inverse_dependencies[depmod] = inverse_dependencies[depmod] " " mod
-       depcount[mod]++
-diff --git a/util/import_unicode.py b/util/import_unicode.py
-index 08f80591e..1f434a069 100644
---- a/util/import_unicode.py
-+++ b/util/import_unicode.py
-@@ -174,7 +174,7 @@ infile.close ()
- 
- outfile.write ("struct grub_unicode_arabic_shape grub_unicode_arabic_shapes[] = {\n ")
- 
--for x in arabicsubst:
-+for x in sorted(arabicsubst):
-     try:
-         if arabicsubst[x]['join'] == "DUAL":
-             outfile.write ("{0x%x, 0x%x, 0x%x, 0x%x, 0x%x},\n " % (arabicsubst[x][0], arabicsubst[x][1], arabicsubst[x][2], arabicsubst[x][3], arabicsubst[x][4]))
--- 
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/grub-module-explicitly-keeps-symbole-.module_license.patch b/poky/meta/recipes-bsp/grub/files/grub-module-explicitly-keeps-symbole-.module_license.patch
index 2689026..d9012d1 100644
--- a/poky/meta/recipes-bsp/grub/files/grub-module-explicitly-keeps-symbole-.module_license.patch
+++ b/poky/meta/recipes-bsp/grub/files/grub-module-explicitly-keeps-symbole-.module_license.patch
@@ -1,4 +1,4 @@
-From 917133acc701dbc4636165d3b08d15dc5829a06f Mon Sep 17 00:00:00 2001
+From b316ed326bd492106006d78f5bfcd767b49a4f2e Mon Sep 17 00:00:00 2001
 From: Hongxu Jia <hongxu.jia@windriver.com>
 Date: Wed, 17 Aug 2016 04:06:34 -0400
 Subject: [PATCH] grub module explicitly keeps symbole .module_license
@@ -8,7 +8,7 @@
 
 ---------------
 root@localhost:~# objdump -t all_video.mod
- 
+
 all_video.mod:     file format elf64-x86-64
 
 SYMBOL TABLE:
@@ -40,12 +40,13 @@
 Upstream-Status: Pending
 
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
 ---
  grub-core/genmod.sh.in | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/grub-core/genmod.sh.in b/grub-core/genmod.sh.in
-index 1250589..dd14308 100644
+index e57c4d9..42bb1ba 100644
 --- a/grub-core/genmod.sh.in
 +++ b/grub-core/genmod.sh.in
 @@ -56,7 +56,7 @@ if test x@TARGET_APPLE_LINKER@ != x1; then
diff --git a/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch b/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch
deleted file mode 100644
index a43025d..0000000
--- a/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-From 1469983ebb9674753ad333d37087fb8cb20e1dce Mon Sep 17 00:00:00 2001
-From: Chris Coulson <chris.coulson@canonical.com>
-Date: Tue, 5 Apr 2022 10:02:04 +0100
-Subject: [PATCH] loader/efi/chainloader: Simplify the loader state
-
-The chainloader command retains the source buffer and device path passed
-to LoadImage(), requiring the unload hook passed to grub_loader_set() to
-free them. It isn't required to retain this state though - they aren't
-required by StartImage() or anything else in the boot hook, so clean them
-up before grub_cmd_chainloader() finishes.
-
-Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport
-
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1469983ebb9674753ad333d37087fb8cb20e1dce
-
-Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
----
- grub-core/loader/efi/chainloader.c | 38 +++++++++++++++++-------------
- 1 file changed, 21 insertions(+), 17 deletions(-)
-
-diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
-index 2bd80f4db..d1602c89b 100644
---- a/grub-core/loader/efi/chainloader.c
-+++ b/grub-core/loader/efi/chainloader.c
-@@ -44,25 +44,20 @@ GRUB_MOD_LICENSE ("GPLv3+");
- 
- static grub_dl_t my_mod;
- 
--static grub_efi_physical_address_t address;
--static grub_efi_uintn_t pages;
--static grub_efi_device_path_t *file_path;
- static grub_efi_handle_t image_handle;
--static grub_efi_char16_t *cmdline;
- 
- static grub_err_t
- grub_chainloader_unload (void)
- {
-+  grub_efi_loaded_image_t *loaded_image;
-   grub_efi_boot_services_t *b;
- 
-+  loaded_image = grub_efi_get_loaded_image (image_handle);
-+  if (loaded_image != NULL)
-+    grub_free (loaded_image->load_options);
-+
-   b = grub_efi_system_table->boot_services;
-   efi_call_1 (b->unload_image, image_handle);
--  efi_call_2 (b->free_pages, address, pages);
--
--  grub_free (file_path);
--  grub_free (cmdline);
--  cmdline = 0;
--  file_path = 0;
- 
-   grub_dl_unref (my_mod);
-   return GRUB_ERR_NONE;
-@@ -140,7 +135,7 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
-   char *dir_start;
-   char *dir_end;
-   grub_size_t size;
--  grub_efi_device_path_t *d;
-+  grub_efi_device_path_t *d, *file_path;
- 
-   dir_start = grub_strchr (filename, ')');
-   if (! dir_start)
-@@ -222,11 +217,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
-   grub_efi_status_t status;
-   grub_efi_boot_services_t *b;
-   grub_device_t dev = 0;
--  grub_efi_device_path_t *dp = 0;
-+  grub_efi_device_path_t *dp = NULL, *file_path = NULL;
-   grub_efi_loaded_image_t *loaded_image;
-   char *filename;
-   void *boot_image = 0;
-   grub_efi_handle_t dev_handle = 0;
-+  grub_efi_physical_address_t address = 0;
-+  grub_efi_uintn_t pages = 0;
-+  grub_efi_char16_t *cmdline = NULL;
- 
-   if (argc == 0)
-     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
-@@ -234,11 +232,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
- 
-   grub_dl_ref (my_mod);
- 
--  /* Initialize some global variables.  */
--  address = 0;
--  image_handle = 0;
--  file_path = 0;
--
-   b = grub_efi_system_table->boot_services;
- 
-   file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE);
-@@ -408,6 +401,10 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
-   grub_file_close (file);
-   grub_device_close (dev);
- 
-+  /* We're finished with the source image buffer and file path now. */
-+  efi_call_2 (b->free_pages, address, pages);
-+  grub_free (file_path);
-+
-   grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0);
-   return 0;
- 
-@@ -419,11 +416,18 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
-   if (file)
-     grub_file_close (file);
- 
-+  grub_free (cmdline);
-   grub_free (file_path);
- 
-   if (address)
-     efi_call_2 (b->free_pages, address, pages);
- 
-+  if (image_handle != NULL)
-+    {
-+      efi_call_1 (b->unload_image, image_handle);
-+      image_handle = NULL;
-+    }
-+
-   grub_dl_unref (my_mod);
- 
-   return grub_errno;
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch b/poky/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch
deleted file mode 100644
index 2db9bcb..0000000
--- a/poky/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch
+++ /dev/null
@@ -1,693 +0,0 @@
-From 1f48917d8ddb490dcdc70176e0f58136b7f7811a Mon Sep 17 00:00:00 2001
-From: Elyes Haouas <ehaouas@noos.fr>
-Date: Fri, 4 Mar 2022 07:42:13 +0100
-Subject: [PATCH] video: Remove trailing whitespaces
-
-Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport
-
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1f48917d8ddb490dcdc70176e0f58136b7f7811a
-
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
----
- grub-core/video/bochs.c             |  2 +-
- grub-core/video/capture.c           |  2 +-
- grub-core/video/cirrus.c            |  4 ++--
- grub-core/video/coreboot/cbfb.c     |  2 +-
- grub-core/video/efi_gop.c           | 22 +++++++++----------
- grub-core/video/fb/fbblit.c         |  8 +++----
- grub-core/video/fb/video_fb.c       | 10 ++++-----
- grub-core/video/i386/pc/vbe.c       | 34 ++++++++++++++---------------
- grub-core/video/i386/pc/vga.c       |  6 ++---
- grub-core/video/ieee1275.c          |  4 ++--
- grub-core/video/radeon_fuloong2e.c  |  6 ++---
- grub-core/video/radeon_yeeloong3a.c |  6 ++---
- grub-core/video/readers/png.c       |  2 +-
- grub-core/video/readers/tga.c       |  2 +-
- grub-core/video/sis315_init.c       |  2 +-
- grub-core/video/sis315pro.c         |  8 +++----
- grub-core/video/sm712.c             | 10 ++++-----
- grub-core/video/video.c             |  8 +++----
- 18 files changed, 69 insertions(+), 69 deletions(-)
-
-diff --git a/grub-core/video/bochs.c b/grub-core/video/bochs.c
-index 30ea1bd82..edc651697 100644
---- a/grub-core/video/bochs.c
-+++ b/grub-core/video/bochs.c
-@@ -212,7 +212,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
- 
-   if (((class >> 16) & 0xffff) != 0x0300 || pciid != 0x11111234)
-     return 0;
--  
-+
-   addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
-   framebuffer.base = grub_pci_read (addr) & GRUB_PCI_ADDR_MEM_MASK;
-   if (!framebuffer.base)
-diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c
-index 4d3195e01..c653d89f9 100644
---- a/grub-core/video/capture.c
-+++ b/grub-core/video/capture.c
-@@ -92,7 +92,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info,
-   framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch);
-   if (!framebuffer.ptr)
-     return grub_errno;
--  
-+
-   err = grub_video_fb_create_render_target_from_pointer (&framebuffer.render_target,
- 							 &framebuffer.mode_info,
- 							 framebuffer.ptr);
-diff --git a/grub-core/video/cirrus.c b/grub-core/video/cirrus.c
-index e2149e8ce..f5542ccdc 100644
---- a/grub-core/video/cirrus.c
-+++ b/grub-core/video/cirrus.c
-@@ -354,11 +354,11 @@ grub_video_cirrus_setup (unsigned int width, unsigned int height,
-     grub_uint8_t sr_ext = 0, hidden_dac = 0;
- 
-     grub_vga_set_geometry (&config, grub_vga_cr_write);
--    
-+
-     grub_vga_gr_write (GRUB_VGA_GR_MODE_256_COLOR | GRUB_VGA_GR_MODE_READ_MODE1,
- 		       GRUB_VGA_GR_MODE);
-     grub_vga_gr_write (GRUB_VGA_GR_GR6_GRAPHICS_MODE, GRUB_VGA_GR_GR6);
--    
-+
-     grub_vga_sr_write (GRUB_VGA_SR_MEMORY_MODE_NORMAL, GRUB_VGA_SR_MEMORY_MODE);
- 
-     grub_vga_cr_write ((config.pitch >> CIRRUS_CR_EXTENDED_DISPLAY_PITCH_SHIFT)
-diff --git a/grub-core/video/coreboot/cbfb.c b/grub-core/video/coreboot/cbfb.c
-index 9af81fa5b..986003c51 100644
---- a/grub-core/video/coreboot/cbfb.c
-+++ b/grub-core/video/coreboot/cbfb.c
-@@ -106,7 +106,7 @@ grub_video_cbfb_setup (unsigned int width, unsigned int height,
- 
-   grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS,
- 			     grub_video_fbstd_colors);
--    
-+
-   return err;
- }
- 
-diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c
-index b7590dc6c..7a5054631 100644
---- a/grub-core/video/efi_gop.c
-+++ b/grub-core/video/efi_gop.c
-@@ -273,7 +273,7 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo
-       grub_efi_status_t status;
-       struct grub_efi_gop_mode_info *info = NULL;
-       struct grub_video_mode_info mode_info;
--	 
-+
-       status = efi_call_4 (gop->query_mode, gop, mode, &size, &info);
- 
-       if (status)
-@@ -390,7 +390,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
- 	  found = 1;
- 	}
-     }
-- 
-+
-   if (!found)
-     {
-       unsigned mode;
-@@ -399,7 +399,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
- 	{
- 	  grub_efi_uintn_t size;
- 	  grub_efi_status_t status;
--	 
-+
- 	  status = efi_call_4 (gop->query_mode, gop, mode, &size, &info);
- 	  if (status)
- 	    {
-@@ -472,11 +472,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
-   framebuffer.ptr = (void *) (grub_addr_t) gop->mode->fb_base;
-   framebuffer.offscreen
-     = grub_malloc (framebuffer.mode_info.height
--		   * framebuffer.mode_info.width 
-+		   * framebuffer.mode_info.width
- 		   * sizeof (struct grub_efi_gop_blt_pixel));
- 
-   buffer = framebuffer.offscreen;
--      
-+
-   if (!buffer)
-     {
-       grub_dprintf ("video", "GOP: couldn't allocate shadow\n");
-@@ -485,11 +485,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
- 				     &framebuffer.mode_info);
-       buffer = framebuffer.ptr;
-     }
--    
-+
-   grub_dprintf ("video", "GOP: initialising FB @ %p %dx%dx%d\n",
- 		framebuffer.ptr, framebuffer.mode_info.width,
- 		framebuffer.mode_info.height, framebuffer.mode_info.bpp);
-- 
-+
-   err = grub_video_fb_create_render_target_from_pointer
-     (&framebuffer.render_target, &framebuffer.mode_info, buffer);
- 
-@@ -498,15 +498,15 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
-       grub_dprintf ("video", "GOP: Couldn't create FB target\n");
-       return err;
-     }
-- 
-+
-   err = grub_video_fb_set_active_render_target (framebuffer.render_target);
-- 
-+
-   if (err)
-     {
-       grub_dprintf ("video", "GOP: Couldn't set FB target\n");
-       return err;
-     }
-- 
-+
-   err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS,
- 				   grub_video_fbstd_colors);
- 
-@@ -514,7 +514,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
-     grub_dprintf ("video", "GOP: Couldn't set palette\n");
-   else
-     grub_dprintf ("video", "GOP: Success\n");
-- 
-+
-   return err;
- }
- 
-diff --git a/grub-core/video/fb/fbblit.c b/grub-core/video/fb/fbblit.c
-index d55924837..1010ef393 100644
---- a/grub-core/video/fb/fbblit.c
-+++ b/grub-core/video/fb/fbblit.c
-@@ -466,7 +466,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst,
-       for (i = 0; i < width; i++)
-         {
- 	  register grub_uint32_t col;
--	  if (*srcptr == 0xf0)	      
-+	  if (*srcptr == 0xf0)
- 	    col = palette[16];
- 	  else
- 	    col = palette[*srcptr & 0xf];
-@@ -478,7 +478,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst,
- 	  *dstptr++ = col >> 0;
- 	  *dstptr++ = col >> 8;
- 	  *dstptr++ = col >> 16;
--#endif	  
-+#endif
- 	  srcptr++;
-         }
- 
-@@ -651,7 +651,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst,
-       for (i = 0; i < width; i++)
-         {
- 	  register grub_uint32_t col;
--	  if (*srcptr != 0xf0)	      
-+	  if (*srcptr != 0xf0)
- 	    {
- 	      col = palette[*srcptr & 0xf];
- #ifdef GRUB_CPU_WORDS_BIGENDIAN
-@@ -662,7 +662,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst,
- 	      *dstptr++ = col >> 0;
- 	      *dstptr++ = col >> 8;
- 	      *dstptr++ = col >> 16;
--#endif	  
-+#endif
- 	    }
- 	  else
- 	    dstptr += 3;
-diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c
-index ae6b89f9a..fa4ebde26 100644
---- a/grub-core/video/fb/video_fb.c
-+++ b/grub-core/video/fb/video_fb.c
-@@ -754,7 +754,7 @@ grub_video_fb_unmap_color_int (struct grub_video_fbblit_info * source,
-           *alpha = 0;
-           return;
-         }
--	
-+
-       /* If we have an out-of-bounds color, return transparent black.  */
-       if (color > 255)
-         {
-@@ -1141,7 +1141,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy)
-       /* If everything is aligned on 32-bit use 32-bit copy.  */
-       if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y)
- 	  % sizeof (grub_uint32_t) == 0
--	  && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y) 
-+	  && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y)
- 	  % sizeof (grub_uint32_t) == 0
- 	  && linelen % sizeof (grub_uint32_t) == 0
- 	  && linedelta % sizeof (grub_uint32_t) == 0)
-@@ -1155,7 +1155,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy)
-       else if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y)
- 	       % sizeof (grub_uint16_t) == 0
- 	       && (grub_addr_t) grub_video_fb_get_video_ptr (&target,
--							     dst_x, dst_y) 
-+							     dst_x, dst_y)
- 	       % sizeof (grub_uint16_t) == 0
- 	       && linelen % sizeof (grub_uint16_t) == 0
- 	       && linedelta % sizeof (grub_uint16_t) == 0)
-@@ -1170,7 +1170,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy)
- 	{
- 	  grub_uint8_t *src, *dst;
- 	  DO_SCROLL
--	}	
-+	}
-     }
- 
-   /* 4. Fill empty space with specified color.  In this implementation
-@@ -1615,7 +1615,7 @@ grub_video_fb_setup (unsigned int mode_type, unsigned int mode_mask,
- 	  framebuffer.render_target = framebuffer.back_target;
- 	  return GRUB_ERR_NONE;
- 	}
--      
-+
-       mode_info->mode_type &= ~(GRUB_VIDEO_MODE_TYPE_DOUBLE_BUFFERED
- 				| GRUB_VIDEO_MODE_TYPE_UPDATING_SWAP);
- 
-diff --git a/grub-core/video/i386/pc/vbe.c b/grub-core/video/i386/pc/vbe.c
-index b7f911926..0e65b5206 100644
---- a/grub-core/video/i386/pc/vbe.c
-+++ b/grub-core/video/i386/pc/vbe.c
-@@ -219,7 +219,7 @@ grub_vbe_disable_mtrr (int mtrr)
- }
- 
- /* Call VESA BIOS 0x4f09 to set palette data, return status.  */
--static grub_vbe_status_t 
-+static grub_vbe_status_t
- grub_vbe_bios_set_palette_data (grub_uint32_t color_count,
- 				grub_uint32_t start_index,
- 				struct grub_vbe_palette_data *palette_data)
-@@ -237,7 +237,7 @@ grub_vbe_bios_set_palette_data (grub_uint32_t color_count,
- }
- 
- /* Call VESA BIOS 0x4f00 to get VBE Controller Information, return status.  */
--grub_vbe_status_t 
-+grub_vbe_status_t
- grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci)
- {
-   struct grub_bios_int_registers regs;
-@@ -251,7 +251,7 @@ grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci)
- }
- 
- /* Call VESA BIOS 0x4f01 to get VBE Mode Information, return status.  */
--grub_vbe_status_t 
-+grub_vbe_status_t
- grub_vbe_bios_get_mode_info (grub_uint32_t mode,
- 			     struct grub_vbe_mode_info_block *mode_info)
- {
-@@ -285,7 +285,7 @@ grub_vbe_bios_set_mode (grub_uint32_t mode,
- }
- 
- /* Call VESA BIOS 0x4f03 to return current VBE Mode, return status.  */
--grub_vbe_status_t 
-+grub_vbe_status_t
- grub_vbe_bios_get_mode (grub_uint32_t *mode)
- {
-   struct grub_bios_int_registers regs;
-@@ -298,7 +298,7 @@ grub_vbe_bios_get_mode (grub_uint32_t *mode)
-   return regs.eax & 0xffff;
- }
- 
--grub_vbe_status_t 
-+grub_vbe_status_t
- grub_vbe_bios_getset_dac_palette_width (int set, int *dac_mask_size)
- {
-   struct grub_bios_int_registers regs;
-@@ -346,7 +346,7 @@ grub_vbe_bios_get_memory_window (grub_uint32_t window,
- }
- 
- /* Call VESA BIOS 0x4f06 to set scanline length (in bytes), return status.  */
--grub_vbe_status_t 
-+grub_vbe_status_t
- grub_vbe_bios_set_scanline_length (grub_uint32_t length)
- {
-   struct grub_bios_int_registers regs;
-@@ -354,14 +354,14 @@ grub_vbe_bios_set_scanline_length (grub_uint32_t length)
-   regs.ecx = length;
-   regs.eax = 0x4f06;
-   /* BL = 2, Set Scan Line in Bytes.  */
--  regs.ebx = 0x0002;	
-+  regs.ebx = 0x0002;
-   regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
-   grub_bios_interrupt (0x10, &regs);
-   return regs.eax & 0xffff;
- }
- 
- /* Call VESA BIOS 0x4f06 to return scanline length (in bytes), return status.  */
--grub_vbe_status_t 
-+grub_vbe_status_t
- grub_vbe_bios_get_scanline_length (grub_uint32_t *length)
- {
-   struct grub_bios_int_registers regs;
-@@ -377,7 +377,7 @@ grub_vbe_bios_get_scanline_length (grub_uint32_t *length)
- }
- 
- /* Call VESA BIOS 0x4f07 to set display start, return status.  */
--static grub_vbe_status_t 
-+static grub_vbe_status_t
- grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y)
- {
-   struct grub_bios_int_registers regs;
-@@ -390,7 +390,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y)
-   regs.edx = y;
-   regs.eax = 0x4f07;
-   /* BL = 80h, Set Display Start during Vertical Retrace.  */
--  regs.ebx = 0x0080;	
-+  regs.ebx = 0x0080;
-   regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
-   grub_bios_interrupt (0x10, &regs);
- 
-@@ -401,7 +401,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y)
- }
- 
- /* Call VESA BIOS 0x4f07 to get display start, return status.  */
--grub_vbe_status_t 
-+grub_vbe_status_t
- grub_vbe_bios_get_display_start (grub_uint32_t *x,
- 				 grub_uint32_t *y)
- {
-@@ -419,7 +419,7 @@ grub_vbe_bios_get_display_start (grub_uint32_t *x,
- }
- 
- /* Call VESA BIOS 0x4f0a.  */
--grub_vbe_status_t 
-+grub_vbe_status_t
- grub_vbe_bios_get_pm_interface (grub_uint16_t *segment, grub_uint16_t *offset,
- 				grub_uint16_t *length)
- {
-@@ -896,7 +896,7 @@ vbe2videoinfo (grub_uint32_t mode,
-     case GRUB_VBE_MEMORY_MODEL_YUV:
-       mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_YUV;
-       break;
--      
-+
-     case GRUB_VBE_MEMORY_MODEL_DIRECT_COLOR:
-       mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_RGB;
-       break;
-@@ -923,10 +923,10 @@ vbe2videoinfo (grub_uint32_t mode,
-       break;
-     case 8:
-       mode_info->bytes_per_pixel = 1;
--      break;  
-+      break;
-     case 4:
-       mode_info->bytes_per_pixel = 0;
--      break;  
-+      break;
-     }
- 
-   if (controller_info.version >= 0x300)
-@@ -976,7 +976,7 @@ grub_video_vbe_iterate (int (*hook) (const struct grub_video_mode_info *info, vo
- 
- static grub_err_t
- grub_video_vbe_setup (unsigned int width, unsigned int height,
--                      grub_video_mode_type_t mode_type, 
-+                      grub_video_mode_type_t mode_type,
- 		      grub_video_mode_type_t mode_mask)
- {
-   grub_uint16_t *p;
-@@ -1193,7 +1193,7 @@ grub_video_vbe_print_adapter_specific_info (void)
- 		controller_info.version & 0xFF,
- 		controller_info.oem_software_rev >> 8,
- 		controller_info.oem_software_rev & 0xFF);
--  
-+
-   /* The total_memory field is in 64 KiB units.  */
-   grub_printf_ (N_("              total memory: %d KiB\n"),
- 		(controller_info.total_memory << 6));
-diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c
-index b2f776c99..50d0b5e02 100644
---- a/grub-core/video/i386/pc/vga.c
-+++ b/grub-core/video/i386/pc/vga.c
-@@ -48,7 +48,7 @@ static struct
-   int back_page;
- } framebuffer;
- 
--static unsigned char 
-+static unsigned char
- grub_vga_set_mode (unsigned char mode)
- {
-   struct grub_bios_int_registers regs;
-@@ -182,10 +182,10 @@ grub_video_vga_setup (unsigned int width, unsigned int height,
- 
-   is_target = 1;
-   err = grub_video_fb_set_active_render_target (framebuffer.render_target);
-- 
-+
-   if (err)
-     return err;
-- 
-+
-   err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS,
- 				   grub_video_fbstd_colors);
- 
-diff --git a/grub-core/video/ieee1275.c b/grub-core/video/ieee1275.c
-index f437fb0df..ca3d3c3b2 100644
---- a/grub-core/video/ieee1275.c
-+++ b/grub-core/video/ieee1275.c
-@@ -233,7 +233,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height,
-       /* TODO. */
-       return grub_error (GRUB_ERR_IO, "can't set mode %dx%d", width, height);
-     }
--  
-+
-   err = grub_video_ieee1275_fill_mode_info (dev, &framebuffer.mode_info);
-   if (err)
-     {
-@@ -260,7 +260,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height,
- 
-   grub_video_ieee1275_set_palette (0, framebuffer.mode_info.number_of_colors,
- 				   grub_video_fbstd_colors);
--    
-+
-   return err;
- }
- 
-diff --git a/grub-core/video/radeon_fuloong2e.c b/grub-core/video/radeon_fuloong2e.c
-index b4da34b5e..40917acb7 100644
---- a/grub-core/video/radeon_fuloong2e.c
-+++ b/grub-core/video/radeon_fuloong2e.c
-@@ -75,7 +75,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
-   if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA
-       || pciid != 0x515a1002)
-     return 0;
--  
-+
-   *found = 1;
- 
-   addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
-@@ -139,7 +139,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height,
-   framebuffer.mapped = 1;
- 
-   /* Prevent garbage from appearing on the screen.  */
--  grub_memset (framebuffer.ptr, 0x55, 
-+  grub_memset (framebuffer.ptr, 0x55,
- 	       framebuffer.mode_info.height * framebuffer.mode_info.pitch);
- 
- #ifndef TEST
-@@ -152,7 +152,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height,
-     return err;
- 
-   err = grub_video_fb_set_active_render_target (framebuffer.render_target);
--  
-+
-   if (err)
-     return err;
- 
-diff --git a/grub-core/video/radeon_yeeloong3a.c b/grub-core/video/radeon_yeeloong3a.c
-index 52614feb6..48631c181 100644
---- a/grub-core/video/radeon_yeeloong3a.c
-+++ b/grub-core/video/radeon_yeeloong3a.c
-@@ -74,7 +74,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
-   if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA
-       || pciid != 0x96151002)
-     return 0;
--  
-+
-   *found = 1;
- 
-   addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
-@@ -137,7 +137,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height,
- #endif
- 
-   /* Prevent garbage from appearing on the screen.  */
--  grub_memset (framebuffer.ptr, 0, 
-+  grub_memset (framebuffer.ptr, 0,
- 	       framebuffer.mode_info.height * framebuffer.mode_info.pitch);
- 
- #ifndef TEST
-@@ -150,7 +150,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height,
-     return err;
- 
-   err = grub_video_fb_set_active_render_target (framebuffer.render_target);
--  
-+
-   if (err)
-     return err;
- 
-diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
-index 0157ff742..54dfedf43 100644
---- a/grub-core/video/readers/png.c
-+++ b/grub-core/video/readers/png.c
-@@ -916,7 +916,7 @@ grub_png_convert_image (struct grub_png_data *data)
- 	}
-       return;
-     }
--  
-+
-   if (data->is_gray)
-     {
-       switch (data->bpp)
-diff --git a/grub-core/video/readers/tga.c b/grub-core/video/readers/tga.c
-index 7cb9d1d2a..a9ec3a1b6 100644
---- a/grub-core/video/readers/tga.c
-+++ b/grub-core/video/readers/tga.c
-@@ -127,7 +127,7 @@ tga_load_palette (struct tga_data *data)
- 
-   if (len > sizeof (data->palette))
-     len = sizeof (data->palette);
--  
-+
-   if (grub_file_read (data->file, &data->palette, len)
-       != (grub_ssize_t) len)
-     return grub_errno;
-diff --git a/grub-core/video/sis315_init.c b/grub-core/video/sis315_init.c
-index ae5c1419c..09c3c7bbe 100644
---- a/grub-core/video/sis315_init.c
-+++ b/grub-core/video/sis315_init.c
-@@ -1,4 +1,4 @@
--static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] = 
-+static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] =
- {
-   { 0x28, 0x81 },
-   { 0x2a, 0x00 },
-diff --git a/grub-core/video/sis315pro.c b/grub-core/video/sis315pro.c
-index 22a0c85a6..4d2f9999a 100644
---- a/grub-core/video/sis315pro.c
-+++ b/grub-core/video/sis315pro.c
-@@ -103,7 +103,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
-   if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA
-       || pciid != GRUB_SIS315PRO_PCIID)
-     return 0;
--  
-+
-   *found = 1;
- 
-   addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
-@@ -218,7 +218,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height,
- 
- #ifndef TEST
-   /* Prevent garbage from appearing on the screen.  */
--  grub_memset (framebuffer.ptr, 0, 
-+  grub_memset (framebuffer.ptr, 0,
- 	       framebuffer.mode_info.height * framebuffer.mode_info.pitch);
-   grub_arch_sync_dma_caches (framebuffer.ptr,
- 			     framebuffer.mode_info.height
-@@ -231,7 +231,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height,
- 	     | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0
- 	     | GRUB_VGA_IO_MISC_28MHZ
- 	     | GRUB_VGA_IO_MISC_ENABLE_VRAM_ACCESS
--	     | GRUB_VGA_IO_MISC_COLOR, 
-+	     | GRUB_VGA_IO_MISC_COLOR,
- 	     GRUB_VGA_IO_MISC_WRITE + GRUB_MACHINE_PCI_IO_BASE);
- 
-   grub_vga_sr_write (0x86, 5);
-@@ -335,7 +335,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height,
-   {
-     if (read_sis_cmd (0x5) != 0xa1)
-       write_sis_cmd (0x86, 0x5);
--    
-+
-     write_sis_cmd (read_sis_cmd (0x20) | 0xa1, 0x20);
-     write_sis_cmd (read_sis_cmd (0x1e) | 0xda, 0x1e);
- 
-diff --git a/grub-core/video/sm712.c b/grub-core/video/sm712.c
-index 10c46eb65..65f59f84b 100644
---- a/grub-core/video/sm712.c
-+++ b/grub-core/video/sm712.c
-@@ -167,7 +167,7 @@ enum
-     GRUB_SM712_CR_SHADOW_VGA_VBLANK_START = 0x46,
-     GRUB_SM712_CR_SHADOW_VGA_VBLANK_END = 0x47,
-     GRUB_SM712_CR_SHADOW_VGA_VRETRACE_START = 0x48,
--    GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49,    
-+    GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49,
-     GRUB_SM712_CR_SHADOW_VGA_OVERFLOW = 0x4a,
-     GRUB_SM712_CR_SHADOW_VGA_CELL_HEIGHT = 0x4b,
-     GRUB_SM712_CR_SHADOW_VGA_HDISPLAY_END = 0x4c,
-@@ -375,7 +375,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
-   if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA
-       || pciid != GRUB_SM712_PCIID)
-     return 0;
--  
-+
-   *found = 1;
- 
-   addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
-@@ -471,7 +471,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height,
- 
- #if !defined (TEST) && !defined(GENINIT)
-   /* Prevent garbage from appearing on the screen.  */
--  grub_memset ((void *) framebuffer.cached_ptr, 0, 
-+  grub_memset ((void *) framebuffer.cached_ptr, 0,
- 	       framebuffer.mode_info.height * framebuffer.mode_info.pitch);
- #endif
- 
-@@ -482,7 +482,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height,
-   grub_sm712_sr_write (0x2, 0x6b);
-   grub_sm712_write_reg (0, GRUB_VGA_IO_PIXEL_MASK);
-   grub_sm712_sr_write (GRUB_VGA_SR_RESET_ASYNC, GRUB_VGA_SR_RESET);
--  grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY 
-+  grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY
- 			| GRUB_VGA_IO_MISC_NEGATIVE_HORIZ_POLARITY
- 			| GRUB_VGA_IO_MISC_UPPER_64K
- 			| GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0
-@@ -694,7 +694,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height,
-   for (i = 0; i < ARRAY_SIZE (dda_lookups); i++)
-     grub_sm712_write_dda_lookup (i, dda_lookups[i].compare, dda_lookups[i].dda,
- 				 dda_lookups[i].vcentering);
--  
-+
-   /* Undocumented  */
-   grub_sm712_cr_write (0, 0x9c);
-   grub_sm712_cr_write (0, 0x9d);
-diff --git a/grub-core/video/video.c b/grub-core/video/video.c
-index 983424107..8937da745 100644
---- a/grub-core/video/video.c
-+++ b/grub-core/video/video.c
-@@ -491,13 +491,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth)
- 		       current_mode);
- 
-   param++;
--  
-+
-   *width = grub_strtoul (value, 0, 0);
-   if (grub_errno != GRUB_ERR_NONE)
-       return grub_error (GRUB_ERR_BAD_ARGUMENT,
- 			 N_("invalid video mode specification `%s'"),
- 			 current_mode);
--  
-+
-   /* Find height value.  */
-   value = param;
-   param = grub_strchr(param, 'x');
-@@ -513,13 +513,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth)
-     {
-       /* We have optional color depth value.  */
-       param++;
--      
-+
-       *height = grub_strtoul (value, 0, 0);
-       if (grub_errno != GRUB_ERR_NONE)
- 	return grub_error (GRUB_ERR_BAD_ARGUMENT,
- 			   N_("invalid video mode specification `%s'"),
- 			   current_mode);
--      
-+
-       /* Convert color depth value.  */
-       value = param;
-       *depth = grub_strtoul (value, 0, 0);
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch b/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
deleted file mode 100644
index 0c7deae..0000000
--- a/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
+++ /dev/null
@@ -1,264 +0,0 @@
-From d5caac8ab79d068ad9a41030c772d03a4d4fbd7b Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Mon, 28 Jun 2021 14:16:14 +1000
-Subject: [PATCH] video/readers/jpeg: Abort sooner if a read operation fails
-
-Fuzzing revealed some inputs that were taking a long time, potentially
-forever, because they did not bail quickly upon encountering an I/O error.
-
-Try to catch I/O errors sooner and bail out.
-
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport
-
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d5caac8ab79d068ad9a41030c772d03a4d4fbd7b
-
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
----
- grub-core/video/readers/jpeg.c | 86 +++++++++++++++++++++++++++-------
- 1 file changed, 70 insertions(+), 16 deletions(-)
-
-diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
-index c47ffd651..806c56c78 100644
---- a/grub-core/video/readers/jpeg.c
-+++ b/grub-core/video/readers/jpeg.c
-@@ -109,9 +109,17 @@ static grub_uint8_t
- grub_jpeg_get_byte (struct grub_jpeg_data *data)
- {
-   grub_uint8_t r;
-+  grub_ssize_t bytes_read;
- 
-   r = 0;
--  grub_file_read (data->file, &r, 1);
-+  bytes_read = grub_file_read (data->file, &r, 1);
-+
-+  if (bytes_read != 1)
-+    {
-+      grub_error (GRUB_ERR_BAD_FILE_TYPE,
-+		  "jpeg: unexpected end of data");
-+      return 0;
-+    }
- 
-   return r;
- }
-@@ -120,9 +128,17 @@ static grub_uint16_t
- grub_jpeg_get_word (struct grub_jpeg_data *data)
- {
-   grub_uint16_t r;
-+  grub_ssize_t bytes_read;
- 
-   r = 0;
--  grub_file_read (data->file, &r, sizeof (grub_uint16_t));
-+  bytes_read = grub_file_read (data->file, &r, sizeof (grub_uint16_t));
-+
-+  if (bytes_read != sizeof (grub_uint16_t))
-+    {
-+      grub_error (GRUB_ERR_BAD_FILE_TYPE,
-+		  "jpeg: unexpected end of data");
-+      return 0;
-+    }
- 
-   return grub_be_to_cpu16 (r);
- }
-@@ -135,6 +151,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data)
-   if (data->bit_mask == 0)
-     {
-       data->bit_save = grub_jpeg_get_byte (data);
-+      if (grub_errno != GRUB_ERR_NONE) {
-+	grub_error (GRUB_ERR_BAD_FILE_TYPE,
-+		    "jpeg: file read error");
-+	return 0;
-+      }
-       if (data->bit_save == JPEG_ESC_CHAR)
- 	{
- 	  if (grub_jpeg_get_byte (data) != 0)
-@@ -143,6 +164,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data)
- 			  "jpeg: invalid 0xFF in data stream");
- 	      return 0;
- 	    }
-+	  if (grub_errno != GRUB_ERR_NONE)
-+	    {
-+	      grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: file read error");
-+	      return 0;
-+	    }
- 	}
-       data->bit_mask = 0x80;
-     }
-@@ -161,7 +187,7 @@ grub_jpeg_get_number (struct grub_jpeg_data *data, int num)
-     return 0;
- 
-   msb = value = grub_jpeg_get_bit (data);
--  for (i = 1; i < num; i++)
-+  for (i = 1; i < num && grub_errno == GRUB_ERR_NONE; i++)
-     value = (value << 1) + (grub_jpeg_get_bit (data) != 0);
-   if (!msb)
-     value += 1 - (1 << num);
-@@ -208,6 +234,8 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data)
-   while (data->file->offset + sizeof (count) + 1 <= next_marker)
-     {
-       id = grub_jpeg_get_byte (data);
-+      if (grub_errno != GRUB_ERR_NONE)
-+	return grub_errno;
-       ac = (id >> 4) & 1;
-       id &= 0xF;
-       if (id > 1)
-@@ -258,6 +286,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data)
- 
-   next_marker = data->file->offset;
-   next_marker += grub_jpeg_get_word (data);
-+  if (grub_errno != GRUB_ERR_NONE)
-+    return grub_errno;
- 
-   if (next_marker > data->file->size)
-     {
-@@ -269,6 +299,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data)
- 	 <= next_marker)
-     {
-       id = grub_jpeg_get_byte (data);
-+      if (grub_errno != GRUB_ERR_NONE)
-+        return grub_errno;
-       if (id >= 0x10)		/* Upper 4-bit is precision.  */
- 	return grub_error (GRUB_ERR_BAD_FILE_TYPE,
- 			   "jpeg: only 8-bit precision is supported");
-@@ -300,6 +332,9 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data)
-   next_marker = data->file->offset;
-   next_marker += grub_jpeg_get_word (data);
- 
-+  if (grub_errno != GRUB_ERR_NONE)
-+    return grub_errno;
-+
-   if (grub_jpeg_get_byte (data) != 8)
-     return grub_error (GRUB_ERR_BAD_FILE_TYPE,
- 		       "jpeg: only 8-bit precision is supported");
-@@ -325,6 +360,8 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data)
- 	return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index");
- 
-       ss = grub_jpeg_get_byte (data);	/* Sampling factor.  */
-+      if (grub_errno != GRUB_ERR_NONE)
-+	return grub_errno;
-       if (!id)
- 	{
- 	  grub_uint8_t vs, hs;
-@@ -504,7 +541,7 @@ grub_jpeg_idct_transform (jpeg_data_unit_t du)
-     }
- }
- 
--static void
-+static grub_err_t
- grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du)
- {
-   int h1, h2, qt;
-@@ -519,6 +556,9 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du)
-   data->dc_value[id] +=
-     grub_jpeg_get_number (data, grub_jpeg_get_huff_code (data, h1));
- 
-+  if (grub_errno != GRUB_ERR_NONE)
-+    return grub_errno;
-+
-   du[0] = data->dc_value[id] * (int) data->quan_table[qt][0];
-   pos = 1;
-   while (pos < ARRAY_SIZE (data->quan_table[qt]))
-@@ -533,11 +573,13 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du)
-       num >>= 4;
-       pos += num;
- 
-+      if (grub_errno != GRUB_ERR_NONE)
-+        return grub_errno;
-+
-       if (pos >= ARRAY_SIZE (jpeg_zigzag_order))
- 	{
--	  grub_error (GRUB_ERR_BAD_FILE_TYPE,
--		      "jpeg: invalid position in zigzag order!?");
--	  return;
-+	  return grub_error (GRUB_ERR_BAD_FILE_TYPE,
-+			     "jpeg: invalid position in zigzag order!?");
- 	}
- 
-       du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos];
-@@ -545,6 +587,7 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du)
-     }
- 
-   grub_jpeg_idct_transform (du);
-+  return GRUB_ERR_NONE;
- }
- 
- static void
-@@ -603,7 +646,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
-   data_offset += grub_jpeg_get_word (data);
- 
-   cc = grub_jpeg_get_byte (data);
--
-+  if (grub_errno != GRUB_ERR_NONE)
-+    return grub_errno;
-   if (cc != 3 && cc != 1)
-     return grub_error (GRUB_ERR_BAD_FILE_TYPE,
- 		       "jpeg: component count must be 1 or 3");
-@@ -616,7 +660,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
-       id = grub_jpeg_get_byte (data) - 1;
-       if ((id < 0) || (id >= 3))
- 	return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index");
--
-+      if (grub_errno != GRUB_ERR_NONE)
-+	return grub_errno;
-       ht = grub_jpeg_get_byte (data);
-       data->comp_index[id][1] = (ht >> 4);
-       data->comp_index[id][2] = (ht & 0xF) + 2;
-@@ -624,11 +669,14 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
-       if ((data->comp_index[id][1] < 0) || (data->comp_index[id][1] > 3) ||
- 	  (data->comp_index[id][2] < 0) || (data->comp_index[id][2] > 3))
- 	return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid hufftable index");
-+      if (grub_errno != GRUB_ERR_NONE)
-+	return grub_errno;
-     }
- 
-   grub_jpeg_get_byte (data);	/* Skip 3 unused bytes.  */
-   grub_jpeg_get_word (data);
--
-+  if (grub_errno != GRUB_ERR_NONE)
-+    return grub_errno;
-   if (data->file->offset != data_offset)
-     return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos");
- 
-@@ -646,6 +694,7 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
- {
-   unsigned c1, vb, hb, nr1, nc1;
-   int rst = data->dri;
-+  grub_err_t err = GRUB_ERR_NONE;
- 
-   vb = 8 << data->log_vs;
-   hb = 8 << data->log_hs;
-@@ -666,17 +715,22 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
- 
- 	for (r2 = 0; r2 < (1U << data->log_vs); r2++)
- 	  for (c2 = 0; c2 < (1U << data->log_hs); c2++)
--	    grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]);
-+            {
-+              err = grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]);
-+              if (err != GRUB_ERR_NONE)
-+                return err;
-+            }
- 
- 	if (data->color_components >= 3)
- 	  {
--	    grub_jpeg_decode_du (data, 1, data->cbdu);
--	    grub_jpeg_decode_du (data, 2, data->crdu);
-+	    err = grub_jpeg_decode_du (data, 1, data->cbdu);
-+	    if (err != GRUB_ERR_NONE)
-+	      return err;
-+	    err = grub_jpeg_decode_du (data, 2, data->crdu);
-+	    if (err != GRUB_ERR_NONE)
-+	      return err;
- 	  }
- 
--	if (grub_errno)
--	  return grub_errno;
--
- 	nr2 = (data->r1 == nr1 - 1) ? (data->image_height - data->r1 * vb) : vb;
- 	nc2 = (c1 == nc1 - 1) ? (data->image_width - c1 * hb) : hb;
- 
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch b/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
deleted file mode 100644
index 91ecaad..0000000
--- a/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 166a4d61448f74745afe1dac2f2cfb85d04909bf Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Mon, 28 Jun 2021 14:25:17 +1000
-Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of
- streams
-
-An invalid file could contain multiple start of stream blocks, which
-would cause us to reallocate and leak our bitmap. Refuse to handle
-multiple start of streams.
-
-Additionally, fix a grub_error() call formatting.
-
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-
-Upstream-Status: Backport
-
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=166a4d61448f74745afe1dac2f2cfb85d04909bf
-
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
----
- grub-core/video/readers/jpeg.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
-index 2284a6c06..579bbe8a4 100644
---- a/grub-core/video/readers/jpeg.c
-+++ b/grub-core/video/readers/jpeg.c
-@@ -683,6 +683,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
-   if (data->file->offset != data_offset)
-     return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos");
- 
-+  if (*data->bitmap)
-+    return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks");
-+
-   if (grub_video_bitmap_create (data->bitmap, data->image_width,
- 				data->image_height,
- 				GRUB_VIDEO_BLIT_FORMAT_RGB_888))
-@@ -705,8 +708,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
-   nc1 = (data->image_width + hb - 1)  >> (3 + data->log_hs);
- 
-   if (data->bitmap_ptr == NULL)
--    return grub_error(GRUB_ERR_BAD_FILE_TYPE,
--		      "jpeg: attempted to decode data before start of stream");
-+    return grub_error (GRUB_ERR_BAD_FILE_TYPE,
-+		       "jpeg: attempted to decode data before start of stream");
- 
-   for (; data->r1 < nr1 && (!data->dri || rst);
-        data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-bsp/grub/grub-efi_2.06.bb b/poky/meta/recipes-bsp/grub/grub-efi_2.12.bb
similarity index 100%
rename from poky/meta/recipes-bsp/grub/grub-efi_2.06.bb
rename to poky/meta/recipes-bsp/grub/grub-efi_2.12.bb
diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc
index 1215b24..5685cae 100644
--- a/poky/meta/recipes-bsp/grub/grub2.inc
+++ b/poky/meta/recipes-bsp/grub/grub2.inc
@@ -18,36 +18,10 @@
            file://autogen.sh-exclude-pc.patch \
            file://grub-module-explicitly-keeps-symbole-.module_license.patch \
            file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
-           file://determinism.patch \
            file://0001-RISC-V-Restore-the-typcast-to-long.patch \
-           file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \
-           file://0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch \
-           file://video-Remove-trailing-whitespaces.patch \
-           file://CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch \
-           file://CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch \
-           file://video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch \
-           file://video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch \
-           file://CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch \
-           file://CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch \
-           file://CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch \
-           file://CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch \
-           file://CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch \
-           file://0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch \
-           file://0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch \
-           file://loader-efi-chainloader-Simplify-the-loader-state.patch \
-           file://commands-boot-Add-API-to-pass-context-to-loader.patch \
-           file://CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch\
-           file://0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch \
-           file://CVE-2022-2601.patch \
-           file://CVE-2022-3775.patch \
-           file://0001-risc-v-Handle-R_RISCV_CALL_PLT-reloc.patch \
-           file://0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch \
-           file://CVE-2023-4692.patch \
-           file://CVE-2023-4693.patch \
-           file://0001-fs-fat-Don-t-error-when-mtime-is-0.patch \
 "
 
-SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
+SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"
 
 CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL"
 CVE_STATUS[CVE-2021-46705] = "not-applicable-platform: Applies only to SUSE"
@@ -101,6 +75,11 @@
 
 do_configure:prepend() {
 	cd ${S}
+
+	# Remove in next version.
+	# See: https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b835601c7639ed1890f2d3db91900a8506011a8e
+	echo "depends bli part_gpt" > ${S}/grub-core/extra_deps.lst
+
 	FROM_BOOTSTRAP=1 ${S}/autogen.sh
 	cd ${B}
 }
diff --git a/poky/meta/recipes-bsp/grub/grub_2.06.bb b/poky/meta/recipes-bsp/grub/grub_2.12.bb
similarity index 100%
rename from poky/meta/recipes-bsp/grub/grub_2.06.bb
rename to poky/meta/recipes-bsp/grub/grub_2.12.bb
diff --git a/poky/meta/recipes-bsp/opensbi/opensbi_1.3.bb b/poky/meta/recipes-bsp/opensbi/opensbi_1.4.bb
similarity index 89%
rename from poky/meta/recipes-bsp/opensbi/opensbi_1.3.bb
rename to poky/meta/recipes-bsp/opensbi/opensbi_1.4.bb
index f01cae3..fd18c03 100644
--- a/poky/meta/recipes-bsp/opensbi/opensbi_1.3.bb
+++ b/poky/meta/recipes-bsp/opensbi/opensbi_1.4.bb
@@ -8,12 +8,12 @@
 
 inherit autotools-brokensep deploy
 
-SRCREV = "057eb10b6d523540012e6947d5c9f63e95244e94"
-SRC_URI = "git://github.com/riscv/opensbi.git;branch=release-1.3.x;protocol=https"
+SRCREV = "a2b255b88918715173942f2c5e1f97ac9e90c877"
+SRC_URI = "git://github.com/riscv/opensbi.git;branch=master;protocol=https"
 
 S = "${WORKDIR}/git"
 
-EXTRA_OEMAKE += "PLATFORM=${RISCV_SBI_PLAT} I=${D} FW_PIC=n CLANG_TARGET= "
+EXTRA_OEMAKE += "PLATFORM=${RISCV_SBI_PLAT} I=${D} FW_PIC=y CLANG_TARGET= "
 # If RISCV_SBI_PAYLOAD is set then include it as a payload
 EXTRA_OEMAKE:append = " ${@riscv_get_extra_oemake_image(d)}"
 EXTRA_OEMAKE:append = " ${@riscv_get_extra_oemake_fdt(d)}"
@@ -43,5 +43,3 @@
 
 COMPATIBLE_HOST = "(riscv64|riscv32).*"
 INHIBIT_PACKAGE_STRIP = "1"
-
-SECURITY_CFLAGS = ""
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch
index 3546c7c..b1e93db 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch
@@ -1,4 +1,4 @@
-From e8808a2f5e17d375411c7409eaffb17e72f65022 Mon Sep 17 00:00:00 2001
+From fb583a57f9f4ab956a09e9bb96d89aa13553bf21 Mon Sep 17 00:00:00 2001
 From: Mingli Yu <Mingli.Yu@windriver.com>
 Date: Fri, 24 Aug 2018 12:04:03 +0800
 Subject: [PATCH] test-gatt: Fix hung issue
@@ -27,10 +27,10 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/unit/test-gatt.c b/unit/test-gatt.c
-index f92d860..a5f7117 100644
+index 5e06d4e..4864d36 100644
 --- a/unit/test-gatt.c
 +++ b/unit/test-gatt.c
-@@ -4479,7 +4479,7 @@ int main(int argc, char *argv[])
+@@ -4546,7 +4546,7 @@ int main(int argc, char *argv[])
  			test_server, service_db_1, NULL,
  			raw_pdu(0x03, 0x00, 0x02),
  			raw_pdu(0xbf, 0x00),
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch
index be05093..881494a 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch
@@ -1,4 +1,4 @@
-From 3724958858b0ee430f37fb83388c3737d2039a3a Mon Sep 17 00:00:00 2001
+From 738e73b386352fd90f1f26cc1ee75427cf4dc23b Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Fri, 1 Apr 2016 17:07:34 +0300
 Subject: [PATCH] tests: add a target for building tests without running them
@@ -11,7 +11,7 @@
  1 file changed, 3 insertions(+)
 
 diff --git a/Makefile.am b/Makefile.am
-index e7221bd..9595fd1 100644
+index e738eb3..dab17dd 100644
 --- a/Makefile.am
 +++ b/Makefile.am
 @@ -710,6 +710,9 @@ endif
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch
index 6ef1353..516d859 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch
@@ -1,4 +1,4 @@
-From ad069fadfcce2cf70f45b1c4a42665448675297e Mon Sep 17 00:00:00 2001
+From b53df61b41088b68c127ac76cc71683ac3453b9d Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex@linutronix.de>
 Date: Mon, 12 Dec 2022 13:10:19 +0100
 Subject: [PATCH] src/shared/util.c: include linux/limits.h
@@ -14,7 +14,7 @@
  1 file changed, 1 insertion(+)
 
 diff --git a/src/shared/util.c b/src/shared/util.c
-index 34491f4..412f3ad 100644
+index c0c2c4a..036dc0d 100644
 --- a/src/shared/util.c
 +++ b/src/shared/util.c
 @@ -23,6 +23,7 @@
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.71.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.72.bb
similarity index 94%
rename from poky/meta/recipes-connectivity/bluez5/bluez5_5.71.bb
rename to poky/meta/recipes-connectivity/bluez5/bluez5_5.72.bb
index b9bc3dd..9fda960 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.71.bb
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.72.bb
@@ -1,6 +1,6 @@
 require bluez5.inc
 
-SRC_URI[sha256sum] = "b828d418c93ced1f55b616fb5482cf01537440bfb34fbda1a564f3ece94735d8"
+SRC_URI[sha256sum] = "499d7fa345a996c1bb650f5c6749e1d929111fa6ece0be0e98687fee6124536e"
 
 CVE_STATUS[CVE-2020-24490] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes"
 
diff --git a/poky/meta/recipes-core/coreutils/coreutils/0001-posixtm-pacify-clang-18.patch b/poky/meta/recipes-core/coreutils/coreutils/0001-posixtm-pacify-clang-18.patch
new file mode 100644
index 0000000..e6c84be
--- /dev/null
+++ b/poky/meta/recipes-core/coreutils/coreutils/0001-posixtm-pacify-clang-18.patch
@@ -0,0 +1,38 @@
+From 67c298c36f69b6906840b7584be06b7b5f33f829 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Tue, 16 Jan 2024 17:21:08 -0800
+Subject: [PATCH] posixtm: pacify clang 18
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Problem reported by Khem Raj in:
+https://lists.gnu.org/r/bug-gnulib/2024-01/msg00045.html
+* lib/posixtm.c (posixtime): Pacify clang 18 by converting bool to int.
+Arguably this is a bug in draft C2x, since the non-pointer args to
+ckd_add should promote just like any other expressions do;
+but that’s not clang’s fault.
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/bug-gnulib/2024-01/msg00046.html]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ ChangeLog     | 10 ++++++++++
+ lib/posixtm.c |  2 +-
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/lib/posixtm.c b/lib/posixtm.c
+index ef9f55f873..a072c7cad0 100644
+--- a/lib/posixtm.c
++++ b/lib/posixtm.c
+@@ -191,7 +191,7 @@ posixtime (time_t *p, const char *s, unsigned int syntax_bits)
+              | (tm0.tm_min ^ tm1.tm_min)
+              | (tm0.tm_sec ^ tm1.tm_sec)))
+         {
+-          if (ckd_add (&t, t, leapsec))
++          if (ckd_add (&t, t, +leapsec))
+             return false;
+           *p = t;
+           return true;
+-- 
+2.43.0
+
diff --git a/poky/meta/recipes-core/coreutils/coreutils_9.4.bb b/poky/meta/recipes-core/coreutils/coreutils_9.4.bb
index 367b011..a79cabd 100644
--- a/poky/meta/recipes-core/coreutils/coreutils_9.4.bb
+++ b/poky/meta/recipes-core/coreutils/coreutils_9.4.bb
@@ -16,6 +16,7 @@
 SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
            file://remove-usr-local-lib-from-m4.patch \
            file://0001-local.mk-fix-cross-compiling-problem.patch \
+           file://0001-posixtm-pacify-clang-18.patch \
            file://run-ptest \
            "
 SRC_URI[sha256sum] = "ea613a4cf44612326e917201bbbcdfbd301de21ffc3b59b6e5c07e040b275e52"
diff --git a/poky/meta/recipes-core/glibc/glibc_2.38.bb b/poky/meta/recipes-core/glibc/glibc_2.38.bb
index 32ccb88..417f0c8 100644
--- a/poky/meta/recipes-core/glibc/glibc_2.38.bb
+++ b/poky/meta/recipes-core/glibc/glibc_2.38.bb
@@ -83,7 +83,6 @@
 
 EXTRA_OECONF += "${@get_libc_fpu_setting(bb, d)}"
 
-EXTRA_OECONF:append:x86 = " ${@bb.utils.contains_any('TUNE_FEATURES', 'i586 c3', '--disable-cet', '--enable-cet', d)}"
 EXTRA_OECONF:append:x86-64 = " --enable-cet"
 
 PACKAGECONFIG ??= "nscd memory-tagging"
diff --git a/poky/meta/recipes-core/newlib/libgloss_4.3.0.bb b/poky/meta/recipes-core/newlib/libgloss_git.bb
similarity index 100%
rename from poky/meta/recipes-core/newlib/libgloss_4.3.0.bb
rename to poky/meta/recipes-core/newlib/libgloss_git.bb
diff --git a/poky/meta/recipes-core/newlib/newlib.inc b/poky/meta/recipes-core/newlib/newlib.inc
index da753f1..6113f5e 100644
--- a/poky/meta/recipes-core/newlib/newlib.inc
+++ b/poky/meta/recipes-core/newlib/newlib.inc
@@ -3,21 +3,21 @@
 DESCRIPTION = "C library intended for use on embedded systems. It is a conglomeration of several library parts, all under free software licenses that make them easily usable on embedded products."
 SECTION = "libs"
 
-LICENSE = "GPL-2.0-only & LGPL-3.0-only & GPL-3.0-only & LGPL-2.0-only & BSD-2-Clause & BSD-3-Clause & TCL"
+LICENSE = "GPL-2.0-only & LGPL-3.0-only & GPL-3.0-only & LGPL-2.0-only & BSD-2-Clause & BSD-3-Clause & TCL & Apache-2.0-with-LLVM-exception"
 LIC_FILES_CHKSUM = " \
 		file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552 \
 		file://COPYING3.LIB;md5=6a6a8e020838b23406c81b19c1d46df6 \
 		file://COPYING3;md5=d32239bcb673463ab874e80d47fae504 \
 		file://COPYING.LIBGLOSS;md5=c0469b6ebb847a75781066be515f032d \
 		file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \
-		file://COPYING.NEWLIB;md5=5a9d477b5f4eab20dccf655a77107a6e \
+		file://COPYING.NEWLIB;md5=4f1a15846ffee91e352418563e1bce27 \
 		file://newlib/libc/posix/COPYRIGHT;md5=103468ff1982be840fdf4ee9f8b51bbf \
 		"
 
-BASEVER = "4.3.0"
+BASEVER = "4.4.0"
 PV = "${BASEVER}+git"
 SRC_URI = "git://sourceware.org/git/newlib-cygwin.git;protocol=https;branch=main"
-SRCREV="9e09d6ed83cce4777a5950412647ccc603040409"
+SRCREV="ad11e2587f83d61357a32c61c36d72ea4f39315e"
 
 INHIBIT_DEFAULT_DEPS = "1"
 DEPENDS = "virtual/${TARGET_PREFIX}gcc"
diff --git a/poky/meta/recipes-core/systemd/systemd-boot_254.4.bb b/poky/meta/recipes-core/systemd/systemd-boot_255.1.bb
similarity index 94%
rename from poky/meta/recipes-core/systemd/systemd-boot_254.4.bb
rename to poky/meta/recipes-core/systemd/systemd-boot_255.1.bb
index 2b43ccf..4ee25ee 100644
--- a/poky/meta/recipes-core/systemd/systemd-boot_254.4.bb
+++ b/poky/meta/recipes-core/systemd/systemd-boot_255.1.bb
@@ -8,10 +8,6 @@
 inherit meson pkgconfig gettext
 inherit deploy
 
-SRC_URI += " \
-           file://0030-meson-Pass-all-static-pie-args-to-linker.patch \
-           "
-
 LDFLAGS:prepend = "${@ " ".join(d.getVar('LD').split()[1:])} "
 
 EFI_LD = "bfd"
diff --git a/poky/meta/recipes-core/systemd/systemd.inc b/poky/meta/recipes-core/systemd/systemd.inc
index ccc3236..1417e01 100644
--- a/poky/meta/recipes-core/systemd/systemd.inc
+++ b/poky/meta/recipes-core/systemd/systemd.inc
@@ -15,8 +15,8 @@
 LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
                     file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
 
-SRCREV = "2e7504449a51fb38db9cd2da391c6434f82def51"
-SRCBRANCH = "v254-stable"
+SRCREV = "2018ccef6645ce00c784369a22dc4e98f6d7061d"
+SRCBRANCH = "v255-stable"
 SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH}"
 
 S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-core/systemd/systemd/0009-missing_type.h-add-comparison_fn_t.patch b/poky/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch
similarity index 89%
rename from poky/meta/recipes-core/systemd/systemd/0009-missing_type.h-add-comparison_fn_t.patch
rename to poky/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch
index e50b47a..2aa5dee 100644
--- a/poky/meta/recipes-core/systemd/systemd/0009-missing_type.h-add-comparison_fn_t.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch
@@ -1,7 +1,7 @@
-From 542f999a846dfd49d9373d30fffb2a44168d7b5e Mon Sep 17 00:00:00 2001
+From 01195eb9f7d59139fb45df506ac6b3968c14a57f Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 13:55:12 +0800
-Subject: [PATCH] missing_type.h: add comparison_fn_t
+Subject: [PATCH 01/22] missing_type.h: add comparison_fn_t
 
 Make it work with musl where comparison_fn_t and is not provided.
 
