520 files changed, 53480 insertions, 1916 deletions

diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.10.3.bb
index c770287859..37a8106bb0 100644
--- a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.10.3.bb
@@ -10,8 +10,7 @@ SRC_URI = "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \
            file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \
 "
 S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
-SRC_URI[md5sum] = "90da343e78877d388eb34cefae6799ae"
-SRC_URI[sha256sum] = "55b883aa05d94b2ec746ef3966cb41e66bed6db99f22ddd41d1b8b94bb202efb"
+SRC_URI[sha256sum] = "f20e36ee68074b845e3629e6bced4706ad053804cbaf062fbae60738f854170c"
 
 UPSTREAM_CHECK_URI = "https://www.tuxera.com/community/open-source-ntfs-3g/"
 UPSTREAM_CHECK_REGEX = "ntfs-3g_ntfsprogs-(?P<pver>\d+(\.\d+)+)\.tgz"
diff --git a/meta-filesystems/recipes-support/fuse/fuse3/0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch b/meta-filesystems/recipes-support/fuse/fuse3/0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch
new file mode 100644
index 0000000000..2207408bd2
--- /dev/null
+++ b/meta-filesystems/recipes-support/fuse/fuse3/0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch
@@ -0,0 +1,45 @@
+From cee6de8d6619aeeb70f3318dfd35f2fdf5e43848 Mon Sep 17 00:00:00 2001
+From: Luis Henriques <luis-henrix@users.noreply.github.com>
+Date: Sat, 20 Nov 2021 10:09:25 +0000
+Subject: [PATCH] test/test_syscalls.c: allow EBADF in fcheck_stat() (#631)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Test test/test_examples.py::test_passthrough_hp[False] fails because, on
+kernels >= 5.14, fstat() will return -EBADF:
+
+3 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor
+4 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor
+5 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor
+9 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor
+...
+
+This patch simply whitelists the EBADF errno code.
+
+Signed-off-by: Luís Henriques <lhenriques@suse.de>
+Co-authored-by: Luís Henriques <lhenriques@suse.de>
+
+Upstream-Status: Backport [https://github.com/libfuse/libfuse/commit/cee6de8d6619aeeb70f3318dfd35f2fdf5e43848]
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ test/test_syscalls.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/test/test_syscalls.c b/test/test_syscalls.c
+index 160a2ac..65292ed 100644
+--- a/test/test_syscalls.c
++++ b/test/test_syscalls.c
+@@ -277,7 +277,8 @@ static int fcheck_stat(int fd, int flags, struct stat *st)
+ 		if (flags & O_PATH) {
+ 			// With O_PATH fd, the server does not have to keep
+ 			// the inode alive so FUSE inode may be stale or bad
+-			if (errno == ESTALE || errno == EIO || errno == ENOENT)
++			if (errno == ESTALE || errno == EIO ||
++			    errno == ENOENT || errno == EBADF)
+ 				return 0;
+ 		}
+ 		PERROR("fstat");
+-- 
+2.25.1
+
diff --git a/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb b/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb
index e0cf2092a6..0f379afb92 100644
--- a/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://GPL2.txt;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                     file://LICENSE;md5=a55c12a2d7d742ecb41ca9ae0a6ddc66"
 
 SRC_URI = "https://github.com/libfuse/libfuse/releases/download/fuse-${PV}/fuse-${PV}.tar.xz \
+           file://0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch \
 "
 SRC_URI[sha256sum] = "b2e283485d47404ac896dd0bb7f7ba81e1470838e677e45f659804c3a3b69666"
 
@@ -35,7 +36,28 @@ RDEPENDS:${PN}-ptest += " \
 
 do_install_ptest() {
         install -d ${D}${PTEST_PATH}/test
+        install -d ${D}${PTEST_PATH}/example
+        install -d ${D}${PTEST_PATH}/util
         cp -rf ${S}/test/* ${D}${PTEST_PATH}/test/
+
+        example_excutables=`find ${B}/example -type f -executable`
+        util_excutables=`find ${B}/util -type f -executable`
+        test_excutables=`find ${B}/test -type f -executable`
+
+        for e in $example_excutables
+        do
+            cp -rf $e  ${D}${PTEST_PATH}/example/
+         done
+
+        for e in $util_excutables
+        do
+            cp -rf $e  ${D}${PTEST_PATH}/util/
+        done
+
+        for e in $test_excutables
+        do
+            cp -rf $e  ${D}${PTEST_PATH}/test
+        done
 }
 
 DEPENDS = "udev"
@@ -49,10 +71,6 @@ RRECOMMENDS:${PN}:class-target = "kernel-module-fuse fuse3-utils"
 FILES:${PN} += "${libdir}/libfuse3.so.*"
 FILES:${PN}-dev += "${libdir}/libfuse3*.la"
 
-EXTRA_OEMESON += " \
-     -Dexamples=false \
-"
-
 # Forbid auto-renaming to libfuse3-utils
 FILES:fuse3-utils = "${bindir} ${base_sbindir}"
 DEBIAN_NOAUTONAME:fuse3-utils = "1"
diff --git a/meta-gnome/recipes-connectivity/geary/geary_40.0.bb b/meta-gnome/recipes-connectivity/geary/geary_40.0.bb
index 501b27a544..7faa69c55c 100644
--- a/meta-gnome/recipes-connectivity/geary/geary_40.0.bb
+++ b/meta-gnome/recipes-connectivity/geary/geary_40.0.bb
@@ -33,7 +33,7 @@ RDEPENDS:${PN} = "gnome-keyring"
 inherit meson pkgconfig mime-xdg gtk-icon-cache gobject-introspection vala features_check
 
 SRC_URI = " \
-	git://github.com/GNOME/geary.git;nobranch=1;protocol=https \
+	git://github.com/GNOME/geary.git;branch=main;protocol=https \
         file://0001-Util.Cache.Lru-Workaround-missing-generic-type-argum.patch \
         file://0002-Fix-accessibility-issues-with-initializer-of-constan.patch \
 "
diff --git a/meta-gnome/recipes-gnome/tracker/tracker_3.3.0.bb b/meta-gnome/recipes-gnome/tracker/tracker_3.3.2.bb
index bb2396af7c..eaa0e065d1 100644
--- a/meta-gnome/recipes-gnome/tracker/tracker_3.3.0.bb
+++ b/meta-gnome/recipes-gnome/tracker/tracker_3.3.2.bb
@@ -22,7 +22,7 @@ GNOMEBASEBUILDCLASS = "meson"
 
 inherit gnomebase gsettings gobject-introspection vala gtk-doc manpages bash-completion features_check python3native
 
-SRC_URI[archive.sha256sum] = "0706f96fe7f95df42acec812c1de7b4593a0d648321ca83506a9d71e22417bda"
+SRC_URI[archive.sha256sum] = "0ed2b98918956d6f16429c607dd8a14c84f4da0a48970fd2eb8c93aba3cf9913"
 
 # gobject-introspection is mandatory and cannot be configured
 REQUIRED_DISTRO_FEATURES = "gobject-introspection-data"
diff --git a/meta-gnome/recipes-support/ibus/ibus.inc b/meta-gnome/recipes-support/ibus/ibus.inc
index 37a490abe0..bb662f2ec9 100644
--- a/meta-gnome/recipes-support/ibus/ibus.inc
+++ b/meta-gnome/recipes-support/ibus/ibus.inc
@@ -10,7 +10,7 @@ PV = "1.5.26"
 DEPENDS = "unicode-ucd"
 
 SRC_URI = " \
-    git://github.com/ibus/ibus.git;branch=master;protocol=https \
+    git://github.com/ibus/ibus.git;branch=main;protocol=https \
     file://0001-Do-not-try-to-start-dbus-we-do-not-have-dbus-lauch.patch \
 "
 SRCREV = "6a70ab0338206bd1c7d01a4e1874ea0ee5b3a9d3"
diff --git a/meta-initramfs/recipes-devtools/grubby/grubby_git.bb b/meta-initramfs/recipes-devtools/grubby/grubby_git.bb
index a276bf423c..7c40c52cf6 100644
--- a/meta-initramfs/recipes-devtools/grubby/grubby_git.bb
+++ b/meta-initramfs/recipes-devtools/grubby/grubby_git.bb
@@ -14,7 +14,7 @@ DEPENDS:append:libc-musl = " libexecinfo"
 
 S = "${WORKDIR}/git"
 SRCREV = "a1d2ae93408c3408e672d7eba4550fdf27fb0201"
-SRC_URI = "git://github.com/rhboot/grubby.git;protocol=https;;branch=master \
+SRC_URI = "git://github.com/rhboot/grubby.git;protocol=https;branch=main \
            file://grubby-rename-grub2-editenv-to-grub-editenv.patch \
            file://run-ptest \
            file://0001-Add-another-variable-LIBS-to-provides-libraries-from.patch \
diff --git a/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb b/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb
index 3e43c0d2a7..e7f918333a 100644
--- a/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb
+++ b/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb
@@ -22,4 +22,4 @@ inherit autotools pkgconfig
 CFLAGS += " -I${S}"
 
 FILES:${PN} += "${datadir}/dbus-1"
-FILES:${PN}-dev += "${libdir}/${PN}/*.so"
+FILES:${PN}-dev += "${libdir}/${BPN}/*.so"
diff --git a/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb b/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb
index b25e446c41..071379758c 100644
--- a/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb
+++ b/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb
@@ -19,4 +19,4 @@ S = "${WORKDIR}/git"
 inherit autotools pkgconfig
 
 FILES:${PN} += "${datadir}/dbus-1"
-FILES:${PN}-dev += "${libdir}/${PN}/*.so"
+FILES:${PN}-dev += "${libdir}/${BPN}/*.so"
diff --git a/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc b/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc
index 14d09e5f0b..a4590d61a9 100644
--- a/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc
+++ b/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc
@@ -4,7 +4,7 @@ SECTION = "libs/multimedia"
 LICENSE = "LGPL-2.1-only"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=fc178bcd425090939a8b634d1d6a9594"
 
-SRC_URI = "git://github.com/FluidSynth/fluidsynth.git;branch=2.2.x;protocol=https"
+SRC_URI = "git://github.com/FluidSynth/fluidsynth.git;branch=master;protocol=https"
 SRCREV = "8b00644751578ba67b709a827cbe5133d849d339"
 S = "${WORKDIR}/git"
 PV = "2.2.6"
diff --git a/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.6.bb b/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb
index c74f1074cc..13938444c8 100644
--- a/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.6.bb
+++ b/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb
@@ -21,7 +21,7 @@ DEPENDS += " \
 SRC_URI = "git://github.com/MusicPlayerDaemon/MPD;branch=v0.23.x;protocol=https \
            file://mpd.conf.in \
            "
-SRCREV = "f591193ddaa7f9bcb6c85ff5899517fc7b53e35a"
+SRCREV = "d91da9679801224847c30147f5914785b6f8f240"
 S = "${WORKDIR}/git"
 
 EXTRA_OEMESON += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '-Dsystemd=enabled -Dsystemd_system_unit_dir=${systemd_system_unitdir} -Dsystemd_user_unit_dir=${systemd_system_unitdir}', '-Dsystemd=disabled', d)}"
diff --git a/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch b/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch
new file mode 100644
index 0000000000..92094af1f2
--- /dev/null
+++ b/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch
@@ -0,0 +1,37 @@
+From 2e8dc2c28c0938dbbb85ebbac2b9a60be9ccd9f3 Mon Sep 17 00:00:00 2001
+From: Max Kellermann <max@musicpd.org>
+Date: Wed, 23 Nov 2022 12:25:50 +0100
+Subject: [PATCH] SearchPage: use regular integer to fix -Wenum-constexpr-conversion
+
+Upstream-Status: Backport [https://github.com/MusicPlayerDaemon/ncmpc/commit/ddd1757907f0376b5843f707bf182b7827ff6591]
+---
+ src/SearchPage.cxx | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/SearchPage.cxx b/src/SearchPage.cxx
+index 2fa5edbc..3f91c4fe 100644
+--- a/src/SearchPage.cxx
++++ b/src/SearchPage.cxx
+@@ -81,7 +81,7 @@ search_get_tag_id(const char *name)
+ }
+ 
+ struct SearchMode {
+-	enum mpd_tag_type table;
++	int table;
+ 	const char *label;
+ };
+ 
+@@ -89,8 +89,8 @@ static constexpr SearchMode mode[] = {
+ 	{ MPD_TAG_TITLE, N_("Title") },
+ 	{ MPD_TAG_ARTIST, N_("Artist") },
+ 	{ MPD_TAG_ALBUM, N_("Album") },
+-	{ (enum mpd_tag_type)SEARCH_URI, N_("Filename") },
+-	{ (enum mpd_tag_type)SEARCH_ARTIST_TITLE, N_("Artist + Title") },
++	{ SEARCH_URI, N_("Filename") },
++	{ SEARCH_ARTIST_TITLE, N_("Artist + Title") },
+ 	{ MPD_TAG_COUNT, nullptr }
+ };
+ 
+-- 
+2.39.0
+
diff --git a/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb b/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb
index a77d4f9783..44046912ed 100644
--- a/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb
+++ b/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb
@@ -34,6 +34,7 @@ PACKAGECONFIG[chat_screen] = "-Dchat_screen=true,-Dchat_screen=false"
 
 SRC_URI = " \
     git://github.com/MusicPlayerDaemon/ncmpc;branch=master;protocol=https \
+    file://0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch \
 "
-SRCREV = "b9b5e11e10d8f66cd672ffb51728aa447f78ecd4"
+SRCREV = "fc8de01c71acdf10ad07c7aae756dc522b848124"
 S = "${WORKDIR}/git"
diff --git a/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb b/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb
index 2b7a43b93d..b0fce73b53 100644
--- a/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb
+++ b/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb
@@ -55,7 +55,7 @@ RDEPENDS:packagegroup-meta-multimedia = "\
     tearsofsteel-1080p \
     schroedinger \
     pipewire \
-    ${@bb.utils.contains("LICENSE_FLAGS_ACCEPTED", "commercial", "projucer", "", d)} \
+    ${@bb.utils.contains("LICENSE_FLAGS_ACCEPTED", "commercial", bb.utils.contains("DISTRO_FEATURES", "x11", "projucer", "", d), "", d)} \
     libcamera \
     ${@bb.utils.contains("LICENSE_FLAGS_ACCEPTED", "commercial", "libde265 openh264", "", d)} \
     vorbis-tools \
diff --git a/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb b/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb
index b848b820c3..cb919d79e3 100644
--- a/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb
+++ b/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb
@@ -3,7 +3,7 @@ LICENSE = "CC-BY-3.0"
 # http://www.bigbuckbunny.org/index.php/about/
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/CC-BY-3.0;md5=dfa02b5755629022e267f10b9c0a2ab7"
 
-SRC_URI = "https://www.mediaspip.net/IMG/avi/big_buck_bunny_1080p_surround.avi"
+SRC_URI = "http://www.peach.themazzone.com/big_buck_bunny_1080p_surround.avi"
 SRC_URI[md5sum] = "223991c8b33564eb77988a4c13c1c76a"
 SRC_URI[sha256sum] = "69fe2cfe7154a6e752688e3a0d7d6b07b1605bbaf75b56f6470dc7b4c20c06ea"
 
diff --git a/meta-networking/classes/kernel_wireless_regdb.bbclass b/meta-networking/classes/kernel_wireless_regdb.bbclass
index 1238172bd4..9ad566c837 100644
--- a/meta-networking/classes/kernel_wireless_regdb.bbclass
+++ b/meta-networking/classes/kernel_wireless_regdb.bbclass
@@ -17,4 +17,4 @@ do_kernel_add_regdb() {
     cp ${STAGING_LIBDIR_NATIVE}/crda/db.txt ${S}/net/wireless/db.txt
 }
 do_kernel_add_regdb[dirs] = "${S}"
-addtask kernel_add_regdb before do_build after do_configure
+addtask kernel_add_regdb before do_compile after do_configure
diff --git a/meta-networking/licenses/netperf b/meta-networking/licenses/netperf
deleted file mode 100644
index 3f3ceb2fc2..0000000000
--- a/meta-networking/licenses/netperf
+++ /dev/null
@@ -1,43 +0,0 @@
-
- 
-              Copyright (C) 1993 Hewlett-Packard Company
-                         ALL RIGHTS RESERVED.
- 
-  The enclosed software and documentation includes copyrighted works
-  of Hewlett-Packard Co. For as long as you comply with the following
-  limitations, you are hereby authorized to (i) use, reproduce, and
-  modify the software and documentation, and to (ii) distribute the
-  software and documentation, including modifications, for
-  non-commercial purposes only.
-      
-  1.  The enclosed software and documentation is made available at no
-      charge in order to advance the general development of
-      high-performance networking products.
- 
-  2.  You may not delete any copyright notices contained in the
-      software or documentation. All hard copies, and copies in
-      source code or object code form, of the software or
-      documentation (including modifications) must contain at least
-      one of the copyright notices.
- 
-  3.  The enclosed software and documentation has not been subjected
-      to testing and quality control and is not a Hewlett-Packard Co.
-      product. At a future time, Hewlett-Packard Co. may or may not
-      offer a version of the software and documentation as a product.
-  
-  4.  THE SOFTWARE AND DOCUMENTATION IS PROVIDED "AS IS".
-      HEWLETT-PACKARD COMPANY DOES NOT WARRANT THAT THE USE,
-      REPRODUCTION, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
-      DOCUMENTATION WILL NOT INFRINGE A THIRD PARTY'S INTELLECTUAL
-      PROPERTY RIGHTS. HP DOES NOT WARRANT THAT THE SOFTWARE OR
-      DOCUMENTATION IS ERROR FREE. HP DISCLAIMS ALL WARRANTIES,
-      EXPRESS AND IMPLIED, WITH REGARD TO THE SOFTWARE AND THE
-      DOCUMENTATION. HP SPECIFICALLY DISCLAIMS ALL WARRANTIES OF
-      MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-  
-  5.  HEWLETT-PACKARD COMPANY WILL NOT IN ANY EVENT BE LIABLE FOR ANY
-      DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
-      (INCLUDING LOST PROFITS) RELATED TO ANY USE, REPRODUCTION,
-      MODIFICATION, OR DISTRIBUTION OF THE SOFTWARE OR DOCUMENTATION.
- 
-
diff --git a/meta-networking/recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb b/meta-networking/recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb
index 92c648708e..499b035040 100644
--- a/meta-networking/recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb
+++ b/meta-networking/recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb
@@ -17,6 +17,8 @@ SRC_URI = "https://downloads.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \
            file://0001-Makefile.am-only-build-dhcrelay.patch \
            file://0002-bind-Makefile.in-disable-backtrace.patch \
            file://0003-bind-Makefile.in-regenerate-configure.patch \
+           file://CVE-2022-2928.patch \
+           file://CVE-2022-2929.patch \
            "
 
 SRC_URI[sha256sum] = "0e3ec6b4c2a05ec0148874bcd999a66d05518378d77421f607fb0bc9d0135818"
diff --git a/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2928.patch b/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2928.patch
new file mode 100644
index 0000000000..247e8dec68
--- /dev/null
+++ b/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2928.patch
@@ -0,0 +1,120 @@
+From 2e08d138ff852820a6e87a09088d2dc2cdd15e56 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Mon, 10 Oct 2022 09:57:15 +0530
+Subject: [PATCH 1/2] CVE-2022-2928
+
+Upstream-Status: Backport [https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/]
+CVE: CVE-2022-2928
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ common/options.c               |  7 +++++
+ common/tests/option_unittest.c | 54 ++++++++++++++++++++++++++++++++++
+ 2 files changed, 61 insertions(+)
+
+diff --git a/common/options.c b/common/options.c
+index 92c8fee..f0959cb 100644
+--- a/common/options.c
++++ b/common/options.c
+@@ -4452,6 +4452,8 @@ add_option(struct option_state *options,
+ 	if (!option_cache_allocate(&oc, MDL)) {
+ 		log_error("No memory for option cache adding %s (option %d).",
+ 			  option->name, option_num);
++		/* Get rid of reference created during hash lookup. */
++		option_dereference(&option, MDL);
+ 		return 0;
+ 	}
+ 
+@@ -4463,6 +4465,8 @@ add_option(struct option_state *options,
+ 			     MDL)) {
+ 		log_error("No memory for constant data adding %s (option %d).",
+ 			  option->name, option_num);
++		/* Get rid of reference created during hash lookup. */
++		option_dereference(&option, MDL);
+ 		option_cache_dereference(&oc, MDL);
+ 		return 0;
+ 	}
+@@ -4471,6 +4475,9 @@ add_option(struct option_state *options,
+ 	save_option(&dhcp_universe, options, oc);
+ 	option_cache_dereference(&oc, MDL);
+ 
++	/* Get rid of reference created during hash lookup. */
++	option_dereference(&option, MDL);
++
+ 	return 1;
+ }
+ 
+diff --git a/common/tests/option_unittest.c b/common/tests/option_unittest.c
+index 600ebe6..963b566 100644
+--- a/common/tests/option_unittest.c
++++ b/common/tests/option_unittest.c
+@@ -213,6 +213,59 @@ ATF_TC_BODY(parse_X, tc)
+     }
+ }
+ 
++ATF_TC(add_option_ref_cnt);
++
++ATF_TC_HEAD(add_option_ref_cnt, tc)
++{
++    atf_tc_set_md_var(tc, "descr",
++        "Verify add_option() does not leak option ref counts.");
++}
++
++ATF_TC_BODY(add_option_ref_cnt, tc)
++{
++    struct option_state *options = NULL;
++    struct option *option = NULL;
++    unsigned int cid_code = DHO_DHCP_CLIENT_IDENTIFIER;
++    char *cid_str = "1234";
++    int refcnt_before = 0;
++
++    // Look up the option we're going to add.
++    initialize_common_option_spaces();
++    if (!option_code_hash_lookup(&option, dhcp_universe.code_hash,
++                                 &cid_code, 0, MDL)) {
++        atf_tc_fail("cannot find option definition?");
++    }
++
++    // Get the option's reference count before we call add_options.
++    refcnt_before = option->refcnt;
++
++    // Allocate a option_state to which to add an option.
++    if (!option_state_allocate(&options, MDL)) {
++	    atf_tc_fail("cannot allocat options state");
++    }
++
++    // Call add_option() to add the option to the option state.
++    if (!add_option(options, cid_code, cid_str, strlen(cid_str))) {
++	    atf_tc_fail("add_option returned 0");
++    }
++
++    // Verify that calling add_option() only adds 1 to the option ref count.
++    if (option->refcnt != (refcnt_before + 1)) {
++        atf_tc_fail("after add_option(), count is wrong, before %d, after: %d",
++                    refcnt_before, option->refcnt);
++    }
++
++    // Derefrence the option_state, this should reduce the ref count to
++    // it's starting value.
++    option_state_dereference(&options, MDL);
++
++    // Verify that dereferencing option_state restores option ref count.
++    if (option->refcnt != refcnt_before) {
++        atf_tc_fail("after state deref, count is wrong, before %d, after: %d",
++                    refcnt_before, option->refcnt);
++    }
++}
++
+ /* This macro defines main() method that will call specified
+    test cases. tp and simple_test_case names can be whatever you want
+    as long as it is a valid variable identifier. */
+@@ -221,6 +274,7 @@ ATF_TP_ADD_TCS(tp)
+     ATF_TP_ADD_TC(tp, option_refcnt);
+     ATF_TP_ADD_TC(tp, pretty_print_option);
+     ATF_TP_ADD_TC(tp, parse_X);
++    ATF_TP_ADD_TC(tp, add_option_ref_cnt);
+ 
+     return (atf_no_error());
+ }
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2929.patch b/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2929.patch
new file mode 100644
index 0000000000..faaac4868c
--- /dev/null
+++ b/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2929.patch
@@ -0,0 +1,40 @@
+From 5436cafe1d7df409a44ff5f610248db57f0677ee Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Mon, 10 Oct 2022 09:58:04 +0530
+Subject: [PATCH 2/2] CVE-2022-2929
+
+Upstream-Status: Backport [https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/]
+CVE: CVE-2022-2929
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ common/options.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/common/options.c b/common/options.c
+index f0959cb..25450e1 100644
+--- a/common/options.c
++++ b/common/options.c
+@@ -454,16 +454,16 @@ int fqdn_universe_decode (struct option_state *options,
+ 		while (s < &bp -> data[0] + length + 2) {
+ 			len = *s;
+ 			if (len > 63) {
+-				log_info ("fancy bits in fqdn option");
+-				return 0;
++				log_info ("label length exceeds 63 in fqdn option");
++				goto bad;
+ 			}
+ 			if (len == 0) {
+ 				terminated = 1;
+ 				break;
+ 			}
+ 			if (s + len > &bp -> data [0] + length + 3) {
+-				log_info ("fqdn tag longer than buffer");
+-				return 0;
++				log_info ("fqdn label longer than buffer");
++				goto bad;
+ 			}
+ 
+ 			if (first_len == 0) {
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-connectivity/freeradius/files/0001-version.c-don-t-print-build-flags.patch b/meta-networking/recipes-connectivity/freeradius/files/0001-version.c-don-t-print-build-flags.patch
new file mode 100644
index 0000000000..697205efe0
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/0001-version.c-don-t-print-build-flags.patch
@@ -0,0 +1,41 @@
+From cbc64dcf6aa2a1be63f45ea6dd7d2c49b70a0bee Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Wed, 3 Aug 2022 16:44:29 +0800
+Subject: [PATCH] version.c: don't print build flags
+
+Don't print the build flags to avoid collecting the build environment info.
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ src/main/version.c | 13 -------------
+ 1 file changed, 13 deletions(-)
+
+diff --git a/src/main/version.c b/src/main/version.c
+index 62972d9f53..cf81de72c9 100644
+--- a/src/main/version.c
++++ b/src/main/version.c
+@@ -589,19 +589,6 @@ void version_print(void)
+ 		DEBUG2("  unknown");
+ #endif
+ 
+-		DEBUG2("Compilation flags:");
+-#ifdef BUILT_WITH_CPPFLAGS
+-		DEBUG2("  cppflags : " BUILT_WITH_CPPFLAGS);
+-#endif
+-#ifdef BUILT_WITH_CFLAGS
+-		DEBUG2("  cflags   : " BUILT_WITH_CFLAGS);
+-#endif
+-#ifdef BUILT_WITH_LDFLAGS
+-		DEBUG2("  ldflags  : " BUILT_WITH_LDFLAGS);
+-#endif
+-#ifdef BUILT_WITH_LIBS
+-		DEBUG2("  libs     : " BUILT_WITH_LIBS);
+-#endif
+ 		DEBUG2("  ");
+ 	}
+ 	INFO("FreeRADIUS Version " RADIUSD_VERSION_STRING);
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch
new file mode 100644
index 0000000000..4ea519c752
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch
@@ -0,0 +1,118 @@
+From f1cdbb33ec61c4a64a32e107d4d02f936051c708 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Mon, 7 Feb 2022 22:26:05 -0500
+Subject: [PATCH] it's probably wrong to be completely retarded.  Let's fix
+ that.
+
+CVE: CVE-2022-41860
+
+Upstream-Status: Backport
+[https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/modules/rlm_eap/libeap/eapsimlib.c | 69 +++++++++++++++++++-------
+ 1 file changed, 52 insertions(+), 17 deletions(-)
+
+diff --git a/src/modules/rlm_eap/libeap/eapsimlib.c b/src/modules/rlm_eap/libeap/eapsimlib.c
+index cf1e8a7dd9..e438a844ea 100644
+--- a/src/modules/rlm_eap/libeap/eapsimlib.c
++++ b/src/modules/rlm_eap/libeap/eapsimlib.c
+@@ -307,42 +307,77 @@ int unmap_eapsim_basictypes(RADIUS_PACKET *r,
+ 	newvp->vp_length = 1;
+ 	fr_pair_add(&(r->vps), newvp);
+ 
++	/*
++	 *	EAP-SIM has a 1 octet of subtype, and 2 octets
++	 *	reserved.
++	 */
+ 	attr     += 3;
+ 	attrlen  -= 3;
+ 
+-	/* now, loop processing each attribute that we find */
+-	while(attrlen > 0) {
++	/*
++	 *	Loop over each attribute.  The format is:
++	 *
++	 *	1 octet of type
++	 *	1 octet of length (value 1..255)
++	 *	((4 * length) - 2) octets of data.
++	 */
++	while (attrlen > 0) {
+ 		uint8_t *p;
+ 
+-		if(attrlen < 2) {
++		if (attrlen < 2) {
+ 			fr_strerror_printf("EAP-Sim attribute %d too short: %d < 2", es_attribute_count, attrlen);
+ 			return 0;
+ 		}
+ 
++		if (!attr[1]) {
++			fr_strerror_printf("EAP-Sim attribute %d (no.%d) has no data", eapsim_attribute,
++					   es_attribute_count);
++			return 0;
++		}
++
+ 		eapsim_attribute = attr[0];
+ 		eapsim_len = attr[1] * 4;
+ 
++		/*
++		 *	The length includes the 2-byte header.
++		 */
+ 		if (eapsim_len > attrlen) {
+ 			fr_strerror_printf("EAP-Sim attribute %d (no.%d) has length longer than data (%d > %d)",
+ 					   eapsim_attribute, es_attribute_count, eapsim_len, attrlen);
+ 			return 0;
+ 		}
+ 
+-		if(eapsim_len > MAX_STRING_LEN) {
+-			eapsim_len = MAX_STRING_LEN;
+-		}
+-		if (eapsim_len < 2) {
+-			fr_strerror_printf("EAP-Sim attribute %d (no.%d) has length too small", eapsim_attribute,
+-					   es_attribute_count);
+-			return 0;
+-		}
++		newvp = fr_pair_afrom_num(r, eapsim_attribute + PW_EAP_SIM_BASE, 0);
++		if (!newvp) {
++			/*
++			 *	RFC 4186 Section 8.1 says 0..127 are
++			 *	"non-skippable".  If one such
++			 *	attribute is found and we don't
++			 *	understand it, the server has to send:
++			 *
++			 *	EAP-Request/SIM/Notification packet with an
++			 *	(AT_NOTIFICATION code, which implies general failure ("General
++			 *	failure after authentication" (0), or "General failure" (16384),
++			 *	depending on the phase of the exchange), which terminates the
++			 *	authentication exchange.
++			 */
++			if (eapsim_attribute <= 127) {
++				fr_strerror_printf("Unknown mandatory attribute %d, failing",
++						   eapsim_attribute);
++				return 0;
++			}
+ 
+-		newvp = fr_pair_afrom_num(r, eapsim_attribute+PW_EAP_SIM_BASE, 0);
+-		newvp->vp_length = eapsim_len-2;
+-		newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length);
+-		memcpy(p, &attr[2], eapsim_len-2);
+-		fr_pair_add(&(r->vps), newvp);
+-		newvp = NULL;
++		} else {
++			/*
++			 *	It's known, ccount for header, and
++			 *	copy the value over.
++			 */
++			newvp->vp_length = eapsim_len - 2;
++
++			newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length);
++			memcpy(p, &attr[2], newvp->vp_length);
++			fr_pair_add(&(r->vps), newvp);
++		}
+ 
+ 		/* advance pointers, decrement length */
+ 		attr += eapsim_len;
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch
new file mode 100644
index 0000000000..352c02137a
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch
@@ -0,0 +1,53 @@
+From 0ec2b39d260e08e4c3464f6b95005821dc559c62 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Mon, 28 Feb 2022 10:34:15 -0500
+Subject: [PATCH] manual port of commit 5906bfa1
+
+CVE: CVE-2022-41861
+
+Upstream-Status: Backport
+[https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/lib/filters.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib/filters.c b/src/lib/filters.c
+index 4868cd385d..3f3b63daee 100644
+--- a/src/lib/filters.c
++++ b/src/lib/filters.c
+@@ -1205,13 +1205,19 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in
+ 			}
+ 		}
+ 	} else if (filter->type == RAD_FILTER_GENERIC) {
+-		int count;
++		size_t count, masklen;
++
++		masklen = ntohs(filter->u.generic.len);
++		if (masklen >= sizeof(filter->u.generic.mask)) {
++			*p = '\0';
++			return;
++		}
+ 
+ 		i = snprintf(p, outlen, " %u ", (unsigned int) ntohs(filter->u.generic.offset));
+ 		p += i;
+ 
+ 		/* show the mask */
+-		for (count = 0; count < ntohs(filter->u.generic.len); count++) {
++		for (count = 0; count < masklen; count++) {
+ 			i = snprintf(p, outlen, "%02x", filter->u.generic.mask[count]);
+ 			p += i;
+ 			outlen -= i;
+@@ -1222,7 +1228,7 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in
+ 		outlen--;
+ 
+ 		/* show the value */
+-		for (count = 0; count < ntohs(filter->u.generic.len); count++) {
++		for (count = 0; count < masklen; count++) {
+ 			i = snprintf(p, outlen, "%02x", filter->u.generic.value[count]);
+ 			p += i;
+ 			outlen -= i;
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
index da7e60419e..db37f65918 100644
--- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
+++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
@@ -32,10 +32,20 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0
     file://radiusd.service \
     file://radiusd-volatiles.conf \
     file://check-openssl-cmds-in-script-bootstrap.patch \
+    file://0001-version.c-don-t-print-build-flags.patch \
+    file://CVE-2022-41860.patch \
+    file://CVE-2022-41861.patch \
 "
 
+raddbdir="${sysconfdir}/${MLPREFIX}raddb"
+
 SRCREV = "af428abda249b2279ba0582180985a9f6f4a144a"
 
+CVE_CHECK_IGNORE = "\
+    CVE-2002-0318 \
+    CVE-2011-4966 \
+"
+
 PARALLEL_MAKE = ""
 
 S = "${WORKDIR}/git"
@@ -48,6 +58,7 @@ EXTRA_OECONF = " --enable-strict-dependencies \
         --with-docdir=${docdir}/freeradius-${PV} \
         --with-openssl-includes=${STAGING_INCDIR} \
         --with-openssl-libraries=${STAGING_LIBDIR} \
+        --with-raddbdir=${raddbdir} \
         --without-rlm_ippool \
         --without-rlm_cache_memcached \
         --without-rlm_counter \
@@ -98,7 +109,9 @@ PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl"
 PACKAGECONFIG[rlm-eap-fast] = "--with-rlm_eap_fast, --without-rlm_eap_fast"
 PACKAGECONFIG[rlm-eap-pwd] = "--with-rlm_eap_pwd, --without-rlm_eap_pwd"
 
-inherit useradd autotools-brokensep update-rc.d systemd
+inherit useradd autotools-brokensep update-rc.d systemd multilib_script multilib_header
+
+MULTILIB_SCRIPTS = "${PN}:${sbindir}/checkrad"
 
 # This is not a cpan or python based package, but it needs some definitions
 # from cpan-base and python3-dir bbclasses for building rlm_perl and rlm_python
@@ -141,7 +154,7 @@ do_install() {
     oe_runmake install R=${D} INSTALLSTRIP=""
 
     # remove unsupported config files
-    rm -f ${D}/${sysconfdir}/raddb/experimental.conf
+    rm -f ${D}/${raddbdir}/experimental.conf
 
     # remove scripts that required Perl(DBI)
     rm -rf ${D}/${bindir}/radsqlrelay
@@ -153,7 +166,7 @@ do_install() {
     rm -rf ${D}/${localstatedir}/log/
     install -m 0644 ${WORKDIR}/volatiles.58_radiusd  ${D}${sysconfdir}/default/volatiles/58_radiusd
 
-    chown -R radiusd:radiusd ${D}/${sysconfdir}/raddb/
+    chown -R radiusd:radiusd ${D}/${raddbdir}
     chown -R radiusd:radiusd ${D}/${localstatedir}/lib/radiusd
 
     # For systemd
@@ -169,6 +182,9 @@ do_install() {
         install -d ${D}${sysconfdir}/tmpfiles.d/
         install -m 0644 ${WORKDIR}/radiusd-volatiles.conf ${D}${sysconfdir}/tmpfiles.d/radiusd.conf
     fi
+    oe_multilib_header freeradius/autoconf.h 
+    oe_multilib_header freeradius/missing.h
+    oe_multilib_header freeradius/radpaths.h
 }
 
 # This is only needed when we install/update on a running target.
@@ -183,7 +199,7 @@ pkg_postinst:${PN} () {
         fi
 
         # Fix ownership for /etc/raddb/*, /var/lib/radiusd
-        chown -R radiusd:radiusd ${sysconfdir}/raddb
+        chown -R radiusd:radiusd ${raddbdir}
         chown -R radiusd:radiusd ${localstatedir}/lib/radiusd
     fi
 }
@@ -204,30 +220,30 @@ PACKAGES =+ "${PN}-utils ${PN}-ldap ${PN}-krb5 ${PN}-perl \
 FILES:${PN}-utils = "${bindir}/*"
 
 FILES:${PN}-ldap = "${libdir}/rlm_ldap.so* \
-    ${sysconfdir}/raddb/mods-available/ldap \
+    ${raddbdir}/mods-available/ldap \
 "
 
 FILES:${PN}-krb5 = "${libdir}/rlm_krb5.so* \
-    ${sysconfdir}/raddb/mods-available/krb5 \
+    ${raddbdir}/mods-available/krb5 \
 "
 
 FILES:${PN}-perl = "${libdir}/rlm_perl.so* \
-    ${sysconfdir}/raddb/mods-config/perl \
-    ${sysconfdir}/raddb/mods-available/perl \
+    ${raddbdir}/mods-config/perl \
+    ${raddbdir}/mods-available/perl \
 "
 
 FILES:${PN}-python = "${libdir}/rlm_python3.so* \
-    ${sysconfdir}/raddb/mods-config/python3 \
-    ${sysconfdir}/raddb/mods-available/python3 \
+    ${raddbdir}/mods-config/python3 \
+    ${raddbdir}/mods-available/python3 \
 "
 
 FILES:${PN}-mysql = "${libdir}/rlm_sql_mysql.so* \
-    ${sysconfdir}/raddb/mods-config/sql/*/mysql \
-    ${sysconfdir}/raddb/mods-available/sql \
+    ${raddbdir}/mods-config/sql/*/mysql \
+    ${raddbdir}/mods-available/sql \
 "
 
 FILES:${PN}-postgresql = "${libdir}/rlm_sql_postgresql.so* \
-    ${sysconfdir}/raddb/mods-config/sql/*/postgresql \
+    ${raddbdir}/mods-config/sql/*/postgresql \
 "
 
 FILES:${PN}-unixodbc = "${libdir}/rlm_sql_unixodbc.so*"
diff --git a/meta-networking/recipes-connectivity/libdnet/libdnet_1.14.bb b/meta-networking/recipes-connectivity/libdnet/libdnet_1.14.bb
index 9f2ff51576..c7cd21b6bf 100644
--- a/meta-networking/recipes-connectivity/libdnet/libdnet_1.14.bb
+++ b/meta-networking/recipes-connectivity/libdnet/libdnet_1.14.bb
@@ -4,7 +4,7 @@ SECTION = "libs"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=0036c1b155f4e999f3e0a373490b5db9"
 
-SRC_URI = "git://github.com/dugsong/libdnet.git;nobranch=1;protocol=https"
+SRC_URI = "git://github.com/dugsong/libdnet.git;branch=master;protocol=https"
 SRCREV = "3e782472d2a58d5e1b94d04eda4a364c2d257600"
 
 UPSTREAM_CHECK_GITTAGREGEX = "libdnet-(?P<pver>\d+(\.\d+)+)"
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-AES-NI-use-target-attributes-for-x86-32-bit-intrinsi.patch b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-AES-NI-use-target-attributes-for-x86-32-bit-intrinsi.patch
new file mode 100644
index 0000000000..5030fb99f9
--- /dev/null
+++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-AES-NI-use-target-attributes-for-x86-32-bit-intrinsi.patch
@@ -0,0 +1,87 @@
+From 80d3e73ad0648f558a067a9dbfe3bc80e6b614f8 Mon Sep 17 00:00:00 2001
+From: Beniamin Sandu <beniaminsandu@gmail.com>
+Date: Mon, 30 Oct 2023 19:15:56 +0000
+Subject: [PATCH] AES-NI: use target attributes for x86 32-bit intrinsics
+
+This way we build with 32-bit gcc/clang out of the box.
+We also fallback to assembly for 64-bit clang-cl if needed cpu
+flags are not provided, instead of throwing an error.
+
+Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/commit/800f2b7c020678a84abfa9688962b91c36e6693d]
+
+Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
+---
+ library/aesni.c | 20 ++++++++++++++++++++
+ library/aesni.h |  8 +++++---
+ 2 files changed, 25 insertions(+), 3 deletions(-)
+
+diff --git a/library/aesni.c b/library/aesni.c
+index 5f25a8249..481fa3822 100644
+--- a/library/aesni.c
++++ b/library/aesni.c
+@@ -41,6 +41,17 @@
+ #include <immintrin.h>
+ #endif
+
++#if defined(MBEDTLS_ARCH_IS_X86)
++#if defined(MBEDTLS_COMPILER_IS_GCC)
++#pragma GCC push_options
++#pragma GCC target ("pclmul,sse2,aes")
++#define MBEDTLS_POP_TARGET_PRAGMA
++#elif defined(__clang__)
++#pragma clang attribute push (__attribute__((target("pclmul,sse2,aes"))), apply_to=function)
++#define MBEDTLS_POP_TARGET_PRAGMA
++#endif
++#endif
++
+ #if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
+ /*
+  * AES-NI support detection routine
+@@ -396,6 +407,15 @@ static void aesni_setkey_enc_256(unsigned char *rk_bytes,
+ }
+ #endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
+
++#if defined(MBEDTLS_POP_TARGET_PRAGMA)
++#if defined(__clang__)
++#pragma clang attribute pop
++#elif defined(__GNUC__)
++#pragma GCC pop_options
++#endif
++#undef MBEDTLS_POP_TARGET_PRAGMA
++#endif
++
+ #else /* MBEDTLS_AESNI_HAVE_CODE == 1 */
+
+ #if defined(__has_feature)
+diff --git a/library/aesni.h b/library/aesni.h
+index ba1429029..37ae02c82 100644
+--- a/library/aesni.h
++++ b/library/aesni.h
+@@ -50,6 +50,10 @@
+ #if defined(__GNUC__) && defined(__AES__) && defined(__PCLMUL__)
+ #define MBEDTLS_AESNI_HAVE_INTRINSICS
+ #endif
++/* For 32-bit, we only support intrinsics */
++#if defined(MBEDTLS_ARCH_IS_X86) && (defined(__GNUC__) || defined(__clang__))
++#define MBEDTLS_AESNI_HAVE_INTRINSICS
++#endif
+
+ /* Choose the implementation of AESNI, if one is available.
+  *
+@@ -60,13 +64,11 @@
+ #if defined(MBEDTLS_AESNI_HAVE_INTRINSICS)
+ #define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics
+ #elif defined(MBEDTLS_HAVE_ASM) && \
+-    defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X64)
++    (defined(__GNUC__) || defined(__clang__)) && defined(MBEDTLS_ARCH_IS_X64)
+ /* Can we do AESNI with inline assembly?
+  * (Only implemented with gas syntax, only for 64-bit.)
+  */
+ #define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly
+-#elif defined(__GNUC__)
+-#   error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C"
+ #else
+ #error "MBEDTLS_AESNI_C defined, but neither intrinsics nor assembly available"
+ #endif
+--
+2.34.1
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/run-ptest b/meta-networking/recipes-connectivity/mbedtls/mbedtls/run-ptest
new file mode 100644
index 0000000000..059ab4ecbb
--- /dev/null
+++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls/run-ptest
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+ptestdir=$(dirname "$(readlink -f "$0")")
+cd "$ptestdir"/tests || exit
+
+tests=$(find * -type f -name 'test_suite_*')
+
+for f in $tests
+do
+    if test -x ./"$f"; then
+        if ./"$f" > ./"$f".out 2> ./"$f".err; then
+            echo "PASS: $f"
+        else
+            echo "FAIL: $f"
+        fi
+    fi
+done
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.0.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.7.bb
index d4a9c7bf8d..793cdcaff7 100644
--- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.0.bb
+++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.7.bb
@@ -17,16 +17,16 @@ understand what the code does. It features:                          \
 
 HOMEPAGE = "https://tls.mbed.org/"
 
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
+LICENSE = "Apache-2.0 | GPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=379d5819937a6c2f1ef1630d341e026d"
 
 SECTION = "libs"
 
 S = "${WORKDIR}/git"
-SRCREV = "8b3f26a5ac38d4fdccbc5c5366229f3e01dafcc0"
+SRCREV = "555f84735aecdbd76a566cf087ec8425dfb0c8ab"
 SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=mbedtls-2.28"
 
-inherit cmake
+inherit cmake update-alternatives
 
 PACKAGECONFIG ??= "shared-libs programs"
 PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF"
@@ -41,4 +41,7 @@ RPROVIDES:${PN} = "polarssl"
 PACKAGES =+ "${PN}-programs"
 FILES:${PN}-programs = "${bindir}/"
 
+ALTERNATIVE:${PN}-programs = "hello"
+ALTERNATIVE_LINK_NAME[hello] = "${bindir}/hello"
+
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.2.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.2.bb
new file mode 100644
index 0000000000..2fedac48cf
--- /dev/null
+++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.2.bb
@@ -0,0 +1,81 @@
+SUMMARY = "Lightweight crypto and SSL/TLS library"
+DESCRIPTION = "mbedtls is a lean open source crypto library          \
+for providing SSL and TLS support in your programs. It offers        \
+an intuitive API and documented header files, so you can actually    \
+understand what the code does. It features:                          \
+                                                                     \
+ - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4,  \
+   Camellia and XTEA                                                 \
+ - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5            \
+ - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG   \
+ - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \
+   ECDSA and ECDH                                                    \
+ - SSL v3 and TLS 1.0, 1.1 and 1.2                                   \
+ - Abstraction layers for ciphers, hashes, public key operations,    \
+   platform abstraction and threading                                \
+"
+
+HOMEPAGE = "https://tls.mbed.org/"
+
+LICENSE = "Apache-2.0 | GPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=379d5819937a6c2f1ef1630d341e026d"
+
+SECTION = "libs"
+
+S = "${WORKDIR}/git"
+SRCREV = "daca7a3979c22da155ec9dce49ab1abf3b65d3a9"
+SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master \
+	file://0001-AES-NI-use-target-attributes-for-x86-32-bit-intrinsi.patch \
+	file://run-ptest"
+UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
+
+inherit cmake update-alternatives ptest
+
+# Build with the v2 LTS version by default
+DEFAULT_PREFERENCE = "-1"
+
+PACKAGECONFIG ??= "shared-libs programs ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
+PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF"
+PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF"
+PACKAGECONFIG[werror] = "-DMBEDTLS_FATAL_WARNINGS=ON,-DMBEDTLS_FATAL_WARNINGS=OFF"
+# Make X.509 and TLS calls use PSA
+# https://github.com/Mbed-TLS/mbedtls/blob/development/docs/use-psa-crypto.md
+PACKAGECONFIG[psa] = ""
+PACKAGECONFIG[tests] = "-DENABLE_TESTING=ON,-DENABLE_TESTING=OFF"
+
+EXTRA_OECMAKE = "-DLIB_INSTALL_DIR:STRING=${libdir}"
+
+# For now the only way to enable PSA is to explicitly pass a -D via CFLAGS
+CFLAGS:append = "${@bb.utils.contains('PACKAGECONFIG', 'psa', ' -DMBEDTLS_USE_PSA_CRYPTO', '', d)}"
+
+PROVIDES += "polarssl"
+RPROVIDES:${PN} = "polarssl"
+
+PACKAGES =+ "${PN}-programs"
+FILES:${PN}-programs = "${bindir}/"
+
+ALTERNATIVE:${PN}-programs = "hello"
+ALTERNATIVE_LINK_NAME[hello] = "${bindir}/hello"
+
+BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT = "mbed_tls"
+
+# Strip host paths from autogenerated test files
+do_compile:append() {
+	sed -i 's+${S}/++g' ${B}/tests/*.c 2>/dev/null || :
+	sed -i 's+${B}/++g' ${B}/tests/*.c 2>/dev/null || :
+}
+
+# Export source files/headers needed by Arm Trusted Firmware
+sysroot_stage_all:append() {
+	sysroot_stage_dir "${S}/library" "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/library"
+	sysroot_stage_dir "${S}/include" "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/include"
+}
+
+do_install_ptest () {
+	install -d ${D}${PTEST_PATH}/tests
+	cp -f ${B}/tests/test_suite_* ${D}${PTEST_PATH}/tests/
+	find ${D}${PTEST_PATH}/tests/ -type f -name "*.c" -delete
+	cp -fR ${S}/tests/data_files ${D}${PTEST_PATH}/tests/
+}
diff --git a/meta-networking/recipes-connectivity/mosquitto/files/2894.patch b/meta-networking/recipes-connectivity/mosquitto/files/2894.patch
new file mode 100644
index 0000000000..7374cbd26f
--- /dev/null
+++ b/meta-networking/recipes-connectivity/mosquitto/files/2894.patch
@@ -0,0 +1,25 @@
+From: Joachim Zobel <jz-2017@heute-morgen.de>
+Date: Wed, 13 Sep 2023 09:55:34 +0200
+Subject: [PATCH] Link correctly with shared websockets library if needed see:
+ https://github.com/eclipse/mosquitto/pull/2751
+
+Patch contributed by Joachim Zobel <jz-2017@heute-morgen.de> and  Daniel Engberg <daniel.engberg.lists@pyret.net>
+---
+Upstream-Status: Pending
+
+ src/CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index 9380a04..dce8313 100644
+--- a/src/CMakeLists.txt
++++ b/src/CMakeLists.txt
+@@ -200,7 +200,7 @@ if (WITH_WEBSOCKETS)
+ 			link_directories(${mosquitto_SOURCE_DIR})
+ 		endif (WIN32)
+ 	else (STATIC_WEBSOCKETS)
+-		set (MOSQ_LIBS ${MOSQ_LIBS} websockets)
++		set (MOSQ_LIBS ${MOSQ_LIBS} websockets_shared)
+ 	endif (STATIC_WEBSOCKETS)
+ endif (WITH_WEBSOCKETS)
+ 
diff --git a/meta-networking/recipes-connectivity/mosquitto/files/2895.patch b/meta-networking/recipes-connectivity/mosquitto/files/2895.patch
new file mode 100644
index 0000000000..853f881754
--- /dev/null
+++ b/meta-networking/recipes-connectivity/mosquitto/files/2895.patch
@@ -0,0 +1,27 @@
+From: Joachim Zobel <jz-2017@heute-morgen.de>
+Date: Wed, 13 Sep 2023 10:05:43 +0200
+Subject: [PATCH] Mosquitto now waits for network-online when starting
+ (Closes: #1036450)
+
+See: https://github.com/eclipse/mosquitto/issues/2878
+---
+Upstream-Status: Pending
+
+ service/systemd/mosquitto.service.simple | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/service/systemd/mosquitto.service.simple b/service/systemd/mosquitto.service.simple
+index 15ee0d6..c2a330b 100644
+--- a/service/systemd/mosquitto.service.simple
++++ b/service/systemd/mosquitto.service.simple
+@@ -1,8 +1,8 @@
+ [Unit]
+ Description=Mosquitto MQTT Broker
+ Documentation=man:mosquitto.conf(5) man:mosquitto(8)
+-After=network.target
+-Wants=network.target
++After=network-online.target
++Wants=network-online.target
+ 
+ [Service]
+ ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
diff --git a/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init b/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init
index 9d5963c418..d0da219d6d 100644
--- a/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init
+++ b/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init
@@ -1,18 +1,18 @@
-#! /bin/sh
+#!/bin/sh
 
 # Based on the Debian initscript for mosquitto
 
 ### BEGIN INIT INFO
-# Provides:         mosquitto
-# Required-Start:   $remote_fs $syslog
-# Required-Stop:    $remote_fs $syslog
-# Default-Start:    2 3 4 5
-# Default-Stop:     0 1 6
-# Short-Description:    mosquitto MQTT message broker
-# Description: 
-#  This is a message broker that supports version 3.1/3.1.1 of the MQ Telemetry
+# Provides:       mosquitto
+# Required-Start: $remote_fs $syslog
+# Required-Stop:  $remote_fs $syslog
+# Default-Start:  2 3 4 5
+# Default-Stop:   0 1 6
+# Short-Description: mosquitto MQTT 3.1/3.1.1 message broker
+# Description:
+#  This is a message broker that supports version 3.1 of the MQ Telemetry
 #  Transport (MQTT) protocol.
-#  
+#
 #  MQTT provides a method of carrying out messaging using a publish/subscribe
 #  model. It is lightweight, both in terms of bandwidth usage and ease of
 #  implementation. This makes it particularly useful at the edge of the network
diff --git a/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.14.bb b/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.18.bb
index 739b7de625..ea9eb4857b 100644
--- a/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.14.bb
+++ b/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.18.bb
@@ -17,13 +17,15 @@ DEPENDS = "uthash cjson"
 SRC_URI = "http://mosquitto.org/files/source/mosquitto-${PV}.tar.gz \
            file://mosquitto.init \
            file://1571.patch \
+           file://2894.patch \
+           file://2895.patch \
 "
 
-SRC_URI[sha256sum] = "d0dde8fdb12caf6e2426b4f28081919a2fce3448773bdb8af0d3cd5fe5776925"
+SRC_URI[sha256sum] = "d665fe7d0032881b1371a47f34169ee4edab67903b2cd2b4c083822823f4448a"
 
 inherit systemd update-rc.d useradd cmake pkgconfig
 
-PACKAGECONFIG ??= "ssl dlt websockets \
+PACKAGECONFIG ??= "ssl websockets \
                   ${@bb.utils.filter('DISTRO_FEATURES','systemd', d)} \
                   "
 
@@ -87,4 +89,4 @@ USERADD_PACKAGES = "${PN}"
 USERADD_PARAM:${PN} = "--system --no-create-home --shell /bin/false \
                        --user-group mosquitto"
 
-BBCLASSEXTEND += "native nativesdk"
+BBCLASSEXTEND = "native"
diff --git a/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb b/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb
index e715135dc3..03eff43dd2 100644
--- a/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb
+++ b/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb
@@ -9,11 +9,11 @@ LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://../LICENSE;md5=f399b62ce0a152525d1589a5a40c0ff6"
 DEPENDS = "asio fmt http-parser"
 
-SRC_URI = "https://github.com/Stiffstream/restinio/releases/download/v.${PV}/restinio-${PV}.tar.bz2"
+SRC_URI = "https://github.com/Stiffstream/restinio/releases/download/v.${PV}/${BP}.tar.bz2"
 SRC_URI[md5sum] = "37a4310e98912030a74bdd4ed789f33c"
 SRC_URI[sha256sum] = "b35d696e6fafd4563ca708fcecf9d0cf6705c846d417b5000f5252e0188848e7"
 
-S = "${WORKDIR}/${PN}-${PV}/dev"
+S = "${WORKDIR}/${BP}/dev"
 
 inherit cmake
 
diff --git a/meta-networking/recipes-connectivity/samba/samba/0001-smbtorture-skip-test-case-tfork_cmd_send.patch b/meta-networking/recipes-connectivity/samba/samba/0001-smbtorture-skip-test-case-tfork_cmd_send.patch
new file mode 100644
index 0000000000..90ee317860
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/0001-smbtorture-skip-test-case-tfork_cmd_send.patch
@@ -0,0 +1,38 @@
+From 059b517f9ef6cbdc696e0983ce255b1728042827 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Thu, 25 Aug 2022 16:46:04 +0800
+Subject: [PATCH] smbtorture: skip test case tfork_cmd_send
+
+The test case tfork_cmd_send fails on target as it requires a script
+located in the source directory:
+
+$ smbtorture ncalrpc:localhost local.tfork.tfork_cmd_send
+test: tfork_cmd_send
+/buildarea/build/tmp/work/core2-64-poky-linux/samba/4.14.14-r0/samba-4.14.14/testprogs/blackbox/tfork.sh:
+Failed to exec child - No such file or directory
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ lib/util/tests/tfork.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/lib/util/tests/tfork.c b/lib/util/tests/tfork.c
+index 70ae975..4826ce6 100644
+--- a/lib/util/tests/tfork.c
++++ b/lib/util/tests/tfork.c
+@@ -839,10 +839,6 @@ struct torture_suite *torture_local_tfork(TALLOC_CTX *mem_ctx)
+ 				      "tfork_threads",
+ 				      test_tfork_threads);
+ 
+-	torture_suite_add_simple_test(suite,
+-				      "tfork_cmd_send",
+-				      test_tfork_cmd_send);
+-
+ 	torture_suite_add_simple_test(suite,
+ 				      "tfork_event_file_handle",
+ 				      test_tfork_event_file_handle);
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0001.patch
new file mode 100644
index 0000000000..d938e8cd66
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0001.patch
@@ -0,0 +1,147 @@
+From cbbfc917b9635bc62825ea64a157028297f54fb7 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Fri, 29 Jan 2016 23:35:31 +0100
+Subject: [PATCH] CVE-2018-14628: python:descriptor: let samba-tool dbcheck fix
+  the nTSecurityDescriptor on CN=Deleted Objects containers
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 97e4aab1a6e2feda7c6c6fdeaa7c3e1818c55566)
+
+Autobuild-User(v4-18-test): Jule Anger <janger@samba.org>
+Autobuild-Date(v4-18-test): Mon Oct 23 09:52:22 UTC 2023 on atb-devel-224
+
+CVE: CVE-2018-14628
+
+Upstream-Status: Backport[https://github.com/samba-team/samba/commit/cbbfc917b9635bc62825ea64a157028297f54fb7]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ python/samba/dbchecker.py           | 10 ++++++++--
+ python/samba/descriptor.py          | 15 ++++++++++++++-
+ testprogs/blackbox/dbcheck-links.sh | 12 ++++++++++++
+ 3 files changed, 34 insertions(+), 3 deletions(-)
+
+diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
+index d10d765..d8c2341 100644
+--- a/python/samba/dbchecker.py
++++ b/python/samba/dbchecker.py
+@@ -2433,7 +2433,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
+                     error_count += 1
+                     continue
+
+-                if self.reset_well_known_acls:
++                if dn == deleted_objects_dn or self.reset_well_known_acls:
+                     try:
+                         well_known_sd = self.get_wellknown_sd(dn)
+                     except KeyError:
+@@ -2442,7 +2442,13 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
+                     current_sd = ndr_unpack(security.descriptor,
+                                             obj[attrname][0])
+
+-                    diff = get_diff_sds(well_known_sd, current_sd, security.dom_sid(self.samdb.get_domain_sid()))
++                    ignoreAdditionalACEs = False
++                    if not self.reset_well_known_acls:
++                        ignoreAdditionalACEs = True
++
++                    diff = get_diff_sds(well_known_sd, current_sd,
++                                        security.dom_sid(self.samdb.get_domain_sid()),
++                                        ignoreAdditionalACEs=ignoreAdditionalACEs)
+                     if diff != "":
+                         self.err_wrong_default_sd(dn, well_known_sd, diff)
+                         error_count += 1
+diff --git a/python/samba/descriptor.py b/python/samba/descriptor.py
+index 0998348..08cfab0 100644
+--- a/python/samba/descriptor.py
++++ b/python/samba/descriptor.py
+@@ -407,6 +407,7 @@ def get_wellknown_sds(samdb):
+     # Then subcontainers
+     subcontainers = [
+         (ldb.Dn(samdb, "%s" % str(samdb.domain_dn())), get_domain_descriptor),
++        (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(samdb.domain_dn())), get_deletedobjects_descriptor),
+         (ldb.Dn(samdb, "CN=LostAndFound,%s" % str(samdb.domain_dn())), get_domain_delete_protected2_descriptor),
+         (ldb.Dn(samdb, "CN=System,%s" % str(samdb.domain_dn())), get_domain_delete_protected1_descriptor),
+         (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(samdb.domain_dn())), get_domain_infrastructure_descriptor),
+@@ -417,6 +418,7 @@ def get_wellknown_sds(samdb):
+         (ldb.Dn(samdb, "CN=MicrosoftDNS,CN=System,%s" % str(samdb.domain_dn())), get_dns_domain_microsoft_dns_descriptor),
+
+         (ldb.Dn(samdb, "%s" % str(samdb.get_config_basedn())), get_config_descriptor),
++        (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(samdb.get_config_basedn())), get_deletedobjects_descriptor),
+         (ldb.Dn(samdb, "CN=NTDS Quotas,%s" % str(samdb.get_config_basedn())), get_config_ntds_quotas_descriptor),
+         (ldb.Dn(samdb, "CN=LostAndFoundConfig,%s" % str(samdb.get_config_basedn())), get_config_delete_protected1wd_descriptor),
+         (ldb.Dn(samdb, "CN=Services,%s" % str(samdb.get_config_basedn())), get_config_delete_protected1_descriptor),
+@@ -441,6 +443,9 @@ def get_wellknown_sds(samdb):
+         if ldb.Dn(samdb, nc.decode('utf8')) == dnsforestdn:
+             c = (ldb.Dn(samdb, "%s" % str(dnsforestdn)), get_dns_partition_descriptor)
+             subcontainers.append(c)
++            c = (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(dnsforestdn)),
++                 get_deletedobjects_descriptor)
++            subcontainers.append(c)
+             c = (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(dnsforestdn)),
+                  get_domain_delete_protected1_descriptor)
+             subcontainers.append(c)
+@@ -456,6 +461,9 @@ def get_wellknown_sds(samdb):
+         if ldb.Dn(samdb, nc.decode('utf8')) == dnsdomaindn:
+             c = (ldb.Dn(samdb, "%s" % str(dnsdomaindn)), get_dns_partition_descriptor)
+             subcontainers.append(c)
++            c = (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(dnsdomaindn)),
++                 get_deletedobjects_descriptor)
++            subcontainers.append(c)
+             c = (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(dnsdomaindn)),
+                  get_domain_delete_protected1_descriptor)
+             subcontainers.append(c)
+@@ -548,7 +556,8 @@ def get_clean_sd(sd):
+     return sd_clean
+
+
+-def get_diff_sds(refsd, cursd, domainsid, checkSacl=True):
++def get_diff_sds(refsd, cursd, domainsid, checkSacl=True,
++                 ignoreAdditionalACEs=False):
+     """Get the difference between 2 sd
+
+     This function split the textual representation of ACL into smaller
+@@ -603,6 +612,10 @@ def get_diff_sds(refsd, cursd, domainsid, checkSacl=True):
+                     h_ref.remove(k)
+
+             if len(h_cur) + len(h_ref) > 0:
++                if txt == "" and len(h_ref) == 0:
++                    if ignoreAdditionalACEs:
++                        return ""
++
+                 txt = "%s\tPart %s is different between reference" \
+                       " and current here is the detail:\n" % (txt, part)
+
+diff --git a/testprogs/blackbox/dbcheck-links.sh b/testprogs/blackbox/dbcheck-links.sh
+index f00fe46..06b24fb 100755
+--- a/testprogs/blackbox/dbcheck-links.sh
++++ b/testprogs/blackbox/dbcheck-links.sh
+@@ -58,6 +58,16 @@ dbcheck() {
+     fi
+ }
+
++dbcheck_acl_reset()
++{
++	$PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --cross-ncs --fix --yes --attrs=nTSecurityDescriptor
++}
++
++dbcheck_acl_clean()
++{
++	$PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --cross-ncs --attrs=nTSecurityDescriptor
++}
++
+ dbcheck_dangling() {
+     dbcheck "" "1" "--selftest-check-expired-tombstones"
+     return $?
+@@ -893,6 +903,8 @@ EOF
+ remove_directory $PREFIX_ABS/${RELEASE}
+
+ testit $RELEASE undump || failed=`expr $failed + 1`
++testit_expect_failure "dbcheck_acl_reset" dbcheck_acl_reset || failed=$(expr $failed + 1)
++testit "dbcheck_acl_clean" dbcheck_acl_clean || failed=$(expr $failed + 1)
+ testit "add_two_more_users" add_two_more_users || failed=`expr $failed + 1`
+ testit "add_four_more_links" add_four_more_links || failed=`expr $failed + 1`
+ testit "remove_one_link" remove_one_link || failed=`expr $failed + 1`
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0002.patch
new file mode 100644
index 0000000000..e3d45627a5
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0002.patch
@@ -0,0 +1,72 @@
+From f967b91da76f86a9feb4c1469fccfce93be8bc79 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 7 Jun 2023 18:18:58 +0200
+Subject: [PATCH] CVE-2018-14628: dbchecker: use get_deletedobjects_descriptor
+ for missing deleted objects container
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 70586061128f90afa33f25e104d4570a1cf778db)
+
+CVE: CVE-2018-14628
+
+Upstream-Status: Backport
+[https://github.com/samba-team/samba/commit/f967b91da76f86a9feb4c1469fccfce93be8bc79]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ python/samba/dbchecker.py | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
+index d8c2341..35b6eeb 100644
+--- a/python/samba/dbchecker.py
++++ b/python/samba/dbchecker.py
+@@ -21,7 +21,7 @@ from __future__ import print_function
+ import ldb
+ import samba
+ import time
+-from base64 import b64decode
++from base64 import b64decode, b64encode
+ from samba import dsdb
+ from samba import common
+ from samba.dcerpc import misc
+@@ -30,7 +30,11 @@ from samba.ndr import ndr_unpack, ndr_pack
+ from samba.dcerpc import drsblobs
+ from samba.samdb import dsdb_Dn
+ from samba.dcerpc import security
+-from samba.descriptor import get_wellknown_sds, get_diff_sds
++from samba.descriptor import (
++        get_wellknown_sds,
++        get_deletedobjects_descriptor,
++        get_diff_sds
++)
+ from samba.auth import system_session, admin_session
+ from samba.netcmd import CommandError
+ from samba.netcmd.fsmo import get_fsmo_roleowner
+@@ -340,6 +344,11 @@ class dbcheck(object):
+                 wko_prefix = "B:32:%s" % dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER
+                 listwko.append('%s:%s' % (wko_prefix, dn))
+                 guid_suffix = ""
++
++            domain_sid = security.dom_sid(self.samdb.get_domain_sid())
++            sec_desc = get_deletedobjects_descriptor(domain_sid,
++                                                     name_map=self.name_map)
++            sec_desc_b64 = b64encode(sec_desc).decode('utf8')
+
+             # Insert a brand new Deleted Objects container
+             self.samdb.add_ldif("""dn: %s
+@@ -349,7 +358,8 @@ description: Container for deleted objects
+ isDeleted: TRUE
+ isCriticalSystemObject: TRUE
+ showInAdvancedViewOnly: TRUE
+-systemFlags: -1946157056%s""" % (dn, guid_suffix),
++nTSecurityDescriptor:: %s
++systemFlags: -1946157056%s""" % (dn, sec_desc_b64, guid_suffix),
+                                 controls=["relax:0", "provision:0"])
+
+             delta = ldb.Message()
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0003.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0003.patch
new file mode 100644
index 0000000000..df30e0c106
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0003.patch
@@ -0,0 +1,106 @@
+From edac27f5408191567233983562091484ebbbad0a Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Mon, 26 Jun 2023 15:14:24 +0200
+Subject: [PATCH] CVE-2018-14628: s4:dsdb: remove unused code in
+ dirsync_filter_entry()
+
+This makes the next change easier to understand.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 498542be0bbf4f26558573c1f87b77b8e3509371)
+
+CVE: CVE-2018-14628
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/edac27f5408191567233983562091484ebbbad0a]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source4/dsdb/samdb/ldb_modules/dirsync.c | 53 +++---------------------
+ 1 file changed, 5 insertions(+), 48 deletions(-)
+
+diff --git a/source4/dsdb/samdb/ldb_modules/dirsync.c b/source4/dsdb/samdb/ldb_modules/dirsync.c
+index e61ade8..e7fb27f 100644
+--- a/source4/dsdb/samdb/ldb_modules/dirsync.c
++++ b/source4/dsdb/samdb/ldb_modules/dirsync.c
+@@ -152,10 +152,6 @@ static int dirsync_filter_entry(struct ldb_request *req,
+	 * list only the attribute that have been modified since last interogation
+	 *
+	 */
+-	newmsg = ldb_msg_new(dsc->req);
+-	if (newmsg == NULL) {
+-		return ldb_oom(ldb);
+-	}
+	for (i = msg->num_elements - 1; i >= 0; i--) {
+		if (ldb_attr_cmp(msg->elements[i].name, "uSNChanged") == 0) {
+			int error = 0;
+@@ -202,11 +198,6 @@ static int dirsync_filter_entry(struct ldb_request *req,
+			 */
+			return LDB_SUCCESS;
+		}
+-		newmsg->dn = ldb_dn_new(newmsg, ldb, "");
+-		if (newmsg->dn == NULL) {
+-			return ldb_oom(ldb);
+-		}
+-
+		el = ldb_msg_find_element(msg, "objectGUID");
+		if ( el != NULL) {
+			guidfound = true;
+@@ -217,48 +208,14 @@ static int dirsync_filter_entry(struct ldb_request *req,
+		 * well will uncomment the code bellow
+		 */
+		SMB_ASSERT(guidfound == true);
+-		/*
+-		if (guidfound == false) {
+-			struct GUID guid;
+-			struct ldb_val *new_val;
+-			DATA_BLOB guid_blob;
+-
+-			tmp[0] = '\0';
+-			txt = strrchr(txt, ':');
+-			if (txt == NULL) {
+-				return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+-			}
+-			txt++;
+-
+-			status = GUID_from_string(txt, &guid);
+-			if (!NT_STATUS_IS_OK(status)) {
+-				return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+-			}
+-
+-			status = GUID_to_ndr_blob(&guid, msg, &guid_blob);
+-			if (!NT_STATUS_IS_OK(status)) {
+-				return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+-			}
+-
+-			new_val = talloc(msg, struct ldb_val);
+-			if (new_val == NULL) {
+-				return ldb_oom(ldb);
+-			}
+-			new_val->data = talloc_steal(new_val, guid_blob.data);
+-			new_val->length = guid_blob.length;
+-			if (ldb_msg_add_value(msg, "objectGUID", new_val, NULL) != 0) {
+-				return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+-			}
+-		}
+-		*/
+-		ldb_msg_add(newmsg, el, LDB_FLAG_MOD_ADD);
+-		talloc_steal(newmsg->elements, el->name);
+-		talloc_steal(newmsg->elements, el->values);
+-
+-		talloc_steal(newmsg->elements, msg);
+		return ldb_module_send_entry(dsc->req, msg, controls);
+	}
+
++	newmsg = ldb_msg_new(dsc->req);
++	if (newmsg == NULL) {
++		return ldb_oom(ldb);
++	}
++
+	ndr_err = ndr_pull_struct_blob(replMetaData, dsc, &rmd,
+		(ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0004.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0004.patch
new file mode 100644
index 0000000000..6fa4ef10dd
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0004.patch
@@ -0,0 +1,64 @@
+From 74a508b39e6fd5036a2adc99d559bd3852f8ce8d Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Fri, 29 Jan 2016 23:34:15 +0100
+Subject: [PATCH] CVE-2018-14628: s4:setup: set the correct
+ nTSecurityDescriptor on the CN=Deleted Objects container
+
+This revealed a bug in our dirsync code, so we mark
+test_search_with_dirsync_deleted_objects as knownfail.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 7f8b15faa76d05023c987fac2c4c31f9ac61bb47)
+
+CVE: CVE-2018-14628
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/74a508b39e6fd5036a2adc99d559bd3852f8ce8d]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source4/setup/provision.ldif               | 1 +
+ source4/setup/provision_configuration.ldif | 1 +
+ source4/setup/provision_dnszones_add.ldif  | 1 +
+ 3 files changed, 3 insertions(+)
+
+diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
+index 5d9eba4..7f966fd 100644
+--- a/source4/setup/provision.ldif
++++ b/source4/setup/provision.ldif
+@@ -34,6 +34,7 @@ isDeleted: TRUE
+ isCriticalSystemObject: TRUE
+ showInAdvancedViewOnly: TRUE
+ systemFlags: -1946157056
++nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
+
+ # Computers located in "provision_computers*.ldif"
+ # Users/Groups located in "provision_users*.ldif"
+diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
+index 53c9c85..8fcbddb 100644
+--- a/source4/setup/provision_configuration.ldif
++++ b/source4/setup/provision_configuration.ldif
+@@ -14,6 +14,7 @@ description: Container for deleted objects
+ isDeleted: TRUE
+ isCriticalSystemObject: TRUE
+ systemFlags: -1946157056
++nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
+
+ # Extended rights
+
+diff --git a/source4/setup/provision_dnszones_add.ldif b/source4/setup/provision_dnszones_add.ldif
+index 860aa4b..a2d6b6b 100644
+--- a/source4/setup/provision_dnszones_add.ldif
++++ b/source4/setup/provision_dnszones_add.ldif
+@@ -8,6 +8,7 @@ description: Deleted objects
+ isDeleted: TRUE
+ isCriticalSystemObject: TRUE
+ systemFlags: -1946157056
++nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
+
+ dn: CN=LostAndFound,${ZONE_DN}
+ objectClass: top
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0005.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0005.patch
new file mode 100644
index 0000000000..b0a8ef2535
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0005.patch
@@ -0,0 +1,98 @@
+From 46a168c9a89e82ccaf8d27669d1ae5459f7becb9 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Fri, 29 Jan 2016 23:33:37 +0100
+Subject: [PATCH] CVE-2018-14628: python:provision: make
+ DELETEDOBJECTS_DESCRIPTOR available in the ldif files
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 0c329a0fda37d87ed737e4b579b6d04ec907604c)
+
+CVE: CVE-2018-14628
+
+Upstream-Status: Backport
+[https://github.com/samba-team/samba/commit/46a168c9a89e82ccaf8d27669d1ae5459f7becb9]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ python/samba/provision/__init__.py | 5 +++++
+ python/samba/provision/sambadns.py | 4 ++++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
+index e8903ad..0c52cc1 100644
+--- a/python/samba/provision/__init__.py
++++ b/python/samba/provision/__init__.py
+@@ -79,6 +79,7 @@ from samba.provision.backend import (
+     LDBBackend,
+ )
+ from samba.descriptor import (
++    get_deletedobjects_descriptor,
+     get_empty_descriptor,
+     get_config_descriptor,
+     get_config_partitions_descriptor,
+@@ -1441,6 +1442,8 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
+     msg["subRefs"] = ldb.MessageElement(names.configdn, ldb.FLAG_MOD_ADD,
+                                         "subRefs")
+
++    deletedobjects_descr = b64encode(get_deletedobjects_descriptor(names.domainsid)).decode('utf8')
++
+     samdb.invocation_id = invocationid
+
+     # If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
+@@ -1472,6 +1475,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
+                 "FOREST_FUNCTIONALITY": str(forestFunctionality),
+                 "DOMAIN_FUNCTIONALITY": str(domainFunctionality),
+                 "NTDSQUOTAS_DESCRIPTOR": ntdsquotas_descr,
++                "DELETEDOBJECTS_DESCRIPTOR": deletedobjects_descr,
+                 "LOSTANDFOUND_DESCRIPTOR": protected1wd_descr,
+                 "SERVICES_DESCRIPTOR": protected1_descr,
+                 "PHYSICALLOCATIONS_DESCRIPTOR": protected1wd_descr,
+@@ -1536,6 +1540,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
+         "RIDAVAILABLESTART": str(next_rid + 600),
+         "POLICYGUID_DC": policyguid_dc,
+         "INFRASTRUCTURE_DESCRIPTOR": infrastructure_desc,
++        "DELETEDOBJECTS_DESCRIPTOR": deletedobjects_descr,
+         "LOSTANDFOUND_DESCRIPTOR": lostandfound_desc,
+         "SYSTEM_DESCRIPTOR": system_desc,
+         "BUILTIN_DESCRIPTOR": builtin_desc,
+diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
+index 8a5d8a9..61beb16 100644
+--- a/python/samba/provision/sambadns.py
++++ b/python/samba/provision/sambadns.py
+@@ -41,6 +41,7 @@ from samba.dsdb import (
+     DS_DOMAIN_FUNCTION_2016
+ )
+ from samba.descriptor import (
++    get_deletedobjects_descriptor,
+     get_domain_descriptor,
+     get_domain_delete_protected1_descriptor,
+     get_domain_delete_protected2_descriptor,
+@@ -245,6 +246,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
+     domainzone_dn = "DC=DomainDnsZones,%s" % domaindn
+     forestzone_dn = "DC=ForestDnsZones,%s" % forestdn
+     descriptor = get_dns_partition_descriptor(domainsid)
++    deletedobjects_desc = get_deletedobjects_descriptor(domainsid)
+
+     setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), {
+         "ZONE_DN": domainzone_dn,
+@@ -268,6 +270,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
+         "ZONE_DNS": domainzone_dns,
+         "CONFIGDN": configdn,
+         "SERVERDN": serverdn,
++        "DELETEDOBJECTS_DESCRIPTOR": b64encode(deletedobjects_desc).decode('utf8'),
+         "LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'),
+         "INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'),
+     })
+@@ -288,6 +291,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
+             "ZONE_DNS": forestzone_dns,
+             "CONFIGDN": configdn,
+             "SERVERDN": serverdn,
++            "DELETEDOBJECTS_DESCRIPTOR": b64encode(deletedobjects_desc).decode('utf8')
+             "LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'),
+             "INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'),
+         })
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0006.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0006.patch
new file mode 100644
index 0000000000..d92ad41df1
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0006.patch
@@ -0,0 +1,51 @@
+From e884fc791e59bd6ebd41b4a2ab7c9d7dc45415f4 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Fri, 29 Jan 2016 23:30:59 +0100
+Subject: [PATCH] CVE-2018-14628: python:descriptor: add
+ get_deletedobjects_descriptor()
+
+samba-tool drs clone-dc-database was quite useful to find
+the true value of nTSecurityDescriptor of the CN=Delete Objects
+containers.
+
+Only the auto inherited SACL is available via a ldap search.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 3be190dcf7153e479383f7f3d29ddca43fe121b8)
+
+CVE: CVE-2018-14628
+
+Upstream-Status: Backport
+[https://github.com/samba-team/samba/commit/e884fc791e59bd6ebd41b4a2ab7c9d7dc45415f4]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ python/samba/descriptor.py | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/python/samba/descriptor.py b/python/samba/descriptor.py
+index 08cfab0..0141f38 100644
+--- a/python/samba/descriptor.py
++++ b/python/samba/descriptor.py
+@@ -52,6 +52,16 @@ def get_empty_descriptor(domain_sid, name_map={}):
+ # "get_schema_descriptor" is located in "schema.py"
+
+
++def get_deletedobjects_descriptor(domain_sid, name_map=None):
++    if name_map is None:
++        name_map = {}
++
++    sddl = "O:SYG:SYD:PAI" \
++        "(A;;RPWPCCDCLCRCWOWDSDSW;;;SY)" \
++        "(A;;RPLC;;;BA)"
++    return sddl2binary(sddl, domain_sid, name_map)
++
++
+ def get_config_descriptor(domain_sid, name_map={}):
+     sddl = "O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
+            "(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2021-44758.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2021-44758.patch
new file mode 100644
index 0000000000..6610899458
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2021-44758.patch
@@ -0,0 +1,72 @@
+From f9ec7002cdd526ae84fbacbf153162e118f22580 Mon Sep 17 00:00:00 2001
+From: Nicolas Williams <nico@twosigma.com>
+Date: Wed Mar 9 10:18:52 2022 -0600
+Subject: [PATCH] spnego: CVE-2021-44758 send_reject when no mech selected
+
+    This fixes a DoS where an initial SPNEGO token that has no acceptable
+    mechanisms causes a NULL dereference in acceptors.
+
+    send_accept() when called with a non-zero 'initial_response' did
+    not handle the case of gssspnego_ctx.preferred_mech_type equal
+    to GSS_C_NO_OID.
+
+    The failure to handle GSS_C_NO_OID has been present since the
+    initial revision of gssapi/spnego,
+    2baa7e7d613c26b2b037b368931519a84baec53d but might not have
+    been exercised until later revisions.
+
+    The introduction of opportunistic token handling in
+    gss_accept_sec_context(), 3c9d3266f47f594a29068c9d629908e7000ac663,
+    introduced two bugs:
+
+     1. The optional mechToken field is used unconditionally
+        possibly resulting in a segmentation fault.
+
+     2. If use of the opportunistic token is unsuccessful and the
+        mech type list length is one, send_accept() can be called
+        with 'initial_response' true and preferred mech set to
+        GSS_C_NO_OID.
+
+    b53c90da0890a9cce6f95c552f094ff6d69027bf ("Make error reporting
+    somewhat more correct for SPNEGO") attempted to fix the first
+    issue and increased the likelihood of the second.
+
+    This change alters the behavior of acceptor_start() so it calls
+    send_reject() when no mechanism was selected.
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580]
+CVE: CVE-2021-44758
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ .../heimdal/lib/gssapi/spnego/accept_sec_context.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/lib/gssapi/spnego/accept_sec_context.c b/lib/gssapi/spnego/accept_sec_context.c
+index 3a51dd3..b60dc19 100644
+--- a/lib/gssapi/spnego/accept_sec_context.c
++++ b/lib/gssapi/spnego/accept_sec_context.c
+@@ -619,13 +619,15 @@ acceptor_start
+	    if (ret == 0)
+		break;
+	}
+-	if (preferred_mech_type == GSS_C_NO_OID) {
+-	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+-	    free_NegotiationToken(&nt);
+-	    return ret;
+-	}
++    }
++
++    ctx->preferred_mech_type = preferred_mech_type;
+
+-	ctx->preferred_mech_type = preferred_mech_type;
++    if (preferred_mech_type == GSS_C_NO_OID) {
++        send_reject(minor_status, output_token);
++        HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
++        free_NegotiationToken(&nt);
++        return ret;
+     }
+
+     /*
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-2127.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-2127.patch
new file mode 100644
index 0000000000..e94d5d538b
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-2127.patch
@@ -0,0 +1,44 @@
+From 53838682570135b753fa622dfcde111528563c2d Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Fri, 16 Jun 2023 12:28:47 +0200
+Subject: [PATCH] CVE-2022-2127: ntlm_auth: cap lanman response length value
+
+We already copy at most sizeof(request.data.auth_crap.lm_resp) bytes to the
+lm_resp buffer, but we don't cap the length indicator.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+
+CVE: CVE-2022-2127
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/53838682570135b753fa622dfcde111528563c2d]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/utils/ntlm_auth.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
+index 02a2379..c82ea45 100644
+--- a/source3/utils/ntlm_auth.c
++++ b/source3/utils/ntlm_auth.c
+@@ -574,10 +574,14 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
+	memcpy(request.data.auth_crap.chal, challenge->data, MIN(challenge->length, 8));
+
+	if (lm_response && lm_response->length) {
++		size_t capped_lm_response_len = MIN(
++			lm_response->length,
++			sizeof(request.data.auth_crap.lm_resp));
++
+		memcpy(request.data.auth_crap.lm_resp,
+		       lm_response->data,
+-		       MIN(lm_response->length, sizeof(request.data.auth_crap.lm_resp)));
+-		request.data.auth_crap.lm_resp_len = lm_response->length;
++		       capped_lm_response_len);
++		request.data.auth_crap.lm_resp_len = capped_lm_response_len;
+	}
+
+	if (nt_response && nt_response->length) {
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0001.patch
new file mode 100644
index 0000000000..abc778b731
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0001.patch
@@ -0,0 +1,77 @@
+From f6edaafcfefd843ca1b1a041f942a853d85ee7c3 Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Wed, 12 Oct 2022 13:57:13 +1300
+Subject: [PATCH] gsskrb5: CVE-2022-3437 Use constant-time memcmp() for arcfour
+ unwrap
+
+Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/f6edaafcfefd843ca1b1a041f942a853d85ee7c3]
+CVE: CVE-2022-3437
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/arcfour.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c
+index a61f768..4fc46ce 100644
+--- a/lib/gssapi/krb5/arcfour.c
++++ b/lib/gssapi/krb5/arcfour.c
+@@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
+	return GSS_S_FAILURE;
+     }
+
+-    cmp = ct_memcmp(cksum_data, p + 8, 8);
++    cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0);
+     if (cmp) {
+	*minor_status = 0;
+	return GSS_S_BAD_MIC;
+@@ -385,9 +385,9 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
+     _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
+
+     if (context_handle->more_flags & LOCAL)
+-	cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
++	cmp = (ct_memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4) != 0);
+     else
+-	cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
++	cmp = (ct_memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4) != 0);
+
+     memset(SND_SEQ, 0, sizeof(SND_SEQ));
+     if (cmp != 0) {
+@@ -656,9 +656,9 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
+     _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
+
+     if (context_handle->more_flags & LOCAL)
+-	cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
++	cmp = (ct_memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4) != 0);
+     else
+-	cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
++	cmp = (ct_memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4) != 0);
+
+     if (cmp != 0) {
+	*minor_status = 0;
+@@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
+	return GSS_S_FAILURE;
+     }
+
+-    cmp = ct_memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */
++    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */
+     if (cmp) {
+	_gsskrb5_release_buffer(minor_status, output_message_buffer);
+	*minor_status = 0;
+@@ -1266,9 +1266,9 @@ _gssapi_unwrap_iov_arcfour(OM_uint32 *minor_status,
+     _gsskrb5_decode_be_om_uint32(snd_seq, &seq_number);
+
+     if (ctx->more_flags & LOCAL) {
+-	cmp = memcmp(&snd_seq[4], "\xff\xff\xff\xff", 4);
++	cmp = (ct_memcmp(&snd_seq[4], "\xff\xff\xff\xff", 4) != 0);
+     } else {
+-	cmp = memcmp(&snd_seq[4], "\x00\x00\x00\x00", 4);
++	cmp = (ct_memcmp(&snd_seq[4], "\x00\x00\x00\x00", 4) != 0);
+     }
+     if (cmp != 0) {
+	*minor_status = 0;
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0002.patch
new file mode 100644
index 0000000000..5686df78e1
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0002.patch
@@ -0,0 +1,35 @@
+From c9cc34334bd64b08fe91a2f720262462e9f6bb49 Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Wed, 12 Oct 2022 13:57:55 +1300
+Subject: [PATCH] gsskrb5: CVE-2022-3437 Use constant-time memcmp() in
+ unwrap_des3()
+
+The surrounding checks all use ct_memcmp(), so this one was presumably
+meant to as well.
+
+Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/c9cc34334bd64b08fe91a2f720262462e9f6bb49]
+CVE: CVE-2022-3437
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/unwrap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c
+index da939c0529..61a341ee43 100644
+--- a/lib/gssapi/krb5/unwrap.c
++++ b/lib/gssapi/krb5/unwrap.c
+@@ -227,7 +227,7 @@ unwrap_des3
+   if (ret)
+       return ret;
+
+-  if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
++  if (ct_memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
+     return GSS_S_BAD_SIG;
+   p += 2;
+   if (ct_memcmp (p, "\x02\x00", 2) == 0) {
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0003.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0003.patch
new file mode 100644
index 0000000000..55239356e4
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0003.patch
@@ -0,0 +1,50 @@
+From a587a4bcb28d5b9047f332573b1e7c8f89ca3edd Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Wed, 12 Oct 2022 13:57:42 +1300
+Subject: [PATCH] gsskrb5: CVE-2022-3437 Don't pass NULL pointers to memcpy()
+ in DES unwrap
+
+Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/a587a4bcb28d5b9047f332573b1e7c8f89ca3edd]
+CVE: CVE-2022-3437
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/unwrap.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c
+index 61a341ee43..d3987240dd 100644
+--- a/lib/gssapi/krb5/unwrap.c
++++ b/lib/gssapi/krb5/unwrap.c
+@@ -180,9 +180,10 @@ unwrap_des
+   output_message_buffer->value  = malloc(output_message_buffer->length);
+   if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
+       return GSS_S_FAILURE;
+-  memcpy (output_message_buffer->value,
+-	  p + 24,
+-	  output_message_buffer->length);
++  if (output_message_buffer->value != NULL)
++      memcpy (output_message_buffer->value,
++	      p + 24,
++	      output_message_buffer->length);
+   return GSS_S_COMPLETE;
+ }
+ #endif
+@@ -374,9 +375,10 @@ unwrap_des3
+   output_message_buffer->value  = malloc(output_message_buffer->length);
+   if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
+       return GSS_S_FAILURE;
+-  memcpy (output_message_buffer->value,
+-	  p + 36,
+-	  output_message_buffer->length);
++  if (output_message_buffer->value != NULL)
++      memcpy (output_message_buffer->value,
++	      p + 36,
++	      output_message_buffer->length);
+   return GSS_S_COMPLETE;
+ }
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0004.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0004.patch
new file mode 100644
index 0000000000..4e750f0dc6
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0004.patch
@@ -0,0 +1,57 @@
+From c758910eaad3c0de2cfb68830a661c4739675a7d Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Mon, 15 Aug 2022 16:53:45 +1200
+Subject: [PATCH] gsskrb5: CVE-2022-3437 Avoid undefined behaviour in
+ _gssapi_verify_pad()
+
+By decrementing 'pad' only when we know it's safe, we ensure we can't
+stray backwards past the start of a buffer, which would be undefined
+behaviour.
+
+In the previous version of the loop, 'i' is the number of bytes left to
+check, and 'pad' is the current byte we're checking. 'pad' was
+decremented at the end of each loop iteration. If 'i' was 1 (so we
+checked the final byte), 'pad' could potentially be pointing to the
+first byte of the input buffer, and the decrement would put it one
+byte behind the buffer.
+
+That would be undefined behaviour.
+
+The patch changes it so that 'pad' is the byte we previously checked,
+which allows us to ensure that we only decrement it when we know we
+have a byte to check.
+
+Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/c758910eaad3c0de2cfb68830a661c4739675a7d]
+CVE: CVE-2022-3437
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/decapsulate.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/lib/gssapi/krb5/decapsulate.c b/lib/gssapi/krb5/decapsulate.c
+index 86085f5695..4e3fcd659e 100644
+--- a/lib/gssapi/krb5/decapsulate.c
++++ b/lib/gssapi/krb5/decapsulate.c
+@@ -193,13 +193,13 @@ _gssapi_verify_pad(gss_buffer_t wrapped_token,
+     if (wrapped_token->length < 1)
+	return GSS_S_BAD_MECH;
+
+-    pad = (u_char *)wrapped_token->value + wrapped_token->length - 1;
+-    padlength = *pad;
++    pad = (u_char *)wrapped_token->value + wrapped_token->length;
++    padlength = pad[-1];
+
+     if (padlength > datalen)
+	return GSS_S_BAD_MECH;
+
+-    for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
++    for (i = padlength; i > 0 && *--pad == padlength; i--)
+	;
+     if (i != 0)
+	return GSS_S_BAD_MIC;
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0005.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0005.patch
new file mode 100644
index 0000000000..d6ea22e3df
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0005.patch
@@ -0,0 +1,37 @@
+From 414b2a77fd61c26d64562e3800dc5578d9d0f15d Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Mon, 15 Aug 2022 16:53:55 +1200
+Subject: [PATCH] gsskrb5: CVE-2022-3437 Check the result of
+ _gsskrb5_get_mech()
+
+We should make sure that the result of 'total_len - mech_len' won't
+overflow, and that we don't memcmp() past the end of the buffer.
+
+Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/414b2a77fd61c26d64562e3800dc5578d9d0f15d]
+CVE: CVE-2022-3437
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/decapsulate.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/gssapi/krb5/decapsulate.c b/lib/gssapi/krb5/decapsulate.c
+index 4e3fcd659e..031a621eab 100644
+--- a/lib/gssapi/krb5/decapsulate.c
++++ b/lib/gssapi/krb5/decapsulate.c
+@@ -80,6 +80,10 @@ _gssapi_verify_mech_header(u_char **str,
+
+     if (mech_len != mech->length)
+	return GSS_S_BAD_MECH;
++    if (mech_len > total_len)
++	return GSS_S_BAD_MECH;
++    if (p - *str > total_len - mech_len)
++	return GSS_S_BAD_MECH;
+     if (ct_memcmp(p,
+		  mech->elements,
+		  mech->length) != 0)
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0006.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0006.patch
new file mode 100644
index 0000000000..9fa59c29b0
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0006.patch
@@ -0,0 +1,65 @@
+From be9bbd93ed8f204b4bc1b92d1bc3c16aac194696 Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Mon, 15 Aug 2022 16:54:23 +1200
+Subject: [PATCH] gsskrb5: CVE-2022-3437 Check buffer length against overflow
+ for DES{,3} unwrap
+
+Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/be9bbd93ed8f204b4bc1b92d1bc3c16aac194696]
+CVE: CVE-2022-3437
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/unwrap.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c
+index d3987240dd..fddb64bc53 100644
+--- a/lib/gssapi/krb5/unwrap.c
++++ b/lib/gssapi/krb5/unwrap.c
+@@ -64,6 +64,8 @@ unwrap_des
+
+   if (IS_DCE_STYLE(context_handle)) {
+      token_len = 22 + 8 + 15; /* 45 */
++     if (input_message_buffer->length < token_len)
++	  return GSS_S_BAD_MECH;
+   } else {
+      token_len = input_message_buffer->length;
+   }
+@@ -76,6 +78,11 @@ unwrap_des
+   if (ret)
+       return ret;
+
++  len = (p - (u_char *)input_message_buffer->value)
++      + 22 + 8;
++  if (input_message_buffer->length < len)
++      return GSS_S_BAD_MECH;
++
+   if (memcmp (p, "\x00\x00", 2) != 0)
+     return GSS_S_BAD_SIG;
+   p += 2;
+@@ -216,6 +223,8 @@ unwrap_des3
+
+   if (IS_DCE_STYLE(context_handle)) {
+      token_len = 34 + 8 + 15; /* 57 */
++     if (input_message_buffer->length < token_len)
++	  return GSS_S_BAD_MECH;
+   } else {
+      token_len = input_message_buffer->length;
+   }
+@@ -228,6 +237,11 @@ unwrap_des3
+   if (ret)
+       return ret;
+
++  len = (p - (u_char *)input_message_buffer->value)
++      + 34 + 8;
++  if (input_message_buffer->length < len)
++      return GSS_S_BAD_MECH;
++
+   if (ct_memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
+     return GSS_S_BAD_SIG;
+   p += 2;
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0007.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0007.patch
new file mode 100644
index 0000000000..b3197afc34
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0007.patch
@@ -0,0 +1,39 @@
+From c8407ca079294d76a5ed140ba5b546f870d23ed2 Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Mon, 10 Oct 2022 20:33:09 +1300
+Subject: [PATCH] gsskrb5: CVE-2022-3437 Check for overflow in
+ _gsskrb5_get_mech()
+
+If len_len is equal to total_len - 1 (i.e. the input consists only of a
+0x60 byte and a length), the expression 'total_len - 1 - len_len - 1',
+used as the 'len' parameter to der_get_length(), will overflow to
+SIZE_MAX. Then der_get_length() will proceed to read, unconstrained,
+whatever data follows in memory. Add a check to ensure that doesn't
+happen.
+
+Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/c8407ca079294d76a5ed140ba5b546f870d23ed2]
+CVE: CVE-2022-3437
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/decapsulate.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/gssapi/krb5/decapsulate.c b/lib/gssapi/krb5/decapsulate.c
+index 031a621eab..d7b75a6422 100644
+--- a/lib/gssapi/krb5/decapsulate.c
++++ b/lib/gssapi/krb5/decapsulate.c
+@@ -54,6 +54,8 @@ _gsskrb5_get_mech (const u_char *ptr,
+     e = der_get_length (p, total_len - 1, &len, &len_len);
+     if (e || 1 + len_len + len != total_len)
+	return -1;
++    if (total_len < 1 + len_len + 1)
++	return -1;
+     p += len_len;
+     if (*p++ != 0x06)
+	return -1;
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0008.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0008.patch
new file mode 100644
index 0000000000..6d64312211
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0008.patch
@@ -0,0 +1,48 @@
+From 8fb508a25a6a47289c73e3f4339352a73a396eef Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Wed, 12 Oct 2022 13:57:33 +1300
+Subject: [PATCH] gsskrb5: CVE-2022-3437 Pass correct length to
+ _gssapi_verify_pad()
+
+We later subtract 8 when calculating the length of the output message
+buffer. If padlength is excessively high, this calculation can underflow
+and result in a very large positive value.
+
+Now we properly constrain the value of padlength so underflow shouldn't
+be possible.
+
+Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/8fb508a25a6a47289c73e3f4339352a73a396eef]
+CVE: CVE-2022-3437
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/unwrap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c
+index fddb64bc53..bab30f4501 100644
+--- a/lib/gssapi/krb5/unwrap.c
++++ b/lib/gssapi/krb5/unwrap.c
+@@ -124,7 +124,7 @@ unwrap_des
+   } else {
+     /* check pad */
+     ret = _gssapi_verify_pad(input_message_buffer,
+-			     input_message_buffer->length - len,
++			     input_message_buffer->length - len - 8,
+			     &padlength);
+     if (ret)
+         return ret;
+@@ -289,7 +289,7 @@ unwrap_des3
+   } else {
+     /* check pad */
+     ret = _gssapi_verify_pad(input_message_buffer,
+-			     input_message_buffer->length - len,
++			     input_message_buffer->length - len - 8,
+			     &padlength);
+     if (ret)
+         return ret;
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch
new file mode 100644
index 0000000000..07f4a18a2f
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch
@@ -0,0 +1,38 @@
+From eb87af0c2d189c25294c7daf483a47b03af80c2c Mon Sep 17 00:00:00 2001
+From: Jeffrey Altman <jaltman@secure-endpoints.com>
+Date: Wed, 17 Nov 2021 20:00:29 -0500
+Subject: [PATCH] lib/wind: find_normalize read past end of array
+
+find_normalize() can under some circumstances read one element
+beyond the input array.  The contents are discarded immediately
+without further use.
+
+This change prevents the unintended read.
+
+(cherry picked from commit 357a38fc7fb582ae73f4b7f4a90a4b0b871b149e)
+
+Change-Id: Ia2759a5632d64f7fa6553f879b5bbbf43ba3513e
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c]
+CVE: CVE-2022-41916
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/wind/normalize.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/wind/normalize.c b/lib/wind/normalize.c
+index 20e8a4a04b..8f3991d10e 100644
+--- a/lib/wind/normalize.c
++++ b/lib/wind/normalize.c
+@@ -227,9 +227,9 @@ find_composition(const uint32_t *in, unsigned in_len)
+	unsigned i;
+
+	if (n % 5 == 0) {
+-	    cur = *in++;
+	    if (in_len-- == 0)
+		return c->val;
++	    cur = *in++;
+	}
+
+	i = cur >> 16;
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-45142.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-45142.patch
new file mode 100644
index 0000000000..d6b9826e4b
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-45142.patch
@@ -0,0 +1,51 @@
+From: Helmut Grohne <helmut@...divi.de>
+Subject: [PATCH v3] CVE-2022-45142: gsskrb5: fix accidental logic inversions
+
+The referenced commit attempted to fix miscompilations with gcc-9 and
+gcc-10 by changing `memcmp(...)` to `memcmp(...) != 0`. Unfortunately,
+it also inverted the result of the comparison in two occasions. This
+inversion happened during backporting the patch to 7.7.1 and 7.8.0.
+
+Fixes: f6edaafcfefd ("gsskrb5: CVE-2022-3437 Use constant-time memcmp()
+ for arcfour unwrap")
+Signed-off-by: Helmut Grohne <helmut@...divi.de>
+
+Upstream-Status: Backport [https://www.openwall.com/lists/oss-security/2023/02/08/1]
+CVE: CVE-2022-45142
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/arcfour.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Changes since v1:
+ * Fix typo in commit message.
+ * Mention 7.8.0 in commit message. Thanks to Jeffrey Altman.
+
+Changes since v2:
+ * Add CVE identifier.
+
+diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c
+index e838d007a..eee6ad72f 100644
+--- a/lib/gssapi/krb5/arcfour.c
++++ b/lib/gssapi/krb5/arcfour.c
+@@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
+	return GSS_S_FAILURE;
+     }
+
+-    cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0);
++    cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0);
+     if (cmp) {
+	*minor_status = 0;
+	return GSS_S_BAD_MIC;
+@@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
+	return GSS_S_FAILURE;
+     }
+
+-    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */
++    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
+     if (cmp) {
+	_gsskrb5_release_buffer(minor_status, output_message_buffer);
+	*minor_status = 0;
+--
+2.38.1
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-0922.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-0922.patch
new file mode 100644
index 0000000000..b8cb06bee1
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-0922.patch
@@ -0,0 +1,111 @@
+From 04e5a7eb03a1e913f34d77b7b6c2353b41ef546a Mon Sep 17 00:00:00 2001
+From: Rob van der Linde <rob@catalyst.net.nz>
+Date: Mon, 27 Feb 2023 14:06:23 +1300
+Subject: [PATCH] CVE-2023-0922 set default ldap client sasl wrapping to seal
+
+This avoids sending new or reset passwords in the clear
+(integrity protected only) from samba-tool in particular.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315
+
+Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
+Signed-off-by: Andrew Bartlett <abartlet@samba.org>
+Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+
+CVE: CVE-2023-0922
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/04e5a7eb03a]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ .../ldap/clientldapsaslwrapping.xml           | 27 +++++++++----------
+ lib/param/loadparm.c                          |  2 +-
+ python/samba/tests/auth_log.py                |  2 +-
+ source3/param/loadparm.c                      |  2 +-
+ 4 files changed, 16 insertions(+), 17 deletions(-)
+
+diff --git a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml
+index 3152f06..21bd209 100644
+--- a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml
++++ b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml
+@@ -18,25 +18,24 @@
+ 	</para>
+ 	
+ 	<para>
+-	This option is needed in the case of Domain Controllers enforcing 
+-	the usage of signed LDAP connections (e.g. Windows 2000 SP3 or higher).
+-	LDAP sign and seal can be controlled with the registry key
+-	"<literal>HKLM\System\CurrentControlSet\Services\</literal>
+-	<literal>NTDS\Parameters\LDAPServerIntegrity</literal>"
+-	on the Windows server side.  
+-	</para>
++	This option is needed firstly to secure the privacy of
++	administrative connections from <command>samba-tool</command>,
++	including in particular new or reset passwords for users. For
++	this reason the default is <emphasis>seal</emphasis>.</para>
+ 
+-	<para>
+-	Depending on the used KRB5 library (MIT and older Heimdal versions)
+-	it is possible that the message "integrity only" is not supported. 
+-	In this case, <emphasis>sign</emphasis> is just an alias for 
+-	<emphasis>seal</emphasis>.
++	<para>Additionally, <command>winbindd</command> and the
++	<command>net</command> tool can use LDAP to communicate with
++	Domain Controllers, so this option also controls the level of
++	privacy for those connections.  All supported AD DC versions
++	will enforce the usage of at least signed LDAP connections by
++	default, so a value of at least <emphasis>sign</emphasis> is
++	required in practice.
+ 	</para>
+ 
+ 	<para>
+-	The default value is <emphasis>sign</emphasis>. That implies synchronizing the time
++	The default value is <emphasis>seal</emphasis>. That implies synchronizing the time
+ 	with the KDC in the case of using <emphasis>Kerberos</emphasis>.
+ 	</para>
+ </description>
+-<value type="default">sign</value>
++<value type="default">seal</value>
+ </samba:parameter>
+diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
+index 75687f5..d260691 100644
+--- a/lib/param/loadparm.c
++++ b/lib/param/loadparm.c
+@@ -2970,7 +2970,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
+ 
+ 	lpcfg_do_global_parameter(lp_ctx, "ldap debug threshold", "10");
+ 
+-	lpcfg_do_global_parameter(lp_ctx, "client ldap sasl wrapping", "sign");
++	lpcfg_do_global_parameter(lp_ctx, "client ldap sasl wrapping", "seal");
+ 
+ 	lpcfg_do_global_parameter(lp_ctx, "mdns name", "netbios");
+ 
+diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py
+index 8ac76fe..d2db380 100644
+--- a/python/samba/tests/auth_log.py
++++ b/python/samba/tests/auth_log.py
+@@ -471,7 +471,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
+         def isLastExpectedMessage(msg):
+             return (msg["type"] == "Authorization" and
+                     msg["Authorization"]["serviceDescription"] == "LDAP" and
+-                    msg["Authorization"]["transportProtection"] == "SIGN" and
++                    msg["Authorization"]["transportProtection"] == "SEAL" and
+                     msg["Authorization"]["authType"] == "krb5")
+ 
+         self.samdb = SamDB(url="ldap://%s" % os.environ["SERVER"],
+diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
+index a99ab35..c47c5f6 100644
+--- a/source3/param/loadparm.c
++++ b/source3/param/loadparm.c
+@@ -754,7 +754,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
+ 	Globals.ldap_debug_level = 0;
+ 	Globals.ldap_debug_threshold = 10;
+ 
+-	Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
++	Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SEAL;
+ 
+ 	Globals.ldap_server_require_strong_auth =
+ 		LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
+-- 
+2.40.0
+
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0001.patch
new file mode 100644
index 0000000000..77a383f09e
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0001.patch
@@ -0,0 +1,78 @@
+From 38664163fcac985d87e4274d198568e0fe88595e Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Fri, 26 May 2023 13:06:19 +0200
+Subject: [PATCH] CVE-2023-34966: mdssvc: harden sl_unpack_loop()
+
+A malicious client could send a packet where subcount is zero, leading to a busy
+loop because
+
+    count -= subcount
+=>  count -= 0
+=>  while (count > 0)
+
+loops forever.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15340
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/38664163fcac985d87e4274d198568e0fe88595e]
+
+CVE: CVE-2023-34966
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpc_server/mdssvc/marshalling.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/source3/rpc_server/mdssvc/marshalling.c b/source3/rpc_server/mdssvc/marshalling.c
+index 9ba6ef571f2..d794ba15838 100644
+--- a/source3/rpc_server/mdssvc/marshalling.c
++++ b/source3/rpc_server/mdssvc/marshalling.c
+@@ -1119,7 +1119,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query,
+			sl_nil_t nil = 0;
+
+			subcount = tag.count;
+-			if (subcount > count) {
++			if (subcount < 1 || subcount > count) {
+				return -1;
+			}
+			for (i = 0; i < subcount; i++) {
+@@ -1147,7 +1147,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query,
+
+		case SQ_TYPE_INT64:
+			subcount = sl_unpack_ints(query, buf, offset, bufsize, encoding);
+-			if (subcount == -1 || subcount > count) {
++			if (subcount < 1 || subcount > count) {
+				return -1;
+			}
+			offset += tag.size;
+@@ -1156,7 +1156,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query,
+
+		case SQ_TYPE_UUID:
+			subcount = sl_unpack_uuid(query, buf, offset, bufsize, encoding);
+-			if (subcount == -1 || subcount > count) {
++			if (subcount < 1 || subcount > count) {
+				return -1;
+			}
+			offset += tag.size;
+@@ -1165,7 +1165,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query,
+
+		case SQ_TYPE_FLOAT:
+			subcount = sl_unpack_floats(query, buf, offset, bufsize, encoding);
+-			if (subcount == -1 || subcount > count) {
++			if (subcount < 1 || subcount > count) {
+				return -1;
+			}
+			offset += tag.size;
+@@ -1174,7 +1174,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query,
+
+		case SQ_TYPE_DATE:
+			subcount = sl_unpack_date(query, buf, offset, bufsize, encoding);
+-			if (subcount == -1 || subcount > count) {
++			if (subcount < 1 || subcount > count) {
+				return -1;
+			}
+			offset += tag.size;
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0002.patch
new file mode 100644
index 0000000000..a86d1729cf
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0002.patch
@@ -0,0 +1,140 @@
+From 10b6890d26b3c7a829a9e9a05ad1d1ff54daeca9 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Wed, 31 May 2023 15:34:26 +0200
+Subject: [PATCH] CVE-2023-34966: CI: test for sl_unpack_loop()
+
+Send a maliciously crafted packet where a nil type has a subcount of 0. This
+triggers an endless loop in mdssvc sl_unpack_loop().
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15340
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/10b6890d26b3c7a829a9e9a05ad1d1ff54daeca9]
+
+CVE: CVE-2023-34966
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source4/torture/rpc/mdssvc.c | 100 +++++++++++++++++++++++++++++++++++
+ 1 file changed, 100 insertions(+)
+
+diff --git a/source4/torture/rpc/mdssvc.c b/source4/torture/rpc/mdssvc.c
+index 2d2a8306412..a9956ef8f1d 100644
+--- a/source4/torture/rpc/mdssvc.c
++++ b/source4/torture/rpc/mdssvc.c
+@@ -581,6 +581,102 @@ done:
+	return ok;
+ }
+
++static uint8_t test_sl_unpack_loop_buf[] = {
++	0x34, 0x33, 0x32, 0x31, 0x33, 0x30, 0x64, 0x6d,
++	0x1d, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00,
++	0x01, 0x00, 0x00, 0x02, 0x01, 0x00, 0x00, 0x00,
++	0x01, 0x00, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00,
++	0x01, 0x00, 0x00, 0x02, 0x03, 0x00, 0x00, 0x00,
++	0x06, 0x00, 0x00, 0x07, 0x04, 0x00, 0x00, 0x00,
++	0x66, 0x65, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74,
++	0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x3a,
++	0x66, 0x6f, 0x72, 0x4f, 0x49, 0x44, 0x41, 0x72,
++	0x72, 0x61, 0x79, 0x3a, 0x63, 0x6f, 0x6e, 0x74,
++	0x65, 0x78, 0x74, 0x3a, 0x00, 0x00, 0x00, 0xea,
++	0x02, 0x00, 0x00, 0x84, 0x02, 0x00, 0x00, 0x00,
++	0x0a, 0x50, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++	0x01, 0x00, 0x00, 0x02, 0x04, 0x00, 0x00, 0x00,
++	0x01, 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00,
++	0x03, 0x00, 0x00, 0x07, 0x03, 0x00, 0x00, 0x00,
++	0x6b, 0x4d, 0x44, 0x49, 0x74, 0x65, 0x6d, 0x50,
++	0x61, 0x74, 0x68, 0x00, 0x00, 0x00, 0x00, 0x00,
++	0x01, 0x00, 0x00, 0x02, 0x06, 0x00, 0x00, 0x00,
++	0x03, 0x00, 0x00, 0x87, 0x08, 0x00, 0x00, 0x00,
++	0x01, 0x00, 0xdd, 0x0a, 0x20, 0x00, 0x00, 0x6b,
++	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++	0x07, 0x00, 0x00, 0x88, 0x00, 0x00, 0x00, 0x00,
++	0x02, 0x00, 0x00, 0x0a, 0x03, 0x00, 0x00, 0x00,
++	0x03, 0x00, 0x00, 0x0a, 0x03, 0x00, 0x00, 0x00,
++	0x04, 0x00, 0x00, 0x0c, 0x04, 0x00, 0x00, 0x00,
++	0x0e, 0x00, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x00,
++	0x0f, 0x00, 0x00, 0x0c, 0x03, 0x00, 0x00, 0x00,
++	0x13, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00, 0x00,
++	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++	0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
++	0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
++	0x00, 0x00, 0x00, 0x00
++};
++
++static bool test_mdssvc_sl_unpack_loop(struct torture_context *tctx,
++				       void *data)
++{
++	struct torture_mdsscv_state *state = talloc_get_type_abort(
++		data, struct torture_mdsscv_state);
++	struct dcerpc_binding_handle *b = state->p->binding_handle;
++	struct mdssvc_blob request_blob;
++	struct mdssvc_blob response_blob;
++	uint32_t device_id;
++	uint32_t unkn2;
++	uint32_t unkn9;
++	uint32_t fragment;
++	uint32_t flags;
++	NTSTATUS status;
++	bool ok = true;
++
++	device_id = UINT32_C(0x2f000045);
++	unkn2 = 23;
++	unkn9 = 0;
++	fragment = 0;
++	flags = UINT32_C(0x6b000001);
++
++	request_blob.spotlight_blob = test_sl_unpack_loop_buf;
++	request_blob.size = sizeof(test_sl_unpack_loop_buf);
++	request_blob.length = sizeof(test_sl_unpack_loop_buf);
++
++	response_blob.spotlight_blob = talloc_array(state,
++						    uint8_t,
++						    0);
++	torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
++				     ok, done, "dalloc_zero failed\n");
++	response_blob.size = 0;
++
++	status = dcerpc_mdssvc_cmd(b,
++				   state,
++				   &state->ph,
++				   0,
++				   device_id,
++				   unkn2,
++				   0,
++				   flags,
++				   request_blob,
++				   0,
++				   64 * 1024,
++				   1,
++				   64 * 1024,
++				   0,
++				   0,
++				   &fragment,
++				   &response_blob,
++				   &unkn9);
++	torture_assert_ntstatus_ok_goto(
++		tctx, status, ok, done,
++		"dcerpc_mdssvc_unknown1 failed\n");
++
++done:
++	return ok;
++}
++
+ static bool test_mdssvc_invalid_ph_close(struct torture_context *tctx,
+					 void *data)
+ {
+@@ -856,5 +952,9 @@ struct torture_suite *torture_rpc_mdssvc(TALLOC_CTX *mem_ctx)
+				      "fetch_unknown_cnid",
+				      test_mdssvc_fetch_attr_unknown_cnid);
+
++	torture_tcase_add_simple_test(tcase,
++				      "mdssvc_sl_unpack_loop",
++				      test_mdssvc_sl_unpack_loop);
++
+	return suite;
+ }
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0001.patch
new file mode 100644
index 0000000000..e30e54ab96
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0001.patch
@@ -0,0 +1,178 @@
+From 3b3c30e2acfb00d04c4013e32343bc277d5b1aa8 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Wed, 31 May 2023 16:26:14 +0200
+Subject: [PATCH] CVE-2023-34967: CI: add a test for type checking of
+ dalloc_value_for_key()
+
+Sends a maliciously crafted packet where the value in a key/value style
+dictionary for the "scope" key is a simple string object whereas the server
+expects an array. As the server doesn't perform type validation on the value, it
+crashes when trying to use the "simple" object as a "complex" one.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15341
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/3b3c30e2acfb00d04c4013e32343bc277d5b1aa8]
+
+CVE: CVE-2023-34967
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source4/torture/rpc/mdssvc.c | 134 +++++++++++++++++++++++++++++++++++
+ 1 file changed, 134 insertions(+)
+
+diff --git a/source4/torture/rpc/mdssvc.c b/source4/torture/rpc/mdssvc.c
+index f5f5939..1dce403 100644
+--- a/source4/torture/rpc/mdssvc.c
++++ b/source4/torture/rpc/mdssvc.c
+@@ -666,6 +666,136 @@ done:
+	return ok;
+ }
+
++static bool test_sl_dict_type_safety(struct torture_context *tctx,
++				     void *data)
++{
++	struct torture_mdsscv_state *state = talloc_get_type_abort(
++		data, struct torture_mdsscv_state);
++	struct dcerpc_binding_handle *b = state->p->binding_handle;
++	struct mdssvc_blob request_blob;
++	struct mdssvc_blob response_blob;
++	uint64_t ctx1 = 0xdeadbeef;
++	uint64_t ctx2 = 0xcafebabe;
++	uint32_t device_id;
++	uint32_t unkn2;
++	uint32_t unkn9;
++	uint32_t fragment;
++	uint32_t flags;
++	DALLOC_CTX *d = NULL;
++	sl_array_t *array1 = NULL, *array2 = NULL;
++	sl_dict_t *arg = NULL;
++	int result;
++	NTSTATUS status;
++	bool ok = true;
++
++	device_id = UINT32_C(0x2f000045);
++	unkn2 = 23;
++	unkn9 = 0;
++	fragment = 0;
++	flags = UINT32_C(0x6b000001);
++
++	d = dalloc_new(tctx);
++	torture_assert_not_null_goto(tctx, d,
++				     ok, done, "dalloc_new failed\n");
++
++	array1 = dalloc_zero(d, sl_array_t);
++	torture_assert_not_null_goto(tctx, array1,
++				     ok, done, "dalloc_zero failed\n");
++
++	array2 = dalloc_zero(d, sl_array_t);
++	torture_assert_not_null_goto(tctx, array2,
++				     ok, done, "dalloc_new failed\n");
++
++	result = dalloc_stradd(array2, "openQueryWithParams:forContext:");
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_stradd failed\n");
++
++	result = dalloc_add_copy(array2, &ctx1, uint64_t);
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_stradd failed\n");
++
++	result = dalloc_add_copy(array2, &ctx2, uint64_t);
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_stradd failed\n");
++
++	arg = dalloc_zero(array1, sl_dict_t);
++	torture_assert_not_null_goto(tctx, d,
++				     ok, done, "dalloc_zero failed\n");
++
++	result = dalloc_stradd(arg, "kMDQueryString");
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_stradd failed\n");
++
++	result = dalloc_stradd(arg, "*");
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_stradd failed\n");
++
++	result = dalloc_stradd(arg, "kMDScopeArray");
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_stradd failed\n");
++
++	result = dalloc_stradd(arg, "AAAABBBB");
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_stradd failed\n");
++
++	result = dalloc_add(array1, array2, sl_array_t);
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_add failed\n");
++
++	result = dalloc_add(array1, arg, sl_dict_t);
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_add failed\n");
++
++	result = dalloc_add(d, array1, sl_array_t);
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_add failed\n");
++
++	torture_comment(tctx, "%s", dalloc_dump(d, 0));
++
++	request_blob.spotlight_blob = talloc_array(tctx,
++						   uint8_t,
++						   64 * 1024);
++	torture_assert_not_null_goto(tctx, request_blob.spotlight_blob,
++				     ok, done, "dalloc_new failed\n");
++	request_blob.size = 64 * 1024;
++
++	request_blob.length = sl_pack(d,
++				      (char *)request_blob.spotlight_blob,
++				      request_blob.size);
++	torture_assert_goto(tctx, request_blob.length > 0,
++			    ok, done, "sl_pack failed\n");
++
++	response_blob.spotlight_blob = talloc_array(state, uint8_t, 0);
++	torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
++				     ok, done, "dalloc_zero failed\n");
++	response_blob.size = 0;
++
++	status = dcerpc_mdssvc_cmd(b,
++				   state,
++				   &state->ph,
++				   0,
++				   device_id,
++				   unkn2,
++				   0,
++				   flags,
++				   request_blob,
++				   0,
++				   64 * 1024,
++				   1,
++				   64 * 1024,
++				   0,
++				   0,
++				   &fragment,
++				   &response_blob,
++				   &unkn9);
++	torture_assert_ntstatus_ok_goto(
++		tctx, status, ok, done,
++		"dcerpc_mdssvc_cmd failed\n");
++
++done:
++	return ok;
++}
++
+ static bool test_mdssvc_invalid_ph_close(struct torture_context *tctx,
+					 void *data)
+ {
+@@ -940,6 +1070,10 @@ struct torture_suite *torture_rpc_mdssvc(TALLOC_CTX *mem_ctx)
+	torture_tcase_add_simple_test(tcase,
+				      "mdssvc_sl_unpack_loop",
+				      test_mdssvc_sl_unpack_loop);
++	torture_tcase_add_simple_test(tcase,
++				      "sl_dict_type_safety",
++				      test_sl_dict_type_safety);
++
+
+	return suite;
+ }
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0002.patch
new file mode 100644
index 0000000000..2e4907ab62
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0002.patch
@@ -0,0 +1,125 @@
+From 049c13245649fab412b61a5b55e5a7dea72d7c72 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Fri, 26 May 2023 15:06:38 +0200
+Subject: [PATCH] CVE-2023-34967: mdssvc: add type checking to
+ dalloc_value_for_key()
+
+Change the dalloc_value_for_key() function to require an additional final
+argument which denotes the expected type of the value associated with a key. If
+the types don't match, return NULL.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15341
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/4c60e35add4a1abd04334012a8d6edf1c3f396ba]
+
+CVE: CVE-2023-34967
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpc_server/mdssvc/dalloc.c | 14 ++++++++++----
+ source3/rpc_server/mdssvc/mdssvc.c | 17 +++++++++++++----
+ 2 files changed, 23 insertions(+), 8 deletions(-)
+
+diff --git a/source3/rpc_server/mdssvc/dalloc.c b/source3/rpc_server/mdssvc/dalloc.c
+index 007702d..8b79b41 100644
+--- a/source3/rpc_server/mdssvc/dalloc.c
++++ b/source3/rpc_server/mdssvc/dalloc.c
+@@ -159,7 +159,7 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...)
+	int result = 0;
+	void *p = NULL;
+	va_list args;
+-	const char *type;
++	const char *type = NULL;
+	int elem;
+	size_t array_len;
+
+@@ -170,7 +170,6 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...)
+		array_len = talloc_array_length(d->dd_talloc_array);
+		elem = va_arg(args, int);
+		if (elem >= array_len) {
+-			va_end(args);
+			result = -1;
+			goto done;
+		}
+@@ -178,8 +177,6 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...)
+		type = va_arg(args, const char *);
+	}
+
+-	va_end(args);
+-
+	array_len = talloc_array_length(d->dd_talloc_array);
+
+	for (elem = 0; elem + 1 < array_len; elem += 2) {
+@@ -192,8 +189,17 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...)
+			break;
+		}
+	}
++	if (p == NULL) {
++		goto done;
++	}
++
++	type = va_arg(args, const char *);
++	if (strcmp(talloc_get_name(p), type) != 0) {
++		p = NULL;
++	}
+
+ done:
++	va_end(args);
+	if (result != 0) {
+		p = NULL;
+	}
+diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
+index a983a88..fe6e0c2 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.c
++++ b/source3/rpc_server/mdssvc/mdssvc.c
+@@ -884,7 +884,8 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx,
+
+	querystring = dalloc_value_for_key(query, "DALLOC_CTX", 0,
+					   "DALLOC_CTX", 1,
+-					   "kMDQueryString");
++					   "kMDQueryString",
++					   "char *");
+	if (querystring == NULL) {
+		DEBUG(1, ("missing kMDQueryString\n"));
+		goto error;
+@@ -924,8 +925,11 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx,
+	slq->ctx2 = *uint64p;
+
+	path_scope = dalloc_value_for_key(query, "DALLOC_CTX", 0,
+-					  "DALLOC_CTX", 1, "kMDScopeArray");
++                                          "DALLOC_CTX", 1,
++					  "kMDScopeArray",
++					  "sl_array_t");
+	if (path_scope == NULL) {
++		DBG_ERR("missing kMDScopeArray\n");
+		goto error;
+	}
+
+@@ -940,8 +944,11 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx,
+	}
+
+	reqinfo = dalloc_value_for_key(query, "DALLOC_CTX", 0,
+-				       "DALLOC_CTX", 1, "kMDAttributeArray");
++		                       "DALLOC_CTX", 1,
++				       "kMDAttributeArray",
++				       "sl_array_t");
+	if (reqinfo == NULL) {
++		DBG_ERR("missing kMDAttributeArray\n");
+		goto error;
+	}
+
+@@ -949,7 +956,9 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx,
+	DEBUG(10, ("requested attributes: %s", dalloc_dump(reqinfo, 0)));
+
+	cnids = dalloc_value_for_key(query, "DALLOC_CTX", 0,
+-				     "DALLOC_CTX", 1, "kMDQueryItemArray");
++			             "DALLOC_CTX", 1,
++				     "kMDQueryItemArray",
++				     "sl_array_t");
+	if (cnids) {
+		ok = sort_cnids(slq, cnids->ca_cnids);
+		if (!ok) {
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0001.patch
new file mode 100644
index 0000000000..ad8e3e4ce3
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0001.patch
@@ -0,0 +1,104 @@
+From 98b2a013bc723cd660978d5a1db40b987816f90e Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Tue, 6 Jun 2023 15:17:26 +0200
+Subject: [PATCH] CVE-2023-34968: mdssvc: cache and reuse stat info in struct
+ sl_inode_path_map
+
+Prepare for the "path" being a fake path and not the real server-side
+path where we won't be able to vfs_stat_fsp() this fake path. Luckily we already
+got stat info for the object in mds_add_result() so we can just pass stat info
+from there.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/98b2a013bc723cd660978d5a1db40b987816f90e]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpc_server/mdssvc/mdssvc.c | 32 +++++++-----------------------
+ source3/rpc_server/mdssvc/mdssvc.h |  1 +
+ 2 files changed, 8 insertions(+), 25 deletions(-)
+
+diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
+index 26a3ec7..a6cc653 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.c
++++ b/source3/rpc_server/mdssvc/mdssvc.c
+@@ -446,7 +446,10 @@ static int ino_path_map_destr_cb(struct sl_inode_path_map *entry)
+  * entries by calling talloc_free() on the query slq handles.
+  **/
+
+-static bool inode_map_add(struct sl_query *slq, uint64_t ino, const char *path)
++static bool inode_map_add(struct sl_query *slq,
++			  uint64_t ino,
++			  const char *path,
++			  struct stat_ex *st)
+ {
+	NTSTATUS status;
+	struct sl_inode_path_map *entry;
+@@ -493,6 +496,7 @@ static bool inode_map_add(struct sl_query *slq, uint64_t ino, const char *path)
+
+	entry->ino = ino;
+	entry->mds_ctx = slq->mds_ctx;
++	entry->st = *st;
+	entry->path = talloc_strdup(entry, path);
+	if (entry->path == NULL) {
+		DEBUG(1, ("talloc failed\n"));
+@@ -629,7 +633,7 @@ bool mds_add_result(struct sl_query *slq, const char *path)
+		return false;
+	}
+
+-	ok = inode_map_add(slq, ino64, path);
++	ok = inode_map_add(slq, ino64, path, &sb);
+	if (!ok) {
+		DEBUG(1, ("inode_map_add error\n"));
+		slq->state = SLQ_STATE_ERROR;
+@@ -1350,29 +1354,7 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx,
+		elem = talloc_get_type_abort(p, struct sl_inode_path_map);
+		path = elem->path;
+
+-		status = synthetic_pathref(talloc_tos(),
+-					   mds_ctx->conn->cwd_fsp,
+-					   path,
+-					   NULL,
+-					   NULL,
+-					   0,
+-					   0,
+-					   &smb_fname);
+-		if (!NT_STATUS_IS_OK(status)) {
+-			/* This is not an error, the user may lack permissions */
+-			DBG_DEBUG("synthetic_pathref [%s]: %s\n",
+-				  smb_fname_str_dbg(smb_fname),
+-				  nt_errstr(status));
+-			return true;
+-		}
+-
+-		result = SMB_VFS_FSTAT(smb_fname->fsp, &smb_fname->st);
+-		if (result != 0) {
+-			TALLOC_FREE(smb_fname);
+-			return true;
+-		}
+-
+-		sp = &smb_fname->st;
++		sp = &elem->st;
+	}
+
+	ok = add_filemeta(mds_ctx, reqinfo, fm_array, path, sp);
+diff --git a/source3/rpc_server/mdssvc/mdssvc.h b/source3/rpc_server/mdssvc/mdssvc.h
+index 3924827..a097991 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.h
++++ b/source3/rpc_server/mdssvc/mdssvc.h
+@@ -105,6 +105,7 @@ struct sl_inode_path_map {
+	struct mds_ctx    *mds_ctx;
+	uint64_t           ino;
+	char              *path;
++	struct stat_ex     st;
+ };
+
+ /* Per process state */
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0002.patch
new file mode 100644
index 0000000000..21b98c4d7e
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0002.patch
@@ -0,0 +1,39 @@
+From 47a0c1681dd1e7ec407679793966ec8bdc08a24e Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Sat, 17 Jun 2023 13:39:55 +0200
+Subject: [PATCH] CVE-2023-34968: mdssvc: add missing "kMDSStoreMetaScopes"
+ dict key in slrpc_fetch_properties()
+
+We were adding the value, but not the key.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/47a0c1681dd1e7ec407679793966ec8bdc08a24e]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpc_server/mdssvc/mdssvc.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
+index a6d09a43b9c..9c23ef95753 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.c
++++ b/source3/rpc_server/mdssvc/mdssvc.c
+@@ -730,6 +730,10 @@ static bool slrpc_fetch_properties(struct mds_ctx *mds_ctx,
+	}
+
+	/* kMDSStoreMetaScopes array */
++	result = dalloc_stradd(dict, "kMDSStoreMetaScopes");
++	if (result != 0) {
++		return false;
++	}
+	array = dalloc_zero(dict, sl_array_t);
+	if (array == NULL) {
+		return NULL;
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0003.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0003.patch
new file mode 100644
index 0000000000..42106d82b8
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0003.patch
@@ -0,0 +1,65 @@
+From 56a21b3bc8fb24416ead9061f9305c8122bc7f86 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Mon, 19 Jun 2023 17:14:38 +0200
+Subject: [PATCH] CVE-2023-34968: mdscli: use correct TALLOC memory context
+ when allocating spotlight_blob
+
+d is talloc_free()d at the end of the functions and the buffer was later used
+after beeing freed in the DCERPC layer when sending the packet.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/56a21b3bc8fb24416ead9061f9305c8122bc7f86]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpc_client/cli_mdssvc_util.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/source3/rpc_client/cli_mdssvc_util.c b/source3/rpc_client/cli_mdssvc_util.c
+index fe5092c3790..892a844e71a 100644
+--- a/source3/rpc_client/cli_mdssvc_util.c
++++ b/source3/rpc_client/cli_mdssvc_util.c
+@@ -209,7 +209,7 @@ NTSTATUS mdscli_blob_search(TALLOC_CTX *mem_ctx,
+		return NT_STATUS_NO_MEMORY;
+	}
+
+-	blob->spotlight_blob = talloc_array(d,
++	blob->spotlight_blob = talloc_array(mem_ctx,
+					    uint8_t,
+					    ctx->max_fragment_size);
+	if (blob->spotlight_blob == NULL) {
+@@ -293,7 +293,7 @@ NTSTATUS mdscli_blob_get_results(TALLOC_CTX *mem_ctx,
+		return NT_STATUS_NO_MEMORY;
+	}
+
+-	blob->spotlight_blob = talloc_array(d,
++	blob->spotlight_blob = talloc_array(mem_ctx,
+					    uint8_t,
+					    ctx->max_fragment_size);
+	if (blob->spotlight_blob == NULL) {
+@@ -426,7 +426,7 @@ NTSTATUS mdscli_blob_get_path(TALLOC_CTX *mem_ctx,
+		return NT_STATUS_NO_MEMORY;
+	}
+
+-	blob->spotlight_blob = talloc_array(d,
++	blob->spotlight_blob = talloc_array(mem_ctx,
+					    uint8_t,
+					    ctx->max_fragment_size);
+	if (blob->spotlight_blob == NULL) {
+@@ -510,7 +510,7 @@ NTSTATUS mdscli_blob_close_search(TALLOC_CTX *mem_ctx,
+		return NT_STATUS_NO_MEMORY;
+	}
+
+-	blob->spotlight_blob = talloc_array(d,
++	blob->spotlight_blob = talloc_array(mem_ctx,
+					    uint8_t,
+					    ctx->max_fragment_size);
+	if (blob->spotlight_blob == NULL) {
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch
new file mode 100644
index 0000000000..785908b528
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch
@@ -0,0 +1,85 @@
+From 0ae6084d1a9c4eb12e9f1ab1902e00f96bcbea55 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Mon, 19 Jun 2023 18:28:41 +0200
+Subject: [PATCH] CVE-2023-34968: mdscli: remove response blob allocation
+
+This is handled by the NDR code transparently.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+---
+ source3/rpc_client/cli_mdssvc.c | 36 ---------------------------------
+ 1 file changed, 36 deletions(-)
+
+diff --git a/source3/rpc_client/cli_mdssvc.c b/source3/rpc_client/cli_mdssvc.c
+index 046d37135cb..474d7c0b150 100644
+--- a/source3/rpc_client/cli_mdssvc.c
++++ b/source3/rpc_client/cli_mdssvc.c
+@@ -276,15 +276,6 @@ struct tevent_req *mdscli_search_send(TALLOC_CTX *mem_ctx,
+		return tevent_req_post(req, ev);
+	}
+
+-	state->response_blob.spotlight_blob = talloc_array(
+-		state,
+-		uint8_t,
+-		mdscli_ctx->max_fragment_size);
+-	if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
+-		return tevent_req_post(req, ev);
+-	}
+-	state->response_blob.size = mdscli_ctx->max_fragment_size;
+-
+	subreq = dcerpc_mdssvc_cmd_send(state,
+					ev,
+					mdscli_ctx->bh,
+@@ -457,15 +448,6 @@ struct tevent_req *mdscli_get_results_send(
+		return tevent_req_post(req, ev);
+	}
+
+-	state->response_blob.spotlight_blob = talloc_array(
+-		state,
+-		uint8_t,
+-		mdscli_ctx->max_fragment_size);
+-	if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
+-		return tevent_req_post(req, ev);
+-	}
+-	state->response_blob.size = mdscli_ctx->max_fragment_size;
+-
+	subreq = dcerpc_mdssvc_cmd_send(state,
+					ev,
+					mdscli_ctx->bh,
+@@ -681,15 +663,6 @@ struct tevent_req *mdscli_get_path_send(TALLOC_CTX *mem_ctx,
+		return tevent_req_post(req, ev);
+	}
+
+-	state->response_blob.spotlight_blob = talloc_array(
+-		state,
+-		uint8_t,
+-		mdscli_ctx->max_fragment_size);
+-	if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
+-		return tevent_req_post(req, ev);
+-	}
+-	state->response_blob.size = mdscli_ctx->max_fragment_size;
+-
+	subreq = dcerpc_mdssvc_cmd_send(state,
+					ev,
+					mdscli_ctx->bh,
+@@ -852,15 +825,6 @@ struct tevent_req *mdscli_close_search_send(TALLOC_CTX *mem_ctx,
+		return tevent_req_post(req, ev);
+	}
+
+-	state->response_blob.spotlight_blob = talloc_array(
+-		state,
+-		uint8_t,
+-		mdscli_ctx->max_fragment_size);
+-	if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
+-		return tevent_req_post(req, ev);
+-	}
+-	state->response_blob.size = mdscli_ctx->max_fragment_size;
+-
+	subreq = dcerpc_mdssvc_cmd_send(state,
+					ev,
+					mdscli_ctx->bh,
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0005.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0005.patch
new file mode 100644
index 0000000000..308b441e95
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0005.patch
@@ -0,0 +1,83 @@
+From 353a9ccea6ff93ea2cd604dcc2b0372f056f819d Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Tue, 20 Jun 2023 11:28:47 +0200
+Subject: [PATCH] CVE-2023-34968: smbtorture: remove response blob allocation
+ in mdssvc.c
+
+This is alreay done by NDR for us.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/353a9ccea6ff93ea2cd604dcc2b0372f056f819d]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+
+---
+ source4/torture/rpc/mdssvc.c | 26 --------------------------
+ 1 file changed, 26 deletions(-)
+
+diff --git a/source4/torture/rpc/mdssvc.c b/source4/torture/rpc/mdssvc.c
+index 3689692f7de..a16bd5b47e3 100644
+--- a/source4/torture/rpc/mdssvc.c
++++ b/source4/torture/rpc/mdssvc.c
+@@ -536,13 +536,6 @@ static bool test_mdssvc_invalid_ph_cmd(struct torture_context *tctx,
+	request_blob.length = 0;
+	request_blob.size = 0;
+
+-	response_blob.spotlight_blob = talloc_array(state,
+-						    uint8_t,
+-						    0);
+-	torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
+-				     ok, done, "dalloc_zero failed\n");
+-	response_blob.size = 0;
+-
+	status =  dcerpc_mdssvc_cmd(b,
+				    state,
+				    &ph,
+@@ -632,13 +625,6 @@ static bool test_mdssvc_sl_unpack_loop(struct torture_context *tctx,
+	request_blob.size = sizeof(test_sl_unpack_loop_buf);
+	request_blob.length = sizeof(test_sl_unpack_loop_buf);
+
+-	response_blob.spotlight_blob = talloc_array(state,
+-						    uint8_t,
+-						    0);
+-	torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
+-				     ok, done, "dalloc_zero failed\n");
+-	response_blob.size = 0;
+-
+	status = dcerpc_mdssvc_cmd(b,
+				   state,
+				   &state->ph,
+@@ -764,11 +750,6 @@ static bool test_sl_dict_type_safety(struct torture_context *tctx,
+	torture_assert_goto(tctx, request_blob.length > 0,
+			    ok, done, "sl_pack failed\n");
+
+-	response_blob.spotlight_blob = talloc_array(state, uint8_t, 0);
+-	torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
+-				     ok, done, "dalloc_zero failed\n");
+-	response_blob.size = 0;
+-
+	status = dcerpc_mdssvc_cmd(b,
+				   state,
+				   &state->ph,
+@@ -926,13 +907,6 @@ static bool test_mdssvc_fetch_attr_unknown_cnid(struct torture_context *tctx,
+				     ret, done, "dalloc_zero failed\n");
+	request_blob.size = max_fragment_size;
+
+-	response_blob.spotlight_blob = talloc_array(state,
+-						    uint8_t,
+-						    max_fragment_size);
+-	torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
+-				     ret, done, "dalloc_zero failed\n");
+-	response_blob.size = max_fragment_size;
+-
+	len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
+	torture_assert_goto(tctx, len != -1, ret, done, "sl_pack failed\n");
+
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch
new file mode 100644
index 0000000000..34526a8c8e
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch
@@ -0,0 +1,57 @@
+From 449f1280b718c6da3b8e309fe124be4e9bfd8184 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Tue, 20 Jun 2023 11:35:41 +0200
+Subject: [PATCH] CVE-2023-34968: rpcclient: remove response blob allocation
+
+This is alreay done by NDR for us.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/449f1280b718c6da3b8e309fe124be4e9bfd8184]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpcclient/cmd_spotlight.c | 16 ----------------
+ 1 file changed, 16 deletions(-)
+
+diff --git a/source3/rpcclient/cmd_spotlight.c b/source3/rpcclient/cmd_spotlight.c
+index 24db9893df6..64fe321089c 100644
+--- a/source3/rpcclient/cmd_spotlight.c
++++ b/source3/rpcclient/cmd_spotlight.c
+@@ -144,13 +144,6 @@ static NTSTATUS cmd_mdssvc_fetch_properties(
+	}
+	request_blob.size = max_fragment_size;
+
+-	response_blob.spotlight_blob = talloc_array(mem_ctx, uint8_t, max_fragment_size);
+-	if (response_blob.spotlight_blob == NULL) {
+-		status = NT_STATUS_INTERNAL_ERROR;
+-		goto done;
+-	}
+-	response_blob.size = max_fragment_size;
+-
+	len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
+	if (len == -1) {
+		status = NT_STATUS_INTERNAL_ERROR;
+@@ -368,15 +361,6 @@ static NTSTATUS cmd_mdssvc_fetch_attributes(
+	}
+	request_blob.size = max_fragment_size;
+
+-	response_blob.spotlight_blob = talloc_array(mem_ctx,
+-						    uint8_t,
+-						    max_fragment_size);
+-	if (response_blob.spotlight_blob == NULL) {
+-		status = NT_STATUS_INTERNAL_ERROR;
+-		goto done;
+-	}
+-	response_blob.size = max_fragment_size;
+-
+	len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
+	if (len == -1) {
+		status = NT_STATUS_INTERNAL_ERROR;
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0007.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0007.patch
new file mode 100644
index 0000000000..679e174c05
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0007.patch
@@ -0,0 +1,49 @@
+From cc593a6ac531f02f2fe70fd4f7dfe649a02f9206 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Tue, 20 Jun 2023 11:42:10 +0200
+Subject: [PATCH] CVE-2023-34968: mdssvc: remove response blob allocation
+
+This is alreay done by NDR for us.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/cc593a6ac531f02f2fe70fd4f7dfe649a02f9206]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpc_server/mdssvc/srv_mdssvc_nt.c | 8 --------
+ 1 file changed, 8 deletions(-)
+
+diff --git a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+index b8eed8b..714e6c1 100644
+--- a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
++++ b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+@@ -209,7 +209,6 @@ void _mdssvc_unknown1(struct pipes_struct *p, struct mdssvc_unknown1 *r)
+ void _mdssvc_cmd(struct pipes_struct *p, struct mdssvc_cmd *r)
+ {
+	bool ok;
+-	char *rbuf;
+	struct mds_ctx *mds_ctx;
+	NTSTATUS status;
+
+@@ -266,13 +265,6 @@ void _mdssvc_cmd(struct pipes_struct *p, struct mdssvc_cmd *r)
+		return;
+	}
+
+-	rbuf = talloc_zero_array(p->mem_ctx, char, r->in.max_fragment_size1);
+-	if (rbuf == NULL) {
+-		p->fault_state = DCERPC_FAULT_CANT_PERFORM;
+-		return;
+-	}
+-	r->out.response_blob->spotlight_blob = (uint8_t *)rbuf;
+-	r->out.response_blob->size = r->in.max_fragment_size1;
+
+	/* We currently don't use fragmentation at the mdssvc RPC layer */
+	*r->out.fragment = 0;
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0008.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0008.patch
new file mode 100644
index 0000000000..e65379fe83
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0008.patch
@@ -0,0 +1,62 @@
+From 397919e82b493206ae9b60bb9c539d52c3207729 Mon Sep 17 00:00:00 2001
+From: Archana Polampalli <archana.polampalli@windriver.com>
+Date: Fri, 29 Sep 2023 08:59:31 +0000
+Subject: [PATCH] CVE-2023-34968: mdssvc: switch to doing an early return
+
+Just reduce indentation of the code handling the success case. No change in
+behaviour.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/397919e82b493206ae9b60bb9c539d52c3207729]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpc_server/mdssvc/mdssvc.c | 26 ++++++++++++++------------
+ 1 file changed, 14 insertions(+), 12 deletions(-)
+
+diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
+index a6cc653..0e6a916 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.c
++++ b/source3/rpc_server/mdssvc/mdssvc.c
+@@ -1798,19 +1798,21 @@ bool mds_dispatch(struct mds_ctx *mds_ctx,
+	}
+
+	ok = slcmd->function(mds_ctx, query, reply);
+-	if (ok) {
+-		DBG_DEBUG("%s", dalloc_dump(reply, 0));
+-
+-		len = sl_pack(reply,
+-			      (char *)response_blob->spotlight_blob,
+-			      response_blob->size);
+-		if (len == -1) {
+-			DBG_ERR("error packing Spotlight RPC reply\n");
+-			ok = false;
+-			goto cleanup;
+-		}
+-		response_blob->length = len;
++        if (!ok) {
++		goto cleanup;
++	}
++
++	DBG_DEBUG("%s", dalloc_dump(reply, 0));
++
++	len = sl_pack(reply,
++		      (char *)response_blob->spotlight_blob,
++		      response_blob->size);
++	if (len == -1) {
++		DBG_ERR("error packing Spotlight RPC reply\n");
++		ok = false;
++		goto cleanup;
+	}
++	response_blob->length = len;
+
+ cleanup:
+	talloc_free(query);
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0009.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0009.patch
new file mode 100644
index 0000000000..e21f2ba4be
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0009.patch
@@ -0,0 +1,465 @@
+From cb8313e7bee75454ce29d2b2f657927259298f52 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Mon, 19 Jun 2023 18:16:57 +0200
+Subject: [PATCH] CVE-2023-34968: mdssvc: introduce an allocating wrapper to
+ sl_pack()
+
+sl_pack_alloc() does the buffer allocation that previously all callers of
+sl_pack() did themselves.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/cb8313e7bee75454ce29d2b2f657927259298f52]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpc_client/cli_mdssvc_util.c      | 80 +++++------------------
+ source3/rpc_server/mdssvc/marshalling.c   | 35 ++++++++--
+ source3/rpc_server/mdssvc/marshalling.h   |  9 ++-
+ source3/rpc_server/mdssvc/mdssvc.c        | 18 ++---
+ source3/rpc_server/mdssvc/mdssvc.h        |  5 +-
+ source3/rpc_server/mdssvc/srv_mdssvc_nt.c |  5 +-
+ source3/rpcclient/cmd_spotlight.c         | 32 ++-------
+ source4/torture/rpc/mdssvc.c              | 24 ++-----
+ 8 files changed, 80 insertions(+), 128 deletions(-)
+
+diff --git a/source3/rpc_client/cli_mdssvc_util.c b/source3/rpc_client/cli_mdssvc_util.c
+index 892a844..a39202d 100644
+--- a/source3/rpc_client/cli_mdssvc_util.c
++++ b/source3/rpc_client/cli_mdssvc_util.c
+@@ -42,7 +42,7 @@ NTSTATUS mdscli_blob_search(TALLOC_CTX *mem_ctx,
+	sl_array_t *scope_array = NULL;
+	double dval;
+	uint64_t uint64val;
+-	ssize_t len;
++	NTSTATUS status;
+	int ret;
+
+	d = dalloc_new(mem_ctx);
+@@ -209,23 +209,11 @@ NTSTATUS mdscli_blob_search(TALLOC_CTX *mem_ctx,
+		return NT_STATUS_NO_MEMORY;
+	}
+
+-	blob->spotlight_blob = talloc_array(mem_ctx,
+-					    uint8_t,
+-					    ctx->max_fragment_size);
+-	if (blob->spotlight_blob == NULL) {
+-		TALLOC_FREE(d);
+-		return NT_STATUS_NO_MEMORY;
+-	}
+-	blob->size = ctx->max_fragment_size;
+-
+-	len = sl_pack(d, (char *)blob->spotlight_blob, blob->size);
++	status = sl_pack_alloc(mem_ctx, d, blob, ctx->max_fragment_size);
+	TALLOC_FREE(d);
+-	if (len == -1) {
+-		return NT_STATUS_NO_MEMORY;
++	if (!NT_STATUS_IS_OK(status)) {
++		return status;
+	}
+-
+-	blob->length = len;
+-	blob->size = len;
+	return NT_STATUS_OK;
+ }
+
+@@ -238,7 +226,7 @@ NTSTATUS mdscli_blob_get_results(TALLOC_CTX *mem_ctx,
+	uint64_t *uint64p = NULL;
+	sl_array_t *array = NULL;
+	sl_array_t *cmd_array = NULL;
+-	ssize_t len;
++	NTSTATUS status;
+	int ret;
+
+	d = dalloc_new(mem_ctx);
+@@ -293,23 +281,11 @@ NTSTATUS mdscli_blob_get_results(TALLOC_CTX *mem_ctx,
+		return NT_STATUS_NO_MEMORY;
+	}
+
+-	blob->spotlight_blob = talloc_array(mem_ctx,
+-					    uint8_t,
+-					    ctx->max_fragment_size);
+-	if (blob->spotlight_blob == NULL) {
+-		TALLOC_FREE(d);
+-		return NT_STATUS_NO_MEMORY;
+-	}
+-	blob->size = ctx->max_fragment_size;
+-
+-	len = sl_pack(d, (char *)blob->spotlight_blob, blob->size);
++	status = sl_pack_alloc(mem_ctx, d, blob, ctx->max_fragment_size);
+	TALLOC_FREE(d);
+-	if (len == -1) {
+-		return NT_STATUS_NO_MEMORY;
++	if (!NT_STATUS_IS_OK(status)) {
++		return status;
+	}
+-
+-	blob->length = len;
+-	blob->size = len;
+	return NT_STATUS_OK;
+ }
+
+@@ -325,7 +301,7 @@ NTSTATUS mdscli_blob_get_path(TALLOC_CTX *mem_ctx,
+	sl_array_t *cmd_array = NULL;
+	sl_array_t *attr_array = NULL;
+	sl_cnids_t *cnids = NULL;
+-	ssize_t len;
++	NTSTATUS status;
+	int ret;
+
+	d = dalloc_new(mem_ctx);
+@@ -426,23 +402,11 @@ NTSTATUS mdscli_blob_get_path(TALLOC_CTX *mem_ctx,
+		return NT_STATUS_NO_MEMORY;
+	}
+
+-	blob->spotlight_blob = talloc_array(mem_ctx,
+-					    uint8_t,
+-					    ctx->max_fragment_size);
+-	if (blob->spotlight_blob == NULL) {
+-		TALLOC_FREE(d);
+-		return NT_STATUS_NO_MEMORY;
+-	}
+-	blob->size = ctx->max_fragment_size;
+-
+-	len = sl_pack(d, (char *)blob->spotlight_blob, blob->size);
++	status = sl_pack_alloc(mem_ctx, d, blob, ctx->max_fragment_size);
+	TALLOC_FREE(d);
+-	if (len == -1) {
+-		return NT_STATUS_NO_MEMORY;
++	if (!NT_STATUS_IS_OK(status)) {
++		return status;
+	}
+-
+-	blob->length = len;
+-	blob->size = len;
+	return NT_STATUS_OK;
+ }
+
+@@ -455,7 +419,7 @@ NTSTATUS mdscli_blob_close_search(TALLOC_CTX *mem_ctx,
+	uint64_t *uint64p = NULL;
+	sl_array_t *array = NULL;
+	sl_array_t *cmd_array = NULL;
+-	ssize_t len;
++	NTSTATUS status;
+	int ret;
+
+	d = dalloc_new(mem_ctx);
+@@ -510,22 +474,10 @@ NTSTATUS mdscli_blob_close_search(TALLOC_CTX *mem_ctx,
+		return NT_STATUS_NO_MEMORY;
+	}
+
+-	blob->spotlight_blob = talloc_array(mem_ctx,
+-					    uint8_t,
+-					    ctx->max_fragment_size);
+-	if (blob->spotlight_blob == NULL) {
+-		TALLOC_FREE(d);
+-		return NT_STATUS_NO_MEMORY;
+-	}
+-	blob->size = ctx->max_fragment_size;
+-
+-	len = sl_pack(d, (char *)blob->spotlight_blob, blob->size);
++	status = sl_pack_alloc(mem_ctx, d, blob, ctx->max_fragment_size);
+	TALLOC_FREE(d);
+-	if (len == -1) {
+-		return NT_STATUS_NO_MEMORY;
++	if (!NT_STATUS_IS_OK(status)) {
++		return status;
+	}
+-
+-	blob->length = len;
+-	blob->size = len;
+	return NT_STATUS_OK;
+ }
+diff --git a/source3/rpc_server/mdssvc/marshalling.c b/source3/rpc_server/mdssvc/marshalling.c
+index 441d411..34bfda5 100644
+--- a/source3/rpc_server/mdssvc/marshalling.c
++++ b/source3/rpc_server/mdssvc/marshalling.c
+@@ -78,6 +78,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query, const char *buf,
+			      ssize_t offset, size_t bufsize,
+			      int count, ssize_t toc_offset,
+			      int encoding);
++static ssize_t sl_pack(DALLOC_CTX *query, char *buf, size_t bufsize);
+
+ /******************************************************************************
+  * Wrapper functions for the *VAL macros with bound checking
+@@ -1190,11 +1191,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query,
+	return offset;
+ }
+
+-/******************************************************************************
+- * Global functions for packing und unpacking
+- ******************************************************************************/
+-
+-ssize_t sl_pack(DALLOC_CTX *query, char *buf, size_t bufsize)
++static ssize_t sl_pack(DALLOC_CTX *query, char *buf, size_t bufsize)
+ {
+	ssize_t result;
+	char *toc_buf;
+@@ -1274,6 +1271,34 @@ ssize_t sl_pack(DALLOC_CTX *query, char *buf, size_t bufsize)
+	return len;
+ }
+
++/******************************************************************************
++ * Global functions for packing und unpacking
++ ******************************************************************************/
++
++NTSTATUS sl_pack_alloc(TALLOC_CTX *mem_ctx,
++		       DALLOC_CTX *d,
++		       struct mdssvc_blob *b,
++		       size_t max_fragment_size)
++{
++	ssize_t len;
++
++	b->spotlight_blob = talloc_zero_array(mem_ctx,
++					      uint8_t,
++					      max_fragment_size);
++	if (b->spotlight_blob == NULL) {
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	len = sl_pack(d, (char *)b->spotlight_blob, max_fragment_size);
++	if (len == -1) {
++		return NT_STATUS_DATA_ERROR;
++	}
++
++	b->length = len;
++	b->size = len;
++	return NT_STATUS_OK;
++}
++
+ bool sl_unpack(DALLOC_CTX *query, const char *buf, size_t bufsize)
+ {
+	ssize_t result;
+diff --git a/source3/rpc_server/mdssvc/marshalling.h b/source3/rpc_server/mdssvc/marshalling.h
+index 086ca74..2cc1b44 100644
+--- a/source3/rpc_server/mdssvc/marshalling.h
++++ b/source3/rpc_server/mdssvc/marshalling.h
+@@ -22,6 +22,9 @@
+ #define _MDSSVC_MARSHALLING_H
+
+ #include "dalloc.h"
++#include "libcli/util/ntstatus.h"
++#include "lib/util/data_blob.h"
++#include "librpc/gen_ndr/mdssvc.h"
+
+ #define MAX_SL_FRAGMENT_SIZE 0xFFFFF
+
+@@ -49,7 +52,11 @@ typedef struct {
+  * Function declarations
+  ******************************************************************************/
+
+-extern ssize_t sl_pack(DALLOC_CTX *query, char *buf, size_t bufsize);
++extern NTSTATUS sl_pack_alloc(TALLOC_CTX *mem_ctx,
++			      DALLOC_CTX *d,
++			      struct mdssvc_blob *b,
++			      size_t max_fragment_size);
++
+ extern bool sl_unpack(DALLOC_CTX *query, const char *buf, size_t bufsize);
+
+ #endif
+diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
+index 0e6a916..19257e8 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.c
++++ b/source3/rpc_server/mdssvc/mdssvc.c
+@@ -1726,11 +1726,11 @@ error:
+  **/
+ bool mds_dispatch(struct mds_ctx *mds_ctx,
+		  struct mdssvc_blob *request_blob,
+-		  struct mdssvc_blob *response_blob)
++		  struct mdssvc_blob *response_blob,
++		  size_t max_fragment_size)
+ {
+	bool ok;
+	int ret;
+-	ssize_t len;
+	DALLOC_CTX *query = NULL;
+	DALLOC_CTX *reply = NULL;
+	char *rpccmd;
+@@ -1738,6 +1738,7 @@ bool mds_dispatch(struct mds_ctx *mds_ctx,
+	const struct smb_filename conn_basedir = {
+		.base_name = mds_ctx->conn->connectpath,
+	};
++	NTSTATUS status;
+
+	if (CHECK_DEBUGLVL(10)) {
+		const struct sl_query *slq;
+@@ -1804,15 +1805,14 @@ bool mds_dispatch(struct mds_ctx *mds_ctx,
+
+	DBG_DEBUG("%s", dalloc_dump(reply, 0));
+
+-	len = sl_pack(reply,
+-		      (char *)response_blob->spotlight_blob,
+-		      response_blob->size);
+-	if (len == -1) {
+-		DBG_ERR("error packing Spotlight RPC reply\n");
+-		ok = false;
++	status = sl_pack_alloc(response_blob,
++			       reply,
++			       response_blob,
++			       max_fragment_size);
++	if (!NT_STATUS_IS_OK(status)) {
++		DBG_ERR("sl_pack_alloc() failed\n");
+		goto cleanup;
+	}
+-	response_blob->length = len;
+
+ cleanup:
+	talloc_free(query);
+diff --git a/source3/rpc_server/mdssvc/mdssvc.h b/source3/rpc_server/mdssvc/mdssvc.h
+index a097991..b3bd8b9 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.h
++++ b/source3/rpc_server/mdssvc/mdssvc.h
+@@ -157,9 +157,10 @@ struct mds_ctx *mds_init_ctx(TALLOC_CTX *mem_ctx,
+			     int snum,
+			     const char *sharename,
+			     const char *path);
+-extern bool mds_dispatch(struct mds_ctx *query_ctx,
++extern bool mds_dispatch(struct mds_ctx *mds_ctx,
+			 struct mdssvc_blob *request_blob,
+-			 struct mdssvc_blob *response_blob);
++			 struct mdssvc_blob *response_blob,
++			 size_t max_fragment_size);
+ bool mds_add_result(struct sl_query *slq, const char *path);
+
+ #endif /* _MDSSVC_H */
+diff --git a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+index 714e6c1..59e2a97 100644
+--- a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
++++ b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+@@ -269,7 +269,10 @@ void _mdssvc_cmd(struct pipes_struct *p, struct mdssvc_cmd *r)
+	/* We currently don't use fragmentation at the mdssvc RPC layer */
+	*r->out.fragment = 0;
+
+-	ok = mds_dispatch(mds_ctx, &r->in.request_blob, r->out.response_blob);
++	ok = mds_dispatch(mds_ctx,
++			  &r->in.request_blob,
++			  r->out.response_blob,
++			  r->in.max_fragment_size1);
+	if (ok) {
+		*r->out.unkn9 = 0;
+	} else {
+diff --git a/source3/rpcclient/cmd_spotlight.c b/source3/rpcclient/cmd_spotlight.c
+index 64fe321..ba3f61f 100644
+--- a/source3/rpcclient/cmd_spotlight.c
++++ b/source3/rpcclient/cmd_spotlight.c
+@@ -43,7 +43,6 @@ static NTSTATUS cmd_mdssvc_fetch_properties(
+	uint32_t unkn3;	     /* server always returns 0 ? */
+	struct mdssvc_blob request_blob;
+	struct mdssvc_blob response_blob;
+-	ssize_t len;
+	uint32_t max_fragment_size = 64 * 1024;
+	DALLOC_CTX *d, *mds_reply;
+	uint64_t *uint64var;
+@@ -137,20 +136,10 @@ static NTSTATUS cmd_mdssvc_fetch_properties(
+		goto done;
+	}
+
+-	request_blob.spotlight_blob = talloc_array(mem_ctx, uint8_t, max_fragment_size);
+-	if (request_blob.spotlight_blob == NULL) {
+-		status = NT_STATUS_INTERNAL_ERROR;
+-		goto done;
+-	}
+-	request_blob.size = max_fragment_size;
+-
+-	len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
+-	if (len == -1) {
+-		status = NT_STATUS_INTERNAL_ERROR;
++	status = sl_pack_alloc(mem_ctx, d, &request_blob, max_fragment_size);
++	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+-	request_blob.length = len;
+-	request_blob.size = len;
+
+	status =  dcerpc_mdssvc_cmd(b, mem_ctx,
+				    &share_handle,
+@@ -204,7 +193,6 @@ static NTSTATUS cmd_mdssvc_fetch_attributes(
+	uint32_t unkn3;	     /* server always returns 0 ? */
+	struct mdssvc_blob request_blob;
+	struct mdssvc_blob response_blob;
+-	ssize_t len;
+	uint32_t max_fragment_size = 64 * 1024;
+	DALLOC_CTX *d, *mds_reply;
+	uint64_t *uint64var;
+@@ -352,22 +340,10 @@ static NTSTATUS cmd_mdssvc_fetch_attributes(
+		goto done;
+	}
+
+-	request_blob.spotlight_blob = talloc_array(mem_ctx,
+-						   uint8_t,
+-						   max_fragment_size);
+-	if (request_blob.spotlight_blob == NULL) {
+-		status = NT_STATUS_INTERNAL_ERROR;
+-		goto done;
+-	}
+-	request_blob.size = max_fragment_size;
+-
+-	len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
+-	if (len == -1) {
+-		status = NT_STATUS_INTERNAL_ERROR;
++	status = sl_pack_alloc(mem_ctx, d, &request_blob, max_fragment_size);
++	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+-	request_blob.length = len;
+-	request_blob.size = len;
+
+	status = dcerpc_mdssvc_cmd(b, mem_ctx,
+				   &share_handle,
+diff --git a/source4/torture/rpc/mdssvc.c b/source4/torture/rpc/mdssvc.c
+index e99c82c..1305456 100644
+--- a/source4/torture/rpc/mdssvc.c
++++ b/source4/torture/rpc/mdssvc.c
+@@ -745,11 +745,9 @@ static bool test_sl_dict_type_safety(struct torture_context *tctx,
+				     ok, done, "dalloc_new failed\n");
+	request_blob.size = 64 * 1024;
+
+-	request_blob.length = sl_pack(d,
+-				      (char *)request_blob.spotlight_blob,
+-				      request_blob.size);
+-	torture_assert_goto(tctx, request_blob.length > 0,
+-			    ok, done, "sl_pack failed\n");
++	status = sl_pack_alloc(tctx, d, &request_blob, 64 * 1024);
++	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
++					"sl_pack_alloc() failed\n");
+
+	status = dcerpc_mdssvc_cmd(b,
+				   state,
+@@ -836,7 +834,6 @@ static bool test_mdssvc_fetch_attr_unknown_cnid(struct torture_context *tctx,
+	const char *path_type = NULL;
+	uint64_t ino64;
+	NTSTATUS status;
+-	ssize_t len;
+	int ret;
+	bool ok = true;
+
+@@ -901,19 +898,10 @@ static bool test_mdssvc_fetch_attr_unknown_cnid(struct torture_context *tctx,
+	ret = dalloc_add(array, cnids, sl_cnids_t);
+	torture_assert_goto(tctx, ret == 0, ret, done, "dalloc_add failed\n");
+
+-	request_blob.spotlight_blob = talloc_array(state,
+-						   uint8_t,
+-						   max_fragment_size);
+-	torture_assert_not_null_goto(tctx, request_blob.spotlight_blob,
+-				     ret, done, "dalloc_zero failed\n");
+-	request_blob.size = max_fragment_size;
+-
+-	len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
+-	torture_assert_goto(tctx, len != -1, ret, done, "sl_pack failed\n");
+-
+-	request_blob.length = len;
+-	request_blob.size = len;
+
++	status = sl_pack_alloc(tctx, d, &request_blob, max_fragment_size);
++	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
++					"sl_pack_alloc() failed\n");
+	status =  dcerpc_mdssvc_cmd(b,
+				    state,
+				    &state->ph,
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0010.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0010.patch
new file mode 100644
index 0000000000..57668f5eef
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0010.patch
@@ -0,0 +1,484 @@
+From a5c570e262911874e43e82de601d809aa5b1b729 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Sat, 17 Jun 2023 13:53:27 +0200
+Subject: [PATCH] CVE-2023-34968: mdscli: return share relative paths The next
+ commit will change the Samba Spotlight server to return absolute paths that
+ start with the sharename as "/SHARENAME/..." followed by the share path
+ relative appended.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+So given a share
+
+  [spotlight]
+    path = /foo/bar
+    spotlight = yes
+
+and a file inside this share with a full path of
+
+  /foo/bar/dir/file
+
+previously a search that matched this file would returns the absolute
+server-side pato of the file, ie
+
+  /foo/bar/dir/file
+
+This will be change to
+
+  /spotlight/dir/file
+
+As currently the mdscli library and hence the mdsearch tool print out these
+paths returned from the server, we have to change the output to accomodate these
+fake paths. The only way to do this sensibly is by makeing the paths relative to
+the containing share, so just
+
+  dir/file
+
+in the example above.
+
+The client learns about the share root path prefix – real server-side of fake in
+the future – in an initial handshake in the "share_path" out argument of the
+mdssvc_open() RPC call, so the client can use this path to convert the absolute
+path to relative.
+
+There is however an additional twist: the macOS Spotlight server prefixes this
+absolute path with another prefix, typically "/System/Volumes/Data", so in the
+example above the full path for the same search would be
+
+  /System/Volumes/Data/foo/bar/dir/file
+
+So macOS does return the full server-side path too, just prefixed with an
+additional path. This path prefixed can be queried by the client in the
+mdssvc_cmd() RPC call with an Spotlight command of "fetchPropertiesForContext:"
+and the path is returned in a dictionary with key "kMDSStorePathScopes". Samba
+just returns "/" for this.
+
+Currently the mdscli library doesn't issue this Spotlight RPC
+request (fetchPropertiesForContext), so this is added in this commit. In the
+end, all search result paths are stripped of the combined prefix
+
+  kMDSStorePathScopes + share_path (from mdssvc_open).
+
+eg
+
+  kMDSStorePathScopes = /System/Volumes/Data
+  share_path = /foo/bar
+  search result = /System/Volumes/Data/foo/bar/dir/file
+  relative path returned by mdscli = dir/file
+
+Makes sense? :)
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/a5c570e262911874e43e82de601d809aa5b1b729]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ python/samba/tests/dcerpc/mdssvc.py     |  26 ++--
+ source3/rpc_client/cli_mdssvc.c         | 155 +++++++++++++++++++++++-
+ source3/rpc_client/cli_mdssvc_private.h |   4 +
+ source3/rpc_client/cli_mdssvc_util.c    |  68 +++++++++++
+ source3/rpc_client/cli_mdssvc_util.h    |   4 +
+ 5 files changed, 243 insertions(+), 14 deletions(-)
+
+diff --git a/python/samba/tests/dcerpc/mdssvc.py b/python/samba/tests/dcerpc/mdssvc.py
+index b0df509..5002e5d 100644
+--- a/python/samba/tests/dcerpc/mdssvc.py
++++ b/python/samba/tests/dcerpc/mdssvc.py
+@@ -84,10 +84,11 @@ class MdssvcTests(RpcInterfaceTestCase):
+         self.t = threading.Thread(target=MdssvcTests.http_server, args=(self,))
+         self.t.setDaemon(True)
+         self.t.start()
++        self.sharepath = os.environ["LOCAL_PATH"]
+         time.sleep(1)
+
+         conn = mdscli.conn(self.pipe, 'spotlight', '/foo')
+-        self.sharepath = conn.sharepath()
++        self.fakepath = conn.sharepath()
+         conn.disconnect(self.pipe)
+
+         for file in testfiles:
+@@ -105,12 +106,11 @@ class MdssvcTests(RpcInterfaceTestCase):
+         self.server.serve_forever()
+
+     def run_test(self, query, expect, json_in, json_out):
+-        expect = [s.replace("%BASEPATH%", self.sharepath) for s in expect]
+         self.server.json_in = json_in.replace("%BASEPATH%", self.sharepath)
+         self.server.json_out = json_out.replace("%BASEPATH%", self.sharepath)
+
+         self.conn = mdscli.conn(self.pipe, 'spotlight', '/foo')
+-        search = self.conn.search(self.pipe, query, self.sharepath)
++        search = self.conn.search(self.pipe, query, self.fakepath)
+
+         # Give it some time, the get_results() below returns immediately
+         # what's available, so if we ask to soon, we might get back no results
+@@ -141,7 +141,7 @@ class MdssvcTests(RpcInterfaceTestCase):
+             ]
+           }
+         }'''
+-        exp_results = ["%BASEPATH%/foo", "%BASEPATH%/bar"]
++        exp_results = ["foo", "bar"]
+         self.run_test('*=="samba*"', exp_results, exp_json_query, fake_json_response)
+
+     def test_mdscli_search_escapes(self):
+@@ -181,14 +181,14 @@ class MdssvcTests(RpcInterfaceTestCase):
+           }
+         }'''
+         exp_results = [
+-            r"%BASEPATH%/x+x",
+-            r"%BASEPATH%/x*x",
+-            r"%BASEPATH%/x=x",
+-            r"%BASEPATH%/x'x",
+-            r"%BASEPATH%/x?x",
+-            r"%BASEPATH%/x x",
+-            r"%BASEPATH%/x(x",
+-            "%BASEPATH%/x\"x",
+-            r"%BASEPATH%/x\x",
++            r"x+x",
++            r"x*x",
++            r"x=x",
++            r"x'x",
++            r"x?x",
++            r"x x",
++            r"x(x",
++            "x\"x",
++            r"x\x",
+         ]
+         self.run_test(sl_query, exp_results, exp_json_query, fake_json_response)
+diff --git a/source3/rpc_client/cli_mdssvc.c b/source3/rpc_client/cli_mdssvc.c
+index 07c19b5..a047b91 100644
+--- a/source3/rpc_client/cli_mdssvc.c
++++ b/source3/rpc_client/cli_mdssvc.c
+@@ -43,10 +43,12 @@ char *mdscli_get_basepath(TALLOC_CTX *mem_ctx,
+ struct mdscli_connect_state {
+	struct tevent_context *ev;
+	struct mdscli_ctx *mdscli_ctx;
++	struct mdssvc_blob response_blob;
+ };
+
+ static void mdscli_connect_open_done(struct tevent_req *subreq);
+ static void mdscli_connect_unknown1_done(struct tevent_req *subreq);
++static void mdscli_connect_fetch_props_done(struct tevent_req *subreq);
+
+ struct tevent_req *mdscli_connect_send(TALLOC_CTX *mem_ctx,
+				       struct tevent_context *ev,
+@@ -111,6 +113,7 @@ static void mdscli_connect_open_done(struct tevent_req *subreq)
+	struct mdscli_connect_state *state = tevent_req_data(
+		req, struct mdscli_connect_state);
+	struct mdscli_ctx *mdscli_ctx = state->mdscli_ctx;
++	size_t share_path_len;
+	NTSTATUS status;
+
+	status = dcerpc_mdssvc_open_recv(subreq, state);
+@@ -120,6 +123,18 @@ static void mdscli_connect_open_done(struct tevent_req *subreq)
+		return;
+	}
+
++	share_path_len = strlen(mdscli_ctx->mdscmd_open.share_path);
++	if (share_path_len < 1 || share_path_len > UINT16_MAX) {
++		tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
++		return;
++	}
++	mdscli_ctx->mdscmd_open.share_path_len = share_path_len;
++
++	if (mdscli_ctx->mdscmd_open.share_path[share_path_len-1] == '/') {
++		mdscli_ctx->mdscmd_open.share_path[share_path_len-1] = '\0';
++		mdscli_ctx->mdscmd_open.share_path_len--;
++	}
++
+	subreq = dcerpc_mdssvc_unknown1_send(
+			state,
+			state->ev,
+@@ -146,6 +161,8 @@ static void mdscli_connect_unknown1_done(struct tevent_req *subreq)
+		subreq, struct tevent_req);
+	struct mdscli_connect_state *state = tevent_req_data(
+		req, struct mdscli_connect_state);
++	struct mdscli_ctx *mdscli_ctx = state->mdscli_ctx;
++	struct mdssvc_blob request_blob;
+	NTSTATUS status;
+
+	status = dcerpc_mdssvc_unknown1_recv(subreq, state);
+@@ -153,6 +170,108 @@ static void mdscli_connect_unknown1_done(struct tevent_req *subreq)
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
++	status = mdscli_blob_fetch_props(state,
++					 state->mdscli_ctx,
++					 &request_blob);
++	if (tevent_req_nterror(req, status)) {
++		return;
++	}
++
++	subreq = dcerpc_mdssvc_cmd_send(state,
++					state->ev,
++					mdscli_ctx->bh,
++					&mdscli_ctx->ph,
++					0,
++					mdscli_ctx->dev,
++					mdscli_ctx->mdscmd_open.unkn2,
++					0,
++					mdscli_ctx->flags,
++					request_blob,
++					0,
++					mdscli_ctx->max_fragment_size,
++					1,
++					mdscli_ctx->max_fragment_size,
++					0,
++					0,
++					&mdscli_ctx->mdscmd_cmd.fragment,
++					&state->response_blob,
++					&mdscli_ctx->mdscmd_cmd.unkn9);
++	if (tevent_req_nomem(subreq, req)) {
++		return;
++	}
++	tevent_req_set_callback(subreq, mdscli_connect_fetch_props_done, req);
++	mdscli_ctx->async_pending++;
++	return;
++}
++
++static void mdscli_connect_fetch_props_done(struct tevent_req *subreq)
++{
++	struct tevent_req *req = tevent_req_callback_data(
++		subreq, struct tevent_req);
++	struct mdscli_connect_state *state = tevent_req_data(
++		req, struct mdscli_connect_state);
++	struct mdscli_ctx *mdscli_ctx = state->mdscli_ctx;
++	DALLOC_CTX *d = NULL;
++	sl_array_t *path_scope_array = NULL;
++	char *path_scope = NULL;
++	NTSTATUS status;
++	bool ok;
++
++	status = dcerpc_mdssvc_cmd_recv(subreq, state);
++	TALLOC_FREE(subreq);
++	state->mdscli_ctx->async_pending--;
++	if (tevent_req_nterror(req, status)) {
++		return;
++	}
++
++	d = dalloc_new(state);
++	if (tevent_req_nomem(d, req)) {
++		return;
++	}
++
++	ok = sl_unpack(d,
++		       (char *)state->response_blob.spotlight_blob,
++		       state->response_blob.length);
++	if (!ok) {
++		tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
++		return;
++	}
++
++	path_scope_array = dalloc_value_for_key(d,
++						"DALLOC_CTX", 0,
++						"kMDSStorePathScopes",
++						"sl_array_t");
++	if (path_scope_array == NULL) {
++		DBG_ERR("Missing kMDSStorePathScopes\n");
++		tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
++		return;
++	}
++
++	path_scope = dalloc_get(path_scope_array, "char *", 0);
++	if (path_scope == NULL) {
++		DBG_ERR("Missing path in kMDSStorePathScopes\n");
++		tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
++		return;
++	}
++
++	mdscli_ctx->path_scope_len = strlen(path_scope);
++	if (mdscli_ctx->path_scope_len < 1 ||
++	    mdscli_ctx->path_scope_len > UINT16_MAX)
++	{
++		DBG_ERR("Bad path_scope: %s\n", path_scope);
++		tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
++		return;
++	}
++	mdscli_ctx->path_scope = talloc_strdup(mdscli_ctx, path_scope);
++	if (tevent_req_nomem(mdscli_ctx->path_scope, req)) {
++		return;
++	}
++
++	if (mdscli_ctx->path_scope[mdscli_ctx->path_scope_len-1] == '/') {
++		mdscli_ctx->path_scope[mdscli_ctx->path_scope_len-1] = '\0';
++		mdscli_ctx->path_scope_len--;
++	}
++
+
+	tevent_req_done(req);
+ }
+@@ -697,7 +816,10 @@ static void mdscli_get_path_done(struct tevent_req *subreq)
+	struct mdscli_get_path_state *state = tevent_req_data(
+		req, struct mdscli_get_path_state);
+	DALLOC_CTX *d = NULL;
++	size_t pathlen;
++	size_t prefixlen;
+	char *path = NULL;
++	const char *p = NULL;
+	NTSTATUS status;
+	bool ok;
+
+@@ -732,7 +854,38 @@ static void mdscli_get_path_done(struct tevent_req *subreq)
+		tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+		return;
+	}
+-	state->path = talloc_move(state, &path);
++
++	/* Path is prefixed by /PATHSCOPE/SHARENAME/, strip it */
++	pathlen = strlen(path);
++
++	/*
++	 * path_scope_len and share_path_len are already checked to be smaller
++	 * then UINT16_MAX so this can't overflow
++	 */
++	prefixlen = state->mdscli_ctx->path_scope_len
++		+ state->mdscli_ctx->mdscmd_open.share_path_len;
++
++	if (pathlen < prefixlen) {
++		DBG_DEBUG("Bad path: %s\n", path);
++		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
++		return;
++	}
++
++	p = path + prefixlen;
++	while (*p == '/') {
++		p++;
++	}
++	if (*p == '\0') {
++		DBG_DEBUG("Bad path: %s\n", path);
++		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
++		return;
++	}
++
++	state->path = talloc_strdup(state, p);
++	if (state->path == NULL) {
++		tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
++		return;
++	}
+	DBG_DEBUG("path: %s\n", state->path);
+
+	tevent_req_done(req);
+diff --git a/source3/rpc_client/cli_mdssvc_private.h b/source3/rpc_client/cli_mdssvc_private.h
+index 031af85..b10aca0 100644
+--- a/source3/rpc_client/cli_mdssvc_private.h
++++ b/source3/rpc_client/cli_mdssvc_private.h
+@@ -42,6 +42,7 @@ struct mdscli_ctx {
+	/* cmd specific or unknown fields */
+	struct {
+		char share_path[1025];
++		size_t share_path_len;
+		uint32_t unkn2;
+		uint32_t unkn3;
+	} mdscmd_open;
+@@ -56,6 +57,9 @@ struct mdscli_ctx {
+	struct {
+		uint32_t status;
+	} mdscmd_close;
++
++	char *path_scope;
++	size_t path_scope_len;
+ };
+
+ struct mdscli_search_ctx {
+diff --git a/source3/rpc_client/cli_mdssvc_util.c b/source3/rpc_client/cli_mdssvc_util.c
+index a39202d..1eaaca7 100644
+--- a/source3/rpc_client/cli_mdssvc_util.c
++++ b/source3/rpc_client/cli_mdssvc_util.c
+@@ -28,6 +28,74 @@
+ #include "rpc_server/mdssvc/dalloc.h"
+ #include "rpc_server/mdssvc/marshalling.h"
+
++NTSTATUS mdscli_blob_fetch_props(TALLOC_CTX *mem_ctx,
++				 struct mdscli_ctx *ctx,
++				 struct mdssvc_blob *blob)
++{
++	DALLOC_CTX *d = NULL;
++	uint64_t *uint64p = NULL;
++	sl_array_t *array = NULL;
++	sl_array_t *cmd_array = NULL;
++	NTSTATUS status;
++	int ret;
++
++	d = dalloc_new(mem_ctx);
++	if (d == NULL) {
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	array = dalloc_zero(d, sl_array_t);
++	if (array == NULL) {
++		TALLOC_FREE(d);
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	ret = dalloc_add(d, array, sl_array_t);
++	if (ret != 0) {
++		TALLOC_FREE(d);
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	cmd_array = dalloc_zero(d, sl_array_t);
++	if (cmd_array == NULL) {
++		TALLOC_FREE(d);
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	ret = dalloc_add(array, cmd_array, sl_array_t);
++	if (ret != 0) {
++		TALLOC_FREE(d);
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	ret = dalloc_stradd(cmd_array, "fetchPropertiesForContext:");
++	if (ret != 0) {
++		TALLOC_FREE(d);
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	uint64p = talloc_zero_array(cmd_array, uint64_t, 2);
++	if (uint64p == NULL) {
++		TALLOC_FREE(d);
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	talloc_set_name(uint64p, "uint64_t *");
++
++	ret = dalloc_add(cmd_array, uint64p, uint64_t *);
++	if (ret != 0) {
++		TALLOC_FREE(d);
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	status = sl_pack_alloc(mem_ctx, d, blob, ctx->max_fragment_size);
++	TALLOC_FREE(d);
++	if (!NT_STATUS_IS_OK(status)) {
++		return status;
++	}
++	return NT_STATUS_OK;
++}
++
+ NTSTATUS mdscli_blob_search(TALLOC_CTX *mem_ctx,
+			    struct mdscli_search_ctx *search,
+			    struct mdssvc_blob *blob)
+diff --git a/source3/rpc_client/cli_mdssvc_util.h b/source3/rpc_client/cli_mdssvc_util.h
+index 7a98c85..3f32475 100644
+--- a/source3/rpc_client/cli_mdssvc_util.h
++++ b/source3/rpc_client/cli_mdssvc_util.h
+@@ -21,6 +21,10 @@
+ #ifndef _MDSCLI_UTIL_H_
+ #define _MDSCLI_UTIL_H_
+
++NTSTATUS mdscli_blob_fetch_props(TALLOC_CTX *mem_ctx,
++				 struct mdscli_ctx *ctx,
++				 struct mdssvc_blob *blob);
++
+ NTSTATUS mdscli_blob_search(TALLOC_CTX *mem_ctx,
+			    struct mdscli_search_ctx *search,
+			    struct mdssvc_blob *blob);
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0011.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0011.patch
new file mode 100644
index 0000000000..d2bef187f7
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0011.patch
@@ -0,0 +1,295 @@
+From 091b0265fe42878d676def5d4f5b4f8f3977b0e2 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Mon, 5 Jun 2023 18:02:20 +0200
+Subject: [PATCH] CVE-2023-34968: mdssvc: return a fake share path Instead of
+ returning the real server-side absolute path of shares and search results,
+ return a fake absolute path replacing the path of the share with the share
+ name, iow for a share "test" with a server-side path of "/foo/bar", we
+ previously returned
+
+  /foo/bar and
+  /foo/bar/search/result
+
+and now return
+
+  /test and
+  /test/search/result
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/091b0265fe42878d676def5d4f5b4f8f3977b0e2]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/lib/util_path.c                   | 52 ++++++++++++++++++++
+ source3/lib/util_path.h                   |  5 ++
+ source3/rpc_server/mdssvc/mdssvc.c        | 60 +++++++++++++++++++++--
+ source3/rpc_server/mdssvc/mdssvc.h        |  1 +
+ source3/rpc_server/mdssvc/srv_mdssvc_nt.c | 17 +++++--
+ 6 files changed, 128 insertions(+), 7 deletions(-)
+ mode change 100755 => 100644 source3/libads/ldap.c
+
+diff --git a/source3/lib/util_path.c b/source3/lib/util_path.c
+index c34b734..5b5a51c 100644
+--- a/source3/lib/util_path.c
++++ b/source3/lib/util_path.c
+@@ -21,8 +21,10 @@
+  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+  */
+
++#include "includes.h"
+ #include "replace.h"
+ #include <talloc.h>
++#include "lib/util/debug.h"
+ #include "lib/util/samba_util.h"
+ #include "lib/util_path.h"
+
+@@ -210,3 +212,53 @@ char *canonicalize_absolute_path(TALLOC_CTX *ctx, const char *pathname_in)
+	*p++ = '\0';
+	return pathname;
+ }
++
++/*
++ * Take two absolute paths, figure out if "subdir" is a proper
++ * subdirectory of "parent". Return the component relative to the
++ * "parent" without the potential "/". Take care of "parent"
++ * possibly ending in "/".
++ */
++bool subdir_of(const char *parent,
++	       size_t parent_len,
++	       const char *subdir,
++	       const char **_relative)
++{
++	const char *relative = NULL;
++	bool matched;
++
++	SMB_ASSERT(parent[0] == '/');
++	SMB_ASSERT(subdir[0] == '/');
++
++	if (parent_len == 1) {
++		/*
++		 * Everything is below "/"
++		 */
++		*_relative = subdir+1;
++		return true;
++	}
++
++	if (parent[parent_len-1] == '/') {
++		parent_len -= 1;
++	}
++
++	matched = (strncmp(subdir, parent, parent_len) == 0);
++	if (!matched) {
++		return false;
++	}
++
++	relative = &subdir[parent_len];
++
++	if (relative[0] == '\0') {
++		*_relative = relative; /* nothing left */
++		return true;
++	}
++
++	if (relative[0] == '/') {
++		/* End of parent must match a '/' in subdir. */
++		*_relative = relative+1;
++		return true;
++	}
++
++	return false;
++}
+diff --git a/source3/lib/util_path.h b/source3/lib/util_path.h
+index 3e7d04d..6d2155a 100644
+--- a/source3/lib/util_path.h
++++ b/source3/lib/util_path.h
+@@ -31,5 +31,10 @@ char *lock_path(TALLOC_CTX *mem_ctx, const char *name);
+ char *state_path(TALLOC_CTX *mem_ctx, const char *name);
+ char *cache_path(TALLOC_CTX *mem_ctx, const char *name);
+ char *canonicalize_absolute_path(TALLOC_CTX *ctx, const char *abs_path);
++bool subdir_of(const char *parent,
++               size_t parent_len,
++               const char *subdir,
++               const char **_relative);
++
+
+ #endif
+diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
+index 19257e8..d442d8d 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.c
++++ b/source3/rpc_server/mdssvc/mdssvc.c
+@@ -520,11 +520,14 @@ static bool inode_map_add(struct sl_query *slq,
+ bool mds_add_result(struct sl_query *slq, const char *path)
+ {
+	struct smb_filename *smb_fname = NULL;
++	char *fake_path = NULL;
++	const char *relative = NULL;
+	struct stat_ex sb;
+	uint32_t attr;
+	uint64_t ino64;
+	int result;
+	NTSTATUS status;
++	bool sub;
+	bool ok;
+
+	/*
+@@ -610,6 +613,17 @@ bool mds_add_result(struct sl_query *slq, const char *path)
+		}
+	}
+
++	sub = subdir_of(slq->mds_ctx->spath,
++			slq->mds_ctx->spath_len,
++			path,
++			&relative);
++	if (!sub) {
++		DBG_ERR("[%s] is not inside [%s]\n",
++			path, slq->mds_ctx->spath);
++		slq->state = SLQ_STATE_ERROR;
++		return false;
++	}
++
+	/*
+	 * Add inode number and filemeta to result set, this is what
+	 * we return as part of the result set of a query
+@@ -622,18 +636,30 @@ bool mds_add_result(struct sl_query *slq, const char *path)
+		slq->state = SLQ_STATE_ERROR;
+		return false;
+	}
++
++	fake_path = talloc_asprintf(slq,
++				    "/%s/%s",
++				    slq->mds_ctx->sharename,
++				    relative);
++	if (fake_path == NULL) {
++		slq->state = SLQ_STATE_ERROR;
++		return false;
++	}
++
+	ok = add_filemeta(slq->mds_ctx,
+			  slq->reqinfo,
+			  slq->query_results->fm_array,
+-			  path,
++			  fake_path,
+			  &sb);
+	if (!ok) {
+		DBG_ERR("add_filemeta error\n");
++		TALLOC_FREE(fake_path);
+		slq->state = SLQ_STATE_ERROR;
+		return false;
+	}
+
+-	ok = inode_map_add(slq, ino64, path, &sb);
++	ok = inode_map_add(slq, ino64, fake_path, &sb);
++	TALLOC_FREE(fake_path);
+	if (!ok) {
+		DEBUG(1, ("inode_map_add error\n"));
+		slq->state = SLQ_STATE_ERROR;
+@@ -840,6 +866,32 @@ static void slq_close_timer(struct tevent_context *ev,
+	}
+ }
+
++/**
++ * Translate a fake scope from the client like /sharename/dir
++ * to the real server-side path, replacing the "/sharename" part
++ * with the absolute server-side path of the share.
++ **/
++static bool mdssvc_real_scope(struct sl_query *slq, const char *fake_scope)
++{
++	size_t sname_len = strlen(slq->mds_ctx->sharename);
++	size_t fake_scope_len = strlen(fake_scope);
++
++	if (fake_scope_len < sname_len + 1) {
++		DBG_ERR("Short scope [%s] for share [%s]\n",
++			fake_scope, slq->mds_ctx->sharename);
++		return false;
++	}
++
++	slq->path_scope = talloc_asprintf(slq,
++					  "%s%s",
++					  slq->mds_ctx->spath,
++					  fake_scope + sname_len + 1);
++	if (slq->path_scope == NULL) {
++		return false;
++	}
++	return true;
++}
++
+ /**
+  * Begin a search query
+  **/
+@@ -946,8 +998,8 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx,
+		goto error;
+	}
+
+-	slq->path_scope = talloc_strdup(slq, scope);
+-	if (slq->path_scope == NULL) {
++	ok = mdssvc_real_scope(slq, scope);
++	if (!ok) {
+		goto error;
+	}
+
+diff --git a/source3/rpc_server/mdssvc/mdssvc.h b/source3/rpc_server/mdssvc/mdssvc.h
+index b3bd8b9..8434812 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.h
++++ b/source3/rpc_server/mdssvc/mdssvc.h
+@@ -127,6 +127,7 @@ struct mds_ctx {
+	int snum;
+	const char *sharename;
+	const char *spath;
++	size_t spath_len;
+	struct connection_struct *conn;
+	struct sl_query *query_list;     /* list of active queries */
+	struct db_context *ino_path_map; /* dbwrap rbt for storing inode->path mappings */
+diff --git a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+index 59e2a97..b20bd2a 100644
+--- a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
++++ b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+@@ -121,6 +121,7 @@ void _mdssvc_open(struct pipes_struct *p, struct mdssvc_open *r)
+		loadparm_s3_global_substitution();
+	int snum;
+	char *outpath = discard_const_p(char, r->out.share_path);
++	char *fake_path = NULL;
+	char *path;
+	NTSTATUS status;
+
+@@ -144,21 +145,31 @@ void _mdssvc_open(struct pipes_struct *p, struct mdssvc_open *r)
+		return;
+	}
+
++	fake_path = talloc_asprintf(p->mem_ctx, "/%s", r->in.share_name);
++	if (fake_path == NULL) {
++		DBG_ERR("Couldn't create fake share path for %s\n",
++			r->in.share_name);
++		talloc_free(path);
++		p->fault_state = DCERPC_FAULT_CANT_PERFORM;
++		return;
++	}
++
+	status = create_mdssvc_policy_handle(p->mem_ctx, p,
+					     snum,
+					     r->in.share_name,
+					     path,
+					     r->out.handle);
+	if (!NT_STATUS_IS_OK(status)) {
+-		DBG_ERR("Couldn't create policy handle for %s\n",
++		DBG_ERR("Couldn't create path for %s\n",
+			r->in.share_name);
+		talloc_free(path);
++		talloc_free(fake_path);
+		p->fault_state = DCERPC_FAULT_CANT_PERFORM;
+		return;
+	}
+
+-	strlcpy(outpath, path, 1024);
+-	talloc_free(path);
++	strlcpy(outpath, fake_path, 1024);
++	talloc_free(fake_path);
+	return;
+ }
+
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0001.patch
new file mode 100644
index 0000000000..908ab85baf
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0001.patch
@@ -0,0 +1,193 @@
+From b08a60160e6ab8d982d31844bcbf7ab67ff3a8de Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Tue, 1 Aug 2023 12:30:00 +0200
+Subject: [PATCH 2/2] CVE-2023-4091: smbtorture: test overwrite dispositions on
+ read-only file
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+
+CVE: CVE-2023-4091
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/b08a60160e6ab8d982d31844bcbf7ab67ff3a8de]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ selftest/knownfail.d/samba3.smb2.acls |   1 +
+ source4/torture/smb2/acls.c           | 145 ++++++++++++++++++++++++++
+ 2 files changed, 146 insertions(+)
+ create mode 100644 selftest/knownfail.d/samba3.smb2.acls
+
+diff --git a/selftest/knownfail.d/samba3.smb2.acls b/selftest/knownfail.d/samba3.smb2.acls
+new file mode 100644
+index 0000000..18df260
+--- /dev/null
++++ b/selftest/knownfail.d/samba3.smb2.acls
+@@ -0,0 +1 @@
++^samba3.smb2.acls.OVERWRITE_READ_ONLY_FILE
+diff --git a/source4/torture/smb2/acls.c b/source4/torture/smb2/acls.c
+index 4f4538b..d26caeb 100644
+--- a/source4/torture/smb2/acls.c
++++ b/source4/torture/smb2/acls.c
+@@ -3023,6 +3023,149 @@ done:
+	return ret;
+ }
+
++static bool test_overwrite_read_only_file(struct torture_context *tctx,
++					  struct smb2_tree *tree)
++{
++	NTSTATUS status;
++	struct smb2_create c;
++	const char *fname = BASEDIR "\\test_overwrite_read_only_file.txt";
++	struct smb2_handle handle = {{0}};
++	union smb_fileinfo q;
++	union smb_setfileinfo set;
++	struct security_descriptor *sd = NULL, *sd_orig = NULL;
++	const char *owner_sid = NULL;
++	int i;
++	bool ret = true;
++
++	struct tcase {
++		int disposition;
++		const char *disposition_string;
++		NTSTATUS expected_status;
++	} tcases[] = {
++#define TCASE(d, s) {				\
++		.disposition = d,		\
++		.disposition_string = #d,	\
++		.expected_status = s,		\
++	}
++		TCASE(NTCREATEX_DISP_OPEN, NT_STATUS_OK),
++		TCASE(NTCREATEX_DISP_SUPERSEDE, NT_STATUS_ACCESS_DENIED),
++		TCASE(NTCREATEX_DISP_OVERWRITE, NT_STATUS_ACCESS_DENIED),
++		TCASE(NTCREATEX_DISP_OVERWRITE_IF, NT_STATUS_ACCESS_DENIED),
++	};
++#undef TCASE
++
++	ret = smb2_util_setup_dir(tctx, tree, BASEDIR);
++	torture_assert_goto(tctx, ret, ret, done, "smb2_util_setup_dir not ok");
++
++	c = (struct smb2_create) {
++		.in.desired_access = SEC_STD_READ_CONTROL |
++			SEC_STD_WRITE_DAC |
++			SEC_STD_WRITE_OWNER,
++		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
++		.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
++			NTCREATEX_SHARE_ACCESS_WRITE,
++		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
++		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
++		.in.fname = fname,
++	};
++
++	status = smb2_create(tree, tctx, &c);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_create failed\n");
++	handle = c.out.file.handle;
++
++	torture_comment(tctx, "get the original sd\n");
++
++	ZERO_STRUCT(q);
++	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
++	q.query_secdesc.in.file.handle = handle;
++	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
++
++	status = smb2_getinfo_file(tree, tctx, &q);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_getinfo_file failed\n");
++	sd_orig = q.query_secdesc.out.sd;
++
++	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
++
++	sd = security_descriptor_dacl_create(tctx,
++					0, NULL, NULL,
++					owner_sid,
++					SEC_ACE_TYPE_ACCESS_ALLOWED,
++					SEC_FILE_READ_DATA,
++					0,
++					NULL);
++
++	ZERO_STRUCT(set);
++	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
++	set.set_secdesc.in.file.handle = handle;
++	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
++	set.set_secdesc.in.sd = sd;
++
++	status = smb2_setinfo_file(tree, &set);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_setinfo_file failed\n");
++
++	smb2_util_close(tree, handle);
++	ZERO_STRUCT(handle);
++
++	for (i = 0; i < ARRAY_SIZE(tcases); i++) {
++		torture_comment(tctx, "Verify open with %s dispostion\n",
++				tcases[i].disposition_string);
++
++		c = (struct smb2_create) {
++			.in.create_disposition = tcases[i].disposition,
++			.in.desired_access = SEC_FILE_READ_DATA,
++			.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
++			.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
++			.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
++			.in.fname = fname,
++		};
++
++		status = smb2_create(tree, tctx, &c);
++		smb2_util_close(tree, c.out.file.handle);
++		torture_assert_ntstatus_equal_goto(
++			tctx, status, tcases[i].expected_status, ret, done,
++			"smb2_create failed\n");
++	};
++
++	torture_comment(tctx, "put back original sd\n");
++
++	c = (struct smb2_create) {
++		.in.desired_access = SEC_STD_WRITE_DAC,
++		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
++		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
++		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
++		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
++		.in.fname = fname,
++	};
++
++	status = smb2_create(tree, tctx, &c);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_create failed\n");
++	handle = c.out.file.handle;
++
++	ZERO_STRUCT(set);
++	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
++	set.set_secdesc.in.file.handle = handle;
++	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
++	set.set_secdesc.in.sd = sd_orig;
++
++	status = smb2_setinfo_file(tree, &set);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_setinfo_file failed\n");
++
++	smb2_util_close(tree, handle);
++	ZERO_STRUCT(handle);
++
++done:
++	smb2_util_close(tree, handle);
++	smb2_util_unlink(tree, fname);
++	smb2_deltree(tree, BASEDIR);
++	return ret;
++}
++
++
+ /*
+    basic testing of SMB2 ACLs
+ */
+@@ -3051,6 +3194,8 @@ struct torture_suite *torture_smb2_acls_init(TALLOC_CTX *ctx)
+			test_deny1);
+	torture_suite_add_1smb2_test(suite, "MXAC-NOT-GRANTED",
+			test_mxac_not_granted);
++	torture_suite_add_1smb2_test(suite, "OVERWRITE_READ_ONLY_FILE",
++			test_overwrite_read_only_file);
+
+	suite->description = talloc_strdup(suite, "SMB2-ACLS tests");
+
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0002.patch
new file mode 100644
index 0000000000..43d3b4929f
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0002.patch
@@ -0,0 +1,59 @@
+From 8b26f634372f11edcbea33dfd68a3d57889dfcc5 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Tue, 1 Aug 2023 13:04:36 +0200
+Subject: [PATCH] CVE-2023-4091: smbd: use open_access_mask for access check in
+    open_file()
+
+If the client requested FILE_OVERWRITE[_IF], we're implicitly adding
+FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the
+access check we're using access_mask which doesn't contain the additional
+right, which means we can end up truncating a file for which the user has
+only read-only access via an SD.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+
+CVE: CVE-2023-4091
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/8b26f634372f11edcbea33dfd68a3d57889dfcc5]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ selftest/knownfail.d/samba3.smb2.acls | 1 -
+ source3/smbd/open.c                   | 4 ++--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+ delete mode 100644 selftest/knownfail.d/samba3.smb2.acls
+
+diff --git a/selftest/knownfail.d/samba3.smb2.acls b/selftest/knownfail.d/samba3.smb2.acls
+deleted file mode 100644
+index 18df260..0000000
+--- a/selftest/knownfail.d/samba3.smb2.acls
++++ /dev/null
+@@ -1 +0,0 @@
+-^samba3.smb2.acls.OVERWRITE_READ_ONLY_FILE
+diff --git a/source3/smbd/open.c b/source3/smbd/open.c
+index 2c3bf9e..4bec5cb 100644
+--- a/source3/smbd/open.c
++++ b/source3/smbd/open.c
+@@ -1402,7 +1402,7 @@ static NTSTATUS open_file(files_struct *fsp,
+ 						conn->cwd_fsp,
+ 						smb_fname,
+ 						false,
+-						access_mask);
++						open_access_mask);
+ 
+ 				if (!NT_STATUS_IS_OK(status)) {
+ 					DEBUG(10, ("open_file: "
+@@ -1585,7 +1585,7 @@ static NTSTATUS open_file(files_struct *fsp,
+ 				conn->cwd_fsp,
+ 				smb_fname,
+ 				false,
+-				access_mask);
++				open_access_mask);
+ 
+ 		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
+ 				(fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) &&
+-- 
+2.40.0
+
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch
new file mode 100644
index 0000000000..dfa6aeb023
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch
@@ -0,0 +1,94 @@
+From 9989568b20c8f804140c22f51548d766a18ed887 Mon Sep 17 00:00:00 2001
+From: Andrew Bartlett <abartlet@samba.org>
+Date: Tue, 12 Sep 2023 18:59:44 +1200
+Subject: [PATCH] CVE-2023-42669 s4-rpc_server: Disable rpcecho server by
+ default
+
+The rpcecho server is useful in development and testing, but should never
+have been allowed into production, as it includes the facility to
+do a blocking sleep() in the single-threaded rpc worker.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
+
+Signed-off-by: Andrew Bartlett <abartlet@samba.org>
+
+CVE: CVE-2023-42669
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/9989568b20c8f804140c22f51548d766a18ed887]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml | 2 +-
+ lib/param/loadparm.c                                   | 2 +-
+ selftest/target/Samba4.pm                              | 2 +-
+ source3/param/loadparm.c                               | 2 +-
+ source4/rpc_server/wscript_build                       | 3 ++-
+ 5 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
+index 8a217cc..c6642b7 100644
+--- a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
++++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
+@@ -6,6 +6,6 @@
+	<para>Specifies which DCE/RPC endpoint servers should be run.</para>
+ </description>
+
+-<value type="default">epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
++<value type="default">epmapper, wkssvc, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
+ <value type="example">rpcecho</value>
+ </samba:parameter>
+diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
+index eedfa00..75687f5 100644
+--- a/lib/param/loadparm.c
++++ b/lib/param/loadparm.c
+@@ -2717,7 +2717,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
+	lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default");
+	lpcfg_do_global_parameter(lp_ctx, "max connections", "0");
+
+-	lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
++	lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc  samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
+	lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns");
+	lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true");
+	/* the winbind method for domain controllers is for both RODC
+diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
+index 651faa7..c7b33d2 100755
+--- a/selftest/target/Samba4.pm
++++ b/selftest/target/Samba4.pm
+@@ -773,7 +773,7 @@ sub provision_raw_step1($$)
+	wins support = yes
+	server role = $ctx->{server_role}
+	server services = +echo $services
+-        dcerpc endpoint servers = +winreg +srvsvc
++        dcerpc endpoint servers = +winreg +srvsvc +rpcecho
+	notify:inotify = false
+	ldb:nosync = true
+	ldap server require strong auth = yes
+diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
+index 8bcd35f..a99ab35 100644
+--- a/source3/param/loadparm.c
++++ b/source3/param/loadparm.c
+@@ -879,7 +879,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
+
+	Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
+
+-	Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
++	Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc  samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
+
+	Globals.tls_enabled = true;
+	Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
+diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
+index 8c75672..a2520da 100644
+--- a/source4/rpc_server/wscript_build
++++ b/source4/rpc_server/wscript_build
+@@ -29,7 +29,8 @@ bld.SAMBA_MODULE('dcerpc_rpcecho',
+	source='echo/rpc_echo.c',
+	subsystem='dcerpc_server',
+	init_function='dcerpc_server_rpcecho_init',
+-	deps='ndr-standard events'
++    deps='ndr-standard events',
++    enabled=bld.CONFIG_GET('ENABLE_SELFTEST')
+	)
+
+
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba_4.14.13.bb b/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb
index 49e93fc536..2fb93be0a9 100644
--- a/meta-networking/recipes-connectivity/samba/samba_4.14.13.bb
+++ b/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb
@@ -21,6 +21,44 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
            file://0004-Add-options-to-configure-the-use-of-libbsd.patch \
            file://0005-samba-build-dnsserver_common-code.patch \
            file://0001-Fix-pyext_PATTERN-for-cross-compilation.patch \
+           file://0001-smbtorture-skip-test-case-tfork_cmd_send.patch \
+           file://CVE-2022-3437-0001.patch;patchdir=source4/heimdal \
+           file://CVE-2022-3437-0002.patch;patchdir=source4/heimdal \
+           file://CVE-2022-3437-0003.patch;patchdir=source4/heimdal \
+           file://CVE-2022-3437-0004.patch;patchdir=source4/heimdal \
+           file://CVE-2022-3437-0005.patch;patchdir=source4/heimdal \
+           file://CVE-2022-3437-0006.patch;patchdir=source4/heimdal \
+           file://CVE-2022-3437-0007.patch;patchdir=source4/heimdal \
+           file://CVE-2022-3437-0008.patch;patchdir=source4/heimdal \
+           file://CVE-2022-45142.patch;patchdir=source4/heimdal \
+           file://CVE-2022-41916.patch;patchdir=source4/heimdal \
+           file://CVE-2021-44758.patch;patchdir=source4/heimdal \
+           file://CVE-2023-34966_0001.patch \
+           file://CVE-2023-34966_0002.patch \
+           file://CVE-2022-2127.patch \
+           file://CVE-2023-34967_0001.patch \
+           file://CVE-2023-34967_0002.patch \
+           file://CVE-2023-34968_0001.patch \
+           file://CVE-2023-34968_0002.patch \
+           file://CVE-2023-34968_0003.patch \
+           file://CVE-2023-34968_0004.patch \
+           file://CVE-2023-34968_0005.patch \
+           file://CVE-2023-34968_0006.patch \
+           file://CVE-2023-34968_0007.patch \
+           file://CVE-2023-34968_0008.patch \
+           file://CVE-2023-34968_0009.patch \
+           file://CVE-2023-34968_0010.patch \
+           file://CVE-2023-34968_0011.patch \
+           file://CVE-2023-4091-0001.patch \
+           file://CVE-2023-4091-0002.patch \
+           file://CVE-2023-42669.patch \
+           file://CVE-2018-14628-0001.patch \
+           file://CVE-2018-14628-0002.patch \
+           file://CVE-2018-14628-0003.patch \
+           file://CVE-2018-14628-0004.patch \
+           file://CVE-2018-14628-0005.patch \
+           file://CVE-2018-14628-0006.patch \
+           file://CVE-2023-0922.patch \
            "
 
