subtree updates

poky: ee0d001b81..4161dbbbd6:
  Aatir Manzur (1):
        docs: add CONVERSION_CMD definition

  Ahmed Hossam (1):
        insane.bbclass: host-user-contaminated: Correct per package home path

  Alejandro Hernandez Samaniego (1):
        package.bbclass: Fix base directory for debugsource files when using externalsrc

  Alex Kiernan (1):
        python3-cryptography: Cleanup DEPENDS/RDEPENDS

  Alexander Kanavin (53):
        mesa: update 22.0.3 -> 22.1.2
        python3-numpy: update 1.22.3 -> 1.22.4
        python3-setuptools: update 62.3.2 -> 62.5.0
        vulkan: upgrade 1.3.211.0 -> 1.3.216.0
        lttng-modules: update 2.13.3 -> 2.13.4
        go: update 1.18.2 -> 1.18.3
        ell: update 0.50 -> 0.51
        libdrm: update 2.4.110 -> 2.4.111
        diffoscope: upgrade 215 -> 216
        dos2unix: upgrade 7.4.2 -> 7.4.3
        librsvg: upgrade 2.54.3 -> 2.54.4
        puzzles: upgrade to latest revision
        sudo: upgrade 1.9.10 -> 1.9.11p2
        wireless-regdb: upgrade 2022.04.08 -> 2022.06.06
        x264: upgrade to latest revision
        python3-requests: upgrade 2.27.1 -> 2.28.0
        oeqa/sdk: drop the nativesdk-python 2.x test
        python3-hatch-vcs: fix upstream version check
        at: take tarballs from debian
        pango: exclude 1.9x versions which are 2.x pre-releases.
        adwaita-icon-theme: upgrade 41.0 -> 42.0
        rust: update 1.60.0 -> 1.62.0
        weston: update 10.0.0 -> 10.0.1
        python3-setuptools-scm: upgrade 6.4.2 -> 7.0.3
        waffle: correctly request wayland-scanner executable
        openssl: update 3.0.4 -> 3.0.5
        diffoscope: upgrade 216 -> 217
        glib-2.0: upgrade 2.72.2 -> 2.72.3
        glib-networking: upgrade 2.72.0 -> 2.72.1
        gstreamer1.0: upgrade 1.20.2 -> 1.20.3
        harfbuzz: upgrade 4.3.0 -> 4.4.1
        kmod: upgrade 29 -> 30
        libsoup: upgrade 3.0.6 -> 3.0.7
        mesa: upgrade 22.1.2 -> 22.1.3
        mpg123: upgrade 1.29.3 -> 1.30.0
        nghttp2: upgrade 1.47.0 -> 1.48.0
        piglit: upgrade to latest revision
        pulseaudio: upgrade 16.0 -> 16.1
        python3-cffi: upgrade 1.15.0 -> 1.15.1
        python3-cryptography: upgrade 37.0.2 -> 37.0.3
        python3-cryptography-vectors: upgrade 37.0.2 -> 37.0.3
        python3-hatchling: upgrade 1.3.0 -> 1.3.1
        python3-hypothesis: upgrade 6.46.11 -> 6.48.2
        python3-jsonschema: upgrade 4.6.0 -> 4.6.1
        python3-mako: upgrade 1.2.0 -> 1.2.1
        python3-pycryptodomex: upgrade 3.14.1 -> 3.15.0
        python3-requests: upgrade 2.28.0 -> 2.28.1
        python3-setuptools: upgrade 62.5.0 -> 62.6.0
        python3-sphinx: upgrade 5.0.0 -> 5.0.2
        xcb-proto: upgrade 1.15 -> 1.15.2
        procps: restrict version check to 3.x
        ncurses: mark upstream version as unknown
        wayland: update 1.20.0 -> 1.21.0

  Alexandre Belloni (1):
        oeqa/selftest/bbtests: Update message lookup for test_git_unpack_nonetwork_fail

  Aryaman Gupta (5):
        buildstats.py: enable collection of /proc/pressure data
        pybootchartgui: render cpu and io pressure
        buildstats.bbclass: correct sampling of system stats
        buildstats.py: close /proc/pressure/cpu file descriptor
        buildperf/base.py: skip reduced_proc_pressure directory

  Bruce Ashfield (29):
        perf: fix reproducibility in 5.19+
        linux-yocto/5.10: update to v5.10.121
        linux-yocto/5.15: update to v5.15.46
        linux-yocto/5.15: update to v5.15.48
        linux-yocto/5.10: update to v5.10.123
        linux-yocto-dev: bump to v5.19-rc
        linux-yocto/5.15: drop obselete GPIO sysfs ABI
        lttng-modules: fix 5.19+ build
        kernel-devsrc: fix reproducibility and buildpaths QA warning
        linux-yocto/5.15: update to v5.15.52
        linux-yocto/5.10: update to v5.10.128
        kernel-devsrc: ppc32: fix reproducibility
        linux-yocto/5.15: fix qemuppc buildpaths warning
        linux-yocto/5.15: fix build_OID_registry buildpaths warning
        yocto-bsps: update to v5.10.128 and buildpaths fixes
        yocto-bsps: update to v5.15.52 and buildpaths fixes
        linux-yocto/5.10: fix build_OID_registry/conmakehash buildpaths warning
        linux-yocto/5.10: fix buildpaths issue with gen-mach-types
        linux-yocto/5.15: fix buildpaths issue with gen-mach-types
        yocto-bsps/5.10: fix buildpaths issue with gen-mach-types
        yocto-bsps/5.15: fix buildpaths issue with gen-mach-types
        linux-yocto/5.15: update to v5.15.54
        linux-yocto/5.15: fix buildpaths issue with pnmtologo
        linux-yocto/5.10: update to v5.10.130
        linux-yocto/5.10: fix buildpaths issue with pnmtologo
        yocto-bsps/5.10: fix buildpaths issue with pnmtologo
        yocto-bsps/5.15: fix buildpaths issue with pnmtologo
        yocto-bsps: update to v5.15.54
        yocto-bsps: update to v5.10.130

  Christoph Lauer (1):
        package.bbclass: Avoid stripping signed kernel modules in splitdebuginfo

  David Bagonyi (1):
        sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity

  Dmitry Baryshkov (1):
        linux-firmware: upgrade 20220509 -> 20220610

  Enrico Scholz (6):
        npm: replace 'npm pack' call by 'tar czf'
        npm: return content of 'package.json' in 'npm_pack'
        npm: take 'version' directly from 'package.json'
        npm: disable 'audit' + 'fund'
        lib:npm_registry: initial checkin
        npm: use npm_registry to cache package

  Federico Pellegrin (1):
        signing-keys: fix RDEPENDS to signing-keys-dev

  Gennaro Iorio (1):
        bitbake: fetch2: gitsm: fix incorrect handling of git submodule relative urls

  He Zhe (1):
        curl: Fix build failure for qemuriscv64

  Jacob Kroon (1):
        bitbake: bitbake-user-manual: Correct description of the ??= operator

  Jose Quaresma (3):
        archiver: don't use machine variables in shared recipes
        sstate: Use the python3 ThreadPoolExecutor instead of the OE ThreadedPool
        oe/utils: remove the ThreadedPool

  Joshua Watt (1):
        classes/create-spdx: Add SPDX_PRETTY option

  Kai Kang (1):
        glibc-tests: not clear BBCLASSEXTEND

  Khem Raj (2):
        libmodule-build-perl: Use env utility to find perl interpreter
        ltp: Remove -mfpmath=sse on x86

  Luca Ceresoli (1):
        llvm: add PACKAGECONFIG[optviewer]

  Lucas Stach (1):
        perf: sort-pmuevents: really keep array terminators

  Marius Kriegerowski (1):
        scriptutils: fix style to be more PEP8 compliant

  Marta Rybczynska (2):
        cve-check: add support for Ignored CVEs
        oeqa/selftest/cve_check: add tests for Ignored and partial reports

  Martin Jansa (3):
        mesa: backport a patch to support compositors without zwp_linux_dmabuf_v1 again
        wic: fix WicError message
        bitbake: fetch2/git: show SRCREV and git repo in error message about fixed SRCREV

  Maxime Roussin-Bélanger (1):
        libffi: fix native build being not portable

  Michael Halstead (2):
        releases: include 3.1.17
        releases: include 4.0.2

  Michael Opdenacker (18):
        rootfs-postcommands.bbclass: correct comments
        dev-manual: mention the new CVE patch metrics page
        dev-manual: fix references to BitBake user manual
        docs: standards.md: add more rules: line wrapping and variables
        doc: standard for bulleted lists
        ref-manual: add description for the "sysroot" term
        manuals: update host tool requirements
        ref-manual: document SSTATE_EXCLUDEDEPS_SYSROOT
        ref-manual: document SYSTEMD_DEFAULT_TARGET
        ref-manual: IMAGE_FEATURES: add allow-root-login and correct allow-empty-password
        ref-manual: correct description of empty-root-passwd in IMAGE_FEATURES
        bitbake: doc: bitbake-user-manual: add explicit target for crates fetcher
        bitbake: doc: bitbake-user-manual: document npm and npmsw fetchers
        dev-manual: NPM packages: minor grammar fix
        manuals: switch to the sstate mirror shared between all versions
        manuals: replace hyphens with em dashes
        dev-manual: update section about creating NPM packages
        dev-manual: improve screenshot resolution

  Ming Liu (3):
        udev-extraconf: fix some systemd automount issues
        meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE
        udev-extraconf:mount.sh: fix path mismatching issues

  Mingli Yu (1):
        vim: not adjust script pathnames for native scripts either

  Muhammad Hamza (6):
        initramfs-framework: move storage mounts to actual rootfs
        udev-extraconf/mount.sh: add LABELs to mountpoints
        udev-extraconf/mount.sh: save mount name in our tmp filecache
        udev-extraconf/mount.sh: only mount devices on hotplug
        udev-extraconf: force systemd-udevd to use shared MountFlags
        udev-extraconf/mount.sh: ignore lvm in automount

  Nick Potenski (1):
        systemd: systemd-systemctl: Support instance conf files during enable