@@ -33,7 +33,7 @@
 +typedef int (*comparison_fn_t)(const void *, const void *);
 +#endif
 diff --git a/src/basic/sort-util.h b/src/basic/sort-util.h
-index f0bf246aa3..33669c7a75 100644
+index 9c818bd747..ef10c8be2c 100644
 --- a/src/basic/sort-util.h
 +++ b/src/basic/sort-util.h
 @@ -4,6 +4,7 @@
@@ -45,7 +45,7 @@
  /* This is the same as glibc's internal __compar_d_fn_t type. glibc exports a public comparison_fn_t, for the
   * external type __compar_fn_t, but doesn't do anything similar for __compar_d_fn_t. Let's hence do that
 diff --git a/src/libsystemd/sd-journal/catalog.c b/src/libsystemd/sd-journal/catalog.c
-index 7527abf636..f33383e57f 100644
+index ae91534198..7f67eea38b 100644
 --- a/src/libsystemd/sd-journal/catalog.c
 +++ b/src/libsystemd/sd-journal/catalog.c
 @@ -28,6 +28,7 @@
@@ -57,5 +57,5 @@
  const char * const catalog_file_dirs[] = {
          "/usr/local/lib/systemd/catalog/",
 -- 
-2.39.2
+2.34.1
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0010-add-fallback-parse_printf_format-implementation.patch b/poky/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch
similarity index 93%
rename from poky/meta/recipes-core/systemd/systemd/0010-add-fallback-parse_printf_format-implementation.patch
rename to poky/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch
index 4143ab4..900a931 100644
--- a/poky/meta/recipes-core/systemd/systemd/0010-add-fallback-parse_printf_format-implementation.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch
@@ -1,7 +1,7 @@
-From 383e85e15f16a46aac925aa439b8b60f58b40aa6 Mon Sep 17 00:00:00 2001
+From 872b72739e62123867ce6c4f82aa37de24cc3f75 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Sat, 22 May 2021 20:26:24 +0200
-Subject: [PATCH] add fallback parse_printf_format implementation
+Subject: [PATCH 02/22] add fallback parse_printf_format implementation
 
 Upstream-Status: Inappropriate [musl specific]
 
@@ -21,9 +21,11 @@
  create mode 100644 src/basic/parse-printf-format.c
  create mode 100644 src/basic/parse-printf-format.h
 
+diff --git a/meson.build b/meson.build
+index 7419e2b0b0..01fd3ffc19 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -781,6 +781,7 @@ endif
+@@ -725,6 +725,7 @@ endif
  foreach header : ['crypt.h',
                    'linux/memfd.h',
                    'linux/vm_sockets.h',
@@ -31,9 +33,11 @@
                    'sys/auxv.h',
                    'threads.h',
                    'valgrind/memcheck.h',
+diff --git a/src/basic/meson.build b/src/basic/meson.build
+index d7450d8b44..c3e3daf4bd 100644
 --- a/src/basic/meson.build
 +++ b/src/basic/meson.build
-@@ -179,6 +179,11 @@ endforeach
+@@ -183,6 +183,11 @@ endforeach
  
  basic_sources += generated_gperf_headers
  
@@ -45,6 +49,9 @@
  ############################################################
  
  arch_list = [
+diff --git a/src/basic/parse-printf-format.c b/src/basic/parse-printf-format.c
+new file mode 100644
+index 0000000000..49437e5445
 --- /dev/null
 +++ b/src/basic/parse-printf-format.c
 @@ -0,0 +1,273 @@
@@ -321,6 +328,9 @@
 +
 +        return last;
 +}
+diff --git a/src/basic/parse-printf-format.h b/src/basic/parse-printf-format.h
+new file mode 100644
+index 0000000000..47be7522d7
 --- /dev/null
 +++ b/src/basic/parse-printf-format.h
 @@ -0,0 +1,57 @@
@@ -381,6 +391,8 @@
 +size_t parse_printf_format(const char *fmt, size_t n, int *types);
 +
 +#endif /* HAVE_PRINTF_H */
+diff --git a/src/basic/stdio-util.h b/src/basic/stdio-util.h
+index 4e93ac90c9..f9deb6f662 100644
 --- a/src/basic/stdio-util.h
 +++ b/src/basic/stdio-util.h
 @@ -1,12 +1,12 @@
@@ -397,6 +409,8 @@
  
  _printf_(3, 4)
  static inline char *snprintf_ok(char *buf, size_t len, const char *format, ...) {
+diff --git a/src/libsystemd/sd-journal/journal-send.c b/src/libsystemd/sd-journal/journal-send.c
+index be23b2fe75..69a2eb6404 100644
 --- a/src/libsystemd/sd-journal/journal-send.c
 +++ b/src/libsystemd/sd-journal/journal-send.c
 @@ -2,7 +2,6 @@
@@ -407,7 +421,7 @@
  #include <stddef.h>
  #include <sys/un.h>
  #include <unistd.h>
-@@ -27,6 +26,7 @@
+@@ -28,6 +27,7 @@
  #include "stdio-util.h"
  #include "string-util.h"
  #include "tmpfile-util.h"
@@ -415,3 +429,6 @@
  
  #define SNDBUF_SIZE (8*1024*1024)
  
+-- 
+2.34.1
+
diff --git a/poky/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch b/poky/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch
index 085f1e9..be231cf 100644
--- a/poky/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch
@@ -1,8 +1,8 @@
-From ca7d9a8d9c81702af9c599bb79706f12b1a465cf Mon Sep 17 00:00:00 2001
+From 29a58009a172e369ad7166e16dab2f4945c6b0d2 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Thu, 21 Feb 2019 16:23:24 +0800
-Subject: [PATCH] binfmt: Don't install dependency links at install time for
- the binfmt services
+Subject: [PATCH 1/2] binfmt: Don't install dependency links at install time
+ for the binfmt services
 
 use [Install] blocks so that they get created when the service is enabled
 like a traditional service.
@@ -25,10 +25,10 @@
  3 files changed, 7 insertions(+), 2 deletions(-)
 
 diff --git a/units/meson.build b/units/meson.build
-index c7939a10f8..219570ab19 100644
+index e7bfb7f838..1d5ec4b178 100644
 --- a/units/meson.build
 +++ b/units/meson.build
-@@ -149,7 +149,6 @@ units = [
+@@ -154,7 +154,6 @@ units = [
          {
            'file' : 'proc-sys-fs-binfmt_misc.automount',
            'conditions' : ['ENABLE_BINFMT'],
@@ -36,7 +36,7 @@
          },
          {
            'file' : 'proc-sys-fs-binfmt_misc.mount',
-@@ -246,7 +245,6 @@ units = [
+@@ -251,7 +250,6 @@ units = [
          {
            'file' : 'systemd-binfmt.service.in',
            'conditions' : ['ENABLE_BINFMT'],
@@ -45,7 +45,7 @@
          {
            'file' : 'systemd-bless-boot.service.in',
 diff --git a/units/proc-sys-fs-binfmt_misc.automount b/units/proc-sys-fs-binfmt_misc.automount
-index 6b1bbdc91e..5ec5b8670a 100644
+index 5d212015a5..6c2900ca77 100644
 --- a/units/proc-sys-fs-binfmt_misc.automount
 +++ b/units/proc-sys-fs-binfmt_misc.automount
 @@ -22,3 +22,6 @@ Before=shutdown.target
@@ -56,7 +56,7 @@
 +[Install]
 +WantedBy=sysinit.target
 diff --git a/units/systemd-binfmt.service.in b/units/systemd-binfmt.service.in
-index b04412e037..63f116e4fa 100644
+index 6861c76674..531e9fbd90 100644
 --- a/units/systemd-binfmt.service.in
 +++ b/units/systemd-binfmt.service.in
 @@ -14,6 +14,7 @@ Documentation=https://docs.kernel.org/admin-guide/binfmt-misc.html
@@ -68,12 +68,12 @@
  After=proc-sys-fs-binfmt_misc.mount
  After=local-fs.target
 @@ -31,3 +32,6 @@ RemainAfterExit=yes
- ExecStart={{ROOTLIBEXECDIR}}/systemd-binfmt
- ExecStop={{ROOTLIBEXECDIR}}/systemd-binfmt --unregister
+ ExecStart={{LIBEXECDIR}}/systemd-binfmt
+ ExecStop={{LIBEXECDIR}}/systemd-binfmt --unregister
  TimeoutSec=90s
 +
 +[Install]
 +WantedBy=sysinit.target
 -- 
-2.39.2
+2.34.1
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0011-src-basic-missing.h-check-for-missing-strndupa.patch b/poky/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch
similarity index 86%
rename from poky/meta/recipes-core/systemd/systemd/0011-src-basic-missing.h-check-for-missing-strndupa.patch
rename to poky/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch
index ec451cd..5595b5b 100644
--- a/poky/meta/recipes-core/systemd/systemd/0011-src-basic-missing.h-check-for-missing-strndupa.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch
@@ -1,7 +1,7 @@
-From ee5c8b494a3269edd154a0b799a03b39dba2ceb0 Mon Sep 17 00:00:00 2001
+From 87f1d38f40c5fe9cadf2b2de442473e4e5605788 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 14:18:21 +0800
-Subject: [PATCH] src/basic/missing.h: check for missing strndupa
+Subject: [PATCH 03/22] src/basic/missing.h: check for missing strndupa
 
 include missing.h  for definition of strndupa
 
@@ -18,6 +18,8 @@
 [Rebased for v247]
 Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
 [Rebased for v254]
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+[Rebased for v255.1]
 ---
  meson.build                                |  1 +
  src/backlight/backlight.c                  |  1 +
@@ -66,16 +68,17 @@
  src/shared/pager.c                         |  1 +
  src/socket-proxy/socket-proxyd.c           |  1 +
  src/test/test-hexdecoct.c                  |  1 +
+ src/udev/udev-builtin-net_id.c             |  1 +
  src/udev/udev-builtin-path_id.c            |  1 +
  src/udev/udev-event.c                      |  1 +
  src/udev/udev-rules.c                      |  1 +
- 50 files changed, 61 insertions(+)
+ 51 files changed, 62 insertions(+)
 
 diff --git a/meson.build b/meson.build
-index fb96143c37..739b2f7f72 100644
+index 01fd3ffc19..61a872b753 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -595,6 +595,7 @@ foreach ident : ['secure_getenv', '__secure_getenv']
+@@ -567,6 +567,7 @@ foreach ident : ['secure_getenv', '__secure_getenv']
  endforeach
  
  foreach ident : [
@@ -84,10 +87,10 @@
          ['gettid',            '''#include <sys/types.h>
                                   #include <unistd.h>'''],
 diff --git a/src/backlight/backlight.c b/src/backlight/backlight.c
-index e66477f328..2613d1e3f9 100644
+index 5ac9f904a9..99d5122dd7 100644
 --- a/src/backlight/backlight.c
 +++ b/src/backlight/backlight.c
-@@ -19,6 +19,7 @@
+@@ -20,6 +20,7 @@
  #include "string-util.h"
  #include "strv.h"
  #include "terminal-util.h"
@@ -96,7 +99,7 @@
  #define PCI_CLASS_GRAPHICS_CARD 0x30000
  
 diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
-index feda596939..11b4375ed5 100644
+index 18b16ecc0e..d2be79622f 100644
 --- a/src/basic/cgroup-util.c
 +++ b/src/basic/cgroup-util.c
 @@ -38,6 +38,7 @@
@@ -105,10 +108,10 @@
  #include "xattr-util.h"
 +#include "missing_stdlib.h"
  
- static int cg_enumerate_items(const char *controller, const char *path, FILE **_f, const char *item) {
+ static int cg_enumerate_items(const char *controller, const char *path, FILE **ret, const char *item) {
          _cleanup_free_ char *fs = NULL;
 diff --git a/src/basic/env-util.c b/src/basic/env-util.c
-index 55ac11a512..7ccb1d7887 100644
+index d3bf73385f..16b17358ca 100644
 --- a/src/basic/env-util.c
 +++ b/src/basic/env-util.c
 @@ -19,6 +19,7 @@
@@ -120,7 +123,7 @@
  /* We follow bash for the character set. Different shells have different rules. */
  #define VALID_BASH_ENV_NAME_CHARS               \
 diff --git a/src/basic/log.c b/src/basic/log.c
-index fc5793139e..515218fca8 100644
+index 1470611a75..9924ec2b9a 100644
 --- a/src/basic/log.c
 +++ b/src/basic/log.c
 @@ -40,6 +40,7 @@
@@ -152,10 +155,10 @@
 +  })
 +#endif
 diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c
-index 7ad19ee33b..cc1d5e1e5b 100644
+index c770e5ed32..1fd8816cd0 100644
 --- a/src/basic/mkdir.c
 +++ b/src/basic/mkdir.c
-@@ -15,6 +15,7 @@
+@@ -16,6 +16,7 @@
  #include "stat-util.h"
  #include "stdio-util.h"
  #include "user-util.h"
@@ -164,7 +167,7 @@
  int mkdirat_safe_internal(
                  int dir_fd,
 diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c
-index bc74fbef8f..cdb609bb84 100644
+index bf67f7e01a..409f8d8a73 100644
 --- a/src/basic/mountpoint-util.c
 +++ b/src/basic/mountpoint-util.c
 @@ -18,6 +18,7 @@
@@ -176,7 +179,7 @@
  #include "nulstr-util.h"
  #include "parse-util.h"
 diff --git a/src/basic/parse-util.c b/src/basic/parse-util.c
-index 3445d31307..d82b4415d9 100644
+index 0430e33e40..f3728de026 100644
 --- a/src/basic/parse-util.c
 +++ b/src/basic/parse-util.c
 @@ -18,6 +18,7 @@
@@ -188,7 +191,7 @@
  int parse_boolean(const char *v) {
          if (!v)
 diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c
-index c99e9d8786..71a917a0b0 100644
+index 4e3d59fc56..726e240df0 100644
 --- a/src/basic/path-lookup.c
 +++ b/src/basic/path-lookup.c
 @@ -16,6 +16,7 @@
@@ -212,7 +215,7 @@
  static int parse_parts_value_whole(const char *p, const char *symbol) {
          const char *pc, *n;
 diff --git a/src/basic/proc-cmdline.c b/src/basic/proc-cmdline.c
-index eea70d8606..ae3abd8402 100644
+index 522d8de1f4..7c129dc0fc 100644
 --- a/src/basic/proc-cmdline.c
 +++ b/src/basic/proc-cmdline.c
 @@ -16,6 +16,7 @@
@@ -224,7 +227,7 @@
  int proc_cmdline_filter_pid1_args(char **argv, char ***ret) {
          enum {
 diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c
-index bcba5a5208..64a95dd866 100644
+index d7cfcd9105..6cb0ddf575 100644
 --- a/src/basic/procfs-util.c
 +++ b/src/basic/procfs-util.c
 @@ -12,6 +12,7 @@
@@ -236,7 +239,7 @@
  int procfs_get_pid_max(uint64_t *ret) {
          _cleanup_free_ char *value = NULL;
 diff --git a/src/basic/time-util.c b/src/basic/time-util.c
-index b700f364ef..48a26bcec9 100644
+index f9014dc560..1d7840a5b5 100644
 --- a/src/basic/time-util.c
 +++ b/src/basic/time-util.c
 @@ -27,6 +27,7 @@
@@ -248,7 +251,7 @@
  static clockid_t map_clock_id(clockid_t c) {
  
 diff --git a/src/boot/bless-boot.c b/src/boot/bless-boot.c
-index 59f02b761a..7496646350 100644
+index 0c0b4f23c7..68fe5ca509 100644
 --- a/src/boot/bless-boot.c
 +++ b/src/boot/bless-boot.c
 @@ -22,6 +22,7 @@
@@ -260,22 +263,22 @@
  static char **arg_path = NULL;
  
 diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
-index b5484eda78..54ed62c790 100644
+index 4237e694c0..05f9d9d9a9 100644
 --- a/src/core/dbus-cgroup.c
 +++ b/src/core/dbus-cgroup.c
-@@ -23,6 +23,7 @@
+@@ -25,6 +25,7 @@
  #include "parse-util.h"
  #include "path-util.h"
  #include "percent-util.h"
 +#include "missing_stdlib.h"
  #include "socket-util.h"
  
- BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", TasksMax, tasks_max_resolve);
+ BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", CGroupTasksMax, cgroup_tasks_max_resolve);
 diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
-index f514b8fd12..4febd0d496 100644
+index 4daa1cefd3..2c77901471 100644
 --- a/src/core/dbus-execute.c
 +++ b/src/core/dbus-execute.c
-@@ -48,6 +48,7 @@
+@@ -42,6 +42,7 @@
  #include "unit-printf.h"
  #include "user-util.h"
  #include "utf8.h"
@@ -284,7 +287,7 @@
  BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_exec_output, exec_output, ExecOutput);
  static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_input, exec_input, ExecInput);
 diff --git a/src/core/dbus-util.c b/src/core/dbus-util.c
-index edfa0eb69a..6fd2ec9062 100644
+index d680a64268..e59f48103e 100644
 --- a/src/core/dbus-util.c
 +++ b/src/core/dbus-util.c
 @@ -9,6 +9,7 @@
@@ -296,19 +299,19 @@
  int bus_property_get_triggered_unit(
                  sd_bus *bus,
 diff --git a/src/core/execute.c b/src/core/execute.c
-index 853e87450f..8ef76de9ab 100644
+index ef0bf88687..bd3da0c401 100644
 --- a/src/core/execute.c
 +++ b/src/core/execute.c
-@@ -113,6 +113,7 @@
+@@ -72,6 +72,7 @@
  #include "unit-serialize.h"
  #include "user-util.h"
  #include "utmp-wtmp.h"
 +#include "missing_stdlib.h"
  
- #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
- #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
+ static bool is_terminal_input(ExecInput i) {
+         return IN_SET(i,
 diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c
-index e843743777..e149807492 100644
+index b8e3f7aadd..8ce8ca68d8 100644
 --- a/src/core/kmod-setup.c
 +++ b/src/core/kmod-setup.c
 @@ -13,6 +13,7 @@
@@ -320,7 +323,7 @@
  #if HAVE_KMOD
  #include "module-util.h"
 diff --git a/src/core/service.c b/src/core/service.c
-index 9ad3c3d995..b112d64919 100644
+index b9eb40c555..268fe7573b 100644
 --- a/src/core/service.c
 +++ b/src/core/service.c
 @@ -45,6 +45,7 @@
@@ -332,7 +335,7 @@
  #define service_spawn(...) service_spawn_internal(__func__, __VA_ARGS__)
  
 diff --git a/src/coredump/coredump-vacuum.c b/src/coredump/coredump-vacuum.c
-index c6e201ecf2..ab034475e2 100644
+index 7e0c98cb7d..978a7f5874 100644
 --- a/src/coredump/coredump-vacuum.c
 +++ b/src/coredump/coredump-vacuum.c
 @@ -17,6 +17,7 @@
@@ -344,7 +347,7 @@
  #define DEFAULT_MAX_USE_LOWER (uint64_t) (1ULL*1024ULL*1024ULL)           /* 1 MiB */
  #define DEFAULT_MAX_USE_UPPER (uint64_t) (4ULL*1024ULL*1024ULL*1024ULL)   /* 4 GiB */
 diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
-index efc553b698..acea922311 100644
+index 016f3baa7f..b1def81313 100644
 --- a/src/fstab-generator/fstab-generator.c
 +++ b/src/fstab-generator/fstab-generator.c
 @@ -37,6 +37,7 @@
@@ -356,10 +359,10 @@
  typedef enum MountPointFlags {
          MOUNT_NOAUTO    = 1 << 0,
 diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
-index 7df264fb53..9463a0e9fb 100644
+index da0f20d3ce..f22ce41908 100644
 --- a/src/journal-remote/journal-remote-main.c
 +++ b/src/journal-remote/journal-remote-main.c
-@@ -26,6 +26,7 @@
+@@ -27,6 +27,7 @@
  #include "stat-util.h"
  #include "string-table.h"
  #include "strv.h"
@@ -368,7 +371,7 @@
  #define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
  #define CERT_FILE     CERTIFICATE_ROOT "/certs/journal-remote.pem"
 diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
-index da0fac548e..c1c043e0e0 100644
+index 7f3dcd56a4..41b7cbaaf1 100644
 --- a/src/journal/journalctl.c
 +++ b/src/journal/journalctl.c
 @@ -77,6 +77,7 @@
@@ -380,7 +383,7 @@
  #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
  #define PROCESS_INOTIFY_INTERVAL 1024   /* Every 1,024 messages processed */
 diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
-index 9719f97c02..75decd9834 100644
+index ff0228081f..9066fcb133 100644
 --- a/src/libsystemd/sd-bus/bus-message.c
 +++ b/src/libsystemd/sd-bus/bus-message.c
 @@ -19,6 +19,7 @@
@@ -392,7 +395,7 @@
  static int message_append_basic(sd_bus_message *m, char type, const void *p, const void **stored);
  static int message_parse_fields(sd_bus_message *m);
 diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c
-index 2ad7a9993d..bba72f99f4 100644
+index c25c40ff37..57a5da704f 100644
 --- a/src/libsystemd/sd-bus/bus-objects.c
 +++ b/src/libsystemd/sd-bus/bus-objects.c
 @@ -11,6 +11,7 @@
@@ -404,10 +407,10 @@
  static int node_vtable_get_userdata(
                  sd_bus *bus,
 diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
-index 64037e4fe0..9b9ce0aaa9 100644
+index 3c59d0d615..746922d46f 100644
 --- a/src/libsystemd/sd-bus/bus-socket.c
 +++ b/src/libsystemd/sd-bus/bus-socket.c
-@@ -28,6 +28,7 @@
+@@ -29,6 +29,7 @@
  #include "string-util.h"
  #include "user-util.h"
  #include "utf8.h"
@@ -416,7 +419,7 @@
  #define SNDBUF_SIZE (8*1024*1024)
  
 diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
-index f6a5e4aa06..b36faa79a3 100644
+index 4a0259f8bb..aaa90d2223 100644
 --- a/src/libsystemd/sd-bus/sd-bus.c
 +++ b/src/libsystemd/sd-bus/sd-bus.c
 @@ -46,6 +46,7 @@
@@ -428,19 +431,19 @@
  #define log_debug_bus_message(m)                                         \
          do {                                                             \
 diff --git a/src/libsystemd/sd-bus/test-bus-benchmark.c b/src/libsystemd/sd-bus/test-bus-benchmark.c
-index 1eb6edd329..d434a3c178 100644
+index d988588de0..458df8df9a 100644
 --- a/src/libsystemd/sd-bus/test-bus-benchmark.c
 +++ b/src/libsystemd/sd-bus/test-bus-benchmark.c
-@@ -13,6 +13,7 @@
- #include "missing_resource.h"
+@@ -14,6 +14,7 @@
  #include "string-util.h"
+ #include "tests.h"
  #include "time-util.h"
 +#include "missing_stdlib.h"
  
  #define MAX_SIZE (2*1024*1024)
  
 diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c
-index 9947947ef2..8dc6f93159 100644
+index 6b9ff0a4ed..4a5027ad0f 100644
 --- a/src/libsystemd/sd-journal/sd-journal.c
 +++ b/src/libsystemd/sd-journal/sd-journal.c
 @@ -44,6 +44,7 @@
@@ -452,19 +455,19 @@
  #define JOURNAL_FILES_RECHECK_USEC (2 * USEC_PER_SEC)
  
 diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
-index ba2fca32c6..e1f9caa13b 100644
+index b8da266e27..4bb8dd9496 100644
 --- a/src/login/pam_systemd.c
 +++ b/src/login/pam_systemd.c
-@@ -34,6 +34,7 @@
- #include "locale-util.h"
+@@ -35,6 +35,7 @@
  #include "login-util.h"
  #include "macro.h"
+ #include "missing_syscall.h"
 +#include "missing_stdlib.h"
  #include "pam-util.h"
  #include "parse-util.h"
  #include "path-util.h"
 diff --git a/src/network/generator/network-generator.c b/src/network/generator/network-generator.c
-index 1090934bfc..69a77f66e2 100644
+index 48527a2c73..9777fe0561 100644
 --- a/src/network/generator/network-generator.c
 +++ b/src/network/generator/network-generator.c
 @@ -14,6 +14,7 @@
@@ -476,7 +479,7 @@
  /*
    # .network
 diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c
-index 05bde1c756..aa29587868 100644
+index 161b1c1c70..ba1c459f78 100644
 --- a/src/nspawn/nspawn-settings.c
 +++ b/src/nspawn/nspawn-settings.c
 @@ -16,6 +16,7 @@
@@ -500,7 +503,7 @@
  static void setup_logging_once(void) {
          static pthread_once_t once = PTHREAD_ONCE_INIT;
 diff --git a/src/portable/portable.c b/src/portable/portable.c
-index 7811833fac..c6414da91c 100644
+index d4b448a627..bb26623565 100644
 --- a/src/portable/portable.c
 +++ b/src/portable/portable.c
 @@ -40,6 +40,7 @@
@@ -512,7 +515,7 @@
  /* Markers used in the first line of our 20-portable.conf unit file drop-in to determine, that a) the unit file was
   * dropped there by the portable service logic and b) for which image it was dropped there. */
 diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c
-index 2638e985fb..82c903fd66 100644
+index afa537f160..32ccee4ae5 100644
 --- a/src/resolve/resolvectl.c
 +++ b/src/resolve/resolvectl.c
 @@ -48,6 +48,7 @@
@@ -524,7 +527,7 @@
  static int arg_family = AF_UNSPEC;
  static int arg_ifindex = 0;
 diff --git a/src/shared/bus-get-properties.c b/src/shared/bus-get-properties.c
-index 8b4f66b22e..5926e4c61b 100644
+index 53e5d6b99f..851ecd5644 100644
 --- a/src/shared/bus-get-properties.c
 +++ b/src/shared/bus-get-properties.c
 @@ -4,6 +4,7 @@
@@ -548,10 +551,10 @@
  struct CGroupInfo {
          char *cgroup_path;
 diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
-index 1e95e36678..640ee031d5 100644
+index 4ee9706847..30c8084847 100644
 --- a/src/shared/bus-unit-util.c
 +++ b/src/shared/bus-unit-util.c
-@@ -51,6 +51,7 @@
+@@ -50,6 +50,7 @@
  #include "unit-def.h"
  #include "user-util.h"
  #include "utf8.h"
@@ -560,7 +563,7 @@
  int bus_parse_unit_info(sd_bus_message *message, UnitInfo *u) {
          assert(message);
 diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
-index d09ec5148d..f38a8f7cc1 100644
+index 4123152d93..74f148c8b4 100644
 --- a/src/shared/bus-util.c
 +++ b/src/shared/bus-util.c
 @@ -24,6 +24,7 @@
@@ -572,7 +575,7 @@
  static int name_owner_change_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
          sd_event *e = ASSERT_PTR(userdata);
 diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c
-index 620b156563..5ee5b09186 100644
+index b41c9b06ca..e69050a507 100644
 --- a/src/shared/dns-domain.c
 +++ b/src/shared/dns-domain.c
 @@ -18,6 +18,7 @@
@@ -584,7 +587,7 @@
  int dns_label_unescape(const char **name, char *dest, size_t sz, DNSLabelFlags flags) {
          const char *n;
 diff --git a/src/shared/journal-importer.c b/src/shared/journal-importer.c
-index d9eabec886..534c6cf7e3 100644
+index 83e9834bbf..74eaae6f5e 100644
 --- a/src/shared/journal-importer.c
 +++ b/src/shared/journal-importer.c
 @@ -16,6 +16,7 @@
@@ -596,7 +599,7 @@
  enum {
          IMPORTER_STATE_LINE = 0,    /* waiting to read, or reading line */
 diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c
-index b72e516c8d..6e832b74c3 100644
+index a5d04003bd..10392c132d 100644
 --- a/src/shared/logs-show.c
 +++ b/src/shared/logs-show.c
 @@ -41,6 +41,7 @@
@@ -608,7 +611,7 @@
  /* up to three lines (each up to 100 characters) or 300 characters, whichever is less */
  #define PRINT_LINE_THRESHOLD 3
 diff --git a/src/shared/pager.c b/src/shared/pager.c
-index 6ed35a3ca9..99d9d36140 100644
+index 19deefab56..6b6d0af1a0 100644
 --- a/src/shared/pager.c
 +++ b/src/shared/pager.c
 @@ -25,6 +25,7 @@
@@ -620,7 +623,7 @@
  static pid_t pager_pid = 0;
  
 diff --git a/src/socket-proxy/socket-proxyd.c b/src/socket-proxy/socket-proxyd.c
-index 821049e667..08a5bdae3d 100644
+index 287fd6c181..8f8d5493da 100644
 --- a/src/socket-proxy/socket-proxyd.c
 +++ b/src/socket-proxy/socket-proxyd.c
 @@ -27,6 +27,7 @@
@@ -632,7 +635,7 @@
  #define BUFFER_SIZE (256 * 1024)
  
 diff --git a/src/test/test-hexdecoct.c b/src/test/test-hexdecoct.c
-index 9d71db6ae1..a9938c1e6e 100644
+index f884008660..987e180697 100644
 --- a/src/test/test-hexdecoct.c
 +++ b/src/test/test-hexdecoct.c
 @@ -7,6 +7,7 @@
@@ -643,8 +646,20 @@
  #include "tests.h"
  
  TEST(hexchar) {
+diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
+index 91b40088f4..f528a46b8e 100644
+--- a/src/udev/udev-builtin-net_id.c
++++ b/src/udev/udev-builtin-net_id.c
+@@ -39,6 +39,7 @@
+ #include "strv.h"
+ #include "strxcpyx.h"
+ #include "udev-builtin.h"
++#include "missing_stdlib.h"
+ 
+ #define ONBOARD_14BIT_INDEX_MAX ((1U << 14) - 1)
+ #define ONBOARD_16BIT_INDEX_MAX ((1U << 16) - 1)
 diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c
-index 8e4d57ee72..6b4555b4d5 100644
+index 467c9a6ad3..f74dae60af 100644
 --- a/src/udev/udev-builtin-path_id.c
 +++ b/src/udev/udev-builtin-path_id.c
 @@ -24,6 +24,7 @@
@@ -656,22 +671,22 @@
  _printf_(2,3)
  static void path_prepend(char **path, const char *fmt, ...) {
 diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
-index ec4ad30824..bc40303a46 100644
+index ed22c8b679..19ebe20237 100644
 --- a/src/udev/udev-event.c
 +++ b/src/udev/udev-event.c
-@@ -34,6 +34,7 @@
+@@ -16,6 +16,7 @@
  #include "udev-util.h"
  #include "udev-watch.h"
  #include "user-util.h"
 +#include "missing_stdlib.h"
  
- typedef struct Spawn {
-         sd_device *device;
+ UdevEvent *udev_event_new(sd_device *dev, usec_t exec_delay_usec, sd_netlink *rtnl, int log_level) {
+         UdevEvent *event;
 diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
-index 5bd09a64d1..0ce79f815c 100644
+index 5f12002394..febe345b4c 100644
 --- a/src/udev/udev-rules.c
 +++ b/src/udev/udev-rules.c
-@@ -35,6 +35,7 @@
+@@ -41,6 +41,7 @@
  #include "udev-util.h"
  #include "user-util.h"
  #include "virt.h"
@@ -680,5 +695,5 @@
  #define RULES_DIRS ((const char* const*) CONF_PATHS_STRV("udev/rules.d"))
  
 -- 
-2.39.2
+2.34.1
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0004-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch b/poky/meta/recipes-core/systemd/systemd/0004-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch
deleted file mode 100644
index 98914ae..0000000
--- a/poky/meta/recipes-core/systemd/systemd/0004-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From f75f03ef6bc3554068e456bed227f333d5cb8c34 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 29 Sep 2020 18:01:41 -0700
-Subject: [PATCH] Move sysusers.d/sysctl.d/binfmt.d/modules-load.d to /usr
-
-These directories are moved to /lib since systemd v246, commit
-4a56315a990b ("path: use ROOTPREFIX properly"), but in oe-core/yocto,
-the old /usr/lib is still being used.
-
-Upstream-Status: Inappropriate (OE-specific)
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
----
- src/core/systemd.pc.in           | 8 ++++----
- src/libsystemd/sd-path/sd-path.c | 8 ++++----
- 2 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in
-index 693433b34b..8368a3ff02 100644
---- a/src/core/systemd.pc.in
-+++ b/src/core/systemd.pc.in
-@@ -67,16 +67,16 @@ tmpfilesdir=${tmpfiles_dir}
- 
- user_tmpfiles_dir=${prefix}/share/user-tmpfiles.d
- 
--sysusers_dir=${rootprefix}/lib/sysusers.d
-+sysusers_dir=${prefix}/lib/sysusers.d
- sysusersdir=${sysusers_dir}
- 
--sysctl_dir=${rootprefix}/lib/sysctl.d
-+sysctl_dir=${prefix}/lib/sysctl.d
- sysctldir=${sysctl_dir}
- 
--binfmt_dir=${rootprefix}/lib/binfmt.d
-+binfmt_dir=${prefix}/lib/binfmt.d
- binfmtdir=${binfmt_dir}
- 
--modules_load_dir=${rootprefix}/lib/modules-load.d
-+modules_load_dir=${prefix}/lib/modules-load.d
- modulesloaddir=${modules_load_dir}
- 
- catalog_dir=${prefix}/lib/systemd/catalog
-diff --git a/src/libsystemd/sd-path/sd-path.c b/src/libsystemd/sd-path/sd-path.c
-index 1af3a36d1d..def502b717 100644
---- a/src/libsystemd/sd-path/sd-path.c
-+++ b/src/libsystemd/sd-path/sd-path.c
-@@ -365,19 +365,19 @@ static int get_path(uint64_t type, char **buffer, const char **ret) {
-                 return 0;
- 
-         case SD_PATH_SYSUSERS:
--                *ret = ROOTPREFIX_NOSLASH "/lib/sysusers.d";
-+                *ret = "/usr/lib/sysusers.d";
-                 return 0;
- 
-         case SD_PATH_SYSCTL:
--                *ret = ROOTPREFIX_NOSLASH "/lib/sysctl.d";
-+                *ret = "/usr/lib/sysctl.d";
-                 return 0;
- 
-         case SD_PATH_BINFMT:
--                *ret = ROOTPREFIX_NOSLASH "/lib/binfmt.d";
-+                *ret = "/usr/lib/binfmt.d";
-                 return 0;
- 
-         case SD_PATH_MODULES_LOAD:
--                *ret = ROOTPREFIX_NOSLASH "/lib/modules-load.d";
-+                *ret = "/usr/lib/modules-load.d";
-                 return 0;
- 
-         case SD_PATH_CATALOG:
--- 
-2.39.2
-
diff --git a/poky/meta/recipes-core/systemd/systemd/0012-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch b/poky/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
similarity index 90%
rename from poky/meta/recipes-core/systemd/systemd/0012-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
rename to poky/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
index 0d69e8e..15877be 100644
--- a/poky/meta/recipes-core/systemd/systemd/0012-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
@@ -1,7 +1,8 @@
-From 747ff78ecda6afe01c7eab4d7c27aea6af810c86 Mon Sep 17 00:00:00 2001
+From 5325ab5813617f35f03806ec420829dde7104387 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 14:56:21 +0800
-Subject: [PATCH] don't fail if GLOB_BRACE and GLOB_ALTDIRFUNC is not defined
+Subject: [PATCH 04/22] don't fail if GLOB_BRACE and GLOB_ALTDIRFUNC is not
+ defined
 
 If the standard library doesn't provide brace
 expansion users just won't get it.
@@ -23,7 +24,7 @@
  3 files changed, 38 insertions(+)
 
 diff --git a/src/basic/glob-util.c b/src/basic/glob-util.c
-index fd60a6eda2..c73edc41ea 100644
+index 802ca8c655..23818a67c6 100644
 --- a/src/basic/glob-util.c
 +++ b/src/basic/glob-util.c
 @@ -12,6 +12,12 @@
@@ -114,7 +115,7 @@
  
          (void) rm_rf(template, REMOVE_ROOT|REMOVE_PHYSICAL);
 diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
-index 458aed7054..2cf24b38c0 100644
+index 230ec09b97..2cc5f391d7 100644
 --- a/src/tmpfiles/tmpfiles.c
 +++ b/src/tmpfiles/tmpfiles.c
 @@ -73,6 +73,12 @@
@@ -130,9 +131,9 @@
  /* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates
   * them in the file system. This is intended to be used to create
   * properly owned directories beneath /tmp, /var/tmp, /run, which are
-@@ -2355,7 +2361,9 @@ finish:
+@@ -2434,7 +2440,9 @@ finish:
  
- static int glob_item(Item *i, action_t action) {
+ static int glob_item(Context *c, Item *i, action_t action) {
          _cleanup_globfree_ glob_t g = {
 +#ifdef GLOB_ALTDIRFUNC
                  .gl_opendir = (void *(*)(const char *)) opendir_nomod,
@@ -140,9 +141,9 @@
          };
          int r = 0, k;
  
-@@ -2375,7 +2383,9 @@ static int glob_item(Item *i, action_t action) {
+@@ -2461,7 +2469,9 @@ static int glob_item_recursively(
+                 fdaction_t action) {
  
- static int glob_item_recursively(Item *i, fdaction_t action) {
          _cleanup_globfree_ glob_t g = {
 +#ifdef GLOB_ALTDIRFUNC
                  .gl_opendir = (void *(*)(const char *)) opendir_nomod,
@@ -151,5 +152,5 @@
          int r = 0, k;
  
 -- 
-2.39.2
+2.34.1
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0013-add-missing-FTW_-macros-for-musl.patch b/poky/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch
similarity index 84%
rename from poky/meta/recipes-core/systemd/systemd/0013-add-missing-FTW_-macros-for-musl.patch
rename to poky/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch
index d6aaadc..a1dfca2 100644
--- a/poky/meta/recipes-core/systemd/systemd/0013-add-missing-FTW_-macros-for-musl.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch
@@ -1,7 +1,7 @@
-From efd7b41cf270c7b07ee3b9aec0fedd8e52dd422f Mon Sep 17 00:00:00 2001
+From dad7f897c0de654fa5592fda3e90f874639849f9 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 15:00:06 +0800
-Subject: [PATCH] add missing FTW_ macros for musl
+Subject: [PATCH 05/22] add missing FTW_ macros for musl
 
 This is to avoid build failures like below for musl.
 
@@ -28,10 +28,10 @@
 +#define FTW_CONTINUE 0
 +#endif
 diff --git a/src/test/test-recurse-dir.c b/src/test/test-recurse-dir.c
-index 2c2120b136..bc60a178a2 100644
+index 8684d064ec..70fc2b5376 100644
 --- a/src/test/test-recurse-dir.c
 +++ b/src/test/test-recurse-dir.c
-@@ -6,6 +6,7 @@
+@@ -8,6 +8,7 @@
  #include "recurse-dir.h"
  #include "strv.h"
  #include "tests.h"
@@ -40,5 +40,5 @@
  static char **list_nftw = NULL;
  
 -- 
-2.39.2
+2.34.1
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0014-Use-uintmax_t-for-handling-rlim_t.patch b/poky/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch
similarity index 83%
rename from poky/meta/recipes-core/systemd/systemd/0014-Use-uintmax_t-for-handling-rlim_t.patch
rename to poky/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch
index 2071f4f..4be14b7 100644
--- a/poky/meta/recipes-core/systemd/systemd/0014-Use-uintmax_t-for-handling-rlim_t.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch
@@ -1,7 +1,7 @@
-From 60f7d2c62bc3718023df93c01688d3ee1625d64d Mon Sep 17 00:00:00 2001
+From 96e975a2412a20e5f80bd3ab144057d275eb8597 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 15:12:41 +0800
-Subject: [PATCH] Use uintmax_t for handling rlim_t
+Subject: [PATCH 06/22] Use uintmax_t for handling rlim_t
 
 PRIu{32,64} is not right format to represent rlim_t type
 therefore use %ju and typecast the rlim_t variables to
@@ -26,9 +26,11 @@
  src/core/execute.c      |  4 ++--
  3 files changed, 9 insertions(+), 15 deletions(-)
 
+diff --git a/src/basic/format-util.h b/src/basic/format-util.h
+index 8719df3e29..9becc96066 100644
 --- a/src/basic/format-util.h
 +++ b/src/basic/format-util.h
-@@ -34,13 +34,7 @@ assert_cc(sizeof(gid_t) == sizeof(uint32
+@@ -34,13 +34,7 @@ assert_cc(sizeof(gid_t) == sizeof(uint32_t));
  #  error Unknown timex member size
  #endif
  
@@ -43,9 +45,11 @@
  
  #if SIZEOF_DEV_T == 8
  #  define DEV_FMT "%" PRIu64
+diff --git a/src/basic/rlimit-util.c b/src/basic/rlimit-util.c
+index c1f0b2b974..61c5412582 100644
 --- a/src/basic/rlimit-util.c
 +++ b/src/basic/rlimit-util.c
-@@ -44,7 +44,7 @@ int setrlimit_closest(int resource, cons
+@@ -44,7 +44,7 @@ int setrlimit_closest(int resource, const struct rlimit *rlim) {
              fixed.rlim_max == highest.rlim_max)
                  return 0;
  
@@ -54,7 +58,7 @@
  
          return RET_NERRNO(setrlimit(resource, &fixed));
  }
-@@ -307,13 +307,13 @@ int rlimit_format(const struct rlimit *r
+@@ -307,13 +307,13 @@ int rlimit_format(const struct rlimit *rl, char **ret) {
          if (rl->rlim_cur >= RLIM_INFINITY && rl->rlim_max >= RLIM_INFINITY)
                  r = free_and_strdup(&s, "infinity");
          else if (rl->rlim_cur >= RLIM_INFINITY)
@@ -72,7 +76,7 @@
          if (r < 0)
                  return -ENOMEM;
  
-@@ -407,7 +407,7 @@ int rlimit_nofile_safe(void) {
+@@ -422,7 +422,7 @@ int rlimit_nofile_safe(void) {
          rl.rlim_max = MIN(rl.rlim_max, (rlim_t) read_nr_open());
          rl.rlim_cur = MIN((rlim_t) FD_SETSIZE, rl.rlim_max);
          if (setrlimit(RLIMIT_NOFILE, &rl) < 0)
@@ -81,9 +85,11 @@
  
          return 1;
  }
+diff --git a/src/core/execute.c b/src/core/execute.c
+index bd3da0c401..df1870fd2f 100644
 --- a/src/core/execute.c
 +++ b/src/core/execute.c
-@@ -6707,9 +6707,9 @@ void exec_context_dump(const ExecContext
+@@ -1045,9 +1045,9 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
          for (unsigned i = 0; i < RLIM_NLIMITS; i++)
                  if (c->rlimit[i]) {
                          fprintf(f, "%sLimit%s: " RLIM_FMT "\n",
@@ -95,3 +101,6 @@
                  }
  
          if (c->ioprio_set) {
+-- 
+2.34.1
+
diff --git a/poky/meta/recipes-core/systemd/systemd/0016-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch b/poky/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
similarity index 95%
rename from poky/meta/recipes-core/systemd/systemd/0016-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
rename to poky/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
index 543fba7..8d60842 100644
--- a/poky/meta/recipes-core/systemd/systemd/0016-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
@@ -1,7 +1,7 @@
-From 26b02348e39fe72b73dd61bba8a0cefb0352717d Mon Sep 17 00:00:00 2001
+From 4842cff4f1329f0b5034b529d56f8ad1f234ac4c Mon Sep 17 00:00:00 2001
 From: Andre McCurdy <armccurdy@gmail.com>
 Date: Tue, 10 Oct 2017 14:33:30 -0700
-Subject: [PATCH] don't pass AT_SYMLINK_NOFOLLOW flag to faccessat()
+Subject: [PATCH 07/22] don't pass AT_SYMLINK_NOFOLLOW flag to faccessat()
 
 Avoid using AT_SYMLINK_NOFOLLOW flag. It doesn't seem like the right
 thing to do and it's not portable (not supported by musl). See:
@@ -31,7 +31,7 @@
  2 files changed, 23 insertions(+), 4 deletions(-)
 
 diff --git a/src/basic/fs-util.h b/src/basic/fs-util.h
-index 932d003f19..33215dbf5f 100644
+index 1023ab73ca..c78ff6f27f 100644
 --- a/src/basic/fs-util.h
 +++ b/src/basic/fs-util.h
 @@ -49,8 +49,27 @@ int futimens_opath(int fd, const struct timespec ts[2]);
@@ -64,7 +64,7 @@
  int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode);
  
 diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c
-index be6dd1654a..2726dc946a 100644
+index 569ef466c3..7ae921a113 100644
 --- a/src/shared/base-filesystem.c
 +++ b/src/shared/base-filesystem.c
 @@ -145,7 +145,7 @@ int base_filesystem_create_fd(int fd, const char *root, uid_t uid, gid_t gid) {
@@ -95,5 +95,5 @@
                                  }
  
 -- 
-2.39.2
+2.34.1
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0017-Define-glibc-compatible-basename-for-non-glibc-syste.patch b/poky/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch
similarity index 70%
rename from poky/meta/recipes-core/systemd/systemd/0017-Define-glibc-compatible-basename-for-non-glibc-syste.patch
rename to poky/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch
index 24dd6b0..c1a8bb1 100644
--- a/poky/meta/recipes-core/systemd/systemd/0017-Define-glibc-compatible-basename-for-non-glibc-syste.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch
@@ -1,7 +1,8 @@
-From fdc7fb940bb41020271b9db41d5608004efdbde5 Mon Sep 17 00:00:00 2001
+From bab07e779ff23d5593bb118efaaa31b60a6dce87 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Sun, 27 May 2018 08:36:44 -0700
-Subject: [PATCH] Define glibc compatible basename() for non-glibc systems
+Subject: [PATCH 08/22] Define glibc compatible basename() for non-glibc
+ systems
 
 Fixes builds with musl, even though systemd is adamant about
 using non-posix basename implementation, we have a way out
@@ -10,9 +11,11 @@
 
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 ---
- src/machine/machine-dbus.c | 5 +++++
- 1 file changed, 5 insertions(+)
+ src/basic/string-util.h | 4 ++++
+ 1 file changed, 4 insertions(+)
 
+diff --git a/src/basic/string-util.h b/src/basic/string-util.h
+index b6d8be3083..0a29036c4c 100644
 --- a/src/basic/string-util.h
 +++ b/src/basic/string-util.h
 @@ -26,6 +26,10 @@
@@ -26,3 +29,6 @@
  static inline char* strstr_ptr(const char *haystack, const char *needle) {
          if (!haystack || !needle)
                  return NULL;
+-- 
+2.34.1
+
diff --git a/poky/meta/recipes-core/systemd/systemd/0018-Do-not-disable-buffering-when-writing-to-oom_score_a.patch b/poky/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
similarity index 82%
rename from poky/meta/recipes-core/systemd/systemd/0018-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
rename to poky/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
index 8162bc2..3ff0177 100644
--- a/poky/meta/recipes-core/systemd/systemd/0018-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
@@ -1,7 +1,7 @@
-From 32fd0dc67b6df531f0769dbb099dbe8f30c28514 Mon Sep 17 00:00:00 2001
+From 25093c5017725b8577c444dfea0f42ad85b43522 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Wed, 4 Jul 2018 15:00:44 +0800
-Subject: [PATCH] Do not disable buffering when writing to oom_score_adj
+Subject: [PATCH 09/22] Do not disable buffering when writing to oom_score_adj
 
 On musl, disabling buffering when writing to oom_score_adj will
 cause the following error.
@@ -24,10 +24,10 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/basic/process-util.c b/src/basic/process-util.c
-index 0747c14c1c..8d0c5aae92 100644
+index 201c5596ae..ea51595b6c 100644
 --- a/src/basic/process-util.c
 +++ b/src/basic/process-util.c
-@@ -1516,7 +1516,7 @@ int set_oom_score_adjust(int value) {
+@@ -1716,7 +1716,7 @@ int set_oom_score_adjust(int value) {
          xsprintf(t, "%i", value);
  
          return write_string_file("/proc/self/oom_score_adj", t,
@@ -37,5 +37,5 @@
  
  int get_oom_score_adjust(int *ret) {
 -- 
-2.39.2
+2.34.1
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0019-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch b/poky/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
similarity index 89%
rename from poky/meta/recipes-core/systemd/systemd/0019-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
rename to poky/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
index f6d908f..cf59ac7 100644
--- a/poky/meta/recipes-core/systemd/systemd/0019-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
@@ -1,7 +1,7 @@
-From ed46afcbc6bc1f6277a0a54c3db8cf1b056bca1e Mon Sep 17 00:00:00 2001
+From 2adbe9773cd65c48eec9df96868d4a738927c8d9 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Tue, 10 Jul 2018 15:40:17 +0800
-Subject: [PATCH] distinguish XSI-compliant strerror_r from GNU-specifi
+Subject: [PATCH 10/22] distinguish XSI-compliant strerror_r from GNU-specifi
  strerror_r
 
 XSI-compliant strerror_r and GNU-specifi strerror_r are different.
@@ -24,7 +24,7 @@
  2 files changed, 15 insertions(+), 1 deletion(-)
 
 diff --git a/src/libsystemd/sd-bus/bus-error.c b/src/libsystemd/sd-bus/bus-error.c
-index 413e2dd43f..805e5da0c0 100644
+index 77b2e1a0fd..fdba0e0142 100644
 --- a/src/libsystemd/sd-bus/bus-error.c
 +++ b/src/libsystemd/sd-bus/bus-error.c
 @@ -408,7 +408,12 @@ static void bus_error_strerror(sd_bus_error *e, int error) {
@@ -55,10 +55,10 @@
  
  static bool map_ok(const sd_bus_error_map *map) {
 diff --git a/src/libsystemd/sd-journal/journal-send.c b/src/libsystemd/sd-journal/journal-send.c
-index 136ebcb153..8a75ba4ecd 100644
+index 69a2eb6404..1561859650 100644
 --- a/src/libsystemd/sd-journal/journal-send.c
 +++ b/src/libsystemd/sd-journal/journal-send.c
-@@ -360,7 +360,12 @@ static int fill_iovec_perror_and_send(const char *message, int skip, struct iove
+@@ -361,7 +361,12 @@ static int fill_iovec_perror_and_send(const char *message, int skip, struct iove
                  char* j;
  
                  errno = 0;
@@ -72,5 +72,5 @@
                          char error[STRLEN("ERRNO=") + DECIMAL_STR_MAX(int) + 1];
  
 -- 
-2.39.2
+2.34.1
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0020-avoid-redefinition-of-prctl_mm_map-structure.patch b/poky/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch
similarity index 79%
rename from poky/meta/recipes-core/systemd/systemd/0020-avoid-redefinition-of-prctl_mm_map-structure.patch
rename to poky/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch
index e5f0173..e481b2e 100644
--- a/poky/meta/recipes-core/systemd/systemd/0020-avoid-redefinition-of-prctl_mm_map-structure.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch
@@ -1,7 +1,7 @@
-From 277b680d07a178b8278862b60417052d05c1376f Mon Sep 17 00:00:00 2001
+From 49c446cfb78cf74a909bed8c3798b77a5469866a Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 15:44:54 +0800
-Subject: [PATCH] avoid redefinition of prctl_mm_map structure
+Subject: [PATCH 11/22] avoid redefinition of prctl_mm_map structure
 
 Fix the following compile failure:
 error: redefinition of 'struct prctl_mm_map'
@@ -14,7 +14,7 @@
  1 file changed, 2 insertions(+)
 
 diff --git a/src/basic/missing_prctl.h b/src/basic/missing_prctl.h
-index ab851306ba..5547cad875 100644
+index 7d9e395c92..88c2d7dfac 100644
 --- a/src/basic/missing_prctl.h
 +++ b/src/basic/missing_prctl.h
 @@ -1,7 +1,9 @@
@@ -28,5 +28,5 @@
  /* 58319057b7847667f0c9585b9de0e8932b0fdb08 (4.3) */
  #ifndef PR_CAP_AMBIENT
 -- 
-2.39.2
+2.34.1
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch b/poky/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch
new file mode 100644
index 0000000..66be790
--- /dev/null
+++ b/poky/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch
@@ -0,0 +1,562 @@
+From e4885a8e60f883d9217e26e1db3754c2906aca31 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Fri, 1 Mar 2019 15:22:15 +0800
+Subject: [PATCH 12/22] do not disable buffer in writing files
+
+Do not disable buffer in writing files, otherwise we get
+failure at boot for musl like below.
+
+  [!!!!!!] Failed to allocate manager object.
+
+And there will be other failures, critical or not critical.
+This is specific to musl.
+
+Upstream-Status: Inappropriate [musl]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+[Rebased for v242]
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+[rebased for systemd 243]
+Signed-off-by: Scott Murray <scott.murray@konsulko.com>
+[rebased for systemd 254]
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+[rebased for systemd 255.1]
+---
+ src/basic/cgroup-util.c              | 12 ++++++------
+ src/basic/namespace-util.c           |  4 ++--
+ src/basic/procfs-util.c              |  4 ++--
+ src/basic/sysctl-util.c              |  2 +-
+ src/binfmt/binfmt.c                  |  6 +++---
+ src/core/cgroup.c                    |  2 +-
+ src/core/main.c                      |  2 +-
+ src/core/smack-setup.c               |  8 ++++----
+ src/home/homework.c                  |  2 +-
+ src/libsystemd/sd-device/sd-device.c |  2 +-
+ src/nspawn/nspawn-cgroup.c           |  2 +-
+ src/nspawn/nspawn.c                  |  6 +++---
+ src/shared/binfmt-util.c             |  2 +-
+ src/shared/cgroup-setup.c            |  4 ++--
+ src/shared/coredump-util.c           |  4 ++--
+ src/shared/hibernate-util.c          |  4 ++--
+ src/shared/smack-util.c              |  2 +-
+ src/shared/watchdog.c                |  2 +-
+ src/sleep/sleep.c                    |  4 ++--
+ src/storagetm/storagetm.c            | 24 ++++++++++++------------
+ src/udev/udev-rules.c                |  1 -
+ src/vconsole/vconsole-setup.c        |  2 +-
+ 22 files changed, 50 insertions(+), 51 deletions(-)
+
+diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
+index d2be79622f..e65fecb68d 100644
+--- a/src/basic/cgroup-util.c
++++ b/src/basic/cgroup-util.c
+@@ -417,7 +417,7 @@ int cg_kill_kernel_sigkill(const char *path) {
+         if (r < 0)
+                 return r;
+ 
+-        r = write_string_file(killfile, "1", WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file(killfile, "1", 0);
+         if (r < 0)
+                 return r;
+ 
+@@ -843,7 +843,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
+ 
+         sc = strstrip(contents);
+         if (isempty(sc)) {
+-                r = write_string_file(fs, agent, WRITE_STRING_FILE_DISABLE_BUFFER);
++                r = write_string_file(fs, agent, 0);
+                 if (r < 0)
+                         return r;
+         } else if (!path_equal(sc, agent))
+@@ -861,7 +861,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
+ 
+         sc = strstrip(contents);
+         if (streq(sc, "0")) {
+-                r = write_string_file(fs, "1", WRITE_STRING_FILE_DISABLE_BUFFER);
++                r = write_string_file(fs, "1", 0);
+                 if (r < 0)
+                         return r;
+ 
+@@ -888,7 +888,7 @@ int cg_uninstall_release_agent(const char *controller) {
+         if (r < 0)
+                 return r;
+ 
+-        r = write_string_file(fs, "0", WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file(fs, "0", 0);
+         if (r < 0)
+                 return r;
+ 
+@@ -898,7 +898,7 @@ int cg_uninstall_release_agent(const char *controller) {
+         if (r < 0)
+                 return r;
+ 
+-        r = write_string_file(fs, "", WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file(fs, "", 0);
+         if (r < 0)
+                 return r;
+ 
+@@ -1814,7 +1814,7 @@ int cg_set_attribute(const char *controller, const char *path, const char *attri
+         if (r < 0)
+                 return r;
+ 
+-        return write_string_file(p, value, WRITE_STRING_FILE_DISABLE_BUFFER);
++        return write_string_file(p, value, 0);
+ }
+ 
+ int cg_get_attribute(const char *controller, const char *path, const char *attribute, char **ret) {
+diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c
+index 2101f617ad..63817bae17 100644
+--- a/src/basic/namespace-util.c
++++ b/src/basic/namespace-util.c
+@@ -227,12 +227,12 @@ int userns_acquire(const char *uid_map, const char *gid_map) {
+                 freeze();
+ 
+         xsprintf(path, "/proc/" PID_FMT "/uid_map", pid);
+-        r = write_string_file(path, uid_map, WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file(path, uid_map, 0);
+         if (r < 0)
+                 return log_error_errno(r, "Failed to write UID map: %m");
+ 
+         xsprintf(path, "/proc/" PID_FMT "/gid_map", pid);
+-        r = write_string_file(path, gid_map, WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file(path, gid_map, 0);
+         if (r < 0)
+                 return log_error_errno(r, "Failed to write GID map: %m");
+ 
+diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c
+index 6cb0ddf575..247cf9e1d1 100644
+--- a/src/basic/procfs-util.c
++++ b/src/basic/procfs-util.c
+@@ -64,13 +64,13 @@ int procfs_tasks_set_limit(uint64_t limit) {
+          * decrease it, as threads-max is the much more relevant sysctl. */
+         if (limit > pid_max-1) {
+                 sprintf(buffer, "%" PRIu64, limit+1); /* Add one, since PID 0 is not a valid PID */
+-                r = write_string_file("/proc/sys/kernel/pid_max", buffer, WRITE_STRING_FILE_DISABLE_BUFFER);
++                r = write_string_file("/proc/sys/kernel/pid_max", buffer, 0);
+                 if (r < 0)
+                         return r;
+         }
+ 
+         sprintf(buffer, "%" PRIu64, limit);
+-        r = write_string_file("/proc/sys/kernel/threads-max", buffer, WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file("/proc/sys/kernel/threads-max", buffer, 0);
+         if (r < 0) {
+                 uint64_t threads_max;
+ 
+diff --git a/src/basic/sysctl-util.c b/src/basic/sysctl-util.c
+index b66a6622ae..8d1c93008a 100644
+--- a/src/basic/sysctl-util.c
++++ b/src/basic/sysctl-util.c
+@@ -58,7 +58,7 @@ int sysctl_write(const char *property, const char *value) {
+ 
+         log_debug("Setting '%s' to '%s'", p, value);
+ 
+-        return write_string_file(p, value, WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL);
++        return write_string_file(p, value, WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL);
+ }
+ 
+ int sysctl_writef(const char *property, const char *format, ...) {
+diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c
+index d21f3f79ff..258607cc7e 100644
+--- a/src/binfmt/binfmt.c
++++ b/src/binfmt/binfmt.c
+@@ -30,7 +30,7 @@ static bool arg_unregister = false;
+ 
+ static int delete_rule(const char *rulename) {
+         const char *fn = strjoina("/proc/sys/fs/binfmt_misc/", rulename);
+-        return write_string_file(fn, "-1", WRITE_STRING_FILE_DISABLE_BUFFER);
++        return write_string_file(fn, "-1", 0);
+ }
+ 
+ static int apply_rule(const char *filename, unsigned line, const char *rule) {
+@@ -58,7 +58,7 @@ static int apply_rule(const char *filename, unsigned line, const char *rule) {
+         if (r >= 0)
+                 log_debug("%s:%u: Rule '%s' deleted.", filename, line, rulename);
+ 
+-        r = write_string_file("/proc/sys/fs/binfmt_misc/register", rule, WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file("/proc/sys/fs/binfmt_misc/register", rule, 0);
+         if (r < 0)
+                 return log_error_errno(r, "%s:%u: Failed to add binary format '%s': %m",
+                                        filename, line, rulename);
+@@ -248,7 +248,7 @@ static int run(int argc, char *argv[]) {
+                         return r;
+ 
+                 /* Flush out all rules */
+-                r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", WRITE_STRING_FILE_DISABLE_BUFFER);
++                r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", 0);
+                 if (r < 0)
+                         log_warning_errno(r, "Failed to flush binfmt_misc rules, ignoring: %m");
+                 else
+diff --git a/src/core/cgroup.c b/src/core/cgroup.c
+index 61ac4df1a6..ea18970196 100644
+--- a/src/core/cgroup.c
++++ b/src/core/cgroup.c
+@@ -4578,7 +4578,7 @@ int unit_cgroup_freezer_action(Unit *u, FreezerAction action) {
+                         u->freezer_state = FREEZER_THAWING;
+         }
+ 
+-        r = write_string_file(path, one_zero(action == FREEZER_FREEZE), WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file(path, one_zero(action == FREEZER_FREEZE), 0);
+         if (r < 0)
+                 return r;
+ 
+diff --git a/src/core/main.c b/src/core/main.c
+index 3f71cc0947..0e5aec3e9e 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -1678,7 +1678,7 @@ static void initialize_core_pattern(bool skip_setup) {
+         if (getpid_cached() != 1)
+                 return;
+ 
+-        r = write_string_file("/proc/sys/kernel/core_pattern", arg_early_core_pattern, WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file("/proc/sys/kernel/core_pattern", arg_early_core_pattern, 0);
+         if (r < 0)
+                 log_warning_errno(r, "Failed to write '%s' to /proc/sys/kernel/core_pattern, ignoring: %m",
+                                   arg_early_core_pattern);
+diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c
+index 7ea902b6f9..1aef2988d0 100644
+--- a/src/core/smack-setup.c
++++ b/src/core/smack-setup.c
+@@ -321,17 +321,17 @@ int mac_smack_setup(bool *loaded_policy) {
+         }
+ 
+ #if HAVE_SMACK_RUN_LABEL
+-        r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL, 0);
+         if (r < 0)
+                 log_warning_errno(r, "Failed to set SMACK label \"" SMACK_RUN_LABEL "\" on self: %m");
+-        r = write_string_file("/sys/fs/smackfs/ambient", SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file("/sys/fs/smackfs/ambient", SMACK_RUN_LABEL, 0);
+         if (r < 0)
+                 log_warning_errno(r, "Failed to set SMACK ambient label \"" SMACK_RUN_LABEL "\": %m");
+         r = write_string_file("/sys/fs/smackfs/netlabel",
+-                              "0.0.0.0/0 " SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER);
++                              "0.0.0.0/0 " SMACK_RUN_LABEL, 0);
+         if (r < 0)
+                 log_warning_errno(r, "Failed to set SMACK netlabel rule \"0.0.0.0/0 " SMACK_RUN_LABEL "\": %m");
+-        r = write_string_file("/sys/fs/smackfs/netlabel", "127.0.0.1 -CIPSO", WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file("/sys/fs/smackfs/netlabel", "127.0.0.1 -CIPSO", 0);
+         if (r < 0)
+                 log_warning_errno(r, "Failed to set SMACK netlabel rule \"127.0.0.1 -CIPSO\": %m");
+ #endif
+diff --git a/src/home/homework.c b/src/home/homework.c
+index 066483e342..5f92dd7064 100644
+--- a/src/home/homework.c
++++ b/src/home/homework.c
+@@ -278,7 +278,7 @@ static void drop_caches_now(void) {
+          * for details. We write "2" into /proc/sys/vm/drop_caches to ensure dentries/inodes are flushed, but
+          * not more. */
+ 
+-        r = write_string_file("/proc/sys/vm/drop_caches", "2\n", WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file("/proc/sys/vm/drop_caches", "2\n", 0);
+         if (r < 0)
+                 log_warning_errno(r, "Failed to drop caches, ignoring: %m");
+         else
+diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
+index 2fbc619a34..09d9591e37 100644
+--- a/src/libsystemd/sd-device/sd-device.c
++++ b/src/libsystemd/sd-device/sd-device.c
+@@ -2516,7 +2516,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr,
+         if (!value)
+                 return -ENOMEM;
+ 
+-        r = write_string_file(path, value, WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_NOFOLLOW);
++        r = write_string_file(path, value, 0 | WRITE_STRING_FILE_NOFOLLOW);
+         if (r < 0) {
+                 /* On failure, clear cache entry, as we do not know how it fails. */
+                 device_remove_cached_sysattr_value(device, sysattr);
+diff --git a/src/nspawn/nspawn-cgroup.c b/src/nspawn/nspawn-cgroup.c
+index a5002437c6..b12e6cd9c9 100644
+--- a/src/nspawn/nspawn-cgroup.c
++++ b/src/nspawn/nspawn-cgroup.c
+@@ -124,7 +124,7 @@ int sync_cgroup(pid_t pid, CGroupUnified unified_requested, uid_t uid_shift) {
+         fn = strjoina(tree, cgroup, "/cgroup.procs");
+ 
+         sprintf(pid_string, PID_FMT, pid);
+-        r = write_string_file(fn, pid_string, WRITE_STRING_FILE_DISABLE_BUFFER|WRITE_STRING_FILE_MKDIR_0755);
++        r = write_string_file(fn, pid_string, WRITE_STRING_FILE_MKDIR_0755);
+         if (r < 0) {
+                 log_error_errno(r, "Failed to move process: %m");
+                 goto finish;
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index 6ab604d3dc..bbec6b686c 100644
+--- a/src/nspawn/nspawn.c
++++ b/src/nspawn/nspawn.c
+@@ -2688,7 +2688,7 @@ static int reset_audit_loginuid(void) {
+         if (streq(p, "4294967295"))
+                 return 0;
+ 
+-        r = write_string_file("/proc/self/loginuid", "4294967295", WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file("/proc/self/loginuid", "4294967295", 0);
+         if (r < 0) {
+                 log_error_errno(r,
+                                 "Failed to reset audit login UID. This probably means that your kernel is too\n"
+@@ -4141,7 +4141,7 @@ static int setup_uid_map(
+                 return log_oom();
+ 
+         xsprintf(uid_map, "/proc/" PID_FMT "/uid_map", pid);
+-        r = write_string_file(uid_map, s, WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file(uid_map, s, 0);
+         if (r < 0)
+                 return log_error_errno(r, "Failed to write UID map: %m");
+ 
+@@ -4151,7 +4151,7 @@ static int setup_uid_map(
+                 return log_oom();
+ 
+         xsprintf(uid_map, "/proc/" PID_FMT "/gid_map", pid);
+-        r = write_string_file(uid_map, s, WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file(uid_map, s, 0);
+         if (r < 0)
+                 return log_error_errno(r, "Failed to write GID map: %m");
+ 
+diff --git a/src/shared/binfmt-util.c b/src/shared/binfmt-util.c
+index a26175474b..1413a9c72c 100644
+--- a/src/shared/binfmt-util.c
++++ b/src/shared/binfmt-util.c
+@@ -46,7 +46,7 @@ int disable_binfmt(void) {
+                 return 0;
+         }
+ 
+-        r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", 0);
+         if (r < 0)
+                 return log_warning_errno(r, "Failed to unregister binfmt_misc entries: %m");
+ 
+diff --git a/src/shared/cgroup-setup.c b/src/shared/cgroup-setup.c
+index 934a16eaf3..c921ced861 100644
+--- a/src/shared/cgroup-setup.c
++++ b/src/shared/cgroup-setup.c
+@@ -351,7 +351,7 @@ int cg_attach(const char *controller, const char *path, pid_t pid) {
+ 
+         xsprintf(c, PID_FMT "\n", pid);
+ 
+-        r = write_string_file(fs, c, WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file(fs, c, 0);
+         if (r == -EOPNOTSUPP && cg_is_threaded(path) > 0)
+                 /* When the threaded mode is used, we cannot read/write the file. Let's return recognizable error. */
+                 return -EUCLEAN;
+@@ -966,7 +966,7 @@ int cg_enable_everywhere(
+                                         return log_debug_errno(errno, "Failed to open cgroup.subtree_control file of %s: %m", p);
+                         }
+ 
+-                        r = write_string_stream(f, s, WRITE_STRING_FILE_DISABLE_BUFFER);
++                        r = write_string_stream(f, s, 0);
+                         if (r < 0) {
+                                 log_debug_errno(r, "Failed to %s controller %s for %s (%s): %m",
+                                                 FLAGS_SET(mask, bit) ? "enable" : "disable", n, p, fs);
+diff --git a/src/shared/coredump-util.c b/src/shared/coredump-util.c
+index 805503f366..01a7ccb291 100644
+--- a/src/shared/coredump-util.c
++++ b/src/shared/coredump-util.c
+@@ -163,7 +163,7 @@ int set_coredump_filter(uint64_t value) {
+         xsprintf(t, "0x%"PRIx64, value);
+ 
+         return write_string_file("/proc/self/coredump_filter", t,
+-                                 WRITE_STRING_FILE_VERIFY_ON_FAILURE|WRITE_STRING_FILE_DISABLE_BUFFER);
++                                 0);
+ }
+ 
+ /* Turn off core dumps but only if we're running outside of a container. */
+@@ -173,7 +173,7 @@ void disable_coredumps(void) {
+         if (detect_container() > 0)
+                 return;
+ 
+-        r = write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", 0);
+         if (r < 0)
+                 log_debug_errno(r, "Failed to turn off coredumps, ignoring: %m");
+ }
+diff --git a/src/shared/hibernate-util.c b/src/shared/hibernate-util.c
+index 3eb13d48f6..d09b901be1 100644
+--- a/src/shared/hibernate-util.c
++++ b/src/shared/hibernate-util.c
+@@ -481,7 +481,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) {
+ 
+         /* We write the offset first since it's safer. Note that this file is only available in 4.17+, so
+          * fail gracefully if it doesn't exist and we're only overwriting it with 0. */
+-        r = write_string_file("/sys/power/resume_offset", offset_str, WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file("/sys/power/resume_offset", offset_str, 0);
+         if (r == -ENOENT) {
+                 if (offset != 0)
+                         return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
+@@ -497,7 +497,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) {
+                 log_debug("Wrote resume_offset=%s for device '%s' to /sys/power/resume_offset.",
+                           offset_str, device);
+ 
+-        r = write_string_file("/sys/power/resume", devno_str, WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file("/sys/power/resume", devno_str, 0);
+         if (r < 0)
+                 return log_error_errno(r,
+                                        "Failed to write device '%s' (%s) to /sys/power/resume: %m",
+diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c
+index 1f88e724d0..feb18b320a 100644
+--- a/src/shared/smack-util.c
++++ b/src/shared/smack-util.c
+@@ -113,7 +113,7 @@ int mac_smack_apply_pid(pid_t pid, const char *label) {
+                 return 0;
+ 
+         p = procfs_file_alloca(pid, "attr/current");
+-        r = write_string_file(p, label, WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file(p, label, 0);
+         if (r < 0)
+                 return r;
+ 
+diff --git a/src/shared/watchdog.c b/src/shared/watchdog.c
+index 4c1a968718..6faf6806a5 100644
+--- a/src/shared/watchdog.c
++++ b/src/shared/watchdog.c
+@@ -93,7 +93,7 @@ static int set_pretimeout_governor(const char *governor) {
+ 
+         r = write_string_file(sys_fn,
+                               governor,
+-                              WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE);
++                              WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE);
+         if (r < 0)
+                 return log_error_errno(r, "Failed to set pretimeout_governor to '%s': %m", governor);
+ 
+diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c
+index 21af3e9e52..6d4b84b5d5 100644
+--- a/src/sleep/sleep.c
++++ b/src/sleep/sleep.c
+@@ -137,7 +137,7 @@ static int write_state(int fd, char * const *states) {
+                 if (k < 0)
+                         return RET_GATHER(r, k);
+ 
+-                k = write_string_stream(f, *state, WRITE_STRING_FILE_DISABLE_BUFFER);
++                k = write_string_stream(f, *state, 0);
+                 if (k >= 0) {
+                         log_debug("Using sleep state '%s'.", *state);
+                         return 0;
+@@ -155,7 +155,7 @@ static int write_mode(char * const *modes) {
+         STRV_FOREACH(mode, modes) {
+                 int k;
+ 
+-                k = write_string_file("/sys/power/disk", *mode, WRITE_STRING_FILE_DISABLE_BUFFER);
++                k = write_string_file("/sys/power/disk", *mode, 0);
+                 if (k >= 0) {
+                         log_debug("Using sleep disk mode '%s'.", *mode);
+                         return 0;
+diff --git a/src/storagetm/storagetm.c b/src/storagetm/storagetm.c
+index ae63baaf79..82eeca479a 100644
+--- a/src/storagetm/storagetm.c
++++ b/src/storagetm/storagetm.c
+@@ -186,7 +186,7 @@ static int nvme_subsystem_unlink(NvmeSubsystem *s) {
+                                         if (!enable_fn)
+                                                 return log_oom();
+ 
+-                                        r = write_string_file_at(namespaces_fd, enable_fn, "0", WRITE_STRING_FILE_DISABLE_BUFFER);
++                                        r = write_string_file_at(namespaces_fd, enable_fn, "0", 0);
+                                         if (r < 0)
+                                                 log_warning_errno(r, "Failed to disable namespace '%s' of NVME subsystem '%s', ignoring: %m", e->d_name, s->name);
+ 
+@@ -254,7 +254,7 @@ static int nvme_subsystem_write_metadata(int subsystem_fd, sd_device *device) {
+                 _cleanup_free_ char *truncated = strndup(w, 40); /* kernel refuses more than 40 chars (as per nvme spec) */
+ 
+                 /* The default string stored in 'attr_model' is "Linux" btw. */
+-                r = write_string_file_at(subsystem_fd, "attr_model", truncated, WRITE_STRING_FILE_DISABLE_BUFFER);
++                r = write_string_file_at(subsystem_fd, "attr_model", truncated, 0);
+                 if (r < 0)
+                         log_warning_errno(r, "Failed to set model of subsystem to '%s', ignoring: %m", w);
+         }
+@@ -268,7 +268,7 @@ static int nvme_subsystem_write_metadata(int subsystem_fd, sd_device *device) {
+                         return log_oom();
+ 
+                  /* The default string stored in 'attr_firmware' is `uname -r` btw, but truncated to 8 chars. */
+-                r = write_string_file_at(subsystem_fd, "attr_firmware", truncated, WRITE_STRING_FILE_DISABLE_BUFFER);
++                r = write_string_file_at(subsystem_fd, "attr_firmware", truncated, 0);
+                 if (r < 0)
+                         log_warning_errno(r, "Failed to set model of subsystem to '%s', ignoring: %m", truncated);
+         }
+@@ -295,7 +295,7 @@ static int nvme_subsystem_write_metadata(int subsystem_fd, sd_device *device) {
+                 if (!truncated)
+                         return log_oom();
+ 
+-                r = write_string_file_at(subsystem_fd, "attr_serial", truncated, WRITE_STRING_FILE_DISABLE_BUFFER);
++                r = write_string_file_at(subsystem_fd, "attr_serial", truncated, 0);
+                 if (r < 0)
+                         log_warning_errno(r, "Failed to set serial of subsystem to '%s', ignoring: %m", truncated);
+         }
+@@ -345,7 +345,7 @@ static int nvme_namespace_write_metadata(int namespace_fd, sd_device *device, co
+                 id = id128_digest(j, l);
+         }
+ 
+-        r = write_string_file_at(namespace_fd, "device_uuid", SD_ID128_TO_UUID_STRING(id), WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file_at(namespace_fd, "device_uuid", SD_ID128_TO_UUID_STRING(id), 0);
+         if (r < 0)
+                 log_warning_errno(r, "Failed to set uuid of namespace to '%s', ignoring: %m", SD_ID128_TO_UUID_STRING(id));
+ 
+@@ -408,7 +408,7 @@ static int nvme_subsystem_add(const char *node, int consumed_fd, sd_device *devi
+         if (subsystem_fd < 0)
+                 return log_error_errno(subsystem_fd, "Failed to create NVME subsystem '%s': %m", j);
+ 
+-        r = write_string_file_at(subsystem_fd, "attr_allow_any_host", "1", WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file_at(subsystem_fd, "attr_allow_any_host", "1", 0);
+         if (r < 0)
+                 return log_error_errno(r, "Failed to set 'attr_allow_any_host' flag: %m");
+ 
+@@ -423,11 +423,11 @@ static int nvme_subsystem_add(const char *node, int consumed_fd, sd_device *devi
+ 
+         /* We use /proc/$PID/fd/$FD rather than /proc/self/fd/$FD, because this string is visible to others
+          * via configfs, and by including the PID it's clear to who the stuff belongs. */
+-        r = write_string_file_at(namespace_fd, "device_path", FORMAT_PROC_PID_FD_PATH(0, fd), WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file_at(namespace_fd, "device_path", FORMAT_PROC_PID_FD_PATH(0, fd), 0);
+         if (r < 0)
+                 return log_error_errno(r, "Failed to write 'device_path' attribute: %m");
+ 
+-        r = write_string_file_at(namespace_fd, "enable", "1", WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file_at(namespace_fd, "enable", "1", 0);
+         if (r < 0)
+                 return log_error_errno(r, "Failed to write 'enable' attribute: %m");
+ 
+@@ -557,19 +557,19 @@ static int nvme_port_add_portnr(
+                 return 0;
+         }
+ 
+-        r = write_string_file_at(port_fd, "addr_adrfam", af_to_ipv4_ipv6(ip_family), WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file_at(port_fd, "addr_adrfam", af_to_ipv4_ipv6(ip_family), 0);
+         if (r < 0)
+                 return log_error_errno(r, "Failed to set address family on NVME port %" PRIu16 ": %m", portnr);
+ 
+-        r = write_string_file_at(port_fd, "addr_trtype", "tcp", WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file_at(port_fd, "addr_trtype", "tcp", 0);
+         if (r < 0)
+                 return log_error_errno(r, "Failed to set transport type on NVME port %" PRIu16 ": %m", portnr);
+ 
+-        r = write_string_file_at(port_fd, "addr_trsvcid", fname, WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file_at(port_fd, "addr_trsvcid", fname, 0);
+         if (r < 0)
+                 return log_error_errno(r, "Failed to set IP port on NVME port %" PRIu16 ": %m", portnr);
+ 
+-        r = write_string_file_at(port_fd, "addr_traddr", ip_family == AF_INET6 ? "::" : "0.0.0.0", WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file_at(port_fd, "addr_traddr", ip_family == AF_INET6 ? "::" : "0.0.0.0", 0);
+         if (r < 0)
+                 return log_error_errno(r, "Failed to set IP address on NVME port %" PRIu16 ": %m", portnr);
+ 
+diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
+index febe345b4c..a90b610ba1 100644
+--- a/src/udev/udev-rules.c
++++ b/src/udev/udev-rules.c
+@@ -2711,7 +2711,6 @@ static int udev_rule_apply_token_to_event(
+                 log_event_debug(dev, token, "ATTR '%s' writing '%s'", buf, value);
+                 r = write_string_file(buf, value,
+                                       WRITE_STRING_FILE_VERIFY_ON_FAILURE |
+-                                      WRITE_STRING_FILE_DISABLE_BUFFER |
+                                       WRITE_STRING_FILE_AVOID_NEWLINE |
+                                       WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE);
+                 if (r < 0)
+diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c
+index 4d82c65f0a..3a3d861b83 100644
+--- a/src/vconsole/vconsole-setup.c
++++ b/src/vconsole/vconsole-setup.c
+@@ -261,7 +261,7 @@ static int toggle_utf8_vc(const char *name, int fd, bool utf8) {
+ static int toggle_utf8_sysfs(bool utf8) {
+         int r;
+ 
+-        r = write_string_file("/sys/module/vt/parameters/default_utf8", one_zero(utf8), WRITE_STRING_FILE_DISABLE_BUFFER);
++        r = write_string_file("/sys/module/vt/parameters/default_utf8", one_zero(utf8), 0);
+         if (r < 0)
+                 return log_warning_errno(r, "Failed to %s sysfs UTF-8 flag: %m", enable_disable(utf8));
+ 
+-- 
+2.34.1
+
diff --git a/poky/meta/recipes-core/systemd/systemd/0022-Handle-__cpu_mask-usage.patch b/poky/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch
similarity index 83%
rename from poky/meta/recipes-core/systemd/systemd/0022-Handle-__cpu_mask-usage.patch
rename to poky/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch
index 580aff3..43f7537 100644
--- a/poky/meta/recipes-core/systemd/systemd/0022-Handle-__cpu_mask-usage.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch
@@ -1,7 +1,7 @@
-From a50ec65dbe660421052656dda7499c925005f486 Mon Sep 17 00:00:00 2001
+From 2f90f8463423cfbb7e83fcef42f1071018c3b56e Mon Sep 17 00:00:00 2001
 From: Scott Murray <scott.murray@konsulko.com>
 Date: Fri, 13 Sep 2019 19:26:27 -0400
-Subject: [PATCH] Handle __cpu_mask usage
+Subject: [PATCH 13/22] Handle __cpu_mask usage
 