 SRC_URI:append:libc-musl = " \
@@ -31,7 +69,7 @@ SRC_URI:append:libc-musl = " \
            file://samba-fix-musl-lib-without-innetgr.patch \
            "
 
-SRC_URI[sha256sum] = "e1df792818a17d8d21faf33580d32939214694c92b84fb499464210d86a7ff75"
+SRC_URI[sha256sum] = "abd5e9e6aa45e55114b188ba189ebdfc8fd3d7718d43f749e477ce7f791e5519"
 
 UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.14(\.\d+)+).tar.gz"
 
diff --git a/meta-networking/recipes-connectivity/ufw/ufw_0.36.1.bb b/meta-networking/recipes-connectivity/ufw/ufw_0.36.1.bb
index b6a768e08a..c479eefba0 100644
--- a/meta-networking/recipes-connectivity/ufw/ufw_0.36.1.bb
+++ b/meta-networking/recipes-connectivity/ufw/ufw_0.36.1.bb
@@ -70,5 +70,5 @@ FILES:${PN} += " \
 
 REQUIRED_DISTRO_FEATURES = "ipv6"
 
-DISTUTILS_BUILD_ARGS:append = " --iptables-dir /usr/sbin"
-DISTUTILS_INSTALL_ARGS:append = " --iptables-dir /usr/sbin"
+SETUPTOOLS_BUILD_ARGS:append = " --iptables-dir /usr/sbin"
+SETUPTOOLS_INSTALL_ARGS:append = " --iptables-dir /usr/sbin"
diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch
new file mode 100644
index 0000000000..3d67f47414
--- /dev/null
+++ b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch
@@ -0,0 +1,27 @@
+From 078f98ea154475d953ce5b7cd851732f4dc270a7 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Tue, 5 Jul 2022 09:31:07 +0530
+Subject: [PATCH] CVE-2022-24407
+
+Upstream-Status: Backport [https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc]
+CVE: CVE-2022-24407
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ plugins/sql.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/plugins/sql.c b/plugins/sql.c
+index 6ac81c2f..d90dbac9 100644
+--- a/plugins/sql.c
++++ b/plugins/sql.c
+@@ -1127,6 +1127,7 @@ static int sql_auxprop_lookup(void *glob_context,
+   done:
+     if (escap_userid) sparams->utils->free(escap_userid);
+     if (escap_realm) sparams->utils->free(escap_realm);
++    if (escap_passwd) sparams->utils->free(escap_passwd);
+     if (conn) settings->sql_engine->sql_close(conn);
+     if (userid) sparams->utils->free(userid);
+     if (realm) sparams->utils->free(realm);
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb
index 98899dfd5e..3fc1b0fd17 100644
--- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb
+++ b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=cyrus-sas
            file://saslauthd.service \
            file://saslauthd.conf \
            file://CVE-2019-19906.patch \
+	   file://CVE-2022-24407.patch \
            "
 
 UPSTREAM_CHECK_URI = "https://github.com/cyrusimap/cyrus-sasl/archives"
@@ -72,6 +73,7 @@ do_install:append() {
 }
 
 USERADD_PACKAGES = "${PN}-bin"
+GROUPADD_PARAM:${PN}-bin = "--system mail"
 USERADD_PARAM:${PN}-bin = "--system --home=/var/spool/mail -g mail cyrus"
 
 SYSTEMD_PACKAGES = "${PN}-bin"
diff --git a/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch b/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch
new file mode 100644
index 0000000000..ad1704520c
--- /dev/null
+++ b/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch
@@ -0,0 +1,35 @@
+From e5ddcf9575437bacd64c2b68501b413014186a6a Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 19 Oct 2022 10:15:01 -0700
+Subject: [PATCH] makedefs: Account for linux 6.x version
+
+Major version has bumped to 6 and script needs to know that
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ makedefs | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/makedefs
++++ b/makedefs
+@@ -613,7 +613,7 @@ EOF
+ 		: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
+ 		: ${PLUGIN_LD="${CC-gcc} -shared"}
+ 		;;
+- Linux.[345].*)	SYSTYPE=LINUX$RELEASE_MAJOR
++ Linux.[3-6]*)	SYSTYPE=LINUX$RELEASE_MAJOR
+ 		case "$CCARGS" in
+ 		 *-DNO_DB*) ;;
+ 		 *-DHAS_DB*) ;;
+--- a/src/util/sys_defs.h
++++ b/src/util/sys_defs.h
+@@ -751,7 +751,7 @@ extern int initgroups(const char *, int)
+  /*
+   * LINUX.
+   */
+-#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5)
++#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) || defined(LINUX6)
+ #define SUPPORTED
+ #define UINT32_TYPE	unsigned int
+ #define UINT16_TYPE	unsigned short
diff --git a/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-1.patch b/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-1.patch
new file mode 100644
index 0000000000..65436b704e
--- /dev/null
+++ b/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-1.patch
@@ -0,0 +1,377 @@
+From a6596ec37a4892e1d9c2498ecbfc4b8e6be5156a Mon Sep 17 00:00:00 2001
+From: Wietse Venema <wietse@porcupine.org>
+Date: Fri, 22 Dec 2023 00:00:00 -0500
+Subject: [PATCH] postfix-3.6.13
+---
+Upstream-Status: Backport from [https://launchpad.net/ubuntu/+source/postfix/3.6.4-1ubuntu1.3]
+CVE: CVE-2023-51764
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ man/man5/postconf.5      |   55 +++++++++++++++++++++++++++++++++++++++++++++++
+ man/man8/smtpd.8         |    9 +++++++
+ mantools/postlink        |    2 +
+ proto/postconf.proto     |   52 ++++++++++++++++++++++++++++++++++++++++++++
+ src/global/mail_params.h |   11 ++++++++-
+ src/global/smtp_stream.c |   14 +++++++++++
+ src/global/smtp_stream.h |    2 +
+ src/smtpd/smtpd.c        |   42 +++++++++++++++++++++++++++++++++++
+ 8 files changed, 185 insertions(+), 2 deletions(-)
+
+--- a/man/man5/postconf.5
++++ b/man/man5/postconf.5
+@@ -10412,6 +10412,61 @@
+ parameter $name expansion.
+ .PP
+ This feature is available in Postfix 2.0 and later.
++.SH smtpd_forbid_bare_newline (default: Postfix < 3.9: no)
++Reply with "Error: bare <LF> received" and disconnect
++when a remote SMTP client sends a line ending in <LF>, violating
++the RFC 5321 requirement that lines must end in <CR><LF>.
++This feature is disbled by default with Postfix < 3.9. Use
++smtpd_forbid_bare_newline_exclusions to exclude non\-standard clients
++such as netcat. Specify "smtpd_forbid_bare_newline = no" to disable
++(not recommended for an Internet\-connected MTA).
++.PP
++See
++https://www.postfix.org/smtp\-smuggling.html for details.
++.PP
++Example:
++.sp
++.in +4
++.nf
++.na
++.ft C
++# Disconnect remote SMTP clients that send bare newlines, but allow
++# local clients with non\-standard SMTP implementations such as netcat,
++# fax machines, or load balancer health checks.
++#
++smtpd_forbid_bare_newline = yes
++smtpd_forbid_bare_newline_exclusions = $mynetworks
++.fi
++.ad
++.ft R
++.in -4
++.PP
++This feature is available in Postfix >= 3.9, 3.8.4, 3.7.9,
++3.6.13, and 3.5.23.
++.SH smtpd_forbid_bare_newline_exclusions (default: $mynetworks)
++Exclude the specified clients from smtpd_forbid_bare_newline
++enforcement. It uses the same syntax and parent\-domain matching
++behavior as mynetworks.
++.PP
++Example:
++.sp
++.in +4
++.nf
++.na
++.ft C
++# Disconnect remote SMTP clients that send bare newlines, but allow
++# local clients with non\-standard SMTP implementations such as netcat,
++# fax machines, or load balancer health checks.
++#
++smtpd_forbid_bare_newline = yes
++smtpd_forbid_bare_newline_exclusions = $mynetworks
++.fi
++.ad
++.ft R
++.in -4
++.PP
++This feature is available in Postfix >= 3.9, 3.8.4, 3.7.9,
++3.6.13, and 3.5.23.
+ .SH smtpd_forbidden_commands (default: CONNECT, GET, POST)
+ List of commands that cause the Postfix SMTP server to immediately
+ terminate the session with a 221 code. This can be used to disconnect
+--- a/man/man8/smtpd.8
++++ b/man/man8/smtpd.8
+@@ -808,6 +808,15 @@
+ The maximal number of AUTH commands that any client is allowed to
+ send to this service per time unit, regardless of whether or not
+ Postfix actually accepts those commands.
++.PP
++Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
++.IP "\fBsmtpd_forbid_bare_newline (Postfix < 3.9: no)\fR"
++Reply with "Error: bare <LF> received" and disconnect
++when a remote SMTP client sends a line ending in <LF>, violating
++the RFC 5321 requirement that lines must end in <CR><LF>.
++.IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR"
++Exclude the specified clients from smtpd_forbid_bare_newline
++enforcement.
+ .SH "TARPIT CONTROLS"
+ .na
+ .nf
+--- a/mantools/postlink
++++ b/mantools/postlink
+@@ -547,6 +547,8 @@
+     s;\bsmtpd_error_sleep_time\b;<a href="postconf.5.html#smtpd_error_sleep_time">$&</a>;g;
+     s;\bsmtpd_etrn_restrictions\b;<a href="postconf.5.html#smtpd_etrn_restrictions">$&</a>;g;
+     s;\bsmtpd_expansion_filter\b;<a href="postconf.5.html#smtpd_expansion_filter">$&</a>;g;
++    s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_newline\b;<a href="postconf.5.html#smtpd_forbi    d_bare_newline">$&</a>;g;
++    s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_newline_exclusions\b;<a href="postconf.5.html#    smtpd_forbid_bare_newline_exclusions">$&</a>;g;
+     s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bidden_commands\b;<a href="postconf.5.html#smtpd_forbidden_commands">$&</a>;g;
+     s;\bsmtpd_hard_error_limit\b;<a href="postconf.5.html#smtpd_hard_error_limit">$&</a>;g;
+     s;\bsmtpd_helo_required\b;<a href="postconf.5.html#smtpd_helo_required">$&</a>;g;
+--- a/proto/postconf.proto
++++ b/proto/postconf.proto
+@@ -18058,3 +18058,55 @@
+ name or port number. </p>
+ 
+ <p> This feature is available in Postfix 3.6 and later. </p>
++
++%PARAM smtpd_forbid_bare_newline Postfix &lt; 3.9: no
++
++<p> Reply with "Error: bare &lt;LF&gt; received" and disconnect
++when a remote SMTP client sends a line ending in &lt;LF&gt;, violating
++the RFC 5321 requirement that lines must end in &lt;CR&gt;&lt;LF&gt;.
++This feature is disbled by default with Postfix &lt; 3.9. Use
++smtpd_forbid_bare_newline_exclusions to exclude non-standard clients
++such as netcat. Specify "smtpd_forbid_bare_newline = no" to disable
++(not recommended for an Internet-connected MTA). </p>
++
++<p> See <a href="https://www.postfix.org/smtp-smuggling.html">
++https://www.postfix.org/smtp-smuggling.html</a> for details.
++
++<p> Example: </p>
++
++<blockquote>
++<pre>
++# Disconnect remote SMTP clients that send bare newlines, but allow
++# local clients with non-standard SMTP implementations such as netcat,
++# fax machines, or load balancer health checks.
++#
++smtpd_forbid_bare_newline = yes
++smtpd_forbid_bare_newline_exclusions = $mynetworks
++</pre>
++</blockquote>
++
++<p> This feature is available in Postfix &ge; 3.9, 3.8.4, 3.7.9,
++3.6.13, and 3.5.23. </p>
++
++%PARAM smtpd_forbid_bare_newline_exclusions $mynetworks
++
++<p> Exclude the specified clients from smtpd_forbid_bare_newline
++enforcement. It uses the same syntax and parent-domain matching
++behavior as mynetworks. </p>
++
++<p> Example: </p>
++
++<blockquote>
++<pre>
++# Disconnect remote SMTP clients that send bare newlines, but allow
++# local clients with non-standard SMTP implementations such as netcat,
++# fax machines, or load balancer health checks.
++#
++smtpd_forbid_bare_newline = yes
++smtpd_forbid_bare_newline_exclusions = $mynetworks
++</pre>
++</blockquote>
++
++<p> This feature is available in Postfix &ge; 3.9, 3.8.4, 3.7.9,
++3.6.13, and 3.5.23. </p>
++
+--- a/src/global/mail_params.h
++++ b/src/global/mail_params.h
+@@ -4170,7 +4170,16 @@
+ extern char *var_smtpd_dns_re_filter;
+ 
+  /*
+-  * Share TLS sessions through tlproxy(8).
++  * Backwards compatibility.
++  */
++#define VAR_SMTPD_FORBID_BARE_LF	"smtpd_forbid_bare_newline"
++#define DEF_SMTPD_FORBID_BARE_LF	0
++
++#define VAR_SMTPD_FORBID_BARE_LF_EXCL	"smtpd_forbid_bare_newline_exclusions"
++#define DEF_SMTPD_FORBID_BARE_LF_EXCL	"$" VAR_MYNETWORKS
++
++ /*
++  * Share TLS sessions through tlsproxy(8).
+   */
+ #define VAR_SMTP_TLS_CONN_REUSE		"smtp_tls_connection_reuse"
+ #define DEF_SMTP_TLS_CONN_REUSE		0
+--- a/src/global/smtp_stream.c
++++ b/src/global/smtp_stream.c
+@@ -50,6 +50,8 @@
+ /*	VSTREAM *stream;
+ /*	char	*format;
+ /*	va_list	ap;
++/*
++/*	int	smtp_forbid_bare_lf;
+ /* AUXILIARY API
+ /*	int	smtp_get_noexcept(vp, stream, maxlen, flags)
+ /*	VSTRING	*vp;
+@@ -124,11 +126,16 @@
+ /*	smtp_vprintf() is the machine underneath smtp_printf().
+ /*
+ /*	smtp_get_noexcept() implements the subset of smtp_get()
+-/*	without timeouts and without making long jumps. Instead,
++/*	without long jumps for timeout or EOF errors. Instead,
+ /*	query the stream status with vstream_feof() etc.
++/*	This function will make a VSTREAM long jump (error code
++/*	SMTP_ERR_LF) when rejecting input with a bare newline byte.
+ /*
+ /*	smtp_timeout_setup() is a backwards-compatibility interface
+ /*	for programs that don't require per-record deadline support.
++/*
++/*	smtp_forbid_bare_lf controls whether smtp_get_noexcept()
++/*	will reject input with a bare newline byte.
+ /* DIAGNOSTICS
+ /* .fi
+ /* .ad
+@@ -201,6 +208,8 @@
+ 
+ #include "smtp_stream.h"
+ 
++int     smtp_forbid_bare_lf;
++
+ /* smtp_timeout_reset - reset per-stream error flags, restart deadline timer */
+ 
+ static void smtp_timeout_reset(VSTREAM *stream)
+@@ -404,6 +413,9 @@
+ 	 */
+     case '\n':
+ 	vstring_truncate(vp, VSTRING_LEN(vp) - 1);
++	if (smtp_forbid_bare_lf
++	    && (VSTRING_LEN(vp) == 0 || vstring_end(vp)[-1] != '\r'))
++	    vstream_longjmp(stream, SMTP_ERR_LF);
+ 	while (VSTRING_LEN(vp) > 0 && vstring_end(vp)[-1] == '\r')
+ 	    vstring_truncate(vp, VSTRING_LEN(vp) - 1);
+ 	VSTRING_TERMINATE(vp);
+--- a/src/global/smtp_stream.h
++++ b/src/global/smtp_stream.h
+@@ -32,6 +32,7 @@
+ #define SMTP_ERR_QUIET	3		/* silent cleanup (application) */
+ #define SMTP_ERR_NONE	4		/* non-error case */
+ #define SMTP_ERR_DATA	5		/* application data error */
++#define SMTP_ERR_LF	6		/* bare <LF> protocol error */
+ 
+ extern void smtp_stream_setup(VSTREAM *, int, int);
+ extern void PRINTFLIKE(2, 3) smtp_printf(VSTREAM *, const char *,...);
+@@ -43,6 +44,7 @@
+ extern void smtp_fwrite(const char *, ssize_t len, VSTREAM *);
+ extern void smtp_fread_buf(VSTRING *, ssize_t len, VSTREAM *);
+ extern void smtp_fputc(int, VSTREAM *);
++extern int smtp_forbid_bare_lf;
+ 
+ extern void smtp_vprintf(VSTREAM *, const char *, va_list);
+ 
+--- a/src/smtpd/smtpd.c
++++ b/src/smtpd/smtpd.c
+@@ -762,6 +762,15 @@
+ /*	The maximal number of AUTH commands that any client is allowed to
+ /*	send to this service per time unit, regardless of whether or not
+ /*	Postfix actually accepts those commands.
++/* .PP
++/*	Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
++/* .IP "\fBsmtpd_forbid_bare_newline (Postfix < 3.9: no)\fR"
++/*	Reply with "Error: bare <LF> received" and disconnect
++/*	when a remote SMTP client sends a line ending in <LF>, violating
++/*	the RFC 5321 requirement that lines must end in <CR><LF>.
++/* .IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR"
++/*	Exclude the specified clients from smtpd_forbid_bare_newline
++/*	enforcement.
+ /* TARPIT CONTROLS
+ /* .ad
+ /* .fi
+@@ -1467,6 +1476,10 @@
+ int     var_smtpd_uproxy_tmout;
+ bool    var_relay_before_rcpt_checks;
+ 
++bool    var_smtpd_forbid_bare_lf;
++char   *var_smtpd_forbid_bare_lf_excl;
++static NAMADR_LIST *bare_lf_excl;
++
+  /*
+   * Silly little macros.
+   */
+@@ -1541,6 +1554,7 @@
+ #define REASON_TIMEOUT		"timeout"
+ #define REASON_LOST_CONNECTION	"lost connection"
+ #define REASON_ERROR_LIMIT	"too many errors"
++#define REASON_BARE_LF		"bare <LF> received"
+ 
+ #ifdef USE_TLS
+ 
+@@ -3967,6 +3981,7 @@
+      */
+     done = 0;
+     do {
++	int     payload_err;
+ 
+ 	/*
+ 	 * Do not skip the smtp_fread_buf() call if read_len == 0. We still
+@@ -3980,6 +3995,10 @@
+ 	smtp_fread_buf(state->buffer, read_len, state->client);
+ 	state->bdat_get_stream = vstream_memreopen(
+ 			   state->bdat_get_stream, state->buffer, O_RDONLY);
++	vstream_control(state->bdat_get_stream, CA_VSTREAM_CTL_EXCEPT,
++			CA_VSTREAM_CTL_END);
++	if ((payload_err = vstream_setjmp(state->bdat_get_stream)) != 0)
++	    vstream_longjmp(state->client, payload_err);
+ 
+ 	/*
+ 	 * Read lines from the fragment. The last line may continue in the
+@@ -4655,6 +4674,9 @@
+      */
+     xclient_allowed =
+ 	namadr_list_match(xclient_hosts, state->name, state->addr);
++    smtp_forbid_bare_lf = SMTPD_STAND_ALONE((state)) == 0
++	&& var_smtpd_forbid_bare_lf
++	&& !namadr_list_match(bare_lf_excl, state->name, state->addr);
+     /* NOT: tls_reset() */
+     if (got_helo == 0)
+ 	helo_reset(state);
+@@ -5446,6 +5468,13 @@
+ 			     var_myhostname);
+ 	break;
+ 
++    case SMTP_ERR_LF:
++	state->reason = REASON_BARE_LF;
++	if (vstream_setjmp(state->client) == 0)
++	    smtpd_chat_reply(state, "521 5.5.2 %s Error: bare <LF> received",
++			     var_myhostname);
++	break;
++
+     case 0:
+ 
+ 	/*
+@@ -5995,6 +6024,13 @@
+ 	namadr_list_match(xforward_hosts, state.name, state.addr);
+ 
+     /*
++     * Enforce strict SMTP line endings, with compatibility exclusions.
++     */
++    smtp_forbid_bare_lf = SMTPD_STAND_ALONE((&state)) == 0
++	&& var_smtpd_forbid_bare_lf
++	&& !namadr_list_match(bare_lf_excl, state.name, state.addr);
++
++    /*
+      * See if we need to turn on verbose logging for this client.
+      */
+     debug_peer_check(state.name, state.addr);
+@@ -6055,6 +6091,10 @@
+     hogger_list = namadr_list_init(VAR_SMTPD_HOGGERS, MATCH_FLAG_RETURN
+ 				   | match_parent_style(VAR_SMTPD_HOGGERS),
+ 				   var_smtpd_hoggers);
++    bare_lf_excl = namadr_list_init(VAR_SMTPD_FORBID_BARE_LF_EXCL,
++				    MATCH_FLAG_RETURN
++				    | match_parent_style(VAR_MYNETWORKS),
++				    var_smtpd_forbid_bare_lf_excl);
+ 
+     /*
+      * Open maps before dropping privileges so we can read passwords etc.
+@@ -6412,6 +6452,7 @@
+ 	VAR_SMTPD_PEERNAME_LOOKUP, DEF_SMTPD_PEERNAME_LOOKUP, &var_smtpd_peername_lookup,
+ 	VAR_SMTPD_DELAY_OPEN, DEF_SMTPD_DELAY_OPEN, &var_smtpd_delay_open,
+ 	VAR_SMTPD_CLIENT_PORT_LOG, DEF_SMTPD_CLIENT_PORT_LOG, &var_smtpd_client_port_log,
++    VAR_SMTPD_FORBID_BARE_LF, DEF_SMTPD_FORBID_BARE_LF, &var_smtpd_forbid_bare_lf,
+ 	0,
+     };
+     static const CONFIG_NBOOL_TABLE nbool_table[] = {
+@@ -6527,6 +6568,7 @@
+ 	VAR_SMTPD_POLICY_CONTEXT, DEF_SMTPD_POLICY_CONTEXT, &var_smtpd_policy_context, 0, 0,
+ 	VAR_SMTPD_DNS_RE_FILTER, DEF_SMTPD_DNS_RE_FILTER, &var_smtpd_dns_re_filter, 0, 0,
+ 	VAR_SMTPD_REJ_FTR_MAPS, DEF_SMTPD_REJ_FTR_MAPS, &var_smtpd_rej_ftr_maps, 0, 0,
++	VAR_SMTPD_FORBID_BARE_LF_EXCL, DEF_SMTPD_FORBID_BARE_LF_EXCL, &var_smtpd_forbid_bare_lf_excl, 0, 0,
+ 	0,
+     };
+     static const CONFIG_RAW_TABLE raw_table[] = {
diff --git a/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-2.patch b/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-2.patch
new file mode 100644
index 0000000000..e97a088557
--- /dev/null
+++ b/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-2.patch
@@ -0,0 +1,978 @@
+From cb3b1cbda3dec086a7f4541fe64751d9bb2988bd Mon Sep 17 00:00:00 2001
+From: Wietse Venema <wietse@porcupine.org>
+Date: Sun, 21 Jan 2024 00:00:00 -0500
+Subject: [PATCH] postfix-3.6.14
+
+---
+
+Upstream-Status: Backport from [https://launchpad.net/ubuntu/+source/postfix/3.6.4-1ubuntu1.3]
+CVE: CVE-2023-51764
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ man/man5/postconf.5           |  173 +++++++++++++++++++++++++++++++++++-------
+ man/man8/cleanup.8            |    8 +
+ man/man8/smtpd.8              |   11 +-
+ mantools/postlink             |    6 -
+ proto/postconf.proto          |  142 +++++++++++++++++++++++++++-------
+ src/cleanup/cleanup.c         |    8 +
+ src/cleanup/cleanup_init.c    |    2 
+ src/cleanup/cleanup_message.c |   17 ++++
+ src/global/cleanup_strerror.c |    1 
+ src/global/cleanup_user.h     |    6 +
+ src/global/mail_params.h      |    9 +-
+ src/global/smtp_stream.c      |   34 +++++---
+ src/global/smtp_stream.h      |    4 
+ src/smtpd/smtpd.c             |  114 ++++++++++++++++++++-------
+ src/smtpd/smtpd_check.c       |   14 ++-
+ src/smtpd/smtpd_check.h       |    1 
+ 16 files changed, 443 insertions(+), 107 deletions(-)
+
+--- a/man/man5/postconf.5
++++ b/man/man5/postconf.5
+@@ -845,6 +845,32 @@
+ .fi
+ .ad
+ .ft R
++.SH cleanup_replace_stray_cr_lf (default: yes)
++Replace each stray <CR> or <LF> character in message
++content with a space character, to prevent outbound SMTP smuggling,
++and to make the evaluation of Postfix\-added DKIM or other signatures
++independent from how a remote mail server handles such characters.
++.PP
++SMTP does not allow such characters unless they are part of a
++<CR><LF> sequence, and different mail systems handle
++such stray characters in an implementation\-dependent manner. Stray
++<CR> or <LF> characters could be used for outbound
++SMTP smuggling, where an attacker uses a Postfix server to send
++message content with a non\-standard End\-of\-DATA sequence that
++triggers inbound SMTP smuggling at a remote SMTP server.
++.PP
++The replacement happens before all other content management,
++and before Postfix may add a DKIM etc. signature; if the signature
++were created first, the replacement could invalidate the signature.
++.PP
++In addition to preventing SMTP smuggling, replacing stray
++<CR> or <LF> characters ensures that the result of
++signature validation by later mail system will not depend on how
++that mail system handles those stray characters in an
++implementation\-dependent manner.
++.PP
++This feature is available in Postfix >= 3.9, 3.8.5, 3.7.10,
++3.6.14, and 3.5.24.
+ .SH cleanup_service_name (default: cleanup)
+ The name of the \fBcleanup\fR(8) service. This service rewrites addresses
+ into the standard form, and performs \fBcanonical\fR(5) address mapping
+@@ -10413,60 +10439,153 @@
+ .PP
+ This feature is available in Postfix 2.0 and later.
+ .SH smtpd_forbid_bare_newline (default: Postfix < 3.9: no)
+-Reply with "Error: bare <LF> received" and disconnect
+-when a remote SMTP client sends a line ending in <LF>, violating
+-the RFC 5321 requirement that lines must end in <CR><LF>.
+-This feature is disbled by default with Postfix < 3.9. Use
+-smtpd_forbid_bare_newline_exclusions to exclude non\-standard clients
+-such as netcat. Specify "smtpd_forbid_bare_newline = no" to disable
+-(not recommended for an Internet\-connected MTA).
+-.PP
+-See
+-https://www.postfix.org/smtp\-smuggling.html for details.
++Reject or restrict input lines from an SMTP client that end in
++<LF> instead of the standard <CR><LF>. Such line
++endings are commonly allowed with UNIX\-based SMTP servers, but they
++violate RFC 5321, and allowing such line endings can make a server
++vulnerable to
++SMTP smuggling.
++.PP
++Specify one of the following values (case does not matter):
++.IP "\fBnormalize\fR"
++Require the standard
++End\-of\-DATA sequence <CR><LF>.<CR><LF>.
++Otherwise, allow command or message content lines ending in the
++non\-standard <LF>, and process them as if the client sent the
++standard <CR><LF>.
++.br
++.br
++This maintains compatibility
++with many legitimate SMTP client applications that send a mix of
++standard and non\-standard line endings, but will fail to receive
++email from client implementations that do not terminate DATA content
++with the standard End\-of\-DATA sequence
++<CR><LF>.<CR><LF>.
++.br
++.br
++Such clients
++can be excluded with smtpd_forbid_bare_newline_exclusions.
++.br
++.IP "\fByes\fR"
++Compatibility alias for \fBnormalize\fR.
++.br
++.IP "\fBreject\fR"
++Require the standard End\-of\-DATA
++sequence <CR><LF>.<CR><LF>. Reject a command
++or message content when a line contains bare <LF>, log a "bare
++<LF> received" error, and reply with the SMTP status code in
++$smtpd_forbid_bare_newline_reject_code.
++.br
++.br
++This will reject
++email from SMTP clients that send any non\-standard line endings
++such as web applications, netcat, or load balancer health checks.
++.br
++.br
++This will also reject email from services that use BDAT
++to send MIME text containing a bare newline (RFC 3030 Section 3
++requires canonical MIME format for text message types, defined in
++RFC 2045 Sections 2.7 and 2.8).
++.br
++.br
++Such clients can be
++excluded with smtpd_forbid_bare_newline_exclusions (or, in the case
++of BDAT violations, BDAT can be selectively disabled with
++smtpd_discard_ehlo_keyword_address_maps, or globally disabled with
++smtpd_discard_ehlo_keywords).
++.br
++.IP "\fBno\fR (default)"
++Do not require the standard
++End\-of\-DATA
++sequence <CR><LF>.<CR><LF>. Always process
++a bare <LF> as if the client sent <CR><LF>. This
++option is fully backwards compatible, but is not recommended for
++an Internet\-facing SMTP server, because it is vulnerable to  SMTP smuggling.
++.br
++.br
+ .PP
+-Example:
++Recommended settings:
+ .sp
+ .in +4
+ .nf
+ .na
+ .ft C
+-# Disconnect remote SMTP clients that send bare newlines, but allow
+-# local clients with non\-standard SMTP implementations such as netcat,
+-# fax machines, or load balancer health checks.
++# Require the standard End\-of\-DATA sequence <CR><LF>.<CR><LF>.
++# Otherwise, allow bare <LF> and process it as if the client sent
++# <CR><LF>.
+ #
+-smtpd_forbid_bare_newline = yes
++# This maintains compatibility with many legitimate SMTP client
++# applications that send a mix of standard and non\-standard line
++# endings, but will fail to receive email from client implementations
++# that do not terminate DATA content with the standard End\-of\-DATA
++# sequence <CR><LF>.<CR><LF>.
++#
++# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions.
++# The example below allowlists SMTP clients in trusted networks.
++#
++smtpd_forbid_bare_newline = normalize
+ smtpd_forbid_bare_newline_exclusions = $mynetworks
+ .fi
+ .ad
+ .ft R
+ .in -4
+ .PP
+-This feature is available in Postfix >= 3.9, 3.8.4, 3.7.9,
+-3.6.13, and 3.5.23.
+-.SH smtpd_forbid_bare_newline_exclusions (default: $mynetworks)
+-Exclude the specified clients from smtpd_forbid_bare_newline
+-enforcement. It uses the same syntax and parent\-domain matching
+-behavior as mynetworks.
+-.PP
+-Example:
++Alternative:
+ .sp
+ .in +4
+ .nf
+ .na
+ .ft C
+-# Disconnect remote SMTP clients that send bare newlines, but allow
+-# local clients with non\-standard SMTP implementations such as netcat,
+-# fax machines, or load balancer health checks.
++# Reject input lines that contain <LF> and log a "bare <LF> received"
++# error. Require that input lines end in <CR><LF>, and require the
++# standard End\-of\-DATA sequence <CR><LF>.<CR><LF>.
++#
++# This will reject email from SMTP clients that send any non\-standard
++# line endings such as web applications, netcat, or load balancer
++# health checks.
+ #
+-smtpd_forbid_bare_newline = yes
++# This will also reject email from services that use BDAT to send
++# MIME text containing a bare newline (RFC 3030 Section 3 requires
++# canonical MIME format for text message types, defined in RFC 2045
++# Sections 2.7 and 2.8).
++#
++# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions.
++# The example below allowlists SMTP clients in trusted networks.
++#
++smtpd_forbid_bare_newline = reject
+ smtpd_forbid_bare_newline_exclusions = $mynetworks
++#
++# Alternatively, in the case of BDAT violations, BDAT can be selectively
++# disabled with smtpd_discard_ehlo_keyword_address_maps, or globally
++# disabled with smtpd_discard_ehlo_keywords.
++#
++# smtpd_discard_ehlo_keyword_address_maps = cidr:/path/to/file
++# /path/to/file:
++#     10.0.0.0/24 chunking, silent\-discard
++# smtpd_discard_ehlo_keywords = chunking, silent\-discard
+ .fi
+ .ad
+ .ft R
+ .in -4
+ .PP
++This feature with settings \fByes\fR and \fBno\fR is available
++in Postfix 3.8.4, 3.7.9, 3.6.13, and 3.5.23. Additionally, the
++settings \fBreject\fR, and \fBnormalize\fR are available with
++Postfix >= 3.9, 3.8.5, 3.7.10, 3.6.14, and 3.5.24.
++.SH smtpd_forbid_bare_newline_exclusions (default: $mynetworks)
++Exclude the specified clients from smtpd_forbid_bare_newline
++enforcement. This setting uses the same syntax and parent\-domain
++matching behavior as mynetworks.
++.PP
+ This feature is available in Postfix >= 3.9, 3.8.4, 3.7.9,
+ 3.6.13, and 3.5.23.
++.SH smtpd_forbid_bare_newline_reject_code (default: 550)
++The numerical Postfix SMTP server response code when rejecting a
++request with "smtpd_forbid_bare_newline = reject".
++Specify a 5XX status code (521 to disconnect).
++.PP
++This feature is available in Postfix >= 3.9, 3.8.5, 3.7.10,
++3.6.14, and 3.5.24.
+ .SH smtpd_forbidden_commands (default: CONNECT, GET, POST)
+ List of commands that cause the Postfix SMTP server to immediately
+ terminate the session with a 221 code. This can be used to disconnect
+--- a/man/man8/cleanup.8
++++ b/man/man8/cleanup.8
+@@ -163,6 +163,14 @@
+ .IP "\fBmessage_strip_characters (empty)\fR"
+ The set of characters that Postfix will remove from message
+ content.
++.PP
++Available in Postfix version 3.9, 3.8.5, 3.7.10, 3.6.14,
++3.5.24, and later:
++.IP "\fBcleanup_replace_stray_cr_lf (yes)\fR"
++Replace each stray <CR> or <LF> character in message
++content with a space character, to prevent outbound SMTP smuggling,
++and to make the evaluation of Postfix\-added DKIM or other signatures
++independent from how a remote mail server handles such characters.
+ .SH "BEFORE QUEUE MILTER CONTROLS"
+ .na
+ .nf
+--- a/man/man8/smtpd.8
++++ b/man/man8/smtpd.8
+@@ -811,12 +811,17 @@
+ .PP
+ Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
+ .IP "\fBsmtpd_forbid_bare_newline (Postfix < 3.9: no)\fR"
+-Reply with "Error: bare <LF> received" and disconnect
+-when a remote SMTP client sends a line ending in <LF>, violating
+-the RFC 5321 requirement that lines must end in <CR><LF>.
++Reject or restrict input lines from an SMTP client that end in
++<LF> instead of the standard <CR><LF>.
+ .IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR"
+ Exclude the specified clients from smtpd_forbid_bare_newline
+ enforcement.
++.PP
++Available in Postfix 3.9, 3.8.5, 3.7.10, 3.6.14, 3.5.24 and
++later:
++.IP "\fBsmtpd_forbid_bare_newline_reject_code (550)\fR"
++The numerical Postfix SMTP server response code when rejecting a
++request with "smtpd_forbid_bare_newline = reject".
+ .SH "TARPIT CONTROLS"
+ .na
+ .nf
+--- a/mantools/postlink
++++ b/mantools/postlink
+@@ -547,8 +547,10 @@
+     s;\bsmtpd_error_sleep_time\b;<a href="postconf.5.html#smtpd_error_sleep_time">$&</a>;g;
+     s;\bsmtpd_etrn_restrictions\b;<a href="postconf.5.html#smtpd_etrn_restrictions">$&</a>;g;
+     s;\bsmtpd_expansion_filter\b;<a href="postconf.5.html#smtpd_expansion_filter">$&</a>;g;
+-    s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_newline\b;<a href="postconf.5.html#smtpd_forbi    d_bare_newline">$&</a>;g;
+-    s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_newline_exclusions\b;<a href="postconf.5.html#    smtpd_forbid_bare_newline_exclusions">$&</a>;g;
++    s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_new[-</bB>]*\n*[ <bB>]*line\b;<a href="postconf.5.html#smtpd_forbid_bare_newline">$&</a>;g;
++    s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_new[-</bB>]*\n*[ <bB>]*line_reject_code\b;<a href="postconf.5.html#smtpd_forbid_bare_newline_reject_code">$&</a>;g;
++    s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_new[-</bB>]*\n*[ <bB>]*line_exclusions\b;<a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">$&</a>;g;
++    s;\bcleanup_replace_stray_cr_lf\b;<a href="postconf.5.html#cleanup_replace_stray_cr_lf">$&</a>;g;
+     s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bidden_commands\b;<a href="postconf.5.html#smtpd_forbidden_commands">$&</a>;g;
+     s;\bsmtpd_hard_error_limit\b;<a href="postconf.5.html#smtpd_hard_error_limit">$&</a>;g;
+     s;\bsmtpd_helo_required\b;<a href="postconf.5.html#smtpd_helo_required">$&</a>;g;
+--- a/proto/postconf.proto
++++ b/proto/postconf.proto
+@@ -18061,52 +18061,138 @@
+ 
+ %PARAM smtpd_forbid_bare_newline Postfix &lt; 3.9: no
+ 
+-<p> Reply with "Error: bare &lt;LF&gt; received" and disconnect
+-when a remote SMTP client sends a line ending in &lt;LF&gt;, violating
+-the RFC 5321 requirement that lines must end in &lt;CR&gt;&lt;LF&gt;.
+-This feature is disbled by default with Postfix &lt; 3.9. Use
+-smtpd_forbid_bare_newline_exclusions to exclude non-standard clients
+-such as netcat. Specify "smtpd_forbid_bare_newline = no" to disable
+-(not recommended for an Internet-connected MTA). </p>
++<p> Reject or restrict input lines from an SMTP client that end in
++&lt;LF&gt; instead of the standard &lt;CR&gt;&lt;LF&gt;. Such line
++endings are commonly allowed with UNIX-based SMTP servers, but they
++violate RFC 5321, and allowing such line endings can make a server
++vulnerable to <a href="https://www.postfix.org/smtp-smuggling.html">
++SMTP smuggling</a>.  </p>
++
++<p> Specify one of the following values (case does not matter): </p>
++
++<dl compact>
++
++<dt> <b>normalize</b></dt> <dd> Require the standard
++End-of-DATA sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;.
++Otherwise, allow command or message content lines ending in the
++non-standard &lt;LF&gt;, and process them as if the client sent the
++standard &lt;CR&gt;&lt;LF&gt;. <br> <br> This maintains compatibility
++with many legitimate SMTP client applications that send a mix of
++standard and non-standard line endings, but will fail to receive
++email from client implementations that do not terminate DATA content
++with the standard End-of-DATA sequence
++&lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;. <br> <br> Such clients
++can be excluded with smtpd_forbid_bare_newline_exclusions. </dd>
++
++<dt> <b>yes</b> </dt> <dd> Compatibility alias for <b>normalize</b>. </dd>
++
++<dt> <b>reject</b> </dt> <dd> Require the standard End-of-DATA
++sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;. Reject a command
++or message content when a line contains bare &lt;LF&gt;, log a "bare
++&lt;LF&gt; received" error, and reply with the SMTP status code in
++$smtpd_forbid_bare_newline_reject_code. <br> <br> This will reject
++email from SMTP clients that send any non-standard line endings
++such as web applications, netcat, or load balancer health checks.
++<br> <br> This will also reject email from services that use BDAT
++to send MIME text containing a bare newline (RFC 3030 Section 3
++requires canonical MIME format for text message types, defined in
++RFC 2045 Sections 2.7 and 2.8). <br> <br> Such clients can be
++excluded with smtpd_forbid_bare_newline_exclusions (or, in the case
++of BDAT violations, BDAT can be selectively disabled with
++smtpd_discard_ehlo_keyword_address_maps, or globally disabled with
++smtpd_discard_ehlo_keywords). </dd>
++
++<dt> <b>no</b> (default)</dt> <dd> Do not require the standard
++End-of-DATA
++sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;. Always process
++a bare &lt;LF&gt; as if the client sent &lt;CR&gt;&lt;LF&gt;. This
++option is fully backwards compatible, but is not recommended for
++an Internet-facing SMTP server, because it is vulnerable to <a
++href="https://www.postfix.org/smtp-smuggling.html"> SMTP smuggling</a>.
++</dd>
+ 
+-<p> See <a href="https://www.postfix.org/smtp-smuggling.html">
+-https://www.postfix.org/smtp-smuggling.html</a> for details.
++</dl>
+ 
+-<p> Example: </p>
++<p> Recommended settings: </p>
+ 
+ <blockquote>
+ <pre>
+-# Disconnect remote SMTP clients that send bare newlines, but allow
+-# local clients with non-standard SMTP implementations such as netcat,
+-# fax machines, or load balancer health checks.
++# Require the standard End-of-DATA sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;.
++# Otherwise, allow bare &lt;LF&gt; and process it as if the client sent
++# &lt;CR&gt;&lt;LF&gt;.
+ #
+-smtpd_forbid_bare_newline = yes
++# This maintains compatibility with many legitimate SMTP client
++# applications that send a mix of standard and non-standard line
++# endings, but will fail to receive email from client implementations
++# that do not terminate DATA content with the standard End-of-DATA
++# sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;.
++#
++# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions.
++# The example below allowlists SMTP clients in trusted networks.
++#
++smtpd_forbid_bare_newline = normalize
+ smtpd_forbid_bare_newline_exclusions = $mynetworks
+ </pre>
+ </blockquote>
+ 
+-<p> This feature is available in Postfix &ge; 3.9, 3.8.4, 3.7.9,
+-3.6.13, and 3.5.23. </p>
+-
+-%PARAM smtpd_forbid_bare_newline_exclusions $mynetworks
+-
+-<p> Exclude the specified clients from smtpd_forbid_bare_newline
+-enforcement. It uses the same syntax and parent-domain matching
+-behavior as mynetworks. </p>
+-
+-<p> Example: </p>
++<p> Alternative: </p>
+ 
+ <blockquote>
+ <pre>
+-# Disconnect remote SMTP clients that send bare newlines, but allow
+-# local clients with non-standard SMTP implementations such as netcat,
+-# fax machines, or load balancer health checks.
++# Reject input lines that contain &lt;LF&gt; and log a "bare &lt;LF&gt; received"
++# error. Require that input lines end in &lt;CR&gt;&lt;LF&gt;, and require the
++# standard End-of-DATA sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;.
++#
++# This will reject email from SMTP clients that send any non-standard
++# line endings such as web applications, netcat, or load balancer
++# health checks.
++#
++# This will also reject email from services that use BDAT to send
++# MIME text containing a bare newline (RFC 3030 Section 3 requires
++# canonical MIME format for text message types, defined in RFC 2045
++# Sections 2.7 and 2.8).
++#
++# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions.
++# The example below allowlists SMTP clients in trusted networks.
+ #
+-smtpd_forbid_bare_newline = yes
++smtpd_forbid_bare_newline = reject
+ smtpd_forbid_bare_newline_exclusions = $mynetworks
++#
++# Alternatively, in the case of BDAT violations, BDAT can be selectively
++# disabled with smtpd_discard_ehlo_keyword_address_maps, or globally
++# disabled with smtpd_discard_ehlo_keywords.
++#
++# smtpd_discard_ehlo_keyword_address_maps = cidr:/path/to/file
++# /path/to/file:
++#     10.0.0.0/24 chunking, silent-discard
++# smtpd_discard_ehlo_keywords = chunking, silent-discard
+ </pre>
+ </blockquote>
+ 
++<p> This feature with settings <b>yes</b> and <b>no</b> is available
++in Postfix 3.8.4, 3.7.9, 3.6.13, and 3.5.23. Additionally, the
++settings <b>reject</b>, and <b>normalize</b> are available with
++Postfix &ge; 3.9, 3.8.5, 3.7.10, 3.6.14, and 3.5.24. </p>
++
++%PARAM smtpd_forbid_bare_newline_exclusions $mynetworks
++
++<p> Exclude the specified clients from smtpd_forbid_bare_newline
++enforcement. This setting uses the same syntax and parent-domain
++matching behavior as mynetworks. </p>
++
+ <p> This feature is available in Postfix &ge; 3.9, 3.8.4, 3.7.9,
+ 3.6.13, and 3.5.23. </p>
+ 
++%PARAM smtpd_forbid_bare_newline_reject_code 550
++
++<p>
++The numerical Postfix SMTP server response code when rejecting a
++request with "smtpd_forbid_bare_newline = reject".
++Specify a 5XX status code (521 to disconnect).
++</p>
++
++<p> This feature is available in Postfix &ge; 3.9, 3.8.5, 3.7.10,
++3.6.14, and 3.5.24. </p>
++
++%PARAM cleanup_replace_stray_cr_lf yes
++
+--- a/src/cleanup/cleanup.c
++++ b/src/cleanup/cleanup.c
+@@ -145,6 +145,14 @@
+ /* .IP "\fBmessage_strip_characters (empty)\fR"
+ /*	The set of characters that Postfix will remove from message
+ /*	content.
++/* .PP
++/*	Available in Postfix version 3.9, 3.8.5, 3.7.10, 3.6.14,
++/*	3.5.24, and later:
++/* .IP "\fBcleanup_replace_stray_cr_lf (yes)\fR"
++/*	Replace each stray <CR> or <LF> character in message
++/*	content with a space character, to prevent outbound SMTP smuggling,
++/*	and to make the evaluation of Postfix-added DKIM or other signatures
++/*	independent from how a remote mail server handles such characters.
+ /* BEFORE QUEUE MILTER CONTROLS
+ /* .ad
+ /* .fi
+--- a/src/cleanup/cleanup_init.c
++++ b/src/cleanup/cleanup_init.c
+@@ -173,6 +173,7 @@
+ int     var_always_add_hdrs;		/* always add missing headers */
+ int     var_virt_addrlen_limit;		/* stop exponential growth */
+ char   *var_hfrom_format;		/* header_from_format */
++int     var_cleanup_mask_stray_cr_lf;	/* replace stray CR or LF with space */
+ 
+ const CONFIG_INT_TABLE cleanup_int_table[] = {
+     VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0,
+@@ -189,6 +190,7 @@
+     VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
+     VAR_AUTO_8BIT_ENC_HDR, DEF_AUTO_8BIT_ENC_HDR, &var_auto_8bit_enc_hdr,
+     VAR_ALWAYS_ADD_HDRS, DEF_ALWAYS_ADD_HDRS, &var_always_add_hdrs,
++    VAR_CLEANUP_MASK_STRAY_CR_LF, DEF_CLEANUP_MASK_STRAY_CR_LF, &var_cleanup_mask_stray_cr_lf,
+     0,
+ };
+ 
+--- a/src/cleanup/cleanup_message.c
++++ b/src/cleanup/cleanup_message.c
+@@ -930,6 +930,23 @@
+     char   *dst;
+ 
+     /*
++     * Replace each stray CR or LF with one space. These are not allowed in
++     * SMTP, and can be used to enable outbound (remote) SMTP smuggling.
++     * Replacing these early ensures that our later DKIM etc. signature will
++     * not be invalidated. Besides preventing SMTP smuggling, replacing stray
++     * <CR> or <LF> ensures that the result of signature validation by a
++     * later mail system will not depend on how that mail system handles
++     * those stray characters in an implementation-dependent manner.
++     *
++     * The input length is not changed, therefore it is safe to overwrite the
++     * input.
++     */
++    if (var_cleanup_mask_stray_cr_lf)
++	for (dst = (char *) buf; dst < buf + len; dst++)
++	    if (*dst == '\r' || *dst == '\n')
++		*dst = ' ';
++
++    /*
+      * Reject unwanted characters.
+      * 
+      * XXX Possible optimization: simplify the loop when the "reject" set
+--- a/src/global/cleanup_strerror.c
++++ b/src/global/cleanup_strerror.c
+@@ -73,6 +73,7 @@
+     CLEANUP_STAT_CONT, 550, "5.7.1", "message content rejected",
+     CLEANUP_STAT_WRITE, 451, "4.3.0", "queue file write error",
+     CLEANUP_STAT_NOPERM, 550, "5.7.1", "service denied",
++    CLEANUP_STAT_BARE_LF, 521, "5.5.2", "bare <LF> received",
+ };
+ 
+ static CLEANUP_STAT_DETAIL cleanup_stat_success = {
+--- a/src/global/cleanup_user.h
++++ b/src/global/cleanup_user.h
+@@ -65,6 +65,12 @@
+ #define CLEANUP_STAT_NOPERM	(1<<9)	/* Denied by non-content policy */
+ 
+  /*
++  * Non-cleanup errors that live in the same bitmask space, to centralize
++  * error handling.
++  */
++#define CLEANUP_STAT_BARE_LF   (1<<16)	/* Bare <LF> received */
++
++ /*
+   * These are set when we can't bounce even if we were asked to.
+   */
+ #define CLEANUP_STAT_MASK_CANT_BOUNCE \
+--- a/src/global/mail_params.h
++++ b/src/global/mail_params.h
+@@ -4173,11 +4173,18 @@
+   * Backwards compatibility.
+   */
+ #define VAR_SMTPD_FORBID_BARE_LF	"smtpd_forbid_bare_newline"
+-#define DEF_SMTPD_FORBID_BARE_LF	0
++#define DEF_SMTPD_FORBID_BARE_LF	"no"
+ 
+ #define VAR_SMTPD_FORBID_BARE_LF_EXCL	"smtpd_forbid_bare_newline_exclusions"
+ #define DEF_SMTPD_FORBID_BARE_LF_EXCL	"$" VAR_MYNETWORKS
+ 
++#define VAR_SMTPD_FORBID_BARE_LF_CODE	"smtpd_forbid_bare_newline_reject_code"
++#define DEF_SMTPD_FORBID_BARE_LF_CODE	550
++
++#define VAR_CLEANUP_MASK_STRAY_CR_LF	"cleanup_replace_stray_cr_lf"
++#define DEF_CLEANUP_MASK_STRAY_CR_LF	1
++extern int var_cleanup_mask_stray_cr_lf;
++
+  /*
+   * Share TLS sessions through tlsproxy(8).
+   */
+--- a/src/global/smtp_stream.c
++++ b/src/global/smtp_stream.c
+@@ -51,7 +51,8 @@
+ /*	char	*format;
+ /*	va_list	ap;
+ /*
+-/*	int	smtp_forbid_bare_lf;
++/*	int	smtp_detect_bare_lf;
++/*	int	smtp_got_bare_lf;
+ /* AUXILIARY API
+ /*	int	smtp_get_noexcept(vp, stream, maxlen, flags)
+ /*	VSTRING	*vp;
+@@ -126,16 +127,16 @@
+ /*	smtp_vprintf() is the machine underneath smtp_printf().
+ /*
+ /*	smtp_get_noexcept() implements the subset of smtp_get()
+-/*	without long jumps for timeout or EOF errors. Instead,
++/*	without timeouts and without making long jumps. Instead,
+ /*	query the stream status with vstream_feof() etc.
+-/*	This function will make a VSTREAM long jump (error code
+-/*	SMTP_ERR_LF) when rejecting input with a bare newline byte.
++/*
++/*	This function assigns smtp_got_bare_lf = smtp_detect_bare_lf,
++/*	if smtp_detect_bare_lf is non-zero and the last read line
++/*	was terminated with a bare newline. Otherwise, this function
++/*	sets smtp_got_bare_lf to zero.
+ /*
+ /*	smtp_timeout_setup() is a backwards-compatibility interface
+ /*	for programs that don't require per-record deadline support.
+-/*
+-/*	smtp_forbid_bare_lf controls whether smtp_get_noexcept()
+-/*	will reject input with a bare newline byte.
+ /* DIAGNOSTICS
+ /* .fi
+ /* .ad
+@@ -208,7 +209,8 @@
+ 
+ #include "smtp_stream.h"
+ 
+-int     smtp_forbid_bare_lf;
++int     smtp_detect_bare_lf;
++int     smtp_got_bare_lf;
+ 
+ /* smtp_timeout_reset - reset per-stream error flags, restart deadline timer */
+ 
+@@ -371,6 +373,8 @@
+     int     last_char;
+     int     next_char;
+ 
++    smtp_got_bare_lf = 0;
++
+     /*
+      * It's painful to do I/O with records that may span multiple buffers.
+      * Allow for partial long lines (we will read the remainder later) and
+@@ -413,11 +417,15 @@
+ 	 */
+     case '\n':
+ 	vstring_truncate(vp, VSTRING_LEN(vp) - 1);
+-	if (smtp_forbid_bare_lf
+-	    && (VSTRING_LEN(vp) == 0 || vstring_end(vp)[-1] != '\r'))
+-	    vstream_longjmp(stream, SMTP_ERR_LF);
+-	while (VSTRING_LEN(vp) > 0 && vstring_end(vp)[-1] == '\r')
+-	    vstring_truncate(vp, VSTRING_LEN(vp) - 1);
++	if (smtp_detect_bare_lf) {
++	    if (VSTRING_LEN(vp) == 0 || vstring_end(vp)[-1] != '\r')
++		smtp_got_bare_lf = smtp_detect_bare_lf;
++	    else
++		vstring_truncate(vp, VSTRING_LEN(vp) - 1);
++	} else {
++	    while (VSTRING_LEN(vp) > 0 && vstring_end(vp)[-1] == '\r')
++		vstring_truncate(vp, VSTRING_LEN(vp) - 1);
++	}
+ 	VSTRING_TERMINATE(vp);
+ 	/* FALLTRHOUGH */
+ 
+--- a/src/global/smtp_stream.h
++++ b/src/global/smtp_stream.h
+@@ -32,7 +32,6 @@
+ #define SMTP_ERR_QUIET	3		/* silent cleanup (application) */
+ #define SMTP_ERR_NONE	4		/* non-error case */
+ #define SMTP_ERR_DATA	5		/* application data error */
+-#define SMTP_ERR_LF	6		/* bare <LF> protocol error */
+ 
+ extern void smtp_stream_setup(VSTREAM *, int, int);
+ extern void PRINTFLIKE(2, 3) smtp_printf(VSTREAM *, const char *,...);
+@@ -44,7 +43,8 @@
+ extern void smtp_fwrite(const char *, ssize_t len, VSTREAM *);
+ extern void smtp_fread_buf(VSTRING *, ssize_t len, VSTREAM *);
+ extern void smtp_fputc(int, VSTREAM *);
+-extern int smtp_forbid_bare_lf;
++extern int smtp_detect_bare_lf;
++extern int smtp_got_bare_lf;
+ 
+ extern void smtp_vprintf(VSTREAM *, const char *, va_list);
+ 
+--- a/src/smtpd/smtpd.c
++++ b/src/smtpd/smtpd.c
+@@ -765,12 +765,17 @@
+ /* .PP
+ /*	Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
+ /* .IP "\fBsmtpd_forbid_bare_newline (Postfix < 3.9: no)\fR"
+-/*	Reply with "Error: bare <LF> received" and disconnect
+-/*	when a remote SMTP client sends a line ending in <LF>, violating
+-/*	the RFC 5321 requirement that lines must end in <CR><LF>.
++/*	Reject or restrict input lines from an SMTP client that end in
++/*	<LF> instead of the standard <CR><LF>.
+ /* .IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR"
+ /*	Exclude the specified clients from smtpd_forbid_bare_newline
+ /*	enforcement.
++/* .PP
++/*	Available in Postfix 3.9, 3.8.5, 3.7.10, 3.6.14, 3.5.24 and
++/*	later:
++/* .IP "\fBsmtpd_forbid_bare_newline_reject_code (550)\fR"
++/*	The numerical Postfix SMTP server response code when rejecting a
++/*	request with "smtpd_forbid_bare_newline = reject".
+ /* TARPIT CONTROLS
+ /* .ad
+ /* .fi
+@@ -1476,8 +1481,10 @@
+ int     var_smtpd_uproxy_tmout;
+ bool    var_relay_before_rcpt_checks;
+ 
+-bool    var_smtpd_forbid_bare_lf;
++char   *var_smtpd_forbid_bare_lf;
+ char   *var_smtpd_forbid_bare_lf_excl;
++int     var_smtpd_forbid_bare_lf_code;
++static int bare_lf_mask;
+ static NAMADR_LIST *bare_lf_excl;
+ 
+  /*
+@@ -1554,7 +1561,6 @@
+ #define REASON_TIMEOUT		"timeout"
+ #define REASON_LOST_CONNECTION	"lost connection"
+ #define REASON_ERROR_LIMIT	"too many errors"
+-#define REASON_BARE_LF		"bare <LF> received"
+ 
+ #ifdef USE_TLS
+ 
+@@ -1573,6 +1579,40 @@
+   */
+ static DICT *smtpd_cmd_filter;
+ 
++ /*
++  * Bare LF and End-of-DATA controls (bare CR is handled elsewhere).
++  *
++  * At the smtp_get*() line reader level, setting any of these flags in the
++  * smtp_detect_bare_lf variable enables the detection of bare newlines. The
++  * line reader will set the same flags in the smtp_got_bare_lf variable
++  * after it detects a bare newline, otherwise it clears smtp_got_bare_lf.
++  *
++  * At the SMTP command level, the flags in smtp_got_bare_lf control whether
++  * commands ending in a bare newline are rejected.
++  *
++  * At the DATA and BDAT content level, the flags in smtp_got_bare_lf control
++  * whether the standard End-of-DATA sequence CRLF.CRLF is required, and
++  * whether lines ending in bare newlines are rejected.
++  *
++  * Postfix implements "delayed reject" after detecting a bare newline in BDAT
++  * or DATA content. The SMTP server delays a REJECT response until the
++  * command is finished, instead of replying and hanging up immediately. The
++  * End-of-DATA detection is secured with BARE_LF_FLAG_WANT_STD_EOD.
++  */
++#define BARE_LF_FLAG_WANT_STD_EOD	(1<<0)	/* Require CRLF.CRLF */
++#define BARE_LF_FLAG_REPLY_REJECT	(1<<1)	/* Reject bare newline */
++
++#define IS_BARE_LF_WANT_STD_EOD(m)	((m) & BARE_LF_FLAG_WANT_STD_EOD)
++#define IS_BARE_LF_REPLY_REJECT(m)	((m) & BARE_LF_FLAG_REPLY_REJECT)
++
++static const NAME_CODE bare_lf_mask_table[] = {
++    "normalize", BARE_LF_FLAG_WANT_STD_EOD,	/* Default */
++    "yes", BARE_LF_FLAG_WANT_STD_EOD,	/* Migration aid */
++    "reject", BARE_LF_FLAG_WANT_STD_EOD | BARE_LF_FLAG_REPLY_REJECT,
++    "no", 0,
++    0, -1,				/* error */
++};
++
+ #ifdef USE_SASL_AUTH
+ 
+  /*
+@@ -3515,6 +3555,7 @@
+     int     curr_rec_type;
+     int     prev_rec_type;
+     int     first = 1;
++    int     prev_got_bare_lf = 0;
+ 
+     /*
+      * Copy the message content. If the cleanup process has a problem, keep
+@@ -3528,12 +3569,15 @@
+      * XXX Deal with UNIX-style From_ lines at the start of message content
+      * because sendmail permits it.
+      */
+-    for (prev_rec_type = 0; /* void */ ; prev_rec_type = curr_rec_type) {
++    for (prev_rec_type = 0; /* void */ ; prev_rec_type = curr_rec_type,
++	 prev_got_bare_lf = smtp_got_bare_lf) {
+ 	if (smtp_get(state->buffer, state->client, var_line_limit,
+ 		     SMTP_GET_FLAG_NONE) == '\n')
+ 	    curr_rec_type = REC_TYPE_NORM;
+ 	else
+ 	    curr_rec_type = REC_TYPE_CONT;
++	if (IS_BARE_LF_REPLY_REJECT(smtp_got_bare_lf))
++	    state->err |= CLEANUP_STAT_BARE_LF;
+ 	start = vstring_str(state->buffer);
+ 	len = VSTRING_LEN(state->buffer);
+ 	if (first) {
+@@ -3546,9 +3590,14 @@
+ 	    if (len > 0 && IS_SPACE_TAB(start[0]))
+ 		out_record(out_stream, REC_TYPE_NORM, "", 0);
+ 	}
+-	if (prev_rec_type != REC_TYPE_CONT && *start == '.'
+-	    && (proxy == 0 ? (++start, --len) == 0 : len == 1))
+-	    break;
++	if (prev_rec_type != REC_TYPE_CONT && *start == '.') {
++	    if (len == 1 && IS_BARE_LF_WANT_STD_EOD(smtp_detect_bare_lf)
++		&& (smtp_got_bare_lf || prev_got_bare_lf))
++		/* Do not store or send to proxy filter. */
++		continue;
++	    if (proxy == 0 ? (++start, --len) == 0 : len == 1)
++		break;
++	}
+ 	if (state->err == CLEANUP_STAT_OK) {
+ 	    if (ENFORCING_SIZE_LIMIT(var_message_limit)
+ 		&& var_message_limit - state->act_size < len + 2) {
+@@ -3701,6 +3750,11 @@
+ 	else
+ 	    smtpd_chat_reply(state,
+ 			     "250 2.0.0 Ok: queued as %s", state->queue_id);
++    } else if ((state->err & CLEANUP_STAT_BARE_LF) != 0) {
++	state->error_mask |= MAIL_ERROR_PROTOCOL;
++	log_whatsup(state, "reject", "bare <LF> received");
++	smtpd_chat_reply(state, "%d 5.5.2 %s Error: bare <LF> received",
++			 var_smtpd_forbid_bare_lf_code, var_myhostname);
+     } else if (why && IS_SMTP_REJECT(STR(why))) {
+ 	state->error_mask |= MAIL_ERROR_POLICY;
+ 	smtpd_chat_reply(state, "%s", STR(why));
+@@ -3981,7 +4035,6 @@
+      */
+     done = 0;
+     do {
+-	int     payload_err;
+ 
+ 	/*
+ 	 * Do not skip the smtp_fread_buf() call if read_len == 0. We still
+@@ -3995,10 +4048,6 @@
+ 	smtp_fread_buf(state->buffer, read_len, state->client);
+ 	state->bdat_get_stream = vstream_memreopen(
+ 			   state->bdat_get_stream, state->buffer, O_RDONLY);
+-	vstream_control(state->bdat_get_stream, CA_VSTREAM_CTL_EXCEPT,
+-			CA_VSTREAM_CTL_END);
+-	if ((payload_err = vstream_setjmp(state->bdat_get_stream)) != 0)
+-	    vstream_longjmp(state->client, payload_err);
+ 
+ 	/*
+ 	 * Read lines from the fragment. The last line may continue in the
+@@ -4023,6 +4072,8 @@
+ 		/* Skip the out_record() and VSTRING_RESET() calls below. */
+ 		break;
+ 	    }
++	    if (IS_BARE_LF_REPLY_REJECT(smtp_got_bare_lf))
++		state->err |= CLEANUP_STAT_BARE_LF;
+ 	    start = vstring_str(state->bdat_get_buffer);
+ 	    len = VSTRING_LEN(state->bdat_get_buffer);
+ 	    if (state->err == CLEANUP_STAT_OK) {
+@@ -4674,9 +4725,9 @@
+      */
+     xclient_allowed =
+ 	namadr_list_match(xclient_hosts, state->name, state->addr);
+-    smtp_forbid_bare_lf = SMTPD_STAND_ALONE((state)) == 0
+-	&& var_smtpd_forbid_bare_lf
+-	&& !namadr_list_match(bare_lf_excl, state->name, state->addr);
++    smtp_detect_bare_lf = (SMTPD_STAND_ALONE((state)) == 0 && bare_lf_mask
++	    && !namadr_list_match(bare_lf_excl, state->name, state->addr)) ?
++	bare_lf_mask : 0;
+     /* NOT: tls_reset() */
+     if (got_helo == 0)
+ 	helo_reset(state);
+@@ -5468,13 +5519,6 @@
+ 			     var_myhostname);
+ 	break;
+ 
+-    case SMTP_ERR_LF:
+-	state->reason = REASON_BARE_LF;
+-	if (vstream_setjmp(state->client) == 0)
+-	    smtpd_chat_reply(state, "521 5.5.2 %s Error: bare <LF> received",
+-			     var_myhostname);
+-	break;
+-
+     case 0:
+ 
+ 	/*
+@@ -5676,6 +5720,13 @@
+ 	    }
+ 	    watchdog_pat();
+ 	    smtpd_chat_query(state);
++	    if (IS_BARE_LF_REPLY_REJECT(smtp_got_bare_lf)) {
++		log_whatsup(state, "reject", "bare <LF> received");
++		state->error_mask |= MAIL_ERROR_PROTOCOL;
++		smtpd_chat_reply(state, "%d 5.5.2 %s Error: bare <LF> received",
++			     var_smtpd_forbid_bare_lf_code, var_myhostname);
++		break;
++	    }
+ 	    /* Safety: protect internal interfaces against malformed UTF-8. */
+ 	    if (var_smtputf8_enable && valid_utf8_string(STR(state->buffer),
+ 						 LEN(state->buffer)) == 0) {
+@@ -6024,11 +6075,11 @@
+ 	namadr_list_match(xforward_hosts, state.name, state.addr);
+ 
+     /*
+-     * Enforce strict SMTP line endings, with compatibility exclusions.
++     * Reject or normalize bare LF, with compatibility exclusions.
+      */
+-    smtp_forbid_bare_lf = SMTPD_STAND_ALONE((&state)) == 0
+-	&& var_smtpd_forbid_bare_lf
+-	&& !namadr_list_match(bare_lf_excl, state.name, state.addr);
++    smtp_detect_bare_lf = (SMTPD_STAND_ALONE((&state)) == 0 && bare_lf_mask
++	      && !namadr_list_match(bare_lf_excl, state.name, state.addr)) ?
++	bare_lf_mask : 0;
+ 
+     /*
+      * See if we need to turn on verbose logging for this client.
+@@ -6095,6 +6146,10 @@
+ 				    MATCH_FLAG_RETURN
+ 				    | match_parent_style(VAR_MYNETWORKS),
+ 				    var_smtpd_forbid_bare_lf_excl);
++    if ((bare_lf_mask = name_code(bare_lf_mask_table, NAME_CODE_FLAG_NONE,
++				  var_smtpd_forbid_bare_lf)) < 0)
++	msg_fatal("bad parameter value: '%s = %s'",
++		  VAR_SMTPD_FORBID_BARE_LF, var_smtpd_forbid_bare_lf);
+ 
+     /*
+      * Open maps before dropping privileges so we can read passwords etc.
+@@ -6390,6 +6445,7 @@
+ 	VAR_VIRT_MAILBOX_CODE, DEF_VIRT_MAILBOX_CODE, &var_virt_mailbox_code, 0, 0,
+ 	VAR_RELAY_RCPT_CODE, DEF_RELAY_RCPT_CODE, &var_relay_rcpt_code, 0, 0,
+ 	VAR_PLAINTEXT_CODE, DEF_PLAINTEXT_CODE, &var_plaintext_code, 0, 0,
++	VAR_SMTPD_FORBID_BARE_LF_CODE, DEF_SMTPD_FORBID_BARE_LF_CODE, &var_smtpd_forbid_bare_lf_code, 500, 599,
+ 	VAR_SMTPD_CRATE_LIMIT, DEF_SMTPD_CRATE_LIMIT, &var_smtpd_crate_limit, 0, 0,
+ 	VAR_SMTPD_CCONN_LIMIT, DEF_SMTPD_CCONN_LIMIT, &var_smtpd_cconn_limit, 0, 0,
+ 	VAR_SMTPD_CMAIL_LIMIT, DEF_SMTPD_CMAIL_LIMIT, &var_smtpd_cmail_limit, 0, 0,
+@@ -6452,7 +6508,6 @@
+ 	VAR_SMTPD_PEERNAME_LOOKUP, DEF_SMTPD_PEERNAME_LOOKUP, &var_smtpd_peername_lookup,
+ 	VAR_SMTPD_DELAY_OPEN, DEF_SMTPD_DELAY_OPEN, &var_smtpd_delay_open,
+ 	VAR_SMTPD_CLIENT_PORT_LOG, DEF_SMTPD_CLIENT_PORT_LOG, &var_smtpd_client_port_log,
+-    VAR_SMTPD_FORBID_BARE_LF, DEF_SMTPD_FORBID_BARE_LF, &var_smtpd_forbid_bare_lf,
+ 	0,
+     };
+     static const CONFIG_NBOOL_TABLE nbool_table[] = {
+@@ -6569,6 +6624,7 @@
+ 	VAR_SMTPD_DNS_RE_FILTER, DEF_SMTPD_DNS_RE_FILTER, &var_smtpd_dns_re_filter, 0, 0,
+ 	VAR_SMTPD_REJ_FTR_MAPS, DEF_SMTPD_REJ_FTR_MAPS, &var_smtpd_rej_ftr_maps, 0, 0,
+ 	VAR_SMTPD_FORBID_BARE_LF_EXCL, DEF_SMTPD_FORBID_BARE_LF_EXCL, &var_smtpd_forbid_bare_lf_excl, 0, 0,
++	VAR_SMTPD_FORBID_BARE_LF, DEF_SMTPD_FORBID_BARE_LF, &var_smtpd_forbid_bare_lf, 1, 0,
+ 	0,
+     };
+     static const CONFIG_RAW_TABLE raw_table[] = {
+--- a/src/smtpd/smtpd_check.c
++++ b/src/smtpd/smtpd_check.c
+@@ -48,6 +48,11 @@
+ /*
+ /*	char	*smtpd_check_queue(state)
+ /*	SMTPD_STATE *state;
++/* AUXILIARY FUNCTIONS
++/*	void	log_whatsup(state, action, text)
++/*	SMTPD_STATE *state;
++/*	const char *action;
++/*	const char *text;
+ /* DESCRIPTION
+ /*	This module implements additional checks on SMTP client requests.
+ /*	A client request is validated in the context of the session state.
+@@ -146,6 +151,11 @@
+ /*	The recipient address given with the RCPT TO or VRFY command.
+ /* .IP size
+ /*	The message size given with the MAIL FROM command (zero if unknown).
++/* .PP
++/*	log_whatsup() logs "<queueid>: <action>: <protocol state>
++/*	from: <client-name[client-addr]>: <text>" plus the protocol
++/*	(SMTP or ESMTP), and if available, EHLO, MAIL FROM, or RCPT
++/*	TO.
+ /* BUGS
+ /*	Policies like these should not be hard-coded in C, but should
+ /*	be user-programmable instead.
+@@ -987,8 +997,8 @@
+ 
+ /* log_whatsup - log as much context as we have */
+ 
+-static void log_whatsup(SMTPD_STATE *state, const char *whatsup,
+-			        const char *text)
++void    log_whatsup(SMTPD_STATE *state, const char *whatsup,
++		            const char *text)
+ {
+     VSTRING *buf = vstring_alloc(100);
+ 
+--- a/src/smtpd/smtpd_check.h
++++ b/src/smtpd/smtpd_check.h
+@@ -25,6 +25,7 @@
+ extern char *smtpd_check_data(SMTPD_STATE *);
+ extern char *smtpd_check_eod(SMTPD_STATE *);
+ extern char *smtpd_check_policy(SMTPD_STATE *, char *);
++extern void log_whatsup(SMTPD_STATE *, const char *, const char *);
+ 
+ /* LICENSE
+ /* .ad
diff --git a/meta-networking/recipes-daemons/postfix/postfix_3.6.5.bb b/meta-networking/recipes-daemons/postfix/postfix_3.6.7.bb
index 343a8b2df0..fdda2e749e 100644
--- a/meta-networking/recipes-daemons/postfix/postfix_3.6.5.bb
+++ b/meta-networking/recipes-daemons/postfix/postfix_3.6.7.bb
@@ -12,6 +12,9 @@ SRC_URI += "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${P
             file://0003-makedefs-Use-native-compiler-to-build-makedefs.test.patch \
             file://0004-Fix-icu-config.patch \
             file://0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \
+            file://0006-makedefs-Account-for-linux-6.x-version.patch \
+            file://CVE-2023-51764-1.patch \
+            file://CVE-2023-51764-2.patch \ 
            "
-SRC_URI[sha256sum] = "300fa8811cea20d01d25c619d359bffab82656e704daa719e0c9afc4ecff4808"
+SRC_URI[sha256sum] = "e471df7e0eb11c4a1e574b6d7298f635386e2843b6b3584c25a04543d587e07f"
 UPSTREAM_CHECK_REGEX = "postfix\-(?P<pver>3\.6(\.\d+)+).tar.gz"
diff --git a/meta-networking/recipes-daemons/proftpd/files/CVE-2023-51713.patch b/meta-networking/recipes-daemons/proftpd/files/CVE-2023-51713.patch
new file mode 100644
index 0000000000..4b2cac1870
--- /dev/null
+++ b/meta-networking/recipes-daemons/proftpd/files/CVE-2023-51713.patch
@@ -0,0 +1,277 @@
+From 97bbe68363ccf2de0c07f67170ec64a8b4d62592 Mon Sep 17 00:00:00 2001
+From: TJ Saunders <tj@castaglia.org>
+Date: Sun, 6 Aug 2023 13:16:26 -0700
+Subject: [PATCH] Issue #1683: Avoid an edge case when handling unexpectedly
+ formatted input text from client, caused by quote/backslash semantics, by
+ skipping those semantics.
+
+Upstream-Status: Backport [https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592]
+CVE: CVE-2023-51713
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ include/str.h   |  3 ++-
+ src/main.c      | 34 +++++++++++++++++++++++++++++----
+ src/str.c       | 22 +++++++++++++---------
+ tests/api/str.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++-
+ 4 files changed, 94 insertions(+), 15 deletions(-)
+
+diff --git a/include/str.h b/include/str.h
+index f08398017..1261ae2c2 100644
+--- a/include/str.h
++++ b/include/str.h
+@@ -1,6 +1,6 @@
+ /*
+  * ProFTPD - FTP server daemon
+- * Copyright (c) 2008-2020 The ProFTPD Project team
++ * Copyright (c) 2008-2023 The ProFTPD Project team
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -131,6 +131,7 @@ const char *pr_gid2str(pool *, gid_t);
+ #define PR_STR_FL_PRESERVE_COMMENTS		0x0001
+ #define PR_STR_FL_PRESERVE_WHITESPACE		0x0002
+ #define PR_STR_FL_IGNORE_CASE			0x0004
++#define PR_STR_FL_IGNORE_QUOTES			0x0008
+ 
+ char *pr_str_get_token(char **, char *);
+ char *pr_str_get_token2(char **, char *, size_t *);
+diff --git a/src/main.c b/src/main.c
+index ee9c1eecb..e6b70731d 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -811,8 +811,24 @@ static cmd_rec *make_ftp_cmd(pool *p, char *buf, size_t buflen, int flags) {
+     return NULL;
+   }
+ 
++  /* By default, pr_str_get_word will handle quotes and backslashes for
++   * escaping characters.  This can produce words which are shorter, use
++   * fewer bytes than the corresponding input buffer.
++   *
++   * In this particular situation, we use the length of this initial word
++   * for determining the length of the remaining buffer bytes, assumed to
++   * contain the FTP command arguments.  If this initial word is thus
++   * unexpectedly "shorter", due to nonconformant FTP text, it can lead
++   * the subsequent buffer scan, looking for CRNUL sequencees, to access
++   * unexpected memory addresses (Issue #1683).
++   *
++   * Thus for this particular situation, we tell the function to ignore/skip
++   * such quote/backslash semantics, and treat them as any other character
++   * using the IGNORE_QUOTES flag.
++   */
++
+   ptr = buf;
+-  wrd = pr_str_get_word(&ptr, str_flags);
++  wrd = pr_str_get_word(&ptr, str_flags|PR_STR_FL_IGNORE_QUOTES);
+   if (wrd == NULL) {
+     /* Nothing there...bail out. */
+     pr_trace_msg("ctrl", 5, "command '%s' is empty, ignoring", buf);
+@@ -820,6 +836,11 @@ static cmd_rec *make_ftp_cmd(pool *p, char *buf, size_t buflen, int flags) {
+     return NULL;
+   }
+ 
++  /* Note that this first word is the FTP command.  This is why we make
++   * use of the ptr buffer, which advances through the input buffer as
++   * we read words from the buffer.
++   */
++
+   subpool = make_sub_pool(p);
+   pr_pool_tag(subpool, "make_ftp_cmd pool");
+   cmd = pcalloc(subpool, sizeof(cmd_rec));
+@@ -846,6 +867,7 @@ static cmd_rec *make_ftp_cmd(pool *p, char *buf, size_t buflen, int flags) {
+   arg_len = buflen - strlen(wrd);
+   arg = pcalloc(cmd->pool, arg_len + 1);
+ 
++  /* Remember that ptr here is advanced past the first word. */
+   for (i = 0, j = 0; i < arg_len; i++) {
+     pr_signals_handle();
+     if (i > 1 &&
+@@ -854,14 +876,13 @@ static cmd_rec *make_ftp_cmd(pool *p, char *buf, size_t buflen, int flags) {
+ 
+       /* Strip out the NUL by simply not copying it into the new buffer. */
+       have_crnul = TRUE;
++
+     } else {
+       arg[j++] = ptr[i];
+     }
+   }
+ 
+-  cmd->arg = arg;
+-
+-  if (have_crnul) {
++  if (have_crnul == TRUE) {
+     char *dup_arg;
+ 
+     /* Now make a copy of the stripped argument; this is what we need to
+@@ -871,6 +892,11 @@ static cmd_rec *make_ftp_cmd(pool *p, char *buf, size_t buflen, int flags) {
+     ptr = dup_arg;
+   }
+ 
++  cmd->arg = arg;
++
++  /* Now we can read the remamining words, as command arguments, from the
++   * input buffer.
++   */
+   while ((wrd = pr_str_get_word(&ptr, str_flags)) != NULL) {
+     pr_signals_handle();
+     *((char **) push_array(tarr)) = pstrdup(cmd->pool, wrd);
+diff --git a/src/str.c b/src/str.c
+index bcca4ae4d..a2ff74daf 100644
+--- a/src/str.c
++++ b/src/str.c
+@@ -1,6 +1,6 @@
+ /*
+  * ProFTPD - FTP server daemon
+- * Copyright (c) 2008-2017 The ProFTPD Project team
++ * Copyright (c) 2008-2023 The ProFTPD Project team
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -1209,7 +1209,7 @@ int pr_str_get_nbytes(const char *str, const char *units, off_t *nbytes) {
+ 
+ char *pr_str_get_word(char **cp, int flags) {
+   char *res, *dst;
+-  char quote_mode = 0;
++  int quote_mode = FALSE;
+ 
+   if (cp == NULL ||
+      !*cp ||
+@@ -1238,24 +1238,28 @@ char *pr_str_get_word(char **cp, int flags) {
+     }
+   }
+ 
+-  if (**cp == '\"') {
+-    quote_mode++;
+-    (*cp)++;
++  if (!(flags & PR_STR_FL_IGNORE_QUOTES)) {
++    if (**cp == '\"') {
++      quote_mode = TRUE;
++      (*cp)++;
++    }
+   }
+ 
+   while (**cp && (quote_mode ? (**cp != '\"') : !PR_ISSPACE(**cp))) {
+     pr_signals_handle();
+ 
+-    if (**cp == '\\' && quote_mode) {
+-
++    if (**cp == '\\' &&
++        quote_mode == TRUE) {
+       /* Escaped char */
+       if (*((*cp)+1)) {
+-        *dst = *(++(*cp));
++        *dst++ = *(++(*cp));
++        (*cp)++;
++        continue;
+       }
+     }
+ 
+     *dst++ = **cp;
+-    ++(*cp);
++    (*cp)++;
+   }
+ 
+   if (**cp) {
+diff --git a/tests/api/str.c b/tests/api/str.c
+index 050f5c563..bc64f0fb0 100644
+--- a/tests/api/str.c
++++ b/tests/api/str.c
+@@ -1,6 +1,6 @@
+ /*
+  * ProFTPD - FTP server testsuite
+- * Copyright (c) 2008-2017 The ProFTPD Project team
++ * Copyright (c) 2008-2023 The ProFTPD Project team
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -695,19 +695,23 @@ END_TEST
+ START_TEST (get_word_test) {
+   char *ok, *res, *str;
+ 
++  mark_point();
+   res = pr_str_get_word(NULL, 0);
+   fail_unless(res == NULL, "Failed to handle null arguments");
+   fail_unless(errno == EINVAL, "Failed to set errno to EINVAL");
+ 
++  mark_point();
+   str = NULL;
+   res = pr_str_get_word(&str, 0);
+   fail_unless(res == NULL, "Failed to handle null str argument");
+   fail_unless(errno == EINVAL, "Failed to set errno to EINVAL");
+ 
++  mark_point();
+   str = pstrdup(p, "  ");
+   res = pr_str_get_word(&str, 0);
+   fail_unless(res == NULL, "Failed to handle whitespace argument");
+ 
++  mark_point();
+   str = pstrdup(p, " foo");
+   res = pr_str_get_word(&str, PR_STR_FL_PRESERVE_WHITESPACE);
+   fail_unless(res != NULL, "Failed to handle whitespace argument: %s",
+@@ -723,6 +727,7 @@ START_TEST (get_word_test) {
+   ok = "foo";
+   fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res);
+ 
++  mark_point();
+   str = pstrdup(p, "  # foo");
+   res = pr_str_get_word(&str, 0);
+   fail_unless(res == NULL, "Failed to handle commented argument");
+@@ -742,6 +747,8 @@ START_TEST (get_word_test) {
+   fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res);
+ 
+   /* Test multiple embedded quotes. */
++
++  mark_point();
+   str = pstrdup(p, "foo \"bar baz\" qux \"quz norf\"");
+   res = pr_str_get_word(&str, 0);
+   fail_unless(res != NULL, "Failed to handle quoted argument: %s",
+@@ -770,6 +777,47 @@ START_TEST (get_word_test) {
+ 
+   ok = "quz norf";
+   fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res);
++
++
++  /* Test embedded quotes with backslashes (Issue #1683). */
++  mark_point();
++
++  str = pstrdup(p, "\"\\\\SYST\"");
++  res = pr_str_get_word(&str, 0);
++  fail_unless(res != NULL, "Failed to handle quoted argument: %s",
++    strerror(errno));
++
++  ok = "\\SYST";
++  fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res);
++
++  mark_point();
++  str = pstrdup(p, "\"\"\\\\SYST");
++  res = pr_str_get_word(&str, 0);
++  fail_unless(res != NULL, "Failed to handle quoted argument: %s",
++    strerror(errno));
++
++  /* Note that pr_str_get_word() is intended to be called multiple times
++   * on an advancing buffer, effectively tokenizing the buffer.  This is
++   * why the function does NOT decrement its quote mode.
++   */
++  ok = "";
++  fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res);
++
++  /* Now do the same tests with the IGNORE_QUOTES flag */
++  mark_point();
++
++  str = ok = pstrdup(p, "\"\\\\SYST\"");
++  res = pr_str_get_word(&str, PR_STR_FL_IGNORE_QUOTES);
++  fail_unless(res != NULL, "Failed to handle quoted argument: %s",
++    strerror(errno));
++  fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res);
++
++  mark_point();
++  str = ok = pstrdup(p, "\"\"\\\\SYST");
++  res = pr_str_get_word(&str, PR_STR_FL_IGNORE_QUOTES);
++  fail_unless(res != NULL, "Failed to handle quoted argument: %s",
++    strerror(errno));
++  fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res);
+ }
+ END_TEST
+ 
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb
index 686f1e5cdf..9d846f46a2 100644
--- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb
+++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb
@@ -15,6 +15,7 @@ SRC_URI = "git://github.com/proftpd/proftpd.git;branch=${BRANCH};protocol=https
            file://contrib.patch  \
            file://build_fixup.patch \
            file://proftpd.service \
+           file://CVE-2023-51713.patch \
            "
 
 S = "${WORKDIR}/git"
diff --git a/meta-networking/recipes-daemons/radvd/radvd.inc b/meta-networking/recipes-daemons/radvd/radvd.inc
index 2afaa48411..5da31b3f0e 100644
--- a/meta-networking/recipes-daemons/radvd/radvd.inc
+++ b/meta-networking/recipes-daemons/radvd/radvd.inc
@@ -58,7 +58,8 @@ do_install:append () {
 }
 
 USERADD_PACKAGES = "${PN}"
-USERADD_PARAM:${PN} = "--system --home ${localstatedir}/run/radvd/ -M -g nogroup radvd"
+GROUPADD_PARAM:${PN} = "--system nogroup"
+USERADD_PARAM:${PN} = "--system --home ${localstatedir}/run/radvd/ -M -g nogroup --shell /sbin/nologin radvd"
 
 pkg_postinst:${PN} () {
     if [ -z "$D" -a -x /etc/init.d/populate-volatile.sh ]; then
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-46728.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-46728.patch
new file mode 100644
index 0000000000..b11721041e
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-46728.patch
@@ -0,0 +1,608 @@
+Partial backport of:
+
+From 6ea12e8fb590ac6959e9356a81aa3370576568c3 Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov@measurement-factory.com>
+Date: Tue, 26 Jul 2022 15:05:54 +0000
+Subject: [PATCH] Remove support for Gopher protocol (#1092)
+
+Gopher code quality remains too low for production use in most
+environments. The code is a persistent source of vulnerabilities and
+fixing it requires significant effort. We should not be spending scarce
+Project resources on improving that code, especially given the lack of
+strong demand for Gopher support.
+
+With this change, Gopher requests will be handled like any other request
+with an unknown (to Squid) protocol. For example, HTTP requests with
+Gopher URI scheme result in ERR_UNSUP_REQ.
+
+Default Squid configuration still considers TCP port 70 "safe". The
+corresponding Safe_ports ACL rule has not been removed for consistency
+sake: We consider WAIS port safe even though Squid refuses to forward
+WAIS requests:
+
+    acl Safe_ports port 70          # gopher
+    acl Safe_ports port 210         # wais
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches/CVE-2023-46728.patch?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
+Upstream commit https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3]
+CVE: CVE-2023-46728
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ doc/Programming-Guide/Groups.dox         |   5 -
+ doc/debug-sections.txt                   |   1 -
+ doc/manuals/de.po                        |   2 +-
+ doc/manuals/en.po                        |   2 +-
+ doc/manuals/en_AU.po                     |   2 +-
+ doc/manuals/es.po                        |   2 +-
+ doc/manuals/fr.po                        |   2 +-
+ doc/manuals/it.po                        |   2 +-
+ errors/af.po                             |   6 +-
+ errors/az.po                             |   6 +-
+ errors/bg.po                             |   6 +-
+ errors/ca.po                             |   6 +-
+ errors/cs.po                             |   6 +-
+ errors/da.po                             |   6 +-
+ errors/de.po                             |   6 +-
+ errors/el.po                             |   4 +-
+ errors/en.po                             |   6 +-
+ errors/errorpage.css                     |   2 +-
+ errors/es-mx.po                          |   3 +-
+ errors/es.po                             |   4 +-
+ errors/et.po                             |   6 +-
+ errors/fi.po                             |   7 +-
+ errors/fr.po                             |   6 +-
+ errors/he.po                             |   6 +-
+ errors/hu.po                             |   6 +-
+ errors/hy.po                             |   6 +-
+ errors/it.po                             |   4 +-
+ errors/ja.po                             |   6 +-
+ errors/ko.po                             |   6 +-
+ errors/lt.po                             |   6 +-
+ errors/lv.po                             |   6 +-
+ errors/nl.po                             |   6 +-
+ errors/pl.po                             |   6 +-
+ errors/pt-br.po                          |   6 +-
+ errors/pt.po                             |   6 +-
+ errors/ro.po                             |   4 +-
+ errors/ru.po                             |   6 +-
+ errors/sk.po                             |   6 +-
+ errors/sl.po                             |   6 +-
+ errors/sr-latn.po                        |   4 +-
+ errors/sv.po                             |   6 +-
+ errors/templates/ERR_UNSUP_REQ           |   2 +-
+ errors/tr.po                             |   6 +-
+ errors/uk.po                             |   6 +-
+ errors/vi.po                             |   4 +-
+ errors/zh-hans.po                        |   6 +-
+ errors/zh-hant.po                        |   7 +-
+ src/FwdState.cc                          |   5 -
+ src/HttpRequest.cc                       |   6 -
+ src/IoStats.h                            |   2 +-
+ src/Makefile.am                          |   8 -
+ src/adaptation/ecap/Host.cc              |   1 -
+ src/adaptation/ecap/MessageRep.cc        |   2 -
+ src/anyp/ProtocolType.h                  |   1 -
+ src/anyp/Uri.cc                          |   1 -
+ src/anyp/UriScheme.cc                    |   3 -
+ src/cf.data.pre                          |   5 +-
+ src/client_side_request.cc               |   4 -
+ src/error/forward.h                      |   2 +-
+ src/gopher.cc                            | 993 -----------------------
+ src/gopher.h                             |  29 -
+ src/http/Message.h                       |   1 -
+ src/mgr/IoAction.cc                      |   3 -
+ src/mgr/IoAction.h                       |   2 -
+ src/squid.8.in                           |   2 +-
+ src/stat.cc                              |  19 -
+ src/tests/Stub.am                        |   1 -
+ src/tests/stub_gopher.cc                 |  17 -
+ test-suite/squidconf/regressions-3.4.0.1 |   1 -
+ 69 files changed, 88 insertions(+), 1251 deletions(-)
+ delete mode 100644 src/gopher.cc
+ delete mode 100644 src/gopher.h
+ delete mode 100644 src/tests/stub_gopher.cc
+
+--- a/src/FwdState.cc
++++ b/src/FwdState.cc
+@@ -28,7 +28,6 @@
+ #include "fde.h"
+ #include "FwdState.h"
+ #include "globals.h"
+-#include "gopher.h"
+ #include "hier_code.h"
+ #include "http.h"
+ #include "http/Stream.h"
+@@ -1004,10 +1003,6 @@ FwdState::dispatch()
+             httpStart(this);
+             break;
+ 
+-        case AnyP::PROTO_GOPHER:
+-            gopherStart(this);
+-            break;
+-
+         case AnyP::PROTO_FTP:
+             if (request->flags.ftpNative)
+                 Ftp::StartRelay(this);
+--- a/src/HttpRequest.cc
++++ b/src/HttpRequest.cc
+@@ -18,7 +18,6 @@
+ #include "Downloader.h"
+ #include "err_detail_type.h"
+ #include "globals.h"
+-#include "gopher.h"
+ #include "http.h"
+ #include "http/one/RequestParser.h"
+ #include "http/Stream.h"
+@@ -556,11 +555,6 @@ HttpRequest::maybeCacheable()
+             return false;
+         break;
+ 
+-    case AnyP::PROTO_GOPHER:
+-        if (!gopherCachable(this))
+-            return false;
+-        break;
+-
+     case AnyP::PROTO_CACHE_OBJECT:
+         return false;
+ 
+--- a/src/IoStats.h
++++ b/src/IoStats.h
+@@ -22,7 +22,7 @@ public:
+         int writes;
+         int write_hist[histSize];
+     }
+-    Http, Ftp, Gopher;
++    Http, Ftp;
+ };
+ 
+ #endif /* SQUID_IOSTATS_H_ */
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -306,8 +306,6 @@ squid_SOURCES = \
+ 	FwdState.h \
+ 	Generic.h \
+ 	globals.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	helper.h \
+ 	hier_code.h \
+@@ -1259,8 +1257,6 @@ tests_testCacheManager_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	hier_code.h \
+ 	helper.cc \
+ 	$(HTCPSOURCE) \
+@@ -1678,8 +1674,6 @@ tests_testEvent_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -1914,8 +1908,6 @@ tests_testEventLoop_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -2145,8 +2137,6 @@ tests_test_http_range_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -2461,8 +2451,6 @@ tests_testHttpRequest_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -3307,8 +3295,6 @@ tests_testURL_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+--- a/src/adaptation/ecap/Host.cc
++++ b/src/adaptation/ecap/Host.cc
+@@ -49,7 +49,6 @@ Adaptation::Ecap::Host::Host()
+     libecap::protocolHttp.assignHostId(AnyP::PROTO_HTTP);
+     libecap::protocolHttps.assignHostId(AnyP::PROTO_HTTPS);
+     libecap::protocolFtp.assignHostId(AnyP::PROTO_FTP);
+-    libecap::protocolGopher.assignHostId(AnyP::PROTO_GOPHER);
+     libecap::protocolWais.assignHostId(AnyP::PROTO_WAIS);
+     libecap::protocolUrn.assignHostId(AnyP::PROTO_URN);
+     libecap::protocolWhois.assignHostId(AnyP::PROTO_WHOIS);
+--- a/src/adaptation/ecap/MessageRep.cc
++++ b/src/adaptation/ecap/MessageRep.cc
+@@ -140,8 +140,6 @@ Adaptation::Ecap::FirstLineRep::protocol
+         return libecap::protocolHttps;
+     case AnyP::PROTO_FTP:
+         return libecap::protocolFtp;
+-    case AnyP::PROTO_GOPHER:
+-        return libecap::protocolGopher;
+     case AnyP::PROTO_WAIS:
+         return libecap::protocolWais;
+     case AnyP::PROTO_WHOIS:
+--- a/src/anyp/ProtocolType.h
++++ b/src/anyp/ProtocolType.h
+@@ -27,7 +27,6 @@ typedef enum {
+     PROTO_HTTPS,
+     PROTO_COAP,
+     PROTO_COAPS,
+-    PROTO_GOPHER,
+     PROTO_WAIS,
+     PROTO_CACHE_OBJECT,
+     PROTO_ICP,
+--- a/src/anyp/Uri.cc
++++ b/src/anyp/Uri.cc
+@@ -852,8 +852,6 @@ urlCheckRequest(const HttpRequest * r)
+         if (r->method == Http::METHOD_PUT)
+             rc = 1;
+ 
+-    case AnyP::PROTO_GOPHER:
+-
+     case AnyP::PROTO_WAIS:
+ 
+     case AnyP::PROTO_WHOIS:
+--- a/src/anyp/UriScheme.cc
++++ b/src/anyp/UriScheme.cc
+@@ -87,9 +87,6 @@ AnyP::UriScheme::defaultPort() const
+         // Assuming IANA policy of allocating same port for base and TLS protocol versions will occur.
+         return 5683;
+ 
+-    case AnyP::PROTO_GOPHER:
+-        return 70;
+-
+     case AnyP::PROTO_WAIS:
+         return 210;
+ 
+--- a/src/client_side_request.cc
++++ b/src/client_side_request.cc
+@@ -33,7 +33,6 @@
+ #include "fd.h"
+ #include "fde.h"
+ #include "format/Token.h"
+-#include "gopher.h"
+ #include "helper.h"
+ #include "helper/Reply.h"
+ #include "http.h"
+@@ -965,9 +964,6 @@ clientHierarchical(ClientHttpRequest * h
+     if (request->url.getScheme() == AnyP::PROTO_HTTP)
+         return method.respMaybeCacheable();
+ 
+-    if (request->url.getScheme() == AnyP::PROTO_GOPHER)
+-        return gopherCachable(request);
+-
+     if (request->url.getScheme() == AnyP::PROTO_CACHE_OBJECT)
+         return 0;
+ 
+--- a/src/err_type.h
++++ b/src/err_type.h
+@@ -65,7 +65,7 @@ typedef enum {
+     ERR_GATEWAY_FAILURE,
+ 
+     /* Special Cases */
+-    ERR_DIR_LISTING,            /* Display of remote directory (FTP, Gopher) */
++    ERR_DIR_LISTING,            /* Display of remote directory (FTP) */
+     ERR_SQUID_SIGNATURE,        /* not really an error */
+     ERR_SHUTTING_DOWN,
+     ERR_PROTOCOL_UNKNOWN,
+--- a/src/HttpMsg.h
++++ b/src/HttpMsg.h
+@@ -38,7 +38,6 @@ public:
+         srcFtp = 1 << (16 + 1), ///< ftp_port or FTP server
+         srcIcap = 1 << (16 + 2), ///< traditional ICAP service without encryption
+         srcEcap = 1 << (16 + 3), ///< eCAP service that uses insecure libraries/daemons
+-        srcGopher = 1 << (16 + 14), ///< Gopher server
+         srcWhois = 1 << (16 + 15), ///< Whois server
+         srcUnsafe = 0xFFFF0000,  ///< Unsafe sources mask
+         srcSafe = 0x0000FFFF ///< Safe sources mask
+--- a/src/mgr/IoAction.cc
++++ b/src/mgr/IoAction.cc
+@@ -35,9 +35,6 @@ Mgr::IoActionData::operator += (const Io
+     ftp_reads += stats.ftp_reads;
+     for (int i = 0; i < IoStats::histSize; ++i)
+         ftp_read_hist[i] += stats.ftp_read_hist[i];
+-    gopher_reads += stats.gopher_reads;
+-    for (int i = 0; i < IoStats::histSize; ++i)
+-        gopher_read_hist[i] += stats.gopher_read_hist[i];
+ 
+     return *this;
+ }
+--- a/src/mgr/IoAction.h
++++ b/src/mgr/IoAction.h
+@@ -27,10 +27,8 @@ public:
+ public:
+     double http_reads;
+     double ftp_reads;
+-    double gopher_reads;
+     double http_read_hist[IoStats::histSize];
+     double ftp_read_hist[IoStats::histSize];
+-    double gopher_read_hist[IoStats::histSize];
+ };
+ 
+ /// implement aggregated 'io' action
+--- a/src/stat.cc
++++ b/src/stat.cc
+@@ -206,12 +206,6 @@ GetIoStats(Mgr::IoActionData& stats)
+     for (i = 0; i < IoStats::histSize; ++i) {
+         stats.ftp_read_hist[i] = IOStats.Ftp.read_hist[i];
+     }
+-
+-    stats.gopher_reads = IOStats.Gopher.reads;
+-
+-    for (i = 0; i < IoStats::histSize; ++i) {
+-        stats.gopher_read_hist[i] = IOStats.Gopher.read_hist[i];
+-    }
+ }
+ 
+ void
+@@ -245,19 +239,6 @@ DumpIoStats(Mgr::IoActionData& stats, St
+     }
+ 
+     storeAppendPrintf(sentry, "\n");
+-    storeAppendPrintf(sentry, "Gopher I/O\n");
+-    storeAppendPrintf(sentry, "number of reads: %.0f\n", stats.gopher_reads);
+-    storeAppendPrintf(sentry, "Read Histogram:\n");
+-
+-    for (i = 0; i < IoStats::histSize; ++i) {
+-        storeAppendPrintf(sentry, "%5d-%5d: %9.0f %2.0f%%\n",
+-                          i ? (1 << (i - 1)) + 1 : 1,
+-                          1 << i,
+-                          stats.gopher_read_hist[i],
+-                          Math::doublePercent(stats.gopher_read_hist[i], stats.gopher_reads));
+-    }
+-
+-    storeAppendPrintf(sentry, "\n");
+ }
+ 
+ static const char *
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -263,7 +263,7 @@ am__squid_SOURCES_DIST = AclRegs.cc Auth
+ 	ExternalACL.h ExternalACLEntry.cc ExternalACLEntry.h \
+ 	FadingCounter.h FadingCounter.cc fatal.h fatal.cc fd.h fd.cc \
+ 	fde.cc fde.h FileMap.h filemap.cc fqdncache.h fqdncache.cc \
+-	FwdState.cc FwdState.h Generic.h globals.h gopher.h gopher.cc \
++	FwdState.cc FwdState.h Generic.h globals.h \
+ 	helper.cc helper.h hier_code.h HierarchyLogEntry.h htcp.cc \
+ 	htcp.h http.cc http.h HttpHeaderFieldStat.h HttpHdrCc.h \
+ 	HttpHdrCc.cc HttpHdrCc.cci HttpHdrRange.cc HttpHdrSc.cc \
+@@ -352,7 +352,7 @@ am_squid_OBJECTS = $(am__objects_1) Acce
+ 	EventLoop.$(OBJEXT) external_acl.$(OBJEXT) \
+ 	ExternalACLEntry.$(OBJEXT) FadingCounter.$(OBJEXT) \
+ 	fatal.$(OBJEXT) fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \
+-	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
++	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
+ 	helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
+ 	HttpHdrCc.$(OBJEXT) HttpHdrRange.$(OBJEXT) HttpHdrSc.$(OBJEXT) \
+ 	HttpHdrScTarget.$(OBJEXT) HttpHdrContRange.$(OBJEXT) \
+@@ -539,7 +539,7 @@ am__tests_testCacheManager_SOURCES_DIST
+ 	tests/stub_ETag.cc event.cc external_acl.cc \
+ 	ExternalACLEntry.cc fatal.h tests/stub_fatal.cc fd.h fd.cc \
+ 	fde.cc FileMap.h filemap.cc fqdncache.h fqdncache.cc \
+-	FwdState.cc FwdState.h gopher.h gopher.cc hier_code.h \
++	FwdState.cc FwdState.h hier_code.h \
+ 	helper.cc htcp.cc htcp.h http.cc HttpBody.h HttpBody.cc \
+ 	HttpHeader.h HttpHeader.cc HttpHeaderFieldInfo.h \
+ 	HttpHeaderTools.h HttpHeaderTools.cc HttpHeaderFieldStat.h \
+@@ -594,7 +594,7 @@ am_tests_testCacheManager_OBJECTS = Acce
+ 	event.$(OBJEXT) external_acl.$(OBJEXT) \
+ 	ExternalACLEntry.$(OBJEXT) tests/stub_fatal.$(OBJEXT) \
+ 	fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \
+-	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
++	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
+ 	helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
+ 	HttpBody.$(OBJEXT) HttpHeader.$(OBJEXT) \
+ 	HttpHeaderTools.$(OBJEXT) HttpHdrCc.$(OBJEXT) \
+@@ -838,7 +838,7 @@ am__tests_testEvent_SOURCES_DIST = Acces
+ 	EventLoop.h EventLoop.cc external_acl.cc ExternalACLEntry.cc \
+ 	FadingCounter.cc fatal.h tests/stub_fatal.cc fd.h fd.cc fde.cc \
+ 	FileMap.h filemap.cc fqdncache.h fqdncache.cc FwdState.cc \
+-	FwdState.h gopher.h gopher.cc helper.cc hier_code.h htcp.cc \
++	FwdState.h helper.cc hier_code.h htcp.cc \
+ 	htcp.h http.cc HttpBody.h HttpBody.cc \
+ 	tests/stub_HttpControlMsg.cc HttpHeader.h HttpHeader.cc \
+ 	HttpHeaderFieldInfo.h HttpHeaderTools.h HttpHeaderTools.cc \
+@@ -891,7 +891,7 @@ am_tests_testEvent_OBJECTS = AccessLogEn
+ 	external_acl.$(OBJEXT) ExternalACLEntry.$(OBJEXT) \
+ 	FadingCounter.$(OBJEXT) tests/stub_fatal.$(OBJEXT) \
+ 	fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \
+-	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
++	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
+ 	helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
+ 	HttpBody.$(OBJEXT) tests/stub_HttpControlMsg.$(OBJEXT) \
+ 	HttpHeader.$(OBJEXT) HttpHeaderTools.$(OBJEXT) \
+@@ -975,8 +975,8 @@ am__tests_testEventLoop_SOURCES_DIST = A
+ 	tests/stub_ETag.cc EventLoop.h EventLoop.cc event.cc \
+ 	external_acl.cc ExternalACLEntry.cc FadingCounter.cc fatal.h \
+ 	tests/stub_fatal.cc fd.h fd.cc fde.cc FileMap.h filemap.cc \
+-	fqdncache.h fqdncache.cc FwdState.cc FwdState.h gopher.h \
+-	gopher.cc helper.cc hier_code.h htcp.cc htcp.h http.cc \
++	fqdncache.h fqdncache.cc FwdState.cc FwdState.h \
++	helper.cc hier_code.h htcp.cc htcp.h http.cc \
+ 	HttpBody.h HttpBody.cc tests/stub_HttpControlMsg.cc \
+ 	HttpHeader.h HttpHeader.cc HttpHeaderFieldInfo.h \
+ 	HttpHeaderTools.h HttpHeaderTools.cc HttpHeaderFieldStat.h \
+@@ -1029,7 +1029,7 @@ am_tests_testEventLoop_OBJECTS = AccessL
+ 	external_acl.$(OBJEXT) ExternalACLEntry.$(OBJEXT) \
+ 	FadingCounter.$(OBJEXT) tests/stub_fatal.$(OBJEXT) \
+ 	fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \
+-	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
++	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
+ 	helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
+ 	HttpBody.$(OBJEXT) tests/stub_HttpControlMsg.$(OBJEXT) \
+ 	HttpHeader.$(OBJEXT) HttpHeaderTools.$(OBJEXT) \
+@@ -1187,7 +1187,7 @@ am__tests_testHttpRequest_SOURCES_DIST =
+ 	fs_io.cc dlink.h dlink.cc dns_internal.cc errorpage.cc \
+ 	tests/stub_ETag.cc external_acl.cc ExternalACLEntry.cc fatal.h \
+ 	tests/stub_fatal.cc fd.h fd.cc fde.cc fqdncache.h fqdncache.cc \
+-	FwdState.cc FwdState.h gopher.h gopher.cc helper.cc \
++	FwdState.cc FwdState.h helper.cc \
+ 	hier_code.h htcp.cc htcp.h http.cc HttpBody.h HttpBody.cc \
+ 	tests/stub_HttpControlMsg.cc HttpHeader.h HttpHeader.cc \
+ 	HttpHeaderFieldInfo.h HttpHeaderTools.h HttpHeaderTools.cc \
+@@ -1243,7 +1243,7 @@ am_tests_testHttpRequest_OBJECTS = Acces
+ 	$(am__objects_4) errorpage.$(OBJEXT) tests/stub_ETag.$(OBJEXT) \
+ 	external_acl.$(OBJEXT) ExternalACLEntry.$(OBJEXT) \
+ 	tests/stub_fatal.$(OBJEXT) fd.$(OBJEXT) fde.$(OBJEXT) \
+-	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
++	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
+ 	helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
+ 	HttpBody.$(OBJEXT) tests/stub_HttpControlMsg.$(OBJEXT) \
+ 	HttpHeader.$(OBJEXT) HttpHeaderTools.$(OBJEXT) \
+@@ -1670,8 +1670,8 @@ am__tests_testURL_SOURCES_DIST = AccessL
+ 	fs_io.cc dlink.h dlink.cc dns_internal.cc errorpage.cc ETag.cc \
+ 	event.cc external_acl.cc ExternalACLEntry.cc fatal.h \
+ 	tests/stub_fatal.cc fd.h fd.cc fde.cc FileMap.h filemap.cc \
+-	fqdncache.h fqdncache.cc FwdState.cc FwdState.h gopher.h \
+-	gopher.cc helper.cc hier_code.h htcp.cc htcp.h http.cc \
++	fqdncache.h fqdncache.cc FwdState.cc FwdState.h \
++	helper.cc hier_code.h htcp.cc htcp.h http.cc \
+ 	HttpBody.h HttpBody.cc tests/stub_HttpControlMsg.cc \
+ 	HttpHeaderFieldStat.h HttpHdrCc.h HttpHdrCc.cc HttpHdrCc.cci \
+ 	HttpHdrContRange.cc HttpHdrRange.cc HttpHdrSc.cc \
+@@ -1725,7 +1725,7 @@ am_tests_testURL_OBJECTS = AccessLogEntr
+ 	event.$(OBJEXT) external_acl.$(OBJEXT) \
+ 	ExternalACLEntry.$(OBJEXT) tests/stub_fatal.$(OBJEXT) \
+ 	fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \
+-	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
++	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
+ 	helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
+ 	HttpBody.$(OBJEXT) tests/stub_HttpControlMsg.$(OBJEXT) \
+ 	HttpHdrCc.$(OBJEXT) HttpHdrContRange.$(OBJEXT) \
+@@ -1925,8 +1925,8 @@ am__tests_test_http_range_SOURCES_DIST =
+ 	dns_internal.cc errorpage.cc tests/stub_ETag.cc event.cc \
+ 	FadingCounter.cc fatal.h tests/stub_libauth.cc \
+ 	tests/stub_fatal.cc fd.h fd.cc fde.cc FileMap.h filemap.cc \
+-	fqdncache.h fqdncache.cc FwdState.cc FwdState.h gopher.h \
+-	gopher.cc helper.cc hier_code.h htcp.cc htcp.h http.cc \
++	fqdncache.h fqdncache.cc FwdState.cc FwdState.h \
++	helper.cc hier_code.h htcp.cc htcp.h http.cc \
+ 	HttpBody.h HttpBody.cc tests/stub_HttpControlMsg.cc \
+ 	HttpHeaderFieldStat.h HttpHdrCc.h HttpHdrCc.cc HttpHdrCc.cci \
+ 	HttpHdrContRange.cc HttpHdrRange.cc HttpHdrSc.cc \
+@@ -1979,7 +1979,7 @@ am_tests_test_http_range_OBJECTS = Acces
+ 	FadingCounter.$(OBJEXT) tests/stub_libauth.$(OBJEXT) \
+ 	tests/stub_fatal.$(OBJEXT) fd.$(OBJEXT) fde.$(OBJEXT) \
+ 	filemap.$(OBJEXT) fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
+-	gopher.$(OBJEXT) helper.$(OBJEXT) $(am__objects_5) \
++	helper.$(OBJEXT) $(am__objects_5) \
+ 	http.$(OBJEXT) HttpBody.$(OBJEXT) \
+ 	tests/stub_HttpControlMsg.$(OBJEXT) HttpHdrCc.$(OBJEXT) \
+ 	HttpHdrContRange.$(OBJEXT) HttpHdrRange.$(OBJEXT) \
+@@ -2131,7 +2131,7 @@ am__depfiles_remade = ./$(DEPDIR)/Access
+ 	./$(DEPDIR)/external_acl.Po ./$(DEPDIR)/fatal.Po \
+ 	./$(DEPDIR)/fd.Po ./$(DEPDIR)/fde.Po ./$(DEPDIR)/filemap.Po \
+ 	./$(DEPDIR)/fqdncache.Po ./$(DEPDIR)/fs_io.Po \
+-	./$(DEPDIR)/globals.Po ./$(DEPDIR)/gopher.Po \
++	./$(DEPDIR)/globals.Po \
+ 	./$(DEPDIR)/helper.Po ./$(DEPDIR)/hier_code.Po \
+ 	./$(DEPDIR)/htcp.Po ./$(DEPDIR)/http.Po \
+ 	./$(DEPDIR)/icp_opcode.Po ./$(DEPDIR)/icp_v2.Po \
+@@ -3043,7 +3043,7 @@ squid_SOURCES = $(ACL_REGISTRATION_SOURC
+ 	ExternalACL.h ExternalACLEntry.cc ExternalACLEntry.h \
+ 	FadingCounter.h FadingCounter.cc fatal.h fatal.cc fd.h fd.cc \
+ 	fde.cc fde.h FileMap.h filemap.cc fqdncache.h fqdncache.cc \
+-	FwdState.cc FwdState.h Generic.h globals.h gopher.h gopher.cc \
++	FwdState.cc FwdState.h Generic.h globals.h \
+ 	helper.cc helper.h hier_code.h HierarchyLogEntry.h \
+ 	$(HTCPSOURCE) http.cc http.h HttpHeaderFieldStat.h HttpHdrCc.h \
+ 	HttpHdrCc.cc HttpHdrCc.cci HttpHdrRange.cc HttpHdrSc.cc \
+@@ -3708,8 +3708,6 @@ tests_testCacheManager_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	hier_code.h \
+ 	helper.cc \
+ 	$(HTCPSOURCE) \
+@@ -4134,8 +4132,6 @@ tests_testEvent_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -4371,8 +4367,6 @@ tests_testEventLoop_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -4604,8 +4598,6 @@ tests_test_http_range_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -4924,8 +4916,6 @@ tests_testHttpRequest_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -5777,8 +5767,6 @@ tests_testURL_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -6823,7 +6811,6 @@ distclean-compile:
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fqdncache.Po@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fs_io.Po@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/globals.Po@am__quote@ # am--include-marker
+-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gopher.Po@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/helper.Po@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hier_code.Po@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/htcp.Po@am__quote@ # am--include-marker
+@@ -7804,7 +7791,6 @@ distclean: distclean-recursive
+ 	-rm -f ./$(DEPDIR)/fqdncache.Po
+ 	-rm -f ./$(DEPDIR)/fs_io.Po
+ 	-rm -f ./$(DEPDIR)/globals.Po
+-	-rm -f ./$(DEPDIR)/gopher.Po
+ 	-rm -f ./$(DEPDIR)/helper.Po
+ 	-rm -f ./$(DEPDIR)/hier_code.Po
+ 	-rm -f ./$(DEPDIR)/htcp.Po
+@@ -8129,7 +8115,6 @@ maintainer-clean: maintainer-clean-recur
+ 	-rm -f ./$(DEPDIR)/fqdncache.Po
+ 	-rm -f ./$(DEPDIR)/fs_io.Po
+ 	-rm -f ./$(DEPDIR)/globals.Po
+-	-rm -f ./$(DEPDIR)/gopher.Po
+ 	-rm -f ./$(DEPDIR)/helper.Po
+ 	-rm -f ./$(DEPDIR)/hier_code.Po
+ 	-rm -f ./$(DEPDIR)/htcp.Po
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-46846-pre1.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-46846-pre1.patch
new file mode 100644
index 0000000000..5b4e370d49
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-46846-pre1.patch
@@ -0,0 +1,1154 @@
+Backport of:
+
+From 417da4006cf5c97d44e74431b816fc58fec9e270 Mon Sep 17 00:00:00 2001
+From: Eduard Bagdasaryan <eduard.bagdasaryan@measurement-factory.com>
+Date: Mon, 18 Mar 2019 17:48:21 +0000
+Subject: [PATCH] Fix incremental parsing of chunked quoted extensions (#310)
+
+Before this change, incremental parsing of quoted chunked extensions
+was broken for two reasons:
+
+* Http::One::Parser::skipLineTerminator() unexpectedly threw after
+  partially received quoted chunk extension value.
+
+* When Http::One::Tokenizer was unable to parse a quoted extension,
+  it incorrectly restored the input buffer to the beginning of the
+  extension value (instead of the extension itself), thus making
+  further incremental parsing iterations impossible.
+
+IMO, the reason for this problem was that Http::One::Tokenizer::qdText()
+could not distinguish two cases (returning false in both):
+
+* the end of the quoted string not yet reached
+
+* an input error, e.g., wrong/unexpected character
+
+A possible approach could be to improve Http::One::Tokenizer, making it
+aware about "needs more data" state.  However, to be acceptable,
+these improvements should be done in the base Parser::Tokenizer
+class instead. These changes seem to be non-trivial and could be
+done separately and later.
+
+Another approach, used here, is to simplify the complex and error-prone
+chunked extensions parsing algorithm, fixing incremental parsing bugs
+and still parse incrementally in almost all cases. The performance
+regression could be expected only in relatively rare cases of partially
+received or malformed extensions.
+
+Also:
+* fixed parsing of partial use-original-body extension values
+* do not treat an invalid use-original-body as an unknown extension
+* optimization: parse use-original-body extension only in ICAP context
+  (i.e., where it is expected)
+* improvement: added a new API to TeChunkedParser to specify known
+  chunked extensions list
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches/CVE-2023-46846-pre1.patch?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
+Upstream commit https://github.com/squid-cache/squid/commit/417da4006cf5c97d44e74431b816fc58fec9e270]
+CVE: CVE-2023-46846 #Dependency Patch1
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/adaptation/icap/ModXact.cc  |  21 ++++-
+ src/adaptation/icap/ModXact.h   |  20 +++++
+ src/http/one/Parser.cc          |  35 ++++----
+ src/http/one/Parser.h           |  10 ++-
+ src/http/one/RequestParser.cc   |  16 ++--
+ src/http/one/RequestParser.h    |   8 +-
+ src/http/one/ResponseParser.cc  |  17 ++--
+ src/http/one/ResponseParser.h   |   2 +-
+ src/http/one/TeChunkedParser.cc | 139 ++++++++++++++++++--------------
+ src/http/one/TeChunkedParser.h  |  41 ++++++++--
+ src/http/one/Tokenizer.cc       | 104 ++++++++++++------------
+ src/http/one/Tokenizer.h        |  89 ++++++++------------
+ src/http/one/forward.h          |   3 +
+ src/parser/BinaryTokenizer.h    |   3 +-
+ src/parser/Makefile.am          |   1 +
+ src/parser/Tokenizer.cc         |  40 +++++++++
+ src/parser/Tokenizer.h          |  13 +++
+ src/parser/forward.h            |  22 +++++
+ 18 files changed, 364 insertions(+), 220 deletions(-)
+ create mode 100644 src/parser/forward.h
+
+--- a/src/adaptation/icap/ModXact.cc
++++ b/src/adaptation/icap/ModXact.cc
+@@ -25,12 +25,13 @@
+ #include "comm.h"
+ #include "comm/Connection.h"
+ #include "err_detail_type.h"
+-#include "http/one/TeChunkedParser.h"
+ #include "HttpHeaderTools.h"
+ #include "HttpMsg.h"
+ #include "HttpReply.h"
+ #include "HttpRequest.h"
+ #include "MasterXaction.h"
++#include "parser/Tokenizer.h"
++#include "sbuf/Stream.h"
+ #include "SquidTime.h"
+ 
+ // flow and terminology:
+@@ -44,6 +45,8 @@ CBDATA_NAMESPACED_CLASS_INIT(Adaptation:
+ 
+ static const size_t TheBackupLimit = BodyPipe::MaxCapacity;
+ 
++const SBuf Adaptation::Icap::ChunkExtensionValueParser::UseOriginalBodyName("use-original-body");
++
+ Adaptation::Icap::ModXact::State::State()
+ {
+     memset(this, 0, sizeof(*this));
+@@ -1108,6 +1111,7 @@ void Adaptation::Icap::ModXact::decideOn
+         state.parsing = State::psBody;
+         replyHttpBodySize = 0;
+         bodyParser = new Http1::TeChunkedParser;
++        bodyParser->parseExtensionValuesWith(&extensionParser);
+         makeAdaptedBodyPipe("adapted response from the ICAP server");
+         Must(state.sending == State::sendingAdapted);
+     } else {
+@@ -1142,9 +1146,8 @@ void Adaptation::Icap::ModXact::parseBod
+     }
+ 
+     if (parsed) {
+-        if (state.readyForUob && bodyParser->useOriginBody >= 0) {
+-            prepPartialBodyEchoing(
+-                static_cast<uint64_t>(bodyParser->useOriginBody));
++        if (state.readyForUob && extensionParser.sawUseOriginalBody()) {
++            prepPartialBodyEchoing(extensionParser.useOriginalBody());
+             stopParsing();
+             return;
+         }
+@@ -2014,3 +2017,14 @@ void Adaptation::Icap::ModXactLauncher::
+     }
+ }
+ 
++void
++Adaptation::Icap::ChunkExtensionValueParser::parse(Tokenizer &tok, const SBuf &extName)
++{
++    if (extName == UseOriginalBodyName) {
++        useOriginalBody_ = tok.udec64("use-original-body");
++        assert(useOriginalBody_ >= 0);
++    } else {
++        Ignore(tok, extName);
++    }
++}
++
+--- a/src/adaptation/icap/ModXact.h
++++ b/src/adaptation/icap/ModXact.h
+@@ -15,6 +15,7 @@
+ #include "adaptation/icap/Xaction.h"
+ #include "BodyPipe.h"
+ #include "http/one/forward.h"
++#include "http/one/TeChunkedParser.h"
+ 
+ /*
+  * ICAPModXact implements ICAP REQMOD and RESPMOD transaction using
+@@ -105,6 +106,23 @@ private:
+     enum State { stDisabled, stWriting, stIeof, stDone } theState;
+ };
+ 
++/// handles ICAP-specific chunk extensions supported by Squid
++class ChunkExtensionValueParser: public Http1::ChunkExtensionValueParser
++{
++public:
++    /* Http1::ChunkExtensionValueParser API */
++    virtual void parse(Tokenizer &tok, const SBuf &extName) override;
++
++    bool sawUseOriginalBody() const { return useOriginalBody_ >= 0; }
++    uint64_t useOriginalBody() const { assert(sawUseOriginalBody()); return static_cast<uint64_t>(useOriginalBody_); }
++
++private:
++    static const SBuf UseOriginalBodyName;
++
++    /// the value of the parsed use-original-body chunk extension (or -1)
++    int64_t useOriginalBody_ = -1;
++};
++
+ class ModXact: public Xaction, public BodyProducer, public BodyConsumer
+ {
+     CBDATA_CLASS(ModXact);
+@@ -270,6 +288,8 @@ private:
+ 
+     int adaptHistoryId; ///< adaptation history slot reservation
+ 
++    ChunkExtensionValueParser extensionParser;
++
+     class State
+     {
+ 
+--- a/src/http/one/Parser.cc
++++ b/src/http/one/Parser.cc
+@@ -7,10 +7,11 @@
+  */
+ 
+ #include "squid.h"
++#include "base/CharacterSet.h"
+ #include "Debug.h"
+ #include "http/one/Parser.h"
+-#include "http/one/Tokenizer.h"
+ #include "mime_header.h"
++#include "parser/Tokenizer.h"
+ #include "SquidConfig.h"
+ 
+ /// RFC 7230 section 2.6 - 7 magic octets
+@@ -61,20 +62,19 @@ Http::One::Parser::DelimiterCharacters()
+            RelaxedDelimiterCharacters() : CharacterSet::SP;
+ }
+ 
+-bool
+-Http::One::Parser::skipLineTerminator(Http1::Tokenizer &tok) const
++void
++Http::One::Parser::skipLineTerminator(Tokenizer &tok) const
+ {
+     if (tok.skip(Http1::CrLf()))
+-        return true;
++        return;
+ 
+     if (Config.onoff.relaxed_header_parser && tok.skipOne(CharacterSet::LF))
+-        return true;
++        return;
+ 
+     if (tok.atEnd() || (tok.remaining().length() == 1 && tok.remaining().at(0) == '\r'))
+-        return false; // need more data
++        throw InsufficientInput();
+ 
+     throw TexcHere("garbage instead of CRLF line terminator");
+-    return false; // unreachable, but make naive compilers happy
+ }
+ 
+ /// all characters except the LF line terminator
+@@ -102,7 +102,7 @@ LineCharacters()
+ void
+ Http::One::Parser::cleanMimePrefix()
+ {
+-    Http1::Tokenizer tok(mimeHeaderBlock_);
++    Tokenizer tok(mimeHeaderBlock_);
+     while (tok.skipOne(RelaxedDelimiterCharacters())) {
+         (void)tok.skipAll(LineCharacters()); // optional line content
+         // LF terminator is required.
+@@ -137,7 +137,7 @@ Http::One::Parser::cleanMimePrefix()
+ void
+ Http::One::Parser::unfoldMime()
+ {
+-    Http1::Tokenizer tok(mimeHeaderBlock_);
++    Tokenizer tok(mimeHeaderBlock_);
+     const auto szLimit = mimeHeaderBlock_.length();
+     mimeHeaderBlock_.clear();
+     // prevent the mime sender being able to make append() realloc/grow multiple times.
+@@ -228,7 +228,7 @@ Http::One::Parser::getHostHeaderField()
+     debugs(25, 5, "looking for " << name);
+ 
+     // while we can find more LF in the SBuf
+-    Http1::Tokenizer tok(mimeHeaderBlock_);
++    Tokenizer tok(mimeHeaderBlock_);
+     SBuf p;
+ 
+     while (tok.prefix(p, LineCharacters())) {
+@@ -250,7 +250,7 @@ Http::One::Parser::getHostHeaderField()
+         p.consume(namelen + 1);
+ 
+         // TODO: optimize SBuf::trim to take CharacterSet directly
+-        Http1::Tokenizer t(p);
++        Tokenizer t(p);
+         t.skipAll(CharacterSet::WSP);
+         p = t.remaining();
+ 
+@@ -278,10 +278,15 @@ Http::One::ErrorLevel()
+ }
+ 
+ // BWS = *( SP / HTAB ) ; WhitespaceCharacters() may relax this RFC 7230 rule
+-bool
+-Http::One::ParseBws(Tokenizer &tok)
++void
++Http::One::ParseBws(Parser::Tokenizer &tok)
+ {
+-    if (const auto count = tok.skipAll(Parser::WhitespaceCharacters())) {
++    const auto count = tok.skipAll(Parser::WhitespaceCharacters());
++
++    if (tok.atEnd())
++        throw InsufficientInput(); // even if count is positive
++
++    if (count) {
+         // Generating BWS is a MUST-level violation so warn about it as needed.
+         debugs(33, ErrorLevel(), "found " << count << " BWS octets");
+         // RFC 7230 says we MUST parse BWS, so we fall through even if
+@@ -289,6 +294,6 @@ Http::One::ParseBws(Tokenizer &tok)
+     }
+     // else we successfully "parsed" an empty BWS sequence
+ 
+-    return true;
++    // success: no more BWS characters expected
+ }
+ 
+--- a/src/http/one/Parser.h
++++ b/src/http/one/Parser.h
+@@ -12,6 +12,7 @@
+ #include "anyp/ProtocolVersion.h"
+ #include "http/one/forward.h"
+ #include "http/StatusCode.h"
++#include "parser/forward.h"
+ #include "sbuf/SBuf.h"
+ 
+ namespace Http {
+@@ -40,6 +41,7 @@ class Parser : public RefCountable
+ {
+ public:
+     typedef SBuf::size_type size_type;
++    typedef ::Parser::Tokenizer Tokenizer;
+ 
+     Parser() : parseStatusCode(Http::scNone), parsingStage_(HTTP_PARSE_NONE), hackExpectsMime_(false) {}
+     virtual ~Parser() {}
+@@ -118,11 +120,11 @@ protected:
+      * detect and skip the CRLF or (if tolerant) LF line terminator
+      * consume from the tokenizer.
+      *
+-     * throws if non-terminator is detected.
++     * \throws exception on bad or InsuffientInput.
+      * \retval true only if line terminator found.
+      * \retval false incomplete or missing line terminator, need more data.
+      */
+-    bool skipLineTerminator(Http1::Tokenizer &tok) const;
++    void skipLineTerminator(Tokenizer &) const;
+ 
+     /**
+      * Scan to find the mime headers block for current message.
+@@ -159,8 +161,8 @@ private:
+ };
+ 
+ /// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace)
+-/// \returns true (always; unlike all the skip*() functions)
+-bool ParseBws(Tokenizer &tok);
++/// \throws InsufficientInput when the end of BWS cannot be confirmed
++void ParseBws(Parser::Tokenizer &);
+ 
+ /// the right debugs() level for logging HTTP violation messages
+ int ErrorLevel();
+--- a/src/http/one/RequestParser.cc
++++ b/src/http/one/RequestParser.cc
+@@ -9,8 +9,8 @@
+ #include "squid.h"
+ #include "Debug.h"
+ #include "http/one/RequestParser.h"
+-#include "http/one/Tokenizer.h"
+ #include "http/ProtocolVersion.h"
++#include "parser/Tokenizer.h"
+ #include "profiler/Profiler.h"
+ #include "SquidConfig.h"
+ 
+@@ -64,7 +64,7 @@ Http::One::RequestParser::skipGarbageLin
+  *  RFC 7230 section 2.6, 3.1 and 3.5
+  */
+ bool
+-Http::One::RequestParser::parseMethodField(Http1::Tokenizer &tok)
++Http::One::RequestParser::parseMethodField(Tokenizer &tok)
+ {
+     // method field is a sequence of TCHAR.
+     // Limit to 32 characters to prevent overly long sequences of non-HTTP
+@@ -145,7 +145,7 @@ Http::One::RequestParser::RequestTargetC
+ }
+ 
+ bool
+-Http::One::RequestParser::parseUriField(Http1::Tokenizer &tok)
++Http::One::RequestParser::parseUriField(Tokenizer &tok)
+ {
+     /* Arbitrary 64KB URI upper length limit.
+      *
+@@ -178,7 +178,7 @@ Http::One::RequestParser::parseUriField(
+ }
+ 
+ bool
+-Http::One::RequestParser::parseHttpVersionField(Http1::Tokenizer &tok)
++Http::One::RequestParser::parseHttpVersionField(Tokenizer &tok)
+ {
+     static const SBuf http1p0("HTTP/1.0");
+     static const SBuf http1p1("HTTP/1.1");
+@@ -253,7 +253,7 @@ Http::One::RequestParser::skipDelimiter(
+ 
+ /// Parse CRs at the end of request-line, just before the terminating LF.
+ bool
+-Http::One::RequestParser::skipTrailingCrs(Http1::Tokenizer &tok)
++Http::One::RequestParser::skipTrailingCrs(Tokenizer &tok)
+ {
+     if (Config.onoff.relaxed_header_parser) {
+         (void)tok.skipAllTrailing(CharacterSet::CR); // optional; multiple OK
+@@ -289,12 +289,12 @@ Http::One::RequestParser::parseRequestFi
+     // Earlier, skipGarbageLines() took care of any leading LFs (if allowed).
+     // Now, the request line has to end at the first LF.
+     static const CharacterSet lineChars = CharacterSet::LF.complement("notLF");
+-    ::Parser::Tokenizer lineTok(buf_);
++    Tokenizer lineTok(buf_);
+     if (!lineTok.prefix(line, lineChars) || !lineTok.skip('\n')) {
+         if (buf_.length() >= Config.maxRequestHeaderSize) {
+             /* who should we blame for our failure to parse this line? */
+ 
+-            Http1::Tokenizer methodTok(buf_);
++            Tokenizer methodTok(buf_);
+             if (!parseMethodField(methodTok))
+                 return -1; // blame a bad method (or its delimiter)
+ 
+@@ -308,7 +308,7 @@ Http::One::RequestParser::parseRequestFi
+         return 0;
+     }
+ 
+-    Http1::Tokenizer tok(line);
++    Tokenizer tok(line);
+ 
+     if (!parseMethodField(tok))
+         return -1;
+--- a/src/http/one/RequestParser.h
++++ b/src/http/one/RequestParser.h
+@@ -54,11 +54,11 @@ private:
+     bool doParse(const SBuf &aBuf);
+ 
+     /* all these return false and set parseStatusCode on parsing failures */
+-    bool parseMethodField(Http1::Tokenizer &);
+-    bool parseUriField(Http1::Tokenizer &);
+-    bool parseHttpVersionField(Http1::Tokenizer &);
++    bool parseMethodField(Tokenizer &);
++    bool parseUriField(Tokenizer &);
++    bool parseHttpVersionField(Tokenizer &);
+     bool skipDelimiter(const size_t count, const char *where);
+-    bool skipTrailingCrs(Http1::Tokenizer &tok);
++    bool skipTrailingCrs(Tokenizer &tok);
+ 
+     bool http0() const {return !msgProtocol_.major;}
+     static const CharacterSet &RequestTargetCharacters();
+--- a/src/http/one/ResponseParser.cc
++++ b/src/http/one/ResponseParser.cc
+@@ -9,8 +9,8 @@
+ #include "squid.h"
+ #include "Debug.h"
+ #include "http/one/ResponseParser.h"
+-#include "http/one/Tokenizer.h"
+ #include "http/ProtocolVersion.h"
++#include "parser/Tokenizer.h"
+ #include "profiler/Profiler.h"
+ #include "SquidConfig.h"
+ 
+@@ -47,7 +47,7 @@ Http::One::ResponseParser::firstLineSize
+ // NP: we found the protocol version and consumed it already.
+ // just need the status code and reason phrase
+ int
+-Http::One::ResponseParser::parseResponseStatusAndReason(Http1::Tokenizer &tok, const CharacterSet &WspDelim)
++Http::One::ResponseParser::parseResponseStatusAndReason(Tokenizer &tok, const CharacterSet &WspDelim)
+ {
+     if (!completedStatus_) {
+         debugs(74, 9, "seek status-code in: " << tok.remaining().substr(0,10) << "...");
+@@ -87,14 +87,13 @@ Http::One::ResponseParser::parseResponse
+     static const CharacterSet phraseChars = CharacterSet::WSP + CharacterSet::VCHAR + CharacterSet::OBSTEXT;
+     (void)tok.prefix(reasonPhrase_, phraseChars); // optional, no error if missing
+     try {
+-        if (skipLineTerminator(tok)) {
+-            debugs(74, DBG_DATA, "parse remaining buf={length=" << tok.remaining().length() << ", data='" << tok.remaining() << "'}");
+-            buf_ = tok.remaining(); // resume checkpoint
+-            return 1;
+-        }
++        skipLineTerminator(tok);
++        buf_ = tok.remaining(); // resume checkpoint
++        debugs(74, DBG_DATA, Raw("leftovers", buf_.rawContent(), buf_.length()));
++        return 1;
++    } catch (const InsufficientInput &) {
+         reasonPhrase_.clear();
+         return 0; // need more to be sure we have it all
+-
+     } catch (const std::exception &ex) {
+         debugs(74, 6, "invalid status-line: " << ex.what());
+     }
+@@ -119,7 +118,7 @@ Http::One::ResponseParser::parseResponse
+ int
+ Http::One::ResponseParser::parseResponseFirstLine()
+ {
+-    Http1::Tokenizer tok(buf_);
++    Tokenizer tok(buf_);
+ 
+     const CharacterSet &WspDelim = DelimiterCharacters();
+ 
+--- a/src/http/one/ResponseParser.h
++++ b/src/http/one/ResponseParser.h
+@@ -43,7 +43,7 @@ public:
+ 
+ private:
+     int parseResponseFirstLine();
+-    int parseResponseStatusAndReason(Http1::Tokenizer&, const CharacterSet &);
++    int parseResponseStatusAndReason(Tokenizer&, const CharacterSet &);
+ 
+     /// magic prefix for identifying ICY response messages
+     static const SBuf IcyMagic;
+--- a/src/http/one/TeChunkedParser.cc
++++ b/src/http/one/TeChunkedParser.cc
+@@ -13,10 +13,13 @@
+ #include "http/one/Tokenizer.h"
+ #include "http/ProtocolVersion.h"
+ #include "MemBuf.h"
++#include "parser/Tokenizer.h"
+ #include "Parsing.h"
++#include "sbuf/Stream.h"
+ #include "SquidConfig.h"
+ 
+-Http::One::TeChunkedParser::TeChunkedParser()
++Http::One::TeChunkedParser::TeChunkedParser():
++    customExtensionValueParser(nullptr)
+ {
+     // chunked encoding only exists in HTTP/1.1
+     Http1::Parser::msgProtocol_ = Http::ProtocolVersion(1,1);
+@@ -31,7 +34,11 @@ Http::One::TeChunkedParser::clear()
+     buf_.clear();
+     theChunkSize = theLeftBodySize = 0;
+     theOut = NULL;
+-    useOriginBody = -1;
++    // XXX: We do not reset customExtensionValueParser here. Based on the
++    // clear() API description, we must, but it makes little sense and could
++    // break method callers if they appear because some of them may forget to
++    // reset customExtensionValueParser. TODO: Remove Http1::Parser as our
++    // parent class and this unnecessary method with it.
+ }
+ 
+ bool
+@@ -49,14 +56,14 @@ Http::One::TeChunkedParser::parse(const
+     if (parsingStage_ == Http1::HTTP_PARSE_NONE)
+         parsingStage_ = Http1::HTTP_PARSE_CHUNK_SZ;
+ 
+-    Http1::Tokenizer tok(buf_);
++    Tokenizer tok(buf_);
+ 
+     // loop for as many chunks as we can
+     // use do-while instead of while so that we can incrementally
+     // restart in the middle of a chunk/frame
+     do {
+ 
+-        if (parsingStage_ == Http1::HTTP_PARSE_CHUNK_EXT && !parseChunkExtension(tok, theChunkSize))
++        if (parsingStage_ == Http1::HTTP_PARSE_CHUNK_EXT && !parseChunkMetadataSuffix(tok))
+             return false;
+ 
+         if (parsingStage_ == Http1::HTTP_PARSE_CHUNK && !parseChunkBody(tok))
+@@ -80,7 +87,7 @@ Http::One::TeChunkedParser::needsMoreSpa
+ 
+ /// RFC 7230 section 4.1 chunk-size
+ bool
+-Http::One::TeChunkedParser::parseChunkSize(Http1::Tokenizer &tok)
++Http::One::TeChunkedParser::parseChunkSize(Tokenizer &tok)
+ {
+     Must(theChunkSize <= 0); // Should(), really
+ 
+@@ -104,66 +111,75 @@ Http::One::TeChunkedParser::parseChunkSi
+     return false; // should not be reachable
+ }
+ 
+-/**
+- * Parses chunk metadata suffix, looking for interesting extensions and/or
+- * getting to the line terminator. RFC 7230 section 4.1.1 and its Errata #4667:
+- *
+- *   chunk-ext = *( BWS  ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
+- *   chunk-ext-name = token
+- *   chunk-ext-val  = token / quoted-string
+- *
+- * ICAP 'use-original-body=N' extension is supported.
+- */
+-bool
+-Http::One::TeChunkedParser::parseChunkExtension(Http1::Tokenizer &tok, bool skipKnown)
+-{
+-    SBuf ext;
+-    SBuf value;
+-    while (
+-        ParseBws(tok) && // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
+-        tok.skip(';') &&
+-        ParseBws(tok) && // Bug 4492: ICAP servers send SP before chunk-ext-name
+-        tok.prefix(ext, CharacterSet::TCHAR)) { // chunk-ext-name
+-
+-        // whole value part is optional. if no '=' expect next chunk-ext
+-        if (ParseBws(tok) && tok.skip('=') && ParseBws(tok)) {
+-
+-            if (!skipKnown) {
+-                if (ext.cmp("use-original-body",17) == 0 && tok.int64(useOriginBody, 10)) {
+-                    debugs(94, 3, "Found chunk extension " << ext << "=" << useOriginBody);
+-                    buf_ = tok.remaining(); // parse checkpoint
+-                    continue;
+-                }
+-            }
+-
+-            debugs(94, 5, "skipping unknown chunk extension " << ext);
+-
+-            // unknown might have a value token or quoted-string
+-            if (tok.quotedStringOrToken(value) && !tok.atEnd()) {
+-                buf_ = tok.remaining(); // parse checkpoint
+-                continue;
+-            }
+-
+-            // otherwise need more data OR corrupt syntax
+-            break;
+-        }
+-
+-        if (!tok.atEnd())
+-            buf_ = tok.remaining(); // parse checkpoint (unless there might be more token name)
+-    }
+-
+-    if (skipLineTerminator(tok)) {
+-        buf_ = tok.remaining(); // checkpoint
+-        // non-0 chunk means data, 0-size means optional Trailer follows
++/// Parses "[chunk-ext] CRLF" from RFC 7230 section 4.1.1:
++///   chunk = chunk-size [ chunk-ext ] CRLF chunk-data CRLF
++///   last-chunk = 1*"0" [ chunk-ext ] CRLF
++bool
++Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
++{
++    // Code becomes much simpler when incremental parsing functions throw on
++    // bad or insufficient input, like in the code below. TODO: Expand up.
++    try {
++        parseChunkExtensions(tok); // a possibly empty chunk-ext list
++        skipLineTerminator(tok);
++        buf_ = tok.remaining();
+         parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME;
+         return true;
++    } catch (const InsufficientInput &) {
++        tok.reset(buf_); // backtrack to the last commit point
++        return false;
+     }
++    // other exceptions bubble up to kill message parsing
++}
++
++/// Parses the chunk-ext list (RFC 7230 section 4.1.1 and its Errata #4667):
++/// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
++void
++Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &tok)
++{
++    do {
++        ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
+ 
+-    return false;
++        if (!tok.skip(';'))
++            return; // reached the end of extensions (if any)
++
++        parseOneChunkExtension(tok);
++        buf_ = tok.remaining(); // got one extension
++    } while (true);
++}
++
++void
++Http::One::ChunkExtensionValueParser::Ignore(Tokenizer &tok, const SBuf &extName)
++{
++    const auto ignoredValue = tokenOrQuotedString(tok);
++    debugs(94, 5, extName << " with value " << ignoredValue);
++}
++
++/// Parses a single chunk-ext list element:
++/// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
++void
++Http::One::TeChunkedParser::parseOneChunkExtension(Tokenizer &tok)
++{
++    ParseBws(tok); // Bug 4492: ICAP servers send SP before chunk-ext-name
++
++    const auto extName = tok.prefix("chunk-ext-name", CharacterSet::TCHAR);
++
++    ParseBws(tok);
++
++    if (!tok.skip('='))
++        return; // parsed a valueless chunk-ext
++
++    ParseBws(tok);
++
++    // optimization: the only currently supported extension needs last-chunk
++    if (!theChunkSize && customExtensionValueParser)
++        customExtensionValueParser->parse(tok, extName);
++    else
++        ChunkExtensionValueParser::Ignore(tok, extName);
+ }
+ 
+ bool
+-Http::One::TeChunkedParser::parseChunkBody(Http1::Tokenizer &tok)
++Http::One::TeChunkedParser::parseChunkBody(Tokenizer &tok)
+ {
+     if (theLeftBodySize > 0) {
+         buf_ = tok.remaining(); // sync buffers before buf_ use
+@@ -188,17 +204,20 @@ Http::One::TeChunkedParser::parseChunkBo
+ }
+ 
+ bool
+-Http::One::TeChunkedParser::parseChunkEnd(Http1::Tokenizer &tok)
++Http::One::TeChunkedParser::parseChunkEnd(Tokenizer &tok)
+ {
+     Must(theLeftBodySize == 0); // Should(), really
+ 
+-    if (skipLineTerminator(tok)) {
++    try {
++        skipLineTerminator(tok);
+         buf_ = tok.remaining(); // parse checkpoint
+         theChunkSize = 0; // done with the current chunk
+         parsingStage_ = Http1::HTTP_PARSE_CHUNK_SZ;
+         return true;
+     }
+-
+-    return false;
++    catch (const InsufficientInput &) {
++        return false;
++    }
++    // other exceptions bubble up to kill message parsing
+ }
+ 
+--- a/src/http/one/TeChunkedParser.h
++++ b/src/http/one/TeChunkedParser.h
+@@ -18,6 +18,26 @@ namespace Http
+ namespace One
+ {
+ 
++using ::Parser::InsufficientInput;
++
++// TODO: Move this class into http/one/ChunkExtensionValueParser.*
++/// A customizable parser of a single chunk extension value (chunk-ext-val).
++/// From RFC 7230 section 4.1.1 and its Errata #4667:
++/// chunk-ext = *( BWS  ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
++/// chunk-ext-name = token
++/// chunk-ext-val  = token / quoted-string
++class ChunkExtensionValueParser
++{
++public:
++    typedef ::Parser::Tokenizer Tokenizer;
++
++    /// extracts and ignores the value of a named extension
++    static void Ignore(Tokenizer &tok, const SBuf &extName);
++
++    /// extracts and then interprets (or ignores) the extension value
++    virtual void parse(Tokenizer &tok, const SBuf &extName) = 0;
++};
++
+ /**
+  * An incremental parser for chunked transfer coding
+  * defined in RFC 7230 section 4.1.
+@@ -25,7 +45,7 @@ namespace One
+  *
+  * The parser shovels content bytes from the raw
+  * input buffer into the content output buffer, both caller-supplied.
+- * Ignores chunk extensions except for ICAP's ieof.
++ * Chunk extensions like use-original-body are handled via parseExtensionValuesWith().
+  * Trailers are available via mimeHeader() if wanted.
+  */
+ class TeChunkedParser : public Http1::Parser
+@@ -37,6 +57,10 @@ public:
+     /// set the buffer to be used to store decoded chunk data
+     void setPayloadBuffer(MemBuf *parsedContent) {theOut = parsedContent;}
+ 
++    /// Instead of ignoring all chunk extension values, give the supplied
++    /// parser a chance to handle them. Only applied to last-chunk (for now).
++    void parseExtensionValuesWith(ChunkExtensionValueParser *parser) { customExtensionValueParser = parser; }
++
+     bool needsMoreSpace() const;
+ 
+     /* Http1::Parser API */
+@@ -45,17 +69,20 @@ public:
+     virtual Parser::size_type firstLineSize() const {return 0;} // has no meaning with multiple chunks
+ 
+ private:
+-    bool parseChunkSize(Http1::Tokenizer &tok);
+-    bool parseChunkExtension(Http1::Tokenizer &tok, bool skipKnown);
+-    bool parseChunkBody(Http1::Tokenizer &tok);
+-    bool parseChunkEnd(Http1::Tokenizer &tok);
++    bool parseChunkSize(Tokenizer &tok);
++    bool parseChunkMetadataSuffix(Tokenizer &);
++    void parseChunkExtensions(Tokenizer &);
++    void parseOneChunkExtension(Tokenizer &);
++    bool parseChunkBody(Tokenizer &tok);
++    bool parseChunkEnd(Tokenizer &tok);
+ 
+     MemBuf *theOut;
+     uint64_t theChunkSize;
+     uint64_t theLeftBodySize;
+ 
+-public:
+-    int64_t useOriginBody;
++    /// An optional plugin for parsing and interpreting custom chunk-ext-val.
++    /// This "visitor" object is owned by our creator.
++    ChunkExtensionValueParser *customExtensionValueParser;
+ };
+ 
+ } // namespace One
+--- a/src/http/one/Tokenizer.cc
++++ b/src/http/one/Tokenizer.cc
+@@ -8,35 +8,18 @@
+ 
+ #include "squid.h"
+ #include "Debug.h"
++#include "http/one/Parser.h"
+ #include "http/one/Tokenizer.h"
++#include "parser/Tokenizer.h"
++#include "sbuf/Stream.h"
+ 
+-bool
+-Http::One::Tokenizer::quotedString(SBuf &returnedToken, const bool http1p0)
++/// Extracts quoted-string after the caller removes the initial '"'.
++/// \param http1p0 whether to prohibit \-escaped characters in quoted strings
++/// \throws InsufficientInput when input can be a token _prefix_
++/// \returns extracted quoted string (without quotes and with chars unescaped)
++static SBuf
++parseQuotedStringSuffix(Parser::Tokenizer &tok, const bool http1p0)
+ {
+-    checkpoint();
+-
+-    if (!skip('"'))
+-        return false;
+-
+-    return qdText(returnedToken, http1p0);
+-}
+-
+-bool
+-Http::One::Tokenizer::quotedStringOrToken(SBuf &returnedToken, const bool http1p0)
+-{
+-    checkpoint();
+-
+-    if (!skip('"'))
+-        return prefix(returnedToken, CharacterSet::TCHAR);
+-
+-    return qdText(returnedToken, http1p0);
+-}
+-
+-bool
+-Http::One::Tokenizer::qdText(SBuf &returnedToken, const bool http1p0)
+-{
+-    // the initial DQUOTE has been skipped by the caller
+-
+     /*
+      * RFC 1945 - defines qdtext:
+      *   inclusive of LWS (which includes CR and LF)
+@@ -61,12 +44,17 @@ Http::One::Tokenizer::qdText(SBuf &retur
+     // best we can do is a conditional reference since http1p0 value may change per-client
+     const CharacterSet &tokenChars = (http1p0 ? qdtext1p0 : qdtext1p1);
+ 
+-    for (;;) {
+-        SBuf::size_type prefixLen = buf().findFirstNotOf(tokenChars);
+-        returnedToken.append(consume(prefixLen));
++    SBuf parsedToken;
++
++    while (!tok.atEnd()) {
++        SBuf qdText;
++        if (tok.prefix(qdText, tokenChars))
++            parsedToken.append(qdText);
++
++        if (!http1p0 && tok.skip('\\')) { // HTTP/1.1 allows quoted-pair, HTTP/1.0 does not
++            if (tok.atEnd())
++                break;
+ 
+-        // HTTP/1.1 allows quoted-pair, HTTP/1.0 does not
+-        if (!http1p0 && skip('\\')) {
+             /* RFC 7230 section 3.2.6
+              *
+              * The backslash octet ("\") can be used as a single-octet quoting
+@@ -78,32 +66,42 @@ Http::One::Tokenizer::qdText(SBuf &retur
+              */
+             static const CharacterSet qPairChars = CharacterSet::HTAB + CharacterSet::SP + CharacterSet::VCHAR + CharacterSet::OBSTEXT;
+             SBuf escaped;
+-            if (!prefix(escaped, qPairChars, 1)) {
+-                returnedToken.clear();
+-                restoreLastCheckpoint();
+-                return false;
+-            }
+-            returnedToken.append(escaped);
++            if (!tok.prefix(escaped, qPairChars, 1))
++                throw TexcHere("invalid escaped character in quoted-pair");
++
++            parsedToken.append(escaped);
+             continue;
++        }
+ 
+-        } else if (skip('"')) {
+-            break; // done
++        if (tok.skip('"'))
++            return parsedToken; // may be empty
+ 
+-        } else if (atEnd()) {
+-            // need more data
+-            returnedToken.clear();
+-            restoreLastCheckpoint();
+-            return false;
+-        }
++        if (tok.atEnd())
++            break;
+ 
+-        // else, we have an error
+-        debugs(24, 8, "invalid bytes for set " << tokenChars.name);
+-        returnedToken.clear();
+-        restoreLastCheckpoint();
+-        return false;
++        throw TexcHere(ToSBuf("invalid bytes for set ", tokenChars.name));
+     }
+ 
+-    // found the whole string
+-    return true;
++    throw Http::One::InsufficientInput();
++}
++
++SBuf
++Http::One::tokenOrQuotedString(Parser::Tokenizer &tok, const bool http1p0)
++{
++    if (tok.skip('"'))
++        return parseQuotedStringSuffix(tok, http1p0);
++
++    if (tok.atEnd())
++        throw InsufficientInput();
++
++    SBuf parsedToken;
++    if (!tok.prefix(parsedToken, CharacterSet::TCHAR))
++        throw TexcHere("invalid input while expecting an HTTP token");
++
++    if (tok.atEnd())
++        throw InsufficientInput();
++
++    // got the complete token
++    return parsedToken;
+ }
+ 
+--- a/src/http/one/Tokenizer.h
++++ b/src/http/one/Tokenizer.h
+@@ -9,68 +9,47 @@
+ #ifndef SQUID_SRC_HTTP_ONE_TOKENIZER_H
+ #define SQUID_SRC_HTTP_ONE_TOKENIZER_H
+ 
+-#include "parser/Tokenizer.h"
++#include "parser/forward.h"
++#include "sbuf/forward.h"
+ 
+ namespace Http {
+ namespace One {
+ 
+ /**
+- * Lexical processor extended to tokenize HTTP/1.x syntax.
++ * Extracts either an HTTP/1 token or quoted-string while dealing with
++ * possibly incomplete input typical for incremental text parsers.
++ * Unescapes escaped characters in HTTP/1.1 quoted strings.
+  *
+- * \see ::Parser::Tokenizer for more detail
++ * \param http1p0 whether to prohibit \-escaped characters in quoted strings
++ * \throws InsufficientInput as appropriate, including on unterminated tokens
++ * \returns extracted token or quoted string (without quotes)
++ *
++ * Governed by:
++ *  - RFC 1945 section 2.1
++ *  "
++ *    A string of text is parsed as a single word if it is quoted using
++ *    double-quote marks.
++ *
++ *        quoted-string  = ( <"> *(qdtext) <"> )
++ *
++ *        qdtext         = <any CHAR except <"> and CTLs,
++ *                         but including LWS>
++ *
++ *    Single-character quoting using the backslash ("\") character is not
++ *    permitted in HTTP/1.0.
++ *  "
++ *
++ *  - RFC 7230 section 3.2.6
++ *  "
++ *    A string of text is parsed as a single value if it is quoted using
++ *    double-quote marks.
++ *
++ *    quoted-string  = DQUOTE *( qdtext / quoted-pair ) DQUOTE
++ *    qdtext         = HTAB / SP /%x21 / %x23-5B / %x5D-7E / obs-text
++ *    obs-text       = %x80-FF
++ *  "
+  */
+-class Tokenizer : public ::Parser::Tokenizer
+-{
+-public:
+-    Tokenizer(SBuf &s) : ::Parser::Tokenizer(s), savedStats_(0) {}
+-
+-    /**
+-     * Attempt to parse a quoted-string lexical construct.
+-     *
+-     * Governed by:
+-     *  - RFC 1945 section 2.1
+-     *  "
+-     *    A string of text is parsed as a single word if it is quoted using
+-     *    double-quote marks.
+-     *
+-     *        quoted-string  = ( <"> *(qdtext) <"> )
+-     *
+-     *        qdtext         = <any CHAR except <"> and CTLs,
+-     *                         but including LWS>
+-     *
+-     *    Single-character quoting using the backslash ("\") character is not
+-     *    permitted in HTTP/1.0.
+-     *  "
+-     *
+-     *  - RFC 7230 section 3.2.6
+-     *  "
+-     *    A string of text is parsed as a single value if it is quoted using
+-     *    double-quote marks.
+-     *
+-     *    quoted-string  = DQUOTE *( qdtext / quoted-pair ) DQUOTE
+-     *    qdtext         = HTAB / SP /%x21 / %x23-5B / %x5D-7E / obs-text
+-     *    obs-text       = %x80-FF
+-     *  "
+-     *
+-     * \param escaped HTTP/1.0 does not permit \-escaped characters
+-     */
+-    bool quotedString(SBuf &value, const bool http1p0 = false);
+-
+-    /**
+-     * Attempt to parse a (token / quoted-string ) lexical construct.
+-     */
+-    bool quotedStringOrToken(SBuf &value, const bool http1p0 = false);
+-
+-private:
+-    /// parse the internal component of a quote-string, and terminal DQUOTE
+-    bool qdText(SBuf &value, const bool http1p0);
+-
+-    void checkpoint() { savedCheckpoint_ = buf(); savedStats_ = parsedSize(); }
+-    void restoreLastCheckpoint() { undoParse(savedCheckpoint_, savedStats_); }
+-
+-    SBuf savedCheckpoint_;
+-    SBuf::size_type savedStats_;
+-};
++SBuf tokenOrQuotedString(Parser::Tokenizer &tok, const bool http1p0 = false);
+ 
+ } // namespace One
+ } // namespace Http
+--- a/src/http/one/forward.h
++++ b/src/http/one/forward.h
+@@ -10,6 +10,7 @@
+ #define SQUID_SRC_HTTP_ONE_FORWARD_H
+ 
+ #include "base/RefCount.h"
++#include "parser/forward.h"
+ #include "sbuf/forward.h"
+ 
+ namespace Http {
+@@ -31,6 +32,8 @@ typedef RefCount<Http::One::ResponsePars
+ /// CRLF textual representation
+ const SBuf &CrLf();
+ 
++using ::Parser::InsufficientInput;
++
+ } // namespace One
+ } // namespace Http
+ 
+--- a/src/parser/BinaryTokenizer.h
++++ b/src/parser/BinaryTokenizer.h
+@@ -9,6 +9,7 @@
+ #ifndef SQUID_SRC_PARSER_BINARYTOKENIZER_H
+ #define SQUID_SRC_PARSER_BINARYTOKENIZER_H
+ 
++#include "parser/forward.h"
+ #include "sbuf/SBuf.h"
+ 
+ namespace Parser
+@@ -44,7 +45,7 @@ public:
+ class BinaryTokenizer
+ {
+ public:
+-    class InsufficientInput {}; // thrown when a method runs out of data
++    typedef ::Parser::InsufficientInput InsufficientInput;
+     typedef uint64_t size_type; // enough for the largest supported offset
+ 
+     BinaryTokenizer();
+--- a/src/parser/Makefile.am
++++ b/src/parser/Makefile.am
+@@ -13,6 +13,7 @@ noinst_LTLIBRARIES = libparser.la
+ libparser_la_SOURCES = \
+ 	BinaryTokenizer.h \
+ 	BinaryTokenizer.cc \
++	forward.h \
+ 	Tokenizer.h \
+ 	Tokenizer.cc
+ 
+--- a/src/parser/Tokenizer.cc
++++ b/src/parser/Tokenizer.cc
+@@ -10,7 +10,9 @@
+ 
+ #include "squid.h"
+ #include "Debug.h"
++#include "parser/forward.h"
+ #include "parser/Tokenizer.h"
++#include "sbuf/Stream.h"
+ 
+ #include <cerrno>
+ #if HAVE_CTYPE_H
+@@ -96,6 +98,23 @@ Parser::Tokenizer::prefix(SBuf &returned
+     return true;
+ }
+ 
++SBuf
++Parser::Tokenizer::prefix(const char *description, const CharacterSet &tokenChars, const SBuf::size_type limit)
++{
++    if (atEnd())
++        throw InsufficientInput();
++
++    SBuf result;
++
++    if (!prefix(result, tokenChars, limit))
++        throw TexcHere(ToSBuf("cannot parse ", description));
++
++    if (atEnd())
++        throw InsufficientInput();
++
++    return result;
++}
++
+ bool
+ Parser::Tokenizer::suffix(SBuf &returnedToken, const CharacterSet &tokenChars, const SBuf::size_type limit)
+ {
+@@ -283,3 +302,24 @@ Parser::Tokenizer::int64(int64_t & resul
+     return success(s - range.rawContent());
+ }
+ 
++int64_t
++Parser::Tokenizer::udec64(const char *description, const SBuf::size_type limit)
++{
++    if (atEnd())
++        throw InsufficientInput();
++
++    int64_t result = 0;
++
++    // Since we only support unsigned decimals, a parsing failure with a
++    // non-empty input always implies invalid/malformed input (or a buggy
++    // limit=0 caller). TODO: Support signed and non-decimal integers by
++    // refactoring int64() to detect insufficient input.
++    if (!int64(result, 10, false, limit))
++        throw TexcHere(ToSBuf("cannot parse ", description));
++
++    if (atEnd())
++        throw InsufficientInput(); // more digits may be coming
++
++    return result;
++}
++
+--- a/src/parser/Tokenizer.h
++++ b/src/parser/Tokenizer.h
+@@ -143,6 +143,19 @@ public:
+      */
+     bool int64(int64_t &result, int base = 0, bool allowSign = true, SBuf::size_type limit = SBuf::npos);
+ 
++    /*
++     * The methods below mimic their counterparts documented above, but they
++     * throw on errors, including InsufficientInput. The field description
++     * parameter is used for error reporting and debugging.
++     */
++
++    /// prefix() wrapper but throws InsufficientInput if input contains
++    /// nothing but the prefix (i.e. if the prefix is not "terminated")
++    SBuf prefix(const char *description, const CharacterSet &tokenChars, SBuf::size_type limit = SBuf::npos);
++
++    /// int64() wrapper but limited to unsigned decimal integers (for now)
++    int64_t udec64(const char *description, SBuf::size_type limit = SBuf::npos);
++
+ protected:
+     SBuf consume(const SBuf::size_type n);
+     SBuf::size_type success(const SBuf::size_type n);
+--- /dev/null
++++ b/src/parser/forward.h
+@@ -0,0 +1,22 @@
++/*
++ * Copyright (C) 1996-2019 The Squid Software Foundation and contributors
++ *
++ * Squid software is distributed under GPLv2+ license and includes
++ * contributions from numerous individuals and organizations.
++ * Please see the COPYING and CONTRIBUTORS files for details.
++ */
++
++#ifndef SQUID_PARSER_FORWARD_H
++#define SQUID_PARSER_FORWARD_H
++
++namespace Parser {
++class Tokenizer;
++class BinaryTokenizer;
++
++// TODO: Move this declaration (to parser/Elements.h) if we need more like it.
++/// thrown by modern "incremental" parsers when they need more data
++class InsufficientInput {};
++} // namespace Parser
++
++#endif /* SQUID_PARSER_FORWARD_H */
++
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-46846.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-46846.patch
new file mode 100644
index 0000000000..a6d0965e7a
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-46846.patch
@@ -0,0 +1,169 @@
+From 05f6af2f4c85cc99323cfff6149c3d74af661b6d Mon Sep 17 00:00:00 2001
+From: Amos Jeffries <yadij@users.noreply.github.com>
+Date: Fri, 13 Oct 2023 08:44:16 +0000
+Subject: [PATCH] RFC 9112: Improve HTTP chunked encoding compliance (#1498)
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches/CVE-2023-46846.patch?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
+Upstream commit https://github.com/squid-cache/squid/commit/05f6af2f4c85cc99323cfff6149c3d74af661b6d]
+CVE: CVE-2023-46846
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/http/one/Parser.cc          |  8 +-------
+ src/http/one/Parser.h           |  4 +---
+ src/http/one/TeChunkedParser.cc | 23 ++++++++++++++++++-----
+ src/parser/Tokenizer.cc         | 12 ++++++++++++
+ src/parser/Tokenizer.h          |  7 +++++++
+ 5 files changed, 39 insertions(+), 15 deletions(-)
+
+--- a/src/http/one/Parser.cc
++++ b/src/http/one/Parser.cc
+@@ -65,16 +65,10 @@ Http::One::Parser::DelimiterCharacters()
+ void
+ Http::One::Parser::skipLineTerminator(Tokenizer &tok) const
+ {
+-    if (tok.skip(Http1::CrLf()))
+-        return;
+-
+     if (Config.onoff.relaxed_header_parser && tok.skipOne(CharacterSet::LF))
+         return;
+ 
+-    if (tok.atEnd() || (tok.remaining().length() == 1 && tok.remaining().at(0) == '\r'))
+-        throw InsufficientInput();
+-
+-    throw TexcHere("garbage instead of CRLF line terminator");
++    tok.skipRequired("line-terminating CRLF", Http1::CrLf());
+ }
+ 
+ /// all characters except the LF line terminator
+--- a/src/http/one/Parser.h
++++ b/src/http/one/Parser.h
+@@ -120,9 +120,7 @@ protected:
+      * detect and skip the CRLF or (if tolerant) LF line terminator
+      * consume from the tokenizer.
+      *
+-     * \throws exception on bad or InsuffientInput.
+-     * \retval true only if line terminator found.
+-     * \retval false incomplete or missing line terminator, need more data.
++     * \throws exception on bad or InsufficientInput
+      */
+     void skipLineTerminator(Tokenizer &) const;
+ 
+--- a/src/http/one/TeChunkedParser.cc
++++ b/src/http/one/TeChunkedParser.cc
+@@ -91,6 +91,11 @@ Http::One::TeChunkedParser::parseChunkSi
+ {
+     Must(theChunkSize <= 0); // Should(), really
+ 
++    static const SBuf bannedHexPrefixLower("0x");
++    static const SBuf bannedHexPrefixUpper("0X");
++    if (tok.skip(bannedHexPrefixLower) || tok.skip(bannedHexPrefixUpper))
++        throw TextException("chunk starts with 0x", Here());
++
+     int64_t size = -1;
+     if (tok.int64(size, 16, false) && !tok.atEnd()) {
+         if (size < 0)
+@@ -121,7 +126,7 @@ Http::One::TeChunkedParser::parseChunkMe
+     // bad or insufficient input, like in the code below. TODO: Expand up.
+     try {
+         parseChunkExtensions(tok); // a possibly empty chunk-ext list
+-        skipLineTerminator(tok);
++        tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf());
+         buf_ = tok.remaining();
+         parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME;
+         return true;
+@@ -132,12 +137,14 @@ Http::One::TeChunkedParser::parseChunkMe
+     // other exceptions bubble up to kill message parsing
+ }
+ 
+-/// Parses the chunk-ext list (RFC 7230 section 4.1.1 and its Errata #4667):
++/// Parses the chunk-ext list (RFC 9112 section 7.1.1:
+ /// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
+ void
+-Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &tok)
++Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok)
+ {
+     do {
++        auto tok = callerTok;
++
+         ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
+ 
+         if (!tok.skip(';'))
+@@ -145,6 +152,7 @@ Http::One::TeChunkedParser::parseChunkEx
+ 
+         parseOneChunkExtension(tok);
+         buf_ = tok.remaining(); // got one extension
++        callerTok = tok;
+     } while (true);
+ }
+ 
+@@ -158,11 +166,14 @@ Http::One::ChunkExtensionValueParser::Ig
+ /// Parses a single chunk-ext list element:
+ /// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
+ void
+-Http::One::TeChunkedParser::parseOneChunkExtension(Tokenizer &tok)
++Http::One::TeChunkedParser::parseOneChunkExtension(Tokenizer &callerTok)
+ {
++    auto tok = callerTok;
++
+     ParseBws(tok); // Bug 4492: ICAP servers send SP before chunk-ext-name
+ 
+     const auto extName = tok.prefix("chunk-ext-name", CharacterSet::TCHAR);
++    callerTok = tok; // in case we determine that this is a valueless chunk-ext
+ 
+     ParseBws(tok);
+ 
+@@ -176,6 +187,8 @@ Http::One::TeChunkedParser::parseOneChun
+         customExtensionValueParser->parse(tok, extName);
+     else
+         ChunkExtensionValueParser::Ignore(tok, extName);
++
++    callerTok = tok;
+ }
+ 
+ bool
+@@ -209,7 +222,7 @@ Http::One::TeChunkedParser::parseChunkEn
+     Must(theLeftBodySize == 0); // Should(), really
+ 
+     try {
+-        skipLineTerminator(tok);
++        tok.skipRequired("chunk CRLF", Http1::CrLf());
+         buf_ = tok.remaining(); // parse checkpoint
+         theChunkSize = 0; // done with the current chunk
+         parsingStage_ = Http1::HTTP_PARSE_CHUNK_SZ;
+--- a/src/parser/Tokenizer.cc
++++ b/src/parser/Tokenizer.cc
+@@ -147,6 +147,18 @@ Parser::Tokenizer::skipAll(const Charact
+     return success(prefixLen);
+ }
+ 
++void
++Parser::Tokenizer::skipRequired(const char *description, const SBuf &tokenToSkip)
++{
++    if (skip(tokenToSkip) || tokenToSkip.isEmpty())
++        return;
++
++    if (tokenToSkip.startsWith(buf_))
++        throw InsufficientInput();
++
++    throw TextException(ToSBuf("cannot skip ", description), Here());
++}
++
+ bool
+ Parser::Tokenizer::skipOne(const CharacterSet &chars)
+ {
+--- a/src/parser/Tokenizer.h
++++ b/src/parser/Tokenizer.h
+@@ -115,6 +115,13 @@ public:
+      */
+     SBuf::size_type skipAll(const CharacterSet &discardables);
+ 
++    /** skips a given character sequence (string);
++     * does nothing if the sequence is empty
++     *
++     * \throws exception on mismatching prefix or InsufficientInput
++     */
++    void skipRequired(const char *description, const SBuf &tokenToSkip);
++
+     /** Removes a single trailing character from the set.
+      *
+      * \return whether a character was removed
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-46847.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-46847.patch
new file mode 100644
index 0000000000..9071872c01
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-46847.patch
@@ -0,0 +1,47 @@
+From 052cf082b0faaef4eaaa4e94119d7a1437aac4a3 Mon Sep 17 00:00:00 2001
+From: squidadm <squidadm@users.noreply.github.com>
+Date: Wed, 18 Oct 2023 04:50:56 +1300
+Subject: [PATCH] Fix stack buffer overflow when parsing Digest Authorization
+ (#1517)
+
+The bug was discovered and detailed by Joshua Rogers at
+https://megamansec.github.io/Squid-Security-Audit/digest-overflow.html
+where it was filed as "Stack Buffer Overflow in Digest Authentication".
+
+---------
+
+Co-authored-by: Alex Bason <nonsleepr@gmail.com>
+Co-authored-by: Amos Jeffries <yadij@users.noreply.github.com>
+
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/052cf082b0faaef4eaaa4e94119d7a1437aac4a3]
+CVE: CVE-2023-46847
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/auth/digest/Config.cc | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/auth/digest/Config.cc b/src/auth/digest/Config.cc
+index 6a9736f..0a883fa 100644
+--- a/src/auth/digest/Config.cc
++++ b/src/auth/digest/Config.cc
+@@ -847,11 +847,15 @@ Auth::Digest::Config::decode(char const *proxy_auth, const char *aRequestRealm)
+             break;
+
+         case DIGEST_NC:
+-            if (value.size() != 8) {
++            if (value.size() == 8) {
++                // for historical reasons, the nc value MUST be exactly 8 bytes
++                static_assert(sizeof(digest_request->nc) == 8 + 1, "bad nc buffer size");
++                xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1);
++                debugs(29, 9, "Found noncecount '" << digest_request->nc << "'");
++            } else {
+                 debugs(29, 9, "Invalid nc '" << value << "' in '" << temp << "'");
++                digest_request->nc[0] = 0;
+             }
+-            xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1);
+-            debugs(29, 9, "Found noncecount '" << digest_request->nc << "'");
+             break;
+
+         case DIGEST_CNONCE:
+--
+2.40.1
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch
new file mode 100644
index 0000000000..6909f754f3
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch
@@ -0,0 +1,37 @@
+From 77b3fb4df0f126784d5fd4967c28ed40eb8d521b Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov@measurement-factory.com>
+Date: Wed, 25 Oct 2023 19:41:45 +0000
+Subject: [PATCH] RFC 1123: Fix date parsing (#1538)
+
+The bug was discovered and detailed by Joshua Rogers at
+https://megamansec.github.io/Squid-Security-Audit/datetime-overflow.html
+where it was filed as "1-Byte Buffer OverRead in RFC 1123 date/time
+Handling".
+
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b]
+CVE: CVE-2023-49285
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ lib/rfc1123.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/rfc1123.c b/lib/rfc1123.c
+index 2d889cc..add63f0 100644
+--- a/lib/rfc1123.c
++++ b/lib/rfc1123.c
+@@ -50,7 +50,13 @@ make_month(const char *s)
+     char month[3];
+
+     month[0] = xtoupper(*s);
++    if (!month[0])
++        return -1; // protects *(s + 1) below
++
+     month[1] = xtolower(*(s + 1));
++    if (!month[1])
++        return -1; // protects *(s + 2) below
++
+     month[2] = xtolower(*(s + 2));
+
+     for (i = 0; i < 12; i++)
+--
+2.39.3
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-49286.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-49286.patch
new file mode 100644
index 0000000000..8e0bdf387c
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-49286.patch
@@ -0,0 +1,87 @@
+From 6014c6648a2a54a4ecb7f952ea1163e0798f9264 Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov@measurement-factory.com>
+Date: Fri, 27 Oct 2023 21:27:20 +0000
+Subject: [PATCH] Exit without asserting when helper process startup fails
+ (#1543)
+
+... to dup() after fork() and before execvp().
+
+Assertions are for handling program logic errors. Helper initialization
+code already handled system call errors correctly (i.e. by exiting the
+newly created helper process with an error), except for a couple of
+assert()s that could be triggered by dup(2) failures.
+
+This bug was discovered and detailed by Joshua Rogers at
+https://megamansec.github.io/Squid-Security-Audit/ipc-assert.html
+where it was filed as 'Assertion in Squid "Helper" Process Creator'.
+
+Origin: http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch
+
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264]
+CVE: CVE-2023-49286
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/ipc.cc | 33 +++++++++++++++++++++++++++------
+ 1 file changed, 27 insertions(+), 6 deletions(-)
+
+--- a/src/ipc.cc
++++ b/src/ipc.cc
+@@ -20,6 +20,12 @@
+ #include "SquidIpc.h"
+ #include "tools.h"
+ 
++#include <cstdlib>
++
++#if HAVE_UNISTD_H
++#include <unistd.h>
++#endif
++
+ static const char *hello_string = "hi there\n";
+ #ifndef HELLO_BUF_SZ
+ #define HELLO_BUF_SZ 32
+@@ -365,6 +371,22 @@
+     }
+ 
+     PutEnvironment();
++
++    // A dup(2) wrapper that reports and exits the process on errors. The
++    // exiting logic is only suitable for this child process context.
++    const auto dupOrExit = [prog,name](const int oldFd) {
++        const auto newFd = dup(oldFd);
++        if (newFd < 0) {
++            const auto savedErrno = errno;
++            debugs(54, DBG_CRITICAL, "ERROR: Helper process initialization failure: " << name);
++            debugs(54, DBG_CRITICAL, "helper (CHILD) PID: " << getpid());
++            debugs(54, DBG_CRITICAL, "helper program name: " << prog);
++            debugs(54, DBG_CRITICAL, "dup(2) system call error for FD " << oldFd << ": " << xstrerr(savedErrno));
++            _exit(1);
++        }
++        return newFd;
++    };
++
+     /*
+      * This double-dup stuff avoids problems when one of
+      *  crfd, cwfd, or debug_log are in the rage 0-2.
+@@ -372,17 +394,16 @@
+ 
+     do {
+         /* First make sure 0-2 is occupied by something. Gets cleaned up later */
+-        x = dup(crfd);
+-        assert(x > -1);
+-    } while (x < 3 && x > -1);
++        x = dupOrExit(crfd);
++    } while (x < 3);
+ 
+     close(x);
+ 
+-    t1 = dup(crfd);
++    t1 = dupOrExit(crfd);
+ 
+-    t2 = dup(cwfd);
++    t2 = dupOrExit(cwfd);
+ 
+-    t3 = dup(fileno(debug_log));
++    t3 = dupOrExit(fileno(debug_log));
+ 
+     assert(t1 > 2 && t2 > 2 && t3 > 2);
+ 
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-50269.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-50269.patch
new file mode 100644
index 0000000000..51c895e0ef
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-50269.patch
@@ -0,0 +1,62 @@
+From: Markus Koschany <apo@debian.org>
+Date: Tue, 26 Dec 2023 19:58:12 +0100
+Subject: CVE-2023-50269
+
+Bug-Debian: https://bugs.debian.org/1058721
+Origin: http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches/CVE-2023-50269.patch?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
+Upstream commit https://github.com/squid-cache/squid/commit/9f7136105bff920413042a8806cc5de3f6086d6d]
+CVE: CVE-2023-50269
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/ClientRequestContext.h |  4 ++++
+ src/client_side_request.cc | 17 +++++++++++++++--
+ 2 files changed, 19 insertions(+), 2 deletions(-)
+
+--- a/src/ClientRequestContext.h
++++ b/src/ClientRequestContext.h
+@@ -81,6 +81,10 @@
+ #endif
+     ErrorState *error; ///< saved error page for centralized/delayed processing
+     bool readNextRequest; ///< whether Squid should read after error handling
++
++#if FOLLOW_X_FORWARDED_FOR
++    size_t currentXffHopNumber = 0; ///< number of X-Forwarded-For header values processed so far
++#endif
+ };
+ 
+ #endif /* SQUID_CLIENTREQUESTCONTEXT_H */
+--- a/src/client_side_request.cc
++++ b/src/client_side_request.cc
+@@ -78,6 +78,11 @@
+ static const char *const crlf = "\r\n";
+ 
+ #if FOLLOW_X_FORWARDED_FOR
++
++#if !defined(SQUID_X_FORWARDED_FOR_HOP_MAX)
++#define SQUID_X_FORWARDED_FOR_HOP_MAX 64
++#endif
++
+ static void clientFollowXForwardedForCheck(allow_t answer, void *data);
+ #endif /* FOLLOW_X_FORWARDED_FOR */
+ 
+@@ -485,8 +490,16 @@
+                 /* override the default src_addr tested if we have to go deeper than one level into XFF */
+                 Filled(calloutContext->acl_checklist)->src_addr = request->indirect_client_addr;
+             }
+-            calloutContext->acl_checklist->nonBlockingCheck(clientFollowXForwardedForCheck, data);
+-            return;
++            if (++calloutContext->currentXffHopNumber < SQUID_X_FORWARDED_FOR_HOP_MAX) {
++                calloutContext->acl_checklist->nonBlockingCheck(clientFollowXForwardedForCheck, data);
++                return;
++            }
++            const auto headerName = Http::HeaderLookupTable.lookup(Http::HdrType::X_FORWARDED_FOR).name;
++            debugs(28, DBG_CRITICAL, "ERROR: Ignoring trailing " << headerName << " addresses");
++            debugs(28, DBG_CRITICAL, "addresses allowed by follow_x_forwarded_for: " << calloutContext->currentXffHopNumber);
++            debugs(28, DBG_CRITICAL, "last/accepted address: " << request->indirect_client_addr);
++            debugs(28, DBG_CRITICAL, "ignored trailing addresses: " << request->x_forwarded_for_iterator);
++            // fall through to resume clientAccessCheck() processing
+         }
+     }
+ 
diff --git a/meta-networking/recipes-daemons/squid/squid_4.15.bb b/meta-networking/recipes-daemons/squid/squid_4.15.bb
index a1122a3cd4..69b62aa5a5 100644
--- a/meta-networking/recipes-daemons/squid/squid_4.15.bb
+++ b/meta-networking/recipes-daemons/squid/squid_4.15.bb
@@ -25,6 +25,13 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2
            file://0001-tools.cc-fixed-unused-result-warning.patch \
            file://0001-splay.cc-fix-bind-is-not-a-member-of-std.patch \
            file://0001-Fix-build-on-Fedora-Rawhide-772.patch \
+           file://CVE-2023-46847.patch \
+           file://CVE-2023-49285.patch \
+           file://CVE-2023-46728.patch \
+           file://CVE-2023-46846-pre1.patch \
+           file://CVE-2023-46846.patch \
+           file://CVE-2023-49286.patch \
+           file://CVE-2023-50269.patch \
            "
 
 SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"
diff --git a/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb b/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb
index e078be79a1..080a0ed85c 100644
--- a/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb
+++ b/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb
@@ -38,7 +38,7 @@ RDEPENDS:${PN}-ptest += " make bash python3-core python3-ctypes python3-json pyt
 
 TESTDIR = "tests"
 
-PRIVATE_LIBS:${PN}-ptest:append = "libnftables.so.1"
+PRIVATE_LIBS:${PN}-ptest:append = " libnftables.so.1"
 
 do_install_ptest() {
     cp -rf ${S}/build-aux ${D}${PTEST_PATH}
diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20210219.bb b/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20220627.bb
index ce2ba65526..d80bdd87ab 100644
--- a/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20210219.bb
+++ b/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20220627.bb
@@ -1,8 +1,8 @@
 require wireguard.inc
 
-SRCREV = "122f06bfd8fc7b06a0899fa9adc4ce8e06900d98"
+SRCREV = "18fbcd68a35a892527345dc5679d0b2d860ee004"
 
-SRC_URI = "git://git.zx2c4.com/wireguard-linux-compat;branch=master"
+SRC_URI = "git://git.zx2c4.com/wireguard-linux-compat;protocol=https;branch=master"
 
 inherit module kernel-module-split
 
diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb b/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb
index 0c686aae2a..20435338c3 100644
--- a/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb
+++ b/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb
@@ -16,11 +16,19 @@ do_install () {
         install
 }
 
+PACKAGES += "${PN}-wg-quick"
+
 FILES:${PN} = " \
+    ${bindir}/wg \
     ${sysconfdir} \
+"
+FILES:${PN}-wg-quick = " \
+    ${bindir}/wg-quick \
     ${systemd_system_unitdir} \
-    ${bindir} \
 "
 
