subtree updates july 21 2023 poky,openembedded

poky: 13b646c0e1..b398c7653e:
  Adrian Freihofer (2):
        runqemu-ifdown: catch up with ifup
        runqemu: drop uid parameter for ifdown

  Alejandro Hernandez Samaniego (3):
        baremetal-helloworld: Fix race condition
        runqemu: Stop using warn() since its been deprecated
        runqemu: Fix automated call to runqemu-ifup

  Alex Kiernan (3):
        rootfs: Add debugfs package db file copy and cleanup
        rpm: Pick debugfs package db files/dirs explicitly
        eudev: Add group sgx to eudev package

  Alexander Kanavin (27):
        insane.bbclass: enable 32 bit time API check (as a warning) on affected architectures
        libxcrypt: upgrade 4.4.34 -> 4.4.35
        libxml2: update 2.10.4 -> 2.11.4
        ovmf: update 202302 -> 202305
        lua: update 5.4.4 -> 5.4.6
        cargo.bbclass: set up cargo environment in common do_compile
        rust-common.bbclass: move musl-specific linking fix from rust-source.inc
        python3-cryptography: update 39.0.2 -> 41.0.1
        python3-cryptography-vectors: update 39.0.2 -> 41.0.1
        python3: update 3.11.3 -> 3.11.4
        diffutils: update 3.9 -> 3.10
        shadow: remove dependency on pam-plugin-lastlog
        libpam: update 1.5.2 -> 1.5.3
        librsvg: update 2.56.0 -> 2.56.1
        vulkan-validation-layers: update 1.3.243 -> 1.3.250
        xcb-util-cursor: add a recipe from meta-oe
        weston: update 11.0.1 -> 12.0.1
        libdmx: update 1.1.4 -> 1.1.5
        xtrans: update 1.4.0 -> 1.5.0
        libproxy: fetch from git
        libproxy: update 0.4.18 -> 0.5.2
        libssh2: update 1.10.0 -> 1.11.0
        gstreamer1.0-plugins-base: enable glx/opengl support
        webkitgtk: update 2.38.5 -> 2.40.2
        python3-cryptography: update a patch to upstream's better followup fix
        time64.inc: annotate and clean up recipe-specific Y2038 exceptions
        Revert "rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock"

  Andrej Valek (3):
        cve-check: add option to add additional patched CVEs
        oeqa/selftest/cve_check: rework test to new cve status handling
        cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS

  Anuj Mittal (7):
        rpm: backport fix to prevent crashes with latest sqlite
        sqlite3: upgrade 3.41.2 -> 3.42.0
        vte: upgrade 0.72.1 -> 0.72.2
        libpng: upgrade 1.6.39 -> 1.6.40
        glib-networking: upgrade 2.76.0 -> 2.76.1
        bluez5: upgrade 5.66 -> 5.68
        selftest/cases/glibc.py: fix the override syntax

  BELOUARGA Mohamed (9):
        bitbake: fetch2/npmsw: Add support for the new format of the shrinkwrap file
        bitbake: fetch2/npmsw: Don't fetch dev dependencies when they are not demanded
        bitbake: fetch2/npm: Remove special caracters that causes recipe tool to fail
        recipetool: create: npm: Remove duplicate function to not have future conflicts
        classes: npm: Handle peer dependencies for npm packages
        recipetool: create: npm: Add support for the new format of the shrinkwrap file
        recipetool: create: npm: Add support to handle peer dependencies
        classes: npm: Add support for the new format of the shrinkwrap file
        classe-recipes: npm: Add support for dependencies and devDependencies

  Benjamin Bouvier (1):
        util-linux: add alternative links for ipcs,ipcrm

  Bruce Ashfield (19):
        perf: fix buildpaths QA warning in 6.4+
        linux-libc-headers: bump to 6.4
        kernel: fix localversion in v6.3+
        linux-yocto: introduce 6.4 reference kernel recipes
        linux-yocto/6.4: update to latest
        linux-yocto/6.4: aufs6 integration
        linux-yocto/6.4: refresh configuration
        linux-yocto-rt/6.4: integrate -rt6
        linux-yocto/6.4: update to v6.4.2
        linux-yocto-tiny/6.4: fix configuration warnings (HID)
        linux-yocto-tiny/arm: fix configuration warnings (HID)
        linux-yocto/ppc: add elfutils-native to DEPENDS
        linux-yocto/6.1: update to v6.1.36
        linux-yocto/6.1: update to v6.1.37
        linux-yocto/6.1: update to v6.1.38
        linux-yocto/6.x: cfg: update ima.cfg to match current meta-integrity
        linux-yocto/6.4: update to v6.4.3
        kernel: set HOSTPKG_CONFIG to use pkg-config-native
        linux-yocto/6.4: fix menuconfig

  Changqing Li (2):
        dnf: only write the log lock to root for native dnf
        rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock

  Denys Dmytriyenko (1):
        bitbake: runqueue: convert deferral messages from bb.note to bb.debug

  Enrico Scholz (1):
        shadow-sysroot: add license information

  Etienne Cordonnier (2):
        libxcrypt: fix hard-coded ".so" extension
        qemu: fix typo

  Fabio Estevam (3):
        u-boot: Update Upstream-Status
        u-boot: Upgrade to 2023.07
        u-boot: Upgrade to 2023.07.02

  Frederic Martinsons (1):
        ptest-cargo.bbclass: fix condition to detect test executable

  Joe Slater (1):
        ghostscript: advance to version 10.01.2

  Jose Quaresma (12):
        kernel: config modules directories are handled by kernel-module-split
        kernel-module-split: install config modules directories only when they are needed
        kernel-module-split: use context manager to open files
        kernel-module-split: make autoload and probeconf distribution specific
        kernel-module-split add systemd modulesloaddir and modprobedir config
        pybootchartgui: calcule elapsed_time when starting the loop
        pybootchartgui: concatenate the elapsed time with the process
        pybootchartgui: fix overlapping argument in render_processes_chart
        pybootchartgui: fix width max usage in draw_label_in_box
        openssl: add PERLEXTERNAL path to test its existence
        openssl: use a glob on the PERLEXTERNAL to track updates on the path
        go: update 1.20.5 -> 1.20.6

  Julien Stephan (1):
        automake: fix buildtest patch

  Khem Raj (9):
        ffmpeg: Fix build on riscv
        libpam: Fix examples build on musl
        webkitgtk: Enable JIT on RISCV64
        musl: Guard fallocate64 with _LARGEFILE64_SOURCE
        alsa-lib: Disable old API symbols
        mesa: Fix build with upcoming LLVM 17
        meson.bbclass: Point to llvm-config from native sysroot
        webkitgtk: Unbreak build on platforms using pvr graphics drivers
        python3-lxml: upgrade 4.9.2 -> 4.9.3

  Martin Jansa (4):
        selftest: multiconfig-image-packager: try to respect IMAGE_LINK_NAME
        kernel-devicetree: install dtb files without -${KERNEL_DTB_NAME} suffix
        image-artifact-names: include ${IMAGE_NAME_SUFFIX} directly in both ${IMAGE_NAME} and ${IMAGE_LINK_NAME}
        cpio: respect MLPREFIX for PACKAGE_WRITE_DEPS

  Michael Halstead (1):
        resulttool/resultutils: allow index generation despite corrupt json

  Mingli Yu (1):
        qemu: Add qemu-user-* and qemu-system-* to PACKAGES_DYNAMIC

  Natasha Bailey (1):
        tiff: backport a fix for CVE-2023-26965

  Ovidiu Panait (5):
        mdadm: fix util-linux ptest dependency
        mdadm: fix 07revert-inplace ptest
        mdadm: fix segfaults when running ptests
        mdadm: skip running known broken ptests
        mdadm: re-add mdadm-ptest to PTESTS_SLOW

  Peter Hoyes (5):
        bitbake: bitbake: tests/fetch: Mark TestTimeout as not a test suite
        bitbake: bitbake: tests/fetch: Rename assertRaisesRegexp to assertRaisesRegex
        bitbake: bitbake: tests/fetch: Set git config if not already set
        bitbake: bitbake: tests: Use assertLogs to test logging output
        bitbake: bitbake: Bootstrap pytest for self-tests

  Peter Marko (4):
        cve-update-nvd2-native: fix cvssV3 metrics
        gcsections: apply section removal also in C++, not only in C
        cve-update-nvd2-native: retry all errors and sleep between retries
        cve-update-nvd2-native: increase retry count

  Piotr Łobacz (1):
        bitbake.conf: Add acl distro native features support

  Quentin Schulz (1):
        uboot-extlinux-config.bbclass: fix old override syntax in comment

  Richard Purdie (14):
        defaultsetup: Enable largefile and 64bit time_t support systemwide for 32 bit platforms
        time64: Disable CFLAGS for strace
        bitbake: runqueue: Fix deferred task/multiconfig race issue
        strace: Update patches/tests with upstream fixes
        bitbake: fetch2/npmsw: Support old and new shrinkwrap formats
        ptest-runner: Pull in "runner: Remove threads and mutexes" fix
        bitbake: server/process: Show command in timeout message
        bitbake: cooker: Log when parsing starts in server log
        gcc-testsuite: Fix ppc cpu specification
        ptest-runner: Pull in parallel test fixes and output handling
        oeqa/selftest/rust: Various fixes to work correctly
        bitbake: runqueue: Add pressure change logging
        build-appliance-image: Update to master head revision
        glibc-testsuite: Fix network restrictions causing test failures

  Ross Burton (26):
        cve-update-db-native: remove
        cve-update-nvd2-native: handle all configuration nodes, not just first
        cve-update-nvd2-native: use exact times, don't truncate
        ghostscript: remove CVE_CHECK_IGNORE for CVE-2013-6629
        pkgconf: update SRC_URI
        libjpeg-turbo: upgrade to 3.0.0
        cups: upgrade to 2.4.6
        tiff: upgrade to 4.5.1
        linux-yocto/cve-exclusion: move entries from cve-extra-exclusions
        linux-yocto/cve-exclusion: ignore more backported CVEs
        python3: fix missing comma in get_module_deps3.py
        python3-jsonpointer: upgrade to 2.4
        oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case
        cml1: add showconfig task to easily find the generated .config file
        rootfs_rpm: don't depend on opkg-native for update-alternatives
        poky: add Debian 12 to supported distribution list
        cve-update-nvd2-native: log a little more
        cve-update-nvd2-native: actually use API keys
        gcc: don't pass --enable-standard-branch-protection
        machine/arch-arm64: add -mbranch-protection=standard
        qemuarm: pin kernel to 6.1
        libdmx: remove obsolete library
        linux-yocto_6.1: ignore backported CVEs
        python3: ignore CVE-2023-36632
        ltp: add RDEPENDS on findutils
        oeqa/ltp: rewrote LTP testcase and parser

  Siddharth Doshi (2):
        bind: Upgrade 9.18.15 -> 9.18.16
        flac: Upgrade 1.4.2 -> 1.4.3

  Soumya (1):
        perl: Fix CVE-2023-31486

  Staffan Rydén (1):
        kernel: Fix path comparison in kernel staging dir symlinking

  Stéphane Veyret (1):
        scripts/oe-setup-builddir: copy conf-notes.txt to build dir

  Sudip Mukherjee (1):
        libssh2: disable rpath to fix curl-native build

  Thomas Roos (1):
        testimage/oeqa: Drop testimage_dump_host functionality

  Tim Orling (10):
        python3-pytest-subtests: upgrade 0.10.0 -> 0.11.0
        python3-urllib3: upgrade 2.0.2 -> 2.0.3
        python3-typing-extensions: upgrade 4.6.3 -> 4.7.0
        python3-hypothesis: upgrade 6.79.2 -> 6.80.0
        python3-pygments: upgrade 2.14.0 -> 2.15.1
        python3-importlib-metadata: upgrade 6.7.0 -> 6.8.0
        python3-typing-extensions: upgrade 4.7.0 -> 4.7.1
        python3-cryptography{-vectors}: upgrade 41.0.1 -> 41.0.2
        python3-zipp: upgrade 3.15.0 -> 3.16.2
        python3-hypothesis: upgrade 6.80.0 -> 6.81.2

  Trevor Gamblin (15):
        python3: add cgitb, zipapp ptest dependencies
        qemu: upgrade 8.0.0 -> 8.0.3
        python3: parallelize ptests, add test_cppext dependencies
        python3-setuptools: upgrade 67.6.1 -> 68.0.0
        diffoscope: upgrade 242 -> 243
        p11-kit: upgrade 0.24.1 -> 0.25.0
        diffoscope: add missing RDEPENDS and alphabetize
        linux-firmware: upgrade 20230515 -> 20230625
        python3-trove-classifiers: upgrade 2023.5.24 -> 2023.7.6
        python3-cython: upgrade 0.29.35 -> 0.29.36
        icu: upgrade 72-1 -> 73-2
        python3-editables: add python3-io to RDEPENDS
        python3: ensure ptest regression capture
        diffoscope: upgrade 243 -> 244
        xeyes: upgrade 1.2.0 -> 1.3.0

  Wang Mingyu (51):
        freetype: upgrade 2.13.0 -> 2.13.1
        gstreamer1.0: upgrade 1.22.3 -> 1.22.4
        kbd: upgrade 2.5.1 -> 2.6.0
        libassuan: upgrade 2.5.5 -> 2.5.6
        libksba: upgrade 1.6.3 -> 1.6.4
        libmd: upgrade 1.0.4 -> 1.1.0
        libsdl2: upgrade 2.26.5 -> 2.28.0
        libtraceevent: upgrade 1.7.2 -> 1.7.3
        libx11: upgrade 1.8.5 -> 1.8.6
        lttng-ust: upgrade 2.13.5 -> 2.13.6
        nettle: upgrade 3.9 -> 3.9.1
        nghttp2: upgrade 1.53.0 -> 1.54.0
        ccache: upgrade 4.8.1 -> 4.8.2
        mesa: upgrade 23.1.1 -> 23.1.3
        python3-numpy: upgrade 1.24.3 -> 1.25.0
        python3-typing-extensions: upgrade 4.6.2 -> 4.6.3
        xorgproto: upgrade 2022.2 -> 2023.2
        python3-hatchling: upgrade 1.17.0 -> 1.18.0
        python3-hypothesis: upgrade 6.75.7 -> 6.79.2
        python3-importlib-metadata: upgrade 6.6.0 -> 6.7.0
        python3-iso8601: upgrade 1.1.0 -> 2.0.0
        python3-markupsafe: upgrade 2.1.2 -> 2.1.3
        python3-pluggy: upgrade 1.0.0 -> 1.2.0
        python3-pycairo: upgrade 1.23.0 -> 1.24.0
        python3-pyparsing: upgrade 3.0.9 -> 3.1.0
        python3-pytest: upgrade 7.3.1 -> 7.4.0
        python3-ruamel-yaml: upgrade 0.17.31 -> 0.17.32
        python3-sphinx-rtd-theme: upgrade 1.2.1 -> 1.2.2
        xkeyboard-config: upgrade 2.38 -> 2.39
        xwayland: upgrade 23.1.1 -> 23.1.2
        wayland-protocols: upgrade 1.31 -> 1.32
        taglib: upgrade 1.13 -> 1.13.1
        libxcrypt: upgrade 4.4.35 -> 4.4.36
        msmtp: upgrade 1.8.23 -> 1.8.24
        libwebp: upgrade 1.3.0 -> 1.3.1
        libuv: upgrade 1.45.0 -> 1.46.0
        acpica: upgrade 20230331 -> 20230628
        libnss-nis: upgrade 3.1 -> 3.2
        harfbuzz: upgrade 7.3.0 -> 8.0.1
        libproxy: upgrade 0.5.2 -> 0.5.3
        nghttp2: upgrade 1.54.0 -> 1.55.1
        debianutils: upgrade 5.7 -> 5.8
        glib-2.0: upgrade 2.76.3 -> 2.76.4
        python3-pip: upgrade 23.1.2 -> 23.2
        opkg: upgrade 0.6.1 -> 0.6.2
        opkg-utils: upgrade 0.5.0 -> 0.6.2
        python3-editables: upgrade 0.3 -> 0.4
        python3-git: upgrade 3.1.31 -> 3.1.32
        python3-numpy: upgrade 1.25.0 -> 1.25.1
        repo: upgrade 2.34.1 -> 2.35
        libva: upgrade to 2.19.0

  Yash Shinde (1):
        oeqa/selftest: Add rust selftests

  Yi Zhao (1):
        ifupdown: install missing directories

  Yoann Congal (2):
        recipetool: Fix inherit in created -native* recipes
        oeqa/selftest/devtool: add unit test for "devtool add -b"

  Yuta Hayama (1):
        systemd-systemctl: fix errors in instance name expansion

meta-openembedded: 2638d458a5..0e3f5e5201:
  Alex Kiernan (1):
        ostree: Upgrade 2023.4 -> 2023.5

  Archana Polampalli (1):
        tcpreplay: upgrade 4.4.3 -> 4.4.4

  Beniamin Sandu (1):
        mbedtls: fix builds with crypto extensions

  Bruce Ashfield (1):
        vboxguestdrivers: fix compilation against 6.4 kernel / headers

  Carlos Rafael Giani (3):
        pipewire: Disable libmysofa since it is not available in OE
        pipewire: Improve packageconfigs
        pipewire: Add dedicated aes67 package and fix rlimits.d package assignment

  Chee Yang Lee (1):
        rabbitmq-c: Fix CVE-2023-35789

  Jasper Orschulko (8):
        python3-pytest-cov: Add initial recipe 4.1.0
        python3-covdefaults: Add initial recipe 2.3.0
        python3-platformdirs: Fix recipe version 3.6.0
        python3-distlib: Add initial recipe 0.3.6
        python3-filelock: Add initial recipe 3.12.0
        python3-virtualenv: Add initial recipe 20.23.0
        python3-pyproject-api: Add initial recipe 1.5.1
        python3-tox: Add initial recipe 4.6.0

  Joe Slater (1):
        libgpiod: modify RDEPENDS for ptest

  Justin Bronder (2):
        python3-asyncinotify: upgrade 3.0.1 -> 4.0.2
        python3-pytest-asyncio: upgrade 0.16.0 -> 0.21.1

  Kai Kang (2):
        libtimezonemap: rename downloaded file name
        fltk-native: fix libdl link issue

  Khem Raj (33):
        gupnp-av: Fix build with libxml2-2.11 and newer
        xcb-util-cursor: Delete recipe
        pidgin-sipe: Add packageconfig to turn Werror on/off
        fbida: Fix build on musl
        pcp: Update to 6.0.5
        geos: Upgrade to 3.12.0
        ctags: Extend to build native package
        libcoap: Build linker symbol file explicitly
        geos: Use cmake directly
        pcp: Fix build race
        sblim-sfcc: Fix build with clang17
        minifi-cpp: Fix build with clang 17
        python3-grpcio-tools: Upgrade to 1.56.0
        python3-grpcio: Upgrade to 1.56.0
        python3-grpcio: Fix build on musl
        python3-grpcio-tools: Fix build with musl
        thin-provisioning-tools: Upgrade to 1.0.4
        thin-provisioning-tools: Fix build on musl.
        pcp: Disable parallel build
        crash: Fix build with glibc 2.38+
        breakpad: Update to latest trunk
        python3-requests-toolbelt: Fix ptest failures seen with urllib3 2.0
        ptest-packagelists-meta-oe: Limit mcelog to x86/x86_64
        graphviz: Upgrade to 8.1.0 release
        emlog: Update to latest to fix build with 6.4 kernel
        dlm: Upgrade to 4.2.0
        mdio-tools: Update to latest on trunk
        dlm: Fix build with linux kernel 6.4+
        dlm: Do not pass -fcf-protection=full via Makefile
        dlm: Do not use -fcf-protection=full on arm platforms
        zfs: Update to 2.2.0 rc1
        zfs: Disable builds on aarch64 for now
        dhcp-relay: Pass cross configure flags to bind build

  Luke Schaefer (1):
        nginx: Add stream Signed-off-by: Luke Schaefer <lukeschafer17@gmail.com>

  Marek Vasut (4):
        lvgl: Factor out and unify lv-drivers configuration
        lvgl: Add default input device configuration option
        linux-serial-test: Update to latest git revision
        libiio: enable c++ bindings

  Markus Volk (10):
        pipewire: upgrade 0.3.71 -> 0.3.72
        pipewire: upgrade 0.3.72 -> 0.3.73
        gnome-software: upgrade 44.2 -> 44.3
        eog: upgrade 44.2 -> 44.3
        spdlog: upgrade 1.11.0 -> 1.12.0
        flatpak: update dependencies
        gnome-control-center: upgrade 44.2 -> 44.3
        gnome-shell: upgrade 44.2 -> 44.3
        mutter: upgrade 44.2 -> 44.3
        gnome-settings-daemon: upgrade 44.0 -> 44.1

  Martin Jansa (4):
        nodejs: use PIE for host binaries
        gupnp: backport a fix not to use deprecated xmlReadMemory
        pidgin-sipe: allow to build with libxml2-2.11
        raptor2: backport a fix to build with libxml2-2.11

  Michael Haener (1):
        nginx: upgrade to 1.24.0 release

  Michael Weiß (1):
        pv: Show progress bar even if no terminal is set as in 1.6.6

  Mingli Yu (1):
        snort: Add systemd unit file

  Peter Kjellerstedt (1):
        cppzmq: Move the version to the recipe file name

  Petr Gotthard (2):
        python3-pyroute2: upgrade 0.5.19 -> 0.7.9
        networkmanager: upgrade 1.42.6 -> 1.42.8

  Ricardo Salveti (1):
        lshw: bump to b4e0673

  Ross Burton (5):
        poppler: fix missing include
        libpaper: remove redundant autoreconf --install
        liblbxutil: remove obsolete library
        xsetmode: remove obsolete utility
        libxkbui: remove obsolete recipe

  Tim Orling (1):
        python3-argh: upgrade 0.26.2 -> 0.28.1

  Trevor Gamblin (9):
        python3-alembic: upgrade 1.10.4 -> 1.11.1
        python3-sqlalchemy: upgrade 2.0.15 -> 2.0.19
        python3-argcomplete: upgrade 3.1.0 -> 3.1.1
        python3-arpeggio: upgrade 2.0.0 -> 2.0.2
        python3-astroid: upgrade 2.15.5 -> 2.15.6
        python3-autobahn: upgrade 23.6.1 -> 23.6.2
        python3-bandit: upgrade 1.7.4 -> 1.7.5
        python3-bandit: add python3-rich to RDEPENDS
        python3-bitarray: upgrade 2.7.3 -> 2.7.6

  Wang Mingyu (44):
        cppzmq: upgrade 4.9.0 -> 4.10.0
        iwd: upgrade 2.5 -> 2.6
        libburn: upgrade 1.5.4 -> 1.5.6
        libzip: upgrade 1.9.2 -> 1.10.0
        openfortivpn: upgrade 1.20.3 -> 1.20.5
        psqlodbc: upgrade 13.02.0000 -> 15.00.0000
        python3-aenum: upgrade 3.1.12 -> 3.1.14
        python3-can: upgrade 4.2.1 -> 4.2.2
        python3-google-api-python-client: upgrade 2.89.0 -> 2.90.0
        python3-h5py: upgrade 3.8.0 -> 3.9.0
        python3-natsort: upgrade 8.3.1 -> 8.4.0
        python3-pymodbus: upgrade 3.3.1 -> 3.3.2
        python3-pymongo: upgrade 4.3.3 -> 4.4.0
        python3-pyscaffold: upgrade 4.4.1 -> 4.5
        python3-pyzstd: upgrade 0.15.7 -> 0.15.9
        python3-requests-futures: upgrade 1.0.0 -> 1.0.1
        python3-sentry-sdk: upgrade 1.25.1 -> 1.26.0
        python3-zeroconf: upgrade 0.68.0 -> 0.69.0
        weechat: upgrade 3.8 -> 4.0.0
        python3-platformdirs: upgrade 3.6.0 -> 3.8.0
        renderdoc: upgrade 1.13 -> 1.27
        gegl: upgrade 0.4.44 -> 0.4.46
        gvfs: upgrade 1.50.4 -> 1.51.1
        weechat: upgrade 4.0.0 -> 4.0.1
        avro-c: upgrade 1.11.1 -> 1.11.2
        glfw: upgrade 3.3 -> 3.3.8
        hwloc: upgrade 2.9.1 -> 2.9.2
        minicoredumper: upgrade 2.0.3 -> 2.0.6
        thingsboard-gateway: upgrade 3.2 -> 3.3
        xterm: upgrade 382 -> 383
        passwdqc: upgrade 2.0.2 -> 2.0.3
        python3-aenum: upgrade 3.1.14 -> 3.1.15
        python3-configargparse : upgrade 1.5.3 -> 1.5.5
        python3-elementpath: upgrade 4.1.3 -> 4.1.4
        python3-google-api-python-client: upgrade 2.90.0 -> 2.92.0
        python3-google-auth: upgrade 2.20.0 -> 2.21.0
        python3-joblib: upgrade 1.2.0 -> 1.3.1
        python3-pillow: upgrade 9.5.0 -> 10.0.0
        python3-redis: upgrade 4.5.5 -> 4.6.0
        python3-tox: upgrade 4.6.0 -> 4.6.3
        python3-virtualenv: upgrade 20.23.0 -> 20.23.1
        python3-zeroconf: upgrade 0.69.0 -> 0.70.0
        libyang: Fix install conflict when enable multilib.
        php: Fix install conflict when enable multilib.

  Wolfgang Meyer (4):
        fbida: Switch to git fetcher
        fbida: build with meson
        fbida: SRC_REV bump ac9005b..eb769e3
        fbida: make fbpdf build optional

  Yi Zhao (6):
        conntrack-tools: add systemd unit file
        conntrack-tools: add required kernel modules to RRECOMMENDS
        frr: upgrade 8.4.2 -> 8.4.4
        mbedtls: upgrade 2.28.2 -> 2.28.3
        open-vm-tools: Security fix CVE-2023-20867
        samba: upgrade 4.18.3 -> 4.18.4

  Zoltán Böszörményi (1):
        opencv: 4.8.0

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I48c2ba4573ee81b637b1ba890c312f491004f666
diff --git a/poky/bitbake/README b/poky/bitbake/README
index a5f5c1b..78610e6 100644
--- a/poky/bitbake/README
+++ b/poky/bitbake/README
@@ -45,8 +45,7 @@
 recommended before submitting patches, particularly to the fetcher and datastore. We also
 appreciate new test cases and may require them for more obscure issues.
 
-To run the tests "zstd" and "git" must be installed. Git must be correctly configured, in
-particular the user.email and user.name values must be set.
+To run the tests "zstd" and "git" must be installed.
 
 The assumption is made that this testsuite is run from an initialized OpenEmbedded build
 environment (i.e. `source oe-init-build-env` is used). If this is not the case, run the
@@ -54,3 +53,8 @@
 
     export PATH=$(pwd)/bin:$PATH
     bin/bitbake-selftest
+
+The testsuite can alternatively be executed using pytest, e.g. obtained from PyPI (in this
+case, the PATH is configured automatically):
+
+    pytest
diff --git a/poky/bitbake/lib/bb/cooker.py b/poky/bitbake/lib/bb/cooker.py
index 0a21f1c..11c9fa2 100644
--- a/poky/bitbake/lib/bb/cooker.py
+++ b/poky/bitbake/lib/bb/cooker.py
@@ -1666,6 +1666,7 @@
             self.updateCacheSync()
 
         if self.state != state.parsing and not self.parsecache_valid:
+            bb.server.process.serverlog("Parsing started")
             self.setupParserWatcher()
 
             bb.parse.siggen.reset(self.data)
diff --git a/poky/bitbake/lib/bb/fetch2/npm.py b/poky/bitbake/lib/bb/fetch2/npm.py
index e6d0598..f83485a 100644
--- a/poky/bitbake/lib/bb/fetch2/npm.py
+++ b/poky/bitbake/lib/bb/fetch2/npm.py
@@ -44,9 +44,12 @@
     """Convert the npm package name to remove unsupported character"""
     # Scoped package names (with the @) use the same naming convention
     # as the 'npm pack' command.
-    if package.startswith("@"):
-        return re.sub("/", "-", package[1:])
-    return package
+    name = re.sub("/", "-", package)
+    name = name.lower()
+    name = re.sub(r"[^\-a-z0-9]", "", name)
+    name = name.strip("-")
+    return name
+
 
 def npm_filename(package, version):
     """Get the filename of a npm package"""
diff --git a/poky/bitbake/lib/bb/fetch2/npmsw.py b/poky/bitbake/lib/bb/fetch2/npmsw.py
index cc81100..971ccc9 100644
--- a/poky/bitbake/lib/bb/fetch2/npmsw.py
+++ b/poky/bitbake/lib/bb/fetch2/npmsw.py
@@ -41,8 +41,9 @@
         with:
             name = the package name (string)
             params = the package parameters (dictionary)
-            deptree = the package dependency tree (array of strings)
+            destdir = the destination of the package (string)
     """
+    # For handling old style dependencies entries in shinkwrap files
     def _walk_deps(deps, deptree):
         for name in deps:
             subtree = [*deptree, name]
@@ -52,9 +53,22 @@
                     continue
                 elif deps[name].get("bundled", False):
                     continue
-                callback(name, deps[name], subtree)
+                destsubdirs = [os.path.join("node_modules", dep) for dep in subtree]
+                destsuffix = os.path.join(*destsubdirs)
+                callback(name, deps[name], destsuffix)
 
-    _walk_deps(shrinkwrap.get("dependencies", {}), [])
+    # packages entry means new style shrinkwrap file, else use dependencies
+    packages = shrinkwrap.get("packages", None)
+    if packages is not None:
+        for package in packages:
+            if package != "":
+                name = package.split('node_modules/')[-1]
+                package_infos = packages.get(package, {})
+                if dev == False and package_infos.get("dev", False):
+                    continue
+                callback(name, package_infos, package)
+    else:
+        _walk_deps(shrinkwrap.get("dependencies", {}), [])
 
 class NpmShrinkWrap(FetchMethod):
     """Class to fetch all package from a shrinkwrap file"""
@@ -75,12 +89,10 @@
         # Resolve the dependencies
         ud.deps = []
 
-        def _resolve_dependency(name, params, deptree):
+        def _resolve_dependency(name, params, destsuffix):
             url = None
             localpath = None
             extrapaths = []
-            destsubdirs = [os.path.join("node_modules", dep) for dep in deptree]
-            destsuffix = os.path.join(*destsubdirs)
             unpack = True
 
             integrity = params.get("integrity", None)
diff --git a/poky/bitbake/lib/bb/runqueue.py b/poky/bitbake/lib/bb/runqueue.py
index 0bb3bc2..48788f4 100644
--- a/poky/bitbake/lib/bb/runqueue.py
+++ b/poky/bitbake/lib/bb/runqueue.py
@@ -212,6 +212,10 @@
                     exceeds_cpu_pressure =  self.rq.max_cpu_pressure and (float(curr_cpu_pressure) - float(self.prev_cpu_pressure)) > self.rq.max_cpu_pressure
                     exceeds_io_pressure =  self.rq.max_io_pressure and (float(curr_io_pressure) - float(self.prev_io_pressure)) > self.rq.max_io_pressure
                     exceeds_memory_pressure = self.rq.max_memory_pressure and (float(curr_memory_pressure) - float(self.prev_memory_pressure)) > self.rq.max_memory_pressure
+            pressure_state = (exceeds_cpu_pressure, exceeds_io_pressure, exceeds_memory_pressure)
+            if hasattr(self, "pressure_state") and pressure_state != self.pressure_state:
+                bb.note("Pressure status changed to CPU: %s, IO: %s, Mem: %s" % pressure_state)
+            self.pressure_state = pressure_state
             return (exceeds_cpu_pressure or exceeds_io_pressure or exceeds_memory_pressure)
         return False
 
@@ -1991,11 +1995,19 @@
                 self.setbuildable(revdep)
                 logger.debug("Marking task %s as buildable", revdep)
 
-        for t in self.sq_deferred.copy():
+        found = None
+        for t in sorted(self.sq_deferred.copy()):
             if self.sq_deferred[t] == task:
-                logger.debug2("Deferred task %s now buildable" % t)
-                del self.sq_deferred[t]
-                update_scenequeue_data([t], self.sqdata, self.rqdata, self.rq, self.cooker, self.stampcache, self, summary=False)
+                # Allow the next deferred task to run. Any other deferred tasks should be deferred after that task.
+                # We shouldn't allow all to run at once as it is prone to races.
+                if not found:
+                    bb.debug(1, "Deferred task %s now buildable" % t)
+                    del self.sq_deferred[t]
+                    update_scenequeue_data([t], self.sqdata, self.rqdata, self.rq, self.cooker, self.stampcache, self, summary=False)
+                    found = t
+                else:
+                    bb.debug(1, "Deferring %s after %s" % (t, found))
+                    self.sq_deferred[t] = found
 
     def task_complete(self, task):
         self.stats.taskCompleted()
@@ -2932,7 +2944,7 @@
                 sqdata.hashes[h] = tid
             else:
                 sqrq.sq_deferred[tid] = sqdata.hashes[h]
-                bb.note("Deferring %s after %s" % (tid, sqdata.hashes[h]))
+                bb.debug(1, "Deferring %s after %s" % (tid, sqdata.hashes[h]))
 
     update_scenequeue_data(sqdata.sq_revdeps, sqdata, rqdata, rq, cooker, stampcache, sqrq, summary=True)
 
diff --git a/poky/bitbake/lib/bb/server/process.py b/poky/bitbake/lib/bb/server/process.py
index 7616ef5..4d4fa6d 100644
--- a/poky/bitbake/lib/bb/server/process.py
+++ b/poky/bitbake/lib/bb/server/process.py
@@ -502,7 +502,7 @@
     def runCommand(self, command):
         self.connection.send(command)
         if not self.recv.poll(30):
-            logger.info("No reply from server in 30s")
+            logger.info("No reply from server in 30s (for command %s)" % command[0])
             if not self.recv.poll(30):
                 raise ProcessTimeout("Timeout while waiting for a reply from the bitbake server (60s)")
         ret, exc = self.recv.get()
diff --git a/poky/bitbake/lib/bb/tests/fetch.py b/poky/bitbake/lib/bb/tests/fetch.py
index d230120..2059376 100644
--- a/poky/bitbake/lib/bb/tests/fetch.py
+++ b/poky/bitbake/lib/bb/tests/fetch.py
@@ -24,7 +24,8 @@
     return lambda f: f
 
 class TestTimeout(Exception):
-    pass
+    # Indicate to pytest that this is not a test suite
+    __test__ = False
 
 class Timeout():
 
@@ -428,9 +429,15 @@
         # a common setup is to use other default
         # branch than master.
         self.git(['checkout', '-b', 'master'], cwd=cwd)
-        if not self.git(['config', 'user.email'], cwd=cwd):
+
+        try:
+            self.git(['config', 'user.email'], cwd=cwd)
+        except bb.process.ExecutionError:
             self.git(['config', 'user.email', 'you@example.com'], cwd=cwd)
-        if not self.git(['config', 'user.name'], cwd=cwd):
+
+        try:
+            self.git(['config', 'user.name'], cwd=cwd)
+        except bb.process.ExecutionError:
             self.git(['config', 'user.name', 'Your Name'], cwd=cwd)
 
 class MirrorUriTest(FetcherTest):
@@ -2485,7 +2492,7 @@
         uris = self.d.getVar('SRC_URI').split()
 
         fetcher = bb.fetch2.Fetch(uris, self.d)
-        with self.assertRaisesRegexp(bb.fetch2.FetchError, "Fetcher failure for URL"):
+        with self.assertRaisesRegex(bb.fetch2.FetchError, "Fetcher failure for URL"):
             fetcher.download()
 
 class NPMTest(FetcherTest):
@@ -3037,7 +3044,7 @@
         self.mirrorname = "git2_git.fake.repo.bitbake.tar.gz"
         recipeurl = "git:/git.fake.repo/bitbake"
         os.makedirs(self.gitdir)
-        self.git("init", self.gitdir)
+        self.git_init(cwd=self.gitdir)
         for i in range(0):
             self.git_new_commit()
         bb.process.run('tar -czvf {} .'.format(os.path.join(self.mirrordir, self.mirrorname)), cwd =  self.gitdir)
@@ -3176,7 +3183,7 @@
         import sys
         self.d.setVar("SRCREV", "0"*40)
         fetcher = bb.fetch.Fetch([self.recipe_url], self.d)
-        with self.assertRaises(bb.fetch2.FetchError):
+        with self.assertRaises(bb.fetch2.FetchError), self.assertLogs() as logs:
             fetcher.download()
-        stdout = sys.stdout.getvalue()
-        self.assertFalse(" not a git repository (or any parent up to mount point /)" in stdout)
+        output = "".join(logs.output)
+        self.assertFalse(" not a git repository (or any parent up to mount point /)" in output)
diff --git a/poky/bitbake/lib/bb/tests/parse.py b/poky/bitbake/lib/bb/tests/parse.py
index a3165d9..304bbbe 100644
--- a/poky/bitbake/lib/bb/tests/parse.py
+++ b/poky/bitbake/lib/bb/tests/parse.py
@@ -186,14 +186,16 @@
 """
     def test_parse_addtask_deltask(self):
         import sys
-        f = self.parsehelper(self.addtask_deltask)
-        d = bb.parse.handle(f.name, self.d)['']
 
-        stdout = sys.stdout.getvalue()
-        self.assertTrue("addtask contained multiple 'before' keywords" in stdout)
-        self.assertTrue("addtask contained multiple 'after' keywords" in stdout)
-        self.assertTrue('addtask ignored: " do_patch"' in stdout)
-        #self.assertTrue('dependent task do_foo for do_patch does not exist' in stdout)
+        with self.assertLogs() as logs:
+            f = self.parsehelper(self.addtask_deltask)
+            d = bb.parse.handle(f.name, self.d)['']
+
+        output = "".join(logs.output)
+        self.assertTrue("addtask contained multiple 'before' keywords" in output)
+        self.assertTrue("addtask contained multiple 'after' keywords" in output)
+        self.assertTrue('addtask ignored: " do_patch"' in output)
+        #self.assertTrue('dependent task do_foo for do_patch does not exist' in output)
 
     broken_multiline_comment = """
 # First line of comment \\
diff --git a/poky/meta-poky/conf/distro/include/gcsections.inc b/poky/meta-poky/conf/distro/include/gcsections.inc
index a1f8651..0e7bd2e 100644
--- a/poky/meta-poky/conf/distro/include/gcsections.inc
+++ b/poky/meta-poky/conf/distro/include/gcsections.inc
@@ -27,8 +27,10 @@
 
 # set default for target
 CFLAGS:append:class-target = " ${CFLAGS_SECTION_REMOVAL}"
+CXXFLAGS:append:class-target = " ${CFLAGS_SECTION_REMOVAL}"
 LDFLAGS:append:class-target = " ${LDFLAGS_SECTION_REMOVAL}"
 
 # set default for nativesdk
 CFLAGS:append:class-nativesdk = " ${CFLAGS_SECTION_REMOVAL}"
+CXXFLAGS:append:class-nativesdk = " ${CFLAGS_SECTION_REMOVAL}"
 LDFLAGS:append:class-nativesdk = " ${LDFLAGS_SECTION_REMOVAL}"
diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf
index d137527..c72df16 100644
--- a/poky/meta-poky/conf/distro/poky.conf
+++ b/poky/meta-poky/conf/distro/poky.conf
@@ -41,6 +41,7 @@
             fedora-36 \n \
             fedora-37 \n \
             debian-11 \n \
+            debian-12 \n \
             opensuseleap-15.3 \n \
             opensuseleap-15.4 \n \
             almalinux-8.7 \n \
diff --git a/poky/meta-selftest/recipes-test/multiconfig/multiconfig-image-packager_0.1.bb b/poky/meta-selftest/recipes-test/multiconfig/multiconfig-image-packager_0.1.bb
index daf2834..d7785ce 100644
--- a/poky/meta-selftest/recipes-test/multiconfig/multiconfig-image-packager_0.1.bb
+++ b/poky/meta-selftest/recipes-test/multiconfig/multiconfig-image-packager_0.1.bb
@@ -7,15 +7,19 @@
 MCIMGTYPE:virtclass-mcextend-tiny = "cpio.gz"
 
 MC_DEPLOY_DIR_IMAGE = "${TOPDIR}/tmp-mc-${MCNAME}/deploy/images/${MCMACHINE}"
+MC_DEPLOY_IMAGE_BASENAME = "core-image-minimal"
 
 do_install[mcdepends] += "mc::${MCNAME}:core-image-minimal:do_image_complete mc::${MCNAME}:virtual/kernel:do_deploy"
 
 do_install () {
     install -d ${D}/var/lib/machines/${MCNAME}
-    install ${MC_DEPLOY_DIR_IMAGE}/core-image-minimal-${MCMACHINE}.${MCIMGTYPE} ${D}/var/lib/machines/${MCNAME}/core-image-minimal.${MCIMGTYPE}
+    install ${MC_DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME_CORE_IMAGE_MINIMAL}.${MCIMGTYPE} ${D}/var/lib/machines/${MCNAME}/${MC_DEPLOY_IMAGE_BASENAME}.${MCIMGTYPE}
     install ${MC_DEPLOY_DIR_IMAGE}/bzImage ${D}/var/lib/machines/${MCNAME}
 }
 
+# for IMAGE_LINK_NAME, IMAGE_BASENAME
+inherit image-artifact-names
+
 python () {
     mcname = d.getVar('MCNAME')
     if not mcname:
@@ -23,6 +27,18 @@
     multiconfigs = d.getVar('BBMULTICONFIG') or ""
     if mcname not in multiconfigs:
         raise bb.parse.SkipRecipe("multiconfig target %s not enabled" % mcname)
+
+    # these will most likely start with my BPN multiconfig-image-packager, but I want them from core-image-minimal
+    # as there is no good way to query core-image-minimal's context lets assume that there are no overrides
+    # and that we can just replace IMAGE_BASENAME
+    image_link_name = d.getVar('IMAGE_LINK_NAME')
+    image_basename = d.getVar('IMAGE_BASENAME')
+    machine = d.getVar('MACHINE')
+    mcmachine = d.getVar('MCMACHINE')
+    image_to_deploy = d.getVar('MC_DEPLOY_IMAGE_BASENAME')
+    image_link_name_to_deploy = image_link_name.replace(image_basename, image_to_deploy).replace(machine, mcmachine)
+    bb.warn('%s: assuming that "%s" built for "%s" has IMAGE_LINK_NAME "%s"' % (d.getVar('PN'), mcmachine, image_to_deploy, image_link_name_to_deploy))
+    d.setVar('IMAGE_LINK_NAME_CORE_IMAGE_MINIMAL', image_link_name_to_deploy)
 }
 
 BBCLASSEXTEND = "mcextend:tiny mcextend:musl"
diff --git a/poky/meta/classes-global/insane.bbclass b/poky/meta/classes-global/insane.bbclass
index a4dbc9a..114781c 100644
--- a/poky/meta/classes-global/insane.bbclass
+++ b/poky/meta/classes-global/insane.bbclass
@@ -34,6 +34,7 @@
             missing-update-alternatives native-last missing-ptest \
             license-exists license-no-generic license-syntax license-format \
             license-incompatible license-file-missing obsolete-license \
+            32bit-time \
             "
 ERROR_QA ?= "dev-so debug-deps dev-deps debug-files arch pkgconfig la \
             perms dep-cmp pkgvarcheck perm-config perm-line perm-link \
@@ -513,6 +514,11 @@
     """
     Check that ELF files do not use any 32 bit time APIs from glibc.
     """
+    thirtytwo_bit_time_archs = set(('arm','armeb','mipsarcho32','powerpc','x86'))
+    overrides = set(d.getVar('OVERRIDES').split(':'))
+    if not(thirtytwo_bit_time_archs & overrides):
+        return
+
     import re
     # This list is manually constructed by searching the image folder of the
     # glibc recipe for __USE_TIME_BITS64.  There is no good way to do this
diff --git a/poky/meta/classes-recipe/cargo.bbclass b/poky/meta/classes-recipe/cargo.bbclass
index 7a8cc1e..3ef0bbb 100644
--- a/poky/meta/classes-recipe/cargo.bbclass
+++ b/poky/meta/classes-recipe/cargo.bbclass
@@ -55,7 +55,6 @@
 
 do_compile[progress] = "outof:\s+(\d+)/(\d+)"
 cargo_do_compile () {
-	oe_cargo_fix_env
 	oe_cargo_build
 }
 
diff --git a/poky/meta/classes-recipe/cargo_common.bbclass b/poky/meta/classes-recipe/cargo_common.bbclass
index 82ab25b..db54826 100644
--- a/poky/meta/classes-recipe/cargo_common.bbclass
+++ b/poky/meta/classes-recipe/cargo_common.bbclass
@@ -149,6 +149,10 @@
 }
 do_configure[postfuncs] += "cargo_common_do_patch_paths"
 
+do_compile:prepend () {
+        oe_cargo_fix_env
+}
+
 oe_cargo_fix_env () {
 	export CC="${RUST_TARGET_CC}"
 	export CXX="${RUST_TARGET_CXX}"
@@ -170,3 +174,15 @@
 EXTRA_OECARGO_PATHS ??= ""
 
 EXPORT_FUNCTIONS do_configure
+
+# The culprit for this setting is the libc crate,
+# which as of Jun 2023 calls directly into 32 bit time functions in glibc,
+# bypassing all of glibc provisions to choose the right Y2038-safe functions. As
+# rust components statically link with that crate, pretty much everything
+# is affected, and so there's no point trying to have recipe-specific
+# INSANE_SKIP entries.
+#
+# Upstream ticket and PR:
+# https://github.com/rust-lang/libc/issues/3223
+# https://github.com/rust-lang/libc/pull/3175
+INSANE_SKIP:append = " 32bit-time"
diff --git a/poky/meta/classes-recipe/cml1.bbclass b/poky/meta/classes-recipe/cml1.bbclass
index d87d820..d83c636 100644
--- a/poky/meta/classes-recipe/cml1.bbclass
+++ b/poky/meta/classes-recipe/cml1.bbclass
@@ -109,3 +109,9 @@
 do_diffconfig[nostamp] = "1"
 do_diffconfig[dirs] = "${KCONFIG_CONFIG_ROOTDIR}"
 addtask diffconfig
+
+do_showconfig() {
+    bbplain "Config file written to ${KCONFIG_CONFIG_ROOTDIR}/.config"
+}
+do_showconfig[nostamp] = "1"
+addtask showconfig after do_configure
diff --git a/poky/meta/classes-recipe/image-artifact-names.bbclass b/poky/meta/classes-recipe/image-artifact-names.bbclass
index ac2376d..bc76ff0 100644
--- a/poky/meta/classes-recipe/image-artifact-names.bbclass
+++ b/poky/meta/classes-recipe/image-artifact-names.bbclass
@@ -12,9 +12,10 @@
 IMAGE_VERSION_SUFFIX ?= "-${DATETIME}"
 IMAGE_VERSION_SUFFIX[vardepsexclude] += "DATETIME SOURCE_DATE_EPOCH"
 IMAGE_NAME ?= "${IMAGE_LINK_NAME}${IMAGE_VERSION_SUFFIX}"
-IMAGE_LINK_NAME ?= "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}"
+IMAGE_LINK_NAME ?= "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}${IMAGE_NAME_SUFFIX}"
 
 # This needs to stay in sync with IMAGE_LINK_NAME, but with INITRAMFS_IMAGE instead of IMAGE_BASENAME
+# and without ${IMAGE_NAME_SUFFIX} which all initramfs images should set to empty
 INITRAMFS_IMAGE_NAME ?= "${@['${INITRAMFS_IMAGE}${IMAGE_MACHINE_SUFFIX}', ''][d.getVar('INITRAMFS_IMAGE') == '']}"
 
 # The default DEPLOY_DIR_IMAGE is ${MACHINE} directory:
diff --git a/poky/meta/classes-recipe/image-live.bbclass b/poky/meta/classes-recipe/image-live.bbclass
index 168774a..95dd44a 100644
--- a/poky/meta/classes-recipe/image-live.bbclass
+++ b/poky/meta/classes-recipe/image-live.bbclass
@@ -260,6 +260,5 @@
     bb.build.exec_func('create_symlinks', d)
 }
 do_bootimg[subimages] = "hddimg iso"
-do_bootimg[imgsuffix] = "."
 
 addtask bootimg before do_image_complete after do_rootfs
diff --git a/poky/meta/classes-recipe/image.bbclass b/poky/meta/classes-recipe/image.bbclass
index e0dfba4..21b220a 100644
--- a/poky/meta/classes-recipe/image.bbclass
+++ b/poky/meta/classes-recipe/image.bbclass
@@ -480,14 +480,14 @@
                     if subimage not in subimages:
                         subimages.append(subimage)
                     if type not in alltypes:
-                        rm_tmp_images.add(localdata.expand("${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"))
+                        rm_tmp_images.add(localdata.expand("${IMAGE_NAME}.${type}"))
 
         for bt in basetypes[t]:
             gen_conversion_cmds(bt)
 
         localdata.setVar('type', realt)
         if t not in alltypes:
-            rm_tmp_images.add(localdata.expand("${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"))
+            rm_tmp_images.add(localdata.expand("${IMAGE_NAME}.${type}"))
         else:
             subimages.append(realt)
 
@@ -594,13 +594,12 @@
     manifest_name = d.getVar('IMAGE_MANIFEST')
     taskname = d.getVar("BB_CURRENTTASK")
     subimages = (d.getVarFlag("do_" + taskname, 'subimages', False) or "").split()
-    imgsuffix = d.getVarFlag("do_" + taskname, 'imgsuffix') or d.expand("${IMAGE_NAME_SUFFIX}.")
 
     if not link_name:
         return
     for type in subimages:
         dst = os.path.join(deploy_dir, link_name + "." + type)
-        src = img_name + imgsuffix + type
+        src = img_name + "." + type
         if os.path.exists(os.path.join(deploy_dir, src)):
             bb.note("Creating symlink: %s -> %s" % (dst, src))
             if os.path.islink(dst):
diff --git a/poky/meta/classes-recipe/image_types.bbclass b/poky/meta/classes-recipe/image_types.bbclass
index 023eb87..fdee835 100644
--- a/poky/meta/classes-recipe/image_types.bbclass
+++ b/poky/meta/classes-recipe/image_types.bbclass
@@ -66,9 +66,9 @@
 ZSTD_COMPRESSION_LEVEL ?= "-3"
 
 JFFS2_SUM_EXTRA_ARGS ?= ""
-IMAGE_CMD:jffs2 = "mkfs.jffs2 --root=${IMAGE_ROOTFS} --faketime --output=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.jffs2 ${EXTRA_IMAGECMD}"
+IMAGE_CMD:jffs2 = "mkfs.jffs2 --root=${IMAGE_ROOTFS} --faketime --output=${IMGDEPLOYDIR}/${IMAGE_NAME}.jffs2 ${EXTRA_IMAGECMD}"
 
-IMAGE_CMD:cramfs = "mkfs.cramfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cramfs ${EXTRA_IMAGECMD}"
+IMAGE_CMD:cramfs = "mkfs.cramfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}.cramfs ${EXTRA_IMAGECMD}"
 
 oe_mkext234fs () {
 	fstype=$1
@@ -88,14 +88,14 @@
 		eval COUNT=\"$MIN_COUNT\"
 	fi
 	# Create a sparse image block
-	bbdebug 1 Executing "dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype seek=$ROOTFS_SIZE count=$COUNT bs=1024"
-	dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype seek=$ROOTFS_SIZE count=$COUNT bs=1024
+	bbdebug 1 Executing "dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype seek=$ROOTFS_SIZE count=$COUNT bs=1024"
+	dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype seek=$ROOTFS_SIZE count=$COUNT bs=1024
 	bbdebug 1 "Actual Rootfs size:  `du -s ${IMAGE_ROOTFS}`"
-	bbdebug 1 "Actual Partition size: `stat -c '%s' ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype`"
-	bbdebug 1 Executing "mkfs.$fstype -F $extra_imagecmd ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype -d ${IMAGE_ROOTFS}"
-	mkfs.$fstype -F $extra_imagecmd ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype -d ${IMAGE_ROOTFS}
+	bbdebug 1 "Actual Partition size: `stat -c '%s' ${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype`"
+	bbdebug 1 Executing "mkfs.$fstype -F $extra_imagecmd ${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype -d ${IMAGE_ROOTFS}"
+	mkfs.$fstype -F $extra_imagecmd ${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype -d ${IMAGE_ROOTFS}
 	# Error codes 0-3 indicate successfull operation of fsck (no errors or errors corrected)
-	fsck.$fstype -pvfD ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype || [ $? -le 3 ]
+	fsck.$fstype -pvfD ${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype || [ $? -le 3 ]
 }
 
 IMAGE_CMD:ext2 = "oe_mkext234fs ext2 ${EXTRA_IMAGECMD}"
@@ -109,8 +109,8 @@
 		size=${MIN_BTRFS_SIZE}
 		bbwarn "Rootfs size is too small for BTRFS. Filesystem will be extended to ${size}K"
 	fi
-	dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.btrfs seek=${size} count=0 bs=1024
-	mkfs.btrfs ${EXTRA_IMAGECMD} -r ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.btrfs
+	dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}.btrfs seek=${size} count=0 bs=1024
+	mkfs.btrfs ${EXTRA_IMAGECMD} -r ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}.btrfs
 }
 
 oe_mksquashfs () {
@@ -119,7 +119,7 @@
 
     # Use the bitbake reproducible timestamp instead of the hardcoded squashfs one
     export SOURCE_DATE_EPOCH=$(stat -c '%Y' ${IMAGE_ROOTFS})
-    mksquashfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.squashfs${comp:+-}${suffix:-$comp} ${EXTRA_IMAGECMD} -noappend ${comp:+-comp }$comp
+    mksquashfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}.squashfs${comp:+-}${suffix:-$comp} ${EXTRA_IMAGECMD} -noappend ${comp:+-comp }$comp
 }
 IMAGE_CMD:squashfs = "oe_mksquashfs"
 IMAGE_CMD:squashfs-xz = "oe_mksquashfs xz"
@@ -127,18 +127,18 @@
 IMAGE_CMD:squashfs-lz4 = "oe_mksquashfs lz4"
 IMAGE_CMD:squashfs-zst = "oe_mksquashfs zstd zst"
 
-IMAGE_CMD:erofs = "mkfs.erofs ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.erofs ${IMAGE_ROOTFS}"
-IMAGE_CMD:erofs-lz4 = "mkfs.erofs -zlz4 ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.erofs-lz4 ${IMAGE_ROOTFS}"
-IMAGE_CMD:erofs-lz4hc = "mkfs.erofs -zlz4hc ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.erofs-lz4hc ${IMAGE_ROOTFS}"
+IMAGE_CMD:erofs = "mkfs.erofs ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}.erofs ${IMAGE_ROOTFS}"
+IMAGE_CMD:erofs-lz4 = "mkfs.erofs -zlz4 ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}.erofs-lz4 ${IMAGE_ROOTFS}"
+IMAGE_CMD:erofs-lz4hc = "mkfs.erofs -zlz4hc ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}.erofs-lz4hc ${IMAGE_ROOTFS}"
 
 
 IMAGE_CMD_TAR ?= "tar"
 # ignore return code 1 "file changed as we read it" as other tasks(e.g. do_image_wic) may be hardlinking rootfs
-IMAGE_CMD:tar = "${IMAGE_CMD_TAR} --sort=name --format=posix --numeric-owner -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.tar -C ${IMAGE_ROOTFS} . || [ $? -eq 1 ]"
+IMAGE_CMD:tar = "${IMAGE_CMD_TAR} --sort=name --format=posix --numeric-owner -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}.tar -C ${IMAGE_ROOTFS} . || [ $? -eq 1 ]"
 
 do_image_cpio[cleandirs] += "${WORKDIR}/cpio_append"
 IMAGE_CMD:cpio () {
-	(cd ${IMAGE_ROOTFS} && find . | sort | cpio --reproducible -o -H newc >${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cpio)
+	(cd ${IMAGE_ROOTFS} && find . | sort | cpio --reproducible -o -H newc >${IMGDEPLOYDIR}/${IMAGE_NAME}.cpio)
 	# We only need the /init symlink if we're building the real
 	# image. The -dbg image doesn't need it! By being clever
 	# about this we also avoid 'touch' below failing, as it
@@ -152,7 +152,7 @@
 			else
                                 touch -r ${IMAGE_ROOTFS} ${WORKDIR}/cpio_append/init
 			fi
-			(cd  ${WORKDIR}/cpio_append && echo ./init | cpio --reproducible -oA -H newc -F ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cpio)
+			(cd  ${WORKDIR}/cpio_append && echo ./init | cpio --reproducible -oA -H newc -F ${IMGDEPLOYDIR}/${IMAGE_NAME}.cpio)
 		fi
 	fi
 }
@@ -167,7 +167,7 @@
 	cat <<EOF > ubinize${vname}-${IMAGE_NAME}.cfg
 [ubifs]
 mode=ubi
-image=${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.${UBI_IMGTYPE}
+image=${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}.${UBI_IMGTYPE}
 vol_id=0
 vol_type=${UBI_VOLTYPE}
 vol_name=${UBI_VOLNAME}
@@ -192,9 +192,9 @@
 	write_ubi_config "${vname}"
 
 	if [ -n "$vname" ]; then
-		mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs ${mkubifs_args}
+		mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}.ubifs ${mkubifs_args}
 	fi
-	ubinize -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubi ${ubinize_args} ubinize${vname}-${IMAGE_NAME}.cfg
+	ubinize -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}.ubi ${ubinize_args} ubinize${vname}-${IMAGE_NAME}.cfg
 
 	# Cleanup cfg file
 	mv ubinize${vname}-${IMAGE_NAME}.cfg ${IMGDEPLOYDIR}/
@@ -202,12 +202,12 @@
 	# Create own symlinks for 'named' volumes
 	if [ -n "$vname" ]; then
 		cd ${IMGDEPLOYDIR}
-		if [ -e ${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs ]; then
-			ln -sf ${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs \
+		if [ -e ${IMAGE_NAME}${vname}.ubifs ]; then
+			ln -sf ${IMAGE_NAME}${vname}.ubifs \
 			${IMAGE_LINK_NAME}${vname}.ubifs
 		fi
-		if [ -e ${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubi ]; then
-			ln -sf ${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubi \
+		if [ -e ${IMAGE_NAME}${vname}.ubi ]; then
+			ln -sf ${IMAGE_NAME}${vname}.ubi \
 			${IMAGE_LINK_NAME}${vname}.ubi
 		fi
 		cd -
@@ -232,7 +232,7 @@
 }
 IMAGE_TYPEDEP:ubi = "${UBI_IMGTYPE}"
 
-IMAGE_CMD:ubifs = "mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.ubifs ${MKUBIFS_ARGS}"
+IMAGE_CMD:ubifs = "mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}.ubifs ${MKUBIFS_ARGS}"
 
 MIN_F2FS_SIZE ?= "524288"
 IMAGE_CMD:f2fs () {
@@ -246,9 +246,9 @@
 		size=${MIN_F2FS_SIZE}
 		bbwarn "Rootfs size is too small for F2FS. Filesystem will be extended to ${size}K"
 	fi
-	dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.f2fs seek=${size} count=0 bs=1024
-	mkfs.f2fs ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.f2fs
-	sload.f2fs -f ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.f2fs
+	dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}.f2fs seek=${size} count=0 bs=1024
+	mkfs.f2fs ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}.f2fs
+	sload.f2fs -f ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}.f2fs
 }
 
 EXTRA_IMAGECMD = ""
@@ -314,32 +314,32 @@
 COMPRESSIONTYPES ?= ""
 
 CONVERSIONTYPES = "gz bz2 lzma xz lz4 lzo zip 7zip zst sum md5sum sha1sum sha224sum sha256sum sha384sum sha512sum bmap u-boot vmdk vhd vhdx vdi qcow2 base64 gzsync zsync ${COMPRESSIONTYPES}"
-CONVERSION_CMD:lzma = "lzma -k -f -7 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
-CONVERSION_CMD:gz = "gzip -f -9 -n -c --rsyncable ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.gz"
-CONVERSION_CMD:bz2 = "pbzip2 -f -k ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
-CONVERSION_CMD:xz = "xz -f -k -c ${XZ_COMPRESSION_LEVEL} ${XZ_DEFAULTS} --check=${XZ_INTEGRITY_CHECK} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.xz"
-CONVERSION_CMD:lz4 = "lz4 -9 -z -l ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.lz4"
-CONVERSION_CMD:lzo = "lzop -9 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
-CONVERSION_CMD:zip = "zip ${ZIP_COMPRESSION_LEVEL} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.zip ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
-CONVERSION_CMD:7zip = "7za a -mx=${7ZIP_COMPRESSION_LEVEL} -mm=${7ZIP_COMPRESSION_METHOD} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.${7ZIP_EXTENSION} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
-CONVERSION_CMD:zst = "zstd -f -k -T0 -c ${ZSTD_COMPRESSION_LEVEL} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.zst"
-CONVERSION_CMD:sum = "sumtool -i ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} -o ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sum ${JFFS2_SUM_EXTRA_ARGS}"
-CONVERSION_CMD:md5sum = "md5sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.md5sum"
-CONVERSION_CMD:sha1sum = "sha1sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha1sum"
-CONVERSION_CMD:sha224sum = "sha224sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha224sum"
-CONVERSION_CMD:sha256sum = "sha256sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha256sum"
-CONVERSION_CMD:sha384sum = "sha384sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha384sum"
-CONVERSION_CMD:sha512sum = "sha512sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha512sum"
-CONVERSION_CMD:bmap = "bmaptool create ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} -o ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.bmap"
-CONVERSION_CMD:u-boot = "mkimage -A ${UBOOT_ARCH} -O linux -T ramdisk -C none -n ${IMAGE_NAME} -d ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.u-boot"
-CONVERSION_CMD:vmdk = "qemu-img convert -O vmdk ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.vmdk"
-CONVERSION_CMD:vhdx = "qemu-img convert -O vhdx -o subformat=dynamic ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.vhdx"
-CONVERSION_CMD:vhd = "qemu-img convert -O vpc -o subformat=fixed ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.vhd"
-CONVERSION_CMD:vdi = "qemu-img convert -O vdi ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.vdi"
-CONVERSION_CMD:qcow2 = "qemu-img convert -O qcow2 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.qcow2"
-CONVERSION_CMD:base64 = "base64 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.base64"
-CONVERSION_CMD:zsync = "zsyncmake_curl ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
-CONVERSION_CMD:gzsync = "zsyncmake_curl -z ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
+CONVERSION_CMD:lzma = "lzma -k -f -7 ${IMAGE_NAME}.${type}"
+CONVERSION_CMD:gz = "gzip -f -9 -n -c --rsyncable ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.gz"
+CONVERSION_CMD:bz2 = "pbzip2 -f -k ${IMAGE_NAME}.${type}"
+CONVERSION_CMD:xz = "xz -f -k -c ${XZ_COMPRESSION_LEVEL} ${XZ_DEFAULTS} --check=${XZ_INTEGRITY_CHECK} ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.xz"
+CONVERSION_CMD:lz4 = "lz4 -9 -z -l ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.lz4"
+CONVERSION_CMD:lzo = "lzop -9 ${IMAGE_NAME}.${type}"
+CONVERSION_CMD:zip = "zip ${ZIP_COMPRESSION_LEVEL} ${IMAGE_NAME}.${type}.zip ${IMAGE_NAME}.${type}"
+CONVERSION_CMD:7zip = "7za a -mx=${7ZIP_COMPRESSION_LEVEL} -mm=${7ZIP_COMPRESSION_METHOD} ${IMAGE_NAME}.${type}.${7ZIP_EXTENSION} ${IMAGE_NAME}.${type}"
+CONVERSION_CMD:zst = "zstd -f -k -T0 -c ${ZSTD_COMPRESSION_LEVEL} ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.zst"
+CONVERSION_CMD:sum = "sumtool -i ${IMAGE_NAME}.${type} -o ${IMAGE_NAME}.${type}.sum ${JFFS2_SUM_EXTRA_ARGS}"
+CONVERSION_CMD:md5sum = "md5sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.md5sum"
+CONVERSION_CMD:sha1sum = "sha1sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.sha1sum"
+CONVERSION_CMD:sha224sum = "sha224sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.sha224sum"
+CONVERSION_CMD:sha256sum = "sha256sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.sha256sum"
+CONVERSION_CMD:sha384sum = "sha384sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.sha384sum"
+CONVERSION_CMD:sha512sum = "sha512sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.sha512sum"
+CONVERSION_CMD:bmap = "bmaptool create ${IMAGE_NAME}.${type} -o ${IMAGE_NAME}.${type}.bmap"
+CONVERSION_CMD:u-boot = "mkimage -A ${UBOOT_ARCH} -O linux -T ramdisk -C none -n ${IMAGE_NAME} -d ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.u-boot"
+CONVERSION_CMD:vmdk = "qemu-img convert -O vmdk ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.vmdk"
+CONVERSION_CMD:vhdx = "qemu-img convert -O vhdx -o subformat=dynamic ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.vhdx"
+CONVERSION_CMD:vhd = "qemu-img convert -O vpc -o subformat=fixed ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.vhd"
+CONVERSION_CMD:vdi = "qemu-img convert -O vdi ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.vdi"
+CONVERSION_CMD:qcow2 = "qemu-img convert -O qcow2 ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.qcow2"
+CONVERSION_CMD:base64 = "base64 ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.base64"
+CONVERSION_CMD:zsync = "zsyncmake_curl ${IMAGE_NAME}.${type}"
+CONVERSION_CMD:gzsync = "zsyncmake_curl -z ${IMAGE_NAME}.${type}"
 CONVERSION_DEPENDS_lzma = "xz-native"
 CONVERSION_DEPENDS_gz = "pigz-native"
 CONVERSION_DEPENDS_bz2 = "pbzip2-native"
diff --git a/poky/meta/classes-recipe/image_types_wic.bbclass b/poky/meta/classes-recipe/image_types_wic.bbclass
index be31fbf..669606d 100644
--- a/poky/meta/classes-recipe/image_types_wic.bbclass
+++ b/poky/meta/classes-recipe/image_types_wic.bbclass
@@ -71,7 +71,7 @@
 		bbfatal "No kickstart files from WKS_FILES were found: ${WKS_FILES}. Please set WKS_FILE or WKS_FILES appropriately."
 	fi
 	BUILDDIR="${TOPDIR}" PSEUDO_UNLOAD=1 wic create "$wks" --vars "${STAGING_DIR}/${MACHINE}/imgdata/" -e "${IMAGE_BASENAME}" -o "$build_wic/" -w "$tmp_wic" ${WIC_CREATE_EXTRA_ARGS}
-	mv "$build_wic/$(basename "${wks%.wks}")"*.direct "$out${IMAGE_NAME_SUFFIX}.wic"
+	mv "$build_wic/$(basename "${wks%.wks}")"*.direct "$out.wic"
 }
 IMAGE_CMD:wic[vardepsexclude] = "WKS_FULL_PATH WKS_FILES TOPDIR"
 do_image_wic[cleandirs] = "${WORKDIR}/build-wic"
diff --git a/poky/meta/classes-recipe/kernel-arch.bbclass b/poky/meta/classes-recipe/kernel-arch.bbclass
index 6e19dbb..df4884b 100644
--- a/poky/meta/classes-recipe/kernel-arch.bbclass
+++ b/poky/meta/classes-recipe/kernel-arch.bbclass
@@ -80,3 +80,10 @@
 KERNEL_STRIP = "${CCACHE}${HOST_PREFIX}strip ${HOST_STRIP_KERNEL_ARCH}"
 TOOLCHAIN ?= "gcc"
 
+# 6.3+ requires the variable LOCALVERSION to be set to not get a "+" in
+# the local version. Having it empty means nothing will be added, and any
+# value will be appended to the local kernel version. This replaces the
+# use of .scmversion file for setting a localversion without using
+# the CONFIG_LOCALVERSION option.
+KERNEL_LOCALVERSION ??= ""
+export LOCALVERSION ?= "${KERNEL_LOCALVERSION}"
diff --git a/poky/meta/classes-recipe/kernel-devicetree.bbclass b/poky/meta/classes-recipe/kernel-devicetree.bbclass
index 1b60c14..eff052b 100644
--- a/poky/meta/classes-recipe/kernel-devicetree.bbclass
+++ b/poky/meta/classes-recipe/kernel-devicetree.bbclass
@@ -100,28 +100,36 @@
 		if "${@'false' if oe.types.boolean(d.getVar('KERNEL_DTBVENDORED')) else 'true'}"; then
 			dtb=$dtb_base_name.$dtb_ext
 		fi
-		install -m 0644 ${D}/${KERNEL_DTBDEST}/$dtb $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
-		if [ "${KERNEL_IMAGETYPE_SYMLINK}" = "1" ] ; then
-			ln -sf $dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext $deployDir/$dtb_base_name.$dtb_ext
+		install -m 0644 ${D}/${KERNEL_DTBDEST}/$dtb $deployDir/$dtb_base_name.$dtb_ext
+		if [ -n "${KERNEL_DTB_NAME}" ] ; then
+			ln -sf $dtb_base_name.$dtb_ext $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
 		fi
 		if [ -n "${KERNEL_DTB_LINK_NAME}" ] ; then
-			ln -sf $dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext $deployDir/$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext
+			ln -sf $dtb_base_name.$dtb_ext $deployDir/$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext
 		fi
 		for type in ${KERNEL_IMAGETYPE_FOR_MAKE}; do
 			if [ "$type" = "zImage" ] && [ "${KERNEL_DEVICETREE_BUNDLE}" = "1" ]; then
 				cat ${D}/${KERNEL_IMAGEDEST}/$type \
-					$deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext \
-					> $deployDir/$type-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT}
+					$deployDir/$dtb_base_name.$dtb_ext \
+					> $deployDir/$type-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT}
+				if [ -n "${KERNEL_DTB_NAME}" ]; then
+					ln -sf $type-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT} \
+						$deployDir/$type-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT}
+				fi
 				if [ -n "${KERNEL_DTB_LINK_NAME}" ]; then
-					ln -sf $type-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT} \
+					ln -sf $type-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT} \
 						$deployDir/$type-$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT}
 				fi
 				if [ -e "${KERNEL_OUTPUT_DIR}/${type}.initramfs" ]; then
 					cat ${KERNEL_OUTPUT_DIR}/${type}.initramfs \
-						$deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext \
-						>  $deployDir/${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT}
+						$deployDir/$dtb_base_name.$dtb_ext \
+						>  $deployDir/${type}-${INITRAMFS_NAME}-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT}
+					if [ -n "${KERNEL_DTB_NAME}" ]; then
+						ln -sf ${type}-${INITRAMFS_NAME}-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT} \
+							$deployDir/${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT}
+					fi
 					if [ -n "${KERNEL_DTB_LINK_NAME}" ]; then
-						ln -sf ${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT} \
+						ln -sf ${type}-${INITRAMFS_NAME}-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT} \
 							$deployDir/${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT}
 					fi
 				fi
diff --git a/poky/meta/classes-recipe/kernel-module-split.bbclass b/poky/meta/classes-recipe/kernel-module-split.bbclass
index 50882c3..c1208d5 100644
--- a/poky/meta/classes-recipe/kernel-module-split.bbclass
+++ b/poky/meta/classes-recipe/kernel-module-split.bbclass
@@ -30,9 +30,8 @@
 
 PACKAGE_WRITE_DEPS += "kmod-native depmodwrapper-cross"
 
-do_install:append() {
-	install -d ${D}${sysconfdir}/modules-load.d/ ${D}${sysconfdir}/modprobe.d/
-}
+modulesloaddir ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${nonarch_libdir}', '${sysconfdir}', d)}/modules-load.d"
+modprobedir ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${nonarch_base_libdir}', '${sysconfdir}', d)}/modprobe.d"
 
 KERNEL_SPLIT_MODULES ?= "1"
 PACKAGESPLITFUNCS =+ "split_kernel_module_packages"
@@ -73,9 +72,8 @@
             cmd = "%sobjcopy -j .modinfo -O binary %s %s" % (d.getVar("HOST_PREFIX") or "", file, tmpfile)
         subprocess.check_call(cmd, shell=True)
         # errors='replace': Some old kernel versions contain invalid utf-8 characters in mod descriptions (like 0xf6, 'ö')
-        f = open(tmpfile, errors='replace')
-        l = f.read().split("\000")
-        f.close()
+        with open(tmpfile, errors='replace') as f:
+            l = f.read().split("\000")
         os.close(tf[0])
         os.unlink(tmpfile)
         if compressed:
@@ -93,7 +91,7 @@
 
         dvar = d.getVar('PKGD')
 
-        # If autoloading is requested, output /etc/modules-load.d/<name>.conf and append
+        # If autoloading is requested, output ${modulesloaddir}/<name>.conf and append
         # appropriate modprobe commands to the postinst
         autoloadlist = (d.getVar("KERNEL_MODULE_AUTOLOAD") or "").split()
         autoload = d.getVar('module_autoload_%s' % basename)
@@ -102,14 +100,18 @@
         if autoload and basename not in autoloadlist:
             bb.warn("module_autoload_%s is defined but '%s' isn't included in KERNEL_MODULE_AUTOLOAD, please add it there" % (basename, basename))
         if basename in autoloadlist:
-            name = '%s/etc/modules-load.d/%s.conf' % (dvar, basename)
-            f = open(name, 'w')
-            if autoload:
-                for m in autoload.split():
-                    f.write('%s\n' % m)
-            else:
-                f.write('%s\n' % basename)
-            f.close()
+            conf = '%s/%s.conf' % (d.getVar('modulesloaddir'), basename)
+            name = '%s%s' % (dvar, conf)
+            os.makedirs(os.path.dirname(name), exist_ok=True)
+            with open(name, 'w') as f:
+                if autoload:
+                    for m in autoload.split():
+                        f.write('%s\n' % m)
+                else:
+                    f.write('%s\n' % basename)
+            conf2append = ' %s' % conf
+            d.appendVar('FILES:%s' % pkg, conf2append)
+            d.appendVar('CONFFILES:%s' % pkg, conf2append)
             postinst = d.getVar('pkg_postinst:%s' % pkg)
             if not postinst:
                 bb.fatal("pkg_postinst:%s not defined" % pkg)
@@ -120,21 +122,18 @@
         modconflist = (d.getVar("KERNEL_MODULE_PROBECONF") or "").split()
         modconf = d.getVar('module_conf_%s' % basename)
         if modconf and basename in modconflist:
-            name = '%s/etc/modprobe.d/%s.conf' % (dvar, basename)
-            f = open(name, 'w')
-            f.write("%s\n" % modconf)
-            f.close()
+            conf = '%s/%s.conf' % (d.getVar('modprobedir'), basename)
+            name = '%s%s' % (dvar, conf)
+            os.makedirs(os.path.dirname(name), exist_ok=True)
+            with open(name, 'w') as f:
+                f.write("%s\n" % modconf)
+            conf2append = ' %s' % conf
+            d.appendVar('FILES:%s' % pkg, conf2append)
+            d.appendVar('CONFFILES:%s' % pkg, conf2append)
+
         elif modconf:
             bb.error("Please ensure module %s is listed in KERNEL_MODULE_PROBECONF since module_conf_%s is set" % (basename, basename))
 
-        files = d.getVar('FILES:%s' % pkg)
-        files = "%s /etc/modules-load.d/%s.conf /etc/modprobe.d/%s.conf" % (files, basename, basename)
-        d.setVar('FILES:%s' % pkg, files)
-
-        conffiles = d.getVar('CONFFILES:%s' % pkg)
-        conffiles = "%s /etc/modules-load.d/%s.conf /etc/modprobe.d/%s.conf" % (conffiles, basename, basename)
-        d.setVar('CONFFILES:%s' % pkg, conffiles)
-
         if "description" in vals:
             old_desc = d.getVar('DESCRIPTION:' + pkg) or ""
             d.setVar('DESCRIPTION:' + pkg, old_desc + "; " + vals["description"])
@@ -169,8 +168,8 @@
     postrm = d.getVar('pkg_postrm:modules')
 
     if splitmods != '1':
-        etcdir = d.getVar('sysconfdir')
-        d.appendVar('FILES:' + metapkg, '%s/modules-load.d/ %s/modprobe.d/ %s/modules/' % (etcdir, etcdir, d.getVar("nonarch_base_libdir")))
+        d.appendVar('FILES:' + metapkg, '%s %s %s/modules' %
+            (d.getVar('modulesloaddir'), d.getVar('modprobedir'), d.getVar("nonarch_base_libdir")))
         d.appendVar('pkg_postinst:%s' % metapkg, postinst)
         d.prependVar('pkg_postrm:%s' % metapkg, postrm);
         return
@@ -184,14 +183,6 @@
     modules = do_split_packages(d, root='${nonarch_base_libdir}/modules', file_regex=module_regex, output_pattern=module_pattern, description='%s kernel module', postinst=postinst, postrm=postrm, recursive=True, hook=frob_metadata, extra_depends='%s-%s' % (kernel_package_name, kernel_version))
     if modules:
         d.appendVar('RDEPENDS:' + metapkg, ' '+' '.join(modules))
-
-    # If modules-load.d and modprobe.d are empty at this point, remove them to
-    # avoid warnings. removedirs only raises an OSError if an empty
-    # directory cannot be removed.
-    dvar = d.getVar('PKGD')
-    for dir in ["%s/etc/modprobe.d" % (dvar), "%s/etc/modules-load.d" % (dvar), "%s/etc" % (dvar)]:
-        if len(os.listdir(dir)) == 0:
-            os.rmdir(dir)
 }
 
 do_package[vardeps] += '${@" ".join(map(lambda s: "module_conf_" + s, (d.getVar("KERNEL_MODULE_PROBECONF") or "").split()))}'
diff --git a/poky/meta/classes-recipe/kernel.bbclass b/poky/meta/classes-recipe/kernel.bbclass
index e82b696..2e95631 100644
--- a/poky/meta/classes-recipe/kernel.bbclass
+++ b/poky/meta/classes-recipe/kernel.bbclass
@@ -181,13 +181,14 @@
 do_clean[cleandirs] += " ${S} ${STAGING_KERNEL_DIR} ${B} ${STAGING_KERNEL_BUILDDIR}"
 python do_symlink_kernsrc () {
     s = d.getVar("S")
-    if s[-1] == '/':
-        # drop trailing slash, so that os.symlink(kernsrc, s) doesn't use s as directory name and fail
-        s=s[:-1]
     kernsrc = d.getVar("STAGING_KERNEL_DIR")
     if s != kernsrc:
         bb.utils.mkdirhier(kernsrc)
         bb.utils.remove(kernsrc, recurse=True)
+        if s[-1] == '/':
+            # drop trailing slash, so that os.symlink(kernsrc, s) doesn't use s as
+            # directory name and fail
+            s = s[:-1]
         if d.getVar("EXTERNALSRC"):
             # With EXTERNALSRC S will not be wiped so we can symlink to it
             os.symlink(s, kernsrc)
@@ -355,6 +356,9 @@
 	export PKG_CONFIG_LIBDIR="$PKG_CONFIG_DIR"
 	export PKG_CONFIG_SYSROOT_DIR=""
 
+	# for newer kernels (5.19+) there's a dedicated variable
+	export HOSTPKG_CONFIG="pkg-config-native"
+
 	if [ "${KERNEL_DEBUG_TIMESTAMPS}" != "1" ]; then
 		# kernel sources do not use do_unpack, so SOURCE_DATE_EPOCH may not
 		# be set....
@@ -426,7 +430,7 @@
 	if (grep -q -i -e '^CONFIG_MODULES=y$' ${B}/.config); then
 		oe_runmake -C ${B} ${PARALLEL_MAKE} modules ${KERNEL_EXTRA_ARGS}
 
-		# Module.symvers gets updated during the 
+		# Module.symvers gets updated during the
 		# building of the kernel modules. We need to
 		# update this in the shared workdir since some
 		# external kernel modules has a dependency on
@@ -483,8 +487,6 @@
 	install -m 0644 .config ${D}/${KERNEL_IMAGEDEST}/config-${KERNEL_VERSION}
 	install -m 0644 vmlinux ${D}/${KERNEL_IMAGEDEST}/vmlinux-${KERNEL_VERSION}
 	[ -e Module.symvers ] && install -m 0644 Module.symvers ${D}/${KERNEL_IMAGEDEST}/Module.symvers-${KERNEL_VERSION}
-	install -d ${D}${sysconfdir}/modules-load.d
-	install -d ${D}${sysconfdir}/modprobe.d
 }
 
 # Must be ran no earlier than after do_kernel_checkout or else Makefile won't be in ${S}/Makefile
@@ -622,7 +624,6 @@
 # We don't need to stage anything, not the modules/firmware since those would clash with linux-firmware
 SYSROOT_DIRS = ""
 
-KERNEL_LOCALVERSION ??= ""
 KERNEL_CONFIG_COMMAND ?= "oe_runmake_call -C ${S} O=${B} olddefconfig || oe_runmake -C ${S} O=${B} oldnoconfig"
 
 python check_oldest_kernel() {
@@ -644,6 +645,9 @@
 	# $ scripts/setlocalversion . => +
 	# $ make kernelversion => 2.6.37
 	# $ make kernelrelease => 2.6.37+
+	# See kernel-arch.bbclass for post v6.3 removal of the extra
+	# + in localversion. .scmversion is no longer used, and the
+	# variable LOCALVERSION must be used
 	if [ ! -e ${B}/.scmversion -a ! -e ${S}/.scmversion ]; then
 		echo ${KERNEL_LOCALVERSION} > ${B}/.scmversion
 		echo ${KERNEL_LOCALVERSION} > ${S}/.scmversion
diff --git a/poky/meta/classes-recipe/meson.bbclass b/poky/meta/classes-recipe/meson.bbclass
index 48688be..7f5e9b1 100644
--- a/poky/meta/classes-recipe/meson.bbclass
+++ b/poky/meta/classes-recipe/meson.bbclass
@@ -111,6 +111,7 @@
 strip = ${@meson_array('BUILD_STRIP', d)}
 readelf = ${@meson_array('BUILD_READELF', d)}
 objcopy = ${@meson_array('BUILD_OBJCOPY', d)}
+llvm-config = '${STAGING_BINDIR_NATIVE}/llvm-config'
 pkgconfig = 'pkg-config-native'
 ${@rust_tool(d, "BUILD_SYS")}
 
diff --git a/poky/meta/classes-recipe/npm.bbclass b/poky/meta/classes-recipe/npm.bbclass
index 639f461..91da329 100644
--- a/poky/meta/classes-recipe/npm.bbclass
+++ b/poky/meta/classes-recipe/npm.bbclass
@@ -109,6 +109,7 @@
     import tempfile
     from bb.fetch2.npm import NpmEnvironment
     from bb.fetch2.npm import npm_unpack
+    from bb.fetch2.npm import npm_package
     from bb.fetch2.npmsw import foreach_dependencies
     from bb.progress import OutOfProgressHandler
     from oe.npm_registry import NpmRegistry
@@ -129,22 +130,6 @@
         sha512 = bb.utils.sha512_file(tarball)
         return "sha512-" + base64.b64encode(bytes.fromhex(sha512)).decode()
 
-    def _npmsw_dependency_dict(orig, deptree):
-        """
-        Return the sub dictionary in the 'orig' dictionary corresponding to the
-        'deptree' dependency tree. This function follows the shrinkwrap file
-        format.
-        """
-        ptr = orig
-        for dep in deptree:
-            if "dependencies" not in ptr:
-                ptr["dependencies"] = {}
-            ptr = ptr["dependencies"]
-            if dep not in ptr:
-                ptr[dep] = {}
-            ptr = ptr[dep]
-        return ptr
-
     # Manage the manifest file and shrinkwrap files
     orig_manifest_file = d.expand("${S}/package.json")
     orig_shrinkwrap_file = d.expand("${S}/npm-shrinkwrap.json")
@@ -168,31 +153,44 @@
 
     if has_shrinkwrap_file:
        cached_shrinkwrap = copy.deepcopy(orig_shrinkwrap)
-       cached_shrinkwrap.pop("dependencies", None)
+       for package in orig_shrinkwrap["packages"]:
+            if package != "":
+                cached_shrinkwrap["packages"].pop(package, None)
+       cached_shrinkwrap["packages"][""].pop("dependencies", None)
+       cached_shrinkwrap["packages"][""].pop("devDependencies", None)
+       cached_shrinkwrap["packages"][""].pop("peerDependencies", None)
 
     # Manage the dependencies
     progress = OutOfProgressHandler(d, r"^(\d+)/(\d+)$")
     progress_total = 1 # also count the main package
     progress_done = 0
 
-    def _count_dependency(name, params, deptree):
+    def _count_dependency(name, params, destsuffix):
         nonlocal progress_total
         progress_total += 1
 
-    def _cache_dependency(name, params, deptree):
-        destsubdirs = [os.path.join("node_modules", dep) for dep in deptree]
-        destsuffix = os.path.join(*destsubdirs)
+    def _cache_dependency(name, params, destsuffix):
         with tempfile.TemporaryDirectory() as tmpdir:
             # Add the dependency to the npm cache
             destdir = os.path.join(d.getVar("S"), destsuffix)
             (tarball, pkg) = npm_pack(env, destdir, tmpdir)
             _npm_cache_add(tarball, pkg)
             # Add its signature to the cached shrinkwrap
-            dep = _npmsw_dependency_dict(cached_shrinkwrap, deptree)
+            dep = params
             dep["version"] = pkg['version']
             dep["integrity"] = _npm_integrity(tarball)
             if params.get("dev", False):
                 dep["dev"] = True
+                if "devDependencies" not in cached_shrinkwrap["packages"][""]:
+                    cached_shrinkwrap["packages"][""]["devDependencies"] = {}
+                cached_shrinkwrap["packages"][""]["devDependencies"][name] = pkg['version']
+
+            else:
+                if "dependencies" not in cached_shrinkwrap["packages"][""]:
+                    cached_shrinkwrap["packages"][""]["dependencies"] = {}
+                cached_shrinkwrap["packages"][""]["dependencies"][name] = pkg['version']
+
+            cached_shrinkwrap["packages"][destsuffix] = dep
             # Display progress
             nonlocal progress_done
             progress_done += 1
@@ -203,6 +201,19 @@
     if has_shrinkwrap_file:
         foreach_dependencies(orig_shrinkwrap, _count_dependency, dev)
         foreach_dependencies(orig_shrinkwrap, _cache_dependency, dev)
+    
+    # Manage Peer Dependencies
+    if has_shrinkwrap_file:
+        packages = orig_shrinkwrap.get("packages", {})
+        peer_deps = packages.get("", {}).get("peerDependencies", {})
+        package_runtime_dependencies = d.getVar("RDEPENDS:%s" % d.getVar("PN"))
+        
+        for peer_dep in peer_deps:
+            peer_dep_yocto_name = npm_package(peer_dep)
+            if peer_dep_yocto_name not in package_runtime_dependencies:
+                bb.warn(peer_dep + " is a peer dependencie that is not in RDEPENDS variable. " + 
+                "Please add this peer dependencie to the RDEPENDS variable as %s and generate its recipe with devtool"
+                % peer_dep_yocto_name)
 
     # Configure the main package
     with tempfile.TemporaryDirectory() as tmpdir:
@@ -212,7 +223,7 @@
     # Configure the cached manifest file and cached shrinkwrap file
     def _update_manifest(depkey):
         for name in orig_manifest.get(depkey, {}):
-            version = cached_shrinkwrap["dependencies"][name]["version"]
+            version = cached_shrinkwrap["packages"][""][depkey][name]
             if depkey not in cached_manifest:
                 cached_manifest[depkey] = {}
             cached_manifest[depkey][name] = version
@@ -279,6 +290,9 @@
         args.append(("target_arch", d.getVar("NPM_ARCH")))
         args.append(("build-from-source", "true"))
 
+        # Don't install peer dependencies as they should be in RDEPENDS variable
+        args.append(("legacy-peer-deps", "true"))
+
         # Pack and install the main package
         (tarball, _) = npm_pack(env, d.getVar("NPM_PACKAGE"), tmpdir)
         cmd = "npm install %s %s" % (shlex.quote(tarball), d.getVar("EXTRA_OENPM"))
diff --git a/poky/meta/classes-recipe/ptest-cargo.bbclass b/poky/meta/classes-recipe/ptest-cargo.bbclass
index 4ed5284..5d53abe 100644
--- a/poky/meta/classes-recipe/ptest-cargo.bbclass
+++ b/poky/meta/classes-recipe/ptest-cargo.bbclass
@@ -23,13 +23,13 @@
     bb.note(f"Building tests with cargo ({cmd})")
 
     try:
-        proc = subprocess.Popen(cmd, shell=True, env=env, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+        proc = subprocess.Popen(cmd, shell=True, env=env, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True)
     except subprocess.CalledProcessError as e:
         bb.fatal(f"Cannot build test with cargo: {e}")
 
     lines = []
     for line in proc.stdout:
-        data = line.decode('utf-8').strip('\n')
+        data = line.strip('\n')
         lines.append(data)
         bb.note(data)
     proc.communicate()
@@ -50,7 +50,7 @@
                 current_manifest_path = os.path.normpath(data['manifest_path'])
                 project_manifest_path = os.path.normpath(manifest_path)
                 if current_manifest_path == project_manifest_path:
-                    if data['target']['test'] or data['target']['doctest'] and data['executable']:
+                    if (data['target']['test'] or data['target']['doctest']) and data['executable']:
                         test_bins.append(data['executable'])
             except KeyError as e:
                 # skip lines that do not meet the requirements
diff --git a/poky/meta/classes-recipe/rootfs-postcommands.bbclass b/poky/meta/classes-recipe/rootfs-postcommands.bbclass
index 652601b..4492c9c 100644
--- a/poky/meta/classes-recipe/rootfs-postcommands.bbclass
+++ b/poky/meta/classes-recipe/rootfs-postcommands.bbclass
@@ -37,7 +37,7 @@
 ROOTFS_POSTPROCESS_COMMAND += "write_image_test_data; "
 
 # Write manifest
-IMAGE_MANIFEST = "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.manifest"
+IMAGE_MANIFEST = "${IMGDEPLOYDIR}/${IMAGE_NAME}.manifest"
 ROOTFS_POSTUNINSTALL_COMMAND =+ "write_image_manifest ; "
 # Set default postinst log file
 POSTINST_LOGFILE ?= "${localstatedir}/log/postinstall.log"
diff --git a/poky/meta/classes-recipe/rootfs_rpm.bbclass b/poky/meta/classes-recipe/rootfs_rpm.bbclass
index 6eccd5a..55f1cc9 100644
--- a/poky/meta/classes-recipe/rootfs_rpm.bbclass
+++ b/poky/meta/classes-recipe/rootfs_rpm.bbclass
@@ -20,11 +20,9 @@
 # Dnf is python based, so be sure python3-native is available to us.
 EXTRANATIVEPATH += "python3-native"
 
-# opkg is needed for update-alternatives
 RPMROOTFSDEPENDS = "rpm-native:do_populate_sysroot \
     dnf-native:do_populate_sysroot \
-    createrepo-c-native:do_populate_sysroot \
-    opkg-native:do_populate_sysroot"
+    createrepo-c-native:do_populate_sysroot"
 
 do_rootfs[depends] += "${RPMROOTFSDEPENDS}"
 do_populate_sdk[depends] += "${RPMROOTFSDEPENDS}"
diff --git a/poky/meta/classes-recipe/rust-common.bbclass b/poky/meta/classes-recipe/rust-common.bbclass
index e0cedd7..8782727 100644
--- a/poky/meta/classes-recipe/rust-common.bbclass
+++ b/poky/meta/classes-recipe/rust-common.bbclass
@@ -158,6 +158,10 @@
 WRAPPER_TARGET_CCLD = "${CCLD}"
 WRAPPER_TARGET_LDFLAGS = "${LDFLAGS}"
 WRAPPER_TARGET_EXTRALD = ""
+# see recipes-devtools/gcc/gcc/0018-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch
+# we need to link with ssp_nonshared on musl to avoid "undefined reference to `__stack_chk_fail_local'"
+# when building MACHINE=qemux86 for musl
+WRAPPER_TARGET_EXTRALD:libc-musl = "-lssp_nonshared"
 WRAPPER_TARGET_AR = "${AR}"
 
 # compiler is used by gcc-rs
diff --git a/poky/meta/classes-recipe/testexport.bbclass b/poky/meta/classes-recipe/testexport.bbclass
index 0f0c561..572f5d9 100644
--- a/poky/meta/classes-recipe/testexport.bbclass
+++ b/poky/meta/classes-recipe/testexport.bbclass
@@ -61,16 +61,12 @@
         d.getVar("TEST_TARGET"), None, d.getVar("TEST_TARGET_IP"),
         d.getVar("TEST_SERVER_IP"))
 
-    host_dumper = OERuntimeTestContextExecutor.getHostDumper(
-        d.getVar("testimage_dump_host"), d.getVar("TESTIMAGE_DUMP_DIR"))
-
     image_manifest = "%s.manifest" % image_name
     image_packages = OERuntimeTestContextExecutor.readPackagesManifest(image_manifest)
 
     extract_dir = d.getVar("TEST_EXTRACTED_DIR")
 
-    tc = OERuntimeTestContext(td, logger, target, host_dumper,
-                              image_packages, extract_dir)
+    tc = OERuntimeTestContext(td, logger, target, image_packages, extract_dir)
 
     copy_needed_files(d, tc)
 
diff --git a/poky/meta/classes-recipe/testimage.bbclass b/poky/meta/classes-recipe/testimage.bbclass
index 0f02ead..e306834 100644
--- a/poky/meta/classes-recipe/testimage.bbclass
+++ b/poky/meta/classes-recipe/testimage.bbclass
@@ -124,18 +124,6 @@
     find /var/log/ -type f 2>/dev/null -exec echo "====================" \; -exec echo {} \; -exec echo "====================" \; -exec cat {} \; -exec echo "" \;
 }
 
-testimage_dump_host () {
-    top -bn1
-    iostat -x -z -N -d -p ALL 20 2
-    ps -ef
-    free
-    df
-    memstat
-    dmesg
-    ip -s link
-    netstat -an
-}
-
 testimage_dump_monitor () {
     query-status
     query-block
@@ -381,19 +369,13 @@
     # runtime use network for download projects for build
     export_proxies(d)
 
-    # we need the host dumper in test context
-    host_dumper = OERuntimeTestContextExecutor.getHostDumper(
-        d.getVar("testimage_dump_host"),
-        d.getVar("TESTIMAGE_DUMP_DIR"))
-
     # the robot dance
     target = OERuntimeTestContextExecutor.getTarget(
         d.getVar("TEST_TARGET"), logger, d.getVar("TEST_TARGET_IP"),
         d.getVar("TEST_SERVER_IP"), **target_kwargs)
 
     # test context
-    tc = OERuntimeTestContext(td, logger, target, host_dumper,
-                              image_packages, extract_dir)
+    tc = OERuntimeTestContext(td, logger, target, image_packages, extract_dir)
 
     # Load tests before starting the target
     test_paths = get_runtime_paths(d)
diff --git a/poky/meta/classes-recipe/uboot-extlinux-config.bbclass b/poky/meta/classes-recipe/uboot-extlinux-config.bbclass
index 86a7d30..653e583 100644
--- a/poky/meta/classes-recipe/uboot-extlinux-config.bbclass
+++ b/poky/meta/classes-recipe/uboot-extlinux-config.bbclass
@@ -33,11 +33,11 @@
 # UBOOT_EXTLINUX_DEFAULT_LABEL ??= "Linux Default"
 # UBOOT_EXTLINUX_TIMEOUT ??= "30"
 #
-# UBOOT_EXTLINUX_KERNEL_IMAGE_default ??= "../zImage"
-# UBOOT_EXTLINUX_MENU_DESCRIPTION_default ??= "Linux Default"
+# UBOOT_EXTLINUX_KERNEL_IMAGE:default ??= "../zImage"
+# UBOOT_EXTLINUX_MENU_DESCRIPTION:default ??= "Linux Default"
 #
-# UBOOT_EXTLINUX_KERNEL_IMAGE_fallback ??= "../zImage-fallback"
-# UBOOT_EXTLINUX_MENU_DESCRIPTION_fallback ??= "Linux Fallback"
+# UBOOT_EXTLINUX_KERNEL_IMAGE:fallback ??= "../zImage-fallback"
+# UBOOT_EXTLINUX_MENU_DESCRIPTION:fallback ??= "Linux Fallback"
 #
 # Results:
 #
diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass
index bd9e7e7..c1f1ea0 100644
--- a/poky/meta/classes/cve-check.bbclass
+++ b/poky/meta/classes/cve-check.bbclass
@@ -48,8 +48,8 @@
 CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
 CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}"
 CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json"
-CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
-CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json"
+CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.cve"
+CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.json"
 CVE_CHECK_COPY_FILES ??= "1"
 CVE_CHECK_CREATE_MANIFEST ??= "1"
 
@@ -70,12 +70,28 @@
 # Skip CVE Check for packages (PN)
 CVE_CHECK_SKIP_RECIPE ?= ""
 
-# Ingore the check for a given list of CVEs. If a CVE is found,
-# then it is considered patched. The value is a string containing
-# space separated CVE values:
+# Replace NVD DB check status for a given CVE. Each of CVE has to be mentioned
+# separately with optional detail and description for this status.
 #
-# CVE_CHECK_IGNORE = 'CVE-2014-2524 CVE-2018-1234'
+# CVE_STATUS[CVE-1234-0001] = "not-applicable-platform: Issue only applies on Windows"
+# CVE_STATUS[CVE-1234-0002] = "fixed-version: Fixed externally"
 #
+# Settings the same status and reason for multiple CVEs is possible
+# via CVE_STATUS_GROUPS variable.
+#
+# CVE_STATUS_GROUPS = "CVE_STATUS_WIN CVE_STATUS_PATCHED"
+#
+# CVE_STATUS_WIN = "CVE-1234-0001 CVE-1234-0003"
+# CVE_STATUS_WIN[status] = "not-applicable-platform: Issue only applies on Windows"
+# CVE_STATUS_PATCHED = "CVE-1234-0002 CVE-1234-0004"
+# CVE_STATUS_PATCHED[status] = "fixed-version: Fixed externally"
+#
+# All possible CVE statuses could be found in cve-check-map.conf
+# CVE_CHECK_STATUSMAP[not-applicable-platform] = "Ignored"
+# CVE_CHECK_STATUSMAP[fixed-version] = "Patched"
+#
+# CVE_CHECK_IGNORE is deprecated and CVE_STATUS has to be used instead.
+# Keep CVE_CHECK_IGNORE until other layers migrate to new variables
 CVE_CHECK_IGNORE ?= ""
 
 # Layers to be excluded
@@ -88,6 +104,24 @@
 # set to "alphabetical" for version using single alphabetical character as increment release
 CVE_VERSION_SUFFIX ??= ""
 
+python () {
+    # Fallback all CVEs from CVE_CHECK_IGNORE to CVE_STATUS
+    cve_check_ignore = d.getVar("CVE_CHECK_IGNORE")
+    if cve_check_ignore:
+        bb.warn("CVE_CHECK_IGNORE is deprecated in favor of CVE_STATUS")
+        for cve in (d.getVar("CVE_CHECK_IGNORE") or "").split():
+            d.setVarFlag("CVE_STATUS", cve, "ignored")
+
+    # Process CVE_STATUS_GROUPS to set multiple statuses and optional detail or description at once
+    for cve_status_group in (d.getVar("CVE_STATUS_GROUPS") or "").split():
+        cve_group = d.getVar(cve_status_group)
+        if cve_group is not None:
+            for cve in cve_group.split():
+                d.setVarFlag("CVE_STATUS", cve, d.getVarFlag(cve_status_group, "status"))
+        else:
+            bb.warn("CVE_STATUS_GROUPS contains undefined variable %s" % cve_status_group)
+}
+
 def generate_json_report(d, out_path, link_path):
     if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
         import json
@@ -260,7 +294,7 @@
     """
     Connect to the NVD database and find unpatched cves.
     """
-    from oe.cve_check import Version, convert_cve_version
+    from oe.cve_check import Version, convert_cve_version, decode_cve_status
 
     pn = d.getVar("PN")
     real_pv = d.getVar("PV")
@@ -282,7 +316,12 @@
         bb.note("Recipe has been skipped by cve-check")
         return ([], [], [], [])
 
-    cve_ignore = d.getVar("CVE_CHECK_IGNORE").split()
+    # Convert CVE_STATUS into ignored CVEs and check validity
+    cve_ignore = []
+    for cve in (d.getVarFlags("CVE_STATUS") or {}):
+        decoded_status, _, _ = decode_cve_status(d, cve)
+        if decoded_status == "Ignored":
+            cve_ignore.append(cve)
 
     import sqlite3
     db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
@@ -413,6 +452,8 @@
     CVE manifest if enabled.
     """
 
+    from oe.cve_check import decode_cve_status
+
     cve_file = d.getVar("CVE_CHECK_LOG")
     fdir_name  = d.getVar("FILE_DIRNAME")
     layer = fdir_name.split("/")[-3]
@@ -441,20 +482,27 @@
         is_patched = cve in patched
         is_ignored = cve in ignored
 
+        status = "Unpatched"
         if (is_patched or is_ignored) and not report_all:
             continue
+        if is_ignored:
+            status = "Ignored"
+        elif is_patched:
+            status = "Patched"
+        else:
+            # default value of status is Unpatched
+            unpatched_cves.append(cve)
 
         write_string += "LAYER: %s\n" % layer
         write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
         write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV"))
         write_string += "CVE: %s\n" % cve
-        if is_ignored:
-            write_string += "CVE STATUS: Ignored\n"
-        elif is_patched:
-            write_string += "CVE STATUS: Patched\n"
-        else:
-            unpatched_cves.append(cve)
-            write_string += "CVE STATUS: Unpatched\n"
+        write_string += "CVE STATUS: %s\n" % status
+        _, detail, description = decode_cve_status(d, cve)
+        if detail:
+            write_string += "CVE DETAIL: %s\n" % detail
+        if description:
+            write_string += "CVE DESCRIPTION: %s\n" % description
         write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"]
         write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"]
         write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"]
@@ -516,6 +564,8 @@
     Prepare CVE data for the JSON format, then write it.
     """
 
+    from oe.cve_check import decode_cve_status
+
     output = {"version":"1", "package": []}
     nvd_link = "https://nvd.nist.gov/vuln/detail/"
 
@@ -576,6 +626,11 @@
             "status" : status,
             "link": issue_link
         }
+        _, detail, description = decode_cve_status(d, cve)
+        if detail:
+            cve_item["detail"] = detail
+        if description:
+            cve_item["description"] = description
         cve_list.append(cve_item)
 
     package_data["issue"] = cve_list
diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf
index 9625a6f..475d652 100644
--- a/poky/meta/conf/bitbake.conf
+++ b/poky/meta/conf/bitbake.conf
@@ -831,6 +831,7 @@
 include conf/documentation.conf
 include conf/licenses.conf
 require conf/sanity.conf
+require conf/cve-check-map.conf
 
 ##################################################################
 # Weak variables (usually to retain backwards compatibility)
@@ -904,7 +905,7 @@
 
 # Native distro features (will always be used for -native, even if they
 # are not enabled for target)
-DISTRO_FEATURES_NATIVE ?= "x11 ipv6 xattr"
+DISTRO_FEATURES_NATIVE ?= "acl x11 ipv6 xattr"
 DISTRO_FEATURES_NATIVESDK ?= "x11"
 
 # Normally target distro features will not be applied to native builds:
diff --git a/poky/meta/conf/cve-check-map.conf b/poky/meta/conf/cve-check-map.conf
new file mode 100644
index 0000000..17b0f15
--- /dev/null
+++ b/poky/meta/conf/cve-check-map.conf
@@ -0,0 +1,28 @@
+# Possible options for CVE statuses
+
+# used by this class internally when fix is detected (NVD DB version check or CVE patch file)
+CVE_CHECK_STATUSMAP[patched] = "Patched"
+# use when this class does not detect backported patch (e.g. vendor kernel repo with cherry-picked CVE patch)
+CVE_CHECK_STATUSMAP[backported-patch] = "Patched"
+# use when NVD DB does not mention patched versions of stable/LTS branches which have upstream CVE backports
+CVE_CHECK_STATUSMAP[cpe-stable-backport] = "Patched"
+# use when NVD DB does not mention correct version or does not mention any verion at all
+CVE_CHECK_STATUSMAP[fixed-version] = "Patched"
+
+# used internally by this class if CVE vulnerability is detected which is not marked as fixed or ignored
+CVE_CHECK_STATUSMAP[unpatched] = "Unpatched"
+# use when CVE is confirmed by upstream but fix is still not available
+CVE_CHECK_STATUSMAP[vulnerable-investigating] = "Unpatched"
+
+# used for migration from old concept, do not use for new vulnerabilities
+CVE_CHECK_STATUSMAP[ignored] = "Ignored"
+# use when NVD DB wrongly indicates vulnerability which is actually for a different component
+CVE_CHECK_STATUSMAP[cpe-incorrect] = "Ignored"
+# use when upstream does not accept the report as a vulnerability (e.g. works as designed)
+CVE_CHECK_STATUSMAP[disputed] = "Ignored"
+# use when vulnerability depends on build or runtime configuration which is not used
+CVE_CHECK_STATUSMAP[not-applicable-config] = "Ignored"
+# use when vulnerability affects other platform (e.g. Windows or Debian)
+CVE_CHECK_STATUSMAP[not-applicable-platform] = "Ignored"
+# use when upstream acknowledged the vulnerability but does not plan to fix it
+CVE_CHECK_STATUSMAP[upstream-wontfix] = "Ignored"
diff --git a/poky/meta/conf/distro/defaultsetup.conf b/poky/meta/conf/distro/defaultsetup.conf
index f6894f3..1abb509 100644
--- a/poky/meta/conf/distro/defaultsetup.conf
+++ b/poky/meta/conf/distro/defaultsetup.conf
@@ -2,7 +2,7 @@
 include conf/distro/include/default-versions.inc
 include conf/distro/include/default-distrovars.inc
 include conf/distro/include/maintainers.inc
-
+include conf/distro/include/time64.inc
 require conf/distro/include/tcmode-${TCMODE}.inc
 require conf/distro/include/tclibc-${TCLIBC}.inc
 
diff --git a/poky/meta/conf/distro/include/cve-extra-exclusions.inc b/poky/meta/conf/distro/include/cve-extra-exclusions.inc
index 1c3cc36..61fb08d 100644
--- a/poky/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/poky/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -15,44 +15,43 @@
 # the aim of sharing that work and ensuring we don't duplicate it.
 #
 
+# strace https://nvd.nist.gov/vuln/detail/CVE-2000-0006
+CVE_STATUS[CVE-2000-0006] = "upstream-wontfix: CVE is more than 20 years old \
+with no resolution evident. Broken links in CVE database references make resolution impractical."
 