 Fixes errors:
 
@@ -23,6 +23,8 @@
  src/test/test-sizeof.c    | 2 +-
  2 files changed, 3 insertions(+), 1 deletion(-)
 
+diff --git a/src/shared/cpu-set-util.h b/src/shared/cpu-set-util.h
+index 3c63a58826..4c2d4347fc 100644
 --- a/src/shared/cpu-set-util.h
 +++ b/src/shared/cpu-set-util.h
 @@ -6,6 +6,8 @@
@@ -34,6 +36,8 @@
  /* This wraps the libc interface with a variable to keep the allocated size. */
  typedef struct CPUSet {
          cpu_set_t *set;
+diff --git a/src/test/test-sizeof.c b/src/test/test-sizeof.c
+index ea0c58770e..b65c0bd370 100644
 --- a/src/test/test-sizeof.c
 +++ b/src/test/test-sizeof.c
 @@ -1,6 +1,5 @@
@@ -51,3 +55,6 @@
  
  /* Print information about various types. Useful when diagnosing
   * gcc diagnostics on an unfamiliar architecture. */
+-- 
+2.34.1
+
diff --git a/poky/meta/recipes-core/systemd/systemd/0023-Handle-missing-gshadow.patch b/poky/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch
similarity index 96%
rename from poky/meta/recipes-core/systemd/systemd/0023-Handle-missing-gshadow.patch
rename to poky/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch
index 19ee3ff..a751e1b 100644
--- a/poky/meta/recipes-core/systemd/systemd/0023-Handle-missing-gshadow.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch
@@ -1,7 +1,7 @@
-From ebf0f69d8614b8d86a971b97ff0d847d1e5d47c9 Mon Sep 17 00:00:00 2001
+From b7c827bb44edbb6251c9fcdb80aa03982c0e7bf3 Mon Sep 17 00:00:00 2001
 From: Alex Kiernan <alex.kiernan@gmail.com>
 Date: Tue, 10 Mar 2020 11:05:20 +0000
-Subject: [PATCH] Handle missing gshadow
+Subject: [PATCH 14/22] Handle missing gshadow
 
 gshadow usage is now present in the userdb code. Mask all uses of it to
 allow compilation on musl
@@ -17,7 +17,7 @@
  3 files changed, 30 insertions(+), 1 deletion(-)
 
 diff --git a/src/shared/user-record-nss.c b/src/shared/user-record-nss.c
-index 88b8fc2f8f..a819d41bac 100644
+index 414a49331b..1a4e1b628c 100644
 --- a/src/shared/user-record-nss.c
 +++ b/src/shared/user-record-nss.c
 @@ -329,8 +329,10 @@ int nss_group_to_group_record(
@@ -138,7 +138,7 @@
  #include <shadow.h>
  
 diff --git a/src/shared/userdb.c b/src/shared/userdb.c
-index a77eff4407..955e361d3a 100644
+index f60d48ace4..e878199a28 100644
 --- a/src/shared/userdb.c
 +++ b/src/shared/userdb.c
 @@ -1038,13 +1038,15 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) {
@@ -169,5 +169,5 @@
                                  return r;
  
 -- 
-2.39.2
+2.34.1
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0024-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch b/poky/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
similarity index 84%
rename from poky/meta/recipes-core/systemd/systemd/0024-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
rename to poky/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
index d64cec1..e112766 100644
--- a/poky/meta/recipes-core/systemd/systemd/0024-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
@@ -1,7 +1,7 @@
-From a2f56a2a6cdd5137bb1e680aa9f6c40540107166 Mon Sep 17 00:00:00 2001
+From 3dc9d9d410bcce54fddfd94f43f7f77f3aa8e281 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 12 Apr 2021 23:44:53 -0700
-Subject: [PATCH] missing_syscall.h: Define MIPS ABI defines for musl
+Subject: [PATCH 15/22] missing_syscall.h: Define MIPS ABI defines for musl
 
 musl does not define _MIPS_SIM_ABI32, _MIPS_SIM_NABI32, _MIPS_SIM_ABI64
 unlike glibc where these are provided by libc headers, therefore define
@@ -16,7 +16,7 @@
  2 files changed, 7 insertions(+)
 
 diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
-index 98cd037962..ea6a76c2e2 100644
+index d795efd8f2..d6729d3c1d 100644
 --- a/src/basic/missing_syscall.h
 +++ b/src/basic/missing_syscall.h
 @@ -20,6 +20,12 @@
@@ -33,7 +33,7 @@
  #include "missing_keyctl.h"
  #include "missing_stat.h"
 diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c
-index 2726dc946a..484f63e0b4 100644
+index 7ae921a113..0ef9d1fd39 100644
 --- a/src/shared/base-filesystem.c
 +++ b/src/shared/base-filesystem.c
 @@ -20,6 +20,7 @@
@@ -45,5 +45,5 @@
  typedef struct BaseFilesystem {
          const char *dir;      /* directory or symlink to create */
 -- 
-2.39.2
+2.34.1
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0005-pass-correct-parameters-to-getdents64.patch b/poky/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch
similarity index 92%
rename from poky/meta/recipes-core/systemd/systemd/0005-pass-correct-parameters-to-getdents64.patch
rename to poky/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch
index c634d8e..0be817e 100644
--- a/poky/meta/recipes-core/systemd/systemd/0005-pass-correct-parameters-to-getdents64.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch
@@ -1,7 +1,7 @@
-From 17766c64ecc7dedf09ed2d361690fc4eda77bf42 Mon Sep 17 00:00:00 2001
+From 0994b59dba9f248ad31cb7087046dc00b72cb4ea Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Fri, 21 Jan 2022 15:15:11 -0800
-Subject: [PATCH] pass correct parameters to getdents64
+Subject: [PATCH 16/22] pass correct parameters to getdents64
 
 Fixes
 ../git/src/basic/recurse-dir.c:57:40: error: incompatible pointer types passing 'uint8_t *' (aka 'unsigned char *') to parameter of type 'struct dirent *' [-Werror,-Wincompatible-pointer-types]
@@ -33,5 +33,5 @@
                          return -errno;
                  if (n == 0)
 -- 
-2.39.2
+2.34.1
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0001-Adjust-for-musl-headers.patch b/poky/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch
similarity index 89%
rename from poky/meta/recipes-core/systemd/systemd/0001-Adjust-for-musl-headers.patch
rename to poky/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch
index 5e9646c..4176522 100644
--- a/poky/meta/recipes-core/systemd/systemd/0001-Adjust-for-musl-headers.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch
@@ -1,11 +1,14 @@
-From e5f067cb3dc845dd865e450f4e64077b28feb4c0 Mon Sep 17 00:00:00 2001
+From 3c094d443ca30f19114392fd8ef274af6eabc12d Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Fri, 21 Jan 2022 22:19:37 -0800
-Subject: [PATCH] Adjust for musl headers
+Subject: [PATCH 17/22] Adjust for musl headers
 
 Upstream-Status: Inappropriate [musl specific]
 
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+[Rebased for v255.1]
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
 ---
  src/libsystemd-network/sd-dhcp6-client.c      | 2 +-
  src/network/netdev/bareudp.c                  | 2 +-
@@ -33,7 +36,7 @@
  src/network/netdev/xfrm.c                     | 2 +-
  src/network/networkd-bridge-mdb.c             | 4 ++--
  src/network/networkd-dhcp-common.c            | 3 ++-
- src/network/networkd-dhcp-prefix-delegation.c | 4 ++--
+ src/network/networkd-dhcp-prefix-delegation.c | 3 ++-
  src/network/networkd-dhcp-server.c            | 2 +-
  src/network/networkd-dhcp4.c                  | 2 +-
  src/network/networkd-ipv6ll.c                 | 2 +-
@@ -41,13 +44,14 @@
  src/network/networkd-ndisc.c                  | 2 +-
  src/network/networkd-route.c                  | 8 ++++----
  src/network/networkd-setlink.c                | 2 +-
+ src/network/networkd-sysctl.c                 | 2 +-
  src/shared/linux/ethtool.h                    | 3 ++-
  src/shared/netif-util.c                       | 2 +-
  src/udev/udev-builtin-net_id.c                | 2 +-
- 37 files changed, 44 insertions(+), 42 deletions(-)
+ 38 files changed, 45 insertions(+), 42 deletions(-)
 
 diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c
-index 57dd91f81f..2b7f4fa3a7 100644
+index c20367dfc9..b8d4cd8c2a 100644
 --- a/src/libsystemd-network/sd-dhcp6-client.c
 +++ b/src/libsystemd-network/sd-dhcp6-client.c
 @@ -5,7 +5,7 @@
@@ -60,7 +64,7 @@
  
  #include "sd-dhcp6-client.h"
 diff --git a/src/network/netdev/bareudp.c b/src/network/netdev/bareudp.c
-index 24d3afb877..f6241b41ee 100644
+index 1df886573b..c8b6714726 100644
 --- a/src/network/netdev/bareudp.c
 +++ b/src/network/netdev/bareudp.c
 @@ -2,7 +2,7 @@
@@ -73,7 +77,7 @@
  #include "bareudp.h"
  #include "netlink-util.h"
 diff --git a/src/network/netdev/batadv.c b/src/network/netdev/batadv.c
-index 7e97619657..50fcffcfdf 100644
+index 26da0231d4..2e8002af8c 100644
 --- a/src/network/netdev/batadv.c
 +++ b/src/network/netdev/batadv.c
 @@ -3,7 +3,7 @@
@@ -86,7 +90,7 @@
  #include "batadv.h"
  #include "fileio.h"
 diff --git a/src/network/netdev/bond.c b/src/network/netdev/bond.c
-index 601bff0a9c..dfed8d9e54 100644
+index 4d75a0d6bf..985b3197e0 100644
 --- a/src/network/netdev/bond.c
 +++ b/src/network/netdev/bond.c
 @@ -1,7 +1,7 @@
@@ -99,7 +103,7 @@
  #include "alloc-util.h"
  #include "bond.h"
 diff --git a/src/network/netdev/bridge.c b/src/network/netdev/bridge.c
-index b65c3b49fc..6875b4fbdb 100644
+index 3e394edadf..f12f667687 100644
 --- a/src/network/netdev/bridge.c
 +++ b/src/network/netdev/bridge.c
 @@ -2,7 +2,7 @@
@@ -124,7 +128,7 @@
  #include "dummy.h"
  
 diff --git a/src/network/netdev/geneve.c b/src/network/netdev/geneve.c
-index 777a32d75c..73bfa2b5c1 100644
+index bc655ec7ff..a77e8e17e4 100644
 --- a/src/network/netdev/geneve.c
 +++ b/src/network/netdev/geneve.c
 @@ -2,7 +2,7 @@
@@ -150,7 +154,7 @@
  #include "ifb.h"
  
 diff --git a/src/network/netdev/ipoib.c b/src/network/netdev/ipoib.c
-index 5dd9286d57..4036d66dad 100644
+index d5fe299b7b..c9c8002eac 100644
 --- a/src/network/netdev/ipoib.c
 +++ b/src/network/netdev/ipoib.c
 @@ -1,6 +1,6 @@
@@ -162,7 +166,7 @@
  
  #include "ipoib.h"
 diff --git a/src/network/netdev/ipvlan.c b/src/network/netdev/ipvlan.c
-index 058eadebd7..c470ebb6d7 100644
+index 05d5d010f6..d440f49537 100644
 --- a/src/network/netdev/ipvlan.c
 +++ b/src/network/netdev/ipvlan.c
 @@ -2,7 +2,7 @@
@@ -175,7 +179,7 @@
  #include "conf-parser.h"
  #include "ipvlan.h"
 diff --git a/src/network/netdev/macsec.c b/src/network/netdev/macsec.c
-index 0da3dd4bd2..eb20f04469 100644
+index 17d6acefb6..679d0984f9 100644
 --- a/src/network/netdev/macsec.c
 +++ b/src/network/netdev/macsec.c
 @@ -1,7 +1,7 @@
@@ -188,7 +192,7 @@
  #include <linux/if_macsec.h>
  #include <linux/genetlink.h>
 diff --git a/src/network/netdev/macvlan.c b/src/network/netdev/macvlan.c
-index 1114bb0cb1..6c79a219a4 100644
+index 203807e3a5..8ab09a387e 100644
 --- a/src/network/netdev/macvlan.c
 +++ b/src/network/netdev/macvlan.c
 @@ -2,7 +2,7 @@
@@ -201,7 +205,7 @@
  #include "conf-parser.h"
  #include "macvlan.h"
 diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c
-index 038a27c118..67155f0db7 100644
+index 57127a861a..7f787d0b9f 100644
 --- a/src/network/netdev/netdev.c
 +++ b/src/network/netdev/netdev.c
 @@ -2,7 +2,7 @@
@@ -238,7 +242,7 @@
  #include "nlmon.h"
  
 diff --git a/src/network/netdev/tunnel.c b/src/network/netdev/tunnel.c
-index 2addfeecaa..954987f26d 100644
+index db84e7cf6e..93d5642962 100644
 --- a/src/network/netdev/tunnel.c
 +++ b/src/network/netdev/tunnel.c
 @@ -2,7 +2,7 @@
@@ -263,7 +267,7 @@
  #include "vcan.h"
  
 diff --git a/src/network/netdev/veth.c b/src/network/netdev/veth.c
-index fb00e6667f..f52d9ee89a 100644
+index e0f5b4ebb1..8a424ed03d 100644
 --- a/src/network/netdev/veth.c
 +++ b/src/network/netdev/veth.c
 @@ -3,7 +3,7 @@
@@ -276,7 +280,7 @@
  
  #include "netlink-util.h"
 diff --git a/src/network/netdev/vlan.c b/src/network/netdev/vlan.c
-index a3d961dac3..386b567a42 100644
+index 2390206993..efec630e30 100644
 --- a/src/network/netdev/vlan.c
 +++ b/src/network/netdev/vlan.c
 @@ -2,7 +2,7 @@
@@ -289,7 +293,7 @@
  
  #include "parse-util.h"
 diff --git a/src/network/netdev/vrf.c b/src/network/netdev/vrf.c
-index 05ef3ff13d..825fc4a398 100644
+index b75ec2bcc6..6aeeea640b 100644
 --- a/src/network/netdev/vrf.c
 +++ b/src/network/netdev/vrf.c
 @@ -2,7 +2,7 @@
@@ -302,7 +306,7 @@
  #include "vrf.h"
  
 diff --git a/src/network/netdev/vxcan.c b/src/network/netdev/vxcan.c
-index 83269b0707..39c6dbe29c 100644
+index c0343f45b6..f9e718f40b 100644
 --- a/src/network/netdev/vxcan.c
 +++ b/src/network/netdev/vxcan.c
 @@ -1,7 +1,7 @@
@@ -315,7 +319,7 @@
  #include "vxcan.h"
  
 diff --git a/src/network/netdev/vxlan.c b/src/network/netdev/vxlan.c
-index 589161938a..0ec9625b7a 100644
+index b11fdbbd0d..a971a917f0 100644
 --- a/src/network/netdev/vxlan.c
 +++ b/src/network/netdev/vxlan.c
 @@ -2,7 +2,7 @@
@@ -328,7 +332,7 @@
  #include "conf-parser.h"
  #include "alloc-util.h"
 diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c
-index 51e7e02990..fc36c0623a 100644
+index 4c7d837c41..6df6dfb816 100644
 --- a/src/network/netdev/wireguard.c
 +++ b/src/network/netdev/wireguard.c
 @@ -6,7 +6,7 @@
@@ -341,7 +345,7 @@
  
  #include "sd-resolve.h"
 diff --git a/src/network/netdev/xfrm.c b/src/network/netdev/xfrm.c
-index a961d8fef2..6c1815b257 100644
+index 905bfc0bdf..39e34dbb3b 100644
 --- a/src/network/netdev/xfrm.c
 +++ b/src/network/netdev/xfrm.c
 @@ -1,6 +1,6 @@
@@ -374,7 +378,7 @@
  #define STATIC_BRIDGE_MDB_ENTRIES_PER_NETWORK_MAX 1024U
  
 diff --git a/src/network/networkd-dhcp-common.c b/src/network/networkd-dhcp-common.c
-index ca9a825e7b..8735e261ad 100644
+index 080b15387c..efe8283957 100644
 --- a/src/network/networkd-dhcp-common.c
 +++ b/src/network/networkd-dhcp-common.c
 @@ -1,7 +1,8 @@
@@ -388,18 +392,17 @@
  #include "bus-error.h"
  #include "bus-locator.h"
 diff --git a/src/network/networkd-dhcp-prefix-delegation.c b/src/network/networkd-dhcp-prefix-delegation.c
-index 66c5e979d9..581b6b8c29 100644
+index af2fe9efcd..511565700f 100644
 --- a/src/network/networkd-dhcp-prefix-delegation.c
 +++ b/src/network/networkd-dhcp-prefix-delegation.c
-@@ -1,7 +1,5 @@
+@@ -1,6 +1,5 @@
  /* SPDX-License-Identifier: LGPL-2.1-or-later */
  
 -#include <linux/ipv6_route.h>
--
- #include "sd-dhcp6-client.h"
  
+ #include "dhcp6-lease-internal.h"
  #include "hashmap.h"
-@@ -21,6 +19,8 @@
+@@ -20,6 +19,8 @@
  #include "strv.h"
  #include "tunnel.h"
  
@@ -409,7 +412,7 @@
          assert(link);
  
 diff --git a/src/network/networkd-dhcp-server.c b/src/network/networkd-dhcp-server.c
-index 620fbbddc7..c8af20fb34 100644
+index 607fe0053c..9ce4005874 100644
 --- a/src/network/networkd-dhcp-server.c
 +++ b/src/network/networkd-dhcp-server.c
 @@ -1,7 +1,7 @@
@@ -422,7 +425,7 @@
  
  #include "sd-dhcp-server.h"
 diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c
-index d4b4942173..3d78da5609 100644
+index efbae6d868..1ea2151d50 100644
 --- a/src/network/networkd-dhcp4.c
 +++ b/src/network/networkd-dhcp4.c
 @@ -3,7 +3,7 @@
@@ -448,7 +451,7 @@
  #include "in-addr-util.h"
  #include "networkd-address.h"
 diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
-index 019bef0590..657fc41ae6 100644
+index ee5f0f2c0a..ea5269a2de 100644
 --- a/src/network/networkd-link.c
 +++ b/src/network/networkd-link.c
 @@ -3,7 +3,7 @@
@@ -461,7 +464,7 @@
  #include <linux/netdevice.h>
  #include <sys/socket.h>
 diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c
-index 99a07e16fc..e51cd81d96 100644
+index ab9eeb13a5..dd96fe7483 100644
 --- a/src/network/networkd-ndisc.c
 +++ b/src/network/networkd-ndisc.c
 @@ -6,7 +6,7 @@
@@ -474,7 +477,7 @@
  #include "sd-ndisc.h"
  
 diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c
-index 5214a8ad2c..9dd758daae 100644
+index 7218d799fc..30d5574eae 100644
 --- a/src/network/networkd-route.c
 +++ b/src/network/networkd-route.c
 @@ -1,9 +1,5 @@
@@ -499,7 +502,7 @@
          _cleanup_(route_freep) Route *route = NULL;
  
 diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c
-index 541c4b8a72..06ebda8f0f 100644
+index 2298f9ea3a..7d5f87de53 100644
 --- a/src/network/networkd-setlink.c
 +++ b/src/network/networkd-setlink.c
 @@ -2,7 +2,7 @@
@@ -511,8 +514,21 @@
  #include <linux/if_bridge.h>
  
  #include "missing_network.h"
+diff --git a/src/network/networkd-sysctl.c b/src/network/networkd-sysctl.c
+index 2b226b2e2a..f12a474e2f 100644
+--- a/src/network/networkd-sysctl.c
++++ b/src/network/networkd-sysctl.c
+@@ -2,7 +2,7 @@
+ 
+ #include <netinet/in.h>
+ #include <linux/if.h>
+-#include <linux/if_arp.h>
++//#include <linux/if_arp.h>
+ 
+ #include "missing_network.h"
+ #include "networkd-link.h"
 diff --git a/src/shared/linux/ethtool.h b/src/shared/linux/ethtool.h
-index 1458de3627..d5c2d2e0ac 100644
+index 3d1da515c0..3fca9a4faf 100644
 --- a/src/shared/linux/ethtool.h
 +++ b/src/shared/linux/ethtool.h
 @@ -16,7 +16,8 @@
@@ -539,7 +555,7 @@
  #include "arphrd-util.h"
  #include "device-util.h"
 diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
-index a48d5dedf8..31a8bc1b3c 100644
+index f528a46b8e..830318cda5 100644
 --- a/src/udev/udev-builtin-net_id.c
 +++ b/src/udev/udev-builtin-net_id.c
 @@ -18,7 +18,7 @@
@@ -552,5 +568,5 @@
  #include <linux/pci_regs.h>
  
 -- 
-2.39.2
+2.34.1
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0006-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch b/poky/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch
similarity index 89%
rename from poky/meta/recipes-core/systemd/systemd/0006-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch
rename to poky/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch
index 96322e5..75f6b90 100644
--- a/poky/meta/recipes-core/systemd/systemd/0006-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch
@@ -1,8 +1,8 @@
-From fa598869cca684c001f3dc23ce2198f5a6169e2a Mon Sep 17 00:00:00 2001
+From be02bd0876a061728661535a709d313e39fe1ac3 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Tue, 8 Nov 2022 13:31:34 -0800
-Subject: [PATCH] test-bus-error: strerror() is assumed to be GNU specific
- version mark it so
+Subject: [PATCH 18/22] test-bus-error: strerror() is assumed to be GNU
+ specific version mark it so
 
 Upstream-Status: Inappropriate [Upstream systemd only supports glibc]
 
@@ -27,7 +27,7 @@
          assert_se(sd_bus_error_get_errno(&error) == EBUSY);
          assert_se(sd_bus_error_is_set(&error));
 diff --git a/src/test/test-errno-util.c b/src/test/test-errno-util.c
-index d3d022c33f..74e95c804d 100644
+index 376d532281..967cfd4d67 100644
 --- a/src/test/test-errno-util.c
 +++ b/src/test/test-errno-util.c
 @@ -4,7 +4,7 @@
@@ -48,5 +48,5 @@
  TEST(PROTECT_ERRNO) {
          errno = 12;
 -- 
-2.39.2
+2.34.1
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0003-errno-util-Make-STRERROR-portable-for-musl.patch b/poky/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch
similarity index 81%
rename from poky/meta/recipes-core/systemd/systemd/0003-errno-util-Make-STRERROR-portable-for-musl.patch
rename to poky/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch
index fcc56a2..e038b73 100644
--- a/poky/meta/recipes-core/systemd/systemd/0003-errno-util-Make-STRERROR-portable-for-musl.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch
@@ -1,7 +1,7 @@
-From f629a76e0fba300a9d511614160fee38dd4a5e57 Mon Sep 17 00:00:00 2001
+From 46d80840bfe37e67d4f18c37a77751ea1fe63a07 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 23 Jan 2023 23:39:46 -0800
-Subject: [PATCH] errno-util: Make STRERROR portable for musl
+Subject: [PATCH 19/22] errno-util: Make STRERROR portable for musl
 
 Sadly, systemd has decided to use yet another GNU extention in a macro
 lets make this such that we can use XSI compliant strerror_r() for
@@ -11,20 +11,21 @@
 
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 ---
- src/basic/errno-util.h | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
+ src/basic/errno-util.h | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
 
 diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h
-index 091f99c590..eb5c1f9961 100644
+index 27804e6382..274c1c6ef1 100644
 --- a/src/basic/errno-util.h
 +++ b/src/basic/errno-util.h
-@@ -14,8 +14,16 @@
+@@ -15,8 +15,16 @@
   * https://stackoverflow.com/questions/34880638/compound-literal-lifetime-and-if-blocks
   *
   * Note that we use the GNU variant of strerror_r() here. */
 -#define STRERROR(errnum) strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN)
+-
 +static inline const char * STRERROR(int errnum);
- 
++
 +static inline const char * STRERROR(int errnum) {
 +#ifdef __GLIBC__
 +        return strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN);
@@ -37,5 +38,5 @@
   * Note that we can't use ({ … }) to define a temporary variable, so errnum is
   * evaluated twice. */
 -- 
-2.39.2
+2.34.1
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0028-sd-event-Make-malloc_trim-conditional-on-glibc.patch b/poky/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch
similarity index 85%
rename from poky/meta/recipes-core/systemd/systemd/0028-sd-event-Make-malloc_trim-conditional-on-glibc.patch
rename to poky/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch
index c9ec000..b83fffe 100644
--- a/poky/meta/recipes-core/systemd/systemd/0028-sd-event-Make-malloc_trim-conditional-on-glibc.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch
@@ -1,7 +1,7 @@
-From 148645ba8b62f04c7c5ff5907378663f97880f22 Mon Sep 17 00:00:00 2001
+From 9eb4867b4e2dbdb2484ae854022aff97e2f0feb3 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Wed, 2 Aug 2023 12:06:27 -0700
-Subject: [PATCH 1/4] sd-event: Make malloc_trim() conditional on glibc
+Subject: [PATCH 20/22] sd-event: Make malloc_trim() conditional on glibc
 
 musl does not have this API
 
@@ -12,28 +12,28 @@
  1 file changed, 3 insertions(+), 1 deletion(-)
 
 diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
-index aba458185b..48c94a7672 100644
+index 288798a0dc..6419a7f216 100644
 --- a/src/libsystemd/sd-event/sd-event.c
 +++ b/src/libsystemd/sd-event/sd-event.c
 @@ -1874,7 +1874,7 @@ _public_ int sd_event_add_exit(
  }
-
+ 
  _public_ int sd_event_trim_memory(void) {
 -        int r;
 +        int r = 0;
-
+ 
          /* A default implementation of a memory pressure callback. Simply releases our own allocation caches
           * and glibc's. This is automatically used when people call sd_event_add_memory_pressure() with a
 @@ -1888,7 +1888,9 @@ _public_ int sd_event_trim_memory(void) {
-
+ 
          usec_t before_timestamp = now(CLOCK_MONOTONIC);
          hashmap_trim_pools();
 +#ifdef __GLIBC__
          r = malloc_trim(0);
 +#endif
          usec_t after_timestamp = now(CLOCK_MONOTONIC);
-
+ 
          if (r > 0)
---
-2.41.0
+-- 
+2.34.1
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0021-do-not-disable-buffer-in-writing-files.patch b/poky/meta/recipes-core/systemd/systemd/0021-do-not-disable-buffer-in-writing-files.patch
deleted file mode 100644
index c850872..0000000
--- a/poky/meta/recipes-core/systemd/systemd/0021-do-not-disable-buffer-in-writing-files.patch
+++ /dev/null
@@ -1,397 +0,0 @@
-From aa6e5588e6d01c12e2f101d140cc710ab199df16 Mon Sep 17 00:00:00 2001
-From: Chen Qi <Qi.Chen@windriver.com>
-Date: Fri, 1 Mar 2019 15:22:15 +0800
-Subject: [PATCH] do not disable buffer in writing files
-
-Do not disable buffer in writing files, otherwise we get
-failure at boot for musl like below.
-
-  [!!!!!!] Failed to allocate manager object.
-
-And there will be other failures, critical or not critical.
-This is specific to musl.
-
-Upstream-Status: Inappropriate [musl]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
-[Rebased for v242]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-[rebased for systemd 243]
-Signed-off-by: Scott Murray <scott.murray@konsulko.com>
-[rebased for systemd 254]
----
- src/basic/cgroup-util.c              | 12 ++++++------
- src/basic/namespace-util.c           |  4 ++--
- src/basic/procfs-util.c              |  4 ++--
- src/basic/sysctl-util.c              |  2 +-
- src/binfmt/binfmt.c                  |  6 +++---
- src/core/cgroup.c                    |  2 +-
- src/core/main.c                      |  2 +-
- src/core/smack-setup.c               |  8 ++++----
- src/home/homework.c                  |  2 +-
- src/libsystemd/sd-device/sd-device.c |  2 +-
- src/nspawn/nspawn-cgroup.c           |  2 +-
- src/nspawn/nspawn.c                  |  6 +++---
- src/shared/binfmt-util.c             |  2 +-
- src/shared/cgroup-setup.c            |  4 ++--
- src/shared/coredump-util.c           |  2 +-
- src/shared/sleep-util.c              |  4 ++--
- src/shared/smack-util.c              |  2 +-
- src/sleep/sleep.c                    |  4 ++--
- src/udev/udev-rules.c                |  1 -
- src/vconsole/vconsole-setup.c        |  2 +-
- 20 files changed, 36 insertions(+), 37 deletions(-)
-
---- a/src/basic/cgroup-util.c
-+++ b/src/basic/cgroup-util.c
-@@ -400,7 +400,7 @@ int cg_kill_kernel_sigkill(const char *c
-         if (r < 0)
-                 return r;
- 
--        r = write_string_file(killfile, "1", WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file(killfile, "1", 0);
-         if (r < 0)
-                 return r;
- 
-@@ -806,7 +806,7 @@ int cg_install_release_agent(const char
- 
-         sc = strstrip(contents);
-         if (isempty(sc)) {
--                r = write_string_file(fs, agent, WRITE_STRING_FILE_DISABLE_BUFFER);
-+                r = write_string_file(fs, agent, 0);
-                 if (r < 0)
-                         return r;
-         } else if (!path_equal(sc, agent))
-@@ -824,7 +824,7 @@ int cg_install_release_agent(const char
- 
-         sc = strstrip(contents);
-         if (streq(sc, "0")) {
--                r = write_string_file(fs, "1", WRITE_STRING_FILE_DISABLE_BUFFER);
-+                r = write_string_file(fs, "1", 0);
-                 if (r < 0)
-                         return r;
- 
-@@ -851,7 +851,7 @@ int cg_uninstall_release_agent(const cha
-         if (r < 0)
-                 return r;
- 
--        r = write_string_file(fs, "0", WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file(fs, "0", 0);
-         if (r < 0)
-                 return r;
- 
-@@ -861,7 +861,7 @@ int cg_uninstall_release_agent(const cha
-         if (r < 0)
-                 return r;
- 
--        r = write_string_file(fs, "", WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file(fs, "", 0);
-         if (r < 0)
-                 return r;
- 
-@@ -1764,7 +1764,7 @@ int cg_set_attribute(const char *control
-         if (r < 0)
-                 return r;
- 
--        return write_string_file(p, value, WRITE_STRING_FILE_DISABLE_BUFFER);
-+        return write_string_file(p, value, 0);
- }
- 
- int cg_get_attribute(const char *controller, const char *path, const char *attribute, char **ret) {
---- a/src/basic/namespace-util.c
-+++ b/src/basic/namespace-util.c
-@@ -227,12 +227,12 @@ int userns_acquire(const char *uid_map,
-                 freeze();
- 
-         xsprintf(path, "/proc/" PID_FMT "/uid_map", pid);
--        r = write_string_file(path, uid_map, WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file(path, uid_map, 0);
-         if (r < 0)
-                 return log_error_errno(r, "Failed to write UID map: %m");
- 
-         xsprintf(path, "/proc/" PID_FMT "/gid_map", pid);
--        r = write_string_file(path, gid_map, WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file(path, gid_map, 0);
-         if (r < 0)
-                 return log_error_errno(r, "Failed to write GID map: %m");
- 
---- a/src/basic/procfs-util.c
-+++ b/src/basic/procfs-util.c
-@@ -64,13 +64,13 @@ int procfs_tasks_set_limit(uint64_t limi
-          * decrease it, as threads-max is the much more relevant sysctl. */
-         if (limit > pid_max-1) {
-                 sprintf(buffer, "%" PRIu64, limit+1); /* Add one, since PID 0 is not a valid PID */
--                r = write_string_file("/proc/sys/kernel/pid_max", buffer, WRITE_STRING_FILE_DISABLE_BUFFER);
-+                r = write_string_file("/proc/sys/kernel/pid_max", buffer, 0);
-                 if (r < 0)
-                         return r;
-         }
- 
-         sprintf(buffer, "%" PRIu64, limit);
--        r = write_string_file("/proc/sys/kernel/threads-max", buffer, WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file("/proc/sys/kernel/threads-max", buffer, 0);
-         if (r < 0) {
-                 uint64_t threads_max;
- 
---- a/src/basic/sysctl-util.c
-+++ b/src/basic/sysctl-util.c
-@@ -58,7 +58,7 @@ int sysctl_write(const char *property, c
- 
-         log_debug("Setting '%s' to '%s'", p, value);
- 
--        return write_string_file(p, value, WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL);
-+        return write_string_file(p, value, WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL);
- }
- 
- int sysctl_writef(const char *property, const char *format, ...) {
---- a/src/binfmt/binfmt.c
-+++ b/src/binfmt/binfmt.c
-@@ -30,7 +30,7 @@ static bool arg_unregister = false;
- 
- static int delete_rule(const char *rulename) {
-         const char *fn = strjoina("/proc/sys/fs/binfmt_misc/", rulename);
--        return write_string_file(fn, "-1", WRITE_STRING_FILE_DISABLE_BUFFER);
-+        return write_string_file(fn, "-1", 0);
- }
- 
- static int apply_rule(const char *filename, unsigned line, const char *rule) {
-@@ -58,7 +58,7 @@ static int apply_rule(const char *filena
-         if (r >= 0)
-                 log_debug("%s:%u: Rule '%s' deleted.", filename, line, rulename);
- 
--        r = write_string_file("/proc/sys/fs/binfmt_misc/register", rule, WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file("/proc/sys/fs/binfmt_misc/register", rule, 0);
-         if (r < 0)
-                 return log_error_errno(r, "%s:%u: Failed to add binary format '%s': %m",
-                                        filename, line, rulename);
-@@ -244,7 +244,7 @@ static int run(int argc, char *argv[]) {
-                         return r;
- 
-                 /* Flush out all rules */
--                r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", WRITE_STRING_FILE_DISABLE_BUFFER);
-+                r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", 0);
-                 if (r < 0)
-                         log_warning_errno(r, "Failed to flush binfmt_misc rules, ignoring: %m");
-                 else
---- a/src/core/cgroup.c
-+++ b/src/core/cgroup.c
-@@ -4349,7 +4349,7 @@ int unit_cgroup_freezer_action(Unit *u,
-                         u->freezer_state = FREEZER_THAWING;
-         }
- 
--        r = write_string_file(path, one_zero(action == FREEZER_FREEZE), WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file(path, one_zero(action == FREEZER_FREEZE), 0);
-         if (r < 0)
-                 return r;
- 
---- a/src/core/main.c
-+++ b/src/core/main.c
-@@ -1737,7 +1737,7 @@ static void initialize_core_pattern(bool
-         if (getpid_cached() != 1)
-                 return;
- 
--        r = write_string_file("/proc/sys/kernel/core_pattern", arg_early_core_pattern, WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file("/proc/sys/kernel/core_pattern", arg_early_core_pattern, 0);
-         if (r < 0)
-                 log_warning_errno(r, "Failed to write '%s' to /proc/sys/kernel/core_pattern, ignoring: %m",
-                                   arg_early_core_pattern);
---- a/src/core/smack-setup.c
-+++ b/src/core/smack-setup.c
-@@ -319,17 +319,17 @@ int mac_smack_setup(bool *loaded_policy)
-         }
- 
- #if HAVE_SMACK_RUN_LABEL
--        r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL, 0);
-         if (r < 0)
-                 log_warning_errno(r, "Failed to set SMACK label \"" SMACK_RUN_LABEL "\" on self: %m");
--        r = write_string_file("/sys/fs/smackfs/ambient", SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file("/sys/fs/smackfs/ambient", SMACK_RUN_LABEL, 0);
-         if (r < 0)
-                 log_warning_errno(r, "Failed to set SMACK ambient label \"" SMACK_RUN_LABEL "\": %m");
-         r = write_string_file("/sys/fs/smackfs/netlabel",
--                              "0.0.0.0/0 " SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER);
-+                              "0.0.0.0/0 " SMACK_RUN_LABEL, 0);
-         if (r < 0)
-                 log_warning_errno(r, "Failed to set SMACK netlabel rule \"0.0.0.0/0 " SMACK_RUN_LABEL "\": %m");
--        r = write_string_file("/sys/fs/smackfs/netlabel", "127.0.0.1 -CIPSO", WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file("/sys/fs/smackfs/netlabel", "127.0.0.1 -CIPSO", 0);
-         if (r < 0)
-                 log_warning_errno(r, "Failed to set SMACK netlabel rule \"127.0.0.1 -CIPSO\": %m");
- #endif
---- a/src/home/homework.c
-+++ b/src/home/homework.c
-@@ -278,7 +278,7 @@ static void drop_caches_now(void) {
-          * for details. We write "2" into /proc/sys/vm/drop_caches to ensure dentries/inodes are flushed, but
-          * not more. */
- 
--        r = write_string_file("/proc/sys/vm/drop_caches", "2\n", WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file("/proc/sys/vm/drop_caches", "2\n", 0);
-         if (r < 0)
-                 log_warning_errno(r, "Failed to drop caches, ignoring: %m");
-         else
---- a/src/libsystemd/sd-device/sd-device.c
-+++ b/src/libsystemd/sd-device/sd-device.c
-@@ -2515,7 +2515,7 @@ _public_ int sd_device_set_sysattr_value
-         if (!value)
-                 return -ENOMEM;
- 
--        r = write_string_file(path, value, WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_NOFOLLOW);
-+        r = write_string_file(path, value, 0 | WRITE_STRING_FILE_NOFOLLOW);
-         if (r < 0) {
-                 /* On failure, clear cache entry, as we do not know how it fails. */
-                 device_remove_cached_sysattr_value(device, sysattr);
---- a/src/nspawn/nspawn-cgroup.c
-+++ b/src/nspawn/nspawn-cgroup.c
-@@ -122,7 +122,7 @@ int sync_cgroup(pid_t pid, CGroupUnified
-         fn = strjoina(tree, cgroup, "/cgroup.procs");
- 
-         sprintf(pid_string, PID_FMT, pid);
--        r = write_string_file(fn, pid_string, WRITE_STRING_FILE_DISABLE_BUFFER|WRITE_STRING_FILE_MKDIR_0755);
-+        r = write_string_file(fn, pid_string, WRITE_STRING_FILE_MKDIR_0755);
-         if (r < 0) {
-                 log_error_errno(r, "Failed to move process: %m");
-                 goto finish;
---- a/src/nspawn/nspawn.c
-+++ b/src/nspawn/nspawn.c
-@@ -2774,7 +2774,7 @@ static int reset_audit_loginuid(void) {
-         if (streq(p, "4294967295"))
-                 return 0;
- 
--        r = write_string_file("/proc/self/loginuid", "4294967295", WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file("/proc/self/loginuid", "4294967295", 0);
-         if (r < 0) {
-                 log_error_errno(r,
-                                 "Failed to reset audit login UID. This probably means that your kernel is too\n"
-@@ -4214,7 +4214,7 @@ static int setup_uid_map(
-                 return log_oom();
- 
-         xsprintf(uid_map, "/proc/" PID_FMT "/uid_map", pid);
--        r = write_string_file(uid_map, s, WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file(uid_map, s, 0);
-         if (r < 0)
-                 return log_error_errno(r, "Failed to write UID map: %m");
- 
-@@ -4224,7 +4224,7 @@ static int setup_uid_map(
-                 return log_oom();
- 
-         xsprintf(uid_map, "/proc/" PID_FMT "/gid_map", pid);
--        r = write_string_file(uid_map, s, WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file(uid_map, s, 0);
-         if (r < 0)
-                 return log_error_errno(r, "Failed to write GID map: %m");
- 
---- a/src/shared/binfmt-util.c
-+++ b/src/shared/binfmt-util.c
-@@ -46,7 +46,7 @@ int disable_binfmt(void) {
-                 return 0;
-         }
- 
--        r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", 0);
-         if (r < 0)
-                 return log_warning_errno(r, "Failed to unregister binfmt_misc entries: %m");
- 
---- a/src/shared/cgroup-setup.c
-+++ b/src/shared/cgroup-setup.c
-@@ -351,7 +351,7 @@ int cg_attach(const char *controller, co
- 
-         xsprintf(c, PID_FMT "\n", pid);
- 
--        r = write_string_file(fs, c, WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file(fs, c, 0);
-         if (r == -EOPNOTSUPP && cg_is_threaded(controller, path) > 0)
-                 /* When the threaded mode is used, we cannot read/write the file. Let's return recognizable error. */
-                 return -EUCLEAN;
-@@ -964,7 +964,7 @@ int cg_enable_everywhere(
-                                         return log_debug_errno(errno, "Failed to open cgroup.subtree_control file of %s: %m", p);
-                         }
- 
--                        r = write_string_stream(f, s, WRITE_STRING_FILE_DISABLE_BUFFER);
-+                        r = write_string_stream(f, s, 0);
-                         if (r < 0) {
-                                 log_debug_errno(r, "Failed to %s controller %s for %s (%s): %m",
-                                                 FLAGS_SET(mask, bit) ? "enable" : "disable", n, p, fs);
---- a/src/shared/coredump-util.c
-+++ b/src/shared/coredump-util.c
-@@ -163,7 +163,7 @@ int set_coredump_filter(uint64_t value)
-         xsprintf(t, "0x%"PRIx64, value);
- 
-         return write_string_file("/proc/self/coredump_filter", t,
--                                 WRITE_STRING_FILE_VERIFY_ON_FAILURE|WRITE_STRING_FILE_DISABLE_BUFFER);
-+                                 0);
- }
- 
- /* Turn off core dumps but only if we're running outside of a container. */
---- a/src/shared/sleep-util.c
-+++ b/src/shared/sleep-util.c
-@@ -1044,7 +1044,7 @@ int write_resume_config(dev_t devno, uin
- 
-         /* We write the offset first since it's safer. Note that this file is only available in 4.17+, so
-          * fail gracefully if it doesn't exist and we're only overwriting it with 0. */
--        r = write_string_file("/sys/power/resume_offset", offset_str, WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file("/sys/power/resume_offset", offset_str, 0);
-         if (r == -ENOENT) {
-                 if (offset != 0)
-                         return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-@@ -1060,7 +1060,7 @@ int write_resume_config(dev_t devno, uin
-                 log_debug("Wrote resume_offset=%s for device '%s' to /sys/power/resume_offset.",
-                           offset_str, device);
- 
--        r = write_string_file("/sys/power/resume", devno_str, WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file("/sys/power/resume", devno_str, 0);
-         if (r < 0)
-                 return log_error_errno(r,
-                                        "Failed to write device '%s' (%s) to /sys/power/resume: %m",
---- a/src/shared/smack-util.c
-+++ b/src/shared/smack-util.c
-@@ -113,7 +113,7 @@ int mac_smack_apply_pid(pid_t pid, const
-                 return 0;
- 
-         p = procfs_file_alloca(pid, "attr/current");
--        r = write_string_file(p, label, WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file(p, label, 0);
-         if (r < 0)
-                 return r;
- 
---- a/src/sleep/sleep.c
-+++ b/src/sleep/sleep.c
-@@ -139,7 +139,7 @@ static int write_mode(char **modes) {
-         STRV_FOREACH(mode, modes) {
-                 int k;
- 
--                k = write_string_file("/sys/power/disk", *mode, WRITE_STRING_FILE_DISABLE_BUFFER);
-+                k = write_string_file("/sys/power/disk", *mode, 0);
-                 if (k >= 0)
-                         return 0;
- 
-@@ -160,7 +160,7 @@ static int write_state(FILE **f, char **
-         STRV_FOREACH(state, states) {
-                 int k;
- 
--                k = write_string_stream(*f, *state, WRITE_STRING_FILE_DISABLE_BUFFER);
-+                k = write_string_stream(*f, *state, 0);
-                 if (k >= 0)
-                         return 0;
-                 log_debug_errno(k, "Failed to write '%s' to /sys/power/state: %m", *state);
---- a/src/udev/udev-rules.c
-+++ b/src/udev/udev-rules.c
-@@ -2634,7 +2634,6 @@ static int udev_rule_apply_token_to_even
-                 log_event_debug(dev, token, "ATTR '%s' writing '%s'", buf, value);
-                 r = write_string_file(buf, value,
-                                       WRITE_STRING_FILE_VERIFY_ON_FAILURE |
--                                      WRITE_STRING_FILE_DISABLE_BUFFER |
-                                       WRITE_STRING_FILE_AVOID_NEWLINE |
-                                       WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE);
-                 if (r < 0)
---- a/src/vconsole/vconsole-setup.c
-+++ b/src/vconsole/vconsole-setup.c
-@@ -260,7 +260,7 @@ static int toggle_utf8_vc(const char *na
- static int toggle_utf8_sysfs(bool utf8) {
-         int r;
- 
--        r = write_string_file("/sys/module/vt/parameters/default_utf8", one_zero(utf8), WRITE_STRING_FILE_DISABLE_BUFFER);
-+        r = write_string_file("/sys/module/vt/parameters/default_utf8", one_zero(utf8), 0);
-         if (r < 0)
-                 return log_warning_errno(r, "Failed to %s sysfs UTF-8 flag: %m", enable_disable(utf8));
- 
diff --git a/poky/meta/recipes-core/systemd/systemd/0029-shared-Do-not-use-malloc_info-on-musl.patch b/poky/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch
similarity index 68%
rename from poky/meta/recipes-core/systemd/systemd/0029-shared-Do-not-use-malloc_info-on-musl.patch
rename to poky/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch
index 8e38655..7eff069 100644
--- a/poky/meta/recipes-core/systemd/systemd/0029-shared-Do-not-use-malloc_info-on-musl.patch
+++ b/poky/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch
@@ -1,7 +1,7 @@
-From 9430646e72ea5d260ade300038a6d976fecf7da5 Mon Sep 17 00:00:00 2001
+From 502597b9ddd6b145541b23fadca0b1d3ca9f6367 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Wed, 2 Aug 2023 12:20:40 -0700
-Subject: [PATCH 4/4] shared: Do not use malloc_info on musl
+Subject: [PATCH 21/22] shared: Do not use malloc_info on musl
 
 Upstream-Status: Inappropriate [musl-specific]
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
@@ -10,9 +10,11 @@
  src/shared/common-signal.c | 4 ++--
  2 files changed, 5 insertions(+), 4 deletions(-)
 
+diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
+index 74f148c8b4..2d862a123d 100644
 --- a/src/shared/bus-util.c
 +++ b/src/shared/bus-util.c
-@@ -617,15 +617,16 @@ static int method_dump_memory_state_by_f
+@@ -611,15 +611,16 @@ static int method_dump_memory_state_by_fd(sd_bus_message *message, void *userdat
          _cleanup_close_ int fd = -EBADF;
          size_t dump_size;
          FILE *f;
@@ -31,9 +33,11 @@
          if (r < 0)
                  return r;
  
+diff --git a/src/shared/common-signal.c b/src/shared/common-signal.c
+index 8e70e365dd..9e782caec9 100644
 --- a/src/shared/common-signal.c
 +++ b/src/shared/common-signal.c
-@@ -65,12 +65,12 @@ int sigrtmin18_handler(sd_event_source *
+@@ -65,12 +65,12 @@ int sigrtmin18_handler(sd_event_source *s, const struct signalfd_siginfo *si, vo
                          log_oom();
                          break;
                  }
@@ -48,3 +52,6 @@
                  (void) memstream_dump(LOG_INFO, &m);
                  break;
          }
+-- 
+2.34.1
+
diff --git a/poky/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch b/poky/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch
new file mode 100644
index 0000000..24f3bf7
--- /dev/null
+++ b/poky/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch
@@ -0,0 +1,43 @@
+From fd52f1764647e03a35e8f0ed0ef952049073ccbd Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Tue, 2 Jan 2024 11:03:27 +0800
+Subject: [PATCH 22/22] avoid missing LOCK_EX declaration
+
+This only happens on MUSL. Include sys/file.h to avoid compilation
+error about missing LOCK_EX declaration.
+
+Upstream-Status: Inappropriate [musl specific]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/core/exec-invoke.c | 1 +
+ src/shared/dev-setup.h | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
+index 70d963e269..7084811439 100644
+--- a/src/core/exec-invoke.c
++++ b/src/core/exec-invoke.c
+@@ -4,6 +4,7 @@
+ #include <sys/ioctl.h>
+ #include <sys/mount.h>
+ #include <sys/prctl.h>
++#include <sys/file.h>
+ 
+ #if HAVE_PAM
+ #include <security/pam_appl.h>
+diff --git a/src/shared/dev-setup.h b/src/shared/dev-setup.h
+index 5339bc4e5e..0697495f23 100644
+--- a/src/shared/dev-setup.h
++++ b/src/shared/dev-setup.h
+@@ -2,6 +2,7 @@
+ #pragma once
+ 
+ #include <sys/types.h>
++#include <sys/file.h>
+ 
+ int lock_dev_console(void);
+ 
+-- 
+2.34.1
+
diff --git a/poky/meta/recipes-core/systemd/systemd/0030-meson-Pass-all-static-pie-args-to-linker.patch b/poky/meta/recipes-core/systemd/systemd/0030-meson-Pass-all-static-pie-args-to-linker.patch
deleted file mode 100644
index 8e56323..0000000
--- a/poky/meta/recipes-core/systemd/systemd/0030-meson-Pass-all-static-pie-args-to-linker.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From f85a387a67900b02c69abccb88c2ef7191c67277 Mon Sep 17 00:00:00 2001
-From: Jan Janssen <medhefgo@web.de>
-Date: Sun, 1 Oct 2023 09:55:48 +0200
-Subject: [PATCH] meson: Pass all -static-pie args to linker
-
-Fixes: #29381
-
-Upstream-Status: Backport [https://github.com/systemd/systemd/commit/cecbb162a3134b43d2ca160e13198c73ff34c3ef]
-Signed-off-by: Viswanath Kraleti <quic_vkraleti@quicinc.com>
----
- src/boot/efi/meson.build | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
-index 2773eaf286..9a60a57329 100644
---- a/src/boot/efi/meson.build
-+++ b/src/boot/efi/meson.build
-@@ -161,9 +161,14 @@ efi_c_ld_args = [
-         '-Wl,--entry=efi_main',
-         '-Wl,--fatal-warnings',
- 
--        # These flags should be passed by -static-pie, but seem to be missing sometimes.
--        '-Wl,--no-dynamic-linker',
--        '-z', 'text',
-+        # These flags should be passed by -static-pie, but for whatever reason the flag translation
-+        # is not enabled on all architectures. Not passing `-static` would just allow the linker to
-+        # use dynamic libraries, (which we can't/don't use anyway). But if `-pie` is missing and the
-+        # gcc build does not default to `-pie` we get a regular (no-pie) binary that will be
-+        # rightfully rejected by elf2efi. Note that meson also passes `-pie` to the linker driver,
-+        # but it is overridden by our `-static-pie`. We also need to pass these directly to the
-+        # linker as `-static`+`-pie` seem to get translated differently.
-+        '-Wl,-static,-pie,--no-dynamic-linker,-z,text',
- 
-         # EFI has 4KiB pages.
-         '-z', 'common-page-size=4096',
diff --git a/poky/meta/recipes-core/systemd/systemd/basic.conf.in b/poky/meta/recipes-core/systemd/systemd/basic.conf.in
deleted file mode 100644
index fac288f..0000000
--- a/poky/meta/recipes-core/systemd/systemd/basic.conf.in
+++ /dev/null
@@ -1,40 +0,0 @@
-#  This file is part of systemd.
-#
-#  systemd is free software; you can redistribute it and/or modify it
-#  under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2.1 of the License, or
-#  (at your option) any later version.
-
-# The superuser
-u root    0     "root" :ROOT_HOME:
-
-# The nobody user/group for NFS file systems
-g {{NOBODY_GROUP_NAME}} 65534       -            -
-u {{NOBODY_USER_NAME }} 65534:65534 "Nobody"     -
-
-# Administrator group: can *see* more than normal users
-g adm     {{ADM_GID    }}     -            -
-
-# Administrator group: can *do* more than normal users
-g wheel   {{WHEEL_GID  }}     -            -
-
-# Access to shared database of users on the system
-g utmp    {{UTMP_GID   }}     -            -
-
-# Physical and virtual hardware access groups
-g audio   {{AUDIO_GID  }}     -            -
-g cdrom   {{CDROM_GID  }}     -            -
-g dialout {{DIALOUT_GID}}     -            -
-g disk    {{DISK_GID   }}     -            -
-g input   {{INPUT_GID  }}     -            -
-g kmem    {{KMEM_GID   }}     -            -
-g kvm     {{KVM_GID    }}     -            -
-g lp      {{LP_GID     }}     -            -
-g render  {{RENDER_GID }}     -            -
-g sgx     {{SGX_GID    }}     -            -
-g tape    {{TAPE_GID   }}     -            -
-g tty     {{TTY_GID    }}     -            -
-g video   {{VIDEO_GID  }}     -            -
-
-# Default group for normal users
-g users   {{USERS_GID  }}     -            -
diff --git a/poky/meta/recipes-core/systemd/systemd_254.4.bb b/poky/meta/recipes-core/systemd/systemd_255.1.bb
similarity index 95%
rename from poky/meta/recipes-core/systemd/systemd_254.4.bb
rename to poky/meta/recipes-core/systemd/systemd_255.1.bb
index 05cfc73..c0de440 100644
--- a/poky/meta/recipes-core/systemd/systemd_254.4.bb
+++ b/poky/meta/recipes-core/systemd/systemd_255.1.bb
@@ -21,7 +21,6 @@
 SRC_URI += " \
            file://touchscreen.rules \
            file://00-create-volatile.conf \
-           file://basic.conf.in \
            ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://org.freedesktop.hostname1_no_polkit.conf', '', d)} \
            ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://00-hostnamed-network-user.conf', '', d)} \
            file://init \
@@ -29,33 +28,33 @@
            file://systemd-pager.sh \
            file://0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch \
            file://0008-implment-systemd-sysv-install-for-OE.patch \
-           file://0004-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch \
            "
 
 # patches needed by musl
 SRC_URI:append:libc-musl = " ${SRC_URI_MUSL}"
 SRC_URI_MUSL = "\
-               file://0009-missing_type.h-add-comparison_fn_t.patch \
-               file://0010-add-fallback-parse_printf_format-implementation.patch \
-               file://0011-src-basic-missing.h-check-for-missing-strndupa.patch \
-               file://0012-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch \
-               file://0013-add-missing-FTW_-macros-for-musl.patch \
-               file://0014-Use-uintmax_t-for-handling-rlim_t.patch \
-               file://0016-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch \
-               file://0017-Define-glibc-compatible-basename-for-non-glibc-syste.patch \
-               file://0018-Do-not-disable-buffering-when-writing-to-oom_score_a.patch \
-               file://0019-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch \
-               file://0020-avoid-redefinition-of-prctl_mm_map-structure.patch \
-               file://0021-do-not-disable-buffer-in-writing-files.patch \
-               file://0022-Handle-__cpu_mask-usage.patch \
-               file://0023-Handle-missing-gshadow.patch \
-               file://0024-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch \
-               file://0005-pass-correct-parameters-to-getdents64.patch \
-               file://0001-Adjust-for-musl-headers.patch \
-               file://0006-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch \
-               file://0003-errno-util-Make-STRERROR-portable-for-musl.patch \
-               file://0028-sd-event-Make-malloc_trim-conditional-on-glibc.patch \
-               file://0029-shared-Do-not-use-malloc_info-on-musl.patch \
+               file://0001-missing_type.h-add-comparison_fn_t.patch \
+               file://0002-add-fallback-parse_printf_format-implementation.patch \
+               file://0003-src-basic-missing.h-check-for-missing-strndupa.patch \
+               file://0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch \
+               file://0005-add-missing-FTW_-macros-for-musl.patch \
+               file://0006-Use-uintmax_t-for-handling-rlim_t.patch \
+               file://0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch \
+               file://0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch \
+               file://0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch \
+               file://0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch \
+               file://0011-avoid-redefinition-of-prctl_mm_map-structure.patch \
+               file://0012-do-not-disable-buffer-in-writing-files.patch \
+               file://0013-Handle-__cpu_mask-usage.patch \
+               file://0014-Handle-missing-gshadow.patch \
+               file://0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch \
+               file://0016-pass-correct-parameters-to-getdents64.patch \
+               file://0017-Adjust-for-musl-headers.patch \
+               file://0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch \
+               file://0019-errno-util-Make-STRERROR-portable-for-musl.patch \
+               file://0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch \
+               file://0021-shared-Do-not-use-malloc_info-on-musl.patch \
+               file://0022-avoid-missing-LOCK_EX-declaration.patch \
                "
 
 PAM_PLUGINS = " \
@@ -73,6 +72,7 @@
     ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', '', 'link-udev-shared', d)} \
     backlight \
     binfmt \
+    cgroupv2 \
     gshadow \
     hibernate \
     hostnamed \
@@ -266,12 +266,16 @@
 # The 60 seconds is watchdog's default vaule.
 WATCHDOG_TIMEOUT ??= "60"
 
-do_configure:prepend() {
-  sed s@:ROOT_HOME:@${ROOT_HOME}@g ${WORKDIR}/basic.conf.in > ${S}/sysusers.d/basic.conf.in
-}
-
 do_install() {
 	meson_do_install
+	# Change the root user's home directory in /lib/sysusers.d/basic.conf.
+	# This is done merely for backward compatibility with previous systemd recipes.
+	# systemd hardcodes root user's HOME to be "/root". Changing to use other values
+	# may have unexpected runtime behaviors.
+	if [ "${ROOT_HOME}" != "/root" ]; then
+		bbwarn "Using ${ROOT_HOME} as root user's home directory is not fully supported by systemd"
+		sed -i -e 's#/root#${ROOT_HOME}#g' ${D}${exec_prefix}/lib/sysusers.d/basic.conf
+	fi
 	install -d ${D}/${base_sbindir}
 	if ${@bb.utils.contains('PACKAGECONFIG', 'serial-getty-generator', 'false', 'true', d)}; then
 		# Provided by a separate recipe
@@ -756,6 +760,7 @@
                ${rootlibexecdir}/udev/rules.d/60-persistent-alsa.rules \
                ${rootlibexecdir}/udev/rules.d/60-persistent-input.rules \
                ${rootlibexecdir}/udev/rules.d/60-persistent-storage.rules \
+               ${rootlibexecdir}/udev/rules.d/60-persistent-storage-mtd.rules \
                ${rootlibexecdir}/udev/rules.d/60-persistent-storage-tape.rules \
                ${rootlibexecdir}/udev/rules.d/60-persistent-v4l.rules \
                ${rootlibexecdir}/udev/rules.d/60-sensor.rules \
diff --git a/poky/meta/recipes-core/udev/eudev/netifnames.patch b/poky/meta/recipes-core/udev/eudev/netifnames.patch
new file mode 100644
index 0000000..8f6e9a1
--- /dev/null
+++ b/poky/meta/recipes-core/udev/eudev/netifnames.patch
@@ -0,0 +1,17 @@
+eudev: consider ID_NET_NAME_MAC as an interface name
+
+eudev might not create names based on slot or path.
+
+Upstream-Status: Submitted [github.com/eudev-project/eudev/pull/274]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+--- a/rules/80-net-name-slot.rules
++++ b/rules/80-net-name-slot.rules
+@@ -10,5 +10,6 @@ ENV{net.ifnames}=="0", GOTO="net_name_sl
+ NAME=="", ENV{ID_NET_NAME_ONBOARD}!="", NAME="$env{ID_NET_NAME_ONBOARD}"
+ NAME=="", ENV{ID_NET_NAME_SLOT}!="", NAME="$env{ID_NET_NAME_SLOT}"
+ NAME=="", ENV{ID_NET_NAME_PATH}!="", NAME="$env{ID_NET_NAME_PATH}"
++NAME=="", ENV{ID_NET_NAME_MAC}!="", NAME="$env{ID_NET_NAME_MAC}"
+ 
+ LABEL="net_name_slot_end"
diff --git a/poky/meta/recipes-core/udev/eudev_3.2.14.bb b/poky/meta/recipes-core/udev/eudev_3.2.14.bb
index d075869..ddb3c33 100644
--- a/poky/meta/recipes-core/udev/eudev_3.2.14.bb
+++ b/poky/meta/recipes-core/udev/eudev_3.2.14.bb
@@ -10,6 +10,7 @@
 PROVIDES = "udev"
 
 SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \
+           file://netifnames.patch \
            file://init \
            file://local.rules \
            "
@@ -50,6 +51,7 @@
 
 	# Use classic network interface naming scheme
 	touch ${D}${sysconfdir}/udev/rules.d/80-net-name-slot.rules
+
 }
 
 do_install:prepend:class-target () {
diff --git a/poky/meta/recipes-core/udev/udev-extraconf/mount.sh b/poky/meta/recipes-core/udev/udev-extraconf/mount.sh
index 0cd51fc..c19e2aa 100644
--- a/poky/meta/recipes-core/udev/udev-extraconf/mount.sh
+++ b/poky/meta/recipes-core/udev/udev-extraconf/mount.sh
@@ -211,7 +211,7 @@
         logger "mount.sh/remove" "cleaning up $DEVNAME, was mounted by the auto-mounter"
         for mnt in `cat /proc/mounts | grep "$DEVNAME" | cut -f 2 -d " " `
         do
-                $UMOUNT $mnt
+                $UMOUNT "`printf $mnt`"
         done
         # Remove mount directory created by the auto-mounter
         # and clean up our tmp cache file
diff --git a/poky/meta/recipes-core/zlib/zlib_1.3.bb b/poky/meta/recipes-core/zlib/zlib_1.3.bb
index 1ed1817..ede75f9 100644
--- a/poky/meta/recipes-core/zlib/zlib_1.3.bb
+++ b/poky/meta/recipes-core/zlib/zlib_1.3.bb
@@ -47,3 +47,4 @@
 BBCLASSEXTEND = "native nativesdk"
 
 CVE_STATUS[CVE-2023-45853] = "not-applicable-config: we don't build minizip"
+CVE_STATUS[CVE-2023-6992] = "cpe-incorrect: this CVE is for cloudflare zlib"
diff --git a/poky/meta/recipes-devtools/autoconf/autoconf/autoreconf-exclude.patch b/poky/meta/recipes-devtools/autoconf/autoconf/autoreconf-exclude.patch
index c73aca4..2814196 100644
--- a/poky/meta/recipes-devtools/autoconf/autoconf/autoreconf-exclude.patch
+++ b/poky/meta/recipes-devtools/autoconf/autoconf/autoreconf-exclude.patch
@@ -1,25 +1,26 @@
-From 0071d28e304745a16871561f23117fdb00dd2559 Mon Sep 17 00:00:00 2001
+From 1a50157aa11da48921200a0d8d4308863716eab0 Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Thu, 12 Mar 2020 17:25:23 +0000
-Subject: [PATCH 4/7] autoreconf-exclude.patch
+Subject: [PATCH] autoreconf-exclude.patch
 
 Upstream-Status: Inappropriate [oe specific]
+
 ---
  bin/autoreconf.in | 26 ++++++++++++++++++++++++++
  1 file changed, 26 insertions(+)
 
 diff --git a/bin/autoreconf.in b/bin/autoreconf.in
-index bb9f316d..7da3005b 100644
+index 98ebab6..937f758 100644
 --- a/bin/autoreconf.in
 +++ b/bin/autoreconf.in
-@@ -82,6 +82,7 @@ Operation modes:
+@@ -83,6 +83,7 @@ Operation modes:
    -i, --install            copy missing standard auxiliary files
        --no-recursive       don't rebuild sub-packages
    -s, --symlink            with -i, install symbolic links instead of copies
 +  -x, --exclude=STEPS      steps we should not run
    -m, --make               when applicable, re-run ./configure && make
-   -W, --warnings=CATEGORY  report the warnings falling in CATEGORY [syntax]
- 
+   -W, --warnings=CATEGORY  report the warnings falling in CATEGORY
+                            (comma-separated list accepted)
 @@ -141,6 +142,10 @@ my $run_make = 0;
  # Recurse into subpackages
  my $recursive = 1;
@@ -60,7 +61,7 @@
      }
  
  
-@@ -687,9 +698,12 @@ sub autoreconf_current_directory ($)
+@@ -691,9 +702,12 @@ sub autoreconf_current_directory ($)
  	{
  	  $libtoolize .= " --ltdl";
  	}
@@ -73,7 +74,7 @@
      }
    else
      {
-@@ -726,8 +740,11 @@ sub autoreconf_current_directory ($)
+@@ -730,8 +744,11 @@ sub autoreconf_current_directory ($)
      }
    elsif ($install)
      {
@@ -85,7 +86,7 @@
      }
    else
      {
-@@ -765,7 +782,10 @@ sub autoreconf_current_directory ($)
+@@ -769,7 +786,10 @@ sub autoreconf_current_directory ($)
    # latter runs the former, and (ii) autoconf is stricter than
    # autoheader.  So all in all, autoconf should give better error
    # messages.
@@ -96,7 +97,7 @@
  
  
    # -------------------- #
-@@ -786,7 +806,10 @@ sub autoreconf_current_directory ($)
+@@ -790,7 +810,10 @@ sub autoreconf_current_directory ($)
      }
    else
      {
@@ -107,7 +108,7 @@
      }
  
  
-@@ -803,7 +826,10 @@ sub autoreconf_current_directory ($)
+@@ -807,7 +830,10 @@ sub autoreconf_current_directory ($)
        # We should always run automake, and let it decide whether it shall
        # update the file or not.  In fact, the effect of '$force' is already
        # included in '$automake' via '--no-force'.
@@ -118,6 +119,3 @@
      }
  
    # ---------------------------------------------------- #
--- 
-2.25.1
-
diff --git a/poky/meta/recipes-devtools/autoconf/autoconf/autotest-automake-result-format.patch b/poky/meta/recipes-devtools/autoconf/autoconf/autotest-automake-result-format.patch
index 23329f7..3872557 100644
--- a/poky/meta/recipes-devtools/autoconf/autoconf/autotest-automake-result-format.patch
+++ b/poky/meta/recipes-devtools/autoconf/autoconf/autotest-automake-result-format.patch
@@ -1,18 +1,19 @@
-From 8c0f24404bebffdaf3132d81e2b9560d34ff1677 Mon Sep 17 00:00:00 2001
+From b28bd61e4716e744617bd681a5b0d5472f62bd67 Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Thu, 12 Mar 2020 17:25:45 +0000
-Subject: [PATCH 6/7] autotest-automake-result-format.patch
+Subject: [PATCH] autotest-automake-result-format.patch
 
 Upstream-Status: Inappropriate [oe specific]
+
 ---
  lib/autotest/general.m4 | 39 +++++++++++++++++++++++++++++----------
  1 file changed, 29 insertions(+), 10 deletions(-)
 
 diff --git a/lib/autotest/general.m4 b/lib/autotest/general.m4
-index 0c0e3c5b..17590e96 100644
+index bf18866..8097523 100644
 --- a/lib/autotest/general.m4
 +++ b/lib/autotest/general.m4
-@@ -412,6 +412,9 @@ at_recheck=
+@@ -427,6 +427,9 @@ at_recheck=
  # Whether a write failure occurred
  at_write_fail=0
  
@@ -22,7 +23,7 @@
  # The directory we run the suite in.  Default to . if no -C option.
  at_dir=`pwd`
  # An absolute reference to this testsuite script.
-@@ -525,6 +528,10 @@ do
+@@ -540,6 +543,10 @@ do
  	at_check_filter_trace=at_fn_filter_trace
  	;;
  
@@ -33,7 +34,7 @@
      [[0-9] | [0-9][0-9] | [0-9][0-9][0-9] | [0-9][0-9][0-9][0-9]])
  	at_fn_validate_ranges at_option
  	AS_VAR_APPEND([at_groups], ["$at_option$as_nl"])
-@@ -713,10 +720,10 @@ m4_divert_push([HELP_MODES])dnl
+@@ -728,10 +735,10 @@ m4_divert_push([HELP_MODES])dnl
  cat <<_ATEOF || at_write_fail=1
  
  Operation modes:
@@ -48,7 +49,7 @@
  _ATEOF
  m4_divert_pop([HELP_MODES])dnl
  m4_wrap([m4_divert_push([HELP_TUNING_BEGIN])dnl
-@@ -742,6 +749,7 @@ Execution tuning:
+@@ -757,6 +764,7 @@ Execution tuning:
    -d, --debug    inhibit clean up and top-level logging
  [                 default for debugging scripts]
    -x, --trace    enable tests shell tracing
@@ -56,7 +57,7 @@
  _ATEOF
  m4_divert_pop([HELP_TUNING_BEGIN])])dnl
  m4_divert_push([HELP_END])dnl
-@@ -1129,7 +1137,9 @@ at_fn_group_banner ()
+@@ -1139,7 +1147,9 @@ at_fn_group_banner ()
      [*])          at_desc_line="$[1]: "  ;;
    esac
    AS_VAR_APPEND([at_desc_line], ["$[3]$[4]"])
@@ -67,7 +68,7 @@
    echo "#                             -*- compilation -*-" >> "$at_group_log"
  }
  
-@@ -1155,42 +1165,51 @@ _ATEOF
+@@ -1165,42 +1175,51 @@ _ATEOF
    case $at_xfail:$at_status in
      yes:0)
  	at_msg="UNEXPECTED PASS"
@@ -124,6 +125,3 @@
    fi
    at_log_msg="$at_group. $at_desc ($at_setup_line): $at_msg"
    case $at_status in
--- 
-2.25.1
-
diff --git a/poky/meta/recipes-devtools/autoconf/autoconf/man-host-perl.patch b/poky/meta/recipes-devtools/autoconf/autoconf/man-host-perl.patch
index c6c1356..0f49583 100644
--- a/poky/meta/recipes-devtools/autoconf/autoconf/man-host-perl.patch
+++ b/poky/meta/recipes-devtools/autoconf/autoconf/man-host-perl.patch
@@ -1,13 +1,20 @@
-Don't use the target perl when regenerating the man pages.
+From 1c033f2a23941c46d88b9ac279f87bf2c6e99499 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Wed, 15 Jul 2020 16:03:21 +0100
+Subject: [PATCH] Don't use the target perl when regenerating the man pages.
 