-RDEPENDS:${PN} = "bash"
-RRECOMMENDS:${PN} = "kernel-module-wireguard"
+RDEPENDS:${PN}-wg-quick = "${PN} bash"
+RRECOMMENDS:${PN} = " \
+    kernel-module-wireguard \
+    ${PN}-wg-quick \
+    "
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2022-36440.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2022-36440.patch
new file mode 100644
index 0000000000..c06de49eb3
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2022-36440.patch
@@ -0,0 +1,71 @@
+From 02a0e45f66160f571196a105b217e1bb84d1a835 Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Fri, 30 Sep 2022 08:51:45 -0400
+Subject: [PATCH] bgpd: Ensure FRR has enough data to read 2 bytes in
+ peek_for_as4_capability
+
+In peek_for_as4_capability the code is checking that the
+stream has at least 2 bytes to read ( the opt_type and the
+opt_length ).  However if BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
+is configured then FRR is reading 3 bytes.  Which is not good
+since the packet could be badly formated.  Ensure that
+FRR has the appropriate data length to read the data.
+
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+(cherry picked from commit 3e46b43e3788f0f87bae56a86b54d412b4710286)
+
+CVE: CVE-2022-36440
+CVE: CVE-2022-40302
+
+Upstream-Status: Backport
+[https://github.com/FRRouting/frr/commit/02a0e45f66160f571196a105b217e1bb84d1a835]
+
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+---
+ bgpd/bgp_open.c | 27 +++++++++++++++++++++------
+ 1 file changed, 21 insertions(+), 6 deletions(-)
+
+diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c
+index c2562c75d3fc..fe4c24a8c979 100644
+--- a/bgpd/bgp_open.c
++++ b/bgpd/bgp_open.c
+@@ -1116,15 +1116,30 @@ as_t peek_for_as4_capability(struct peer *peer, uint16_t length)
+ 		uint8_t opt_type;
+ 		uint16_t opt_length;
+ 
+-		/* Check the length. */
+-		if (stream_get_getp(s) + 2 > end)
++		/* Ensure we can read the option type */
++		if (stream_get_getp(s) + 1 > end)
+ 			goto end;
+ 
+-		/* Fetch option type and length. */
++		/* Fetch the option type */
+ 		opt_type = stream_getc(s);
+-		opt_length = BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
+-				     ? stream_getw(s)
+-				     : stream_getc(s);
++
++		/*
++		 * Check the length and fetch the opt_length
++		 * If the peer is BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
++		 * then we do a getw which is 2 bytes.  So we need to
++		 * ensure that we can read that as well
++		 */
++		if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
++			if (stream_get_getp(s) + 2 > end)
++				goto end;
++
++			opt_length = stream_getw(s);
++		} else {
++			if (stream_get_getp(s) + 1 > end)
++				goto end;
++
++			opt_length = stream_getc(s);
++		}
+ 
+ 		/* Option length check. */
+ 		if (stream_get_getp(s) + opt_length > end)
+-- 
+2.40.1
+
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch
new file mode 100644
index 0000000000..672bc9514a
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch
@@ -0,0 +1,42 @@
+From 3c4821679f2362bcd38fcc7803f28a5210441ddb Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Thu, 21 Jul 2022 08:11:58 -0400
+Subject: [PATCH] bgpd: Make sure hdr length is at a minimum of what is
+ expected
+
+Ensure that if the capability length specified is enough data.
+
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+
+CVE: CVE-2022-37032
+
+Upstream-Status: Backport
+[https://github.com/FRRouting/frr/commit/3c4821679f2362bcd38fcc7803f28a5210441ddb]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ bgpd/bgp_packet.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
+index 7c92a8d9e..bcd47e32d 100644
+--- a/bgpd/bgp_packet.c
++++ b/bgpd/bgp_packet.c
+@@ -2440,6 +2440,14 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
+ 				"%s CAPABILITY has action: %d, code: %u, length %u",
+ 				peer->host, action, hdr->code, hdr->length);
+ 
++		if (hdr->length < sizeof(struct capability_mp_data)) {
++			zlog_info(
++				"%s Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d",
++				peer->host, sizeof(struct capability_mp_data),
++				hdr->length);
++			return BGP_Stop;
++		}
++
+ 		/* Capability length check. */
+ 		if ((pnt + hdr->length + 3) > end) {
+ 			zlog_info("%s Capability length error", peer->host);
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2022-37035.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2022-37035.patch
new file mode 100644
index 0000000000..3d18d0b90d
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2022-37035.patch
@@ -0,0 +1,151 @@
+From db24300d56ad5831d9f6e4545ff2999b99e71bac Mon Sep 17 00:00:00 2001
+From: Mark Stapp <mstapp@nvidia.com>
+Date: Thu, 8 Sep 2022 16:14:36 -0400
+Subject: [PATCH] bgpd: avoid notify race between io and main pthreads
+
+The "bgp_notify_" apis in bgp_packet.c generate a notification
+to a peer, usually during error handling. The io pthread wants
+to send notifications in a couple of cases during early
+received-packet validation - but the existing api interacts
+with the peer struct itself, and that's not safe.
+
+Add a new api for use by the io pthread, and adjust the main
+notify api so that it can avoid touching the peer struct.
+
+Signed-off-by: Mark Stapp <mstapp@nvidia.com>
+
+CVE: CVE-2022-37035
+
+Upstream-Status: Backport
+[https://github.com/FRRouting/frr/commit/71ca5b09bc71e8cbe38177cf41e83fe164e52eee]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ bgpd/bgp_io.c     | 17 ++++++++---------
+ bgpd/bgp_packet.c | 32 ++++++++++++++++++++++++++++----
+ bgpd/bgp_packet.h |  2 ++
+ 3 files changed, 38 insertions(+), 13 deletions(-)
+
+diff --git a/bgpd/bgp_io.c b/bgpd/bgp_io.c
+index 9b5a31f28..c736d02db 100644
+--- a/bgpd/bgp_io.c
++++ b/bgpd/bgp_io.c
+@@ -37,7 +37,7 @@
+ #include "bgpd/bgp_debug.h"	// for bgp_debug_neighbor_events, bgp_type_str
+ #include "bgpd/bgp_errors.h"	// for expanded error reference information
+ #include "bgpd/bgp_fsm.h"	// for BGP_EVENT_ADD, bgp_event
+-#include "bgpd/bgp_packet.h"	// for bgp_notify_send_with_data, bgp_notify...
++#include "bgpd/bgp_packet.h"	// for bgp_notify_io_invalid...
+ #include "bgpd/bgp_trace.h"	// for frrtraces
+ #include "bgpd/bgpd.h"		// for peer, BGP_MARKER_SIZE, bgp_master, bm
+ /* clang-format on */
+@@ -526,8 +526,8 @@ static bool validate_header(struct peer *peer)
+ 		return false;
+ 
+ 	if (memcmp(m_correct, m_rx, BGP_MARKER_SIZE) != 0) {
+-		bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR,
+-				BGP_NOTIFY_HEADER_NOT_SYNC);
++		bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR,
++				      BGP_NOTIFY_HEADER_NOT_SYNC, NULL, 0);
+ 		return false;
+ 	}
+ 
+@@ -547,9 +547,8 @@ static bool validate_header(struct peer *peer)
+ 			zlog_debug("%s unknown message type 0x%02x", peer->host,
+ 				   type);
+ 
+-		bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR,
+-					  BGP_NOTIFY_HEADER_BAD_MESTYPE, &type,
+-					  1);
++		bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR,
++				      BGP_NOTIFY_HEADER_BAD_MESTYPE, &type, 1);
+ 		return false;
+ 	}
+ 
+@@ -574,9 +573,9 @@ static bool validate_header(struct peer *peer)
+ 
+ 		uint16_t nsize = htons(size);
+ 
+-		bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR,
+-					  BGP_NOTIFY_HEADER_BAD_MESLEN,
+-					  (unsigned char *)&nsize, 2);
++		bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR,
++				      BGP_NOTIFY_HEADER_BAD_MESLEN,
++				      (unsigned char *)&nsize, 2);
+ 		return false;
+ 	}
+ 
+diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
+index 7c92a8d9e..a5ce5a527 100644
+--- a/bgpd/bgp_packet.c
++++ b/bgpd/bgp_packet.c
+@@ -736,8 +736,9 @@ static void bgp_write_notify(struct peer *peer)
+  * @param data      Data portion
+  * @param datalen   length of data portion
+  */
+-void bgp_notify_send_with_data(struct peer *peer, uint8_t code,
+-			       uint8_t sub_code, uint8_t *data, size_t datalen)
++static void bgp_notify_send_internal(struct peer *peer, uint8_t code,
++				     uint8_t sub_code, uint8_t *data,
++				     size_t datalen, bool use_curr)
+ {
+ 	struct stream *s;
+ 
+@@ -769,8 +770,11 @@ void bgp_notify_send_with_data(struct peer *peer, uint8_t code,
+ 	 * If possible, store last packet for debugging purposes. This check is
+ 	 * in place because we are sometimes called with a doppelganger peer,
+ 	 * who tends to have a plethora of fields nulled out.
++	 *
++	 * Some callers should not attempt this - the io pthread for example
++	 * should not touch internals of the peer struct.
+ 	 */
+-	if (peer->curr) {
++	if (use_curr && peer->curr) {
+ 		size_t packetsize = stream_get_endp(peer->curr);
+ 		assert(packetsize <= peer->max_packet_size);
+ 		memcpy(peer->last_reset_cause, peer->curr->data, packetsize);
+@@ -853,7 +857,27 @@ void bgp_notify_send_with_data(struct peer *peer, uint8_t code,
+  */
+ void bgp_notify_send(struct peer *peer, uint8_t code, uint8_t sub_code)
+ {
+-	bgp_notify_send_with_data(peer, code, sub_code, NULL, 0);
++	bgp_notify_send_internal(peer, code, sub_code, NULL, 0, true);
++}
++
++/*
++ * Enqueue notification; called from the main pthread, peer object access is ok.
++ */
++void bgp_notify_send_with_data(struct peer *peer, uint8_t code,
++			       uint8_t sub_code, uint8_t *data, size_t datalen)
++{
++	bgp_notify_send_internal(peer, code, sub_code, data, datalen, true);
++}
++
++/*
++ * For use by the io pthread, queueing a notification but avoiding access to
++ * the peer object.
++ */
++void bgp_notify_io_invalid(struct peer *peer, uint8_t code, uint8_t sub_code,
++			   uint8_t *data, size_t datalen)
++{
++	/* Avoid touching the peer object */
++	bgp_notify_send_internal(peer, code, sub_code, data, datalen, false);
+ }
+ 
+ /*
+diff --git a/bgpd/bgp_packet.h b/bgpd/bgp_packet.h
+index 280d3ec17..898f88ff5 100644
+--- a/bgpd/bgp_packet.h
++++ b/bgpd/bgp_packet.h
+@@ -62,6 +62,8 @@ extern void bgp_open_send(struct peer *);
+ extern void bgp_notify_send(struct peer *, uint8_t, uint8_t);
+ extern void bgp_notify_send_with_data(struct peer *, uint8_t, uint8_t,
+ 				      uint8_t *, size_t);
++void bgp_notify_io_invalid(struct peer *peer, uint8_t code, uint8_t sub_code,
++			   uint8_t *data, size_t datalen);
+ extern void bgp_route_refresh_send(struct peer *peer, afi_t afi, safi_t safi,
+ 				   uint8_t orf_type, uint8_t when_to_refresh,
+ 				   int remove, uint8_t subtype);
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2022-40318.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2022-40318.patch
new file mode 100644
index 0000000000..9d6dcfb920
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2022-40318.patch
@@ -0,0 +1,81 @@
+From 72088b05d469a6b6a8b9a2b250885246ea0c2acb Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Fri, 30 Sep 2022 08:57:43 -0400
+Subject: [PATCH] bgpd: Ensure FRR has enough data to read 2 bytes in
+ bgp_open_option_parse
+
+In bgp_open_option_parse the code is checking that the
+stream has at least 2 bytes to read ( the opt_type and
+the opt_length).  However if BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
+is configured then FRR is reading 3 bytes.  Which is not good
+since the packet could be badly formateed.  Ensure that
+FRR has the appropriate data length to read the data.
+
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+(cherry picked from commit 1117baca3c592877a4d8a13ed6a1d9bd83977487)
+
+CVE: CVE-2022-40318
+
+Upstream-Status: Backport
+[https://github.com/FRRouting/frr/commit/72088b05d469a6b6a8b9a2b250885246ea0c2acb]
+
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+---
+ bgpd/bgp_open.c | 35 ++++++++++++++++++++++++++++-------
+ 1 file changed, 28 insertions(+), 7 deletions(-)
+
+diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c
+index fe4c24a8c979..de550d2ac607 100644
+--- a/bgpd/bgp_open.c
++++ b/bgpd/bgp_open.c
+@@ -1209,19 +1209,40 @@ int bgp_open_option_parse(struct peer *peer, uint16_t length,
+ 		uint8_t opt_type;
+ 		uint16_t opt_length;
+ 
+-		/* Must have at least an OPEN option header */
+-		if (STREAM_READABLE(s) < 2) {
++		/*
++		 * Check that we can read the opt_type and fetch it
++		 */
++		if (STREAM_READABLE(s) < 1) {
+ 			zlog_info("%s Option length error", peer->host);
+ 			bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
+ 					BGP_NOTIFY_OPEN_MALFORMED_ATTR);
+ 			return -1;
+ 		}
+-
+-		/* Fetch option type and length. */
+ 		opt_type = stream_getc(s);
+-		opt_length = BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
+-				     ? stream_getw(s)
+-				     : stream_getc(s);
++
++		/*
++		 * Check the length of the stream to ensure that
++		 * FRR can properly read the opt_length. Then read it
++		 */
++		if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
++			if (STREAM_READABLE(s) < 2) {
++				zlog_info("%s Option length error", peer->host);
++				bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
++						BGP_NOTIFY_OPEN_MALFORMED_ATTR);
++				return -1;
++			}
++
++			opt_length = stream_getw(s);
++		} else {
++			if (STREAM_READABLE(s) < 1) {
++				zlog_info("%s Option length error", peer->host);
++				bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
++						BGP_NOTIFY_OPEN_MALFORMED_ATTR);
++				return -1;
++			}
++
++			opt_length = stream_getc(s);
++		}
+ 
+ 		/* Option length check. */
+ 		if (STREAM_READABLE(s) < opt_length) {
+-- 
+2.40.1
+
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch
new file mode 100644
index 0000000000..73493bb120
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch
@@ -0,0 +1,36 @@
+From 5216a05b32390a64efeb598051411e1776042624 Mon Sep 17 00:00:00 2001
+From: Marius Tomaschewski <mt@suse.com>
+Date: Fri, 11 Nov 2022 12:26:04 +0100
+Subject: [PATCH] tools: remove backslash from declare check regex
+
+The backslash in `grep -q '^declare \-a'` is not needed and
+causes `grep: warning: stray \ before -` warning in grep-3.8.
+
+Signed-off-by: Marius Tomaschewski <mt@suse.com>
+
+CVE: CVE-2022-42917
+
+Upstream-Status: Backport
+[https://github.com/FRRouting/frr/commit/5216a05b32390a64efeb598051411e1776042624]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ tools/frrcommon.sh.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in
+index 61f1abb37..3c16c27c6 100755
+--- a/tools/frrcommon.sh.in
++++ b/tools/frrcommon.sh.in
+@@ -335,7 +335,7 @@ if [ -z "$FRR_PATHSPACE" ]; then
+ 	load_old_config "/etc/sysconfig/frr"
+ fi
+ 
+-if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare \-a'; then
++if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare -a'; then
+ 	log_warning_msg "watchfrr_options contains a bash array value." \
+ 		"The configured value is intentionally ignored since it is likely wrong." \
+ 		"Please remove or fix the setting."
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2022-43681.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2022-43681.patch
new file mode 100644
index 0000000000..77a011dbc9
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2022-43681.patch
@@ -0,0 +1,58 @@
+From f316975cedd8ef17d47b56be0d3d21711fe44a25 Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Wed, 2 Nov 2022 13:24:48 -0400
+Subject: [PATCH] bgpd: Ensure that bgp open message stream has enough data to
+ read
+
+If a operator receives an invalid packet that is of insufficient size
+then it is possible for BGP to assert during reading of the packet
+instead of gracefully resetting the connection with the peer.
+
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+(cherry picked from commit 766eec1b7accffe2c04a5c9ebb14e9f487bb9f78)
+
+CVE: CVE-2022-43681
+
+Upstream-Status: Backport
+[https://github.com/FRRouting/frr/commit/766eec1b7accffe2c04a5c9ebb14e9f487bb9f78]
+
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+---
+ bgpd/bgp_packet.c | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
+index bcd47e32d453..5225db29fe09 100644
+--- a/bgpd/bgp_packet.c
++++ b/bgpd/bgp_packet.c
+@@ -1176,8 +1176,27 @@ static int bgp_open_receive(struct peer *peer, bgp_size_t size)
+ 	    || CHECK_FLAG(peer->flags, PEER_FLAG_EXTENDED_OPT_PARAMS)) {
+ 		uint8_t opttype;
+ 
++		if (STREAM_READABLE(peer->curr) < 1) {
++			flog_err(
++				EC_BGP_PKT_OPEN,
++				"%s: stream does not have enough bytes for extended optional parameters",
++				peer->host);
++			bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
++					BGP_NOTIFY_OPEN_MALFORMED_ATTR);
++			return BGP_Stop;
++		}
++
+ 		opttype = stream_getc(peer->curr);
+ 		if (opttype == BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH) {
++			if (STREAM_READABLE(peer->curr) < 2) {
++				flog_err(
++					EC_BGP_PKT_OPEN,
++					"%s: stream does not have enough bytes to read the extended optional parameters optlen",
++					peer->host);
++				bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
++						BGP_NOTIFY_OPEN_MALFORMED_ATTR);
++				return BGP_Stop;
++			}
+ 			optlen = stream_getw(peer->curr);
+ 			SET_FLAG(peer->sflags,
+ 				 PEER_STATUS_EXT_OPT_PARAMS_LENGTH);
+-- 
+2.40.1
+
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-31489.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-31489.patch
new file mode 100644
index 0000000000..6fd6792087
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-31489.patch
@@ -0,0 +1,52 @@
+From 4e1fc50394df0b69f32a9cf8ba8e1dcee2c67563 Mon Sep 17 00:00:00 2001
+From: Narpat Mali <narpat.mali@windriver.com>
+Date: Tue, 20 Jun 2023 14:01:46 +0000
+Subject: [PATCH] bgpd: Check 7 bytes for Long-lived Graceful-Restart
+ capability
+
+It's not 4 bytes, it was assuming the same as Graceful-Restart tuples.
+LLGR has more 3 bytes (Long-lived Stale Time).
+
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+CVE: CVE-2023-31489
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/b1d33ec293e8e36fbb8766252f3b016d268e31ce]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_open.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c
+index 6bdefd0e9..ad56149f6 100644
+--- a/bgpd/bgp_open.c
++++ b/bgpd/bgp_open.c
+@@ -578,12 +578,24 @@ static int bgp_capability_restart(struct peer *peer,
+ static int bgp_capability_llgr(struct peer *peer,
+			       struct capability_header *caphdr)
+ {
++/*
++ * +--------------------------------------------------+
++ * | Address Family Identifier (16 bits)              |
++ * +--------------------------------------------------+
++ * | Subsequent Address Family Identifier (8 bits)    |
++ * +--------------------------------------------------+
++ * | Flags for Address Family (8 bits)                |
++ * +--------------------------------------------------+
++ * | Long-lived Stale Time (24 bits)                  |
++ * +--------------------------------------------------+
++ */
++#define BGP_CAP_LLGR_MIN_PACKET_LEN 7
+	struct stream *s = BGP_INPUT(peer);
+	size_t end = stream_get_getp(s) + caphdr->length;
+
+	SET_FLAG(peer->cap, PEER_CAP_LLGR_RCV);
+
+-	while (stream_get_getp(s) + 4 <= end) {
++	while (stream_get_getp(s) + BGP_CAP_LLGR_MIN_PACKET_LEN <= end) {
+		afi_t afi;
+		safi_t safi;
+		iana_afi_t pkt_afi = stream_getw(s);
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-31490.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-31490.patch
new file mode 100644
index 0000000000..893c856c66
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-31490.patch
@@ -0,0 +1,160 @@
+From 72c13aac2eb7c8f3a10ad806d80ab635c28f4c04 Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Wed, 21 Jun 2023 15:24:50 +0000
+Subject: [PATCH] bgpd: Ensure stream received has enough data
+
+BGP_PREFIX_SID_SRV6_L3_SERVICE attributes must not
+fully trust the length value specified in the nlri.
+Always ensure that the amount of data we need to read
+can be fullfilled.
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+
+CVE: CVE-2023-31490
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/pull/12454/commits/06431bfa7570f169637ebb5898f0b0cc3b010802]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_attr.c | 79 ++++++++++++++++---------------------------------
+ 1 file changed, 25 insertions(+), 54 deletions(-)
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index 2154baf4e..5d06991e2 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+@@ -2722,9 +2722,21 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length,
+	uint8_t sid_type, sid_flags;
+	char buf[BUFSIZ];
+
++	/*
++	 * Check that we actually have at least as much data as
++	 * specified by the length field
++	 */
++	if (STREAM_READABLE(peer->curr) < length) {
++		flog_err(
++			EC_BGP_ATTR_LEN,
++			"Prefix SID specifies length %hu, but only %zu bytes remain",
++			length, STREAM_READABLE(peer->curr));
++		return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
++					  args->total);
++	}
++
+	if (type == BGP_PREFIX_SID_LABEL_INDEX) {
+-		if (STREAM_READABLE(peer->curr) < length
+-		    || length != BGP_PREFIX_SID_LABEL_INDEX_LENGTH) {
++		if (length != BGP_PREFIX_SID_LABEL_INDEX_LENGTH) {
+			flog_err(EC_BGP_ATTR_LEN,
+				 "Prefix SID label index length is %hu instead of %u",
+				 length, BGP_PREFIX_SID_LABEL_INDEX_LENGTH);
+@@ -2746,12 +2758,8 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length,
+		/* Store label index; subsequently, we'll check on
+		 * address-family */
+		attr->label_index = label_index;
+-	}
+-
+-	/* Placeholder code for the IPv6 SID type */
+-	else if (type == BGP_PREFIX_SID_IPV6) {
+-		if (STREAM_READABLE(peer->curr) < length
+-		    || length != BGP_PREFIX_SID_IPV6_LENGTH) {
++	} else if (type == BGP_PREFIX_SID_IPV6) {
++		if (length != BGP_PREFIX_SID_IPV6_LENGTH) {
+			flog_err(EC_BGP_ATTR_LEN,
+				 "Prefix SID IPv6 length is %hu instead of %u",
+				 length, BGP_PREFIX_SID_IPV6_LENGTH);
+@@ -2765,10 +2773,7 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length,
+		stream_getw(peer->curr);
+
+		stream_get(&ipv6_sid, peer->curr, 16);
+-	}
+-
+-	/* Placeholder code for the Originator SRGB type */
+-	else if (type == BGP_PREFIX_SID_ORIGINATOR_SRGB) {
++	} else if (type == BGP_PREFIX_SID_ORIGINATOR_SRGB) {
+		/*
+		 * ietf-idr-bgp-prefix-sid-05:
+		 *     Length is the total length of the value portion of the
+@@ -2793,19 +2798,6 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length,
+				args->total);
+		}
+
+-		/*
+-		 * Check that we actually have at least as much data as
+-		 * specified by the length field
+-		 */
+-		if (STREAM_READABLE(peer->curr) < length) {
+-			flog_err(EC_BGP_ATTR_LEN,
+-				 "Prefix SID Originator SRGB specifies length %hu, but only %zu bytes remain",
+-				 length, STREAM_READABLE(peer->curr));
+-			return bgp_attr_malformed(
+-				args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
+-				args->total);
+-		}
+-
+		/*
+		 * Check that the portion of the TLV containing the sequence of
+		 * SRGBs corresponds to a multiple of the SRGB size; to get
+@@ -2829,12 +2821,8 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length,
+			stream_get(&srgb_base, peer->curr, 3);
+			stream_get(&srgb_range, peer->curr, 3);
+		}
+-	}
+-
+-	/* Placeholder code for the VPN-SID Service type */
+-	else if (type == BGP_PREFIX_SID_VPN_SID) {
+-		if (STREAM_READABLE(peer->curr) < length
+-		    || length != BGP_PREFIX_SID_VPN_SID_LENGTH) {
++	} else if (type == BGP_PREFIX_SID_VPN_SID) {
++		if (length != BGP_PREFIX_SID_VPN_SID_LENGTH) {
+			flog_err(EC_BGP_ATTR_LEN,
+				 "Prefix SID VPN SID length is %hu instead of %u",
+				 length, BGP_PREFIX_SID_VPN_SID_LENGTH);
+@@ -2870,39 +2858,22 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length,
+		attr->srv6_vpn->sid_flags = sid_flags;
+		sid_copy(&attr->srv6_vpn->sid, &ipv6_sid);
+		attr->srv6_vpn = srv6_vpn_intern(attr->srv6_vpn);
+-	}
+-
+-	/* Placeholder code for the SRv6 L3 Service type */
+-	else if (type == BGP_PREFIX_SID_SRV6_L3_SERVICE) {
+-		if (STREAM_READABLE(peer->curr) < length) {
++	} else if (type == BGP_PREFIX_SID_SRV6_L3_SERVICE) {
++		if (STREAM_READABLE(peer->curr) < 1) {
+			flog_err(
+				EC_BGP_ATTR_LEN,
+-				"Prefix SID SRv6 L3-Service length is %hu, but only %zu bytes remain",
+-				length, STREAM_READABLE(peer->curr));
+-			return bgp_attr_malformed(args,
+-				 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
+-				 args->total);
++				"Prefix SID SRV6 L3 Service not enough data left, it must be at least 1 byte");
++			return bgp_attr_malformed(
++				args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
++				args->total);
+		}
+-
+		/* ignore reserved */
+		stream_getc(peer->curr);
+
+		return bgp_attr_srv6_service(args);
+	}
+-
+	/* Placeholder code for Unsupported TLV */
+	else {
+-
+-		if (STREAM_READABLE(peer->curr) < length) {
+-			flog_err(
+-				EC_BGP_ATTR_LEN,
+-				"Prefix SID SRv6 length is %hu - too long, only %zu remaining in this UPDATE",
+-				length, STREAM_READABLE(peer->curr));
+-			return bgp_attr_malformed(
+-				args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
+-				args->total);
+-		}
+-
+		if (bgp_debug_update(peer, NULL, NULL, 1))
+			zlog_debug(
+				"%s attr Prefix-SID sub-type=%u is not supported, skipped",
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-38406.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38406.patch
new file mode 100644
index 0000000000..9d5f306fe4
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38406.patch
@@ -0,0 +1,42 @@
+From f2a5c583fc8f7c515f3d6e6f929dcbcc61f7e4b7 Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Mon, 20 Nov 2023 11:43:27 +0000
+Subject: [PATCH 1/6] bgpd: Flowspec overflow issue
+
+According to the flowspec RFC 8955 a flowspec nlri is <length, <nlri data>>
+Specifying 0 as a length makes BGP get all warm on the inside.  Which
+in this case is not a good thing at all.  Prevent warmth, stay cold
+on the inside.
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+
+CVE: CVE-2023-38406
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/0b999c886e241c52bd1f7ef0066700e4b618ebb3]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_flowspec.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c
+index 3e2b1ac49..95fbd340a 100644
+--- a/bgpd/bgp_flowspec.c
++++ b/bgpd/bgp_flowspec.c
+@@ -148,6 +148,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
+				psize);
+			return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
+		}
++
++		if (psize == 0) {
++			flog_err(EC_BGP_FLOWSPEC_PACKET,
++				 "Flowspec NLRI length 0 which makes no sense");
++			return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
++		}
++
+		if (bgp_fs_nlri_validate(pnt, psize, afi) < 0) {
+			flog_err(
+				EC_BGP_FLOWSPEC_PACKET,
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-38407.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38407.patch
new file mode 100644
index 0000000000..782b44615a
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38407.patch
@@ -0,0 +1,63 @@
+From 3880f66bd053d1f56af74852ca57ba166d880920 Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Mon, 20 Nov 2023 12:03:29 +0000
+Subject: [PATCH 2/6] bgpd: Fix use beyond end of stream of labeled unicast
+ parsing
+
+Fixes a couple crashes associated with attempting to read
+beyond the end of the stream.
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+
+CVE: CVE-2023-38407
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/7404a914b0cafe046703c8381903a80d3def8f8b]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_label.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/bgpd/bgp_label.c b/bgpd/bgp_label.c
+index 4a20f2c09..b65c98e86 100644
+--- a/bgpd/bgp_label.c
++++ b/bgpd/bgp_label.c
+@@ -299,6 +299,9 @@ static int bgp_nlri_get_labels(struct peer *peer, uint8_t *pnt, uint8_t plen,
+	uint8_t llen = 0;
+	uint8_t label_depth = 0;
+
++	if (plen < BGP_LABEL_BYTES)
++		return 0;
++
+	for (; data < lim; data += BGP_LABEL_BYTES) {
+		memcpy(label, data, BGP_LABEL_BYTES);
+		llen += BGP_LABEL_BYTES;
+@@ -361,6 +364,9 @@ int bgp_nlri_parse_label(struct peer *peer, struct attr *attr,
+			memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN);
+			addpath_id = ntohl(addpath_id);
+			pnt += BGP_ADDPATH_ID_LEN;
++
++			if (pnt >= lim)
++				return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
+		}
+
+		/* Fetch prefix length. */
+@@ -379,6 +385,15 @@ int bgp_nlri_parse_label(struct peer *peer, struct attr *attr,
+
+		/* Fill in the labels */
+		llen = bgp_nlri_get_labels(peer, pnt, psize, &label);
++		if (llen == 0) {
++			flog_err(
++				EC_BGP_UPDATE_RCV,
++				"%s [Error] Update packet error (wrong label length 0)",
++				peer->host);
++			bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
++					BGP_NOTIFY_UPDATE_INVAL_NETWORK);
++			return BGP_NLRI_PARSE_ERROR_LABEL_LENGTH;
++		}
+		p.prefixlen = prefixlen - BSIZE(llen);
+
+		/* There needs to be at least one label */
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-38802.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38802.patch
new file mode 100644
index 0000000000..60801bf06e
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38802.patch
@@ -0,0 +1,136 @@
+From ad32e04f3db364694edc678327326ae6b771db9e Mon Sep 17 00:00:00 2001
+From: Donatas Abraitis <donatas@opensourcerouting.org>
+Date: Tue, 5 Sep 2023 11:30:53 +0000
+Subject: [PATCH 1/2] bgpd: Use treat-as-withdraw for tunnel encapsulation
+ attribute
+
+Before this path we used session reset method, which is discouraged by rfc7606.
+
+Handle this as rfc requires.
+
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+CVE: CVE-2023-38802
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/bcb6b58d9530173df41d3a3cbc4c600ee0b4b186]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_attr.c | 61 ++++++++++++++++++++-----------------------------
+ 1 file changed, 25 insertions(+), 36 deletions(-)
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index 5d06991e2..b10a60351 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+@@ -1310,6 +1310,7 @@ bgp_attr_malformed(struct bgp_attr_parser_args *args, uint8_t subcode,
+	case BGP_ATTR_LARGE_COMMUNITIES:
+	case BGP_ATTR_ORIGINATOR_ID:
+	case BGP_ATTR_CLUSTER_LIST:
++	case BGP_ATTR_ENCAP:
+		return BGP_ATTR_PARSE_WITHDRAW;
+	case BGP_ATTR_MP_REACH_NLRI:
+	case BGP_ATTR_MP_UNREACH_NLRI:
+@@ -2411,26 +2412,21 @@ bgp_attr_ipv6_ext_communities(struct bgp_attr_parser_args *args)
+ }
+
+ /* Parse Tunnel Encap attribute in an UPDATE */
+-static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
+-			  bgp_size_t length, /* IN: attr's length field */
+-			  struct attr *attr, /* IN: caller already allocated */
+-			  uint8_t flag,      /* IN: attr's flags field */
+-			  uint8_t *startp)
++static int bgp_attr_encap(struct bgp_attr_parser_args *args)
+ {
+-	bgp_size_t total;
+	uint16_t tunneltype = 0;
+-
+-	total = length + (CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN) ? 4 : 3);
++	struct peer *const peer = args->peer;
++	struct attr *const attr = args->attr;
++	bgp_size_t length = args->length;
++	uint8_t type = args->type;
++	uint8_t flag = args->flags;
+
+	if (!CHECK_FLAG(flag, BGP_ATTR_FLAG_TRANS)
+	    || !CHECK_FLAG(flag, BGP_ATTR_FLAG_OPTIONAL)) {
+-		zlog_info(
+-			"Tunnel Encap attribute flag isn't optional and transitive %d",
+-			flag);
+-		bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR,
+-					  BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR,
+-					  startp, total);
+-		return -1;
++		zlog_err("Tunnel Encap attribute flag isn't optional and transitive %d",
++			 flag);
++		return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
++					  args->total);
+	}
+
+	if (BGP_ATTR_ENCAP == type) {
+@@ -2438,12 +2434,11 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
+		uint16_t tlv_length;
+
+		if (length < 4) {
+-			zlog_info(
++			zlog_err(
+				"Tunnel Encap attribute not long enough to contain outer T,L");
+-			bgp_notify_send_with_data(
+-				peer, BGP_NOTIFY_UPDATE_ERR,
+-				BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, startp, total);
+-			return -1;
++			return bgp_attr_malformed(args,
++						  BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
++						  args->total);
+		}
+		tunneltype = stream_getw(BGP_INPUT(peer));
+		tlv_length = stream_getw(BGP_INPUT(peer));
+@@ -2473,13 +2468,11 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
+		}
+
+		if (sublength > length) {
+-			zlog_info(
+-				"Tunnel Encap attribute sub-tlv length %d exceeds remaining length %d",
+-				sublength, length);
+-			bgp_notify_send_with_data(
+-				peer, BGP_NOTIFY_UPDATE_ERR,
+-				BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, startp, total);
+-			return -1;
++			zlog_err("Tunnel Encap attribute sub-tlv length %d exceeds remaining length %d",
++				 sublength, length);
++			return bgp_attr_malformed(args,
++						  BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
++						  args->total);
+		}
+
+		/* alloc and copy sub-tlv */
+@@ -2527,13 +2520,10 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
+
+	if (length) {
+		/* spurious leftover data */
+-		zlog_info(
+-			"Tunnel Encap attribute length is bad: %d leftover octets",
+-			length);
+-		bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR,
+-					  BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
+-					  startp, total);
+-		return -1;
++		zlog_err("Tunnel Encap attribute length is bad: %d leftover octets",
++			 length);
++		return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
++					  args->total);
+	}
+
+	return 0;
+@@ -3332,8 +3322,7 @@ bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr,
+		case BGP_ATTR_VNC:
+ #endif
+		case BGP_ATTR_ENCAP:
+-			ret = bgp_attr_encap(type, peer, length, attr, flag,
+-					     startp);
++			ret = bgp_attr_encap(&attr_args);
+			break;
+		case BGP_ATTR_PREFIX_SID:
+			ret = bgp_attr_prefix_sid(&attr_args);
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch
new file mode 100644
index 0000000000..e10d3e5267
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch
@@ -0,0 +1,105 @@
+From ef9b66e742f9016b3bf283920b528cf20d2c969f Mon Sep 17 00:00:00 2001
+From: Donatas Abraitis <donatas@opensourcerouting.org>
+Date: Tue, 5 Sep 2023 11:36:13 +0000
+Subject: [PATCH 2/2] bgpd: Do not process NLRIs if the attribute length is
+ zero
+
+```
+3  0x00007f423aa42476 in __GI_raise (sig=sig@entry=11) at ../sysdeps/posix/raise.c:26
+4  0x00007f423aef9740 in core_handler (signo=11, siginfo=0x7fffc414deb0, context=<optimized out>) at lib/sigevent.c:246
+5  <signal handler called>
+6  0x0000564dea2fc71e in route_set_aspath_prepend (rule=0x564debd66d50, prefix=0x7fffc414ea30, object=0x7fffc414e400)
+    at bgpd/bgp_routemap.c:2258
+7  0x00007f423aeec7e0 in route_map_apply_ext (map=<optimized out>, prefix=prefix@entry=0x7fffc414ea30,
+    match_object=match_object@entry=0x7fffc414e400, set_object=set_object@entry=0x7fffc414e400, pref=pref@entry=0x0) at lib/routemap.c:2690
+8  0x0000564dea2d277e in bgp_input_modifier (peer=peer@entry=0x7f4238f59010, p=p@entry=0x7fffc414ea30, attr=attr@entry=0x7fffc414e770,
+    afi=afi@entry=AFI_IP, safi=safi@entry=SAFI_UNICAST, rmap_name=rmap_name@entry=0x0, label=0x0, num_labels=0, dest=0x564debdd5130)
+    at bgpd/bgp_route.c:1772
+9  0x0000564dea2df762 in bgp_update (peer=peer@entry=0x7f4238f59010, p=p@entry=0x7fffc414ea30, addpath_id=addpath_id@entry=0,
+    attr=0x7fffc414eb50, afi=afi@entry=AFI_IP, safi=<optimized out>, safi@entry=SAFI_UNICAST, type=9, sub_type=0, prd=0x0, label=0x0,
+    num_labels=0, soft_reconfig=0, evpn=0x0) at bgpd/bgp_route.c:4374
+10 0x0000564dea2e2047 in bgp_nlri_parse_ip (peer=0x7f4238f59010, attr=attr@entry=0x7fffc414eb50, packet=0x7fffc414eaf0)
+    at bgpd/bgp_route.c:6249
+11 0x0000564dea2c5a58 in bgp_nlri_parse (peer=peer@entry=0x7f4238f59010, attr=attr@entry=0x7fffc414eb50,
+    packet=packet@entry=0x7fffc414eaf0, mp_withdraw=mp_withdraw@entry=false) at bgpd/bgp_packet.c:339
+12 0x0000564dea2c5d66 in bgp_update_receive (peer=peer@entry=0x7f4238f59010, size=size@entry=109) at bgpd/bgp_packet.c:2024
+13 0x0000564dea2c901d in bgp_process_packet (thread=<optimized out>) at bgpd/bgp_packet.c:2933
+14 0x00007f423af0bf71 in event_call (thread=thread@entry=0x7fffc414ee40) at lib/event.c:1995
+15 0x00007f423aebb198 in frr_run (master=0x564deb73c670) at lib/libfrr.c:1213
+16 0x0000564dea261b83 in main (argc=<optimized out>, argv=<optimized out>) at bgpd/bgp_main.c:505
+```
+
+With the configuration:
+
+```
+frr version 9.1-dev-MyOwnFRRVersion
+frr defaults traditional
+hostname ip-172-31-13-140
+log file /tmp/debug.log
+log syslog
+service integrated-vtysh-config
+!
+debug bgp keepalives
+debug bgp neighbor-events
+debug bgp updates in
+debug bgp updates out
+!
+router bgp 100
+ bgp router-id 9.9.9.9
+ no bgp ebgp-requires-policy
+ bgp bestpath aigp
+ neighbor 172.31.2.47 remote-as 200
+ !
+ address-family ipv4 unicast
+  neighbor 172.31.2.47 default-originate
+  neighbor 172.31.2.47 route-map RM_IN in
+ exit-address-family
+exit
+!
+route-map RM_IN permit 10
+ set as-path prepend 200
+exit
+!
+```
+
+The issue is that we try to process NLRIs even if the attribute length is 0.
+
+Later bgp_update() will handle route-maps and a crash occurs because all the
+attributes are NULL, including aspath, where we dereference.
+
+According to the RFC 4271:
+
+A value of 0 indicates that neither the Network Layer
+         Reachability Information field nor the Path Attribute field is
+         present in this UPDATE message.
+
+But with a fuzzed UPDATE message this can be faked. I think it's reasonable
+to skip processing NLRIs if both update_len and attribute_len are 0.
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+CVE: CVE-2023-41358
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/pull/14260/commits/28ccc24d38df1d51ed8a563507e5d6f6171fdd38]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_packet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
+index 0166dc6a2..2fd28aae3 100644
+--- a/bgpd/bgp_packet.c
++++ b/bgpd/bgp_packet.c
+@@ -1767,7 +1767,7 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size)
+	/* Network Layer Reachability Information. */
+	update_len = end - stream_pnt(s);
+
+-	if (update_len) {
++	if (update_len && attribute_len) {
+		/* Set NLRI portion to structure. */
+		nlris[NLRI_UPDATE].afi = AFI_IP;
+		nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-41909.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41909.patch
new file mode 100644
index 0000000000..b27d7af166
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41909.patch
@@ -0,0 +1,42 @@
+From 5966b6a1fc72d3698d08199922cc4f42ea7fc9eb Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Fri, 8 Sep 2023 11:46:12 +0000
+Subject: [PATCH] bgpd: Limit flowspec to no attribute means a implicit
+ withdrawal
+
+All other parsing functions done from bgp_nlri_parse() assume
+no attributes == an implicit withdrawal.  Let's move
+bgp_nlri_parse_flowspec() into the same alignment.
+
+Reported-by: Matteo Memelli <mmemelli@amazon.it>
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+
+CVE: CVE-2023-41909
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/cfd04dcb3e689754a72507d086ba3b9709fc5ed8]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_flowspec.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c
+index 341cfe9d0..3e2b1ac49 100644
+--- a/bgpd/bgp_flowspec.c
++++ b/bgpd/bgp_flowspec.c
+@@ -112,6 +112,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
+	afi = packet->afi;
+	safi = packet->safi;
+
++	/*
++	 * All other AFI/SAFI's treat no attribute as a implicit
++	 * withdraw.  Flowspec should as well.
++	 */
++	if (!attr)
++		withdraw = 1;
++
+	if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) {
+		flog_err(EC_BGP_FLOWSPEC_PACKET,
+			 "BGP flowspec nlri length maximum reached (%u)",
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch
new file mode 100644
index 0000000000..17ba41037c
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch
@@ -0,0 +1,127 @@
+From 1c4882b83a1db705abd5d384dd0b7ef4c0e3b4ee Mon Sep 17 00:00:00 2001
+From: Donatas Abraitis <donatas@opensourcerouting.org>
+Date: Mon, 20 Nov 2023 14:11:13 +0000
+Subject: [PATCH 3/6] bgpd: Handle MP_REACH_NLRI malformed packets with session
+ reset
+
+Avoid crashing bgpd.
+
+```
+(gdb)
+bgp_mp_reach_parse (args=<optimized out>, mp_update=0x7fffffffe140) at bgpd/bgp_attr.c:2341
+2341			stream_get(&attr->mp_nexthop_global, s, IPV6_MAX_BYTELEN);
+(gdb)
+stream_get (dst=0x7fffffffe1ac, s=0x7ffff0006e80, size=16) at lib/stream.c:320
+320	{
+(gdb)
+321		STREAM_VERIFY_SANE(s);
+(gdb)
+323		if (STREAM_READABLE(s) < size) {
+(gdb)
+34	  return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
+(gdb)
+
+Thread 1 "bgpd" received signal SIGSEGV, Segmentation fault.
+0x00005555556e37be in route_set_aspath_prepend (rule=0x555555aac0d0, prefix=0x7fffffffe050,
+    object=0x7fffffffdb00) at bgpd/bgp_routemap.c:2282
+2282		if (path->attr->aspath->refcnt)
+(gdb)
+```
+
+With the configuration:
+
+```
+ neighbor 127.0.0.1 remote-as external
+ neighbor 127.0.0.1 passive
+ neighbor 127.0.0.1 ebgp-multihop
+ neighbor 127.0.0.1 disable-connected-check
+ neighbor 127.0.0.1 update-source 127.0.0.2
+ neighbor 127.0.0.1 timers 3 90
+ neighbor 127.0.0.1 timers connect 1
+ address-family ipv4 unicast
+  redistribute connected
+  neighbor 127.0.0.1 default-originate
+  neighbor 127.0.0.1 route-map RM_IN in
+ exit-address-family
+!
+route-map RM_IN permit 10
+ set as-path prepend 200
+exit
+```
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+CVE: CVE-2023-46752
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/b08afc81c60607a4f736f418f2e3eb06087f1a35]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_attr.c   | 6 +-----
+ bgpd/bgp_attr.h   | 1 -
+ bgpd/bgp_packet.c | 6 +-----
+ 3 files changed, 2 insertions(+), 11 deletions(-)
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index b10a60351..e0542356c 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+@@ -2207,7 +2207,7 @@ int bgp_mp_reach_parse(struct bgp_attr_parser_args *args,
+
+		mp_update->afi = afi;
+		mp_update->safi = safi;
+-		return BGP_ATTR_PARSE_EOR;
++		return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_MAL_ATTR, 0);
+	}
+
+	mp_update->afi = afi;
+@@ -3345,10 +3345,6 @@ bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr,
+			goto done;
+		}
+
+-		if (ret == BGP_ATTR_PARSE_EOR) {
+-			goto done;
+-		}
+-
+		if (ret == BGP_ATTR_PARSE_ERROR) {
+			flog_warn(EC_BGP_ATTRIBUTE_PARSE_ERROR,
+				  "%s: Attribute %s, parse error", peer->host,
+diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h
+index 781bfdec3..69f962134 100644
+--- a/bgpd/bgp_attr.h
++++ b/bgpd/bgp_attr.h
+@@ -378,7 +378,6 @@ typedef enum {
+	/* only used internally, send notify + convert to BGP_ATTR_PARSE_ERROR
+	   */
+	BGP_ATTR_PARSE_ERROR_NOTIFYPLS = -3,
+-	BGP_ATTR_PARSE_EOR = -4,
+ } bgp_attr_parse_ret_t;
+
+ struct bpacket_attr_vec_arr;
+diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
+index 2fd28aae3..261695198 100644
+--- a/bgpd/bgp_packet.c
++++ b/bgpd/bgp_packet.c
+@@ -1843,8 +1843,7 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size)
+	 * Non-MP IPv4/Unicast EoR is a completely empty UPDATE
+	 * and MP EoR should have only an empty MP_UNREACH
+	 */
+-	if ((!update_len && !withdraw_len && nlris[NLRI_MP_UPDATE].length == 0)
+-	    || (attr_parse_ret == BGP_ATTR_PARSE_EOR)) {
++	if (!update_len && !withdraw_len && nlris[NLRI_MP_UPDATE].length == 0) {
+		afi_t afi = 0;
+		safi_t safi;
+		struct graceful_restart_info *gr_info;
+@@ -1865,9 +1864,6 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size)
+			   && nlris[NLRI_MP_WITHDRAW].length == 0) {
+			afi = nlris[NLRI_MP_WITHDRAW].afi;
+			safi = nlris[NLRI_MP_WITHDRAW].safi;
+-		} else if (attr_parse_ret == BGP_ATTR_PARSE_EOR) {
+-			afi = nlris[NLRI_MP_UPDATE].afi;
+-			safi = nlris[NLRI_MP_UPDATE].safi;
+		}
+
+		if (afi && peer->afc[afi][safi]) {
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch
new file mode 100644
index 0000000000..855eb190db
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch
@@ -0,0 +1,119 @@
+From 60bd794a9cf6df05503a062e113161dcbdbfac9d Mon Sep 17 00:00:00 2001
+From: Donatas Abraitis <donatas@opensourcerouting.org>
+Date: Mon, 20 Nov 2023 14:22:22 +0000
+Subject: [PATCH 4/6] bgpd: Check mandatory attributes more carefully for
+ UPDATE message
+
+If we send a crafted BGP UPDATE message without mandatory attributes, we do
+not check if the length of the path attributes is zero or not. We only check
+if attr->flag is at least set or not. Imagine we send only unknown transit
+attribute, then attr->flag is always 0. Also, this is true only if graceful-restart
+capability is received.
+
+A crash:
+
+```
+bgpd[7834]: [TJ23Y-GY0RH] 127.0.0.1 Unknown attribute is received (type 31, length 16)
+bgpd[7834]: [PCFFM-WMARW] 127.0.0.1(donatas-pc) rcvd UPDATE wlen 0 attrlen 20 alen 17
+BGP[7834]: Received signal 11 at 1698089639 (si_addr 0x0, PC 0x55eefd375b4a); aborting...
+BGP[7834]: /usr/local/lib/libfrr.so.0(zlog_backtrace_sigsafe+0x6d) [0x7f3205ca939d]
+BGP[7834]: /usr/local/lib/libfrr.so.0(zlog_signal+0xf3) [0x7f3205ca9593]
+BGP[7834]: /usr/local/lib/libfrr.so.0(+0xf5181) [0x7f3205cdd181]
+BGP[7834]: /lib/x86_64-linux-gnu/libpthread.so.0(+0x12980) [0x7f3204ff3980]
+BGP[7834]: /usr/lib/frr/bgpd(+0x18ab4a) [0x55eefd375b4a]
+BGP[7834]: /usr/local/lib/libfrr.so.0(route_map_apply_ext+0x310) [0x7f3205cd1290]
+BGP[7834]: /usr/lib/frr/bgpd(+0x163610) [0x55eefd34e610]
+BGP[7834]: /usr/lib/frr/bgpd(bgp_update+0x9a5) [0x55eefd35c1d5]
+BGP[7834]: /usr/lib/frr/bgpd(bgp_nlri_parse_ip+0xb7) [0x55eefd35e867]
+BGP[7834]: /usr/lib/frr/bgpd(+0x1555e6) [0x55eefd3405e6]
+BGP[7834]: /usr/lib/frr/bgpd(bgp_process_packet+0x747) [0x55eefd345597]
+BGP[7834]: /usr/local/lib/libfrr.so.0(event_call+0x83) [0x7f3205cef4a3]
+BGP[7834]: /usr/local/lib/libfrr.so.0(frr_run+0xc0) [0x7f3205ca10a0]
+BGP[7834]: /usr/lib/frr/bgpd(main+0x409) [0x55eefd2dc979]
+```
+
+Sending:
+
+```
+import socket
+import time
+
+OPEN = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+b"\xff\xff\x00\x62\x01\x04\xfd\xea\x00\x5a\x0a\x00\x00\x01\x45\x02"
+b"\x06\x01\x04\x00\x01\x00\x01\x02\x02\x02\x00\x02\x02\x46\x00\x02"
+b"\x06\x41\x04\x00\x00\xfd\xea\x02\x02\x06\x00\x02\x06\x45\x04\x00"
+b"\x01\x01\x03\x02\x0e\x49\x0c\x0a\x64\x6f\x6e\x61\x74\x61\x73\x2d"
+b"\x70\x63\x00\x02\x04\x40\x02\x00\x78\x02\x09\x47\x07\x00\x01\x01"
+b"\x80\x00\x00\x00")
+
+KEEPALIVE = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+b"\xff\xff\xff\xff\xff\xff\x00\x13\x04")
+
+UPDATE = bytearray.fromhex("ffffffffffffffffffffffffffffffff003c0200000014ff1f001000040146464646460004464646464646664646f50d05800100010200ffff000000")
+
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.connect(('127.0.0.2', 179))
+s.send(OPEN)
+data = s.recv(1024)
+s.send(KEEPALIVE)
+data = s.recv(1024)
+s.send(UPDATE)
+data = s.recv(1024)
+time.sleep(1000)
+s.close()
+```
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+CVE: CVE-2023-46753
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/d8482bf011cb2b173e85b65b4bf3d5061250cdb9]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_attr.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index e0542356c..35122943e 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+@@ -3044,13 +3044,15 @@ static bgp_attr_parse_ret_t bgp_attr_unknown(struct bgp_attr_parser_args *args)
+ }
+
+ /* Well-known attribute check. */
+-static int bgp_attr_check(struct peer *peer, struct attr *attr)
++static int bgp_attr_check(struct peer *peer, struct attr *attr,
++			  bgp_size_t length)
+ {
+	uint8_t type = 0;
+
+	/* BGP Graceful-Restart End-of-RIB for IPv4 unicast is signaled as an
+	 * empty UPDATE.  */
+-	if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag)
++	if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag &&
++	    !length)
+		return BGP_ATTR_PARSE_PROCEED;
+
+	/* "An UPDATE message that contains the MP_UNREACH_NLRI is not required
+@@ -3101,7 +3103,7 @@ bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr,
+	bgp_attr_parse_ret_t ret;
+	uint8_t flag = 0;
+	uint8_t type = 0;
+-	bgp_size_t length;
++	bgp_size_t length = 0;
+	uint8_t *startp, *endp;
+	uint8_t *attr_endp;
+	uint8_t seen[BGP_ATTR_BITMAP_SIZE];
+@@ -3416,7 +3418,7 @@ bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr,
+	}
+
+	/* Check all mandatory well-known attributes are present */
+-	ret = bgp_attr_check(peer, attr);
++	ret = bgp_attr_check(peer, attr, length);
+	if (ret < 0)
+		goto done;
+
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch
new file mode 100644
index 0000000000..9bf63372a4
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch
@@ -0,0 +1,98 @@
+From 682f100cd8d1bf7510939faa033f69ce64f965e9 Mon Sep 17 00:00:00 2001
+From: Donatas Abraitis <donatas@opensourcerouting.org>
+Date: Mon, 20 Nov 2023 14:32:38 +0000
+Subject: [PATCH 5/6] bgpd: Ignore handling NLRIs if we received
+ MP_UNREACH_NLRI
+
+If we receive MP_UNREACH_NLRI, we should stop handling remaining NLRIs if
+no mandatory path attributes received.
+
+In other words, if MP_UNREACH_NLRI received, the remaining NLRIs should be handled
+as a new data, but without mandatory attributes, it's a malformed packet.
+
+In normal case, this MUST not happen at all, but to avoid crashing bgpd, we MUST
+handle that.
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+CVE: CVE-2023-47234
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/c37119df45bbf4ef713bc10475af2ee06e12f3bf]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_attr.c   | 19 ++++++++++---------
+ bgpd/bgp_attr.h   |  1 +
+ bgpd/bgp_packet.c |  7 ++++++-
+ 3 files changed, 17 insertions(+), 10 deletions(-)
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index 35122943e..13da27e99 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+@@ -3055,15 +3055,6 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr,
+	    !length)
+		return BGP_ATTR_PARSE_PROCEED;
+
+-	/* "An UPDATE message that contains the MP_UNREACH_NLRI is not required
+-	   to carry any other path attributes.", though if MP_REACH_NLRI or NLRI
+-	   are present, it should.  Check for any other attribute being present
+-	   instead.
+-	 */
+-	if ((!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI)) &&
+-	     CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI))))
+-		return BGP_ATTR_PARSE_PROCEED;
+-
+	if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGIN)))
+		type = BGP_ATTR_ORIGIN;
+
+@@ -3082,6 +3073,16 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr,
+	    && !CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_LOCAL_PREF)))
+		type = BGP_ATTR_LOCAL_PREF;
+
++	/* An UPDATE message that contains the MP_UNREACH_NLRI is not required
++	 * to carry any other path attributes. Though if MP_REACH_NLRI or NLRI
++	 * are present, it should. Check for any other attribute being present
++	 * instead.
++	 */
++	if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI)) &&
++	    CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI)))
++		return type ? BGP_ATTR_PARSE_MISSING_MANDATORY
++			    : BGP_ATTR_PARSE_PROCEED;
++
+	/* If any of the well-known mandatory attributes are not present
+	 * in an UPDATE message, then "treat-as-withdraw" MUST be used.
+	 */
+diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h
+index 69f962134..77640dd5b 100644
+--- a/bgpd/bgp_attr.h
++++ b/bgpd/bgp_attr.h
+@@ -378,6 +378,7 @@ typedef enum {
+	/* only used internally, send notify + convert to BGP_ATTR_PARSE_ERROR
+	   */
+	BGP_ATTR_PARSE_ERROR_NOTIFYPLS = -3,
++	BGP_ATTR_PARSE_MISSING_MANDATORY = -4,
+ } bgp_attr_parse_ret_t;
+
+ struct bpacket_attr_vec_arr;
+diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
+index 261695198..c1c28f344 100644
+--- a/bgpd/bgp_packet.c
++++ b/bgpd/bgp_packet.c
+@@ -1767,7 +1767,12 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size)
+	/* Network Layer Reachability Information. */
+	update_len = end - stream_pnt(s);
+
+-	if (update_len && attribute_len) {
++	/* If we received MP_UNREACH_NLRI attribute, but also NLRIs, then
++	 * NLRIs should be handled as a new data. Though, if we received
++	 * NLRIs without mandatory attributes, they should be ignored.
++	 */
++	if (update_len && attribute_len &&
++	    attr_parse_ret != BGP_ATTR_PARSE_MISSING_MANDATORY) {
+		/* Set NLRI portion to structure. */
+		nlris[NLRI_UPDATE].afi = AFI_IP;
+		nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch
new file mode 100644
index 0000000000..218dcba510
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch
@@ -0,0 +1,114 @@
+From 024bdfcdf1d52db3a74f00a3370c3834a4bb78d0 Mon Sep 17 00:00:00 2001
+From: Donatas Abraitis <donatas@opensourcerouting.org>
+Date: Mon, 20 Nov 2023 14:39:33 +0000
+Subject: [PATCH 6/6] bgpd: Treat EOR as withdrawn to avoid unwanted handling
+ of malformed attrs
+
+Treat-as-withdraw, otherwise if we just ignore it, we will pass it to be
+processed as a normal UPDATE without mandatory attributes, that could lead
+to harmful behavior. In this case, a crash for route-maps with the configuration
+such as:
+
+```
+router bgp 65001
+ no bgp ebgp-requires-policy
+ neighbor 127.0.0.1 remote-as external
+ neighbor 127.0.0.1 passive
+ neighbor 127.0.0.1 ebgp-multihop
+ neighbor 127.0.0.1 disable-connected-check
+ neighbor 127.0.0.1 update-source 127.0.0.2
+ neighbor 127.0.0.1 timers 3 90
+ neighbor 127.0.0.1 timers connect 1
+ !
+ address-family ipv4 unicast
+  neighbor 127.0.0.1 addpath-tx-all-paths
+  neighbor 127.0.0.1 default-originate
+  neighbor 127.0.0.1 route-map RM_IN in
+ exit-address-family
+exit
+!
+route-map RM_IN permit 10
+ set as-path prepend 200
+exit
+```
+
+Send a malformed optional transitive attribute:
+
+```
+import socket
+import time
+
+OPEN = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+b"\xff\xff\x00\x62\x01\x04\xfd\xea\x00\x5a\x0a\x00\x00\x01\x45\x02"
+b"\x06\x01\x04\x00\x01\x00\x01\x02\x02\x02\x00\x02\x02\x46\x00\x02"
+b"\x06\x41\x04\x00\x00\xfd\xea\x02\x02\x06\x00\x02\x06\x45\x04\x00"
+b"\x01\x01\x03\x02\x0e\x49\x0c\x0a\x64\x6f\x6e\x61\x74\x61\x73\x2d"
+b"\x70\x63\x00\x02\x04\x40\x02\x00\x78\x02\x09\x47\x07\x00\x01\x01"
+b"\x80\x00\x00\x00")
+
+KEEPALIVE = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+b"\xff\xff\xff\xff\xff\xff\x00\x13\x04")
+
+UPDATE = bytearray.fromhex("ffffffffffffffffffffffffffffffff002b0200000003c0ff00010100eb00ac100b0b001ad908ac100b0b")
+
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.connect(('127.0.0.2', 179))
+s.send(OPEN)
+data = s.recv(1024)
+s.send(KEEPALIVE)
+data = s.recv(1024)
+s.send(UPDATE)
+data = s.recv(1024)
+time.sleep(100)
+s.close()
+```
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+CVE: CVE-2023-47235
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/6814f2e0138a6ea5e1f83bdd9085d9a77999900b]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_attr.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index 13da27e99..1e08a218e 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+@@ -3050,10 +3050,13 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr,
+	uint8_t type = 0;
+
+	/* BGP Graceful-Restart End-of-RIB for IPv4 unicast is signaled as an
+-	 * empty UPDATE.  */
++	 * empty UPDATE. Treat-as-withdraw, otherwise if we just ignore it,
++	 * we will pass it to be processed as a normal UPDATE without mandatory
++	 * attributes, that could lead to harmful behavior.
++	 */
+	if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag &&
+	    !length)
+-		return BGP_ATTR_PARSE_PROCEED;
++		return BGP_ATTR_PARSE_WITHDRAW;
+
+	if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGIN)))
+		type = BGP_ATTR_ORIGIN;
+@@ -3477,7 +3480,13 @@ done:
+	}
+
+	transit = bgp_attr_get_transit(attr);
+-	if (ret != BGP_ATTR_PARSE_ERROR) {
++	/* If we received an UPDATE with mandatory attributes, then
++	 * the unrecognized transitive optional attribute of that
++	 * path MUST be passed. Otherwise, it's an error, and from
++	 * security perspective it might be very harmful if we continue
++	 * here with the unrecognized attributes.
++	 */
++	if (ret == BGP_ATTR_PARSE_PROCEED) {
+		/* Finally intern unknown attribute. */
+		if (transit)
+			bgp_attr_set_transit(attr, transit_intern(transit));
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/frr.pam b/meta-networking/recipes-protocols/frr/frr/frr.pam
index 3541a975ae..a9ec35dd69 100644
--- a/meta-networking/recipes-protocols/frr/frr/frr.pam
+++ b/meta-networking/recipes-protocols/frr/frr/frr.pam
@@ -1,10 +1,11 @@
 #
-# The PAM configuration file for the quagga `vtysh' service
+# The PAM configuration file for the frr `vtysh' service
 #
 
 # This allows root to change user infomation without being
 # prompted for a password
 auth		sufficient	pam_rootok.so
+account		sufficient	pam_rootok.so
 
 # The standard Unix authentication modules, used with
 # NIS (man nsswitch) as well as normal /etc/passwd and
diff --git a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
index ceb94109de..03b106131f 100644
--- a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
+++ b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
@@ -10,6 +10,23 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                     file://COPYING-LGPLv2.1;md5=4fbd65380cdd255951079008b364516c"
 
 SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \
+           file://CVE-2022-37035.patch \
+           file://CVE-2022-37032.patch \
+           file://CVE-2022-42917.patch \
+           file://CVE-2022-36440.patch \
+           file://CVE-2022-40318.patch \
+           file://CVE-2022-43681.patch \
+           file://CVE-2023-31489.patch \
+           file://CVE-2023-31490.patch \
+           file://CVE-2023-38802.patch \
+           file://CVE-2023-41358.patch \
+           file://CVE-2023-41909.patch \
+           file://CVE-2023-38406.patch \
+           file://CVE-2023-38407.patch \
+           file://CVE-2023-46752.patch \
+           file://CVE-2023-46753.patch \
+           file://CVE-2023-47234.patch \
+           file://CVE-2023-47235.patch \
            file://frr.pam \
 	      "
 
@@ -73,6 +90,11 @@ SYSTEMD_PACKAGES = "${PN}"
 SYSTEMD_SERVICE:${PN} = "frr.service"
 SYSTEMD_AUTO_ENABLE = "disable"
 
+do_compile:prepend () {
+   sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' \
+          -e 's#${RECIPE_SYSROOT}##g' ${S}/lib/version.h
+}
+
 do_compile:class-native () {
     oe_runmake clippy-only
 }
diff --git a/meta-networking/recipes-protocols/mdns/files/0001-Create-subroutine-for-cleaning-recent-interfaces.patch b/meta-networking/recipes-protocols/mdns/mdns/0001-Create-subroutine-for-cleaning-recent-interfaces.patch
index f8efc10448..f8efc10448 100644
--- a/meta-networking/recipes-protocols/mdns/files/0001-Create-subroutine-for-cleaning-recent-interfaces.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0001-Create-subroutine-for-cleaning-recent-interfaces.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0001-dns-sd-Include-missing-headers.patch b/meta-networking/recipes-protocols/mdns/mdns/0001-dns-sd-Include-missing-headers.patch
index c743b3eddb..c743b3eddb 100644
--- a/meta-networking/recipes-protocols/mdns/files/0001-dns-sd-Include-missing-headers.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0001-dns-sd-Include-missing-headers.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0001-mdns-include-stddef.h-for-NULL.patch b/meta-networking/recipes-protocols/mdns/mdns/0001-mdns-include-stddef.h-for-NULL.patch
index c57ce8fa53..c57ce8fa53 100644
--- a/meta-networking/recipes-protocols/mdns/files/0001-mdns-include-stddef.h-for-NULL.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0001-mdns-include-stddef.h-for-NULL.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0002-Create-subroutine-for-tearing-down-an-interface.patch b/meta-networking/recipes-protocols/mdns/mdns/0002-Create-subroutine-for-tearing-down-an-interface.patch
index 21ba318499..21ba318499 100644
--- a/meta-networking/recipes-protocols/mdns/files/0002-Create-subroutine-for-tearing-down-an-interface.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0002-Create-subroutine-for-tearing-down-an-interface.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0002-mdns-cross-compilation-fixes-for-bitbake.patch b/meta-networking/recipes-protocols/mdns/mdns/0002-mdns-cross-compilation-fixes-for-bitbake.patch
index 33590ffc57..33590ffc57 100644
--- a/meta-networking/recipes-protocols/mdns/files/0002-mdns-cross-compilation-fixes-for-bitbake.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0002-mdns-cross-compilation-fixes-for-bitbake.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0003-Track-interface-socket-family.patch b/meta-networking/recipes-protocols/mdns/mdns/0003-Track-interface-socket-family.patch
index 8c0e6bf397..8c0e6bf397 100644
--- a/meta-networking/recipes-protocols/mdns/files/0003-Track-interface-socket-family.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0003-Track-interface-socket-family.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0004-Use-list-for-changed-interfaces.patch b/meta-networking/recipes-protocols/mdns/mdns/0004-Use-list-for-changed-interfaces.patch
index db3a63ea48..db3a63ea48 100644
--- a/meta-networking/recipes-protocols/mdns/files/0004-Use-list-for-changed-interfaces.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0004-Use-list-for-changed-interfaces.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0006-Remove-unneeded-function.patch b/meta-networking/recipes-protocols/mdns/mdns/0006-Remove-unneeded-function.patch
index b461a60df7..b461a60df7 100644
--- a/meta-networking/recipes-protocols/mdns/files/0006-Remove-unneeded-function.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0006-Remove-unneeded-function.patch
diff --git a/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch b/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch
new file mode 100644
index 0000000000..b7d9ad5bba
--- /dev/null
+++ b/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch
@@ -0,0 +1,175 @@
+From 177abf68e5ac5f82c6261af63528f8b6160bca0f Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alex.kiernan@gmail.com>
+Date: Tue, 6 Dec 2022 13:28:31 +0000
+Subject: [PATCH] make: Add top-level Makefile
+
+Simple top level Makefile that just delegates to mDNSPosix.
+
+Upstream-Status: Inappropriate [oe-specific]
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ Makefile | 154 +------------------------------------------------------
+ 1 file changed, 2 insertions(+), 152 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 8b6fa77..feb6ac6 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,152 +1,2 @@
+-#
+-# Copyright (c) 2003-2018 Apple Inc. All rights reserved.
+-#
+-# Top level makefile for Build & Integration (B&I).
+-# 
+-# This file is used to facilitate checking the mDNSResponder project directly from git and submitting to B&I at Apple.
+-#
+-# The various platform directories contain makefiles or projects specific to that platform.
+-#
+-#    B&I builds must respect the following target:
+-#         install:
+-#         installsrc:
+-#         installhdrs:
+-#         installapi:
+-#         clean:
+-#
+-
+-include $(MAKEFILEPATH)/pb_makefiles/platform.make
+-
+-MVERS = "mDNSResponder-1310.140.1"
+-
+-VER =
+-ifneq ($(strip $(GCC_VERSION)),)
+-	VER = -- GCC_VERSION=$(GCC_VERSION)
+-endif
+-echo "VER = $(VER)"
+-
+-projectdir	:= $(SRCROOT)/mDNSMacOSX
+-buildsettings	:= OBJROOT=$(OBJROOT) SYMROOT=$(SYMROOT) DSTROOT=$(DSTROOT) MVERS=$(MVERS) SDKROOT=$(SDKROOT)
+-
+-.PHONY: install installSome installEmpty installExtras SystemLibraries installhdrs installapi installsrc java clean
+-
+-# Sanitizer support
+-# Disable Sanitizer instrumentation in LibSystem contributors. See rdar://problem/29952210.
+-UNSUPPORTED_SANITIZER_PROJECTS := mDNSResponderSystemLibraries mDNSResponderSystemLibraries_Sim
+-PROJECT_SUPPORTS_SANITIZERS := 1
+-ifneq ($(words $(filter $(UNSUPPORTED_SANITIZER_PROJECTS), $(RC_ProjectName))), 0)
+-  PROJECT_SUPPORTS_SANITIZERS := 0
+-endif
+-ifeq ($(RC_ENABLE_ADDRESS_SANITIZATION),1)
+-  ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1)
+-    $(info Enabling Address Sanitizer)
+-    buildsettings += -enableAddressSanitizer YES
+-  else
+-    $(warning WARNING: Address Sanitizer not supported for project $(RC_ProjectName))
+-  endif
+-endif
+-ifeq ($(RC_ENABLE_THREAD_SANITIZATION),1)
+-  ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1)
+-    $(info Enabling Thread Sanitizer)
+-    buildsettings += -enableThreadSanitizer YES
+-  else
+-    $(warning WARNING: Thread Sanitizer not supported for project $(RC_ProjectName))
+-  endif
+-endif
+-ifeq ($(RC_ENABLE_UNDEFINED_BEHAVIOR_SANITIZATION),1)
+-  ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1)
+-    $(info Enabling Undefined Behavior Sanitizer)
+-    buildsettings += -enableUndefinedBehaviorSanitizer YES
+-  else
+-    $(warning WARNING: Undefined Behavior Sanitizer not supported for project $(RC_ProjectName))
+-  endif
+-endif
+-
+-# B&I install build targets
+-#
+-# For the mDNSResponder build alias, the make target used by B&I depends on the platform:
+-#
+-#	Platform	Make Target
+-#	--------	-----------
+-#	osx		install
+-#	ios		installSome
+-#	atv		installSome
+-#	watch		installSome
+-#
+-# For the mDNSResponderSystemLibraries and mDNSResponderSystemLibraries_sim build aliases, B&I uses the SystemLibraries
+-# target for all platforms.
+-
+-install:
+-ifeq ($(RC_ProjectName), mDNSResponderServices)
+-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx)
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Services-macOS' $(VER)
+-else
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Services' $(VER)
+-endif
+-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim)
+-	mkdir -p $(DSTROOT)/AppleInternal
+-else
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) $(VER)
+-endif
+-
+-installSome:
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) $(VER)
+-
+-installEmpty:
+-	mkdir -p $(DSTROOT)/AppleInternal
+-
+-installExtras:
+-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx)
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-macOS' $(VER)
+-else ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), ios)
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-iOS' $(VER)
+-else ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), atv)
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-tvOS' $(VER)
+-else
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras' $(VER)
+-endif
+-
+-SystemLibraries:
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) -target SystemLibraries $(VER)
+-
+-# B&I installhdrs build targets
+-
+-installhdrs::
+-ifeq ($(RC_ProjectName), mDNSResponderServices)
+-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx)
+-	cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target 'Build Services-macOS' $(VER)
+-else
+-	cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target 'Build Services' $(VER)
+-endif
+-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim)
+-	mkdir -p $(DSTROOT)/AppleInternal
+-else ifneq ($(findstring SystemLibraries,$(RC_ProjectName)),)
+-	cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target SystemLibraries $(VER)
+-endif
+-
+-# B&I installapi build targets
+-
+-installapi:
+-ifeq ($(RC_ProjectName), mDNSResponderServices)
+-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx)
+-	cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target 'Build Services-macOS' $(VER)
+-else
+-	cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target 'Build Services' $(VER)
+-endif
+-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim)
+-	mkdir -p $(DSTROOT)/AppleInternal
+-else ifneq ($(findstring SystemLibraries,$(RC_ProjectName)),)
+-	cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target SystemLibrariesDynamic $(VER)
+-endif
+-
+-# Misc. targets
+-
+-installsrc:
+-	ditto . '$(SRCROOT)'
+-	rm -rf '$(SRCROOT)/mDNSWindows' '$(SRCROOT)/Clients/FirefoxExtension'
+-
+-java:
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) -target libjdns_sd.jnilib $(VER)
+-
+-clean::
+-	echo clean
++all clean:
++	cd mDNSPosix && $(MAKE) $@
+-- 
+2.38.1
+
diff --git a/meta-networking/recipes-protocols/mdns/files/0008-Mark-deleted-interfaces-as-being-changed.patch b/meta-networking/recipes-protocols/mdns/mdns/0008-Mark-deleted-interfaces-as-being-changed.patch
index fdc5105cb9..fdc5105cb9 100644
--- a/meta-networking/recipes-protocols/mdns/files/0008-Mark-deleted-interfaces-as-being-changed.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0008-Mark-deleted-interfaces-as-being-changed.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0009-Fix-possible-NULL-dereference.patch b/meta-networking/recipes-protocols/mdns/mdns/0009-Fix-possible-NULL-dereference.patch
index 362d69768e..362d69768e 100644
--- a/meta-networking/recipes-protocols/mdns/files/0009-Fix-possible-NULL-dereference.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0009-Fix-possible-NULL-dereference.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0010-Handle-errors-from-socket-calls.patch b/meta-networking/recipes-protocols/mdns/mdns/0010-Handle-errors-from-socket-calls.patch
index b9b0157276..b9b0157276 100644
--- a/meta-networking/recipes-protocols/mdns/files/0010-Handle-errors-from-socket-calls.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0010-Handle-errors-from-socket-calls.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch b/meta-networking/recipes-protocols/mdns/mdns/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch
index d9adde04c2..d9adde04c2 100644
--- a/meta-networking/recipes-protocols/mdns/files/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/mdns.service b/meta-networking/recipes-protocols/mdns/mdns/mdns.service
index 531d142dcd..531d142dcd 100644
--- a/meta-networking/recipes-protocols/mdns/files/mdns.service
+++ b/meta-networking/recipes-protocols/mdns/mdns/mdns.service
diff --git a/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb b/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb
index 205dc929be..65f4847d8f 100644
--- a/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb
+++ b/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb
@@ -2,28 +2,31 @@ SUMMARY = "Publishes & browses available services on a link according to the Zer
 DESCRIPTION = "Bonjour, also known as zero-configuration networking, enables automatic discovery of computers, devices, and services on IP networks."
 HOMEPAGE = "http://developer.apple.com/networking/bonjour/"
 LICENSE = "Apache-2.0 & BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://../LICENSE;md5=31c50371921e0fb731003bbc665f29bf"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=31c50371921e0fb731003bbc665f29bf"
 
 DEPENDS:append:libc-musl = " musl-nscd"
 
 RPROVIDES:${PN} += "libdns_sd.so"
 
-SRC_URI = "https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-${PV}.tar.gz \
+# matches annotated tag mDNSResponder-1310.140.1
+SRCREV = "1d1de95b98fba2077d34c9d78b839a96aa0e1c77"
+BRANCH = "rel/mDNSResponder-1310"
+SRC_URI = "git://github.com/apple-oss-distributions/mDNSResponder;protocol=https;branch=${BRANCH} \
            file://mdns.service \
-           file://0001-mdns-include-stddef.h-for-NULL.patch;patchdir=.. \
-           file://0002-mdns-cross-compilation-fixes-for-bitbake.patch;patchdir=.. \
-           file://0001-Create-subroutine-for-cleaning-recent-interfaces.patch;patchdir=.. \
-           file://0002-Create-subroutine-for-tearing-down-an-interface.patch;patchdir=.. \
-           file://0003-Track-interface-socket-family.patch;patchdir=.. \
-           file://0004-Use-list-for-changed-interfaces.patch;patchdir=.. \
-           file://0006-Remove-unneeded-function.patch;patchdir=.. \
-           file://0008-Mark-deleted-interfaces-as-being-changed.patch;patchdir=.. \
-           file://0009-Fix-possible-NULL-dereference.patch;patchdir=.. \
-           file://0010-Handle-errors-from-socket-calls.patch;patchdir=.. \
-           file://0011-Change-a-dynamic-allocation-to-file-scope-variable.patch;patchdir=.. \
-           file://0001-dns-sd-Include-missing-headers.patch;patchdir=.. \
+           file://0001-mdns-include-stddef.h-for-NULL.patch \
+           file://0002-mdns-cross-compilation-fixes-for-bitbake.patch \
+           file://0001-Create-subroutine-for-cleaning-recent-interfaces.patch \
+           file://0002-Create-subroutine-for-tearing-down-an-interface.patch \
+           file://0003-Track-interface-socket-family.patch \
+           file://0004-Use-list-for-changed-interfaces.patch \
+           file://0006-Remove-unneeded-function.patch \
+           file://0008-Mark-deleted-interfaces-as-being-changed.patch \
+           file://0009-Fix-possible-NULL-dereference.patch \
+           file://0010-Handle-errors-from-socket-calls.patch \
+           file://0011-Change-a-dynamic-allocation-to-file-scope-variable.patch \
+           file://0001-dns-sd-Include-missing-headers.patch \
+           file://0006-make-Add-top-level-Makefile.patch \
            "
-SRC_URI[sha256sum] = "040f6495c18b9f0557bcf9e00cbcfc82b03405f5ba6963dc147730ca0ca90d6f"
 
 CVE_PRODUCT = "apple:mdnsresponder"
 
@@ -42,13 +45,22 @@ CVE_CHECK_IGNORE += "CVE-2007-0613"
 
 PARALLEL_MAKE = ""
 
-S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix"
+# We install a stub Makefile in the top directory so that the various checks
+# in base.bbclass pass their tests for a Makefile, this ensures (that amongst
+# other things) the sstate checks will clean the build directory when the
+# task hashes changes.
+#
+# We can't use the approach of setting ${S} to mDNSPosix as we need
+# DEBUG_PREFIX_MAP to cover files which come from the Clients directory too.
+S = "${WORKDIR}/git"
 
 EXTRA_OEMAKE += "os=linux DEBUG=0 'CC=${CC}' 'LD=${CCLD} ${LDFLAGS}'"
 
 TARGET_CC_ARCH += "${LDFLAGS}"
 
 do_install () {
+    cd mDNSPosix
+
     install -d ${D}${sbindir}
     install -m 0755 build/prod/mdnsd ${D}${sbindir}
 
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch
index 4cd7290447..0eeddf752c 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch
@@ -1,7 +1,8 @@
-From 6f8ea2e841ad45eed193310b599d3f3b410ae91d Mon Sep 17 00:00:00 2001
+From 98c62e24fdd05d7e8bd8149840bad8eb0feb3fb1 Mon Sep 17 00:00:00 2001
 From: Mingli Yu <mingli.yu@windriver.com>
 Date: Fri, 29 Jan 2021 08:49:15 +0000
-Subject: [PATCH] ac_add_search_path.m4: keep consistent between 32bit and 64bit
+Subject: [PATCH] ac_add_search_path.m4: keep consistent between 32bit and
+ 64bit
 
 With configure option "--with-openssl=${STAGING_EXECPREFIXDIR}", it behaves
 differently between 32bit and 64bit system as the openssl lib resides under
@@ -15,12 +16,13 @@ So add the patch to fix the gap between 32bit and 64bit system.
 Upstream-Status: Inappropriate [configuration specific]
 
 Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+
 ---
  m4/ac_add_search_path.m4 | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/m4/ac_add_search_path.m4 b/m4/ac_add_search_path.m4
-index 8e0a819..961f587 100644
+index 8e0a819..e9585bc 100644
 --- a/m4/ac_add_search_path.m4
 +++ b/m4/ac_add_search_path.m4
 @@ -3,8 +3,8 @@ dnl Add a search path to the LIBS and CPPFLAGS variables
@@ -34,6 +36,3 @@ index 8e0a819..961f587 100644
       fi
       if test -d $1/include; then
  	CPPFLAGS="-I$1/include $CPPFLAGS"
--- 
-2.29.2
-
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch
index 05a47f61ce..f8a52a63f5 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch
@@ -1,4 +1,4 @@
-From 69d4c517c07f55c505090e48d96ace8cd599fb26 Mon Sep 17 00:00:00 2001
+From e86d5fd52f19b85da0b7cce660c6e65ec4c0f9bb Mon Sep 17 00:00:00 2001
 From: Li xin <lixin.fnst@cn.fujitsu.com>
 Date: Fri, 21 Aug 2015 18:23:13 +0900
 Subject: [PATCH] config_os_headers: Error Fix
@@ -19,7 +19,7 @@ Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/configure.d/config_os_headers b/configure.d/config_os_headers
-index f07d512..2363b42 100644
+index 01c3376..6edd85f 100644
 --- a/configure.d/config_os_headers
 +++ b/configure.d/config_os_headers
 @@ -395,8 +395,8 @@ then
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch
index 22e591556a..a7881a8713 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch
@@ -1,4 +1,4 @@
-From 2bf1bbe1d428ed06d57aa76b03e394b72ff2216d Mon Sep 17 00:00:00 2001
+From 8097734b27fd146f358a4edd0d1a0d28309bd9a4 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Fri, 22 Jul 2016 18:34:39 +0000
 Subject: [PATCH] get_pid_from_inode: Include limit.h
@@ -14,7 +14,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  1 file changed, 1 insertion(+)
 
 diff --git a/agent/mibgroup/util_funcs/get_pid_from_inode.c b/agent/mibgroup/util_funcs/get_pid_from_inode.c
-index aee907d..7abaec2 100644
+index 5788e1d..ea380a6 100644
 --- a/agent/mibgroup/util_funcs/get_pid_from_inode.c
 +++ b/agent/mibgroup/util_funcs/get_pid_from_inode.c
 @@ -6,6 +6,7 @@
@@ -23,5 +23,5 @@ index aee907d..7abaec2 100644
  #include <ctype.h>
 +#include <limits.h>
  #include <stdio.h>
- #if HAVE_STDLIB_H
+ #ifdef HAVE_STDLIB_H
  #include <stdlib.h>
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch
deleted file mode 100644
index 4fc9e54b49..0000000000
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 94ca941e06bef157bf0e13251f8ca1471daa9393 Mon Sep 17 00:00:00 2001
-From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
-Date: Fri, 27 Aug 2021 14:21:45 +0300
-Subject: [PATCH] snmpd: always exit after displaying usage
-
-Currently, viewing the help text with -h results in snmpd being started
-in the background, whereas this does not happen with --help. Similarly,
-when an error is detected in command line syntax, the help text is
-displayed but sometimes snmpd gets started anyway, depending on the
-execution path.
-
-This patch makes snmpd consistently terminate whenever the usage
-function gets called. It also removes the goto statements no longer
-needed.
-
-Upstream-Status: Backport
-[https://github.com/net-snmp/net-snmp/commit/94ca941e06bef157bf0e13251f8ca1471daa9393]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- agent/snmpd.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/agent/snmpd.c b/agent/snmpd.c
-index f5aab0af8..90de12d99 100644
---- a/agent/snmpd.c
-+++ b/agent/snmpd.c
-@@ -289,6 +289,8 @@ usage(char *prog)
-            "  -S d|i|0-7\t\tuse -Ls <facility> instead\n"
-            "\n"
-            );
-+    SOCK_CLEANUP;
-+    exit(1);
- }
- 
- static void
-@@ -494,7 +496,6 @@ main(int argc, char *argv[])
-         case '-':
-             if (strcasecmp(optarg, "help") == 0) {
-                 usage(argv[0]);
--                goto out;
-             }
-             if (strcasecmp(optarg, "version") == 0) {
-                 version();
-@@ -783,7 +784,6 @@ main(int argc, char *argv[])
-             fprintf(stderr, "%s: Illegal argument -X:"
- 		            "AgentX support not compiled in.\n", argv[0]);
-             usage(argv[0]);
--            goto out;
- #endif
-             break;
- 
--- 
-2.25.1
-
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch
index 42352a6b00..af6334f726 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch
@@ -1,4 +1,4 @@
-From f3ff99736b8cccbba77349b0d10a3cee366a4c87 Mon Sep 17 00:00:00 2001
+From f4e1acd4f509dd26cf88da872bd5adcf884f4a5f Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Fri, 18 Sep 2015 00:28:45 -0400
 Subject: [PATCH] snmplib/keytools.c: Don't check for return from
@@ -17,7 +17,7 @@ Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
  1 file changed, 1 insertion(+), 4 deletions(-)
 
 diff --git a/snmplib/keytools.c b/snmplib/keytools.c
-index 129a7c0..2fc1efc 100644
+index 14a452a..fb1694b 100644
 --- a/snmplib/keytools.c
 +++ b/snmplib/keytools.c
 @@ -183,10 +183,7 @@ generate_Ku(const oid * hashtype, u_int hashtype_len,
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch
deleted file mode 100644
index c973bde721..0000000000
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 0a02ac779c51a2b4af3b58cb96967bf3eff80367 Mon Sep 17 00:00:00 2001
-From: Wenlin Kang <wenlin.kang@windriver.com>
-Date: Wed, 24 May 2017 16:45:34 +0800
-Subject: [PATCH] configure: fix a cc check issue.
-
-When has "." in cc value, the expression
-$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\w\s\/]+).;\s*/$1/);'
-can't get corretly the cc's value.
-
-Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
-
----
- configure.d/config_project_perl_python | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.d/config_project_perl_python b/configure.d/config_project_perl_python
-index 475c843..22d2ad3 100644
---- a/configure.d/config_project_perl_python
-+++ b/configure.d/config_project_perl_python
-@@ -87,7 +87,7 @@ if test "x$install_perl" != "xno" ; then
-     if test "x$enable_perl_cc_checks" != "xno" ; then
-         AC_MSG_CHECKING([for Perl cc])
-         changequote(, )
--        PERLCC=`$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\w\s\/]+).;\s*/$1/);'`
-+        PERLCC=`$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\.\w\s\/]+).;\s*/$1/);'`
-         changequote([, ])
-         if test "x$PERLCC" != "x" ; then
-             AC_MSG_RESULT([$PERLCC])
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch
index bfddc63dd7..6e224188a4 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch
@@ -1,4 +1,4 @@
-From 011bdcd07f2a289d0cfc1b411c03c0cc7c42dad1 Mon Sep 17 00:00:00 2001
+From 6d655ba677563ac9d62d4d8eee59fdb39d486c02 Mon Sep 17 00:00:00 2001
 From: Wenlin Kang <wenlin.kang@windriver.com>
 Date: Wed, 24 May 2017 17:10:20 +0800
 Subject: [PATCH] configure: fix incorrect variable
@@ -14,10 +14,10 @@ Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile.in b/Makefile.in
-index 912f6b2..a53d1b2 100644
+index f1cbbf5..1545be3 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -174,7 +174,7 @@ OTHERCLEANTODOS=perlclean @PYTHONCLEANTARGS@ cleanfeatures perlcleanfeatures pyt
+@@ -173,7 +173,7 @@ OTHERCLEANTODOS=perlclean @PYTHONCLEANTARGS@ cleanfeatures perlcleanfeatures pyt
  #
  # override LD_RUN_PATH to avoid dependencies on the build directory
  perlmodules: perlmakefiles subdirs
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch
new file mode 100644
index 0000000000..ce7e3422ed
--- /dev/null
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch
@@ -0,0 +1,116 @@
+From 4589352dac3ae111c7621298cf231742209efd9b Mon Sep 17 00:00:00 2001
+From: Bill Fenner <fenner@gmail.com>
+Date: Fri, 25 Nov 2022 08:41:24 -0800
+Subject: [PATCH ] snmp_agent: disallow SET with NULL varbind
+
+Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57]
+CVE: CVE-2022-44792 & CVE-2022-44793
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ agent/snmp_agent.c                            | 32 +++++++++++++++++++
+ apps/snmpset.c                                |  1 +
+ .../default/T0142snmpv2csetnull_simple        | 31 ++++++++++++++++++
+ 3 files changed, 64 insertions(+)
+ create mode 100644 testing/fulltests/default/T0142snmpv2csetnull_simple
+
+diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
+index 3376357..f51c252 100644
+--- a/agent/snmp_agent.c
++++ b/agent/snmp_agent.c
+@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status)
+     return 1;
+ }
+ 
++static int
++check_set_pdu_for_null_varbind(netsnmp_agent_session *asp)
++{
++    int i;
++    netsnmp_variable_list *v = NULL;
++
++    for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) {
++	if (v->type == ASN_NULL) {
++	    /*
++	     * Protect SET implementations that do not protect themselves
++	     * against wrong type.
++	     */
++	    DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i));
++	    asp->index = i;
++	    return SNMP_ERR_WRONGTYPE;
++	}
++    }
++    return SNMP_ERR_NOERROR;
++}
++
+ int
+ handle_pdu(netsnmp_agent_session *asp)
+ {
+     int             status, inclusives = 0;
+     netsnmp_variable_list *v = NULL;
+ 
++#ifndef NETSNMP_NO_WRITE_SUPPORT
++    /*
++     * Check for ASN_NULL in SET request
++     */
++    if (asp->pdu->command == SNMP_MSG_SET) {
++	status = check_set_pdu_for_null_varbind(asp);
++	if (status != SNMP_ERR_NOERROR) {
++	    return status;
++	}
++    }
++#endif /* NETSNMP_NO_WRITE_SUPPORT */
++
+     /*
+      * for illegal requests, mark all nodes as ASN_NULL 
+      */
+diff --git a/apps/snmpset.c b/apps/snmpset.c
+index 50f33db..387a51d 100644
+--- a/apps/snmpset.c
++++ b/apps/snmpset.c
+@@ -182,6 +182,7 @@ main(int argc, char *argv[])
+             case 'x':
+             case 'd':
+             case 'b':
++            case 'n': /* undocumented */
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+             case 'I':
+             case 'U':
+diff --git a/testing/fulltests/default/T0142snmpv2csetnull_simple b/testing/fulltests/default/T0142snmpv2csetnull_simple
+new file mode 100644
+index 0000000..0f1b8f3
+--- /dev/null
++++ b/testing/fulltests/default/T0142snmpv2csetnull_simple
+@@ -0,0 +1,31 @@
++#!/bin/sh
++
++. ../support/simple_eval_tools.sh
++
++HEADER SNMPv2c set of system.sysContact.0 with NULL varbind
++
++SKIPIF NETSNMP_DISABLE_SET_SUPPORT
++SKIPIF NETSNMP_NO_WRITE_SUPPORT
++SKIPIF NETSNMP_DISABLE_SNMPV2C
++SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE
++
++#
++# Begin test
++#
++
++# standard V2C configuration: testcomunnity
++snmp_write_access='all'
++. ./Sv2cconfig
++STARTAGENT
++
++CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0"
++
++CHECK ".1.3.6.1.2.1.1.4.0 = STRING:"
++
++CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x"
++
++CHECK "Reason: wrongType"
++
++STOPAGENT
++
++FINISHED
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch
index 26dd014ce4..409c1e03c8 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch
@@ -1,4 +1,4 @@
-From 27444fbf8323679ea0551a3bd5f04c365143d8c0 Mon Sep 17 00:00:00 2001
+From ab1d77c52e84746e75506a2870783806bc77f396 Mon Sep 17 00:00:00 2001
 From: "Roy.Li" <rongqing.li@windriver.com>
 Date: Fri, 16 Jan 2015 14:14:01 +0800
 Subject: [PATCH] net-snmp: fix "libtool --finish"
@@ -20,11 +20,11 @@ Signed-off-by: Roy.Li <rongqing.li@windriver.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile.top b/Makefile.top
-index 6315401..fc0ee06 100644
+index a962c54..1ba5607 100644
 --- a/Makefile.top
 +++ b/Makefile.top
 @@ -89,7 +89,7 @@ LIBREVISION = 0
- LIB_LD_CMD      = $(LIBTOOL) --mode=link $(LINKCC) $(CFLAGS) -rpath $(libdir) -version-info $(LIBCURRENT):$(LIBREVISION):$(LIBAGE) -o
+ LIB_LD_CMD      = $(LIBTOOL) --mode=link $(LINKCC) $(CFLAGS) -rpath $(libdir) -version-info $(LIBCURRENT):$(LIBREVISION):$(LIBAGE) @LD_NO_UNDEFINED@ -o
  LIB_EXTENSION   = la
  LIB_VERSION     =
 -LIB_LDCONFIG_CMD = $(LIBTOOL) --mode=finish $(INSTALL_PREFIX)$(libdir)
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch
index 022eb958f3..35e93d636e 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch
@@ -1,4 +1,4 @@
-From 1e3178835217ba89aa355e2b6b88e490f17be16d Mon Sep 17 00:00:00 2001
+From 5ad4eab43c1ea63ff343bba64d576440e8783e75 Mon Sep 17 00:00:00 2001
 From: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
 Date: Wed, 9 Jun 2021 15:47:30 +0900
 Subject: [PATCH] net snmp: fix engineBoots value on SIGHUP
@@ -7,6 +7,7 @@ Upstream-Status: Pending
 
 Signed-off-by: Marian Florea <marian.florea@windriver.com>
 Signed-off-by: Li Zhou <li.zhou@windriver.com>
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
 
 ---
  agent/snmpd.c    | 1 +
@@ -14,19 +15,19 @@ Signed-off-by: Li Zhou <li.zhou@windriver.com>
  2 files changed, 3 insertions(+), 2 deletions(-)
 
 diff --git a/agent/snmpd.c b/agent/snmpd.c
-index 1af439f..355b510 100644
+index 90de12d..1ccc4db 100644
 --- a/agent/snmpd.c
 +++ b/agent/snmpd.c
-@@ -1208,6 +1208,7 @@ receive(void)
- 	    snmp_log(LOG_INFO, "NET-SNMP version %s restarted\n",
- 		     netsnmp_get_version());
-             update_config();
-+	    snmp_store(app_name);
-             send_easy_trap(SNMP_TRAP_ENTERPRISESPECIFIC, 3);
- #if HAVE_SIGPROCMASK
-             ret = sigprocmask(SIG_UNBLOCK, &set, NULL);
+@@ -1169,6 +1169,7 @@ snmpd_reconfig(void)
+     snmp_log(LOG_INFO, "NET-SNMP version %s restarted\n",
+              netsnmp_get_version());
+     update_config();
++    snmp_store(app_name);
+     send_easy_trap(SNMP_TRAP_ENTERPRISESPECIFIC, 3);
+ #ifdef HAVE_SIGPROCMASK
+     ret = sigprocmask(SIG_UNBLOCK, &set, NULL);
 diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c
-index 29c2a0f..ada961c 100644
+index 7b1746b..4a17e0d 100644
 --- a/snmplib/snmpv3.c
 +++ b/snmplib/snmpv3.c
 @@ -1059,9 +1059,9 @@ init_snmpv3_post_config(int majorid, int minorid, void *serverarg,
@@ -41,6 +42,3 @@ index 29c2a0f..ada961c 100644
          engineBoots = 1;
      }
  
--- 
-2.25.1
-
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch
index f1ebe2bb61..c5a453abe2 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch
@@ -1,4 +1,4 @@
-From e507dcf8b29c55011f85d88bf05400d4717e4074 Mon Sep 17 00:00:00 2001
+From ad65b106d3cb3c6e595381be1c45a73c1ef6eb5e Mon Sep 17 00:00:00 2001
 From: Chong Lu <Chong.Lu@windriver.com>
 Date: Thu, 28 May 2020 09:46:34 -0500
 Subject: [PATCH] net-snmp: add knob whether nlist.h are checked
@@ -15,7 +15,7 @@ Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
  1 file changed, 2 insertions(+)
 
 diff --git a/configure.d/config_os_headers b/configure.d/config_os_headers
-index 76ef58a..f07d512 100644
+index b9c8c31..01c3376 100644
 --- a/configure.d/config_os_headers
 +++ b/configure.d/config_os_headers
 @@ -37,6 +37,7 @@ AC_CHECK_HEADERS([getopt.h   pthread.h  regex.h      ] dnl
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch
index 2941a36092..c382c02d89 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch
@@ -1,4 +1,4 @@
-From 3ca4335ec1d6b7b384c134fc85d7a9e513c68376 Mon Sep 17 00:00:00 2001
+From b1b9980853b1083f0c8b9f628f8b4c3a484d4f91 Mon Sep 17 00:00:00 2001
 From: Jackie Huang <jackie.huang@windriver.com>
 Date: Thu, 22 Jun 2017 10:25:08 +0800
 Subject: [PATCH] net-snmp: fix for --disable-des
@@ -15,7 +15,7 @@ Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
  1 file changed, 2 insertions(+)
 
 diff --git a/snmplib/scapi.c b/snmplib/scapi.c
-index 00c9174..c6875e1 100644
+index 54fdd5c..0f7e931 100644
 --- a/snmplib/scapi.c
 +++ b/snmplib/scapi.c
 @@ -85,7 +85,9 @@ netsnmp_feature_child_of(usm_scapi, usm_support);
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch
index 807983f612..09ca532a7f 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch
@@ -1,4 +1,4 @@
-From 972df16e9599dffddf5d714a4cbf43008c771122 Mon Sep 17 00:00:00 2001
+From 36a5656db7ea75dd15f35a6c1728937c6e2b901c Mon Sep 17 00:00:00 2001
 From: Jackie Huang <jackie.huang@windriver.com>
 Date: Wed, 14 Jan 2015 15:10:06 +0800
 Subject: [PATCH] testing: add the output format for ptest
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch
index bf1e7bedf2..c0b51c51e3 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch
@@ -1,4 +1,4 @@
-From 84e362fe97f50fbad69f083bc2d8fe18f83eb2f7 Mon Sep 17 00:00:00 2001
+From b923cd38e2503b86aedf66b767fd7f51c9f25645 Mon Sep 17 00:00:00 2001
 From: "douglas.royds" <douglas.royds@taitradio.com>
 Date: Wed, 21 Nov 2018 13:52:18 +1300
 Subject: [PATCH] net-snmp: Reproducibility: Don't check build host for
@@ -13,7 +13,7 @@ set in the environment to "yes" or "no" as appropriate for the target platform.
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/configure.d/config_os_misc4 b/configure.d/config_os_misc4
-index 6f23c8e..8cea75a 100644
+index b6864d9..07ca922 100644
 --- a/configure.d/config_os_misc4
 +++ b/configure.d/config_os_misc4
 @@ -99,9 +99,9 @@ if test x$LPSTAT_PATH != x; then
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb
index 5f887b8868..eb8e1599fb 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb
@@ -21,15 +21,14 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \
            file://0001-config_os_headers-Error-Fix.patch \
            file://0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch \
            file://0001-get_pid_from_inode-Include-limit.h.patch \
-           file://0002-configure-fix-a-cc-check-issue.patch \
            file://0004-configure-fix-incorrect-variable.patch \
            file://net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch \
            file://net-snmp-fix-for-disable-des.patch \
            file://reproducibility-have-printcap.patch \
            file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \
-           file://0001-snmpd-always-exit-after-displaying-usage.patch \
+           file://CVE-2022-44792-CVE-2022-44793.patch \
            "
-SRC_URI[sha256sum] = "eb7fd4a44de6cddbffd9a92a85ad1309e5c1054fb9d5a7dd93079c8953f48c3f"
+SRC_URI[sha256sum] = "2097f29b7e1bf3f1300b4bae52fa2308d0bb8d5d3998dbe02f9462a413a2ef0a"
 
 UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/net-snmp/files/net-snmp/"
 UPSTREAM_CHECK_REGEX = "/net-snmp/(?P<pver>\d+(\.\d+)+)/"
@@ -72,6 +71,7 @@ CACHED_CONFIGUREVARS = " \
     ac_cv_ETC_MNTTAB=/etc/mtab \
     lt_cv_shlibpath_overrides_runpath=yes \
     ac_cv_path_UNAMEPROG=${base_bindir}/uname \
+    ac_cv_path_PSPROG=${base_bindir}/ps \
     ac_cv_file__etc_printcap=no \
     NETSNMP_CONFIGURE_OPTIONS= \
 "
diff --git a/meta-networking/recipes-protocols/openflow/openflow.inc b/meta-networking/recipes-protocols/openflow/openflow.inc
index 15eb65ad32..aaad0e00e1 100644
--- a/meta-networking/recipes-protocols/openflow/openflow.inc
+++ b/meta-networking/recipes-protocols/openflow/openflow.inc
@@ -13,6 +13,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=e870c934e2c3d6ccf085fd7cf0a1e2e2"
 
 SRC_URI = "git://gitosis.stanford.edu/openflow.git;protocol=git;branch=master"
 
+CVE_CHECK_IGNORE = "\
+    CVE-2015-1611 \
+    CVE-2015-1612 \
+"
+
 DEPENDS = "virtual/libc"
 
 PACKAGECONFIG ??= ""
@@ -53,3 +58,7 @@ do_install:append() {
 }
 
 FILES:${PN} += "${nonarch_libdir}/tmpfiles.d"
+
+# This CVE is not for this product but cve-check assumes it is
+# because two CPE collides when checking the NVD database
+CVE_CHECK_IGNORE = "CVE-2018-1078"
diff --git a/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb b/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
index a7697a1ae9..984264a30f 100644
--- a/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
+++ b/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
@@ -2,3 +2,7 @@ require quagga.inc
 
 SRC_URI[md5sum] = "eced21b054d71c9e1b7c6ac43286a166"
 SRC_URI[sha256sum] = "e364c082c3309910e1eb7b068bf39ee298e2f2f3f31a6431a5c115193bd653d3"
+
+CVE_CHECK_IGNORE += "\
+    CVE-2016-4049 \
+"
diff --git a/meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb b/meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb
index 4f8e4d4282..dcfa7406d2 100644
--- a/meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb
+++ b/meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb
@@ -23,3 +23,5 @@ PACKAGECONFIG[inet] = "--enable-inet,--disable-inet,"
 PACKAGECONFIG[inet6] = "--enable-inet6,--disable-inet6,"
 
 EXTRA_OECONF += "--disable-debug"
+
+CVE_VERSION = "0.9.3.0"
diff --git a/meta-networking/recipes-support/chrony/chrony_4.2.bb b/meta-networking/recipes-support/chrony/chrony_4.2.bb
index 8ce9e1db55..b7d21b7e91 100644
--- a/meta-networking/recipes-support/chrony/chrony_4.2.bb
+++ b/meta-networking/recipes-support/chrony/chrony_4.2.bb
@@ -45,7 +45,7 @@ DEPENDS = "pps-tools"
 
 # Note: Despite being built via './configure; make; make install',
 #       chrony does not use GNU Autotools.
-inherit update-rc.d systemd
+inherit update-rc.d systemd pkgconfig
 
 # Add chronyd user if privdrop packageconfig is selected
 inherit ${@bb.utils.contains('PACKAGECONFIG', 'privdrop', 'useradd', '', d)}
@@ -53,14 +53,6 @@ USERADD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '${PN}', '
 USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--system -d / -M --shell /bin/nologin chronyd;', '', d)}"
 
 # Configuration options:
-# - For command line editing support in chronyc, you may specify either
-#   'editline' or 'readline' but not both.  editline is smaller, but
-#   many systems already have readline for other purposes so you might want
-#   to choose that instead.  However, beware license incompatibility
-#   since chrony is GPLv2 and readline versions after 6.0 are GPLv3+.
-#   You can of course choose neither, but if you're that tight on space
-#   consider dropping chronyc entirely (you can use it remotely with
-#   appropriate chrony.conf options).
 # - Security-related:
 #   - 'sechash' is omitted by default because it pulls in nss which is huge.
 #   - 'privdrop' allows chronyd to run as non-root; would need changes to
@@ -70,14 +62,17 @@ USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--sys
 PACKAGECONFIG ??= "editline \
     ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
 "
-PACKAGECONFIG[readline] = "--without-editline,--without-readline,readline"
 PACKAGECONFIG[editline] = ",--without-editline,libedit"
 PACKAGECONFIG[sechash] = "--without-tomcrypt,--disable-sechash,nss"
-PACKAGECONFIG[privdrop] = "--with-libcap,--disable-privdrop --without-libcap,libcap"
+PACKAGECONFIG[privdrop] = ",--disable-privdrop,libcap"
 PACKAGECONFIG[scfilter] = "--enable-scfilter,--without-seccomp,libseccomp"
 PACKAGECONFIG[ipv6] = ",--disable-ipv6,"
-PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss"
-PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap"
+
+# These are left for backwards compatibility, to avoid breaking existing
+# configurations.
+PACKAGECONFIG[libcap] = ""
+PACKAGECONFIG[nss] = ""
+PACKAGECONFIG[readline] = ""
 
 # --disable-static isn't supported by chrony's configure script.
 DISABLE_STATIC = ""
diff --git a/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb b/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb
index d4cdda0f81..516e467ee4 100644
--- a/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb
+++ b/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb
@@ -5,7 +5,10 @@ LICENSE = "GPL-3.0-only & LGPL-3.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 
 SRCREV = "8c06dce7d596e478c20bc54bdcec87ad97f80a1b"
-SRC_URI = "git://git.samba.org/cifs-utils.git;branch=master"
+SRC_URI = "git://git.samba.org/cifs-utils.git;branch=master \
+           file://CVE-2022-27239.patch \
+           file://CVE-2022-29869.patch \
+"
 
 S = "${WORKDIR}/git"
 DEPENDS += "libtalloc"
diff --git a/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch b/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch
new file mode 100644
index 0000000000..77f6745abe
--- /dev/null
+++ b/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch
@@ -0,0 +1,40 @@
+From 007c07fd91b6d42f8bd45187cf78ebb06801139d Mon Sep 17 00:00:00 2001
+From: Jeffrey Bencteux <jbe@improsec.com>
+Date: Thu, 17 Mar 2022 12:58:52 -0400
+Subject: [PATCH] CVE-2022-27239: mount.cifs: fix length check for ip option
+ parsing
+
+Previous check was true whatever the length of the input string was,
+leading to a buffer overflow in the subsequent strcpy call.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=15025
+
+Signed-off-by: Jeffrey Bencteux <jbe@improsec.com>
+Reviewed-by: David Disseldorp <ddiss@suse.de>
+
+Upstream-Status: Backport [ https://git.samba.org/?p=cifs-utils.git;a=commit;h=007c07fd91b6d42f8bd45187cf78ebb06801139d]
+CVE: CVE-2022-27239
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ mount.cifs.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/mount.cifs.c b/mount.cifs.c
+index 84274c9..3a6b449 100644
+--- a/mount.cifs.c
++++ b/mount.cifs.c
+@@ -926,9 +926,10 @@ parse_options(const char *data, struct parsed_mount_info *parsed_info)
+ 			if (!value || !*value) {
+ 				fprintf(stderr,
+ 					"target ip address argument missing\n");
+-			} else if (strnlen(value, MAX_ADDRESS_LEN) <=
++			} else if (strnlen(value, MAX_ADDRESS_LEN) <
+ 				MAX_ADDRESS_LEN) {
+-				strcpy(parsed_info->addrlist, value);
++				strlcpy(parsed_info->addrlist, value,
++					MAX_ADDRESS_LEN);
+ 				if (parsed_info->verboseflag)
+ 					fprintf(stderr,
+ 						"ip address %s override specified\n",
+-- 
+2.34.1
diff --git a/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch b/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch
new file mode 100644
index 0000000000..f0c3f37dec
--- /dev/null
+++ b/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch
@@ -0,0 +1,48 @@
+From 8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379 Mon Sep 17 00:00:00 2001
+From: Jeffrey Bencteux <jbe@improsec.com>
+Date: Sat, 19 Mar 2022 13:41:15 -0400
+Subject: [PATCH] mount.cifs: fix verbose messages on option parsing
+
+When verbose logging is enabled, invalid credentials file lines may be
+dumped to stderr. This may lead to information disclosure in particular
+conditions when the credentials file given is sensitive and contains '='
+signs.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=15026
+
+Signed-off-by: Jeffrey Bencteux <jbe@improsec.com>
+Reviewed-by: David Disseldorp <ddiss@suse.de>
+
+Upstream-Status: Backport [https://git.samba.org/?p=cifs-utils.git;a=commit;h=8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379]
+CVE: CVE-2022-29869
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ mount.cifs.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/mount.cifs.c b/mount.cifs.c
+index 3a6b449..2278995 100644
+--- a/mount.cifs.c
++++ b/mount.cifs.c
+@@ -628,17 +628,13 @@ static int open_cred_file(char *file_name,
+ 				goto return_i;
+ 			break;
+ 		case CRED_DOM:
+-			if (parsed_info->verboseflag)
+-				fprintf(stderr, "domain=%s\n",
+-					temp_val);
+ 			strlcpy(parsed_info->domain, temp_val,
+ 				sizeof(parsed_info->domain));
+ 			break;
+ 		case CRED_UNPARSEABLE:
+ 			if (parsed_info->verboseflag)
+ 				fprintf(stderr, "Credential formatted "
+-					"incorrectly: %s\n",
+-					temp_val ? temp_val : "(null)");
++					"incorrectly\n");
+ 			break;
+ 		}
+ 	}
+-- 
+2.34.1
+
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq.inc b/meta-networking/recipes-support/dnsmasq/dnsmasq.inc
index 136c65d8fd..a8ff21a125 100644
--- a/meta-networking/recipes-support/dnsmasq/dnsmasq.inc
+++ b/meta-networking/recipes-support/dnsmasq/dnsmasq.inc
@@ -3,8 +3,9 @@ HOMEPAGE = "http://www.thekelleys.org.uk/dnsmasq/doc.html"
 SECTION = "net"
 # GPLv3 was added in version 2.41 as license option
 LICENSE = "GPL-2.0-only | GPL-3.0-only"
-LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \
-                    file://COPYING-v3;md5=d32239bcb673463ab874e80d47fae504"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+                    file://COPYING-v3;md5=d32239bcb673463ab874e80d47fae504 \
+                    "
 
 #at least versions 2.69 and prior are moved to the archive folder on the server
 SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getVar('PV').split('.')[1]) > 69]}dnsmasq-${PV}.tar.gz;name=dnsmasq-${PV} \
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch b/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch
deleted file mode 100644
index 6bd734d756..0000000000
--- a/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch
+++ /dev/null
@@ -1,191 +0,0 @@
-From 3cdecc159e0f417a2f8d43d99632af26beea630f Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Thu, 31 Mar 2022 21:35:20 +0100
-Subject: [PATCH] Fix write-after-free error in DHCPv6 code. CVE-2022-0934
- refers.
-
-CVE: CVE-2022-0934
-
-Upstream-Status: Backport
-[https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=03345ecefe]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- CHANGELOG     |  3 +++
- src/rfc3315.c | 48 +++++++++++++++++++++++++++---------------------
- 2 files changed, 30 insertions(+), 21 deletions(-)
-
-diff --git a/CHANGELOG b/CHANGELOG
-index 5e54df9..a28da2a 100644
---- a/CHANGELOG
-+++ b/CHANGELOG
-@@ -1,4 +1,7 @@
- version 2.86
-+	Fix write-after-free error in DHCPv6 server code.
-+	CVE-2022-0934 refers.
-+
- 	Handle DHCPREBIND requests in the DHCPv6 server code.
- 	Thanks to Aichun Li for spotting this omission, and the initial
- 	patch.
-diff --git a/src/rfc3315.c b/src/rfc3315.c
-index 5c2ff97..6ecfeeb 100644
---- a/src/rfc3315.c
-+++ b/src/rfc3315.c
-@@ -33,9 +33,9 @@ struct state {
-   unsigned int mac_len, mac_type;
- };
- 
--static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, 
-+static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, 
- 			     struct in6_addr *client_addr, int is_unicast, time_t now);
--static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now);
-+static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now);
- static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_opts);
- static void log6_packet(struct state *state, char *type, struct in6_addr *addr, char *string);
- static void log6_quiet(struct state *state, char *type, struct in6_addr *addr, char *string);
-@@ -104,12 +104,12 @@ unsigned short dhcp6_reply(struct dhcp_context *context, int interface, char *if
- }
- 
- /* This cost me blood to write, it will probably cost you blood to understand - srk. */
--static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, 
-+static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, 
- 			     struct in6_addr *client_addr, int is_unicast, time_t now)
- {
-   void *end = inbuff + sz;
-   void *opts = inbuff + 34;
--  int msg_type = *((unsigned char *)inbuff);
-+  int msg_type = *inbuff;
-   unsigned char *outmsgtypep;
-   void *opt;
-   struct dhcp_vendor *vendor;
-@@ -259,15 +259,15 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
-   return 1;
- }
- 
--static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now)
-+static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now)
- {
-   void *opt;
--  int i, o, o1, start_opts;
-+  int i, o, o1, start_opts, start_msg;
-   struct dhcp_opt *opt_cfg;
-   struct dhcp_netid *tagif;
-   struct dhcp_config *config = NULL;
-   struct dhcp_netid known_id, iface_id, v6_id;
--  unsigned char *outmsgtypep;
-+  unsigned char outmsgtype;
-   struct dhcp_vendor *vendor;
-   struct dhcp_context *context_tmp;
-   struct dhcp_mac *mac_opt;
-@@ -296,12 +296,13 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
-   v6_id.next = state->tags;
-   state->tags = &v6_id;
- 
--  /* copy over transaction-id, and save pointer to message type */
--  if (!(outmsgtypep = put_opt6(inbuff, 4)))
-+  start_msg = save_counter(-1);
-+  /* copy over transaction-id */
-+  if (!put_opt6(inbuff, 4))
-     return 0;
-   start_opts = save_counter(-1);
--  state->xid = outmsgtypep[3] | outmsgtypep[2] << 8 | outmsgtypep[1] << 16;
--   
-+  state->xid = inbuff[3] | inbuff[2] << 8 | inbuff[1] << 16;
-+    
-   /* We're going to be linking tags from all context we use. 
-      mark them as unused so we don't link one twice and break the list */
-   for (context_tmp = state->context; context_tmp; context_tmp = context_tmp->current)
-@@ -347,7 +348,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
-       (msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE))
-     
-     {  
--      *outmsgtypep = DHCP6REPLY;
-+      outmsgtype = DHCP6REPLY;
-       o1 = new_opt6(OPTION6_STATUS_CODE);
-       put_opt6_short(DHCP6USEMULTI);
-       put_opt6_string("Use multicast");
-@@ -619,11 +620,11 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
- 	struct dhcp_netid *solicit_tags;
- 	struct dhcp_context *c;
- 	
--	*outmsgtypep = DHCP6ADVERTISE;
-+	outmsgtype = DHCP6ADVERTISE;
- 	
- 	if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0))
- 	  {
--	    *outmsgtypep = DHCP6REPLY;
-+	    outmsgtype = DHCP6REPLY;
- 	    state->lease_allocate = 1;
- 	    o = new_opt6(OPTION6_RAPID_COMMIT);
- 	    end_opt6(o);
-@@ -809,7 +810,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
- 	int start = save_counter(-1);
- 
- 	/* set reply message type */
--	*outmsgtypep = DHCP6REPLY;
-+	outmsgtype = DHCP6REPLY;
- 	state->lease_allocate = 1;
- 
- 	log6_quiet(state, "DHCPREQUEST", NULL, ignore ? _("ignored") : NULL);
-@@ -924,7 +925,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
- 	int address_assigned = 0;
- 
- 	/* set reply message type */
--	*outmsgtypep = DHCP6REPLY;
-+	outmsgtype = DHCP6REPLY;
- 	
- 	log6_quiet(state, msg_type == DHCP6RENEW ? "DHCPRENEW" : "DHCPREBIND", NULL, NULL);
- 
-@@ -1057,7 +1058,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
- 	int good_addr = 0;
- 
- 	/* set reply message type */
--	*outmsgtypep = DHCP6REPLY;
-+	outmsgtype = DHCP6REPLY;
- 	
- 	log6_quiet(state, "DHCPCONFIRM", NULL, NULL);
- 	
-@@ -1121,7 +1122,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
- 	log6_quiet(state, "DHCPINFORMATION-REQUEST", NULL, ignore ? _("ignored") : state->hostname);
- 	if (ignore)
- 	  return 0;
--	*outmsgtypep = DHCP6REPLY;
-+	outmsgtype = DHCP6REPLY;
- 	tagif = add_options(state, 1);
- 	break;
-       }
-@@ -1130,7 +1131,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
-     case DHCP6RELEASE:
-       {
- 	/* set reply message type */
--	*outmsgtypep = DHCP6REPLY;
-+	outmsgtype = DHCP6REPLY;
- 
- 	log6_quiet(state, "DHCPRELEASE", NULL, NULL);
- 
-@@ -1195,7 +1196,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
-     case DHCP6DECLINE:
-       {
- 	/* set reply message type */
--	*outmsgtypep = DHCP6REPLY;
-+	outmsgtype = DHCP6REPLY;
- 	
- 	log6_quiet(state, "DHCPDECLINE", NULL, NULL);
- 
-@@ -1275,7 +1276,12 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
-       }
- 
-     }
--  
-+
-+  /* Fill in the message type. Note that we store the offset,
-+     not a direct pointer, since the packet memory may have been 
-+     reallocated. */
-+  ((unsigned char *)(daemon->outpacket.iov_base))[start_msg] = outmsgtype;
-+
-   log_tags(tagif, state->xid);
-   log6_opts(0, state->xid, daemon->outpacket.iov_base + start_opts, daemon->outpacket.iov_base + save_counter(-1));
-   
--- 
-2.25.1
-
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq/lua.patch b/meta-networking/recipes-support/dnsmasq/dnsmasq/lua.patch
deleted file mode 100644
index be2bb42fc2..0000000000
--- a/meta-networking/recipes-support/dnsmasq/dnsmasq/lua.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From be1b3d2d0f1608cba5efee73d6aac5ad0709041b Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe_macdonald@mentor.com>
-Date: Tue, 9 Sep 2014 10:24:58 -0400
-Subject: [PATCH] Upstream-Status: Inappropriate [OE specific]
-
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
-Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
-
----
- Makefile | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 73ea23e..ed3eeb9 100644
---- a/Makefile
-+++ b/Makefile
-@@ -60,8 +60,8 @@ idn2_cflags =   `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFI
- idn2_libs =     `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --libs libidn2`
- ct_cflags =     `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --cflags libnetfilter_conntrack`
- ct_libs =       `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack`
--lua_cflags =    `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua5.2` 
--lua_libs =      `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.2` 
-+lua_cflags =    `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua`
-+lua_libs =      `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua`
- nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC     $(PKG_CONFIG) --cflags 'nettle hogweed' \
-                                                         HAVE_CRYPTOHASH $(PKG_CONFIG) --cflags nettle \
-                                                         HAVE_NETTLEHASH $(PKG_CONFIG) --cflags nettle`
-
--- 
-2.9.5
-
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb
deleted file mode 100644
index 0f7880ce8c..0000000000
--- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb
+++ /dev/null
@@ -1,8 +0,0 @@
-require dnsmasq.inc
-
-SRC_URI[dnsmasq-2.86.sha256sum] = "ef15f608a83ee2b1d1d2c1f11d089a7e0ac401ffb0991de73fc01ce5f290e512"
-SRC_URI += "\
-    file://lua.patch \
-    file://CVE-2022-0934.patch \
-"
-
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb
new file mode 100644
index 0000000000..6e4c331102
--- /dev/null
+++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb
@@ -0,0 +1,3 @@
+require dnsmasq.inc
+
+SRC_URI[dnsmasq-2.90.sha256sum] = "8f6666b542403b5ee7ccce66ea73a4a51cf19dd49392aaccd37231a2c51b303b"
diff --git a/meta-networking/recipes-support/libldb/libldb_2.3.3.bb b/meta-networking/recipes-support/libldb/libldb_2.3.4.bb
index 6dd3ec3a9a..af5f0427d4 100644
--- a/meta-networking/recipes-support/libldb/libldb_2.3.3.bb
+++ b/meta-networking/recipes-support/libldb/libldb_2.3.4.bb
@@ -32,8 +32,8 @@ LIC_FILES_CHKSUM = "file://pyldb.h;endline=24;md5=dfbd238cecad76957f7f860fbe9ada
                     file://man/ldb.3.xml;beginline=261;endline=262;md5=137f9fd61040c1505d1aa1019663fd08 \
                     file://tools/ldbdump.c;endline=19;md5=a7d4fc5d1f75676b49df491575a86a42"
 
-SRC_URI[md5sum] = "6824f69ea3bb58cb8a3be4c179e7569a"
-SRC_URI[sha256sum] = "9ef39700ff05b3e8f5801d2a39fe1ba023218650f81c9d377caca22f49076807"
+SRC_URI[md5sum] = "b01d6913a06901c22c5bc6caedc548ac"
+SRC_URI[sha256sum] = "f2e88dcab7b6007d92724b62f8a16e7c6e77275885c60eb4f87097e4aa4082c1"
 
 inherit pkgconfig waf-samba
 
diff --git a/meta-networking/recipes-support/ndisc6/ndisc6_git.bb b/meta-networking/recipes-support/ndisc6/ndisc6_1.0.6.bb
index f5467794e6..6861314a0a 100644
--- a/meta-networking/recipes-support/ndisc6/ndisc6_git.bb
+++ b/meta-networking/recipes-support/ndisc6/ndisc6_1.0.6.bb
@@ -5,8 +5,7 @@ HOMEPAGE = "http://www.remlab.net/ndisc6/"
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
 
-PV = "1.0.5"
-SRCREV = "b706f5f01aa82aa0db678fffd15a1527f330c507"
+SRCREV = "7e314b23329f9c24c4c097b8513673fed7e7158a"
 SRC_URI = "git://git.remlab.net/git/ndisc6.git;protocol=http;branch=master \
            file://0001-autogen-Do-not-symlink-gettext.h-from-build-host.patch \
            "
diff --git a/meta-networking/recipes-support/netsniff-ng/netsniff-ng_0.6.8.bb b/meta-networking/recipes-support/netsniff-ng/netsniff-ng_0.6.8.bb
index 004330e1b4..341eab015c 100644
--- a/meta-networking/recipes-support/netsniff-ng/netsniff-ng_0.6.8.bb
+++ b/meta-networking/recipes-support/netsniff-ng/netsniff-ng_0.6.8.bb
@@ -33,4 +33,4 @@ do_install() {
     oe_runmake DESTDIR=${D} netsniff-ng_install
 }
 
-BBCLASSEXTEND = "native nativesdk"
+BBCLASSEXTEND = "native"
diff --git a/meta-networking/recipes-support/ntp/ntp/CVE-2023-2655x.patch b/meta-networking/recipes-support/ntp/ntp/CVE-2023-2655x.patch
new file mode 100755
index 0000000000..fbd0ec151a
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/ntp/CVE-2023-2655x.patch
@@ -0,0 +1,323 @@
+CVE: CVE-2023-26551
+CVE: CVE-2023-26552
+CVE: CVE-2023-26553
+CVE: CVE-2023-26554
+CVE: CVE-2023-26555
+Upstream-Status: Backport [https://archive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p15-3806-3807.patch]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+--- include/ntp_fp.h	2019-06-03 23:41:14.000000000 -0500
++++ ../ntp-stable-p16-sec/include/ntp_fp.h	2023-04-17 03:17:01.655121000 -0500
+@@ -195,9 +195,9 @@
+ 	do { \
+ 		int32 add_f = (int32)(f); \
+ 		if (add_f >= 0) \
+-			M_ADD((r_i), (r_f), 0, (uint32)( add_f)); \
++			M_ADD((r_i), (r_f), 0, (u_int32)( add_f)); \
+ 		else \
+-			M_SUB((r_i), (r_f), 0, (uint32)(-add_f)); \
++			M_SUB((r_i), (r_f), 0, (u_int32)(-add_f)); \
+ 	} while(0)
+ 
+ #define	M_ISNEG(v_i)			/* v < 0 */ \
+--- libntp/mstolfp.c	2019-06-03 23:41:14.000000000 -0500
++++ ../ntp-stable-p16-sec/libntp/mstolfp.c	2023-04-17 03:07:38.598581000 -0500
+@@ -14,86 +14,58 @@
+ 	l_fp *lfp
+ 	)
+ {
+-	register const char *cp;
+-	register char *bp;
+-	register const char *cpdec;
+-	char buf[100];
++	int        ch, neg = 0; 
++	u_int32    q, r;
+ 
+ 	/*
+ 	 * We understand numbers of the form:
+ 	 *
+ 	 * [spaces][-|+][digits][.][digits][spaces|\n|\0]
+ 	 *
+-	 * This is one enormous hack.  Since I didn't feel like
+-	 * rewriting the decoding routine for milliseconds, what
+-	 * is essentially done here is to make a copy of the string
+-	 * with the decimal moved over three places so the seconds
+-	 * decoding routine can be used.
++	 * This is kinda hack.  We use 'atolfp' to do the basic parsing
++	 * (after some initial checks) and then divide the result by
++	 * 1000.  The original implementation avoided that by
++	 * hacking up the input string to move the decimal point, but
++	 * that needed string manipulations prone to buffer overruns.
++	 * To avoid that trouble we do the conversion first and adjust
++	 * the result.
+ 	 */
+-	bp = buf;
+-	cp = str;
+-	while (isspace((unsigned char)*cp))
+-	    cp++;
+ 	
+-	if (*cp == '-' || *cp == '+') {
+-		*bp++ = *cp++;
+-	}
+-
+-	if (*cp != '.' && !isdigit((unsigned char)*cp))
+-	    return 0;
+-
+-
+-	/*
+-	 * Search forward for the decimal point or the end of the string.
+-	 */
+-	cpdec = cp;
+-	while (isdigit((unsigned char)*cpdec))
+-	    cpdec++;
+-
+-	/*
+-	 * Found something.  If we have more than three digits copy the
+-	 * excess over, else insert a leading 0.
+-	 */
+-	if ((cpdec - cp) > 3) {
+-		do {
+-			*bp++ = (char)*cp++;
+-		} while ((cpdec - cp) > 3);
+-	} else {
+-		*bp++ = '0';
+-	}
+-
+-	/*
+-	 * Stick the decimal in.  If we've got less than three digits in
+-	 * front of the millisecond decimal we insert the appropriate number
+-	 * of zeros.
+-	 */
+-	*bp++ = '.';
+-	if ((cpdec - cp) < 3) {
+-		size_t i = 3 - (cpdec - cp);
+-		do {
+-			*bp++ = '0';
+-		} while (--i > 0);
+-	}
+-
+-	/*
+-	 * Copy the remainder up to the millisecond decimal.  If cpdec
+-	 * is pointing at a decimal point, copy in the trailing number too.
+-	 */
+-	while (cp < cpdec)
+-	    *bp++ = (char)*cp++;
++	while (isspace(ch = *(const unsigned char*)str))
++		++str;
+ 	
+-	if (*cp == '.') {
+-		cp++;
+-		while (isdigit((unsigned char)*cp))
+-		    *bp++ = (char)*cp++;
++	switch (ch) {
++	    case '-': neg = TRUE;
++	    case '+': ++str;
++	    default : break;
+ 	}
+-	*bp = '\0';
+-
+-	/*
+-	 * Check to make sure the string is properly terminated.  If
+-	 * so, give the buffer to the decoding routine.
+-	 */
+-	if (*cp != '\0' && !isspace((unsigned char)*cp))
+-	    return 0;
+-	return atolfp(buf, lfp);
++	
++	if (!isdigit(ch = *(const unsigned char*)str) && (ch != '.'))
++		return 0;
++	if (!atolfp(str, lfp))
++		return 0;
++
++	/* now do a chained/overlapping division by 1000 to get from
++	 * seconds to msec. 1000 is small enough to go with temporary
++	 * 32bit accus for Q and R.
++	 */
++	q = lfp->l_ui / 1000u;
++	r = lfp->l_ui - (q * 1000u);
++	lfp->l_ui = q;
++
++	r = (r << 16) | (lfp->l_uf >> 16);
++	q = r / 1000u;
++	r = ((r - q * 1000) << 16) | (lfp->l_uf & 0x0FFFFu);
++	lfp->l_uf = q << 16;
++	q = r / 1000;
++	lfp->l_uf |= q;
++	r -= q * 1000u;
++
++	/* fix sign */
++	if (neg)
++		L_NEG(lfp);
++	/* round */
++	if (r >= 500)
++		L_ADDF(lfp, (neg ? -1 : 1));
++	return 1;
+ }
+--- ntpd/refclock_palisade.c	2020-04-11 04:31:33.000000000 -0500
++++ ../ntp-stable-p16-sec/ntpd/refclock_palisade.c	2023-04-15 18:09:29.787588000 -0500
+@@ -1225,9 +1225,9 @@
+ 		return;  /* using synchronous packet input */
+ 
+ 	if(up->type == CLK_PRAECIS) {
+-		if(write(peer->procptr->io.fd,"SPSTAT\r\n",8) < 0)
++		if (write(peer->procptr->io.fd,"SPSTAT\r\n",8) < 0) {
+ 			msyslog(LOG_ERR, "Palisade(%d) write: %m:",unit);
+-		else {
++		} else {
+ 			praecis_msg = 1;
+ 			return;
+ 		}
+@@ -1249,20 +1249,53 @@
+ 
+ 	pp = peer->procptr;
+ 
+-	memcpy(buf+p,rbufp->recv_space.X_recv_buffer, rbufp->recv_length);
++	if (p + rbufp->recv_length >= sizeof buf) {
++		struct palisade_unit *up;
++		up = pp->unitptr;
++
++		/*
++		 * We COULD see if there is a \r\n in the incoming
++		 * buffer before it overflows, and then process the
++		 * current line.
++		 *
++		 * Similarly, if we already have a hunk of data that
++		 * we're now flushing, that will cause the line of
++		 * data we're in the process of collecting to be garbage.
++		 *
++		 * Since we now check for this overflow and log when it
++		 * happens, we're now in a better place to easily see
++		 * what's going on and perhaps better choices can be made.
++		 */
++
++		/* Do we need to log the size of the overflow? */
++		msyslog(LOG_ERR, "Palisade(%d) praecis_parse(): input buffer overflow", 
++			up->unit);
++
++		p = 0;
++		praecis_msg = 0;
++
++		refclock_report(peer, CEVNT_BADREPLY);
++
++		return;
++	}
++
++	memcpy(buf+p, rbufp->recv_buffer, rbufp->recv_length);
+ 	p += rbufp->recv_length;
+ 
+-	if(buf[p-2] == '\r' && buf[p-1] == '\n') {
++	if (   p >= 2
++	    && buf[p-2] == '\r' 
++	    && buf[p-1] == '\n') {
+ 		buf[p-2] = '\0';
+ 		record_clock_stats(&peer->srcadr, buf);
+ 
+ 		p = 0;
+ 		praecis_msg = 0;
+ 
+-		if (HW_poll(pp) < 0)
++		if (HW_poll(pp) < 0) {
+ 			refclock_report(peer, CEVNT_FAULT);
+-
++		}
+ 	}
++	return;
+ }
+ 
+ static void
+@@ -1407,7 +1440,10 @@
+ 
+ 	/* Edge trigger */
+ 	if (up->type == CLK_ACUTIME)
+-		write (pp->io.fd, "", 1);
++		if (write (pp->io.fd, "", 1) != 1)
++			msyslog(LOG_WARNING,
++				"Palisade(%d) HW_poll: failed to send trigger: %m", 
++				up->unit);
+ 		
+ 	if (ioctl(pp->io.fd, TIOCMSET, &x) < 0) { 
+ #ifdef DEBUG
+--- tests/libntp/strtolfp.c	2020-05-22 01:33:24.000000000 -0500
++++ ../ntp-stable-p16-sec/tests/libntp/strtolfp.c	2023-04-16 03:28:16.967582000 -0500
+@@ -26,6 +26,13 @@
+ 	return;
+ }
+ 
++static const char* fmtLFP(const l_fp *e, const l_fp *a)
++{
++    static char buf[100];
++    snprintf(buf, sizeof(buf), "e=$%08x.%08x, a=$%08x.%08x",
++	     e->l_ui, e->l_uf, a->l_ui, a->l_uf);
++    return buf;
++}
+ 
+ void test_PositiveInteger(void) {
+ 	const char *str = "500";
+@@ -37,8 +44,8 @@
+ 	TEST_ASSERT_TRUE(atolfp(str, &actual));
+ 	TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms));
+ 
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual));
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual_ms));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms));
+ }
+ 
+ void test_NegativeInteger(void) {
+@@ -54,8 +61,8 @@
+ 	TEST_ASSERT_TRUE(atolfp(str, &actual));
+ 	TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms));
+ 
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual));
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual_ms));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms));
+ }
+ 
+ void test_PositiveFraction(void) {
+@@ -68,8 +75,8 @@
+ 	TEST_ASSERT_TRUE(atolfp(str, &actual));
+ 	TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms));
+ 
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual));
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual_ms));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms));
+ }
+ 
+ void test_NegativeFraction(void) {
+@@ -85,8 +92,8 @@
+ 	TEST_ASSERT_TRUE(atolfp(str, &actual));
+ 	TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms));
+ 
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual));
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual_ms));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms));
+ }
+ 
+ void test_PositiveMsFraction(void) {
+@@ -100,9 +107,8 @@
+ 	TEST_ASSERT_TRUE(atolfp(str, &actual));
+ 	TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms));
+ 
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual));
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual_ms));
+-
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms));
+ }
+ 
+ void test_NegativeMsFraction(void) {
+@@ -118,9 +124,8 @@
+ 	TEST_ASSERT_TRUE(atolfp(str, &actual));
+ 	TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms));
+ 
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual));
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual_ms));
+-
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms));
+ }
+ 
+ void test_InvalidChars(void) {
diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
index fe2bd0773c..7861a5e3e6 100644
--- a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
+++ b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
@@ -24,12 +24,39 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g
            file://sntp.service \
            file://sntp \
            file://ntpd.list \
+           file://CVE-2023-2655x.patch;striplevel=0 \
 "
 
 SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19"
 
 # CVE-2016-9312 is only for windows.
-CVE_CHECK_IGNORE += "CVE-2016-9312"
+# CVE-2019-11331 is inherent to RFC 5905 and cannot be fixed without breaking compatibility
+# The other CVEs are not correctly identified because cve-check
+# is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference)
+CVE_CHECK_IGNORE += "\
+    CVE-2016-9312 \
+    CVE-2015-5146 \
+    CVE-2015-5300 \
+    CVE-2015-7975 \
+    CVE-2015-7976 \
+    CVE-2015-7977 \
+    CVE-2015-7978 \
+    CVE-2015-7979 \
+    CVE-2015-8138 \
+    CVE-2015-8139 \
+    CVE-2015-8140 \
+    CVE-2015-8158 \
+    CVE-2016-1547 \
+    CVE-2016-2516 \
+    CVE-2016-2517 \
+    CVE-2016-2519 \
+    CVE-2016-7429 \
+    CVE-2016-7433 \
+    CVE-2016-9310 \
+    CVE-2016-9311 \
+    CVE-2019-11331 \
+"
+
 
 inherit autotools update-rc.d useradd systemd pkgconfig
 
@@ -66,6 +93,14 @@ PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging"
 PACKAGECONFIG[mdns] = "ac_cv_header_dns_sd_h=yes,ac_cv_header_dns_sd_h=no,mdns"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
 
+do_configure:append() {
+    # tests are generated but also checked-in to source control
+    # when CVE-2023-2655x.patch changes timestamp of test source file, Makefile detects it and tries to regenerate it
+    # however it fails because of missing ruby interpretter; adding ruby-native as dependency fixes it
+    # since the regenerated file is identical to the one from source control, touch the generated file instead of adding heavy dependency
+    touch ${S}/tests/libntp/run-strtolfp.c
+}
+
 do_install:append() {
     install -d ${D}${sysconfdir}/init.d
     install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir}
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch
new file mode 100644
index 0000000000..98c62eed49
--- /dev/null
+++ b/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch
@@ -0,0 +1,29 @@
+From 9a7dead72f41e79979625c9bdef2fb638427d3d6 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 22 Aug 2022 20:54:17 -0700
+Subject: [PATCH] wscript: Widen the search for tags
+
+Default is to look for annotated tags, howveer when using devtool we
+create our own git tree from release tarballs which will have tags but
+they are not annotated, therefore broaden the search to include all tags
+
+Upstream-Status: Inappropriate [OE-specific]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ wscript | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/wscript b/wscript
+index 879ded1..dff835d 100644
+--- a/wscript
++++ b/wscript
+@@ -177,7 +177,7 @@ def configure(ctx):
+     if build_desc:
+         build_desc = ' ' + build_desc
+     if ctx.env.BIN_GIT:
+-        cmd = ctx.env.BIN_GIT + shlex.split("describe --dirty")
++        cmd = ctx.env.BIN_GIT + shlex.split("describe --tags --dirty")
+         git_short_hash = ctx.cmd_and_log(cmd).strip()
+         git_short_hash = '-'.join(git_short_hash.split('-')[1:])
+ 
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb b/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb
index 3efac7d983..bed0e2e108 100644
--- a/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb
+++ b/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb
@@ -16,7 +16,9 @@ SRC_URI = "https://ftp.ntpsec.org/pub/releases/ntpsec-${PV}.tar.gz \
            file://0001-ntpd-ntp_sandbox.c-allow-clone3-for-glibc-2.34-in-se.patch \
            file://0001-ntpd-ntp_sandbox.c-allow-newfstatat-on-all-archs-for.patch \
            file://0002-ntpd-ntp_sandbox.c-match-riscv-to-aarch-in-seccomp-f.patch \
-           file://volatiles.ntpsec"
+           file://volatiles.ntpsec \
+           file://0001-wscript-Widen-the-search-for-tags.patch \
+           "
 
 SRC_URI[sha256sum] = "f2684835116c80b8f21782a5959a805ba3c44e3a681dd6c17c7cb00cc242c27a"
 
@@ -54,7 +56,7 @@ export PYTAG = "cpython${@ d.getVar('PYTHON_BASEVERSION').replace('.', '')}"
 export pyext_PATTERN = "%s.so"
 export PYTHON_LDFLAGS = "-lpthread -ldl"
 
-CFLAGS:append = " -I${PYTHON_INCLUDE_DIR}"
+CFLAGS:append = " -I${PYTHON_INCLUDE_DIR} -D_GNU_SOURCE"
 
 EXTRA_OECONF = "--cross-compiler='${CC}' \
                 --cross-cflags='${CFLAGS}' \
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch
new file mode 100644
index 0000000000..4140c46d07
--- /dev/null
+++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch
@@ -0,0 +1,43 @@
+From 70a74758bfe0042c27f15ce590fb21a2bc54d745 Mon Sep 17 00:00:00 2001
+From: John Wolfe <jwolfe@vmware.com>
+Date: Sun, 21 Aug 2022 07:56:49 -0700
+Subject: [PATCH] Properly check authorization on incoming guestOps requests.
+
+Fix public pipe request checks.  Only a SessionRequest type should
+be accepted on the public pipe.
+
+CVE: CVE-2022-31676
+
+Upstream-Status: Backport
+[https://github.com/vmware/open-vm-tools/commit/70a74758bfe0042c27f15ce590fb21a2bc54d745]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ open-vm-tools/vgauth/serviceImpl/proto.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/open-vm-tools/vgauth/serviceImpl/proto.c b/open-vm-tools/vgauth/serviceImpl/proto.c
+index db7159ee..6c672601 100644
+--- a/open-vm-tools/vgauth/serviceImpl/proto.c
++++ b/open-vm-tools/vgauth/serviceImpl/proto.c
+@@ -1,5 +1,5 @@
+ /*********************************************************
+- * Copyright (C) 2011-2016,2019-2021 VMware, Inc. All rights reserved.
++ * Copyright (C) 2011-2016,2019-2022 VMware, Inc. All rights reserved.
+  *
+  * This program is free software; you can redistribute it and/or modify it
+  * under the terms of the GNU Lesser General Public License as published
+@@ -1201,6 +1201,10 @@ Proto_SecurityCheckRequest(ServiceConnection *conn,
+    VGAuthError err;
+    gboolean isSecure = ServiceNetworkIsConnectionPrivateSuperUser(conn);
+ 
++   if (conn->isPublic && req->reqType != PROTO_REQUEST_SESSION_REQ) {
++      return VGAUTH_E_PERMISSION_DENIED;
++   }
++
+    switch (req->reqType) {
+       /*
+        * This comes over the public connection; alwsys let it through.
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20867.patch b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20867.patch
new file mode 100644
index 0000000000..071ddf45d1
--- /dev/null
+++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20867.patch
@@ -0,0 +1,158 @@
+From 32fe1b6ac239255a91020020510453685459b28a Mon Sep 17 00:00:00 2001
+From: John Wolfe <jwolfe@vmware.com>
+Date: Mon, 8 May 2023 19:04:57 -0700
+Subject: [PATCH] open-vm-tools: Remove some dead code.
+
+Address CVE-2023-20867.
+Remove some authentication types which were deprecated long
+ago and are no longer in use. These are dead code.
+
+Upstream-Status: Backport [https://github.com/vmware/open-vm-tools/blob/CVE-2023-20867.patch/2023-20867-Remove-some-dead-code.patch]
+CVE: CVE-2023-20867
+
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ open-vm-tools/services/plugins/vix/vixTools.c | 100 ------------------
+ 1 file changed, 100 deletions(-)
+
+diff --git a/open-vm-tools/services/plugins/vix/vixTools.c b/open-vm-tools/services/plugins/vix/vixTools.c
+index bde74021..6e51d1f4 100644
+--- a/open-vm-tools/services/plugins/vix/vixTools.c
++++ b/open-vm-tools/services/plugins/vix/vixTools.c
+@@ -254,7 +254,6 @@ char *gImpersonatedUsername = NULL;
+ #define  VIX_TOOLS_CONFIG_API_AUTHENTICATION          "Authentication"
+ #define  VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS             "InfrastructureAgents"
+
+-#define VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT  TRUE
+
+ /*
+  * The switch that controls all APIs
+@@ -730,8 +729,6 @@ VixError GuestAuthSAMLAuthenticateAndImpersonate(
+
+ void GuestAuthUnimpersonate();
+
+-static Bool VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef,
+-                                                     const char *typeName);
+
+ #if SUPPORT_VGAUTH
+
+@@ -7913,29 +7910,6 @@ VixToolsImpersonateUser(VixCommandRequestHeader *requestMsg,   // IN
+                                           userToken);
+       break;
+    }
+-   case VIX_USER_CREDENTIAL_ROOT:
+-   {
+-      if ((requestMsg->requestFlags & VIX_REQUESTMSG_HAS_HASHED_SHARED_SECRET) &&
+-          !VixToolsCheckIfAuthenticationTypeEnabled(gConfDictRef,
+-                                            VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS)) {
+-          /*
+-           * Don't accept hashed shared secret if disabled.
+-           */
+-          g_message("%s: Requested authentication type has been disabled.\n",
+-                    __FUNCTION__);
+-          err = VIX_E_GUEST_AUTHTYPE_DISABLED;
+-          goto done;
+-      }
+-   }
+-   // fall through
+-
+-   case VIX_USER_CREDENTIAL_CONSOLE_USER:
+-      err = VixToolsImpersonateUserImplEx(NULL,
+-                                          credentialType,
+-                                          NULL,
+-                                          loadUserProfile,
+-                                          userToken);
+-      break;
+    case VIX_USER_CREDENTIAL_NAME_PASSWORD:
+    case VIX_USER_CREDENTIAL_NAME_PASSWORD_OBFUSCATED:
+    case VIX_USER_CREDENTIAL_NAMED_INTERACTIVE_USER:
+@@ -8104,36 +8078,6 @@ VixToolsImpersonateUserImplEx(char const *credentialTypeStr,         // IN
+          }
+       }
+
+-      /*
+-       * If the VMX asks to be root, then we allow them.
+-       * The VMX will make sure that only it will pass this value in,
+-       * and only when the VM and host are configured to allow this.
+-       */
+-      if ((VIX_USER_CREDENTIAL_ROOT == credentialType)
+-            && (thisProcessRunsAsRoot)) {
+-         *userToken = PROCESS_CREATOR_USER_TOKEN;
+-
+-         gImpersonatedUsername = Util_SafeStrdup("_ROOT_");
+-         err = VIX_OK;
+-         goto quit;
+-      }
+-
+-      /*
+-       * If the VMX asks to be root, then we allow them.
+-       * The VMX will make sure that only it will pass this value in,
+-       * and only when the VM and host are configured to allow this.
+-       *
+-       * XXX This has been deprecated XXX
+-       */
+-      if ((VIX_USER_CREDENTIAL_CONSOLE_USER == credentialType)
+-            && ((allowConsoleUserOps) || !(thisProcessRunsAsRoot))) {
+-         *userToken = PROCESS_CREATOR_USER_TOKEN;
+-
+-         gImpersonatedUsername = Util_SafeStrdup("_CONSOLE_USER_NAME_");
+-         err = VIX_OK;
+-         goto quit;
+-      }
+-
+       /*
+        * If the VMX asks us to run commands in the context of the current
+        * user, make sure that the user who requested the command is the
+@@ -10814,50 +10758,6 @@ VixToolsCheckIfVixCommandEnabled(int opcode,                          // IN
+ }
+
+
+-/*
+- *-----------------------------------------------------------------------------
+- *
+- * VixToolsCheckIfAuthenticationTypeEnabled --
+- *
+- *    Checks to see if a given authentication type has been
+- *    disabled via the tools configuration.
+- *
+- * Return value:
+- *    TRUE if enabled, FALSE otherwise.
+- *
+- * Side effects:
+- *    None
+- *
+- *-----------------------------------------------------------------------------
+- */
+-
+-static Bool
+-VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef,     // IN
+-                                         const char *typeName)      // IN
+-{
+-   char authnDisabledName[64]; // Authentication.<AuthenticationType>.disabled
+-   gboolean disabled;
+-
+-   Str_Snprintf(authnDisabledName, sizeof(authnDisabledName),
+-                VIX_TOOLS_CONFIG_API_AUTHENTICATION ".%s.disabled",
+-                typeName);
+-
+-   ASSERT(confDictRef != NULL);
+-
+-   /*
+-    * XXX Skip doing the strcmp() to verify the auth type since we only
+-    * have the one typeName (VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS), and default
+-    * it to VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT.
+-    */
+-   disabled = VMTools_ConfigGetBoolean(confDictRef,
+-                                       VIX_TOOLS_CONFIG_API_GROUPNAME,
+-                                       authnDisabledName,
+-                                       VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT);
+-
+-   return !disabled;
+-}
+-
+-
+ /*
+  *-----------------------------------------------------------------------------
+  *
+--
+2.40.0
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20900.patch b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20900.patch
new file mode 100644
index 0000000000..1b51e500aa
--- /dev/null
+++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20900.patch
@@ -0,0 +1,36 @@
+From 108d81c70d0a6792847051d121a660ef3511517d Mon Sep 17 00:00:00 2001
+From: Katy Feng <fkaty@vmware.com>
+Date: Fri, 22 Sep 2023 10:15:58 +0000
+Subject: [PATCH] Allow only X509 certs to verify the SAML token signature.
+
+CVE: CVE-2023-20900
+
+Upstream-Status: Backport [https://github.com/vmware/open-vm-tools/commit/74b6d0d9000eda1a2c8f31c40c725fb0b8520b16]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+index aaa5082a..ad8fe304 100644
+--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
++++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+@@ -1273,7 +1273,14 @@ VerifySignature(xmlDocPtr doc,
+     */
+    bRet = RegisterID(xmlDocGetRootElement(doc), "ID");
+    if (bRet == FALSE) {
+-      g_warning("failed to register ID\n");
++      g_warning("Failed to register ID\n");
++      goto done;
++   }
++
++   /* Use only X509 certs to validate the signature */
++   if (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
++                        BAD_CAST xmlSecKeyDataX509Id) < 0) {
++      g_warning("Failed to limit allowed key data\n");
+       goto done;
+    }
+
+--
+2.40.0
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch
new file mode 100644
index 0000000000..d24dd3695c
--- /dev/null
+++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch
@@ -0,0 +1,241 @@
+From 6822b5a84f8cfa60d46479d6b8f1c63eb85eac87 Mon Sep 17 00:00:00 2001
+From: John Wolfe <jwolfe@vmware.com>
+Date: Wed, 18 Oct 2023 09:04:07 -0700
+Subject: [PATCH] Address CVE-2023-34058
+
+VGAuth: don't accept tokens with unrelated certs.
+
+CVE: CVE-2023-34058
+
+Upstream-Status: Backport [https://github.com/vmware/open-vm-tools/commit/e5be40b9cc025d03ccd5689ef9192d29abd68bfe]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ open-vm-tools/vgauth/common/certverify.c      | 145 ++++++++++++++++++
+ open-vm-tools/vgauth/common/certverify.h      |   4 +
+ open-vm-tools/vgauth/common/prefs.h           |   2 +
+ .../vgauth/serviceImpl/saml-xmlsec1.c         |  14 ++
+ 4 files changed, 165 insertions(+)
+
+diff --git a/open-vm-tools/vgauth/common/certverify.c b/open-vm-tools/vgauth/common/certverify.c
+index edf54928..29b12df3 100644
+--- a/open-vm-tools/vgauth/common/certverify.c
++++ b/open-vm-tools/vgauth/common/certverify.c
+@@ -893,3 +893,148 @@ done:
+
+    return err;
+ }
++
++
++/*
++ * Finds a cert with a subject (if checkSubj is set) or issuer (if
++ * checkSUbj is unset), matching 'val' in the list
++ * of certs.  Returns a match or NULL.
++ */
++
++static X509 *
++FindCert(GList *cList,
++         X509_NAME *val,
++         int checkSubj)
++{
++   GList *l;
++   X509 *c;
++   X509_NAME *v;
++
++   l = cList;
++   while (l != NULL) {
++      c = (X509 *) l->data;
++      if (checkSubj) {
++         v = X509_get_subject_name(c);
++      } else {
++         v = X509_get_issuer_name(c);
++      }
++      if (X509_NAME_cmp(val, v) == 0) {
++         return c;
++      }
++      l = l->next;
++   }
++   return NULL;
++}
++
++
++/*
++ ******************************************************************************
++ * CertVerify_CheckForUnrelatedCerts --                                  */ /**
++ *
++ * Looks over a list of certs.  If it finds that they are not all
++ * part of the same chain, returns failure.
++ *
++ * @param[in]     numCerts      The number of certs in the chain.
++ * @param[in]     pemCerts      The chain of certificates to verify.
++ *
++ * @return VGAUTH_E_OK on success, VGAUTH_E_FAIL if unrelated certs are found.
++ *
++ ******************************************************************************
++ */
++
++VGAuthError
++CertVerify_CheckForUnrelatedCerts(int numCerts,
++                                  const char **pemCerts)
++{
++   VGAuthError err = VGAUTH_E_FAIL;
++   int chainLen = 0;
++   int i;
++   X509 **certs = NULL;
++   GList *rawList = NULL;
++   X509 *baseCert;
++   X509 *curCert;
++   X509_NAME *subject;
++   X509_NAME *issuer;
++
++   /* common single cert case; nothing to do */
++   if (numCerts == 1) {
++      return VGAUTH_E_OK;
++   }
++
++   /* convert all PEM to X509 objects */
++   certs = g_malloc0(numCerts * sizeof(X509 *));
++   for (i = 0; i < numCerts; i++) {
++      certs[i] = CertStringToX509(pemCerts[i]);
++      if (NULL == certs[i]) {
++         g_warning("%s: failed to convert cert to X509\n", __FUNCTION__);
++         goto done;
++      }
++   }
++
++   /* choose the cert to start the chain.  shouldn't matter which */
++   baseCert = certs[0];
++
++   /* put the rest into a list */
++   for (i = 1; i < numCerts; i++) {
++      rawList = g_list_append(rawList, certs[i]);
++   }
++
++   /* now chase down to a leaf, looking for certs the baseCert issued */
++   subject = X509_get_subject_name(baseCert);
++   while ((curCert = FindCert(rawList, subject, 0)) != NULL) {
++      /* pull it from the list */
++      rawList = g_list_remove(rawList, curCert);
++      /* set up the next find */
++      subject = X509_get_subject_name(curCert);
++   }
++
++   /*
++    * walk up to the root cert, by finding a cert where the
++    * issuer equals the subject of the current
++    */
++   issuer = X509_get_issuer_name(baseCert);
++   while ((curCert = FindCert(rawList, issuer, 1)) != NULL) {
++      /* pull it from the list */
++      rawList = g_list_remove(rawList, curCert);
++      /* set up the next find */
++      issuer = X509_get_issuer_name(curCert);
++   }
++
++   /*
++    * At this point, anything on the list should be certs that are not part
++    * of the chain that includes the original 'baseCert'.
++    *
++    * For a valid token, the list should be empty.
++    */
++   chainLen = g_list_length(rawList);
++   if (chainLen != 0 ) {
++      GList *l;
++
++      g_warning("%s: %d unrelated certs found in list\n",
++                __FUNCTION__, chainLen);
++
++      /* debug helper */
++      l = rawList;
++      while (l != NULL) {
++         X509* c = (X509 *) l->data;
++         char *s = X509_NAME_oneline(X509_get_subject_name(c), NULL, 0);
++
++         g_debug("%s: unrelated cert subject: %s\n", __FUNCTION__, s);
++         free(s);
++         l = l->next;
++      }
++
++      goto done;
++   }
++
++   g_debug("%s: Success!  no unrelated certs found\n", __FUNCTION__);
++   err = VGAUTH_E_OK;
++
++done:
++   g_list_free(rawList);
++   for (i = 0; i < numCerts; i++) {
++      X509_free(certs[i]);
++   }
++   g_free(certs);
++   return err;
++}
+diff --git a/open-vm-tools/vgauth/common/certverify.h b/open-vm-tools/vgauth/common/certverify.h
+index d7c6410b..f582bb82 100644
+--- a/open-vm-tools/vgauth/common/certverify.h
++++ b/open-vm-tools/vgauth/common/certverify.h
+@@ -67,6 +67,10 @@ VGAuthError CertVerify_CheckSignatureUsingCert(VGAuthHashAlg hash,
+                                                size_t signatureLen,
+                                                const unsigned char *signature);
+
++
++VGAuthError CertVerify_CheckForUnrelatedCerts(int numCerts,
++                                              const char **pemCerts);
++
+ gchar * CertVerify_StripPEMCert(const gchar *pemCert);
+
+ gchar * CertVerify_CertToX509String(const gchar *pemCert);
+diff --git a/open-vm-tools/vgauth/common/prefs.h b/open-vm-tools/vgauth/common/prefs.h
+index ff116928..87ccc9b3 100644
+--- a/open-vm-tools/vgauth/common/prefs.h
++++ b/open-vm-tools/vgauth/common/prefs.h
+@@ -136,6 +136,8 @@ msgCatalog = /etc/vmware-tools/vgauth/messages
+ #define VGAUTH_PREF_ALIASSTORE_DIR         "aliasStoreDir"
+ /** The number of seconds slack allowed in either direction in SAML token date checks. */
+ #define VGAUTH_PREF_CLOCK_SKEW_SECS        "clockSkewAdjustment"
++/** If unrelated certificates are allowed in a SAML token */
++#define VGAUTH_PREF_ALLOW_UNRELATED_CERTS  "allowUnrelatedCerts"
+
+ /** Ticket group name. */
+ #define VGAUTH_PREF_GROUP_NAME_TICKET      "ticket"
+diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+index aaa5082a..17b56de9 100644
+--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
++++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+@@ -47,6 +47,7 @@
+ #include "vmxlog.h"
+
+ static int gClockSkewAdjustment = VGAUTH_PREF_DEFAULT_CLOCK_SKEW_SECS;
++static gboolean gAllowUnrelatedCerts = FALSE;
+ static xmlSchemaPtr gParsedSchemas = NULL;
+ static xmlSchemaValidCtxtPtr gSchemaValidateCtx = NULL;
+
+@@ -313,6 +314,10 @@ LoadPrefs(void)
+                                       VGAUTH_PREF_DEFAULT_CLOCK_SKEW_SECS);
+     Log("%s: Allowing %d of clock skew for SAML date validation\n",
+         __FUNCTION__, gClockSkewAdjustment);
++    gAllowUnrelatedCerts = Pref_GetBool(gPrefs,
++                                        VGAUTH_PREF_ALLOW_UNRELATED_CERTS,
++                                        VGAUTH_PREF_GROUP_NAME_SERVICE,
++                                        FALSE);
+ }
+
+
+@@ -1526,6 +1531,15 @@ SAML_VerifyBearerTokenAndChain(const char *xmlText,
+    if (FALSE == bRet) {
+       return VGAUTH_E_AUTHENTICATION_DENIED;
+    }
++   if (!gAllowUnrelatedCerts) {
++      err = CertVerify_CheckForUnrelatedCerts(num, (const char **) certChain);
++      if (err != VGAUTH_E_OK) {
++         VMXLog_Log(VMXLOG_LEVEL_WARNING,
++                    "Unrelated certs found in SAML token, failing\n");
++         return VGAUTH_E_AUTHENTICATION_DENIED;
++      }
++   }
++
+
+    subj.type = SUBJECT_TYPE_NAMED;
+    subj.name = *subjNameOut;
+--
+2.40.0
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb
index 1c3545f960..c54fd4de48 100644
--- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb
+++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb
@@ -44,6 +44,10 @@ SRC_URI = "git://github.com/vmware/open-vm-tools.git;protocol=https;branch=maste
            file://0001-Make-HgfsConvertFromNtTimeNsec-aware-of-64-bit-time_.patch;patchdir=.. \
            file://0002-hgfsServerLinux-Consider-64bit-time_t-possibility.patch;patchdir=.. \
            file://0001-open-vm-tools-Correct-include-path-for-poll.h.patch;patchdir=.. \
+           file://0001-Properly-check-authorization-on-incoming-guestOps-re.patch;patchdir=.. \
+           file://CVE-2023-20867.patch;patchdir=.. \
+           file://CVE-2023-20900.patch;patchdir=.. \
+           file://CVE-2023-34058.patch;patchdir=.. \
            "
 
 UPSTREAM_CHECK_GITTAGREGEX = "stable-(?P<pver>\d+(\.\d+)+)"
diff --git a/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb b/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb
index c61303b81e..8625afaa74 100644
--- a/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb
+++ b/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb
@@ -85,6 +85,10 @@ do_configure () {
     done
 }
 
+do_compile:append () {
+    sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' ${S}/swig/perl/OpenIPMI_wrap.c
+}
+
 do_install:append () {
     echo "SAL: D = $D"
     echo "SAL: libdir = $libdir"
diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb b/meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb
index 218e72b7a8..828cd5033e 100644
--- a/meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb
+++ b/meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb
@@ -19,6 +19,9 @@ SRC_URI[sha256sum] = "333a7ef3d5b317968aca2c77bdc29aa7c6d6bb3316eb3f79743b59c532
 # CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn.
 CVE_CHECK_IGNORE += "CVE-2020-7224 CVE-2020-27569"
 
+# CVE-2023-7235 is specific to Windows platform
+CVE_CHECK_IGNORE += "CVE-2023-7235"
+
 SYSTEMD_SERVICE:${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service"
 SYSTEMD_AUTO_ENABLE = "disable"
 
diff --git a/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb b/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb
index 9ce019ed86..3c8458baac 100644
--- a/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb
+++ b/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb
@@ -16,4 +16,6 @@ S = "${WORKDIR}/git"
 
 inherit meson pkgconfig
 
+ALLOW_EMPTY:${PN} = "1"
+
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-networking/recipes-support/spice/spice_git.bb b/meta-networking/recipes-support/spice/spice_git.bb
index d9083bcbe8..1887a5582f 100644
--- a/meta-networking/recipes-support/spice/spice_git.bb
+++ b/meta-networking/recipes-support/spice/spice_git.bb
@@ -30,6 +30,12 @@ SRC_URI = " \
 
 S = "${WORKDIR}/git"
 
+CVE_CHECK_IGNORE += "\
+    CVE-2016-0749 \
+    CVE-2016-2150 \
+    CVE-2018-10893 \
+"
+
 inherit autotools gettext python3native python3-dir pkgconfig
 
 DEPENDS += "spice-protocol jpeg pixman alsa-lib glib-2.0 python3-pyparsing-native python3-six-native glib-2.0-native"
diff --git a/meta-networking/recipes-support/strongswan/files/CVE-2022-40617.patch b/meta-networking/recipes-support/strongswan/files/CVE-2022-40617.patch
new file mode 100644
index 0000000000..ffef6800eb
--- /dev/null
+++ b/meta-networking/recipes-support/strongswan/files/CVE-2022-40617.patch
@@ -0,0 +1,157 @@
+From 6a6c275534e31b41f6d203cfd92685b7526a45e8 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Fri, 11 Nov 2022 10:15:38 +0530
+Subject: [PATCH] CVE-2022-40617
+
+Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2022-40617]
+CVE: CVE-2022-40617
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+
+credential-manager: Do online revocation checks only after
+ basic trust chain validation
+
+This avoids querying URLs of potentially untrusted certificates, e.g. if
+an attacker sends a specially crafted end-entity and intermediate CA
+certificate with a CDP that points to a server that completes the
+TCP handshake but then does not send any further data, which will block
+the fetcher thread (depending on the plugin) for as long as the default
+timeout for TCP.  Doing that multiple times will block all worker threads,
+leading to a DoS attack.
+
+The logging during the certificate verification obviously changes.
+---
+ .../credentials/credential_manager.c          | 54 +++++++++++++++----
+ 1 file changed, 45 insertions(+), 9 deletions(-)
+
+diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
+index 3be0190..f65372b 100644
+--- a/src/libstrongswan/credentials/credential_manager.c
++++ b/src/libstrongswan/credentials/credential_manager.c
+@@ -555,7 +555,7 @@ static void cache_queue(private_credential_manager_t *this)
+  */
+ static bool check_lifetime(private_credential_manager_t *this,
+ 						   certificate_t *cert, char *label,
+-						   int pathlen, bool trusted, auth_cfg_t *auth)
++						   int pathlen, bool anchor, auth_cfg_t *auth)
+ {
+ 	time_t not_before, not_after;
+ 	cert_validator_t *validator;
+@@ -570,7 +570,7 @@ static bool check_lifetime(private_credential_manager_t *this,
+ 			continue;
+ 		}
+ 		status = validator->check_lifetime(validator, cert,
+-										   pathlen, trusted, auth);
++										   pathlen, anchor, auth);
+ 		if (status != NEED_MORE)
+ 		{
+ 			break;
+@@ -603,13 +603,13 @@ static bool check_lifetime(private_credential_manager_t *this,
+  */
+ static bool check_certificate(private_credential_manager_t *this,
+ 				certificate_t *subject, certificate_t *issuer, bool online,
+-				int pathlen, bool trusted, auth_cfg_t *auth)
++				int pathlen, bool anchor, auth_cfg_t *auth)
+ {
+ 	cert_validator_t *validator;
+ 	enumerator_t *enumerator;
+ 
+ 	if (!check_lifetime(this, subject, "subject", pathlen, FALSE, auth) ||
+-		!check_lifetime(this, issuer, "issuer", pathlen + 1, trusted, auth))
++		!check_lifetime(this, issuer, "issuer", pathlen + 1, anchor, auth))
+ 	{
+ 		return FALSE;
+ 	}
+@@ -622,7 +622,7 @@ static bool check_certificate(private_credential_manager_t *this,
+ 			continue;
+ 		}
+ 		if (!validator->validate(validator, subject, issuer,
+-								 online, pathlen, trusted, auth))
++								 online, pathlen, anchor, auth))
+ 		{
+ 			enumerator->destroy(enumerator);
+ 			return FALSE;
+@@ -725,6 +725,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
+ 	auth_cfg_t *auth;
+ 	signature_params_t *scheme;
+ 	int pathlen;
++	bool is_anchor = FALSE;
+ 
+ 	auth = auth_cfg_create();
+ 	get_key_strength(subject, auth);
+@@ -742,7 +743,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
+ 				auth->add(auth, AUTH_RULE_CA_CERT, issuer->get_ref(issuer));
+ 				DBG1(DBG_CFG, "  using trusted ca certificate \"%Y\"",
+ 							  issuer->get_subject(issuer));
+-				trusted = TRUE;
++				trusted = is_anchor = TRUE;
+ 			}
+ 			else
+ 			{
+@@ -777,11 +778,18 @@ static bool verify_trust_chain(private_credential_manager_t *this,
+ 				DBG1(DBG_CFG, "  issuer is \"%Y\"",
+ 					 current->get_issuer(current));
+ 				call_hook(this, CRED_HOOK_NO_ISSUER, current);
++				if (trusted)
++				{
++					DBG1(DBG_CFG, "  reached end of incomplete trust chain for "
++						 "trusted certificate \"%Y\"",
++						 subject->get_subject(subject));
++				}
+ 				break;
+ 			}
+ 		}
+-		if (!check_certificate(this, current, issuer, online,
+-							   pathlen, trusted, auth))
++		/* don't do online verification here */
++		if (!check_certificate(this, current, issuer, FALSE,
++							   pathlen, is_anchor, auth))
+ 		{
+ 			trusted = FALSE;
+ 			issuer->destroy(issuer);
+@@ -793,7 +801,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
+ 		}
+ 		current->destroy(current);
+ 		current = issuer;
+-		if (trusted)
++		if (is_anchor)
+ 		{
+ 			DBG1(DBG_CFG, "  reached self-signed root ca with a "
+ 				 "path length of %d", pathlen);
+@@ -806,6 +814,34 @@ static bool verify_trust_chain(private_credential_manager_t *this,
+ 		DBG1(DBG_CFG, "maximum path length of %d exceeded", MAX_TRUST_PATH_LEN);
+ 		call_hook(this, CRED_HOOK_EXCEEDED_PATH_LEN, subject);
+ 	}
++	else if (trusted && online)
++	{
++		enumerator_t *enumerator;
++		auth_rule_t rule;
++
++		/* do online revocation checks after basic validation of the chain */
++		pathlen = 0;
++		current = subject;
++		enumerator = auth->create_enumerator(auth);
++		while (enumerator->enumerate(enumerator, &rule, &issuer))
++		{
++			if (rule == AUTH_RULE_CA_CERT || rule == AUTH_RULE_IM_CERT)
++			{
++				if (!check_certificate(this, current, issuer, TRUE, pathlen++,
++									   rule == AUTH_RULE_CA_CERT, auth))
++				{
++					trusted = FALSE;
++					break;
++				}
++				else if (rule == AUTH_RULE_CA_CERT)
++				{
++					break;
++				}
++				current = issuer;
++			}
++		}
++		enumerator->destroy(enumerator);
++	}
+ 	if (trusted)
+ 	{
+ 		result->merge(result, auth, FALSE);
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb
index 1b82dceac2..afa1a684b1 100644
--- a/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb
@@ -8,11 +8,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 DEPENDS = "flex-native flex bison-native"
 DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', '  tpm2-tss', '', d)}"
 
-SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \
-           file://0001-enum-Fix-compiler-warning.patch \
+SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \
            "
 
-SRC_URI[sha256sum] = "91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7"
+SRC_URI[sha256sum] = "56e30effb578fd9426d8457e3b76c8c3728cd8a5589594b55649b2719308ba55"
 
 UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar"
 
@@ -40,7 +39,6 @@ PACKAGECONFIG[gmp] = "--enable-gmp,--disable-gmp,gmp,${PN}-plugin-gmp"
 PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap,${PN}-plugin-ldap"
 PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5,${PN}-plugin-mysql"
 PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl,${PN}-plugin-openssl"
-PACKAGECONFIG[scep] = "--enable-scepclient,--disable-scepclient,"
 PACKAGECONFIG[soup] = "--enable-soup,--disable-soup,libsoup-2.4,${PN}-plugin-soup"
 PACKAGECONFIG[sqlite3] = "--enable-sqlite,--disable-sqlite,sqlite3,${PN}-plugin-sqlite"
 PACKAGECONFIG[stroke] = "--enable-stroke,--disable-stroke,,${PN}-plugin-stroke"
@@ -145,11 +143,16 @@ RDEPENDS:${PN} += "\
     ${PN}-plugin-attr \
     ${PN}-plugin-cmac \
     ${PN}-plugin-constraints \
+    ${PN}-plugin-drbg \
+    ${PN}-plugin-fips-prf \
     ${PN}-plugin-des \
     ${PN}-plugin-dnskey \
+    ${PN}-plugin-gcm \
     ${PN}-plugin-hmac \
+    ${PN}-plugin-kdf \
     ${PN}-plugin-kernel-netlink \
     ${PN}-plugin-md5 \
+    ${PN}-plugin-mgf1 \
     ${PN}-plugin-nonce \
     ${PN}-plugin-pem \
     ${PN}-plugin-pgp \
diff --git a/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch b/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch
index aeb0bece97..0840cbbd8b 100644
--- a/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch
+++ b/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch
@@ -1,3 +1,8 @@
+From 7ff4eba20b5c4fc7365e5ee0dfb775ed29bdd5ce Mon Sep 17 00:00:00 2001
+From: Kai Kang <kai.kang@windriver.com>
+Date: Wed, 1 Nov 2017 09:23:41 -0400
+Subject: [PATCH] stunnel: fix compile error when openssl disable des support
+
 Upstream-Status: Pending
 
 When openssl disable des support with configure option 'no-des', it doesn't
@@ -6,12 +11,17 @@ failed. Fix it by checking macro OPENSSL_NO_DES to use openssl des related
 library conditionaly.
 
 Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
 ---
+ src/common.h   | 2 ++
+ src/protocol.c | 6 +++---
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
 diff --git a/src/common.h b/src/common.h
-index f7d38b0..bf485af 100644
+index bc37eb5..03ee3e5 100644
 --- a/src/common.h
 +++ b/src/common.h
-@@ -478,7 +478,9 @@ extern char *sys_errlist[];
+@@ -486,7 +486,9 @@ extern char *sys_errlist[];
  #ifndef OPENSSL_NO_MD4
  #include <openssl/md4.h>
  #endif /* !defined(OPENSSL_NO_MD4) */
@@ -22,19 +32,19 @@ index f7d38b0..bf485af 100644
  #include <openssl/dh.h>
  #if OPENSSL_VERSION_NUMBER<0x10100000L
 diff --git a/src/protocol.c b/src/protocol.c
-index 587df09..8198eb6 100644
+index 804f115..d9b2b50 100644
 --- a/src/protocol.c
 +++ b/src/protocol.c
-@@ -67,7 +67,7 @@ NOEXPORT char *imap_server(CLI *, SERVICE_OPTIONS *, const PHASE);
+@@ -66,7 +66,7 @@ NOEXPORT char *nntp_client(CLI *, SERVICE_OPTIONS *, const PHASE);
  NOEXPORT char *ldap_client(CLI *, SERVICE_OPTIONS *, const PHASE);
  NOEXPORT char *connect_server(CLI *, SERVICE_OPTIONS *, const PHASE);
  NOEXPORT char *connect_client(CLI *, SERVICE_OPTIONS *, const PHASE);
 -#ifndef OPENSSL_NO_MD4
 +#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DES)
  NOEXPORT void ntlm(CLI *, SERVICE_OPTIONS *);
- NOEXPORT char *ntlm1();
+ NOEXPORT char *ntlm1(void);
  NOEXPORT char *ntlm3(char *, char *, char *, char *);
-@@ -1332,7 +1332,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
+@@ -1351,7 +1351,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
      fd_printf(c, c->remote_fd.fd, "Host: %s", opt->protocol_host);
      if(opt->protocol_username && opt->protocol_password) {
          if(!strcasecmp(opt->protocol_authentication, "ntlm")) {
@@ -43,7 +53,7 @@ index 587df09..8198eb6 100644
              ntlm(c, opt);
  #else
              s_log(LOG_ERR, "NTLM authentication is not available");
-@@ -1376,7 +1376,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
+@@ -1395,7 +1395,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
      return NULL;
  }
  
diff --git a/meta-networking/recipes-support/stunnel/stunnel_5.63.bb b/meta-networking/recipes-support/stunnel/stunnel_5.65.bb
index 325737e8c9..ab7ff43223 100644
--- a/meta-networking/recipes-support/stunnel/stunnel_5.63.bb
+++ b/meta-networking/recipes-support/stunnel/stunnel_5.65.bb
@@ -11,7 +11,7 @@ SRC_URI = "https://stunnel.org/archive/5.x/${BP}.tar.gz \
            file://fix-openssl-no-des.patch \
 "
 
-SRC_URI[sha256sum] = "c74c4e15144a3ae34b8b890bb31c909207301490bd1e51bfaaa5ffeb0a994617"
+SRC_URI[sha256sum] = "60c500063bd1feff2877f5726e38278c086f96c178f03f09d264a2012d6bf7fc"
 
 inherit autotools bash-completion pkgconfig
 
diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.1.bb b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb
index 322a826f07..803a9bb5f5 100644
--- a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.1.bb
+++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb
@@ -26,8 +26,7 @@ SRC_URI = " \
     file://run-ptest \
 "
 
-SRC_URI[md5sum] = "929a255c71a9933608bd7c31927760f7"
-SRC_URI[sha256sum] = "79b36985fb2703146618d87c4acde3e068b91c553fb93f021a337f175fd10ebe"
+SRC_URI[sha256sum] = "0232231bb2f29d6bf2426e70a08a7e0c63a0d59a9b44863b7f5e2357a6e49fea"
 
 UPSTREAM_CHECK_REGEX = "tcpdump-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.1.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
index 56db66b8eb..1e2495efd6 100644
--- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.1.bb
+++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8"
 
 SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz"
 
-SRC_URI[sha256sum] = "cb67b6491a618867fc4f9848f586019f1bb2ebd149f393afac5544ee55e4544f"
+SRC_URI[sha256sum] = "44f18fb6d3470ecaf77a51b901a119dae16da5be4d4140ffbb2785e37ad6d4bf"
 
 UPSTREAM_CHECK_URI = "https://github.com/appneta/tcpreplay/releases"
 
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
new file mode 100644
index 0000000000..4e2157ca75
--- /dev/null
+++ b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
@@ -0,0 +1,33 @@
+From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001
+From: rofl0r <rofl0r@users.noreply.github.com>
+Date: Thu, 8 Sep 2022 15:18:04 +0000
+Subject: [PATCH] prevent junk from showing up in error page in invalid
+ requests
+
+fixes #457
+
+https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
+Upstream-Status: Backport
+CVE: CVE-2022-40468
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ src/reqs.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/reqs.c b/src/reqs.c
+index bce69819..45db118d 100644
+--- a/src/reqs.c
++++ b/src/reqs.c
+@@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr,
+                 goto fail;
+         }
+ 
++        /* zero-terminate the strings so they don't contain junk in error page */
++        request->method[0] = url[0] = request->protocol[0] = 0;
++
+         ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]",
+                       request->method, url, request->protocol);
++
+         if (ret == 2 && !strcasecmp (request->method, "GET")) {
+                 request->protocol[0] = 0;
+ 
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb
index 388f7aecbb..4ddb202268 100644
--- a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb
+++ b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb
@@ -7,6 +7,7 @@ SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz
            file://disable-documentation.patch \
            file://tinyproxy.service \
            file://tinyproxy.conf \
+           file://CVE-2022-40468.patch \
            "
 
 SRC_URI[md5sum] = "658db5558ffb849414341b756a546a99"
diff --git a/meta-networking/recipes-support/traceroute/traceroute_2.1.0.bb b/meta-networking/recipes-support/traceroute/traceroute_2.1.3.bb
index 9cac204998..ed75ba34de 100644
--- a/meta-networking/recipes-support/traceroute/traceroute_2.1.0.bb
+++ b/meta-networking/recipes-support/traceroute/traceroute_2.1.3.bb
@@ -17,8 +17,7 @@ UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/traceroute/files/tracerou
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/traceroute/traceroute/${BP}/${BP}.tar.gz \
 "
-SRC_URI[md5sum] = "84d329d67abc3fb83fc8cb12aeaddaba"
-SRC_URI[sha256sum] = "3669d22a34d3f38ed50caba18cd525ba55c5c00d5465f2d20d7472e5d81603b6"
+SRC_URI[sha256sum] = "05ebc7aba28a9100f9bbae54ceecbf75c82ccf46bdfce8b5d64806459a7e0412"
 
 EXTRA_OEMAKE = "VPATH=${STAGING_LIBDIR}"
 LTOEXTRA += "-flto-partition=none"
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2022-3190.patch b/meta-networking/recipes-support/wireshark/files/CVE-2022-3190.patch
new file mode 100644
index 0000000000..0b987700f5
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2022-3190.patch
@@ -0,0 +1,145 @@
+From 4585d515b962f3b3a5e81caa64e13e8d9ed2e431 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Mon, 26 Sep 2022 12:47:00 +0530
+Subject: [PATCH] CVE-2022-3190
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/67326401a595fffbc67eeed48eb6c55d66a55f67]
+CVE : CVE-2022-3190
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-f5ethtrailer.c | 108 +++++++++++++-------------
+ 1 file changed, 56 insertions(+), 52 deletions(-)
+
+diff --git a/epan/dissectors/packet-f5ethtrailer.c b/epan/dissectors/packet-f5ethtrailer.c
+index ed77dfd..b15b0d4 100644
+--- a/epan/dissectors/packet-f5ethtrailer.c
++++ b/epan/dissectors/packet-f5ethtrailer.c
+@@ -2741,69 +2741,73 @@ dissect_dpt_trailer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *d
+ static gint
+ dissect_old_trailer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
+ {
+-    proto_tree *type_tree   = NULL;
+-    proto_item *ti          = NULL;
+     guint offset            = 0;
+-    guint processed         = 0;
+-    f5eth_tap_data_t *tdata = (f5eth_tap_data_t *)data;
+-    guint8 type;
+-    guint8 len;
+-    guint8 ver;
+ 
+     /* While we still have data in the trailer.  For old format trailers, this needs
+      * type, length, version (3 bytes) and for new format trailers, the magic header (4 bytes).
+      * All old format trailers are at least 4 bytes long, so just check for length of magic.
+      */
+-    while (tvb_reported_length_remaining(tvb, offset)) {
+-        type = tvb_get_guint8(tvb, offset);
+-        len = tvb_get_guint8(tvb, offset + F5_OFF_LENGTH) + F5_OFF_VERSION;
+-        ver = tvb_get_guint8(tvb, offset + F5_OFF_VERSION);
+-
+-        if (len <= tvb_reported_length_remaining(tvb, offset) && type >= F5TYPE_LOW
+-            && type <= F5TYPE_HIGH && len >= F5_MIN_SANE && len <= F5_MAX_SANE
+-            && ver <= F5TRAILER_VER_MAX) {
+-            /* Parse out the specified trailer. */
+-            switch (type) {
+-            case F5TYPE_LOW:
+-                ti        = proto_tree_add_item(tree, hf_low_id, tvb, offset, len, ENC_NA);
+-                type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_low);
+-
+-                processed = dissect_low_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata);
+-                if (processed > 0) {
+-                    tdata->trailer_len += processed;
+-                    tdata->noise_low = 1;
+-                }
+-                break;
+-            case F5TYPE_MED:
+-                ti        = proto_tree_add_item(tree, hf_med_id, tvb, offset, len, ENC_NA);
+-                type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_med);
+-
+-                processed = dissect_med_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata);
+-                if (processed > 0) {
+-                    tdata->trailer_len += processed;
+-                    tdata->noise_med = 1;
+-                }
+-                break;
+-            case F5TYPE_HIGH:
+-                ti        = proto_tree_add_item(tree, hf_high_id, tvb, offset, len, ENC_NA);
+-                type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_high);
+-
+-                processed =
+-                    dissect_high_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata);
+-                if (processed > 0) {
+-                    tdata->trailer_len += processed;
+-                    tdata->noise_high = 1;
+-                }
+-                break;
++    while (tvb_reported_length_remaining(tvb, offset) >= F5_MIN_SANE) {
++        /* length field does not include the type and length bytes.  Add them back in */
++        guint8 len = tvb_get_guint8(tvb, offset + F5_OFF_LENGTH) + F5_OFF_VERSION;
++        if (len > tvb_reported_length_remaining(tvb, offset)
++            || len < F5_MIN_SANE || len > F5_MAX_SANE) {
++            /* Invalid length - either a malformed trailer, corrupt packet, or not f5ethtrailer */
++            return offset;
++        }
++        guint8 type = tvb_get_guint8(tvb, offset);
++        guint8 ver = tvb_get_guint8(tvb, offset + F5_OFF_VERSION);
++
++        /* Parse out the specified trailer. */
++        proto_tree *type_tree   = NULL;
++        proto_item *ti          = NULL;
++        f5eth_tap_data_t *tdata = (f5eth_tap_data_t *)data;
++        guint processed = 0;
++
++        switch (type) {
++        case F5TYPE_LOW:
++            ti        = proto_tree_add_item(tree, hf_low_id, tvb, offset, len, ENC_NA);
++            type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_low);
++
++            processed = dissect_low_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata);
++            if (processed > 0) {
++                tdata->trailer_len += processed;
++                tdata->noise_low = 1;
+             }
+-            if (processed == 0) {
+-                proto_item_set_len(ti, 1);
+-                return offset;
++            break;
++        case F5TYPE_MED:
++            ti        = proto_tree_add_item(tree, hf_med_id, tvb, offset, len, ENC_NA);
++            type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_med);
++
++            processed = dissect_med_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata);
++            if (processed > 0) {
++                tdata->trailer_len += processed;
++                tdata->noise_med = 1;
++            }
++            break;
++        case F5TYPE_HIGH:
++            ti        = proto_tree_add_item(tree, hf_high_id, tvb, offset, len, ENC_NA);
++            type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_high);
++
++            processed =
++                dissect_high_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata);
++            if (processed > 0) {
++                tdata->trailer_len += processed;
++                tdata->noise_high = 1;
+             }
++            break;
++        default:
++            /* Unknown type - malformed trailer, corrupt packet, or not f5ethtrailer - bali out*/
++            return offset;
++        }
++        if (processed == 0) {
++            /* couldn't process trailer - bali out */
++            proto_item_set_len(ti, 1);
++            return offset;
+         }
+         offset += processed;
+     }
+-return offset;
++    return offset;
+ } /* dissect_old_trailer() */
+ 
+ /*---------------------------------------------------------------------------*/
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch b/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch
new file mode 100644
index 0000000000..ccf04459e8
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch
@@ -0,0 +1,52 @@
+From 39db474f80af87449ce0f034522dccc80ed4153f Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Thu, 1 Dec 2022 20:46:15 -0500
+Subject: [PATCH] openflow_v6: Prevent infinite loops in too short ofp_stats
+
+The ofp_stats struct length field includes the fixed 4 bytes.
+If the length is smaller than that, report the length error
+and break out. In particular, a value of zero can cause
+infinite loops if this isn't done.
+
+
+(cherry picked from commit 13823bb1059cf70f401892ba1b1eaa2400cdf3db)
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f]
+CVE: CVE-2022-4345
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ epan/dissectors/packet-openflow_v6.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/epan/dissectors/packet-openflow_v6.c b/epan/dissectors/packet-openflow_v6.c
+index 16016af..3e24d76 100644
+--- a/epan/dissectors/packet-openflow_v6.c
++++ b/epan/dissectors/packet-openflow_v6.c
+@@ -1118,17 +1118,23 @@ dissect_openflow_v6_oxs(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
+ static int
+ dissect_openflow_stats_v6(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, guint16 length _U_)
+ {
++    proto_item *ti;
+     guint32 stats_length;
+     int oxs_end;
+     guint32 padding;
+ 
+     proto_tree_add_item(tree, hf_openflow_v6_stats_reserved, tvb, offset, 2, ENC_NA);
+ 
+-    proto_tree_add_item_ret_uint(tree, hf_openflow_v6_stats_length, tvb, offset+2, 2, ENC_BIG_ENDIAN, &stats_length);
++    ti = proto_tree_add_item_ret_uint(tree, hf_openflow_v6_stats_length, tvb, offset+2, 2, ENC_BIG_ENDIAN, &stats_length);
+ 
+     oxs_end = offset + stats_length;
+     offset+=4;
+ 
++    if (stats_length < 4) {
++        expert_add_info(pinfo, ti, &ei_openflow_v6_length_too_short);
++        return offset;
++    }
++
+     while (offset < oxs_end) {
+         offset = dissect_openflow_v6_oxs(tvb, pinfo, tree, offset, oxs_end - offset);
+     }
+-- 
+2.40.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch
new file mode 100644
index 0000000000..7732916826
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch
@@ -0,0 +1,122 @@
+From 265cbf15a418b629c3c8f02c0ba901913b1c8fd2 Mon Sep 17 00:00:00 2001
+From: Gerald Combs <gerald@wireshark.org>
+Date: Thu, 18 May 2023 13:52:48 -0700
+Subject: [PATCH] RTPS: Fixup our g_strlcpy dest_sizes
+
+Use the proper dest_size in various g_strlcpy calls.
+
+Fixes #19085
+
+(cherry picked from commit 28fdce547c417b868c521f87fb58f71ca6b1e3f7)
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/265cbf15a418b629c3c8f02c0ba901913b1c8fd2]
+CVE: CVE-2023-0666
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-rtps.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/epan/dissectors/packet-rtps.c b/epan/dissectors/packet-rtps.c
+index 5c2d1c1..ef592d7 100644
+--- a/epan/dissectors/packet-rtps.c
++++ b/epan/dissectors/packet-rtps.c
+@@ -3025,7 +3025,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+     ++tk_id;
+   }
+ 
+-  g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), 40);
++  g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), sizeof(type_name));
+ 
+     /* Structure of the typecode data:
+      *
+@@ -3196,7 +3196,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+                     member_name, -1, NULL, ndds_40_hack);
+         }
+         /* Finally prints the name of the struct (if provided) */
+-        g_strlcpy(type_name, "}", 40);
++        g_strlcpy(type_name, "}", sizeof(type_name));
+         break;
+ 
+     } /* end of case UNION */
+@@ -3367,7 +3367,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+           }
+         }
+         /* Finally prints the name of the struct (if provided) */
+-        g_strlcpy(type_name, "}", 40);
++        g_strlcpy(type_name, "}", sizeof(type_name));
+         break;
+       }
+ 
+@@ -3459,7 +3459,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+         offset += 4;
+         alias_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, alias_name_length, ENC_ASCII);
+         offset += alias_name_length;
+-        g_strlcpy(type_name, alias_name, 40);
++        g_strlcpy(type_name, alias_name, sizeof(type_name));
+         break;
+     }
+ 
+@@ -3494,7 +3494,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+         if (tk_id == RTI_CDR_TK_VALUE_PARAM) {
+           type_id_name = "valueparam";
+         }
+-        g_snprintf(type_name, 40, "%s '%s'", type_id_name, value_name);
++        g_snprintf(type_name, sizeof(type_name), "%s '%s'", type_id_name, value_name);
+         break;
+     }
+   } /* switch(tk_id) */
+@@ -3673,7 +3673,7 @@ static gint rtps_util_add_type_library_type(proto_tree *tree,
+   long_number = tvb_get_guint32(tvb, offset_tmp, encoding);
+   name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset_tmp+4, long_number, ENC_ASCII);
+   if (info)
+-    g_strlcpy(info->member_name, name, long_number);
++    g_strlcpy(info->member_name, name, sizeof(info->member_name));
+ 
+   proto_item_append_text(tree, " %s", name);
+   offset += member_length;
+@@ -3848,13 +3848,13 @@ static gint rtps_util_add_type_member(proto_tree *tree,
+   proto_item_append_text(tree, " %s (ID: %d)", name, member_id);
+   if (member_object) {
+     member_object->member_id = member_id;
+-    g_strlcpy(member_object->member_name, name, long_number < 256 ? long_number : 256);
++    g_strlcpy(member_object->member_name, name, sizeof(member_object->member_name));
+     member_object->type_id = member_type_id;
+   }
+   if (info && info->extensibility == EXTENSIBILITY_MUTABLE) {
+       mutable_member_mapping * mutable_mapping = NULL;
+       mutable_mapping = wmem_new(wmem_file_scope(), mutable_member_mapping);
+-      g_strlcpy(mutable_mapping->member_name, name, long_number < 256 ? long_number : 256);
++      g_strlcpy(mutable_mapping->member_name, name, sizeof(mutable_mapping->member_name));
+       mutable_mapping->struct_type_id = info->type_id;
+       mutable_mapping->member_type_id = member_type_id;
+       mutable_mapping->member_id = member_id;
+@@ -3909,7 +3909,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
+     union_member_mapping * mapping = NULL;
+ 
+     mapping = wmem_new(wmem_file_scope(), union_member_mapping);
+-    g_strlcpy(mapping->member_name, object.member_name, 256);
++    g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
+     mapping->member_type_id = object.type_id;
+     mapping->discriminator = HASHMAP_DISCRIMINATOR_CONSTANT;
+     mapping->union_type_id = union_type_id + mapping->discriminator;
+@@ -3922,7 +3922,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
+     union_member_mapping * mapping = NULL;
+ 
+     mapping = wmem_new(wmem_file_scope(), union_member_mapping);
+-    g_strlcpy(mapping->member_name, object.member_name, 256);
++    g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
+     mapping->member_type_id = object.type_id;
+     mapping->discriminator = -1;
+     mapping->union_type_id = union_type_id + mapping->discriminator;
+@@ -3942,7 +3942,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
+     ti = proto_tree_add_item(labels, hf_rtps_type_object_union_label, tvb, offset_tmp, 4, encoding);
+     offset_tmp += 4;
+ 
+-    g_strlcpy(mapping->member_name, object.member_name, 256);
++    g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
+     mapping->member_type_id = object.type_id;
+     mapping->discriminator = discriminator_case;
+     mapping->union_type_id = union_type_id + discriminator_case;
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch
new file mode 100644
index 0000000000..cd07395aac
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch
@@ -0,0 +1,66 @@
+From 85fbca8adb09ea8e1af635db3d92727fbfa1e28a Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Thu, 18 May 2023 18:06:36 -0400
+Subject: [PATCH] MS-MMS: Use format_text_string()
+
+The length of a string transcoded from UTF-16 to UTF-8 can be
+shorter (or longer) than the original length in bytes in the packet.
+Use the new string length, not the original length.
+
+Use format_text_string, which is a convenience function that
+calls strlen.
+
+Fix #19086
+
+(cherry picked from commit 1c45a899f83fa88e60ab69936bea3c4754e7808b)
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/85fbca8adb09ea8e1af635db3d92727fbfa1e28a]
+CVE: CVE-2023-0667
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-ms-mms.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/epan/dissectors/packet-ms-mms.c b/epan/dissectors/packet-ms-mms.c
+index f4dbcd0..092a64b 100644
+--- a/epan/dissectors/packet-ms-mms.c
++++ b/epan/dissectors/packet-ms-mms.c
+@@ -740,7 +740,7 @@ static void dissect_client_transport_info(tvbuff_t *tvb, packet_info *pinfo, pro
+                                  transport_info, "Transport: (%s)", transport_info);
+ 
+     col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
+-                    format_text(wmem_packet_scope(), (guchar*)transport_info, length_remaining - 20));
++                    format_text_string(pinfo->pool, (const guchar*)transport_info));
+ 
+ 
+     /* Try to extract details from this string */
+@@ -837,7 +837,7 @@ static void dissect_server_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t
+                             ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_version);
+ 
+         col_append_fstr(pinfo->cinfo, COL_INFO, " (version='%s')",
+-                    format_text(wmem_packet_scope(), (const guchar*)server_version, strlen(server_version)));
++                    format_text_string(pinfo->pool, (const guchar*)server_version));
+     }
+     offset += (server_version_length*2);
+ 
+@@ -891,7 +891,7 @@ static void dissect_client_player_info(tvbuff_t *tvb, packet_info *pinfo, proto_
+                         ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &player_info);
+ 
+     col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
+-                    format_text(wmem_packet_scope(), (const guchar*)player_info, strlen(player_info)));
++                    format_text_string(pinfo->pool, (const guchar*)player_info));
+ }
+ 
+ /* Dissect info about where client wants to start playing from */
+@@ -966,7 +966,7 @@ static void dissect_request_server_file(tvbuff_t *tvb, packet_info *pinfo, proto
+                         ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_file);
+ 
+     col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
+-                    format_text(wmem_packet_scope(), (const guchar*)server_file, strlen(server_file)));
++                    format_text_string(pinfo->pool, (const guchar*)server_file));
+ }
+ 
+ /* Dissect media details from server */
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch
new file mode 100644
index 0000000000..0009939330
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch
@@ -0,0 +1,33 @@
+From c4f37d77b29ec6a9754795d0efb6f68d633728d9 Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Sat, 20 May 2023 23:08:08 -0400
+Subject: [PATCH] synphasor: Use val_to_str_const
+
+Don't use a value from packet data to directly index a value_string,
+particularly when the value string doesn't cover all possible values.
+
+Fix #19087
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/c4f37d77b29ec6a9754795d0efb6f68d633728d9]
+CVE: CVE-2023-0668
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-synphasor.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/epan/dissectors/packet-synphasor.c b/epan/dissectors/packet-synphasor.c
+index 12b388b..fbde875 100644
+--- a/epan/dissectors/packet-synphasor.c
++++ b/epan/dissectors/packet-synphasor.c
+@@ -1212,7 +1212,7 @@ static gint dissect_PHSCALE(tvbuff_t *tvb, proto_tree *tree, gint offset, gint c
+ 
+ 		data_flag_tree = proto_tree_add_subtree_format(single_phasor_scaling_and_flags_tree, tvb, offset, 4,
+ 							       ett_conf_phflags, NULL, "Phasor Data flags: %s",
+-							       conf_phasor_type[tvb_get_guint8(tvb, offset + 2)].strptr);
++							       val_to_str_const(tvb_get_guint8(tvb, offset + 2), conf_phasor_type, "Unknown"));
+ 
+ 		/* first and second bytes - phasor modification flags*/
+ 		phasor_flag1_tree = proto_tree_add_subtree_format(data_flag_tree, tvb, offset, 2, ett_conf_phmod_flags,
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch
new file mode 100644
index 0000000000..6bddf975d0
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch
@@ -0,0 +1,61 @@
+From 3c8be14c827f1587da3c2b3bb0d9c04faff57413 Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Sun, 19 Mar 2023 15:16:39 -0400
+Subject: [PATCH] RPCoRDMA: Frame end cleanup for global write offsets
+
+Add a frame end routine for a global which is assigned to packet
+scoped memory. It really should be made proto data, but is used
+in a function in the header (that doesn't take the packet info
+struct as an argument) and this fix needs to be made in stable
+branches.
+
+Fix #18852
+
+Upstream-Status: Backport [https://gitlab.com/colin.mcinnes/wireshark/-/commit/3c8be14c827f1587da3c2b3bb0d9c04faff5741]
+CVE: CVE-2023-1992
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ epan/dissectors/packet-rpcrdma.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/epan/dissectors/packet-rpcrdma.c b/epan/dissectors/packet-rpcrdma.c
+index 76085c7..9d57bae 100644
+--- a/epan/dissectors/packet-rpcrdma.c
++++ b/epan/dissectors/packet-rpcrdma.c
+@@ -24,6 +24,7 @@
+ #include <epan/addr_resolv.h>
+
+ #include "packet-rpcrdma.h"
++#include "packet-frame.h"
+ #include "packet-infiniband.h"
+ #include "packet-iwarp-ddp-rdmap.h"
+
+@@ -270,6 +271,18 @@ void rpcrdma_insert_offset(gint offset)
+     wmem_array_append_one(gp_rdma_write_offsets, offset);
+ }
+
++/*
++ * Reset the array of write offsets at the end of the frame. These
++ * are packet scoped, so they don't need to be freed, but we want
++ * to ensure that the global doesn't point to no longer allocated
++ * memory in a later packet.
++ */
++static void
++reset_write_offsets(void)
++{
++    gp_rdma_write_offsets = NULL;
++}
++
+ /* Get conversation state, it is created if it does not exist */
+ static rdma_conv_info_t *get_rdma_conv_info(packet_info *pinfo)
+ {
+@@ -1392,6 +1405,7 @@ dissect_rpcrdma(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data
+             if (write_size > 0 && !pinfo->fd->visited) {
+                 /* Initialize array of write chunk offsets */
+                 gp_rdma_write_offsets = wmem_array_new(wmem_packet_scope(), sizeof(gint));
++                register_frame_end_routine(pinfo, reset_write_offsets);
+                 TRY {
+                     /*
+                      * Call the upper layer dissector to get a list of offsets
+--
+2.40.1
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2855.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2855.patch
new file mode 100644
index 0000000000..b4718f4607
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2855.patch
@@ -0,0 +1,108 @@
+From 0181fafb2134a177328443a60b5e29c4ee1041cb Mon Sep 17 00:00:00 2001
+From: Guy Harris <gharris@sonic.net>
+Date: Tue, 16 May 2023 12:05:07 -0700
+Subject: [PATCH] candump: check for a too-long frame length.
+
+If the frame length is longer than the maximum, report an error in the
+file.
+
+Fixes #19062, preventing the overflow on a buffer on the stack (assuming
+your compiler doesn't call a bounds-checknig version of memcpy() if the
+size of the target space is known).
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/0181fafb2134a177328443a60b5e29c4ee1041cb]
+CVE: CVE-2023-2855
+
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ wiretap/candump.c | 39 +++++++++++++++++++++++++++++++--------
+ 1 file changed, 31 insertions(+), 8 deletions(-)
+
+diff --git a/wiretap/candump.c b/wiretap/candump.c
+index 0def7bc..3f7c2b2 100644
+--- a/wiretap/candump.c
++++ b/wiretap/candump.c
+@@ -26,8 +26,9 @@ static gboolean candump_seek_read(wtap *wth, gint64 seek_off,
+                                   wtap_rec *rec, Buffer *buf,
+                                   int *err, gchar **err_info);
+ 
+-static void
+-candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg)
++static gboolean
++candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg, int *err,
++                     gchar **err_info)
+ {
+     static const char *can_proto_name    = "can-hostendian";
+     static const char *canfd_proto_name  = "canfd";
+@@ -59,6 +60,18 @@ candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg)
+     {
+         canfd_frame_t canfd_frame = {0};
+ 
++        /*
++         * There's a maximum of CANFD_MAX_DLEN bytes in a CAN-FD frame.
++         */
++        if (msg->data.length > CANFD_MAX_DLEN) {
++            *err = WTAP_ERR_BAD_FILE;
++            if (err_info != NULL) {
++	        *err_info = g_strdup_printf("candump: File has %u-byte CAN FD packet, bigger than maximum of %u",
++                                             msg->data.length, CANFD_MAX_DLEN);
++            }
++            return FALSE;
++        }
++
+         canfd_frame.can_id = msg->id;
+         canfd_frame.flags  = msg->flags;
+         canfd_frame.len    = msg->data.length;
+@@ -70,6 +83,18 @@ candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg)
+     {
+         can_frame_t can_frame = {0};
+ 
++        /*
++         * There's a maximum of CAN_MAX_DLEN bytes in a CAN frame.
++         */
++        if (msg->data.length > CAN_MAX_DLEN) {
++            *err = WTAP_ERR_BAD_FILE;
++            if (err_info != NULL) {
++	        *err_info = g_strdup_printf("candump: File has %u-byte CAN packet, bigger than maximum of %u",
++                                             msg->data.length, CAN_MAX_DLEN);
++            }
++            return FALSE;
++        }
++
+         can_frame.can_id  = msg->id;
+         can_frame.can_dlc = msg->data.length;
+         memcpy(can_frame.data, msg->data.data, msg->data.length);
+@@ -84,6 +109,8 @@ candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg)
+ 
+     rec->rec_header.packet_header.caplen = packet_length;
+     rec->rec_header.packet_header.len    = packet_length;
++
++    return TRUE;
+ }
+ 
+ static gboolean
+@@ -190,9 +217,7 @@ candump_read(wtap *wth, wtap_rec *rec, Buffer *buf, int *err, gchar **err_info,
+     ws_debug_printf("%s: Stopped at offset %" PRIi64 "\n", G_STRFUNC, file_tell(wth->fh));
+ #endif
+ 
+-    candump_write_packet(rec, buf, &msg);
+-
+-    return TRUE;
++    return candump_write_packet(rec, buf, &msg, err, err_info);
+ }
+ 
+ static gboolean
+@@ -216,9 +241,7 @@ candump_seek_read(wtap *wth , gint64 seek_off, wtap_rec *rec,
+     if (!candump_parse(wth->random_fh, &msg, NULL, err, err_info))
+         return FALSE;
+ 
+-    candump_write_packet(rec, buf, &msg);
+-
+-    return TRUE;
++    return candump_write_packet(rec, buf, &msg, err, err_info);
+ }
+ 
+ /*
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2856.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2856.patch
new file mode 100644
index 0000000000..863421f986
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2856.patch
@@ -0,0 +1,69 @@
+From db5135826de3a5fdb3618225c2ff02f4207012ca Mon Sep 17 00:00:00 2001
+From: Guy Harris <gharris@sonic.net>
+Date: Thu, 18 May 2023 15:03:23 -0700
+Subject: [PATCH] vms: fix the search for the packet length field.
+
+The packet length field is of the form
+
+    Total Length = DDD = ^xXXX
+
+where "DDD" is the length in decimal and "XXX" is the length in
+hexadecimal.
+
+Search for "length ". not just "Length", as we skip past "Length ", not
+just "Length", so if we assume we found "Length " but only found
+"Length", we'd skip past the end of the string.
+
+While we're at it, fail if we don't find a length field, rather than
+just blithely acting as if the packet length were zero.
+
+Fixes #19083.
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/db5135826de3a5fdb3618225c2ff02f4207012ca]
+CVE: CVE-2023-2856
+
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ wiretap/vms.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/wiretap/vms.c b/wiretap/vms.c
+index 0aa83ea..5f5fdbb 100644
+--- a/wiretap/vms.c
++++ b/wiretap/vms.c
+@@ -318,6 +318,7 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
+ {
+     char    line[VMS_LINE_LENGTH + 1];
+     int     num_items_scanned;
++    gboolean have_pkt_len = FALSE;
+     guint32 pkt_len = 0;
+     int     pktnum;
+     int     csec = 101;
+@@ -374,7 +375,7 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
+                 return FALSE;
+             }
+         }
+-        if ( (! pkt_len) && (p = strstr(line, "Length"))) {
++        if ( (! have_pkt_len) && (p = strstr(line, "Length "))) {
+             p += sizeof("Length ");
+             while (*p && ! g_ascii_isdigit(*p))
+                 p++;
+@@ -390,9 +391,15 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
+                 *err_info = g_strdup_printf("vms: Length field '%s' not valid", p);
+                 return FALSE;
+             }
++            have_pkt_len = TRUE;
+             break;
+         }
+     } while (! isdumpline(line));
++    if (! have_pkt_len) {
++        *err = WTAP_ERR_BAD_FILE;
++        *err_info = g_strdup_printf("vms: Length field not found");
++        return FALSE;
++    }
+     if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) {
+         /*
+          * Probably a corrupt capture file; return an error,
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2858.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2858.patch
new file mode 100644
index 0000000000..7174e9155c
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2858.patch
@@ -0,0 +1,95 @@
+From cb190d6839ddcd4596b0205844f45553f1e77105 Mon Sep 17 00:00:00 2001
+From: Guy Harris <gharris@sonic.net>
+Date: Fri, 19 May 2023 16:29:45 -0700
+Subject: [PATCH] netscaler: add more checks to make sure the record is within
+ the page.
+
+Whie we're at it, restructure some other checks to test-before-casting -
+it's OK to test afterwards, but testing before makes it follow the
+pattern used elsewhere.
+
+Fixes #19081.
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/cb190d6839ddcd4596b0205844f45553f1e77105]
+CVE: CVE-2023-2858
+
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ wiretap/netscaler.c | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/wiretap/netscaler.c b/wiretap/netscaler.c
+index 01a7f6d..4fa020b 100644
+--- a/wiretap/netscaler.c
++++ b/wiretap/netscaler.c
+@@ -1091,13 +1091,13 @@ static gboolean nstrace_set_start_time(wtap *wth, int *err, gchar **err_info)
+ 
+ #define PACKET_DESCRIBE(rec,buf,FULLPART,fullpart,ver,type,HEADERVER) \
+     do {\
+-        nspr_pktrace##fullpart##_v##ver##_t *type = (nspr_pktrace##fullpart##_v##ver##_t *) &nstrace_buf[nstrace_buf_offset];\
+         /* Make sure the record header is entirely contained in the page */\
+-        if ((nstrace_buflen - nstrace_buf_offset) < sizeof *type) {\
++        if ((nstrace_buflen - nstrace_buf_offset) < sizeof(nspr_pktrace##fullpart##_v##ver##_t)) {\
+             *err = WTAP_ERR_BAD_FILE;\
+             *err_info = g_strdup("nstrace: record header crosses page boundary");\
+             return FALSE;\
+         }\
++        nspr_pktrace##fullpart##_v##ver##_t *type = (nspr_pktrace##fullpart##_v##ver##_t *) &nstrace_buf[nstrace_buf_offset];\
+         /* Check sanity of record size */\
+         if (pletoh16(&type->nsprRecordSize) < sizeof *type) {\
+             *err = WTAP_ERR_BAD_FILE;\
+@@ -1162,6 +1162,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf,
+ 
+                 case NSPR_ABSTIME_V10:
+                 {
++                    if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info))
++                        return FALSE;
+                     nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset];
+                     if (pletoh16(&fp->nsprRecordSize) == 0) {
+                         *err = WTAP_ERR_BAD_FILE;
+@@ -1175,6 +1177,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf,
+ 
+                 case NSPR_RELTIME_V10:
+                 {
++                    if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info))
++                        return FALSE;
+                     nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset];
+                     if (pletoh16(&fp->nsprRecordSize) == 0) {
+                         *err = WTAP_ERR_BAD_FILE;
+@@ -1192,6 +1196,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf,
+ 
+                 default:
+                 {
++                    if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info))
++                        return FALSE;
+                     nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset];
+                     if (pletoh16(&fp->nsprRecordSize) == 0) {
+                         *err = WTAP_ERR_BAD_FILE;
+@@ -1475,14 +1481,14 @@ static gboolean nstrace_read_v20(wtap *wth, wtap_rec *rec, Buffer *buf,
+ 
+ #define PACKET_DESCRIBE(rec,buf,FULLPART,ver,enumprefix,type,structname,HEADERVER)\
+     do {\
+-        nspr_##structname##_t *fp = (nspr_##structname##_t *) &nstrace_buf[nstrace_buf_offset];\
+         /* Make sure the record header is entirely contained in the page */\
+-        if ((nstrace->nstrace_buflen - nstrace_buf_offset) < sizeof *fp) {\
++        if ((nstrace->nstrace_buflen - nstrace_buf_offset) < sizeof(nspr_##structname##_t)) {\
+             *err = WTAP_ERR_BAD_FILE;\
+             *err_info = g_strdup("nstrace: record header crosses page boundary");\
+             g_free(nstrace_tmpbuff);\
+             return FALSE;\
+         }\
++        nspr_##structname##_t *fp = (nspr_##structname##_t *) &nstrace_buf[nstrace_buf_offset];\
+         (rec)->rec_type = REC_TYPE_PACKET;\
+         TIMEDEFV##ver((rec),fp,type);\
+         FULLPART##SIZEDEFV##ver((rec),fp,ver);\
+@@ -1589,7 +1595,6 @@ static gboolean nstrace_read_v30(wtap *wth, wtap_rec *rec, Buffer *buf,
+                 g_free(nstrace_tmpbuff);
+                 return FALSE;
+             }
+-
+             hdp = (nspr_hd_v20_t *) &nstrace_buf[nstrace_buf_offset];
+             if (nspr_getv20recordsize(hdp) == 0) {
+                 *err = WTAP_ERR_BAD_FILE;
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2879.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2879.patch
new file mode 100644
index 0000000000..0a8247923e
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2879.patch
@@ -0,0 +1,37 @@
+From 118815ca7c9f82c1f83f8f64d9e0e54673f31677 Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Sat, 13 May 2023 21:45:16 -0400
+Subject: [PATCH] GDSDB: Make sure our offset advances.
+
+add_uint_string() returns the next offset to use, not the number
+of bytes consumed. So to consume all the bytes and make sure the
+offset advances, return the entire reported tvb length, not the
+number of bytes remaining.
+
+Fixup 8d3c2177793e900cfc7cfaac776a2807e4ea289f
+Fixes #19068
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/118815ca7c9f82c1f83f8f64d9e0e54673f31677]
+CVE: CVE-2023-2879
+
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-gdsdb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/epan/dissectors/packet-gdsdb.c b/epan/dissectors/packet-gdsdb.c
+index 75bcfb9..950d68f 100644
+--- a/epan/dissectors/packet-gdsdb.c
++++ b/epan/dissectors/packet-gdsdb.c
+@@ -480,7 +480,7 @@ static int add_uint_string(proto_tree *tree, int hf_string, tvbuff_t *tvb, int o
+ 	int ret_offset = offset + length;
+ 	if (length < 4 || ret_offset < offset) {
+ 		expert_add_info_format(NULL, ti, &ei_gdsdb_invalid_length, "Invalid length: %d", length);
+-		return tvb_reported_length_remaining(tvb, offset);
++		return tvb_reported_length(tvb);
+ 	}
+ 	return ret_offset;
+ }
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2906.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2906.patch
new file mode 100644
index 0000000000..fe21097286
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2906.patch
@@ -0,0 +1,38 @@
+From 44dc70cc5aadca91cb8ba3710c59c3651b7b0d4d Mon Sep 17 00:00:00 2001
+From: Jaap Keuter <jaap.keuter@xs4all.nl>
+Date: Thu, 27 Jul 2023 20:21:19 +0200
+Subject: [PATCH] CP2179: Handle timetag info response without records
+
+Fixes #19229
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/44dc70cc5aadca91cb8ba3710c59c3651b7b0d4d]
+CVE: CVE-2023-2906
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-cp2179.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/epan/dissectors/packet-cp2179.c b/epan/dissectors/packet-cp2179.c
+index 30f53f8..70fe033 100644
+--- a/epan/dissectors/packet-cp2179.c
++++ b/epan/dissectors/packet-cp2179.c
+@@ -721,11 +721,14 @@ dissect_response_frame(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, int
+                     proto_tree_add_item(cp2179_proto_tree, hf_cp2179_timetag_numsets, tvb, offset, 1, ENC_LITTLE_ENDIAN);
+ 
+                     num_records = tvb_get_guint8(tvb, offset) & 0x7F;
++                    offset += 1;
++
++                    if (num_records == 0 || numberofcharacters <= 1)
++                        break;
++
+                     recordsize = (numberofcharacters-1) / num_records;
+                     num_values = (recordsize-6) / 2;      /* Determine how many 16-bit analog values are present in each event record */
+ 
+-                    offset += 1;
+-
+                     for (x = 0; x < num_records; x++)
+                     {
+                         cp2179_event_tree = proto_tree_add_subtree_format(cp2179_proto_tree, tvb, offset, recordsize, ett_cp2179_event, NULL, "Event Record # %d", x+1);
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2952.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2952.patch
new file mode 100644
index 0000000000..41b02bb3fa
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2952.patch
@@ -0,0 +1,98 @@
+From ce87eac0325581b600b3093fcd75080df14ccfda Mon Sep 17 00:00:00 2001
+From: Gerald Combs <gerald@wireshark.org>
+Date: Tue, 23 May 2023 13:52:03 -0700
+Subject: [PATCH] XRA: Fix an infinite loop
+
+C compilers don't care what size a value was on the wire. Use
+naturally-sized ints, including in dissect_message_channel_mb where we
+would otherwise overflow and loop infinitely.
+
+Fixes #19100
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/e18d0e369729b0fff5f76f41cbae67e97c2e52e5]
+CVE: CVE-2023-2952
+
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-xra.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/epan/dissectors/packet-xra.c b/epan/dissectors/packet-xra.c
+index 68a8e72..6c7ab74 100644
+--- a/epan/dissectors/packet-xra.c
++++ b/epan/dissectors/packet-xra.c
+@@ -478,7 +478,7 @@ dissect_xra_tlv_cw_info(tvbuff_t * tvb, proto_tree * tree, void* data _U_, guint
+   it = proto_tree_add_item (tree, hf_xra_tlv_cw_info, tvb, 0, tlv_length, ENC_NA);
+   xra_tlv_cw_info_tree = proto_item_add_subtree (it, ett_xra_tlv_cw_info);
+ 
+-  guint32 tlv_index =0;
++  unsigned tlv_index = 0;
+   while (tlv_index < tlv_length) {
+     guint8 type = tvb_get_guint8 (tvb, tlv_index);
+     ++tlv_index;
+@@ -533,7 +533,7 @@ dissect_xra_tlv_ms_info(tvbuff_t * tvb, proto_tree * tree, void* data _U_, guint
+   it = proto_tree_add_item (tree, hf_xra_tlv_ms_info, tvb, 0, tlv_length, ENC_NA);
+   xra_tlv_ms_info_tree = proto_item_add_subtree (it, ett_xra_tlv_ms_info);
+ 
+-  guint32 tlv_index =0;
++  unsigned tlv_index = 0;
+   while (tlv_index < tlv_length) {
+     guint8 type = tvb_get_guint8 (tvb, tlv_index);
+     ++tlv_index;
+@@ -567,7 +567,7 @@ dissect_xra_tlv_burst_info(tvbuff_t * tvb, proto_tree * tree, void* data _U_, gu
+   it = proto_tree_add_item (tree, hf_xra_tlv_burst_info, tvb, 0, tlv_length, ENC_NA);
+   xra_tlv_burst_info_tree = proto_item_add_subtree (it, ett_xra_tlv_burst_info);
+ 
+-  guint32 tlv_index =0;
++  unsigned tlv_index = 0;
+   while (tlv_index < tlv_length) {
+     guint8 type = tvb_get_guint8 (tvb, tlv_index);
+     ++tlv_index;
+@@ -607,7 +607,7 @@ dissect_xra_tlv(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* da
+   it = proto_tree_add_item (tree, hf_xra_tlv, tvb, 0, tlv_length, ENC_NA);
+   xra_tlv_tree = proto_item_add_subtree (it, ett_xra_tlv);
+ 
+-  guint32 tlv_index =0;
++  unsigned tlv_index = 0;
+   tvbuff_t *xra_tlv_cw_info_tvb, *xra_tlv_ms_info_tvb, *xra_tlv_burst_info_tvb;
+ 
+   while (tlv_index < tlv_length) {
+@@ -751,7 +751,7 @@ dissect_message_channel_mb(tvbuff_t * tvb, packet_info * pinfo, proto_tree* tree
+   if(packet_start_pointer_field_present) {
+     proto_tree_add_item_ret_uint (tree, hf_plc_mb_mc_psp, tvb, 1, 2, FALSE, &packet_start_pointer);
+ 
+-    guint16 docsis_start = 3 + packet_start_pointer;
++    unsigned docsis_start = 3 + packet_start_pointer;
+     while (docsis_start + 6 < remaining_length) {
+       /*DOCSIS header in packet*/
+       guint8 fc = tvb_get_guint8(tvb,docsis_start + 0);
+@@ -760,7 +760,7 @@ dissect_message_channel_mb(tvbuff_t * tvb, packet_info * pinfo, proto_tree* tree
+         docsis_start += 1;
+         continue;
+       }
+-      guint16 docsis_length = 256*tvb_get_guint8(tvb,docsis_start + 2) + tvb_get_guint8(tvb,docsis_start + 3);
++      unsigned docsis_length = 256*tvb_get_guint8(tvb,docsis_start + 2) + tvb_get_guint8(tvb,docsis_start + 3);
+       if (docsis_start + 6 + docsis_length <= remaining_length) {
+         /*DOCSIS packet included in packet*/
+         tvbuff_t *docsis_tvb;
+@@ -830,7 +830,7 @@ dissect_ncp_message_block(tvbuff_t * tvb, proto_tree * tree) {
+ static int
+ dissect_plc(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* data _U_) {
+ 
+-  guint16 offset = 0;
++  int offset = 0;
+   proto_tree *plc_tree;
+   proto_item *plc_item;
+   tvbuff_t *mb_tvb;
+@@ -890,7 +890,7 @@ dissect_plc(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* data _
+ 
+ static int
+ dissect_ncp(tvbuff_t * tvb, proto_tree * tree, void* data _U_) {
+-  guint16 offset = 0;
++  int offset = 0;
+   proto_tree *ncp_tree;
+   proto_item *ncp_item;
+   tvbuff_t *ncp_mb_tvb;
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-4511.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-4511.patch
new file mode 100644
index 0000000000..6a2f20163c
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-4511.patch
@@ -0,0 +1,81 @@
+From ef9c79ae81b00a63aa8638076ec81dc9482972e9 Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Thu, 10 Aug 2023 05:29:09 -0400
+Subject: [PATCH] btsdp: Keep offset advancing
+
+hf_data_element_value is a FT_NONE, so we can add the item with
+the expected length and get_hfi_length() will adjust the length
+without throwing an exception. There's no need to add it with
+zero length and call proto_item_set_len. Also, don't increment
+the offset by 0 instead of the real length when there isn't
+enough data in the packet, as that can lead to failing to advance
+the offset.
+
+When dissecting a sequence type (sequence or alternative) and
+recursing into the sequence member, instead of using the main
+packet tvb directly, create a subset using the indicated length
+of the sequence. That will properly throw an exception if a
+contained item is larger than the containing sequence, instead of
+dissecting the same bytes as several different items (inside
+the sequence recursively, as well in the outer loop.)
+
+Fix #19258
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/ef9c79ae81b00a63aa8638076ec81dc9482972e9]
+CVE: CVE-2023-4511
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ epan/dissectors/packet-btsdp.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/epan/dissectors/packet-btsdp.c b/epan/dissectors/packet-btsdp.c
+index 397ece7..eb7f5fa 100644
+--- a/epan/dissectors/packet-btsdp.c
++++ b/epan/dissectors/packet-btsdp.c
+@@ -1925,13 +1925,11 @@ dissect_data_element(proto_tree *tree, proto_tree **next_tree,
+         offset += len - length;
+     }
+ 
+-    pitem = proto_tree_add_item(ptree, hf_data_element_value, tvb, offset,  0, ENC_NA);
++    pitem = proto_tree_add_item(ptree, hf_data_element_value, tvb, offset, length, ENC_NA);
+     if (length > tvb_reported_length_remaining(tvb, offset)) {
+         expert_add_info(pinfo, pitem, &ei_data_element_value_large);
+-        length = 0;
+-    }
+-    proto_item_set_len(pitem, length);
+-    if (length == 0)
++	proto_item_append_text(pitem, ": MISSING");
++    } else if (length == 0)
+         proto_item_append_text(pitem, ": MISSING");
+ 
+     if (next_tree) *next_tree = proto_item_add_subtree(pitem, ett_btsdp_data_element_value);
+@@ -3523,6 +3521,8 @@ dissect_sdp_type(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb,
+         gint           bytes_to_go = size;
+         gint           first       = 1;
+         wmem_strbuf_t *substr;
++	tvbuff_t      *next_tvb = tvb_new_subset_length(tvb, offset, size);
++	gint           next_offset = 0;
+ 
+         ti = proto_tree_add_item(next_tree, (type == 6) ? hf_data_element_value_sequence : hf_data_element_value_alternative,
+                 tvb, offset, size, ENC_NA);
+@@ -3537,14 +3537,15 @@ dissect_sdp_type(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb,
+                 first = 0;
+             }
+ 
+-            size = dissect_sdp_type(st, pinfo, tvb, offset, attribute, service_uuid,
++            size = dissect_sdp_type(st, pinfo, next_tvb, next_offset,
++		    attribute, service_uuid,
+                     service_did_vendor_id, service_did_vendor_id_source,
+                     service_hdp_data_exchange_specification, service_info, &substr);
+             if (size < 1) {
+                 break;
+             }
+             wmem_strbuf_append_printf(info_buf, "%s ", wmem_strbuf_get_str(substr));
+-            offset += size ;
++            next_offset += size;
+             bytes_to_go -= size;
+         }
+ 
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch b/meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch
new file mode 100644
index 0000000000..4c9f8d29c0
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch
@@ -0,0 +1,42 @@
+From a8586fde3a6512466afb2a660538ef3fe712076b Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Thu, 23 Nov 2023 13:47:51 -0500
+Subject: [PATCH] gvcp: Don't try to add a NULL string to a column
+
+This was caught as an invalid argument by g_strlcpy before 4.2,
+but it was never a good idea.
+
+Fix #19496
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/a8586fde3a6512466afb2a660538ef3fe712076b]
+CVE: CVE-2024-0208
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-gvcp.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/epan/dissectors/packet-gvcp.c b/epan/dissectors/packet-gvcp.c
+index 6a17cff..eb849c0 100644
+--- a/epan/dissectors/packet-gvcp.c
++++ b/epan/dissectors/packet-gvcp.c
+@@ -2222,15 +2222,12 @@ static void dissect_readreg_ack(proto_tree *gvcp_telegram_tree, tvbuff_t *tvb, p
+ 			if (addr_list_size > 0)
+ 			{
+ 				address_string = get_register_name_from_address(*((guint32*)wmem_array_index(gvcp_trans->addr_list, 0)), gvcp_info, &is_custom_register);
++				col_append_str(pinfo->cinfo, COL_INFO, address_string);
+ 			}
+ 
+ 			if (num_registers)
+ 			{
+-				col_append_fstr(pinfo->cinfo, COL_INFO, "%s Value=0x%08X", address_string, tvb_get_ntohl(tvb, offset));
+-			}
+-			else
+-			{
+-				col_append_str(pinfo->cinfo, COL_INFO, address_string);
++				col_append_sep_fstr(pinfo->cinfo, COL_INFO, " ", "Value=0x%08X", tvb_get_ntohl(tvb, offset));
+ 			}
+ 		}
+ 	}
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
index f1dba227ac..41c363ad30 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
@@ -15,11 +15,25 @@ SRC_URI += " \
     file://0002-flex-Remove-line-directives.patch \
     file://0003-bison-Remove-line-directives.patch \
     file://0004-lemon-Remove-line-directives.patch \
+    file://CVE-2022-3190.patch \
+    file://CVE-2023-2855.patch \
+    file://CVE-2023-2856.patch \
+    file://CVE-2023-2858.patch \
+    file://CVE-2023-2879.patch \
+    file://CVE-2023-2952.patch \
+    file://CVE-2023-0666.patch \
+    file://CVE-2023-0667.patch \
+    file://CVE-2023-0668.patch \
+    file://CVE-2023-2906.patch \
+    file://CVE-2023-1992.patch \
+    file://CVE-2022-4345.patch \
+    file://CVE-2024-0208.patch \
+    file://CVE-2023-4511.patch \
 "
 