  Ola x Nilsson (1):
        bitbake: ConfHandler: Remove lingering close

  Pascal Bach (1):
        bin_package: install into base_prefix

  Paul Eggleton (4):
        devtool: ignore pn- overrides when determining SRC_URI overrides
        patch: handle if S points to a subdirectory of a git repo
        devtool: finish: handle patching when S points to subdir of a git repo
        oe-selftest: devtool: test modify git recipe building from a subdir

  Paulo Neves (14):
        python: Avoid shebang overflow on python-config.py
        gtk-doc: Fix potential shebang overflow on gtkdoc-mkhtml2
        ref-manual: SYSTEMD_SERVICE allows multiple services
        ref-manual: SYSTEMD_SERVICE overrides depend on SYSTEMD_PACKAGES
        insane.bbclass: Make do_qa_staging check shebangs
        oeqa/selftest: Add test for shebang overflow
        oeqa/selftest: Test staged .la and .pc files
        utils: Add cmdline_shebang_wrapper util.
        libcheck: Fix too long shebang for native case.
        utils: create_cmdline_shebang_wrapper whitespace and sed refactor
        utils: create_cmdline_shebang_wrapper preserve permission and ownership
        oeqa/sysroot.py: Check bitbake return status
        bitbake: fetch: bb.fatal when trying to checksum non-existing files
        oeqa: test_invalid_recipe_src_uri expect parse time error

  Pavel Zhukov (4):
        systemd: Add missed sys/file.h includes for musl
        systemd: Rebase patches on v251
        bitbake: tests/fetch: Add test for broken mirror tarball
        systemd: update upstream status of merged patches

  Peter Bergin (2):
        systemd: add packageconfig for sysext
        rust: fix issue building cross-canadian tools for aarch64 on x86_64

  Peter Kjellerstedt (2):
        ref-manual: Add documentation for INCOMPATIBLE_LICENSE_EXCEPTIONS
        base.bbclass: Correct the test for obsolete license exceptions

  Peter Marko (1):
        alsa-state: correct license

  Pgowda (1):
        binutils : CVE-2019-1010204

  Quentin Schulz (3):
        docs: releases: move hardknott and honister to outdated section
        docs: conf.py: bump minimum Sphinx version requirement
        Revert "docs: conf.py: fix cve extlinks caption for sphinx <4.0"

  Raju Kumar Pothuraju (2):
        runqemu: add QB_KERNEL_CMDLINE
        kernel-uboot.bbclass: Use vmlinux.initramfs when INITRAMFS_IMAGE_BUNDLE set

  Richard Purdie (42):
        gcc-source: Fix incorrect task dependencies from ${B}
        vim: Upgrade 8.2.5034 -> 8.2.5083
        local.conf.sample: Update sstate url to new 'all' path
        ref/dev-manual: Update multiconfig documentation
        oeqa/runtime/scp: Disable scp test for dropbear
        unzip: Port debian fixes for two CVEs
        elfutils/flex: Disable parallel make ptest compile
        bitbake: server/process: Fix logging issues where only the first message was displayed
        coreutils: Tweak packaging variable names for coreutils-dev
        packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation
        bitbake.conf/recipes: Introduce add DEV_PKG_DEPENDENCY to change RDEPENDS:${PN}-dev
        bitbake.conf: Change -dev RDEPENDS to RRECOMMENDS
        vim: 8.2.5083 -> 9.0.0005
        ncurses: 6.3 -> 6.3+20220423
        oe-selftest-image: Ensure the image has sftp as well as dropbear
        cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm)
        openssl: Upgrade 3.0.3 -> 3.0.4
        insane: Fix buildpaths test to work with special devices
        go: Filter build paths on staticly linked arches
        glibc-tests: Avoid reproducibility issues
        gperf: Add a patch to work around reproducibility issues
        bitbake: ConfHandler/BBHandler: Improve comment error messages and add tests
        icon-naming-utils: Resurrect for sato-icon-theme
        sato-icon-theme: Add back with support for scalable icons
        lua: Fix multilib buildpath reproducibility issues
        vala: Fix on target wrapper buildpaths issue
        gtk-doc: Remove hardcoded buildpath
        gperf: Switch to upstream patch
        qemu: Avoid accidental librdmacm linkage
        kernel-arch: Fix buildpaths leaking into external module compiles
        qemu: Fix slirp determinism issue
        qemu: Add PACKAGECONFIG for brlapi
        gcc-runtime: Fix build when using gold
        insane: Add buildpaths to WARN_QA by default
        insane: Reword staging to refer to populate_sysroot
        bitbake: fetch2: Ensure directory exists before creating symlink
        bitbake: fetch2: Drop DL_DIR fallback for local file fetcher
        oeqa/selftest/sstatetests: Update test to work with bitbake changes
        gcc-runtime: Fix missing MLPREFIX in debug mappings
        insane: Drop debug exclusion from buildpaths test
        selftest/runtime_test/virgl: Disable for all almalinux
        local.conf.sample: Mention other MACHINE options may exist

  Robert Joslyn (1):
        curl: Update to 7.84.0

  Ross Burton (24):
        python3: fix a race condition in the test_socket.testSockName test
        Add python3-editables (from meta-python)
        Add python3-pathspec (from meta-python)
        Add python3-hatchling (from meta-oe)
        python3-hatch-vcs: add new recipe
        python3-jsonschema: upgrade 4.5.1 -> 4.6.0
        package_manager: Change complementary package handling to not include soft dependencies
        cups: ignore CVE-2022-26691
        cve-check: hook cleanup to the BuildCompleted event, not CookerExit
        busybox: fix CVE-2022-30065
        ncurses: use GitHub mirror, not Debian's packaging
        ltp: remove open-posix-testsuite build logs
        tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058
        perl: don't install Makefile.old into perl-ptest
        vim: upgrade to 9.0.0021
        ltp: fix builds when host ld doesn't know about target ELF formats
        python3-setuptools-scm: add missing python3-typing-extensions dependency
        python3-flit-core: bootstrap explicitly
        python3-installer: bootstrap by installing installer with installer
        python3-picobuild: add new recipe
        python_pep517: use picobuild instead of manually calling the API
        classes: remove obsolete PEP517_BUILD_API
        python3-hatchling: remove PEP517_BUILD_API
        documentation: remove obsolete PEP517_BUILD_API

  Steve Sakoman (3):
        qemu: add PACKAGECONFIG for capstone
        qemu: Avoid accidental libvdeplug linkage
        ruby: add PACKAGECONFIG for capstone

  Sundeep KOKKONDA (2):
        glibc: stable 2.35 branch updates
        binutils : stable 2.38 branch updates

  Thomas Perrot (1):
        opensbi: Update to v1.1

  Thomas Roos (1):
        recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG

  Xu Huan (2):
        python3: upgrade 3.10.4 -> 3.10.5
        python3-magic: upgrade 0.4.26 -> 0.4.27

  Yi Zhao (2):
        popt: fix override syntax in RDEPENDS
        git: fix override syntax in RDEPENDS

  Yogesh Tyagi (2):
        testimage : remove curl-ptest from rpm index
        curl : Add ptest

  Yue Tao (1):
        gnupg: upgrade to 2.3.7 to fix CVE-2022-34903

  Yulong (Kevin) Liu (1):
        python3-pyasn1: Eliminated ptest deprecation warnings

  aatir (1):
        docs: make DISTRO_FEATURES description more explicit

  niko.mauno@vaisala.com (3):
        ptest.bbclass: Honor PARALLEL_MAKE, PARALLEL_MAKEINST
        valgrind: Drop redundant oe_runmake parameter
        strace: Drop redundant oe_runmake parameter

  pgowda (1):
        gcc: Backport a fix for gcc bug 105039

  ssuesens (3):
        weston.py: added xwayland test
        weston.init: enabled xwayland
        xwayland.weston-start: adaption of X11-unix folder

  wangmy (57):
        btrfs-tools: upgrade 5.18 -> 5.18.1
        ethtool: upgrade 5.17 -> 5.18
        file: upgrade 5.41 -> 5.42
        libx11: upgrade 1.8 -> 1.8.1
        lighttpd: upgrade 1.4.64 -> 1.4.65
        gnu-config: update to latest version
        musl-obstack: upgrade 1.1 -> 1.2
        piglit: upgrade to latest revision
        stress-ng: upgrade 0.14.01 -> 0.14.02
        erofs-utils: upgrade 1.4 -> 1.5
        alsa-lib: upgrade 1.2.7 -> 1.2.7.1
        alsa-plugins: upgrade 1.2.6 -> 1.2.7.1
        alsa-ucm-conf: upgrade 1.2.7 -> 1.2.7.1
        bind: upgrade 9.18.3 -> 9.18.4
        kbd: upgrade 2.5.0 -> 2.5.1
        libproxy: upgrade 0.4.17 -> 0.4.18
        python3-dbusmock: upgrade 0.27.5 -> 0.28.0
        sbc: upgrade 1.5 -> 2.0
        strace: upgrade 5.17 -> 5.18
        python3-chardet: upgrade 4.0.0 -> 5.0.0
        python3-importlib-metadata: upgrade 4.11.4 -> 4.12.0
        python3-babel: upgrade 2.10.1 -> 2.10.3
        python3-certifi: upgrade 2022.5.18.1 -> 2022.6.15
        python3-dbusmock: upgrade 0.28.0 -> 0.28.1
        python3-numpy: upgrade 1.22.4 -> 1.23.0
        python3-pycryptodome: upgrade 3.14.1 -> 3.15.0
        dmidecode: upgrade 3.3 -> 3.4
        git: upgrade 2.36.1 -> 2.37.0
        harfbuzz: upgrade 4.3.0 -> 4.4.0
        speexdsp: upgrade 1.2.0 -> 1.2.1
        speex: upgrade 1.2.0 -> 1.2.1
        repo: upgrade 2.26 -> 2.27
        sqlite3: upgrade 3.38.5 -> 3.39.0
        sudo: upgrade 1.9.11p2 -> 1.9.11p3
        createrepo-c: upgrade 0.20.0 -> 0.20.1
        gst-devtools: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-libav: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-omx: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-plugins-bad: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-plugins-base: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-plugins-good: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-plugins-ugly: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-python: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-rtsp-server: upgrade 1.20.2 -> 1.20.3
        gstreamer1.0-vaapi: upgrade 1.20.2 -> 1.20.3
        inetutils: upgrade 2.2 -> 2.3
        python3-atomicwrites: upgrade 1.4.0 -> 1.4.1
        python3-cryptography: upgrade 37.0.3 -> 37.0.4
        python3-cryptography-vectors: upgrade 37.0.3 -> 37.0.4
        python3-hatchling: upgrade 1.3.1 -> 1.5.0
        python3-imagesize: upgrade 1.3.0 -> 1.4.1
        python3-jsonschema: upgrade 4.6.1 -> 4.7.1
        python3-numpy: upgrade 1.23.0 -> 1.23.1
        python3-typing-extensions: upgrade 4.2.0 -> 4.3.0
        python3-urllib3: upgrade 1.26.9 -> 1.26.10
        init-system-helpers: upgrade 1.63 -> 1.64
        dpkg: upgrade 1.21.8 -> 1.21.9