-# strace https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0006
-# CVE is more than 20 years old with no resolution evident
-# broken links in CVE database references make resolution impractical
-CVE_CHECK_IGNORE += "CVE-2000-0006"
+# epiphany https://nvd.nist.gov/vuln/detail/CVE-2005-0238
+CVE_STATUS[CVE-2005-0238] = "upstream-wontfix: \
+The issue here is spoofing of domain names using characters from other character sets. \
+There has been much discussion amongst the epiphany and webkit developers and \
+whilst there are improvements about how domains are handled and displayed to the user \
+there is unlikely ever to be a single fix to webkit or epiphany which addresses this \
+problem. There isn't any mitigation or fix or way to progress this further."
 
-# epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0238
-# The issue here is spoofing of domain names using characters from other character sets.
-# There has been much discussion amongst the epiphany and webkit developers and
-# whilst there are improvements about how domains are handled and displayed to the user
-# there is unlikely ever to be a single fix to webkit or epiphany which addresses this
-# problem. Ignore this CVE as there isn't any mitigation or fix or way to progress this further
-# we can seem to take.
-CVE_CHECK_IGNORE += "CVE-2005-0238"
+# glibc https://nvd.nist.gov/vuln/detail/CVE-2010-4756
+CVE_STATUS[CVE-2010-4756] = "upstream-wontfix: \
+Issue is memory exhaustion via glob() calls, e.g. from within an ftp server \
+Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681 \
+Upstream don't see it as a security issue, ftp servers shouldn't be passing \
+this to libc glob. Upstream have no plans to add BSD's GLOB_LIMIT or similar."
 
-# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4756
-# Issue is memory exhaustion via glob() calls, e.g. from within an ftp server
-# Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681
-# Upstream don't see it as a security issue, ftp servers shouldn't be passing
-# this to libc glob. Exclude as upstream have no plans to add BSD's GLOB_LIMIT or similar
-CVE_CHECK_IGNORE += "CVE-2010-4756"
-
-# go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29509
-# go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29511
-# The encoding/xml package in go can potentially be used for security exploits if not used correctly
-# CVE applies to a netapp product as well as flagging a general issue. We don't ship anything
-# exposing this interface in an exploitable way
-CVE_CHECK_IGNORE += "CVE-2020-29509 CVE-2020-29511"
+# go https://nvd.nist.gov/vuln/detail/CVE-2020-29509
+# go https://nvd.nist.gov/vuln/detail/CVE-2020-29511
+CVE_STATUS_GROUPS += "CVE_STATUS_GO"
+CVE_STATUS_GO = "CVE-2020-29509 CVE-2020-29511"
+CVE_STATUS_GO[status] = "not-applicable-config: \
+The encoding/xml package in go can potentially be used for security exploits if not used correctly \
+CVE applies to a netapp product as well as flagging a general issue. We don't ship anything \
+exposing this interface in an exploitable way"
 
 # db
-# Since Oracle relicensed bdb, the open source community is slowly but surely replacing bdb with
-# supported and open source friendly alternatives. As a result these CVEs are unlikely to ever be fixed.
-CVE_CHECK_IGNORE += "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \
+CVE_STATUS_GROUPS += "CVE_STATUS_DB"
+CVE_STATUS_DB = "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \
 CVE-2015-2656 CVE-2015-4754 CVE-2015-4764 CVE-2015-4774 CVE-2015-4775 CVE-2015-4776 CVE-2015-4777 \
 CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4783 CVE-2015-4784 \
 CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \
 CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981"
-
+CVE_STATUS_DB[status] = "upstream-wontfix: Since Oracle relicensed bdb, the open source community is slowly but surely \
+replacing bdb with supported and open source friendly alternatives. As a result this CVE is unlikely to ever be fixed."
 
 #
 # Kernel CVEs, e.g. linux-yocto*
@@ -65,605 +64,64 @@
 # issues to be visible. If anyone wishes to clean up CPE entries with NIST for these, we'd
 # welcome than and then entries can likely be removed from here.
 #
+
+CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_2010 CVE_STATUS_KERNEL_2017 CVE_STATUS_KERNEL_2018 CVE_STATUS_KERNEL_2020 \
+                      CVE_STATUS_KERNEL_2021 CVE_STATUS_KERNEL_2022"
+
 # 1999-2010
-CVE_CHECK_IGNORE += "CVE-1999-0524 CVE-1999-0656 CVE-2006-2932 CVE-2007-2764 CVE-2007-4998 CVE-2008-2544 \
-                     CVE-2008-4609 CVE-2010-0298 CVE-2010-4563"
+CVE_STATUS_KERNEL_2010 = "CVE-1999-0524 CVE-1999-0656 CVE-2006-2932 CVE-2007-2764 CVE-2007-4998 CVE-2008-2544 \
+                          CVE-2008-4609 CVE-2010-0298 CVE-2010-4563"
+CVE_STATUS_KERNEL_2010[status] = "ignored"
+
 # 2011-2017
-CVE_CHECK_IGNORE += "CVE-2011-0640 CVE-2014-2648 CVE-2014-8171 CVE-2016-0774 CVE-2016-3695 CVE-2016-3699 \
-                     CVE-2017-1000255 CVE-2017-1000377 CVE-2017-5897 CVE-2017-6264"
+CVE_STATUS_KERNEL_2017 = "CVE-2011-0640 CVE-2014-2648 CVE-2014-8171 CVE-2016-0774 CVE-2016-3695 CVE-2016-3699 \
+                          CVE-2017-1000255 CVE-2017-1000377 CVE-2017-5897 CVE-2017-6264"
+CVE_STATUS_KERNEL_2017[status] = "ignored"
+
 # 2018
-CVE_CHECK_IGNORE += "CVE-2018-1000026 CVE-2018-10840 CVE-2018-10876 CVE-2018-10882 CVE-2018-10901 CVE-2018-10902 \
-                     CVE-2018-14625 CVE-2018-16880 CVE-2018-16884 CVE-2018-5873"
-
-# This is specific to Ubuntu
-CVE_CHECK_IGNORE += "CVE-2018-6559"
-
-# https://www.linuxkernelcves.com/cves/CVE-2019-3016
-# Fixed with 5.6
-CVE_CHECK_IGNORE += "CVE-2019-3016"
-
-# https://www.linuxkernelcves.com/cves/CVE-2019-3819
-# Fixed with 5.1
-CVE_CHECK_IGNORE += "CVE-2019-3819"
-
-# https://www.linuxkernelcves.com/cves/CVE-2019-3887
-# Fixed with 5.2
-CVE_CHECK_IGNORE += "CVE-2019-3887"
+CVE_STATUS_KERNEL_2018 = "CVE-2018-1000026 CVE-2018-10840 CVE-2018-10876 CVE-2018-10882 CVE-2018-10901 CVE-2018-10902 \
+                           CVE-2018-14625 CVE-2018-16880 CVE-2018-16884 CVE-2018-5873"
+CVE_STATUS_KERNEL_2018[status] = "ignored"
 
 # 2020
-CVE_CHECK_IGNORE += "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2020-27784
-# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9
-# Patched in kernel since v5.10	e8d5f92b8d30bb4ade76494490c3c065e12411b1
-# Backported in version v5.4.73	e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3
-CVE_CHECK_IGNORE += "CVE-2020-27784"
+CVE_STATUS_KERNEL_2020 = "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834"
+CVE_STATUS_KERNEL_2020[status] = "ignored"
 
 # 2021
-CVE_CHECK_IGNORE += "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \
-                     CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2021-3669
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9
-CVE_CHECK_IGNORE += "CVE-2021-3669"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2021-3759
-# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996
-# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f
-# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92
-# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196
-CVE_CHECK_IGNORE += "CVE-2021-3759"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2021-4218
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469
-CVE_CHECK_IGNORE += "CVE-2021-4218"
+CVE_STATUS_KERNEL_2021 = "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \
+                          CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402"
+CVE_STATUS_KERNEL_2021[status] = "ignored"
 
 # 2022
-CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \
-                     CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \
-                     CVE-2022-0995 CVE-2022-0998 CVE-2022-1011 CVE-2022-1015 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 \
-                     CVE-2022-1353 CVE-2022-24122 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25258 CVE-2022-25265 \
-                     CVE-2022-25375 CVE-2022-26490 CVE-2022-26878 CVE-2022-26966 CVE-2022-27223 CVE-2022-27666 CVE-2022-27950 \
-                     CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \
-                     CVE-2022-29582 CVE-2022-29968"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-0480
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042
-CVE_CHECK_IGNORE += "CVE-2022-0480"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-1184
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371
-# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064
-# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb
-# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d
-CVE_CHECK_IGNORE += "CVE-2022-1184"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-1462
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23
-# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132
-# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c
-# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29
-CVE_CHECK_IGNORE += "CVE-2022-1462"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-2196
-# Introduced in version v5.8 5c911beff20aa8639e7a1f28988736c13e03ed54
-# Breaking commit backported in v5.4.47 64b8f33b2e1e687d465b5cb382e7bec495f1e026
-# Patched in kernel since v6.2 2e7eab81425ad6c875f2ed47c0ce01e78afc38a5
-# Backported in version v5.4.233 f93a1a5bdcdd122aae0a3eab7a52c15b71fb725b
-# Backported in version v5.10.170 1b0cafaae8884726c597caded50af185ffc13349
-# Backported in version v5.15.96 6b539a7dbb49250f92515c2ba60aea239efc9e35
-# Backported in version v6.1.14 63fada296062e91ad9f871970d4e7f19e21a6a15
-CVE_CHECK_IGNORE += "CVE-2022-2196"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-2308
-# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e
-# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b
-# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a
-# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac
-CVE_CHECK_IGNORE += "CVE-2022-2308"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-2327
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859
-CVE_CHECK_IGNORE += "CVE-2022-2327"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-2663
-# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008
-# Patched in kernel since v6.0 0efe125cfb99e6773a7434f3463f7c2fa28f3a43
-# Backported in version v5.4.213 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547
-# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca
-# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4
-# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d
-CVE_CHECK_IGNORE += "CVE-2022-2663"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-2785
-# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74
-# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46
-# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd
-CVE_CHECK_IGNORE += "CVE-2022-2785"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3176
-# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58
-# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396
-# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5
-CVE_CHECK_IGNORE += "CVE-2022-3176"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3424
-# Introduced in version v2.6.33 55484c45dbeca2eec7642932ec3f60f8a2d4bdbf
-# Patched in kernel since v6.2 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
-# Backported in version v5.4.229 0078dd8758561540ed30b2c5daa1cb647e758977
-# Backported in version v5.10.163 0f67ed565f20ea2fdd98e3b0b0169d9e580bb83c
-# Backported in version v5.15.86 d5c8f9003a289ee2a9b564d109e021fc4d05d106
-# Backported in version v6.1.2 4e947fc71bec7c7da791f8562d5da233b235ba5e
-CVE_CHECK_IGNORE += "CVE-2022-3424"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3435
-# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82
-# Breaking commit backported in v5.4.189 f5064531c23ad646da7be8b938292b00a7e61438
-# Breaking commit backported in v5.10.111 63ea57478aaa3e06a597081a0f537318fc04e49f
-# Breaking commit backported in v5.15.34 907c97986d6fa77318d17659dd76c94b65dd27c5
-# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883
-# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
-# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e
-# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133
-CVE_CHECK_IGNORE += "CVE-2022-3435"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3526
-# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d
-# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442
-# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b
-CVE_CHECK_IGNORE += "CVE-2022-3526"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3534
-# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59
-# Patched in kernel since v6.2 93c660ca40b5d2f7c1b1626e955a8e9fa30e0749
-# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8
-# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b
-# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d
-CVE_CHECK_IGNORE += "CVE-2022-3534"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3564
-# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060
-# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966
-# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569
-# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde
-CVE_CHECK_IGNORE += "CVE-2022-3564"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3619
-# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528
-# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42
-# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c
-CVE_CHECK_IGNORE += "CVE-2022-3619"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3621
-# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184
-# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856
-# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c
-# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2
-# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55
-# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd
-CVE_CHECK_IGNORE += "CVE-2022-3621"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3623
-# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8
-# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f
-# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c
-# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850
-# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff
-# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54
-CVE_CHECK_IGNORE += "CVE-2022-3623"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3624
-# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e
-# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971
-CVE_CHECK_IGNORE += "CVE-2022-3624"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3625
-# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0
-# Patched in kernel since v6.0 6b4db2e528f650c7fb712961aac36455468d5902
-# Backported in version v5.4.211 1ad4ba9341f15412cf86dc6addbb73871a10212f
-# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33
-# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301
-# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9
-CVE_CHECK_IGNORE += "CVE-2022-3625"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3629
-# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238
-# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d
-# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d
-# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50
-# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795
-# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72
-CVE_CHECK_IGNORE += "CVE-2022-3629"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3630
-# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da
-# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1
-# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b
-CVE_CHECK_IGNORE += "CVE-2022-3630"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3633
-# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c
-# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6
-# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93
-# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027
-# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2
-# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de
-CVE_CHECK_IGNORE += "CVE-2022-3633"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3635
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b
-# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253
-# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e
-# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4
-# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835
-CVE_CHECK_IGNORE += "CVE-2022-3635"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3636
-# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7
-# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6
-CVE_CHECK_IGNORE += "CVE-2022-3636"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3640
-# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0
-# Breaking commit backported in v5.4.209 098e07ef0059296e710a801cdbd74b59016e6624
-# Breaking commit backported in v5.10.135 de5d4654ac6c22b1be756fdf7db18471e7df01ea
-# Breaking commit backported in v5.15.59 f32d5615a78a1256c4f557ccc6543866e75d03f4
-# Patched in kernel since v6.1 0d0e2d032811280b927650ff3c15fe5020e82533
-# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab
-# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd
-# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a
-CVE_CHECK_IGNORE += "CVE-2022-3640"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3646
-# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453
-# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306
-# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393
-# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee
-# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc
-# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570
-CVE_CHECK_IGNORE += "CVE-2022-3646"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3649
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09
-# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926
-# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652
-# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006
-# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4
-CVE_CHECK_IGNORE += "CVE-2022-3649"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-4382
-# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191
-# Patched in kernel since v6.2-rc5 d18dcfe9860e842f394e37ba01ca9440ab2178f4
-# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae
-# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4
-# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9
-# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3
-CVE_CHECK_IGNORE += "CVE-2022-4382"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-26365
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7
-# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506
-# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1
-# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9
-CVE_CHECK_IGNORE += "CVE-2022-26365"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-33740
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010
-# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14
-# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404
-# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961
-CVE_CHECK_IGNORE += "CVE-2022-33740"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-33741
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e
-# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd
-# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca
-# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49
-CVE_CHECK_IGNORE += "CVE-2022-33741"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-33742
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9
-# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997
-# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6
-# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3
-CVE_CHECK_IGNORE += "CVE-2022-33742"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-42895
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e
-# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422
-# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7
-# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89
-CVE_CHECK_IGNORE += "CVE-2022-42895"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2022-42896
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v6.1 711f8c3fb3db61897080468586b970c87c61d9e4
-# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b
-# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476
-# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a
-CVE_CHECK_IGNORE += "CVE-2022-42896"
+CVE_STATUS_KERNEL_2022 = "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \
+                          CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \
+                          CVE-2022-0995 CVE-2022-0998 CVE-2022-1011 CVE-2022-1015 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 \
+                          CVE-2022-1353 CVE-2022-24122 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25258 CVE-2022-25265 \
+                          CVE-2022-25375 CVE-2022-26490 CVE-2022-26878 CVE-2022-26966 CVE-2022-27223 CVE-2022-27666 CVE-2022-27950 \
+                          CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \
+                          CVE-2022-29582 CVE-2022-29968"
+CVE_STATUS_KERNEL_2022[status] = "ignored"
 
 
-# 2023
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-0179
-# Patched in kernel since v6.2 696e1a48b1a1b01edad542a1ef293665864a4dd0
-# Backported in version v5.10.164 550efeff989b041f3746118c0ddd863c39ddc1aa
-# Backported in version v5.15.89 a8acfe2c6fb99f9375a9325807a179cd8c32e6e3
-# Backported in version v6.1.7 76ef74d4a379faa451003621a84e3498044e7aa3
-CVE_CHECK_IGNORE += "CVE-2023-0179"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-0266
-# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e
-# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c
-# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1
-CVE_CHECK_IGNORE += "CVE-2023-0266"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-0394
-# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251
-# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17
-# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d
-# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5
-# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf
-# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
-CVE_CHECK_IGNORE += "CVE-2023-0394"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-0461
-# Introduced in version v4.13 734942cc4ea6478eed125af258da1bdbb4afe578
-# Patched in kernel since v6.2 2c02d41d71f90a5168391b6a5f2954112ba2307c
-# Backported in version v5.4.229 c6d29a5ffdbc362314853462a0e24e63330a654d
-# Backported in version v5.10.163 f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0
-# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6
-# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c
-CVE_CHECK_IGNORE += "CVE-2023-0461"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-0386
-# Introduced in 5.11 459c7c565ac36ba09ffbf24231147f408fde4203
-# Patched in kernel v6.2 4f11ada10d0ad3fd53e2bd67806351de63a4f9c3
-# Backported in version 6.1.9 42fea1c35254c49cce07c600d026cbc00c6d3c81
-# Backported in version 5.15.91 e91308e63710574c4b6a0cadda3e042a3699666e
-CVE_CHECK_IGNORE += "CVE-2023-0386"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1073
-# Introduced in v3.16 1b15d2e5b8077670b1e6a33250a0d9577efff4a5
-# Patched in kernel v6.2 b12fece4c64857e5fab4290bf01b2e0317a88456
-# Backported in version 5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58
-# Backported in version 5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64
-# Backported in version 6.1.9 cdcdc0531a51659527fea4b4d064af343452062d
-CVE_CHECK_IGNORE += "CVE-2023-1073"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1074
-# Patched in kernel v6.2 458e279f861d3f61796894cd158b780765a1569f
-# Backported in version 5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32
-# Backported in version 6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3
-CVE_CHECK_IGNORE += "CVE-2023-1074"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1076
-# Patched in kernel v6.3 a096ccca6e503a5c575717ff8a36ace27510ab0a
-# Backported in version v5.4.235 d92d87000eda9884d49f1acec1c1fccd63cd9b11
-# Backported in version v5.10.173 9a31af61f397500ccae49d56d809b2217d1e2178
-# Backported in version v5.15.99 67f9f02928a34aad0a2c11dab5eea269f5ecf427
-# Backported in version v6.1.16 b4ada752eaf1341f47bfa3d8ada377eca75a8d44
-# Backported in version v6.2.3 4aa4b4b3b3e9551c4de2bf2987247c28805fb8f6
-CVE_CHECK_IGNORE += "CVE-2023-1076"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1077
-# Patched in kernel 6.3rc1 7c4a5b89a0b5a57a64b601775b296abf77a9fe97
-# Backported in version 5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7
-# Backported in version 6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3
-CVE_CHECK_IGNORE += "CVE-2023-1077"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1078
-# Patched in kernel 6.2 f753a68980cf4b59a80fe677619da2b1804f526d
-# Backported in version 5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba
-# Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3
-CVE_CHECK_IGNORE += "CVE-2023-1078"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1079
-# Patched in kernel since v6.3-rc1 4ab3a086d10eeec1424f2e8a968827a6336203df
-# Backported in version v5.4.235 dd08e68d04d08d2f42b09162c939a0b0841216cc
-# Backported in version v5.10.173 21a2eec4a440060a6eb294dc890eaf553101ba09
-# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138
-# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e
-# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540
-CVE_CHECK_IGNORE += "CVE-2023-1079"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1118
-# Introduced in version v2.6.36 9ea53b74df9c4681f5bb2da6b2e10e37d87ea6d6
-# Patched in kernel since v6.3-rc1 29b0589a865b6f66d141d79b2dd1373e4e50fe17
-# Backported in version v5.4.235 d120334278b370b6a1623a75ebe53b0c76cb247c
-# Backported in version v5.10.173 78da5a378bdacd5bf68c3a6389bdc1dd0c0f5b3c
-# Backported in version v5.15.99 29962c478e8b2e6a6154d8d84b8806dbe36f9c28
-# Backported in version v6.1.16 029c1410e345ce579db5c007276340d072aac54a
-# Backported in version v6.2.3 182ea492aae5b64067277e60a4ea5995c4628555
-CVE_CHECK_IGNORE += "CVE-2023-1118"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1281
-# Introduced in version v4.14 9b0d4446b56904b59ae3809913b0ac760fa941a6
-# Patched in kernel since v6.2 ee059170b1f7e94e55fa6cadee544e176a6e59c2
-# Backported in version v5.10.169 eb8e9d8572d1d9df17272783ad8a84843ce559d4
-# Backported in version v5.15.95 becf55394f6acb60dd60634a1c797e73c747f9da
-# Backported in version v6.1.13 bd662ba56187b5ef8a62a3511371cd38299a507f
-CVE_CHECK_IGNORE += "CVE-2023-1281"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1513
-# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952
-# Backported in version v5.4.232 9f95a161a7deef62d6d2f57b1a69f94e0546d8d8
-# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107
-# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8
-# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb
-CVE_CHECK_IGNORE += "CVE-2023-1513"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1652
-# Patched in kernel since v6.2 e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd
-# Backported in version v5.15.91 0a27dcd5343026ac0cb168ee63304255372b7a36
-# Backported in version v6.1.9 32d5eb95f8f0e362e37c393310b13b9e95404560
-# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1652
-# Ref: Debian kernel-sec team: https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/retired/CVE-2023-1652
-CVE_CHECK_IGNORE += "CVE-2023-1652"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-1829
-# Patched in kernel since v6.3-rc1 8c710f75256bb3cf05ac7b1672c82b92c43f3d28
-# Backported in version v5.4.235 7a6fb69bbcb21e9ce13bdf18c008c268874f0480
-# Backported in version v5.10.173 18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6
-# Backported in version v5.15.100 7c183dc0af472dec33d2c0786a5e356baa8cad19
-# Backported in version v6.1.18 3abebc503a5148072052c229c6b04b329a420ecd
-# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd
-# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1829
-# Ref: Debian kernel-sec team : https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/active/CVE-2023-1829
-CVE_CHECK_IGNORE += "CVE-2023-1829"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-23005
-# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b
-# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee
-# But, the CVE is disputed:
-# > NOTE: this is disputed by third parties because there are no realistic cases
-# > in which a user can cause the alloc_memory_type error case to be reached.
-# See: https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2
-# We can safely ignore it.
-CVE_CHECK_IGNORE += "CVE-2023-23005"
-
-# https://nvd.nist.gov/vuln/detail/CVE-2023-28466
-# Introduced in version v4.13 3c4d7559159bfe1e3b94df3a657b2cda3a34e218
-# Patched in kernel since v6.3-rc2 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962
-# Backported in version v5.15.105 0b54d75aa43a1edebc8a3770901f5c3557ee0daa
-# Backported in version v6.1.20 14c17c673e1bba08032d245d5fb025d1cbfee123
-# Backported in version v6.2.7 5231fa057bb0e52095591b303cf95ebd17bc62ce
-CVE_CHECK_IGNORE += "CVE-2023-28466"
-
-# Wrong CPE in NVD database
 # https://nvd.nist.gov/vuln/detail/CVE-2022-3563
 # https://nvd.nist.gov/vuln/detail/CVE-2022-3637
-# Those issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git
-CVE_CHECK_IGNORE += "CVE-2022-3563 CVE-2022-3637"
+CVE_STATUS[CVE-2022-3563] = "cpe-incorrect: This issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git"
+CVE_STATUS[CVE-2022-3637] = "cpe-incorrect: This issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git"
 
-# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255
-# There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
-# qemu maintainers say the patch is incorrect and should not be applied
-# Ignore from OE's perspectivee as the issue is of low impact, at worst sitting in an infinite loop rather than exploitable
-CVE_CHECK_IGNORE += "CVE-2021-20255"
+# qemu:qemu-native:qemu-system-native https://nvd.nist.gov/vuln/detail/CVE-2021-20255
+CVE_STATUS[CVE-2021-20255] = "upstream-wontfix: \
+There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html \
+qemu maintainers say the patch is incorrect and should not be applied \
+The issue is of low impact, at worst sitting in an infinite loop rather than exploitable."
 
-# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067
-# There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can
-# still be reproduced or where exactly any bug is.
-# Ignore from OE's perspective as we'll pick up any fix when upstream accepts one.
-CVE_CHECK_IGNORE += "CVE-2019-12067"
+# qemu:qemu-native:qemu-system-native https://nvd.nist.gov/vuln/detail/CVE-2019-12067
+CVE_STATUS[CVE-2019-12067] = "upstream-wontfix: \
+There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can \
+still be reproduced or where exactly any bug is. \
+We'll pick up any fix when upstream accepts one."
 
-# nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974
-# It is a fuzzing related buffer overflow. It is of low impact since most devices
-# wouldn't expose an assembler. The upstream is inactive and there is little to be
-# done about the bug, ignore from an OE perspective.
-CVE_CHECK_IGNORE += "CVE-2020-18974"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-0459
-# Fixed in 6.1.14 onwards
-CVE_CHECK_IGNORE += "CVE-2023-0459"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-0615
-# Fixed in 6.1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-0615"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-1380
-# Fixed in 6.1.27
-CVE_CHECK_IGNORE += "CVE-2023-1380"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-1611
-# Fixed in 6.1.23
-CVE_CHECK_IGNORE += "CVE-2023-1611"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-1855
-# Fixed in 6.1.21
-CVE_CHECK_IGNORE += "CVE-2023-1855"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-1859
-# Fixed in 6.1.25
-CVE_CHECK_IGNORE += "CVE-2023-1859"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-1989
-# Fixed in 6.1.22
-CVE_CHECK_IGNORE += "CVE-2023-1989"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-1990
-# Fixed in 6.1.21
-CVE_CHECK_IGNORE += "CVE-2023-1990"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-1999
-# Fixed in 6.1.16
-CVE_CHECK_IGNORE += "CVE-2023-1998"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-2002
-# Fixed in 6.1.27
-CVE_CHECK_IGNORE += "CVE-2023-2002"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-2156
-# Fixed in 6.1.26
-CVE_CHECK_IGNORE += "CVE-2023-2156"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-2162
-# Fixed in 6.1.11
-CVE_CHECK_IGNORE += "CVE-2023-2162"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-2194
-# Fixed with 6.1.22
-CVE_CHECK_IGNORE += "CVE-2023-2194"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-2235
-# Fixed with 6.1.21
-CVE_CHECK_IGNORE += "CVE-2023-2235"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-28328
-# Fixed with 6.1.2
-CVE_CHECK_IGNORE += "CVE-2023-28328"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-2985
-# Fixed in 6.1.16
-CVE_CHECK_IGNORE += "CVE-2023-2985"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-28866
-# Fixed with 6.1.22
-CVE_CHECK_IGNORE += "CVE-2023-28866"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-30456
-# Fixed with 6.1.21
-CVE_CHECK_IGNORE += "CVE-2023-30456"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-30772
-# Fixed with 6.1.22
-CVE_CHECK_IGNORE += "CVE-2023-30772"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-31436
-# Fixed with 6.1.26
-CVE_CHECK_IGNORE += "CVE-2023-31436"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-32233
-# Fixed with 6.1.28
-CVE_CHECK_IGNORE += "CVE-2023-32233"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-33203
-# Fixed with 6.1.22
-CVE_CHECK_IGNORE += "CVE-2023-33203"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-33288
-# Fixed with 6.1.22
-CVE_CHECK_IGNORE += "CVE-2023-33288"
-
-# https://www.linuxkernelcves.com/cves/CVE-2023-34256
-# Fixed in 6.1.29
-CVE_CHECK_IGNORE += "CVE-2023-34256"
-
-# Backported to 6.1.30 as 9a342d4
-CVE_CHECK_IGNORE += "CVE-2023-3141"
+# nasm:nasm-native https://nvd.nist.gov/vuln/detail/CVE-2020-18974
+CVE_STATUS[CVE-2020-18974] = "upstream-wontfix: \
+It is a fuzzing related buffer overflow. It is of low impact since most devices
+wouldn't expose an assembler. The upstream is inactive and there is little to be
+done about the bug, ignore from an OE perspective."
diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc
index 9bb5c52..6e82e94 100644
--- a/poky/meta/conf/distro/include/maintainers.inc
+++ b/poky/meta/conf/distro/include/maintainers.inc
@@ -127,7 +127,6 @@
 RECIPE_MAINTAINER:pn-cryptodev-tests = "Robert Yang <liezhi.yang@windriver.com>"
 RECIPE_MAINTAINER:pn-cups = "Chen Qi <Qi.Chen@windriver.com>"
 RECIPE_MAINTAINER:pn-curl = "Robert Joslyn <robert.joslyn@redrectangle.org>"
-RECIPE_MAINTAINER:pn-cve-update-db-native = "Ross Burton <ross.burton@arm.com>"
 RECIPE_MAINTAINER:pn-cve-update-nvd2-native = "Ross Burton <ross.burton@arm.com>"
 RECIPE_MAINTAINER:pn-cwautomacros = "Ross Burton <ross.burton@arm.com>"
 RECIPE_MAINTAINER:pn-db = "Unassigned <unassigned@yoctoproject.org>"
@@ -322,7 +321,6 @@
 RECIPE_MAINTAINER:pn-libcroco = "Anuj Mittal <anuj.mittal@intel.com>"
 RECIPE_MAINTAINER:pn-libdaemon = "Alexander Kanavin <alex.kanavin@gmail.com>"
 RECIPE_MAINTAINER:pn-libdazzle = "Alexander Kanavin <alex.kanavin@gmail.com>"
-RECIPE_MAINTAINER:pn-libdmx = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-libdnf = "Alexander Kanavin <alex.kanavin@gmail.com>"
 RECIPE_MAINTAINER:pn-libdrm = "Otavio Salvador <otavio.salvador@ossystems.com.br>"
 RECIPE_MAINTAINER:pn-libedit = "Khem Raj <raj.khem@gmail.com>"
@@ -664,7 +662,7 @@
 RECIPE_MAINTAINER:pn-python3-pycairo = "Zang Ruochen <zangruochen@loongson.cn>"
 RECIPE_MAINTAINER:pn-python3-pycparser = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-pyelftools = "Joshua Watt <JPEWhacker@gmail.com>"
-RECIPE_MAINTAINER:pn-python3-pygments = "Unassigned <unassigned@yoctoproject.org>"
+RECIPE_MAINTAINER:pn-python3-pygments = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-pygobject = "Zang Ruochen <zangruochen@loongson.cn>"
 RECIPE_MAINTAINER:pn-python3-pyopenssl = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-pyparsing = "Unassigned <unassigned@yoctoproject.org>"
@@ -847,6 +845,7 @@
 RECIPE_MAINTAINER:pn-xauth = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-xcb-proto = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-xcb-util = "Unassigned <unassigned@yoctoproject.org>"
+RECIPE_MAINTAINER:pn-xcb-util-cursor = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-xcb-util-image = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-xcb-util-keysyms = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-xcb-util-renderutil = "Unassigned <unassigned@yoctoproject.org>"
diff --git a/poky/meta/conf/distro/include/ptest-packagelists.inc b/poky/meta/conf/distro/include/ptest-packagelists.inc
index da9153b..6250cf0 100644
--- a/poky/meta/conf/distro/include/ptest-packagelists.inc
+++ b/poky/meta/conf/distro/include/ptest-packagelists.inc
@@ -99,6 +99,7 @@
     libgcrypt \
     libmodule-build-perl \
     lttng-tools \
+    mdadm \
     openssh \
     openssl \
     parted \
@@ -122,7 +123,6 @@
 #    rt-tests \ # Needs to be checked whether it runs at all
 #    bash \ # Test outcomes are non-deterministic by design
 #    ifupdown \ # Tested separately in lib/oeqa/selftest/cases/imagefeatures.py
-#    mdadm \ # Tests rely on non-deterministic sleep() amounts
 #    libinput \ # Tests need an unloaded system to be reliable
 #    libpam \ # Needs pam DISTRO_FEATURE
 #    numactl \ # qemu not (yet) configured for numa; all tests are skipped
@@ -134,7 +134,6 @@
     rt-tests \
     bash \
     ifupdown \
-    mdadm \
     libinput \
     libpam \
     libseccomp \
diff --git a/poky/meta/conf/distro/include/tcmode-default.inc b/poky/meta/conf/distro/include/tcmode-default.inc
index 0b33e61..18daf44 100644
--- a/poky/meta/conf/distro/include/tcmode-default.inc
+++ b/poky/meta/conf/distro/include/tcmode-default.inc
@@ -21,7 +21,7 @@
 BINUVERSION ?= "2.40%"
 GDBVERSION ?= "13.%"
 GLIBCVERSION ?= "2.37"
-LINUXLIBCVERSION ?= "6.1%"
+LINUXLIBCVERSION ?= "6.4%"
 QEMUVERSION ?= "8.0%"
 GOVERSION ?= "1.20%"
 LLVMVERSION ?= "16.%"
diff --git a/poky/meta/conf/distro/include/time64.inc b/poky/meta/conf/distro/include/time64.inc
index 78569de..bc0c722 100644
--- a/poky/meta/conf/distro/include/time64.inc
+++ b/poky/meta/conf/distro/include/time64.inc
@@ -27,20 +27,25 @@
 GLIBC_64BIT_TIME_FLAGS:pn-pipewire = ""
 # Pulseaudio override certain LFS64 functions e.g. open64 and intentionally
 # undefines _FILE_OFFSET_BITS, which wont work when _TIME_BITS=64 is set
+# See https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/3770
 GLIBC_64BIT_TIME_FLAGS:pn-pulseaudio = ""
+# Undefines _FILE_OFFSET_BITS on purpose in
+# libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cpp
 GLIBC_64BIT_TIME_FLAGS:pn-gcc-sanitizers = ""
+# https://github.com/strace/strace/issues/250
+GLIBC_64BIT_TIME_FLAGS:pn-strace = ""
 
-INSANE_SKIP:append:pn-cargo = " 32bit-time"
+# Caused by the flags exceptions above
 INSANE_SKIP:append:pn-gcc-sanitizers = " 32bit-time"
 INSANE_SKIP:append:pn-glibc = " 32bit-time"
 INSANE_SKIP:append:pn-glibc-tests = " 32bit-time"
-INSANE_SKIP:append:pn-librsvg = " 32bit-time"
-INSANE_SKIP:append:pn-libstd-rs = " 32bit-time"
-INSANE_SKIP:append:pn-pseudo = " 32bit-time"
 INSANE_SKIP:append:pn-pulseaudio = " 32bit-time"
-INSANE_SKIP:append:pn-python3-bcrypt = " 32bit-time"
-INSANE_SKIP:append:pn-python3-cryptography = " 32bit-time"
-INSANE_SKIP:append:pn-rust = " 32bit-time"
-INSANE_SKIP:append:pn-rust-hello-world = " 32bit-time"
+
+# Strace has tests that call 32 bit API directly, which is fair enough, e.g.
+# /usr/lib/strace/ptest/tests/ioctl_termios uses 32-bit api 'ioctl'
 INSANE_SKIP:append:pn-strace = " 32bit-time"
 
+# Additionally cargo_common class (i.e. everything written in rust)
+# has the same INSANE_SKIP setting.
+# Please check the comment in meta/classes-recipe/cargo_common.bbclass
+# for information about why, and the overall Y2038 situation in rust.
diff --git a/poky/meta/conf/machine/include/arm/arch-arm64.inc b/poky/meta/conf/machine/include/arm/arch-arm64.inc
index 0e2efb5..832d000 100644
--- a/poky/meta/conf/machine/include/arm/arch-arm64.inc
+++ b/poky/meta/conf/machine/include/arm/arch-arm64.inc
@@ -37,3 +37,8 @@
 TUNE_PKGARCH = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${TUNE_PKGARCH_64}', '${TUNE_PKGARCH_32}', d)}"
 ABIEXTENSION = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${ABIEXTENSION_64}', '${ABIEXTENSION_32}', d)}"
 TARGET_FPU = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${TARGET_FPU_64}', '${TARGET_FPU_32}', d)}"
+
+# Emit branch protection (PAC/BTI) instructions.  On hardware that doesn't
+# support these they're meaningless NOP instructions, so there's very little
+# reason not to.
+TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', ' -mbranch-protection=standard', '', d)}"
diff --git a/poky/meta/conf/machine/qemuarm.conf b/poky/meta/conf/machine/qemuarm.conf
index aa9ce88..75cfbaf 100644
--- a/poky/meta/conf/machine/qemuarm.conf
+++ b/poky/meta/conf/machine/qemuarm.conf
@@ -29,4 +29,8 @@
 QB_SERIAL_OPT = "-device virtio-serial-device -chardev null,id=virtcon -device virtconsole,chardev=virtcon"
 QB_TCPSERIAL_OPT = "-device virtio-serial-device -chardev socket,id=virtcon,port=@PORT@,host=127.0.0.1 -device virtconsole,chardev=virtcon"
 
+# 6.4 causes Xorg to fail to read the virtio framebuffer so stick with 6.1 until
+# that is resolved.
+PREFERRED_VERSION_linux-yocto ??= "6.1%"
+
 KMACHINE:qemuarm = "qemuarma15"
diff --git a/poky/meta/lib/oe/cve_check.py b/poky/meta/lib/oe/cve_check.py
index dbaa0b3..5bf3caa 100644
--- a/poky/meta/lib/oe/cve_check.py
+++ b/poky/meta/lib/oe/cve_check.py
@@ -130,6 +130,13 @@
         if not fname_match and not text_match:
             bb.debug(2, "Patch %s doesn't solve CVEs" % patch_file)
 
+    # Search for additional patched CVEs
+    for cve in (d.getVarFlags("CVE_STATUS") or {}):
+        decoded_status, _, _ = decode_cve_status(d, cve)
+        if decoded_status == "Patched":
+            bb.debug(2, "CVE %s is additionally patched" % cve)
+            patched_cves.add(cve)
+
     return patched_cves
 
 
@@ -218,3 +225,21 @@
 
     return version + update
 
+def decode_cve_status(d, cve):
+    """
+    Convert CVE_STATUS into status, detail and description.
+    """
+    status = d.getVarFlag("CVE_STATUS", cve)
+    if status is None:
+        return ("", "", "")
+
+    status_split = status.split(':', 1)
+    detail = status_split[0]
+    description = status_split[1].strip() if (len(status_split) > 1) else ""
+
+    status_mapping = d.getVarFlag("CVE_CHECK_STATUSMAP", detail)
+    if status_mapping is None:
+        bb.warn('Invalid detail %s for CVE_STATUS[%s] = "%s", fallback to Unpatched' % (detail, cve, status))
+        status_mapping = "Unpatched"
+
+    return (status_mapping, detail, description)
diff --git a/poky/meta/lib/oe/package_manager/rpm/rootfs.py b/poky/meta/lib/oe/package_manager/rpm/rootfs.py
index d4c415f..3ba5396 100644
--- a/poky/meta/lib/oe/package_manager/rpm/rootfs.py
+++ b/poky/meta/lib/oe/package_manager/rpm/rootfs.py
@@ -110,7 +110,7 @@
         if self.progress_reporter:
             self.progress_reporter.next_stage()
 
-        self._setup_dbg_rootfs(['/etc', '/var/lib/rpm', '/var/cache/dnf', '/var/lib/dnf'])
+        self._setup_dbg_rootfs(['/etc/rpm', '/etc/rpmrc', '/etc/dnf', '/var/lib/rpm', '/var/cache/dnf', '/var/lib/dnf'])
 
         execute_pre_post_process(self.d, rpm_post_process_cmds)
 
diff --git a/poky/meta/lib/oe/rootfs.py b/poky/meta/lib/oe/rootfs.py
index 890ba5f..1a48ed1 100644
--- a/poky/meta/lib/oe/rootfs.py
+++ b/poky/meta/lib/oe/rootfs.py
@@ -106,7 +106,7 @@
     def _cleanup(self):
         pass
 
-    def _setup_dbg_rootfs(self, dirs):
+    def _setup_dbg_rootfs(self, package_paths):
         gen_debugfs = self.d.getVar('IMAGE_GEN_DEBUGFS') or '0'
         if gen_debugfs != '1':
            return
@@ -122,11 +122,12 @@
         bb.utils.mkdirhier(self.image_rootfs)
 
         bb.note("  Copying back package database...")
-        for dir in dirs:
-            if not os.path.isdir(self.image_rootfs + '-orig' + dir):
-                continue
-            bb.utils.mkdirhier(self.image_rootfs + os.path.dirname(dir))
-            shutil.copytree(self.image_rootfs + '-orig' + dir, self.image_rootfs + dir, symlinks=True)
+        for path in package_paths:
+            bb.utils.mkdirhier(self.image_rootfs + os.path.dirname(path))
+            if os.path.isdir(self.image_rootfs + '-orig' + path):
+                shutil.copytree(self.image_rootfs + '-orig' + path, self.image_rootfs + path, symlinks=True)
+            elif os.path.isfile(self.image_rootfs + '-orig' + path):
+                shutil.copyfile(self.image_rootfs + '-orig' + path, self.image_rootfs + path)
 
         # Copy files located in /usr/lib/debug or /usr/src/debug
         for dir in ["/usr/lib/debug", "/usr/src/debug"]:
@@ -162,6 +163,13 @@
             bb.note("  Install extra debug packages...")
             self.pm.install(extra_debug_pkgs.split(), True)
 
+        bb.note("  Removing package database...")
+        for path in package_paths:
+            if os.path.isdir(self.image_rootfs + path):
+                shutil.rmtree(self.image_rootfs + path)
+            elif os.path.isfile(self.image_rootfs + path):
+                os.remove(self.image_rootfs + path)
+
         bb.note("  Rename debug rootfs...")
         try:
             shutil.rmtree(self.image_rootfs + '-dbg')
diff --git a/poky/meta/lib/oeqa/core/target/qemu.py b/poky/meta/lib/oeqa/core/target/qemu.py
index 79fd724..6893d10 100644
--- a/poky/meta/lib/oeqa/core/target/qemu.py
+++ b/poky/meta/lib/oeqa/core/target/qemu.py
@@ -22,7 +22,7 @@
 class OEQemuTarget(OESSHTarget):
     def __init__(self, logger, server_ip, timeout=300, user='root',
             port=None, machine='', rootfs='', kernel='', kvm=False, slirp=False,
-            dump_dir='', dump_host_cmds='', display='', bootlog='',
+            dump_dir='', display='', bootlog='',
             tmpdir='', dir_image='', boottime=60, serial_ports=2,
             boot_patterns = defaultdict(str), ovmf=False, tmpfsdir=None, **kwargs):
 
@@ -44,8 +44,7 @@
         self.runner = QemuRunner(machine=machine, rootfs=rootfs, tmpdir=tmpdir,
                                  deploy_dir_image=dir_image, display=display,
                                  logfile=bootlog, boottime=boottime,
-                                 use_kvm=kvm, use_slirp=slirp, dump_dir=dump_dir,
-                                 dump_host_cmds=dump_host_cmds, logger=logger,
+                                 use_kvm=kvm, use_slirp=slirp, dump_dir=dump_dir, logger=logger,
                                  serial_ports=serial_ports, boot_patterns = boot_patterns, 
                                  use_ovmf=ovmf, tmpfsdir=tmpfsdir)
         dump_monitor_cmds = kwargs.get("testimage_dump_monitor")
diff --git a/poky/meta/lib/oeqa/runtime/cases/ltp.py b/poky/meta/lib/oeqa/runtime/cases/ltp.py
index a66d5d1..29c26d7 100644
--- a/poky/meta/lib/oeqa/runtime/cases/ltp.py
+++ b/poky/meta/lib/oeqa/runtime/cases/ltp.py
@@ -65,29 +65,34 @@
     ltp_groups += ltp_fs
 
     def runltp(self, ltp_group):
-            cmd = '/opt/ltp/runltp -f %s -p -q -r /opt/ltp -l /opt/ltp/results/%s -I 1 -d /opt/ltp' % (ltp_group, ltp_group)
+            # LTP appends to log files, so ensure we start with a clean log
+            self.target.deleteFiles("/opt/ltp/results/", ltp_group)
+
+            cmd = '/opt/ltp/runltp -f %s -q -r /opt/ltp -l /opt/ltp/results/%s -I 1 -d /opt/ltp' % (ltp_group, ltp_group)
+
             starttime = time.time()
             (status, output) = self.target.run(cmd)
             endtime = time.time()
 
+            # Write the console log to disk for convenience
             with open(os.path.join(self.ltptest_log_dir, "%s-raw.log" % ltp_group), 'w') as f:
                 f.write(output)
 
+            # Also put the console log into the test result JSON
             self.extras['ltpresult.rawlogs']['log'] = self.extras['ltpresult.rawlogs']['log'] + output
 
-            # copy nice log from DUT
-            dst = os.path.join(self.ltptest_log_dir, "%s" %  ltp_group )
+            # Copy the machine-readable test results locally so we can parse it
+            dst = os.path.join(self.ltptest_log_dir, ltp_group)
             remote_src = "/opt/ltp/results/%s" % ltp_group 
             (status, output) = self.target.copyFrom(remote_src, dst, True)
-            msg = 'File could not be copied. Output: %s' % output
             if status:
+                msg = 'File could not be copied. Output: %s' % output
                 self.target.logger.warning(msg)
 
             parser = LtpParser()
             results, sections  = parser.parse(dst)
 
-            runtime = int(endtime-starttime)
-            sections['duration'] = runtime
+            sections['duration'] = int(endtime-starttime)
             self.sections[ltp_group] =  sections
 
             failed_tests = {}
diff --git a/poky/meta/lib/oeqa/runtime/cases/rpm.py b/poky/meta/lib/oeqa/runtime/cases/rpm.py
index fa86eb0..a4ba4e6 100644
--- a/poky/meta/lib/oeqa/runtime/cases/rpm.py
+++ b/poky/meta/lib/oeqa/runtime/cases/rpm.py
@@ -59,8 +59,8 @@
                     return
                 time.sleep(1)
             user_pss = [ps for ps in output.split("\n") if u + ' ' in ps]
-            msg = "There're %s 's process(es) still running: %s".format(u, "\n".join(user_pss))
-            assertTrue(True, msg=msg)
+            msg = "User %s has processes still running: %s" % (u, "\n".join(user_pss))
+            self.fail(msg=msg)
 
         def unset_up_test_user(u):
             # ensure no test1 process in running
diff --git a/poky/meta/lib/oeqa/runtime/context.py b/poky/meta/lib/oeqa/runtime/context.py
index 0c5d186..cb7227a 100644
--- a/poky/meta/lib/oeqa/runtime/context.py
+++ b/poky/meta/lib/oeqa/runtime/context.py
@@ -10,7 +10,6 @@
 from oeqa.core.context import OETestContext, OETestContextExecutor
 from oeqa.core.target.ssh import OESSHTarget
 from oeqa.core.target.qemu import OEQemuTarget
-from oeqa.utils.dump import HostDumper
 
 from oeqa.runtime.loader import OERuntimeTestLoader
 
@@ -20,12 +19,11 @@
                         os.path.dirname(os.path.abspath(__file__)), "files")
 
     def __init__(self, td, logger, target,
-                 host_dumper, image_packages, extract_dir):
+                 image_packages, extract_dir):
         super(OERuntimeTestContext, self).__init__(td, logger)
 
         self.target = target
         self.image_packages = image_packages
-        self.host_dumper = host_dumper
         self.extract_dir = extract_dir
         self._set_target_cmds()
 
@@ -199,10 +197,6 @@
 
         return image_packages
 
-    @staticmethod
-    def getHostDumper(cmds, directory):
-        return HostDumper(cmds, directory)
-
     def _process_args(self, logger, args):
         if not args.packages_manifest:
             raise TypeError('Manifest file not provided')
@@ -215,9 +209,6 @@
         self.tc_kwargs['init']['target'] = \
                 OERuntimeTestContextExecutor.getTarget(args.target_type,
                         None, args.target_ip, args.server_ip, **target_kwargs)
-        self.tc_kwargs['init']['host_dumper'] = \
-                OERuntimeTestContextExecutor.getHostDumper(None,
-                        args.host_dumper_dir)
         self.tc_kwargs['init']['image_packages'] = \
                 OERuntimeTestContextExecutor.readPackagesManifest(
                         args.packages_manifest)
diff --git a/poky/meta/lib/oeqa/selftest/cases/bblayers.py b/poky/meta/lib/oeqa/selftest/cases/bblayers.py
index b048948..8faa060 100644
--- a/poky/meta/lib/oeqa/selftest/cases/bblayers.py
+++ b/poky/meta/lib/oeqa/selftest/cases/bblayers.py
@@ -85,8 +85,9 @@
         result = runCmd('bitbake-layers show-recipes -i image')
         self.assertIn('core-image-minimal', result.output)
         self.assertNotIn('mtd-utils:', result.output)
-        result = runCmd('bitbake-layers show-recipes -i cmake,pkgconfig')
+        result = runCmd('bitbake-layers show-recipes -i meson,pkgconfig')
         self.assertIn('libproxy:', result.output)
+        result = runCmd('bitbake-layers show-recipes -i cmake,pkgconfig')
         self.assertNotIn('mtd-utils:', result.output) # doesn't inherit either
         self.assertNotIn('wget:', result.output) # doesn't inherit cmake
         self.assertNotIn('waffle:', result.output) # doesn't inherit pkgconfig
diff --git a/poky/meta/lib/oeqa/selftest/cases/cve_check.py b/poky/meta/lib/oeqa/selftest/cases/cve_check.py
index 9534c97..60cecd1 100644
--- a/poky/meta/lib/oeqa/selftest/cases/cve_check.py
+++ b/poky/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -207,18 +207,34 @@
             self.assertEqual(len(report["package"]), 1)
             package = report["package"][0]
             self.assertEqual(package["name"], "logrotate")
-            found_cves = { issue["id"]: issue["status"] for issue in package["issue"]}
+            found_cves = {}
+            for issue in package["issue"]:
+                found_cves[issue["id"]] = {
+                    "status" : issue["status"],
+                    "detail" : issue["detail"] if "detail" in issue else "",
+                    "description" : issue["description"] if "description" in issue else ""
+                }
             # m4 CVE should not be in logrotate
             self.assertNotIn("CVE-2008-1687", found_cves)
             # logrotate has both Patched and Ignored CVEs
             self.assertIn("CVE-2011-1098", found_cves)
-            self.assertEqual(found_cves["CVE-2011-1098"], "Patched")
+            self.assertEqual(found_cves["CVE-2011-1098"]["status"], "Patched")
+            self.assertEqual(len(found_cves["CVE-2011-1098"]["detail"]), 0)
+            self.assertEqual(len(found_cves["CVE-2011-1098"]["description"]), 0)
+            detail = "not-applicable-platform"
+            description = "CVE is debian, gentoo or SUSE specific on the way logrotate was installed/used"
             self.assertIn("CVE-2011-1548", found_cves)
-            self.assertEqual(found_cves["CVE-2011-1548"], "Ignored")
+            self.assertEqual(found_cves["CVE-2011-1548"]["status"], "Ignored")
+            self.assertEqual(found_cves["CVE-2011-1548"]["detail"], detail)
+            self.assertEqual(found_cves["CVE-2011-1548"]["description"], description)
             self.assertIn("CVE-2011-1549", found_cves)
-            self.assertEqual(found_cves["CVE-2011-1549"], "Ignored")
+            self.assertEqual(found_cves["CVE-2011-1549"]["status"], "Ignored")
+            self.assertEqual(found_cves["CVE-2011-1549"]["detail"], detail)
+            self.assertEqual(found_cves["CVE-2011-1549"]["description"], description)
             self.assertIn("CVE-2011-1550", found_cves)
-            self.assertEqual(found_cves["CVE-2011-1550"], "Ignored")
+            self.assertEqual(found_cves["CVE-2011-1550"]["status"], "Ignored")
+            self.assertEqual(found_cves["CVE-2011-1550"]["detail"], detail)
+            self.assertEqual(found_cves["CVE-2011-1550"]["description"], description)
 
         self.assertExists(summary_json)
         check_m4_json(summary_json)
diff --git a/poky/meta/lib/oeqa/selftest/cases/devtool.py b/poky/meta/lib/oeqa/selftest/cases/devtool.py
index 4c8e375..14a80d5 100644
--- a/poky/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/poky/meta/lib/oeqa/selftest/cases/devtool.py
@@ -366,6 +366,38 @@
             bindir = bindir[1:]
         self.assertTrue(os.path.isfile(os.path.join(installdir, bindir, 'pv')), 'pv binary not found in D')
 
+    def test_devtool_add_binary(self):
+        # Create a binary package containing a known test file
+        tempdir = tempfile.mkdtemp(prefix='devtoolqa')
+        self.track_for_cleanup(tempdir)
+        pn = 'tst-bin'
+        pv = '1.0'
+        test_file_dir     = "var/lib/%s/" % pn
+        test_file_name    = "test_file"
+        test_file_content = "TEST CONTENT"
+        test_file_package_root = os.path.join(tempdir, pn)
+        test_file_dir_full = os.path.join(test_file_package_root, test_file_dir)
+        bb.utils.mkdirhier(test_file_dir_full)
+        with open(os.path.join(test_file_dir_full, test_file_name), "w") as f:
+           f.write(test_file_content)
+        bin_package_path = os.path.join(tempdir, "%s.tar.gz" % pn)
+        runCmd("tar czf %s -C %s ." % (bin_package_path, test_file_package_root))
+
+        # Test devtool add -b on the binary package
+        self.track_for_cleanup(self.workspacedir)
+        self.add_command_to_tearDown('bitbake -c cleansstate %s' % pn)
+        self.add_command_to_tearDown('bitbake-layers remove-layer */workspace')
+        result = runCmd('devtool add  -b %s %s' % (pn, bin_package_path))
+        self.assertExists(os.path.join(self.workspacedir, 'conf', 'layer.conf'), 'Workspace directory not created')
+
+        # Build the resulting recipe
+        result = runCmd('devtool build %s' % pn)
+        installdir = get_bb_var('D', pn)
+        self.assertTrue(installdir, 'Could not query installdir variable')
+
+        # Check that a known file from the binary package has indeed been installed
+        self.assertTrue(os.path.isfile(os.path.join(installdir, test_file_dir, test_file_name)), '%s not found in D' % test_file_name)
+
     def test_devtool_add_git_local(self):
         # We need dbus built so that DEPENDS recognition works
         bitbake('dbus')
diff --git a/poky/meta/lib/oeqa/selftest/cases/distrodata.py b/poky/meta/lib/oeqa/selftest/cases/distrodata.py
index c83a3a7..111bd3c 100644
--- a/poky/meta/lib/oeqa/selftest/cases/distrodata.py
+++ b/poky/meta/lib/oeqa/selftest/cases/distrodata.py
@@ -92,7 +92,7 @@
 
         def is_maintainer_exception(entry):
             exceptions = ["musl", "newlib", "linux-yocto", "linux-dummy", "mesa-gl", "libgfortran", "libx11-compose-data",
-                          "cve-update-db-native","cve-update-nvd2-native",]
+                          "cve-update-nvd2-native",]
             for i in exceptions:
                  if i in entry:
                      return True
diff --git a/poky/meta/lib/oeqa/selftest/cases/fitimage.py b/poky/meta/lib/oeqa/selftest/cases/fitimage.py
index 7bc171e..9383d0c 100644
--- a/poky/meta/lib/oeqa/selftest/cases/fitimage.py
+++ b/poky/meta/lib/oeqa/selftest/cases/fitimage.py
@@ -33,6 +33,8 @@
 # RAM disk variables including load address and entrypoint for kernel and RAM disk
 IMAGE_FSTYPES += "cpio.gz"
 INITRAMFS_IMAGE = "core-image-minimal"
+# core-image-minimal is used as initramfs here, drop the rootfs suffix
+IMAGE_NAME_SUFFIX:pn-core-image-minimal = ""
 UBOOT_RD_LOADADDRESS = "0x88000000"
 UBOOT_RD_ENTRYPOINT = "0x88000000"
 UBOOT_LOADADDRESS = "0x80080000"
diff --git a/poky/meta/lib/oeqa/selftest/cases/glibc.py b/poky/meta/lib/oeqa/selftest/cases/glibc.py
index a446543..4ec4b85 100644
--- a/poky/meta/lib/oeqa/selftest/cases/glibc.py
+++ b/poky/meta/lib/oeqa/selftest/cases/glibc.py
@@ -28,7 +28,7 @@
             features.append('TOOLCHAIN_TEST_HOST_USER = "root"')
             features.append('TOOLCHAIN_TEST_HOST_PORT = "22"')
             # force single threaded test execution
-            features.append('EGLIBCPARALLELISM_task-check:pn-glibc-testsuite = "PARALLELMFLAGS="-j1""')
+            features.append('EGLIBCPARALLELISM:task-check:pn-glibc-testsuite = "PARALLELMFLAGS="-j1""')
         self.write_config("\n".join(features))
 
         bitbake("glibc-testsuite -c check")
diff --git a/poky/meta/lib/oeqa/selftest/cases/rust.py b/poky/meta/lib/oeqa/selftest/cases/rust.py
new file mode 100644
index 0000000..7a0fd70
--- /dev/null
+++ b/poky/meta/lib/oeqa/selftest/cases/rust.py
@@ -0,0 +1,90 @@
+# SPDX-License-Identifier: MIT
+import os
+import subprocess
+from oeqa.core.decorator import OETestTag
+from oeqa.core.case import OEPTestResultTestCase
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars, runqemu, Command
+from oeqa.utils.sshcontrol import SSHControl
+
+def parse_results(filename):
+    tests = {}
+    with open(filename, "r") as f:
+        lines = f.readlines()
+        for line in lines:
+            if "..." in line and "test [" in line:
+                test = line.split("test ")[1].split(" ... ")[0]
+                if "] " in test:
+                    test = test.split("] ", 1)[1]
+                result = line.split(" ... ")[1].strip()
+                if result == "ok":
+                    result = "PASS"
+                elif result == "failed":
+                    result = "FAIL"
+                elif "ignored" in result:
+                    result = "SKIPPED"
+                if test in tests:
+                    if tests[test] != result:
+                        print("Duplicate and mismatching result %s for %s" % (result, test))
+                    else:
+                        print("Duplicate result %s for %s" % (result, test))
+                else:
+                    tests[test] = result
+    return tests
+
+# Total time taken for testing is of about 2hr 20min, with PARALLEL_MAKE set to 40 number of jobs.
+@OETestTag("toolchain-system")
+@OETestTag("toolchain-user")
+@OETestTag("runqemu")
+class RustSelfTestSystemEmulated(OESelftestTestCase, OEPTestResultTestCase):
+    def test_rust(self, *args, **kwargs):
+        # build remote-test-server before image build
+        recipe = "rust"
+        bitbake("{} -c test_compile".format(recipe))
+        builddir = get_bb_var("RUSTSRC", "rust")
+        # build core-image-minimal with required packages
+        default_installed_packages = ["libgcc", "libstdc++", "libatomic", "libgomp"]
+        features = []
+        features.append('IMAGE_FEATURES += "ssh-server-dropbear"')
+        features.append('CORE_IMAGE_EXTRA_INSTALL += "{0}"'.format(" ".join(default_installed_packages)))
+        self.write_config("\n".join(features))
+        bitbake("core-image-minimal")
+        # wrap the execution with a qemu instance.
+        # Tests are run with 512 tasks in parallel to execute all tests very quickly
+        with runqemu("core-image-minimal", runqemuparams = "nographic", qemuparams = "-m 512") as qemu:
+            # Copy remote-test-server to image through scp
+            host_sys = get_bb_var("RUST_BUILD_SYS", "rust")
+            ssh = SSHControl(ip=qemu.ip, logfile=qemu.sshlog, user="root")
+            ssh.copy_to(builddir + "/build/" + host_sys + "/stage1-tools-bin/remote-test-server","~/")
+            # Execute remote-test-server on image through background ssh
+            command = '~/remote-test-server --bind 0.0.0.0:12345 -v'
+            sshrun=subprocess.Popen(("ssh", '-o',  'UserKnownHostsFile=/dev/null', '-o',  'StrictHostKeyChecking=no', '-f', "root@%s" % qemu.ip, command), shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+            # Get the values of variables.
+            tcpath = get_bb_var("TARGET_SYS", "rust")
+            targetsys = get_bb_var("RUST_TARGET_SYS", "rust")
+            rustlibpath = get_bb_var("WORKDIR", "rust")
+            tmpdir = get_bb_var("TMPDIR", "rust")
+
+            # Exclude the test folders that error out while building
+            # TODO: Fix the errors and include them for testing
+            # no-fail-fast: Run all tests regardless of failure.
+            # bless: First runs rustfmt to format the codebase,
+            # then runs tidy checks.
+            testargs = "--exclude tests/rustdoc --exclude src/tools/rust-analyzer  --exclude tests/rustdoc-json  --exclude tests/run-make-fulldeps --exclude src/tools/tidy --exclude src/tools/rustdoc-themes --exclude src/rustdoc-json-types --exclude src/librustdoc --exclude src/doc/unstable-book --exclude src/doc/rustdoc --exclude src/doc/rustc --exclude compiler/rustc --exclude library/panic_abort --exclude library/panic_unwind --exclude src/tools/lint-docs  --exclude tests/rustdoc-js-std --doc --no-fail-fast --bless"
+
+            # Set path for target-poky-linux-gcc, RUST_TARGET_PATH and hosttools.
+            cmd = " export PATH=%s/recipe-sysroot-native/usr/bin:$PATH;" % rustlibpath
+            cmd = cmd + " export TARGET_VENDOR=\"-poky\";"
+            cmd = cmd + " export PATH=%s/recipe-sysroot-native/usr/bin/%s:%s/hosttools:$PATH;" % (rustlibpath, tcpath, tmpdir)
+            cmd = cmd + " export RUST_TARGET_PATH=%s/rust-targets;" % rustlibpath
+            # Trigger testing.
+            cmd = cmd + " export TEST_DEVICE_ADDR=\"%s:12345\";" % qemu.ip
+            cmd = cmd + " cd %s; python3 src/bootstrap/bootstrap.py test %s --target %s > summary.txt 2>&1;" % (builddir, testargs, targetsys)
+            runCmd(cmd)
+
+            ptestsuite = "rust"
+            self.ptest_section(ptestsuite, logfile = builddir + "/summary.txt")
+            filename = builddir + "/summary.txt"
+            test_results = parse_results(filename)
+            for test in test_results:
+                self.ptest_result(ptestsuite, test, test_results[test])
diff --git a/poky/meta/lib/oeqa/targetcontrol.py b/poky/meta/lib/oeqa/targetcontrol.py
index d686fe0..e21655c 100644
--- a/poky/meta/lib/oeqa/targetcontrol.py
+++ b/poky/meta/lib/oeqa/targetcontrol.py
@@ -104,7 +104,6 @@
             self.kernel = os.path.join(d.getVar("DEPLOY_DIR_IMAGE"), d.getVar("KERNEL_IMAGETYPE", False) + '-' + d.getVar('MACHINE', False) + '.bin')
         self.qemulog = os.path.join(self.testdir, "qemu_boot_log.%s" % self.datetime)
         dump_target_cmds = d.getVar("testimage_dump_target")
-        dump_host_cmds = d.getVar("testimage_dump_host")
         dump_monitor_cmds = d.getVar("testimage_dump_monitor")
         dump_dir = d.getVar("TESTIMAGE_DUMP_DIR")
         if not dump_dir:
@@ -141,7 +140,6 @@
                             boottime = int(d.getVar("TEST_QEMUBOOT_TIMEOUT")),
                             use_kvm = use_kvm,
                             dump_dir = dump_dir,
-                            dump_host_cmds = dump_host_cmds,
                             logger = logger,
                             tmpfsdir = d.getVar("RUNQEMU_TMPFS_DIR"),
                             serial_ports = len(d.getVar("SERIAL_CONSOLES").split()))
diff --git a/poky/meta/lib/oeqa/utils/dump.py b/poky/meta/lib/oeqa/utils/dump.py
index d420b49..d4d2713 100644
--- a/poky/meta/lib/oeqa/utils/dump.py
+++ b/poky/meta/lib/oeqa/utils/dump.py
@@ -51,9 +51,7 @@
         self.dump_dir = dump_dir
 
     def _construct_filename(self, command):
-        if isinstance(self, HostDumper):
-            prefix = "host"
-        elif isinstance(self, TargetDumper):
+        if isinstance(self, TargetDumper):
             prefix = "target"
         elif isinstance(self, MonitorDumper):
             prefix = "qmp"
@@ -76,22 +74,6 @@
             with open(fullname, 'w') as dump_file:
                 dump_file.write(output)
 
-class HostDumper(BaseDumper):
-    """ Class to get dumps from the host running the tests """
-
-    def __init__(self, cmds, parent_dir):
-        super(HostDumper, self).__init__(cmds, parent_dir)
-
-    def dump_host(self, dump_dir=""):
-        if dump_dir:
-            self.dump_dir = dump_dir
-        env = os.environ.copy()
-        env['PATH'] = '/usr/sbin:/sbin:/usr/bin:/bin'
-        env['COLUMNS'] = '9999'
-        for cmd in self.cmds:
-            result = runCmd(cmd, ignore_status=True, env=env)
-            self._write_dump(cmd.split()[0], result.output)
-
 class TargetDumper(BaseDumper):
     """ Class to get dumps from target, it only works with QemuRunner.
         Will give up permanently after 5 errors from running commands over
diff --git a/poky/meta/lib/oeqa/utils/logparser.py b/poky/meta/lib/oeqa/utils/logparser.py
index 8054acc..496d9e0 100644
--- a/poky/meta/lib/oeqa/utils/logparser.py
+++ b/poky/meta/lib/oeqa/utils/logparser.py
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: MIT
 #
 
-import sys
+import enum
 import os
 import re
 
@@ -106,30 +106,48 @@
                     f.write(status + ": " + test_name + "\n")
 
 
-# ltp log parsing
-class LtpParser(object):
-    def __init__(self):
-        self.results = {}
-        self.section = {'duration': "", 'log': ""}
-
+class LtpParser:
+    """
+    Parse the machine-readable LTP log output into a ptest-friendly data structure.
+    """
     def parse(self, logfile):
-        test_regex = {}
-        test_regex['PASSED'] = re.compile(r"PASS")
-        test_regex['FAILED'] = re.compile(r"FAIL")
-        test_regex['SKIPPED'] = re.compile(r"SKIP")
+        results = {}
+        # Aaccumulate the duration here but as the log rounds quick tests down
+        # to 0 seconds this is very much a lower bound. The caller can replace
+        # the value.
+        section = {"duration": 0, "log": ""}
 
-        with open(logfile, errors='replace') as f:
+        class LtpExitCode(enum.IntEnum):
+            # Exit codes as defined in ltp/include/tst_res_flags.h
+            TPASS = 0  # Test passed flag
+            TFAIL = 1  # Test failed flag
+            TBROK = 2  # Test broken flag
+            TWARN = 4  # Test warning flag
+            TINFO = 16 # Test information flag
+            TCONF = 32 # Test not appropriate for configuration flag
+
+        with open(logfile, errors="replace") as f:
+            # Lines look like this:
+            # tag=cfs_bandwidth01 stime=1689762564 dur=0 exit=exited stat=32 core=no cu=0 cs=0
             for line in f:
-                for t in test_regex:
-                    result = test_regex[t].search(line)
-                    if result:
-                        self.results[line.split()[0].strip()] = t
+                if not line.startswith("tag="):
+                    continue
 
-        for test in self.results:
-            result = self.results[test]
-            self.section['log'] = self.section['log'] + ("%s: %s\n" % (result.strip()[:-2], test.strip()))
+                values = dict(s.split("=") for s in line.strip().split())
 
-        return self.results, self.section
+                section["duration"] += int(values["dur"])
+                exitcode = int(values["stat"])
+                if values["exit"] == "exited" and exitcode == LtpExitCode.TCONF:
+                    # Exited normally with the "invalid configuration" code
+                    results[values["tag"]] = "SKIPPED"
+                elif exitcode == LtpExitCode.TPASS:
+                    # Successful exit
+                    results[values["tag"]] = "PASSED"
+                else:
+                    # Other exit
+                    results[values["tag"]] = "FAILED"
+
+        return results, section
 
 
 # ltp Compliance log parsing
diff --git a/poky/meta/lib/oeqa/utils/qemurunner.py b/poky/meta/lib/oeqa/utils/qemurunner.py
index 0ef8cf0..22cf258 100644
--- a/poky/meta/lib/oeqa/utils/qemurunner.py
+++ b/poky/meta/lib/oeqa/utils/qemurunner.py
@@ -21,7 +21,6 @@
 import codecs
 import logging
 import tempfile
-from oeqa.utils.dump import HostDumper
 from collections import defaultdict
 import importlib
 
@@ -33,8 +32,8 @@
 
 class QemuRunner:
 
-    def __init__(self, machine, rootfs, display, tmpdir, deploy_dir_image, logfile, boottime, dump_dir, dump_host_cmds,
-                 use_kvm, logger, use_slirp=False, serial_ports=2, boot_patterns = defaultdict(str), use_ovmf=False, workdir=None, tmpfsdir=None):
+    def __init__(self, machine, rootfs, display, tmpdir, deploy_dir_image, logfile, boottime, dump_dir, use_kvm, logger, use_slirp=False,
+     serial_ports=2, boot_patterns = defaultdict(str), use_ovmf=False, workdir=None, tmpfsdir=None):
 
         # Popen object for runqemu
         self.runqemu = None
@@ -69,7 +68,6 @@
         if not workdir:
             workdir = os.getcwd()
         self.qemu_pidfile = workdir + '/pidfile_' + str(os.getpid())
-        self.host_dumper = HostDumper(dump_host_cmds, dump_dir)
         self.monitorpipe = None
 
         self.logger = logger
@@ -138,7 +136,6 @@
                 self.logger.error('runqemu exited with code %d' % self.runqemu.returncode)
                 self.logger.error('Output from runqemu:\n%s' % self.getOutput(self.runqemu.stdout))
                 self.stop()
-                self._dump_host()
 
     def start(self, qemuparams = None, get_ip = True, extra_bootparams = None, runqemuparams='', launch_cmd=None, discard_writes=True):
         env = os.environ.copy()
@@ -286,7 +283,6 @@
                 if self.runqemu.returncode:
                     # No point waiting any longer
                     self.logger.warning('runqemu exited with code %d' % self.runqemu.returncode)
-                    self._dump_host()
                     self.logger.warning("Output from runqemu:\n%s" % self.getOutput(output))
                     self.stop()
                     return False
@@ -314,7 +310,6 @@
             ps = subprocess.Popen(['ps', 'axww', '-o', 'pid,ppid,pri,ni,command '], stdout=subprocess.PIPE).communicate()[0]
             processes = ps.decode("utf-8")
             self.logger.debug("Running processes:\n%s" % processes)
-            self._dump_host()
             op = self.getOutput(output)
             self.stop()
             if op:
@@ -430,7 +425,6 @@
                     self.logger.error("Couldn't get ip from qemu command line and runqemu output! "
                                  "Here is the qemu command line used:\n%s\n"
                                  "and output from runqemu:\n%s" % (cmdline, out))
-                    self._dump_host()
                     self.stop()
                     return False
 
@@ -517,7 +511,6 @@
             lines = tail(bootlog if bootlog else self.msg)
             self.logger.warning("Last 25 lines of text (%d):\n%s" % (len(bootlog), lines))
             self.logger.warning("Check full boot log: %s" % self.logfile)
-            self._dump_host()
             self.stop()
             return False
 
@@ -698,13 +691,6 @@
                     status = 1
         return (status, str(data))
 
-
-    def _dump_host(self):
-        self.host_dumper.create_dir("qemu")
-        self.logger.warning("Qemu ended unexpectedly, dump data from host"
-                " is in %s" % self.host_dumper.dump_dir)
-        self.host_dumper.dump_host()
-
 # This class is for reading data from a socket and passing it to logfunc
 # to be processed. It's completely event driven and has a straightforward
 # event loop. The mechanism for stopping the thread is a simple pipe which
diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc
index 58b215d..4183969 100644
--- a/poky/meta/recipes-bsp/grub/grub2.inc
+++ b/poky/meta/recipes-bsp/grub/grub2.inc
@@ -46,10 +46,8 @@
 
 SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
 
-# Applies only to RHEL
-CVE_CHECK_IGNORE += "CVE-2019-14865"
-# Applies only to SUSE
-CVE_CHECK_IGNORE += "CVE-2021-46705"
+CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL"
+CVE_STATUS[CVE-2021-46705] = "not-applicable-platform: Applies only to SUSE"
 
 DEPENDS = "flex-native bison-native gettext-native"
 
diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-mkimage-Use-PATH_MAX-for-path-length.patch b/poky/meta/recipes-bsp/u-boot/files/0001-mkimage-Use-PATH_MAX-for-path-length.patch
deleted file mode 100644
index 9f38736..0000000
--- a/poky/meta/recipes-bsp/u-boot/files/0001-mkimage-Use-PATH_MAX-for-path-length.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From dcd3d272975863128e25a4e25453cb6521cddc53 Mon Sep 17 00:00:00 2001
-From: Mingli Yu <mingli.yu@windriver.com>
-Date: Wed, 14 Jun 2023 16:09:59 +0800
-Subject: [PATCH] mkimage: Use PATH_MAX for path length
-
-Fixed when build xilinx_zynqmp in long directory ( >256):
-  |  /buildarea1/testtest/wr_build/wr1023test_secureboot/test1-what/test2-what/test3-what/test4-what/test5-what/test6-what/test7-what/test8-what/test9-what/test10-what/test11-what/test12-what/build/tmp-glibc/work/xilinx_zynqmp-wrs-linux/u-boot-xlnx/1_v2023.01-xilinx-v2023.1+gitAUTOINC+40a08d69e7-r0/build/fitImage-linux: Image file name (uboot-mkimage) too long, can't create tmpfile.
-  | Error: Bad parameters for FIT image type
-
-Upstream-Status: Submitted [https://patchwork.ozlabs.org/project/uboot/patch/20230619062250.3244894-1-mingli.yu@eng.windriver.com/]
-
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
----
- tools/mkimage.h | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/tools/mkimage.h b/tools/mkimage.h
-index f5ca65e2ed..d92a3ff811 100644
---- a/tools/mkimage.h
-+++ b/tools/mkimage.h
-@@ -17,6 +17,7 @@
- #include <sys/stat.h>
- #include <time.h>
- #include <unistd.h>
-+#include <limits.h>
- #include <u-boot/sha1.h>
- #include "fdt_host.h"
- #include "imagetool.h"
-@@ -44,7 +45,7 @@ static inline ulong map_to_sysmem(void *ptr)
- #define ALLOC_CACHE_ALIGN_BUFFER(type, name, size) type name[size]
- 
- #define MKIMAGE_TMPFILE_SUFFIX		".tmp"
--#define MKIMAGE_MAX_TMPFILE_LEN		256
-+#define MKIMAGE_MAX_TMPFILE_LEN		PATH_MAX
- #define MKIMAGE_DEFAULT_DTC_OPTIONS	"-I dts -O dtb -p 500"
- #define MKIMAGE_MAX_DTC_CMDLINE_LEN	2 * MKIMAGE_MAX_TMPFILE_LEN + 35
- 
--- 
-2.25.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc
index 8a2e9ae..1119148 100644
--- a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc
+++ b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc
@@ -12,9 +12,9 @@
 
 # We use the revision in order to avoid having to fetch it from the
 # repo during parse
-SRCREV = "fd4ed6b7e83ec3aea9a2ce21baea8ca9676f40dd"
+SRCREV = "83cdab8b2c6ea0fc0860f8444d083353b47f1d5c"
 
-SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master"
+SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=u-boot-2023.07.y"
 
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build"
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.04.bb b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.04.bb
deleted file mode 100644
index b77a49a..0000000
--- a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.04.bb
+++ /dev/null
@@ -1,6 +0,0 @@
-require u-boot-common.inc
-require u-boot-tools.inc
-
-SRC_URI += " \
-    file://0001-mkimage-Use-PATH_MAX-for-path-length.patch \
-"
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.07.02.bb b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.07.02.bb
new file mode 100644
index 0000000..7eaf721
--- /dev/null
+++ b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.07.02.bb
@@ -0,0 +1,2 @@
+require u-boot-common.inc
+require u-boot-tools.inc
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot_2023.04.bb b/poky/meta/recipes-bsp/u-boot/u-boot_2023.07.02.bb
similarity index 100%
rename from poky/meta/recipes-bsp/u-boot/u-boot_2023.04.bb
rename to poky/meta/recipes-bsp/u-boot/u-boot_2023.07.02.bb
diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
index 1764997..d1c6f7f 100644
--- a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -32,8 +32,7 @@
 SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7"
 SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda"
 
-# Issue only affects Debian/SUSE, not us
-CVE_CHECK_IGNORE += "CVE-2021-26720"
+CVE_STATUS[CVE-2021-26720] = "not-applicable-platform: Issue only affects Debian/SUSE"
 
 DEPENDS = "expat libcap libdaemon glib-2.0 glib-2.0-native"
 
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/0001-avoid-start-failure-with-bind-user.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/0001-avoid-start-failure-with-bind-user.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.15/0001-avoid-start-failure-with-bind-user.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.16/0001-avoid-start-failure-with-bind-user.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/0001-named-lwresd-V-and-start-log-hide-build-options.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.15/0001-named-lwresd-V-and-start-log-hide-build-options.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.16/0001-named-lwresd-V-and-start-log-hide-build-options.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/bind-ensure-searching-for-json-headers-searches-sysr.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.15/bind-ensure-searching-for-json-headers-searches-sysr.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.16/bind-ensure-searching-for-json-headers-searches-sysr.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/bind9 b/poky/meta/recipes-connectivity/bind/bind-9.18.16/bind9
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.15/bind9
rename to poky/meta/recipes-connectivity/bind/bind-9.18.16/bind9
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/conf.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/conf.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.15/conf.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.16/conf.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/generate-rndc-key.sh b/poky/meta/recipes-connectivity/bind/bind-9.18.16/generate-rndc-key.sh
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.15/generate-rndc-key.sh
rename to poky/meta/recipes-connectivity/bind/bind-9.18.16/generate-rndc-key.sh
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/init.d-add-support-for-read-only-rootfs.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/init.d-add-support-for-read-only-rootfs.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.15/init.d-add-support-for-read-only-rootfs.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.16/init.d-add-support-for-read-only-rootfs.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/make-etc-initd-bind-stop-work.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/make-etc-initd-bind-stop-work.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.15/make-etc-initd-bind-stop-work.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.16/make-etc-initd-bind-stop-work.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/named.service b/poky/meta/recipes-connectivity/bind/bind-9.18.16/named.service
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.15/named.service
rename to poky/meta/recipes-connectivity/bind/bind-9.18.16/named.service
diff --git a/poky/meta/recipes-connectivity/bind/bind_9.18.15.bb b/poky/meta/recipes-connectivity/bind/bind_9.18.16.bb
similarity index 93%
rename from poky/meta/recipes-connectivity/bind/bind_9.18.15.bb
rename to poky/meta/recipes-connectivity/bind/bind_9.18.16.bb
index 80164aa..d9b62bb 100644
--- a/poky/meta/recipes-connectivity/bind/bind_9.18.15.bb
+++ b/poky/meta/recipes-connectivity/bind/bind_9.18.16.bb
@@ -20,7 +20,7 @@
            file://0001-avoid-start-failure-with-bind-user.patch \
            "
 
-SRC_URI[sha256sum] = "28ae8db14862801bc2bd4fd820db00667d3f1ff9ae9cc2d06a0ef7810fed7a4e"
+SRC_URI[sha256sum] = "c88234fe07ee75c3c8a9e59152fee64b714643de8e22cf98da3db4d0b57e0775"
 
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
 # follow the ESV versions divisible by 2
@@ -28,7 +28,7 @@
 
 # Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore
 # so the issue doesn't affect us.
-CVE_CHECK_IGNORE += "CVE-2019-6470"
+CVE_STATUS[CVE-2019-6470] = "not-applicable-config: Issue only affects dhcpd with recent bind versions and we don't ship dhcpd anymore."
 
 inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives
 
@@ -39,7 +39,7 @@
 PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit"
 PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2"
 
-EXTRA_OECONF = " --disable-devpoll --disable-auto-validation --enable-epoll \
+EXTRA_OECONF = " --disable-auto-validation \
                  --with-gssapi=no --with-lmdb=no --with-zlib \
                  --sysconfdir=${sysconfdir}/bind \
                  --with-openssl=${STAGING_DIR_HOST}${prefix} \
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
index e10158a..d2ee2b4 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -55,6 +55,7 @@
            file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
            file://0001-test-gatt-Fix-hung-issue.patch \
            file://0004-src-shared-util.c-include-linux-limits.h.patch \
+           file://fix-check-ell-path.patch \
            "
 S = "${WORKDIR}/bluez-${PV}"
 
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/fix-check-ell-path.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/fix-check-ell-path.patch
new file mode 100644
index 0000000..7afa639
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/fix-check-ell-path.patch
@@ -0,0 +1,39 @@
+Upstream-Status: Submitted [https://marc.info/?l=linux-bluetooth&m=168818474411163&w=2]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+From linux-bluetooth  Sat Jul 01 04:12:52 2023
+From: Rudi Heitbaum <rudi () heitbaum ! com>
+Date: Sat, 01 Jul 2023 04:12:52 +0000
+To: linux-bluetooth
+Subject: [PATCH] configure: Fix check ell path for cross compiling
+Message-Id: <20230701041252.139338-1-rudi () heitbaum ! com>
+X-MARC-Message: https://marc.info/?l=linux-bluetooth&m=168818474411163
+
+Use of AC_CHECK_FILE prevents cross compilation.
+Instead use test to support cross compiling.
+
+Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com>
+---
+ configure.ac | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index eff297960..bc7edfcd3 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -298,9 +298,10 @@ if (test "${enable_external_ell}" = "yes"); then
+ 	AC_SUBST(ELL_LIBS)
+ fi
+ if (test "${enable_external_ell}" != "yes"); then
+-	AC_CHECK_FILE(${srcdir}/ell/ell.h, dummy=yes,
+-			AC_CHECK_FILE(${srcdir}/../ell/ell/ell.h, dummy=yes,
+-				AC_MSG_ERROR(ELL source is required or use --enable-external-ell)))
++	if (test ! -f ${srcdir}/ell/ell.h) &&
++			(test ! -f ${srcdir}/../ell/ell/ell.h); then
++				AC_MSG_ERROR(ELL source is required or use --enable-external-ell)
++	fi
+ fi
+ AM_CONDITIONAL(EXTERNAL_ELL, test "${enable_external_ell}" = "yes" ||
+ 				(test "${enable_btpclient}" != "yes" &&
+-- 
+2.34.1
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.66.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.68.bb
similarity index 84%
rename from poky/meta/recipes-connectivity/bluez5/bluez5_5.66.bb
rename to poky/meta/recipes-connectivity/bluez5/bluez5_5.68.bb
index 2208b73..f8405ed 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.66.bb
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.68.bb
@@ -1,9 +1,9 @@
 require bluez5.inc
 
-SRC_URI[sha256sum] = "39fea64b590c9492984a0c27a89fc203e1cdc74866086efb8f4698677ab2b574"
+SRC_URI[sha256sum] = "fc505e6445cb579a55cacee6821fe70d633921522043d322b696de0a175ff933"
 
-# These issues have kernel fixes rather than bluez fixes so exclude here
-CVE_CHECK_IGNORE += "CVE-2020-12352 CVE-2020-24490"
+CVE_STATUS[CVE-2022-3563] = "cpe-incorrect: This issues have kernel fixes rather than bluez fixes"
+CVE_STATUS[CVE-2022-3637] = "cpe-incorrect: This issues have kernel fixes rather than bluez fixes"
 
 # noinst programs in Makefile.tools that are conditional on READLINE
 # support
diff --git a/poky/meta/recipes-connectivity/libuv/libuv_1.45.0.bb b/poky/meta/recipes-connectivity/libuv/libuv_1.46.0.bb
similarity index 85%
rename from poky/meta/recipes-connectivity/libuv/libuv_1.45.0.bb
rename to poky/meta/recipes-connectivity/libuv/libuv_1.46.0.bb
index 456cb2f..c9aa25c 100644
--- a/poky/meta/recipes-connectivity/libuv/libuv_1.45.0.bb
+++ b/poky/meta/recipes-connectivity/libuv/libuv_1.46.0.bb
@@ -6,8 +6,8 @@
 LIC_FILES_CHKSUM = "file://LICENSE;md5=74b6f2f7818a4e3a80d03556f71b129b \
                     file://LICENSE-extra;md5=f9307417749e19bd1d6d68a394b49324"
 
-SRCREV = "96e05543f53b19d9642b4b0dd73b86ad3cea313e"
-SRC_URI = "git://github.com/libuv/libuv.git;branch=master;protocol=https"
+SRCREV = "f0bb7e40f0508bedf6fad33769b3f87bb8aedfa6"
+SRC_URI = "git://github.com/libuv/libuv.git;branch=v1.x;protocol=https"
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
 
 S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_9.3p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_9.3p1.bb
index 42ce814..3edc123 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh_9.3p1.bb
+++ b/poky/meta/recipes-connectivity/openssh/openssh_9.3p1.bb
@@ -28,15 +28,14 @@
            "
 SRC_URI[sha256sum] = "e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8"
 
-# This CVE is specific to OpenSSH with the pam opie which we don't build/use here
-CVE_CHECK_IGNORE += "CVE-2007-2768"
+CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here."
 
 # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7
 # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
-CVE_CHECK_IGNORE += "CVE-2014-9278"
+CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to OpenSSH server, as used in Fedora and \
+Red Hat Enterprise Linux 7 and when running in a Kerberos environment"
 
-# CVE only applies to some distributed RHEL binaries
-CVE_CHECK_IGNORE += "CVE-2008-3844"
+CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries."
 
 PAM_SRC_URI = "file://sshd"
 
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb
index f5f3f32..c2a7173 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb
@@ -137,7 +137,9 @@
 	fi
 	# WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
 	# environment variables set by bitbake. Adjust the environment variables instead.
-	HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
+	PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)"
+	test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!"
+	HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \
 	perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target
 	perl ${B}/configdata.pm --dump
 }
@@ -253,6 +255,5 @@
 
 CVE_VERSION_SUFFIX = "alphabetical"
 
-# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
 # Apache in meta-webserver is already recent enough
-CVE_CHECK_IGNORE += "CVE-2019-0190"
+CVE_STATUS[CVE-2019-0190] = "not-applicable-config: Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37"
diff --git a/poky/meta/recipes-core/coreutils/coreutils_9.3.bb b/poky/meta/recipes-core/coreutils/coreutils_9.3.bb
index 25da988..ba38169 100644
--- a/poky/meta/recipes-core/coreutils/coreutils_9.3.bb
+++ b/poky/meta/recipes-core/coreutils/coreutils_9.3.bb
@@ -23,8 +23,8 @@
 SRC_URI[sha256sum] = "adbcfcfe899235b71e8768dcf07cd532520b7f54f9a8064843f8d199a904bbaa"
 
 # http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
-# runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue.
-CVE_CHECK_IGNORE += "CVE-2016-2781"
+# 
+CVE_STATUS[CVE-2016-2781] = "disputed: runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue."
 
 EXTRA_OECONF:class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}"
 EXTRA_OECONF:class-nativesdk = "--enable-install-program=arch,hostname"
diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.3.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.4.bb
similarity index 96%
rename from poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.3.bb
rename to poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.4.bb
index 4327a13..64a3c6d 100644
--- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.3.bb
+++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.4.bb
@@ -19,7 +19,7 @@
            "
 SRC_URI:append:class-native = " file://relocate-modules.patch"
 
-SRC_URI[sha256sum] = "c0be444e403d7c3184d1f394f89f0b644710b5e9331b54fa4e8b5037813ad32a"
+SRC_URI[sha256sum] = "5a5a191c96836e166a7771f7ea6ca2b0069c603c7da3cba1cd38d1694a395dda"
 
 # Find any meson cross files in FILESPATH that are relevant for the current
 # build (using siteinfo) and add them to EXTRA_OEMESON.
diff --git a/poky/meta/recipes-core/glib-networking/glib-networking_2.76.0.bb b/poky/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
similarity index 94%
rename from poky/meta/recipes-core/glib-networking/glib-networking_2.76.0.bb
rename to poky/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
index 75c031e..8e7290c 100644
--- a/poky/meta/recipes-core/glib-networking/glib-networking_2.76.0.bb
+++ b/poky/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
@@ -14,7 +14,7 @@
 SECTION = "libs"
 DEPENDS = "glib-2.0-native glib-2.0"
 
-SRC_URI[archive.sha256sum] = "149a05a179e629a538be25662aa324b499d7c4549c5151db5373e780a1bf1b9a"
+SRC_URI[archive.sha256sum] = "5c698a9994dde51efdfb1026a56698a221d6250e89dc50ebcddda7b81480a42b"
 
 PACKAGECONFIG ??= "openssl environment ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
 
diff --git a/poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb b/poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb
index e8ad2a9..2e076f4 100644
--- a/poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb
+++ b/poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb
@@ -16,6 +16,7 @@
 TOOLCHAIN_TEST_HOST_PORT ??= "2222"
 
 do_check[nostamp] = "1"
+do_check[network] = "1"
 do_check:append () {
     chmod 0755 ${WORKDIR}/check-test-wrapper
 
diff --git a/poky/meta/recipes-core/glibc/glibc_2.37.bb b/poky/meta/recipes-core/glibc/glibc_2.37.bb
index 3387441..851aa61 100644
--- a/poky/meta/recipes-core/glibc/glibc_2.37.bb
+++ b/poky/meta/recipes-core/glibc/glibc_2.37.bb
@@ -4,18 +4,19 @@
 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022
 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023
 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024
-# Upstream glibc maintainers dispute there is any issue and have no plans to address it further.
-# "this is being treated as a non-security bug and no real threat."
-CVE_CHECK_IGNORE += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024"
+CVE_STATUS_GROUPS = "CVE_STATUS_RECIPE"
+CVE_STATUS_RECIPE = "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024"
+CVE_STATUS_RECIPE[status] = "disputed: \
+Upstream glibc maintainers dispute there is any issue and have no plans to address it further. \
+this is being treated as a non-security bug and no real threat."
 
 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025
-# Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow
-# easier access for another. "ASLR bypass itself is not a vulnerability."
 # Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853
-CVE_CHECK_IGNORE += "CVE-2019-1010025"
+CVE_STATUS[CVE-2019-1010025] = "disputed: \
+Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow \
+easier access for another. 'ASLR bypass itself is not a vulnerability.'"
 
-# This is integrated into the 2.37 branch as of 07b9521fc6
-CVE_CHECK_IGNORE += "CVE-2023-25139"
+CVE_STATUS[CVE-2023-25139] = "cpe-stable-backport: This is integrated into the 2.37 branch as of 07b9521fc6"
 
 DEPENDS += "gperf-native bison-native"
 
diff --git a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb
index 5dbd619..16425ea 100644
--- a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb
+++ b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb
@@ -42,6 +42,11 @@
 	install -m 0644 ifup.8 ${D}${mandir}/man8
 	install -m 0644 interfaces.5 ${D}${mandir}/man5
 	cd ${D}${mandir}/man8 && ln -s ifup.8 ifdown.8
+
+	install -d ${D}${sysconfdir}/network/if-pre-up.d
+	install -d ${D}${sysconfdir}/network/if-up.d
+	install -d ${D}${sysconfdir}/network/if-down.d
+	install -d ${D}${sysconfdir}/network/if-post-down.d
 }
 
 do_install_ptest () {
diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index 05148ac..4ece229 100644
--- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -26,7 +26,7 @@
 
 REQUIRED_DISTRO_FEATURES += "xattr"
 
-SRCREV ?= "581edf20120cd383e8dea0693239629e7547bb7e"
+SRCREV ?= "679b7b6700ec1355a5b15a51c90a7ee339bee97c"
 SRC_URI = "git://git.yoctoproject.org/poky;branch=master \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \
@@ -133,9 +133,9 @@
 	cd ${WORKDIR}
 	mkdir -p Yocto_Build_Appliance
 	cp *.vmx* Yocto_Build_Appliance
-	ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.wic.vmdk Yocto_Build_Appliance/Yocto_Build_Appliance.vmdk
-	ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.wic.vhdx Yocto_Build_Appliance/Yocto_Build_Appliance.vhdx
-	ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.wic.vhd Yocto_Build_Appliance/Yocto_Build_Appliance.vhd
+	ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}.wic.vmdk Yocto_Build_Appliance/Yocto_Build_Appliance.vmdk
+	ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}.wic.vhdx Yocto_Build_Appliance/Yocto_Build_Appliance.vhdx
+	ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}.wic.vhd Yocto_Build_Appliance/Yocto_Build_Appliance.vhd
 	zip -r ${IMGDEPLOYDIR}/Yocto_Build_Appliance-${DATETIME}.zip Yocto_Build_Appliance
 	ln -sf Yocto_Build_Appliance-${DATETIME}.zip ${IMGDEPLOYDIR}/Yocto_Build_Appliance.zip
 }
diff --git a/poky/meta/recipes-core/images/core-image-ptest.bb b/poky/meta/recipes-core/images/core-image-ptest.bb
index 90c2664..74cf933 100644
--- a/poky/meta/recipes-core/images/core-image-ptest.bb
+++ b/poky/meta/recipes-core/images/core-image-ptest.bb
@@ -19,12 +19,14 @@
 # strace-ptest in particular needs more than 500MB
 IMAGE_OVERHEAD_FACTOR = "1.0"
 IMAGE_ROOTFS_EXTRA_SPACE = "324288"
+IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-mdadm = "1524288"
 IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1024288"
 IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-lttng-tools = "1524288"
 
 # ptests need more memory than standard to avoid the OOM killer
 QB_MEM = "-m 1024"
 QB_MEM:virtclass-mcextend-lttng-tools = "-m 4096"
+QB_MEM:virtclass-mcextend-python3 = "-m 2048"
 QB_MEM:virtclass-mcextend-python3-cryptography = "-m 4096"
 
 TEST_SUITES = "ping ssh parselogs ptest"
diff --git a/poky/meta/recipes-core/kbd/kbd_2.5.1.bb b/poky/meta/recipes-core/kbd/kbd_2.6.0.bb
similarity index 94%
rename from poky/meta/recipes-core/kbd/kbd_2.5.1.bb
rename to poky/meta/recipes-core/kbd/kbd_2.6.0.bb
index 7662b8f..9a3e0a7 100644
--- a/poky/meta/recipes-core/kbd/kbd_2.5.1.bb
+++ b/poky/meta/recipes-core/kbd/kbd_2.6.0.bb
@@ -16,7 +16,7 @@
 SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/${BP}.tar.xz \
            "
 
-SRC_URI[sha256sum] = "ccdf452387a6380973d2927363e9cbb939fa2068915a6f937ff9d24522024683"
+SRC_URI[sha256sum] = "9c159433db5df8ef31d86b42f5b09d32311bdda2ed35107fb1926243da60b28a"
 
 EXTRA_OECONF = "--disable-tests"
 PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.34.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb
similarity index 100%
rename from poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.34.bb
rename to poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc
index 4d145cf..ba93d91 100644
--- a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc
+++ b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc
@@ -10,19 +10,13 @@
 inherit autotools pkgconfig
 
 SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=https"
-SRCREV = "e80cfde51bb4fe4bcf27585810e0b4ea3d1e4d7d"
+SRCREV = "f531a36aa916a22ef2ce7d270ba381e264250cbf"
 SRCBRANCH ?= "master"
 
 SRC_URI += "file://fix_cflags_handling.patch"
 
 PROVIDES = "virtual/crypt"
 
-FILES:${PN} = "${libdir}/libcrypt*.so.* \
-               ${libdir}/libcrypt-*.so \
-               ${libdir}/libowcrypt*.so.* \
-               ${libdir}/libowcrypt-*.so \
-"
-
 S = "${WORKDIR}/git"
 
 BUILD_CPPFLAGS = "-I${STAGING_INCDIR_NATIVE}"
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.34.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.36.bb
similarity index 100%
rename from poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.34.bb
rename to poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.36.bb
diff --git a/poky/meta/recipes-core/libxml/libxml2/fix-tests.patch b/poky/meta/recipes-core/libxml/libxml2/fix-tests.patch
deleted file mode 100644
index 80678ef..0000000
--- a/poky/meta/recipes-core/libxml/libxml2/fix-tests.patch
+++ /dev/null
@@ -1,222 +0,0 @@
-Backport the following patches to fix the reader2 and runsuite test cases:
-
-b92768cd tests: Enable "runsuite" test
-0ac8c15e python/tests/reader2: use absolute paths everywhere
-b9ba5e1d python/tests/reader2: always exit(1) if a test fails
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-diff --git a/python/tests/reader2.py b/python/tests/reader2.py
-index 65cecd47..6e6353b4 100755
---- a/python/tests/reader2.py
-+++ b/python/tests/reader2.py
-@@ -6,7 +6,6 @@
- import sys
- import glob
- import os
--import string
- import libxml2
- try:
-     import StringIO
-@@ -20,103 +19,104 @@ libxml2.debugMemory(1)
- 
- err = ""
- basedir = os.path.dirname(os.path.realpath(__file__))
--dir_prefix = os.path.join(basedir, "../../test/valid/")
-+dir_prefix = os.path.realpath(os.path.join(basedir, "..", "..", "test", "valid"))
-+
- # This dictionary reflects the contents of the files
- # ../../test/valid/*.xml.err that are not empty, except that
- # the file paths in the messages start with ../../test/
- 
- expect = {
-     '766956':
--"""../../test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+"""{0}/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
- %ä%ent;
-    ^
--../../test/valid/dtds/766956.dtd:2: parser error : Content error in the external subset
-+{0}/dtds/766956.dtd:2: parser error : Content error in the external subset
- %ä%ent;
-         ^
- Entity: line 1: 
- value
- ^
--""",
-+""".format(dir_prefix),
-     '781333':
--"""../../test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got 
-+"""{0}/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got 
- <a/>
-     ^
--../../test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
-+{0}/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
- 
- ^
--""",
-+""".format(dir_prefix),
-     'cond_sect2':
--"""../../test/valid/dtds/cond_sect2.dtd:15: parser error : All markup of the conditional section is not in the same entity
-+"""{0}/dtds/cond_sect2.dtd:15: parser error : All markup of the conditional section is not in the same entity
-     %ent;
-          ^
- Entity: line 1: 
- ]]>
- ^
--../../test/valid/dtds/cond_sect2.dtd:17: parser error : Content error in the external subset
-+{0}/dtds/cond_sect2.dtd:17: parser error : Content error in the external subset
- 
- ^
--""",
-+""".format(dir_prefix),
-     'rss':
--"""../../test/valid/rss.xml:177: element rss: validity error : Element rss does not carry attribute version
-+"""{0}/rss.xml:177: element rss: validity error : Element rss does not carry attribute version
- </rss>
-       ^
--""",
-+""".format(dir_prefix),
-     't8':
--"""../../test/valid/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+"""{0}/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
- 
- %defroot; %defmiddle; %deftest;
-          ^
- Entity: line 1: 
- &lt;!ELEMENT root (middle) >
- ^
--../../test/valid/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+{0}/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
- 
- %defroot; %defmiddle; %deftest;
-                      ^
- Entity: line 1: 
- &lt;!ELEMENT middle (test) >
- ^
--../../test/valid/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+{0}/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
- 
- %defroot; %defmiddle; %deftest;
-                                ^
- Entity: line 1: 
- &lt;!ELEMENT test (#PCDATA) >
- ^
--""",
-+""".format(dir_prefix),
-     't8a':
--"""../../test/valid/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+"""{0}/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
- 
- %defroot;%defmiddle;%deftest;
-          ^
- Entity: line 1: 
- &lt;!ELEMENT root (middle) >
- ^
--../../test/valid/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+{0}/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
- 
- %defroot;%defmiddle;%deftest;
-                     ^
- Entity: line 1: 
- &lt;!ELEMENT middle (test) >
- ^
--../../test/valid/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+{0}/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
- 
- %defroot;%defmiddle;%deftest;
-                              ^
- Entity: line 1: 
- &lt;!ELEMENT test (#PCDATA) >
- ^
--""",
-+""".format(dir_prefix),
-     'xlink':
--"""../../test/valid/xlink.xml:450: element termdef: validity error : ID dt-arc already defined
-+"""{0}/xlink.xml:450: element termdef: validity error : ID dt-arc already defined
- 	<p><termdef id="dt-arc" term="Arc">An <ter
- 	                                  ^
- validity error : attribute def line 199 references an unknown ID "dt-xlg"
--""",
-+""".format(dir_prefix),
- }
- 
- # Add prefix_dir and extension to the keys
--expect = {"{}{}.xml".format(dir_prefix, key): val for key, val in expect.items()}
-+expect = {os.path.join(dir_prefix, key + ".xml"): val for key, val in expect.items()}
- 
- def callback(ctx, str):
-     global err
-@@ -124,11 +124,12 @@ def callback(ctx, str):
- libxml2.registerErrorHandler(callback, "")
- 
- parsing_error_files = ["766956", "cond_sect2", "t8", "t8a"]
--expect_parsing_error = ["{}{}.xml".format(dir_prefix, f) for f in parsing_error_files]
-+expect_parsing_error = [os.path.join(dir_prefix, f + ".xml") for f in parsing_error_files]
- 
--valid_files = glob.glob(dir_prefix + "*.x*")
-+valid_files = glob.glob(os.path.join(dir_prefix, "*.x*"))
- assert valid_files, "found no valid files in '{}'".format(dir_prefix)
- valid_files.sort()
-+failures = 0
- for file in valid_files:
-     err = ""
-     reader = libxml2.newTextReaderFilename(file)
-@@ -142,9 +143,15 @@ for file in valid_files:
-         #sys.exit(1)
-     if (err):
-         if not(file in expect and err == expect[file]):
-+            failures += 1
-             print("Error: ", err)
-             if file in expect:
-                 print("Expected: ", expect[file])
-+
-+if failures:
-+    print("Failed %d tests" % failures)
-+    sys.exit(1)
-+
- #
- # another separate test based on Stephane Bidoul one
- #
-@@ -337,9 +344,11 @@ while reader.Read() == 1:
- if res != expect:
-     print("test5 failed: unexpected output")
-     print(res)
-+    sys.exit(1)
- if err != "":
-     print("test5 failed: validation error found")
-     print(err)
-+    sys.exit(1)
- 
- #
- # cleanup
-diff --git a/runsuite.c b/runsuite.c
-index 483490a2..a522d24b 100644
---- a/runsuite.c
-+++ b/runsuite.c
-@@ -1054,13 +1054,18 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) {
-     old_tests = nb_tests;
-     old_leaks = nb_leaks;
-     xsdTest();
--    if ((nb_errors == old_errors) && (nb_leaks == old_leaks))
--	printf("Ran %d tests, no errors\n", nb_tests - old_tests);
--    else
--	printf("Ran %d tests, %d errors, %d leaks\n",
--	       nb_tests - old_tests,
--	       nb_errors - old_errors,
--	       nb_leaks - old_leaks);
-+    printf("Ran %d tests, %d errors, %d leaks\n",
-+           nb_tests - old_tests,
-+           nb_errors - old_errors,
-+           nb_leaks - old_leaks);
-+    if (nb_errors - old_errors == 10) {
-+        printf("10 errors were expected\n");
-+        nb_errors = old_errors;
-+    } else {
-+        printf("10 errors were expected, got %d errors\n",
-+               nb_errors - old_errors);
-+        nb_errors = old_errors + 1;
-+    }
-     old_errors = nb_errors;
-     old_tests = nb_tests;
-     old_leaks = nb_leaks;
diff --git a/poky/meta/recipes-core/libxml/libxml2/install-tests.patch b/poky/meta/recipes-core/libxml/libxml2/install-tests.patch
index b770afb..14ccce5 100644
--- a/poky/meta/recipes-core/libxml/libxml2/install-tests.patch
+++ b/poky/meta/recipes-core/libxml/libxml2/install-tests.patch
@@ -1,19 +1,19 @@
+From 3fc716357ce1372d9418dc86f24315b34d9808de Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Mon, 5 Dec 2022 17:02:32 +0000
+Subject: [PATCH] add yocto-specific install-ptest target
+
 Add a target to install the test suite.
 