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
 
-SRC_URI[sha256sum] = "a0e227bce2cc3a51ef3301891a0243231990b52a39b68a84a6e32f69c4e75279"
+SRC_URI[sha256sum] = "881a13303e263b7dc7fe337534c8a541d4914552287879bed30bbe76c5bf68ca"
 
 PE = "1"
 
diff --git a/meta-oe/conf/layer.conf b/meta-oe/conf/layer.conf
index 88715d5e82..a0c644a2f4 100644
--- a/meta-oe/conf/layer.conf
+++ b/meta-oe/conf/layer.conf
@@ -47,6 +47,7 @@ LAYERSERIES_COMPAT_openembedded-layer = "kirkstone"
 LICENSE_PATH += "${LAYERDIR}/licenses"
 
 PREFERRED_RPROVIDER_libdevmapper = "lvm2"
+PREFERRED_RPROVIDER_libdevmapper-native = "lvm2-native"
 PREFERRED_PROVIDER_android-tools-conf ?= "android-tools-conf"
 
 SIGGEN_EXCLUDERECIPES_ABISAFE += " \
@@ -105,4 +106,4 @@ SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
 
 DEFAULT_TEST_SUITES:pn-meta-oe-ptest-image = " ${PTESTTESTSUITE}"
 
-NON_MULTILIB_RECIPES:append = " crash"
+NON_MULTILIB_RECIPES:append = " crash pahole"
diff --git a/meta-oe/dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb b/meta-oe/dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb
index 7bca24cc0a..b59fc1bc95 100644
--- a/meta-oe/dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb
+++ b/meta-oe/dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb
@@ -22,7 +22,7 @@ SRCREV_FORMAT = "rwmem_inih"
 
 SRC_URI = " \
     git://github.com/tomba/rwmem.git;protocol=https;name=rwmem;branch=master \
-    git://github.com/benhoyt/inih.git;protocol=https;name=inih;nobranch=1;destsuffix=git/ext/inih \
+    git://github.com/benhoyt/inih.git;protocol=https;name=inih;branch=master;destsuffix=git/ext/inih \
 "
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb b/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb
index fe9685924b..226543bbd8 100644
--- a/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb
+++ b/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb
@@ -49,9 +49,9 @@ do_configure:append() {
 
 # Create PYTHON_TARBALL which LIRC needs for install-nodist_pkgdataDATA
 do_install:prepend() {
-    rm -rf ${WORKDIR}/${PN}-${PV}/python-pkg/dist/
-    mkdir ${WORKDIR}/${PN}-${PV}/python-pkg/dist/
-    tar --exclude='${WORKDIR}/${PN}-${PV}/python-pkg/*' -czf ${WORKDIR}/${PN}-${PV}/python-pkg/dist/${PN}-${PV}.tar.gz ${S}
+    rm -rf ${S}/python-pkg/dist/
+    mkdir ${S}/python-pkg/dist/
+    tar --exclude='${S}/python-pkg/*' -czf ${S}/python-pkg/dist/${BP}.tar.gz ${S}
 }
 
 # In code, path to python is a variable that is replaced with path to native version of it
diff --git a/meta-oe/dynamic-layers/meta-python/recipes-core/packagegroups/packagegroup-meta-oe.bbappend b/meta-oe/dynamic-layers/meta-python/recipes-core/packagegroups/packagegroup-meta-oe.bbappend
index 09f3e34f4c..e1db8bac9e 100644
--- a/meta-oe/dynamic-layers/meta-python/recipes-core/packagegroups/packagegroup-meta-oe.bbappend
+++ b/meta-oe/dynamic-layers/meta-python/recipes-core/packagegroups/packagegroup-meta-oe.bbappend
@@ -11,7 +11,7 @@ RDEPENDS:packagegroup-meta-oe-connectivity += "\
 
 RDEPENDS:packagegroup-meta-oe-extended += "\
     lcdproc \
-    mozjs \
+    mozjs-91 \
 "
 RDEPENDS:packagegroup-meta-oe-support += "\
     smem \
diff --git a/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb b/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb
index 7ea728aad4..0969fb6ce2 100644
--- a/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb
+++ b/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb
@@ -45,6 +45,12 @@ SRC_URI:append:toolchain-clang = "\
 
 S = "${WORKDIR}/git"
 
+CVE_CHECK_IGNORE += "\
+    CVE-2014-8180 \
+    CVE-2017-18381 \
+    CVE-2017-2665 \
+"
+
 COMPATIBLE_HOST ?= '(x86_64|i.86|powerpc64|arm|aarch64).*-linux'
 
 PACKAGECONFIG ??= "tcmalloc system-pcre"
@@ -111,7 +117,7 @@ scons_do_install() {
 
     # install mongo data folder
     install -m 755 -d ${D}${localstatedir}/lib/${BPN}
-    chown ${PN}:${PN} ${D}${localstatedir}/lib/${BPN}
+    chown ${BPN}:${BPN} ${D}${localstatedir}/lib/${BPN}
 
     # Create /var/log/mongodb in runtime.
     if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then
diff --git a/meta-oe/recipes-benchmark/glmark2/files/0001-waflib-fix-compatibility-with-python-3.11.patch b/meta-oe/recipes-benchmark/glmark2/files/0001-waflib-fix-compatibility-with-python-3.11.patch
new file mode 100644
index 0000000000..c56fa64e58
--- /dev/null
+++ b/meta-oe/recipes-benchmark/glmark2/files/0001-waflib-fix-compatibility-with-python-3.11.patch
@@ -0,0 +1,76 @@
+From b85ba8c3ff3fb9ae708576ccef03434d2ef73054 Mon Sep 17 00:00:00 2001
+From: Martin Jansa <Martin.Jansa@gmail.com>
+Date: Tue, 14 Jun 2022 09:54:18 +0000
+Subject: [PATCH] waflib: fix compatibility with python-3.11
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+* https://docs.python.org/3.11/whatsnew/3.11.html#changes-in-the-python-api
+
+  open(), io.open(), codecs.open() and fileinput.FileInput no longer
+  accept 'U' (“universal newline”) in the file mode. This flag was
+  deprecated since Python 3.3. In Python 3, the “universal newline” is
+  used by default when a file is open in text mode. The newline parameter
+  of open() controls how universal newlines works. (Contributed by Victor
+  Stinner in bpo-37330.)
+
+* fixes:
+Waf: The wscript in '/OE/build/luneos-langdale/webos-ports/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git' is unreadable
+Traceback (most recent call last):
+  File "/OE/build/luneos-langdale/webos-ports/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Scripting.py", line 104, in waf_entry_point
+    set_main_module(os.path.normpath(os.path.join(Context.run_dir,Context.WSCRIPT_FILE)))
+    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/OE/build/luneos-langdale/webos-ports/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Scripting.py", line 135, in set_main_module
+    Context.g_module=Context.load_module(file_path)
+                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/OE/build/luneos-langdale/webos-ports/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Context.py", line 343, in load_module
+    code=Utils.readf(path,m='rU',encoding=encoding)
+         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/OE/build/luneos-langdale/webos-ports/tmp-glibc/work/core2-64-webos-linux/glmark2/2021.12-r0/git/waflib/Utils.py", line 117, in readf
+    f=open(fname,m)
+      ^^^^^^^^^^^^^
+ValueError: invalid mode: 'rUb'
+
+Upstream-Status: Submitted [https://github.com/glmark2/glmark2/pull/178]
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ waflib/ConfigSet.py | 2 +-
+ waflib/Context.py   | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/waflib/ConfigSet.py b/waflib/ConfigSet.py
+index 16142a2..87de4ad 100644
+--- a/waflib/ConfigSet.py
++++ b/waflib/ConfigSet.py
+@@ -140,7 +140,7 @@ class ConfigSet(object):
+ 		Utils.writef(filename,''.join(buf))
+ 	def load(self,filename):
+ 		tbl=self.table
+-		code=Utils.readf(filename,m='rU')
++		code=Utils.readf(filename,m='r')
+ 		for m in re_imp.finditer(code):
+ 			g=m.group
+ 			tbl[g(2)]=eval(g(3))
+diff --git a/waflib/Context.py b/waflib/Context.py
+index 8f2cbfb..f3e35ae 100644
+--- a/waflib/Context.py
++++ b/waflib/Context.py
+@@ -109,7 +109,7 @@ class Context(ctx):
+ 				cache[node]=True
+ 				self.pre_recurse(node)
+ 				try:
+-					function_code=node.read('rU',encoding)
++					function_code=node.read('r',encoding)
+ 					exec(compile(function_code,node.abspath(),'exec'),self.exec_dict)
+ 				finally:
+ 					self.post_recurse(node)
+@@ -340,7 +340,7 @@ def load_module(path,encoding=None):
+ 		pass
+ 	module=imp.new_module(WSCRIPT_FILE)
+ 	try:
+-		code=Utils.readf(path,m='rU',encoding=encoding)
++		code=Utils.readf(path,encoding=encoding)
+ 	except EnvironmentError:
+ 		raise Errors.WafError('Could not read the file %r'%path)
+ 	module_dir=os.path.dirname(path)
diff --git a/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb b/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb
index 1406f68b05..68c42b329a 100644
--- a/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb
+++ b/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb
@@ -18,12 +18,13 @@ SRC_URI = " \
     file://0001-fix-dispmanx-build.patch \
     file://0002-run-dispmanx-fullscreen.patch \
     file://0001-libmatrix-Include-missing-utility-header.patch \
-    "
+    file://0001-waflib-fix-compatibility-with-python-3.11.patch \
+"
 SRCREV = "0858b450cd88c84a15b99dda9698d44e7f7e8c70"
 
 S = "${WORKDIR}/git"
 
-inherit waf pkgconfig features_check
+inherit waf pkgconfig features_check python3native
 
 ANY_OF_DISTRO_FEATURES = "opengl dispmanx"
 
diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3_3.11.bb b/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb
index 2142a8ef1d..d181eb3b02 100644
--- a/meta-oe/recipes-benchmark/iperf3/iperf3_3.11.bb
+++ b/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb
@@ -11,14 +11,14 @@ BUGTRACKER = "https://github.com/esnet/iperf/issues"
 AUTHOR = "ESNET <info@es.net>, Lawrence Berkeley National Laboratory <websupport@lbl.gov>"
 
 LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=68ae8cfc577a2c8c51bb51e9628e80b7"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=dc6301c8256ceb8f71c9e3c2ae9096b9"
 
 SRC_URI = "git://github.com/esnet/iperf.git;branch=master;protocol=https \
            file://0002-Remove-pg-from-profile_CFLAGS.patch \
            file://0001-configure.ac-check-for-CPP-prog.patch \
            "
 
-SRCREV = "76bd67f6e90e239a7686202d2b1b595159826d24"
+SRCREV = "a0be85934144bc04712a6695b14ea6e45c379e1d"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch b/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch
new file mode 100644
index 0000000000..8b6405b4ad
--- /dev/null
+++ b/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch
@@ -0,0 +1,46 @@
+From d3880d9d3ba795138444da83f1153c3c3ac27640 Mon Sep 17 00:00:00 2001
+From: Michael Larabel <michael@phoronix.com>
+Date: Sat, 23 Jul 2022 07:32:43 -0500
+Subject: [PATCH] phoromatic: Explicitly check both $_GET abd $_POST in
+ phoromatic_quit_if_invalid_input_found()
+
+Fixes: https://github.com/phoronix-test-suite/phoronix-test-suite/issues/650#issuecomment-1193116678
+
+Upstream-Status: Backport
+CVE: CVE-2022-40704
+
+Reference to upstream patch:
+https://github.com/phoronix-test-suite/phoronix-test-suite/commit/d3880d9d3ba795138444da83f1153c3c3ac27640
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ pts-core/phoromatic/phoromatic_functions.php | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/pts-core/phoromatic/phoromatic_functions.php b/pts-core/phoromatic/phoromatic_functions.php
+index 74ccc5444c..c2313dcdea 100644
+--- a/pts-core/phoromatic/phoromatic_functions.php
++++ b/pts-core/phoromatic/phoromatic_functions.php
+@@ -37,9 +37,20 @@ function phoromatic_quit_if_invalid_input_found($input_keys = null)
+ 	{
+ 		foreach($input_keys as $key)
+ 		{
+-			if(isset($_REQUEST[$key]) && !empty($_REQUEST[$key]))
++			if(isset($_GET[$key]) && !empty($_GET[$key]))
+ 			{
+-				foreach(pts_arrays::to_array($_REQUEST[$key]) as $val_to_check)
++				foreach(pts_arrays::to_array($_GET[$key]) as $val_to_check)
++				{
++					if(stripos($val_to_check, $invalid_string) !== false)
++					{
++						echo '<strong>Exited due to invalid input ( ' . $invalid_string . ') attempted:</strong> ' . htmlspecialchars($val_to_check);
++						exit;
++					}
++				}
++			}
++			if(isset($_POST[$key]) && !empty($_POST[$key]))
++			{
++				foreach(pts_arrays::to_array($_POST[$key]) as $val_to_check)
+ 				{
+ 					if(stripos($val_to_check, $invalid_string) !== false)
+ 					{
diff --git a/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb b/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb
index 825f7024e7..44f2249bc9 100644
--- a/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb
+++ b/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb
@@ -5,7 +5,11 @@ LICENSE = "GPL-3.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 SECTION = "console/tests"
 
-SRC_URI = "http://www.phoronix-test-suite.com/releases/${BP}.tar.gz"
+SRC_URI = "http://www.phoronix-test-suite.com/releases/${BP}.tar.gz \
+           file://CVE-2022-40704.patch \
+          "
+
+
 SRC_URI[md5sum] = "459c3c45b39bb3d720ddc8ba5f944332"
 SRC_URI[sha256sum] = "86681343d20415831ab16ef6c3d1c317e2345e771925e0698ae920a03a9eaab6"
 
diff --git a/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb b/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb
index f821cdaf4a..aba5ab5878 100644
--- a/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb
+++ b/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb
@@ -151,12 +151,13 @@ RRECOMMENDS:${PN}-fancontrol = "lmsensors-config-fancontrol"
 # sensors-detect script files
 FILES:${PN}-sensorsdetect = "${sbindir}/sensors-detect"
 FILES:${PN}-sensorsdetect-doc = "${mandir}/man8/sensors-detect.8"
-RDEPENDS:${PN}-sensorsdetect = "${PN}-sensors perl perl-modules"
+RDEPENDS:${PN}-sensorsdetect = "${PN}-sensors perl perl-module-fcntl perl-module-file-basename \
+	perl-module-strict perl-module-constant"
 
 # sensors-conf-convert script files
 FILES:${PN}-sensorsconfconvert = "${bindir}/sensors-conf-convert"
 FILES:${PN}-sensorsconfconvert-doc = "${mandir}/man8/sensors-conf-convert.8"
-RDEPENDS:${PN}-sensorsconfconvert = "${PN}-sensors perl perl-modules"
+RDEPENDS:${PN}-sensorsconfconvert = "${PN}-sensors perl perl-module-strict perl-module-vars"
 
 # pwmconfig script files
 FILES:${PN}-pwmconfig = "${sbindir}/pwmconfig"
diff --git a/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb b/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb
index d3e7973329..9b72ffefe4 100644
--- a/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb
+++ b/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb
@@ -20,3 +20,5 @@ do_install() {
 ALLOW_EMPTY:${PN} = "1"
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 INHIBIT_DEFAULT_DEPS = "1"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch
new file mode 100644
index 0000000000..6d04bf8980
--- /dev/null
+++ b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch
@@ -0,0 +1,110 @@
+From 4e661f0085ec5f969c76c0896a34322c6c432de4 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Mon, 17 Oct 2022 20:25:11 -0400
+Subject: [PATCH] Fix integer overflows in PAC parsing
+
+In krb5_parse_pac(), check for buffer counts large enough to threaten
+integer overflow in the header length and memory length calculations.
+Avoid potential integer overflows when checking the length of each
+buffer.  Credit to OSS-Fuzz for discovering one of the issues.
+
+CVE-2022-42898:
+
+In MIT krb5 releases 1.8 and later, an authenticated attacker may be
+able to cause a KDC or kadmind process to crash by reading beyond the
+bounds of allocated memory, creating a denial of service.  A
+privileged attacker may similarly be able to cause a Kerberos or GSS
+application service to crash.  On 32-bit platforms, an attacker can
+also cause insufficient memory to be allocated for the result,
+potentially leading to remote code execution in a KDC, kadmind, or GSS
+or Kerberos application server process.  An attacker with the
+privileges of a cross-realm KDC may be able to extract secrets from a
+KDC process's memory by having them copied into the PAC of a new
+ticket.
+
+(cherry picked from commit ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583)
+
+ticket: 9074
+version_fixed: 1.19.4
+
+Upstream-Status: Backport [https://github.com/krb5/krb5/commit/4e661f0085ec5f969c76c0896a34322c6c432de4]
+CVE: CVE-2022-42898
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/lib/krb5/krb/pac.c   |  9 +++++++--
+ src/lib/krb5/krb/t_pac.c | 18 ++++++++++++++++++
+ 2 files changed, 25 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
+index cc74f37..70428a1 100644
+--- a/src/lib/krb5/krb/pac.c
++++ b/src/lib/krb5/krb/pac.c
+@@ -27,6 +27,8 @@
+ #include "k5-int.h"
+ #include "authdata.h"
+ 
++#define MAX_BUFFERS 4096
++
+ /* draft-brezak-win2k-krb-authz-00 */
+ 
+ /*
+@@ -316,6 +318,9 @@ krb5_pac_parse(krb5_context context,
+     if (version != 0)
+         return EINVAL;
+ 
++    if (cbuffers < 1 || cbuffers > MAX_BUFFERS)
++        return ERANGE;
++
+     header_len = PACTYPE_LENGTH + (cbuffers * PAC_INFO_BUFFER_LENGTH);
+     if (len < header_len)
+         return ERANGE;
+@@ -348,8 +353,8 @@ krb5_pac_parse(krb5_context context,
+             krb5_pac_free(context, pac);
+             return EINVAL;
+         }
+-        if (buffer->Offset < header_len ||
+-            buffer->Offset + buffer->cbBufferSize > len) {
++        if (buffer->Offset < header_len || buffer->Offset > len ||
++            buffer->cbBufferSize > len - buffer->Offset) {
+             krb5_pac_free(context, pac);
+             return ERANGE;
+         }
+diff --git a/src/lib/krb5/krb/t_pac.c b/src/lib/krb5/krb/t_pac.c
+index 7b756a2..2353e9f 100644
+--- a/src/lib/krb5/krb/t_pac.c
++++ b/src/lib/krb5/krb/t_pac.c
+@@ -431,6 +431,16 @@ static const unsigned char s4u_pac_ent_xrealm[] = {
+     0x8a, 0x81, 0x9c, 0x9c, 0x00, 0x00, 0x00, 0x00
+ };
+ 
++static const unsigned char fuzz1[] = {
++    0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00,
++    0x06, 0xff, 0xff, 0xff, 0x00, 0x00, 0xf5
++};
++
++static const unsigned char fuzz2[] = {
++    0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00,
++    0x20, 0x20
++};
++
+ static const char *s4u_principal = "w2k8u@ACME.COM";
+ static const char *s4u_enterprise = "w2k8u@abc@ACME.COM";
+ 
+@@ -646,6 +656,14 @@ main(int argc, char **argv)
+         krb5_free_principal(context, sep);
+     }
+ 
++    /* Check problematic PACs found by fuzzing. */
++    ret = krb5_pac_parse(context, fuzz1, sizeof(fuzz1), &pac);
++    if (!ret)
++        err(context, ret, "krb5_pac_parse should have failed");
++    ret = krb5_pac_parse(context, fuzz2, sizeof(fuzz2), &pac);
++    if (!ret)
++        err(context, ret, "krb5_pac_parse should have failed");
++
+     /*
+      * Test empty free
+      */
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-connectivity/krb5/krb5/CVE-2023-36054.patch b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2023-36054.patch
new file mode 100644
index 0000000000..160c090bce
--- /dev/null
+++ b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2023-36054.patch
@@ -0,0 +1,68 @@
+From ef08b09c9459551aabbe7924fb176f1583053cdd Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Mon, 21 Aug 2023 03:08:15 +0000
+Subject: [PATCH] Ensure array count consistency in kadm5 RPC
+
+In _xdr_kadm5_principal_ent_rec(), ensure that n_key_data matches the
+key_data array count when decoding.  Otherwise when the structure is
+later freed, xdr_array() could iterate over the wrong number of
+elements, either leaking some memory or freeing uninitialized
+pointers.  Reported by Robert Morris.
+
+CVE: CVE-2023-36054
+
+An authenticated attacker can cause a kadmind process to crash by
+freeing uninitialized pointers.  Remote code execution is unlikely.
+An attacker with control of a kadmin server can cause a kadmin client
+to crash by freeing uninitialized pointers.
+
+ticket: 9099 (new)
+tags: pullup
+target_version: 1.21-next
+target_version: 1.20-next
+
+Upstream-Status: Backport [https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ src/lib/kadm5/kadm_rpc_xdr.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
+index 2892d41..94b1ce8 100644
+--- a/src/lib/kadm5/kadm_rpc_xdr.c
++++ b/src/lib/kadm5/kadm_rpc_xdr.c
+@@ -390,6 +390,7 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
+			     int v)
+ {
+	unsigned int n;
++	bool_t r;
+
+	if (!xdr_krb5_principal(xdrs, &objp->principal)) {
+		return (FALSE);
+@@ -443,6 +444,9 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
+	if (!xdr_krb5_int16(xdrs, &objp->n_key_data)) {
+		return (FALSE);
+	}
++	if (xdrs->x_op == XDR_DECODE && objp->n_key_data < 0) {
++		return (FALSE);
++	}
+	if (!xdr_krb5_int16(xdrs, &objp->n_tl_data)) {
+		return (FALSE);
+	}
+@@ -451,9 +455,10 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
+		return FALSE;
+	}
+	n = objp->n_key_data;
+-	if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
+-		       &n, ~0, sizeof(krb5_key_data),
+-		       xdr_krb5_key_data_nocontents)) {
++	r = xdr_array(xdrs, (caddr_t *) &objp->key_data, &n, objp->n_key_data,
++		      sizeof(krb5_key_data), xdr_krb5_key_data_nocontents);
++	objp->n_key_data = n;
++	if (!r) {
+		return (FALSE);
+	}
+
+--
+2.40.0
diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb
index 6e0b2fdacb..a92066171b 100644
--- a/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb
+++ b/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb
@@ -32,6 +32,8 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \
            file://krb5-admin-server.service \
            file://CVE-2021-36222.patch;striplevel=2 \
            file://CVE-2021-37750.patch;striplevel=2 \
+           file://CVE-2022-42898.patch;striplevel=2 \
+           file://CVE-2023-36054.patch;striplevel=2 \
 "
 SRC_URI[md5sum] = "aa4337fffa3b61f22dbd0167f708818f"
 SRC_URI[sha256sum] = "1a4bba94df92f6d39a197a10687653e8bfbc9a2076e129f6eb92766974f86134"
diff --git a/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb b/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb
index 2fa24b29b3..28a3e1e77a 100644
--- a/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb
+++ b/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb
@@ -11,6 +11,10 @@ SRC_URI = "git://github.com/rakshasa/libtorrent;branch=master;protocol=https \
            "
 SRCREV = "756f70010779927dc0691e1e722ed433d5d295e1"
 
+CVE_CHECK_IGNORE += "\
+    CVE-2009-1760 \
+"
+
 PV = "0.13.8"
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb b/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb
index a5fcb8d72d..24b9e9a071 100644
--- a/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb
+++ b/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb
@@ -4,6 +4,7 @@ LICENSE = "MIT & Zlib & BSD-3-Clause & Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c8bea43a2eb5d713c338819a0be07797"
 
 DEPENDS = "zlib"
+DEPENDS:append:class-native = " libcap-native"
 
 S = "${WORKDIR}/git"
 SRCREV = "8d605f0649ed1ab6d27a443c7688598ea21fdb75"
@@ -41,3 +42,8 @@ RDEPENDS:${PN} += " ${@bb.utils.contains('PACKAGECONFIG', 'libuv', '${PN}-evlib-
 RDEPENDS:${PN} += " ${@bb.utils.contains('PACKAGECONFIG', 'libev', '${PN}-evlib-ev', '', d)}"
 
 RDEPENDS:${PN}-dev += " ${@bb.utils.contains('PACKAGECONFIG', 'static', '${PN}-staticdev', '', d)}"
+
+# Avoid absolute paths to end up in the sysroot.
+SSTATE_SCAN_FILES += "*.cmake"
+
+BBCLASSEXTEND = "native"
diff --git a/meta-oe/recipes-connectivity/linuxptp/linuxptp/0001-makefile-use-conditional-assignment-for-KBUILD_OUTPU.patch b/meta-oe/recipes-connectivity/linuxptp/linuxptp/0001-makefile-use-conditional-assignment-for-KBUILD_OUTPU.patch
new file mode 100644
index 0000000000..83bdae858f
--- /dev/null
+++ b/meta-oe/recipes-connectivity/linuxptp/linuxptp/0001-makefile-use-conditional-assignment-for-KBUILD_OUTPU.patch
@@ -0,0 +1,42 @@
+From dfd38cb29c0768692f886d3ab9158bd2b3132582 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Tue, 22 Nov 2022 15:20:48 +0800
+Subject: [PATCH] makefile: use conditional assignment for KBUILD_OUTPUT
+
+Refer [1],from make 4.4, all variables that are marked as export will
+also be passed to the shell started by the shell function. use "=" will
+make KBUILD_OUTPUT always empty for shell function, use "?=" to make
+"export KBUILD_OUTPUT" in enrironment can work.
+
+[snip of 4.4 NEWS]
+* WARNING: Backward-incompatibility!
+   Previously makefile variables marked as export were not exported to commands
+   started by the $(shell ...) function.  Now, all exported variables are
+   exported to $(shell ...).
+[snip]
+
+[1] https://git.savannah.gnu.org/cgit/make.git/tree/NEWS?h=4.4&id=ed493f6c9116cc217b99c2cfa6a95f15803235a2#n74
+
+Upstream-Status: Backport [d3dd51ba611802d7cbb28631cb943cb882fa4aac]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/makefile b/makefile
+index 529d8a0..3db60fa 100644
+--- a/makefile
++++ b/makefile
+@@ -15,7 +15,7 @@
+ # with this program; if not, write to the Free Software Foundation, Inc.,
+ # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ 
+-KBUILD_OUTPUT =
++KBUILD_OUTPUT ?=
+ 
+ DEBUG	=
+ CC	?= $(CROSS_COMPILE)gcc
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb b/meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb
index 9c0f56e736..9c8e649b1a 100644
--- a/meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb
+++ b/meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 SRC_URI = "http://sourceforge.net/projects/linuxptp/files/v3.1/linuxptp-${PV}.tgz \
            file://build-Allow-CC-and-prefix-to-be-overriden.patch \
            file://Use-cross-cpp-in-incdefs.patch \
+           file://0001-makefile-use-conditional-assignment-for-KBUILD_OUTPU.patch \
            "
 
 UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/linuxptp/files/"
diff --git a/meta-oe/recipes-connectivity/modemmanager/files/0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch b/meta-oe/recipes-connectivity/modemmanager/files/0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch
index 7c3e7750af..914760512a 100644
--- a/meta-oe/recipes-connectivity/modemmanager/files/0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch
+++ b/meta-oe/recipes-connectivity/modemmanager/files/0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch
@@ -1,42 +1,44 @@
-From f7a3292c1c753b29384e216693f51a4213fea7d0 Mon Sep 17 00:00:00 2001
+From 35173fa04d0116ba30a86dc1a19f859f2be14a24 Mon Sep 17 00:00:00 2001
 From: "Bruce A. Johnson" <waterfordtrack@gmail.com>
 Date: Wed, 22 Dec 2021 14:24:02 -0500
-Subject: [PATCH 1/2] core: switch bash shell scripts to use /bin/sh for use
+Subject: [PATCH] core: switch bash shell scripts to use /bin/sh for use
  w/Busybox.
 
 Fixes https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/issues/483
+
+%% original patch: 0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch
 ---
- data/fcc-unlock/105b           | 2 +-
- data/fcc-unlock/1199           | 2 +-
- data/fcc-unlock/1eac           | 2 +-
- test/mmcli-test-sms            | 2 +-
- tools/tests/test-wrapper.sh.in | 2 +-
+ data/dispatcher-fcc-unlock/105b | 2 +-
+ data/dispatcher-fcc-unlock/1199 | 2 +-
+ data/dispatcher-fcc-unlock/1eac | 2 +-
+ test/mmcli-test-sms             | 2 +-
+ tools/tests/test-wrapper.sh.in  | 2 +-
  5 files changed, 5 insertions(+), 5 deletions(-)
 
-diff --git a/data/fcc-unlock/105b b/data/fcc-unlock/105b
-index 21fe5329..f276050f 100644
---- a/data/fcc-unlock/105b
-+++ b/data/fcc-unlock/105b
+diff --git a/data/dispatcher-fcc-unlock/105b b/data/dispatcher-fcc-unlock/105b
+index 444bd51f..772c90f4 100644
+--- a/data/dispatcher-fcc-unlock/105b
++++ b/data/dispatcher-fcc-unlock/105b
 @@ -1,4 +1,4 @@
 -#!/bin/bash
 +#!/bin/sh
  
  # SPDX-License-Identifier: CC0-1.0
  # 2021 Aleksander Morgado <aleksander@aleksander.es>
-diff --git a/data/fcc-unlock/1199 b/data/fcc-unlock/1199
-index 0109c6ab..e1d3804c 100644
---- a/data/fcc-unlock/1199
-+++ b/data/fcc-unlock/1199
+diff --git a/data/dispatcher-fcc-unlock/1199 b/data/dispatcher-fcc-unlock/1199
+index 83ab2c9e..6dbf8d1b 100644
+--- a/data/dispatcher-fcc-unlock/1199
++++ b/data/dispatcher-fcc-unlock/1199
 @@ -1,4 +1,4 @@
 -#!/bin/bash
 +#!/bin/sh
  
  # SPDX-License-Identifier: CC0-1.0
  # 2021 Aleksander Morgado <aleksander@aleksander.es>
-diff --git a/data/fcc-unlock/1eac b/data/fcc-unlock/1eac
-index 1068d9c2..d9342852 100644
---- a/data/fcc-unlock/1eac
-+++ b/data/fcc-unlock/1eac
+diff --git a/data/dispatcher-fcc-unlock/1eac b/data/dispatcher-fcc-unlock/1eac
+index 1a048dc8..44ce46d7 100644
+--- a/data/dispatcher-fcc-unlock/1eac
++++ b/data/dispatcher-fcc-unlock/1eac
 @@ -1,4 +1,4 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -64,5 +66,5 @@ index d64ea4cb..fcdb56de 100644
  # For debugging behavior of test-modemmanager-service.py, you can modify
  # this line to add --log-file option
 -- 
-2.34.1
+2.35.3
 
diff --git a/meta-oe/recipes-connectivity/modemmanager/files/0002-fcc-unlock-Make-scripts-POSIX-shell-compatible.patch b/meta-oe/recipes-connectivity/modemmanager/files/0002-fcc-unlock-Make-scripts-POSIX-shell-compatible.patch
deleted file mode 100644
index d911d54ce4..0000000000
--- a/meta-oe/recipes-connectivity/modemmanager/files/0002-fcc-unlock-Make-scripts-POSIX-shell-compatible.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From ddf634b92bf96b35f521db6da329628b4525c2eb Mon Sep 17 00:00:00 2001
-From: Sven Schwermer <sven.schwermer@disruptive-technologies.com>
-Date: Fri, 25 Feb 2022 21:37:13 +0100
-Subject: [PATCH 2/2] fcc-unlock: Make scripts POSIX shell compatible
-
-This allows us to not rely on bash which may not be available on
-constrained systems, e.g. Yocto-built embedded systems. The scripts now
-pass shellcheck.
-
-Signed-off-by: Sven Schwermer <sven.schwermer@disruptive-technologies.com>
----
- data/fcc-unlock/105b | 8 ++++----
- data/fcc-unlock/1199 | 6 +++---
- data/fcc-unlock/1eac | 8 ++++----
- 3 files changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/data/fcc-unlock/105b b/data/fcc-unlock/105b
-index f276050f..772c90f4 100644
---- a/data/fcc-unlock/105b
-+++ b/data/fcc-unlock/105b
-@@ -15,20 +15,20 @@ shift
- # second and next arguments are control port names
- for PORT in "$@"; do
-   # match port type in Linux 5.14 and newer
--  grep -q MBIM /sys/class/wwan/${PORT}/type 2>/dev/null && {
-+  grep -q MBIM "/sys/class/wwan/$PORT/type" 2>/dev/null && {
-     MBIM_PORT=$PORT
-     break
-   }
-   # match port name in Linux 5.13
--  [[ $PORT == *"MBIM"* ]] && {
-+  echo "$PORT" | grep -q MBIM && {
-     MBIM_PORT=$PORT
-     break
-   }
- done
- 
- # fail if no MBIM port exposed
--[ -n "${MBIM_PORT}" ] || exit 2
-+[ -n "$MBIM_PORT" ] || exit 2
- 
- # run qmicli operation over MBIM
--qmicli --device-open-proxy --device=/dev/${MBIM_PORT} --dms-foxconn-set-fcc-authentication=0
-+qmicli --device-open-proxy --device="/dev/$MBIM_PORT" --dms-foxconn-set-fcc-authentication=0
- exit $?
-diff --git a/data/fcc-unlock/1199 b/data/fcc-unlock/1199
-index e1d3804c..6dbf8d1b 100644
---- a/data/fcc-unlock/1199
-+++ b/data/fcc-unlock/1199
-@@ -19,15 +19,15 @@ shift
- # second and next arguments are control port names
- for PORT in "$@"; do
-   # match port name
--  [[ $PORT == *"cdc-wdm"* ]] && {
-+  echo "$PORT" | grep -q cdc-wdm && {
-     CDC_WDM_PORT=$PORT
-     break
-   }
- done
- 
- # fail if no cdc-wdm port exposed
--[ -n "${CDC_WDM_PORT}" ] || exit 2
-+[ -n "$CDC_WDM_PORT" ] || exit 2
- 
- # run qmicli operation
--qmicli --device-open-proxy --device=/dev/${CDC_WDM_PORT} --dms-set-fcc-authentication
-+qmicli --device-open-proxy --device="/dev/$CDC_WDM_PORT" --dms-set-fcc-authentication
- exit $?
-diff --git a/data/fcc-unlock/1eac b/data/fcc-unlock/1eac
-index d9342852..44ce46d7 100644
---- a/data/fcc-unlock/1eac
-+++ b/data/fcc-unlock/1eac
-@@ -15,20 +15,20 @@ shift
- # second and next arguments are control port names
- for PORT in "$@"; do
-   # match port type in Linux 5.14 and newer
--  grep -q MBIM /sys/class/wwan/${PORT}/type 2>/dev/null && {
-+  grep -q MBIM "/sys/class/wwan/$PORT/type" 2>/dev/null && {
-     MBIM_PORT=$PORT
-     break
-   }
-   # match port name in Linux 5.13
--  [[ $PORT == *"MBIM"* ]] && {
-+  echo "$PORT" | grep -q MBIM && {
-     MBIM_PORT=$PORT
-     break
-   }
- done
- 
- # fail if no MBIM port exposed
--[ -n "${MBIM_PORT}" ] || exit 2
-+[ -n "$MBIM_PORT" ] || exit 2
- 
- # run mbimcli operation
--mbimcli --device-open-proxy --device=/dev/${MBIM_PORT} --quectel-set-radio-state=on
-+mbimcli --device-open-proxy --device="/dev/$MBIM_PORT" --quectel-set-radio-state=on
- exit $?
--- 
-2.34.1
-
diff --git a/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.18.6.bb b/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.18.8.bb
index 14d9942c02..28f81ba6e5 100644
--- a/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.18.6.bb
+++ b/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.18.8.bb
@@ -12,13 +12,12 @@ inherit gnomebase gettext systemd gobject-introspection bash-completion
 
 DEPENDS = "glib-2.0 libgudev libxslt-native dbus"
 
-SRCREV ?= "a7bcf2036b34d5043dbc33fee7d98bae5859c4d3"
+SRCREV ?= "0d8b5e93fc62eb0f41e18a2d9d845331d7af36ec"
 
-# Patches 0001, 0002 will be in ModemManager > 1.18.6
+# Patch 0001 will be in ModemManager > 1.19
 SRC_URI = " \
     git://gitlab.freedesktop.org/mobile-broadband/ModemManager.git;protocol=https;branch=mm-1-18 \
     file://0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch \
-    file://0002-fcc-unlock-Make-scripts-POSIX-shell-compatible.patch \
 "
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch b/meta-oe/recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch
new file mode 100644
index 0000000000..93949fc21d
--- /dev/null
+++ b/meta-oe/recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch
@@ -0,0 +1,135 @@
+From 463054383fbeef889b409a7f843df5365288e2a0 Mon Sep 17 00:00:00 2001
+From: Christian Kastner <ckk@kvr.at>
+Date: Tue, 13 Jun 2023 14:21:52 +0200
+Subject: [PATCH] Add option to read username/password from file (#781)
+
+* Add option to read username/password from file
+
+CVE: CVE-2023-35789
+
+Upstream-Status: Backport [https://github.com/alanxz/rabbitmq-c/commit/463054383fbeef889b409a7f843df5365288e2a0]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ tools/common.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 66 insertions(+)
+
+diff --git a/tools/common.c b/tools/common.c
+index 53ea788..35b2b9f 100644
+--- a/tools/common.c
++++ b/tools/common.c
+@@ -54,6 +54,11 @@
+ #include "compat.h"
+ #endif
+
++/* For when reading auth data from a file */
++#define MAXAUTHTOKENLEN 128
++#define USERNAMEPREFIX "username:"
++#define PASSWORDPREFIX "password:"
++
+ void die(const char *fmt, ...) {
+   va_list ap;
+   va_start(ap, fmt);
+@@ -161,6 +166,7 @@ static char *amqp_vhost;
+ static char *amqp_username;
+ static char *amqp_password;
+ static int amqp_heartbeat = 0;
++static char *amqp_authfile;
+ #ifdef WITH_SSL
+ static int amqp_ssl = 0;
+ static char *amqp_cacert = "/etc/ssl/certs/cacert.pem";
+@@ -183,6 +189,8 @@ struct poptOption connect_options[] = {
+      "the password to login with", "password"},
+     {"heartbeat", 0, POPT_ARG_INT, &amqp_heartbeat, 0,
+      "heartbeat interval, set to 0 to disable", "heartbeat"},
++    {"authfile", 0, POPT_ARG_STRING, &amqp_authfile, 0,
++     "path to file containing username/password for authentication", "file"},
+ #ifdef WITH_SSL
+     {"ssl", 0, POPT_ARG_NONE, &amqp_ssl, 0, "connect over SSL/TLS", NULL},
+     {"cacert", 0, POPT_ARG_STRING, &amqp_cacert, 0,
+@@ -194,6 +202,50 @@ struct poptOption connect_options[] = {
+ #endif /* WITH_SSL */
+     {NULL, '\0', 0, NULL, 0, NULL, NULL}};
+
++void read_authfile(const char *path) {
++  size_t n;
++  FILE *fp = NULL;
++  char token[MAXAUTHTOKENLEN];
++
++  if ((amqp_username = malloc(MAXAUTHTOKENLEN)) == NULL ||
++      (amqp_password = malloc(MAXAUTHTOKENLEN)) == NULL) {
++    die("Out of memory");
++  } else if ((fp = fopen(path, "r")) == NULL) {
++    die("Could not read auth data file %s", path);
++  }
++
++  if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL ||
++      strncmp(token, USERNAMEPREFIX, strlen(USERNAMEPREFIX))) {
++    die("Malformed auth file (missing username)");
++  }
++  strncpy(amqp_username, &token[strlen(USERNAMEPREFIX)], MAXAUTHTOKENLEN);
++  /* Missing newline means token was cut off */
++  n = strlen(amqp_username);
++  if (amqp_username[n - 1] != '\n') {
++    die("Username too long");
++  } else {
++    amqp_username[n - 1] = '\0';
++  }
++
++  if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL ||
++      strncmp(token, PASSWORDPREFIX, strlen(PASSWORDPREFIX))) {
++    die("Malformed auth file (missing password)");
++  }
++  strncpy(amqp_password, &token[strlen(PASSWORDPREFIX)], MAXAUTHTOKENLEN);
++  /* Missing newline means token was cut off */
++  n = strlen(amqp_password);
++  if (amqp_password[n - 1] != '\n') {
++    die("Password too long");
++  } else {
++    amqp_password[n - 1] = '\0';
++  }
++
++  (void)fgetc(fp);
++  if (!feof(fp)) {
++    die("Malformed auth file (trailing data)");
++  }
++}
++
+ static void init_connection_info(struct amqp_connection_info *ci) {
+   ci->user = NULL;
+   ci->password = NULL;
+@@ -269,6 +321,8 @@ static void init_connection_info(struct amqp_connection_info *ci) {
+   if (amqp_username) {
+     if (amqp_url) {
+       die("--username and --url options cannot be used at the same time");
++    } else if (amqp_authfile) {
++      die("--username and --authfile options cannot be used at the same time");
+     }
+
+     ci->user = amqp_username;
+@@ -277,11 +331,23 @@ static void init_connection_info(struct amqp_connection_info *ci) {
+   if (amqp_password) {
+     if (amqp_url) {
+       die("--password and --url options cannot be used at the same time");
++    } else if (amqp_authfile) {
++      die("--password and --authfile options cannot be used at the same time");
+     }
+
+     ci->password = amqp_password;
+   }
+
++  if (amqp_authfile) {
++    if (amqp_url) {
++      die("--authfile and --url options cannot be used at the same time");
++    }
++
++    read_authfile(amqp_authfile);
++    ci->user = amqp_username;
++    ci->password = amqp_password;
++  }
++
+   if (amqp_vhost) {
+     if (amqp_url) {
+       die("--vhost and --url options cannot be used at the same time");
+--
+2.40.0
diff --git a/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb b/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb
index 304171c88c..1cc4ada3b5 100644
--- a/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb
+++ b/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb
@@ -3,7 +3,9 @@ HOMEPAGE = "https://github.com/alanxz/rabbitmq-c"
 LIC_FILES_CHKSUM = "file://LICENSE-MIT;md5=6b7424f9db80cfb11fdd5c980b583f53"
 LICENSE = "MIT"
 
-SRC_URI = "git://github.com/alanxz/rabbitmq-c.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/alanxz/rabbitmq-c.git;branch=master;protocol=https \
+           file://CVE-2023-35789.patch \
+          "
 # v0.11.0-master
 SRCREV = "a64c08c68aff34d49a2ac152f04988cd921084f9"
 
diff --git a/meta-oe/recipes-connectivity/ser2net/ser2net_4.3.5.bb b/meta-oe/recipes-connectivity/ser2net/ser2net_4.3.5.bb
index 79d54038eb..a33265063c 100644
--- a/meta-oe/recipes-connectivity/ser2net/ser2net_4.3.5.bb
+++ b/meta-oe/recipes-connectivity/ser2net/ser2net_4.3.5.bb
@@ -14,5 +14,3 @@ SRC_URI[sha256sum] = "848c4fe863806e506832f1ee85b8b68258f06eb19dad43dbeee16a2cfe
 UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/ser2net/files/ser2net"
 
 inherit autotools pkgconfig
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-oe/recipes-connectivity/thrift/thrift_0.16.0.bb b/meta-oe/recipes-connectivity/thrift/thrift_0.16.0.bb
index 2d601a2f9d..8141abef51 100644
--- a/meta-oe/recipes-connectivity/thrift/thrift_0.16.0.bb
+++ b/meta-oe/recipes-connectivity/thrift/thrift_0.16.0.bb
@@ -15,6 +15,8 @@ SRC_URI[sha256sum] = "f460b5c1ca30d8918ff95ea3eb6291b3951cf518553566088f3f2be898
 
 BBCLASSEXTEND = "native nativesdk"
 
+CVE_PRODUCT = "apache:thrift"
+
 inherit pkgconfig cmake python3native
 
 export STAGING_INCDIR
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch
new file mode 100644
index 0000000000..6028520923
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch
@@ -0,0 +1,37 @@
+From 6b5dfdb31aa503bb0358784c632ff3a04e7a8ff4 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 4 Jan 2023 13:51:03 +0800
+Subject: [PATCH] [DEV-2301] fixed spoofing X-Forwarded-For request header
+ allows to access Frontend in maintenace mode
+
+Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/50668e9d64af32cdc67a45082c556699ff86565e]
+CVE: CVE-2022-43515
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ ui/include/classes/user/CWebUser.php | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/ui/include/classes/user/CWebUser.php b/ui/include/classes/user/CWebUser.php
+index e6e651e..bfacce7 100644
+--- a/ui/include/classes/user/CWebUser.php
++++ b/ui/include/classes/user/CWebUser.php
+@@ -231,13 +231,11 @@ class CWebUser {
+ 	}
+ 
+ 	/**
+-	 * Get user ip address.
++	 * Get user IP address.
+ 	 *
+ 	 * @return string
+ 	 */
+ 	public static function getIp(): string {
+-		return (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && $_SERVER['HTTP_X_FORWARDED_FOR'] !== '')
+-			? $_SERVER['HTTP_X_FORWARDED_FOR']
+-			: $_SERVER['REMOTE_ADDR'];
++		return $_SERVER['REMOTE_ADDR'];
+ 	}
+ }
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch
new file mode 100644
index 0000000000..debd0aaa8e
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch
@@ -0,0 +1,53 @@
+From 7373f92c80eb89941428468cd6b9d5c8879a7f93 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 4 Jan 2023 14:23:34 +0800
+Subject: [PATCH] [DEV-2283] added validation of the scheduled report
+ generation URL to zabbix-web-service
+
+Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/fdb03971867]
+CVE: CVE-2022-46768
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ .../zabbix_web_service/pdf_report_creator.go   | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+index 391b58b..8452a3d 100644
+--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
++++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+@@ -29,6 +29,7 @@ import (
+ 	"net/http"
+ 	"net/url"
+ 	"strconv"
++	"strings"
+ 	"time"
+ 
+ 	"github.com/chromedp/cdproto/emulation"
+@@ -123,6 +124,23 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
+ 		return
+ 	}
+ 
++	if u.Scheme != "http" && u.Scheme != "https" {
++		logAndWriteError(w, fmt.Sprintf("Unexpected URL scheme: \"%s\"", u.Scheme), http.StatusBadRequest)
++		return
++	}
++
++	if !strings.HasSuffix(u.Path, "/zabbix.php") {
++		logAndWriteError(w, fmt.Sprintf("Unexpected URL path: \"%s\"", u.Path), http.StatusBadRequest)
++		return
++	}
++
++	queryParams := u.Query()
++
++	if queryParams.Get("action") != "dashboard.print" {
++		logAndWriteError(w, fmt.Sprintf("Unexpected URL action: \"%s\"", queryParams.Get("action")), http.StatusBadRequest)
++		return
++	}
++
+ 	log.Tracef(
+ 		"making chrome headless request with parameters url: %s, width: %s, height: %s for report request from %s",
+ 		u.String(), req.Parameters["width"], req.Parameters["height"], r.RemoteAddr)
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29449.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29449.patch
new file mode 100644
index 0000000000..675d9e0f35
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29449.patch
@@ -0,0 +1,247 @@
+From 240754ccee1b6b35ac47862be56dacec11e65b32 Mon Sep 17 00:00:00 2001
+From: Dmitrijs Goloscapovs <dmitrijs.goloscapovs@zabbix.com>
+Date: Thu, 27 Jul 2023 11:23:54 +0000
+Subject: [PATCH] .......PS. [DEV-2387] added new limits for JS objects
+
+Merge in ZBX/zabbix from feature/DEV-2387-6.0 to release/6.0
+
+* commit '16e5f15a70cfbf00c646cb92d1fcb8a362900285':
+  .......PS. [DEV-2387] removed logsize check based on json buffer
+  .......PS. [DEV-2387] removed logsize check based on json buffer
+  .......PS. [DEV-2387] fixed pr comments
+  .......PS. [DEV-2387] removed useless include
+  .......PS. [DEV-2387] added limits for logging and adding httprequest headers
+  .......PS. [DEV-2387] limited initialization of new HttpRequest objects
+
+CVE: CVE-2023-29449
+
+Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/240754ccee1]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/libs/zbxembed/console.c     | 23 ++++++++++++-----------
+ src/libs/zbxembed/embed.c       |  1 +
+ src/libs/zbxembed/embed.h       |  3 +++
+ src/libs/zbxembed/httprequest.c | 28 ++++++++++++++++++++++++++++
+ src/libs/zbxembed/zabbix.c      | 23 ++++++++++++-----------
+ 5 files changed, 56 insertions(+), 22 deletions(-)
+
+diff --git a/src/libs/zbxembed/console.c b/src/libs/zbxembed/console.c
+index c733487..60c48fc 100644
+--- a/src/libs/zbxembed/console.c
++++ b/src/libs/zbxembed/console.c
+@@ -90,27 +90,28 @@ static duk_ret_t	es_log_message(duk_context *ctx, int level)
+	else
+		msg_output = zbx_strdup(msg_output, "undefined");
+
+-	zabbix_log(level, "%s", msg_output);
+-
+	duk_get_memory_functions(ctx, &out_funcs);
+	env = (zbx_es_env_t *)out_funcs.udata;
+
+-	if (NULL == env->json)
+-		goto out;
+-
+-	if (ZBX_ES_LOG_MEMORY_LIMIT < env->json->buffer_size)	/* approximate limit */
++	if (ZBX_ES_LOG_MEMORY_LIMIT < env->log_size)
+	{
+		err_index = duk_push_error_object(ctx, DUK_RET_EVAL_ERROR, "log exceeds the maximum size of "
+				ZBX_FS_UI64 " bytes.", ZBX_ES_LOG_MEMORY_LIMIT);
+		goto out;
+	}
+
+-	zbx_json_addobject(env->json, NULL);
+-	zbx_json_adduint64(env->json, "level", (zbx_uint64_t)level);
+-	zbx_json_adduint64(env->json, "ms", zbx_get_duration_ms(&env->start_time));
+-	zbx_json_addstring(env->json, "message", msg_output, ZBX_JSON_TYPE_STRING);
+-	zbx_json_close(env->json);
++	zabbix_log(level, "%s", msg_output);
++
++	if (NULL != env->json)
++	{
++		zbx_json_addobject(env->json, NULL);
++		zbx_json_adduint64(env->json, "level", (zbx_uint64_t)level);
++		zbx_json_adduint64(env->json, "ms", zbx_get_duration_ms(&env->start_time));
++		zbx_json_addstring(env->json, "message", msg_output, ZBX_JSON_TYPE_STRING);
++		zbx_json_close(env->json);
++	}
+ out:
++	env->log_size += strlen(msg_output);
+	zbx_free(msg_output);
+
+	if (-1 != err_index)
+diff --git a/src/libs/zbxembed/embed.c b/src/libs/zbxembed/embed.c
+index 34d8d18..cc80925 100644
+--- a/src/libs/zbxembed/embed.c
++++ b/src/libs/zbxembed/embed.c
+@@ -444,6 +444,7 @@ int	zbx_es_execute(zbx_es_t *es, const char *script, const char *code, int size,
+	zabbix_log(LOG_LEVEL_DEBUG, "In %s() param:%s", __func__, param);
+
+	zbx_timespec(&es->env->start_time);
++	es->env->http_req_objects = 0;
+
+	if (NULL != es->env->json)
+	{
+diff --git a/src/libs/zbxembed/embed.h b/src/libs/zbxembed/embed.h
+index a0a360c..2b954a8 100644
+--- a/src/libs/zbxembed/embed.h
++++ b/src/libs/zbxembed/embed.h
+@@ -48,6 +48,9 @@ struct zbx_es_env
+	struct zbx_json	*json;
+
+	jmp_buf		loc;
++
++	int		http_req_objects;
++	size_t		log_size;
+ };
+
+ zbx_es_env_t	*zbx_es_get_env(duk_context *ctx);
+diff --git a/src/libs/zbxembed/httprequest.c b/src/libs/zbxembed/httprequest.c
+index 8c2839c..7f0eed9 100644
+--- a/src/libs/zbxembed/httprequest.c
++++ b/src/libs/zbxembed/httprequest.c
+@@ -52,6 +52,7 @@ typedef struct
+	size_t			headers_in_alloc;
+	size_t			headers_in_offset;
+	unsigned char		custom_header;
++	size_t			headers_sz;
+ }
+ zbx_es_httprequest_t;
+
+@@ -145,13 +146,21 @@ static duk_ret_t	es_httprequest_dtor(duk_context *ctx)
+  ******************************************************************************/
+ static duk_ret_t	es_httprequest_ctor(duk_context *ctx)
+ {
++#define MAX_HTTPREQUEST_OBJECT_COUNT	10
+	zbx_es_httprequest_t	*request;
+	CURLcode		err;
++	zbx_es_env_t		*env;
+	int			err_index = -1;
+
+	if (!duk_is_constructor_call(ctx))
+		return DUK_RET_TYPE_ERROR;
+
++	if (NULL == (env = zbx_es_get_env(ctx)))
++		return duk_error(ctx, DUK_RET_TYPE_ERROR, "cannot access internal environment");
++
++	if (MAX_HTTPREQUEST_OBJECT_COUNT == env->http_req_objects)
++		return duk_error(ctx, DUK_RET_EVAL_ERROR, "maximum count of HttpRequest objects was reached");
++
+	duk_push_this(ctx);
+
+	request = (zbx_es_httprequest_t *)zbx_malloc(NULL, sizeof(zbx_es_httprequest_t));
+@@ -189,7 +198,10 @@ out:
+		return duk_throw(ctx);
+	}
+
++	env->http_req_objects++;
++
+	return 0;
++#undef MAX_HTTPREQUEST_OBJECT_COUNT
+ }
+
+ /******************************************************************************
+@@ -201,10 +213,12 @@ out:
+  ******************************************************************************/
+ static duk_ret_t	es_httprequest_add_header(duk_context *ctx)
+ {
++#define ZBX_ES_MAX_HEADERS_SIZE	ZBX_KIBIBYTE * 128
+	zbx_es_httprequest_t	*request;
+	CURLcode		err;
+	char			*utf8 = NULL;
+	int			err_index = -1;
++	size_t			header_sz;
+
+	if (NULL == (request = es_httprequest(ctx)))
+		return duk_error(ctx, DUK_RET_EVAL_ERROR, "internal scripting error: null object");
+@@ -215,9 +229,20 @@ static duk_ret_t	es_httprequest_add_header(duk_context *ctx)
+		goto out;
+	}
+
++	header_sz = strlen(utf8);
++
++	if (ZBX_ES_MAX_HEADERS_SIZE < request->headers_sz + header_sz)
++	{
++		err_index = duk_push_error_object(ctx, DUK_RET_TYPE_ERROR, "headers exceeded maximum size of "
++			ZBX_FS_UI64 " bytes.", ZBX_ES_MAX_HEADERS_SIZE);
++
++		goto out;
++	}
++
+	request->headers = curl_slist_append(request->headers, utf8);
+	ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_HTTPHEADER, request->headers, err);
+	request->custom_header = 1;
++	request->headers_sz += header_sz + 1;
+ out:
+	zbx_free(utf8);
+
+@@ -225,6 +250,7 @@ out:
+		return duk_throw(ctx);
+
+	return 0;
++#undef ZBX_ES_MAX_HEADERS_SIZE
+ }
+
+ /******************************************************************************
+@@ -244,6 +270,7 @@ static duk_ret_t	es_httprequest_clear_header(duk_context *ctx)
+	curl_slist_free_all(request->headers);
+	request->headers = NULL;
+	request->custom_header = 0;
++	request->headers_sz = 0;
+
+	return 0;
+ }
+@@ -311,6 +338,7 @@ static duk_ret_t	es_httprequest_query(duk_context *ctx, const char *http_request
+		{
+			curl_slist_free_all(request->headers);
+			request->headers = NULL;
++			request->headers_sz = 0;
+		}
+
+		if (NULL != contents)
+diff --git a/src/libs/zbxembed/zabbix.c b/src/libs/zbxembed/zabbix.c
+index 820768f..0ecde86 100644
+--- a/src/libs/zbxembed/zabbix.c
++++ b/src/libs/zbxembed/zabbix.c
+@@ -81,27 +81,28 @@ static duk_ret_t	es_zabbix_log(duk_context *ctx)
+		zbx_replace_invalid_utf8(message);
+	}
+
+-	zabbix_log(level, "%s", message);
+-
+	duk_get_memory_functions(ctx, &out_funcs);
+	env = (zbx_es_env_t *)out_funcs.udata;
+
+-	if (NULL == env->json)
+-		goto out;
+-
+-	if (ZBX_ES_LOG_MEMORY_LIMIT < env->json->buffer_size)	/* approximate limit */
++	if (ZBX_ES_LOG_MEMORY_LIMIT < env->log_size)
+	{
+		err_index = duk_push_error_object(ctx, DUK_RET_EVAL_ERROR, "log exceeds the maximum size of "
+				ZBX_FS_UI64 " bytes.", ZBX_ES_LOG_MEMORY_LIMIT);
+		goto out;
+	}
+
+-	zbx_json_addobject(env->json, NULL);
+-	zbx_json_adduint64(env->json, "level", (zbx_uint64_t)level);
+-	zbx_json_adduint64(env->json, "ms", zbx_get_duration_ms(&env->start_time));
+-	zbx_json_addstring(env->json, "message", message, ZBX_JSON_TYPE_STRING);
+-	zbx_json_close(env->json);
++	zabbix_log(level, "%s", message);
++
++	if (NULL != env->json)
++	{
++		zbx_json_addobject(env->json, NULL);
++		zbx_json_adduint64(env->json, "level", (zbx_uint64_t)level);
++		zbx_json_adduint64(env->json, "ms", zbx_get_duration_ms(&env->start_time));
++		zbx_json_addstring(env->json, "message", message, ZBX_JSON_TYPE_STRING);
++		zbx_json_close(env->json);
++	}
+ out:
++	env->log_size += strlen(message);
+	zbx_free(message);
+
+	if (-1 != err_index)
+--
+2.35.5
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch
new file mode 100644
index 0000000000..ea790f0a93
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch
@@ -0,0 +1,241 @@
+From 76f6a80cb3d6131e9c3e98918305c1bf1805fa2a Mon Sep 17 00:00:00 2001
+From: Vladislavs Sokurenko <vladislavs.sokurenko@zabbix.com>
+Date: Thu, 27 Jul 2023 12:43:02 +0000
+Subject: [PATCH] ...G...PS. [DEV-2429] fixed unauthorised file system access
+ when using cURL
+
+Merge in ZBX/zabbix from feature/DEV-2429-6.0 to release/6.0
+
+* commit 'abf345230ee185d61cc0bd70d432fa4b093b8a53':
+  ...G...PS. [DEV-2429] fixed unautorized file system access when using curl
+  .......PS. [DEV-2429] fixed unautorized file system access in JS preprocessing
+
+CVE: CVE-2023-29450
+
+Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/76f6a80cb3d]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/libs/zbxembed/httprequest.c            |  4 +++
+ src/libs/zbxhistory/history_elastic.c      | 30 ++++++++++++++++++++++
+ src/libs/zbxhttp/http.c                    |  9 +++++++
+ src/libs/zbxmedia/email.c                  |  6 +++++
+ src/libs/zbxsysinfo/common/http.c          |  9 +++++++
+ src/libs/zbxsysinfo/simple/simple.c        | 11 ++++++++
+ src/zabbix_server/httppoller/httptest.c    |  9 +++++++
+ src/zabbix_server/reporter/report_writer.c | 10 ++++++++
+ src/zabbix_server/vmware/vmware.c          |  9 +++++++
+ 9 files changed, 97 insertions(+)
+
+diff --git a/src/libs/zbxembed/httprequest.c b/src/libs/zbxembed/httprequest.c
+index 7f0eed9..871b925 100644
+--- a/src/libs/zbxembed/httprequest.c
++++ b/src/libs/zbxembed/httprequest.c
+@@ -354,6 +354,10 @@ static duk_ret_t	es_httprequest_query(duk_context *ctx, const char *http_request
+	ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_CUSTOMREQUEST, http_request, err);
+	ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_TIMEOUT_MS, timeout_ms - elapsed_ms, err);
+	ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_POSTFIELDS, ZBX_NULL2EMPTY_STR(contents), err);
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS, err);
++#endif
+
+	request->data_offset = 0;
+	request->headers_in_offset = 0;
+diff --git a/src/libs/zbxhistory/history_elastic.c b/src/libs/zbxhistory/history_elastic.c
+index 8b3ea84..fc881da 100644
+--- a/src/libs/zbxhistory/history_elastic.c
++++ b/src/libs/zbxhistory/history_elastic.c
+@@ -406,6 +406,16 @@ static void	elastic_writer_add_iface(zbx_history_iface_t *hist)
+		goto out;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PROTOCOLS,
++			CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		zabbix_log(LOG_LEVEL_ERR, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err));
++		goto out;
++	}
++#endif
++
+	*page_w[hist->value_type].errbuf = '\0';
+
+	if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PRIVATE, &page_w[hist->value_type])))
+@@ -722,6 +732,16 @@ static int	elastic_get_values(zbx_history_iface_t *hist, zbx_uint64_t itemid, in
+		goto out;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PROTOCOLS,
++			CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		zabbix_log(LOG_LEVEL_ERR, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err));
++		goto out;
++	}
++#endif
++
+	zabbix_log(LOG_LEVEL_DEBUG, "sending query to %s; post data: %s", data->post_url, query.buffer);
+
+	page_r.offset = 0;
+@@ -1065,6 +1085,16 @@ void	zbx_elastic_version_extract(struct zbx_json *json)
+		goto clean;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(handle, opt = CURLOPT_PROTOCOLS,
++			CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		zabbix_log(LOG_LEVEL_WARNING, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err));
++		goto clean;
++	}
++#endif
++
+	*errbuf = '\0';
+
+	if (CURLE_OK != (err = curl_easy_perform(handle)))
+diff --git a/src/libs/zbxhttp/http.c b/src/libs/zbxhttp/http.c
+index c10922c..36774cc 100644
+--- a/src/libs/zbxhttp/http.c
++++ b/src/libs/zbxhttp/http.c
+@@ -333,6 +333,15 @@ int	zbx_http_get(const char *url, const char *header, long timeout, char **out,
+		goto clean;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		*error = zbx_dsprintf(NULL, "Cannot set allowed protocols: %s", curl_easy_strerror(err));
++		goto clean;
++	}
++#endif
++
+	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_URL, url)))
+	{
+		*error = zbx_dsprintf(NULL, "Cannot specify URL: %s", curl_easy_strerror(err));
+diff --git a/src/libs/zbxmedia/email.c b/src/libs/zbxmedia/email.c
+index 3b987d9..d3af744 100644
+--- a/src/libs/zbxmedia/email.c
++++ b/src/libs/zbxmedia/email.c
+@@ -661,6 +661,12 @@ static int	send_email_curl(const char *smtp_server, unsigned short smtp_port, co
+	if ('\0' != *smtp_helo)
+		zbx_snprintf(url + url_offset, sizeof(url) - url_offset, "/%s", smtp_helo);
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_SMTPS | CURLPROTO_SMTP)))
++		goto error;
++#endif
++
+	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_URL, url)))
+		goto error;
+
+diff --git a/src/libs/zbxsysinfo/common/http.c b/src/libs/zbxsysinfo/common/http.c
+index acd77e1..8dc4793 100644
+--- a/src/libs/zbxsysinfo/common/http.c
++++ b/src/libs/zbxsysinfo/common/http.c
+@@ -176,6 +176,15 @@ static int	curl_page_get(char *url, char **buffer, char **error)
+		goto out;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		*error = zbx_dsprintf(*error, "Cannot set allowed protocols: %s", curl_easy_strerror(err));
++		goto out;
++	}
++#endif
++
+	if (CURLE_OK == (err = curl_easy_perform(easyhandle)))
+	{
+		if (NULL != buffer)
+diff --git a/src/libs/zbxsysinfo/simple/simple.c b/src/libs/zbxsysinfo/simple/simple.c
+index be1b9f9..80c5eac 100644
+--- a/src/libs/zbxsysinfo/simple/simple.c
++++ b/src/libs/zbxsysinfo/simple/simple.c
+@@ -189,6 +189,17 @@ static int	check_https(const char *host, unsigned short port, int timeout, int *
+		goto clean;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_PROTOCOLS,
++			CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		zabbix_log(LOG_LEVEL_DEBUG, "%s: could not set cURL option [%d]: %s",
++				__func__, (int)opt, curl_easy_strerror(err));
++		goto clean;
++	}
++#endif
++
+	if (NULL != CONFIG_SOURCE_IP)
+	{
+		if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_INTERFACE, CONFIG_SOURCE_IP)))
+diff --git a/src/zabbix_server/httppoller/httptest.c b/src/zabbix_server/httppoller/httptest.c
+index 0ff70ef..0201442 100644
+--- a/src/zabbix_server/httppoller/httptest.c
++++ b/src/zabbix_server/httppoller/httptest.c
+@@ -696,6 +696,15 @@ static void	process_httptest(DC_HOST *host, zbx_httptest_t *httptest)
+		goto clean;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		err_str = zbx_strdup(err_str, curl_easy_strerror(err));
++		goto clean;
++	}
++#endif
++
+	if (SUCCEED != zbx_http_prepare_ssl(easyhandle, httptest->httptest.ssl_cert_file,
+			httptest->httptest.ssl_key_file, httptest->httptest.ssl_key_password,
+			httptest->httptest.verify_peer, httptest->httptest.verify_host, &err_str))
+diff --git a/src/zabbix_server/reporter/report_writer.c b/src/zabbix_server/reporter/report_writer.c
+index 87d1364..7530ed0 100644
+--- a/src/zabbix_server/reporter/report_writer.c
++++ b/src/zabbix_server/reporter/report_writer.c
+@@ -162,6 +162,16 @@ static int	rw_get_report(const char *url, const char *cookie, int width, int hei
+		goto out;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(curl, opt = CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		*error = zbx_dsprintf(*error, "Cannot set cURL option %d: %s.", (int)opt,
++				(curl_error = rw_curl_error(err)));
++		goto out;
++	}
++#endif
++
+	if (NULL != CONFIG_TLS_CA_FILE && '\0' != *CONFIG_TLS_CA_FILE)
+	{
+		if (CURLE_OK != (err = curl_easy_setopt(curl, opt = CURLOPT_CAINFO, CONFIG_TLS_CA_FILE)) ||
+diff --git a/src/zabbix_server/vmware/vmware.c b/src/zabbix_server/vmware/vmware.c
+index b02c8c7..718d519 100644
+--- a/src/zabbix_server/vmware/vmware.c
++++ b/src/zabbix_server/vmware/vmware.c
+@@ -2045,6 +2045,15 @@ static int	vmware_service_authenticate(zbx_vmware_service_t *service, CURL *easy
+		goto out;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		*error = zbx_dsprintf(*error, "Cannot set cURL option %d: %s.", (int)opt, curl_easy_strerror(err));
++		goto out;
++	}
++#endif
++
+	if (NULL != CONFIG_SOURCE_IP)
+	{
+		if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_INTERFACE, CONFIG_SOURCE_IP)))
+--
+2.35.5
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch
new file mode 100644
index 0000000000..453f67a920
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch
@@ -0,0 +1,116 @@
+From 90274a56b2505997cd1677f0bd6a8b89b21df163 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 26 Apr 2023 15:00:07 +0800
+Subject: [PATCH] Fix CVE-2023-29451
+
+.......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character
+
+Merge in ZBX/zabbix from feature/DEV-2450-6.0 to release/6.0
+
+* commit '97efb4ed5069d4febe825671e2c3d106478d082d':
+  .......PS. [DEV-2450] added mock test
+  .......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character
+  .......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character
+
+Upstream-Status: Backport
+[https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/3b6a8c84612a67daaf89879226349420104bff24]
+CVE: CVE-2023-29451
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/libs/zbxdiag/diag.c                      |  3 ++-
+ src/libs/zbxjson/json.c                      |  2 +-
+ src/libs/zbxjson/json.h                      |  1 +
+ src/libs/zbxjson/json_parser.c               | 15 +++++----------
+ src/zabbix_server/reporter/report_protocol.c |  3 ++-
+ 5 files changed, 11 insertions(+), 13 deletions(-)
+
+diff --git a/src/libs/zbxdiag/diag.c b/src/libs/zbxdiag/diag.c
+index 6fc5509..dc47407 100644
+--- a/src/libs/zbxdiag/diag.c
++++ b/src/libs/zbxdiag/diag.c
+@@ -673,7 +673,8 @@ static void	diag_get_simple_values(const struct zbx_json_parse *jp, char **msg)
+ 	{
+ 		if (FAIL == zbx_json_brackets_open(pnext, &jp_value))
+ 		{
+-			zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, &type);
++			if (NULL == zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, &type))
++				type = ZBX_JSON_TYPE_NULL;
+ 
+ 			if (0 != msg_offset)
+ 				zbx_chrcpy_alloc(msg, &msg_alloc, &msg_offset, ' ');
+diff --git a/src/libs/zbxjson/json.c b/src/libs/zbxjson/json.c
+index 4161ef0..c043d7e 100644
+--- a/src/libs/zbxjson/json.c
++++ b/src/libs/zbxjson/json.c
+@@ -764,7 +764,7 @@ static unsigned int	zbx_hex2num(char c)
+  *               0 on error (invalid escape sequence)                         *
+  *                                                                            *
+  ******************************************************************************/
+-static unsigned int	zbx_json_decode_character(const char **p, unsigned char *bytes)
++unsigned int	zbx_json_decode_character(const char **p, unsigned char *bytes)
+ {
+ 	bytes[0] = '\0';
+ 
+diff --git a/src/libs/zbxjson/json.h b/src/libs/zbxjson/json.h
+index c59646a..4008411 100644
+--- a/src/libs/zbxjson/json.h
++++ b/src/libs/zbxjson/json.h
+@@ -29,5 +29,6 @@
+ 	SKIP_WHITESPACE(src)
+ 
+ void	zbx_set_json_strerror(const char *fmt, ...) __zbx_attr_format_printf(1, 2);
++unsigned int	zbx_json_decode_character(const char **p, unsigned char *bytes);
+ 
+ #endif
+diff --git a/src/libs/zbxjson/json_parser.c b/src/libs/zbxjson/json_parser.c
+index c8dcee4..64d24cf 100644
+--- a/src/libs/zbxjson/json_parser.c
++++ b/src/libs/zbxjson/json_parser.c
+@@ -88,7 +88,7 @@ static zbx_int64_t	json_parse_string(const char *start, char **error)
+ 		if ('\\' == *ptr)
+ 		{
+ 			const char	*escape_start = ptr;
+-			int		i;
++			unsigned char	uc[4];	/* decoded Unicode character takes 1-4 bytes in UTF-8 */
+ 
+ 			/* unexpected end of string data, failing */
+ 			if ('\0' == *(++ptr))
+@@ -107,16 +107,11 @@ static zbx_int64_t	json_parse_string(const char *start, char **error)
+ 					break;
+ 				case 'u':
+ 					/* check if the \u is followed with 4 hex digits */
+-					for (i = 0; i < 4; i++)
+-					{
+-						if (0 == isxdigit((unsigned char)*(++ptr)))
+-						{
+-							return json_error("invalid escape sequence in string",
+-									escape_start, error);
+-						}
++					if (0 == zbx_json_decode_character(&ptr, uc)) {
++						return json_error("invalid escape sequence in string",
++							escape_start, error);
+ 					}
+-
+-					break;
++					continue;
+ 				default:
+ 					return json_error("invalid escape sequence in string data",
+ 							escape_start, error);
+diff --git a/src/zabbix_server/reporter/report_protocol.c b/src/zabbix_server/reporter/report_protocol.c
+index 5f55f51..ee0e02e 100644
+--- a/src/zabbix_server/reporter/report_protocol.c
++++ b/src/zabbix_server/reporter/report_protocol.c
+@@ -421,7 +421,8 @@ void	zbx_report_test(const struct zbx_json_parse *jp, zbx_uint64_t userid, struc
+ 			size_t		value_alloc = 0;
+ 			zbx_ptr_pair_t	pair;
+ 
+-			zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, NULL);
++			if (NULL == zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, NULL))
++				continue;
+ 			pair.first = zbx_strdup(NULL, key);
+ 			pair.second = value;
+ 			zbx_vector_ptr_pair_append(&params, pair);
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32726.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32726.patch
new file mode 100644
index 0000000000..b9c37bc045
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32726.patch
@@ -0,0 +1,160 @@
+From 53ef2b7119f57f4140e6bd9c5cd2d3c6af228179 Mon Sep 17 00:00:00 2001
+From: Armands Arseniuss Skolmeisters <armands.skolmeisters@zabbix.com>
+Date: Thu, 11 Jan 2024 12:00:24 +0000
+Subject: [PATCH] ...G...... [DEV-2702] fixed buffer overread in DNS response
+
+* commit '893902999ab7f0b15cce91e8555cb251b32b6df4':
+ ...G...... [DEV-2702] fixed DNS record data length check
+ ...G...... [DEV-2702] improved DNS error messages
+ ...G...... [DEV-2702] fixed DNS error messages
+ ...G...... [DEV-2702] improved DNS error messages
+ ...G...... [DEV-2702] fixed buffer overread in DNS response
+
+CVE: CVE-2023-32726
+Upstream-Status: Backport [https://github.com/zabbix/zabbix/commit/53ef2b7119f57f4140e6bd9c5cd2d3c6af228179]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/libs/zbxsysinfo/common/dns.c | 65 +++++++++++++++++++++++++++-----
+ 1 file changed, 56 insertions(+), 9 deletions(-)
+
+diff --git a/src/libs/zbxsysinfo/common/dns.c b/src/libs/zbxsysinfo/common/dns.c
+index e8938d8..bf456f2 100644
+--- a/src/libs/zbxsysinfo/common/dns.c
++++ b/src/libs/zbxsysinfo/common/dns.c
+@@ -638,7 +638,8 @@ static int	dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans
+	{
+		if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))
+		{
+-			SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++			SET_MSG_RESULT(result, zbx_strdup(NULL,
++					"Cannot decode DNS response: cannot expand domain name."));
+			ret = SYSINFO_RET_FAIL;
+			goto clean;
+		}
+@@ -651,6 +652,13 @@ static int	dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans
+		GETSHORT(q_len, msg_ptr);
+		offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %-8s", decode_type(q_type));
+
++		if (msg_ptr + q_len > msg_end)
++		{
++			SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response: record overflow."));
++			ret = SYSINFO_RET_FAIL;
++			goto clean;
++		}
++
+		switch (q_type)
+		{
+			case T_A:
+@@ -695,8 +703,40 @@ static int	dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans
+			case T_PTR:
+				if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))
+				{
+-					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++#define ERR_MSG_PREFIX	"Cannot decode DNS response: cannot expand "
++					const char	*err_msg = NULL;
++
++					switch (q_type)
++					{
++						case T_NS:
++							err_msg = ERR_MSG_PREFIX "name server name.";
++							break;
++						case T_CNAME:
++							err_msg = ERR_MSG_PREFIX "canonical name.";
++							break;
++						case T_MB:
++							err_msg = ERR_MSG_PREFIX "mailbox name.";
++							break;
++						case T_MD:
++							err_msg = ERR_MSG_PREFIX "mail destination name.";
++							break;
++						case T_MF:
++							err_msg = ERR_MSG_PREFIX "mail forwarder name.";
++							break;
++						case T_MG:
++							err_msg = ERR_MSG_PREFIX "mail group name.";
++							break;
++						case T_MR:
++							err_msg = ERR_MSG_PREFIX "renamed mailbox name.";
++							break;
++						case T_PTR:
++							err_msg = ERR_MSG_PREFIX "PTR name.";
++							break;
++					}
++
++					SET_MSG_RESULT(result, zbx_strdup(NULL, err_msg));
+					return SYSINFO_RET_FAIL;
++#undef ERR_MSG_PREFIX
+				}
+				offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name);
+				break;
+@@ -706,7 +746,8 @@ static int	dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans
+
+				if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))	/* exchange */
+				{
+-					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:"
++							" cannot expand mail exchange name."));
+					return SYSINFO_RET_FAIL;
+				}
+				offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name);
+@@ -715,14 +756,16 @@ static int	dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans
+			case T_SOA:
+				if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))	/* source host */
+				{
+-					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:"
++							" cannot expand source nameserver name."));
+					return SYSINFO_RET_FAIL;
+				}
+				offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name);
+
+				if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))	/* administrator */
+				{
+-					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:"
++							" cannot expand administrator mailbox name."));
+					return SYSINFO_RET_FAIL;
+				}
+				offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name);
+@@ -750,7 +793,8 @@ static int	dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans
+			case T_WKS:
+				if (INT32SZ + 1 > q_len)
+				{
+-					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:"
++							" malformed WKS resource record."));
+					return SYSINFO_RET_FAIL;
+				}
+
+@@ -816,14 +860,16 @@ static int	dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans
+			case T_MINFO:
+				if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))	/* mailbox responsible for mailing lists */
+				{
+-					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:"
++							" cannot expand mailbox responsible for mailing lists."));
+					return SYSINFO_RET_FAIL;
+				}
+				offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name);
+
+				if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))	/* mailbox for error messages */
+				{
+-					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:"
++							" cannot expand mailbox for error messages."));
+					return SYSINFO_RET_FAIL;
+				}
+				offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name);
+@@ -854,7 +900,8 @@ static int	dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans
+
+				if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))	/* target */
+				{
+-					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:"
++							" cannot expand service target hostname."));
+					return SYSINFO_RET_FAIL;
+				}
+				offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name);
+--
+2.40.0
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0001.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0001.patch
new file mode 100644
index 0000000000..5c1e0c5af6
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0001.patch
@@ -0,0 +1,193 @@
+From 93e090592fc6de7ec5d3d42c1bb9074ad1f3ba34 Mon Sep 17 00:00:00 2001
+From: Andris Zeila <andris.zeila@zabbix.com>
+Date: Fri, 12 Jan 2024 05:48:31 +0000
+Subject: [PATCH] .......PS. [DEV-2695] changed fping tests to read address
+ from file
+
+Merge in ZBX/zabbix from feature/DEV-2695-6.0 to release/6.0
+
+* commit '6603893ff94620e28fc543d5d0d4c86b9be3342e':
+  .......PS. [DEV-2695] fixed signal blocking
+  .......PS. [DEV-2695] added target hostname/ip validation in fping feature tests
+  .......PS. [DEV-2695] added error messages when failed to prepare temporary file for fping tests
+  .......PS. [DEV-2695] changed fping tests to read address from file
+
+CVE: CVE-2023-32727
+Upstream-Status: BAckport [https://github.com/zabbix/zabbix/commit/93e090592fc6de7ec5d3d42c1bb9074ad1f3ba34]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/libs/zbxicmpping/icmpping.c | 125 ++++++++++++++++++++++++++++----
+ 1 file changed, 112 insertions(+), 13 deletions(-)
+
+diff --git a/src/libs/zbxicmpping/icmpping.c b/src/libs/zbxicmpping/icmpping.c
+index 72f7e86..9a751b7 100644
+--- a/src/libs/zbxicmpping/icmpping.c
++++ b/src/libs/zbxicmpping/icmpping.c
+@@ -59,6 +59,8 @@ static void	get_source_ip_option(const char *fping, const char **option, unsigne
+
+	zbx_snprintf(tmp, sizeof(tmp), "%s -h 2>&1", fping);
+
++	zabbix_log(LOG_LEVEL_DEBUG, "executing %s", tmp);
++
+	if (NULL == (f = popen(tmp, "r")))
+		return;
+
+@@ -85,6 +87,110 @@ static void	get_source_ip_option(const char *fping, const char **option, unsigne
+	*checked = 1;
+ }
+
++/******************************************************************************
++ *                                                                            *
++ * Purpose: execute external program and return stdout and stderr values      *
++ *                                                                            *
++ * Parameters: fping         - [IN] location of fping program                 *
++ *             out           - [OUT] stdout and stderr values                 *
++ *             error         - [OUT] error string if function fails           *
++ *             max_error_len - [IN] length of error buffer                    *
++ *                                                                            *
++ * Return value: SUCCEED if processed successfully or FAIL otherwise          *
++ *                                                                            *
++ ******************************************************************************/
++static int	get_fping_out(const char *fping, const char *address, char **out, char *error, size_t max_error_len)
++{
++	FILE		*f;
++	size_t		buf_size = 0, offset = 0, len;
++	ssize_t		n;
++	char		tmp[MAX_STRING_LEN], *buffer = NULL;
++	int		ret = FAIL, fd;
++	sigset_t	mask, orig_mask;
++	char		filename[MAX_STRING_LEN];
++
++	if (FAIL == zbx_validate_hostname(address) && FAIL == is_supported_ip(address))
++	{
++		zbx_strlcpy(error, "Invalid host name or IP address", max_error_len);
++		return FAIL;
++	}
++
++	zbx_snprintf(filename, sizeof(filename), "%s/%s_XXXXXX", CONFIG_TMPDIR, progname);
++	if (-1 == (fd = mkstemp(filename)))
++	{
++		zbx_snprintf(error, max_error_len, "Cannot create temporary file \"%s\": %s", filename,
++				zbx_strerror(errno));
++
++		return FAIL;
++	}
++
++	sigemptyset(&mask);
++	sigaddset(&mask, SIGINT);
++	sigaddset(&mask, SIGQUIT);
++
++	len = strlen(address);
++	if (-1 == (n = write(fd, address, len)))
++	{
++		zbx_snprintf(error, max_error_len, "Cannot write address into temporary file: %s", zbx_strerror(errno));
++		(void)close(fd);
++		goto out;
++	}
++
++	if (n != (ssize_t)len)
++	{
++		zbx_strlcpy(error, "Cannot write full address into temporary file", max_error_len);
++		(void)close(fd);
++		goto out;
++	}
++
++	if (-1 == close(fd))
++	{
++		zbx_snprintf(error, max_error_len, "Cannot close temporary file: %s", zbx_strerror(errno));
++		goto out;
++	}
++
++	zbx_snprintf(tmp, sizeof(tmp), "%s 2>&1 < %s", fping, filename);
++
++	if (0 > sigprocmask(SIG_BLOCK, &mask, &orig_mask))
++		zbx_error("cannot set sigprocmask to block the user signal");
++
++	zabbix_log(LOG_LEVEL_DEBUG, "executing %s", tmp);
++
++	if (NULL == (f = popen(tmp, "r")))
++	{
++		zbx_strlcpy(error, zbx_strerror(errno), max_error_len);
++		goto out;
++	}
++
++	while (NULL != zbx_fgets(tmp, sizeof(tmp), f))
++	{
++		len = strlen(tmp);
++
++		if (MAX_EXECUTE_OUTPUT_LEN < offset + len)
++			break;
++
++		zbx_strncpy_alloc(&buffer, &buf_size, &offset, tmp, len);
++	}
++
++	pclose(f);
++
++	if (NULL == buffer)
++	{
++		zbx_strlcpy(error, "Cannot obtain the program output", max_error_len);
++		goto out;
++	}
++
++	*out = buffer;
++	ret = SUCCEED;
++out:
++	unlink(filename);
++
++	if (0 > sigprocmask(SIG_SETMASK, &orig_mask, NULL))
++		zbx_error("cannot restore sigprocmask");
++
++	return ret;
++}
++
+ /******************************************************************************
+  *                                                                            *
+  * Function: get_interval_option                                              *
+@@ -137,19 +243,12 @@ static int	get_interval_option(const char *fping, ZBX_FPING_HOST *hosts, int hos
+
+			zabbix_log(LOG_LEVEL_DEBUG, "testing fping interval %u ms", intervals[j]);
+
+-			zbx_snprintf(tmp, sizeof(tmp), "%s -c1 -t50 -i%u %s", fping, intervals[j], dst);
++			zbx_snprintf(tmp, sizeof(tmp), "%s -c1 -t50 -i%u", fping, intervals[j]);
+
+			zbx_free(out);
+
+			/* call fping, ignore its exit code but mind execution failures */
+-			if (TIMEOUT_ERROR == (ret_exec = zbx_execute(tmp, &out, err, sizeof(err), 1,
+-					ZBX_EXIT_CODE_CHECKS_DISABLED, NULL)))
+-			{
+-				zbx_snprintf(error, max_error_len, "Timeout while executing \"%s\"", tmp);
+-				goto out;
+-			}
+-
+-			if (FAIL == ret_exec)
++			if (SUCCEED != (ret_exec = get_fping_out(tmp, dst, &out, err, sizeof(err))))
+			{
+				zbx_snprintf(error, max_error_len, "Cannot execute \"%s\": %s", tmp, err);
+				goto out;
+@@ -251,10 +350,10 @@ static int	get_ipv6_support(const char * fping, const char *dst)
+	int	ret;
+	char	tmp[MAX_STRING_LEN], error[255], *out = NULL;
+
+-	zbx_snprintf(tmp, sizeof(tmp), "%s -6 -c1 -t50 %s", fping, dst);
++	zbx_snprintf(tmp, sizeof(tmp), "%s -6 -c1 -t50", fping);
+
+-	if ((SUCCEED == (ret = zbx_execute(tmp, &out, error, sizeof(error), 1, ZBX_EXIT_CODE_CHECKS_DISABLED, NULL)) &&
+-				ZBX_KIBIBYTE > strlen(out) && NULL != strstr(out, dst)) || TIMEOUT_ERROR == ret)
++	if (SUCCEED == (ret = get_fping_out(tmp, dst, &out, error, sizeof(error)) &&
++				ZBX_KIBIBYTE > strlen(out) && NULL != strstr(out, dst)))
+	{
+		ret = SUCCEED;
+	}
+@@ -538,7 +637,7 @@ static int	process_ping(ZBX_FPING_HOST *hosts, int hosts_count, int count, int i
+
+	fclose(f);
+
+-	zabbix_log(LOG_LEVEL_DEBUG, "%s", tmp);
++	zabbix_log(LOG_LEVEL_DEBUG, "executing %s", tmp);
+
+	sigemptyset(&mask);
+	sigaddset(&mask, SIGINT);
+--
+2.40.0
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0002.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0002.patch
new file mode 100644
index 0000000000..aabc675b6a
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0002.patch
@@ -0,0 +1,49 @@
+From 610f9fdbb86667f4094972547deb936c6cdfc6d5 Mon Sep 17 00:00:00 2001
+From: Andris Zeila <andris.zeila@zabbix.com>
+Date: Fri, 12 Jan 2024 06:06:02 +0000
+Subject: [PATCH] .......PS. [DEV-2695] removed group/all access flags for
+ fping temporary files
+
+Merge in ZBX/zabbix from feature/DEV-2695-6.5 to master
+
+* commit 'cf07db1d5c2b8fe4a9de85fed22cf05035e08914':
+  .......PS. [DEV-2695] remove group/all access flags when creating fping input file for testing fping features
+
+(cherry picked from commit cd12f0a2d89c3ef05f0e9f50dcb73fdaf3a7e8a9)
+
+CVE: CVE-2023-32727
+Upstream_Status: Backport [https://github.com/zabbix/zabbix/commit/610f9fdbb86667f4094972547deb936c6cdfc6d5]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/libs/zbxicmpping/icmpping.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/libs/zbxicmpping/icmpping.c b/src/libs/zbxicmpping/icmpping.c
+index 9a751b7..bab3d09 100644
+--- a/src/libs/zbxicmpping/icmpping.c
++++ b/src/libs/zbxicmpping/icmpping.c
+@@ -108,6 +108,7 @@ static int	get_fping_out(const char *fping, const char *address, char **out, cha
+	int		ret = FAIL, fd;
+	sigset_t	mask, orig_mask;
+	char		filename[MAX_STRING_LEN];
++	mode_t		mode;
+
+	if (FAIL == zbx_validate_hostname(address) && FAIL == is_supported_ip(address))
+	{
+@@ -116,7 +117,12 @@ static int	get_fping_out(const char *fping, const char *address, char **out, cha
+	}
+
+	zbx_snprintf(filename, sizeof(filename), "%s/%s_XXXXXX", CONFIG_TMPDIR, progname);
+-	if (-1 == (fd = mkstemp(filename)))
++
++	mode = umask(077);
++	fd = mkstemp(filename);
++	umask(mode);
++
++	if (-1 == fd)
+	{
+		zbx_snprintf(error, max_error_len, "Cannot create temporary file \"%s\": %s", filename,
+				zbx_strerror(errno));
+--
+2.40.0
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix_5.2.6.bb b/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb
index 66c80758ce..2793f0ca5f 100644
--- a/meta-oe/recipes-connectivity/zabbix/zabbix_5.2.6.bb
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb
@@ -23,13 +23,21 @@ DEPENDS  = "libevent libpcre openldap virtual/libiconv zlib"
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
-SRC_URI = "https://cdn.zabbix.com/zabbix/sources/stable/5.2/${BPN}-${PV}.tar.gz \
+SRC_URI = "https://cdn.zabbix.com/zabbix/sources/stable/5.4/${BPN}-${PV}.tar.gz \
     file://0001-Fix-configure.ac.patch \
     file://zabbix-agent.service \
+    file://CVE-2022-43515.patch \
+    file://CVE-2022-46768.patch \
+    file://CVE-2023-29451.patch \
+    file://CVE-2023-29449.patch \
+    file://CVE-2023-29450.patch \
+    file://CVE-2023-32726.patch \
+    file://CVE-2023-32727_0001.patch \
+    file://CVE-2023-32727_0002.patch \
 "
 
-SRC_URI[md5sum] = "31dab3535a1fa212f5724902727f6d4d"
-SRC_URI[sha256sum] = "76cb704f2a04fbc87bb3eff44fa71339c355d467f7bbd8fb53f8927c760e1680"
+SRC_URI[md5sum] = "f295fd2df86143d72f6ff26e47d9e39e"
+SRC_URI[sha256sum] = "d60d5515807c30c05d0900b83a7e6ef6479929aef7d6f248fba481c4816bacf4"
 
 inherit autotools-brokensep linux-kernel-base pkgconfig systemd useradd
 
diff --git a/meta-oe/recipes-connectivity/zeromq/czmq_4.2.1.bb b/meta-oe/recipes-connectivity/zeromq/czmq_4.2.1.bb
index 86fde7ccfb..ce9d758d9f 100644
--- a/meta-oe/recipes-connectivity/zeromq/czmq_4.2.1.bb
+++ b/meta-oe/recipes-connectivity/zeromq/czmq_4.2.1.bb
@@ -30,8 +30,6 @@ PACKAGECONFIG[nss] = "-DCZMQ_WITH_NSS=ON,-DCZMQ_WITH_NSS=OFF,nss"
 PACKAGECONFIG[systemd] = "-DCZMQ_WITH_SYSTEMD=ON,-DCZMQ_WITH_SYSTEMD=OFF,systemd"
 PACKAGECONFIG[uuid] = "-DCZMQ_WITH_UUID=ON,-DCZMQ_WITH_UUID=OFF,util-linux"
 
-BBCLASSEXTEND = "nativesdk"
-
 do_install:append() {
         mkdir -p ${D}/${includedir}/${BPN}
         mv ${D}/${includedir}/sha1.h ${D}/${includedir}/${BPN}/.
diff --git a/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb b/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb
index c8dabc5ead..44804545de 100644
--- a/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb
+++ b/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb
@@ -9,7 +9,7 @@ SRC_URI = "git://github.com/dbus-cxx/dbus-cxx.git;branch=master;protocol=https \
            file://0001-Include-typeinfo-for-typeid.patch \
            file://0001-include-utility-header.patch \
 "
-SRC_URI:append:libc-musl = "file://fix_build_musl.patch"
+SRC_URI:append:libc-musl = " file://fix_build_musl.patch"
 SRCREV = "73532d6a5faae9c721c2cc9535b8ef32d4d18264"
 
 DEPENDS = "\
diff --git a/meta-oe/recipes-core/emlog/emlog.inc b/meta-oe/recipes-core/emlog/emlog.inc
index 824787083a..9d48e9cba3 100644
--- a/meta-oe/recipes-core/emlog/emlog.inc
+++ b/meta-oe/recipes-core/emlog/emlog.inc
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
 
 SRC_URI = "git://github.com/nicupavel/emlog.git;protocol=http;branch=master;protocol=https"
 SRCREV = "aee53e8dee862f35291242ba41b0ca88010f6c71"
-
+PV = "0.70+git${SRCPV}"
 S = "${WORKDIR}/git"
 
 EXTRA_OEMAKE += " \
diff --git a/meta-oe/recipes-core/emlog/emlog_git.bb b/meta-oe/recipes-core/emlog/emlog_git.bb
index be9ae58232..2ded3e204f 100644
--- a/meta-oe/recipes-core/emlog/emlog_git.bb
+++ b/meta-oe/recipes-core/emlog/emlog_git.bb
@@ -24,3 +24,16 @@ do_install() {
 }
 
 RRECOMMENDS:${PN} += "kernel-module-emlog"
+
+# The NVD database doesn't have a CPE for this product,
+# the name of this product is exactly the same as github.com/emlog/emlog
+# but it's not related in any way. The following CVEs are from that project
+# so they can be safely ignored
+CVE_CHECK_IGNORE += "\
+    CVE-2019-16868 \
+    CVE-2019-17073 \
+    CVE-2021-44584 \
+    CVE-2022-1526 \
+    CVE-2022-3968 \
+    CVE-2023-43291 \
+"
diff --git a/meta-oe/recipes-core/pim435/pim435_git.bb b/meta-oe/recipes-core/pim435/pim435_git.bb
index f73a0fd54e..80e3cc6298 100644
--- a/meta-oe/recipes-core/pim435/pim435_git.bb
+++ b/meta-oe/recipes-core/pim435/pim435_git.bb
@@ -9,8 +9,8 @@ written in C"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSES/MIT.txt;md5=7dda4e90ded66ab88b86f76169f28663"
 
-SRC_URI = "git://booting.oniroproject.org/distro/components/pim435;protocol=https;branch=main"
-SRCREV = "ee07a83de4d0ecdf4b5de20a7e374d36a9a6f5d5"
+SRC_URI = "git://gitlab.eclipse.org/eclipse/oniro-blueprints/core/pim435;protocol=https;branch=main"
+SRCREV = "445ed623ec8d3ecbb1d566900b4ef3fb3031d689"
 S = "${WORKDIR}/git"
 
 DEPENDS = "i2c-tools"
diff --git a/meta-oe/recipes-core/safec/safec/0001-strpbrk_s-Remove-unused-variable-len.patch b/meta-oe/recipes-core/safec/safec/0001-strpbrk_s-Remove-unused-variable-len.patch
new file mode 100644
index 0000000000..4fd36ab8ab
--- /dev/null
+++ b/meta-oe/recipes-core/safec/safec/0001-strpbrk_s-Remove-unused-variable-len.patch
@@ -0,0 +1,42 @@
+From b1d7cc6495c541cdd99399b4d1a835997376dcbf Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 22 Aug 2022 23:42:33 -0700
+Subject: [PATCH] strpbrk_s: Remove unused variable len
+
+Fixes
+error: variable 'len' set but not used [-Werror,-Wunused-but-set-variable]
+
+Upstream-Status: Submitted [https://github.com/rurban/safeclib/pull/123]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/extstr/strpbrk_s.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/extstr/strpbrk_s.c b/src/extstr/strpbrk_s.c
+index 5bb7a0f8..2cf8a8be 100644
+--- a/src/extstr/strpbrk_s.c
++++ b/src/extstr/strpbrk_s.c
+@@ -79,7 +79,6 @@ EXPORT errno_t _strpbrk_s_chk(char *dest, rsize_t dmax, char *src, rsize_t slen,
+ #endif
+ {
+     char *ps;
+-    rsize_t len;
+ 
+     CHK_SRC_NULL("strpbrk_s", firstp)
+     *firstp = NULL;
+@@ -121,7 +120,6 @@ EXPORT errno_t _strpbrk_s_chk(char *dest, rsize_t dmax, char *src, rsize_t slen,
+     while (*dest && dmax) {
+ 
+         ps = src;
+-        len = slen;
+         while (*ps) {
+ 
+             /* check for a match with the substring */
+@@ -130,7 +128,6 @@ EXPORT errno_t _strpbrk_s_chk(char *dest, rsize_t dmax, char *src, rsize_t slen,
+                 return RCNEGATE(EOK);
+             }
+             ps++;
+-            len--;
+         }
+         dest++;
+         dmax--;
diff --git a/meta-oe/recipes-core/safec/safec_3.7.1.bb b/meta-oe/recipes-core/safec/safec_3.7.1.bb
index 5ffe7d7528..9dd6f1c7cc 100644
--- a/meta-oe/recipes-core/safec/safec_3.7.1.bb
+++ b/meta-oe/recipes-core/safec/safec_3.7.1.bb
@@ -9,7 +9,8 @@ inherit autotools pkgconfig
 S = "${WORKDIR}/git"
 SRCREV = "f9add9245b97c7bda6e28cceb0ee37fb7e254fd8"
 SRC_URI = "git://github.com/rurban/safeclib.git;branch=master;protocol=https \
-"
+           file://0001-strpbrk_s-Remove-unused-variable-len.patch \
+           "
 
 COMPATIBLE_HOST = '(x86_64|i.86|powerpc|powerpc64|arm|aarch64|mips).*-linux'
 
diff --git a/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.0.0.bb b/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.0.0.bb
index 76fd6b65b1..6fd826cbbd 100644
--- a/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.0.0.bb
+++ b/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.0.0.bb
@@ -39,6 +39,11 @@ do_install:append() {
     fi
 }
 
-PTEST_PATH = "${libdir}/${BPN}/tests"
+PTEST_PATH = "${libdir}/${BPN}/ptest"
+do_install_ptest() {
+    install -d ${D}${PTEST_PATH}
+    cp -r ${B}/tests/sdbus-c++-unit-tests  ${D}${PTEST_PATH}
+}
+
 FILES:${PN}-ptest =+ "${sysconfdir}/dbus-1/system.d/"
 FILES:${PN}-dev += "${bindir}/sdbus-c++-xml2cpp"
diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb
index 8f9f663a33..4f8bbf0358 100644
--- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb
+++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb
@@ -14,7 +14,6 @@ DEPENDS = " \
     libdevmapper \
     popt \
     util-linux-libuuid \
-    libssh \
 "
 
 DEPENDS:append:libc-musl = " argp-standalone"
@@ -39,6 +38,7 @@ PACKAGECONFIG ??= " \
     blkid \
     luks-adjust-xts-keysize \
     openssl \
+    ssh-token \
 "
 PACKAGECONFIG:append:class-target = " \
     udev \
@@ -69,6 +69,7 @@ PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
 PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
 PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
 PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1"
+PACKAGECONFIG[ssh-token] = "--enable-ssh-token,--disable-ssh-token,libssh"
 
 EXTRA_OECONF = "--enable-static"
 # Building without largefile is not supported by upstream
@@ -78,6 +79,14 @@ EXTRA_OECONF += "--disable-static-cryptsetup"
 # There's no recipe for libargon2 yet
 EXTRA_OECONF += "--disable-libargon2"
 
+do_install:append() {
+    # The /usr/lib/cryptsetup directory is always created, even when ssh-token
+    # is disabled. In that case it is empty and causes a packaging error. Since
+    # there is no reason to distribute the empty directory, the easiest solution
+    # is to remove it if it is empty.
+    rmdir -p --ignore-fail-on-non-empty ${D}${libdir}/${BPN}
+}
+
 FILES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}"
 
 RDEPENDS:${PN} = " \
diff --git a/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb b/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb
index c95a5b2d32..1c2c6e21e0 100644
--- a/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb
+++ b/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb
@@ -16,7 +16,7 @@ S = "${WORKDIR}/git"
 
 DEPENDS = "openssl"
 
-EXTRA_OEMAKE:append = "PREFIX=${prefix} LIBDIR=${libdir} USE_SHARED_LIB=1"
+EXTRA_OEMAKE:append = " PREFIX=${prefix} LIBDIR=${libdir} USE_SHARED_LIB=1"
 # We want to statically link the binary to libfsverity on native Windows
 EXTRA_OEMAKE:remove:mingw32:class-nativesdk = "USE_SHARED_LIB=1"
 EXTRA_OEMAKE:remove:mingw32:class-native = "USE_SHARED_LIB=1"
diff --git a/meta-oe/recipes-dbs/lmdb/files/0001-make-set-soname-on-liblmdb.patch b/meta-oe/recipes-dbs/lmdb/files/0001-make-set-soname-on-liblmdb.patch
new file mode 100644
index 0000000000..312809d1d2
--- /dev/null
+++ b/meta-oe/recipes-dbs/lmdb/files/0001-make-set-soname-on-liblmdb.patch
@@ -0,0 +1,22 @@
+From b4d418bf3f78748d84e3cfb110833443eef34284 Mon Sep 17 00:00:00 2001
+From: Justin Bronder <jsbronder@cold-front.org>
+Date: Thu, 25 Aug 2022 17:22:20 -0400
+Subject: [PATCH] make: set soname on liblmdb
+
+---
+ libraries/liblmdb/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libraries/liblmdb/Makefile b/libraries/liblmdb/Makefile
+index 1ec74e6..ea08cd6 100644
+--- a/libraries/liblmdb/Makefile
++++ b/libraries/liblmdb/Makefile
+@@ -66,7 +66,7 @@ liblmdb.a:	mdb.o midl.o
+ 
+ liblmdb$(SOEXT):	mdb.lo midl.lo
+ #	$(CC) $(LDFLAGS) -pthread -shared -Wl,-Bsymbolic -o $@ mdb.o midl.o $(SOLIBS)
+-	$(CC) $(LDFLAGS) -pthread -shared -o $@ mdb.lo midl.lo $(SOLIBS)
++	$(CC) $(LDFLAGS) -pthread -shared -Wl,-soname,$@ -o $@ mdb.lo midl.lo $(SOLIBS)
+ 
+ mdb_stat: mdb_stat.o liblmdb.a
+ mdb_copy: mdb_copy.o liblmdb.a
diff --git a/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb b/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb
index b58a36c446..a76d388d70 100644
--- a/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb
+++ b/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb
@@ -11,16 +11,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=153d07ef052c4a37a8fac23bc6031972"
 SRC_URI = "git://github.com/LMDB/lmdb.git;nobranch=1;protocol=https \
            file://run-ptest \
            file://0001-Makefile-use-libprefix-instead-of-libdir.patch \
+           file://0001-make-set-soname-on-liblmdb.patch;patchdir=../.. \
            "
 
 SRCREV = "8ad7be2510414b9506ec9f9e24f24d04d9b04a1a"
 
-inherit base ptest
+inherit ptest
 
 S = "${WORKDIR}/git/libraries/liblmdb"
 
-LDFLAGS += "-Wl,-soname,lib${PN}.so.${PV}"
-
 do_compile() {
     oe_runmake CC="${CC}" SOEXT=".so.${PV}" LDFLAGS="${LDFLAGS}"
 }
diff --git a/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.4.bb b/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.8.bb
index e38726d3f9..17a06349b0 100644
--- a/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.4.bb
+++ b/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.8.bb
@@ -2,7 +2,9 @@ require mariadb.inc
 inherit native
 
 PROVIDES += "mysql5-native"
-DEPENDS = "ncurses-native zlib-native bison-native libpcre2-native"
+DEPENDS = "ncurses-native zlib-native bison-native libpcre2-native \
+gnutls-native fmt-native \
+"
 
 RDEPENDS:${PN} = ""
 PACKAGES = ""
diff --git a/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-oe/recipes-dbs/mysql/mariadb.inc
index 922373b633..7c4b0a467f 100644
--- a/meta-oe/recipes-dbs/mysql/mariadb.inc
+++ b/meta-oe/recipes-dbs/mysql/mariadb.inc
@@ -19,11 +19,14 @@ SRC_URI = "https://archive.mariadb.org/${BP}/source/${BP}.tar.gz \
            file://ssize_t.patch \
            file://mm_malloc.patch \
            file://sys_futex.patch \
-           file://mariadb-openssl3.patch \
+           file://cross-compiling.patch \
+           file://0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch \
+           file://0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch \
+	   file://CVE-2023-22084.patch \
           "
 SRC_URI:append:libc-musl = " file://ppc-remove-glibc-dep.patch"
 
-SRC_URI[sha256sum] = "73dd9c9d325520f20ca5e0ef16f94b7be1146bed7e4a78e735c20daebf3a4173"
+SRC_URI[sha256sum] = "f8c69d9080d85eafb3e3a84837bfa566a7f5527a8af6f9a081429d4de0de4778"
 
 UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/releases"
 
@@ -61,6 +64,8 @@ FILES:${PN}-setupdb = "${sysconfdir}/init.d/install_db \
                        ${bindir}/mysql-systemd-start \
                        "
 
+EXTRA_OEMAKE = "'GEN_LEX_HASH=${STAGING_BINDIR_NATIVE}/gen_lex_hash'"
+
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} openssl"
 PACKAGECONFIG:class-native = ""
 PACKAGECONFIG[pam] = ",-DWITHOUT_AUTH_PAM=TRUE,libpam"
@@ -95,9 +100,9 @@ EXTRA_OECMAKE = "-DWITH_EMBEDDED_SERVER=ON \
                  -DINSTALL_SYSCONFDIR:PATH=${sysconfdir} \
                  -DMYSQL_DATADIR:PATH=/var/mysql \
                  -DCAT_EXECUTABLE=`which cat` \
+                 -DSTACK_DIRECTION=1 \
                  -DCMAKE_AR:FILEPATH=${AR}"
 
-EXTRA_OECMAKE:prepend:class-target = "-DCMAKE_CROSSCOMPILING_EMULATOR=${WORKDIR}/qemuwrapper "
 
 # With Ninja it fails with:
 # make: *** No rule to make target `install'.  Stop.
@@ -121,18 +126,12 @@ do_generate_toolchain_file:append:class-native () {
     sed -i "/set( CMAKE_SYSTEM_PROCESSOR/d" ${WORKDIR}/toolchain.cmake
 }
 
-do_configure:prepend:class-target () {
-	# Write out a qemu wrapper that will be used by cmake
-	# so that it can run target helper binaries through that.
-	qemu_binary="${@qemu_wrapper_cmdline(d, d.getVar('STAGING_DIR_HOST'), [d.expand('${STAGING_DIR_HOST}${libdir}'),d.expand('${STAGING_DIR_HOST}${base_libdir}')])}"
-	cat > ${WORKDIR}/qemuwrapper << EOF
-#!/bin/sh
-$qemu_binary "\$@"
-EOF
-	chmod +x ${WORKDIR}/qemuwrapper
-}
 
 do_compile:prepend:class-target () {
+    # These need to be in-tree or make will think they need to be built,
+    # and since we're cross-compiling that is disabled
+    cp ${STAGING_BINDIR_NATIVE}/comp_err ${S}/extra
+    cp ${STAGING_BINDIR_NATIVE}/comp_sql ${S}/scripts
     if [ "${@bb.utils.contains('PACKAGECONFIG', 'krb5', 'yes', 'no', d)}" = "no" ]; then
         if ! [ -e ${B}/include/openssl/kssl.h ] ; then
             mkdir -p ${B}/include/openssl
diff --git a/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch b/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch
new file mode 100644
index 0000000000..2fe768d754
--- /dev/null
+++ b/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch
@@ -0,0 +1,320 @@
+From b98375f9df0b024857c03c03bc3e73e8ced8d772 Mon Sep 17 00:00:00 2001
+From: Nayuta Yanagisawa <nayuta.yanagisawa@hey.com>
+Date: Tue, 27 Sep 2022 15:22:57 +0900
+Subject: [PATCH] MDEV-29644 a potential bug of null pointer dereference in
+ spider_db_mbase::print_warnings()
+
+The function spider_db_mbase::print_warnings() can potentially result
+in a null pointer dereference.
+
+Remove the null pointer dereference by cleaning up the function.
+
+Some small changes to the original commit
+422fb63a9bbee35c50b6c7be19d199afe0bc98fa.
+
+CVE: CVE-2022-47015
+
+Upstream-Status: Backport [https://github.com/MariaDB/server/commit/b98375f9df0]
+
+Co-Authored-By: Yuchen Pei <yuchen.pei@mariadb.com>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ .../spider/bugfix/r/mdev_29644.result         |  41 ++++++
+ .../mysql-test/spider/bugfix/t/mdev_29644.cnf |   3 +
+ .../spider/bugfix/t/mdev_29644.test           |  56 ++++++++
+ storage/spider/spd_db_mysql.cc                | 124 ++++++++----------
+ storage/spider/spd_db_mysql.h                 |   2 +-
+ 5 files changed, 154 insertions(+), 72 deletions(-)
+ create mode 100644 storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result
+ create mode 100644 storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf
+ create mode 100644 storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test
+
+diff --git a/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result b/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result
+new file mode 100644
+index 00000000000..b52cecc5bb7
+--- /dev/null
++++ b/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result
+@@ -0,0 +1,41 @@
++#
++# MDEV-29644 a potential bug of null pointer dereference in spider_db_mbase::print_warnings()
++#
++for master_1
++for child2
++child2_1
++child2_2
++child2_3
++for child3
++connection child2_1;
++CREATE DATABASE auto_test_remote;
++USE auto_test_remote;
++CREATE TABLE tbl_a (
++a CHAR(5)
++) ENGINE=InnoDB DEFAULT CHARSET=utf8;
++SET GLOBAL sql_mode='';
++connection master_1;
++CREATE DATABASE auto_test_local;
++USE auto_test_local;
++CREATE TABLE tbl_a (
++a CHAR(255)
++) ENGINE=Spider DEFAULT CHARSET=utf8 COMMENT='table "tbl_a", srv "s_2_1"';
++SET sql_mode='';
++INSERT INTO tbl_a VALUES ("this will be truncated");
++NOT FOUND /\[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*/ in mysqld.1.1.err
++SET GLOBAL spider_log_result_errors=4;
++INSERT INTO tbl_a VALUES ("this will be truncated");
++FOUND 1 /\[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*/ in mysqld.1.1.err
++connection master_1;
++SET GLOBAL spider_log_result_errors=DEFAULT;
++SET sql_mode=DEFAULT;
++DROP DATABASE IF EXISTS auto_test_local;
++connection child2_1;
++SET GLOBAL sql_mode=DEFAULT;
++DROP DATABASE IF EXISTS auto_test_remote;
++for master_1
++for child2
++child2_1
++child2_2
++child2_3
++for child3
+diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf
+new file mode 100644
+index 00000000000..05dfd8a0bce
+--- /dev/null
++++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf
+@@ -0,0 +1,3 @@
++!include include/default_mysqld.cnf
++!include ../my_1_1.cnf
++!include ../my_2_1.cnf
+diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test
+new file mode 100644
+index 00000000000..3a8fbb251e1
+--- /dev/null
++++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test
+@@ -0,0 +1,56 @@
++--echo #
++--echo # MDEV-29644 a potential bug of null pointer dereference in spider_db_mbase::print_warnings()
++--echo #
++
++# The test case below does not cause the potential null pointer dereference.
++# It is just for checking spider_db_mbase::fetch_and_print_warnings() works.
++
++--disable_query_log
++--disable_result_log
++--source ../../t/test_init.inc
++--enable_result_log
++--enable_query_log
++
++--connection child2_1
++CREATE DATABASE auto_test_remote;
++USE auto_test_remote;
++eval CREATE TABLE tbl_a (
++    a CHAR(5)
++) $CHILD2_1_ENGINE $CHILD2_1_CHARSET;
++
++SET GLOBAL sql_mode='';
++
++--connection master_1
++CREATE DATABASE auto_test_local;
++USE auto_test_local;
++eval CREATE TABLE tbl_a (
++    a CHAR(255)
++) $MASTER_1_ENGINE $MASTER_1_CHARSET COMMENT='table "tbl_a", srv "s_2_1"';
++
++SET sql_mode='';
++
++let SEARCH_FILE= $MYSQLTEST_VARDIR/log/mysqld.1.1.err;
++let SEARCH_PATTERN= \[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*;
++
++INSERT INTO tbl_a VALUES ("this will be truncated");
++--source include/search_pattern_in_file.inc # should not find
++
++SET GLOBAL spider_log_result_errors=4;
++
++INSERT INTO tbl_a VALUES ("this will be truncated");
++--source include/search_pattern_in_file.inc # should find
++
++--connection master_1
++SET GLOBAL spider_log_result_errors=DEFAULT;
++SET sql_mode=DEFAULT;
++DROP DATABASE IF EXISTS auto_test_local;
++
++--connection child2_1
++SET GLOBAL sql_mode=DEFAULT;
++DROP DATABASE IF EXISTS auto_test_remote;
++
++--disable_query_log
++--disable_result_log
++--source ../t/test_deinit.inc
++--enable_query_log
++--enable_result_log
+diff --git a/storage/spider/spd_db_mysql.cc b/storage/spider/spd_db_mysql.cc
+index d377d2bd807..bc8383017f7 100644
+--- a/storage/spider/spd_db_mysql.cc
++++ b/storage/spider/spd_db_mysql.cc
+@@ -2207,7 +2207,7 @@ int spider_db_mbase::exec_query(
+         db_conn->affected_rows, db_conn->insert_id,
+         db_conn->server_status, db_conn->warning_count);
+       if (spider_param_log_result_errors() >= 3)
+-        print_warnings(l_time);
++        fetch_and_print_warnings(l_time);
+     } else if (log_result_errors >= 4)
+     {
+       time_t cur_time = (time_t) time((time_t*) 0);
+@@ -2289,81 +2289,63 @@ bool spider_db_mbase::is_xa_nota_error(
+   DBUG_RETURN(xa_nota);
+ }
+ 
+-int spider_db_mbase::print_warnings(
+-  struct tm *l_time
+-) {
++int spider_db_mbase::fetch_and_print_warnings(struct tm *l_time)
++{
+   int error_num = 0;
+-  DBUG_ENTER("spider_db_mbase::print_warnings");
++  DBUG_ENTER("spider_db_mbase::fetch_and_print_warnings");
+   DBUG_PRINT("info",("spider this=%p", this));
+-  if (db_conn->status == MYSQL_STATUS_READY)
++
++  if (spider_param_dry_access() || db_conn->status != MYSQL_STATUS_READY ||
++      db_conn->server_status & SERVER_MORE_RESULTS_EXISTS ||
++      !db_conn->warning_count)
++    DBUG_RETURN(0);
++
++  if (mysql_real_query(db_conn, SPIDER_SQL_SHOW_WARNINGS_STR,
++                       SPIDER_SQL_SHOW_WARNINGS_LEN))
++    DBUG_RETURN(0);
++
++  MYSQL_RES *res= mysql_store_result(db_conn);
++  if (!res)
++    DBUG_RETURN(0);
++
++  uint num_fields= mysql_num_fields(res);
++  if (num_fields != 3)
+   {
+-    if (
+-#if MYSQL_VERSION_ID < 50500
+-      !(db_conn->last_used_con->server_status & SERVER_MORE_RESULTS_EXISTS) &&
+-      db_conn->last_used_con->warning_count
+-#else
+-      !(db_conn->server_status & SERVER_MORE_RESULTS_EXISTS) &&
+-      db_conn->warning_count
+-#endif
+-    ) {
+-      if (
+-        spider_param_dry_access() ||
+-        !mysql_real_query(db_conn, SPIDER_SQL_SHOW_WARNINGS_STR,
+-          SPIDER_SQL_SHOW_WARNINGS_LEN)
+-      ) {
+-        MYSQL_RES *res = NULL;
+-        MYSQL_ROW row = NULL;
+-        uint num_fields;
+-        if (
+-          spider_param_dry_access() ||
+-          !(res = mysql_store_result(db_conn)) ||
+-          !(row = mysql_fetch_row(res))
+-        ) {
+-          if (mysql_errno(db_conn))
+-          {
+-            if (res)
+-              mysql_free_result(res);
+-            DBUG_RETURN(0);
+-          }
+-          /* no record is ok */
+-        }
+-        num_fields = mysql_num_fields(res);
+-        if (num_fields != 3)
+-        {
+-          mysql_free_result(res);
+-          DBUG_RETURN(0);
+-        }
+-        if (l_time)
+-        {
+-          while (row)
+-          {
+-            fprintf(stderr, "%04d%02d%02d %02d:%02d:%02d [WARN SPIDER RESULT] "
+-              "from [%s] %ld to %ld: %s %s %s\n",
++    mysql_free_result(res);
++    DBUG_RETURN(0);
++  }
++
++  MYSQL_ROW row= mysql_fetch_row(res);
++  if (l_time)
++  {
++    while (row)
++    {
++      fprintf(stderr,
++              "%04d%02d%02d %02d:%02d:%02d [WARN SPIDER RESULT] from [%s] %ld "
++              "to %ld: %s %s %s\n",
+               l_time->tm_year + 1900, l_time->tm_mon + 1, l_time->tm_mday,
+-              l_time->tm_hour, l_time->tm_min, l_time->tm_sec,
+-              conn->tgt_host, (ulong) db_conn->thread_id,
+-              (ulong) current_thd->thread_id, row[0], row[1], row[2]);
+-            row = mysql_fetch_row(res);
+-          }
+-        } else {
+-          while (row)
+-          {
+-            DBUG_PRINT("info",("spider row[0]=%s", row[0]));
+-            DBUG_PRINT("info",("spider row[1]=%s", row[1]));
+-            DBUG_PRINT("info",("spider row[2]=%s", row[2]));
+-            longlong res_num =
+-              (longlong) my_strtoll10(row[1], (char**) NULL, &error_num);
+-            DBUG_PRINT("info",("spider res_num=%lld", res_num));
+-            my_printf_error((int) res_num, row[2], MYF(0));
+-            error_num = (int) res_num;
+-            row = mysql_fetch_row(res);
+-          }
+-        }
+-        if (res)
+-          mysql_free_result(res);
+-      }
++              l_time->tm_hour, l_time->tm_min, l_time->tm_sec, conn->tgt_host,
++              (ulong) db_conn->thread_id, (ulong) current_thd->thread_id, row[0],
++              row[1], row[2]);
++      row= mysql_fetch_row(res);
++    }
++  } else {
++    while (row)
++    {
++      DBUG_PRINT("info",("spider row[0]=%s", row[0]));
++      DBUG_PRINT("info",("spider row[1]=%s", row[1]));
++      DBUG_PRINT("info",("spider row[2]=%s", row[2]));
++      longlong res_num =
++        (longlong) my_strtoll10(row[1], (char**) NULL, &error_num);
++      DBUG_PRINT("info",("spider res_num=%lld", res_num));
++      my_printf_error((int) res_num, row[2], MYF(0));
++      error_num = (int) res_num;
++      row = mysql_fetch_row(res);
+     }
+   }
++    
++  mysql_free_result(res);
++
+   DBUG_RETURN(error_num);
+ }
+ 
+@@ -14668,7 +14650,7 @@ int spider_mbase_handler::show_table_status(
+       DBUG_RETURN(error_num);
+     }
+   }
+-  if ((error_num = ((spider_db_mbase *) conn->db_conn)->print_warnings(NULL)))
++  if ((error_num = ((spider_db_mbase *) conn->db_conn)->fetch_and_print_warnings(NULL)))
+   {
+     DBUG_RETURN(error_num);
+   }
+diff --git a/storage/spider/spd_db_mysql.h b/storage/spider/spd_db_mysql.h
+index e90461ea278..a2012352f21 100644
+--- a/storage/spider/spd_db_mysql.h
++++ b/storage/spider/spd_db_mysql.h
+@@ -442,7 +442,7 @@ class spider_db_mbase: public spider_db_conn
+   bool is_xa_nota_error(
+     int error_num
+   );
+-  int print_warnings(
++  int fetch_and_print_warnings(
+     struct tm *l_time
+   );
+   spider_db_result *store_result(
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-dbs/mysql/mariadb/0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch b/meta-oe/recipes-dbs/mysql/mariadb/0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch
new file mode 100644
index 0000000000..456a2bad64
--- /dev/null
+++ b/meta-oe/recipes-dbs/mysql/mariadb/0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch
@@ -0,0 +1,69 @@
+From f92f657973997df30afdb0032c88ad3a14ead46b Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Fri, 23 Sep 2022 15:48:21 +0800
+Subject: [PATCH] sql/CMakeLists.txt: fix gen_lex_hash not found
+
+Fix the below do_compile issue in cross-compiling env.
+| make[2]: *** No rule to make target '/build/tmp/work/aarch64-poky-linux/mariadb/10.3.13-r0/mariadb-10.3.13/sql/gen_lex_hash', needed by 'sql/lex_hash.h'.  Stop.
+| make[2]: *** No rule to make target '/build/tmp/work/aarch64-poky-linux/mariadb/10.3.13-r0/mariadb-10.3.13/sql/gen_lex_token', needed by 'sql/lex_token.h'.  Stop.
+
+Upstream-Status: Inappropriate [oe build specific]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ sql/CMakeLists.txt | 30 ++++++++++++++++++++++--------
+ 1 file changed, 22 insertions(+), 8 deletions(-)
+
+diff --git a/sql/CMakeLists.txt b/sql/CMakeLists.txt
+index 241b482..27a3991 100644
+--- a/sql/CMakeLists.txt
++++ b/sql/CMakeLists.txt
+@@ -60,11 +60,18 @@ ${CMAKE_BINARY_DIR}/sql
+ ${CMAKE_SOURCE_DIR}/tpool
+ )
+ 
+-ADD_CUSTOM_COMMAND(
+-  OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_token.h
+-  COMMAND gen_lex_token > lex_token.h
+-  DEPENDS gen_lex_token
++IF(NOT CMAKE_CROSSCOMPILING)
++  ADD_CUSTOM_COMMAND(
++    OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_token.h
++    COMMAND gen_lex_token > lex_token.h
++    DEPENDS gen_lex_token
++)
++ELSE()
++  ADD_CUSTOM_COMMAND(
++    OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_token.h
++    COMMAND gen_lex_token > lex_token.h
+ )
++ENDIF()
+ 
+ FIND_PACKAGE(BISON 2.4)
+ 
+@@ -372,11 +379,18 @@ IF(NOT CMAKE_CROSSCOMPILING OR DEFINED CMAKE_CROSSCOMPILING_EMULATOR)
+   ADD_EXECUTABLE(gen_lex_hash gen_lex_hash.cc)
+ ENDIF()
+ 
+-ADD_CUSTOM_COMMAND(
+-  OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_hash.h
+-  COMMAND gen_lex_hash > lex_hash.h
+-  DEPENDS gen_lex_hash
++IF(NOT CMAKE_CROSSCOMPILING)
++  ADD_CUSTOM_COMMAND(
++    OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_hash.h
++    COMMAND gen_lex_hash > lex_hash.h
++    DEPENDS gen_lex_hash
++)
++ELSE()
++  ADD_CUSTOM_COMMAND(
++    OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_hash.h
++    COMMAND gen_lex_hash > lex_hash.h
+ )
++ENDIF()
+ 
+ MYSQL_ADD_EXECUTABLE(mariadb-tzinfo-to-sql tztime.cc)
+ SET_TARGET_PROPERTIES(mariadb-tzinfo-to-sql PROPERTIES COMPILE_FLAGS "-DTZINFO2SQL")
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-dbs/mysql/mariadb/CVE-2023-22084.patch b/meta-oe/recipes-dbs/mysql/mariadb/CVE-2023-22084.patch
new file mode 100644
index 0000000000..3053614854
--- /dev/null
+++ b/meta-oe/recipes-dbs/mysql/mariadb/CVE-2023-22084.patch
@@ -0,0 +1,91 @@
+From 15ae97b1c2c14f1263cdc853673c4129625323de Mon Sep 17 00:00:00 2001
+From: Marko Mäkelä <marko.makela@mariadb.com>
+Date: Thu, 8 Feb 2024 08:09:20 +0000
+Subject: [PATCH] MDEV-32578 row_merge_fts_doc_tokenize() handles parser plugin
+  inconsistently
+
+When mysql/mysql-server@0c954c2
+added a plugin interface for FULLTEXT INDEX tokenization to MySQL 5.7,
+fts_tokenize_ctx::processed_len got a second meaning, which is only
+partly implemented in row_merge_fts_doc_tokenize().
+
+This inconsistency could cause a crash when using FULLTEXT...WITH PARSER.
+A test case that would crash MySQL 8.0 when using an n-gram parser and
+single-character words would fail to crash in MySQL 5.7, because the
+buf_full condition in row_merge_fts_doc_tokenize() was not met.
+
+This change is inspired by
+mysql/mysql-server@38e9a07
+that appeared in MySQL 5.7.44.
+
+CVE: CVE-2023-22084
+Upstream-Status: Backport [https://github.com/MariaDB/server/commit/15ae97b1c2c1]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ storage/innobase/include/row0ftsort.h |  6 +++++-
+ storage/innobase/row/row0ftsort.cc    | 11 ++++++++---
+ 2 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/storage/innobase/include/row0ftsort.h b/storage/innobase/include/row0ftsort.h
+index 65508caf..3ffa8243 100644
+--- a/storage/innobase/include/row0ftsort.h
++++ b/storage/innobase/include/row0ftsort.h
+@@ -104,7 +104,10 @@ typedef UT_LIST_BASE_NODE_T(row_fts_token_t)     fts_token_list_t;
+
+ /** Structure stores information from string tokenization operation */
+ struct fts_tokenize_ctx {
+-	ulint			processed_len;  /*!< processed string length */
++	/** the processed string length in bytes
++	(when using the built-in tokenizer),
++	or the number of row_merge_fts_doc_tokenize_by_parser() calls */
++	ulint			processed_len;
+	ulint			init_pos;       /*!< doc start position */
+	ulint			buf_used;       /*!< the sort buffer (ID) when
+						tokenization stops, which
+@@ -115,6 +118,7 @@ struct fts_tokenize_ctx {
+	ib_rbt_t*		cached_stopword;/*!< in: stopword list */
+	dfield_t		sort_field[FTS_NUM_FIELDS_SORT];
+						/*!< in: sort field */
++	/** parsed tokens (when using an external parser) */
+	fts_token_list_t	fts_token_list;
+
+	fts_tokenize_ctx() :
+diff --git a/storage/innobase/row/row0ftsort.cc b/storage/innobase/row/row0ftsort.cc
+index 86e96624..406ff60f 100644
+--- a/storage/innobase/row/row0ftsort.cc
++++ b/storage/innobase/row/row0ftsort.cc
+@@ -491,7 +491,10 @@ row_merge_fts_doc_tokenize(
+
+	/* Tokenize the data and add each word string, its corresponding
+	doc id and position to sort buffer */
+-	while (t_ctx->processed_len < doc->text.f_len) {
++	while (parser
++               ? (!t_ctx->processed_len
++                  || UT_LIST_GET_LEN(t_ctx->fts_token_list))
++               : t_ctx->processed_len < doc->text.f_len) {
+		ulint		idx = 0;
+		ulint		cur_len;
+		doc_id_t	write_doc_id;
+@@ -831,7 +834,8 @@ void fts_parallel_tokenization(
+			/* Not yet finish processing the "doc" on hand,
+			continue processing it */
+			ut_ad(doc.text.f_str);
+-			ut_ad(t_ctx.processed_len < doc.text.f_len);
++			ut_ad(buf[0]->index->parser
++			      || t_ctx.processed_len < doc.text.f_len);
+		}
+
+		processed = row_merge_fts_doc_tokenize(
+@@ -841,7 +845,8 @@ void fts_parallel_tokenization(
+
+		/* Current sort buffer full, need to recycle */
+		if (!processed) {
+-			ut_ad(t_ctx.processed_len < doc.text.f_len);
++			ut_ad(buf[0]->index->parser
++			      || t_ctx.processed_len < doc.text.f_len);
+			ut_ad(t_ctx.rows_added[t_ctx.buf_used]);
+			break;
+		}
+--
+2.40.0
diff --git a/meta-oe/recipes-dbs/mysql/mariadb/cross-compiling.patch b/meta-oe/recipes-dbs/mysql/mariadb/cross-compiling.patch
new file mode 100644
index 0000000000..d0d6e3c730
--- /dev/null
+++ b/meta-oe/recipes-dbs/mysql/mariadb/cross-compiling.patch
@@ -0,0 +1,34 @@
+From 80be37351d995654f86b838f6b5ed47e8a90261b Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Fri, 23 Sep 2022 12:05:17 +0800
+Subject: [PATCH] CMakeLists.txt: not include import_executables.cmake
+
+building failed since native does not generate import_executables.cmake
+In fact, our building system will export the needed commands.
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ CMakeLists.txt | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index f9e2b1b..34924ba 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -394,11 +394,6 @@ CHECK_LIBFMT()
+ ADD_SUBDIRECTORY(tpool)
+ CHECK_SYSTEMD()
+ 
+-IF(CMAKE_CROSSCOMPILING AND NOT DEFINED CMAKE_CROSSCOMPILING_EMULATOR)
+-  SET(IMPORT_EXECUTABLES "IMPORTFILE-NOTFOUND" CACHE FILEPATH "Path to import_executables.cmake from a native build")
+-  INCLUDE(${IMPORT_EXECUTABLES})
+-ENDIF()
+-
+ #
+ # Setup maintainer mode options. Platform checks are
+ # not run with the warning options as to not perturb fragile checks
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch b/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch
deleted file mode 100644
index 878675f30d..0000000000
--- a/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch
+++ /dev/null
@@ -1,416 +0,0 @@
-From 1626955f3a2107ec4c7fd927ebfa3c6c1d2b09b8 Mon Sep 17 00:00:00 2001
-From: Vladislav Vaintroub <wlad@mariadb.com>
-Date: Mon, 8 Nov 2021 18:48:19 +0100
-Subject: [PATCH] MDEV-25785 Add support for OpenSSL 3.0
-
-Summary of changes
-
-- MD_CTX_SIZE is increased
-
-- EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points
-  to nobody knows where. The assumption made previously was that
-  (since the function does not seem to be documented)
-  was that it points to the last partial source block.
-  Add own partial block buffer for NOPAD encryption instead
-
-- SECLEVEL in CipherString in openssl.cnf
-  had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible
-
-- Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers,
-  in addition to what was set in --ssl-cipher
-
-- ctx_buf buffer now must be aligned to 16 bytes with openssl(
-  previously with WolfSSL only), ot crashes will happen
-
-- updated aes-t , to be better debuggable
-  using function, rather than a huge multiline macro
-  added test that does "nopad" encryption piece-wise, to test
-  replacement of EVP_CIPHER_CTX_buf_noconst
-
-Patch from Fedora https://src.fedoraproject.org/rpms/mariadb/raw/rawhide/f/mariadb-openssl3.patch
-
-Upstream-Status: Backport [https://github.com/MariaDB/server/commit/d42c2efbaa06a0307c2f0fd8fa87819ff50bbd7e]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
----
- cmake/ssl.cmake                   |  21 +++++-
- include/mysql/service_my_crypt.h  |   2 +-
- include/ssl_compat.h              |   3 +-
- mysql-test/lib/openssl.cnf        |   2 +-
- mysql-test/main/ssl_cipher.result |   6 +-
- mysql-test/main/ssl_cipher.test   |   2 +-
- mysys_ssl/my_crypt.cc             |  46 +++++++-----
- unittest/mysys/aes-t.c            | 121 ++++++++++++++++++++++--------
- 8 files changed, 143 insertions(+), 60 deletions(-)
-
-diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake
-index a6793cf3..64c93ff9 100644
---- a/cmake/ssl.cmake
-+++ b/cmake/ssl.cmake
-@@ -118,7 +118,7 @@ MACRO (MYSQL_CHECK_SSL)
-     ENDIF()
-     FIND_PACKAGE(OpenSSL)
-     SET_PACKAGE_PROPERTIES(OpenSSL PROPERTIES TYPE RECOMMENDED)
--    IF(OPENSSL_FOUND AND OPENSSL_VERSION AND OPENSSL_VERSION VERSION_LESS "3.0.0")
-+    IF(OPENSSL_FOUND)
-       SET(OPENSSL_LIBRARY ${OPENSSL_SSL_LIBRARY})
-       INCLUDE(CheckSymbolExists)
-       SET(SSL_SOURCES "")
-@@ -139,9 +139,20 @@ MACRO (MYSQL_CHECK_SSL)
-       SET(SSL_INTERNAL_INCLUDE_DIRS "")
-       SET(SSL_DEFINES "-DHAVE_OPENSSL")
- 
-+      FOREACH(x INCLUDES LIBRARIES DEFINITIONS)
-+        SET(SAVE_CMAKE_REQUIRED_${x} ${CMAKE_REQUIRED_${x}})
-+      ENDFOREACH()
-+
-+      # Silence "deprecated in OpenSSL 3.0"
-+      IF((NOT OPENSSL_VERSION) # 3.0 not determined by older cmake
-+         OR NOT(OPENSSL_VERSION VERSION_LESS "3.0.0"))
-+        SET(SSL_DEFINES "${SSL_DEFINES} -DOPENSSL_API_COMPAT=0x10100000L")
-+        SET(CMAKE_REQUIRED_DEFINITIONS -DOPENSSL_API_COMPAT=0x10100000L)
-+      ENDIF()
-+
-       SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-       SET(CMAKE_REQUIRED_LIBRARIES ${SSL_LIBRARIES})
--      SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-+
-       CHECK_SYMBOL_EXISTS(ERR_remove_thread_state "openssl/err.h"
-                           HAVE_ERR_remove_thread_state)
-       CHECK_SYMBOL_EXISTS(EVP_aes_128_ctr "openssl/evp.h"
-@@ -150,8 +161,10 @@ MACRO (MYSQL_CHECK_SSL)
-                           HAVE_EncryptAes128Gcm)
-       CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h"
-                           HAVE_X509_check_host)
--      SET(CMAKE_REQUIRED_INCLUDES)
--      SET(CMAKE_REQUIRED_LIBRARIES)
-+
-+      FOREACH(x INCLUDES LIBRARIES DEFINITIONS)
-+        SET(CMAKE_REQUIRED_${x} ${SAVE_CMAKE_REQUIRED_${x}})
-+      ENDFOREACH()
-     ELSE()
-       IF(WITH_SSL STREQUAL "system")
-         MESSAGE(FATAL_ERROR "Cannot find appropriate system libraries for SSL. Use WITH_SSL=bundled to enable SSL support")
-diff --git a/include/mysql/service_my_crypt.h b/include/mysql/service_my_crypt.h
-index 2a232117..bb038aaa 100644
---- a/include/mysql/service_my_crypt.h
-+++ b/include/mysql/service_my_crypt.h
-@@ -45,7 +45,7 @@ extern "C" {
- /* The max key length of all supported algorithms */
- #define MY_AES_MAX_KEY_LENGTH 32
- 
--#define MY_AES_CTX_SIZE 656
-+#define MY_AES_CTX_SIZE 672
- 
- enum my_aes_mode {
-     MY_AES_ECB, MY_AES_CBC
-diff --git a/include/ssl_compat.h b/include/ssl_compat.h
-index 8dc12254..6db1baab 100644
---- a/include/ssl_compat.h
-+++ b/include/ssl_compat.h
-@@ -24,7 +24,7 @@
- #define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION)
- #define ERR_remove_state(X) ERR_clear_error()
- #define EVP_CIPHER_CTX_SIZE 176
--#define EVP_MD_CTX_SIZE 48
-+#define EVP_MD_CTX_SIZE 72
- #undef EVP_MD_CTX_init
- #define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0)
- #undef EVP_CIPHER_CTX_init
-@@ -77,7 +77,6 @@
- #define DH_set0_pqg(D,P,Q,G)            ((D)->p= (P), (D)->g= (G))
- #endif
- 
--#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
- #define EVP_CIPHER_CTX_encrypting(ctx)  ((ctx)->encrypt)
- #define EVP_CIPHER_CTX_SIZE             sizeof(EVP_CIPHER_CTX)
- 
-diff --git a/mysql-test/lib/openssl.cnf b/mysql-test/lib/openssl.cnf
-index b9ab37ac..7cd6f748 100644
---- a/mysql-test/lib/openssl.cnf
-+++ b/mysql-test/lib/openssl.cnf
-@@ -9,4 +9,4 @@ ssl_conf = ssl_section
- system_default = system_default_section
- 
- [system_default_section]
--CipherString = ALL:@SECLEVEL=1
-+CipherString = ALL:@SECLEVEL=0
-diff --git a/mysql-test/main/ssl_cipher.result b/mysql-test/main/ssl_cipher.result
-index 930d384e..66d817b7 100644
---- a/mysql-test/main/ssl_cipher.result
-+++ b/mysql-test/main/ssl_cipher.result
-@@ -61,8 +61,8 @@ connect  ssl_con,localhost,root,,,,,SSL;
- SHOW STATUS LIKE 'Ssl_cipher';
- Variable_name	Value
- Ssl_cipher	AES128-SHA
--SHOW STATUS LIKE 'Ssl_cipher_list';
--Variable_name	Value
--Ssl_cipher_list	AES128-SHA
-+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
-+VARIABLE_VALUE like '%AES128-SHA%'
-+1
- disconnect ssl_con;
- connection default;
-diff --git a/mysql-test/main/ssl_cipher.test b/mysql-test/main/ssl_cipher.test
-index 36549d76..d4cdcffb 100644
---- a/mysql-test/main/ssl_cipher.test
-+++ b/mysql-test/main/ssl_cipher.test
-@@ -98,6 +98,6 @@ let $restart_parameters=--ssl-cipher=AES128-SHA;
- source include/restart_mysqld.inc;
- connect (ssl_con,localhost,root,,,,,SSL);
- SHOW STATUS LIKE 'Ssl_cipher';
--SHOW STATUS LIKE 'Ssl_cipher_list';
-+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
- disconnect ssl_con;
- connection default;
-diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc
-index e512eee9..4d7ebc7b 100644
---- a/mysys_ssl/my_crypt.cc
-+++ b/mysys_ssl/my_crypt.cc
-@@ -29,11 +29,7 @@
- #include <ssl_compat.h>
- #include <cstdint>
- 
--#ifdef HAVE_WOLFSSL
- #define CTX_ALIGN 16
--#else
--#define CTX_ALIGN 0
--#endif
- 
- class MyCTX
- {
-@@ -100,8 +96,9 @@ class MyCTX_nopad : public MyCTX
- {
- public:
-   const uchar *key;
--  uint klen, buf_len;
-+  uint klen, source_tail_len;
-   uchar oiv[MY_AES_BLOCK_SIZE];
-+  uchar source_tail[MY_AES_BLOCK_SIZE];
- 
-   MyCTX_nopad() : MyCTX() { }
-   ~MyCTX_nopad() { }
-@@ -112,7 +109,7 @@ class MyCTX_nopad : public MyCTX
-     compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad));
-     this->key= key;
-     this->klen= klen;
--    this->buf_len= 0;
-+    this->source_tail_len= 0;
-     if (ivlen)
-       memcpy(oiv, iv, ivlen);
-     DBUG_ASSERT(ivlen == 0 || ivlen == sizeof(oiv));
-@@ -123,26 +120,41 @@ class MyCTX_nopad : public MyCTX
-     return res;
-   }
- 
-+  /** Update last partial source block, stored in source_tail array. */
-+  void update_source_tail(const uchar* src, uint slen)
-+  {
-+    if (!slen)
-+      return;
-+    uint new_tail_len= (source_tail_len + slen) % MY_AES_BLOCK_SIZE;
-+    if (new_tail_len)
-+    {
-+      if (slen + source_tail_len < MY_AES_BLOCK_SIZE)
-+      {
-+        memcpy(source_tail + source_tail_len, src, slen);
-+      }
-+      else
-+      {
-+        DBUG_ASSERT(slen > new_tail_len);
-+        memcpy(source_tail, src + slen - new_tail_len, new_tail_len);
-+      }
-+    }
-+    source_tail_len= new_tail_len;
-+  }
-+
-   int update(const uchar *src, uint slen, uchar *dst, uint *dlen)
-   {
--    buf_len+= slen;
-+    update_source_tail(src, slen);
-     return MyCTX::update(src, slen, dst, dlen);
-   }
- 
-   int finish(uchar *dst, uint *dlen)
-   {
--    buf_len %= MY_AES_BLOCK_SIZE;
--    if (buf_len)
-+    if (source_tail_len)
-     {
--      uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx);
-       /*
-         Not much we can do, block ciphers cannot encrypt data that aren't
-         a multiple of the block length. At least not without padding.
-         Let's do something CTR-like for the last partial block.
--
--        NOTE this assumes that there are only buf_len bytes in the buf.
--        If OpenSSL will change that, we'll need to change the implementation
--        of this class too.
-       */
-       uchar mask[MY_AES_BLOCK_SIZE];
-       uint mlen;
-@@ -154,10 +166,10 @@ class MyCTX_nopad : public MyCTX
-         return rc;
-       DBUG_ASSERT(mlen == sizeof(mask));
- 
--      for (uint i=0; i < buf_len; i++)
--        dst[i]= buf[i] ^ mask[i];
-+      for (uint i=0; i < source_tail_len; i++)
-+        dst[i]= source_tail[i] ^ mask[i];
-     }
--    *dlen= buf_len;
-+    *dlen= source_tail_len;
-     return MY_AES_OK;
-   }
- };
-diff --git a/unittest/mysys/aes-t.c b/unittest/mysys/aes-t.c
-index 34704e06..cbec2760 100644
---- a/unittest/mysys/aes-t.c
-+++ b/unittest/mysys/aes-t.c
-@@ -21,27 +21,96 @@
- #include <string.h>
- #include <ctype.h>
- 
--#define DO_TEST(mode, nopad, slen, fill, dlen, hash)                    \
--  SKIP_BLOCK_IF(mode == 0xDEADBEAF, nopad ? 4 : 5, #mode " not supported")     \
--  {                                                                     \
--    memset(src, fill, src_len= slen);                                   \
--    ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT,              \
--                    src, src_len, dst, &dst_len,                        \
--                    key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK,     \
--      "encrypt " #mode " %u %s", src_len, nopad ? "nopad" : "pad");     \
--    if (!nopad)                                                         \
--      ok (dst_len == my_aes_get_size(mode, src_len), "my_aes_get_size");\
--    my_md5(md5, (char*)dst, dst_len);                                   \
--    ok(dst_len == dlen && memcmp(md5, hash, sizeof(md5)) == 0, "md5");  \
--    ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT,              \
--                    dst, dst_len, ddst, &ddst_len,                      \
--                    key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK,     \
--       "decrypt " #mode " %u", dst_len);                                \
--    ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); \
-+
-+/** Test streaming encryption, bytewise update.*/
-+static int aes_crypt_bytewise(enum my_aes_mode mode, int flags, const unsigned char *src,
-+                 unsigned int slen, unsigned char *dst, unsigned int *dlen,
-+                 const unsigned char *key, unsigned int klen,
-+                 const unsigned char *iv, unsigned int ivlen)
-+{
-+  /* Allocate context on odd address on stack, in order to
-+   catch misalignment errors.*/
-+  void *ctx= (char *)alloca(MY_AES_CTX_SIZE+1)+1;
-+
-+  int res1, res2;
-+  uint d1= 0, d2;
-+  uint i;
-+
-+  if ((res1= my_aes_crypt_init(ctx, mode, flags, key, klen, iv, ivlen)))
-+    return res1;
-+  for (i= 0; i < slen; i++)
-+  {
-+    uint tmp_d1=0;
-+    res1= my_aes_crypt_update(ctx, src+i,1, dst, &tmp_d1);
-+    if (res1)
-+      return res1;
-+    d1+= tmp_d1;
-+    dst+= tmp_d1;
-+  }
-+  res2= my_aes_crypt_finish(ctx, dst, &d2);
-+  *dlen= d1 + d2;
-+  return res1 ? res1 : res2;
-+}
-+
-+
-+#ifndef HAVE_EncryptAes128Ctr
-+const uint MY_AES_CTR=0xDEADBEAF;
-+#endif
-+#ifndef HAVE_EncryptAes128Gcm
-+const uint MY_AES_GCM=0xDEADBEAF;
-+#endif
-+
-+#define MY_AES_UNSUPPORTED(x)  (x == 0xDEADBEAF)
-+
-+static void do_test(uint mode, const char *mode_str, int nopad, uint slen,
-+                    char fill, size_t dlen, const char *hash)
-+{
-+  uchar key[16]= {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6};
-+  uchar iv[16]= {2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7};
-+  uchar src[1000], dst[1100], dst2[1100], ddst[1000];
-+  uchar md5[MY_MD5_HASH_SIZE];
-+  uint src_len, dst_len, dst_len2, ddst_len;
-+  int result;
-+
-+  if (MY_AES_UNSUPPORTED(mode))
-+  {
-+    skip(nopad?7:6, "%s not supported", mode_str);
-+    return;
-+  }
-+  memset(src, fill, src_len= slen);
-+  result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, src_len,
-+                       dst, &dst_len, key, sizeof(key), iv, sizeof(iv));
-+  ok(result == MY_AES_OK, "encrypt %s %u %s", mode_str, src_len,
-+     nopad ? "nopad" : "pad");
-+
-+  if (nopad)
-+  {
-+    result= aes_crypt_bytewise(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src,
-+                                src_len, dst2, &dst_len2, key, sizeof(key),
-+                                iv, sizeof(iv));
-+    ok(result == MY_AES_OK, "encrypt bytewise %s %u", mode_str, src_len);
-+    /* Compare with non-bytewise encryption result*/
-+    ok(dst_len == dst_len2 && memcmp(dst, dst2, dst_len) == 0,
-+       "memcmp bytewise  %s %u", mode_str, src_len);
-+  }
-+  else
-+  {
-+    int dst_len_real= my_aes_get_size(mode, src_len);
-+    ok(dst_len_real= dst_len, "my_aes_get_size");
-   }
-+  my_md5(md5, (char *) dst, dst_len);
-+  ok(dst_len == dlen, "md5 len");
-+  ok(memcmp(md5, hash, sizeof(md5)) == 0, "md5");
-+  result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT,
-+                       dst, dst_len, ddst, &ddst_len, key, sizeof(key), iv,
-+                       sizeof(iv));
-+
-+  ok(result == MY_AES_OK, "decrypt %s %u", mode_str, dst_len);
-+  ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp");
-+}
- 
--#define DO_TEST_P(M,S,F,D,H) DO_TEST(M,0,S,F,D,H)
--#define DO_TEST_N(M,S,F,D,H) DO_TEST(M,ENCRYPTION_FLAG_NOPAD,S,F,D,H)
-+#define DO_TEST_P(M, S, F, D, H) do_test(M, #M, 0, S, F, D, H)
-+#define DO_TEST_N(M, S, F, D, H) do_test(M, #M, ENCRYPTION_FLAG_NOPAD, S, F, D, H)
- 
- /* useful macro for debugging */
- #define PRINT_MD5()                                     \
-@@ -53,25 +122,15 @@
-     printf("\"\n");                                     \
-   } while(0);
- 
--#ifndef HAVE_EncryptAes128Ctr
--const uint MY_AES_CTR=0xDEADBEAF;
--#endif
--#ifndef HAVE_EncryptAes128Gcm
--const uint MY_AES_GCM=0xDEADBEAF;
--#endif
- 
- int
- main(int argc __attribute__((unused)),char *argv[])
- {
--  uchar key[16]= {1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6};
--  uchar iv[16]=  {2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7};
--  uchar src[1000], dst[1100], ddst[1000];
--  uchar md5[MY_MD5_HASH_SIZE];
--  uint src_len, dst_len, ddst_len;
- 
-   MY_INIT(argv[0]);
- 
--  plan(87);
-+  plan(122);
-+
-   DO_TEST_P(MY_AES_ECB, 200, '.', 208, "\xd8\x73\x8e\x3a\xbc\x66\x99\x13\x7f\x90\x23\x52\xee\x97\x6f\x9a");
-   DO_TEST_P(MY_AES_ECB, 128, '?', 144, "\x19\x58\x33\x85\x4c\xaa\x7f\x06\xd1\xb2\xec\xd7\xb7\x6a\xa9\x5b");
-   DO_TEST_P(MY_AES_CBC, 159, '%', 160, "\x4b\x03\x18\x3d\xf1\xa7\xcd\xa1\x46\xb3\xc6\x8a\x92\xc0\x0f\xc9");
--- 
-2.25.1
-
diff --git a/meta-oe/recipes-dbs/mysql/mariadb_10.7.4.bb b/meta-oe/recipes-dbs/mysql/mariadb_10.7.8.bb
index c800c4c56c..87faabfa27 100644
--- a/meta-oe/recipes-dbs/mysql/mariadb_10.7.4.bb
+++ b/meta-oe/recipes-dbs/mysql/mariadb_10.7.8.bb
@@ -1,9 +1,7 @@
 require mariadb.inc
 
-inherit qemu
-
-DEPENDS += "qemu-native bison-native boost libpcre2 curl ncurses \
-            zlib libaio libedit libevent libxml2 gnutls fmt lzo"
+DEPENDS += "mariadb-native bison-native boost libpcre2 curl ncurses \
+            zlib libaio libedit libevent libxml2 gnutls fmt lzo zstd"
 
 PROVIDES += "mysql5 libmysqlclient"
 
diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch
index 90b7419495..46343674fc 100644
--- a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch
+++ b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch
@@ -1,16 +1,17 @@
-From 780fd27ea6f7f2c446c46a7a5e26d94106c67efd Mon Sep 17 00:00:00 2001
+From 0801befde991250b4502954fdec61bec8c33da3b Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Sun, 20 Nov 2016 15:04:52 +0000
 Subject: [PATCH] Add support for RISC-V.
 