meta-security: 8c6fe006a1..7ad5f6a9da:
  Armin Kuster (32):
        apparmor: fix ownership issues
        sssd:move to dynamic networking-layer
        layer.conf:add meta-netorking to BBFILES_DYNAMIC
        packagegroup-core-security: drop sssd
        packagegroup-core-security.bbappend: add sssd
        oeqa: fix checksec runtime test
        sssd: use example conf file
        oeqa: sssd.py fix tests
        sssd: update to 2.7.1
        security-test-image: auto include layers if present.
        smack-test: more py3 covertion
        oeqa: update smack runtime test
        aide: add a few more config options
        oeqa: add aide test
        libmhash: add native pkg support
        classes: add aide routines
        aide: add native support for build time db creation
        aide.conf: adjust to allow for build time db creation
        firejail: Add new package
        oeqa: Add a very basic firejail test
        packagegroup-core-security: add firejail
        security-test-image: add firejail and aide test suites
        oeqa/clamav drop depricated --list-mirror test
        oeqa: meta-tpm shut swtpm down before and after testing
        oeqa: shut done swtpm before and after testing
        ccs-tools: update to 1.8.9
        lynis: update to 3.0.8
        README: update email address
        packagegroup-core-security: skip mips firejail
        chipsec: update to 1.8.5
        security-build-image: add lkrg-module to build image
        lkrg: update to 0.9.3

  Jeremy A. Puhlman (2):
        clamav: make install owner match the added user name
        python3-privacyidea: add correct path to lib/privacyidea

  Jose Quaresma (1):
        meta-integrity: kernel-modsign: prevents splitting out debug symbols

  Yi Zhao (1):
        aide: fix typo

meta-openembedded: 11df15765c..31c10bd3e6:
  Adrian Freihofer (3):
        firewalld: update to 1.1.1 fixes ptest
        firewalld: upgrade 1.1.1 -> 1.2.0
        libqmi: upgrade 1.30.4 -> 1.30.8

  Akash Hadke (2):
        ntfs-3g-ntfsprogs: Set CVE_PRODUCT to "tuxera:ntfs-3g"
        iperf: Set CVE_PRODUCT to "iperf_project:iperf"

  Alex Kiernan (2):
        jansson: Upgrade 2.13.1 -> 2.14
        nftables: Upgrade 1.0.2 -> 1.0.4

  Alex Stewart (1):
        openvpn: distribute sample-config-files

  Andreas Müller (1):
        glmark2: Build with meson

  Andrej Valek (1):
        poco: upgrade 1.11.3 -> 1.12.0

  Andrew Davis (1):
        libsdl: The libsdl and libsdl2 are not virtual

  Ashish Sharma (1):
        netserver: don't change permissions on /dev/null

  Aurélien Bertron (1):
        fix(syslog-ng): warning about conf version

  Bartosz Golaszewski (1):
        python3-pybluez: fix a runtime issue with python 3.10

  Ben Powell (1):
        python3-can: Add typing-extensions dependency

  Changqing Li (3):
        chrony: create /var/lib/chrony by systemd-tmpfiles
        redis: upgrade 6.2.6 -> 6.2.7
        redis: upgrade 7.0.0 to 7.0.2

  Chen Qi (2):
        apache2: split out a new package apache2-utils
        ntfs-3g-ntfsprogs: upgrade to 2022.5.17

  Daide Li (1):
        python3-iperf: initial add 0.1.11

  Davide Gardenal (9):
        usrsctp: add CVE_VERSION to correctly check for CVEs
        ntp: ignore many CVEs
        openflow: ignore CVE-2018-1078
        emlog: ignore unrelated CVEs
        imagemagick: upgrade 7.0.10-25 -> 7.0.10-62
        wireshark: upgrade 3.4.11 -> 3.4.12
        thrift: add CVE_PRODUCT to fix CVE reporting
        spice: ignore patched CVEs
        quagga: ignore CVE-2016-4049

  Fabien Parent (1):
        gpsd-machine-conf: allow creation of an empty package

  Harshal (1):
        lldpd: upgrade 1.0.8 -> 1.0.14

  Hitendra Prajapati (1):
        cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

  Jan Vermaete (1):
        netdata: version bump 1.34.1 -> 1.35.0

  Javier Viguera (1):
        networkmanager: fix build with enabled ppp

  Jeremy Puhlman (1):
        freeradius: mutlilib fixes

  Jonas Gorski (1):
        abseil-cpp: do not enforce -mfpu=neon on arm

  Kai Kang (4):
        libdbi-perl: fix interpreter on shebang line
        libdev-checklib-perl: fix interpreter of script use-devel-checklib
        libparse-yapp-perl: update interpreter of yapp
        python3-flatbuffer: enable native

  Khem Raj (8):
        libxml++: Disable parallel make in ptest compile
        geos: Disable inlining
        php: Fix absolute paths to php in phar.phar scripts
        libspiro: Add recipe
        fontforge: Upgrade to 20220308
        opencv: Link with libatomic on mips
        fontforge: Use alternate way to detect libm
        opencv: Link with libatomic on rv32

  Leon Anavi (19):
        python3-traitlets: Upgrade 5.2.1 -> 5.3.0
        python3-humanize: Upgrade 4.1.0 -> 4.2.0
        python3-autobahn: Upgrade 22.4.2 -> 22.5.1
        python3-elementpath: Upgrade 2.5.0 -> 2.5.3
        python3-eth-hash: Upgrade 0.3.2 -> 0.3.3
        python3-serpent: Upgrade 1.40 -> 1.41
        python3-web3: Upgrade 5.29.1 -> 5.29.2
        python3-pika: Upgrade 1.2.1 -> 1.3.0
        python3-tabulate: Upgrade 0.8.9 -> 0.8.10
        python3-marshmallow: Upgrade 3.15.0 -> 3.17.0
        python3-pychromecast: Upgrade 12.1.3 -> 12.1.4
        python3-humanize: Upgrade 4.2.0 -> 4.2.3
        python3-tornado: Upgrade 6.1 -> 6.2
        python3-coverage: Upgrade 6.3.2 -> 6.4.1
        python3-email-validator: Upgrade 1.1.3 -> 1.2.1
        python3-networkx: Upgrade 2.7.1 -> 2.8.4
        python3-unidiff: Upgrade 0.7.3 -> 0.7.4
        python3-toolz: Upgrade 0.11.2 -> 0.12.0
        python3-ansi2html: Upgrade 1.7.0 -> 1.8.0

  Marcus Flyckt (1):
        python3-pyconnman: Add 'future' runtime dependency

  Markus Volk (1):
        flatbuffers: update to 2.0.6

  Martin Jansa (3):
        glmark2: fix compatibility with python-3.11
        leveldb: switch from master branch to main
        tesseract-lang: switch from master branch to main

  Mikko Rapeli (1):
        polkit: switch back to mozjs but leave duktape as PACKAGECONFIG option

  Mingli Yu (3):
        kronosnet: Fix build with gcc-12
        s-nail: Fix build with gcc-12
        mariadb: Upgrade to 10.8.3

  Pascal Bach (1):
        python3-pybind11: upgrade 2.8.1 -> 2.9.2

  Peter Kjellerstedt (1):
        cryptsetup: Add support for building without SSH tokens

  Ross Burton (5):
        python3-cbor2: upgrade 5.4.2 to 5.4.3
        cppzmq: fix -dev RDEPENDS
        python3-hatchling: remove (now in oe-core)
        python3-pathspec: remove (now in oe-core)
        python3-editables: remove (now in oe-core)

  Sakib Sajal (1):
        minicoredumper: retry elf parsing as long as needed

  Theodore A. Roth (1):
        crda: Depend on correct wireless-regdb package

  Wentao Zhang (1):
        protobuf-c: update to 1.4.1 fix CVE-2022-33070

  Xu Huan (20):
        python3-lxml: upgrade 4.8.0 -> 4.9.0
        python3-msgpack: upgrade 1.0.3 -> 1.0.4
        python3-protobuf: upgrade 3.20.1 -> 4.21.1
        python3-mypy: upgrade 0.960 -> 0.961
        python3-pylint: upgrade 2.13.9 -> 2.14.1
        python3-smbus2: upgrade 0.4.1 -> 0.4.2
        python3-pillow: upgrade 9.0.1 -> 9.1.1
        python3-pychromecast: upgrade 12.1.2 -> 12.1.3
        python3-pylint: upgrade 2.14.1 -> 2.14.3
        python3-pyscaffold: upgrade 4.2.2 -> 4.2.3
        python3-redis: upgrade 4.3.1 -> 4.3.3
        python3-aiohue: upgrade 4.4.1 -> 4.4.2
        python3-astroid: upgrade 2.11.5 -> 2.11.6
        python3-charset-normalizer: upgrade 2.0.12 -> 2.1.0
        python3-colorama: upgrade 0.4.4 -> 0.4.5
        python3-eth-typing: upgrade 3.0.0 -> 3.1.0
        python3-autobahn: upgrade 22.5.1 -> 22.6.1
        python3-awesomeversion: upgrade 22.5.2 -> 22.6.0
        python3-grpcio: upgrade 1.45.0 -> 1.47.0
        python3-lxml: upgrade 4.9.0 -> 4.9.1