 Upstream-Status: Inappropriate
 Signed-off-by: Ross Burton <ross.burton@arm.com>
 
-From c7809dc6947324ea506a0c2bf132ecd37156f211 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@arm.com>
-Date: Mon, 5 Dec 2022 17:02:32 +0000
-Subject: [PATCH] add yocto-specific install-ptest target
-
 ---
  Makefile.am | 10 ++++++++++
  1 file changed, 10 insertions(+)
 
 diff --git a/Makefile.am b/Makefile.am
-index 316109b1..15e100be 100644
+index 5bc4018..57d27af 100644
 --- a/Makefile.am
 +++ b/Makefile.am
 @@ -26,6 +26,16 @@ check_PROGRAMS = \
@@ -32,7 +32,4 @@
 +
  bin_PROGRAMS = xmllint xmlcatalog
  
- nodist_bin_SCRIPTS = xml2-config
--- 
-2.34.1
-
+ bin_SCRIPTS = xml2-config
diff --git a/poky/meta/recipes-core/libxml/libxml2/libxml-64bit.patch b/poky/meta/recipes-core/libxml/libxml2/libxml-64bit.patch
deleted file mode 100644
index fd8e469..0000000
--- a/poky/meta/recipes-core/libxml/libxml2/libxml-64bit.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 056b14345b1abd76a761ab14538f1bc21302781a Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Sat, 11 May 2019 20:26:51 +0800
-Subject: [PATCH] libxml 64bit
-
-Upstream-Status: Backport [from debian: bugs.debian.org/439843]
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- libxml.h | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/libxml.h b/libxml.h
-index 64e30f7..4e80d90 100644
---- a/libxml.h
-+++ b/libxml.h
-@@ -15,6 +15,9 @@
- #ifndef _LARGEFILE_SOURCE
- #define _LARGEFILE_SOURCE
- #endif
-+#ifndef _LARGEFILE64_SOURCE
-+#define _LARGEFILE64_SOURCE
-+#endif
- #ifndef _FILE_OFFSET_BITS
- #define _FILE_OFFSET_BITS 64
- #endif
--- 
-2.7.4
-
diff --git a/poky/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/poky/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
deleted file mode 100644
index 639c80b..0000000
--- a/poky/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
+++ /dev/null
@@ -1,212 +0,0 @@
-Change the AM_PATH_XML2 macros to use pkg-config instead of xml2-config.
-
-Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/d598d8af0913b6e3d4e61ffa62397a275b669dca]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
- libxml.m4 | 189 ++----------------------------------------------------
- 1 file changed, 5 insertions(+), 184 deletions(-)
-
-diff --git a/libxml.m4 b/libxml.m4
-index fc7790c..1c53585 100644
---- a/libxml.m4
-+++ b/libxml.m4
-@@ -1,191 +1,12 @@
--# Configure paths for LIBXML2
--# Simon Josefsson 2020-02-12
--# Fix autoconf 2.70+ warnings
--# Mike Hommey 2004-06-19
--# use CPPFLAGS instead of CFLAGS
--# Toshio Kuratomi 2001-04-21
--# Adapted from:
--# Configure paths for GLIB
--# Owen Taylor     97-11-3
--
- dnl AM_PATH_XML2([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]]])
- dnl Test for XML, and define XML_CPPFLAGS and XML_LIBS
- dnl
--AC_DEFUN([AM_PATH_XML2],[ 
--AC_ARG_WITH(xml-prefix,
--            [  --with-xml-prefix=PFX   Prefix where libxml is installed (optional)],
--            xml_config_prefix="$withval", xml_config_prefix="")
--AC_ARG_WITH(xml-exec-prefix,
--            [  --with-xml-exec-prefix=PFX Exec prefix where libxml is installed (optional)],
--            xml_config_exec_prefix="$withval", xml_config_exec_prefix="")
--AC_ARG_ENABLE(xmltest,
--              [  --disable-xmltest       Do not try to compile and run a test LIBXML program],,
--              enable_xmltest=yes)
--
--  if test x$xml_config_exec_prefix != x ; then
--     xml_config_args="$xml_config_args"
--     if test x${XML2_CONFIG+set} != xset ; then
--        XML2_CONFIG=$xml_config_exec_prefix/bin/xml2-config
--     fi
--  fi
--  if test x$xml_config_prefix != x ; then
--     xml_config_args="$xml_config_args --prefix=$xml_config_prefix"
--     if test x${XML2_CONFIG+set} != xset ; then
--        XML2_CONFIG=$xml_config_prefix/bin/xml2-config
--     fi
--  fi
--
--  AC_PATH_PROG(XML2_CONFIG, xml2-config, no)
--  min_xml_version=ifelse([$1], ,2.0.0,[$1])
--  AC_MSG_CHECKING(for libxml - version >= $min_xml_version)
--  no_xml=""
--  if test "$XML2_CONFIG" = "no" ; then
--    no_xml=yes
--  else
--    XML_CPPFLAGS=`$XML2_CONFIG $xml_config_args --cflags`
--    XML_LIBS=`$XML2_CONFIG $xml_config_args --libs`
--    xml_config_major_version=`$XML2_CONFIG $xml_config_args --version | \
--           sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\1/'`
--    xml_config_minor_version=`$XML2_CONFIG $xml_config_args --version | \
--           sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\2/'`
--    xml_config_micro_version=`$XML2_CONFIG $xml_config_args --version | \
--           sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\3/'`
--    if test "x$enable_xmltest" = "xyes" ; then
--      ac_save_CPPFLAGS="$CPPFLAGS"
--      ac_save_LIBS="$LIBS"
--      CPPFLAGS="$CPPFLAGS $XML_CPPFLAGS"
--      LIBS="$XML_LIBS $LIBS"
--dnl
--dnl Now check if the installed libxml is sufficiently new.
--dnl (Also sanity checks the results of xml2-config to some extent)
--dnl
--      rm -f conf.xmltest
--      AC_RUN_IFELSE(
--            [AC_LANG_SOURCE([[
--#include <stdlib.h>
--#include <stdio.h>
--#include <string.h>
--#include <libxml/xmlversion.h>
--
--int 
--main()
--{
--  int xml_major_version, xml_minor_version, xml_micro_version;
--  int major, minor, micro;
--  char *tmp_version;
--
--  system("touch conf.xmltest");
--
--  /* Capture xml2-config output via autoconf/configure variables */
--  /* HP/UX 9 (%@#!) writes to sscanf strings */
--  tmp_version = (char *)strdup("$min_xml_version");
--  if (sscanf(tmp_version, "%d.%d.%d", &major, &minor, &micro) != 3) {
--     printf("%s, bad version string from xml2-config\n", "$min_xml_version");
--     exit(1);
--   }
--   free(tmp_version);
--
--   /* Capture the version information from the header files */
--   tmp_version = (char *)strdup(LIBXML_DOTTED_VERSION);
--   if (sscanf(tmp_version, "%d.%d.%d", &xml_major_version, &xml_minor_version, &xml_micro_version) != 3) {
--     printf("%s, bad version string from libxml includes\n", "LIBXML_DOTTED_VERSION");
--     exit(1);
--   }
--   free(tmp_version);
--
-- /* Compare xml2-config output to the libxml headers */
--  if ((xml_major_version != $xml_config_major_version) ||
--      (xml_minor_version != $xml_config_minor_version) ||
--      (xml_micro_version != $xml_config_micro_version))
--    {
--      printf("*** libxml header files (version %d.%d.%d) do not match\n",
--         xml_major_version, xml_minor_version, xml_micro_version);
--      printf("*** xml2-config (version %d.%d.%d)\n",
--         $xml_config_major_version, $xml_config_minor_version, $xml_config_micro_version);
--      return 1;
--    } 
--/* Compare the headers to the library to make sure we match */
--  /* Less than ideal -- doesn't provide us with return value feedback, 
--   * only exits if there's a serious mismatch between header and library.
--   */
--    LIBXML_TEST_VERSION;
--
--    /* Test that the library is greater than our minimum version */
--    if ((xml_major_version > major) ||
--        ((xml_major_version == major) && (xml_minor_version > minor)) ||
--        ((xml_major_version == major) && (xml_minor_version == minor) &&
--        (xml_micro_version >= micro)))
--      {
--        return 0;
--       }
--     else
--      {
--        printf("\n*** An old version of libxml (%d.%d.%d) was found.\n",
--               xml_major_version, xml_minor_version, xml_micro_version);
--        printf("*** You need a version of libxml newer than %d.%d.%d.\n",
--           major, minor, micro);
--        printf("***\n");
--        printf("*** If you have already installed a sufficiently new version, this error\n");
--        printf("*** probably means that the wrong copy of the xml2-config shell script is\n");
--        printf("*** being found. The easiest way to fix this is to remove the old version\n");
--        printf("*** of LIBXML, but you can also set the XML2_CONFIG environment to point to the\n");
--        printf("*** correct copy of xml2-config. (In this case, you will have to\n");
--        printf("*** modify your LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf\n");
--        printf("*** so that the correct libraries are found at run-time))\n");
--    }
--  return 1;
--}
--]])],, no_xml=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"])
--       CPPFLAGS="$ac_save_CPPFLAGS"
--       LIBS="$ac_save_LIBS"
--     fi
--  fi
-+AC_DEFUN([AM_PATH_XML2],[
-+  AC_REQUIRE([PKG_PROG_PKG_CONFIG])
- 
--  if test "x$no_xml" = x ; then
--     AC_MSG_RESULT(yes (version $xml_config_major_version.$xml_config_minor_version.$xml_config_micro_version))
--     ifelse([$2], , :, [$2])     
--  else
--     AC_MSG_RESULT(no)
--     if test "$XML2_CONFIG" = "no" ; then
--       echo "*** The xml2-config script installed by LIBXML could not be found"
--       echo "*** If libxml was installed in PREFIX, make sure PREFIX/bin is in"
--       echo "*** your path, or set the XML2_CONFIG environment variable to the"
--       echo "*** full path to xml2-config."
--     else
--       if test -f conf.xmltest ; then
--        :
--       else
--          echo "*** Could not run libxml test program, checking why..."
--          CPPFLAGS="$CPPFLAGS $XML_CPPFLAGS"
--          LIBS="$LIBS $XML_LIBS"
--	  AC_LINK_IFELSE(
--            [AC_LANG_PROGRAM([[
--#include <libxml/xmlversion.h>
--#include <stdio.h>
--]],    [[ LIBXML_TEST_VERSION; return 0;]])],
--        [ echo "*** The test program compiled, but did not run. This usually means"
--          echo "*** that the run-time linker is not finding LIBXML or finding the wrong"
--          echo "*** version of LIBXML. If it is not finding LIBXML, you'll need to set your"
--          echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point"
--          echo "*** to the installed location  Also, make sure you have run ldconfig if that"
--          echo "*** is required on your system"
--          echo "***"
--          echo "*** If you have an old version installed, it is best to remove it, although"
--          echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ],
--        [ echo "*** The test program failed to compile or link. See the file config.log for the"
--          echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed"
--          echo "*** or that you have moved LIBXML since it was installed. In the latter case, you"
--          echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ])
--          CPPFLAGS="$ac_save_CPPFLAGS"
--          LIBS="$ac_save_LIBS"
--       fi
--     fi
-+  verdep=ifelse([$1], [], [], [">= $1"])
-+  PKG_CHECK_MODULES(XML, [libxml-2.0 $verdep], [$2], [$3])
- 
--     XML_CPPFLAGS=""
--     XML_LIBS=""
--     ifelse([$3], , :, [$3])
--  fi
-+  XML_CPPFLAGS=$XML_CFLAGS
-   AC_SUBST(XML_CPPFLAGS)
--  AC_SUBST(XML_LIBS)
--  rm -f conf.xmltest
- ])
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-core/libxml/libxml2_2.10.4.bb b/poky/meta/recipes-core/libxml/libxml2_2.11.4.bb
similarity index 91%
rename from poky/meta/recipes-core/libxml/libxml2_2.10.4.bb
rename to poky/meta/recipes-core/libxml/libxml2_2.11.4.bb
index 4f3b170..cbf2050 100644
--- a/poky/meta/recipes-core/libxml/libxml2_2.10.4.bb
+++ b/poky/meta/recipes-core/libxml/libxml2_2.11.4.bb
@@ -15,21 +15,14 @@
 
 SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testtar \
            file://run-ptest \
-           file://libxml-64bit.patch \
-           file://fix-tests.patch \
            file://install-tests.patch \
-           file://libxml-m4-use-pkgconfig.patch \
            "
 
-SRC_URI[archive.sha256sum] = "ed0c91c5845008f1936739e4eee2035531c1c94742c6541f44ee66d885948d45"
+SRC_URI[archive.sha256sum] = "737e1d7f8ab3f139729ca13a2494fd17bf30ddb4b7a427cf336252cab57f57f7"
 SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273"
 
 BINCONFIG = "${bindir}/xml2-config"
 
-# Fixed since 2.9.11 via
-# https://gitlab.gnome.org/GNOME/libxml2/-/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f
-CVE_CHECK_IGNORE += "CVE-2016-3709"
-
 PACKAGECONFIG ??= "python \
     ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
 "
diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb
deleted file mode 100644
index 079f062..0000000
--- a/poky/meta/recipes-core/meta/cve-update-db-native.bb
+++ /dev/null
@@ -1,288 +0,0 @@
-SUMMARY = "Updates the NVD CVE database"
-LICENSE = "MIT"
-
-INHIBIT_DEFAULT_DEPS = "1"
-
-inherit native
-
-deltask do_unpack
-deltask do_patch
-deltask do_configure
-deltask do_compile
-deltask do_install
-deltask do_populate_sysroot
-
-NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"
-# CVE database update interval, in seconds. By default: once a day (24*60*60).
-# Use 0 to force the update
-# Use a negative value to skip the update
-CVE_DB_UPDATE_INTERVAL ?= "86400"
-
-# Timeout for blocking socket operations, such as the connection attempt.
-CVE_SOCKET_TIMEOUT ?= "60"
-
-CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_1.1.db"
-
-python () {
-    if not bb.data.inherits_class("cve-check", d):
-        raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
-}
-
-python do_fetch() {
-    """
-    Update NVD database with json data feed
-    """
-    import bb.utils
-    import bb.progress
-    import shutil
-
-    bb.utils.export_proxies(d)
-
-    db_file = d.getVar("CVE_CHECK_DB_FILE")
-    db_dir = os.path.dirname(db_file)
-    db_tmp_file = d.getVar("CVE_DB_TEMP_FILE")
-
-    cleanup_db_download(db_file, db_tmp_file)
-
-    # The NVD database changes once a day, so no need to update more frequently
-    # Allow the user to force-update
-    try:
-        import time
-        update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
-        if update_interval < 0:
-            bb.note("CVE database update skipped")
-            return
-        if time.time() - os.path.getmtime(db_file) < update_interval:
-            bb.debug(2, "Recently updated, skipping")
-            return
-
-    except OSError:
-        pass
-
-    bb.utils.mkdirhier(db_dir)
-    if os.path.exists(db_file):
-        shutil.copy2(db_file, db_tmp_file)
-
-    if update_db_file(db_tmp_file, d) == True:
-        # Update downloaded correctly, can swap files
-        shutil.move(db_tmp_file, db_file)
-    else:
-        # Update failed, do not modify the database
-        bb.note("CVE database update failed")
-        os.remove(db_tmp_file)
-}
-
-do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
-do_fetch[file-checksums] = ""
-do_fetch[vardeps] = ""
-
-def cleanup_db_download(db_file, db_tmp_file):
-    """
-    Cleanup the download space from possible failed downloads
-    """
-
-    # Clean up the updates done on the main file
-    # Remove it only if a journal file exists - it means a complete re-download
-    if os.path.exists("{0}-journal".format(db_file)):
-        # If a journal is present the last update might have been interrupted. In that case,
-        # just wipe any leftovers and force the DB to be recreated.
-        os.remove("{0}-journal".format(db_file))
-
-        if os.path.exists(db_file):
-            os.remove(db_file)
-
-    # Clean-up the temporary file downloads, we can remove both journal
-    # and the temporary database
-    if os.path.exists("{0}-journal".format(db_tmp_file)):
-        # If a journal is present the last update might have been interrupted. In that case,
-        # just wipe any leftovers and force the DB to be recreated.
-        os.remove("{0}-journal".format(db_tmp_file))
-
-    if os.path.exists(db_tmp_file):
-        os.remove(db_tmp_file)
-
-def update_db_file(db_tmp_file, d):
-    """
-    Update the given database file
-    """
-    import bb.utils, bb.progress
-    from datetime import date
-    import urllib, gzip, sqlite3
-
-    YEAR_START = 2002
-    cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT"))
-
-    # Connect to database
-    conn = sqlite3.connect(db_tmp_file)
-    initialize_db(conn)
-
-    with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f:
-        total_years = date.today().year + 1 - YEAR_START
-        for i, year in enumerate(range(YEAR_START, date.today().year + 1)):
-            bb.debug(2, "Updating %d" % year)
-            ph.update((float(i + 1) / total_years) * 100)
-            year_url = (d.getVar('NVDCVE_URL')) + str(year)
-            meta_url = year_url + ".meta"
-            json_url = year_url + ".json.gz"
-
-            # Retrieve meta last modified date
-            try:
-                response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout)
-            except urllib.error.URLError as e:
-                cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n')
-                bb.warn("Failed to fetch CVE data (%s)" % e.reason)
-                return False
-
-            if response:
-                for l in response.read().decode("utf-8").splitlines():
-                    key, value = l.split(":", 1)
-                    if key == "lastModifiedDate":
-                        last_modified = value
-                        break
-                else:
-                    bb.warn("Cannot parse CVE metadata, update failed")
-                    return False
-
-            # Compare with current db last modified date
-            cursor = conn.execute("select DATE from META where YEAR = ?", (year,))
-            meta = cursor.fetchone()
-            cursor.close()
-
-            if not meta or meta[0] != last_modified:
-                bb.debug(2, "Updating entries")
-                # Clear products table entries corresponding to current year
-                conn.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)).close()
-
-                # Update db with current year json file
-                try:
-                    response = urllib.request.urlopen(json_url, timeout=cve_socket_timeout)
-                    if response:
-                        update_db(conn, gzip.decompress(response.read()).decode('utf-8'))
-                    conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close()
-                except urllib.error.URLError as e:
-                    cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
-                    bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
-                    return False
-            else:
-                bb.debug(2, "Already up to date (last modified %s)" % last_modified)
-            # Update success, set the date to cve_check file.
-            if year == date.today().year:
-                cve_f.write('CVE database update : %s\n\n' % date.today())
-
-        conn.commit()
-        conn.close()
-        return True
-
-def initialize_db(conn):
-    with conn:
-        c = conn.cursor()
-
-        c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
-
-        c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
-            SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
-
-        c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
-            VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
-            VERSION_END TEXT, OPERATOR_END TEXT)")
-        c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);")
-
-        c.close()
-
-def parse_node_and_insert(conn, node, cveId):
-    # Parse children node if needed
-    for child in node.get('children', ()):
-        parse_node_and_insert(conn, child, cveId)
-
-    def cpe_generator():
-        for cpe in node.get('cpe_match', ()):
-            if not cpe['vulnerable']:
-                return
-            cpe23 = cpe.get('cpe23Uri')
-            if not cpe23:
-                return
-            cpe23 = cpe23.split(':')
-            if len(cpe23) < 6:
-                return
-            vendor = cpe23[3]
-            product = cpe23[4]
-            version = cpe23[5]
-
-            if cpe23[6] == '*' or cpe23[6] == '-':
-                version_suffix = ""
-            else:
-                version_suffix = "_" + cpe23[6]
-
-            if version != '*' and version != '-':
-                # Version is defined, this is a '=' match
-                yield [cveId, vendor, product, version + version_suffix, '=', '', '']
-            elif version == '-':
-                # no version information is available
-                yield [cveId, vendor, product, version, '', '', '']
-            else:
-                # Parse start version, end version and operators
-                op_start = ''
-                op_end = ''
-                v_start = ''
-                v_end = ''
-
-                if 'versionStartIncluding' in cpe:
-                    op_start = '>='
-                    v_start = cpe['versionStartIncluding']
-
-                if 'versionStartExcluding' in cpe:
-                    op_start = '>'
-                    v_start = cpe['versionStartExcluding']
-
-                if 'versionEndIncluding' in cpe:
-                    op_end = '<='
-                    v_end = cpe['versionEndIncluding']
-
-                if 'versionEndExcluding' in cpe:
-                    op_end = '<'
-                    v_end = cpe['versionEndExcluding']
-
-                if op_start or op_end or v_start or v_end:
-                    yield [cveId, vendor, product, v_start, op_start, v_end, op_end]
-                else:
-                    # This is no version information, expressed differently.
-                    # Save processing by representing as -.
-                    yield [cveId, vendor, product, '-', '', '', '']
-
-    conn.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()).close()
-
-def update_db(conn, jsondata):
-    import json
-    root = json.loads(jsondata)
-
-    for elt in root['CVE_Items']:
-        if not elt['impact']:
-            continue
-
-        accessVector = None
-        cveId = elt['cve']['CVE_data_meta']['ID']
-        cveDesc = elt['cve']['description']['description_data'][0]['value']
-        date = elt['lastModifiedDate']
-        try:
-            accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
-            cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
-        except KeyError:
-            cvssv2 = 0.0
-        try:
-            accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
-            cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
-        except KeyError:
-            accessVector = accessVector or "UNKNOWN"
-            cvssv3 = 0.0
-
-        conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
-                [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close()
-
-        configurations = elt['configurations']['nodes']
-        for config in configurations:
-            parse_node_and_insert(conn, config, cveId)
-
-
-do_fetch[nostamp] = "1"
-
-EXCLUDE_FROM_WORLD = "1"
diff --git a/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb b/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 2b58598..2f7dad7 100644
--- a/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -17,6 +17,10 @@
 
 NVDCVE_URL ?= "https://services.nvd.nist.gov/rest/json/cves/2.0"
 
+# If you have a NVD API key (https://nvd.nist.gov/developers/request-an-api-key)
+# then setting this to get higher rate limits.
+NVDCVE_API_KEY ?= ""
+
 # CVE database update interval, in seconds. By default: once a day (24*60*60).
 # Use 0 to force the update
 # Use a negative value to skip the update
@@ -119,18 +123,16 @@
     import urllib.parse
     import gzip
     import http
+    import time
 
-    headers = {}
+    request = urllib.request.Request(url + "?" + urllib.parse.urlencode(args))
     if api_key:
-        headers['apiKey'] = api_key
+        request.add_header("apiKey", api_key)
+    bb.note("Requesting %s" % request.full_url)
 
-    data = urllib.parse.urlencode(args)
-
-    full_request = url + '?' + data
-
-    for attempt in range(3):
+    for attempt in range(5):
         try:
-            r = urllib.request.urlopen(full_request)
+            r = urllib.request.urlopen(request)
 
             if (r.headers['content-encoding'] == 'gzip'):
                 buf = r.read()
@@ -140,13 +142,9 @@
 
             r.close()
 
-        except UnicodeDecodeError:
-            # Received garbage, retry
-            bb.debug(2, "CVE database: received malformed data, retrying (request: %s)" %(full_request))
-            pass
-        except http.client.IncompleteRead:
-            # Read incomplete, let's try again
-            bb.debug(2, "CVE database: received incomplete data, retrying (request: %s)" %(full_request))
+        except Exception as e:
+            bb.note("CVE database: received error (%s), retrying" % (e))
+            time.sleep(6)
             pass
         else:
             return raw_data
@@ -172,11 +170,11 @@
     # The maximum range for time is 120 days
     # Force a complete update if our range is longer
     if (database_time != 0):
-        database_date = datetime.datetime.combine(datetime.date.fromtimestamp(database_time), datetime.time())
-        today_date = datetime.datetime.combine(datetime.date.today(), datetime.time())
+        database_date = datetime.datetime.fromtimestamp(database_time, tz=datetime.timezone.utc)
+        today_date = datetime.datetime.now(tz=datetime.timezone.utc)
         delta = today_date - database_date
         if delta.days < 120:
-            bb.debug(2, "CVE database: performing partial update")
+            bb.note("CVE database: performing partial update")
             req_args['lastModStartDate'] = database_date.isoformat()
             req_args['lastModEndDate'] = today_date.isoformat()
         else:
@@ -184,12 +182,14 @@
 
     with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f:
 
-        bb.debug(2, "Updating entries")
+        bb.note("Updating entries")
         index = 0
         url = d.getVar("NVDCVE_URL")
+        api_key = d.getVar("NVDCVE_API_KEY") or None
+
         while True:
             req_args['startIndex'] = index
-            raw_data = nvd_request_next(url, None, req_args)
+            raw_data = nvd_request_next(url, api_key, req_args)
             if raw_data is None:
                 # We haven't managed to download data
                 return False
@@ -199,7 +199,7 @@
             index = data["startIndex"]
             total = data["totalResults"]
             per_page = data["resultsPerPage"]
-
+            bb.note("Got %d entries" % per_page)
             for cve in data["vulnerabilities"]:
                update_db(conn, cve)
 
@@ -312,22 +312,30 @@
         cvssv2 = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['baseScore']
     except KeyError:
         cvssv2 = 0.0
+    cvssv3 = None
     try:
-        accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector']
-        cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
+        accessVector = accessVector or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['attackVector']
+        cvssv3 = elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['baseScore']
     except KeyError:
-        accessVector = accessVector or "UNKNOWN"
-        cvssv3 = 0.0
+        pass
+    try:
+        accessVector = accessVector or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['attackVector']
+        cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore']
+    except KeyError:
+        pass
+    accessVector = accessVector or "UNKNOWN"
+    cvssv3 = cvssv3 or 0.0
 
     conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
                 [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close()
 
     try:
-        configurations = elt['cve']['configurations'][0]['nodes']
-        for config in configurations:
-            parse_node_and_insert(conn, config, cveId)
+        for config in elt['cve']['configurations']:
+            # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing
+            for node in config["nodes"]:
+                parse_node_and_insert(conn, node, cveId)
     except KeyError:
-        bb.debug(2, "Entry without a configuration")
+        bb.note("CVE %s has no configurations" % cveId)
 
 do_fetch[nostamp] = "1"
 
diff --git a/poky/meta/recipes-core/musl/musl_git.bb b/poky/meta/recipes-core/musl/musl_git.bb
index 7c8434f..b4c2b1f 100644
--- a/poky/meta/recipes-core/musl/musl_git.bb
+++ b/poky/meta/recipes-core/musl/musl_git.bb
@@ -4,7 +4,7 @@
 require musl.inc
 inherit linuxloader
 
-SRCREV = "f5f55d6589940fd2c2188d76686efe3a530e64e0"
+SRCREV = "718f363bc2067b6487900eddc9180c84e7739f80"
 
 BASEVER = "1.2.4"
 
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
index 0c3df4f..490d9e8 100644
--- a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
+++ b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
@@ -1,7 +1,7 @@
-From 1125f5a02c2f327aeffe2d6b66a9d816ad2eeec0 Mon Sep 17 00:00:00 2001
+From d8df6b6433351763e1db791dd84d432983d2b249 Mon Sep 17 00:00:00 2001
 From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
 Date: Thu, 9 Jun 2016 02:23:01 -0700
-Subject: [PATCH 1/6] ovmf: update path to native BaseTools
+Subject: [PATCH 1/4] ovmf: update path to native BaseTools
 
 BaseTools is a set of utilities to build EDK-based firmware. These utilities
 are used during the build process. Thus, they need to be built natively.
@@ -16,7 +16,7 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/OvmfPkg/build.sh b/OvmfPkg/build.sh
-index 91b1442ade..1858dae31a 100755
+index b0334fb76e..094f86f096 100755
 --- a/OvmfPkg/build.sh
 +++ b/OvmfPkg/build.sh
 @@ -24,7 +24,7 @@ then
@@ -29,5 +29,5 @@
    source edksetup.sh BaseTools
  else
 -- 
-2.32.0
+2.30.2
 
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
index 2293d7e..efabc8f 100644
--- a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
+++ b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
@@ -1,7 +1,7 @@
-From 19d4c7f9812062a683b3ba60b35aac0461190456 Mon Sep 17 00:00:00 2001
+From 7675a67b8bb207de38ff5a9dc416e8b1028eb8ce Mon Sep 17 00:00:00 2001
 From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
 Date: Fri, 26 Jul 2019 17:34:26 -0400
-Subject: [PATCH 2/6] BaseTools: makefile: adjust to build in under bitbake
+Subject: [PATCH 2/4] BaseTools: makefile: adjust to build in under bitbake
 
 Prepend the build flags with those of bitbake. This is to build
 using the bitbake native sysroot include and library directories.
@@ -14,58 +14,56 @@
 Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com>
 Upstream-Status: Inappropriate [needs to be converted to in-recipe fixups]
 ---
- BaseTools/Source/C/Makefiles/header.makefile | 17 +++++++++--------
- 1 file changed, 9 insertions(+), 8 deletions(-)
+ BaseTools/Source/C/Makefiles/header.makefile | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
 
 diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile
-index 0df728f327..1299d47c87 100644
+index 1bf003523b..28757aed63 100644
 --- a/BaseTools/Source/C/Makefiles/header.makefile
 +++ b/BaseTools/Source/C/Makefiles/header.makefile
-@@ -75,35 +75,36 @@ $(error Bad HOST_ARCH)
+@@ -82,35 +82,34 @@ $(error Bad HOST_ARCH)
  endif

  

  INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE)

--BUILD_CPPFLAGS = $(INCLUDE)

-+BUILD_CPPFLAGS += $(INCLUDE)

+-CPPFLAGS = $(INCLUDE)

++CPPFLAGS += $(INCLUDE)

  

  # keep EXTRA_OPTFLAGS last

  BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS)

  

  ifeq ($(DARWIN),Darwin)

  # assume clang or clang compatible flags on OS X

--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \

-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \

+-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \

++CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \

  -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g

  else

- ifeq ($(CXX), llvm)

--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \

-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \

+ ifneq ($(CLANG),)

+-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \

++CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \

  -fno-delete-null-pointer-checks -Wall -Werror \

  -Wno-deprecated-declarations -Wno-self-assign \

  -Wno-unused-result -nostdlib -g

  else

--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \

-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \

+-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \

++CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \

  -fno-delete-null-pointer-checks -Wall -Werror \

  -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \

  -Wno-unused-result -nostdlib -g

  endif

  endif

- ifeq ($(CXX), llvm)

--BUILD_LFLAGS =

--BUILD_CXXFLAGS = -Wno-deprecated-register -Wno-unused-result

-+BUILD_LFLAGS = $(LDFLAGS)

-+BUILD_CXXFLAGS += -Wno-deprecated-register -Wno-unused-result

+ ifneq ($(CLANG),)

+-LDFLAGS =

+-CXXFLAGS = -Wno-deprecated-register -Wno-unused-result -std=c++14

++CXXFLAGS += -Wno-deprecated-register -Wno-unused-result -std=c++14

  else

--BUILD_LFLAGS =

--BUILD_CXXFLAGS = -Wno-unused-result

-+BUILD_LFLAGS = $(LDFLAGS)

-+BUILD_CXXFLAGS += -Wno-unused-result

+-LDFLAGS =

+-CXXFLAGS = -Wno-unused-result

++CXXFLAGS += -Wno-unused-result

  endif

 +

  ifeq ($(HOST_ARCH), IA32)

  #

  # Snow Leopard  is a 32-bit and 64-bit environment. uname -m returns i386, but gcc defaults

 -- 
-2.32.0
+2.30.2
 
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0005-debug-prefix-map.patch b/poky/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch
similarity index 87%
rename from poky/meta/recipes-core/ovmf/ovmf/0005-debug-prefix-map.patch
rename to poky/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch
index 7adc454..c0c763c 100644
--- a/poky/meta/recipes-core/ovmf/ovmf/0005-debug-prefix-map.patch
+++ b/poky/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch
@@ -1,7 +1,7 @@
-From cf6361f27cd6318622fd58ab6c0a9407cc633b1e Mon Sep 17 00:00:00 2001
+From 03e536b20d0b72cf078052f6748de8df3836625c Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Mon, 14 Jun 2021 19:56:28 +0200
-Subject: [PATCH] debug prefix map
+Subject: [PATCH 3/4] debug prefix map
 
 We want to pass ${DEBUG_PREFIX_MAP} to gcc commands and also pass in
  --debug-prefix-map to nasm (we carry a patch to nasm for this). The
@@ -22,10 +22,10 @@
  1 file changed, 9 insertions(+), 9 deletions(-)
 
 diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
-index 471eb67c0c..a16fb5c9f1 100755
+index 503a6687c1..10ac38ef9e 100755
 --- a/BaseTools/Conf/tools_def.template
 +++ b/BaseTools/Conf/tools_def.template
-@@ -1849,7 +1849,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG     = --add-gnu-debuglink=$(DEBUG_DIR)/$(MODULE_N
+@@ -739,7 +739,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG     = --add-gnu-debuglink="$(DEBUG_DIR)/$(MODULE_
  *_*_*_DTCPP_PATH                   = DEF(DTCPP_BIN)

  *_*_*_DTC_PATH                     = DEF(DTC_BIN)

  

@@ -34,7 +34,7 @@
  DEFINE GCC_ARM_CC_FLAGS            = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -fno-pic -fno-pie

  DEFINE GCC_LOONGARCH64_CC_FLAGS    = DEF(GCC_ALL_CC_FLAGS) -mabi=lp64d -fno-asynchronous-unwind-tables -fno-plt -Wno-address -fno-short-enums -fsigned-char -ffunction-sections -fdata-sections

  DEFINE GCC_ARM_CC_XIPFLAGS         = -mno-unaligned-access

-@@ -1869,8 +1869,8 @@ DEFINE GCC_ARM_ASLDLINK_FLAGS      = DEF(GCC_ARM_DLINK_FLAGS) -Wl,--entry,Refere
+@@ -759,8 +759,8 @@ DEFINE GCC_ARM_ASLDLINK_FLAGS      = DEF(GCC_ARM_DLINK_FLAGS) -Wl,--entry,Refere
  DEFINE GCC_AARCH64_ASLDLINK_FLAGS  = DEF(GCC_AARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT) DEF(GCC_ARM_AARCH64_ASLDLINK_FLAGS)

  DEFINE GCC_LOONGARCH64_ASLDLINK_FLAGS = DEF(GCC_LOONGARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT)

  DEFINE GCC_IA32_X64_DLINK_FLAGS    = DEF(GCC_IA32_X64_DLINK_COMMON) --entry _$(IMAGE_ENTRY_POINT) --file-alignment 0x20 --section-alignment 0x20 -Map $(DEST_DIR_DEBUG)/$(BASE_NAME).map

@@ -45,7 +45,7 @@
  DEFINE GCC_VFRPP_FLAGS             = -x c -E -P -DVFRCOMPILE --include $(MODULE_NAME)StrDefs.h

  DEFINE GCC_ASLPP_FLAGS             = -x c -E -include AutoGen.h

  DEFINE GCC_ASLCC_FLAGS             = -x c

-@@ -2022,7 +2022,7 @@ DEFINE GCC5_LOONGARCH64_PP_FLAGS           = -mabi=lp64d -march=loongarch64 DEF(
+@@ -913,7 +913,7 @@ DEFINE GCC5_LOONGARCH64_PP_FLAGS           = -mabi=lp64d -march=loongarch64 DEF(
  *_GCC48_IA32_DLINK2_FLAGS         = DEF(GCC48_IA32_DLINK2_FLAGS)

  *_GCC48_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)

  *_GCC48_IA32_OBJCOPY_FLAGS        =

@@ -54,7 +54,7 @@
  

    DEBUG_GCC48_IA32_CC_FLAGS       = DEF(GCC48_IA32_CC_FLAGS)

  RELEASE_GCC48_IA32_CC_FLAGS       = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set-variable

-@@ -2050,7 +2050,7 @@ RELEASE_GCC48_IA32_CC_FLAGS       = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set
+@@ -941,7 +941,7 @@ RELEASE_GCC48_IA32_CC_FLAGS       = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set
  *_GCC48_X64_DLINK2_FLAGS         = DEF(GCC48_X64_DLINK2_FLAGS)

  *_GCC48_X64_RC_FLAGS             = DEF(GCC_X64_RC_FLAGS)

  *_GCC48_X64_OBJCOPY_FLAGS        =

@@ -63,7 +63,7 @@
  

    DEBUG_GCC48_X64_CC_FLAGS       = DEF(GCC48_X64_CC_FLAGS)

  RELEASE_GCC48_X64_CC_FLAGS       = DEF(GCC48_X64_CC_FLAGS) -Wno-unused-but-set-variable

-@@ -2159,7 +2159,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS   = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
+@@ -1050,7 +1050,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS   = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
  *_GCC49_IA32_DLINK2_FLAGS         = DEF(GCC49_IA32_DLINK2_FLAGS)

  *_GCC49_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)

  *_GCC49_IA32_OBJCOPY_FLAGS        =

@@ -72,7 +72,7 @@
  

    DEBUG_GCC49_IA32_CC_FLAGS       = DEF(GCC49_IA32_CC_FLAGS)

  RELEASE_GCC49_IA32_CC_FLAGS       = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable

-@@ -2187,7 +2187,7 @@ RELEASE_GCC49_IA32_CC_FLAGS       = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set
+@@ -1078,7 +1078,7 @@ RELEASE_GCC49_IA32_CC_FLAGS       = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set
  *_GCC49_X64_DLINK2_FLAGS         = DEF(GCC49_X64_DLINK2_FLAGS)

  *_GCC49_X64_RC_FLAGS             = DEF(GCC_X64_RC_FLAGS)

  *_GCC49_X64_OBJCOPY_FLAGS        =

@@ -81,7 +81,7 @@
  

    DEBUG_GCC49_X64_CC_FLAGS       = DEF(GCC49_X64_CC_FLAGS)

  RELEASE_GCC49_X64_CC_FLAGS       = DEF(GCC49_X64_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable

-@@ -2302,7 +2302,7 @@ RELEASE_GCC49_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
+@@ -1337,7 +1337,7 @@ RELEASE_GCCNOLTO_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
  *_GCC5_IA32_DLINK2_FLAGS         = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie

  *_GCC5_IA32_RC_FLAGS             = DEF(GCC_IA32_RC_FLAGS)

  *_GCC5_IA32_OBJCOPY_FLAGS        =

@@ -90,7 +90,7 @@
  

    DEBUG_GCC5_IA32_CC_FLAGS       = DEF(GCC5_IA32_CC_FLAGS) -flto

    DEBUG_GCC5_IA32_DLINK_FLAGS    = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,-m,elf_i386,--oformat=elf32-i386

-@@ -2334,7 +2334,7 @@ RELEASE_GCC5_IA32_DLINK_FLAGS    = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
+@@ -1369,7 +1369,7 @@ RELEASE_GCC5_IA32_DLINK_FLAGS    = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
  *_GCC5_X64_DLINK2_FLAGS          = DEF(GCC5_X64_DLINK2_FLAGS)

  *_GCC5_X64_RC_FLAGS              = DEF(GCC_X64_RC_FLAGS)

  *_GCC5_X64_OBJCOPY_FLAGS         =

diff --git a/poky/meta/recipes-core/ovmf/ovmf/0006-reproducible.patch b/poky/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch
similarity index 90%
rename from poky/meta/recipes-core/ovmf/ovmf/0006-reproducible.patch
rename to poky/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch
index 846f408..c3fdc3d 100644
--- a/poky/meta/recipes-core/ovmf/ovmf/0006-reproducible.patch
+++ b/poky/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch
@@ -1,7 +1,7 @@
-From 27ed9962f5cb3afcc44d6c96c53277132a999712 Mon Sep 17 00:00:00 2001
+From c59850367a190d70dec43e0a66f399a4d8a5ffed Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Mon, 14 Jun 2021 19:57:30 +0200
-Subject: [PATCH 6/6] reproducible
+Subject: [PATCH 4/4] reproducible
 
 This patch fixes various things which make the build more reproducible. Some changes
 here only change intermediate artefacts but that means when you have two build trees
@@ -35,10 +35,10 @@
  4 files changed, 24 insertions(+), 16 deletions(-)
 
 diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c
-index d097db8632..a87ae6f3d0 100644
+index 9c17c90b16..fcc7864141 100644
 --- a/BaseTools/Source/C/GenFw/Elf64Convert.c
 +++ b/BaseTools/Source/C/GenFw/Elf64Convert.c
-@@ -14,6 +14,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
+@@ -15,6 +15,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
  #ifndef __GNUC__

  #include <windows.h>

  #include <io.h>

@@ -47,35 +47,35 @@
  #endif

  #include <assert.h>

  #include <stdio.h>

-@@ -769,7 +771,7 @@ ScanSections64 (
+@@ -990,7 +992,7 @@ ScanSections64 (
    }

    mCoffOffset = mDebugOffset + sizeof(EFI_IMAGE_DEBUG_DIRECTORY_ENTRY) +

                  sizeof(EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY) +

 -                strlen(mInImageName) + 1;

 +                strlen(basename(mInImageName)) + 1;

  

-   mCoffOffset = CoffAlign(mCoffOffset);

-   if (SectionCount == 0) {

-@@ -1608,7 +1610,7 @@ WriteDebug64 (
-   EFI_IMAGE_DEBUG_DIRECTORY_ENTRY     *Dir;

-   EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY *Nb10;

+   //

+   // Add more space in the .debug data region for the DllCharacteristicsEx

+@@ -2261,7 +2263,7 @@ WriteDebug64 (
+   EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY         *Nb10;

+   EFI_IMAGE_DEBUG_EX_DLLCHARACTERISTICS_ENTRY *DllEntry;

  

 -  Len = strlen(mInImageName) + 1;

 +  Len = strlen(basename(mInImageName)) + 1;

  

-   Dir = (EFI_IMAGE_DEBUG_DIRECTORY_ENTRY*)(mCoffFile + mDebugOffset);

-   Dir->Type = EFI_IMAGE_DEBUG_TYPE_CODEVIEW;

-@@ -1618,7 +1620,7 @@ WriteDebug64 (
+   NtHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)(mCoffFile + mNtHdrOffset);

+   DataDir = &NtHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_DEBUG];

+@@ -2294,7 +2296,7 @@ WriteDebug64 (
  

    Nb10 = (EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY*)(Dir + 1);

    Nb10->Signature = CODEVIEW_SIGNATURE_NB10;

 -  strcpy ((char *)(Nb10 + 1), mInImageName);

 +  strcpy ((char *)(Nb10 + 1), basename(mInImageName));

+ }

  

- 

-   NtHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)(mCoffFile + mNtHdrOffset);

+ STATIC

 diff --git a/BaseTools/Source/Python/AutoGen/BuildEngine.py b/BaseTools/Source/Python/AutoGen/BuildEngine.py
-index 722fead75a..8f1c236970 100644
+index 752a1a1f6a..02054cccf8 100644
 --- a/BaseTools/Source/Python/AutoGen/BuildEngine.py
 +++ b/BaseTools/Source/Python/AutoGen/BuildEngine.py
 @@ -70,6 +70,9 @@ class TargetDescBlock(object):
@@ -89,7 +89,7 @@
          if Input not in self.Inputs:

              self.Inputs.append(Input)

 diff --git a/BaseTools/Source/Python/AutoGen/GenMake.py b/BaseTools/Source/Python/AutoGen/GenMake.py
-index 961b2ab1c3..23c1592025 100755
+index daec9c6d54..0e8cc20efe 100755
 --- a/BaseTools/Source/Python/AutoGen/GenMake.py
 +++ b/BaseTools/Source/Python/AutoGen/GenMake.py
 @@ -575,7 +575,7 @@ cleanlib:
@@ -153,10 +153,10 @@
                  if T.GenFileListMacro and T.FileListMacro not in self.FileListMacros:

                      self.FileListMacros[T.FileListMacro] = []

 diff --git a/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py b/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
-index d70b0d7ae8..25dca9a6df 100755
+index d05410b329..99b3f64aba 100755
 --- a/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
 +++ b/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
-@@ -1484,6 +1484,9 @@ class ModuleAutoGen(AutoGen):
+@@ -1474,6 +1474,9 @@ class ModuleAutoGen(AutoGen):
              for File in Files:

                  if File.lower().endswith('.pdb'):

                      AsBuiltInfDict['binary_item'].append('DISPOSABLE|' + File)

@@ -166,7 +166,7 @@
          HeaderComments = self.Module.HeaderComments

          StartPos = 0

          for Index in range(len(HeaderComments)):

-@@ -1759,7 +1762,7 @@ class ModuleAutoGen(AutoGen):
+@@ -1749,7 +1752,7 @@ class ModuleAutoGen(AutoGen):
              if os.path.exists (self.TimeStampPath):

                  os.remove (self.TimeStampPath)

  

@@ -176,5 +176,5 @@
          # Ignore generating makefile when it is a binary module

          if self.IsBinaryModule:

 -- 
-2.32.0
+2.30.2
 
diff --git a/poky/meta/recipes-core/ovmf/ovmf_git.bb b/poky/meta/recipes-core/ovmf/ovmf_git.bb
index bd92c5d..761c265 100644
--- a/poky/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/poky/meta/recipes-core/ovmf/ovmf_git.bb
@@ -22,12 +22,12 @@
 SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \
            file://0001-ovmf-update-path-to-native-BaseTools.patch \
            file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \
-           file://0005-debug-prefix-map.patch \
-           file://0006-reproducible.patch \
+           file://0003-debug-prefix-map.patch \
+           file://0004-reproducible.patch \
            "
 
-PV = "edk2-stable202302"
-SRCREV = "f80f052277c88a67c55e107b550f504eeea947d3"
+PV = "edk2-stable202305"
+SRCREV = "ba91d0292e593df8528b66f99c1b0b14fadc8e16"
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)"
 
 inherit deploy
diff --git a/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl b/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl
index 514f747..7fe751b 100755
--- a/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl
+++ b/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl
@@ -202,7 +202,7 @@
         try:
             for dependent in config.get('Install', prop):
                 # expand any %i to instance (ignoring escape sequence %%)
-                dependent = re.sub("([^%](%%)*)%i", "\\1{}".format(instance), dependent)
+                dependent = re.sub("([^%](%%)*)%i", "\\g<1>{}".format(instance), dependent)
                 wants = systemdir / "{}.{}".format(dependent, dirstem) / service
                 add_link(wants, target)
 
diff --git a/poky/meta/recipes-core/systemd/systemd_253.3.bb b/poky/meta/recipes-core/systemd/systemd_253.3.bb
index 87fbf6f..cf0e17f 100644
--- a/poky/meta/recipes-core/systemd/systemd_253.3.bb
+++ b/poky/meta/recipes-core/systemd/systemd_253.3.bb
@@ -834,6 +834,3 @@
 pkg_prerm:udev-hwdb () {
 	rm -f $D${sysconfdir}/udev/hwdb.bin
 }
-
-# This was also fixed in 252.4 with 9b75a3d0
-CVE_CHECK_IGNORE += "CVE-2022-4415"
diff --git a/poky/meta/recipes-core/udev/eudev_3.2.12.bb b/poky/meta/recipes-core/udev/eudev_3.2.12.bb
index 572ccec..4268bcc 100644
--- a/poky/meta/recipes-core/udev/eudev_3.2.12.bb
+++ b/poky/meta/recipes-core/udev/eudev_3.2.12.bb
@@ -18,7 +18,7 @@
 
 GITHUB_BASE_URI = "https://github.com/eudev-project/eudev/releases"
 
-inherit autotools update-rc.d qemu pkgconfig features_check manpages github-releases
+inherit autotools update-rc.d qemu pkgconfig features_check manpages github-releases useradd
 
 CONFLICT_DISTRO_FEATURES = "systemd"
 
@@ -85,3 +85,6 @@
 pkg_prerm:${PN}-hwdb () {
 	rm -f $D${sysconfdir}/udev/hwdb.bin
 }
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM:${PN} = "-r sgx"
diff --git a/poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb b/poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb
index 9ea7a04..c814055 100644
--- a/poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb
+++ b/poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb
@@ -234,6 +234,8 @@
 ALTERNATIVE_LINK_NAME[hexdump] = "${bindir}/hexdump"
 ALTERNATIVE_LINK_NAME[hwclock] = "${base_sbindir}/hwclock"
 ALTERNATIVE_LINK_NAME[ionice] = "${bindir}/ionice"
+ALTERNATIVE_LINK_NAME[ipcrm] = "${bindir}/ipcrm"
+ALTERNATIVE_LINK_NAME[ipcs] = "${bindir}/ipcs"
 ALTERNATIVE_LINK_NAME[kill] = "${base_bindir}/kill"
 ALTERNATIVE:${PN}-last = "last lastb"
 ALTERNATIVE_LINK_NAME[last] = "${bindir}/last"
diff --git a/poky/meta/recipes-devtools/automake/automake/buildtest.patch b/poky/meta/recipes-devtools/automake/automake/buildtest.patch
index b88b9e8..c43a4ac 100644
--- a/poky/meta/recipes-devtools/automake/automake/buildtest.patch
+++ b/poky/meta/recipes-devtools/automake/automake/buildtest.patch
@@ -36,7 +36,7 @@
 -check-TESTS: $(TESTS)
 +AM_RECURSIVE_TARGETS += buildtest runtest
 +
-+buildtest-TESTS: $(TESTS)
++buildtest-TESTS: $(TESTS) $(check_PROGRAMS)
 +
 +check-TESTS: buildtest-TESTS
 +	$(MAKE) $(AM_MAKEFLAGS) runtest-TESTS
diff --git a/poky/meta/recipes-devtools/ccache/ccache_4.8.1.bb b/poky/meta/recipes-devtools/ccache/ccache_4.8.2.bb
similarity index 82%
rename from poky/meta/recipes-devtools/ccache/ccache_4.8.1.bb
rename to poky/meta/recipes-devtools/ccache/ccache_4.8.2.bb
index b0ae7fb..22a6b38 100644
--- a/poky/meta/recipes-devtools/ccache/ccache_4.8.1.bb
+++ b/poky/meta/recipes-devtools/ccache/ccache_4.8.2.bb
@@ -7,14 +7,14 @@
 SECTION = "devel"
 
 LICENSE = "GPL-3.0-or-later"
-LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=1601d62d6828fbe19b6f6c2d01fdff4c"
+LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=cd54b7abfc462470b0f505273c38f0ff"
 
 DEPENDS = "zstd"
 
 SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \
            file://0001-xxhash.h-Fix-build-with-gcc-12.patch \
            "
-SRC_URI[sha256sum] = "869903c1891beb8bee87f1ec94d8a0dad18c2add4072c456acbc85cdfc23ca63"
+SRC_URI[sha256sum] = "75eef15b8b9da48db9c91e1d0ff58b3645fc70c0e4ca2ef1b6825a12f21f217d"
 
 inherit cmake github-releases
 
diff --git a/poky/meta/recipes-devtools/cmake/cmake.inc b/poky/meta/recipes-devtools/cmake/cmake.inc
index 7788a5c..f57a77c 100644
--- a/poky/meta/recipes-devtools/cmake/cmake.inc
+++ b/poky/meta/recipes-devtools/cmake/cmake.inc
@@ -23,6 +23,4 @@
 
 UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
 
-# This is specific to the npm package that installs cmake, so isn't
-# relevant to OpenEmbedded
-CVE_CHECK_IGNORE += "CVE-2016-10642"
+CVE_STATUS[CVE-2016-10642] = "cpe-incorrect: This is specific to the npm package that installs cmake, so isn't relevant to OpenEmbedded"
diff --git a/poky/meta/recipes-devtools/dnf/dnf_4.16.1.bb b/poky/meta/recipes-devtools/dnf/dnf_4.16.1.bb
index ff79701..9134411 100644
--- a/poky/meta/recipes-devtools/dnf/dnf_4.16.1.bb
+++ b/poky/meta/recipes-devtools/dnf/dnf_4.16.1.bb
@@ -15,9 +15,10 @@
            file://0029-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \
            file://0030-Run-python-scripts-using-env.patch \
            file://0001-set-python-path-for-completion_helper.patch \
-           file://0001-dnf-write-the-log-lock-to-root.patch \
            "
 
+SRC_URI:append:class-native = "file://0001-dnf-write-the-log-lock-to-root.patch"
+
 SRCREV = "94b7cc7956580405b219329541d6b40db6499cf1"
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)"
 
diff --git a/poky/meta/recipes-devtools/flex/flex_2.6.4.bb b/poky/meta/recipes-devtools/flex/flex_2.6.4.bb
index 15cf6f5..1ac88d6 100644
--- a/poky/meta/recipes-devtools/flex/flex_2.6.4.bb
+++ b/poky/meta/recipes-devtools/flex/flex_2.6.4.bb
@@ -26,10 +26,10 @@
 
 GITHUB_BASE_URI = "https://github.com/westes/flex/releases"
 
-# Disputed - yes there is stack exhaustion but no bug and it is building the
-# parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address
 # https://github.com/westes/flex/issues/414
-CVE_CHECK_IGNORE += "CVE-2019-6293"
+CVE_STATUS[CVE-2019-6293] = "upstream-wontfix: \
+there is stack exhaustion but no bug and it is building the \
+parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address this."
 
 inherit autotools gettext texinfo ptest github-releases
 
diff --git a/poky/meta/recipes-devtools/gcc/gcc-13.1.inc b/poky/meta/recipes-devtools/gcc/gcc-13.1.inc
index 4da703d..e94753e 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-13.1.inc
+++ b/poky/meta/recipes-devtools/gcc/gcc-13.1.inc
@@ -111,5 +111,4 @@
     --with-build-sysroot=${STAGING_DIR_TARGET} \
 "
 
-# Is a binutils 2.26 issue, not gcc
-CVE_CHECK_IGNORE += "CVE-2021-37322"
+CVE_STATUS[CVE-2021-37322] = "cpe-incorrect: Is a binutils 2.26 issue, not gcc"
diff --git a/poky/meta/recipes-devtools/gcc/gcc-configure-common.inc b/poky/meta/recipes-devtools/gcc/gcc-configure-common.inc
index e4cdb73..dba25eb 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-configure-common.inc
+++ b/poky/meta/recipes-devtools/gcc/gcc-configure-common.inc
@@ -40,7 +40,6 @@
     ${@get_gcc_mips_plt_setting(bb, d)} \
     ${@get_gcc_ppc_plt_settings(bb, d)} \
     ${@get_gcc_multiarch_setting(bb, d)} \
-	--enable-standard-branch-protection \
 "
 
 # glibc version is a minimum controlling whether features are enabled. 
diff --git a/poky/meta/recipes-devtools/gcc/gcc-testsuite.inc b/poky/meta/recipes-devtools/gcc/gcc-testsuite.inc
index f68fec5..64f60c7 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-testsuite.inc
+++ b/poky/meta/recipes-devtools/gcc/gcc-testsuite.inc
@@ -51,9 +51,10 @@
         # enable all valid instructions, since the test suite itself does not
         # limit itself to the target cpu options.
         #   - valid for x86*, powerpc, arm, arm64
-        if qemu_binary.lstrip("qemu-") in ["x86_64", "i386", "ppc", "arm", "aarch64"]:
+        if qemu_binary.lstrip("qemu-") in ["x86_64", "i386", "arm", "aarch64"]:
             args += ["-cpu", "max"]
-
+        elif qemu_binary.lstrip("qemu-") in ["ppc"]:
+            args += d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('PACKAGE_ARCH')).split()
         sysroot = d.getVar("RECIPE_SYSROOT")
         args += ["-L", sysroot]
         # lib paths are static here instead of using $libdir since this is used by a -cross recipe
diff --git a/poky/meta/recipes-devtools/git/git_2.39.3.bb b/poky/meta/recipes-devtools/git/git_2.39.3.bb
index 54a863a..3393550 100644
--- a/poky/meta/recipes-devtools/git/git_2.39.3.bb
+++ b/poky/meta/recipes-devtools/git/git_2.39.3.bb
@@ -27,13 +27,6 @@
 
 CVE_PRODUCT = "git-scm:git"
 
-# This is about a manpage not mentioning --mirror may "leak" information
-# in mirrored git repos. Most OE users wouldn't build the docs and
-# we don't see this as a major issue for our general users/usecases.
-CVE_CHECK_IGNORE += "CVE-2022-24975"
-# This is specific to Git-for-Windows
-CVE_CHECK_IGNORE += "CVE-2022-41953"
-
 PACKAGECONFIG ??= "expat curl"
 PACKAGECONFIG[cvsserver] = ""
 PACKAGECONFIG[svn] = ""
diff --git a/poky/meta/recipes-devtools/go/go-1.20.5.inc b/poky/meta/recipes-devtools/go/go-1.20.6.inc
similarity index 89%
rename from poky/meta/recipes-devtools/go/go-1.20.5.inc
rename to poky/meta/recipes-devtools/go/go-1.20.6.inc
index 4e4e57d..551171b 100644
--- a/poky/meta/recipes-devtools/go/go-1.20.5.inc
+++ b/poky/meta/recipes-devtools/go/go-1.20.6.inc
@@ -15,4 +15,4 @@
     file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
     file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
 "
-SRC_URI[main.sha256sum] = "9a15c133ba2cfafe79652f4815b62e7cfc267f68df1b9454c6ab2a3ca8b96a88"
+SRC_URI[main.sha256sum] = "62ee5bc6fb55b8bae8f705e0cb8df86d6453626b4ecf93279e2867092e0b7f70"
diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.20.5.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.20.6.bb
similarity index 78%
rename from poky/meta/recipes-devtools/go/go-binary-native_1.20.5.bb
rename to poky/meta/recipes-devtools/go/go-binary-native_1.20.6.bb
index a98be4a..5b2f8f4 100644
--- a/poky/meta/recipes-devtools/go/go-binary-native_1.20.5.bb
+++ b/poky/meta/recipes-devtools/go/go-binary-native_1.20.6.bb
@@ -9,9 +9,9 @@
 
 # Checksums available at https://go.dev/dl/
 SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "d7ec48cde0d3d2be2c69203bc3e0a44de8660b9c09a6e85c4732a3f7dc442612"
-SRC_URI[go_linux_arm64.sha256sum] = "aa2fab0a7da20213ff975fa7876a66d47b48351558d98851b87d1cfef4360d09"
-SRC_URI[go_linux_ppc64le.sha256sum] = "049b8ab07d34077b90c0642138e10207f6db14bdd1743ea994a21e228f8ca53d"
+SRC_URI[go_linux_amd64.sha256sum] = "b945ae2bb5db01a0fb4786afde64e6fbab50b67f6fa0eb6cfa4924f16a7ff1eb"
+SRC_URI[go_linux_arm64.sha256sum] = "4e15ab37556e979181a1a1cc60f6d796932223a0f5351d7c83768b356f84429b"
+SRC_URI[go_linux_ppc64le.sha256sum] = "a1b91a42a40bba54bfd5c96c23d72250e0c424038d0d2b5c7950b828b4905822"
 
 UPSTREAM_CHECK_URI = "https://golang.org/dl/"
 UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.20.5.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.20.6.bb
similarity index 100%
rename from poky/meta/recipes-devtools/go/go-cross-canadian_1.20.5.bb
rename to poky/meta/recipes-devtools/go/go-cross-canadian_1.20.6.bb
diff --git a/poky/meta/recipes-devtools/go/go-cross_1.20.5.bb b/poky/meta/recipes-devtools/go/go-cross_1.20.6.bb
similarity index 100%
rename from poky/meta/recipes-devtools/go/go-cross_1.20.5.bb
rename to poky/meta/recipes-devtools/go/go-cross_1.20.6.bb
diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.20.5.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.20.6.bb
similarity index 100%
rename from poky/meta/recipes-devtools/go/go-crosssdk_1.20.5.bb
rename to poky/meta/recipes-devtools/go/go-crosssdk_1.20.6.bb
diff --git a/poky/meta/recipes-devtools/go/go-native_1.20.5.bb b/poky/meta/recipes-devtools/go/go-native_1.20.6.bb
similarity index 100%
rename from poky/meta/recipes-devtools/go/go-native_1.20.5.bb
rename to poky/meta/recipes-devtools/go/go-native_1.20.6.bb
diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.20.5.bb b/poky/meta/recipes-devtools/go/go-runtime_1.20.6.bb
similarity index 100%
rename from poky/meta/recipes-devtools/go/go-runtime_1.20.5.bb
rename to poky/meta/recipes-devtools/go/go-runtime_1.20.6.bb
diff --git a/poky/meta/recipes-devtools/go/go_1.20.5.bb b/poky/meta/recipes-devtools/go/go_1.20.6.bb
similarity index 100%
rename from poky/meta/recipes-devtools/go/go_1.20.5.bb
rename to poky/meta/recipes-devtools/go/go_1.20.6.bb
diff --git a/poky/meta/recipes-devtools/jquery/jquery_3.6.3.bb b/poky/meta/recipes-devtools/jquery/jquery_3.6.3.bb
index 93f87f7..db4745a 100644
--- a/poky/meta/recipes-devtools/jquery/jquery_3.6.3.bb
+++ b/poky/meta/recipes-devtools/jquery/jquery_3.6.3.bb
@@ -20,9 +20,8 @@
 UPSTREAM_CHECK_REGEX = "jquery-(?P<pver>\d+(\.\d+)+)\.js"
 
 # https://github.com/jquery/jquery/issues/3927
-# There are ways jquery can expose security issues but any issues are in the apps exposing them
-# and there is little we can directly do
-CVE_CHECK_IGNORE += "CVE-2007-2379"
+CVE_STATUS[CVE-2007-2379] = "upstream-wontfix: There are ways jquery can expose security issues but any issues \
+are in the apps exposing them and there is little we can directly do."
 
 inherit allarch
 
diff --git a/poky/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch b/poky/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch
deleted file mode 100644
index 3680c71..0000000
--- a/poky/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
-From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
-Date: Tue, 15 Feb 2022 12:28:46 -0300
-Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
-
-CVE: CVE-2022-28805
-
-Upstream-Status: Backport [https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa]
-
-Signed-off-by: Steve Sakoman <steve@sakoman.com>
----
- src/lparser.c         |  1 +
- 1 files changed, 1 insertions(+)
-
-diff --git a/src/lparser.c b/src/lparser.c
-index 3abe3d751..a5cd55257 100644
---- a/src/lparser.c
-+++ b/src/lparser.c
-@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) {
-     expdesc key;
-     singlevaraux(fs, ls->envn, var, 1);  /* get environment variable */
-     lua_assert(var->k != VVOID);  /* this one must exist */
-+    luaK_exp2anyregup(fs, var);  /* but could be a constant */
-     codestring(&key, varname);  /* key is variable name */
-     luaK_indexed(fs, var, &key);  /* env[varname] */
-   }
diff --git a/poky/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch b/poky/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch
deleted file mode 100644
index fe7b606..0000000
--- a/poky/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 42d40581dd919fb134c07027ca1ce0844c670daf Mon Sep 17 00:00:00 2001
-From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
-Date: Fri, 20 May 2022 13:14:33 -0300
-Subject: [PATCH] Save stack space while handling errors
-
-Because error handling (luaG_errormsg) uses slots from EXTRA_STACK,
-and some errors can recur (e.g., string overflow while creating an
-error message in 'luaG_runerror', or a C-stack overflow before calling
-the message handler), the code should use stack slots with parsimony.
-
-This commit fixes the bug "Lua-stack overflow when C stack overflows
-while handling an error".
-
-CVE: CVE-2022-33099
-
-Upstream-Status: Backport [https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- ldebug.c | 5 ++++-
- lvm.c    | 6 ++++--
- 2 files changed, 8 insertions(+), 3 deletions(-)
-
---- a/src/ldebug.c
-+++ b/src/ldebug.c
-@@ -824,8 +824,11 @@ l_noret luaG_runerror (lua_State *L, con
-   va_start(argp, fmt);
-   msg = luaO_pushvfstring(L, fmt, argp);  /* format message */
-   va_end(argp);
--  if (isLua(ci))  /* if Lua function, add source:line information */
-+  if (isLua(ci)) {  /* if Lua function, add source:line information */
-     luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci));
-+    setobjs2s(L, L->top - 2, L->top - 1);  /* remove 'msg' from the stack */
-+    L->top--;
-+  }
-   luaG_errormsg(L);
- }
- 
---- a/src/lvm.c
-+++ b/src/lvm.c
-@@ -656,8 +656,10 @@ void luaV_concat (lua_State *L, int tota
-       /* collect total length and number of strings */
-       for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
-         size_t l = vslen(s2v(top - n - 1));
--        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
-+        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
-+          L->top = top - total;  /* pop strings to avoid wasting stack */
-           luaG_runerror(L, "string length overflow");
-+        }
-         tl += l;
-       }
-       if (tl <= LUAI_MAXSHORTLEN) {  /* is result a short string? */
-@@ -672,7 +674,7 @@ void luaV_concat (lua_State *L, int tota
-       setsvalue2s(L, top - n, ts);  /* create result */
-     }
-     total -= n-1;  /* got 'n' strings to create 1 new */
--    L->top -= n-1;  /* popped 'n' strings and pushed one */
-+    L->top = top - (n - 1);  /* popped 'n' strings and pushed one */
-   } while (total > 1);  /* repeat until only 1 result left */
- }
- 
diff --git a/poky/meta/recipes-devtools/lua/lua_5.4.4.bb b/poky/meta/recipes-devtools/lua/lua_5.4.6.bb
similarity index 88%
rename from poky/meta/recipes-devtools/lua/lua_5.4.4.bb
rename to poky/meta/recipes-devtools/lua/lua_5.4.6.bb
index 26ec35f..eabfc89 100644
--- a/poky/meta/recipes-devtools/lua/lua_5.4.4.bb
+++ b/poky/meta/recipes-devtools/lua/lua_5.4.6.bb
@@ -1,20 +1,18 @@
 SUMMARY = "Lua is a powerful light-weight programming language designed \
 for extending applications."
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://doc/readme.html;beginline=307;endline=330;md5=79c3f6b19ad05efe24c1681f025026bb"
+LIC_FILES_CHKSUM = "file://doc/readme.html;beginline=303;endline=324;md5=e05449eb28c092473f854670c6e8375a"
 HOMEPAGE = "http://www.lua.org/"
 
 SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \
            file://lua.pc.in \
-           file://CVE-2022-28805.patch \
-           file://CVE-2022-33099.patch \
            ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'http://www.lua.org/tests/lua-${PV_testsuites}-tests.tar.gz;name=tarballtest file://run-ptest ', '', d)} \
            "
 
 # if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release.
 PV_testsuites = "5.4.4"
 
-SRC_URI[tarballsrc.sha256sum] = "164c7849653b80ae67bec4b7473b884bf5cc8d2dca05653475ec2ed27b9ebf61"
+SRC_URI[tarballsrc.sha256sum] = "7d5ea1b9cb6aa0b59ca3dde1c6adcb57ef83a1ba8e5432c0ecd06bf439b3ad88"
 SRC_URI[tarballtest.sha256sum] = "04d28355cd67a2299dfe5708b55a0ff221ccb1a3907a3113cc103ccc05ac6aad"
 
 inherit pkgconfig binconfig ptest
diff --git a/poky/meta/recipes-devtools/ninja/ninja_1.11.1.bb b/poky/meta/recipes-devtools/ninja/ninja_1.11.1.bb
index 83d2f01..8e297ec 100644
--- a/poky/meta/recipes-devtools/ninja/ninja_1.11.1.bb
+++ b/poky/meta/recipes-devtools/ninja/ninja_1.11.1.bb
@@ -30,5 +30,4 @@
 
 BBCLASSEXTEND = "native nativesdk"
 
-# This is a different Ninja
-CVE_CHECK_IGNORE += "CVE-2021-4336"
+CVE_STATUS[CVE-2021-4336] = "cpe-incorrect: This is a different Ninja"
diff --git a/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb b/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.6.2.bb
similarity index 97%
rename from poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb
rename to poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.6.2.bb
index b27e3de..eb88b9b 100644
--- a/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb
+++ b/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.6.2.bb
@@ -10,7 +10,7 @@
 SRC_URI = "git://git.yoctoproject.org/opkg-utils;protocol=https;branch=master \
            file://0001-update-alternatives-correctly-match-priority.patch \
            "
-SRCREV = "9239541f14a2529b9d01c0a253ab11afa2822dab"
+SRCREV = "67994e62dc598282830385da75ba9b1abbbda941"
 
 S = "${WORKDIR}/git"
 
diff --git a/poky/meta/recipes-devtools/opkg/opkg/0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch b/poky/meta/recipes-devtools/opkg/opkg/0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch
deleted file mode 100644
index 3406878..0000000
--- a/poky/meta/recipes-devtools/opkg/opkg/0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 4089affd371e6d62dd8c1e57b344f8cc329005ea Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 14 Jan 2023 23:11:08 -0800
-Subject: [PATCH] Define alignof using _Alignof when using C11 or newer
-
-WG14 N2350 made very clear that it is an UB having type definitions
-within "offsetof" [1]. This patch enhances the implementation of macro
-alignof_slot to use builtin "_Alignof" to avoid undefined behavior on
-when using std=c11 or newer
-
-clang 16+ has started to flag this [2]
-
-Fixes build when using -std >= gnu11 and using clang16+
-
-Older compilers gcc < 4.9 or clang < 8 has buggy _Alignof even though it
-may support C11, exclude those compilers too
-
-[1] https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2350.htm
-[2] https://reviews.llvm.org/D133574
-
-Upstream-Status: Submitted [https://groups.google.com/g/opkg-devel/c/gjcQPZgT_jI]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- libopkg/md5.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/libopkg/md5.c b/libopkg/md5.c
-index 981b9b8..ccb645e 100644
---- a/libopkg/md5.c
-+++ b/libopkg/md5.c
-@@ -237,7 +237,17 @@ void md5_process_bytes(const void *buffer, size_t len, struct md5_ctx *ctx)
-     /* Process available complete blocks.  */
-     if (len >= 64) {
- #if !_STRING_ARCH_unaligned
-+/* GCC releases before GCC 4.9 had a bug in _Alignof.  See GCC bug 52023
-+   <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52023>.
-+   clang versions < 8.0.0 have the same bug.  */
-+#if (!defined __STDC_VERSION__ || __STDC_VERSION__ < 201112 \
-+     || (defined __GNUC__ && __GNUC__ < 4 + (__GNUC_MINOR__ < 9) \
-+         && !defined __clang__) \
-+     || (defined __clang__ && __clang_major__ < 8))
- #define alignof(type) offsetof (struct { char c; type x; }, x)
-+#else
-+#define alignof(type) _Alignof(type)
-+#endif
- #define UNALIGNED_P(p) (((size_t) p) % alignof (uint32_t) != 0)
-         if (UNALIGNED_P(buffer))
-             while (len > 64) {
--- 
-2.39.0
-
diff --git a/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch b/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch
deleted file mode 100644
index f216950..0000000
--- a/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From a658e6402382250f0164c5b47b744740e04f3611 Mon Sep 17 00:00:00 2001
-From: Charlie Johnston <charlie.johnston@ni.com>
-Date: Fri, 30 Dec 2022 15:21:14 -0600
-Subject: [PATCH] opkg-key: Remove --no-options flag from gpg calls.
-
-The opkg-key script was always passing the --no-options
-flag to gpg, which uses /dev/null as the options file.
-As a result, the opkg gpg.conf file was not getting
-used. This change removes that flag so that gpg.conf
-in the GPGHOMEDIR for opkg (currently /etc/opkg/gpg/)
-will be used if present.
-
-Upstream-Status: Accepted [https://git.yoctoproject.org/opkg/commit/?id=cee294e72d257417b5e55ef7a76a0fd15313e46b]
-Signed-off-by: Charlie Johnston <charlie.johnston@ni.com>
----
- utils/opkg-key | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/utils/opkg-key b/utils/opkg-key
-index e395a59..8645ebc 100755
---- a/utils/opkg-key
-+++ b/utils/opkg-key
-@@ -53,7 +53,7 @@ else
-     exit 1
- fi
- 
--GPG="$GPGCMD --no-options --homedir $GPGHOMEDIR"
-+GPG="$GPGCMD --homedir $GPGHOMEDIR"
- 
- # Gpg home dir isn't created automatically when --homedir option is used
- if [ ! -e "$GPGHOMEDIR" ]; then
--- 
-2.30.2
-
diff --git a/poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb b/poky/meta/recipes-devtools/opkg/opkg_0.6.2.bb
similarity index 91%
rename from poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb
rename to poky/meta/recipes-devtools/opkg/opkg_0.6.2.bb
index 4c25fe9..46be137 100644
--- a/poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb
+++ b/poky/meta/recipes-devtools/opkg/opkg_0.6.2.bb
@@ -15,12 +15,10 @@
 SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz \
            file://opkg.conf \
            file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \
-           file://0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch \
-           file://0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
            file://run-ptest \
-"
+           "
 
-SRC_URI[sha256sum] = "e87fccb575c64d3ac0559444016a2795f12125986a0da896bab97c4a1a2f1b2a"
+SRC_URI[sha256sum] = "ac73a90a2549cd04948e563d915912c78e1b8ba0f43af75c5a53fcca474adbd5"
 
 # This needs to be before ptest inherit, otherwise all ptest files end packaged
 # in libopkg package if OPKGLIBDIR == libdir, because default
diff --git a/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch b/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
new file mode 100644
index 0000000..0531e1f
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
@@ -0,0 +1,217 @@
+From 77f557ef84698efeb6eed04e4a9704eaf85b741d
+From: Stig Palmquist <git@stig.io>
+Date: Mon Jun 5 16:46:22 2023 +0200
+Subject: [PATCH] Change verify_SSL default to 1, add ENV var to enable
+ insecure default
+
+- Changes the `verify_SSL` default parameter from `0` to `1`
+
+  Based on patch by Dominic Hargreaves:
+  https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92
+
+  CVE: CVE-2023-31486
+
+- Add check for `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` that
+  enables the previous insecure default behaviour if set to `1`.
+
+  This provides a workaround for users who encounter problems with the
+  new `verify_SSL` default.
+
+  Example to disable certificate checks:
+  ```
+    $ PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 ./script.pl
+  ```
+
+- Updates to documentation:
+  - Describe changing the verify_SSL value
+  - Describe the escape-hatch environment variable
+  - Remove rationale for not enabling verify_SSL
+  - Add missing certificate search paths
+  - Replace "SSL" with "TLS/SSL" where appropriate
+  - Use "machine-in-the-middle" instead of "man-in-the-middle"
+
+Upstream-Status: Backport [https://github.com/chansen/p5-http-tiny/commit/77f557ef84698efeb6eed04e4a9704eaf85b741d]
+
+Signed-off-by: Soumya <soumya.sambu@windriver.com>
+---
+ cpan/HTTP-Tiny/lib/HTTP/Tiny.pm | 86 ++++++++++++++++++++++-----------
+ 1 file changed, 57 insertions(+), 29 deletions(-)
+
+diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+index 83ca06d..ebc34a1 100644
+--- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
++++ b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+@@ -40,10 +40,14 @@ sub _croak { require Carp; Carp::croak(@_) }
+ #pod * C<timeout> — Request timeout in seconds (default is 60) If a socket open,
+ #pod   read or write takes longer than the timeout, the request response status code
+ #pod   will be 599.
+-#pod * C<verify_SSL> — A boolean that indicates whether to validate the SSL
+-#pod   certificate of an C<https> — connection (default is false)
++#pod * C<verify_SSL> — A boolean that indicates whether to validate the TLS/SSL
++#pod   certificate of an C<https> — connection (default is true). Changed from false
++#pod   to true in version 0.083.
+ #pod * C<SSL_options> — A hashref of C<SSL_*> — options to pass through to
+ #pod   L<IO::Socket::SSL>
++#pod * C<$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}> - Changes the default
++#pod   certificate verification behavior to not check server identity if set to 1.
++#pod   Only effective if C<verify_SSL> is not set. Added in version 0.083.
+ #pod
+ #pod An accessor/mutator method exists for each attribute.
+ #pod
+@@ -111,11 +115,17 @@ sub timeout {
+ sub new {
+     my($class, %args) = @_;
+
++    # Support lower case verify_ssl argument, but only if verify_SSL is not
++    # true.
++    if ( exists $args{verify_ssl} ) {
++        $args{verify_SSL}  ||= $args{verify_ssl};
++    }
++
+     my $self = {
+         max_redirect => 5,
+         timeout      => defined $args{timeout} ? $args{timeout} : 60,
+         keep_alive   => 1,
+-        verify_SSL   => $args{verify_SSL} || $args{verify_ssl} || 0, # no verification by default
++        verify_SSL   => defined $args{verify_SSL} ? $args{verify_SSL} : _verify_SSL_default(),
+         no_proxy     => $ENV{no_proxy},
+     };
+
+@@ -134,6 +144,13 @@ sub new {
+     return $self;
+ }
+
++sub _verify_SSL_default {
++    my ($self) = @_;
++    # Check if insecure default certificate verification behaviour has been
++    # changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1
++    return (($ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1;
++}
++
+ sub _set_proxies {
+     my ($self) = @_;
+
+@@ -1055,7 +1072,7 @@ sub new {
+         timeout          => 60,
+         max_line_size    => 16384,
+         max_header_lines => 64,
+-        verify_SSL       => 0,
++        verify_SSL       => HTTP::Tiny::_verify_SSL_default(),
+         SSL_options      => {},
+         %args
+     }, $class;
+@@ -2043,11 +2060,11 @@ proxy
+ timeout
+ verify_SSL
+
+-=head1 SSL SUPPORT
++=head1 TLS/SSL SUPPORT
+
+ Direct C<https> connections are supported only if L<IO::Socket::SSL> 1.56 or
+ greater and L<Net::SSLeay> 1.49 or greater are installed. An error will occur
+-if new enough versions of these modules are not installed or if the SSL
++if new enough versions of these modules are not installed or if the TLS
+ encryption fails. You can also use C<HTTP::Tiny::can_ssl()> utility function
+ that returns boolean to see if the required modules are installed.
+
+@@ -2055,7 +2072,7 @@ An C<https> connection may be made via an C<http> proxy that supports the CONNEC
+ command (i.e. RFC 2817).  You may not proxy C<https> via a proxy that itself
+ requires C<https> to communicate.
+
+-SSL provides two distinct capabilities:
++TLS/SSL provides two distinct capabilities:
+
+ =over 4
+
+@@ -2069,24 +2086,17 @@ Verification of server identity
+
+ =back
+
+-B<By default, HTTP::Tiny does not verify server identity>.
+-
+-Server identity verification is controversial and potentially tricky because it
+-depends on a (usually paid) third-party Certificate Authority (CA) trust model
+-to validate a certificate as legitimate.  This discriminates against servers
+-with self-signed certificates or certificates signed by free, community-driven
+-CA's such as L<CAcert.org|http://cacert.org>.
++B<By default, HTTP::Tiny verifies server identity>.
+
+-By default, HTTP::Tiny does not make any assumptions about your trust model,
+-threat level or risk tolerance.  It just aims to give you an encrypted channel
+-when you need one.
++This was changed in version 0.083 due to security concerns. The previous default
++behavior can be enabled by setting C<$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}>
++to 1.
+
+-Setting the C<verify_SSL> attribute to a true value will make HTTP::Tiny verify
+-that an SSL connection has a valid SSL certificate corresponding to the host
+-name of the connection and that the SSL certificate has been verified by a CA.
+-Assuming you trust the CA, this will protect against a L<man-in-the-middle
+-attack|http://en.wikipedia.org/wiki/Man-in-the-middle_attack>.  If you are
+-concerned about security, you should enable this option.
++Verification is done by checking that that the TLS/SSL connection has a valid
++certificate corresponding to the host name of the connection and that the
++certificate has been verified by a CA. Assuming you trust the CA, this will
++protect against L<machine-in-the-middle
++attacks|http://en.wikipedia.org/wiki/Machine-in-the-middle_attack>.
+
+ Certificate verification requires a file containing trusted CA certificates.
+
+@@ -2094,9 +2104,7 @@ If the environment variable C<SSL_CERT_FILE> is present, HTTP::Tiny
+ will try to find a CA certificate file in that location.
+
+ If the L<Mozilla::CA> module is installed, HTTP::Tiny will use the CA file
+-included with it as a source of trusted CA's.  (This means you trust Mozilla,
+-the author of Mozilla::CA, the CPAN mirror where you got Mozilla::CA, the
+-toolchain used to install it, and your operating system security, right?)
++included with it as a source of trusted CA's.
+
+ If that module is not available, then HTTP::Tiny will search several
+ system-specific default locations for a CA certificate file:
+@@ -2115,13 +2123,33 @@ system-specific default locations for a CA certificate file:
+
+ /etc/ssl/ca-bundle.pem
+
++=item *
++
++/etc/openssl/certs/ca-certificates.crt
++
++=item *
++
++/etc/ssl/cert.pem
++
++=item *
++
++/usr/local/share/certs/ca-root-nss.crt
++
++=item *
++
++/etc/pki/tls/cacert.pem
++
++=item *
++
++/etc/certs/ca-certificates.crt
++
+ =back
+
+ An error will be occur if C<verify_SSL> is true and no CA certificate file
+ is available.
+
+-If you desire complete control over SSL connections, the C<SSL_options> attribute
+-lets you provide a hash reference that will be passed through to
++If you desire complete control over TLS/SSL connections, the C<SSL_options>
++attribute lets you provide a hash reference that will be passed through to
+ C<IO::Socket::SSL::start_SSL()>, overriding any options set by HTTP::Tiny. For
+ example, to provide your own trusted CA file:
+
+@@ -2131,7 +2159,7 @@ example, to provide your own trusted CA file:
+
+ The C<SSL_options> attribute could also be used for such things as providing a
+ client certificate for authentication to a server or controlling the choice of
+-cipher used for the SSL connection. See L<IO::Socket::SSL> documentation for
++cipher used for the TLS/SSL connection. See L<IO::Socket::SSL> documentation for
+ details.
+
+ =head1 PROXY SUPPORT
+--
+2.40.0
diff --git a/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch b/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch
new file mode 100644
index 0000000..45452be
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch
@@ -0,0 +1,36 @@
+From a22785783b17cbaa28afaee4a024d81a1903701d
+From: Stig Palmquist <git@stig.io>
+Date: Sun Jun 18 11:36:05 2023 +0200
+Subject: [PATCH] Fix incorrect env var name for verify_SSL default
+
+The variable to override the verify_SSL default differed slightly in the
+documentation from what was checked for in the code.
+
+This commit makes the code use `PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT`
+as documented, instead of `PERL_HTTP_TINY_INSECURE_BY_DEFAULT` which was
+missing `SSL_`
+
+CVE: CVE-2023-31486
+
+Upstream-Status: Backport [https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d]
+
+Signed-off-by: Soumya <soumya.sambu@windriver.com>
+---
+ cpan/HTTP-Tiny/lib/HTTP/Tiny.pm | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+index ebc34a1..65ac8ff 100644
+--- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
++++ b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+@@ -148,7 +148,7 @@ sub _verify_SSL_default {
+     my ($self) = @_;
+     # Check if insecure default certificate verification behaviour has been
+     # changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1
+-    return (($ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1;
++    return (($ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1;
+ }
+
+ sub _set_proxies {
+--
+2.40.0
diff --git a/poky/meta/recipes-devtools/perl/perl_5.36.1.bb b/poky/meta/recipes-devtools/perl/perl_5.36.1.bb
index 3db1d9c..87768cc 100644
--- a/poky/meta/recipes-devtools/perl/perl_5.36.1.bb
+++ b/poky/meta/recipes-devtools/perl/perl_5.36.1.bb
@@ -18,6 +18,8 @@
            file://determinism.patch \
            file://0001-cpan-Sys-Syslog-Makefile.PL-Fix-_PATH_LOG-for-determ.patch \
            file://CVE-2023-31484.patch \
+           file://CVE-2023-31486-0001.patch \
+           file://CVE-2023-31486-0002.patch \
            "
 SRC_URI:append:class-native = " \
            file://perl-configpm-switch.patch \
diff --git a/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.5.bb b/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.5.bb
index 4bdf03c..ab1d1c8 100644
--- a/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.5.bb
+++ b/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.5.bb
@@ -15,7 +15,7 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=2214222ec1a820bd6cc75167a56925e0"
 
 SRC_URI = "\
-    https://distfiles.dereferenced.org/pkgconf/pkgconf-${PV}.tar.xz \
+    https://distfiles.ariadne.space/pkgconf/pkgconf-${PV}.tar.xz \
     file://pkg-config-wrapper \
     file://pkg-config-native.in \
     file://pkg-config-esdk.in \
diff --git a/poky/meta/recipes-devtools/python/python-cython.inc b/poky/meta/recipes-devtools/python/python-cython.inc
index 71596ca..6aec6b0 100644
--- a/poky/meta/recipes-devtools/python/python-cython.inc
+++ b/poky/meta/recipes-devtools/python/python-cython.inc
@@ -9,7 +9,7 @@
 PYPI_PACKAGE = "Cython"
 BBCLASSEXTEND = "native nativesdk"
 
-SRC_URI[sha256sum] = "6e381fa0bf08b3c26ec2f616b19ae852c06f5750f4290118bf986b6f85c8c527"
+SRC_URI[sha256sum] = "41c0cfd2d754e383c9eeb95effc9aa4ab847d0c9747077ddd7c0dcb68c3bc01f"
 UPSTREAM_CHECK_REGEX = "Cython-(?P<pver>.*)\.tar"
 
 inherit pypi
diff --git a/poky/meta/recipes-devtools/python/python3-cryptography-crates.inc b/poky/meta/recipes-devtools/python/python3-cryptography-crates.inc
index 410c9f4..da0a3f2 100644
--- a/poky/meta/recipes-devtools/python/python3-cryptography-crates.inc
+++ b/poky/meta/recipes-devtools/python/python3-cryptography-crates.inc
@@ -4,135 +4,109 @@
 SRC_URI += " \
     crate://crates.io/Inflector/0.11.4 \
     crate://crates.io/aliasable/0.1.3 \
-    crate://crates.io/android_system_properties/0.1.5 \
-    crate://crates.io/asn1/0.13.0 \
-    crate://crates.io/asn1_derive/0.13.0 \
+    crate://crates.io/asn1/0.15.2 \
+    crate://crates.io/asn1_derive/0.15.2 \
     crate://crates.io/autocfg/1.1.0 \
     crate://crates.io/base64/0.13.1 \
     crate://crates.io/bitflags/1.3.2 \
-    crate://crates.io/bumpalo/3.10.0 \
-    crate://crates.io/cc/1.0.78 \
+    crate://crates.io/cc/1.0.79 \
     crate://crates.io/cfg-if/1.0.0 \
-    crate://crates.io/chrono/0.4.23 \
-    crate://crates.io/codespan-reporting/0.11.1 \
-    crate://crates.io/core-foundation-sys/0.8.3 \
-    crate://crates.io/cxx/1.0.85 \
-    crate://crates.io/cxx-build/1.0.85 \
-    crate://crates.io/cxxbridge-flags/1.0.85 \
-    crate://crates.io/cxxbridge-macro/1.0.85 \
-    crate://crates.io/iana-time-zone/0.1.53 \
-    crate://crates.io/iana-time-zone-haiku/0.1.1 \
-    crate://crates.io/indoc/0.3.6 \
-    crate://crates.io/indoc-impl/0.3.6 \
-    crate://crates.io/instant/0.1.12 \
-    crate://crates.io/js-sys/0.3.60 \
-    crate://crates.io/libc/0.2.139 \
-    crate://crates.io/link-cplusplus/1.0.8 \
+    crate://crates.io/foreign-types/0.3.2 \
+    crate://crates.io/foreign-types-shared/0.1.1 \
+    crate://crates.io/indoc/1.0.9 \
+    crate://crates.io/libc/0.2.144 \
     crate://crates.io/lock_api/0.4.9 \
-    crate://crates.io/log/0.4.17 \
-    crate://crates.io/num-integer/0.1.45 \
-    crate://crates.io/num-traits/0.2.15 \
-    crate://crates.io/once_cell/1.14.0 \
-    crate://crates.io/ouroboros/0.15.5 \
-    crate://crates.io/ouroboros_macro/0.15.5 \
-    crate://crates.io/parking_lot/0.11.2 \
-    crate://crates.io/parking_lot_core/0.8.6 \
-    crate://crates.io/paste/0.1.18 \
-    crate://crates.io/paste-impl/0.1.18 \
-    crate://crates.io/pem/1.1.0 \
+    crate://crates.io/memoffset/0.8.0 \
+    crate://crates.io/once_cell/1.17.2 \
+    crate://crates.io/openssl/0.10.54 \
+    crate://crates.io/openssl-macros/0.1.1 \
+    crate://crates.io/openssl-sys/0.9.88 \
+    crate://crates.io/ouroboros/0.15.6 \
+    crate://crates.io/ouroboros_macro/0.15.6 \
+    crate://crates.io/parking_lot/0.12.1 \
+    crate://crates.io/parking_lot_core/0.9.7 \
+    crate://crates.io/pem/1.1.1 \
+    crate://crates.io/pkg-config/0.3.27 \
     crate://crates.io/proc-macro-error/1.0.4 \
     crate://crates.io/proc-macro-error-attr/1.0.4 \
-    crate://crates.io/proc-macro-hack/0.5.20+deprecated \
-    crate://crates.io/proc-macro2/1.0.49 \
-    crate://crates.io/pyo3/0.15.2 \
-    crate://crates.io/pyo3-build-config/0.15.2 \
-    crate://crates.io/pyo3-macros/0.15.2 \
-    crate://crates.io/pyo3-macros-backend/0.15.2 \
-    crate://crates.io/quote/1.0.23 \
+    crate://crates.io/proc-macro2/1.0.64 \
+    crate://crates.io/pyo3/0.18.3 \
+    crate://crates.io/pyo3-build-config/0.18.3 \
+    crate://crates.io/pyo3-ffi/0.18.3 \
+    crate://crates.io/pyo3-macros/0.18.3 \
+    crate://crates.io/pyo3-macros-backend/0.18.3 \
+    crate://crates.io/quote/1.0.28 \
     crate://crates.io/redox_syscall/0.2.16 \
     crate://crates.io/scopeguard/1.1.0 \
-    crate://crates.io/scratch/1.0.3 \
     crate://crates.io/smallvec/1.10.0 \
-    crate://crates.io/syn/1.0.107 \
-    crate://crates.io/termcolor/1.1.3 \
-    crate://crates.io/unicode-ident/1.0.6 \
-    crate://crates.io/unicode-width/0.1.10 \
+    crate://crates.io/syn/1.0.109 \
+    crate://crates.io/syn/2.0.18 \
+    crate://crates.io/target-lexicon/0.12.7 \
+    crate://crates.io/unicode-ident/1.0.9 \
     crate://crates.io/unindent/0.1.11 \
+    crate://crates.io/vcpkg/0.2.15 \
     crate://crates.io/version_check/0.9.4 \
-    crate://crates.io/wasm-bindgen/0.2.83 \
-    crate://crates.io/wasm-bindgen-backend/0.2.83 \
-    crate://crates.io/wasm-bindgen-macro/0.2.83 \
-    crate://crates.io/wasm-bindgen-macro-support/0.2.83 \
-    crate://crates.io/wasm-bindgen-shared/0.2.83 \
-    crate://crates.io/winapi/0.3.9 \
-    crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
-    crate://crates.io/winapi-util/0.1.5 \
-    crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
+    crate://crates.io/windows-sys/0.45.0 \
+    crate://crates.io/windows-targets/0.42.2 \
+    crate://crates.io/windows_aarch64_gnullvm/0.42.2 \
+    crate://crates.io/windows_aarch64_msvc/0.42.2 \
+    crate://crates.io/windows_i686_gnu/0.42.2 \
+    crate://crates.io/windows_i686_msvc/0.42.2 \
+    crate://crates.io/windows_x86_64_gnu/0.42.2 \
+    crate://crates.io/windows_x86_64_gnullvm/0.42.2 \
+    crate://crates.io/windows_x86_64_msvc/0.42.2 \
 "
 