 Upstream-Status: Inappropriate
 Signed-off-by: Ross Burton <ross.burton@arm.com>
 
+---
+ man/local.mk | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
 diff --git a/man/local.mk b/man/local.mk
-index e69858b1..78c68ab5 100644
+index 775c131..ba94753 100644
 --- a/man/local.mk
 +++ b/man/local.mk
-@@ -67,13 +67,12 @@ SUFFIXES += .w .1
+@@ -77,13 +77,12 @@ SUFFIXES += .w .1
  	@echo "Updating man page $@"
  	$(MKDIR_P) $(@D)
  	PATH="$(top_srcdir)/man$(PATH_SEPARATOR)$$PATH"; \
diff --git a/poky/meta/recipes-devtools/autoconf/autoconf/no-man.patch b/poky/meta/recipes-devtools/autoconf/autoconf/no-man.patch
index 2c44375..3e741ed 100644
--- a/poky/meta/recipes-devtools/autoconf/autoconf/no-man.patch
+++ b/poky/meta/recipes-devtools/autoconf/autoconf/no-man.patch
@@ -1,14 +1,26 @@
+From 8bcaf677e41f1f5d3fa0a746e35958e7b303ac71 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Wed, 15 Jul 2020 16:03:21 +0100
+Subject: [PATCH] autoconf: upgrade to 2.71
+
 For native builds we don't care about the documentation, and this would
 otherwise pull in a dependency on help2man.
 
 Upstream-Status: Inappropriate
 Signed-off-by: Ross Burton <ross.burton@arm.com>
 
+---
+ Makefile.in | 10 ----------
+ 1 file changed, 10 deletions(-)
+
 diff --git a/Makefile.in b/Makefile.in
-index 146e8e3..a1827c1 100644
+index c8d6425..72d6d05 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -763,10 +762,0 @@ dist_buildaux_SCRIPTS = \
+@@ -771,16 +771,6 @@ buildauxdir = $(pkgdatadir)/build-aux
+ dist_buildaux_DATA = \
+   $(AUXSCRIPTS)
+ 
 -dist_man_MANS = \
 -  man/autoconf.1 \
 -  man/autoheader.1 \
@@ -19,3 +31,6 @@
 -  man/ifnames.1
 -
 -
+ # Each manpage depends on:
+ # - its .w and .x files and its source script in bin/
+ # - common.x for the SEE ALSO list
diff --git a/poky/meta/recipes-devtools/autoconf/autoconf/preferbash.patch b/poky/meta/recipes-devtools/autoconf/autoconf/preferbash.patch
index cfb145a..64fed1f 100644
--- a/poky/meta/recipes-devtools/autoconf/autoconf/preferbash.patch
+++ b/poky/meta/recipes-devtools/autoconf/autoconf/preferbash.patch
@@ -1,7 +1,7 @@
-From 0aac3047cd7681d610b22d79501c297fa3433148 Mon Sep 17 00:00:00 2001
+From a877ff979349d3bf6f5f0d92fe4e741be0ad98b4 Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Thu, 12 Mar 2020 17:25:41 +0000
-Subject: [PATCH 2/7] m4sh: prefer bash over sh
+Subject: [PATCH] m4sh: prefer bash over sh
 
 _AS_DETECT_BETTER_SHELL looks for a good shell to use, and tries to look for
 'sh' before 'bash'.  Whilst for many systems sh is a symlink to bash,
@@ -16,15 +16,16 @@
 is used if available over something which is merely POSIX compliant.
 
 Upstream-Status: Inappropriate [oe specific]
+
 ---
  lib/m4sugar/m4sh.m4 | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/lib/m4sugar/m4sh.m4 b/lib/m4sugar/m4sh.m4
-index 9d543952..84ef84a9 100644
+index 368487f..cc70f51 100644
 --- a/lib/m4sugar/m4sh.m4
 +++ b/lib/m4sugar/m4sh.m4
-@@ -230,7 +230,7 @@ dnl Remove any tests from suggested that are also required
+@@ -233,7 +233,7 @@ dnl Remove any tests from suggested that are also required
      [_AS_PATH_WALK([/bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH],
        [case $as_dir in @%:@(
  	 /*)
@@ -33,6 +34,3 @@
  	     # Try only shells that exist, to save several forks.
  	     as_shell=$as_dir$as_base
  	     AS_IF([{ test -f "$as_shell" || test -f "$as_shell.exe"; } &&
--- 
-2.25.1
-
diff --git a/poky/meta/recipes-devtools/autoconf/autoconf/program_prefix.patch b/poky/meta/recipes-devtools/autoconf/autoconf/program_prefix.patch
index 657cbb3..f647f2a 100644
--- a/poky/meta/recipes-devtools/autoconf/autoconf/program_prefix.patch
+++ b/poky/meta/recipes-devtools/autoconf/autoconf/program_prefix.patch
@@ -1,19 +1,20 @@
-From f4f19a5c03e8ae3b9cc93d24b76694f4b7b2eb76 Mon Sep 17 00:00:00 2001
+From 7949496ff3834dcd98407cc3f3ea022ee2471d52 Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Thu, 12 Mar 2020 17:28:38 +0000
-Subject: [PATCH 3/7] program_prefix.patch
+Subject: [PATCH] program_prefix.patch
 
 Upstream-Status: Inappropriate [oe specific]
 Signed-off-by: Ross Burton <ross.burton@intel.com>
+
 ---
  lib/autoconf/general.m4 | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/lib/autoconf/general.m4 b/lib/autoconf/general.m4
-index 16f0d074..4c5e0b36 100644
+index 47d896d..3deaa46 100644
 --- a/lib/autoconf/general.m4
 +++ b/lib/autoconf/general.m4
-@@ -2070,7 +2070,7 @@ _AC_CANONICAL_SPLIT([target])
+@@ -2071,7 +2071,7 @@ _AC_CANONICAL_SPLIT([target])
  
  # The aliases save the names the user supplied, while $host etc.
  # will get canonicalized.
@@ -22,6 +23,3 @@
    test "$program_prefix$program_suffix$program_transform_name" = \
      NONENONEs,x,x, &&
    program_prefix=${target_alias}-[]dnl
--- 
-2.25.1
-
diff --git a/poky/meta/recipes-devtools/autoconf/autoconf/remove-usr-local-lib-from-m4.patch b/poky/meta/recipes-devtools/autoconf/autoconf/remove-usr-local-lib-from-m4.patch
index f387801..ca1534b 100644
--- a/poky/meta/recipes-devtools/autoconf/autoconf/remove-usr-local-lib-from-m4.patch
+++ b/poky/meta/recipes-devtools/autoconf/autoconf/remove-usr-local-lib-from-m4.patch
@@ -1,19 +1,20 @@
-From a08643ac3fef884900d6cfa161f0acec3ef104d1 Mon Sep 17 00:00:00 2001
+From 294a8d47a70db077691624615c5cb6d331a3299b Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Thu, 12 Mar 2020 17:25:37 +0000
-Subject: [PATCH 1/7] remove-usr-local-lib-from-m4.patch
+Subject: [PATCH] remove-usr-local-lib-from-m4.patch
 
 Upstream-Status: Inappropriate [oe specific]
 Signed-off-by: Ross Burton <ross.burton@intel.com>
+
 ---
  lib/autoconf/functions.m4 | 9 ---------
  1 file changed, 9 deletions(-)
 
 diff --git a/lib/autoconf/functions.m4 b/lib/autoconf/functions.m4
-index 12f60b99..07da7941 100644
+index 9b3f3c0..1faa99b 100644
 --- a/lib/autoconf/functions.m4
 +++ b/lib/autoconf/functions.m4
-@@ -801,15 +801,6 @@ if test $ac_have_func = no; then
+@@ -825,15 +825,6 @@ if test $ac_have_func = no; then
      [LIBS="-lutil $LIBS" ac_have_func=yes ac_cv_func_getloadavg_setgid=yes])
  fi
  
@@ -29,6 +30,3 @@
  # Make sure it is really in the library, if we think we found it,
  # otherwise set up the replacement function.
  AC_CHECK_FUNCS(getloadavg, [],
--- 
-2.25.1
-
diff --git a/poky/meta/recipes-devtools/autoconf/autoconf_2.72d.bb b/poky/meta/recipes-devtools/autoconf/autoconf_2.72e.bb
similarity index 96%
rename from poky/meta/recipes-devtools/autoconf/autoconf_2.72d.bb
rename to poky/meta/recipes-devtools/autoconf/autoconf_2.72e.bb
index 6741746..db37437 100644
--- a/poky/meta/recipes-devtools/autoconf/autoconf_2.72d.bb
+++ b/poky/meta/recipes-devtools/autoconf/autoconf_2.72e.bb
@@ -22,7 +22,7 @@
 "
 SRC_URI:append:class-native = " file://no-man.patch"
 
-SRC_URI[sha256sum] = "c09dcba3d051507459df2fcd58d6f19e5b342568fa910e3bb3a74b4402cde3a6"
+SRC_URI[sha256sum] = "f3478d3b597d51f5d61596fb2f6f6aba49cdd974b4b05ff0bac57f56b5cfdb39"
 
 RDEPENDS:${PN} = "m4 gnu-config \
 		  perl \
diff --git a/poky/meta/recipes-devtools/gcc/gcc-13.2.inc b/poky/meta/recipes-devtools/gcc/gcc-13.2.inc
index 359db1e..32fddd1 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-13.2.inc
+++ b/poky/meta/recipes-devtools/gcc/gcc-13.2.inc
@@ -115,3 +115,4 @@
 "
 
 CVE_STATUS[CVE-2021-37322] = "cpe-incorrect: Is a binutils 2.26 issue, not gcc"
+CVE_STATUS[CVE-2023-4039] = "fixed-version: Fixed via CVE-2023-4039.patch included here. Set the status explictly to deal with all recipes that share the gcc-source"
diff --git a/poky/meta/recipes-devtools/perl/libtest-warnings-perl_0.031.bb b/poky/meta/recipes-devtools/perl/libtest-warnings-perl_0.032.bb
similarity index 78%
rename from poky/meta/recipes-devtools/perl/libtest-warnings-perl_0.031.bb
rename to poky/meta/recipes-devtools/perl/libtest-warnings-perl_0.032.bb
index e03deaf..5876e8a 100644
--- a/poky/meta/recipes-devtools/perl/libtest-warnings-perl_0.031.bb
+++ b/poky/meta/recipes-devtools/perl/libtest-warnings-perl_0.032.bb
@@ -1,6 +1,3 @@
-# Copyright (C) 2020 Jens Rehsack <sno@netbsd.org>
-# Released under the MIT license (see COPYING.MIT for the terms)
-
 SUMMARY = "Test::Warnings - Test for warnings and the lack of them"
 DESCRIPTION = "If you've ever tried to use Test::NoWarnings to confirm there are no \
 warnings generated by your tests, combined with the convenience of \
@@ -12,13 +9,13 @@
 HOMEPAGE = "https://github.com/karenetheridge/Test-Warnings"
 BUGTRACKER = "https://rt.cpan.org/Public/Dist/Display.html?Name=Test-Warnings"
 SECTION = "libs"
-LICENSE = "Artistic-1.0 | GPL-1.0-or-later"
+LICENSE = "Artistic-1.0-Perl | GPL-1.0-or-later"
 
-LIC_FILES_CHKSUM = "file://LICENCE;md5=6f2b02f39e7d359efd9525fbc56c84a1"
+LIC_FILES_CHKSUM = "file://LICENCE;md5=f98106ac3cc05d9cbebcdb8fbf7b7815"
 
 SRC_URI = "${CPAN_MIRROR}/authors/id/E/ET/ETHER/Test-Warnings-${PV}.tar.gz"
 
-SRC_URI[sha256sum] = "1e542909fef305e45563e9878ea1c3b0c7cef1b28bb7ae07eba2e1efabec477b"
+SRC_URI[sha256sum] = "4727dae2416e9f07e41e2dc3a9143ba6affc1ec57652117c99d50038e313e9d9"
 
 S = "${WORKDIR}/Test-Warnings-${PV}"
 
diff --git a/poky/meta/recipes-devtools/perl/perl_5.38.2.bb b/poky/meta/recipes-devtools/perl/perl_5.38.2.bb
index a9d684cf..b6c9cda 100644
--- a/poky/meta/recipes-devtools/perl/perl_5.38.2.bb
+++ b/poky/meta/recipes-devtools/perl/perl_5.38.2.bb
@@ -273,7 +273,7 @@
                ${libdir}/perl5/${PV}/ExtUtils/typemap \
                "
 RPROVIDES:${PN} += "perl-module-strict perl-module-vars perl-module-config perl-module-warnings \
-                    perl-module-warnings-register"
+                    perl-module-warnings-register perl-module-config-git"
 
 FILES:${PN}-staticdev:append = " ${libdir}/perl5/${PV}/*/CORE/libperl.a"
 
@@ -306,8 +306,8 @@
 ALTERNATIVE:${PN}-doc = "Thread.3"
 ALTERNATIVE_LINK_NAME[Thread.3] = "${mandir}/man3/Thread.3"
 
-# Create a perl-modules package recommending all the other perl
-# packages (actually the non modules packages and not created too)
+# Create a perl-modules package that represents the collection of all the
+# other perl packages (actually the non modules packages and not created too).
 ALLOW_EMPTY:${PN}-modules = "1"
 PACKAGES += "${PN}-modules "
 
@@ -322,11 +322,13 @@
     do_split_packages(d, libdir, r'.*linux/([^\/].*)\.(pm|pl|e2x)', '${PN}-module-%s', 'perl module %s', recursive=True, allow_dirs=False, match_path=True, prepend=False)
     do_split_packages(d, libdir, r'(^(?!(CPAN\/|CPANPLUS\/|Module\/|unicore\/|.*linux\/)[^\/]).*)\.(pm|pl|e2x)', '${PN}-module-%s', 'perl module %s', recursive=True, allow_dirs=False, match_path=True, prepend=False)
 
-    # perl-modules should recommend every perl module, and only the
+    # perl-modules should runtime-depend on every perl module, and only the
     # modules. Don't attempt to use the result of do_split_packages() as some
-    # modules are manually split (eg. perl-module-unicore).
-    packages = filter(lambda p: 'perl-module-' in p, d.getVar('PACKAGES').split())
-    d.setVar(d.expand("RRECOMMENDS:${PN}-modules"), ' '.join(packages))
+    # modules are manually split (eg. perl-module-unicore). Also, the split
+    # packages should not include packages defined in RPROVIDES:${PN}.
+    perl_sub_pkgs = d.getVar(d.expand("RPROVIDES:${PN}")).split()
+    packages = filter(lambda p: 'perl-module-' in p and p not in perl_sub_pkgs, d.getVar('PACKAGES').split())
+    d.setVar(d.expand("RDEPENDS:${PN}-modules"), ' '.join(packages))
 
     # Read the pre-generated dependency file, and use it to set module dependecies
     for line in open(d.expand("${WORKDIR}") + '/perl-rdepends.txt').readlines():
@@ -352,7 +354,8 @@
         d.setVar("PACKAGES_DYNAMIC", "^nativesdk-perl-module-.*")
 }
 
-RDEPENDS:${PN}-misc += "perl perl-modules"
+RDEPENDS:${PN}-misc += "perl"
+RRECOMMENDS:${PN}-misc += "perl-modules"
 RDEPENDS:${PN}-pod += "perl"
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-devtools/python/python3-subunit_1.4.2.bb b/poky/meta/recipes-devtools/python/python3-subunit_1.4.2.bb
deleted file mode 100644
index a018ef1..0000000
--- a/poky/meta/recipes-devtools/python/python3-subunit_1.4.2.bb
+++ /dev/null
@@ -1,15 +0,0 @@
-SUMMARY = "Python implementation of subunit test streaming protocol"
-HOMEPAGE = "https://pypi.org/project/python-subunit/"
-SECTION = "devel/python"
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://README.rst;beginline=1;endline=20;md5=909c08e291647fd985fbe5d9836d51b6"
-
-PYPI_PACKAGE = "python-subunit"
-
-SRC_URI[sha256sum] = "2988d324d55ec35dd037e502e3f74ac38f4e457bd44ee0edf5e898f7ee1134d4"
-
-inherit pypi setuptools3
-
-RDEPENDS:${PN} = " python3-testtools"
-
-BBCLASSEXTEND = "nativesdk"
diff --git a/poky/meta/recipes-devtools/python/python3-subunit_1.4.4.bb b/poky/meta/recipes-devtools/python/python3-subunit_1.4.4.bb
new file mode 100644
index 0000000..11be10b
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-subunit_1.4.4.bb
@@ -0,0 +1,15 @@
+SUMMARY = "Python implementation of subunit test streaming protocol"
+HOMEPAGE = "https://pypi.org/project/python-subunit/"
+SECTION = "devel/python"
+LICENSE = "Apache-2.0 | BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://COPYING;beginline=1;endline=20;md5=b1121e68d06c8d9ea544fcd895df0d39"
+
+PYPI_PACKAGE = "python-subunit"
+
+SRC_URI[sha256sum] = "1079363131aa1d3f45259237265bc2e61a77e35f20edfb6e3d1d2558a2cdea34"
+
+inherit pypi setuptools3
+
+RDEPENDS:${PN} = " python3-testtools python3-iso8601"
+
+BBCLASSEXTEND = "nativesdk"
diff --git a/poky/meta/recipes-devtools/python/python3-yamllint_1.33.0.bb b/poky/meta/recipes-devtools/python/python3-yamllint_1.33.0.bb
new file mode 100644
index 0000000..4b7bd06
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-yamllint_1.33.0.bb
@@ -0,0 +1,15 @@
+SUMMARY = "A linter for YAML files."
+HOMEPAGE = "https://github.com/adrienverge/yamllint"
+LICENSE = "GPL-3.0-only"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=1ebbd3e34237af26da5dc08a4e440464"
+
+inherit pypi setuptools3
+
+PYPI_PACKAGE = "yamllint"
+
+SRC_URI[sha256sum] = "2dceab9ef2d99518a2fcf4ffc964d44250ac4459be1ba3ca315118e4a1a81f7d"
+
+DEPENDS += "${PYTHON_PN}-setuptools-scm-native"
+RDEPENDS:${PN} += "${PYTHON_PN}-pyyaml"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-devtools/qemu/qemu-native_8.1.2.bb b/poky/meta/recipes-devtools/qemu/qemu-native_8.2.0.bb
similarity index 100%
rename from poky/meta/recipes-devtools/qemu/qemu-native_8.1.2.bb
rename to poky/meta/recipes-devtools/qemu/qemu-native_8.2.0.bb
diff --git a/poky/meta/recipes-devtools/qemu/qemu-system-native_8.1.2.bb b/poky/meta/recipes-devtools/qemu/qemu-system-native_8.2.0.bb
similarity index 100%
rename from poky/meta/recipes-devtools/qemu/qemu-system-native_8.1.2.bb
rename to poky/meta/recipes-devtools/qemu/qemu-system-native_8.2.0.bb
diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc
index 70515d9..bc14402 100644
--- a/poky/meta/recipes-devtools/qemu/qemu.inc
+++ b/poky/meta/recipes-devtools/qemu/qemu.inc
@@ -32,19 +32,16 @@
            file://0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch \
            file://0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch \
            file://fixedmeson.patch \
-           file://fixmips.patch \
            file://0001-vfio-Include-libgen.h-for-basename-API.patch \
            file://no-pip.patch \
+           file://fix_segv.patch \
            file://qemu-guest-agent.init \
            file://qemu-guest-agent.udev \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
 
-SRC_URI[sha256sum] = "541526a764576eb494d2ff5ec46aeb253e62ea29035d1c23c0a8af4e6cd4f087"
-
-SRC_URI:append:class-target = " file://cross.patch"
-SRC_URI:append:class-nativesdk = " file://cross.patch"
+SRC_URI[sha256sum] = "bf00d2fa12010df8b0ade93371def58e632cb32a6bfdc5f5a0ff8e6a1fb1bf32"
 
 CVE_STATUS[CVE-2017-5957] = "cpe-incorrect: Applies against virglrender < 0.6.0 and not qemu itself"
 
@@ -117,9 +114,13 @@
     --extra-ldflags='${LDFLAGS}' \
     --disable-download \
     --disable-docs \
+    --host-cc=${BUILD_CC} \
     ${PACKAGECONFIG_CONFARGS} \
     "
 
+EXTRA_OECONF:append:class-target = " --cross-prefix=${HOST_PREFIX}"
+EXTRA_OECONF:append:class-nativesdk = " --cross-prefix=${HOST_PREFIX}"
+
 B = "${WORKDIR}/build"
 
 #EXTRA_OECONF:append = " --python=${HOSTTOOLS_DIR}/python3"
@@ -133,6 +134,7 @@
 }
 
 do_configure() {
+    export PKG_CONFIG=pkg-config
     ${S}/configure ${EXTRA_OECONF}
 }
 do_configure[cleandirs] += "${B}"
@@ -176,7 +178,7 @@
 
 # Disable kvm/virgl/mesa on targets that do not support it
 PACKAGECONFIG:remove:darwin = "kvm virglrenderer epoxy gtk+"
-PACKAGECONFIG:remove:mingw32 = "kvm virglrenderer epoxy gtk+"
+PACKAGECONFIG:remove:mingw32 = "kvm virglrenderer epoxy gtk+ pie"
 
 PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2"
 PACKAGECONFIG[png] = "--enable-png,--disable-png,libpng"
@@ -237,6 +239,7 @@
 PACKAGECONFIG[jack] = "--enable-jack,--disable-jack,jack,"
 PACKAGECONFIG[debuginfo] = "--enable-libdw,--disable-libdw,elfutils"
 PACKAGECONFIG[pipewire] = "--enable-pipewire,--disable-pipewire,pipewire"
+PACKAGECONFIG[sndio] = "--enable-sndio,--disable-sndio,sndio"
 
 INSANE_SKIP:${PN}-common = "arch"
 
diff --git a/poky/meta/recipes-devtools/qemu/qemu/cross.patch b/poky/meta/recipes-devtools/qemu/qemu/cross.patch
deleted file mode 100644
index 112eb92..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu/cross.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 76c3fc4c87231bed32974ebbbdb5079cff45a6b7 Mon Sep 17 00:00:00 2001
-From: Richard Purdie <richard.purdie@linuxfoundation.org>
-Date: Tue, 5 Jan 2021 23:00:14 +0000
-Subject: [PATCH 12/12] qemu: Upgrade 5.1.0->5.2.0
-
-We need to be able to trigger configure's cross code but we don't want
-to set cross_prefix as it does other things we don't want. Patch things
-so we can do what we need in the target config case.
-
-Upstream-Status: Inappropriate [may be rewritten in a way upstream may accept?]
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-
----
- configure | 4 ----
- 1 file changed, 4 deletions(-)
-
-Index: qemu-8.0.0/configure
-===================================================================
---- qemu-8.0.0.orig/configure
-+++ qemu-8.0.0/configure
-@@ -2590,7 +2590,6 @@ if test "$skip_meson" = no; then
-   echo "widl = [$(meson_quote $widl)]" >> $cross
-   echo "windres = [$(meson_quote $windres)]" >> $cross
-   echo "windmc = [$(meson_quote $windmc)]" >> $cross
--  if test "$cross_compile" = "yes"; then
-     cross_arg="--cross-file config-meson.cross"
-     echo "[host_machine]" >> $cross
-     echo "system = '$targetos'" >> $cross
-@@ -2608,9 +2607,6 @@ if test "$skip_meson" = no; then
-     else
-         echo "endian = 'little'" >> $cross
-     fi
--  else
--    cross_arg="--native-file config-meson.cross"
--  fi
-   mv $cross config-meson.cross
- 
-   rm -rf meson-private meson-info meson-logs
diff --git a/poky/meta/recipes-devtools/qemu/qemu/fix_segv.patch b/poky/meta/recipes-devtools/qemu/qemu/fix_segv.patch
new file mode 100644
index 0000000..da5ae87
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/fix_segv.patch
@@ -0,0 +1,47 @@
+With qemu 8.2.0 we started seeing SEGV errors when compiling webkitgtk from
+usermode qemu:
+
+qemu-x86_64: QEMU internal SIGSEGV {code=MAPERR, addr=0x20}
+Segmentation fault
+
+By bisection, this was tracked down to:
+
+commit 7b7a3366e142d3baeb3fd1d3660a50e7956c19eb
+Author: Richard Henderson <richard.henderson@linaro.org>
+Date:   Tue Aug 8 20:02:19 2023 -0700
+
+    linux-user: Use walk_memory_regions for open_self_maps
+    
+    Replace the by-hand method of region identification with
+    the official user-exec interface.  Cross-check the region
+    provided to the callback with the interval tree from
+    read_self_maps().
+    
+    Tested-by: Helge Deller <deller@gmx.de>
+    Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
+    Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+
+and specifically to 'n' being NULL. For now, just skip in that case
+until a proper fix can be identified.
+
+Reported upstream: https://www.mail-archive.com/qemu-devel@nongnu.org/msg1018813.html
+
+YOCTO #15367
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Upstream-Status: Pending
+
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index e384e14248..2577fb770d 100644
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
+@@ -8085,6 +8085,9 @@ static int open_self_maps_2(void *opaque, target_ulong guest_start,
+     while (1) {
+         IntervalTreeNode *n =
+             interval_tree_iter_first(d->host_maps, host_start, host_start);
++        if (!n) {
++            return 0;
++        }
+         MapInfo *mi = container_of(n, MapInfo, itree);
+         uintptr_t this_hlast = MIN(host_last, n->last);
+         target_ulong this_gend = h2g(this_hlast) + 1;
diff --git a/poky/meta/recipes-devtools/qemu/qemu/fixedmeson.patch b/poky/meta/recipes-devtools/qemu/qemu/fixedmeson.patch
index 0cbaea0..9047f66 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/fixedmeson.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/fixedmeson.patch
@@ -1,12 +1,12 @@
 Upstream-Status: Inappropriate [workaround, would need a real fix for upstream]
 
-Index: qemu-8.1.0/configure
+Index: qemu-8.2.0/configure
 ===================================================================
---- qemu-8.1.0.orig/configure
-+++ qemu-8.1.0/configure
-@@ -1032,12 +1032,7 @@ then
-     exit 1
- fi
+--- qemu-8.2.0.orig/configure
++++ qemu-8.2.0/configure
+@@ -955,12 +955,7 @@ fi
+ $mkvenv ensuregroup --dir "${source_path}/python/wheels" \
+      ${source_path}/pythondeps.toml meson || exit 1
  
 -# At this point, we expect Meson to be installed and available.
 -# We expect mkvenv or pip to have created pyvenv/bin/meson for us.
diff --git a/poky/meta/recipes-devtools/qemu/qemu/fixmips.patch b/poky/meta/recipes-devtools/qemu/qemu/fixmips.patch
deleted file mode 100644
index 01546d1..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu/fixmips.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Patch to fix mips boot hangs where virtio appears broken. Patch under discussion upstream. 
-Regression is introduced by other fixes to 8.1.0 to get x86 boots working.
-
-Upstream-Status: Pending [https://lore.kernel.org/qemu-devel/6c956b90-5a13-db96-9c02-9834a512fe6f@linaro.org/]
-
-Index: qemu-8.1.0/softmmu/physmem.c
-===================================================================
---- qemu-8.1.0.orig/softmmu/physmem.c
-+++ qemu-8.1.0/softmmu/physmem.c
-@@ -2517,7 +2517,7 @@ static void tcg_commit(MemoryListener *l
-      * That said, the listener is also called during realize, before
-      * all of the tcg machinery for run-on is initialized: thus halt_cond.
-      */
--    if (cpu->halt_cond) {
-+    if (cpu->halt_cond && !qemu_cpu_is_self(cpu)) {
-         async_run_on_cpu(cpu, tcg_commit_cpu, RUN_ON_CPU_HOST_PTR(cpuas));
-     } else {
-         tcg_commit_cpu(cpu, RUN_ON_CPU_HOST_PTR(cpuas));
diff --git a/poky/meta/recipes-devtools/qemu/qemu/no-pip.patch b/poky/meta/recipes-devtools/qemu/qemu/no-pip.patch
index f52b4e4..92b2edb 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/no-pip.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/no-pip.patch
@@ -22,11 +22,11 @@
 Upstream-Status: Inappropriate [oe specific]
 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 
-diff --git a/configure b/configure
-index 133f4e3235..e4c144b4e2 100755
---- a/configure
-+++ b/configure
-@@ -1009,7 +1009,7 @@ python="$(command -v "$python")"
+Index: qemu-8.2.0/configure
+===================================================================
+--- qemu-8.2.0.orig/configure
++++ qemu-8.2.0/configure
+@@ -937,7 +937,7 @@ python="$(command -v "$python")"
  echo "python determined to be '$python'"
  echo "python version: $($python --version)"
  
@@ -35,11 +35,11 @@
  if test "$?" -ne 0 ; then
      error_exit "python venv creation failed"
  fi
-@@ -1017,6 +1017,7 @@ fi
+@@ -945,6 +945,7 @@ fi
  # Suppress writing compiled files
  python="$python -B"
  mkvenv="$python ${source_path}/python/scripts/mkvenv.py"
 +mkvenv=true
  
- mkvenv_flags=""
- if test "$download" = "enabled" ; then
+ # Finish preparing the virtual environment using vendored .whl files
+ 
diff --git a/poky/meta/recipes-devtools/qemu/qemu_8.1.2.bb b/poky/meta/recipes-devtools/qemu/qemu_8.2.0.bb
similarity index 100%
rename from poky/meta/recipes-devtools/qemu/qemu_8.1.2.bb
rename to poky/meta/recipes-devtools/qemu/qemu_8.2.0.bb
diff --git a/poky/meta/recipes-devtools/rust/files/cargo-path.patch b/poky/meta/recipes-devtools/rust/files/cargo-path.patch
new file mode 100644
index 0000000..84bd580
--- /dev/null
+++ b/poky/meta/recipes-devtools/rust/files/cargo-path.patch
@@ -0,0 +1,37 @@
+Fix the cargo binary path error and ensure that it is fetched
+during rustc bootstrap in rust oe-selftest.
+
+======================================================================
+ERROR: test_cargoflags (bootstrap_test.BuildBootstrap)
+----------------------------------------------------------------------
+Traceback (most recent call last):
+  File "/home/build-st/tmp/work/cortexa57-poky-linux/rust/1.74.1/rustc-1.74.1-src/src/bootstrap/bootstrap_test.py", line 157, in test_cargoflags
+    args, _ = self.build_args(env={"CARGOFLAGS": "--timings"})
+  File "/home/build-st/tmp/work/cortexa57-poky-linux/rust/1.74.1/rustc-1.74.1-src/src/bootstrap/bootstrap_test.py", line 154, in build_args
+    return build.build_bootstrap_cmd(env), env
+  File "/home/build-st/tmp/work/cortexa57-poky-linux/rust/1.74.1/rustc-1.74.1-src/src/bootstrap/bootstrap.py", line 960, in build_bootstrap_cmd
+    raise Exception("no cargo executable found at `{}`".format(
+Exception: no cargo executable found at `/home/build-st/tmp/work/cortexa57-poky-linux/rust/1.74.1/rustc-1.74.1-src/build/x86_64-unknown-linux-gnu/stage0/bin/cargo`
+
+Upstream-Status: Submitted [https://github.com/rust-lang/rust/pull/120125]
+
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+---
+diff --git a/src/bootstrap/bootstrap.py b/src/bootstrap/bootstrap.py
+--- a/src/bootstrap/bootstrap.py
++++ b/src/bootstrap/bootstrap.py
+@@ -954,9 +954,11 @@
+         if deny_warnings:
+             env["RUSTFLAGS"] += " -Dwarnings"
+
+-        env["PATH"] = os.path.join(self.bin_root(), "bin") + \
+-            os.pathsep + env["PATH"]
+-        if not os.path.isfile(self.cargo()):
++        cargo_bin_path = os.path.join(self.bin_root(), "bin", "cargo")
++        if not os.path.isfile(cargo_bin_path):
++            cargo_bin_path = os.getenv("RUST_TARGET_PATH") + "rust-snapshot/bin/cargo"
++            env["PATH"] = os.path.dirname(cargo_bin_path) + os.pathsep + env["PATH"]
++        else:
+             raise Exception("no cargo executable found at `{}`".format(
+                 self.cargo()))
+         args = [self.cargo(), "build", "--manifest-path",
diff --git a/poky/meta/recipes-devtools/rust/files/custom-target-cfg.patch b/poky/meta/recipes-devtools/rust/files/custom-target-cfg.patch
new file mode 100644
index 0000000..15a7f25
--- /dev/null
+++ b/poky/meta/recipes-devtools/rust/files/custom-target-cfg.patch
@@ -0,0 +1,90 @@
+Detect and fetch custom target configurations when rustc is
+bootstrapped in rust oe-selftest.
+
+Upstream-Status: Backport [https://github.com/rust-lang/rust/pull/119619/commits/26c71cbcf1a9bce6ceb962d753c467d098f63cf6]
+
+Signed-off-by: onur-ozkan <work@onurozkan.dev>
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+---
+diff --git a/src/tools/compiletest/src/common.rs b/src/tools/compiletest/src/common.rs
+index e85f6319936..c45c0b3c652 100644
+--- a/src/tools/compiletest/src/common.rs
++++ b/src/tools/compiletest/src/common.rs
+@@ -479,6 +479,7 @@ fn new(config: &Config) -> TargetCfgs {
+         let mut targets: HashMap<String, TargetCfg> = serde_json::from_str(&rustc_output(
+             config,
+             &["--print=all-target-specs-json", "-Zunstable-options"],
++            Default::default(),
+         ))
+         .unwrap();
+
+@@ -491,16 +492,33 @@ fn new(config: &Config) -> TargetCfgs {
+         let mut all_families = HashSet::new();
+         let mut all_pointer_widths = HashSet::new();
+
+-        // Handle custom target specs, which are not included in `--print=all-target-specs-json`.
+-        if config.target.ends_with(".json") {
+-            targets.insert(
+-                config.target.clone(),
+-                serde_json::from_str(&rustc_output(
+-                    config,
+-                    &["--print=target-spec-json", "-Zunstable-options", "--target", &config.target],
+-                ))
+-                .unwrap(),
+-            );
++        // If current target is not included in the `--print=all-target-specs-json` output,
++        // we check whether it is a custom target from the user or a synthetic target from bootstrap.
++        if !targets.contains_key(&config.target) {
++            let mut envs: HashMap<String, String> = HashMap::new();
++
++            if let Ok(t) = std::env::var("RUST_TARGET_PATH") {
++                envs.insert("RUST_TARGET_PATH".into(), t);
++            }
++
++            // This returns false only when the target is neither a synthetic target
++            // nor a custom target from the user, indicating it is most likely invalid.
++            if config.target.ends_with(".json") || !envs.is_empty() {
++                targets.insert(
++                    config.target.clone(),
++                    serde_json::from_str(&rustc_output(
++                        config,
++                        &[
++                            "--print=target-spec-json",
++                            "-Zunstable-options",
++                            "--target",
++                            &config.target,
++                        ],
++                        envs,
++                    ))
++                    .unwrap(),
++                );
++            }
+         }
+
+         for (target, cfg) in targets.iter() {
+@@ -545,7 +563,9 @@ fn get_current_target_config(
+         // code below extracts them from `--print=cfg`: make sure to only override fields that can
+         // actually be changed with `-C` flags.
+         for config in
+-            rustc_output(config, &["--print=cfg", "--target", &config.target]).trim().lines()
++            rustc_output(config, &["--print=cfg", "--target", &config.target], Default::default())
++                .trim()
++                .lines()
+         {
+             let (name, value) = config
+                 .split_once("=\"")
+@@ -624,11 +644,12 @@ pub enum Endian {
+     Big,
+ }
+
+-fn rustc_output(config: &Config, args: &[&str]) -> String {
++fn rustc_output(config: &Config, args: &[&str], envs: HashMap<String, String>) -> String {
+     let mut command = Command::new(&config.rustc_path);
+     add_dylib_path(&mut command, iter::once(&config.compile_lib_path));
+     command.args(&config.target_rustcflags).args(args);
+     command.env("RUSTC_BOOTSTRAP", "1");
++    command.envs(envs);
+
+     let output = match command.output() {
+         Ok(output) => output,
+
diff --git a/poky/meta/recipes-devtools/rust/files/rustc-bootstrap.patch b/poky/meta/recipes-devtools/rust/files/rustc-bootstrap.patch
new file mode 100644
index 0000000..406fc61
--- /dev/null
+++ b/poky/meta/recipes-devtools/rust/files/rustc-bootstrap.patch
@@ -0,0 +1,21 @@
+When rust.channel is set to either beta or stable, we can't use
+nightly features on bootstrap without RUSTC_BOOTSTRAP. Set RUSTC_BOOTSTRAP=1
+to use nightly features on stable or beta.
+
+Upstream-Status: Backport [https://github.com/rust-lang/rust/pull/119619/commits/8aa7dd06f6e50621dc10f9f9490681be8a45876f]
+
+Signed-off-by: onur-ozkan <work@onurozkan.dev>
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+---
+diff --git a/src/bootstrap/synthetic_targets.rs b/ src/bootstrap/synthetic_targets.rs
+index d2c65b740da..45baf56f46b 100644
+--- a/src/bootstrap/synthetic_targets.rs
++++ b/src/bootstrap/synthetic_targets.rs
+@@ -59,6 +59,7 @@ fn create_synthetic_target(
+     let mut cmd = Command::new(builder.rustc(compiler));
+     cmd.arg("--target").arg(base.rustc_target_arg());
+     cmd.args(["-Zunstable-options", "--print", "target-spec-json"]);
++    cmd.env("RUSTC_BOOTSTRAP", "1");
+     cmd.stdout(Stdio::piped());
+
+     let output = cmd.spawn().unwrap().wait_with_output().unwrap();
diff --git a/poky/meta/recipes-devtools/rust/files/target-build-value.patch b/poky/meta/recipes-devtools/rust/files/target-build-value.patch
new file mode 100644
index 0000000..23e8c76
--- /dev/null
+++ b/poky/meta/recipes-devtools/rust/files/target-build-value.patch
@@ -0,0 +1,26 @@
+Add correct build value for cross-compiled targets on stage1 when
+bootstapping rustc.
+
+Upstream-Status: Backport [https://github.com/rust-lang/rust/pull/119619/commits/b888e2f82b9dbe81875f50d13adbc0271a9401ff]
+
+Signed-off-by: onur-ozkan <work@onurozkan.dev>
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+---
+diff --git a/src/bootstrap/test.rs b/src/bootstrap/test.rs
+--- a/src/bootstrap/test.rs
++++ b/src/bootstrap/test.rs
+@@ -1489,8 +1489,12 @@
+         // NOTE: Only stage 1 is special cased because we need the rustc_private artifacts to match the
+         // running compiler in stage 2 when plugins run.
+         let stage_id = if suite == "ui-fulldeps" && compiler.stage == 1 {
+-            compiler = builder.compiler(compiler.stage - 1, target);
+-            format!("stage{}-{}", compiler.stage + 1, target)
++            // At stage 0 (stage - 1) we are using the beta compiler. Using `self.target` can lead finding
++            // an incorrect compiler path on cross-targets, as the stage 0 beta compiler is always equal
++            // to `build.build` in the configuration.
++            let build = builder.build.build;
++            compiler = builder.compiler(compiler.stage - 1, build);
++            format!("stage{}-{}", compiler.stage + 1, build)
+         } else {
+             format!("stage{}-{}", compiler.stage, target)
+         };
diff --git a/poky/meta/recipes-devtools/rust/rust-source.inc b/poky/meta/recipes-devtools/rust/rust-source.inc
index 83a0dbc..e02829e 100644
--- a/poky/meta/recipes-devtools/rust/rust-source.inc
+++ b/poky/meta/recipes-devtools/rust/rust-source.inc
@@ -10,6 +10,10 @@
             file://0004-musl-Define-O_LARGEFILE-for-riscv32.patch;patchdir=${RUSTSRC} \
             file://0005-musl-Define-SOCK_SEQPACKET-in-common-place.patch;patchdir=${RUSTSRC} \
             file://0001-Revert-Map-source-absolute-paths-to-OUT_DIR-as-relat.patch;patchdir=${RUSTSRC} \
+            file://cargo-path.patch;patchdir=${RUSTSRC} \
+            file://custom-target-cfg.patch;patchdir=${RUSTSRC} \
+            file://rustc-bootstrap.patch;patchdir=${RUSTSRC} \
+            file://target-build-value.patch;patchdir=${RUSTSRC} \
 "
 SRC_URI[rust.sha256sum] = "b98c09d968529212fb29eec7d6d3e9bdaa869810679b7fb86a1ca69469d75f5e"
 
diff --git a/poky/meta/recipes-devtools/rust/rust_1.74.1.bb b/poky/meta/recipes-devtools/rust/rust_1.74.1.bb
index 30543ad..f8db186 100644
--- a/poky/meta/recipes-devtools/rust/rust_1.74.1.bb
+++ b/poky/meta/recipes-devtools/rust/rust_1.74.1.bb
@@ -200,7 +200,11 @@
     if [ ${RUST_ALTERNATE_EXE_PATH_NATIVE} != ${RUST_ALTERNATE_EXE_PATH} -a ! -f ${RUST_ALTERNATE_EXE_PATH} ]; then
         mkdir -p `dirname ${RUST_ALTERNATE_EXE_PATH}`
         cp ${RUST_ALTERNATE_EXE_PATH_NATIVE} ${RUST_ALTERNATE_EXE_PATH}
-        chrpath -d ${RUST_ALTERNATE_EXE_PATH}
+        if [ -e ${STAGING_LIBDIR_NATIVE}/libc++.so.1 ]; then
+            chrpath -r \$ORIGIN/../../../../../`basename ${STAGING_DIR_NATIVE}`${libdir_native} ${RUST_ALTERNATE_EXE_PATH}
+        else
+            chrpath -d ${RUST_ALTERNATE_EXE_PATH}
+        fi
     fi
 
     oe_cargo_fix_env
diff --git a/poky/meta/recipes-extended/cronie/cronie/crond_pam_config.patch b/poky/meta/recipes-extended/cronie/cronie/crond_pam_config.patch
index c374790..464d147 100644
--- a/poky/meta/recipes-extended/cronie/cronie/crond_pam_config.patch
+++ b/poky/meta/recipes-extended/cronie/cronie/crond_pam_config.patch
@@ -1,9 +1,19 @@
+From f5b325cba73018e5be984570fd4e680e59e7865d Mon Sep 17 00:00:00 2001
+From: Wenzong Fan <wenzong.fan@windriver.com>
+Date: Wed, 20 Jul 2011 02:42:28 +0000
+Subject: [PATCH] cronie: enable PAM support for cronie
+
 password-auth is the Fedora's common pam configure file, use oe common pam
 configure files instead.
 
 Upstream-Status: Pending
 
 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+
+---
+ pam/crond | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
 diff --git a/pam/crond b/pam/crond
 index 560529d..95a6457 100644
 --- a/pam/crond
diff --git a/poky/meta/recipes-extended/cronie/cronie_1.7.0.bb b/poky/meta/recipes-extended/cronie/cronie_1.7.1.bb
similarity index 96%
rename from poky/meta/recipes-extended/cronie/cronie_1.7.0.bb
rename to poky/meta/recipes-extended/cronie/cronie_1.7.1.bb
index 24c419b..854b681 100644
--- a/poky/meta/recipes-extended/cronie/cronie_1.7.0.bb
+++ b/poky/meta/recipes-extended/cronie/cronie_1.7.1.bb
@@ -25,7 +25,7 @@
 PAM_SRC_URI = "file://crond_pam_config.patch"
 PAM_DEPS = "libpam libpam-runtime pam-plugin-access pam-plugin-loginuid"
 
-SRC_URI[sha256sum] = "6827f5a47760cc64afeef0a60d3cb5376f52569109fc9a73957dd5e9fdae7619"
+SRC_URI[sha256sum] = "78033100c24413f0c40f93e6138774d6a4f55bc31050567b90db45a2f9f1b954"
 
 inherit autotools update-rc.d useradd systemd github-releases
 UPSTREAM_CHECK_REGEX = "releases/tag/cronie-(?P<pver>\d+(\.\d+)+)"
diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc
index 43f4562..b8e5e28 100644
--- a/poky/meta/recipes-extended/shadow/shadow.inc
+++ b/poky/meta/recipes-extended/shadow/shadow.inc
@@ -47,16 +47,6 @@
 
 CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY"
 
-# Force static linking of utilities so we can use from the sysroot/sstate for useradd
-# without worrying about the dependency libraries being available
-LDFLAGS:append:class-native = " -no-pie"
-do_compile:prepend:class-native () {
-	sed -i -e 's#\(LIBS.*\)-lbsd#\1 ${STAGING_LIBDIR}/libbsd.a ${STAGING_LIBDIR}/libmd.a#g' \
-	       -e 's#\(LIBBSD.*\)-lbsd#\1 ${STAGING_LIBDIR}/libbsd.a ${STAGING_LIBDIR}/libmd.a#g' \
-	       -e 's#\(LIBATTR.*\)-lattr#\1 ${STAGING_LIBDIR}/libattr.a#g' \
-               ${B}/lib/Makefile ${B}/src/Makefile
-}
-
 NSCDOPT = ""
 NSCDOPT:class-native = "--without-nscd"
 NSCDOPT:class-nativesdk = "--without-nscd"
@@ -161,6 +151,20 @@
 	touch ${D}${sysconfdir}/subgid
 }
 
+# Make executables look for dynamically linked libraries in a custom location, and install
+# the needed libraries there. That way we can use them from sstate
+# in setscene tasks without worrying about the dependency libraries being available.
+do_install:append:class-native() {
+        binaries=$(find ${D}${base_bindir}/ ${D}${base_sbindir}/ ${D}${bindir}/ ${D}${sbindir}/ -executable -type f)
+        chrpath -k -r ${STAGING_DIR_NATIVE}/lib-shadow-deps $binaries
+        mkdir -p ${D}${STAGING_DIR_NATIVE}/lib-shadow-deps/
+        install ${STAGING_LIBDIR_NATIVE}/libattr.so.* ${STAGING_LIBDIR_NATIVE}/libbsd.so.* ${STAGING_LIBDIR_NATIVE}/libmd.so.* ${D}${STAGING_DIR_NATIVE}/lib-shadow-deps/
+        install ${D}${libdir}/*.so.* ${D}${STAGING_DIR_NATIVE}/lib-shadow-deps/
+}
+
+SYSROOT_DIRS:append:class-native = " ${STAGING_DIR_NATIVE}/lib-shadow-deps/"
+INSANE_SKIP:${PN}:class-native = "already-stripped"
+
 PACKAGES =+ "${PN}-base"
 FILES:${PN}-base = "\
     ${base_bindir}/login.shadow \
diff --git a/poky/meta/recipes-gnome/libgudev/libgudev/0001-meson-Pass-export-dynamic-option-to-linker.patch b/poky/meta/recipes-gnome/libgudev/libgudev/0001-meson-Pass-export-dynamic-option-to-linker.patch
new file mode 100644
index 0000000..8a06d24
--- /dev/null
+++ b/poky/meta/recipes-gnome/libgudev/libgudev/0001-meson-Pass-export-dynamic-option-to-linker.patch
@@ -0,0 +1,38 @@
+From dc4fcfb1e1e2326a412b252314af3e9424a31457 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 16 Jan 2024 12:02:46 -0800
+Subject: [PATCH] meson: Pass --export-dynamic option to linker
+
+Bypass the compiler driver trying to comprehend and translate it for
+linker, since its not clear what the right behavior should be, gcc seems
+to translate it into --export-dynamic but clang 18+ rejects it
+
+| x86_64-yoe-linux-clang: error: unknown argument: '-export-dynamic'
+
+also see [1]
+
+This makes it work as intended across gcc and clang
+
+Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/libgudev/-/merge_requests/30]
+[1] https://discourse.llvm.org/t/clang-option-export-dynamic-parse-to-e-xport-dynamic-error/72454
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ gudev/meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gudev/meson.build b/gudev/meson.build
+index e904203..3ed580b 100644
+--- a/gudev/meson.build
++++ b/gudev/meson.build
+@@ -33,7 +33,7 @@ libgudev_c_args = [
+ ]
+ 
+ libgudev_link_args = [
+-  '-export-dynamic',
++  '-Wl,--export-dynamic',
+   '-Wl,--version-script,@0@/libgudev-1.0.sym'.format(top_srcdir),
+ ]
+ 
+-- 
+2.43.0
+
diff --git a/poky/meta/recipes-gnome/libgudev/libgudev_238.bb b/poky/meta/recipes-gnome/libgudev/libgudev_238.bb
index 5923544..f197f64 100644
--- a/poky/meta/recipes-gnome/libgudev/libgudev_238.bb
+++ b/poky/meta/recipes-gnome/libgudev/libgudev_238.bb
@@ -16,6 +16,8 @@
 
 inherit gnomebase gobject-introspection gtk-doc
 
+SRC_URI += "file://0001-meson-Pass-export-dynamic-option-to-linker.patch"
+
 GIR_MESON_ENABLE_FLAG = 'enabled'
 GIR_MESON_DISABLE_FLAG = 'disabled'
 
diff --git a/poky/meta/recipes-gnome/libsecret/libsecret_0.21.1.bb b/poky/meta/recipes-gnome/libsecret/libsecret_0.21.2.bb
similarity index 90%
rename from poky/meta/recipes-gnome/libsecret/libsecret_0.21.1.bb
rename to poky/meta/recipes-gnome/libsecret/libsecret_0.21.2.bb
index f762d7c..2d8ea95 100644
--- a/poky/meta/recipes-gnome/libsecret/libsecret_0.21.1.bb
+++ b/poky/meta/recipes-gnome/libsecret/libsecret_0.21.2.bb
@@ -13,7 +13,7 @@
 
 DEPENDS += "glib-2.0 libgcrypt gettext-native"
 
-SRC_URI[archive.sha256sum] = "674f51323a5f74e4cb7e3277da68b5afddd333eca25bc9fd2d820a92972f90b1"
+SRC_URI[archive.sha256sum] = "e4a341496a0815e64c8d3b8fabab33d7bae7efdeab77b843669731d5b181dcee"
 
 GTKDOC_MESON_OPTION = 'gtk_doc'
 
diff --git a/poky/meta/recipes-graphics/cairo/cairo_1.18.0.bb b/poky/meta/recipes-graphics/cairo/cairo_1.18.0.bb
index fe72537..4c97e97 100644
--- a/poky/meta/recipes-graphics/cairo/cairo_1.18.0.bb
+++ b/poky/meta/recipes-graphics/cairo/cairo_1.18.0.bb
@@ -38,12 +38,13 @@
 
 # if qemu usermode isn't available, this value needs to be set statically
 # (otherwise it's determinted by running a small target executable with qemu)
-do_write_config:append:class-target() {
+do_write_config:append() {
     cat >${WORKDIR}/cairo.cross <<EOF
 [properties]
 ipc_rmid_deferred_release = 'true'
 EOF
 }
+EXTRA_OEMESON:append:class-nativesdk = "${@' --cross-file ${WORKDIR}/cairo.cross' if d.getVar('EXEWRAPPER_ENABLED') == 'False' else ''}"
 EXTRA_OEMESON:append:class-target = "${@' --cross-file ${WORKDIR}/cairo.cross' if d.getVar('EXEWRAPPER_ENABLED') == 'False' else ''}"
 
 GTKDOC_MESON_OPTION = "gtk_doc"
diff --git a/poky/meta/recipes-graphics/shaderc/shaderc_2023.7.bb b/poky/meta/recipes-graphics/shaderc/shaderc_2023.7.bb
index e4555af..cf2ced9 100644
--- a/poky/meta/recipes-graphics/shaderc/shaderc_2023.7.bb
+++ b/poky/meta/recipes-graphics/shaderc/shaderc_2023.7.bb
@@ -6,7 +6,7 @@
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
 
-SRCREV = "23cc2d78fd4f866b6ab527886a396bec36948605"
+SRCREV = "3882b16417077aa8eaa7b5775920e7ba4b8a224d"
 SRC_URI = "git://github.com/google/shaderc.git;protocol=https;branch=main \
            file://0001-cmake-disable-building-external-dependencies.patch \
            file://0002-libshaderc_util-fix-glslang-header-file-location.patch \
diff --git a/poky/meta/recipes-graphics/wayland/weston_12.0.2.bb b/poky/meta/recipes-graphics/wayland/weston_13.0.0.bb
similarity index 93%
rename from poky/meta/recipes-graphics/wayland/weston_12.0.2.bb
rename to poky/meta/recipes-graphics/wayland/weston_13.0.0.bb
index cfcaaca..c74f471 100644
--- a/poky/meta/recipes-graphics/wayland/weston_12.0.2.bb
+++ b/poky/meta/recipes-graphics/wayland/weston_13.0.0.bb
@@ -14,7 +14,7 @@
            file://systemd-notify.weston-start \
            "
 
-SRC_URI[sha256sum] = "eb686a7cf00992a23b17f192fca9a887313e92c346ee35d8575196983d656b4a"
+SRC_URI[sha256sum] = "52ff1d4aa2394a2e416c85a338b627ce97fa71d43eb762fd4aaf145d36fc795a"
 
 UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html"
 UPSTREAM_CHECK_REGEX = "weston-(?P<pver>\d+\.\d+\.(?!9\d+)\d+)"
@@ -38,7 +38,6 @@
                    ${@bb.utils.contains('DISTRO_FEATURES', 'x11 wayland', 'xwayland', '', d)} \
                    ${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \
                    ${@bb.utils.contains_any('DISTRO_FEATURES', 'wayland x11', '', 'headless', d)} \
-                   launcher-libseat \
                    image-jpeg \
                    screenshare \
                    shell-desktop \
@@ -54,7 +53,7 @@
 # Compositor choices
 #
 # Weston on KMS
-PACKAGECONFIG[kms] = "-Dbackend-drm=true,-Dbackend-drm=false,drm udev virtual/egl virtual/libgles2 virtual/libgbm mtdev"
+PACKAGECONFIG[kms] = "-Dbackend-drm=true,-Dbackend-drm=false,drm udev seatd virtual/egl virtual/libgles2 virtual/libgbm mtdev"
 # Weston on Wayland (nested Weston)
 PACKAGECONFIG[wayland] = "-Dbackend-wayland=true,-Dbackend-wayland=false,virtual/egl virtual/libgles2"
 # Weston on X11
@@ -93,10 +92,6 @@
 PACKAGECONFIG[shell-kiosk] = "-Dshell-kiosk=true,-Dshell-kiosk=false"
 # JPEG image loading support
 PACKAGECONFIG[image-jpeg] = "-Dimage-jpeg=true,-Dimage-jpeg=false, jpeg"
-# support libseat based launch
-PACKAGECONFIG[launcher-libseat] = "-Dlauncher-libseat=true,-Dlauncher-libseat=false,seatd"
-# deprecated and superseded by libseat launcher
-PACKAGECONFIG[launcher-logind] = "-Ddeprecated-launcher-logind=true,-Ddeprecated-launcher-logind=false,"
 # screencasting via PipeWire
 PACKAGECONFIG[pipewire] = "-Dbackend-pipewire=true,-Dbackend-pipewire=false,pipewire"
 # VNC remote screensharing
diff --git a/poky/meta/recipes-graphics/xorg-app/xev/diet-x11.patch b/poky/meta/recipes-graphics/xorg-app/xev/diet-x11.patch
deleted file mode 100644
index 361369b..0000000
--- a/poky/meta/recipes-graphics/xorg-app/xev/diet-x11.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From b9b2b8d1af283a13cdccea55562cf332de48dcb9 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross@openedhand.com>
-Date: Wed, 28 Mar 2007 16:10:50 +0000
-Subject: [PATCH] Add xev
-
-Upstream-Status: Inappropriate [disable feature]
-
----
- xev.c | 64 +----------------------------------------------------------
- 1 file changed, 1 insertion(+), 63 deletions(-)
-
-diff --git a/xev.c b/xev.c
-index ea69234..6d5eb30 100644
---- a/xev.c
-+++ b/xev.c
-@@ -175,17 +175,6 @@ do_KeyPress(XEvent *eventp)
-     nbytes = XLookupString(e, str, 256, &ks, NULL);
- 
-     /* not supposed to call XmbLookupString on a key release event */
--    if (e->type == KeyPress && xic) {
--        do {
--            nmbbytes = XmbLookupString(xic, e, buf, bsize - 1, &ks, &status);
--            buf[nmbbytes] = '\0';
--
--            if (status == XBufferOverflow) {
--                bsize = nmbbytes + 1;
--                buf = realloc(buf, bsize);
--            }
--        } while (status == XBufferOverflow);
--    }
- 
-     if (ks == NoSymbol)
-         ksname = "NoSymbol";
-@@ -220,16 +209,6 @@ do_KeyPress(XEvent *eventp)
-     }
- 
-     /* not supposed to call XmbLookupString on a key release event */
--    if (e->type == KeyPress && xic) {
--        output(Indent, "XmbLookupString gives %d bytes: ", nmbbytes);
--        if (nmbbytes > 0) {
--            dump(buf, nmbbytes);
--            output(NewLine, " \"%s\"", buf);
--        }
--        else {
--            output_new_line();
--        }
--    }
- 
-     output(Indent | NewLine, "XFilterEvent returns: %s",
-            XFilterEvent(eventp, e->window) ? "True" : "False");
-@@ -1211,7 +1190,7 @@ parse_event_mask(const char *s, long event_masks[])
-             if (s)
-                 return True;
-         }
--    }
-+	}
- 
-     if (s != NULL)
-         fprintf(stderr, "%s: unrecognized event mask '%s'\n", ProgramName, s);
-@@ -1361,37 +1340,6 @@ main(int argc, char **argv)
-         fprintf(stderr, "%s:  XSetLocaleModifiers failed\n", ProgramName);
-     }
- 
--    xim = XOpenIM(dpy, NULL, NULL, NULL);
--    if (xim == NULL) {
--        fprintf(stderr, "%s:  XOpenIM failed\n", ProgramName);
--    }
--
--    if (xim) {
--        imvalret = XGetIMValues(xim, XNQueryInputStyle, &xim_styles, NULL);
--        if (imvalret != NULL || xim_styles == NULL) {
--            fprintf(stderr, "%s:  input method doesn't support any styles\n",
--                    ProgramName);
--        }
--
--        if (xim_styles) {
--            xim_style = 0;
--            for (i = 0; i < xim_styles->count_styles; i++) {
--                if (xim_styles->supported_styles[i] ==
--                    (XIMPreeditNothing | XIMStatusNothing)) {
--                    xim_style = xim_styles->supported_styles[i];
--                    break;
--                }
--            }
--
--            if (xim_style == 0) {
--                fprintf(stderr,
--                        "%s: input method doesn't support the style we support\n",
--                        ProgramName);
--            }
--            XFree(xim_styles);
--        }
--    }
--
-     screen = DefaultScreen(dpy);
- 
-     attr.event_mask = event_masks[EVENT_MASK_INDEX_CORE];
-@@ -1446,16 +1394,6 @@ main(int argc, char **argv)
-         printf("Outer window is 0x%lx, inner window is 0x%lx\n", w, subw);
-     }
- 
--    if (xim && xim_style) {
--        xic = XCreateIC(xim,
--                        XNInputStyle, xim_style,
--                        XNClientWindow, w, XNFocusWindow, w, NULL);
--
--        if (xic == NULL) {
--            fprintf(stderr, "XCreateIC failed\n");
--        }
--    }
--
-     have_rr = XRRQueryExtension(dpy, &rr_event_base, &rr_error_base);
-     if (have_rr) {
-         int rr_major, rr_minor;
diff --git a/poky/meta/recipes-graphics/xorg-app/xev_1.2.5.bb b/poky/meta/recipes-graphics/xorg-app/xev_1.2.5.bb
index 0e3def6..1d2e66b 100644
--- a/poky/meta/recipes-graphics/xorg-app/xev_1.2.5.bb
+++ b/poky/meta/recipes-graphics/xorg-app/xev_1.2.5.bb
@@ -12,8 +12,6 @@
 
 DEPENDS += "libxrandr xorgproto"
 
-SRC_URI += "file://diet-x11.patch"
-
 SRC_URI[sha256sum] = "c9461a4389714e0f33974f9e75934bdc38d836a0f059b8dc089c7cbf2ce36ec1"
 
 SRC_URI_EXT = "xz"
diff --git a/poky/meta/recipes-graphics/xorg-lib/libxcomposite/change-include-order.patch b/poky/meta/recipes-graphics/xorg-lib/libxcomposite/change-include-order.patch
deleted file mode 100644
index 60331f6..0000000
--- a/poky/meta/recipes-graphics/xorg-lib/libxcomposite/change-include-order.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-This patch makes the build use its own Xcomposite.h over rather than an
-older Xcomposite.h that might already be installed in the staging dir.
-
-Index: libXcomposite-0.4.3/src/Makefile.am
-===================================================================
---- libXcomposite-0.4.3.orig/src/Makefile.am	2010-06-30 22:42:53.000000000 -0700
-+++ libXcomposite-0.4.3/src/Makefile.am	2010-11-23 23:09:34.544322930 -0800
-@@ -19,7 +19,7 @@
- #  TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- #  PERFORMANCE OF THIS SOFTWARE.
- 
--AM_CFLAGS = $(CWARNFLAGS) $(XCOMPOSITE_CFLAGS) $(XFIXES_CFLAGS)
-+AM_CFLAGS = -I$(top_srcdir)/include $(CWARNFLAGS) $(XCOMPOSITE_CFLAGS) $(XFIXES_CFLAGS)
- AM_CPPFLAGS = -I$(top_srcdir)/include
- 
- lib_LTLIBRARIES = libXcomposite.la
diff --git a/poky/meta/recipes-graphics/xorg-lib/libxcomposite_0.4.6.bb b/poky/meta/recipes-graphics/xorg-lib/libxcomposite_0.4.6.bb
index 77b3db5..881f579 100644
--- a/poky/meta/recipes-graphics/xorg-lib/libxcomposite_0.4.6.bb
+++ b/poky/meta/recipes-graphics/xorg-lib/libxcomposite_0.4.6.bb
@@ -22,6 +22,4 @@
 
 XORG_PN = "libXcomposite"
 
-SRC_URI += " file://change-include-order.patch"
-
 SRC_URI[sha256sum] = "fe40bcf0ae1a09070eba24088a5eb9810efe57453779ec1e20a55080c6dc2c87"
diff --git a/poky/meta/recipes-graphics/xorg-lib/libxrandr_1.5.3.bb b/poky/meta/recipes-graphics/xorg-lib/libxrandr_1.5.4.bb
similarity index 87%
rename from poky/meta/recipes-graphics/xorg-lib/libxrandr_1.5.3.bb
rename to poky/meta/recipes-graphics/xorg-lib/libxrandr_1.5.4.bb
index 98572bd..3e2825b 100644
--- a/poky/meta/recipes-graphics/xorg-lib/libxrandr_1.5.3.bb
+++ b/poky/meta/recipes-graphics/xorg-lib/libxrandr_1.5.4.bb
@@ -19,4 +19,4 @@
 
 BBCLASSEXTEND = "native nativesdk"
 
-SRC_URI[sha256sum] = "897639014a78e1497704d669c5dd5682d721931a4452c89a7ba62676064eb428"
+SRC_URI[sha256sum] = "1ad5b065375f4a85915aa60611cc6407c060492a214d7f9daf214be752c3b4d3"
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index 085fcaf..22f7d9a 100644
--- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -116,7 +116,6 @@
 
 EXTRA_OEMESON += " \
                  -Dxnest=false \
-                 -Dxvfb=true \
                  -Ddtrace=false \
                  -Dint10=x86emu \
                  -Dxkb_output_dir=/var/lib/xkb \
@@ -138,6 +137,7 @@
 PACKAGECONFIG[unwind] = "-Dlibunwind=true,-Dlibunwind=false,libunwind"
 PACKAGECONFIG[systemd-logind] = "-Dsystemd_logind=true,-Dsystemd_logind=false,dbus,"
 PACKAGECONFIG[xinerama] = "-Dxinerama=true,-Dxinerama=false"
+PACKAGECONFIG[xvfb] = "-Dxvfb=true,-Dxvfb=false"
 