  Yi Zhao (12):
        openldap: pass correct URANDOM_DEVICE to CPPFLAGS
        openvpn: eliminate build path from openvpn --version option
        grubby: fix syntax for ALTERNATIVE
        duktape: fix override syntax in RDEPENDS
        polkit-group-rule-udisks2: fix override syntax in RDEPENDS
        libcrypt-openssl-guess-perl: fix syntax for PROVIDES
        evince: fix typo for RRECOMMENDS
        blueman: fix typo for RRECOMMENDS
        dnsmasq: Security fix CVE-2022-0934
        strongswan: upgrade 5.9.5 -> 5.9.6
        openvpn: add PACKAGECONFIG for systemd
        openvpn: add PACKAGECONFIG for selinux

  Yue Tao (2):
        exo: upgrade 4.16.3 -> 4.16.4
        dlt-daemon: upgrade to commit 6a3bd901d8 to fix CVE-2022-31291

  Zoltán Böszörményi (5):
        opencv: Upgrade to version 4.6.0
        proj: Upgrade to 8.2.1
        python3-pyproj: New recipe for pyproj version 3.3.1
        geos: Upgrade to 3.9.3
        libspatialite: Upgrade to 5.0.1

  jybros (1):
        clinfo: use virtual opencl loader provider

  wangmy (72):
        python3-cantools: upgrade 37.0.7 -> 37.1.0
        python3-regex: upgrade 2022.4.24 -> 2022.6.2
        python3-sqlalchemy: upgrade 1.4.36 -> 1.4.37
        python3-twine: upgrade 4.0.0 -> 4.0.1
        python3-waitress: upgrade 2.1.1 -> 2.1.2
        python3-xmlschema: upgrade 1.11.0 -> 1.11.1
        gspell: upgrade 1.10.0 -> 1.11.1
        ctags: upgrade 5.9.20220529.0 -> 5.9.20220605.0
        feh: upgrade 3.8 -> 3.9
        inotify-tools: upgrade 3.22.1.0 -> 3.22.6.0
        apache2: upgrade 2.4.53 -> 2.4.54
        libnftnl: upgrade 1.2.1 -> 1.2.2
        nbdkit: upgrade 1.31.7 -> 1.31.8
        irssi: upgrade 1.2.3 -> 1.4.1
        musl-nscd: upgrade 1.0.2 -> 1.1.0
        rdma-core: upgrade 40.0 -> 41.0
        snort: upgrade 2.9.19 -> 2.9.20
        php: upgrade 8.1.6 -> 8.1.7
        poco: upgrade 1.11.2 -> 1.11.3
        pyxdg: upgrade 0.27 -> 0.28
        syslog-ng: upgrade 3.36.1 -> 3.37.1
        dnf-plugin-tui: Added postatinstall
        python3-dill: upgrade 0.3.4 -> 0.3.5.1
        python3-robotframework-seriallibrary: upgrade 0.3.1 -> 0.4.3
        python3-ujson: upgrade 5.1.0 -> 5.3.0
        python3-watchdog: upgrade 2.1.8 -> 2.1.9
        python3-websocket-client: upgrade 1.3.2 -> 1.3.3
        gnome-commander: upgrade 1.14.2 -> 1.14.3
        libwacom: upgrade 2.2.0 -> 2.3.0
        nbdkit: upgrade 1.31.8 -> 1.31.9
        googletest: upgrade 1.11.0 -> 1.12.0
        gperftools: upgrade 2.9.1 -> 2.10
        iwd: upgrade 1.27 -> 1.28
        libzip: upgrade 1.8.0 -> 1.9.0
        postgresql: upgrade 14.3 -> 14.4
        uftrace: upgrade 0.11 -> 0.12
        python3-googleapis-common-protos: upgrade 1.56.2 -> 1.56.3
        python3-ifaddr: upgrade 0.1.7 -> 0.2.0
        python3-jmespath: upgrade 1.0.0 -> 1.0.1
        python3-pandas: upgrade 1.4.2 -> 1.4.3
        python3-zeroconf: upgrade 0.38.6 -> 0.38.7
        geocode-glib: upgrade 3.26.2 -> 3.26.3
        gnome-bluetooth: upgrade 42.0 -> 42.1
        gnome-calculator: upgrade 42.0 -> 42.2
        gnome-text-editor: upgrade 42.1 -> 42.2
        gtk4: upgrade 4.6.4 -> 4.6.6
        gtksourceview5: upgrade 5.4.1 -> 5.4.2
        gvfs: upgrade 1.50.0 -> 1.50.2
        abseil-cpp: upgrade 20211102 -> 20220623
        capnproto: upgrade 0.9.1 -> 0.10.2
        ctags: upgrade 5.9.20220605.0 -> 5.9.20220703.0
        fwupd: upgrade 1.7.6 -> 1.8.1
        googletest: upgrade 1.12.0 -> 1.12.1
        nautilus: upgrade 42.1.1 -> 42.2
        nbdkit: upgrade 1.31.9 -> 1.31.10
        openconnect: upgrade 8.20 -> 9.01
        bats: upgrade 1.6.1 -> 1.7.0
        cloc: upgrade 1.92 -> 1.94
        hwdata: upgrade 0.360 -> 0.361
        libvpx: upgrade 1.11.0 -> 1.12.0
        libzip: upgrade 1.9.0 -> 1.9.2
        pegtl: upgrade 3.2.5 -> 3.2.6
        phoronix-test-suite: upgrade 10.8.3 -> 10.8.4
        poppler: upgrade 22.06.0 -> 22.07.0
        netdata: upgrade 1.35.0 -> 1.35.1
        evince: upgrade 42.2 -> 42.3
        gjs: upgrade 1.72.0 -> 1.72.1
        gnome-bluetooth: upgrade 42.1 -> 42.2
        libadwaita: upgrade 1.1.1 -> 1.1.2
        liburing: upgrade 2.1 -> 2.2
        libcrypt-openssl-rsa-perl: upgrade 0.32 -> 0.33
        libencode-perl: upgrade 3.17 -> 3.18

  zhengruoqin (23):
        python3-absl: upgrade 1.0.0 -> 1.1.0
        python3-alembic: upgrade 1.7.7 -> 1.8.0
        python3-asyncinotify: upgrade 2.0.3 -> 2.0.4
        python3-crc32c: upgrade 2.2.post0 -> 2.3
        python3-msk: upgrade 0.3.16 -> 0.4.0
        python3-bitstruct: upgrade 8.14.1 -> 8.15.1
        python3-google-api-python-client: upgrade 2.49.0 -> 2.50.0
        python3-google-auth: upgrade 2.6.6 -> 2.7.0
        python3-xmlschema: upgrade 1.11.1 -> 1.11.2
        python3-flask-wtf: upgrade 0.15.1 -> 1.0.1
        python3-gnupg: upgrade 0.4.8 -> 0.4.9
        python3-google-api-python-client: upgrade 2.50.0 -> 2.51.0
        python3-kiwisolver: upgrade 1.4.2 -> 1.4.3
        python3-nmap: upgrade 1.5.1 -> 1.5.4
        python3-asyncinotify: upgrade 2.0.4 -> 2.0.5
        python3-google-auth: upgrade 2.7.0 -> 2.8.0
        python3-protobuf: upgrade 4.21.1 -> 4.21.2
        python3-sqlalchemy: upgrade 1.4.37 -> 1.4.39
        python3-xmlschema: upgrade 1.11.2 -> 1.11.3
        python3-engineio: upgrade 4.3.2 -> 4.3.3
        python3-google-api-core: upgrade 2.8.0 -> 2.8.2
        python3-google-auth: upgrade 2.8.0 -> 2.9.0
        python3-grpcio-tools: upgrade 1.46.3 -> 1.47.0

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I22f0dab7f3253d77cc99fd462c6be45ddeb333cd
diff --git a/poky/meta/classes/archiver.bbclass b/poky/meta/classes/archiver.bbclass
index 8d02606..33070cd 100644
--- a/poky/meta/classes/archiver.bbclass
+++ b/poky/meta/classes/archiver.bbclass
@@ -55,9 +55,10 @@
 
 DEPLOY_DIR_SRC ?= "${DEPLOY_DIR}/sources"
 ARCHIVER_TOPDIR ?= "${WORKDIR}/archiver-sources"
-ARCHIVER_OUTDIR = "${ARCHIVER_TOPDIR}/${TARGET_SYS}/${PF}/"
+ARCHIVER_ARCH = "${TARGET_SYS}"
+ARCHIVER_OUTDIR = "${ARCHIVER_TOPDIR}/${ARCHIVER_ARCH}/${PF}/"
 ARCHIVER_RPMTOPDIR ?= "${WORKDIR}/deploy-sources-rpm"
-ARCHIVER_RPMOUTDIR = "${ARCHIVER_RPMTOPDIR}/${TARGET_SYS}/${PF}/"
+ARCHIVER_RPMOUTDIR = "${ARCHIVER_RPMTOPDIR}/${ARCHIVER_ARCH}/${PF}/"
 ARCHIVER_WORKDIR = "${WORKDIR}/archiver-work/"
 
 # When producing a combined mirror directory, allow duplicates for the case
@@ -101,6 +102,10 @@
         bb.debug(1, 'archiver: %s is excluded, covered by gcc-source' % pn)
         return
 