 The architecture is sufficiently similar to aarch64 that simply
 extending the existing aarch64 macro works.
+
 ---
  src/include/storage/s_lock.h | 5 +++--
  1 file changed, 3 insertions(+), 2 deletions(-)
 
 diff --git a/src/include/storage/s_lock.h b/src/include/storage/s_lock.h
-index dccbd29..ad60429 100644
+index 95049f0..e08c963 100644
 --- a/src/include/storage/s_lock.h
 +++ b/src/include/storage/s_lock.h
 @@ -317,11 +317,12 @@ tas(volatile slock_t *lock)
@@ -35,7 +36,4 @@ index dccbd29..ad60429 100644
 +#endif	 /* __arm__ || __arm || __aarch64__ || __aarch64 || __riscv */
  
  
- /*
--- 
-2.34.1
-
+ /* S/390 and S/390x Linux (32- and 64-bit zSeries) */
diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch
index 02f4c9e513..eeffe6bcb1 100644
--- a/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch
+++ b/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch
@@ -1,4 +1,4 @@
-From bbba8a5261a99e79c9cd4693ef56021014a9856b Mon Sep 17 00:00:00 2001
+From e167d58d6be1b1ee4d49571650444700ab97ed7c Mon Sep 17 00:00:00 2001
 From: Changqing Li <changqing.li@windriver.com>
 Date: Mon, 28 Dec 2020 16:38:21 +0800
 Subject: [PATCH] Improve reproducibility,
@@ -18,6 +18,7 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 
 update patch for v13.1
 Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
 ---
  src/common/Makefile | 3 ---
  1 file changed, 3 deletions(-)
@@ -36,6 +37,3 @@ index 880722f..7a9b9d4 100644
  override CPPFLAGS += -DVAL_CFLAGS_SL="\"$(CFLAGS_SL)\""
  override CPPFLAGS += -DVAL_LDFLAGS="\"$(STD_LDFLAGS)\""
  override CPPFLAGS += -DVAL_LDFLAGS_EX="\"$(LDFLAGS_EX)\""
--- 
-2.34.1
-
diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch b/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch
new file mode 100644
index 0000000000..eff69140f7
--- /dev/null
+++ b/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch
@@ -0,0 +1,117 @@
+From 805f03529c7fc33685979651562112bab524e5a5 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Mon, 1 Aug 2022 15:44:38 +0800
+Subject: [PATCH] config_info.c: not expose build info
+
+Don't collect the build information to fix the buildpaths issue.
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+
+---
+ configure.ac             |  2 +-
+ src/common/config_info.c | 70 +---------------------------------------
+ 2 files changed, 2 insertions(+), 70 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 54a539e..c6edc0a 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -23,7 +23,7 @@ AC_COPYRIGHT([Copyright (c) 1996-2021, PostgreSQL Global Development Group])
+ AC_CONFIG_SRCDIR([src/backend/access/common/heaptuple.c])
+ AC_CONFIG_AUX_DIR(config)
+ AC_PREFIX_DEFAULT(/usr/local/pgsql)
+-AC_DEFINE_UNQUOTED(CONFIGURE_ARGS, ["$ac_configure_args"], [Saved arguments from configure])
++AC_DEFINE_UNQUOTED(CONFIGURE_ARGS, ["ac_configure_args"], [Saved arguments from configure])
+ 
+ [PG_MAJORVERSION=`expr "$PACKAGE_VERSION" : '\([0-9][0-9]*\)'`]
+ [PG_MINORVERSION=`expr "$PACKAGE_VERSION" : '.*\.\([0-9][0-9]*\)'`]
+diff --git a/src/common/config_info.c b/src/common/config_info.c
+index e72e729..a020236 100644
+--- a/src/common/config_info.c
++++ b/src/common/config_info.c
+@@ -38,7 +38,7 @@ get_configdata(const char *my_exec_path, size_t *configdata_len)
+ 	int			i = 0;
+ 
+ 	/* Adjust this to match the number of items filled below */
+-	*configdata_len = 23;
++	*configdata_len = 14;
+ 	configdata = (ConfigData *) palloc(*configdata_len * sizeof(ConfigData));
+ 
+ 	configdata[i].name = pstrdup("BINDIR");
+@@ -123,74 +123,6 @@ get_configdata(const char *my_exec_path, size_t *configdata_len)
+ 	configdata[i].setting = pstrdup(path);
+ 	i++;
+ 
+-	configdata[i].name = pstrdup("CONFIGURE");
+-	configdata[i].setting = pstrdup(CONFIGURE_ARGS);
+-	i++;
+-
+-	configdata[i].name = pstrdup("CC");
+-#ifdef VAL_CC
+-	configdata[i].setting = pstrdup(VAL_CC);
+-#else
+-	configdata[i].setting = pstrdup(_("not recorded"));
+-#endif
+-	i++;
+-
+-	configdata[i].name = pstrdup("CPPFLAGS");
+-#ifdef VAL_CPPFLAGS
+-	configdata[i].setting = pstrdup(VAL_CPPFLAGS);
+-#else
+-	configdata[i].setting = pstrdup(_("not recorded"));
+-#endif
+-	i++;
+-
+-	configdata[i].name = pstrdup("CFLAGS");
+-#ifdef VAL_CFLAGS
+-	configdata[i].setting = pstrdup(VAL_CFLAGS);
+-#else
+-	configdata[i].setting = pstrdup(_("not recorded"));
+-#endif
+-	i++;
+-
+-	configdata[i].name = pstrdup("CFLAGS_SL");
+-#ifdef VAL_CFLAGS_SL
+-	configdata[i].setting = pstrdup(VAL_CFLAGS_SL);
+-#else
+-	configdata[i].setting = pstrdup(_("not recorded"));
+-#endif
+-	i++;
+-
+-	configdata[i].name = pstrdup("LDFLAGS");
+-#ifdef VAL_LDFLAGS
+-	configdata[i].setting = pstrdup(VAL_LDFLAGS);
+-#else
+-	configdata[i].setting = pstrdup(_("not recorded"));
+-#endif
+-	i++;
+-
+-	configdata[i].name = pstrdup("LDFLAGS_EX");
+-#ifdef VAL_LDFLAGS_EX
+-	configdata[i].setting = pstrdup(VAL_LDFLAGS_EX);
+-#else
+-	configdata[i].setting = pstrdup(_("not recorded"));
+-#endif
+-	i++;
+-
+-	configdata[i].name = pstrdup("LDFLAGS_SL");
+-#ifdef VAL_LDFLAGS_SL
+-	configdata[i].setting = pstrdup(VAL_LDFLAGS_SL);
+-#else
+-	configdata[i].setting = pstrdup(_("not recorded"));
+-#endif
+-	i++;
+-
+-	configdata[i].name = pstrdup("LIBS");
+-#ifdef VAL_LIBS
+-	configdata[i].setting = pstrdup(VAL_LIBS);
+-#else
+-	configdata[i].setting = pstrdup(_("not recorded"));
+-#endif
+-	i++;
+-
+ 	configdata[i].name = pstrdup("VERSION");
+ 	configdata[i].setting = pstrdup("PostgreSQL " PG_VERSION);
+ 	i++;
diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch b/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch
index 2256bccece..807eac219b 100644
--- a/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch
+++ b/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch
@@ -1,4 +1,4 @@
-From 07e605015fad0621c3e67133ff9330a5c6318daa Mon Sep 17 00:00:00 2001
+From c48f2f132744a0b4a2473ec178d63c1d4d1a4a86 Mon Sep 17 00:00:00 2001
 From: Yi Fan Yu <yifan.yu@windriver.com>
 Date: Fri, 5 Feb 2021 17:15:42 -0500
 Subject: [PATCH] configure.ac: bypass autoconf 2.69 version check
@@ -14,12 +14,12 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
  1 file changed, 4 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index 04ef7be..0eb595b 100644
+index e59dc99..41b4732 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros
  
- AC_INIT([PostgreSQL], [14.4], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/])
+ AC_INIT([PostgreSQL], [14.11], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/])
  
 -m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required.
 -Untested combinations of 'autoconf' and PostgreSQL versions are not
diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch b/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch
new file mode 100644
index 0000000000..555fd7f1fc
--- /dev/null
+++ b/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch
@@ -0,0 +1,47 @@
+From 5a17b7b88776cbbe5b37838baff71726b8a6e7dd Mon Sep 17 00:00:00 2001
+From: Manoj Saun <manojsingh.saun@windriver.com>
+Date: Wed, 22 Mar 2023 08:07:26 +0000
+Subject: [PATCH] postgresql: fix ptest failure of sysviews
+
+The patch "0001-config_info.c-not-expose-build-info.patch" hides the debug info
+in pg_config table which reduces the count of rows from pg_config and leads to
+sysviews test failure.
+To fix it we need to reduce the count of parameters in sysviews test.
+Also we need to reduce the row count in expected result of sysview test
+to make the test output shown as pass.
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Manoj Saun <manojsingh.saun@windriver.com>
+
+---
+ src/test/regress/expected/sysviews.out | 2 +-
+ src/test/regress/sql/sysviews.sql      | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/test/regress/expected/sysviews.out b/src/test/regress/expected/sysviews.out
+index 2088857..96a15cc 100644
+--- a/src/test/regress/expected/sysviews.out
++++ b/src/test/regress/expected/sysviews.out
+@@ -29,7 +29,7 @@ select name, ident, parent, level, total_bytes >= free_bytes
+ (1 row)
+ 
+ -- At introduction, pg_config had 23 entries; it may grow
+-select count(*) > 20 as ok from pg_config;
++select count(*) > 13 as ok from pg_config;
+  ok 
+ ----
+  t
+diff --git a/src/test/regress/sql/sysviews.sql b/src/test/regress/sql/sysviews.sql
+index b24816e..72ff887 100644
+--- a/src/test/regress/sql/sysviews.sql
++++ b/src/test/regress/sql/sysviews.sql
+@@ -18,7 +18,7 @@ select name, ident, parent, level, total_bytes >= free_bytes
+   from pg_backend_memory_contexts where level = 0;
+ 
+ -- At introduction, pg_config had 23 entries; it may grow
+-select count(*) > 20 as ok from pg_config;
++select count(*) > 13 as ok from pg_config;
+ 
+ -- We expect no cursors in this test; see also portals.sql
+ select count(*) = 0 as ok from pg_cursors;
diff --git a/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch b/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch
index fa46912eef..b742bd53bd 100644
--- a/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch
+++ b/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch
@@ -1,4 +1,4 @@
-From 56b830edecff1cac5f8a8a956e7a7eeef2aa7c17 Mon Sep 17 00:00:00 2001
+From 09fad1883f3312965a8d066f8477166eaa4db2c7 Mon Sep 17 00:00:00 2001
 From: Changqing Li <changqing.li@windriver.com>
 Date: Tue, 27 Nov 2018 13:25:15 +0800
 Subject: [PATCH] not check libperl under cross compiling
@@ -15,15 +15,16 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com>
 
 update patch to version 11.1
 Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
 ---
  configure.ac | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/configure.ac b/configure.ac
-index fba79ee..7170f26 100644
+index 159f2a2..d0f0b14 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -2261,7 +2261,7 @@ Use --without-tcl to disable building PL/Tcl.])
+@@ -2332,7 +2332,7 @@ Use --without-tcl to disable building PL/Tcl.])
  fi
  
  # check for <perl.h>
@@ -32,6 +33,3 @@ index fba79ee..7170f26 100644
    ac_save_CPPFLAGS=$CPPFLAGS
    CPPFLAGS="$CPPFLAGS $perl_includespec"
    AC_CHECK_HEADER(perl.h, [], [AC_MSG_ERROR([header file <perl.h> is required for Perl])],
--- 
-2.34.1
-
diff --git a/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch b/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch
deleted file mode 100644
index 92a3dcc710..0000000000
--- a/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Remove duplicate code for riscv
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
---- a/src/include/storage/s_lock.h
-+++ b/src/include/storage/s_lock.h
-@@ -341,30 +341,6 @@ tas(volatile slock_t *lock)
- #endif	 /* HAVE_GCC__SYNC_INT32_TAS */
- #endif	 /* __arm__ || __arm || __aarch64__ || __aarch64 || __riscv */
- 
--
--/*
-- * RISC-V likewise uses __sync_lock_test_and_set(int *, int) if available.
-- */
--#if defined(__riscv)
--#ifdef HAVE_GCC__SYNC_INT32_TAS
--#define HAS_TEST_AND_SET
--
--#define TAS(lock) tas(lock)
--
--typedef int slock_t;
--
--static __inline__ int
--tas(volatile slock_t *lock)
--{
--	return __sync_lock_test_and_set(lock, 1);
--}
--
--#define S_UNLOCK(lock) __sync_lock_release(lock)
--
--#endif	 /* HAVE_GCC__SYNC_INT32_TAS */
--#endif	 /* __riscv */
--
--
- /* S/390 and S/390x Linux (32- and 64-bit zSeries) */
- #if defined(__s390__) || defined(__s390x__)
- #define HAS_TEST_AND_SET
diff --git a/meta-oe/recipes-dbs/postgresql/postgresql.inc b/meta-oe/recipes-dbs/postgresql/postgresql.inc
index 00c0107469..60d44ce979 100644
--- a/meta-oe/recipes-dbs/postgresql/postgresql.inc
+++ b/meta-oe/recipes-dbs/postgresql/postgresql.inc
@@ -205,7 +205,7 @@ do_install:append() {
     # multiple server config directory
     install -d -m 700 ${D}${sysconfdir}/default/${BPN}
 
-    if [ "${@d.getVar('enable_pam')}" = "pam" ]; then
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then
         install -d ${D}${sysconfdir}/pam.d
         install -m 644 ${WORKDIR}/postgresql.pam ${D}${sysconfdir}/pam.d/postgresql
     fi
@@ -215,6 +215,14 @@ do_install:append() {
     install -m 0644 ${WORKDIR}/postgresql.service ${D}${systemd_unitdir}/system
     sed -i -e 's,@BINDIR@,${bindir},g' \
         ${D}${systemd_unitdir}/system/postgresql.service
+    # Remove the build path
+    if [ -f ${D}${libdir}/${BPN}/pgxs/src/Makefile.global ]; then
+        sed -i -e 's#${RECIPE_SYSROOT}##g' \
+               -e 's#${RECIPE_SYSROOT_NATIVE}##g' \
+               -e 's#${WORKDIR}##g' \
+               -e 's#${TMPDIR}##g' \
+             ${D}${libdir}/${BPN}/pgxs/src/Makefile.global
+    fi
 }
 
 SSTATE_SCAN_FILES += "Makefile.global"
diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_14.11.bb b/meta-oe/recipes-dbs/postgresql/postgresql_14.11.bb
new file mode 100644
index 0000000000..8a8c3b9f1e
--- /dev/null
+++ b/meta-oe/recipes-dbs/postgresql/postgresql_14.11.bb
@@ -0,0 +1,18 @@
+require postgresql.inc
+
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=89afbb2d7716371015101c2b2cb4297a"
+
+SRC_URI += "\
+   file://not-check-libperl.patch \
+   file://0001-Add-support-for-RISC-V.patch \
+   file://0001-Improve-reproducibility.patch \
+   file://0001-configure.ac-bypass-autoconf-2.69-version-check.patch \
+   file://0001-config_info.c-not-expose-build-info.patch \
+   file://0001-postgresql-fix-ptest-failure-of-sysviews.patch \
+"
+
+SRC_URI[sha256sum] = "a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8"
+
+CVE_CHECK_IGNORE += "\
+   CVE-2017-8806 \
+"
diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb b/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb
deleted file mode 100644
index 01a6ee635e..0000000000
--- a/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb
+++ /dev/null
@@ -1,13 +0,0 @@
-require postgresql.inc
-
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=75af6e3eeec4a06cdd2e578673236fc3"
-
-SRC_URI += "\
-   file://not-check-libperl.patch \
-   file://0001-Add-support-for-RISC-V.patch \
-   file://0001-Improve-reproducibility.patch \
-   file://0001-configure.ac-bypass-autoconf-2.69-version-check.patch \
-   file://remove_duplicate.patch \
-"
-
-SRC_URI[sha256sum] = "c23b6237c5231c791511bdc79098617d6852e9e3bdf360efd8b5d15a1a3d8f6a"
diff --git a/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch b/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch
new file mode 100644
index 0000000000..88f3816b0f
--- /dev/null
+++ b/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch
@@ -0,0 +1,31 @@
+From b436bc4ef31e29d73363d60b84e77eb419f46c50 Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <slyich@gmail.com>
+Date: Fri, 27 May 2022 22:27:58 +0100
+Subject: [PATCH] absl/strings/internal/str_format/extension.h: add missing
+ <stdint.h> include
+
+Without the change absl-cpp build fails on this week's gcc-13 snapshot as:
+
+    /build/abseil-cpp/absl/strings/internal/str_format/extension.h:34:33: error: found ':' in nested-name-specifier, expected '::'
+       34 | enum class FormatConversionChar : uint8_t;
+          |                                 ^
+          |                                 ::
+
+Upstream-Status: Backport [20220623.0 36a4b073f1e7e02ed7d1ac140767e36f82f09b7c]
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ absl/strings/internal/str_format/extension.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/absl/strings/internal/str_format/extension.h b/absl/strings/internal/str_format/extension.h
+index c47536d6..08c3fbeb 100644
+--- a/absl/strings/internal/str_format/extension.h
++++ b/absl/strings/internal/str_format/extension.h
+@@ -17,6 +17,7 @@
+ #define ABSL_STRINGS_INTERNAL_STR_FORMAT_EXTENSION_H_
+ 
+ #include <limits.h>
++#include <stdint.h>
+ 
+ #include <cstddef>
+ #include <cstring>
diff --git a/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb b/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb
index 1bb27d4369..30eef75ffb 100644
--- a/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb
+++ b/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/abseil/abseil-cpp;branch=${BRANCH};protocol=https \
            file://0001-absl-always-use-asm-sgidefs.h.patch             \
            file://0002-Remove-maes-option-from-cross-compilation.patch \
            file://abseil-ppc-fixes.patch \
+           file://0001-absl-strings-internal-str_format-extension.h-add-mis.patch \
           "
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-devtools/capnproto/capnproto_0.9.1.bb b/meta-oe/recipes-devtools/capnproto/capnproto_0.9.2.bb
index d14bd843ef..d114ad0c63 100644
--- a/meta-oe/recipes-devtools/capnproto/capnproto_0.9.1.bb
+++ b/meta-oe/recipes-devtools/capnproto/capnproto_0.9.2.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://../LICENSE;md5=a05663ae6cca874123bf667a60dca8c9"
 
 SRC_URI = "git://github.com/sandstorm-io/capnproto.git;branch=release-${PV};protocol=https \
            "
-SRCREV = "b49431c48d40490ef979247d308af63345376cee"
+SRCREV = "0274bf17374df912ea834687c667bed33bd318db"
 
 S = "${WORKDIR}/git/c++"
 
diff --git a/meta-oe/recipes-devtools/cjson/cjson_1.7.15.bb b/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb
index 200f751669..c9c38a9fe3 100644
--- a/meta-oe/recipes-devtools/cjson/cjson_1.7.15.bb
+++ b/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb
@@ -6,7 +6,7 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=218947f77e8cb8e2fa02918dc41c50d0"
 
 SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https"
-SRCREV = "d348621ca93571343a56862df7de4ff3bc9b5667"
+SRCREV = "87d8f0961a01bf09bef98ff89bae9fdec42181ee"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-oe/recipes-devtools/exprtk/exprtk_git.bb b/meta-oe/recipes-devtools/exprtk/exprtk_git.bb
index 52975c8215..4019f26899 100644
--- a/meta-oe/recipes-devtools/exprtk/exprtk_git.bb
+++ b/meta-oe/recipes-devtools/exprtk/exprtk_git.bb
@@ -3,9 +3,9 @@ HOMEPAGE = "https://github.com/ArashPartow/exprtk"
 SECTION = "libs"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
-SRCREV = "281c2ccc65b8f91c012ea3725ebcef406378a225"
+SRCREV = "f46bffcd6966d38a09023fb37ba9335214c9b959"
 
-SRC_URI = "git://github.com/ArashPartow/exprtk.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/ArashPartow/exprtk.git;branch=release;protocol=https"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb b/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb
index bf74f1229f..44478ea0b2 100644
--- a/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb
+++ b/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb
@@ -25,12 +25,17 @@ BUILD_CXXFLAGS += "-fPIC"
 # BUILD_TYPE=Release is required, otherwise flatc is not installed
 EXTRA_OECMAKE += "\
     -DCMAKE_BUILD_TYPE=Release \
-    -DFLATBUFFERS_BUILD_TESTS=OFF \    
+    -DFLATBUFFERS_BUILD_TESTS=OFF \
     -DFLATBUFFERS_BUILD_SHAREDLIB=ON \
 "
 
 inherit cmake
 
+rm_flatc_cmaketarget_for_target() {
+    rm -f "${SYSROOT_DESTDIR}/${libdir}/cmake/flatbuffers/FlatcTargets.cmake"
+}
+SYSROOT_PREPROCESS_FUNCS:class-target += "rm_flatc_cmaketarget_for_target"
+
 do_install:append() {
     install -d ${D}${PYTHON_SITEPACKAGES_DIR}
     cp -rf ${S}/python/flatbuffers ${D}${PYTHON_SITEPACKAGES_DIR}
diff --git a/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb b/meta-oe/recipes-devtools/grpc/grpc_1.46.7.bb
index c2f952fc64..ab6f6e46cd 100644
--- a/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb
+++ b/meta-oe/recipes-devtools/grpc/grpc_1.46.7.bb
@@ -20,8 +20,8 @@ RDEPENDS:${PN}-dev:append:class-native = " ${PN}-compiler"
 # RDEPENDS:${PN}-dev += "${PN}-compiler"
 
 S = "${WORKDIR}/git"
-SRCREV_grpc = "b39ffcc425ea990a537f98ec6fe6a1dcb90470d7"
-BRANCH = "v1.45.x"
+SRCREV_grpc = "02384e39185f109bd299eb8482306229967dc970"
+BRANCH = "v1.46.x"
 SRC_URI = "git://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BRANCH} \
            file://0001-Revert-Changed-GRPCPP_ABSEIL_SYNC-to-GPR_ABSEIL_SYNC.patch \
            file://0001-cmake-add-separate-export-for-plugin-targets.patch \
@@ -66,3 +66,6 @@ FILES:${PN}-compiler += " \
     ${bindir} \
     ${libdir}/libgrpc_plugin_support${SOLIBS} \
     "
+
+# this CVE was introduced in v1.53.0 and not backported to v1.46.x branch
+CVE_CHECK_IGNORE += "CVE-2023-32732"
diff --git a/meta-oe/recipes-devtools/heaptrack/heaptrack_1.2.0.bb b/meta-oe/recipes-devtools/heaptrack/heaptrack_1.2.0.bb
index 29937e26d0..be2c0f5394 100644
--- a/meta-oe/recipes-devtools/heaptrack/heaptrack_1.2.0.bb
+++ b/meta-oe/recipes-devtools/heaptrack/heaptrack_1.2.0.bb
@@ -29,4 +29,4 @@ EXTRA_OECMAKE += "-DHEAPTRACK_BUILD_GUI=OFF"
 COMPATIBLE_HOST:riscv32 = "null"
 COMPATIBLE_HOST:riscv64 = "null"
 
-BBCLASSEXTEND = "native nativesdk"
+BBCLASSEXTEND = "native"
diff --git a/meta-oe/recipes-devtools/lapack/lapack_3.10.0.bb b/meta-oe/recipes-devtools/lapack/lapack_3.10.0.bb
index c82761ac34..87d51d8a4d 100644
--- a/meta-oe/recipes-devtools/lapack/lapack_3.10.0.bb
+++ b/meta-oe/recipes-devtools/lapack/lapack_3.10.0.bb
@@ -17,6 +17,9 @@ SRCREV = "aa631b4b4bd13f6ae2dbab9ae9da209e1e05b0fc"
 SRC_URI = "git://github.com/Reference-LAPACK/lapack.git;protocol=https;branch=master"
 S = "${WORKDIR}/git"
 
+PACKAGECONFIG ?= ""
+PACKAGECONFIG[lapacke] = "-DLAPACKE=ON,-DLAPACKE=OFF"
+
 EXTRA_OECMAKE = " -DBUILD_SHARED_LIBS=ON "
 OECMAKE_GENERATOR = "Unix Makefiles"
 
diff --git a/meta-oe/recipes-devtools/nlohmann-json/files/run-ptest b/meta-oe/recipes-devtools/nlohmann-json/files/run-ptest
new file mode 100755
index 0000000000..2f00267d50
--- /dev/null
+++ b/meta-oe/recipes-devtools/nlohmann-json/files/run-ptest
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+cd tests
+for atest in test-* ; do
+    rm -rf tests.log
+    ./${atest} > tests.log 2>&1
+    if [ $? = 0 ] ; then
+        echo "PASS: ${atest}"
+    else
+        echo "FAIL: ${atest}"
+    fi
+done
diff --git a/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb b/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb
index 0cf6fd36bc..8c45949142 100644
--- a/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb
+++ b/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb
@@ -6,23 +6,37 @@ LIC_FILES_CHKSUM = "file://LICENSE.MIT;md5=f969127d7b7ed0a8a63c2bbeae002588"
 
 CVE_PRODUCT = "json-for-modern-cpp"
 
-SRC_URI = "git://github.com/nlohmann/json.git;nobranch=1;protocol=https \
-           "
+SRC_URI = "git://github.com/nlohmann/json.git;branch=develop;protocol=https \
+           git://github.com/nlohmann/json_test_data.git;destsuffix=git/json_test_data;name=json-test-data;branch=master;protocol=https \
+           file://run-ptest \
+"
 
 SRCREV = "4f8fba14066156b73f1189a2b8bd568bde5284c5"
+SRCREV_json-test-data = "a1375cea09d27cc1c4cadb8d00470375b421ac37"
+
+SRCREV_FORMAT = "json-test-data"
 
 S = "${WORKDIR}/git"
 
-inherit cmake
+inherit cmake ptest
 
-EXTRA_OECMAKE += "-DJSON_BuildTests=OFF"
+EXTRA_OECMAKE += "${@bb.utils.contains('PTEST_ENABLED', '1', '-DJSON_BuildTests=ON -DJSON_TestDataDirectory=${PTEST_PATH}/json_test_data', '-DJSON_BuildTests=OFF', d)}"
 
 # nlohmann-json is a header only C++ library, so the main package will be empty.
-
+ALLOW_EMPTY:${PN} = "1"
 RDEPENDS:${PN}-dev = ""
+RDEPENDS:${PN}-ptest = "perl"
 
 BBCLASSEXTEND = "native nativesdk"
 
+
+do_install_ptest () {
+    install -d ${D}${PTEST_PATH}/tests
+    cp -r ${S}/json_test_data/ ${D}${PTEST_PATH}/
+    cp -r ${B}/test/test-* ${D}${PTEST_PATH}/tests
+}
+
+
 # other packages commonly reference the file directly as "json.hpp"
 # create symlink to allow this usage
 do_install:append() {
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.20/oe-npm-cache b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.20/oe-npm-cache
new file mode 100755
index 0000000000..f596207648
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.20/oe-npm-cache
@@ -0,0 +1,77 @@
+#!/usr/bin/env node
+
+/// Usage: oe-npm-cache <cache-dir> <type> <key> <file-name>
+///    <type> ... meta - metainformation about package
+///               tgz  - tarball
+
+const process = require("node:process");
+
+module.paths.unshift("@@libdir@@/node_modules/npm/node_modules");
+
+const cacache = require('cacache')
+const fs = require('fs')
+
+// argv[0] is 'node', argv[1] is this script
+const cache_dir = process.argv[2]
+const type      = process.argv[3]
+const key       = process.argv[4]
+const file      = process.argv[5]
+
+const data = fs.readFileSync(file)
+
+// metadata content is highly nodejs dependent; when cache entries are not
+// found, place debug statements in 'make-fetch-happen/lib/cache/policy.js'
+// (CachePolicy::satisfies())
+const xlate = {
+    'meta': {
+	'key_prefix': 'make-fetch-happen:request-cache:',
+	'metadata': function() {
+	    return {
+		time: Date.now(),
+		url:  key,
+		reqHeaders: {
+		    'accept': 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*',
+		},
+		resHeaders: {
+		    "content-type": "application/json",
+		    "status": 200,
+		},
+		options: {
+		    compress: true,
+		}
+	    };
+	},
+    },
+
+    'tgz': {
+	'key_prefix': 'make-fetch-happen:request-cache:',
+	'metadata': function() {
+	    return {
+		time: Date.now(),
+		url:  key,
+		reqHeaders: {
+		    'accept': '*/*',
+		},
+		resHeaders: {
+		    "content-type": "application/octet-stream",
+		    "status": 200,
+		},
+		options: {
+		    compress: true,
+		},
+	    };
+	},
+    },
+};
+
+const info = xlate[type];
+let opts = {}
+
+if (info.metadata) {
+    opts['metadata'] = info.metadata();
+}
+
+cacache.put(cache_dir, info.key_prefix + key, data, opts)
+    .then(integrity => {
+	console.log(`Saved content of ${key} (${file}).`);
+})
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.20.bb b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.20.bb
new file mode 100644
index 0000000000..a61dd5018f
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.20.bb
@@ -0,0 +1,21 @@
+DESCRIPTION = "OE helper for manipulating npm cache"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
+
+SRC_URI = "\
+    file://oe-npm-cache \
+"
+
+inherit native
+
+B = "${WORKDIR}/build"
+
+do_configure() {
+    sed -e 's!@@libdir@@!${libdir}!g' < '${WORKDIR}/oe-npm-cache' > '${B}/oe-npm-cache'
+}
+
+do_install() {
+    install -D -p -m 0755 ${B}/oe-npm-cache ${D}${bindir}/oe-npm-cache
+}
+
+RDEPENDS:${PN} = "nodejs-native"
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0001-Nodejs-Fixed-pipes-DeprecationWarning.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Nodejs-Fixed-pipes-DeprecationWarning.patch
new file mode 100644
index 0000000000..1f54d444d7
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Nodejs-Fixed-pipes-DeprecationWarning.patch
@@ -0,0 +1,35 @@
+From 70a008c59992b0ac6a868530bc3e249b7777ab95 Mon Sep 17 00:00:00 2001
+From: Archana Polampalli <archana.polampalli@windriver.com>
+Date: Fri, 16 Dec 2022 05:19:06 +0000
+Subject: [PATCH] Nodejs: Fixed pipes DeprecationWarning
+
+DeprecationWarning: 'pipes' is deprecated and slated for removal in Python 3.13
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ configure.py | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/configure.py b/configure.py
+index d3192ca04c..8d279220fd 100755
+--- a/configure.py
++++ b/configure.py
+@@ -5,7 +5,6 @@ import sys
+ import errno
+ import argparse
+ import os
+-import pipes
+ import pprint
+ import re
+ import shlex
+@@ -2041,7 +2040,7 @@ write('config.gypi', do_not_edit +
+       pprint.pformat(output, indent=2, width=1024) + '\n')
+
+ write('config.status', '#!/bin/sh\nset -x\nexec ./configure ' +
+-      ' '.join([pipes.quote(arg) for arg in original_argv]) + '\n')
++      ' '.join([shlex.quote(arg) for arg in original_argv]) + '\n')
+ os.chmod('config.status', 0o775)
+
+
+--
+2.34.1
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch
index 8db1f1dd54..445aaf8398 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch
@@ -3,14 +3,17 @@ From: Guillaume Burel <guillaume.burel@stormshield.eu>
 Date: Fri, 3 Jan 2020 11:25:54 +0100
 Subject: [PATCH] Using native binaries
 
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
 ---
- node.gyp                 |  4 ++--
- tools/v8_gypfiles/v8.gyp | 11 ++++-------
- 2 files changed, 6 insertions(+), 9 deletions(-)
+ node.gyp                 | 2 ++
+ tools/v8_gypfiles/v8.gyp | 5 +++++
+ 2 files changed, 7 insertions(+)
 
+diff --git a/node.gyp b/node.gyp
+index 24505da7ba..7d41bd52db 100644
 --- a/node.gyp
 +++ b/node.gyp
-@@ -294,6 +294,7 @@
+@@ -319,6 +319,7 @@
                'action_name': 'run_mkcodecache',
                'process_outputs_as_sources': 1,
                'inputs': [
@@ -18,14 +21,16 @@ Subject: [PATCH] Using native binaries
                  '<(mkcodecache_exec)',
                ],
                'outputs': [
-@@ -319,6 +320,7 @@
-               'action_name': 'node_mksnapshot',
-               'process_outputs_as_sources': 1,
-               'inputs': [
-+                '<(PRODUCT_DIR)/v8-qemu-wrapper.sh',
-                 '<(node_mksnapshot_exec)',
-               ],
-               'outputs': [
+@@ -366,6 +367,7 @@
+                   'action_name': 'node_mksnapshot',
+                   'process_outputs_as_sources': 1,
+                   'inputs': [
++                    '<(PRODUCT_DIR)/v8-qemu-wrapper.sh',
+                     '<(node_mksnapshot_exec)',
+                   ],
+                   'outputs': [
+diff --git a/tools/v8_gypfiles/v8.gyp b/tools/v8_gypfiles/v8.gyp
+index ed042f8829..371b8e02c2 100644
 --- a/tools/v8_gypfiles/v8.gyp
 +++ b/tools/v8_gypfiles/v8.gyp
 @@ -68,6 +68,7 @@
@@ -40,11 +45,11 @@ Subject: [PATCH] Using native binaries
              '<@(torque_outputs_inc)',
            ],
            'action': [
-+	    '<(PRODUCT_DIR)/v8-qemu-wrapper.sh',
++            '<(PRODUCT_DIR)/v8-qemu-wrapper.sh',
              '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)torque<(EXECUTABLE_SUFFIX)',
              '-o', '<(SHARED_INTERMEDIATE_DIR)/torque-generated',
              '-v8-root', '<(V8_ROOT)',
-@@ -225,6 +227,7 @@
+@@ -211,6 +213,7 @@
          {
            'action_name': 'generate_bytecode_builtins_list_action',
            'inputs': [
@@ -52,7 +57,7 @@ Subject: [PATCH] Using native binaries
              '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)bytecode_builtins_list_generator<(EXECUTABLE_SUFFIX)',
            ],
            'outputs': [
-@@ -415,6 +418,7 @@
+@@ -395,6 +398,7 @@
              ],
            },
            'inputs': [
@@ -60,7 +65,7 @@ Subject: [PATCH] Using native binaries
              '<(mksnapshot_exec)',
            ],
            'outputs': [
-@@ -1548,6 +1552,7 @@
+@@ -1513,6 +1517,7 @@
          {
            'action_name': 'run_gen-regexp-special-case_action',
            'inputs': [
@@ -68,3 +73,6 @@ Subject: [PATCH] Using native binaries
              '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)gen-regexp-special-case<(EXECUTABLE_SUFFIX)',
            ],
            'outputs': [
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch
deleted file mode 100644
index 5cb2e97015..0000000000
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 62ddf8499747fb1e366477d666c0634ad50039a9 Mon Sep 17 00:00:00 2001
-From: Elliott Sales de Andrade <quantum.analyst@gmail.com>
-Date: Tue, 19 Mar 2019 23:22:40 -0400
-Subject: [PATCH 2/2] Install both binaries and use libdir.
-
-This allows us to build with a shared library for other users while
-still providing the normal executable.
-
-Taken from - https://src.fedoraproject.org/rpms/nodejs/raw/rawhide/f/0002-Install-both-binaries-and-use-libdir.patch
-
-Upstream-Status: Pending
-
-Signed-off-by: Elliott Sales de Andrade <quantum.analyst@gmail.com>
-Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- configure.py     |  7 +++++++
- tools/install.py | 21 +++++++++------------
- 2 files changed, 16 insertions(+), 12 deletions(-)
-
-diff --git a/configure.py b/configure.py
-index 6efb98c2316f089f3167e486282593245373af3f..a6d2ec939e4480dfae703f3978067537abf9f0f0 100755
---- a/configure.py
-+++ b/configure.py
-@@ -721,10 +721,16 @@ parser.add_argument('--shared',
-     dest='shared',
-     default=None,
-     help='compile shared library for embedding node in another project. ' +
-          '(This mode is not officially supported for regular applications)')
- 
-+parser.add_argument('--libdir',
-+    action='store',
-+    dest='libdir',
-+    default='lib',
-+    help='a directory to install the shared library into')
-+
- parser.add_argument('--without-v8-platform',
-     action='store_true',
-     dest='without_v8_platform',
-     default=False,
-     help='do not initialize v8 platform during node.js startup. ' +
-@@ -1305,10 +1311,11 @@ def configure_node(o):
-     o['variables']['debug_nghttp2'] = 'false'
- 
-   o['variables']['node_no_browser_globals'] = b(options.no_browser_globals)
- 
-   o['variables']['node_shared'] = b(options.shared)
-+  o['variables']['libdir'] = options.libdir
-   node_module_version = getmoduleversion.get_version()
- 
-   if options.dest_os == 'android':
-     shlib_suffix = 'so'
-   elif sys.platform == 'darwin':
-diff --git a/tools/install.py b/tools/install.py
-index 41cc1cbc60a9480cc08df3aa0ebe582c2becc3a2..11208f9e7166ab60da46d5ace2257c239a7e9263 100755
---- a/tools/install.py
-+++ b/tools/install.py
-@@ -128,26 +128,23 @@ def subdir_files(path, dest, action):
-   for subdir, files_in_path in ret.items():
-     action(files_in_path, subdir + '/')
- 
- def files(action):
-   is_windows = sys.platform == 'win32'
--  output_file = 'node'
-   output_prefix = 'out/Release/'
-+  output_libprefix = output_prefix
- 
--  if 'false' == variables.get('node_shared'):
--    if is_windows:
--      output_file += '.exe'
-+  if is_windows:
-+    output_bin = 'node.exe'
-+    output_lib = 'node.dll'
-   else:
--    if is_windows:
--      output_file += '.dll'
--    else:
--      output_file = 'lib' + output_file + '.' + variables.get('shlib_suffix')
-+    output_bin = 'node'
-+    output_lib = 'libnode.' + variables.get('shlib_suffix')
- 
--  if 'false' == variables.get('node_shared'):
--    action([output_prefix + output_file], 'bin/' + output_file)
--  else:
--    action([output_prefix + output_file], 'lib/' + output_file)
-+  action([output_prefix + output_bin], 'bin/' + output_bin)
-+  if 'true' == variables.get('node_shared'):
-+    action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib)
- 
-   if 'true' == variables.get('node_use_dtrace'):
-     action(['out/Release/node.d'], 'lib/dtrace/node.d')
- 
-   # behave similarly for systemtap
--- 
-2.33.0
-
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
deleted file mode 100644
index 4d238c03f4..0000000000
--- a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001
-From: Daniel Bevenius <daniel.bevenius@gmail.com>
-Date: Sat, 16 Oct 2021 08:50:16 +0200
-Subject: [PATCH] src: add --openssl-legacy-provider option
-
-This commit adds an option to Node.js named --openssl-legacy-provider
-and if specified will load OpenSSL 3.0 Legacy provider.
-
-$ ./node --help
-...
---openssl-legacy-provider  enable OpenSSL 3.0 legacy provider
-
-Example usage:
-
-$ ./node --openssl-legacy-provider  -p 'crypto.createHash("md4")'
-Hash {
-  _options: undefined,
-  [Symbol(kHandle)]: Hash {},
-  [Symbol(kState)]: { [Symbol(kFinalized)]: false }
-}
-
-Co-authored-by: Richard Lau <rlau@redhat.com>
-Signed-off-by: Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Upstream-Status: Backport [https://github.com/nodejs/node/issues/40455]
----
- doc/api/cli.md                                         | 10 ++++++++++
- src/crypto/crypto_util.cc                              | 10 ++++++++++
- src/node_options.cc                                    | 10 ++++++++++
- src/node_options.h                                     |  7 +++++++
- .../test-process-env-allowed-flags-are-documented.js   |  5 +++++
- 5 files changed, 42 insertions(+)
-
-diff --git a/doc/api/cli.md b/doc/api/cli.md
-index 74057706bf8d..608b9cdeddf1 100644
---- a/doc/api/cli.md
-+++ b/doc/api/cli.md
-@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be
- used to enable FIPS-compliant crypto if Node.js is built
- against FIPS-enabled OpenSSL.
- 
-+### `--openssl-legacy-provider`
-+<!-- YAML
-+added: REPLACEME
-+-->
-+
-+Enable OpenSSL 3.0 legacy provider. For more information please see
-+[providers readme][].
-+
- ### `--pending-deprecation`
- 
- <!-- YAML
-@@ -1544,6 +1552,7 @@ Node.js options that are allowed are:
- * `--no-warnings`
- * `--node-memory-debug`
- * `--openssl-config`
-+* `--openssl-legacy-provider`
- * `--pending-deprecation`
- * `--policy-integrity`
- * `--preserve-symlinks-main`
-@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js
- [emit_warning]: process.md#processemitwarningwarning-options
- [jitless]: https://v8.dev/blog/jitless
- [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html
-+[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md
- [remote code execution]: https://www.owasp.org/index.php/Code_Injection
- [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure
- [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
-diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
-index 7e0c8ba3eb60..796ea3025e41 100644
---- a/src/crypto/crypto_util.cc
-+++ b/src/crypto/crypto_util.cc
-@@ -148,6 +148,16 @@ void InitCryptoOnce() {
-   }
- #endif
- 
-+#if OPENSSL_VERSION_MAJOR >= 3
-+  // --openssl-legacy-provider
-+  if (per_process::cli_options->openssl_legacy_provider) {
-+    OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy");
-+    if (legacy_provider == nullptr) {
-+      fprintf(stderr, "Unable to load legacy provider.\n");
-+    }
-+  }
-+#endif
-+
-   OPENSSL_init_ssl(0, settings);
-   OPENSSL_INIT_free(settings);
-   settings = nullptr;
-diff --git a/src/node_options.cc b/src/node_options.cc
-index 00bdc6688a4c..3363860919a9 100644
---- a/src/node_options.cc
-+++ b/src/node_options.cc
-@@ -4,6 +4,9 @@
- #include "env-inl.h"
- #include "node_binding.h"
- #include "node_internals.h"
-+#if HAVE_OPENSSL
-+#include "openssl/opensslv.h"
-+#endif
- 
- #include <errno.h>
- #include <sstream>
-diff --git a/src/node_options.h b/src/node_options.h
-index fd772478d04d..1c0e018ab16f 100644
---- a/src/node_options.h
-+++ b/src/node_options.h
-@@ -11,6 +11,10 @@
- #include "node_mutex.h"
- #include "util.h"
- 
-+#if HAVE_OPENSSL
-+#include "openssl/opensslv.h"
-+#endif
-+
- namespace node {
- 
- class HostPort {
-@@ -251,6 +255,9 @@ class PerProcessOptions : public Options {
-   bool enable_fips_crypto = false;
-   bool force_fips_crypto = false;
- #endif
-+#if OPENSSL_VERSION_MAJOR >= 3
-+  bool openssl_legacy_provider = false;
-+#endif
- 
-   // Per-process because reports can be triggered outside a known V8 context.
-   bool report_on_fatalerror = false;
-diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js
-index 64626b71f019..8a4e35997907 100644
---- a/test/parallel/test-process-env-allowed-flags-are-documented.js
-+++ b/test/parallel/test-process-env-allowed-flags-are-documented.js
-@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) {
-   }
- }
- 
-+if (!common.hasOpenSSL3) {
-+  documented.delete('--openssl-legacy-provider');
-+}
-+
- // Filter out options that are conditionally present.
- const conditionalOpts = [
-   {
-@@ -50,6 +54,7 @@ const conditionalOpts = [
-     filter: (opt) => {
-       return [
-         '--openssl-config',
-+        common.hasOpenSSL3 ? '--openssl-legacy-provider' : '',
-         '--tls-cipher-list',
-         '--use-bundled-ca',
-         '--use-openssl-ca',
-
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-25883.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-25883.patch
new file mode 100644
index 0000000000..4c73b556f9
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-25883.patch
@@ -0,0 +1,262 @@
+From 717534ee353682f3bcf33e60a8af4292626d4441 Mon Sep 17 00:00:00 2001
+From: Luke Karrys <luke@lukekarrys.com>
+Date: Thu, 15 Jun 2023 12:21:14 -0700
+Subject: [PATCH] fix: better handling of whitespace (#564)
+
+CVE: CVE-2022-25883
+
+Upstream-Status: Backport [https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ .../node_modules/semver/classes/comparator.js |  3 +-
+ deps/npm/node_modules/semver/classes/range.js | 64 +++++++++++--------
+ .../npm/node_modules/semver/classes/semver.js |  2 +-
+ .../node_modules/semver/functions/coerce.js   |  2 +-
+ deps/npm/node_modules/semver/internal/re.js   | 11 ++++
+ deps/npm/node_modules/semver/package.json     |  2 +-
+ 6 files changed, 53 insertions(+), 31 deletions(-)
+
+diff --git a/deps/npm/node_modules/semver/classes/comparator.js b/deps/npm/node_modules/semver/classes/comparator.js
+index 62cd204..c909446 100644
+--- a/deps/npm/node_modules/semver/classes/comparator.js
++++ b/deps/npm/node_modules/semver/classes/comparator.js
+@@ -16,6 +16,7 @@ class Comparator {
+       }
+     }
+
++    comp = comp.trim().split(/\s+/).join(' ')
+     debug('comparator', comp, options)
+     this.options = options
+     this.loose = !!options.loose
+@@ -129,7 +130,7 @@ class Comparator {
+ module.exports = Comparator
+
+ const parseOptions = require('../internal/parse-options')
+-const { re, t } = require('../internal/re')
++const { safeRe: re, t } = require('../internal/re')
+ const cmp = require('../functions/cmp')
+ const debug = require('../internal/debug')
+ const SemVer = require('./semver')
+diff --git a/deps/npm/node_modules/semver/classes/range.js b/deps/npm/node_modules/semver/classes/range.js
+index 7dc24bc..8e2e1f9 100644
+--- a/deps/npm/node_modules/semver/classes/range.js
++++ b/deps/npm/node_modules/semver/classes/range.js
+@@ -26,19 +26,26 @@ class Range {
+     this.loose = !!options.loose
+     this.includePrerelease = !!options.includePrerelease
+
+-    // First, split based on boolean or ||
++    // First reduce all whitespace as much as possible so we do not have to rely
++    // on potentially slow regexes like \s*. This is then stored and used for
++    // future error messages as well.
+     this.raw = range
+-    this.set = range
++      .trim()
++      .split(/\s+/)
++      .join(' ')
++
++    // First, split on ||
++    this.set = this.raw
+       .split('||')
+       // map the range to a 2d array of comparators
+-      .map(r => this.parseRange(r.trim()))
++      .map(r => this.parseRange(r))
+       // throw out any comparator lists that are empty
+       // this generally means that it was not a valid range, which is allowed
+       // in loose mode, but will still throw if the WHOLE range is invalid.
+       .filter(c => c.length)
+
+     if (!this.set.length) {
+-      throw new TypeError(`Invalid SemVer Range: ${range}`)
++      throw new TypeError(`Invalid SemVer Range: ${this.raw}`)
+     }
+
+     // if we have any that are not the null set, throw out null sets.
+@@ -64,9 +71,7 @@ class Range {
+
+   format () {
+     this.range = this.set
+-      .map((comps) => {
+-        return comps.join(' ').trim()
+-      })
++      .map((comps) => comps.join(' ').trim())
+       .join('||')
+       .trim()
+     return this.range
+@@ -77,8 +82,6 @@ class Range {
+   }
+
+   parseRange (range) {
+-    range = range.trim()
+-
+     // memoize range parsing for performance.
+     // this is a very hot path, and fully deterministic.
+     const memoOpts = Object.keys(this.options).join(',')
+@@ -103,9 +106,6 @@ class Range {
+     // `^ 1.2.3` => `^1.2.3`
+     range = range.replace(re[t.CARETTRIM], caretTrimReplace)
+
+-    // normalize spaces
+-    range = range.split(/\s+/).join(' ')
+-
+     // At this point, the range is completely trimmed and
+     // ready to be split into comparators.
+
+@@ -200,7 +200,7 @@ const Comparator = require('./comparator')
+ const debug = require('../internal/debug')
+ const SemVer = require('./semver')
+ const {
+-  re,
++  safeRe: re,
+   t,
+   comparatorTrimReplace,
+   tildeTrimReplace,
+@@ -252,10 +252,13 @@ const isX = id => !id || id.toLowerCase() === 'x' || id === '*'
+ // ~1.2, ~1.2.x, ~>1.2, ~>1.2.x --> >=1.2.0 <1.3.0-0
+ // ~1.2.3, ~>1.2.3 --> >=1.2.3 <1.3.0-0
+ // ~1.2.0, ~>1.2.0 --> >=1.2.0 <1.3.0-0
+-const replaceTildes = (comp, options) =>
+-  comp.trim().split(/\s+/).map((c) => {
+-    return replaceTilde(c, options)
+-  }).join(' ')
++const replaceTildes = (comp, options) => {
++  return comp
++    .trim()
++    .split(/\s+/)
++    .map((c) => replaceTilde(c, options))
++    .join(' ')
++}
+
+ const replaceTilde = (comp, options) => {
+   const r = options.loose ? re[t.TILDELOOSE] : re[t.TILDE]
+@@ -291,10 +294,13 @@ const replaceTilde = (comp, options) => {
+ // ^1.2, ^1.2.x --> >=1.2.0 <2.0.0-0
+ // ^1.2.3 --> >=1.2.3 <2.0.0-0
+ // ^1.2.0 --> >=1.2.0 <2.0.0-0
+-const replaceCarets = (comp, options) =>
+-  comp.trim().split(/\s+/).map((c) => {
+-    return replaceCaret(c, options)
+-  }).join(' ')
++const replaceCarets = (comp, options) => {
++  return comp
++    .trim()
++    .split(/\s+/)
++    .map((c) => replaceCaret(c, options))
++    .join(' ')
++}
+
+ const replaceCaret = (comp, options) => {
+   debug('caret', comp, options)
+@@ -351,9 +357,10 @@ const replaceCaret = (comp, options) => {
+
+ const replaceXRanges = (comp, options) => {
+   debug('replaceXRanges', comp, options)
+-  return comp.split(/\s+/).map((c) => {
+-    return replaceXRange(c, options)
+-  }).join(' ')
++  return comp
++    .split(/\s+/)
++    .map((c) => replaceXRange(c, options))
++    .join(' ')
+ }
+
+ const replaceXRange = (comp, options) => {
+@@ -436,12 +443,15 @@ const replaceXRange = (comp, options) => {
+ const replaceStars = (comp, options) => {
+   debug('replaceStars', comp, options)
+   // Looseness is ignored here.  star is always as loose as it gets!
+-  return comp.trim().replace(re[t.STAR], '')
++  return comp
++    .trim()
++    .replace(re[t.STAR], '')
+ }
+
+ const replaceGTE0 = (comp, options) => {
+   debug('replaceGTE0', comp, options)
+-  return comp.trim()
++  return comp
++    .trim()
+     .replace(re[options.includePrerelease ? t.GTE0PRE : t.GTE0], '')
+ }
+
+@@ -479,7 +489,7 @@ const hyphenReplace = incPr => ($0,
+     to = `<=${to}`
+   }
+
+-  return (`${from} ${to}`).trim()
++  return `${from} ${to}`.trim()
+ }
+
+ const testSet = (set, version, options) => {
+diff --git a/deps/npm/node_modules/semver/classes/semver.js b/deps/npm/node_modules/semver/classes/semver.js
+index af62955..ad4e877 100644
+--- a/deps/npm/node_modules/semver/classes/semver.js
++++ b/deps/npm/node_modules/semver/classes/semver.js
+@@ -1,6 +1,6 @@
+ const debug = require('../internal/debug')
+ const { MAX_LENGTH, MAX_SAFE_INTEGER } = require('../internal/constants')
+-const { re, t } = require('../internal/re')
++const { safeRe: re, t } = require('../internal/re')
+
+ const parseOptions = require('../internal/parse-options')
+ const { compareIdentifiers } = require('../internal/identifiers')
+diff --git a/deps/npm/node_modules/semver/functions/coerce.js b/deps/npm/node_modules/semver/functions/coerce.js
+index 2e01452..febbff9 100644
+--- a/deps/npm/node_modules/semver/functions/coerce.js
++++ b/deps/npm/node_modules/semver/functions/coerce.js
+@@ -1,6 +1,6 @@
+ const SemVer = require('../classes/semver')
+ const parse = require('./parse')
+-const { re, t } = require('../internal/re')
++const { safeRe: re, t } = require('../internal/re')
+
+ const coerce = (version, options) => {
+   if (version instanceof SemVer) {
+diff --git a/deps/npm/node_modules/semver/internal/re.js b/deps/npm/node_modules/semver/internal/re.js
+index ed88398..f73ef1a 100644
+--- a/deps/npm/node_modules/semver/internal/re.js
++++ b/deps/npm/node_modules/semver/internal/re.js
+@@ -4,16 +4,27 @@ exports = module.exports = {}
+
+ // The actual regexps go on exports.re
+ const re = exports.re = []
++const safeRe = exports.safeRe = []
+ const src = exports.src = []
+ const t = exports.t = {}
+ let R = 0
+
+ const createToken = (name, value, isGlobal) => {
++  // Replace all greedy whitespace to prevent regex dos issues. These regex are
++  // used internally via the safeRe object since all inputs in this library get
++  // normalized first to trim and collapse all extra whitespace. The original
++  // regexes are exported for userland consumption and lower level usage. A
++  // future breaking change could export the safer regex only with a note that
++  // all input should have extra whitespace removed.
++  const safe = value
++    .split('\\s*').join('\\s{0,1}')
++    .split('\\s+').join('\\s')
+   const index = R++
+   debug(name, index, value)
+   t[name] = index
+   src[index] = value
+   re[index] = new RegExp(value, isGlobal ? 'g' : undefined)
++  safeRe[index] = new RegExp(safe, isGlobal ? 'g' : undefined)
+ }
+
+ // The following Regular Expressions can be used for tokenizing,
+diff --git a/deps/npm/node_modules/semver/package.json b/deps/npm/node_modules/semver/package.json
+index 7898f59..d8ae619 100644
+--- a/deps/npm/node_modules/semver/package.json
++++ b/deps/npm/node_modules/semver/package.json
+@@ -40,7 +40,7 @@
+     "range.bnf"
+   ],
+   "tap": {
+-    "check-coverage": true,
++    "timeout": 30,
+     "coverage-map": "map.js"
+   },
+   "engines": {
+--
+2.40.0
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2023-46809.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2023-46809.patch
new file mode 100644
index 0000000000..991d39fcf9
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2023-46809.patch
@@ -0,0 +1,625 @@
+From d3d357ab096884f10f5d2f164149727eea875635 Mon Sep 17 00:00:00 2001
+From: Michael Dawson <midawson@redhat.com>
+Date: Thu, 4 Jan 2024 21:32:51 +0000
+Subject: [PATCH] crypto: disable PKCS#1 padding for privateDecrypt
+
+Refs: https://hackerone.com/bugs?subject=nodejs&report_id=2269177
+
+Disable RSA_PKCS1_PADDING for crypto.privateDecrypt() in order
+to protect against the Marvin attack.
+
+Includes a security revert flag that can be used to restore
+support.
+
+Signed-off-by: Michael Dawson <midawson@redhat.com>
+PR-URL: https://github.com/nodejs-private/node-private/pull/525
+Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
+Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
+
+CVE-ID: CVE-2023-46809
+
+Upstream-Status: Backport [https://github.com/nodejs/node/commit/d3d357ab096884f1]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/crypto/crypto_cipher.cc                 |  28 ++
+ src/node_revert.h                           |   1 +
+ test/parallel/test-crypto-rsa-dsa-revert.js | 475 ++++++++++++++++++++
+ test/parallel/test-crypto-rsa-dsa.js        |  42 +-
+ 4 files changed, 533 insertions(+), 13 deletions(-)
+ create mode 100644 test/parallel/test-crypto-rsa-dsa-revert.js
+
+diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc
+index 10579ce..0311c68 100644
+--- a/src/crypto/crypto_cipher.cc
++++ b/src/crypto/crypto_cipher.cc
+@@ -6,6 +6,7 @@
+ #include "node_buffer.h"
+ #include "node_internals.h"
+ #include "node_process-inl.h"
++#include "node_revert.h"
+ #include "v8.h"
+
+ namespace node {
+@@ -1061,6 +1062,33 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
+   uint32_t padding;
+   if (!args[offset + 1]->Uint32Value(env->context()).To(&padding)) return;
+
++  if (EVP_PKEY_cipher == EVP_PKEY_decrypt &&
++      operation == PublicKeyCipher::kPrivate && padding == RSA_PKCS1_PADDING &&
++      !IsReverted(SECURITY_REVERT_CVE_2023_46809)) {
++    EVPKeyCtxPointer ctx(EVP_PKEY_CTX_new(pkey.get(), nullptr));
++    CHECK(ctx);
++
++    if (EVP_PKEY_decrypt_init(ctx.get()) <= 0) {
++      return ThrowCryptoError(env, ERR_get_error());
++    }
++
++    int rsa_pkcs1_implicit_rejection =
++        EVP_PKEY_CTX_ctrl_str(ctx.get(), "rsa_pkcs1_implicit_rejection", "1");
++    // From the doc -2 means that the option is not supported.
++    // The default for the option is enabled and if it has been
++    // specifically disabled we want to respect that so we will
++    // not throw an error if the option is supported regardless
++    // of how it is set. The call to set the value
++    // will not affect what is used since a different context is
++    // used in the call if the option is supported
++    if (rsa_pkcs1_implicit_rejection <= 0) {
++      return THROW_ERR_INVALID_ARG_VALUE(
++          env,
++          "RSA_PKCS1_PADDING is no longer supported for private decryption,"
++          " this can be reverted with --security-revert=CVE-2023-46809");
++    }
++  }
++
+   const EVP_MD* digest = nullptr;
+   if (args[offset + 2]->IsString()) {
+     const Utf8Value oaep_str(env->isolate(), args[offset + 2]);
+diff --git a/src/node_revert.h b/src/node_revert.h
+index 83dcb62..bc2a288 100644
+--- a/src/node_revert.h
++++ b/src/node_revert.h
+@@ -18,6 +18,7 @@ namespace node {
+ #define SECURITY_REVERSIONS(XX)                                            \
+   XX(CVE_2021_44531, "CVE-2021-44531", "Cert Verif Bypass via URI SAN")    \
+   XX(CVE_2021_44532, "CVE-2021-44532", "Cert Verif Bypass via Str Inject") \
++  XX(CVE_2023_46809, "CVE-2023-46809", "Marvin attack on PKCS#1 padding") \
+ //  XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")
+
+ enum reversion {
+diff --git a/test/parallel/test-crypto-rsa-dsa-revert.js b/test/parallel/test-crypto-rsa-dsa-revert.js
+new file mode 100644
+index 0000000..84ec8f6
+--- /dev/null
++++ b/test/parallel/test-crypto-rsa-dsa-revert.js
+@@ -0,0 +1,475 @@
++'use strict';
++// Flags: --security-revert=CVE-2023-46809
++const common = require('../common');
++if (!common.hasCrypto)
++  common.skip('missing crypto');
++
++const assert = require('assert');
++const crypto = require('crypto');
++
++const constants = crypto.constants;
++
++const fixtures = require('../common/fixtures');
++
++// Test certificates
++const certPem = fixtures.readKey('rsa_cert.crt');
++const keyPem = fixtures.readKey('rsa_private.pem');
++const rsaKeySize = 2048;
++const rsaPubPem = fixtures.readKey('rsa_public.pem', 'ascii');
++const rsaKeyPem = fixtures.readKey('rsa_private.pem', 'ascii');
++const rsaKeyPemEncrypted = fixtures.readKey('rsa_private_encrypted.pem',
++                                            'ascii');
++const dsaPubPem = fixtures.readKey('dsa_public.pem', 'ascii');
++const dsaKeyPem = fixtures.readKey('dsa_private.pem', 'ascii');
++const dsaKeyPemEncrypted = fixtures.readKey('dsa_private_encrypted.pem',
++                                            'ascii');
++const rsaPkcs8KeyPem = fixtures.readKey('rsa_private_pkcs8.pem');
++const dsaPkcs8KeyPem = fixtures.readKey('dsa_private_pkcs8.pem');
++
++const ec = new TextEncoder();
++
++const openssl1DecryptError = {
++  message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:' +
++    'bad decrypt',
++  code: 'ERR_OSSL_EVP_BAD_DECRYPT',
++  reason: 'bad decrypt',
++  function: 'EVP_DecryptFinal_ex',
++  library: 'digital envelope routines',
++};
++
++const decryptError = common.hasOpenSSL3 ?
++  { message: 'error:1C800064:Provider routines::bad decrypt' } :
++  openssl1DecryptError;
++
++const decryptPrivateKeyError = common.hasOpenSSL3 ? {
++  message: 'error:1C800064:Provider routines::bad decrypt',
++} : openssl1DecryptError;
++
++function getBufferCopy(buf) {
++  return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);
++}
++
++// Test RSA encryption/decryption
++{
++  const input = 'I AM THE WALRUS';
++  const bufferToEncrypt = Buffer.from(input);
++  const bufferPassword = Buffer.from('password');
++
++  let encryptedBuffer = crypto.publicEncrypt(rsaPubPem, bufferToEncrypt);
++
++  // Test other input types
++  let otherEncrypted;
++  {
++    const ab = getBufferCopy(ec.encode(rsaPubPem));
++    const ab2enc = getBufferCopy(bufferToEncrypt);
++
++    crypto.publicEncrypt(ab, ab2enc);
++    crypto.publicEncrypt(new Uint8Array(ab), new Uint8Array(ab2enc));
++    crypto.publicEncrypt(new DataView(ab), new DataView(ab2enc));
++    otherEncrypted = crypto.publicEncrypt({
++      key: Buffer.from(ab).toString('hex'),
++      encoding: 'hex'
++    }, Buffer.from(ab2enc).toString('hex'));
++  }
++
++  let decryptedBuffer = crypto.privateDecrypt(rsaKeyPem, encryptedBuffer);
++  const otherDecrypted = crypto.privateDecrypt(rsaKeyPem, otherEncrypted);
++  assert.strictEqual(decryptedBuffer.toString(), input);
++  assert.strictEqual(otherDecrypted.toString(), input);
++
++  decryptedBuffer = crypto.privateDecrypt(rsaPkcs8KeyPem, encryptedBuffer);
++  assert.strictEqual(decryptedBuffer.toString(), input);
++
++  let decryptedBufferWithPassword = crypto.privateDecrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: 'password'
++  }, encryptedBuffer);
++
++  const otherDecryptedBufferWithPassword = crypto.privateDecrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: ec.encode('password')
++  }, encryptedBuffer);
++
++  assert.strictEqual(
++    otherDecryptedBufferWithPassword.toString(),
++    decryptedBufferWithPassword.toString());
++
++  decryptedBufferWithPassword = crypto.privateDecrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: 'password'
++  }, encryptedBuffer);
++
++  assert.strictEqual(decryptedBufferWithPassword.toString(), input);
++
++  encryptedBuffer = crypto.publicEncrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: 'password'
++  }, bufferToEncrypt);
++
++  decryptedBufferWithPassword = crypto.privateDecrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: 'password'
++  }, encryptedBuffer);
++  assert.strictEqual(decryptedBufferWithPassword.toString(), input);
++
++  encryptedBuffer = crypto.privateEncrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: bufferPassword
++  }, bufferToEncrypt);
++
++  decryptedBufferWithPassword = crypto.publicDecrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: bufferPassword
++  }, encryptedBuffer);
++  assert.strictEqual(decryptedBufferWithPassword.toString(), input);
++
++  // Now with explicit RSA_PKCS1_PADDING.
++  encryptedBuffer = crypto.privateEncrypt({
++    padding: crypto.constants.RSA_PKCS1_PADDING,
++    key: rsaKeyPemEncrypted,
++    passphrase: bufferPassword
++  }, bufferToEncrypt);
++
++  decryptedBufferWithPassword = crypto.publicDecrypt({
++    padding: crypto.constants.RSA_PKCS1_PADDING,
++    key: rsaKeyPemEncrypted,
++    passphrase: bufferPassword
++  }, encryptedBuffer);
++  assert.strictEqual(decryptedBufferWithPassword.toString(), input);
++
++  // Omitting padding should be okay because RSA_PKCS1_PADDING is the default.
++  decryptedBufferWithPassword = crypto.publicDecrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: bufferPassword
++  }, encryptedBuffer);
++  assert.strictEqual(decryptedBufferWithPassword.toString(), input);
++
++  // Now with RSA_NO_PADDING. Plaintext needs to match key size.
++  // OpenSSL 3.x has a rsa_check_padding that will cause an error if
++  // RSA_NO_PADDING is used.
++  if (!common.hasOpenSSL3) {
++    {
++      const plaintext = 'x'.repeat(rsaKeySize / 8);
++      encryptedBuffer = crypto.privateEncrypt({
++        padding: crypto.constants.RSA_NO_PADDING,
++        key: rsaKeyPemEncrypted,
++        passphrase: bufferPassword
++      }, Buffer.from(plaintext));
++
++      decryptedBufferWithPassword = crypto.publicDecrypt({
++        padding: crypto.constants.RSA_NO_PADDING,
++        key: rsaKeyPemEncrypted,
++        passphrase: bufferPassword
++      }, encryptedBuffer);
++      assert.strictEqual(decryptedBufferWithPassword.toString(), plaintext);
++    }
++  }
++
++  encryptedBuffer = crypto.publicEncrypt(certPem, bufferToEncrypt);
++
++  decryptedBuffer = crypto.privateDecrypt(keyPem, encryptedBuffer);
++  assert.strictEqual(decryptedBuffer.toString(), input);
++
++  encryptedBuffer = crypto.publicEncrypt(keyPem, bufferToEncrypt);
++
++  decryptedBuffer = crypto.privateDecrypt(keyPem, encryptedBuffer);
++  assert.strictEqual(decryptedBuffer.toString(), input);
++
++  encryptedBuffer = crypto.privateEncrypt(keyPem, bufferToEncrypt);
++
++  decryptedBuffer = crypto.publicDecrypt(keyPem, encryptedBuffer);
++  assert.strictEqual(decryptedBuffer.toString(), input);
++
++  assert.throws(() => {
++    crypto.privateDecrypt({
++      key: rsaKeyPemEncrypted,
++      passphrase: 'wrong'
++    }, bufferToEncrypt);
++  }, decryptError);
++
++  assert.throws(() => {
++    crypto.publicEncrypt({
++      key: rsaKeyPemEncrypted,
++      passphrase: 'wrong'
++    }, encryptedBuffer);
++  }, decryptError);
++
++  encryptedBuffer = crypto.privateEncrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: Buffer.from('password')
++  }, bufferToEncrypt);
++
++  assert.throws(() => {
++    crypto.publicDecrypt({
++      key: rsaKeyPemEncrypted,
++      passphrase: Buffer.from('wrong')
++    }, encryptedBuffer);
++  }, decryptError);
++}
++
++function test_rsa(padding, encryptOaepHash, decryptOaepHash) {
++  const size = (padding === 'RSA_NO_PADDING') ? rsaKeySize / 8 : 32;
++  const input = Buffer.allocUnsafe(size);
++  for (let i = 0; i < input.length; i++)
++    input[i] = (i * 7 + 11) & 0xff;
++  const bufferToEncrypt = Buffer.from(input);
++
++  padding = constants[padding];
++
++  const encryptedBuffer = crypto.publicEncrypt({
++    key: rsaPubPem,
++    padding: padding,
++    oaepHash: encryptOaepHash
++  }, bufferToEncrypt);
++
++  let decryptedBuffer = crypto.privateDecrypt({
++    key: rsaKeyPem,
++    padding: padding,
++    oaepHash: decryptOaepHash
++  }, encryptedBuffer);
++  assert.deepStrictEqual(decryptedBuffer, input);
++
++  decryptedBuffer = crypto.privateDecrypt({
++    key: rsaPkcs8KeyPem,
++    padding: padding,
++    oaepHash: decryptOaepHash
++  }, encryptedBuffer);
++  assert.deepStrictEqual(decryptedBuffer, input);
++}
++
++test_rsa('RSA_NO_PADDING');
++test_rsa('RSA_PKCS1_PADDING');
++test_rsa('RSA_PKCS1_OAEP_PADDING');
++
++// Test OAEP with different hash functions.
++test_rsa('RSA_PKCS1_OAEP_PADDING', undefined, 'sha1');
++test_rsa('RSA_PKCS1_OAEP_PADDING', 'sha1', undefined);
++test_rsa('RSA_PKCS1_OAEP_PADDING', 'sha256', 'sha256');
++test_rsa('RSA_PKCS1_OAEP_PADDING', 'sha512', 'sha512');
++assert.throws(() => {
++  test_rsa('RSA_PKCS1_OAEP_PADDING', 'sha256', 'sha512');
++}, {
++  code: 'ERR_OSSL_RSA_OAEP_DECODING_ERROR'
++});
++
++// The following RSA-OAEP test cases were created using the WebCrypto API to
++// ensure compatibility when using non-SHA1 hash functions.
++{
++  const { decryptionTests } =
++      JSON.parse(fixtures.readSync('rsa-oaep-test-vectors.js', 'utf8'));
++
++  for (const { ct, oaepHash, oaepLabel } of decryptionTests) {
++    const label = oaepLabel ? Buffer.from(oaepLabel, 'hex') : undefined;
++    const copiedLabel = oaepLabel ? getBufferCopy(label) : undefined;
++
++    const decrypted = crypto.privateDecrypt({
++      key: rsaPkcs8KeyPem,
++      oaepHash,
++      oaepLabel: oaepLabel ? label : undefined
++    }, Buffer.from(ct, 'hex'));
++
++    assert.strictEqual(decrypted.toString('utf8'), 'Hello Node.js');
++
++    const otherDecrypted = crypto.privateDecrypt({
++      key: rsaPkcs8KeyPem,
++      oaepHash,
++      oaepLabel: copiedLabel
++    }, Buffer.from(ct, 'hex'));
++
++    assert.strictEqual(otherDecrypted.toString('utf8'), 'Hello Node.js');
++  }
++}
++
++// Test invalid oaepHash and oaepLabel options.
++for (const fn of [crypto.publicEncrypt, crypto.privateDecrypt]) {
++  assert.throws(() => {
++    fn({
++      key: rsaPubPem,
++      oaepHash: 'Hello world'
++    }, Buffer.alloc(10));
++  }, {
++    code: 'ERR_OSSL_EVP_INVALID_DIGEST'
++  });
++
++  for (const oaepHash of [0, false, null, Symbol(), () => {}]) {
++    assert.throws(() => {
++      fn({
++        key: rsaPubPem,
++        oaepHash
++      }, Buffer.alloc(10));
++    }, {
++      code: 'ERR_INVALID_ARG_TYPE'
++    });
++  }
++
++  for (const oaepLabel of [0, false, null, Symbol(), () => {}, {}]) {
++    assert.throws(() => {
++      fn({
++        key: rsaPubPem,
++        oaepLabel
++      }, Buffer.alloc(10));
++    }, {
++      code: 'ERR_INVALID_ARG_TYPE'
++    });
++  }
++}
++
++// Test RSA key signing/verification
++let rsaSign = crypto.createSign('SHA1');
++let rsaVerify = crypto.createVerify('SHA1');
++assert.ok(rsaSign);
++assert.ok(rsaVerify);
++
++const expectedSignature = fixtures.readKey(
++  'rsa_public_sha1_signature_signedby_rsa_private_pkcs8.sha1',
++  'hex'
++);
++
++rsaSign.update(rsaPubPem);
++let rsaSignature = rsaSign.sign(rsaKeyPem, 'hex');
++assert.strictEqual(rsaSignature, expectedSignature);
++
++rsaVerify.update(rsaPubPem);
++assert.strictEqual(rsaVerify.verify(rsaPubPem, rsaSignature, 'hex'), true);
++
++// Test RSA PKCS#8 key signing/verification
++rsaSign = crypto.createSign('SHA1');
++rsaSign.update(rsaPubPem);
++rsaSignature = rsaSign.sign(rsaPkcs8KeyPem, 'hex');
++assert.strictEqual(rsaSignature, expectedSignature);
++
++rsaVerify = crypto.createVerify('SHA1');
++rsaVerify.update(rsaPubPem);
++assert.strictEqual(rsaVerify.verify(rsaPubPem, rsaSignature, 'hex'), true);
++
++// Test RSA key signing/verification with encrypted key
++rsaSign = crypto.createSign('SHA1');
++rsaSign.update(rsaPubPem);
++const signOptions = { key: rsaKeyPemEncrypted, passphrase: 'password' };
++rsaSignature = rsaSign.sign(signOptions, 'hex');
++assert.strictEqual(rsaSignature, expectedSignature);
++
++rsaVerify = crypto.createVerify('SHA1');
++rsaVerify.update(rsaPubPem);
++assert.strictEqual(rsaVerify.verify(rsaPubPem, rsaSignature, 'hex'), true);
++
++rsaSign = crypto.createSign('SHA1');
++rsaSign.update(rsaPubPem);
++assert.throws(() => {
++  const signOptions = { key: rsaKeyPemEncrypted, passphrase: 'wrong' };
++  rsaSign.sign(signOptions, 'hex');
++}, decryptPrivateKeyError);
++
++//
++// Test RSA signing and verification
++//
++{
++  const privateKey = fixtures.readKey('rsa_private_b.pem');
++  const publicKey = fixtures.readKey('rsa_public_b.pem');
++
++  const input = 'I AM THE WALRUS';
++
++  const signature = fixtures.readKey(
++    'I_AM_THE_WALRUS_sha256_signature_signedby_rsa_private_b.sha256',
++    'hex'
++  );
++
++  const sign = crypto.createSign('SHA256');
++  sign.update(input);
++
++  const output = sign.sign(privateKey, 'hex');
++  assert.strictEqual(output, signature);
++
++  const verify = crypto.createVerify('SHA256');
++  verify.update(input);
++
++  assert.strictEqual(verify.verify(publicKey, signature, 'hex'), true);
++
++  // Test the legacy signature algorithm name.
++  const sign2 = crypto.createSign('RSA-SHA256');
++  sign2.update(input);
++
++  const output2 = sign2.sign(privateKey, 'hex');
++  assert.strictEqual(output2, signature);
++
++  const verify2 = crypto.createVerify('SHA256');
++  verify2.update(input);
++
++  assert.strictEqual(verify2.verify(publicKey, signature, 'hex'), true);
++}
++
++
++//
++// Test DSA signing and verification
++//
++{
++  const input = 'I AM THE WALRUS';
++
++  // DSA signatures vary across runs so there is no static string to verify
++  // against.
++  const sign = crypto.createSign('SHA1');
++  sign.update(input);
++  const signature = sign.sign(dsaKeyPem, 'hex');
++
++  const verify = crypto.createVerify('SHA1');
++  verify.update(input);
++
++  assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true);
++
++  // Test the legacy 'DSS1' name.
++  const sign2 = crypto.createSign('DSS1');
++  sign2.update(input);
++  const signature2 = sign2.sign(dsaKeyPem, 'hex');
++
++  const verify2 = crypto.createVerify('DSS1');
++  verify2.update(input);
++
++  assert.strictEqual(verify2.verify(dsaPubPem, signature2, 'hex'), true);
++}
++
++
++//
++// Test DSA signing and verification with PKCS#8 private key
++//
++{
++  const input = 'I AM THE WALRUS';
++
++  // DSA signatures vary across runs so there is no static string to verify
++  // against.
++  const sign = crypto.createSign('SHA1');
++  sign.update(input);
++  const signature = sign.sign(dsaPkcs8KeyPem, 'hex');
++
++  const verify = crypto.createVerify('SHA1');
++  verify.update(input);
++
++  assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true);
++}
++
++
++//
++// Test DSA signing and verification with encrypted key
++//
++const input = 'I AM THE WALRUS';
++
++{
++  const sign = crypto.createSign('SHA1');
++  sign.update(input);
++  assert.throws(() => {
++    sign.sign({ key: dsaKeyPemEncrypted, passphrase: 'wrong' }, 'hex');
++  }, decryptPrivateKeyError);
++}
++
++{
++  // DSA signatures vary across runs so there is no static string to verify
++  // against.
++  const sign = crypto.createSign('SHA1');
++  sign.update(input);
++  const signOptions = { key: dsaKeyPemEncrypted, passphrase: 'password' };
++  const signature = sign.sign(signOptions, 'hex');
++
++  const verify = crypto.createVerify('SHA1');
++  verify.update(input);
++
++  assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true);
++}
+diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js
+index 9afcb38..fd27827 100644
+--- a/test/parallel/test-crypto-rsa-dsa.js
++++ b/test/parallel/test-crypto-rsa-dsa.js
+@@ -220,20 +220,36 @@ function test_rsa(padding, encryptOaepHash, decryptOaepHash) {
+     padding: padding,
+     oaepHash: encryptOaepHash
+   }, bufferToEncrypt);
++  if (padding === constants.RSA_PKCS1_PADDING) {
++    assert.throws(() => {
++      crypto.privateDecrypt({
++        key: rsaKeyPem,
++        padding: padding,
++        oaepHash: decryptOaepHash
++      }, encryptedBuffer);
++    }, { code: 'ERR_INVALID_ARG_VALUE' });
++    assert.throws(() => {
++      crypto.privateDecrypt({
++        key: rsaPkcs8KeyPem,
++        padding: padding,
++        oaepHash: decryptOaepHash
++      }, encryptedBuffer);
++    }, { code: 'ERR_INVALID_ARG_VALUE' });
++  } else {
++    let decryptedBuffer = crypto.privateDecrypt({
++      key: rsaKeyPem,
++      padding: padding,
++      oaepHash: decryptOaepHash
++    }, encryptedBuffer);
++    assert.deepStrictEqual(decryptedBuffer, input);
+
+-  let decryptedBuffer = crypto.privateDecrypt({
+-    key: rsaKeyPem,
+-    padding: padding,
+-    oaepHash: decryptOaepHash
+-  }, encryptedBuffer);
+-  assert.deepStrictEqual(decryptedBuffer, input);
+-
+-  decryptedBuffer = crypto.privateDecrypt({
+-    key: rsaPkcs8KeyPem,
+-    padding: padding,
+-    oaepHash: decryptOaepHash
+-  }, encryptedBuffer);
+-  assert.deepStrictEqual(decryptedBuffer, input);
++    decryptedBuffer = crypto.privateDecrypt({
++      key: rsaPkcs8KeyPem,
++      padding: padding,
++      oaepHash: decryptOaepHash
++    }, encryptedBuffer);
++    assert.deepStrictEqual(decryptedBuffer, input);
++  }
+ }
+
+ test_rsa('RSA_NO_PADDING');
+--
+2.40.0
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22019.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22019.patch
new file mode 100644
index 0000000000..ca1c7981cc
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22019.patch
@@ -0,0 +1,556 @@
+From 911cb33cdadab57a75f97186290ea8f3903a6171 Mon Sep 17 00:00:00 2001
+From: Paolo Insogna <paolo@cowtech.it>
+Date: Tue, 9 Jan 2024 18:10:04 +0100
+Subject: [PATCH] http: add maximum chunk extension size
+
+PR-URL: https://github.com/nodejs-private/node-private/pull/520
+Refs: https://github.com/nodejs-private/node-private/pull/518
+
+CVE-ID: CVE-2024-22019
+
+Upstream-Status: Backport [https://github.com/nodejs/node/commit/911cb33cdadab57a]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ deps/llhttp/CMakeLists.txt                    |   2 +-
+ deps/llhttp/include/llhttp.h                  |   7 +-
+ deps/llhttp/src/api.c                         |   7 +
+ deps/llhttp/src/llhttp.c                      | 122 ++++++++++++++--
+ doc/api/errors.md                             |  12 ++
+ lib/_http_server.js                           |   8 ++
+ src/node_http_parser.cc                       |  20 ++-
+ .../test-http-chunk-extensions-limit.js       | 131 ++++++++++++++++++
+ tools/update-llhttp.sh                        |   2 +-
+ 9 files changed, 292 insertions(+), 19 deletions(-)
+ create mode 100644 test/parallel/test-http-chunk-extensions-limit.js
+
+diff --git a/deps/llhttp/CMakeLists.txt b/deps/llhttp/CMakeLists.txt
+index d038203..747564a 100644
+--- a/deps/llhttp/CMakeLists.txt
++++ b/deps/llhttp/CMakeLists.txt
+@@ -1,7 +1,7 @@
+ cmake_minimum_required(VERSION 3.5.1)
+ cmake_policy(SET CMP0069 NEW)
+
+-project(llhttp VERSION 6.0.11)
++project(llhttp VERSION 6.1.0)
+ include(GNUInstallDirs)
+
+ set(CMAKE_C_STANDARD 99)
+diff --git a/deps/llhttp/include/llhttp.h b/deps/llhttp/include/llhttp.h
+index 2da66f1..78f27ab 100644
+--- a/deps/llhttp/include/llhttp.h
++++ b/deps/llhttp/include/llhttp.h
+@@ -2,8 +2,8 @@
+ #define INCLUDE_LLHTTP_H_
+
+ #define LLHTTP_VERSION_MAJOR 6
+-#define LLHTTP_VERSION_MINOR 0
+-#define LLHTTP_VERSION_PATCH 11
++#define LLHTTP_VERSION_MINOR 1
++#define LLHTTP_VERSION_PATCH 0
+
+ #ifndef LLHTTP_STRICT_MODE
+ # define LLHTTP_STRICT_MODE 0
+@@ -348,6 +348,9 @@ struct llhttp_settings_s {
+    */
+   llhttp_cb      on_headers_complete;
+
++  /* Possible return values 0, -1, HPE_USER */
++  llhttp_data_cb on_chunk_parameters;
++
+   /* Possible return values 0, -1, HPE_USER */
+   llhttp_data_cb on_body;
+
+diff --git a/deps/llhttp/src/api.c b/deps/llhttp/src/api.c
+index c4ce197..d3065b3 100644
+--- a/deps/llhttp/src/api.c
++++ b/deps/llhttp/src/api.c
+@@ -355,6 +355,13 @@ int llhttp__on_chunk_header(llhttp_t* s, const char* p, const char* endp) {
+ }
+
+
++int llhttp__on_chunk_parameters(llhttp_t* s, const char* p, const char* endp) {
++  int err;
++  SPAN_CALLBACK_MAYBE(s, on_chunk_parameters, p, endp - p);
++  return err;
++}
++
++
+ int llhttp__on_chunk_complete(llhttp_t* s, const char* p, const char* endp) {
+   int err;
+   CALLBACK_MAYBE(s, on_chunk_complete);
+diff --git a/deps/llhttp/src/llhttp.c b/deps/llhttp/src/llhttp.c
+index 5e7c5d1..5eb19f6 100644
+--- a/deps/llhttp/src/llhttp.c
++++ b/deps/llhttp/src/llhttp.c
+@@ -340,6 +340,8 @@ enum llparse_state_e {
+   s_n_llhttp__internal__n_invoke_is_equal_content_length,
+   s_n_llhttp__internal__n_chunk_size_almost_done,
+   s_n_llhttp__internal__n_chunk_parameters,
++  s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters,
++  s_n_llhttp__internal__n_chunk_parameters_ows,
+   s_n_llhttp__internal__n_chunk_size_otherwise,
+   s_n_llhttp__internal__n_chunk_size,
+   s_n_llhttp__internal__n_chunk_size_digit,
+@@ -539,6 +541,10 @@ int llhttp__on_body(
+     llhttp__internal_t* s, const unsigned char* p,
+     const unsigned char* endp);
+
++int llhttp__on_chunk_parameters(
++    llhttp__internal_t* s, const unsigned char* p,
++    const unsigned char* endp);
++
+ int llhttp__on_status(
+     llhttp__internal_t* s, const unsigned char* p,
+     const unsigned char* endp);
+@@ -1226,8 +1232,7 @@ static llparse_state_t llhttp__internal__run(
+           goto s_n_llhttp__internal__n_chunk_parameters;
+         }
+         case 2: {
+-          p++;
+-          goto s_n_llhttp__internal__n_chunk_size_almost_done;
++	  goto s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters;
+         }
+         default: {
+           goto s_n_llhttp__internal__n_error_10;
+@@ -1236,6 +1241,34 @@ static llparse_state_t llhttp__internal__run(
+       /* UNREACHABLE */;
+       abort();
+     }
++    case s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters:
++    s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters: {
++      if (p == endp) {
++        return s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
++      }
++      state->_span_pos0 = (void*) p;
++      state->_span_cb0 = llhttp__on_chunk_parameters;
++      goto s_n_llhttp__internal__n_chunk_parameters;
++      /* UNREACHABLE */;
++      abort();
++    }
++    case s_n_llhttp__internal__n_chunk_parameters_ows:
++    s_n_llhttp__internal__n_chunk_parameters_ows: {
++      if (p == endp) {
++        return s_n_llhttp__internal__n_chunk_parameters_ows;
++      }
++      switch (*p) {
++        case ' ': {
++          p++;
++          goto s_n_llhttp__internal__n_chunk_parameters_ows;
++        }
++        default: {
++          goto s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
++        }
++      }
++      /* UNREACHABLE */;
++      abort();
++    }
+     case s_n_llhttp__internal__n_chunk_size_otherwise:
+     s_n_llhttp__internal__n_chunk_size_otherwise: {
+       if (p == endp) {
+@@ -1246,13 +1279,9 @@ static llparse_state_t llhttp__internal__run(
+           p++;
+           goto s_n_llhttp__internal__n_chunk_size_almost_done;
+         }
+-        case ' ': {
+-          p++;
+-          goto s_n_llhttp__internal__n_chunk_parameters;
+-        }
+         case ';': {
+           p++;
+-          goto s_n_llhttp__internal__n_chunk_parameters;
++          goto s_n_llhttp__internal__n_chunk_parameters_ows;
+         }
+         default: {
+           goto s_n_llhttp__internal__n_error_11;
+@@ -6074,6 +6103,24 @@ static llparse_state_t llhttp__internal__run(
+     /* UNREACHABLE */;
+     abort();
+   }
++  s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters: {
++    const unsigned char* start;
++    int err;
++
++    start = state->_span_pos0;
++    state->_span_pos0 = NULL;
++    err = llhttp__on_chunk_parameters(state, start, p);
++    if (err != 0) {
++      state->error = err;
++      state->error_pos = (const char*) (p + 1);
++      state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_chunk_size_almost_done;
++      return s_error;
++    }
++    p++;
++    goto s_n_llhttp__internal__n_chunk_size_almost_done;
++    /* UNREACHABLE */;
++    abort();
++  }
+   s_n_llhttp__internal__n_error_10: {
+     state->error = 0x2;
+     state->reason = "Invalid character in chunk parameters";
+@@ -8441,6 +8488,8 @@ enum llparse_state_e {
+   s_n_llhttp__internal__n_invoke_is_equal_content_length,
+   s_n_llhttp__internal__n_chunk_size_almost_done,
+   s_n_llhttp__internal__n_chunk_parameters,
++  s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters,
++  s_n_llhttp__internal__n_chunk_parameters_ows,
+   s_n_llhttp__internal__n_chunk_size_otherwise,
+   s_n_llhttp__internal__n_chunk_size,
+   s_n_llhttp__internal__n_chunk_size_digit,
+@@ -8635,6 +8684,10 @@ int llhttp__on_body(
+     llhttp__internal_t* s, const unsigned char* p,
+     const unsigned char* endp);
+
++int llhttp__on_chunk_parameters(
++    llhttp__internal_t* s, const unsigned char* p,
++    const unsigned char* endp);
++
+ int llhttp__on_status(
+     llhttp__internal_t* s, const unsigned char* p,
+     const unsigned char* endp);
+@@ -9299,8 +9352,7 @@ static llparse_state_t llhttp__internal__run(
+           goto s_n_llhttp__internal__n_chunk_parameters;
+         }
+         case 2: {
+-          p++;
+-          goto s_n_llhttp__internal__n_chunk_size_almost_done;
++	  goto s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters;
+         }
+         default: {
+           goto s_n_llhttp__internal__n_error_6;
+@@ -9309,6 +9361,34 @@ static llparse_state_t llhttp__internal__run(
+       /* UNREACHABLE */;
+       abort();
+     }
++    case s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters:
++    s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters: {
++      if (p == endp) {
++        return s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
++      }
++      state->_span_pos0 = (void*) p;
++      state->_span_cb0 = llhttp__on_chunk_parameters;
++      goto s_n_llhttp__internal__n_chunk_parameters;
++      /* UNREACHABLE */;
++      abort();
++    }
++    case s_n_llhttp__internal__n_chunk_parameters_ows:
++    s_n_llhttp__internal__n_chunk_parameters_ows: {
++      if (p == endp) {
++        return s_n_llhttp__internal__n_chunk_parameters_ows;
++      }
++      switch (*p) {
++        case ' ': {
++          p++;
++          goto s_n_llhttp__internal__n_chunk_parameters_ows;
++        }
++        default: {
++          goto s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
++        }
++      }
++      /* UNREACHABLE */;
++      abort();
++    }
+     case s_n_llhttp__internal__n_chunk_size_otherwise:
+     s_n_llhttp__internal__n_chunk_size_otherwise: {
+       if (p == endp) {
+@@ -9319,13 +9399,9 @@ static llparse_state_t llhttp__internal__run(
+           p++;
+           goto s_n_llhttp__internal__n_chunk_size_almost_done;
+         }
+-        case ' ': {
+-          p++;
+-          goto s_n_llhttp__internal__n_chunk_parameters;
+-        }
+         case ';': {
+           p++;
+-          goto s_n_llhttp__internal__n_chunk_parameters;
++          goto s_n_llhttp__internal__n_chunk_parameters_ows;
+         }
+         default: {
+           goto s_n_llhttp__internal__n_error_7;
+@@ -13951,6 +14027,24 @@ static llparse_state_t llhttp__internal__run(
+     /* UNREACHABLE */;
+     abort();
+   }
++  s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters: {
++    const unsigned char* start;
++    int err;
++
++    start = state->_span_pos0;
++    state->_span_pos0 = NULL;
++    err = llhttp__on_chunk_parameters(state, start, p);
++    if (err != 0) {
++      state->error = err;
++      state->error_pos = (const char*) (p + 1);
++      state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_chunk_size_almost_done;
++      return s_error;
++    }
++    p++;
++    goto s_n_llhttp__internal__n_chunk_size_almost_done;
++    /* UNREACHABLE */;
++    abort();
++  }
+   s_n_llhttp__internal__n_error_6: {
+     state->error = 0x2;
+     state->reason = "Invalid character in chunk parameters";
+diff --git a/doc/api/errors.md b/doc/api/errors.md
+index dcf8744..a76bfe5 100644
+--- a/doc/api/errors.md
++++ b/doc/api/errors.md
+@@ -3043,6 +3043,18 @@ malconfigured clients, if more than 8 KiB of HTTP header data is received then
+ HTTP parsing will abort without a request or response object being created, and
+ an `Error` with this code will be emitted.
+
++<a id="HPE_CHUNK_EXTENSIONS_OVERFLOW"></a>
++
++### `HPE_CHUNK_EXTENSIONS_OVERFLOW`
++
++<!-- YAML
++added: REPLACEME
++-->
++
++Too much data was received for a chunk extensions. In order to protect against
++malicious or malconfigured clients, if more than 16 KiB of data is received
++then an `Error` with this code will be emitted.
++
+ <a id="HPE_UNEXPECTED_CONTENT_LENGTH"></a>
+
+ ### `HPE_UNEXPECTED_CONTENT_LENGTH`
+diff --git a/lib/_http_server.js b/lib/_http_server.js
+index 4e23266..263bb52 100644
+--- a/lib/_http_server.js
++++ b/lib/_http_server.js
+@@ -706,6 +706,11 @@ const requestHeaderFieldsTooLargeResponse = Buffer.from(
+   `HTTP/1.1 431 ${STATUS_CODES[431]}\r\n` +
+   'Connection: close\r\n\r\n', 'ascii'
+ );
++const requestChunkExtensionsTooLargeResponse = Buffer.from(
++  `HTTP/1.1 413 ${STATUS_CODES[413]}\r\n` +
++  'Connection: close\r\n\r\n', 'ascii',
++);
++
+ function socketOnError(e) {
+   // Ignore further errors
+   this.removeListener('error', socketOnError);
+@@ -719,6 +724,9 @@ function socketOnError(e) {
+         case 'HPE_HEADER_OVERFLOW':
+           response = requestHeaderFieldsTooLargeResponse;
+           break;
++	case 'HPE_CHUNK_EXTENSIONS_OVERFLOW':
++          response = requestChunkExtensionsTooLargeResponse;
++          break;
+         case 'ERR_HTTP_REQUEST_TIMEOUT':
+           response = requestTimeoutResponse;
+           break;
+diff --git a/src/node_http_parser.cc b/src/node_http_parser.cc
+index 74f3248..b92e848 100644
+--- a/src/node_http_parser.cc
++++ b/src/node_http_parser.cc
+@@ -79,6 +79,8 @@ const uint32_t kOnExecute = 5;
+ const uint32_t kOnTimeout = 6;
+ // Any more fields than this will be flushed into JS
+ const size_t kMaxHeaderFieldsCount = 32;
++// Maximum size of chunk extensions
++const size_t kMaxChunkExtensionsSize = 16384;
+
+ const uint32_t kLenientNone = 0;
+ const uint32_t kLenientHeaders = 1 << 0;
+@@ -206,6 +208,7 @@ class Parser : public AsyncWrap, public StreamListener {
+
+   int on_message_begin() {
+     num_fields_ = num_values_ = 0;
++    chunk_extensions_nread_ = 0;
+     url_.Reset();
+     status_message_.Reset();
+     header_parsing_start_time_ = uv_hrtime();
+@@ -443,9 +446,22 @@ class Parser : public AsyncWrap, public StreamListener {
+     return 0;
+   }
+
+-  // Reset nread for the next chunk
++  int on_chunk_extension(const char* at, size_t length) {
++    chunk_extensions_nread_ += length;
++
++    if (chunk_extensions_nread_ > kMaxChunkExtensionsSize) {
++      llhttp_set_error_reason(&parser_,
++        "HPE_CHUNK_EXTENSIONS_OVERFLOW:Chunk extensions overflow");
++      return HPE_USER;
++    }
++
++    return 0;
++  }
++
++  // Reset nread for the next chunk and also reset the extensions counter
+   int on_chunk_header() {
+     header_nread_ = 0;
++    chunk_extensions_nread_ = 0;
+     return 0;
+   }
+
+@@ -887,6 +903,7 @@ class Parser : public AsyncWrap, public StreamListener {
+   const char* current_buffer_data_;
+   bool pending_pause_ = false;
+   uint64_t header_nread_ = 0;
++  uint64_t chunk_extensions_nread_ = 0;
+   uint64_t max_http_header_size_;
+   uint64_t headers_timeout_;
+   uint64_t header_parsing_start_time_ = 0;
+@@ -921,6 +938,7 @@ const llhttp_settings_t Parser::settings = {
+   Proxy<DataCall, &Parser::on_header_field>::Raw,
+   Proxy<DataCall, &Parser::on_header_value>::Raw,
+   Proxy<Call, &Parser::on_headers_complete>::Raw,
++  Proxy<DataCall, &Parser::on_chunk_extension>::Raw,
+   Proxy<DataCall, &Parser::on_body>::Raw,
+   Proxy<Call, &Parser::on_message_complete>::Raw,
+   Proxy<Call, &Parser::on_chunk_header>::Raw,
+diff --git a/test/parallel/test-http-chunk-extensions-limit.js b/test/parallel/test-http-chunk-extensions-limit.js
+new file mode 100644
+index 0000000..6868b3d
+--- /dev/null
++++ b/test/parallel/test-http-chunk-extensions-limit.js
+@@ -0,0 +1,131 @@
++'use strict';
++
++const common = require('../common');
++const http = require('http');
++const net = require('net');
++const assert = require('assert');
++
++// Verify that chunk extensions are limited in size when sent all together.
++{
++  const server = http.createServer((req, res) => {
++    req.on('end', () => {
++      res.writeHead(200, { 'Content-Type': 'text/plain' });
++      res.end('bye');
++    });
++
++    req.resume();
++  });
++
++  server.listen(0, () => {
++    const sock = net.connect(server.address().port);
++    let data = '';
++
++    sock.on('data', (chunk) => data += chunk.toString('utf-8'));
++
++    sock.on('end', common.mustCall(function() {
++      assert.strictEqual(data, 'HTTP/1.1 413 Payload Too Large\r\nConnection: close\r\n\r\n');
++      server.close();
++    }));
++
++    sock.end('' +
++      'GET / HTTP/1.1\r\n' +
++      'Host: localhost:8080\r\n' +
++      'Transfer-Encoding: chunked\r\n\r\n' +
++      '2;' + 'A'.repeat(20000) + '=bar\r\nAA\r\n' +
++      '0\r\n\r\n'
++    );
++  });
++}
++
++// Verify that chunk extensions are limited in size when sent in intervals.
++{
++  const server = http.createServer((req, res) => {
++    req.on('end', () => {
++      res.writeHead(200, { 'Content-Type': 'text/plain' });
++      res.end('bye');
++    });
++
++    req.resume();
++  });
++
++  server.listen(0, () => {
++    const sock = net.connect(server.address().port);
++    let remaining = 20000;
++    let data = '';
++
++    const interval = setInterval(
++      () => {
++        if (remaining > 0) {
++          sock.write('A'.repeat(1000));
++        } else {
++          sock.write('=bar\r\nAA\r\n0\r\n\r\n');
++          clearInterval(interval);
++        }
++
++        remaining -= 1000;
++      },
++      common.platformTimeout(20),
++    ).unref();
++
++    sock.on('data', (chunk) => data += chunk.toString('utf-8'));
++
++    sock.on('end', common.mustCall(function() {
++      assert.strictEqual(data, 'HTTP/1.1 413 Payload Too Large\r\nConnection: close\r\n\r\n');
++      server.close();
++    }));
++
++    sock.write('' +
++    'GET / HTTP/1.1\r\n' +
++    'Host: localhost:8080\r\n' +
++    'Transfer-Encoding: chunked\r\n\r\n' +
++    '2;'
++    );
++  });
++}
++
++// Verify the chunk extensions is correctly reset after a chunk
++{
++  const server = http.createServer((req, res) => {
++    req.on('end', () => {
++      res.writeHead(200, { 'content-type': 'text/plain', 'connection': 'close', 'date': 'now' });
++      res.end('bye');
++    });
++
++    req.resume();
++  });
++
++  server.listen(0, () => {
++    const sock = net.connect(server.address().port);
++    let data = '';
++
++    sock.on('data', (chunk) => data += chunk.toString('utf-8'));
++
++    sock.on('end', common.mustCall(function() {
++      assert.strictEqual(
++        data,
++        'HTTP/1.1 200 OK\r\n' +
++        'content-type: text/plain\r\n' +
++        'connection: close\r\n' +
++        'date: now\r\n' +
++        'Transfer-Encoding: chunked\r\n' +
++        '\r\n' +
++        '3\r\n' +
++        'bye\r\n' +
++        '0\r\n' +
++        '\r\n',
++      );
++
++      server.close();
++    }));
++
++    sock.end('' +
++      'GET / HTTP/1.1\r\n' +
++      'Host: localhost:8080\r\n' +
++      'Transfer-Encoding: chunked\r\n\r\n' +
++      '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' +
++      '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' +
++      '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' +
++      '0\r\n\r\n'
++    );
++  });
++}
+diff --git a/tools/update-llhttp.sh b/tools/update-llhttp.sh
+index 12e2f46..a95eef1 100755
+--- a/tools/update-llhttp.sh
++++ b/tools/update-llhttp.sh
+@@ -59,5 +59,5 @@ echo ""
+ echo "Please git add llhttp, commit the new version:"
+ echo ""
+ echo "$ git add -A deps/llhttp"
+-echo "$ git commit -m \"deps: update nghttp2 to $LLHTTP_VERSION\""
++echo "$ git commit -m \"deps: update llhttp to $LLHTTP_VERSION\""
+ echo ""
+--
+2.40.0
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22025.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22025.patch
new file mode 100644
index 0000000000..ac3a54aba6
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22025.patch
@@ -0,0 +1,148 @@
+From 9052ef43dc2d1b0db340591a9bc9e45a25c01d90 Mon Sep 17 00:00:00 2001
+From: Matteo Collina <hello@matteocollina.com>
+Date: Tue, 6 Feb 2024 16:47:20 +0100
+Subject: [PATCH 4/5] zlib: pause stream if outgoing buffer is full
+
+Signed-off-by: Matteo Collina <hello@matteocollina.com>
+PR-URL: https://github.com/nodejs-private/node-private/pull/540
+Reviewed-By: Robert Nagy <ronagy@icloud.com>
+Ref: https://hackerone.com/reports/2284065
+
+CVE-ID: CVE-2024-22025
+
+Upstream-Status: Backport [https://github.com/nodejs/node/commit/9052ef43dc2d1b0d]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/zlib.js                            | 32 +++++++++++++++++++-------
+ test/parallel/test-zlib-brotli-16GB.js | 22 ++++++++++++++++++
+ test/parallel/test-zlib-params.js      | 24 +++++++++++--------
+ 3 files changed, 61 insertions(+), 17 deletions(-)
+ create mode 100644 test/parallel/test-zlib-brotli-16GB.js
+
+diff --git a/lib/zlib.js b/lib/zlib.js
+index 9bde199..8e033e5 100644
+--- a/lib/zlib.js
++++ b/lib/zlib.js
+@@ -560,10 +560,11 @@ function processCallback() {
+   self.bytesWritten += inDelta;
+
+   const have = handle.availOutBefore - availOutAfter;
++  let streamBufferIsFull = false;
+   if (have > 0) {
+     const out = self._outBuffer.slice(self._outOffset, self._outOffset + have);
+     self._outOffset += have;
+-    self.push(out);
++    streamBufferIsFull = !self.push(out);
+   } else {
+     assert(have === 0, 'have should not go down');
+   }
+@@ -588,13 +589,28 @@ function processCallback() {
+     handle.inOff += inDelta;
+     handle.availInBefore = availInAfter;
+
+-    this.write(handle.flushFlag,
+-               this.buffer, // in
+-               handle.inOff, // in_off
+-               handle.availInBefore, // in_len
+-               self._outBuffer, // out
+-               self._outOffset, // out_off
+-               self._chunkSize); // out_len
++    if (!streamBufferIsFull) {
++      this.write(handle.flushFlag,
++                 this.buffer, // in
++                 handle.inOff, // in_off
++                 handle.availInBefore, // in_len
++                 self._outBuffer, // out
++                 self._outOffset, // out_off
++                 self._chunkSize); // out_len
++    } else {
++      const oldRead = self._read;
++      self._read = (n) => {
++        self._read = oldRead;
++        this.write(handle.flushFlag,
++                   this.buffer, // in
++                   handle.inOff, // in_off
++                   handle.availInBefore, // in_len
++                   self._outBuffer, // out
++                   self._outOffset, // out_off
++                   self._chunkSize); // out_len
++        self._read(n);
++      };
++    }
+     return;
+   }
+
+diff --git a/test/parallel/test-zlib-brotli-16GB.js b/test/parallel/test-zlib-brotli-16GB.js
+new file mode 100644
+index 0000000..1ca10f7
+--- /dev/null
++++ b/test/parallel/test-zlib-brotli-16GB.js
+@@ -0,0 +1,22 @@
++use strict';
++
++const common = require('../common');
++const { createBrotliDecompress } = require('node:zlib');
++const strictEqual = require('node:assert').strictEqual;
++
++// This tiny HEX string is a 16GB file.
++// This test verifies that the stream actually stops.
++/* eslint-disable max-len */
++const content = 'cfffff7ff82700e2b14020f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c32200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bff3f';
++
++const buf = Buffer.from(content, 'hex');
++
++const decoder = createBrotliDecompress();
++decoder.end(buf);
++
++// We need to wait to verify that the libuv thread pool had time
++// to process the data and the buffer is not empty.
++setTimeout(common.mustCall(() => {
++  // There is only one chunk in the buffer
++  strictEqual(decoder._readableState.buffer.length, 1);
++}), common.platformTimeout(100));
+diff --git a/test/parallel/test-zlib-params.js b/test/parallel/test-zlib-params.js
+index 30d4f13..18271fe 100644
+--- a/test/parallel/test-zlib-params.js
++++ b/test/parallel/test-zlib-params.js
+@@ -12,23 +12,29 @@ const deflater = zlib.createDeflate(opts);
+ const chunk1 = file.slice(0, chunkSize);
+ const chunk2 = file.slice(chunkSize);
+ const blkhdr = Buffer.from([0x00, 0x5a, 0x82, 0xa5, 0x7d]);
+-const expected = Buffer.concat([blkhdr, chunk2]);
+-let actual;
++const blkftr = Buffer.from('010000ffff7dac3072', 'hex');
++const expected = Buffer.concat([blkhdr, chunk2, blkftr]);
++const bufs = [];
++
++function read() {
++  let buf;
++  while ((buf = deflater.read()) !== null) {
++    bufs.push(buf);
++  }
++}
+
+ deflater.write(chunk1, function() {
+   deflater.params(0, zlib.constants.Z_DEFAULT_STRATEGY, function() {
+     while (deflater.read());
+-    deflater.end(chunk2, function() {
+-      const bufs = [];
+-      let buf;
+-      while ((buf = deflater.read()) !== null)
+-        bufs.push(buf);
+-      actual = Buffer.concat(bufs);
+-    });
++
++    deflater.on('readable', read);
++
++    deflater.end(chunk2);
+   });
+   while (deflater.read());
+ });
+
+ process.once('exit', function() {
++  const actual = Buffer.concat(bufs);
+   assert.deepStrictEqual(actual, expected);
+ });
+--
+2.40.0
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb
index 62188f94a7..95b36c926d 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb
@@ -1,13 +1,13 @@
 DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript"
 HOMEPAGE = "http://nodejs.org"
-LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=6ba5b21ac7a505195ca69344d3d7a94a"
+LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0 & OpenSSL"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ab4d0d45e717c9978737499a3489e515"
 
 DEPENDS = "openssl"
 DEPENDS:append:class-target = " qemu-native"
 DEPENDS:append:class-native = " c-ares-native"
 
-inherit pkgconfig python3native qemu
+inherit pkgconfig python3native qemu setuptools3
 
 COMPATIBLE_MACHINE:armv4 = "(!.*armv4).*"
 COMPATIBLE_MACHINE:armv5 = "(!.*armv5).*"
@@ -19,17 +19,20 @@ COMPATIBLE_HOST:powerpc = "null"
 
 SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
            file://0001-Disable-running-gyp-files-for-bundled-deps.patch \
-           file://0002-Install-both-binaries-and-use-libdir.patch \
            file://0004-v8-don-t-override-ARM-CFLAGS.patch \
-           file://0005-add-openssl-legacy-provider-option.patch \
            file://big-endian.patch \
            file://mips-less-memory.patch \
            file://system-c-ares.patch \
            file://0001-liftoff-Correct-function-signatures.patch \
            file://0001-mips-Use-32bit-cast-for-operand-on-mips32.patch \
+           file://0001-Nodejs-Fixed-pipes-DeprecationWarning.patch \
+           file://CVE-2022-25883.patch \
+           file://CVE-2024-22019.patch \
+           file://CVE-2024-22025.patch \
+           file://CVE-2023-46809.patch \
            "
 SRC_URI:append:class-target = " \
-           file://0002-Using-native-binaries.patch \
+           file://0001-Using-native-binaries.patch \
            "
 SRC_URI:append:toolchain-clang:x86 = " \
            file://libatomic.patch \
@@ -37,10 +40,12 @@ SRC_URI:append:toolchain-clang:x86 = " \
 SRC_URI:append:toolchain-clang:powerpc64le = " \
            file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \
            "
-SRC_URI[sha256sum] = "e922e215cc68eb5f94d33e8a0b61e2c863b7731cc8600ab955d3822da90ff8d1"
+SRC_URI[sha256sum] = "576f1a03c455e491a8d132b587eb6b3b84651fc8974bb3638433dd44d22c8f49"
 
 S = "${WORKDIR}/node-v${PV}"
 
+CVE_PRODUCT += "node.js"
+
 # v8 errors out if you have set CCACHE
 CCACHE = ""
 
diff --git a/meta-oe/recipes-devtools/pahole/pahole_1.22.bb b/meta-oe/recipes-devtools/pahole/pahole_1.22.bb
index 449508a5d5..ec642ec3b2 100644
--- a/meta-oe/recipes-devtools/pahole/pahole_1.22.bb
+++ b/meta-oe/recipes-devtools/pahole/pahole_1.22.bb
@@ -21,7 +21,7 @@ inherit cmake pkgconfig
 
 PACKAGECONFIG[python3] = ",,python3-core,python3-core"
 
-EXTRA_OECMAKE = "-D__LIB=lib -DCMAKE_BUILD_TYPE=Release -DLIBBPF_EMBEDDED=OFF"
+EXTRA_OECMAKE = "-D__LIB=${@os.path.relpath(d.getVar('libdir'), d.getVar('prefix') + '/')} -DCMAKE_BUILD_TYPE=Release -DLIBBPF_EMBEDDED=OFF"
 
 FILES:${PN} =  "${bindir}/pahole \
 		${libdir}/libdwarves.so* \
diff --git a/meta-oe/recipes-devtools/php/php_8.1.6.bb b/meta-oe/recipes-devtools/php/php_8.1.22.bb
index 96af595a45..ffa3318441 100644
--- a/meta-oe/recipes-devtools/php/php_8.1.6.bb
+++ b/meta-oe/recipes-devtools/php/php_8.1.22.bb
@@ -33,7 +33,13 @@ SRC_URI:append:class-target = " \
           "
 
 S = "${WORKDIR}/php-${PV}"
-SRC_URI[sha256sum] = "7b353304b7407554f70d3e101a226a1fc22decae5c4c42ed270c4e389bfa1b66"
+SRC_URI[sha256sum] = "992354e382c6c618d01ed4be06beea8dec3178b14153df64d3c8c48b85e9fbc2"
+
+CVE_CHECK_IGNORE += "\
+    CVE-2007-2728 \
+    CVE-2007-3205 \
+    CVE-2007-4596 \
+"
 
 inherit autotools pkgconfig python3native gettext
 
diff --git a/meta-oe/recipes-devtools/protobuf/protobuf-c_1.4.0.bb b/meta-oe/recipes-devtools/protobuf/protobuf-c_1.4.1.bb
index b3423ba84d..d724287d66 100644
--- a/meta-oe/recipes-devtools/protobuf/protobuf-c_1.4.0.bb
+++ b/meta-oe/recipes-devtools/protobuf/protobuf-c_1.4.1.bb
@@ -8,12 +8,12 @@ has been split out into the protobuf-c-rpc project."
 HOMEPAGE = "https://github.com/protobuf-c/protobuf-c"
 SECTION = "console/tools"
 LICENSE = "BSD-2-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=cb901168715f4782a2b06c3ddaefa558"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=9f725889e0d77383e26cb42b0b62cea2"
 
 DEPENDS = "protobuf-native protobuf"
 
 SRC_URI = "git://github.com/protobuf-c/protobuf-c.git;branch=master;protocol=https"
-SRCREV = "f224ab2eeb648a818eb20687d7150a285442c907"
+SRCREV = "abc67a11c6db271bedbb9f58be85d6f4e2ea8389"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_3.19.4.bb b/meta-oe/recipes-devtools/protobuf/protobuf_3.19.6.bb
index 5662330840..8e50054718 100644
--- a/meta-oe/recipes-devtools/protobuf/protobuf_3.19.4.bb
+++ b/meta-oe/recipes-devtools/protobuf/protobuf_3.19.6.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=37b5762e07f0af8c74ce80a8bda4266b"
 DEPENDS = "zlib"
 DEPENDS:append:class-target = " protobuf-native"
 
-SRCREV = "22d0e265de7d2b3d2e9a00d071313502e7d4cccf"
+SRCREV = "c9297981b7c35ad9c2bf258e7c8d786a04d13378"
 
 SRC_URI = "git://github.com/protocolbuffers/protobuf.git;branch=3.19.x;protocol=https \
            file://run-ptest \
diff --git a/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb b/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb
index b6ff62b91c..65294fafad 100644
--- a/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb
+++ b/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb
@@ -4,7 +4,7 @@ SECTION = "libs"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://license.txt;md5=ba04aa8f65de1396a7e59d1d746c2125"
 
-SRC_URI = "git://github.com/miloyip/rapidjson.git;nobranch=1;protocol=https"
+SRC_URI = "git://github.com/miloyip/rapidjson.git;branch=master;protocol=https"
 
 SRCREV = "0ccdbf364c577803e2a751f5aededce935314313"
 