 # Xorg requires a SHA1 implementation, pick one
 XORG_CRYPTO ??= "openssl"
@@ -175,3 +175,5 @@
     d.appendVar("RPROVIDES:" + pn, " " + get_abi("input"))
     d.appendVar("RPROVIDES:" + pn, " " + get_abi("video"))
 }
+
+CVE_STATUS[CVE-2023-5574] = "${@bb.utils.contains('PACKAGECONFIG', 'xvfb', '', 'not-applicable-config: specific to Xvfb', d)}"
diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb
index 16cf8e2..9347cde 100644
--- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb
+++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb
@@ -263,9 +263,7 @@
 PACKAGES =+ "${PN}-amphion-vpu-license ${PN}-amphion-vpu \
              ${PN}-cw1200-license ${PN}-cw1200 \
              ${PN}-ralink-license ${PN}-ralink \
-             ${PN}-mt7601u-license ${PN}-mt7601u \
-             ${PN}-mt7650-license ${PN}-mt7650 \
-             ${PN}-mt76x2-license ${PN}-mt76x2 \
+             ${PN}-mt76x-license ${PN}-mt7601u ${PN}-mt7650 ${PN}-mt76x2 \
              ${PN}-radeon-license ${PN}-radeon \
              ${PN}-amdgpu-license ${PN}-amdgpu \
              ${PN}-marvell-license ${PN}-pcie8897 ${PN}-pcie8997 \
@@ -507,43 +505,36 @@
 RDEPENDS:${PN}-ralink += "${PN}-ralink-license"
 
 # For mediatek MT7601U
-LICENSE:${PN}-mt7601u = "Firmware-ralink_a_mediatek_company_firmware"
-LICENSE:${PN}-mt7601u-license = "Firmware-ralink_a_mediatek_company_firmware"
+LICENSE:${PN}-mt76x-license = "Firmware-ralink_a_mediatek_company_firmware"
+FILES:${PN}-mt76x-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware"
 
-FILES:${PN}-mt7601u-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware"
+LICENSE:${PN}-mt7601u = "Firmware-ralink_a_mediatek_company_firmware"
+
 FILES:${PN}-mt7601u = " \
   ${nonarch_base_libdir}/firmware/mediatek/mt7601u.bin \
   ${nonarch_base_libdir}/firmware/mt7601u.bin \
 "
-RDEPENDS:${PN}-mt7601u += "${PN}-mt7601u-license"
+RDEPENDS:${PN}-mt7601u += "${PN}-mt76x-license"
 
 # For MediaTek Bluetooth USB driver 7650
 LICENSE:${PN}-mt7650 = "Firmware-ralink_a_mediatek_company_firmware"
-LICENSE:${PN}-mt7650-license = "Firmware-ralink_a_mediatek_company_firmware"
 
-FILES:${PN}-mt7650-license = " \
-  ${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware \
-"
 FILES:${PN}-mt7650 = " \
   ${nonarch_base_libdir}/firmware/mediatek/mt7650.bin \
   ${nonarch_base_libdir}/firmware/mt7650.bin \
 "
-RDEPENDS:${PN}-mt7650 += "${PN}-mt7650-license"
+RDEPENDS:${PN}-mt7650 += "${PN}-mt76x-license"
 
 # For MediaTek MT76x2 Wireless MACs
 LICENSE:${PN}-mt76x2 = "Firmware-ralink_a_mediatek_company_firmware"
-LICENSE:${PN}-mt76x2-license = "Firmware-ralink_a_mediatek_company_firmware"
 
-FILES:${PN}-mt76x2-license = " \
-  ${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware \
-"
 FILES:${PN}-mt76x2 = " \
   ${nonarch_base_libdir}/firmware/mediatek/mt7662.bin \
   ${nonarch_base_libdir}/firmware/mt7662.bin \
   ${nonarch_base_libdir}/firmware/mediatek/mt7662_rom_patch.bin \
   ${nonarch_base_libdir}/firmware/mt7662_rom_patch.bin \
 "
-RDEPENDS:${PN}-mt76x2 += "${PN}-mt76x2-license"
+RDEPENDS:${PN}-mt76x2 += "${PN}-mt76x-license"
 