+    # TARGET_SYS in ARCHIVER_ARCH will break the stamp for gcc-source in multiconfig
+    if pn.startswith('gcc-source'):
+        d.setVar('ARCHIVER_ARCH', "allarch")
+
     def hasTask(task):
         return bool(d.getVarFlag(task, "task", False)) and not bool(d.getVarFlag(task, "noexec", False))
 
diff --git a/poky/meta/classes/base.bbclass b/poky/meta/classes/base.bbclass
index 20968a5..cc02de5 100644
--- a/poky/meta/classes/base.bbclass
+++ b/poky/meta/classes/base.bbclass
@@ -594,9 +594,9 @@
 
             for lic_exception in exceptions:
                 if ":" in lic_exception:
-                    lic_exception.split(":")[0]
+                    lic_exception = lic_exception.split(":")[1]
                 if lic_exception in oe.license.obsolete_license_list():
-                    bb.fatal("Invalid license %s used in INCOMPATIBLE_LICENSE_EXCEPTIONS" % lic_exception)
+                    bb.fatal("Obsolete license %s used in INCOMPATIBLE_LICENSE_EXCEPTIONS" % lic_exception)
 
             pkgs = d.getVar('PACKAGES').split()
             skipped_pkgs = {}
diff --git a/poky/meta/classes/bin_package.bbclass b/poky/meta/classes/bin_package.bbclass
index c3aca20..f0407e1 100644
--- a/poky/meta/classes/bin_package.bbclass
+++ b/poky/meta/classes/bin_package.bbclass
@@ -30,8 +30,9 @@
         bbfatal bin_package has nothing to install. Be sure the SRC_URI unpacks into S.
     fi
     cd ${S}
+    install -d ${D}${base_prefix}
     tar --no-same-owner --exclude='./patches' --exclude='./.pc' -cpf - . \
-        | tar --no-same-owner -xpf - -C ${D}
+        | tar --no-same-owner -xpf - -C ${D}${base_prefix}
 }
 
 FILES:${PN} = "/"
diff --git a/poky/meta/classes/buildstats.bbclass b/poky/meta/classes/buildstats.bbclass
index 0de6052..132ecaa 100644
--- a/poky/meta/classes/buildstats.bbclass
+++ b/poky/meta/classes/buildstats.bbclass
@@ -285,7 +285,8 @@
     if system_stats:
         # Ensure that we sample at important events.
         done = isinstance(e, bb.event.BuildCompleted)
-        system_stats.sample(e, force=done)
+        if system_stats.sample(e, force=done):
+            d.setVar('_buildstats_system_stats', system_stats)
         if done:
             system_stats.close()
             d.delVar('_buildstats_system_stats')
diff --git a/poky/meta/classes/create-spdx.bbclass b/poky/meta/classes/create-spdx.bbclass
index 37b6b56..15cccac 100644
--- a/poky/meta/classes/create-spdx.bbclass
+++ b/poky/meta/classes/create-spdx.bbclass
@@ -25,6 +25,7 @@
 
 SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org"
 SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc"
+SPDX_PRETTY ??= "0"
 
 SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"
 
@@ -76,6 +77,11 @@
 def is_work_shared_spdx(d):
     return bb.data.inherits_class('kernel', d) or ('work-shared' in d.getVar('WORKDIR'))
 
+def get_json_indent(d):
+    if d.getVar("SPDX_PRETTY") == "1":
+        return 2
+    return None
+
 python() {
     import json
     if d.getVar("SPDX_LICENSE_DATA"):
@@ -515,7 +521,7 @@
 
     dep_recipes = collect_dep_recipes(d, doc, recipe)
 
-    doc_sha1 = oe.sbom.write_doc(d, doc, "recipes")
+    doc_sha1 = oe.sbom.write_doc(d, doc, "recipes", indent=get_json_indent(d))
     dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe))
 
     recipe_ref = oe.spdx.SPDXExternalDocumentRef()
@@ -579,7 +585,7 @@
 
             add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources)
 
-            oe.sbom.write_doc(d, package_doc, "packages")
+            oe.sbom.write_doc(d, package_doc, "packages", indent=get_json_indent(d))
 }
 # NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source
 addtask do_create_spdx after do_package do_packagedata do_unpack before do_populate_sdk do_build do_rm_work
@@ -743,7 +749,7 @@
                 )
                 seen_deps.add(dep)
 
-            oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy)
+            oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy, indent=get_json_indent(d))
 }
 
 addtask do_create_runtime_spdx after do_create_spdx before do_build do_rm_work
@@ -938,7 +944,7 @@
     image_spdx_path = rootfs_deploydir / (rootfs_name + ".spdx.json")
 
     with image_spdx_path.open("wb") as f:
-        doc.to_json(f, sort_keys=True)
+        doc.to_json(f, sort_keys=True, indent=get_json_indent(d))
 
     num_threads = int(d.getVar("BB_NUMBER_THREADS"))
 
@@ -996,7 +1002,11 @@
 
             index["documents"].sort(key=lambda x: x["filename"])
 
-            index_str = io.BytesIO(json.dumps(index, sort_keys=True).encode("utf-8"))
+            index_str = io.BytesIO(json.dumps(
+                index,
+                sort_keys=True,
+                indent=get_json_indent(d),
+            ).encode("utf-8"))
 
             info = tarfile.TarInfo()
             info.name = "index.json"
@@ -1010,4 +1020,4 @@
 
     spdx_index_path = rootfs_deploydir / (rootfs_name + ".spdx.index.json")
     with spdx_index_path.open("w") as f:
-        json.dump(index, f, sort_keys=True)
+        json.dump(index, f, sort_keys=True, indent=get_json_indent(d))
diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass
index 1b4910f..da7f933 100644
--- a/poky/meta/classes/cve-check.bbclass
+++ b/poky/meta/classes/cve-check.bbclass
@@ -47,7 +47,9 @@
 CVE_CHECK_COPY_FILES ??= "1"
 CVE_CHECK_CREATE_MANIFEST ??= "1"
 
+# Report Patched or Ignored CVEs
 CVE_CHECK_REPORT_PATCHED ??= "1"
+
 CVE_CHECK_SHOW_WARNINGS ??= "1"
 
 # Provide text output
@@ -144,7 +146,7 @@
             bb.fatal("Failure in searching patches")
         ignored, patched, unpatched, status = check_cves(d, patched_cves)
         if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status):
-            cve_data = get_cve_info(d, patched + unpatched)
+            cve_data = get_cve_info(d, patched + unpatched + ignored)
             cve_write_data(d, patched, unpatched, ignored, cve_data, status)
     else:
         bb.note("No CVE database found, skipping CVE check")
@@ -164,7 +166,7 @@
 }
 
 addhandler cve_check_cleanup
-cve_check_cleanup[eventmask] = "bb.cooker.CookerExit"
+cve_check_cleanup[eventmask] = "bb.event.BuildCompleted"
 
 python cve_check_write_rootfs_manifest () {
     """
@@ -258,6 +260,7 @@
     suffix = d.getVar("CVE_VERSION_SUFFIX")
 
     cves_unpatched = []
+    cves_ignored = []
     cves_status = []
     cves_in_recipe = False
     # CVE_PRODUCT can contain more than one product (eg. curl/libcurl)
@@ -291,9 +294,8 @@
             cve = cverow[0]
 
             if cve in cve_ignore:
-                bb.note("%s-%s has been ignored for %s" % (product, pv, cve))
-                # TODO: this should be in the report as 'ignored'
-                patched_cves.add(cve)
+                bb.note("%s-%s ignores %s" % (product, pv, cve))
+                cves_ignored.append(cve)
                 continue
             elif cve in patched_cves:
                 bb.note("%s has been patched" % (cve))
@@ -305,9 +307,13 @@
                 cves_in_recipe = True
 
             vulnerable = False
+            ignored = False
+
             for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)):
                 (_, _, _, version_start, operator_start, version_end, operator_end) = row
                 #bb.debug(2, "Evaluating row " + str(row))
+                if cve in cve_ignore:
+                    ignored = True
 
                 if (operator_start == '=' and pv == version_start) or version_start == '-':
                     vulnerable = True
@@ -340,13 +346,16 @@
                         vulnerable = vulnerable_start or vulnerable_end
 
                 if vulnerable:
-                    bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve))
-                    cves_unpatched.append(cve)
+                    if ignored:
+                        bb.note("%s is ignored in %s-%s" % (cve, pn, real_pv))
+                        cves_ignored.append(cve)
+                    else:
+                        bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve))
+                        cves_unpatched.append(cve)
                     break
 
             if not vulnerable:
                 bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve))
-                # TODO: not patched but not vulnerable
                 patched_cves.add(cve)
 
         if not cves_in_product:
@@ -358,7 +367,7 @@
     if not cves_in_recipe:
         bb.note("No CVE records for products in recipe %s" % (pn))
 
-    return (list(cve_ignore), list(patched_cves), cves_unpatched, cves_status)
+    return (list(cves_ignored), list(patched_cves), cves_unpatched, cves_status)
 
 def get_cve_info(d, cves):
     """
@@ -396,6 +405,8 @@
     include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split()
     exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split()
 
+    report_all = d.getVar("CVE_CHECK_REPORT_PATCHED") == "1"
+
     if exclude_layers and layer in exclude_layers:
         return
 
@@ -403,7 +414,7 @@
         return
 
     # Early exit, the text format does not report packages without CVEs
-    if not patched+unpatched:
+    if not patched+unpatched+ignored:
         return
 
     nvd_link = "https://nvd.nist.gov/vuln/detail/"
@@ -413,13 +424,16 @@
 
     for cve in sorted(cve_data):
         is_patched = cve in patched
-        if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"):
+        is_ignored = cve in ignored
+
+        if (is_patched or is_ignored) and not report_all:
             continue
+
         write_string += "LAYER: %s\n" % layer
         write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
         write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV"))
         write_string += "CVE: %s\n" % cve
-        if cve in ignored:
+        if is_ignored:
             write_string += "CVE STATUS: Ignored\n"
         elif is_patched:
             write_string += "CVE STATUS: Patched\n"
@@ -496,6 +510,8 @@
     include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split()
     exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split()
 
+    report_all = d.getVar("CVE_CHECK_REPORT_PATCHED") == "1"
+
     if exclude_layers and layer in exclude_layers:
         return
 
@@ -522,10 +538,11 @@
 
     for cve in sorted(cve_data):
         is_patched = cve in patched
+        is_ignored = cve in ignored
         status = "Unpatched"
-        if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"):
+        if (is_patched or is_ignored) and not report_all:
             continue
-        if cve in ignored:
+        if is_ignored:
             status = "Ignored"
         elif is_patched:
             status = "Patched"
diff --git a/poky/meta/classes/insane.bbclass b/poky/meta/classes/insane.bbclass
index 9ca84ba..37e10ad 100644
--- a/poky/meta/classes/insane.bbclass
+++ b/poky/meta/classes/insane.bbclass
@@ -20,7 +20,7 @@
 