diff --git a/meta-oe/recipes-devtools/sip/sip3/added-the-py_ssize_t_clean-argument-to-the-module-directive.patch b/meta-oe/recipes-devtools/sip/sip3/added-the-py_ssize_t_clean-argument-to-the-module-directive.patch
new file mode 100644
index 0000000000..d7ed0770b2
--- /dev/null
+++ b/meta-oe/recipes-devtools/sip/sip3/added-the-py_ssize_t_clean-argument-to-the-module-directive.patch
@@ -0,0 +1,17679 @@
+Added the 'py_ssize_t_clean' argument to '%Module' directive
+
+This is based on an upstream changeset to SIP.  It was backported to
+sip-4.19.23 and the parser was regenerated with the following
+commands:
+
+  cd sipgen/metasrc
+  flex -o../lexer.c lexer.l
+  bison -y -d -o ../parser.c parser.y
+
+Signed-off-by: Rob Woolley <rob.woolley@windriver.com>
+
+# HG changeset patch
+# User Phil Thompson <phil@riverbankcomputing.com>
+# Date 1635086052 -3600
+# Node ID 5d67349bb5a9954590a896ab35da93b2237b99c2
+# Parent  d837f2a3147fc5eb364f1c54798b668da1a83333
+Added the 'py_ssize_t_clean' argument to the '%Module' directive.
+
+Index: sip-4.19.23/sipgen/gencode.c
+===================================================================
+--- sip-4.19.23.orig/sipgen/gencode.c
++++ sip-4.19.23/sipgen/gencode.c
+@@ -1138,6 +1138,12 @@ static void generateCompositeCpp(sipSpec
+ 
+     declareLimitedAPI(py_debug, NULL, fp);
+ 
++    if (isPY_SSIZE_T_CLEAN(mod))
++        prcode(fp,
++"\n"
++"#define PY_SSIZE_T_CLEAN\n"
++            );
++
+     prcode(fp,
+ "\n"
+ "#include <Python.h>\n"
+Index: sip-4.19.23/sipgen/metasrc/lexer.l
+===================================================================
+--- sip-4.19.23.orig/sipgen/metasrc/lexer.l
++++ sip-4.19.23/sipgen/metasrc/lexer.l
+@@ -155,6 +155,7 @@ SIP_RXOBJ_DIS               {return TK_S
+ SIP_SLOT_CON                {return TK_SIPSLOTCON;}
+ SIP_SLOT_DIS                {return TK_SIPSLOTDIS;}
+ SIP_SSIZE_T                 {return TK_SIPSSIZET;}
++Py_ssize_t                  {return TK_SIPSSIZET;}
+ SIP_QOBJECT                 {return TK_QOBJECT;}
+ \.\.\.                      {return TK_ELLIPSIS;}
+ 
+@@ -173,6 +174,7 @@ SIP_QOBJECT                 {return TK_Q
+ <directive>timestamp        {return TK_TIMESTAMP;}
+ <directive>type             {return TK_TYPE;}
+ <directive>use_argument_names   {return TK_USEARGNAMES;}
++<directive>py_ssize_t_clean {return TK_PYSSIZETCLEAN;}
+ <directive>use_limited_api  {return TK_USELIMITEDAPI;}
+ <directive>all_raise_py_exception   {return TK_ALLRAISEPYEXC;}
+ <directive>call_super_init  {return TK_CALLSUPERINIT;}
+Index: sip-4.19.23/sipgen/metasrc/parser.y
+===================================================================
+--- sip-4.19.23.orig/sipgen/metasrc/parser.y
++++ sip-4.19.23/sipgen/metasrc/parser.y
+@@ -182,9 +182,9 @@ static void addProperty(sipSpec *pt, mod
+         docstringDef *docstring);
+ static moduleDef *configureModule(sipSpec *pt, moduleDef *module,
+         const char *filename, const char *name, int c_module, KwArgs kwargs,
+-        int use_arg_names, int use_limited_api, int call_super_init,
+-        int all_raise_py_exc, const char *def_error_handler,
+-        docstringDef *docstring);
++        int use_arg_names, int py_ssize_t_clean, int use_limited_api,
++        int call_super_init, int all_raise_py_exc,
++        const char *def_error_handler, docstringDef *docstring);
+ static void addAutoPyName(moduleDef *mod, const char *remove_leading);
+ static KwArgs convertKwArgs(const char *kwargs);
+ static void checkAnnos(optFlags *annos, const char *valid[]);
+@@ -389,6 +389,7 @@ static scopedNameDef *fullyQualifiedName
+ %token          TK_TIMESTAMP
+ %token          TK_TYPE
+ %token          TK_USEARGNAMES
++%token          TK_PYSSIZETCLEAN
+ %token          TK_USELIMITEDAPI
+ %token          TK_ALLRAISEPYEXC
+ %token          TK_CALLSUPERINIT
+@@ -1908,9 +1909,10 @@ module: TK_MODULE module_args module_bod
+             if (notSkipping())
+                 currentModule = configureModule(currentSpec, currentModule,
+                         currentContext.filename, $2.name, $2.c_module,
+-                        $2.kwargs, $2.use_arg_names, $2.use_limited_api,
+-                        $2.call_super_init, $2.all_raise_py_exc,
+-                        $2.def_error_handler, $3.docstring);
++                        $2.kwargs, $2.use_arg_names, $2.py_ssize_t_clean,
++                        $2.use_limited_api, $2.call_super_init,
++                        $2.all_raise_py_exc, $2.def_error_handler,
++                        $3.docstring);
+         }
+     |   TK_CMODULE dottedname optnumber {
+             deprecated("%CModule is deprecated, use %Module and the 'language' argument instead");
+@@ -1918,7 +1920,7 @@ module: TK_MODULE module_args module_bod
+             if (notSkipping())
+                 currentModule = configureModule(currentSpec, currentModule,
+                         currentContext.filename, $2, TRUE, defaultKwArgs,
+-                        FALSE, FALSE, -1, FALSE, NULL, NULL);
++                        FALSE, FALSE, FALSE, -1, FALSE, NULL, NULL);
+         }
+     ;
+ 
+@@ -1930,6 +1932,7 @@ module_args:    dottedname {resetLexerSt
+             $$.kwargs = defaultKwArgs;
+             $$.name = $1;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = -1;
+@@ -1950,6 +1953,7 @@ module_arg_list:    module_arg
+             case TK_LANGUAGE: $$.c_module = $3.c_module; break;
+             case TK_NAME: $$.name = $3.name; break;
+             case TK_USEARGNAMES: $$.use_arg_names = $3.use_arg_names; break;
++            case TK_PYSSIZETCLEAN: $$.py_ssize_t_clean = $3.py_ssize_t_clean; break;
+             case TK_USELIMITEDAPI: $$.use_limited_api = $3.use_limited_api; break;
+             case TK_ALLRAISEPYEXC: $$.all_raise_py_exc = $3.all_raise_py_exc; break;
+             case TK_CALLSUPERINIT: $$.call_super_init = $3.call_super_init; break;
+@@ -1965,6 +1969,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = convertKwArgs($3);
+             $$.name = NULL;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = -1;
+@@ -1983,6 +1988,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = defaultKwArgs;
+             $$.name = NULL;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = -1;
+@@ -1995,6 +2001,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = defaultKwArgs;
+             $$.name = $3;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = -1;
+@@ -2007,6 +2014,20 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = defaultKwArgs;
+             $$.name = NULL;
+             $$.use_arg_names = $3;
++            $$.py_ssize_t_clean = FALSE;
++            $$.use_limited_api = FALSE;
++            $$.all_raise_py_exc = FALSE;
++            $$.call_super_init = -1;
++            $$.def_error_handler = NULL;
++        }
++    |   TK_PYSSIZETCLEAN '=' bool_value {
++            $$.token = TK_PYSSIZETCLEAN;
++
++            $$.c_module = FALSE;
++            $$.kwargs = defaultKwArgs;
++            $$.name = NULL;
++            $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = $3;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = -1;
+@@ -2019,6 +2040,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = defaultKwArgs;
+             $$.name = NULL;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = $3;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = -1;
+@@ -2031,6 +2053,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = defaultKwArgs;
+             $$.name = NULL;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = $3;
+             $$.call_super_init = -1;
+@@ -2043,6 +2066,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = defaultKwArgs;
+             $$.name = NULL;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = $3;
+@@ -2055,6 +2079,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = defaultKwArgs;
+             $$.name = NULL;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = -1;
+@@ -2072,6 +2097,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = defaultKwArgs;
+             $$.name = NULL;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = -1;
+@@ -9513,9 +9539,9 @@ static void addProperty(sipSpec *pt, mod
+  */
+ static moduleDef *configureModule(sipSpec *pt, moduleDef *module,
+         const char *filename, const char *name, int c_module, KwArgs kwargs,
+-        int use_arg_names, int use_limited_api, int call_super_init,
+-        int all_raise_py_exc, const char *def_error_handler,
+-        docstringDef *docstring)
++        int use_arg_names, int py_ssize_t_clean, int use_limited_api,
++        int call_super_init, int all_raise_py_exc,
++        const char *def_error_handler, docstringDef *docstring)
+ {
+     moduleDef *mod;
+ 
+@@ -9549,6 +9575,9 @@ static moduleDef *configureModule(sipSpe
+     if (use_arg_names)
+         setUseArgNames(module);
+ 
++    if (py_ssize_t_clean)
++        setPY_SSIZE_T_CLEAN(module);
++
+     if (use_limited_api)
+         setUseLimitedAPI(module);
+ 
+Index: sip-4.19.23/sipgen/sip.h
+===================================================================
+--- sip-4.19.23.orig/sipgen/sip.h
++++ sip-4.19.23/sipgen/sip.h
+@@ -93,6 +93,7 @@
+ #define MOD_SUPER_INIT_UNDEF    0x0000  /* Calling super().__init__() is undefined. */
+ #define MOD_SUPER_INIT_MASK     0x0180  /* The mask for the above flags. */
+ #define MOD_SETTING_IMPORTS     0x0200  /* Imports are being set. */
++#define MOD_PY_SSIZE_T_CLEAN    0x0400  /* #define PY_SSIZE_T_CLEAN. */
+ 
+ #define hasDelayedDtors(m)  ((m)->modflags & MOD_HAS_DELAYED_DTORS)
+ #define setHasDelayedDtors(m)   ((m)->modflags |= MOD_HAS_DELAYED_DTORS)
+@@ -116,6 +117,8 @@
+ #define settingImports(m)   ((m)->modflags & MOD_SETTING_IMPORTS)
+ #define setSettingImports(m)    ((m)->modflags |= MOD_SETTING_IMPORTS)
+ #define resetSettingImports(m)  ((m)->modflags &= ~MOD_SETTING_IMPORTS)
++#define setPY_SSIZE_T_CLEAN(m)  ((m)->modflags |= MOD_PY_SSIZE_T_CLEAN)
++#define isPY_SSIZE_T_CLEAN(m)   ((m)->modflags & MOD_PY_SSIZE_T_CLEAN)
+ 
+ 
+ /* Handle section flags. */
+@@ -1630,6 +1633,7 @@ typedef struct _moduleCfg {
+     KwArgs kwargs;
+     const char *name;
+     int use_arg_names;
++    int py_ssize_t_clean;
+     int use_limited_api;
+     int all_raise_py_exc;
+     int call_super_init;
+Index: sip-4.19.23/sphinx/directives.rst
+===================================================================
+--- sip-4.19.23.orig/sphinx/directives.rst
++++ sip-4.19.23/sphinx/directives.rst
+@@ -1966,6 +1966,7 @@ then the pattern should instead be::
+             [, default_VirtualErrorHandler = *name*]
+             [, keyword_arguments = ["None" | "All" | "Optional"]]
+             [, language = *string*]
++            [, py_ssize_t_clean = [True | False]]
+             [, use_argument_names = [True | False]]
+             [, use_limited_api = [True | False]]
+             [, version = *integer*])
+@@ -2004,6 +2005,9 @@ implied by the (deprecated) :option:`-k
+ ``language`` specifies the implementation language of the library being
+ wrapped.  Its value is either ``"C++"`` (the default) or ``"C"``.
+ 
++``py_ssize_t_clean`` specifies that the generated code should include ``#define
++PY_SSIZE_T_CLEAN`` before any ``#include <Python.h>``.
++
+ When providing handwritten code as part of either the :directive:`%MethodCode`
+ or :directive:`%VirtualCatcherCode` directives the names of the arguments of
+ the function or method are based on the number of the argument, i.e. the first
+Index: sip-4.19.23/sipgen/lexer.c
+===================================================================
+--- sip-4.19.23.orig/sipgen/lexer.c
++++ sip-4.19.23/sipgen/lexer.c
+@@ -1,6 +1,6 @@
+-#line 2 "sip-4.19.23/sipgen/lexer.c"
++#line 2 "../lexer.c"
+ 
+-#line 4 "sip-4.19.23/sipgen/lexer.c"
++#line 4 "../lexer.c"
+ 
+ #define  YY_INT_ALIGNED short int
+ 
+@@ -8,8 +8,8 @@
+ 
+ #define FLEX_SCANNER
+ #define YY_FLEX_MAJOR_VERSION 2
+-#define YY_FLEX_MINOR_VERSION 5
+-#define YY_FLEX_SUBMINOR_VERSION 35
++#define YY_FLEX_MINOR_VERSION 6
++#define YY_FLEX_SUBMINOR_VERSION 4
+ #if YY_FLEX_SUBMINOR_VERSION > 0
+ #define FLEX_BETA
+ #endif
+@@ -47,7 +47,6 @@ typedef int16_t flex_int16_t;
+ typedef uint16_t flex_uint16_t;
+ typedef int32_t flex_int32_t;
+ typedef uint32_t flex_uint32_t;
+-typedef uint64_t flex_uint64_t;
+ #else
+ typedef signed char flex_int8_t;
+ typedef short int flex_int16_t;
+@@ -55,7 +54,6 @@ typedef int flex_int32_t;
+ typedef unsigned char flex_uint8_t; 
+ typedef unsigned short int flex_uint16_t;
+ typedef unsigned int flex_uint32_t;
+-#endif /* ! C99 */
+ 
+ /* Limits of integral types. */
+ #ifndef INT8_MIN
+@@ -86,63 +84,61 @@ typedef unsigned int flex_uint32_t;
+ #define UINT32_MAX             (4294967295U)
+ #endif
+ 
+-#endif /* ! FLEXINT_H */
+-
+-#ifdef __cplusplus
+-
+-/* The "const" storage-class-modifier is valid. */
+-#define YY_USE_CONST
+-
+-#else	/* ! __cplusplus */
++#ifndef SIZE_MAX
++#define SIZE_MAX               (~(size_t)0)
++#endif
+ 
+-/* C99 requires __STDC__ to be defined as 1. */
+-#if defined (__STDC__)
++#endif /* ! C99 */
+ 
+-#define YY_USE_CONST
++#endif /* ! FLEXINT_H */
+ 
+-#endif	/* defined (__STDC__) */
+-#endif	/* ! __cplusplus */
++/* begin standard C++ headers. */
+ 
+-#ifdef YY_USE_CONST
++/* TODO: this is always defined, so inline it */
+ #define yyconst const
++
++#if defined(__GNUC__) && __GNUC__ >= 3
++#define yynoreturn __attribute__((__noreturn__))
+ #else
+-#define yyconst
++#define yynoreturn
+ #endif
+ 
+ /* Returned upon end-of-file. */
+ #define YY_NULL 0
+ 
+-/* Promotes a possibly negative, possibly signed char to an unsigned
+- * integer for use as an array index.  If the signed char is negative,
+- * we want to instead treat it as an 8-bit unsigned char, hence the
+- * double cast.
++/* Promotes a possibly negative, possibly signed char to an
++ *   integer in range [0..255] for use as an array index.
+  */
+-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
++#define YY_SC_TO_UI(c) ((YY_CHAR) (c))
+ 
+ /* Enter a start condition.  This macro really ought to take a parameter,
+  * but we do it the disgusting crufty way forced on us by the ()-less
+  * definition of BEGIN.
+  */
+ #define BEGIN (yy_start) = 1 + 2 *
+-
+ /* Translate the current start state into a value that can be later handed
+  * to BEGIN to return to the state.  The YYSTATE alias is for lex
+  * compatibility.
+  */
+ #define YY_START (((yy_start) - 1) / 2)
+ #define YYSTATE YY_START
+-
+ /* Action number for EOF rule of a given start state. */
+ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
+-
+ /* Special action meaning "start processing a new file". */
+-#define YY_NEW_FILE yyrestart(yyin  )
+-
++#define YY_NEW_FILE yyrestart( yyin  )
+ #define YY_END_OF_BUFFER_CHAR 0
+ 
+ /* Size of default input buffer. */
+ #ifndef YY_BUF_SIZE
++#ifdef __ia64__
++/* On IA-64, the buffer size is 16k, not 8k.
++ * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case.
++ * Ditto for the __ia64__ case accordingly.
++ */
++#define YY_BUF_SIZE 32768
++#else
+ #define YY_BUF_SIZE 16384
++#endif /* __ia64__ */
+ #endif
+ 
+ /* The state buf must be large enough to hold one state per character in the main buffer.
+@@ -159,15 +155,16 @@ typedef struct yy_buffer_state *YY_BUFFE
+ typedef size_t yy_size_t;
+ #endif
+ 
+-extern yy_size_t yyleng;
++extern int yyleng;
+ 
+ extern FILE *yyin, *yyout;
+ 
+ #define EOB_ACT_CONTINUE_SCAN 0
+ #define EOB_ACT_END_OF_FILE 1
+ #define EOB_ACT_LAST_MATCH 2
+-
++    
+     #define YY_LESS_LINENO(n)
++    #define YY_LINENO_REWIND_TO(ptr)
+     
+ /* Return all but the first "n" matched characters back to the input stream. */
+ #define yyless(n) \
+@@ -182,7 +179,6 @@ extern FILE *yyin, *yyout;
+ 		YY_DO_BEFORE_ACTION; /* set up yytext again */ \
+ 		} \
+ 	while ( 0 )
+-
+ #define unput(c) yyunput( c, (yytext_ptr)  )
+ 
+ #ifndef YY_STRUCT_YY_BUFFER_STATE
+@@ -197,12 +193,12 @@ struct yy_buffer_state
+ 	/* Size of input buffer in bytes, not including room for EOB
+ 	 * characters.
+ 	 */
+-	yy_size_t yy_buf_size;
++	int yy_buf_size;
+ 
+ 	/* Number of characters read into yy_ch_buf, not including EOB
+ 	 * characters.
+ 	 */
+-	yy_size_t yy_n_chars;
++	int yy_n_chars;
+ 
+ 	/* Whether we "own" the buffer - i.e., we know we created it,
+ 	 * and can realloc() it to grow it, and should free() it to
+@@ -225,7 +221,7 @@ struct yy_buffer_state
+ 
+     int yy_bs_lineno; /**< The line count. */
+     int yy_bs_column; /**< The column count. */
+-    
++
+ 	/* Whether to try to fill the input buffer when we reach the
+ 	 * end of it.
+ 	 */
+@@ -253,7 +249,7 @@ struct yy_buffer_state
+ /* Stack of input buffers. */
+ static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
+ static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
+-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
++static YY_BUFFER_STATE * yy_buffer_stack = NULL; /**< Stack as an array. */
+ 
+ /* We provide macros for accessing buffer states in case in the
+  * future we want to put the buffer states in a more general
+@@ -264,7 +260,6 @@ static YY_BUFFER_STATE * yy_buffer_stack
+ #define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
+                           ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
+                           : NULL)
+-
+ /* Same as previous macro, but useful when we know that the buffer stack is not
+  * NULL or when we need an lvalue. For internal use only.
+  */
+@@ -272,11 +267,11 @@ static YY_BUFFER_STATE * yy_buffer_stack
+ 
+ /* yy_hold_char holds the character lost when yytext is formed. */
+ static char yy_hold_char;
+-static yy_size_t yy_n_chars;		/* number of characters read into yy_ch_buf */
+-yy_size_t yyleng;
++static int yy_n_chars;		/* number of characters read into yy_ch_buf */
++int yyleng;
+ 
+ /* Points to current character in buffer. */
+-static char *yy_c_buf_p = (char *) 0;
++static char *yy_c_buf_p = NULL;
+ static int yy_init = 0;		/* whether we need to initialize */
+ static int yy_start = 0;	/* start state number */
+ 
+@@ -285,84 +280,80 @@ static int yy_start = 0;	/* start state
+  */
+ static int yy_did_buffer_switch_on_eof;
+ 
+-void yyrestart (FILE *input_file  );
+-void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer  );
+-YY_BUFFER_STATE yy_create_buffer (FILE *file,int size  );
+-void yy_delete_buffer (YY_BUFFER_STATE b  );
+-void yy_flush_buffer (YY_BUFFER_STATE b  );
+-void yypush_buffer_state (YY_BUFFER_STATE new_buffer  );
+-void yypop_buffer_state (void );
+-
+-static void yyensure_buffer_stack (void );
+-static void yy_load_buffer_state (void );
+-static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file  );
+-
+-#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
+-
+-YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size  );
+-YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str  );
+-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,yy_size_t len  );
+-
+-void *yyalloc (yy_size_t  );
+-void *yyrealloc (void *,yy_size_t  );
+-void yyfree (void *  );
++void yyrestart ( FILE *input_file  );
++void yy_switch_to_buffer ( YY_BUFFER_STATE new_buffer  );
++YY_BUFFER_STATE yy_create_buffer ( FILE *file, int size  );
++void yy_delete_buffer ( YY_BUFFER_STATE b  );
++void yy_flush_buffer ( YY_BUFFER_STATE b  );
++void yypush_buffer_state ( YY_BUFFER_STATE new_buffer  );
++void yypop_buffer_state ( void );
++
++static void yyensure_buffer_stack ( void );
++static void yy_load_buffer_state ( void );
++static void yy_init_buffer ( YY_BUFFER_STATE b, FILE *file  );
++#define YY_FLUSH_BUFFER yy_flush_buffer( YY_CURRENT_BUFFER )
++
++YY_BUFFER_STATE yy_scan_buffer ( char *base, yy_size_t size  );
++YY_BUFFER_STATE yy_scan_string ( const char *yy_str  );
++YY_BUFFER_STATE yy_scan_bytes ( const char *bytes, int len  );
++
++void *yyalloc ( yy_size_t  );
++void *yyrealloc ( void *, yy_size_t  );
++void yyfree ( void *  );
+ 
+ #define yy_new_buffer yy_create_buffer
+-
+ #define yy_set_interactive(is_interactive) \
+ 	{ \
+ 	if ( ! YY_CURRENT_BUFFER ){ \
+         yyensure_buffer_stack (); \
+ 		YY_CURRENT_BUFFER_LVALUE =    \
+-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
++            yy_create_buffer( yyin, YY_BUF_SIZE ); \
+ 	} \
+ 	YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
+ 	}
+-
+ #define yy_set_bol(at_bol) \
+ 	{ \
+ 	if ( ! YY_CURRENT_BUFFER ){\
+         yyensure_buffer_stack (); \
+ 		YY_CURRENT_BUFFER_LVALUE =    \
+-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
++            yy_create_buffer( yyin, YY_BUF_SIZE ); \
+ 	} \
+ 	YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
+ 	}
+-
+ #define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
+ 
+ /* Begin user sect3 */
++typedef flex_uint8_t YY_CHAR;
+ 
+-typedef unsigned char YY_CHAR;
+-
+-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
++FILE *yyin = NULL, *yyout = NULL;
+ 
+ typedef int yy_state_type;
+ 
+ extern int yylineno;
+-
+ int yylineno = 1;
+ 
+ extern char *yytext;
++#ifdef yytext_ptr
++#undef yytext_ptr
++#endif
+ #define yytext_ptr yytext
+ 
+-static yy_state_type yy_get_previous_state (void );
+-static yy_state_type yy_try_NUL_trans (yy_state_type current_state  );
+-static int yy_get_next_buffer (void );
+-static void yy_fatal_error (yyconst char msg[]  );
++static yy_state_type yy_get_previous_state ( void );
++static yy_state_type yy_try_NUL_trans ( yy_state_type current_state  );
++static int yy_get_next_buffer ( void );
++static void yynoreturn yy_fatal_error ( const char* msg  );
+ 
+ /* Done after the current pattern has been matched and before the
+  * corresponding action - sets up yytext.
+  */
+ #define YY_DO_BEFORE_ACTION \
+ 	(yytext_ptr) = yy_bp; \
+-	yyleng = (yy_size_t) (yy_cp - yy_bp); \
++	yyleng = (int) (yy_cp - yy_bp); \
+ 	(yy_hold_char) = *yy_cp; \
+ 	*yy_cp = '\0'; \
+ 	(yy_c_buf_p) = yy_cp;
+-
+-#define YY_NUM_RULES 168
+-#define YY_END_OF_BUFFER 169
++#define YY_NUM_RULES 170
++#define YY_END_OF_BUFFER 171
+ /* This struct is not used in this scanner,
+    but its presence is necessary. */
+ struct yy_trans_info
+@@ -370,147 +361,149 @@ struct yy_trans_info
+ 	flex_int32_t yy_verify;
+ 	flex_int32_t yy_nxt;
+ 	};
+-static yyconst flex_int16_t yy_accept[1235] =
++static const flex_int16_t yy_accept[1261] =
+     {   0,
+         0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-      169,  167,  106,  109,  167,  167,  167,  167,  167,  111,
+-      111,  167,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,  167,  106,  167,  166,  165,  166,  166,  121,  119,
+-      121,  108,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  106,
+-      167,  107,  106,  167,    0,  116,    0,    0,  117,    0,
+-      111,    0,  115,  112,  115,  118,  110,  112,    0,  112,
+-      111,    0,   64,  114,  114,  114,  114,  114,  114,  114,
+-
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,   65,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,  120,
+-      114,  114,  114,  114,  114,  114,  114,   86,  114,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,    0,    0,    0,    0,    0,    0,  112,   83,  115,
+-      112,  110,  112,    0,  112,  113,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,   42,
+-
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,   16,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,  114,  114,  114,  114,  114,  114,
+-       85,  114,  114,  114,  114,  114,  114,  114,   94,  114,
+-      114,  114,  114,  114,    0,    0,  112,   55,  114,  114,
+-      114,   40,   38,  114,  114,  114,   48,  114,  114,  114,
+-      114,   43,  114,  114,  114,  114,  114,  114,  114,  114,
+-
+-      114,  114,  114,  114,  114,   53,  114,  114,  114,   46,
+-      114,    1,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,  157,   11,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,  164,  114,  104,  114,  114,  114,
+-      114,  114,  114,  114,   90,  114,  114,  114,  114,  114,
+-       97,  114,  114,   12,  114,  114,  114,  114,  114,  114,
+-      114,   27,   51,  114,  114,   54,   62,   44,  114,  114,
+-      114,  114,  114,   41,  114,  114,  114,   35,  114,  114,
+-
+-      114,   59,  114,  114,  114,  114,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-      105,  114,  114,  114,  114,  114,  114,  114,  114,   92,
+-      114,  114,  114,  114,  114,  114,  114,   37,  114,  114,
+-      114,  114,  114,  114,  114,   45,  114,  114,  114,  114,
+-      114,   29,  114,   49,   63,   52,   28,  114,  114,  114,
+-      114,  114,    0,    0,    0,    0,    0,    0,    0,    0,
+-
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,  114,  114,
+-      114,   84,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,  114,  114,   36,  114,  114,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-       31,  114,   32,  114,   56,  114,   47,   39,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-
+-        0,    0,   17,    0,    0,    0,    0,    0,    0,    0,
+-       21,    0,    0,    0,   24,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,  103,   34,  114,  114,  114,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,   75,  114,   60,  114,   58,
+-      114,   61,   50,    0,    0,    0,    0,    0,    0,    0,
+-        0,    3,    0,    0,    0,  122,    0,    0,    0,    0,
+-      127,   14,    0,    0,    0,  161,    0,   18,    0,    0,
+-       19,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-
+-        0,    0,    0,    0,    0,  162,    0,    0,    0,    0,
+-        0,    0,    0,  114,  114,  114,  114,   88,   89,   91,
+-      114,  114,  114,  114,  114,   33,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-       57,   30,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,  159,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,   25,
+-        0,   26,  137,    0,    0,  134,    0,    0,    0,  114,
+-      114,  114,  114,  114,   95,   96,  114,  114,  114,  114,
+-
+-      114,   69,   68,  114,  114,  114,   72,  114,  114,   74,
+-      114,  114,  114,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,  156,
+-       13,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,   23,    0,    0,    0,
+-        0,  153,    0,    0,    0,    0,    0,  114,  114,  114,
+-      114,  114,  114,  114,   76,  114,  114,  114,   71,   67,
+-       82,  114,  114,  114,  114,   81,  160,    2,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-
+-        0,    0,   20,  138,  136,    0,    0,  151,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,  114,  114,
+-      114,  114,  114,  114,  114,   73,  114,   66,  114,  114,
+-       79,   80,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,  158,    0,    0,
+-        0,  143,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,  114,  114,
+-      114,  114,  114,  114,  114,  114,   77,   78,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,  150,
+-
+-        0,    0,    0,    0,    0,    0,    0,  155,    0,    0,
+-        0,    0,  114,  114,  114,  114,  114,  114,  114,   70,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,   15,
+-        0,    0,    0,    0,    0,  139,  152,    0,    0,    0,
+-        0,    0,  114,  114,  114,  114,   93,  114,  114,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,  142,    0,    0,
+-        0,    0,    0,  129,    0,    0,    0,    0,  114,  101,
+-      114,  114,  114,   99,  144,    0,    0,    0,    0,    0,
+-
+-        4,    0,    0,    0,    0,    0,    8,    9,    0,    0,
+-        0,    0,    0,    0,   22,    0,    0,    0,  140,    0,
+-        0,  114,  114,  114,  114,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,   10,    0,    0,  133,    0,
+-      128,    0,    0,    0,    0,    0,  114,  114,   87,  114,
+-        0,    0,  148,    0,    0,    0,    0,    0,  124,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,  114,
+-      114,   98,    0,    0,    0,    0,    5,    0,    0,    0,
+-        0,  126,    0,  131,    0,    0,    0,  141,    0,  114,
+-      114,  149,  146,    0,  145,  123,    0,    0,    0,    0,
+-
+-        0,    0,  135,  163,  114,  114,  147,    0,    0,    0,
+-      154,    0,    0,  114,  114,  125,    0,    0,    0,  130,
+-      100,  114,    6,    0,  132,  114,    0,  114,    0,  114,
+-        7,  114,  102,    0
++      171,  169,  108,  111,  169,  169,  169,  169,  169,  113,
++      113,  169,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  169,  108,  169,  168,  167,  168,  168,  123,
++      121,  123,  110,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  108,  169,  109,  108,  169,    0,  118,    0,    0,
++      119,    0,  113,    0,  117,  114,  117,  120,  112,  114,
++        0,  114,  113,    0,   64,  116,  116,  116,  116,  116,
++
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,   65,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,  122,  116,  116,  116,  116,  116,  116,  116,
++       87,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,    0,    0,    0,    0,    0,
++        0,  114,   84,  117,  114,  112,  114,    0,  114,  115,
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++
++      116,  116,  116,  116,   42,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++       16,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,  116,
++      116,  116,  116,  116,  116,   86,  116,  116,  116,  116,
++      116,  116,  116,  116,   95,  116,  116,  116,  116,  116,
++        0,    0,  114,   55,  116,  116,  116,  116,   40,   38,
++      116,  116,  116,   48,  116,  116,  116,  116,   43,  116,
++
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,   53,  116,  116,  116,   46,  116,    1,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,  159,   11,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,  166,  116,  106,  116,  116,  116,  116,  116,  116,
++      116,   91,  116,  116,  116,  116,  116,  116,   98,  116,
++      116,   12,  116,  116,  116,  116,  116,  116,  116,  116,
++       27,   51,  116,  116,   54,   62,   44,  116,  116,  116,
++
++      116,  116,   41,  116,  116,  116,   35,  116,  116,  116,
++       59,  116,  116,  116,  116,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,  107,
++      116,  116,  116,  116,  116,  116,  116,  116,   93,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,   37,  116,
++      116,  116,  116,  116,  116,  116,   45,  116,  116,  116,
++      116,  116,   29,  116,   49,   63,   52,   28,  116,  116,
++
++      116,  116,  116,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,  116,
++      116,  116,   85,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,  116,   36,  116,  116,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,   31,  116,   32,  116,   56,  116,   47,
++       39,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,   17,    0,    0,    0,    0,
++        0,    0,    0,   21,    0,    0,    0,   24,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,  105,  116,   34,  116,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++       75,  116,   60,  116,   58,  116,   61,   50,    0,    0,
++        0,    0,    0,    0,    0,    0,    3,    0,    0,    0,
++      124,    0,    0,    0,    0,  129,   14,    0,    0,    0,
++
++      163,    0,   18,    0,    0,   19,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++      164,    0,    0,    0,    0,    0,    0,    0,  116,  116,
++      116,  116,   89,   90,   92,  116,  116,  116,  116,  116,
++      116,  116,   33,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,  116,  116,   57,   30,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,  161,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,   25,    0,   26,  139,
++
++        0,    0,  136,    0,    0,    0,  116,  116,  116,  116,
++      116,  116,   96,   97,  116,  116,   82,  116,  116,  116,
++       69,   68,  116,  116,  116,   72,  116,  116,   74,  116,
++      116,  116,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,  158,   13,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,   23,    0,    0,    0,    0,
++      155,    0,    0,    0,    0,    0,  116,  116,  116,  116,
++      116,  116,  116,  116,   76,  116,  116,  116,   71,   67,
++       83,  116,  116,  116,  116,   81,  162,    2,    0,    0,
++
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,   20,  140,  138,    0,    0,  153,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,  116,  116,
++      116,  116,  116,  116,  116,  116,   73,  116,   66,  116,
++      116,   79,   80,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,  160,    0,
++        0,    0,  145,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,   77,   78,
++
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,  152,    0,    0,    0,    0,    0,    0,    0,  157,
++        0,    0,    0,    0,  116,  116,  116,  116,  116,  116,
++      116,  116,   70,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,   15,    0,    0,    0,    0,    0,  141,  154,
++        0,    0,    0,    0,    0,  116,  116,  116,  116,  116,
++       94,  116,  116,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++
++        0,  144,    0,    0,    0,    0,    0,  131,    0,    0,
++        0,    0,  116,  103,  116,  116,  116,  116,  101,  146,
++        0,    0,    0,    0,    0,    4,    0,    0,    0,    0,
++        0,    8,    9,    0,    0,    0,    0,    0,    0,   22,
++        0,    0,    0,  142,    0,    0,  116,  116,  116,  100,
++      116,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,   10,    0,    0,  135,    0,  130,    0,    0,    0,
++        0,    0,  116,  116,   88,  116,    0,    0,  150,    0,
++        0,    0,    0,    0,  126,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,  116,  116,   99,    0,    0,
++
++        0,    0,    5,    0,    0,    0,    0,  128,    0,  133,
++        0,    0,    0,  143,    0,  116,  116,  151,  148,    0,
++      147,  125,    0,    0,    0,    0,    0,    0,  137,  165,
++      116,  116,  149,    0,    0,    0,  156,    0,    0,  116,
++      116,  127,    0,    0,    0,  132,  102,  116,    6,    0,
++      134,  116,    0,  116,    0,  116,    7,  116,  104,    0
+     } ;
+ 
+-static yyconst flex_int32_t yy_ec[256] =
++static const YY_CHAR yy_ec[256] =
+     {   0,
+         1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
+         1,    1,    4,    1,    1,    1,    1,    1,    1,    1,
+@@ -542,7 +535,7 @@ static yyconst flex_int32_t yy_ec[256] =
+         1,    1,    1,    1,    1
+     } ;
+ 
+-static yyconst flex_int32_t yy_meta[71] =
++static const YY_CHAR yy_meta[71] =
+     {   0,
+         1,    1,    2,    1,    1,    1,    1,    1,    1,    1,
+         1,    3,    3,    3,    4,    4,    1,    4,    4,    4,
+@@ -553,614 +546,629 @@ static yyconst flex_int32_t yy_meta[71]
+         3,    3,    3,    3,    3,    3,    3,    3,    3,    1
+     } ;
+ 
+-static yyconst flex_int16_t yy_base[1243] =
++static const flex_int16_t yy_base[1269] =
+     {   0,
+-        0,   69, 2841,   70,   71,   74,   76,   76, 2835,   81,
+-     2842, 2845, 2845, 2845,   74,   83,   78,   88,   78,  129,
+-     2774, 2823,   83,   95,   98,  103,  107,  135,  141,  147,
+-      156,  150,  159,  163,  169,  185,  203,  208,  212,  218,
+-      223, 2769,  144,  260, 2845, 2845,  172, 2816, 2845, 2845,
+-     2823, 2845,  227,  230,  238,  288,  292,  299,  296,  303,
+-      306,  311,  241,  314,  317,  323,  350,  326,  369,  184,
+-     2814, 2845,  201, 2813,  121, 2845, 2831,  216, 2845,   90,
+-     2766,  175,  250,  375,  192, 2845,    0,  379,  394, 2845,
+-     2845,    0, 2845,  336,  402,  408,  420,  423,  426,  429,
+-
+-      433,  436,  442,  445,  448,  451,  454,  457,  464,  467,
+-      471,  474,  480,  483,  489,  498,  502,  505,  517,  522,
+-      525,  531,  537,  540,  547, 2845,  232,    0,  321, 2806,
+-      154,   64,  134,  253,  225, 2777,  489, 2776,  518, 2769,
+-      511, 2782, 2777,  179, 2768, 2771,  366, 2802, 2765, 2845,
+-      561,  567,  570,  576,  583,  589,  592,  595,  598,  601,
+-      606,  610,  615,  623,  626,  629,  632,  639,  635,  644,
+-      648,  390, 2800, 2754,  406, 2798,  207,  648,  366,  665,
+-      511,    0,  688,  141,  670,    0,  661,  693,  675,  700,
+-      703,  711,  714,  718,  721,  728,  731,  734,  737,  740,
+-
+-      745,  748,  754,  757,  773,  776,  782,  787,  790,  793,
+-      796,  799,  804,  807,  811,  815,  821,  825,  834,  838,
+-     2793, 2770, 2754,  297, 2757,  717, 2764, 2766, 2764,  794,
+-     2766, 2753,  191, 2747, 2760, 2845, 2748,  345, 2759,  311,
+-     2743, 2756, 2741, 2755,   34, 2740,  439, 2747, 2737, 2742,
+-     2738, 2743, 2735, 2746,  855,  858,  864,  867,  873,  877,
+-      880,  883,  886,  889,  892,  898,  901,  908,  912,  915,
+-      918,  931,  934,  923, 2745,  941,  946,  951,  958,  962,
+-      974,  977,  986,  989,  992, 1000, 1003, 1006, 1009, 1012,
+-     1015, 1018, 1021, 1024, 1027, 1030, 1033, 1036, 1040, 1049,
+-
+-     1052, 1062, 1079, 1083, 1088, 1091, 1094, 1097, 1105, 1108,
+-     1111, 2845, 2743, 2733, 2741, 2740, 2740, 2728,  362, 2719,
+-     2740, 2723, 2845, 2734, 2724, 2721, 2718, 2734, 2723, 2717,
+-     2757, 2726, 2716, 2718, 2710, 2709, 2721, 2720, 2709, 2715,
+-     2703, 2712, 2710, 2701, 2711, 2699, 1051, 2701, 2698, 2739,
+-     2708, 2707, 2693, 2692, 2845, 1116, 1119, 1122, 1128, 1132,
+-     1138, 1143, 1146, 1149, 1162, 1166, 1173, 1176, 1180, 1185,
+-     1191, 1199, 1202, 2845, 1205, 1209, 1219, 1215, 1230, 1225,
+-     1239, 1246, 1257, 1260, 1264, 1267, 1270, 1273, 1276, 1279,
+-     1282, 1285, 1289, 1292, 1295, 1301, 1304, 1307, 1310, 1313,
+-
+-     1316, 1326, 1334, 1340, 1343, 1347, 2692, 2720, 2689, 2695,
+-     2686, 2690, 2689, 2697, 2692, 2681, 2681, 2683, 2681, 2695,
+-     2676, 2683, 2688, 2691, 2677, 2704, 2673, 2669, 2678, 2685,
+-     2672, 2678, 2678, 2668, 2670, 2666, 2668, 2672, 2668, 2695,
+-     2662, 2669, 2650, 2667, 2666, 2656, 2658,  546,  536, 2649,
+-     1351, 1356, 1359, 1366, 1369, 1373, 1381, 1387, 1392, 1395,
+-     1398, 1401, 1404, 1411, 1416, 1423, 1426, 1429, 1433, 1442,
+-     1439, 1471, 1474, 1477, 1480, 1483, 1487, 1498, 1501, 1504,
+-     1507, 1510, 1513, 1516, 1519, 1522, 1525, 1533, 1536, 1539,
+-     1543, 1549, 2650, 2643, 1545, 2660, 2653, 2646, 2651, 2645,
+-
+-     2647, 2648, 2642, 2639, 2638, 2652, 2638, 2644, 2651, 2631,
+-     2646, 2648, 2630, 2643, 2645, 2632, 2627, 2634, 2638, 2637,
+-     2635, 2626, 2633, 2623, 2623, 2622, 2625, 2615, 2614, 2615,
+-     2655, 2625, 2619, 2613,  363, 2612, 2611, 2623, 1554, 1559,
+-     1564, 1570, 1579, 1588, 1591, 1597, 1601, 1604, 1607, 1612,
+-     1617, 1620, 1623, 1635, 1643, 1646, 1649, 1657, 1663, 1668,
+-     1678, 1681, 1684, 1687, 1690, 1696, 1700, 1703, 1712, 1715,
+-     1718, 1722, 1725, 1728, 1732, 1735, 1738, 1741, 2648, 2636,
+-     2602, 2612, 2614, 2613, 2601, 2615, 2610, 2605, 2604, 2594,
+-     2604, 2592, 2600, 2599, 2602, 2588, 2600, 2587, 2587, 2597,
+-
+-     2596, 2588, 2845, 2594, 2587, 2594, 2591, 2584, 2602, 2618,
+-      567, 2591, 2616, 2574, 2845, 2580, 2570, 2579, 2578, 2567,
+-     2570, 2578, 2569, 2577, 2579, 2566, 2574, 2560, 2565, 1744,
+-     1749, 1755, 1767, 1761, 1773, 1776, 1779, 1782, 1785, 1789,
+-     1801, 1804, 1808, 1812, 1815, 1833, 1836, 1845, 1851, 1854,
+-     1857, 1860, 1863, 1870, 1874, 1882, 1886, 1889, 1892, 1897,
+-     1900, 1903, 1906, 2561, 2573, 2565, 2547, 2546, 2539, 2536,
+-     2527, 2845, 2525, 2538,  593, 2845, 1313, 2528, 2526, 2535,
+-     2845, 2845, 2537, 2562, 2520, 2845, 2530, 2845, 2525, 2528,
+-     2845, 2527, 2506, 2514, 2513, 2521, 2514, 2510, 2511, 2503,
+-
+-     2511, 2505, 2504, 2493, 2511, 2845, 2509, 2508, 2508, 2493,
+-     2505, 2491,  680, 1909, 1912, 1916, 1919, 1922, 1925, 1931,
+-     1934, 1938, 1944, 1954, 1957, 1960, 1963, 1966, 1969, 1973,
+-     1978, 1987, 1993, 2004, 2009, 2012, 2015, 2022, 2025, 2028,
+-     2035, 2040, 2504, 2494, 2492, 2480, 2487, 2515, 2465, 2466,
+-     2465, 2458, 2438, 2439, 2388, 2388, 2393, 2377, 2387, 2379,
+-      837, 2373, 2373, 2368, 2367, 2362, 2399, 2845, 2334, 2340,
+-     2338, 2340, 2336, 2311, 2297, 2291, 2297, 2293, 2268, 2845,
+-     2268, 2845, 2845, 2259, 2286, 2845, 2277, 2255, 2239, 2043,
+-     2049, 2052, 2055, 2058, 2062, 2065, 2068, 2071, 2077, 2080,
+-
+-     2083, 2086, 2095, 2099, 2110, 2113, 2116, 2124, 2127, 2130,
+-     2137, 2140, 2143, 2245, 2243, 2242, 2241, 2233, 2188, 2196,
+-     2225, 2213, 2163, 2166,  231, 2175, 2174, 2157, 2145, 2845,
+-     2845, 2145, 2152, 2123, 2136, 2127, 2118, 2107, 2119, 2087,
+-     2095, 2084, 2083, 2082, 2062, 2067, 2845, 2069, 2049, 2083,
+-     2067, 2845, 2025, 2000, 2000,  673, 1989, 2146, 2150, 2158,
+-     2161, 2165, 2169, 2172, 2175, 2180, 2184, 2187, 2195, 2198,
+-     2204, 2216, 2219, 2222, 2225, 2228, 2845, 2845, 1983, 1979,
+-     1966, 1955, 1995, 1948, 1949, 1953, 1945, 1933, 1928, 1932,
+-     1934, 1918, 1913, 1913, 1914, 1894, 1894, 1891, 1920, 1861,
+-
+-     1828, 1840, 2845, 2845, 2845, 1829, 1813, 2845, 1804, 1800,
+-     1793, 1792, 1820, 1790, 1789, 1780, 1786, 1774, 2237, 2242,
+-     2245, 2250, 2253, 2256, 2259, 2262, 2265, 2268, 2271, 2274,
+-     2277, 2285, 1811, 1779, 1768, 1752, 1744, 1756, 1756, 1755,
+-     1746, 1735, 1717, 1708, 1721, 1702, 1703, 2845, 1710, 1672,
+-     1662, 2845, 1659, 1657, 1634, 1636, 1624, 1617, 1618, 1604,
+-     1616, 1605, 1592, 1600, 1589, 1624, 1589, 1578, 2299, 2303,
+-     2308, 2311, 2315, 2318, 2321, 2324, 2327, 2335, 1579, 1571,
+-     1556, 1543, 1547, 1546, 1531, 1564, 1522, 1568, 1536, 1518,
+-     1520, 1501, 1496, 1508, 1518, 1522, 1491, 1458, 1448, 2845,
+-
+-     1485, 1440, 1440, 1435, 1430, 1427, 1427, 2845, 1409, 1410,
+-     1418, 1441, 2338, 2341, 2344, 2352, 2357, 2362, 2365, 2368,
+-     1411, 1409, 1383, 1411, 1375, 1370, 1363, 1344, 1337, 1340,
+-     1371, 1336, 1330, 1317, 1307, 1313, 1312, 1285, 1291, 2845,
+-     1274, 1272, 1262, 1254, 1204, 2845, 2845, 1214, 1214, 1212,
+-     1193, 1203, 2371, 2379, 2384, 2387, 2391, 2398, 2394, 1198,
+-     1174, 1159, 1150, 1158, 1145, 1151, 1151, 1145, 1145, 1123,
+-     1123, 1125, 1121, 1110, 1148, 1109, 1116, 2845, 1144, 1104,
+-     1098, 1084, 1084, 2845, 1087, 1076, 1095,   78, 2401, 2404,
+-     2409, 2414, 2421, 2438, 2845,  175,  207,  199,  199,  268,
+-
+-     2845,  250,  302,  271,  294,  307, 2845, 2845,  310,  392,
+-      389,  423,  415,  440, 2845,  445,  448,  488, 2845,  467,
+-      483, 2441, 2444, 2447, 2450,  496,  517,  541,  579,  562,
+-      569,  574,  606,  619,  756, 2845,  633,  671, 2845,  648,
+-     2845,  649,  660,  678,  706,  707, 2453, 2456, 2459, 2462,
+-      723,  732, 2845,  723,  742,  764,  777,  810, 2845,  772,
+-      787,  794,  790,  803,  797,  840,  824,  832,  857, 2467,
+-     2470, 2473,  866,  868,  884,  890, 2845,  891,  891,  893,
+-      907, 2845,  917, 2845,  957,  919,  930, 2845,  922, 2480,
+-     2476, 2845, 2845,  934, 2845, 2845,  944,  938,  938,  961,
+-
+-      998, 1009, 2845, 2845, 2483, 2489, 2845, 1017, 1023, 1025,
+-     2845, 1023, 1029, 2494, 2498, 2845, 1019, 1022, 1038, 2845,
+-     2506, 2509, 2845, 1025, 2845, 2513, 1037, 2519, 1062, 2526,
+-     2845, 2533, 2536, 2845, 2594, 2598, 2602, 2606, 2608, 2610,
+-     2614, 1109
++        0,   69, 2946,   70,   71,   74,   76,   76, 2940,   81,
++     2947, 2950, 2950, 2950,   74,   83,   78,   88,   78,  129,
++     2879, 2928,   83,   95,   98,  102,  136,  141,  151,  147,
++      156,  159,  162,  169,  175,  178,  185,  189,  204,  212,
++      217,  220, 2874,  115,  259, 2950, 2950,  117, 2921, 2950,
++     2950, 2928, 2950,  223,  246,  249,  287,  261,  296,  301,
++      290,  304,  310,  313,  316,  322,  348,  353,  358,  366,
++      375,  206, 2919, 2950,  238, 2918,  151, 2950, 2936,  244,
++     2950,   90, 2871,  172,  361,  421,  197, 2950,    0,  398,
++      380, 2950, 2950,    0, 2950,  387,  418,  428,  438,  442,
++
++      445,  448,  451,  454,  464,  467,  470,  473,  476,  479,
++      486,  489,  493,  496,  501,  504,  507,  510,  513,  523,
++      528,  531,  540,  545,  551,  561,  564,  568, 2950,  284,
++        0,  273, 2911,  189,   70,  183,  291,  299, 2882,  388,
++     2881,  335, 2874,  532, 2887, 2882,   89, 2873, 2876,  351,
++     2907, 2870, 2950,  582,  585,  588,  594,  597,  602,  611,
++      614,  617,  620,  623,  627,  633,  639,  642,  645,  648,
++      652,  655,  663,  667,  677,  391, 2905, 2859,  416, 2903,
++      197,  677,  370,  694,  390,    0,  703,  162,  699,    0,
++      717,  720,  723,  727,  730,  743,  746,  749,  752,  755,
++
++      761,  764,  767,  775,  771,  778,  781,  784,  788,  793,
++      802,  806,  810,  815,  820,  823,  826,  829,  834,  837,
++      847,  850,  857,  860,  864, 2898, 2875, 2859,  232, 2862,
++      510, 2869, 2871, 2869,  284, 2871, 2858,  202, 2852, 2865,
++     2950, 2853,  834, 2864,  303, 2848, 2861, 2846, 2860,   34,
++     2845,  489, 2852, 2842, 2847, 2843, 2848, 2840, 2851,  867,
++      886,  889,  893,  899,  902,  905,  909,  912,  918,  926,
++      929,  934,  938,  942,  948,  953,  957,  960,  967,  973,
++     2850,  976,  981, 1001, 1004, 1007, 1010, 1015, 1024, 1027,
++     1031, 1040, 1043, 1046, 1050, 1055, 1058, 1061, 1064, 1067,
++
++     1070, 1073, 1076, 1082, 1088, 1094, 1097, 1108, 1118, 1121,
++     1125, 1133, 1136, 1140, 1143, 1146, 1149, 1152, 2950, 2848,
++     2838, 2846, 2845, 2845, 2833,  525, 2824, 2845, 2828, 2950,
++     2839, 2829, 2826, 2823, 2839, 2828, 2822, 2862, 2831, 2821,
++     2823, 2815, 2814, 2826, 2825, 2814, 2820, 2808, 2817, 2815,
++     2806, 2816, 2804,  668, 2806, 2803, 2844, 2813, 2812, 2798,
++     2797, 2950, 1161, 1164, 1170, 1173, 1178, 1184, 1188, 1191,
++     1194, 1202, 1207, 1210, 1213, 1220, 1223, 1226, 1231, 1236,
++     1244, 2950, 1247, 1264, 1277, 1290, 1293, 1296, 1299, 1303,
++     1306, 1310, 1313, 1324, 1329, 1332, 1335, 1338, 1341, 1344,
++
++     1347, 1352, 1355, 1361, 1364, 1367, 1370, 1373, 1376, 1379,
++     1389, 1396, 1402, 1406, 1410, 2797, 2825, 2794, 2800, 2791,
++     2795, 2794, 2802, 2797, 2786, 2786, 2788, 2786, 2800, 2781,
++     2788, 2793, 2796, 2782, 2809, 2778, 2774, 2783, 2790, 2777,
++     2783, 2783, 2773, 2775, 2771, 2773, 2777, 2773, 2800, 2767,
++     2774, 2755, 2772, 2771, 2761, 2763,  385,  233, 2754, 1414,
++     1419, 1422, 1429, 1435, 1444, 1449, 1454, 1457, 1460, 1463,
++     1468, 1474, 1477, 1480, 1488, 1494, 1497, 1507, 1500, 1510,
++     1514, 1535, 1543, 1546, 1549, 1559, 1555, 1564, 1570, 1574,
++     1577, 1580, 1583, 1586, 1589, 1592, 1595, 1598, 1601, 1607,
++
++     1610, 1616, 1622, 2755, 2748, 1606, 2765, 2758, 2751, 2756,
++     2750, 2752, 2753, 2747, 2744, 2743, 2757, 2743, 2749, 2756,
++     2736, 2751, 2753, 2735, 2748, 2750, 2737, 2732, 2739, 2743,
++     2742, 2740, 2731, 2738, 2728, 2728, 2727, 2730, 2720, 2719,
++     2720, 2760, 2730, 2724, 2718,  373, 2717, 2716, 2728, 1625,
++     1637, 1640, 1643, 1649, 1653, 1656, 1661, 1664, 1668, 1674,
++     1677, 1680, 1683, 1696, 1702, 1705, 1708, 1712, 1715, 1723,
++     1730, 1733, 1748, 1737, 1751, 1756, 1759, 1763, 1767, 1772,
++     1778, 1783, 1786, 1789, 1793, 1796, 1799, 1804, 1807, 1810,
++     1813, 2753, 2741, 2707, 2717, 2719, 2718, 2706, 2720, 2715,
++
++     2710, 2709, 2699, 2709, 2697, 2705, 2704, 2707, 2693, 2705,
++     2692, 2692, 2702, 2701, 2693, 2950, 2699, 2692, 2699, 2696,
++     2689, 2707, 2723,  536, 2696, 2721, 2679, 2950, 2685, 2675,
++     2682, 2659, 2648, 2651, 2659, 2650, 2658, 2660, 2647, 2655,
++     2641, 2646, 1816, 1820, 1823, 1826, 1832, 1838, 1841, 1845,
++     1848, 1851, 1860, 1863, 1871, 1877, 1886, 1880, 1889, 1896,
++     1893, 1901, 1916, 1920, 1923, 1926, 1929, 1932, 1943, 1951,
++     1954, 1959, 1962, 1965, 1970, 1973, 1976, 1979, 2641, 2652,
++     2646, 2650, 2649, 2642, 2639, 2630, 2950, 2627, 2640,  566,
++     2950, 1158, 2630, 2628, 2637, 2950, 2950, 2638, 2663, 2621,
++
++     2950, 2630, 2950, 2625, 2628, 2950, 2627, 2608, 2616, 2612,
++     2620, 2598, 2594, 2594, 2559, 2567, 2557, 2555, 2532, 2550,
++     2950, 2547, 2546, 2545, 2529, 2541, 2507,  395, 1982, 1988,
++     1991, 1994, 1997, 2000, 2004, 2007, 2011, 2014, 2021, 2029,
++     2032, 2035, 2041, 2044, 2054, 2058, 2066, 2070, 2077, 2080,
++     2092, 2096, 2099, 2102, 2110, 2113, 2116, 2061, 2123, 2520,
++     2476, 2477, 2463, 2470, 2491, 2437, 2449, 2447, 2446, 2429,
++     2430, 2416, 2416, 2422, 2404, 2415, 2390,  957, 2384, 2386,
++     2357, 2349, 2347, 2387, 2950, 2334, 2344, 2342, 2338, 2335,
++     2304, 2282, 2277, 2283, 2268, 2250, 2950, 2246, 2950, 2950,
++
++     2244, 2273, 2950, 2253, 2222, 2206, 2128, 2131, 2136, 2139,
++     2142, 2145, 2150, 2153, 2156, 2162, 2165, 2170, 2173, 2184,
++     2196, 2201, 2204, 2207, 2213, 2218, 2224, 2227, 2230, 2237,
++     2240, 2243, 2215, 2196, 2195, 2215, 2214, 2169, 2173, 2203,
++     2181, 2141, 2144,  433, 2153, 2151, 2131, 2133, 2950, 2950,
++     2130, 2138, 2113, 2126, 2123, 2121, 2100, 2100, 2079, 2082,
++     2081, 2070, 2068, 2044, 2051, 2950, 2051, 2040, 2068, 2065,
++     2950, 2008, 2006, 2005,  275, 2001, 2246, 2250, 2258, 2261,
++     2264, 2269, 2272, 2275, 2278, 2285, 2288, 2291, 2298, 2302,
++     2309, 2313, 2320, 2323, 2326, 2329, 2950, 2950, 1999, 1995,
++
++     1987, 1986, 2020, 1973, 1977, 1981, 1972, 1934, 1929, 1918,
++     1902, 1914, 1908, 1905, 1905, 1890, 1889, 1876, 1904, 1877,
++     1857, 1862, 2950, 2950, 2950, 1846, 1839, 2950, 1830, 1827,
++     1820, 1811, 1849, 1818, 1818, 1792, 1794, 1755, 2335, 2338,
++     2343, 2346, 2351, 2354, 2357, 2360, 2363, 2366, 2369, 2373,
++     2376, 2384, 2388, 1768, 1736, 1731, 1716, 1694, 1706, 1706,
++     1690, 1694, 1683, 1652, 1648, 1655, 1639, 1639, 2950, 1650,
++     1634, 1625, 2950, 1612, 1611, 1593, 1595, 1583, 1584, 1578,
++     1569, 1568, 1531, 1520, 1524, 1509, 1544, 1492, 1483, 2401,
++     2404, 2409, 2412, 2415, 2418, 2421, 2424, 2427, 2430, 2438,
++
++     1480, 1487, 1481, 1468, 1478, 1453, 1439, 1469, 1429, 1476,
++     1433, 1418, 1424, 1396, 1396, 1404, 1428, 1431, 1401, 1395,
++     1385, 2950, 1420, 1374, 1375, 1383, 1362, 1361, 1357, 2950,
++     1341, 1340, 1347, 1371, 2441, 2444, 2447, 2451, 2465, 2468,
++     2471, 2474, 2482, 1345, 1321, 1320, 1342, 1283, 1283, 1275,
++     1271, 1240, 1243, 1277, 1242, 1236, 1233, 1219, 1225, 1230,
++     1224, 1231, 2950, 1221, 1215, 1223, 1224, 1205, 2950, 2950,
++     1217, 1216, 1214, 1201, 1208, 2490, 2493, 2496, 2500, 2504,
++     2509, 2513, 2518, 1203, 1190, 1185, 1182, 1179, 1167, 1167,
++     1163, 1159, 1147, 1112, 1110, 1115, 1093, 1081, 1108, 1069,
++
++     1076, 2950, 1103, 1069, 1067, 1052, 1059, 2950, 1062, 1048,
++     1077,   68, 2523, 2526, 2529, 2532, 2535, 2541, 2548, 2950,
++      126,  174,  178,  226,  273, 2950,  248,  348,  376,  404,
++      443, 2950, 2950,  446,  452,  469,  483,  512,  533, 2950,
++      558,  558,  599, 2950,  561,  593, 2551, 2554, 2561, 2564,
++     2567,  584,  611,  622,  653,  623,  630,  636,  635,  653,
++      684, 2950,  664,  696, 2950,  675, 2950,  686,  689,  689,
++      702,  714, 2570, 2573, 2576, 2590,  722,  754, 2950,  750,
++      761,  775,  795,  832, 2950,  795,  801,  807,  807,  825,
++      826,  865,  842,  842,  844, 2593, 2596, 2599,  845,  858,
++
++      878,  878, 2950,  883,  876,  876,  892, 2950,  904, 2950,
++      937,  899,  913, 2950,  916, 2606, 2612, 2950, 2950,  939,
++     2950, 2950,  949,  942,  944,  953,  946,  957, 2950, 2950,
++     2615, 2619, 2950,  958,  963,  979, 2950,  977,  980, 2623,
++     2626, 2950,  971,  983,  997, 2950, 2629, 2633, 2950,  997,
++     2950, 2636, 1004, 2645, 1041, 2649, 2950, 2652, 2655, 2950,
++     2713, 2717, 2721, 2725, 2727, 2729, 2733, 1088
+     } ;
+ 
+-static yyconst flex_int16_t yy_def[1243] =
++static const flex_int16_t yy_def[1269] =
+     {   0,
+-     1234,    1, 1235, 1235, 1236, 1236,    1,    7,    1,    1,
+-     1234, 1234, 1234, 1234, 1237, 1238, 1234, 1239, 1234, 1234,
+-       20, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1234,
+-       44, 1234, 1234,   44, 1237, 1234, 1237, 1238, 1234, 1234,
+-       20, 1239, 1239, 1239, 1239, 1234, 1241, 1234, 1234, 1234,
+-     1234, 1242, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1234, 1234,   44, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1234,   44, 1234, 1234,   44, 1234, 1234, 1239, 1239,
+-     1239, 1241, 1234, 1234, 1234, 1242, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1234, 1239, 1239, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1234, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-
+-     1240, 1240, 1240, 1240, 1240, 1240, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234,
+-
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1240, 1240, 1240, 1240, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240, 1240, 1240,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240,
+-     1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240,
+-     1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-
+-     1234, 1234, 1234, 1234, 1240, 1240, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1240, 1240, 1234, 1234, 1234, 1234, 1234,
+-     1240, 1240, 1234, 1234, 1234, 1240, 1234, 1240, 1234, 1240,
+-     1234, 1240, 1240,    0, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234
++     1260,    1, 1261, 1261, 1262, 1262,    1,    7,    1,    1,
++     1260, 1260, 1260, 1260, 1263, 1264, 1260, 1265, 1260, 1260,
++       20, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1260,   45, 1260, 1260,   45, 1263, 1260, 1263, 1264,
++     1260, 1260,   20, 1265, 1265, 1265, 1265, 1260, 1267, 1260,
++     1260, 1260, 1260, 1268, 1260, 1266, 1266, 1266, 1266, 1266,
++
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1260, 1260,
++       45, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1260,   45, 1260, 1260,   45,
++     1260, 1260, 1265, 1265, 1265, 1267, 1260, 1260, 1260, 1268,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1260, 1265, 1265, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++
++     1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++
++     1260, 1260, 1260, 1260, 1260, 1260, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1260, 1260, 1260, 1260,
++
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1266, 1266, 1266, 1266,
++     1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1266, 1266, 1266, 1266, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1266, 1266, 1266, 1260, 1260,
++
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1266, 1266, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266,
++     1266, 1260, 1260, 1260, 1260, 1260, 1266, 1266, 1260, 1260,
++     1260, 1266, 1260, 1266, 1260, 1266, 1260, 1266, 1266,    0,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260
+     } ;
+ 
+-static yyconst flex_int16_t yy_nxt[2916] =
++static const flex_int16_t yy_nxt[3021] =
+     {   0,
+        12,   13,   14,   13,   15,   12,   16,   12,   12,   12,
+        12,   17,   18,   19,   20,   21,   22,   23,   23,   23,
+        23,   23,   23,   23,   23,   23,   23,   23,   23,   23,
+-       24,   23,   23,   25,   23,   26,   23,   23,   23,   23,
+-       23,   23,   23,   12,   23,   23,   27,   28,   29,   30,
+-       31,   23,   23,   32,   23,   33,   23,   34,   35,   36,
+-       23,   37,   38,   39,   40,   41,   23,   23,   23,   42,
+-       43,   47,   46,   50,   44,   48,   50,   70,   76,  344,
+-       51,   71,   73,   51,   52,   79,   74,   86,   72,   79,
+-       80,   87,   81,   81,   82,   85,   82,  345,   53,   82,
+-
+-       83,   82,   84,   84,  178,  178,   82,   85,   82,   82,
+-       85,   82,   54,  227,   82,   85,   82,   77,   82,   85,
+-       82,   55,  228,   56,   57,   76,   58,   59,   97,   60,
+-       61,   62,   95,   63,   64, 1121,   65,   66,   67,   68,
+-       69,   88,   96,   81,   81,  127,   82,   85,   82,  128,
+-       89,   90,   82,   85,   82,  185,  185,   91,   82,   85,
+-       82,   82,   85,   82,   77,   98,   91,   82,   85,   82,
+-       82,   85,   82,  147,   82,   85,   82,  148,   89,   90,
+-       82,   85,   82,  225,   91,  172,   82,   99,   82,  173,
+-      100,  229,   91,  101, 1126,   92,   82,   85,   82,  102,
+-
+-      230,  105,  175,   82,  103,   82,  176,  108,  110,  106,
+-      329,  107,  226,  104,   82,   85,   82,  109,   79,   82,
+-       85,   82,   79,   82,   85,   82, 1127,  330,  111,   82,
+-       85,   82,  250,  127,   82,   85,   82,  128,   82,   85,
+-       82,   82,   85,   82,  233,  112,  251, 1128,  113,   82,
+-       85,   82,   82,   85,   82,  114,  115,  118,  116, 1129,
+-      119,   82,  179,   82,  275,  117,  888,  889,  120,  122,
+-      125,  123,  151,  230,  234,  121,  124,  129,  130,  131,
+-      132,  133,  134,  135,  136,  137,  162, 1130,  138,  139,
+-      152,  140,  141,  153,  142,  143,  144,  145,  146,   82,
+-
+-       85,   82,  231,   82,   85,   82,  232,   82,   85,   82,
+-       82,   85,   82, 1131,   82,   85,   82,   82,   85,   82,
+-      315, 1132,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,  316, 1133,  154,   82,   85,   82,   82,   85,   82,
+-       99,  155, 1134,  100,  105,  157,  101,   82,   85,   82,
+-      102,  158,  106,  221,  107,  159,  160,  156, 1135, 1136,
+-      108,   82,   85,   82,  161,  338,  165,  147,  222,  109,
+-      339,  148,  166,  163,  164,  114,  167,   82,  116,   82,
+-       82,   85,   82,  122,  223,  117,   82,  170,   82,   84,
+-       84,  172,  334,  183,  183,  173,  180,  181,  335,  118,
+-
+-       89,   90,  119,  168,  184,  184,  336,  175,  185,  185,
+-      120,  176,  625,   82,   85,   82,  626,  169,  171,   82,
+-       85,   82,  123,  413,  180,  181,  414,  124,   89,   90,
+-      187,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,  188,   82,   85,   82,   82,   85,   82,
+-     1137, 1138,  189,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,  191, 1139, 1140,  192,   82,   85,   82,   82,   85,
+-       82,  190,   82,   85,   82,   82,   85,   82,  347, 1141,
+-      193,   82,   85,   82,   82,   85,   82,  348, 1142,  194,
+-
+-       82,   85,   82,  197,  196,  195, 1143, 1144,  198,   82,
+-       85,   82,  199,   82,   85,   82,   82,   85,   82,  200,
+-      203,  201,   82,  202,   82, 1145,  206,  204,   82,   85,
+-       82, 1146,  205,   82,   85,   82,   82,   85,   82,  236,
+-      208,  207,   82,   85,   82,  237,  238,  211,   82,   85,
+-       82,   82,   85,   82, 1151,  536,  210,  209,   82,   85,
+-       82,  213,  212,  240,  244,  534,  245,  241,  537,  246,
+-      535,  247,   82,   85,   82, 1152,  242,  214,   82,   85,
+-       82,   82,   85,   82,  216,  215,  695,   82,   85,   82,
+-     1153,  696,  217,  219,   82,   85,   82,  218, 1154,  220,
+-
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,  753,  255,   82,   85,   82,
+-     1155,   82,   85,   82, 1156,  257,   82,   85,   82,  754,
+-      256,  258, 1157,  259,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,  260,
+-       82,   85,   82,  264,  261,   82,   85,   82,  263,   82,
+-       85,   82,  178,  178,  203,  262,  265, 1158, 1159,   89,
+-       90,  267,   82,   85,   82,  184,  276,  266,   82,  277,
+-      277, 1162,  268,  270,  185,  185,   82,   85,   82,  278,
+-     1163,  269,   90,  273,  272,  271, 1164,   89,   90,  788,
+-
+-      209,  789,  183,  183,   82,   85,   82, 1165,  274,   89,
+-       90,   82,   85,   82,   82,   85,   82, 1166,  279,  281,
+-       90,  280,   82,   85,   82,   82,   85,   82,  916,   82,
+-       85,   82,   82,   85,   82,  917, 1167,   89,   90,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82, 1168,  282,   82,   85,   82,   82,
+-       85,   82, 1169,  283,  286,   82,   85,   82,   82,   85,
+-       82, 1173,  284,  318,  319,  285,  320,  287, 1160,  290,
+-     1174, 1175,  291,  288,   82,   85,   82,   82,   85,   82,
+-     1176, 1161,  289,   82,   85,   82,  292,  293,   82,   85,
+-
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82, 1177,  294,   82,   85,   82,   82,   85,
+-       82,  295,   82,   85,   82, 1178,   82,   85,   82, 1179,
+-     1180,  297,   82,   85,   82,  296,   82,   85,   82,  300,
+-     1181,  324,  298, 1182,  299,   82,   85,   82, 1183,   82,
+-       85,   82, 1184,  325, 1185,  301,  326,  832,  302, 1186,
+-      306,  833,  303,  304,  307,  305,   82,   85,   82,   82,
+-       85,   82, 1187,  834,  308,   82,   85,   82,   82,   85,
+-       82, 1188,  310,  311,   82,   85,   82,  309,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-
+-       82,   85,   82,   82,   85,   82, 1189,  357,  358,   82,
+-       85,   82,   82,   85,   82, 1192,  356, 1193,  360,   82,
+-       85,   82,  359,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82, 1194,  361,   82,   85,   82,  363,  364, 1195,
+-     1196,  365,   82,   85,   82,   82,   85,   82,  362, 1197,
+-      367,  366,   82, 1198,   82,  277,  277,   82, 1199,   82,
+-      277,  277,   82,   85,   82, 1200,  368,  370,  181,   82,
+-       85,   82,  369,   82,   85,   82, 1201, 1202,  372, 1203,
+-      371,  375, 1204, 1207,  373,   82,   85,   82,   82,   85,
+-       82,  377, 1208,  376, 1209, 1210,  181,   82,   85,   82,
+-
+-       82,   85,   82,   82,   85,   82,  378,  379,  380,  381,
+-     1211,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-      382,   82,   85,   82,  383,  384, 1212, 1213,  386,  385,
+-       82,   85,   82,   82,   85,   82, 1216,  387, 1217,  390,
+-     1218, 1219,  391,   82,   85,   82,  441,  388, 1220,  392,
+-      442, 1223,  389,  443, 1224,  395,  393, 1225, 1227,  396,
+-       82,   85,   82,  397,   82,   85,   82, 1229,  394,   82,
+-
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82, 1231,  186,  398, 1120,  399,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82, 1119,  400,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82, 1118, 1117,  401,   82,
+-       85,   82,  403,   82,   85,   82, 1116, 1115,  404,   82,
+-       85,   82, 1114,  402,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82, 1113, 1112,  451, 1111, 1110,  405, 1109,
+-     1108,  406,  453,   82,   85,   82, 1107,   82,   85,   82,
+-     1106, 1105,  452,  455,   82,   85,   82,   82,   85,   82,
+-     1104,   82,   85,   82, 1103,  454,   82,   85,   82, 1102,
+-
+-     1101,  456,   82,   85,   82, 1100,  458, 1099, 1098,  457,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82, 1097,
+-       82,   85,   82,  389,  459,  462,   82,   85,   82,  396,
+-       82,   85,   82,  460, 1096,  467,   82,   85,   82,  403,
+-      461,   82,   85,   82,  464,  468,  463, 1095, 1088,  469,
+-       82,   85,   82, 1087,  465,  466,  470,   82,   85,   82,
+-     1086,  471, 1085, 1084,  473,  472, 1083,  474,   82,   85,
+-       82,   82,   85,   82,  475,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82, 1082,
+-
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,  476,
+-     1081,  477,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-     1080, 1079,  481,  755,  756,  478,  482,   82,   85,   82,
+-     1078,  479,  757, 1077,  480,   82,   85,   82,  758,  484,
+-      483,   82,   85,   82,   82,   85,   82,  486,   82,   85,
+-       82,  488,   82,   85,   82, 1076,  485,   82,   85,   82,
+-       82,   85,   82, 1075, 1074,  487, 1073,   82,   85,   82,
+-       82,   85,   82,  489,   82,   85,   82, 1072,  491, 1071,
+-     1070,  492,   82,   85,   82, 1069, 1068,  490,   82,   85,
+-
+-       82,  539, 1067,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82, 1066, 1065,
+-      540,  541,   82,   85,   82, 1064,  544,   82,   85,   82,
+-     1063,  542, 1062,  543,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,  553,   82,   85,   82,  547,  545,  546,
+-       82,   85,   82,   82,   85,   82,  483,  563, 1061, 1060,
+-      556,  557,  558,  548,  554, 1052,  549, 1051, 1050,  551,
+-      559,  550, 1049,  560,  555, 1048, 1047,  561,  562, 1046,
+-     1045,  552,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,  565,   82,   85,
+-
+-       82, 1044,  564, 1043, 1042,  567, 1041, 1040,  566,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82, 1039,
+-      568, 1038, 1037,  569,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,  571,   82,   85,   82, 1036, 1035,  570,
+-       82,   85,   82,  581,  582,   82,   85,   82, 1034,  572,
+-       82,   85,   82, 1033,  573,   82,   85,   82, 1032,  583,
+-      584,   82,   85,   82,  585, 1031,  575, 1030,  576, 1029,
+-       82,   85,   82, 1028, 1027,  574, 1026, 1025,  577,   82,
+-
+-       85,   82,   82,   85,   82, 1024, 1023,  630,   82,   85,
+-       82,  578,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82, 1022,  631,   82,   85,   82,  632,  633,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82, 1021, 1012,  634,
+-      635, 1011,  636, 1010, 1009,  637,   82,   85,   82, 1008,
+-     1007,  643,  639, 1006,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,  640, 1005, 1004,  646,  638,   82,   85,
+-       82, 1003, 1002,  641,   82,   85,   82,  642,  644,   82,
+-       85,   82,  647,  645, 1001, 1000,  649,  999,  648,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-
+-       82,   82,   85,   82,  998,  654,  650,   82,   85,   82,
+-      653,   82,   85,   82,   82,   85,   82,  997,  651,  996,
+-      655,  995,  652,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,  656,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,  657,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,  994,  659,
+-       82,   85,   82,  993,  992,  658,   82,   85,   82,  991,
+-      990,  661,   82,   85,   82,  660,  989,  662,   82,   85,
+-       82,  988,  987,  663,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,  716,
+-
+-       82,   85,   82,  986,  985,  714,  984,  983,  715,  982,
+-      718,  717,   82,   85,   82,   82,   85,   82,  981,   82,
+-       85,   82,  719,   82,   85,   82,   82,   85,   82,  980,
+-      979,  720,  968,  967,  721,  966,  965,  728,  964,  963,
+-      727,  723,  722,  726,   82,   85,   82,   82,   85,   82,
+-      962,  961,  724,  960,  725,  730,   82,   85,   82,  959,
+-      958,  729,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,  732,  957,  733,
+-      731,   82,   85,   82,  736,   82,   85,   82,  956,  734,
+-      955,  738,  735,   82,   85,   82,  737,   82,   85,   82,
+-
+-       82,   85,   82,   82,   85,   82,  954,  740,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,  739,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,  953,
+-      952,  741,   82,   85,   82,   82,   85,   82,  742,   82,
+-       85,   82,  951,  950,  792,   82,   85,   82,  790,  949,
+-      948,  791,  947,  946,  793,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,  794,   82,   85,   82,  795,  800,   82,
+-       85,   82,  945,  944,  799,  943,  942,  801,   82,   85,
+-
+-       82,  941,  940,  796,   82,   85,   82,  939,  804,  802,
+-      797,  938,  805,  937,  803,   82,   85,   82,  936,  798,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,  935,
+-      807,  808,  806,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,  934,  933,  811,  812,   82,   85,   82,  918,
+-      810,   82,   85,   82,   82,   85,   82,  915,  914,  809,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,  813,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,  913,  912,  858,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-
+-      867,  866,  911,  862,  910,  860,   82,   85,   82,  859,
+-       82,   85,   82,  865,  909,  861,  908,  863,  868,  907,
+-      864,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-      906,  869,  905,  904,  870,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,  903,  902,  872,  873,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-      871,   82,   85,   82,  901,  875,  900,  899,  874,   82,
+-       85,   82,   82,   85,   82,  898,   82,   85,   82,  876,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,  897,
+-      896,   82,   85,   82,  920,   82,   85,   82,   82,   85,
+-
+-       82,  895,  927,  894,  893,  919,   82,   85,   82,   82,
+-       85,   82,  922,  923,  926,   82,   85,   82,  921,  892,
+-      925,  891,  890,  928,  887,  886,  924,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,  885,  884,  930,  883,  882,  929,   82,   85,
+-       82,  881,  931,   82,   85,   82,   82,   85,   82,  880,
+-      932,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,  879,  878,  976,  877,  970,   82,   85,   82,  857,
+-
+-      856,  977,  855,  975,  969,  854,  973,  971,  853,  978,
+-       82,   85,   82,  972,   82,   85,   82,  852,  974,   82,
+-       85,   82,   82,   85,   82,  851,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,  850,  849, 1013,  848, 1020,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,  847,  846,
+-     1014,  845, 1018,   82,   85,   82, 1019, 1016,   82,   85,
+-       82, 1015, 1017,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,  844,  843, 1053,  842, 1055,
+-       82,   85,   82,  841, 1054,   82,   85,   82,   82,   85,
+-
+-       82, 1056,   82,   85,   82,   82,   85,   82, 1057,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,  840, 1058,
+-       82,   85,   82,  839, 1059,   82,   85,   82,  838,  837,
+-     1123,  836,   82,   85,   82,  835,  831, 1089,  830, 1091,
+-      829, 1090,  828, 1093, 1092,  827,  826, 1094, 1122,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82, 1124, 1125,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-     1147,   82,   85,   82,   82,   85,   82,  825,  824, 1150,
+-
+-       82,   85,   82,  823, 1148,   82,   85,   82, 1149,   82,
+-       85,   82, 1170, 1215,  822,  821, 1171,   82,   85,   82,
+-       82,   85,   82, 1172,   82,   85,   82,  820, 1191, 1190,
+-       82,   85,   82, 1205,  819,  818, 1206,   82,   85,   82,
+-      817, 1214,  816, 1222,   82,   85,   82,   82,   85,   82,
+-      815, 1221,  814,  787,  786,  785,  784,  783,  782,  781,
+-      780, 1228,  779,  778,  777,  776, 1226,  775,  774,  773,
+-      772,  771,  770,  769, 1230, 1232,  768,  767,  766,  765,
+-      764,  763,  762,  761,  760,  759,  752,  751,  750,  749,
+-      748,  747,  746, 1233,   45,   45,   45,   45,   49,   49,
+-
+-       49,   49,   75,   75,   75,   75,   78,   78,   78,   78,
+-       85,   85,   94,   94,  182,  745,  182,  182,  744,  743,
+-      713,  712,  711,  710,  709,  708,  707,  706,  705,  704,
+-      703,  702,  701,  700,  699,  698,  697,  694,  693,  692,
++       24,   23,   25,   26,   23,   27,   23,   23,   23,   23,
++       23,   23,   23,   12,   23,   23,   28,   29,   30,   31,
++       32,   23,   23,   33,   23,   34,   23,   35,   36,   37,
++       23,   38,   39,   40,   41,   42,   23,   23,   23,   43,
++       44,   48,   47,   51,   45,   49,   51,   72,   78,  351,
++       52,   73,   75,   52,   53,   81,   76,   88,   74,   81,
++       82,   89,   83,   83,   84,   87,   84,  352,   54,   84,
++
++       85,   84,   86,   86,  182,  182,   84,   87,   84,   84,
++       87,   84,   55,   84,   87,   84,  130,   79,  150,  232,
++      131,   56,  151,   57,   58, 1146,   59,   60,  233,   61,
++       62,   63,   97,   64,   65,   66,   67,   68,   69,   70,
++       71,   90,  255,   83,   83, 1152,   99,   84,   87,   84,
++       91,   92,   84,   87,   84,   78,  256,   93,   84,   87,
++       84,  100,   84,   87,   84,   98,   93,   84,   87,   84,
++       84,   87,   84,   84,   87,   84,  189,  189,   91,   92,
++       84,   87,   84,   84,   93,   84,   84,   87,   84,   84,
++       87,   84,   93, 1153,   79,   94,   84,   87,   84,  101,
++
++       84,   87,   84,  102,  108,  105,  103,  176,   84,  104,
++       84,  177,  109,  106,  110,   84,   87,   84,  230,  111,
++      113,  336,  107,   84,   87,   84, 1154,  112,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,  114,  337,  179,
++      234,  117,  118,  180,  119,  115,   81,  231,  116,  235,
++       81,  120,  547,  121,  281,  322,  122,   84,   87,   84,
++       84,   87,   84,  235,  123,  548,  323,  128,  154,  125,
++      126,  124,   84,   87,   84,  127,  132,  133,  134,  135,
++      136,  137,  138,  139,  140,  130, 1155,  141,  142,  131,
++      143,  144, 1156,  145,  146,  147,  148,  149,   84,   87,
++
++       84,   84,   87,   84,  156,  226,  155,   84,   87,   84,
++      158, 1157,   84,   87,   84,   84,   87,   84,  238,  105,
++      227,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++      936,  331,  157,   84,   87,   84,  228,  937,  161,  102,
++      236,  108,  103,  332,  237,  104,  333,  111,  239,  109,
++      160,  110,  150,  162,  159,  163,  151,  345,  165,   84,
++       87,   84,  346,  164,   84,   87,   84, 1158,  112,   84,
++       87,   84,   84,  183,   84,  166,  167,   84,   87,   84,
++      245,   84,  115,   84,  246,  116,   84,   87,   84,  168,
++      188,  188,  176,  247,  189,  189,  177,  169,   84,   87,
++
++       84,   84,  170,   84,  545,  117,  171,  121,  119,  546,
++      122,  172,  187,  187,  805,  120,  806,  179,  123,   91,
++       92,  180,  638,  125,  175,  173,  639,  174,  126,   84,
++       87,   84,   84,  127,   84,   86,   86, 1159,  241,   84,
++       87,   84,  184,  185,  242,  243,  191,   91,   92,   84,
++       87,   84, 1160,   84,   87,   84,   84,   87,   84,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,  908,  909,
++      184,  185,  192,  193,  194,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,  196, 1161, 1162,  197,   84,   87,   84,
++
++       84,   87,   84,  195,   84,   87,   84,   84,   87,   84,
++     1163,  198,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,  199,  202,  201,
++      200, 1164, 1165,  203,   84,   87,   84,  204,  354,   84,
++       87,   84,   84,   87,   84,  208,  206,  355,  205,  207,
++      211,   84,   87,   84,  209,  710,   84,   87,   84,  210,
++      711,  213,   84,   87,   84,  212,  325,  326,  216,  327,
++     1166,  215,   84,   87,   84,   84,   87,   84,  214,   84,
++       87,   84, 1167,  217,  218,  249,  422,  250,  770,  423,
++      251,  219,  252,   84,   87,   84,   84,   87,   84,   84,
++
++       87,   84,  771,  220,  221,   84,   87,   84,   84,   87,
++       84, 1168,  222,   84,   87,   84, 1169,  224, 1170, 1171,
++      225,  223,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,  260,   84,   87,
++       84, 1172, 1177,  262,   84,   87,   84,  264,  261,  263,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,   84,
++       87,   84,  265,   84,   87,   84,   84,   87,   84, 1178,
++      269, 1179, 1180,  266,   84,   87,   84,  268,   84,   87,
++       84, 1181,  208,  270,  267, 1182,  273,  272,   84,   87,
++       84,  182,  182,  450, 1183,  271, 1184,  451,   91,   92,
++
++      452,  274, 1185,  276,  188,  282, 1186,   84,  283,  283,
++      275,  277, 1188,  189,  189, 1189,  279,  187,  187, 1187,
++      214,   92,  278, 1190,   91,   92,   91,   92,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,  280,   84,   87,
++       84,   84,   87,   84, 1191,  284, 1192, 1193,  286,   92,
++     1194,  287,   91,   92,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,   84,   87,   84,   84,   87,   84, 1195,
++     1199,  288,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,  285,   84,   87,   84,  289,   84,   87,   84,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,  293,   84,
++
++       87,   84, 1200,  290,   84,   87,   84,  291, 1201, 1202,
++      292,  294,  297,   84,   87,   84,  295,   84,   87,   84,
++      298,   84,   87,   84, 1203,  296,   84,   87,   84,  299,
++      300,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84, 1204,  301,   84,   87,   84,   84,   87,
++       84, 1205,  302, 1206, 1207,  303, 1208,  304,   84,   87,
++       84,   84,   87,   84,  307, 1209,  305,  306,   84,   87,
++       84,   84,   87,   84, 1210,   84,   87,   84,   84,   87,
++       84,  341,  308, 1211, 1212,  309,  313,  342,  311,  310,
++     1213, 1214,  312, 1215, 1218,  343,  314,   84,   87,   84,
++
++       84,   87,   84,  315,   84,   87,   84, 1219,  317,  318,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,  316,
++       84,   87,   84,   84,   87,   84, 1220, 1221,  363,   84,
++       87,   84, 1222,  365, 1223,  364, 1224,   84,   87,   84,
++       84,   87,   84, 1225,  367,   84,   87,   84,  366,   84,
++       87,   84, 1226,   84,   87,   84, 1227, 1228,  368,   84,
++       87,   84, 1229,  370,   84,   87,   84,  371,   84,   87,
++       84,   84,   87,   84,  369,  372, 1230,  851,   84,   87,
++       84,  852,  373,  374,   84,   87,   84,   84, 1233,   84,
++      283,  283,   84,  853,   84,  283,  283, 1234, 1235,  375,
++
++      376, 1236, 1237,  185, 1238, 1239,  378, 1242, 1243,  379,
++      377,  380,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84, 1244, 1245,   84,   87,   84, 1246,
++      384,  185,  386, 1249,  381,   84,   87,   84,   84,   87,
++       84,  385,   84,   87,   84, 1250, 1251,  387,  388,  389,
++      390,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++     1253,   84,   87,   84, 1255,  383,   84,   87,   84,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++     1257,  190,  391,   84,   87,   84, 1145, 1144,  393,   84,
++
++       87,   84,  392,  394,  395,   84,   87,   84,   84,   87,
++       84, 1143, 1142,  396, 1141,  399, 1140, 1139,  400,   84,
++       87,   84, 1138,  397, 1137,  401, 1136, 1135,  398,   84,
++       87,   84,   84,   87,   84,  402,   84,   87,   84,  404,
++     1134,  406, 1133,  405,   84,   87,   84,   84,   87,   84,
++      403,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,   84,   87,   84, 1132, 1131,  409,  407,
++     1130,  408,   84,   87,   84,   84,   87,   84,  772,  773,
++      410,   84,   87,   84,   84,   87,   84,  774,  412,   84,
++       87,   84, 1129,  775,  413,   84,   87,   84,  411,   84,
++
++       87,   84,   84,   87,   84,   84,   87,   84, 1128,  414,
++      460, 1127,  415,   84,   87,   84, 1126,  462,   84,   87,
++       84,   84,   87,   84,   84,   87,   84, 1125, 1124,  464,
++      461,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++     1123,  463,   84,   87,   84, 1122,  465,   84,   87,   84,
++     1121,  467, 1120, 1112,  466,   84,   87,   84,   84,   87,
++       84, 1111, 1110,  398, 1109,  468, 1108, 1107,  472, 1106,
++      469, 1105,  405, 1104,  470,   84,   87,   84, 1103,  412,
++     1102,  474, 1101, 1100,  471, 1099, 1098,  473,   84,   87,
++       84,  475, 1097, 1096,  478, 1095, 1094,  476, 1093, 1092,
++
++      477,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,  479,   84,   87,   84,   84,   87,   84,
++      480,   84,   87,   84,   84,   87,   84,  482,  484, 1091,
++     1090,  485, 1089, 1088,  481,   84,   87,   84,  486,  483,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,   84,   87,
++       84, 1087,  487,   84,   87,   84,   84,   87,   84, 1086,
++     1085,  488,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84, 1084,  492, 1075, 1074,  489, 1073,  493,
++
++       84,   87,   84,  490, 1072, 1071,  491,   84,   87,   84,
++     1070, 1069,  495,   84,   87,   84,  494,   84,   87,   84,
++      497,   84,   87,   84,  499,   84,   87,   84, 1068,  496,
++       84,   87,   84,   84,   87,   84, 1067, 1066,  498, 1065,
++       84,   87,   84, 1064, 1063,  500,   84,   87,   84, 1062,
++     1061,  502, 1060, 1059,  503,   84,   87,   84, 1058,  501,
++       84,   87,   84, 1057,  550,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84, 1056, 1055,   84,
++       87,   84, 1054,  551,  552,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,  555, 1053, 1052,  553, 1051,   84,
++
++       87,   84, 1050, 1049,  554,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,  557,  556,  558,  559,   84,   87,
++       84,   84,   87,   84,  566,   84,   87,   84, 1048,  494,
++     1047, 1046,  569,  570,  571,  567,  560, 1045, 1044,  561,
++      562,  563,  572, 1034, 1033,  573,   84,   87,   84,  574,
++      575,  568,  564,  576,   84,   87,   84,   84,   87,   84,
++       84,   87,   84, 1032, 1031,  565,   84,   87,   84,  578,
++       84,   87,   84, 1030,  577,   84,   87,   84, 1029, 1028,
++      579,   84,   87,   84,  580,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++
++       84,   87,   84,   84,   87,   84,   84,   87,   84,   84,
++       87,   84,   84,   87,   84,  582, 1027,  581,   84,   87,
++       84,   84,   87,   84,  594,  595,  584,   84,   87,   84,
++     1026, 1025,  583,   84,   87,   84,   84,   87,   84, 1024,
++      596,  597,  585, 1023, 1022,  598, 1021,  586,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,  588, 1020,  589,
++       84,   87,   84,  587,   84,   87,   84,   84,   87,   84,
++     1019,  590,   84,   87,   84,   84,   87,   84,  643,   84,
++       87,   84, 1018, 1017,  591,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,  646, 1016, 1015,
++
++      644, 1014,  645, 1013,  647,  648,  649,   84,   87,   84,
++     1012, 1011,  651,   84,   87,   84,   84,   87,   84,   84,
++       87,   84,  653,   84,   87,   84,   84,   87,   84, 1010,
++     1009,  654,  650,  658,   84,   87,   84,  652, 1008,  655,
++      661,   84,   87,   84,   84,   87,   84,  659,   84,   87,
++       84,  657,  660,  656, 1007,  662, 1006, 1005,  663,   84,
++       87,   84,   84,   87,   84,  665,  664,   84,   87,   84,
++       84,   87,   84, 1004,   84,   87,   84,  669,   84,   87,
++       84, 1003,  668,   84,   87,   84, 1002, 1001,  666,   84,
++       87,   84,  667,  670,   84,   87,   84,   84,   87,   84,
++
++       84,   87,   84,  671,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,  989,  672,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++      674,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++      673,  988,  676,   84,   87,   84,  675,  987,  677,   84,
++       87,   84,   84,   87,   84,  678,   84,   87,   84,   84,
++       87,   84,   84,   87,   84,  986,  985,  731,  984,  983,
++      732,   84,   87,   84,   84,   87,   84,  729,  982,  730,
++      981,  733,   84,   87,   84,  980,  979,  734,   84,   87,
++       84,   84,   87,   84,  736,  978,  735,   84,   87,   84,
++
++       84,   87,   84,  737,   84,   87,   84,   84,   87,   84,
++      977,  738,   84,   87,   84,  743,  739,  744,  745,  976,
++      747,  746,  975,  974,  741,  973,  740,   84,   87,   84,
++      742,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,   84,   87,   84,  749,  972,  750,  971,
++      970,  748,  969,  753,   84,   87,   84,  968,  751,  967,
++      966,  752,   84,   87,   84,   84,   87,   84,  755,  754,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,  965,
++      757,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,   84,   87,   84,  964,  963,  756,   84,
++
++       87,   84,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,  758,   84,   87,   84,   84,   87,
++       84,  759,   84,   87,   84,   84,   87,   84,  962,  809,
++      961,  807,   84,   87,   84,  960,  959,  808,  958,  810,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,  957,
++      956,  811,   84,   87,   84,   84,   87,   84,  955,  954,
++      812,  938,  935,  813,  934,   84,   87,   84,  933,   84,
++       87,   84,   84,   87,   84,  818,  819,   84,   87,   84,
++      814,   84,   87,   84,  932,  815,  820,  931,   84,   87,
++       84,   84,   87,   84,  816,  930,  929,  817,  823,  824,
++
++      928,  927,  821,   84,   87,   84,  822,   84,   87,   84,
++       84,   87,   84,   84,   87,   84,  926,  826,  827,  925,
++      825,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++      924,  923,  830,  831,   84,   87,   84,  922,  829,   84,
++       87,   84,   84,   87,   84,  921,  828,   84,   87,   84,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,  920,
++      832,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++      919,  918,  877,   84,   87,   84,   84,   87,   84,  917,
++      916,   84,   87,   84,   84,   87,   84,  915,  914,  879,
++      882,  878,  913,  912,  886,   84,   87,   84,  911,  880,
++
++      910,  887,  907,  906,  881,  883,  885,   84,   87,   84,
++      905,  884,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,  904,  903,  888,   84,   87,   84,  902,  889,   84,
++       87,   84,  901,  900,  890,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,  899,  898,  892,  893,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++      891,   84,   87,   84,  897,  895,  876,  875,  894,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,  874,  896,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,   84,
++       87,   84,  873,  872,  940,  871,   84,   87,   84,   84,
++
++       87,   84,   84,   87,   84,  939,  948,  870,  943,   84,
++       87,   84,  942,   84,   87,   84,  869,  944,  941,  947,
++       84,   87,   84,  946,   84,   87,   84,  949,  868,  945,
++      867,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,  866,  950,  951,   84,   87,   84,   84,
++       87,   84,  865,  952,   84,   87,   84,   84,   87,   84,
++      864,  953,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,  863,   84,   87,   84,   84,   87,   84,
++      862,  991,  861,  860,  998,   84,   87,   84,  994,   84,
++
++       87,   84,  990,  999,  997,  992,  859,  995,  858,  993,
++      857, 1000,   84,   87,   84,   84,   87,   84,  856,  996,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,  855, 1035,  854,  850, 1043,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,   84,   87,
++       84, 1036,   84,   87,   84, 1041,  849,  848, 1038, 1042,
++     1039,  847, 1037,  846,  845, 1040,   84,   87,   84,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,  844,  843,
++     1076,  842, 1078,   84,   87,   84,  841, 1077,  840,  839,
++
++     1079,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++      838,   84,   87,   84, 1080,   84,   87,   84,  837, 1081,
++       84,   87,   84,  836,   84,   87,   84,  835, 1082,   84,
++       87,   84,  834, 1083,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,   84,   87,   84,   84,   87,   84, 1117,
++     1148, 1115,   84,   87,   84, 1114, 1113, 1116, 1118,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,  833,  804,
++     1147, 1119,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++      803,  802, 1150,  801, 1149,  800,  799, 1151,  798,  797,
++
++     1173,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,  796, 1174,  795, 1176,   84,   87,   84,
++      794,  793, 1175,   84,   87,   84,   84,   87,   84, 1196,
++       84,   87,   84, 1197,   84,   87,   84,   84,   87,   84,
++       84,   87,   84, 1241,   84,   87,   84,   84,   87,   84,
++      792, 1198,  791,  790, 1217, 1216,   84,   87,   84, 1231,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,  789,
++      788, 1248, 1232, 1240,  787,  786,  785,  784,  783,  782,
++     1247,  781,  780,  779, 1254,  778,  777,  776,  769,  768,
++     1252,  767,  766,  765,  764,  763,  762,  761, 1258,  760,
++
++     1256,  728,  727,  726,  725,  724,  723,  722,  721,  720,
++      719,  718, 1259,   46,   46,   46,   46,   50,   50,   50,
++       50,   77,   77,   77,   77,   80,   80,   80,   80,   87,
++       87,   96,   96,  186,  717,  186,  186,  716,  715,  714,
++      713,  712,  709,  708,  707,  706,  705,  704,  703,  702,
++      701,  700,  699,  698,  697,  696,  695,  694,  693,  692,
+       691,  690,  689,  688,  687,  686,  685,  684,  683,  682,
+-      681,  680,  679,  678,  677,  676,  675,  674,  673,  672,
+-      671,  670,  669,  668,  667,  666,  665,  664,  629,  628,
+-      627,  624,  623,  622,  621,  620,  619,  618,  617,  616,
+-      615,  614,  613,  612,  611,  610,  609,  608,  607,  606,
+-      605,  604,  603,  602,  601,  600,  599,  598,  597,  596,
+-
+-      595,  594,  593,  592,  591,  590,  589,  588,  587,  586,
+-      580,  579,  538,  533,  532,  531,  530,  529,  528,  527,
+-      526,  525,  524,  523,  522,  521,  520,  519,  518,  517,
+-      516,  515,  514,  513,  512,  511,  510,  509,  508,  507,
+-      506,  505,  504,  503,  502,  501,  500,  499,  498,  497,
+-      496,  495,  494,  493,  450,  449,  448,  447,  446,  445,
+-      444,  440,  439,  438,  437,  436,  435,  434,  433,  432,
+-      431,  430,  429,  428,  427,  426,  425,  424,  423,  422,
+-      421,  420,  419,  418,  417,  416,  415,  412,  411,  410,
+-      409,  408,  407,  374,  355,  354,  353,  352,  351,  350,
+-
+-      349,  346,  343,  342,  341,  340,  337,  333,  332,  331,
+-      328,  327,  323,  322,  321,  317,  314,  313,  312,  177,
+-      230,  174,  254,  149,  253,  252,  249,  248,  243,  239,
+-      235,  224, 1234, 1234,  177,  174,  150,  149,  126,   93,
+-     1234, 1234,   72,   46,   11, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
++      681,  680,  679,  642,  641,  640,  637,  636,  635,  634,
++      633,  632,  631,  630,  629,  628,  627,  626,  625,  624,
++      623,  622,  621,  620,  619,  618,  617,  616,  615,  614,
++
++      613,  612,  611,  610,  609,  608,  607,  606,  605,  604,
++      603,  602,  601,  600,  599,  593,  592,  549,  544,  543,
++      542,  541,  540,  539,  538,  537,  536,  535,  534,  533,
++      532,  531,  530,  529,  528,  527,  526,  525,  524,  523,
++      522,  521,  520,  519,  518,  517,  516,  515,  514,  513,
++      512,  511,  510,  509,  508,  507,  506,  505,  504,  459,
++      458,  457,  456,  455,  454,  453,  449,  448,  447,  446,
++      445,  444,  443,  442,  441,  440,  439,  438,  437,  436,
++      435,  434,  433,  432,  431,  430,  429,  428,  427,  426,
++      425,  424,  421,  420,  419,  418,  417,  416,  382,  362,
++
++      361,  360,  359,  358,  357,  356,  353,  350,  349,  348,
++      347,  344,  340,  339,  338,  335,  334,  330,  329,  328,
++      324,  321,  320,  319,  181,  235,  178,  259,  152,  258,
++      257,  254,  253,  248,  244,  240,  229, 1260, 1260,  181,
++      178,  153,  152,  129,   95, 1260, 1260,   74,   47,   11,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
+ 
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260
+     } ;
+ 
+-static yyconst flex_int16_t yy_chk[2916] =
++static const flex_int16_t yy_chk[3021] =
+     {   0,
+         1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+         1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+@@ -1169,320 +1177,331 @@ static yyconst flex_int16_t yy_chk[2916]
+         1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+         1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+         1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+-        2,    4,    4,    5,    2,    4,    6,    8,   15,  245,
++        2,    4,    4,    5,    2,    4,    6,    8,   15,  250,
+         5,    8,   10,    6,    7,   16,   10,   19,   10,   16,
+-       17,   19,   17,   17,   23,   23,   23,  245,    7,   18,
++       17,   19,   17,   17,   23,   23,   23,  250,    7,   18,
+ 
+-       18,   18,   18,   18,   80,   80,   24,   24,   24,   25,
+-       25,   25,    7,  132,   26,   26,   26,   15,   27,   27,
+-       27,    7,  132,    7,    7,   75,    7,    7,   26,    7,
+-        7,    7,   24,    7,    7, 1088,    7,    7,    7,    7,
+-        7,   20,   25,   20,   20,   43,   28,   28,   28,   43,
+-       20,   20,   29,   29,   29,  184,  184,   20,   30,   30,
+-       30,   32,   32,   32,   75,   27,   20,   31,   31,   31,
+-       33,   33,   33,   47,   34,   34,   34,   47,   20,   20,
+-       35,   35,   35,  131,   20,   70,   82,   28,   82,   70,
+-       28,  133,   20,   28, 1096,   20,   36,   36,   36,   29,
+-
+-      133,   31,   73,   85,   30,   85,   73,   32,   34,   31,
+-      233,   31,  131,   30,   37,   37,   37,   33,   78,   38,
+-       38,   38,   78,   39,   39,   39, 1097,  233,   35,   40,
+-       40,   40,  144,  127,   41,   41,   41,  127,   53,   53,
+-       53,   54,   54,   54,  135,   36,  144, 1098,   36,   55,
+-       55,   55,   63,   63,   63,   37,   37,   38,   37, 1099,
+-       38,   83,   83,   83,  177,   37,  825,  825,   38,   39,
+-       41,   40,   53,  177,  135,   38,   40,   44,   44,   44,
+-       44,   44,   44,   44,   44,   44,   63, 1100,   44,   44,
+-       54,   44,   44,   55,   44,   44,   44,   44,   44,   56,
+-
+-       56,   56,  134,   57,   57,   57,  134,   59,   59,   59,
+-       58,   58,   58, 1102,   60,   60,   60,   61,   61,   61,
+-      224, 1103,   62,   62,   62,   64,   64,   64,   65,   65,
+-       65,  224, 1104,   56,   66,   66,   66,   68,   68,   68,
+-       56,   57, 1105,   56,   58,   59,   56,   94,   94,   94,
+-       57,   60,   58,  129,   58,   61,   62,   58, 1106, 1109,
+-       60,   67,   67,   67,   62,  240,   65,  147,  129,   62,
+-      240,  147,   66,   64,   64,   66,   66,  179,   66,  179,
+-       69,   69,   69,   68,  129,   66,   84,   68,   84,   84,
+-       84,  172,  238,   88,   88,  172,   84,   84,  238,   67,
+-
+-       88,   88,   67,   67,   89,   89,  238,  175,   89,   89,
+-       67,  175,  535,   95,   95,   95,  535,   67,   69,   96,
+-       96,   96,   69,  319,   84,   84,  319,   69,   88,   88,
+-       95,   97,   97,   97,   98,   98,   98,   99,   99,   99,
+-      100,  100,  100,   96,  101,  101,  101,  102,  102,  102,
+-     1110, 1111,   97,  103,  103,  103,  104,  104,  104,  105,
+-      105,  105,  106,  106,  106,  107,  107,  107,  108,  108,
+-      108,   99, 1112, 1113,  100,  109,  109,  109,  110,  110,
+-      110,   98,  111,  111,  111,  112,  112,  112,  247, 1114,
+-      101,  113,  113,  113,  114,  114,  114,  247, 1116,  102,
+-
+-      115,  115,  115,  105,  104,  103, 1117, 1118,  106,  116,
+-      116,  116,  107,  117,  117,  117,  118,  118,  118,  108,
+-      111,  109,  181,  110,  181, 1120,  113,  112,  119,  119,
+-      119, 1121,  112,  120,  120,  120,  121,  121,  121,  137,
+-      115,  114,  122,  122,  122,  137,  137,  117,  123,  123,
+-      123,  124,  124,  124, 1126,  449,  116,  115,  125,  125,
+-      125,  118,  117,  139,  141,  448,  141,  139,  449,  141,
+-      448,  141,  151,  151,  151, 1127,  139,  119,  152,  152,
+-      152,  153,  153,  153,  121,  120,  611,  154,  154,  154,
+-     1128,  611,  122,  124,  155,  155,  155,  123, 1129,  125,
+-
+-      156,  156,  156,  157,  157,  157,  158,  158,  158,  159,
+-      159,  159,  160,  160,  160,  675,  151,  161,  161,  161,
+-     1130,  162,  162,  162, 1131,  153,  163,  163,  163,  675,
+-      152,  154, 1132,  155,  164,  164,  164,  165,  165,  165,
+-      166,  166,  166,  167,  167,  167,  169,  169,  169,  156,
+-      168,  168,  168,  161,  157,  170,  170,  170,  160,  171,
+-      171,  171,  178,  178,  163,  159,  162, 1133, 1134,  178,
+-      178,  164,  187,  187,  187,  180,  180,  163,  180,  180,
+-      180, 1137,  165,  167,  185,  185,  189,  189,  189,  187,
+-     1138,  166,  185,  170,  169,  168, 1140,  178,  178,  713,
+-
+-      167,  713,  183,  183,  188,  188,  188, 1142,  171,  183,
+-      183,  190,  190,  190,  191,  191,  191, 1143,  188,  189,
+-      185,  188,  192,  192,  192,  193,  193,  193,  856,  194,
+-      194,  194,  195,  195,  195,  856, 1144,  183,  183,  196,
+-      196,  196,  197,  197,  197,  198,  198,  198,  199,  199,
+-      199,  200,  200,  200, 1145,  190,  201,  201,  201,  202,
+-      202,  202, 1146,  191,  194,  203,  203,  203,  204,  204,
+-      204, 1151,  192,  226,  226,  193,  226,  195, 1135,  198,
+-     1152, 1154,  199,  196,  205,  205,  205,  206,  206,  206,
+-     1155, 1135,  197,  207,  207,  207,  201,  202,  208,  208,
+-
+-      208,  209,  209,  209,  210,  210,  210,  211,  211,  211,
+-      212,  212,  212, 1156,  203,  213,  213,  213,  214,  214,
+-      214,  204,  215,  215,  215, 1157,  216,  216,  216, 1158,
+-     1160,  206,  217,  217,  217,  205,  218,  218,  218,  209,
+-     1161,  230,  207, 1162,  208,  219,  219,  219, 1163,  220,
+-      220,  220, 1164,  230, 1165,  210,  230,  761,  211, 1166,
+-      215,  761,  212,  213,  216,  214,  255,  255,  255,  256,
+-      256,  256, 1167,  761,  217,  257,  257,  257,  258,  258,
+-      258, 1168,  219,  220,  259,  259,  259,  218,  260,  260,
+-      260,  261,  261,  261,  262,  262,  262,  263,  263,  263,
+-
+-      264,  264,  264,  265,  265,  265, 1169,  256,  257,  266,
+-      266,  266,  267,  267,  267, 1173,  255, 1174,  259,  268,
+-      268,  268,  258,  269,  269,  269,  270,  270,  270,  271,
+-      271,  271, 1175,  260,  274,  274,  274,  263,  264, 1176,
+-     1178,  265,  272,  272,  272,  273,  273,  273,  262, 1179,
+-      267,  266,  276, 1180,  276,  276,  276,  277, 1181,  277,
+-      277,  277,  278,  278,  278, 1183,  268,  271,  277,  279,
+-      279,  279,  270,  280,  280,  280, 1185, 1186,  273, 1187,
+-      272,  279, 1189, 1194,  274,  281,  281,  281,  282,  282,
+-      282,  281, 1197,  280, 1198, 1199,  277,  283,  283,  283,
+-
+-      284,  284,  284,  285,  285,  285,  281,  281,  281,  281,
+-     1200,  286,  286,  286,  287,  287,  287,  288,  288,  288,
+-      289,  289,  289,  290,  290,  290,  291,  291,  291,  292,
+-      292,  292,  293,  293,  293,  294,  294,  294,  295,  295,
+-      295,  296,  296,  296,  297,  297,  297,  298,  298,  298,
+-      284,  299,  299,  299,  285,  286, 1201, 1202,  289,  288,
+-      300,  300,  300,  301,  301,  301, 1208,  290, 1209,  294,
+-     1210, 1212,  295,  302,  302,  302,  347,  291, 1213,  296,
+-      347, 1217,  293,  347, 1218,  299,  297, 1219, 1224,  299,
+-      303,  303,  303,  300,  304,  304,  304, 1227,  298,  305,
+-
+-      305,  305,  306,  306,  306,  307,  307,  307,  308,  308,
+-      308, 1229, 1242,  301, 1087,  302,  309,  309,  309,  310,
+-      310,  310,  311,  311,  311, 1086,  303,  356,  356,  356,
+-      357,  357,  357,  358,  358,  358, 1085, 1083,  304,  359,
+-      359,  359,  307,  360,  360,  360, 1082, 1081,  308,  361,
+-      361,  361, 1080,  305,  362,  362,  362,  363,  363,  363,
+-      364,  364,  364, 1079, 1077,  356, 1076, 1075,  309, 1074,
+-     1073,  311,  359,  365,  365,  365, 1072,  366,  366,  366,
+-     1071, 1070,  358,  361,  367,  367,  367,  368,  368,  368,
+-     1069,  369,  369,  369, 1068,  360,  370,  370,  370, 1067,
+-
+-     1066,  362,  371,  371,  371, 1065,  364, 1064, 1063,  363,
+-      372,  372,  372,  373,  373,  373,  375,  375,  375, 1062,
+-      376,  376,  376,  365,  366,  369,  378,  378,  378,  369,
+-      377,  377,  377,  367, 1061,  375,  380,  380,  380,  371,
+-      368,  379,  379,  379,  372,  376,  370, 1060, 1052,  377,
+-      381,  381,  381, 1051,  372,  373,  378,  382,  382,  382,
+-     1050,  379, 1049, 1048,  381,  380, 1045,  381,  383,  383,
+-      383,  384,  384,  384,  381,  385,  385,  385,  386,  386,
+-      386,  387,  387,  387,  388,  388,  388,  389,  389,  389,
+-      390,  390,  390,  391,  391,  391,  392,  392,  392, 1044,
+-
+-      393,  393,  393,  394,  394,  394,  395,  395,  395,  384,
+-     1043,  385,  396,  396,  396,  397,  397,  397,  398,  398,
+-      398,  399,  399,  399,  400,  400,  400,  401,  401,  401,
+-     1042, 1041,  392,  677,  677,  389,  393,  402,  402,  402,
+-     1039,  390,  677, 1038,  391,  403,  403,  403,  677,  396,
+-      395,  404,  404,  404,  405,  405,  405,  399,  406,  406,
+-      406,  401,  451,  451,  451, 1037,  397,  452,  452,  452,
+-      453,  453,  453, 1036, 1035,  400, 1034,  454,  454,  454,
+-      455,  455,  455,  403,  456,  456,  456, 1033,  405, 1032,
+-     1031,  406,  457,  457,  457, 1030, 1029,  404,  458,  458,
+-
+-      458,  452, 1028,  459,  459,  459,  460,  460,  460,  461,
+-      461,  461,  462,  462,  462,  463,  463,  463, 1027, 1026,
+-      453,  454,  464,  464,  464, 1025,  457,  465,  465,  465,
+-     1024,  455, 1023,  456,  466,  466,  466,  467,  467,  467,
+-      468,  468,  468,  467,  469,  469,  469,  461,  458,  459,
+-      471,  471,  471,  470,  470,  470,  462,  471, 1022, 1021,
+-      470,  470,  470,  462,  468, 1012,  463, 1011, 1010,  465,
+-      470,  464, 1009,  470,  469, 1007, 1006,  470,  470, 1005,
+-     1004,  466,  472,  472,  472,  473,  473,  473,  474,  474,
+-      474,  475,  475,  475,  476,  476,  476,  473,  477,  477,
+-
+-      477, 1003,  472, 1002, 1001,  475,  999,  998,  474,  478,
+-      478,  478,  479,  479,  479,  480,  480,  480,  481,  481,
+-      481,  482,  482,  482,  483,  483,  483,  484,  484,  484,
+-      485,  485,  485,  486,  486,  486,  487,  487,  487,  997,
+-      477,  996,  995,  478,  488,  488,  488,  489,  489,  489,
+-      490,  490,  490,  480,  491,  491,  491,  994,  993,  479,
+-      492,  492,  492,  495,  495,  539,  539,  539,  992,  481,
+-      540,  540,  540,  991,  483,  541,  541,  541,  990,  495,
+-      495,  542,  542,  542,  495,  989,  489,  988,  490,  987,
+-      543,  543,  543,  986,  985,  488,  984,  983,  491,  544,
+-
+-      544,  544,  545,  545,  545,  982,  981,  539,  546,  546,
+-      546,  492,  547,  547,  547,  548,  548,  548,  549,  549,
+-      549,  980,  540,  550,  550,  550,  541,  543,  551,  551,
+-      551,  552,  552,  552,  553,  553,  553,  979,  968,  544,
+-      545,  967,  546,  966,  965,  547,  554,  554,  554,  964,
+-      963,  553,  549,  962,  555,  555,  555,  556,  556,  556,
+-      557,  557,  557,  550,  961,  960,  557,  548,  558,  558,
+-      558,  959,  958,  551,  559,  559,  559,  552,  555,  560,
+-      560,  560,  558,  556,  957,  956,  560,  955,  559,  561,
+-      561,  561,  562,  562,  562,  563,  563,  563,  564,  564,
+-
+-      564,  565,  565,  565,  954,  564,  561,  566,  566,  566,
+-      563,  567,  567,  567,  568,  568,  568,  953,  562,  951,
+-      565,  950,  562,  569,  569,  569,  570,  570,  570,  571,
+-      571,  571,  566,  572,  572,  572,  573,  573,  573,  574,
+-      574,  574,  567,  575,  575,  575,  576,  576,  576,  577,
+-      577,  577,  578,  578,  578,  630,  630,  630,  949,  569,
+-      631,  631,  631,  947,  946,  568,  632,  632,  632,  945,
+-      944,  572,  634,  634,  634,  570,  943,  574,  633,  633,
+-      633,  942,  941,  576,  635,  635,  635,  636,  636,  636,
+-      637,  637,  637,  638,  638,  638,  639,  639,  639,  632,
+-
+-      640,  640,  640,  940,  939,  630,  938,  937,  631,  936,
+-      634,  633,  641,  641,  641,  642,  642,  642,  935,  643,
+-      643,  643,  635,  644,  644,  644,  645,  645,  645,  934,
+-      933,  636,  918,  917,  637,  916,  915,  645,  914,  913,
+-      644,  639,  638,  643,  646,  646,  646,  647,  647,  647,
+-      912,  911,  640,  910,  641,  647,  648,  648,  648,  909,
+-      907,  646,  649,  649,  649,  650,  650,  650,  651,  651,
+-      651,  652,  652,  652,  653,  653,  653,  649,  906,  650,
+-      648,  654,  654,  654,  653,  655,  655,  655,  902,  651,
+-      901,  655,  652,  656,  656,  656,  654,  657,  657,  657,
+-
+-      658,  658,  658,  659,  659,  659,  900,  657,  660,  660,
+-      660,  661,  661,  661,  662,  662,  662,  663,  663,  663,
+-      714,  714,  714,  715,  715,  715,  656,  716,  716,  716,
+-      717,  717,  717,  718,  718,  718,  719,  719,  719,  899,
+-      898,  659,  720,  720,  720,  721,  721,  721,  661,  722,
+-      722,  722,  897,  896,  716,  723,  723,  723,  714,  895,
+-      894,  715,  893,  892,  717,  724,  724,  724,  725,  725,
+-      725,  726,  726,  726,  727,  727,  727,  728,  728,  728,
+-      729,  729,  729,  721,  730,  730,  730,  722,  728,  731,
+-      731,  731,  891,  890,  727,  889,  888,  729,  732,  732,
+-
+-      732,  887,  886,  723,  733,  733,  733,  885,  732,  730,
+-      724,  884,  733,  883,  731,  734,  734,  734,  882,  725,
+-      735,  735,  735,  736,  736,  736,  737,  737,  737,  881,
+-      735,  736,  734,  738,  738,  738,  739,  739,  739,  740,
+-      740,  740,  880,  879,  739,  739,  741,  741,  741,  857,
+-      738,  742,  742,  742,  790,  790,  790,  855,  854,  737,
+-      791,  791,  791,  792,  792,  792,  793,  793,  793,  794,
+-      794,  794,  740,  795,  795,  795,  796,  796,  796,  797,
+-      797,  797,  798,  798,  798,  853,  851,  790,  799,  799,
+-      799,  800,  800,  800,  801,  801,  801,  802,  802,  802,
+-
+-      801,  800,  850,  794,  849,  792,  803,  803,  803,  791,
+-      804,  804,  804,  799,  848,  793,  846,  797,  804,  845,
+-      798,  805,  805,  805,  806,  806,  806,  807,  807,  807,
+-      844,  805,  843,  842,  806,  808,  808,  808,  809,  809,
+-      809,  810,  810,  810,  841,  840,  809,  809,  811,  811,
+-      811,  812,  812,  812,  813,  813,  813,  858,  858,  858,
+-      808,  859,  859,  859,  839,  812,  838,  837,  811,  860,
+-      860,  860,  861,  861,  861,  836,  862,  862,  862,  813,
+-      863,  863,  863,  864,  864,  864,  865,  865,  865,  835,
+-      834,  866,  866,  866,  859,  867,  867,  867,  868,  868,
+-
+-      868,  833,  867,  832,  829,  858,  869,  869,  869,  870,
+-      870,  870,  861,  862,  866,  871,  871,  871,  860,  828,
+-      864,  827,  826,  868,  824,  823,  863,  872,  872,  872,
+-      873,  873,  873,  874,  874,  874,  875,  875,  875,  876,
+-      876,  876,  822,  821,  873,  820,  819,  872,  919,  919,
+-      919,  818,  874,  920,  920,  920,  921,  921,  921,  817,
+-      875,  922,  922,  922,  923,  923,  923,  924,  924,  924,
+-      925,  925,  925,  926,  926,  926,  927,  927,  927,  928,
+-      928,  928,  929,  929,  929,  930,  930,  930,  931,  931,
+-      931,  816,  815,  927,  814,  920,  932,  932,  932,  789,
+-
+-      788,  929,  787,  925,  919,  785,  923,  921,  784,  930,
+-      969,  969,  969,  922,  970,  970,  970,  781,  924,  971,
+-      971,  971,  972,  972,  972,  779,  973,  973,  973,  974,
+-      974,  974,  975,  975,  975,  976,  976,  976,  977,  977,
+-      977,  778,  777,  969,  776,  976,  978,  978,  978, 1013,
+-     1013, 1013, 1014, 1014, 1014, 1015, 1015, 1015,  775,  774,
+-      970,  773,  974, 1016, 1016, 1016,  975,  972, 1017, 1017,
+-     1017,  971,  973, 1018, 1018, 1018, 1019, 1019, 1019, 1020,
+-     1020, 1020, 1053, 1053, 1053,  772,  771, 1013,  770, 1015,
+-     1054, 1054, 1054,  769, 1014, 1055, 1055, 1055, 1056, 1056,
+-
+-     1056, 1016, 1057, 1057, 1057, 1059, 1059, 1059, 1017, 1058,
+-     1058, 1058, 1089, 1089, 1089, 1090, 1090, 1090,  767, 1018,
+-     1091, 1091, 1091,  766, 1019, 1092, 1092, 1092,  765,  764,
+-     1091,  763, 1093, 1093, 1093,  762,  760, 1053,  759, 1055,
+-      758, 1054,  757, 1058, 1056,  756,  755, 1059, 1089, 1094,
+-     1094, 1094, 1122, 1122, 1122, 1123, 1123, 1123, 1124, 1124,
+-     1124, 1125, 1125, 1125, 1147, 1147, 1147, 1148, 1148, 1148,
+-     1149, 1149, 1149, 1150, 1150, 1150, 1092, 1093, 1170, 1170,
+-     1170, 1171, 1171, 1171, 1172, 1172, 1172, 1191, 1191, 1191,
+-     1122, 1190, 1190, 1190, 1205, 1205, 1205,  754,  753, 1125,
+-
+-     1206, 1206, 1206,  752, 1123, 1214, 1214, 1214, 1124, 1215,
+-     1215, 1215, 1147, 1206,  751,  750, 1148, 1221, 1221, 1221,
+-     1222, 1222, 1222, 1150, 1226, 1226, 1226,  749, 1171, 1170,
+-     1228, 1228, 1228, 1190,  748,  747, 1191, 1230, 1230, 1230,
+-      746, 1205,  745, 1215, 1232, 1232, 1232, 1233, 1233, 1233,
+-      744, 1214,  743,  712,  711,  710,  709,  708,  707,  705,
+-      704, 1226,  703,  702,  701,  700, 1222,  699,  698,  697,
+-      696,  695,  694,  693, 1228, 1230,  692,  690,  689,  687,
+-      685,  684,  683,  680,  679,  678,  674,  673,  671,  670,
+-      669,  668,  667, 1232, 1235, 1235, 1235, 1235, 1236, 1236,
+-
+-     1236, 1236, 1237, 1237, 1237, 1237, 1238, 1238, 1238, 1238,
+-     1239, 1239, 1240, 1240, 1241,  666, 1241, 1241,  665,  664,
+-      629,  628,  627,  626,  625,  624,  623,  622,  621,  620,
+-      619,  618,  617,  616,  614,  613,  612,  610,  609,  608,
+-      607,  606,  605,  604,  602,  601,  600,  599,  598,  597,
+-      596,  595,  594,  593,  592,  591,  590,  589,  588,  587,
+-      586,  585,  584,  583,  582,  581,  580,  579,  538,  537,
+-      536,  534,  533,  532,  531,  530,  529,  528,  527,  526,
+-      525,  524,  523,  522,  521,  520,  519,  518,  517,  516,
+-      515,  514,  513,  512,  511,  510,  509,  508,  507,  506,
+-
+-      505,  504,  503,  502,  501,  500,  499,  498,  497,  496,
+-      494,  493,  450,  447,  446,  445,  444,  443,  442,  441,
+-      440,  439,  438,  437,  436,  435,  434,  433,  432,  431,
+-      430,  429,  428,  427,  426,  425,  424,  423,  422,  421,
+-      420,  419,  418,  417,  416,  415,  414,  413,  412,  411,
+-      410,  409,  408,  407,  354,  353,  352,  351,  350,  349,
+-      348,  346,  345,  344,  343,  342,  341,  340,  339,  338,
+-      337,  336,  335,  334,  333,  332,  331,  330,  329,  328,
+-      327,  326,  325,  324,  322,  321,  320,  318,  317,  316,
+-      315,  314,  313,  275,  254,  253,  252,  251,  250,  249,
+-
+-      248,  246,  244,  243,  242,  241,  239,  237,  235,  234,
+-      232,  231,  229,  228,  227,  225,  223,  222,  221,  176,
+-      174,  173,  149,  148,  146,  145,  143,  142,  140,  138,
+-      136,  130,   81,   77,   74,   71,   51,   48,   42,   22,
+-       21,   11,    9,    3, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
++       18,   18,   18,   18,   82,   82,   24,   24,   24,   25,
++       25,   25,    7,   26,   26,   26,   44,   15,   48,  135,
++       44,    7,   48,    7,    7, 1112,    7,    7,  135,    7,
++        7,    7,   24,    7,    7,    7,    7,    7,    7,    7,
++        7,   20,  147,   20,   20, 1121,   26,   27,   27,   27,
++       20,   20,   28,   28,   28,   77,  147,   20,   30,   30,
++       30,   27,   29,   29,   29,   25,   20,   31,   31,   31,
++       32,   32,   32,   33,   33,   33,  188,  188,   20,   20,
++       34,   34,   34,   84,   20,   84,   35,   35,   35,   36,
++       36,   36,   20, 1122,   77,   20,   37,   37,   37,   28,
++
++       38,   38,   38,   29,   32,   30,   29,   72,   87,   29,
++       87,   72,   32,   31,   32,   39,   39,   39,  134,   33,
++       35,  238,   31,   40,   40,   40, 1123,   34,   41,   41,
++       41,   42,   42,   42,   54,   54,   54,   36,  238,   75,
++      136,   38,   38,   75,   38,   37,   80,  134,   37,  136,
++       80,   38,  458,   39,  181,  229,   39,   55,   55,   55,
++       56,   56,   56,  181,   39,  458,  229,   42,   54,   40,
++       41,   39,   58,   58,   58,   41,   45,   45,   45,   45,
++       45,   45,   45,   45,   45,  130, 1124,   45,   45,  130,
++       45,   45, 1125,   45,   45,   45,   45,   45,   57,   57,
++
++       57,   61,   61,   61,   56,  132,   55,   59,   59,   59,
++       58, 1127,   60,   60,   60,   62,   62,   62,  138,   58,
++      132,   63,   63,   63,   64,   64,   64,   65,   65,   65,
++      875,  235,   57,   66,   66,   66,  132,  875,   61,   57,
++      137,   59,   57,  235,  137,   57,  235,   61,  138,   59,
++       60,   59,  150,   62,   59,   63,  150,  245,   64,   67,
++       67,   67,  245,   63,   68,   68,   68, 1128,   63,   69,
++       69,   69,   85,   85,   85,   65,   65,   70,   70,   70,
++      142,  183,   66,  183,  142,   66,   71,   71,   71,   66,
++       91,   91,  176,  142,   91,   91,  176,   67,   96,   96,
++
++       96,  185,   68,  185,  457,   68,   68,   69,   68,  457,
++       69,   69,   90,   90,  728,   68,  728,  179,   69,   90,
++       90,  179,  546,   70,   71,   69,  546,   70,   71,   97,
++       97,   97,   86,   71,   86,   86,   86, 1129,  140,   98,
++       98,   98,   86,   86,  140,  140,   97,   90,   90,   99,
++       99,   99, 1130,  100,  100,  100,  101,  101,  101,  102,
++      102,  102,  103,  103,  103,  104,  104,  104,  844,  844,
++       86,   86,   98,   99,  100,  105,  105,  105,  106,  106,
++      106,  107,  107,  107,  108,  108,  108,  109,  109,  109,
++      110,  110,  110,  102, 1131, 1134,  103,  111,  111,  111,
++
++      112,  112,  112,  101,  113,  113,  113,  114,  114,  114,
++     1135,  104,  115,  115,  115,  116,  116,  116,  117,  117,
++      117,  118,  118,  118,  119,  119,  119,  105,  108,  107,
++      106, 1136, 1137,  109,  120,  120,  120,  110,  252,  121,
++      121,  121,  122,  122,  122,  114,  112,  252,  111,  113,
++      116,  123,  123,  123,  115,  624,  124,  124,  124,  115,
++      624,  118,  125,  125,  125,  117,  231,  231,  120,  231,
++     1138,  119,  126,  126,  126,  127,  127,  127,  118,  128,
++      128,  128, 1139,  120,  121,  144,  326,  144,  690,  326,
++      144,  122,  144,  154,  154,  154,  155,  155,  155,  156,
++
++      156,  156,  690,  123,  124,  157,  157,  157,  158,  158,
++      158, 1141,  125,  159,  159,  159, 1142,  127, 1143, 1145,
++      128,  126,  160,  160,  160,  161,  161,  161,  162,  162,
++      162,  163,  163,  163,  164,  164,  164,  154,  165,  165,
++      165, 1146, 1152,  156,  166,  166,  166,  158,  155,  157,
++      167,  167,  167,  168,  168,  168,  169,  169,  169,  170,
++      170,  170,  159,  171,  171,  171,  172,  172,  172, 1153,
++      164, 1154, 1155,  160,  173,  173,  173,  163,  174,  174,
++      174, 1156,  166,  165,  162, 1157,  168,  167,  175,  175,
++      175,  182,  182,  354, 1158,  166, 1159,  354,  182,  182,
++
++      354,  169, 1160,  171,  184,  184, 1161,  184,  184,  184,
++      170,  172, 1163,  189,  189, 1164,  174,  187,  187, 1161,
++      171,  189,  173, 1166,  187,  187,  182,  182,  191,  191,
++      191,  192,  192,  192,  193,  193,  193,  175,  194,  194,
++      194,  195,  195,  195, 1168,  191, 1169, 1170,  193,  189,
++     1171,  193,  187,  187,  196,  196,  196,  197,  197,  197,
++      198,  198,  198,  199,  199,  199,  200,  200,  200, 1172,
++     1177,  194,  201,  201,  201,  202,  202,  202,  203,  203,
++      203,  192,  205,  205,  205,  195,  204,  204,  204,  206,
++      206,  206,  207,  207,  207,  208,  208,  208,  199,  209,
++
++      209,  209, 1178,  196,  210,  210,  210,  197, 1180, 1181,
++      198,  200,  203,  211,  211,  211,  201,  212,  212,  212,
++      204,  213,  213,  213, 1182,  202,  214,  214,  214,  206,
++      207,  215,  215,  215,  216,  216,  216,  217,  217,  217,
++      218,  218,  218, 1183,  208,  219,  219,  219,  220,  220,
++      220, 1184,  209, 1186, 1187,  210, 1188,  211,  221,  221,
++      221,  222,  222,  222,  214, 1189,  212,  213,  223,  223,
++      223,  224,  224,  224, 1190,  225,  225,  225,  260,  260,
++      260,  243,  215, 1191, 1192,  216,  220,  243,  218,  217,
++     1193, 1194,  219, 1195, 1199,  243,  221,  261,  261,  261,
++
++      262,  262,  262,  222,  263,  263,  263, 1200,  224,  225,
++      264,  264,  264,  265,  265,  265,  266,  266,  266,  223,
++      267,  267,  267,  268,  268,  268, 1201, 1202,  260,  269,
++      269,  269, 1204,  262, 1205,  261, 1206,  270,  270,  270,
++      271,  271,  271, 1207,  264,  272,  272,  272,  263,  273,
++      273,  273, 1209,  274,  274,  274, 1211, 1212,  265,  275,
++      275,  275, 1213,  268,  276,  276,  276,  269,  277,  277,
++      277,  278,  278,  278,  267,  270, 1215,  778,  279,  279,
++      279,  778,  271,  272,  280,  280,  280,  282, 1220,  282,
++      282,  282,  283,  778,  283,  283,  283, 1223, 1224,  273,
++
++      274, 1225, 1226,  283, 1227, 1228,  277, 1234, 1235,  278,
++      276,  279,  284,  284,  284,  285,  285,  285,  286,  286,
++      286,  287,  287,  287, 1236, 1238,  288,  288,  288, 1239,
++      286,  283,  288, 1243,  280,  289,  289,  289,  290,  290,
++      290,  287,  291,  291,  291, 1244, 1245,  288,  288,  288,
++      288,  292,  292,  292,  293,  293,  293,  294,  294,  294,
++     1250,  295,  295,  295, 1253,  285,  296,  296,  296,  297,
++      297,  297,  298,  298,  298,  299,  299,  299,  300,  300,
++      300,  301,  301,  301,  302,  302,  302,  303,  303,  303,
++     1255, 1268,  291,  304,  304,  304, 1111, 1110,  293,  305,
++
++      305,  305,  292,  295,  296,  306,  306,  306,  307,  307,
++      307, 1109, 1107,  297, 1106,  301, 1105, 1104,  302,  308,
++      308,  308, 1103,  298, 1101,  303, 1100, 1099,  300,  309,
++      309,  309,  310,  310,  310,  304,  311,  311,  311,  306,
++     1098,  307, 1097,  306,  312,  312,  312,  313,  313,  313,
++      305,  314,  314,  314,  315,  315,  315,  316,  316,  316,
++      317,  317,  317,  318,  318,  318, 1096, 1095,  310,  308,
++     1094,  309,  363,  363,  363,  364,  364,  364,  692,  692,
++      311,  365,  365,  365,  366,  366,  366,  692,  314,  367,
++      367,  367, 1093,  692,  315,  368,  368,  368,  312,  369,
++
++      369,  369,  370,  370,  370,  371,  371,  371, 1092,  316,
++      363, 1091,  318,  372,  372,  372, 1090,  366,  373,  373,
++      373,  374,  374,  374,  375,  375,  375, 1089, 1088,  368,
++      365,  376,  376,  376,  377,  377,  377,  378,  378,  378,
++     1087,  367,  379,  379,  379, 1086,  369,  380,  380,  380,
++     1085,  371, 1084, 1075,  370,  381,  381,  381,  383,  383,
++      383, 1074, 1073,  372, 1072,  373, 1071, 1068,  377, 1067,
++      374, 1066,  377, 1065,  375,  384,  384,  384, 1064,  379,
++     1062,  380, 1061, 1060,  376, 1059, 1058,  378,  385,  385,
++      385,  380, 1057, 1056,  384, 1055, 1054,  381, 1053, 1052,
++
++      383,  386,  386,  386,  387,  387,  387,  388,  388,  388,
++      389,  389,  389,  385,  390,  390,  390,  391,  391,  391,
++      386,  392,  392,  392,  393,  393,  393,  388,  390, 1051,
++     1050,  390, 1049, 1048,  387,  394,  394,  394,  390,  389,
++      395,  395,  395,  396,  396,  396,  397,  397,  397,  398,
++      398,  398,  399,  399,  399,  400,  400,  400,  401,  401,
++      401, 1047,  393,  402,  402,  402,  403,  403,  403, 1046,
++     1045,  394,  404,  404,  404,  405,  405,  405,  406,  406,
++      406,  407,  407,  407,  408,  408,  408,  409,  409,  409,
++      410,  410,  410, 1044,  401, 1034, 1033,  398, 1032,  402,
++
++      411,  411,  411,  399, 1031, 1029,  400,  412,  412,  412,
++     1028, 1027,  405,  413,  413,  413,  404,  414,  414,  414,
++      408,  415,  415,  415,  410,  460,  460,  460, 1026,  406,
++      461,  461,  461,  462,  462,  462, 1025, 1024,  409, 1023,
++      463,  463,  463, 1021, 1020,  412,  464,  464,  464, 1019,
++     1018,  414, 1017, 1016,  415,  465,  465,  465, 1015,  413,
++      466,  466,  466, 1014,  461,  467,  467,  467,  468,  468,
++      468,  469,  469,  469,  470,  470,  470, 1013, 1012,  471,
++      471,  471, 1011,  462,  463,  472,  472,  472,  473,  473,
++      473,  474,  474,  474,  466, 1010, 1009,  464, 1008,  475,
++
++      475,  475, 1007, 1006,  465,  476,  476,  476,  477,  477,
++      477,  479,  479,  479,  468,  467,  470,  471,  478,  478,
++      478,  480,  480,  480,  478,  481,  481,  481, 1005,  472,
++     1004, 1003,  481,  481,  481,  479,  472, 1002, 1001,  473,
++      474,  475,  481,  989,  988,  481,  482,  482,  482,  481,
++      481,  480,  476,  482,  483,  483,  483,  484,  484,  484,
++      485,  485,  485,  987,  986,  477,  487,  487,  487,  484,
++      486,  486,  486,  985,  483,  488,  488,  488,  984,  983,
++      485,  489,  489,  489,  486,  490,  490,  490,  491,  491,
++      491,  492,  492,  492,  493,  493,  493,  494,  494,  494,
++
++      495,  495,  495,  496,  496,  496,  497,  497,  497,  498,
++      498,  498,  499,  499,  499,  489,  982,  488,  500,  500,
++      500,  501,  501,  501,  506,  506,  491,  502,  502,  502,
++      981,  980,  490,  503,  503,  503,  550,  550,  550,  979,
++      506,  506,  492,  978,  977,  506,  976,  494,  551,  551,
++      551,  552,  552,  552,  553,  553,  553,  500,  975,  501,
++      554,  554,  554,  499,  555,  555,  555,  556,  556,  556,
++      974,  502,  557,  557,  557,  558,  558,  558,  550,  559,
++      559,  559,  972,  971,  503,  560,  560,  560,  561,  561,
++      561,  562,  562,  562,  563,  563,  563,  554,  970,  968,
++
++      551,  967,  552,  966,  555,  556,  557,  564,  564,  564,
++      965,  964,  559,  565,  565,  565,  566,  566,  566,  567,
++      567,  567,  561,  568,  568,  568,  569,  569,  569,  963,
++      962,  562,  558,  566,  570,  570,  570,  560,  961,  563,
++      570,  571,  571,  571,  572,  572,  572,  568,  574,  574,
++      574,  565,  569,  564,  960,  571,  959,  958,  572,  573,
++      573,  573,  575,  575,  575,  574,  573,  576,  576,  576,
++      577,  577,  577,  957,  578,  578,  578,  577,  579,  579,
++      579,  956,  576,  580,  580,  580,  955,  954,  575,  581,
++      581,  581,  575,  578,  582,  582,  582,  583,  583,  583,
++
++      584,  584,  584,  579,  585,  585,  585,  586,  586,  586,
++      587,  587,  587,  938,  580,  588,  588,  588,  589,  589,
++      589,  590,  590,  590,  591,  591,  591,  643,  643,  643,
++      582,  644,  644,  644,  645,  645,  645,  646,  646,  646,
++      581,  937,  585,  647,  647,  647,  583,  936,  587,  648,
++      648,  648,  649,  649,  649,  589,  650,  650,  650,  651,
++      651,  651,  652,  652,  652,  935,  934,  645,  933,  932,
++      646,  653,  653,  653,  654,  654,  654,  643,  931,  644,
++      930,  647,  655,  655,  655,  929,  927,  648,  656,  656,
++      656,  658,  658,  658,  650,  926,  649,  657,  657,  657,
++
++      659,  659,  659,  651,  661,  661,  661,  660,  660,  660,
++      922,  652,  662,  662,  662,  658,  653,  659,  660,  921,
++      662,  661,  920,  919,  655,  918,  654,  663,  663,  663,
++      657,  664,  664,  664,  665,  665,  665,  666,  666,  666,
++      667,  667,  667,  668,  668,  668,  664,  917,  665,  916,
++      915,  663,  914,  668,  669,  669,  669,  913,  666,  912,
++      911,  667,  670,  670,  670,  671,  671,  671,  670,  669,
++      672,  672,  672,  673,  673,  673,  674,  674,  674,  910,
++      672,  675,  675,  675,  676,  676,  676,  677,  677,  677,
++      678,  678,  678,  729,  729,  729,  909,  908,  671,  730,
++
++      730,  730,  731,  731,  731,  732,  732,  732,  733,  733,
++      733,  734,  734,  734,  674,  735,  735,  735,  736,  736,
++      736,  676,  737,  737,  737,  738,  738,  738,  907,  731,
++      906,  729,  739,  739,  739,  905,  904,  730,  903,  732,
++      740,  740,  740,  741,  741,  741,  742,  742,  742,  902,
++      901,  736,  743,  743,  743,  744,  744,  744,  900,  899,
++      737,  876,  874,  738,  873,  745,  745,  745,  872,  746,
++      746,  746,  758,  758,  758,  744,  745,  747,  747,  747,
++      739,  748,  748,  748,  870,  740,  746,  869,  749,  749,
++      749,  750,  750,  750,  741,  868,  867,  742,  749,  750,
++
++      865,  864,  747,  751,  751,  751,  748,  752,  752,  752,
++      753,  753,  753,  754,  754,  754,  863,  752,  753,  862,
++      751,  755,  755,  755,  756,  756,  756,  757,  757,  757,
++      861,  860,  756,  756,  759,  759,  759,  859,  755,  807,
++      807,  807,  808,  808,  808,  858,  754,  809,  809,  809,
++      810,  810,  810,  811,  811,  811,  812,  812,  812,  857,
++      757,  813,  813,  813,  814,  814,  814,  815,  815,  815,
++      856,  855,  807,  816,  816,  816,  817,  817,  817,  854,
++      853,  818,  818,  818,  819,  819,  819,  852,  851,  809,
++      812,  808,  848,  847,  819,  820,  820,  820,  846,  810,
++
++      845,  820,  843,  842,  811,  815,  818,  821,  821,  821,
++      841,  816,  822,  822,  822,  823,  823,  823,  824,  824,
++      824,  840,  839,  823,  825,  825,  825,  838,  824,  826,
++      826,  826,  837,  836,  825,  827,  827,  827,  828,  828,
++      828,  829,  829,  829,  835,  834,  828,  828,  830,  830,
++      830,  831,  831,  831,  832,  832,  832,  877,  877,  877,
++      827,  878,  878,  878,  833,  831,  806,  805,  830,  879,
++      879,  879,  880,  880,  880,  881,  881,  881,  804,  832,
++      882,  882,  882,  883,  883,  883,  884,  884,  884,  885,
++      885,  885,  802,  801,  878,  798,  886,  886,  886,  887,
++
++      887,  887,  888,  888,  888,  877,  887,  796,  881,  889,
++      889,  889,  880,  890,  890,  890,  795,  882,  879,  886,
++      891,  891,  891,  884,  892,  892,  892,  888,  794,  883,
++      793,  893,  893,  893,  894,  894,  894,  895,  895,  895,
++      896,  896,  896,  792,  892,  893,  939,  939,  939,  940,
++      940,  940,  791,  894,  941,  941,  941,  942,  942,  942,
++      790,  895,  943,  943,  943,  944,  944,  944,  945,  945,
++      945,  946,  946,  946,  947,  947,  947,  948,  948,  948,
++      949,  949,  949,  789,  950,  950,  950,  951,  951,  951,
++      788,  940,  787,  786,  948,  952,  952,  952,  943,  953,
++
++      953,  953,  939,  950,  946,  941,  784,  944,  783,  942,
++      782,  951,  990,  990,  990,  991,  991,  991,  781,  945,
++      992,  992,  992,  993,  993,  993,  994,  994,  994,  995,
++      995,  995,  996,  996,  996,  997,  997,  997,  998,  998,
++      998,  999,  999,  999,  780,  990,  779,  777,  998, 1000,
++     1000, 1000, 1035, 1035, 1035, 1036, 1036, 1036, 1037, 1037,
++     1037,  991, 1038, 1038, 1038,  996,  776,  775,  993,  997,
++      994,  774,  992,  773,  772,  995, 1039, 1039, 1039, 1040,
++     1040, 1040, 1041, 1041, 1041, 1042, 1042, 1042,  771,  770,
++     1035,  769, 1037, 1043, 1043, 1043,  768, 1036,  767,  766,
++
++     1038, 1076, 1076, 1076, 1077, 1077, 1077, 1078, 1078, 1078,
++      765, 1079, 1079, 1079, 1039, 1080, 1080, 1080,  764, 1040,
++     1081, 1081, 1081,  763, 1082, 1082, 1082,  762, 1041, 1083,
++     1083, 1083,  761, 1042, 1113, 1113, 1113, 1114, 1114, 1114,
++     1115, 1115, 1115, 1116, 1116, 1116, 1117, 1117, 1117, 1080,
++     1115, 1078, 1118, 1118, 1118, 1077, 1076, 1079, 1082, 1119,
++     1119, 1119, 1147, 1147, 1147, 1148, 1148, 1148,  760,  727,
++     1113, 1083, 1149, 1149, 1149, 1150, 1150, 1150, 1151, 1151,
++     1151, 1173, 1173, 1173, 1174, 1174, 1174, 1175, 1175, 1175,
++      726,  725, 1117,  724, 1116,  723,  722, 1118,  720,  719,
++
++     1147, 1176, 1176, 1176, 1196, 1196, 1196, 1197, 1197, 1197,
++     1198, 1198, 1198,  718, 1148,  717, 1151, 1216, 1216, 1216,
++      716,  715, 1149, 1217, 1217, 1217, 1231, 1231, 1231, 1173,
++     1232, 1232, 1232, 1174, 1240, 1240, 1240, 1241, 1241, 1241,
++     1247, 1247, 1247, 1232, 1248, 1248, 1248, 1252, 1252, 1252,
++      714, 1176,  713,  712, 1197, 1196, 1254, 1254, 1254, 1216,
++     1256, 1256, 1256, 1258, 1258, 1258, 1259, 1259, 1259,  711,
++      710, 1241, 1217, 1231,  709,  708,  707,  705,  704,  702,
++     1240,  700,  699,  698, 1252,  695,  694,  693,  689,  688,
++     1248,  686,  685,  684,  683,  682,  681,  680, 1256,  679,
++
++     1254,  642,  641,  640,  639,  638,  637,  636,  635,  634,
++      633,  632, 1258, 1261, 1261, 1261, 1261, 1262, 1262, 1262,
++     1262, 1263, 1263, 1263, 1263, 1264, 1264, 1264, 1264, 1265,
++     1265, 1266, 1266, 1267,  631, 1267, 1267,  630,  629,  627,
++      626,  625,  623,  622,  621,  620,  619,  618,  617,  615,
++      614,  613,  612,  611,  610,  609,  608,  607,  606,  605,
++      604,  603,  602,  601,  600,  599,  598,  597,  596,  595,
++      594,  593,  592,  549,  548,  547,  545,  544,  543,  542,
++      541,  540,  539,  538,  537,  536,  535,  534,  533,  532,
++      531,  530,  529,  528,  527,  526,  525,  524,  523,  522,
++
++      521,  520,  519,  518,  517,  516,  515,  514,  513,  512,
++      511,  510,  509,  508,  507,  505,  504,  459,  456,  455,
++      454,  453,  452,  451,  450,  449,  448,  447,  446,  445,
++      444,  443,  442,  441,  440,  439,  438,  437,  436,  435,
++      434,  433,  432,  431,  430,  429,  428,  427,  426,  425,
++      424,  423,  422,  421,  420,  419,  418,  417,  416,  361,
++      360,  359,  358,  357,  356,  355,  353,  352,  351,  350,
++      349,  348,  347,  346,  345,  344,  343,  342,  341,  340,
++      339,  338,  337,  336,  335,  334,  333,  332,  331,  329,
++      328,  327,  325,  324,  323,  322,  321,  320,  281,  259,
++
++      258,  257,  256,  255,  254,  253,  251,  249,  248,  247,
++      246,  244,  242,  240,  239,  237,  236,  234,  233,  232,
++      230,  228,  227,  226,  180,  178,  177,  152,  151,  149,
++      148,  146,  145,  143,  141,  139,  133,   83,   79,   76,
++       73,   52,   49,   43,   22,   21,   11,    9,    3, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
+ 
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260
+     } ;
+ 
+ static yy_state_type yy_last_accepting_state;
+@@ -1499,7 +1518,7 @@ int yy_flex_debug = 0;
+ #define YY_MORE_ADJ 0
+ #define YY_RESTORE_YY_MORE_OFFSET
+ char *yytext;
+-#line 1 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 1 "lexer.l"
+ /*
+  * The SIP lexer.
+  *
+@@ -1517,7 +1536,7 @@ char *yytext;
+  * SIP is supplied WITHOUT ANY WARRANTY; without even the implied warranty of
+  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  */
+-#line 20 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 20 "lexer.l"
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -1563,11 +1582,9 @@ static int parenDepth = 0;
+ 
+ static FILE *openFile(const char *);
+ static void fatallex(char *);
++#line 1586 "../lexer.c"
+ 
+-
+-
+-
+-#line 1571 "sip-4.19.23/sipgen/lexer.c"
++#line 1588 "../lexer.c"
+ 
+ #define INITIAL 0
+ #define code 1
+@@ -1587,36 +1604,36 @@ static void fatallex(char *);
+ #define YY_EXTRA_TYPE void *
+ #endif
+ 
+-static int yy_init_globals (void );
++static int yy_init_globals ( void );
+ 
+ /* Accessor methods to globals.
+    These are made visible to non-reentrant scanners for convenience. */
+ 
+-int yylex_destroy (void );
++int yylex_destroy ( void );
+ 
+-int yyget_debug (void );
++int yyget_debug ( void );
+ 
+-void yyset_debug (int debug_flag  );
++void yyset_debug ( int debug_flag  );
+ 
+-YY_EXTRA_TYPE yyget_extra (void );
++YY_EXTRA_TYPE yyget_extra ( void );
+ 
+-void yyset_extra (YY_EXTRA_TYPE user_defined  );
++void yyset_extra ( YY_EXTRA_TYPE user_defined  );
+ 
+-FILE *yyget_in (void );
++FILE *yyget_in ( void );
+ 
+-void yyset_in  (FILE * in_str  );
++void yyset_in  ( FILE * _in_str  );
+ 
+-FILE *yyget_out (void );
++FILE *yyget_out ( void );
+ 
+-void yyset_out  (FILE * out_str  );
++void yyset_out  ( FILE * _out_str  );
+ 
+-yy_size_t yyget_leng (void );
++			int yyget_leng ( void );
+ 
+-char *yyget_text (void );
++char *yyget_text ( void );
+ 
+-int yyget_lineno (void );
++int yyget_lineno ( void );
+ 
+-void yyset_lineno (int line_number  );
++void yyset_lineno ( int _line_number  );
+ 
+ /* Macros after this point can all be overridden by user definitions in
+  * section 1.
+@@ -1624,28 +1641,31 @@ void yyset_lineno (int line_number  );
+ 
+ #ifndef YY_SKIP_YYWRAP
+ #ifdef __cplusplus
+-extern "C" int yywrap (void );
++extern "C" int yywrap ( void );
+ #else
+-extern int yywrap (void );
++extern int yywrap ( void );
+ #endif
+ #endif
+ 
+-    static void yyunput (int c,char *buf_ptr  );
++#ifndef YY_NO_UNPUT
+     
++    static void yyunput ( int c, char *buf_ptr  );
++    
++#endif
++
+ #ifndef yytext_ptr
+-static void yy_flex_strncpy (char *,yyconst char *,int );
++static void yy_flex_strncpy ( char *, const char *, int );
+ #endif
+ 
+ #ifdef YY_NEED_STRLEN
+-static int yy_flex_strlen (yyconst char * );
++static int yy_flex_strlen ( const char * );
+ #endif
+ 
+ #ifndef YY_NO_INPUT
+-
+ #ifdef __cplusplus
+-static int yyinput (void );
++static int yyinput ( void );
+ #else
+-static int input (void );
++static int input ( void );
+ #endif
+ 
+ #endif
+@@ -1654,15 +1674,20 @@ static int input (void );
+         static int yy_start_stack_depth = 0;
+         static int *yy_start_stack = NULL;
+     
+-    static void yy_push_state (int new_state );
++    static void yy_push_state ( int _new_state );
+     
+-    static void yy_pop_state (void );
++    static void yy_pop_state ( void );
+     
+-    static int yy_top_state (void );
++    static int yy_top_state ( void );
+     
+ /* Amount of stuff to slurp up with each read. */
+ #ifndef YY_READ_BUF_SIZE
++#ifdef __ia64__
++/* On IA-64, the buffer size is 16k, not 8k */
++#define YY_READ_BUF_SIZE 16384
++#else
+ #define YY_READ_BUF_SIZE 8192
++#endif /* __ia64__ */
+ #endif
+ 
+ /* Copy whatever the last rule matched to the standard output. */
+@@ -1670,7 +1695,7 @@ static int input (void );
+ /* This used to be an fputs(), but since the string might contain NUL's,
+  * we now use fwrite().
+  */
+-#define ECHO fwrite( yytext, yyleng, 1, yyout )
++#define ECHO do { if (fwrite( yytext, (size_t) yyleng, 1, yyout )) {} } while (0)
+ #endif
+ 
+ /* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
+@@ -1681,7 +1706,7 @@ static int input (void );
+ 	if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
+ 		{ \
+ 		int c = '*'; \
+-		yy_size_t n; \
++		int n; \
+ 		for ( n = 0; n < max_size && \
+ 			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
+ 			buf[n] = (char) c; \
+@@ -1694,7 +1719,7 @@ static int input (void );
+ 	else \
+ 		{ \
+ 		errno=0; \
+-		while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
++		while ( (result = (int) fread(buf, 1, (yy_size_t) max_size, yyin)) == 0 && ferror(yyin)) \
+ 			{ \
+ 			if( errno != EINTR) \
+ 				{ \
+@@ -1749,7 +1774,7 @@ extern int yylex (void);
+ 
+ /* Code executed at the end of each rule. */
+ #ifndef YY_BREAK
+-#define YY_BREAK break;
++#define YY_BREAK /*LINTED*/break;
+ #endif
+ 
+ #define YY_RULE_SETUP \
+@@ -1762,15 +1787,10 @@ extern int yylex (void);
+  */
+ YY_DECL
+ {
+-	register yy_state_type yy_current_state;
+-	register char *yy_cp, *yy_bp;
+-	register int yy_act;
++	yy_state_type yy_current_state;
++	char *yy_cp, *yy_bp;
++	int yy_act;
+     
+-#line 74 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-
+-
+-#line 1773 "sip-4.19.23/sipgen/lexer.c"
+-
+ 	if ( !(yy_init) )
+ 		{
+ 		(yy_init) = 1;
+@@ -1791,13 +1811,19 @@ YY_DECL
+ 		if ( ! YY_CURRENT_BUFFER ) {
+ 			yyensure_buffer_stack ();
+ 			YY_CURRENT_BUFFER_LVALUE =
+-				yy_create_buffer(yyin,YY_BUF_SIZE );
++				yy_create_buffer( yyin, YY_BUF_SIZE );
+ 		}
+ 
+-		yy_load_buffer_state( );
++		yy_load_buffer_state(  );
+ 		}
+ 
+-	while ( 1 )		/* loops until end-of-file is reached */
++	{
++#line 74 "lexer.l"
++
++
++#line 1825 "../lexer.c"
++
++	while ( /*CONSTCOND*/1 )		/* loops until end-of-file is reached */
+ 		{
+ 		yy_cp = (yy_c_buf_p);
+ 
+@@ -1814,7 +1840,7 @@ YY_DECL
+ yy_match:
+ 		do
+ 			{
+-			register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
++			YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ;
+ 			if ( yy_accept[yy_current_state] )
+ 				{
+ 				(yy_last_accepting_state) = yy_current_state;
+@@ -1823,13 +1849,13 @@ yy_match:
+ 			while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ 				{
+ 				yy_current_state = (int) yy_def[yy_current_state];
+-				if ( yy_current_state >= 1235 )
+-					yy_c = yy_meta[(unsigned int) yy_c];
++				if ( yy_current_state >= 1261 )
++					yy_c = yy_meta[yy_c];
+ 				}
+-			yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
++			yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
+ 			++yy_cp;
+ 			}
+-		while ( yy_base[yy_current_state] != 2845 );
++		while ( yy_base[yy_current_state] != 2950 );
+ 
+ yy_find_action:
+ 		yy_act = yy_accept[yy_current_state];
+@@ -1855,540 +1881,550 @@ do_action:	/* This label is used only to
+ 
+ case 1:
+ YY_RULE_SETUP
+-#line 76 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 76 "lexer.l"
+ {BEGIN directive_start; return TK_API;}
+ 	YY_BREAK
+ case 2:
+ YY_RULE_SETUP
+-#line 77 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 77 "lexer.l"
+ {BEGIN directive_start; return TK_AUTOPYNAME;}
+ 	YY_BREAK
+ case 3:
+ YY_RULE_SETUP
+-#line 78 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 78 "lexer.l"
+ {return TK_CMODULE;}
+ 	YY_BREAK
+ case 4:
+ YY_RULE_SETUP
+-#line 79 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 79 "lexer.l"
+ {BEGIN directive_start; return TK_COMPOMODULE;}
+ 	YY_BREAK
+ case 5:
+ YY_RULE_SETUP
+-#line 80 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 80 "lexer.l"
+ {BEGIN directive_start; return TK_CONSMODULE;}
+ 	YY_BREAK
+ case 6:
+ YY_RULE_SETUP
+-#line 81 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 81 "lexer.l"
+ {BEGIN directive_start; return TK_DEFDOCSTRFMT;}
+ 	YY_BREAK
+ case 7:
+ YY_RULE_SETUP
+-#line 82 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 82 "lexer.l"
+ {BEGIN directive_start; return TK_DEFDOCSTRSIG;}
+ 	YY_BREAK
+ case 8:
+ YY_RULE_SETUP
+-#line 83 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 83 "lexer.l"
+ {BEGIN directive_start; return TK_DEFENCODING;}
+ 	YY_BREAK
+ case 9:
+ YY_RULE_SETUP
+-#line 84 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 84 "lexer.l"
+ {BEGIN directive_start; return TK_DEFMETATYPE;}
+ 	YY_BREAK
+ case 10:
+ YY_RULE_SETUP
+-#line 85 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 85 "lexer.l"
+ {BEGIN directive_start; return TK_DEFSUPERTYPE;}
+ 	YY_BREAK
+ case 11:
+ YY_RULE_SETUP
+-#line 86 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 86 "lexer.l"
+ {return TK_END;}
+ 	YY_BREAK
+ case 12:
+ YY_RULE_SETUP
+-#line 87 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 87 "lexer.l"
+ {BEGIN INITIAL; return TK_END;}
+ 	YY_BREAK
+ case 13:
+ YY_RULE_SETUP
+-#line 88 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 88 "lexer.l"
+ {return TK_EXCEPTION;}
+ 	YY_BREAK
+ case 14:
+ YY_RULE_SETUP
+-#line 89 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 89 "lexer.l"
+ {BEGIN directive_start; return TK_FEATURE;}
+ 	YY_BREAK
+ case 15:
+ YY_RULE_SETUP
+-#line 90 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 90 "lexer.l"
+ {BEGIN directive_start; return TK_HIDE_NS;}
+ 	YY_BREAK
+ case 16:
+ YY_RULE_SETUP
+-#line 91 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 91 "lexer.l"
+ {return TK_IF;}
+ 	YY_BREAK
+ case 17:
+ YY_RULE_SETUP
+-#line 92 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 92 "lexer.l"
+ {BEGIN directive_start; return TK_IMPORT;}
+ 	YY_BREAK
+ case 18:
+ YY_RULE_SETUP
+-#line 93 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 93 "lexer.l"
+ {BEGIN directive_start; return TK_INCLUDE;}
+ 	YY_BREAK
+ case 19:
+ YY_RULE_SETUP
+-#line 94 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 94 "lexer.l"
+ {BEGIN directive_start; return TK_LICENSE;}
+ 	YY_BREAK
+ case 20:
+ YY_RULE_SETUP
+-#line 95 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 95 "lexer.l"
+ {return TK_MAPPEDTYPE;}
+ 	YY_BREAK
+ case 21:
+ YY_RULE_SETUP
+-#line 96 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 96 "lexer.l"
+ {BEGIN directive_start; return TK_MODULE;}
+ 	YY_BREAK
+ case 22:
+ YY_RULE_SETUP
+-#line 97 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 97 "lexer.l"
+ {return TK_OPTINCLUDE;}
+ 	YY_BREAK
+ case 23:
+ YY_RULE_SETUP
+-#line 98 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 98 "lexer.l"
+ {return TK_PLATFORMS;}
+ 	YY_BREAK
+ case 24:
+ YY_RULE_SETUP
+-#line 99 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 99 "lexer.l"
+ {BEGIN directive_start; return TK_PLUGIN;}
+ 	YY_BREAK
+ case 25:
+ YY_RULE_SETUP
+-#line 100 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 100 "lexer.l"
+ {BEGIN directive_start; return TK_PROPERTY;}
+ 	YY_BREAK
+ case 26:
+ YY_RULE_SETUP
+-#line 101 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 101 "lexer.l"
+ {return TK_TIMELINE;}
+ 	YY_BREAK
+ case 27:
+ YY_RULE_SETUP
+-#line 103 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 103 "lexer.l"
+ {return TK_CLASS;}
+ 	YY_BREAK
+ case 28:
+ YY_RULE_SETUP
+-#line 104 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 104 "lexer.l"
+ {return TK_STRUCT;}
+ 	YY_BREAK
+ case 29:
+ YY_RULE_SETUP
+-#line 105 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 105 "lexer.l"
+ {return TK_PUBLIC;}
+ 	YY_BREAK
+ case 30:
+ YY_RULE_SETUP
+-#line 106 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 106 "lexer.l"
+ {return TK_PROTECTED;}
+ 	YY_BREAK
+ case 31:
+ YY_RULE_SETUP
+-#line 107 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 107 "lexer.l"
+ {return TK_PRIVATE;}
+ 	YY_BREAK
+ case 32:
+ YY_RULE_SETUP
+-#line 108 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 108 "lexer.l"
+ {return TK_SIGNALS;}
+ 	YY_BREAK
+ case 33:
+ YY_RULE_SETUP
+-#line 109 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 109 "lexer.l"
+ {return TK_SIGNALS;}
+ 	YY_BREAK
+ case 34:
+ YY_RULE_SETUP
+-#line 110 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 110 "lexer.l"
+ {return TK_SIGNAL_METHOD;}
+ 	YY_BREAK
+ case 35:
+ YY_RULE_SETUP
+-#line 111 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 111 "lexer.l"
+ {return TK_SLOTS;}
+ 	YY_BREAK
+ case 36:
+ YY_RULE_SETUP
+-#line 112 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 112 "lexer.l"
+ {return TK_SLOTS;}
+ 	YY_BREAK
+ case 37:
+ YY_RULE_SETUP
+-#line 113 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 113 "lexer.l"
+ {return TK_SLOT_METHOD;}
+ 	YY_BREAK
+ case 38:
+ YY_RULE_SETUP
+-#line 114 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 114 "lexer.l"
+ {return TK_CHAR;}
+ 	YY_BREAK
+ case 39:
+ YY_RULE_SETUP
+-#line 115 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 115 "lexer.l"
+ {return TK_WCHAR_T;}
+ 	YY_BREAK
+ case 40:
+ YY_RULE_SETUP
+-#line 116 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 116 "lexer.l"
+ {return TK_BOOL;}
+ 	YY_BREAK
+ case 41:
+ YY_RULE_SETUP
+-#line 117 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 117 "lexer.l"
+ {return TK_SHORT;}
+ 	YY_BREAK
+ case 42:
+ YY_RULE_SETUP
+-#line 118 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 118 "lexer.l"
+ {return TK_INT;}
+ 	YY_BREAK
+ case 43:
+ YY_RULE_SETUP
+-#line 119 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 119 "lexer.l"
+ {return TK_LONG;}
+ 	YY_BREAK
+ case 44:
+ YY_RULE_SETUP
+-#line 120 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 120 "lexer.l"
+ {return TK_FLOAT;}
+ 	YY_BREAK
+ case 45:
+ YY_RULE_SETUP
+-#line 121 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 121 "lexer.l"
+ {return TK_DOUBLE;}
+ 	YY_BREAK
+ case 46:
+ YY_RULE_SETUP
+-#line 122 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 122 "lexer.l"
+ {return TK_VOID;}
+ 	YY_BREAK
+ case 47:
+ YY_RULE_SETUP
+-#line 123 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 123 "lexer.l"
+ {return TK_VIRTUAL;}
+ 	YY_BREAK
+ case 48:
+ YY_RULE_SETUP
+-#line 124 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 124 "lexer.l"
+ {return TK_ENUM;}
+ 	YY_BREAK
+ case 49:
+ YY_RULE_SETUP
+-#line 125 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 125 "lexer.l"
+ {return TK_SIGNED;}
+ 	YY_BREAK
+ case 50:
+ YY_RULE_SETUP
+-#line 126 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 126 "lexer.l"
+ {return TK_UNSIGNED;}
+ 	YY_BREAK
+ case 51:
+ YY_RULE_SETUP
+-#line 127 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 127 "lexer.l"
+ {return TK_CONST;}
+ 	YY_BREAK
+ case 52:
+ YY_RULE_SETUP
+-#line 128 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 128 "lexer.l"
+ {return TK_STATIC;}
+ 	YY_BREAK
+ case 53:
+ YY_RULE_SETUP
+-#line 129 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 129 "lexer.l"
+ {return TK_TRUE_VALUE;}
+ 	YY_BREAK
+ case 54:
+ YY_RULE_SETUP
+-#line 130 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 130 "lexer.l"
+ {return TK_FALSE_VALUE;}
+ 	YY_BREAK
+ case 55:
+ YY_RULE_SETUP
+-#line 131 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 131 "lexer.l"
+ {return TK_NULL_VALUE;}
+ 	YY_BREAK
+ case 56:
+ YY_RULE_SETUP
+-#line 132 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 132 "lexer.l"
+ {return TK_TYPEDEF;}
+ 	YY_BREAK
+ case 57:
+ YY_RULE_SETUP
+-#line 133 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 133 "lexer.l"
+ {return TK_NAMESPACE;}
+ 	YY_BREAK
+ case 58:
+ YY_RULE_SETUP
+-#line 134 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 134 "lexer.l"
+ {return TK_OPERATOR;}
+ 	YY_BREAK
+ case 59:
+ YY_RULE_SETUP
+-#line 135 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 135 "lexer.l"
+ {return TK_THROW;}
+ 	YY_BREAK
+ case 60:
+ YY_RULE_SETUP
+-#line 136 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 136 "lexer.l"
+ {return TK_EXPLICIT;}
+ 	YY_BREAK
+ case 61:
+ YY_RULE_SETUP
+-#line 137 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 137 "lexer.l"
+ {return TK_TEMPLATE;}
+ 	YY_BREAK
+ case 62:
+ YY_RULE_SETUP
+-#line 138 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 138 "lexer.l"
+ {return TK_FINAL;}
+ 	YY_BREAK
+ case 63:
+ YY_RULE_SETUP
+-#line 139 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 139 "lexer.l"
+ {return TK_SIZET;}
+ 	YY_BREAK
+ case 64:
+ YY_RULE_SETUP
+-#line 140 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 140 "lexer.l"
+ {return TK_SCOPE;}
+ 	YY_BREAK
+ case 65:
+ YY_RULE_SETUP
+-#line 141 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 141 "lexer.l"
+ {return TK_LOGICAL_OR;}
+ 	YY_BREAK
+ case 66:
+ YY_RULE_SETUP
+-#line 142 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 142 "lexer.l"
+ {return TK_PYOBJECT;}
+ 	YY_BREAK
+ case 67:
+ YY_RULE_SETUP
+-#line 143 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 143 "lexer.l"
+ {return TK_PYTUPLE;}
+ 	YY_BREAK
+ case 68:
+ YY_RULE_SETUP
+-#line 144 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 144 "lexer.l"
+ {return TK_PYLIST;}
+ 	YY_BREAK
+ case 69:
+ YY_RULE_SETUP
+-#line 145 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 145 "lexer.l"
+ {return TK_PYDICT;}
+ 	YY_BREAK
+ case 70:
+ YY_RULE_SETUP
+-#line 146 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 146 "lexer.l"
+ {return TK_PYCALLABLE;}
+ 	YY_BREAK
+ case 71:
+ YY_RULE_SETUP
+-#line 147 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 147 "lexer.l"
+ {return TK_PYSLICE;}
+ 	YY_BREAK
+ case 72:
+ YY_RULE_SETUP
+-#line 148 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 148 "lexer.l"
+ {return TK_PYTYPE;}
+ 	YY_BREAK
+ case 73:
+ YY_RULE_SETUP
+-#line 149 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 149 "lexer.l"
+ {return TK_PYBUFFER;}
+ 	YY_BREAK
+ case 74:
+ YY_RULE_SETUP
+-#line 150 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 150 "lexer.l"
+ {return TK_SIPSIGNAL;}
+ 	YY_BREAK
+ case 75:
+ YY_RULE_SETUP
+-#line 151 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 151 "lexer.l"
+ {return TK_SIPSLOT;}
+ 	YY_BREAK
+ case 76:
+ YY_RULE_SETUP
+-#line 152 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 152 "lexer.l"
+ {return TK_SIPANYSLOT;}
+ 	YY_BREAK
+ case 77:
+ YY_RULE_SETUP
+-#line 153 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 153 "lexer.l"
+ {return TK_SIPRXCON;}
+ 	YY_BREAK
+ case 78:
+ YY_RULE_SETUP
+-#line 154 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 154 "lexer.l"
+ {return TK_SIPRXDIS;}
+ 	YY_BREAK
+ case 79:
+ YY_RULE_SETUP
+-#line 155 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 155 "lexer.l"
+ {return TK_SIPSLOTCON;}
+ 	YY_BREAK
+ case 80:
+ YY_RULE_SETUP
+-#line 156 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 156 "lexer.l"
+ {return TK_SIPSLOTDIS;}
+ 	YY_BREAK
+ case 81:
+ YY_RULE_SETUP
+-#line 157 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 157 "lexer.l"
+ {return TK_SIPSSIZET;}
+ 	YY_BREAK
+ case 82:
+ YY_RULE_SETUP
+-#line 158 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_QOBJECT;}
++#line 158 "lexer.l"
++{return TK_SIPSSIZET;}
+ 	YY_BREAK
+ case 83:
+ YY_RULE_SETUP
+-#line 159 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_ELLIPSIS;}
++#line 159 "lexer.l"
++{return TK_QOBJECT;}
+ 	YY_BREAK
+ case 84:
+ YY_RULE_SETUP
+-#line 161 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_FORMAT;}
++#line 160 "lexer.l"
++{return TK_ELLIPSIS;}
+ 	YY_BREAK
+ case 85:
+ YY_RULE_SETUP
+-#line 162 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_GET;}
++#line 162 "lexer.l"
++{return TK_FORMAT;}
+ 	YY_BREAK
+ case 86:
+ YY_RULE_SETUP
+-#line 163 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_ID;}
++#line 163 "lexer.l"
++{return TK_GET;}
+ 	YY_BREAK
+ case 87:
+ YY_RULE_SETUP
+-#line 164 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_KWARGS;}
++#line 164 "lexer.l"
++{return TK_ID;}
+ 	YY_BREAK
+ case 88:
+ YY_RULE_SETUP
+-#line 165 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_LANGUAGE;}
++#line 165 "lexer.l"
++{return TK_KWARGS;}
+ 	YY_BREAK
+ case 89:
+ YY_RULE_SETUP
+-#line 166 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_LICENSEE;}
++#line 166 "lexer.l"
++{return TK_LANGUAGE;}
+ 	YY_BREAK
+ case 90:
+ YY_RULE_SETUP
+-#line 167 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_NAME;}
++#line 167 "lexer.l"
++{return TK_LICENSEE;}
+ 	YY_BREAK
+ case 91:
+ YY_RULE_SETUP
+-#line 168 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_OPTIONAL;}
++#line 168 "lexer.l"
++{return TK_NAME;}
+ 	YY_BREAK
+ case 92:
+ YY_RULE_SETUP
+-#line 169 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_ORDER;}
++#line 169 "lexer.l"
++{return TK_OPTIONAL;}
+ 	YY_BREAK
+ case 93:
+ YY_RULE_SETUP
+-#line 170 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_REMOVELEADING;}
++#line 170 "lexer.l"
++{return TK_ORDER;}
+ 	YY_BREAK
+ case 94:
+ YY_RULE_SETUP
+-#line 171 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_SET;}
++#line 171 "lexer.l"
++{return TK_REMOVELEADING;}
+ 	YY_BREAK
+ case 95:
+ YY_RULE_SETUP
+-#line 172 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_SIGNATURE;}
++#line 172 "lexer.l"
++{return TK_SET;}
+ 	YY_BREAK
+ case 96:
+ YY_RULE_SETUP
+-#line 173 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_TIMESTAMP;}
++#line 173 "lexer.l"
++{return TK_SIGNATURE;}
+ 	YY_BREAK
+ case 97:
+ YY_RULE_SETUP
+-#line 174 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_TYPE;}
++#line 174 "lexer.l"
++{return TK_TIMESTAMP;}
+ 	YY_BREAK
+ case 98:
+ YY_RULE_SETUP
+-#line 175 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_USEARGNAMES;}
++#line 175 "lexer.l"
++{return TK_TYPE;}
+ 	YY_BREAK
+ case 99:
+ YY_RULE_SETUP
+-#line 176 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_USELIMITEDAPI;}
++#line 176 "lexer.l"
++{return TK_USEARGNAMES;}
+ 	YY_BREAK
+ case 100:
+ YY_RULE_SETUP
+-#line 177 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_ALLRAISEPYEXC;}
++#line 177 "lexer.l"
++{return TK_PYSSIZETCLEAN;}
+ 	YY_BREAK
+ case 101:
+ YY_RULE_SETUP
+-#line 178 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_CALLSUPERINIT;}
++#line 178 "lexer.l"
++{return TK_USELIMITEDAPI;}
+ 	YY_BREAK
+ case 102:
+ YY_RULE_SETUP
+-#line 179 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_DEFERRORHANDLER;}
++#line 179 "lexer.l"
++{return TK_ALLRAISEPYEXC;}
+ 	YY_BREAK
+ case 103:
+ YY_RULE_SETUP
+-#line 180 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_VERSION;}
++#line 180 "lexer.l"
++{return TK_CALLSUPERINIT;}
+ 	YY_BREAK
+ case 104:
+ YY_RULE_SETUP
+-#line 182 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_TRUE_VALUE;}
++#line 181 "lexer.l"
++{return TK_DEFERRORHANDLER;}
+ 	YY_BREAK
+ case 105:
+ YY_RULE_SETUP
+-#line 183 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_FALSE_VALUE;}
++#line 182 "lexer.l"
++{return TK_VERSION;}
+ 	YY_BREAK
+ case 106:
+ YY_RULE_SETUP
+-#line 186 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 184 "lexer.l"
++{return TK_TRUE_VALUE;}
++	YY_BREAK
++case 107:
++YY_RULE_SETUP
++#line 185 "lexer.l"
++{return TK_FALSE_VALUE;}
++	YY_BREAK
++case 108:
++YY_RULE_SETUP
++#line 188 "lexer.l"
+ {
+     /* Ignore whitespace. */
+     ;
+ }
+ 	YY_BREAK
+-case 107:
++case 109:
+ YY_RULE_SETUP
+-#line 191 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 193 "lexer.l"
+ {
+     /*
+      * Maintain the parenthesis depth so that we don't enter the 'code' state
+@@ -2401,9 +2437,9 @@ YY_RULE_SETUP
+     return '(';
+ }
+ 	YY_BREAK
+-case 108:
++case 110:
+ YY_RULE_SETUP
+-#line 203 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 205 "lexer.l"
+ {
+     /* Maintain the parenthesis depth. */
+     --parenDepth;
+@@ -2413,10 +2449,10 @@ YY_RULE_SETUP
+     return ')';
+ }
+ 	YY_BREAK
+-case 109:
+-/* rule 109 can match eol */
++case 111:
++/* rule 111 can match eol */
+ YY_RULE_SETUP
+-#line 212 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 214 "lexer.l"
+ {
+     /* Maintain the line number. */
+     ++inputFileStack[currentFile].sloc.linenr;
+@@ -2427,63 +2463,63 @@ YY_RULE_SETUP
+     }
+ }
+ 	YY_BREAK
+-case 110:
++case 112:
+ YY_RULE_SETUP
+-#line 222 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 224 "lexer.l"
+ {
+     /* Ignore C++ style comments. */
+     ;
+ }
+ 	YY_BREAK
+-case 111:
++case 113:
+ YY_RULE_SETUP
+-#line 228 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 230 "lexer.l"
+ {
+     /* A signed decimal number. */
+     yylval.number = strtol(yytext,NULL,0);
+     return TK_NUMBER_VALUE;
+ }
+ 	YY_BREAK
+-case 112:
++case 114:
+ YY_RULE_SETUP
+-#line 235 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 237 "lexer.l"
+ {
+     /* A floating point number. */
+     yylval.real = strtod(yytext,NULL);
+     return TK_REAL_VALUE;
+ }
+ 	YY_BREAK
+-case 113:
++case 115:
+ YY_RULE_SETUP
+-#line 242 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 244 "lexer.l"
+ {
+     /* An unsigned hexadecimal number. */
+     yylval.number = strtol(yytext,NULL,16);
+     return TK_NUMBER_VALUE;
+ }
+ 	YY_BREAK
+-case 114:
++case 116:
+ YY_RULE_SETUP
+-#line 249 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 251 "lexer.l"
+ {
+     /* An identifier name. */
+     yylval.text = sipStrdup(yytext);
+     return TK_NAME_VALUE;
+ }
+ 	YY_BREAK
+-case 115:
++case 117:
+ YY_RULE_SETUP
+-#line 256 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 258 "lexer.l"
+ {
+     /* A relative pathname. */
+     yylval.text = sipStrdup(yytext);
+     return TK_PATH_VALUE;
+ }
+ 	YY_BREAK
+-case 116:
+-/* rule 116 can match eol */
++case 118:
++/* rule 118 can match eol */
+ YY_RULE_SETUP
+-#line 263 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 265 "lexer.l"
+ {
+     /* A double-quoted string. */
+     char ch, *dp, *sp;
+@@ -2519,10 +2555,10 @@ YY_RULE_SETUP
+     return TK_STRING_VALUE;
+ }
+ 	YY_BREAK
+-case 117:
+-/* rule 117 can match eol */
++case 119:
++/* rule 119 can match eol */
+ YY_RULE_SETUP
+-#line 299 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 301 "lexer.l"
+ {
+     /* A single-quoted character. */
+     if (strlen(yytext) != 3)
+@@ -2533,84 +2569,84 @@ YY_RULE_SETUP
+     return TK_QCHAR_VALUE;
+ }
+ 	YY_BREAK
+-case 118:
++case 120:
+ YY_RULE_SETUP
+-#line 310 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 312 "lexer.l"
+ {
+     /* Ignore C-style comments. */
+     yy_push_state(ccomment);
+ }
+ 	YY_BREAK
+-case 119:
+-/* rule 119 can match eol */
++case 121:
++/* rule 121 can match eol */
+ YY_RULE_SETUP
+-#line 314 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 316 "lexer.l"
+ {
+     ++inputFileStack[currentFile].sloc.linenr;
+ }
+ 	YY_BREAK
+-case 120:
++case 122:
+ YY_RULE_SETUP
+-#line 317 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 319 "lexer.l"
+ {
+     yy_pop_state();
+ }
+ 	YY_BREAK
+-case 121:
++case 123:
+ YY_RULE_SETUP
+-#line 320 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 322 "lexer.l"
+ {
+     ;
+ }
+ 	YY_BREAK
+-case 122:
++case 124:
+ YY_RULE_SETUP
+-#line 325 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 327 "lexer.l"
+ {
+     /* The software license. */
+     codeIdx = 0;
+     return TK_COPYING;
+ }
+ 	YY_BREAK
+-case 123:
++case 125:
+ YY_RULE_SETUP
+-#line 331 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 333 "lexer.l"
+ {
+     /* The start of a from-type code block. */
+     codeIdx = 0;
+     return TK_FROMTYPE;
+ }
+ 	YY_BREAK
+-case 124:
++case 126:
+ YY_RULE_SETUP
+-#line 337 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 339 "lexer.l"
+ {
+     /* The start of a to-type code block. */
+     codeIdx = 0;
+     return TK_TOTYPE;
+ }
+ 	YY_BREAK
+-case 125:
++case 127:
+ YY_RULE_SETUP
+-#line 343 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 345 "lexer.l"
+ {
+     /* The start of a to-sub-class code block. */
+     codeIdx = 0;
+     return TK_TOSUBCLASS;
+ }
+ 	YY_BREAK
+-case 126:
++case 128:
+ YY_RULE_SETUP
+-#line 349 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 351 "lexer.l"
+ {
+     /* The start of an exported header code block. */
+     codeIdx = 0;
+     return TK_EXPHEADERCODE;
+ }
+ 	YY_BREAK
+-case 127:
++case 129:
+ YY_RULE_SETUP
+-#line 355 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 357 "lexer.l"
+ {
+     /* The start of part of an extract. */
+     codeIdx = 0;
+@@ -2620,225 +2656,225 @@ YY_RULE_SETUP
+     return TK_EXTRACT;
+ }
+ 	YY_BREAK
+-case 128:
++case 130:
+ YY_RULE_SETUP
+-#line 364 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 366 "lexer.l"
+ {
+     /* The start of a module header code block. */
+     codeIdx = 0;
+     return TK_MODHEADERCODE;
+ }
+ 	YY_BREAK
+-case 129:
++case 131:
+ YY_RULE_SETUP
+-#line 370 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 372 "lexer.l"
+ {
+     /* The start of a type header code block. */
+     codeIdx = 0;
+     return TK_TYPEHEADERCODE;
+ }
+ 	YY_BREAK
+-case 130:
++case 132:
+ YY_RULE_SETUP
+-#line 376 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 378 "lexer.l"
+ {
+     /* The start of a pre-initialisation code block. */
+     codeIdx = 0;
+     return TK_PREINITCODE;
+ }
+ 	YY_BREAK
+-case 131:
++case 133:
+ YY_RULE_SETUP
+-#line 382 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 384 "lexer.l"
+ {
+     /* The start of an initialisation code block. */
+     codeIdx = 0;
+     return TK_INITCODE;
+ }
+ 	YY_BREAK
+-case 132:
++case 134:
+ YY_RULE_SETUP
+-#line 388 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 390 "lexer.l"
+ {
+     /* The start of a post-initialisation code block. */
+     codeIdx = 0;
+     return TK_POSTINITCODE;
+ }
+ 	YY_BREAK
+-case 133:
++case 135:
+ YY_RULE_SETUP
+-#line 394 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 396 "lexer.l"
+ {
+     /* The start of a class finalisation code block. */
+     codeIdx = 0;
+     return TK_FINALCODE;
+ }
+ 	YY_BREAK
+-case 134:
++case 136:
+ YY_RULE_SETUP
+-#line 400 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 402 "lexer.l"
+ {
+     /* The start of a unit code block. */
+     codeIdx = 0;
+     return TK_UNITCODE;
+ }
+ 	YY_BREAK
+-case 135:
++case 137:
+ YY_RULE_SETUP
+-#line 406 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 408 "lexer.l"
+ {
+     /* The start of a unit post-include code block. */
+     codeIdx = 0;
+     return TK_UNITPOSTINCLUDECODE;
+ }
+ 	YY_BREAK
+-case 136:
++case 138:
+ YY_RULE_SETUP
+-#line 412 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 414 "lexer.l"
+ {
+     /* The start of a module code block. */
+     codeIdx = 0;
+     return TK_MODCODE;
+ }
+ 	YY_BREAK
+-case 137:
++case 139:
+ YY_RULE_SETUP
+-#line 418 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 420 "lexer.l"
+ {
+     /* The start of a type code block. */
+     codeIdx = 0;
+     return TK_TYPECODE;
+ }
+ 	YY_BREAK
+-case 138:
++case 140:
+ YY_RULE_SETUP
+-#line 424 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 426 "lexer.l"
+ {
+     /* The start of a C++ method code block. */
+     codeIdx = 0;
+     return TK_METHODCODE;
+ }
+ 	YY_BREAK
+-case 139:
++case 141:
+ YY_RULE_SETUP
+-#line 430 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 432 "lexer.l"
+ {
+     /* The start of a C++ code block to insert before the MethodCode. */
+     codeIdx = 0;
+     return TK_PREMETHODCODE;
+ }
+ 	YY_BREAK
+-case 140:
++case 142:
+ YY_RULE_SETUP
+-#line 436 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 438 "lexer.l"
+ {
+     /* The start of a C++ virtual call code block. */
+     codeIdx = 0;
+     return TK_VIRTUALCALLCODE;
+ }
+ 	YY_BREAK
+-case 141:
++case 143:
+ YY_RULE_SETUP
+-#line 442 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 444 "lexer.l"
+ {
+     /* The start of a C++ virtual code block. */
+     codeIdx = 0;
+     return TK_VIRTUALCATCHERCODE;
+ }
+ 	YY_BREAK
+-case 142:
++case 144:
+ YY_RULE_SETUP
+-#line 448 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 450 "lexer.l"
+ {
+     /* The start of a traverse code block. */
+     codeIdx = 0;
+     return TK_TRAVERSECODE;
+ }
+ 	YY_BREAK
+-case 143:
++case 145:
+ YY_RULE_SETUP
+-#line 454 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 456 "lexer.l"
+ {
+     /* The start of a clear code block. */
+     codeIdx = 0;
+     return TK_CLEARCODE;
+ }
+ 	YY_BREAK
+-case 144:
++case 146:
+ YY_RULE_SETUP
+-#line 460 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 462 "lexer.l"
+ {
+     /* The start of a get buffer code block. */
+     codeIdx = 0;
+     return TK_GETBUFFERCODE;
+ }
+ 	YY_BREAK
+-case 145:
++case 147:
+ YY_RULE_SETUP
+-#line 466 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 468 "lexer.l"
+ {
+     /* The start of a release buffer code block. */
+     codeIdx = 0;
+     return TK_RELEASEBUFFERCODE;
+ }
+ 	YY_BREAK
+-case 146:
++case 148:
+ YY_RULE_SETUP
+-#line 472 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 474 "lexer.l"
+ {
+     /* The start of a read buffer code block. */
+     codeIdx = 0;
+     return TK_READBUFFERCODE;
+ }
+ 	YY_BREAK
+-case 147:
++case 149:
+ YY_RULE_SETUP
+-#line 478 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 480 "lexer.l"
+ {
+     /* The start of a write buffer code block. */
+     codeIdx = 0;
+     return TK_WRITEBUFFERCODE;
+ }
+ 	YY_BREAK
+-case 148:
++case 150:
+ YY_RULE_SETUP
+-#line 484 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 486 "lexer.l"
+ {
+     /* The start of a segment count code block. */
+     codeIdx = 0;
+     return TK_SEGCOUNTCODE;
+ }
+ 	YY_BREAK
+-case 149:
++case 151:
+ YY_RULE_SETUP
+-#line 490 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 492 "lexer.l"
+ {
+     /* The start of a char buffer code block. */
+     codeIdx = 0;
+     return TK_CHARBUFFERCODE;
+ }
+ 	YY_BREAK
+-case 150:
++case 152:
+ YY_RULE_SETUP
+-#line 496 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 498 "lexer.l"
+ {
+     /* The start of a create instance code block. */
+     codeIdx = 0;
+     return TK_INSTANCECODE;
+ }
+ 	YY_BREAK
+-case 151:
++case 153:
+ YY_RULE_SETUP
+-#line 502 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 504 "lexer.l"
+ {
+     /* The start of a pickle code block. */
+     codeIdx = 0;
+     return TK_PICKLECODE;
+ }
+ 	YY_BREAK
+-case 152:
++case 154:
+ YY_RULE_SETUP
+-#line 508 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 510 "lexer.l"
+ {
+     /* The start of a pre-Python code block. */
+     deprecated("%PrePythonCode is deprecated");
+@@ -2847,36 +2883,36 @@ YY_RULE_SETUP
+     return TK_PREPYCODE;
+ }
+ 	YY_BREAK
+-case 153:
++case 155:
+ YY_RULE_SETUP
+-#line 516 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 518 "lexer.l"
+ {
+     /* The start of a raise Python exception code block. */
+     codeIdx = 0;
+     return TK_RAISECODE;
+ }
+ 	YY_BREAK
+-case 154:
++case 156:
+ YY_RULE_SETUP
+-#line 522 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 524 "lexer.l"
+ {
+     /* The start of an exported type hint code block. */
+     codeIdx = 0;
+     return TK_EXPTYPEHINTCODE;
+ }
+ 	YY_BREAK
+-case 155:
++case 157:
+ YY_RULE_SETUP
+-#line 528 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 530 "lexer.l"
+ {
+     /* The start of a type hint code block. */
+     codeIdx = 0;
+     return TK_TYPEHINTCODE;
+ }
+ 	YY_BREAK
+-case 156:
++case 158:
+ YY_RULE_SETUP
+-#line 534 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 536 "lexer.l"
+ {
+     /* The start of a docstring block. */
+     codeIdx = 0;
+@@ -2886,9 +2922,9 @@ YY_RULE_SETUP
+     return TK_DOCSTRING;
+ }
+ 	YY_BREAK
+-case 157:
++case 159:
+ YY_RULE_SETUP
+-#line 543 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 545 "lexer.l"
+ {
+     /* The start of a documentation block. */
+     deprecated("%Doc is deprecated, use %Extract instead");
+@@ -2897,9 +2933,9 @@ YY_RULE_SETUP
+     return TK_DOC;
+ }
+ 	YY_BREAK
+-case 158:
++case 160:
+ YY_RULE_SETUP
+-#line 551 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 553 "lexer.l"
+ {
+     /* The start of an exported documentation block. */
+     deprecated("%ExportedDoc is deprecated, use %Extract instead");
+@@ -2908,9 +2944,9 @@ YY_RULE_SETUP
+     return TK_EXPORTEDDOC;
+ }
+ 	YY_BREAK
+-case 159:
++case 161:
+ YY_RULE_SETUP
+-#line 559 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 561 "lexer.l"
+ {
+     /* The start of a Makefile code block. */
+     deprecated("%Makefile is deprecated");
+@@ -2919,36 +2955,36 @@ YY_RULE_SETUP
+     return TK_MAKEFILE;
+ }
+ 	YY_BREAK
+-case 160:
++case 162:
+ YY_RULE_SETUP
+-#line 567 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 569 "lexer.l"
+ {
+     /* The start of an access code block. */
+     codeIdx = 0;
+     return TK_ACCESSCODE;
+ }
+ 	YY_BREAK
+-case 161:
++case 163:
+ YY_RULE_SETUP
+-#line 573 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 575 "lexer.l"
+ {
+     /* The start of a get code block. */
+     codeIdx = 0;
+     return TK_GETCODE;
+ }
+ 	YY_BREAK
+-case 162:
++case 164:
+ YY_RULE_SETUP
+-#line 579 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 581 "lexer.l"
+ {
+     /* The start of a set code block. */
+     codeIdx = 0;
+     return TK_SETCODE;
+ }
+ 	YY_BREAK
+-case 163:
++case 165:
+ YY_RULE_SETUP
+-#line 585 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 587 "lexer.l"
+ {
+     /* The start of part of a virtual error handler. */
+     codeIdx = 0;
+@@ -2958,9 +2994,9 @@ YY_RULE_SETUP
+     return TK_VIRTERRORHANDLER;
+ }
+ 	YY_BREAK
+-case 164:
++case 166:
+ YY_RULE_SETUP
+-#line 594 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 596 "lexer.l"
+ {
+     /* The end of a code block. */
+     BEGIN INITIAL;
+@@ -2968,10 +3004,10 @@ YY_RULE_SETUP
+     return TK_END;
+ }
+ 	YY_BREAK
+-case 165:
+-/* rule 165 can match eol */
++case 167:
++/* rule 167 can match eol */
+ YY_RULE_SETUP
+-#line 601 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 603 "lexer.l"
+ {
+     /* The end of a code line . */
+     struct inputFile *ifp;
+@@ -2991,9 +3027,9 @@ YY_RULE_SETUP
+     return TK_CODELINE;
+ }
+ 	YY_BREAK
+-case 166:
++case 168:
+ YY_RULE_SETUP
+-#line 620 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 622 "lexer.l"
+ {
+     /* The contents of a code line. */
+     if (codeIdx == MAX_CODE_LINE_LENGTH)
+@@ -3002,20 +3038,20 @@ YY_RULE_SETUP
+     codeLine[codeIdx++] = yytext[0];
+ }
+ 	YY_BREAK
+-case 167:
++case 169:
+ YY_RULE_SETUP
+-#line 628 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 630 "lexer.l"
+ {
+     /* Anything else is returned as is. */
+     return yytext[0];
+ }
+ 	YY_BREAK
+-case 168:
++case 170:
+ YY_RULE_SETUP
+-#line 633 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 635 "lexer.l"
+ ECHO;
+ 	YY_BREAK
+-#line 3019 "sip-4.19.23/sipgen/lexer.c"
++#line 3055 "../lexer.c"
+ case YY_STATE_EOF(INITIAL):
+ case YY_STATE_EOF(code):
+ case YY_STATE_EOF(ccomment):
+@@ -3097,7 +3133,7 @@ case YY_STATE_EOF(directive_start):
+ 				{
+ 				(yy_did_buffer_switch_on_eof) = 0;
+ 
+-				if ( yywrap( ) )
++				if ( yywrap(  ) )
+ 					{
+ 					/* Note: because we've taken care in
+ 					 * yy_get_next_buffer() to have set up
+@@ -3150,6 +3186,7 @@ case YY_STATE_EOF(directive_start):
+ 			"fatal flex scanner internal error--no action found" );
+ 	} /* end of action switch */
+ 		} /* end of scanning one token */
++	} /* end of user's declarations */
+ } /* end of yylex */
+ 
+ /* yy_get_next_buffer - try to read in a new buffer
+@@ -3161,9 +3198,9 @@ case YY_STATE_EOF(directive_start):
+  */
+ static int yy_get_next_buffer (void)
+ {
+-    	register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
+-	register char *source = (yytext_ptr);
+-	register int number_to_move, i;
++    	char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
++	char *source = (yytext_ptr);
++	int number_to_move, i;
+ 	int ret_val;
+ 
+ 	if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
+@@ -3192,7 +3229,7 @@ static int yy_get_next_buffer (void)
+ 	/* Try to read more data. */
+ 
+ 	/* First move last chars to start of buffer. */
+-	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
++	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr) - 1);
+ 
+ 	for ( i = 0; i < number_to_move; ++i )
+ 		*(dest++) = *(source++);
+@@ -3205,21 +3242,21 @@ static int yy_get_next_buffer (void)
+ 
+ 	else
+ 		{
+-			yy_size_t num_to_read =
++			int num_to_read =
+ 			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+ 
+ 		while ( num_to_read <= 0 )
+ 			{ /* Not enough room in the buffer - grow it. */
+ 
+ 			/* just a shorter name for the current buffer */
+-			YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
++			YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE;
+ 
+ 			int yy_c_buf_p_offset =
+ 				(int) ((yy_c_buf_p) - b->yy_ch_buf);
+ 
+ 			if ( b->yy_is_our_buffer )
+ 				{
+-				yy_size_t new_size = b->yy_buf_size * 2;
++				int new_size = b->yy_buf_size * 2;
+ 
+ 				if ( new_size <= 0 )
+ 					b->yy_buf_size += b->yy_buf_size / 8;
+@@ -3228,11 +3265,12 @@ static int yy_get_next_buffer (void)
+ 
+ 				b->yy_ch_buf = (char *)
+ 					/* Include room in for 2 EOB chars. */
+-					yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2  );
++					yyrealloc( (void *) b->yy_ch_buf,
++							 (yy_size_t) (b->yy_buf_size + 2)  );
+ 				}
+ 			else
+ 				/* Can't grow it, we don't own it. */
+-				b->yy_ch_buf = 0;
++				b->yy_ch_buf = NULL;
+ 
+ 			if ( ! b->yy_ch_buf )
+ 				YY_FATAL_ERROR(
+@@ -3260,7 +3298,7 @@ static int yy_get_next_buffer (void)
+ 		if ( number_to_move == YY_MORE_ADJ )
+ 			{
+ 			ret_val = EOB_ACT_END_OF_FILE;
+-			yyrestart(yyin  );
++			yyrestart( yyin  );
+ 			}
+ 
+ 		else
+@@ -3274,12 +3312,15 @@ static int yy_get_next_buffer (void)
+ 	else
+ 		ret_val = EOB_ACT_CONTINUE_SCAN;
+ 
+-	if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
++	if (((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
+ 		/* Extend the array by 50%, plus the number we really need. */
+-		yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1);
+-		YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size  );
++		int new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1);
++		YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc(
++			(void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf, (yy_size_t) new_size  );
+ 		if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
+ 			YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" );
++		/* "- 2" to take care of EOB's */
++		YY_CURRENT_BUFFER_LVALUE->yy_buf_size = (int) (new_size - 2);
+ 	}
+ 
+ 	(yy_n_chars) += number_to_move;
+@@ -3295,15 +3336,15 @@ static int yy_get_next_buffer (void)
+ 
+     static yy_state_type yy_get_previous_state (void)
+ {
+-	register yy_state_type yy_current_state;
+-	register char *yy_cp;
++	yy_state_type yy_current_state;
++	char *yy_cp;
+     
+ 	yy_current_state = (yy_start);
+ 	yy_current_state += YY_AT_BOL();
+ 
+ 	for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
+ 		{
+-		register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
++		YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+ 		if ( yy_accept[yy_current_state] )
+ 			{
+ 			(yy_last_accepting_state) = yy_current_state;
+@@ -3312,10 +3353,10 @@ static int yy_get_next_buffer (void)
+ 		while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ 			{
+ 			yy_current_state = (int) yy_def[yy_current_state];
+-			if ( yy_current_state >= 1235 )
+-				yy_c = yy_meta[(unsigned int) yy_c];
++			if ( yy_current_state >= 1261 )
++				yy_c = yy_meta[yy_c];
+ 			}
+-		yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
++		yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
+ 		}
+ 
+ 	return yy_current_state;
+@@ -3328,10 +3369,10 @@ static int yy_get_next_buffer (void)
+  */
+     static yy_state_type yy_try_NUL_trans  (yy_state_type yy_current_state )
+ {
+-	register int yy_is_jam;
+-    	register char *yy_cp = (yy_c_buf_p);
++	int yy_is_jam;
++    	char *yy_cp = (yy_c_buf_p);
+ 
+-	register YY_CHAR yy_c = 1;
++	YY_CHAR yy_c = 1;
+ 	if ( yy_accept[yy_current_state] )
+ 		{
+ 		(yy_last_accepting_state) = yy_current_state;
+@@ -3340,18 +3381,20 @@ static int yy_get_next_buffer (void)
+ 	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ 		{
+ 		yy_current_state = (int) yy_def[yy_current_state];
+-		if ( yy_current_state >= 1235 )
+-			yy_c = yy_meta[(unsigned int) yy_c];
++		if ( yy_current_state >= 1261 )
++			yy_c = yy_meta[yy_c];
+ 		}
+-	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+-	yy_is_jam = (yy_current_state == 1234);
++	yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
++	yy_is_jam = (yy_current_state == 1260);
+ 
+-	return yy_is_jam ? 0 : yy_current_state;
++		return yy_is_jam ? 0 : yy_current_state;
+ }
+ 
+-    static void yyunput (int c, register char * yy_bp )
++#ifndef YY_NO_UNPUT
++
++    static void yyunput (int c, char * yy_bp )
+ {
+-	register char *yy_cp;
++	char *yy_cp;
+     
+     yy_cp = (yy_c_buf_p);
+ 
+@@ -3361,10 +3404,10 @@ static int yy_get_next_buffer (void)
+ 	if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ 		{ /* need to shift things up to make room */
+ 		/* +2 for EOB chars. */
+-		register yy_size_t number_to_move = (yy_n_chars) + 2;
+-		register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
++		int number_to_move = (yy_n_chars) + 2;
++		char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
+ 					YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
+-		register char *source =
++		char *source =
+ 				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
+ 
+ 		while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
+@@ -3373,7 +3416,7 @@ static int yy_get_next_buffer (void)
+ 		yy_cp += (int) (dest - source);
+ 		yy_bp += (int) (dest - source);
+ 		YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
+-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
++			(yy_n_chars) = (int) YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
+ 
+ 		if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ 			YY_FATAL_ERROR( "flex scanner push-back overflow" );
+@@ -3386,6 +3429,8 @@ static int yy_get_next_buffer (void)
+ 	(yy_c_buf_p) = yy_cp;
+ }
+ 
++#endif
++
+ #ifndef YY_NO_INPUT
+ #ifdef __cplusplus
+     static int yyinput (void)
+@@ -3410,7 +3455,7 @@ static int yy_get_next_buffer (void)
+ 
+ 		else
+ 			{ /* need more input */
+-			yy_size_t offset = (yy_c_buf_p) - (yytext_ptr);
++			int offset = (int) ((yy_c_buf_p) - (yytext_ptr));
+ 			++(yy_c_buf_p);
+ 
+ 			switch ( yy_get_next_buffer(  ) )
+@@ -3427,13 +3472,13 @@ static int yy_get_next_buffer (void)
+ 					 */
+ 
+ 					/* Reset buffer status. */
+-					yyrestart(yyin );
++					yyrestart( yyin );
+ 
+ 					/*FALLTHROUGH*/
+ 
+ 				case EOB_ACT_END_OF_FILE:
+ 					{
+-					if ( yywrap( ) )
++					if ( yywrap(  ) )
+ 						return 0;
+ 
+ 					if ( ! (yy_did_buffer_switch_on_eof) )
+@@ -3473,11 +3518,11 @@ static int yy_get_next_buffer (void)
+ 	if ( ! YY_CURRENT_BUFFER ){
+         yyensure_buffer_stack ();
+ 		YY_CURRENT_BUFFER_LVALUE =
+-            yy_create_buffer(yyin,YY_BUF_SIZE );
++            yy_create_buffer( yyin, YY_BUF_SIZE );
+ 	}
+ 
+-	yy_init_buffer(YY_CURRENT_BUFFER,input_file );
+-	yy_load_buffer_state( );
++	yy_init_buffer( YY_CURRENT_BUFFER, input_file );
++	yy_load_buffer_state(  );
+ }
+ 
+ /** Switch to a different input buffer.
+@@ -3505,7 +3550,7 @@ static int yy_get_next_buffer (void)
+ 		}
+ 
+ 	YY_CURRENT_BUFFER_LVALUE = new_buffer;
+-	yy_load_buffer_state( );
++	yy_load_buffer_state(  );
+ 
+ 	/* We don't actually know whether we did this switch during
+ 	 * EOF (yywrap()) processing, but the only time this flag
+@@ -3533,7 +3578,7 @@ static void yy_load_buffer_state  (void)
+ {
+ 	YY_BUFFER_STATE b;
+     
+-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
++	b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state )  );
+ 	if ( ! b )
+ 		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+ 
+@@ -3542,13 +3587,13 @@ static void yy_load_buffer_state  (void)
+ 	/* yy_ch_buf has to be 2 characters longer than the size given because
+ 	 * we need to put in 2 end-of-buffer characters.
+ 	 */
+-	b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2  );
++	b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2)  );
+ 	if ( ! b->yy_ch_buf )
+ 		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+ 
+ 	b->yy_is_our_buffer = 1;
+ 
+-	yy_init_buffer(b,file );
++	yy_init_buffer( b, file );
+ 
+ 	return b;
+ }
+@@ -3567,15 +3612,11 @@ static void yy_load_buffer_state  (void)
+ 		YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
+ 
+ 	if ( b->yy_is_our_buffer )
+-		yyfree((void *) b->yy_ch_buf  );
++		yyfree( (void *) b->yy_ch_buf  );
+ 
+-	yyfree((void *) b  );
++	yyfree( (void *) b  );
+ }
+ 
+-#ifndef __cplusplus
+-extern int isatty (int );
+-#endif /* __cplusplus */
+-    
+ /* Initializes or reinitializes a buffer.
+  * This function is sometimes called more than once on the same buffer,
+  * such as during a yyrestart() or at EOF.
+@@ -3585,7 +3626,7 @@ extern int isatty (int );
+ {
+ 	int oerrno = errno;
+     
+-	yy_flush_buffer(b );
++	yy_flush_buffer( b );
+ 
+ 	b->yy_input_file = file;
+ 	b->yy_fill_buffer = 1;
+@@ -3628,7 +3669,7 @@ extern int isatty (int );
+ 	b->yy_buffer_status = YY_BUFFER_NEW;
+ 
+ 	if ( b == YY_CURRENT_BUFFER )
+-		yy_load_buffer_state( );
++		yy_load_buffer_state(  );
+ }
+ 
+ /** Pushes the new state onto the stack. The new state becomes
+@@ -3659,7 +3700,7 @@ void yypush_buffer_state (YY_BUFFER_STAT
+ 	YY_CURRENT_BUFFER_LVALUE = new_buffer;
+ 
+ 	/* copied from yy_switch_to_buffer. */
+-	yy_load_buffer_state( );
++	yy_load_buffer_state(  );
+ 	(yy_did_buffer_switch_on_eof) = 1;
+ }
+ 
+@@ -3678,7 +3719,7 @@ void yypop_buffer_state (void)
+ 		--(yy_buffer_stack_top);
+ 
+ 	if (YY_CURRENT_BUFFER) {
+-		yy_load_buffer_state( );
++		yy_load_buffer_state(  );
+ 		(yy_did_buffer_switch_on_eof) = 1;
+ 	}
+ }
+@@ -3696,15 +3737,15 @@ static void yyensure_buffer_stack (void)
+ 		 * scanner will even need a stack. We use 2 instead of 1 to avoid an
+ 		 * immediate realloc on the next call.
+          */
+-		num_to_alloc = 1;
++      num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */
+ 		(yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
+ 								(num_to_alloc * sizeof(struct yy_buffer_state*)
+ 								);
+ 		if ( ! (yy_buffer_stack) )
+ 			YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" );
+-								  
++
+ 		memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
+-				
++
+ 		(yy_buffer_stack_max) = num_to_alloc;
+ 		(yy_buffer_stack_top) = 0;
+ 		return;
+@@ -3713,7 +3754,7 @@ static void yyensure_buffer_stack (void)
+ 	if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
+ 
+ 		/* Increase the buffer to prepare for a possible push. */
+-		int grow_size = 8 /* arbitrary grow size */;
++		yy_size_t grow_size = 8 /* arbitrary grow size */;
+ 
+ 		num_to_alloc = (yy_buffer_stack_max) + grow_size;
+ 		(yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
+@@ -3733,7 +3774,7 @@ static void yyensure_buffer_stack (void)
+  * @param base the character buffer
+  * @param size the size in bytes of the character buffer
+  * 
+- * @return the newly allocated buffer state object. 
++ * @return the newly allocated buffer state object.
+  */
+ YY_BUFFER_STATE yy_scan_buffer  (char * base, yy_size_t  size )
+ {
+@@ -3743,23 +3784,23 @@ YY_BUFFER_STATE yy_scan_buffer  (char *
+ 	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
+ 	     base[size-1] != YY_END_OF_BUFFER_CHAR )
+ 		/* They forgot to leave room for the EOB's. */
+-		return 0;
++		return NULL;
+ 
+-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
++	b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state )  );
+ 	if ( ! b )
+ 		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
+ 
+-	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
++	b->yy_buf_size = (int) (size - 2);	/* "- 2" to take care of EOB's */
+ 	b->yy_buf_pos = b->yy_ch_buf = base;
+ 	b->yy_is_our_buffer = 0;
+-	b->yy_input_file = 0;
++	b->yy_input_file = NULL;
+ 	b->yy_n_chars = b->yy_buf_size;
+ 	b->yy_is_interactive = 0;
+ 	b->yy_at_bol = 1;
+ 	b->yy_fill_buffer = 0;
+ 	b->yy_buffer_status = YY_BUFFER_NEW;
+ 
+-	yy_switch_to_buffer(b  );
++	yy_switch_to_buffer( b  );
+ 
+ 	return b;
+ }
+@@ -3772,28 +3813,29 @@ YY_BUFFER_STATE yy_scan_buffer  (char *
+  * @note If you want to scan bytes that may contain NUL values, then use
+  *       yy_scan_bytes() instead.
+  */
+-YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
++YY_BUFFER_STATE yy_scan_string (const char * yystr )
+ {
+     
+-	return yy_scan_bytes(yystr,strlen(yystr) );
++	return yy_scan_bytes( yystr, (int) strlen(yystr) );
+ }
+ 
+ /** Setup the input buffer state to scan the given bytes. The next call to yylex() will
+  * scan from a @e copy of @a bytes.
+- * @param bytes the byte buffer to scan
+- * @param len the number of bytes in the buffer pointed to by @a bytes.
++ * @param yybytes the byte buffer to scan
++ * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes.
+  * 
+  * @return the newly allocated buffer state object.
+  */
+-YY_BUFFER_STATE yy_scan_bytes  (yyconst char * yybytes, yy_size_t  _yybytes_len )
++YY_BUFFER_STATE yy_scan_bytes  (const char * yybytes, int  _yybytes_len )
+ {
+ 	YY_BUFFER_STATE b;
+ 	char *buf;
+-	yy_size_t n, i;
++	yy_size_t n;
++	int i;
+     
+ 	/* Get memory for full buffer, including space for trailing EOB's. */
+-	n = _yybytes_len + 2;
+-	buf = (char *) yyalloc(n  );
++	n = (yy_size_t) (_yybytes_len + 2);
++	buf = (char *) yyalloc( n  );
+ 	if ( ! buf )
+ 		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
+ 
+@@ -3802,7 +3844,7 @@ YY_BUFFER_STATE yy_scan_bytes  (yyconst
+ 
+ 	buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
+ 
+-	b = yy_scan_buffer(buf,n );
++	b = yy_scan_buffer( buf, n );
+ 	if ( ! b )
+ 		YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
+ 
+@@ -3814,20 +3856,21 @@ YY_BUFFER_STATE yy_scan_bytes  (yyconst
+ 	return b;
+ }
+ 
+-    static void yy_push_state (int  new_state )
++    static void yy_push_state (int  _new_state )
+ {
+     	if ( (yy_start_stack_ptr) >= (yy_start_stack_depth) )
+ 		{
+ 		yy_size_t new_size;
+ 
+ 		(yy_start_stack_depth) += YY_START_STACK_INCR;
+-		new_size = (yy_start_stack_depth) * sizeof( int );
++		new_size = (yy_size_t) (yy_start_stack_depth) * sizeof( int );
+ 
+ 		if ( ! (yy_start_stack) )
+-			(yy_start_stack) = (int *) yyalloc(new_size  );
++			(yy_start_stack) = (int *) yyalloc( new_size  );
+ 
+ 		else
+-			(yy_start_stack) = (int *) yyrealloc((void *) (yy_start_stack),new_size  );
++			(yy_start_stack) = (int *) yyrealloc(
++					(void *) (yy_start_stack), new_size  );
+ 
+ 		if ( ! (yy_start_stack) )
+ 			YY_FATAL_ERROR( "out of memory expanding start-condition stack" );
+@@ -3835,7 +3878,7 @@ YY_BUFFER_STATE yy_scan_bytes  (yyconst
+ 
+ 	(yy_start_stack)[(yy_start_stack_ptr)++] = YY_START;
+ 
+-	BEGIN(new_state);
++	BEGIN(_new_state);
+ }
+ 
+     static void yy_pop_state  (void)
+@@ -3855,9 +3898,9 @@ YY_BUFFER_STATE yy_scan_bytes  (yyconst
+ #define YY_EXIT_FAILURE 2
+ #endif
+ 
+-static void yy_fatal_error (yyconst char* msg )
++static void yynoreturn yy_fatal_error (const char* msg )
+ {
+-    	(void) fprintf( stderr, "%s\n", msg );
++			fprintf( stderr, "%s\n", msg );
+ 	exit( YY_EXIT_FAILURE );
+ }
+ 
+@@ -3885,7 +3928,7 @@ static void yy_fatal_error (yyconst char
+  */
+ int yyget_lineno  (void)
+ {
+-        
++    
+     return yylineno;
+ }
+ 
+@@ -3908,7 +3951,7 @@ FILE *yyget_out  (void)
+ /** Get the length of the current token.
+  * 
+  */
+-yy_size_t yyget_leng  (void)
++int yyget_leng  (void)
+ {
+         return yyleng;
+ }
+@@ -3923,29 +3966,29 @@ char *yyget_text  (void)
+ }
+ 
+ /** Set the current line number.
+- * @param line_number
++ * @param _line_number line number
+  * 
+  */
+-void yyset_lineno (int  line_number )
++void yyset_lineno (int  _line_number )
+ {
+     
+-    yylineno = line_number;
++    yylineno = _line_number;
+ }
+ 
+ /** Set the input stream. This does not discard the current
+  * input buffer.
+- * @param in_str A readable stream.
++ * @param _in_str A readable stream.
+  * 
+  * @see yy_switch_to_buffer
+  */
+-void yyset_in (FILE *  in_str )
++void yyset_in (FILE *  _in_str )
+ {
+-        yyin = in_str ;
++        yyin = _in_str ;
+ }
+ 
+-void yyset_out (FILE *  out_str )
++void yyset_out (FILE *  _out_str )
+ {
+-        yyout = out_str ;
++        yyout = _out_str ;
+ }
+ 
+ int yyget_debug  (void)
+@@ -3953,9 +3996,9 @@ int yyget_debug  (void)
+         return yy_flex_debug;
+ }
+ 
+-void yyset_debug (int  bdebug )
++void yyset_debug (int  _bdebug )
+ {
+-        yy_flex_debug = bdebug ;
++        yy_flex_debug = _bdebug ;
+ }
+ 
+ static int yy_init_globals (void)
+@@ -3964,10 +4007,10 @@ static int yy_init_globals (void)
+      * This function is called from yylex_destroy(), so don't allocate here.
+      */
+ 
+-    (yy_buffer_stack) = 0;
++    (yy_buffer_stack) = NULL;
+     (yy_buffer_stack_top) = 0;
+     (yy_buffer_stack_max) = 0;
+-    (yy_c_buf_p) = (char *) 0;
++    (yy_c_buf_p) = NULL;
+     (yy_init) = 0;
+     (yy_start) = 0;
+ 
+@@ -3980,8 +4023,8 @@ static int yy_init_globals (void)
+     yyin = stdin;
+     yyout = stdout;
+ #else
+-    yyin = (FILE *) 0;
+-    yyout = (FILE *) 0;
++    yyin = NULL;
++    yyout = NULL;
+ #endif
+ 
+     /* For future reference: Set errno on error, since we are called by
+@@ -3996,7 +4039,7 @@ int yylex_destroy  (void)
+     
+     /* Pop the buffer stack, destroying each element. */
+ 	while(YY_CURRENT_BUFFER){
+-		yy_delete_buffer(YY_CURRENT_BUFFER  );
++		yy_delete_buffer( YY_CURRENT_BUFFER  );
+ 		YY_CURRENT_BUFFER_LVALUE = NULL;
+ 		yypop_buffer_state();
+ 	}
+@@ -4006,7 +4049,7 @@ int yylex_destroy  (void)
+ 	(yy_buffer_stack) = NULL;
+ 
+     /* Destroy the start condition stack. */
+-        yyfree((yy_start_stack)  );
++        yyfree( (yy_start_stack)  );
+         (yy_start_stack) = NULL;
+ 
+     /* Reset the globals. This is important in a non-reentrant scanner so the next time
+@@ -4021,18 +4064,19 @@ int yylex_destroy  (void)
+  */
+ 
+ #ifndef yytext_ptr
+-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
++static void yy_flex_strncpy (char* s1, const char * s2, int n )
+ {
+-	register int i;
++		
++	int i;
+ 	for ( i = 0; i < n; ++i )
+ 		s1[i] = s2[i];
+ }
+ #endif
+ 
+ #ifdef YY_NEED_STRLEN
+-static int yy_flex_strlen (yyconst char * s )
++static int yy_flex_strlen (const char * s )
+ {
+-	register int n;
++	int n;
+ 	for ( n = 0; s[n]; ++n )
+ 		;
+ 
+@@ -4042,11 +4086,12 @@ static int yy_flex_strlen (yyconst char
+ 
+ void *yyalloc (yy_size_t  size )
+ {
+-	return (void *) malloc( size );
++			return malloc(size);
+ }
+ 
+ void *yyrealloc  (void * ptr, yy_size_t  size )
+ {
++		
+ 	/* The cast to (char *) in the following accommodates both
+ 	 * implementations that use char* generic pointers, and those
+ 	 * that use void* generic pointers.  It works with the latter
+@@ -4054,18 +4099,17 @@ void *yyrealloc  (void * ptr, yy_size_t
+ 	 * any pointer type to void*, and deal with argument conversions
+ 	 * as though doing an assignment.
+ 	 */
+-	return (void *) realloc( (char *) ptr, size );
++	return realloc(ptr, size);
+ }
+ 
+ void yyfree (void * ptr )
+ {
+-	free( (char *) ptr );	/* see yyrealloc() for (char *) cast */
++			free( (char *) ptr );	/* see yyrealloc() for (char *) cast */
+ }
+ 
+ #define YYTABLES_NAME "yytables"
+ 
+-#line 633 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-
++#line 635 "lexer.l"
+ 
+ 
+ /*
+Index: sip-4.19.23/sipgen/parser.c
+===================================================================
+--- sip-4.19.23.orig/sipgen/parser.c
++++ sip-4.19.23/sipgen/parser.c
+@@ -1,14 +1,14 @@
+-/* A Bison parser, made by GNU Bison 2.3.  */
++/* A Bison parser, made by GNU Bison 3.8.2.  */
+ 
+-/* Skeleton implementation for Bison's Yacc-like parsers in C
++/* Bison implementation for Yacc-like parsers in C
+ 
+-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+-   Free Software Foundation, Inc.
++   Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2021 Free Software Foundation,
++   Inc.
+ 
+-   This program is free software; you can redistribute it and/or modify
++   This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+-   the Free Software Foundation; either version 2, or (at your option)
+-   any later version.
++   the Free Software Foundation, either version 3 of the License, or
++   (at your option) any later version.
+ 
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+@@ -16,9 +16,7 @@
+    GNU General Public License for more details.
+ 
+    You should have received a copy of the GNU General Public License
+-   along with this program; if not, write to the Free Software
+-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
+-   Boston, MA 02110-1301, USA.  */
++   along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
+ 
+ /* As a special exception, you may create a larger work that contains
+    part or all of the Bison parser skeleton and distribute that work
+@@ -36,6 +34,10 @@
+ /* C LALR(1) parser skeleton written by Richard Stallman, by
+    simplifying the original so-called "semantic" parser.  */
+ 
++/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual,
++   especially those whose name start with YY_ or yy_.  They are
++   private implementation details that can be changed or removed.  */
++
+ /* All symbols defined below should begin with yy or YY, to avoid
+    infringing on user name space.  This should be done even for local
+    variables, as they might otherwise be expanded by user macros.
+@@ -43,11 +45,11 @@
+    define necessary library symbols; they are noted "INFRINGES ON
+    USER NAME SPACE" below.  */
+ 
+-/* Identify Bison output.  */
+-#define YYBISON 1
++/* Identify Bison output, and Bison version.  */
++#define YYBISON 30802
+ 
+-/* Bison version.  */
+-#define YYBISON_VERSION "2.3"
++/* Bison version string.  */
++#define YYBISON_VERSION "3.8.2"
+ 
+ /* Skeleton name.  */
+ #define YYSKELETON_NAME "yacc.c"
+@@ -55,324 +57,17 @@
+ /* Pure parsers.  */
+ #define YYPURE 0
+ 
+-/* Using locations.  */
+-#define YYLSP_NEEDED 0
+-
++/* Push parsers.  */
++#define YYPUSH 0
+ 
+-
+-/* Tokens.  */
+-#ifndef YYTOKENTYPE
+-# define YYTOKENTYPE
+-   /* Put the tokens into the symbol table, so that GDB and other debuggers
+-      know about them.  */
+-   enum yytokentype {
+-     TK_API = 258,
+-     TK_AUTOPYNAME = 259,
+-     TK_DEFDOCSTRFMT = 260,
+-     TK_DEFDOCSTRSIG = 261,
+-     TK_DEFENCODING = 262,
+-     TK_PLUGIN = 263,
+-     TK_VIRTERRORHANDLER = 264,
+-     TK_EXPTYPEHINTCODE = 265,
+-     TK_TYPEHINTCODE = 266,
+-     TK_DOCSTRING = 267,
+-     TK_DOC = 268,
+-     TK_EXPORTEDDOC = 269,
+-     TK_EXTRACT = 270,
+-     TK_MAKEFILE = 271,
+-     TK_ACCESSCODE = 272,
+-     TK_GETCODE = 273,
+-     TK_SETCODE = 274,
+-     TK_PREINITCODE = 275,
+-     TK_INITCODE = 276,
+-     TK_POSTINITCODE = 277,
+-     TK_FINALCODE = 278,
+-     TK_UNITCODE = 279,
+-     TK_UNITPOSTINCLUDECODE = 280,
+-     TK_MODCODE = 281,
+-     TK_TYPECODE = 282,
+-     TK_PREPYCODE = 283,
+-     TK_COPYING = 284,
+-     TK_MAPPEDTYPE = 285,
+-     TK_CODELINE = 286,
+-     TK_IF = 287,
+-     TK_END = 288,
+-     TK_NAME_VALUE = 289,
+-     TK_PATH_VALUE = 290,
+-     TK_STRING_VALUE = 291,
+-     TK_VIRTUALCATCHERCODE = 292,
+-     TK_TRAVERSECODE = 293,
+-     TK_CLEARCODE = 294,
+-     TK_GETBUFFERCODE = 295,
+-     TK_RELEASEBUFFERCODE = 296,
+-     TK_READBUFFERCODE = 297,
+-     TK_WRITEBUFFERCODE = 298,
+-     TK_SEGCOUNTCODE = 299,
+-     TK_CHARBUFFERCODE = 300,
+-     TK_PICKLECODE = 301,
+-     TK_VIRTUALCALLCODE = 302,
+-     TK_METHODCODE = 303,
+-     TK_PREMETHODCODE = 304,
+-     TK_INSTANCECODE = 305,
+-     TK_FROMTYPE = 306,
+-     TK_TOTYPE = 307,
+-     TK_TOSUBCLASS = 308,
+-     TK_INCLUDE = 309,
+-     TK_OPTINCLUDE = 310,
+-     TK_IMPORT = 311,
+-     TK_EXPHEADERCODE = 312,
+-     TK_MODHEADERCODE = 313,
+-     TK_TYPEHEADERCODE = 314,
+-     TK_MODULE = 315,
+-     TK_CMODULE = 316,
+-     TK_CONSMODULE = 317,
+-     TK_COMPOMODULE = 318,
+-     TK_CLASS = 319,
+-     TK_STRUCT = 320,
+-     TK_PUBLIC = 321,
+-     TK_PROTECTED = 322,
+-     TK_PRIVATE = 323,
+-     TK_SIGNALS = 324,
+-     TK_SIGNAL_METHOD = 325,
+-     TK_SLOTS = 326,
+-     TK_SLOT_METHOD = 327,
+-     TK_BOOL = 328,
+-     TK_SHORT = 329,
+-     TK_INT = 330,
+-     TK_LONG = 331,
+-     TK_FLOAT = 332,
+-     TK_DOUBLE = 333,
+-     TK_CHAR = 334,
+-     TK_WCHAR_T = 335,
+-     TK_VOID = 336,
+-     TK_PYOBJECT = 337,
+-     TK_PYTUPLE = 338,
+-     TK_PYLIST = 339,
+-     TK_PYDICT = 340,
+-     TK_PYCALLABLE = 341,
+-     TK_PYSLICE = 342,
+-     TK_PYTYPE = 343,
+-     TK_PYBUFFER = 344,
+-     TK_VIRTUAL = 345,
+-     TK_ENUM = 346,
+-     TK_SIGNED = 347,
+-     TK_UNSIGNED = 348,
+-     TK_SCOPE = 349,
+-     TK_LOGICAL_OR = 350,
+-     TK_CONST = 351,
+-     TK_STATIC = 352,
+-     TK_SIPSIGNAL = 353,
+-     TK_SIPSLOT = 354,
+-     TK_SIPANYSLOT = 355,
+-     TK_SIPRXCON = 356,
+-     TK_SIPRXDIS = 357,
+-     TK_SIPSLOTCON = 358,
+-     TK_SIPSLOTDIS = 359,
+-     TK_SIPSSIZET = 360,
+-     TK_SIZET = 361,
+-     TK_NUMBER_VALUE = 362,
+-     TK_REAL_VALUE = 363,
+-     TK_TYPEDEF = 364,
+-     TK_NAMESPACE = 365,
+-     TK_TIMELINE = 366,
+-     TK_PLATFORMS = 367,
+-     TK_FEATURE = 368,
+-     TK_LICENSE = 369,
+-     TK_QCHAR_VALUE = 370,
+-     TK_TRUE_VALUE = 371,
+-     TK_FALSE_VALUE = 372,
+-     TK_NULL_VALUE = 373,
+-     TK_OPERATOR = 374,
+-     TK_THROW = 375,
+-     TK_QOBJECT = 376,
+-     TK_EXCEPTION = 377,
+-     TK_RAISECODE = 378,
+-     TK_EXPLICIT = 379,
+-     TK_TEMPLATE = 380,
+-     TK_FINAL = 381,
+-     TK_ELLIPSIS = 382,
+-     TK_DEFMETATYPE = 383,
+-     TK_DEFSUPERTYPE = 384,
+-     TK_PROPERTY = 385,
+-     TK_HIDE_NS = 386,
+-     TK_FORMAT = 387,
+-     TK_GET = 388,
+-     TK_ID = 389,
+-     TK_KWARGS = 390,
+-     TK_LANGUAGE = 391,
+-     TK_LICENSEE = 392,
+-     TK_NAME = 393,
+-     TK_OPTIONAL = 394,
+-     TK_ORDER = 395,
+-     TK_REMOVELEADING = 396,
+-     TK_SET = 397,
+-     TK_SIGNATURE = 398,
+-     TK_TIMESTAMP = 399,
+-     TK_TYPE = 400,
+-     TK_USEARGNAMES = 401,
+-     TK_USELIMITEDAPI = 402,
+-     TK_ALLRAISEPYEXC = 403,
+-     TK_CALLSUPERINIT = 404,
+-     TK_DEFERRORHANDLER = 405,
+-     TK_VERSION = 406
+-   };
+-#endif
+-/* Tokens.  */
+-#define TK_API 258
+-#define TK_AUTOPYNAME 259
+-#define TK_DEFDOCSTRFMT 260
+-#define TK_DEFDOCSTRSIG 261
+-#define TK_DEFENCODING 262
+-#define TK_PLUGIN 263
+-#define TK_VIRTERRORHANDLER 264
+-#define TK_EXPTYPEHINTCODE 265
+-#define TK_TYPEHINTCODE 266
+-#define TK_DOCSTRING 267
+-#define TK_DOC 268
+-#define TK_EXPORTEDDOC 269
+-#define TK_EXTRACT 270
+-#define TK_MAKEFILE 271
+-#define TK_ACCESSCODE 272
+-#define TK_GETCODE 273
+-#define TK_SETCODE 274
+-#define TK_PREINITCODE 275
+-#define TK_INITCODE 276
+-#define TK_POSTINITCODE 277
+-#define TK_FINALCODE 278
+-#define TK_UNITCODE 279
+-#define TK_UNITPOSTINCLUDECODE 280
+-#define TK_MODCODE 281
+-#define TK_TYPECODE 282
+-#define TK_PREPYCODE 283
+-#define TK_COPYING 284
+-#define TK_MAPPEDTYPE 285
+-#define TK_CODELINE 286
+-#define TK_IF 287
+-#define TK_END 288
+-#define TK_NAME_VALUE 289
+-#define TK_PATH_VALUE 290
+-#define TK_STRING_VALUE 291
+-#define TK_VIRTUALCATCHERCODE 292
+-#define TK_TRAVERSECODE 293
+-#define TK_CLEARCODE 294
+-#define TK_GETBUFFERCODE 295
+-#define TK_RELEASEBUFFERCODE 296
+-#define TK_READBUFFERCODE 297
+-#define TK_WRITEBUFFERCODE 298
+-#define TK_SEGCOUNTCODE 299
+-#define TK_CHARBUFFERCODE 300
+-#define TK_PICKLECODE 301
+-#define TK_VIRTUALCALLCODE 302
+-#define TK_METHODCODE 303
+-#define TK_PREMETHODCODE 304
+-#define TK_INSTANCECODE 305
+-#define TK_FROMTYPE 306
+-#define TK_TOTYPE 307
+-#define TK_TOSUBCLASS 308
+-#define TK_INCLUDE 309
+-#define TK_OPTINCLUDE 310
+-#define TK_IMPORT 311
+-#define TK_EXPHEADERCODE 312
+-#define TK_MODHEADERCODE 313
+-#define TK_TYPEHEADERCODE 314
+-#define TK_MODULE 315
+-#define TK_CMODULE 316
+-#define TK_CONSMODULE 317
+-#define TK_COMPOMODULE 318
+-#define TK_CLASS 319
+-#define TK_STRUCT 320
+-#define TK_PUBLIC 321
+-#define TK_PROTECTED 322
+-#define TK_PRIVATE 323
+-#define TK_SIGNALS 324
+-#define TK_SIGNAL_METHOD 325
+-#define TK_SLOTS 326
+-#define TK_SLOT_METHOD 327
+-#define TK_BOOL 328
+-#define TK_SHORT 329
+-#define TK_INT 330
+-#define TK_LONG 331
+-#define TK_FLOAT 332
+-#define TK_DOUBLE 333
+-#define TK_CHAR 334
+-#define TK_WCHAR_T 335
+-#define TK_VOID 336
+-#define TK_PYOBJECT 337
+-#define TK_PYTUPLE 338
+-#define TK_PYLIST 339
+-#define TK_PYDICT 340
+-#define TK_PYCALLABLE 341
+-#define TK_PYSLICE 342
+-#define TK_PYTYPE 343
+-#define TK_PYBUFFER 344
+-#define TK_VIRTUAL 345
+-#define TK_ENUM 346
+-#define TK_SIGNED 347
+-#define TK_UNSIGNED 348
+-#define TK_SCOPE 349
+-#define TK_LOGICAL_OR 350
+-#define TK_CONST 351
+-#define TK_STATIC 352
+-#define TK_SIPSIGNAL 353
+-#define TK_SIPSLOT 354
+-#define TK_SIPANYSLOT 355
+-#define TK_SIPRXCON 356
+-#define TK_SIPRXDIS 357
+-#define TK_SIPSLOTCON 358
+-#define TK_SIPSLOTDIS 359
+-#define TK_SIPSSIZET 360
+-#define TK_SIZET 361
+-#define TK_NUMBER_VALUE 362
+-#define TK_REAL_VALUE 363
+-#define TK_TYPEDEF 364
+-#define TK_NAMESPACE 365
+-#define TK_TIMELINE 366
+-#define TK_PLATFORMS 367
+-#define TK_FEATURE 368
+-#define TK_LICENSE 369
+-#define TK_QCHAR_VALUE 370
+-#define TK_TRUE_VALUE 371
+-#define TK_FALSE_VALUE 372
+-#define TK_NULL_VALUE 373
+-#define TK_OPERATOR 374
+-#define TK_THROW 375
+-#define TK_QOBJECT 376
+-#define TK_EXCEPTION 377
+-#define TK_RAISECODE 378
+-#define TK_EXPLICIT 379
+-#define TK_TEMPLATE 380
+-#define TK_FINAL 381
+-#define TK_ELLIPSIS 382
+-#define TK_DEFMETATYPE 383
+-#define TK_DEFSUPERTYPE 384
+-#define TK_PROPERTY 385
+-#define TK_HIDE_NS 386
+-#define TK_FORMAT 387
+-#define TK_GET 388
+-#define TK_ID 389
+-#define TK_KWARGS 390
+-#define TK_LANGUAGE 391
+-#define TK_LICENSEE 392
+-#define TK_NAME 393
+-#define TK_OPTIONAL 394
+-#define TK_ORDER 395
+-#define TK_REMOVELEADING 396
+-#define TK_SET 397
+-#define TK_SIGNATURE 398
+-#define TK_TIMESTAMP 399
+-#define TK_TYPE 400
+-#define TK_USEARGNAMES 401
+-#define TK_USELIMITEDAPI 402
+-#define TK_ALLRAISEPYEXC 403
+-#define TK_CALLSUPERINIT 404
+-#define TK_DEFERRORHANDLER 405
+-#define TK_VERSION 406
++/* Pull parsers.  */
++#define YYPULL 1
+ 
+ 
+ 
+ 
+-/* Copy the first part of user declarations.  */
+-#line 19 "sip-4.19.23/sipgen/metasrc/parser.y"
++/* First part of user prologue.  */
++#line 19 "parser.y"
+ 
+ #include <stdlib.h>
+ #include <string.h>
+@@ -539,9 +234,9 @@ static void addProperty(sipSpec *pt, mod
+         docstringDef *docstring);
+ static moduleDef *configureModule(sipSpec *pt, moduleDef *module,
+         const char *filename, const char *name, int c_module, KwArgs kwargs,
+-        int use_arg_names, int use_limited_api, int call_super_init,
+-        int all_raise_py_exc, const char *def_error_handler,
+-        docstringDef *docstring);
++        int use_arg_names, int py_ssize_t_clean, int use_limited_api,
++        int call_super_init, int all_raise_py_exc,
++        const char *def_error_handler, docstringDef *docstring);
+ static void addAutoPyName(moduleDef *mod, const char *remove_leading);
+ static KwArgs convertKwArgs(const char *kwargs);
+ static void checkAnnos(optFlags *annos, const char *valid[]);
+@@ -555,117 +250,555 @@ static int isBackstop(qualDef *qd);
+ static void checkEllipsis(signatureDef *sd);
+ static scopedNameDef *fullyQualifiedName(scopedNameDef *snd);
+ 
++#line 254 "../parser.c"
+ 
+-/* Enabling traces.  */
+-#ifndef YYDEBUG
+-# define YYDEBUG 0
+-#endif
+-
+-/* Enabling verbose error messages.  */
+-#ifdef YYERROR_VERBOSE
+-# undef YYERROR_VERBOSE
+-# define YYERROR_VERBOSE 1
+-#else
+-# define YYERROR_VERBOSE 0
+-#endif
+-
+-/* Enabling the token table.  */
+-#ifndef YYTOKEN_TABLE
+-# define YYTOKEN_TABLE 0
+-#endif
+-
+-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+-typedef union YYSTYPE
+-#line 202 "sip-4.19.23/sipgen/metasrc/parser.y"
+-{
+-    char            qchar;
+-    char            *text;
+-    long            number;
+-    double          real;
+-    argDef          memArg;
+-    signatureDef    signature;
+-    signatureDef    *optsignature;
+-    throwArgs       *throwlist;
+-    codeBlock       *codeb;
+-    docstringDef    *docstr;
+-    valueDef        value;
+-    valueDef        *valp;
+-    optFlags        optflags;
+-    optFlag         flag;
+-    scopedNameDef   *scpvalp;
+-    fcallDef        fcall;
+-    int             boolean;
+-    exceptionDef    exceptionbase;
+-    classDef        *klass;
+-    apiCfg          api;
+-    autoPyNameCfg   autopyname;
+-    compModuleCfg   compmodule;
+-    consModuleCfg   consmodule;
+-    defDocstringFmtCfg  defdocstringfmt;
+-    defDocstringSigCfg  defdocstringsig;
+-    defEncodingCfg  defencoding;
+-    defMetatypeCfg  defmetatype;
+-    defSupertypeCfg defsupertype;
+-    hiddenNsCfg     hiddenns;
+-    exceptionCfg    exception;
+-    docstringCfg    docstring;
+-    extractCfg      extract;
+-    featureCfg      feature;
+-    licenseCfg      license;
+-    importCfg       import;
+-    includeCfg      include;
+-    moduleCfg       module;
+-    pluginCfg       plugin;
+-    propertyCfg     property;
+-    variableCfg     variable;
+-    vehCfg          veh;
+-    int             token;
+-}
+-/* Line 193 of yacc.c.  */
+-#line 626 "sip-4.19.23/sipgen/parser.c"
+-	YYSTYPE;
+-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+-# define YYSTYPE_IS_DECLARED 1
+-# define YYSTYPE_IS_TRIVIAL 1
+-#endif
+-
++# ifndef YY_CAST
++#  ifdef __cplusplus
++#   define YY_CAST(Type, Val) static_cast<Type> (Val)
++#   define YY_REINTERPRET_CAST(Type, Val) reinterpret_cast<Type> (Val)
++#  else
++#   define YY_CAST(Type, Val) ((Type) (Val))
++#   define YY_REINTERPRET_CAST(Type, Val) ((Type) (Val))
++#  endif
++# endif
++# ifndef YY_NULLPTR
++#  if defined __cplusplus
++#   if 201103L <= __cplusplus
++#    define YY_NULLPTR nullptr
++#   else
++#    define YY_NULLPTR 0
++#   endif
++#  else
++#   define YY_NULLPTR ((void*)0)
++#  endif
++# endif
+ 
++#include "parser.h"
++/* Symbol kind.  */
++enum yysymbol_kind_t
++{
++  YYSYMBOL_YYEMPTY = -2,
++  YYSYMBOL_YYEOF = 0,                      /* "end of file"  */
++  YYSYMBOL_YYerror = 1,                    /* error  */
++  YYSYMBOL_YYUNDEF = 2,                    /* "invalid token"  */
++  YYSYMBOL_TK_API = 3,                     /* TK_API  */
++  YYSYMBOL_TK_AUTOPYNAME = 4,              /* TK_AUTOPYNAME  */
++  YYSYMBOL_TK_DEFDOCSTRFMT = 5,            /* TK_DEFDOCSTRFMT  */
++  YYSYMBOL_TK_DEFDOCSTRSIG = 6,            /* TK_DEFDOCSTRSIG  */
++  YYSYMBOL_TK_DEFENCODING = 7,             /* TK_DEFENCODING  */
++  YYSYMBOL_TK_PLUGIN = 8,                  /* TK_PLUGIN  */
++  YYSYMBOL_TK_VIRTERRORHANDLER = 9,        /* TK_VIRTERRORHANDLER  */
++  YYSYMBOL_TK_EXPTYPEHINTCODE = 10,        /* TK_EXPTYPEHINTCODE  */
++  YYSYMBOL_TK_TYPEHINTCODE = 11,           /* TK_TYPEHINTCODE  */
++  YYSYMBOL_TK_DOCSTRING = 12,              /* TK_DOCSTRING  */
++  YYSYMBOL_TK_DOC = 13,                    /* TK_DOC  */
++  YYSYMBOL_TK_EXPORTEDDOC = 14,            /* TK_EXPORTEDDOC  */
++  YYSYMBOL_TK_EXTRACT = 15,                /* TK_EXTRACT  */
++  YYSYMBOL_TK_MAKEFILE = 16,               /* TK_MAKEFILE  */
++  YYSYMBOL_TK_ACCESSCODE = 17,             /* TK_ACCESSCODE  */
++  YYSYMBOL_TK_GETCODE = 18,                /* TK_GETCODE  */
++  YYSYMBOL_TK_SETCODE = 19,                /* TK_SETCODE  */
++  YYSYMBOL_TK_PREINITCODE = 20,            /* TK_PREINITCODE  */
++  YYSYMBOL_TK_INITCODE = 21,               /* TK_INITCODE  */
++  YYSYMBOL_TK_POSTINITCODE = 22,           /* TK_POSTINITCODE  */
++  YYSYMBOL_TK_FINALCODE = 23,              /* TK_FINALCODE  */
++  YYSYMBOL_TK_UNITCODE = 24,               /* TK_UNITCODE  */
++  YYSYMBOL_TK_UNITPOSTINCLUDECODE = 25,    /* TK_UNITPOSTINCLUDECODE  */
++  YYSYMBOL_TK_MODCODE = 26,                /* TK_MODCODE  */
++  YYSYMBOL_TK_TYPECODE = 27,               /* TK_TYPECODE  */
++  YYSYMBOL_TK_PREPYCODE = 28,              /* TK_PREPYCODE  */
++  YYSYMBOL_TK_COPYING = 29,                /* TK_COPYING  */
++  YYSYMBOL_TK_MAPPEDTYPE = 30,             /* TK_MAPPEDTYPE  */
++  YYSYMBOL_TK_CODELINE = 31,               /* TK_CODELINE  */
++  YYSYMBOL_TK_IF = 32,                     /* TK_IF  */
++  YYSYMBOL_TK_END = 33,                    /* TK_END  */
++  YYSYMBOL_TK_NAME_VALUE = 34,             /* TK_NAME_VALUE  */
++  YYSYMBOL_TK_PATH_VALUE = 35,             /* TK_PATH_VALUE  */
++  YYSYMBOL_TK_STRING_VALUE = 36,           /* TK_STRING_VALUE  */
++  YYSYMBOL_TK_VIRTUALCATCHERCODE = 37,     /* TK_VIRTUALCATCHERCODE  */
++  YYSYMBOL_TK_TRAVERSECODE = 38,           /* TK_TRAVERSECODE  */
++  YYSYMBOL_TK_CLEARCODE = 39,              /* TK_CLEARCODE  */
++  YYSYMBOL_TK_GETBUFFERCODE = 40,          /* TK_GETBUFFERCODE  */
++  YYSYMBOL_TK_RELEASEBUFFERCODE = 41,      /* TK_RELEASEBUFFERCODE  */
++  YYSYMBOL_TK_READBUFFERCODE = 42,         /* TK_READBUFFERCODE  */
++  YYSYMBOL_TK_WRITEBUFFERCODE = 43,        /* TK_WRITEBUFFERCODE  */
++  YYSYMBOL_TK_SEGCOUNTCODE = 44,           /* TK_SEGCOUNTCODE  */
++  YYSYMBOL_TK_CHARBUFFERCODE = 45,         /* TK_CHARBUFFERCODE  */
++  YYSYMBOL_TK_PICKLECODE = 46,             /* TK_PICKLECODE  */
++  YYSYMBOL_TK_VIRTUALCALLCODE = 47,        /* TK_VIRTUALCALLCODE  */
++  YYSYMBOL_TK_METHODCODE = 48,             /* TK_METHODCODE  */
++  YYSYMBOL_TK_PREMETHODCODE = 49,          /* TK_PREMETHODCODE  */
++  YYSYMBOL_TK_INSTANCECODE = 50,           /* TK_INSTANCECODE  */
++  YYSYMBOL_TK_FROMTYPE = 51,               /* TK_FROMTYPE  */
++  YYSYMBOL_TK_TOTYPE = 52,                 /* TK_TOTYPE  */
++  YYSYMBOL_TK_TOSUBCLASS = 53,             /* TK_TOSUBCLASS  */
++  YYSYMBOL_TK_INCLUDE = 54,                /* TK_INCLUDE  */
++  YYSYMBOL_TK_OPTINCLUDE = 55,             /* TK_OPTINCLUDE  */
++  YYSYMBOL_TK_IMPORT = 56,                 /* TK_IMPORT  */
++  YYSYMBOL_TK_EXPHEADERCODE = 57,          /* TK_EXPHEADERCODE  */
++  YYSYMBOL_TK_MODHEADERCODE = 58,          /* TK_MODHEADERCODE  */
++  YYSYMBOL_TK_TYPEHEADERCODE = 59,         /* TK_TYPEHEADERCODE  */
++  YYSYMBOL_TK_MODULE = 60,                 /* TK_MODULE  */
++  YYSYMBOL_TK_CMODULE = 61,                /* TK_CMODULE  */
++  YYSYMBOL_TK_CONSMODULE = 62,             /* TK_CONSMODULE  */
++  YYSYMBOL_TK_COMPOMODULE = 63,            /* TK_COMPOMODULE  */
++  YYSYMBOL_TK_CLASS = 64,                  /* TK_CLASS  */
++  YYSYMBOL_TK_STRUCT = 65,                 /* TK_STRUCT  */
++  YYSYMBOL_TK_PUBLIC = 66,                 /* TK_PUBLIC  */
++  YYSYMBOL_TK_PROTECTED = 67,              /* TK_PROTECTED  */
++  YYSYMBOL_TK_PRIVATE = 68,                /* TK_PRIVATE  */
++  YYSYMBOL_TK_SIGNALS = 69,                /* TK_SIGNALS  */
++  YYSYMBOL_TK_SIGNAL_METHOD = 70,          /* TK_SIGNAL_METHOD  */
++  YYSYMBOL_TK_SLOTS = 71,                  /* TK_SLOTS  */
++  YYSYMBOL_TK_SLOT_METHOD = 72,            /* TK_SLOT_METHOD  */
++  YYSYMBOL_TK_BOOL = 73,                   /* TK_BOOL  */
++  YYSYMBOL_TK_SHORT = 74,                  /* TK_SHORT  */
++  YYSYMBOL_TK_INT = 75,                    /* TK_INT  */
++  YYSYMBOL_TK_LONG = 76,                   /* TK_LONG  */
++  YYSYMBOL_TK_FLOAT = 77,                  /* TK_FLOAT  */
++  YYSYMBOL_TK_DOUBLE = 78,                 /* TK_DOUBLE  */
++  YYSYMBOL_TK_CHAR = 79,                   /* TK_CHAR  */
++  YYSYMBOL_TK_WCHAR_T = 80,                /* TK_WCHAR_T  */
++  YYSYMBOL_TK_VOID = 81,                   /* TK_VOID  */
++  YYSYMBOL_TK_PYOBJECT = 82,               /* TK_PYOBJECT  */
++  YYSYMBOL_TK_PYTUPLE = 83,                /* TK_PYTUPLE  */
++  YYSYMBOL_TK_PYLIST = 84,                 /* TK_PYLIST  */
++  YYSYMBOL_TK_PYDICT = 85,                 /* TK_PYDICT  */
++  YYSYMBOL_TK_PYCALLABLE = 86,             /* TK_PYCALLABLE  */
++  YYSYMBOL_TK_PYSLICE = 87,                /* TK_PYSLICE  */
++  YYSYMBOL_TK_PYTYPE = 88,                 /* TK_PYTYPE  */
++  YYSYMBOL_TK_PYBUFFER = 89,               /* TK_PYBUFFER  */
++  YYSYMBOL_TK_VIRTUAL = 90,                /* TK_VIRTUAL  */
++  YYSYMBOL_TK_ENUM = 91,                   /* TK_ENUM  */
++  YYSYMBOL_TK_SIGNED = 92,                 /* TK_SIGNED  */
++  YYSYMBOL_TK_UNSIGNED = 93,               /* TK_UNSIGNED  */
++  YYSYMBOL_TK_SCOPE = 94,                  /* TK_SCOPE  */
++  YYSYMBOL_TK_LOGICAL_OR = 95,             /* TK_LOGICAL_OR  */
++  YYSYMBOL_TK_CONST = 96,                  /* TK_CONST  */
++  YYSYMBOL_TK_STATIC = 97,                 /* TK_STATIC  */
++  YYSYMBOL_TK_SIPSIGNAL = 98,              /* TK_SIPSIGNAL  */
++  YYSYMBOL_TK_SIPSLOT = 99,                /* TK_SIPSLOT  */
++  YYSYMBOL_TK_SIPANYSLOT = 100,            /* TK_SIPANYSLOT  */
++  YYSYMBOL_TK_SIPRXCON = 101,              /* TK_SIPRXCON  */
++  YYSYMBOL_TK_SIPRXDIS = 102,              /* TK_SIPRXDIS  */
++  YYSYMBOL_TK_SIPSLOTCON = 103,            /* TK_SIPSLOTCON  */
++  YYSYMBOL_TK_SIPSLOTDIS = 104,            /* TK_SIPSLOTDIS  */
++  YYSYMBOL_TK_SIPSSIZET = 105,             /* TK_SIPSSIZET  */
++  YYSYMBOL_TK_SIZET = 106,                 /* TK_SIZET  */