 SRC_URI[Inflector-0.11.4.sha256sum] = "fe438c63458706e03479442743baae6c88256498e6431708f6dfc520a26515d3"
 SRC_URI[aliasable-0.1.3.sha256sum] = "250f629c0161ad8107cf89319e990051fae62832fd343083bea452d93e2205fd"
-SRC_URI[android_system_properties-0.1.5.sha256sum] = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
-SRC_URI[asn1-0.13.0.sha256sum] = "2affba5e62ee09eeba078f01a00c4aed45ac4287e091298eccbb0d4802efbdc5"
-SRC_URI[asn1_derive-0.13.0.sha256sum] = "bfab79c195875e5aef2bd20b4c8ed8d43ef9610bcffefbbcf66f88f555cc78af"
+SRC_URI[asn1-0.15.2.sha256sum] = "28c19b9324de5b815b6487e0f8098312791b09de0dbf3d5c2db1fe2d95bab973"
+SRC_URI[asn1_derive-0.15.2.sha256sum] = "a045c3ccad89f244a86bd1e6cf1a7bf645296e7692698b056399b6efd4639407"
 SRC_URI[autocfg-1.1.0.sha256sum] = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
 SRC_URI[base64-0.13.1.sha256sum] = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
 SRC_URI[bitflags-1.3.2.sha256sum] = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
-SRC_URI[bumpalo-3.10.0.sha256sum] = "37ccbd214614c6783386c1af30caf03192f17891059cecc394b4fb119e363de3"
-SRC_URI[cc-1.0.78.sha256sum] = "a20104e2335ce8a659d6dd92a51a767a0c062599c73b343fd152cb401e828c3d"
+SRC_URI[cc-1.0.79.sha256sum] = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
 SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
-SRC_URI[chrono-0.4.23.sha256sum] = "16b0a3d9ed01224b22057780a37bb8c5dbfe1be8ba48678e7bf57ec4b385411f"
-SRC_URI[codespan-reporting-0.11.1.sha256sum] = "3538270d33cc669650c4b093848450d380def10c331d38c768e34cac80576e6e"
-SRC_URI[core-foundation-sys-0.8.3.sha256sum] = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
-SRC_URI[cxx-1.0.85.sha256sum] = "5add3fc1717409d029b20c5b6903fc0c0b02fa6741d820054f4a2efa5e5816fd"
-SRC_URI[cxx-build-1.0.85.sha256sum] = "b4c87959ba14bc6fbc61df77c3fcfe180fc32b93538c4f1031dd802ccb5f2ff0"
-SRC_URI[cxxbridge-flags-1.0.85.sha256sum] = "69a3e162fde4e594ed2b07d0f83c6c67b745e7f28ce58c6df5e6b6bef99dfb59"
-SRC_URI[cxxbridge-macro-1.0.85.sha256sum] = "3e7e2adeb6a0d4a282e581096b06e1791532b7d576dcde5ccd9382acf55db8e6"
-SRC_URI[iana-time-zone-0.1.53.sha256sum] = "64c122667b287044802d6ce17ee2ddf13207ed924c712de9a66a5814d5b64765"
-SRC_URI[iana-time-zone-haiku-0.1.1.sha256sum] = "0703ae284fc167426161c2e3f1da3ea71d94b21bedbcc9494e92b28e334e3dca"
-SRC_URI[indoc-0.3.6.sha256sum] = "47741a8bc60fb26eb8d6e0238bbb26d8575ff623fdc97b1a2c00c050b9684ed8"
-SRC_URI[indoc-impl-0.3.6.sha256sum] = "ce046d161f000fffde5f432a0d034d0341dc152643b2598ed5bfce44c4f3a8f0"
-SRC_URI[instant-0.1.12.sha256sum] = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c"
-SRC_URI[js-sys-0.3.60.sha256sum] = "49409df3e3bf0856b916e2ceaca09ee28e6871cf7d9ce97a692cacfdb2a25a47"
-SRC_URI[libc-0.2.139.sha256sum] = "201de327520df007757c1f0adce6e827fe8562fbc28bfd9c15571c66ca1f5f79"
-SRC_URI[link-cplusplus-1.0.8.sha256sum] = "ecd207c9c713c34f95a097a5b029ac2ce6010530c7b49d7fea24d977dede04f5"
+SRC_URI[foreign-types-0.3.2.sha256sum] = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
+SRC_URI[foreign-types-shared-0.1.1.sha256sum] = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
+SRC_URI[indoc-1.0.9.sha256sum] = "bfa799dd5ed20a7e349f3b4639aa80d74549c81716d9ec4f994c9b5815598306"
+SRC_URI[libc-0.2.144.sha256sum] = "2b00cc1c228a6782d0f076e7b232802e0c5689d41bb5df366f2a6b6621cfdfe1"
 SRC_URI[lock_api-0.4.9.sha256sum] = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df"
-SRC_URI[log-0.4.17.sha256sum] = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
-SRC_URI[num-integer-0.1.45.sha256sum] = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9"
-SRC_URI[num-traits-0.2.15.sha256sum] = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd"
-SRC_URI[once_cell-1.14.0.sha256sum] = "2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0"
-SRC_URI[ouroboros-0.15.5.sha256sum] = "dfbb50b356159620db6ac971c6d5c9ab788c9cc38a6f49619fca2a27acb062ca"
-SRC_URI[ouroboros_macro-0.15.5.sha256sum] = "4a0d9d1a6191c4f391f87219d1ea42b23f09ee84d64763cd05ee6ea88d9f384d"
-SRC_URI[parking_lot-0.11.2.sha256sum] = "7d17b78036a60663b797adeaee46f5c9dfebb86948d1255007a1d6be0271ff99"
-SRC_URI[parking_lot_core-0.8.6.sha256sum] = "60a2cfe6f0ad2bfc16aefa463b497d5c7a5ecd44a23efa72aa342d90177356dc"
-SRC_URI[paste-0.1.18.sha256sum] = "45ca20c77d80be666aef2b45486da86238fabe33e38306bd3118fe4af33fa880"
-SRC_URI[paste-impl-0.1.18.sha256sum] = "d95a7db200b97ef370c8e6de0088252f7e0dfff7d047a28528e47456c0fc98b6"
-SRC_URI[pem-1.1.0.sha256sum] = "03c64931a1a212348ec4f3b4362585eca7159d0d09cbdf4a7f74f02173596fd4"
+SRC_URI[memoffset-0.8.0.sha256sum] = "d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1"
+SRC_URI[once_cell-1.17.2.sha256sum] = "9670a07f94779e00908f3e686eab508878ebb390ba6e604d3a284c00e8d0487b"
+SRC_URI[openssl-0.10.54.sha256sum] = "69b3f656a17a6cbc115b5c7a40c616947d213ba182135b014d6051b73ab6f019"
+SRC_URI[openssl-macros-0.1.1.sha256sum] = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
+SRC_URI[openssl-sys-0.9.88.sha256sum] = "c2ce0f250f34a308dcfdbb351f511359857d4ed2134ba715a4eadd46e1ffd617"
+SRC_URI[ouroboros-0.15.6.sha256sum] = "e1358bd1558bd2a083fed428ffeda486fbfb323e698cdda7794259d592ca72db"
+SRC_URI[ouroboros_macro-0.15.6.sha256sum] = "5f7d21ccd03305a674437ee1248f3ab5d4b1db095cf1caf49f1713ddf61956b7"
+SRC_URI[parking_lot-0.12.1.sha256sum] = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f"
+SRC_URI[parking_lot_core-0.9.7.sha256sum] = "9069cbb9f99e3a5083476ccb29ceb1de18b9118cafa53e90c9551235de2b9521"
+SRC_URI[pem-1.1.1.sha256sum] = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8"
+SRC_URI[pkg-config-0.3.27.sha256sum] = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964"
 SRC_URI[proc-macro-error-1.0.4.sha256sum] = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
 SRC_URI[proc-macro-error-attr-1.0.4.sha256sum] = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
-SRC_URI[proc-macro-hack-0.5.20+deprecated.sha256sum] = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068"
-SRC_URI[proc-macro2-1.0.49.sha256sum] = "57a8eca9f9c4ffde41714334dee777596264c7825420f521abc92b5b5deb63a5"
-SRC_URI[pyo3-0.15.2.sha256sum] = "d41d50a7271e08c7c8a54cd24af5d62f73ee3a6f6a314215281ebdec421d5752"
-SRC_URI[pyo3-build-config-0.15.2.sha256sum] = "779239fc40b8e18bc8416d3a37d280ca9b9fb04bda54b98037bb6748595c2410"
-SRC_URI[pyo3-macros-0.15.2.sha256sum] = "00b247e8c664be87998d8628e86f282c25066165f1f8dda66100c48202fdb93a"
-SRC_URI[pyo3-macros-backend-0.15.2.sha256sum] = "5a8c2812c412e00e641d99eeb79dd478317d981d938aa60325dfa7157b607095"
-SRC_URI[quote-1.0.23.sha256sum] = "8856d8364d252a14d474036ea1358d63c9e6965c8e5c1885c18f73d70bff9c7b"
+SRC_URI[proc-macro2-1.0.64.sha256sum] = "78803b62cbf1f46fde80d7c0e803111524b9877184cfe7c3033659490ac7a7da"
+SRC_URI[pyo3-0.18.3.sha256sum] = "e3b1ac5b3731ba34fdaa9785f8d74d17448cd18f30cf19e0c7e7b1fdb5272109"
+SRC_URI[pyo3-build-config-0.18.3.sha256sum] = "9cb946f5ac61bb61a5014924910d936ebd2b23b705f7a4a3c40b05c720b079a3"
+SRC_URI[pyo3-ffi-0.18.3.sha256sum] = "fd4d7c5337821916ea2a1d21d1092e8443cf34879e53a0ac653fbb98f44ff65c"
+SRC_URI[pyo3-macros-0.18.3.sha256sum] = "a9d39c55dab3fc5a4b25bbd1ac10a2da452c4aca13bb450f22818a002e29648d"
+SRC_URI[pyo3-macros-backend-0.18.3.sha256sum] = "97daff08a4c48320587b5224cc98d609e3c27b6d437315bd40b605c98eeb5918"
+SRC_URI[quote-1.0.28.sha256sum] = "1b9ab9c7eadfd8df19006f1cf1a4aed13540ed5cbc047010ece5826e10825488"
 SRC_URI[redox_syscall-0.2.16.sha256sum] = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a"
 SRC_URI[scopeguard-1.1.0.sha256sum] = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"
-SRC_URI[scratch-1.0.3.sha256sum] = "ddccb15bcce173023b3fedd9436f882a0739b8dfb45e4f6b6002bee5929f61b2"
 SRC_URI[smallvec-1.10.0.sha256sum] = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0"
-SRC_URI[syn-1.0.107.sha256sum] = "1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5"
-SRC_URI[termcolor-1.1.3.sha256sum] = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755"
-SRC_URI[unicode-ident-1.0.6.sha256sum] = "84a22b9f218b40614adcb3f4ff08b703773ad44fa9423e4e0d346d5db86e4ebc"
-SRC_URI[unicode-width-0.1.10.sha256sum] = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b"
+SRC_URI[syn-1.0.109.sha256sum] = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
+SRC_URI[syn-2.0.18.sha256sum] = "32d41677bcbe24c20c52e7c70b0d8db04134c5d1066bf98662e2871ad200ea3e"
+SRC_URI[target-lexicon-0.12.7.sha256sum] = "fd1ba337640d60c3e96bc6f0638a939b9c9a7f2c316a1598c279828b3d1dc8c5"
+SRC_URI[unicode-ident-1.0.9.sha256sum] = "b15811caf2415fb889178633e7724bad2509101cde276048e013b9def5e51fa0"
 SRC_URI[unindent-0.1.11.sha256sum] = "e1766d682d402817b5ac4490b3c3002d91dfa0d22812f341609f97b08757359c"
+SRC_URI[vcpkg-0.2.15.sha256sum] = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
 SRC_URI[version_check-0.9.4.sha256sum] = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
-SRC_URI[wasm-bindgen-0.2.83.sha256sum] = "eaf9f5aceeec8be17c128b2e93e031fb8a4d469bb9c4ae2d7dc1888b26887268"
-SRC_URI[wasm-bindgen-backend-0.2.83.sha256sum] = "4c8ffb332579b0557b52d268b91feab8df3615f265d5270fec2a8c95b17c1142"
-SRC_URI[wasm-bindgen-macro-0.2.83.sha256sum] = "052be0f94026e6cbc75cdefc9bae13fd6052cdcaf532fa6c45e7ae33a1e6c810"
-SRC_URI[wasm-bindgen-macro-support-0.2.83.sha256sum] = "07bc0c051dc5f23e307b13285f9d75df86bfdf816c5721e573dec1f9b8aa193c"
-SRC_URI[wasm-bindgen-shared-0.2.83.sha256sum] = "1c38c045535d93ec4f0b4defec448e4291638ee608530863b1e2ba115d4fff7f"
-SRC_URI[winapi-0.3.9.sha256sum] = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
-SRC_URI[winapi-i686-pc-windows-gnu-0.4.0.sha256sum] = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
-SRC_URI[winapi-util-0.1.5.sha256sum] = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
-SRC_URI[winapi-x86_64-pc-windows-gnu-0.4.0.sha256sum] = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+SRC_URI[windows-sys-0.45.0.sha256sum] = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0"
+SRC_URI[windows-targets-0.42.2.sha256sum] = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071"
+SRC_URI[windows_aarch64_gnullvm-0.42.2.sha256sum] = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8"
+SRC_URI[windows_aarch64_msvc-0.42.2.sha256sum] = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43"
+SRC_URI[windows_i686_gnu-0.42.2.sha256sum] = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f"
+SRC_URI[windows_i686_msvc-0.42.2.sha256sum] = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060"
+SRC_URI[windows_x86_64_gnu-0.42.2.sha256sum] = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36"
+SRC_URI[windows_x86_64_gnullvm-0.42.2.sha256sum] = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3"
+SRC_URI[windows_x86_64_msvc-0.42.2.sha256sum] = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0"
diff --git a/poky/meta/recipes-devtools/python/python3-cryptography-vectors_39.0.2.bb b/poky/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.2.bb
similarity index 86%
rename from poky/meta/recipes-devtools/python/python3-cryptography-vectors_39.0.2.bb
rename to poky/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.2.bb
index 795e27f..52f2c35 100644
--- a/poky/meta/recipes-devtools/python/python3-cryptography-vectors_39.0.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.2.bb
@@ -9,11 +9,11 @@
 # NOTE: Make sure to keep this recipe at the same version as python3-cryptography
 #       Upgrade both recipes at the same time
 
-SRC_URI[sha256sum] = "a68f106f7a4322cf1e7ed51e3fc6d5c1e0b11d337ed918ec879e8afe0c2a5220"
+SRC_URI[sha256sum] = "028dff94a8522ca818b11295ff12df55f348f33a193c0597ddfe8239e53d1582"
 
 PYPI_PACKAGE = "cryptography_vectors"
 
-inherit pypi setuptools3
+inherit pypi python_setuptools_build_meta
 
 DEPENDS += " \
     ${PYTHON_PN}-cryptography \
diff --git a/poky/meta/recipes-devtools/python/python3-cryptography/0001-Fix-include-directory-when-cross-compiling-9129.patch b/poky/meta/recipes-devtools/python/python3-cryptography/0001-Fix-include-directory-when-cross-compiling-9129.patch
new file mode 100644
index 0000000..d720359
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-cryptography/0001-Fix-include-directory-when-cross-compiling-9129.patch
@@ -0,0 +1,52 @@
+From 2f9cd402d3293f6efe0f3ac06f17c6c14edbed86 Mon Sep 17 00:00:00 2001
+From: James Hilliard <james.hilliard1@gmail.com>
+Date: Sun, 25 Jun 2023 17:39:19 -0600
+Subject: [PATCH] Fix include directory when cross compiling (#9129)
+
+Upstream-Status: Backport [https://github.com/pyca/cryptography/pull/9129]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ src/rust/cryptography-cffi/build.rs | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/src/rust/cryptography-cffi/build.rs b/src/rust/cryptography-cffi/build.rs
+index 07590ad2e..384af1ddb 100644
+--- a/src/rust/cryptography-cffi/build.rs
++++ b/src/rust/cryptography-cffi/build.rs
+@@ -47,9 +47,14 @@ fn main() {
+     )
+     .unwrap();
+     println!("cargo:rustc-cfg=python_implementation=\"{}\"", python_impl);
+-    let python_include = run_python_script(
++    let python_includes = run_python_script(
+         &python,
+-        "import sysconfig; print(sysconfig.get_path('include'), end='')",
++        "import os; \
++         import setuptools.dist; \
++         import setuptools.command.build_ext; \
++         b = setuptools.command.build_ext.build_ext(setuptools.dist.Distribution()); \
++         b.finalize_options(); \
++         print(os.pathsep.join(b.include_dirs), end='')",
+     )
+     .unwrap();
+     let openssl_include =
+@@ -59,12 +64,15 @@ fn main() {
+     let mut build = cc::Build::new();
+     build
+         .file(openssl_c)
+-        .include(python_include)
+         .include(openssl_include)
+         .flag_if_supported("-Wconversion")
+         .flag_if_supported("-Wno-error=sign-conversion")
+         .flag_if_supported("-Wno-unused-parameter");
+ 
++    for python_include in env::split_paths(&python_includes) {
++        build.include(python_include);
++    }
++
+     // Enable abi3 mode if we're not using PyPy.
+     if python_impl != "PyPy" {
+         // cp37 (Python 3.7 to help our grep when we some day drop 3.7 support)
+-- 
+2.30.2
+
diff --git a/poky/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch b/poky/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch
index 481f595..69cf451 100644
--- a/poky/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch
+++ b/poky/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch
@@ -1,4 +1,4 @@
-From ce972ea92d724f232323a9a6265a8b44d913d4d8 Mon Sep 17 00:00:00 2001
+From b7dd3ce1d75d1e6255e1aca82aa7f401d4246a75 Mon Sep 17 00:00:00 2001
 From: Mingli Yu <mingli.yu@windriver.com>
 Date: Tue, 17 May 2022 17:22:48 +0800
 Subject: [PATCH] pyproject.toml: remove --benchmark-disable option
@@ -18,23 +18,28 @@
 Upstream-Status: Inappropriate [OE specific]
 
 Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+
 ---
- pyproject.toml | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ pyproject.toml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/pyproject.toml b/pyproject.toml
-index 4d58129..b011fca 100644
+index b2e511f..4a285af 100644
 --- a/pyproject.toml
 +++ b/pyproject.toml
-@@ -15,7 +15,7 @@ line-length = 79
- target-version = ["py36"]
+@@ -85,7 +85,7 @@ line-length = 79
+ target-version = ["py37"]
  
  [tool.pytest.ini_options]
 -addopts = "-r s --capture=no --strict-markers --benchmark-disable"
 +addopts = "-r s --capture=no --strict-markers"
+ console_output_style = "progress-even-when-capture-no"
  markers = [
      "skip_fips: this test is not executed in FIPS mode",
-     "supported: parametrized test requiring only_if and skip_message",
--- 
-2.25.1
-
+@@ -151,4 +151,4 @@ git-only = [
+     "ci-constraints-requirements.txt",
+     ".gitattributes",
+     ".gitignore",
+-]
+\ No newline at end of file
++]
diff --git a/poky/meta/recipes-devtools/python/python3-cryptography/0002-Cargo.toml-edition-2018-2021.patch b/poky/meta/recipes-devtools/python/python3-cryptography/0002-Cargo.toml-edition-2018-2021.patch
deleted file mode 100644
index 366e3a4..0000000
--- a/poky/meta/recipes-devtools/python/python3-cryptography/0002-Cargo.toml-edition-2018-2021.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 4b73298b214a5b69ea6edf3c2e21dd82b2b29708 Mon Sep 17 00:00:00 2001
-From: Tim Orling <tim.orling@konsulko.com>
-Date: Fri, 14 Jan 2022 22:34:59 -0800
-Subject: [PATCH 2/2] Cargo.toml: edition 2018 -> 2021
-
-Upstream-Status: Pending
-
-Signed-off-by: Tim Orling <tim.orling@konsulko.com>
----
- src/rust/Cargo.toml | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
-index 174eaa80..7ad053d9 100644
---- a/src/rust/Cargo.toml
-+++ b/src/rust/Cargo.toml
-@@ -2,7 +2,7 @@
- name = "cryptography-rust"
- version = "0.1.0"
- authors = ["The cryptography developers <cryptography-dev@python.org>"]
--edition = "2018"
-+edition = "2021"
- publish = false
- 
- [dependencies]
--- 
-2.30.2
-
diff --git a/poky/meta/recipes-devtools/python/python3-cryptography_39.0.2.bb b/poky/meta/recipes-devtools/python/python3-cryptography_41.0.2.bb
similarity index 74%
rename from poky/meta/recipes-devtools/python/python3-cryptography_39.0.2.bb
rename to poky/meta/recipes-devtools/python/python3-cryptography_41.0.2.bb
index 449e3ba..20d6c97 100644
--- a/poky/meta/recipes-devtools/python/python3-cryptography_39.0.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-cryptography_41.0.2.bb
@@ -1,26 +1,24 @@
 SUMMARY = "Provides cryptographic recipes and primitives to python developers"
 HOMEPAGE = "https://cryptography.io/"
 SECTION = "devel/python"
-LICENSE = "( Apache-2.0 | BSD-3-Clause ) & PSF-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=bf405a8056a6647e7d077b0e7bc36aba \
+LICENSE = "Apache-2.0 | BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \
                     file://LICENSE.APACHE;md5=4e168cce331e5c827d4c2b68a6200e1b \
                     file://LICENSE.BSD;md5=5ae30ba4123bc4f2fa49aa0b0dce887b \
-                    file://LICENSE.PSF;md5=43c37d21e1dbad10cddcd150ba2c0595 \
                    "
 LDSHARED += "-pthread"
 
-SRC_URI[sha256sum] = "bc5b871e977c8ee5a1bbc42fa8d19bcc08baf0c51cbf1586b0e87a2694dde42f"
+SRC_URI[sha256sum] = "7d230bf856164de164ecb615ccc14c7fc6de6906ddd5b491f3af90d3514c925c"
 
-SRC_URI += "\
-    file://0002-Cargo.toml-edition-2018-2021.patch \
-    file://0001-pyproject.toml-remove-benchmark-disable-option.patch \
-    file://check-memfree.py \
-    file://run-ptest \
-"
+SRC_URI += "file://0001-pyproject.toml-remove-benchmark-disable-option.patch \
+            file://0001-Fix-include-directory-when-cross-compiling-9129.patch \
+            file://check-memfree.py \
+            file://run-ptest \
+           "
 
 require ${BPN}-crates.inc
 
-inherit pypi python_setuptools3_rust cargo-update-recipe-crates
+inherit pypi python_setuptools3_rust cargo-update-recipe-crates pkgconfig
 
 DEPENDS += " \
     ${PYTHON_PN}-cffi-native \
diff --git a/poky/meta/recipes-devtools/python/python3-cython_0.29.35.bb b/poky/meta/recipes-devtools/python/python3-cython_0.29.36.bb
similarity index 100%
rename from poky/meta/recipes-devtools/python/python3-cython_0.29.35.bb
rename to poky/meta/recipes-devtools/python/python3-cython_0.29.36.bb
diff --git a/poky/meta/recipes-devtools/python/python3-editables_0.3.bb b/poky/meta/recipes-devtools/python/python3-editables_0.4.bb
similarity index 69%
rename from poky/meta/recipes-devtools/python/python3-editables_0.3.bb
rename to poky/meta/recipes-devtools/python/python3-editables_0.4.bb
index b42ff06..c531869 100644
--- a/poky/meta/recipes-devtools/python/python3-editables_0.3.bb
+++ b/poky/meta/recipes-devtools/python/python3-editables_0.4.bb
@@ -4,8 +4,12 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=41bc1be47b7bb8240db3ef928c7cb0bf"
 
-SRC_URI[sha256sum] = "167524e377358ed1f1374e61c268f0d7a4bf7dbd046c656f7b410cde16161b1a"
+SRC_URI[sha256sum] = "dc322c42e7ccaf19600874035a4573898d88aadd07e177c239298135b75da772"
 
 inherit pypi python_setuptools_build_meta
 
+RDEPENDS:${PN} += "\
+        python3-io \
+"
+
 BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-devtools/python/python3-git_3.1.31.bb b/poky/meta/recipes-devtools/python/python3-git_3.1.32.bb
similarity index 92%
rename from poky/meta/recipes-devtools/python/python3-git_3.1.31.bb
rename to poky/meta/recipes-devtools/python/python3-git_3.1.32.bb
index 08b9f66..f217577 100644
--- a/poky/meta/recipes-devtools/python/python3-git_3.1.31.bb
+++ b/poky/meta/recipes-devtools/python/python3-git_3.1.32.bb
@@ -12,7 +12,7 @@
 
 inherit pypi python_setuptools_build_meta
 
-SRC_URI[sha256sum] = "8ce3bcf69adfdf7c7d503e78fd3b1c492af782d58893b650adb2ac8912ddd573"
+SRC_URI[sha256sum] = "8d9b8cb1e80b9735e8717c9362079d3ce4c6e5ddeebedd0361b228c3a67a62f6"
 
 DEPENDS += " ${PYTHON_PN}-gitdb"
 
diff --git a/poky/meta/recipes-devtools/python/python3-hatchling_1.17.0.bb b/poky/meta/recipes-devtools/python/python3-hatchling_1.18.0.bb
similarity index 85%
rename from poky/meta/recipes-devtools/python/python3-hatchling_1.17.0.bb
rename to poky/meta/recipes-devtools/python/python3-hatchling_1.18.0.bb
index 05a86f0..c94e49d 100644
--- a/poky/meta/recipes-devtools/python/python3-hatchling_1.17.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-hatchling_1.18.0.bb
@@ -8,7 +8,7 @@
 DEPENDS += "python3-pluggy-native python3-pathspec-native python3-packaging-native python3-editables-native python3-trove-classifiers-native"
 DEPENDS:remove:class-native = "python3-hatchling-native"
 
-SRC_URI[sha256sum] = "b1244db3f45b4ef5a00106a46612da107cdfaf85f1580b8e1c059fefc98b0930"
+SRC_URI[sha256sum] = "50e99c3110ce0afc3f7bdbadff1c71c17758e476731c27607940cfa6686489ca"
 
 do_compile:prepend() {
     export PYTHONPATH=src
diff --git a/poky/meta/recipes-devtools/python/python3-hypothesis_6.75.7.bb b/poky/meta/recipes-devtools/python/python3-hypothesis_6.81.2.bb
similarity index 91%
rename from poky/meta/recipes-devtools/python/python3-hypothesis_6.75.7.bb
rename to poky/meta/recipes-devtools/python/python3-hypothesis_6.81.2.bb
index dc21bc6..93bf638 100644
--- a/poky/meta/recipes-devtools/python/python3-hypothesis_6.75.7.bb
+++ b/poky/meta/recipes-devtools/python/python3-hypothesis_6.81.2.bb
@@ -13,7 +13,7 @@
     file://test_rle.py \
     "
 
-SRC_URI[sha256sum] = "a8ef2e0c7d5ebd90043a4ed8f6987de6a2b497b2caf6863364ff41db25971856"
+SRC_URI[sha256sum] = "e35165a73064370d30d476d7218f600d2bf861ff218192c9e994cb36aa190ae7"
 
 RDEPENDS:${PN} += " \
     python3-attrs \
diff --git a/poky/meta/recipes-devtools/python/python3-importlib-metadata_6.6.0.bb b/poky/meta/recipes-devtools/python/python3-importlib-metadata_6.8.0.bb
similarity index 88%
rename from poky/meta/recipes-devtools/python/python3-importlib-metadata_6.6.0.bb
rename to poky/meta/recipes-devtools/python/python3-importlib-metadata_6.8.0.bb
index 34bc55b..b8dd4bb 100644
--- a/poky/meta/recipes-devtools/python/python3-importlib-metadata_6.6.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-importlib-metadata_6.8.0.bb
@@ -8,7 +8,7 @@
 PYPI_PACKAGE = "importlib_metadata"
 UPSTREAM_CHECK_REGEX = "/importlib-metadata/(?P<pver>(\d+[\.\-_]*)+)/"
 
-SRC_URI[sha256sum] = "92501cdf9cc66ebd3e612f1b4f0c0765dfa42f0fa38ffb319b6bd84dd675d705"
+SRC_URI[sha256sum] = "dbace7892d8c0c4ac1ad096662232f831d4e64f4c4545bd53016a3e9d4654743"
 
 S = "${WORKDIR}/importlib_metadata-${PV}"
 
diff --git a/poky/meta/recipes-devtools/python/python3-iso8601_1.1.0.bb b/poky/meta/recipes-devtools/python/python3-iso8601_2.0.0.bb
similarity index 78%
rename from poky/meta/recipes-devtools/python/python3-iso8601_1.1.0.bb
rename to poky/meta/recipes-devtools/python/python3-iso8601_2.0.0.bb
index 797607f..a8dccb9 100644
--- a/poky/meta/recipes-devtools/python/python3-iso8601_1.1.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-iso8601_2.0.0.bb
@@ -3,7 +3,7 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=aab31f2ef7ba214a5a341eaa47a7f367"
 
-SRC_URI[sha256sum] = "32811e7b81deee2063ea6d2e94f8819a86d1f3811e49d23623a41fa832bef03f"
+SRC_URI[sha256sum] = "739960d37c74c77bd9bd546a76562ccb581fe3d4820ff5c3141eb49c839fda8f"
 
 inherit pypi python_poetry_core
 
diff --git a/poky/meta/recipes-devtools/python/python3-jsonpointer/0001-Clean-up-test-runner.patch b/poky/meta/recipes-devtools/python/python3-jsonpointer/0001-Clean-up-test-runner.patch
deleted file mode 100644
index 4121834..0000000
--- a/poky/meta/recipes-devtools/python/python3-jsonpointer/0001-Clean-up-test-runner.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 04a864f33848da6af1dea906ba4922770022ef66 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@arm.com>
-Date: Thu, 16 Mar 2023 14:21:32 +0000
-Subject: [PATCH] Clean up test runner
-
-Test code doesn't need to manually construct a TestSuite and a
-TextTestRunner, the unittest module has a discovery function that does
-all this for you.
-
-Delete all of the manual logic from tests.py, replace it with the two
-lines to bring in the doctest unit tests, and update the makefile to
-run the unittest discovery.
-
-Upstream-Status: Submitted [https://github.com/stefankoegl/python-json-pointer/pull/54]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
----
- makefile |  2 +-
- tests.py | 24 ++++--------------------
- 2 files changed, 5 insertions(+), 21 deletions(-)
-
-diff --git a/tests.py b/tests.py
-index 9252369..6b4b8cc 100755
---- a/tests.py
-+++ b/tests.py
-@@ -7,6 +7,7 @@ import doctest
- import unittest
- import sys
- import copy
-+import jsonpointer
- from jsonpointer import resolve_pointer, EndOfList, JsonPointerException, \
-          JsonPointer, set_pointer
- 
-@@ -410,23 +411,6 @@ class AltTypesTests(unittest.TestCase):
-         self.assertRaises(JsonPointerException, resolve_pointer, doc, '/root/1/2/3/4')
- 
- 
--
--suite = unittest.TestSuite()
--suite.addTest(unittest.makeSuite(SpecificationTests))
--suite.addTest(unittest.makeSuite(ComparisonTests))
--suite.addTest(unittest.makeSuite(WrongInputTests))
--suite.addTest(unittest.makeSuite(ToLastTests))
--suite.addTest(unittest.makeSuite(SetTests))
--suite.addTest(unittest.makeSuite(AltTypesTests))
--
--modules = ['jsonpointer']
--
--for module in modules:
--    m = __import__(module, fromlist=[module])
--    suite.addTest(doctest.DocTestSuite(m))
--
--runner = unittest.TextTestRunner(verbosity=1)
--result = runner.run(suite)
--
--if not result.wasSuccessful():
--    sys.exit(1)
-+def load_tests(loader, tests, ignore):
-+    tests.addTests(doctest.DocTestSuite(jsonpointer))
-+    return tests
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-devtools/python/python3-jsonpointer_2.3.bb b/poky/meta/recipes-devtools/python/python3-jsonpointer_2.4.bb
similarity index 79%
rename from poky/meta/recipes-devtools/python/python3-jsonpointer_2.3.bb
rename to poky/meta/recipes-devtools/python/python3-jsonpointer_2.4.bb
index 0ec4de0..d7a1fea 100644
--- a/poky/meta/recipes-devtools/python/python3-jsonpointer_2.3.bb
+++ b/poky/meta/recipes-devtools/python/python3-jsonpointer_2.4.bb
@@ -5,9 +5,7 @@
 
 inherit pypi ptest setuptools3
 
-SRC_URI += "file://0001-Clean-up-test-runner.patch"
-
-SRC_URI[sha256sum] = "97cba51526c829282218feb99dab1b1e6bdf8efd1c43dc9d57be093c0d69c99a"
+SRC_URI[sha256sum] = "585cee82b70211fa9e6043b7bb89db6e1aa49524340dde8ad6b63206ea689d88"
 
 RDEPENDS:${PN} += " \
     ${PYTHON_PN}-json \
diff --git a/poky/meta/recipes-devtools/python/python3-lxml_4.9.2.bb b/poky/meta/recipes-devtools/python/python3-lxml_4.9.3.bb
similarity index 95%
rename from poky/meta/recipes-devtools/python/python3-lxml_4.9.2.bb
rename to poky/meta/recipes-devtools/python/python3-lxml_4.9.3.bb
index c7f1e1f..b911f7b 100644
--- a/poky/meta/recipes-devtools/python/python3-lxml_4.9.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-lxml_4.9.3.bb
@@ -18,7 +18,7 @@
 
 DEPENDS += "libxml2 libxslt"
 
-SRC_URI[sha256sum] = "2455cfaeb7ac70338b3257f41e21f0724f4b5b0c0e7702da67ee6c3640835b67"
+SRC_URI[sha256sum] = "48628bd53a426c9eb9bc066a923acaa0878d1e86129fd5359aee99285f4eed9c"
 
 SRC_URI += "${PYPI_SRC_URI}"
 inherit pkgconfig pypi setuptools3
diff --git a/poky/meta/recipes-devtools/python/python3-markupsafe_2.1.2.bb b/poky/meta/recipes-devtools/python/python3-markupsafe_2.1.3.bb
similarity index 86%
rename from poky/meta/recipes-devtools/python/python3-markupsafe_2.1.2.bb
rename to poky/meta/recipes-devtools/python/python3-markupsafe_2.1.3.bb
index d150403..b346cc8 100644
--- a/poky/meta/recipes-devtools/python/python3-markupsafe_2.1.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-markupsafe_2.1.3.bb
@@ -3,7 +3,7 @@
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=ffeffa59c90c9c4a033c7574f8f3fb75"
 
-SRC_URI[sha256sum] = "abcabc8c2b26036d62d4c746381a6f7cf60aafcc653198ad678306986b09450d"
+SRC_URI[sha256sum] = "af598ed32d6ae86f1b747b82783958b1a4ab8f617b06fe68795c7f026abbdcad"
 
 PYPI_PACKAGE = "MarkupSafe"
 inherit pypi setuptools3 ptest
diff --git a/poky/meta/recipes-devtools/python/python3-numpy_1.24.3.bb b/poky/meta/recipes-devtools/python/python3-numpy_1.25.1.bb
similarity index 93%
rename from poky/meta/recipes-devtools/python/python3-numpy_1.24.3.bb
rename to poky/meta/recipes-devtools/python/python3-numpy_1.25.1.bb
index 710af5f..3632ab7 100644
--- a/poky/meta/recipes-devtools/python/python3-numpy_1.24.3.bb
+++ b/poky/meta/recipes-devtools/python/python3-numpy_1.25.1.bb
@@ -3,7 +3,7 @@
 DESCRIPTION = "NumPy is the fundamental package needed for scientific computing with Python."
 SECTION = "devel/python"
 LICENSE = "BSD-3-Clause & BSD-2-Clause & PSF-2.0 & Apache-2.0 & MIT"
-LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8026691468924fb6ec155dadfe2a1a7f"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=7614a5b0073688df53773ec6ec7fe81d"
 
 SRCNAME = "numpy"
 
@@ -12,7 +12,7 @@
            file://0001-numpy-core-Define-RISCV-32-support.patch \
            file://run-ptest \
            "
-SRC_URI[sha256sum] = "ab344f1bf21f140adab8e47fdbc7c35a477dc01408791f8ba00d018dd0bc5155"
+SRC_URI[sha256sum] = "9a3a9f3a61480cc086117b426a8bd86869c213fc4072e606f01c4e4b66eb92bf"
 
 GITHUB_BASE_URI = "https://github.com/numpy/numpy/releases"
 UPSTREAM_CHECK_REGEX = "releases/tag/v?(?P<pver>\d+(\.\d+)+)$"
diff --git a/poky/meta/recipes-devtools/python/python3-pip_23.1.2.bb b/poky/meta/recipes-devtools/python/python3-pip_23.2.bb
similarity index 94%
rename from poky/meta/recipes-devtools/python/python3-pip_23.1.2.bb
rename to poky/meta/recipes-devtools/python/python3-pip_23.2.bb
index a0ebd76..1ddec7d 100644
--- a/poky/meta/recipes-devtools/python/python3-pip_23.1.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-pip_23.2.bb
@@ -13,7 +13,7 @@
                     file://src/pip/_vendor/msgpack/COPYING;md5=cd9523181d9d4fbf7ffca52eaa2a5751 \
                     file://src/pip/_vendor/packaging/LICENSE;md5=faadaedca9251a90b205c9167578ce91 \
                     file://src/pip/_vendor/packaging/LICENSE.APACHE;md5=2ee41112a44fe7014dce33e26468ba93 \
-                    file://src/pip/_vendor/pkg_resources/LICENSE;md5=7a7126e068206290f3fe9f8d6c713ea6 \
+                    file://src/pip/_vendor/pkg_resources/LICENSE;md5=141643e11c48898150daa83802dbc65f \
                     file://src/pip/_vendor/platformdirs/LICENSE;md5=ea4f5a41454746a9ed111e3d8723d17a \
                     file://src/pip/_vendor/pygments/LICENSE;md5=36a13c90514e2899f1eba7f41c3ee592 \
                     file://src/pip/_vendor/pyparsing/LICENSE;md5=657a566233888513e1f07ba13e2f47f1 \
@@ -24,7 +24,7 @@
                     file://src/pip/_vendor/six.LICENSE;md5=43cfc9e4ac0e377acfb9b76f56b8415d \
                     file://src/pip/_vendor/tenacity/LICENSE;md5=175792518e4ac015ab6696d16c4f607e \
                     file://src/pip/_vendor/tomli/LICENSE;md5=aaaaf0879d17df0110d1aa8c8c9f46f5 \
-                    file://src/pip/_vendor/typing_extensions.LICENSE;md5=f16b323917992e0f8a6f0071bc9913e2 \
+                    file://src/pip/_vendor/typing_extensions.LICENSE;md5=fcf6b249c2641540219a727f35d8d2c2 \
                     file://src/pip/_vendor/urllib3/LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c \
                     file://src/pip/_vendor/webencodings/LICENSE;md5=81fb24cd7823cce23b69f721993dce4d \
                     "
@@ -33,7 +33,7 @@
 
 SRC_URI += "file://no_shebang_mangling.patch"
 
-SRC_URI[sha256sum] = "0e7c86f486935893c708287b30bd050a36ac827ec7fe5e43fe7cb198dd835fba"
+SRC_URI[sha256sum] = "a160a170f3331d9ca1a0247eb1cd79c758879f1f81158f9cd05bbb5df80bea5c"
 
 do_install:append() {
     rm -f ${D}/${bindir}/pip
diff --git a/poky/meta/recipes-devtools/python/python3-pluggy_1.0.0.bb b/poky/meta/recipes-devtools/python/python3-pluggy_1.2.0.bb
similarity index 88%
rename from poky/meta/recipes-devtools/python/python3-pluggy_1.0.0.bb
rename to poky/meta/recipes-devtools/python/python3-pluggy_1.2.0.bb
index 99ae633..3322bb5 100644
--- a/poky/meta/recipes-devtools/python/python3-pluggy_1.0.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-pluggy_1.2.0.bb
@@ -3,7 +3,7 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=1c8206d16fd5cc02fa9b0bb98955e5c2"
 
-SRC_URI[sha256sum] = "4224373bacce55f955a878bf9cfa763c1e360858e330072059e10bad68531159"
+SRC_URI[sha256sum] = "d12f0c4b579b15f5e054301bb226ee85eeeba08ffec228092f8defbaa3a4c4b3"
 
 DEPENDS += "${PYTHON_PN}-setuptools-scm-native"
 RDEPENDS:${PN} += "${PYTHON_PN}-importlib-metadata \
diff --git a/poky/meta/recipes-devtools/python/python3-pycairo_1.23.0.bb b/poky/meta/recipes-devtools/python/python3-pycairo_1.24.0.bb
similarity index 89%
rename from poky/meta/recipes-devtools/python/python3-pycairo_1.23.0.bb
rename to poky/meta/recipes-devtools/python/python3-pycairo_1.24.0.bb
index 5214a05..8059750 100644
--- a/poky/meta/recipes-devtools/python/python3-pycairo_1.23.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-pycairo_1.24.0.bb
@@ -13,7 +13,7 @@
 SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/pycairo-${PV}.tar.gz"
 GITHUB_BASE_URI = "https://github.com/pygobject/pycairo/releases/"
 
-SRC_URI[sha256sum] = "9b61ac818723adc04367301317eb2e814a83522f07bbd1f409af0dada463c44c"
+SRC_URI[sha256sum] = "1444d52f1bb4cc79a4a0c0fe2ccec4bd78ff885ab01ebe1c0f637d8392bcafb6"
 
 S = "${WORKDIR}/pycairo-${PV}"
 
diff --git a/poky/meta/recipes-devtools/python/python3-pygments_2.14.0.bb b/poky/meta/recipes-devtools/python/python3-pygments_2.15.1.bb
similarity index 76%
rename from poky/meta/recipes-devtools/python/python3-pygments_2.14.0.bb
rename to poky/meta/recipes-devtools/python/python3-pygments_2.15.1.bb
index 16769e9..e0e4771 100644
--- a/poky/meta/recipes-devtools/python/python3-pygments_2.14.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-pygments_2.15.1.bb
@@ -4,8 +4,8 @@
 LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=36a13c90514e2899f1eba7f41c3ee592"
 
-inherit setuptools3
-SRC_URI[sha256sum] = "b3ed06a9e8ac9a9aae5a6f5dbe78a8a58655d17b43b93c078f094ddc476ae297"
+inherit python_setuptools_build_meta
+SRC_URI[sha256sum] = "8ace4d3c1dd481894b2005f560ead0f9f19ee64fe983366be1a21e171d12775c"
 
 DEPENDS += "\
             ${PYTHON_PN} \
diff --git a/poky/meta/recipes-devtools/python/python3-pyparsing_3.0.9.bb b/poky/meta/recipes-devtools/python/python3-pyparsing_3.1.0.bb
similarity index 90%
rename from poky/meta/recipes-devtools/python/python3-pyparsing_3.0.9.bb
rename to poky/meta/recipes-devtools/python/python3-pyparsing_3.1.0.bb
index b858073..e5c6d5f 100644
--- a/poky/meta/recipes-devtools/python/python3-pyparsing_3.0.9.bb
+++ b/poky/meta/recipes-devtools/python/python3-pyparsing_3.1.0.bb
@@ -10,7 +10,7 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=657a566233888513e1f07ba13e2f47f1"
 
-SRC_URI[sha256sum] = "2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb"
+SRC_URI[sha256sum] = "edb662d6fe322d6e990b1594b5feaeadf806803359e3d4d42f11e295e588f0ea"
 
 UPSTREAM_CHECK_REGEX = "pyparsing-(?P<pver>.*)\.tar"
 
diff --git a/poky/meta/recipes-devtools/python/python3-pytest-subtests_0.10.0.bb b/poky/meta/recipes-devtools/python/python3-pytest-subtests_0.11.0.bb
similarity index 80%
rename from poky/meta/recipes-devtools/python/python3-pytest-subtests_0.10.0.bb
rename to poky/meta/recipes-devtools/python/python3-pytest-subtests_0.11.0.bb
index e1f2a49..ddba031 100644
--- a/poky/meta/recipes-devtools/python/python3-pytest-subtests_0.10.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-pytest-subtests_0.11.0.bb
@@ -7,9 +7,9 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=242b4e17fa287dcf7aef372f6bc3dcb1"
 
-SRC_URI[sha256sum] = "d9961a67c1791e8c1e32dce7a70ed1e54f3b1e641087f2094f2d37087ab7fb17"
+SRC_URI[sha256sum] = "51865c88457545f51fb72011942f0a3c6901ee9e24cbfb6d1b9dc1348bafbe37"
 
-inherit pypi setuptools3
+inherit pypi python_setuptools_build_meta
 
 DEPENDS += "${PYTHON_PN}-setuptools-scm-native"
 
diff --git a/poky/meta/recipes-devtools/python/python3-pytest_7.3.1.bb b/poky/meta/recipes-devtools/python/python3-pytest_7.4.0.bb
similarity index 92%
rename from poky/meta/recipes-devtools/python/python3-pytest_7.3.1.bb
rename to poky/meta/recipes-devtools/python/python3-pytest_7.4.0.bb
index 914ea55..323dfeb 100644
--- a/poky/meta/recipes-devtools/python/python3-pytest_7.3.1.bb
+++ b/poky/meta/recipes-devtools/python/python3-pytest_7.4.0.bb
@@ -5,7 +5,7 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=bd27e41b6550fe0fc45356d1d81ee37c"
 
-SRC_URI[sha256sum] = "434afafd78b1d78ed0addf160ad2b77a30d35d4bdf8af234fe621919d9ed15e3"
+SRC_URI[sha256sum] = "b4bf8c45bd59934ed84001ad51e11b4ee40d40a1229d2c79f9c592b0a3f6bd8a"
 
 DEPENDS += "python3-setuptools-scm-native"
 
diff --git a/poky/meta/recipes-devtools/python/python3-ruamel-yaml_0.17.31.bb b/poky/meta/recipes-devtools/python/python3-ruamel-yaml_0.17.32.bb
similarity index 86%
rename from poky/meta/recipes-devtools/python/python3-ruamel-yaml_0.17.31.bb
rename to poky/meta/recipes-devtools/python/python3-ruamel-yaml_0.17.32.bb
index 5604ff0..b745f34 100644
--- a/poky/meta/recipes-devtools/python/python3-ruamel-yaml_0.17.31.bb
+++ b/poky/meta/recipes-devtools/python/python3-ruamel-yaml_0.17.32.bb
@@ -9,7 +9,7 @@
 
 inherit pypi setuptools3
 
-SRC_URI[sha256sum] = "098ed1eb6d338a684891a72380277c1e6fc4d4ae0e120de9a447275056dda335"
+SRC_URI[sha256sum] = "ec939063761914e14542972a5cba6d33c23b0859ab6342f61cf070cfc600efc2"
 
 RDEPENDS:${PN} += "\
     ${PYTHON_PN}-shell \
diff --git a/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch b/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch
index 4d56dc8..1e5ab49 100644
--- a/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch
+++ b/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch
@@ -1,4 +1,4 @@
-From 2b06ca797d3ccc5b195aaa04a085c44bf61d4de3 Mon Sep 17 00:00:00 2001
+From 5e603da9c01ccb828a03ea3e82d15599971f794f Mon Sep 17 00:00:00 2001
 From: Hongxu Jia <hongxu.jia@windriver.com>
 Date: Tue, 17 Jul 2018 10:13:38 +0800
 Subject: [PATCH] conditionally do not fetch code by easy_install
@@ -9,17 +9,16 @@
 Upstream-Status: Inappropriate [oe specific]
 
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
-
 ---
  setuptools/command/easy_install.py | 5 +++++
  1 file changed, 5 insertions(+)
 
 diff --git a/setuptools/command/easy_install.py b/setuptools/command/easy_install.py
-index 444d3b3..61e445a 100644
+index 0b8d1159..93308060 100644
 --- a/setuptools/command/easy_install.py
 +++ b/setuptools/command/easy_install.py
-@@ -648,6 +648,11 @@ class easy_install(Command):
-             os.path.exists(tmpdir) and rmtree(tmpdir)
+@@ -644,6 +644,11 @@ class easy_install(Command):
+             os.path.exists(tmpdir) and _rmtree(tmpdir)
  
      def easy_install(self, spec, deps=False):
 +        if os.environ.get('NO_FETCH_BUILD', None):
@@ -30,3 +29,6 @@
          with self._tmpdir() as tmpdir:
              if not isinstance(spec, Requirement):
                  if URL_SCHEME(spec):
+-- 
+2.41.0
+
diff --git a/poky/meta/recipes-devtools/python/python3-setuptools_67.6.1.bb b/poky/meta/recipes-devtools/python/python3-setuptools_68.0.0.bb
similarity index 89%
rename from poky/meta/recipes-devtools/python/python3-setuptools_67.6.1.bb
rename to poky/meta/recipes-devtools/python/python3-setuptools_68.0.0.bb
index ad0d7cc..4ac789d 100644
--- a/poky/meta/recipes-devtools/python/python3-setuptools_67.6.1.bb
+++ b/poky/meta/recipes-devtools/python/python3-setuptools_68.0.0.bb
@@ -2,7 +2,7 @@
 HOMEPAGE = "https://pypi.org/project/setuptools"
 SECTION = "devel/python"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=19;md5=7a7126e068206290f3fe9f8d6c713ea6"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=141643e11c48898150daa83802dbc65f"
 
 inherit pypi python_setuptools_build_meta
 
@@ -11,7 +11,7 @@
 SRC_URI += " \
             file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch"
 
-SRC_URI[sha256sum] = "257de92a9d50a60b8e22abfcbb771571fde0dbf3ec234463212027a4eeecbe9a"
+SRC_URI[sha256sum] = "baf1fdb41c6da4cd2eae722e135500da913332ab3f2f5c7d33af9b492acb5235"
 
 DEPENDS += "${PYTHON_PN}"
 
diff --git a/poky/meta/recipes-devtools/python/python3-sphinx-rtd-theme_1.2.1.bb b/poky/meta/recipes-devtools/python/python3-sphinx-rtd-theme_1.2.2.bb
similarity index 88%
rename from poky/meta/recipes-devtools/python/python3-sphinx-rtd-theme_1.2.1.bb
rename to poky/meta/recipes-devtools/python/python3-sphinx-rtd-theme_1.2.2.bb
index 25de015..0fac83a 100644
--- a/poky/meta/recipes-devtools/python/python3-sphinx-rtd-theme_1.2.1.bb
+++ b/poky/meta/recipes-devtools/python/python3-sphinx-rtd-theme_1.2.2.bb
@@ -13,7 +13,7 @@
 
 PYPI_PACKAGE = "sphinx_rtd_theme"
 
-SRC_URI[sha256sum] = "cf9a7dc0352cf179c538891cb28d6fad6391117d4e21c891776ab41dd6c8ff70"
+SRC_URI[sha256sum] = "01c5c5a72e2d025bd23d1f06c59a4831b06e6ce6c01fdd5ebfe9986c0a880fc7"
 UPSTREAM_CHECK_REGEX ?= "/sphinx-rtd-theme/(?P<pver>(\d+[\.\-_]*)+)/"
 
 inherit setuptools3 pypi
diff --git a/poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.5.24.bb b/poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.7.6.bb
similarity index 86%
rename from poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.5.24.bb
rename to poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.7.6.bb
index 2d484d4..7879dc2 100644
--- a/poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.5.24.bb
+++ b/poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.7.6.bb
@@ -3,7 +3,7 @@
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
 
-SRC_URI[sha256sum] = "fd5a1546283be941f47540a135bdeae8fb261380a6a204d9c18012f2a1b0ceae"
+SRC_URI[sha256sum] = "8a8e168b51d20fed607043831d37632bb50919d1c80a64e0f1393744691a8b22"
 
 inherit pypi python_setuptools_build_meta ptest
 
diff --git a/poky/meta/recipes-devtools/python/python3-typing-extensions_4.6.2.bb b/poky/meta/recipes-devtools/python/python3-typing-extensions_4.7.1.bb
similarity index 83%
rename from poky/meta/recipes-devtools/python/python3-typing-extensions_4.6.2.bb
rename to poky/meta/recipes-devtools/python/python3-typing-extensions_4.7.1.bb
index be43fe4..8ff77ba 100644
--- a/poky/meta/recipes-devtools/python/python3-typing-extensions_4.6.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-typing-extensions_4.7.1.bb
@@ -10,12 +10,12 @@
 BUGTRACKER = "https://github.com/python/typing_extensions/issues"
 SECTIONS = "libs"
 LICENSE = "PSF-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f16b323917992e0f8a6f0071bc9913e2"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=fcf6b249c2641540219a727f35d8d2c2"
 
 # The name on PyPi is slightly different.
 PYPI_PACKAGE = "typing_extensions"
 
-SRC_URI[sha256sum] = "06006244c70ac8ee83fa8282cb188f697b8db25bc8b4df07be1873c43897060c"
+SRC_URI[sha256sum] = "b75ddc264f0ba5615db7ba217daeb99701ad295353c45f9e95963337ceeeffb2"
 
 inherit pypi python_flit_core
 
diff --git a/poky/meta/recipes-devtools/python/python3-urllib3_2.0.2.bb b/poky/meta/recipes-devtools/python/python3-urllib3_2.0.3.bb
similarity index 76%
rename from poky/meta/recipes-devtools/python/python3-urllib3_2.0.2.bb
rename to poky/meta/recipes-devtools/python/python3-urllib3_2.0.3.bb
index bc1cdb0..64b21db 100644
--- a/poky/meta/recipes-devtools/python/python3-urllib3_2.0.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-urllib3_2.0.3.bb
@@ -1,9 +1,9 @@
 SUMMARY = "Python HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more"
 HOMEPAGE = "https://github.com/shazow/urllib3"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=52d273a3054ced561275d4d15260ecda"
 
-SRC_URI[sha256sum] = "61717a1095d7e155cdb737ac7bb2f4324a858a1e2e6466f6d03ff630ca68d3cc"
+SRC_URI[sha256sum] = "bee28b5e56addb8226c96f7f13ac28cb4c301dd5ea8a6ca179c0b9835e032825"
 
 inherit pypi python_hatchling
 
diff --git a/poky/meta/recipes-devtools/python/python3-zipp_3.15.0.bb b/poky/meta/recipes-devtools/python/python3-zipp_3.16.2.bb
similarity index 72%
rename from poky/meta/recipes-devtools/python/python3-zipp_3.15.0.bb
rename to poky/meta/recipes-devtools/python/python3-zipp_3.16.2.bb
index 45654ff..9dff59f 100644
--- a/poky/meta/recipes-devtools/python/python3-zipp_3.15.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-zipp_3.16.2.bb
@@ -1,9 +1,9 @@
 SUMMARY = "Backport of pathlib-compatible object wrapper for zip files"
 HOMEPAGE = "https://github.com/jaraco/zipp"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=7a7126e068206290f3fe9f8d6c713ea6"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=141643e11c48898150daa83802dbc65f"
 
-SRC_URI[sha256sum] = "112929ad649da941c23de50f356a2b5570c954b65150642bccdd66bf194d224b"
+SRC_URI[sha256sum] = "ebc15946aa78bd63458992fc81ec3b6f7b1e92d51c35e6de1c3804e73b799147"
 
 DEPENDS += "${PYTHON_PN}-setuptools-scm-native"
 
diff --git a/poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch b/poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch
index c925383..222a567 100644
--- a/poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch
+++ b/poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch
@@ -1,4 +1,4 @@
-From 6cb667f37beacd832cb409e5244b3c90dfad32f7 Mon Sep 17 00:00:00 2001
+From aa8f1709c54557d2b51a9a37d15ccc3de62e90cb Mon Sep 17 00:00:00 2001
 From: Jeremy Puhlman <jpuhlman@mvista.com>
 Date: Wed, 4 Mar 2020 00:06:42 +0000
 Subject: [PATCH] Don't search system for headers/libraries
diff --git a/poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch b/poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
index df5179e..07c6aef 100644
--- a/poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
+++ b/poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
@@ -1,4 +1,4 @@
-From 86061629f4a179e740a17e53dd2c98ab47af2fe2 Mon Sep 17 00:00:00 2001
+From 7b0a14e7320078ac891d415cab9b7568e3f52ad8 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex@linutronix.de>
 Date: Thu, 16 Sep 2021 16:35:37 +0200
 Subject: [PATCH] Lib/pty.py: handle stdin I/O errors same way as master I/O
@@ -30,18 +30,18 @@
  1 file changed, 4 insertions(+), 1 deletion(-)
 
 diff --git a/Lib/pty.py b/Lib/pty.py
-index 8d8ce40..35439c6 100644
+index fefb63a..4cef056 100644
 --- a/Lib/pty.py
 +++ b/Lib/pty.py
-@@ -154,7 +154,10 @@ def _copy(master_fd, master_read=_read, stdin_read=_read):
-                 os.write(STDOUT_FILENO, data)
+@@ -184,7 +184,10 @@ def _copy(master_fd, master_read=_read, stdin_read=_read):
+             i_buf = i_buf[n:]
  
-         if STDIN_FILENO in rfds:
+         if stdin_avail and STDIN_FILENO in rfds:
 -            data = stdin_read(STDIN_FILENO)
 +            try:
 +                data = stdin_read(STDIN_FILENO)
 +            except OSError:
 +                data = b""
              if not data:
-                 fds.remove(STDIN_FILENO)
+                 stdin_avail = False
              else:
diff --git a/poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch b/poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
index d5b7ce2..a0f3d72 100644
--- a/poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
+++ b/poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
@@ -1,4 +1,4 @@
-From 4ed481f4928c361970e78f27c4d9be8700af176b Mon Sep 17 00:00:00 2001
+From 512c617bd00b74b30a80dd56a12391de46e2b6cf Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex@linutronix.de>
 Date: Fri, 10 Sep 2021 12:28:31 +0200
 Subject: [PATCH] Lib/sysconfig.py: use prefix value from build configuration
diff --git a/poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch b/poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
index 5ee4e4f..bbdd8b5 100644
--- a/poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
+++ b/poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
@@ -1,4 +1,4 @@
-From 4c39252c71d8bca81fdc43753c83a59f8668c619 Mon Sep 17 00:00:00 2001
+From 843574d5a5b0818e83e20f8c0389d567bd4733fb Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Tue, 14 May 2013 15:00:26 -0700
 Subject: [PATCH] python3: Add target and native recipes
diff --git a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py
index 0ca687d..8e432b4 100644
--- a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py
+++ b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py
@@ -32,7 +32,7 @@
     dep_path = dep_path[dep_path.find(pivot)+len(pivot):]
 
     if '/usr/bin' in dep_path:
-        dep_path = dep_path.replace('/usr/bin''${bindir}')
+        dep_path = dep_path.replace('/usr/bin','${bindir}')
 
     # Handle multilib, is there a better way?
     if '/usr/lib32' in dep_path:
diff --git a/poky/meta/recipes-devtools/python/python3/makerace.patch b/poky/meta/recipes-devtools/python/python3/makerace.patch
index 979fc9d..c71c1e1 100644
--- a/poky/meta/recipes-devtools/python/python3/makerace.patch
+++ b/poky/meta/recipes-devtools/python/python3/makerace.patch
@@ -1,4 +1,4 @@
-From 4f52aaf2a548b3356c6f1369c62b11335dc27464 Mon Sep 17 00:00:00 2001
+From dde5cb74f55b6dd39d25cff639d16940d9dad505 Mon Sep 17 00:00:00 2001
 From: Richard Purdie <richard.purdie@linuxfoundation.org>
 Date: Tue, 13 Jul 2021 23:19:29 +0100
 Subject: [PATCH] python3: Fix make race
@@ -18,11 +18,11 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile.pre.in b/Makefile.pre.in
-index 7558f0c..8cec819 100644
+index c6d7e85..205af6c 100644
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -2005,7 +2005,7 @@ TESTSUBDIRS=	ctypes/test \
- 		unittest/test unittest/test/testmock
+@@ -2045,7 +2045,7 @@ TESTSUBDIRS=	ctypes/test \
+ 		unittest/test/testmock
  
  TEST_MODULES=@TEST_MODULES@
 -libinstall:	all $(srcdir)/Modules/xxmodule.c
diff --git a/poky/meta/recipes-devtools/python/python3/run-ptest b/poky/meta/recipes-devtools/python/python3/run-ptest
index 05396e9..efa8455 100644
--- a/poky/meta/recipes-devtools/python/python3/run-ptest
+++ b/poky/meta/recipes-devtools/python/python3/run-ptest
@@ -1,3 +1,3 @@
 #!/bin/sh
 
-SETUPTOOLS_USE_DISTUTILS=nonlocal python3 -m test -v | sed -u -e '/\.\.\. ok/ s/^/PASS: /g' -r -e '/\.\.\. (ERROR|FAIL)/ s/^/FAIL: /g' -e '/\.\.\. skipped/ s/^/SKIP: /g' -e 's/ \.\.\. ok//g' -e 's/ \.\.\. ERROR//g' -e 's/ \.\.\. FAIL//g' -e 's/ \.\.\. skipped//g'
+{ SETUPTOOLS_USE_DISTUTILS=nonlocal python3 -m test -v -j 4 || echo "FAIL: python3" ; } | sed -u -e '/\.\.\. ok/ s/^/PASS: /g' -r -e '/\.\.\. (ERROR|FAIL)/ s/^/FAIL: /g' -e '/\.\.\. skipped/ s/^/SKIP: /g' -e 's/ \.\.\. ok//g' -e 's/ \.\.\. ERROR//g' -e 's/ \.\.\. FAIL//g' -e 's/ \.\.\. skipped//g'
diff --git a/poky/meta/recipes-devtools/python/python3_3.11.3.bb b/poky/meta/recipes-devtools/python/python3_3.11.4.bb
similarity index 95%
rename from poky/meta/recipes-devtools/python/python3_3.11.3.bb
rename to poky/meta/recipes-devtools/python/python3_3.11.4.bb
index c797484..b3534ad 100644
--- a/poky/meta/recipes-devtools/python/python3_3.11.3.bb
+++ b/poky/meta/recipes-devtools/python/python3_3.11.4.bb
@@ -39,7 +39,7 @@
            file://12-distutils-prefix-is-inside-staging-area.patch \
            file://0001-Don-t-search-system-for-headers-libraries.patch \
            "
-SRC_URI[sha256sum] = "8a5db99c961a7ecf27c75956189c9602c968751f11dbeae2b900dbff1c085b5e"
+SRC_URI[sha256sum] = "2f0e409df2ab57aa9fc4cbddfb976af44e4e55bf6f619eee6bc5c2297264a7f6"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
@@ -47,15 +47,13 @@
 
 CVE_PRODUCT = "python"
 
-# Upstream consider this expected behaviour
-CVE_CHECK_IGNORE += "CVE-2007-4559"
-# This is not exploitable when glibc has CVE-2016-10739 fixed.
-CVE_CHECK_IGNORE += "CVE-2019-18348"
-# These are specific to Microsoft Windows
-CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488"
-# The mailcap module is insecure by design, so this can't be fixed in a meaningful way.
+CVE_STATUS[CVE-2007-4559] = "disputed: Upstream consider this expected behaviour"
+CVE_STATUS[CVE-2019-18348] = "not-applicable-config: This is not exploitable when glibc has CVE-2016-10739 fixed"
+CVE_STATUS[CVE-2020-15523] = "not-applicable-platform: Issue only applies on Windows"
+CVE_STATUS[CVE-2022-26488] = "not-applicable-platform: Issue only applies on Windows"
 # The module will be removed in the future and flaws documented.
-CVE_CHECK_IGNORE += "CVE-2015-20107"
+CVE_STATUS[CVE-2015-20107] = "upstream-wontfix: The mailcap module is insecure by design, so this can't be fixed in a meaningful way"
+# CVE_STATUS[CVE-2023-36632] = "disputed: Not an issue, in fact expected behaviour"
 
 PYTHON_MAJMIN = "3.11"
 
@@ -406,13 +404,13 @@
 # catch all the rest (unsorted)
 PACKAGES += "${PN}-misc"
 RDEPENDS:${PN}-misc += "\
+  ${PN}-audio \
+  ${PN}-codecs \
   ${PN}-core \
   ${PN}-email \
-  ${PN}-codecs \
-  ${PN}-pydoc \
-  ${PN}-pickle \
-  ${PN}-audio \
   ${PN}-numbers \
+  ${PN}-pickle \
+  ${PN}-pydoc \
 "
 RDEPENDS:${PN}-modules:append:class-target = " ${MLPREFIX}python3-misc"
 RDEPENDS:${PN}-modules:append:class-nativesdk = " ${MLPREFIX}python3-misc"
@@ -426,7 +424,7 @@
 # See https://bugs.python.org/issue18748 and https://bugs.python.org/issue37395
 RDEPENDS:libpython3:append:libc-glibc = " libgcc"
 RDEPENDS:${PN}-ctypes:append:libc-glibc = " ${MLPREFIX}ldconfig"
-RDEPENDS:${PN}-ptest = "${PN}-modules ${PN}-tests ${PN}-dev unzip bzip2 libgcc tzdata coreutils sed"
+RDEPENDS:${PN}-ptest = "${PN}-modules ${PN}-tests ${PN}-dev ${PN}-cgitb ${PN}-zipapp unzip bzip2 libgcc tzdata coreutils sed gcc g++ binutils"
 RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-fr-fr locale-base-en-us locale-base-tr-tr locale-base-de-de"
 RDEPENDS:${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', '${MLPREFIX}tk ${MLPREFIX}tk-lib', '', d)}"
 RDEPENDS:${PN}-idle += "${@bb.utils.contains('PACKAGECONFIG', 'tk', '${PN}-tkinter ${MLPREFIX}tcl', '', d)}"
diff --git a/poky/meta/recipes-devtools/qemu/qemu-native_8.0.0.bb b/poky/meta/recipes-devtools/qemu/qemu-native_8.0.3.bb
similarity index 100%
rename from poky/meta/recipes-devtools/qemu/qemu-native_8.0.0.bb
rename to poky/meta/recipes-devtools/qemu/qemu-native_8.0.3.bb
diff --git a/poky/meta/recipes-devtools/qemu/qemu-system-native_8.0.0.bb b/poky/meta/recipes-devtools/qemu/qemu-system-native_8.0.3.bb
similarity index 100%
rename from poky/meta/recipes-devtools/qemu/qemu-system-native_8.0.0.bb
rename to poky/meta/recipes-devtools/qemu/qemu-system-native_8.0.3.bb
diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc
index 6acda61..64bade8 100644
--- a/poky/meta/recipes-devtools/qemu/qemu.inc
+++ b/poky/meta/recipes-devtools/qemu/qemu.inc
@@ -30,30 +30,24 @@
            file://0001-tracetool-use-relative-paths-for-line-preprocessor-d.patch \
            file://qemu-guest-agent.init \
            file://qemu-guest-agent.udev \
-           file://ppc.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
-SRC_URI[sha256sum] = "bb60f0341531181d6cc3969dd19a013d0427a87f918193970d9adb91131e56d0"
+SRC_URI[sha256sum] = "ecf4d32cbef9d397bfc8cc50e4d1e92a1b30253bf32e8ee73c7a8dcf9a232b09"
 
 SRC_URI:append:class-target = " file://cross.patch"
 SRC_URI:append:class-nativesdk = " file://cross.patch"
 
-# Applies against virglrender < 0.6.0 and not qemu itself
-CVE_CHECK_IGNORE += "CVE-2017-5957"
+CVE_STATUS[CVE-2017-5957] = "cpe-incorrect: Applies against virglrender < 0.6.0 and not qemu itself"
 
-# The VNC server can expose host files uder some circumstances. We don't
-# enable it by default.
-CVE_CHECK_IGNORE += "CVE-2007-0998"
+CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default."
 
-# 'The issues identified by this CVE were determined to not constitute a vulnerability.'
 # https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11
-CVE_CHECK_IGNORE += "CVE-2018-18438"
+CVE_STATUS[CVE-2018-18438] = "disputed: The issues identified by this CVE were determined to not constitute a vulnerability."
 
 # As per https://nvd.nist.gov/vuln/detail/CVE-2023-0664
 # https://bugzilla.redhat.com/show_bug.cgi?id=2167423
-# this bug related to windows specific.
-CVE_CHECK_IGNORE += "CVE-2023-0664"
+CVE_STATUS[CVE-2023-0664] = "not-applicable-platform: Issue only applies on Windows"
 
 COMPATIBLE_HOST:mipsarchn32 = "null"
 COMPATIBLE_HOST:mipsarchn64 = "null"
@@ -215,7 +209,7 @@
 # libnfs is currently provided by meta-kodi
 PACKAGECONFIG[libnfs] = "--enable-libnfs,--disable-libnfs,libnfs"
 PACKAGECONFIG[pmem] = "--enable-libpmem,--disable-libpmem,pmdk"
-PACKAGECONFIG[pulsedio] = "--enable-pa,--disable-pa,pulseaudio"
+PACKAGECONFIG[pulseaudio] = "--enable-pa,--disable-pa,pulseaudio"
 PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
 PACKAGECONFIG[bpf] = "--enable-bpf,--disable-bpf,libbpf"
 PACKAGECONFIG[capstone] = "--enable-capstone,--disable-capstone"
@@ -236,6 +230,8 @@
 ALLOW_EMPTY:${PN}-system-all = "1"
 ALLOW_EMPTY:${PN}-user-all = "1"
 
+PACKAGES_DYNAMIC += "^${PN}-user-.*  ^${PN}-system-.*"
+
 PACKAGESPLITFUNCS =+ "split_qemu_packages"
 
 python split_qemu_packages () {
diff --git a/poky/meta/recipes-devtools/qemu/qemu/ppc.patch b/poky/meta/recipes-devtools/qemu/qemu/ppc.patch
deleted file mode 100644
index e14c48c..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu/ppc.patch
+++ /dev/null
@@ -1,148 +0,0 @@
-From 31f02021ac17442c514593f7b9ed750ea87c21b1 Mon Sep 17 00:00:00 2001
-From: Richard Purdie <richard.purdie@linuxfoundation.org>
-Date: Sat, 6 May 2023 07:42:35 +0100
-Cc: Víctor Colombo <victor.colombo@eldorado.org.br>
-Cc: Matheus Ferst <matheus.ferst@eldorado.org.br>
-Cc: Daniel Henrique Barboza <danielhb413@gmail.com>
-Cc: Richard Henderson <richard.henderson@linaro.org>
-Cc: Philippe Mathieu-Daudé <philmd@linaro.org>
-Subject: [PATCH v3] target/ppc: Fix fallback to MFSS for MFFS* instructions on
- pre 3.0 ISAs
-
-The following commits changed the code such that the fallback to MFSS for MFFSCRN,
-MFFSCRNI, MFFSCE and MFFSL on pre 3.0 ISAs was removed and became an illegal instruction:
-
-  bf8adfd88b547680aa857c46098f3a1e94373160 - target/ppc: Move mffscrn[i] to decodetree
-  394c2e2fda70da722f20fb60412d6c0ca4bfaa03 - target/ppc: Move mffsce to decodetree
-  3e5bce70efe6bd1f684efbb21fd2a316cbf0657e - target/ppc: Move mffsl to decodetree
-
-The hardware will handle them as a MFFS instruction as the code did previously.
-This means applications that were segfaulting under qemu when encountering these
-instructions which is used in glibc libm functions for example.
-
-The fallback for MFFSCDRN and MFFSCDRNI added in a later patch was also missing.
-
-This patch restores the fallback to MFSS for these instructions on pre 3.0s ISAs
-as the hardware decoder would, fixing the segfaulting libm code. It doesn't have
-the fallback for 3.0 onwards to match hardware behaviour.
-
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
----
- target/ppc/insn32.decode           | 20 +++++++++++++-------
- target/ppc/translate/fp-impl.c.inc | 22 ++++++++++++++++------
- 2 files changed, 29 insertions(+), 13 deletions(-)
-
-v3 - drop fallback to MFFS for 3.0 ISA to match hardware
-v2 - switch to use decodetree pattern groups per feedback
-
-Upstream-Status: Submitted [https://lore.kernel.org/qemu-devel/20230506065240.3177798-1-richard.purdie@linuxfoundation.org/]
-
-diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
-index f8f589e9fd..4fcf3af8d0 100644
---- a/target/ppc/insn32.decode
-+++ b/target/ppc/insn32.decode
-@@ -390,13 +390,19 @@ SETNBCR         011111 ..... ..... ----- 0111100000 -   @X_bi
- 
- ### Move To/From FPSCR
- 
--MFFS            111111 ..... 00000 ----- 1001000111 .   @X_t_rc
--MFFSCE          111111 ..... 00001 ----- 1001000111 -   @X_t
--MFFSCRN         111111 ..... 10110 ..... 1001000111 -   @X_tb
--MFFSCDRN        111111 ..... 10100 ..... 1001000111 -   @X_tb
--MFFSCRNI        111111 ..... 10111 ---.. 1001000111 -   @X_imm2
--MFFSCDRNI       111111 ..... 10101 --... 1001000111 -   @X_imm3
--MFFSL           111111 ..... 11000 ----- 1001000111 -   @X_t
-+{
-+  # Before Power ISA v3.0, MFFS bits 11~15 were reserved and should be ignored
-+  MFFS_ISA207     111111 ..... ----- ----- 1001000111 .   @X_t_rc
-+  [
-+    MFFS            111111 ..... 00000 ----- 1001000111 .   @X_t_rc
-+    MFFSCE          111111 ..... 00001 ----- 1001000111 -   @X_t
-+    MFFSCRN         111111 ..... 10110 ..... 1001000111 -   @X_tb
-+    MFFSCDRN        111111 ..... 10100 ..... 1001000111 -   @X_tb
-+    MFFSCRNI        111111 ..... 10111 ---.. 1001000111 -   @X_imm2
-+    MFFSCDRNI       111111 ..... 10101 --... 1001000111 -   @X_imm3
-+    MFFSL           111111 ..... 11000 ----- 1001000111 -   @X_t
-+  ]
-+}
- 
- ### Decimal Floating-Point Arithmetic Instructions
- 
-diff --git a/target/ppc/translate/fp-impl.c.inc b/target/ppc/translate/fp-impl.c.inc
-index 57d8437851..874774eade 100644
---- a/target/ppc/translate/fp-impl.c.inc
-+++ b/target/ppc/translate/fp-impl.c.inc
-@@ -568,6 +568,22 @@ static void store_fpscr_masked(TCGv_i64 fpscr, uint64_t clear_mask,
-     gen_helper_store_fpscr(cpu_env, fpscr_masked, st_mask);
- }
- 
-+static bool trans_MFFS_ISA207(DisasContext *ctx, arg_X_t_rc *a)
-+{
-+    if (!(ctx->insns_flags2 & PPC2_ISA300)) {
-+        /*
-+         * Before Power ISA v3.0, MFFS bits 11~15 were reserved, any instruction
-+         * with OPCD=63 and XO=583 should be decoded as MFFS.
-+         */
-+        return trans_MFFS(ctx, a);
-+    }
-+    /*
-+     * For Power ISA v3.0+, return false and let the pattern group
-+     * select the correct instruction.
-+     */
-+    return false;
-+}
-+
- static bool trans_MFFS(DisasContext *ctx, arg_X_t_rc *a)
- {
-     REQUIRE_FPU(ctx);
-@@ -584,7 +600,6 @@ static bool trans_MFFSCE(DisasContext *ctx, arg_X_t *a)
- {
-     TCGv_i64 fpscr;
- 
--    REQUIRE_INSNS_FLAGS2(ctx, ISA300);
-     REQUIRE_FPU(ctx);
- 
-     gen_reset_fpstatus();
-@@ -597,7 +612,6 @@ static bool trans_MFFSCRN(DisasContext *ctx, arg_X_tb *a)
- {
-     TCGv_i64 t1, fpscr;
- 
--    REQUIRE_INSNS_FLAGS2(ctx, ISA300);
-     REQUIRE_FPU(ctx);
- 
-     t1 = tcg_temp_new_i64();
-@@ -614,7 +628,6 @@ static bool trans_MFFSCDRN(DisasContext *ctx, arg_X_tb *a)
- {
-     TCGv_i64 t1, fpscr;
- 
--    REQUIRE_INSNS_FLAGS2(ctx, ISA300);
-     REQUIRE_FPU(ctx);
- 
-     t1 = tcg_temp_new_i64();
-@@ -631,7 +644,6 @@ static bool trans_MFFSCRNI(DisasContext *ctx, arg_X_imm2 *a)
- {
-     TCGv_i64 t1, fpscr;
- 
--    REQUIRE_INSNS_FLAGS2(ctx, ISA300);
-     REQUIRE_FPU(ctx);
- 
-     t1 = tcg_temp_new_i64();
-@@ -647,7 +659,6 @@ static bool trans_MFFSCDRNI(DisasContext *ctx, arg_X_imm3 *a)
- {
-     TCGv_i64 t1, fpscr;
- 
--    REQUIRE_INSNS_FLAGS2(ctx, ISA300);
-     REQUIRE_FPU(ctx);
- 
-     t1 = tcg_temp_new_i64();
-@@ -661,7 +672,6 @@ static bool trans_MFFSCDRNI(DisasContext *ctx, arg_X_imm3 *a)
- 
- static bool trans_MFFSL(DisasContext *ctx, arg_X_t *a)
- {
--    REQUIRE_INSNS_FLAGS2(ctx, ISA300);
-     REQUIRE_FPU(ctx);
- 
-     gen_reset_fpstatus();
--- 
-2.39.2
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu_8.0.0.bb b/poky/meta/recipes-devtools/qemu/qemu_8.0.3.bb
similarity index 100%
rename from poky/meta/recipes-devtools/qemu/qemu_8.0.0.bb
rename to poky/meta/recipes-devtools/qemu/qemu_8.0.3.bb
diff --git a/poky/meta/recipes-devtools/repo/repo_2.34.1.bb b/poky/meta/recipes-devtools/repo/repo_2.35.bb
similarity index 94%
rename from poky/meta/recipes-devtools/repo/repo_2.34.1.bb
rename to poky/meta/recipes-devtools/repo/repo_2.35.bb
index 1c5d1a0..d34c3db 100644
--- a/poky/meta/recipes-devtools/repo/repo_2.34.1.bb
+++ b/poky/meta/recipes-devtools/repo/repo_2.35.bb
@@ -12,7 +12,7 @@
 SRC_URI = "git://gerrit.googlesource.com/git-repo.git;protocol=https;branch=main \
            file://0001-python3-shebang.patch \
            "
-SRCREV = "945c006f406550add8a3cad32ada0791f5a15c53"
+SRCREV = "c657844efe40b97700c3654989bdbe3a33e409d7"
 
 MIRRORS += "git://gerrit.googlesource.com/git-repo.git git://github.com/GerritCodeReview/git-repo.git"
 
diff --git a/poky/meta/recipes-devtools/rpm/files/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch b/poky/meta/recipes-devtools/rpm/files/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch
new file mode 100644
index 0000000..470dda1
--- /dev/null
+++ b/poky/meta/recipes-devtools/rpm/files/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch
@@ -0,0 +1,51 @@
+From ea3187cfcf9cac87e5bc5e7db79b0338da9e355e Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Mon, 26 Jun 2023 12:45:09 +0300
+Subject: [PATCH] Don't muck with per-process global sqlite configuration from
+ the db backend
+
+sqlite3_config() affects all in-process uses of sqlite. librpm being a
+low-level library, it has no business whatsoever making such decisions
+for the applications running on top of it. Besides that, the callback can
+easily end up pointing to an already closed database, causing an
+innocent API user to crash in librpm on an entirely unrelated error on
+some other database. "Oops."
+
+The sqlite API doesn't seem to provide any per-db or non-global context
+for logging errors, thus we can only remove the call and let sqlite output
+errors the way it pleases (print through stderr, presumably).
+
+Thanks to Jan Palus for spotting and reporting!
+
+Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ lib/backend/sqlite.c | 8 --------
+ 1 file changed, 8 deletions(-)
+
+diff --git a/lib/backend/sqlite.c b/lib/backend/sqlite.c
+index 5a029d575a..b612732267 100644
+--- a/lib/backend/sqlite.c
++++ b/lib/backend/sqlite.c
+@@ -44,13 +44,6 @@ static void rpm_match3(sqlite3_context *sctx, int argc, sqlite3_value **argv)
+     sqlite3_result_int(sctx, match);
+ }
+ 
+-static void errCb(void *data, int err, const char *msg)
+-{
+-    rpmdb rdb = data;
+-    rpmlog(RPMLOG_WARNING, "%s: %s: %s\n",
+-		rdb->db_descr, sqlite3_errstr(err), msg);
+-}
+-
+ static int dbiCursorReset(dbiCursor dbc)
+ {
+     if (dbc->stmt) {
+@@ -170,7 +163,6 @@ static int sqlite_init(rpmdb rdb, const char * dbhome)
+ 	 * the "database is locked" errors at every cost
+ 	 */
+ 	sqlite3_busy_timeout(sdb, 10000);
+-	sqlite3_config(SQLITE_CONFIG_LOG, errCb, rdb);
+ 
+ 	sqlexec(sdb, "PRAGMA secure_delete = OFF");
+ 	sqlexec(sdb, "PRAGMA case_sensitive_like = ON");
diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.18.1.bb b/poky/meta/recipes-devtools/rpm/rpm_4.18.1.bb
index 83537d4..95a9e92 100644
--- a/poky/meta/recipes-devtools/rpm/rpm_4.18.1.bb
+++ b/poky/meta/recipes-devtools/rpm/rpm_4.18.1.bb
@@ -39,6 +39,7 @@
            file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \
            file://0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch \
            file://fix-declaration.patch \
+           file://ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch \
            "
 
 PE = "1"
diff --git a/poky/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/poky/meta/recipes-devtools/rsync/rsync_3.2.7.bb
index 19574bc..130581a 100644
--- a/poky/meta/recipes-devtools/rsync/rsync_3.2.7.bb
+++ b/poky/meta/recipes-devtools/rsync/rsync_3.2.7.bb
@@ -18,9 +18,6 @@
            "
 SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"
 
-# -16548 required for v3.1.3pre1. Already in v3.1.3.
-CVE_CHECK_IGNORE += " CVE-2017-16548 "
-
 inherit autotools-brokensep
 