 # Elect whether a given type of error is a warning or error, they may
 # have been set by other files.
-WARN_QA ?= " libdir xorg-driver-abi \
+WARN_QA ?= " libdir xorg-driver-abi buildpaths \
             textrel incompatible-license files-invalid \
             infodir build-deps src-uri-bad symlink-to-sysroot multilib \
             invalid-packageconfig host-user-contaminated uppercase-pn patch-fuzz \
@@ -444,12 +444,11 @@
     Check for build paths inside target files and error if paths are not
     explicitly ignored.
     """
-    # Ignore .debug files, not interesting
-    if path.find(".debug") != -1:
-        return
+    import stat
 
-    # Ignore symlinks
-    if os.path.islink(path):
+    # Ignore symlinks/devs/fifos
+    mode = os.lstat(path).st_mode
+    if stat.S_ISLNK(mode) or stat.S_ISBLK(mode) or stat.S_ISFIFO(mode) or stat.S_ISCHR(mode) or stat.S_ISSOCK(mode):
         return
 
     tmpdir = bytes(d.getVar('TMPDIR'), encoding="utf-8")
@@ -630,6 +629,11 @@
         bb.note("Recipe %s skipping qa checking: pkgconfig" % d.getVar('PN'))
         skip_pkgconfig = True
 
+    skip_shebang_size = False
+    if 'shebang-size' in skip:
+        bb.note("Recipe %s skipping qa checkking: shebang-size" % d.getVar('PN'))
+        skip_shebang_size = True
+
     # find all .la and .pc files
     # read the content
     # and check for stuff that looks wrong
@@ -651,6 +655,13 @@
                         error_msg = "%s failed sanity test (tmpdir) in path %s" % (file,root)
                         oe.qa.handle_error("pkgconfig", error_msg, d)
 
+            if not skip_shebang_size:
+                errors = {}
+                package_qa_check_shebang_size(path, "", d, None, errors)
+                for e in errors:
+                    oe.qa.handle_error(e, errors[e], d)
+
+
 # Run all package-wide warnfuncs and errorfuncs
 def package_qa_package(warnfuncs, errorfuncs, package, d):
     warnings = {}
@@ -970,7 +981,7 @@
 
     dest = d.getVar('PKGDEST')
     pn = d.getVar('PN')
-    home = os.path.join(dest, 'home')
+    home = os.path.join(dest, name, 'home')
     if path == home or path.startswith(home + os.sep):
         return
 
@@ -1137,11 +1148,14 @@
 }
 addtask do_package_qa_setscene
 
-python do_qa_staging() {
-    bb.note("QA checking staging")
-    qa_check_staged(d.expand('${SYSROOT_DESTDIR}${libdir}'), d)
-    oe.qa.exit_with_message_if_errors("QA staging was broken by the package built above", d)
+python do_qa_sysroot() {
+    bb.note("QA checking do_populate_sysroot")
+    sysroot_destdir = d.expand('${SYSROOT_DESTDIR}')
+    for sysroot_dir in d.expand('${SYSROOT_DIRS}').split():
+        qa_check_staged(sysroot_destdir + sysroot_dir, d)
+    oe.qa.exit_with_message_if_errors("do_populate_sysroot for this recipe installed files with QA issues", d)
 }
+do_populate_sysroot[postfuncs] += "do_qa_sysroot"
 
 python do_qa_patch() {
     import subprocess
@@ -1333,10 +1347,6 @@
     unpack_check_src_uri(d.getVar('PN'), d)
 }
 
-# The Staging Func, to check all staging
-#addtask qa_staging after do_populate_sysroot before do_build
-do_populate_sysroot[postfuncs] += "do_qa_staging "
-
 # Check for patch fuzz
 do_patch[postfuncs] += "do_qa_patch "
 
diff --git a/poky/meta/classes/kernel-arch.bbclass b/poky/meta/classes/kernel-arch.bbclass
index 07ec242..348a3ad 100644
--- a/poky/meta/classes/kernel-arch.bbclass
+++ b/poky/meta/classes/kernel-arch.bbclass
@@ -61,7 +61,7 @@
 TARGET_AR_KERNEL_ARCH ?= ""
 HOST_AR_KERNEL_ARCH ?= "${TARGET_AR_KERNEL_ARCH}"
 
-KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH}"
+KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} -fdebug-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH}"
 KERNEL_LD = "${CCACHE}${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}"
 KERNEL_AR = "${CCACHE}${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}"
 TOOLCHAIN = "gcc"
diff --git a/poky/meta/classes/kernel-fitimage.bbclass b/poky/meta/classes/kernel-fitimage.bbclass
index 7e09b07..2112ae4 100644
--- a/poky/meta/classes/kernel-fitimage.bbclass
+++ b/poky/meta/classes/kernel-fitimage.bbclass
@@ -148,7 +148,7 @@
                 kernel-$2 {
                         description = "Linux kernel";
                         data = /incbin/("$3");
-                        type = "kernel";
+                        type = "${UBOOT_MKIMAGE_KERNEL_TYPE}";
                         arch = "${UBOOT_ARCH}";
                         os = "linux";
                         compression = "$4";
diff --git a/poky/meta/classes/kernel-uboot.bbclass b/poky/meta/classes/kernel-uboot.bbclass
index 2daa068..1bc98e0 100644
--- a/poky/meta/classes/kernel-uboot.bbclass
+++ b/poky/meta/classes/kernel-uboot.bbclass
@@ -2,6 +2,9 @@
 FIT_KERNEL_COMP_ALG ?= "gzip"
 FIT_KERNEL_COMP_ALG_EXTENSION ?= ".gz"
 
+# Kernel image type passed to mkimage (i.e. kernel kernel_noload...)
+UBOOT_MKIMAGE_KERNEL_TYPE ?= "kernel"
+
 uboot_prep_kimage() {
 	if [ -e arch/${ARCH}/boot/compressed/vmlinux ]; then
 		vmlinux_path="arch/${ARCH}/boot/compressed/vmlinux"
@@ -15,6 +18,12 @@
 		linux_comp="none"
 	else
 		vmlinux_path="vmlinux"
+		# Use vmlinux.initramfs for linux.bin when INITRAMFS_IMAGE_BUNDLE set
+		# As per the implementation in kernel.bbclass.
+		# See do_bundle_initramfs function
+		if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ] && [ -e vmlinux.initramfs ]; then
+			vmlinux_path="vmlinux.initramfs"
+		fi
 		linux_suffix="${FIT_KERNEL_COMP_ALG_EXTENSION}"
 		linux_comp="${FIT_KERNEL_COMP_ALG}"
 	fi
diff --git a/poky/meta/classes/kernel-uimage.bbclass b/poky/meta/classes/kernel-uimage.bbclass
index cedb4fa..2e661ea 100644
--- a/poky/meta/classes/kernel-uimage.bbclass
+++ b/poky/meta/classes/kernel-uimage.bbclass
@@ -30,6 +30,6 @@
 			awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
 	fi
 
-	uboot-mkimage -A ${UBOOT_ARCH} -O linux -T kernel -C "${linux_comp}" -a ${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n "${DISTRO_NAME}/${PV}/${MACHINE}" -d linux.bin ${B}/arch/${ARCH}/boot/uImage
+	uboot-mkimage -A ${UBOOT_ARCH} -O linux -T ${UBOOT_MKIMAGE_KERNEL_TYPE} -C "${linux_comp}" -a ${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n "${DISTRO_NAME}/${PV}/${MACHINE}" -d linux.bin ${B}/arch/${ARCH}/boot/uImage
 	rm -f linux.bin
 }
diff --git a/poky/meta/classes/npm.bbclass b/poky/meta/classes/npm.bbclass
index dbfc2e7..deea53c 100644
--- a/poky/meta/classes/npm.bbclass
+++ b/poky/meta/classes/npm.bbclass
@@ -19,7 +19,7 @@
 
 inherit python3native
 
-DEPENDS:prepend = "nodejs-native "
+DEPENDS:prepend = "nodejs-native nodejs-oe-cache-native "
 RDEPENDS:${PN}:append:class-target = " nodejs"
 
 EXTRA_OENPM = ""
@@ -46,6 +46,7 @@
 NPM_PACKAGE = "${WORKDIR}/npm-package"
 NPM_CACHE = "${WORKDIR}/npm-cache"
 NPM_BUILD = "${WORKDIR}/npm-build"
+NPM_REGISTRY = "${WORKDIR}/npm-registry"
 
 def npm_global_configs(d):
     """Get the npm global configuration"""
@@ -53,17 +54,42 @@
     # Ensure no network access is done
     configs.append(("offline", "true"))
     configs.append(("proxy", "http://invalid"))
+    configs.append(("funds", False))
+    configs.append(("audit", False))
     # Configure the cache directory
     configs.append(("cache", d.getVar("NPM_CACHE")))
     return configs
 
+## 'npm pack' runs 'prepare' and 'prepack' scripts. Support for
+## 'ignore-scripts' which prevents this behavior has been removed
+## from nodejs 16.  Use simple 'tar' instead of.
 def npm_pack(env, srcdir, workdir):
-    """Run 'npm pack' on a specified directory"""
-    import shlex
-    cmd = "npm pack %s" % shlex.quote(srcdir)
-    args = [("ignore-scripts", "true")]
-    tarball = env.run(cmd, args=args, workdir=workdir).strip("\n")
-    return os.path.join(workdir, tarball)
+    """Emulate 'npm pack' on a specified directory"""
+    import subprocess
+    import os
+    import json
+
+    src = os.path.join(srcdir, 'package.json')
+    with open(src) as f:
+        j = json.load(f)
+
+    # base does not really matter and is for documentation purposes
+    # only.  But the 'version' part must exist because other parts of
+    # the bbclass rely on it.
+    base = j['name'].split('/')[-1]
+    tarball = os.path.join(workdir, "%s-%s.tgz" % (base, j['version']));
+
+    # TODO: real 'npm pack' does not include directories while 'tar'
+    # does.  But this does not seem to matter...
+    subprocess.run(['tar', 'czf', tarball,
+                    '--exclude', './node-modules',
+                    '--exclude-vcs',
+                    '--transform', 's,^\./,package/,',
+                    '--mtime', '1985-10-26T08:15:00.000Z',
+                    '.'],
+                   check = True, cwd = srcdir)
+
+    return (tarball, j)
 
 python npm_do_configure() {
     """
@@ -87,27 +113,24 @@
     from bb.fetch2.npm import npm_unpack
     from bb.fetch2.npmsw import foreach_dependencies
     from bb.progress import OutOfProgressHandler
+    from oe.npm_registry import NpmRegistry
 
     bb.utils.remove(d.getVar("NPM_CACHE"), recurse=True)
     bb.utils.remove(d.getVar("NPM_PACKAGE"), recurse=True)
 
     env = NpmEnvironment(d, configs=npm_global_configs(d))
+    registry = NpmRegistry(d.getVar('NPM_REGISTRY'), d.getVar('NPM_CACHE'))
 