 # For MediaTek
 LICENSE:${PN}-mediatek = "Firmware-mediatek"
diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
deleted file mode 100644
index 8d34583..0000000
--- a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ /dev/null
@@ -1,5172 +0,0 @@
-
-# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-01-03 21:24:21.156991+00:00 for version 6.1.70
-
-python check_kernel_cve_status_version() {
-    this_version = "6.1.70"
-    kernel_version = d.getVar("LINUX_VERSION")
-    if kernel_version != this_version:
-        bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
-}
-do_cve_check[prefuncs] += "check_kernel_cve_status_version"
-
-CVE_STATUS[CVE-2003-1604] = "fixed-version: Fixed from version 2.6.12rc2"
-
-CVE_STATUS[CVE-2004-0230] = "fixed-version: Fixed from version 3.6rc1"
-
-# CVE-2005-3660 has no known resolution
-
-CVE_STATUS[CVE-2006-3635] = "fixed-version: Fixed from version 2.6.26rc5"
-
-CVE_STATUS[CVE-2006-5331] = "fixed-version: Fixed from version 2.6.19rc3"
-
-CVE_STATUS[CVE-2006-6128] = "fixed-version: Fixed from version 2.6.19rc2"
-
-# CVE-2007-3719 has no known resolution
-
-CVE_STATUS[CVE-2007-4774] = "fixed-version: Fixed from version 2.6.12rc2"
-
-CVE_STATUS[CVE-2007-6761] = "fixed-version: Fixed from version 2.6.24rc6"
-
-CVE_STATUS[CVE-2007-6762] = "fixed-version: Fixed from version 2.6.20rc5"
-
-# CVE-2008-2544 has no known resolution
-
-# CVE-2008-4609 has no known resolution
-
-CVE_STATUS[CVE-2008-7316] = "fixed-version: Fixed from version 2.6.25rc1"
-
-CVE_STATUS[CVE-2009-2692] = "fixed-version: Fixed from version 2.6.31rc6"
-
-CVE_STATUS[CVE-2010-0008] = "fixed-version: Fixed from version 2.6.23rc9"
-
-CVE_STATUS[CVE-2010-3432] = "fixed-version: Fixed from version 2.6.36rc5"
-
-# CVE-2010-4563 has no known resolution
-
-CVE_STATUS[CVE-2010-4648] = "fixed-version: Fixed from version 2.6.37rc6"
-
-CVE_STATUS[CVE-2010-5313] = "fixed-version: Fixed from version 2.6.38rc1"
-
-# CVE-2010-5321 has no known resolution
-
-CVE_STATUS[CVE-2010-5328] = "fixed-version: Fixed from version 2.6.35rc1"
-
-CVE_STATUS[CVE-2010-5329] = "fixed-version: Fixed from version 2.6.39rc1"
-
-CVE_STATUS[CVE-2010-5331] = "fixed-version: Fixed from version 2.6.34rc7"
-
-CVE_STATUS[CVE-2010-5332] = "fixed-version: Fixed from version 2.6.37rc1"
-
-CVE_STATUS[CVE-2011-4098] = "fixed-version: Fixed from version 3.2rc1"
-
-CVE_STATUS[CVE-2011-4131] = "fixed-version: Fixed from version 3.3rc1"
-
-CVE_STATUS[CVE-2011-4915] = "fixed-version: Fixed from version 3.2rc1"
-
-# CVE-2011-4916 has no known resolution
-
-# CVE-2011-4917 has no known resolution
-
-CVE_STATUS[CVE-2011-5321] = "fixed-version: Fixed from version 3.2rc1"
-
-CVE_STATUS[CVE-2011-5327] = "fixed-version: Fixed from version 3.1rc1"
-
-CVE_STATUS[CVE-2012-0957] = "fixed-version: Fixed from version 3.7rc2"
-
-CVE_STATUS[CVE-2012-2119] = "fixed-version: Fixed from version 3.5rc1"
-
-CVE_STATUS[CVE-2012-2136] = "fixed-version: Fixed from version 3.5rc1"
-
-CVE_STATUS[CVE-2012-2137] = "fixed-version: Fixed from version 3.5rc2"
-
-CVE_STATUS[CVE-2012-2313] = "fixed-version: Fixed from version 3.4rc6"
-
-CVE_STATUS[CVE-2012-2319] = "fixed-version: Fixed from version 3.4rc6"
-
-CVE_STATUS[CVE-2012-2372] = "fixed-version: Fixed from version 3.13rc4"
-
-CVE_STATUS[CVE-2012-2375] = "fixed-version: Fixed from version 3.4rc1"
-
-CVE_STATUS[CVE-2012-2390] = "fixed-version: Fixed from version 3.5rc1"
-
-CVE_STATUS[CVE-2012-2669] = "fixed-version: Fixed from version 3.5rc4"
-
-CVE_STATUS[CVE-2012-2744] = "fixed-version: Fixed from version 2.6.34rc1"
-
-CVE_STATUS[CVE-2012-2745] = "fixed-version: Fixed from version 3.4rc3"
-
-CVE_STATUS[CVE-2012-3364] = "fixed-version: Fixed from version 3.5rc6"
-
-CVE_STATUS[CVE-2012-3375] = "fixed-version: Fixed from version 3.4rc5"
-
-CVE_STATUS[CVE-2012-3400] = "fixed-version: Fixed from version 3.5rc5"
-
-CVE_STATUS[CVE-2012-3412] = "fixed-version: Fixed from version 3.6rc2"
-
-CVE_STATUS[CVE-2012-3430] = "fixed-version: Fixed from version 3.6rc1"
-
-CVE_STATUS[CVE-2012-3510] = "fixed-version: Fixed from version 2.6.19rc4"
-
-CVE_STATUS[CVE-2012-3511] = "fixed-version: Fixed from version 3.5rc6"
-
-CVE_STATUS[CVE-2012-3520] = "fixed-version: Fixed from version 3.6rc3"
-
-CVE_STATUS[CVE-2012-3552] = "fixed-version: Fixed from version 3.0rc1"
-
-# Skipping CVE-2012-4220, no affected_versions
-
-# Skipping CVE-2012-4221, no affected_versions
-
-# Skipping CVE-2012-4222, no affected_versions
-
-CVE_STATUS[CVE-2012-4398] = "fixed-version: Fixed from version 3.4rc1"
-
-CVE_STATUS[CVE-2012-4444] = "fixed-version: Fixed from version 2.6.36rc4"
-
-CVE_STATUS[CVE-2012-4461] = "fixed-version: Fixed from version 3.7rc6"
-
-CVE_STATUS[CVE-2012-4467] = "fixed-version: Fixed from version 3.6rc5"
-
-CVE_STATUS[CVE-2012-4508] = "fixed-version: Fixed from version 3.7rc3"
-
-CVE_STATUS[CVE-2012-4530] = "fixed-version: Fixed from version 3.8rc1"
-
-# CVE-2012-4542 has no known resolution
-
-CVE_STATUS[CVE-2012-4565] = "fixed-version: Fixed from version 3.7rc4"
-
-CVE_STATUS[CVE-2012-5374] = "fixed-version: Fixed from version 3.8rc1"
-
-CVE_STATUS[CVE-2012-5375] = "fixed-version: Fixed from version 3.8rc1"
-
-CVE_STATUS[CVE-2012-5517] = "fixed-version: Fixed from version 3.6rc1"
-
-CVE_STATUS[CVE-2012-6536] = "fixed-version: Fixed from version 3.6rc7"
-
-CVE_STATUS[CVE-2012-6537] = "fixed-version: Fixed from version 3.6rc7"
-
-CVE_STATUS[CVE-2012-6538] = "fixed-version: Fixed from version 3.6rc7"
-
-CVE_STATUS[CVE-2012-6539] = "fixed-version: Fixed from version 3.6rc3"
-
-CVE_STATUS[CVE-2012-6540] = "fixed-version: Fixed from version 3.6rc3"
-
-CVE_STATUS[CVE-2012-6541] = "fixed-version: Fixed from version 3.6rc3"
-
-CVE_STATUS[CVE-2012-6542] = "fixed-version: Fixed from version 3.6rc3"
-
-CVE_STATUS[CVE-2012-6543] = "fixed-version: Fixed from version 3.6rc3"
-
-CVE_STATUS[CVE-2012-6544] = "fixed-version: Fixed from version 3.6rc3"
-
-CVE_STATUS[CVE-2012-6545] = "fixed-version: Fixed from version 3.6rc3"
-
-CVE_STATUS[CVE-2012-6546] = "fixed-version: Fixed from version 3.6rc3"
-
-CVE_STATUS[CVE-2012-6547] = "fixed-version: Fixed from version 3.6rc1"
-
-CVE_STATUS[CVE-2012-6548] = "fixed-version: Fixed from version 3.6rc1"
-
-CVE_STATUS[CVE-2012-6549] = "fixed-version: Fixed from version 3.6rc1"
-
-CVE_STATUS[CVE-2012-6638] = "fixed-version: Fixed from version 3.3rc1"
-
-CVE_STATUS[CVE-2012-6647] = "fixed-version: Fixed from version 3.6rc2"
-
-CVE_STATUS[CVE-2012-6657] = "fixed-version: Fixed from version 3.6"
-
-CVE_STATUS[CVE-2012-6689] = "fixed-version: Fixed from version 3.6rc5"
-
-CVE_STATUS[CVE-2012-6701] = "fixed-version: Fixed from version 3.5rc1"
-
-CVE_STATUS[CVE-2012-6703] = "fixed-version: Fixed from version 3.7rc1"
-
-CVE_STATUS[CVE-2012-6704] = "fixed-version: Fixed from version 3.5rc1"
-
-CVE_STATUS[CVE-2012-6712] = "fixed-version: Fixed from version 3.4rc1"
-
-CVE_STATUS[CVE-2013-0160] = "fixed-version: Fixed from version 3.9rc1"
-
-CVE_STATUS[CVE-2013-0190] = "fixed-version: Fixed from version 3.8rc5"
-
-CVE_STATUS[CVE-2013-0216] = "fixed-version: Fixed from version 3.8rc7"
-
-CVE_STATUS[CVE-2013-0217] = "fixed-version: Fixed from version 3.8rc7"
-
-CVE_STATUS[CVE-2013-0228] = "fixed-version: Fixed from version 3.8"
-
-CVE_STATUS[CVE-2013-0231] = "fixed-version: Fixed from version 3.8rc7"
-
-CVE_STATUS[CVE-2013-0268] = "fixed-version: Fixed from version 3.8rc6"
-
-CVE_STATUS[CVE-2013-0290] = "fixed-version: Fixed from version 3.8"
-
-CVE_STATUS[CVE-2013-0309] = "fixed-version: Fixed from version 3.7rc1"
-
-CVE_STATUS[CVE-2013-0310] = "fixed-version: Fixed from version 3.5"
-
-CVE_STATUS[CVE-2013-0311] = "fixed-version: Fixed from version 3.7rc8"
-
-CVE_STATUS[CVE-2013-0313] = "fixed-version: Fixed from version 3.8rc5"
-
-CVE_STATUS[CVE-2013-0343] = "fixed-version: Fixed from version 3.11rc7"
-
-CVE_STATUS[CVE-2013-0349] = "fixed-version: Fixed from version 3.8rc6"
-
-CVE_STATUS[CVE-2013-0871] = "fixed-version: Fixed from version 3.8rc5"
-
-CVE_STATUS[CVE-2013-0913] = "fixed-version: Fixed from version 3.9rc4"
-
-CVE_STATUS[CVE-2013-0914] = "fixed-version: Fixed from version 3.9rc3"
-
-CVE_STATUS[CVE-2013-1059] = "fixed-version: Fixed from version 3.11rc1"
-
-CVE_STATUS[CVE-2013-1763] = "fixed-version: Fixed from version 3.9rc1"
-
-CVE_STATUS[CVE-2013-1767] = "fixed-version: Fixed from version 3.9rc1"
-
-CVE_STATUS[CVE-2013-1772] = "fixed-version: Fixed from version 3.5rc1"
-
-CVE_STATUS[CVE-2013-1773] = "fixed-version: Fixed from version 3.3rc1"
-
-CVE_STATUS[CVE-2013-1774] = "fixed-version: Fixed from version 3.8rc5"
-
-CVE_STATUS[CVE-2013-1792] = "fixed-version: Fixed from version 3.9rc3"
-
-CVE_STATUS[CVE-2013-1796] = "fixed-version: Fixed from version 3.9rc4"
-
-CVE_STATUS[CVE-2013-1797] = "fixed-version: Fixed from version 3.9rc4"
-
-CVE_STATUS[CVE-2013-1798] = "fixed-version: Fixed from version 3.9rc4"
-
-CVE_STATUS[CVE-2013-1819] = "fixed-version: Fixed from version 3.8rc6"
-
-CVE_STATUS[CVE-2013-1826] = "fixed-version: Fixed from version 3.6rc7"
-
-CVE_STATUS[CVE-2013-1827] = "fixed-version: Fixed from version 3.6rc3"
-
-CVE_STATUS[CVE-2013-1828] = "fixed-version: Fixed from version 3.9rc2"
-
-CVE_STATUS[CVE-2013-1848] = "fixed-version: Fixed from version 3.9rc3"
-
-CVE_STATUS[CVE-2013-1858] = "fixed-version: Fixed from version 3.9rc3"
-
-CVE_STATUS[CVE-2013-1860] = "fixed-version: Fixed from version 3.9rc3"
-
-CVE_STATUS[CVE-2013-1928] = "fixed-version: Fixed from version 3.7rc3"
-
-CVE_STATUS[CVE-2013-1929] = "fixed-version: Fixed from version 3.9rc6"
-
-# Skipping CVE-2013-1935, no affected_versions
-
-CVE_STATUS[CVE-2013-1943] = "fixed-version: Fixed from version 3.0rc1"
-
-CVE_STATUS[CVE-2013-1956] = "fixed-version: Fixed from version 3.9rc5"
-
-CVE_STATUS[CVE-2013-1957] = "fixed-version: Fixed from version 3.9rc5"
-
-CVE_STATUS[CVE-2013-1958] = "fixed-version: Fixed from version 3.9rc5"
-
-CVE_STATUS[CVE-2013-1959] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-1979] = "fixed-version: Fixed from version 3.9rc8"
-
-CVE_STATUS[CVE-2013-2015] = "fixed-version: Fixed from version 3.8rc2"
-
-CVE_STATUS[CVE-2013-2017] = "fixed-version: Fixed from version 2.6.34"
-
-CVE_STATUS[CVE-2013-2058] = "fixed-version: Fixed from version 3.8rc4"
-
-CVE_STATUS[CVE-2013-2094] = "fixed-version: Fixed from version 3.9rc8"
-
-CVE_STATUS[CVE-2013-2128] = "fixed-version: Fixed from version 2.6.34rc4"
-
-CVE_STATUS[CVE-2013-2140] = "fixed-version: Fixed from version 3.11rc3"
-
-CVE_STATUS[CVE-2013-2141] = "fixed-version: Fixed from version 3.9rc8"
-
-CVE_STATUS[CVE-2013-2146] = "fixed-version: Fixed from version 3.9rc8"
-
-CVE_STATUS[CVE-2013-2147] = "fixed-version: Fixed from version 3.12rc3"
-
-CVE_STATUS[CVE-2013-2148] = "fixed-version: Fixed from version 3.11rc1"
-
-CVE_STATUS[CVE-2013-2164] = "fixed-version: Fixed from version 3.11rc1"
-
-# Skipping CVE-2013-2188, no affected_versions
-
-CVE_STATUS[CVE-2013-2206] = "fixed-version: Fixed from version 3.9rc4"
-
-# Skipping CVE-2013-2224, no affected_versions
-
-CVE_STATUS[CVE-2013-2232] = "fixed-version: Fixed from version 3.10"
-
-CVE_STATUS[CVE-2013-2234] = "fixed-version: Fixed from version 3.10"
-
-CVE_STATUS[CVE-2013-2237] = "fixed-version: Fixed from version 3.9rc6"
-
-# Skipping CVE-2013-2239, no affected_versions
-
-CVE_STATUS[CVE-2013-2546] = "fixed-version: Fixed from version 3.9rc1"
-
-CVE_STATUS[CVE-2013-2547] = "fixed-version: Fixed from version 3.9rc1"
-
-CVE_STATUS[CVE-2013-2548] = "fixed-version: Fixed from version 3.9rc1"
-
-CVE_STATUS[CVE-2013-2596] = "fixed-version: Fixed from version 3.9rc8"
-
-CVE_STATUS[CVE-2013-2634] = "fixed-version: Fixed from version 3.9rc3"
-
-CVE_STATUS[CVE-2013-2635] = "fixed-version: Fixed from version 3.9rc3"
-
-CVE_STATUS[CVE-2013-2636] = "fixed-version: Fixed from version 3.9rc3"
-
-CVE_STATUS[CVE-2013-2850] = "fixed-version: Fixed from version 3.10rc4"
-
-CVE_STATUS[CVE-2013-2851] = "fixed-version: Fixed from version 3.11rc1"
-
-CVE_STATUS[CVE-2013-2852] = "fixed-version: Fixed from version 3.10rc6"
-
-CVE_STATUS[CVE-2013-2888] = "fixed-version: Fixed from version 3.12rc1"
-
-CVE_STATUS[CVE-2013-2889] = "fixed-version: Fixed from version 3.12rc2"
-
-CVE_STATUS[CVE-2013-2890] = "fixed-version: Fixed from version 3.12rc2"
-
-CVE_STATUS[CVE-2013-2891] = "fixed-version: Fixed from version 3.12rc2"
-
-CVE_STATUS[CVE-2013-2892] = "fixed-version: Fixed from version 3.12rc1"
-
-CVE_STATUS[CVE-2013-2893] = "fixed-version: Fixed from version 3.12rc2"
-
-CVE_STATUS[CVE-2013-2894] = "fixed-version: Fixed from version 3.12rc2"
-
-CVE_STATUS[CVE-2013-2895] = "fixed-version: Fixed from version 3.12rc2"
-
-CVE_STATUS[CVE-2013-2896] = "fixed-version: Fixed from version 3.12rc1"
-
-CVE_STATUS[CVE-2013-2897] = "fixed-version: Fixed from version 3.12rc2"
-
-CVE_STATUS[CVE-2013-2898] = "fixed-version: Fixed from version 3.12rc1"
-
-CVE_STATUS[CVE-2013-2899] = "fixed-version: Fixed from version 3.12rc1"
-
-CVE_STATUS[CVE-2013-2929] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-2930] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-3076] = "fixed-version: Fixed from version 3.9"
-
-CVE_STATUS[CVE-2013-3222] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3223] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3224] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3225] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3226] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3227] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3228] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3229] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3230] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3231] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3232] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3233] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3234] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3235] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3236] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3237] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3301] = "fixed-version: Fixed from version 3.9rc7"
-
-CVE_STATUS[CVE-2013-3302] = "fixed-version: Fixed from version 3.8rc3"
-
-CVE_STATUS[CVE-2013-4125] = "fixed-version: Fixed from version 3.11rc1"
-
-CVE_STATUS[CVE-2013-4127] = "fixed-version: Fixed from version 3.11rc1"
-
-CVE_STATUS[CVE-2013-4129] = "fixed-version: Fixed from version 3.11rc1"
-
-CVE_STATUS[CVE-2013-4162] = "fixed-version: Fixed from version 3.11rc1"
-
-CVE_STATUS[CVE-2013-4163] = "fixed-version: Fixed from version 3.11rc1"
-
-CVE_STATUS[CVE-2013-4205] = "fixed-version: Fixed from version 3.11rc5"
-
-CVE_STATUS[CVE-2013-4220] = "fixed-version: Fixed from version 3.10rc4"
-
-CVE_STATUS[CVE-2013-4247] = "fixed-version: Fixed from version 3.10rc5"
-
-CVE_STATUS[CVE-2013-4254] = "fixed-version: Fixed from version 3.11rc6"
-
-CVE_STATUS[CVE-2013-4270] = "fixed-version: Fixed from version 3.12rc4"
-
-CVE_STATUS[CVE-2013-4299] = "fixed-version: Fixed from version 3.12rc6"
-
-CVE_STATUS[CVE-2013-4300] = "fixed-version: Fixed from version 3.11"
-
-CVE_STATUS[CVE-2013-4312] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2013-4343] = "fixed-version: Fixed from version 3.12rc2"
-
-CVE_STATUS[CVE-2013-4345] = "fixed-version: Fixed from version 3.13rc2"
-
-CVE_STATUS[CVE-2013-4348] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-4350] = "fixed-version: Fixed from version 3.12rc2"
-
-CVE_STATUS[CVE-2013-4387] = "fixed-version: Fixed from version 3.12rc4"
-
-CVE_STATUS[CVE-2013-4470] = "fixed-version: Fixed from version 3.12rc7"
-
-CVE_STATUS[CVE-2013-4483] = "fixed-version: Fixed from version 3.10rc1"
-
-CVE_STATUS[CVE-2013-4511] = "fixed-version: Fixed from version 3.12"
-
-CVE_STATUS[CVE-2013-4512] = "fixed-version: Fixed from version 3.12"
-
-CVE_STATUS[CVE-2013-4513] = "fixed-version: Fixed from version 3.12"
-
-CVE_STATUS[CVE-2013-4514] = "fixed-version: Fixed from version 3.12"
-
-CVE_STATUS[CVE-2013-4515] = "fixed-version: Fixed from version 3.12"
-
-CVE_STATUS[CVE-2013-4516] = "fixed-version: Fixed from version 3.12"
-
-CVE_STATUS[CVE-2013-4563] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-4579] = "fixed-version: Fixed from version 3.13rc7"
-
-CVE_STATUS[CVE-2013-4587] = "fixed-version: Fixed from version 3.13rc4"
-
-CVE_STATUS[CVE-2013-4588] = "fixed-version: Fixed from version 2.6.33rc4"
-
-CVE_STATUS[CVE-2013-4591] = "fixed-version: Fixed from version 3.8rc1"
-
-CVE_STATUS[CVE-2013-4592] = "fixed-version: Fixed from version 3.7rc1"
-
-# Skipping CVE-2013-4737, no affected_versions
-
-# Skipping CVE-2013-4738, no affected_versions
-
-# Skipping CVE-2013-4739, no affected_versions
-
-CVE_STATUS[CVE-2013-5634] = "fixed-version: Fixed from version 3.10rc5"
-
-CVE_STATUS[CVE-2013-6282] = "fixed-version: Fixed from version 3.6rc6"
-
-CVE_STATUS[CVE-2013-6367] = "fixed-version: Fixed from version 3.13rc4"
-
-CVE_STATUS[CVE-2013-6368] = "fixed-version: Fixed from version 3.13rc4"
-
-CVE_STATUS[CVE-2013-6376] = "fixed-version: Fixed from version 3.13rc4"
-
-CVE_STATUS[CVE-2013-6378] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-6380] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-6381] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-6382] = "fixed-version: Fixed from version 3.13rc4"
-
-CVE_STATUS[CVE-2013-6383] = "fixed-version: Fixed from version 3.12"
-
-# Skipping CVE-2013-6392, no affected_versions
-
-CVE_STATUS[CVE-2013-6431] = "fixed-version: Fixed from version 3.12rc1"
-
-CVE_STATUS[CVE-2013-6432] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-6885] = "fixed-version: Fixed from version 3.14rc1"
-
-CVE_STATUS[CVE-2013-7026] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-7027] = "fixed-version: Fixed from version 3.12rc7"
-
-CVE_STATUS[CVE-2013-7263] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-7264] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-7265] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-7266] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-7267] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-7268] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-7269] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-7270] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-7271] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-7281] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-7339] = "fixed-version: Fixed from version 3.13rc7"
-
-CVE_STATUS[CVE-2013-7348] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2013-7421] = "fixed-version: Fixed from version 3.19rc1"
-
-# CVE-2013-7445 has no known resolution
-
-CVE_STATUS[CVE-2013-7446] = "fixed-version: Fixed from version 4.4rc4"
-
-CVE_STATUS[CVE-2013-7470] = "fixed-version: Fixed from version 3.12rc7"
-
-CVE_STATUS[CVE-2014-0038] = "fixed-version: Fixed from version 3.14rc1"
-
-CVE_STATUS[CVE-2014-0049] = "fixed-version: Fixed from version 3.14rc5"
-
-CVE_STATUS[CVE-2014-0055] = "fixed-version: Fixed from version 3.14"
-
-CVE_STATUS[CVE-2014-0069] = "fixed-version: Fixed from version 3.14rc4"
-
-CVE_STATUS[CVE-2014-0077] = "fixed-version: Fixed from version 3.14"
-
-CVE_STATUS[CVE-2014-0100] = "fixed-version: Fixed from version 3.14rc7"
-
-CVE_STATUS[CVE-2014-0101] = "fixed-version: Fixed from version 3.14rc6"
-
-CVE_STATUS[CVE-2014-0102] = "fixed-version: Fixed from version 3.14rc6"
-
-CVE_STATUS[CVE-2014-0131] = "fixed-version: Fixed from version 3.14rc7"
-
-CVE_STATUS[CVE-2014-0155] = "fixed-version: Fixed from version 3.15rc2"
-
-CVE_STATUS[CVE-2014-0181] = "fixed-version: Fixed from version 3.15rc5"
-
-CVE_STATUS[CVE-2014-0196] = "fixed-version: Fixed from version 3.15rc5"
-
-CVE_STATUS[CVE-2014-0203] = "fixed-version: Fixed from version 2.6.33rc5"
-
-CVE_STATUS[CVE-2014-0205] = "fixed-version: Fixed from version 2.6.37rc1"
-
-CVE_STATUS[CVE-2014-0206] = "fixed-version: Fixed from version 3.16rc3"
-
-# Skipping CVE-2014-0972, no affected_versions
-
-CVE_STATUS[CVE-2014-1438] = "fixed-version: Fixed from version 3.13"
-
-CVE_STATUS[CVE-2014-1444] = "fixed-version: Fixed from version 3.12rc7"
-
-CVE_STATUS[CVE-2014-1445] = "fixed-version: Fixed from version 3.12rc7"
-
-CVE_STATUS[CVE-2014-1446] = "fixed-version: Fixed from version 3.13rc7"
-
-CVE_STATUS[CVE-2014-1690] = "fixed-version: Fixed from version 3.13rc8"
-
-CVE_STATUS[CVE-2014-1737] = "fixed-version: Fixed from version 3.15rc5"
-
-CVE_STATUS[CVE-2014-1738] = "fixed-version: Fixed from version 3.15rc5"
-
-CVE_STATUS[CVE-2014-1739] = "fixed-version: Fixed from version 3.15rc6"
-
-CVE_STATUS[CVE-2014-1874] = "fixed-version: Fixed from version 3.14rc2"
-
-CVE_STATUS[CVE-2014-2038] = "fixed-version: Fixed from version 3.14rc1"
-
-CVE_STATUS[CVE-2014-2039] = "fixed-version: Fixed from version 3.14rc3"
-
-CVE_STATUS[CVE-2014-2309] = "fixed-version: Fixed from version 3.14rc7"
-
-CVE_STATUS[CVE-2014-2523] = "fixed-version: Fixed from version 3.14rc1"
-
-CVE_STATUS[CVE-2014-2568] = "fixed-version: Fixed from version 3.14"
-
-CVE_STATUS[CVE-2014-2580] = "fixed-version: Fixed from version 3.15rc1"
-
-CVE_STATUS[CVE-2014-2672] = "fixed-version: Fixed from version 3.14rc6"
-
-CVE_STATUS[CVE-2014-2673] = "fixed-version: Fixed from version 3.14rc6"
-
-CVE_STATUS[CVE-2014-2678] = "fixed-version: Fixed from version 3.15rc1"
-
-CVE_STATUS[CVE-2014-2706] = "fixed-version: Fixed from version 3.14rc6"
-
-CVE_STATUS[CVE-2014-2739] = "fixed-version: Fixed from version 3.15rc1"
-
-CVE_STATUS[CVE-2014-2851] = "fixed-version: Fixed from version 3.15rc2"
-
-CVE_STATUS[CVE-2014-2889] = "fixed-version: Fixed from version 3.2rc7"
-
-CVE_STATUS[CVE-2014-3122] = "fixed-version: Fixed from version 3.15rc1"
-
-CVE_STATUS[CVE-2014-3144] = "fixed-version: Fixed from version 3.15rc2"
-
-CVE_STATUS[CVE-2014-3145] = "fixed-version: Fixed from version 3.15rc2"
-
-CVE_STATUS[CVE-2014-3153] = "fixed-version: Fixed from version 3.15"
-
-CVE_STATUS[CVE-2014-3180] = "fixed-version: Fixed from version 3.17rc4"
-
-CVE_STATUS[CVE-2014-3181] = "fixed-version: Fixed from version 3.17rc3"
-
-CVE_STATUS[CVE-2014-3182] = "fixed-version: Fixed from version 3.17rc2"
-
-CVE_STATUS[CVE-2014-3183] = "fixed-version: Fixed from version 3.17rc2"
-
-CVE_STATUS[CVE-2014-3184] = "fixed-version: Fixed from version 3.17rc2"
-
-CVE_STATUS[CVE-2014-3185] = "fixed-version: Fixed from version 3.17rc3"
-
-CVE_STATUS[CVE-2014-3186] = "fixed-version: Fixed from version 3.17rc3"
-
-# Skipping CVE-2014-3519, no affected_versions
-
-CVE_STATUS[CVE-2014-3534] = "fixed-version: Fixed from version 3.16rc7"
-
-CVE_STATUS[CVE-2014-3535] = "fixed-version: Fixed from version 2.6.36rc1"
-
-CVE_STATUS[CVE-2014-3601] = "fixed-version: Fixed from version 3.17rc2"
-
-CVE_STATUS[CVE-2014-3610] = "fixed-version: Fixed from version 3.18rc2"
-
-CVE_STATUS[CVE-2014-3611] = "fixed-version: Fixed from version 3.18rc2"
-
-CVE_STATUS[CVE-2014-3631] = "fixed-version: Fixed from version 3.17rc5"
-
-CVE_STATUS[CVE-2014-3645] = "fixed-version: Fixed from version 3.12rc1"
-
-CVE_STATUS[CVE-2014-3646] = "fixed-version: Fixed from version 3.18rc2"
-
-CVE_STATUS[CVE-2014-3647] = "fixed-version: Fixed from version 3.18rc2"
-
-CVE_STATUS[CVE-2014-3673] = "fixed-version: Fixed from version 3.18rc1"
-
-CVE_STATUS[CVE-2014-3687] = "fixed-version: Fixed from version 3.18rc1"
-
-CVE_STATUS[CVE-2014-3688] = "fixed-version: Fixed from version 3.18rc1"
-
-CVE_STATUS[CVE-2014-3690] = "fixed-version: Fixed from version 3.18rc1"
-
-CVE_STATUS[CVE-2014-3917] = "fixed-version: Fixed from version 3.16rc1"
-
-CVE_STATUS[CVE-2014-3940] = "fixed-version: Fixed from version 3.15"
-
-CVE_STATUS[CVE-2014-4014] = "fixed-version: Fixed from version 3.16rc1"
-
-CVE_STATUS[CVE-2014-4027] = "fixed-version: Fixed from version 3.14rc1"
-
-CVE_STATUS[CVE-2014-4157] = "fixed-version: Fixed from version 3.15rc1"
-
-CVE_STATUS[CVE-2014-4171] = "fixed-version: Fixed from version 3.16rc3"
-
-# Skipping CVE-2014-4322, no affected_versions
-
-# Skipping CVE-2014-4323, no affected_versions
-
-CVE_STATUS[CVE-2014-4508] = "fixed-version: Fixed from version 3.16rc3"
-
-CVE_STATUS[CVE-2014-4608] = "fixed-version: Fixed from version 3.18rc1"
-
-CVE_STATUS[CVE-2014-4611] = "fixed-version: Fixed from version 3.16rc3"
-
-CVE_STATUS[CVE-2014-4652] = "fixed-version: Fixed from version 3.16rc2"
-
-CVE_STATUS[CVE-2014-4653] = "fixed-version: Fixed from version 3.16rc2"
-
-CVE_STATUS[CVE-2014-4654] = "fixed-version: Fixed from version 3.16rc2"
-
-CVE_STATUS[CVE-2014-4655] = "fixed-version: Fixed from version 3.16rc2"
-
-CVE_STATUS[CVE-2014-4656] = "fixed-version: Fixed from version 3.16rc2"
-
-CVE_STATUS[CVE-2014-4667] = "fixed-version: Fixed from version 3.16rc1"
-
-CVE_STATUS[CVE-2014-4699] = "fixed-version: Fixed from version 3.16rc4"
-
-CVE_STATUS[CVE-2014-4943] = "fixed-version: Fixed from version 3.16rc6"
-
-CVE_STATUS[CVE-2014-5045] = "fixed-version: Fixed from version 3.16rc7"
-
-CVE_STATUS[CVE-2014-5077] = "fixed-version: Fixed from version 3.16"
-
-CVE_STATUS[CVE-2014-5206] = "fixed-version: Fixed from version 3.17rc1"
-
-CVE_STATUS[CVE-2014-5207] = "fixed-version: Fixed from version 3.17rc1"
-
-# Skipping CVE-2014-5332, no affected_versions
-
-CVE_STATUS[CVE-2014-5471] = "fixed-version: Fixed from version 3.17rc2"
-
-CVE_STATUS[CVE-2014-5472] = "fixed-version: Fixed from version 3.17rc2"
-
-CVE_STATUS[CVE-2014-6410] = "fixed-version: Fixed from version 3.17rc5"
-
-CVE_STATUS[CVE-2014-6416] = "fixed-version: Fixed from version 3.17rc5"
-
-CVE_STATUS[CVE-2014-6417] = "fixed-version: Fixed from version 3.17rc5"
-
-CVE_STATUS[CVE-2014-6418] = "fixed-version: Fixed from version 3.17rc5"
-
-CVE_STATUS[CVE-2014-7145] = "fixed-version: Fixed from version 3.17rc2"
-
-# Skipping CVE-2014-7207, no affected_versions
-
-CVE_STATUS[CVE-2014-7283] = "fixed-version: Fixed from version 3.15rc1"
-
-CVE_STATUS[CVE-2014-7284] = "fixed-version: Fixed from version 3.15rc7"
-
-CVE_STATUS[CVE-2014-7822] = "fixed-version: Fixed from version 3.16rc1"
-
-CVE_STATUS[CVE-2014-7825] = "fixed-version: Fixed from version 3.18rc3"
-
-CVE_STATUS[CVE-2014-7826] = "fixed-version: Fixed from version 3.18rc3"
-
-CVE_STATUS[CVE-2014-7841] = "fixed-version: Fixed from version 3.18rc5"
-
-CVE_STATUS[CVE-2014-7842] = "fixed-version: Fixed from version 3.18rc1"
-
-CVE_STATUS[CVE-2014-7843] = "fixed-version: Fixed from version 3.18rc5"
-
-CVE_STATUS[CVE-2014-7970] = "fixed-version: Fixed from version 3.18rc1"
-
-CVE_STATUS[CVE-2014-7975] = "fixed-version: Fixed from version 3.18rc1"
-
-CVE_STATUS[CVE-2014-8086] = "fixed-version: Fixed from version 3.18rc3"
-
-CVE_STATUS[CVE-2014-8133] = "fixed-version: Fixed from version 3.19rc1"
-
-CVE_STATUS[CVE-2014-8134] = "fixed-version: Fixed from version 3.19rc1"
-
-CVE_STATUS[CVE-2014-8159] = "fixed-version: Fixed from version 4.0rc7"
-
-CVE_STATUS[CVE-2014-8160] = "fixed-version: Fixed from version 3.18rc1"
-
-CVE_STATUS[CVE-2014-8171] = "fixed-version: Fixed from version 3.12rc1"
-
-CVE_STATUS[CVE-2014-8172] = "fixed-version: Fixed from version 3.13rc1"
-
-CVE_STATUS[CVE-2014-8173] = "fixed-version: Fixed from version 3.13rc5"
-
-# Skipping CVE-2014-8181, no affected_versions
-
-CVE_STATUS[CVE-2014-8369] = "fixed-version: Fixed from version 3.18rc2"
-
-CVE_STATUS[CVE-2014-8480] = "fixed-version: Fixed from version 3.18rc2"
-
-CVE_STATUS[CVE-2014-8481] = "fixed-version: Fixed from version 3.18rc2"
-
-CVE_STATUS[CVE-2014-8559] = "fixed-version: Fixed from version 3.19rc1"
-
-CVE_STATUS[CVE-2014-8709] = "fixed-version: Fixed from version 3.14rc3"
-
-CVE_STATUS[CVE-2014-8884] = "fixed-version: Fixed from version 3.18rc1"
-
-CVE_STATUS[CVE-2014-8989] = "fixed-version: Fixed from version 3.19rc1"
-
-CVE_STATUS[CVE-2014-9090] = "fixed-version: Fixed from version 3.18rc6"
-
-CVE_STATUS[CVE-2014-9322] = "fixed-version: Fixed from version 3.18rc6"
-
-CVE_STATUS[CVE-2014-9419] = "fixed-version: Fixed from version 3.19rc1"
-
-CVE_STATUS[CVE-2014-9420] = "fixed-version: Fixed from version 3.19rc1"
-
-CVE_STATUS[CVE-2014-9428] = "fixed-version: Fixed from version 3.19rc3"
-
-CVE_STATUS[CVE-2014-9529] = "fixed-version: Fixed from version 3.19rc4"
-
-CVE_STATUS[CVE-2014-9584] = "fixed-version: Fixed from version 3.19rc3"
-
-CVE_STATUS[CVE-2014-9585] = "fixed-version: Fixed from version 3.19rc4"
-
-CVE_STATUS[CVE-2014-9644] = "fixed-version: Fixed from version 3.19rc1"
-
-CVE_STATUS[CVE-2014-9683] = "fixed-version: Fixed from version 3.19rc1"
-
-CVE_STATUS[CVE-2014-9710] = "fixed-version: Fixed from version 3.19rc1"
-
-CVE_STATUS[CVE-2014-9715] = "fixed-version: Fixed from version 3.15rc1"
-
-CVE_STATUS[CVE-2014-9717] = "fixed-version: Fixed from version 4.1rc1"
-
-CVE_STATUS[CVE-2014-9728] = "fixed-version: Fixed from version 3.19rc3"
-
-CVE_STATUS[CVE-2014-9729] = "fixed-version: Fixed from version 3.19rc3"
-
-CVE_STATUS[CVE-2014-9730] = "fixed-version: Fixed from version 3.19rc3"
-
-CVE_STATUS[CVE-2014-9731] = "fixed-version: Fixed from version 3.19rc3"
-
-# Skipping CVE-2014-9777, no affected_versions
-
-# Skipping CVE-2014-9778, no affected_versions
-
-# Skipping CVE-2014-9779, no affected_versions
-
-# Skipping CVE-2014-9780, no affected_versions
-
-# Skipping CVE-2014-9781, no affected_versions
-
-# Skipping CVE-2014-9782, no affected_versions
-
-# Skipping CVE-2014-9783, no affected_versions
-
-# Skipping CVE-2014-9784, no affected_versions
-
-# Skipping CVE-2014-9785, no affected_versions
-
-# Skipping CVE-2014-9786, no affected_versions
-
-# Skipping CVE-2014-9787, no affected_versions
-
-# Skipping CVE-2014-9788, no affected_versions
-
-# Skipping CVE-2014-9789, no affected_versions
-
-CVE_STATUS[CVE-2014-9803] = "fixed-version: Fixed from version 3.16rc1"
-
-# Skipping CVE-2014-9863, no affected_versions
-
-# Skipping CVE-2014-9864, no affected_versions
-
-# Skipping CVE-2014-9865, no affected_versions
-
-# Skipping CVE-2014-9866, no affected_versions
-
-# Skipping CVE-2014-9867, no affected_versions
-
-# Skipping CVE-2014-9868, no affected_versions
-
-# Skipping CVE-2014-9869, no affected_versions
-
-CVE_STATUS[CVE-2014-9870] = "fixed-version: Fixed from version 3.11rc1"
-
-# Skipping CVE-2014-9871, no affected_versions
-
-# Skipping CVE-2014-9872, no affected_versions
-
-# Skipping CVE-2014-9873, no affected_versions
-
-# Skipping CVE-2014-9874, no affected_versions
-
-# Skipping CVE-2014-9875, no affected_versions
-
-# Skipping CVE-2014-9876, no affected_versions
-
-# Skipping CVE-2014-9877, no affected_versions
-
-# Skipping CVE-2014-9878, no affected_versions
-
-# Skipping CVE-2014-9879, no affected_versions
-
-# Skipping CVE-2014-9880, no affected_versions
-
-# Skipping CVE-2014-9881, no affected_versions
-
-# Skipping CVE-2014-9882, no affected_versions
-
-# Skipping CVE-2014-9883, no affected_versions
-
-# Skipping CVE-2014-9884, no affected_versions
-
-# Skipping CVE-2014-9885, no affected_versions
-
-# Skipping CVE-2014-9886, no affected_versions
-
-# Skipping CVE-2014-9887, no affected_versions
-
-CVE_STATUS[CVE-2014-9888] = "fixed-version: Fixed from version 3.13rc1"
-
-# Skipping CVE-2014-9889, no affected_versions
-
-# Skipping CVE-2014-9890, no affected_versions
-
-# Skipping CVE-2014-9891, no affected_versions
-
-# Skipping CVE-2014-9892, no affected_versions
-
-# Skipping CVE-2014-9893, no affected_versions
-
-# Skipping CVE-2014-9894, no affected_versions
-
-CVE_STATUS[CVE-2014-9895] = "fixed-version: Fixed from version 3.11rc1"
-
-# Skipping CVE-2014-9896, no affected_versions
-
-# Skipping CVE-2014-9897, no affected_versions
-
-# Skipping CVE-2014-9898, no affected_versions
-
-# Skipping CVE-2014-9899, no affected_versions
-
-# Skipping CVE-2014-9900, no affected_versions
-
-CVE_STATUS[CVE-2014-9903] = "fixed-version: Fixed from version 3.14rc4"
-
-CVE_STATUS[CVE-2014-9904] = "fixed-version: Fixed from version 3.17rc1"
-
-CVE_STATUS[CVE-2014-9914] = "fixed-version: Fixed from version 3.16rc1"
-
-CVE_STATUS[CVE-2014-9922] = "fixed-version: Fixed from version 3.18rc2"
-
-CVE_STATUS[CVE-2014-9940] = "fixed-version: Fixed from version 3.19rc1"
-
-CVE_STATUS[CVE-2015-0239] = "fixed-version: Fixed from version 3.19rc6"
-
-CVE_STATUS[CVE-2015-0274] = "fixed-version: Fixed from version 3.15rc5"
-
-CVE_STATUS[CVE-2015-0275] = "fixed-version: Fixed from version 4.1rc1"
-
-# Skipping CVE-2015-0777, no affected_versions
-
-# Skipping CVE-2015-1328, no affected_versions
-
-CVE_STATUS[CVE-2015-1333] = "fixed-version: Fixed from version 4.2rc5"
-
-CVE_STATUS[CVE-2015-1339] = "fixed-version: Fixed from version 4.4rc5"
-
-CVE_STATUS[CVE-2015-1350] = "fixed-version: Fixed from version 4.9rc1"
-
-CVE_STATUS[CVE-2015-1420] = "fixed-version: Fixed from version 4.1rc7"
-
-CVE_STATUS[CVE-2015-1421] = "fixed-version: Fixed from version 3.19rc7"
-
-CVE_STATUS[CVE-2015-1465] = "fixed-version: Fixed from version 3.19rc7"
-
-CVE_STATUS[CVE-2015-1573] = "fixed-version: Fixed from version 3.19rc5"
-
-CVE_STATUS[CVE-2015-1593] = "fixed-version: Fixed from version 4.0rc1"
-
-CVE_STATUS[CVE-2015-1805] = "fixed-version: Fixed from version 3.16rc1"
-
-CVE_STATUS[CVE-2015-2041] = "fixed-version: Fixed from version 3.19rc7"
-
-CVE_STATUS[CVE-2015-2042] = "fixed-version: Fixed from version 3.19"
-
-CVE_STATUS[CVE-2015-2150] = "fixed-version: Fixed from version 4.0rc4"
-
-CVE_STATUS[CVE-2015-2666] = "fixed-version: Fixed from version 4.0rc1"
-
-CVE_STATUS[CVE-2015-2672] = "fixed-version: Fixed from version 4.0rc3"
-
-CVE_STATUS[CVE-2015-2686] = "fixed-version: Fixed from version 4.0rc6"
-
-CVE_STATUS[CVE-2015-2830] = "fixed-version: Fixed from version 4.0rc3"
-
-# CVE-2015-2877 has no known resolution
-
-CVE_STATUS[CVE-2015-2922] = "fixed-version: Fixed from version 4.0rc7"
-
-CVE_STATUS[CVE-2015-2925] = "fixed-version: Fixed from version 4.3rc1"
-
-CVE_STATUS[CVE-2015-3212] = "fixed-version: Fixed from version 4.2rc1"
-
-CVE_STATUS[CVE-2015-3214] = "fixed-version: Fixed from version 2.6.33rc8"
-
-CVE_STATUS[CVE-2015-3288] = "fixed-version: Fixed from version 4.2rc2"
-
-CVE_STATUS[CVE-2015-3290] = "fixed-version: Fixed from version 4.2rc3"
-
-CVE_STATUS[CVE-2015-3291] = "fixed-version: Fixed from version 4.2rc3"
-
-CVE_STATUS[CVE-2015-3331] = "fixed-version: Fixed from version 4.0rc5"
-
-# Skipping CVE-2015-3332, no affected_versions
-
-CVE_STATUS[CVE-2015-3339] = "fixed-version: Fixed from version 4.1rc1"
-
-CVE_STATUS[CVE-2015-3636] = "fixed-version: Fixed from version 4.1rc2"
-
-CVE_STATUS[CVE-2015-4001] = "fixed-version: Fixed from version 4.1rc7"
-
-CVE_STATUS[CVE-2015-4002] = "fixed-version: Fixed from version 4.1rc7"
-
-CVE_STATUS[CVE-2015-4003] = "fixed-version: Fixed from version 4.1rc7"
-
-CVE_STATUS[CVE-2015-4004] = "fixed-version: Fixed from version 4.3rc1"
-
-CVE_STATUS[CVE-2015-4036] = "fixed-version: Fixed from version 4.0rc1"
-
-CVE_STATUS[CVE-2015-4167] = "fixed-version: Fixed from version 4.0rc1"
-
-CVE_STATUS[CVE-2015-4170] = "fixed-version: Fixed from version 3.13rc5"
-
-CVE_STATUS[CVE-2015-4176] = "fixed-version: Fixed from version 4.1rc1"
-
-CVE_STATUS[CVE-2015-4177] = "fixed-version: Fixed from version 4.1rc1"
-
-CVE_STATUS[CVE-2015-4178] = "fixed-version: Fixed from version 4.1rc1"
-
-CVE_STATUS[CVE-2015-4692] = "fixed-version: Fixed from version 4.2rc1"
-
-CVE_STATUS[CVE-2015-4700] = "fixed-version: Fixed from version 4.1rc6"
-
-CVE_STATUS[CVE-2015-5156] = "fixed-version: Fixed from version 4.2rc7"
-
-CVE_STATUS[CVE-2015-5157] = "fixed-version: Fixed from version 4.2rc3"
-
-CVE_STATUS[CVE-2015-5257] = "fixed-version: Fixed from version 4.3rc3"
-
-CVE_STATUS[CVE-2015-5283] = "fixed-version: Fixed from version 4.3rc3"
-
-CVE_STATUS[CVE-2015-5307] = "fixed-version: Fixed from version 4.4rc1"
-
-CVE_STATUS[CVE-2015-5327] = "fixed-version: Fixed from version 4.4rc1"
-
-CVE_STATUS[CVE-2015-5364] = "fixed-version: Fixed from version 4.1rc7"
-
-CVE_STATUS[CVE-2015-5366] = "fixed-version: Fixed from version 4.1rc7"
-
-CVE_STATUS[CVE-2015-5697] = "fixed-version: Fixed from version 4.2rc6"
-
-CVE_STATUS[CVE-2015-5706] = "fixed-version: Fixed from version 4.1rc3"
-
-CVE_STATUS[CVE-2015-5707] = "fixed-version: Fixed from version 4.1rc1"
-
-CVE_STATUS[CVE-2015-6252] = "fixed-version: Fixed from version 4.2rc5"
-
-CVE_STATUS[CVE-2015-6526] = "fixed-version: Fixed from version 4.1rc1"
-
-# CVE-2015-6619 has no known resolution
-
-# CVE-2015-6646 has no known resolution
-
-CVE_STATUS[CVE-2015-6937] = "fixed-version: Fixed from version 4.3rc1"
-
-# Skipping CVE-2015-7312, no affected_versions
-
-CVE_STATUS[CVE-2015-7509] = "fixed-version: Fixed from version 3.7rc1"
-
-CVE_STATUS[CVE-2015-7513] = "fixed-version: Fixed from version 4.4rc7"
-
-CVE_STATUS[CVE-2015-7515] = "fixed-version: Fixed from version 4.4rc6"
-
-CVE_STATUS[CVE-2015-7550] = "fixed-version: Fixed from version 4.4rc8"
-
-# Skipping CVE-2015-7553, no affected_versions
-
-CVE_STATUS[CVE-2015-7566] = "fixed-version: Fixed from version 4.5rc2"
-
-CVE_STATUS[CVE-2015-7613] = "fixed-version: Fixed from version 4.3rc4"
-
-CVE_STATUS[CVE-2015-7799] = "fixed-version: Fixed from version 4.4rc1"
-
-CVE_STATUS[CVE-2015-7833] = "fixed-version: Fixed from version 4.6rc6"
-
-# Skipping CVE-2015-7837, no affected_versions
-
-CVE_STATUS[CVE-2015-7872] = "fixed-version: Fixed from version 4.3rc7"
-
-CVE_STATUS[CVE-2015-7884] = "fixed-version: Fixed from version 4.4rc1"
-
-CVE_STATUS[CVE-2015-7885] = "fixed-version: Fixed from version 4.4rc1"
-
-CVE_STATUS[CVE-2015-7990] = "fixed-version: Fixed from version 4.4rc4"
-
-# Skipping CVE-2015-8019, no affected_versions
-
-CVE_STATUS[CVE-2015-8104] = "fixed-version: Fixed from version 4.4rc1"
-
-CVE_STATUS[CVE-2015-8215] = "fixed-version: Fixed from version 4.0rc3"
-
-CVE_STATUS[CVE-2015-8324] = "fixed-version: Fixed from version 2.6.34rc1"
-
-CVE_STATUS[CVE-2015-8374] = "fixed-version: Fixed from version 4.4rc1"
-
-CVE_STATUS[CVE-2015-8539] = "fixed-version: Fixed from version 4.4rc3"
-
-CVE_STATUS[CVE-2015-8543] = "fixed-version: Fixed from version 4.4rc6"
-
-CVE_STATUS[CVE-2015-8550] = "fixed-version: Fixed from version 4.4rc6"
-
-CVE_STATUS[CVE-2015-8551] = "fixed-version: Fixed from version 4.4rc6"
-
-CVE_STATUS[CVE-2015-8552] = "fixed-version: Fixed from version 4.4rc6"
-
-CVE_STATUS[CVE-2015-8553] = "fixed-version: Fixed from version 4.4rc6"
-
-CVE_STATUS[CVE-2015-8569] = "fixed-version: Fixed from version 4.4rc6"
-
-CVE_STATUS[CVE-2015-8575] = "fixed-version: Fixed from version 4.4rc6"
-
-CVE_STATUS[CVE-2015-8660] = "fixed-version: Fixed from version 4.4rc4"
-
-CVE_STATUS[CVE-2015-8709] = "fixed-version: Fixed from version 4.10rc1"
-
-CVE_STATUS[CVE-2015-8746] = "fixed-version: Fixed from version 4.3rc1"
-
-CVE_STATUS[CVE-2015-8767] = "fixed-version: Fixed from version 4.3rc4"
-
-CVE_STATUS[CVE-2015-8785] = "fixed-version: Fixed from version 4.4rc5"
-
-CVE_STATUS[CVE-2015-8787] = "fixed-version: Fixed from version 4.4rc1"
-
-CVE_STATUS[CVE-2015-8812] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2015-8816] = "fixed-version: Fixed from version 4.4rc6"
-
-CVE_STATUS[CVE-2015-8830] = "fixed-version: Fixed from version 4.1rc1"
-
-CVE_STATUS[CVE-2015-8839] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2015-8844] = "fixed-version: Fixed from version 4.4rc3"
-
-CVE_STATUS[CVE-2015-8845] = "fixed-version: Fixed from version 4.4rc3"
-
-# Skipping CVE-2015-8937, no affected_versions
-
-# Skipping CVE-2015-8938, no affected_versions
-
-# Skipping CVE-2015-8939, no affected_versions
-
-# Skipping CVE-2015-8940, no affected_versions
-
-# Skipping CVE-2015-8941, no affected_versions
-
-# Skipping CVE-2015-8942, no affected_versions
-
-# Skipping CVE-2015-8943, no affected_versions
-
-# Skipping CVE-2015-8944, no affected_versions
-
-CVE_STATUS[CVE-2015-8950] = "fixed-version: Fixed from version 4.1rc2"
-
-CVE_STATUS[CVE-2015-8952] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2015-8953] = "fixed-version: Fixed from version 4.3"
-
-CVE_STATUS[CVE-2015-8955] = "fixed-version: Fixed from version 4.1rc1"
-
-CVE_STATUS[CVE-2015-8956] = "fixed-version: Fixed from version 4.2rc1"
-
-CVE_STATUS[CVE-2015-8961] = "fixed-version: Fixed from version 4.4rc1"
-
-CVE_STATUS[CVE-2015-8962] = "fixed-version: Fixed from version 4.4rc1"
-
-CVE_STATUS[CVE-2015-8963] = "fixed-version: Fixed from version 4.4"
-
-CVE_STATUS[CVE-2015-8964] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2015-8966] = "fixed-version: Fixed from version 4.4rc8"
-
-CVE_STATUS[CVE-2015-8967] = "fixed-version: Fixed from version 4.0rc1"
-
-CVE_STATUS[CVE-2015-8970] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2015-9004] = "fixed-version: Fixed from version 3.19rc7"
-
-CVE_STATUS[CVE-2015-9016] = "fixed-version: Fixed from version 4.3rc1"
-
-CVE_STATUS[CVE-2015-9289] = "fixed-version: Fixed from version 4.2rc1"
-
-CVE_STATUS[CVE-2016-0617] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2016-0723] = "fixed-version: Fixed from version 4.5rc2"
-
-CVE_STATUS[CVE-2016-0728] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2016-0758] = "fixed-version: Fixed from version 4.6"
-
-# Skipping CVE-2016-0774, no affected_versions
-
-CVE_STATUS[CVE-2016-0821] = "fixed-version: Fixed from version 4.3rc1"
-
-CVE_STATUS[CVE-2016-0823] = "fixed-version: Fixed from version 4.0rc5"
-
-CVE_STATUS[CVE-2016-10044] = "fixed-version: Fixed from version 4.8rc7"
-
-CVE_STATUS[CVE-2016-10088] = "fixed-version: Fixed from version 4.10rc1"
-
-CVE_STATUS[CVE-2016-10147] = "fixed-version: Fixed from version 4.9"
-
-CVE_STATUS[CVE-2016-10150] = "fixed-version: Fixed from version 4.9rc8"
-
-CVE_STATUS[CVE-2016-10153] = "fixed-version: Fixed from version 4.10rc1"
-
-CVE_STATUS[CVE-2016-10154] = "fixed-version: Fixed from version 4.10rc1"
-
-CVE_STATUS[CVE-2016-10200] = "fixed-version: Fixed from version 4.9rc7"
-
-CVE_STATUS[CVE-2016-10208] = "fixed-version: Fixed from version 4.10rc1"
-
-CVE_STATUS[CVE-2016-10229] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2016-10318] = "fixed-version: Fixed from version 4.8rc6"
-
-CVE_STATUS[CVE-2016-10723] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2016-10741] = "fixed-version: Fixed from version 4.10rc1"
-
-CVE_STATUS[CVE-2016-10764] = "fixed-version: Fixed from version 4.10rc1"
-
-CVE_STATUS[CVE-2016-10905] = "fixed-version: Fixed from version 4.8rc1"
-
-CVE_STATUS[CVE-2016-10906] = "fixed-version: Fixed from version 4.5rc6"
-
-CVE_STATUS[CVE-2016-10907] = "fixed-version: Fixed from version 4.9rc1"
-
-CVE_STATUS[CVE-2016-1237] = "fixed-version: Fixed from version 4.7rc5"
-
-CVE_STATUS[CVE-2016-1575] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2016-1576] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2016-1583] = "fixed-version: Fixed from version 4.7rc3"
-
-CVE_STATUS[CVE-2016-2053] = "fixed-version: Fixed from version 4.3rc1"
-
-CVE_STATUS[CVE-2016-2069] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2016-2070] = "fixed-version: Fixed from version 4.4"
-
-CVE_STATUS[CVE-2016-2085] = "fixed-version: Fixed from version 4.5rc4"
-
-CVE_STATUS[CVE-2016-2117] = "fixed-version: Fixed from version 4.6rc5"
-
-CVE_STATUS[CVE-2016-2143] = "fixed-version: Fixed from version 4.5"
-
-CVE_STATUS[CVE-2016-2184] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2016-2185] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2016-2186] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2016-2187] = "fixed-version: Fixed from version 4.6rc5"
-
-CVE_STATUS[CVE-2016-2188] = "fixed-version: Fixed from version 4.11rc2"
-
-CVE_STATUS[CVE-2016-2383] = "fixed-version: Fixed from version 4.5rc4"
-
-CVE_STATUS[CVE-2016-2384] = "fixed-version: Fixed from version 4.5rc4"
-
-CVE_STATUS[CVE-2016-2543] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2016-2544] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2016-2545] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2016-2546] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2016-2547] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2016-2548] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2016-2549] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2016-2550] = "fixed-version: Fixed from version 4.5rc4"
-
-CVE_STATUS[CVE-2016-2782] = "fixed-version: Fixed from version 4.5rc2"
-
-CVE_STATUS[CVE-2016-2847] = "fixed-version: Fixed from version 4.5rc1"
-
-# Skipping CVE-2016-2853, no affected_versions
-
-# Skipping CVE-2016-2854, no affected_versions
-
-CVE_STATUS[CVE-2016-3044] = "fixed-version: Fixed from version 4.5"
-
-CVE_STATUS[CVE-2016-3070] = "fixed-version: Fixed from version 4.4rc1"
-
-CVE_STATUS[CVE-2016-3134] = "fixed-version: Fixed from version 4.6rc2"
-
-CVE_STATUS[CVE-2016-3135] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2016-3136] = "fixed-version: Fixed from version 4.6rc3"
-
-CVE_STATUS[CVE-2016-3137] = "fixed-version: Fixed from version 4.6rc3"
-
-CVE_STATUS[CVE-2016-3138] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2016-3139] = "fixed-version: Fixed from version 3.17rc1"
-
-CVE_STATUS[CVE-2016-3140] = "fixed-version: Fixed from version 4.6rc3"
-
-CVE_STATUS[CVE-2016-3156] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2016-3157] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2016-3672] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2016-3689] = "fixed-version: Fixed from version 4.6rc1"
-
-# Skipping CVE-2016-3695, no affected_versions
-
-# Skipping CVE-2016-3699, no affected_versions
-
-# Skipping CVE-2016-3707, no affected_versions
-
-CVE_STATUS[CVE-2016-3713] = "fixed-version: Fixed from version 4.7rc1"
-
-# CVE-2016-3775 has no known resolution
-
-# CVE-2016-3802 has no known resolution
-
-# CVE-2016-3803 has no known resolution
-
-CVE_STATUS[CVE-2016-3841] = "fixed-version: Fixed from version 4.4rc4"
-
-CVE_STATUS[CVE-2016-3857] = "fixed-version: Fixed from version 4.8rc2"
-
-CVE_STATUS[CVE-2016-3951] = "fixed-version: Fixed from version 4.5"
-
-CVE_STATUS[CVE-2016-3955] = "fixed-version: Fixed from version 4.6rc3"
-
-CVE_STATUS[CVE-2016-3961] = "fixed-version: Fixed from version 4.6rc5"
-
-CVE_STATUS[CVE-2016-4440] = "fixed-version: Fixed from version 4.7rc1"
-
-CVE_STATUS[CVE-2016-4470] = "fixed-version: Fixed from version 4.7rc4"
-
-CVE_STATUS[CVE-2016-4482] = "fixed-version: Fixed from version 4.7rc1"
-
-CVE_STATUS[CVE-2016-4485] = "fixed-version: Fixed from version 4.6"
-
-CVE_STATUS[CVE-2016-4486] = "fixed-version: Fixed from version 4.6"
-
-CVE_STATUS[CVE-2016-4557] = "fixed-version: Fixed from version 4.6rc6"
-
-CVE_STATUS[CVE-2016-4558] = "fixed-version: Fixed from version 4.6rc7"
-
-CVE_STATUS[CVE-2016-4565] = "fixed-version: Fixed from version 4.6rc6"
-
-CVE_STATUS[CVE-2016-4568] = "fixed-version: Fixed from version 4.6rc6"
-
-CVE_STATUS[CVE-2016-4569] = "fixed-version: Fixed from version 4.7rc1"
-
-CVE_STATUS[CVE-2016-4578] = "fixed-version: Fixed from version 4.7rc1"
-
-CVE_STATUS[CVE-2016-4580] = "fixed-version: Fixed from version 4.6"
-
-CVE_STATUS[CVE-2016-4581] = "fixed-version: Fixed from version 4.6rc7"
-
-CVE_STATUS[CVE-2016-4794] = "fixed-version: Fixed from version 4.7rc4"
-
-CVE_STATUS[CVE-2016-4805] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2016-4913] = "fixed-version: Fixed from version 4.6"
-
-CVE_STATUS[CVE-2016-4951] = "fixed-version: Fixed from version 4.7rc1"
-
-CVE_STATUS[CVE-2016-4997] = "fixed-version: Fixed from version 4.7rc1"
-
-CVE_STATUS[CVE-2016-4998] = "fixed-version: Fixed from version 4.7rc1"
-
-CVE_STATUS[CVE-2016-5195] = "fixed-version: Fixed from version 4.9rc2"
-
-CVE_STATUS[CVE-2016-5243] = "fixed-version: Fixed from version 4.7rc3"
-
-CVE_STATUS[CVE-2016-5244] = "fixed-version: Fixed from version 4.7rc3"
-
-# Skipping CVE-2016-5340, no affected_versions
-
-# Skipping CVE-2016-5342, no affected_versions
-
-# Skipping CVE-2016-5343, no affected_versions
-
-# Skipping CVE-2016-5344, no affected_versions
-
-CVE_STATUS[CVE-2016-5400] = "fixed-version: Fixed from version 4.7"
-
-CVE_STATUS[CVE-2016-5412] = "fixed-version: Fixed from version 4.8rc1"
-
-CVE_STATUS[CVE-2016-5696] = "fixed-version: Fixed from version 4.7"
-
-CVE_STATUS[CVE-2016-5728] = "fixed-version: Fixed from version 4.7rc1"
-
-CVE_STATUS[CVE-2016-5828] = "fixed-version: Fixed from version 4.7rc6"
-
-CVE_STATUS[CVE-2016-5829] = "fixed-version: Fixed from version 4.7rc5"
-
-# CVE-2016-5870 has no known resolution
-
-CVE_STATUS[CVE-2016-6130] = "fixed-version: Fixed from version 4.6rc6"
-
-CVE_STATUS[CVE-2016-6136] = "fixed-version: Fixed from version 4.8rc1"
-
-CVE_STATUS[CVE-2016-6156] = "fixed-version: Fixed from version 4.7rc7"
-
-CVE_STATUS[CVE-2016-6162] = "fixed-version: Fixed from version 4.7"
-
-CVE_STATUS[CVE-2016-6187] = "fixed-version: Fixed from version 4.7rc7"
-
-CVE_STATUS[CVE-2016-6197] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2016-6198] = "fixed-version: Fixed from version 4.6"
-
-CVE_STATUS[CVE-2016-6213] = "fixed-version: Fixed from version 4.9rc1"
-
-CVE_STATUS[CVE-2016-6327] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2016-6480] = "fixed-version: Fixed from version 4.8rc3"
-
-CVE_STATUS[CVE-2016-6516] = "fixed-version: Fixed from version 4.8rc1"
-
-# Skipping CVE-2016-6753, no affected_versions
-
-CVE_STATUS[CVE-2016-6786] = "fixed-version: Fixed from version 4.0rc1"
-
-CVE_STATUS[CVE-2016-6787] = "fixed-version: Fixed from version 4.0rc1"
-
-CVE_STATUS[CVE-2016-6828] = "fixed-version: Fixed from version 4.8rc5"
-
-CVE_STATUS[CVE-2016-7039] = "fixed-version: Fixed from version 4.9rc4"
-
-CVE_STATUS[CVE-2016-7042] = "fixed-version: Fixed from version 4.9rc3"
-
-CVE_STATUS[CVE-2016-7097] = "fixed-version: Fixed from version 4.9rc1"
-
-CVE_STATUS[CVE-2016-7117] = "fixed-version: Fixed from version 4.6rc1"
-
-# Skipping CVE-2016-7118, no affected_versions
-
-CVE_STATUS[CVE-2016-7425] = "fixed-version: Fixed from version 4.9rc1"
-
-CVE_STATUS[CVE-2016-7910] = "fixed-version: Fixed from version 4.8rc1"
-
-CVE_STATUS[CVE-2016-7911] = "fixed-version: Fixed from version 4.7rc7"
-
-CVE_STATUS[CVE-2016-7912] = "fixed-version: Fixed from version 4.6rc5"
-
-CVE_STATUS[CVE-2016-7913] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2016-7914] = "fixed-version: Fixed from version 4.6rc4"
-
-CVE_STATUS[CVE-2016-7915] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2016-7916] = "fixed-version: Fixed from version 4.6rc7"
-
-CVE_STATUS[CVE-2016-7917] = "fixed-version: Fixed from version 4.5rc6"
-
-CVE_STATUS[CVE-2016-8399] = "fixed-version: Fixed from version 4.9"
-
-# Skipping CVE-2016-8401, no affected_versions
-
-# Skipping CVE-2016-8402, no affected_versions
-
-# Skipping CVE-2016-8403, no affected_versions
-
-# Skipping CVE-2016-8404, no affected_versions
-
-CVE_STATUS[CVE-2016-8405] = "fixed-version: Fixed from version 4.10rc6"
-
-# Skipping CVE-2016-8406, no affected_versions
-
-# Skipping CVE-2016-8407, no affected_versions
-
-CVE_STATUS[CVE-2016-8630] = "fixed-version: Fixed from version 4.9rc4"
-
-CVE_STATUS[CVE-2016-8632] = "fixed-version: Fixed from version 4.9rc8"
-
-CVE_STATUS[CVE-2016-8633] = "fixed-version: Fixed from version 4.9rc4"
-
-CVE_STATUS[CVE-2016-8636] = "fixed-version: Fixed from version 4.10rc8"
-
-CVE_STATUS[CVE-2016-8645] = "fixed-version: Fixed from version 4.9rc6"
-
-CVE_STATUS[CVE-2016-8646] = "fixed-version: Fixed from version 4.4rc1"
-
-CVE_STATUS[CVE-2016-8650] = "fixed-version: Fixed from version 4.9rc7"
-
-CVE_STATUS[CVE-2016-8655] = "fixed-version: Fixed from version 4.9rc8"
-
-CVE_STATUS[CVE-2016-8658] = "fixed-version: Fixed from version 4.8rc7"
-
-# CVE-2016-8660 has no known resolution
-
-CVE_STATUS[CVE-2016-8666] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2016-9083] = "fixed-version: Fixed from version 4.9rc4"
-
-CVE_STATUS[CVE-2016-9084] = "fixed-version: Fixed from version 4.9rc4"
-
-CVE_STATUS[CVE-2016-9120] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2016-9178] = "fixed-version: Fixed from version 4.8rc7"
-
-CVE_STATUS[CVE-2016-9191] = "fixed-version: Fixed from version 4.10rc4"
-
-CVE_STATUS[CVE-2016-9313] = "fixed-version: Fixed from version 4.9rc3"
-
-CVE_STATUS[CVE-2016-9555] = "fixed-version: Fixed from version 4.9rc4"
-
-CVE_STATUS[CVE-2016-9576] = "fixed-version: Fixed from version 4.9"
-
-CVE_STATUS[CVE-2016-9588] = "fixed-version: Fixed from version 4.10rc1"
-
-CVE_STATUS[CVE-2016-9604] = "fixed-version: Fixed from version 4.11rc8"
-
-# Skipping CVE-2016-9644, no affected_versions
-
-CVE_STATUS[CVE-2016-9685] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2016-9754] = "fixed-version: Fixed from version 4.7rc1"
-
-CVE_STATUS[CVE-2016-9755] = "fixed-version: Fixed from version 4.9rc8"
-
-CVE_STATUS[CVE-2016-9756] = "fixed-version: Fixed from version 4.9rc7"
-
-CVE_STATUS[CVE-2016-9777] = "fixed-version: Fixed from version 4.9rc7"
-
-CVE_STATUS[CVE-2016-9793] = "fixed-version: Fixed from version 4.9rc8"
-
-CVE_STATUS[CVE-2016-9794] = "fixed-version: Fixed from version 4.7rc1"
-
-CVE_STATUS[CVE-2016-9806] = "fixed-version: Fixed from version 4.7rc1"
-
-CVE_STATUS[CVE-2016-9919] = "fixed-version: Fixed from version 4.9rc8"
-
-# Skipping CVE-2017-0403, no affected_versions
-
-# Skipping CVE-2017-0404, no affected_versions
-
-# Skipping CVE-2017-0426, no affected_versions
-
-# Skipping CVE-2017-0427, no affected_versions
-
-# CVE-2017-0507 has no known resolution
-
-# CVE-2017-0508 has no known resolution
-
-# Skipping CVE-2017-0510, no affected_versions
-
-# Skipping CVE-2017-0528, no affected_versions
-
-# Skipping CVE-2017-0537, no affected_versions
-
-# CVE-2017-0564 has no known resolution
-
-CVE_STATUS[CVE-2017-0605] = "fixed-version: Fixed from version 4.12rc1"
-
-CVE_STATUS[CVE-2017-0627] = "fixed-version: Fixed from version 4.14rc1"
-
-# CVE-2017-0630 has no known resolution
-
-# CVE-2017-0749 has no known resolution
-
-CVE_STATUS[CVE-2017-0750] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2017-0786] = "fixed-version: Fixed from version 4.14rc4"
-
-CVE_STATUS[CVE-2017-0861] = "fixed-version: Fixed from version 4.15rc3"
-
-CVE_STATUS[CVE-2017-1000] = "fixed-version: Fixed from version 4.13rc5"
-
-CVE_STATUS[CVE-2017-1000111] = "fixed-version: Fixed from version 4.13rc5"
-
-CVE_STATUS[CVE-2017-1000112] = "fixed-version: Fixed from version 4.13rc5"
-
-CVE_STATUS[CVE-2017-1000251] = "fixed-version: Fixed from version 4.14rc1"
-
-CVE_STATUS[CVE-2017-1000252] = "fixed-version: Fixed from version 4.14rc1"
-
-CVE_STATUS[CVE-2017-1000253] = "fixed-version: Fixed from version 4.1rc1"
-
-CVE_STATUS[CVE-2017-1000255] = "fixed-version: Fixed from version 4.14rc5"
-
-CVE_STATUS[CVE-2017-1000363] = "fixed-version: Fixed from version 4.12rc2"
-
-CVE_STATUS[CVE-2017-1000364] = "fixed-version: Fixed from version 4.12rc6"
-
-CVE_STATUS[CVE-2017-1000365] = "fixed-version: Fixed from version 4.12rc7"
-
-CVE_STATUS[CVE-2017-1000370] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2017-1000371] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2017-1000379] = "fixed-version: Fixed from version 4.12rc6"
-
-CVE_STATUS[CVE-2017-1000380] = "fixed-version: Fixed from version 4.12rc5"
-
-CVE_STATUS[CVE-2017-1000405] = "fixed-version: Fixed from version 4.15rc2"
-
-CVE_STATUS[CVE-2017-1000407] = "fixed-version: Fixed from version 4.15rc3"
-
-CVE_STATUS[CVE-2017-1000410] = "fixed-version: Fixed from version 4.15rc8"
-
-CVE_STATUS[CVE-2017-10661] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2017-10662] = "fixed-version: Fixed from version 4.12rc1"
-
-CVE_STATUS[CVE-2017-10663] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2017-10810] = "fixed-version: Fixed from version 4.12rc1"
-
-CVE_STATUS[CVE-2017-10911] = "fixed-version: Fixed from version 4.12rc7"
-
-CVE_STATUS[CVE-2017-11089] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2017-11176] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2017-11472] = "fixed-version: Fixed from version 4.12rc1"
-
-CVE_STATUS[CVE-2017-11473] = "fixed-version: Fixed from version 4.13rc2"
-
-CVE_STATUS[CVE-2017-11600] = "fixed-version: Fixed from version 4.13"
-
-CVE_STATUS[CVE-2017-12134] = "fixed-version: Fixed from version 4.13rc6"
-
-CVE_STATUS[CVE-2017-12146] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2017-12153] = "fixed-version: Fixed from version 4.14rc2"
-
-CVE_STATUS[CVE-2017-12154] = "fixed-version: Fixed from version 4.14rc1"
-
-CVE_STATUS[CVE-2017-12168] = "fixed-version: Fixed from version 4.9rc6"
-
-CVE_STATUS[CVE-2017-12188] = "fixed-version: Fixed from version 4.14rc5"
-
-CVE_STATUS[CVE-2017-12190] = "fixed-version: Fixed from version 4.14rc5"
-
-CVE_STATUS[CVE-2017-12192] = "fixed-version: Fixed from version 4.14rc3"
-
-CVE_STATUS[CVE-2017-12193] = "fixed-version: Fixed from version 4.14rc7"
-
-CVE_STATUS[CVE-2017-12762] = "fixed-version: Fixed from version 4.13rc4"
-
-CVE_STATUS[CVE-2017-13080] = "fixed-version: Fixed from version 4.14rc6"
-
-CVE_STATUS[CVE-2017-13166] = "fixed-version: Fixed from version 4.16rc1"
-
-CVE_STATUS[CVE-2017-13167] = "fixed-version: Fixed from version 4.5rc4"
-
-CVE_STATUS[CVE-2017-13168] = "fixed-version: Fixed from version 4.18rc4"
-
-CVE_STATUS[CVE-2017-13215] = "fixed-version: Fixed from version 4.5rc1"
-
-CVE_STATUS[CVE-2017-13216] = "fixed-version: Fixed from version 4.15rc8"
-
-CVE_STATUS[CVE-2017-13220] = "fixed-version: Fixed from version 3.19rc3"
-
-# CVE-2017-13221 has no known resolution
-
-# CVE-2017-13222 has no known resolution
-
-CVE_STATUS[CVE-2017-13305] = "fixed-version: Fixed from version 4.12rc5"
-
-CVE_STATUS[CVE-2017-13686] = "fixed-version: Fixed from version 4.13rc7"
-
-# CVE-2017-13693 has no known resolution
-
-# CVE-2017-13694 has no known resolution
-
-CVE_STATUS[CVE-2017-13695] = "fixed-version: Fixed from version 4.17rc1"
-
-CVE_STATUS[CVE-2017-13715] = "fixed-version: Fixed from version 4.3rc1"
-
-CVE_STATUS[CVE-2017-14051] = "fixed-version: Fixed from version 4.14rc1"
-
-CVE_STATUS[CVE-2017-14106] = "fixed-version: Fixed from version 4.12rc3"
-
-CVE_STATUS[CVE-2017-14140] = "fixed-version: Fixed from version 4.13rc6"
-
-CVE_STATUS[CVE-2017-14156] = "fixed-version: Fixed from version 4.14rc1"
-
-CVE_STATUS[CVE-2017-14340] = "fixed-version: Fixed from version 4.14rc1"
-
-CVE_STATUS[CVE-2017-14489] = "fixed-version: Fixed from version 4.14rc3"
-
-CVE_STATUS[CVE-2017-14497] = "fixed-version: Fixed from version 4.13"
-
-CVE_STATUS[CVE-2017-14954] = "fixed-version: Fixed from version 4.14rc3"
-
-CVE_STATUS[CVE-2017-14991] = "fixed-version: Fixed from version 4.14rc2"
-
-CVE_STATUS[CVE-2017-15102] = "fixed-version: Fixed from version 4.9rc1"
-
-CVE_STATUS[CVE-2017-15115] = "fixed-version: Fixed from version 4.14rc6"
-
-CVE_STATUS[CVE-2017-15116] = "fixed-version: Fixed from version 4.2rc1"
-
-CVE_STATUS[CVE-2017-15121] = "fixed-version: Fixed from version 3.11rc1"
-
-CVE_STATUS[CVE-2017-15126] = "fixed-version: Fixed from version 4.14rc4"
-
-CVE_STATUS[CVE-2017-15127] = "fixed-version: Fixed from version 4.13rc5"
-
-CVE_STATUS[CVE-2017-15128] = "fixed-version: Fixed from version 4.14rc8"
-
-CVE_STATUS[CVE-2017-15129] = "fixed-version: Fixed from version 4.15rc5"
-
-CVE_STATUS[CVE-2017-15265] = "fixed-version: Fixed from version 4.14rc5"
-
-CVE_STATUS[CVE-2017-15274] = "fixed-version: Fixed from version 4.12rc5"
-
-CVE_STATUS[CVE-2017-15299] = "fixed-version: Fixed from version 4.14rc6"
-
-CVE_STATUS[CVE-2017-15306] = "fixed-version: Fixed from version 4.14rc7"
-
-CVE_STATUS[CVE-2017-15537] = "fixed-version: Fixed from version 4.14rc3"
-
-CVE_STATUS[CVE-2017-15649] = "fixed-version: Fixed from version 4.14rc4"
-
-CVE_STATUS[CVE-2017-15868] = "fixed-version: Fixed from version 3.19rc3"
-
-CVE_STATUS[CVE-2017-15951] = "fixed-version: Fixed from version 4.14rc6"
-
-CVE_STATUS[CVE-2017-16525] = "fixed-version: Fixed from version 4.14rc5"
-
-CVE_STATUS[CVE-2017-16526] = "fixed-version: Fixed from version 4.14rc4"
-
-CVE_STATUS[CVE-2017-16527] = "fixed-version: Fixed from version 4.14rc5"
-
-CVE_STATUS[CVE-2017-16528] = "fixed-version: Fixed from version 4.14rc1"
-
-CVE_STATUS[CVE-2017-16529] = "fixed-version: Fixed from version 4.14rc4"
-
-CVE_STATUS[CVE-2017-16530] = "fixed-version: Fixed from version 4.14rc4"
-
-CVE_STATUS[CVE-2017-16531] = "fixed-version: Fixed from version 4.14rc4"
-
-CVE_STATUS[CVE-2017-16532] = "fixed-version: Fixed from version 4.14rc5"
-
-CVE_STATUS[CVE-2017-16533] = "fixed-version: Fixed from version 4.14rc5"
-
-CVE_STATUS[CVE-2017-16534] = "fixed-version: Fixed from version 4.14rc4"
-
-CVE_STATUS[CVE-2017-16535] = "fixed-version: Fixed from version 4.14rc6"
-
-CVE_STATUS[CVE-2017-16536] = "fixed-version: Fixed from version 4.15rc1"
-
-CVE_STATUS[CVE-2017-16537] = "fixed-version: Fixed from version 4.15rc1"
-
-CVE_STATUS[CVE-2017-16538] = "fixed-version: Fixed from version 4.16rc1"
-
-CVE_STATUS[CVE-2017-16643] = "fixed-version: Fixed from version 4.14rc7"
-
-CVE_STATUS[CVE-2017-16644] = "fixed-version: Fixed from version 4.16rc1"
-
-CVE_STATUS[CVE-2017-16645] = "fixed-version: Fixed from version 4.14rc6"
-
-CVE_STATUS[CVE-2017-16646] = "fixed-version: Fixed from version 4.15rc1"
-
-CVE_STATUS[CVE-2017-16647] = "fixed-version: Fixed from version 4.14"
-
-CVE_STATUS[CVE-2017-16648] = "fixed-version: Fixed from version 4.15rc1"
-
-CVE_STATUS[CVE-2017-16649] = "fixed-version: Fixed from version 4.14"
-
-CVE_STATUS[CVE-2017-16650] = "fixed-version: Fixed from version 4.14"
-
-CVE_STATUS[CVE-2017-16911] = "fixed-version: Fixed from version 4.15rc4"
-
-CVE_STATUS[CVE-2017-16912] = "fixed-version: Fixed from version 4.15rc4"
-
-CVE_STATUS[CVE-2017-16913] = "fixed-version: Fixed from version 4.15rc4"
-
-CVE_STATUS[CVE-2017-16914] = "fixed-version: Fixed from version 4.15rc4"
-
-CVE_STATUS[CVE-2017-16939] = "fixed-version: Fixed from version 4.14rc7"
-
-CVE_STATUS[CVE-2017-16994] = "fixed-version: Fixed from version 4.15rc1"
-
-CVE_STATUS[CVE-2017-16995] = "fixed-version: Fixed from version 4.15rc5"
-
-CVE_STATUS[CVE-2017-16996] = "fixed-version: Fixed from version 4.15rc5"
-
-CVE_STATUS[CVE-2017-17052] = "fixed-version: Fixed from version 4.13rc7"
-
-CVE_STATUS[CVE-2017-17053] = "fixed-version: Fixed from version 4.13rc7"
-
-CVE_STATUS[CVE-2017-17448] = "fixed-version: Fixed from version 4.15rc4"
-
-CVE_STATUS[CVE-2017-17449] = "fixed-version: Fixed from version 4.15rc4"
-
-CVE_STATUS[CVE-2017-17450] = "fixed-version: Fixed from version 4.15rc4"
-
-CVE_STATUS[CVE-2017-17558] = "fixed-version: Fixed from version 4.15rc4"
-
-CVE_STATUS[CVE-2017-17712] = "fixed-version: Fixed from version 4.15rc4"
-
-CVE_STATUS[CVE-2017-17741] = "fixed-version: Fixed from version 4.15rc5"
-
-CVE_STATUS[CVE-2017-17805] = "fixed-version: Fixed from version 4.15rc4"
-
-CVE_STATUS[CVE-2017-17806] = "fixed-version: Fixed from version 4.15rc4"
-
-CVE_STATUS[CVE-2017-17807] = "fixed-version: Fixed from version 4.15rc3"
-
-CVE_STATUS[CVE-2017-17852] = "fixed-version: Fixed from version 4.15rc5"
-
-CVE_STATUS[CVE-2017-17853] = "fixed-version: Fixed from version 4.15rc5"
-
-CVE_STATUS[CVE-2017-17854] = "fixed-version: Fixed from version 4.15rc5"
-
-CVE_STATUS[CVE-2017-17855] = "fixed-version: Fixed from version 4.15rc5"
-
-CVE_STATUS[CVE-2017-17856] = "fixed-version: Fixed from version 4.15rc5"
-
-CVE_STATUS[CVE-2017-17857] = "fixed-version: Fixed from version 4.15rc5"
-
-CVE_STATUS[CVE-2017-17862] = "fixed-version: Fixed from version 4.15rc1"
-
-CVE_STATUS[CVE-2017-17863] = "fixed-version: Fixed from version 4.15rc5"
-
-CVE_STATUS[CVE-2017-17864] = "fixed-version: Fixed from version 4.15rc5"
-
-CVE_STATUS[CVE-2017-17975] = "fixed-version: Fixed from version 4.17rc1"
-
-CVE_STATUS[CVE-2017-18017] = "fixed-version: Fixed from version 4.11rc7"
-
-CVE_STATUS[CVE-2017-18075] = "fixed-version: Fixed from version 4.15rc7"
-
-CVE_STATUS[CVE-2017-18079] = "fixed-version: Fixed from version 4.13rc1"
-
-# CVE-2017-18169 has no known resolution
-
-CVE_STATUS[CVE-2017-18174] = "fixed-version: Fixed from version 4.7rc1"
-
-CVE_STATUS[CVE-2017-18193] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2017-18200] = "fixed-version: Fixed from version 4.14rc5"
-
-CVE_STATUS[CVE-2017-18202] = "fixed-version: Fixed from version 4.15rc2"
-
-CVE_STATUS[CVE-2017-18203] = "fixed-version: Fixed from version 4.15rc1"
-
-CVE_STATUS[CVE-2017-18204] = "fixed-version: Fixed from version 4.15rc1"
-
-CVE_STATUS[CVE-2017-18208] = "fixed-version: Fixed from version 4.15rc2"
-
-CVE_STATUS[CVE-2017-18216] = "fixed-version: Fixed from version 4.15rc1"
-
-CVE_STATUS[CVE-2017-18218] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2017-18221] = "fixed-version: Fixed from version 4.12rc4"
-
-CVE_STATUS[CVE-2017-18222] = "fixed-version: Fixed from version 4.12rc1"
-
-CVE_STATUS[CVE-2017-18224] = "fixed-version: Fixed from version 4.15rc1"
-
-CVE_STATUS[CVE-2017-18232] = "fixed-version: Fixed from version 4.16rc1"
-
-CVE_STATUS[CVE-2017-18241] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2017-18249] = "fixed-version: Fixed from version 4.12rc1"
-
-CVE_STATUS[CVE-2017-18255] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2017-18257] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2017-18261] = "fixed-version: Fixed from version 4.13rc6"
-
-CVE_STATUS[CVE-2017-18270] = "fixed-version: Fixed from version 4.14rc3"
-
-CVE_STATUS[CVE-2017-18344] = "fixed-version: Fixed from version 4.15rc4"
-
-CVE_STATUS[CVE-2017-18360] = "fixed-version: Fixed from version 4.12rc2"
-
-CVE_STATUS[CVE-2017-18379] = "fixed-version: Fixed from version 4.14rc3"
-
-CVE_STATUS[CVE-2017-18509] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2017-18549] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2017-18550] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2017-18551] = "fixed-version: Fixed from version 4.15rc9"
-
-CVE_STATUS[CVE-2017-18552] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2017-18595] = "fixed-version: Fixed from version 4.15rc6"
-
-CVE_STATUS[CVE-2017-2583] = "fixed-version: Fixed from version 4.10rc4"
-
-CVE_STATUS[CVE-2017-2584] = "fixed-version: Fixed from version 4.10rc4"
-
-CVE_STATUS[CVE-2017-2596] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2017-2618] = "fixed-version: Fixed from version 4.10rc8"
-
-CVE_STATUS[CVE-2017-2634] = "fixed-version: Fixed from version 2.6.25rc1"
-
-CVE_STATUS[CVE-2017-2636] = "fixed-version: Fixed from version 4.11rc2"
-
-CVE_STATUS[CVE-2017-2647] = "fixed-version: Fixed from version 3.18rc1"
-
-CVE_STATUS[CVE-2017-2671] = "fixed-version: Fixed from version 4.11rc6"
-
-CVE_STATUS[CVE-2017-5123] = "fixed-version: Fixed from version 4.14rc5"
-
-CVE_STATUS[CVE-2017-5546] = "fixed-version: Fixed from version 4.10rc4"
-
-CVE_STATUS[CVE-2017-5547] = "fixed-version: Fixed from version 4.10rc5"
-
-CVE_STATUS[CVE-2017-5548] = "fixed-version: Fixed from version 4.10rc5"
-
-CVE_STATUS[CVE-2017-5549] = "fixed-version: Fixed from version 4.10rc4"
-
-CVE_STATUS[CVE-2017-5550] = "fixed-version: Fixed from version 4.10rc4"
-
-CVE_STATUS[CVE-2017-5551] = "fixed-version: Fixed from version 4.10rc4"
-
-CVE_STATUS[CVE-2017-5576] = "fixed-version: Fixed from version 4.10rc6"
-
-CVE_STATUS[CVE-2017-5577] = "fixed-version: Fixed from version 4.10rc6"
-
-CVE_STATUS[CVE-2017-5669] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2017-5715] = "fixed-version: Fixed from version 4.15rc8"
-
-CVE_STATUS[CVE-2017-5753] = "fixed-version: Fixed from version 4.15rc8"
-
-CVE_STATUS[CVE-2017-5754] = "fixed-version: Fixed from version 4.16rc1"
-
-CVE_STATUS[CVE-2017-5897] = "fixed-version: Fixed from version 4.10rc8"
-
-CVE_STATUS[CVE-2017-5967] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2017-5970] = "fixed-version: Fixed from version 4.10rc8"
-
-CVE_STATUS[CVE-2017-5972] = "fixed-version: Fixed from version 4.4rc1"
-
-CVE_STATUS[CVE-2017-5986] = "fixed-version: Fixed from version 4.10rc8"
-
-CVE_STATUS[CVE-2017-6001] = "fixed-version: Fixed from version 4.10rc4"
-
-CVE_STATUS[CVE-2017-6074] = "fixed-version: Fixed from version 4.10"
-
-CVE_STATUS[CVE-2017-6214] = "fixed-version: Fixed from version 4.10rc8"
-
-CVE_STATUS[CVE-2017-6345] = "fixed-version: Fixed from version 4.10"
-
-CVE_STATUS[CVE-2017-6346] = "fixed-version: Fixed from version 4.10"
-
-CVE_STATUS[CVE-2017-6347] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2017-6348] = "fixed-version: Fixed from version 4.10"
-
-CVE_STATUS[CVE-2017-6353] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2017-6874] = "fixed-version: Fixed from version 4.11rc2"
-
-CVE_STATUS[CVE-2017-6951] = "fixed-version: Fixed from version 3.18rc1"
-
-CVE_STATUS[CVE-2017-7184] = "fixed-version: Fixed from version 4.11rc5"
-
-CVE_STATUS[CVE-2017-7187] = "fixed-version: Fixed from version 4.11rc5"
-
-CVE_STATUS[CVE-2017-7261] = "fixed-version: Fixed from version 4.11rc6"
-
-CVE_STATUS[CVE-2017-7273] = "fixed-version: Fixed from version 4.10rc4"
-
-CVE_STATUS[CVE-2017-7277] = "fixed-version: Fixed from version 4.11rc4"
-
-CVE_STATUS[CVE-2017-7294] = "fixed-version: Fixed from version 4.11rc6"
-
-CVE_STATUS[CVE-2017-7308] = "fixed-version: Fixed from version 4.11rc6"
-
-CVE_STATUS[CVE-2017-7346] = "fixed-version: Fixed from version 4.12rc5"
-
-# CVE-2017-7369 has no known resolution
-
-CVE_STATUS[CVE-2017-7374] = "fixed-version: Fixed from version 4.11rc4"
-
-CVE_STATUS[CVE-2017-7472] = "fixed-version: Fixed from version 4.11rc8"
-
-CVE_STATUS[CVE-2017-7477] = "fixed-version: Fixed from version 4.11"
-
-CVE_STATUS[CVE-2017-7482] = "fixed-version: Fixed from version 4.12rc7"
-
-CVE_STATUS[CVE-2017-7487] = "fixed-version: Fixed from version 4.12rc1"
-
-CVE_STATUS[CVE-2017-7495] = "fixed-version: Fixed from version 4.7rc1"
-
-CVE_STATUS[CVE-2017-7518] = "fixed-version: Fixed from version 4.12rc7"
-
-CVE_STATUS[CVE-2017-7533] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2017-7541] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2017-7542] = "fixed-version: Fixed from version 4.13rc2"
-
-CVE_STATUS[CVE-2017-7558] = "fixed-version: Fixed from version 4.13"
-
-CVE_STATUS[CVE-2017-7616] = "fixed-version: Fixed from version 4.11rc6"
-
-CVE_STATUS[CVE-2017-7618] = "fixed-version: Fixed from version 4.11rc8"
-
-CVE_STATUS[CVE-2017-7645] = "fixed-version: Fixed from version 4.11"
-
-CVE_STATUS[CVE-2017-7889] = "fixed-version: Fixed from version 4.11rc7"
-
-CVE_STATUS[CVE-2017-7895] = "fixed-version: Fixed from version 4.11"
-
-CVE_STATUS[CVE-2017-7979] = "fixed-version: Fixed from version 4.11rc8"
-
-CVE_STATUS[CVE-2017-8061] = "fixed-version: Fixed from version 4.11rc4"
-
-CVE_STATUS[CVE-2017-8062] = "fixed-version: Fixed from version 4.11rc2"
-
-CVE_STATUS[CVE-2017-8063] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2017-8064] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2017-8065] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2017-8066] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2017-8067] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2017-8068] = "fixed-version: Fixed from version 4.10rc8"
-
-CVE_STATUS[CVE-2017-8069] = "fixed-version: Fixed from version 4.10rc8"
-
-CVE_STATUS[CVE-2017-8070] = "fixed-version: Fixed from version 4.10rc8"
-
-CVE_STATUS[CVE-2017-8071] = "fixed-version: Fixed from version 4.10rc7"
-
-CVE_STATUS[CVE-2017-8072] = "fixed-version: Fixed from version 4.10rc7"
-
-CVE_STATUS[CVE-2017-8106] = "fixed-version: Fixed from version 3.16rc1"
-
-CVE_STATUS[CVE-2017-8240] = "fixed-version: Fixed from version 3.19rc6"
-
-# CVE-2017-8242 has no known resolution
-
-# CVE-2017-8244 has no known resolution
-
-# CVE-2017-8245 has no known resolution
-
-# CVE-2017-8246 has no known resolution
-
-CVE_STATUS[CVE-2017-8797] = "fixed-version: Fixed from version 4.12rc1"
-
-CVE_STATUS[CVE-2017-8824] = "fixed-version: Fixed from version 4.15rc3"
-
-CVE_STATUS[CVE-2017-8831] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2017-8890] = "fixed-version: Fixed from version 4.12rc1"
-
-CVE_STATUS[CVE-2017-8924] = "fixed-version: Fixed from version 4.11rc2"
-
-CVE_STATUS[CVE-2017-8925] = "fixed-version: Fixed from version 4.11rc2"
-
-CVE_STATUS[CVE-2017-9059] = "fixed-version: Fixed from version 4.12rc1"
-
-CVE_STATUS[CVE-2017-9074] = "fixed-version: Fixed from version 4.12rc2"
-
-CVE_STATUS[CVE-2017-9075] = "fixed-version: Fixed from version 4.12rc2"
-
-CVE_STATUS[CVE-2017-9076] = "fixed-version: Fixed from version 4.12rc2"
-
-CVE_STATUS[CVE-2017-9077] = "fixed-version: Fixed from version 4.12rc2"
-
-CVE_STATUS[CVE-2017-9150] = "fixed-version: Fixed from version 4.12rc1"
-
-CVE_STATUS[CVE-2017-9211] = "fixed-version: Fixed from version 4.12rc3"
-
-CVE_STATUS[CVE-2017-9242] = "fixed-version: Fixed from version 4.12rc3"
-
-CVE_STATUS[CVE-2017-9605] = "fixed-version: Fixed from version 4.12rc5"
-
-CVE_STATUS[CVE-2017-9725] = "fixed-version: Fixed from version 4.3rc7"
-
-CVE_STATUS[CVE-2017-9984] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2017-9985] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2017-9986] = "fixed-version: Fixed from version 4.15rc1"
-
-CVE_STATUS[CVE-2018-1000004] = "fixed-version: Fixed from version 4.15rc9"
-
-CVE_STATUS[CVE-2018-1000026] = "fixed-version: Fixed from version 4.16rc1"
-
-CVE_STATUS[CVE-2018-1000028] = "fixed-version: Fixed from version 4.15"
-
-CVE_STATUS[CVE-2018-1000199] = "fixed-version: Fixed from version 4.16"
-
-CVE_STATUS[CVE-2018-1000200] = "fixed-version: Fixed from version 4.17rc5"
-
-CVE_STATUS[CVE-2018-1000204] = "fixed-version: Fixed from version 4.17rc7"
-
-CVE_STATUS[CVE-2018-10021] = "fixed-version: Fixed from version 4.16rc7"
-
-CVE_STATUS[CVE-2018-10074] = "fixed-version: Fixed from version 4.16rc7"
-
-CVE_STATUS[CVE-2018-10087] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2018-10124] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2018-10322] = "fixed-version: Fixed from version 4.17rc4"
-
-CVE_STATUS[CVE-2018-10323] = "fixed-version: Fixed from version 4.17rc4"
-
-CVE_STATUS[CVE-2018-1065] = "fixed-version: Fixed from version 4.16rc3"
-
-CVE_STATUS[CVE-2018-1066] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2018-10675] = "fixed-version: Fixed from version 4.13rc6"
-
-CVE_STATUS[CVE-2018-1068] = "fixed-version: Fixed from version 4.16rc5"
-
-CVE_STATUS[CVE-2018-10840] = "fixed-version: Fixed from version 4.18rc1"
-
-CVE_STATUS[CVE-2018-10853] = "fixed-version: Fixed from version 4.18rc1"
-
-CVE_STATUS[CVE-2018-1087] = "fixed-version: Fixed from version 4.16rc7"
-
-# CVE-2018-10872 has no known resolution
-
-CVE_STATUS[CVE-2018-10876] = "fixed-version: Fixed from version 4.18rc4"
-
-CVE_STATUS[CVE-2018-10877] = "fixed-version: Fixed from version 4.18rc4"
-
-CVE_STATUS[CVE-2018-10878] = "fixed-version: Fixed from version 4.18rc4"
-
-CVE_STATUS[CVE-2018-10879] = "fixed-version: Fixed from version 4.18rc4"
-
-CVE_STATUS[CVE-2018-10880] = "fixed-version: Fixed from version 4.18rc4"
-
-CVE_STATUS[CVE-2018-10881] = "fixed-version: Fixed from version 4.18rc4"
-
-CVE_STATUS[CVE-2018-10882] = "fixed-version: Fixed from version 4.18rc4"
-
-CVE_STATUS[CVE-2018-10883] = "fixed-version: Fixed from version 4.18rc4"
-
-CVE_STATUS[CVE-2018-10901] = "fixed-version: Fixed from version 2.6.36rc1"
-
-CVE_STATUS[CVE-2018-10902] = "fixed-version: Fixed from version 4.18rc6"
-
-CVE_STATUS[CVE-2018-1091] = "fixed-version: Fixed from version 4.14rc2"
-
-CVE_STATUS[CVE-2018-1092] = "fixed-version: Fixed from version 4.17rc1"
-
-CVE_STATUS[CVE-2018-1093] = "fixed-version: Fixed from version 4.17rc1"
-
-CVE_STATUS[CVE-2018-10938] = "fixed-version: Fixed from version 4.13rc5"
-
-CVE_STATUS[CVE-2018-1094] = "fixed-version: Fixed from version 4.17rc1"
-
-CVE_STATUS[CVE-2018-10940] = "fixed-version: Fixed from version 4.17rc3"
-
-CVE_STATUS[CVE-2018-1095] = "fixed-version: Fixed from version 4.17rc1"
-
-CVE_STATUS[CVE-2018-1108] = "fixed-version: Fixed from version 4.17rc2"
-
-CVE_STATUS[CVE-2018-1118] = "fixed-version: Fixed from version 4.18rc1"
-
-CVE_STATUS[CVE-2018-1120] = "fixed-version: Fixed from version 4.17rc6"
-
-# CVE-2018-1121 has no known resolution
-
-CVE_STATUS[CVE-2018-11232] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2018-1128] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-1129] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-1130] = "fixed-version: Fixed from version 4.16rc7"
-
-CVE_STATUS[CVE-2018-11412] = "fixed-version: Fixed from version 4.18rc1"
-
-CVE_STATUS[CVE-2018-11506] = "fixed-version: Fixed from version 4.17rc7"
-
-CVE_STATUS[CVE-2018-11508] = "fixed-version: Fixed from version 4.17rc5"
-
-# CVE-2018-11987 has no known resolution
-
-CVE_STATUS[CVE-2018-12126] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2018-12127] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2018-12130] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2018-12207] = "fixed-version: Fixed from version 5.4rc2"
-
-CVE_STATUS[CVE-2018-12232] = "fixed-version: Fixed from version 4.18rc1"
-
-CVE_STATUS[CVE-2018-12233] = "fixed-version: Fixed from version 4.18rc2"
-
-CVE_STATUS[CVE-2018-12633] = "fixed-version: Fixed from version 4.18rc1"
-
-CVE_STATUS[CVE-2018-12714] = "fixed-version: Fixed from version 4.18rc2"
-
-CVE_STATUS[CVE-2018-12896] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-12904] = "fixed-version: Fixed from version 4.18rc1"
-
-# CVE-2018-12928 has no known resolution
-
-# CVE-2018-12929 has no known resolution
-
-# CVE-2018-12930 has no known resolution
-
-# CVE-2018-12931 has no known resolution
-
-CVE_STATUS[CVE-2018-13053] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-13093] = "fixed-version: Fixed from version 4.18rc1"
-
-CVE_STATUS[CVE-2018-13094] = "fixed-version: Fixed from version 4.18rc1"
-
-CVE_STATUS[CVE-2018-13095] = "fixed-version: Fixed from version 4.18rc3"
-
-CVE_STATUS[CVE-2018-13096] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-13097] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-13098] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-13099] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-13100] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-13405] = "fixed-version: Fixed from version 4.18rc4"
-
-CVE_STATUS[CVE-2018-13406] = "fixed-version: Fixed from version 4.18rc1"
-
-CVE_STATUS[CVE-2018-14609] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-14610] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-14611] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-14612] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-14613] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-14614] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-14615] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-14616] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-14617] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-14619] = "fixed-version: Fixed from version 4.15rc4"
-
-CVE_STATUS[CVE-2018-14625] = "fixed-version: Fixed from version 4.20rc6"
-
-CVE_STATUS[CVE-2018-14633] = "fixed-version: Fixed from version 4.19rc6"
-
-CVE_STATUS[CVE-2018-14634] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2018-14641] = "fixed-version: Fixed from version 4.19rc4"
-
-CVE_STATUS[CVE-2018-14646] = "fixed-version: Fixed from version 4.15rc8"
-
-CVE_STATUS[CVE-2018-14656] = "fixed-version: Fixed from version 4.19rc2"
-
-CVE_STATUS[CVE-2018-14678] = "fixed-version: Fixed from version 4.18rc8"
-
-CVE_STATUS[CVE-2018-14734] = "fixed-version: Fixed from version 4.18rc1"
-
-CVE_STATUS[CVE-2018-15471] = "fixed-version: Fixed from version 4.19rc7"
-
-CVE_STATUS[CVE-2018-15572] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-15594] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-16276] = "fixed-version: Fixed from version 4.18rc5"
-
-CVE_STATUS[CVE-2018-16597] = "fixed-version: Fixed from version 4.8rc1"
-
-CVE_STATUS[CVE-2018-16658] = "fixed-version: Fixed from version 4.19rc2"
-
-CVE_STATUS[CVE-2018-16862] = "fixed-version: Fixed from version 4.20rc5"
-
-CVE_STATUS[CVE-2018-16871] = "fixed-version: Fixed from version 4.20rc3"
-
-CVE_STATUS[CVE-2018-16880] = "fixed-version: Fixed from version 5.0rc5"
-
-CVE_STATUS[CVE-2018-16882] = "fixed-version: Fixed from version 4.20"
-
-CVE_STATUS[CVE-2018-16884] = "fixed-version: Fixed from version 5.0rc1"
-
-# CVE-2018-16885 has no known resolution
-
-CVE_STATUS[CVE-2018-17182] = "fixed-version: Fixed from version 4.19rc4"
-
-CVE_STATUS[CVE-2018-17972] = "fixed-version: Fixed from version 4.19rc7"
-
-# CVE-2018-17977 has no known resolution
-
-CVE_STATUS[CVE-2018-18021] = "fixed-version: Fixed from version 4.19rc7"
-
-CVE_STATUS[CVE-2018-18281] = "fixed-version: Fixed from version 4.19"
-
-CVE_STATUS[CVE-2018-18386] = "fixed-version: Fixed from version 4.15rc6"
-
-CVE_STATUS[CVE-2018-18397] = "fixed-version: Fixed from version 4.20rc5"
-
-CVE_STATUS[CVE-2018-18445] = "fixed-version: Fixed from version 4.19rc7"
-
-CVE_STATUS[CVE-2018-18559] = "fixed-version: Fixed from version 4.15rc2"
-
-# CVE-2018-18653 has no known resolution
-
-CVE_STATUS[CVE-2018-18690] = "fixed-version: Fixed from version 4.17rc4"
-
-CVE_STATUS[CVE-2018-18710] = "fixed-version: Fixed from version 4.20rc1"
-
-CVE_STATUS[CVE-2018-18955] = "fixed-version: Fixed from version 4.20rc2"
-
-CVE_STATUS[CVE-2018-19406] = "fixed-version: Fixed from version 4.20rc5"
-
-CVE_STATUS[CVE-2018-19407] = "fixed-version: Fixed from version 4.20rc5"
-
-CVE_STATUS[CVE-2018-19824] = "fixed-version: Fixed from version 4.20rc6"
-
-CVE_STATUS[CVE-2018-19854] = "fixed-version: Fixed from version 4.20rc3"
-
-CVE_STATUS[CVE-2018-19985] = "fixed-version: Fixed from version 4.20"
-
-CVE_STATUS[CVE-2018-20169] = "fixed-version: Fixed from version 4.20rc6"
-
-CVE_STATUS[CVE-2018-20449] = "fixed-version: Fixed from version 4.15rc2"
-
-CVE_STATUS[CVE-2018-20509] = "fixed-version: Fixed from version 4.14rc1"
-
-CVE_STATUS[CVE-2018-20510] = "fixed-version: Fixed from version 4.16rc3"
-
-CVE_STATUS[CVE-2018-20511] = "fixed-version: Fixed from version 4.19rc5"
-
-CVE_STATUS[CVE-2018-20669] = "fixed-version: Fixed from version 5.0rc1"
-
-CVE_STATUS[CVE-2018-20784] = "fixed-version: Fixed from version 5.0rc1"
-
-CVE_STATUS[CVE-2018-20836] = "fixed-version: Fixed from version 4.20rc1"
-
-CVE_STATUS[CVE-2018-20854] = "fixed-version: Fixed from version 4.20rc1"
-
-CVE_STATUS[CVE-2018-20855] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-20856] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-20961] = "fixed-version: Fixed from version 4.17rc1"
-
-CVE_STATUS[CVE-2018-20976] = "fixed-version: Fixed from version 4.18rc1"
-
-CVE_STATUS[CVE-2018-21008] = "fixed-version: Fixed from version 4.18rc1"
-
-CVE_STATUS[CVE-2018-25015] = "fixed-version: Fixed from version 4.15rc9"
-
-CVE_STATUS[CVE-2018-25020] = "fixed-version: Fixed from version 4.17rc7"
-
-# CVE-2018-3574 has no known resolution
-
-CVE_STATUS[CVE-2018-3620] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-3639] = "fixed-version: Fixed from version 4.17rc7"
-
-CVE_STATUS[CVE-2018-3646] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-3665] = "fixed-version: Fixed from version 3.7rc1"
-
-CVE_STATUS[CVE-2018-3693] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-5332] = "fixed-version: Fixed from version 4.15rc8"
-
-CVE_STATUS[CVE-2018-5333] = "fixed-version: Fixed from version 4.15rc8"
-
-CVE_STATUS[CVE-2018-5344] = "fixed-version: Fixed from version 4.15rc8"
-
-CVE_STATUS[CVE-2018-5390] = "fixed-version: Fixed from version 4.18rc7"
-
-CVE_STATUS[CVE-2018-5391] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-5703] = "fixed-version: Fixed from version 4.16rc5"
-
-CVE_STATUS[CVE-2018-5750] = "fixed-version: Fixed from version 4.16rc1"
-
-CVE_STATUS[CVE-2018-5803] = "fixed-version: Fixed from version 4.16rc1"
-
-CVE_STATUS[CVE-2018-5814] = "fixed-version: Fixed from version 4.17rc6"
-
-CVE_STATUS[CVE-2018-5848] = "fixed-version: Fixed from version 4.16rc1"
-
-# Skipping CVE-2018-5856, no affected_versions
-
-CVE_STATUS[CVE-2018-5873] = "fixed-version: Fixed from version 4.11rc8"
-
-CVE_STATUS[CVE-2018-5953] = "fixed-version: Fixed from version 4.15rc2"
-
-CVE_STATUS[CVE-2018-5995] = "fixed-version: Fixed from version 4.15rc2"
-
-CVE_STATUS[CVE-2018-6412] = "fixed-version: Fixed from version 4.16rc5"
-
-CVE_STATUS[CVE-2018-6554] = "fixed-version: Fixed from version 4.17rc1"
-
-CVE_STATUS[CVE-2018-6555] = "fixed-version: Fixed from version 4.17rc1"
-
-# CVE-2018-6559 has no known resolution
-
-CVE_STATUS[CVE-2018-6927] = "fixed-version: Fixed from version 4.15rc9"
-
-CVE_STATUS[CVE-2018-7191] = "fixed-version: Fixed from version 4.14rc6"
-
-CVE_STATUS[CVE-2018-7273] = "fixed-version: Fixed from version 4.15rc2"
-
-CVE_STATUS[CVE-2018-7480] = "fixed-version: Fixed from version 4.11rc1"
-
-CVE_STATUS[CVE-2018-7492] = "fixed-version: Fixed from version 4.15rc3"
-
-CVE_STATUS[CVE-2018-7566] = "fixed-version: Fixed from version 4.16rc2"
-
-CVE_STATUS[CVE-2018-7740] = "fixed-version: Fixed from version 4.16rc7"
-
-CVE_STATUS[CVE-2018-7754] = "fixed-version: Fixed from version 4.15rc2"
-
-CVE_STATUS[CVE-2018-7755] = "fixed-version: Fixed from version 4.19rc5"
-
-CVE_STATUS[CVE-2018-7757] = "fixed-version: Fixed from version 4.16rc1"
-
-CVE_STATUS[CVE-2018-7995] = "fixed-version: Fixed from version 4.16rc5"
-
-CVE_STATUS[CVE-2018-8043] = "fixed-version: Fixed from version 4.16rc1"
-
-CVE_STATUS[CVE-2018-8087] = "fixed-version: Fixed from version 4.16rc1"
-
-CVE_STATUS[CVE-2018-8781] = "fixed-version: Fixed from version 4.16rc7"
-
-CVE_STATUS[CVE-2018-8822] = "fixed-version: Fixed from version 4.16rc7"
-
-CVE_STATUS[CVE-2018-8897] = "fixed-version: Fixed from version 4.16rc7"
-
-CVE_STATUS[CVE-2018-9363] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2018-9385] = "fixed-version: Fixed from version 4.17rc3"
-
-CVE_STATUS[CVE-2018-9415] = "fixed-version: Fixed from version 4.17rc3"
-
-CVE_STATUS[CVE-2018-9422] = "fixed-version: Fixed from version 4.6rc1"
-
-CVE_STATUS[CVE-2018-9465] = "fixed-version: Fixed from version 4.15rc6"
-
-CVE_STATUS[CVE-2018-9516] = "fixed-version: Fixed from version 4.18rc5"
-
-CVE_STATUS[CVE-2018-9517] = "fixed-version: Fixed from version 4.14rc1"
-
-CVE_STATUS[CVE-2018-9518] = "fixed-version: Fixed from version 4.16rc3"
-
-CVE_STATUS[CVE-2018-9568] = "fixed-version: Fixed from version 4.14rc4"
-
-CVE_STATUS[CVE-2019-0136] = "fixed-version: Fixed from version 5.2rc6"
-
-CVE_STATUS[CVE-2019-0145] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-0146] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-0147] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-0148] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-0149] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-0154] = "fixed-version: Fixed from version 5.4rc8"
-
-CVE_STATUS[CVE-2019-0155] = "fixed-version: Fixed from version 5.4rc8"
-
-CVE_STATUS[CVE-2019-10124] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-10125] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-10126] = "fixed-version: Fixed from version 5.2rc6"
-
-# CVE-2019-10140 has no known resolution
-
-CVE_STATUS[CVE-2019-10142] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-10207] = "fixed-version: Fixed from version 5.3rc3"
-
-CVE_STATUS[CVE-2019-10220] = "fixed-version: Fixed from version 5.4rc2"
-
-CVE_STATUS[CVE-2019-10638] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-10639] = "fixed-version: Fixed from version 5.1rc4"
-
-CVE_STATUS[CVE-2019-11085] = "fixed-version: Fixed from version 5.0rc3"
-
-CVE_STATUS[CVE-2019-11091] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-11135] = "fixed-version: Fixed from version 5.4rc8"
-
-CVE_STATUS[CVE-2019-11190] = "fixed-version: Fixed from version 4.8rc5"
-
-CVE_STATUS[CVE-2019-11191] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-1125] = "fixed-version: Fixed from version 5.3rc4"
-
-CVE_STATUS[CVE-2019-11477] = "fixed-version: Fixed from version 5.2rc6"
-
-CVE_STATUS[CVE-2019-11478] = "fixed-version: Fixed from version 5.2rc6"
-
-CVE_STATUS[CVE-2019-11479] = "fixed-version: Fixed from version 5.2rc6"
-
-CVE_STATUS[CVE-2019-11486] = "fixed-version: Fixed from version 5.1rc4"
-
-CVE_STATUS[CVE-2019-11487] = "fixed-version: Fixed from version 5.1rc5"
-
-CVE_STATUS[CVE-2019-11599] = "fixed-version: Fixed from version 5.1rc6"
-
-CVE_STATUS[CVE-2019-11683] = "fixed-version: Fixed from version 5.1"
-
-CVE_STATUS[CVE-2019-11810] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-11811] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-11815] = "fixed-version: Fixed from version 5.1rc4"
-
-CVE_STATUS[CVE-2019-11833] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-11884] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-12378] = "fixed-version: Fixed from version 5.2rc3"
-
-CVE_STATUS[CVE-2019-12379] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-12380] = "fixed-version: Fixed from version 5.2rc3"
-
-CVE_STATUS[CVE-2019-12381] = "fixed-version: Fixed from version 5.2rc3"
-
-CVE_STATUS[CVE-2019-12382] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-12454] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-12455] = "fixed-version: Fixed from version 5.3rc1"
-
-# CVE-2019-12456 has no known resolution
-
-CVE_STATUS[CVE-2019-12614] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-12615] = "fixed-version: Fixed from version 5.2rc4"
-
-CVE_STATUS[CVE-2019-12817] = "fixed-version: Fixed from version 5.2rc7"
-
-CVE_STATUS[CVE-2019-12818] = "fixed-version: Fixed from version 5.0"
-
-CVE_STATUS[CVE-2019-12819] = "fixed-version: Fixed from version 5.0rc8"
-
-CVE_STATUS[CVE-2019-12881] = "fixed-version: Fixed from version 4.18rc1"
-
-CVE_STATUS[CVE-2019-12984] = "fixed-version: Fixed from version 5.2rc6"
-
-CVE_STATUS[CVE-2019-13233] = "fixed-version: Fixed from version 5.2rc4"
-
-CVE_STATUS[CVE-2019-13272] = "fixed-version: Fixed from version 5.2"
-
-CVE_STATUS[CVE-2019-13631] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-13648] = "fixed-version: Fixed from version 5.3rc2"
-
-CVE_STATUS[CVE-2019-14283] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-14284] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-14615] = "fixed-version: Fixed from version 5.5rc7"
-
-CVE_STATUS[CVE-2019-14763] = "fixed-version: Fixed from version 4.17rc1"
-
-CVE_STATUS[CVE-2019-14814] = "fixed-version: Fixed from version 5.3"
-
-CVE_STATUS[CVE-2019-14815] = "fixed-version: Fixed from version 5.3"
-
-CVE_STATUS[CVE-2019-14816] = "fixed-version: Fixed from version 5.3"
-
-CVE_STATUS[CVE-2019-14821] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-14835] = "fixed-version: Fixed from version 5.3"
-
-CVE_STATUS[CVE-2019-14895] = "fixed-version: Fixed from version 5.5rc3"
-
-CVE_STATUS[CVE-2019-14896] = "fixed-version: Fixed from version 5.5"
-
-CVE_STATUS[CVE-2019-14897] = "fixed-version: Fixed from version 5.5"
-
-# CVE-2019-14898 has no known resolution
-