 PACKAGECONFIG ??= "acl attr \
diff --git a/poky/meta/recipes-devtools/rust/files/rust-oe-selftest.patch b/poky/meta/recipes-devtools/rust/files/rust-oe-selftest.patch
new file mode 100644
index 0000000..8e9da47
--- /dev/null
+++ b/poky/meta/recipes-devtools/rust/files/rust-oe-selftest.patch
@@ -0,0 +1,2324 @@
+Rust testsuite outputs error even on a single testcase failure.
+Hence, some test runs are ignored as they fail with error messages.
+
+Upstream-Status: Inappropriate [Ignore the testcase that errors out]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+
+diff --git a/compiler/rustc_interface/src/tests.rs b/compiler/rustc_interface/src/tests.rs
+index eb8e65a6d..6e65e8787 100644
+--- a/compiler/rustc_interface/src/tests.rs
++++ b/compiler/rustc_interface/src/tests.rs
+@@ -103,6 +103,7 @@ fn assert_non_crate_hash_different(x: &Options, y: &Options) {
+
+ // When the user supplies --test we should implicitly supply --cfg test
+ #[test]
++#[ignore]
+ fn test_switch_implies_cfg_test() {
+     rustc_span::create_default_session_globals_then(|| {
+         let matches = optgroups().parse(&["--test".to_string()]).unwrap();
+@@ -114,6 +115,7 @@ fn test_switch_implies_cfg_test() {
+
+ // When the user supplies --test and --cfg test, don't implicitly add another --cfg test
+ #[test]
++#[ignore]
+ fn test_switch_implies_cfg_test_unless_cfg_test() {
+     rustc_span::create_default_session_globals_then(|| {
+         let matches = optgroups().parse(&["--test".to_string(), "--cfg=test".to_string()]).unwrap();
+@@ -126,6 +128,7 @@ fn test_switch_implies_cfg_test_unless_cfg_test() {
+ }
+
+ #[test]
++#[ignore]
+ fn test_can_print_warnings() {
+     rustc_span::create_default_session_globals_then(|| {
+         let matches = optgroups().parse(&["-Awarnings".to_string()]).unwrap();
+diff --git a/library/test/src/stats/tests.rs b/library/test/src/stats/tests.rs
+index 3a6e8401b..8442a6b39 100644
+--- a/library/test/src/stats/tests.rs
++++ b/library/test/src/stats/tests.rs
+@@ -40,6 +40,7 @@ fn check(samples: &[f64], summ: &Summary) {
+ }
+
+ #[test]
++#[ignore]
+ fn test_min_max_nan() {
+     let xs = &[1.0, 2.0, f64::NAN, 3.0, 4.0];
+     let summary = Summary::new(xs);
+diff --git a/tests/assembly/asm/aarch64-outline-atomics.rs b/tests/assembly/asm/aarch64-outline-atomics.rs
+index c2ec4e911..150d23004 100644
+--- a/tests/assembly/asm/aarch64-outline-atomics.rs
++++ b/tests/assembly/asm/aarch64-outline-atomics.rs
+@@ -4,6 +4,7 @@
+ // needs-llvm-components: aarch64
+ // only-aarch64
+ // only-linux
++// ignore-stage1
+
+ #![crate_type = "rlib"]
+
+diff --git a/tests/codegen/abi-main-signature-32bit-c-int.rs b/tests/codegen/abi-main-signature-32bit-c-int.rs
+index 7f22ddcfc..ec84b72aa 100644
+--- a/tests/codegen/abi-main-signature-32bit-c-int.rs
++++ b/tests/codegen/abi-main-signature-32bit-c-int.rs
+@@ -3,6 +3,7 @@
+
+ // This test is for targets with 32bit c_int only.
+ // ignore-msp430
++// ignore-stage1
+
+ fn main() {
+ }
+diff --git a/tests/codegen/sse42-implies-crc32.rs b/tests/codegen/sse42-implies-crc32.rs
+index 47b1a8993..71e2d5ef7 100644
+--- a/tests/codegen/sse42-implies-crc32.rs
++++ b/tests/codegen/sse42-implies-crc32.rs
+@@ -1,5 +1,6 @@
+ // only-x86_64
+ // compile-flags: -Copt-level=3
++// ignore-stage1
+
+ #![crate_type = "lib"]
+
+diff --git a/tests/codegen/thread-local.rs b/tests/codegen/thread-local.rs
+index 0f1b29ca7..b2b4fd2ff 100644
+--- a/tests/codegen/thread-local.rs
++++ b/tests/codegen/thread-local.rs
+@@ -5,6 +5,7 @@
+ // ignore-emscripten globals are used instead of thread locals
+ // ignore-android does not use #[thread_local]
+ // ignore-nto does not use #[thread_local]
++// ignore-stage1
+
+ #![crate_type = "lib"]
+
+diff --git a/tests/codegen/uninit-consts.rs b/tests/codegen/uninit-consts.rs
+index 4c07740b3..dac5da866 100644
+--- a/tests/codegen/uninit-consts.rs
++++ b/tests/codegen/uninit-consts.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -C no-prepopulate-passes
++// ignore-stage1
+
+ // Check that we use undef (and not zero) for uninitialized bytes in constants.
+
+diff --git a/tests/pretty/raw-str-nonexpr.rs b/tests/pretty/raw-str-nonexpr.rs
+index 12440b5ae..5b62d45ff 100644
+--- a/tests/pretty/raw-str-nonexpr.rs
++++ b/tests/pretty/raw-str-nonexpr.rs
+@@ -1,5 +1,6 @@
+ // needs-asm-support
+ // pp-exact
++// ignore-stage1
+
+ #[cfg(foo = r#"just parse this"#)]
+ extern crate blah as blah;
+diff --git a/tests/run-make/issue-36710/Makefile b/tests/run-make/issue-36710/Makefile
+index 7b91107a234..e404fcc3996 100644
+--- a/tests/run-make/issue-36710/Makefile
++++ b/tests/run-make/issue-36710/Makefile
+@@ -6,6 +6,7 @@
+ # ignore-musl FIXME: this makefile needs teaching how to use a musl toolchain
+ #                    (see dist-i586-gnu-i586-i686-musl Dockerfile)
+ # ignore-sgx
++# ignore-stage1
+ 
+ include ../tools.mk
+
+diff --git a/tests/rustdoc-ui/cfg-test.rs b/tests/rustdoc-ui/cfg-test.rs
+index d4ca92585..fceb2968d 100644
+--- a/tests/rustdoc-ui/cfg-test.rs
++++ b/tests/rustdoc-ui/cfg-test.rs
+@@ -5,6 +5,7 @@
+
+ // Crates like core have doctests gated on `cfg(not(test))` so we need to make
+ // sure `cfg(test)` is not active when running `rustdoc --test`.
++// ignore-stage1
+
+ /// this doctest will be ignored:
+ ///
+diff --git a/tests/rustdoc-ui/check-cfg-test.rs b/tests/rustdoc-ui/check-cfg-test.rs
+index 626cc8387..b0f9a1948 100644
+--- a/tests/rustdoc-ui/check-cfg-test.rs
++++ b/tests/rustdoc-ui/check-cfg-test.rs
+@@ -3,6 +3,7 @@
+ // normalize-stderr-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+
+ /// The doctest will produce a warning because feature invalid is unexpected
+ /// ```
+diff --git a/tests/rustdoc-ui/display-output.rs b/tests/rustdoc-ui/display-output.rs
+index ec27a9f6b..61655fa6e 100644
+--- a/tests/rustdoc-ui/display-output.rs
++++ b/tests/rustdoc-ui/display-output.rs
+@@ -5,6 +5,7 @@
+ // compile-flags:--test --test-args=--show-output
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+
+ /// ```
+ /// #![warn(unused)]
+diff --git a/tests/rustdoc-ui/doc-comment-multi-line-attr.rs b/tests/rustdoc-ui/doc-comment-multi-line-attr.rs
+index 97259f782..50a155fba 100644
+--- a/tests/rustdoc-ui/doc-comment-multi-line-attr.rs
++++ b/tests/rustdoc-ui/doc-comment-multi-line-attr.rs
+@@ -3,6 +3,7 @@
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
+ // check-pass
++// ignore-stage1
+
+ //! ```rust
+ //! #![deny(
+diff --git a/tests/rustdoc-ui/doc-comment-multi-line-cfg-attr.rs b/tests/rustdoc-ui/doc-comment-multi-line-cfg-attr.rs
+index b2a8133c9..ea064ba85 100644
+--- a/tests/rustdoc-ui/doc-comment-multi-line-cfg-attr.rs
++++ b/tests/rustdoc-ui/doc-comment-multi-line-cfg-attr.rs
+@@ -2,6 +2,7 @@
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
+ // check-pass
++// ignore-stage1
+
+ /// ```
+ /// # #![cfg_attr(not(dox), deny(missing_abi,
+diff --git a/tests/rustdoc-ui/doc-test-doctest-feature.rs b/tests/rustdoc-ui/doc-test-doctest-feature.rs
+index 0b79aaece..8cef6d974 100644
+--- a/tests/rustdoc-ui/doc-test-doctest-feature.rs
++++ b/tests/rustdoc-ui/doc-test-doctest-feature.rs
+@@ -5,6 +5,7 @@
+
+ // Make sure `cfg(doctest)` is set when finding doctests but not inside
+ // the doctests.
++// ignore-stage1
+
+ /// ```
+ /// assert!(!cfg!(doctest));
+diff --git a/tests/rustdoc-ui/doc-test-rustdoc-feature.rs b/tests/rustdoc-ui/doc-test-rustdoc-feature.rs
+index bf334c67e..c372097bd 100644
+--- a/tests/rustdoc-ui/doc-test-rustdoc-feature.rs
++++ b/tests/rustdoc-ui/doc-test-rustdoc-feature.rs
+@@ -2,6 +2,7 @@
+ // compile-flags:--test
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+
+ #![feature(doc_cfg)]
+
+diff --git a/tests/rustdoc-ui/doctest-output.rs b/tests/rustdoc-ui/doctest-output.rs
+index 2670fa572..b4b612916 100644
+--- a/tests/rustdoc-ui/doctest-output.rs
++++ b/tests/rustdoc-ui/doctest-output.rs
+@@ -4,6 +4,7 @@
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
+ // check-pass
++// ignore-stage1
+
+ //! ```
+ //! assert_eq!(1 + 1, 2);
+diff --git a/tests/rustdoc-ui/failed-doctest-compile-fail.rs b/tests/rustdoc-ui/failed-doctest-compile-fail.rs
+index 6f2ff5d70..2561ffdc3 100644
+--- a/tests/rustdoc-ui/failed-doctest-compile-fail.rs
++++ b/tests/rustdoc-ui/failed-doctest-compile-fail.rs
+@@ -5,6 +5,7 @@
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
+ // failure-status: 101
++// ignore-stage1
+
+ /// ```compile_fail
+ /// println!("Hello");
+diff --git a/tests/rustdoc-ui/issue-91134.rs b/tests/rustdoc-ui/issue-91134.rs
+index d2ff3a252..90e0816d2 100644
+--- a/tests/rustdoc-ui/issue-91134.rs
++++ b/tests/rustdoc-ui/issue-91134.rs
+@@ -4,6 +4,7 @@
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
+ // edition:2021
++// ignore-stage1
+
+ /// <https://github.com/rust-lang/rust/issues/91134>
+ ///
+diff --git a/tests/rustdoc-ui/nocapture.rs b/tests/rustdoc-ui/nocapture.rs
+index 321f5ca08..463751e48 100644
+--- a/tests/rustdoc-ui/nocapture.rs
++++ b/tests/rustdoc-ui/nocapture.rs
+@@ -2,6 +2,7 @@
+ // compile-flags:--test -Zunstable-options --nocapture
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+
+ /// ```
+ /// println!("hello!");
+diff --git a/tests/rustdoc-ui/run-directory.rs b/tests/rustdoc-ui/run-directory.rs
+index 0d432c1e6..357e3ccc3 100644
+--- a/tests/rustdoc-ui/run-directory.rs
++++ b/tests/rustdoc-ui/run-directory.rs
+@@ -6,6 +6,7 @@
+ // [incorrect]compile-flags:--test --test-run-directory={{src-base}}/coverage
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+
+ /// ```
+ /// assert_eq!(
+diff --git a/tests/rustdoc-ui/test-no_std.rs b/tests/rustdoc-ui/test-no_std.rs
+index ee919985e..3e479bf6f 100644
+--- a/tests/rustdoc-ui/test-no_std.rs
++++ b/tests/rustdoc-ui/test-no_std.rs
+@@ -2,6 +2,7 @@
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
+ // check-pass
++// ignore-stage1
+
+ #![no_std]
+
+diff --git a/tests/rustdoc-ui/test-type.rs b/tests/rustdoc-ui/test-type.rs
+index 882da5c25..bc8e8e30f 100644
+--- a/tests/rustdoc-ui/test-type.rs
++++ b/tests/rustdoc-ui/test-type.rs
+@@ -2,6 +2,7 @@
+ // check-pass
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+
+ /// ```
+ /// let a = true;
+diff --git a/tests/ui-fulldeps/internal-lints/default_hash_types.rs b/tests/ui-fulldeps/internal-lints/default_hash_types.rs
+index 795c7d2dc..dc6b4f53f 100644
+--- a/tests/ui-fulldeps/internal-lints/default_hash_types.rs
++++ b/tests/ui-fulldeps/internal-lints/default_hash_types.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -Z unstable-options
++// ignore-stage1
+
+ #![feature(rustc_private)]
+ #![deny(rustc::default_hash_types)]
+diff --git a/tests/ui-fulldeps/internal-lints/diagnostics.rs b/tests/ui-fulldeps/internal-lints/diagnostics.rs
+index 643e81d99..2433228ef 100644
+--- a/tests/ui-fulldeps/internal-lints/diagnostics.rs
++++ b/tests/ui-fulldeps/internal-lints/diagnostics.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -Z unstable-options
++// ignore-stage1
+
+ #![crate_type = "lib"]
+ #![feature(rustc_attrs)]
+diff --git a/tests/ui-fulldeps/internal-lints/lint_pass_impl_without_macro.rs b/tests/ui-fulldeps/internal-lints/lint_pass_impl_without_macro.rs
+index f6f0c0385..4523e2a6d 100644
+--- a/tests/ui-fulldeps/internal-lints/lint_pass_impl_without_macro.rs
++++ b/tests/ui-fulldeps/internal-lints/lint_pass_impl_without_macro.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -Z unstable-options
++// ignore-stage1
+
+ #![feature(rustc_private)]
+ #![deny(rustc::lint_pass_impl_without_macro)]
+diff --git a/tests/ui-fulldeps/internal-lints/qualified_ty_ty_ctxt.rs b/tests/ui-fulldeps/internal-lints/qualified_ty_ty_ctxt.rs
+index 32b987338..6187e2370 100644
+--- a/tests/ui-fulldeps/internal-lints/qualified_ty_ty_ctxt.rs
++++ b/tests/ui-fulldeps/internal-lints/qualified_ty_ty_ctxt.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -Z unstable-options
++// ignore-stage1
+
+ #![feature(rustc_private)]
+ #![deny(rustc::usage_of_qualified_ty)]
+diff --git a/tests/ui-fulldeps/internal-lints/query_stability.rs b/tests/ui-fulldeps/internal-lints/query_stability.rs
+index 560675b44..e7d5ba583 100644
+--- a/tests/ui-fulldeps/internal-lints/query_stability.rs
++++ b/tests/ui-fulldeps/internal-lints/query_stability.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -Z unstable-options
++// ignore-stage1
+
+ #![feature(rustc_private)]
+ #![deny(rustc::potential_query_instability)]
+diff --git a/tests/ui-fulldeps/internal-lints/rustc_pass_by_value.rs b/tests/ui-fulldeps/internal-lints/rustc_pass_by_value.rs
+index 10bab2d88..8e72c8b38 100644
+--- a/tests/ui-fulldeps/internal-lints/rustc_pass_by_value.rs
++++ b/tests/ui-fulldeps/internal-lints/rustc_pass_by_value.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -Z unstable-options
++// ignore-stage1
+
+ #![feature(rustc_attrs)]
+ #![feature(rustc_private)]
+diff --git a/tests/ui-fulldeps/internal-lints/ty_tykind_usage.rs b/tests/ui-fulldeps/internal-lints/ty_tykind_usage.rs
+index 2cb1ed6fc..31b5a2131 100644
+--- a/tests/ui-fulldeps/internal-lints/ty_tykind_usage.rs
++++ b/tests/ui-fulldeps/internal-lints/ty_tykind_usage.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -Z unstable-options
++// ignore-stage1
+
+ #![feature(rustc_private)]
+
+diff --git a/tests/ui-fulldeps/lint-group-denied-lint-allowed.rs b/tests/ui-fulldeps/lint-group-denied-lint-allowed.rs
+index 7498745f2..28c00f2f8 100644
+--- a/tests/ui-fulldeps/lint-group-denied-lint-allowed.rs
++++ b/tests/ui-fulldeps/lint-group-denied-lint-allowed.rs
+@@ -1,6 +1,7 @@
+ // aux-build:lint-group-plugin-test.rs
+ // check-pass
+ // compile-flags: -D unused -A unused-variables
++// ignore-stage1
+
+ fn main() {
+     let x = 1;
+diff --git a/tests/ui-fulldeps/lint-group-forbid-always-trumps-cli.rs b/tests/ui-fulldeps/lint-group-forbid-always-trumps-cli.rs
+index fc19bc039..9563e9930 100644
+--- a/tests/ui-fulldeps/lint-group-forbid-always-trumps-cli.rs
++++ b/tests/ui-fulldeps/lint-group-forbid-always-trumps-cli.rs
+@@ -1,5 +1,6 @@
+ // aux-build:lint-group-plugin-test.rs
+ // compile-flags: -F unused -A unused
++// ignore-stage1
+
+ fn main() {
+     let x = 1;
+diff --git a/tests/ui-fulldeps/lint-pass-macros.rs b/tests/ui-fulldeps/lint-pass-macros.rs
+index b3c2a5427..9ed711a34 100644
+--- a/tests/ui-fulldeps/lint-pass-macros.rs
++++ b/tests/ui-fulldeps/lint-pass-macros.rs
+@@ -1,5 +1,6 @@
+ // compile-flags: -Z unstable-options
+ // check-pass
++// ignore-stage1
+
+ #![feature(rustc_private)]
+
+diff --git a/tests/ui/empty_global_asm.rs b/tests/ui/empty_global_asm.rs
+index af13762d1..e9a5433ff 100644
+--- a/tests/ui/empty_global_asm.rs
++++ b/tests/ui/empty_global_asm.rs
+@@ -1,5 +1,6 @@
+ // needs-asm-support
+ // run-pass
++// ignore-stage1
+
+ use std::arch::global_asm;
+
+diff --git a/tests/ui/linkage-attr/issue-10755.rs b/tests/ui/linkage-attr/issue-10755.rs
+index afd2dc46c..f0d4705e4 100644
+--- a/tests/ui/linkage-attr/issue-10755.rs
++++ b/tests/ui/linkage-attr/issue-10755.rs
+@@ -2,6 +2,7 @@
+ // dont-check-compiler-stderr
+ // compile-flags: -C linker=llllll -C linker-flavor=ld
+ // error-pattern: `llllll`
++// ignore-stage1
+
+ // Before, the error-pattern checked for "not found". On WSL with appendWindowsPath=true, running
+ // in invalid command returns a PermissionDenied instead.
+diff --git a/tests/ui/macros/restricted-shadowing-legacy.rs b/tests/ui/macros/restricted-shadowing-legacy.rs
+index f5cac2dfb..d84f8efd6 100644
+--- a/tests/ui/macros/restricted-shadowing-legacy.rs
++++ b/tests/ui/macros/restricted-shadowing-legacy.rs
+@@ -74,6 +74,7 @@
+ // 62 |   Unordered   |   Unordered   |       =       |    +?    |
+ // 63 |   Unordered   |   Unordered   |       >       |    +?    |
+ // 64 |   Unordered   |   Unordered   |   Unordered   |    +     |
++// ignore-stage1
+
+ #![feature(decl_macro, rustc_attrs)]
+
+diff --git a/tests/ui/process/nofile-limit.rs b/tests/ui/process/nofile-limit.rs
+index 3ddf8d6ef..316823fcc 100644
+--- a/tests/ui/process/nofile-limit.rs
++++ b/tests/ui/process/nofile-limit.rs
+@@ -3,6 +3,7 @@
+ // test for issue #96621.
+ //
+ // run-pass
++// ignore-stage1
+ // dont-check-compiler-stderr
+ // only-linux
+ // no-prefer-dynamic
+diff --git a/tests/ui/process/process-panic-after-fork.rs b/tests/ui/process/process-panic-after-fork.rs
+index 6d4d24922..f681526bd 100644
+--- a/tests/ui/process/process-panic-after-fork.rs
++++ b/tests/ui/process/process-panic-after-fork.rs
+@@ -6,6 +6,7 @@
+ // ignore-emscripten no processes
+ // ignore-sgx no processes
+ // ignore-fuchsia no fork
++// ignore-stage1
+
+ #![feature(rustc_private)]
+ #![feature(never_type)]
+diff --git a/tests/ui/simd/target-feature-mixup.rs b/tests/ui/simd/target-feature-mixup.rs
+index 5dd163715..ab8b02f23 100644
+--- a/tests/ui/simd/target-feature-mixup.rs
++++ b/tests/ui/simd/target-feature-mixup.rs
+@@ -1,4 +1,6 @@
+ // run-pass
++// ignore-stage1
++
+ #![allow(unused_variables)]
+ #![allow(stable_features)]
+ #![allow(overflowing_literals)]
+diff --git a/tests/ui-fulldeps/internal-lints/bad_opt_access.rs b/tests/ui-fulldeps/internal-lints/bad_opt_access.rs
+index d6bd6945e15..a5794e3636a 100644
+--- a/tests/ui-fulldeps/internal-lints/bad_opt_access.rs
++++ b/tests/ui-fulldeps/internal-lints/bad_opt_access.rs
+@@ -3,6 +3,7 @@
+ // Test that accessing command line options by field access triggers a lint for those fields
+ // that have wrapper functions which should be used.
+ 
++// ignore-stage1
+ #![crate_type = "lib"]
+ #![feature(rustc_private)]
+ #![deny(rustc::bad_opt_access)]
+diff --git a/tests/ui-fulldeps/session-diagnostic/enforce_slug_naming.rs b/tests/ui-fulldeps/session-diagnostic/enforce_slug_naming.rs
+index a0a8114e0c5..29faed24e13 100644
+--- a/tests/ui-fulldeps/session-diagnostic/enforce_slug_naming.rs
++++ b/tests/ui-fulldeps/session-diagnostic/enforce_slug_naming.rs
+@@ -1,5 +1,6 @@
+ // rustc-env:CARGO_CRATE_NAME=rustc_dummy
+ 
++// ignore-stage1
+ #![feature(rustc_private)]
+ #![crate_type = "lib"]
+ 
+diff --git a/tests/ui/debuginfo/debuginfo-emit-llvm-ir-and-split-debuginfo.rs b/tests/ui/debuginfo/debuginfo-emit-llvm-ir-and-split-debuginfo.rs
+index ff764015dc7..8d0184b40f5 100644
+--- a/tests/ui/debuginfo/debuginfo-emit-llvm-ir-and-split-debuginfo.rs
++++ b/tests/ui/debuginfo/debuginfo-emit-llvm-ir-and-split-debuginfo.rs
+@@ -5,4 +5,5 @@
+ //
+ // Make sure that we don't explode with an error if we don't actually end up emitting any `dwo`s,
+ // as would be the case if we don't actually codegen anything.
++// ignore-stage1
+ #![crate_type="rlib"]
+diff --git a/tests/ui/drop/dynamic-drop.rs b/tests/ui/drop/dynamic-drop.rs
+index 9e51d3adaaa..296032acebb 100644
+--- a/tests/ui/drop/dynamic-drop.rs
++++ b/tests/ui/drop/dynamic-drop.rs
+@@ -1,6 +1,7 @@
+ // run-pass
+ // needs-unwind
+ 
++// ignore-stage1
+ #![feature(generators, generator_trait)]
+ 
+ #![allow(unused_assignments)]
+diff --git a/src/bootstrap/builder/tests.rs b/src/bootstrap/builder/tests.rs
+index 3574f11189e..4f4698a25bd 100644
+--- a/src/bootstrap/builder/tests.rs
++++ b/src/bootstrap/builder/tests.rs
+@@ -76,6 +76,7 @@ macro_rules! rustc {
+ }
+ 
+ #[test]
++#[ignore]
+ fn test_valid() {
+     // make sure multi suite paths are accepted
+     check_cli(["test", "tests/ui/attr-start.rs", "tests/ui/attr-shebang.rs"]);
+@@ -104,6 +105,7 @@ fn test_intersection() {
+ }
+ 
+ #[test]
++#[ignore]
+ fn test_exclude() {
+     let mut config = configure("test", &["A"], &["A"]);
+     config.exclude = vec![TaskPath::parse("src/tools/tidy")];
+@@ -117,6 +119,7 @@ fn test_exclude() {
+ }
+ 
+ #[test]
++#[ignore]
+ fn test_exclude_kind() {
+     let path = PathBuf::from("src/tools/cargotest");
+     let exclude = TaskPath::parse("test::src/tools/cargotest");
+@@ -137,6 +140,7 @@ fn test_exclude_kind() {
+ 
+ /// Ensure that if someone passes both a single crate and `library`, all library crates get built.
+ #[test]
++#[ignore]
+ fn alias_and_path_for_library() {
+     let mut cache =
+         run_build(&["library".into(), "core".into()], configure("build", &["A"], &["A"]));
+@@ -153,6 +157,7 @@ mod defaults {
+     use pretty_assertions::assert_eq;
+ 
+     #[test]
++    #[ignore]
+     fn build_default() {
+         let mut cache = run_build(&[], configure("build", &["A"], &["A"]));
+ 
+@@ -173,6 +178,7 @@ fn build_default() {
+     }
+ 
+     #[test]
++    #[ignore]
+     fn build_stage_0() {
+         let config = Config { stage: 0, ..configure("build", &["A"], &["A"]) };
+         let mut cache = run_build(&[], config);
+@@ -190,6 +196,7 @@ fn build_stage_0() {
+     }
+ 
+     #[test]
++    #[ignore]
+     fn build_cross_compile() {
+         let config = Config { stage: 1, ..configure("build", &["A", "B"], &["A", "B"]) };
+         let mut cache = run_build(&[], config);
+@@ -233,6 +240,7 @@ fn build_cross_compile() {
+     }
+ 
+     #[test]
++    #[ignore]
+     fn doc_default() {
+         let mut config = configure("doc", &["A"], &["A"]);
+         config.compiler_docs = true;
+@@ -267,6 +275,7 @@ fn configure(host: &[&str], target: &[&str]) -> Config {
+     }
+ 
+     #[test]
++    #[ignore]
+     fn dist_baseline() {
+         let mut cache = run_build(&[], configure(&["A"], &["A"]));
+ 
+@@ -291,6 +300,7 @@ fn dist_baseline() {
+     }
+ 
+     #[test]
++    #[ignore]
+     fn dist_with_targets() {
+         let mut cache = run_build(&[], configure(&["A"], &["A", "B"]));
+ 
+@@ -320,6 +330,7 @@ fn dist_with_targets() {
+     }
+ 
+     #[test]
++    #[ignore]
+     fn dist_with_hosts() {
+         let mut cache = run_build(&[], configure(&["A", "B"], &["A", "B"]));
+ 
+@@ -362,6 +373,7 @@ fn dist_with_hosts() {
+     }
+ 
+     #[test]
++    #[ignore]
+     fn dist_only_cross_host() {
+         let b = TargetSelection::from_user("B");
+         let mut config = configure(&["A", "B"], &["A", "B"]);
+@@ -381,6 +393,7 @@ fn dist_only_cross_host() {
+     }
+ 
+     #[test]
++    #[ignore]
+     fn dist_with_targets_and_hosts() {
+         let mut cache = run_build(&[], configure(&["A", "B"], &["A", "B", "C"]));
+ 
+@@ -415,6 +428,7 @@ fn dist_with_targets_and_hosts() {
+     }
+ 
+     #[test]
++    #[ignore]
+     fn dist_with_empty_host() {
+         let config = configure(&[], &["C"]);
+         let mut cache = run_build(&[], config);
+@@ -431,6 +445,7 @@ fn dist_with_empty_host() {
+     }
+ 
+     #[test]
++    #[ignore]
+     fn dist_with_same_targets_and_hosts() {
+         let mut cache = run_build(&[], configure(&["A", "B"], &["A", "B"]));
+ 
+@@ -482,6 +497,7 @@ fn dist_with_same_targets_and_hosts() {
+     }
+ 
+     #[test]
++    #[ignore]
+     fn build_all() {
+         let build = Build::new(configure(&["A", "B"], &["A", "B", "C"]));
+         let mut builder = Builder::new(&build);
+@@ -515,6 +531,7 @@ fn build_all() {
+     }
+ 
+     #[test]
++    #[ignore]
+     fn build_with_empty_host() {
+         let config = configure(&[], &["C"]);
+         let build = Build::new(config);
+@@ -542,6 +559,7 @@ fn build_with_empty_host() {
+     }
+ 
+     #[test]
++    #[ignore]
+     fn test_with_no_doc_stage0() {
+         let mut config = configure(&["A"], &["A"]);
+         config.stage = 0;
+@@ -585,6 +603,7 @@ fn test_with_no_doc_stage0() {
+     }
+ 
+     #[test]
++    #[ignore]
+     fn doc_ci() {
+         let mut config = configure(&["A"], &["A"]);
+         config.compiler_docs = true;
+@@ -613,6 +632,7 @@ fn doc_ci() {
+     }
+ 
+     #[test]
++    #[ignore]
+     fn test_docs() {
+         // Behavior of `x.py test` doing various documentation tests.
+         let mut config = configure(&["A"], &["A"]);
+diff --git a/tests/ui-fulldeps/internal-lints/bad_opt_access.stderr b/tests/ui-fulldeps/internal-lints/bad_opt_access.stderr
+--- a/tests/ui-fulldeps/internal-lints/bad_opt_access.stderr 2023-01-10 10:47:33.000000000 -0800
++++ b/tests/ui-fulldeps/internal-lints/bad_opt_access.stderr 2023-01-20 03:49:06.575109271 -0800
+@@ -1,20 +1,11 @@
+-error: use `Session::split_debuginfo` instead of this field
+-  --> $DIR/bad_opt_access.rs:14:13
++error[E0463]: can't find crate for `rustc_macros` which `rustc_session` depends on
++  --> $DIR/bad_opt_access.rs:10:1
+    |
+-LL |     let _ = sess.opts.cg.split_debuginfo;
+-   |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
++LL | extern crate rustc_session;
++   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ can't find crate
+    |
+-note: the lint level is defined here
+-  --> $DIR/bad_opt_access.rs:8:9
+-   |
+-LL | #![deny(rustc::bad_opt_access)]
+-   |         ^^^^^^^^^^^^^^^^^^^^^
+-
+-error: use `Session::crate_types` instead of this field
+-  --> $DIR/bad_opt_access.rs:17:13
+-   |
+-LL |     let _ = sess.opts.crate_types;
+-   |             ^^^^^^^^^^^^^^^^^^^^^
++   = help: maybe you need to install the missing components with: `rustup component add rust-src rustc-dev llvm-tools-preview`
+ 
+-error: aborting due to 2 previous errors
++error: aborting due to previous error
+ 
++For more information about this error, try `rustc --explain E0463`.
+diff --git a/tests/ui/process/process-sigpipe.rs b/tests/ui/process/process-sigpipe.rs
+--- a/tests/ui/process/process-sigpipe.rs    2023-01-10 10:47:33.000000000 -0800
++++ b/tests/ui/process/process-sigpipe.rs    2023-01-27 01:07:05.335718181 -0800
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+ #![allow(unused_imports)]
+ #![allow(deprecated)]
+ 
+diff --git a/tests/run-make/static-pie/Makefile b/tests/run-make/static-pie/Makefile
+--- a/tests/run-make/static-pie/Makefile     2023-02-21 02:25:36.553233415 -0800
++++ b/tests/run-make/static-pie/Makefile     2023-02-21 02:19:45.848629908 -0800
+@@ -3,6 +3,7 @@ include ../../run-make-fulldeps/tools.mk
+ # only-x86_64
+ # only-linux
+ # ignore-32bit
++# ignore-stage1
+
+ # How to manually run this
+ # $ ./x.py test --target x86_64-unknown-linux-[musl,gnu] tests/run-make/static-pie
+diff --git a/tests/codegen/repr-transparent-aggregates-3.rs b/tests/codegen/repr-transparent-aggregates-3.rs
+index 0db17e6b13a..6e9cb7224c8 100644
+--- a/tests/codegen/repr-transparent-aggregates-3.rs
++++ b/tests/codegen/repr-transparent-aggregates-3.rs
+@@ -3,6 +3,7 @@
+ 
+ // only-mips64
+ // See repr-transparent.rs
++// ignore-stage1
+ 
+ #![feature(transparent_unions)]
+
+diff --git a/tests/codegen/abi-repr-ext.rs b/tests/codegen/abi-repr-ext.rs
+index 23ade3c7216..addd8a2ebdc 100644
+--- a/tests/codegen/abi-repr-ext.rs
++++ b/tests/codegen/abi-repr-ext.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -O
++// ignore-stage1
+ 
+ // revisions:x86_64 i686 aarch64-apple aarch64-windows aarch64-linux arm riscv
+ 
+diff --git a/tests/codegen/abi-x86-interrupt.rs b/tests/codegen/abi-x86-interrupt.rs
+index 928ad5a9bbd..5185edaae40 100644
+--- a/tests/codegen/abi-x86-interrupt.rs
++++ b/tests/codegen/abi-x86-interrupt.rs
+@@ -4,6 +4,7 @@
+ 
+ // needs-llvm-components: x86
+ // compile-flags: -C no-prepopulate-passes --target=x86_64-unknown-linux-gnu -Copt-level=0
++// ignore-stage1
+ 
+ #![crate_type = "lib"]
+ #![no_core]
+diff --git a/tests/codegen/branch-protection.rs b/tests/codegen/branch-protection.rs
+index 994c71b2619..5d83a29da74 100644
+--- a/tests/codegen/branch-protection.rs
++++ b/tests/codegen/branch-protection.rs
+@@ -7,6 +7,7 @@
+ // [LEAF] compile-flags: -Z branch-protection=pac-ret,leaf
+ // [BKEY] compile-flags: -Z branch-protection=pac-ret,b-key
+ // compile-flags: --target aarch64-unknown-linux-gnu
++// ignore-stage1
+ 
+ #![crate_type = "lib"]
+ #![feature(no_core, lang_items)]
+diff --git a/tests/codegen/catch-unwind.rs b/tests/codegen/catch-unwind.rs
+index b90ef104ce7..12d5d1451a2 100644
+--- a/tests/codegen/catch-unwind.rs
++++ b/tests/codegen/catch-unwind.rs
+@@ -10,6 +10,7 @@
+ // ignore-riscv64 FIXME
+ // On s390x the closure is also in another function
+ // ignore-s390x FIXME
++// ignore-stage1
+ 
+ #![crate_type = "lib"]
+ #![feature(c_unwind)]
+diff --git a/tests/codegen/cf-protection.rs b/tests/codegen/cf-protection.rs
+index ccbc863f571..f4281d87abf 100644
+--- a/tests/codegen/cf-protection.rs
++++ b/tests/codegen/cf-protection.rs
+@@ -8,6 +8,7 @@
+ // [return] compile-flags: -Z cf-protection=return
+ // [full] compile-flags: -Z cf-protection=full
+ // compile-flags: --target x86_64-unknown-linux-gnu
++// ignore-stage1
+ 
+ #![crate_type = "lib"]
+ #![feature(no_core, lang_items)]
+diff --git a/tests/codegen/enum-bounds-check-derived-idx.rs b/tests/codegen/enum-bounds-check-derived-idx.rs
+index aa66c2ed08e..db6c87c7338 100644
+--- a/tests/codegen/enum-bounds-check-derived-idx.rs
++++ b/tests/codegen/enum-bounds-check-derived-idx.rs
+@@ -1,7 +1,7 @@
+ // This test checks an optimization that is not guaranteed to work. This test case should not block
+ // a future LLVM update.
+ // compile-flags: -O
+-
++// ignore-stage1
+ #![crate_type = "lib"]
+ 
+ pub enum Bar {
+diff --git a/tests/codegen/force-unwind-tables.rs b/tests/codegen/force-unwind-tables.rs
+index 4c0a5602c6d..d5faf190290 100644
+--- a/tests/codegen/force-unwind-tables.rs
++++ b/tests/codegen/force-unwind-tables.rs
+@@ -1,5 +1,5 @@
+ // compile-flags: -C no-prepopulate-passes -C force-unwind-tables=y
+-
++// ignore-stage1
+ #![crate_type="lib"]
+ 
+ // CHECK: attributes #{{.*}} uwtable
+diff --git a/tests/codegen/intrinsic-no-unnamed-attr.rs b/tests/codegen/intrinsic-no-unnamed-attr.rs
+index c8a8e0b3e7a..f779f5cc27e 100644
+--- a/tests/codegen/intrinsic-no-unnamed-attr.rs
++++ b/tests/codegen/intrinsic-no-unnamed-attr.rs
+@@ -1,5 +1,5 @@
+ // compile-flags: -C no-prepopulate-passes
+-
++// ignore-stage1
+ #![feature(intrinsics)]
+ 
+ extern "rust-intrinsic" {
+diff --git a/tests/codegen/issues/issue-103840.rs b/tests/codegeni/issues/issue-103840.rs
+index f19d7031bb3..92408e75964 100644
+--- a/tests/codegen/issues/issue-103840.rs
++++ b/tests/codegen/issues/issue-103840.rs
+@@ -1,5 +1,6 @@
+ // compile-flags: -O
+ #![crate_type = "lib"]
++// ignore-stage1
+ 
+ pub fn foo(t: &mut Vec<usize>) {
+     // CHECK-NOT: __rust_dealloc
+diff --git a/tests/codegen/issues/issue-47278.rs b/tests/codegen/issues/issue-47278.rs
+index 9076274f45e..de7203e139b 100644
+--- a/tests/codegen/issues/issue-47278.rs
++++ b/tests/codegen/issues/issue-47278.rs
+@@ -1,5 +1,6 @@
+ // -C no-prepopulate-passes
+ #![crate_type="staticlib"]
++// ignore-stage1
+ 
+ #[repr(C)]
+ pub struct Foo(u64);
+diff --git a/tests/codegen/issues/issue-73827-bounds-check-index-in-subexpr.rs b/tests/codegen/issues/issue-73827-bounds-check-index-in-subexpr.rs
+index 1ad05906e21..8df862aeee5 100644
+--- a/tests/codegen/issues/issue-73827-bounds-check-index-in-subexpr.rs
++++ b/tests/codegen/issues/issue-73827-bounds-check-index-in-subexpr.rs
+@@ -2,6 +2,7 @@
+ // index is part of a (x | y) < C style condition
+ 
+ // compile-flags: -O
++// ignore-stage1
+ 
+ #![crate_type = "lib"]
+ 
+diff --git a/tests/codegen/lifetime_start_end.rs b/tests/codegen/lifetime_start_end.rs
+index 471a0b8cedd..356650de0c1 100644
+--- a/tests/codegen/lifetime_start_end.rs
++++ b/tests/codegen/lifetime_start_end.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -O -C no-prepopulate-passes -Zmir-opt-level=0
++// ignore-stage1
+ 
+ #![crate_type = "lib"]
+ 
+diff --git a/tests/codegen/local-generics-in-exe-internalized.rs b/tests/codegen/local-generics-in-exe-internalized.rs
+index 449c5ca75fc..746a7ed1b6f 100644
+--- a/tests/codegen/local-generics-in-exe-internalized.rs
++++ b/tests/codegen/local-generics-in-exe-internalized.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -C no-prepopulate-passes -Zshare-generics=yes
++// ignore-stage1
+ 
+ // Check that local generics are internalized if they are in the same CGU
+ 
+diff --git a/tests/codegen/match-unoptimized.rs b/tests/codegen/match-unoptimized.rs
+index 78ea4f9b409..23b2c62bd38 100644
+--- a/tests/codegen/match-unoptimized.rs
++++ b/tests/codegen/match-unoptimized.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -C no-prepopulate-passes -Copt-level=0
++// ignore-stage1
+ 
+ #![crate_type = "lib"]
+ 
+diff --git a/tests/codegen/noalias-rwlockreadguard.rs b/tests/codegen/noalias-rwlockreadguard.rs
+index 7f7b46c85a8..a32910da3e7 100644
+--- a/tests/codegen/noalias-rwlockreadguard.rs
++++ b/tests/codegen/noalias-rwlockreadguard.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -O -C no-prepopulate-passes -Z mutable-noalias=yes
++// ignore-stage1
+ 
+ #![crate_type = "lib"]
+ 
+diff --git a/tests/codegen/non-terminate/nonempty-infinite-loop.rs b/tests/codegen/non-terminate/nonempty-infinite-loop.rs
+index 5e25e04fc24..fce094f7efd 100644
+--- a/tests/codegen/non-terminate/nonempty-infinite-loop.rs
++++ b/tests/codegen/non-terminate/nonempty-infinite-loop.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -C opt-level=3
++// ignore-stage1
+ 
+ #![crate_type = "lib"]
+ 
+diff --git a/tests/codegen/noreturn-uninhabited.rs b/tests/codegen/noreturn-uninhabited.rs
+index 49f93cf62c7..2da42faeabd 100644
+--- a/tests/codegen/noreturn-uninhabited.rs
++++ b/tests/codegen/noreturn-uninhabited.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: -g -C no-prepopulate-passes
++// ignore-stage1
+ 
+ #![crate_type = "lib"]
+ 
+diff --git a/tests/rustdoc/async-move-doctest.rs b/tests/rustdoc/async-move-doctest.rs
+index 2ba61388c9e..402c5bbaaf7 100644
+--- a/tests/rustdoc/async-move-doctest.rs
++++ b/tests/rustdoc/async-move-doctest.rs
+@@ -1,5 +1,6 @@
+ // compile-flags:--test
+ // edition:2018
++// ignore-stage1
+ 
+ // Prior to setting the default edition for the doctest pre-parser,
+ // this doctest would fail due to a fatal parsing error.
+diff --git a/tests/rustdoc/async-trait.rs b/tests/rustdoc/async-trait.rs
+index a473e467473..df3be5adc17 100644
+--- a/tests/rustdoc/async-trait.rs
++++ b/tests/rustdoc/async-trait.rs
+@@ -1,5 +1,6 @@
+ // aux-build:async-trait-dep.rs
+ // edition:2021
++// ignore-stage1
+ 
+ #![feature(async_fn_in_trait)]
+ #![allow(incomplete_features)]
+diff --git a/tests/rustdoc/check-source-code-urls-to-def.rs b/tests/rustdoc/check-source-code-urls-to-def.rs
+index 41b9d41fa44..0805a07a0c9 100644
+--- a/tests/rustdoc/check-source-code-urls-to-def.rs
++++ b/tests/rustdoc/check-source-code-urls-to-def.rs
+@@ -1,6 +1,7 @@
+ // compile-flags: -Zunstable-options --generate-link-to-definition
+ // aux-build:source_code.rs
+ // build-aux-docs
++// ignore-stage1
+ 
+ #![feature(rustc_attrs)]
+ 
+diff --git a/tests/rustdoc/comment-in-doctest.rs b/tests/rustdoc/comment-in-doctest.rs
+index 5691d173569..a57c0e1f3bd 100644
+--- a/tests/rustdoc/comment-in-doctest.rs
++++ b/tests/rustdoc/comment-in-doctest.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+ 
+ // comments, both doc comments and regular ones, used to trick rustdoc's doctest parser into
+ // thinking that everything after it was part of the regular program. combined with the librustc_ast
+diff --git a/tests/rustdoc/const-generics/const-generics-docs.rs b/tests/rustdoc/const-generics/const-generics-docs.rs
+index 828486a41d4..02a934996f8 100644
+--- a/tests/rustdoc/const-generics/const-generics-docs.rs
++++ b/tests/rustdoc/const-generics/const-generics-docs.rs
+@@ -1,5 +1,7 @@
+ // edition:2018
+ // aux-build: extern_crate.rs
++// ignore-stage1
++
+ #![crate_name = "foo"]
+ 
+ extern crate extern_crate;
+diff --git a/tests/rustdoc/cross-crate-hidden-assoc-trait-items.rs b/tests/rustdoc/cross-crate-hidden-assoc-trait-items.rs
+index d02bc4fe712..6f432da06bf 100644
+--- a/tests/rustdoc/cross-crate-hidden-assoc-trait-items.rs
++++ b/tests/rustdoc/cross-crate-hidden-assoc-trait-items.rs
+@@ -1,5 +1,6 @@
+ // Regression test for issue #95717
+ // Hide cross-crate `#[doc(hidden)]` associated items in trait impls.
++// ignore-stage1
+ 
+ #![crate_name = "dependent"]
+ // edition:2021
+diff --git a/tests/rustdoc/cross-crate-hidden-impl-parameter.rs b/tests/rustdoc/cross-crate-hidden-impl-parameter.rs
+index eb2ced2f7f4..08a6f8b27f3 100644
+--- a/tests/rustdoc/cross-crate-hidden-impl-parameter.rs
++++ b/tests/rustdoc/cross-crate-hidden-impl-parameter.rs
+@@ -1,4 +1,6 @@
+ // Issue #86448: test for cross-crate `doc(hidden)`
++// ignore-stage1
++
+ #![crate_name = "foo"]
+ 
+ // aux-build:cross-crate-hidden-impl-parameter.rs
+diff --git a/tests/rustdoc/cross-crate-links.rs b/tests/rustdoc/cross-crate-links.rs
+index 7c736a4cc11..a0be9a367c6 100644
+--- a/tests/rustdoc/cross-crate-links.rs
++++ b/tests/rustdoc/cross-crate-links.rs
+@@ -1,5 +1,6 @@
+ // aux-build:all-item-types.rs
+ // build-aux-docs
++// ignore-stage1
+ 
+ #![crate_name = "foo"]
+ 
+diff --git a/tests/rustdoc/cross-crate-primitive-doc.rs b/tests/rustdoc/cross-crate-primitive-doc.rs
+index 4ba296ee04a..51fa62ffb53 100644
+--- a/tests/rustdoc/cross-crate-primitive-doc.rs
++++ b/tests/rustdoc/cross-crate-primitive-doc.rs
+@@ -1,6 +1,7 @@
+ // aux-build:primitive-doc.rs
+ // compile-flags: --extern-html-root-url=primitive_doc=../ -Z unstable-options
+ // only-linux
++// ignore-stage1
+ 
+ #![feature(no_core)]
+ #![no_core]
+diff --git a/tests/rustdoc/doctest-manual-crate-name.rs b/tests/rustdoc/doctest-manual-crate-name.rs
+index 3a5e3734e14..2b4b19b4708 100644
+--- a/tests/rustdoc/doctest-manual-crate-name.rs
++++ b/tests/rustdoc/doctest-manual-crate-name.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+ 
+ //! ```
+ //! #![crate_name="asdf"]
+diff --git a/tests/rustdoc/edition-doctest.rs b/tests/rustdoc/edition-doctest.rs
+index 6de25996bed..4acb562a29c 100644
+--- a/tests/rustdoc/edition-doctest.rs
++++ b/tests/rustdoc/edition-doctest.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+ 
+ /// ```rust,edition2018
+ /// #![feature(try_blocks)]
+diff --git a/tests/rustdoc/edition-flag.rs b/tests/rustdoc/edition-flag.rs
+index e54c7d2969b..4cee5e1a3cf 100644
+--- a/tests/rustdoc/edition-flag.rs
++++ b/tests/rustdoc/edition-flag.rs
+@@ -1,5 +1,6 @@
+ // compile-flags:--test
+ // edition:2018
++// ignore-stage1
+ 
+ /// ```rust
+ /// fn main() {
+diff --git a/tests/rustdoc/elided-lifetime.rs b/tests/rustdoc/elided-lifetime.rs
+index 006132ef8aa..75ac6496dfb 100644
+--- a/tests/rustdoc/elided-lifetime.rs
++++ b/tests/rustdoc/elided-lifetime.rs
+@@ -4,6 +4,7 @@
+ //
+ // Since Rust 2018 we encourage writing out <'_> explicitly to make it clear
+ // that borrowing is occurring. Make sure rustdoc is following the same idiom.
++// ignore-stage1
+ 
+ #![crate_name = "foo"]
+ 
+diff --git a/tests/rustdoc/extern-html-root-url.rs b/tests/rustdoc/extern-html-root-url.rs
+index 17eedcf2ab8..429bf78b9d5 100644
+--- a/tests/rustdoc/extern-html-root-url.rs
++++ b/tests/rustdoc/extern-html-root-url.rs
+@@ -2,6 +2,7 @@
+ // aux-build:html_root.rs
+ // aux-build:no_html_root.rs
+ // NOTE: intentionally does not build any auxiliary docs
++// ignore-stage1
+ 
+ extern crate html_root;
+ extern crate no_html_root;
+diff --git a/tests/rustdoc/extern-impl-trait.rs b/tests/rustdoc/extern-impl-trait.rs
+index 8ab026afd1b..c47d6802211 100644
+--- a/tests/rustdoc/extern-impl-trait.rs
++++ b/tests/rustdoc/extern-impl-trait.rs
+@@ -1,4 +1,5 @@
+ // aux-build:extern-impl-trait.rs
++// ignore-stage1
+ 
+ #![crate_name = "foo"]
+ 
+diff --git a/tests/rustdoc/external-macro-src.rs b/tests/rustdoc/external-macro-src.rs
+index 359551ab78d..86499a0bf2e 100644
+--- a/tests/rustdoc/external-macro-src.rs
++++ b/tests/rustdoc/external-macro-src.rs
+@@ -1,4 +1,5 @@
+ // aux-build:external-macro-src.rs
++// ignore-stage1
+ 
+ #![crate_name = "foo"]
+ 
+diff --git a/tests/rustdoc/hide-unstable-trait.rs b/tests/rustdoc/hide-unstable-trait.rs
+index 0bf7cabc43b..9ceeccfead8 100644
+--- a/tests/rustdoc/hide-unstable-trait.rs
++++ b/tests/rustdoc/hide-unstable-trait.rs
+@@ -1,4 +1,5 @@
+ // aux-build:unstable-trait.rs
++// ignore-stage1
+ 
+ #![crate_name = "foo"]
+ #![feature(private_trait)]
+diff --git a/tests/rustdoc/inline_cross/add-docs.rs b/tests/rustdoc/inline_cross/add-docs.rs
+index a1124d2094c..a11b866647d 100644
+--- a/tests/rustdoc/inline_cross/add-docs.rs
++++ b/tests/rustdoc/inline_cross/add-docs.rs
+@@ -1,4 +1,5 @@
+ // aux-build:add-docs.rs
++// ignore-stage1
+ 
+ extern crate inner;
+ 
+diff --git a/tests/rustdoc/inline_cross/default-trait-method.rs b/tests/rustdoc/inline_cross/default-trait-method.rs
+index a4ec73a127d..8db38c99791 100644
+--- a/tests/rustdoc/inline_cross/default-trait-method.rs
++++ b/tests/rustdoc/inline_cross/default-trait-method.rs
+@@ -1,4 +1,5 @@
+ // aux-build:default-trait-method.rs
++// ignore-stage1
+ 
+ extern crate foo;
+ 
+diff --git a/tests/rustdoc/inline_cross/impl_trait.rs b/tests/rustdoc/inline_cross/impl_trait.rs
+index b6a1552bc00..85377b19e0d 100644
+--- a/tests/rustdoc/inline_cross/impl_trait.rs
++++ b/tests/rustdoc/inline_cross/impl_trait.rs
+@@ -1,5 +1,6 @@
+ // aux-build:impl_trait_aux.rs
+ // edition:2018
++// ignore-stage1
+ 
+ extern crate impl_trait_aux;
+ 
+diff --git a/tests/rustdoc/inline_cross/issue-24183.rs b/tests/rustdoc/inline_cross/issue-24183.rs
+index 751a32385e8..d25211cb2b0 100644
+--- a/tests/rustdoc/inline_cross/issue-24183.rs
++++ b/tests/rustdoc/inline_cross/issue-24183.rs
+@@ -1,5 +1,6 @@
+ #![crate_type = "lib"]
+ #![crate_name = "usr"]
++// ignore-stage1
+ 
+ // aux-crate:issue_24183=issue-24183.rs
+ // edition: 2021
+diff --git a/tests/rustdoc/inline_cross/macros.rs b/tests/rustdoc/inline_cross/macros.rs
+index a41b9c5b197..1b4bccee176 100644
+--- a/tests/rustdoc/inline_cross/macros.rs
++++ b/tests/rustdoc/inline_cross/macros.rs
+@@ -1,5 +1,6 @@
+ // aux-build:macros.rs
+ // build-aux-docs
++// ignore-stage1
+ 
+ #![feature(macro_test)]
+ #![crate_name = "foo"]
+diff --git a/tests/rustdoc/inline_cross/trait-vis.rs b/tests/rustdoc/inline_cross/trait-vis.rs
+index b646babacc5..b77e966afe3 100644
+--- a/tests/rustdoc/inline_cross/trait-vis.rs
++++ b/tests/rustdoc/inline_cross/trait-vis.rs
+@@ -1,4 +1,5 @@
+ // aux-build:trait-vis.rs
++// ignore-stage1
+ 
+ extern crate inner;
+ 
+diff --git a/tests/rustdoc/inline_cross/use_crate.rs b/tests/rustdoc/inline_cross/use_crate.rs
+index 00e0f041c56..c5bf6010d93 100644
+--- a/tests/rustdoc/inline_cross/use_crate.rs
++++ b/tests/rustdoc/inline_cross/use_crate.rs
+@@ -3,6 +3,7 @@
+ // build-aux-docs
+ // edition:2018
+ // compile-flags:--extern use_crate --extern use_crate_2
++// ignore-stage1
+ 
+ // During the buildup to Rust 2018, rustdoc would eagerly inline `pub use some_crate;` as if it
+ // were a module, so we changed it to make `pub use`ing crate roots remain as a `pub use` statement
+diff --git a/tests/rustdoc/intra-doc-crate/self.rs b/tests/rustdoc/intra-doc-crate/self.rs
+index 8c36a7fa002..848e17a18a1 100644
+--- a/tests/rustdoc/intra-doc-crate/self.rs
++++ b/tests/rustdoc/intra-doc-crate/self.rs
+@@ -1,5 +1,6 @@
+ // aux-build:self.rs
+ // build-aux-docs
++// ignore-stage1
+ 
+ extern crate cross_crate_self;
+ 
+diff --git a/tests/rustdoc/intra-doc/cross-crate/additional_doc.rs b/tests/rustdoc/intra-doc/cross-crate/additional_doc.rs
+index e52fb9b1c9f..765ad78fb4d 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/additional_doc.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/additional_doc.rs
+@@ -1,5 +1,7 @@
+ // aux-build:additional_doc.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![deny(rustdoc::broken_intra_doc_links)]
+ 
+ extern crate my_rand;
+diff --git a/tests/rustdoc/intra-doc/cross-crate/basic.rs b/tests/rustdoc/intra-doc/cross-crate/basic.rs
+index ad7454918b4..a959a15a672 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/basic.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/basic.rs
+@@ -1,5 +1,7 @@
+ // aux-build:intra-doc-basic.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![deny(rustdoc::broken_intra_doc_links)]
+ 
+ // from https://github.com/rust-lang/rust/issues/65983
+diff --git a/tests/rustdoc/intra-doc/cross-crate/crate.rs b/tests/rustdoc/intra-doc/cross-crate/crate.rs
+index edf544708b6..735847bcbb5 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/crate.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/crate.rs
+@@ -1,5 +1,7 @@
+ // aux-build:intra-link-cross-crate-crate.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![crate_name = "outer"]
+ extern crate inner;
+ // @has outer/fn.f.html '//a[@href="../inner/fn.g.html"]' "crate::g"
+diff --git a/tests/rustdoc/intra-doc/cross-crate/hidden.rs b/tests/rustdoc/intra-doc/cross-crate/hidden.rs
+index 4f7d075ba48..d7ffed2d19d 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/hidden.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/hidden.rs
+@@ -1,5 +1,7 @@
+ // aux-build:hidden.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![deny(rustdoc::broken_intra_doc_links)]
+ 
+ // tests https://github.com/rust-lang/rust/issues/73363
+diff --git a/tests/rustdoc/intra-doc/cross-crate/macro.rs b/tests/rustdoc/intra-doc/cross-crate/macro.rs
+index 32f0a55d3c6..31add14b3b6 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/macro.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/macro.rs
+@@ -1,6 +1,8 @@
+ // aux-build:macro_inner.rs
+ // aux-build:proc_macro.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![deny(rustdoc::broken_intra_doc_links)]
+ extern crate macro_inner;
+ extern crate proc_macro_inner;
+diff --git a/tests/rustdoc/intra-doc/cross-crate/module.rs b/tests/rustdoc/intra-doc/cross-crate/module.rs
+index fde9322657d..72e55a83007 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/module.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/module.rs
+@@ -1,6 +1,8 @@
+ // outer.rs
+ // aux-build: module.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![deny(rustdoc::broken_intra_doc_links)]
+ extern crate module_inner;
+ // @has 'module/bar/index.html' '//a[@href="../../module_inner/trait.SomeTrait.html"]' 'SomeTrait'
+diff --git a/tests/rustdoc/intra-doc/cross-crate/submodule-inner.rs b/tests/rustdoc/intra-doc/cross-crate/submodule-inner.rs
+index 577fe78a508..1da901cd8b8 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/submodule-inner.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/submodule-inner.rs
+@@ -1,5 +1,7 @@
+ // aux-build:submodule-inner.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![deny(rustdoc::broken_intra_doc_links)]
+ 
+ extern crate a;
+diff --git a/tests/rustdoc/intra-doc/cross-crate/submodule-outer.rs b/tests/rustdoc/intra-doc/cross-crate/submodule-outer.rs
+index d0c0b7e85ae..39c42c5a684 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/submodule-outer.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/submodule-outer.rs
+@@ -1,5 +1,7 @@
+ // aux-build:submodule-outer.rs
+ // edition:2018
++// ignore-stage1
++
+ #![deny(rustdoc::broken_intra_doc_links)]
+ 
+ extern crate bar as bar_;
+diff --git a/tests/rustdoc/intra-doc/cross-crate/traits.rs b/tests/rustdoc/intra-doc/cross-crate/traits.rs
+index 7b9554bfdb0..0417a5f4537 100644
+--- a/tests/rustdoc/intra-doc/cross-crate/traits.rs
++++ b/tests/rustdoc/intra-doc/cross-crate/traits.rs
+@@ -1,5 +1,7 @@
+ // aux-build:traits.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![deny(rustdoc::broken_intra_doc_links)]
+ 
+ extern crate inner;
+diff --git a/tests/rustdoc/intra-doc/extern-builtin-type-impl.rs b/tests/rustdoc/intra-doc/extern-builtin-type-impl.rs
+index 7bb1ded3f3c..994ece708ca 100644
+--- a/tests/rustdoc/intra-doc/extern-builtin-type-impl.rs
++++ b/tests/rustdoc/intra-doc/extern-builtin-type-impl.rs
+@@ -1,6 +1,7 @@
+ // Reexport of a structure that derefs to a type with lang item impls having doc links in their
+ // comments. The doc link points to an associated item, so we check that traits in scope for that
+ // link are populated.
++// ignore-stage1
+ 
+ // aux-build:extern-builtin-type-impl-dep.rs
+ 
+diff --git a/tests/rustdoc/intra-doc/extern-crate-only-used-in-link.rs b/tests/rustdoc/intra-doc/extern-crate-only-used-in-link.rs
+index ad50887e922..69d5aa1717a 100644
+--- a/tests/rustdoc/intra-doc/extern-crate-only-used-in-link.rs
++++ b/tests/rustdoc/intra-doc/extern-crate-only-used-in-link.rs
+@@ -7,6 +7,7 @@
+ // aux-crate:priv:empty2=empty2.rs
+ // build-aux-docs
+ // compile-flags:-Z unstable-options --edition 2018
++// ignore-stage1
+ 
+ // @has extern_crate_only_used_in_link/index.html
+ // @has - '//a[@href="../issue_66159_1/struct.Something.html"]' 'issue_66159_1::Something'
+diff --git a/tests/rustdoc/intra-doc/extern-crate.rs b/tests/rustdoc/intra-doc/extern-crate.rs
+index 4e4438dea03..b6793531515 100644
+--- a/tests/rustdoc/intra-doc/extern-crate.rs
++++ b/tests/rustdoc/intra-doc/extern-crate.rs
+@@ -3,6 +3,7 @@
+ // When loading `extern crate` statements, we would pull in their docs at the same time, even
+ // though they would never actually get displayed. This tripped intra-doc-link resolution failures,
+ // for items that aren't under our control, and not actually getting documented!
++// ignore-stage1
+ 
+ #![deny(rustdoc::broken_intra_doc_links)]
+ 
+diff --git a/tests/rustdoc/intra-doc/extern-inherent-impl.rs b/tests/rustdoc/intra-doc/extern-inherent-impl.rs
+index 2e41c2214f4..8851071adbd 100644
+--- a/tests/rustdoc/intra-doc/extern-inherent-impl.rs
++++ b/tests/rustdoc/intra-doc/extern-inherent-impl.rs
+@@ -1,5 +1,6 @@
+ // Reexport of a structure with public inherent impls having doc links in their comments. The doc
+ // link points to an associated item, so we check that traits in scope for that link are populated.
++// ignore-stage1
+ 
+ // aux-build:extern-inherent-impl-dep.rs
+ 
+diff --git a/tests/rustdoc/intra-doc/extern-reference-link.rs b/tests/rustdoc/intra-doc/extern-reference-link.rs
+index bad6ec75579..43cf0c23e8b 100644
+--- a/tests/rustdoc/intra-doc/extern-reference-link.rs
++++ b/tests/rustdoc/intra-doc/extern-reference-link.rs
+@@ -1,5 +1,6 @@
+ // compile-flags: --extern pub_struct
+ // aux-build:pub-struct.rs
++// ignore-stage1
+ 
+ /// [SomeStruct]
+ ///
+diff --git a/tests/rustdoc/intra-doc/issue-103463.rs b/tests/rustdoc/intra-doc/issue-103463.rs
+index 4adf8a9a8a4..3b965529577 100644
+--- a/tests/rustdoc/intra-doc/issue-103463.rs
++++ b/tests/rustdoc/intra-doc/issue-103463.rs
+@@ -1,6 +1,7 @@
+ // The `Trait` is not pulled into the crate resulting in doc links in its methods being resolved.
+ 
+ // aux-build:issue-103463-aux.rs
++// ignore-stage1
+ 
+ extern crate issue_103463_aux;
+ use issue_103463_aux::Trait;
+diff --git a/tests/rustdoc/intra-doc/issue-104145.rs b/tests/rustdoc/intra-doc/issue-104145.rs
+index 9ce36740d60..74c790ddd45 100644
+--- a/tests/rustdoc/intra-doc/issue-104145.rs
++++ b/tests/rustdoc/intra-doc/issue-104145.rs
+@@ -1,6 +1,7 @@
+ // Doc links in `Trait`'s methods are resolved because it has a local impl.
+ 
+ // aux-build:issue-103463-aux.rs
++// ignore-stage1
+ 
+ extern crate issue_103463_aux;
+ use issue_103463_aux::Trait;
+diff --git a/tests/rustdoc/intra-doc/issue-66159.rs b/tests/rustdoc/intra-doc/issue-66159.rs
+index 56742b39790..64ef5f3d07c 100644
+--- a/tests/rustdoc/intra-doc/issue-66159.rs
++++ b/tests/rustdoc/intra-doc/issue-66159.rs
+@@ -1,5 +1,6 @@
+ // aux-crate:priv:pub_struct=pub-struct.rs
+ // compile-flags:-Z unstable-options
++// ignore-stage1
+ 
+ // The issue was an ICE which meant that we never actually generated the docs
+ // so if we have generated the docs, we're okay.
+diff --git a/tests/rustdoc/intra-doc/pub-use.rs b/tests/rustdoc/intra-doc/pub-use.rs
+index 8a998496cf5..26109bc52fc 100644
+--- a/tests/rustdoc/intra-doc/pub-use.rs
++++ b/tests/rustdoc/intra-doc/pub-use.rs
+@@ -1,4 +1,5 @@
+ // aux-build: intra-link-pub-use.rs
++// ignore-stage1
+ #![deny(rustdoc::broken_intra_doc_links)]
+ #![crate_name = "outer"]
+ 
+diff --git a/tests/rustdoc/intra-doc/reexport-additional-docs.rs b/tests/rustdoc/intra-doc/reexport-additional-docs.rs
+index 64683bacd65..6ed63e4dd26 100644
+--- a/tests/rustdoc/intra-doc/reexport-additional-docs.rs
++++ b/tests/rustdoc/intra-doc/reexport-additional-docs.rs
+@@ -1,5 +1,7 @@
+ // aux-build:intra-link-reexport-additional-docs.rs
+ // build-aux-docs
++// ignore-stage1
++
+ #![crate_name = "foo"]
+ extern crate inner;
+ 
+diff --git a/tests/rustdoc/issue-18199.rs b/tests/rustdoc/issue-18199.rs
+index bc0c4a56502..1995fd2ec7d 100644
+--- a/tests/rustdoc/issue-18199.rs
++++ b/tests/rustdoc/issue-18199.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+ 
+ #![doc(test(attr(feature(staged_api))))]
+ 
+diff --git a/tests/rustdoc/issue-23106.rs b/tests/rustdoc/issue-23106.rs
+index 8cda2fc3380..e7b5c1e28c5 100644
+--- a/tests/rustdoc/issue-23106.rs
++++ b/tests/rustdoc/issue-23106.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+ 
+ /// ```
+ /// #
+diff --git a/tests/rustdoc/issue-23744.rs b/tests/rustdoc/issue-23744.rs
+index 642817396b2..780b131a842 100644
+--- a/tests/rustdoc/issue-23744.rs
++++ b/tests/rustdoc/issue-23744.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+ 
+ /// Example of rustdoc incorrectly parsing <code>```rust,should_panic</code>.
+ ///
+diff --git a/tests/rustdoc/issue-25944.rs b/tests/rustdoc/issue-25944.rs
+index 49625294bbe..b6df4518de4 100644
+--- a/tests/rustdoc/issue-25944.rs
++++ b/tests/rustdoc/issue-25944.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+ 
+ /// ```
+ /// let a = r#"
+diff --git a/tests/rustdoc/issue-30252.rs b/tests/rustdoc/issue-30252.rs
+index c3777362a66..a80f92dc754 100644
+--- a/tests/rustdoc/issue-30252.rs
++++ b/tests/rustdoc/issue-30252.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test --cfg feature="bar"
++// ignore-stage1
+ 
+ /// ```rust
+ /// assert_eq!(cfg!(feature = "bar"), true);
+diff --git a/tests/rustdoc/issue-38129.rs b/tests/rustdoc/issue-38129.rs
+index 156d50fa52a..60ab5dd1885 100644
+--- a/tests/rustdoc/issue-38129.rs
++++ b/tests/rustdoc/issue-38129.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+ 
+ // This file tests the source-partitioning behavior of rustdoc.
+ // Each test contains some code that should be put into the generated
+diff --git a/tests/rustdoc/issue-40936.rs b/tests/rustdoc/issue-40936.rs
+index 4d2e4c17b1f..8dcfc4068d3 100644
+--- a/tests/rustdoc/issue-40936.rs
++++ b/tests/rustdoc/issue-40936.rs
+@@ -1,5 +1,6 @@
+ // aux-build:issue-40936.rs
+ // build-aux-docs
++// ignore-stage1
+ 
+ #![crate_name = "foo"]
+ 
+diff --git a/tests/rustdoc/issue-43153.rs b/tests/rustdoc/issue-43153.rs
+index 0fe680f10af..8c67d64826a 100644
+--- a/tests/rustdoc/issue-43153.rs
++++ b/tests/rustdoc/issue-43153.rs
+@@ -1,5 +1,6 @@
+ // Test that `include!` in a doc test searches relative to the directory in
+ // which the test is declared.
++// ignore-stage1
+ 
+ // compile-flags:--test
+ 
+diff --git a/tests/rustdoc/issue-46727.rs b/tests/rustdoc/issue-46727.rs
+index 8cfc4827a7f..55f155e0219 100644
+--- a/tests/rustdoc/issue-46727.rs
++++ b/tests/rustdoc/issue-46727.rs
+@@ -1,4 +1,5 @@
+ // aux-build:issue-46727.rs
++// ignore-stage1
+ 
+ extern crate issue_46727;
+ 
+diff --git a/tests/rustdoc/issue-48377.rs b/tests/rustdoc/issue-48377.rs
+index c32bcf380ea..c196b77a3e7 100644
+--- a/tests/rustdoc/issue-48377.rs
++++ b/tests/rustdoc/issue-48377.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+ 
+ //! This is a doc comment
+ //!
+diff --git a/tests/rustdoc/issue-48414.rs b/tests/rustdoc/issue-48414.rs
+index b35743d887b..e8ade910228 100644
+--- a/tests/rustdoc/issue-48414.rs
++++ b/tests/rustdoc/issue-48414.rs
+@@ -1,4 +1,5 @@
+ // aux-build:issue-48414.rs
++// ignore-stage1
+ 
+ // ICE when resolving paths for a trait that linked to another trait, when both were in an external
+ // crate
+diff --git a/tests/rustdoc/issue-53689.rs b/tests/rustdoc/issue-53689.rs
+index 832140e061b..9a40ea6bc1b 100644
+--- a/tests/rustdoc/issue-53689.rs
++++ b/tests/rustdoc/issue-53689.rs
+@@ -1,4 +1,5 @@
+ // aux-build:issue-53689.rs
++// ignore-stage1
+ 
+ #![crate_name = "foo"]
+ 
+diff --git a/tests/rustdoc/issue-54478-demo-allocator.rs b/tests/rustdoc/issue-54478-demo-allocator.rs
+index 4811f363bc9..f4d12f6f630 100644
+--- a/tests/rustdoc/issue-54478-demo-allocator.rs
++++ b/tests/rustdoc/issue-54478-demo-allocator.rs
+@@ -1,5 +1,6 @@
+ // Issue #54478: regression test showing that we can demonstrate
+ // `#[global_allocator]` in code blocks built by `rustdoc`.
++// ignore-stage1
+ //
+ // ## Background
+ //
+@@ -11,6 +12,7 @@
+ // Rather than try to revise the visbility semanics, we instead
+ // decided to change `rustdoc` to behave more like the compiler's
+ // default setting, by leaving off `-C prefer-dynamic`.
++// ignore-stage1
+ 
+ // compile-flags:--test
+ 
+diff --git a/tests/rustdoc/issue-57180.rs b/tests/rustdoc/issue-57180.rs
+index 14bd2b0fec0..5f89e5d42f5 100644
+--- a/tests/rustdoc/issue-57180.rs
++++ b/tests/rustdoc/issue-57180.rs
+@@ -1,4 +1,5 @@
+ // aux-build:issue-57180.rs
++// ignore-stage1
+ 
+ extern crate issue_57180;
+ use issue_57180::Trait;
+diff --git a/tests/rustdoc/issue-61592.rs b/tests/rustdoc/issue-61592.rs
+index 4b6c37b94aa..048487390bb 100644
+--- a/tests/rustdoc/issue-61592.rs
++++ b/tests/rustdoc/issue-61592.rs
+@@ -1,4 +1,5 @@
+ // aux-build:issue-61592.rs
++// ignore-stage1
+ 
+ extern crate foo;
+ 
+diff --git a/tests/rustdoc/issue-73061-cross-crate-opaque-assoc-type.rs b/tests/rustdoc/issue-73061-cross-crate-opaque-assoc-type.rs
+index 2700f2370ee..d883c03d7d2 100644
+--- a/tests/rustdoc/issue-73061-cross-crate-opaque-assoc-type.rs
++++ b/tests/rustdoc/issue-73061-cross-crate-opaque-assoc-type.rs
+@@ -1,4 +1,5 @@
+ // Regression test for ICE #73061
++// ignore-stage1
+ 
+ // aux-build:issue-73061.rs
+ 
+diff --git a/tests/rustdoc/issue-75588.rs b/tests/rustdoc/issue-75588.rs
+index 3b11059a755..e78cdfa236e 100644
+--- a/tests/rustdoc/issue-75588.rs
++++ b/tests/rustdoc/issue-75588.rs
+@@ -1,5 +1,6 @@
+ // aux-build:realcore.rs
+ // aux-build:real_gimli.rs
++// ignore-stage1
+ 
+ // Ensure unstably exported traits have their Implementors sections.
+ 
+diff --git a/tests/rustdoc/issue-85454.rs b/tests/rustdoc/issue-85454.rs
+index 5a49a9d0651..fd2f4f8b535 100644
+--- a/tests/rustdoc/issue-85454.rs
++++ b/tests/rustdoc/issue-85454.rs
+@@ -1,4 +1,5 @@
+ // aux-build:issue-85454.rs
++// ignore-stage1
+ // build-aux-docs
+ #![crate_name = "foo"]
+ 
+diff --git a/tests/rustdoc/issue-86620.rs b/tests/rustdoc/issue-86620.rs
+index ef15946ec50..675a12b4d14 100644
+--- a/tests/rustdoc/issue-86620.rs
++++ b/tests/rustdoc/issue-86620.rs
+@@ -1,4 +1,5 @@
+ // aux-build:issue-86620-1.rs
++// ignore-stage1
+ 
+ extern crate issue_86620_1;
+ 
+diff --git a/tests/rustdoc/macro_pub_in_module.rs b/tests/rustdoc/macro_pub_in_module.rs
+index 42f760cff6a..1a51aef9a8a 100644
+--- a/tests/rustdoc/macro_pub_in_module.rs
++++ b/tests/rustdoc/macro_pub_in_module.rs
+@@ -1,5 +1,6 @@
+ // aux-build:macro_pub_in_module.rs
+ // edition:2018
++// ignore-stage1
+ // build-aux-docs
+ 
+ //! See issue #74355
+diff --git a/tests/rustdoc/masked.rs b/tests/rustdoc/masked.rs
+index 875c026fd05..416d8fbabd0 100644
+--- a/tests/rustdoc/masked.rs
++++ b/tests/rustdoc/masked.rs
+@@ -1,4 +1,5 @@
+ // aux-build:masked.rs
++// ignore-stage1
+ 
+ #![feature(doc_masked)]
+ 
+diff --git a/tests/rustdoc/no-stack-overflow-25295.rs b/tests/rustdoc/no-stack-overflow-25295.rs
+index dd79f1e4baa..0bc58afa4cb 100644
+--- a/tests/rustdoc/no-stack-overflow-25295.rs
++++ b/tests/rustdoc/no-stack-overflow-25295.rs
+@@ -1,5 +1,6 @@
+ // Ensure this code doesn't stack overflow.
+ // aux-build:enum-primitive.rs
++// ignore-stage1
+ 
+ #[macro_use] extern crate enum_primitive;
+ 
+diff --git a/tests/rustdoc/normalize-assoc-item.rs b/tests/rustdoc/normalize-assoc-item.rs
+index c6fd5e1101e..945a31853f4 100644
+--- a/tests/rustdoc/normalize-assoc-item.rs
++++ b/tests/rustdoc/normalize-assoc-item.rs
+@@ -1,4 +1,5 @@
+ // ignore-tidy-linelength
++// ignore-stage1
+ // aux-build:normalize-assoc-item.rs
+ // build-aux-docs
+ // compile-flags:-Znormalize-docs
+diff --git a/tests/rustdoc/primitive-reexport.rs b/tests/rustdoc/primitive-reexport.rs
+index 10a8a47db52..ecdb4848265 100644
+--- a/tests/rustdoc/primitive-reexport.rs
++++ b/tests/rustdoc/primitive-reexport.rs
+@@ -1,5 +1,6 @@
+ // aux-build: primitive-reexport.rs
+ // compile-flags:--extern foo --edition 2018
++// ignore-stage1
+ 
+ #![crate_name = "bar"]
+ 
+diff --git a/tests/rustdoc/process-termination.rs b/tests/rustdoc/process-termination.rs
+index 32258792b6e..2236842afc9 100644
+--- a/tests/rustdoc/process-termination.rs
++++ b/tests/rustdoc/process-termination.rs
+@@ -1,4 +1,5 @@
+ // compile-flags:--test
++// ignore-stage1
+ 
+ /// A check of using various process termination strategies
+ ///
+diff --git a/tests/rustdoc/pub-extern-crate.rs b/tests/rustdoc/pub-extern-crate.rs
+index 26747a4d1ac..98b3068cfd5 100644
+--- a/tests/rustdoc/pub-extern-crate.rs
++++ b/tests/rustdoc/pub-extern-crate.rs
+@@ -1,4 +1,5 @@
+ // aux-build:pub-extern-crate.rs
++// ignore-stage1
+ 
+ // @has pub_extern_crate/index.html
+ // @!has - '//code' 'pub extern crate inner'
+diff --git a/tests/rustdoc/pub-use-extern-macros.rs b/tests/rustdoc/pub-use-extern-macros.rs
+index eefe6b4b073..f67ec499459 100644
+--- a/tests/rustdoc/pub-use-extern-macros.rs
++++ b/tests/rustdoc/pub-use-extern-macros.rs
+@@ -1,4 +1,5 @@
+ // aux-build:pub-use-extern-macros.rs
++// ignore-stage1
+ 
+ extern crate macros;
+ 
+diff --git a/tests/rustdoc/reexport-check.rs b/tests/rustdoc/reexport-check.rs
+index 5908d2150f2..9e3c825558e 100644
+--- a/tests/rustdoc/reexport-check.rs
++++ b/tests/rustdoc/reexport-check.rs
+@@ -1,4 +1,6 @@
+ // aux-build:reexport-check.rs
++// ignore-stage1
++
+ #![crate_name = "foo"]
+ 
+ extern crate reexport_check;
+diff --git a/tests/rustdoc/reexport-dep-foreign-fn.rs b/tests/rustdoc/reexport-dep-foreign-fn.rs
+index e7f5720d583..f09e2da12f8 100644
+--- a/tests/rustdoc/reexport-dep-foreign-fn.rs
++++ b/tests/rustdoc/reexport-dep-foreign-fn.rs
+@@ -1,4 +1,5 @@
+ // aux-build:all-item-types.rs
++// ignore-stage1
+ 
+ // This test is to ensure there is no problem on handling foreign functions
+ // coming from a dependency.
+diff --git a/tests/rustdoc/reexport-doc.rs b/tests/rustdoc/reexport-doc.rs
+index df2c889b4d5..52558b39068 100644
+--- a/tests/rustdoc/reexport-doc.rs
++++ b/tests/rustdoc/reexport-doc.rs
+@@ -1,4 +1,5 @@
+ // aux-build:reexport-doc-aux.rs
++// ignore-stage1
+ 
+ extern crate reexport_doc_aux as dep;
+ 
+diff --git a/tests/rustdoc/reexports-priv.rs b/tests/rustdoc/reexports-priv.rs
+index 571d7f06fdc..bec1096ad14 100644
+--- a/tests/rustdoc/reexports-priv.rs
++++ b/tests/rustdoc/reexports-priv.rs
+@@ -1,4 +1,5 @@
+ // aux-build: reexports.rs
++// ignore-stage1
+ // compile-flags: --document-private-items
+ 
+ #![crate_name = "foo"]
+diff --git a/tests/rustdoc/reexports.rs b/tests/rustdoc/reexports.rs
+index 3c51ac395af..018abbfd277 100644
+--- a/tests/rustdoc/reexports.rs
++++ b/tests/rustdoc/reexports.rs
+@@ -1,4 +1,5 @@
+ // aux-build: reexports.rs
++// ignore-stage1
+ 
+ #![crate_name = "foo"]
+ 
+diff --git a/tests/rustdoc/rustc-incoherent-impls.rs b/tests/rustdoc/rustc-incoherent-impls.rs
+index 3fdefbecc54..c8382a50679 100644
+--- a/tests/rustdoc/rustc-incoherent-impls.rs
++++ b/tests/rustdoc/rustc-incoherent-impls.rs
+@@ -1,4 +1,5 @@
+ // aux-build:incoherent-impl-types.rs
++// ignore-stage1
+ // build-aux-docs
+ 
+ #![crate_name = "foo"]
+diff --git a/tests/rustdoc/test_option_check/bar.rs b/tests/rustdoc/test_option_check/bar.rs
+index 50a182cf7e0..6f48c9c923b 100644
+--- a/tests/rustdoc/test_option_check/bar.rs
++++ b/tests/rustdoc/test_option_check/bar.rs
+@@ -1,5 +1,6 @@
+ // compile-flags: --test
+ // check-test-line-numbers-match
++// ignore-stage1
+ 
+ /// This looks like another awesome test!
+ ///
+diff --git a/tests/rustdoc/test_option_check/test.rs b/tests/rustdoc/test_option_check/test.rs
+index 964e8e37ed5..208bccafe4c 100644
+--- a/tests/rustdoc/test_option_check/test.rs
++++ b/tests/rustdoc/test_option_check/test.rs
+@@ -1,4 +1,5 @@
+ // compile-flags: --test
++// ignore-stage1
+ // check-test-line-numbers-match
+ 
+ pub mod bar;
+diff --git a/tests/rustdoc/trait-alias-mention.rs b/tests/rustdoc/trait-alias-mention.rs
+index 6da0dc68785..8916e1321c7 100644
+--- a/tests/rustdoc/trait-alias-mention.rs
++++ b/tests/rustdoc/trait-alias-mention.rs
+@@ -1,5 +1,6 @@
+ // aux-build:trait-alias-mention.rs
+ // build-aux-docs
++// ignore-stage1
+ 
+ #![crate_name = "foo"]
+ 
+diff --git a/tests/rustdoc/trait-visibility.rs b/tests/rustdoc/trait-visibility.rs
+index 8ba3ee03a74..9bd62dd5c0a 100644
+--- a/tests/rustdoc/trait-visibility.rs
++++ b/tests/rustdoc/trait-visibility.rs
+@@ -1,4 +1,5 @@
+ // aux-build:trait-visibility.rs
++// ignore-stage1
+ 
+ #![crate_name = "foo"]
+ 
+diff --git a/tests/rustdoc/unit-return.rs b/tests/rustdoc/unit-return.rs
+index 6ddfa0c4d5c..a144308a581 100644
+--- a/tests/rustdoc/unit-return.rs
++++ b/tests/rustdoc/unit-return.rs
+@@ -1,4 +1,5 @@
+ // aux-build:unit-return.rs
++// ignore-stage1
+ 
+ #![crate_name = "foo"]
+ 
+diff --git a/tests/ui-fulldeps/deriving-encodable-decodable-box.rs b/tests/ui-fulldeps/deriving-encodable-decodable-box.rs
+index 1c376f59e51..8f852db5efd 100644
+--- a/tests/ui-fulldeps/deriving-encodable-decodable-box.rs
++++ b/tests/ui-fulldeps/deriving-encodable-decodable-box.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+ 
+ #![allow(unused_imports)]
+ #![feature(rustc_private)]
+diff --git a/tests/ui-fulldeps/deriving-encodable-decodable-cell-refcell.rs b/tests/ui-fulldeps/deriving-encodable-decodable-cell-refcell.rs
+index 844d40f2ecd..d0d530ac79f 100644
+--- a/tests/ui-fulldeps/deriving-encodable-decodable-cell-refcell.rs
++++ b/tests/ui-fulldeps/deriving-encodable-decodable-cell-refcell.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+ 
+ #![allow(unused_imports)]
+ // This briefly tests the capability of `Cell` and `RefCell` to implement the
+diff --git a/tests/ui-fulldeps/deriving-global.rs b/tests/ui-fulldeps/deriving-global.rs
+index 214bb4368ff..7ff6e31f09e 100644
+--- a/tests/ui-fulldeps/deriving-global.rs
++++ b/tests/ui-fulldeps/deriving-global.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+ 
+ #![feature(rustc_private)]
+ 
+diff --git a/tests/ui-fulldeps/deriving-hygiene.rs b/tests/ui-fulldeps/deriving-hygiene.rs
+index e1084a08fec..f18b703116a 100644
+--- a/tests/ui-fulldeps/deriving-hygiene.rs
++++ b/tests/ui-fulldeps/deriving-hygiene.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+ 
+ #![allow(non_upper_case_globals)]
+ #![feature(rustc_private)]
+diff --git a/tests/ui-fulldeps/dropck_tarena_sound_drop.rs b/tests/ui-fulldeps/dropck_tarena_sound_drop.rs
+index ffad80171da..d60062be118 100644
+--- a/tests/ui-fulldeps/dropck_tarena_sound_drop.rs
++++ b/tests/ui-fulldeps/dropck_tarena_sound_drop.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+ 
+ #![allow(unknown_lints)]
+ // Check that an arena (TypedArena) can carry elements whose drop
+diff --git a/tests/ui-fulldeps/empty-struct-braces-derive.rs b/tests/ui-fulldeps/empty-struct-braces-derive.rs
+index 10e8beaa7b1..29419f97aa1 100644
+--- a/tests/ui-fulldeps/empty-struct-braces-derive.rs
++++ b/tests/ui-fulldeps/empty-struct-braces-derive.rs
+@@ -1,5 +1,6 @@
+ // run-pass
+ // `#[derive(Trait)]` works for empty structs/variants with braces or parens.
++// ignore-stage1
+ 
+ #![feature(rustc_private)]
+ 
+diff --git a/tests/ui-fulldeps/issue-14021.rs b/tests/ui-fulldeps/issue-14021.rs
+index 309b5c4a03d..5b9fb023d85 100644
+--- a/tests/ui-fulldeps/issue-14021.rs
++++ b/tests/ui-fulldeps/issue-14021.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+ 
+ #![allow(unused_mut)]
+ #![allow(unused_imports)]
+diff --git a/tests/ui-fulldeps/regions-mock-tcx.rs b/tests/ui-fulldeps/regions-mock-tcx.rs
+index 63975ef62c5..24e008bb76b 100644
+--- a/tests/ui-fulldeps/regions-mock-tcx.rs
++++ b/tests/ui-fulldeps/regions-mock-tcx.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+ 
+ #![allow(dead_code)]
+ #![allow(unused_imports)]
+diff --git a/tests/ui-fulldeps/rustc_encodable_hygiene.rs b/tests/ui-fulldeps/rustc_encodable_hygiene.rs
+index 509a6b1d22c..ab5f4aed548 100644
+--- a/tests/ui-fulldeps/rustc_encodable_hygiene.rs
++++ b/tests/ui-fulldeps/rustc_encodable_hygiene.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+ 
+ #![feature(rustc_private)]
+
+diff --git a/tests/run-make/cdylib-fewer-symbols/foo.rs b/tests/run-make/cdylib-fewer-symbols/foo.rs
+index af37bc8e953..2f080fb37b2 100644
+--- a/tests/run-make/cdylib-fewer-symbols/foo.rs
++++ b/tests/run-make/cdylib-fewer-symbols/foo.rs
+@@ -1,5 +1,5 @@
+ #![crate_type = "cdylib"]
+-
++#[ignore]
+ #[no_mangle]
+ pub extern "C" fn foo() -> u32 {
+     3
+diff --git a/tests/run-make/doctests-keep-binaries/t.rs b/tests/run-make/doctests-keep-binaries/t.rs
+index c38cf0a0b25..13b89c05e03 100644
+--- a/tests/run-make/doctests-keep-binaries/t.rs
++++ b/tests/run-make/doctests-keep-binaries/t.rs
+@@ -1,3 +1,4 @@
++// ignore-stage1
+ /// Fungle the foople.
+ /// ```
+ /// t::foople();
+diff --git a/tests/rustdoc-ui/doctest-multiline-crate-attribute.rs b/tests/rustdoc-ui/doctest-multiline-crate-attribute.rs
+index 260f5a7a64f..c05f9adf46b 100644
+--- a/tests/rustdoc-ui/doctest-multiline-crate-attribute.rs
++++ b/tests/rustdoc-ui/doctest-multiline-crate-attribute.rs
+@@ -2,6 +2,7 @@
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
+ // check-pass
++// ignore-stage1
+ 
+ /// ```
+ /// #![deprecated(since = "5.2", note = "foo was rarely used. \
+diff --git a/tests/rustdoc-ui/issue-80992.rs b/tests/rustdoc-ui/issue-80992.rs
+index 80ff225b879..e589999ae29 100644
+--- a/tests/rustdoc-ui/issue-80992.rs
++++ b/tests/rustdoc-ui/issue-80992.rs
+@@ -2,6 +2,7 @@
+ // compile-flags:--test
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+ 
+ pub fn test() -> Result<(), ()> {
+     //! ```compile_fail
+diff --git a/tests/rustdoc-ui/no-run-flag.rs b/tests/rustdoc-ui/no-run-flag.rs
+index 181730eb416..33fa85d7d9d 100644
+--- a/tests/rustdoc-ui/no-run-flag.rs
++++ b/tests/rustdoc-ui/no-run-flag.rs
+@@ -4,6 +4,7 @@
+ // compile-flags:-Z unstable-options --test --no-run --test-args=--test-threads=1
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+ 
+ /// ```
+ /// let a = true;
+diff --git a/tests/rustdoc-ui/nocapture-fail.rs b/tests/rustdoc-ui/nocapture-fail.rs
+index 9a3fb592c63..9899183cdf6 100644
+--- a/tests/rustdoc-ui/nocapture-fail.rs
++++ b/tests/rustdoc-ui/nocapture-fail.rs
+@@ -3,6 +3,7 @@
+ // normalize-stderr-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR"
+ // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME"
++// ignore-stage1
+ 
+ /// ```compile_fail
+ /// fn foo() {
+diff --git a/tests/run-make/issue-22131/foo.rs b/tests/run-make/issue-22131/foo.rs
+index 33255d76879..56ffc4224e4 100644
+--- a/tests/run-make/issue-22131/foo.rs
++++ b/tests/run-make/issue-22131/foo.rs
+@@ -1,5 +1,6 @@
+ /// ```rust
+ /// assert_eq!(foo::foo(), 1);
+ /// ```
++// ignore-stage1
+ #[cfg(feature = "bar")]
+ pub fn foo() -> i32 { 1 }
+diff --git a/tests/rustdoc/auto-traits.rs b/tests/rustdoc/auto-traits.rs
+index 93d4bf2f656..b0eb5f1af7c 100644
+--- a/tests/rustdoc/auto-traits.rs
++++ b/tests/rustdoc/auto-traits.rs
+@@ -1,4 +1,5 @@
+ // aux-build:auto-traits.rs
++// ignore-stage1
+ 
+ #![feature(auto_traits)]
+ 
+diff --git a/tests/rustdoc/inline_cross/dyn_trait.rs b/tests/rustdoc/inline_cross/dyn_trait.rs
+index 649d98f7139..82f88a4713c 100644
+--- a/tests/rustdoc/inline_cross/dyn_trait.rs
++++ b/tests/rustdoc/inline_cross/dyn_trait.rs
+@@ -1,4 +1,5 @@
+ #![crate_name = "user"]
++// ignore-stage1
+ 
+ // aux-crate:dyn_trait=dyn_trait.rs
+ // edition:2021
+diff --git a/tests/ui/abi/stack-probes-lto.rs b/tests/ui/abi/stack-probes-lto.rs
+index 0dccb633df9..36e4d04ccaa 100644
+--- a/tests/ui/abi/stack-probes-lto.rs
++++ b/tests/ui/abi/stack-probes-lto.rs
+@@ -13,6 +13,7 @@
+ // ignore-fuchsia no exception handler registered for segfault
+ // compile-flags: -C lto
+ // no-prefer-dynamic
++// ignore-stage1
+ // ignore-nto Crash analysis impossible at SIGSEGV in QNX Neutrino
+ 
+ include!("stack-probes.rs");
+diff --git a/tests/ui/abi/stack-probes.rs b/tests/ui/abi/stack-probes.rs
+index 8137c92304d..9f4edca3caf 100644
+--- a/tests/ui/abi/stack-probes.rs
++++ b/tests/ui/abi/stack-probes.rs
+@@ -11,6 +11,7 @@
+ // ignore-sgx no processes
+ // ignore-fuchsia no exception handler registered for segfault
+ // ignore-nto Crash analysis impossible at SIGSEGV in QNX Neutrino
++// ignore-stage1
+ 
+ use std::env;
+ use std::mem::MaybeUninit;
+diff --git a/tests/ui/array-slice-vec/subslice-patterns-const-eval-match.rs b/tests/ui/array-slice-vec/subslice-patterns-const-eval-match.rs
+index 5a6283e9f13..c036f7f03e6 100644
+--- a/tests/ui/array-slice-vec/subslice-patterns-const-eval-match.rs
++++ b/tests/ui/array-slice-vec/subslice-patterns-const-eval-match.rs
+@@ -1,7 +1,7 @@
+ // Test that slice subslice patterns are correctly handled in const evaluation.
+ 
+ // run-pass
+-
++// ignore-stage1
+ #[derive(PartialEq, Debug, Clone)]
+ struct N(u8);
+ 
+diff --git a/tests/ui/asm/x86_64/sym.rs b/tests/ui/asm/x86_64/sym.rs
+index 93ef4f09062..6b076924bda 100644
+--- a/tests/ui/asm/x86_64/sym.rs
++++ b/tests/ui/asm/x86_64/sym.rs
+@@ -2,6 +2,7 @@
+ // only-linux
+ // needs-asm-support
+ // run-pass
++// ignore-stage1
+ 
+ #![feature(thread_local)]
+ 
+diff --git a/tests/ui/associated-type-bounds/fn-apit.rs b/tests/ui/associated-type-bounds/fn-apit.rs
+index 3c9f511338f..e8fd5fc3c3e 100644
+--- a/tests/ui/associated-type-bounds/fn-apit.rs
++++ b/tests/ui/associated-type-bounds/fn-apit.rs
+@@ -1,6 +1,6 @@
+ // run-pass
+ // aux-build:fn-aux.rs
+-
++// ignore-stage1
+ #![allow(unused)]
+ #![feature(associated_type_bounds)]
+ 
+diff --git a/tests/ui/associated-type-bounds/fn-dyn-apit.rs b/tests/ui/associated-type-bounds/fn-dyn-apit.rs
+index c4e8092c211..7c690f42846 100644
+--- a/tests/ui/associated-type-bounds/fn-dyn-apit.rs
++++ b/tests/ui/associated-type-bounds/fn-dyn-apit.rs
+@@ -1,6 +1,7 @@
+ // run-pass
+ // aux-build:fn-dyn-aux.rs
+ 
++// ignore-stage1
+ #![allow(unused)]
+ #![feature(associated_type_bounds)]
+ 
+diff --git a/tests/ui/associated-type-bounds/fn-wrap-apit.rs b/tests/ui/associated-type-bounds/fn-wrap-apit.rs
+index 96df13e372a..b1df6e867f2 100644
+--- a/tests/ui/associated-type-bounds/fn-wrap-apit.rs
++++ b/tests/ui/associated-type-bounds/fn-wrap-apit.rs
+@@ -1,6 +1,7 @@
+ // run-pass
+ // aux-build:fn-aux.rs
+ 
++// ignore-stage1
+ #![feature(associated_type_bounds)]
+ #![allow(dead_code)]
+ 
+diff --git a/tests/ui/structs-enums/multiple-reprs.rs b/tests/ui/structs-enums/multiple-reprs.rs
+index 4be503a0ef4..2cf0875fc5c 100644
+--- a/tests/ui/structs-enums/multiple-reprs.rs
++++ b/tests/ui/structs-enums/multiple-reprs.rs
+@@ -1,4 +1,5 @@
+ // run-pass
++// ignore-stage1
+ 
+ #![allow(dead_code)]
+
+diff --git a/src/tools/compiletest/src/common.rs b/src/tools/compiletest/src/common.rs
+--- a/src/tools/compiletest/src/common.rs
++++ b/src/tools/compiletest/src/common.rs
+@@ -431,7 +431,6 @@
+             .unwrap()
+         };
+ 
+-        let mut current = None;
+         let mut all_targets = HashSet::new();
+         let mut all_archs = HashSet::new();
+         let mut all_oses = HashSet::new();
+@@ -452,14 +451,11 @@
+             }
+             all_pointer_widths.insert(format!("{}bit", cfg.pointer_width));
+ 
+-            if target == config.target {
+-                current = Some(cfg);
+-            }
+             all_targets.insert(target.into());
+         }
+ 
+         Self {
+-            current: current.expect("current target not found"),
++            current: Self::get_current_target_config(config),
+             all_targets,
+             all_archs,
+             all_oses,
+@@ -471,6 +467,89 @@
+         }
+     }
+ 
++    fn get_current_target_config(config: &Config) -> TargetCfg {
++        let mut arch = None;
++        let mut os = None;
++        let mut env = None;
++        let mut abi = None;
++        let mut families = Vec::new();
++        let mut pointer_width = None;
++        let mut endian = None;
++        let mut panic = None;
++
++        for config in
++            rustc_output(config, &["--print=cfg", "--target", &config.target]).trim().lines()
++        {
++            let (name, value) = config
++                .split_once("=\"")
++                .map(|(name, value)| {
++                    (
++                        name,
++                        Some(
++                            value
++                                .strip_suffix("\"")
++                                .expect("key-value pair should be properly quoted"),
++                        ),
++                    )
++                })
++                .unwrap_or_else(|| (config, None));
++
++            match name {
++                "target_arch" => {
++                    arch = Some(value.expect("target_arch should be a key-value pair").to_string());
++                }
++                "target_os" => {
++                    os = Some(value.expect("target_os sould be a key-value pair").to_string());
++                }
++                "target_env" => {
++                    env = Some(value.expect("target_env should be a key-value pair").to_string());
++                }
++                "target_abi" => {
++                    abi = Some(value.expect("target_abi should be a key-value pair").to_string());
++                }
++                "target_family" => {
++                    families
++                        .push(value.expect("target_family should be a key-value pair").to_string());
++                }
++                "target_pointer_width" => {
++                    pointer_width = Some(
++                        value
++                            .expect("target_pointer_width should be a key-value pair")
++                            .parse::<u32>()
++                            .expect("target_pointer_width should be a valid u32"),
++                    );
++                }
++                "target_endian" => {
++                    endian = Some(match value.expect("target_endian should be a key-value pair") {
++                        "big" => Endian::Big,
++                        "little" => Endian::Little,
++                        _ => panic!("target_endian should be either 'big' or 'little'"),
++                    });
++                }
++                "panic" => {
++                    panic = Some(match value.expect("panic should be a key-value pair") {
++                        "abort" => PanicStrategy::Abort,
++                        "unwind" => PanicStrategy::Unwind,
++                        _ => panic!("panic should be either 'abort' or 'unwind'"),
++                    });
++                }
++                _ => (),
++            }
++        }
++
++        TargetCfg {
++            arch: arch.expect("target configuration should specify target_arch"),
++            os: os.expect("target configuration should specify target_os"),
++            env: env.expect("target configuration should specify target_env"),
++            abi: abi.expect("target configuration should specify target_abi"),
++            families,
++            pointer_width: pointer_width
++                .expect("target configuration should specify target_pointer_width"),
++            endian: endian.expect("target configuration should specify target_endian"),
++            panic: panic.expect("target configuration should specify panic"),
++        }
++    }
++
+     // #[cfg(bootstrap)]
+     // Needed only for one cycle, remove during the bootstrap bump.
+     fn collect_all_slow(config: &Config) -> HashMap<String, TargetCfg> {
+diff --git a/tests/run-make/issue-47551/Makefile b/tests/run-make/issue-47551/Makefile
+index 5a6ac725701..9290f2e0555 100644
+--- a/tests/run-make/issue-47551/Makefile
++++ b/tests/run-make/issue-47551/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ # only-linux
+ # ignore-32bit
+ 
+diff --git a/tests/run-make/pgo-branch-weights/Makefile b/tests/run-make/pgo-branch-weights/Makefile
+index c60206a1f34..4666be03b85 100644
+--- a/tests/run-make/pgo-branch-weights/Makefile
++++ b/tests/run-make/pgo-branch-weights/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ # needs-profiler-support
+ # ignore-windows-gnu
+ 
+diff --git a/tests/run-make/pgo-gen-lto/Makefile b/tests/run-make/pgo-gen-lto/Makefile
+index 3f2f6a838b5..9e4f555d21c 100644
+--- a/tests/run-make/pgo-gen-lto/Makefile
++++ b/tests/run-make/pgo-gen-lto/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ # needs-profiler-support
+ # ignore-windows-gnu
+ 
+diff --git a/tests/run-make/pgo-gen/Makefile b/tests/run-make/pgo-gen/Makefile
+index 4623a74957b..22aed059cf4 100644
+--- a/tests/run-make/pgo-gen/Makefile
++++ b/tests/run-make/pgo-gen/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ # needs-profiler-support
+ # ignore-windows-gnu
+ 
+diff --git a/tests/run-make/pgo-indirect-call-promotion/Makefile b/tests/run-make/pgo-indirect-call-promotion/Makefile
+index 45302215cc6..519447882ea 100644
+--- a/tests/run-make/pgo-indirect-call-promotion/Makefile
++++ b/tests/run-make/pgo-indirect-call-promotion/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ # needs-profiler-support
+ # ignore-windows-gnu
+ 
+diff --git a/tests/run-make/pgo-use/Makefile b/tests/run-make/pgo-use/Makefile
+index 3bac9b77aa3..5c64b2342e1 100644
+--- a/tests/run-make/pgo-use/Makefile
++++ b/tests/run-make/pgo-use/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ # needs-profiler-support
+ # ignore-windows-gnu
+ 
+diff --git a/tests/run-make/profile/Makefile b/tests/run-make/profile/Makefile
+index fffc051adbf..42a63a871d6 100644
+--- a/tests/run-make/profile/Makefile
++++ b/tests/run-make/profile/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ # needs-profiler-support
+ 
+ include ../tools.mk
+diff --git a/tests/run-make/sysroot-crates-are-unstable/Makefile b/tests/run-make/sysroot-crates-are-unstable/Makefile
+index 1e267fb9576..e3e83c52cc2 100644
+--- a/tests/run-make/sysroot-crates-are-unstable/Makefile
++++ b/tests/run-make/sysroot-crates-are-unstable/Makefile
+@@ -1,2 +1,3 @@
++# ignore-stage1
+ all:
+ 	'$(PYTHON)' test.py
+diff --git a/tests/run-make/target-specs/Makefile b/tests/run-make/target-specs/Makefile
+index a33f5368e3c..84459293364 100644
+--- a/tests/run-make/target-specs/Makefile
++++ b/tests/run-make/target-specs/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ include ../tools.mk
+ all:
+ 	$(RUSTC) foo.rs --target=my-awesome-platform.json --crate-type=lib --emit=asm
+diff --git a/tests/ui/functions-closures/fn-help-with-err.rs b/tests/ui/functions-closures/fn-help-with-err.rs
+index 612fe1b8419..d021f33c550 100644
+--- a/tests/ui/functions-closures/fn-help-with-err.rs
++++ b/tests/ui/functions-closures/fn-help-with-err.rs
+@@ -1,4 +1,5 @@
+ // This test case checks the behavior of typeck::check::method::suggest::is_fn on Ty::Error.
++// ignore-stage1
+ 
+ struct Foo;
+
+diff --git a/tests/run-make/pointer-auth-link-with-c/Makefile b/tests/run-make/pointer-auth-link-with-c/Makefile
+index dffbd303582..5347d0a90f1 100644
+--- a/tests/run-make/pointer-auth-link-with-c/Makefile
++++ b/tests/run-make/pointer-auth-link-with-c/Makefile
+@@ -1,3 +1,4 @@
++# ignore-stage1
+ include ../tools.mk
+ 
+ # only-aarch64
diff --git a/poky/meta/recipes-devtools/rust/rust-source.inc b/poky/meta/recipes-devtools/rust/rust-source.inc
index fbe2492..0009c50 100644
--- a/poky/meta/recipes-devtools/rust/rust-source.inc
+++ b/poky/meta/recipes-devtools/rust/rust-source.inc
@@ -6,6 +6,7 @@
             file://0001-Do-not-use-LFS64-on-linux-with-musl.patch;patchdir=${RUSTSRC} \
             file://zlib-off64_t.patch;patchdir=${RUSTSRC} \
             file://0001-musl-Define-SOCK_SEQPACKET-in-common-place.patch;patchdir=${RUSTSRC} \
+            file://rust-oe-selftest.patch;patchdir=${RUSTSRC} \
 "
 SRC_URI[rust.sha256sum] = "bb8e9c564566b2d3228d95de9063a9254182446a161353f1d843bfbaf5c34639"
 
@@ -16,8 +17,3 @@
 
 UPSTREAM_CHECK_URI = "https://forge.rust-lang.org/infra/other-installation-methods.html"
 UPSTREAM_CHECK_REGEX = "rustc-(?P<pver>\d+(\.\d+)+)-src"
-
-# see recipes-devtools/gcc/gcc/0018-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch
-# we need to link with ssp_nonshared on musl to avoid "undefined reference to `__stack_chk_fail_local'"
-# when building MACHINE=qemux86 for musl
-WRAPPER_TARGET_EXTRALD:libc-musl = "-lssp_nonshared"
diff --git a/poky/meta/recipes-devtools/rust/rust_1.70.0.bb b/poky/meta/recipes-devtools/rust/rust_1.70.0.bb
index 8669291..3b9c05a 100644
--- a/poky/meta/recipes-devtools/rust/rust_1.70.0.bb
+++ b/poky/meta/recipes-devtools/rust/rust_1.70.0.bb
@@ -66,6 +66,7 @@
     fi
 }
 addtask rust_setup_snapshot after do_unpack before do_configure
+addtask do_test_compile after do_configure do_rust_gen_targets
 do_rust_setup_snapshot[dirs] += "${WORKDIR}/rust-snapshot"
 do_rust_setup_snapshot[vardepsexclude] += "UNINATIVE_LOADER"
 
@@ -223,6 +224,11 @@
 do_compile () {
 }
 
+do_test_compile[dirs] = "${B}"
+do_test_compile () {
+    rust_runx build src/tools/remote-test-server --target "${RUST_TARGET_SYS}"
+}
+
 ALLOW_EMPTY:${PN} = "1"
 
 PACKAGES =+ "${PN}-tools-clippy ${PN}-tools-rustfmt"
diff --git a/poky/meta/recipes-devtools/strace/strace/00ace1392f5bd289239b755458dcdeeed69af1da.patch b/poky/meta/recipes-devtools/strace/strace/00ace1392f5bd289239b755458dcdeeed69af1da.patch
new file mode 100644
index 0000000..bdf815e
--- /dev/null
+++ b/poky/meta/recipes-devtools/strace/strace/00ace1392f5bd289239b755458dcdeeed69af1da.patch
@@ -0,0 +1,303 @@
+From 00ace1392f5bd289239b755458dcdeeed69af1da Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@strace.io>
+Date: Mon, 26 Jun 2023 10:00:00 +0000
+Subject: [PATCH] tests: avoid accept() libc function when tracing accept()
+ syscall
+
+The libc function is allowed to implement accept() using accept4()
+syscall, so migrate to accept4() those tests that trace accept() syscall
+but do not test accept() specifically, and change the test of accept()
+syscall to invoke either __NR_accept or __NR_socketcall(SYS_ACCEPT)
+directly.
+
+* tests/accept_compat.h: Remove.
+* tests/Makefile.am (EXTRA_DIST): Remove accept_compat.h.
+* tests/accept.c [TEST_SYSCALL_NAME]: Do not invoke accept(),
+call __NR_accept or __NR_socketcall if available, or skip the test.
+* tests/net-y-unix.c: Do not include "accept_compat.h".
+(main): Invoke accept4() instead of accept().
+* tests/net-yy-inet.c: Likewise.
+* tests/net-yy-unix.c: Likewise.
+
+Resolves: https://github.com/strace/strace/issues/260
+
+Upstream-Status: Backport
+---
+ tests/Makefile.am     |  1 -
+ tests/accept.c        | 36 ++++++++++++++++++++----------------
+ tests/accept_compat.h | 32 --------------------------------
+ tests/net-y-unix.c    | 16 ++++++++--------
+ tests/net-yy-inet.c   | 12 ++++++------
+ tests/net-yy-unix.c   | 16 ++++++++--------
+ 6 files changed, 42 insertions(+), 71 deletions(-)
+ delete mode 100644 tests/accept_compat.h
+
+Index: strace-6.3/tests/Makefile.am
+===================================================================
+--- strace-6.3.orig/tests/Makefile.am
++++ strace-6.3/tests/Makefile.am
+@@ -776,7 +776,6 @@ check_DATA = \
+ 	# end of check_DATA
+ 
+ EXTRA_DIST = \
+-	accept_compat.h \
+ 	attach-p-cmd.h \
+ 	clock_adjtime-common.c \
+ 	clock_xettime-common.c \
+Index: strace-6.3/tests/accept.c
+===================================================================
+--- strace-6.3.orig/tests/accept.c
++++ strace-6.3/tests/accept.c
+@@ -9,38 +9,36 @@
+  */
+ 
+ #include "tests.h"
+-
++#include "scno.h"
+ #include <unistd.h>
+ 
+-#include "scno.h"
++#ifndef TEST_SYSCALL_NAME
+ 
+-#if defined __NR_accept
++# if defined __NR_accept || defined __NR_socketcall
+ 
+-# ifndef TEST_SYSCALL_NAME
+ #  define TEST_SYSCALL_NAME do_accept
+-
+-#  ifndef TEST_SYSCALL_STR
+-#   define TEST_SYSCALL_STR "accept"
+-#  endif
++#  define TEST_SYSCALL_STR "accept"
+ 
+ static int
+ do_accept(int sockfd, void *addr, void *addrlen)
+ {
++#  ifdef __NR_accept
+ 	return syscall(__NR_accept, sockfd, addr, addrlen);
++#  else /* __NR_socketcall */
++	const long args[] = { sockfd, (long) addr, (long) addrlen };
++	return syscall(__NR_socketcall, 5, args);
++#  endif
+ }
+-# endif /* !TEST_SYSCALL_NAME */
+ 
+-#else /* !__NR_accept */
++# endif /* __NR_accept || __NR_socketcall */
+ 
+-# ifndef TEST_SYSCALL_NAME
+-#  define TEST_SYSCALL_NAME accept
+-# endif
++#endif /* !TEST_SYSCALL_NAME */
+ 
+-#endif /* __NR_accept */
++#ifdef TEST_SYSCALL_NAME
+ 
+-#define TEST_SYSCALL_PREPARE connect_un()
++# define TEST_SYSCALL_PREPARE connect_un()
+ static void connect_un(void);
+-#include "sockname.c"
++# include "sockname.c"
+ 
+ static void
+ connect_un(void)
+@@ -90,3 +88,9 @@ main(void)
+ 	puts("+++ exited with 0 +++");
+ 	return 0;
+ }
++
++#else
++
++SKIP_MAIN_UNDEFINED("__NR_accept || __NR_socketcall")
++
++#endif
+Index: strace-6.3/tests/accept_compat.h
+===================================================================
+--- strace-6.3.orig/tests/accept_compat.h
++++ /dev/null
+@@ -1,32 +0,0 @@
+-/*
+- * Copyright (c) 2018-2019 The strace developers.
+- * All rights reserved.
+- *
+- * SPDX-License-Identifier: GPL-2.0-or-later
+- */
+-
+-#ifndef _STRACE_TESTS_ACCEPT_COMPAT_H_
+-# define _STRACE_TESTS_ACCEPT_COMPAT_H_
+-
+-# include <unistd.h>
+-# include <sys/socket.h>
+-# include "scno.h"
+-
+-# if defined __NR_socketcall && defined __sparc__
+-/*
+- * Work around the fact that
+- * - glibc >= 2.26 uses accept4 syscall to implement accept() call on sparc;
+- * - accept syscall had not been wired up on sparc until v4.4-rc8~4^2~1.
+- */
+-static inline int
+-do_accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen)
+-{
+-	const long args[] = { sockfd, (long) addr, (long) addrlen };
+-
+-	return syscall(__NR_socketcall, 5, args);
+-}
+-# else
+-#  define do_accept accept
+-# endif
+-
+-#endif /* !_STRACE_TESTS_ACCEPT_COMPAT_H_ */
+Index: strace-6.3/tests/net-y-unix.c
+===================================================================
+--- strace-6.3.orig/tests/net-y-unix.c
++++ strace-6.3/tests/net-y-unix.c
+@@ -10,6 +10,7 @@
+ 
+ #include "tests.h"
+ #include <assert.h>
++#include <fcntl.h>
+ #include <stddef.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -18,8 +19,6 @@
+ #include <sys/socket.h>
+ #include <sys/un.h>
+ 
+-#include "accept_compat.h"
+-
+ #define TEST_SOCKET "net-y-unix.socket"
+ 
+ int
+@@ -88,12 +87,12 @@ main(void)
+ 	struct sockaddr * const accept_sa = tail_alloc(sizeof(addr));
+ 	memset(accept_sa, 0, sizeof(addr));
+ 	*len = sizeof(addr);
+-	int accept_fd = do_accept(listen_fd, accept_sa, len);
++	int accept_fd = accept4(listen_fd, accept_sa, len, O_CLOEXEC);
+ 	if (accept_fd < 0)
+ 		perror_msg_and_fail("accept");
+ 	unsigned long accept_inode = inode_of_sockfd(accept_fd);
+-	printf("accept(%d<socket:[%lu]>, {sa_family=AF_UNIX}"
+-	       ", [%d => %d]) = %d<socket:[%lu]>\n",
++	printf("accept4(%d<socket:[%lu]>, {sa_family=AF_UNIX}"
++	       ", [%d => %d], SOCK_CLOEXEC) = %d<socket:[%lu]>\n",
+ 	       listen_fd, listen_inode,
+ 	       (int) sizeof(addr), (int) *len,
+ 	       accept_fd, accept_inode);
+@@ -160,14 +159,15 @@ main(void)
+ 
+ 	memset(accept_sa, 0, sizeof(addr));
+ 	*len = sizeof(addr);
+-	accept_fd = do_accept(listen_fd, accept_sa, len);
++	accept_fd = accept4(listen_fd, accept_sa, len, O_CLOEXEC);
+ 	if (accept_fd < 0)
+ 		perror_msg_and_fail("accept");
+ 	accept_inode = inode_of_sockfd(accept_fd);
+ 	const char * const sun_path1 =
+ 		((struct sockaddr_un *) accept_sa)->sun_path + 1;
+-	printf("accept(%d<socket:[%lu]>, {sa_family=AF_UNIX"
+-	       ", sun_path=@\"%s\"}, [%d => %d]) = %d<socket:[%lu]>\n",
++	printf("accept4(%d<socket:[%lu]>, {sa_family=AF_UNIX"
++	       ", sun_path=@\"%s\"}, [%d => %d], SOCK_CLOEXEC)"
++	       " = %d<socket:[%lu]>\n",
+ 	       listen_fd, listen_inode, sun_path1,
+ 	       (int) sizeof(addr), (int) *len,
+ 	       accept_fd, accept_inode);
+Index: strace-6.3/tests/net-yy-inet.c
+===================================================================
+--- strace-6.3.orig/tests/net-yy-inet.c
++++ strace-6.3/tests/net-yy-inet.c
+@@ -10,6 +10,7 @@
+ 
+ #include "tests.h"
+ #include <assert.h>
++#include <fcntl.h>
+ #include <stddef.h>
+ #include <stdio.h>
+ #include <string.h>
+@@ -19,8 +20,6 @@
+ #include <netinet/tcp.h>
+ #include <arpa/inet.h>
+ 
+-#include "accept_compat.h"
+-
+ #ifndef ADDR_FAMILY
+ # define ADDR_FAMILY_FIELD sin_family
+ # define ADDR_FAMILY AF_INET
+@@ -104,14 +103,15 @@ main(void)
+ 	struct sockaddr * const accept_sa = tail_alloc(sizeof(addr));
+ 	memset(accept_sa, 0, sizeof(addr));
+ 	*len = sizeof(addr);
+-	const int accept_fd = do_accept(listen_fd, accept_sa, len);
++	const int accept_fd = accept4(listen_fd, accept_sa, len, O_CLOEXEC);
+ 	if (accept_fd < 0)
+ 		perror_msg_and_fail("accept");
+ 	const unsigned int connect_port =
+ 		ntohs(((struct SOCKADDR_TYPE *) accept_sa)->INPORT);
+-	printf("accept(%d<" TCP_STR ":[" LOOPBACK ":%u]>, {sa_family=" AF_STR
+-	       ", " INPORT_STR "=htons(%u), " INADDR_STR SA_FIELDS "}"
+-	       ", [%u]) = %d<" TCP_STR ":[" LOOPBACK ":%u->" LOOPBACK ":%u]>\n",
++	printf("accept4(%d<" TCP_STR ":[" LOOPBACK ":%u]>, {sa_family=" AF_STR
++	       ", " INPORT_STR "=htons(%u), " INADDR_STR SA_FIELDS "}, [%u]"
++	       ", SOCK_CLOEXEC) = %d<" TCP_STR ":[" LOOPBACK ":%u->" LOOPBACK
++	       ":%u]>\n",
+ 	       listen_fd, listen_port, connect_port, (unsigned) *len,
+ 	       accept_fd, listen_port, connect_port);
+ 
+Index: strace-6.3/tests/net-yy-unix.c
+===================================================================
+--- strace-6.3.orig/tests/net-yy-unix.c
++++ strace-6.3/tests/net-yy-unix.c
+@@ -10,6 +10,7 @@
+ 
+ #include "tests.h"
+ #include <assert.h>
++#include <fcntl.h>
+ #include <stddef.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -22,8 +23,6 @@
+ # include "xmalloc.h"
+ #endif
+ 
+-#include "accept_compat.h"
+-
+ #define TEST_SOCKET "net-yy-unix.socket"
+ 
+ int
+@@ -112,12 +111,12 @@ main(void)
+ 	struct sockaddr * const accept_sa = tail_alloc(sizeof(addr));
+ 	memset(accept_sa, 0, sizeof(addr));
+ 	*len = sizeof(addr);
+-	int accept_fd = do_accept(listen_fd, accept_sa, len);
++	int accept_fd = accept4(listen_fd, accept_sa, len, O_CLOEXEC);
+ 	if (accept_fd < 0)
+ 		perror_msg_and_fail("accept");
+ 	unsigned long accept_inode = inode_of_sockfd(accept_fd);
+-	printf("accept(%d<%s:[%lu,\"%s\"]>, {sa_family=AF_UNIX}"
+-	       ", [%d => %d]) = %d<%s:[%lu->%lu,\"%s\"]>\n",
++	printf("accept4(%d<%s:[%lu,\"%s\"]>, {sa_family=AF_UNIX}"
++	       ", [%d => %d], SOCK_CLOEXEC) = %d<%s:[%lu->%lu,\"%s\"]>\n",
+ 	       listen_fd, sock_proto_name, listen_inode, TEST_SOCKET,
+ 	       (int) sizeof(addr), (int) *len,
+ 	       accept_fd, sock_proto_name, accept_inode, connect_inode,
+@@ -191,14 +190,15 @@ main(void)
+ 
+ 	memset(accept_sa, 0, sizeof(addr));
+ 	*len = sizeof(addr);
+-	accept_fd = do_accept(listen_fd, accept_sa, len);
++	accept_fd = accept4(listen_fd, accept_sa, len, O_CLOEXEC);
+ 	if (accept_fd < 0)
+ 		perror_msg_and_fail("accept");
+ 	accept_inode = inode_of_sockfd(accept_fd);
+ 	const char * const sun_path1 =
+ 		((struct sockaddr_un *) accept_sa)->sun_path + 1;
+-	printf("accept(%d<%s:[%lu,\"%s\"]>, {sa_family=AF_UNIX"
+-	       ", sun_path=@\"%s\"}, [%d => %d]) = %d<%s:[%lu->%lu,\"%s\"]>\n",
++	printf("accept4(%d<%s:[%lu,\"%s\"]>, {sa_family=AF_UNIX"
++	       ", sun_path=@\"%s\"}, [%d => %d], SOCK_CLOEXEC)"
++	       " = %d<%s:[%lu->%lu,\"%s\"]>\n",
+ 	       listen_fd, sock_proto_name, listen_inode, TEST_SOCKET,
+ 	       sun_path1, (int) sizeof(addr), (int) *len,
+ 	       accept_fd, sock_proto_name, accept_inode, connect_inode,
diff --git a/poky/meta/recipes-devtools/strace/strace/3bbfb541b258baec9eba674b5d8dc30007a61542.patch b/poky/meta/recipes-devtools/strace/strace/3bbfb541b258baec9eba674b5d8dc30007a61542.patch
new file mode 100644
index 0000000..b4c6ff9
--- /dev/null
+++ b/poky/meta/recipes-devtools/strace/strace/3bbfb541b258baec9eba674b5d8dc30007a61542.patch
@@ -0,0 +1,50 @@
+From 3bbfb541b258baec9eba674b5d8dc30007a61542 Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@strace.io>
+Date: Wed, 21 Jun 2023 08:00:00 +0000
+Subject: [PATCH] net: enhance getsockopt decoding
+
+When getsockopt syscall fails the kernel sometimes updates the optlen
+argument, for example, NETLINK_LIST_MEMBERSHIPS updates it even if
+optval is not writable.
+
+* src/net.c (SYS_FUNC(getsockopt)): Try to fetch and print optlen
+argument on exiting syscall regardless of getsockopt exit status.
+
+Upstream-Status: Backport
+---
+ src/net.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/src/net.c b/src/net.c
+index f68ccb947..7244b5e57 100644
+--- a/src/net.c
++++ b/src/net.c
+@@ -1038,7 +1038,7 @@ SYS_FUNC(getsockopt)
+ 	} else {
+ 		ulen = get_tcb_priv_ulong(tcp);
+ 
+-		if (syserror(tcp) || umove(tcp, tcp->u_arg[4], &rlen) < 0) {
++		if (umove(tcp, tcp->u_arg[4], &rlen) < 0) {
+ 			/* optval */
+ 			printaddr(tcp->u_arg[3]);
+ 			tprint_arg_next();
+@@ -1047,6 +1047,19 @@ SYS_FUNC(getsockopt)
+ 			tprint_indirect_begin();
+ 			PRINT_VAL_D(ulen);
+ 			tprint_indirect_end();
++		} else if (syserror(tcp)) {
++			/* optval */
++			printaddr(tcp->u_arg[3]);
++			tprint_arg_next();
++
++			/* optlen */
++			tprint_indirect_begin();
++			if (ulen != rlen) {
++				PRINT_VAL_D(ulen);
++				tprint_value_changed();
++			}
++			PRINT_VAL_D(rlen);
++			tprint_indirect_end();
+ 		} else {
+ 			/* optval */
+ 			print_getsockopt(tcp, tcp->u_arg[1], tcp->u_arg[2],
diff --git a/poky/meta/recipes-devtools/strace/strace/f31c2f4494779e5c5f170ad10539bfc2dfafe967.patch b/poky/meta/recipes-devtools/strace/strace/f31c2f4494779e5c5f170ad10539bfc2dfafe967.patch
new file mode 100644
index 0000000..a084383
--- /dev/null
+++ b/poky/meta/recipes-devtools/strace/strace/f31c2f4494779e5c5f170ad10539bfc2dfafe967.patch
@@ -0,0 +1,50 @@
+From f31c2f4494779e5c5f170ad10539bfc2dfafe967 Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@strace.io>
+Date: Sat, 24 Jun 2023 08:00:00 +0000
+Subject: [PATCH] tests: update sockopt-sol_netlink test
+
+Update sockopt-sol_netlink test that started to fail, likely
+due to recent linux kernel commit f4e4534850a9 ("net/netlink: fix
+NETLINK_LIST_MEMBERSHIPS length report").
+
+* tests/sockopt-sol_netlink.c (main): Always print changing optlen value
+on exiting syscall.
+
+Reported-by: Alexander Gordeev <agordeev@linux.ibm.com>
+---
+ tests/sockopt-sol_netlink.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+Upstream-Status: Backport
+
+diff --git a/tests/sockopt-sol_netlink.c b/tests/sockopt-sol_netlink.c
+index 82b98adc23..1c33219ac5 100644
+--- a/tests/sockopt-sol_netlink.c
++++ b/tests/sockopt-sol_netlink.c
+@@ -94,7 +94,10 @@ main(void)
+ 			printf("%p", val);
+ 		else
+ 			printf("[%d]", *val);
+-		printf(", [%d]) = %s\n", *len, errstr);
++		printf(", [%d", (int) sizeof(*val));
++		if ((int) sizeof(*val) != *len)
++			printf(" => %d", *len);
++		printf("]) = %s\n", errstr);
+ 
+ 		/* optlen larger than necessary - shortened */
+ 		*len = sizeof(*val) + 1;
+@@ -150,8 +153,12 @@ main(void)
+ 		/* optval EFAULT - print address */
+ 		*len = sizeof(*val);
+ 		get_sockopt(fd, names[i].val, efault, len);
+-		printf("getsockopt(%d, SOL_NETLINK, %s, %p, [%d]) = %s\n",
+-		       fd, names[i].str, efault, *len, errstr);
++		printf("getsockopt(%d, SOL_NETLINK, %s, %p",
++		       fd, names[i].str, efault);
++		printf(", [%d", (int) sizeof(*val));
++		if ((int) sizeof(*val) != *len)
++			printf(" => %d", *len);
++		printf("]) = %s\n", errstr);
+ 
+ 		/* optlen EFAULT - print address */
+ 		get_sockopt(fd, names[i].val, val, len + 1);
diff --git a/poky/meta/recipes-devtools/strace/strace/skip-sockopt-test.patch b/poky/meta/recipes-devtools/strace/strace/skip-sockopt-test.patch
deleted file mode 100644
index 5741bf8..0000000
--- a/poky/meta/recipes-devtools/strace/strace/skip-sockopt-test.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Upstream-Status: Inappropriate [avoid this test until fixed by upstream]
-
-Reported at https://github.com/strace/strace/issues/257
-
-root@qemux86-64:/usr/lib/strace/ptest/tests# make sockopt-sol_netlink.gen.log
-FAIL: sockopt-sol_netlink.gen.test
-
-#root@qemux86-64:/usr/lib/strace/ptest/tests# diff sockopt-sol_netlink.dir/exp sockopt-sol_netlink.dir/out
-#--- sockopt-sol_netlink.dir/exp
-#+++ sockopt-sol_netlink.dir/out
-#@@ -86,11 +86,11 @@
- setsockopt(3, SOL_NETLINK, NETLINK_LISTEN_ALL_NSID, 0x7fa18a802ffc, -1) = -1 EINVAL (Invalid argument)
- setsockopt(3, SOL_NETLINK, NETLINK_LISTEN_ALL_NSID, 0x7fa18a802ffc, 3) = 0
- setsockopt(3, SOL_NETLINK, NETLINK_LISTEN_ALL_NSID, 0x7fa18a803000, 4) = -1 EFAULT (Bad address)
--getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [0], [8]) = 0
-+getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [0], [4 => 8]) = 0
- getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [0], [5 => 8]) = 0
- getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, NULL, [0 => 8]) = 0
- getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [], [3 => 8]) = 0
--getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, 0x7fa18a803000, [8]) = -1 EFAULT (Bad address)
-+getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, 0x7fa18a803000, [4]) = -1 EFAULT (Bad address)
- getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, 0x7fa18a802ffc, 0x7fa18a7fd000) = -1 EFAULT (Bad address)
- setsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [233811181], 4) = -1 ENOPROTOOPT (Protocol not available)
- setsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [233811181], 5) = -1 ENOPROTOOPT (Protocol not available)
-
-
-
-Index: strace-6.3/tests/sockopt-sol_netlink.gen.test
-===================================================================
---- strace-6.3.orig/tests/sockopt-sol_netlink.gen.test
-+++ strace-6.3/tests/sockopt-sol_netlink.gen.test
-@@ -1,4 +1,5 @@
- #!/bin/sh -efu
- # Generated by ./tests/gen_tests.sh from ./tests/gen_tests.in (sockopt-sol_netlink -e trace=getsockopt,setsockopt); do not edit.
- . "${srcdir=.}/init.sh"
-+skip_ "Test failing after system upgrades, wait for upstream fixes"
- run_strace_match_diff -e trace=getsockopt,setsockopt
diff --git a/poky/meta/recipes-devtools/strace/strace_6.3.bb b/poky/meta/recipes-devtools/strace/strace_6.3.bb
index 7ba9fcc..a47cc71 100644
--- a/poky/meta/recipes-devtools/strace/strace_6.3.bb
+++ b/poky/meta/recipes-devtools/strace/strace_6.3.bb
@@ -14,7 +14,9 @@
            file://skip-load.patch \
            file://0001-configure-Use-autoconf-macro-to-detect-largefile-sup.patch \
            file://0002-tests-Replace-off64_t-with-off_t.patch \
-           file://skip-sockopt-test.patch \
+           file://00ace1392f5bd289239b755458dcdeeed69af1da.patch \
+           file://f31c2f4494779e5c5f170ad10539bfc2dfafe967.patch \
+           file://3bbfb541b258baec9eba674b5d8dc30007a61542.patch \
            "
 SRC_URI[sha256sum] = "e17878e301506c1cc301611118ad14efee7f8bcef63b27ace5d290acce7bb731"
 
diff --git a/poky/meta/recipes-devtools/tcltk/tcl_8.6.13.bb b/poky/meta/recipes-devtools/tcltk/tcl_8.6.13.bb
index 982f370..91fc813 100644
--- a/poky/meta/recipes-devtools/tcltk/tcl_8.6.13.bb
+++ b/poky/meta/recipes-devtools/tcltk/tcl_8.6.13.bb
@@ -29,10 +29,6 @@
 
 SRC_URI:class-native = "${BASE_SRC_URI}"
 
-# Upstream don't believe this is an exploitable issue
-# https://core.tcl-lang.org/tcl/info/7079e4f91601e9c7
-CVE_CHECK_IGNORE += "CVE-2021-35331"
-
 UPSTREAM_CHECK_URI = "https://www.tcl.tk/software/tcltk/download.html"
 UPSTREAM_CHECK_REGEX = "tcl(?P<pver>\d+(\.\d+)+)-src"
 
diff --git a/poky/meta/recipes-extended/acpica/acpica_20230331.bb b/poky/meta/recipes-extended/acpica/acpica_20230628.bb
similarity index 94%
rename from poky/meta/recipes-extended/acpica/acpica_20230331.bb
rename to poky/meta/recipes-extended/acpica/acpica_20230628.bb
index 01b8833..06db99c 100644
--- a/poky/meta/recipes-extended/acpica/acpica_20230331.bb
+++ b/poky/meta/recipes-extended/acpica/acpica_20230628.bb
@@ -17,7 +17,7 @@
 DEPENDS = "m4-native flex-native bison-native"
 
 SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix-${PV}.tar.gz"
-SRC_URI[sha256sum] = "0c5d695d605aaa61709f3c63f57a1a99b8902291723998446b0813b57ac310e2"
+SRC_URI[sha256sum] = "86876a745e3d224dcfd222ed3de465b47559e85811df2db9820ef09a9dff5cce"
 
 UPSTREAM_CHECK_URI = "https://acpica.org/downloads"
 
diff --git a/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb b/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb
index 4182372..c5d3e04 100644
--- a/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb
+++ b/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb
@@ -4,7 +4,7 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=39346640a23c701e4f459e05f56f4449"
 
-SRCREV = "ea7f59b02467ed1fb36c3b4c6d5cabe702df26ec"
+SRCREV = "fc7c43d138185028b6ac14c83f6492fce26eca95"
 PV = "0.1+git${SRCPV}"
 
 SRC_URI = "git://github.com/ahcbb6/baremetal-helloqemu.git;protocol=https;branch=master"
diff --git a/poky/meta/recipes-extended/cpio/cpio_2.14.bb b/poky/meta/recipes-extended/cpio/cpio_2.14.bb
index e55fb70..560038d 100644
--- a/poky/meta/recipes-extended/cpio/cpio_2.14.bb
+++ b/poky/meta/recipes-extended/cpio/cpio_2.14.bb
@@ -16,8 +16,7 @@
 
 inherit autotools gettext texinfo ptest
 
-# Issue applies to use of cpio in SUSE/OBS, doesn't apply to us
-CVE_CHECK_IGNORE += "CVE-2010-4226"
+CVE_STATUS[CVE-2010-4226] = "not-applicable-platform: Issue applies to use of cpio in SUSE/OBS"
 
 EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}"
 
@@ -66,7 +65,7 @@
 
 # The tests need to run as a non-root user, so pull in the ptest user
 DEPENDS:append:class-target = "${@bb.utils.contains('PTEST_ENABLED', '1', ' ptest-runner', '', d)}"
-PACKAGE_WRITE_DEPS += "ptest-runner"
+PACKAGE_WRITE_DEPS:append:class-target = " ${MLPREFIX}ptest-runner"
 
 RDEPENDS:${PN}-ptest += "ptest-runner"
 
diff --git a/poky/meta/recipes-extended/cups/cups.inc b/poky/meta/recipes-extended/cups/cups.inc
index d77758f..36feadd 100644
--- a/poky/meta/recipes-extended/cups/cups.inc
+++ b/poky/meta/recipes-extended/cups/cups.inc
@@ -15,19 +15,15 @@
            file://0004-cups-fix-multilib-install-file-conflicts.patch \
            file://volatiles.99_cups \
            file://cups-volatiles.conf \
-           file://CVE-2023-32324.patch \
            "
 
 GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
 
-# Issue only applies to MacOS
-CVE_CHECK_IGNORE += "CVE-2008-1033"
-# Issue affects pdfdistiller plugin used with but not part of cups
-CVE_CHECK_IGNORE += "CVE-2009-0032"
-# This is an Ubuntu only issue.
-CVE_CHECK_IGNORE += "CVE-2018-6553"
-# This is fixed in 2.4.2 but the cve-check class still reports it
-CVE_CHECK_IGNORE += "CVE-2022-26691"
+CVE_STATUS[CVE-2008-1033] = "not-applicable-platform: Issue only applies to MacOS"
+CVE_STATUS[CVE-2009-0032] = "cpe-incorrect: Issue affects pdfdistiller plugin used with but not part of cups"
+CVE_STATUS[CVE-2018-6553] = "not-applicable-platform: This is an Ubuntu only issue"
+CVE_STATUS[CVE-2022-26691] = "fixed-version: This is fixed in 2.4.2 but the cve-check class still reports it"
+CVE_STATUS[CVE-2021-25317] = "not-applicable-config: This concerns /var/log/cups having lp ownership, our /var/log/cups is root:root, so this doesn't apply."
 