++  YYSYMBOL_TK_NUMBER_VALUE = 107,          /* TK_NUMBER_VALUE  */
++  YYSYMBOL_TK_REAL_VALUE = 108,            /* TK_REAL_VALUE  */
++  YYSYMBOL_TK_TYPEDEF = 109,               /* TK_TYPEDEF  */
++  YYSYMBOL_TK_NAMESPACE = 110,             /* TK_NAMESPACE  */
++  YYSYMBOL_TK_TIMELINE = 111,              /* TK_TIMELINE  */
++  YYSYMBOL_TK_PLATFORMS = 112,             /* TK_PLATFORMS  */
++  YYSYMBOL_TK_FEATURE = 113,               /* TK_FEATURE  */
++  YYSYMBOL_TK_LICENSE = 114,               /* TK_LICENSE  */
++  YYSYMBOL_TK_QCHAR_VALUE = 115,           /* TK_QCHAR_VALUE  */
++  YYSYMBOL_TK_TRUE_VALUE = 116,            /* TK_TRUE_VALUE  */
++  YYSYMBOL_TK_FALSE_VALUE = 117,           /* TK_FALSE_VALUE  */
++  YYSYMBOL_TK_NULL_VALUE = 118,            /* TK_NULL_VALUE  */
++  YYSYMBOL_TK_OPERATOR = 119,              /* TK_OPERATOR  */
++  YYSYMBOL_TK_THROW = 120,                 /* TK_THROW  */
++  YYSYMBOL_TK_QOBJECT = 121,               /* TK_QOBJECT  */
++  YYSYMBOL_TK_EXCEPTION = 122,             /* TK_EXCEPTION  */
++  YYSYMBOL_TK_RAISECODE = 123,             /* TK_RAISECODE  */
++  YYSYMBOL_TK_EXPLICIT = 124,              /* TK_EXPLICIT  */
++  YYSYMBOL_TK_TEMPLATE = 125,              /* TK_TEMPLATE  */
++  YYSYMBOL_TK_FINAL = 126,                 /* TK_FINAL  */
++  YYSYMBOL_TK_ELLIPSIS = 127,              /* TK_ELLIPSIS  */
++  YYSYMBOL_TK_DEFMETATYPE = 128,           /* TK_DEFMETATYPE  */
++  YYSYMBOL_TK_DEFSUPERTYPE = 129,          /* TK_DEFSUPERTYPE  */
++  YYSYMBOL_TK_PROPERTY = 130,              /* TK_PROPERTY  */
++  YYSYMBOL_TK_HIDE_NS = 131,               /* TK_HIDE_NS  */
++  YYSYMBOL_TK_FORMAT = 132,                /* TK_FORMAT  */
++  YYSYMBOL_TK_GET = 133,                   /* TK_GET  */
++  YYSYMBOL_TK_ID = 134,                    /* TK_ID  */
++  YYSYMBOL_TK_KWARGS = 135,                /* TK_KWARGS  */
++  YYSYMBOL_TK_LANGUAGE = 136,              /* TK_LANGUAGE  */
++  YYSYMBOL_TK_LICENSEE = 137,              /* TK_LICENSEE  */
++  YYSYMBOL_TK_NAME = 138,                  /* TK_NAME  */
++  YYSYMBOL_TK_OPTIONAL = 139,              /* TK_OPTIONAL  */
++  YYSYMBOL_TK_ORDER = 140,                 /* TK_ORDER  */
++  YYSYMBOL_TK_REMOVELEADING = 141,         /* TK_REMOVELEADING  */
++  YYSYMBOL_TK_SET = 142,                   /* TK_SET  */
++  YYSYMBOL_TK_SIGNATURE = 143,             /* TK_SIGNATURE  */
++  YYSYMBOL_TK_TIMESTAMP = 144,             /* TK_TIMESTAMP  */
++  YYSYMBOL_TK_TYPE = 145,                  /* TK_TYPE  */
++  YYSYMBOL_TK_USEARGNAMES = 146,           /* TK_USEARGNAMES  */
++  YYSYMBOL_TK_PYSSIZETCLEAN = 147,         /* TK_PYSSIZETCLEAN  */
++  YYSYMBOL_TK_USELIMITEDAPI = 148,         /* TK_USELIMITEDAPI  */
++  YYSYMBOL_TK_ALLRAISEPYEXC = 149,         /* TK_ALLRAISEPYEXC  */
++  YYSYMBOL_TK_CALLSUPERINIT = 150,         /* TK_CALLSUPERINIT  */
++  YYSYMBOL_TK_DEFERRORHANDLER = 151,       /* TK_DEFERRORHANDLER  */
++  YYSYMBOL_TK_VERSION = 152,               /* TK_VERSION  */
++  YYSYMBOL_153_ = 153,                     /* '('  */
++  YYSYMBOL_154_ = 154,                     /* ')'  */
++  YYSYMBOL_155_ = 155,                     /* ','  */
++  YYSYMBOL_156_ = 156,                     /* '='  */
++  YYSYMBOL_157_ = 157,                     /* '{'  */
++  YYSYMBOL_158_ = 158,                     /* '}'  */
++  YYSYMBOL_159_ = 159,                     /* ';'  */
++  YYSYMBOL_160_ = 160,                     /* '!'  */
++  YYSYMBOL_161_ = 161,                     /* '-'  */
++  YYSYMBOL_162_ = 162,                     /* '+'  */
++  YYSYMBOL_163_ = 163,                     /* '*'  */
++  YYSYMBOL_164_ = 164,                     /* '/'  */
++  YYSYMBOL_165_ = 165,                     /* '&'  */
++  YYSYMBOL_166_ = 166,                     /* '|'  */
++  YYSYMBOL_167_ = 167,                     /* '~'  */
++  YYSYMBOL_168_ = 168,                     /* '<'  */
++  YYSYMBOL_169_ = 169,                     /* '>'  */
++  YYSYMBOL_170_ = 170,                     /* ':'  */
++  YYSYMBOL_171_ = 171,                     /* '['  */
++  YYSYMBOL_172_ = 172,                     /* ']'  */
++  YYSYMBOL_173_ = 173,                     /* '%'  */
++  YYSYMBOL_174_ = 174,                     /* '^'  */
++  YYSYMBOL_YYACCEPT = 175,                 /* $accept  */
++  YYSYMBOL_specification = 176,            /* specification  */
++  YYSYMBOL_statement = 177,                /* statement  */
++  YYSYMBOL_178_1 = 178,                    /* $@1  */
++  YYSYMBOL_modstatement = 179,             /* modstatement  */
++  YYSYMBOL_nsstatement = 180,              /* nsstatement  */
++  YYSYMBOL_defdocstringfmt = 181,          /* defdocstringfmt  */
++  YYSYMBOL_defdocstringfmt_args = 182,     /* defdocstringfmt_args  */
++  YYSYMBOL_defdocstringfmt_arg_list = 183, /* defdocstringfmt_arg_list  */
++  YYSYMBOL_defdocstringfmt_arg = 184,      /* defdocstringfmt_arg  */
++  YYSYMBOL_defdocstringsig = 185,          /* defdocstringsig  */
++  YYSYMBOL_defdocstringsig_args = 186,     /* defdocstringsig_args  */
++  YYSYMBOL_defdocstringsig_arg_list = 187, /* defdocstringsig_arg_list  */
++  YYSYMBOL_defdocstringsig_arg = 188,      /* defdocstringsig_arg  */
++  YYSYMBOL_defencoding = 189,              /* defencoding  */
++  YYSYMBOL_defencoding_args = 190,         /* defencoding_args  */
++  YYSYMBOL_defencoding_arg_list = 191,     /* defencoding_arg_list  */
++  YYSYMBOL_defencoding_arg = 192,          /* defencoding_arg  */
++  YYSYMBOL_plugin = 193,                   /* plugin  */
++  YYSYMBOL_plugin_args = 194,              /* plugin_args  */
++  YYSYMBOL_plugin_arg_list = 195,          /* plugin_arg_list  */
++  YYSYMBOL_plugin_arg = 196,               /* plugin_arg  */
++  YYSYMBOL_virterrorhandler = 197,         /* virterrorhandler  */
++  YYSYMBOL_veh_args = 198,                 /* veh_args  */
++  YYSYMBOL_veh_arg_list = 199,             /* veh_arg_list  */
++  YYSYMBOL_veh_arg = 200,                  /* veh_arg  */
++  YYSYMBOL_api = 201,                      /* api  */
++  YYSYMBOL_api_args = 202,                 /* api_args  */
++  YYSYMBOL_api_arg_list = 203,             /* api_arg_list  */
++  YYSYMBOL_api_arg = 204,                  /* api_arg  */
++  YYSYMBOL_exception = 205,                /* exception  */
++  YYSYMBOL_baseexception = 206,            /* baseexception  */
++  YYSYMBOL_exception_body = 207,           /* exception_body  */
++  YYSYMBOL_exception_body_directives = 208, /* exception_body_directives  */
++  YYSYMBOL_exception_body_directive = 209, /* exception_body_directive  */
++  YYSYMBOL_raisecode = 210,                /* raisecode  */
++  YYSYMBOL_mappedtype = 211,               /* mappedtype  */
++  YYSYMBOL_212_2 = 212,                    /* $@2  */
++  YYSYMBOL_mappedtypetmpl = 213,           /* mappedtypetmpl  */
++  YYSYMBOL_214_3 = 214,                    /* $@3  */
++  YYSYMBOL_mtdefinition = 215,             /* mtdefinition  */
++  YYSYMBOL_mtbody = 216,                   /* mtbody  */
++  YYSYMBOL_mtline = 217,                   /* mtline  */
++  YYSYMBOL_mtfunction = 218,               /* mtfunction  */
++  YYSYMBOL_namespace = 219,                /* namespace  */
++  YYSYMBOL_220_4 = 220,                    /* $@4  */
++  YYSYMBOL_optnsbody = 221,                /* optnsbody  */
++  YYSYMBOL_nsbody = 222,                   /* nsbody  */
++  YYSYMBOL_platforms = 223,                /* platforms  */
++  YYSYMBOL_224_5 = 224,                    /* $@5  */
++  YYSYMBOL_platformlist = 225,             /* platformlist  */
++  YYSYMBOL_platform = 226,                 /* platform  */
++  YYSYMBOL_feature = 227,                  /* feature  */
++  YYSYMBOL_feature_args = 228,             /* feature_args  */
++  YYSYMBOL_feature_arg_list = 229,         /* feature_arg_list  */
++  YYSYMBOL_feature_arg = 230,              /* feature_arg  */
++  YYSYMBOL_timeline = 231,                 /* timeline  */
++  YYSYMBOL_232_6 = 232,                    /* $@6  */
++  YYSYMBOL_qualifierlist = 233,            /* qualifierlist  */
++  YYSYMBOL_qualifiername = 234,            /* qualifiername  */
++  YYSYMBOL_ifstart = 235,                  /* ifstart  */
++  YYSYMBOL_236_7 = 236,                    /* $@7  */
++  YYSYMBOL_oredqualifiers = 237,           /* oredqualifiers  */
++  YYSYMBOL_qualifiers = 238,               /* qualifiers  */
++  YYSYMBOL_ifend = 239,                    /* ifend  */
++  YYSYMBOL_license = 240,                  /* license  */
++  YYSYMBOL_license_args = 241,             /* license_args  */
++  YYSYMBOL_license_arg_list = 242,         /* license_arg_list  */
++  YYSYMBOL_license_arg = 243,              /* license_arg  */
++  YYSYMBOL_defmetatype = 244,              /* defmetatype  */
++  YYSYMBOL_defmetatype_args = 245,         /* defmetatype_args  */
++  YYSYMBOL_defmetatype_arg_list = 246,     /* defmetatype_arg_list  */
++  YYSYMBOL_defmetatype_arg = 247,          /* defmetatype_arg  */
++  YYSYMBOL_defsupertype = 248,             /* defsupertype  */
++  YYSYMBOL_defsupertype_args = 249,        /* defsupertype_args  */
++  YYSYMBOL_defsupertype_arg_list = 250,    /* defsupertype_arg_list  */
++  YYSYMBOL_defsupertype_arg = 251,         /* defsupertype_arg  */
++  YYSYMBOL_hiddenns = 252,                 /* hiddenns  */
++  YYSYMBOL_hiddenns_args = 253,            /* hiddenns_args  */
++  YYSYMBOL_hiddenns_arg_list = 254,        /* hiddenns_arg_list  */
++  YYSYMBOL_hiddenns_arg = 255,             /* hiddenns_arg  */
++  YYSYMBOL_consmodule = 256,               /* consmodule  */
++  YYSYMBOL_consmodule_args = 257,          /* consmodule_args  */
++  YYSYMBOL_consmodule_arg_list = 258,      /* consmodule_arg_list  */
++  YYSYMBOL_consmodule_arg = 259,           /* consmodule_arg  */
++  YYSYMBOL_consmodule_body = 260,          /* consmodule_body  */
++  YYSYMBOL_consmodule_body_directives = 261, /* consmodule_body_directives  */
++  YYSYMBOL_consmodule_body_directive = 262, /* consmodule_body_directive  */
++  YYSYMBOL_compmodule = 263,               /* compmodule  */
++  YYSYMBOL_compmodule_args = 264,          /* compmodule_args  */
++  YYSYMBOL_compmodule_arg_list = 265,      /* compmodule_arg_list  */
++  YYSYMBOL_compmodule_arg = 266,           /* compmodule_arg  */
++  YYSYMBOL_compmodule_body = 267,          /* compmodule_body  */
++  YYSYMBOL_compmodule_body_directives = 268, /* compmodule_body_directives  */
++  YYSYMBOL_compmodule_body_directive = 269, /* compmodule_body_directive  */
++  YYSYMBOL_module = 270,                   /* module  */
++  YYSYMBOL_module_args = 271,              /* module_args  */
++  YYSYMBOL_272_8 = 272,                    /* $@8  */
++  YYSYMBOL_module_arg_list = 273,          /* module_arg_list  */
++  YYSYMBOL_module_arg = 274,               /* module_arg  */
++  YYSYMBOL_module_body = 275,              /* module_body  */
++  YYSYMBOL_module_body_directives = 276,   /* module_body_directives  */
++  YYSYMBOL_module_body_directive = 277,    /* module_body_directive  */
++  YYSYMBOL_dottedname = 278,               /* dottedname  */
++  YYSYMBOL_optnumber = 279,                /* optnumber  */
++  YYSYMBOL_include = 280,                  /* include  */
++  YYSYMBOL_include_args = 281,             /* include_args  */
++  YYSYMBOL_include_arg_list = 282,         /* include_arg_list  */
++  YYSYMBOL_include_arg = 283,              /* include_arg  */
++  YYSYMBOL_optinclude = 284,               /* optinclude  */
++  YYSYMBOL_import = 285,                   /* import  */
++  YYSYMBOL_import_args = 286,              /* import_args  */
++  YYSYMBOL_import_arg_list = 287,          /* import_arg_list  */
++  YYSYMBOL_import_arg = 288,               /* import_arg  */
++  YYSYMBOL_optaccesscode = 289,            /* optaccesscode  */
++  YYSYMBOL_optgetcode = 290,               /* optgetcode  */
++  YYSYMBOL_optsetcode = 291,               /* optsetcode  */
++  YYSYMBOL_copying = 292,                  /* copying  */
++  YYSYMBOL_exphdrcode = 293,               /* exphdrcode  */
++  YYSYMBOL_modhdrcode = 294,               /* modhdrcode  */
++  YYSYMBOL_typehdrcode = 295,              /* typehdrcode  */
++  YYSYMBOL_travcode = 296,                 /* travcode  */
++  YYSYMBOL_clearcode = 297,                /* clearcode  */
++  YYSYMBOL_getbufcode = 298,               /* getbufcode  */
++  YYSYMBOL_releasebufcode = 299,           /* releasebufcode  */
++  YYSYMBOL_readbufcode = 300,              /* readbufcode  */
++  YYSYMBOL_writebufcode = 301,             /* writebufcode  */
++  YYSYMBOL_segcountcode = 302,             /* segcountcode  */
++  YYSYMBOL_charbufcode = 303,              /* charbufcode  */
++  YYSYMBOL_instancecode = 304,             /* instancecode  */
++  YYSYMBOL_picklecode = 305,               /* picklecode  */
++  YYSYMBOL_finalcode = 306,                /* finalcode  */
++  YYSYMBOL_modcode = 307,                  /* modcode  */
++  YYSYMBOL_typecode = 308,                 /* typecode  */
++  YYSYMBOL_preinitcode = 309,              /* preinitcode  */
++  YYSYMBOL_initcode = 310,                 /* initcode  */
++  YYSYMBOL_postinitcode = 311,             /* postinitcode  */
++  YYSYMBOL_unitcode = 312,                 /* unitcode  */
++  YYSYMBOL_unitpostinccode = 313,          /* unitpostinccode  */
++  YYSYMBOL_prepycode = 314,                /* prepycode  */
++  YYSYMBOL_exptypehintcode = 315,          /* exptypehintcode  */
++  YYSYMBOL_modtypehintcode = 316,          /* modtypehintcode  */
++  YYSYMBOL_classtypehintcode = 317,        /* classtypehintcode  */
++  YYSYMBOL_doc = 318,                      /* doc  */
++  YYSYMBOL_exporteddoc = 319,              /* exporteddoc  */
++  YYSYMBOL_autopyname = 320,               /* autopyname  */
++  YYSYMBOL_autopyname_args = 321,          /* autopyname_args  */
++  YYSYMBOL_autopyname_arg_list = 322,      /* autopyname_arg_list  */
++  YYSYMBOL_autopyname_arg = 323,           /* autopyname_arg  */
++  YYSYMBOL_docstring = 324,                /* docstring  */
++  YYSYMBOL_docstring_args = 325,           /* docstring_args  */
++  YYSYMBOL_docstring_arg_list = 326,       /* docstring_arg_list  */
++  YYSYMBOL_docstring_arg = 327,            /* docstring_arg  */
++  YYSYMBOL_optdocstring = 328,             /* optdocstring  */
++  YYSYMBOL_extract = 329,                  /* extract  */
++  YYSYMBOL_extract_args = 330,             /* extract_args  */
++  YYSYMBOL_extract_arg_list = 331,         /* extract_arg_list  */
++  YYSYMBOL_extract_arg = 332,              /* extract_arg  */
++  YYSYMBOL_makefile = 333,                 /* makefile  */
++  YYSYMBOL_codeblock = 334,                /* codeblock  */
++  YYSYMBOL_codelines = 335,                /* codelines  */
++  YYSYMBOL_enum = 336,                     /* enum  */
++  YYSYMBOL_337_9 = 337,                    /* $@9  */
++  YYSYMBOL_optenumkey = 338,               /* optenumkey  */
++  YYSYMBOL_optfilename = 339,              /* optfilename  */
++  YYSYMBOL_optname = 340,                  /* optname  */
++  YYSYMBOL_optenumbody = 341,              /* optenumbody  */
++  YYSYMBOL_enumbody = 342,                 /* enumbody  */
++  YYSYMBOL_enumline = 343,                 /* enumline  */
++  YYSYMBOL_optcomma = 344,                 /* optcomma  */
++  YYSYMBOL_optenumassign = 345,            /* optenumassign  */
++  YYSYMBOL_optassign = 346,                /* optassign  */
++  YYSYMBOL_expr = 347,                     /* expr  */
++  YYSYMBOL_binop = 348,                    /* binop  */
++  YYSYMBOL_optunop = 349,                  /* optunop  */
++  YYSYMBOL_value = 350,                    /* value  */
++  YYSYMBOL_optcast = 351,                  /* optcast  */
++  YYSYMBOL_scopedname = 352,               /* scopedname  */
++  YYSYMBOL_scopednamehead = 353,           /* scopednamehead  */
++  YYSYMBOL_scopepart = 354,                /* scopepart  */
++  YYSYMBOL_bool_value = 355,               /* bool_value  */
++  YYSYMBOL_simplevalue = 356,              /* simplevalue  */
++  YYSYMBOL_exprlist = 357,                 /* exprlist  */
++  YYSYMBOL_typedef = 358,                  /* typedef  */
++  YYSYMBOL_struct = 359,                   /* struct  */
++  YYSYMBOL_360_10 = 360,                   /* $@10  */
++  YYSYMBOL_361_11 = 361,                   /* $@11  */
++  YYSYMBOL_classtmpl = 362,                /* classtmpl  */
++  YYSYMBOL_363_12 = 363,                   /* $@12  */
++  YYSYMBOL_template = 364,                 /* template  */
++  YYSYMBOL_class = 365,                    /* class  */
++  YYSYMBOL_366_13 = 366,                   /* $@13  */
++  YYSYMBOL_367_14 = 367,                   /* $@14  */
++  YYSYMBOL_superclasses = 368,             /* superclasses  */
++  YYSYMBOL_superlist = 369,                /* superlist  */
++  YYSYMBOL_superclass = 370,               /* superclass  */
++  YYSYMBOL_class_access = 371,             /* class_access  */
++  YYSYMBOL_optclassbody = 372,             /* optclassbody  */
++  YYSYMBOL_classbody = 373,                /* classbody  */
++  YYSYMBOL_classline = 374,                /* classline  */
++  YYSYMBOL_property = 375,                 /* property  */
++  YYSYMBOL_property_args = 376,            /* property_args  */
++  YYSYMBOL_property_arg_list = 377,        /* property_arg_list  */
++  YYSYMBOL_property_arg = 378,             /* property_arg  */
++  YYSYMBOL_property_body = 379,            /* property_body  */
++  YYSYMBOL_property_body_directives = 380, /* property_body_directives  */
++  YYSYMBOL_property_body_directive = 381,  /* property_body_directive  */
++  YYSYMBOL_name_or_string = 382,           /* name_or_string  */
++  YYSYMBOL_optslot = 383,                  /* optslot  */
++  YYSYMBOL_dtor = 384,                     /* dtor  */
++  YYSYMBOL_385_15 = 385,                   /* $@15  */
++  YYSYMBOL_dtor_decl = 386,                /* dtor_decl  */
++  YYSYMBOL_ctor = 387,                     /* ctor  */
++  YYSYMBOL_388_16 = 388,                   /* $@16  */
++  YYSYMBOL_simplector = 389,               /* simplector  */
++  YYSYMBOL_optctorsig = 390,               /* optctorsig  */
++  YYSYMBOL_391_17 = 391,                   /* $@17  */
++  YYSYMBOL_optsig = 392,                   /* optsig  */
++  YYSYMBOL_393_18 = 393,                   /* $@18  */
++  YYSYMBOL_function = 394,                 /* function  */
++  YYSYMBOL_operatorname = 395,             /* operatorname  */
++  YYSYMBOL_optconst = 396,                 /* optconst  */
++  YYSYMBOL_optfinal = 397,                 /* optfinal  */
++  YYSYMBOL_optabstract = 398,              /* optabstract  */
++  YYSYMBOL_optflags = 399,                 /* optflags  */
++  YYSYMBOL_flaglist = 400,                 /* flaglist  */
++  YYSYMBOL_flag = 401,                     /* flag  */
++  YYSYMBOL_flagvalue = 402,                /* flagvalue  */
++  YYSYMBOL_virtualcallcode = 403,          /* virtualcallcode  */
++  YYSYMBOL_methodcode = 404,               /* methodcode  */
++  YYSYMBOL_premethodcode = 405,            /* premethodcode  */
++  YYSYMBOL_virtualcatchercode = 406,       /* virtualcatchercode  */
++  YYSYMBOL_arglist = 407,                  /* arglist  */
++  YYSYMBOL_rawarglist = 408,               /* rawarglist  */
++  YYSYMBOL_argvalue = 409,                 /* argvalue  */
++  YYSYMBOL_varmember = 410,                /* varmember  */
++  YYSYMBOL_411_19 = 411,                   /* $@19  */
++  YYSYMBOL_412_20 = 412,                   /* $@20  */
++  YYSYMBOL_simple_varmem = 413,            /* simple_varmem  */
++  YYSYMBOL_414_21 = 414,                   /* $@21  */
++  YYSYMBOL_varmem = 415,                   /* varmem  */
++  YYSYMBOL_member = 416,                   /* member  */
++  YYSYMBOL_417_22 = 417,                   /* $@22  */
++  YYSYMBOL_variable = 418,                 /* variable  */
++  YYSYMBOL_variable_body = 419,            /* variable_body  */
++  YYSYMBOL_variable_body_directives = 420, /* variable_body_directives  */
++  YYSYMBOL_variable_body_directive = 421,  /* variable_body_directive  */
++  YYSYMBOL_cpptype = 422,                  /* cpptype  */
++  YYSYMBOL_argtype = 423,                  /* argtype  */
++  YYSYMBOL_optref = 424,                   /* optref  */
++  YYSYMBOL_deref = 425,                    /* deref  */
++  YYSYMBOL_basetype = 426,                 /* basetype  */
++  YYSYMBOL_cpptypelist = 427,              /* cpptypelist  */
++  YYSYMBOL_optexceptions = 428,            /* optexceptions  */
++  YYSYMBOL_exceptionlist = 429             /* exceptionlist  */
++};
++typedef enum yysymbol_kind_t yysymbol_kind_t;
+ 
+-/* Copy the second part of user declarations.  */
+ 
+ 
+-/* Line 216 of yacc.c.  */
+-#line 639 "sip-4.19.23/sipgen/parser.c"
+ 
+ #ifdef short
+ # undef short
+ #endif
+ 
+-#ifdef YYTYPE_UINT8
+-typedef YYTYPE_UINT8 yytype_uint8;
+-#else
+-typedef unsigned char yytype_uint8;
++/* On compilers that do not define __PTRDIFF_MAX__ etc., make sure
++   <limits.h> and (if available) <stdint.h> are included
++   so that the code can choose integer types of a good width.  */
++
++#ifndef __PTRDIFF_MAX__
++# include <limits.h> /* INFRINGES ON USER NAME SPACE */
++# if defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__
++#  include <stdint.h> /* INFRINGES ON USER NAME SPACE */
++#  define YY_STDINT_H
++# endif
+ #endif
+ 
+-#ifdef YYTYPE_INT8
+-typedef YYTYPE_INT8 yytype_int8;
+-#elif (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
++/* Narrow types that promote to a signed type and that can represent a
++   signed or unsigned integer of at least N bits.  In tables they can
++   save space and decrease cache pressure.  Promoting to a signed type
++   helps avoid bugs in integer arithmetic.  */
++
++#ifdef __INT_LEAST8_MAX__
++typedef __INT_LEAST8_TYPE__ yytype_int8;
++#elif defined YY_STDINT_H
++typedef int_least8_t yytype_int8;
++#else
+ typedef signed char yytype_int8;
++#endif
++
++#ifdef __INT_LEAST16_MAX__
++typedef __INT_LEAST16_TYPE__ yytype_int16;
++#elif defined YY_STDINT_H
++typedef int_least16_t yytype_int16;
+ #else
+-typedef short int yytype_int8;
++typedef short yytype_int16;
++#endif
++
++/* Work around bug in HP-UX 11.23, which defines these macros
++   incorrectly for preprocessor constants.  This workaround can likely
++   be removed in 2023, as HPE has promised support for HP-UX 11.23
++   (aka HP-UX 11i v2) only through the end of 2022; see Table 2 of
++   <https://h20195.www2.hpe.com/V2/getpdf.aspx/4AA4-7673ENW.pdf>.  */
++#ifdef __hpux
++# undef UINT_LEAST8_MAX
++# undef UINT_LEAST16_MAX
++# define UINT_LEAST8_MAX 255
++# define UINT_LEAST16_MAX 65535
+ #endif
+ 
+-#ifdef YYTYPE_UINT16
+-typedef YYTYPE_UINT16 yytype_uint16;
++#if defined __UINT_LEAST8_MAX__ && __UINT_LEAST8_MAX__ <= __INT_MAX__
++typedef __UINT_LEAST8_TYPE__ yytype_uint8;
++#elif (!defined __UINT_LEAST8_MAX__ && defined YY_STDINT_H \
++       && UINT_LEAST8_MAX <= INT_MAX)
++typedef uint_least8_t yytype_uint8;
++#elif !defined __UINT_LEAST8_MAX__ && UCHAR_MAX <= INT_MAX
++typedef unsigned char yytype_uint8;
+ #else
+-typedef unsigned short int yytype_uint16;
++typedef short yytype_uint8;
+ #endif
+ 
+-#ifdef YYTYPE_INT16
+-typedef YYTYPE_INT16 yytype_int16;
++#if defined __UINT_LEAST16_MAX__ && __UINT_LEAST16_MAX__ <= __INT_MAX__
++typedef __UINT_LEAST16_TYPE__ yytype_uint16;
++#elif (!defined __UINT_LEAST16_MAX__ && defined YY_STDINT_H \
++       && UINT_LEAST16_MAX <= INT_MAX)
++typedef uint_least16_t yytype_uint16;
++#elif !defined __UINT_LEAST16_MAX__ && USHRT_MAX <= INT_MAX
++typedef unsigned short yytype_uint16;
+ #else
+-typedef short int yytype_int16;
++typedef int yytype_uint16;
++#endif
++
++#ifndef YYPTRDIFF_T
++# if defined __PTRDIFF_TYPE__ && defined __PTRDIFF_MAX__
++#  define YYPTRDIFF_T __PTRDIFF_TYPE__
++#  define YYPTRDIFF_MAXIMUM __PTRDIFF_MAX__
++# elif defined PTRDIFF_MAX
++#  ifndef ptrdiff_t
++#   include <stddef.h> /* INFRINGES ON USER NAME SPACE */
++#  endif
++#  define YYPTRDIFF_T ptrdiff_t
++#  define YYPTRDIFF_MAXIMUM PTRDIFF_MAX
++# else
++#  define YYPTRDIFF_T long
++#  define YYPTRDIFF_MAXIMUM LONG_MAX
++# endif
+ #endif
+ 
+ #ifndef YYSIZE_T
+@@ -673,55 +806,106 @@ typedef short int yytype_int16;
+ #  define YYSIZE_T __SIZE_TYPE__
+ # elif defined size_t
+ #  define YYSIZE_T size_t
+-# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
++# elif defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__
+ #  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
+ #  define YYSIZE_T size_t
+ # else
+-#  define YYSIZE_T unsigned int
++#  define YYSIZE_T unsigned
+ # endif
+ #endif
+ 
+-#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
++#define YYSIZE_MAXIMUM                                  \
++  YY_CAST (YYPTRDIFF_T,                                 \
++           (YYPTRDIFF_MAXIMUM < YY_CAST (YYSIZE_T, -1)  \
++            ? YYPTRDIFF_MAXIMUM                         \
++            : YY_CAST (YYSIZE_T, -1)))
++
++#define YYSIZEOF(X) YY_CAST (YYPTRDIFF_T, sizeof (X))
++
++
++/* Stored state numbers (used for stacks). */
++typedef yytype_int16 yy_state_t;
++
++/* State numbers in computations.  */
++typedef int yy_state_fast_t;
+ 
+ #ifndef YY_
+ # if defined YYENABLE_NLS && YYENABLE_NLS
+ #  if ENABLE_NLS
+ #   include <libintl.h> /* INFRINGES ON USER NAME SPACE */
+-#   define YY_(msgid) dgettext ("bison-runtime", msgid)
++#   define YY_(Msgid) dgettext ("bison-runtime", Msgid)
+ #  endif
+ # endif
+ # ifndef YY_
+-#  define YY_(msgid) msgid
++#  define YY_(Msgid) Msgid
++# endif
++#endif
++
++
++#ifndef YY_ATTRIBUTE_PURE
++# if defined __GNUC__ && 2 < __GNUC__ + (96 <= __GNUC_MINOR__)
++#  define YY_ATTRIBUTE_PURE __attribute__ ((__pure__))
++# else
++#  define YY_ATTRIBUTE_PURE
++# endif
++#endif
++
++#ifndef YY_ATTRIBUTE_UNUSED
++# if defined __GNUC__ && 2 < __GNUC__ + (7 <= __GNUC_MINOR__)
++#  define YY_ATTRIBUTE_UNUSED __attribute__ ((__unused__))
++# else
++#  define YY_ATTRIBUTE_UNUSED
+ # endif
+ #endif
+ 
+ /* Suppress unused-variable warnings by "using" E.  */
+ #if ! defined lint || defined __GNUC__
+-# define YYUSE(e) ((void) (e))
++# define YY_USE(E) ((void) (E))
+ #else
+-# define YYUSE(e) /* empty */
++# define YY_USE(E) /* empty */
+ #endif
+ 
+-/* Identity function, used to suppress warnings about constant conditions.  */
+-#ifndef lint
+-# define YYID(n) (n)
+-#else
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+-static int
+-YYID (int i)
++/* Suppress an incorrect diagnostic about yylval being uninitialized.  */
++#if defined __GNUC__ && ! defined __ICC && 406 <= __GNUC__ * 100 + __GNUC_MINOR__
++# if __GNUC__ * 100 + __GNUC_MINOR__ < 407
++#  define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN                           \
++    _Pragma ("GCC diagnostic push")                                     \
++    _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"")
++# else
++#  define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN                           \
++    _Pragma ("GCC diagnostic push")                                     \
++    _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"")              \
++    _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
++# endif
++# define YY_IGNORE_MAYBE_UNINITIALIZED_END      \
++    _Pragma ("GCC diagnostic pop")
+ #else
+-static int
+-YYID (i)
+-    int i;
++# define YY_INITIAL_VALUE(Value) Value
+ #endif
+-{
+-  return i;
+-}
++#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
++# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
++# define YY_IGNORE_MAYBE_UNINITIALIZED_END
++#endif
++#ifndef YY_INITIAL_VALUE
++# define YY_INITIAL_VALUE(Value) /* Nothing. */
++#endif
++
++#if defined __cplusplus && defined __GNUC__ && ! defined __ICC && 6 <= __GNUC__
++# define YY_IGNORE_USELESS_CAST_BEGIN                          \
++    _Pragma ("GCC diagnostic push")                            \
++    _Pragma ("GCC diagnostic ignored \"-Wuseless-cast\"")
++# define YY_IGNORE_USELESS_CAST_END            \
++    _Pragma ("GCC diagnostic pop")
+ #endif
++#ifndef YY_IGNORE_USELESS_CAST_BEGIN
++# define YY_IGNORE_USELESS_CAST_BEGIN
++# define YY_IGNORE_USELESS_CAST_END
++#endif
++
++
++#define YY_ASSERT(E) ((void) (0 && (E)))
+ 
+-#if ! defined yyoverflow || YYERROR_VERBOSE
++#if !defined yyoverflow
+ 
+ /* The parser invokes alloca or malloc; define the necessary symbols.  */
+ 
+@@ -738,11 +922,11 @@ YYID (i)
+ #    define alloca _alloca
+ #   else
+ #    define YYSTACK_ALLOC alloca
+-#    if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
++#    if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS
+ #     include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+-#     ifndef _STDLIB_H
+-#      define _STDLIB_H 1
++      /* Use EXIT_SUCCESS as a witness for stdlib.h.  */
++#     ifndef EXIT_SUCCESS
++#      define EXIT_SUCCESS 0
+ #     endif
+ #    endif
+ #   endif
+@@ -750,8 +934,8 @@ YYID (i)
+ # endif
+ 
+ # ifdef YYSTACK_ALLOC
+-   /* Pacify GCC's `empty if-body' warning.  */
+-#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
++   /* Pacify GCC's 'empty if-body' warning.  */
++#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (0)
+ #  ifndef YYSTACK_ALLOC_MAXIMUM
+     /* The OS might guarantee only one guard page at the bottom of the stack,
+        and a page size can be as small as 4096 bytes.  So we cannot safely
+@@ -765,125 +949,131 @@ YYID (i)
+ #  ifndef YYSTACK_ALLOC_MAXIMUM
+ #   define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
+ #  endif
+-#  if (defined __cplusplus && ! defined _STDLIB_H \
++#  if (defined __cplusplus && ! defined EXIT_SUCCESS \
+        && ! ((defined YYMALLOC || defined malloc) \
+-	     && (defined YYFREE || defined free)))
++             && (defined YYFREE || defined free)))
+ #   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+-#   ifndef _STDLIB_H
+-#    define _STDLIB_H 1
++#   ifndef EXIT_SUCCESS
++#    define EXIT_SUCCESS 0
+ #   endif
+ #  endif
+ #  ifndef YYMALLOC
+ #   define YYMALLOC malloc
+-#   if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
++#   if ! defined malloc && ! defined EXIT_SUCCESS
+ void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
+ #   endif
+ #  endif
+ #  ifndef YYFREE
+ #   define YYFREE free
+-#   if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
++#   if ! defined free && ! defined EXIT_SUCCESS
+ void free (void *); /* INFRINGES ON USER NAME SPACE */
+ #   endif
+ #  endif
+ # endif
+-#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
+-
++#endif /* !defined yyoverflow */
+ 
+ #if (! defined yyoverflow \
+      && (! defined __cplusplus \
+-	 || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
++         || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
+ 
+ /* A type that is properly aligned for any stack member.  */
+ union yyalloc
+ {
+-  yytype_int16 yyss;
+-  YYSTYPE yyvs;
+-  };
++  yy_state_t yyss_alloc;
++  YYSTYPE yyvs_alloc;
++};
+ 
+ /* The size of the maximum gap between one aligned stack and the next.  */
+-# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
++# define YYSTACK_GAP_MAXIMUM (YYSIZEOF (union yyalloc) - 1)
+ 
+ /* The size of an array large to enough to hold all stacks, each with
+    N elements.  */
+ # define YYSTACK_BYTES(N) \
+-     ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
++     ((N) * (YYSIZEOF (yy_state_t) + YYSIZEOF (YYSTYPE)) \
+       + YYSTACK_GAP_MAXIMUM)
+ 
+-/* Copy COUNT objects from FROM to TO.  The source and destination do
+-   not overlap.  */
+-# ifndef YYCOPY
+-#  if defined __GNUC__ && 1 < __GNUC__
+-#   define YYCOPY(To, From, Count) \
+-      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
+-#  else
+-#   define YYCOPY(To, From, Count)		\
+-      do					\
+-	{					\
+-	  YYSIZE_T yyi;				\
+-	  for (yyi = 0; yyi < (Count); yyi++)	\
+-	    (To)[yyi] = (From)[yyi];		\
+-	}					\
+-      while (YYID (0))
+-#  endif
+-# endif
++# define YYCOPY_NEEDED 1
+ 
+ /* Relocate STACK from its old location to the new one.  The
+    local variables YYSIZE and YYSTACKSIZE give the old and new number of
+    elements in the stack, and YYPTR gives the new location of the
+    stack.  Advance YYPTR to a properly aligned location for the next
+    stack.  */
+-# define YYSTACK_RELOCATE(Stack)					\
+-    do									\
+-      {									\
+-	YYSIZE_T yynewbytes;						\
+-	YYCOPY (&yyptr->Stack, Stack, yysize);				\
+-	Stack = &yyptr->Stack;						\
+-	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
+-	yyptr += yynewbytes / sizeof (*yyptr);				\
+-      }									\
+-    while (YYID (0))
++# define YYSTACK_RELOCATE(Stack_alloc, Stack)                           \
++    do                                                                  \
++      {                                                                 \
++        YYPTRDIFF_T yynewbytes;                                         \
++        YYCOPY (&yyptr->Stack_alloc, Stack, yysize);                    \
++        Stack = &yyptr->Stack_alloc;                                    \
++        yynewbytes = yystacksize * YYSIZEOF (*Stack) + YYSTACK_GAP_MAXIMUM; \
++        yyptr += yynewbytes / YYSIZEOF (*yyptr);                        \
++      }                                                                 \
++    while (0)
+ 
+ #endif
+ 
++#if defined YYCOPY_NEEDED && YYCOPY_NEEDED
++/* Copy COUNT objects from SRC to DST.  The source and destination do
++   not overlap.  */
++# ifndef YYCOPY
++#  if defined __GNUC__ && 1 < __GNUC__
++#   define YYCOPY(Dst, Src, Count) \
++      __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src)))
++#  else
++#   define YYCOPY(Dst, Src, Count)              \
++      do                                        \
++        {                                       \
++          YYPTRDIFF_T yyi;                      \
++          for (yyi = 0; yyi < (Count); yyi++)   \
++            (Dst)[yyi] = (Src)[yyi];            \
++        }                                       \
++      while (0)
++#  endif
++# endif
++#endif /* !YYCOPY_NEEDED */
++
+ /* YYFINAL -- State number of the termination state.  */
+ #define YYFINAL  4
+ /* YYLAST -- Last index in YYTABLE.  */
+-#define YYLAST   1630
++#define YYLAST   1669
+ 
+ /* YYNTOKENS -- Number of terminals.  */
+-#define YYNTOKENS  174
++#define YYNTOKENS  175
+ /* YYNNTS -- Number of nonterminals.  */
+ #define YYNNTS  255
+ /* YYNRULES -- Number of rules.  */
+-#define YYNRULES  597
+-/* YYNRULES -- Number of states.  */
+-#define YYNSTATES  1047
+-
+-/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
+-#define YYUNDEFTOK  2
+-#define YYMAXUTOK   406
+-
+-#define YYTRANSLATE(YYX)						\
+-  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
++#define YYNRULES  598
++/* YYNSTATES -- Number of states.  */
++#define YYNSTATES  1050
++
++/* YYMAXUTOK -- Last valid token kind.  */
++#define YYMAXUTOK   407
++
++
++/* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM
++   as returned by yylex, with out-of-bounds checking.  */
++#define YYTRANSLATE(YYX)                                \
++  (0 <= (YYX) && (YYX) <= YYMAXUTOK                     \
++   ? YY_CAST (yysymbol_kind_t, yytranslate[YYX])        \
++   : YYSYMBOL_YYUNDEF)
+ 
+-/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
++/* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM
++   as returned by yylex.  */
+ static const yytype_uint8 yytranslate[] =
+ {
+        0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+-       2,     2,     2,   159,     2,     2,     2,   172,   164,     2,
+-     152,   153,   162,   161,   154,   160,     2,   163,     2,     2,
+-       2,     2,     2,     2,     2,     2,     2,     2,   169,   158,
+-     167,   155,   168,     2,     2,     2,     2,     2,     2,     2,
++       2,     2,     2,   160,     2,     2,     2,   173,   165,     2,
++     153,   154,   163,   162,   155,   161,     2,   164,     2,     2,
++       2,     2,     2,     2,     2,     2,     2,     2,   170,   159,
++     168,   156,   169,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+-       2,   170,     2,   171,   173,     2,     2,     2,     2,     2,
++       2,   171,     2,   172,   174,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+-       2,     2,     2,   156,   165,   157,   166,     2,     2,     2,
++       2,     2,     2,   157,   166,   158,   167,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+@@ -911,334 +1101,97 @@ static const yytype_uint8 yytranslate[]
+      115,   116,   117,   118,   119,   120,   121,   122,   123,   124,
+      125,   126,   127,   128,   129,   130,   131,   132,   133,   134,
+      135,   136,   137,   138,   139,   140,   141,   142,   143,   144,
+-     145,   146,   147,   148,   149,   150,   151
++     145,   146,   147,   148,   149,   150,   151,   152
+ };
+ 
+ #if YYDEBUG
+-/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
+-   YYRHS.  */
+-static const yytype_uint16 yyprhs[] =
+-{
+-       0,     0,     3,     5,     8,     9,    12,    14,    16,    18,
+-      20,    22,    24,    26,    28,    30,    32,    34,    36,    38,
+-      40,    42,    44,    46,    48,    50,    52,    54,    56,    58,
+-      60,    62,    64,    66,    68,    70,    72,    74,    76,    78,
+-      80,    82,    84,    86,    88,    90,    92,    94,    96,    98,
+-     100,   102,   104,   106,   108,   110,   112,   115,   117,   121,
+-     123,   127,   131,   134,   136,   140,   142,   146,   150,   153,
+-     155,   159,   161,   165,   169,   172,   174,   178,   180,   184,
+-     188,   192,   194,   198,   200,   204,   208,   211,   214,   218,
+-     220,   224,   228,   232,   238,   239,   243,   248,   250,   253,
+-     255,   257,   259,   261,   264,   265,   271,   272,   279,   284,
+-     286,   289,   291,   293,   295,   297,   300,   303,   305,   307,
+-     309,   324,   325,   331,   332,   336,   338,   341,   342,   348,
+-     350,   353,   355,   358,   360,   364,   366,   370,   374,   375,
+-     381,   383,   386,   388,   389,   395,   397,   400,   404,   409,
+-     411,   415,   417,   421,   422,   424,   428,   430,   434,   438,
+-     442,   446,   450,   453,   455,   459,   461,   465,   469,   472,
+-     474,   478,   480,   484,   488,   491,   493,   497,   499,   503,
+-     507,   511,   513,   517,   519,   523,   527,   528,   533,   535,
+-     538,   540,   542,   544,   548,   550,   554,   556,   560,   564,
+-     565,   570,   572,   575,   577,   579,   581,   585,   589,   590,
+-     594,   598,   600,   604,   608,   612,   616,   620,   624,   628,
+-     632,   636,   640,   641,   646,   648,   651,   653,   655,   657,
+-     659,   661,   663,   664,   666,   669,   671,   675,   677,   681,
+-     685,   689,   692,   695,   697,   701,   703,   707,   711,   712,
+-     715,   716,   719,   720,   723,   726,   729,   732,   735,   738,
+-     741,   744,   747,   750,   753,   756,   759,   762,   765,   768,
+-     771,   774,   777,   780,   783,   786,   789,   792,   795,   798,
+-     801,   804,   807,   810,   814,   816,   820,   824,   828,   829,
+-     831,   835,   837,   841,   845,   849,   850,   852,   856,   858,
+-     862,   864,   868,   872,   876,   881,   884,   886,   889,   890,
+-     900,   901,   903,   905,   906,   908,   909,   911,   912,   914,
+-     916,   919,   921,   923,   928,   929,   931,   932,   935,   936,
+-     939,   941,   945,   947,   949,   951,   953,   955,   957,   958,
+-     960,   962,   964,   966,   968,   970,   974,   975,   979,   982,
+-     984,   986,   990,   992,   994,   996,   998,  1003,  1006,  1008,
+-    1010,  1012,  1014,  1016,  1018,  1019,  1021,  1025,  1032,  1045,
+-    1046,  1047,  1056,  1057,  1061,  1066,  1067,  1068,  1077,  1078,
+-    1081,  1083,  1087,  1090,  1091,  1093,  1095,  1097,  1098,  1102,
+-    1103,  1105,  1108,  1110,  1112,  1114,  1116,  1118,  1120,  1122,
+-    1124,  1126,  1128,  1130,  1132,  1134,  1136,  1138,  1140,  1142,
+-    1144,  1146,  1148,  1150,  1152,  1154,  1156,  1158,  1160,  1162,
+-    1164,  1167,  1170,  1173,  1177,  1181,  1185,  1188,  1192,  1196,
+-    1198,  1202,  1206,  1210,  1214,  1215,  1220,  1222,  1225,  1227,
+-    1229,  1231,  1233,  1235,  1236,  1238,  1239,  1243,  1245,  1257,
+-    1258,  1262,  1264,  1276,  1277,  1278,  1285,  1286,  1287,  1295,
+-    1313,  1321,  1339,  1356,  1358,  1360,  1362,  1364,  1366,  1368,
+-    1370,  1372,  1375,  1378,  1381,  1384,  1387,  1390,  1393,  1396,
+-    1399,  1402,  1406,  1410,  1412,  1415,  1418,  1420,  1423,  1426,
+-    1429,  1431,  1434,  1435,  1437,  1438,  1440,  1441,  1444,  1445,
+-    1449,  1451,  1455,  1457,  1461,  1463,  1469,  1471,  1473,  1474,
+-    1477,  1478,  1481,  1482,  1485,  1486,  1489,  1491,  1492,  1494,
+-    1498,  1503,  1508,  1513,  1517,  1521,  1528,  1535,  1539,  1542,
+-    1543,  1547,  1548,  1552,  1554,  1555,  1559,  1561,  1563,  1565,
+-    1566,  1570,  1572,  1581,  1582,  1586,  1588,  1591,  1593,  1595,
+-    1598,  1601,  1604,  1609,  1613,  1617,  1618,  1620,  1621,  1625,
+-    1628,  1630,  1635,  1638,  1641,  1643,  1645,  1648,  1650,  1652,
+-    1655,  1658,  1662,  1664,  1666,  1668,  1671,  1674,  1676,  1678,
+-    1680,  1682,  1684,  1686,  1688,  1690,  1692,  1694,  1696,  1698,
+-    1700,  1702,  1704,  1708,  1709,  1714,  1715,  1717
+-};
+-
+-/* YYRHS -- A `-1'-separated list of the rules' RHS.  */
+-static const yytype_int16 yyrhs[] =
+-{
+-     175,     0,    -1,   176,    -1,   175,   176,    -1,    -1,   177,
+-     178,    -1,   269,    -1,   255,    -1,   262,    -1,   192,    -1,
+-     291,    -1,   279,    -1,   283,    -1,   284,    -1,   200,    -1,
+-     230,    -1,   222,    -1,   226,    -1,   239,    -1,   180,    -1,
+-     184,    -1,   188,    -1,   243,    -1,   247,    -1,   251,    -1,
+-     292,    -1,   293,    -1,   306,    -1,   308,    -1,   309,    -1,
+-     310,    -1,   311,    -1,   312,    -1,   313,    -1,   314,    -1,
+-     315,    -1,   317,    -1,   318,    -1,   328,    -1,   332,    -1,
+-     210,    -1,   212,    -1,   196,    -1,   179,    -1,   234,    -1,
+-     238,    -1,   218,    -1,   358,    -1,   364,    -1,   361,    -1,
+-     204,    -1,   357,    -1,   335,    -1,   393,    -1,   417,    -1,
+-     294,    -1,     5,   181,    -1,    36,    -1,   152,   182,   153,
+-      -1,   183,    -1,   182,   154,   183,    -1,   138,   155,    36,
+-      -1,     6,   185,    -1,    36,    -1,   152,   186,   153,    -1,
+-     187,    -1,   186,   154,   187,    -1,   138,   155,    36,    -1,
+-       7,   189,    -1,    36,    -1,   152,   190,   153,    -1,   191,
+-      -1,   190,   154,   191,    -1,   138,   155,    36,    -1,     8,
+-     193,    -1,    34,    -1,   152,   194,   153,    -1,   195,    -1,
+-     194,   154,   195,    -1,   138,   155,    34,    -1,     9,   197,
+-     333,    -1,    34,    -1,   152,   198,   153,    -1,   199,    -1,
+-     198,   154,   199,    -1,   138,   155,    34,    -1,     3,   201,
+-      -1,    34,   107,    -1,   152,   202,   153,    -1,   203,    -1,
+-     202,   154,   203,    -1,   138,   155,   381,    -1,   151,   155,
+-     107,    -1,   122,   351,   205,   398,   206,    -1,    -1,   152,
+-     351,   153,    -1,   156,   207,   157,   158,    -1,   208,    -1,
+-     207,   208,    -1,   234,    -1,   238,    -1,   209,    -1,   294,
+-      -1,   123,   333,    -1,    -1,    30,   425,   398,   211,   214,
+-      -1,    -1,   363,    30,   425,   398,   213,   214,    -1,   156,
+-     215,   157,   158,    -1,   216,    -1,   215,   216,    -1,   234,
+-      -1,   238,    -1,   294,    -1,   307,    -1,    51,   333,    -1,
+-      52,   333,    -1,   303,    -1,   335,    -1,   217,    -1,    97,
+-     421,    34,   152,   406,   153,   395,   427,   398,   391,   158,
+-     327,   404,   403,    -1,    -1,   110,    34,   219,   220,   158,
+-      -1,    -1,   156,   221,   157,    -1,   179,    -1,   221,   179,
+-      -1,    -1,   112,   223,   156,   224,   157,    -1,   225,    -1,
+-     224,   225,    -1,    34,    -1,   113,   227,    -1,    34,    -1,
+-     152,   228,   153,    -1,   229,    -1,   228,   154,   229,    -1,
+-     138,   155,   381,    -1,    -1,   111,   231,   156,   232,   157,
+-      -1,   233,    -1,   232,   233,    -1,    34,    -1,    -1,    32,
+-     152,   235,   237,   153,    -1,    34,    -1,   159,    34,    -1,
+-     236,    95,    34,    -1,   236,    95,   159,    34,    -1,   236,
+-      -1,   339,   160,   339,    -1,    33,    -1,   114,   240,   398,
+-      -1,    -1,    36,    -1,   152,   241,   153,    -1,   242,    -1,
+-     241,   154,   242,    -1,   145,   155,    36,    -1,   137,   155,
+-      36,    -1,   143,   155,    36,    -1,   144,   155,    36,    -1,
+-     128,   244,    -1,   277,    -1,   152,   245,   153,    -1,   246,
+-      -1,   245,   154,   246,    -1,   138,   155,   277,    -1,   129,
+-     248,    -1,   277,    -1,   152,   249,   153,    -1,   250,    -1,
+-     249,   154,   250,    -1,   138,   155,   277,    -1,   131,   252,
+-      -1,   351,    -1,   152,   253,   153,    -1,   254,    -1,   253,
+-     154,   254,    -1,   138,   155,   351,    -1,    62,   256,   259,
+-      -1,   277,    -1,   152,   257,   153,    -1,   258,    -1,   257,
+-     154,   258,    -1,   138,   155,   277,    -1,    -1,   156,   260,
+-     157,   158,    -1,   261,    -1,   260,   261,    -1,   234,    -1,
+-     238,    -1,   323,    -1,    63,   263,   266,    -1,   277,    -1,
+-     152,   264,   153,    -1,   265,    -1,   264,   154,   265,    -1,
+-     138,   155,   277,    -1,    -1,   156,   267,   157,   158,    -1,
+-     268,    -1,   267,   268,    -1,   234,    -1,   238,    -1,   323,
+-      -1,    60,   270,   274,    -1,    61,   277,   278,    -1,    -1,
+-     277,   271,   278,    -1,   152,   272,   153,    -1,   273,    -1,
+-     272,   154,   273,    -1,   135,   155,    36,    -1,   136,   155,
+-      36,    -1,   138,   155,   277,    -1,   146,   155,   354,    -1,
+-     147,   155,   354,    -1,   148,   155,   354,    -1,   149,   155,
+-     354,    -1,   150,   155,    34,    -1,   151,   155,   107,    -1,
+-      -1,   156,   275,   157,   158,    -1,   276,    -1,   275,   276,
+-      -1,   234,    -1,   238,    -1,   319,    -1,   323,    -1,    34,
+-      -1,    35,    -1,    -1,   107,    -1,    54,   280,    -1,    35,
+-      -1,   152,   281,   153,    -1,   282,    -1,   281,   154,   282,
+-      -1,   138,   155,    35,    -1,   139,   155,   354,    -1,    55,
+-      35,    -1,    56,   285,    -1,    35,    -1,   152,   286,   153,
+-      -1,   287,    -1,   286,   154,   287,    -1,   138,   155,    35,
+-      -1,    -1,    17,   333,    -1,    -1,    18,   333,    -1,    -1,
+-      19,   333,    -1,    29,   333,    -1,    57,   333,    -1,    58,
+-     333,    -1,    59,   333,    -1,    38,   333,    -1,    39,   333,
+-      -1,    40,   333,    -1,    41,   333,    -1,    42,   333,    -1,
+-      43,   333,    -1,    44,   333,    -1,    45,   333,    -1,    50,
+-     333,    -1,    46,   333,    -1,    23,   333,    -1,    26,   333,
+-      -1,    27,   333,    -1,    20,   333,    -1,    21,   333,    -1,
+-      22,   333,    -1,    24,   333,    -1,    25,   333,    -1,    28,
+-     333,    -1,    10,   333,    -1,    11,   333,    -1,    11,   333,
+-      -1,    13,   333,    -1,    14,   333,    -1,     4,   320,    -1,
+-     152,   321,   153,    -1,   322,    -1,   321,   154,   322,    -1,
+-     141,   155,    36,    -1,    12,   324,   333,    -1,    -1,    36,
+-      -1,   152,   325,   153,    -1,   326,    -1,   325,   154,   326,
+-      -1,   132,   155,    36,    -1,   143,   155,    36,    -1,    -1,
+-     323,    -1,    15,   329,   333,    -1,    34,    -1,   152,   330,
+-     153,    -1,   331,    -1,   330,   154,   331,    -1,   134,   155,
+-      34,    -1,   140,   155,   107,    -1,    16,    35,   338,   333,
+-      -1,   334,    33,    -1,    31,    -1,   334,    31,    -1,    -1,
+-      91,   337,   339,   398,   336,   156,   340,   157,   158,    -1,
+-      -1,    64,    -1,    65,    -1,    -1,    35,    -1,    -1,    34,
+-      -1,    -1,   341,    -1,   342,    -1,   341,   342,    -1,   234,
+-      -1,   238,    -1,    34,   344,   398,   343,    -1,    -1,   154,
+-      -1,    -1,   155,   349,    -1,    -1,   155,   346,    -1,   349,
+-      -1,   346,   347,   349,    -1,   160,    -1,   161,    -1,   162,
+-      -1,   163,    -1,   164,    -1,   165,    -1,    -1,   159,    -1,
+-     166,    -1,   160,    -1,   161,    -1,   162,    -1,   164,    -1,
+-     350,   348,   355,    -1,    -1,   152,   351,   153,    -1,    94,
+-     352,    -1,   352,    -1,   353,    -1,   352,    94,   353,    -1,
+-      34,    -1,   116,    -1,   117,    -1,   351,    -1,   425,   152,
+-     356,   153,    -1,   156,   157,    -1,   108,    -1,   107,    -1,
+-     354,    -1,   118,    -1,    36,    -1,   115,    -1,    -1,   346,
+-      -1,   356,   154,   346,    -1,   109,   421,    34,   398,   158,
+-     327,    -1,   109,   421,   152,   162,    34,   153,   152,   426,
+-     153,   398,   158,   327,    -1,    -1,    -1,    65,   351,   359,
+-     367,   398,   360,   371,   158,    -1,    -1,   363,   362,   364,
+-      -1,   125,   167,   426,   168,    -1,    -1,    -1,    64,   351,
+-     365,   367,   398,   366,   371,   158,    -1,    -1,   169,   368,
+-      -1,   369,    -1,   368,   154,   369,    -1,   370,   351,    -1,
+-      -1,    66,    -1,    67,    -1,    68,    -1,    -1,   156,   372,
+-     157,    -1,    -1,   373,    -1,   372,   373,    -1,   234,    -1,
+-     238,    -1,   218,    -1,   358,    -1,   364,    -1,   361,    -1,
+-     204,    -1,   357,    -1,   335,    -1,   374,    -1,   323,    -1,
+-     307,    -1,   294,    -1,   295,    -1,   296,    -1,   297,    -1,
+-     298,    -1,   299,    -1,   300,    -1,   301,    -1,   302,    -1,
+-     303,    -1,   304,    -1,   305,    -1,   316,    -1,   386,    -1,
+-     383,    -1,   409,    -1,    53,   333,    -1,    52,   333,    -1,
+-      51,   333,    -1,    66,   382,   169,    -1,    67,   382,   169,
+-      -1,    68,   382,   169,    -1,    69,   169,    -1,   130,   375,
+-     378,    -1,   152,   376,   153,    -1,   377,    -1,   376,   154,
+-     377,    -1,   133,   155,    34,    -1,   138,   155,   381,    -1,
+-     142,   155,    34,    -1,    -1,   156,   379,   157,   158,    -1,
+-     380,    -1,   379,   380,    -1,   234,    -1,   238,    -1,   323,
+-      -1,    34,    -1,    36,    -1,    -1,    71,    -1,    -1,    90,
+-     384,   385,    -1,   385,    -1,   166,    34,   152,   153,   427,
+-     397,   398,   158,   404,   403,   405,    -1,    -1,   124,   387,
+-     388,    -1,   388,    -1,    34,   152,   406,   153,   427,   398,
+-     389,   158,   327,   404,   403,    -1,    -1,    -1,   170,   390,
+-     152,   406,   153,   171,    -1,    -1,    -1,   170,   392,   421,
+-     152,   406,   153,   171,    -1,   421,    34,   152,   406,   153,
+-     395,   396,   427,   397,   398,   391,   158,   327,   404,   403,
+-     405,   402,    -1,   421,   119,   155,   152,   421,   153,   158,
+-      -1,   421,   119,   394,   152,   406,   153,   395,   396,   427,
+-     397,   398,   391,   158,   404,   403,   405,   402,    -1,   119,
+-     421,   152,   406,   153,   395,   396,   427,   397,   398,   391,
+-     158,   404,   403,   405,   402,    -1,   161,    -1,   160,    -1,
+-     162,    -1,   163,    -1,   172,    -1,   164,    -1,   165,    -1,
+-     173,    -1,   167,   167,    -1,   168,   168,    -1,   161,   155,
+-      -1,   160,   155,    -1,   162,   155,    -1,   163,   155,    -1,
+-     172,   155,    -1,   164,   155,    -1,   165,   155,    -1,   173,
+-     155,    -1,   167,   167,   155,    -1,   168,   168,   155,    -1,
+-     166,    -1,   152,   153,    -1,   170,   171,    -1,   167,    -1,
+-     167,   155,    -1,   155,   155,    -1,   159,   155,    -1,   168,
+-      -1,   168,   155,    -1,    -1,    96,    -1,    -1,   126,    -1,
+-      -1,   155,   107,    -1,    -1,   163,   399,   163,    -1,   400,
+-      -1,   399,   154,   400,    -1,    34,    -1,    34,   155,   401,
+-      -1,   277,    -1,    34,   169,   278,   160,   278,    -1,    36,
+-      -1,   107,    -1,    -1,    47,   333,    -1,    -1,    48,   333,
+-      -1,    -1,    49,   333,    -1,    -1,    37,   333,    -1,   407,
+-      -1,    -1,   408,    -1,   407,   154,   408,    -1,    98,   339,
+-     398,   345,    -1,    99,   339,   398,   345,    -1,   100,   339,
+-     398,   345,    -1,   101,   339,   398,    -1,   102,   339,   398,
+-      -1,   103,   152,   406,   153,   339,   398,    -1,   104,   152,
+-     406,   153,   339,   398,    -1,   121,   339,   398,    -1,   422,
+-     345,    -1,    -1,    70,   410,   412,    -1,    -1,    72,   411,
+-     412,    -1,   412,    -1,    -1,    97,   413,   414,    -1,   414,
+-      -1,   415,    -1,   417,    -1,    -1,    90,   416,   393,    -1,
+-     393,    -1,   421,    34,   398,   418,   158,   288,   289,   290,
+-      -1,    -1,   156,   419,   157,    -1,   420,    -1,   419,   420,
+-      -1,   234,    -1,   238,    -1,    17,   333,    -1,    18,   333,
+-      -1,    19,   333,    -1,    96,   425,   424,   423,    -1,   425,
+-     424,   423,    -1,   421,   339,   398,    -1,    -1,   164,    -1,
+-      -1,   424,   162,    96,    -1,   424,   162,    -1,   351,    -1,
+-     351,   167,   426,   168,    -1,    65,   351,    -1,    93,    74,
+-      -1,    74,    -1,    93,    -1,    93,    75,    -1,    75,    -1,
+-      76,    -1,    93,    76,    -1,    76,    76,    -1,    93,    76,
+-      76,    -1,    77,    -1,    78,    -1,    73,    -1,    92,    79,
+-      -1,    93,    79,    -1,    79,    -1,    80,    -1,    81,    -1,
+-      82,    -1,    83,    -1,    84,    -1,    85,    -1,    86,    -1,
+-      87,    -1,    88,    -1,    89,    -1,   105,    -1,   106,    -1,
+-     127,    -1,   421,    -1,   426,   154,   421,    -1,    -1,   120,
+-     152,   428,   153,    -1,    -1,   351,    -1,   428,   154,   351,
+-      -1
+-};
+-
+-/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
+-static const yytype_uint16 yyrline[] =
++/* YYRLINE[YYN] -- Source line where rule number YYN was defined.  */
++static const yytype_int16 yyrline[] =
+ {
+-       0,   574,   574,   575,   578,   578,   597,   598,   599,   600,
+-     601,   602,   603,   604,   605,   606,   607,   608,   609,   610,
+-     611,   612,   613,   614,   615,   616,   617,   618,   619,   620,
+-     621,   622,   623,   624,   625,   626,   627,   628,   629,   630,
+-     631,   632,   633,   634,   637,   638,   639,   640,   641,   642,
+-     643,   644,   645,   646,   647,   648,   661,   667,   672,   677,
+-     678,   688,   695,   701,   706,   711,   712,   722,   729,   738,
+-     743,   748,   749,   759,   766,   777,   782,   787,   788,   798,
+-     805,   834,   839,   844,   845,   855,   862,   888,   896,   901,
+-     902,   913,   919,   927,   974,   978,  1085,  1090,  1091,  1102,
+-    1105,  1108,  1122,  1138,  1143,  1143,  1166,  1166,  1233,  1247,
+-    1248,  1251,  1252,  1253,  1257,  1261,  1270,  1279,  1288,  1289,
+-    1292,  1307,  1307,  1344,  1345,  1348,  1349,  1352,  1352,  1381,
+-    1382,  1385,  1391,  1397,  1402,  1407,  1408,  1418,  1425,  1425,
+-    1451,  1452,  1455,  1461,  1461,  1480,  1483,  1486,  1489,  1494,
+-    1495,  1500,  1508,  1545,  1553,  1559,  1564,  1565,  1578,  1586,
+-    1594,  1602,  1612,  1623,  1628,  1633,  1634,  1644,  1651,  1662,
+-    1667,  1672,  1673,  1683,  1690,  1702,  1707,  1712,  1713,  1723,
+-    1730,  1750,  1755,  1760,  1761,  1771,  1778,  1782,  1787,  1788,
+-    1798,  1801,  1804,  1818,  1836,  1841,  1846,  1847,  1857,  1864,
+-    1868,  1873,  1874,  1884,  1887,  1890,  1904,  1915,  1925,  1925,
+-    1938,  1943,  1944,  1961,  1973,  1991,  2003,  2015,  2027,  2039,
+-    2051,  2063,  2082,  2086,  2091,  2092,  2102,  2105,  2108,  2111,
+-    2125,  2126,  2142,  2145,  2148,  2157,  2163,  2168,  2169,  2180,
+-    2186,  2194,  2202,  2208,  2213,  2218,  2219,  2229,  2236,  2239,
+-    2244,  2247,  2252,  2255,  2260,  2266,  2272,  2278,  2283,  2288,
+-    2293,  2298,  2303,  2308,  2313,  2318,  2323,  2328,  2333,  2338,
+-    2344,  2349,  2355,  2361,  2367,  2373,  2379,  2384,  2390,  2396,
+-    2401,  2407,  2413,  2419,  2424,  2425,  2435,  2442,  2526,  2530,
+-    2536,  2541,  2542,  2553,  2559,  2567,  2570,  2573,  2582,  2588,
+-    2593,  2594,  2605,  2611,  2622,  2627,  2630,  2631,  2641,  2641,
+-    2665,  2668,  2671,  2676,  2679,  2684,  2687,  2692,  2693,  2696,
+-    2697,  2700,  2701,  2702,  2746,  2747,  2750,  2751,  2754,  2757,
+-    2762,  2763,  2781,  2784,  2787,  2790,  2793,  2796,  2801,  2804,
+-    2807,  2810,  2813,  2816,  2819,  2824,  2839,  2842,  2847,  2853,
+-    2856,  2857,  2865,  2870,  2873,  2878,  2887,  2897,  2900,  2904,
+-    2908,  2912,  2916,  2920,  2926,  2931,  2937,  2955,  2977,  3016,
+-    3022,  3016,  3066,  3066,  3092,  3097,  3103,  3097,  3143,  3144,
+-    3147,  3148,  3151,  3203,  3206,  3209,  3212,  3217,  3220,  3225,
+-    3226,  3227,  3230,  3231,  3232,  3233,  3234,  3235,  3236,  3237,
+-    3238,  3239,  3240,  3251,  3255,  3259,  3270,  3281,  3292,  3303,
+-    3314,  3325,  3336,  3347,  3358,  3369,  3380,  3391,  3392,  3393,
+-    3394,  3405,  3416,  3427,  3434,  3441,  3448,  3457,  3470,  3475,
+-    3476,  3488,  3495,  3502,  3511,  3515,  3520,  3521,  3531,  3534,
+-    3537,  3551,  3552,  3555,  3558,  3564,  3564,  3565,  3568,  3634,
+-    3634,  3635,  3638,  3684,  3687,  3687,  3698,  3701,  3701,  3713,
+-    3731,  3751,  3795,  3876,  3877,  3878,  3879,  3880,  3881,  3882,
+-    3883,  3884,  3885,  3886,  3887,  3888,  3889,  3890,  3891,  3892,
+-    3893,  3894,  3895,  3896,  3897,  3898,  3899,  3900,  3901,  3902,
+-    3903,  3904,  3907,  3910,  3915,  3918,  3923,  3926,  3934,  3937,
+-    3943,  3947,  3959,  3963,  3969,  3973,  3996,  4000,  4006,  4009,
+-    4014,  4017,  4022,  4025,  4030,  4033,  4038,  4090,  4095,  4101,
+-    4124,  4136,  4148,  4160,  4179,  4190,  4207,  4224,  4233,  4240,
+-    4240,  4241,  4241,  4242,  4246,  4246,  4247,  4251,  4252,  4256,
+-    4256,  4257,  4260,  4315,  4321,  4326,  4327,  4339,  4342,  4345,
+-    4360,  4375,  4392,  4397,  4411,  4521,  4524,  4532,  4535,  4538,
+-    4543,  4551,  4562,  4577,  4581,  4585,  4589,  4593,  4597,  4601,
+-    4605,  4609,  4613,  4617,  4621,  4625,  4629,  4633,  4637,  4641,
+-    4645,  4649,  4653,  4657,  4661,  4665,  4669,  4673,  4677,  4681,
+-    4685,  4691,  4697,  4713,  4716,  4724,  4730,  4737
++       0,   575,   575,   576,   579,   579,   598,   599,   600,   601,
++     602,   603,   604,   605,   606,   607,   608,   609,   610,   611,
++     612,   613,   614,   615,   616,   617,   618,   619,   620,   621,
++     622,   623,   624,   625,   626,   627,   628,   629,   630,   631,
++     632,   633,   634,   635,   638,   639,   640,   641,   642,   643,
++     644,   645,   646,   647,   648,   649,   662,   668,   673,   678,
++     679,   689,   696,   702,   707,   712,   713,   723,   730,   739,
++     744,   749,   750,   760,   767,   778,   783,   788,   789,   799,
++     806,   835,   840,   845,   846,   856,   863,   889,   897,   902,
++     903,   914,   920,   928,   975,   979,  1086,  1091,  1092,  1103,
++    1106,  1109,  1123,  1139,  1144,  1144,  1167,  1167,  1234,  1248,
++    1249,  1252,  1253,  1254,  1258,  1262,  1271,  1280,  1289,  1290,
++    1293,  1308,  1308,  1345,  1346,  1349,  1350,  1353,  1353,  1382,
++    1383,  1386,  1392,  1398,  1403,  1408,  1409,  1419,  1426,  1426,
++    1452,  1453,  1456,  1462,  1462,  1481,  1484,  1487,  1490,  1495,
++    1496,  1501,  1509,  1546,  1554,  1560,  1565,  1566,  1579,  1587,
++    1595,  1603,  1613,  1624,  1629,  1634,  1635,  1645,  1652,  1663,
++    1668,  1673,  1674,  1684,  1691,  1703,  1708,  1713,  1714,  1724,
++    1731,  1751,  1756,  1761,  1762,  1772,  1779,  1783,  1788,  1789,
++    1799,  1802,  1805,  1819,  1837,  1842,  1847,  1848,  1858,  1865,
++    1869,  1874,  1875,  1885,  1888,  1891,  1905,  1917,  1927,  1927,
++    1941,  1946,  1947,  1965,  1978,  1997,  2010,  2023,  2036,  2049,
++    2062,  2075,  2088,  2108,  2112,  2117,  2118,  2128,  2131,  2134,
++    2137,  2151,  2152,  2168,  2171,  2174,  2183,  2189,  2194,  2195,
++    2206,  2212,  2220,  2228,  2234,  2239,  2244,  2245,  2255,  2262,
++    2265,  2270,  2273,  2278,  2281,  2286,  2292,  2298,  2304,  2309,
++    2314,  2319,  2324,  2329,  2334,  2339,  2344,  2349,  2354,  2359,
++    2364,  2370,  2375,  2381,  2387,  2393,  2399,  2405,  2410,  2416,
++    2422,  2427,  2433,  2439,  2445,  2450,  2451,  2461,  2468,  2552,
++    2556,  2562,  2567,  2568,  2579,  2585,  2593,  2596,  2599,  2608,
++    2614,  2619,  2620,  2631,  2637,  2648,  2653,  2656,  2657,  2667,
++    2667,  2691,  2694,  2697,  2702,  2705,  2710,  2713,  2718,  2719,
++    2722,  2723,  2726,  2727,  2728,  2772,  2773,  2776,  2777,  2780,
++    2783,  2788,  2789,  2807,  2810,  2813,  2816,  2819,  2822,  2827,
++    2830,  2833,  2836,  2839,  2842,  2845,  2850,  2865,  2868,  2873,
++    2879,  2882,  2883,  2891,  2896,  2899,  2904,  2913,  2923,  2926,
++    2930,  2934,  2938,  2942,  2946,  2952,  2957,  2963,  2981,  3003,
++    3042,  3048,  3042,  3092,  3092,  3118,  3123,  3129,  3123,  3169,
++    3170,  3173,  3174,  3177,  3229,  3232,  3235,  3238,  3243,  3246,
++    3251,  3252,  3253,  3256,  3257,  3258,  3259,  3260,  3261,  3262,
++    3263,  3264,  3265,  3266,  3277,  3281,  3285,  3296,  3307,  3318,
++    3329,  3340,  3351,  3362,  3373,  3384,  3395,  3406,  3417,  3418,
++    3419,  3420,  3431,  3442,  3453,  3460,  3467,  3474,  3483,  3496,
++    3501,  3502,  3514,  3521,  3528,  3537,  3541,  3546,  3547,  3557,
++    3560,  3563,  3577,  3578,  3581,  3584,  3590,  3590,  3591,  3594,
++    3660,  3660,  3661,  3664,  3710,  3713,  3713,  3724,  3727,  3727,
++    3739,  3757,  3777,  3821,  3902,  3903,  3904,  3905,  3906,  3907,
++    3908,  3909,  3910,  3911,  3912,  3913,  3914,  3915,  3916,  3917,
++    3918,  3919,  3920,  3921,  3922,  3923,  3924,  3925,  3926,  3927,
++    3928,  3929,  3930,  3933,  3936,  3941,  3944,  3949,  3952,  3960,
++    3963,  3969,  3973,  3985,  3989,  3995,  3999,  4022,  4026,  4032,
++    4035,  4040,  4043,  4048,  4051,  4056,  4059,  4064,  4116,  4121,
++    4127,  4150,  4162,  4174,  4186,  4205,  4216,  4233,  4250,  4259,
++    4266,  4266,  4267,  4267,  4268,  4272,  4272,  4273,  4277,  4278,
++    4282,  4282,  4283,  4286,  4341,  4347,  4352,  4353,  4365,  4368,
++    4371,  4386,  4401,  4418,  4423,  4437,  4547,  4550,  4558,  4561,
++    4564,  4569,  4577,  4588,  4603,  4607,  4611,  4615,  4619,  4623,
++    4627,  4631,  4635,  4639,  4643,  4647,  4651,  4655,  4659,  4663,
++    4667,  4671,  4675,  4679,  4683,  4687,  4691,  4695,  4699,  4703,
++    4707,  4711,  4717,  4723,  4739,  4742,  4750,  4756,  4763
+ };
+ #endif
+ 
+-#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
++/** Accessing symbol of state STATE.  */
++#define YY_ACCESSING_SYMBOL(State) YY_CAST (yysymbol_kind_t, yystos[State])
++
++#if YYDEBUG || 0
++/* The user-facing name of the symbol whose (internal) number is
++   YYSYMBOL.  No bounds checking.  */
++static const char *yysymbol_name (yysymbol_kind_t yysymbol) YY_ATTRIBUTE_UNUSED;
++
+ /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
+    First, the terminals, then, starting at YYNTOKENS, nonterminals.  */
+ static const char *const yytname[] =
+ {
+-  "$end", "error", "$undefined", "TK_API", "TK_AUTOPYNAME",
+-  "TK_DEFDOCSTRFMT", "TK_DEFDOCSTRSIG", "TK_DEFENCODING", "TK_PLUGIN",
+-  "TK_VIRTERRORHANDLER", "TK_EXPTYPEHINTCODE", "TK_TYPEHINTCODE",
+-  "TK_DOCSTRING", "TK_DOC", "TK_EXPORTEDDOC", "TK_EXTRACT", "TK_MAKEFILE",
+-  "TK_ACCESSCODE", "TK_GETCODE", "TK_SETCODE", "TK_PREINITCODE",
+-  "TK_INITCODE", "TK_POSTINITCODE", "TK_FINALCODE", "TK_UNITCODE",
+-  "TK_UNITPOSTINCLUDECODE", "TK_MODCODE", "TK_TYPECODE", "TK_PREPYCODE",
+-  "TK_COPYING", "TK_MAPPEDTYPE", "TK_CODELINE", "TK_IF", "TK_END",
+-  "TK_NAME_VALUE", "TK_PATH_VALUE", "TK_STRING_VALUE",
++  "\"end of file\"", "error", "\"invalid token\"", "TK_API",
++  "TK_AUTOPYNAME", "TK_DEFDOCSTRFMT", "TK_DEFDOCSTRSIG", "TK_DEFENCODING",
++  "TK_PLUGIN", "TK_VIRTERRORHANDLER", "TK_EXPTYPEHINTCODE",
++  "TK_TYPEHINTCODE", "TK_DOCSTRING", "TK_DOC", "TK_EXPORTEDDOC",
++  "TK_EXTRACT", "TK_MAKEFILE", "TK_ACCESSCODE", "TK_GETCODE", "TK_SETCODE",
++  "TK_PREINITCODE", "TK_INITCODE", "TK_POSTINITCODE", "TK_FINALCODE",
++  "TK_UNITCODE", "TK_UNITPOSTINCLUDECODE", "TK_MODCODE", "TK_TYPECODE",
++  "TK_PREPYCODE", "TK_COPYING", "TK_MAPPEDTYPE", "TK_CODELINE", "TK_IF",
++  "TK_END", "TK_NAME_VALUE", "TK_PATH_VALUE", "TK_STRING_VALUE",
+   "TK_VIRTUALCATCHERCODE", "TK_TRAVERSECODE", "TK_CLEARCODE",
+   "TK_GETBUFFERCODE", "TK_RELEASEBUFFERCODE", "TK_READBUFFERCODE",
+   "TK_WRITEBUFFERCODE", "TK_SEGCOUNTCODE", "TK_CHARBUFFERCODE",
+@@ -1264,13 +1217,13 @@ static const char *const yytname[] =
+   "TK_DEFSUPERTYPE", "TK_PROPERTY", "TK_HIDE_NS", "TK_FORMAT", "TK_GET",
+   "TK_ID", "TK_KWARGS", "TK_LANGUAGE", "TK_LICENSEE", "TK_NAME",
+   "TK_OPTIONAL", "TK_ORDER", "TK_REMOVELEADING", "TK_SET", "TK_SIGNATURE",
+-  "TK_TIMESTAMP", "TK_TYPE", "TK_USEARGNAMES", "TK_USELIMITEDAPI",
+-  "TK_ALLRAISEPYEXC", "TK_CALLSUPERINIT", "TK_DEFERRORHANDLER",
+-  "TK_VERSION", "'('", "')'", "','", "'='", "'{'", "'}'", "';'", "'!'",
+-  "'-'", "'+'", "'*'", "'/'", "'&'", "'|'", "'~'", "'<'", "'>'", "':'",
+-  "'['", "']'", "'%'", "'^'", "$accept", "specification", "statement",
+-  "@1", "modstatement", "nsstatement", "defdocstringfmt",
+-  "defdocstringfmt_args", "defdocstringfmt_arg_list",
++  "TK_TIMESTAMP", "TK_TYPE", "TK_USEARGNAMES", "TK_PYSSIZETCLEAN",
++  "TK_USELIMITEDAPI", "TK_ALLRAISEPYEXC", "TK_CALLSUPERINIT",
++  "TK_DEFERRORHANDLER", "TK_VERSION", "'('", "')'", "','", "'='", "'{'",
++  "'}'", "';'", "'!'", "'-'", "'+'", "'*'", "'/'", "'&'", "'|'", "'~'",
++  "'<'", "'>'", "':'", "'['", "']'", "'%'", "'^'", "$accept",
++  "specification", "statement", "$@1", "modstatement", "nsstatement",
++  "defdocstringfmt", "defdocstringfmt_args", "defdocstringfmt_arg_list",
+   "defdocstringfmt_arg", "defdocstringsig", "defdocstringsig_args",
+   "defdocstringsig_arg_list", "defdocstringsig_arg", "defencoding",
+   "defencoding_args", "defencoding_arg_list", "defencoding_arg", "plugin",
+@@ -1278,13 +1231,13 @@ static const char *const yytname[] =
+   "veh_args", "veh_arg_list", "veh_arg", "api", "api_args", "api_arg_list",
+   "api_arg", "exception", "baseexception", "exception_body",
+   "exception_body_directives", "exception_body_directive", "raisecode",
+-  "mappedtype", "@2", "mappedtypetmpl", "@3", "mtdefinition", "mtbody",
+-  "mtline", "mtfunction", "namespace", "@4", "optnsbody", "nsbody",
+-  "platforms", "@5", "platformlist", "platform", "feature", "feature_args",
+-  "feature_arg_list", "feature_arg", "timeline", "@6", "qualifierlist",
+-  "qualifiername", "ifstart", "@7", "oredqualifiers", "qualifiers",
+-  "ifend", "license", "license_args", "license_arg_list", "license_arg",
+-  "defmetatype", "defmetatype_args", "defmetatype_arg_list",
++  "mappedtype", "$@2", "mappedtypetmpl", "$@3", "mtdefinition", "mtbody",
++  "mtline", "mtfunction", "namespace", "$@4", "optnsbody", "nsbody",
++  "platforms", "$@5", "platformlist", "platform", "feature",
++  "feature_args", "feature_arg_list", "feature_arg", "timeline", "$@6",
++  "qualifierlist", "qualifiername", "ifstart", "$@7", "oredqualifiers",
++  "qualifiers", "ifend", "license", "license_args", "license_arg_list",
++  "license_arg", "defmetatype", "defmetatype_args", "defmetatype_arg_list",
+   "defmetatype_arg", "defsupertype", "defsupertype_args",
+   "defsupertype_arg_list", "defsupertype_arg", "hiddenns", "hiddenns_args",
+   "hiddenns_arg_list", "hiddenns_arg", "consmodule", "consmodule_args",
+@@ -1292,7 +1245,7 @@ static const char *const yytname[] =
+   "consmodule_body_directives", "consmodule_body_directive", "compmodule",
+   "compmodule_args", "compmodule_arg_list", "compmodule_arg",
+   "compmodule_body", "compmodule_body_directives",
+-  "compmodule_body_directive", "module", "module_args", "@8",
++  "compmodule_body_directive", "module", "module_args", "$@8",
+   "module_arg_list", "module_arg", "module_body", "module_body_directives",
+   "module_body_directive", "dottedname", "optnumber", "include",
+   "include_args", "include_arg_list", "include_arg", "optinclude",
+@@ -1307,1011 +1260,950 @@ static const char *const yytname[] =
+   "autopyname_args", "autopyname_arg_list", "autopyname_arg", "docstring",
+   "docstring_args", "docstring_arg_list", "docstring_arg", "optdocstring",
+   "extract", "extract_args", "extract_arg_list", "extract_arg", "makefile",
+-  "codeblock", "codelines", "enum", "@9", "optenumkey", "optfilename",
++  "codeblock", "codelines", "enum", "$@9", "optenumkey", "optfilename",
+   "optname", "optenumbody", "enumbody", "enumline", "optcomma",
+   "optenumassign", "optassign", "expr", "binop", "optunop", "value",
+   "optcast", "scopedname", "scopednamehead", "scopepart", "bool_value",
+-  "simplevalue", "exprlist", "typedef", "struct", "@10", "@11",
+-  "classtmpl", "@12", "template", "class", "@13", "@14", "superclasses",
++  "simplevalue", "exprlist", "typedef", "struct", "$@10", "$@11",
++  "classtmpl", "$@12", "template", "class", "$@13", "$@14", "superclasses",
+   "superlist", "superclass", "class_access", "optclassbody", "classbody",
+   "classline", "property", "property_args", "property_arg_list",
+   "property_arg", "property_body", "property_body_directives",
+-  "property_body_directive", "name_or_string", "optslot", "dtor", "@15",
+-  "dtor_decl", "ctor", "@16", "simplector", "optctorsig", "@17", "optsig",
+-  "@18", "function", "operatorname", "optconst", "optfinal", "optabstract",
+-  "optflags", "flaglist", "flag", "flagvalue", "virtualcallcode",
+-  "methodcode", "premethodcode", "virtualcatchercode", "arglist",
+-  "rawarglist", "argvalue", "varmember", "@19", "@20", "simple_varmem",
+-  "@21", "varmem", "member", "@22", "variable", "variable_body",
+-  "variable_body_directives", "variable_body_directive", "cpptype",
+-  "argtype", "optref", "deref", "basetype", "cpptypelist", "optexceptions",
+-  "exceptionlist", 0
++  "property_body_directive", "name_or_string", "optslot", "dtor", "$@15",
++  "dtor_decl", "ctor", "$@16", "simplector", "optctorsig", "$@17",
++  "optsig", "$@18", "function", "operatorname", "optconst", "optfinal",
++  "optabstract", "optflags", "flaglist", "flag", "flagvalue",
++  "virtualcallcode", "methodcode", "premethodcode", "virtualcatchercode",
++  "arglist", "rawarglist", "argvalue", "varmember", "$@19", "$@20",
++  "simple_varmem", "$@21", "varmem", "member", "$@22", "variable",
++  "variable_body", "variable_body_directives", "variable_body_directive",
++  "cpptype", "argtype", "optref", "deref", "basetype", "cpptypelist",
++  "optexceptions", "exceptionlist", YY_NULLPTR
+ };
++
++static const char *
++yysymbol_name (yysymbol_kind_t yysymbol)
++{
++  return yytname[yysymbol];
++}
+ #endif
+ 
+-# ifdef YYPRINT
+-/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
+-   token YYLEX-NUM.  */
+-static const yytype_uint16 yytoknum[] =
+-{
+-       0,   256,   257,   258,   259,   260,   261,   262,   263,   264,
+-     265,   266,   267,   268,   269,   270,   271,   272,   273,   274,
+-     275,   276,   277,   278,   279,   280,   281,   282,   283,   284,
+-     285,   286,   287,   288,   289,   290,   291,   292,   293,   294,
+-     295,   296,   297,   298,   299,   300,   301,   302,   303,   304,
+-     305,   306,   307,   308,   309,   310,   311,   312,   313,   314,
+-     315,   316,   317,   318,   319,   320,   321,   322,   323,   324,
+-     325,   326,   327,   328,   329,   330,   331,   332,   333,   334,
+-     335,   336,   337,   338,   339,   340,   341,   342,   343,   344,
+-     345,   346,   347,   348,   349,   350,   351,   352,   353,   354,
+-     355,   356,   357,   358,   359,   360,   361,   362,   363,   364,
+-     365,   366,   367,   368,   369,   370,   371,   372,   373,   374,
+-     375,   376,   377,   378,   379,   380,   381,   382,   383,   384,
+-     385,   386,   387,   388,   389,   390,   391,   392,   393,   394,
+-     395,   396,   397,   398,   399,   400,   401,   402,   403,   404,
+-     405,   406,    40,    41,    44,    61,   123,   125,    59,    33,
+-      45,    43,    42,    47,    38,   124,   126,    60,    62,    58,
+-      91,    93,    37,    94
+-};
+-# endif
++#define YYPACT_NINF (-840)
+ 
+-/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
+-static const yytype_uint16 yyr1[] =
+-{
+-       0,   174,   175,   175,   177,   176,   178,   178,   178,   178,
+-     178,   178,   178,   178,   178,   178,   178,   178,   178,   178,
+-     178,   178,   178,   178,   178,   178,   178,   178,   178,   178,
+-     178,   178,   178,   178,   178,   178,   178,   178,   178,   178,
+-     178,   178,   178,   178,   179,   179,   179,   179,   179,   179,
+-     179,   179,   179,   179,   179,   179,   180,   181,   181,   182,
+-     182,   183,   184,   185,   185,   186,   186,   187,   188,   189,
+-     189,   190,   190,   191,   192,   193,   193,   194,   194,   195,
+-     196,   197,   197,   198,   198,   199,   200,   201,   201,   202,
+-     202,   203,   203,   204,   205,   205,   206,   207,   207,   208,
+-     208,   208,   208,   209,   211,   210,   213,   212,   214,   215,
+-     215,   216,   216,   216,   216,   216,   216,   216,   216,   216,
+-     217,   219,   218,   220,   220,   221,   221,   223,   222,   224,
+-     224,   225,   226,   227,   227,   228,   228,   229,   231,   230,
+-     232,   232,   233,   235,   234,   236,   236,   236,   236,   237,
+-     237,   238,   239,   240,   240,   240,   241,   241,   242,   242,
+-     242,   242,   243,   244,   244,   245,   245,   246,   247,   248,
+-     248,   249,   249,   250,   251,   252,   252,   253,   253,   254,
+-     255,   256,   256,   257,   257,   258,   259,   259,   260,   260,
+-     261,   261,   261,   262,   263,   263,   264,   264,   265,   266,
+-     266,   267,   267,   268,   268,   268,   269,   269,   271,   270,
+-     270,   272,   272,   273,   273,   273,   273,   273,   273,   273,
+-     273,   273,   274,   274,   275,   275,   276,   276,   276,   276,
+-     277,   277,   278,   278,   279,   280,   280,   281,   281,   282,
+-     282,   283,   284,   285,   285,   286,   286,   287,   288,   288,
+-     289,   289,   290,   290,   291,   292,   293,   294,   295,   296,
+-     297,   298,   299,   300,   301,   302,   303,   304,   305,   306,
+-     307,   308,   309,   310,   311,   312,   313,   314,   315,   316,
+-     317,   318,   319,   320,   321,   321,   322,   323,   324,   324,
+-     324,   325,   325,   326,   326,   327,   327,   328,   329,   329,
+-     330,   330,   331,   331,   332,   333,   334,   334,   336,   335,
+-     337,   337,   337,   338,   338,   339,   339,   340,   340,   341,
+-     341,   342,   342,   342,   343,   343,   344,   344,   345,   345,
+-     346,   346,   347,   347,   347,   347,   347,   347,   348,   348,
+-     348,   348,   348,   348,   348,   349,   350,   350,   351,   351,
+-     352,   352,   353,   354,   354,   355,   355,   355,   355,   355,
+-     355,   355,   355,   355,   356,   356,   356,   357,   357,   359,
+-     360,   358,   362,   361,   363,   365,   366,   364,   367,   367,
+-     368,   368,   369,   370,   370,   370,   370,   371,   371,   372,
+-     372,   372,   373,   373,   373,   373,   373,   373,   373,   373,
+-     373,   373,   373,   373,   373,   373,   373,   373,   373,   373,
+-     373,   373,   373,   373,   373,   373,   373,   373,   373,   373,
+-     373,   373,   373,   373,   373,   373,   373,   374,   375,   376,
+-     376,   377,   377,   377,   378,   378,   379,   379,   380,   380,
+-     380,   381,   381,   382,   382,   384,   383,   383,   385,   387,
+-     386,   386,   388,   389,   390,   389,   391,   392,   391,   393,
+-     393,   393,   393,   394,   394,   394,   394,   394,   394,   394,
+-     394,   394,   394,   394,   394,   394,   394,   394,   394,   394,
+-     394,   394,   394,   394,   394,   394,   394,   394,   394,   394,
+-     394,   394,   395,   395,   396,   396,   397,   397,   398,   398,
+-     399,   399,   400,   400,   401,   401,   401,   401,   402,   402,
+-     403,   403,   404,   404,   405,   405,   406,   407,   407,   407,
+-     408,   408,   408,   408,   408,   408,   408,   408,   408,   410,
+-     409,   411,   409,   409,   413,   412,   412,   414,   414,   416,
+-     415,   415,   417,   418,   418,   419,   419,   420,   420,   420,
+-     420,   420,   421,   421,   422,   423,   423,   424,   424,   424,
+-     425,   425,   425,   425,   425,   425,   425,   425,   425,   425,
+-     425,   425,   425,   425,   425,   425,   425,   425,   425,   425,
+-     425,   425,   425,   425,   425,   425,   425,   425,   425,   425,
+-     425,   426,   426,   427,   427,   428,   428,   428
+-};
++#define yypact_value_is_default(Yyn) \
++  ((Yyn) == YYPACT_NINF)
+ 
+-/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
+-static const yytype_uint8 yyr2[] =
++#define YYTABLE_NINF (-564)
++
++#define yytable_value_is_error(Yyn) \
++  0
++
++/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
++   STATE-NUM.  */
++static const yytype_int16 yypact[] =
+ {
+-       0,     2,     1,     2,     0,     2,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     2,     1,     3,     1,
+-       3,     3,     2,     1,     3,     1,     3,     3,     2,     1,
+-       3,     1,     3,     3,     2,     1,     3,     1,     3,     3,
+-       3,     1,     3,     1,     3,     3,     2,     2,     3,     1,
+-       3,     3,     3,     5,     0,     3,     4,     1,     2,     1,
+-       1,     1,     1,     2,     0,     5,     0,     6,     4,     1,
+-       2,     1,     1,     1,     1,     2,     2,     1,     1,     1,
+-      14,     0,     5,     0,     3,     1,     2,     0,     5,     1,
+-       2,     1,     2,     1,     3,     1,     3,     3,     0,     5,
+-       1,     2,     1,     0,     5,     1,     2,     3,     4,     1,
+-       3,     1,     3,     0,     1,     3,     1,     3,     3,     3,
+-       3,     3,     2,     1,     3,     1,     3,     3,     2,     1,
+-       3,     1,     3,     3,     2,     1,     3,     1,     3,     3,
+-       3,     1,     3,     1,     3,     3,     0,     4,     1,     2,
+-       1,     1,     1,     3,     1,     3,     1,     3,     3,     0,
+-       4,     1,     2,     1,     1,     1,     3,     3,     0,     3,
+-       3,     1,     3,     3,     3,     3,     3,     3,     3,     3,
+-       3,     3,     0,     4,     1,     2,     1,     1,     1,     1,
+-       1,     1,     0,     1,     2,     1,     3,     1,     3,     3,
+-       3,     2,     2,     1,     3,     1,     3,     3,     0,     2,
+-       0,     2,     0,     2,     2,     2,     2,     2,     2,     2,
+-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+-       2,     2,     2,     3,     1,     3,     3,     3,     0,     1,
+-       3,     1,     3,     3,     3,     0,     1,     3,     1,     3,
+-       1,     3,     3,     3,     4,     2,     1,     2,     0,     9,
+-       0,     1,     1,     0,     1,     0,     1,     0,     1,     1,
+-       2,     1,     1,     4,     0,     1,     0,     2,     0,     2,
+-       1,     3,     1,     1,     1,     1,     1,     1,     0,     1,
+-       1,     1,     1,     1,     1,     3,     0,     3,     2,     1,
+-       1,     3,     1,     1,     1,     1,     4,     2,     1,     1,
+-       1,     1,     1,     1,     0,     1,     3,     6,    12,     0,
+-       0,     8,     0,     3,     4,     0,     0,     8,     0,     2,
+-       1,     3,     2,     0,     1,     1,     1,     0,     3,     0,
+-       1,     2,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       2,     2,     2,     3,     3,     3,     2,     3,     3,     1,
+-       3,     3,     3,     3,     0,     4,     1,     2,     1,     1,
+-       1,     1,     1,     0,     1,     0,     3,     1,    11,     0,
+-       3,     1,    11,     0,     0,     6,     0,     0,     7,    17,
+-       7,    17,    16,     1,     1,     1,     1,     1,     1,     1,
+-       1,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+-       2,     3,     3,     1,     2,     2,     1,     2,     2,     2,
+-       1,     2,     0,     1,     0,     1,     0,     2,     0,     3,
+-       1,     3,     1,     3,     1,     5,     1,     1,     0,     2,
+-       0,     2,     0,     2,     0,     2,     1,     0,     1,     3,
+-       4,     4,     4,     3,     3,     6,     6,     3,     2,     0,
+-       3,     0,     3,     1,     0,     3,     1,     1,     1,     0,
+-       3,     1,     8,     0,     3,     1,     2,     1,     1,     2,
+-       2,     2,     4,     3,     3,     0,     1,     0,     3,     2,
+-       1,     4,     2,     2,     1,     1,     2,     1,     1,     2,
+-       2,     3,     1,     1,     1,     2,     2,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     3,     0,     4,     0,     1,     3
++    -840,   125,  -840,  1218,  -840,  -840,    42,    -2,    54,    55,
++      58,    74,   100,   100,   100,   100,    75,   181,   100,   100,
++     100,   100,   100,   100,   100,   100,  1542,    51,  -840,  -840,
++      23,   228,    46,   100,   100,   100,    48,   238,    62,    64,
++      84,    84,  -840,  -840,  -840,   190,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,   218,
++     224,   277,   279,  1542,  -840,  -840,  1506,   309,  -840,  -840,
++      76,    59,  1506,    84,   203,  -840,    66,    68,    53,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,   206,   285,  -840,  -840,  -840,  -840,
++     359,  -840,  -840,  -840,    79,  -840,   297,   -26,  -840,  -840,
++     254,  -840,  -840,   268,  -840,  -840,   271,  -840,  -840,   281,
++    -840,  -840,   286,   100,  -840,  -840,   257,  -840,  -840,  -840,
++    -840,   101,   100,   395,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,    84,   276,  -840,  -840,   158,  -840,  -840,  -840,
++     298,  -840,  -840,  -840,  -840,  -840,  -840,   338,   287,  -840,
++     335,   324,   342,  -840,   331,   344,  -840,  -840,    18,  -840,
++    -840,  -840,   418,  -840,  -840,  -840,   447,  -840,   285,  -840,
++      77,  -840,   378,   380,  -840,   400,  -840,  -840,   171,   276,
++     388,   390,  1506,   404,  -840,  -840,   406,  -840,  -840,   407,
++    -840,  -840,  1506,   279,  1542,   482,   -49,   234,   146,  -840,
++     391,   392,   169,  -840,   393,   210,  -840,   396,   214,  -840,
++     399,   222,  -840,   401,   295,  -840,   402,   306,  -840,  -840,
++    -840,  -840,   403,   405,   312,  -840,  -840,  -840,   100,  -840,
++     516,  -840,     4,   408,   409,   316,  -840,   410,   323,  -840,
++     412,   413,   414,   416,   417,   419,   420,   421,   422,   423,
++     326,  -840,   244,  -840,   335,  -840,  -840,   424,   337,  -840,
++     267,  -840,   425,   339,  -840,   267,  -840,   381,   381,  -840,
++     276,  -840,   146,   276,   397,   426,   528,   529,   428,   341,
++    -840,   429,   430,   431,   432,   343,  -840,  -840,  1279,    84,
++     276,  -840,   -21,   433,   349,  -840,   435,   352,  -840,   436,
++     354,  -840,    -9,  -840,   276,  -840,  1279,   437,   439,   105,
++     440,   441,   442,   443,   444,   449,   450,  -840,    34,   -34,
++     438,   451,   452,   456,   486,  -840,  -840,   314,   488,  -840,
++     -26,   567,  -840,   254,   575,  -840,   268,   576,  -840,   271,
++     579,  -840,   281,   580,  -840,   286,   581,   513,  -840,   101,
++    -840,   465,   -11,  -840,   466,   461,   590,   530,   472,   467,
++     592,   394,  -840,   158,   594,  -840,   298,   595,   596,   238,
++     394,   394,   394,   394,   394,   599,   523,  -840,   338,   485,
++      81,  -840,  -840,    36,  -840,  -840,  -840,  -840,   238,  -840,
++     324,  -840,  -840,    38,  -840,  -840,   238,  -840,   331,  -840,
++    -840,    45,  -840,  -840,   315,   276,   276,  -840,  -840,   480,
++     606,   253,   483,  -840,    -1,  -840,  -840,    33,  -840,   314,
++    -840,   400,   605,   607,   608,   609,  -840,   171,   418,   418,
++     418,   418,   418,   493,   494,   418,   495,   497,  -840,   418,
++     492,   496,   498,  1506,  -840,   238,  -840,   404,   238,  -840,
++     406,    84,  -840,   407,  -840,  -840,   499,   288,   500,  -840,
++    1506,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++     502,  -840,   504,  -840,  -840,  -840,  1279,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,    93,   516,  -840,   334,
++    -840,  -840,    11,  -840,   418,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,   515,  -840,  -840,   128,   100,   505,  -840,
++    -840,  -840,   506,  -840,  -840,  -840,   507,  -840,  -840,  -840,
++    -840,   508,  -840,    84,  -840,  -840,   510,   642,   517,  -840,
++     735,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,   276,   276,   276,   276,   276,  1279,
++    1279,   276,   573,  1279,   276,   519,  -840,  -840,   232,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,   466,   573,   100,
++     100,   100,  -840,  -840,    56,  -840,   656,   520,  -840,  -840,
++     521,   509,  -840,  -840,  -840,  -840,  -840,   100,   100,   100,
++     100,  1506,   134,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,   643,  -840,   522,   358,  -840,   525,   526,   360,
++    -840,  -840,  -840,  -840,  -840,   315,  -840,   527,   527,   389,
++    -840,  -840,   533,  -840,  -840,   492,   492,   492,  -840,  -840,
++     535,   536,  -840,  -840,   561,  -840,  -840,    84,   293,  -840,
++     272,   100,    47,  -840,  -840,  -840,  -840,  -840,  -840,   561,
++    -840,  -840,  -840,  -840,  -840,   100,   673,   534,   573,   335,
++    -840,  -840,  -840,  -840,   658,   537,  -840,  -840,   659,  -840,
++     515,   661,   662,  -840,   128,  -840,  1092,   540,   541,   538,
++    -840,  -840,   545,   389,  -840,  1506,  -840,  -840,  -840,   418,
++     418,  -840,   584,   552,  -840,  -840,  -840,  -840,  -840,  -840,
++     519,  -840,  -840,  -840,  -840,  -840,  -840,   843,  -840,   548,
++    -840,   584,  -840,   100,   690,  -840,   561,   549,   558,  -840,
++    -840,  -840,  -840,  -840,  -840,   100,   100,   559,   100,   100,
++     100,   100,   100,   100,   100,   100,   100,   100,   100,   100,
++     644,   644,   644,   543,  -840,  -840,   547,  -840,  -840,   563,
++     683,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,   983,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++     519,   276,   562,  -840,   362,   276,   276,   565,   564,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,   568,   -30,  -840,  -840,
++     569,  -840,   564,  -840,   100,  -840,   584,   335,  1279,  -840,
++    -840,  1279,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,   553,   555,   560,  -840,  1336,
++    1336,   566,  1450,  1393,   694,   156,   572,   578,  -840,  -840,
++    -840,   577,  -840,   276,  -840,  -840,    84,   627,   276,  -840,
++     274,   276,  -840,   564,  -840,   583,   585,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,    90,  -840,   559,  -840,   582,
++     586,   587,   364,  -840,   267,  -840,   593,  -840,  -840,   589,
++    -840,   367,  -840,   570,   293,   373,   570,   276,   573,   584,
++     591,   701,   314,   712,  -840,   156,  -840,  -840,  -840,    52,
++    -840,   584,   642,  -840,    84,  -840,   597,  -840,   519,   600,
++     570,   584,   276,  -840,  -840,  -840,  -840,   602,  -840,   564,
++    -840,  -840,  1506,   700,   293,   642,   603,   276,   616,  -840,
++     276,   598,   100,   702,   700,   700,   570,  -840,   611,   612,
++    1279,  -840,   100,   715,   702,   702,   615,   601,   642,   700,
++     604,  -840,   100,   706,   715,   715,   642,  1279,   700,   702,
++     617,  -840,   100,  -840,   706,   706,   700,   610,   702,   715,
++    -840,  -840,  -840,  -840,   702,   618,  -840,  -840,  -840,  -840
+ };
+ 
+-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
+-   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
++/* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM.
++   Performed when YYTABLE does not specify something else to do.  Zero
+    means the default is an error.  */
+-static const yytype_uint16 yydefact[] =
++static const yytype_int16 yydefact[] =
+ {
+        4,     4,     2,     0,     1,     3,     0,     0,     0,     0,
+        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+-       0,     0,     0,     0,     0,     0,     0,     0,   151,   352,
++       0,     0,     0,     0,     0,     0,     0,     0,   151,   353,
+        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+-       0,     0,   574,   564,   567,   568,   572,   573,   577,   578,
+-     579,   580,   581,   582,   583,   584,   585,   586,   587,   310,
+-       0,   565,     0,     0,   588,   589,     0,     0,   138,   127,
+-       0,   153,     0,     0,     0,   590,     0,     0,     0,     5,
++       0,     0,   575,   565,   568,   569,   573,   574,   578,   579,
++     580,   581,   582,   583,   584,   585,   586,   587,   588,   311,
++       0,   566,     0,     0,   589,   590,     0,     0,   138,   127,
++       0,   153,     0,     0,     0,   591,     0,     0,     0,     5,
+       43,    19,    20,    21,     9,    42,    14,    50,    40,    41,
+       46,    16,    17,    15,    44,    45,    18,    22,    23,    24,
+        7,     8,     6,    11,    12,    13,    10,    25,    26,    55,
+       27,    28,    29,    30,    31,    32,    33,    34,    35,    36,
+-      37,    38,    39,    52,   560,   349,   350,    51,    47,    49,
+-     372,    48,    53,    54,     0,   557,     0,     0,    86,    57,
++      37,    38,    39,    52,   561,   350,   351,    51,    47,    49,
++     373,    48,    53,    54,     0,   558,     0,     0,    86,    57,
+        0,    56,    63,     0,    62,    69,     0,    68,    75,     0,
+-      74,    81,     0,     0,   306,   277,     0,   278,   280,   281,
+-     298,     0,     0,   313,   271,   272,   273,   274,   275,   269,
+-     276,   254,     0,   498,   143,   235,     0,   234,   241,   243,
+-       0,   242,   255,   256,   257,   230,   231,     0,   222,   208,
+-     232,     0,   186,   181,     0,   199,   194,   375,   369,   570,
+-     311,   312,   315,   575,   563,   566,   569,   576,   348,   557,
+-       0,   121,     0,     0,   133,     0,   132,   154,     0,   498,
++      74,    81,     0,     0,   307,   278,     0,   279,   281,   282,
++     299,     0,     0,   314,   272,   273,   274,   275,   276,   270,
++     277,   255,     0,   499,   143,   236,     0,   235,   242,   244,
++       0,   243,   256,   257,   258,   231,   232,     0,   223,   208,
++     233,     0,   186,   181,     0,   199,   194,   376,   370,   571,
++     312,   313,   316,   576,   564,   567,   570,   577,   349,   558,
++       0,   121,     0,     0,   133,     0,   132,   154,     0,   499,
+        0,    94,     0,     0,   162,   163,     0,   168,   169,     0,
+-     174,   175,     0,     0,     0,     0,   498,     0,   555,    87,
++     174,   175,     0,     0,     0,     0,   499,     0,   556,    87,
+        0,     0,     0,    89,     0,     0,    59,     0,     0,    65,
+        0,     0,    71,     0,     0,    77,     0,     0,    83,    80,
+-     307,   305,     0,     0,     0,   300,   297,   314,     0,   562,
+-       0,   104,   315,     0,     0,     0,   237,     0,     0,   245,
++     308,   306,     0,     0,     0,   301,   298,   315,     0,   563,
++       0,   104,   316,     0,     0,     0,   238,     0,     0,   246,
+        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+-     211,     0,   206,   232,   233,   207,     0,     0,   183,     0,
+-     180,     0,     0,   196,     0,   193,   378,   378,   316,   498,
+-     571,   555,   498,     0,   123,     0,     0,     0,     0,   135,
+-       0,     0,     0,     0,     0,   156,   152,   517,     0,   498,
+-     591,     0,     0,     0,   165,     0,     0,   171,     0,     0,
+-     177,     0,   351,   498,   373,   517,   543,     0,     0,     0,
+-     464,   463,   465,   466,   468,   469,   483,   486,   490,     0,
+-     467,   470,     0,   559,   556,   553,     0,     0,    88,     0,
+-       0,    58,     0,     0,    64,     0,     0,    70,     0,     0,
+-      76,     0,     0,    82,     0,     0,     0,   299,     0,   304,
+-     502,     0,   500,     0,   145,     0,   149,     0,     0,     0,
+-       0,   236,     0,     0,   244,     0,     0,     0,     0,     0,
+-       0,     0,     0,     0,     0,   210,     0,     0,   288,   226,
+-     227,     0,   224,   228,   229,   209,     0,   182,     0,   190,
+-     191,     0,   188,   192,     0,   195,     0,   203,   204,     0,
+-     201,   205,   383,   498,   498,   308,   552,     0,     0,     0,
+-       0,   142,     0,   140,   131,     0,   129,     0,   134,     0,
+-       0,     0,     0,     0,   155,     0,   315,   315,   315,   315,
+-     315,     0,     0,   315,     0,   516,   518,   315,   328,     0,
+-       0,     0,   374,     0,   164,     0,     0,   170,     0,     0,
+-     176,     0,   561,   106,     0,     0,     0,   484,     0,   488,
+-     489,   474,   473,   475,   476,   478,   479,   487,   471,   491,
+-     472,   485,   477,   480,   517,   558,   441,   442,    91,    92,
+-      90,    61,    60,    67,    66,    73,    72,    79,    78,    85,
+-      84,   302,   303,   301,     0,     0,   499,     0,   105,   146,
+-       0,   144,   315,   239,   353,   354,   240,   238,   247,   246,
+-     213,   214,   215,   216,   217,   218,   219,   220,   221,   212,
+-       0,   282,   289,     0,     0,     0,   225,   185,   184,     0,
+-     189,   198,   197,     0,   202,   384,   385,   386,   379,   380,
+-       0,   376,   370,     0,   295,     0,   125,     0,   372,   122,
+-     139,   141,   128,   130,   137,   136,   159,   160,   161,   158,
+-     157,   498,   498,   498,   498,   498,   517,   517,   498,   492,
+-       0,   498,   346,   528,    95,     0,    93,   592,   167,   166,
+-     173,   172,   179,   178,     0,   492,     0,     0,     0,   547,
+-     548,     0,   545,   248,     0,   481,   482,     0,   230,   506,
+-     507,   504,   503,   501,     0,     0,     0,     0,     0,     0,
+-     109,   119,   111,   112,   113,   117,   114,   118,   147,     0,
+-     150,     0,     0,   284,     0,     0,     0,   291,   287,   223,
+-     187,   200,   383,   382,   387,   387,   317,   296,   367,     0,
+-     124,   126,   328,   328,   328,   523,   524,     0,     0,   527,
+-     493,   494,   519,   554,     0,   329,   330,   338,     0,     0,
+-      97,   101,    99,   100,   102,   107,   494,   549,   550,   551,
+-     544,   546,     0,   250,     0,   492,   232,   270,   266,   115,
+-     116,     0,     0,   110,   148,     0,   283,     0,     0,     0,
+-     290,     0,   381,   389,     0,     0,   326,   321,   322,     0,
+-     318,   319,     0,   520,   521,   522,   315,   315,   495,   593,
+-       0,   332,   333,   334,   335,   336,   337,   346,   339,   341,
+-     342,   343,   344,   340,     0,   103,     0,    98,   593,   249,
+-       0,   252,   460,   494,     0,     0,   108,   286,   285,   293,
+-     294,   292,     0,     0,   352,     0,     0,     0,     0,     0,
+-       0,     0,     0,     0,     0,     0,     0,   443,   443,   443,
+-       0,   529,   531,   539,   534,   449,     0,     0,   398,   394,
+-     392,   393,   404,   405,   406,   407,   408,   409,   410,   411,
+-     412,   413,   414,   415,   403,   416,   402,   400,   399,   395,
+-     397,   396,     0,   390,   401,   418,   447,   417,   451,   541,
+-     419,   533,   536,   537,   538,   377,   371,   346,   498,     0,
+-     320,     0,   498,   498,     0,   496,   347,   331,   362,   359,
+-     358,   363,   361,     0,   355,   360,   345,     0,    96,   496,
+-     251,     0,   542,   593,   232,   517,   279,   268,   517,   258,
+-     259,   260,   261,   262,   263,   264,   265,   267,   422,   421,
+-     420,   444,     0,     0,     0,   426,     0,     0,     0,     0,
+-       0,     0,     0,   434,     0,   388,   391,   327,   324,   309,
+-     498,   525,   526,   595,     0,   498,   357,   346,   498,   253,
+-     496,   505,     0,     0,   423,   424,   425,   539,   530,   532,
+-     446,   540,     0,   535,     0,   450,     0,     0,     0,     0,
+-     429,     0,   427,     0,   325,   323,     0,   596,     0,   497,
+-     456,   365,     0,   456,   498,   492,   593,     0,     0,     0,
+-       0,   428,     0,   438,   439,   440,     0,   436,   593,   295,
+-     594,     0,   457,     0,   356,   346,     0,   456,   593,   498,
+-     431,   432,   433,   430,     0,   437,   496,   368,   597,     0,
+-     512,   366,   295,     0,   498,   453,   435,   498,     0,     0,
+-     510,   512,   512,   456,   454,     0,     0,   517,   513,     0,
+-     514,   510,   510,     0,     0,   295,   512,     0,   511,     0,
+-     508,   514,   514,   295,   517,   512,   510,     0,   515,     0,
+-     462,   508,   508,   512,     0,   510,   514,   458,   509,   459,
+-     461,   510,     0,   452,   448,   120,   455
++       0,   211,     0,   206,   233,   234,   207,     0,     0,   183,
++       0,   180,     0,     0,   196,     0,   193,   379,   379,   317,
++     499,   572,   556,   499,     0,   123,     0,     0,     0,     0,
++     135,     0,     0,     0,     0,     0,   156,   152,   518,     0,
++     499,   592,     0,     0,     0,   165,     0,     0,   171,     0,
++       0,   177,     0,   352,   499,   374,   518,   544,     0,     0,
++       0,   465,   464,   466,   467,   469,   470,   484,   487,   491,
++       0,   468,   471,     0,   560,   557,   554,     0,     0,    88,
++       0,     0,    58,     0,     0,    64,     0,     0,    70,     0,
++       0,    76,     0,     0,    82,     0,     0,     0,   300,     0,
++     305,   503,     0,   501,     0,   145,     0,   149,     0,     0,
++       0,     0,   237,     0,     0,   245,     0,     0,     0,     0,
++       0,     0,     0,     0,     0,     0,     0,   210,     0,     0,
++     289,   227,   228,     0,   225,   229,   230,   209,     0,   182,
++       0,   190,   191,     0,   188,   192,     0,   195,     0,   203,
++     204,     0,   201,   205,   384,   499,   499,   309,   553,     0,
++       0,     0,     0,   142,     0,   140,   131,     0,   129,     0,
++     134,     0,     0,     0,     0,     0,   155,     0,   316,   316,
++     316,   316,   316,     0,     0,   316,     0,   517,   519,   316,
++     329,     0,     0,     0,   375,     0,   164,     0,     0,   170,
++       0,     0,   176,     0,   562,   106,     0,     0,     0,   485,
++       0,   489,   490,   475,   474,   476,   477,   479,   480,   488,
++     472,   492,   473,   486,   478,   481,   518,   559,   442,   443,
++      91,    92,    90,    61,    60,    67,    66,    73,    72,    79,
++      78,    85,    84,   303,   304,   302,     0,     0,   500,     0,
++     105,   146,     0,   144,   316,   240,   354,   355,   241,   239,
++     248,   247,   213,   214,   215,   216,   217,   218,   219,   220,
++     221,   222,   212,     0,   283,   290,     0,     0,     0,   226,
++     185,   184,     0,   189,   198,   197,     0,   202,   385,   386,
++     387,   380,   381,     0,   377,   371,     0,   296,     0,   125,
++       0,   373,   122,   139,   141,   128,   130,   137,   136,   159,
++     160,   161,   158,   157,   499,   499,   499,   499,   499,   518,
++     518,   499,   493,     0,   499,   347,   529,    95,     0,    93,
++     593,   167,   166,   173,   172,   179,   178,     0,   493,     0,
++       0,     0,   548,   549,     0,   546,   249,     0,   482,   483,
++       0,   231,   507,   508,   505,   504,   502,     0,     0,     0,
++       0,     0,     0,   109,   119,   111,   112,   113,   117,   114,
++     118,   147,     0,   150,     0,     0,   285,     0,     0,     0,
++     292,   288,   224,   187,   200,   384,   383,   388,   388,   318,
++     297,   368,     0,   124,   126,   329,   329,   329,   524,   525,
++       0,     0,   528,   494,   495,   520,   555,     0,   330,   331,
++     339,     0,     0,    97,   101,    99,   100,   102,   107,   495,
++     550,   551,   552,   545,   547,     0,   251,     0,   493,   233,
++     271,   267,   115,   116,     0,     0,   110,   148,     0,   284,
++       0,     0,     0,   291,     0,   382,   390,     0,     0,   327,
++     322,   323,     0,   319,   320,     0,   521,   522,   523,   316,
++     316,   496,   594,     0,   333,   334,   335,   336,   337,   338,
++     347,   340,   342,   343,   344,   345,   341,     0,   103,     0,
++      98,   594,   250,     0,   253,   461,   495,     0,     0,   108,
++     287,   286,   294,   295,   293,     0,     0,   353,     0,     0,
++       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
++     444,   444,   444,     0,   530,   532,   540,   535,   450,     0,
++       0,   399,   395,   393,   394,   405,   406,   407,   408,   409,
++     410,   411,   412,   413,   414,   415,   416,   404,   417,   403,
++     401,   400,   396,   398,   397,     0,   391,   402,   419,   448,
++     418,   452,   542,   420,   534,   537,   538,   539,   378,   372,
++     347,   499,     0,   321,     0,   499,   499,     0,   497,   348,
++     332,   363,   360,   359,   364,   362,     0,   356,   361,   346,
++       0,    96,   497,   252,     0,   543,   594,   233,   518,   280,
++     269,   518,   259,   260,   261,   262,   263,   264,   265,   266,
++     268,   423,   422,   421,   445,     0,     0,     0,   427,     0,
++       0,     0,     0,     0,     0,     0,   435,     0,   389,   392,
++     328,   325,   310,   499,   526,   527,   596,     0,   499,   358,
++     347,   499,   254,   497,   506,     0,     0,   424,   425,   426,
++     540,   531,   533,   447,   541,     0,   536,     0,   451,     0,
++       0,     0,     0,   430,     0,   428,     0,   326,   324,     0,
++     597,     0,   498,   457,   366,     0,   457,   499,   493,   594,
++       0,     0,     0,     0,   429,     0,   439,   440,   441,     0,
++     437,   594,   296,   595,     0,   458,     0,   357,   347,     0,
++     457,   594,   499,   432,   433,   434,   431,     0,   438,   497,
++     369,   598,     0,   513,   367,   296,     0,   499,   454,   436,
++     499,     0,     0,   511,   513,   513,   457,   455,     0,     0,
++     518,   514,     0,   515,   511,   511,     0,     0,   296,   513,
++       0,   512,     0,   509,   515,   515,   296,   518,   513,   511,
++       0,   516,     0,   463,   509,   509,   513,     0,   511,   515,
++     459,   510,   460,   462,   511,     0,   453,   449,   120,   456
++};
++
++/* YYPGOTO[NTERM-NUM].  */
++static const yytype_int16 yypgoto[] =
++{
++    -840,  -840,   754,  -840,  -840,  -408,  -840,  -840,  -840,   434,
++    -840,  -840,  -840,   415,  -840,  -840,  -840,   386,  -840,  -840,
++    -840,   384,  -840,  -840,  -840,   411,  -840,  -840,  -840,   427,
++    -622,  -840,  -840,  -840,    91,  -840,  -840,  -840,  -840,  -840,
++     165,  -840,   143,  -840,  -615,  -840,  -840,  -840,  -840,  -840,
++    -840,   345,  -840,  -840,  -840,   340,  -840,  -840,  -840,   350,
++    -264,  -840,  -840,  -840,  -261,  -840,  -840,  -840,   363,  -840,
++    -840,  -840,   311,  -840,  -840,  -840,   346,  -840,  -840,  -840,
++     332,  -840,  -840,  -840,   375,  -840,  -840,   445,  -840,  -840,
++    -840,   446,  -840,  -840,   398,  -840,  -840,  -840,  -840,   448,
++    -840,  -840,   453,    17,  -276,  -840,  -840,  -840,   455,  -840,
++    -840,  -840,  -840,   457,  -840,  -840,  -840,  -840,  -840,  -840,
++    -513,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -595,
++    -840,  -840,  -840,  -593,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,   102,  -268,
++    -840,  -840,    99,  -839,  -840,  -840,  -840,   454,  -840,   -13,
++    -840,  -510,  -840,  -840,  -840,  -225,  -840,  -840,    94,  -840,
++    -840,  -239,  -790,  -840,  -840,  -653,  -840,   -27,   772,   613,
++    -351,  -840,  -840,  -578,  -573,  -840,  -840,  -561,  -840,   835,
++    -216,  -840,  -840,   539,  -840,   167,  -840,   170,  -840,    15,
++    -840,  -840,  -840,  -116,  -840,  -840,  -118,  -436,  -272,  -840,
++    -840,   -48,  -840,  -840,   -52,  -840,  -840,  -788,  -840,    12,
++    -840,  -598,  -644,  -837,  -194,  -840,   318,  -840,  -503,  -734,
++    -735,  -786,  -342,  -840,   243,  -840,  -840,  -840,  -366,  -840,
++     -44,  -840,  -840,    14,  -840,  -840,   230,     0,  -840,   556,
++     660,   -10,  -205,  -722,  -840
+ };
+ 
+ /* YYDEFGOTO[NTERM-NUM].  */
+ static const yytype_int16 yydefgoto[] =
+ {
+-      -1,     1,     2,     3,    79,    80,    81,   141,   245,   246,
++       0,     1,     2,     3,    79,    80,    81,   141,   245,   246,
+       82,   144,   248,   249,    83,   147,   251,   252,    84,   150,
+      254,   255,    85,   153,   257,   258,    86,   138,   242,   243,
+-      87,   329,   616,   699,   700,   701,    88,   393,    89,   624,
+-     538,   649,   650,   651,    90,   314,   450,   587,    91,   213,
+-     455,   456,    92,   216,   318,   319,    93,   212,   452,   453,
+-      94,   272,   396,   397,    95,    96,   219,   324,   325,    97,
+-     224,   333,   334,    98,   227,   336,   337,    99,   230,   339,
+-     340,   100,   192,   297,   298,   300,   431,   432,   101,   195,
+-     302,   303,   305,   439,   440,   102,   188,   293,   289,   290,
+-     292,   421,   422,   189,   295,   103,   177,   275,   276,   104,
+-     105,   181,   278,   279,   713,   771,   872,   106,   107,   108,
+-     109,   813,   814,   815,   816,   817,   818,   819,   820,   655,
+-     822,   823,   110,   656,   111,   112,   113,   114,   115,   116,
+-     117,   118,   825,   119,   120,   423,   561,   662,   663,   677,
+-     564,   666,   667,   678,   121,   162,   264,   265,   122,   155,
+-     156,   123,   583,   202,   268,   309,   739,   740,   741,   945,
+-     848,   613,   695,   757,   764,   696,   697,   124,   125,   126,
+-     546,   866,   952,   127,   128,   307,   675,   129,   235,   588,
+-     131,   306,   674,   443,   578,   579,   580,   734,   832,   833,
+-     834,   903,   939,   940,   942,   966,   967,   518,   892,   835,
+-     898,   836,   837,   901,   838,  1005,  1014,   973,   989,   839,
+-     362,   691,   749,   915,   271,   391,   392,   642,  1030,  1010,
+-    1000,  1020,   474,   475,   476,   840,   896,   897,   841,   900,
+-     842,   843,   899,   844,   496,   631,   632,   477,   478,   365,
+-     238,   135,   331,   855,   948
+-};
+-
+-/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
+-   STATE-NUM.  */
+-#define YYPACT_NINF -823
+-static const yytype_int16 yypact[] =
+-{
+-    -823,   143,  -823,  1215,  -823,  -823,    -1,    60,    86,    87,
+-      68,    69,   119,   119,   119,   119,    71,    24,   119,   119,
+-     119,   119,   119,   119,   119,   119,  1503,     8,  -823,  -823,
+-      13,   137,    34,   119,   119,   119,    46,   322,    50,    52,
+-      85,    85,  -823,  -823,  -823,   111,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,   364,
+-     154,   296,   217,  1503,  -823,  -823,   497,   270,  -823,  -823,
+-      74,    89,   497,    85,   102,  -823,    63,    65,    67,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,   140,   167,  -823,  -823,  -823,  -823,
+-     311,  -823,  -823,  -823,    94,  -823,   219,   160,  -823,  -823,
+-     207,  -823,  -823,   214,  -823,  -823,   216,  -823,  -823,   221,
+-    -823,  -823,   231,   119,  -823,  -823,   175,  -823,  -823,  -823,
+-    -823,    28,   119,   341,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,    85,   215,  -823,  -823,   309,  -823,  -823,  -823,
+-     243,  -823,  -823,  -823,  -823,  -823,  -823,   295,   242,  -823,
+-     276,   263,   249,  -823,   285,   265,  -823,  -823,    45,  -823,
+-    -823,  -823,   405,  -823,  -823,  -823,   384,  -823,   167,  -823,
+-      75,  -823,   308,   366,  -823,   406,  -823,  -823,   259,   215,
+-     336,   345,   497,   407,  -823,  -823,   408,  -823,  -823,   409,
+-    -823,  -823,   497,   217,  1503,   479,   107,   227,   138,  -823,
+-     393,   394,   313,  -823,   395,   320,  -823,   399,   324,  -823,
+-     400,   326,  -823,   401,   329,  -823,   402,   331,  -823,  -823,
+-    -823,  -823,   403,   410,   333,  -823,  -823,  -823,   119,  -823,
+-     518,  -823,    18,   411,   414,   337,  -823,   433,   340,  -823,
+-     437,   439,   440,   441,   442,   443,   445,   449,   450,   342,
+-    -823,   332,  -823,   276,  -823,  -823,   451,   346,  -823,   306,
+-    -823,   452,   348,  -823,   306,  -823,   390,   390,  -823,   215,
+-    -823,   138,   215,   398,   453,   527,   529,   455,   350,  -823,
+-     457,   462,   463,   464,   352,  -823,  -823,  1276,    85,   215,
+-    -823,   -22,   465,   354,  -823,   466,   356,  -823,   467,   358,
+-    -823,    29,  -823,   215,  -823,  1276,   469,   470,   108,   471,
+-     472,   473,   474,   475,   480,   481,  -823,   -40,   185,   468,
+-     482,   483,   456,   544,  -823,  -823,   287,   534,  -823,   160,
+-     606,  -823,   207,   607,  -823,   214,   608,  -823,   216,   611,
+-    -823,   221,   612,  -823,   231,   613,   542,  -823,    28,  -823,
+-     495,   -21,  -823,   496,   491,   620,   560,   503,   499,   625,
+-     397,  -823,   309,   626,  -823,   243,   627,   628,   322,   397,
+-     397,   397,   397,   631,   555,  -823,   295,   516,    90,  -823,
+-    -823,    38,  -823,  -823,  -823,  -823,   322,  -823,   263,  -823,
+-    -823,    25,  -823,  -823,   322,  -823,   285,  -823,  -823,    35,
+-    -823,  -823,   359,   215,   215,  -823,  -823,   511,   636,   842,
+-     513,  -823,    21,  -823,  -823,    31,  -823,   287,  -823,   406,
+-     638,   639,   642,   643,  -823,   259,   405,   405,   405,   405,
+-     405,   520,   528,   405,   531,   532,  -823,   405,   526,   535,
+-     533,   497,  -823,   322,  -823,   407,   322,  -823,   408,    85,
+-    -823,   409,  -823,  -823,   537,   330,   524,  -823,   497,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,   536,  -823,
+-     538,  -823,  -823,  -823,  1276,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,   103,   518,  -823,   283,  -823,  -823,
+-      22,  -823,   405,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-     546,  -823,  -823,   171,   119,   539,  -823,  -823,  -823,   545,
+-    -823,  -823,  -823,   547,  -823,  -823,  -823,  -823,   540,  -823,
+-      85,  -823,  -823,   548,   680,   543,  -823,   203,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,   215,   215,   215,   215,   215,  1276,  1276,   215,   599,
+-    1276,   215,   554,  -823,  -823,   152,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,   496,   599,   119,   119,   119,  -823,
+-    -823,    59,  -823,   683,   556,  -823,  -823,   557,   549,  -823,
+-    -823,  -823,  -823,  -823,   119,   119,   119,   119,   497,    61,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,   673,
+-    -823,   553,   362,  -823,   558,   559,   365,  -823,  -823,  -823,
+-    -823,  -823,   359,  -823,   561,   561,   404,  -823,  -823,   564,
+-    -823,  -823,   526,   526,   526,  -823,  -823,   566,   568,  -823,
+-    -823,   585,  -823,  -823,    85,   294,  -823,   258,   119,    57,
+-    -823,  -823,  -823,  -823,  -823,  -823,   585,  -823,  -823,  -823,
+-    -823,  -823,   119,   694,   567,   599,   276,  -823,  -823,  -823,
+-    -823,   688,   569,  -823,  -823,   690,  -823,   546,   692,   693,
+-    -823,   171,  -823,  1089,   572,   573,   577,  -823,  -823,   578,
+-     404,  -823,   497,  -823,  -823,  -823,   405,   405,  -823,   604,
+-     581,  -823,  -823,  -823,  -823,  -823,  -823,   554,  -823,  -823,
+-    -823,  -823,  -823,  -823,   732,  -823,   580,  -823,   604,  -823,
+-     119,   717,  -823,   585,   579,   588,  -823,  -823,  -823,  -823,
+-    -823,  -823,   119,   119,   589,   119,   119,   119,   119,   119,
+-     119,   119,   119,   119,   119,   119,   119,   672,   672,   672,
+-     575,  -823,  -823,   582,  -823,  -823,   593,   712,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,   980,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,   554,   215,   591,
+-    -823,   367,   215,   215,   595,   596,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,   598,   -31,  -823,  -823,   600,  -823,   596,
+-    -823,   119,  -823,   604,   276,  1276,  -823,  -823,  1276,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,   584,   587,   592,  -823,  1333,  1333,   594,  1447,
+-    1390,   716,   235,   602,   610,  -823,  -823,  -823,   609,  -823,
+-     215,  -823,  -823,    85,   657,   215,  -823,   298,   215,  -823,
+-     596,  -823,   614,   618,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,   121,  -823,   589,  -823,   630,   632,   633,   372,
+-    -823,   306,  -823,   637,  -823,  -823,   634,  -823,   376,  -823,
+-     616,   294,   379,   616,   215,   599,   604,   641,   731,   287,
+-     755,  -823,   235,  -823,  -823,  -823,    42,  -823,   604,   680,
+-    -823,    85,  -823,   640,  -823,   554,   645,   616,   604,   215,
+-    -823,  -823,  -823,  -823,   646,  -823,   596,  -823,  -823,   497,
+-     742,   294,   680,   664,   215,   624,  -823,   215,   644,   119,
+-     747,   742,   742,   616,  -823,   665,   669,  1276,  -823,   119,
+-     763,   747,   747,   670,   649,   680,   742,   676,  -823,   119,
+-     783,   763,   763,   680,  1276,   742,   747,   660,  -823,   119,
+-    -823,   783,   783,   742,   681,   747,   763,  -823,  -823,  -823,
+-    -823,   747,   662,  -823,  -823,  -823,  -823
++      87,   330,   619,   702,   703,   704,    88,   394,    89,   627,
++     540,   652,   653,   654,    90,   315,   452,   590,    91,   213,
++     457,   458,    92,   216,   319,   320,    93,   212,   454,   455,
++      94,   272,   397,   398,    95,    96,   219,   325,   326,    97,
++     224,   334,   335,    98,   227,   337,   338,    99,   230,   340,
++     341,   100,   192,   298,   299,   301,   433,   434,   101,   195,
++     303,   304,   306,   441,   442,   102,   188,   294,   290,   291,
++     293,   423,   424,   189,   296,   103,   177,   275,   276,   104,
++     105,   181,   278,   279,   716,   774,   875,   106,   107,   108,
++     109,   816,   817,   818,   819,   820,   821,   822,   823,   658,
++     825,   826,   110,   659,   111,   112,   113,   114,   115,   116,
++     117,   118,   828,   119,   120,   425,   564,   665,   666,   680,
++     567,   669,   670,   681,   121,   162,   264,   265,   122,   155,
++     156,   123,   586,   202,   268,   310,   742,   743,   744,   948,
++     851,   616,   698,   760,   767,   699,   700,   124,   125,   126,
++     548,   869,   955,   127,   128,   308,   678,   129,   235,   591,
++     131,   307,   677,   445,   581,   582,   583,   737,   835,   836,
++     837,   906,   942,   943,   945,   969,   970,   520,   895,   838,
++     901,   839,   840,   904,   841,  1008,  1017,   976,   992,   842,
++     363,   694,   752,   918,   271,   392,   393,   645,  1033,  1013,
++    1003,  1023,   476,   477,   478,   843,   899,   900,   844,   903,
++     845,   846,   902,   847,   498,   634,   635,   479,   480,   366,
++     238,   135,   332,   858,   951
+ };
+ 
+-/* YYPGOTO[NTERM-NUM].  */
+-static const yytype_int16 yypgoto[] =
+-{
+-    -823,  -823,   834,  -823,  -823,  -411,  -823,  -823,  -823,   484,
+-    -823,  -823,  -823,   461,  -823,  -823,  -823,   476,  -823,  -823,
+-    -823,   460,  -823,  -823,  -823,   458,  -823,  -823,  -823,   477,
+-    -638,  -823,  -823,  -823,   144,  -823,  -823,  -823,  -823,  -823,
+-     220,  -823,   196,  -823,  -629,  -823,  -823,  -823,  -823,  -823,
+-    -823,   396,  -823,  -823,  -823,   412,  -823,  -823,  -823,   413,
+-    -265,  -823,  -823,  -823,  -264,  -823,  -823,  -823,   387,  -823,
+-    -823,  -823,   368,  -823,  -823,  -823,   369,  -823,  -823,  -823,
+-     370,  -823,  -823,  -823,   427,  -823,  -823,   429,  -823,  -823,
+-    -823,   426,  -823,  -823,   424,  -823,  -823,  -823,  -823,   448,
+-    -823,  -823,   446,     6,  -263,  -823,  -823,  -823,   478,  -823,
+-    -823,  -823,  -823,   485,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -508,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -627,
+-    -823,  -823,  -823,  -603,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,   139,  -268,
+-    -823,  -823,   141,  -822,  -823,  -823,  -823,   489,  -823,   -13,
+-    -823,  -505,  -823,  -823,  -823,  -223,  -823,  -823,   128,  -823,
+-    -823,  -212,  -786,  -823,  -823,  -647,  -823,   -27,   807,   648,
+-    -349,  -823,  -823,  -598,  -579,  -823,  -823,  -574,  -823,   867,
+-    -216,  -823,  -823,   571,  -823,   201,  -823,   204,  -823,    51,
+-    -823,  -823,  -823,   -80,  -823,  -823,   -82,  -432,  -260,  -823,
+-    -823,   -11,  -823,  -823,   -16,  -823,  -823,  -660,  -823,    12,
+-    -823,  -597,  -577,  -796,  -195,  -823,   357,  -823,  -496,  -680,
+-    -696,  -765,  -341,  -823,   279,  -823,  -823,  -823,  -355,  -823,
+-      -9,  -823,  -823,    14,  -823,  -823,   262,     0,  -823,   583,
+-     686,   -10,  -214,  -704,  -823
+-};
+-
+-/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
+-   positive, shift that token.  If negative, reduce the rule which
+-   number is the opposite.  If zero, do what YYDEFACT says.
+-   If YYTABLE_NINF, syntax error.  */
+-#define YYTABLE_NINF -563
++/* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM.  If
++   positive, shift that token.  If negative, reduce the rule whose
++   number is the opposite.  If YYTABLE_NINF, syntax error.  */
+ static const yytype_int16 yytable[] =
+ {
+-     157,   158,   159,   134,   494,   164,   165,   166,   167,   168,
+-     169,   170,   171,   197,   198,   132,   173,   133,   341,   344,
+-     182,   183,   184,   424,   326,   594,   419,   420,   706,   654,
+-     425,   433,   657,   136,   429,   430,   441,   418,   586,   437,
+-     438,   346,   417,   190,   193,   196,   221,   418,   175,   398,
+-     418,   231,   394,   209,   418,   451,   658,    27,    28,   163,
+-     553,   554,   555,   556,   869,   454,   210,    27,    28,   179,
+-      27,    28,   220,   918,    27,    28,   626,   627,   628,  -562,
+-     185,   186,   225,   228,   185,   186,   185,   186,   644,    27,
+-      28,    27,    28,    27,    28,   808,   139,   185,   186,   185,
+-     186,    29,   148,   151,   809,   160,   821,   704,   214,   312,
+-     857,   645,   646,   647,   445,   507,    35,   447,   773,    29,
+-      35,  -560,   142,   145,   954,   217,   562,   508,   236,   768,
+-     824,   951,   481,   535,   480,   828,   232,   638,   186,   639,
+-     259,   654,   536,     4,   657,   269,   482,   987,   493,   266,
+-     154,   137,    59,   424,   829,   957,   419,   420,   648,   830,
+-     174,    62,   262,   433,  -562,   176,   429,   430,   263,   920,
+-    1001,   441,   178,   637,   437,   438,   681,   395,   590,    62,
+-     698,   659,   569,   481,    27,    28,   180,   199,   592,   991,
+-     997,   704,   573,  1025,   808,   565,   873,   492,   187,   984,
+-     907,  1033,   191,   809,   194,   821,   260,  -562,   261,  -562,
+-     640,    35,   140,   237,   766,   223,   710,   226,   722,   229,
+-     149,   152,   330,   161,   343,   812,   215,   313,   827,   824,
+-     629,   630,   330,   203,   828,    27,    28,    29,   143,   146,
+-     237,   218,   563,   601,   602,   603,   604,   605,   581,   582,
+-     608,    29,   979,   829,   611,   389,  1031,  1032,   830,   345,
+-     498,   233,    35,   499,   986,   687,   688,    40,    41,   222,
+-     270,  1044,   652,   653,   994,   698,    42,    43,    44,    45,
++     157,   158,   159,   134,   496,   164,   165,   166,   167,   168,
++     169,   170,   171,   197,   198,   132,   173,   133,   427,   345,
++     182,   183,   184,   597,   426,   327,   657,   342,   421,   660,
++     709,   422,   435,   453,   139,   921,   431,   443,   395,   432,
++     419,   439,   347,   589,   440,   661,   221,   399,   420,   872,
++     420,   231,  -563,   209,   190,   193,   196,   420,   175,   555,
++     556,   557,   558,   559,   420,   771,   210,   456,    27,    28,
++      27,    28,   220,   629,   630,   631,   136,    27,    28,    27,
++      28,   179,   185,   186,    27,    28,   957,    29,    27,    28,
++     142,   145,   148,   225,   228,   217,   185,   186,   185,   186,
++     185,   186,   185,   186,   346,   707,    35,   860,   151,   160,
++     214,   313,   240,   236,   811,   270,   447,   565,    29,   449,
++     776,   812,   511,  -561,   960,     4,   241,   641,   186,   642,
++     954,   154,   876,   990,   483,   512,   482,  -563,   232,   657,
++     259,   824,   660,   827,   537,   269,   483,    62,   484,   266,
++     495,   140,  1000,   538,   923,   426,  1004,   593,   831,   421,
++     494,   647,   422,   832,   396,   435,    27,    28,   979,   431,
++     701,   662,   432,   443,   640,   833,   176,   439,    62,  1028,
++     440,  -563,   684,  -563,   648,   649,   650,  1036,   994,   707,
++     509,   595,   996,    35,   568,   137,   572,   910,   237,   180,
++     643,   187,   510,   576,   174,   769,   229,   143,   146,   237,
++     987,   149,   218,   811,   713,   191,   163,   194,  1016,   223,
++     812,   226,   331,   815,   344,    59,   830,   152,   161,   215,
++     314,   651,   331,   632,   566,   262,   633,   982,  1034,  1035,
++     824,   263,   827,   604,   605,   606,   607,   608,   419,   989,
++     611,   584,   585,  1047,   614,   390,   420,   831,   500,   997,
++     667,   501,   832,   178,    27,    28,   199,   690,   691,  1014,
++    1015,   668,   185,   186,   833,   655,    27,    28,   656,   420,
++    1024,  1025,   200,   201,  1029,    27,    28,    29,   260,   939,
++     261,    35,   725,  1038,   940,  1039,   273,   274,   941,    27,
++      28,  1044,   481,   203,  1046,   629,   630,   631,   321,   364,
++    1048,   365,    35,    29,   322,   323,   324,    40,    41,   663,
++      27,    28,   815,   369,   370,   830,    42,    43,    44,    45,
+       46,    47,    48,    49,    50,    51,    52,    53,    54,    55,
+-      56,    57,    58,   976,    59,    60,    61,    62,   240,    63,
+-     363,   479,   364,   664,   211,  1011,  1012,   232,    64,    65,
+-     644,   241,    66,    67,   665,    27,    28,   993,   418,   660,
+-    1026,   516,    72,   517,   812,    73,   239,   827,    74,  1035,
+-      75,  1021,  1022,   645,   646,   647,   417,  1041,    27,    28,
+-     509,   234,    35,  1013,   418,   244,  1036,   626,   627,   628,
+-     702,   703,   247,   510,   250,  1043,   185,   186,   978,   253,
+-     680,  1045,    27,    28,    27,    28,   629,   630,   936,   256,
+-     204,   205,   206,   937,    59,   207,   267,   938,   270,   347,
+-     648,   277,   348,   294,   652,   653,   349,   350,   351,   352,
+-     353,   354,   355,   356,   357,   358,   320,   359,   291,   360,
+-     361,   296,   321,   322,   323,   299,   682,   683,   684,   685,
+-     686,   737,   738,   689,   552,   865,   693,   758,   759,   760,
+-     761,   304,   762,   301,   763,   575,   576,   577,   200,   201,
+-     280,   281,   567,   282,   702,   703,    27,    28,   736,   308,
+-     571,   283,   284,   285,   286,   287,   288,   273,   274,   134,
+-     694,  -364,  -364,   774,   751,   752,   753,   754,   755,   756,
+-     310,   132,   622,   133,   315,   826,   368,   369,   810,   811,
+-     743,   744,   745,   371,   372,   737,   738,   374,   375,   377,
+-     378,   617,   380,   381,   383,   384,   387,   388,   327,   618,
+-     401,   402,   620,   404,   405,   415,   416,   328,   634,   427,
+-     428,   435,   436,   458,   459,   464,   465,   484,   485,   487,
+-     488,   490,   491,   544,   545,   726,   727,   831,   730,   731,
+-     910,   481,   316,   852,   853,   961,   962,   981,   851,   970,
+-     971,    29,   974,   975,   922,  1039,  1040,   923,   893,   894,
+-     641,   928,   929,    40,   317,   332,   335,   338,   366,   367,
+-     370,   668,   390,   673,   373,   376,   379,   382,   385,   442,
+-     448,   451,   172,   454,   826,   386,   399,   810,   811,   400,
+-      42,    43,    44,    45,    46,    47,    48,    49,    50,    51,
+-      52,    53,    54,    55,    56,    57,    58,   134,   403,    60,
+-      61,    62,   406,    63,   407,   408,   409,   410,   411,   132,
+-     412,   133,    64,    65,   413,   414,   426,   434,   514,   449,
+-     457,   921,   460,   707,   708,   709,   831,   461,   462,   463,
+-     483,   486,   489,   497,    75,   495,   500,   501,   502,   503,
+-     504,   717,   718,   719,   720,   505,   506,   512,   513,   511,
+-     515,   519,   521,   523,   525,   527,   529,   531,   721,   532,
+-     534,  -316,   537,   908,   539,   540,   541,   911,   912,   542,
+-     543,   548,   558,   550,   551,   557,  1017,   750,   560,   584,
+-     585,   589,   606,   965,   596,   597,   963,   964,   598,   599,
+-     607,   612,   633,  1034,   609,   765,   610,   661,   614,   615,
+-     625,   635,   418,   636,   672,   690,   679,   669,   965,   769,
+-     712,   963,   964,   670,   676,   671,   694,   724,   725,   714,
+-     715,   748,   770,   728,   729,   946,   742,   733,   716,   746,
+-     950,   747,   775,   953,   854,   772,   777,   776,   779,   780,
+-     845,   846,   847,   134,   856,   849,   871,   864,   868,   874,
+-     875,   878,   330,   891,   895,   902,   904,   913,  -445,   909,
+-     934,   914,   917,   924,   867,   916,   925,   870,   941,   977,
+-     807,   926,   943,   944,   949,   980,    29,   955,   858,   876,
+-     877,   956,   879,   880,   881,   882,   883,   884,   885,   886,
+-     887,   888,   889,   890,   995,   958,   972,   959,   960,   982,
+-     968,   999,   969,   345,  1004,  1009,  1007,   172,   990,  1003,
+-    1019,  1024,  1006,   992,   996,    42,    43,    44,    45,    46,
+-      47,    48,    49,    50,    51,    52,    53,    54,    55,    56,
+-      57,    58,  1002,  1015,    60,    61,    62,  1016,  1023,  1027,
+-    1029,  1037,   134,  1046,  1042,     5,   524,    64,    65,   859,
+-     860,   528,   530,   767,   705,   723,   520,   861,   544,   545,
+-     862,   593,   600,   619,   526,   568,   522,   621,   919,    75,
+-     570,   623,   572,   574,   559,   591,   778,   566,   850,   208,
+-     130,   595,   781,   732,    27,    28,    29,   533,   444,   735,
+-     547,   342,   983,   906,   985,   935,   947,   930,   863,   692,
+-     549,   933,   643,   711,   446,   311,   134,   134,     0,   932,
+-     134,    35,     0,     0,     0,     0,    40,    41,     0,     0,
+-       0,   931,     0,     0,     0,    42,    43,    44,    45,    46,
++      56,    57,    58,   211,    59,    60,    61,    62,   518,    63,
++     519,   204,   205,   206,   705,   701,   207,   706,    64,    65,
++     981,   647,    66,    67,   372,   373,    27,    28,   375,   376,
++     632,   222,    72,   633,   232,    73,   378,   379,    74,   233,
++      75,   578,   579,   580,   648,   649,   650,   348,   655,   234,
++     349,   656,   244,    35,   350,   351,   352,   353,   354,   355,
++     356,   357,   358,   359,   239,   360,   247,   361,   362,   250,
++     685,   686,   687,   688,   689,   740,   868,   692,   741,   253,
++     696,    27,    28,   739,   256,    59,   554,   697,  -365,  -365,
++     267,   651,   761,   762,   763,   764,   277,   765,   705,   766,
++     270,   706,   295,   777,   292,   570,   746,   747,   748,   381,
++     382,   134,   309,   574,   754,   755,   756,   757,   758,   759,
++     384,   385,   297,   132,   625,   133,   388,   389,   829,   302,
++     402,   403,   813,   280,   281,   814,   282,   405,   406,   740,
++     417,   418,   741,   620,   283,   284,   285,   286,   287,   288,
++     289,   429,   430,   437,   438,   460,   461,   466,   467,   300,
++     637,   305,   621,   486,   487,   623,   489,   490,   492,   493,
++     546,   547,   729,   730,   733,   734,   913,   483,   964,   965,
++     834,   973,   974,   311,   855,   856,   984,   977,   978,   896,
++     897,  1042,  1043,   931,   932,   316,   925,   317,   318,   926,
++     854,   328,   333,   329,   336,   339,    40,   367,   368,   371,
++     391,   444,   374,   644,   671,   377,   676,   380,   383,   386,
++     450,   387,   453,   456,   400,   401,   404,   829,   407,   408,
++     409,   813,   410,   411,   814,   412,   413,   414,   415,   416,
++     428,   436,   517,   451,   459,   462,   463,   464,   465,   485,
++     134,   488,   491,   499,   497,   521,   502,   503,   504,   505,
++     506,   924,   132,   523,   133,   507,   508,   514,   515,   516,
++     513,   525,   527,   529,   531,   533,   710,   711,   712,   834,
++     534,   536,  -317,   539,   541,   542,   543,   545,   544,   550,
++     561,   552,   553,   560,   720,   721,   722,   723,   563,   587,
++     588,   599,   592,   600,   601,   602,   609,   610,   615,   612,
++     617,   724,   613,   628,   420,   618,   664,   911,   638,   636,
++     639,   914,   915,   675,   672,   673,   674,   679,  1020,   693,
++     753,   682,   697,   715,   717,   718,   968,   727,   728,   719,
++     966,   731,   732,   967,   736,  1037,   745,   751,   768,   749,
++     750,   773,   778,   775,   850,   780,   779,   782,   783,   848,
++     849,   968,   772,   852,   857,   966,   859,   871,   967,   874,
++     877,   878,   881,   898,  -446,   894,   905,   907,   916,   949,
++     917,   912,   920,   927,   953,   928,   919,   956,   937,   944,
++     929,   946,   947,   810,   952,   983,   134,   958,   961,   959,
++     867,   975,   962,   963,   346,   331,   985,   971,   972,  1002,
++    1012,  1010,  1022,  1032,  1027,     5,   993,   870,  1030,   995,
++     873,   999,  1005,   980,  1045,   528,   530,    27,    28,    29,
++    1018,  1019,   879,   880,  1026,   882,   883,   884,   885,   886,
++     887,   888,   889,   890,   891,   892,   893,  1007,   998,  1040,
++    1049,   526,   708,   770,    35,   726,   532,   522,   622,    40,
++      41,   598,   596,  1006,   594,   571,  1009,   524,    42,    43,
++      44,    45,    46,    47,    48,    49,    50,    51,    52,    53,
++      54,    55,    56,    57,    58,   626,    59,    60,    61,    62,
++     603,    63,   781,   784,   208,   134,   624,   853,   130,   577,
++      64,    65,   735,   535,    66,    67,   343,   446,   738,   986,
++     909,   988,   938,   933,    72,   646,   695,    73,   549,   936,
++      74,   922,    75,   551,   714,     0,   562,     0,   448,   312,
++       0,     0,     0,     0,     0,     0,   569,    29,   573,   861,
++       0,     0,     0,     0,   575,     0,     0,     0,     0,   950,
++       0,     0,     0,   683,     0,     0,     0,     0,     0,   134,
++     134,     0,   935,   134,     0,     0,     0,     0,   172,     0,
++       0,     0,     0,     0,   934,     0,    42,    43,    44,    45,
++      46,    47,    48,    49,    50,    51,    52,    53,    54,    55,
++      56,    57,    58,     0,     0,    60,    61,    62,     0,     0,
++       0,     0,     0,     0,     0,     0,     0,   991,    64,    65,
++     862,   863,     0,     0,     0,     0,     0,     0,   864,   546,
++     547,   865,     0,     0,     0,     0,     0,     0,     0,     0,
++      75,     0,     0,     0,     0,     0,     0,     0,     0,     0,
++       0,     0,     0,     0,     0,     0,     0,     0,     0,  1011,
++       0,     0,  1001,     0,   785,   420,     0,     0,     0,  1021,
++     866,     0,     0,     0,     0,     0,   786,     0,     0,  1031,
++     647,     0,     0,     0,     0,    27,    28,   787,     0,  1041,
++       0,   788,   789,   790,   791,   792,   793,   794,   795,   796,
++       0,     0,     0,   648,   797,   798,   799,     0,     0,     0,
++       0,     0,    35,     0,     0,     0,     0,    40,    41,   800,
++     801,   802,   803,   804,     0,   805,    42,    43,    44,    45,
++      46,    47,    48,    49,    50,    51,    52,    53,    54,    55,
++      56,    57,    58,   806,    59,    60,    61,    62,     0,    63,
++     807,     0,     0,     0,     0,     0,     0,     0,    64,    65,
++       0,     0,    66,    67,     0,     0,     0,     0,     0,     0,
++       0,     0,    72,   785,   420,    73,     0,   808,    74,     0,
++      75,     0,     0,   809,     0,   786,     0,     0,     0,   647,
++       0,     0,     0,     0,    27,    28,   787,     0,     0,     0,
++     788,   789,   790,   791,   792,   793,   794,   795,   796,     0,
++       0,   908,   648,   797,   798,   799,     0,     0,     0,     0,
++     810,    35,     0,     0,     0,     0,    40,    41,   800,   801,
++     802,   803,   804,     0,   805,    42,    43,    44,    45,    46,
+       47,    48,    49,    50,    51,    52,    53,    54,    55,    56,
+-      57,    58,     0,    59,    60,    61,    62,     0,    63,     0,
+-       0,     0,     0,     0,   988,     0,     0,    64,    65,     0,
++      57,    58,   806,    59,    60,    61,    62,     0,    63,   807,
++       0,     0,     0,     0,     0,     0,     0,    64,    65,     0,
+        0,    66,    67,     0,     0,     0,     0,     0,     0,     0,
+-       0,    72,     0,     0,    73,     0,     0,    74,     0,    75,
++       0,    72,     0,     0,    73,     0,   808,    74,     0,    75,
++       0,     6,   809,     7,     8,     9,    10,    11,    12,    13,
++       0,    14,    15,    16,    17,     0,     0,     0,    18,    19,
++      20,     0,    21,    22,    23,     0,    24,    25,    26,     0,
++      27,    28,    29,     0,     0,     0,     0,     0,     0,   810,
+        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+-       0,     0,     0,     0,     0,     0,  1008,     0,     0,   998,
+-       0,   782,   418,     0,     0,     0,  1018,     0,     0,     0,
+-       0,     0,     0,   783,     0,     0,  1028,   644,     0,     0,
+-       0,     0,    27,    28,   784,     0,  1038,     0,   785,   786,
+-     787,   788,   789,   790,   791,   792,   793,     0,     0,     0,
+-     645,   794,   795,   796,     0,     0,     0,     0,     0,    35,
+-       0,     0,     0,     0,    40,    41,   797,   798,   799,   800,
+-     801,     0,   802,    42,    43,    44,    45,    46,    47,    48,
+-      49,    50,    51,    52,    53,    54,    55,    56,    57,    58,
+-     803,    59,    60,    61,    62,     0,    63,   804,     0,     0,
+-       0,     0,     0,     0,     0,    64,    65,     0,     0,    66,
+-      67,     0,     0,     0,     0,     0,     0,     0,     0,    72,
+-     782,   418,    73,     0,   805,    74,     0,    75,     0,     0,
+-     806,     0,   783,     0,     0,     0,   644,     0,     0,     0,
+-       0,    27,    28,   784,     0,     0,     0,   785,   786,   787,
+-     788,   789,   790,   791,   792,   793,     0,   905,     0,   645,
+-     794,   795,   796,     0,     0,     0,   807,     0,    35,     0,
+-       0,     0,     0,    40,    41,   797,   798,   799,   800,   801,
+-       0,   802,    42,    43,    44,    45,    46,    47,    48,    49,
+-      50,    51,    52,    53,    54,    55,    56,    57,    58,   803,
+-      59,    60,    61,    62,     0,    63,   804,     0,     0,     0,
+-       0,     0,     0,     0,    64,    65,     0,     0,    66,    67,
+-       0,     0,     0,     0,     0,     0,     0,     0,    72,     0,
+-       0,    73,     0,   805,    74,     0,    75,     0,     6,   806,
+-       7,     8,     9,    10,    11,    12,    13,     0,    14,    15,
+-      16,    17,     0,     0,     0,    18,    19,    20,     0,    21,
+-      22,    23,     0,    24,    25,    26,     0,    27,    28,    29,
+-       0,     0,     0,     0,     0,   807,     0,     0,     0,     0,
+-       0,     0,     0,     0,     0,     0,     0,     0,     0,    30,
+-      31,    32,    33,    34,    35,    36,    37,    38,    39,    40,
+-      41,     0,     0,     0,     0,     0,     0,     0,    42,    43,
+-      44,    45,    46,    47,    48,    49,    50,    51,    52,    53,
+-      54,    55,    56,    57,    58,     0,    59,    60,    61,    62,
+-      29,    63,     0,     0,     0,     0,     0,     0,     0,     0,
+-      64,    65,     0,     0,    66,    67,    68,    69,    70,    71,
+-       0,     0,     0,     0,    72,     0,     0,    73,     0,     0,
+-      74,   172,    75,    76,    77,     0,    78,     0,     0,    42,
++       0,     0,    30,    31,    32,    33,    34,    35,    36,    37,
++      38,    39,    40,    41,     0,     0,     0,     0,     0,     0,
++       0,    42,    43,    44,    45,    46,    47,    48,    49,    50,
++      51,    52,    53,    54,    55,    56,    57,    58,     0,    59,
++      60,    61,    62,    29,    63,     0,     0,     0,     0,     0,
++       0,     0,     0,    64,    65,     0,     0,    66,    67,    68,
++      69,    70,    71,     0,     0,     0,     0,    72,     0,     0,
++      73,     0,     0,    74,   172,    75,    76,    77,     0,    78,
++       0,     0,    42,    43,    44,    45,    46,    47,    48,    49,
++      50,    51,    52,    53,    54,    55,    56,    57,    58,     0,
++      29,    60,    61,    62,     0,    63,     0,   468,   469,   470,
++     471,   472,   473,   474,    64,    65,     0,     0,     0,     0,
++       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
++     475,   172,     0,     0,     0,     0,    75,     0,     0,    42,
+       43,    44,    45,    46,    47,    48,    49,    50,    51,    52,
+-      53,    54,    55,    56,    57,    58,     0,    29,    60,    61,
+-      62,     0,    63,     0,   466,   467,   468,   469,   470,   471,
+-     472,    64,    65,     0,     0,     0,     0,     0,     0,     0,
+-       0,     0,     0,     0,     0,     0,     0,   473,   172,     0,
++      53,    54,    55,    56,    57,    58,   930,    29,    60,    61,
++      62,     0,    63,   807,     0,     0,     0,     0,     0,     0,
++       0,    64,    65,     0,     0,     0,     0,     0,     0,     0,
++       0,     0,     0,     0,     0,    72,     0,     0,   172,     0,
+        0,     0,     0,    75,     0,     0,    42,    43,    44,    45,
+       46,    47,    48,    49,    50,    51,    52,    53,    54,    55,
+-      56,    57,    58,   927,    29,    60,    61,    62,     0,    63,
+-     804,     0,     0,     0,     0,     0,     0,     0,    64,    65,
++      56,    57,    58,   930,    29,    60,    61,    62,     0,    63,
++       0,     0,     0,     0,     0,     0,     0,     0,    64,    65,
+        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+        0,     0,    72,     0,     0,   172,     0,     0,     0,     0,
+       75,     0,     0,    42,    43,    44,    45,    46,    47,    48,
+       49,    50,    51,    52,    53,    54,    55,    56,    57,    58,
+-     927,    29,    60,    61,    62,     0,    63,     0,     0,     0,
++      29,     0,    60,    61,    62,     0,    63,     0,     0,     0,
+        0,     0,     0,     0,     0,    64,    65,     0,     0,     0,
+        0,     0,     0,     0,     0,     0,     0,     0,     0,    72,
+-       0,     0,   172,     0,     0,     0,     0,    75,     0,     0,
+-      42,    43,    44,    45,    46,    47,    48,    49,    50,    51,
+-      52,    53,    54,    55,    56,    57,    58,    29,     0,    60,
+-      61,    62,     0,    63,     0,     0,     0,     0,     0,     0,
+-       0,     0,    64,    65,     0,     0,     0,     0,     0,     0,
+-       0,     0,     0,     0,     0,     0,    72,     0,   172,     0,
+-       0,     0,     0,     0,    75,     0,    42,    43,    44,    45,
+-      46,    47,    48,    49,    50,    51,    52,    53,    54,    55,
+-      56,    57,    58,     0,     0,    60,    61,    62,     0,     0,
+-       0,     0,     0,     0,     0,     0,     0,     0,    64,    65,
+-       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
++       0,   172,     0,     0,     0,     0,    29,    75,     0,    42,
++      43,    44,    45,    46,    47,    48,    49,    50,    51,    52,
++      53,    54,    55,    56,    57,    58,     0,     0,    60,    61,
++      62,     0,    63,     0,     0,     0,     0,   172,     0,     0,
++       0,    64,    65,     0,     0,    42,    43,    44,    45,    46,
++      47,    48,    49,    50,    51,    52,    53,    54,    55,    56,
++      57,    58,     0,    75,    60,    61,    62,     0,     0,     0,
++       0,     0,     0,     0,     0,     0,     0,    64,    65,     0,
+        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+-      75
++       0,     0,     0,     0,     0,     0,     0,     0,     0,    75
+ };
+ 
+ static const yytype_int16 yycheck[] =
+ {
+-      13,    14,    15,     3,   345,    18,    19,    20,    21,    22,
+-      23,    24,    25,    40,    41,     3,    26,     3,   232,   235,
+-      33,    34,    35,   291,   219,   457,   291,   291,   625,   537,
+-     293,   299,   537,    34,   299,   299,   304,    12,   449,   304,
+-     304,   236,     4,    37,    38,    39,    73,    12,    35,   272,
+-      12,    78,    34,    63,    12,    34,    34,    32,    33,    35,
+-     409,   410,   411,   412,   768,    34,    66,    32,    33,    35,
+-      32,    33,    72,   869,    32,    33,    17,    18,    19,    34,
+-      34,    35,    76,    77,    34,    35,    34,    35,    27,    32,
+-      33,    32,    33,    32,    33,   733,    36,    34,    35,    34,
+-      35,    34,    34,    34,   733,    34,   733,   615,    34,    34,
+-     757,    50,    51,    52,   309,   155,    59,   312,   715,    34,
+-      59,   152,    36,    36,   920,    36,    36,   167,    34,   706,
+-     733,   917,   154,   154,   329,   733,   167,    34,    35,    36,
+-     153,   649,   163,     0,   649,   172,   168,   969,   343,   162,
+-      31,   152,    91,   421,   733,    34,   421,   421,    97,   733,
+-     152,    94,   134,   431,   119,   152,   431,   431,   140,   873,
+-     992,   439,    35,   514,   439,   439,   587,   159,   157,    94,
+-     123,   159,   157,   154,    32,    33,   152,    76,   157,   975,
+-     986,   699,   157,  1015,   832,   157,   773,   168,   152,   157,
+-     847,  1023,   152,   832,   152,   832,    31,   162,    33,   164,
+-     107,    59,   152,   119,   157,   152,   157,   152,   157,   152,
+-     152,   152,   222,   152,   234,   733,   152,   152,   733,   832,
+-     495,   495,   232,    79,   832,    32,    33,    34,   152,   152,
+-     119,   152,   152,   466,   467,   468,   469,   470,   443,   444,
+-     473,    34,   956,   832,   477,   268,  1021,  1022,   832,   152,
+-     152,    94,    59,   155,   968,   606,   607,    64,    65,   167,
+-     163,  1036,   537,   537,   978,   123,    73,    74,    75,    76,
++      13,    14,    15,     3,   346,    18,    19,    20,    21,    22,
++      23,    24,    25,    40,    41,     3,    26,     3,   294,   235,
++      33,    34,    35,   459,   292,   219,   539,   232,   292,   539,
++     628,   292,   300,    34,    36,   872,   300,   305,    34,   300,
++       4,   305,   236,   451,   305,    34,    73,   272,    12,   771,
++      12,    78,    34,    63,    37,    38,    39,    12,    35,   410,
++     411,   412,   413,   414,    12,   709,    66,    34,    32,    33,
++      32,    33,    72,    17,    18,    19,    34,    32,    33,    32,
++      33,    35,    34,    35,    32,    33,   923,    34,    32,    33,
++      36,    36,    34,    76,    77,    36,    34,    35,    34,    35,
++      34,    35,    34,    35,   153,   618,    59,   760,    34,    34,
++      34,    34,   138,    34,   736,   164,   310,    36,    34,   313,
++     718,   736,   156,   153,    34,     0,   152,    34,    35,    36,
++     920,    31,   776,   972,   155,   169,   330,   119,   168,   652,
++     153,   736,   652,   736,   155,   172,   155,    94,   169,   162,
++     344,   153,   989,   164,   876,   423,   995,   158,   736,   423,
++     169,    27,   423,   736,   160,   433,    32,    33,   956,   433,
++     123,   160,   433,   441,   516,   736,   153,   441,    94,  1018,
++     441,   163,   590,   165,    50,    51,    52,  1026,   978,   702,
++     156,   158,   980,    59,   158,   153,   158,   850,   119,   153,
++     107,   153,   168,   158,   153,   158,   153,   153,   153,   119,
++     158,   153,   153,   835,   158,   153,    35,   153,  1006,   153,
++     835,   153,   222,   736,   234,    91,   736,   153,   153,   153,
++     153,    97,   232,   497,   153,   134,   497,   959,  1024,  1025,
++     835,   140,   835,   468,   469,   470,   471,   472,     4,   971,
++     475,   445,   446,  1039,   479,   268,    12,   835,   153,   981,
++     132,   156,   835,    35,    32,    33,    76,   609,   610,  1004,
++    1005,   143,    34,    35,   835,   539,    32,    33,   539,    12,
++    1014,  1015,    64,    65,  1019,    32,    33,    34,    31,   133,
++      33,    59,   158,  1028,   138,  1029,   138,   139,   142,    32,
++      33,  1036,   329,    79,  1038,    17,    18,    19,   137,   163,
++    1044,   165,    59,    34,   143,   144,   145,    64,    65,   544,
++      32,    33,   835,   154,   155,   835,    73,    74,    75,    76,
+       77,    78,    79,    80,    81,    82,    83,    84,    85,    86,
+-      87,    88,    89,   953,    91,    92,    93,    94,   138,    96,
+-     162,   328,   164,   132,    34,  1001,  1002,   167,   105,   106,
+-      27,   151,   109,   110,   143,    32,    33,   977,    12,   542,
+-    1016,    34,   119,    36,   832,   122,   107,   832,   125,  1025,
+-     127,  1011,  1012,    50,    51,    52,     4,  1033,    32,    33,
+-     155,    30,    59,  1003,    12,   138,  1026,    17,    18,    19,
+-     615,   615,   138,   168,   138,  1035,    34,    35,   955,   138,
+-     157,  1041,    32,    33,    32,    33,   631,   631,   133,   138,
+-      74,    75,    76,   138,    91,    79,    35,   142,   163,   152,
+-      97,   138,   155,   107,   649,   649,   159,   160,   161,   162,
+-     163,   164,   165,   166,   167,   168,   137,   170,   156,   172,
+-     173,   138,   143,   144,   145,   156,   601,   602,   603,   604,
+-     605,   676,   676,   608,   408,   764,   611,   159,   160,   161,
+-     162,   156,   164,   138,   166,    66,    67,    68,    64,    65,
+-     135,   136,   426,   138,   699,   699,    32,    33,    34,    34,
+-     434,   146,   147,   148,   149,   150,   151,   138,   139,   449,
+-     152,   153,   154,   716,   160,   161,   162,   163,   164,   165,
+-      76,   449,   489,   449,   156,   733,   153,   154,   733,   733,
+-     682,   683,   684,   153,   154,   740,   740,   153,   154,   153,
+-     154,   481,   153,   154,   153,   154,   153,   154,   152,   483,
+-     153,   154,   486,   153,   154,   153,   154,   152,   498,   153,
+-     154,   153,   154,   153,   154,   153,   154,   153,   154,   153,
+-     154,   153,   154,   116,   117,   153,   154,   733,   153,   154,
+-     153,   154,   156,   746,   747,   153,   154,   959,   742,   153,
+-     154,    34,   153,   154,   875,  1031,  1032,   878,   798,   799,
+-     534,   896,   897,    64,   138,   138,   138,   138,   155,   155,
+-     155,   564,    34,   580,   155,   155,   155,   155,   155,   169,
+-     162,    34,    65,    34,   832,   155,   155,   832,   832,   155,
+-      73,    74,    75,    76,    77,    78,    79,    80,    81,    82,
+-      83,    84,    85,    86,    87,    88,    89,   587,   155,    92,
+-      93,    94,   155,    96,   155,   155,   155,   155,   155,   587,
+-     155,   587,   105,   106,   155,   155,   155,   155,   152,   156,
+-     155,   874,   155,   626,   627,   628,   832,   155,   155,   155,
+-     155,   155,   155,   153,   127,   156,   155,   155,   155,   155,
+-     155,   644,   645,   646,   647,   155,   155,   155,   155,   171,
+-      96,   107,    36,    36,    36,    34,    34,    34,   648,   107,
+-     155,   160,   156,   848,    34,    95,   153,   852,   853,   160,
+-      35,    35,   107,    36,    36,    34,  1007,   694,   152,   158,
+-      34,   158,   152,   941,    36,    36,   941,   941,    36,    36,
+-     152,   155,   158,  1024,   153,   698,   154,   141,   153,   156,
+-     153,   155,    12,   155,   154,    96,   153,   158,   966,   712,
+-      17,   966,   966,   158,   156,   158,   152,    34,   155,   153,
+-     153,   126,    18,   155,   155,   910,   152,   156,   169,   153,
+-     915,   153,    34,   918,   120,   158,    36,   158,    36,    36,
+-     158,   158,   155,   733,   153,   157,    19,   764,   158,   160,
+-     152,   152,   742,    71,   169,   152,    34,   152,   166,   158,
+-      34,   155,   152,   169,   764,   157,   169,   770,   156,   954,
+-     166,   169,   152,   154,   107,    34,    34,   153,    36,   782,
+-     783,   153,   785,   786,   787,   788,   789,   790,   791,   792,
+-     793,   794,   795,   796,   979,   155,   170,   155,   155,    34,
+-     153,    49,   158,   152,   170,    48,   152,    65,   158,   994,
+-      37,   152,   997,   158,   158,    73,    74,    75,    76,    77,
+-      78,    79,    80,    81,    82,    83,    84,    85,    86,    87,
+-      88,    89,   158,   158,    92,    93,    94,   158,   158,   153,
+-      47,   171,   832,   171,   153,     1,   375,   105,   106,   107,
+-     108,   381,   384,   699,   624,   649,   369,   115,   116,   117,
+-     118,   455,   465,   485,   378,   428,   372,   488,   871,   127,
+-     431,   491,   436,   439,   416,   452,   727,   421,   740,    62,
+-       3,   459,   731,   672,    32,    33,    34,   388,   307,   675,
+-     402,   233,   962,   832,   966,   901,   913,   898,   156,   610,
+-     405,   900,   535,   631,   311,   209,   896,   897,    -1,   899,
+-     900,    59,    -1,    -1,    -1,    -1,    64,    65,    -1,    -1,
+-      -1,   899,    -1,    -1,    -1,    73,    74,    75,    76,    77,
++      87,    88,    89,    34,    91,    92,    93,    94,    34,    96,
++      36,    74,    75,    76,   618,   123,    79,   618,   105,   106,
++     958,    27,   109,   110,   154,   155,    32,    33,   154,   155,
++     634,   168,   119,   634,   168,   122,   154,   155,   125,    94,
++     127,    66,    67,    68,    50,    51,    52,   153,   652,    30,
++     156,   652,   138,    59,   160,   161,   162,   163,   164,   165,
++     166,   167,   168,   169,   107,   171,   138,   173,   174,   138,
++     604,   605,   606,   607,   608,   679,   767,   611,   679,   138,
++     614,    32,    33,    34,   138,    91,   409,   153,   154,   155,
++      35,    97,   160,   161,   162,   163,   138,   165,   702,   167,
++     164,   702,   107,   719,   157,   428,   685,   686,   687,   154,
++     155,   451,    34,   436,   161,   162,   163,   164,   165,   166,
++     154,   155,   138,   451,   491,   451,   154,   155,   736,   138,
++     154,   155,   736,   135,   136,   736,   138,   154,   155,   743,
++     154,   155,   743,   483,   146,   147,   148,   149,   150,   151,
++     152,   154,   155,   154,   155,   154,   155,   154,   155,   157,
++     500,   157,   485,   154,   155,   488,   154,   155,   154,   155,
++     116,   117,   154,   155,   154,   155,   154,   155,   154,   155,
++     736,   154,   155,    76,   749,   750,   962,   154,   155,   801,
++     802,  1034,  1035,   899,   900,   157,   878,   157,   138,   881,
++     745,   153,   138,   153,   138,   138,    64,   156,   156,   156,
++      34,   170,   156,   536,   567,   156,   583,   156,   156,   156,
++     163,   156,    34,    34,   156,   156,   156,   835,   156,   156,
++     156,   835,   156,   156,   835,   156,   156,   156,   156,   156,
++     156,   156,    96,   157,   156,   156,   156,   156,   156,   156,
++     590,   156,   156,   154,   157,   107,   156,   156,   156,   156,
++     156,   877,   590,    36,   590,   156,   156,   156,   156,   153,
++     172,    36,    36,    34,    34,    34,   629,   630,   631,   835,
++     107,   156,   161,   157,    34,    95,   154,    35,   161,    35,
++     107,    36,    36,    34,   647,   648,   649,   650,   153,   159,
++      34,    36,   159,    36,    36,    36,   153,   153,   156,   154,
++     154,   651,   155,   154,    12,   157,   141,   851,   156,   159,
++     156,   855,   856,   155,   159,   159,   159,   157,  1010,    96,
++     697,   154,   153,    17,   154,   154,   944,    34,   156,   170,
++     944,   156,   156,   944,   157,  1027,   153,   126,   701,   154,
++     154,    18,    34,   159,   156,    36,   159,    36,    36,   159,
++     159,   969,   715,   158,   120,   969,   154,   159,   969,    19,
++     161,   153,   153,   170,   167,    71,   153,    34,   153,   913,
++     156,   159,   153,   170,   918,   170,   158,   921,    34,   157,
++     170,   153,   155,   167,   107,    34,   736,   154,   156,   154,
++     767,   171,   156,   156,   153,   745,    34,   154,   159,    49,
++      48,   153,    37,    47,   153,     1,   159,   767,   154,   159,
++     773,   159,   159,   957,   154,   379,   382,    32,    33,    34,
++     159,   159,   785,   786,   159,   788,   789,   790,   791,   792,
++     793,   794,   795,   796,   797,   798,   799,   171,   982,   172,
++     172,   376,   627,   702,    59,   652,   385,   370,   487,    64,
++      65,   461,   457,   997,   454,   430,  1000,   373,    73,    74,
++      75,    76,    77,    78,    79,    80,    81,    82,    83,    84,
++      85,    86,    87,    88,    89,   493,    91,    92,    93,    94,
++     467,    96,   730,   734,    62,   835,   490,   743,     3,   441,
++     105,   106,   675,   389,   109,   110,   233,   308,   678,   965,
++     835,   969,   904,   901,   119,   537,   613,   122,   403,   903,
++     125,   874,   127,   406,   634,    -1,   418,    -1,   312,   209,
++      -1,    -1,    -1,    -1,    -1,    -1,   423,    34,   433,    36,
++      -1,    -1,    -1,    -1,   438,    -1,    -1,    -1,    -1,   916,
++      -1,    -1,    -1,   158,    -1,    -1,    -1,    -1,    -1,   899,
++     900,    -1,   902,   903,    -1,    -1,    -1,    -1,    65,    -1,
++      -1,    -1,    -1,    -1,   902,    -1,    73,    74,    75,    76,
++      77,    78,    79,    80,    81,    82,    83,    84,    85,    86,
++      87,    88,    89,    -1,    -1,    92,    93,    94,    -1,    -1,
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,   974,   105,   106,
++     107,   108,    -1,    -1,    -1,    -1,    -1,    -1,   115,   116,
++     117,   118,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
++     127,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,  1002,
++      -1,    -1,   992,    -1,    11,    12,    -1,    -1,    -1,  1012,
++     157,    -1,    -1,    -1,    -1,    -1,    23,    -1,    -1,  1022,
++      27,    -1,    -1,    -1,    -1,    32,    33,    34,    -1,  1032,
++      -1,    38,    39,    40,    41,    42,    43,    44,    45,    46,
++      -1,    -1,    -1,    50,    51,    52,    53,    -1,    -1,    -1,
++      -1,    -1,    59,    -1,    -1,    -1,    -1,    64,    65,    66,
++      67,    68,    69,    70,    -1,    72,    73,    74,    75,    76,
++      77,    78,    79,    80,    81,    82,    83,    84,    85,    86,
++      87,    88,    89,    90,    91,    92,    93,    94,    -1,    96,
++      97,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   105,   106,
++      -1,    -1,   109,   110,    -1,    -1,    -1,    -1,    -1,    -1,
++      -1,    -1,   119,    11,    12,   122,    -1,   124,   125,    -1,
++     127,    -1,    -1,   130,    -1,    23,    -1,    -1,    -1,    27,
++      -1,    -1,    -1,    -1,    32,    33,    34,    -1,    -1,    -1,
++      38,    39,    40,    41,    42,    43,    44,    45,    46,    -1,
++      -1,   158,    50,    51,    52,    53,    -1,    -1,    -1,    -1,
++     167,    59,    -1,    -1,    -1,    -1,    64,    65,    66,    67,
++      68,    69,    70,    -1,    72,    73,    74,    75,    76,    77,
+       78,    79,    80,    81,    82,    83,    84,    85,    86,    87,
+-      88,    89,    -1,    91,    92,    93,    94,    -1,    96,    -1,
+-      -1,    -1,    -1,    -1,   971,    -1,    -1,   105,   106,    -1,
++      88,    89,    90,    91,    92,    93,    94,    -1,    96,    97,
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,   105,   106,    -1,
+       -1,   109,   110,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+-      -1,   119,    -1,    -1,   122,    -1,    -1,   125,    -1,   127,
++      -1,   119,    -1,    -1,   122,    -1,   124,   125,    -1,   127,
++      -1,     3,   130,     5,     6,     7,     8,     9,    10,    11,
++      -1,    13,    14,    15,    16,    -1,    -1,    -1,    20,    21,
++      22,    -1,    24,    25,    26,    -1,    28,    29,    30,    -1,
++      32,    33,    34,    -1,    -1,    -1,    -1,    -1,    -1,   167,
+       -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+-      -1,    -1,    -1,    -1,    -1,    -1,   999,    -1,    -1,   989,
+-      -1,    11,    12,    -1,    -1,    -1,  1009,    -1,    -1,    -1,
+-      -1,    -1,    -1,    23,    -1,    -1,  1019,    27,    -1,    -1,
+-      -1,    -1,    32,    33,    34,    -1,  1029,    -1,    38,    39,
+-      40,    41,    42,    43,    44,    45,    46,    -1,    -1,    -1,
+-      50,    51,    52,    53,    -1,    -1,    -1,    -1,    -1,    59,
+-      -1,    -1,    -1,    -1,    64,    65,    66,    67,    68,    69,
+-      70,    -1,    72,    73,    74,    75,    76,    77,    78,    79,
+-      80,    81,    82,    83,    84,    85,    86,    87,    88,    89,
+-      90,    91,    92,    93,    94,    -1,    96,    97,    -1,    -1,
+-      -1,    -1,    -1,    -1,    -1,   105,   106,    -1,    -1,   109,
+-     110,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   119,
+-      11,    12,   122,    -1,   124,   125,    -1,   127,    -1,    -1,
+-     130,    -1,    23,    -1,    -1,    -1,    27,    -1,    -1,    -1,
+-      -1,    32,    33,    34,    -1,    -1,    -1,    38,    39,    40,
+-      41,    42,    43,    44,    45,    46,    -1,   157,    -1,    50,
+-      51,    52,    53,    -1,    -1,    -1,   166,    -1,    59,    -1,
+-      -1,    -1,    -1,    64,    65,    66,    67,    68,    69,    70,
+-      -1,    72,    73,    74,    75,    76,    77,    78,    79,    80,
+-      81,    82,    83,    84,    85,    86,    87,    88,    89,    90,
+-      91,    92,    93,    94,    -1,    96,    97,    -1,    -1,    -1,
+-      -1,    -1,    -1,    -1,   105,   106,    -1,    -1,   109,   110,
+-      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   119,    -1,
+-      -1,   122,    -1,   124,   125,    -1,   127,    -1,     3,   130,
+-       5,     6,     7,     8,     9,    10,    11,    -1,    13,    14,
+-      15,    16,    -1,    -1,    -1,    20,    21,    22,    -1,    24,
+-      25,    26,    -1,    28,    29,    30,    -1,    32,    33,    34,
+-      -1,    -1,    -1,    -1,    -1,   166,    -1,    -1,    -1,    -1,
+-      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    54,
+-      55,    56,    57,    58,    59,    60,    61,    62,    63,    64,
+-      65,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    73,    74,
+-      75,    76,    77,    78,    79,    80,    81,    82,    83,    84,
+-      85,    86,    87,    88,    89,    -1,    91,    92,    93,    94,
+-      34,    96,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+-     105,   106,    -1,    -1,   109,   110,   111,   112,   113,   114,
+-      -1,    -1,    -1,    -1,   119,    -1,    -1,   122,    -1,    -1,
+-     125,    65,   127,   128,   129,    -1,   131,    -1,    -1,    73,
++      -1,    -1,    54,    55,    56,    57,    58,    59,    60,    61,
++      62,    63,    64,    65,    -1,    -1,    -1,    -1,    -1,    -1,
++      -1,    73,    74,    75,    76,    77,    78,    79,    80,    81,
++      82,    83,    84,    85,    86,    87,    88,    89,    -1,    91,
++      92,    93,    94,    34,    96,    -1,    -1,    -1,    -1,    -1,
++      -1,    -1,    -1,   105,   106,    -1,    -1,   109,   110,   111,
++     112,   113,   114,    -1,    -1,    -1,    -1,   119,    -1,    -1,
++     122,    -1,    -1,   125,    65,   127,   128,   129,    -1,   131,
++      -1,    -1,    73,    74,    75,    76,    77,    78,    79,    80,
++      81,    82,    83,    84,    85,    86,    87,    88,    89,    -1,
++      34,    92,    93,    94,    -1,    96,    -1,    98,    99,   100,
++     101,   102,   103,   104,   105,   106,    -1,    -1,    -1,    -1,
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
++     121,    65,    -1,    -1,    -1,    -1,   127,    -1,    -1,    73,
+       74,    75,    76,    77,    78,    79,    80,    81,    82,    83,
+-      84,    85,    86,    87,    88,    89,    -1,    34,    92,    93,
+-      94,    -1,    96,    -1,    98,    99,   100,   101,   102,   103,
+-     104,   105,   106,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+-      -1,    -1,    -1,    -1,    -1,    -1,    -1,   121,    65,    -1,
++      84,    85,    86,    87,    88,    89,    90,    34,    92,    93,
++      94,    -1,    96,    97,    -1,    -1,    -1,    -1,    -1,    -1,
++      -1,   105,   106,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
++      -1,    -1,    -1,    -1,    -1,   119,    -1,    -1,    65,    -1,
+       -1,    -1,    -1,   127,    -1,    -1,    73,    74,    75,    76,
+       77,    78,    79,    80,    81,    82,    83,    84,    85,    86,
+       87,    88,    89,    90,    34,    92,    93,    94,    -1,    96,
+-      97,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   105,   106,
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   105,   106,
+       -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+       -1,    -1,   119,    -1,    -1,    65,    -1,    -1,    -1,    -1,
+      127,    -1,    -1,    73,    74,    75,    76,    77,    78,    79,
+       80,    81,    82,    83,    84,    85,    86,    87,    88,    89,
+-      90,    34,    92,    93,    94,    -1,    96,    -1,    -1,    -1,
++      34,    -1,    92,    93,    94,    -1,    96,    -1,    -1,    -1,
+       -1,    -1,    -1,    -1,    -1,   105,   106,    -1,    -1,    -1,
+       -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   119,
+-      -1,    -1,    65,    -1,    -1,    -1,    -1,   127,    -1,    -1,
+-      73,    74,    75,    76,    77,    78,    79,    80,    81,    82,
+-      83,    84,    85,    86,    87,    88,    89,    34,    -1,    92,
+-      93,    94,    -1,    96,    -1,    -1,    -1,    -1,    -1,    -1,
+-      -1,    -1,   105,   106,    -1,    -1,    -1,    -1,    -1,    -1,
+-      -1,    -1,    -1,    -1,    -1,    -1,   119,    -1,    65,    -1,
+-      -1,    -1,    -1,    -1,   127,    -1,    73,    74,    75,    76,
+-      77,    78,    79,    80,    81,    82,    83,    84,    85,    86,
+-      87,    88,    89,    -1,    -1,    92,    93,    94,    -1,    -1,
+-      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   105,   106,
+-      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
++      -1,    65,    -1,    -1,    -1,    -1,    34,   127,    -1,    73,
++      74,    75,    76,    77,    78,    79,    80,    81,    82,    83,
++      84,    85,    86,    87,    88,    89,    -1,    -1,    92,    93,
++      94,    -1,    96,    -1,    -1,    -1,    -1,    65,    -1,    -1,
++      -1,   105,   106,    -1,    -1,    73,    74,    75,    76,    77,
++      78,    79,    80,    81,    82,    83,    84,    85,    86,    87,
++      88,    89,    -1,   127,    92,    93,    94,    -1,    -1,    -1,
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,   105,   106,    -1,
+       -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+-     127
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   127
+ };
+ 
+-/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
+-   symbol of state STATE-NUM.  */
+-static const yytype_uint16 yystos[] =
++/* YYSTOS[STATE-NUM] -- The symbol kind of the accessing symbol of
++   state STATE-NUM.  */
++static const yytype_int16 yystos[] =
+ {
+-       0,   175,   176,   177,     0,   176,     3,     5,     6,     7,
++       0,   176,   177,   178,     0,   177,     3,     5,     6,     7,
+        8,     9,    10,    11,    13,    14,    15,    16,    20,    21,
+       22,    24,    25,    26,    28,    29,    30,    32,    33,    34,
+       54,    55,    56,    57,    58,    59,    60,    61,    62,    63,
+       64,    65,    73,    74,    75,    76,    77,    78,    79,    80,
+       81,    82,    83,    84,    85,    86,    87,    88,    89,    91,
+       92,    93,    94,    96,   105,   106,   109,   110,   111,   112,
+-     113,   114,   119,   122,   125,   127,   128,   129,   131,   178,
+-     179,   180,   184,   188,   192,   196,   200,   204,   210,   212,
+-     218,   222,   226,   230,   234,   238,   239,   243,   247,   251,
+-     255,   262,   269,   279,   283,   284,   291,   292,   293,   294,
+-     306,   308,   309,   310,   311,   312,   313,   314,   315,   317,
+-     318,   328,   332,   335,   351,   352,   353,   357,   358,   361,
+-     363,   364,   393,   417,   421,   425,    34,   152,   201,    36,
+-     152,   181,    36,   152,   185,    36,   152,   189,    34,   152,
+-     193,    34,   152,   197,    31,   333,   334,   333,   333,   333,
+-      34,   152,   329,    35,   333,   333,   333,   333,   333,   333,
+-     333,   333,    65,   425,   152,    35,   152,   280,    35,    35,
+-     152,   285,   333,   333,   333,    34,    35,   152,   270,   277,
+-     277,   152,   256,   277,   152,   263,   277,   351,   351,    76,
+-      64,    65,   337,    79,    74,    75,    76,    79,   352,   425,
+-     421,    34,   231,   223,    34,   152,   227,    36,   152,   240,
+-     421,   351,   167,   152,   244,   277,   152,   248,   277,   152,
+-     252,   351,   167,    94,    30,   362,    34,   119,   424,   107,
+-     138,   151,   202,   203,   138,   182,   183,   138,   186,   187,
+-     138,   190,   191,   138,   194,   195,   138,   198,   199,   333,
+-      31,    33,   134,   140,   330,   331,   333,    35,   338,   351,
+-     163,   398,   235,   138,   139,   281,   282,   138,   286,   287,
+-     135,   136,   138,   146,   147,   148,   149,   150,   151,   272,
+-     273,   156,   274,   271,   107,   278,   138,   257,   258,   156,
+-     259,   138,   264,   265,   156,   266,   365,   359,    34,   339,
+-      76,   424,    34,   152,   219,   156,   156,   138,   228,   229,
+-     137,   143,   144,   145,   241,   242,   398,   152,   152,   205,
+-     421,   426,   138,   245,   246,   138,   249,   250,   138,   253,
+-     254,   426,   353,   425,   364,   152,   398,   152,   155,   159,
+-     160,   161,   162,   163,   164,   165,   166,   167,   168,   170,
+-     172,   173,   394,   162,   164,   423,   155,   155,   153,   154,
+-     155,   153,   154,   155,   153,   154,   155,   153,   154,   155,
+-     153,   154,   155,   153,   154,   155,   155,   153,   154,   333,
+-      34,   399,   400,   211,    34,   159,   236,   237,   339,   155,
+-     155,   153,   154,   155,   153,   154,   155,   155,   155,   155,
+-     155,   155,   155,   155,   155,   153,   154,     4,    12,   234,
+-     238,   275,   276,   319,   323,   278,   155,   153,   154,   234,
+-     238,   260,   261,   323,   155,   153,   154,   234,   238,   267,
+-     268,   323,   169,   367,   367,   398,   423,   398,   162,   156,
+-     220,    34,   232,   233,    34,   224,   225,   155,   153,   154,
+-     155,   155,   155,   155,   153,   154,    98,    99,   100,   101,
+-     102,   103,   104,   121,   406,   407,   408,   421,   422,   351,
+-     398,   154,   168,   155,   153,   154,   155,   153,   154,   155,
+-     153,   154,   168,   398,   406,   156,   418,   153,   152,   155,
+-     155,   155,   155,   155,   155,   155,   155,   155,   167,   155,
+-     168,   171,   155,   155,   152,    96,    34,    36,   381,   107,
+-     203,    36,   183,    36,   187,    36,   191,    34,   195,    34,
+-     199,    34,   107,   331,   155,   154,   163,   156,   214,    34,
+-      95,   153,   160,    35,   116,   117,   354,   282,    35,   287,
+-      36,    36,   277,   354,   354,   354,   354,    34,   107,   273,
+-     152,   320,    36,   152,   324,   157,   276,   277,   258,   157,
+-     261,   277,   265,   157,   268,    66,    67,    68,   368,   369,
+-     370,   398,   398,   336,   158,    34,   179,   221,   363,   158,
+-     157,   233,   157,   225,   381,   229,    36,    36,    36,    36,
+-     242,   339,   339,   339,   339,   339,   152,   152,   339,   153,
+-     154,   339,   155,   345,   153,   156,   206,   421,   277,   246,
+-     277,   250,   351,   254,   213,   153,    17,    18,    19,   234,
+-     238,   419,   420,   158,   421,   155,   155,   406,    34,    36,
+-     107,   277,   401,   400,    27,    50,    51,    52,    97,   215,
+-     216,   217,   234,   238,   294,   303,   307,   335,    34,   159,
+-     339,   141,   321,   322,   132,   143,   325,   326,   333,   158,
+-     158,   158,   154,   351,   366,   360,   156,   323,   327,   153,
+-     157,   179,   398,   398,   398,   398,   398,   406,   406,   398,
+-      96,   395,   408,   398,   152,   346,   349,   350,   123,   207,
+-     208,   209,   234,   238,   294,   214,   395,   333,   333,   333,
+-     157,   420,    17,   288,   153,   153,   169,   333,   333,   333,
+-     333,   421,   157,   216,    34,   155,   153,   154,   155,   155,
+-     153,   154,   369,   156,   371,   371,    34,   234,   238,   340,
+-     341,   342,   152,   345,   345,   345,   153,   153,   126,   396,
+-     351,   160,   161,   162,   163,   164,   165,   347,   159,   160,
+-     161,   162,   164,   166,   348,   333,   157,   208,   396,   333,
+-      18,   289,   158,   395,   278,    34,   158,    36,   322,    36,
+-      36,   326,    11,    23,    34,    38,    39,    40,    41,    42,
+-      43,    44,    45,    46,    51,    52,    53,    66,    67,    68,
+-      69,    70,    72,    90,    97,   124,   130,   166,   204,   218,
+-     234,   238,   294,   295,   296,   297,   298,   299,   300,   301,
+-     302,   303,   304,   305,   307,   316,   323,   335,   357,   358,
+-     361,   364,   372,   373,   374,   383,   385,   386,   388,   393,
+-     409,   412,   414,   415,   417,   158,   158,   155,   344,   157,
+-     342,   426,   339,   339,   120,   427,   153,   349,    36,   107,
+-     108,   115,   118,   156,   351,   354,   355,   425,   158,   427,
+-     333,    19,   290,   396,   160,   152,   333,   333,   152,   333,
+-     333,   333,   333,   333,   333,   333,   333,   333,   333,   333,
+-     333,    71,   382,   382,   382,   169,   410,   411,   384,   416,
+-     413,   387,   152,   375,    34,   157,   373,   349,   398,   158,
+-     153,   398,   398,   152,   155,   397,   157,   152,   397,   333,
+-     427,   278,   406,   406,   169,   169,   169,    90,   412,   412,
+-     385,   393,   421,   414,    34,   388,   133,   138,   142,   376,
+-     377,   156,   378,   152,   154,   343,   398,   351,   428,   107,
+-     398,   346,   356,   398,   397,   153,   153,    34,   155,   155,
+-     155,   153,   154,   234,   238,   323,   379,   380,   153,   158,
+-     153,   154,   170,   391,   153,   154,   391,   398,   395,   427,
+-      34,   381,    34,   377,   157,   380,   427,   327,   351,   392,
+-     158,   346,   158,   391,   427,   398,   158,   397,   421,    49,
+-     404,   327,   158,   398,   170,   389,   398,   152,   333,    48,
+-     403,   404,   404,   391,   390,   158,   158,   406,   333,    37,
+-     405,   403,   403,   158,   152,   327,   404,   153,   333,    47,
+-     402,   405,   405,   327,   406,   404,   403,   171,   333,   402,
+-     402,   404,   153,   403,   405,   403,   171
++     113,   114,   119,   122,   125,   127,   128,   129,   131,   179,
++     180,   181,   185,   189,   193,   197,   201,   205,   211,   213,
++     219,   223,   227,   231,   235,   239,   240,   244,   248,   252,
++     256,   263,   270,   280,   284,   285,   292,   293,   294,   295,
++     307,   309,   310,   311,   312,   313,   314,   315,   316,   318,
++     319,   329,   333,   336,   352,   353,   354,   358,   359,   362,
++     364,   365,   394,   418,   422,   426,    34,   153,   202,    36,
++     153,   182,    36,   153,   186,    36,   153,   190,    34,   153,
++     194,    34,   153,   198,    31,   334,   335,   334,   334,   334,
++      34,   153,   330,    35,   334,   334,   334,   334,   334,   334,
++     334,   334,    65,   426,   153,    35,   153,   281,    35,    35,
++     153,   286,   334,   334,   334,    34,    35,   153,   271,   278,
++     278,   153,   257,   278,   153,   264,   278,   352,   352,    76,
++      64,    65,   338,    79,    74,    75,    76,    79,   353,   426,
++     422,    34,   232,   224,    34,   153,   228,    36,   153,   241,
++     422,   352,   168,   153,   245,   278,   153,   249,   278,   153,
++     253,   352,   168,    94,    30,   363,    34,   119,   425,   107,
++     138,   152,   203,   204,   138,   183,   184,   138,   187,   188,
++     138,   191,   192,   138,   195,   196,   138,   199,   200,   334,
++      31,    33,   134,   140,   331,   332,   334,    35,   339,   352,
++     164,   399,   236,   138,   139,   282,   283,   138,   287,   288,
++     135,   136,   138,   146,   147,   148,   149,   150,   151,   152,
++     273,   274,   157,   275,   272,   107,   279,   138,   258,   259,
++     157,   260,   138,   265,   266,   157,   267,   366,   360,    34,
++     340,    76,   425,    34,   153,   220,   157,   157,   138,   229,
++     230,   137,   143,   144,   145,   242,   243,   399,   153,   153,
++     206,   422,   427,   138,   246,   247,   138,   250,   251,   138,
++     254,   255,   427,   354,   426,   365,   153,   399,   153,   156,
++     160,   161,   162,   163,   164,   165,   166,   167,   168,   169,
++     171,   173,   174,   395,   163,   165,   424,   156,   156,   154,
++     155,   156,   154,   155,   156,   154,   155,   156,   154,   155,
++     156,   154,   155,   156,   154,   155,   156,   156,   154,   155,
++     334,    34,   400,   401,   212,    34,   160,   237,   238,   340,
++     156,   156,   154,   155,   156,   154,   155,   156,   156,   156,
++     156,   156,   156,   156,   156,   156,   156,   154,   155,     4,
++      12,   235,   239,   276,   277,   320,   324,   279,   156,   154,
++     155,   235,   239,   261,   262,   324,   156,   154,   155,   235,
++     239,   268,   269,   324,   170,   368,   368,   399,   424,   399,
++     163,   157,   221,    34,   233,   234,    34,   225,   226,   156,
++     154,   155,   156,   156,   156,   156,   154,   155,    98,    99,
++     100,   101,   102,   103,   104,   121,   407,   408,   409,   422,
++     423,   352,   399,   155,   169,   156,   154,   155,   156,   154,
++     155,   156,   154,   155,   169,   399,   407,   157,   419,   154,
++     153,   156,   156,   156,   156,   156,   156,   156,   156,   156,
++     168,   156,   169,   172,   156,   156,   153,    96,    34,    36,
++     382,   107,   204,    36,   184,    36,   188,    36,   192,    34,
++     196,    34,   200,    34,   107,   332,   156,   155,   164,   157,
++     215,    34,    95,   154,   161,    35,   116,   117,   355,   283,
++      35,   288,    36,    36,   278,   355,   355,   355,   355,   355,
++      34,   107,   274,   153,   321,    36,   153,   325,   158,   277,
++     278,   259,   158,   262,   278,   266,   158,   269,    66,    67,
++      68,   369,   370,   371,   399,   399,   337,   159,    34,   180,
++     222,   364,   159,   158,   234,   158,   226,   382,   230,    36,
++      36,    36,    36,   243,   340,   340,   340,   340,   340,   153,
++     153,   340,   154,   155,   340,   156,   346,   154,   157,   207,
++     422,   278,   247,   278,   251,   352,   255,   214,   154,    17,
++      18,    19,   235,   239,   420,   421,   159,   422,   156,   156,
++     407,    34,    36,   107,   278,   402,   401,    27,    50,    51,
++      52,    97,   216,   217,   218,   235,   239,   295,   304,   308,
++     336,    34,   160,   340,   141,   322,   323,   132,   143,   326,
++     327,   334,   159,   159,   159,   155,   352,   367,   361,   157,
++     324,   328,   154,   158,   180,   399,   399,   399,   399,   399,
++     407,   407,   399,    96,   396,   409,   399,   153,   347,   350,
++     351,   123,   208,   209,   210,   235,   239,   295,   215,   396,
++     334,   334,   334,   158,   421,    17,   289,   154,   154,   170,
++     334,   334,   334,   334,   422,   158,   217,    34,   156,   154,
++     155,   156,   156,   154,   155,   370,   157,   372,   372,    34,
++     235,   239,   341,   342,   343,   153,   346,   346,   346,   154,
++     154,   126,   397,   352,   161,   162,   163,   164,   165,   166,
++     348,   160,   161,   162,   163,   165,   167,   349,   334,   158,
++     209,   397,   334,    18,   290,   159,   396,   279,    34,   159,
++      36,   323,    36,    36,   327,    11,    23,    34,    38,    39,
++      40,    41,    42,    43,    44,    45,    46,    51,    52,    53,
++      66,    67,    68,    69,    70,    72,    90,    97,   124,   130,
++     167,   205,   219,   235,   239,   295,   296,   297,   298,   299,
++     300,   301,   302,   303,   304,   305,   306,   308,   317,   324,
++     336,   358,   359,   362,   365,   373,   374,   375,   384,   386,
++     387,   389,   394,   410,   413,   415,   416,   418,   159,   159,
++     156,   345,   158,   343,   427,   340,   340,   120,   428,   154,
++     350,    36,   107,   108,   115,   118,   157,   352,   355,   356,
++     426,   159,   428,   334,    19,   291,   397,   161,   153,   334,
++     334,   153,   334,   334,   334,   334,   334,   334,   334,   334,
++     334,   334,   334,   334,    71,   383,   383,   383,   170,   411,
++     412,   385,   417,   414,   388,   153,   376,    34,   158,   374,
++     350,   399,   159,   154,   399,   399,   153,   156,   398,   158,
++     153,   398,   334,   428,   279,   407,   407,   170,   170,   170,
++      90,   413,   413,   386,   394,   422,   415,    34,   389,   133,
++     138,   142,   377,   378,   157,   379,   153,   155,   344,   399,
++     352,   429,   107,   399,   347,   357,   399,   398,   154,   154,
++      34,   156,   156,   156,   154,   155,   235,   239,   324,   380,
++     381,   154,   159,   154,   155,   171,   392,   154,   155,   392,
++     399,   396,   428,    34,   382,    34,   378,   158,   381,   428,
++     328,   352,   393,   159,   347,   159,   392,   428,   399,   159,
++     398,   422,    49,   405,   328,   159,   399,   171,   390,   399,
++     153,   334,    48,   404,   405,   405,   392,   391,   159,   159,
++     407,   334,    37,   406,   404,   404,   159,   153,   328,   405,
++     154,   334,    47,   403,   406,   406,   328,   407,   405,   404,
++     172,   334,   403,   403,   405,   154,   404,   406,   404,   172
+ };
+ 
+-#define yyerrok		(yyerrstatus = 0)
+-#define yyclearin	(yychar = YYEMPTY)
+-#define YYEMPTY		(-2)
+-#define YYEOF		0
+-
+-#define YYACCEPT	goto yyacceptlab
+-#define YYABORT		goto yyabortlab
+-#define YYERROR		goto yyerrorlab
+-
++/* YYR1[RULE-NUM] -- Symbol kind of the left-hand side of rule RULE-NUM.  */
++static const yytype_int16 yyr1[] =
++{
++       0,   175,   176,   176,   178,   177,   179,   179,   179,   179,
++     179,   179,   179,   179,   179,   179,   179,   179,   179,   179,
++     179,   179,   179,   179,   179,   179,   179,   179,   179,   179,
++     179,   179,   179,   179,   179,   179,   179,   179,   179,   179,
++     179,   179,   179,   179,   180,   180,   180,   180,   180,   180,
++     180,   180,   180,   180,   180,   180,   181,   182,   182,   183,
++     183,   184,   185,   186,   186,   187,   187,   188,   189,   190,
++     190,   191,   191,   192,   193,   194,   194,   195,   195,   196,
++     197,   198,   198,   199,   199,   200,   201,   202,   202,   203,
++     203,   204,   204,   205,   206,   206,   207,   208,   208,   209,
++     209,   209,   209,   210,   212,   211,   214,   213,   215,   216,
++     216,   217,   217,   217,   217,   217,   217,   217,   217,   217,
++     218,   220,   219,   221,   221,   222,   222,   224,   223,   225,
++     225,   226,   227,   228,   228,   229,   229,   230,   232,   231,
++     233,   233,   234,   236,   235,   237,   237,   237,   237,   238,
++     238,   239,   240,   241,   241,   241,   242,   242,   243,   243,
++     243,   243,   244,   245,   245,   246,   246,   247,   248,   249,
++     249,   250,   250,   251,   252,   253,   253,   254,   254,   255,
++     256,   257,   257,   258,   258,   259,   260,   260,   261,   261,
++     262,   262,   262,   263,   264,   264,   265,   265,   266,   267,
++     267,   268,   268,   269,   269,   269,   270,   270,   272,   271,
++     271,   273,   273,   274,   274,   274,   274,   274,   274,   274,
++     274,   274,   274,   275,   275,   276,   276,   277,   277,   277,
++     277,   278,   278,   279,   279,   280,   281,   281,   282,   282,
++     283,   283,   284,   285,   286,   286,   287,   287,   288,   289,
++     289,   290,   290,   291,   291,   292,   293,   294,   295,   296,
++     297,   298,   299,   300,   301,   302,   303,   304,   305,   306,
++     307,   308,   309,   310,   311,   312,   313,   314,   315,   316,
++     317,   318,   319,   320,   321,   322,   322,   323,   324,   325,
++     325,   325,   326,   326,   327,   327,   328,   328,   329,   330,
++     330,   331,   331,   332,   332,   333,   334,   335,   335,   337,
++     336,   338,   338,   338,   339,   339,   340,   340,   341,   341,
++     342,   342,   343,   343,   343,   344,   344,   345,   345,   346,
++     346,   347,   347,   348,   348,   348,   348,   348,   348,   349,
++     349,   349,   349,   349,   349,   349,   350,   351,   351,   352,
++     352,   353,   353,   354,   355,   355,   356,   356,   356,   356,
++     356,   356,   356,   356,   356,   357,   357,   357,   358,   358,
++     360,   361,   359,   363,   362,   364,   366,   367,   365,   368,
++     368,   369,   369,   370,   371,   371,   371,   371,   372,   372,
++     373,   373,   373,   374,   374,   374,   374,   374,   374,   374,
++     374,   374,   374,   374,   374,   374,   374,   374,   374,   374,
++     374,   374,   374,   374,   374,   374,   374,   374,   374,   374,
++     374,   374,   374,   374,   374,   374,   374,   374,   375,   376,
++     377,   377,   378,   378,   378,   379,   379,   380,   380,   381,
++     381,   381,   382,   382,   383,   383,   385,   384,   384,   386,
++     388,   387,   387,   389,   390,   391,   390,   392,   393,   392,
++     394,   394,   394,   394,   395,   395,   395,   395,   395,   395,
++     395,   395,   395,   395,   395,   395,   395,   395,   395,   395,
++     395,   395,   395,   395,   395,   395,   395,   395,   395,   395,
++     395,   395,   395,   396,   396,   397,   397,   398,   398,   399,
++     399,   400,   400,   401,   401,   402,   402,   402,   402,   403,
++     403,   404,   404,   405,   405,   406,   406,   407,   408,   408,
++     408,   409,   409,   409,   409,   409,   409,   409,   409,   409,
++     411,   410,   412,   410,   410,   414,   413,   413,   415,   415,
++     417,   416,   416,   418,   419,   419,   420,   420,   421,   421,
++     421,   421,   421,   422,   422,   423,   424,   424,   425,   425,
++     425,   426,   426,   426,   426,   426,   426,   426,   426,   426,
++     426,   426,   426,   426,   426,   426,   426,   426,   426,   426,
++     426,   426,   426,   426,   426,   426,   426,   426,   426,   426,
++     426,   426,   427,   427,   428,   428,   429,   429,   429
++};
+ 
+-/* Like YYERROR except do call yyerror.  This remains here temporarily
+-   to ease the transition to the new meaning of YYERROR, for GCC.
+-   Once GCC version 2 has supplanted version 1, this can go.  */
++/* YYR2[RULE-NUM] -- Number of symbols on the right-hand side of rule RULE-NUM.  */
++static const yytype_int8 yyr2[] =
++{
++       0,     2,     1,     2,     0,     2,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     2,     1,     3,     1,
++       3,     3,     2,     1,     3,     1,     3,     3,     2,     1,
++       3,     1,     3,     3,     2,     1,     3,     1,     3,     3,
++       3,     1,     3,     1,     3,     3,     2,     2,     3,     1,
++       3,     3,     3,     5,     0,     3,     4,     1,     2,     1,
++       1,     1,     1,     2,     0,     5,     0,     6,     4,     1,
++       2,     1,     1,     1,     1,     2,     2,     1,     1,     1,
++      14,     0,     5,     0,     3,     1,     2,     0,     5,     1,
++       2,     1,     2,     1,     3,     1,     3,     3,     0,     5,
++       1,     2,     1,     0,     5,     1,     2,     3,     4,     1,
++       3,     1,     3,     0,     1,     3,     1,     3,     3,     3,
++       3,     3,     2,     1,     3,     1,     3,     3,     2,     1,
++       3,     1,     3,     3,     2,     1,     3,     1,     3,     3,
++       3,     1,     3,     1,     3,     3,     0,     4,     1,     2,
++       1,     1,     1,     3,     1,     3,     1,     3,     3,     0,
++       4,     1,     2,     1,     1,     1,     3,     3,     0,     3,
++       3,     1,     3,     3,     3,     3,     3,     3,     3,     3,
++       3,     3,     3,     0,     4,     1,     2,     1,     1,     1,
++       1,     1,     1,     0,     1,     2,     1,     3,     1,     3,
++       3,     3,     2,     2,     1,     3,     1,     3,     3,     0,
++       2,     0,     2,     0,     2,     2,     2,     2,     2,     2,
++       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
++       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
++       2,     2,     2,     2,     3,     1,     3,     3,     3,     0,
++       1,     3,     1,     3,     3,     3,     0,     1,     3,     1,
++       3,     1,     3,     3,     3,     4,     2,     1,     2,     0,
++       9,     0,     1,     1,     0,     1,     0,     1,     0,     1,
++       1,     2,     1,     1,     4,     0,     1,     0,     2,     0,
++       2,     1,     3,     1,     1,     1,     1,     1,     1,     0,
++       1,     1,     1,     1,     1,     1,     3,     0,     3,     2,
++       1,     1,     3,     1,     1,     1,     1,     4,     2,     1,
++       1,     1,     1,     1,     1,     0,     1,     3,     6,    12,
++       0,     0,     8,     0,     3,     4,     0,     0,     8,     0,
++       2,     1,     3,     2,     0,     1,     1,     1,     0,     3,
++       0,     1,     2,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     2,     2,     2,     3,     3,     3,     2,     3,     3,
++       1,     3,     3,     3,     3,     0,     4,     1,     2,     1,
++       1,     1,     1,     1,     0,     1,     0,     3,     1,    11,
++       0,     3,     1,    11,     0,     0,     6,     0,     0,     7,
++      17,     7,    17,    16,     1,     1,     1,     1,     1,     1,
++       1,     1,     2,     2,     2,     2,     2,     2,     2,     2,
++       2,     2,     3,     3,     1,     2,     2,     1,     2,     2,
++       2,     1,     2,     0,     1,     0,     1,     0,     2,     0,
++       3,     1,     3,     1,     3,     1,     5,     1,     1,     0,
++       2,     0,     2,     0,     2,     0,     2,     1,     0,     1,
++       3,     4,     4,     4,     3,     3,     6,     6,     3,     2,
++       0,     3,     0,     3,     1,     0,     3,     1,     1,     1,
++       0,     3,     1,     8,     0,     3,     1,     2,     1,     1,
++       2,     2,     2,     4,     3,     3,     0,     1,     0,     3,
++       2,     1,     4,     2,     2,     1,     1,     2,     1,     1,
++       2,     2,     3,     1,     1,     1,     2,     2,     1,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     3,     0,     4,     0,     1,     3
++};
+ 
+-#define YYFAIL		goto yyerrlab
+ 
+-#define YYRECOVERING()  (!!yyerrstatus)
++enum { YYENOMEM = -2 };
+ 
+-#define YYBACKUP(Token, Value)					\
+-do								\
+-  if (yychar == YYEMPTY && yylen == 1)				\
+-    {								\
+-      yychar = (Token);						\
+-      yylval = (Value);						\
+-      yytoken = YYTRANSLATE (yychar);				\
+-      YYPOPSTACK (1);						\
+-      goto yybackup;						\
+-    }								\
+-  else								\
+-    {								\
+-      yyerror (YY_("syntax error: cannot back up")); \
+-      YYERROR;							\
+-    }								\
+-while (YYID (0))
+-
+-
+-#define YYTERROR	1
+-#define YYERRCODE	256
+-
+-
+-/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
+-   If N is 0, then set CURRENT to the empty location which ends
+-   the previous symbol: RHS[0] (always defined).  */
+-
+-#define YYRHSLOC(Rhs, K) ((Rhs)[K])
+-#ifndef YYLLOC_DEFAULT
+-# define YYLLOC_DEFAULT(Current, Rhs, N)				\
+-    do									\
+-      if (YYID (N))                                                    \
+-	{								\
+-	  (Current).first_line   = YYRHSLOC (Rhs, 1).first_line;	\
+-	  (Current).first_column = YYRHSLOC (Rhs, 1).first_column;	\
+-	  (Current).last_line    = YYRHSLOC (Rhs, N).last_line;		\
+-	  (Current).last_column  = YYRHSLOC (Rhs, N).last_column;	\
+-	}								\
+-      else								\
+-	{								\
+-	  (Current).first_line   = (Current).last_line   =		\
+-	    YYRHSLOC (Rhs, 0).last_line;				\
+-	  (Current).first_column = (Current).last_column =		\
+-	    YYRHSLOC (Rhs, 0).last_column;				\
+-	}								\
+-    while (YYID (0))
+-#endif
++#define yyerrok         (yyerrstatus = 0)
++#define yyclearin       (yychar = YYEMPTY)
+ 
++#define YYACCEPT        goto yyacceptlab
++#define YYABORT         goto yyabortlab
++#define YYERROR         goto yyerrorlab
++#define YYNOMEM         goto yyexhaustedlab
+ 
+-/* YY_LOCATION_PRINT -- Print the location on the stream.
+-   This macro was not mandated originally: define only if we know
+-   we won't break user code: when these are the locations we know.  */
+-
+-#ifndef YY_LOCATION_PRINT
+-# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
+-#  define YY_LOCATION_PRINT(File, Loc)			\
+-     fprintf (File, "%d.%d-%d.%d",			\
+-	      (Loc).first_line, (Loc).first_column,	\
+-	      (Loc).last_line,  (Loc).last_column)
+-# else
+-#  define YY_LOCATION_PRINT(File, Loc) ((void) 0)
+-# endif
+-#endif
+ 
++#define YYRECOVERING()  (!!yyerrstatus)
+ 
+-/* YYLEX -- calling `yylex' with the right arguments.  */
++#define YYBACKUP(Token, Value)                                    \
++  do                                                              \
++    if (yychar == YYEMPTY)                                        \
++      {                                                           \
++        yychar = (Token);                                         \
++        yylval = (Value);                                         \
++        YYPOPSTACK (yylen);                                       \
++        yystate = *yyssp;                                         \
++        goto yybackup;                                            \
++      }                                                           \
++    else                                                          \
++      {                                                           \
++        yyerror (YY_("syntax error: cannot back up")); \
++        YYERROR;                                                  \
++      }                                                           \
++  while (0)
++
++/* Backward compatibility with an undocumented macro.
++   Use YYerror or YYUNDEF. */
++#define YYERRCODE YYUNDEF
+ 
+-#ifdef YYLEX_PARAM
+-# define YYLEX yylex (YYLEX_PARAM)
+-#else
+-# define YYLEX yylex ()
+-#endif
+ 
+ /* Enable debugging if requested.  */
+ #if YYDEBUG
+@@ -2321,80 +2213,58 @@ while (YYID (0))
+ #  define YYFPRINTF fprintf
+ # endif
+ 
+-# define YYDPRINTF(Args)			\
+-do {						\
+-  if (yydebug)					\
+-    YYFPRINTF Args;				\
+-} while (YYID (0))
+-
+-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)			  \
+-do {									  \
+-  if (yydebug)								  \
+-    {									  \
+-      YYFPRINTF (stderr, "%s ", Title);					  \
+-      yy_symbol_print (stderr,						  \
+-		  Type, Value); \
+-      YYFPRINTF (stderr, "\n");						  \
+-    }									  \
+-} while (YYID (0))
+-
+-
+-/*--------------------------------.
+-| Print this symbol on YYOUTPUT.  |
+-`--------------------------------*/
+-
+-/*ARGSUSED*/
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+-static void
+-yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+-#else
++# define YYDPRINTF(Args)                        \
++do {                                            \
++  if (yydebug)                                  \
++    YYFPRINTF Args;                             \
++} while (0)
++
++
++
++
++# define YY_SYMBOL_PRINT(Title, Kind, Value, Location)                    \
++do {                                                                      \
++  if (yydebug)                                                            \
++    {                                                                     \
++      YYFPRINTF (stderr, "%s ", Title);                                   \
++      yy_symbol_print (stderr,                                            \
++                  Kind, Value); \
++      YYFPRINTF (stderr, "\n");                                           \
++    }                                                                     \
++} while (0)
++
++
++/*-----------------------------------.
++| Print this symbol's value on YYO.  |
++`-----------------------------------*/
++
+ static void
+-yy_symbol_value_print (yyoutput, yytype, yyvaluep)
+-    FILE *yyoutput;
+-    int yytype;
+-    YYSTYPE const * const yyvaluep;
+-#endif
++yy_symbol_value_print (FILE *yyo,
++                       yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep)
+ {
++  FILE *yyoutput = yyo;
++  YY_USE (yyoutput);
+   if (!yyvaluep)
+     return;
+-# ifdef YYPRINT
+-  if (yytype < YYNTOKENS)
+-    YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
+-# else
+-  YYUSE (yyoutput);
+-# endif
+-  switch (yytype)
+-    {
+-      default:
+-	break;
+-    }
++  YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
++  YY_USE (yykind);
++  YY_IGNORE_MAYBE_UNINITIALIZED_END
+ }
+ 
+ 
+-/*--------------------------------.
+-| Print this symbol on YYOUTPUT.  |
+-`--------------------------------*/
++/*---------------------------.
++| Print this symbol on YYO.  |
++`---------------------------*/
+ 
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+-static void
+-yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+-#else
+ static void
+-yy_symbol_print (yyoutput, yytype, yyvaluep)
+-    FILE *yyoutput;
+-    int yytype;
+-    YYSTYPE const * const yyvaluep;
+-#endif
++yy_symbol_print (FILE *yyo,
++                 yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep)
+ {
+-  if (yytype < YYNTOKENS)
+-    YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
+-  else
+-    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
++  YYFPRINTF (yyo, "%s %s (",
++             yykind < YYNTOKENS ? "token" : "nterm", yysymbol_name (yykind));
+ 
+-  yy_symbol_value_print (yyoutput, yytype, yyvaluep);
+-  YYFPRINTF (yyoutput, ")");
++  yy_symbol_value_print (yyo, yykind, yyvaluep);
++  YYFPRINTF (yyo, ")");
+ }
+ 
+ /*------------------------------------------------------------------.
+@@ -2402,80 +2272,68 @@ yy_symbol_print (yyoutput, yytype, yyval
+ | TOP (included).                                                   |
+ `------------------------------------------------------------------*/
+ 
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+-static void
+-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
+-#else
+ static void
+-yy_stack_print (bottom, top)
+-    yytype_int16 *bottom;
+-    yytype_int16 *top;
+-#endif
++yy_stack_print (yy_state_t *yybottom, yy_state_t *yytop)
+ {
+   YYFPRINTF (stderr, "Stack now");
+-  for (; bottom <= top; ++bottom)
+-    YYFPRINTF (stderr, " %d", *bottom);
++  for (; yybottom <= yytop; yybottom++)
++    {
++      int yybot = *yybottom;
++      YYFPRINTF (stderr, " %d", yybot);
++    }
+   YYFPRINTF (stderr, "\n");
+ }
+ 
+-# define YY_STACK_PRINT(Bottom, Top)				\
+-do {								\
+-  if (yydebug)							\
+-    yy_stack_print ((Bottom), (Top));				\
+-} while (YYID (0))
++# define YY_STACK_PRINT(Bottom, Top)                            \
++do {                                                            \
++  if (yydebug)                                                  \
++    yy_stack_print ((Bottom), (Top));                           \
++} while (0)
+ 
+ 
+ /*------------------------------------------------.
+ | Report that the YYRULE is going to be reduced.  |
+ `------------------------------------------------*/
+ 
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+ static void
+-yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
+-#else
+-static void
+-yy_reduce_print (yyvsp, yyrule)
+-    YYSTYPE *yyvsp;
+-    int yyrule;
+-#endif
++yy_reduce_print (yy_state_t *yyssp, YYSTYPE *yyvsp,
++                 int yyrule)
+ {
++  int yylno = yyrline[yyrule];
+   int yynrhs = yyr2[yyrule];
+   int yyi;
+-  unsigned long int yylno = yyrline[yyrule];
+-  YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
+-	     yyrule - 1, yylno);
++  YYFPRINTF (stderr, "Reducing stack by rule %d (line %d):\n",
++             yyrule - 1, yylno);
+   /* The symbols being reduced.  */
+   for (yyi = 0; yyi < yynrhs; yyi++)
+     {
+-      fprintf (stderr, "   $%d = ", yyi + 1);
+-      yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
+-		       &(yyvsp[(yyi + 1) - (yynrhs)])
+-		       		       );
+-      fprintf (stderr, "\n");
++      YYFPRINTF (stderr, "   $%d = ", yyi + 1);
++      yy_symbol_print (stderr,
++                       YY_ACCESSING_SYMBOL (+yyssp[yyi + 1 - yynrhs]),
++                       &yyvsp[(yyi + 1) - (yynrhs)]);
++      YYFPRINTF (stderr, "\n");
+     }
+ }
+ 
+-# define YY_REDUCE_PRINT(Rule)		\
+-do {					\
+-  if (yydebug)				\
+-    yy_reduce_print (yyvsp, Rule); \
+-} while (YYID (0))
++# define YY_REDUCE_PRINT(Rule)          \
++do {                                    \
++  if (yydebug)                          \
++    yy_reduce_print (yyssp, yyvsp, Rule); \
++} while (0)
+ 
+ /* Nonzero means print parse trace.  It is left uninitialized so that
+    multiple parsers can coexist.  */
+ int yydebug;
+ #else /* !YYDEBUG */
+-# define YYDPRINTF(Args)
+-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
++# define YYDPRINTF(Args) ((void) 0)
++# define YY_SYMBOL_PRINT(Title, Kind, Value, Location)
+ # define YY_STACK_PRINT(Bottom, Top)
+ # define YY_REDUCE_PRINT(Rule)
+ #endif /* !YYDEBUG */
+ 
+ 
+ /* YYINITDEPTH -- initial size of the parser's stacks.  */
+-#ifndef	YYINITDEPTH
++#ifndef YYINITDEPTH
+ # define YYINITDEPTH 200
+ #endif
+ 
+@@ -2490,478 +2348,219 @@ int yydebug;
+ # define YYMAXDEPTH 10000
+ #endif
+ 
+-
+ 
+-#if YYERROR_VERBOSE
+ 
+-# ifndef yystrlen
+-#  if defined __GLIBC__ && defined _STRING_H
+-#   define yystrlen strlen
+-#  else
+-/* Return the length of YYSTR.  */
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+-static YYSIZE_T
+-yystrlen (const char *yystr)
+-#else
+-static YYSIZE_T
+-yystrlen (yystr)
+-    const char *yystr;
+-#endif
+-{
+-  YYSIZE_T yylen;
+-  for (yylen = 0; yystr[yylen]; yylen++)
+-    continue;
+-  return yylen;
+-}
+-#  endif
+-# endif
+ 
+-# ifndef yystpcpy
+-#  if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
+-#   define yystpcpy stpcpy
+-#  else
+-/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
+-   YYDEST.  */
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+-static char *
+-yystpcpy (char *yydest, const char *yysrc)
+-#else
+-static char *
+-yystpcpy (yydest, yysrc)
+-    char *yydest;
+-    const char *yysrc;
+-#endif
+-{
+-  char *yyd = yydest;
+-  const char *yys = yysrc;
+ 
+-  while ((*yyd++ = *yys++) != '\0')
+-    continue;
+-
+-  return yyd - 1;
+-}
+-#  endif
+-# endif
+-
+-# ifndef yytnamerr
+-/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
+-   quotes and backslashes, so that it's suitable for yyerror.  The
+-   heuristic is that double-quoting is unnecessary unless the string
+-   contains an apostrophe, a comma, or backslash (other than
+-   backslash-backslash).  YYSTR is taken from yytname.  If YYRES is
+-   null, do not copy; instead, return the length of what the result
+-   would have been.  */
+-static YYSIZE_T
+-yytnamerr (char *yyres, const char *yystr)
+-{
+-  if (*yystr == '"')
+-    {
+-      YYSIZE_T yyn = 0;
+-      char const *yyp = yystr;
+-
+-      for (;;)
+-	switch (*++yyp)
+-	  {
+-	  case '\'':
+-	  case ',':
+-	    goto do_not_strip_quotes;
+-
+-	  case '\\':
+-	    if (*++yyp != '\\')
+-	      goto do_not_strip_quotes;
+-	    /* Fall through.  */
+-	  default:
+-	    if (yyres)
+-	      yyres[yyn] = *yyp;
+-	    yyn++;
+-	    break;
+-
+-	  case '"':
+-	    if (yyres)
+-	      yyres[yyn] = '\0';
+-	    return yyn;
+-	  }
+-    do_not_strip_quotes: ;
+-    }
+-
+-  if (! yyres)
+-    return yystrlen (yystr);
+-
+-  return yystpcpy (yyres, yystr) - yyres;
+-}
+-# endif
+-
+-/* Copy into YYRESULT an error message about the unexpected token
+-   YYCHAR while in state YYSTATE.  Return the number of bytes copied,
+-   including the terminating null byte.  If YYRESULT is null, do not
+-   copy anything; just return the number of bytes that would be
+-   copied.  As a special case, return 0 if an ordinary "syntax error"
+-   message will do.  Return YYSIZE_MAXIMUM if overflow occurs during
+-   size calculation.  */
+-static YYSIZE_T
+-yysyntax_error (char *yyresult, int yystate, int yychar)
+-{
+-  int yyn = yypact[yystate];
+-
+-  if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
+-    return 0;
+-  else
+-    {
+-      int yytype = YYTRANSLATE (yychar);
+-      YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
+-      YYSIZE_T yysize = yysize0;
+-      YYSIZE_T yysize1;
+-      int yysize_overflow = 0;
+-      enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
+-      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
+-      int yyx;
+-
+-# if 0
+-      /* This is so xgettext sees the translatable formats that are
+-	 constructed on the fly.  */
+-      YY_("syntax error, unexpected %s");
+-      YY_("syntax error, unexpected %s, expecting %s");
+-      YY_("syntax error, unexpected %s, expecting %s or %s");
+-      YY_("syntax error, unexpected %s, expecting %s or %s or %s");
+-      YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
+-# endif
+-      char *yyfmt;
+-      char const *yyf;
+-      static char const yyunexpected[] = "syntax error, unexpected %s";
+-      static char const yyexpecting[] = ", expecting %s";
+-      static char const yyor[] = " or %s";
+-      char yyformat[sizeof yyunexpected
+-		    + sizeof yyexpecting - 1
+-		    + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
+-		       * (sizeof yyor - 1))];
+-      char const *yyprefix = yyexpecting;
+-
+-      /* Start YYX at -YYN if negative to avoid negative indexes in
+-	 YYCHECK.  */
+-      int yyxbegin = yyn < 0 ? -yyn : 0;
+-
+-      /* Stay within bounds of both yycheck and yytname.  */
+-      int yychecklim = YYLAST - yyn + 1;
+-      int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
+-      int yycount = 1;
+-
+-      yyarg[0] = yytname[yytype];
+-      yyfmt = yystpcpy (yyformat, yyunexpected);
+-
+-      for (yyx = yyxbegin; yyx < yyxend; ++yyx)
+-	if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
+-	  {
+-	    if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
+-	      {
+-		yycount = 1;
+-		yysize = yysize0;
+-		yyformat[sizeof yyunexpected - 1] = '\0';
+-		break;
+-	      }
+-	    yyarg[yycount++] = yytname[yyx];
+-	    yysize1 = yysize + yytnamerr (0, yytname[yyx]);
+-	    yysize_overflow |= (yysize1 < yysize);
+-	    yysize = yysize1;
+-	    yyfmt = yystpcpy (yyfmt, yyprefix);
+-	    yyprefix = yyor;
+-	  }
+-
+-      yyf = YY_(yyformat);
+-      yysize1 = yysize + yystrlen (yyf);
+-      yysize_overflow |= (yysize1 < yysize);
+-      yysize = yysize1;
+-
+-      if (yysize_overflow)
+-	return YYSIZE_MAXIMUM;
+-
+-      if (yyresult)
+-	{
+-	  /* Avoid sprintf, as that infringes on the user's name space.
+-	     Don't have undefined behavior even if the translation
+-	     produced a string with the wrong number of "%s"s.  */
+-	  char *yyp = yyresult;
+-	  int yyi = 0;
+-	  while ((*yyp = *yyf) != '\0')
+-	    {
+-	      if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
+-		{
+-		  yyp += yytnamerr (yyp, yyarg[yyi++]);
+-		  yyf += 2;
+-		}
+-	      else
+-		{
+-		  yyp++;
+-		  yyf++;
+-		}
+-	    }
+-	}
+-      return yysize;
+-    }
+-}
+-#endif /* YYERROR_VERBOSE */
+-
+ 
+ /*-----------------------------------------------.
+ | Release the memory associated to this symbol.  |
+ `-----------------------------------------------*/
+ 
+-/*ARGSUSED*/
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+-static void
+-yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
+-#else
+ static void
+-yydestruct (yymsg, yytype, yyvaluep)
+-    const char *yymsg;
+-    int yytype;
+-    YYSTYPE *yyvaluep;
+-#endif
++yydestruct (const char *yymsg,
++            yysymbol_kind_t yykind, YYSTYPE *yyvaluep)
+ {
+-  YYUSE (yyvaluep);
+-
++  YY_USE (yyvaluep);
+   if (!yymsg)
+     yymsg = "Deleting";
+-  YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
+-
+-  switch (yytype)
+-    {
++  YY_SYMBOL_PRINT (yymsg, yykind, yyvaluep, yylocationp);
+ 
+-      default:
+-	break;
+-    }
++  YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
++  YY_USE (yykind);
++  YY_IGNORE_MAYBE_UNINITIALIZED_END
+ }
+-
+-
+-/* Prevent warnings from -Wmissing-prototypes.  */
+-
+-#ifdef YYPARSE_PARAM
+-#if defined __STDC__ || defined __cplusplus
+-int yyparse (void *YYPARSE_PARAM);
+-#else
+-int yyparse ();
+-#endif
+-#else /* ! YYPARSE_PARAM */
+-#if defined __STDC__ || defined __cplusplus
+-int yyparse (void);
+-#else
+-int yyparse ();
+-#endif
+-#endif /* ! YYPARSE_PARAM */
+-
+ 
+ 
+-/* The look-ahead symbol.  */
++/* Lookahead token kind.  */
+ int yychar;
+ 
+-/* The semantic value of the look-ahead symbol.  */
++/* The semantic value of the lookahead symbol.  */
+ YYSTYPE yylval;
+-
+ /* Number of syntax errors so far.  */
+ int yynerrs;
+ 
+ 
+ 
++
+ /*----------.
+ | yyparse.  |
+ `----------*/
+ 
+-#ifdef YYPARSE_PARAM
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+-int
+-yyparse (void *YYPARSE_PARAM)
+-#else
+-int
+-yyparse (YYPARSE_PARAM)
+-    void *YYPARSE_PARAM;
+-#endif
+-#else /* ! YYPARSE_PARAM */
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+ int
+ yyparse (void)
+-#else
+-int
+-yyparse ()
+-
+-#endif
+-#endif
+ {
+-  
+-  int yystate;
++    yy_state_fast_t yystate = 0;
++    /* Number of tokens to shift before error messages enabled.  */
++    int yyerrstatus = 0;
++