-CVE_STATUS[CVE-2019-14901] = "fixed-version: Fixed from version 5.5rc3"
-
-CVE_STATUS[CVE-2019-15030] = "fixed-version: Fixed from version 5.3rc8"
-
-CVE_STATUS[CVE-2019-15031] = "fixed-version: Fixed from version 5.3rc8"
-
-CVE_STATUS[CVE-2019-15090] = "fixed-version: Fixed from version 5.2rc2"
-
-CVE_STATUS[CVE-2019-15098] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-15099] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-15117] = "fixed-version: Fixed from version 5.3rc5"
-
-CVE_STATUS[CVE-2019-15118] = "fixed-version: Fixed from version 5.3rc5"
-
-CVE_STATUS[CVE-2019-15211] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-15212] = "fixed-version: Fixed from version 5.2rc3"
-
-CVE_STATUS[CVE-2019-15213] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-15214] = "fixed-version: Fixed from version 5.1rc6"
-
-CVE_STATUS[CVE-2019-15215] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-15216] = "fixed-version: Fixed from version 5.1"
-
-CVE_STATUS[CVE-2019-15217] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-15218] = "fixed-version: Fixed from version 5.2rc3"
-
-CVE_STATUS[CVE-2019-15219] = "fixed-version: Fixed from version 5.2rc3"
-
-CVE_STATUS[CVE-2019-15220] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-15221] = "fixed-version: Fixed from version 5.2"
-
-CVE_STATUS[CVE-2019-15222] = "fixed-version: Fixed from version 5.3rc3"
-
-CVE_STATUS[CVE-2019-15223] = "fixed-version: Fixed from version 5.2rc3"
-
-# CVE-2019-15239 has no known resolution
-
-# CVE-2019-15290 has no known resolution
-
-CVE_STATUS[CVE-2019-15291] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-15292] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-15504] = "fixed-version: Fixed from version 5.3"
-
-CVE_STATUS[CVE-2019-15505] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-15538] = "fixed-version: Fixed from version 5.3rc6"
-
-CVE_STATUS[CVE-2019-15666] = "fixed-version: Fixed from version 5.1"
-
-# CVE-2019-15791 has no known resolution
-
-# CVE-2019-15792 has no known resolution
-
-# CVE-2019-15793 has no known resolution
-
-CVE_STATUS[CVE-2019-15794] = "fixed-version: Fixed from version 5.12"
-
-CVE_STATUS[CVE-2019-15807] = "fixed-version: Fixed from version 5.2rc3"
-
-# CVE-2019-15902 has no known resolution
-
-CVE_STATUS[CVE-2019-15916] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-15917] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-15918] = "fixed-version: Fixed from version 5.1rc6"
-
-CVE_STATUS[CVE-2019-15919] = "fixed-version: Fixed from version 5.1rc6"
-
-CVE_STATUS[CVE-2019-15920] = "fixed-version: Fixed from version 5.1rc6"
-
-CVE_STATUS[CVE-2019-15921] = "fixed-version: Fixed from version 5.1rc3"
-
-CVE_STATUS[CVE-2019-15922] = "fixed-version: Fixed from version 5.1rc4"
-
-CVE_STATUS[CVE-2019-15923] = "fixed-version: Fixed from version 5.1rc4"
-
-CVE_STATUS[CVE-2019-15924] = "fixed-version: Fixed from version 5.1rc4"
-
-CVE_STATUS[CVE-2019-15925] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-15926] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-15927] = "fixed-version: Fixed from version 5.0rc2"
-
-# CVE-2019-16089 has no known resolution
-
-CVE_STATUS[CVE-2019-16229] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-16230] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-16231] = "fixed-version: Fixed from version 5.4rc6"
-
-CVE_STATUS[CVE-2019-16232] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-16233] = "fixed-version: Fixed from version 5.4rc5"
-
-CVE_STATUS[CVE-2019-16234] = "fixed-version: Fixed from version 5.4rc4"
-
-CVE_STATUS[CVE-2019-16413] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-16714] = "fixed-version: Fixed from version 5.3rc7"
-
-CVE_STATUS[CVE-2019-16746] = "fixed-version: Fixed from version 5.4rc2"
-
-CVE_STATUS[CVE-2019-16921] = "fixed-version: Fixed from version 4.17rc1"
-
-CVE_STATUS[CVE-2019-16994] = "fixed-version: Fixed from version 5.0"
-
-CVE_STATUS[CVE-2019-16995] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-17052] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-17053] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-17054] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-17055] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-17056] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-17075] = "fixed-version: Fixed from version 5.4rc3"
-
-CVE_STATUS[CVE-2019-17133] = "fixed-version: Fixed from version 5.4rc4"
-
-CVE_STATUS[CVE-2019-17351] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-17666] = "fixed-version: Fixed from version 5.4rc6"
-
-CVE_STATUS[CVE-2019-18198] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-18282] = "fixed-version: Fixed from version 5.4rc6"
-
-CVE_STATUS[CVE-2019-18660] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-18675] = "fixed-version: Fixed from version 4.17rc5"
-
-# CVE-2019-18680 has no known resolution
-
-CVE_STATUS[CVE-2019-18683] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-18786] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-18805] = "fixed-version: Fixed from version 5.1rc7"
-
-CVE_STATUS[CVE-2019-18806] = "fixed-version: Fixed from version 5.4rc2"
-
-CVE_STATUS[CVE-2019-18807] = "fixed-version: Fixed from version 5.4rc2"
-
-CVE_STATUS[CVE-2019-18808] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-18809] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-18810] = "fixed-version: Fixed from version 5.4rc2"
-
-CVE_STATUS[CVE-2019-18811] = "fixed-version: Fixed from version 5.4rc7"
-
-CVE_STATUS[CVE-2019-18812] = "fixed-version: Fixed from version 5.4rc7"
-
-CVE_STATUS[CVE-2019-18813] = "fixed-version: Fixed from version 5.4rc6"
-
-CVE_STATUS[CVE-2019-18814] = "fixed-version: Fixed from version 5.7rc7"
-
-CVE_STATUS[CVE-2019-18885] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-19036] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-19037] = "fixed-version: Fixed from version 5.5rc3"
-
-CVE_STATUS[CVE-2019-19039] = "fixed-version: Fixed from version 5.7rc1"
-
-CVE_STATUS[CVE-2019-19043] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19044] = "fixed-version: Fixed from version 5.4rc6"
-
-CVE_STATUS[CVE-2019-19045] = "fixed-version: Fixed from version 5.4rc6"
-
-CVE_STATUS[CVE-2019-19046] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19047] = "fixed-version: Fixed from version 5.4rc6"
-
-CVE_STATUS[CVE-2019-19048] = "fixed-version: Fixed from version 5.4rc3"
-
-CVE_STATUS[CVE-2019-19049] = "fixed-version: Fixed from version 5.4rc5"
-
-CVE_STATUS[CVE-2019-19050] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19051] = "fixed-version: Fixed from version 5.4rc6"
-
-CVE_STATUS[CVE-2019-19052] = "fixed-version: Fixed from version 5.4rc7"
-
-CVE_STATUS[CVE-2019-19053] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19054] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19055] = "fixed-version: Fixed from version 5.4rc4"
-
-CVE_STATUS[CVE-2019-19056] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19057] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19058] = "fixed-version: Fixed from version 5.4rc4"
-
-CVE_STATUS[CVE-2019-19059] = "fixed-version: Fixed from version 5.4rc4"
-
-CVE_STATUS[CVE-2019-19060] = "fixed-version: Fixed from version 5.4rc3"
-
-CVE_STATUS[CVE-2019-19061] = "fixed-version: Fixed from version 5.4rc3"
-
-CVE_STATUS[CVE-2019-19062] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19063] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19064] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19065] = "fixed-version: Fixed from version 5.4rc3"
-
-CVE_STATUS[CVE-2019-19066] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19067] = "fixed-version: Fixed from version 5.4rc2"
-
-CVE_STATUS[CVE-2019-19068] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19069] = "fixed-version: Fixed from version 5.4rc3"
-
-CVE_STATUS[CVE-2019-19070] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19071] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19072] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-19073] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-19074] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-19075] = "fixed-version: Fixed from version 5.4rc2"
-
-CVE_STATUS[CVE-2019-19076] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-19077] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-19078] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19079] = "fixed-version: Fixed from version 5.3"
-
-CVE_STATUS[CVE-2019-19080] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-19081] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-19082] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-19083] = "fixed-version: Fixed from version 5.4rc2"
-
-CVE_STATUS[CVE-2019-19227] = "fixed-version: Fixed from version 5.1rc3"
-
-CVE_STATUS[CVE-2019-19241] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19252] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19318] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-19319] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-19332] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19338] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19377] = "fixed-version: Fixed from version 5.7rc1"
-
-# CVE-2019-19378 has no known resolution
-
-CVE_STATUS[CVE-2019-19447] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19448] = "fixed-version: Fixed from version 5.9rc1"
-
-CVE_STATUS[CVE-2019-19449] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2019-19462] = "fixed-version: Fixed from version 5.8rc1"
-
-CVE_STATUS[CVE-2019-19523] = "fixed-version: Fixed from version 5.4rc3"
-
-CVE_STATUS[CVE-2019-19524] = "fixed-version: Fixed from version 5.4rc8"
-
-CVE_STATUS[CVE-2019-19525] = "fixed-version: Fixed from version 5.4rc2"
-
-CVE_STATUS[CVE-2019-19526] = "fixed-version: Fixed from version 5.4rc4"
-
-CVE_STATUS[CVE-2019-19527] = "fixed-version: Fixed from version 5.3rc4"
-
-CVE_STATUS[CVE-2019-19528] = "fixed-version: Fixed from version 5.4rc3"
-
-CVE_STATUS[CVE-2019-19529] = "fixed-version: Fixed from version 5.4rc7"
-
-CVE_STATUS[CVE-2019-19530] = "fixed-version: Fixed from version 5.3rc5"
-
-CVE_STATUS[CVE-2019-19531] = "fixed-version: Fixed from version 5.3rc4"
-
-CVE_STATUS[CVE-2019-19532] = "fixed-version: Fixed from version 5.4rc6"
-
-CVE_STATUS[CVE-2019-19533] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-19534] = "fixed-version: Fixed from version 5.4rc7"
-
-CVE_STATUS[CVE-2019-19535] = "fixed-version: Fixed from version 5.3rc4"
-
-CVE_STATUS[CVE-2019-19536] = "fixed-version: Fixed from version 5.3rc4"
-
-CVE_STATUS[CVE-2019-19537] = "fixed-version: Fixed from version 5.3rc5"
-
-CVE_STATUS[CVE-2019-19543] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-19602] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19767] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2019-19768] = "fixed-version: Fixed from version 5.6rc4"
-
-CVE_STATUS[CVE-2019-19769] = "fixed-version: Fixed from version 5.6rc5"
-
-CVE_STATUS[CVE-2019-19770] = "fixed-version: Fixed from version 5.9rc1"
-
-CVE_STATUS[CVE-2019-19807] = "fixed-version: Fixed from version 5.4rc7"
-
-CVE_STATUS[CVE-2019-19813] = "fixed-version: Fixed from version 5.2rc1"
-
-# CVE-2019-19814 has no known resolution
-
-CVE_STATUS[CVE-2019-19815] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2019-19816] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-19922] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-19927] = "fixed-version: Fixed from version 5.1rc6"
-
-CVE_STATUS[CVE-2019-19947] = "fixed-version: Fixed from version 5.5rc3"
-
-CVE_STATUS[CVE-2019-19965] = "fixed-version: Fixed from version 5.5rc2"
-
-CVE_STATUS[CVE-2019-19966] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-1999] = "fixed-version: Fixed from version 5.1rc3"
-
-CVE_STATUS[CVE-2019-20054] = "fixed-version: Fixed from version 5.1rc3"
-
-CVE_STATUS[CVE-2019-20095] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-20096] = "fixed-version: Fixed from version 5.1rc4"
-
-CVE_STATUS[CVE-2019-2024] = "fixed-version: Fixed from version 4.16rc1"
-
-CVE_STATUS[CVE-2019-2025] = "fixed-version: Fixed from version 4.20rc5"
-
-CVE_STATUS[CVE-2019-20422] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-2054] = "fixed-version: Fixed from version 4.8rc1"
-
-CVE_STATUS[CVE-2019-20636] = "fixed-version: Fixed from version 5.5rc6"
-
-# CVE-2019-20794 has no known resolution
-
-CVE_STATUS[CVE-2019-20806] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-20810] = "fixed-version: Fixed from version 5.6rc1"
-
-CVE_STATUS[CVE-2019-20811] = "fixed-version: Fixed from version 5.1rc3"
-
-CVE_STATUS[CVE-2019-20812] = "fixed-version: Fixed from version 5.5rc3"
-
-CVE_STATUS[CVE-2019-20908] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2019-20934] = "fixed-version: Fixed from version 5.3rc2"
-
-CVE_STATUS[CVE-2019-2101] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-2181] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-2182] = "fixed-version: Fixed from version 4.16rc3"
-
-CVE_STATUS[CVE-2019-2213] = "fixed-version: Fixed from version 5.2rc6"
-
-CVE_STATUS[CVE-2019-2214] = "fixed-version: Fixed from version 5.3rc2"
-
-CVE_STATUS[CVE-2019-2215] = "fixed-version: Fixed from version 4.16rc1"
-
-CVE_STATUS[CVE-2019-25044] = "fixed-version: Fixed from version 5.2rc4"
-
-CVE_STATUS[CVE-2019-25045] = "fixed-version: Fixed from version 5.1"
-
-CVE_STATUS[CVE-2019-3016] = "fixed-version: Fixed from version 5.6rc1"
-
-CVE_STATUS[CVE-2019-3459] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-3460] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-3701] = "fixed-version: Fixed from version 5.0rc3"
-
-CVE_STATUS[CVE-2019-3819] = "fixed-version: Fixed from version 5.0rc6"
-
-CVE_STATUS[CVE-2019-3837] = "fixed-version: Fixed from version 3.18rc1"
-
-CVE_STATUS[CVE-2019-3846] = "fixed-version: Fixed from version 5.2rc6"
-
-CVE_STATUS[CVE-2019-3874] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-3882] = "fixed-version: Fixed from version 5.1rc4"
-
-CVE_STATUS[CVE-2019-3887] = "fixed-version: Fixed from version 5.1rc4"
-
-CVE_STATUS[CVE-2019-3892] = "fixed-version: Fixed from version 5.1rc6"
-
-CVE_STATUS[CVE-2019-3896] = "fixed-version: Fixed from version 2.6.35rc1"
-
-CVE_STATUS[CVE-2019-3900] = "fixed-version: Fixed from version 5.2rc4"
-
-CVE_STATUS[CVE-2019-3901] = "fixed-version: Fixed from version 4.6rc6"
-
-CVE_STATUS[CVE-2019-5108] = "fixed-version: Fixed from version 5.3"
-
-# Skipping CVE-2019-5489, no affected_versions
-
-CVE_STATUS[CVE-2019-6133] = "fixed-version: Fixed from version 5.0rc2"
-
-CVE_STATUS[CVE-2019-6974] = "fixed-version: Fixed from version 5.0rc6"
-
-CVE_STATUS[CVE-2019-7221] = "fixed-version: Fixed from version 5.0rc6"
-
-CVE_STATUS[CVE-2019-7222] = "fixed-version: Fixed from version 5.0rc6"
-
-CVE_STATUS[CVE-2019-7308] = "fixed-version: Fixed from version 5.0rc3"
-
-CVE_STATUS[CVE-2019-8912] = "fixed-version: Fixed from version 5.0rc8"
-
-CVE_STATUS[CVE-2019-8956] = "fixed-version: Fixed from version 5.0rc6"
-
-CVE_STATUS[CVE-2019-8980] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-9003] = "fixed-version: Fixed from version 5.0rc4"
-
-CVE_STATUS[CVE-2019-9162] = "fixed-version: Fixed from version 5.0rc7"
-
-CVE_STATUS[CVE-2019-9213] = "fixed-version: Fixed from version 5.0"
-
-CVE_STATUS[CVE-2019-9245] = "fixed-version: Fixed from version 5.0rc1"
-
-CVE_STATUS[CVE-2019-9444] = "fixed-version: Fixed from version 4.15rc2"
-
-CVE_STATUS[CVE-2019-9445] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-9453] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2019-9454] = "fixed-version: Fixed from version 4.15rc9"
-
-CVE_STATUS[CVE-2019-9455] = "fixed-version: Fixed from version 5.0rc1"
-
-CVE_STATUS[CVE-2019-9456] = "fixed-version: Fixed from version 4.16rc6"
-
-CVE_STATUS[CVE-2019-9457] = "fixed-version: Fixed from version 4.13rc1"
-
-CVE_STATUS[CVE-2019-9458] = "fixed-version: Fixed from version 4.19rc7"
-
-CVE_STATUS[CVE-2019-9466] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-9500] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-9503] = "fixed-version: Fixed from version 5.1rc1"
-
-CVE_STATUS[CVE-2019-9506] = "fixed-version: Fixed from version 5.2"
-
-CVE_STATUS[CVE-2019-9857] = "fixed-version: Fixed from version 5.1rc2"
-
-CVE_STATUS[CVE-2020-0009] = "fixed-version: Fixed from version 5.6rc3"
-
-CVE_STATUS[CVE-2020-0030] = "fixed-version: Fixed from version 4.16rc3"
-
-CVE_STATUS[CVE-2020-0041] = "fixed-version: Fixed from version 5.5rc2"
-
-CVE_STATUS[CVE-2020-0066] = "fixed-version: Fixed from version 4.3rc7"
-
-CVE_STATUS[CVE-2020-0067] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2020-0110] = "fixed-version: Fixed from version 5.6rc2"
-
-CVE_STATUS[CVE-2020-0255] = "fixed-version: Fixed from version 5.7rc4"
-
-CVE_STATUS[CVE-2020-0305] = "fixed-version: Fixed from version 5.5rc6"
-
-# CVE-2020-0347 has no known resolution
-
-CVE_STATUS[CVE-2020-0404] = "fixed-version: Fixed from version 5.6rc1"
-
-CVE_STATUS[CVE-2020-0423] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2020-0427] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2020-0429] = "fixed-version: Fixed from version 4.14rc4"
-
-CVE_STATUS[CVE-2020-0430] = "fixed-version: Fixed from version 4.18rc1"
-
-CVE_STATUS[CVE-2020-0431] = "fixed-version: Fixed from version 5.5rc6"
-
-CVE_STATUS[CVE-2020-0432] = "fixed-version: Fixed from version 5.6rc1"
-
-CVE_STATUS[CVE-2020-0433] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2020-0435] = "fixed-version: Fixed from version 4.19rc1"
-
-CVE_STATUS[CVE-2020-0444] = "fixed-version: Fixed from version 5.6rc4"
-
-CVE_STATUS[CVE-2020-0465] = "fixed-version: Fixed from version 5.9rc4"
-
-CVE_STATUS[CVE-2020-0466] = "fixed-version: Fixed from version 5.9rc2"
-
-CVE_STATUS[CVE-2020-0543] = "fixed-version: Fixed from version 5.8rc1"
-
-CVE_STATUS[CVE-2020-10135] = "fixed-version: Fixed from version 5.8rc1"
-
-CVE_STATUS[CVE-2020-10690] = "fixed-version: Fixed from version 5.5rc5"
-
-# CVE-2020-10708 has no known resolution
-
-CVE_STATUS[CVE-2020-10711] = "fixed-version: Fixed from version 5.7rc6"
-
-CVE_STATUS[CVE-2020-10720] = "fixed-version: Fixed from version 5.2rc3"
-
-CVE_STATUS[CVE-2020-10732] = "fixed-version: Fixed from version 5.7"
-
-CVE_STATUS[CVE-2020-10742] = "fixed-version: Fixed from version 3.16rc1"
-
-CVE_STATUS[CVE-2020-10751] = "fixed-version: Fixed from version 5.7rc4"
-
-CVE_STATUS[CVE-2020-10757] = "fixed-version: Fixed from version 5.8rc1"
-
-CVE_STATUS[CVE-2020-10766] = "fixed-version: Fixed from version 5.8rc1"
-
-CVE_STATUS[CVE-2020-10767] = "fixed-version: Fixed from version 5.8rc1"
-
-CVE_STATUS[CVE-2020-10768] = "fixed-version: Fixed from version 5.8rc1"
-
-CVE_STATUS[CVE-2020-10769] = "fixed-version: Fixed from version 5.0rc3"
-
-CVE_STATUS[CVE-2020-10773] = "fixed-version: Fixed from version 5.4rc6"
-
-# CVE-2020-10774 has no known resolution
-
-CVE_STATUS[CVE-2020-10781] = "fixed-version: Fixed from version 5.8rc6"
-
-CVE_STATUS[CVE-2020-10942] = "fixed-version: Fixed from version 5.6rc4"
-
-CVE_STATUS[CVE-2020-11494] = "fixed-version: Fixed from version 5.7rc1"
-
-CVE_STATUS[CVE-2020-11565] = "fixed-version: Fixed from version 5.7rc1"
-
-CVE_STATUS[CVE-2020-11608] = "fixed-version: Fixed from version 5.7rc1"
-
-CVE_STATUS[CVE-2020-11609] = "fixed-version: Fixed from version 5.7rc1"
-
-CVE_STATUS[CVE-2020-11668] = "fixed-version: Fixed from version 5.7rc1"
-
-CVE_STATUS[CVE-2020-11669] = "fixed-version: Fixed from version 5.2rc1"
-
-# CVE-2020-11725 has no known resolution
-
-CVE_STATUS[CVE-2020-11884] = "fixed-version: Fixed from version 5.7rc4"
-
-# CVE-2020-11935 has no known resolution
-
-CVE_STATUS[CVE-2020-12114] = "fixed-version: Fixed from version 5.3rc1"
-
-CVE_STATUS[CVE-2020-12351] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2020-12352] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2020-12362] = "fixed-version: Fixed from version 5.11rc1"
-
-CVE_STATUS[CVE-2020-12363] = "fixed-version: Fixed from version 5.11rc1"
-
-CVE_STATUS[CVE-2020-12364] = "fixed-version: Fixed from version 5.11rc1"
-
-CVE_STATUS[CVE-2020-12464] = "fixed-version: Fixed from version 5.7rc3"
-
-CVE_STATUS[CVE-2020-12465] = "fixed-version: Fixed from version 5.6rc6"
-
-CVE_STATUS[CVE-2020-12652] = "fixed-version: Fixed from version 5.5rc7"
-
-CVE_STATUS[CVE-2020-12653] = "fixed-version: Fixed from version 5.6rc1"
-
-CVE_STATUS[CVE-2020-12654] = "fixed-version: Fixed from version 5.6rc1"
-
-CVE_STATUS[CVE-2020-12655] = "fixed-version: Fixed from version 5.7rc1"
-
-CVE_STATUS[CVE-2020-12656] = "fixed-version: Fixed from version 5.8rc1"
-
-CVE_STATUS[CVE-2020-12657] = "fixed-version: Fixed from version 5.7rc1"
-
-CVE_STATUS[CVE-2020-12659] = "fixed-version: Fixed from version 5.7rc2"
-
-CVE_STATUS[CVE-2020-12768] = "fixed-version: Fixed from version 5.6rc4"
-
-CVE_STATUS[CVE-2020-12769] = "fixed-version: Fixed from version 5.5rc6"
-
-CVE_STATUS[CVE-2020-12770] = "fixed-version: Fixed from version 5.7rc3"
-
-CVE_STATUS[CVE-2020-12771] = "fixed-version: Fixed from version 5.8rc2"
-
-CVE_STATUS[CVE-2020-12826] = "fixed-version: Fixed from version 5.7rc1"
-
-CVE_STATUS[CVE-2020-12888] = "fixed-version: Fixed from version 5.8rc1"
-
-CVE_STATUS[CVE-2020-12912] = "fixed-version: Fixed from version 5.10rc4"
-
-CVE_STATUS[CVE-2020-13143] = "fixed-version: Fixed from version 5.7rc6"
-
-CVE_STATUS[CVE-2020-13974] = "fixed-version: Fixed from version 5.8rc1"
-
-# CVE-2020-14304 has no known resolution
-
-CVE_STATUS[CVE-2020-14305] = "fixed-version: Fixed from version 4.12rc1"
-
-CVE_STATUS[CVE-2020-14314] = "fixed-version: Fixed from version 5.9rc2"
-
-CVE_STATUS[CVE-2020-14331] = "fixed-version: Fixed from version 5.9rc1"
-
-CVE_STATUS[CVE-2020-14351] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2020-14353] = "fixed-version: Fixed from version 4.14rc3"
-
-CVE_STATUS[CVE-2020-14356] = "fixed-version: Fixed from version 5.8rc5"
-
-CVE_STATUS[CVE-2020-14381] = "fixed-version: Fixed from version 5.6rc6"
-
-CVE_STATUS[CVE-2020-14385] = "fixed-version: Fixed from version 5.9rc4"
-
-CVE_STATUS[CVE-2020-14386] = "fixed-version: Fixed from version 5.9rc4"
-
-CVE_STATUS[CVE-2020-14390] = "fixed-version: Fixed from version 5.9rc6"
-
-CVE_STATUS[CVE-2020-14416] = "fixed-version: Fixed from version 5.5"
-
-CVE_STATUS[CVE-2020-15393] = "fixed-version: Fixed from version 5.8rc3"
-
-CVE_STATUS[CVE-2020-15436] = "fixed-version: Fixed from version 5.8rc2"
-
-CVE_STATUS[CVE-2020-15437] = "fixed-version: Fixed from version 5.8rc7"
-
-CVE_STATUS[CVE-2020-15780] = "fixed-version: Fixed from version 5.8rc3"
-
-# CVE-2020-15802 has no known resolution
-
-CVE_STATUS[CVE-2020-15852] = "fixed-version: Fixed from version 5.8rc6"
-
-CVE_STATUS[CVE-2020-16119] = "fixed-version: Fixed from version 5.15rc2"
-
-CVE_STATUS[CVE-2020-16120] = "fixed-version: Fixed from version 5.8rc1"
-
-CVE_STATUS[CVE-2020-16166] = "fixed-version: Fixed from version 5.8"
-
-CVE_STATUS[CVE-2020-1749] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2020-24394] = "fixed-version: Fixed from version 5.8rc4"
-
-CVE_STATUS[CVE-2020-24490] = "fixed-version: Fixed from version 5.8"
-
-# CVE-2020-24502 has no known resolution
-
-# CVE-2020-24503 has no known resolution
-
-CVE_STATUS[CVE-2020-24504] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2020-24586] = "fixed-version: Fixed from version 5.13rc4"
-
-CVE_STATUS[CVE-2020-24587] = "fixed-version: Fixed from version 5.13rc4"
-
-CVE_STATUS[CVE-2020-24588] = "fixed-version: Fixed from version 5.13rc4"
-
-CVE_STATUS[CVE-2020-25211] = "fixed-version: Fixed from version 5.9rc7"
-
-CVE_STATUS[CVE-2020-25212] = "fixed-version: Fixed from version 5.9rc1"
-
-# CVE-2020-25220 has no known resolution
-
-CVE_STATUS[CVE-2020-25221] = "fixed-version: Fixed from version 5.9rc4"
-
-CVE_STATUS[CVE-2020-25284] = "fixed-version: Fixed from version 5.9rc5"
-
-CVE_STATUS[CVE-2020-25285] = "fixed-version: Fixed from version 5.9rc4"
-
-CVE_STATUS[CVE-2020-25639] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2020-25641] = "fixed-version: Fixed from version 5.9rc4"
-
-CVE_STATUS[CVE-2020-25643] = "fixed-version: Fixed from version 5.9rc7"
-
-CVE_STATUS[CVE-2020-25645] = "fixed-version: Fixed from version 5.9rc7"
-
-CVE_STATUS[CVE-2020-25656] = "fixed-version: Fixed from version 5.10rc2"
-
-# CVE-2020-25661 has no known resolution
-
-# CVE-2020-25662 has no known resolution
-
-CVE_STATUS[CVE-2020-25668] = "fixed-version: Fixed from version 5.10rc3"
-
-CVE_STATUS[CVE-2020-25669] = "fixed-version: Fixed from version 5.10rc5"
-
-CVE_STATUS[CVE-2020-25670] = "fixed-version: Fixed from version 5.12rc7"
-
-CVE_STATUS[CVE-2020-25671] = "fixed-version: Fixed from version 5.12rc7"
-
-CVE_STATUS[CVE-2020-25672] = "fixed-version: Fixed from version 5.12rc7"
-
-CVE_STATUS[CVE-2020-25673] = "fixed-version: Fixed from version 5.12rc7"
-
-CVE_STATUS[CVE-2020-25704] = "fixed-version: Fixed from version 5.10rc3"
-
-CVE_STATUS[CVE-2020-25705] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2020-26088] = "fixed-version: Fixed from version 5.9rc1"
-
-CVE_STATUS[CVE-2020-26139] = "fixed-version: Fixed from version 5.13rc4"
-
-# CVE-2020-26140 has no known resolution
-
-CVE_STATUS[CVE-2020-26141] = "fixed-version: Fixed from version 5.13rc4"
-
-# CVE-2020-26142 has no known resolution
-
-# CVE-2020-26143 has no known resolution
-
-CVE_STATUS[CVE-2020-26145] = "fixed-version: Fixed from version 5.13rc4"
-
-CVE_STATUS[CVE-2020-26147] = "fixed-version: Fixed from version 5.13rc4"
-
-CVE_STATUS[CVE-2020-26541] = "fixed-version: Fixed from version 5.13rc1"
-
-CVE_STATUS[CVE-2020-26555] = "fixed-version: Fixed from version 5.13rc1"
-
-# CVE-2020-26556 has no known resolution
-
-# CVE-2020-26557 has no known resolution
-
-CVE_STATUS[CVE-2020-26558] = "fixed-version: Fixed from version 5.13rc1"
-
-# CVE-2020-26559 has no known resolution
-
-# CVE-2020-26560 has no known resolution
-
-CVE_STATUS[CVE-2020-27066] = "fixed-version: Fixed from version 5.6"
-
-CVE_STATUS[CVE-2020-27067] = "fixed-version: Fixed from version 4.14rc4"
-
-CVE_STATUS[CVE-2020-27068] = "fixed-version: Fixed from version 5.6rc2"
-
-CVE_STATUS[CVE-2020-27152] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2020-27170] = "fixed-version: Fixed from version 5.12rc5"
-
-CVE_STATUS[CVE-2020-27171] = "fixed-version: Fixed from version 5.12rc5"
-
-CVE_STATUS[CVE-2020-27194] = "fixed-version: Fixed from version 5.9"
-
-CVE_STATUS[CVE-2020-2732] = "fixed-version: Fixed from version 5.6rc4"
-
-CVE_STATUS[CVE-2020-27418] = "fixed-version: Fixed from version 5.6rc5"
-
-CVE_STATUS[CVE-2020-27673] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2020-27675] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2020-27777] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2020-27784] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2020-27786] = "fixed-version: Fixed from version 5.7rc6"
-
-CVE_STATUS[CVE-2020-27815] = "fixed-version: Fixed from version 5.11rc1"
-
-CVE_STATUS[CVE-2020-27820] = "fixed-version: Fixed from version 5.16rc1"
-
-CVE_STATUS[CVE-2020-27825] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2020-27830] = "fixed-version: Fixed from version 5.10rc7"
-
-CVE_STATUS[CVE-2020-27835] = "fixed-version: Fixed from version 5.10rc6"
-
-CVE_STATUS[CVE-2020-28097] = "fixed-version: Fixed from version 5.9rc6"
-
-CVE_STATUS[CVE-2020-28374] = "fixed-version: Fixed from version 5.11rc4"
-
-CVE_STATUS[CVE-2020-28588] = "fixed-version: Fixed from version 5.10rc7"
-
-CVE_STATUS[CVE-2020-28915] = "fixed-version: Fixed from version 5.9"
-
-CVE_STATUS[CVE-2020-28941] = "fixed-version: Fixed from version 5.10rc5"
-
-CVE_STATUS[CVE-2020-28974] = "fixed-version: Fixed from version 5.10rc3"
-
-CVE_STATUS[CVE-2020-29368] = "fixed-version: Fixed from version 5.8rc1"
-
-CVE_STATUS[CVE-2020-29369] = "fixed-version: Fixed from version 5.8rc7"
-
-CVE_STATUS[CVE-2020-29370] = "fixed-version: Fixed from version 5.6rc7"
-
-CVE_STATUS[CVE-2020-29371] = "fixed-version: Fixed from version 5.9rc2"
-
-CVE_STATUS[CVE-2020-29372] = "fixed-version: Fixed from version 5.7rc3"
-
-CVE_STATUS[CVE-2020-29373] = "fixed-version: Fixed from version 5.6rc2"
-
-CVE_STATUS[CVE-2020-29374] = "fixed-version: Fixed from version 5.8rc1"
-
-CVE_STATUS[CVE-2020-29534] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2020-29568] = "fixed-version: Fixed from version 5.11rc1"
-
-CVE_STATUS[CVE-2020-29569] = "fixed-version: Fixed from version 5.11rc1"
-
-CVE_STATUS[CVE-2020-29660] = "fixed-version: Fixed from version 5.10rc7"
-
-CVE_STATUS[CVE-2020-29661] = "fixed-version: Fixed from version 5.10rc7"
-
-CVE_STATUS[CVE-2020-35499] = "fixed-version: Fixed from version 5.11rc1"
-
-# CVE-2020-35501 has no known resolution
-
-CVE_STATUS[CVE-2020-35508] = "fixed-version: Fixed from version 5.10rc3"
-
-CVE_STATUS[CVE-2020-35513] = "fixed-version: Fixed from version 4.17rc1"
-
-CVE_STATUS[CVE-2020-35519] = "fixed-version: Fixed from version 5.10rc7"
-
-CVE_STATUS[CVE-2020-36158] = "fixed-version: Fixed from version 5.11rc1"
-
-CVE_STATUS[CVE-2020-36310] = "fixed-version: Fixed from version 5.8rc1"
-
-CVE_STATUS[CVE-2020-36311] = "fixed-version: Fixed from version 5.9rc5"
-
-CVE_STATUS[CVE-2020-36312] = "fixed-version: Fixed from version 5.9rc5"
-
-CVE_STATUS[CVE-2020-36313] = "fixed-version: Fixed from version 5.7rc1"
-
-CVE_STATUS[CVE-2020-36322] = "fixed-version: Fixed from version 5.11rc1"
-
-CVE_STATUS[CVE-2020-36385] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2020-36386] = "fixed-version: Fixed from version 5.9rc1"
-
-CVE_STATUS[CVE-2020-36387] = "fixed-version: Fixed from version 5.9rc1"
-
-CVE_STATUS[CVE-2020-36516] = "fixed-version: Fixed from version 5.17rc2"
-
-CVE_STATUS[CVE-2020-36557] = "fixed-version: Fixed from version 5.7rc1"
-
-CVE_STATUS[CVE-2020-36558] = "fixed-version: Fixed from version 5.6rc3"
-
-CVE_STATUS[CVE-2020-36691] = "fixed-version: Fixed from version 5.8rc1"
-
-CVE_STATUS[CVE-2020-36694] = "fixed-version: Fixed from version 5.10"
-
-CVE_STATUS[CVE-2020-36766] = "fixed-version: Fixed from version 5.9rc1"
-
-CVE_STATUS[CVE-2020-3702] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2020-4788] = "fixed-version: Fixed from version 5.10rc5"
-
-CVE_STATUS[CVE-2020-7053] = "fixed-version: Fixed from version 5.2rc1"
-
-CVE_STATUS[CVE-2020-8428] = "fixed-version: Fixed from version 5.5"
-
-CVE_STATUS[CVE-2020-8647] = "fixed-version: Fixed from version 5.6rc5"
-
-CVE_STATUS[CVE-2020-8648] = "fixed-version: Fixed from version 5.6rc3"
-
-CVE_STATUS[CVE-2020-8649] = "fixed-version: Fixed from version 5.6rc5"
-
-CVE_STATUS[CVE-2020-8694] = "fixed-version: Fixed from version 5.10rc4"
-
-# CVE-2020-8832 has no known resolution
-
-CVE_STATUS[CVE-2020-8834] = "fixed-version: Fixed from version 4.18rc1"
-
-CVE_STATUS[CVE-2020-8835] = "fixed-version: Fixed from version 5.7rc1"
-
-CVE_STATUS[CVE-2020-8992] = "fixed-version: Fixed from version 5.6rc2"
-
-CVE_STATUS[CVE-2020-9383] = "fixed-version: Fixed from version 5.6rc4"
-
-CVE_STATUS[CVE-2020-9391] = "fixed-version: Fixed from version 5.6rc3"
-
-CVE_STATUS[CVE-2021-0129] = "fixed-version: Fixed from version 5.13rc1"
-
-CVE_STATUS[CVE-2021-0342] = "fixed-version: Fixed from version 5.8rc1"
-
-# CVE-2021-0399 has no known resolution
-
-CVE_STATUS[CVE-2021-0447] = "fixed-version: Fixed from version 4.15rc1"
-
-CVE_STATUS[CVE-2021-0448] = "fixed-version: Fixed from version 5.9rc7"
-
-CVE_STATUS[CVE-2021-0512] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2021-0605] = "fixed-version: Fixed from version 5.8"
-
-# CVE-2021-0606 has no known resolution
-
-# CVE-2021-0695 has no known resolution
-
-CVE_STATUS[CVE-2021-0707] = "fixed-version: Fixed from version 5.11rc3"
-
-CVE_STATUS[CVE-2021-0920] = "fixed-version: Fixed from version 5.14rc4"
-
-# CVE-2021-0924 has no known resolution
-
-CVE_STATUS[CVE-2021-0929] = "fixed-version: Fixed from version 5.6rc1"
-
-CVE_STATUS[CVE-2021-0935] = "fixed-version: Fixed from version 4.16rc7"
-
-# CVE-2021-0936 has no known resolution
-
-CVE_STATUS[CVE-2021-0937] = "fixed-version: Fixed from version 5.12rc8"
-
-CVE_STATUS[CVE-2021-0938] = "fixed-version: Fixed from version 5.10rc4"
-
-CVE_STATUS[CVE-2021-0941] = "fixed-version: Fixed from version 5.12rc1"
-
-# CVE-2021-0961 has no known resolution
-
-CVE_STATUS[CVE-2021-1048] = "fixed-version: Fixed from version 5.9rc4"
-
-CVE_STATUS[CVE-2021-20177] = "fixed-version: Fixed from version 5.5rc1"
-
-CVE_STATUS[CVE-2021-20194] = "fixed-version: Fixed from version 5.10rc1"
-
-# CVE-2021-20219 has no known resolution
-
-CVE_STATUS[CVE-2021-20226] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2021-20239] = "fixed-version: Fixed from version 5.9rc1"
-
-CVE_STATUS[CVE-2021-20261] = "fixed-version: Fixed from version 4.5rc5"
-
-CVE_STATUS[CVE-2021-20265] = "fixed-version: Fixed from version 4.5rc3"
-
-CVE_STATUS[CVE-2021-20268] = "fixed-version: Fixed from version 5.11rc5"
-
-CVE_STATUS[CVE-2021-20292] = "fixed-version: Fixed from version 5.9rc1"
-
-CVE_STATUS[CVE-2021-20317] = "fixed-version: Fixed from version 5.4rc1"
-
-CVE_STATUS[CVE-2021-20320] = "fixed-version: Fixed from version 5.15rc3"
-
-CVE_STATUS[CVE-2021-20321] = "fixed-version: Fixed from version 5.15rc5"
-
-CVE_STATUS[CVE-2021-20322] = "fixed-version: Fixed from version 5.15rc1"
-
-CVE_STATUS[CVE-2021-21781] = "fixed-version: Fixed from version 5.11rc7"
-
-CVE_STATUS[CVE-2021-22543] = "fixed-version: Fixed from version 5.13"
-
-CVE_STATUS[CVE-2021-22555] = "fixed-version: Fixed from version 5.12rc8"
-
-CVE_STATUS[CVE-2021-22600] = "fixed-version: Fixed from version 5.16rc6"
-
-CVE_STATUS[CVE-2021-23133] = "fixed-version: Fixed from version 5.12rc8"
-
-CVE_STATUS[CVE-2021-23134] = "fixed-version: Fixed from version 5.13rc1"
-
-CVE_STATUS[CVE-2021-26401] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2021-26708] = "fixed-version: Fixed from version 5.11rc7"
-
-CVE_STATUS[CVE-2021-26930] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2021-26931] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2021-26932] = "fixed-version: Fixed from version 5.12rc1"
-
-# CVE-2021-26934 has no known resolution
-
-CVE_STATUS[CVE-2021-27363] = "fixed-version: Fixed from version 5.12rc2"
-
-CVE_STATUS[CVE-2021-27364] = "fixed-version: Fixed from version 5.12rc2"
-
-CVE_STATUS[CVE-2021-27365] = "fixed-version: Fixed from version 5.12rc2"
-
-CVE_STATUS[CVE-2021-28038] = "fixed-version: Fixed from version 5.12rc2"
-
-CVE_STATUS[CVE-2021-28039] = "fixed-version: Fixed from version 5.12rc2"
-
-CVE_STATUS[CVE-2021-28375] = "fixed-version: Fixed from version 5.12rc3"
-
-CVE_STATUS[CVE-2021-28660] = "fixed-version: Fixed from version 5.12rc3"
-
-CVE_STATUS[CVE-2021-28688] = "fixed-version: Fixed from version 5.12rc6"
-
-CVE_STATUS[CVE-2021-28691] = "fixed-version: Fixed from version 5.13rc6"
-
-CVE_STATUS[CVE-2021-28711] = "fixed-version: Fixed from version 5.16rc7"
-
-CVE_STATUS[CVE-2021-28712] = "fixed-version: Fixed from version 5.16rc7"
-
-CVE_STATUS[CVE-2021-28713] = "fixed-version: Fixed from version 5.16rc7"
-
-CVE_STATUS[CVE-2021-28714] = "fixed-version: Fixed from version 5.16rc7"
-
-CVE_STATUS[CVE-2021-28715] = "fixed-version: Fixed from version 5.16rc7"
-
-CVE_STATUS[CVE-2021-28950] = "fixed-version: Fixed from version 5.12rc4"
-
-CVE_STATUS[CVE-2021-28951] = "fixed-version: Fixed from version 5.12rc2"
-
-CVE_STATUS[CVE-2021-28952] = "fixed-version: Fixed from version 5.12rc4"
-
-CVE_STATUS[CVE-2021-28964] = "fixed-version: Fixed from version 5.12rc4"
-
-CVE_STATUS[CVE-2021-28971] = "fixed-version: Fixed from version 5.12rc4"
-
-CVE_STATUS[CVE-2021-28972] = "fixed-version: Fixed from version 5.12rc4"
-
-CVE_STATUS[CVE-2021-29154] = "fixed-version: Fixed from version 5.12rc7"
-
-CVE_STATUS[CVE-2021-29155] = "fixed-version: Fixed from version 5.12rc8"
-
-CVE_STATUS[CVE-2021-29264] = "fixed-version: Fixed from version 5.12rc3"
-
-CVE_STATUS[CVE-2021-29265] = "fixed-version: Fixed from version 5.12rc3"
-
-CVE_STATUS[CVE-2021-29266] = "fixed-version: Fixed from version 5.12rc4"
-
-CVE_STATUS[CVE-2021-29646] = "fixed-version: Fixed from version 5.12rc5"
-
-CVE_STATUS[CVE-2021-29647] = "fixed-version: Fixed from version 5.12rc5"
-
-CVE_STATUS[CVE-2021-29648] = "fixed-version: Fixed from version 5.12rc5"
-
-CVE_STATUS[CVE-2021-29649] = "fixed-version: Fixed from version 5.12rc5"
-
-CVE_STATUS[CVE-2021-29650] = "fixed-version: Fixed from version 5.12rc5"
-
-CVE_STATUS[CVE-2021-29657] = "fixed-version: Fixed from version 5.12rc6"
-
-CVE_STATUS[CVE-2021-30002] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2021-30178] = "fixed-version: Fixed from version 5.12rc2"
-
-CVE_STATUS[CVE-2021-31440] = "fixed-version: Fixed from version 5.13rc1"
-
-CVE_STATUS[CVE-2021-3178] = "fixed-version: Fixed from version 5.11rc5"
-
-CVE_STATUS[CVE-2021-31829] = "fixed-version: Fixed from version 5.13rc1"
-
-CVE_STATUS[CVE-2021-31916] = "fixed-version: Fixed from version 5.12rc5"
-
-CVE_STATUS[CVE-2021-32078] = "fixed-version: Fixed from version 5.13rc1"
-
-CVE_STATUS[CVE-2021-32399] = "fixed-version: Fixed from version 5.13rc1"
-
-CVE_STATUS[CVE-2021-32606] = "fixed-version: Fixed from version 5.13rc4"
-
-CVE_STATUS[CVE-2021-33033] = "fixed-version: Fixed from version 5.12rc3"
-
-CVE_STATUS[CVE-2021-33034] = "fixed-version: Fixed from version 5.13rc1"
-
-CVE_STATUS[CVE-2021-33061] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2021-33098] = "fixed-version: Fixed from version 5.13rc4"
-
-CVE_STATUS[CVE-2021-33135] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2021-33200] = "fixed-version: Fixed from version 5.13rc4"
-
-CVE_STATUS[CVE-2021-3347] = "fixed-version: Fixed from version 5.11rc6"
-
-CVE_STATUS[CVE-2021-3348] = "fixed-version: Fixed from version 5.11rc6"
-
-CVE_STATUS[CVE-2021-33624] = "fixed-version: Fixed from version 5.13rc7"
-
-CVE_STATUS[CVE-2021-33655] = "fixed-version: Fixed from version 5.19rc6"
-
-CVE_STATUS[CVE-2021-33656] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2021-33909] = "fixed-version: Fixed from version 5.14rc3"
-
-CVE_STATUS[CVE-2021-3411] = "fixed-version: Fixed from version 5.10"
-
-CVE_STATUS[CVE-2021-3428] = "fixed-version: Fixed from version 5.9rc2"
-
-CVE_STATUS[CVE-2021-3444] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2021-34556] = "fixed-version: Fixed from version 5.14rc4"
-
-CVE_STATUS[CVE-2021-34693] = "fixed-version: Fixed from version 5.13rc7"
-
-CVE_STATUS[CVE-2021-3483] = "fixed-version: Fixed from version 5.12rc6"
-
-CVE_STATUS[CVE-2021-34866] = "fixed-version: Fixed from version 5.14"
-
-CVE_STATUS[CVE-2021-3489] = "fixed-version: Fixed from version 5.13rc4"
-
-CVE_STATUS[CVE-2021-3490] = "fixed-version: Fixed from version 5.13rc4"
-
-CVE_STATUS[CVE-2021-3491] = "fixed-version: Fixed from version 5.13rc1"
-
-# CVE-2021-3492 has no known resolution
-
-CVE_STATUS[CVE-2021-3493] = "fixed-version: Fixed from version 5.11rc1"
-
-CVE_STATUS[CVE-2021-34981] = "fixed-version: Fixed from version 5.14rc1"
-
-CVE_STATUS[CVE-2021-3501] = "fixed-version: Fixed from version 5.12rc8"
-
-CVE_STATUS[CVE-2021-35039] = "fixed-version: Fixed from version 5.13"
-
-CVE_STATUS[CVE-2021-3506] = "fixed-version: Fixed from version 5.13rc1"
-
-# CVE-2021-3542 has no known resolution
-
-CVE_STATUS[CVE-2021-3543] = "fixed-version: Fixed from version 5.13rc1"
-
-CVE_STATUS[CVE-2021-35477] = "fixed-version: Fixed from version 5.14rc4"
-
-CVE_STATUS[CVE-2021-3564] = "fixed-version: Fixed from version 5.13rc5"
-
-CVE_STATUS[CVE-2021-3573] = "fixed-version: Fixed from version 5.13rc5"
-
-CVE_STATUS[CVE-2021-3587] = "fixed-version: Fixed from version 5.13rc5"
-
-CVE_STATUS[CVE-2021-3600] = "fixed-version: Fixed from version 5.11"
-
-CVE_STATUS[CVE-2021-3609] = "fixed-version: Fixed from version 5.14rc1"
-
-CVE_STATUS[CVE-2021-3612] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2021-3635] = "fixed-version: Fixed from version 5.5rc7"
-
-CVE_STATUS[CVE-2021-3640] = "fixed-version: Fixed from version 5.16rc1"
-
-CVE_STATUS[CVE-2021-3653] = "fixed-version: Fixed from version 5.14rc7"
-
-CVE_STATUS[CVE-2021-3655] = "fixed-version: Fixed from version 5.14rc1"
-
-CVE_STATUS[CVE-2021-3656] = "fixed-version: Fixed from version 5.14rc7"
-
-CVE_STATUS[CVE-2021-3659] = "fixed-version: Fixed from version 5.12rc7"
-
-CVE_STATUS[CVE-2021-3669] = "fixed-version: Fixed from version 5.15rc1"
-
-CVE_STATUS[CVE-2021-3679] = "fixed-version: Fixed from version 5.14rc3"
-
-# CVE-2021-3714 has no known resolution
-
-CVE_STATUS[CVE-2021-3715] = "fixed-version: Fixed from version 5.6"
-
-CVE_STATUS[CVE-2021-37159] = "fixed-version: Fixed from version 5.14rc3"
-
-CVE_STATUS[CVE-2021-3732] = "fixed-version: Fixed from version 5.14rc6"
-
-CVE_STATUS[CVE-2021-3736] = "fixed-version: Fixed from version 5.15rc1"
-
-CVE_STATUS[CVE-2021-3739] = "fixed-version: Fixed from version 5.15rc1"
-
-CVE_STATUS[CVE-2021-3743] = "fixed-version: Fixed from version 5.13rc7"
-
-CVE_STATUS[CVE-2021-3744] = "fixed-version: Fixed from version 5.15rc4"
-
-CVE_STATUS[CVE-2021-3752] = "fixed-version: Fixed from version 5.16rc1"
-
-CVE_STATUS[CVE-2021-3753] = "fixed-version: Fixed from version 5.15rc1"
-
-CVE_STATUS[CVE-2021-37576] = "fixed-version: Fixed from version 5.14rc3"
-
-CVE_STATUS[CVE-2021-3759] = "fixed-version: Fixed from version 5.15rc1"
-
-CVE_STATUS[CVE-2021-3760] = "fixed-version: Fixed from version 5.15rc6"
-
-CVE_STATUS[CVE-2021-3764] = "fixed-version: Fixed from version 5.15rc4"
-
-CVE_STATUS[CVE-2021-3772] = "fixed-version: Fixed from version 5.15"
-
-CVE_STATUS[CVE-2021-38160] = "fixed-version: Fixed from version 5.14rc1"
-
-CVE_STATUS[CVE-2021-38166] = "fixed-version: Fixed from version 5.14rc6"
-
-CVE_STATUS[CVE-2021-38198] = "fixed-version: Fixed from version 5.13rc6"
-
-CVE_STATUS[CVE-2021-38199] = "fixed-version: Fixed from version 5.14rc1"
-
-CVE_STATUS[CVE-2021-38200] = "fixed-version: Fixed from version 5.13rc7"
-
-CVE_STATUS[CVE-2021-38201] = "fixed-version: Fixed from version 5.14rc1"
-
-CVE_STATUS[CVE-2021-38202] = "fixed-version: Fixed from version 5.14rc1"
-
-CVE_STATUS[CVE-2021-38203] = "fixed-version: Fixed from version 5.14rc2"
-
-CVE_STATUS[CVE-2021-38204] = "fixed-version: Fixed from version 5.14rc3"
-
-CVE_STATUS[CVE-2021-38205] = "fixed-version: Fixed from version 5.14rc1"
-
-CVE_STATUS[CVE-2021-38206] = "fixed-version: Fixed from version 5.13rc7"
-
-CVE_STATUS[CVE-2021-38207] = "fixed-version: Fixed from version 5.13rc7"
-
-CVE_STATUS[CVE-2021-38208] = "fixed-version: Fixed from version 5.13rc5"
-
-CVE_STATUS[CVE-2021-38209] = "fixed-version: Fixed from version 5.13rc1"
-
-CVE_STATUS[CVE-2021-38300] = "fixed-version: Fixed from version 5.15rc4"
-
-# CVE-2021-3847 has no known resolution
-
-# CVE-2021-3864 has no known resolution
-
-# CVE-2021-3892 has no known resolution
-
-CVE_STATUS[CVE-2021-3894] = "fixed-version: Fixed from version 5.15rc6"
-
-CVE_STATUS[CVE-2021-3896] = "fixed-version: Fixed from version 5.15rc6"
-
-CVE_STATUS[CVE-2021-3923] = "fixed-version: Fixed from version 5.16"
-
-CVE_STATUS[CVE-2021-39633] = "fixed-version: Fixed from version 5.14"
-
-CVE_STATUS[CVE-2021-39634] = "fixed-version: Fixed from version 5.9rc8"
-
-CVE_STATUS[CVE-2021-39636] = "fixed-version: Fixed from version 4.16rc1"
-
-CVE_STATUS[CVE-2021-39648] = "fixed-version: Fixed from version 5.11rc3"
-
-CVE_STATUS[CVE-2021-39656] = "fixed-version: Fixed from version 5.12rc3"
-
-CVE_STATUS[CVE-2021-39657] = "fixed-version: Fixed from version 5.11rc4"
-
-CVE_STATUS[CVE-2021-39685] = "fixed-version: Fixed from version 5.16rc5"
-
-CVE_STATUS[CVE-2021-39686] = "fixed-version: Fixed from version 5.16rc1"
-
-CVE_STATUS[CVE-2021-39698] = "fixed-version: Fixed from version 5.16rc5"
-
-CVE_STATUS[CVE-2021-39711] = "fixed-version: Fixed from version 4.18rc6"
-
-CVE_STATUS[CVE-2021-39713] = "fixed-version: Fixed from version 4.20rc1"
-
-CVE_STATUS[CVE-2021-39714] = "fixed-version: Fixed from version 4.12rc1"
-
-# CVE-2021-39800 has no known resolution
-
-# CVE-2021-39801 has no known resolution
-
-# CVE-2021-39802 has no known resolution
-
-CVE_STATUS[CVE-2021-4001] = "fixed-version: Fixed from version 5.16rc2"
-
-CVE_STATUS[CVE-2021-4002] = "fixed-version: Fixed from version 5.16rc3"
-
-CVE_STATUS[CVE-2021-4023] = "fixed-version: Fixed from version 5.15rc1"
-
-CVE_STATUS[CVE-2021-4028] = "fixed-version: Fixed from version 5.15rc4"
-
-CVE_STATUS[CVE-2021-4032] = "fixed-version: Fixed from version 5.15rc7"
-
-CVE_STATUS[CVE-2021-4037] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2021-40490] = "fixed-version: Fixed from version 5.15rc1"
-
-CVE_STATUS[CVE-2021-4083] = "fixed-version: Fixed from version 5.16rc4"
-
-CVE_STATUS[CVE-2021-4090] = "fixed-version: Fixed from version 5.16rc2"
-
-CVE_STATUS[CVE-2021-4093] = "fixed-version: Fixed from version 5.15rc7"
-
-CVE_STATUS[CVE-2021-4095] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2021-41073] = "fixed-version: Fixed from version 5.15rc2"
-
-CVE_STATUS[CVE-2021-4135] = "fixed-version: Fixed from version 5.16rc6"
-
-CVE_STATUS[CVE-2021-4148] = "fixed-version: Fixed from version 5.15"
-
-CVE_STATUS[CVE-2021-4149] = "fixed-version: Fixed from version 5.15rc6"
-
-CVE_STATUS[CVE-2021-4150] = "fixed-version: Fixed from version 5.15rc7"
-
-CVE_STATUS[CVE-2021-4154] = "fixed-version: Fixed from version 5.14rc2"
-
-CVE_STATUS[CVE-2021-4155] = "fixed-version: Fixed from version 5.16"
-
-CVE_STATUS[CVE-2021-4157] = "fixed-version: Fixed from version 5.13rc1"
-
-CVE_STATUS[CVE-2021-4159] = "fixed-version: Fixed from version 5.7rc1"
-
-CVE_STATUS[CVE-2021-41864] = "fixed-version: Fixed from version 5.15rc5"
-
-CVE_STATUS[CVE-2021-4197] = "fixed-version: Fixed from version 5.16"
-
-CVE_STATUS[CVE-2021-42008] = "fixed-version: Fixed from version 5.14rc7"
-
-CVE_STATUS[CVE-2021-4202] = "fixed-version: Fixed from version 5.16rc2"
-
-CVE_STATUS[CVE-2021-4203] = "fixed-version: Fixed from version 5.15rc4"
-
-CVE_STATUS[CVE-2021-4204] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2021-4218] = "fixed-version: Fixed from version 5.8rc1"
-
-CVE_STATUS[CVE-2021-42252] = "fixed-version: Fixed from version 5.15rc1"
-
-CVE_STATUS[CVE-2021-42327] = "fixed-version: Fixed from version 5.15"
-
-CVE_STATUS[CVE-2021-42739] = "fixed-version: Fixed from version 5.16rc1"
-
-CVE_STATUS[CVE-2021-43056] = "fixed-version: Fixed from version 5.15rc6"
-
-CVE_STATUS[CVE-2021-43057] = "fixed-version: Fixed from version 5.15rc3"
-
-CVE_STATUS[CVE-2021-43267] = "fixed-version: Fixed from version 5.15"
-
-CVE_STATUS[CVE-2021-43389] = "fixed-version: Fixed from version 5.15rc6"
-
-CVE_STATUS[CVE-2021-43975] = "fixed-version: Fixed from version 5.16rc2"
-
-CVE_STATUS[CVE-2021-43976] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2021-44733] = "fixed-version: Fixed from version 5.16rc7"
-
-CVE_STATUS[CVE-2021-44879] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2021-45095] = "fixed-version: Fixed from version 5.16rc6"
-
-CVE_STATUS[CVE-2021-45100] = "fixed-version: Fixed from version 5.16rc7"
-
-CVE_STATUS[CVE-2021-45402] = "fixed-version: Fixed from version 5.16rc6"
-
-CVE_STATUS[CVE-2021-45469] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2021-45480] = "fixed-version: Fixed from version 5.16rc6"
-
-CVE_STATUS[CVE-2021-45485] = "fixed-version: Fixed from version 5.14rc1"
-
-CVE_STATUS[CVE-2021-45486] = "fixed-version: Fixed from version 5.13rc1"
-
-CVE_STATUS[CVE-2021-45868] = "fixed-version: Fixed from version 5.16rc1"
-
-CVE_STATUS[CVE-2021-46283] = "fixed-version: Fixed from version 5.13rc7"
-
-CVE_STATUS[CVE-2022-0001] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2022-0002] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2022-0168] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-0171] = "fixed-version: Fixed from version 5.18rc4"
-
-CVE_STATUS[CVE-2022-0185] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2022-0264] = "fixed-version: Fixed from version 5.16rc6"
-
-CVE_STATUS[CVE-2022-0286] = "fixed-version: Fixed from version 5.14rc2"
-
-CVE_STATUS[CVE-2022-0322] = "fixed-version: Fixed from version 5.15rc6"
-
-CVE_STATUS[CVE-2022-0330] = "fixed-version: Fixed from version 5.17rc2"
-
-CVE_STATUS[CVE-2022-0382] = "fixed-version: Fixed from version 5.16"
-
-# CVE-2022-0400 has no known resolution
-
-CVE_STATUS[CVE-2022-0433] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2022-0435] = "fixed-version: Fixed from version 5.17rc4"
-
-CVE_STATUS[CVE-2022-0480] = "fixed-version: Fixed from version 5.15rc1"
-
-CVE_STATUS[CVE-2022-0487] = "fixed-version: Fixed from version 5.17rc4"
-
-CVE_STATUS[CVE-2022-0492] = "fixed-version: Fixed from version 5.17rc3"
-
-CVE_STATUS[CVE-2022-0494] = "fixed-version: Fixed from version 5.17rc5"
-
-CVE_STATUS[CVE-2022-0500] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2022-0516] = "fixed-version: Fixed from version 5.17rc4"
-
-CVE_STATUS[CVE-2022-0617] = "fixed-version: Fixed from version 5.17rc2"
-
-CVE_STATUS[CVE-2022-0644] = "fixed-version: Fixed from version 5.15rc7"
-
-CVE_STATUS[CVE-2022-0646] = "fixed-version: Fixed from version 5.17rc5"
-
-CVE_STATUS[CVE-2022-0742] = "fixed-version: Fixed from version 5.17rc7"
-
-CVE_STATUS[CVE-2022-0812] = "fixed-version: Fixed from version 5.8rc6"
-
-CVE_STATUS[CVE-2022-0847] = "fixed-version: Fixed from version 5.17rc6"
-
-CVE_STATUS[CVE-2022-0850] = "fixed-version: Fixed from version 5.14rc1"
-
-CVE_STATUS[CVE-2022-0854] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2022-0995] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2022-0998] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2022-1011] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2022-1012] = "fixed-version: Fixed from version 5.18rc6"
-
-CVE_STATUS[CVE-2022-1015] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-1016] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-1043] = "fixed-version: Fixed from version 5.14rc7"
-
-CVE_STATUS[CVE-2022-1048] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-1055] = "fixed-version: Fixed from version 5.17rc3"
-
-# CVE-2022-1116 has no known resolution
-
-CVE_STATUS[CVE-2022-1158] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-1184] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-1195] = "fixed-version: Fixed from version 5.16rc7"
-
-CVE_STATUS[CVE-2022-1198] = "fixed-version: Fixed from version 5.17rc6"
-
-CVE_STATUS[CVE-2022-1199] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2022-1204] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-1205] = "fixed-version: Fixed from version 5.18rc1"
-
-# CVE-2022-1247 has no known resolution
-
-CVE_STATUS[CVE-2022-1263] = "fixed-version: Fixed from version 5.18rc3"
-
-CVE_STATUS[CVE-2022-1280] = "fixed-version: Fixed from version 5.15rc1"
-
-CVE_STATUS[CVE-2022-1353] = "fixed-version: Fixed from version 5.17"
-
-CVE_STATUS[CVE-2022-1419] = "fixed-version: Fixed from version 5.6rc2"
-
-CVE_STATUS[CVE-2022-1462] = "fixed-version: Fixed from version 5.19rc7"
-
-CVE_STATUS[CVE-2022-1508] = "fixed-version: Fixed from version 5.15rc1"
-
-CVE_STATUS[CVE-2022-1516] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-1651] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-1652] = "fixed-version: Fixed from version 5.18rc6"
-
-CVE_STATUS[CVE-2022-1671] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-1678] = "fixed-version: Fixed from version 4.20rc1"
-
-CVE_STATUS[CVE-2022-1679] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-1729] = "fixed-version: Fixed from version 5.18"
-
-CVE_STATUS[CVE-2022-1734] = "fixed-version: Fixed from version 5.18rc6"
-
-CVE_STATUS[CVE-2022-1786] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2022-1789] = "fixed-version: Fixed from version 5.18"
-
-CVE_STATUS[CVE-2022-1836] = "fixed-version: Fixed from version 5.18rc5"
-
-CVE_STATUS[CVE-2022-1852] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-1882] = "fixed-version: Fixed from version 5.19rc8"
-
-CVE_STATUS[CVE-2022-1943] = "fixed-version: Fixed from version 5.18rc7"
-
-CVE_STATUS[CVE-2022-1966] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-1972] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-1973] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-1974] = "fixed-version: Fixed from version 5.18rc6"
-
-CVE_STATUS[CVE-2022-1975] = "fixed-version: Fixed from version 5.18rc6"
-
-CVE_STATUS[CVE-2022-1976] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-1998] = "fixed-version: Fixed from version 5.17rc3"
-
-CVE_STATUS[CVE-2022-20008] = "fixed-version: Fixed from version 5.17rc5"
-
-CVE_STATUS[CVE-2022-20132] = "fixed-version: Fixed from version 5.16rc5"
-
-CVE_STATUS[CVE-2022-20141] = "fixed-version: Fixed from version 5.15rc1"
-
-CVE_STATUS[CVE-2022-20148] = "fixed-version: Fixed from version 5.16rc1"
-
-CVE_STATUS[CVE-2022-20153] = "fixed-version: Fixed from version 5.13rc1"
-
-CVE_STATUS[CVE-2022-20154] = "fixed-version: Fixed from version 5.16rc8"
-
-CVE_STATUS[CVE-2022-20158] = "fixed-version: Fixed from version 5.17"
-
-CVE_STATUS[CVE-2022-20166] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2022-20368] = "fixed-version: Fixed from version 5.17"
-
-CVE_STATUS[CVE-2022-20369] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-20409] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2022-20421] = "fixed-version: Fixed from version 6.0rc4"
-
-CVE_STATUS[CVE-2022-20422] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-20423] = "fixed-version: Fixed from version 5.17"
-
-CVE_STATUS[CVE-2022-20424] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2022-20565] = "fixed-version: Fixed from version 5.9rc4"
-
-CVE_STATUS[CVE-2022-20566] = "fixed-version: Fixed from version 5.19"
-
-CVE_STATUS[CVE-2022-20567] = "fixed-version: Fixed from version 4.16rc5"
-
-CVE_STATUS[CVE-2022-20568] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2022-20572] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-2078] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-21123] = "fixed-version: Fixed from version 5.19rc3"
-
-CVE_STATUS[CVE-2022-21125] = "fixed-version: Fixed from version 5.19rc3"
-
-CVE_STATUS[CVE-2022-21166] = "fixed-version: Fixed from version 5.19rc3"
-
-CVE_STATUS[CVE-2022-21385] = "fixed-version: Fixed from version 4.20"
-
-CVE_STATUS[CVE-2022-21499] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-21505] = "fixed-version: Fixed from version 5.19rc8"
-
-CVE_STATUS[CVE-2022-2153] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-2196] = "cpe-stable-backport: Backported in 6.1.14"
-
-# CVE-2022-2209 has no known resolution
-
-CVE_STATUS[CVE-2022-22942] = "fixed-version: Fixed from version 5.17rc2"
-
-CVE_STATUS[CVE-2022-23036] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2022-23037] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2022-23038] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2022-23039] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2022-23040] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2022-23041] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2022-23042] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2022-2308] = "fixed-version: Fixed from version 6.0"
-
-CVE_STATUS[CVE-2022-2318] = "fixed-version: Fixed from version 5.19rc5"
-
-CVE_STATUS[CVE-2022-23222] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2022-2327] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2022-2380] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-23816] = "fixed-version: Fixed from version 5.19rc7"
-
-# CVE-2022-23825 has no known resolution
-
-CVE_STATUS[CVE-2022-23960] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2022-24122] = "fixed-version: Fixed from version 5.17rc2"
-
-CVE_STATUS[CVE-2022-24448] = "fixed-version: Fixed from version 5.17rc2"
-
-CVE_STATUS[CVE-2022-24958] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2022-24959] = "fixed-version: Fixed from version 5.17rc2"
-
-CVE_STATUS[CVE-2022-2503] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-25258] = "fixed-version: Fixed from version 5.17rc4"
-
-# CVE-2022-25265 has no known resolution
-
-CVE_STATUS[CVE-2022-25375] = "fixed-version: Fixed from version 5.17rc4"
-
-CVE_STATUS[CVE-2022-25636] = "fixed-version: Fixed from version 5.17rc6"
-
-CVE_STATUS[CVE-2022-2585] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-2586] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-2588] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-2590] = "fixed-version: Fixed from version 6.0rc3"
-
-CVE_STATUS[CVE-2022-2602] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-26365] = "fixed-version: Fixed from version 5.19rc6"
-
-CVE_STATUS[CVE-2022-26373] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-2639] = "fixed-version: Fixed from version 5.18rc4"
-
-CVE_STATUS[CVE-2022-26490] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2022-2663] = "fixed-version: Fixed from version 6.0rc5"
-
-# CVE-2022-26878 has no known resolution
-
-CVE_STATUS[CVE-2022-26966] = "fixed-version: Fixed from version 5.17rc6"
-
-CVE_STATUS[CVE-2022-27223] = "fixed-version: Fixed from version 5.17rc6"
-
-CVE_STATUS[CVE-2022-27666] = "fixed-version: Fixed from version 5.17rc8"
-
-CVE_STATUS[CVE-2022-27672] = "cpe-stable-backport: Backported in 6.1.12"
-
-CVE_STATUS[CVE-2022-2785] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-27950] = "fixed-version: Fixed from version 5.17rc5"
-
-CVE_STATUS[CVE-2022-28356] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-28388] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-28389] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-28390] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-2873] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-28796] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-28893] = "fixed-version: Fixed from version 5.18rc2"
-
-CVE_STATUS[CVE-2022-2905] = "fixed-version: Fixed from version 6.0rc4"
-
-CVE_STATUS[CVE-2022-29156] = "fixed-version: Fixed from version 5.17rc6"
-
-CVE_STATUS[CVE-2022-2938] = "fixed-version: Fixed from version 5.17rc2"
-
-CVE_STATUS[CVE-2022-29581] = "fixed-version: Fixed from version 5.18rc4"
-
-CVE_STATUS[CVE-2022-29582] = "fixed-version: Fixed from version 5.18rc2"
-
-CVE_STATUS[CVE-2022-2959] = "fixed-version: Fixed from version 5.19rc1"
-
-# CVE-2022-2961 has no known resolution
-
-CVE_STATUS[CVE-2022-2964] = "fixed-version: Fixed from version 5.17rc4"
-
-CVE_STATUS[CVE-2022-2977] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-2978] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-29900] = "fixed-version: Fixed from version 5.19rc7"
-
-CVE_STATUS[CVE-2022-29901] = "fixed-version: Fixed from version 5.19rc7"
-
-CVE_STATUS[CVE-2022-2991] = "fixed-version: Fixed from version 5.15rc1"
-
-CVE_STATUS[CVE-2022-29968] = "fixed-version: Fixed from version 5.18rc5"
-
-CVE_STATUS[CVE-2022-3028] = "fixed-version: Fixed from version 6.0rc3"
-
-CVE_STATUS[CVE-2022-30594] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-3061] = "fixed-version: Fixed from version 5.18rc5"
-
-CVE_STATUS[CVE-2022-3077] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-3078] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-3103] = "fixed-version: Fixed from version 6.0rc3"
-
-CVE_STATUS[CVE-2022-3104] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-3105] = "fixed-version: Fixed from version 5.16"
-
-CVE_STATUS[CVE-2022-3106] = "fixed-version: Fixed from version 5.16rc6"
-
-CVE_STATUS[CVE-2022-3107] = "fixed-version: Fixed from version 5.17"
-
-CVE_STATUS[CVE-2022-3108] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2022-3110] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-3111] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-3112] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-3113] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-3114] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-3115] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-3169] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-3170] = "fixed-version: Fixed from version 6.0rc4"
-
-CVE_STATUS[CVE-2022-3176] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2022-3202] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-32250] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-32296] = "fixed-version: Fixed from version 5.18rc6"
-
-# CVE-2022-3238 has no known resolution
-
-CVE_STATUS[CVE-2022-3239] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2022-32981] = "fixed-version: Fixed from version 5.19rc2"
-
-CVE_STATUS[CVE-2022-3303] = "fixed-version: Fixed from version 6.0rc5"
-
-CVE_STATUS[CVE-2022-3344] = "fixed-version: Fixed from version 6.1rc7"
-
-CVE_STATUS[CVE-2022-33740] = "fixed-version: Fixed from version 5.19rc6"
-
-CVE_STATUS[CVE-2022-33741] = "fixed-version: Fixed from version 5.19rc6"
-
-CVE_STATUS[CVE-2022-33742] = "fixed-version: Fixed from version 5.19rc6"
-
-CVE_STATUS[CVE-2022-33743] = "fixed-version: Fixed from version 5.19rc6"
-
-CVE_STATUS[CVE-2022-33744] = "fixed-version: Fixed from version 5.19rc6"
-
-CVE_STATUS[CVE-2022-33981] = "fixed-version: Fixed from version 5.18rc5"
-
-CVE_STATUS[CVE-2022-3424] = "cpe-stable-backport: Backported in 6.1.2"
-
-CVE_STATUS[CVE-2022-3435] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-34494] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-34495] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-34918] = "fixed-version: Fixed from version 5.19rc6"
-
-CVE_STATUS[CVE-2022-3521] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-3522] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-3523] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-3524] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-3526] = "fixed-version: Fixed from version 5.18rc3"
-
-CVE_STATUS[CVE-2022-3531] = "cpe-stable-backport: Backported in 6.1.2"
-
-CVE_STATUS[CVE-2022-3532] = "cpe-stable-backport: Backported in 6.1.2"
-
-# CVE-2022-3533 has no known resolution
-
-CVE_STATUS[CVE-2022-3534] = "cpe-stable-backport: Backported in 6.1.2"
-
-CVE_STATUS[CVE-2022-3535] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-3541] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-3542] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-3543] = "fixed-version: Fixed from version 6.1rc1"
-
-# CVE-2022-3544 has no known resolution
-
-CVE_STATUS[CVE-2022-3545] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-3564] = "fixed-version: Fixed from version 6.1rc4"
-
-CVE_STATUS[CVE-2022-3565] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-3566] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-3567] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-3577] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-3586] = "fixed-version: Fixed from version 6.0rc5"
-
-CVE_STATUS[CVE-2022-3594] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-3595] = "fixed-version: Fixed from version 6.1rc1"
-
-# CVE-2022-3606 has no known resolution
-
-CVE_STATUS[CVE-2022-36123] = "fixed-version: Fixed from version 5.19rc6"
-
-CVE_STATUS[CVE-2022-3619] = "fixed-version: Fixed from version 6.1rc4"
-
-CVE_STATUS[CVE-2022-3621] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-3623] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-3624] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-3625] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-3628] = "fixed-version: Fixed from version 6.1rc5"
-
-CVE_STATUS[CVE-2022-36280] = "cpe-stable-backport: Backported in 6.1.4"
-
-CVE_STATUS[CVE-2022-3629] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-3630] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-3633] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-3635] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-3636] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-3640] = "fixed-version: Fixed from version 6.1rc4"
-
-# CVE-2022-36402 has no known resolution
-
-# CVE-2022-3642 has no known resolution
-
-CVE_STATUS[CVE-2022-3643] = "fixed-version: Fixed from version 6.1"
-
-CVE_STATUS[CVE-2022-3646] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-3649] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-36879] = "fixed-version: Fixed from version 5.19rc8"
-
-CVE_STATUS[CVE-2022-36946] = "fixed-version: Fixed from version 5.19"
-
-CVE_STATUS[CVE-2022-3707] = "cpe-stable-backport: Backported in 6.1.5"
-
-# CVE-2022-38096 has no known resolution
-
-CVE_STATUS[CVE-2022-38457] = "cpe-stable-backport: Backported in 6.1.7"
-
-CVE_STATUS[CVE-2022-3903] = "fixed-version: Fixed from version 6.1rc2"
-
-CVE_STATUS[CVE-2022-3910] = "fixed-version: Fixed from version 6.0rc6"
-
-CVE_STATUS[CVE-2022-39188] = "fixed-version: Fixed from version 5.19rc8"
-
-CVE_STATUS[CVE-2022-39189] = "fixed-version: Fixed from version 5.19rc2"
-
-CVE_STATUS[CVE-2022-39190] = "fixed-version: Fixed from version 6.0rc3"
-
-CVE_STATUS[CVE-2022-3977] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-39842] = "fixed-version: Fixed from version 5.19rc4"
-
-CVE_STATUS[CVE-2022-40133] = "cpe-stable-backport: Backported in 6.1.7"
-
-CVE_STATUS[CVE-2022-40307] = "fixed-version: Fixed from version 6.0rc5"
-
-CVE_STATUS[CVE-2022-40476] = "fixed-version: Fixed from version 5.19rc4"
-
-CVE_STATUS[CVE-2022-40768] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-4095] = "fixed-version: Fixed from version 6.0rc4"
-
-CVE_STATUS[CVE-2022-40982] = "cpe-stable-backport: Backported in 6.1.44"
-
-CVE_STATUS[CVE-2022-41218] = "cpe-stable-backport: Backported in 6.1.4"
-
-CVE_STATUS[CVE-2022-41222] = "fixed-version: Fixed from version 5.14rc1"
-
-CVE_STATUS[CVE-2022-4127] = "fixed-version: Fixed from version 5.19rc6"
-
-CVE_STATUS[CVE-2022-4128] = "fixed-version: Fixed from version 5.19rc7"
-
-CVE_STATUS[CVE-2022-4129] = "fixed-version: Fixed from version 6.1rc6"
-
-CVE_STATUS[CVE-2022-4139] = "fixed-version: Fixed from version 6.1rc8"
-
-CVE_STATUS[CVE-2022-41674] = "fixed-version: Fixed from version 6.1rc1"
-
-# CVE-2022-41848 has no known resolution
-
-CVE_STATUS[CVE-2022-41849] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-41850] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-41858] = "fixed-version: Fixed from version 5.18rc2"
-
-CVE_STATUS[CVE-2022-42328] = "fixed-version: Fixed from version 6.1"
-
-CVE_STATUS[CVE-2022-42329] = "fixed-version: Fixed from version 6.1"
-
-CVE_STATUS[CVE-2022-42432] = "fixed-version: Fixed from version 6.0rc7"
-
-CVE_STATUS[CVE-2022-4269] = "cpe-stable-backport: Backported in 6.1.22"
-
-CVE_STATUS[CVE-2022-42703] = "fixed-version: Fixed from version 6.0rc4"
-
-CVE_STATUS[CVE-2022-42719] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-42720] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-42721] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-42722] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-42895] = "fixed-version: Fixed from version 6.1rc4"
-
-CVE_STATUS[CVE-2022-42896] = "fixed-version: Fixed from version 6.1rc4"
-
-CVE_STATUS[CVE-2022-43750] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2022-4378] = "fixed-version: Fixed from version 6.1"
-
-CVE_STATUS[CVE-2022-4379] = "cpe-stable-backport: Backported in 6.1.3"
-
-CVE_STATUS[CVE-2022-4382] = "cpe-stable-backport: Backported in 6.1.8"
-
-CVE_STATUS[CVE-2022-43945] = "fixed-version: Fixed from version 6.1rc1"
-
-# CVE-2022-44032 needs backporting (fixed from 6.4rc1)
-
-# CVE-2022-44033 needs backporting (fixed from 6.4rc1)
-
-# CVE-2022-44034 needs backporting (fixed from 6.4rc1)
-
-# CVE-2022-4543 has no known resolution
-
-CVE_STATUS[CVE-2022-45869] = "fixed-version: Fixed from version 6.1rc7"
-
-# CVE-2022-45884 has no known resolution
-
-# CVE-2022-45885 has no known resolution
-
-CVE_STATUS[CVE-2022-45886] = "cpe-stable-backport: Backported in 6.1.33"
-
-CVE_STATUS[CVE-2022-45887] = "cpe-stable-backport: Backported in 6.1.33"
-
-# CVE-2022-45888 needs backporting (fixed from 6.2rc1)
-
-CVE_STATUS[CVE-2022-45919] = "cpe-stable-backport: Backported in 6.1.33"
-
-CVE_STATUS[CVE-2022-45934] = "fixed-version: Fixed from version 6.1"
-
-CVE_STATUS[CVE-2022-4662] = "fixed-version: Fixed from version 6.0rc4"
-
-CVE_STATUS[CVE-2022-4696] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2022-4744] = "fixed-version: Fixed from version 5.16rc7"
-
-CVE_STATUS[CVE-2022-47518] = "fixed-version: Fixed from version 6.1rc8"
-
-CVE_STATUS[CVE-2022-47519] = "fixed-version: Fixed from version 6.1rc8"
-
-CVE_STATUS[CVE-2022-47520] = "fixed-version: Fixed from version 6.1rc8"
-
-CVE_STATUS[CVE-2022-47521] = "fixed-version: Fixed from version 6.1rc8"
-
-CVE_STATUS[CVE-2022-47929] = "cpe-stable-backport: Backported in 6.1.6"
-
-CVE_STATUS[CVE-2022-47938] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-47939] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-47940] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2022-47941] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-47942] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-47943] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2022-47946] = "fixed-version: Fixed from version 5.12rc2"
-
-CVE_STATUS[CVE-2022-4842] = "cpe-stable-backport: Backported in 6.1.8"
-
-CVE_STATUS[CVE-2022-48423] = "cpe-stable-backport: Backported in 6.1.3"
-
-CVE_STATUS[CVE-2022-48424] = "cpe-stable-backport: Backported in 6.1.3"
-
-CVE_STATUS[CVE-2022-48425] = "cpe-stable-backport: Backported in 6.1.33"
-
-CVE_STATUS[CVE-2022-48502] = "cpe-stable-backport: Backported in 6.1.40"
-
-CVE_STATUS[CVE-2023-0030] = "fixed-version: Fixed from version 5.0rc1"
-
-CVE_STATUS[CVE-2023-0045] = "cpe-stable-backport: Backported in 6.1.5"
-
-CVE_STATUS[CVE-2023-0047] = "fixed-version: Fixed from version 5.16rc1"
-
-CVE_STATUS[CVE-2023-0122] = "fixed-version: Fixed from version 6.0rc4"
-
-CVE_STATUS[CVE-2023-0160] = "cpe-stable-backport: Backported in 6.1.28"
-
-CVE_STATUS[CVE-2023-0179] = "cpe-stable-backport: Backported in 6.1.7"
-
-CVE_STATUS[CVE-2023-0210] = "cpe-stable-backport: Backported in 6.1.5"
-
-CVE_STATUS[CVE-2023-0240] = "fixed-version: Fixed from version 5.10rc1"
-
-CVE_STATUS[CVE-2023-0266] = "cpe-stable-backport: Backported in 6.1.6"
-
-CVE_STATUS[CVE-2023-0386] = "cpe-stable-backport: Backported in 6.1.9"
-
-CVE_STATUS[CVE-2023-0394] = "cpe-stable-backport: Backported in 6.1.7"
-
-CVE_STATUS[CVE-2023-0458] = "cpe-stable-backport: Backported in 6.1.8"
-
-CVE_STATUS[CVE-2023-0459] = "cpe-stable-backport: Backported in 6.1.14"
-
-CVE_STATUS[CVE-2023-0461] = "cpe-stable-backport: Backported in 6.1.5"
-
-CVE_STATUS[CVE-2023-0468] = "fixed-version: Fixed from version 6.1rc7"
-
-CVE_STATUS[CVE-2023-0469] = "fixed-version: Fixed from version 6.1rc7"
-
-CVE_STATUS[CVE-2023-0590] = "fixed-version: Fixed from version 6.1rc2"
-
-# CVE-2023-0597 needs backporting (fixed from 6.2rc1)
-
-CVE_STATUS[CVE-2023-0615] = "fixed-version: Fixed from version 6.1rc3"
-
-CVE_STATUS[CVE-2023-1032] = "cpe-stable-backport: Backported in 6.1.16"
-
-CVE_STATUS[CVE-2023-1073] = "cpe-stable-backport: Backported in 6.1.9"
-
-CVE_STATUS[CVE-2023-1074] = "cpe-stable-backport: Backported in 6.1.9"
-
-CVE_STATUS[CVE-2023-1075] = "cpe-stable-backport: Backported in 6.1.11"
-
-CVE_STATUS[CVE-2023-1076] = "cpe-stable-backport: Backported in 6.1.16"
-
-CVE_STATUS[CVE-2023-1077] = "cpe-stable-backport: Backported in 6.1.16"
-
-CVE_STATUS[CVE-2023-1078] = "cpe-stable-backport: Backported in 6.1.12"
-
-CVE_STATUS[CVE-2023-1079] = "cpe-stable-backport: Backported in 6.1.16"
-
-CVE_STATUS[CVE-2023-1095] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2023-1118] = "cpe-stable-backport: Backported in 6.1.16"
-
-CVE_STATUS[CVE-2023-1192] = "cpe-stable-backport: Backported in 6.1.33"
-
-# CVE-2023-1193 needs backporting (fixed from 6.3rc6)
-
-CVE_STATUS[CVE-2023-1194] = "cpe-stable-backport: Backported in 6.1.34"
-
-CVE_STATUS[CVE-2023-1195] = "fixed-version: Fixed from version 6.1rc3"
-
-CVE_STATUS[CVE-2023-1206] = "cpe-stable-backport: Backported in 6.1.43"
-
-CVE_STATUS[CVE-2023-1249] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2023-1252] = "fixed-version: Fixed from version 5.16rc1"
-
-CVE_STATUS[CVE-2023-1281] = "cpe-stable-backport: Backported in 6.1.13"
-
-CVE_STATUS[CVE-2023-1295] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2023-1380] = "cpe-stable-backport: Backported in 6.1.27"
-
-CVE_STATUS[CVE-2023-1382] = "fixed-version: Fixed from version 6.1rc7"
-
-CVE_STATUS[CVE-2023-1390] = "fixed-version: Fixed from version 5.11rc4"
-
-CVE_STATUS[CVE-2023-1513] = "cpe-stable-backport: Backported in 6.1.13"
-
-CVE_STATUS[CVE-2023-1582] = "fixed-version: Fixed from version 5.17rc4"
-
-CVE_STATUS[CVE-2023-1583] = "cpe-stable-backport: Backported in 6.1.22"
-
-CVE_STATUS[CVE-2023-1611] = "cpe-stable-backport: Backported in 6.1.23"
-
-CVE_STATUS[CVE-2023-1637] = "fixed-version: Fixed from version 5.18rc2"
-
-CVE_STATUS[CVE-2023-1652] = "cpe-stable-backport: Backported in 6.1.9"
-
-CVE_STATUS[CVE-2023-1670] = "cpe-stable-backport: Backported in 6.1.22"
-
-CVE_STATUS[CVE-2023-1829] = "cpe-stable-backport: Backported in 6.1.18"
-
-CVE_STATUS[CVE-2023-1838] = "fixed-version: Fixed from version 5.18"
-
-CVE_STATUS[CVE-2023-1855] = "cpe-stable-backport: Backported in 6.1.21"
-
-CVE_STATUS[CVE-2023-1859] = "cpe-stable-backport: Backported in 6.1.25"
-
-CVE_STATUS[CVE-2023-1872] = "fixed-version: Fixed from version 5.18rc2"
-
-CVE_STATUS[CVE-2023-1989] = "cpe-stable-backport: Backported in 6.1.22"
-
-CVE_STATUS[CVE-2023-1990] = "cpe-stable-backport: Backported in 6.1.21"
-
-CVE_STATUS[CVE-2023-1998] = "cpe-stable-backport: Backported in 6.1.16"
-
-CVE_STATUS[CVE-2023-2002] = "cpe-stable-backport: Backported in 6.1.27"
-
-CVE_STATUS[CVE-2023-2006] = "fixed-version: Fixed from version 6.1rc7"
-
-CVE_STATUS[CVE-2023-2007] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2023-2008] = "fixed-version: Fixed from version 5.19rc4"
-
-CVE_STATUS[CVE-2023-2019] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2023-20569] = "cpe-stable-backport: Backported in 6.1.44"
-
-CVE_STATUS[CVE-2023-20588] = "cpe-stable-backport: Backported in 6.1.45"
-
-CVE_STATUS[CVE-2023-20593] = "cpe-stable-backport: Backported in 6.1.41"
-
-CVE_STATUS[CVE-2023-20928] = "fixed-version: Fixed from version 6.0rc1"
-
-# CVE-2023-20937 has no known resolution
-
-CVE_STATUS[CVE-2023-20938] = "fixed-version: Fixed from version 5.18rc5"
-
-# CVE-2023-20941 has no known resolution
-
-CVE_STATUS[CVE-2023-21102] = "cpe-stable-backport: Backported in 6.1.8"
-
-CVE_STATUS[CVE-2023-21106] = "cpe-stable-backport: Backported in 6.1.9"
-
-CVE_STATUS[CVE-2023-2124] = "cpe-stable-backport: Backported in 6.1.33"
-
-CVE_STATUS[CVE-2023-21255] = "cpe-stable-backport: Backported in 6.1.31"
-
-# CVE-2023-21264 needs backporting (fixed from 6.4rc5)
-
-# CVE-2023-21400 has no known resolution
-
-CVE_STATUS[CVE-2023-2156] = "cpe-stable-backport: Backported in 6.1.26"
-
-CVE_STATUS[CVE-2023-2162] = "cpe-stable-backport: Backported in 6.1.11"
-
-CVE_STATUS[CVE-2023-2163] = "cpe-stable-backport: Backported in 6.1.26"
-
-CVE_STATUS[CVE-2023-2166] = "fixed-version: Fixed from version 6.1"
-
-# CVE-2023-2176 needs backporting (fixed from 6.3rc1)
-
-CVE_STATUS[CVE-2023-2177] = "fixed-version: Fixed from version 5.19"
-
-CVE_STATUS[CVE-2023-2194] = "cpe-stable-backport: Backported in 6.1.22"
-
-CVE_STATUS[CVE-2023-2235] = "cpe-stable-backport: Backported in 6.1.21"
-
-CVE_STATUS[CVE-2023-2236] = "fixed-version: Fixed from version 6.1rc7"
-
-CVE_STATUS[CVE-2023-2248] = "cpe-stable-backport: Backported in 6.1.26"
-
-CVE_STATUS[CVE-2023-2269] = "cpe-stable-backport: Backported in 6.1.28"
-
-CVE_STATUS[CVE-2023-22995] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2023-22996] = "fixed-version: Fixed from version 5.18rc1"
-
-CVE_STATUS[CVE-2023-22997] = "cpe-stable-backport: Backported in 6.1.2"
-
-CVE_STATUS[CVE-2023-22998] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2023-22999] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2023-23000] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2023-23001] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2023-23002] = "fixed-version: Fixed from version 5.17rc1"
-
-CVE_STATUS[CVE-2023-23003] = "fixed-version: Fixed from version 5.16rc6"
-
-CVE_STATUS[CVE-2023-23004] = "fixed-version: Fixed from version 5.19rc1"
-
-# CVE-2023-23005 needs backporting (fixed from 6.2rc1)
-
-CVE_STATUS[CVE-2023-23006] = "fixed-version: Fixed from version 5.16rc8"
-
-# CVE-2023-23039 has no known resolution
-
-CVE_STATUS[CVE-2023-23454] = "cpe-stable-backport: Backported in 6.1.5"
-
-CVE_STATUS[CVE-2023-23455] = "cpe-stable-backport: Backported in 6.1.5"
-
-CVE_STATUS[CVE-2023-23559] = "cpe-stable-backport: Backported in 6.1.9"
-
-CVE_STATUS[CVE-2023-23586] = "fixed-version: Fixed from version 5.12rc1"
-
-CVE_STATUS[CVE-2023-2430] = "cpe-stable-backport: Backported in 6.1.50"
-
-CVE_STATUS[CVE-2023-2483] = "cpe-stable-backport: Backported in 6.1.22"
-
-CVE_STATUS[CVE-2023-25012] = "cpe-stable-backport: Backported in 6.1.16"
-
-CVE_STATUS[CVE-2023-2513] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2023-25775] = "cpe-stable-backport: Backported in 6.1.53"
-
-CVE_STATUS[CVE-2023-2598] = "fixed-version: only affects 6.3rc1 onwards"
-
-# CVE-2023-26242 has no known resolution
-
-# CVE-2023-2640 has no known resolution
-
-CVE_STATUS[CVE-2023-26544] = "cpe-stable-backport: Backported in 6.1.3"
-
-CVE_STATUS[CVE-2023-26545] = "cpe-stable-backport: Backported in 6.1.13"
-
-CVE_STATUS[CVE-2023-26605] = "fixed-version: Fixed from version 6.1rc7"
-
-CVE_STATUS[CVE-2023-26606] = "cpe-stable-backport: Backported in 6.1.2"
-
-CVE_STATUS[CVE-2023-26607] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2023-28327] = "fixed-version: Fixed from version 6.1"
-
-CVE_STATUS[CVE-2023-28328] = "cpe-stable-backport: Backported in 6.1.2"
-
-CVE_STATUS[CVE-2023-28410] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2023-28464] = "fixed-version: only affects 6.3rc1 onwards"
-
-CVE_STATUS[CVE-2023-28466] = "cpe-stable-backport: Backported in 6.1.20"
-
-CVE_STATUS[CVE-2023-2860] = "fixed-version: Fixed from version 6.0rc5"
-
-CVE_STATUS[CVE-2023-28772] = "fixed-version: Fixed from version 5.14rc1"
-
-CVE_STATUS[CVE-2023-28866] = "cpe-stable-backport: Backported in 6.1.22"
-
-CVE_STATUS[CVE-2023-2898] = "cpe-stable-backport: Backported in 6.1.39"
-
-CVE_STATUS[CVE-2023-2985] = "cpe-stable-backport: Backported in 6.1.16"
-
-CVE_STATUS[CVE-2023-3006] = "fixed-version: Fixed from version 6.1rc1"
-
-# Skipping CVE-2023-3022, no affected_versions
-
-CVE_STATUS[CVE-2023-30456] = "cpe-stable-backport: Backported in 6.1.21"
-
-CVE_STATUS[CVE-2023-30772] = "cpe-stable-backport: Backported in 6.1.22"
-
-CVE_STATUS[CVE-2023-3090] = "cpe-stable-backport: Backported in 6.1.30"
-
-CVE_STATUS[CVE-2023-3106] = "fixed-version: Fixed from version 4.8rc7"
-
-# Skipping CVE-2023-3108, no affected_versions
-
-# CVE-2023-31081 has no known resolution
-
-# CVE-2023-31082 has no known resolution
-
-# CVE-2023-31083 needs backporting (fixed from 6.6rc1)
-
-# CVE-2023-31084 needs backporting (fixed from 6.4rc3)
-
-CVE_STATUS[CVE-2023-31085] = "cpe-stable-backport: Backported in 6.1.57"
-
-CVE_STATUS[CVE-2023-3111] = "fixed-version: Fixed from version 6.0rc2"
-
-CVE_STATUS[CVE-2023-3117] = "cpe-stable-backport: Backported in 6.1.35"
-
-CVE_STATUS[CVE-2023-31248] = "cpe-stable-backport: Backported in 6.1.39"
-
-CVE_STATUS[CVE-2023-3141] = "cpe-stable-backport: Backported in 6.1.30"
-
-CVE_STATUS[CVE-2023-31436] = "cpe-stable-backport: Backported in 6.1.26"
-
-CVE_STATUS[CVE-2023-3159] = "fixed-version: Fixed from version 5.18rc6"
-
-CVE_STATUS[CVE-2023-3161] = "cpe-stable-backport: Backported in 6.1.11"
-
-CVE_STATUS[CVE-2023-3212] = "cpe-stable-backport: Backported in 6.1.33"
-
-CVE_STATUS[CVE-2023-3220] = "cpe-stable-backport: Backported in 6.1.16"
-
-CVE_STATUS[CVE-2023-32233] = "cpe-stable-backport: Backported in 6.1.28"
-
-CVE_STATUS[CVE-2023-32247] = "cpe-stable-backport: Backported in 6.1.29"
-
-CVE_STATUS[CVE-2023-32248] = "cpe-stable-backport: Backported in 6.1.28"
-
-CVE_STATUS[CVE-2023-32250] = "cpe-stable-backport: Backported in 6.1.29"
-
-CVE_STATUS[CVE-2023-32252] = "cpe-stable-backport: Backported in 6.1.29"
-
-CVE_STATUS[CVE-2023-32254] = "cpe-stable-backport: Backported in 6.1.28"
-
-CVE_STATUS[CVE-2023-32257] = "cpe-stable-backport: Backported in 6.1.29"
-
-CVE_STATUS[CVE-2023-32258] = "cpe-stable-backport: Backported in 6.1.29"
-
-CVE_STATUS[CVE-2023-32269] = "cpe-stable-backport: Backported in 6.1.11"
-
-# CVE-2023-32629 has no known resolution
-
-CVE_STATUS[CVE-2023-3268] = "cpe-stable-backport: Backported in 6.1.28"
-
-CVE_STATUS[CVE-2023-3269] = "cpe-stable-backport: Backported in 6.1.37"
-
-CVE_STATUS[CVE-2023-3312] = "fixed-version: only affects 6.2rc1 onwards"
-
-CVE_STATUS[CVE-2023-3317] = "fixed-version: only affects 6.2rc1 onwards"
-
-CVE_STATUS[CVE-2023-33203] = "cpe-stable-backport: Backported in 6.1.22"
-
-CVE_STATUS[CVE-2023-33250] = "fixed-version: only affects 6.2rc1 onwards"
-
-CVE_STATUS[CVE-2023-33288] = "cpe-stable-backport: Backported in 6.1.22"
-
-CVE_STATUS[CVE-2023-3338] = "fixed-version: Fixed from version 6.1rc1"
-
-CVE_STATUS[CVE-2023-3355] = "cpe-stable-backport: Backported in 6.1.16"
-
-CVE_STATUS[CVE-2023-3357] = "cpe-stable-backport: Backported in 6.1.2"
-
-CVE_STATUS[CVE-2023-3358] = "cpe-stable-backport: Backported in 6.1.9"
-
-CVE_STATUS[CVE-2023-3359] = "cpe-stable-backport: Backported in 6.1.11"
-
-CVE_STATUS[CVE-2023-3389] = "fixed-version: Fixed from version 6.0rc1"
-
-CVE_STATUS[CVE-2023-3390] = "cpe-stable-backport: Backported in 6.1.35"
-
-CVE_STATUS[CVE-2023-33951] = "cpe-stable-backport: Backported in 6.1.13"
-
-CVE_STATUS[CVE-2023-33952] = "cpe-stable-backport: Backported in 6.1.13"
-
-# CVE-2023-3397 has no known resolution
-
-CVE_STATUS[CVE-2023-34255] = "cpe-stable-backport: Backported in 6.1.33"
-
-CVE_STATUS[CVE-2023-34256] = "cpe-stable-backport: Backported in 6.1.29"
-
-CVE_STATUS[CVE-2023-34319] = "cpe-stable-backport: Backported in 6.1.44"
-
-CVE_STATUS[CVE-2023-34324] = "cpe-stable-backport: Backported in 6.1.57"
-
-CVE_STATUS[CVE-2023-3439] = "fixed-version: Fixed from version 5.18rc5"
-
-CVE_STATUS[CVE-2023-35001] = "cpe-stable-backport: Backported in 6.1.39"
-
-CVE_STATUS[CVE-2023-3567] = "cpe-stable-backport: Backported in 6.1.11"
-
-# CVE-2023-35693 has no known resolution
-
-CVE_STATUS[CVE-2023-35788] = "cpe-stable-backport: Backported in 6.1.33"
-
-CVE_STATUS[CVE-2023-35823] = "cpe-stable-backport: Backported in 6.1.28"
-
-CVE_STATUS[CVE-2023-35824] = "cpe-stable-backport: Backported in 6.1.28"
-
-CVE_STATUS[CVE-2023-35826] = "cpe-stable-backport: Backported in 6.1.28"
-
-CVE_STATUS[CVE-2023-35827] = "cpe-stable-backport: Backported in 6.1.59"
-
-CVE_STATUS[CVE-2023-35828] = "cpe-stable-backport: Backported in 6.1.28"
-
-CVE_STATUS[CVE-2023-35829] = "cpe-stable-backport: Backported in 6.1.28"
-
-CVE_STATUS[CVE-2023-3609] = "cpe-stable-backport: Backported in 6.1.35"
-
-CVE_STATUS[CVE-2023-3610] = "cpe-stable-backport: Backported in 6.1.36"
-
-CVE_STATUS[CVE-2023-3611] = "cpe-stable-backport: Backported in 6.1.40"
-
-# CVE-2023-3640 has no known resolution
-
-CVE_STATUS[CVE-2023-37453] = "fixed-version: only affects 6.3rc1 onwards"
-
-# CVE-2023-37454 has no known resolution
-
-CVE_STATUS[CVE-2023-3772] = "cpe-stable-backport: Backported in 6.1.47"
-
-CVE_STATUS[CVE-2023-3773] = "cpe-stable-backport: Backported in 6.1.47"
-
-CVE_STATUS[CVE-2023-3776] = "cpe-stable-backport: Backported in 6.1.40"
-
-CVE_STATUS[CVE-2023-3777] = "cpe-stable-backport: Backported in 6.1.42"
-
-CVE_STATUS[CVE-2023-3812] = "fixed-version: Fixed from version 6.1rc4"
-
-CVE_STATUS[CVE-2023-38409] = "cpe-stable-backport: Backported in 6.1.25"
-
-CVE_STATUS[CVE-2023-38426] = "cpe-stable-backport: Backported in 6.1.30"
-
-CVE_STATUS[CVE-2023-38427] = "cpe-stable-backport: Backported in 6.1.34"
-
-CVE_STATUS[CVE-2023-38428] = "cpe-stable-backport: Backported in 6.1.30"
-
-CVE_STATUS[CVE-2023-38429] = "cpe-stable-backport: Backported in 6.1.30"
-
-CVE_STATUS[CVE-2023-38430] = "cpe-stable-backport: Backported in 6.1.35"
-
-CVE_STATUS[CVE-2023-38431] = "cpe-stable-backport: Backported in 6.1.34"
-
-CVE_STATUS[CVE-2023-38432] = "cpe-stable-backport: Backported in 6.1.36"
-
-CVE_STATUS[CVE-2023-3863] = "cpe-stable-backport: Backported in 6.1.39"
-
-CVE_STATUS[CVE-2023-3865] = "cpe-stable-backport: Backported in 6.1.36"
-
-CVE_STATUS[CVE-2023-3866] = "cpe-stable-backport: Backported in 6.1.36"
-
-CVE_STATUS[CVE-2023-3867] = "cpe-stable-backport: Backported in 6.1.40"
-
-CVE_STATUS[CVE-2023-39189] = "cpe-stable-backport: Backported in 6.1.54"
-
-# CVE-2023-39191 needs backporting (fixed from 6.3rc1)
-
-CVE_STATUS[CVE-2023-39192] = "cpe-stable-backport: Backported in 6.1.53"
-
-CVE_STATUS[CVE-2023-39193] = "cpe-stable-backport: Backported in 6.1.53"
-
-CVE_STATUS[CVE-2023-39194] = "cpe-stable-backport: Backported in 6.1.47"
-
-CVE_STATUS[CVE-2023-39197] = "cpe-stable-backport: Backported in 6.1.39"
-
-CVE_STATUS[CVE-2023-39198] = "cpe-stable-backport: Backported in 6.1.47"
-
-CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42"
-
-# CVE-2023-4010 has no known resolution
-
-CVE_STATUS[CVE-2023-4015] = "cpe-stable-backport: Backported in 6.1.43"
-
-CVE_STATUS[CVE-2023-40283] = "cpe-stable-backport: Backported in 6.1.45"
-
-CVE_STATUS[CVE-2023-40791] = "fixed-version: only affects 6.3rc1 onwards"
-
-CVE_STATUS[CVE-2023-4128] = "cpe-stable-backport: Backported in 6.1.45"
-
-CVE_STATUS[CVE-2023-4132] = "cpe-stable-backport: Backported in 6.1.39"
-
-# CVE-2023-4133 needs backporting (fixed from 6.3)
-
-# CVE-2023-4134 needs backporting (fixed from 6.5rc1)
-
-CVE_STATUS[CVE-2023-4147] = "cpe-stable-backport: Backported in 6.1.43"
-
-CVE_STATUS[CVE-2023-4155] = "cpe-stable-backport: Backported in 6.1.46"
-
-CVE_STATUS[CVE-2023-4194] = "fixed-version: only affects 6.3rc1 onwards"
-
-CVE_STATUS[CVE-2023-4206] = "cpe-stable-backport: Backported in 6.1.45"
-
-CVE_STATUS[CVE-2023-4207] = "cpe-stable-backport: Backported in 6.1.45"
-
-CVE_STATUS[CVE-2023-4208] = "cpe-stable-backport: Backported in 6.1.45"
-
-CVE_STATUS[CVE-2023-4244] = "cpe-stable-backport: Backported in 6.1.56"
-
-CVE_STATUS[CVE-2023-4273] = "cpe-stable-backport: Backported in 6.1.45"
-
-CVE_STATUS[CVE-2023-42752] = "cpe-stable-backport: Backported in 6.1.53"
-
-CVE_STATUS[CVE-2023-42753] = "cpe-stable-backport: Backported in 6.1.53"
-
-CVE_STATUS[CVE-2023-42754] = "cpe-stable-backport: Backported in 6.1.56"
-
-CVE_STATUS[CVE-2023-42755] = "cpe-stable-backport: Backported in 6.1.55"
-
-CVE_STATUS[CVE-2023-42756] = "fixed-version: only affects 6.4rc6 onwards"
-
-CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed from version 5.19rc1"
-
-CVE_STATUS[CVE-2023-4387] = "fixed-version: Fixed from version 5.18"
-
-CVE_STATUS[CVE-2023-4389] = "fixed-version: Fixed from version 5.18rc3"
-
-CVE_STATUS[CVE-2023-4394] = "fixed-version: Fixed from version 6.0rc3"
-
-CVE_STATUS[CVE-2023-44466] = "cpe-stable-backport: Backported in 6.1.40"
-
-CVE_STATUS[CVE-2023-4459] = "fixed-version: Fixed from version 5.18"
-
-CVE_STATUS[CVE-2023-4563] = "cpe-stable-backport: Backported in 6.1.56"
-
-CVE_STATUS[CVE-2023-4569] = "cpe-stable-backport: Backported in 6.1.47"
-
-CVE_STATUS[CVE-2023-45862] = "cpe-stable-backport: Backported in 6.1.18"
-
-CVE_STATUS[CVE-2023-45863] = "cpe-stable-backport: Backported in 6.1.16"
-
-CVE_STATUS[CVE-2023-45871] = "cpe-stable-backport: Backported in 6.1.53"
-
-CVE_STATUS[CVE-2023-45898] = "fixed-version: only affects 6.5rc1 onwards"
-
-# CVE-2023-4610 needs backporting (fixed from 6.4)
-
-CVE_STATUS[CVE-2023-4611] = "fixed-version: only affects 6.4rc1 onwards"
-
-# CVE-2023-4622 needs backporting (fixed from 6.5rc1)
-
-CVE_STATUS[CVE-2023-4623] = "cpe-stable-backport: Backported in 6.1.53"
-
-CVE_STATUS[CVE-2023-46813] = "cpe-stable-backport: Backported in 6.1.60"
-
-CVE_STATUS[CVE-2023-46862] = "cpe-stable-backport: Backported in 6.1.61"
-
-# CVE-2023-47233 has no known resolution
-
-CVE_STATUS[CVE-2023-4732] = "fixed-version: Fixed from version 5.14rc1"
-
-CVE_STATUS[CVE-2023-4881] = "cpe-stable-backport: Backported in 6.1.54"
-
-CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54"
-
-# CVE-2023-50431 has no known resolution
-
-CVE_STATUS[CVE-2023-5090] = "cpe-stable-backport: Backported in 6.1.62"
-
-CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57"
-
-# CVE-2023-51779 needs backporting (fixed from 6.7rc7)
-
-CVE_STATUS[CVE-2023-5178] = "cpe-stable-backport: Backported in 6.1.60"
-
-CVE_STATUS[CVE-2023-51780] = "cpe-stable-backport: Backported in 6.1.69"
-
-CVE_STATUS[CVE-2023-51781] = "cpe-stable-backport: Backported in 6.1.69"
-
-CVE_STATUS[CVE-2023-51782] = "cpe-stable-backport: Backported in 6.1.69"
-
-CVE_STATUS[CVE-2023-5197] = "cpe-stable-backport: Backported in 6.1.56"
-
-CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56"
-
-CVE_STATUS[CVE-2023-5633] = "fixed-version: only affects 6.2 onwards"
-
-CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.1.60"
-
-CVE_STATUS[CVE-2023-5972] = "fixed-version: only affects 6.2rc1 onwards"
-
-# CVE-2023-6039 needs backporting (fixed from 6.5rc5)
-
-CVE_STATUS[CVE-2023-6111] = "fixed-version: only affects 6.6rc3 onwards"
-
-CVE_STATUS[CVE-2023-6121] = "cpe-stable-backport: Backported in 6.1.65"
-
-CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.1.54"
-
-# CVE-2023-6238 has no known resolution
-
-# CVE-2023-6356 has no known resolution
-
-# CVE-2023-6535 has no known resolution
-
-# CVE-2023-6536 has no known resolution
-
-CVE_STATUS[CVE-2023-6546] = "cpe-stable-backport: Backported in 6.1.47"
-
-# CVE-2023-6560 needs backporting (fixed from 6.7rc4)
-
-# CVE-2023-6606 needs backporting (fixed from 6.7rc7)
-
-# CVE-2023-6610 needs backporting (fixed from 6.7rc7)
-
-CVE_STATUS[CVE-2023-6622] = "cpe-stable-backport: Backported in 6.1.68"
-
-# CVE-2023-6679 needs backporting (fixed from 6.7rc6)
-
-CVE_STATUS[CVE-2023-6817] = "cpe-stable-backport: Backported in 6.1.68"
-
-CVE_STATUS[CVE-2023-6931] = "cpe-stable-backport: Backported in 6.1.68"
-
-CVE_STATUS[CVE-2023-6932] = "cpe-stable-backport: Backported in 6.1.66"
-
-# CVE-2023-7042 has no known resolution
-
diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.6.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.6.inc
index ee7df04..3a4451b 100644
--- a/poky/meta/recipes-kernel/linux/cve-exclusion_6.6.inc
+++ b/poky/meta/recipes-kernel/linux/cve-exclusion_6.6.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-01-03 18:54:52.866645+00:00 for version 6.6.9
+# Generated at 2024-01-18 21:07:26.764606+00:00 for version 6.6.12
 