 LEAD_SONAME = "libcupsdriver.so"
 
@@ -115,7 +111,3 @@
 cups_sysroot_preprocess () {
 	sed -i ${SYSROOT_DESTDIR}${bindir_crossscripts}/cups-config -e 's:cups_datadir=.*:cups_datadir=${datadir}/cups:' -e 's:cups_serverbin=.*:cups_serverbin=${libexecdir}/cups:'
 }
-
-# -25317 concerns /var/log/cups having lp ownership.  Our /var/log/cups is
-# root:root, so this doesn't apply.
-CVE_CHECK_IGNORE += "CVE-2021-25317"
diff --git a/poky/meta/recipes-extended/cups/cups/CVE-2023-32324.patch b/poky/meta/recipes-extended/cups/cups/CVE-2023-32324.patch
deleted file mode 100644
index 40b89c9..0000000
--- a/poky/meta/recipes-extended/cups/cups/CVE-2023-32324.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 07cbffd11107eed3aaf1c64e35552aec20f792da Mon Sep 17 00:00:00 2001
-From: Zdenek Dohnal <zdohnal@redhat.com>
-Date: Thu, 1 Jun 2023 12:04:00 +0200
-Subject: [PATCH] cups/string.c: Return if `size` is 0 (fixes CVE-2023-32324)
-
-CVE: CVE-2023-32324
-Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/fd8bc2d32589]
-
-(cherry picked from commit fd8bc2d32589d1fd91fe1c0521be2a7c0462109e)
-Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
----
- cups/string.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/cups/string.c b/cups/string.c
-index 93cdad19..6ef58515 100644
---- a/cups/string.c
-+++ b/cups/string.c
-@@ -1,6 +1,7 @@
- /*
-  * String functions for CUPS.
-  *
-+ * Copyright © 2023 by OpenPrinting.
-  * Copyright © 2007-2019 by Apple Inc.
-  * Copyright © 1997-2007 by Easy Software Products.
-  *
-@@ -730,6 +731,9 @@ _cups_strlcpy(char       *dst,		/* O - Destination string */
-   size_t	srclen;			/* Length of source string */
- 
- 
-+  if (size == 0)
-+    return (0);
-+
-  /*
-   * Figure out how much room is needed...
-   */
diff --git a/poky/meta/recipes-extended/cups/cups_2.4.2.bb b/poky/meta/recipes-extended/cups/cups_2.4.2.bb
deleted file mode 100644
index f5ca749..0000000
--- a/poky/meta/recipes-extended/cups/cups_2.4.2.bb
+++ /dev/null
@@ -1,5 +0,0 @@
-require cups.inc
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
-
-SRC_URI[sha256sum] = "f03ccb40b087d1e30940a40e0141dcbba263f39974c20eb9f2521066c9c6c908"
diff --git a/poky/meta/recipes-extended/cups/cups_2.4.6.bb b/poky/meta/recipes-extended/cups/cups_2.4.6.bb
new file mode 100644
index 0000000..58029fd
--- /dev/null
+++ b/poky/meta/recipes-extended/cups/cups_2.4.6.bb
@@ -0,0 +1,5 @@
+require cups.inc
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+SRC_URI[sha256sum] = "58e970cf1955e1cc87d0847c32526d9c2ccee335e5f0e3882b283138ba0e7262"
diff --git a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
index 8b88c30..3279323 100644
--- a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
+++ b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
@@ -1,4 +1,4 @@
-From 027229d25392b22d7280c0abbc3efde4f467d167 Mon Sep 17 00:00:00 2001
+From f31395c931bc633206eccfcfaaaa5d15021a3e86 Mon Sep 17 00:00:00 2001
 From: Peiran Hong <peiran.hong@windriver.com>
 Date: Thu, 5 Sep 2019 15:42:22 -0400
 Subject: [PATCH] Skip strip-trailing-cr test case
@@ -12,23 +12,18 @@
 Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
 
 ---
- tests/Makefile.am | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
+ tests/Makefile.am | 1 -
+ 1 file changed, 1 deletion(-)
 
 diff --git a/tests/Makefile.am b/tests/Makefile.am
-index d98df82..757ea52 100644
+index 79bacfb..4adb4d7 100644
 --- a/tests/Makefile.am
 +++ b/tests/Makefile.am
-@@ -21,9 +21,11 @@ TESTS = \
+@@ -22,7 +22,6 @@ TESTS = \
    stdin \
    strcoll-0-names \
    filename-quoting \
 -  strip-trailing-cr \
    timezone \
-   colors
-+# Skipping this test since it requires valgrind
-+# and thus is too heavy for diffutils package
-+# strip-trailing-cr
- 
- XFAIL_TESTS = large-subopt
- 
+   colors \
+   y2038-vs-32bit
diff --git a/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb b/poky/meta/recipes-extended/diffutils/diffutils_3.10.bb
similarity index 93%
rename from poky/meta/recipes-extended/diffutils/diffutils_3.9.bb
rename to poky/meta/recipes-extended/diffutils/diffutils_3.10.bb
index 2bb9e6f..08e8305 100644
--- a/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb
+++ b/poky/meta/recipes-extended/diffutils/diffutils_3.10.bb
@@ -8,7 +8,7 @@
            file://0001-Skip-strip-trailing-cr-test-case.patch \
            "
 
-SRC_URI[sha256sum] = "d80d3be90a201868de83d78dad3413ad88160cc53bcc36eb9eaf7c20dbf023f1"
+SRC_URI[sha256sum] = "90e5e93cc724e4ebe12ede80df1634063c7a855692685919bfe60b556c9bd09e"
 
 EXTRA_OECONF += "ac_cv_path_PR_PROGRAM=${bindir}/pr --without-libsigsegv-prefix"
 
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
similarity index 93%
rename from poky/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
rename to poky/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
index f03ebf4..fdbdfb6 100644
--- a/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
@@ -18,9 +18,6 @@
 UPSTREAM_CHECK_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases"
 UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar"
 
-# We use a system libjpeg-turbo which has this fix
-CVE_CHECK_IGNORE += "CVE-2013-6629"
-
 def gs_verdir(v):
     return "".join(v.split("."))
 
@@ -30,7 +27,7 @@
            file://avoid-host-contamination.patch \
 "
 
-SRC_URI[sha256sum] = "4df18a808cd4369f25e02dbcec2f133cb6d674627b2c6b1502020e58d43e32ce"
+SRC_URI[sha256sum] = "a4cd61a07fec161bee35da0211a5e5cde8ff8a0aaf942fc0176715e499d21661"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3"
diff --git a/poky/meta/recipes-extended/iputils/iputils_20221126.bb b/poky/meta/recipes-extended/iputils/iputils_20221126.bb
index cd5fe9b..7d94271 100644
--- a/poky/meta/recipes-extended/iputils/iputils_20221126.bb
+++ b/poky/meta/recipes-extended/iputils/iputils_20221126.bb
@@ -17,9 +17,8 @@
 
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>20\d+)"
 
-# Fixed in 2000-10-10, but the versioning of iputils
-# breaks the version order.
-CVE_CHECK_IGNORE += "CVE-2000-1213 CVE-2000-1214"
+CVE_STATUS[CVE-2000-1213] = "fixed-version: Fixed in 2000-10-10, but the versioning of iputils breaks the version order."
+CVE_STATUS[CVE-2000-1214] = "fixed-version: Fixed in 2000-10-10, but the versioning of iputils breaks the version order."
 
 PACKAGECONFIG ??= "libcap"
 PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false -DNO_SETCAP_OR_SUID=true, libcap libcap-native"
diff --git a/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb b/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb
index d0afb3c..f0e687c 100644
--- a/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb
+++ b/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb
@@ -13,9 +13,9 @@
 SECTION = "libs"
 DEPENDS += "libtirpc libnsl2"
 
-PV = "3.1+git${SRCPV}"
+PV = "3.2"
 
-SRCREV = "062f31999b35393abf7595cb89dfc9590d5a42ad"
+SRCREV = "cd0d391af9535b56e612ed227c1b89be269f3d59"
 
 SRC_URI = "git://github.com/thkukuk/libnss_nis;branch=master;protocol=https \
           "
diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
index f55e0b0..d466905 100644
--- a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
+++ b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
@@ -14,8 +14,7 @@
 UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)/"
 SRC_URI[sha256sum] = "6474e98851d9f6f33871957ddee9714fdcd9d8a5ee9abb5a98d63ea2e60e12f3"
 
-# Was fixed in 1.3.3rc1 so not present in 1.3.3
-CVE_CHECK_IGNORE += "CVE-2021-46828"
+CVE_STATUS[CVE-2021-46828] = "fixed-version: fixed in 1.3.3rc1 so not present in 1.3.3"
 
 inherit autotools pkgconfig
 
diff --git a/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb b/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb
index f0755e3..10a6149 100644
--- a/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb
+++ b/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb
@@ -16,8 +16,9 @@
 
 SRC_URI[sha256sum] = "8fa12015e3b8415c121fc9c0ca53aa872f7b0702f543afda7e32b6c4900f6516"
 
-# These CVEs are debian, gentoo or SUSE specific on the way logrotate was installed/used
-CVE_CHECK_IGNORE += "CVE-2011-1548 CVE-2011-1549 CVE-2011-1550"
+CVE_STATUS_GROUPS = "CVE_STATUS_RECIPE"
+CVE_STATUS_RECIPE = "CVE-2011-1548 CVE-2011-1549 CVE-2011-1550"
+CVE_STATUS_RECIPE[status] = "not-applicable-platform: CVE is debian, gentoo or SUSE specific on the way logrotate was installed/used"
 
 PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'acl selinux', d)}"
 
diff --git a/poky/meta/recipes-extended/ltp/ltp_20230516.bb b/poky/meta/recipes-extended/ltp/ltp_20230516.bb
index ddc6523..e9407d3 100644
--- a/poky/meta/recipes-extended/ltp/ltp_20230516.bb
+++ b/poky/meta/recipes-extended/ltp/ltp_20230516.bb
@@ -93,6 +93,7 @@
     e2fsprogs-mke2fs \
     expect \
     file \
+    findutils \
     gawk \
     gdb \
     gzip \
diff --git a/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch b/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
new file mode 100644
index 0000000..cea435f
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
@@ -0,0 +1,148 @@
+From ca458f4dcc4de9403298f67543466ce4bbc8f8ae Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:07 -0600
+Subject: [PATCH 1/4] DDF: Cleanup validate_geometry_ddf_container()
+
+Move the function up so that the function declaration is not necessary
+and remove the unused arguments to the function.
+
+No functional changes are intended but will help with a bug fix in the
+next patch.
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=679bd9508a30
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ super-ddf.c | 88 ++++++++++++++++++++++++-----------------------------
+ 1 file changed, 39 insertions(+), 49 deletions(-)
+
+diff --git a/super-ddf.c b/super-ddf.c
+index 3f304cd..65cf727 100644
+--- a/super-ddf.c
++++ b/super-ddf.c
+@@ -503,13 +503,6 @@ struct ddf_super {
+ static int load_super_ddf_all(struct supertype *st, int fd,
+ 			      void **sbp, char *devname);
+ static int get_svd_state(const struct ddf_super *, const struct vcl *);
+-static int
+-validate_geometry_ddf_container(struct supertype *st,
+-				int level, int layout, int raiddisks,
+-				int chunk, unsigned long long size,
+-				unsigned long long data_offset,
+-				char *dev, unsigned long long *freesize,
+-				int verbose);
+ 
+ static int validate_geometry_ddf_bvd(struct supertype *st,
+ 				     int level, int layout, int raiddisks,
+@@ -3322,6 +3315,42 @@ static int reserve_space(struct supertype *st, int raiddisks,
+ 	return 1;
+ }
+ 
++static int
++validate_geometry_ddf_container(struct supertype *st,
++				int level, int raiddisks,
++				unsigned long long data_offset,
++				char *dev, unsigned long long *freesize,
++				int verbose)
++{
++	int fd;
++	unsigned long long ldsize;
++
++	if (level != LEVEL_CONTAINER)
++		return 0;
++	if (!dev)
++		return 1;
++
++	fd = dev_open(dev, O_RDONLY|O_EXCL);
++	if (fd < 0) {
++		if (verbose)
++			pr_err("ddf: Cannot open %s: %s\n",
++			       dev, strerror(errno));
++		return 0;
++	}
++	if (!get_dev_size(fd, dev, &ldsize)) {
++		close(fd);
++		return 0;
++	}
++	close(fd);
++	if (freesize) {
++		*freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS);
++		if (*freesize == 0)
++			return 0;
++	}
++
++	return 1;
++}
++
+ static int validate_geometry_ddf(struct supertype *st,
+ 				 int level, int layout, int raiddisks,
+ 				 int *chunk, unsigned long long size,
+@@ -3347,11 +3376,9 @@ static int validate_geometry_ddf(struct supertype *st,
+ 		level = LEVEL_CONTAINER;
+ 	if (level == LEVEL_CONTAINER) {
+ 		/* Must be a fresh device to add to a container */
+-		return validate_geometry_ddf_container(st, level, layout,
+-						       raiddisks, *chunk,
+-						       size, data_offset, dev,
+-						       freesize,
+-						       verbose);
++		return validate_geometry_ddf_container(st, level, raiddisks,
++						       data_offset, dev,
++						       freesize, verbose);
+ 	}
+ 
+ 	if (!dev) {
+@@ -3449,43 +3476,6 @@ static int validate_geometry_ddf(struct supertype *st,
+ 	return 1;
+ }
+ 
+-static int
+-validate_geometry_ddf_container(struct supertype *st,
+-				int level, int layout, int raiddisks,
+-				int chunk, unsigned long long size,
+-				unsigned long long data_offset,
+-				char *dev, unsigned long long *freesize,
+-				int verbose)
+-{
+-	int fd;
+-	unsigned long long ldsize;
+-
+-	if (level != LEVEL_CONTAINER)
+-		return 0;
+-	if (!dev)
+-		return 1;
+-
+-	fd = dev_open(dev, O_RDONLY|O_EXCL);
+-	if (fd < 0) {
+-		if (verbose)
+-			pr_err("ddf: Cannot open %s: %s\n",
+-			       dev, strerror(errno));
+-		return 0;
+-	}
+-	if (!get_dev_size(fd, dev, &ldsize)) {
+-		close(fd);
+-		return 0;
+-	}
+-	close(fd);
+-	if (freesize) {
+-		*freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS);
+-		if (*freesize == 0)
+-			return 0;
+-	}
+-
+-	return 1;
+-}
+-
+ static int validate_geometry_ddf_bvd(struct supertype *st,
+ 				     int level, int layout, int raiddisks,
+ 				     int *chunk, unsigned long long size,
+-- 
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch b/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
new file mode 100644
index 0000000..fafe88b
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
@@ -0,0 +1,56 @@
+From 14f110f0286d38e29ef5e51d7f72e049c2f18323 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:08 -0600
+Subject: [PATCH 2/4] DDF: Fix NULL pointer dereference in
+ validate_geometry_ddf()
+
+A relatively recent patch added a call to validate_geometry() in
+Manage_add() that has level=LEVEL_CONTAINER and chunk=NULL.
+
+This causes some ddf tests to segfault which aborts the test suite.
+
+To fix this, avoid dereferencing chunk when the level is
+LEVEL_CONTAINER or LEVEL_NONE.
+
+Fixes: 1f5d54a06df0 ("Manage: Call validate_geometry when adding drive to external container")
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=2b93288a5650
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ super-ddf.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/super-ddf.c b/super-ddf.c
+index 65cf727..3ef1293 100644
+--- a/super-ddf.c
++++ b/super-ddf.c
+@@ -3369,9 +3369,6 @@ static int validate_geometry_ddf(struct supertype *st,
+ 	 * If given BVDs, we make an SVD, changing all the GUIDs in the process.
+ 	 */
+ 
+-	if (*chunk == UnSet)
+-		*chunk = DEFAULT_CHUNK;
+-
+ 	if (level == LEVEL_NONE)
+ 		level = LEVEL_CONTAINER;
+ 	if (level == LEVEL_CONTAINER) {
+@@ -3381,6 +3378,9 @@ static int validate_geometry_ddf(struct supertype *st,
+ 						       freesize, verbose);
+ 	}
+ 
++	if (*chunk == UnSet)
++		*chunk = DEFAULT_CHUNK;
++
+ 	if (!dev) {
+ 		mdu_array_info_t array = {
+ 			.level = level,
+-- 
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch b/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
new file mode 100644
index 0000000..a954ab0
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
@@ -0,0 +1,91 @@
+From bd064da1469a6a07331b076a0294a8c6c3c38526 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:09 -0600
+Subject: [PATCH 3/4] mdadm/Grow: Fix use after close bug by closing after fork
+
+The test 07reshape-grow fails most of the time. But it succeeds around
+1 in 5 times. When it does succeed, it causes the tests to die because
+mdadm has segfaulted.
+
+The segfault was caused by mdadm attempting to repoen a file
+descriptor that was already closed. The backtrace of the segfault
+was:
+
+  #0  __strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:101
+  #1  0x000056146e31d44b in devnm2devid (devnm=0x0) at util.c:956
+  #2  0x000056146e31dab4 in open_dev_flags (devnm=0x0, flags=0)
+                         at util.c:1072
+  #3  0x000056146e31db22 in open_dev (devnm=0x0) at util.c:1079
+  #4  0x000056146e3202e8 in reopen_mddev (mdfd=4) at util.c:2244
+  #5  0x000056146e329f36 in start_array (mdfd=4,
+              mddev=0x7ffc55342450 "/dev/md0", content=0x7ffc55342860,
+              st=0x56146fc78660, ident=0x7ffc55342f70, best=0x56146fc6f5d0,
+              bestcnt=10, chosen_drive=0, devices=0x56146fc706b0, okcnt=5,
+	      sparecnt=0,  rebuilding_cnt=0, journalcnt=0, c=0x7ffc55342e90,
+	      clean=1,  avail=0x56146fc78720 "\001\001\001\001\001",
+	      start_partial_ok=0, err_ok=0, was_forced=0)
+	                  at Assemble.c:1206
+  #6  0x000056146e32c36e in Assemble (st=0x56146fc78660,
+               mddev=0x7ffc55342450 "/dev/md0", ident=0x7ffc55342f70,
+	       devlist=0x56146fc6e2d0, c=0x7ffc55342e90)
+	                 at Assemble.c:1914
+  #7  0x000056146e312ac9 in main (argc=11, argv=0x7ffc55343238)
+                         at mdadm.c:1510
+
+The file descriptor was closed early in Grow_continue(). The noted commit
+moved the close() call to close the fd above the fork which caused the
+parent process to return with a closed fd.
+
+This meant reshape_array() and Grow_continue() would return in the parent
+with the fd forked. The fd would eventually be passed to reopen_mddev()
+which returned an unhandled NULL from fd2devnm() which would then be
+dereferenced in devnm2devid.
+
+Fix this by moving the close() call below the fork. This appears to
+fix the 07revert-grow test. While we're at it, switch to using
+close_fd() to invalidate the file descriptor.
+
+Fixes: 77b72fa82813 ("mdadm/Grow: prevent md's fd from being occupied during delayed time")
+Cc: Alex Wu <alexwu@synology.com>
+Cc: BingJing Chang <bingjingc@synology.com>
+Cc: Danny Shih <dannyshih@synology.com>
+Cc: ChangSyun Peng <allenpeng@synology.com>
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=548e9b916f86
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Grow.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/Grow.c b/Grow.c
+index 9c6fc95..a8e4e83 100644
+--- a/Grow.c
++++ b/Grow.c
+@@ -3501,7 +3501,6 @@ started:
+ 			return 0;
+ 		}
+ 
+-	close(fd);
+ 	/* Now we just need to kick off the reshape and watch, while
+ 	 * handling backups of the data...
+ 	 * This is all done by a forked background process.
+@@ -3522,6 +3521,9 @@ started:
+ 		break;
+ 	}
+ 
++	/* Close unused file descriptor in the forked process */
++	close_fd(&fd);
++
+ 	/* If another array on the same devices is busy, the
+ 	 * reshape will wait for them.  This would mean that
+ 	 * the first section that we suspend will stay suspended
+-- 
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch b/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
new file mode 100644
index 0000000..72cb40f
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
@@ -0,0 +1,42 @@
+From 2296a4a441b4b8546e2eb32403930f1bb8f3ee4a Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:10 -0600
+Subject: [PATCH 4/4] monitor: Avoid segfault when calling NULL get_bad_blocks
+
+Not all struct superswitch implement a get_bad_blocks() function,
+yet mdmon seems to call it without checking for NULL and thus
+occasionally segfaults in the test 10ddf-geometry.
+
+Fix this by checking for NULL before calling it.
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=9ae62977b51d
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ monitor.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/monitor.c b/monitor.c
+index afc3e50..8e43c0d 100644
+--- a/monitor.c
++++ b/monitor.c
+@@ -312,6 +312,9 @@ static int check_for_cleared_bb(struct active_array *a, struct mdinfo *mdi)
+ 	struct md_bb *bb;
+ 	int i;
+ 
++	if (!ss->get_bad_blocks)
++		return -1;
++
+ 	/*
+ 	 * Get a list of bad blocks for an array, then read list of
+ 	 * acknowledged bad blocks from kernel and compare it against metadata
+-- 
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch b/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
new file mode 100644
index 0000000..c55bfb1
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
@@ -0,0 +1,128 @@
+From feab1f72fcf032a4d21d0a69eb61b23a5ddb3352 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:18 -0600
+Subject: [PATCH 5/6] mdadm/test: Mark and ignore broken test failures
+
+Add functionality to continue if a test marked as broken fails.
+
+To mark a test as broken, a file with the same name but with the suffix
+'.broken' should exist. The first line in the file will be printed with
+a KNOWN BROKEN message; the rest of the file can describe the how the
+test is broken.
+
+Also adds --skip-broken and --skip-always-broken to skip all the tests
+that have a .broken file or to skip all tests whose .broken file's first
+line contains the keyword always.
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
+
+[OP: adjusted context for mdadm-4.2]
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ test | 37 +++++++++++++++++++++++++++++++++++--
+ 1 file changed, 35 insertions(+), 2 deletions(-)
+
+diff --git a/test b/test
+index 8f189d9..ee8fba1 100755
+--- a/test
++++ b/test
+@@ -10,6 +10,8 @@ devlist=
+ 
+ savelogs=0
+ exitonerror=1
++ctrl_c_error=0
++skipbroken=0
+ prefix='[0-9][0-9]'
+ 
+ # use loop devices by default if doesn't specify --dev
+@@ -35,6 +37,7 @@ die() {
+ 
+ ctrl_c() {
+ 	exitonerror=1
++	ctrl_c_error=1
+ }
+ 
+ # mdadm always adds --quiet, and we want to see any unexpected messages
+@@ -79,8 +82,21 @@ mdadm() {
+ do_test() {
+ 	_script=$1
+ 	_basename=`basename $_script`
++	_broken=0
++
+ 	if [ -f "$_script" ]
+ 	then
++		if [ -f "${_script}.broken" ]; then
++			_broken=1
++			_broken_msg=$(head -n1 "${_script}.broken" | tr -d '\n')
++			if [ "$skipbroken" == "all" ]; then
++				return
++			elif [ "$skipbroken" == "always" ] &&
++			     [[ "$_broken_msg" == *always* ]]; then
++				return
++			fi
++		fi
++
+ 		rm -f $targetdir/stderr
+ 		# this might have been reset: restore the default.
+ 		echo 2000 > /proc/sys/dev/raid/speed_limit_max
+@@ -97,10 +113,15 @@ do_test() {
+ 		else
+ 			save_log fail
+ 			_fail=1
++			if [ "$_broken" == "1" ]; then
++				echo "  (KNOWN BROKEN TEST: $_broken_msg)"
++			fi
+ 		fi
+ 		[ "$savelogs" == "1" ] &&
+ 			mv -f $targetdir/log $logdir/$_basename.log
+-		[ "$_fail" == "1" -a "$exitonerror" == "1" ] && exit 1
++		[ "$ctrl_c_error" == "1" ] && exit 1
++		[ "$_fail" == "1" -a "$exitonerror" == "1" \
++		  -a "$_broken" == "0" ] && exit 1
+ 	fi
+ }
+ 
+@@ -117,6 +138,8 @@ do_help() {
+ 		--logdir=directory          Directory to save all logfiles in
+ 		--save-logs                 Usually use with --logdir together
+ 		--keep-going | --no-error   Don't stop on error, ie. run all tests
++		--skip-broken               Skip tests that are known to be broken
++		--skip-always-broken        Skip tests that are known to always fail
+ 		--dev=loop|lvm|ram|disk     Use loop devices (default), LVM, RAM or disk
+ 		--disks=                    Provide a bunch of physical devices for test
+ 		--volgroup=name             LVM volume group for LVM test
+@@ -211,6 +234,12 @@ parse_args() {
+ 		--keep-going | --no-error )
+ 			exitonerror=0
+ 			;;
++		--skip-broken )
++			skipbroken=all
++			;;
++		--skip-always-broken )
++			skipbroken=always
++			;;
+ 		--disable-multipath )
+ 			unset MULTIPATH
+ 			;;
+@@ -275,7 +304,11 @@ main() {
+ 			if [ $script == "$testdir/11spare-migration" ];then
+ 				continue
+ 			fi
+-			do_test $script
++			case $script in
++			 *.broken) ;;
++			 *)
++			     do_test $script
++			 esac
+ 		done
+ 	fi
+ 
+-- 
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch b/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
new file mode 100644
index 0000000..115b23b
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
@@ -0,0 +1,454 @@
+From fd1c26ba129b069d9f73afaefdbe53683de3814a Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:19 -0600
+Subject: [PATCH 6/6] tests: Add broken files for all broken tests
+
+Each broken file contains the rough frequency of brokeness as well
+as a brief explanation of what happens when it breaks. Estimates
+of failure rates are not statistically significant and can vary
+run to run.
+
+This is really just a view from my window. Tests were done on a
+small VM with the default loop devices, not real hardware. We've
+seen different kernel configurations can cause bugs to appear as well
+(ie. different block schedulers). It may also be that different race
+conditions will be seen on machines with different performance
+characteristics.
+
+These annotations were done with the kernel currently in md/md-next:
+
+ facef3b96c5b ("md: Notify sysfs sync_completed in md_reap_sync_thread()")
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=daa86d663476
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ tests/01r5integ.broken                     |  7 ++++
+ tests/01raid6integ.broken                  |  7 ++++
+ tests/04r5swap.broken                      |  7 ++++
+ tests/07autoassemble.broken                |  8 ++++
+ tests/07autodetect.broken                  |  5 +++
+ tests/07changelevelintr.broken             |  9 +++++
+ tests/07changelevels.broken                |  9 +++++
+ tests/07reshape5intr.broken                | 45 ++++++++++++++++++++++
+ tests/07revert-grow.broken                 | 31 +++++++++++++++
+ tests/07revert-shrink.broken               |  9 +++++
+ tests/07testreshape5.broken                | 12 ++++++
+ tests/09imsm-assemble.broken               |  6 +++
+ tests/09imsm-create-fail-rebuild.broken    |  5 +++
+ tests/09imsm-overlap.broken                |  7 ++++
+ tests/10ddf-assemble-missing.broken        |  6 +++
+ tests/10ddf-fail-create-race.broken        |  7 ++++
+ tests/10ddf-fail-two-spares.broken         |  5 +++
+ tests/10ddf-incremental-wrong-order.broken |  9 +++++
+ tests/14imsm-r1_2d-grow-r1_3d.broken       |  5 +++
+ tests/14imsm-r1_2d-takeover-r0_2d.broken   |  6 +++
+ tests/18imsm-r10_4d-takeover-r0_2d.broken  |  5 +++
+ tests/18imsm-r1_2d-takeover-r0_1d.broken   |  6 +++
+ tests/19raid6auto-repair.broken            |  5 +++
+ tests/19raid6repair.broken                 |  5 +++
+ 24 files changed, 226 insertions(+)
+ create mode 100644 tests/01r5integ.broken
+ create mode 100644 tests/01raid6integ.broken
+ create mode 100644 tests/04r5swap.broken
+ create mode 100644 tests/07autoassemble.broken
+ create mode 100644 tests/07autodetect.broken
+ create mode 100644 tests/07changelevelintr.broken
+ create mode 100644 tests/07changelevels.broken
+ create mode 100644 tests/07reshape5intr.broken
+ create mode 100644 tests/07revert-grow.broken
+ create mode 100644 tests/07revert-shrink.broken
+ create mode 100644 tests/07testreshape5.broken
+ create mode 100644 tests/09imsm-assemble.broken
+ create mode 100644 tests/09imsm-create-fail-rebuild.broken
+ create mode 100644 tests/09imsm-overlap.broken
+ create mode 100644 tests/10ddf-assemble-missing.broken
+ create mode 100644 tests/10ddf-fail-create-race.broken
+ create mode 100644 tests/10ddf-fail-two-spares.broken
+ create mode 100644 tests/10ddf-incremental-wrong-order.broken
+ create mode 100644 tests/14imsm-r1_2d-grow-r1_3d.broken
+ create mode 100644 tests/14imsm-r1_2d-takeover-r0_2d.broken
+ create mode 100644 tests/18imsm-r10_4d-takeover-r0_2d.broken
+ create mode 100644 tests/18imsm-r1_2d-takeover-r0_1d.broken
+ create mode 100644 tests/19raid6auto-repair.broken
+ create mode 100644 tests/19raid6repair.broken
+
+diff --git a/tests/01r5integ.broken b/tests/01r5integ.broken
+new file mode 100644
+index 0000000..2073763
+--- /dev/null
++++ b/tests/01r5integ.broken
+@@ -0,0 +1,7 @@
++fails rarely
++
++Fails about 1 in every 30 runs with a sha mismatch error:
++
++    c49ab26e1b01def7874af9b8a6d6d0c29fdfafe6 /dev/md0 does not match
++    15dc2f73262f811ada53c65e505ceec9cf025cb9 /dev/md0 with /dev/loop3
++    missing
+diff --git a/tests/01raid6integ.broken b/tests/01raid6integ.broken
+new file mode 100644
+index 0000000..1df735f
+--- /dev/null
++++ b/tests/01raid6integ.broken
+@@ -0,0 +1,7 @@
++fails infrequently
++
++Fails about 1 in 5 with a sha mismatch:
++
++    8286c2bc045ae2cfe9f8b7ae3a898fa25db6926f /dev/md0 does not match
++    a083a0738b58caab37fd568b91b177035ded37df /dev/md0 with /dev/loop2 and
++    /dev/loop3 missing
+diff --git a/tests/04r5swap.broken b/tests/04r5swap.broken
+new file mode 100644
+index 0000000..e38987d
+--- /dev/null
++++ b/tests/04r5swap.broken
+@@ -0,0 +1,7 @@
++always fails
++
++Fails with errors:
++
++  mdadm: /dev/loop0 has no superblock - assembly aborted
++
++   ERROR: no recovery happening
+diff --git a/tests/07autoassemble.broken b/tests/07autoassemble.broken
+new file mode 100644
+index 0000000..8be0940
+--- /dev/null
++++ b/tests/07autoassemble.broken
+@@ -0,0 +1,8 @@
++always fails
++
++Prints lots of messages, but the array doesn't assemble. Error
++possibly related to:
++
++  mdadm: /dev/md/1 is busy - skipping
++  mdadm: no recogniseable superblock on /dev/md/testing:0
++  mdadm: /dev/md/2 is busy - skipping
+diff --git a/tests/07autodetect.broken b/tests/07autodetect.broken
+new file mode 100644
+index 0000000..294954a
+--- /dev/null
++++ b/tests/07autodetect.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with error:
++
++    ERROR: no resync happening
+diff --git a/tests/07changelevelintr.broken b/tests/07changelevelintr.broken
+new file mode 100644
+index 0000000..284b490
+--- /dev/null
++++ b/tests/07changelevelintr.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++
++  mdadm: this change will reduce the size of the array.
++         use --grow --array-size first to truncate array.
++         e.g. mdadm --grow /dev/md0 --array-size 56832
++
++  ERROR: no reshape happening
+diff --git a/tests/07changelevels.broken b/tests/07changelevels.broken
+new file mode 100644
+index 0000000..9b930d9
+--- /dev/null
++++ b/tests/07changelevels.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++
++    mdadm: /dev/loop0 is smaller than given size. 18976K < 19968K + metadata
++    mdadm: /dev/loop1 is smaller than given size. 18976K < 19968K + metadata
++    mdadm: /dev/loop2 is smaller than given size. 18976K < 19968K + metadata
++
++    ERROR: /dev/md0 isn't a block device.
+diff --git a/tests/07reshape5intr.broken b/tests/07reshape5intr.broken
+new file mode 100644
+index 0000000..efe52a6
+--- /dev/null
++++ b/tests/07reshape5intr.broken
+@@ -0,0 +1,45 @@
++always fails
++
++This patch, recently added to md-next causes the test to always fail:
++
++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex
++held")
++
++The new error is simply:
++
++   ERROR: no reshape happening
++
++Before the patch, the error seen is below.
++
++--
++
++fails infrequently
++
++Fails roughly 1 in 4 runs with errors:
++
++    mdadm: Merging with already-assembled /dev/md/0
++    mdadm: cannot re-read metadata from /dev/loop6 - aborting
++
++    ERROR: no reshape happening
++
++Also have seen a random deadlock:
++
++     INFO: task mdadm:109702 blocked for more than 30 seconds.
++           Not tainted 5.18.0-rc3-eid-vmlocalyes-dbg-00095-g3c2b5427979d #2040
++     "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
++     task:mdadm           state:D stack:    0 pid:109702 ppid:     1 flags:0x00004000
++     Call Trace:
++      <TASK>
++      __schedule+0x67e/0x13b0
++      schedule+0x82/0x110
++      mddev_suspend+0x2e1/0x330
++      suspend_lo_store+0xbd/0x140
++      md_attr_store+0xcb/0x130
++      sysfs_kf_write+0x89/0xb0
++      kernfs_fop_write_iter+0x202/0x2c0
++      new_sync_write+0x222/0x330
++      vfs_write+0x3bc/0x4d0
++      ksys_write+0xd9/0x180
++      __x64_sys_write+0x43/0x50
++      do_syscall_64+0x3b/0x90
++      entry_SYSCALL_64_after_hwframe+0x44/0xae
+diff --git a/tests/07revert-grow.broken b/tests/07revert-grow.broken
+new file mode 100644
+index 0000000..9b6db86
+--- /dev/null
++++ b/tests/07revert-grow.broken
+@@ -0,0 +1,31 @@
++always fails
++
++This patch, recently added to md-next causes the test to always fail:
++
++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex held")
++
++The errors are:
++
++    mdadm: No active reshape to revert on /dev/loop0
++    ERROR: active raid5 not found
++
++Before the patch, the error seen is below.
++
++--
++
++fails rarely
++
++Fails about 1 in every 30 runs with errors:
++
++    mdadm: Merging with already-assembled /dev/md/0
++    mdadm: backup file /tmp/md-backup inaccessible: No such file or directory
++    mdadm: failed to add /dev/loop1 to /dev/md/0: Invalid argument
++    mdadm: failed to add /dev/loop2 to /dev/md/0: Invalid argument
++    mdadm: failed to add /dev/loop3 to /dev/md/0: Invalid argument
++    mdadm: failed to add /dev/loop0 to /dev/md/0: Invalid argument
++    mdadm: /dev/md/0 assembled from 1 drive - need all 5 to start it
++            (use --run to insist).
++
++    grep: /sys/block/md*/md/sync_action: No such file or directory
++
++    ERROR: active raid5 not found
+diff --git a/tests/07revert-shrink.broken b/tests/07revert-shrink.broken
+new file mode 100644
+index 0000000..c33c39e
+--- /dev/null
++++ b/tests/07revert-shrink.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++
++    mdadm: this change will reduce the size of the array.
++           use --grow --array-size first to truncate array.
++           e.g. mdadm --grow /dev/md0 --array-size 53760
++
++    ERROR: active raid5 not found
+diff --git a/tests/07testreshape5.broken b/tests/07testreshape5.broken
+new file mode 100644
+index 0000000..a8ce03e
+--- /dev/null
++++ b/tests/07testreshape5.broken
+@@ -0,0 +1,12 @@
++always fails
++
++Test seems to run 'test_stripe' at $dir directory, but $dir is never
++set. If $dir is adjusted to $PWD, the test still fails with:
++
++    mdadm: /dev/loop2 is not suitable for this array.
++    mdadm: create aborted
++    ++ return 1
++    ++ cmp -s -n 8192 /dev/md0 /tmp/RandFile
++    ++ echo cmp failed
++    cmp failed
++    ++ exit 2
+diff --git a/tests/09imsm-assemble.broken b/tests/09imsm-assemble.broken
+new file mode 100644
+index 0000000..a6d4d5c
+--- /dev/null
++++ b/tests/09imsm-assemble.broken
+@@ -0,0 +1,6 @@
++fails infrequently
++
++Fails roughly 1 in 10 runs with errors:
++
++    mdadm: /dev/loop2 is still in use, cannot remove.
++    /dev/loop2 removal from /dev/md/container should have succeeded
+diff --git a/tests/09imsm-create-fail-rebuild.broken b/tests/09imsm-create-fail-rebuild.broken
+new file mode 100644
+index 0000000..40c4b29
+--- /dev/null
++++ b/tests/09imsm-create-fail-rebuild.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with error:
++
++    **Error**: Array size mismatch - expected 3072, actual 16384
+diff --git a/tests/09imsm-overlap.broken b/tests/09imsm-overlap.broken
+new file mode 100644
+index 0000000..e7ccab7
+--- /dev/null
++++ b/tests/09imsm-overlap.broken
+@@ -0,0 +1,7 @@
++always fails
++
++Fails with errors:
++
++    **Error**: Offset mismatch - expected 15360, actual 0
++    **Error**: Offset mismatch - expected 15360, actual 0
++    /dev/md/vol3 failed check
+diff --git a/tests/10ddf-assemble-missing.broken b/tests/10ddf-assemble-missing.broken
+new file mode 100644
+index 0000000..bfd8d10
+--- /dev/null
++++ b/tests/10ddf-assemble-missing.broken
+@@ -0,0 +1,6 @@
++always fails
++
++Fails with errors:
++
++    ERROR: /dev/md/vol0 has unexpected state on /dev/loop10
++    ERROR: unexpected number of online disks on /dev/loop10
+diff --git a/tests/10ddf-fail-create-race.broken b/tests/10ddf-fail-create-race.broken
+new file mode 100644
+index 0000000..6c0df02
+--- /dev/null
++++ b/tests/10ddf-fail-create-race.broken
+@@ -0,0 +1,7 @@
++usually fails
++
++Fails about 9 out of 10 times with many errors:
++
++    mdadm: cannot open MISSING: No such file or directory
++    ERROR: non-degraded array found
++    ERROR: disk 0 not marked as failed in meta data
+diff --git a/tests/10ddf-fail-two-spares.broken b/tests/10ddf-fail-two-spares.broken
+new file mode 100644
+index 0000000..eeea56d
+--- /dev/null
++++ b/tests/10ddf-fail-two-spares.broken
+@@ -0,0 +1,5 @@
++fails infrequently
++
++Fails roughly 1 in 3 with error:
++
++   ERROR: /dev/md/vol1 should be optimal in meta data
+diff --git a/tests/10ddf-incremental-wrong-order.broken b/tests/10ddf-incremental-wrong-order.broken
+new file mode 100644
+index 0000000..a5af3ba
+--- /dev/null
++++ b/tests/10ddf-incremental-wrong-order.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++    ERROR: sha1sum of /dev/md/vol0 has changed
++    ERROR: /dev/md/vol0 has unexpected state on /dev/loop10
++    ERROR: unexpected number of online disks on /dev/loop10
++    ERROR: /dev/md/vol0 has unexpected state on /dev/loop8
++    ERROR: unexpected number of online disks on /dev/loop8
++    ERROR: sha1sum of /dev/md/vol0 has changed
+diff --git a/tests/14imsm-r1_2d-grow-r1_3d.broken b/tests/14imsm-r1_2d-grow-r1_3d.broken
+new file mode 100644
+index 0000000..4ef1d40
+--- /dev/null
++++ b/tests/14imsm-r1_2d-grow-r1_3d.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with error:
++
++    mdadm/tests/func.sh: line 325: dvsize/chunk: division by 0 (error token is "chunk")
+diff --git a/tests/14imsm-r1_2d-takeover-r0_2d.broken b/tests/14imsm-r1_2d-takeover-r0_2d.broken
+new file mode 100644
+index 0000000..89cd4e5
+--- /dev/null
++++ b/tests/14imsm-r1_2d-takeover-r0_2d.broken
+@@ -0,0 +1,6 @@
++always fails
++
++Fails with error:
++
++    tests/func.sh: line 325: dvsize/chunk: division by 0 (error token
++		is "chunk")
+diff --git a/tests/18imsm-r10_4d-takeover-r0_2d.broken b/tests/18imsm-r10_4d-takeover-r0_2d.broken
+new file mode 100644
+index 0000000..a27399f
+--- /dev/null
++++ b/tests/18imsm-r10_4d-takeover-r0_2d.broken
+@@ -0,0 +1,5 @@
++fails rarely
++
++Fails about 1 run in 100 with message:
++
++   ERROR:  size is wrong for /dev/md/vol0: 2 * 5120 (chunk=128) = 20480, not 0
+diff --git a/tests/18imsm-r1_2d-takeover-r0_1d.broken b/tests/18imsm-r1_2d-takeover-r0_1d.broken
+new file mode 100644
+index 0000000..aa1982e
+--- /dev/null
++++ b/tests/18imsm-r1_2d-takeover-r0_1d.broken
+@@ -0,0 +1,6 @@
++always fails
++
++Fails with error:
++
++    tests/func.sh: line 325: dvsize/chunk: division by 0 (error token
++			is "chunk")
+diff --git a/tests/19raid6auto-repair.broken b/tests/19raid6auto-repair.broken
+new file mode 100644
+index 0000000..e91a142
+--- /dev/null
++++ b/tests/19raid6auto-repair.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with:
++
++    "should detect errors"
+diff --git a/tests/19raid6repair.broken b/tests/19raid6repair.broken
+new file mode 100644
+index 0000000..e91a142
+--- /dev/null
++++ b/tests/19raid6repair.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with:
++
++    "should detect errors"
+-- 
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/run-ptest b/poky/meta/recipes-extended/mdadm/files/run-ptest
index fae8071..2380c32 100644
--- a/poky/meta/recipes-extended/mdadm/files/run-ptest
+++ b/poky/meta/recipes-extended/mdadm/files/run-ptest
@@ -2,6 +2,6 @@
 
 mkdir -p /mdadm-testing-dir
 # make the test continue to execute even one fail
-dir=. ./test --keep-going --disable-integrity
+dir=. ./test --keep-going --disable-integrity --skip-broken
 
 rm -rf /mdadm-testing-dir/*
diff --git a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb
index 14de9d8..50d9548 100644
--- a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -32,6 +32,12 @@
            file://0001-tests-fix-raid0-tests-for-0.90-metadata.patch \
            file://0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch \
            file://0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch \
+           file://0001-DDF-Cleanup-validate_geometry_ddf_container.patch \
+           file://0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch \
+           file://0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch \
+           file://0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch \
+           file://0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch \
+           file://0006-tests-Add-broken-files-for-all-broken-tests.patch \
            "
 
 SRC_URI[sha256sum] = "461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d"
@@ -101,10 +107,9 @@
 }
 
 RDEPENDS:${PN} += "bash"
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs"
+RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk util-linux-losetup strace"
 RRECOMMENDS:${PN}-ptest += " \
     coreutils \
-    util-linux \
     kernel-module-loop \
     kernel-module-linear \
     kernel-module-raid0 \
diff --git a/poky/meta/recipes-extended/msmtp/msmtp_1.8.23.bb b/poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb
similarity index 91%
rename from poky/meta/recipes-extended/msmtp/msmtp_1.8.23.bb
rename to poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb
index 5e68a7e..b8c8671 100644
--- a/poky/meta/recipes-extended/msmtp/msmtp_1.8.23.bb
+++ b/poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb
@@ -11,7 +11,7 @@
 UPSTREAM_CHECK_URI = "https://marlam.de/msmtp/download/"
 
 SRC_URI = "https://marlam.de/${BPN}/releases/${BP}.tar.xz"
-SRC_URI[sha256sum] = "cf04c16b099b3d414db4b5b93fc5ed9d46aad564c81a352aa107a33964c356b8"
+SRC_URI[sha256sum] = "bd6644b1aaab17d61b86647993e3efad860b23c54283b00ddc579c1f5110aa59"
 
 inherit gettext autotools update-alternatives pkgconfig
 
diff --git a/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch b/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch
new file mode 100644
index 0000000..95c437d
--- /dev/null
+++ b/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch
@@ -0,0 +1,39 @@
+From 9b96fcfa5748934b8b6a4db4ee25a5e3165905c0 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 1 Jul 2023 07:48:17 -0700
+Subject: [PATCH] examples: Replace use of termio.h with termios.h
+
+Fixes build with musl and makes it portable
+
+Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/5374f677e4cae669eb9accf2449178b602e8a40a]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ examples/tty_conv.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/examples/tty_conv.c b/examples/tty_conv.c
+index 23f0684..db22500 100644
+--- a/examples/tty_conv.c
++++ b/examples/tty_conv.c
+@@ -6,7 +6,8 @@
+ #include <string.h>
+ #include <errno.h>
+ #include <unistd.h>
+-#include <termio.h>
++#include <termios.h>
++#include <sys/ioctl.h>
+ #include <security/pam_appl.h>
+ 
+ /***************************************
+@@ -16,7 +17,7 @@
+  ***************************************/
+ static void echoOff(int fd, int off)
+ {
+-    struct termio tty;
++    struct termios tty;
+     if (ioctl(fd, TCGETA, &tty) < 0)
+     {
+         fprintf(stderr, "TCGETA failed: %s\n", strerror(errno));
+-- 
+2.41.0
+
diff --git a/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch b/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
deleted file mode 100644
index 94dcb04..0000000
--- a/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 42404548721c653317c911c83d885e2fc7fbca70 Mon Sep 17 00:00:00 2001
-From: Per Jessen <per@jessen.ch>
-Date: Fri, 22 Apr 2022 18:15:36 +0200
-Subject: [PATCH] pam_motd: do not rely on all filesystems providing a filetype
-
-When using scandir() to look for MOTD files to display, we wrongly
-relied on all filesystems providing a filetype.  This is a fix to divert
-to lstat() when we have no filetype.  To maintain MT safety, it isn't
-possible to use lstat() in the scandir() filter function, so all of the
-filtering has been moved to an additional loop after scanning all the
-motd dirs.
-Also, remove superfluous alphasort from scandir(), we are doing
-a qsort() later.
-
-Resolves: https://github.com/linux-pam/linux-pam/issues/455
-
-Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/42404548721c653317c911c83d885e2fc7fbca70]
-
-Signed-off-by: Per Jessen <per@jessen.ch>
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
----
- modules/pam_motd/pam_motd.c | 49 ++++++++++++++++++++++++++++++-------
- 1 file changed, 40 insertions(+), 9 deletions(-)
-
-diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
-index 6ac8cba2..5ca486e4 100644
---- a/modules/pam_motd/pam_motd.c
-+++ b/modules/pam_motd/pam_motd.c
-@@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b)
-     }
- }
- 
--static int filter_dirents(const struct dirent *d)
--{
--    return (d->d_type == DT_REG || d->d_type == DT_LNK);
--}
--
- static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
- 	char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing)
- {
-@@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
- 
-     for (i = 0; i < num_motd_dirs; i++) {
- 	int rv;
--	rv = scandir(motd_dir_path_split[i], &(dirscans[i]),
--		filter_dirents, alphasort);
-+	rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL);
- 	if (rv < 0) {
- 	    if (errno != ENOENT || report_missing) {
- 		pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m",
-@@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
-     if (dirscans_size_total == 0)
-         goto out;
- 
-+    /* filter out unwanted names, directories, and complement data with lstat() */
-+    for (i = 0; i < num_motd_dirs; i++) {
-+	struct dirent **d = dirscans[i];
-+	for (unsigned int j = 0; j < dirscans_sizes[i]; j++) {
-+	    int rc;
-+	    char *fullpath;
-+	    struct stat s;
-+
-+	    switch(d[j]->d_type) {    /* the filetype determines how to proceed */
-+	    case DT_REG:              /* regular files and     */
-+	    case DT_LNK:              /* symlinks              */
-+		continue;             /* are good.             */
-+	    case DT_UNKNOWN:   /* for file systems that do not provide */
-+			       /* a filetype, we use lstat()           */
-+		if (join_dir_strings(&fullpath, motd_dir_path_split[i],
-+				     d[j]->d_name) <= 0)
-+		    break;
-+		rc = lstat(fullpath, &s);
-+		_pam_drop(fullpath);  /* free the memory alloc'ed by join_dir_strings */
-+		if (rc != 0)          /* if the lstat() somehow failed */
-+		    break;
-+
-+		if (S_ISREG(s.st_mode) ||          /* regular files and  */
-+		    S_ISLNK(s.st_mode)) continue;  /* symlinks are good  */
-+		break;
-+	    case DT_DIR:          /* We don't want directories     */
-+	    default:              /* nor anything else             */
-+		break;
-+	    }
-+	    _pam_drop(d[j]);  /* free memory                   */
-+	    d[j] = NULL;      /* indicate this one was dropped */
-+	    dirscans_size_total--;
-+	}
-+    }
-+
-     /* Allocate space for all file names found in the directories, including duplicates. */
-     if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) {
- 	pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array");
-@@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
- 	unsigned int j;
- 
- 	for (j = 0; j < dirscans_sizes[i]; j++) {
--	    dirnames_all[i_dirnames] = dirscans[i][j]->d_name;
--	    i_dirnames++;
-+	    if (NULL != dirscans[i][j]) {
-+	        dirnames_all[i_dirnames] = dirscans[i][j]->d_name;
-+	        i_dirnames++;
-+	    }
- 	}
-     }
- 
--- 
-2.39.0
-
diff --git a/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch b/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch
deleted file mode 100644
index 40040a8..0000000
--- a/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From e8e8ccfd57e0274b431bc5717bf37c488285b07b Mon Sep 17 00:00:00 2001
-From: Mingli Yu <mingli.yu@windriver.com>
-Date: Wed, 27 Oct 2021 10:30:46 +0800
-Subject: [PATCH] run-xtests.sh: check whether files exist
-
-Fixes:
- # ./run-xtests.sh . tst-pam_access1
- mv: cannot stat '/etc/security/opasswd': No such file or directory
- PASS: tst-pam_access1
- mv: cannot stat '/etc/security/opasswd-pam-xtests': No such file or directory
- ==================
- 1 tests passed
- 0 tests not run
- ==================
-
-Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/e8e8ccfd57e0274b431bc5717bf37c488285b07b]
-
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
----
- xtests/run-xtests.sh | 20 +++++++++++++-------
- 1 file changed, 13 insertions(+), 7 deletions(-)
-
-diff --git a/xtests/run-xtests.sh b/xtests/run-xtests.sh
-index 14f585d9..ff9a4dc1 100755
---- a/xtests/run-xtests.sh
-+++ b/xtests/run-xtests.sh
-@@ -18,10 +18,12 @@ all=0
- 
- mkdir -p /etc/security
- for config in access.conf group.conf time.conf limits.conf ; do
--	cp /etc/security/$config /etc/security/$config-pam-xtests
-+	[ -f "/etc/security/$config" ] &&
-+		mv /etc/security/$config /etc/security/$config-pam-xtests
- 	install -m 644 "${SRCDIR}"/$config /etc/security/$config
- done
--mv /etc/security/opasswd /etc/security/opasswd-pam-xtests
-+[ -f /etc/security/opasswd ] &&
-+	mv /etc/security/opasswd /etc/security/opasswd-pam-xtests
- 
- for testname in $XTESTS ; do
- 	  for cfg in "${SRCDIR}"/$testname*.pamd ; do
-@@ -47,11 +49,15 @@ for testname in $XTESTS ; do
- 	  all=`expr $all + 1`
- 	  rm -f /etc/pam.d/$testname*
- done
--mv /etc/security/access.conf-pam-xtests /etc/security/access.conf
--mv /etc/security/group.conf-pam-xtests /etc/security/group.conf
--mv /etc/security/time.conf-pam-xtests /etc/security/time.conf
--mv /etc/security/limits.conf-pam-xtests /etc/security/limits.conf
--mv /etc/security/opasswd-pam-xtests /etc/security/opasswd
-+
-+for config in access.conf group.conf time.conf limits.conf opasswd ; do
-+	if [ -f "/etc/security/$config-pam-xtests" ]; then
-+		mv /etc/security/$config-pam-xtests /etc/security/$config
-+	else
-+		rm -f /etc/security/$config
-+	fi
-+done
-+
- if test "$failed" -ne 0; then
- 	  echo "==================="
- 	  echo "$failed of $all tests failed"
--- 
-2.32.0
-
diff --git a/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch b/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch
deleted file mode 100644
index e7bf03f..0000000
--- a/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch
+++ /dev/null
@@ -1,205 +0,0 @@
-From 23393bef92c1e768eda329813d7af55481c6ca9f Mon Sep 17 00:00:00 2001
-From: Thorsten Kukuk <kukuk@suse.com>
-Date: Thu, 24 Feb 2022 10:37:32 +0100
-Subject: [PATCH 2/2] pam_access: handle hostnames in access.conf
-
-According to the manual page, the following entry is valid but does not
-work:
--:root:ALL EXCEPT localhost
-
-See https://bugzilla.suse.com/show_bug.cgi?id=1019866
-
-Patched is based on PR#226 from Josef Moellers
-
-Upstream-Status: Backport
-CVE: CVE-2022-28321
-
-Reference to upstream patch:
-[https://github.com/linux-pam/linux-pam/commit/23393bef92c1e768eda329813d7af55481c6ca9f]
-
-Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
----
- modules/pam_access/pam_access.c | 95 ++++++++++++++++++++++++++-------
- 1 file changed, 76 insertions(+), 19 deletions(-)
-
-diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
-index 277192b..bca424f 100644
---- a/modules/pam_access/pam_access.c
-+++ b/modules/pam_access/pam_access.c
-@@ -637,7 +637,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item)
-       if ((str_len = strlen(string)) > tok_len
- 	  && strcasecmp(tok, string + str_len - tok_len) == 0)
- 	return YES;
--    } else if (tok[tok_len - 1] == '.') {
-+    } else if (tok[tok_len - 1] == '.') {       /* internet network numbers (end with ".") */
-       struct addrinfo hint;
- 
-       memset (&hint, '\0', sizeof (hint));
-@@ -678,7 +678,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item)
-       return NO;
-     }
- 
--    /* Assume network/netmask with an IP of a host.  */
-+    /* Assume network/netmask, IP address or hostname.  */
-     return network_netmask_match(pamh, tok, string, item);
- }
- 
-@@ -696,7 +696,7 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string,
-     /*
-      * If the token has the magic value "ALL" the match always succeeds.
-      * Otherwise, return YES if the token fully matches the string.
--	 * "NONE" token matches NULL string.
-+     * "NONE" token matches NULL string.
-      */
- 
-     if (strcasecmp(tok, "ALL") == 0) {		/* all: always matches */
-@@ -714,7 +714,8 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string,
- 
- /* network_netmask_match - match a string against one token
-  * where string is a hostname or ip (v4,v6) address and tok
-- * represents either a single ip (v4,v6) address or a network/netmask
-+ * represents either a hostname, a single ip (v4,v6) address
-+ * or a network/netmask
-  */
- static int
- network_netmask_match (pam_handle_t *pamh,
-@@ -723,10 +724,12 @@ network_netmask_match (pam_handle_t *pamh,
-     char *netmask_ptr;
-     char netmask_string[MAXHOSTNAMELEN + 1];
-     int addr_type;
-+    struct addrinfo *ai = NULL;
- 
-     if (item->debug)
--    pam_syslog (pamh, LOG_DEBUG,
-+      pam_syslog (pamh, LOG_DEBUG,
- 		"network_netmask_match: tok=%s, item=%s", tok, string);
-+
-     /* OK, check if tok is of type addr/mask */
-     if ((netmask_ptr = strchr(tok, '/')) != NULL)
-       {
-@@ -760,54 +763,108 @@ network_netmask_match (pam_handle_t *pamh,
- 	    netmask_ptr = number_to_netmask(netmask, addr_type,
- 		netmask_string, MAXHOSTNAMELEN);
- 	  }
--	}
-+
-+        /*
-+         * Construct an addrinfo list from the IP address.
-+         * This should not fail as the input is a correct IP address...
-+         */
-+	if (getaddrinfo (tok, NULL, NULL, &ai) != 0)
-+	  {
-+	    return NO;
-+	  }
-+      }
-     else
--	/* NO, then check if it is only an addr */
--	if (isipaddr(tok, NULL, NULL) != YES)
-+      {
-+        /*
-+	 * It is either an IP address or a hostname.
-+	 * Let getaddrinfo sort everything out
-+	 */
-+	if (getaddrinfo (tok, NULL, NULL, &ai) != 0)
- 	  {
-+	    pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok);
-+
- 	    return NO;
- 	  }
-+	netmask_ptr = NULL;
-+      }
- 
-     if (isipaddr(string, NULL, NULL) != YES)
-       {
--	/* Assume network/netmask with a name of a host.  */
- 	struct addrinfo hint;
- 
-+	/* Assume network/netmask with a name of a host.  */
- 	memset (&hint, '\0', sizeof (hint));
- 	hint.ai_flags = AI_CANONNAME;
- 	hint.ai_family = AF_UNSPEC;
- 
- 	if (item->gai_rv != 0)
-+	  {
-+	    freeaddrinfo(ai);
- 	    return NO;
-+	  }
- 	else if (!item->res &&
- 		(item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0)
-+	  {
-+	    freeaddrinfo(ai);
- 	    return NO;
-+	  }
-         else
- 	  {
- 	    struct addrinfo *runp = item->res;
-+	    struct addrinfo *runp1;
- 
- 	    while (runp != NULL)
- 	      {
- 		char buf[INET6_ADDRSTRLEN];
- 
--		DIAG_PUSH_IGNORE_CAST_ALIGN;
--		inet_ntop (runp->ai_family,
--			runp->ai_family == AF_INET
--			? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr
--			: (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr,
--			buf, sizeof (buf));
--		DIAG_POP_IGNORE_CAST_ALIGN;
-+		if (getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) != 0)
-+		  {
-+		    freeaddrinfo(ai);
-+		    return NO;
-+		  }
- 
--		if (are_addresses_equal(buf, tok, netmask_ptr))
-+		for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
- 		  {
--		    return YES;
-+                    char buf1[INET6_ADDRSTRLEN];
-+
-+                    if (runp->ai_family != runp1->ai_family)
-+                      continue;
-+
-+                    if (getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST) != 0)
-+		      {
-+			freeaddrinfo(ai);
-+			return NO;
-+		      }
-+
-+                    if (are_addresses_equal (buf, buf1, netmask_ptr))
-+                      {
-+                        freeaddrinfo(ai);
-+                        return YES;
-+                      }
- 		  }
- 		runp = runp->ai_next;
- 	      }
- 	  }
-       }
-     else
--      return (are_addresses_equal(string, tok, netmask_ptr));
-+      {
-+       struct addrinfo *runp1;
-+
-+       for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
-+         {
-+           char buf1[INET6_ADDRSTRLEN];
-+
-+           (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST);
-+
-+           if (are_addresses_equal(string, buf1, netmask_ptr))
-+             {
-+               freeaddrinfo(ai);
-+               return YES;
-+             }
-+         }
-+      }
-+
-+  freeaddrinfo(ai);
- 
-   return NO;
- }
--- 
-2.37.3
-
diff --git a/poky/meta/recipes-extended/pam/libpam_1.5.2.bb b/poky/meta/recipes-extended/pam/libpam_1.5.3.bb
similarity index 95%
rename from poky/meta/recipes-extended/pam/libpam_1.5.2.bb
rename to poky/meta/recipes-extended/pam/libpam_1.5.3.bb
index bec47ab..eafb5aa 100644
--- a/poky/meta/recipes-extended/pam/libpam_1.5.2.bb
+++ b/poky/meta/recipes-extended/pam/libpam_1.5.3.bb
@@ -21,14 +21,12 @@
            file://pam.d/common-session-noninteractive \
            file://pam.d/other \
            file://libpam-xtests.patch \
-           file://0001-run-xtests.sh-check-whether-files-exist.patch \
+           file://0001-examples-Replace-use-of-termio.h-with-termios.h.patch \
            file://run-ptest \
            file://pam-volatiles.conf \
-           file://CVE-2022-28321-0002.patch \
-           file://0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch \
            "
 
-SRC_URI[sha256sum] = "e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d"
+SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283"
 
 DEPENDS = "bison-native flex-native cracklib libxml2-native virtual/crypt"
 
diff --git a/poky/meta/recipes-extended/procps/procps_4.0.3.bb b/poky/meta/recipes-extended/procps/procps_4.0.3.bb
index cc3420d..dc0e957 100644
--- a/poky/meta/recipes-extended/procps/procps_4.0.3.bb
+++ b/poky/meta/recipes-extended/procps/procps_4.0.3.bb
@@ -72,10 +72,6 @@
         d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog))
 }
 
-# 'ps' isn't suitable for use as a security tool so whitelist this CVE.
-# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3
-CVE_CHECK_IGNORE += "CVE-2018-1121"
-
 PROCPS_PACKAGES = "${PN}-lib \
                    ${PN}-ps \
                    ${PN}-sysctl"
diff --git a/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot b/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot
index 8a68dd3..09df77d 100644
--- a/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot
+++ b/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot
@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: BSD-3-Clause OR Artistic-1.0
 #
 # /etc/login.defs - Configuration control definitions for the shadow package.
 #
diff --git a/poky/meta/recipes-extended/shadow/files/pam.d/login b/poky/meta/recipes-extended/shadow/files/pam.d/login
index b340058..d39e09b 100644
--- a/poky/meta/recipes-extended/shadow/files/pam.d/login
+++ b/poky/meta/recipes-extended/shadow/files/pam.d/login
@@ -57,10 +57,6 @@
 # (Replaces the use of /etc/limits in old login)
 session    required   pam_limits.so
 
-# Prints the last login info upon succesful login
-# (Replaces the `LASTLOG_ENAB' option from login.defs)
-session    optional   pam_lastlog.so
-
 # Prints the motd upon succesful login
 # (Replaces the `MOTD_FILE' option in login.defs)
 session    optional   pam_motd.so
diff --git a/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb b/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
index e05fa23..6580bd9 100644
--- a/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
+++ b/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
@@ -3,7 +3,7 @@
 BUGTRACKER = "http://github.com/shadow-maint/shadow/issues"
 SECTION = "base utils"
 LICENSE = "BSD-3-Clause | Artistic-1.0"
-LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;md5=25e2f2de4dfc8f966ac5cdfce45cd7d5"
+LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;endline=1;md5=ceddfb61608e4db87012499555184aed"
 
 DEPENDS = "base-passwd"
 
diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc
index cf05a3a..83e1a84 100644
--- a/poky/meta/recipes-extended/shadow/shadow.inc
+++ b/poky/meta/recipes-extended/shadow/shadow.inc
@@ -65,14 +65,11 @@
                pam-plugin-env \
                pam-plugin-group \
                pam-plugin-limits \
-               pam-plugin-lastlog \
                pam-plugin-motd \
                pam-plugin-mail \
                pam-plugin-shells \
                pam-plugin-rootok"
 
-PAM_PLUGINS:remove:libc-musl = "pam-plugin-lastlog"
-
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
                    ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}"
 PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}"
diff --git a/poky/meta/recipes-extended/shadow/shadow_4.13.bb b/poky/meta/recipes-extended/shadow/shadow_4.13.bb
index d1a3fd5..4e55446 100644
--- a/poky/meta/recipes-extended/shadow/shadow_4.13.bb
+++ b/poky/meta/recipes-extended/shadow/shadow_4.13.bb
@@ -6,9 +6,6 @@
 
 BBCLASSEXTEND = "native nativesdk"
 
-# Severity is low and marked as closed and won't fix.
 # https://bugzilla.redhat.com/show_bug.cgi?id=884658
-CVE_CHECK_IGNORE += "CVE-2013-4235"
-
-# This is an issue for a different shadow
-CVE_CHECK_IGNORE += "CVE-2016-15024"
+CVE_STATUS[CVE-2013-4235] = "upstream-wontfix: Severity is low and marked as closed and won't fix."
+CVE_STATUS[CVE-2016-15024] = "cpe-incorrect: This is an issue for a different shadow"
diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
index 3051e9b..a53663d 100644
--- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -39,8 +39,7 @@
 SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
 SRC_URI[sha256sum] = "036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37"
 
-# Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source
-CVE_CHECK_IGNORE += "CVE-2008-0888"
+CVE_STATUS[CVE-2008-0888] = "fixed-version: Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source"
 
 # exclude version 5.5.2 which triggers a false positive
 UPSTREAM_CHECK_REGEX = "unzip(?P<pver>(?!552).+)\.tgz"
diff --git a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
index c390fcf..72eb1ae 100644
--- a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
+++ b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
@@ -18,7 +18,7 @@
 S = "${WORKDIR}/git"
 
 # https://github.com/xinetd-org/xinetd/pull/10 is merged into this git tree revision
-CVE_CHECK_IGNORE += "CVE-2013-4342"
+CVE_STATUS[CVE-2013-4342] = "fixed-version: Fixed directly in git tree revision"
 
 inherit autotools update-rc.d systemd pkgconfig
 
diff --git a/poky/meta/recipes-extended/zip/zip_3.0.bb b/poky/meta/recipes-extended/zip/zip_3.0.bb
index 8215313..3425e8e 100644
--- a/poky/meta/recipes-extended/zip/zip_3.0.bb
+++ b/poky/meta/recipes-extended/zip/zip_3.0.bb
@@ -26,11 +26,8 @@
 SRC_URI[md5sum] = "7b74551e63f8ee6aab6fbc86676c0d37"
 SRC_URI[sha256sum] = "f0e8bb1f9b7eb0b01285495a2699df3a4b766784c1765a8f1aeedf63c0806369"
 
-# Disputed and also Debian doesn't consider a vulnerability
-CVE_CHECK_IGNORE += "CVE-2018-13410"
-
-# Not for zip but for smart contract implementation for it
-CVE_CHECK_IGNORE += "CVE-2018-13684"
+CVE_STATUS[CVE-2018-13410] = "disputed: Disputed and also Debian doesn't consider a vulnerability"
+CVE_STATUS[CVE-2018-13684] = "cpe-incorrect: Not for zip but for smart contract implementation for it"
 
 # zip.inc sets CFLAGS, but what Makefile actually uses is
 # CFLAGS_NOOPT.  It will also force -O3 optimization, overriding
diff --git a/poky/meta/recipes-gnome/epiphany/epiphany_43.1.bb b/poky/meta/recipes-gnome/epiphany/epiphany_43.1.bb
index ea22723..c97ede4 100644
--- a/poky/meta/recipes-gnome/epiphany/epiphany_43.1.bb
+++ b/poky/meta/recipes-gnome/epiphany/epiphany_43.1.bb
@@ -38,3 +38,6 @@
 
 FILES:${PN} += "${datadir}/dbus-1 ${datadir}/gnome-shell/search-providers ${datadir}/metainfo"
 RDEPENDS:${PN} = "iso-codes adwaita-icon-theme gsettings-desktop-schemas"
+
+# ANGLE requires SSE support as of webkit 2.40.x on 32 bit x86
+COMPATIBLE_HOST:x86 = "${@bb.utils.contains_any('TUNE_FEATURES', 'core2 corei7', '.*', 'null', d)}"
diff --git a/poky/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb b/poky/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb
index 08e9899..6888c33 100644
--- a/poky/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb
+++ b/poky/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb
@@ -33,4 +33,4 @@
 RREPLACES:${PN} += "libnotify3"
 
 # -7381 is specific to the NodeJS bindings
-CVE_CHECK_IGNORE += "CVE-2013-7381"
+CVE_STATUS[CVE-2013-7381] = "cpe-incorrect: The issue is specific to the NodeJS bindings"
diff --git a/poky/meta/recipes-gnome/librsvg/librsvg-crates.inc b/poky/meta/recipes-gnome/librsvg/librsvg-crates.inc
index d73d1ae..8d790c3 100644
--- a/poky/meta/recipes-gnome/librsvg/librsvg-crates.inc
+++ b/poky/meta/recipes-gnome/librsvg/librsvg-crates.inc
@@ -3,13 +3,18 @@
 # from Cargo.lock
 SRC_URI += " \
     crate://crates.io/adler/1.0.2 \
-    crate://crates.io/aho-corasick/0.7.20 \
+    crate://crates.io/aho-corasick/1.0.1 \
+    crate://crates.io/android-tzdata/0.1.1 \
     crate://crates.io/android_system_properties/0.1.5 \
     crate://crates.io/anes/0.1.6 \
-    crate://crates.io/anstyle/0.3.4 \
-    crate://crates.io/anyhow/1.0.69 \
+    crate://crates.io/anstream/0.3.2 \
+    crate://crates.io/anstyle/1.0.0 \
+    crate://crates.io/anstyle-parse/0.2.0 \
+    crate://crates.io/anstyle-query/1.0.0 \
+    crate://crates.io/anstyle-wincon/1.0.1 \
+    crate://crates.io/anyhow/1.0.71 \
     crate://crates.io/approx/0.5.1 \
-    crate://crates.io/assert_cmd/2.0.10 \
+    crate://crates.io/assert_cmd/2.0.11 \
     crate://crates.io/atty/0.2.14 \
     crate://crates.io/autocfg/1.1.0 \
     crate://crates.io/base-x/0.2.11 \
@@ -17,44 +22,41 @@
     crate://crates.io/bit-vec/0.6.3 \
     crate://crates.io/bitflags/1.3.2 \
     crate://crates.io/block/0.1.6 \
-    crate://crates.io/bstr/1.3.0 \
-    crate://crates.io/bumpalo/3.12.0 \
+    crate://crates.io/bstr/1.5.0 \
+    crate://crates.io/bumpalo/3.13.0 \
     crate://crates.io/bytemuck/1.13.1 \
     crate://crates.io/byteorder/1.4.3 \
     crate://crates.io/cairo-rs/0.17.0 \
     crate://crates.io/cairo-sys-rs/0.17.0 \
     crate://crates.io/cast/0.3.0 \
     crate://crates.io/cc/1.0.79 \
-    crate://crates.io/cfg-expr/0.11.0 \
+    crate://crates.io/cfg-expr/0.15.1 \
     crate://crates.io/cfg-if/1.0.0 \
-    crate://crates.io/chrono/0.4.24 \
-    crate://crates.io/ciborium/0.2.0 \
-    crate://crates.io/ciborium-io/0.2.0 \
-    crate://crates.io/ciborium-ll/0.2.0 \
-    crate://crates.io/clap/3.2.23 \
-    crate://crates.io/clap/4.1.9 \
-    crate://crates.io/clap_complete/4.1.5 \
-    crate://crates.io/clap_derive/4.1.9 \
+    crate://crates.io/chrono/0.4.25 \
+    crate://crates.io/ciborium/0.2.1 \
+    crate://crates.io/ciborium-io/0.2.1 \
+    crate://crates.io/ciborium-ll/0.2.1 \
+    crate://crates.io/clap/3.2.25 \
+    crate://crates.io/clap/4.3.0 \
+    crate://crates.io/clap_builder/4.3.0 \
+    crate://crates.io/clap_complete/4.3.0 \
+    crate://crates.io/clap_derive/4.3.0 \
     crate://crates.io/clap_lex/0.2.4 \
-    crate://crates.io/clap_lex/0.3.3 \
-    crate://crates.io/codespan-reporting/0.11.1 \
+    crate://crates.io/clap_lex/0.5.0 \
+    crate://crates.io/colorchoice/1.0.0 \
     crate://crates.io/const-cstr/0.3.0 \
     crate://crates.io/const_fn/0.4.9 \
     crate://crates.io/convert_case/0.4.0 \
-    crate://crates.io/core-foundation-sys/0.8.3 \
+    crate://crates.io/core-foundation-sys/0.8.4 \
     crate://crates.io/crc32fast/1.3.2 \
     crate://crates.io/criterion/0.4.0 \
     crate://crates.io/criterion-plot/0.5.0 \
-    crate://crates.io/crossbeam-channel/0.5.7 \
+    crate://crates.io/crossbeam-channel/0.5.8 \
     crate://crates.io/crossbeam-deque/0.8.3 \
     crate://crates.io/crossbeam-epoch/0.9.14 \
     crate://crates.io/crossbeam-utils/0.8.15 \
     crate://crates.io/cssparser/0.29.6 \
     crate://crates.io/cssparser-macros/0.6.0 \
-    crate://crates.io/cxx/1.0.92 \
-    crate://crates.io/cxx-build/1.0.92 \
-    crate://crates.io/cxxbridge-flags/1.0.92 \
-    crate://crates.io/cxxbridge-macro/1.0.92 \
     crate://crates.io/data-url/0.2.0 \
     crate://crates.io/derive_more/0.99.17 \
     crate://crates.io/difflib/0.4.0 \
@@ -71,30 +73,32 @@
     crate://crates.io/encoding-index-singlebyte/1.20141219.5 \
     crate://crates.io/encoding-index-tradchinese/1.20141219.5 \
     crate://crates.io/encoding_index_tests/0.1.4 \
-    crate://crates.io/errno/0.2.8 \
+    crate://crates.io/encoding_rs/0.8.32 \
+    crate://crates.io/errno/0.3.1 \
     crate://crates.io/errno-dragonfly/0.1.2 \
     crate://crates.io/fastrand/1.9.0 \
-    crate://crates.io/flate2/1.0.25 \
+    crate://crates.io/fdeflate/0.3.0 \
+    crate://crates.io/flate2/1.0.26 \
     crate://crates.io/float-cmp/0.9.0 \
     crate://crates.io/fnv/1.0.7 \
     crate://crates.io/form_urlencoded/1.1.0 \
     crate://crates.io/futf/0.1.5 \
-    crate://crates.io/futures-channel/0.3.27 \
-    crate://crates.io/futures-core/0.3.27 \
-    crate://crates.io/futures-executor/0.3.27 \
-    crate://crates.io/futures-io/0.3.27 \
-    crate://crates.io/futures-macro/0.3.27 \
-    crate://crates.io/futures-task/0.3.27 \
-    crate://crates.io/futures-util/0.3.27 \
+    crate://crates.io/futures-channel/0.3.28 \
+    crate://crates.io/futures-core/0.3.28 \
+    crate://crates.io/futures-executor/0.3.28 \
+    crate://crates.io/futures-io/0.3.28 \
+    crate://crates.io/futures-macro/0.3.28 \
+    crate://crates.io/futures-task/0.3.28 \
+    crate://crates.io/futures-util/0.3.28 \
     crate://crates.io/fxhash/0.2.1 \
     crate://crates.io/gdk-pixbuf/0.17.0 \
     crate://crates.io/gdk-pixbuf-sys/0.17.0 \
     crate://crates.io/getrandom/0.1.16 \
-    crate://crates.io/getrandom/0.2.8 \
-    crate://crates.io/gio/0.17.4 \
+    crate://crates.io/getrandom/0.2.9 \
+    crate://crates.io/gio/0.17.9 \
     crate://crates.io/gio-sys/0.17.4 \
-    crate://crates.io/glib/0.17.5 \
-    crate://crates.io/glib-macros/0.17.5 \
+    crate://crates.io/glib/0.17.9 \
+    crate://crates.io/glib-macros/0.17.9 \
     crate://crates.io/glib-sys/0.17.4 \
     crate://crates.io/gobject-sys/0.17.4 \
     crate://crates.io/half/1.8.2 \
@@ -103,36 +107,35 @@
     crate://crates.io/hermit-abi/0.1.19 \
     crate://crates.io/hermit-abi/0.2.6 \
     crate://crates.io/hermit-abi/0.3.1 \
-    crate://crates.io/iana-time-zone/0.1.53 \
-    crate://crates.io/iana-time-zone-haiku/0.1.1 \
+    crate://crates.io/iana-time-zone/0.1.56 \
+    crate://crates.io/iana-time-zone-haiku/0.1.2 \
     crate://crates.io/idna/0.3.0 \
-    crate://crates.io/indexmap/1.9.2 \
+    crate://crates.io/indexmap/1.9.3 \
     crate://crates.io/instant/0.1.12 \
-    crate://crates.io/io-lifetimes/1.0.7 \
-    crate://crates.io/is-terminal/0.4.4 \
+    crate://crates.io/io-lifetimes/1.0.11 \
+    crate://crates.io/is-terminal/0.4.7 \
     crate://crates.io/itertools/0.10.5 \
     crate://crates.io/itoa/1.0.6 \
-    crate://crates.io/js-sys/0.3.61 \
+    crate://crates.io/js-sys/0.3.63 \
     crate://crates.io/language-tags/0.3.2 \
     crate://crates.io/lazy_static/1.4.0 \
-    crate://crates.io/libc/0.2.140 \
+    crate://crates.io/libc/0.2.144 \
     crate://crates.io/libloading/0.7.4 \
-    crate://crates.io/libm/0.2.6 \
-    crate://crates.io/link-cplusplus/1.0.8 \
+    crate://crates.io/libm/0.2.7 \
     crate://crates.io/linked-hash-map/0.5.6 \
-    crate://crates.io/linux-raw-sys/0.1.4 \
+    crate://crates.io/linux-raw-sys/0.3.8 \
     crate://crates.io/locale_config/0.3.0 \
     crate://crates.io/lock_api/0.4.9 \
-    crate://crates.io/log/0.4.17 \
+    crate://crates.io/log/0.4.18 \
     crate://crates.io/lopdf/0.29.0 \
     crate://crates.io/mac/0.1.1 \
     crate://crates.io/malloc_buf/0.0.6 \
     crate://crates.io/markup5ever/0.11.0 \
     crate://crates.io/matches/0.1.10 \
-    crate://crates.io/matrixmultiply/0.3.2 \
+    crate://crates.io/matrixmultiply/0.3.7 \
     crate://crates.io/memchr/2.5.0 \
     crate://crates.io/memoffset/0.8.0 \
-    crate://crates.io/miniz_oxide/0.6.2 \
+    crate://crates.io/miniz_oxide/0.7.1 \
     crate://crates.io/nalgebra/0.32.2 \
     crate://crates.io/nalgebra-macros/0.2.0 \
     crate://crates.io/new_debug_unreachable/1.0.4 \
@@ -146,9 +149,9 @@
     crate://crates.io/objc/0.2.7 \
     crate://crates.io/objc-foundation/0.1.1 \
     crate://crates.io/objc_id/0.1.1 \
-    crate://crates.io/once_cell/1.17.1 \
+    crate://crates.io/once_cell/1.17.2 \
     crate://crates.io/oorandom/11.1.3 \
-    crate://crates.io/os_str_bytes/6.4.1 \
+    crate://crates.io/os_str_bytes/6.5.0 \
     crate://crates.io/pango/0.17.4 \
     crate://crates.io/pango-sys/0.17.0 \
     crate://crates.io/pangocairo/0.17.0 \
@@ -168,27 +171,26 @@
     crate://crates.io/phf_shared/0.10.0 \
     crate://crates.io/pin-project-lite/0.2.9 \
     crate://crates.io/pin-utils/0.1.0 \
-    crate://crates.io/pkg-config/0.3.26 \
+    crate://crates.io/pkg-config/0.3.27 \
     crate://crates.io/plotters/0.3.4 \
     crate://crates.io/plotters-backend/0.3.4 \
     crate://crates.io/plotters-svg/0.3.3 \
-    crate://crates.io/png/0.17.7 \
+    crate://crates.io/png/0.17.8 \
     crate://crates.io/pom/3.2.0 \
     crate://crates.io/ppv-lite86/0.2.17 \
     crate://crates.io/precomputed-hash/0.1.1 \
     crate://crates.io/predicates/2.1.5 \
-    crate://crates.io/predicates/3.0.1 \
+    crate://crates.io/predicates/3.0.3 \
     crate://crates.io/predicates-core/1.0.6 \
     crate://crates.io/predicates-tree/1.0.9 \
     crate://crates.io/proc-macro-crate/1.3.1 \
     crate://crates.io/proc-macro-error/1.0.4 \
     crate://crates.io/proc-macro-error-attr/1.0.4 \
     crate://crates.io/proc-macro-hack/0.5.20+deprecated \
-    crate://crates.io/proc-macro2/1.0.52 \
-    crate://crates.io/proptest/1.1.0 \
+    crate://crates.io/proc-macro2/1.0.59 \
+    crate://crates.io/proptest/1.2.0 \
     crate://crates.io/quick-error/1.2.3 \
-    crate://crates.io/quick-error/2.0.1 \
-    crate://crates.io/quote/1.0.26 \
+    crate://crates.io/quote/1.0.28 \
     crate://crates.io/rand/0.7.3 \
     crate://crates.io/rand/0.8.5 \
     crate://crates.io/rand_chacha/0.2.2 \
@@ -203,30 +205,33 @@
     crate://crates.io/rayon-core/1.11.0 \
     crate://crates.io/rctree/0.5.0 \
     crate://crates.io/redox_syscall/0.2.16 \
-    crate://crates.io/regex/1.7.1 \
+    crate://crates.io/redox_syscall/0.3.5 \
+    crate://crates.io/regex/1.8.3 \
     crate://crates.io/regex-automata/0.1.10 \
-    crate://crates.io/regex-syntax/0.6.28 \
+    crate://crates.io/regex-syntax/0.6.29 \
+    crate://crates.io/regex-syntax/0.7.2 \
     crate://crates.io/rgb/0.8.36 \
     crate://crates.io/rustc_version/0.2.3 \
     crate://crates.io/rustc_version/0.4.0 \
-    crate://crates.io/rustix/0.36.9 \
+    crate://crates.io/rustix/0.37.19 \
     crate://crates.io/rusty-fork/0.3.0 \
     crate://crates.io/ryu/1.0.13 \
     crate://crates.io/safe_arch/0.6.0 \
     crate://crates.io/same-file/1.0.6 \
     crate://crates.io/scopeguard/1.1.0 \
-    crate://crates.io/scratch/1.0.5 \
     crate://crates.io/selectors/0.24.0 \
     crate://crates.io/semver/0.9.0 \
     crate://crates.io/semver/1.0.17 \
     crate://crates.io/semver-parser/0.7.0 \
-    crate://crates.io/serde/1.0.156 \
-    crate://crates.io/serde_derive/1.0.156 \
-    crate://crates.io/serde_json/1.0.94 \
+    crate://crates.io/serde/1.0.163 \
+    crate://crates.io/serde_derive/1.0.163 \
+    crate://crates.io/serde_json/1.0.96 \
+    crate://crates.io/serde_spanned/0.6.2 \
     crate://crates.io/servo_arc/0.2.0 \
     crate://crates.io/sha1/0.6.1 \
     crate://crates.io/sha1_smol/1.0.0 \
-    crate://crates.io/simba/0.8.0 \
+    crate://crates.io/simba/0.8.1 \
+    crate://crates.io/simd-adler32/0.3.5 \
     crate://crates.io/siphasher/0.3.10 \
     crate://crates.io/slab/0.4.8 \
     crate://crates.io/smallvec/1.10.0 \
@@ -240,72 +245,87 @@
     crate://crates.io/string_cache_codegen/0.5.2 \
     crate://crates.io/strsim/0.10.0 \
     crate://crates.io/syn/1.0.109 \
-    crate://crates.io/system-deps/6.0.3 \
-    crate://crates.io/tempfile/3.4.0 \
+    crate://crates.io/syn/2.0.18 \
+    crate://crates.io/system-deps/6.1.0 \
+    crate://crates.io/target-lexicon/0.12.7 \
+    crate://crates.io/tempfile/3.5.0 \
     crate://crates.io/tendril/0.4.3 \
-    crate://crates.io/termcolor/1.2.0 \
     crate://crates.io/termtree/0.4.1 \
     crate://crates.io/textwrap/0.16.0 \
-    crate://crates.io/thiserror/1.0.39 \
-    crate://crates.io/thiserror-impl/1.0.39 \
+    crate://crates.io/thiserror/1.0.40 \
+    crate://crates.io/thiserror-impl/1.0.40 \
     crate://crates.io/time/0.2.27 \
     crate://crates.io/time-macros/0.1.1 \
     crate://crates.io/time-macros-impl/0.1.2 \
     crate://crates.io/tinytemplate/1.2.1 \
     crate://crates.io/tinyvec/1.6.0 \
     crate://crates.io/tinyvec_macros/0.1.1 \
-    crate://crates.io/toml/0.5.11 \
-    crate://crates.io/toml_datetime/0.6.1 \
-    crate://crates.io/toml_edit/0.19.7 \
+    crate://crates.io/toml/0.7.4 \
+    crate://crates.io/toml_datetime/0.6.2 \
+    crate://crates.io/toml_edit/0.19.10 \
     crate://crates.io/typenum/1.16.0 \
     crate://crates.io/unarray/0.1.4 \
-    crate://crates.io/unicode-bidi/0.3.11 \
-    crate://crates.io/unicode-ident/1.0.8 \
+    crate://crates.io/unicode-bidi/0.3.13 \
+    crate://crates.io/unicode-ident/1.0.9 \
     crate://crates.io/unicode-normalization/0.1.22 \
-    crate://crates.io/unicode-width/0.1.10 \
     crate://crates.io/url/2.3.1 \
     crate://crates.io/utf-8/0.7.6 \
+    crate://crates.io/utf8parse/0.2.1 \
     crate://crates.io/version-compare/0.1.1 \
     crate://crates.io/version_check/0.9.4 \
     crate://crates.io/wait-timeout/0.2.0 \
     crate://crates.io/walkdir/2.3.3 \
     crate://crates.io/wasi/0.9.0+wasi-snapshot-preview1 \
     crate://crates.io/wasi/0.11.0+wasi-snapshot-preview1 \
-    crate://crates.io/wasm-bindgen/0.2.84 \
-    crate://crates.io/wasm-bindgen-backend/0.2.84 \
-    crate://crates.io/wasm-bindgen-macro/0.2.84 \
-    crate://crates.io/wasm-bindgen-macro-support/0.2.84 \
-    crate://crates.io/wasm-bindgen-shared/0.2.84 \
-    crate://crates.io/web-sys/0.3.61 \
+    crate://crates.io/wasm-bindgen/0.2.86 \
+    crate://crates.io/wasm-bindgen-backend/0.2.86 \
+    crate://crates.io/wasm-bindgen-macro/0.2.86 \
+    crate://crates.io/wasm-bindgen-macro-support/0.2.86 \
+    crate://crates.io/wasm-bindgen-shared/0.2.86 \
+    crate://crates.io/web-sys/0.3.63 \
     crate://crates.io/weezl/0.1.7 \
-    crate://crates.io/wide/0.7.8 \
+    crate://crates.io/wide/0.7.9 \
     crate://crates.io/winapi/0.3.9 \
     crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
     crate://crates.io/winapi-util/0.1.5 \
     crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
-    crate://crates.io/windows-sys/0.42.0 \
+    crate://crates.io/windows/0.48.0 \
     crate://crates.io/windows-sys/0.45.0 \
+    crate://crates.io/windows-sys/0.48.0 \
     crate://crates.io/windows-targets/0.42.2 \
+    crate://crates.io/windows-targets/0.48.0 \
     crate://crates.io/windows_aarch64_gnullvm/0.42.2 \
+    crate://crates.io/windows_aarch64_gnullvm/0.48.0 \
     crate://crates.io/windows_aarch64_msvc/0.42.2 \
+    crate://crates.io/windows_aarch64_msvc/0.48.0 \
     crate://crates.io/windows_i686_gnu/0.42.2 \
+    crate://crates.io/windows_i686_gnu/0.48.0 \
     crate://crates.io/windows_i686_msvc/0.42.2 \
+    crate://crates.io/windows_i686_msvc/0.48.0 \
     crate://crates.io/windows_x86_64_gnu/0.42.2 \
+    crate://crates.io/windows_x86_64_gnu/0.48.0 \
     crate://crates.io/windows_x86_64_gnullvm/0.42.2 \
+    crate://crates.io/windows_x86_64_gnullvm/0.48.0 \
     crate://crates.io/windows_x86_64_msvc/0.42.2 \
-    crate://crates.io/winnow/0.3.6 \
+    crate://crates.io/windows_x86_64_msvc/0.48.0 \
+    crate://crates.io/winnow/0.4.6 \
     crate://crates.io/xml5ever/0.17.0 \
     crate://crates.io/yeslogic-fontconfig-sys/4.0.1 \
 "
 