-    def _npm_cache_add(tarball):
-        """Run 'npm cache add' for a specified tarball"""
-        cmd = "npm cache add %s" % shlex.quote(tarball)
-        env.run(cmd)
+    def _npm_cache_add(tarball, pkg):
+        """Add tarball to local registry and register it in the
+           cache"""
+        registry.add_pkg(tarball, pkg)
 
     def _npm_integrity(tarball):
         """Return the npm integrity of a specified tarball"""
         sha512 = bb.utils.sha512_file(tarball)
         return "sha512-" + base64.b64encode(bytes.fromhex(sha512)).decode()
 
-    def _npm_version(tarball):
-        """Return the version of a specified tarball"""
-        regex = r"-(\d+\.\d+\.\d+(-.*)?(\+.*)?)\.tgz"
-        return re.search(regex, tarball).group(1)
-
     def _npmsw_dependency_dict(orig, deptree):
         """
         Return the sub dictionary in the 'orig' dictionary corresponding to the
@@ -164,11 +187,11 @@
         with tempfile.TemporaryDirectory() as tmpdir:
             # Add the dependency to the npm cache
             destdir = os.path.join(d.getVar("S"), destsuffix)
-            tarball = npm_pack(env, destdir, tmpdir)
-            _npm_cache_add(tarball)
+            (tarball, pkg) = npm_pack(env, destdir, tmpdir)
+            _npm_cache_add(tarball, pkg)
             # Add its signature to the cached shrinkwrap
             dep = _npmsw_dependency_dict(cached_shrinkwrap, deptree)
-            dep["version"] = _npm_version(tarball)
+            dep["version"] = pkg['version']
             dep["integrity"] = _npm_integrity(tarball)
             if params.get("dev", False):
                 dep["dev"] = True
@@ -185,7 +208,7 @@
 
     # Configure the main package
     with tempfile.TemporaryDirectory() as tmpdir:
-        tarball = npm_pack(env, d.getVar("S"), tmpdir)
+        (tarball, _) = npm_pack(env, d.getVar("S"), tmpdir)
         npm_unpack(tarball, d.getVar("NPM_PACKAGE"), d)
 
     # Configure the cached manifest file and cached shrinkwrap file
@@ -259,7 +282,7 @@
         args.append(("build-from-source", "true"))
 
         # Pack and install the main package
-        tarball = npm_pack(env, d.getVar("NPM_PACKAGE"), tmpdir)
+        (tarball, _) = npm_pack(env, d.getVar("NPM_PACKAGE"), tmpdir)
         cmd = "npm install %s %s" % (shlex.quote(tarball), d.getVar("EXTRA_OENPM"))
         env.run(cmd, args=args)
 }
diff --git a/poky/meta/classes/package.bbclass b/poky/meta/classes/package.bbclass
index 62050a1..63887b3 100644
--- a/poky/meta/classes/package.bbclass
+++ b/poky/meta/classes/package.bbclass
@@ -382,6 +382,11 @@
     debugfile = dvar + dest
     sources = []
 
+    if file.endswith(".ko") and file.find("/lib/modules/") != -1:
+        if oe.package.is_kernel_module_signed(file):
+            bb.debug(1, "Skip strip on signed module %s" % file)
+            return (file, sources)
+
     # Split the file...
     bb.utils.mkdirhier(os.path.dirname(debugfile))
     #bb.note("Split %s -> %s" % (file, debugfile))
@@ -553,13 +558,25 @@
         strip = d.getVar("STRIP")
         objcopy = d.getVar("OBJCOPY")
         workdir = d.getVar("WORKDIR")
+        sdir = d.getVar("S")
+        sparentdir = os.path.dirname(os.path.dirname(sdir))
+        sbasedir = os.path.basename(os.path.dirname(sdir)) + "/" + os.path.basename(sdir)
         workparentdir = os.path.dirname(os.path.dirname(workdir))
         workbasedir = os.path.basename(os.path.dirname(workdir)) + "/" + os.path.basename(workdir)
 
+        # If S isnt based on WORKDIR we can infer our sources are located elsewhere,
+        # e.g. using externalsrc; use S as base for our dirs
+        if workdir in sdir:
+            basedir = workbasedir
+            parentdir = workparentdir
+        else:
+            basedir = sbasedir
+            parentdir = sparentdir
+
         # If build path exists in sourcefile, it means toolchain did not use
         # -fdebug-prefix-map to compile
         if checkbuildpath(sourcefile, d):
-            localsrc_prefix = workparentdir + "/"
+            localsrc_prefix = parentdir + "/"
         else:
             localsrc_prefix = "/usr/src/debug/"
 
@@ -581,7 +598,7 @@
         processdebugsrc += "sed 's#%s##g' | "
         processdebugsrc += "(cd '%s' ; cpio -pd0mlL --no-preserve-owner '%s%s' 2>/dev/null)"
 
-        cmd = processdebugsrc % (sourcefile, workbasedir, localsrc_prefix, workparentdir, dvar, debugsrcdir)
+        cmd = processdebugsrc % (sourcefile, basedir, localsrc_prefix, parentdir, dvar, debugsrcdir)
         try:
             subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
         except subprocess.CalledProcessError:
@@ -591,9 +608,22 @@
         # cpio seems to have a bug with -lL together and symbolic links are just copied, not dereferenced.
         # Work around this by manually finding and copying any symbolic links that made it through.
         cmd = "find %s%s -type l -print0 -delete | sed s#%s%s/##g | (cd '%s' ; cpio -pd0mL --no-preserve-owner '%s%s')" % \
-                (dvar, debugsrcdir, dvar, debugsrcdir, workparentdir, dvar, debugsrcdir)
+                (dvar, debugsrcdir, dvar, debugsrcdir, parentdir, dvar, debugsrcdir)
         subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
 
+
+        # debugsources.list may be polluted from the host if we used externalsrc,
+        # cpio uses copy-pass and may have just created a directory structure
+        # matching the one from the host, if thats the case move those files to
+        # debugsrcdir to avoid host contamination.
+        # Empty dir structure will be deleted in the next step.
+
+        # Same check as above for externalsrc
+        if workdir not in sdir:
+            if os.path.exists(dvar + debugsrcdir + sdir):
+                cmd = "mv %s%s%s/* %s%s" % (dvar, debugsrcdir, sdir, dvar,debugsrcdir)
+                subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
+
         # The copy by cpio may have resulted in some empty directories!  Remove these
         cmd = "find %s%s -empty -type d -delete" % (dvar, debugsrcdir)
         subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
diff --git a/poky/meta/classes/ptest.bbclass b/poky/meta/classes/ptest.bbclass
index 1ec23c0..c162f5d 100644
--- a/poky/meta/classes/ptest.bbclass
+++ b/poky/meta/classes/ptest.bbclass
@@ -5,6 +5,10 @@
 PTEST_PATH ?= "${libdir}/${BPN}/ptest"
 PTEST_BUILD_HOST_FILES ?= "Makefile"
 PTEST_BUILD_HOST_PATTERN ?= ""
+PTEST_PARALLEL_MAKE ?= "${PARALLEL_MAKE}"
+PTEST_PARALLEL_MAKEINST ?= "${PARALLEL_MAKEINST}"
+EXTRA_OEMAKE:prepend:task-compile-ptest-base = "${PTEST_PARALLEL_MAKE} "
+EXTRA_OEMAKE:prepend:task-install-ptest-base = "${PTEST_PARALLEL_MAKEINST} "
 
 FILES:${PN}-ptest += "${PTEST_PATH}"
 SECTION:${PN}-ptest = "devel"
diff --git a/poky/meta/classes/python_flit_core.bbclass b/poky/meta/classes/python_flit_core.bbclass
index 96652aa..7109307 100644
--- a/poky/meta/classes/python_flit_core.bbclass
+++ b/poky/meta/classes/python_flit_core.bbclass
@@ -2,4 +2,7 @@
 
 DEPENDS += "python3 python3-flit-core-native"
 
-PEP517_BUILD_API = "flit_core.buildapi"
+python_flit_core_do_manual_build () {
+    cd ${PEP517_SOURCE_PATH}
+    nativepython3 -m flit_core.wheel --outdir ${PEP517_WHEEL_PATH} .
+}
diff --git a/poky/meta/classes/python_hatchling.bbclass b/poky/meta/classes/python_hatchling.bbclass
new file mode 100644
index 0000000..984eb6b
--- /dev/null
+++ b/poky/meta/classes/python_hatchling.bbclass
@@ -0,0 +1,3 @@
+inherit python_pep517 python3native python3-dir setuptools3-base
+
+DEPENDS += "python3-hatchling-native"
diff --git a/poky/meta/classes/python_pep517.bbclass b/poky/meta/classes/python_pep517.bbclass
index 34ffdc9..7cdb9c8 100644
--- a/poky/meta/classes/python_pep517.bbclass
+++ b/poky/meta/classes/python_pep517.bbclass
@@ -4,17 +4,16 @@
 # This class will build a wheel in do_compile, and use pypa/installer to install
 # it in do_install.
 