 python check_kernel_cve_status_version() {
-    this_version = "6.6.9"
+    this_version = "6.6.12"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -4584,6 +4584,8 @@
 
 CVE_STATUS[CVE-2022-48502] = "fixed-version: Fixed from version 6.2rc1"
 
+CVE_STATUS[CVE-2022-48619] = "fixed-version: Fixed from version 5.18rc1"
+
 CVE_STATUS[CVE-2023-0030] = "fixed-version: Fixed from version 5.0rc1"
 
 CVE_STATUS[CVE-2023-0045] = "fixed-version: Fixed from version 6.2rc3"
@@ -4666,6 +4668,8 @@
 
 CVE_STATUS[CVE-2023-1390] = "fixed-version: Fixed from version 5.11rc4"
 
+# CVE-2023-1476 has no known resolution
+
 CVE_STATUS[CVE-2023-1513] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2023-1582] = "fixed-version: Fixed from version 5.17rc4"
@@ -5114,7 +5118,7 @@
 
 CVE_STATUS[CVE-2023-5158] = "fixed-version: Fixed from version 6.6rc5"
 
-# CVE-2023-51779 needs backporting (fixed from 6.7rc7)
+CVE_STATUS[CVE-2023-51779] = "cpe-stable-backport: Backported in 6.6.9"
 
 CVE_STATUS[CVE-2023-5178] = "fixed-version: Fixed from version 6.6rc7"
 
@@ -5136,6 +5140,8 @@
 
 CVE_STATUS[CVE-2023-6039] = "fixed-version: Fixed from version 6.5rc5"
 
+CVE_STATUS[CVE-2023-6040] = "fixed-version: Fixed from version 5.18rc1"
+
 CVE_STATUS[CVE-2023-6111] = "cpe-stable-backport: Backported in 6.6.3"
 
 CVE_STATUS[CVE-2023-6121] = "cpe-stable-backport: Backported in 6.6.4"
@@ -5144,8 +5150,12 @@
 
 # CVE-2023-6238 has no known resolution
 
+# CVE-2023-6270 has no known resolution
+
 # CVE-2023-6356 has no known resolution
 
+CVE_STATUS[CVE-2023-6531] = "cpe-stable-backport: Backported in 6.6.7"
+
 # CVE-2023-6535 has no known resolution
 
 # CVE-2023-6536 has no known resolution
@@ -5154,13 +5164,13 @@
 
 CVE_STATUS[CVE-2023-6560] = "cpe-stable-backport: Backported in 6.6.5"
 
-# CVE-2023-6606 needs backporting (fixed from 6.7rc7)
+CVE_STATUS[CVE-2023-6606] = "cpe-stable-backport: Backported in 6.6.9"
 
 # CVE-2023-6610 needs backporting (fixed from 6.7rc7)
 
 CVE_STATUS[CVE-2023-6622] = "cpe-stable-backport: Backported in 6.6.7"
 
-# CVE-2023-6679 needs backporting (fixed from 6.7rc6)
+CVE_STATUS[CVE-2023-6679] = "fixed-version: only affects 6.7rc1 onwards"
 
 CVE_STATUS[CVE-2023-6817] = "cpe-stable-backport: Backported in 6.6.7"
 
@@ -5170,3 +5180,13 @@
 
 # CVE-2023-7042 has no known resolution
 
+CVE_STATUS[CVE-2023-7192] = "fixed-version: Fixed from version 6.3rc1"
+
+CVE_STATUS[CVE-2024-0193] = "cpe-stable-backport: Backported in 6.6.10"
+
+CVE_STATUS[CVE-2024-0340] = "fixed-version: Fixed from version 6.4rc6"
+
+CVE_STATUS[CVE-2024-0443] = "fixed-version: Fixed from version 6.4rc7"
+
+# Skipping dd=CVE-2023-1476, no affected_versions
+
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
deleted file mode 100644
index 3dbec14..0000000
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
+++ /dev/null
@@ -1,48 +0,0 @@
-KBRANCH ?= "v6.1/standard/preempt-rt/base"
-
-require recipes-kernel/linux/linux-yocto.inc
-
-# CVE exclusions
-include recipes-kernel/linux/cve-exclusion_6.1.inc
-
-# Skip processing of this recipe if it is not explicitly specified as the
-# PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying
-# to build multiple virtual/kernel providers, e.g. as dependency of
-# core-image-rt-sdk, core-image-rt.
-python () {
-    if d.getVar("KERNEL_PACKAGE_NAME") == "kernel" and d.getVar("PREFERRED_PROVIDER_virtual/kernel") != "linux-yocto-rt":
-        raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
-}
-
-SRCREV_machine ?= "c7164e4299dfbd93c9ec4f9bd307ebbb88aa6b71"
-SRCREV_meta ?= "4fe5dc52631f3b990aefbb3f97330137c4ebb288"
-
-SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
-           git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https"
-
-LINUX_VERSION ?= "6.1.70"
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-
-DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
-DEPENDS += "openssl-native util-linux-native"
-
-PV = "${LINUX_VERSION}+git"
-
-KMETA = "kernel-meta"
-KCONF_BSP_AUDIT_LEVEL = "1"
-
-LINUX_KERNEL_TYPE = "preempt-rt"
-
-COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm|qemuarmv5|qemuarm64|qemuppc|qemumips)$"
-
-KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb"
-
-# Functionality flags
-KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc features/taskstats/taskstats.scc"
-KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
-KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc"
-KERNEL_FEATURES:append:qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
-KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
-KERNEL_FEATURES:append = "${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}"
-KERNEL_FEATURES:append = "${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 90e5ead..d303891 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "7e43b4538ce1a9084c4a5f1b22372c98aa888958"
-SRCREV_meta ?= "11390e802ca72f3549b9356f036b17e54afd7a34"
+SRCREV_machine ?= "59ee8cb752a7e280cfe2d480964aa5b6c74e4203"
+SRCREV_meta ?= "48f7c852bd375b9340c68897ccd87ad89ead5f38"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.6.9"
+LINUX_VERSION ?= "6.6.12"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
deleted file mode 100644
index 01641a8..0000000
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
+++ /dev/null
@@ -1,33 +0,0 @@
-KBRANCH ?= "v6.1/standard/tiny/base"
-
-LINUX_KERNEL_TYPE = "tiny"
-KCONFIG_MODE = "--allnoconfig"
-
-require recipes-kernel/linux/linux-yocto.inc
-
-# CVE exclusions
-include recipes-kernel/linux/cve-exclusion_6.1.inc
-
-LINUX_VERSION ?= "6.1.70"
-LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-
-DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
-DEPENDS += "openssl-native util-linux-native"
-
-KMETA = "kernel-meta"
-KCONF_BSP_AUDIT_LEVEL = "2"
-
-SRCREV_machine ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e"
-SRCREV_meta ?= "4fe5dc52631f3b990aefbb3f97330137c4ebb288"
-
-PV = "${LINUX_VERSION}+git"
-
-SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
-           git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https"
-
-COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm64|qemuarm|qemuarmv5)$"
-
-# Functionality flags
-KERNEL_FEATURES = ""
-
-KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 5d87855..628a7cb 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.6.inc
 
-LINUX_VERSION ?= "6.6.9"
+LINUX_VERSION ?= "6.6.12"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "ff7ae7b32324226330214197e9b849d1aa35accd"
-SRCREV_meta ?= "11390e802ca72f3549b9356f036b17e54afd7a34"
+SRCREV_machine ?= "195b2994f955071be3dd16ff61127dbc6b2e0069"
+SRCREV_meta ?= "48f7c852bd375b9340c68897ccd87ad89ead5f38"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb
deleted file mode 100644
index fc7bed9..0000000
--- a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb
+++ /dev/null
@@ -1,73 +0,0 @@
-KBRANCH ?= "v6.1/standard/base"
-
-require recipes-kernel/linux/linux-yocto.inc
-
-# CVE exclusions
-include recipes-kernel/linux/cve-exclusion.inc
-include recipes-kernel/linux/cve-exclusion_6.1.inc
-
-# board specific branches
-KBRANCH:qemuarm  ?= "v6.1/standard/arm-versatile-926ejs"
-KBRANCH:qemuarm64 ?= "v6.1/standard/qemuarm64"
-KBRANCH:qemumips ?= "v6.1/standard/mti-malta32"
-KBRANCH:qemuppc  ?= "v6.1/standard/qemuppc"
-KBRANCH:qemuriscv64  ?= "v6.1/standard/base"
-KBRANCH:qemuriscv32  ?= "v6.1/standard/base"
-KBRANCH:qemux86  ?= "v6.1/standard/base"
-KBRANCH:qemux86-64 ?= "v6.1/standard/base"
-KBRANCH:qemuloongarch64  ?= "v6.1/standard/base"
-KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64"
-
-SRCREV_machine:qemuarm ?= "b763843c7f0f71c1488daf5d7453656360bfd217"
-SRCREV_machine:qemuarm64 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e"
-SRCREV_machine:qemuloongarch64 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e"
-SRCREV_machine:qemumips ?= "f72c516f5594f4eef9c26d380abf60768695c7da"
-SRCREV_machine:qemuppc ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e"
-SRCREV_machine:qemuriscv64 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e"
-SRCREV_machine:qemuriscv32 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e"
-SRCREV_machine:qemux86 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e"
-SRCREV_machine:qemux86-64 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e"
-SRCREV_machine:qemumips64 ?= "951e24cce7143380de09baa2d1d59062a969d021"
-SRCREV_machine ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e"
-SRCREV_meta ?= "4fe5dc52631f3b990aefbb3f97330137c4ebb288"
-
-# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
-# get the <version>/base branch, which is pure upstream -stable, and the same
-# meta SRCREV as the linux-yocto-standard builds. Select your version using the
-# normal PREFERRED_VERSION settings.
-BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "a507f147e6f06e86b7649b46bc1d3caa34b196d6"
-PN:class-devupstream = "linux-yocto-upstream"
-KBRANCH:class-devupstream = "v6.1/base"
-
-SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH};protocol=https \
-           git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https"
-SRC_URI += "file://0001-perf-cpumap-Make-counter-as-unsigned-ints.patch"
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.1.70"
-
-PV = "${LINUX_VERSION}+git"
-
-KMETA = "kernel-meta"
-KCONF_BSP_AUDIT_LEVEL = "1"
-
-KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb"
-
-COMPATIBLE_MACHINE = "^(qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemuppc64|qemumips|qemumips64|qemux86-64|qemuriscv64|qemuriscv32|qemuloongarch64)$"
-
-# Functionality flags
-KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc"
-KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
-KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc cfg/net/mdio.scc"
-KERNEL_FEATURES:append:qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
-KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
-KERNEL_FEATURES:append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "", d)}"
-KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}"
-KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}"
-KERNEL_FEATURES:append:powerpc =" arch/powerpc/powerpc-debug.scc"
-KERNEL_FEATURES:append:powerpc64 =" arch/powerpc/powerpc-debug.scc"
-KERNEL_FEATURES:append:powerpc64le =" arch/powerpc/powerpc-debug.scc"
-
-INSANE_SKIP:kernel-vmlinux:qemuppc64 = "textrel"
-
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index dbe4db9..ab72df5 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@
 KBRANCH:qemuloongarch64  ?= "v6.6/standard/base"
 KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "b0567ccb83b03434efe6bc00d7d672a59d50b82a"
-SRCREV_machine:qemuarm64 ?= "ff7ae7b32324226330214197e9b849d1aa35accd"
-SRCREV_machine:qemuloongarch64 ?= "ff7ae7b32324226330214197e9b849d1aa35accd"
-SRCREV_machine:qemumips ?= "df19050d1276ce9418652a39c31b77925b18fb17"
-SRCREV_machine:qemuppc ?= "ff7ae7b32324226330214197e9b849d1aa35accd"
-SRCREV_machine:qemuriscv64 ?= "ff7ae7b32324226330214197e9b849d1aa35accd"
-SRCREV_machine:qemuriscv32 ?= "ff7ae7b32324226330214197e9b849d1aa35accd"
-SRCREV_machine:qemux86 ?= "ff7ae7b32324226330214197e9b849d1aa35accd"
-SRCREV_machine:qemux86-64 ?= "ff7ae7b32324226330214197e9b849d1aa35accd"
-SRCREV_machine:qemumips64 ?= "2cab83c3f46765b9390918a91c4fc64a873a3443"
-SRCREV_machine ?= "ff7ae7b32324226330214197e9b849d1aa35accd"
-SRCREV_meta ?= "11390e802ca72f3549b9356f036b17e54afd7a34"
+SRCREV_machine:qemuarm ?= "f50c6da5bec6481c9fd5618176c768d4ff7afcdd"
+SRCREV_machine:qemuarm64 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069"
+SRCREV_machine:qemuloongarch64 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069"
+SRCREV_machine:qemumips ?= "0175e713ae72f9b4ed10d1702ab9386d294fe96c"
+SRCREV_machine:qemuppc ?= "195b2994f955071be3dd16ff61127dbc6b2e0069"
+SRCREV_machine:qemuriscv64 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069"
+SRCREV_machine:qemuriscv32 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069"
+SRCREV_machine:qemux86 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069"
+SRCREV_machine:qemux86-64 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069"
+SRCREV_machine:qemumips64 ?= "d41c8b84fcfcb4c2dd8eb856172cdc2b6a1bd342"
+SRCREV_machine ?= "195b2994f955071be3dd16ff61127dbc6b2e0069"
+SRCREV_meta ?= "48f7c852bd375b9340c68897ccd87ad89ead5f38"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "5e9df83a705290c4d974693097df1da9cbe25854"
+SRCREV_machine:class-devupstream ?= "47345b4264bc394a8d16bb16e8e7744965fa3934"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.6/base"
 
@@ -44,7 +44,7 @@
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.9"
+LINUX_VERSION ?= "6.6.12"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6228.patch b/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6228.patch
new file mode 100644
index 0000000..2020508
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6228.patch
@@ -0,0 +1,31 @@
+From 1e7d217a323eac701b134afc4ae39b6bdfdbc96a Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Wed, 17 Jan 2024 06:57:08 +0000
+Subject: [PATCH] codec of input image is available, independently from codec
+ check of output image and return with error if not.
+
+Fixes #606.
+
+CVE: CVE-2023-6228
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ tools/tiffcp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index aff0626..a4f7f6b 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -846,6 +846,8 @@ static int tiffcp(TIFF *in, TIFF *out)
+     if (!TIFFIsCODECConfigured(compression))
+         return FALSE;
+     TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression);
++    if (!TIFFIsCODECConfigured(input_compression))
++	    return FALSE;
+     TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric);
+     if (input_compression == COMPRESSION_JPEG)
+     {
+--
+2.40.0
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
index 4c472f8..eb8a096 100644
--- a/poky/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
+++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
@@ -12,6 +12,7 @@
            file://CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data.patch \
            file://CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data-2.patch \
            file://CVE-2023-6277-Apply-1-suggestion-s-to-1-file-s.patch \
+           file://CVE-2023-6228.patch \
            "
 
 SRC_URI[sha256sum] = "88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4b5d99a"
diff --git a/poky/meta/recipes-multimedia/pulseaudio/pulseaudio.inc b/poky/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
index 2245a73..ae16056 100644
--- a/poky/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
+++ b/poky/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
@@ -187,6 +187,7 @@
 FILES:${PN}-bin += "${sysconfdir}/default/volatiles/04_pulse"
 FILES:${PN}-pa-info = "${bindir}/pa-info"
 FILES:${PN}-server = "${bindir}/pulseaudio ${bindir}/start-* ${sysconfdir} ${bindir}/pactl */udev/rules.d/*.rules */*/udev/rules.d/*.rules ${systemd_user_unitdir}/*"
+FILES:${PN}-server += "${datadir}/dbus-1/system.d/pulseaudio-system.conf"
 
 #SYSTEMD_PACKAGES = "${PN}-server"
 SYSTEMD_SERVICE:${PN}-server = "pulseaudio.service"
diff --git a/poky/meta/recipes-multimedia/pulseaudio/pulseaudio_16.1.bb b/poky/meta/recipes-multimedia/pulseaudio/pulseaudio_17.0.bb
similarity index 83%
rename from poky/meta/recipes-multimedia/pulseaudio/pulseaudio_16.1.bb
rename to poky/meta/recipes-multimedia/pulseaudio/pulseaudio_17.0.bb
index 64002cd..54c79b4 100644
--- a/poky/meta/recipes-multimedia/pulseaudio/pulseaudio_16.1.bb
+++ b/poky/meta/recipes-multimedia/pulseaudio/pulseaudio_17.0.bb
@@ -6,5 +6,5 @@
            file://volatiles.04_pulse \
            file://0001-doxygen-meson.build-remove-dependency-on-doxygen-bin.patch \
            "
-SRC_URI[sha256sum] = "8eef32ce91d47979f95fd9a935e738cd7eb7463430dabc72863251751e504ae4"
+SRC_URI[sha256sum] = "053794d6671a3e397d849e478a80b82a63cb9d8ca296bd35b73317bb5ceb87b5"
 UPSTREAM_CHECK_REGEX = "pulseaudio-(?P<pver>\d+(\.(?!99)\d+)+)\.tar"
diff --git a/poky/meta/recipes-support/debianutils/debianutils_5.15.bb b/poky/meta/recipes-support/debianutils/debianutils_5.16.bb
similarity index 97%
rename from poky/meta/recipes-support/debianutils/debianutils_5.15.bb
rename to poky/meta/recipes-support/debianutils/debianutils_5.16.bb
index b1368a3..ec629d8 100644
--- a/poky/meta/recipes-support/debianutils/debianutils_5.15.bb
+++ b/poky/meta/recipes-support/debianutils/debianutils_5.16.bb
@@ -11,7 +11,7 @@
 SRC_URI = "git://salsa.debian.org/debian/debianutils.git;protocol=https;branch=master \
            "
 
-SRCREV = "d886c15810b58e57411048f57d7fb941a6819987"
+SRCREV = "9e0facf19b17b6d090a5dcc8cacb0c16e5ad9f72"
 
 inherit autotools update-alternatives
 
diff --git a/poky/meta/recipes-support/enchant/enchant2_2.6.4.bb b/poky/meta/recipes-support/enchant/enchant2_2.6.5.bb
similarity index 91%
rename from poky/meta/recipes-support/enchant/enchant2_2.6.4.bb
rename to poky/meta/recipes-support/enchant/enchant2_2.6.5.bb
index 431d02e..1d5c716 100644
--- a/poky/meta/recipes-support/enchant/enchant2_2.6.4.bb
+++ b/poky/meta/recipes-support/enchant/enchant2_2.6.5.bb
@@ -12,7 +12,7 @@
 inherit autotools pkgconfig github-releases
 
 SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/enchant-${PV}.tar.gz"
-SRC_URI[sha256sum] = "833b4d5600dbe9ac867e543aac6a7a40ad145351495ca41223d4499d3ddbbd2c"
+SRC_URI[sha256sum] = "9e8fd28cb65a7b6da3545878a5c2f52a15f03c04933a5ff48db89fe86845728e"
 
 GITHUB_BASE_URI = "https://github.com/AbiWord/enchant/releases"
 
diff --git a/poky/meta/recipes-support/libpsl/libpsl_0.21.2.bb b/poky/meta/recipes-support/libpsl/libpsl_0.21.5.bb
similarity index 79%
rename from poky/meta/recipes-support/libpsl/libpsl_0.21.2.bb
rename to poky/meta/recipes-support/libpsl/libpsl_0.21.5.bb
index 3bbbc0e..b9341a9 100644
--- a/poky/meta/recipes-support/libpsl/libpsl_0.21.2.bb
+++ b/poky/meta/recipes-support/libpsl/libpsl_0.21.5.bb
@@ -7,13 +7,13 @@
 BUGTRACKER = "https://github.com/rockdaboot/libpsl/issues"
 
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=6f40ab7fcf5ff18f3ff7f4b0860493fa \
-                    file://COPYING;md5=6f40ab7fcf5ff18f3ff7f4b0860493fa \
+LIC_FILES_CHKSUM = "file://LICENSE;md5=9f9e317096db2a598fc44237c5b8a4f7 \
+                    file://COPYING;md5=9f9e317096db2a598fc44237c5b8a4f7 \
                     "
 
 SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \
            "
-SRC_URI[sha256sum] = "e35991b6e17001afa2c0ca3b10c357650602b92596209b7492802f3768a6285f"
+SRC_URI[sha256sum] = "1dcc9ceae8b128f3c0b3f654decd0e1e891afc6ff81098f227ef260449dae208"
 
 GITHUB_BASE_URI = "https://github.com/rockdaboot/libpsl/releases"
 
diff --git a/poky/meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch b/poky/meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch
new file mode 100644
index 0000000..ab0f419
--- /dev/null
+++ b/poky/meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch
@@ -0,0 +1,466 @@
+From d4634630432594b139b3af6b9f254b890c0f275d Mon Sep 17 00:00:00 2001
+From: Michael Buckley <michael@buckleyisms.com>
+Date: Thu, 30 Nov 2023 15:08:02 -0800
+Subject: [PATCH] src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack"
+
+Refs:
+https://terrapin-attack.com/
+https://seclists.org/oss-sec/2023/q4/292
+https://osv.dev/list?ecosystem=&q=CVE-2023-48795
+https://github.com/advisories/GHSA-45x7-px36-x8w8
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
+
+Fixes #1290
+Closes #1291
+
+CVE: CVE-2023-48795
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ src/kex.c          | 63 +++++++++++++++++++++++------------
+ src/libssh2_priv.h | 18 +++++++---
+ src/packet.c       | 83 +++++++++++++++++++++++++++++++++++++++++++---
+ src/packet.h       |  2 +-
+ src/session.c      |  3 ++
+ src/transport.c    | 12 ++++++-
+ 6 files changed, 149 insertions(+), 32 deletions(-)
+
+diff --git a/src/kex.c b/src/kex.c
+index d4034a0a..b4b748ca 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -3037,6 +3037,13 @@ kex_method_extension_negotiation = {
+     0,
+ };
+ 
++static const LIBSSH2_KEX_METHOD
++kex_method_strict_client_extension = {
++    "kex-strict-c-v00@openssh.com",
++    NULL,
++    0,
++};
++
+ static const LIBSSH2_KEX_METHOD *libssh2_kex_methods[] = {
+ #if LIBSSH2_ED25519
+     &kex_method_ssh_curve25519_sha256,
+@@ -3055,6 +3062,7 @@ static const LIBSSH2_KEX_METHOD *libssh2_kex_methods[] = {
+     &kex_method_diffie_helman_group1_sha1,
+     &kex_method_diffie_helman_group_exchange_sha1,
+     &kex_method_extension_negotiation,
++    &kex_method_strict_client_extension,
+     NULL
+ };
+ 
+@@ -3307,13 +3315,13 @@ static int kexinit(LIBSSH2_SESSION * session)
+     return 0;
+ }
+ 
+-/* kex_agree_instr
++/* _libssh2_kex_agree_instr
+  * Kex specific variant of strstr()
+  * Needle must be preceded by BOL or ',', and followed by ',' or EOL
+  */
+-static unsigned char *
+-kex_agree_instr(unsigned char *haystack, size_t haystack_len,
+-                const unsigned char *needle, size_t needle_len)
++unsigned char *
++_libssh2_kex_agree_instr(unsigned char *haystack, size_t haystack_len,
++                         const unsigned char *needle, size_t needle_len)
+ {
+     unsigned char *s;
+     unsigned char *end_haystack;
+@@ -3398,7 +3406,7 @@ static int kex_agree_hostkey(LIBSSH2_SESSION * session,
+         while(s && *s) {
+             unsigned char *p = (unsigned char *) strchr((char *) s, ',');
+             size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s));
+-            if(kex_agree_instr(hostkey, hostkey_len, s, method_len)) {
++            if(_libssh2_kex_agree_instr(hostkey, hostkey_len, s, method_len)) {
+                 const LIBSSH2_HOSTKEY_METHOD *method =
+                     (const LIBSSH2_HOSTKEY_METHOD *)
+                     kex_get_method_by_name((char *) s, method_len,
+@@ -3432,9 +3440,9 @@ static int kex_agree_hostkey(LIBSSH2_SESSION * session,
+     }
+ 
+     while(hostkeyp && (*hostkeyp) && (*hostkeyp)->name) {
+-        s = kex_agree_instr(hostkey, hostkey_len,
+-                            (unsigned char *) (*hostkeyp)->name,
+-                            strlen((*hostkeyp)->name));
++        s = _libssh2_kex_agree_instr(hostkey, hostkey_len,
++                                     (unsigned char *) (*hostkeyp)->name,
++                                     strlen((*hostkeyp)->name));
+         if(s) {
+             /* So far so good, but does it suit our purposes? (Encrypting vs
+                Signing) */
+@@ -3468,6 +3476,12 @@ static int kex_agree_kex_hostkey(LIBSSH2_SESSION * session, unsigned char *kex,
+ {
+     const LIBSSH2_KEX_METHOD **kexp = libssh2_kex_methods;
+     unsigned char *s;
++    const unsigned char *strict =
++        (unsigned char *)"kex-strict-s-v00@openssh.com";
++
++    if(_libssh2_kex_agree_instr(kex, kex_len, strict, 28)) {
++        session->kex_strict = 1;
++    }
+ 
+     if(session->kex_prefs) {
+         s = (unsigned char *) session->kex_prefs;
+@@ -3475,7 +3489,7 @@ static int kex_agree_kex_hostkey(LIBSSH2_SESSION * session, unsigned char *kex,
+         while(s && *s) {
+             unsigned char *q, *p = (unsigned char *) strchr((char *) s, ',');
+             size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s));
+-            q = kex_agree_instr(kex, kex_len, s, method_len);
++            q = _libssh2_kex_agree_instr(kex, kex_len, s, method_len);
+             if(q) {
+                 const LIBSSH2_KEX_METHOD *method = (const LIBSSH2_KEX_METHOD *)
+                     kex_get_method_by_name((char *) s, method_len,
+@@ -3509,9 +3523,9 @@ static int kex_agree_kex_hostkey(LIBSSH2_SESSION * session, unsigned char *kex,
+     }
+ 
+     while(*kexp && (*kexp)->name) {
+-        s = kex_agree_instr(kex, kex_len,
+-                            (unsigned char *) (*kexp)->name,
+-                            strlen((*kexp)->name));
++        s = _libssh2_kex_agree_instr(kex, kex_len,
++                                     (unsigned char *) (*kexp)->name,
++                                     strlen((*kexp)->name));
+         if(s) {
+             /* We've agreed on a key exchange method,
+              * Can we agree on a hostkey that works with this kex?
+@@ -3555,7 +3569,7 @@ static int kex_agree_crypt(LIBSSH2_SESSION * session,
+             unsigned char *p = (unsigned char *) strchr((char *) s, ',');
+             size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s));
+ 
+-            if(kex_agree_instr(crypt, crypt_len, s, method_len)) {
++            if(_libssh2_kex_agree_instr(crypt, crypt_len, s, method_len)) {
+                 const LIBSSH2_CRYPT_METHOD *method =
+                     (const LIBSSH2_CRYPT_METHOD *)
+                     kex_get_method_by_name((char *) s, method_len,
+@@ -3577,9 +3591,9 @@ static int kex_agree_crypt(LIBSSH2_SESSION * session,
+     }
+ 
+     while(*cryptp && (*cryptp)->name) {
+-        s = kex_agree_instr(crypt, crypt_len,
+-                            (unsigned char *) (*cryptp)->name,
+-                            strlen((*cryptp)->name));
++        s = _libssh2_kex_agree_instr(crypt, crypt_len,
++                                     (unsigned char *) (*cryptp)->name,
++                                     strlen((*cryptp)->name));
+         if(s) {
+             endpoint->crypt = *cryptp;
+             return 0;
+@@ -3619,7 +3633,7 @@ static int kex_agree_mac(LIBSSH2_SESSION * session,
+             unsigned char *p = (unsigned char *) strchr((char *) s, ',');
+             size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s));
+ 
+-            if(kex_agree_instr(mac, mac_len, s, method_len)) {
++            if(_libssh2_kex_agree_instr(mac, mac_len, s, method_len)) {
+                 const LIBSSH2_MAC_METHOD *method = (const LIBSSH2_MAC_METHOD *)
+                     kex_get_method_by_name((char *) s, method_len,
+                                            (const LIBSSH2_COMMON_METHOD **)
+@@ -3640,8 +3654,9 @@ static int kex_agree_mac(LIBSSH2_SESSION * session,
+     }
+ 
+     while(*macp && (*macp)->name) {
+-        s = kex_agree_instr(mac, mac_len, (unsigned char *) (*macp)->name,
+-                            strlen((*macp)->name));
++        s = _libssh2_kex_agree_instr(mac, mac_len,
++                                     (unsigned char *) (*macp)->name,
++                                     strlen((*macp)->name));
+         if(s) {
+             endpoint->mac = *macp;
+             return 0;
+@@ -3672,7 +3687,7 @@ static int kex_agree_comp(LIBSSH2_SESSION *session,
+             unsigned char *p = (unsigned char *) strchr((char *) s, ',');
+             size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s));
+ 
+-            if(kex_agree_instr(comp, comp_len, s, method_len)) {
++            if(_libssh2_kex_agree_instr(comp, comp_len, s, method_len)) {
+                 const LIBSSH2_COMP_METHOD *method =
+                     (const LIBSSH2_COMP_METHOD *)
+                     kex_get_method_by_name((char *) s, method_len,
+@@ -3694,8 +3709,9 @@ static int kex_agree_comp(LIBSSH2_SESSION *session,
+     }
+ 
+     while(*compp && (*compp)->name) {
+-        s = kex_agree_instr(comp, comp_len, (unsigned char *) (*compp)->name,
+-                            strlen((*compp)->name));
++        s = _libssh2_kex_agree_instr(comp, comp_len,
++                                     (unsigned char *) (*compp)->name,
++                                     strlen((*compp)->name));
+         if(s) {
+             endpoint->comp = *compp;
+             return 0;
+@@ -3876,6 +3892,7 @@ _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange,
+                 session->local.kexinit = key_state->oldlocal;
+                 session->local.kexinit_len = key_state->oldlocal_len;
+                 key_state->state = libssh2_NB_state_idle;
++                session->state &= ~LIBSSH2_STATE_INITIAL_KEX;
+                 session->state &= ~LIBSSH2_STATE_KEX_ACTIVE;
+                 session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS;
+                 return -1;
+@@ -3901,6 +3918,7 @@ _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange,
+                 session->local.kexinit = key_state->oldlocal;
+                 session->local.kexinit_len = key_state->oldlocal_len;
+                 key_state->state = libssh2_NB_state_idle;
++                session->state &= ~LIBSSH2_STATE_INITIAL_KEX;
+                 session->state &= ~LIBSSH2_STATE_KEX_ACTIVE;
+                 session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS;
+                 return -1;
+@@ -3949,6 +3967,7 @@ _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange,
+         session->remote.kexinit = NULL;
+     }
+ 
++    session->state &= ~LIBSSH2_STATE_INITIAL_KEX;
+     session->state &= ~LIBSSH2_STATE_KEX_ACTIVE;
+     session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS;
+ 
+diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h
+index 82c3afe2..ee1d8b5c 100644
+--- a/src/libssh2_priv.h
++++ b/src/libssh2_priv.h
+@@ -699,6 +699,9 @@ struct _LIBSSH2_SESSION
+     /* key signing algorithm preferences -- NULL yields server order */
+     char *sign_algo_prefs;
+ 
++    /* Whether to use the OpenSSH Strict KEX extension */
++    int kex_strict;
++
+     /* (remote as source of data -- packet_read ) */
+     libssh2_endpoint_data remote;
+ 
+@@ -870,6 +873,7 @@ struct _LIBSSH2_SESSION
+     int fullpacket_macstate;
+     size_t fullpacket_payload_len;
+     int fullpacket_packet_type;
++    uint32_t fullpacket_required_type;
+ 
+     /* State variables used in libssh2_sftp_init() */
+     libssh2_nonblocking_states sftpInit_state;
+@@ -910,10 +914,11 @@ struct _LIBSSH2_SESSION
+ };
+ 
+ /* session.state bits */
+-#define LIBSSH2_STATE_EXCHANGING_KEYS   0x00000001
+-#define LIBSSH2_STATE_NEWKEYS           0x00000002
+-#define LIBSSH2_STATE_AUTHENTICATED     0x00000004
+-#define LIBSSH2_STATE_KEX_ACTIVE        0x00000008
++#define LIBSSH2_STATE_INITIAL_KEX       0x00000001
++#define LIBSSH2_STATE_EXCHANGING_KEYS   0x00000002
++#define LIBSSH2_STATE_NEWKEYS           0x00000004
++#define LIBSSH2_STATE_AUTHENTICATED     0x00000008
++#define LIBSSH2_STATE_KEX_ACTIVE        0x00000010
+ 
+ /* session.flag helpers */
+ #ifdef MSG_NOSIGNAL
+@@ -1144,6 +1149,11 @@ ssize_t _libssh2_send(libssh2_socket_t socket, const void *buffer,
+ int _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange,
+                           key_exchange_state_t * state);
+ 
++unsigned char *_libssh2_kex_agree_instr(unsigned char *haystack,
++                                        size_t haystack_len,
++                                        const unsigned char *needle,
++                                        size_t needle_len);
++
+ /* Let crypt.c/hostkey.c expose their method structs */
+ const LIBSSH2_CRYPT_METHOD **libssh2_crypt_methods(void);
+ const LIBSSH2_HOSTKEY_METHOD **libssh2_hostkey_methods(void);
+diff --git a/src/packet.c b/src/packet.c
+index b5b41981..35d4d39e 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -605,14 +605,13 @@ authagent_exit:
+  * layer when it has received a packet.
+  *
+  * The input pointer 'data' is pointing to allocated data that this function
+- * is asked to deal with so on failure OR success, it must be freed fine.
+- * The only exception is when the return code is LIBSSH2_ERROR_EAGAIN.
++ * will be freed unless return the code is LIBSSH2_ERROR_EAGAIN.
+  *
+  * This function will always be called with 'datalen' greater than zero.
+  */
+ int
+ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+-                    size_t datalen, int macstate)
++                    size_t datalen, int macstate, uint32_t seq)
+ {
+     int rc = 0;
+     unsigned char *message = NULL;
+@@ -657,6 +656,70 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+         break;
+     }
+ 
++    if(session->state & LIBSSH2_STATE_INITIAL_KEX) {
++        if(msg == SSH_MSG_KEXINIT) {
++            if(!session->kex_strict) {
++                if(datalen < 17) {
++                    LIBSSH2_FREE(session, data);
++                    session->packAdd_state = libssh2_NB_state_idle;
++                    return _libssh2_error(session,
++                                          LIBSSH2_ERROR_BUFFER_TOO_SMALL,
++                                          "Data too short extracting kex");
++                }
++                else {
++                    const unsigned char *strict =
++                    (unsigned char *)"kex-strict-s-v00@openssh.com";
++                    struct string_buf buf;
++                    unsigned char *algs = NULL;
++                    size_t algs_len = 0;
++
++                    buf.data = (unsigned char *)data;
++                    buf.dataptr = buf.data;
++                    buf.len = datalen;
++                    buf.dataptr += 17; /* advance past type and cookie */
++
++                    if(_libssh2_get_string(&buf, &algs, &algs_len)) {
++                        LIBSSH2_FREE(session, data);
++                        session->packAdd_state = libssh2_NB_state_idle;
++                        return _libssh2_error(session,
++                                              LIBSSH2_ERROR_BUFFER_TOO_SMALL,
++                                              "Algs too short");
++                    }
++
++                    if(algs_len == 0 ||
++                       _libssh2_kex_agree_instr(algs, algs_len, strict, 28)) {
++                        session->kex_strict = 1;
++                    }
++                }
++            }
++
++            if(session->kex_strict && seq) {
++                LIBSSH2_FREE(session, data);
++                session->socket_state = LIBSSH2_SOCKET_DISCONNECTED;
++                session->packAdd_state = libssh2_NB_state_idle;
++                libssh2_session_disconnect(session, "strict KEX violation: "
++                                           "KEXINIT was not the first packet");
++
++                return _libssh2_error(session, LIBSSH2_ERROR_SOCKET_DISCONNECT,
++                                      "strict KEX violation: "
++                                      "KEXINIT was not the first packet");
++            }
++        }
++
++        if(session->kex_strict && session->fullpacket_required_type &&
++            session->fullpacket_required_type != msg) {
++            LIBSSH2_FREE(session, data);
++            session->socket_state = LIBSSH2_SOCKET_DISCONNECTED;
++            session->packAdd_state = libssh2_NB_state_idle;
++            libssh2_session_disconnect(session, "strict KEX violation: "
++                                       "unexpected packet type");
++
++            return _libssh2_error(session, LIBSSH2_ERROR_SOCKET_DISCONNECT,
++                                  "strict KEX violation: "
++                                  "unexpected packet type");
++        }
++    }
++
+     if(session->packAdd_state == libssh2_NB_state_allocated) {
+         /* A couple exceptions to the packet adding rule: */
+         switch(msg) {
+@@ -1341,6 +1404,15 @@ _libssh2_packet_ask(LIBSSH2_SESSION * session, unsigned char packet_type,
+ 
+             return 0;
+         }
++        else if(session->kex_strict &&
++                (session->state & LIBSSH2_STATE_INITIAL_KEX)) {
++            libssh2_session_disconnect(session, "strict KEX violation: "
++                                       "unexpected packet type");
++
++            return _libssh2_error(session, LIBSSH2_ERROR_SOCKET_DISCONNECT,
++                                  "strict KEX violation: "
++                                  "unexpected packet type");
++        }
+         packet = _libssh2_list_next(&packet->node);
+     }
+     return -1;
+@@ -1402,7 +1474,10 @@ _libssh2_packet_require(LIBSSH2_SESSION * session, unsigned char packet_type,
+     }
+ 
+     while(session->socket_state == LIBSSH2_SOCKET_CONNECTED) {
+-        int ret = _libssh2_transport_read(session);
++        int ret;
++        session->fullpacket_required_type = packet_type;
++        ret = _libssh2_transport_read(session);
++        session->fullpacket_required_type = 0;
+         if(ret == LIBSSH2_ERROR_EAGAIN)
+             return ret;
+         else if(ret < 0) {
+diff --git a/src/packet.h b/src/packet.h
+index 79018bcf..6ea100a5 100644
+--- a/src/packet.h
++++ b/src/packet.h
+@@ -71,6 +71,6 @@ int _libssh2_packet_burn(LIBSSH2_SESSION * session,
+ int _libssh2_packet_write(LIBSSH2_SESSION * session, unsigned char *data,
+                           unsigned long data_len);
+ int _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+-                        size_t datalen, int macstate);
++                        size_t datalen, int macstate, uint32_t seq);
+ 
+ #endif /* __LIBSSH2_PACKET_H */
+diff --git a/src/session.c b/src/session.c
+index a4d602ba..f4bafb57 100644
+--- a/src/session.c
++++ b/src/session.c
+@@ -464,6 +464,8 @@ libssh2_session_init_ex(LIBSSH2_ALLOC_FUNC((*my_alloc)),
+         session->abstract = abstract;
+         session->api_timeout = 0; /* timeout-free API by default */
+         session->api_block_mode = 1; /* blocking API by default */
++        session->state = LIBSSH2_STATE_INITIAL_KEX;
++        session->fullpacket_required_type = 0;
+         session->packet_read_timeout = LIBSSH2_DEFAULT_READ_TIMEOUT;
+         session->flag.quote_paths = 1; /* default behavior is to quote paths
+                                           for the scp subsystem */
+@@ -1186,6 +1188,7 @@ libssh2_session_disconnect_ex(LIBSSH2_SESSION *session, int reason,
+                               const char *desc, const char *lang)
+ {
+     int rc;
++    session->state &= ~LIBSSH2_STATE_INITIAL_KEX;
+     session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS;
+     BLOCK_ADJUST(rc, session,
+                  session_disconnect(session, reason, desc, lang));
+diff --git a/src/transport.c b/src/transport.c
+index 6d902d33..3b30ff84 100644
+--- a/src/transport.c
++++ b/src/transport.c
+@@ -187,6 +187,7 @@ fullpacket(LIBSSH2_SESSION * session, int encrypted /* 1 or 0 */ )
+     struct transportpacket *p = &session->packet;
+     int rc;
+     int compressed;
++    uint32_t seq = session->remote.seqno;
+ 
+     if(session->fullpacket_state == libssh2_NB_state_idle) {
+         session->fullpacket_macstate = LIBSSH2_MAC_CONFIRMED;
+@@ -318,7 +319,7 @@ fullpacket(LIBSSH2_SESSION * session, int encrypted /* 1 or 0 */ )
+     if(session->fullpacket_state == libssh2_NB_state_created) {
+         rc = _libssh2_packet_add(session, p->payload,
+                                  session->fullpacket_payload_len,
+-                                 session->fullpacket_macstate);
++                                 session->fullpacket_macstate, seq);
+         if(rc == LIBSSH2_ERROR_EAGAIN)
+             return rc;
+         if(rc) {
+@@ -329,6 +330,11 @@ fullpacket(LIBSSH2_SESSION * session, int encrypted /* 1 or 0 */ )
+ 
+     session->fullpacket_state = libssh2_NB_state_idle;
+ 
++    if(session->kex_strict &&
++        session->fullpacket_packet_type == SSH_MSG_NEWKEYS) {
++        session->remote.seqno = 0;
++    }
++
+     return session->fullpacket_packet_type;
+ }
+ 
+@@ -1091,6 +1097,10 @@ int _libssh2_transport_send(LIBSSH2_SESSION *session,
+ 
+     session->local.seqno++;
+ 
++    if(session->kex_strict && data[0] == SSH_MSG_NEWKEYS) {
++        session->local.seqno = 0;
++    }
++
+     ret = LIBSSH2_SEND(session, p->outbuf, total_length,
+                        LIBSSH2_SOCKET_SEND_FLAGS(session));
+     if(ret < 0)
+-- 
+2.34.1
+
diff --git a/poky/meta/recipes-support/libssh2/libssh2_1.11.0.bb b/poky/meta/recipes-support/libssh2/libssh2_1.11.0.bb
index edc25db..5100e6f 100644
--- a/poky/meta/recipes-support/libssh2/libssh2_1.11.0.bb
+++ b/poky/meta/recipes-support/libssh2/libssh2_1.11.0.bb
@@ -9,6 +9,7 @@
 
 SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \
            file://run-ptest \
+           file://CVE-2023-48795.patch \
            "
 
 SRC_URI[sha256sum] = "3736161e41e2693324deb38c26cfdc3efe6209d634ba4258db1cecff6a5ad461"
diff --git a/poky/meta/recipes-support/p11-kit/files/fix-parallel-build-failures.patch b/poky/meta/recipes-support/p11-kit/files/fix-parallel-build-failures.patch
new file mode 100644
index 0000000..47df027
--- /dev/null
+++ b/poky/meta/recipes-support/p11-kit/files/fix-parallel-build-failures.patch
@@ -0,0 +1,33 @@
+It fails occasionally with missing generated header files:
+
+| ../git/common/asn1.c:42:10: fatal error: openssl.asn.h: No such file or directory
+|    42 | #include "openssl.asn.h"
+|       |          ^~~~~~~~~~~~~~~
+| compilation terminated.
+
+According to meson manual page:
+
+https://mesonbuild.com/Wrap-best-practices-and-tips.html#declare-generated-headers-explicitly
+
+'asn_h_dep' should be a dependency of static_library target 'libp11_asn1' to
+make sure that required header files generated before compile common/asn1.c.
+
+Upstream-Status: Submitted [https://github.com/p11-glue/p11-kit/pull/619]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+ common/meson.build | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/common/meson.build b/common/meson.build
+index dc86d7b..cc3ec48 100644
+--- a/common/meson.build
++++ b/common/meson.build
+@@ -113,6 +113,7 @@ if with_asn1
+     'p11-asn1', libp11_asn1_sources,
+     gnu_symbol_visibility: 'hidden',
+     include_directories: configinc,
++    dependencies: asn_h_dep,
+   )
+ 
+   libp11_asn1_dep = declare_dependency(
diff --git a/poky/meta/recipes-support/p11-kit/p11-kit_0.25.3.bb b/poky/meta/recipes-support/p11-kit/p11-kit_0.25.3.bb
index 9e95942..b7ebd44 100644
--- a/poky/meta/recipes-support/p11-kit/p11-kit_0.25.3.bb
+++ b/poky/meta/recipes-support/p11-kit/p11-kit_0.25.3.bb
@@ -10,7 +10,9 @@
 
 DEPENDS:append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}"
 
-SRC_URI = "gitsm://github.com/p11-glue/p11-kit;branch=master;protocol=https"
+SRC_URI = "gitsm://github.com/p11-glue/p11-kit;branch=master;protocol=https \
+           file://fix-parallel-build-failures.patch \
+           "
 SRCREV = "917e02a3211dabbdea4b079cb598581dce84fda1"
 S = "${WORKDIR}/git"