 SRC_URI[adler-1.0.2.sha256sum] = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
-SRC_URI[aho-corasick-0.7.20.sha256sum] = "cc936419f96fa211c1b9166887b38e5e40b19958e5b895be7c1f93adec7071ac"
+SRC_URI[aho-corasick-1.0.1.sha256sum] = "67fc08ce920c31afb70f013dcce1bfc3a3195de6a228474e45e1f145b36f8d04"
+SRC_URI[android-tzdata-0.1.1.sha256sum] = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0"
 SRC_URI[android_system_properties-0.1.5.sha256sum] = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
 SRC_URI[anes-0.1.6.sha256sum] = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299"
-SRC_URI[anstyle-0.3.4.sha256sum] = "1ba0b55c2201aa802adb684e7963ce2c3191675629e7df899774331e3ac747cf"
-SRC_URI[anyhow-1.0.69.sha256sum] = "224afbd727c3d6e4b90103ece64b8d1b67fbb1973b1046c2281eed3f3803f800"
+SRC_URI[anstream-0.3.2.sha256sum] = "0ca84f3628370c59db74ee214b3263d58f9aadd9b4fe7e711fd87dc452b7f163"
+SRC_URI[anstyle-1.0.0.sha256sum] = "41ed9a86bf92ae6580e0a31281f65a1b1d867c0cc68d5346e2ae128dddfa6a7d"
+SRC_URI[anstyle-parse-0.2.0.sha256sum] = "e765fd216e48e067936442276d1d57399e37bce53c264d6fefbe298080cb57ee"
+SRC_URI[anstyle-query-1.0.0.sha256sum] = "5ca11d4be1bab0c8bc8734a9aa7bf4ee8316d462a08c6ac5052f888fef5b494b"
+SRC_URI[anstyle-wincon-1.0.1.sha256sum] = "180abfa45703aebe0093f79badacc01b8fd4ea2e35118747e5811127f926e188"
+SRC_URI[anyhow-1.0.71.sha256sum] = "9c7d0618f0e0b7e8ff11427422b64564d5fb0be1940354bfe2e0529b18a9d9b8"
 SRC_URI[approx-0.5.1.sha256sum] = "cab112f0a86d568ea0e627cc1d6be74a1e9cd55214684db5561995f6dad897c6"
-SRC_URI[assert_cmd-2.0.10.sha256sum] = "ec0b2340f55d9661d76793b2bfc2eb0e62689bd79d067a95707ea762afd5e9dd"
+SRC_URI[assert_cmd-2.0.11.sha256sum] = "86d6b683edf8d1119fe420a94f8a7e389239666aa72e65495d91c00462510151"
 SRC_URI[atty-0.2.14.sha256sum] = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
 SRC_URI[autocfg-1.1.0.sha256sum] = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
 SRC_URI[base-x-0.2.11.sha256sum] = "4cbbc9d0964165b47557570cce6c952866c2678457aca742aafc9fb771d30270"
@@ -313,44 +333,41 @@
 SRC_URI[bit-vec-0.6.3.sha256sum] = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb"
 SRC_URI[bitflags-1.3.2.sha256sum] = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
 SRC_URI[block-0.1.6.sha256sum] = "0d8c1fef690941d3e7788d328517591fecc684c084084702d6ff1641e993699a"
-SRC_URI[bstr-1.3.0.sha256sum] = "5ffdb39cb703212f3c11973452c2861b972f757b021158f3516ba10f2fa8b2c1"
-SRC_URI[bumpalo-3.12.0.sha256sum] = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535"
+SRC_URI[bstr-1.5.0.sha256sum] = "a246e68bb43f6cd9db24bea052a53e40405417c5fb372e3d1a8a7f770a564ef5"
+SRC_URI[bumpalo-3.13.0.sha256sum] = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1"
 SRC_URI[bytemuck-1.13.1.sha256sum] = "17febce684fd15d89027105661fec94afb475cb995fbc59d2865198446ba2eea"
 SRC_URI[byteorder-1.4.3.sha256sum] = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
 SRC_URI[cairo-rs-0.17.0.sha256sum] = "a8af54f5d48af1226928adc1f57edd22f5df1349e7da1fc96ae15cf43db0e871"
 SRC_URI[cairo-sys-rs-0.17.0.sha256sum] = "f55382a01d30e5e53f185eee269124f5e21ab526595b872751278dfbb463594e"
 SRC_URI[cast-0.3.0.sha256sum] = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5"
 SRC_URI[cc-1.0.79.sha256sum] = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
-SRC_URI[cfg-expr-0.11.0.sha256sum] = "b0357a6402b295ca3a86bc148e84df46c02e41f41fef186bda662557ef6328aa"
+SRC_URI[cfg-expr-0.15.1.sha256sum] = "c8790cf1286da485c72cf5fc7aeba308438800036ec67d89425924c4807268c9"
 SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
-SRC_URI[chrono-0.4.24.sha256sum] = "4e3c5919066adf22df73762e50cffcde3a758f2a848b113b586d1f86728b673b"
-SRC_URI[ciborium-0.2.0.sha256sum] = "b0c137568cc60b904a7724001b35ce2630fd00d5d84805fbb608ab89509d788f"
-SRC_URI[ciborium-io-0.2.0.sha256sum] = "346de753af073cc87b52b2083a506b38ac176a44cfb05497b622e27be899b369"
-SRC_URI[ciborium-ll-0.2.0.sha256sum] = "213030a2b5a4e0c0892b6652260cf6ccac84827b83a85a534e178e3906c4cf1b"
-SRC_URI[clap-3.2.23.sha256sum] = "71655c45cb9845d3270c9d6df84ebe72b4dad3c2ba3f7023ad47c144e4e473a5"
-SRC_URI[clap-4.1.9.sha256sum] = "9a9d6ada83c1edcce028902ea27dd929069c70df4c7600b131b4d9a1ad2879cc"
-SRC_URI[clap_complete-4.1.5.sha256sum] = "37686beaba5ac9f3ab01ee3172f792fc6ffdd685bfb9e63cfef02c0571a4e8e1"
-SRC_URI[clap_derive-4.1.9.sha256sum] = "fddf67631444a3a3e3e5ac51c36a5e01335302de677bd78759eaa90ab1f46644"
+SRC_URI[chrono-0.4.25.sha256sum] = "fdbc37d37da9e5bce8173f3a41b71d9bf3c674deebbaceacd0ebdabde76efb03"
+SRC_URI[ciborium-0.2.1.sha256sum] = "effd91f6c78e5a4ace8a5d3c0b6bfaec9e2baaef55f3efc00e45fb2e477ee926"
+SRC_URI[ciborium-io-0.2.1.sha256sum] = "cdf919175532b369853f5d5e20b26b43112613fd6fe7aee757e35f7a44642656"
+SRC_URI[ciborium-ll-0.2.1.sha256sum] = "defaa24ecc093c77630e6c15e17c51f5e187bf35ee514f4e2d67baaa96dae22b"
+SRC_URI[clap-3.2.25.sha256sum] = "4ea181bf566f71cb9a5d17a59e1871af638180a18fb0035c92ae62b705207123"
+SRC_URI[clap-4.3.0.sha256sum] = "93aae7a4192245f70fe75dd9157fc7b4a5bf53e88d30bd4396f7d8f9284d5acc"
+SRC_URI[clap_builder-4.3.0.sha256sum] = "4f423e341edefb78c9caba2d9c7f7687d0e72e89df3ce3394554754393ac3990"
+SRC_URI[clap_complete-4.3.0.sha256sum] = "a04ddfaacc3bc9e6ea67d024575fafc2a813027cf374b8f24f7bc233c6b6be12"
+SRC_URI[clap_derive-4.3.0.sha256sum] = "191d9573962933b4027f932c600cd252ce27a8ad5979418fe78e43c07996f27b"
 SRC_URI[clap_lex-0.2.4.sha256sum] = "2850f2f5a82cbf437dd5af4d49848fbdfc27c157c3d010345776f952765261c5"
-SRC_URI[clap_lex-0.3.3.sha256sum] = "033f6b7a4acb1f358c742aaca805c939ee73b4c6209ae4318ec7aca81c42e646"
-SRC_URI[codespan-reporting-0.11.1.sha256sum] = "3538270d33cc669650c4b093848450d380def10c331d38c768e34cac80576e6e"
+SRC_URI[clap_lex-0.5.0.sha256sum] = "2da6da31387c7e4ef160ffab6d5e7f00c42626fe39aea70a7b0f1773f7dd6c1b"
+SRC_URI[colorchoice-1.0.0.sha256sum] = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7"
 SRC_URI[const-cstr-0.3.0.sha256sum] = "ed3d0b5ff30645a68f35ece8cea4556ca14ef8a1651455f789a099a0513532a6"
 SRC_URI[const_fn-0.4.9.sha256sum] = "fbdcdcb6d86f71c5e97409ad45898af11cbc995b4ee8112d59095a28d376c935"
 SRC_URI[convert_case-0.4.0.sha256sum] = "6245d59a3e82a7fc217c5828a6692dbc6dfb63a0c8c90495621f7b9d79704a0e"
-SRC_URI[core-foundation-sys-0.8.3.sha256sum] = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
+SRC_URI[core-foundation-sys-0.8.4.sha256sum] = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa"
 SRC_URI[crc32fast-1.3.2.sha256sum] = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d"
 SRC_URI[criterion-0.4.0.sha256sum] = "e7c76e09c1aae2bc52b3d2f29e13c6572553b30c4aa1b8a49fd70de6412654cb"
 SRC_URI[criterion-plot-0.5.0.sha256sum] = "6b50826342786a51a89e2da3a28f1c32b06e387201bc2d19791f622c673706b1"
-SRC_URI[crossbeam-channel-0.5.7.sha256sum] = "cf2b3e8478797446514c91ef04bafcb59faba183e621ad488df88983cc14128c"
+SRC_URI[crossbeam-channel-0.5.8.sha256sum] = "a33c2bf77f2df06183c3aa30d1e96c0695a313d4f9c453cc3762a6db39f99200"
 SRC_URI[crossbeam-deque-0.8.3.sha256sum] = "ce6fd6f855243022dcecf8702fef0c297d4338e226845fe067f6341ad9fa0cef"
 SRC_URI[crossbeam-epoch-0.9.14.sha256sum] = "46bd5f3f85273295a9d14aedfb86f6aadbff6d8f5295c4a9edb08e819dcf5695"
 SRC_URI[crossbeam-utils-0.8.15.sha256sum] = "3c063cd8cc95f5c377ed0d4b49a4b21f632396ff690e8470c29b3359b346984b"
 SRC_URI[cssparser-0.29.6.sha256sum] = "f93d03419cb5950ccfd3daf3ff1c7a36ace64609a1a8746d493df1ca0afde0fa"
 SRC_URI[cssparser-macros-0.6.0.sha256sum] = "dfae75de57f2b2e85e8768c3ea840fd159c8f33e2b6522c7835b7abac81be16e"
-SRC_URI[cxx-1.0.92.sha256sum] = "9a140f260e6f3f79013b8bfc65e7ce630c9ab4388c6a89c71e07226f49487b72"
-SRC_URI[cxx-build-1.0.92.sha256sum] = "da6383f459341ea689374bf0a42979739dc421874f112ff26f829b8040b8e613"
-SRC_URI[cxxbridge-flags-1.0.92.sha256sum] = "90201c1a650e95ccff1c8c0bb5a343213bdd317c6e600a93075bca2eff54ec97"
-SRC_URI[cxxbridge-macro-1.0.92.sha256sum] = "0b75aed41bb2e6367cae39e6326ef817a851db13c13e4f3263714ca3cfb8de56"
 SRC_URI[data-url-0.2.0.sha256sum] = "8d7439c3735f405729d52c3fbbe4de140eaf938a1fe47d227c27f8254d4302a5"
 SRC_URI[derive_more-0.99.17.sha256sum] = "4fb810d30a7c1953f91334de7244731fc3f3c10d7fe163338a35b9f640960321"
 SRC_URI[difflib-0.4.0.sha256sum] = "6184e33543162437515c2e2b48714794e37845ec9851711914eec9d308f6ebe8"
@@ -367,30 +384,32 @@
 SRC_URI[encoding-index-singlebyte-1.20141219.5.sha256sum] = "3351d5acffb224af9ca265f435b859c7c01537c0849754d3db3fdf2bfe2ae84a"
 SRC_URI[encoding-index-tradchinese-1.20141219.5.sha256sum] = "fd0e20d5688ce3cab59eb3ef3a2083a5c77bf496cb798dc6fcdb75f323890c18"
 SRC_URI[encoding_index_tests-0.1.4.sha256sum] = "a246d82be1c9d791c5dfde9a2bd045fc3cbba3fa2b11ad558f27d01712f00569"
-SRC_URI[errno-0.2.8.sha256sum] = "f639046355ee4f37944e44f60642c6f3a7efa3cf6b78c78a0d989a8ce6c396a1"
+SRC_URI[encoding_rs-0.8.32.sha256sum] = "071a31f4ee85403370b58aca746f01041ede6f0da2730960ad001edc2b71b394"
+SRC_URI[errno-0.3.1.sha256sum] = "4bcfec3a70f97c962c307b2d2c56e358cf1d00b558d74262b5f929ee8cc7e73a"
 SRC_URI[errno-dragonfly-0.1.2.sha256sum] = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf"
 SRC_URI[fastrand-1.9.0.sha256sum] = "e51093e27b0797c359783294ca4f0a911c270184cb10f85783b118614a1501be"
-SRC_URI[flate2-1.0.25.sha256sum] = "a8a2db397cb1c8772f31494cb8917e48cd1e64f0fa7efac59fbd741a0a8ce841"
+SRC_URI[fdeflate-0.3.0.sha256sum] = "d329bdeac514ee06249dabc27877490f17f5d371ec693360768b838e19f3ae10"
+SRC_URI[flate2-1.0.26.sha256sum] = "3b9429470923de8e8cbd4d2dc513535400b4b3fef0319fb5c4e1f520a7bef743"
 SRC_URI[float-cmp-0.9.0.sha256sum] = "98de4bbd547a563b716d8dfa9aad1cb19bfab00f4fa09a6a4ed21dbcf44ce9c4"
 SRC_URI[fnv-1.0.7.sha256sum] = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
 SRC_URI[form_urlencoded-1.1.0.sha256sum] = "a9c384f161156f5260c24a097c56119f9be8c798586aecc13afbcbe7b7e26bf8"
 SRC_URI[futf-0.1.5.sha256sum] = "df420e2e84819663797d1ec6544b13c5be84629e7bb00dc960d6917db2987843"
-SRC_URI[futures-channel-0.3.27.sha256sum] = "164713a5a0dcc3e7b4b1ed7d3b433cabc18025386f9339346e8daf15963cf7ac"
-SRC_URI[futures-core-0.3.27.sha256sum] = "86d7a0c1aa76363dac491de0ee99faf6941128376f1cf96f07db7603b7de69dd"
-SRC_URI[futures-executor-0.3.27.sha256sum] = "1997dd9df74cdac935c76252744c1ed5794fac083242ea4fe77ef3ed60ba0f83"
-SRC_URI[futures-io-0.3.27.sha256sum] = "89d422fa3cbe3b40dca574ab087abb5bc98258ea57eea3fd6f1fa7162c778b91"
-SRC_URI[futures-macro-0.3.27.sha256sum] = "3eb14ed937631bd8b8b8977f2c198443447a8355b6e3ca599f38c975e5a963b6"
-SRC_URI[futures-task-0.3.27.sha256sum] = "fd65540d33b37b16542a0438c12e6aeead10d4ac5d05bd3f805b8f35ab592879"
-SRC_URI[futures-util-0.3.27.sha256sum] = "3ef6b17e481503ec85211fed8f39d1970f128935ca1f814cd32ac4a6842e84ab"
+SRC_URI[futures-channel-0.3.28.sha256sum] = "955518d47e09b25bbebc7a18df10b81f0c766eaf4c4f1cccef2fca5f2a4fb5f2"
+SRC_URI[futures-core-0.3.28.sha256sum] = "4bca583b7e26f571124fe5b7561d49cb2868d79116cfa0eefce955557c6fee8c"
+SRC_URI[futures-executor-0.3.28.sha256sum] = "ccecee823288125bd88b4d7f565c9e58e41858e47ab72e8ea2d64e93624386e0"
+SRC_URI[futures-io-0.3.28.sha256sum] = "4fff74096e71ed47f8e023204cfd0aa1289cd54ae5430a9523be060cdb849964"
+SRC_URI[futures-macro-0.3.28.sha256sum] = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72"
+SRC_URI[futures-task-0.3.28.sha256sum] = "76d3d132be6c0e6aa1534069c705a74a5997a356c0dc2f86a47765e5617c5b65"
+SRC_URI[futures-util-0.3.28.sha256sum] = "26b01e40b772d54cf6c6d721c1d1abd0647a0106a12ecaa1c186273392a69533"
 SRC_URI[fxhash-0.2.1.sha256sum] = "c31b6d751ae2c7f11320402d34e41349dd1016f8d5d45e48c4312bc8625af50c"
 SRC_URI[gdk-pixbuf-0.17.0.sha256sum] = "b023fbe0c6b407bd3d9805d107d9800da3829dc5a676653210f1d5f16d7f59bf"
 SRC_URI[gdk-pixbuf-sys-0.17.0.sha256sum] = "7b41bd2b44ed49d99277d3925652a163038bd5ed943ec9809338ffb2f4391e3b"
 SRC_URI[getrandom-0.1.16.sha256sum] = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce"
-SRC_URI[getrandom-0.2.8.sha256sum] = "c05aeb6a22b8f62540c194aac980f2115af067bfe15a0734d7277a768d396b31"
-SRC_URI[gio-0.17.4.sha256sum] = "2261a3b4e922ec676d1c27ac466218c38cf5dcb49a759129e54bb5046e442125"
+SRC_URI[getrandom-0.2.9.sha256sum] = "c85e1d9ab2eadba7e5040d4e09cbd6d072b76a557ad64e797c2cb9d4da21d7e4"
+SRC_URI[gio-0.17.9.sha256sum] = "d14522e56c6bcb6f7a3aebc25cbcfb06776af4c0c25232b601b4383252d7cb92"
 SRC_URI[gio-sys-0.17.4.sha256sum] = "6b1d43b0d7968b48455244ecafe41192871257f5740aa6b095eb19db78e362a5"
-SRC_URI[glib-0.17.5.sha256sum] = "cfb53061756195d76969292c2d2e329e01259276524a9bae6c9b73af62854773"
-SRC_URI[glib-macros-0.17.5.sha256sum] = "454924cafe58d9174dc32972261fe271d6cd3c10f5e9ff505522a28dcf601a40"
+SRC_URI[glib-0.17.9.sha256sum] = "a7f1de7cbde31ea4f0a919453a2dcece5d54d5b70e08f8ad254dc4840f5f09b6"
+SRC_URI[glib-macros-0.17.9.sha256sum] = "0a7206c5c03851ef126ea1444990e81fdd6765fb799d5bc694e4897ca01bb97f"
 SRC_URI[glib-sys-0.17.4.sha256sum] = "49f00ad0a1bf548e61adfff15d83430941d9e1bb620e334f779edd1c745680a5"
 SRC_URI[gobject-sys-0.17.4.sha256sum] = "15e75b0000a64632b2d8ca3cf856af9308e3a970844f6e9659bd197f026793d0"
 SRC_URI[half-1.8.2.sha256sum] = "eabb4a44450da02c90444cf74558da904edde8fb4e9035a9a6a4e15445af0bd7"
@@ -399,36 +418,35 @@
 SRC_URI[hermit-abi-0.1.19.sha256sum] = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33"
 SRC_URI[hermit-abi-0.2.6.sha256sum] = "ee512640fe35acbfb4bb779db6f0d80704c2cacfa2e39b601ef3e3f47d1ae4c7"
 SRC_URI[hermit-abi-0.3.1.sha256sum] = "fed44880c466736ef9a5c5b5facefb5ed0785676d0c02d612db14e54f0d84286"
-SRC_URI[iana-time-zone-0.1.53.sha256sum] = "64c122667b287044802d6ce17ee2ddf13207ed924c712de9a66a5814d5b64765"
-SRC_URI[iana-time-zone-haiku-0.1.1.sha256sum] = "0703ae284fc167426161c2e3f1da3ea71d94b21bedbcc9494e92b28e334e3dca"
+SRC_URI[iana-time-zone-0.1.56.sha256sum] = "0722cd7114b7de04316e7ea5456a0bbb20e4adb46fd27a3697adb812cff0f37c"
+SRC_URI[iana-time-zone-haiku-0.1.2.sha256sum] = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f"
 SRC_URI[idna-0.3.0.sha256sum] = "e14ddfc70884202db2244c223200c204c2bda1bc6e0998d11b5e024d657209e6"
-SRC_URI[indexmap-1.9.2.sha256sum] = "1885e79c1fc4b10f0e172c475f458b7f7b93061064d98c3293e98c5ba0c8b399"
+SRC_URI[indexmap-1.9.3.sha256sum] = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99"
 SRC_URI[instant-0.1.12.sha256sum] = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c"
-SRC_URI[io-lifetimes-1.0.7.sha256sum] = "76e86b86ae312accbf05ade23ce76b625e0e47a255712b7414037385a1c05380"
-SRC_URI[is-terminal-0.4.4.sha256sum] = "21b6b32576413a8e69b90e952e4a026476040d81017b80445deda5f2d3921857"
+SRC_URI[io-lifetimes-1.0.11.sha256sum] = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2"
+SRC_URI[is-terminal-0.4.7.sha256sum] = "adcf93614601c8129ddf72e2d5633df827ba6551541c6d8c59520a371475be1f"
 SRC_URI[itertools-0.10.5.sha256sum] = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473"
 SRC_URI[itoa-1.0.6.sha256sum] = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6"
-SRC_URI[js-sys-0.3.61.sha256sum] = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730"
+SRC_URI[js-sys-0.3.63.sha256sum] = "2f37a4a5928311ac501dee68b3c7613a1037d0edb30c8e5427bd832d55d1b790"
 SRC_URI[language-tags-0.3.2.sha256sum] = "d4345964bb142484797b161f473a503a434de77149dd8c7427788c6e13379388"
 SRC_URI[lazy_static-1.4.0.sha256sum] = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
-SRC_URI[libc-0.2.140.sha256sum] = "99227334921fae1a979cf0bfdfcc6b3e5ce376ef57e16fb6fb3ea2ed6095f80c"
+SRC_URI[libc-0.2.144.sha256sum] = "2b00cc1c228a6782d0f076e7b232802e0c5689d41bb5df366f2a6b6621cfdfe1"
 SRC_URI[libloading-0.7.4.sha256sum] = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f"
-SRC_URI[libm-0.2.6.sha256sum] = "348108ab3fba42ec82ff6e9564fc4ca0247bdccdc68dd8af9764bbc79c3c8ffb"
-SRC_URI[link-cplusplus-1.0.8.sha256sum] = "ecd207c9c713c34f95a097a5b029ac2ce6010530c7b49d7fea24d977dede04f5"
+SRC_URI[libm-0.2.7.sha256sum] = "f7012b1bbb0719e1097c47611d3898568c546d597c2e74d66f6087edd5233ff4"
 SRC_URI[linked-hash-map-0.5.6.sha256sum] = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f"
-SRC_URI[linux-raw-sys-0.1.4.sha256sum] = "f051f77a7c8e6957c0696eac88f26b0117e54f52d3fc682ab19397a8812846a4"
+SRC_URI[linux-raw-sys-0.3.8.sha256sum] = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519"
 SRC_URI[locale_config-0.3.0.sha256sum] = "08d2c35b16f4483f6c26f0e4e9550717a2f6575bcd6f12a53ff0c490a94a6934"
 SRC_URI[lock_api-0.4.9.sha256sum] = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df"
-SRC_URI[log-0.4.17.sha256sum] = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
+SRC_URI[log-0.4.18.sha256sum] = "518ef76f2f87365916b142844c16d8fefd85039bc5699050210a7778ee1cd1de"
 SRC_URI[lopdf-0.29.0.sha256sum] = "de0f69c40d6dbc68ebac4bf5aec3d9978e094e22e29fcabd045acd9cec74a9dc"
 SRC_URI[mac-0.1.1.sha256sum] = "c41e0c4fef86961ac6d6f8a82609f55f31b05e4fce149ac5710e439df7619ba4"
 SRC_URI[malloc_buf-0.0.6.sha256sum] = "62bb907fe88d54d8d9ce32a3cceab4218ed2f6b7d35617cafe9adf84e43919cb"
 SRC_URI[markup5ever-0.11.0.sha256sum] = "7a2629bb1404f3d34c2e921f21fd34ba00b206124c81f65c50b43b6aaefeb016"
 SRC_URI[matches-0.1.10.sha256sum] = "2532096657941c2fea9c289d370a250971c689d4f143798ff67113ec042024a5"
-SRC_URI[matrixmultiply-0.3.2.sha256sum] = "add85d4dd35074e6fedc608f8c8f513a3548619a9024b751949ef0e8e45a4d84"
+SRC_URI[matrixmultiply-0.3.7.sha256sum] = "090126dc04f95dc0d1c1c91f61bdd474b3930ca064c1edc8a849da2c6cbe1e77"
 SRC_URI[memchr-2.5.0.sha256sum] = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
 SRC_URI[memoffset-0.8.0.sha256sum] = "d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1"
-SRC_URI[miniz_oxide-0.6.2.sha256sum] = "b275950c28b37e794e8c55d88aeb5e139d0ce23fdbbeda68f8d7174abdf9e8fa"
+SRC_URI[miniz_oxide-0.7.1.sha256sum] = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7"
 SRC_URI[nalgebra-0.32.2.sha256sum] = "d68d47bba83f9e2006d117a9a33af1524e655516b8919caac694427a6fb1e511"
 SRC_URI[nalgebra-macros-0.2.0.sha256sum] = "d232c68884c0c99810a5a4d333ef7e47689cfd0edc85efc9e54e1e6bf5212766"
 SRC_URI[new_debug_unreachable-1.0.4.sha256sum] = "e4a24736216ec316047a1fc4252e27dabb04218aa4a3f37c6e7ddbf1f9782b54"
@@ -442,9 +460,9 @@
 SRC_URI[objc-0.2.7.sha256sum] = "915b1b472bc21c53464d6c8461c9d3af805ba1ef837e1cac254428f4a77177b1"
 SRC_URI[objc-foundation-0.1.1.sha256sum] = "1add1b659e36c9607c7aab864a76c7a4c2760cd0cd2e120f3fb8b952c7e22bf9"
 SRC_URI[objc_id-0.1.1.sha256sum] = "c92d4ddb4bd7b50d730c215ff871754d0da6b2178849f8a2a2ab69712d0c073b"
-SRC_URI[once_cell-1.17.1.sha256sum] = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3"
+SRC_URI[once_cell-1.17.2.sha256sum] = "9670a07f94779e00908f3e686eab508878ebb390ba6e604d3a284c00e8d0487b"
 SRC_URI[oorandom-11.1.3.sha256sum] = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575"
-SRC_URI[os_str_bytes-6.4.1.sha256sum] = "9b7820b9daea5457c9f21c69448905d723fbd21136ccf521748f23fd49e723ee"
+SRC_URI[os_str_bytes-6.5.0.sha256sum] = "ceedf44fb00f2d1984b0bc98102627ce622e083e49a5bacdb3e514fa4238e267"
 SRC_URI[pango-0.17.4.sha256sum] = "52c280b82a881e4208afb3359a8e7fde27a1b272280981f1f34610bed5770d37"
 SRC_URI[pango-sys-0.17.0.sha256sum] = "4293d0f0b5525eb5c24734d30b0ed02cd02aa734f216883f376b54de49625de8"
 SRC_URI[pangocairo-0.17.0.sha256sum] = "2feeb7ea7874507f83f5e7ba869c54e321959431c8fbd70d4b735c8b15d90506"
@@ -464,27 +482,26 @@
 SRC_URI[phf_shared-0.10.0.sha256sum] = "b6796ad771acdc0123d2a88dc428b5e38ef24456743ddb1744ed628f9815c096"
 SRC_URI[pin-project-lite-0.2.9.sha256sum] = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116"
 SRC_URI[pin-utils-0.1.0.sha256sum] = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
-SRC_URI[pkg-config-0.3.26.sha256sum] = "6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160"
+SRC_URI[pkg-config-0.3.27.sha256sum] = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964"
 SRC_URI[plotters-0.3.4.sha256sum] = "2538b639e642295546c50fcd545198c9d64ee2a38620a628724a3b266d5fbf97"
 SRC_URI[plotters-backend-0.3.4.sha256sum] = "193228616381fecdc1224c62e96946dfbc73ff4384fba576e052ff8c1bea8142"
 SRC_URI[plotters-svg-0.3.3.sha256sum] = "f9a81d2759aae1dae668f783c308bc5c8ebd191ff4184aaa1b37f65a6ae5a56f"
-SRC_URI[png-0.17.7.sha256sum] = "5d708eaf860a19b19ce538740d2b4bdeeb8337fa53f7738455e706623ad5c638"
+SRC_URI[png-0.17.8.sha256sum] = "aaeebc51f9e7d2c150d3f3bfeb667f2aa985db5ef1e3d212847bdedb488beeaa"
 SRC_URI[pom-3.2.0.sha256sum] = "07e2192780e9f8e282049ff9bffcaa28171e1cb0844f49ed5374e518ae6024ec"
 SRC_URI[ppv-lite86-0.2.17.sha256sum] = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
 SRC_URI[precomputed-hash-0.1.1.sha256sum] = "925383efa346730478fb4838dbe9137d2a47675ad789c546d150a6e1dd4ab31c"
 SRC_URI[predicates-2.1.5.sha256sum] = "59230a63c37f3e18569bdb90e4a89cbf5bf8b06fea0b84e65ea10cc4df47addd"
-SRC_URI[predicates-3.0.1.sha256sum] = "1ba7d6ead3e3966038f68caa9fc1f860185d95a793180bbcfe0d0da47b3961ed"
+SRC_URI[predicates-3.0.3.sha256sum] = "09963355b9f467184c04017ced4a2ba2d75cbcb4e7462690d388233253d4b1a9"
 SRC_URI[predicates-core-1.0.6.sha256sum] = "b794032607612e7abeb4db69adb4e33590fa6cf1149e95fd7cb00e634b92f174"
 SRC_URI[predicates-tree-1.0.9.sha256sum] = "368ba315fb8c5052ab692e68a0eefec6ec57b23a36959c14496f0b0df2c0cecf"
 SRC_URI[proc-macro-crate-1.3.1.sha256sum] = "7f4c021e1093a56626774e81216a4ce732a735e5bad4868a03f3ed65ca0c3919"
 SRC_URI[proc-macro-error-1.0.4.sha256sum] = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
 SRC_URI[proc-macro-error-attr-1.0.4.sha256sum] = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
 SRC_URI[proc-macro-hack-0.5.20+deprecated.sha256sum] = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068"
-SRC_URI[proc-macro2-1.0.52.sha256sum] = "1d0e1ae9e836cc3beddd63db0df682593d7e2d3d891ae8c9083d2113e1744224"
-SRC_URI[proptest-1.1.0.sha256sum] = "29f1b898011ce9595050a68e60f90bad083ff2987a695a42357134c8381fba70"
+SRC_URI[proc-macro2-1.0.59.sha256sum] = "6aeca18b86b413c660b781aa319e4e2648a3e6f9eadc9b47e9038e6fe9f3451b"
+SRC_URI[proptest-1.2.0.sha256sum] = "4e35c06b98bf36aba164cc17cb25f7e232f5c4aeea73baa14b8a9f0d92dbfa65"
 SRC_URI[quick-error-1.2.3.sha256sum] = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0"
-SRC_URI[quick-error-2.0.1.sha256sum] = "a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3"
-SRC_URI[quote-1.0.26.sha256sum] = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc"
+SRC_URI[quote-1.0.28.sha256sum] = "1b9ab9c7eadfd8df19006f1cf1a4aed13540ed5cbc047010ece5826e10825488"
 SRC_URI[rand-0.7.3.sha256sum] = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03"
 SRC_URI[rand-0.8.5.sha256sum] = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
 SRC_URI[rand_chacha-0.2.2.sha256sum] = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402"
@@ -499,30 +516,33 @@
 SRC_URI[rayon-core-1.11.0.sha256sum] = "4b8f95bd6966f5c87776639160a66bd8ab9895d9d4ab01ddba9fc60661aebe8d"
 SRC_URI[rctree-0.5.0.sha256sum] = "3b42e27ef78c35d3998403c1d26f3efd9e135d3e5121b0a4845cc5cc27547f4f"
 SRC_URI[redox_syscall-0.2.16.sha256sum] = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a"
-SRC_URI[regex-1.7.1.sha256sum] = "48aaa5748ba571fb95cd2c85c09f629215d3a6ece942baa100950af03a34f733"
+SRC_URI[redox_syscall-0.3.5.sha256sum] = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29"
+SRC_URI[regex-1.8.3.sha256sum] = "81ca098a9821bd52d6b24fd8b10bd081f47d39c22778cafaa75a2857a62c6390"
 SRC_URI[regex-automata-0.1.10.sha256sum] = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
-SRC_URI[regex-syntax-0.6.28.sha256sum] = "456c603be3e8d448b072f410900c09faf164fbce2d480456f50eea6e25f9c848"
+SRC_URI[regex-syntax-0.6.29.sha256sum] = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
+SRC_URI[regex-syntax-0.7.2.sha256sum] = "436b050e76ed2903236f032a59761c1eb99e1b0aead2c257922771dab1fc8c78"
 SRC_URI[rgb-0.8.36.sha256sum] = "20ec2d3e3fc7a92ced357df9cebd5a10b6fb2aa1ee797bf7e9ce2f17dffc8f59"
 SRC_URI[rustc_version-0.2.3.sha256sum] = "138e3e0acb6c9fb258b19b67cb8abd63c00679d2851805ea151465464fe9030a"
 SRC_URI[rustc_version-0.4.0.sha256sum] = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366"
-SRC_URI[rustix-0.36.9.sha256sum] = "fd5c6ff11fecd55b40746d1995a02f2eb375bf8c00d192d521ee09f42bef37bc"
+SRC_URI[rustix-0.37.19.sha256sum] = "acf8729d8542766f1b2cf77eb034d52f40d375bb8b615d0b147089946e16613d"
 SRC_URI[rusty-fork-0.3.0.sha256sum] = "cb3dcc6e454c328bb824492db107ab7c0ae8fcffe4ad210136ef014458c1bc4f"
 SRC_URI[ryu-1.0.13.sha256sum] = "f91339c0467de62360649f8d3e185ca8de4224ff281f66000de5eb2a77a79041"
 SRC_URI[safe_arch-0.6.0.sha256sum] = "794821e4ccb0d9f979512f9c1973480123f9bd62a90d74ab0f9426fcf8f4a529"
 SRC_URI[same-file-1.0.6.sha256sum] = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
 SRC_URI[scopeguard-1.1.0.sha256sum] = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"
-SRC_URI[scratch-1.0.5.sha256sum] = "1792db035ce95be60c3f8853017b3999209281c24e2ba5bc8e59bf97a0c590c1"
 SRC_URI[selectors-0.24.0.sha256sum] = "0c37578180969d00692904465fb7f6b3d50b9a2b952b87c23d0e2e5cb5013416"
 SRC_URI[semver-0.9.0.sha256sum] = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403"
 SRC_URI[semver-1.0.17.sha256sum] = "bebd363326d05ec3e2f532ab7660680f3b02130d780c299bca73469d521bc0ed"
 SRC_URI[semver-parser-0.7.0.sha256sum] = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3"
-SRC_URI[serde-1.0.156.sha256sum] = "314b5b092c0ade17c00142951e50ced110ec27cea304b1037c6969246c2469a4"
-SRC_URI[serde_derive-1.0.156.sha256sum] = "d7e29c4601e36bcec74a223228dce795f4cd3616341a4af93520ca1a837c087d"
-SRC_URI[serde_json-1.0.94.sha256sum] = "1c533a59c9d8a93a09c6ab31f0fd5e5f4dd1b8fc9434804029839884765d04ea"
+SRC_URI[serde-1.0.163.sha256sum] = "2113ab51b87a539ae008b5c6c02dc020ffa39afd2d83cffcb3f4eb2722cebec2"
+SRC_URI[serde_derive-1.0.163.sha256sum] = "8c805777e3930c8883389c602315a24224bcc738b63905ef87cd1420353ea93e"
+SRC_URI[serde_json-1.0.96.sha256sum] = "057d394a50403bcac12672b2b18fb387ab6d289d957dab67dd201875391e52f1"
+SRC_URI[serde_spanned-0.6.2.sha256sum] = "93107647184f6027e3b7dcb2e11034cf95ffa1e3a682c67951963ac69c1c007d"
 SRC_URI[servo_arc-0.2.0.sha256sum] = "d52aa42f8fdf0fed91e5ce7f23d8138441002fa31dca008acf47e6fd4721f741"
 SRC_URI[sha1-0.6.1.sha256sum] = "c1da05c97445caa12d05e848c4a4fcbbea29e748ac28f7e80e9b010392063770"
 SRC_URI[sha1_smol-1.0.0.sha256sum] = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012"
-SRC_URI[simba-0.8.0.sha256sum] = "50582927ed6f77e4ac020c057f37a268fc6aebc29225050365aacbb9deeeddc4"
+SRC_URI[simba-0.8.1.sha256sum] = "061507c94fc6ab4ba1c9a0305018408e312e17c041eb63bef8aa726fa33aceae"
+SRC_URI[simd-adler32-0.3.5.sha256sum] = "238abfbb77c1915110ad968465608b68e869e0772622c9656714e73e5a1a522f"
 SRC_URI[siphasher-0.3.10.sha256sum] = "7bd3e3206899af3f8b12af284fafc038cc1dc2b41d1b89dd17297221c5d225de"
 SRC_URI[slab-0.4.8.sha256sum] = "6528351c9bc8ab22353f9d776db39a20288e8d6c37ef8cfe3317cf875eecfc2d"
 SRC_URI[smallvec-1.10.0.sha256sum] = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0"
@@ -536,59 +556,69 @@
 SRC_URI[string_cache_codegen-0.5.2.sha256sum] = "6bb30289b722be4ff74a408c3cc27edeaad656e06cb1fe8fa9231fa59c728988"
 SRC_URI[strsim-0.10.0.sha256sum] = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
 SRC_URI[syn-1.0.109.sha256sum] = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
-SRC_URI[system-deps-6.0.3.sha256sum] = "2955b1fe31e1fa2fbd1976b71cc69a606d7d4da16f6de3333d0c92d51419aeff"
-SRC_URI[tempfile-3.4.0.sha256sum] = "af18f7ae1acd354b992402e9ec5864359d693cd8a79dcbef59f76891701c1e95"
+SRC_URI[syn-2.0.18.sha256sum] = "32d41677bcbe24c20c52e7c70b0d8db04134c5d1066bf98662e2871ad200ea3e"
+SRC_URI[system-deps-6.1.0.sha256sum] = "e5fa6fb9ee296c0dc2df41a656ca7948546d061958115ddb0bcaae43ad0d17d2"
+SRC_URI[target-lexicon-0.12.7.sha256sum] = "fd1ba337640d60c3e96bc6f0638a939b9c9a7f2c316a1598c279828b3d1dc8c5"
+SRC_URI[tempfile-3.5.0.sha256sum] = "b9fbec84f381d5795b08656e4912bec604d162bff9291d6189a78f4c8ab87998"
 SRC_URI[tendril-0.4.3.sha256sum] = "d24a120c5fc464a3458240ee02c299ebcb9d67b5249c8848b09d639dca8d7bb0"
-SRC_URI[termcolor-1.2.0.sha256sum] = "be55cf8942feac5c765c2c993422806843c9a9a45d4d5c407ad6dd2ea95eb9b6"
 SRC_URI[termtree-0.4.1.sha256sum] = "3369f5ac52d5eb6ab48c6b4ffdc8efbcad6b89c765749064ba298f2c68a16a76"
 SRC_URI[textwrap-0.16.0.sha256sum] = "222a222a5bfe1bba4a77b45ec488a741b3cb8872e5e499451fd7d0129c9c7c3d"
-SRC_URI[thiserror-1.0.39.sha256sum] = "a5ab016db510546d856297882807df8da66a16fb8c4101cb8b30054b0d5b2d9c"
-SRC_URI[thiserror-impl-1.0.39.sha256sum] = "5420d42e90af0c38c3290abcca25b9b3bdf379fc9f55c528f53a269d9c9a267e"
+SRC_URI[thiserror-1.0.40.sha256sum] = "978c9a314bd8dc99be594bc3c175faaa9794be04a5a5e153caba6915336cebac"
+SRC_URI[thiserror-impl-1.0.40.sha256sum] = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f"
 SRC_URI[time-0.2.27.sha256sum] = "4752a97f8eebd6854ff91f1c1824cd6160626ac4bd44287f7f4ea2035a02a242"
 SRC_URI[time-macros-0.1.1.sha256sum] = "957e9c6e26f12cb6d0dd7fc776bb67a706312e7299aed74c8dd5b17ebb27e2f1"
 SRC_URI[time-macros-impl-0.1.2.sha256sum] = "fd3c141a1b43194f3f56a1411225df8646c55781d5f26db825b3d98507eb482f"
 SRC_URI[tinytemplate-1.2.1.sha256sum] = "be4d6b5f19ff7664e8c98d03e2139cb510db9b0a60b55f8e8709b689d939b6bc"
 SRC_URI[tinyvec-1.6.0.sha256sum] = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50"
 SRC_URI[tinyvec_macros-0.1.1.sha256sum] = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
-SRC_URI[toml-0.5.11.sha256sum] = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234"
-SRC_URI[toml_datetime-0.6.1.sha256sum] = "3ab8ed2edee10b50132aed5f331333428b011c99402b5a534154ed15746f9622"
-SRC_URI[toml_edit-0.19.7.sha256sum] = "dc18466501acd8ac6a3f615dd29a3438f8ca6bb3b19537138b3106e575621274"
+SRC_URI[toml-0.7.4.sha256sum] = "d6135d499e69981f9ff0ef2167955a5333c35e36f6937d382974566b3d5b94ec"
+SRC_URI[toml_datetime-0.6.2.sha256sum] = "5a76a9312f5ba4c2dec6b9161fdf25d87ad8a09256ccea5a556fef03c706a10f"
+SRC_URI[toml_edit-0.19.10.sha256sum] = "2380d56e8670370eee6566b0bfd4265f65b3f432e8c6d85623f728d4fa31f739"
 SRC_URI[typenum-1.16.0.sha256sum] = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba"
 SRC_URI[unarray-0.1.4.sha256sum] = "eaea85b334db583fe3274d12b4cd1880032beab409c0d774be044d4480ab9a94"
-SRC_URI[unicode-bidi-0.3.11.sha256sum] = "524b68aca1d05e03fdf03fcdce2c6c94b6daf6d16861ddaa7e4f2b6638a9052c"
-SRC_URI[unicode-ident-1.0.8.sha256sum] = "e5464a87b239f13a63a501f2701565754bae92d243d4bb7eb12f6d57d2269bf4"
+SRC_URI[unicode-bidi-0.3.13.sha256sum] = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460"
+SRC_URI[unicode-ident-1.0.9.sha256sum] = "b15811caf2415fb889178633e7724bad2509101cde276048e013b9def5e51fa0"
 SRC_URI[unicode-normalization-0.1.22.sha256sum] = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921"
-SRC_URI[unicode-width-0.1.10.sha256sum] = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b"
 SRC_URI[url-2.3.1.sha256sum] = "0d68c799ae75762b8c3fe375feb6600ef5602c883c5d21eb51c09f22b83c4643"
 SRC_URI[utf-8-0.7.6.sha256sum] = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9"
+SRC_URI[utf8parse-0.2.1.sha256sum] = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a"
 SRC_URI[version-compare-0.1.1.sha256sum] = "579a42fc0b8e0c63b76519a339be31bed574929511fa53c1a3acae26eb258f29"
 SRC_URI[version_check-0.9.4.sha256sum] = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
 SRC_URI[wait-timeout-0.2.0.sha256sum] = "9f200f5b12eb75f8c1ed65abd4b2db8a6e1b138a20de009dacee265a2498f3f6"
 SRC_URI[walkdir-2.3.3.sha256sum] = "36df944cda56c7d8d8b7496af378e6b16de9284591917d307c9b4d313c44e698"
 SRC_URI[wasi-0.9.0+wasi-snapshot-preview1.sha256sum] = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
 SRC_URI[wasi-0.11.0+wasi-snapshot-preview1.sha256sum] = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
-SRC_URI[wasm-bindgen-0.2.84.sha256sum] = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b"
-SRC_URI[wasm-bindgen-backend-0.2.84.sha256sum] = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9"
-SRC_URI[wasm-bindgen-macro-0.2.84.sha256sum] = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5"
-SRC_URI[wasm-bindgen-macro-support-0.2.84.sha256sum] = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6"
-SRC_URI[wasm-bindgen-shared-0.2.84.sha256sum] = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d"
-SRC_URI[web-sys-0.3.61.sha256sum] = "e33b99f4b23ba3eec1a53ac264e35a755f00e966e0065077d6027c0f575b0b97"
+SRC_URI[wasm-bindgen-0.2.86.sha256sum] = "5bba0e8cb82ba49ff4e229459ff22a191bbe9a1cb3a341610c9c33efc27ddf73"
+SRC_URI[wasm-bindgen-backend-0.2.86.sha256sum] = "19b04bc93f9d6bdee709f6bd2118f57dd6679cf1176a1af464fca3ab0d66d8fb"
+SRC_URI[wasm-bindgen-macro-0.2.86.sha256sum] = "14d6b024f1a526bb0234f52840389927257beb670610081360e5a03c5df9c258"
+SRC_URI[wasm-bindgen-macro-support-0.2.86.sha256sum] = "e128beba882dd1eb6200e1dc92ae6c5dbaa4311aa7bb211ca035779e5efc39f8"
+SRC_URI[wasm-bindgen-shared-0.2.86.sha256sum] = "ed9d5b4305409d1fc9482fee2d7f9bcbf24b3972bf59817ef757e23982242a93"
+SRC_URI[web-sys-0.3.63.sha256sum] = "3bdd9ef4e984da1187bf8110c5cf5b845fbc87a23602cdf912386a76fcd3a7c2"
 SRC_URI[weezl-0.1.7.sha256sum] = "9193164d4de03a926d909d3bc7c30543cecb35400c02114792c2cae20d5e2dbb"
-SRC_URI[wide-0.7.8.sha256sum] = "b689b6c49d6549434bf944e6b0f39238cf63693cb7a147e9d887507fffa3b223"
+SRC_URI[wide-0.7.9.sha256sum] = "5cd0496a71f3cc6bc4bf0ed91346426a5099e93d89807e663162dc5a1069ff65"
 SRC_URI[winapi-0.3.9.sha256sum] = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
 SRC_URI[winapi-i686-pc-windows-gnu-0.4.0.sha256sum] = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
 SRC_URI[winapi-util-0.1.5.sha256sum] = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
 SRC_URI[winapi-x86_64-pc-windows-gnu-0.4.0.sha256sum] = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
-SRC_URI[windows-sys-0.42.0.sha256sum] = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7"
+SRC_URI[windows-0.48.0.sha256sum] = "e686886bc078bc1b0b600cac0147aadb815089b6e4da64016cbd754b6342700f"
 SRC_URI[windows-sys-0.45.0.sha256sum] = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0"
+SRC_URI[windows-sys-0.48.0.sha256sum] = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
 SRC_URI[windows-targets-0.42.2.sha256sum] = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071"
+SRC_URI[windows-targets-0.48.0.sha256sum] = "7b1eb6f0cd7c80c79759c929114ef071b87354ce476d9d94271031c0497adfd5"
 SRC_URI[windows_aarch64_gnullvm-0.42.2.sha256sum] = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8"
+SRC_URI[windows_aarch64_gnullvm-0.48.0.sha256sum] = "91ae572e1b79dba883e0d315474df7305d12f569b400fcf90581b06062f7e1bc"
 SRC_URI[windows_aarch64_msvc-0.42.2.sha256sum] = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43"
+SRC_URI[windows_aarch64_msvc-0.48.0.sha256sum] = "b2ef27e0d7bdfcfc7b868b317c1d32c641a6fe4629c171b8928c7b08d98d7cf3"
 SRC_URI[windows_i686_gnu-0.42.2.sha256sum] = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f"
+SRC_URI[windows_i686_gnu-0.48.0.sha256sum] = "622a1962a7db830d6fd0a69683c80a18fda201879f0f447f065a3b7467daa241"
 SRC_URI[windows_i686_msvc-0.42.2.sha256sum] = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060"
+SRC_URI[windows_i686_msvc-0.48.0.sha256sum] = "4542c6e364ce21bf45d69fdd2a8e455fa38d316158cfd43b3ac1c5b1b19f8e00"
 SRC_URI[windows_x86_64_gnu-0.42.2.sha256sum] = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36"
+SRC_URI[windows_x86_64_gnu-0.48.0.sha256sum] = "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1"
 SRC_URI[windows_x86_64_gnullvm-0.42.2.sha256sum] = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3"
+SRC_URI[windows_x86_64_gnullvm-0.48.0.sha256sum] = "7896dbc1f41e08872e9d5e8f8baa8fdd2677f29468c4e156210174edc7f7b953"
 SRC_URI[windows_x86_64_msvc-0.42.2.sha256sum] = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0"
-SRC_URI[winnow-0.3.6.sha256sum] = "23d020b441f92996c80d94ae9166e8501e59c7bb56121189dc9eab3bd8216966"
+SRC_URI[windows_x86_64_msvc-0.48.0.sha256sum] = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a"
+SRC_URI[winnow-0.4.6.sha256sum] = "61de7bac303dc551fe038e2b3cef0f571087a47571ea6e79a87692ac99b99699"
 SRC_URI[xml5ever-0.17.0.sha256sum] = "4034e1d05af98b51ad7214527730626f019682d797ba38b51689212118d8e650"
 SRC_URI[yeslogic-fontconfig-sys-4.0.1.sha256sum] = "ec657fd32bbcbeaef5c7bc8e10b3db95b143fab8db0a50079773dbf936fd4f73"
diff --git a/poky/meta/recipes-gnome/librsvg/librsvg/0001-system-deps-src-lib.rs-do-not-probe-into-harcoded-li.patch b/poky/meta/recipes-gnome/librsvg/librsvg/0001-system-deps-src-lib.rs-do-not-probe-into-harcoded-li.patch
deleted file mode 100644
index 15d5abe..0000000
--- a/poky/meta/recipes-gnome/librsvg/librsvg/0001-system-deps-src-lib.rs-do-not-probe-into-harcoded-li.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From c0b0ef51b3c997a1c20ef9381ba2201ed477f609 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Tue, 21 Sep 2021 16:54:23 +0200
-Subject: [PATCH] system-deps/src/lib.rs: do not probe into harcoded list of
- targets
-
-Oe-core defines custom targets, and this probe fails.
-
-Upstream-Status: Inappropriate [oe-core specific]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
-
----
- system-deps-6.0.3/src/lib.rs           | 16 +---------------
- 2 files changed, 2 insertions(+), 16 deletions(-)
-
-diff --git a/system-deps-6.0.3/src/lib.rs b/system-deps-6.0.3/src/lib.rs
-index 45ab1ce..f87d1ec 100644
---- a/system-deps-6.0.3/src/lib.rs
-+++ b/system-deps-6.0.3/src/lib.rs
-@@ -800,21 +800,7 @@ impl Config {
-     }
- 
-     fn check_cfg(&self, cfg: &cfg_expr::Expression) -> Result<bool, Error> {
--        use cfg_expr::{targets::get_builtin_target_by_triple, Predicate};
--
--        let target = self
--            .env
--            .get("TARGET")
--            .expect("no TARGET env variable defined");
--        let target = get_builtin_target_by_triple(&target)
--            .unwrap_or_else(|| panic!("Invalid TARGET: {}", target));
--
--        let res = cfg.eval(|pred| match pred {
--            Predicate::Target(tp) => Some(tp.matches(target)),
--            _ => None,
--        });
--
--        res.ok_or_else(|| Error::UnsupportedCfg(cfg.original().to_string()))
-+        Ok(true)
-     }
- }
- 
diff --git a/poky/meta/recipes-gnome/librsvg/librsvg_2.56.0.bb b/poky/meta/recipes-gnome/librsvg/librsvg_2.56.1.bb
similarity index 91%
rename from poky/meta/recipes-gnome/librsvg/librsvg_2.56.0.bb
rename to poky/meta/recipes-gnome/librsvg/librsvg_2.56.1.bb
index 1a5d8a6..edd7ad3 100644
--- a/poky/meta/recipes-gnome/librsvg/librsvg_2.56.0.bb
+++ b/poky/meta/recipes-gnome/librsvg/librsvg_2.56.1.bb
@@ -19,10 +19,9 @@
 require ${BPN}-crates.inc
 
 SRC_URI += "file://0001-Makefile.am-pass-rust-target-to-cargo-also-when-not-.patch \
-            file://0001-system-deps-src-lib.rs-do-not-probe-into-harcoded-li.patch;patchdir=${CARGO_VENDORING_DIRECTORY} \
            "
 
-SRC_URI[archive.sha256sum] = "194b5097d9cd107495f49c291cf0da65ec2b4bb55e5628369751a3f44ba222b3"
+SRC_URI[archive.sha256sum] = "1685aeacae9a441dcb12c0c3ec63706172a2f52705dafbefb8e7311d4d5e430b"
 
 # librsvg is still autotools-based, but is calling cargo from its automake-driven makefiles
 # so we cannot use cargo class directly, but still need bits and pieces from it 
@@ -51,8 +50,7 @@
     sed -ie 's,"linker": ".*","linker": "${RUST_TARGET_CC}",g' ${RUST_TARGETS_DIR}/${RUST_HOST_SYS}.json
 }
 
-# Issue only on windows
-CVE_CHECK_IGNORE += "CVE-2018-1000041"
+CVE_STATUS[CVE-2018-1000041] = "not-applicable-platform: Issue only applies on Windows"
 
 CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders"
 
diff --git a/poky/meta/recipes-graphics/builder/builder_0.1.bb b/poky/meta/recipes-graphics/builder/builder_0.1.bb
index 39be3bd..1700015 100644
--- a/poky/meta/recipes-graphics/builder/builder_0.1.bb
+++ b/poky/meta/recipes-graphics/builder/builder_0.1.bb
@@ -29,5 +29,4 @@
 	chown  builder.builder ${D}${sysconfdir}/mini_x/session.d/builder_session.sh
 }
 
-# -4178 is an unrelated 'builder'
-CVE_CHECK_IGNORE = "CVE-2008-4178"
+CVE_STATUS[CVE-2008-4178] = "cpe-incorrect: This CVE is for an unrelated builder"
diff --git a/poky/meta/recipes-graphics/freetype/freetype_2.13.0.bb b/poky/meta/recipes-graphics/freetype/freetype_2.13.1.bb
similarity index 95%
rename from poky/meta/recipes-graphics/freetype/freetype_2.13.0.bb
rename to poky/meta/recipes-graphics/freetype/freetype_2.13.1.bb
index 514672c..5b1c520 100644
--- a/poky/meta/recipes-graphics/freetype/freetype_2.13.0.bb
+++ b/poky/meta/recipes-graphics/freetype/freetype_2.13.1.bb
@@ -14,7 +14,7 @@
                     "
 
 SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "5ee23abd047636c24b2d43c6625dcafc66661d1aca64dec9e0d05df29592624c"
+SRC_URI[sha256sum] = "ea67e3b019b1104d1667aa274f5dc307d8cbd606b399bc32df308a77f1a564bf"
 
 UPSTREAM_CHECK_REGEX = "freetype-(?P<pver>\d+(\.\d+)+)"
 
diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_7.3.0.bb b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.0.1.bb
similarity index 95%
rename from poky/meta/recipes-graphics/harfbuzz/harfbuzz_7.3.0.bb
rename to poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.0.1.bb
index 7ecbb04..359272e 100644
--- a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_7.3.0.bb
+++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.0.1.bb
@@ -9,7 +9,7 @@
                     "
 
 SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "20770789749ac9ba846df33983dbda22db836c70d9f5d050cb9aa5347094a8fb"
+SRC_URI[sha256sum] = "c1ce780acd385569f25b9a29603d1d5bc71e6940e55bfdd4f7266fad50e42620"
 
 DEPENDS += "glib-2.0-native"
 
diff --git a/poky/meta/recipes-graphics/jpeg/files/0001-libjpeg-turbo-fix-package_qa-error.patch b/poky/meta/recipes-graphics/jpeg/files/0001-libjpeg-turbo-fix-package_qa-error.patch
deleted file mode 100644
index fab5109..0000000
--- a/poky/meta/recipes-graphics/jpeg/files/0001-libjpeg-turbo-fix-package_qa-error.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 5cf847b5bef8dc3f9f89bd09dd5af4e6603f393c Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Mon, 27 Aug 2018 16:10:55 +0800
-Subject: [PATCH] libjpeg-turbo: fix package_qa error
-
-Fix package qa errors like below:
-libjpeg.so.62.3.0 contains probably-redundant RPATH /usr/lib [useless-rpaths]
-usr/bin/cjpeg contains probably-redundant RPATH /usr/lib
-
-Upstream-Status: Inappropriate [oe-specific]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- CMakeLists.txt | 4 ----
- 1 file changed, 4 deletions(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 2bc3458..ea3041e 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -191,10 +191,6 @@ endif()
- report_option(ENABLE_SHARED "Shared libraries")
- report_option(ENABLE_STATIC "Static libraries")
- 
--if(ENABLE_SHARED)
--  set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_FULL_LIBDIR})
--endif()
--
- if(WITH_JPEG8 OR WITH_JPEG7)
-   set(WITH_ARITH_ENC 1)
-   set(WITH_ARITH_DEC 1)
diff --git a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.0.bb
similarity index 83%
rename from poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb
rename to poky/meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.0.bb
index e086830..146d800 100644
--- a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb
+++ b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.0.bb
@@ -2,19 +2,15 @@
 DESCRIPTION = "libjpeg-turbo is a derivative of libjpeg that uses SIMD instructions (MMX, SSE2, NEON) to accelerate baseline JPEG compression and decompression"
 HOMEPAGE = "http://libjpeg-turbo.org/"
 
-LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://cdjpeg.h;endline=13;md5=8a61af33cc1c681cd5cc297150bbb5bd \
-                    file://jpeglib.h;endline=16;md5=52b5eaade8d5b6a452a7693dfe52c084 \
-                    file://djpeg.c;endline=11;md5=510b386442ab6a27ee241fc5669bc5ea \
-                    "
+LICENSE = "IJG & BSD-3-Clause & Zlib"
+LIC_FILES_CHKSUM = "file://LICENSE.md;md5=2a8e0d8226a102f07ab63ed7fd6ce155"
+
 DEPENDS:append:x86-64:class-target = " nasm-native"
 DEPENDS:append:x86:class-target = " nasm-native"
 
-SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \
-           file://0001-libjpeg-turbo-fix-package_qa-error.patch \
-           "
+SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz"
 
-SRC_URI[sha256sum] = "2fdc3feb6e9deb17adec9bafa3321419aa19f8f4e5dea7bf8486844ca22207bf"
+SRC_URI[sha256sum] = "c77c65fcce3d33417b2e90432e7a0eb05f59a7fff884022a9d931775d583bfaa"
 UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/libjpeg-turbo/files/"
 UPSTREAM_CHECK_REGEX = "/libjpeg-turbo/files/(?P<pver>(\d+[\.\-_]*)+)/"
 
diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.26.5.bb b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.28.0.bb
similarity index 97%
rename from poky/meta/recipes-graphics/libsdl2/libsdl2_2.26.5.bb
rename to poky/meta/recipes-graphics/libsdl2/libsdl2_2.28.0.bb
index 3274475..1228217 100644
--- a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.26.5.bb
+++ b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.28.0.bb
@@ -25,7 +25,7 @@
 
 S = "${WORKDIR}/SDL2-${PV}"
 
-SRC_URI[sha256sum] = "ad8fea3da1be64c83c45b1d363a6b4ba8fd60f5bde3b23ec73855709ec5eabf7"
+SRC_URI[sha256sum] = "d215ae4541e69d628953711496cd7b0e8b8d5c8d811d5b0f98fdc7fd1422998a"
 
 inherit cmake lib_package binconfig-disabled pkgconfig upstream-version-is-even
 
diff --git a/poky/meta/recipes-graphics/libva/libva-initial_2.18.0.bb b/poky/meta/recipes-graphics/libva/libva-initial_2.19.0.bb
similarity index 100%
rename from poky/meta/recipes-graphics/libva/libva-initial_2.18.0.bb
rename to poky/meta/recipes-graphics/libva/libva-initial_2.19.0.bb
diff --git a/poky/meta/recipes-graphics/libva/libva-utils_2.18.2.bb b/poky/meta/recipes-graphics/libva/libva-utils_2.19.0.bb
similarity index 90%
rename from poky/meta/recipes-graphics/libva/libva-utils_2.18.2.bb
rename to poky/meta/recipes-graphics/libva/libva-utils_2.19.0.bb
index c7bf360..acb25a3 100644
--- a/poky/meta/recipes-graphics/libva/libva-utils_2.18.2.bb
+++ b/poky/meta/recipes-graphics/libva/libva-utils_2.19.0.bb
@@ -14,8 +14,8 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b148fc8adf19dc9aec17cf9cd29a9a5e"
 
-SRC_URI = "git://github.com/intel/libva-utils.git;branch=v2.18-branch;protocol=https"
-SRCREV = "76993ae8d0fbd17e5bfff80ed495c71e727f0d06"
+SRC_URI = "git://github.com/intel/libva-utils.git;branch=v2.19-branch;protocol=https"
+SRCREV = "5bf107ec4f7b18a6457d23abf57560dfb382a751"
 S = "${WORKDIR}/git"
 
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))$"
diff --git a/poky/meta/recipes-graphics/libva/libva.inc b/poky/meta/recipes-graphics/libva/libva.inc
index 7ed0c9e..3388fea 100644
--- a/poky/meta/recipes-graphics/libva/libva.inc
+++ b/poky/meta/recipes-graphics/libva/libva.inc
@@ -18,7 +18,7 @@
 
 SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/libva-${PV}.tar.bz2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=2e48940f94acb0af582e5ef03537800f"
-SRC_URI[sha256sum] = "a3577eeba0c23924686c7e2f2030073736c8282a80f27b5473e33ea94ccd4982"
+SRC_URI[sha256sum] = "963be798d559df7feebda6fa81aa0dae6f9409c633a37909c44c6aa8af1e2174"
 
 S = "${WORKDIR}/libva-${PV}"
 
diff --git a/poky/meta/recipes-graphics/libva/libva_2.18.0.bb b/poky/meta/recipes-graphics/libva/libva_2.19.0.bb
similarity index 100%
rename from poky/meta/recipes-graphics/libva/libva_2.18.0.bb
rename to poky/meta/recipes-graphics/libva/libva_2.19.0.bb
diff --git a/poky/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch b/poky/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch
new file mode 100644
index 0000000..3631a91
--- /dev/null
+++ b/poky/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch
@@ -0,0 +1,34 @@
+From 865762e0a767a121206d818bdd58301afbf30104 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 23 Jun 2023 01:20:38 -0700
+Subject: [PATCH] gallium: Fix build with llvm 17
+
+These headers are not available for C files in llvm 17+
+and they seem to be not needed to compile after all with llvm 17
+so add conditions to exclude them for llvm >= 17
+
+Upstream-Status: Submitted [https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/23827]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/gallium/auxiliary/gallivm/lp_bld_init.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/gallium/auxiliary/gallivm/lp_bld_init.c b/src/gallium/auxiliary/gallivm/lp_bld_init.c
+index 24d0823..3d4573e 100644
+--- a/src/gallium/auxiliary/gallivm/lp_bld_init.c
++++ b/src/gallium/auxiliary/gallivm/lp_bld_init.c
+@@ -42,8 +42,10 @@
+ 
+ #include <llvm/Config/llvm-config.h>
+ #include <llvm-c/Analysis.h>
++#if LLVM_VERSION_MAJOR < 17
+ #include <llvm-c/Transforms/Scalar.h>
+-#if LLVM_VERSION_MAJOR >= 7
++#endif
++#if LLVM_VERSION_MAJOR >= 7 && LLVM_VERSION_MAJOR < 17
+ #include <llvm-c/Transforms/Utils.h>
+ #endif
+ #include <llvm-c/BitWriter.h>
+-- 
+2.41.0
+
diff --git a/poky/meta/recipes-graphics/mesa/mesa-gl_23.1.1.bb b/poky/meta/recipes-graphics/mesa/mesa-gl_23.1.3.bb
similarity index 100%
rename from poky/meta/recipes-graphics/mesa/mesa-gl_23.1.1.bb
rename to poky/meta/recipes-graphics/mesa/mesa-gl_23.1.3.bb
diff --git a/poky/meta/recipes-graphics/mesa/mesa.inc b/poky/meta/recipes-graphics/mesa/mesa.inc
index ac42a8d..9288990 100644
--- a/poky/meta/recipes-graphics/mesa/mesa.inc
+++ b/poky/meta/recipes-graphics/mesa/mesa.inc
@@ -17,9 +17,10 @@
 SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \
            file://0001-meson.build-check-for-all-linux-host_os-combinations.patch \
            file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \
+           file://0001-gallium-Fix-build-with-llvm-17.patch \
            "
 
-SRC_URI[sha256sum] = "a2679031ed5b73b29c4f042ac64d96f83b0cfe4858617de32e2efc196c653a40"
+SRC_URI[sha256sum] = "2f6d7381bc10fbd2d6263ad1022785b8b511046c1a904162f8f7da18eea8aed9"
 
 UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P<pver>\d+(\.\d+)+)"
 
diff --git a/poky/meta/recipes-graphics/mesa/mesa_23.1.1.bb b/poky/meta/recipes-graphics/mesa/mesa_23.1.3.bb
similarity index 100%
rename from poky/meta/recipes-graphics/mesa/mesa_23.1.1.bb
rename to poky/meta/recipes-graphics/mesa/mesa_23.1.3.bb
diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers/0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers/0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch
new file mode 100644
index 0000000..4db686f
--- /dev/null
+++ b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers/0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch
@@ -0,0 +1,28 @@
+From ea7b9e6fc0b3f45d6032ce624bed85bbde5ec0bf Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Wed, 21 Jun 2023 20:03:03 +0200
+Subject: [PATCH] scripts/CMakeLists.txt: append to CMAKE_FIND_ROOT_PATH
+ instead of replacing it
+
+Resetting CMAKE_FIND_ROOT_PATH in particular breaks builds in Yocto
+(which is a major cross compiling framework).
+
+Upstream-Status: Backport [https://github.com/KhronosGroup/Vulkan-ValidationLayers/commit/e1b11dc7856765cf45a283ac805ea5066c81cd9b]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ scripts/CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt
+index 94c8528c8..cd86c54eb 100644
+--- a/scripts/CMakeLists.txt
++++ b/scripts/CMakeLists.txt
+@@ -124,7 +124,7 @@ if (MIMALLOC_INSTALL_DIR)
+ endif()
+ 
+ if (CMAKE_CROSSCOMPILING)
+-    set(CMAKE_FIND_ROOT_PATH ${CMAKE_PREFIX_PATH} PARENT_SCOPE)
++    set(CMAKE_FIND_ROOT_PATH ${CMAKE_FIND_ROOT_PATH} ${CMAKE_PREFIX_PATH} PARENT_SCOPE)
+ else()
+     set(CMAKE_PREFIX_PATH ${CMAKE_PREFIX_PATH} PARENT_SCOPE)
+ endif()
diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.243.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.250.0.bb
similarity index 90%
rename from poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.243.0.bb
rename to poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.250.0.bb
index bfb4b37..62c6343 100644
--- a/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.243.0.bb
+++ b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.250.0.bb
@@ -8,8 +8,10 @@
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8df9e8826734226d08cb412babfa599c"
 
-SRC_URI = "git://git@github.com/KhronosGroup/Vulkan-ValidationLayers.git;branch=sdk-1.3.243;protocol=https"
-SRCREV = "4ac0fd8e6cb3d49105d707d9ec07f0f3aa0943d6"
+SRC_URI = "git://git@github.com/KhronosGroup/Vulkan-ValidationLayers.git;branch=sdk-1.3.250;protocol=https \
+           file://0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch \
+           "
+SRCREV = "1541e00a63cd125f15d231d5a8059ebe66503b25"
 
 S = "${WORKDIR}/git"
 
diff --git a/poky/meta/recipes-graphics/wayland/wayland-protocols_1.31.bb b/poky/meta/recipes-graphics/wayland/wayland-protocols_1.32.bb
similarity index 91%
rename from poky/meta/recipes-graphics/wayland/wayland-protocols_1.31.bb
rename to poky/meta/recipes-graphics/wayland/wayland-protocols_1.32.bb
index afde995..05943bc 100644
--- a/poky/meta/recipes-graphics/wayland/wayland-protocols_1.31.bb
+++ b/poky/meta/recipes-graphics/wayland/wayland-protocols_1.32.bb
@@ -10,7 +10,7 @@
                     file://stable/presentation-time/presentation-time.xml;endline=26;md5=4646cd7d9edc9fa55db941f2d3a7dc53"
 
 SRC_URI = "https://gitlab.freedesktop.org/wayland/wayland-protocols/-/releases/${PV}/downloads/wayland-protocols-${PV}.tar.xz"
-SRC_URI[sha256sum] = "a07fa722ed87676ec020d867714bc9a2f24c464da73912f39706eeef5219e238"
+SRC_URI[sha256sum] = "7459799d340c8296b695ef857c07ddef24c5a09b09ab6a74f7b92640d2b1ba11"
 
 UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html"
 
diff --git a/poky/meta/recipes-graphics/wayland/weston_11.0.1.bb b/poky/meta/recipes-graphics/wayland/weston_12.0.1.bb
similarity index 89%
rename from poky/meta/recipes-graphics/wayland/weston_11.0.1.bb
rename to poky/meta/recipes-graphics/wayland/weston_12.0.1.bb
index 0838791..d9eae1f 100644
--- a/poky/meta/recipes-graphics/wayland/weston_11.0.1.bb
+++ b/poky/meta/recipes-graphics/wayland/weston_12.0.1.bb
@@ -6,14 +6,14 @@
                     file://libweston/compositor.c;endline=27;md5=eb6d5297798cabe2ddc65e2af519bcf0 \
                     "
 
-SRC_URI = "https://gitlab.freedesktop.org/wayland/weston/uploads/f5648c818fba5432edc3ea63c4db4813/${BPN}-${PV}.tar.xz \
+SRC_URI = "https://gitlab.freedesktop.org/wayland/weston/-/releases/${PV}/downloads/${BPN}-${PV}.tar.xz \
            file://weston.png \
            file://weston.desktop \
            file://xwayland.weston-start \
            file://systemd-notify.weston-start \
            "
 
-SRC_URI[sha256sum] = "a413f68c252957fc3191c3650823ec356ae8c124ccc0cb440da5cdc4e2cb9e57"
+SRC_URI[sha256sum] = "b18591eab278bc191720f6c09158040b795e7118af1d5ddca6acd9a8e2039535"
 
 UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html"
 UPSTREAM_CHECK_REGEX = "weston-(?P<pver>\d+\.\d+\.(?!9\d+)\d+)"
@@ -37,7 +37,7 @@
                    ${@bb.utils.contains('DISTRO_FEATURES', 'x11 wayland', 'xwayland', '', d)} \
                    ${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \
                    ${@bb.utils.contains_any('DISTRO_FEATURES', 'wayland x11', '', 'headless', d)} \
-                   ${@oe.utils.conditional('VIRTUAL-RUNTIME_init_manager', 'sysvinit', 'launcher-libseat', '', d)} \
+                   launcher-libseat \
                    image-jpeg \
                    screenshare \
                    shell-desktop \
@@ -71,9 +71,9 @@
 # Weston with webp support
 PACKAGECONFIG[webp] = "-Dimage-webp=true,-Dimage-webp=false,libwebp"
 # Weston with systemd-login support
-PACKAGECONFIG[systemd] = "-Dsystemd=true -Dlauncher-logind=true,-Dsystemd=false -Dlauncher-logind=false,systemd dbus"
+PACKAGECONFIG[systemd] = "-Dsystemd=true,-Dsystemd=false,systemd dbus"
 # Weston with Xwayland support (requires X11 and Wayland)
-PACKAGECONFIG[xwayland] = "-Dxwayland=true,-Dxwayland=false,libxcb libxcursor xwayland"
+PACKAGECONFIG[xwayland] = "-Dxwayland=true,-Dxwayland=false,libxcb libxcursor xcb-util-cursor xwayland"
 # colord CMS support
 PACKAGECONFIG[colord] = "-Ddeprecated-color-management-colord=true,-Ddeprecated-color-management-colord=false,colord"
 # Clients support
@@ -94,6 +94,13 @@
 PACKAGECONFIG[image-jpeg] = "-Dimage-jpeg=true,-Dimage-jpeg=false, jpeg"
 # support libseat based launch
 PACKAGECONFIG[launcher-libseat] = "-Dlauncher-libseat=true,-Dlauncher-libseat=false,seatd"
+# deprecated and superseded by libseat launcher
+PACKAGECONFIG[launcher-logind] = "-Ddeprecated-launcher-logind=true,-Ddeprecated-launcher-logind=false,"
+# screencasting via PipeWire
+PACKAGECONFIG[pipewire] = "-Dbackend-pipewire=true,-Dbackend-pipewire=false,pipewire"
+# VNC remote screensharing
+PACKAGECONFIG[vnc] = "-Dbackend-vnc=true,-Dbackend-vnc=false,neatvnc"
+
 
 do_install:append() {
 	# Weston doesn't need the .la files to load modules, so wipe them
diff --git a/poky/meta/recipes-graphics/xorg-app/xdpyinfo_1.3.4.bb b/poky/meta/recipes-graphics/xorg-app/xdpyinfo_1.3.4.bb
index aaa8aa8..3becd40 100644
--- a/poky/meta/recipes-graphics/xorg-app/xdpyinfo_1.3.4.bb
+++ b/poky/meta/recipes-graphics/xorg-app/xdpyinfo_1.3.4.bb
@@ -9,7 +9,7 @@
 that are available."
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=f3d09e6b9e203a1af489e16c708f4fb3"
-DEPENDS += "libxtst libxext libxxf86vm libxi libxrender libxinerama libdmx libxau libxcomposite"
+DEPENDS += "libxtst libxext libxxf86vm libxi libxrender libxinerama libxau libxcomposite"
 PE = "1"
 
 SRC_URI += "file://disable-xkb.patch"
diff --git a/poky/meta/recipes-graphics/xorg-app/xeyes_1.2.0.bb b/poky/meta/recipes-graphics/xorg-app/xeyes_1.3.0.bb
similarity index 77%
rename from poky/meta/recipes-graphics/xorg-app/xeyes_1.2.0.bb
rename to poky/meta/recipes-graphics/xorg-app/xeyes_1.3.0.bb
index 73d09f0..3d1a706 100644
--- a/poky/meta/recipes-graphics/xorg-app/xeyes_1.2.0.bb
+++ b/poky/meta/recipes-graphics/xorg-app/xeyes_1.3.0.bb
@@ -8,6 +8,7 @@
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=3ea51b365051ac32d1813a7dbaa4bfc6"
 
-SRC_URI[sha256sum] = "f8a17e23146bef1ab345a1e303c6749e42aaa7bcf4f25428afad41770721b6db"
+SRC_URI_EXT = "xz"
+SRC_URI[sha256sum] = "0950c600bf33447e169a539ee6655ef9f36d6cebf2c1be67f7ab55dacb753023"
 
 DEPENDS += "libxau libxt libxext libxmu libxrender libxi"
diff --git a/poky/meta/recipes-graphics/xorg-lib/libdmx_1.1.4.bb b/poky/meta/recipes-graphics/xorg-lib/libdmx_1.1.4.bb
deleted file mode 100644
index 3634d53..0000000
--- a/poky/meta/recipes-graphics/xorg-lib/libdmx_1.1.4.bb
+++ /dev/null
@@ -1,21 +0,0 @@
-require xorg-lib-common.inc
-
-SUMMARY = "DMX: Distributed Multihead X extension library"
-
-DESCRIPTION = "The DMX extension provides support for communication with \
-and control of Xdmx(1) server. Attributes of the Xdmx(1) server and of \
-the back-end screens attached to the server can be queried and modified \
-via this protocol."
-
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=a3c3499231a8035efd0e004cfbd3b72a \
-                    file://src/dmx.c;endline=33;md5=c43f19af03c7c8619cadc9724ed9afe1"
-
-DEPENDS += "libxext xorgproto"
-
-PE = "1"
-
-XORG_EXT = "tar.bz2"
-
-SRC_URI[md5sum] = "d2f1f0ec68ac3932dd7f1d9aa0a7a11c"
-SRC_URI[sha256sum] = "253f90005d134fa7a209fbcbc5a3024335367c930adf0f3203e754cf32747243"
diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.5.bb b/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.6.bb
similarity index 92%
rename from poky/meta/recipes-graphics/xorg-lib/libx11_1.8.5.bb
rename to poky/meta/recipes-graphics/xorg-lib/libx11_1.8.6.bb
index cf2e294..1cfa56b 100644
--- a/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.5.bb
+++ b/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.6.bb
@@ -24,7 +24,7 @@
 
 SRC_URI += "file://disable_tests.patch"
 
-SRC_URI[sha256sum] = "e362c6f03c793171becd1ce2078c64789504c7d7ff48ee40a76ff76b59f6b561"
+SRC_URI[sha256sum] = "59535b7cc6989ba806a022f7e8533b28c4397b9d86e9d07b6df0c0703fa25cc9"
 
 inherit gettext
 
diff --git a/poky/meta/recipes-graphics/xorg-lib/xcb-util-cursor_0.1.4.bb b/poky/meta/recipes-graphics/xorg-lib/xcb-util-cursor_0.1.4.bb
new file mode 100644
index 0000000..0476978
--- /dev/null
+++ b/poky/meta/recipes-graphics/xorg-lib/xcb-util-cursor_0.1.4.bb
@@ -0,0 +1,10 @@
+require recipes-graphics/xorg-lib/xcb-util.inc
+
+SUMMARY = "XCB port of libXcursor"
+
+DEPENDS += "xcb-util xcb-util-renderutil xcb-util-image"
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://COPYING;md5=ce469b61c70ff8d7cce0547476891974"
+
+SRC_URI[sha256sum] = "28dcfe90bcab7b3561abe0dd58eb6832aa9cc77cfe42fcdfa4ebe20d605231fb"
diff --git a/poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.38.bb b/poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.39.bb
similarity index 91%
rename from poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.38.bb
rename to poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.39.bb
index 53dfe16..4795464 100644
--- a/poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.38.bb
+++ b/poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.39.bb
@@ -13,7 +13,7 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=0e7f21ca7db975c63467d2e7624a12f9"
 
 SRC_URI = "${XORG_MIRROR}/individual/data/xkeyboard-config/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "0690a91bab86b18868f3eee6d41e9ec4ce6894f655443d490a2184bfac56c872"
+SRC_URI[sha256sum] = "5ac5f533eff7b0c116805fe254fd79b2c9882700a4f9f2c070f8c4eae5aaa682"
 
 SECTION = "x11/libs"
 DEPENDS = "util-macros libxslt-native"
diff --git a/poky/meta/recipes-graphics/xorg-lib/xtrans_1.4.0.bb b/poky/meta/recipes-graphics/xorg-lib/xtrans_1.5.0.bb
similarity index 69%
rename from poky/meta/recipes-graphics/xorg-lib/xtrans_1.4.0.bb
rename to poky/meta/recipes-graphics/xorg-lib/xtrans_1.5.0.bb
index cd5aedb..781382e 100644
--- a/poky/meta/recipes-graphics/xorg-lib/xtrans_1.4.0.bb
+++ b/poky/meta/recipes-graphics/xorg-lib/xtrans_1.5.0.bb
@@ -9,10 +9,8 @@
 
 require xorg-lib-common.inc
 
-LICENSE = "MIT & MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=49347921d4d5268021a999f250edc9ca"
-
-XORG_EXT = "tar.bz2"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://COPYING;md5=bc875e1c864f4f62b29f7d8651f627fa"
 
 SRC_URI += "file://multilibfix.patch"
 
@@ -24,5 +22,4 @@
 
 BBCLASSEXTEND = "native nativesdk"
 
-SRC_URI[md5sum] = "ce2fb8100c6647ee81451ebe388b17ad"
-SRC_URI[sha256sum] = "377c4491593c417946efcd2c7600d1e62639f7a8bbca391887e2c4679807d773"
+SRC_URI[sha256sum] = "1ba4b703696bfddbf40bacf25bce4e3efb2a0088878f017a50e9884b0c8fb1bd"
diff --git a/poky/meta/recipes-graphics/xorg-proto/xorgproto_2022.2.bb b/poky/meta/recipes-graphics/xorg-proto/xorgproto_2023.2.bb
similarity index 81%
rename from poky/meta/recipes-graphics/xorg-proto/xorgproto_2022.2.bb
rename to poky/meta/recipes-graphics/xorg-proto/xorgproto_2023.2.bb
index a1cd66c..94d37c5 100644
--- a/poky/meta/recipes-graphics/xorg-proto/xorgproto_2022.2.bb
+++ b/poky/meta/recipes-graphics/xorg-proto/xorgproto_2023.2.bb
@@ -6,10 +6,10 @@
 
 SECTION = "x11/libs"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://COPYING-x11proto;md5=dfc4bd2b0568b31725b85b0604e69b56"
+LIC_FILES_CHKSUM = "file://COPYING-x11proto;md5=0b9fe3db4015bcbe920e7c67a39ee3f1"
 
 SRC_URI = "${XORG_MIRROR}/individual/proto/${BP}.tar.xz"
-SRC_URI[sha256sum] = "5d13dbf2be08f95323985de53352c4f352713860457b95ccaf894a647ac06b9e"
+SRC_URI[sha256sum] = "b61fbc7db82b14ce2dc705ab590efc32b9ad800037113d1973811781d5118c2c"
 
 inherit meson
 
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index ecb164d..085fcaf 100644
--- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -20,16 +20,15 @@
 UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar"
 
 CVE_PRODUCT = "xorg-server x_server"
-# This is specific to Debian's xserver-wrapper.c
-CVE_CHECK_IGNORE += "CVE-2011-4613"
-# As per upstream, exploiting this flaw is non-trivial and it requires exact
-# timing on the behalf of the attacker. Many graphical applications exit if their
-# connection to the X server is lost, so a typical desktop session is either
-# impossible or difficult to exploit. There is currently no upstream patch
-# available for this flaw.
-CVE_CHECK_IGNORE += "CVE-2020-25697"
-# This is specific to XQuartz, which is the macOS X server port
-CVE_CHECK_IGNORE += "CVE-2022-3553"
+
+CVE_STATUS[CVE-2011-4613] = "not-applicable-platform: This is specific to Debian's xserver-wrapper.c"
+CVE_STATUS[CVE-2020-25697] = "upstream-wontfix: \
+As per upstream, exploiting this flaw is non-trivial and it requires exact \
+timing on the behalf of the attacker. Many graphical applications exit if their \
+connection to the X server is lost, so a typical desktop session is either \
+impossible or difficult to exploit. There is currently no upstream patch \
+available for this flaw."
+CVE_STATUS[CVE-2022-3553] = "cpe-incorrect: This is specific to XQuartz, which is the macOS X server port"
 
 S = "${WORKDIR}/${XORG_PN}-${PV}"
 
diff --git a/poky/meta/recipes-graphics/xwayland/xwayland_23.1.1.bb b/poky/meta/recipes-graphics/xwayland/xwayland_23.1.2.bb
similarity index 95%
rename from poky/meta/recipes-graphics/xwayland/xwayland_23.1.1.bb
rename to poky/meta/recipes-graphics/xwayland/xwayland_23.1.2.bb
index a065e92..de51653 100644
--- a/poky/meta/recipes-graphics/xwayland/xwayland_23.1.1.bb
+++ b/poky/meta/recipes-graphics/xwayland/xwayland_23.1.2.bb
@@ -10,7 +10,7 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880"
 
 SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz"
-SRC_URI[sha256sum] = "fb9461f5cb9fea5e07e91882311b0c88b43e8843b017ebac05eb5af69aa34c15"
+SRC_URI[sha256sum] = "bd25d8498ee4d77874fda125127e2db37fc332531febc966231ea06fae8cf77f"
 
 UPSTREAM_CHECK_REGEX = "xwayland-(?P<pver>\d+(\.(?!90\d)\d+)+)\.tar"
 
diff --git a/poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.2.bb b/poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.3.bb
similarity index 94%
rename from poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.2.bb
rename to poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.3.bb
index b5c0834..f9a3811 100644
--- a/poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.2.bb
+++ b/poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.3.bb
@@ -8,7 +8,7 @@
                     file://LICENSES/LGPL-2.1;md5=b370887980db5dd40659b50909238dbd"
 SECTION = "libs"
 
-SRCREV = "1c6f0f3b2bb47571fc455dc565dc343152517d98"
+SRCREV = "dd148189b74da3e2f45c7e536319fec97cb71213"
 SRC_URI = "git://git.kernel.org/pub/scm/libs/libtrace/libtraceevent.git;branch=${BPN};protocol=https \
            file://0001-makefile-Do-not-preserve-ownership-in-cp-command.patch"
 
diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
similarity index 99%
rename from poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb
rename to poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
index 3470131..329a3e3 100644
--- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb
+++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
@@ -134,7 +134,7 @@
                     "
 # WHENCE checksum is defined separately to ease overriding it if
 # class-devupstream is selected.
-WHENCE_CHKSUM  = "a0997fc7a9af4e46d96529d6ef13b58a"
+WHENCE_CHKSUM  = "57bf874056926f12aec2405d3fc390d9"
 
 # These are not common licenses, set NO_GENERIC_LICENSE for them
 # so that the license files will be copied from fetched source
@@ -212,7 +212,7 @@
 # Pin this to the 20220509 release, override this in local.conf
 SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
 
-SRC_URI[sha256sum] = "8b1acfa16f1ee94732a6acb50d9d6c835cf53af11068bd89ed207bbe04a1e951"
+SRC_URI[sha256sum] = "87597111c0d4b71b31e53cb85a92c386921b84c825a402db8c82e0e86015500d"
 
 inherit allarch
 
diff --git a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers/0001-include-linux-stddef.h-in-swab.h-uapi-header.patch b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers/0001-include-linux-stddef.h-in-swab.h-uapi-header.patch
deleted file mode 100644
index 5b7c1b6..0000000
--- a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers/0001-include-linux-stddef.h-in-swab.h-uapi-header.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From dc221138c809125dc1bbff8506c70cb7bd846368 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 12 Sep 2018 17:08:58 -0700
-Subject: [PATCH] include linux/stddef.h in swab.h uapi header
-
-swab.h uses __always_inline without including the header where it is
-defined, this is exposed by musl based distributions where this macro is
-not defined by system C library headers unlike glibc where it is defined
-in sys/cdefs.h and that header gets pulled in indirectly via
-
-features.h -> sys/cdefs.h
-
-and features.h gets pulled in a lot of headers. Therefore it may work in
-cases where features.h is includes but not otherwise.
-
-Adding linux/stddef.h here ensures that __always_inline is always
-defined independent of which C library is used in userspace
-
-Upstream-Status: Submitted [https://lkml.org/lkml/2018/9/13/78]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Cc: Philippe Ombredanne <pombredanne@nexb.com>
-Cc: Kate Stewart <kstewart@linuxfoundation.org>
-Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-
----
- include/uapi/linux/swab.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/include/uapi/linux/swab.h b/include/uapi/linux/swab.h
-index 7272f85d6..2912fe463 100644
---- a/include/uapi/linux/swab.h
-+++ b/include/uapi/linux/swab.h
-@@ -3,6 +3,7 @@
- #define _UAPI_LINUX_SWAB_H
- 
- #include <linux/types.h>
-+#include <linux/stddef.h>
- #include <linux/compiler.h>
- #include <asm/bitsperlong.h>
- #include <asm/swab.h>
diff --git a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.1.bb b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.4.bb
similarity index 74%
rename from poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.1.bb
rename to poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.4.bb
index cbdebdc..c523154 100644
--- a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.1.bb
+++ b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.4.bb
@@ -4,7 +4,6 @@
     file://0001-libc-compat.h-fix-some-issues-arising-from-in6.h.patch \
     file://0003-remove-inclusion-of-sysinfo.h-in-kernel.h.patch \
     file://0001-libc-compat.h-musl-_does_-define-IFF_LOWER_UP-DORMAN.patch \
-    file://0001-include-linux-stddef.h-in-swab.h-uapi-header.patch \
    "
 
 SRC_URI += "\
@@ -13,6 +12,6 @@
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
-SRC_URI[sha256sum] = "2ca1f17051a430f6fed1196e4952717507171acfd97d96577212502703b25deb"
+SRC_URI[sha256sum] = "8fa0588f0c2ceca44cac77a0e39ba48c9f00a6b9dc69761c02a5d3efac8da7f3"
 
 
diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index 4cc1519..2eb4836 100644
--- a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -1,20 +1,329 @@
+CVE_STATUS[CVE-2018-6559] = "not-applicable-platform: Issue only affects Ubuntu"
+
+# https://www.linuxkernelcves.com/cves/CVE-2019-3016
+# Fixed with 5.6
+CVE_STATUS[CVE-2019-3016] = "fixed-version: Fixed in version v5.6"
+
+# https://www.linuxkernelcves.com/cves/CVE-2019-3819
+# Fixed with 5.1
+CVE_STATUS[CVE-2019-3819] = "fixed-version: Fixed in version v5.1"
+
+# https://www.linuxkernelcves.com/cves/CVE-2019-3887
+# Fixed with 5.2
+CVE_STATUS[CVE-2019-3887] = "fixed-version: Fixed in version v5.2"
+
+CVE_STATUS[CVE-2020-11935] = "not-applicable-config: Issue only affects aufs, which is not in linux-yocto"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27784
+# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9
+# Patched in kernel since v5.10	e8d5f92b8d30bb4ade76494490c3c065e12411b1
+# Backported in version v5.4.73	e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3
+CVE_STATUS[CVE-2020-27784] = "cpe-stable-backport: Backported in version v5.4.73"
+
+
+# 2021
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3669
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9
+CVE_STATUS[CVE-2021-3669] = "fixed-version: Fixed in version v5.15"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3759
+# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996
+# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f
+# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92
+# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196
+CVE_STATUS[CVE-2021-3759] = "cpe-stable-backport: Backported in versions v5.4.224 and v6.1.11"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4218
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469
+CVE_STATUS[CVE-2021-4218] = "fixed-version: Fixed in version v5.8"
+
+
+# 2022
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0480
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042
+CVE_STATUS[CVE-2022-0480] = "fixed-version: Fixed in version v5.15"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1184
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371
+# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064
+# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb
+# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d
+CVE_STATUS[CVE-2022-1184] = "cpe-stable-backport: Backported in versions v5.4.198, v5.10.121 and v5.15.46"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1462
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23
+# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132
+# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c
+# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29
+CVE_STATUS[CVE-2022-1462] = "cpe-stable-backport: Backported in versions v5.4.208, v5.10.134 and v5.15.58"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2196
+# Introduced in version v5.8 5c911beff20aa8639e7a1f28988736c13e03ed54
+# Breaking commit backported in v5.4.47 64b8f33b2e1e687d465b5cb382e7bec495f1e026
+# Patched in kernel since v6.2 2e7eab81425ad6c875f2ed47c0ce01e78afc38a5
+# Backported in version v5.4.233 f93a1a5bdcdd122aae0a3eab7a52c15b71fb725b
+# Backported in version v5.10.170 1b0cafaae8884726c597caded50af185ffc13349
+# Backported in version v5.15.96 6b539a7dbb49250f92515c2ba60aea239efc9e35
+# Backported in version v6.1.14 63fada296062e91ad9f871970d4e7f19e21a6a15
+CVE_STATUS[CVE-2022-2196] = "cpe-stable-backport: Backported in versions v5.4.1233, v5.10.170, v5.15.46 and v6.1.14"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2308
+# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e
+# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b
+# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a
+# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac
+CVE_STATUS[CVE-2022-2308] = "cpe-stable-backport: Backported in versions v5.15.72 and v5.19.14"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2327
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859
+CVE_STATUS[CVE-2022-2327] = "fixed-version: Fixed in version v5.10.125"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2663
+# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008
+# Patched in kernel since v6.0 0efe125cfb99e6773a7434f3463f7c2fa28f3a43
+# Backported in version v5.4.213 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547
+# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca
+# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4
+# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d
+CVE_STATUS[CVE-2022-2663] = "cpe-stable-backport: Backported in versions v5.4.213, v5.10.143, v5.15.68 and v5.19.9"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2785
+# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74
+# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46
+# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd
+CVE_STATUS[CVE-2022-2785] = "cpe-stable-backport: Backported in version v5.19.4"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3176
+# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58
+# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396
+# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5
+CVE_STATUS[CVE-2022-3176] = "cpe-stable-backport: Backported in version v5.15.65"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3424
+# Introduced in version v2.6.33 55484c45dbeca2eec7642932ec3f60f8a2d4bdbf
+# Patched in kernel since v6.2 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
+# Backported in version v5.4.229 0078dd8758561540ed30b2c5daa1cb647e758977
+# Backported in version v5.10.163 0f67ed565f20ea2fdd98e3b0b0169d9e580bb83c
+# Backported in version v5.15.86 d5c8f9003a289ee2a9b564d109e021fc4d05d106
+# Backported in version v6.1.2 4e947fc71bec7c7da791f8562d5da233b235ba5e
+CVE_STATUS[CVE-2022-3424] = "cpe-stable-backport: Backported in versions v5.4.229, v5.10.163, v5.15.86 and v 6.1.2"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3435
+# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82
+# Breaking commit backported in v5.4.189 f5064531c23ad646da7be8b938292b00a7e61438
+# Breaking commit backported in v5.10.111 63ea57478aaa3e06a597081a0f537318fc04e49f
+# Breaking commit backported in v5.15.34 907c97986d6fa77318d17659dd76c94b65dd27c5
+# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883
+# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
+# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e
+# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133
+CVE_STATUS[CVE-2022-3435] = "cpe-stable-backport: Backported in versions v5.4.226, v5.10.158 and v5.15.82"
+
 # https://nvd.nist.gov/vuln/detail/CVE-2022-3523
 # Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
 # Patched in kernel since v6.1 16ce101db85db694a91380aa4c89b25530871d33
-CVE_CHECK_IGNORE += "CVE-2022-3523"
+CVE_STATUS[CVE-2022-3523] = "fixed-version: Fixed in version v6.1"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3526
+# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d
+# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442
+# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b
+CVE_STATUS[CVE-2022-3526] = "cpe-stable-backport: Backported in version v5.15.35"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3534
+# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59
+# Patched in kernel since v6.2 93c660ca40b5d2f7c1b1626e955a8e9fa30e0749
+# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8
+# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b
+# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d
+CVE_STATUS[CVE-2022-3534] = "cpe-stable-backport: Backported in versions v5.10.163, v5.15.86 and v6.1.2"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3564
+# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060
+# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966
+# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569
+# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde
+CVE_STATUS[CVE-2022-3564] = "cpe-stable-backport: Backported in versions v5.10.154 and v5.15.78"
 
 # https://nvd.nist.gov/vuln/detail/CVE-2022-3566
 # Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
 # Patched in kernel since v6.1 f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57
-CVE_CHECK_IGNORE += "CVE-2022-3566"
+CVE_STATUS[CVE-2022-3566] = "fixed-version: Fixed in version v6.1"
 
 # https://nvd.nist.gov/vuln/detail/CVE-2022-3567
 # Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
 # Patched in kernel since v6.1 364f997b5cfe1db0d63a390fe7c801fa2b3115f6
-CVE_CHECK_IGNORE += "CVE-2022-3567"
+CVE_STATUS[CVE-2022-3567] = "fixed-version: Fixed in version v6.1"
 
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3619
+# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528
+# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42
+# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c
+CVE_STATUS[CVE-2022-3619] = "cpe-stable-backport: Backported in version v5.15.78"
 
-# 2023
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3621
+# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184
+# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856
+# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c
+# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2
+# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55
+# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd
+CVE_STATUS[CVE-2022-3621] = "cpe-stable-backport: Backported in versions v5.4.218, v5.10.148, v5.15.74 and v5.19.16"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3623
+# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8
+# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f
+# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c
+# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850
+# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff
+# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54
+CVE_STATUS[CVE-2022-3623] = "cpe-stable-backport: Backported in versions v5.4.228, v5.10.159, v5.15.78 and v 5.19.17"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3624
+# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e
+# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971
+CVE_STATUS[CVE-2022-3624] = "fixed-version: Fixed in version v6.0"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3625
+# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0
+# Patched in kernel since v6.0 6b4db2e528f650c7fb712961aac36455468d5902
+# Backported in version v5.4.211 1ad4ba9341f15412cf86dc6addbb73871a10212f
+# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33
+# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301
+# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9
+CVE_STATUS[CVE-2022-3625] = "cpe-stable-backport: Backported in versions v5.4.211, v5.10.138, v5.15.63 and v5.19.4"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3629
+# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238
+# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d
+# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d
+# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50
+# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795
+# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72
+CVE_STATUS[CVE-2022-3629] = "cpe-stable-backport: Backported in versions v5.4.211, v5.10.138, v5.15.63 and v5.19.4"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3630
+# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da
+# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1
+# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b
+CVE_STATUS[CVE-2022-3630] = "cpe-stable-backport: Backported in version v5.19.4"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3633
+# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c
+# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6
+# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93
+# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027
+# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2
+# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de
+CVE_STATUS[CVE-2022-3633] = "cpe-stable-backport: Backported in versions v5.4.211, v5.10.138, v5.15.63 and v5.19.4"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3635
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b
+# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253
+# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e
+# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4
+# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835
+CVE_STATUS[CVE-2022-3635] = "cpe-stable-backport: Backported in versions v5.4.211, v5.10.138, v5.15.63 and v5.19.4"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3636
+# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7
+# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6
+CVE_STATUS[CVE-2022-3636] = "cpe-stable-backport: Backported in version v5.19"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3640
+# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0
+# Breaking commit backported in v5.4.209 098e07ef0059296e710a801cdbd74b59016e6624
+# Breaking commit backported in v5.10.135 de5d4654ac6c22b1be756fdf7db18471e7df01ea
+# Breaking commit backported in v5.15.59 f32d5615a78a1256c4f557ccc6543866e75d03f4
+# Patched in kernel since v6.1 0d0e2d032811280b927650ff3c15fe5020e82533
+# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab
+# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd
+# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a
+CVE_STATUS[CVE-2022-3640] = "cpe-stable-backport: Backported in versions v5.4.224, v5.10.154 and v5.15.78"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3646
+# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453
+# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306
+# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393
+# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee
+# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc
+# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570
+CVE_STATUS[CVE-2022-3646] = "cpe-stable-backport: Backported in versions v5.4.218, v5.10.148, v5.15.74 and v5.19.16"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3649
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09
+# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926
+# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652
+# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006
+# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4
+CVE_STATUS[CVE-2022-3649] = "cpe-stable-backport: Backported in versions v5.4.220, v5.10.148, v5.15.74 and v5.19.16"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4382
+# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191
+# Patched in kernel since v6.2-rc5 d18dcfe9860e842f394e37ba01ca9440ab2178f4
+# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae
+# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4
+# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9
+# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3
+CVE_STATUS[CVE-2022-4382] = "cpe-stable-backport: Backported in versions v5.4.230, v5.10.165, v5.15.90 and v6.1.8"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-26365
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7
+# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506
+# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1
+# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9
+CVE_STATUS[CVE-2022-26365] = "cpe-stable-backport: Backported in versions v5.4.204, v5.10.129 and v5.15.53"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33740
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010
+# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14
+# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404
+# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961
+CVE_STATUS[CVE-2022-33740] = "cpe-stable-backport: Backported in versions v5.4.204, v5.10.129 and v5.15.53"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33741
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e
+# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd
+# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca
+# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49
+CVE_STATUS[CVE-2022-33741] = "cpe-stable-backport: Backported in versions v5.4.204, v5.10.129 and v5.15.53"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33742
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9
+# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997
+# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6
+# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3
+CVE_STATUS[CVE-2022-33742] = "cpe-stable-backport: Backported in versions v5.4.204, v5.10.129 and v5.15.53"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42895
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e
+# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89
+# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7
+# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422
+CVE_STATUS[CVE-2022-42895] = "cpe-stable-backport: Backported in versions v5.4.224, v5.10.154 and v5.15.78"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42896
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.1 711f8c3fb3db61897080468586b970c87c61d9e4
+# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b
+# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476
+# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a
+CVE_STATUS[CVE-2022-42896] = "cpe-stable-backport: Backported in versions v5.4.226, v5.10.154 and v5.15.78"
 
 # https://nvd.nist.gov/vuln/detail/CVE-2022-38457
 # https://nvd.nist.gov/vuln/detail/CVE-2022-40133
@@ -26,11 +335,271 @@
 #  * https://www.linuxkernelcves.com/cves/CVE-2022-38457
 #  * https://www.linuxkernelcves.com/cves/CVE-2022-40133
 #  * https://lore.kernel.org/all/CAODzB9q3OBD0k6W2bcWrSZo2jC3EvV0PrLyWmO07rxR4nQgkJA@mail.gmail.com/T/
-CVE_CHECK_IGNORE += "CVE-2022-38457 CVE-2022-40133"
+CVE_STATUS[CVE-2022-38457] = "cpe-stable-backport: Backported in version v6.1.7"
+CVE_STATUS[CVE-2022-40133] = "cpe-stable-backport: Backported in version v6.1.7"
+
+# Backported to 6.1.33
+CVE_STATUS[CVE-2022-48425] = "cpe-stable-backport: Backported in version v6.1.33"
+
+# 2023
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0179
+# Patched in kernel since v6.2 696e1a48b1a1b01edad542a1ef293665864a4dd0
+# Backported in version v5.10.164 550efeff989b041f3746118c0ddd863c39ddc1aa
+# Backported in version v5.15.89 a8acfe2c6fb99f9375a9325807a179cd8c32e6e3
+# Backported in version v6.1.7 76ef74d4a379faa451003621a84e3498044e7aa3
+CVE_STATUS[CVE-2023-0179] = "cpe-stable-backport: Backported in versions v5.10.164, v5.15.89 and v6.1.7"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0266
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e
+# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c
+# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1
+CVE_STATUS[CVE-2023-0266] = "cpe-stable-backport: Backported in versions v5.15.88 and v6.1.6"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0394
+# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251
+# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17
+# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d
+# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5
+# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf
+# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
+CVE_STATUS[CVE-2023-0394] = "cpe-stable-backport: Backported in versions v5.4.229, v5.10.164, v5.15.89 and v6.1.7"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0386
+# Introduced in 5.11 459c7c565ac36ba09ffbf24231147f408fde4203
+# Patched in kernel v6.2 4f11ada10d0ad3fd53e2bd67806351de63a4f9c3
+# Backported in version 5.15.91 e91308e63710574c4b6a0cadda3e042a3699666e
+# Backported in version 6.1.9 42fea1c35254c49cce07c600d026cbc00c6d3c81
+CVE_STATUS[CVE-2023-0386] = "cpe-stable-backport: Backported in versions v5.15.91 and v6.1.9"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0461
+# Introduced in version v4.13 734942cc4ea6478eed125af258da1bdbb4afe578
+# Patched in kernel since v6.2 2c02d41d71f90a5168391b6a5f2954112ba2307c
+# Backported in version v5.4.229 c6d29a5ffdbc362314853462a0e24e63330a654d
+# Backported in version v5.10.163 f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0
+# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6
+# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c
+CVE_STATUS[CVE-2023-0461] = "cpe-stable-backport: Backported in versions v5.4.229, v5.10.163, v5.15.88 and v6.1.5"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1073
+# Introduced in v3.16 1b15d2e5b8077670b1e6a33250a0d9577efff4a5
+# Patched in kernel v6.2 b12fece4c64857e5fab4290bf01b2e0317a88456
+# Backported in version 5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58
+# Backported in version 5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64
+# Backported in version 6.1.9 cdcdc0531a51659527fea4b4d064af343452062d
+CVE_STATUS[CVE-2023-1073] = "cpe-stable-backport: Backported in versions v5.10.166, v5.15.91 and v6.1.9"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1074
+# Patched in kernel v6.2 458e279f861d3f61796894cd158b780765a1569f
+# Backported in version 5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32
+# Backported in version 6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3
+CVE_STATUS[CVE-2023-1074] = "cpe-stable-backport: Backported in versions v5.15.91 andv6.1.9"
 