-DEPENDS:append = " python3-installer-native"
+DEPENDS:append = " python3-picobuild-native python3-installer-native"
 
 # Where to execute the build process from
 PEP517_SOURCE_PATH ?= "${S}"
 
-# The PEP517 build API entry point
-PEP517_BUILD_API ?= "unset"
-
 # The directory where wheels will be written
 PEP517_WHEEL_PATH ?= "${WORKDIR}/dist"
 
+PEP517_PICOBUILD_OPTS ?= ""
+
 # The interpreter to use for installed scripts
 PEP517_INSTALL_PYTHON = "python3"
 PEP517_INSTALL_PYTHON:class-native = "nativepython3"
@@ -31,8 +30,7 @@
 # When we have Python 3.11 we can parse pyproject.toml to determine the build
 # API entry point directly
 python_pep517_do_compile () {
-    cd ${PEP517_SOURCE_PATH}
-    nativepython3 -c "import ${PEP517_BUILD_API} as api; api.build_wheel('${PEP517_WHEEL_PATH}')"
+    nativepython3 -m picobuild --source ${PEP517_SOURCE_PATH} --dest ${PEP517_WHEEL_PATH} --wheel ${PEP517_PICOBUILD_OPTS}
 }
 do_compile[cleandirs] += "${PEP517_WHEEL_PATH}"
 
diff --git a/poky/meta/classes/python_poetry_core.bbclass b/poky/meta/classes/python_poetry_core.bbclass
index 577663b..0aaf66b 100644
--- a/poky/meta/classes/python_poetry_core.bbclass
+++ b/poky/meta/classes/python_poetry_core.bbclass
@@ -1,5 +1,3 @@
 inherit python_pep517 python3native setuptools3-base
 
 DEPENDS += "python3-poetry-core-native"
-
-PEP517_BUILD_API = "poetry.core.masonry.api"
diff --git a/poky/meta/classes/python_setuptools_build_meta.bbclass b/poky/meta/classes/python_setuptools_build_meta.bbclass
index b2bba35..974054f 100644
--- a/poky/meta/classes/python_setuptools_build_meta.bbclass
+++ b/poky/meta/classes/python_setuptools_build_meta.bbclass
@@ -1,5 +1,3 @@
 inherit setuptools3-base python_pep517
 
 DEPENDS += "python3-setuptools-native python3-wheel-native"
-
-PEP517_BUILD_API = "setuptools.build_meta"
diff --git a/poky/meta/classes/rootfs-postcommands.bbclass b/poky/meta/classes/rootfs-postcommands.bbclass
index 3f9fdb6..452b87f 100644
--- a/poky/meta/classes/rootfs-postcommands.bbclass
+++ b/poky/meta/classes/rootfs-postcommands.bbclass
@@ -1,5 +1,5 @@
 
-# Zap the root password if debug-tweaks feature is not enabled
+# Zap the root password if debug-tweaks and empty-root-password features are not enabled
 ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'empty-root-password' ], "", "zap_empty_root_password; ",d)}'
 
 # Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks or allow-empty-password is enabled
@@ -8,7 +8,7 @@
 # Allow dropbear/openssh to accept root logins if debug-tweaks or allow-root-login is enabled
 ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-root-login' ], "ssh_allow_root_login; ", "",d)}'
 
-# Enable postinst logging if debug-tweaks is enabled
+# Enable postinst logging if debug-tweaks or post-install-logging is enabled
 ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'post-install-logging' ], "postinst_enable_logging; ", "",d)}'
 
 # Create /etc/timestamp during image construction to give a reasonably sane default time setting
@@ -140,7 +140,7 @@
 }
 
 #
-# This function is intended to disallow empty root password if 'debug-tweaks' is not in IMAGE_FEATURES.
+# This function disallows empty root passwords
 #
 zap_empty_root_password () {
 	if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then
@@ -202,7 +202,7 @@
 }
 
 #
-# Enable postinst logging if debug-tweaks is enabled
+# Enable postinst logging
 #
 postinst_enable_logging () {
 	mkdir -p ${IMAGE_ROOTFS}${sysconfdir}/default
diff --git a/poky/meta/classes/sanity.bbclass b/poky/meta/classes/sanity.bbclass
index eb0ca05..b1fac10 100644
--- a/poky/meta/classes/sanity.bbclass
+++ b/poky/meta/classes/sanity.bbclass
@@ -858,7 +858,7 @@
     mirror_vars = ['MIRRORS', 'PREMIRRORS', 'SSTATE_MIRRORS']
     protocols = ['http', 'ftp', 'file', 'https', \
                  'git', 'gitsm', 'hg', 'osc', 'p4', 'svn', \
-                 'bzr', 'cvs', 'npm', 'sftp', 'ssh', 's3', 'az' ]
+                 'bzr', 'cvs', 'npm', 'sftp', 'ssh', 's3', 'az', 'ftps']
     for mirror_var in mirror_vars:
         mirrors = (d.getVar(mirror_var) or '').replace('\\n', ' ').split()
 
diff --git a/poky/meta/classes/sstate.bbclass b/poky/meta/classes/sstate.bbclass
index 3513269..0aa901f 100644
--- a/poky/meta/classes/sstate.bbclass
+++ b/poky/meta/classes/sstate.bbclass
@@ -977,15 +977,19 @@
             localdata.delVar('BB_NO_NETWORK')
 
         from bb.fetch2 import FetchConnectionCache
-        def checkstatus_init(thread_worker):
-            thread_worker.connection_cache = FetchConnectionCache()
+        def checkstatus_init():
+            while not connection_cache_pool.full():
+                connection_cache_pool.put(FetchConnectionCache())
 
-        def checkstatus_end(thread_worker):
-            thread_worker.connection_cache.close_connections()
+        def checkstatus_end():
+            while not connection_cache_pool.empty():
+                connection_cache = connection_cache_pool.get()
+                connection_cache.close_connections()
 
-        def checkstatus(thread_worker, arg):
+        def checkstatus(arg):
             (tid, sstatefile) = arg
 
+            connection_cache = connection_cache_pool.get()
             localdata2 = bb.data.createCopy(localdata)
             srcuri = "file://" + sstatefile
             localdata2.setVar('SRC_URI', srcuri)
@@ -995,7 +999,7 @@
 
             try:
                 fetcher = bb.fetch2.Fetch(srcuri.split(), localdata2,
-                            connection_cache=thread_worker.connection_cache)
+                            connection_cache=connection_cache)
                 fetcher.checkstatus()
                 bb.debug(2, "SState: Successful fetch test for %s" % srcuri)
                 found.add(tid)
@@ -1005,6 +1009,8 @@
             except Exception as e:
                 bb.error("SState: cannot test %s: %s\n%s" % (srcuri, repr(e), traceback.format_exc()))
 
+            connection_cache_pool.put(connection_cache)
+
             if progress:
                 bb.event.fire(bb.event.ProcessProgress(msg, len(tasklist) - thread_worker.tasks.qsize()), d)
 
@@ -1025,13 +1031,13 @@
             fetcherenv = bb.fetch2.get_fetcher_environment(d)
             with bb.utils.environment(**fetcherenv):
                 bb.event.enable_threadlock()
-                pool = oe.utils.ThreadedPool(nproc, len(tasklist),
-                        worker_init=checkstatus_init, worker_end=checkstatus_end,
-                        name="sstate_checkhashes-")
-                for t in tasklist:
-                    pool.add_task(checkstatus, t)
-                pool.start()
-                pool.wait_completion()
+                import concurrent.futures
+                from queue import Queue
+                connection_cache_pool = Queue(nproc)
+                checkstatus_init()
+                with concurrent.futures.ThreadPoolExecutor(max_workers=nproc) as executor:
+                    executor.map(checkstatus, tasklist.copy())
+                checkstatus_end()
                 bb.event.disable_threadlock()
 
             if progress:
diff --git a/poky/meta/classes/testimage.bbclass b/poky/meta/classes/testimage.bbclass
index 8ffaeab..7898223 100644
--- a/poky/meta/classes/testimage.bbclass
+++ b/poky/meta/classes/testimage.bbclass
@@ -472,6 +472,9 @@
         package_list = glob.glob(idx_path + "*/*.rpm")
 
         for pkg in package_list:
+            if os.path.basename(pkg).startswith(("curl-ptest")):
+                bb.utils.remove(pkg)
+
             if not os.path.basename(pkg).startswith(("rpm", "run-postinsts", "busybox", "bash", "update-alternatives", "libc6", "curl", "musl")):
                 bb.utils.remove(pkg)
 
diff --git a/poky/meta/classes/utils.bbclass b/poky/meta/classes/utils.bbclass
index b4eb3d3..e6f7f95 100644
--- a/poky/meta/classes/utils.bbclass
+++ b/poky/meta/classes/utils.bbclass
@@ -184,6 +184,43 @@
 	chmod +x $cmd
 }
 
+create_cmdline_shebang_wrapper () {
+	# Create a wrapper script where commandline options are needed
+	#
+	# These are useful to work around shebang relocation issues, where shebangs are too
+	# long or have arguments in them, thus preventing them from using the /usr/bin/env
+	# shebang
+	#
+	# Usage: create_cmdline_wrapper FILENAME <extra-options>
+
+	cmd=$1
+	shift
+
+	echo "Generating wrapper script for $cmd"
+
+	# Strip #! and get remaining interpreter + arg
+	argument="$(sed -ne 's/^#! *//p;q' $cmd)"
+	# strip the shebang from the real script as we do not want it to be usable anyway
+	tail -n +2 $cmd > $cmd.real
+	chown --reference=$cmd $cmd.real
+	chmod --reference=$cmd $cmd.real
+	rm -f $cmd
+	cmdname=$(basename $cmd)
+	dirname=$(dirname $cmd)
+	cmdoptions=$@
+	if [ "${base_prefix}" != "" ]; then
+		relpath=`python3 -c "import os; print(os.path.relpath('${D}${base_prefix}', '$dirname'))"`
+		cmdoptions=`echo $@ | sed -e "s:${base_prefix}:\\$realdir/$relpath:g"`
+	fi
+	cat <<END >$cmd
+#!/usr/bin/env bash
+realpath=\`readlink -fn \$0\`
+realdir=\`dirname \$realpath\`
+exec -a \$realdir/$cmdname $argument \$realdir/$cmdname.real $cmdoptions "\$@"
+END
+	chmod +x $cmd
+}
+
 create_wrapper () {
 	# Create a wrapper script where extra environment variables are needed
 	#