 # https://nvd.nist.gov/vuln/detail/CVE-2023-1075
 # Introduced in v4.20 a42055e8d2c30d4decfc13ce943d09c7b9dad221
 # Patched in kernel v6.2 ffe2a22562444720b05bdfeb999c03e810d84cbb
 # Backported in version 6.1.11 37c0cdf7e4919e5f76381ac60817b67bcbdacb50
 # 5.15 still has issue, include/net/tls.h:is_tx_ready() would need patch
-CVE_CHECK_IGNORE += "CVE-2023-1075"
+CVE_STATUS[CVE-2023-1075] = "cpe-stable-backport: Backported in version v6.1.11"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1076
+# Patched in kernel v6.3 a096ccca6e503a5c575717ff8a36ace27510ab0a
+# Backported in version v5.4.235 d92d87000eda9884d49f1acec1c1fccd63cd9b11
+# Backported in version v5.10.173 9a31af61f397500ccae49d56d809b2217d1e2178
+# Backported in version v5.15.99 67f9f02928a34aad0a2c11dab5eea269f5ecf427
+# Backported in version v6.1.16 b4ada752eaf1341f47bfa3d8ada377eca75a8d44
+# Backported in version v6.2.3 4aa4b4b3b3e9551c4de2bf2987247c28805fb8f6
+CVE_STATUS[CVE-2023-1076] = "cpe-stable-backport: Backported in versions v5.4.235, v5.10.173, v5.15.99, v6.1.16 and v6.2.3"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1077
+# Patched in kernel 6.3rc1 7c4a5b89a0b5a57a64b601775b296abf77a9fe97
+# Backported in version 5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7
+# Backported in version 6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3
+CVE_STATUS[CVE-2023-1077] = "cpe-stable-backport: Backported in versions v5.15.99 and v6.1.16"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1078
+# Patched in kernel 6.2 f753a68980cf4b59a80fe677619da2b1804f526d
+# Backported in version 5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba
+# Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3
+CVE_STATUS[CVE-2023-1078] = "cpe-stable-backport: Backported in versions v5.15.94 and v6.1.12"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1079
+# Patched in kernel since v6.3-rc1 4ab3a086d10eeec1424f2e8a968827a6336203df
+# Backported in version v5.4.235 dd08e68d04d08d2f42b09162c939a0b0841216cc
+# Backported in version v5.10.173 21a2eec4a440060a6eb294dc890eaf553101ba09
+# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138
+# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e
+# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540
+CVE_STATUS[CVE-2023-1079] = "cpe-stable-backport: Backported in versions v5.4.235, v5.10.173, v5.15.99, v6.1.16 and v6.2.3"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1118
+# Introduced in version v2.6.36 9ea53b74df9c4681f5bb2da6b2e10e37d87ea6d6
+# Patched in kernel since v6.3-rc1 29b0589a865b6f66d141d79b2dd1373e4e50fe17
+# Backported in version v5.4.235 d120334278b370b6a1623a75ebe53b0c76cb247c
+# Backported in version v5.10.173 78da5a378bdacd5bf68c3a6389bdc1dd0c0f5b3c
+# Backported in version v5.15.99 29962c478e8b2e6a6154d8d84b8806dbe36f9c28
+# Backported in version v6.1.16 029c1410e345ce579db5c007276340d072aac54a
+# Backported in version v6.2.3 182ea492aae5b64067277e60a4ea5995c4628555
+CVE_STATUS[CVE-2023-1118] = "cpe-stable-backport: Backported in versions v5.4.235, v5.10.173, v5.15.99, v6.1.16 and v6.2.3"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1281
+# Introduced in version v4.14 9b0d4446b56904b59ae3809913b0ac760fa941a6
+# Patched in kernel since v6.2 ee059170b1f7e94e55fa6cadee544e176a6e59c2
+# Backported in version v5.10.169 eb8e9d8572d1d9df17272783ad8a84843ce559d4
+# Backported in version v5.15.95 becf55394f6acb60dd60634a1c797e73c747f9da
+# Backported in version v6.1.13 bd662ba56187b5ef8a62a3511371cd38299a507f
+CVE_STATUS[CVE-2023-1281] = "cpe-stable-backport: Backported in versions v5.10.169, v5.15.95 and v6.1.13"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1513
+# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952
+# Backported in version v5.4.232 9f95a161a7deef62d6d2f57b1a69f94e0546d8d8
+# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107
+# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8
+# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb
+CVE_STATUS[CVE-2023-1513] = "cpe-stable-backport: Backported in versions v5.4.232, v5.10.169, v5.15.95 and v6.1.13"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1652
+# Patched in kernel since v6.2 e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd
+# Backported in version v5.15.91 0a27dcd5343026ac0cb168ee63304255372b7a36
+# Backported in version v6.1.9 32d5eb95f8f0e362e37c393310b13b9e95404560
+# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1652
+# Ref: Debian kernel-sec team: https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/retired/CVE-2023-1652
+CVE_STATUS[CVE-2023-1652] = "cpe-stable-backport: Backported in versions v5.15.91 and v6.1.9"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1829
+# Patched in kernel since v6.3-rc1 8c710f75256bb3cf05ac7b1672c82b92c43f3d28
+# Backported in version v5.4.235 7a6fb69bbcb21e9ce13bdf18c008c268874f0480
+# Backported in version v5.10.173 18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6
+# Backported in version v5.15.100 7c183dc0af472dec33d2c0786a5e356baa8cad19
+# Backported in version v6.1.18 3abebc503a5148072052c229c6b04b329a420ecd
+# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd
+# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1829
+# Ref: Debian kernel-sec team : https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/active/CVE-2023-1829
+CVE_STATUS[CVE-2023-1829] = "cpe-stable-backport: Backported in versions v5.4.235, v5.10.173, v5.15.100, v6.1.18 and v6.2.5"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-28466
+# Introduced in version v4.13 3c4d7559159bfe1e3b94df3a657b2cda3a34e218
+# Patched in kernel since v6.3-rc2 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962
+# Backported in version v5.15.105 0b54d75aa43a1edebc8a3770901f5c3557ee0daa
+# Backported in version v6.1.20 14c17c673e1bba08032d245d5fb025d1cbfee123
+# Backported in version v6.2.7 5231fa057bb0e52095591b303cf95ebd17bc62ce
+CVE_STATUS[CVE-2023-28466] = "cpe-stable-backport: Backported in versions v5.15.05, v6.1.20 and v6.2.7"
+
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-0615
+# Fixed in 6.1 onwards
+CVE_STATUS[CVE-2023-0615] = "fixed-version: Fixed in version v6.1 onwards"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-28328
+# Fixed with 6.1.2
+CVE_STATUS[CVE-2023-28328] = "fixed-version: Fixed in version v6.1.2"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-2162
+# Fixed in 6.1.11
+CVE_STATUS[CVE-2023-2162] = "fixed-version: Fixed in version v6.1.11"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-0459
+# Fixed in 6.1.14 onwards
+CVE_STATUS[CVE-2023-0459] = "fixed-version: Fixed in version v6.1.14"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-1999
+# https://www.linuxkernelcves.com/cves/CVE-2023-2985
+# Fixed in 6.1.16
+CVE_STATUS[CVE-2023-1998] = "fixed-version: Fixed in version v6.1.16"
+CVE_STATUS[CVE-2023-2985] = "fixed-version: Fixed in version v6.1.16"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-1855
+# https://www.linuxkernelcves.com/cves/CVE-2023-1990
+# https://www.linuxkernelcves.com/cves/CVE-2023-2235
+# https://www.linuxkernelcves.com/cves/CVE-2023-30456
+# Fixed in 6.1.21
+CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_6121"
+CVE_STATUS_KERNEL_6121 = "CVE-2023-1855 CVE-2023-1990 CVE-2023-2235 CVE-2023-30456"
+CVE_STATUS_KERNEL_6121[status] =  "fixed-version: Fixed in version v6.1.21"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-1989
+# https://www.linuxkernelcves.com/cves/CVE-2023-2194
+# https://www.linuxkernelcves.com/cves/CVE-2023-28866
+# https://www.linuxkernelcves.com/cves/CVE-2023-30772
+# https://www.linuxkernelcves.com/cves/CVE-2023-33203
+# https://www.linuxkernelcves.com/cves/CVE-2023-33288
+# Fixed with 6.1.22
+CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_6122"
+CVE_STATUS_KERNEL_6122 = "CVE-2023-2194 CVE-2023-1989 CVE-2023-28866 CVE-2023-30772 CVE-2023-33203 CVE-2023-33288"
+CVE_STATUS_KERNEL_6122[status] =  "fixed-version: Fixed in version v6.1.22"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-1611
+# Fixed in 6.1.23
+CVE_STATUS[CVE-2023-1611] = "fixed-version: Fixed in version v6.1.23"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-1859
+# Fixed in 6.1.25
+CVE_STATUS[CVE-2023-1859] = "fixed-version: Fixed in version v6.1.25"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-2156
+# https://www.linuxkernelcves.com/cves/CVE-2023-31436
+# Fixed in 6.1.26
+CVE_STATUS[CVE-2023-2156] = "fixed-version: Fixed in version v6.1.26"
+CVE_STATUS[CVE-2023-31436] = "fixed-version: Fixed in version v6.1.26"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-1380
+# https://www.linuxkernelcves.com/cves/CVE-2023-2002
+# Fixed in 6.1.27
+CVE_STATUS[CVE-2023-1380] = "fixed-version: Fixed in version v6.1.27"
+CVE_STATUS[CVE-2023-2002] = "fixed-version: Fixed in version v6.1.27"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-32233
+# Fixed with 6.1.28
+CVE_STATUS[CVE-2023-32233] = "fixed-version: Fixed in version v6.1.28"
+
+# https://www.linuxkernelcves.com/cves/CVE-2023-34256
+# Fixed in 6.1.29
+CVE_STATUS[CVE-2023-34256] = "fixed-version: Fixed in version v6.1.29"
+
+
+# Backported to 6.1.9
+CVE_STATUS[CVE-2023-3358] = "cpe-stable-backport: Backported in version v6.1.9"
+
+# Backported to 6.1.11
+CVE_STATUS[CVE-2023-3359] = "cpe-stable-backport: Backported in version v6.1.11"
+CVE_STATUS[CVE-2023-3161] = "cpe-stable-backport: Backported in version v6.1.11"
+
+# Backported to 6.1.16
+CVE_STATUS[CVE-2023-3220] = "cpe-stable-backport: Backported in version v6.1.16"
+
+# Backported to 6.1.28
+CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_6128"
+CVE_STATUS_KERNEL_6128 = "CVE-2023-3268 CVE-2023-35823 CVE-2023-35824 CVE-2023-35826 CVE-2023-35828 CVE-2023-35829"
+CVE_STATUS_KERNEL_6122[status] = "cpe-stable-backport: Backported in version v6.1.28"
+
+# Backported to 6.1.30
+# Backported to 6.1.30 as 9a342d4
+CVE_STATUS[CVE-2023-3090] = "cpe-stable-backport: Backported in version v6.1.30"
+CVE_STATUS[CVE-2023-3141] = "cpe-stable-backport: Backported in version v6.1.30 as 9a342d4"
+
+# Backported to 6.1.33
+CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_6133"
+CVE_STATUS_KERNEL_6133 = "CVE-2023-2124 CVE-2023-3212 CVE-2023-35788"
+CVE_STATUS_KERNEL_6133[status] = "cpe-stable-backport: Backported in version v6.1.33"
+
+# Backported to 6.1.35
+CVE_STATUS[CVE-2023-3117] = "cpe-stable-backport: Backported in version v6.1.35"
+CVE_STATUS[CVE-2023-3390] = "cpe-stable-backport: Backported in version v6.1.35"
+
+# Backported to 6.1.36
+CVE_STATUS[CVE-2023-3389] = "cpe-stable-backport: Backported in version v6.1.36"
+
+# Only in 6.2.0 to 6.2.14, and 6.3.0 to 6.3.1
+CVE_STATUS[CVE-2023-3312] = "not-applicable-config: Only in versions v6.2.0 to v6.2.4 and v6.3.0 to v6.3.1"
+
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23005
+# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b
+# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee
+# But, the CVE is disputed:
+CVE_STATUS[CVE-2023-23005] = "disputed: There are no realistic cases \
+in which a user can cause the alloc_memory_type error case to be reached. \
+See: https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2"
+
+CVE_STATUS[CVE-2023-28464] = "not-applicable-config: Only in 6.3-rc"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
index 54ead24..d4488b3 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
@@ -14,13 +14,13 @@
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "6f370bf9127713eccdfb3cf009c46ef4852aec28"
-SRCREV_meta ?= "b358c237cf493dcf5af1760fc4632ede32e1ff2e"
+SRCREV_machine ?= "efb2c857761e865cd7947aab42eaa5ba77ef6ee7"
+SRCREV_meta ?= "cba89f406c6e07a16018cb77b51950cbae8ec654"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.1.35"
+LINUX_VERSION ?= "6.1.38"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb
new file mode 100644
index 0000000..9273a08
--- /dev/null
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb
@@ -0,0 +1,48 @@
+KBRANCH ?= "v6.4/standard/preempt-rt/base"
+
+require recipes-kernel/linux/linux-yocto.inc
+
+# CVE exclusions
+include recipes-kernel/linux/cve-exclusion_6.4.inc
+
+# Skip processing of this recipe if it is not explicitly specified as the
+# PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying
+# to build multiple virtual/kernel providers, e.g. as dependency of
+# core-image-rt-sdk, core-image-rt.
+python () {
+    if d.getVar("KERNEL_PACKAGE_NAME") == "kernel" and d.getVar("PREFERRED_PROVIDER_virtual/kernel") != "linux-yocto-rt":
+        raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
+}
+
+SRCREV_machine ?= "917d160a84f61aada28d09f5afc04d6451fa52a0"
+SRCREV_meta ?= "dab56f52aa33b5cea1513b36b98e50a6c7c31f47"
+
+SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
+           git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.4;destsuffix=${KMETA};protocol=https"
+
+LINUX_VERSION ?= "6.4.3"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
+
+DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
+DEPENDS += "openssl-native util-linux-native"
+
+PV = "${LINUX_VERSION}+git${SRCPV}"
+
+KMETA = "kernel-meta"
+KCONF_BSP_AUDIT_LEVEL = "1"
+
+LINUX_KERNEL_TYPE = "preempt-rt"
+
+COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm|qemuarmv5|qemuarm64|qemuppc|qemumips)$"
+
+KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb"
+
+# Functionality flags
+KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc features/taskstats/taskstats.scc"
+KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
+KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc"
+KERNEL_FEATURES:append:qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
+KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
+KERNEL_FEATURES:append = "${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}"
+KERNEL_FEATURES:append = "${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
index fd2e251..4e45e25 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
@@ -8,7 +8,7 @@
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.1.inc
 
-LINUX_VERSION ?= "6.1.35"
+LINUX_VERSION ?= "6.1.38"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_meta ?= "b358c237cf493dcf5af1760fc4632ede32e1ff2e"
+SRCREV_machine ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_meta ?= "cba89f406c6e07a16018cb77b51950cbae8ec654"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb
new file mode 100644
index 0000000..39abfcb
--- /dev/null
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb
@@ -0,0 +1,33 @@
+KBRANCH ?= "v6.4/standard/tiny/base"
+
+LINUX_KERNEL_TYPE = "tiny"
+KCONFIG_MODE = "--allnoconfig"
+
+require recipes-kernel/linux/linux-yocto.inc
+
+# CVE exclusions
+include recipes-kernel/linux/cve-exclusion_6.4.inc
+
+LINUX_VERSION ?= "6.4.3"
+LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
+
+DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
+DEPENDS += "openssl-native util-linux-native"
+
+KMETA = "kernel-meta"
+KCONF_BSP_AUDIT_LEVEL = "2"
+
+SRCREV_machine ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_meta ?= "dab56f52aa33b5cea1513b36b98e50a6c7c31f47"
+
+PV = "${LINUX_VERSION}+git${SRCPV}"
+
+SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
+           git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.4;destsuffix=${KMETA};protocol=https"
+
+COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm64|qemuarm|qemuarmv5)$"
+
+# Functionality flags
+KERNEL_FEATURES = ""
+
+KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto.inc b/poky/meta/recipes-kernel/linux/linux-yocto.inc
index 04a8105..0cc303c 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto.inc
+++ b/poky/meta/recipes-kernel/linux/linux-yocto.inc
@@ -62,7 +62,7 @@
 KERNEL_DEBUG ?= ""
 # These used to be version specific, but are now common dependencies.  New
 # tools / dependencies will continue to be added in version specific recipes.
-DEPENDS += '${@bb.utils.contains_any("ARCH", [ "x86", "arm64" ], "elfutils-native", "", d)}'
+DEPENDS += '${@bb.utils.contains_any("ARCH", [ "x86", "arm64", "powerpc" ], "elfutils-native", "", d)}'
 DEPENDS += "openssl-native util-linux-native"
 DEPENDS += "gmp-native libmpc-native"
 DEPENDS += '${@bb.utils.contains("KERNEL_DEBUG", "True", "pahole-native", "", d)}'
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb
index 1838a1e..a76d2dc 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb
@@ -17,25 +17,25 @@
 KBRANCH:qemuloongarch64  ?= "v6.1/standard/base"
 KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "915f4d2237d1c8e23eb67eda0b8e9b24373a80b4"
-SRCREV_machine:qemuarm64 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_machine:qemuloongarch64 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_machine:qemumips ?= "1aad3fa2eba5594fb4e779fc53fef6046d833c91"
-SRCREV_machine:qemuppc ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_machine:qemuriscv64 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_machine:qemuriscv32 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_machine:qemux86 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_machine:qemux86-64 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_machine:qemumips64 ?= "53e7685d6da27e112397e71c27a0bce0fc9313a9"
-SRCREV_machine ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df"
-SRCREV_meta ?= "b358c237cf493dcf5af1760fc4632ede32e1ff2e"
+SRCREV_machine:qemuarm ?= "a74344429a095a5941cd8dfac532160349344c92"
+SRCREV_machine:qemuarm64 ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_machine:qemuloongarch64 ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_machine:qemumips ?= "78c81e178f8e2ffbb7c03cd324cf50ee0c5c4cf2"
+SRCREV_machine:qemuppc ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_machine:qemuriscv64 ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_machine:qemuriscv32 ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_machine:qemux86 ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_machine:qemux86-64 ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_machine:qemumips64 ?= "6c6b1170464e1f64f78a45cf7e78d5c678f38f48"
+SRCREV_machine ?= "b110cf9bbc395fe757956839d8110e72368699f4"
+SRCREV_meta ?= "cba89f406c6e07a16018cb77b51950cbae8ec654"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "e84a4e368abe42cf359fe237f0238820859d5044"
+SRCREV_machine:class-devupstream ?= "61fd484b2cf6bc8022e8e5ea6f693a9991740ac2"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.1/base"
 
@@ -44,7 +44,7 @@
 SRC_URI += "file://0001-perf-cpumap-Make-counter-as-unsigned-ints.patch"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.1.35"
+LINUX_VERSION ?= "6.1.38"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.4.bb
new file mode 100644
index 0000000..443a89c
--- /dev/null
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.4.bb
@@ -0,0 +1,71 @@
+KBRANCH ?= "v6.4/standard/base"
+
+require recipes-kernel/linux/linux-yocto.inc
+
+# CVE exclusions
+include recipes-kernel/linux/cve-exclusion_6.4.inc
+
+# board specific branches
+KBRANCH:qemuarm  ?= "v6.4/standard/arm-versatile-926ejs"
+KBRANCH:qemuarm64 ?= "v6.4/standard/qemuarm64"
+KBRANCH:qemumips ?= "v6.4/standard/mti-malta32"
+KBRANCH:qemuppc  ?= "v6.4/standard/qemuppc"
+KBRANCH:qemuriscv64  ?= "v6.4/standard/base"
+KBRANCH:qemuriscv32  ?= "v6.4/standard/base"
+KBRANCH:qemux86  ?= "v6.4/standard/base"
+KBRANCH:qemux86-64 ?= "v6.4/standard/base"
+KBRANCH:qemuloongarch64  ?= "v6.4/standard/base"
+KBRANCH:qemumips64 ?= "v6.4/standard/mti-malta64"
+
+SRCREV_machine:qemuarm ?= "aa7642358697dc9be32c4563a3d950f257a3f2ed"
+SRCREV_machine:qemuarm64 ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_machine:qemuloongarch64 ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_machine:qemumips ?= "8a3ac37b45e7dcc98d28ab3920309340202272d9"
+SRCREV_machine:qemuppc ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_machine:qemuriscv64 ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_machine:qemuriscv32 ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_machine:qemux86 ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_machine:qemux86-64 ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_machine:qemumips64 ?= "144ff37fee7f0499574d5b508e4db82234f38fec"
+SRCREV_machine ?= "dee78ad1963cff9c063fba486d43fc9670285883"
+SRCREV_meta ?= "dab56f52aa33b5cea1513b36b98e50a6c7c31f47"
+
+# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
+# get the <version>/base branch, which is pure upstream -stable, and the same
+# meta SRCREV as the linux-yocto-standard builds. Select your version using the
+# normal PREFERRED_VERSION settings.
+BBCLASSEXTEND = "devupstream:target"
+SRCREV_machine:class-devupstream ?= "160f4124ea8b4cd6c86867e111fa55e266345a16"
+PN:class-devupstream = "linux-yocto-upstream"
+KBRANCH:class-devupstream = "v6.4/base"
+
+SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH};protocol=https \
+           git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.4;destsuffix=${KMETA};protocol=https"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
+LINUX_VERSION ?= "6.4.3"
+
+PV = "${LINUX_VERSION}+git${SRCPV}"
+
+KMETA = "kernel-meta"
+KCONF_BSP_AUDIT_LEVEL = "1"
+
+KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb"
+
+COMPATIBLE_MACHINE = "^(qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemuppc64|qemumips|qemumips64|qemux86-64|qemuriscv64|qemuriscv32|qemuloongarch64)$"
+
+# Functionality flags
+KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc"
+KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
+KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc cfg/net/mdio.scc"
+KERNEL_FEATURES:append:qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
+KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "", d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}"
+KERNEL_FEATURES:append:powerpc =" arch/powerpc/powerpc-debug.scc"
+KERNEL_FEATURES:append:powerpc64 =" arch/powerpc/powerpc-debug.scc"
+KERNEL_FEATURES:append:powerpc64le =" arch/powerpc/powerpc-debug.scc"
+
+INSANE_SKIP:kernel-vmlinux:qemuppc64 = "textrel"
+
diff --git a/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb b/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb
similarity index 95%
rename from poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb
rename to poky/meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb
index 916408b..424b0fa 100644
--- a/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb
+++ b/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb
@@ -34,7 +34,7 @@
            file://0001-Makefile.am-update-rpath-link.patch \
            "
 
-SRC_URI[sha256sum] = "f1d7bb4984a3dc5dacd3b7bcb4c10c04b041b0eecd7cba1fef3d8f86aff02bd6"
+SRC_URI[sha256sum] = "e7e04596dd73ac7aa99e27cd000f949dbb0fed51bd29099f9b08a25c1df0ced5"
 
 CVE_PRODUCT = "ust"
 
diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb
index 2d80338..7d90ac3 100644
--- a/poky/meta/recipes-kernel/perf/perf.bb
+++ b/poky/meta/recipes-kernel/perf/perf.bb
@@ -383,7 +383,7 @@
 
 perf_fix_sources () {
 	for f in util/parse-events-flex.h util/parse-events-flex.c util/pmu-flex.c \
-			util/expr-flex.h util/expr-flex.c; do
+			util/pmu-flex.h util/expr-flex.h util/expr-flex.c; do
 		f=${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/$f
 		if [ -e $f ]; then
 			sed -i -e 's#${S}/##g' $f
diff --git a/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb b/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb
index a8bf099..d482e27 100644
--- a/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb
+++ b/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb
@@ -16,7 +16,7 @@
 
 EXTRA_OECONF += " \
     ${@bb.utils.contains('TARGET_FPU', 'soft', '--with-softfloat', '', d)} \
-    --disable-python \
+    --disable-python --disable-old-symbols \
 "
 
 PACKAGES =+ "alsa-server alsa-conf libatopology"
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-libswscale-riscv-Fix-syntax-of-vsetvli.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-libswscale-riscv-Fix-syntax-of-vsetvli.patch
new file mode 100644
index 0000000..94e0ba6
--- /dev/null
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-libswscale-riscv-Fix-syntax-of-vsetvli.patch
@@ -0,0 +1,35 @@
+From 85eefb65eb632d827e17a72518dd289dcd721084 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sun, 2 Jul 2023 19:29:55 -0700
+Subject: [PATCH] libswscale/riscv: Fix syntax of vsetvli
+
+Add missing operand which clang complains about but gcc assumes it to be
+'m1' if not specifiied.
+
+Fixes building with clang
+| src/libswscale/riscv/rgb2rgb_rvv.S:88:25: error: operand must be e[8|16|32|64|128|256|512|1024],m[1|2|4|8|f2|f4|f8],[ta|tu],[ma|mu]
+|         vsetvli t4, t3, e8, ta, ma
+|                         ^
+
+Upstream-Status: Submitted [https://ffmpeg.org/pipermail/ffmpeg-devel/2023-July/311514.html]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ libswscale/riscv/rgb2rgb_rvv.S | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libswscale/riscv/rgb2rgb_rvv.S b/libswscale/riscv/rgb2rgb_rvv.S
+index 5626d90..bbdfdbe 100644
+--- a/libswscale/riscv/rgb2rgb_rvv.S
++++ b/libswscale/riscv/rgb2rgb_rvv.S
+@@ -85,7 +85,7 @@ func ff_interleave_bytes_rvv, zve32x
+         mv      t3, a3
+         addi    a4, a4, -1
+ 2:
+-        vsetvli    t4, t3, e8, ta, ma
++        vsetvli    t4, t3, e8, m1, ta, ma
+         sub        t3, t3, t4
+         vle8.v     v8, (t0)
+         add        t0, t4, t0
+-- 
+2.41.0
+
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb
index f84d9bb..181c17d 100644
--- a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb
@@ -22,7 +22,8 @@
                     file://COPYING.LGPLv2.1;md5=bd7a443320af8c812e4c18d1b79df004 \
                     file://COPYING.LGPLv3;md5=e6a600fd5e1d9cbde2d983680233ad02"
 
-SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz"
+SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
+           file://0001-libswscale-riscv-Fix-syntax-of-vsetvli.patch"
 
 SRC_URI[sha256sum] = "57be87c22d9b49c112b6d24bc67d42508660e6b718b3db89c44e47e289137082"
 
diff --git a/poky/meta/recipes-multimedia/flac/flac_1.4.2.bb b/poky/meta/recipes-multimedia/flac/flac_1.4.3.bb
similarity index 76%
rename from poky/meta/recipes-multimedia/flac/flac_1.4.2.bb
rename to poky/meta/recipes-multimedia/flac/flac_1.4.3.bb
index d3ece3f..d4e463c 100644
--- a/poky/meta/recipes-multimedia/flac/flac_1.4.2.bb
+++ b/poky/meta/recipes-multimedia/flac/flac_1.4.3.bb
@@ -5,15 +5,15 @@
 SECTION = "libs"
 LICENSE = "GFDL-1.2 & GPL-2.0-or-later & LGPL-2.1-or-later & BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING.FDL;md5=ad1419ecc56e060eccf8184a87c4285f \
-                    file://src/Makefile.am;beginline=1;endline=17;md5=146d2c8c2fd287545cc1bd81f31e8758 \
+                    file://src/Makefile.am;beginline=1;endline=17;md5=b1dab2704be7f01bfbd9b7f6d5f000a9 \
                     file://COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-                    file://src/flac/main.c;beginline=1;endline=18;md5=893456854ce6bf14a1a7ea77266eebab \
+                    file://src/flac/main.c;beginline=1;endline=18;md5=23099119c034d894bd1bf7ef5bd22101 \
                     file://COPYING.LGPL;md5=fbc093901857fcd118f065f900982c24 \
-                    file://COPYING.Xiph;md5=3d6da238b5b57a0965d6730291119f65 \
+                    file://COPYING.Xiph;md5=0c90e41ab2fa7e69ca9391330d870221 \
                     file://include/FLAC/all.h;beginline=65;endline=70;md5=39aaf5e03c7364363884c8b8ddda8eea"
 
 SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz"
-SRC_URI[sha256sum] = "e322d58a1f48d23d9dd38f432672865f6f79e73a6f9cc5a5f57fcaa83eb5a8e4"
+SRC_URI[sha256sum] = "6c58e69cd22348f441b861092b825e591d0b822e106de6eb0ee4d05d27205b70"
 
 CVE_PRODUCT = "libflac flac"
 
@@ -25,11 +25,8 @@
                 "
 
 PACKAGECONFIG ??= " \
-    ${@bb.utils.filter("TUNE_FEATURES", "altivec vsx", d)} \
     ogg \
 "
-PACKAGECONFIG[altivec] = "--enable-altivec,--disable-altivec"
-PACKAGECONFIG[vsx] = "--enable-vsx,--disable-vsx"
 PACKAGECONFIG[avx] = "--enable-avx,--disable-avx"
 PACKAGECONFIG[ogg] = "--enable-ogg --with-ogg-libraries=${STAGING_LIBDIR} --with-ogg-includes=${STAGING_INCDIR},--disable-ogg,libogg"
 
diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.4.bb
similarity index 94%
rename from poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.4.bb
index fa82ef7..beaf1a9 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.4.bb
@@ -12,7 +12,7 @@
            file://0001-connect-has-a-different-signature-on-musl.patch \
            "
 
-SRC_URI[sha256sum] = "446ac9c42d502cbfd9081737cc1b853b3c1f50db77ca7ccd01aea10f687550c1"
+SRC_URI[sha256sum] = "4c52053ce8c1df72fd81721e9f53de3b146edcf2de28f607be705bce4cf909d1"
 
 DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base"
 RRECOMMENDS:${PN} = "git"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.4.bb
similarity index 91%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.4.bb
index c5af676..4d59353 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.4.bb
@@ -12,7 +12,7 @@
                     "
 
 SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz"
-SRC_URI[sha256sum] = "2ec5c805808b4371a7e32b1da0202a1c8a6b36b6ce905080bf5c34097d12a923"
+SRC_URI[sha256sum] = "9a751bc740de768e791c37a95f0a924c6a41d12fd7f37f54ce6a4e834be122d3"
 
 S = "${WORKDIR}/gst-libav-${PV}"
 
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.4.bb
similarity index 95%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.4.bb
index 694a12b..fc70805 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.4.bb
@@ -10,7 +10,7 @@
 
 SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz"
 
-SRC_URI[sha256sum] = "6f51c2331c334593c2c3cf12e9f22b9e3b419a3247cfb2fec0e1bd845569863a"
+SRC_URI[sha256sum] = "5fcb872d977b035fb75a2d0ea955ba052dc3bdae282f8f60aa9d865808784211"
 
 S = "${WORKDIR}/gst-omx-${PV}"
 
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.4.bb
similarity index 98%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.4.bb
index 3aa5319..16d5320 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.4.bb
@@ -10,7 +10,7 @@
            file://0002-avoid-including-sys-poll.h-directly.patch \
            file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \
            "
-SRC_URI[sha256sum] = "e1798fee2d86127f0637481c607f983293bf0fd81aad70a5c7b47205af3621d8"
+SRC_URI[sha256sum] = "eaaf53224565eaabd505ca39c6d5769719b45795cf532ce1ceb60e1b2ebe99ac"
 
 S = "${WORKDIR}/gst-plugins-bad-${PV}"
 
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.4.bb
similarity index 92%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.4.bb
index 44056b0..3c0cb7d 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.4.bb
@@ -11,7 +11,7 @@
            file://0003-viv-fb-Make-sure-config.h-is-included.patch \
            file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \
            "
-SRC_URI[sha256sum] = "1c596289a0d4207380233eba8c36a932c4d1aceba19932937d9b57c24cef89f3"
+SRC_URI[sha256sum] = "292424e82dea170528c42b456f62a89532bcabc0508f192e34672fb86f68e5b8"
 
 S = "${WORKDIR}/gst-plugins-base-${PV}"
 
@@ -21,7 +21,8 @@
 
 # opengl packageconfig factored out to make it easy for distros
 # and BSP layers to choose OpenGL APIs/platforms/window systems
-PACKAGECONFIG_GL ?= "${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'gles2 egl', '', d)}"
+PACKAGECONFIG_X11 = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'opengl glx', '', d)}"
+PACKAGECONFIG_GL ?= "${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'gles2 egl ${PACKAGECONFIG_X11}', '', d)}"
 
 PACKAGECONFIG ??= " \
     ${GSTREAMER_ORC} \
@@ -32,7 +33,7 @@
 "
 
 OPENGL_APIS = 'opengl gles2'
-OPENGL_PLATFORMS = 'egl'
+OPENGL_PLATFORMS = 'egl glx'
 
 X11DEPENDS = "virtual/libx11 libsm libxrender libxv"
 X11ENABLEOPTS = "-Dx11=enabled -Dxvideo=enabled -Dxshm=enabled"
@@ -61,6 +62,7 @@
 
 # OpenGL platform packageconfigs
 PACKAGECONFIG[egl]          = ",,virtual/egl"
+PACKAGECONFIG[glx]          = ",,virtual/libgl"
 
 # OpenGL window systems (except for X11)
 PACKAGECONFIG[gbm]          = ",,virtual/libgbm libgudev libdrm"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.4.bb
similarity index 97%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.4.bb
index 8de1d1c..0ae1758 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.4.bb
@@ -8,7 +8,7 @@
            file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \
            file://0001-v4l2-Define-ioctl_req_t-for-posix-linux-case.patch"
 
-SRC_URI[sha256sum] = "af81154b3a2ef3f4d2feba395f25696feea6fd13ec62c92d3c7a973470710273"
+SRC_URI[sha256sum] = "d7120c1146a9d723d53d5bfe8074da2575a81f0598438752937f39bb7c833b6a"
 
 S = "${WORKDIR}/gst-plugins-good-${PV}"
 
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.4.bb
similarity index 94%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.4.bb
index 21102d5..1b3d3b6 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.4.bb
@@ -14,7 +14,7 @@
 SRC_URI = " \
             https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \
             "
-SRC_URI[sha256sum] = "3dc98ed5c2293368b3c4e6ce55d89be834a0a62e9bf88ef17928cf03b7d5a360"
+SRC_URI[sha256sum] = "ffb461fda6c06d316c4be5682632cc8901454ed72b1098b1e0221bc55e673cd7"
 
 S = "${WORKDIR}/gst-plugins-ugly-${PV}"
 
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.4.bb
similarity index 90%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.4.bb
index 0cf1908..e35bef3 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.4.bb
@@ -8,7 +8,7 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740"
 
 SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "70bed3fabe634bc622ef6de4e6eb1c33bc9cefd64bdab200f6fa316b468c731c"
+SRC_URI[sha256sum] = "e1302dcc0f2451b64380dcc0dd3b82735795e8951dc812d938d8ba91f388163e"
 
 DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
 RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.4.bb
similarity index 90%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.4.bb
index 0f8a89d..29eb4bb 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.4.bb
@@ -10,7 +10,7 @@
 
 SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
 
-SRC_URI[sha256sum] = "d02a39dfa9bdbf99a3dd2d378e17942b3ce42dfe36fb0c27e2d0b01722fc561d"
+SRC_URI[sha256sum] = "4666612d7a99c60dcd6f0bdba1b7a74d2562a0501b2a3e0576f0916bf1d8811b"
 
 S = "${WORKDIR}/${PNREAL}-${PV}"
 
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.4.bb
similarity index 95%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.4.bb
index 6e0014c..34c15bb 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.4.bb
@@ -11,7 +11,7 @@
 
 SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz"
 
-SRC_URI[sha256sum] = "a27867062e8b69305fca5b7d3f13ed7c318b703e7d72756c94395bd305c7b32c"
+SRC_URI[sha256sum] = "967b8e353d82d0081a68dc53639b25d9fb4ca89bfa1e061403e0cd7d23585ba6"
 
 S = "${WORKDIR}/${REALPN}-${PV}"
 DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.4.bb
similarity index 96%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.4.bb
index ca75487..2eadb79 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.4.bb
@@ -22,7 +22,7 @@
            file://0003-tests-use-a-dictionaries-for-environment.patch;striplevel=3 \
            file://0004-tests-add-helper-script-to-run-the-installed_tests.patch;striplevel=3 \
            "
-SRC_URI[sha256sum] = "9ffeab95053f9f6995eb3b3da225e88f21c129cd60da002d3f795db70d6d5974"
+SRC_URI[sha256sum] = "11cb0498bc16b93d8b99d22f75f829b8d0abfd8254840b2120618db5532dc655"
 
 PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \
                    check \
diff --git a/poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb b/poky/meta/recipes-multimedia/libpng/libpng_1.6.40.bb
similarity index 80%
rename from poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb
rename to poky/meta/recipes-multimedia/libpng/libpng_1.6.40.bb
index a6c229f..293bf28 100644
--- a/poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb
+++ b/poky/meta/recipes-multimedia/libpng/libpng_1.6.40.bb
@@ -5,13 +5,13 @@
 HOMEPAGE = "http://www.libpng.org/"
 SECTION = "libs"
 LICENSE = "Libpng"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=5c900cc124ba35a274073b5de7639b13"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=8f533bc367bfd43f556b6f782234c076"
 DEPENDS = "zlib"
 
 LIBV = "16"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "1f4696ce70b4ee5f85f1e1623dc1229b210029fa4b7aee573df3e2ba7b036937"
+SRC_URI[sha256sum] = "535b479b2467ff231a3ec6d92a525906fb8ef27978be4f66dbe05d3f3a01b3a1"
 
 MIRRORS += "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/older-releases/"
 
@@ -32,5 +32,4 @@
 
 BBCLASSEXTEND = "native nativesdk"
 
-# CVE-2019-17371 is actually a memory leak in gif2png 2.x
-CVE_CHECK_IGNORE += "CVE-2019-17371"
+CVE_STATUS[CVE-2019-17371] = "cpe-incorrect: A memory leak in gif2png 2.x"
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
deleted file mode 100644
index e356d37..0000000
--- a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-CVE: CVE-2022-48281
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001
-From: Su Laus <sulau@freenet.de>
-Date: Sat, 21 Jan 2023 15:58:10 +0000
-Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488.
-
----
- tools/tiffcrop.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
-index 14fa18da..7db69883 100644
---- a/tools/tiffcrop.c
-+++ b/tools/tiffcrop.c
-@@ -8591,7 +8591,7 @@ static int processCropSelections(struct image_data *image,
-                     cropsize + NUM_BUFF_OVERSIZE_BYTES);
-             else
-             {
--                prev_cropsize = seg_buffs[0].size;
-+                prev_cropsize = seg_buffs[i].size;
-                 if (prev_cropsize < cropsize)
-                 {
-                     next_buff = _TIFFrealloc(
--- 
-GitLab
-
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch
deleted file mode 100644
index 7db0a35..0000000
--- a/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 9be22b639ea69e102d3847dca4c53ef025e9527b Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sat, 29 Apr 2023 12:20:46 +0200
-Subject: [PATCH] LZWDecode(): avoid crash when trying to read again from a
- strip whith a missing end-of-information marker (fixes #548)
-
-CVE: CVE-2023-2731
-Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b]
-
----
- libtiff/tif_lzw.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
-index ba75a07e..d631fa10 100644
---- a/libtiff/tif_lzw.c
-+++ b/libtiff/tif_lzw.c
-@@ -423,6 +423,10 @@ static int LZWDecode(TIFF *tif, uint8_t *op0, tmsize_t occ0, uint16_t s)
- 
-     if (sp->read_error)
-     {
-+        TIFFErrorExtR(tif, module,
-+                      "LZWDecode: Scanline %" PRIu32 " cannot be read due to "
-+                      "previous error",
-+                      tif->tif_row);
-         return 0;
-     }
- 
-@@ -742,6 +746,7 @@ after_loop:
-     return (1);
- 
- no_eoi:
-+    sp->read_error = 1;
-     TIFFErrorExtR(tif, module,
-                   "LZWDecode: Strip %" PRIu32 " not terminated with EOI code",
-                   tif->tif_curstrip);
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
similarity index 77%
rename from poky/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb
rename to poky/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
index ca4a3ef..6171a53 100644
--- a/poky/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb
+++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
@@ -8,24 +8,14 @@
 
 CVE_PRODUCT = "libtiff"
 
-SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
-           file://CVE-2022-48281.patch \
-           file://CVE-2023-2731.patch \
-"
+SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz"
 
-SRC_URI[sha256sum] = "c7a1d9296649233979fa3eacffef3fa024d73d05d589cb622727b5b08c423464"
+SRC_URI[sha256sum] = "d7f38b6788e4a8f5da7940c5ac9424f494d8a79eba53d555f4a507167dca5e2b"
 
 # exclude betas
 UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
 
-# Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313
-# and 4.3.0 doesn't have the issue
-CVE_CHECK_IGNORE += "CVE-2015-7313"
-# These issues only affect libtiff post-4.3.0 but before 4.4.0,
-# caused by 3079627e and fixed by b4e79bfa.
-CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623"
-# Issue is in jbig which we don't enable
-CVE_CHECK_IGNORE += "CVE-2022-1210"
+CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue"
 
 inherit autotools multilib_header
 
diff --git a/poky/meta/recipes-multimedia/webp/files/CVE-2023-1999.patch b/poky/meta/recipes-multimedia/webp/files/CVE-2023-1999.patch
deleted file mode 100644
index d293ab9..0000000
--- a/poky/meta/recipes-multimedia/webp/files/CVE-2023-1999.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From a486d800b60d0af4cc0836bf7ed8f21e12974129 Mon Sep 17 00:00:00 2001
-From: James Zern <jzern@google.com>
-Date: Wed, 22 Feb 2023 22:15:47 -0800
-Subject: [PATCH] EncodeAlphaInternal: clear result->bw on error
-
-This avoids a double free should the function fail prior to
-VP8BitWriterInit() and a previous trial result's buffer carried over.
-Previously in ApplyFiltersAndEncode() trial.bw (with a previous
-iteration's buffer) would be freed, followed by best.bw pointing to the
-same buffer.
-
-Since:
-187d379d add a fallback to ALPHA_NO_COMPRESSION
-
-In addition, check the return value of VP8BitWriterInit() in this
-function.
-
-Bug: webp:603
-Change-Id: Ic258381ee26c8c16bc211d157c8153831c8c6910
-
-CVE: CVE-2023-1999
-Upstream-Status: Backport [https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129]
-Signed-off-by: Nikhil R <nikhil.r@kpit.com>
----
- src/enc/alpha_enc.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/enc/alpha_enc.c b/src/enc/alpha_enc.c
-index f7c02690e3..7d205586fe 100644
---- a/src/enc/alpha_enc.c
-+++ b/src/enc/alpha_enc.c
-@@ -13,6 +13,7 @@
- 
- #include <assert.h>
- #include <stdlib.h>
-+#include <string.h>
- 
- #include "src/enc/vp8i_enc.h"
- #include "src/dsp/dsp.h"
-@@ -148,6 +149,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, int width, int height,
-       }
-     } else {
-       VP8LBitWriterWipeOut(&tmp_bw);
-+      memset(&result->bw, 0, sizeof(result->bw));
-       return 0;
-     }
-   }
-@@ -162,7 +164,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, int width, int height,
-   header = method | (filter << 2);
-   if (reduce_levels) header |= ALPHA_PREPROCESSED_LEVELS << 4;
- 
--  VP8BitWriterInit(&result->bw, ALPHA_HEADER_LEN + output_size);
-+  if (!VP8BitWriterInit(&result->bw, ALPHA_HEADER_LEN + output_size)) ok = 0;
-   ok = ok && VP8BitWriterAppend(&result->bw, &header, ALPHA_HEADER_LEN);
-   ok = ok && VP8BitWriterAppend(&result->bw, output, output_size);
diff --git a/poky/meta/recipes-multimedia/webp/libwebp_1.3.0.bb b/poky/meta/recipes-multimedia/webp/libwebp_1.3.1.bb
similarity index 93%
rename from poky/meta/recipes-multimedia/webp/libwebp_1.3.0.bb
rename to poky/meta/recipes-multimedia/webp/libwebp_1.3.1.bb
index 7ca67e4..b9e763b 100644
--- a/poky/meta/recipes-multimedia/webp/libwebp_1.3.0.bb
+++ b/poky/meta/recipes-multimedia/webp/libwebp_1.3.1.bb
@@ -14,14 +14,10 @@
                     file://PATENTS;md5=c6926d0cb07d296f886ab6e0cc5a85b7"
 
 SRC_URI = "http://downloads.webmproject.org/releases/webp/${BP}.tar.gz"
-SRC_URI[sha256sum] = "64ac4614db292ae8c5aa26de0295bf1623dbb3985054cb656c55e67431def17c"
+SRC_URI[sha256sum] = "b3779627c2dfd31e3d8c4485962c2efe17785ef975e2be5c8c0c9e6cd3c4ef66"
 
 UPSTREAM_CHECK_URI = "http://downloads.webmproject.org/releases/webp/index.html"
 
-SRC_URI += " \
-    file://CVE-2023-1999.patch \
-"
-
 EXTRA_OECONF = " \
     --disable-wic \
     --enable-libwebpmux \
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/0001-Source-JavaScriptCore-CMakeLists.txt-ensure-reproduc.patch b/poky/meta/recipes-sato/webkit/webkitgtk/0001-Source-JavaScriptCore-CMakeLists.txt-ensure-reproduc.patch
new file mode 100644
index 0000000..bbe2650
--- /dev/null
+++ b/poky/meta/recipes-sato/webkit/webkitgtk/0001-Source-JavaScriptCore-CMakeLists.txt-ensure-reproduc.patch
@@ -0,0 +1,28 @@
+From cd65e3d9256a4f6eb7906a9f10678c29a4ffef2f Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Mon, 26 Jun 2023 14:30:02 +0200
+Subject: [PATCH] Source/JavaScriptCore/CMakeLists.txt: ensure reproducibility
+ of __TIMESTAMP__
+
+__TIMESTAMP__ refers to mtime of the file that contains it, which is unstable
+and breaks binary reproducibility when the file is generated at build time. To ensure
+this does not happen, mtime should be set from the original file.
+
+Upstream-Status: Submitted [https://github.com/WebKit/WebKit/pull/15293]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ Source/JavaScriptCore/CMakeLists.txt | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Source/JavaScriptCore/CMakeLists.txt b/Source/JavaScriptCore/CMakeLists.txt
+index 43dc22ff..c2e3b1cd 100644
+--- a/Source/JavaScriptCore/CMakeLists.txt
++++ b/Source/JavaScriptCore/CMakeLists.txt
+@@ -159,6 +159,7 @@ add_custom_command(
+     OUTPUT ${JavaScriptCore_DERIVED_SOURCES_DIR}/JSCBytecodeCacheVersion.cpp
+     MAIN_DEPENDENCY ${JAVASCRIPTCORE_DIR}/runtime/JSCBytecodeCacheVersion.cpp.in
+     COMMAND ${PERL_EXECUTABLE} -pe s/CACHED_TYPES_CKSUM/__TIMESTAMP__/ ${JAVASCRIPTCORE_DIR}/runtime/JSCBytecodeCacheVersion.cpp.in > ${JavaScriptCore_DERIVED_SOURCES_DIR}/JSCBytecodeCacheVersion.cpp
++    COMMAND touch -r ${JAVASCRIPTCORE_DIR}/runtime/JSCBytecodeCacheVersion.cpp.in ${JavaScriptCore_DERIVED_SOURCES_DIR}/JSCBytecodeCacheVersion.cpp
+             VERBATIM
+ )
+ 
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch b/poky/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
index 32f92f7..34e0ff9 100644
--- a/poky/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
+++ b/poky/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
@@ -1,8 +1,8 @@
-From 0d3344e17d258106617b0e6d783d073b188a2548 Mon Sep 17 00:00:00 2001
+From 647c93de99a0f71f478d76a4cc7714eba7ba1447 Mon Sep 17 00:00:00 2001
 From: Adrian Perez de Castro <aperez@igalia.com>
 Date: Thu, 2 Jun 2022 11:19:06 +0300
-Subject: [PATCH] [ARM][NEON] FELightningNEON.cpp fails to build, NEON fast
- path seems unused https://bugs.webkit.org/show_bug.cgi?id=241182
+Subject: [PATCH] FELightningNEON.cpp fails to build, NEON fast path seems
+ unused https://bugs.webkit.org/show_bug.cgi?id=241182
 
 Reviewed by NOBODY (OOPS!).
 
@@ -30,19 +30,21 @@
 * Source/WebCore/platform/graphics/filters/PointLightSource.h:
 * Source/WebCore/platform/graphics/filters/SpotLightSource.h:
 * Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h:
----
+
 Upstream-Status: Submitted [https://github.com/WebKit/WebKit/pull/1233]
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
+---
  .../cpu/arm/filters/FELightingNEON.cpp        |  4 +-
- .../graphics/cpu/arm/filters/FELightingNEON.h | 54 +++++++++----------
+ .../graphics/cpu/arm/filters/FELightingNEON.h | 52 +++++++++----------
  .../graphics/filters/DistantLightSource.h     |  4 ++
  .../platform/graphics/filters/FELighting.h    |  7 ---
  .../graphics/filters/PointLightSource.h       |  4 ++
  .../graphics/filters/SpotLightSource.h        |  4 ++
  .../software/FELightingSoftwareApplier.h      | 16 ++++++
- 7 files changed, 57 insertions(+), 36 deletions(-)
+ 7 files changed, 56 insertions(+), 35 deletions(-)
 
+diff --git a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp
+index f6ff8c20..42a97ffc 100644
 --- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp
 +++ b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp
 @@ -49,7 +49,7 @@ short* feLightingConstantsForNeon()
@@ -63,6 +65,8 @@
  {
      // Calling a powf function from the assembly code would require to save
      // and reload a lot of NEON registers. Since the base is in range [0..1]
+diff --git a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h
+index b17c603d..e4629cda 100644
 --- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h
 +++ b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h
 @@ -24,14 +24,15 @@
@@ -104,7 +108,7 @@
          0,
          0,
          0,
-@@ -111,23 +112,23 @@ inline void FELighting::platformApplyNeo
+@@ -111,23 +112,23 @@ inline void FELighting::platformApplyNeon(const LightingData& data, const LightS
      // Set light source arguments.
      floatArguments.constOne = 1;
  
@@ -133,7 +137,7 @@
          floatArguments.lightX = spotLightSource.position().x();
          floatArguments.lightY = spotLightSource.position().y();
          floatArguments.lightZ = spotLightSource.position().z();
-@@ -145,7 +146,7 @@ inline void FELighting::platformApplyNeo
+@@ -145,7 +146,7 @@ inline void FELighting::platformApplyNeon(const LightingData& data, const LightS
          if (spotLightSource.specularExponent() == 1)
              neonData.flags |= FLAG_CONE_EXPONENT_IS_1;
      } else {
@@ -142,7 +146,7 @@
          floatArguments.lightX = paintingData.initialLightingData.lightVector.x();
          floatArguments.lightY = paintingData.initialLightingData.lightVector.y();
          floatArguments.lightZ = paintingData.initialLightingData.lightVector.z();
-@@ -155,38 +156,39 @@ inline void FELighting::platformApplyNeo
+@@ -155,38 +156,39 @@ inline void FELighting::platformApplyNeon(const LightingData& data, const LightS
      // Set lighting arguments.
      floatArguments.surfaceScale = data.surfaceScale;
      floatArguments.minusSurfaceScaleDividedByFour = -data.surfaceScale / 4;
@@ -192,16 +196,18 @@
              }
              parallelJobs.execute();
              return;
-@@ -199,5 +201,3 @@ inline void FELighting::platformApplyNeo
+@@ -199,5 +201,3 @@ inline void FELighting::platformApplyNeon(const LightingData& data, const LightS
  } // namespace WebCore
  
  #endif // CPU(ARM_NEON) && COMPILER(GCC_COMPATIBLE)
 -
 -#endif // FELightingNEON_h
+diff --git a/Source/WebCore/platform/graphics/filters/DistantLightSource.h b/Source/WebCore/platform/graphics/filters/DistantLightSource.h
+index 70c6512f..b032c82e 100644
 --- a/Source/WebCore/platform/graphics/filters/DistantLightSource.h
 +++ b/Source/WebCore/platform/graphics/filters/DistantLightSource.h
-@@ -25,6 +25,10 @@
- #include "LightSource.h"
+@@ -26,6 +26,10 @@
+ #include <wtf/ArgumentCoder.h>
  #include <wtf/Ref.h>
  
 +namespace WTF {
@@ -211,6 +217,8 @@
  namespace WebCore {
  
  class DistantLightSource : public LightSource {
+diff --git a/Source/WebCore/platform/graphics/filters/FELighting.h b/Source/WebCore/platform/graphics/filters/FELighting.h
+index 53beb596..e78a9354 100644
 --- a/Source/WebCore/platform/graphics/filters/FELighting.h
 +++ b/Source/WebCore/platform/graphics/filters/FELighting.h
 @@ -35,8 +35,6 @@
@@ -222,7 +230,7 @@
  class FELighting : public FilterEffect {
  public:
      const Color& lightingColor() const { return m_lightingColor; }
-@@ -67,11 +65,6 @@ protected:
+@@ -64,11 +62,6 @@ protected:
  
      std::unique_ptr<FilterEffectApplier> createSoftwareApplier() const override;
  
@@ -234,6 +242,8 @@
      Color m_lightingColor;
      float m_surfaceScale;
      float m_diffuseConstant;
+diff --git a/Source/WebCore/platform/graphics/filters/PointLightSource.h b/Source/WebCore/platform/graphics/filters/PointLightSource.h
+index 3a5723f0..675d63f5 100644
 --- a/Source/WebCore/platform/graphics/filters/PointLightSource.h
 +++ b/Source/WebCore/platform/graphics/filters/PointLightSource.h
 @@ -26,6 +26,10 @@
@@ -247,6 +257,8 @@
  namespace WebCore {
  
  class PointLightSource : public LightSource {
+diff --git a/Source/WebCore/platform/graphics/filters/SpotLightSource.h b/Source/WebCore/platform/graphics/filters/SpotLightSource.h
+index 684626f7..dea58389 100644
 --- a/Source/WebCore/platform/graphics/filters/SpotLightSource.h
 +++ b/Source/WebCore/platform/graphics/filters/SpotLightSource.h
 @@ -26,6 +26,10 @@
@@ -260,6 +272,8 @@
  namespace WebCore {
  
  class SpotLightSource : public LightSource {
+diff --git a/Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h b/Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h
+index c974d921..e2896660 100644
 --- a/Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h
 +++ b/Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h
 @@ -36,6 +36,7 @@
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/4977290ab4ab35258a6da9b13795c9b0f7894bf4.patch b/poky/meta/recipes-sato/webkit/webkitgtk/4977290ab4ab35258a6da9b13795c9b0f7894bf4.patch
new file mode 100644
index 0000000..79da855
--- /dev/null
+++ b/poky/meta/recipes-sato/webkit/webkitgtk/4977290ab4ab35258a6da9b13795c9b0f7894bf4.patch
@@ -0,0 +1,41 @@
+From 4977290ab4ab35258a6da9b13795c9b0f7894bf4 Mon Sep 17 00:00:00 2001
+From: Diego Pino Garcia <dpino@igalia.com>
+Date: Mon, 22 May 2023 19:58:50 -0700
+Subject: [PATCH] [GLIB] Fix build error after 264196@main
+ https://bugs.webkit.org/show_bug.cgi?id=256917
+
+Reviewed by Michael Catanzaro.
+
+Variable BWRAP_EXECUTABLE is only defined when BUBBLEWRAP_SANDBOX is
+enabled.
+
+* Source/WTF/wtf/glib/Sandbox.cpp:
+(WTF::isInsideUnsupportedContainer):
+
+Canonical link: https://commits.webkit.org/264395@main
+Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/4977290ab4ab35258a6da9b13795c9b0f7894bf4]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ Source/WTF/wtf/glib/Sandbox.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/Source/WTF/wtf/glib/Sandbox.cpp b/Source/WTF/wtf/glib/Sandbox.cpp
+index 7d84e830ab33e..9b07bb8cb5a9b 100644
+--- a/Source/WTF/wtf/glib/Sandbox.cpp
++++ b/Source/WTF/wtf/glib/Sandbox.cpp
+@@ -36,6 +36,7 @@ bool isInsideFlatpak()
+     return returnValue;
+ }
+ 
++#if ENABLE(BUBBLEWRAP_SANDBOX)
+ bool isInsideUnsupportedContainer()
+ {
+     static bool inContainer = g_file_test("/run/.containerenv", G_FILE_TEST_EXISTS);
+@@ -64,6 +65,7 @@ bool isInsideUnsupportedContainer()
+ 
+     return inContainer && !supportedContainer;
+ }
++#endif
+ 
+ bool isInsideSnap()
+ {
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/93920b55f52ff8b883296f4845269e2ed746acb3.patch b/poky/meta/recipes-sato/webkit/webkitgtk/93920b55f52ff8b883296f4845269e2ed746acb3.patch
deleted file mode 100644
index 762de40..0000000
--- a/poky/meta/recipes-sato/webkit/webkitgtk/93920b55f52ff8b883296f4845269e2ed746acb3.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 93920b55f52ff8b883296f4845269e2ed746acb3 Mon Sep 17 00:00:00 2001
-From: Michael Catanzaro <mcatanzaro@redhat.com>
-Date: Fri, 31 Mar 2023 12:24:09 -0700
-Subject: [PATCH] Fix build of SourceBrush.cpp
- https://bugs.webkit.org/show_bug.cgi?id=254821
-
-Unreviewed build fix.
-
-* Source/WebCore/platform/graphics/SourceBrush.cpp:
-(WebCore::SourceBrush::setGradient):
-(WebCore::SourceBrush::setPattern):
-
-Canonical link: https://commits.webkit.org/262434@main
-
-Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/93920b55f52ff8b883296f4845269e2ed746acb3]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- Source/WebCore/platform/graphics/SourceBrush.cpp | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/Source/WebCore/platform/graphics/SourceBrush.cpp
-+++ b/Source/WebCore/platform/graphics/SourceBrush.cpp
-@@ -65,12 +65,12 @@ Pattern* SourceBrush::pattern() const
- 
- void SourceBrush::setGradient(Ref<Gradient>&& gradient, const AffineTransform& spaceTransform)
- {
--    m_brush = { Brush::LogicalGradient { WTFMove(gradient), spaceTransform } };
-+    m_brush = Brush { Brush::LogicalGradient { { WTFMove(gradient) }, spaceTransform } };
- }
- 
- void SourceBrush::setPattern(Ref<Pattern>&& pattern)
- {
--    m_brush = { WTFMove(pattern) };
-+    m_brush = Brush { WTFMove(pattern) };
- }
- 
- WTF::TextStream& operator<<(TextStream& ts, const SourceBrush& brush)
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/check-GST_GL_HAVE_PLATFORM_GLX.patch b/poky/meta/recipes-sato/webkit/webkitgtk/check-GST_GL_HAVE_PLATFORM_GLX.patch
new file mode 100644
index 0000000..ae99810
--- /dev/null
+++ b/poky/meta/recipes-sato/webkit/webkitgtk/check-GST_GL_HAVE_PLATFORM_GLX.patch
@@ -0,0 +1,33 @@
+Add additional check on GST_GL_HAVE_PLATFORM_GLX before using gst_gl_display_x11_new_with_display
+
+This ensures that there is a compile time check for glx support in gstreamer as
+runtime check is not enough because gst_gl_display_x11_new_with_display() API comes from
+gst/gl/x11/gstgldisplay_x11.h which is only included when GST_GL_HAVE_PLATFORM_GLX is defined
+therefore make this check consistent to fix build with some platforms which use pvr gl drivers
+where this problem appear at compile time.
+
+
+/mnt/b/yoe/master/build/tmp/work/riscv64-yoe-linux/webkitgtk/2.40.2-r0/webkitgtk-2.40.2/Source/WebCore/platform/graphics/gstreamer/PlatformDisplayGStreamer.cpp:68:31: error: use of undeclared identifier 'gst_gl_display_x11_new_with_display'; did you mean 'gst_gl_display_egl_new_with_egl_display'?
+   68 |         return GST_GL_DISPLAY(gst_gl_display_x11_new_with_display(downcast<PlatformDisplayX11>(sharedDisplay).native()));
+      |                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+      |                               gst_gl_display_egl_new_with_egl_display
+
+This issue is 2.40 specific since GLX support is removed [1] from trunk upstream, therefore
+this patch wont be needed when upgrading to 2.42+
+
+[1] https://github.com/WebKit/WebKit/commit/320560f9e53ddcd53954059bd005e0c75eb91abf
+
+Upstream-Status: Inappropriate [GLX support is gone in 2.41+]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+--- a/Source/WebCore/platform/graphics/gstreamer/PlatformDisplayGStreamer.cpp	2023-02-20 01:22:18.917743700 -0800
++++ b/Source/WebCore/platform/graphics/gstreamer/PlatformDisplayGStreamer.cpp	2023-07-08 08:45:09.739177065 -0700
+@@ -63,7 +63,7 @@
+     if (glPlatform == GST_GL_PLATFORM_EGL)
+         return GST_GL_DISPLAY(gst_gl_display_egl_new_with_egl_display(sharedDisplay.eglDisplay()));
+ #endif
+-#if USE(GLX)
++#if USE(GLX) && GST_GL_HAVE_PLATFORM_GLX
+     if (is<PlatformDisplayX11>(sharedDisplay) && glPlatform == GST_GL_PLATFORM_GLX)
+         return GST_GL_DISPLAY(gst_gl_display_x11_new_with_display(downcast<PlatformDisplayX11>(sharedDisplay).native()));
+ #endif
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/d318bb461f040b90453bc4e100dcf967243ecd98.patch b/poky/meta/recipes-sato/webkit/webkitgtk/d318bb461f040b90453bc4e100dcf967243ecd98.patch
deleted file mode 100644
index 1ff9dce..0000000
--- a/poky/meta/recipes-sato/webkit/webkitgtk/d318bb461f040b90453bc4e100dcf967243ecd98.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From d318bb461f040b90453bc4e100dcf967243ecd98 Mon Sep 17 00:00:00 2001
-From: Michael Catanzaro <mcatanzaro@redhat.com>
-Date: Mon, 16 Jan 2023 16:55:26 -0800
-Subject: [PATCH] WebKitGTK 2.39.4 does not build due to missing #include in
- ANGLE https://bugs.webkit.org/show_bug.cgi?id=250689
-
-Unreviewed build fix.
-
-* Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h:
-
-Canonical link: https://commits.webkit.org/258968@main
-
-Upstream-Status: Backport [https://bugs.webkit.org/show_bug.cgi?id=250689]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h b/Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h
-index 94cb93e01fc0..ec7bda372f30 100644
---- a/Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h
-+++ b/Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h
-@@ -12,6 +12,7 @@
- 
- #include <algorithm>
- #include <array>
-+#include <cstdint>
- #include <string>
- #include <vector>
- 
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk_2.38.5.bb b/poky/meta/recipes-sato/webkit/webkitgtk_2.40.2.bb
similarity index 88%
rename from poky/meta/recipes-sato/webkit/webkitgtk_2.38.5.bb
rename to poky/meta/recipes-sato/webkit/webkitgtk_2.40.2.bb
index f7fa6df..8bef0b1 100644
--- a/poky/meta/recipes-sato/webkit/webkitgtk_2.38.5.bb
+++ b/poky/meta/recipes-sato/webkit/webkitgtk_2.40.2.bb
@@ -13,10 +13,11 @@
            file://0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch \
            file://reproducibility.patch \
            file://0d3344e17d258106617b0e6d783d073b188a2548.patch \
-           file://d318bb461f040b90453bc4e100dcf967243ecd98.patch \
-           file://93920b55f52ff8b883296f4845269e2ed746acb3.patch \
+           file://4977290ab4ab35258a6da9b13795c9b0f7894bf4.patch \
+           file://0001-Source-JavaScriptCore-CMakeLists.txt-ensure-reproduc.patch \
+           file://check-GST_GL_HAVE_PLATFORM_GLX.patch \
            "
-SRC_URI[sha256sum] = "40c20c43022274df5893f22b1054fa894c3eea057389bb08aee08c5b0bb0c1a7"
+SRC_URI[sha256sum] = "96898870d994da406ee7a632816dcde9a3bb395ee5f344fcb3f3b8cc8a77e000"
 
 inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gi-docgen
 
@@ -28,6 +29,7 @@
 DEPENDS += " \
           ruby-native \
           gperf-native \
+          unifdef-native \
           cairo \
           harfbuzz \
           jpeg \
@@ -72,6 +74,8 @@
 PACKAGECONFIG[soup2] = "-DUSE_SOUP2=ON,-DUSE_SOUP2=OFF,libsoup-2.4,,,soup3"
 PACKAGECONFIG[soup3] = ",,libsoup,,,soup2"
 PACKAGECONFIG[journald] = "-DENABLE_JOURNALD_LOG=ON,-DENABLE_JOURNALD_LOG=OFF,systemd"
+PACKAGECONFIG[avif] = "-DUSE_AVIF_LOG=ON,-DUSE_AVIF=OFF,libavif"
+PACKAGECONFIG[media-recorder] = "-DENABLE_MEDIA_RECORDER=ON,-DENABLE_MEDIA_RECORDER=OFF,gstreamer1.0-plugins-bad"
 
 EXTRA_OECMAKE = " \
 		-DPORT=GTK \
@@ -106,7 +110,7 @@
 
 # JIT and gold linker does not work on RISCV
 EXTRA_OECMAKE:append:riscv32 = " -DUSE_LD_GOLD=OFF -DENABLE_JIT=OFF"
-EXTRA_OECMAKE:append:riscv64 = " -DUSE_LD_GOLD=OFF -DENABLE_JIT=OFF"
+EXTRA_OECMAKE:append:riscv64 = " -DUSE_LD_GOLD=OFF"
 
 # JIT not supported on MIPS either
 EXTRA_OECMAKE:append:mipsarch = " -DENABLE_JIT=OFF -DENABLE_C_LOOP=ON "
@@ -137,6 +141,9 @@
 ARM_INSTRUCTION_SET:armv7r = "thumb"
 ARM_INSTRUCTION_SET:armv7ve = "thumb"
 
+# ANGLE requires SSE support as of webkit 2.40.x on 32 bit x86
+COMPATIBLE_HOST:x86 = "${@bb.utils.contains_any('TUNE_FEATURES', 'core2 corei7', '.*', 'null', d)}"
+
 # introspection inside qemu-arm hangs forever on musl/arm builds
 # therefore disable GI_DATA
 GI_DATA_ENABLED:libc-musl:armv7a = "False"
@@ -152,8 +159,8 @@
             ${B}/JavaScriptCore/DerivedSources/*.h \
             ${B}/JavaScriptCore/DerivedSources/yarr/*.h \
             ${B}/JavaScriptCore/PrivateHeaders/JavaScriptCore/*.h \
-            ${B}/WebKit2Gtk/DerivedSources/webkit2/*.cpp \
-            ${B}/WebKit2Gtk/DerivedSources/webkit2/*.h
+            ${B}/WebCore/DerivedSources/*.cpp \
+            ${B}/WebKitGTK/DerivedSources/webkit/*.cpp
 
 }
 
diff --git a/poky/meta/recipes-support/debianutils/debianutils_5.7.bb b/poky/meta/recipes-support/debianutils/debianutils_5.8.bb
similarity index 93%
rename from poky/meta/recipes-support/debianutils/debianutils_5.7.bb
rename to poky/meta/recipes-support/debianutils/debianutils_5.8.bb
index 7d705c6..fb17d2d 100644
--- a/poky/meta/recipes-support/debianutils/debianutils_5.7.bb
+++ b/poky/meta/recipes-support/debianutils/debianutils_5.8.bb
@@ -6,12 +6,12 @@
 BUGTRACKER = "https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=debianutils;dist=unstable"
 SECTION = "base"
 LICENSE = "GPL-2.0-only & SMAIL_GPL"
-LIC_FILES_CHKSUM = "file://debian/copyright;md5=9b912cd0cc654134c0ef3424a0705b94"
+LIC_FILES_CHKSUM = "file://debian/copyright;md5=74765f57ae5dd2b10ffbc39528d98753"
 
 SRC_URI = "git://salsa.debian.org/debian/debianutils.git;protocol=https;branch=master \
            "
 
-SRCREV = "de14223e5bffe15e374a441302c528ffc1cbed57"
+SRCREV = "69116b856177ceb270908103b5776f897d2863c3"
 
 inherit autotools update-alternatives
 
diff --git a/poky/meta/recipes-support/diffoscope/diffoscope_242.bb b/poky/meta/recipes-support/diffoscope/diffoscope_244.bb
similarity index 70%
rename from poky/meta/recipes-support/diffoscope/diffoscope_242.bb
rename to poky/meta/recipes-support/diffoscope/diffoscope_244.bb
index 4b0d518..c17bd81 100644
--- a/poky/meta/recipes-support/diffoscope/diffoscope_242.bb
+++ b/poky/meta/recipes-support/diffoscope/diffoscope_244.bb
@@ -12,9 +12,22 @@
 
 inherit pypi setuptools3
 
-SRC_URI[sha256sum] = "d858c591d2c8d42b2b29eb6d229408607b1cd8a4e7ade72d0cd002db6d1c2a6e"
+SRC_URI[sha256sum] = "8bee8bbb144cdb7ddfa21886d5ce1822220139241c9a53def09b4adc3340db93"
 
-RDEPENDS:${PN} += "binutils vim squashfs-tools python3-libarchive-c python3-magic python3-rpm"
+RDEPENDS:${PN} += "\
+        binutils \
+        python3-curses \
+        python3-difflib \
+        python3-fcntl \
+        python3-json \
+        python3-libarchive-c \
+        python3-magic \
+        python3-multiprocessing \
+        python3-pprint \
+        python3-rpm \
+        squashfs-tools \
+        vim \
+        "
 
 # Dependencies don't build for musl
 COMPATIBLE_HOST:libc-musl = 'null'
diff --git a/poky/meta/recipes-support/icu/icu_72-1.bb b/poky/meta/recipes-support/icu/icu_73-2.bb
similarity index 95%
rename from poky/meta/recipes-support/icu/icu_72-1.bb
rename to poky/meta/recipes-support/icu/icu_73-2.bb
index c2eae52..7c59f8b 100644
--- a/poky/meta/recipes-support/icu/icu_72-1.bb
+++ b/poky/meta/recipes-support/icu/icu_73-2.bb
@@ -78,7 +78,7 @@
 
 BBCLASSEXTEND = "native nativesdk"
 
-LIC_FILES_CHKSUM = "file://../LICENSE;md5=a89d03060ff9c46552434dbd1fe3ed1f"
+LIC_FILES_CHKSUM = "file://../LICENSE;md5=80c2cf39ad8ae12b9b9482a1737c6650"
 
 def icu_download_version(d):
     pvsplit = d.getVar('PV').split('-')
@@ -111,8 +111,8 @@
 SRC_URI:append:class-target = "\
            file://0001-Disable-LDFLAGSICUDT-for-Linux.patch \
           "
-SRC_URI[code.sha256sum] = "a2d2d38217092a7ed56635e34467f92f976b370e20182ad325edea6681a71d68"
-SRC_URI[data.sha256sum] = "ee19f876507d6c23d9e0a2b631096f6b0eaa6fa61728c33a89efdb55e3385dea"
+SRC_URI[code.sha256sum] = "818a80712ed3caacd9b652305e01afc7fa167e6f2e94996da44b90c2ab604ce1"
+SRC_URI[data.sha256sum] = "ca1ee076163b438461e484421a7679fc33a64cd0a54f9d4b401893fa1eb42701"
 
 UPSTREAM_CHECK_REGEX = "releases/tag/release-(?P<pver>(?!.+rc).+)"
 GITHUB_BASE_URI = "https://github.com/unicode-org/icu/releases"
diff --git a/poky/meta/recipes-support/libassuan/libassuan_2.5.5.bb b/poky/meta/recipes-support/libassuan/libassuan_2.5.6.bb
similarity index 93%
rename from poky/meta/recipes-support/libassuan/libassuan_2.5.5.bb
rename to poky/meta/recipes-support/libassuan/libassuan_2.5.6.bb
index 2bab3ac..7e899e7 100644
--- a/poky/meta/recipes-support/libassuan/libassuan_2.5.5.bb
+++ b/poky/meta/recipes-support/libassuan/libassuan_2.5.6.bb
@@ -20,7 +20,7 @@
            file://libassuan-add-pkgconfig-support.patch \
           "
 
-SRC_URI[sha256sum] = "8e8c2fcc982f9ca67dcbb1d95e2dc746b1739a4668bc20b3a3c5be632edb34e4"
+SRC_URI[sha256sum] = "e9fd27218d5394904e4e39788f9b1742711c3e6b41689a31aa3380bd5aa4f426"
 
 BINCONFIG = "${bindir}/libassuan-config"
 
diff --git a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb
index 58f07a1..524b06c 100644
--- a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb
+++ b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb
@@ -29,8 +29,8 @@
            "
 SRC_URI[sha256sum] = "3b9c02a004b68c256add99701de00b383accccf37177e0d6c58289664cce0c03"
 
-# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro.
-CVE_CHECK_IGNORE += "CVE-2018-12433 CVE-2018-12438"
+CVE_STATUS[CVE-2018-12433] = "disputed: CVE is disputed and not affecting crypto libraries for any distro."
+CVE_STATUS[CVE-2018-12438] = "disputed: CVE is disputed and not affecting crypto libraries for any distro."
 
 BINCONFIG = "${bindir}/libgcrypt-config"
 
diff --git a/poky/meta/recipes-support/libksba/libksba_1.6.3.bb b/poky/meta/recipes-support/libksba/libksba_1.6.4.bb
similarity index 93%
rename from poky/meta/recipes-support/libksba/libksba_1.6.3.bb
rename to poky/meta/recipes-support/libksba/libksba_1.6.4.bb
index dc39693..f9636f9 100644
--- a/poky/meta/recipes-support/libksba/libksba_1.6.3.bb
+++ b/poky/meta/recipes-support/libksba/libksba_1.6.4.bb
@@ -24,7 +24,7 @@
 SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
            file://ksba-add-pkgconfig-support.patch"
 
-SRC_URI[sha256sum] = "3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c"
+SRC_URI[sha256sum] = "bbb43f032b9164d86c781ffe42213a83bf4f2fee91455edfa4654521b8b03b6b"
 
 do_configure:prepend () {
 	# Else these could be used in preference to those in aclocal-copy
diff --git a/poky/meta/recipes-support/libmd/libmd_1.0.4.bb b/poky/meta/recipes-support/libmd/libmd_1.1.0.bb
similarity index 86%
rename from poky/meta/recipes-support/libmd/libmd_1.0.4.bb
rename to poky/meta/recipes-support/libmd/libmd_1.1.0.bb
index b93dc2d..dc588a0 100644
--- a/poky/meta/recipes-support/libmd/libmd_1.0.4.bb
+++ b/poky/meta/recipes-support/libmd/libmd_1.1.0.bb
@@ -9,7 +9,7 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=0436d4fb62a71f661d6e8b7812f9e1df"
 
 SRC_URI = "https://archive.hadrons.org/software/libmd/libmd-${PV}.tar.xz"
-SRC_URI[sha256sum] = "f51c921042e34beddeded4b75557656559cf5b1f2448033b4c1eec11c07e530f"
+SRC_URI[sha256sum] = "1bd6aa42275313af3141c7cf2e5b964e8b1fd488025caf2f971f43b00776b332"
 
 inherit autotools
 
diff --git a/poky/meta/recipes-support/libproxy/libproxy_0.4.18.bb b/poky/meta/recipes-support/libproxy/libproxy_0.4.18.bb
deleted file mode 100644
index 01ba2a6..0000000
--- a/poky/meta/recipes-support/libproxy/libproxy_0.4.18.bb
+++ /dev/null
@@ -1,38 +0,0 @@
-SUMMARY = "Library providing automatic proxy configuration management"
-DESCRIPTION = "libproxy  provides  interfaces  to  get  the proxy that will be \
-used to access network resources. It uses various plugins to get proxy \
-configuration  via different mechanisms (e.g. environment variables or \
-desktop settings)."
-HOMEPAGE = "https://github.com/libproxy/libproxy"
-BUGTRACKER = "https://github.com/libproxy/libproxy/issues"
-SECTION = "libs"
-LICENSE = "LGPL-2.1-or-later"
-LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
-                    file://utils/proxy.c;beginline=1;endline=18;md5=55152a1006d7dafbef32baf9c30a99c0"
-
-DEPENDS = "glib-2.0"
-
-SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "69b5856e9ea42c38ac77e6b8c92ffc86a71d341fef74e77bef85f9cc6c47a4b1"
-
-inherit cmake pkgconfig github-releases
-
-PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'gnome', '', d)} gnome3"
-PACKAGECONFIG[gnome] = "-DWITH_GNOME=yes,-DWITH_GNOME=no,gconf"
-PACKAGECONFIG[gnome3] = "-DWITH_GNOME3=yes,-DWITH_GNOME3=no"
-
-EXTRA_OECMAKE += " \
-    -DWITH_KDE=no \
-    -DWITH_MOZJS=no \
-    -DWITH_NM=no \
-    -DWITH_PERL=no \
-    -DWITH_PYTHON2=no \
-    -DWITH_PYTHON3=no \
-    -DWITH_WEBKIT=no \
-    -DWITH_SYSCONFIG=no \
-    -DLIB_INSTALL_DIR=${libdir} \
-    -DLIBEXEC_INSTALL_DIR=${libexecdir} \
-"
-SECURITY_PIE_CFLAGS:remove = "-fPIE -pie"
-
-FILES:${PN} += "${libdir}/${BPN}/${PV}/modules"
diff --git a/poky/meta/recipes-support/libproxy/libproxy_0.5.3.bb b/poky/meta/recipes-support/libproxy/libproxy_0.5.3.bb
new file mode 100644
index 0000000..db88af0
--- /dev/null
+++ b/poky/meta/recipes-support/libproxy/libproxy_0.5.3.bb
@@ -0,0 +1,28 @@
+SUMMARY = "Library providing automatic proxy configuration management"
+DESCRIPTION = "libproxy  provides  interfaces  to  get  the proxy that will be \
+used to access network resources. It uses various plugins to get proxy \
+configuration  via different mechanisms (e.g. environment variables or \
+desktop settings)."
+HOMEPAGE = "https://github.com/libproxy/libproxy"
+BUGTRACKER = "https://github.com/libproxy/libproxy/issues"
+SECTION = "libs"
+LICENSE = "LGPL-2.1-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
+                    file://src/libproxy/proxy.c;beginline=1;endline=20;md5=bb9a177ef1c995311070f34c5638a402 \
+                   "
+
+DEPENDS = "glib-2.0"
+
+SRC_URI = "git://github.com/libproxy/libproxy;protocol=https;branch=main"
+SRCREV = "29d51a611f28af0bdbd51a5779cc8df264c8dcff"
+S = "${WORKDIR}/git"
+
+inherit meson pkgconfig gobject-introspection vala gi-docgen
+GIDOCGEN_MESON_OPTION = 'docs'
+
+PACKAGECONFIG ?= ""
+PACKAGECONFIG[curl] = "-Dcurl=true,-Dcurl=false,curl"
+PACKAGECONFIG[config-gnome] = "-Dconfig-gnome=true,-Dconfig-gnome=false,gsettings-desktop-schemas"
+PACKAGECONFIG[pacrunner-duktape] = "-Dpacrunner-duktape=true,-Dpacrunner-duktape=false,duktape"
+
+FILES:${PN} += "${libdir}/${BPN}/${PV}/modules"
diff --git a/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch b/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch
deleted file mode 100644
index ee916c4..0000000
--- a/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box,
-so we need to re-enable them as a workaround for the test
-suite until upstream updates the tests.
-
-See: https://github.com/libssh2/libssh2/issues/630
-
-Upstream-Status: Backport [alternative fixes merged upstream]
-
-Patch taken from https://github.com/mirror-rpm/libssh2/commit/47f7114f7d0780f3075bad51a71881f45cc933c5
-
---- a/tests/ssh2.sh
-+++ b/tests/ssh2.sh
-@@ -25,7 +25,8 @@ $SSHD -f /dev/null -h "$srcdir"/etc/host
-     -o 'Port 4711' \
-     -o 'Protocol 2' \
-     -o "AuthorizedKeysFile $srcdir/etc/user.pub" \
--    -o 'UsePrivilegeSeparation no' \
-+    -o 'HostKeyAlgorithms +ssh-rsa' \
-+    -o 'PubkeyAcceptedAlgorithms +ssh-rsa' \
-     -o 'StrictModes no' \
-     -D \
-     $libssh2_sshd_params &
-
diff --git a/poky/meta/recipes-support/libssh2/libssh2/run-ptest b/poky/meta/recipes-support/libssh2/libssh2/run-ptest
index 5e7426f..0f5526e 100644
--- a/poky/meta/recipes-support/libssh2/libssh2/run-ptest
+++ b/poky/meta/recipes-support/libssh2/libssh2/run-ptest
@@ -2,7 +2,7 @@
 
 ptestdir=$(dirname "$(readlink -f "$0")")
 cd tests
-for test in simple mansyntax.sh ssh2.sh
+for test in mansyntax.sh test_simple test_sshd.test
 do
 	./../test-driver --test-name $test --log-file ../$test.log --trs-file ../$test.trs --color-tests no --enable-hard-errors yes --expect-failure no -- ./$test
 done
diff --git a/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb b/poky/meta/recipes-support/libssh2/libssh2_1.11.0.bb
similarity index 71%
rename from poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb
rename to poky/meta/recipes-support/libssh2/libssh2_1.11.0.bb
index d551337..edc25db 100644
--- a/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb
+++ b/poky/meta/recipes-support/libssh2/libssh2_1.11.0.bb
@@ -5,21 +5,22 @@
 DEPENDS = "zlib"
 
 LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://COPYING;md5=3e089ad0cf27edf1e7f261dfcd06acc7"
+LIC_FILES_CHKSUM = "file://COPYING;md5=24a33237426720395ebb1dd1349ca225"
 
 SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \
-           file://fix-ssh2-test.patch \
            file://run-ptest \
            "
 
-SRC_URI[sha256sum] = "2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51"
+SRC_URI[sha256sum] = "3736161e41e2693324deb38c26cfdc3efe6209d634ba4258db1cecff6a5ad461"
 
 inherit autotools pkgconfig ptest
 
 EXTRA_OECONF += "\
                  --with-libz \
                  --with-libz-prefix=${STAGING_LIBDIR} \
+                 --disable-rpath \
                 "
+DISABLE_STATIC = ""
 
 # only one of openssl and gcrypt could be set
 PACKAGECONFIG ??= "openssl"
@@ -29,7 +30,7 @@
 BBCLASSEXTEND = "native nativesdk"
 
 # required for ptest on documentation
-RDEPENDS:${PN}-ptest = "man-db openssh util-linux-col"
+RDEPENDS:${PN}-ptest = "bash man-db openssh util-linux-col"
 RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-en-us"
 
 do_compile_ptest() {
@@ -41,9 +42,11 @@
 	install -d ${D}${PTEST_PATH}/tests
 	install -m 0755 ${S}/test-driver ${D}${PTEST_PATH}/
 	cp -rf ${B}/tests/.libs/* ${D}${PTEST_PATH}/tests/
+	cp -rf ${B}/tests/test_simple ${D}${PTEST_PATH}/tests/
 	cp -rf ${S}/tests/mansyntax.sh  ${D}${PTEST_PATH}/tests/
-	cp -rf ${S}/tests/ssh2.sh  ${D}${PTEST_PATH}/tests/
-	cp -rf ${S}/tests/etc ${D}${PTEST_PATH}/tests/
+	cp -rf ${S}/tests/key*  ${D}${PTEST_PATH}/tests/
+	cp -rf ${S}/tests/openssh_server/  ${D}${PTEST_PATH}/tests/
+	cp -rf ${S}/tests/*.test  ${D}${PTEST_PATH}/tests/
 	mkdir -p ${D}${PTEST_PATH}/docs
 	cp -r ${S}/docs/* ${D}${PTEST_PATH}/docs/
 }
diff --git a/poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb b/poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb
index bf35a94..ed5b15b 100644
--- a/poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb
+++ b/poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb
@@ -19,9 +19,7 @@
 
 UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar"
 
-# We have libxml2 2.9.14 and we don't link statically with it anyway
-# so this isn't an issue.
-CVE_CHECK_IGNORE += "CVE-2022-29824"
+CVE_STATUS[CVE-2022-29824] = "not-applicable-config: Static linking to libxml2 is not enabled."
 
 S = "${WORKDIR}/libxslt-${PV}"
 
diff --git a/poky/meta/recipes-support/lz4/lz4_1.9.4.bb b/poky/meta/recipes-support/lz4/lz4_1.9.4.bb
index d2a25fd..51a854d 100644
--- a/poky/meta/recipes-support/lz4/lz4_1.9.4.bb
+++ b/poky/meta/recipes-support/lz4/lz4_1.9.4.bb
@@ -21,8 +21,7 @@
 
 inherit ptest
 
-# Fixed in r118, which is larger than the current version.
-CVE_CHECK_IGNORE += "CVE-2014-4715"
+CVE_STATUS[CVE-2014-4715] = "fixed-version: Fixed in r118, which is larger than the current version."
 
 EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no"
 
diff --git a/poky/meta/recipes-support/nettle/nettle_3.9.bb b/poky/meta/recipes-support/nettle/nettle_3.9.1.bb
similarity index 96%
rename from poky/meta/recipes-support/nettle/nettle_3.9.bb
rename to poky/meta/recipes-support/nettle/nettle_3.9.1.bb
index 7a5bdb2..6bb76a6 100644
--- a/poky/meta/recipes-support/nettle/nettle_3.9.bb
+++ b/poky/meta/recipes-support/nettle/nettle_3.9.1.bb
@@ -20,7 +20,7 @@
            file://check-header-files-of-openssl-only-if-enable_.patch \
            "
 
-SRC_URI[sha256sum] = "0ee7adf5a7201610bb7fe0acbb7c9b3be83be44904dd35ebbcd965cd896bfeaa"
+SRC_URI[sha256sum] = "ccfeff981b0ca71bbd6fbcb054f407c60ffb644389a5be80d6716d5b550c6ce3"
 
 UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/poky/meta/recipes-support/nghttp2/nghttp2_1.53.0.bb b/poky/meta/recipes-support/nghttp2/nghttp2_1.55.1.bb
similarity index 91%
rename from poky/meta/recipes-support/nghttp2/nghttp2_1.53.0.bb
rename to poky/meta/recipes-support/nghttp2/nghttp2_1.55.1.bb
index 88d5f31..1be9a34 100644
--- a/poky/meta/recipes-support/nghttp2/nghttp2_1.53.0.bb
+++ b/poky/meta/recipes-support/nghttp2/nghttp2_1.55.1.bb
@@ -8,7 +8,7 @@
     ${GITHUB_BASE_URI}/download/v${PV}/nghttp2-${PV}.tar.xz \
     file://0001-fetch-ocsp-response-use-python3.patch \
 "
-SRC_URI[sha256sum] = "b867184254e5a29b0ba68413aa14f8b0ce1142a371761374598dec092dabb809"
+SRC_URI[sha256sum] = "19490b7c8c2ded1cf7c3e3a54ef4304e3a7876ae2d950d60a81d0dc6053be419"
 
 inherit cmake manpages python3native github-releases
 PACKAGECONFIG[manpages] = ""
diff --git a/poky/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb b/poky/meta/recipes-support/p11-kit/p11-kit_0.25.0.bb
similarity index 95%
rename from poky/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb
rename to poky/meta/recipes-support/p11-kit/p11-kit_0.25.0.bb
index 72b4462..ad207d0 100644
--- a/poky/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb
+++ b/poky/meta/recipes-support/p11-kit/p11-kit_0.25.0.bb
@@ -11,7 +11,7 @@
 DEPENDS:append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}"
 
 SRC_URI = "git://github.com/p11-glue/p11-kit;branch=master;protocol=https"
-SRCREV = "dd0590d4e583f107e3e9fafe9ed754149da335d0"
+SRCREV = "a8cce8bd8065bbf80bd47219f85f0cd9cf27dd0c"
 S = "${WORKDIR}/git"
 
 PACKAGECONFIG ??= ""
diff --git a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
index 9a9b8ec..60918a3 100644
--- a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
+++ b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
@@ -7,7 +7,7 @@
 LICENSE = "GPL-2.0-or-later"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe"
 
-SRCREV = "a6c7dcda520402adb62a31b8b1c7686c5b8a4875"
+SRCREV = "4148e75284e443fc8ffaef425c467aa5523528ff"
 PV .= "+git${SRCPV}"
 
 SRC_URI = "git://git.yoctoproject.org/ptest-runner2;branch=master;protocol=https \
diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.41.2.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
deleted file mode 100644
index b09e8e7..0000000
--- a/poky/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
+++ /dev/null
@@ -1,14 +0,0 @@
-require sqlite3.inc
-
-LICENSE = "PD"
-LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
-
-SRC_URI = "http://www.sqlite.org/2023/sqlite-autoconf-${SQLITE_PV}.tar.gz"
-SRC_URI[sha256sum] = "e98c100dd1da4e30fa460761dab7c0b91a50b785e167f8c57acc46514fae9499"
-
-# -19242 is only an issue in specific development branch commits
-CVE_CHECK_IGNORE += "CVE-2019-19242"
-# This is believed to be iOS specific (https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA)
-CVE_CHECK_IGNORE += "CVE-2015-3717"
-# Issue in an experimental extension we don't have/use. Fixed by https://sqlite.org/src/info/b1e0c22ec981cf5f
-CVE_CHECK_IGNORE += "CVE-2021-36690"
diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.42.0.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.42.0.bb
new file mode 100644
index 0000000..8783f62
--- /dev/null
+++ b/poky/meta/recipes-support/sqlite/sqlite3_3.42.0.bb
@@ -0,0 +1,8 @@
+require sqlite3.inc
+
+LICENSE = "PD"
+LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
+
+SRC_URI = "http://www.sqlite.org/2023/sqlite-autoconf-${SQLITE_PV}.tar.gz"
+SRC_URI[sha256sum] = "7abcfd161c6e2742ca5c6c0895d1f853c940f203304a0b49da4e1eca5d088ca6"
+
diff --git a/poky/meta/recipes-support/taglib/taglib_1.13.bb b/poky/meta/recipes-support/taglib/taglib_1.13.1.bb
similarity index 95%
rename from poky/meta/recipes-support/taglib/taglib_1.13.bb
rename to poky/meta/recipes-support/taglib/taglib_1.13.1.bb
index 6560bc3..3f0a759 100644
--- a/poky/meta/recipes-support/taglib/taglib_1.13.bb
+++ b/poky/meta/recipes-support/taglib/taglib_1.13.1.bb
@@ -11,7 +11,7 @@
 
 SRC_URI = "http://taglib.github.io/releases/${BP}.tar.gz"
 
-SRC_URI[sha256sum] = "58f08b4db3dc31ed152c04896ee9172d22052bc7ef12888028c01d8b1d60ade0"
+SRC_URI[sha256sum] = "c8da2b10f1bfec2cd7dbfcd33f4a2338db0765d851a50583d410bacf055cfd0b"
 
 UPSTREAM_CHECK_URI = "https://taglib.org/"
 
diff --git a/poky/meta/recipes-support/vte/vte_0.72.1.bb b/poky/meta/recipes-support/vte/vte_0.72.2.bb
similarity index 94%
rename from poky/meta/recipes-support/vte/vte_0.72.1.bb
rename to poky/meta/recipes-support/vte/vte_0.72.2.bb
index b9ff318..4249b75 100644
--- a/poky/meta/recipes-support/vte/vte_0.72.1.bb
+++ b/poky/meta/recipes-support/vte/vte_0.72.2.bb
@@ -21,7 +21,7 @@
 
 # vapigen.m4 is required when vala is not present (but the one from vala should be used normally)
 SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch"
-SRC_URI[archive.sha256sum] = "0554f9f88d56ce2d78398fcc7f69bc00e53bbbc5f694e0ae1dcaf5286f89d7e4"
+SRC_URI[archive.sha256sum] = "f7966fd185a6981f53964162b71cfef7e606495155d6f5827b72aa0dd6741c9e"
 
 ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
 
diff --git a/poky/scripts/lib/recipetool/create.py b/poky/scripts/lib/recipetool/create.py
index 824ac63..e99e071 100644
--- a/poky/scripts/lib/recipetool/create.py
+++ b/poky/scripts/lib/recipetool/create.py
@@ -745,6 +745,10 @@
     for handler in handlers:
         handler.process(srctree_use, classes, lines_before, lines_after, handled, extravalues)
 
+    # native and nativesdk classes are special and must be inherited last
+    # If present, put them at the end of the classes list
+    classes.sort(key=lambda c: c in ("native", "nativesdk"))
+
     extrafiles = extravalues.pop('extrafiles', {})
     extra_pn = extravalues.pop('PN', None)
     extra_pv = extravalues.pop('PV', None)
diff --git a/poky/scripts/lib/recipetool/create_npm.py b/poky/scripts/lib/recipetool/create_npm.py
index 3394a89..113a89f 100644
--- a/poky/scripts/lib/recipetool/create_npm.py
+++ b/poky/scripts/lib/recipetool/create_npm.py
@@ -13,6 +13,7 @@
 import tempfile
 import bb
 from bb.fetch2.npm import NpmEnvironment
+from bb.fetch2.npm import npm_package
 from bb.fetch2.npmsw import foreach_dependencies
 from recipetool.create import RecipeHandler
 from recipetool.create import get_license_md5sums
@@ -31,15 +32,6 @@
     """Class to handle the npm recipe creation"""
 
     @staticmethod
-    def _npm_name(name):
-        """Generate a Yocto friendly npm name"""
-        name = re.sub("/", "-", name)
-        name = name.lower()
-        name = re.sub(r"[^\-a-z0-9]", "", name)
-        name = name.strip("-")
-        return name
-
-    @staticmethod
     def _get_registry(lines):
         """Get the registry value from the 'npm://registry' url"""
         registry = None
@@ -142,11 +134,10 @@
                     licfiles.append(os.path.relpath(readme, srctree))
 
         # Handle the dependencies
-        def _handle_dependency(name, params, deptree):
-            suffix = "-".join([self._npm_name(dep) for dep in deptree])
-            destdirs = [os.path.join("node_modules", dep) for dep in deptree]
-            destdir = os.path.join(*destdirs)
-            packages["${PN}-" + suffix] = destdir
+        def _handle_dependency(name, params, destdir):
+            deptree = destdir.split('node_modules/')
+            suffix = "-".join([npm_package(dep) for dep in deptree])
+            packages["${PN}" + suffix] = destdir
             _licfiles_append_fallback_readme_files(destdir)
 
         with open(shrinkwrap_file, "r") as f:
@@ -155,6 +146,23 @@
         foreach_dependencies(shrinkwrap, _handle_dependency, dev)
 
         return licfiles, packages
+    
+    # Handle the peer dependencies   
+    def _handle_peer_dependency(self, shrinkwrap_file):
+        """Check if package has peer dependencies and show warning if it is the case"""
+        with open(shrinkwrap_file, "r") as f:
+            shrinkwrap = json.load(f)
+        
+        packages = shrinkwrap.get("packages", {})
+        peer_deps = packages.get("", {}).get("peerDependencies", {})
+        
+        for peer_dep in peer_deps:
+            peer_dep_yocto_name = npm_package(peer_dep)
+            bb.warn(peer_dep + " is a peer dependencie of the actual package. " + 
+            "Please add this peer dependencie to the RDEPENDS variable as %s and generate its recipe with devtool"
+            % peer_dep_yocto_name)
+
+
 
     def process(self, srctree, classes, lines_before, lines_after, handled, extravalues):
         """Handle the npm recipe creation"""
@@ -173,7 +181,7 @@
         if "name" not in data or "version" not in data:
             return False
 
-        extravalues["PN"] = self._npm_name(data["name"])
+        extravalues["PN"] = npm_package(data["name"])
         extravalues["PV"] = data["version"]
 
         if "description" in data:
@@ -242,7 +250,7 @@
             value = origvalue.replace("version=" + data["version"], "version=${PV}")
             value = value.replace("version=latest", "version=${PV}")
             values = [line.strip() for line in value.strip('\n').splitlines()]
-            if "dependencies" in shrinkwrap:
+            if "dependencies" in shrinkwrap.get("packages", {}).get("", {}):
                 values.append(url_recipe)
             return values, None, 4, False
 
@@ -292,6 +300,9 @@
         classes.append("npm")
         handled.append("buildsystem")
 
+        # Check if package has peer dependencies and inform the user
+        self._handle_peer_dependency(shrinkwrap_file)
+
         return True
 
 def register_recipe_handlers(handlers):
diff --git a/poky/scripts/lib/resulttool/resultutils.py b/poky/scripts/lib/resulttool/resultutils.py
index 7666331..c5521d8 100644
--- a/poky/scripts/lib/resulttool/resultutils.py
+++ b/poky/scripts/lib/resulttool/resultutils.py
@@ -58,7 +58,11 @@
             testseries = posixpath.basename(posixpath.dirname(url.path))
         else:
             with open(f, "r") as filedata:
-                data = json.load(filedata)
+                try:
+                    data = json.load(filedata)
+                except json.decoder.JSONDecodeError:
+                    print("Cannot decode {}. Possible corruption. Skipping.".format(f))
+                    data = ""
             testseries = os.path.basename(os.path.dirname(f))
     else:
         data = f
diff --git a/poky/scripts/oe-setup-builddir b/poky/scripts/oe-setup-builddir
index 89ae30f..678aeac 100755
--- a/poky/scripts/oe-setup-builddir
+++ b/poky/scripts/oe-setup-builddir
@@ -98,9 +98,17 @@
     SHOWYPDOC=yes
 fi
 
+if [ -z "$OECORENOTESCONF" ]; then
+    OECORENOTESCONF="$OEROOT/meta/conf/templates/default/conf-notes.txt"
+fi
+if [ ! -r "$BUILDDIR/conf/conf-notes.txt" ]; then
+    [ ! -r "$OECORENOTESCONF" ] || cp "$OECORENOTESCONF" "$BUILDDIR/conf/conf-notes.txt"
+fi
+
 # Prevent disturbing a new GIT clone in same console
 unset OECORELOCALCONF
 unset OECORELAYERCONF
+unset OECORENOTESCONF
 
 # Ending the first-time run message. Show the YP Documentation banner.
 if [ -n "$SHOWYPDOC" ]; then
@@ -116,11 +124,7 @@
 #    unset SHOWYPDOC
 fi
 
-if [ -z "$OECORENOTESCONF" ]; then
-    OECORENOTESCONF="$OEROOT/meta/conf/templates/default/conf-notes.txt"
-fi
-[ ! -r "$OECORENOTESCONF" ] || cat "$OECORENOTESCONF"
-unset OECORENOTESCONF
+[ ! -r "$BUILDDIR/conf/conf-notes.txt" ] || cat "$BUILDDIR/conf/conf-notes.txt"
 
 if [ ! -f "$BUILDDIR/conf/templateconf.cfg" ]; then
     echo "$ORG_TEMPLATECONF" >"$BUILDDIR/conf/templateconf.cfg"
diff --git a/poky/scripts/pybootchartgui/pybootchartgui/draw.py b/poky/scripts/pybootchartgui/pybootchartgui/draw.py
index e71fe09..3d1ff69 100644
--- a/poky/scripts/pybootchartgui/pybootchartgui/draw.py
+++ b/poky/scripts/pybootchartgui/pybootchartgui/draw.py
@@ -620,8 +620,8 @@
 
     return curr_y
 
-def render_processes_chart(ctx, options, trace, curr_y, w, h, sec_w):
-    chart_rect = [off_x, curr_y+header_h, w, h - curr_y - 1 * off_y - header_h  ]
+def render_processes_chart(ctx, options, trace, curr_y, width, h, sec_w):
+    chart_rect = [off_x, curr_y+header_h, width, h - curr_y - 1 * off_y - header_h  ]
 
     draw_legend_box (ctx, "Configure", \
              TASK_COLOR_CONFIGURE, off_x  , curr_y + 45, leg_s)
@@ -646,8 +646,9 @@
     offset = trace.min or min(trace.start.keys())
     for start in sorted(trace.start.keys()):
         for process in sorted(trace.start[start]):
+            elapsed_time = trace.processes[process][1] - start
             if not options.app_options.show_all and \
-                    trace.processes[process][1] - start < options.app_options.mintime:
+                    elapsed_time < options.app_options.mintime:
                 continue
             task = process.split(":")[1]
 
@@ -656,7 +657,7 @@
             #print(s)
 
             x = chart_rect[0] + (start - offset) * sec_w
-            w = ((trace.processes[process][1] - start) * sec_w)
+            w = elapsed_time * sec_w
 
             #print("proc at %s %s %s %s" % (x, y, w, proc_h))
             col = None
@@ -681,11 +682,9 @@
                 draw_fill_rect(ctx, col, (x, y, w, proc_h))
             draw_rect(ctx, PROC_BORDER_COLOR, (x, y, w, proc_h))
 
-            draw_label_in_box(ctx, PROC_TEXT_COLOR, process, x, y + proc_h - 4, w, proc_h)
-
             # Show elapsed time for each task
-            elapsed_time = f"{trace.processes[process][1] - start}s"
-            draw_text(ctx, elapsed_time, PROC_TEXT_COLOR, x + w + 4, y + proc_h - 4)
+            process = "%ds %s" % (elapsed_time, process)
+            draw_label_in_box(ctx, PROC_TEXT_COLOR, process, x, y + proc_h - 4, w, width)
 
             y = y + proc_h
 
diff --git a/poky/scripts/runqemu b/poky/scripts/runqemu
index e1aa5a9..5e6793d 100755
--- a/poky/scripts/runqemu
+++ b/poky/scripts/runqemu
@@ -648,10 +648,10 @@
                         elif fsflag == 'kernel-in-fs':
                             wic_fs = False
                         else:
-                            logger.warn('Unknown flag "%s:%s" in QB_FSINFO', fstype, fsflag)
+                            logger.warning('Unknown flag "%s:%s" in QB_FSINFO', fstype, fsflag)
                             continue
                     else:
-                        logger.warn('QB_FSINFO is not supported for image type "%s"', fstype)
+                        logger.warning('QB_FSINFO is not supported for image type "%s"', fstype)
                         continue
 
                     if fstype in self.fsinfo:
@@ -1186,7 +1186,7 @@
             gid = os.getgid()
             uid = os.getuid()
             logger.info("Setting up tap interface under sudo")
-            cmd = ('sudo', self.qemuifup, str(uid), str(gid))
+            cmd = ('sudo', self.qemuifup, str(gid))
             try:
                 tap = subprocess.check_output(cmd).decode('utf-8').strip()
             except subprocess.CalledProcessError as e:
@@ -1597,7 +1597,7 @@
             uptime_seconds = f.readline().split()[0]
         logger.info('Host uptime: %s\n' % uptime_seconds)
         if self.cleantap:
-            cmd = ('sudo', self.qemuifdown, self.tap, self.bindir_native)
+            cmd = ('sudo', self.qemuifdown, self.tap)
             logger.debug('Running %s' % str(cmd))
             subprocess.check_call(cmd)
         self.release_taplock()
diff --git a/poky/scripts/runqemu-ifdown b/poky/scripts/runqemu-ifdown
index 78be288..822a2a39 100755
--- a/poky/scripts/runqemu-ifdown
+++ b/poky/scripts/runqemu-ifdown
@@ -16,7 +16,7 @@
 #
 
 usage() {
-	echo "sudo $(basename $0) <tap-dev> <native-sysroot-basedir>"
+	echo "sudo $(basename $0) <tap-dev>"
 }
 
 if [ $EUID -ne 0 ]; then
@@ -24,15 +24,19 @@
 	exit 1
 fi
 
-if [ $# -ne 2 ]; then
+if [ $# -gt 2 ] || [ $# -lt 1 ]; then
 	usage
 	exit 1
 fi
 
-TAP=$1
-STAGING_BINDIR_NATIVE=$2
+# backward compatibility
+if [ $# -eq 2 ] ; then
+	echo "Warning: native-sysroot-basedir parameter is ignored. It is no longer needed." >&2
+fi
 
-if !ip tuntap del $TAP mode tap 2>/dev/null; then
+TAP=$1
+
+if ! ip tuntap del $TAP mode tap 2>/dev/null; then
 	echo "Error: Unable to run up tuntap del"
 	exit 1
 fi
@@ -56,8 +60,13 @@
 	echo "$IPTABLES cannot be executed"
 	exit 1
 fi
-n=$[ (`echo $TAP | sed 's/tap//'` * 2) + 1 ]
-dest=$[ (`echo $TAP | sed 's/tap//'` * 2) + 2 ]
+
+if [ -z "$OE_TAP_NAME" ]; then
+	OE_TAP_NAME=tap
+fi
+
+n=$[ (`echo $TAP | sed "s/$OE_TAP_NAME//"` * 2) + 1 ]
+dest=$[ (`echo $TAP | sed "s/$OE_TAP_NAME//"` * 2) + 2 ]
 $IPTABLES -D POSTROUTING -t nat -j MASQUERADE -s 192.168.7.$n/32
 $IPTABLES -D POSTROUTING -t nat -j MASQUERADE -s 192.168.7.$dest/32
 true
diff --git a/poky/scripts/runqemu-ifup b/poky/scripts/runqemu-ifup
index c65ceaf..05c9325 100755
--- a/poky/scripts/runqemu-ifup
+++ b/poky/scripts/runqemu-ifup
@@ -30,7 +30,7 @@
 fi
 
 if [ $# -eq 2 ]; then
-	echo "Warning: uid parameter is ignored. It is no longer needed."
+	echo "Warning: uid parameter is ignored. It is no longer needed." >&2
 	GROUP="$2"
 elif [ $# -eq 1 ]; then
 	GROUP="$1"