++    /* Refer to the stacks through separate pointers, to allow yyoverflow
++       to reallocate them elsewhere.  */
++
++    /* Their size.  */
++    YYPTRDIFF_T yystacksize = YYINITDEPTH;
++
++    /* The state stack: array, bottom, top.  */
++    yy_state_t yyssa[YYINITDEPTH];
++    yy_state_t *yyss = yyssa;
++    yy_state_t *yyssp = yyss;
++
++    /* The semantic value stack: array, bottom, top.  */
++    YYSTYPE yyvsa[YYINITDEPTH];
++    YYSTYPE *yyvs = yyvsa;
++    YYSTYPE *yyvsp = yyvs;
++
+   int yyn;
++  /* The return value of yyparse.  */
+   int yyresult;
+-  /* Number of tokens to shift before error messages enabled.  */
+-  int yyerrstatus;
+-  /* Look-ahead token as an internal (translated) token number.  */
+-  int yytoken = 0;
+-#if YYERROR_VERBOSE
+-  /* Buffer for error messages, and its allocated size.  */
+-  char yymsgbuf[128];
+-  char *yymsg = yymsgbuf;
+-  YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
+-#endif
+-
+-  /* Three stacks and their tools:
+-     `yyss': related to states,
+-     `yyvs': related to semantic values,
+-     `yyls': related to locations.
+-
+-     Refer to the stacks thru separate pointers, to allow yyoverflow
+-     to reallocate them elsewhere.  */
+-
+-  /* The state stack.  */
+-  yytype_int16 yyssa[YYINITDEPTH];
+-  yytype_int16 *yyss = yyssa;
+-  yytype_int16 *yyssp;
+-
+-  /* The semantic value stack.  */
+-  YYSTYPE yyvsa[YYINITDEPTH];
+-  YYSTYPE *yyvs = yyvsa;
+-  YYSTYPE *yyvsp;
+-
+-
+-
+-#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
+-
+-  YYSIZE_T yystacksize = YYINITDEPTH;
+-
++  /* Lookahead symbol kind.  */
++  yysymbol_kind_t yytoken = YYSYMBOL_YYEMPTY;
+   /* The variables used to return semantic value and location from the
+      action routines.  */
+   YYSTYPE yyval;
+ 
+ 
++
++#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
++
+   /* The number of symbols on the RHS of the reduced rule.
+      Keep to zero when no symbol should be popped.  */
+   int yylen = 0;
+ 
+   YYDPRINTF ((stderr, "Starting parse\n"));
+ 
+-  yystate = 0;
+-  yyerrstatus = 0;
+-  yynerrs = 0;
+-  yychar = YYEMPTY;		/* Cause a token to be read.  */
+-
+-  /* Initialize stack pointers.
+-     Waste one element of value and location stack
+-     so that they stay on the same level as the state stack.
+-     The wasted elements are never initialized.  */
+-
+-  yyssp = yyss;
+-  yyvsp = yyvs;
++  yychar = YYEMPTY; /* Cause a token to be read.  */
+ 
+   goto yysetstate;
+ 
++
+ /*------------------------------------------------------------.
+-| yynewstate -- Push a new state, which is found in yystate.  |
++| yynewstate -- push a new state, which is found in yystate.  |
+ `------------------------------------------------------------*/
+- yynewstate:
++yynewstate:
+   /* In all cases, when you get here, the value and location stacks
+      have just been pushed.  So pushing a state here evens the stacks.  */
+   yyssp++;
+ 
+- yysetstate:
+-  *yyssp = yystate;
++
++/*--------------------------------------------------------------------.
++| yysetstate -- set current state (the top of the stack) to yystate.  |
++`--------------------------------------------------------------------*/
++yysetstate:
++  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
++  YY_ASSERT (0 <= yystate && yystate < YYNSTATES);
++  YY_IGNORE_USELESS_CAST_BEGIN
++  *yyssp = YY_CAST (yy_state_t, yystate);
++  YY_IGNORE_USELESS_CAST_END
++  YY_STACK_PRINT (yyss, yyssp);
+ 
+   if (yyss + yystacksize - 1 <= yyssp)
++#if !defined yyoverflow && !defined YYSTACK_RELOCATE
++    YYNOMEM;
++#else
+     {
+       /* Get the current used size of the three stacks, in elements.  */
+-      YYSIZE_T yysize = yyssp - yyss + 1;
++      YYPTRDIFF_T yysize = yyssp - yyss + 1;
+ 
+-#ifdef yyoverflow
++# if defined yyoverflow
+       {
+-	/* Give user a chance to reallocate the stack.  Use copies of
+-	   these so that the &'s don't force the real ones into
+-	   memory.  */
+-	YYSTYPE *yyvs1 = yyvs;
+-	yytype_int16 *yyss1 = yyss;
+-
+-
+-	/* Each stack pointer address is followed by the size of the
+-	   data in use in that stack, in bytes.  This used to be a
+-	   conditional around just the two extra args, but that might
+-	   be undefined if yyoverflow is a macro.  */
+-	yyoverflow (YY_("memory exhausted"),
+-		    &yyss1, yysize * sizeof (*yyssp),
+-		    &yyvs1, yysize * sizeof (*yyvsp),
+-
+-		    &yystacksize);
+-
+-	yyss = yyss1;
+-	yyvs = yyvs1;
++        /* Give user a chance to reallocate the stack.  Use copies of
++           these so that the &'s don't force the real ones into
++           memory.  */
++        yy_state_t *yyss1 = yyss;
++        YYSTYPE *yyvs1 = yyvs;
++
++        /* Each stack pointer address is followed by the size of the
++           data in use in that stack, in bytes.  This used to be a
++           conditional around just the two extra args, but that might
++           be undefined if yyoverflow is a macro.  */
++        yyoverflow (YY_("memory exhausted"),
++                    &yyss1, yysize * YYSIZEOF (*yyssp),
++                    &yyvs1, yysize * YYSIZEOF (*yyvsp),
++                    &yystacksize);
++        yyss = yyss1;
++        yyvs = yyvs1;
+       }
+-#else /* no yyoverflow */
+-# ifndef YYSTACK_RELOCATE
+-      goto yyexhaustedlab;
+-# else
++# else /* defined YYSTACK_RELOCATE */
+       /* Extend the stack our own way.  */
+       if (YYMAXDEPTH <= yystacksize)
+-	goto yyexhaustedlab;
++        YYNOMEM;
+       yystacksize *= 2;
+       if (YYMAXDEPTH < yystacksize)
+-	yystacksize = YYMAXDEPTH;
++        yystacksize = YYMAXDEPTH;
+ 
+       {
+-	yytype_int16 *yyss1 = yyss;
+-	union yyalloc *yyptr =
+-	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
+-	if (! yyptr)
+-	  goto yyexhaustedlab;
+-	YYSTACK_RELOCATE (yyss);
+-	YYSTACK_RELOCATE (yyvs);
+-
++        yy_state_t *yyss1 = yyss;
++        union yyalloc *yyptr =
++          YY_CAST (union yyalloc *,
++                   YYSTACK_ALLOC (YY_CAST (YYSIZE_T, YYSTACK_BYTES (yystacksize))));
++        if (! yyptr)
++          YYNOMEM;
++        YYSTACK_RELOCATE (yyss_alloc, yyss);
++        YYSTACK_RELOCATE (yyvs_alloc, yyvs);
+ #  undef YYSTACK_RELOCATE
+-	if (yyss1 != yyssa)
+-	  YYSTACK_FREE (yyss1);
++        if (yyss1 != yyssa)
++          YYSTACK_FREE (yyss1);
+       }
+ # endif
+-#endif /* no yyoverflow */
+ 
+       yyssp = yyss + yysize - 1;
+       yyvsp = yyvs + yysize - 1;
+ 
+-
+-      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
+-		  (unsigned long int) yystacksize));
++      YY_IGNORE_USELESS_CAST_BEGIN
++      YYDPRINTF ((stderr, "Stack size increased to %ld\n",
++                  YY_CAST (long, yystacksize)));
++      YY_IGNORE_USELESS_CAST_END
+ 
+       if (yyss + yystacksize - 1 <= yyssp)
+-	YYABORT;
++        YYABORT;
+     }
++#endif /* !defined yyoverflow && !defined YYSTACK_RELOCATE */
+ 
+-  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
++
++  if (yystate == YYFINAL)
++    YYACCEPT;
+ 
+   goto yybackup;
+ 
++
+ /*-----------.
+ | yybackup.  |
+ `-----------*/
+ yybackup:
+-
+   /* Do appropriate processing given the current state.  Read a
+-     look-ahead token if we need one and don't already have one.  */
++     lookahead token if we need one and don't already have one.  */
+ 
+-  /* First try to decide what to do without reference to look-ahead token.  */
++  /* First try to decide what to do without reference to lookahead token.  */
+   yyn = yypact[yystate];
+-  if (yyn == YYPACT_NINF)
++  if (yypact_value_is_default (yyn))
+     goto yydefault;
+ 
+-  /* Not known => get a look-ahead token if don't already have one.  */
++  /* Not known => get a lookahead token if don't already have one.  */
+ 
+-  /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol.  */
++  /* YYCHAR is either empty, or end-of-input, or a valid lookahead.  */
+   if (yychar == YYEMPTY)
+     {
+-      YYDPRINTF ((stderr, "Reading a token: "));
+-      yychar = YYLEX;
++      YYDPRINTF ((stderr, "Reading a token\n"));
++      yychar = yylex ();
+     }
+ 
+   if (yychar <= YYEOF)
+     {
+-      yychar = yytoken = YYEOF;
++      yychar = YYEOF;
++      yytoken = YYSYMBOL_YYEOF;
+       YYDPRINTF ((stderr, "Now at end of input.\n"));
+     }
++  else if (yychar == YYerror)
++    {
++      /* The scanner already issued an error message, process directly
++         to error recovery.  But do not keep the error token as
++         lookahead, it is too special and may lead us to an endless
++         loop in error recovery. */
++      yychar = YYUNDEF;
++      yytoken = YYSYMBOL_YYerror;
++      goto yyerrlab1;
++    }
+   else
+     {
+       yytoken = YYTRANSLATE (yychar);
+@@ -2976,30 +2575,26 @@ yybackup:
+   yyn = yytable[yyn];
+   if (yyn <= 0)
+     {
+-      if (yyn == 0 || yyn == YYTABLE_NINF)
+-	goto yyerrlab;
++      if (yytable_value_is_error (yyn))
++        goto yyerrlab;
+       yyn = -yyn;
+       goto yyreduce;
+     }
+ 
+-  if (yyn == YYFINAL)
+-    YYACCEPT;
+-
+   /* Count tokens shifted since error; after three, turn off error
+      status.  */
+   if (yyerrstatus)
+     yyerrstatus--;
+ 
+-  /* Shift the look-ahead token.  */
++  /* Shift the lookahead token.  */
+   YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
+-
+-  /* Discard the shifted token unless it is eof.  */
+-  if (yychar != YYEOF)
+-    yychar = YYEMPTY;
+-
+   yystate = yyn;
++  YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
+   *++yyvsp = yylval;
++  YY_IGNORE_MAYBE_UNINITIALIZED_END
+ 
++  /* Discard the shifted token.  */
++  yychar = YYEMPTY;
+   goto yynewstate;
+ 
+ 
+@@ -3014,14 +2609,14 @@ yydefault:
+ 
+ 
+ /*-----------------------------.
+-| yyreduce -- Do a reduction.  |
++| yyreduce -- do a reduction.  |
+ `-----------------------------*/
+ yyreduce:
+   /* yyn is the number of a rule to reduce with.  */
+   yylen = yyr2[yyn];
+ 
+   /* If YYLEN is nonzero, implement the default value of the action:
+-     `$$ = $1'.
++     '$$ = $1'.
+ 
+      Otherwise, the following line sets YYVAL to garbage.
+      This behavior is undocumented and Bison
+@@ -3034,9 +2629,9 @@ yyreduce:
+   YY_REDUCE_PRINT (yyn);
+   switch (yyn)
+     {
+-        case 4:
+-#line 578 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 4: /* $@1: %empty  */
++#line 579 "parser.y"
++            {
+             /*
+              * We don't do these in parserEOF() because the parser is reading
+              * ahead and that would be too early.
+@@ -3053,11 +2648,12 @@ yyreduce:
+                 previousFile = NULL;
+             }
+     }
++#line 2652 "../parser.c"
+     break;
+ 
+-  case 55:
+-#line 648 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 55: /* nsstatement: typehdrcode  */
++#line 649 "parser.y"
++                    {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -3065,203 +2661,224 @@ yyreduce:
+                 if (scope == NULL)
+                     yyerror("%TypeHeaderCode can only be used in a namespace, class or mapped type");
+ 
+-                appendCodeBlock(&scope->iff->hdrcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->iff->hdrcode, (yyvsp[0].codeb));
+             }
+         }
++#line 2668 "../parser.c"
+     break;
+ 
+-  case 56:
+-#line 661 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 56: /* defdocstringfmt: TK_DEFDOCSTRFMT defdocstringfmt_args  */
++#line 662 "parser.y"
++                                                      {
+             if (notSkipping())
+-                currentModule->defdocstringfmt = convertFormat((yyvsp[(2) - (2)].defdocstringfmt).name);
++                currentModule->defdocstringfmt = convertFormat((yyvsp[0].defdocstringfmt).name);
+         }
++#line 2677 "../parser.c"
+     break;
+ 
+-  case 57:
+-#line 667 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 57: /* defdocstringfmt_args: TK_STRING_VALUE  */
++#line 668 "parser.y"
++                                        {
+             resetLexerState();
+ 
+-            (yyval.defdocstringfmt).name = (yyvsp[(1) - (1)].text);
++            (yyval.defdocstringfmt).name = (yyvsp[0].text);
+         }
++#line 2687 "../parser.c"
+     break;
+ 
+-  case 58:
+-#line 672 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defdocstringfmt) = (yyvsp[(2) - (3)].defdocstringfmt);
++  case 58: /* defdocstringfmt_args: '(' defdocstringfmt_arg_list ')'  */
++#line 673 "parser.y"
++                                         {
++            (yyval.defdocstringfmt) = (yyvsp[-1].defdocstringfmt);
+         }
++#line 2695 "../parser.c"
+     break;
+ 
+-  case 60:
+-#line 678 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defdocstringfmt) = (yyvsp[(1) - (3)].defdocstringfmt);
++  case 60: /* defdocstringfmt_arg_list: defdocstringfmt_arg_list ',' defdocstringfmt_arg  */
++#line 679 "parser.y"
++                                                         {
++            (yyval.defdocstringfmt) = (yyvsp[-2].defdocstringfmt);
+ 
+-            switch ((yyvsp[(3) - (3)].defdocstringfmt).token)
++            switch ((yyvsp[0].defdocstringfmt).token)
+             {
+-            case TK_NAME: (yyval.defdocstringfmt).name = (yyvsp[(3) - (3)].defdocstringfmt).name; break;
++            case TK_NAME: (yyval.defdocstringfmt).name = (yyvsp[0].defdocstringfmt).name; break;
+             }
+         }
++#line 2708 "../parser.c"
+     break;
+ 
+-  case 61:
+-#line 688 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 61: /* defdocstringfmt_arg: TK_NAME '=' TK_STRING_VALUE  */
++#line 689 "parser.y"
++                                                    {
+             (yyval.defdocstringfmt).token = TK_NAME;
+ 
+-            (yyval.defdocstringfmt).name = (yyvsp[(3) - (3)].text);
++            (yyval.defdocstringfmt).name = (yyvsp[0].text);
+         }
++#line 2718 "../parser.c"
+     break;
+ 
+-  case 62:
+-#line 695 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 62: /* defdocstringsig: TK_DEFDOCSTRSIG defdocstringsig_args  */
++#line 696 "parser.y"
++                                                      {
+             if (notSkipping())
+-                currentModule->defdocstringsig = convertSignature((yyvsp[(2) - (2)].defdocstringsig).name);
++                currentModule->defdocstringsig = convertSignature((yyvsp[0].defdocstringsig).name);
+         }
++#line 2727 "../parser.c"
+     break;
+ 
+-  case 63:
+-#line 701 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 63: /* defdocstringsig_args: TK_STRING_VALUE  */
++#line 702 "parser.y"
++                                        {
+             resetLexerState();
+ 
+-            (yyval.defdocstringsig).name = (yyvsp[(1) - (1)].text);
++            (yyval.defdocstringsig).name = (yyvsp[0].text);
+         }
++#line 2737 "../parser.c"
+     break;
+ 
+-  case 64:
+-#line 706 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defdocstringsig) = (yyvsp[(2) - (3)].defdocstringsig);
++  case 64: /* defdocstringsig_args: '(' defdocstringsig_arg_list ')'  */
++#line 707 "parser.y"
++                                         {
++            (yyval.defdocstringsig) = (yyvsp[-1].defdocstringsig);
+         }
++#line 2745 "../parser.c"
+     break;
+ 
+-  case 66:
+-#line 712 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defdocstringsig) = (yyvsp[(1) - (3)].defdocstringsig);
++  case 66: /* defdocstringsig_arg_list: defdocstringsig_arg_list ',' defdocstringsig_arg  */
++#line 713 "parser.y"
++                                                         {
++            (yyval.defdocstringsig) = (yyvsp[-2].defdocstringsig);
+ 
+-            switch ((yyvsp[(3) - (3)].defdocstringsig).token)
++            switch ((yyvsp[0].defdocstringsig).token)
+             {
+-            case TK_NAME: (yyval.defdocstringsig).name = (yyvsp[(3) - (3)].defdocstringsig).name; break;
++            case TK_NAME: (yyval.defdocstringsig).name = (yyvsp[0].defdocstringsig).name; break;
+             }
+         }
++#line 2758 "../parser.c"
+     break;
+ 
+-  case 67:
+-#line 722 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 67: /* defdocstringsig_arg: TK_NAME '=' TK_STRING_VALUE  */
++#line 723 "parser.y"
++                                                    {
+             (yyval.defdocstringsig).token = TK_NAME;
+ 
+-            (yyval.defdocstringsig).name = (yyvsp[(3) - (3)].text);
++            (yyval.defdocstringsig).name = (yyvsp[0].text);
+         }
++#line 2768 "../parser.c"
+     break;
+ 
+-  case 68:
+-#line 729 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 68: /* defencoding: TK_DEFENCODING defencoding_args  */
++#line 730 "parser.y"
++                                                {
+             if (notSkipping())
+             {
+-                if ((currentModule->encoding = convertEncoding((yyvsp[(2) - (2)].defencoding).name)) == no_type)
++                if ((currentModule->encoding = convertEncoding((yyvsp[0].defencoding).name)) == no_type)
+                     yyerror("The %DefaultEncoding name must be one of \"ASCII\", \"Latin-1\", \"UTF-8\" or \"None\"");
+             }
+         }
++#line 2780 "../parser.c"
+     break;
+ 
+-  case 69:
+-#line 738 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 69: /* defencoding_args: TK_STRING_VALUE  */
++#line 739 "parser.y"
++                                    {
+             resetLexerState();
+ 
+-            (yyval.defencoding).name = (yyvsp[(1) - (1)].text);
++            (yyval.defencoding).name = (yyvsp[0].text);
+         }
++#line 2790 "../parser.c"
+     break;
+ 
+-  case 70:
+-#line 743 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defencoding) = (yyvsp[(2) - (3)].defencoding);
++  case 70: /* defencoding_args: '(' defencoding_arg_list ')'  */
++#line 744 "parser.y"
++                                     {
++            (yyval.defencoding) = (yyvsp[-1].defencoding);
+         }
++#line 2798 "../parser.c"
+     break;
+ 
+-  case 72:
+-#line 749 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defencoding) = (yyvsp[(1) - (3)].defencoding);
++  case 72: /* defencoding_arg_list: defencoding_arg_list ',' defencoding_arg  */
++#line 750 "parser.y"
++                                                 {
++            (yyval.defencoding) = (yyvsp[-2].defencoding);
+ 
+-            switch ((yyvsp[(3) - (3)].defencoding).token)
++            switch ((yyvsp[0].defencoding).token)
+             {
+-            case TK_NAME: (yyval.defencoding).name = (yyvsp[(3) - (3)].defencoding).name; break;
++            case TK_NAME: (yyval.defencoding).name = (yyvsp[0].defencoding).name; break;
+             }
+         }
++#line 2811 "../parser.c"
+     break;
+ 
+-  case 73:
+-#line 759 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 73: /* defencoding_arg: TK_NAME '=' TK_STRING_VALUE  */
++#line 760 "parser.y"
++                                                {
+             (yyval.defencoding).token = TK_NAME;
+ 
+-            (yyval.defencoding).name = (yyvsp[(3) - (3)].text);
++            (yyval.defencoding).name = (yyvsp[0].text);
+         }
++#line 2821 "../parser.c"
+     break;
+ 
+-  case 74:
+-#line 766 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 74: /* plugin: TK_PLUGIN plugin_args  */
++#line 767 "parser.y"
++                                  {
+             /*
+              * Note that %Plugin is internal in SIP v4.  The current thinking
+              * is that it won't be needed for SIP v5.
+              */
+ 
+             if (notSkipping())
+-                appendString(&currentSpec->plugins, (yyvsp[(2) - (2)].plugin).name);
++                appendString(&currentSpec->plugins, (yyvsp[0].plugin).name);
+         }
++#line 2835 "../parser.c"
+     break;
+ 
+-  case 75:
+-#line 777 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 75: /* plugin_args: TK_NAME_VALUE  */
++#line 778 "parser.y"
++                              {
+             resetLexerState();
+ 
+-            (yyval.plugin).name = (yyvsp[(1) - (1)].text);
++            (yyval.plugin).name = (yyvsp[0].text);
+         }
++#line 2845 "../parser.c"
+     break;
+ 
+-  case 76:
+-#line 782 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.plugin) = (yyvsp[(2) - (3)].plugin);
++  case 76: /* plugin_args: '(' plugin_arg_list ')'  */
++#line 783 "parser.y"
++                                {
++            (yyval.plugin) = (yyvsp[-1].plugin);
+         }
++#line 2853 "../parser.c"
+     break;
+ 
+-  case 78:
+-#line 788 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.plugin) = (yyvsp[(1) - (3)].plugin);
++  case 78: /* plugin_arg_list: plugin_arg_list ',' plugin_arg  */
++#line 789 "parser.y"
++                                       {
++            (yyval.plugin) = (yyvsp[-2].plugin);
+ 
+-            switch ((yyvsp[(3) - (3)].plugin).token)
++            switch ((yyvsp[0].plugin).token)
+             {
+-            case TK_NAME: (yyval.plugin).name = (yyvsp[(3) - (3)].plugin).name; break;
++            case TK_NAME: (yyval.plugin).name = (yyvsp[0].plugin).name; break;
+             }
+         }
++#line 2866 "../parser.c"
+     break;
+ 
+-  case 79:
+-#line 798 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 79: /* plugin_arg: TK_NAME '=' TK_NAME_VALUE  */
++#line 799 "parser.y"
++                                      {
+             (yyval.plugin).token = TK_NAME;
+ 
+-            (yyval.plugin).name = (yyvsp[(3) - (3)].text);
++            (yyval.plugin).name = (yyvsp[0].text);
+         }
++#line 2876 "../parser.c"
+     break;
+ 
+-  case 80:
+-#line 805 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if ((yyvsp[(2) - (3)].veh).name == NULL)
++  case 80: /* virterrorhandler: TK_VIRTERRORHANDLER veh_args codeblock  */
++#line 806 "parser.y"
++                                                           {
++            if ((yyvsp[-1].veh).name == NULL)
+                 yyerror("%VirtualErrorHandler must have a 'name' argument");
+ 
+             if (notSkipping())
+@@ -3270,7 +2887,7 @@ yyreduce:
+ 
+                 /* Check there isn't already a handler with the same name. */
+                 for (tailp = &currentSpec->errorhandlers; (veh = *tailp) != NULL; tailp = &veh->next)
+-                    if (strcmp(veh->name, (yyvsp[(2) - (3)].veh).name) == 0)
++                    if (strcmp(veh->name, (yyvsp[-1].veh).name) == 0)
+                         break;
+ 
+                 if (veh != NULL)
+@@ -3278,8 +2895,8 @@ yyreduce:
+ 
+                 veh = sipMalloc(sizeof (virtErrorHandler));
+ 
+-                veh->name = (yyvsp[(2) - (3)].veh).name;
+-                appendCodeBlock(&veh->code, (yyvsp[(3) - (3)].codeb));
++                veh->name = (yyvsp[-1].veh).name;
++                appendCodeBlock(&veh->code, (yyvsp[0].codeb));
+                 veh->mod = currentModule;
+                 veh->index = -1;
+                 veh->next = NULL;
+@@ -3287,62 +2904,67 @@ yyreduce:
+                 *tailp = veh;
+             }
+         }
++#line 2908 "../parser.c"
+     break;
+ 
+-  case 81:
+-#line 834 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 81: /* veh_args: TK_NAME_VALUE  */
++#line 835 "parser.y"
++                           {
+             resetLexerState();
+ 
+-            (yyval.veh).name = (yyvsp[(1) - (1)].text);
++            (yyval.veh).name = (yyvsp[0].text);
+         }
++#line 2918 "../parser.c"
+     break;
+ 
+-  case 82:
+-#line 839 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.veh) = (yyvsp[(2) - (3)].veh);
++  case 82: /* veh_args: '(' veh_arg_list ')'  */
++#line 840 "parser.y"
++                             {
++            (yyval.veh) = (yyvsp[-1].veh);
+         }
++#line 2926 "../parser.c"
+     break;
+ 
+-  case 84:
+-#line 845 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.veh) = (yyvsp[(1) - (3)].veh);
++  case 84: /* veh_arg_list: veh_arg_list ',' veh_arg  */
++#line 846 "parser.y"
++                                 {
++            (yyval.veh) = (yyvsp[-2].veh);
+ 
+-            switch ((yyvsp[(3) - (3)].veh).token)
++            switch ((yyvsp[0].veh).token)
+             {
+-            case TK_NAME: (yyval.veh).name = (yyvsp[(3) - (3)].veh).name; break;
++            case TK_NAME: (yyval.veh).name = (yyvsp[0].veh).name; break;
+             }
+         }
++#line 2939 "../parser.c"
+     break;
+ 
+-  case 85:
+-#line 855 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 85: /* veh_arg: TK_NAME '=' TK_NAME_VALUE  */
++#line 856 "parser.y"
++                                   {
+             (yyval.veh).token = TK_NAME;
+ 
+-            (yyval.veh).name = (yyvsp[(3) - (3)].text);
++            (yyval.veh).name = (yyvsp[0].text);
+         }
++#line 2949 "../parser.c"
+     break;
+ 
+-  case 86:
+-#line 862 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 86: /* api: TK_API api_args  */
++#line 863 "parser.y"
++                        {
+             if (notSkipping())
+             {
+                 apiVersionRangeDef *avd;
+ 
+-                if (findAPI(currentSpec, (yyvsp[(2) - (2)].api).name) != NULL)
++                if (findAPI(currentSpec, (yyvsp[0].api).name) != NULL)
+                     yyerror("The API name in the %API directive has already been defined");
+ 
+-                if ((yyvsp[(2) - (2)].api).version < 1)
++                if ((yyvsp[0].api).version < 1)
+                     yyerror("The version number in the %API directive must be greater than or equal to 1");
+ 
+                 avd = sipMalloc(sizeof (apiVersionRangeDef));
+ 
+-                avd->api_name = cacheName(currentSpec, (yyvsp[(2) - (2)].api).name);
+-                avd->from = (yyvsp[(2) - (2)].api).version;
++                avd->api_name = cacheName(currentSpec, (yyvsp[0].api).name);
++                avd->from = (yyvsp[0].api).version;
+                 avd->to = -1;
+ 
+                 avd->next = currentModule->api_versions;
+@@ -3352,63 +2974,69 @@ yyreduce:
+                     setIsUsedName(avd->api_name);
+             }
+         }
++#line 2978 "../parser.c"
+     break;
+ 
+-  case 87:
+-#line 888 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 87: /* api_args: TK_NAME_VALUE TK_NUMBER_VALUE  */
++#line 889 "parser.y"
++                                          {
+             resetLexerState();
+ 
+             deprecated("%API name and version number should be specified using the 'name' and 'version' arguments");
+ 
+-            (yyval.api).name = (yyvsp[(1) - (2)].text);
+-            (yyval.api).version = (yyvsp[(2) - (2)].number);
++            (yyval.api).name = (yyvsp[-1].text);
++            (yyval.api).version = (yyvsp[0].number);
+         }
++#line 2991 "../parser.c"
+     break;
+ 
+-  case 88:
+-#line 896 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.api) = (yyvsp[(2) - (3)].api);
++  case 88: /* api_args: '(' api_arg_list ')'  */
++#line 897 "parser.y"
++                             {
++            (yyval.api) = (yyvsp[-1].api);
+         }
++#line 2999 "../parser.c"
+     break;
+ 
+-  case 90:
+-#line 902 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.api) = (yyvsp[(1) - (3)].api);
++  case 90: /* api_arg_list: api_arg_list ',' api_arg  */
++#line 903 "parser.y"
++                                 {
++            (yyval.api) = (yyvsp[-2].api);
+ 
+-            switch ((yyvsp[(3) - (3)].api).token)
++            switch ((yyvsp[0].api).token)
+             {
+-            case TK_NAME: (yyval.api).name = (yyvsp[(3) - (3)].api).name; break;
+-            case TK_VERSION: (yyval.api).version = (yyvsp[(3) - (3)].api).version; break;
++            case TK_NAME: (yyval.api).name = (yyvsp[0].api).name; break;
++            case TK_VERSION: (yyval.api).version = (yyvsp[0].api).version; break;
+             }
+         }
++#line 3013 "../parser.c"
+     break;
+ 
+-  case 91:
+-#line 913 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 91: /* api_arg: TK_NAME '=' name_or_string  */
++#line 914 "parser.y"
++                                       {
+             (yyval.api).token = TK_NAME;
+ 
+-            (yyval.api).name = (yyvsp[(3) - (3)].text);
++            (yyval.api).name = (yyvsp[0].text);
+             (yyval.api).version = 0;
+         }
++#line 3024 "../parser.c"
+     break;
+ 
+-  case 92:
+-#line 919 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 92: /* api_arg: TK_VERSION '=' TK_NUMBER_VALUE  */
++#line 920 "parser.y"
++                                       {
+             (yyval.api).token = TK_VERSION;
+ 
+             (yyval.api).name = NULL;
+-            (yyval.api).version = (yyvsp[(3) - (3)].number);
++            (yyval.api).version = (yyvsp[0].number);
+         }
++#line 3035 "../parser.c"
+     break;
+ 
+-  case 93:
+-#line 927 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 93: /* exception: TK_EXCEPTION scopedname baseexception optflags exception_body  */
++#line 928 "parser.y"
++                                                                          {
+             if (notSkipping())
+             {
+                 static const char *annos[] = {
+@@ -3420,20 +3048,20 @@ yyreduce:
+                 exceptionDef *xd;
+                 const char *pyname;
+ 
+-                checkAnnos(&(yyvsp[(4) - (5)].optflags), annos);
++                checkAnnos(&(yyvsp[-1].optflags), annos);
+ 
+                 if (currentSpec->genc)
+                     yyerror("%Exception not allowed in a C module");
+ 
+-                if ((yyvsp[(5) - (5)].exception).raise_code == NULL)
++                if ((yyvsp[0].exception).raise_code == NULL)
+                     yyerror("%Exception must have a %RaiseCode sub-directive");
+ 
+-                pyname = getPythonName(currentModule, &(yyvsp[(4) - (5)].optflags), scopedNameTail((yyvsp[(2) - (5)].scpvalp)));
++                pyname = getPythonName(currentModule, &(yyvsp[-1].optflags), scopedNameTail((yyvsp[-3].scpvalp)));
+ 
+                 checkAttributes(currentSpec, currentModule, NULL, NULL,
+                         pyname, FALSE);
+ 
+-                xd = findException(currentSpec, (yyvsp[(2) - (5)].scpvalp), TRUE);
++                xd = findException(currentSpec, (yyvsp[-3].scpvalp), TRUE);
+ 
+                 if (xd->cd != NULL)
+                     yyerror("%Exception name has already been seen as a class name - it must be defined before being used");
+@@ -3443,29 +3071,31 @@ yyreduce:
+ 
+                 /* Complete the definition. */
+                 xd->iff->module = currentModule;
+-                appendCodeBlock(&xd->iff->hdrcode, (yyvsp[(5) - (5)].exception).type_header_code);
++                appendCodeBlock(&xd->iff->hdrcode, (yyvsp[0].exception).type_header_code);
+                 xd->pyname = pyname;
+-                xd->bibase = (yyvsp[(3) - (5)].exceptionbase).bibase;
+-                xd->base = (yyvsp[(3) - (5)].exceptionbase).base;
+-                appendCodeBlock(&xd->raisecode, (yyvsp[(5) - (5)].exception).raise_code);
++                xd->bibase = (yyvsp[-2].exceptionbase).bibase;
++                xd->base = (yyvsp[-2].exceptionbase).base;
++                appendCodeBlock(&xd->raisecode, (yyvsp[0].exception).raise_code);
+ 
+-                if (getOptFlag(&(yyvsp[(4) - (5)].optflags), "Default", bool_flag) != NULL)
++                if (getOptFlag(&(yyvsp[-1].optflags), "Default", bool_flag) != NULL)
+                     currentModule->defexception = xd;
+             }
+         }
++#line 3085 "../parser.c"
+     break;
+ 
+-  case 94:
+-#line 974 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 94: /* baseexception: %empty  */
++#line 975 "parser.y"
++                {
+             (yyval.exceptionbase).bibase = NULL;
+             (yyval.exceptionbase).base = NULL;
+         }
++#line 3094 "../parser.c"
+     break;
+ 
+-  case 95:
+-#line 978 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 95: /* baseexception: '(' scopedname ')'  */
++#line 979 "parser.y"
++                           {
+             exceptionDef *xd;
+ 
+             (yyval.exceptionbase).bibase = NULL;
+@@ -3473,13 +3103,13 @@ yyreduce:
+ 
+             /* See if it is a defined exception. */
+             for (xd = currentSpec->exceptions; xd != NULL; xd = xd->next)
+-                if (compareScopedNames(xd->iff->fqcname, (yyvsp[(2) - (3)].scpvalp)) == 0)
++                if (compareScopedNames(xd->iff->fqcname, (yyvsp[-1].scpvalp)) == 0)
+                 {
+                     (yyval.exceptionbase).base = xd;
+                     break;
+                 }
+ 
+-            if (xd == NULL && (yyvsp[(2) - (3)].scpvalp)->next == NULL && strncmp((yyvsp[(2) - (3)].scpvalp)->name, "SIP_", 4) == 0)
++            if (xd == NULL && (yyvsp[-1].scpvalp)->next == NULL && strncmp((yyvsp[-1].scpvalp)->name, "SIP_", 4) == 0)
+             {
+                 /* See if it is a builtin exception. */
+ 
+@@ -3560,7 +3190,7 @@ yyreduce:
+                 char **cp;
+ 
+                 for (cp = builtins; *cp != NULL; ++cp)
+-                    if (strcmp((yyvsp[(2) - (3)].scpvalp)->name + 4, *cp) == 0)
++                    if (strcmp((yyvsp[-1].scpvalp)->name + 4, *cp) == 0)
+                     {
+                         (yyval.exceptionbase).bibase = *cp;
+                         break;
+@@ -3570,49 +3200,54 @@ yyreduce:
+             if ((yyval.exceptionbase).bibase == NULL && (yyval.exceptionbase).base == NULL)
+                 yyerror("Unknown exception base type");
+         }
++#line 3204 "../parser.c"
+     break;
+ 
+-  case 96:
+-#line 1085 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.exception) = (yyvsp[(2) - (4)].exception);
++  case 96: /* exception_body: '{' exception_body_directives '}' ';'  */
++#line 1086 "parser.y"
++                                                      {
++            (yyval.exception) = (yyvsp[-2].exception);
+         }
++#line 3212 "../parser.c"
+     break;
+ 
+-  case 98:
+-#line 1091 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.exception) = (yyvsp[(1) - (2)].exception);
++  case 98: /* exception_body_directives: exception_body_directives exception_body_directive  */
++#line 1092 "parser.y"
++                                                           {
++            (yyval.exception) = (yyvsp[-1].exception);
+ 
+-            switch ((yyvsp[(2) - (2)].exception).token)
++            switch ((yyvsp[0].exception).token)
+             {
+-            case TK_RAISECODE: (yyval.exception).raise_code = (yyvsp[(2) - (2)].exception).raise_code; break;
+-            case TK_TYPEHEADERCODE: (yyval.exception).type_header_code = (yyvsp[(2) - (2)].exception).type_header_code; break;
++            case TK_RAISECODE: (yyval.exception).raise_code = (yyvsp[0].exception).raise_code; break;
++            case TK_TYPEHEADERCODE: (yyval.exception).type_header_code = (yyvsp[0].exception).type_header_code; break;
+             }
+         }
++#line 3226 "../parser.c"
+     break;
+ 
+-  case 99:
+-#line 1102 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 99: /* exception_body_directive: ifstart  */
++#line 1103 "parser.y"
++                                   {
+             (yyval.exception).token = TK_IF;
+         }
++#line 3234 "../parser.c"
+     break;
+ 
+-  case 100:
+-#line 1105 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 100: /* exception_body_directive: ifend  */
++#line 1106 "parser.y"
++              {
+             (yyval.exception).token = TK_END;
+         }
++#line 3242 "../parser.c"
+     break;
+ 
+-  case 101:
+-#line 1108 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 101: /* exception_body_directive: raisecode  */
++#line 1109 "parser.y"
++                  {
+             if (notSkipping())
+             {
+                 (yyval.exception).token = TK_RAISECODE;
+-                (yyval.exception).raise_code = (yyvsp[(1) - (1)].codeb);
++                (yyval.exception).raise_code = (yyvsp[0].codeb);
+             }
+             else
+             {
+@@ -3622,15 +3257,16 @@ yyreduce:
+ 
+             (yyval.exception).type_header_code = NULL;
+         }
++#line 3261 "../parser.c"
+     break;
+ 
+-  case 102:
+-#line 1122 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 102: /* exception_body_directive: typehdrcode  */
++#line 1123 "parser.y"
++                    {
+             if (notSkipping())
+             {
+                 (yyval.exception).token = TK_TYPEHEADERCODE;
+-                (yyval.exception).type_header_code = (yyvsp[(1) - (1)].codeb);
++                (yyval.exception).type_header_code = (yyvsp[0].codeb);
+             }
+             else
+             {
+@@ -3640,18 +3276,20 @@ yyreduce:
+ 
+             (yyval.exception).raise_code = NULL;
+         }
++#line 3280 "../parser.c"
+     break;
+ 
+-  case 103:
+-#line 1138 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 103: /* raisecode: TK_RAISECODE codeblock  */
++#line 1139 "parser.y"
++                                   {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 3288 "../parser.c"
+     break;
+ 
+-  case 104:
+-#line 1143 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 104: /* $@2: %empty  */
++#line 1144 "parser.y"
++                                            {
+             if (notSkipping())
+             {
+                 static const char *annos[] = {
+@@ -3667,16 +3305,17 @@ yyreduce:
+                     NULL
+                 };
+ 
+-                checkAnnos(&(yyvsp[(3) - (3)].optflags), annos);
++                checkAnnos(&(yyvsp[0].optflags), annos);
+ 
+-                currentMappedType = newMappedType(currentSpec, &(yyvsp[(2) - (3)].memArg), &(yyvsp[(3) - (3)].optflags));
++                currentMappedType = newMappedType(currentSpec, &(yyvsp[-1].memArg), &(yyvsp[0].optflags));
+             }
+         }
++#line 3314 "../parser.c"
+     break;
+ 
+-  case 106:
+-#line 1166 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 106: /* $@3: %empty  */
++#line 1167 "parser.y"
++                                                         {
+             if (notSkipping())
+             {
+                 static const char *annos[] = {
+@@ -3694,7 +3333,7 @@ yyreduce:
+                 mappedTypeTmplDef *mtt;
+                 ifaceFileDef *iff;
+ 
+-                checkAnnos(&(yyvsp[(4) - (4)].optflags), annos);
++                checkAnnos(&(yyvsp[0].optflags), annos);
+ 
+                 if (currentSpec->genc)
+                     yyerror("%MappedType templates not allowed in a C module");
+@@ -3703,32 +3342,32 @@ yyreduce:
+                  * Check the template arguments are basic types or simple
+                  * names.
+                  */
+-                for (a = 0; a < (yyvsp[(1) - (4)].signature).nrArgs; ++a)
++                for (a = 0; a < (yyvsp[-3].signature).nrArgs; ++a)
+                 {
+-                    argDef *ad = &(yyvsp[(1) - (4)].signature).args[a];
++                    argDef *ad = &(yyvsp[-3].signature).args[a];
+ 
+                     if (ad->atype == defined_type && ad->u.snd->next != NULL)
+                         yyerror("%MappedType template arguments must be simple names");
+                 }
+ 
+-                if ((yyvsp[(3) - (4)].memArg).atype != template_type)
++                if ((yyvsp[-1].memArg).atype != template_type)
+                     yyerror("%MappedType template must map a template type");
+ 
+-                (yyvsp[(3) - (4)].memArg).u.td->fqname  = fullyQualifiedName((yyvsp[(3) - (4)].memArg).u.td->fqname);
++                (yyvsp[-1].memArg).u.td->fqname  = fullyQualifiedName((yyvsp[-1].memArg).u.td->fqname);
+ 
+                 /* Check a template hasn't already been provided. */
+                 for (mtt = currentSpec->mappedtypetemplates; mtt != NULL; mtt = mtt->next)
+-                    if (compareScopedNames(mtt->mt->type.u.td->fqname, (yyvsp[(3) - (4)].memArg).u.td->fqname ) == 0 && sameTemplateSignature(&mtt->mt->type.u.td->types, &(yyvsp[(3) - (4)].memArg).u.td->types, TRUE))
++                    if (compareScopedNames(mtt->mt->type.u.td->fqname, (yyvsp[-1].memArg).u.td->fqname ) == 0 && sameTemplateSignature(&mtt->mt->type.u.td->types, &(yyvsp[-1].memArg).u.td->types, TRUE))
+                         yyerror("%MappedType template for this type has already been defined");
+ 
+-                (yyvsp[(3) - (4)].memArg).nrderefs = 0;
+-                (yyvsp[(3) - (4)].memArg).argflags = 0;
++                (yyvsp[-1].memArg).nrderefs = 0;
++                (yyvsp[-1].memArg).argflags = 0;
+ 
+                 mtt = sipMalloc(sizeof (mappedTypeTmplDef));
+ 
+-                mtt->sig = (yyvsp[(1) - (4)].signature);
+-                mtt->mt = allocMappedType(currentSpec, &(yyvsp[(3) - (4)].memArg));
+-                mappedTypeAnnos(mtt->mt, &(yyvsp[(4) - (4)].optflags));
++                mtt->sig = (yyvsp[-3].signature);
++                mtt->mt = allocMappedType(currentSpec, &(yyvsp[-1].memArg));
++                mappedTypeAnnos(mtt->mt, &(yyvsp[0].optflags));
+                 mtt->next = currentSpec->mappedtypetemplates;
+ 
+                 currentSpec->mappedtypetemplates = mtt;
+@@ -3741,11 +3380,12 @@ yyreduce:
+                 mtt->mt->iff = iff;
+             }
+         }
++#line 3384 "../parser.c"
+     break;
+ 
+-  case 108:
+-#line 1233 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 108: /* mtdefinition: '{' mtbody '}' ';'  */
++#line 1234 "parser.y"
++                                   {
+             if (notSkipping())
+             {
+                 if (currentMappedType->convfromcode == NULL)
+@@ -3757,83 +3397,90 @@ yyreduce:
+                 currentMappedType = NULL;
+             }
+         }
++#line 3401 "../parser.c"
+     break;
+ 
+-  case 113:
+-#line 1253 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 113: /* mtline: typehdrcode  */
++#line 1254 "parser.y"
++                    {
+             if (notSkipping())
+-                appendCodeBlock(&currentMappedType->iff->hdrcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&currentMappedType->iff->hdrcode, (yyvsp[0].codeb));
+         }
++#line 3410 "../parser.c"
+     break;
+ 
+-  case 114:
+-#line 1257 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 114: /* mtline: typecode  */
++#line 1258 "parser.y"
++                 {
+             if (notSkipping())
+-                appendCodeBlock(&currentMappedType->typecode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&currentMappedType->typecode, (yyvsp[0].codeb));
+         }
++#line 3419 "../parser.c"
+     break;
+ 
+-  case 115:
+-#line 1261 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 115: /* mtline: TK_FROMTYPE codeblock  */
++#line 1262 "parser.y"
++                              {
+             if (notSkipping())
+             {
+                 if (currentMappedType->convfromcode != NULL)
+                     yyerror("%MappedType has more than one %ConvertFromTypeCode directive");
+ 
+-                appendCodeBlock(&currentMappedType->convfromcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentMappedType->convfromcode, (yyvsp[0].codeb));
+             }
+         }
++#line 3433 "../parser.c"
+     break;
+ 
+-  case 116:
+-#line 1270 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 116: /* mtline: TK_TOTYPE codeblock  */
++#line 1271 "parser.y"
++                            {
+             if (notSkipping())
+             {
+                 if (currentMappedType->convtocode != NULL)
+                     yyerror("%MappedType has more than one %ConvertToTypeCode directive");
+ 
+-                appendCodeBlock(&currentMappedType->convtocode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentMappedType->convtocode, (yyvsp[0].codeb));
+             }
+         }
++#line 3447 "../parser.c"
+     break;
+ 
+-  case 117:
+-#line 1279 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 117: /* mtline: instancecode  */
++#line 1280 "parser.y"
++                     {
+             if (notSkipping())
+             {
+                 if (currentMappedType->instancecode != NULL)
+                     yyerror("%MappedType has more than one %InstanceCode directive");
+ 
+-                appendCodeBlock(&currentMappedType->instancecode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&currentMappedType->instancecode, (yyvsp[0].codeb));
+             }
+         }
++#line 3461 "../parser.c"
+     break;
+ 
+-  case 120:
+-#line 1292 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 120: /* mtfunction: TK_STATIC cpptype TK_NAME_VALUE '(' arglist ')' optconst optexceptions optflags optsig ';' optdocstring premethodcode methodcode  */
++#line 1293 "parser.y"
++                                                                                                                                             {
+             if (notSkipping())
+             {
+-                applyTypeFlags(currentModule, &(yyvsp[(2) - (14)].memArg), &(yyvsp[(9) - (14)].optflags));
++                applyTypeFlags(currentModule, &(yyvsp[-12].memArg), &(yyvsp[-5].optflags));
+ 
+-                (yyvsp[(5) - (14)].signature).result = (yyvsp[(2) - (14)].memArg);
++                (yyvsp[-9].signature).result = (yyvsp[-12].memArg);
+ 
+                 newFunction(currentSpec, currentModule, NULL, NULL,
+-                        currentMappedType, 0, TRUE, FALSE, FALSE, FALSE, (yyvsp[(3) - (14)].text),
+-                        &(yyvsp[(5) - (14)].signature), (yyvsp[(7) - (14)].number), FALSE, &(yyvsp[(9) - (14)].optflags), (yyvsp[(14) - (14)].codeb), NULL, NULL, (yyvsp[(8) - (14)].throwlist), (yyvsp[(10) - (14)].optsignature), (yyvsp[(12) - (14)].docstr),
+-                        FALSE, (yyvsp[(13) - (14)].codeb));
++                        currentMappedType, 0, TRUE, FALSE, FALSE, FALSE, (yyvsp[-11].text),
++                        &(yyvsp[-9].signature), (yyvsp[-7].number), FALSE, &(yyvsp[-5].optflags), (yyvsp[0].codeb), NULL, NULL, (yyvsp[-6].throwlist), (yyvsp[-4].optsignature), (yyvsp[-2].docstr),
++                        FALSE, (yyvsp[-1].codeb));
+             }
+         }
++#line 3479 "../parser.c"
+     break;
+ 
+-  case 121:
+-#line 1307 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 121: /* $@4: %empty  */
++#line 1308 "parser.y"
++                                       {
+             if (currentSpec -> genc)
+                 yyerror("namespace definition not allowed in a C module");
+ 
+@@ -3848,18 +3495,19 @@ yyreduce:
+                     scope = NULL;
+ 
+                 ns = newClass(currentSpec, namespace_iface, NULL,
+-                        text2scopedName(scope, (yyvsp[(2) - (2)].text)), NULL, NULL, NULL, NULL);
++                        text2scopedName(scope, (yyvsp[0].text)), NULL, NULL, NULL, NULL);
+ 
+                 pushScope(ns);
+ 
+                 sectionFlags = 0;
+             }
+         }
++#line 3506 "../parser.c"
+     break;
+ 
+-  case 122:
+-#line 1328 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 122: /* namespace: TK_NAMESPACE TK_NAME_VALUE $@4 optnsbody ';'  */
++#line 1329 "parser.y"
++                        {
+             if (notSkipping())
+             {
+                 if (inMainModule())
+@@ -3873,11 +3521,12 @@ yyreduce:
+                 popScope();
+             }
+         }
++#line 3525 "../parser.c"
+     break;
+ 
+-  case 127:
+-#line 1352 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 127: /* $@5: %empty  */
++#line 1353 "parser.y"
++                         {
+             if (notSkipping())
+             {
+                 qualDef *qd;
+@@ -3887,11 +3536,12 @@ yyreduce:
+                         yyerror("%Platforms has already been defined for this module");
+             }
+         }
++#line 3540 "../parser.c"
+     break;
+ 
+-  case 128:
+-#line 1362 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 128: /* platforms: TK_PLATFORMS $@5 '{' platformlist '}'  */
++#line 1363 "parser.y"
++                             {
+             if (notSkipping())
+             {
+                 qualDef *qd;
+@@ -3908,71 +3558,79 @@ yyreduce:
+                     yyerror("No more than one of these %Platforms must be specified with the -t flag");
+             }
+         }
++#line 3562 "../parser.c"
+     break;
+ 
+-  case 131:
+-#line 1385 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            newQualifier(currentModule, -1, -1, notSkipping(), (yyvsp[(1) - (1)].text),
++  case 131: /* platform: TK_NAME_VALUE  */
++#line 1386 "parser.y"
++                          {
++            newQualifier(currentModule, -1, -1, notSkipping(), (yyvsp[0].text),
+                     platform_qualifier);
+         }
++#line 3571 "../parser.c"
+     break;
+ 
+-  case 132:
+-#line 1391 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            newQualifier(currentModule, -1, -1, notSkipping(), (yyvsp[(2) - (2)].feature).name,
++  case 132: /* feature: TK_FEATURE feature_args  */
++#line 1392 "parser.y"
++                                    {
++            newQualifier(currentModule, -1, -1, notSkipping(), (yyvsp[0].feature).name,
+                     feature_qualifier);
+         }
++#line 3580 "../parser.c"
+     break;
+ 
+-  case 133:
+-#line 1397 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 133: /* feature_args: TK_NAME_VALUE  */
++#line 1398 "parser.y"
++                              {
+             resetLexerState();
+ 
+-            (yyval.feature).name = (yyvsp[(1) - (1)].text);
++            (yyval.feature).name = (yyvsp[0].text);
+         }
++#line 3590 "../parser.c"
+     break;
+ 
+-  case 134:
+-#line 1402 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.feature) = (yyvsp[(2) - (3)].feature);
++  case 134: /* feature_args: '(' feature_arg_list ')'  */
++#line 1403 "parser.y"
++                                 {
++            (yyval.feature) = (yyvsp[-1].feature);
+         }
++#line 3598 "../parser.c"
+     break;
+ 
+-  case 136:
+-#line 1408 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.feature) = (yyvsp[(1) - (3)].feature);
++  case 136: /* feature_arg_list: feature_arg_list ',' feature_arg  */
++#line 1409 "parser.y"
++                                         {
++            (yyval.feature) = (yyvsp[-2].feature);
+ 
+-            switch ((yyvsp[(3) - (3)].feature).token)
++            switch ((yyvsp[0].feature).token)
+             {
+-            case TK_NAME: (yyval.feature).name = (yyvsp[(3) - (3)].feature).name; break;
++            case TK_NAME: (yyval.feature).name = (yyvsp[0].feature).name; break;
+             }
+         }
++#line 3611 "../parser.c"
+     break;
+ 
+-  case 137:
+-#line 1418 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 137: /* feature_arg: TK_NAME '=' name_or_string  */
++#line 1419 "parser.y"
++                                           {
+             (yyval.feature).token = TK_NAME;
+ 
+-            (yyval.feature).name = (yyvsp[(3) - (3)].text);
++            (yyval.feature).name = (yyvsp[0].text);
+         }
++#line 3621 "../parser.c"
+     break;
+ 
+-  case 138:
+-#line 1425 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 138: /* $@6: %empty  */
++#line 1426 "parser.y"
++                        {
+             currentTimelineOrder = 0;
+         }
++#line 3629 "../parser.c"
+     break;
+ 
+-  case 139:
+-#line 1428 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 139: /* timeline: TK_TIMELINE $@6 '{' qualifierlist '}'  */
++#line 1429 "parser.y"
++                              {
+             if (notSkipping())
+             {
+                 qualDef *qd;
+@@ -3993,129 +3651,140 @@ yyreduce:
+                 currentModule->nrtimelines++;
+             }
+         }
++#line 3655 "../parser.c"
+     break;
+ 
+-  case 142:
+-#line 1455 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 142: /* qualifiername: TK_NAME_VALUE  */
++#line 1456 "parser.y"
++                              {
+             newQualifier(currentModule, currentModule->nrtimelines,
+-                    currentTimelineOrder++, TRUE, (yyvsp[(1) - (1)].text), time_qualifier);
++                    currentTimelineOrder++, TRUE, (yyvsp[0].text), time_qualifier);
+         }
++#line 3664 "../parser.c"
+     break;
+ 
+-  case 143:
+-#line 1461 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 143: /* $@7: %empty  */
++#line 1462 "parser.y"
++                      {
+             currentPlatforms = NULL;
+         }
++#line 3672 "../parser.c"
+     break;
+ 
+-  case 144:
+-#line 1463 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 144: /* ifstart: TK_IF '(' $@7 qualifiers ')'  */
++#line 1464 "parser.y"
++                         {
+             if (stackPtr >= MAX_NESTED_IF)
+                 yyerror("Internal error: increase the value of MAX_NESTED_IF");
+ 
+             /* Nested %Ifs are implicit logical ands. */
+ 
+             if (stackPtr > 0)
+-                (yyvsp[(4) - (5)].boolean) = ((yyvsp[(4) - (5)].boolean) && skipStack[stackPtr - 1]);
++                (yyvsp[-1].boolean) = ((yyvsp[-1].boolean) && skipStack[stackPtr - 1]);
+ 
+-            skipStack[stackPtr] = (yyvsp[(4) - (5)].boolean);
++            skipStack[stackPtr] = (yyvsp[-1].boolean);
+ 
+             platformStack[stackPtr] = currentPlatforms;
+ 
+             ++stackPtr;
+         }
++#line 3692 "../parser.c"
+     break;
+ 
+-  case 145:
+-#line 1480 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.boolean) = platOrFeature((yyvsp[(1) - (1)].text), FALSE);
++  case 145: /* oredqualifiers: TK_NAME_VALUE  */
++#line 1481 "parser.y"
++                              {
++            (yyval.boolean) = platOrFeature((yyvsp[0].text), FALSE);
+         }
++#line 3700 "../parser.c"
+     break;
+ 
+-  case 146:
+-#line 1483 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.boolean) = platOrFeature((yyvsp[(2) - (2)].text), TRUE);
++  case 146: /* oredqualifiers: '!' TK_NAME_VALUE  */
++#line 1484 "parser.y"
++                          {
++            (yyval.boolean) = platOrFeature((yyvsp[0].text), TRUE);
+         }
++#line 3708 "../parser.c"
+     break;
+ 
+-  case 147:
+-#line 1486 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.boolean) = (platOrFeature((yyvsp[(3) - (3)].text), FALSE) || (yyvsp[(1) - (3)].boolean));
++  case 147: /* oredqualifiers: oredqualifiers TK_LOGICAL_OR TK_NAME_VALUE  */
++#line 1487 "parser.y"
++                                                   {
++            (yyval.boolean) = (platOrFeature((yyvsp[0].text), FALSE) || (yyvsp[-2].boolean));
+         }
++#line 3716 "../parser.c"
+     break;
+ 
+-  case 148:
+-#line 1489 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.boolean) = (platOrFeature((yyvsp[(4) - (4)].text), TRUE) || (yyvsp[(1) - (4)].boolean));
++  case 148: /* oredqualifiers: oredqualifiers TK_LOGICAL_OR '!' TK_NAME_VALUE  */
++#line 1490 "parser.y"
++                                                       {
++            (yyval.boolean) = (platOrFeature((yyvsp[0].text), TRUE) || (yyvsp[-3].boolean));
+         }
++#line 3724 "../parser.c"
+     break;
+ 
+-  case 150:
+-#line 1495 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.boolean) = timePeriod((yyvsp[(1) - (3)].text), (yyvsp[(3) - (3)].text));
++  case 150: /* qualifiers: optname '-' optname  */
++#line 1496 "parser.y"
++                            {
++            (yyval.boolean) = timePeriod((yyvsp[-2].text), (yyvsp[0].text));
+         }
++#line 3732 "../parser.c"
+     break;
+ 
+-  case 151:
+-#line 1500 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 151: /* ifend: TK_END  */
++#line 1501 "parser.y"
++                   {
+             if (stackPtr-- <= 0)
+                 yyerror("Too many %End directives");
+ 
+             currentPlatforms = (stackPtr == 0 ? NULL : platformStack[stackPtr - 1]);
+         }
++#line 3743 "../parser.c"
+     break;
+ 
+-  case 152:
+-#line 1508 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 152: /* license: TK_LICENSE license_args optflags  */
++#line 1509 "parser.y"
++                                             {
+             optFlag *of;
+ 
+-            if ((yyvsp[(3) - (3)].optflags).nrFlags != 0)
++            if ((yyvsp[0].optflags).nrFlags != 0)
+                 deprecated("%License annotations are deprecated, use arguments instead");
+ 
+-            if ((yyvsp[(2) - (3)].license).type == NULL)
+-                if ((of = getOptFlag(&(yyvsp[(3) - (3)].optflags), "Type", string_flag)) != NULL)
+-                    (yyvsp[(2) - (3)].license).type = of->fvalue.sval;
+-
+-            if ((yyvsp[(2) - (3)].license).licensee == NULL)
+-                if ((of = getOptFlag(&(yyvsp[(3) - (3)].optflags), "Licensee", string_flag)) != NULL)
+-                    (yyvsp[(2) - (3)].license).licensee = of->fvalue.sval;
+-
+-            if ((yyvsp[(2) - (3)].license).signature == NULL)
+-                if ((of = getOptFlag(&(yyvsp[(3) - (3)].optflags), "Signature", string_flag)) != NULL)
+-                    (yyvsp[(2) - (3)].license).signature = of->fvalue.sval;
+-
+-            if ((yyvsp[(2) - (3)].license).timestamp == NULL)
+-                if ((of = getOptFlag(&(yyvsp[(3) - (3)].optflags), "Timestamp", string_flag)) != NULL)
+-                    (yyvsp[(2) - (3)].license).timestamp = of->fvalue.sval;
++            if ((yyvsp[-1].license).type == NULL)
++                if ((of = getOptFlag(&(yyvsp[0].optflags), "Type", string_flag)) != NULL)
++                    (yyvsp[-1].license).type = of->fvalue.sval;
++
++            if ((yyvsp[-1].license).licensee == NULL)
++                if ((of = getOptFlag(&(yyvsp[0].optflags), "Licensee", string_flag)) != NULL)
++                    (yyvsp[-1].license).licensee = of->fvalue.sval;
++
++            if ((yyvsp[-1].license).signature == NULL)
++                if ((of = getOptFlag(&(yyvsp[0].optflags), "Signature", string_flag)) != NULL)
++                    (yyvsp[-1].license).signature = of->fvalue.sval;
++
++            if ((yyvsp[-1].license).timestamp == NULL)
++                if ((of = getOptFlag(&(yyvsp[0].optflags), "Timestamp", string_flag)) != NULL)
++                    (yyvsp[-1].license).timestamp = of->fvalue.sval;
+ 
+-            if ((yyvsp[(2) - (3)].license).type == NULL)
++            if ((yyvsp[-1].license).type == NULL)
+                 yyerror("%License must have a 'type' argument");
+ 
+             if (notSkipping())
+             {
+                 currentModule->license = sipMalloc(sizeof (licenseDef));
+ 
+-                currentModule->license->type = (yyvsp[(2) - (3)].license).type;
+-                currentModule->license->licensee = (yyvsp[(2) - (3)].license).licensee;
+-                currentModule->license->sig = (yyvsp[(2) - (3)].license).signature;
+-                currentModule->license->timestamp = (yyvsp[(2) - (3)].license).timestamp;
++                currentModule->license->type = (yyvsp[-1].license).type;
++                currentModule->license->licensee = (yyvsp[-1].license).licensee;
++                currentModule->license->sig = (yyvsp[-1].license).signature;
++                currentModule->license->timestamp = (yyvsp[-1].license).timestamp;
+             }
+         }
++#line 3783 "../parser.c"
+     break;
+ 
+-  case 153:
+-#line 1545 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 153: /* license_args: %empty  */
++#line 1546 "parser.y"
++                {
+             resetLexerState();
+ 
+             (yyval.license).type = NULL;
+@@ -4123,242 +3792,265 @@ yyreduce:
+             (yyval.license).signature = NULL;
+             (yyval.license).timestamp = NULL;
+         }
++#line 3796 "../parser.c"
+     break;
+ 
+-  case 154:
+-#line 1553 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.license).type = (yyvsp[(1) - (1)].text);
++  case 154: /* license_args: TK_STRING_VALUE  */
++#line 1554 "parser.y"
++                        {
++            (yyval.license).type = (yyvsp[0].text);
+             (yyval.license).licensee = NULL;
+             (yyval.license).signature = NULL;
+             (yyval.license).timestamp = NULL;
+         }
++#line 3807 "../parser.c"
+     break;
+ 
+-  case 155:
+-#line 1559 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.license) = (yyvsp[(2) - (3)].license);
++  case 155: /* license_args: '(' license_arg_list ')'  */
++#line 1560 "parser.y"
++                                 {
++            (yyval.license) = (yyvsp[-1].license);
+         }
++#line 3815 "../parser.c"
+     break;
+ 
+-  case 157:
+-#line 1565 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.license) = (yyvsp[(1) - (3)].license);
++  case 157: /* license_arg_list: license_arg_list ',' license_arg  */
++#line 1566 "parser.y"
++                                         {
++            (yyval.license) = (yyvsp[-2].license);
+ 
+-            switch ((yyvsp[(3) - (3)].license).token)
++            switch ((yyvsp[0].license).token)
+             {
+-            case TK_TYPE: (yyval.license).type = (yyvsp[(3) - (3)].license).type; break;
+-            case TK_LICENSEE: (yyval.license).licensee = (yyvsp[(3) - (3)].license).licensee; break;
+-            case TK_SIGNATURE: (yyval.license).signature = (yyvsp[(3) - (3)].license).signature; break;
+-            case TK_TIMESTAMP: (yyval.license).timestamp = (yyvsp[(3) - (3)].license).timestamp; break;
++            case TK_TYPE: (yyval.license).type = (yyvsp[0].license).type; break;
++            case TK_LICENSEE: (yyval.license).licensee = (yyvsp[0].license).licensee; break;
++            case TK_SIGNATURE: (yyval.license).signature = (yyvsp[0].license).signature; break;
++            case TK_TIMESTAMP: (yyval.license).timestamp = (yyvsp[0].license).timestamp; break;
+             }
+         }
++#line 3831 "../parser.c"
+     break;
+ 
+-  case 158:
+-#line 1578 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 158: /* license_arg: TK_TYPE '=' TK_STRING_VALUE  */
++#line 1579 "parser.y"
++                                            {
+             (yyval.license).token = TK_NAME;
+ 
+-            (yyval.license).type = (yyvsp[(3) - (3)].text);
++            (yyval.license).type = (yyvsp[0].text);
+             (yyval.license).licensee = NULL;
+             (yyval.license).signature = NULL;
+             (yyval.license).timestamp = NULL;
+         }
++#line 3844 "../parser.c"
+     break;
+ 
+-  case 159:
+-#line 1586 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 159: /* license_arg: TK_LICENSEE '=' TK_STRING_VALUE  */
++#line 1587 "parser.y"
++                                        {
+             (yyval.license).token = TK_LICENSEE;
+ 
+             (yyval.license).type = NULL;
+-            (yyval.license).licensee = (yyvsp[(3) - (3)].text);
++            (yyval.license).licensee = (yyvsp[0].text);
+             (yyval.license).signature = NULL;
+             (yyval.license).timestamp = NULL;
+         }
++#line 3857 "../parser.c"
+     break;
+ 
+-  case 160:
+-#line 1594 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 160: /* license_arg: TK_SIGNATURE '=' TK_STRING_VALUE  */
++#line 1595 "parser.y"
++                                         {
+             (yyval.license).token = TK_SIGNATURE;
+ 
+             (yyval.license).type = NULL;
+             (yyval.license).licensee = NULL;
+-            (yyval.license).signature = (yyvsp[(3) - (3)].text);
++            (yyval.license).signature = (yyvsp[0].text);
+             (yyval.license).timestamp = NULL;
+         }
++#line 3870 "../parser.c"
+     break;
+ 
+-  case 161:
+-#line 1602 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 161: /* license_arg: TK_TIMESTAMP '=' TK_STRING_VALUE  */
++#line 1603 "parser.y"
++                                         {
+             (yyval.license).token = TK_TIMESTAMP;
+ 
+             (yyval.license).type = NULL;
+             (yyval.license).licensee = NULL;
+             (yyval.license).signature = NULL;
+-            (yyval.license).timestamp = (yyvsp[(3) - (3)].text);
++            (yyval.license).timestamp = (yyvsp[0].text);
+         }
++#line 3883 "../parser.c"
+     break;
+ 
+-  case 162:
+-#line 1612 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 162: /* defmetatype: TK_DEFMETATYPE defmetatype_args  */
++#line 1613 "parser.y"
++                                                {
+             if (notSkipping())
+             {
+                 if (currentModule->defmetatype != NULL)
+                     yyerror("%DefaultMetatype has already been defined for this module");
+ 
+-                currentModule->defmetatype = cacheName(currentSpec, (yyvsp[(2) - (2)].defmetatype).name);
++                currentModule->defmetatype = cacheName(currentSpec, (yyvsp[0].defmetatype).name);
+             }
+         }
++#line 3897 "../parser.c"
+     break;
+ 
+-  case 163:
+-#line 1623 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 163: /* defmetatype_args: dottedname  */
++#line 1624 "parser.y"
++                               {
+             resetLexerState();
+ 
+-            (yyval.defmetatype).name = (yyvsp[(1) - (1)].text);
++            (yyval.defmetatype).name = (yyvsp[0].text);
+         }
++#line 3907 "../parser.c"
+     break;
+ 
+-  case 164:
+-#line 1628 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defmetatype) = (yyvsp[(2) - (3)].defmetatype);
++  case 164: /* defmetatype_args: '(' defmetatype_arg_list ')'  */
++#line 1629 "parser.y"
++                                     {
++            (yyval.defmetatype) = (yyvsp[-1].defmetatype);
+         }
++#line 3915 "../parser.c"
+     break;
+ 
+-  case 166:
+-#line 1634 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defmetatype) = (yyvsp[(1) - (3)].defmetatype);
++  case 166: /* defmetatype_arg_list: defmetatype_arg_list ',' defmetatype_arg  */
++#line 1635 "parser.y"
++                                                 {
++            (yyval.defmetatype) = (yyvsp[-2].defmetatype);
+ 
+-            switch ((yyvsp[(3) - (3)].defmetatype).token)
++            switch ((yyvsp[0].defmetatype).token)
+             {
+-            case TK_NAME: (yyval.defmetatype).name = (yyvsp[(3) - (3)].defmetatype).name; break;
++            case TK_NAME: (yyval.defmetatype).name = (yyvsp[0].defmetatype).name; break;
+             }
+         }
++#line 3928 "../parser.c"
+     break;
+ 
+-  case 167:
+-#line 1644 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 167: /* defmetatype_arg: TK_NAME '=' dottedname  */
++#line 1645 "parser.y"
++                                           {
+             (yyval.defmetatype).token = TK_NAME;
+ 
+-            (yyval.defmetatype).name = (yyvsp[(3) - (3)].text);
++            (yyval.defmetatype).name = (yyvsp[0].text);
+         }
++#line 3938 "../parser.c"
+     break;
+ 
+-  case 168:
+-#line 1651 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 168: /* defsupertype: TK_DEFSUPERTYPE defsupertype_args  */
++#line 1652 "parser.y"
++                                                  {
+             if (notSkipping())
+             {
+                 if (currentModule->defsupertype != NULL)
+                     yyerror("%DefaultSupertype has already been defined for this module");
+ 
+-                currentModule->defsupertype = cacheName(currentSpec, (yyvsp[(2) - (2)].defsupertype).name);
++                currentModule->defsupertype = cacheName(currentSpec, (yyvsp[0].defsupertype).name);
+             }
+         }
++#line 3952 "../parser.c"
+     break;
+ 
+-  case 169:
+-#line 1662 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 169: /* defsupertype_args: dottedname  */
++#line 1663 "parser.y"
++                               {
+             resetLexerState();
+ 
+-            (yyval.defsupertype).name = (yyvsp[(1) - (1)].text);
++            (yyval.defsupertype).name = (yyvsp[0].text);
+         }
++#line 3962 "../parser.c"
+     break;
+ 
+-  case 170:
+-#line 1667 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defsupertype) = (yyvsp[(2) - (3)].defsupertype);
++  case 170: /* defsupertype_args: '(' defsupertype_arg_list ')'  */
++#line 1668 "parser.y"
++                                      {
++            (yyval.defsupertype) = (yyvsp[-1].defsupertype);
+         }
++#line 3970 "../parser.c"
+     break;
+ 
+-  case 172:
+-#line 1673 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defsupertype) = (yyvsp[(1) - (3)].defsupertype);
++  case 172: /* defsupertype_arg_list: defsupertype_arg_list ',' defsupertype_arg  */
++#line 1674 "parser.y"
++                                                   {
++            (yyval.defsupertype) = (yyvsp[-2].defsupertype);
+ 
+-            switch ((yyvsp[(3) - (3)].defsupertype).token)
++            switch ((yyvsp[0].defsupertype).token)
+             {
+-            case TK_NAME: (yyval.defsupertype).name = (yyvsp[(3) - (3)].defsupertype).name; break;
++            case TK_NAME: (yyval.defsupertype).name = (yyvsp[0].defsupertype).name; break;
+             }
+         }
++#line 3983 "../parser.c"
+     break;
+ 
+-  case 173:
+-#line 1683 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 173: /* defsupertype_arg: TK_NAME '=' dottedname  */
++#line 1684 "parser.y"
++                                           {
+             (yyval.defsupertype).token = TK_NAME;
+ 
+-            (yyval.defsupertype).name = (yyvsp[(3) - (3)].text);
++            (yyval.defsupertype).name = (yyvsp[0].text);
+         }
++#line 3993 "../parser.c"
+     break;
+ 
+-  case 174:
+-#line 1690 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 174: /* hiddenns: TK_HIDE_NS hiddenns_args  */
++#line 1691 "parser.y"
++                                     {
+             if (notSkipping())
+             {
+                 classDef *ns;
+ 
+                 ns = newClass(currentSpec, namespace_iface, NULL,
+-                        fullyQualifiedName((yyvsp[(2) - (2)].hiddenns).name), NULL, NULL, NULL, NULL);
++                        fullyQualifiedName((yyvsp[0].hiddenns).name), NULL, NULL, NULL, NULL);
+                 setHiddenNamespace(ns);
+             }
+         }
++#line 4008 "../parser.c"
+     break;
+ 
+-  case 175:
+-#line 1702 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 175: /* hiddenns_args: scopedname  */
++#line 1703 "parser.y"
++                           {
+             resetLexerState();
+ 
+-            (yyval.hiddenns).name = (yyvsp[(1) - (1)].scpvalp);
++            (yyval.hiddenns).name = (yyvsp[0].scpvalp);
+         }
++#line 4018 "../parser.c"
+     break;
+ 
+-  case 176:
+-#line 1707 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.hiddenns) = (yyvsp[(2) - (3)].hiddenns);
++  case 176: /* hiddenns_args: '(' hiddenns_arg_list ')'  */
++#line 1708 "parser.y"
++                                  {
++            (yyval.hiddenns) = (yyvsp[-1].hiddenns);
+         }
++#line 4026 "../parser.c"
+     break;
+ 
+-  case 178:
+-#line 1713 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.hiddenns) = (yyvsp[(1) - (3)].hiddenns);
++  case 178: /* hiddenns_arg_list: hiddenns_arg_list ',' hiddenns_arg  */
++#line 1714 "parser.y"
++                                           {
++            (yyval.hiddenns) = (yyvsp[-2].hiddenns);
+ 
+-            switch ((yyvsp[(3) - (3)].hiddenns).token)
++            switch ((yyvsp[0].hiddenns).token)
+             {
+-            case TK_NAME: (yyval.hiddenns).name = (yyvsp[(3) - (3)].hiddenns).name; break;
++            case TK_NAME: (yyval.hiddenns).name = (yyvsp[0].hiddenns).name; break;
+             }
+         }
++#line 4039 "../parser.c"
+     break;
+ 
+-  case 179:
+-#line 1723 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 179: /* hiddenns_arg: TK_NAME '=' scopedname  */
++#line 1724 "parser.y"
++                                       {
+             (yyval.hiddenns).token = TK_NAME;
+ 
+-            (yyval.hiddenns).name = (yyvsp[(3) - (3)].scpvalp);
++            (yyval.hiddenns).name = (yyvsp[0].scpvalp);
+         }
++#line 4049 "../parser.c"
+     break;
+ 
+-  case 180:
+-#line 1730 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 180: /* consmodule: TK_CONSMODULE consmodule_args consmodule_body  */
++#line 1731 "parser.y"
++                                                          {
+             deprecated("%ConsolidatedModule is deprecated and will not be supported by SIP v5");
+ 
+             if (notSkipping())
+@@ -4370,99 +4062,109 @@ yyreduce:
+                 if (currentModule->fullname != NULL)
+                     yyerror("%ConsolidatedModule must appear before any %Module or %CModule directive");
+ 
+-                setModuleName(currentSpec, currentModule, (yyvsp[(2) - (3)].consmodule).name);
+-                currentModule->docstring = (yyvsp[(3) - (3)].consmodule).docstring;
++                setModuleName(currentSpec, currentModule, (yyvsp[-1].consmodule).name);
++                currentModule->docstring = (yyvsp[0].consmodule).docstring;
+ 
+                 setIsConsolidated(currentModule);
+             }
+         }
++#line 4072 "../parser.c"
+     break;
+ 
+-  case 181:
+-#line 1750 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 181: /* consmodule_args: dottedname  */
++#line 1751 "parser.y"
++                               {
+             resetLexerState();
+ 
+-            (yyval.consmodule).name = (yyvsp[(1) - (1)].text);
++            (yyval.consmodule).name = (yyvsp[0].text);
+         }
++#line 4082 "../parser.c"
+     break;
+ 
+-  case 182:
+-#line 1755 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.consmodule) = (yyvsp[(2) - (3)].consmodule);
++  case 182: /* consmodule_args: '(' consmodule_arg_list ')'  */
++#line 1756 "parser.y"
++                                    {
++            (yyval.consmodule) = (yyvsp[-1].consmodule);
+         }
++#line 4090 "../parser.c"
+     break;
+ 
+-  case 184:
+-#line 1761 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.consmodule) = (yyvsp[(1) - (3)].consmodule);
++  case 184: /* consmodule_arg_list: consmodule_arg_list ',' consmodule_arg  */
++#line 1762 "parser.y"
++                                               {
++            (yyval.consmodule) = (yyvsp[-2].consmodule);
+ 
+-            switch ((yyvsp[(3) - (3)].consmodule).token)
++            switch ((yyvsp[0].consmodule).token)
+             {
+-            case TK_NAME: (yyval.consmodule).name = (yyvsp[(3) - (3)].consmodule).name; break;
++            case TK_NAME: (yyval.consmodule).name = (yyvsp[0].consmodule).name; break;
+             }
+         }
++#line 4103 "../parser.c"
+     break;
+ 
+-  case 185:
+-#line 1771 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 185: /* consmodule_arg: TK_NAME '=' dottedname  */
++#line 1772 "parser.y"
++                                       {
+             (yyval.consmodule).token = TK_NAME;
+ 
+-            (yyval.consmodule).name = (yyvsp[(3) - (3)].text);
++            (yyval.consmodule).name = (yyvsp[0].text);
+         }
++#line 4113 "../parser.c"
+     break;
+ 
+-  case 186:
+-#line 1778 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 186: /* consmodule_body: %empty  */
++#line 1779 "parser.y"
++                    {
+             (yyval.consmodule).token = 0;
+             (yyval.consmodule).docstring = NULL;
+         }
++#line 4122 "../parser.c"
+     break;
+ 
+-  case 187:
+-#line 1782 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.consmodule) = (yyvsp[(2) - (4)].consmodule);
++  case 187: /* consmodule_body: '{' consmodule_body_directives '}' ';'  */
++#line 1783 "parser.y"
++                                               {
++            (yyval.consmodule) = (yyvsp[-2].consmodule);
+         }
++#line 4130 "../parser.c"
+     break;
+ 
+-  case 189:
+-#line 1788 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.consmodule) = (yyvsp[(1) - (2)].consmodule);
++  case 189: /* consmodule_body_directives: consmodule_body_directives consmodule_body_directive  */
++#line 1789 "parser.y"
++                                                             {
++            (yyval.consmodule) = (yyvsp[-1].consmodule);
+ 
+-            switch ((yyvsp[(2) - (2)].consmodule).token)
++            switch ((yyvsp[0].consmodule).token)
+             {
+-            case TK_DOCSTRING: (yyval.consmodule).docstring = (yyvsp[(2) - (2)].consmodule).docstring; break;
++            case TK_DOCSTRING: (yyval.consmodule).docstring = (yyvsp[0].consmodule).docstring; break;
+             }
+         }
++#line 4143 "../parser.c"
+     break;
+ 
+-  case 190:
+-#line 1798 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 190: /* consmodule_body_directive: ifstart  */
++#line 1799 "parser.y"
++                                    {
+             (yyval.consmodule).token = TK_IF;
+         }
++#line 4151 "../parser.c"
+     break;
+ 
+-  case 191:
+-#line 1801 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 191: /* consmodule_body_directive: ifend  */
++#line 1802 "parser.y"
++              {
+             (yyval.consmodule).token = TK_END;
+         }
++#line 4159 "../parser.c"
+     break;
+ 
+-  case 192:
+-#line 1804 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 192: /* consmodule_body_directive: docstring  */
++#line 1805 "parser.y"
++                  {
+             if (notSkipping())
+             {
+                 (yyval.consmodule).token = TK_DOCSTRING;
+-                (yyval.consmodule).docstring = (yyvsp[(1) - (1)].docstr);
++                (yyval.consmodule).docstring = (yyvsp[0].docstr);
+             }
+             else
+             {
+@@ -4470,11 +4172,12 @@ yyreduce:
+                 (yyval.consmodule).docstring = NULL;
+             }
+         }
++#line 4176 "../parser.c"
+     break;
+ 
+-  case 193:
+-#line 1818 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 193: /* compmodule: TK_COMPOMODULE compmodule_args compmodule_body  */
++#line 1819 "parser.y"
++                                                           {
+             if (notSkipping())
+             {
+                 /* Make sure this is the first mention of a module. */
+@@ -4484,99 +4187,109 @@ yyreduce:
+                 if (currentModule->fullname != NULL)
+                     yyerror("%CompositeModule must appear before any %Module directive");
+ 
+-                setModuleName(currentSpec, currentModule, (yyvsp[(2) - (3)].compmodule).name);
+-                currentModule->docstring = (yyvsp[(3) - (3)].compmodule).docstring;
++                setModuleName(currentSpec, currentModule, (yyvsp[-1].compmodule).name);
++                currentModule->docstring = (yyvsp[0].compmodule).docstring;
+ 
+                 setIsComposite(currentModule);
+             }
+         }
++#line 4197 "../parser.c"
+     break;
+ 
+-  case 194:
+-#line 1836 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 194: /* compmodule_args: dottedname  */
++#line 1837 "parser.y"
++                               {
+             resetLexerState();
+ 
+-            (yyval.compmodule).name = (yyvsp[(1) - (1)].text);
++            (yyval.compmodule).name = (yyvsp[0].text);
+         }
++#line 4207 "../parser.c"
+     break;
+ 
+-  case 195:
+-#line 1841 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.compmodule) = (yyvsp[(2) - (3)].compmodule);
++  case 195: /* compmodule_args: '(' compmodule_arg_list ')'  */
++#line 1842 "parser.y"
++                                    {
++            (yyval.compmodule) = (yyvsp[-1].compmodule);
+         }
++#line 4215 "../parser.c"
+     break;
+ 
+-  case 197:
+-#line 1847 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.compmodule) = (yyvsp[(1) - (3)].compmodule);
++  case 197: /* compmodule_arg_list: compmodule_arg_list ',' compmodule_arg  */
++#line 1848 "parser.y"
++                                               {
++            (yyval.compmodule) = (yyvsp[-2].compmodule);
+ 
+-            switch ((yyvsp[(3) - (3)].compmodule).token)
++            switch ((yyvsp[0].compmodule).token)
+             {
+-            case TK_NAME: (yyval.compmodule).name = (yyvsp[(3) - (3)].compmodule).name; break;
++            case TK_NAME: (yyval.compmodule).name = (yyvsp[0].compmodule).name; break;
+             }
+         }
++#line 4228 "../parser.c"
+     break;
+ 
+-  case 198:
+-#line 1857 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 198: /* compmodule_arg: TK_NAME '=' dottedname  */
++#line 1858 "parser.y"
++                                       {
+             (yyval.compmodule).token = TK_NAME;
+ 
+-            (yyval.compmodule).name = (yyvsp[(3) - (3)].text);
++            (yyval.compmodule).name = (yyvsp[0].text);
+         }
++#line 4238 "../parser.c"
+     break;
+ 
+-  case 199:
+-#line 1864 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 199: /* compmodule_body: %empty  */
++#line 1865 "parser.y"
++                    {
+             (yyval.compmodule).token = 0;
+             (yyval.compmodule).docstring = NULL;
+         }
++#line 4247 "../parser.c"
+     break;
+ 
+-  case 200:
+-#line 1868 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.compmodule) = (yyvsp[(2) - (4)].compmodule);
++  case 200: /* compmodule_body: '{' compmodule_body_directives '}' ';'  */
++#line 1869 "parser.y"
++                                               {
++            (yyval.compmodule) = (yyvsp[-2].compmodule);
+         }
++#line 4255 "../parser.c"
+     break;
+ 
+-  case 202:
+-#line 1874 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.compmodule) = (yyvsp[(1) - (2)].compmodule);
++  case 202: /* compmodule_body_directives: compmodule_body_directives compmodule_body_directive  */
++#line 1875 "parser.y"
++                                                             {
++            (yyval.compmodule) = (yyvsp[-1].compmodule);
+ 
+-            switch ((yyvsp[(2) - (2)].compmodule).token)
++            switch ((yyvsp[0].compmodule).token)
+             {
+-            case TK_DOCSTRING: (yyval.compmodule).docstring = (yyvsp[(2) - (2)].compmodule).docstring; break;
++            case TK_DOCSTRING: (yyval.compmodule).docstring = (yyvsp[0].compmodule).docstring; break;
+             }
+         }
++#line 4268 "../parser.c"
+     break;
+ 
+-  case 203:
+-#line 1884 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 203: /* compmodule_body_directive: ifstart  */
++#line 1885 "parser.y"
++                                    {
+             (yyval.compmodule).token = TK_IF;
+         }
++#line 4276 "../parser.c"
+     break;
+ 
+-  case 204:
+-#line 1887 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 204: /* compmodule_body_directive: ifend  */
++#line 1888 "parser.y"
++              {
+             (yyval.compmodule).token = TK_END;
+         }
++#line 4284 "../parser.c"
+     break;
+ 
+-  case 205:
+-#line 1890 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 205: /* compmodule_body_directive: docstring  */
++#line 1891 "parser.y"
++                  {
+             if (notSkipping())
+             {
+                 (yyval.compmodule).token = TK_DOCSTRING;
+-                (yyval.compmodule).docstring = (yyvsp[(1) - (1)].docstr);
++                (yyval.compmodule).docstring = (yyvsp[0].docstr);
+             }
+             else
+             {
+@@ -4584,107 +4297,119 @@ yyreduce:
+                 (yyval.compmodule).docstring = NULL;
+             }
+         }
++#line 4301 "../parser.c"
+     break;
+ 
+-  case 206:
+-#line 1904 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if ((yyvsp[(2) - (3)].module).name == NULL)
++  case 206: /* module: TK_MODULE module_args module_body  */
++#line 1905 "parser.y"
++                                          {
++            if ((yyvsp[-1].module).name == NULL)
+                 yyerror("%Module must have a 'name' argument");
+ 
+             if (notSkipping())
+                 currentModule = configureModule(currentSpec, currentModule,
+-                        currentContext.filename, (yyvsp[(2) - (3)].module).name, (yyvsp[(2) - (3)].module).c_module,
+-                        (yyvsp[(2) - (3)].module).kwargs, (yyvsp[(2) - (3)].module).use_arg_names, (yyvsp[(2) - (3)].module).use_limited_api,
+-                        (yyvsp[(2) - (3)].module).call_super_init, (yyvsp[(2) - (3)].module).all_raise_py_exc,
+-                        (yyvsp[(2) - (3)].module).def_error_handler, (yyvsp[(3) - (3)].module).docstring);
+-        }
++                        currentContext.filename, (yyvsp[-1].module).name, (yyvsp[-1].module).c_module,
++                        (yyvsp[-1].module).kwargs, (yyvsp[-1].module).use_arg_names, (yyvsp[-1].module).py_ssize_t_clean,
++                        (yyvsp[-1].module).use_limited_api, (yyvsp[-1].module).call_super_init,
++                        (yyvsp[-1].module).all_raise_py_exc, (yyvsp[-1].module).def_error_handler,
++                        (yyvsp[0].module).docstring);
++        }
++#line 4318 "../parser.c"
+     break;
+ 
+-  case 207:
+-#line 1915 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 207: /* module: TK_CMODULE dottedname optnumber  */
++#line 1917 "parser.y"
++                                        {
+             deprecated("%CModule is deprecated, use %Module and the 'language' argument instead");
+ 
+             if (notSkipping())
+                 currentModule = configureModule(currentSpec, currentModule,
+-                        currentContext.filename, (yyvsp[(2) - (3)].text), TRUE, defaultKwArgs,
+-                        FALSE, FALSE, -1, FALSE, NULL, NULL);
++                        currentContext.filename, (yyvsp[-1].text), TRUE, defaultKwArgs,
++                        FALSE, FALSE, FALSE, -1, FALSE, NULL, NULL);
+         }
++#line 4331 "../parser.c"
+     break;
+ 
+-  case 208:
+-#line 1925 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {resetLexerState();}
++  case 208: /* $@8: %empty  */
++#line 1927 "parser.y"
++                           {resetLexerState();}
++#line 4337 "../parser.c"
+     break;
+ 
+-  case 209:
+-#line 1925 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if ((yyvsp[(3) - (3)].number) >= 0)
++  case 209: /* module_args: dottedname $@8 optnumber  */
++#line 1927 "parser.y"
++                                                          {
++            if ((yyvsp[0].number) >= 0)
+                 deprecated("%Module version number should be specified using the 'version' argument");
+ 
+             (yyval.module).c_module = FALSE;
+             (yyval.module).kwargs = defaultKwArgs;
+-            (yyval.module).name = (yyvsp[(1) - (3)].text);
++            (yyval.module).name = (yyvsp[-2].text);
+             (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+             (yyval.module).all_raise_py_exc = FALSE;
+             (yyval.module).call_super_init = -1;
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4356 "../parser.c"
+     break;
+ 
+-  case 210:
+-#line 1938 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.module) = (yyvsp[(2) - (3)].module);
++  case 210: /* module_args: '(' module_arg_list ')'  */
++#line 1941 "parser.y"
++                                {
++            (yyval.module) = (yyvsp[-1].module);
+         }
++#line 4364 "../parser.c"
+     break;
+ 
+-  case 212:
+-#line 1944 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.module) = (yyvsp[(1) - (3)].module);
++  case 212: /* module_arg_list: module_arg_list ',' module_arg  */
++#line 1947 "parser.y"
++                                       {
++            (yyval.module) = (yyvsp[-2].module);
+ 
+-            switch ((yyvsp[(3) - (3)].module).token)
++            switch ((yyvsp[0].module).token)
+             {
+-            case TK_KWARGS: (yyval.module).kwargs = (yyvsp[(3) - (3)].module).kwargs; break;
+-            case TK_LANGUAGE: (yyval.module).c_module = (yyvsp[(3) - (3)].module).c_module; break;
+-            case TK_NAME: (yyval.module).name = (yyvsp[(3) - (3)].module).name; break;
+-            case TK_USEARGNAMES: (yyval.module).use_arg_names = (yyvsp[(3) - (3)].module).use_arg_names; break;
+-            case TK_USELIMITEDAPI: (yyval.module).use_limited_api = (yyvsp[(3) - (3)].module).use_limited_api; break;
+-            case TK_ALLRAISEPYEXC: (yyval.module).all_raise_py_exc = (yyvsp[(3) - (3)].module).all_raise_py_exc; break;
+-            case TK_CALLSUPERINIT: (yyval.module).call_super_init = (yyvsp[(3) - (3)].module).call_super_init; break;
+-            case TK_DEFERRORHANDLER: (yyval.module).def_error_handler = (yyvsp[(3) - (3)].module).def_error_handler; break;
++            case TK_KWARGS: (yyval.module).kwargs = (yyvsp[0].module).kwargs; break;
++            case TK_LANGUAGE: (yyval.module).c_module = (yyvsp[0].module).c_module; break;
++            case TK_NAME: (yyval.module).name = (yyvsp[0].module).name; break;
++            case TK_USEARGNAMES: (yyval.module).use_arg_names = (yyvsp[0].module).use_arg_names; break;
++            case TK_PYSSIZETCLEAN: (yyval.module).py_ssize_t_clean = (yyvsp[0].module).py_ssize_t_clean; break;
++            case TK_USELIMITEDAPI: (yyval.module).use_limited_api = (yyvsp[0].module).use_limited_api; break;
++            case TK_ALLRAISEPYEXC: (yyval.module).all_raise_py_exc = (yyvsp[0].module).all_raise_py_exc; break;
++            case TK_CALLSUPERINIT: (yyval.module).call_super_init = (yyvsp[0].module).call_super_init; break;
++            case TK_DEFERRORHANDLER: (yyval.module).def_error_handler = (yyvsp[0].module).def_error_handler; break;
+             }
+         }
++#line 4385 "../parser.c"
+     break;
+ 
+-  case 213:
+-#line 1961 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 213: /* module_arg: TK_KWARGS '=' TK_STRING_VALUE  */
++#line 1965 "parser.y"
++                                          {
+             (yyval.module).token = TK_KWARGS;
+ 
+             (yyval.module).c_module = FALSE;
+-            (yyval.module).kwargs = convertKwArgs((yyvsp[(3) - (3)].text));
++            (yyval.module).kwargs = convertKwArgs((yyvsp[0].text));
+             (yyval.module).name = NULL;
+             (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+             (yyval.module).all_raise_py_exc = FALSE;
+             (yyval.module).call_super_init = -1;
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4403 "../parser.c"
+     break;
+ 
+-  case 214:
+-#line 1973 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 214: /* module_arg: TK_LANGUAGE '=' TK_STRING_VALUE  */
++#line 1978 "parser.y"
++                                        {
+             (yyval.module).token = TK_LANGUAGE;
+ 
+-            if (strcmp((yyvsp[(3) - (3)].text), "C++") == 0)
++            if (strcmp((yyvsp[0].text), "C++") == 0)
+                 (yyval.module).c_module = FALSE;
+-            else if (strcmp((yyvsp[(3) - (3)].text), "C") == 0)
++            else if (strcmp((yyvsp[0].text), "C") == 0)
+                 (yyval.module).c_module = TRUE;
+             else
+                 yyerror("%Module 'language' argument must be either \"C++\" or \"C\"");
+@@ -4692,115 +4417,147 @@ yyreduce:
+             (yyval.module).kwargs = defaultKwArgs;
+             (yyval.module).name = NULL;
+             (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+             (yyval.module).all_raise_py_exc = FALSE;
+             (yyval.module).call_super_init = -1;
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4427 "../parser.c"
+     break;
+ 
+-  case 215:
+-#line 1991 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 215: /* module_arg: TK_NAME '=' dottedname  */
++#line 1997 "parser.y"
++                               {
+             (yyval.module).token = TK_NAME;
+ 
+             (yyval.module).c_module = FALSE;
+             (yyval.module).kwargs = defaultKwArgs;
+-            (yyval.module).name = (yyvsp[(3) - (3)].text);
++            (yyval.module).name = (yyvsp[0].text);
+             (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+             (yyval.module).all_raise_py_exc = FALSE;
+             (yyval.module).call_super_init = -1;
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4445 "../parser.c"
+     break;
+ 
+-  case 216:
+-#line 2003 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 216: /* module_arg: TK_USEARGNAMES '=' bool_value  */
++#line 2010 "parser.y"
++                                      {
+             (yyval.module).token = TK_USEARGNAMES;
+ 
+             (yyval.module).c_module = FALSE;
+             (yyval.module).kwargs = defaultKwArgs;
+             (yyval.module).name = NULL;
+-            (yyval.module).use_arg_names = (yyvsp[(3) - (3)].boolean);
++            (yyval.module).use_arg_names = (yyvsp[0].boolean);
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+             (yyval.module).all_raise_py_exc = FALSE;
+             (yyval.module).call_super_init = -1;
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4463 "../parser.c"
+     break;
+ 
+-  case 217:
+-#line 2015 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 217: /* module_arg: TK_PYSSIZETCLEAN '=' bool_value  */
++#line 2023 "parser.y"
++                                        {
++            (yyval.module).token = TK_PYSSIZETCLEAN;
++
++            (yyval.module).c_module = FALSE;
++            (yyval.module).kwargs = defaultKwArgs;
++            (yyval.module).name = NULL;
++            (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = (yyvsp[0].boolean);
++            (yyval.module).use_limited_api = FALSE;
++            (yyval.module).all_raise_py_exc = FALSE;
++            (yyval.module).call_super_init = -1;
++            (yyval.module).def_error_handler = NULL;
++        }
++#line 4481 "../parser.c"
++    break;
++
++  case 218: /* module_arg: TK_USELIMITEDAPI '=' bool_value  */
++#line 2036 "parser.y"
++                                        {
+             (yyval.module).token = TK_USELIMITEDAPI;
+ 
+             (yyval.module).c_module = FALSE;
+             (yyval.module).kwargs = defaultKwArgs;
+             (yyval.module).name = NULL;
+             (yyval.module).use_arg_names = FALSE;
+-            (yyval.module).use_limited_api = (yyvsp[(3) - (3)].boolean);
++            (yyval.module).py_ssize_t_clean = FALSE;
++            (yyval.module).use_limited_api = (yyvsp[0].boolean);
+             (yyval.module).all_raise_py_exc = FALSE;
+             (yyval.module).call_super_init = -1;
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4499 "../parser.c"
+     break;
+ 
+-  case 218:
+-#line 2027 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 219: /* module_arg: TK_ALLRAISEPYEXC '=' bool_value  */
++#line 2049 "parser.y"
++                                        {
+             (yyval.module).token = TK_ALLRAISEPYEXC;
+ 
+             (yyval.module).c_module = FALSE;
+             (yyval.module).kwargs = defaultKwArgs;
+             (yyval.module).name = NULL;
+             (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+-            (yyval.module).all_raise_py_exc = (yyvsp[(3) - (3)].boolean);
++            (yyval.module).all_raise_py_exc = (yyvsp[0].boolean);
+             (yyval.module).call_super_init = -1;
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4517 "../parser.c"
+     break;
+ 
+-  case 219:
+-#line 2039 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 220: /* module_arg: TK_CALLSUPERINIT '=' bool_value  */
++#line 2062 "parser.y"
++                                        {
+             (yyval.module).token = TK_CALLSUPERINIT;
+ 
+             (yyval.module).c_module = FALSE;
+             (yyval.module).kwargs = defaultKwArgs;
+             (yyval.module).name = NULL;
+             (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+             (yyval.module).all_raise_py_exc = FALSE;
+-            (yyval.module).call_super_init = (yyvsp[(3) - (3)].boolean);
++            (yyval.module).call_super_init = (yyvsp[0].boolean);
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4535 "../parser.c"
+     break;
+ 
+-  case 220:
+-#line 2051 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 221: /* module_arg: TK_DEFERRORHANDLER '=' TK_NAME_VALUE  */
++#line 2075 "parser.y"
++                                             {
+             (yyval.module).token = TK_DEFERRORHANDLER;
+ 
+             (yyval.module).c_module = FALSE;
+             (yyval.module).kwargs = defaultKwArgs;
+             (yyval.module).name = NULL;
+             (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+             (yyval.module).all_raise_py_exc = FALSE;
+             (yyval.module).call_super_init = -1;
+-            (yyval.module).def_error_handler = (yyvsp[(3) - (3)].text);
++            (yyval.module).def_error_handler = (yyvsp[0].text);
+         }
++#line 4553 "../parser.c"
+     break;
+ 
+-  case 221:
+-#line 2063 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 222: /* module_arg: TK_VERSION '=' TK_NUMBER_VALUE  */
++#line 2088 "parser.y"
++                                       {
+             deprecated("%Module version numbers are deprecated and ignored");
+ 
+-            if ((yyvsp[(3) - (3)].number) < 0)
++            if ((yyvsp[0].number) < 0)
+                 yyerror("%Module 'version' argument cannot be negative");
+ 
+             (yyval.module).token = TK_VERSION;
+@@ -4809,68 +4566,76 @@ yyreduce:
+             (yyval.module).kwargs = defaultKwArgs;
+             (yyval.module).name = NULL;
+             (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+             (yyval.module).all_raise_py_exc = FALSE;
+             (yyval.module).call_super_init = -1;
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4576 "../parser.c"
+     break;
+ 
+-  case 222:
+-#line 2082 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 223: /* module_body: %empty  */
++#line 2108 "parser.y"
++                {
+             (yyval.module).token = 0;
+             (yyval.module).docstring = NULL;
+         }
++#line 4585 "../parser.c"
+     break;
+ 
+-  case 223:
+-#line 2086 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.module) = (yyvsp[(2) - (4)].module);
++  case 224: /* module_body: '{' module_body_directives '}' ';'  */
++#line 2112 "parser.y"
++                                           {
++            (yyval.module) = (yyvsp[-2].module);
+         }
++#line 4593 "../parser.c"
+     break;
+ 
+-  case 225:
+-#line 2092 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.module) = (yyvsp[(1) - (2)].module);
++  case 226: /* module_body_directives: module_body_directives module_body_directive  */
++#line 2118 "parser.y"
++                                                     {
++            (yyval.module) = (yyvsp[-1].module);
+ 
+-            switch ((yyvsp[(2) - (2)].module).token)
++            switch ((yyvsp[0].module).token)
+             {
+-            case TK_DOCSTRING: (yyval.module).docstring = (yyvsp[(2) - (2)].module).docstring; break;
++            case TK_DOCSTRING: (yyval.module).docstring = (yyvsp[0].module).docstring; break;
+             }
+         }
++#line 4606 "../parser.c"
+     break;
+ 
+-  case 226:
+-#line 2102 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 227: /* module_body_directive: ifstart  */
++#line 2128 "parser.y"
++                                {
+             (yyval.module).token = TK_IF;
+         }
++#line 4614 "../parser.c"
+     break;
+ 
+-  case 227:
+-#line 2105 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 228: /* module_body_directive: ifend  */
++#line 2131 "parser.y"
++              {
+             (yyval.module).token = TK_END;
+         }
++#line 4622 "../parser.c"
+     break;
+ 
+-  case 228:
+-#line 2108 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 229: /* module_body_directive: autopyname  */
++#line 2134 "parser.y"
++                   {
+             (yyval.module).token = TK_AUTOPYNAME;
+         }
++#line 4630 "../parser.c"
+     break;
+ 
+-  case 229:
+-#line 2111 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 230: /* module_body_directive: docstring  */
++#line 2137 "parser.y"
++                  {
+             if (notSkipping())
+             {
+                 (yyval.module).token = TK_DOCSTRING;
+-                (yyval.module).docstring = (yyvsp[(1) - (1)].docstr);
++                (yyval.module).docstring = (yyvsp[0].docstr);
+             }
+             else
+             {
+@@ -4878,11 +4643,12 @@ yyreduce:
+                 (yyval.module).docstring = NULL;
+             }
+         }
++#line 4647 "../parser.c"
+     break;
+ 
+-  case 231:
+-#line 2126 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 232: /* dottedname: TK_PATH_VALUE  */
++#line 2152 "parser.y"
++                      {
+             /*
+              * The grammar design is a bit broken and this is the easiest way
+              * to allow periods in names.
+@@ -4890,435 +4656,487 @@ yyreduce:
+ 
+             char *cp;
+ 
+-            for (cp = (yyvsp[(1) - (1)].text); *cp != '\0'; ++cp)
++            for (cp = (yyvsp[0].text); *cp != '\0'; ++cp)
+                 if (*cp != '.' && *cp != '_' && !isalnum(*cp))
+                     yyerror("Invalid character in name");
+ 
+-            (yyval.text) = (yyvsp[(1) - (1)].text);
++            (yyval.text) = (yyvsp[0].text);
+         }
++#line 4666 "../parser.c"
+     break;
+ 
+-  case 232:
+-#line 2142 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 233: /* optnumber: %empty  */
++#line 2168 "parser.y"
++            {
+             (yyval.number) = -1;
+         }
++#line 4674 "../parser.c"
+     break;
+ 
+-  case 234:
+-#line 2148 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if ((yyvsp[(2) - (2)].include).name == NULL)
++  case 235: /* include: TK_INCLUDE include_args  */
++#line 2174 "parser.y"
++                                    {
++            if ((yyvsp[0].include).name == NULL)
+                 yyerror("%Include must have a 'name' argument");
+ 
+             if (notSkipping())
+-                parseFile(NULL, (yyvsp[(2) - (2)].include).name, NULL, (yyvsp[(2) - (2)].include).optional);
++                parseFile(NULL, (yyvsp[0].include).name, NULL, (yyvsp[0].include).optional);
+         }
++#line 4686 "../parser.c"
+     break;
+ 
+-  case 235:
+-#line 2157 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 236: /* include_args: TK_PATH_VALUE  */
++#line 2183 "parser.y"
++                              {
+             resetLexerState();
+ 
+-            (yyval.include).name = (yyvsp[(1) - (1)].text);
++            (yyval.include).name = (yyvsp[0].text);
+             (yyval.include).optional = FALSE;
+         }
++#line 4697 "../parser.c"
+     break;
+ 
+-  case 236:
+-#line 2163 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.include) = (yyvsp[(2) - (3)].include);
++  case 237: /* include_args: '(' include_arg_list ')'  */
++#line 2189 "parser.y"
++                                 {
++            (yyval.include) = (yyvsp[-1].include);
+         }
++#line 4705 "../parser.c"
+     break;
+ 
+-  case 238:
+-#line 2169 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.include) = (yyvsp[(1) - (3)].include);
++  case 239: /* include_arg_list: include_arg_list ',' include_arg  */
++#line 2195 "parser.y"
++                                         {
++            (yyval.include) = (yyvsp[-2].include);
+ 
+-            switch ((yyvsp[(3) - (3)].include).token)
++            switch ((yyvsp[0].include).token)
+             {
+-            case TK_NAME: (yyval.include).name = (yyvsp[(3) - (3)].include).name; break;
+-            case TK_OPTIONAL: (yyval.include).optional = (yyvsp[(3) - (3)].include).optional; break;
++            case TK_NAME: (yyval.include).name = (yyvsp[0].include).name; break;
++            case TK_OPTIONAL: (yyval.include).optional = (yyvsp[0].include).optional; break;
+             }
+         }
++#line 4719 "../parser.c"
+     break;
+ 
+-  case 239:
+-#line 2180 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 240: /* include_arg: TK_NAME '=' TK_PATH_VALUE  */
++#line 2206 "parser.y"
++                                          {
+             (yyval.include).token = TK_NAME;
+ 
+-            (yyval.include).name = (yyvsp[(3) - (3)].text);
++            (yyval.include).name = (yyvsp[0].text);
+             (yyval.include).optional = FALSE;
+         }
++#line 4730 "../parser.c"
+     break;
+ 
+-  case 240:
+-#line 2186 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 241: /* include_arg: TK_OPTIONAL '=' bool_value  */
++#line 2212 "parser.y"
++                                   {
+             (yyval.include).token = TK_OPTIONAL;
+ 
+             (yyval.include).name = NULL;
+-            (yyval.include).optional = (yyvsp[(3) - (3)].boolean);
++            (yyval.include).optional = (yyvsp[0].boolean);
+         }
++#line 4741 "../parser.c"
+     break;
+ 
+-  case 241:
+-#line 2194 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 242: /* optinclude: TK_OPTINCLUDE TK_PATH_VALUE  */
++#line 2220 "parser.y"
++                                        {
+             deprecated("%OptionalInclude is deprecated, use %Include and the 'optional' argument instead");
+ 
+             if (notSkipping())
+-                parseFile(NULL, (yyvsp[(2) - (2)].text), NULL, TRUE);
++                parseFile(NULL, (yyvsp[0].text), NULL, TRUE);
+         }
++#line 4752 "../parser.c"
+     break;
+ 
+-  case 242:
+-#line 2202 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 243: /* import: TK_IMPORT import_args  */
++#line 2228 "parser.y"
++                                  {
+             if (notSkipping())
+-                newImport((yyvsp[(2) - (2)].import).name);
++                newImport((yyvsp[0].import).name);
+         }
++#line 4761 "../parser.c"
+     break;
+ 
+-  case 243:
+-#line 2208 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 244: /* import_args: TK_PATH_VALUE  */
++#line 2234 "parser.y"
++                              {
+             resetLexerState();
+ 
+-            (yyval.import).name = (yyvsp[(1) - (1)].text);
++            (yyval.import).name = (yyvsp[0].text);
+         }
++#line 4771 "../parser.c"
+     break;
+ 
+-  case 244:
+-#line 2213 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.import) = (yyvsp[(2) - (3)].import);
++  case 245: /* import_args: '(' import_arg_list ')'  */
++#line 2239 "parser.y"
++                                {
++            (yyval.import) = (yyvsp[-1].import);
+         }
++#line 4779 "../parser.c"
+     break;
+ 
+-  case 246:
+-#line 2219 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.import) = (yyvsp[(1) - (3)].import);
++  case 247: /* import_arg_list: import_arg_list ',' import_arg  */
++#line 2245 "parser.y"
++                                       {
++            (yyval.import) = (yyvsp[-2].import);
+ 
+-            switch ((yyvsp[(3) - (3)].import).token)
++            switch ((yyvsp[0].import).token)
+             {
+-            case TK_NAME: (yyval.import).name = (yyvsp[(3) - (3)].import).name; break;
++            case TK_NAME: (yyval.import).name = (yyvsp[0].import).name; break;
+             }
+         }
++#line 4792 "../parser.c"
+     break;
+ 
+-  case 247:
+-#line 2229 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 248: /* import_arg: TK_NAME '=' TK_PATH_VALUE  */
++#line 2255 "parser.y"
++                                      {
+             (yyval.import).token = TK_NAME;
+ 
+-            (yyval.import).name = (yyvsp[(3) - (3)].text);
++            (yyval.import).name = (yyvsp[0].text);
+         }
++#line 4802 "../parser.c"
+     break;
+ 
+-  case 248:
+-#line 2236 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 249: /* optaccesscode: %empty  */
++#line 2262 "parser.y"
++                {
+             (yyval.codeb) = NULL;
+         }
++#line 4810 "../parser.c"
+     break;
+ 
+-  case 249:
+-#line 2239 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 250: /* optaccesscode: TK_ACCESSCODE codeblock  */
++#line 2265 "parser.y"
++                                {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4818 "../parser.c"
+     break;
+ 
+-  case 250:
+-#line 2244 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 251: /* optgetcode: %empty  */
++#line 2270 "parser.y"
++            {
+             (yyval.codeb) = NULL;
+         }
++#line 4826 "../parser.c"
+     break;
+ 
+-  case 251:
+-#line 2247 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 252: /* optgetcode: TK_GETCODE codeblock  */
++#line 2273 "parser.y"
++                             {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4834 "../parser.c"
+     break;
+ 
+-  case 252:
+-#line 2252 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 253: /* optsetcode: %empty  */
++#line 2278 "parser.y"
++            {
+             (yyval.codeb) = NULL;
+         }
++#line 4842 "../parser.c"
+     break;
+ 
+-  case 253:
+-#line 2255 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 254: /* optsetcode: TK_SETCODE codeblock  */
++#line 2281 "parser.y"
++                             {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4850 "../parser.c"
+     break;
+ 
+-  case 254:
+-#line 2260 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 255: /* copying: TK_COPYING codeblock  */
++#line 2286 "parser.y"
++                                 {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->copying, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->copying, (yyvsp[0].codeb));
+         }
++#line 4859 "../parser.c"
+     break;
+ 
+-  case 255:
+-#line 2266 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 256: /* exphdrcode: TK_EXPHEADERCODE codeblock  */
++#line 2292 "parser.y"
++                                       {
+             if (notSkipping())
+-                appendCodeBlock(&currentSpec->exphdrcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentSpec->exphdrcode, (yyvsp[0].codeb));
+         }
++#line 4868 "../parser.c"
+     break;
+ 
+-  case 256:
+-#line 2272 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 257: /* modhdrcode: TK_MODHEADERCODE codeblock  */
++#line 2298 "parser.y"
++                                       {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->hdrcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->hdrcode, (yyvsp[0].codeb));
+         }
++#line 4877 "../parser.c"
+     break;
+ 
+-  case 257:
+-#line 2278 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 258: /* typehdrcode: TK_TYPEHEADERCODE codeblock  */
++#line 2304 "parser.y"
++                                            {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4885 "../parser.c"
+     break;
+ 
+-  case 258:
+-#line 2283 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 259: /* travcode: TK_TRAVERSECODE codeblock  */
++#line 2309 "parser.y"
++                                      {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4893 "../parser.c"
+     break;
+ 
+-  case 259:
+-#line 2288 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 260: /* clearcode: TK_CLEARCODE codeblock  */
++#line 2314 "parser.y"
++                                   {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4901 "../parser.c"
+     break;
+ 
+-  case 260:
+-#line 2293 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 261: /* getbufcode: TK_GETBUFFERCODE codeblock  */
++#line 2319 "parser.y"
++                                       {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4909 "../parser.c"
+     break;
+ 
+-  case 261:
+-#line 2298 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 262: /* releasebufcode: TK_RELEASEBUFFERCODE codeblock  */
++#line 2324 "parser.y"
++                                               {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4917 "../parser.c"
+     break;
+ 
+-  case 262:
+-#line 2303 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 263: /* readbufcode: TK_READBUFFERCODE codeblock  */
++#line 2329 "parser.y"
++                                            {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4925 "../parser.c"
+     break;
+ 
+-  case 263:
+-#line 2308 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 264: /* writebufcode: TK_WRITEBUFFERCODE codeblock  */
++#line 2334 "parser.y"
++                                             {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4933 "../parser.c"
+     break;
+ 
+-  case 264:
+-#line 2313 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 265: /* segcountcode: TK_SEGCOUNTCODE codeblock  */
++#line 2339 "parser.y"
++                                          {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4941 "../parser.c"
+     break;
+ 
+-  case 265:
+-#line 2318 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 266: /* charbufcode: TK_CHARBUFFERCODE codeblock  */
++#line 2344 "parser.y"
++                                            {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4949 "../parser.c"
+     break;
+ 
+-  case 266:
+-#line 2323 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 267: /* instancecode: TK_INSTANCECODE codeblock  */
++#line 2349 "parser.y"
++                                          {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4957 "../parser.c"
+     break;
+ 
+-  case 267:
+-#line 2328 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 268: /* picklecode: TK_PICKLECODE codeblock  */
++#line 2354 "parser.y"
++                                    {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4965 "../parser.c"
+     break;
+ 
+-  case 268:
+-#line 2333 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 269: /* finalcode: TK_FINALCODE codeblock  */
++#line 2359 "parser.y"
++                                   {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4973 "../parser.c"
+     break;
+ 
+-  case 269:
+-#line 2338 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 270: /* modcode: TK_MODCODE codeblock  */
++#line 2364 "parser.y"
++                                 {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->cppcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->cppcode, (yyvsp[0].codeb));
+         }
++#line 4982 "../parser.c"
+     break;
+ 
+-  case 270:
+-#line 2344 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 271: /* typecode: TK_TYPECODE codeblock  */
++#line 2370 "parser.y"
++                                  {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4990 "../parser.c"
+     break;
+ 
+-  case 271:
+-#line 2349 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 272: /* preinitcode: TK_PREINITCODE codeblock  */
++#line 2375 "parser.y"
++                                         {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->preinitcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->preinitcode, (yyvsp[0].codeb));
+         }
++#line 4999 "../parser.c"
+     break;
+ 
+-  case 272:
+-#line 2355 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 273: /* initcode: TK_INITCODE codeblock  */
++#line 2381 "parser.y"
++                                  {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->initcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->initcode, (yyvsp[0].codeb));
+         }
++#line 5008 "../parser.c"
+     break;
+ 
+-  case 273:
+-#line 2361 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 274: /* postinitcode: TK_POSTINITCODE codeblock  */
++#line 2387 "parser.y"
++                                          {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->postinitcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->postinitcode, (yyvsp[0].codeb));
+         }
++#line 5017 "../parser.c"
+     break;
+ 
+-  case 274:
+-#line 2367 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 275: /* unitcode: TK_UNITCODE codeblock  */
++#line 2393 "parser.y"
++                                  {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->unitcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->unitcode, (yyvsp[0].codeb));
+         }
++#line 5026 "../parser.c"
+     break;
+ 
+-  case 275:
+-#line 2373 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 276: /* unitpostinccode: TK_UNITPOSTINCLUDECODE codeblock  */
++#line 2399 "parser.y"
++                                                     {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->unitpostinccode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->unitpostinccode, (yyvsp[0].codeb));
+         }
++#line 5035 "../parser.c"
+     break;
+ 
+-  case 276:
+-#line 2379 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 277: /* prepycode: TK_PREPYCODE codeblock  */
++#line 2405 "parser.y"
++                                   {
+             /* Deprecated. */
+         }
++#line 5043 "../parser.c"
+     break;
+ 
+-  case 277:
+-#line 2384 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 278: /* exptypehintcode: TK_EXPTYPEHINTCODE codeblock  */
++#line 2410 "parser.y"
++                                              {
+             if (notSkipping() && !inMainModule())
+-                appendCodeBlock(&currentSpec->exptypehintcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentSpec->exptypehintcode, (yyvsp[0].codeb));
+         }
++#line 5052 "../parser.c"
+     break;
+ 
+-  case 278:
+-#line 2390 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 279: /* modtypehintcode: TK_TYPEHINTCODE codeblock  */
++#line 2416 "parser.y"
++                                           {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->typehintcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->typehintcode, (yyvsp[0].codeb));
+         }
++#line 5061 "../parser.c"
+     break;
+ 
+-  case 279:
+-#line 2396 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 280: /* classtypehintcode: TK_TYPEHINTCODE codeblock  */
++#line 2422 "parser.y"
++                                             {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 5069 "../parser.c"
+     break;
+ 
+-  case 280:
+-#line 2401 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 281: /* doc: TK_DOC codeblock  */
++#line 2427 "parser.y"
++                             {
+             if (notSkipping() && inMainModule())
+-                appendCodeBlock(&currentSpec->docs, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentSpec->docs, (yyvsp[0].codeb));
+         }
++#line 5078 "../parser.c"
+     break;
+ 
+-  case 281:
+-#line 2407 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 282: /* exporteddoc: TK_EXPORTEDDOC codeblock  */
++#line 2433 "parser.y"
++                                         {
+             if (notSkipping())
+-                appendCodeBlock(&currentSpec->docs, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentSpec->docs, (yyvsp[0].codeb));
+         }
++#line 5087 "../parser.c"
+     break;
+ 
+-  case 282:
+-#line 2413 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 283: /* autopyname: TK_AUTOPYNAME autopyname_args  */
++#line 2439 "parser.y"
++                                          {
+             if (notSkipping())
+-                addAutoPyName(currentModule, (yyvsp[(2) - (2)].autopyname).remove_leading);
++                addAutoPyName(currentModule, (yyvsp[0].autopyname).remove_leading);
+         }
++#line 5096 "../parser.c"
+     break;
+ 
+-  case 283:
+-#line 2419 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.autopyname) = (yyvsp[(2) - (3)].autopyname);
++  case 284: /* autopyname_args: '(' autopyname_arg_list ')'  */
++#line 2445 "parser.y"
++                                                {
++            (yyval.autopyname) = (yyvsp[-1].autopyname);
+         }
++#line 5104 "../parser.c"
+     break;
+ 
+-  case 285:
+-#line 2425 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.autopyname) = (yyvsp[(1) - (3)].autopyname);
++  case 286: /* autopyname_arg_list: autopyname_arg_list ',' autopyname_arg  */
++#line 2451 "parser.y"
++                                               {
++            (yyval.autopyname) = (yyvsp[-2].autopyname);
+ 
+-            switch ((yyvsp[(3) - (3)].autopyname).token)
++            switch ((yyvsp[0].autopyname).token)
+             {
+-            case TK_REMOVELEADING: (yyval.autopyname).remove_leading = (yyvsp[(3) - (3)].autopyname).remove_leading; break;
++            case TK_REMOVELEADING: (yyval.autopyname).remove_leading = (yyvsp[0].autopyname).remove_leading; break;
+             }
+         }
++#line 5117 "../parser.c"
+     break;
+ 
+-  case 286:
+-#line 2435 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 287: /* autopyname_arg: TK_REMOVELEADING '=' TK_STRING_VALUE  */
++#line 2461 "parser.y"
++                                                     {
+             (yyval.autopyname).token = TK_REMOVELEADING;
+ 
+-            (yyval.autopyname).remove_leading = (yyvsp[(3) - (3)].text);
++            (yyval.autopyname).remove_leading = (yyvsp[0].text);
+         }
++#line 5127 "../parser.c"
+     break;
+ 
+-  case 287:
+-#line 2442 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 288: /* docstring: TK_DOCSTRING docstring_args codeblock  */
++#line 2468 "parser.y"
++                                                  {
+             (yyval.docstr) = sipMalloc(sizeof(docstringDef));
+ 
+-            (yyval.docstr)->signature = (yyvsp[(2) - (3)].docstring).signature;
+-            (yyval.docstr)->text = (yyvsp[(3) - (3)].codeb)->frag;
+-            free((yyvsp[(3) - (3)].codeb));
++            (yyval.docstr)->signature = (yyvsp[-1].docstring).signature;
++            (yyval.docstr)->text = (yyvsp[0].codeb)->frag;
++            free((yyvsp[0].codeb));
+ 
+             /* Format the docstring. */
+-            if ((yyvsp[(2) - (3)].docstring).format == deindented)
++            if ((yyvsp[-1].docstring).format == deindented)
+             {
+                 const char *cp;
+                 char *dp;
+@@ -5392,159 +5210,175 @@ yyreduce:
+                 *dp = '\0';
+             }
+         }
++#line 5214 "../parser.c"
+     break;
+ 
+-  case 288:
+-#line 2526 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 289: /* docstring_args: %empty  */
++#line 2552 "parser.y"
++                {
+             (yyval.docstring).format = currentModule->defdocstringfmt;
+             (yyval.docstring).signature = currentModule->defdocstringsig;
+         }
++#line 5223 "../parser.c"
+     break;
+ 
+-  case 289:
+-#line 2530 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 290: /* docstring_args: TK_STRING_VALUE  */
++#line 2556 "parser.y"
++                        {
+             resetLexerState();
+ 
+-            (yyval.docstring).format = convertFormat((yyvsp[(1) - (1)].text));
++            (yyval.docstring).format = convertFormat((yyvsp[0].text));
+             (yyval.docstring).signature = currentModule->defdocstringsig;
+         }
++#line 5234 "../parser.c"
+     break;
+ 
+-  case 290:
+-#line 2536 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.docstring) = (yyvsp[(2) - (3)].docstring);
++  case 291: /* docstring_args: '(' docstring_arg_list ')'  */
++#line 2562 "parser.y"
++                                   {
++            (yyval.docstring) = (yyvsp[-1].docstring);
+         }
++#line 5242 "../parser.c"
+     break;
+ 
+-  case 292:
+-#line 2542 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.docstring) = (yyvsp[(1) - (3)].docstring);
++  case 293: /* docstring_arg_list: docstring_arg_list ',' docstring_arg  */
++#line 2568 "parser.y"
++                                             {
++            (yyval.docstring) = (yyvsp[-2].docstring);
+ 
+-            switch ((yyvsp[(3) - (3)].docstring).token)
++            switch ((yyvsp[0].docstring).token)
+             {
+-            case TK_FORMAT: (yyval.docstring).format = (yyvsp[(3) - (3)].docstring).format; break;
+-            case TK_SIGNATURE: (yyval.docstring).signature = (yyvsp[(3) - (3)].docstring).signature; break;
++            case TK_FORMAT: (yyval.docstring).format = (yyvsp[0].docstring).format; break;
++            case TK_SIGNATURE: (yyval.docstring).signature = (yyvsp[0].docstring).signature; break;
+             }
+         }
++#line 5256 "../parser.c"
+     break;
+ 
+-  case 293:
+-#line 2553 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 294: /* docstring_arg: TK_FORMAT '=' TK_STRING_VALUE  */
++#line 2579 "parser.y"
++                                              {
+             (yyval.docstring).token = TK_FORMAT;
+ 
+-            (yyval.docstring).format = convertFormat((yyvsp[(3) - (3)].text));
++            (yyval.docstring).format = convertFormat((yyvsp[0].text));
+             (yyval.docstring).signature = currentModule->defdocstringsig;
+         }
++#line 5267 "../parser.c"
+     break;
+ 
+-  case 294:
+-#line 2559 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 295: /* docstring_arg: TK_SIGNATURE '=' TK_STRING_VALUE  */
++#line 2585 "parser.y"
++                                         {
+             (yyval.docstring).token = TK_SIGNATURE;
+ 
+             (yyval.docstring).format = currentModule->defdocstringfmt;
+-            (yyval.docstring).signature = convertSignature((yyvsp[(3) - (3)].text));
++            (yyval.docstring).signature = convertSignature((yyvsp[0].text));
+         }
++#line 5278 "../parser.c"
+     break;
+ 
+-  case 295:
+-#line 2567 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 296: /* optdocstring: %empty  */
++#line 2593 "parser.y"
++              {
+             (yyval.docstr) = NULL;
+         }
++#line 5286 "../parser.c"
+     break;
+ 
+-  case 297:
+-#line 2573 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if ((yyvsp[(2) - (3)].extract).id == NULL)
++  case 298: /* extract: TK_EXTRACT extract_args codeblock  */
++#line 2599 "parser.y"
++                                              {
++            if ((yyvsp[-1].extract).id == NULL)
+                 yyerror("%Extract must have an 'id' argument");
+ 
+             if (notSkipping())
+-                addExtractPart(currentSpec, (yyvsp[(2) - (3)].extract).id, (yyvsp[(2) - (3)].extract).order, (yyvsp[(3) - (3)].codeb));
++                addExtractPart(currentSpec, (yyvsp[-1].extract).id, (yyvsp[-1].extract).order, (yyvsp[0].codeb));
+         }
++#line 5298 "../parser.c"
+     break;
+ 
+-  case 298:
+-#line 2582 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 299: /* extract_args: TK_NAME_VALUE  */
++#line 2608 "parser.y"
++                              {
+             resetLexerState();
+ 
+-            (yyval.extract).id = (yyvsp[(1) - (1)].text);
++            (yyval.extract).id = (yyvsp[0].text);
+             (yyval.extract).order = -1;
+         }
++#line 5309 "../parser.c"
+     break;
+ 
+-  case 299:
+-#line 2588 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.extract) = (yyvsp[(2) - (3)].extract);
++  case 300: /* extract_args: '(' extract_arg_list ')'  */
++#line 2614 "parser.y"
++                                 {
++            (yyval.extract) = (yyvsp[-1].extract);
+         }
++#line 5317 "../parser.c"
+     break;
+ 
+-  case 301:
+-#line 2594 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.extract) = (yyvsp[(1) - (3)].extract);
++  case 302: /* extract_arg_list: extract_arg_list ',' extract_arg  */
++#line 2620 "parser.y"
++                                         {
++            (yyval.extract) = (yyvsp[-2].extract);
+ 
+-            switch ((yyvsp[(3) - (3)].extract).token)
++            switch ((yyvsp[0].extract).token)
+             {
+-            case TK_ID: (yyval.extract).id = (yyvsp[(3) - (3)].extract).id; break;
+-            case TK_ORDER: (yyval.extract).order = (yyvsp[(3) - (3)].extract).order; break;
++            case TK_ID: (yyval.extract).id = (yyvsp[0].extract).id; break;
++            case TK_ORDER: (yyval.extract).order = (yyvsp[0].extract).order; break;
+             }
+         }
++#line 5331 "../parser.c"
+     break;
+ 
+-  case 302:
+-#line 2605 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 303: /* extract_arg: TK_ID '=' TK_NAME_VALUE  */
++#line 2631 "parser.y"
++                                        {
+             (yyval.extract).token = TK_ID;
+ 
+-            (yyval.extract).id = (yyvsp[(3) - (3)].text);
++            (yyval.extract).id = (yyvsp[0].text);
+             (yyval.extract).order = -1;
+         }
++#line 5342 "../parser.c"
+     break;
+ 
+-  case 303:
+-#line 2611 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 304: /* extract_arg: TK_ORDER '=' TK_NUMBER_VALUE  */
++#line 2637 "parser.y"
++                                     {
+             (yyval.extract).token = TK_ORDER;
+ 
+-            if ((yyvsp[(3) - (3)].number) < 0)
++            if ((yyvsp[0].number) < 0)
+                 yyerror("The 'order' of an %Extract directive must not be negative");
+ 
+             (yyval.extract).id = NULL;
+-            (yyval.extract).order = (yyvsp[(3) - (3)].number);
++            (yyval.extract).order = (yyvsp[0].number);
+         }
++#line 5356 "../parser.c"
+     break;
+ 
+-  case 304:
+-#line 2622 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 305: /* makefile: TK_MAKEFILE TK_PATH_VALUE optfilename codeblock  */
++#line 2648 "parser.y"
++                                                            {
+             /* Deprecated. */
+         }
++#line 5364 "../parser.c"
+     break;
+ 
+-  case 307:
+-#line 2631 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(1) - (2)].codeb);
++  case 308: /* codelines: codelines TK_CODELINE  */
++#line 2657 "parser.y"
++                              {
++            (yyval.codeb) = (yyvsp[-1].codeb);
+ 
+-            append(&(yyval.codeb)->frag, (yyvsp[(2) - (2)].codeb)->frag);
++            append(&(yyval.codeb)->frag, (yyvsp[0].codeb)->frag);
+ 
+-            free((yyvsp[(2) - (2)].codeb)->frag);
+-            free((yyvsp[(2) - (2)].codeb));
++            free((yyvsp[0].codeb)->frag);
++            free((yyvsp[0].codeb));
+         }
++#line 5377 "../parser.c"
+     break;
+ 
+-  case 308:
+-#line 2641 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 309: /* $@9: %empty  */
++#line 2667 "parser.y"
++                                                {
+             if (notSkipping())
+             {
+                 const char *annos[] = {
+@@ -5554,72 +5388,80 @@ yyreduce:
+                     NULL
+                 };
+ 
+-                checkAnnos(&(yyvsp[(4) - (4)].optflags), annos);
++                checkAnnos(&(yyvsp[0].optflags), annos);
+ 
+                 if (sectionFlags != 0 && (sectionFlags & ~(SECT_IS_PUBLIC | SECT_IS_PROT)) != 0)
+                     yyerror("Class enums must be in the public or protected sections");
+ 
+-                if (currentSpec->genc && (yyvsp[(2) - (4)].boolean))
++                if (currentSpec->genc && (yyvsp[-2].boolean))
+                     yyerror("Scoped enums not allowed in a C module");
+ 
+                 currentEnum = newEnum(currentSpec, currentModule,
+-                        currentMappedType, (yyvsp[(3) - (4)].text), &(yyvsp[(4) - (4)].optflags), sectionFlags, (yyvsp[(2) - (4)].boolean));
++                        currentMappedType, (yyvsp[-1].text), &(yyvsp[0].optflags), sectionFlags, (yyvsp[-2].boolean));
+             }
+         }
++#line 5404 "../parser.c"
+     break;
+ 
+-  case 310:
+-#line 2665 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 311: /* optenumkey: %empty  */
++#line 2691 "parser.y"
++            {
+             (yyval.boolean) = FALSE;
+         }
++#line 5412 "../parser.c"
+     break;
+ 
+-  case 311:
+-#line 2668 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 312: /* optenumkey: TK_CLASS  */
++#line 2694 "parser.y"
++                 {
+             (yyval.boolean) = TRUE;
+         }
++#line 5420 "../parser.c"
+     break;
+ 
+-  case 312:
+-#line 2671 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 313: /* optenumkey: TK_STRUCT  */
++#line 2697 "parser.y"
++                  {
+             (yyval.boolean) = TRUE;
+         }
++#line 5428 "../parser.c"
+     break;
+ 
+-  case 313:
+-#line 2676 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 314: /* optfilename: %empty  */
++#line 2702 "parser.y"
++                {
+             (yyval.text) = NULL;
+         }
++#line 5436 "../parser.c"
+     break;
+ 
+-  case 314:
+-#line 2679 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.text) = (yyvsp[(1) - (1)].text);
++  case 315: /* optfilename: TK_PATH_VALUE  */
++#line 2705 "parser.y"
++                      {
++            (yyval.text) = (yyvsp[0].text);
+         }
++#line 5444 "../parser.c"
+     break;
+ 
+-  case 315:
+-#line 2684 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 316: /* optname: %empty  */
++#line 2710 "parser.y"
++            {
+             (yyval.text) = NULL;
+         }
++#line 5452 "../parser.c"
+     break;
+ 
+-  case 316:
+-#line 2687 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.text) = (yyvsp[(1) - (1)].text);
++  case 317: /* optname: TK_NAME_VALUE  */
++#line 2713 "parser.y"
++                      {
++            (yyval.text) = (yyvsp[0].text);
+         }
++#line 5460 "../parser.c"
+     break;
+ 
+-  case 323:
+-#line 2702 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 324: /* enumline: TK_NAME_VALUE optenumassign optflags optcomma  */
++#line 2728 "parser.y"
++                                                      {
+             if (notSkipping())
+             {
+                 const char *annos[] = {
+@@ -5630,15 +5472,15 @@ yyreduce:
+ 
+                 enumMemberDef *emd, **tail;
+ 
+-                checkAnnos(&(yyvsp[(3) - (4)].optflags), annos);
++                checkAnnos(&(yyvsp[-1].optflags), annos);
+ 
+                 /* Note that we don't use the assigned value. */
+                 emd = sipMalloc(sizeof (enumMemberDef));
+ 
+                 emd->pyname = cacheName(currentSpec,
+-                        getPythonName(currentModule, &(yyvsp[(3) - (4)].optflags), (yyvsp[(1) - (4)].text)));
+-                emd->cname = (yyvsp[(1) - (4)].text);
+-                emd->no_typehint = getNoTypeHint(&(yyvsp[(3) - (4)].optflags));
++                        getPythonName(currentModule, &(yyvsp[-1].optflags), (yyvsp[-3].text)));
++                emd->cname = (yyvsp[-3].text);
++                emd->no_typehint = getNoTypeHint(&(yyvsp[-1].optflags));
+                 emd->ed = currentEnum;
+                 emd->platforms = currentPlatforms;
+                 emd->next = NULL;
+@@ -5661,309 +5503,345 @@ yyreduce:
+                     setIsUsedName(emd->pyname);
+             }
+         }
++#line 5507 "../parser.c"
+     break;
+ 
+-  case 328:
+-#line 2754 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 329: /* optassign: %empty  */
++#line 2780 "parser.y"
++            {
+             (yyval.valp) = NULL;
+         }
++#line 5515 "../parser.c"
+     break;
+ 
+-  case 329:
+-#line 2757 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.valp) = (yyvsp[(2) - (2)].valp);
++  case 330: /* optassign: '=' expr  */
++#line 2783 "parser.y"
++                 {
++            (yyval.valp) = (yyvsp[0].valp);
+         }
++#line 5523 "../parser.c"
+     break;
+ 
+-  case 331:
+-#line 2763 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 332: /* expr: expr binop value  */
++#line 2789 "parser.y"
++                         {
+             valueDef *vd;
+  
+-            if ((yyvsp[(1) - (3)].valp) -> vtype == string_value || (yyvsp[(3) - (3)].valp) -> vtype == string_value)
++            if ((yyvsp[-2].valp) -> vtype == string_value || (yyvsp[0].valp) -> vtype == string_value)
+                 yyerror("Invalid binary operator for string");
+  
+             /* Find the last value in the existing expression. */
+  
+-            for (vd = (yyvsp[(1) - (3)].valp); vd -> next != NULL; vd = vd -> next)
++            for (vd = (yyvsp[-2].valp); vd -> next != NULL; vd = vd -> next)
+                 ;
+  
+-            vd -> vbinop = (yyvsp[(2) - (3)].qchar);
+-            vd -> next = (yyvsp[(3) - (3)].valp);
++            vd -> vbinop = (yyvsp[-1].qchar);
++            vd -> next = (yyvsp[0].valp);
+ 
+-            (yyval.valp) = (yyvsp[(1) - (3)].valp);
++            (yyval.valp) = (yyvsp[-2].valp);
+         }
++#line 5544 "../parser.c"
+     break;
+ 
+-  case 332:
+-#line 2781 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 333: /* binop: '-'  */
++#line 2807 "parser.y"
++            {
+             (yyval.qchar) = '-';
+         }
++#line 5552 "../parser.c"
+     break;
+ 
+-  case 333:
+-#line 2784 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 334: /* binop: '+'  */
++#line 2810 "parser.y"
++            {
+             (yyval.qchar) = '+';
+         }
++#line 5560 "../parser.c"
+     break;
+ 
+-  case 334:
+-#line 2787 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 335: /* binop: '*'  */
++#line 2813 "parser.y"
++            {
+             (yyval.qchar) = '*';
+         }
++#line 5568 "../parser.c"
+     break;
+ 
+-  case 335:
+-#line 2790 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 336: /* binop: '/'  */
++#line 2816 "parser.y"
++            {
+             (yyval.qchar) = '/';
+         }
++#line 5576 "../parser.c"
+     break;
+ 
+-  case 336:
+-#line 2793 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 337: /* binop: '&'  */
++#line 2819 "parser.y"
++            {
+             (yyval.qchar) = '&';
+         }
++#line 5584 "../parser.c"
+     break;
+ 
+-  case 337:
+-#line 2796 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 338: /* binop: '|'  */
++#line 2822 "parser.y"
++            {
+             (yyval.qchar) = '|';
+         }
++#line 5592 "../parser.c"
+     break;
+ 
+-  case 338:
+-#line 2801 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 339: /* optunop: %empty  */
++#line 2827 "parser.y"
++            {
+             (yyval.qchar) = '\0';
+         }
++#line 5600 "../parser.c"
+     break;
+ 
+-  case 339:
+-#line 2804 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 340: /* optunop: '!'  */
++#line 2830 "parser.y"
++            {
+             (yyval.qchar) = '!';
+         }
++#line 5608 "../parser.c"
+     break;
+ 
+-  case 340:
+-#line 2807 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 341: /* optunop: '~'  */
++#line 2833 "parser.y"
++            {
+             (yyval.qchar) = '~';
+         }
++#line 5616 "../parser.c"
+     break;
+ 
+-  case 341:
+-#line 2810 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 342: /* optunop: '-'  */
++#line 2836 "parser.y"
++            {
+             (yyval.qchar) = '-';
+         }
++#line 5624 "../parser.c"
+     break;
+ 
+-  case 342:
+-#line 2813 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 343: /* optunop: '+'  */
++#line 2839 "parser.y"
++            {
+             (yyval.qchar) = '+';
+         }
++#line 5632 "../parser.c"
+     break;
+ 
+-  case 343:
+-#line 2816 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 344: /* optunop: '*'  */
++#line 2842 "parser.y"
++            {
+             (yyval.qchar) = '*';
+         }
++#line 5640 "../parser.c"
+     break;
+ 
+-  case 344:
+-#line 2819 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 345: /* optunop: '&'  */
++#line 2845 "parser.y"
++            {
+             (yyval.qchar) = '&';
+         }
++#line 5648 "../parser.c"
+     break;
+ 
+-  case 345:
+-#line 2824 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if ((yyvsp[(2) - (3)].qchar) != '\0' && (yyvsp[(3) - (3)].value).vtype == string_value)
++  case 346: /* value: optcast optunop simplevalue  */
++#line 2850 "parser.y"
++                                        {
++            if ((yyvsp[-1].qchar) != '\0' && (yyvsp[0].value).vtype == string_value)
+                 yyerror("Invalid unary operator for string");
+  
+             /* Convert the value to a simple expression on the heap. */
+             (yyval.valp) = sipMalloc(sizeof (valueDef));
+  
+-            *(yyval.valp) = (yyvsp[(3) - (3)].value);
+-            (yyval.valp)->vunop = (yyvsp[(2) - (3)].qchar);
++            *(yyval.valp) = (yyvsp[0].value);
++            (yyval.valp)->vunop = (yyvsp[-1].qchar);
+             (yyval.valp)->vbinop = '\0';
+-            (yyval.valp)->cast = (yyvsp[(1) - (3)].scpvalp);
++            (yyval.valp)->cast = (yyvsp[-2].scpvalp);
+             (yyval.valp)->next = NULL;
+         }
++#line 5666 "../parser.c"
+     break;
+ 
+-  case 346:
+-#line 2839 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 347: /* optcast: %empty  */
++#line 2865 "parser.y"
++            {
+             (yyval.scpvalp) = NULL;
+         }
++#line 5674 "../parser.c"
+     break;
+ 
+-  case 347:
+-#line 2842 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.scpvalp) = (yyvsp[(2) - (3)].scpvalp);
++  case 348: /* optcast: '(' scopedname ')'  */
++#line 2868 "parser.y"
++                               {
++            (yyval.scpvalp) = (yyvsp[-1].scpvalp);
+         }
++#line 5682 "../parser.c"
+     break;
+ 
+-  case 348:
+-#line 2847 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 349: /* scopedname: TK_SCOPE scopednamehead  */
++#line 2873 "parser.y"
++                                    {
+             if (currentSpec->genc)
+                 yyerror("Scoped names are not allowed in a C module");
+ 
+-            (yyval.scpvalp) = scopeScopedName(NULL, (yyvsp[(2) - (2)].scpvalp));
++            (yyval.scpvalp) = scopeScopedName(NULL, (yyvsp[0].scpvalp));
+         }
++#line 5693 "../parser.c"
+     break;
+ 
+-  case 351:
+-#line 2857 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 352: /* scopednamehead: scopednamehead TK_SCOPE scopepart  */
++#line 2883 "parser.y"
++                                          {
+             if (currentSpec->genc)
+                 yyerror("Scoped names are not allowed in a C module");
+ 
+-            appendScopedName(&(yyvsp[(1) - (3)].scpvalp), (yyvsp[(3) - (3)].scpvalp));
++            appendScopedName(&(yyvsp[-2].scpvalp), (yyvsp[0].scpvalp));
+         }
++#line 5704 "../parser.c"
+     break;
+ 
+-  case 352:
+-#line 2865 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.scpvalp) = text2scopePart((yyvsp[(1) - (1)].text));
++  case 353: /* scopepart: TK_NAME_VALUE  */
++#line 2891 "parser.y"
++                          {
++            (yyval.scpvalp) = text2scopePart((yyvsp[0].text));
+         }
++#line 5712 "../parser.c"
+     break;
+ 
+-  case 353:
+-#line 2870 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 354: /* bool_value: TK_TRUE_VALUE  */
++#line 2896 "parser.y"
++                          {
+             (yyval.boolean) = TRUE;
+         }
++#line 5720 "../parser.c"
+     break;
+ 
+-  case 354:
+-#line 2873 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 355: /* bool_value: TK_FALSE_VALUE  */
++#line 2899 "parser.y"
++                       {
+             (yyval.boolean) = FALSE;
+         }
++#line 5728 "../parser.c"
+     break;
+ 
+-  case 355:
+-#line 2878 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 356: /* simplevalue: scopedname  */
++#line 2904 "parser.y"
++                           {
+             /*
+              * We let the C++ compiler decide if the value is a valid one - no
+              * point in building a full C++ parser here.
+              */
+ 
+             (yyval.value).vtype = scoped_value;
+-            (yyval.value).u.vscp = (yyvsp[(1) - (1)].scpvalp);
++            (yyval.value).u.vscp = (yyvsp[0].scpvalp);
+         }
++#line 5742 "../parser.c"
+     break;
+ 
+-  case 356:
+-#line 2887 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 357: /* simplevalue: basetype '(' exprlist ')'  */
++#line 2913 "parser.y"
++                                  {
+             fcallDef *fcd;
+ 
+             fcd = sipMalloc(sizeof (fcallDef));
+-            *fcd = (yyvsp[(3) - (4)].fcall);
+-            fcd -> type = (yyvsp[(1) - (4)].memArg);
++            *fcd = (yyvsp[-1].fcall);
++            fcd -> type = (yyvsp[-3].memArg);
+ 
+             (yyval.value).vtype = fcall_value;
+             (yyval.value).u.fcd = fcd;
+         }
++#line 5757 "../parser.c"
+     break;
+ 
+-  case 357:
+-#line 2897 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 358: /* simplevalue: '{' '}'  */
++#line 2923 "parser.y"
++                {
+             (yyval.value).vtype = empty_value;
+         }
++#line 5765 "../parser.c"
+     break;
+ 
+-  case 358:
+-#line 2900 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 359: /* simplevalue: TK_REAL_VALUE  */
++#line 2926 "parser.y"
++                      {
+             (yyval.value).vtype = real_value;
+-            (yyval.value).u.vreal = (yyvsp[(1) - (1)].real);
++            (yyval.value).u.vreal = (yyvsp[0].real);
+         }
++#line 5774 "../parser.c"
+     break;
+ 
+-  case 359:
+-#line 2904 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 360: /* simplevalue: TK_NUMBER_VALUE  */
++#line 2930 "parser.y"
++                        {
+             (yyval.value).vtype = numeric_value;
+-            (yyval.value).u.vnum = (yyvsp[(1) - (1)].number);
++            (yyval.value).u.vnum = (yyvsp[0].number);
+         }
++#line 5783 "../parser.c"
+     break;
+ 
+-  case 360:
+-#line 2908 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 361: /* simplevalue: bool_value  */
++#line 2934 "parser.y"
++                   {
+             (yyval.value).vtype = numeric_value;
+-            (yyval.value).u.vnum = (yyvsp[(1) - (1)].boolean);
++            (yyval.value).u.vnum = (yyvsp[0].boolean);
+         }
++#line 5792 "../parser.c"
+     break;
+ 
+-  case 361:
+-#line 2912 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 362: /* simplevalue: TK_NULL_VALUE  */
++#line 2938 "parser.y"
++                      {
+             (yyval.value).vtype = numeric_value;
+             (yyval.value).u.vnum = 0;
+         }
++#line 5801 "../parser.c"
+     break;
+ 
+-  case 362:
+-#line 2916 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 363: /* simplevalue: TK_STRING_VALUE  */
++#line 2942 "parser.y"
++                        {
+             (yyval.value).vtype = string_value;
+-            (yyval.value).u.vstr = (yyvsp[(1) - (1)].text);
++            (yyval.value).u.vstr = (yyvsp[0].text);
+         }
++#line 5810 "../parser.c"
+     break;
+ 
+-  case 363:
+-#line 2920 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 364: /* simplevalue: TK_QCHAR_VALUE  */
++#line 2946 "parser.y"
++                       {
+             (yyval.value).vtype = qchar_value;
+-            (yyval.value).u.vqchar = (yyvsp[(1) - (1)].qchar);
++            (yyval.value).u.vqchar = (yyvsp[0].qchar);
+         }
++#line 5819 "../parser.c"
+     break;
+ 
+-  case 364:
+-#line 2926 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 365: /* exprlist: %empty  */
++#line 2952 "parser.y"
++            {
+             /* No values. */
+ 
+             (yyval.fcall).nrArgs = 0;
+         }
++#line 5829 "../parser.c"
+     break;
+ 
+-  case 365:
+-#line 2931 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 366: /* exprlist: expr  */
++#line 2957 "parser.y"
++             {
+             /* The single or first expression. */
+ 
+-            (yyval.fcall).args[0] = (yyvsp[(1) - (1)].valp);
++            (yyval.fcall).args[0] = (yyvsp[0].valp);
+             (yyval.fcall).nrArgs = 1;
+         }
++#line 5840 "../parser.c"
+     break;
+ 
+-  case 366:
+-#line 2937 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 367: /* exprlist: exprlist ',' expr  */
++#line 2963 "parser.y"
++                          {
+             /* Check that it wasn't ...(,expression...). */
+ 
+             if ((yyval.fcall).nrArgs == 0)
+@@ -5971,19 +5849,20 @@ yyreduce:
+ 
+             /* Check there is room. */
+ 
+-            if ((yyvsp[(1) - (3)].fcall).nrArgs == MAX_NR_ARGS)
++            if ((yyvsp[-2].fcall).nrArgs == MAX_NR_ARGS)
+                 yyerror("Internal error - increase the value of MAX_NR_ARGS");
+ 
+-            (yyval.fcall) = (yyvsp[(1) - (3)].fcall);
++            (yyval.fcall) = (yyvsp[-2].fcall);
+ 
+-            (yyval.fcall).args[(yyval.fcall).nrArgs] = (yyvsp[(3) - (3)].valp);
++            (yyval.fcall).args[(yyval.fcall).nrArgs] = (yyvsp[0].valp);
+             (yyval.fcall).nrArgs++;
+         }
++#line 5861 "../parser.c"
+     break;
+ 
+-  case 367:
+-#line 2955 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 368: /* typedef: TK_TYPEDEF cpptype TK_NAME_VALUE optflags ';' optdocstring  */
++#line 2981 "parser.y"
++                                                                       {
+             if (notSkipping())
+             {
+                 const char *annos[] = {
+@@ -5999,17 +5878,18 @@ yyreduce:
+                     NULL
+                 };
+ 
+-                checkAnnos(&(yyvsp[(4) - (6)].optflags), annos);
++                checkAnnos(&(yyvsp[-2].optflags), annos);
+ 
+-                applyTypeFlags(currentModule, &(yyvsp[(2) - (6)].memArg), &(yyvsp[(4) - (6)].optflags));
+-                newTypedef(currentSpec, currentModule, (yyvsp[(3) - (6)].text), &(yyvsp[(2) - (6)].memArg), &(yyvsp[(4) - (6)].optflags), (yyvsp[(6) - (6)].docstr));
++                applyTypeFlags(currentModule, &(yyvsp[-4].memArg), &(yyvsp[-2].optflags));
++                newTypedef(currentSpec, currentModule, (yyvsp[-3].text), &(yyvsp[-4].memArg), &(yyvsp[-2].optflags), (yyvsp[0].docstr));
+             }
+         }
++#line 5888 "../parser.c"
+     break;
+ 
+-  case 368:
+-#line 2977 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 369: /* typedef: TK_TYPEDEF cpptype '(' '*' TK_NAME_VALUE ')' '(' cpptypelist ')' optflags ';' optdocstring  */
++#line 3003 "parser.y"
++                                                                                                   {
+             if (notSkipping())
+             {
+                 const char *annos[] = {
+@@ -6027,41 +5907,43 @@ yyreduce:
+                 signatureDef *sig;
+                 argDef ftype;
+ 
+-                checkAnnos(&(yyvsp[(10) - (12)].optflags), annos);
++                checkAnnos(&(yyvsp[-2].optflags), annos);
+ 
+-                applyTypeFlags(currentModule, &(yyvsp[(2) - (12)].memArg), &(yyvsp[(10) - (12)].optflags));
++                applyTypeFlags(currentModule, &(yyvsp[-10].memArg), &(yyvsp[-2].optflags));
+ 
+                 memset(&ftype, 0, sizeof (argDef));
+ 
+                 /* Create the full signature on the heap. */
+                 sig = sipMalloc(sizeof (signatureDef));
+-                *sig = (yyvsp[(8) - (12)].signature);
+-                sig->result = (yyvsp[(2) - (12)].memArg);
++                *sig = (yyvsp[-4].signature);
++                sig->result = (yyvsp[-10].memArg);
+ 
+                 /* Create the full type. */
+                 ftype.atype = function_type;
+                 ftype.nrderefs = 1;
+                 ftype.u.sa = sig;
+ 
+-                newTypedef(currentSpec, currentModule, (yyvsp[(5) - (12)].text), &ftype, &(yyvsp[(10) - (12)].optflags), (yyvsp[(12) - (12)].docstr));
++                newTypedef(currentSpec, currentModule, (yyvsp[-7].text), &ftype, &(yyvsp[-2].optflags), (yyvsp[0].docstr));
+             }
+         }
++#line 5930 "../parser.c"
+     break;
+ 
+-  case 369:
+-#line 3016 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if (currentSpec -> genc && (yyvsp[(2) - (2)].scpvalp)->next != NULL)
++  case 370: /* $@10: %empty  */
++#line 3042 "parser.y"
++                                 {
++            if (currentSpec -> genc && (yyvsp[0].scpvalp)->next != NULL)
+                 yyerror("Namespaces not allowed in a C module");
+ 
+             if (notSkipping())
+                 currentSupers = NULL;
+         }
++#line 5942 "../parser.c"
+     break;
+ 
+-  case 370:
+-#line 3022 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 371: /* $@11: %empty  */
++#line 3048 "parser.y"
++                                {
+             if (notSkipping())
+             {
+                 const char *annos[] = {
+@@ -6091,33 +5973,36 @@ yyreduce:
+                     NULL
+                 };
+ 
+-                checkAnnos(&(yyvsp[(5) - (5)].optflags), annos);
++                checkAnnos(&(yyvsp[0].optflags), annos);
+ 
+                 if (currentSpec->genc && currentSupers != NULL)
+                     yyerror("Super-classes not allowed in a C module struct");
+ 
+-                defineClass((yyvsp[(2) - (5)].scpvalp), currentSupers, &(yyvsp[(5) - (5)].optflags));
++                defineClass((yyvsp[-3].scpvalp), currentSupers, &(yyvsp[0].optflags));
+                 sectionFlags = SECT_IS_PUBLIC;
+             }
+         }
++#line 5986 "../parser.c"
+     break;
+ 
+-  case 371:
+-#line 3060 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 372: /* struct: TK_STRUCT scopedname $@10 superclasses optflags $@11 optclassbody ';'  */
++#line 3086 "parser.y"
++                           {
+             if (notSkipping())
+-                completeClass((yyvsp[(2) - (8)].scpvalp), &(yyvsp[(5) - (8)].optflags), (yyvsp[(7) - (8)].boolean));
++                completeClass((yyvsp[-6].scpvalp), &(yyvsp[-3].optflags), (yyvsp[-1].boolean));
+         }
++#line 5995 "../parser.c"
+     break;
+ 
+-  case 372:
+-#line 3066 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {currentIsTemplate = TRUE;}
++  case 373: /* $@12: %empty  */
++#line 3092 "parser.y"
++                     {currentIsTemplate = TRUE;}
++#line 6001 "../parser.c"
+     break;
+ 
+-  case 373:
+-#line 3066 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 374: /* classtmpl: template $@12 class  */
++#line 3092 "parser.y"
++                                                       {
+             if (currentSpec->genc)
+                 yyerror("Class templates not allowed in a C module");
+ 
+@@ -6128,12 +6013,12 @@ yyreduce:
+                 /*
+                  * Make sure there is room for the extra class name argument.
+                  */
+-                if ((yyvsp[(1) - (3)].signature).nrArgs == MAX_NR_ARGS)
++                if ((yyvsp[-2].signature).nrArgs == MAX_NR_ARGS)
+                     yyerror("Internal error - increase the value of MAX_NR_ARGS");
+ 
+                 tcd = sipMalloc(sizeof (classTmplDef));
+-                tcd->sig = (yyvsp[(1) - (3)].signature);
+-                tcd->cd = (yyvsp[(3) - (3)].klass);
++                tcd->sig = (yyvsp[-2].signature);
++                tcd->cd = (yyvsp[0].klass);
+                 tcd->next = currentSpec->classtemplates;
+ 
+                 currentSpec->classtemplates = tcd;
+@@ -6141,29 +6026,32 @@ yyreduce:
+ 
+             currentIsTemplate = FALSE;
+         }
++#line 6030 "../parser.c"
+     break;
+ 
+-  case 374:
+-#line 3092 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.signature) = (yyvsp[(3) - (4)].signature);
++  case 375: /* template: TK_TEMPLATE '<' cpptypelist '>'  */
++#line 3118 "parser.y"
++                                            {
++            (yyval.signature) = (yyvsp[-1].signature);
+         }
++#line 6038 "../parser.c"
+     break;
+ 
+-  case 375:
+-#line 3097 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 376: /* $@13: %empty  */
++#line 3123 "parser.y"
++                            {
+             if (currentSpec->genc)
+                 yyerror("Class definition not allowed in a C module");
+ 
+             if (notSkipping())
+                 currentSupers = NULL;
+         }
++#line 6050 "../parser.c"
+     break;
+ 
+-  case 376:
+-#line 3103 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 377: /* $@14: %empty  */
++#line 3129 "parser.y"
++                                {
+             if (notSkipping())
+             {
+                 const char *annos[] = {
+@@ -6192,30 +6080,32 @@ yyreduce:
+                     NULL
+                 };
+ 
+-                checkAnnos(&(yyvsp[(5) - (5)].optflags), annos);
++                checkAnnos(&(yyvsp[0].optflags), annos);
+ 
+-                defineClass((yyvsp[(2) - (5)].scpvalp), currentSupers, &(yyvsp[(5) - (5)].optflags));
++                defineClass((yyvsp[-3].scpvalp), currentSupers, &(yyvsp[0].optflags));
+                 sectionFlags = SECT_IS_PRIVATE;
+             }
+         }
++#line 6090 "../parser.c"
+     break;
+ 
+-  case 377:
+-#line 3137 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 378: /* class: TK_CLASS scopedname $@13 superclasses optflags $@14 optclassbody ';'  */
++#line 3163 "parser.y"
++                           {
+             if (notSkipping())
+-                (yyval.klass) = completeClass((yyvsp[(2) - (8)].scpvalp), &(yyvsp[(5) - (8)].optflags), (yyvsp[(7) - (8)].boolean));
++                (yyval.klass) = completeClass((yyvsp[-6].scpvalp), &(yyvsp[-3].optflags), (yyvsp[-1].boolean));
+         }
++#line 6099 "../parser.c"
+     break;
+ 
+-  case 382:
+-#line 3151 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if (notSkipping() && (yyvsp[(1) - (2)].token) == TK_PUBLIC)
++  case 383: /* superclass: class_access scopedname  */
++#line 3177 "parser.y"
++                                    {
++            if (notSkipping() && (yyvsp[-1].token) == TK_PUBLIC)
+             {
+                 argDef ad;
+                 classDef *super;
+-                scopedNameDef *snd = (yyvsp[(2) - (2)].scpvalp);
++                scopedNameDef *snd = (yyvsp[0].scpvalp);
+ 
+                 /*
+                  * This is a hack to allow typedef'ed classes to be used before
+@@ -6260,53 +6150,60 @@ yyreduce:
+                 appendToClassList(&currentSupers, super);
+             }
+         }
++#line 6154 "../parser.c"
+     break;
+ 
+-  case 383:
+-#line 3203 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 384: /* class_access: %empty  */
++#line 3229 "parser.y"
++                {
+         (yyval.token) = TK_PUBLIC;
+         }
++#line 6162 "../parser.c"
+     break;
+ 
+-  case 384:
+-#line 3206 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 385: /* class_access: TK_PUBLIC  */
++#line 3232 "parser.y"
++                  {
+         (yyval.token) = TK_PUBLIC;
+         }
++#line 6170 "../parser.c"
+     break;
+ 
+-  case 385:
+-#line 3209 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 386: /* class_access: TK_PROTECTED  */
++#line 3235 "parser.y"
++                     {
+         (yyval.token) = TK_PROTECTED;
+         }
++#line 6178 "../parser.c"
+     break;
+ 
+-  case 386:
+-#line 3212 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 387: /* class_access: TK_PRIVATE  */
++#line 3238 "parser.y"
++                   {
+         (yyval.token) = TK_PRIVATE;
+         }
++#line 6186 "../parser.c"
+     break;
+ 
+-  case 387:
+-#line 3217 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 388: /* optclassbody: %empty  */
++#line 3243 "parser.y"
++                {
+             (yyval.boolean) = FALSE;
+         }
++#line 6194 "../parser.c"
+     break;
+ 
+-  case 388:
+-#line 3220 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 389: /* optclassbody: '{' classbody '}'  */
++#line 3246 "parser.y"
++                          {
+             (yyval.boolean) = TRUE;
+         }
++#line 6202 "../parser.c"
+     break;
+ 
+-  case 402:
+-#line 3240 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 403: /* classline: docstring  */
++#line 3266 "parser.y"
++                  {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6314,30 +6211,33 @@ yyreduce:
+                 if (scope->docstring != NULL)
+                     yyerror("%Docstring already given for class");
+ 
+-                scope->docstring = (yyvsp[(1) - (1)].docstr);
++                scope->docstring = (yyvsp[0].docstr);
+             }
+         }
++#line 6218 "../parser.c"
+     break;
+ 
+-  case 403:
+-#line 3251 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 404: /* classline: typecode  */
++#line 3277 "parser.y"
++                 {
+             if (notSkipping())
+-                appendCodeBlock(&currentScope()->cppcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&currentScope()->cppcode, (yyvsp[0].codeb));
+         }
++#line 6227 "../parser.c"
+     break;
+ 
+-  case 404:
+-#line 3255 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 405: /* classline: typehdrcode  */
++#line 3281 "parser.y"
++                    {
+             if (notSkipping())
+-                appendCodeBlock(&currentScope()->iff->hdrcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&currentScope()->iff->hdrcode, (yyvsp[0].codeb));
+         }
++#line 6236 "../parser.c"
+     break;
+ 
+-  case 405:
+-#line 3259 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 406: /* classline: travcode  */
++#line 3285 "parser.y"
++                 {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6345,14 +6245,15 @@ yyreduce:
+                 if (scope->travcode != NULL)
+                     yyerror("%GCTraverseCode already given for class");
+ 
+-                appendCodeBlock(&scope->travcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->travcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6252 "../parser.c"
+     break;
+ 
+-  case 406:
+-#line 3270 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 407: /* classline: clearcode  */
++#line 3296 "parser.y"
++                  {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6360,14 +6261,15 @@ yyreduce:
+                 if (scope->clearcode != NULL)
+                     yyerror("%GCClearCode already given for class");
+ 
+-                appendCodeBlock(&scope->clearcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->clearcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6268 "../parser.c"
+     break;
+ 
+-  case 407:
+-#line 3281 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 408: /* classline: getbufcode  */
++#line 3307 "parser.y"
++                   {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6375,14 +6277,15 @@ yyreduce:
+                 if (scope->getbufcode != NULL)
+                     yyerror("%BIGetBufferCode already given for class");
+ 
+-                appendCodeBlock(&scope->getbufcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->getbufcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6284 "../parser.c"
+     break;
+ 
+-  case 408:
+-#line 3292 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 409: /* classline: releasebufcode  */
++#line 3318 "parser.y"
++                       {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6390,14 +6293,15 @@ yyreduce:
+                 if (scope->releasebufcode != NULL)
+                     yyerror("%BIReleaseBufferCode already given for class");
+ 
+-                appendCodeBlock(&scope->releasebufcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->releasebufcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6300 "../parser.c"
+     break;
+ 
+-  case 409:
+-#line 3303 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 410: /* classline: readbufcode  */
++#line 3329 "parser.y"
++                    {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6405,14 +6309,15 @@ yyreduce:
+                 if (scope->readbufcode != NULL)
+                     yyerror("%BIGetReadBufferCode already given for class");
+ 
+-                appendCodeBlock(&scope->readbufcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->readbufcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6316 "../parser.c"
+     break;
+ 
+-  case 410:
+-#line 3314 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 411: /* classline: writebufcode  */
++#line 3340 "parser.y"
++                     {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6420,14 +6325,15 @@ yyreduce:
+                 if (scope->writebufcode != NULL)
+                     yyerror("%BIGetWriteBufferCode already given for class");
+ 
+-                appendCodeBlock(&scope->writebufcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->writebufcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6332 "../parser.c"
+     break;
+ 
+-  case 411:
+-#line 3325 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 412: /* classline: segcountcode  */
++#line 3351 "parser.y"
++                     {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6435,14 +6341,15 @@ yyreduce:
+                 if (scope->segcountcode != NULL)
+                     yyerror("%BIGetSegCountCode already given for class");
+ 
+-                appendCodeBlock(&scope->segcountcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->segcountcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6348 "../parser.c"
+     break;
+ 
+-  case 412:
+-#line 3336 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 413: /* classline: charbufcode  */
++#line 3362 "parser.y"
++                    {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6450,14 +6357,15 @@ yyreduce:
+                 if (scope->charbufcode != NULL)
+                     yyerror("%BIGetCharBufferCode already given for class");
+ 
+-                appendCodeBlock(&scope->charbufcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->charbufcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6364 "../parser.c"
+     break;
+ 
+-  case 413:
+-#line 3347 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 414: /* classline: instancecode  */
++#line 3373 "parser.y"
++                     {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6465,14 +6373,15 @@ yyreduce:
+                 if (scope->instancecode != NULL)
+                     yyerror("%InstanceCode already given for class");
+ 
+-                appendCodeBlock(&scope->instancecode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->instancecode, (yyvsp[0].codeb));
+             }
+         }
++#line 6380 "../parser.c"
+     break;
+ 
+-  case 414:
+-#line 3358 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 415: /* classline: picklecode  */
++#line 3384 "parser.y"
++                   {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6480,14 +6389,15 @@ yyreduce:
+                 if (scope->picklecode != NULL)
+                     yyerror("%PickleCode already given for class");
+ 
+-                appendCodeBlock(&scope->picklecode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->picklecode, (yyvsp[0].codeb));
+             }
+         }
++#line 6396 "../parser.c"
+     break;
+ 
+-  case 415:
+-#line 3369 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 416: /* classline: finalcode  */
++#line 3395 "parser.y"
++                  {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6495,14 +6405,15 @@ yyreduce:
+                 if (scope->finalcode != NULL)
+                     yyerror("%FinalisationCode already given for class");
+ 
+-                appendCodeBlock(&scope->finalcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->finalcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6412 "../parser.c"
+     break;
+ 
+-  case 416:
+-#line 3380 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 417: /* classline: classtypehintcode  */
++#line 3406 "parser.y"
++                          {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6510,14 +6421,15 @@ yyreduce:
+                 if (scope->typehintcode != NULL)
+                     yyerror("%TypeHintCode already given for class");
+ 
+-                appendCodeBlock(&scope->typehintcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->typehintcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6428 "../parser.c"
+     break;
+ 
+-  case 420:
+-#line 3394 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 421: /* classline: TK_TOSUBCLASS codeblock  */
++#line 3420 "parser.y"
++                                {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6525,14 +6437,15 @@ yyreduce:
+                 if (scope->convtosubcode != NULL)
+                     yyerror("Class has more than one %ConvertToSubClassCode directive");
+ 
+-                appendCodeBlock(&scope->convtosubcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&scope->convtosubcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6444 "../parser.c"
+     break;
+ 
+-  case 421:
+-#line 3405 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 422: /* classline: TK_TOTYPE codeblock  */
++#line 3431 "parser.y"
++                            {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6540,14 +6453,15 @@ yyreduce:
+                 if (scope->convtocode != NULL)
+                     yyerror("Class has more than one %ConvertToTypeCode directive");
+ 
+-                appendCodeBlock(&scope->convtocode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&scope->convtocode, (yyvsp[0].codeb));
+             }
+         }
++#line 6460 "../parser.c"
+     break;
+ 
+-  case 422:
+-#line 3416 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 423: /* classline: TK_FROMTYPE codeblock  */
++#line 3442 "parser.y"
++                              {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6555,172 +6469,188 @@ yyreduce:
+                 if (scope->convfromcode != NULL)
+                     yyerror("Class has more than one %ConvertFromTypeCode directive");
+ 
+-                appendCodeBlock(&scope->convfromcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&scope->convfromcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6476 "../parser.c"
+     break;
+ 
+-  case 423:
+-#line 3427 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 424: /* classline: TK_PUBLIC optslot ':'  */
++#line 3453 "parser.y"
++                              {
+             if (currentSpec -> genc)
+                 yyerror("public section not allowed in a C module");
+ 
+             if (notSkipping())
+-                sectionFlags = SECT_IS_PUBLIC | (yyvsp[(2) - (3)].number);
++                sectionFlags = SECT_IS_PUBLIC | (yyvsp[-1].number);
+         }
++#line 6488 "../parser.c"
+     break;
+ 
+-  case 424:
+-#line 3434 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 425: /* classline: TK_PROTECTED optslot ':'  */
++#line 3460 "parser.y"
++                                 {
+             if (currentSpec -> genc)
+                 yyerror("protected section not allowed in a C module");
+ 
+             if (notSkipping())
+-                sectionFlags = SECT_IS_PROT | (yyvsp[(2) - (3)].number);
++                sectionFlags = SECT_IS_PROT | (yyvsp[-1].number);
+         }
++#line 6500 "../parser.c"
+     break;
+ 
+-  case 425:
+-#line 3441 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 426: /* classline: TK_PRIVATE optslot ':'  */
++#line 3467 "parser.y"
++                               {
+             if (currentSpec -> genc)
+                 yyerror("private section not allowed in a C module");
+ 
+             if (notSkipping())
+-                sectionFlags = SECT_IS_PRIVATE | (yyvsp[(2) - (3)].number);
++                sectionFlags = SECT_IS_PRIVATE | (yyvsp[-1].number);
+         }
++#line 6512 "../parser.c"
+     break;
+ 
+-  case 426:
+-#line 3448 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 427: /* classline: TK_SIGNALS ':'  */
++#line 3474 "parser.y"
++                       {
+             if (currentSpec -> genc)
+                 yyerror("signals section not allowed in a C module");
+ 
+             if (notSkipping())
+                 sectionFlags = SECT_IS_SIGNAL;
+         }
++#line 6524 "../parser.c"
+     break;
+ 
+-  case 427:
+-#line 3457 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if ((yyvsp[(2) - (3)].property).name == NULL)
++  case 428: /* property: TK_PROPERTY property_args property_body  */
++#line 3483 "parser.y"
++                                                    {
++            if ((yyvsp[-1].property).name == NULL)
+                 yyerror("A %Property directive must have a 'name' argument");
+ 
+-            if ((yyvsp[(2) - (3)].property).get == NULL)
++            if ((yyvsp[-1].property).get == NULL)
+                 yyerror("A %Property directive must have a 'get' argument");
+ 
+             if (notSkipping())
+                 addProperty(currentSpec, currentModule, currentScope(),
+-                        (yyvsp[(2) - (3)].property).name, (yyvsp[(2) - (3)].property).get, (yyvsp[(2) - (3)].property).set, (yyvsp[(3) - (3)].property).docstring);
++                        (yyvsp[-1].property).name, (yyvsp[-1].property).get, (yyvsp[-1].property).set, (yyvsp[0].property).docstring);
+         }
++#line 6540 "../parser.c"
+     break;
+ 
+-  case 428:
+-#line 3470 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.property) = (yyvsp[(2) - (3)].property);
++  case 429: /* property_args: '(' property_arg_list ')'  */
++#line 3496 "parser.y"
++                                          {
++            (yyval.property) = (yyvsp[-1].property);
+         }
++#line 6548 "../parser.c"
+     break;
+ 
+-  case 430:
+-#line 3476 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.property) = (yyvsp[(1) - (3)].property);
++  case 431: /* property_arg_list: property_arg_list ',' property_arg  */
++#line 3502 "parser.y"
++                                           {
++            (yyval.property) = (yyvsp[-2].property);
+ 
+-            switch ((yyvsp[(3) - (3)].property).token)
++            switch ((yyvsp[0].property).token)
+             {
+-            case TK_GET: (yyval.property).get = (yyvsp[(3) - (3)].property).get; break;
+-            case TK_NAME: (yyval.property).name = (yyvsp[(3) - (3)].property).name; break;
+-            case TK_SET: (yyval.property).set = (yyvsp[(3) - (3)].property).set; break;
++            case TK_GET: (yyval.property).get = (yyvsp[0].property).get; break;
++            case TK_NAME: (yyval.property).name = (yyvsp[0].property).name; break;
++            case TK_SET: (yyval.property).set = (yyvsp[0].property).set; break;
+             }
+         }
++#line 6563 "../parser.c"
+     break;
+ 
+-  case 431:
+-#line 3488 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 432: /* property_arg: TK_GET '=' TK_NAME_VALUE  */
++#line 3514 "parser.y"
++                                         {
+             (yyval.property).token = TK_GET;
+ 
+-            (yyval.property).get = (yyvsp[(3) - (3)].text);
++            (yyval.property).get = (yyvsp[0].text);
+             (yyval.property).name = NULL;
+             (yyval.property).set = NULL;
+         }
++#line 6575 "../parser.c"
+     break;
+ 
+-  case 432:
+-#line 3495 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 433: /* property_arg: TK_NAME '=' name_or_string  */
++#line 3521 "parser.y"
++                                   {
+             (yyval.property).token = TK_NAME;
+ 
+             (yyval.property).get = NULL;
+-            (yyval.property).name = (yyvsp[(3) - (3)].text);
++            (yyval.property).name = (yyvsp[0].text);
+             (yyval.property).set = NULL;
+         }
++#line 6587 "../parser.c"
+     break;
+ 
+-  case 433:
+-#line 3502 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 434: /* property_arg: TK_SET '=' TK_NAME_VALUE  */
++#line 3528 "parser.y"
++                                 {
+             (yyval.property).token = TK_SET;
+ 
+             (yyval.property).get = NULL;
+             (yyval.property).name = NULL;
+-            (yyval.property).set = (yyvsp[(3) - (3)].text);
++            (yyval.property).set = (yyvsp[0].text);
+         }
++#line 6599 "../parser.c"
+     break;
+ 
+-  case 434:
+-#line 3511 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 435: /* property_body: %empty  */
++#line 3537 "parser.y"
++                {
+             (yyval.property).token = 0;
+             (yyval.property).docstring = NULL;
+         }
++#line 6608 "../parser.c"
+     break;
+ 
+-  case 435:
+-#line 3515 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.property) = (yyvsp[(2) - (4)].property);
++  case 436: /* property_body: '{' property_body_directives '}' ';'  */
++#line 3541 "parser.y"
++                                             {
++            (yyval.property) = (yyvsp[-2].property);
+         }
++#line 6616 "../parser.c"
+     break;
+ 
+-  case 437:
+-#line 3521 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.property) = (yyvsp[(1) - (2)].property);
++  case 438: /* property_body_directives: property_body_directives property_body_directive  */
++#line 3547 "parser.y"
++                                                         {
++            (yyval.property) = (yyvsp[-1].property);
+ 
+-            switch ((yyvsp[(2) - (2)].property).token)
++            switch ((yyvsp[0].property).token)
+             {
+-            case TK_DOCSTRING: (yyval.property).docstring = (yyvsp[(2) - (2)].property).docstring; break;
++            case TK_DOCSTRING: (yyval.property).docstring = (yyvsp[0].property).docstring; break;
+             }
+         }
++#line 6629 "../parser.c"
+     break;
+ 
+-  case 438:
+-#line 3531 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 439: /* property_body_directive: ifstart  */
++#line 3557 "parser.y"
++                                    {
+             (yyval.property).token = TK_IF;
+         }
++#line 6637 "../parser.c"
+     break;
+ 
+-  case 439:
+-#line 3534 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 440: /* property_body_directive: ifend  */
++#line 3560 "parser.y"
++              {
+             (yyval.property).token = TK_END;
+         }
++#line 6645 "../parser.c"
+     break;
+ 
+-  case 440:
+-#line 3537 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 441: /* property_body_directive: docstring  */
++#line 3563 "parser.y"
++                  {
+             if (notSkipping())
+             {
+                 (yyval.property).token = TK_DOCSTRING;
+-                (yyval.property).docstring = (yyvsp[(1) - (1)].docstr);
++                (yyval.property).docstring = (yyvsp[0].docstr);
+             }
+             else
+             {
+@@ -6728,30 +6658,34 @@ yyreduce:
+                 (yyval.property).docstring = NULL;
+             }
+         }
++#line 6662 "../parser.c"
+     break;
+ 
+-  case 443:
+-#line 3555 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 444: /* optslot: %empty  */
++#line 3581 "parser.y"
++            {
+             (yyval.number) = 0;
+         }
++#line 6670 "../parser.c"
+     break;
+ 
+-  case 444:
+-#line 3558 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 445: /* optslot: TK_SLOTS  */
++#line 3584 "parser.y"
++                 {
+             (yyval.number) = SECT_IS_SLOT;
+         }
++#line 6678 "../parser.c"
+     break;
+ 
+-  case 445:
+-#line 3564 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {currentIsVirt = TRUE;}
++  case 446: /* $@15: %empty  */
++#line 3590 "parser.y"
++                   {currentIsVirt = TRUE;}
++#line 6684 "../parser.c"
+     break;
+ 
+-  case 448:
+-#line 3568 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 449: /* dtor_decl: '~' TK_NAME_VALUE '(' ')' optexceptions optabstract optflags ';' premethodcode methodcode virtualcatchercode  */
++#line 3594 "parser.y"
++                                                                                                                         {
+             /* Note that we allow non-virtual dtors in C modules. */
+ 
+             if (notSkipping())
+@@ -6764,22 +6698,22 @@ yyreduce:
+ 
+                 classDef *cd = currentScope();
+ 
+-                checkAnnos(&(yyvsp[(7) - (11)].optflags), annos);
++                checkAnnos(&(yyvsp[-4].optflags), annos);
+ 
+-                if (strcmp(classBaseName(cd),(yyvsp[(2) - (11)].text)) != 0)
++                if (strcmp(classBaseName(cd),(yyvsp[-9].text)) != 0)
+                     yyerror("Destructor doesn't have the same name as its class");
+ 
+                 if (isDtor(cd))
+                     yyerror("Destructor has already been defined");
+ 
+-                if (currentSpec -> genc && (yyvsp[(9) - (11)].codeb) == NULL)
++                if (currentSpec -> genc && (yyvsp[-2].codeb) == NULL)
+                     yyerror("Destructor in C modules must include %MethodCode");
+ 
+ 
+-                appendCodeBlock(&cd->dealloccode, (yyvsp[(9) - (11)].codeb));  /* premethodcode */
+-                appendCodeBlock(&cd->dealloccode, (yyvsp[(10) - (11)].codeb)); /* methodcode */
+-                appendCodeBlock(&cd->dtorcode, (yyvsp[(11) - (11)].codeb));
+-                cd -> dtorexceptions = (yyvsp[(5) - (11)].throwlist);
++                appendCodeBlock(&cd->dealloccode, (yyvsp[-2].codeb));  /* premethodcode */
++                appendCodeBlock(&cd->dealloccode, (yyvsp[-1].codeb)); /* methodcode */
++                appendCodeBlock(&cd->dtorcode, (yyvsp[0].codeb));
++                cd -> dtorexceptions = (yyvsp[-6].throwlist);
+ 
+                 /*
+                  * Note that we don't apply the protected/public hack to dtors
+@@ -6787,7 +6721,7 @@ yyreduce:
+                  */
+                 cd->classflags |= sectionFlags;
+ 
+-                if ((yyvsp[(6) - (11)].number))
++                if ((yyvsp[-5].number))
+                 {
+                     if (!currentIsVirt)
+                         yyerror("Abstract destructor must be virtual");
+@@ -6799,7 +6733,7 @@ yyreduce:
+                  * The class has a shadow if we have a virtual dtor or some
+                  * dtor code.
+                  */
+-                if (currentIsVirt || (yyvsp[(10) - (11)].codeb) != NULL)
++                if (currentIsVirt || (yyvsp[-1].codeb) != NULL)
+                 {
+                     if (currentSpec -> genc)
+                         yyerror("Virtual destructor or %VirtualCatcherCode not allowed in a C module");
+@@ -6807,24 +6741,26 @@ yyreduce:
+                     setNeedsShadow(cd);
+                 }
+ 
+-                if (getReleaseGIL(&(yyvsp[(7) - (11)].optflags)))
++                if (getReleaseGIL(&(yyvsp[-4].optflags)))
+                     setIsReleaseGILDtor(cd);
+-                else if (getHoldGIL(&(yyvsp[(7) - (11)].optflags)))
++                else if (getHoldGIL(&(yyvsp[-4].optflags)))
+                     setIsHoldGILDtor(cd);
+             }
+ 
+             currentIsVirt = FALSE;
+         }
++#line 6753 "../parser.c"
+     break;
+ 
+-  case 449:
+-#line 3634 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {currentCtorIsExplicit = TRUE;}
++  case 450: /* $@16: %empty  */
++#line 3660 "parser.y"
++                        {currentCtorIsExplicit = TRUE;}
++#line 6759 "../parser.c"
+     break;
+ 
+-  case 452:
+-#line 3638 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 453: /* simplector: TK_NAME_VALUE '(' arglist ')' optexceptions optflags optctorsig ';' optdocstring premethodcode methodcode  */
++#line 3664 "parser.y"
++                                                                                                                      {
+             /* Note that we allow ctors in C modules. */
+ 
+             if (notSkipping())
+@@ -6846,11 +6782,11 @@ yyreduce:
+                     NULL
+                 };
+ 
+-                checkAnnos(&(yyvsp[(6) - (11)].optflags), annos);
++                checkAnnos(&(yyvsp[-5].optflags), annos);
+ 
+                 if (currentSpec -> genc)
+                 {
+-                    if ((yyvsp[(10) - (11)].codeb) == NULL && (yyvsp[(3) - (11)].signature).nrArgs != 0)
++                    if ((yyvsp[-1].codeb) == NULL && (yyvsp[-8].signature).nrArgs != 0)
+                         yyerror("Constructors with arguments in C modules must include %MethodCode");
+ 
+                     if (currentCtorIsExplicit)
+@@ -6860,80 +6796,87 @@ yyreduce:
+                 if ((sectionFlags & (SECT_IS_PUBLIC | SECT_IS_PROT | SECT_IS_PRIVATE)) == 0)
+                     yyerror("Constructor must be in the public, private or protected sections");
+ 
+-                newCtor(currentModule, (yyvsp[(1) - (11)].text), sectionFlags, &(yyvsp[(3) - (11)].signature), &(yyvsp[(6) - (11)].optflags), (yyvsp[(11) - (11)].codeb), (yyvsp[(5) - (11)].throwlist), (yyvsp[(7) - (11)].optsignature),
+-                        currentCtorIsExplicit, (yyvsp[(9) - (11)].docstr), (yyvsp[(10) - (11)].codeb));
++                newCtor(currentModule, (yyvsp[-10].text), sectionFlags, &(yyvsp[-8].signature), &(yyvsp[-5].optflags), (yyvsp[0].codeb), (yyvsp[-6].throwlist), (yyvsp[-4].optsignature),
++                        currentCtorIsExplicit, (yyvsp[-2].docstr), (yyvsp[-1].codeb));
+             }
+ 
+-            free((yyvsp[(1) - (11)].text));
++            free((yyvsp[-10].text));
+ 
+             currentCtorIsExplicit = FALSE;
+         }
++#line 6808 "../parser.c"
+     break;
+ 
+-  case 453:
+-#line 3684 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 454: /* optctorsig: %empty  */
++#line 3710 "parser.y"
++            {
+             (yyval.optsignature) = NULL;
+         }
++#line 6816 "../parser.c"
+     break;
+ 
+-  case 454:
+-#line 3687 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 455: /* $@17: %empty  */
++#line 3713 "parser.y"
++            {
+             parsingCSignature = TRUE;
+         }
++#line 6824 "../parser.c"
+     break;
+ 
+-  case 455:
+-#line 3689 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 456: /* optctorsig: '[' $@17 '(' arglist ')' ']'  */
++#line 3715 "parser.y"
++                              {
+             (yyval.optsignature) = sipMalloc(sizeof (signatureDef));
+ 
+-            *(yyval.optsignature) = (yyvsp[(4) - (6)].signature);
++            *(yyval.optsignature) = (yyvsp[-2].signature);
+ 
+             parsingCSignature = FALSE;
+         }
++#line 6836 "../parser.c"
+     break;
+ 
+-  case 456:
+-#line 3698 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 457: /* optsig: %empty  */
++#line 3724 "parser.y"
++        {
+             (yyval.optsignature) = NULL;
+         }
++#line 6844 "../parser.c"
+     break;
+ 
+-  case 457:
+-#line 3701 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 458: /* $@18: %empty  */
++#line 3727 "parser.y"
++            {
+             parsingCSignature = TRUE;
+         }
++#line 6852 "../parser.c"
+     break;
+ 
+-  case 458:
+-#line 3703 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 459: /* optsig: '[' $@18 cpptype '(' arglist ')' ']'  */
++#line 3729 "parser.y"
++                                      {
+             (yyval.optsignature) = sipMalloc(sizeof (signatureDef));
+ 
+-            *(yyval.optsignature) = (yyvsp[(5) - (7)].signature);
+-            (yyval.optsignature)->result = (yyvsp[(3) - (7)].memArg);
++            *(yyval.optsignature) = (yyvsp[-2].signature);
++            (yyval.optsignature)->result = (yyvsp[-4].memArg);
+ 
+             parsingCSignature = FALSE;
+         }
++#line 6865 "../parser.c"
+     break;
+ 
+-  case 459:
+-#line 3713 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 460: /* function: cpptype TK_NAME_VALUE '(' arglist ')' optconst optfinal optexceptions optabstract optflags optsig ';' optdocstring premethodcode methodcode virtualcatchercode virtualcallcode  */
++#line 3739 "parser.y"
++                                                                                                                                                                                           {
+             if (notSkipping())
+             {
+-                applyTypeFlags(currentModule, &(yyvsp[(1) - (17)].memArg), &(yyvsp[(10) - (17)].optflags));
++                applyTypeFlags(currentModule, &(yyvsp[-16].memArg), &(yyvsp[-7].optflags));
+ 
+-                (yyvsp[(4) - (17)].signature).result = (yyvsp[(1) - (17)].memArg);
++                (yyvsp[-13].signature).result = (yyvsp[-16].memArg);
+ 
+                 newFunction(currentSpec, currentModule, currentScope(), NULL,
+                         NULL, sectionFlags, currentIsStatic, currentIsSignal,
+-                        currentIsSlot, currentIsVirt, (yyvsp[(2) - (17)].text), &(yyvsp[(4) - (17)].signature), (yyvsp[(6) - (17)].number), (yyvsp[(9) - (17)].number), &(yyvsp[(10) - (17)].optflags),
+-                        (yyvsp[(15) - (17)].codeb), (yyvsp[(16) - (17)].codeb), (yyvsp[(17) - (17)].codeb), (yyvsp[(8) - (17)].throwlist), (yyvsp[(11) - (17)].optsignature), (yyvsp[(13) - (17)].docstr), (yyvsp[(7) - (17)].number), (yyvsp[(14) - (17)].codeb));
++                        currentIsSlot, currentIsVirt, (yyvsp[-15].text), &(yyvsp[-13].signature), (yyvsp[-11].number), (yyvsp[-8].number), &(yyvsp[-7].optflags),
++                        (yyvsp[-2].codeb), (yyvsp[-1].codeb), (yyvsp[0].codeb), (yyvsp[-9].throwlist), (yyvsp[-6].optsignature), (yyvsp[-4].docstr), (yyvsp[-10].number), (yyvsp[-3].codeb));
+             }
+ 
+             currentIsStatic = FALSE;
+@@ -6941,11 +6884,12 @@ yyreduce:
+             currentIsSlot = FALSE;
+             currentIsVirt = FALSE;
+         }
++#line 6888 "../parser.c"
+     break;
+ 
+-  case 460:
+-#line 3731 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 461: /* function: cpptype TK_OPERATOR '=' '(' cpptype ')' ';'  */
++#line 3757 "parser.y"
++                                                    {
+             /*
+              * It looks like an assignment operator (though we don't bother to
+              * check the types) so make sure it is private.
+@@ -6965,11 +6909,12 @@ yyreduce:
+             currentIsSlot = FALSE;
+             currentIsVirt = FALSE;
+         }
++#line 6913 "../parser.c"
+     break;
+ 
+-  case 461:
+-#line 3751 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 462: /* function: cpptype TK_OPERATOR operatorname '(' arglist ')' optconst optfinal optexceptions optabstract optflags optsig ';' premethodcode methodcode virtualcatchercode virtualcallcode  */
++#line 3777 "parser.y"
++                                                                                                                                                                                     {
+             if (notSkipping())
+             {
+                 classDef *cd = currentScope();
+@@ -6989,23 +6934,23 @@ yyreduce:
+                     ns_scope = NULL;
+                 }
+ 
+-                applyTypeFlags(currentModule, &(yyvsp[(1) - (17)].memArg), &(yyvsp[(11) - (17)].optflags));
++                applyTypeFlags(currentModule, &(yyvsp[-16].memArg), &(yyvsp[-6].optflags));
+ 
+                 /* Handle the unary '+' and '-' operators. */
+-                if ((cd != NULL && (yyvsp[(5) - (17)].signature).nrArgs == 0) || (cd == NULL && (yyvsp[(5) - (17)].signature).nrArgs == 1))
++                if ((cd != NULL && (yyvsp[-12].signature).nrArgs == 0) || (cd == NULL && (yyvsp[-12].signature).nrArgs == 1))
+                 {
+-                    if (strcmp((yyvsp[(3) - (17)].text), "__add__") == 0)
+-                        (yyvsp[(3) - (17)].text) = "__pos__";
+-                    else if (strcmp((yyvsp[(3) - (17)].text), "__sub__") == 0)
+-                        (yyvsp[(3) - (17)].text) = "__neg__";
++                    if (strcmp((yyvsp[-14].text), "__add__") == 0)
++                        (yyvsp[-14].text) = "__pos__";
++                    else if (strcmp((yyvsp[-14].text), "__sub__") == 0)
++                        (yyvsp[-14].text) = "__neg__";
+                 }
+ 
+-                (yyvsp[(5) - (17)].signature).result = (yyvsp[(1) - (17)].memArg);
++                (yyvsp[-12].signature).result = (yyvsp[-16].memArg);
+ 
+                 newFunction(currentSpec, currentModule, cd, ns_scope, NULL,
+                         sectionFlags, currentIsStatic, currentIsSignal,
+-                        currentIsSlot, currentIsVirt, (yyvsp[(3) - (17)].text), &(yyvsp[(5) - (17)].signature), (yyvsp[(7) - (17)].number), (yyvsp[(10) - (17)].number), &(yyvsp[(11) - (17)].optflags),
+-                        (yyvsp[(15) - (17)].codeb), (yyvsp[(16) - (17)].codeb), (yyvsp[(17) - (17)].codeb), (yyvsp[(9) - (17)].throwlist), (yyvsp[(12) - (17)].optsignature), NULL, (yyvsp[(8) - (17)].number), (yyvsp[(14) - (17)].codeb));
++                        currentIsSlot, currentIsVirt, (yyvsp[-14].text), &(yyvsp[-12].signature), (yyvsp[-10].number), (yyvsp[-7].number), &(yyvsp[-6].optflags),
++                        (yyvsp[-2].codeb), (yyvsp[-1].codeb), (yyvsp[0].codeb), (yyvsp[-8].throwlist), (yyvsp[-5].optsignature), NULL, (yyvsp[-9].number), (yyvsp[-3].codeb));
+             }
+ 
+             currentIsStatic = FALSE;
+@@ -7013,22 +6958,23 @@ yyreduce:
+             currentIsSlot = FALSE;
+             currentIsVirt = FALSE;
+         }
++#line 6962 "../parser.c"
+     break;
+ 
+-  case 462:
+-#line 3795 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 463: /* function: TK_OPERATOR cpptype '(' arglist ')' optconst optfinal optexceptions optabstract optflags optsig ';' premethodcode methodcode virtualcatchercode virtualcallcode  */
++#line 3821 "parser.y"
++                                                                                                                                                                        {
+             if (notSkipping())
+             {
+                 char *sname;
+                 classDef *scope = currentScope();
+ 
+-                if (scope == NULL || (yyvsp[(4) - (16)].signature).nrArgs != 0)
++                if (scope == NULL || (yyvsp[-12].signature).nrArgs != 0)
+                     yyerror("Operator casts must be specified in a class and have no arguments");
+ 
+-                applyTypeFlags(currentModule, &(yyvsp[(2) - (16)].memArg), &(yyvsp[(10) - (16)].optflags));
++                applyTypeFlags(currentModule, &(yyvsp[-14].memArg), &(yyvsp[-6].optflags));
+ 
+-                switch ((yyvsp[(2) - (16)].memArg).atype)
++                switch ((yyvsp[-14].memArg).atype)
+                 {
+                 case defined_type:
+                     sname = NULL;
+@@ -7067,12 +7013,12 @@ yyreduce:
+ 
+                 if (sname != NULL)
+                 {
+-                    (yyvsp[(4) - (16)].signature).result = (yyvsp[(2) - (16)].memArg);
++                    (yyvsp[-12].signature).result = (yyvsp[-14].memArg);
+ 
+                     newFunction(currentSpec, currentModule, scope, NULL, NULL,
+                             sectionFlags, currentIsStatic, currentIsSignal,
+-                            currentIsSlot, currentIsVirt, sname, &(yyvsp[(4) - (16)].signature), (yyvsp[(6) - (16)].number), (yyvsp[(9) - (16)].number),
+-                            &(yyvsp[(10) - (16)].optflags), (yyvsp[(14) - (16)].codeb), (yyvsp[(15) - (16)].codeb), (yyvsp[(16) - (16)].codeb), (yyvsp[(8) - (16)].throwlist), (yyvsp[(11) - (16)].optsignature), NULL, (yyvsp[(7) - (16)].number), (yyvsp[(13) - (16)].codeb));
++                            currentIsSlot, currentIsVirt, sname, &(yyvsp[-12].signature), (yyvsp[-10].number), (yyvsp[-7].number),
++                            &(yyvsp[-6].optflags), (yyvsp[-2].codeb), (yyvsp[-1].codeb), (yyvsp[0].codeb), (yyvsp[-8].throwlist), (yyvsp[-5].optsignature), NULL, (yyvsp[-9].number), (yyvsp[-3].codeb));
+                 }
+                 else
+                 {
+@@ -7080,11 +7026,11 @@ yyreduce:
+ 
+                     /* Check it doesn't already exist. */
+                     for (al = scope->casts; al != NULL; al = al->next)
+-                        if (compareScopedNames((yyvsp[(2) - (16)].memArg).u.snd, al->arg.u.snd) == 0)
++                        if (compareScopedNames((yyvsp[-14].memArg).u.snd, al->arg.u.snd) == 0)
+                             yyerror("This operator cast has already been specified in this class");
+ 
+                     al = sipMalloc(sizeof (argList));
+-                    al->arg = (yyvsp[(2) - (16)].memArg);
++                    al->arg = (yyvsp[-14].memArg);
+                     al->next = scope->casts;
+ 
+                     scope->casts = al;
+@@ -7096,367 +7042,421 @@ yyreduce:
+             currentIsSlot = FALSE;
+             currentIsVirt = FALSE;
+         }
++#line 7046 "../parser.c"
+     break;
+ 
+-  case 463:
+-#line 3876 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__add__";}
++  case 464: /* operatorname: '+'  */
++#line 3902 "parser.y"
++                        {(yyval.text) = "__add__";}
++#line 7052 "../parser.c"
+     break;
+ 
+-  case 464:
+-#line 3877 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__sub__";}
++  case 465: /* operatorname: '-'  */
++#line 3903 "parser.y"
++                {(yyval.text) = "__sub__";}
++#line 7058 "../parser.c"
+     break;
+ 
+-  case 465:
+-#line 3878 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__mul__";}
++  case 466: /* operatorname: '*'  */
++#line 3904 "parser.y"
++                {(yyval.text) = "__mul__";}
++#line 7064 "../parser.c"
+     break;
+ 
+-  case 466:
+-#line 3879 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__div__";}
++  case 467: /* operatorname: '/'  */
++#line 3905 "parser.y"
++                {(yyval.text) = "__div__";}
++#line 7070 "../parser.c"
+     break;
+ 
+-  case 467:
+-#line 3880 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__mod__";}
++  case 468: /* operatorname: '%'  */
++#line 3906 "parser.y"
++                {(yyval.text) = "__mod__";}
++#line 7076 "../parser.c"
+     break;
+ 
+-  case 468:
+-#line 3881 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__and__";}
++  case 469: /* operatorname: '&'  */
++#line 3907 "parser.y"
++                {(yyval.text) = "__and__";}
++#line 7082 "../parser.c"
+     break;
+ 
+-  case 469:
+-#line 3882 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__or__";}
++  case 470: /* operatorname: '|'  */
++#line 3908 "parser.y"
++                {(yyval.text) = "__or__";}
++#line 7088 "../parser.c"
+     break;
+ 
+-  case 470:
+-#line 3883 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__xor__";}
++  case 471: /* operatorname: '^'  */
++#line 3909 "parser.y"
++                {(yyval.text) = "__xor__";}
++#line 7094 "../parser.c"
+     break;
+ 
+-  case 471:
+-#line 3884 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__lshift__";}
++  case 472: /* operatorname: '<' '<'  */
++#line 3910 "parser.y"
++                    {(yyval.text) = "__lshift__";}
++#line 7100 "../parser.c"
+     break;
+ 
+-  case 472:
+-#line 3885 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__rshift__";}
++  case 473: /* operatorname: '>' '>'  */
++#line 3911 "parser.y"
++                    {(yyval.text) = "__rshift__";}
++#line 7106 "../parser.c"
+     break;
+ 
+-  case 473:
+-#line 3886 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__iadd__";}
++  case 474: /* operatorname: '+' '='  */
++#line 3912 "parser.y"
++                    {(yyval.text) = "__iadd__";}
++#line 7112 "../parser.c"
+     break;
+ 
+-  case 474:
+-#line 3887 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__isub__";}
++  case 475: /* operatorname: '-' '='  */
++#line 3913 "parser.y"
++                    {(yyval.text) = "__isub__";}
++#line 7118 "../parser.c"
+     break;
+ 
+-  case 475:
+-#line 3888 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__imul__";}
++  case 476: /* operatorname: '*' '='  */
++#line 3914 "parser.y"
++                    {(yyval.text) = "__imul__";}
++#line 7124 "../parser.c"
+     break;
+ 
+-  case 476:
+-#line 3889 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__idiv__";}
++  case 477: /* operatorname: '/' '='  */
++#line 3915 "parser.y"
++                    {(yyval.text) = "__idiv__";}
++#line 7130 "../parser.c"
+     break;
+ 
+-  case 477:
+-#line 3890 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__imod__";}
++  case 478: /* operatorname: '%' '='  */
++#line 3916 "parser.y"
++                    {(yyval.text) = "__imod__";}
++#line 7136 "../parser.c"
+     break;
+ 
+-  case 478:
+-#line 3891 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__iand__";}
++  case 479: /* operatorname: '&' '='  */
++#line 3917 "parser.y"
++                    {(yyval.text) = "__iand__";}
++#line 7142 "../parser.c"
+     break;
+ 
+-  case 479:
+-#line 3892 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__ior__";}
++  case 480: /* operatorname: '|' '='  */
++#line 3918 "parser.y"
++                    {(yyval.text) = "__ior__";}
++#line 7148 "../parser.c"
+     break;
+ 
+-  case 480:
+-#line 3893 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__ixor__";}
++  case 481: /* operatorname: '^' '='  */
++#line 3919 "parser.y"
++                    {(yyval.text) = "__ixor__";}
++#line 7154 "../parser.c"
+     break;
+ 
+-  case 481:
+-#line 3894 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__ilshift__";}
++  case 482: /* operatorname: '<' '<' '='  */
++#line 3920 "parser.y"
++                    {(yyval.text) = "__ilshift__";}
++#line 7160 "../parser.c"
+     break;
+ 
+-  case 482:
+-#line 3895 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__irshift__";}
++  case 483: /* operatorname: '>' '>' '='  */
++#line 3921 "parser.y"
++                    {(yyval.text) = "__irshift__";}
++#line 7166 "../parser.c"
+     break;
+ 
+-  case 483:
+-#line 3896 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__invert__";}
++  case 484: /* operatorname: '~'  */
++#line 3922 "parser.y"
++                {(yyval.text) = "__invert__";}
++#line 7172 "../parser.c"
+     break;
+ 
+-  case 484:
+-#line 3897 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__call__";}
++  case 485: /* operatorname: '(' ')'  */
++#line 3923 "parser.y"
++                    {(yyval.text) = "__call__";}
++#line 7178 "../parser.c"
+     break;
+ 
+-  case 485:
+-#line 3898 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__getitem__";}
++  case 486: /* operatorname: '[' ']'  */
++#line 3924 "parser.y"
++                    {(yyval.text) = "__getitem__";}
++#line 7184 "../parser.c"
+     break;
+ 
+-  case 486:
+-#line 3899 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__lt__";}
++  case 487: /* operatorname: '<'  */
++#line 3925 "parser.y"
++                {(yyval.text) = "__lt__";}
++#line 7190 "../parser.c"
+     break;
+ 
+-  case 487:
+-#line 3900 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__le__";}
++  case 488: /* operatorname: '<' '='  */
++#line 3926 "parser.y"
++                    {(yyval.text) = "__le__";}
++#line 7196 "../parser.c"
+     break;
+ 
+-  case 488:
+-#line 3901 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__eq__";}
++  case 489: /* operatorname: '=' '='  */
++#line 3927 "parser.y"
++                    {(yyval.text) = "__eq__";}
++#line 7202 "../parser.c"
+     break;
+ 
+-  case 489:
+-#line 3902 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__ne__";}
++  case 490: /* operatorname: '!' '='  */
++#line 3928 "parser.y"
++                    {(yyval.text) = "__ne__";}
++#line 7208 "../parser.c"
+     break;
+ 
+-  case 490:
+-#line 3903 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__gt__";}
++  case 491: /* operatorname: '>'  */
++#line 3929 "parser.y"
++                {(yyval.text) = "__gt__";}
++#line 7214 "../parser.c"
+     break;
+ 
+-  case 491:
+-#line 3904 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__ge__";}
++  case 492: /* operatorname: '>' '='  */
++#line 3930 "parser.y"
++                    {(yyval.text) = "__ge__";}
++#line 7220 "../parser.c"
+     break;
+ 
+-  case 492:
+-#line 3907 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 493: /* optconst: %empty  */
++#line 3933 "parser.y"
++            {
+             (yyval.number) = FALSE;
+         }
++#line 7228 "../parser.c"
+     break;
+ 
+-  case 493:
+-#line 3910 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 494: /* optconst: TK_CONST  */
++#line 3936 "parser.y"
++                 {
+             (yyval.number) = TRUE;
+         }
++#line 7236 "../parser.c"
+     break;
+ 
+-  case 494:
+-#line 3915 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 495: /* optfinal: %empty  */
++#line 3941 "parser.y"
++            {
+             (yyval.number) = FALSE;
+         }
++#line 7244 "../parser.c"
+     break;
+ 
+-  case 495:
+-#line 3918 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 496: /* optfinal: TK_FINAL  */
++#line 3944 "parser.y"
++                 {
+             (yyval.number) = TRUE;
+         }
++#line 7252 "../parser.c"
+     break;
+ 
+-  case 496:
+-#line 3923 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 497: /* optabstract: %empty  */
++#line 3949 "parser.y"
++                {
+             (yyval.number) = 0;
+         }
++#line 7260 "../parser.c"
+     break;
+ 
+-  case 497:
+-#line 3926 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if ((yyvsp[(2) - (2)].number) != 0)
++  case 498: /* optabstract: '=' TK_NUMBER_VALUE  */
++#line 3952 "parser.y"
++                            {
++            if ((yyvsp[0].number) != 0)
+                 yyerror("Abstract virtual function '= 0' expected");
+ 
+             (yyval.number) = TRUE;
+         }
++#line 7271 "../parser.c"
+     break;
+ 
+-  case 498:
+-#line 3934 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 499: /* optflags: %empty  */
++#line 3960 "parser.y"
++            {
+             (yyval.optflags).nrFlags = 0;
+         }
++#line 7279 "../parser.c"
+     break;
+ 
+-  case 499:
+-#line 3937 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.optflags) = (yyvsp[(2) - (3)].optflags);
++  case 500: /* optflags: '/' flaglist '/'  */
++#line 3963 "parser.y"
++                         {
++            (yyval.optflags) = (yyvsp[-1].optflags);
+         }
++#line 7287 "../parser.c"
+     break;
+ 
+-  case 500:
+-#line 3943 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.optflags).flags[0] = (yyvsp[(1) - (1)].flag);
++  case 501: /* flaglist: flag  */
++#line 3969 "parser.y"
++                 {
++            (yyval.optflags).flags[0] = (yyvsp[0].flag);
+             (yyval.optflags).nrFlags = 1;
+         }
++#line 7296 "../parser.c"
+     break;
+ 
+-  case 501:
+-#line 3947 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 502: /* flaglist: flaglist ',' flag  */
++#line 3973 "parser.y"
++                          {
+             /* Check there is room. */
+ 
+-            if ((yyvsp[(1) - (3)].optflags).nrFlags == MAX_NR_FLAGS)
++            if ((yyvsp[-2].optflags).nrFlags == MAX_NR_FLAGS)
+                 yyerror("Too many optional flags");
+ 
+-            (yyval.optflags) = (yyvsp[(1) - (3)].optflags);
++            (yyval.optflags) = (yyvsp[-2].optflags);
+ 
+-            (yyval.optflags).flags[(yyval.optflags).nrFlags++] = (yyvsp[(3) - (3)].flag);
++            (yyval.optflags).flags[(yyval.optflags).nrFlags++] = (yyvsp[0].flag);
+         }
++#line 7311 "../parser.c"
+     break;
+ 
+-  case 502:
+-#line 3959 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 503: /* flag: TK_NAME_VALUE  */
++#line 3985 "parser.y"
++                      {
+             (yyval.flag).ftype = bool_flag;
+-            (yyval.flag).fname = (yyvsp[(1) - (1)].text);
++            (yyval.flag).fname = (yyvsp[0].text);
+         }
++#line 7320 "../parser.c"
+     break;
+ 
+-  case 503:
+-#line 3963 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.flag) = (yyvsp[(3) - (3)].flag);
+-            (yyval.flag).fname = (yyvsp[(1) - (3)].text);
++  case 504: /* flag: TK_NAME_VALUE '=' flagvalue  */
++#line 3989 "parser.y"
++                                    {
++            (yyval.flag) = (yyvsp[0].flag);
++            (yyval.flag).fname = (yyvsp[-2].text);
+         }
++#line 7329 "../parser.c"
+     break;
+ 
+-  case 504:
+-#line 3969 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.flag).ftype = (strchr((yyvsp[(1) - (1)].text), '.') != NULL) ? dotted_name_flag : name_flag;
+-            (yyval.flag).fvalue.sval = (yyvsp[(1) - (1)].text);
++  case 505: /* flagvalue: dottedname  */
++#line 3995 "parser.y"
++                       {
++            (yyval.flag).ftype = (strchr((yyvsp[0].text), '.') != NULL) ? dotted_name_flag : name_flag;
++            (yyval.flag).fvalue.sval = (yyvsp[0].text);
+         }
++#line 7338 "../parser.c"
+     break;
+ 
+-  case 505:
+-#line 3973 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 506: /* flagvalue: TK_NAME_VALUE ':' optnumber '-' optnumber  */
++#line 3999 "parser.y"
++                                                  {
+             apiVersionRangeDef *avd;
+             int from, to;
+ 
+             (yyval.flag).ftype = api_range_flag;
+ 
+             /* Check that the API is known. */
+-            if ((avd = findAPI(currentSpec, (yyvsp[(1) - (5)].text))) == NULL)
++            if ((avd = findAPI(currentSpec, (yyvsp[-4].text))) == NULL)
+                 yyerror("unknown API name in API annotation");
+ 
+             if (inMainModule())
+                 setIsUsedName(avd->api_name);
+ 
+             /* Unbounded values are represented by 0. */
+-            if ((from = (yyvsp[(3) - (5)].number)) < 0)
++            if ((from = (yyvsp[-2].number)) < 0)
+                 from = 0;
+ 
+-            if ((to = (yyvsp[(5) - (5)].number)) < 0)
++            if ((to = (yyvsp[0].number)) < 0)
+                 to = 0;
+ 
+             (yyval.flag).fvalue.aval = convertAPIRange(currentModule, avd->api_name,
+                     from, to);
+         }
++#line 7366 "../parser.c"
+     break;
+ 
+-  case 506:
+-#line 3996 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 507: /* flagvalue: TK_STRING_VALUE  */
++#line 4022 "parser.y"
++                        {
+             (yyval.flag).ftype = string_flag;
+-            (yyval.flag).fvalue.sval = convertFeaturedString((yyvsp[(1) - (1)].text));
++            (yyval.flag).fvalue.sval = convertFeaturedString((yyvsp[0].text));
+         }
++#line 7375 "../parser.c"
+     break;
+ 
+-  case 507:
+-#line 4000 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 508: /* flagvalue: TK_NUMBER_VALUE  */
++#line 4026 "parser.y"
++                        {
+             (yyval.flag).ftype = integer_flag;
+-            (yyval.flag).fvalue.ival = (yyvsp[(1) - (1)].number);
++            (yyval.flag).fvalue.ival = (yyvsp[0].number);
+         }
++#line 7384 "../parser.c"
+     break;
+ 
+-  case 508:
+-#line 4006 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 509: /* virtualcallcode: %empty  */
++#line 4032 "parser.y"
++                 {
+             (yyval.codeb) = NULL;
+         }
++#line 7392 "../parser.c"
+     break;
+ 
+-  case 509:
+-#line 4009 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 510: /* virtualcallcode: TK_VIRTUALCALLCODE codeblock  */
++#line 4035 "parser.y"
++                                     {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 7400 "../parser.c"
+     break;
+ 
+-  case 510:
+-#line 4014 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 511: /* methodcode: %empty  */
++#line 4040 "parser.y"
++            {
+             (yyval.codeb) = NULL;
+         }
++#line 7408 "../parser.c"
+     break;
+ 
+-  case 511:
+-#line 4017 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 512: /* methodcode: TK_METHODCODE codeblock  */
++#line 4043 "parser.y"
++                                {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 7416 "../parser.c"
+     break;
+ 
+-  case 512:
+-#line 4022 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 513: /* premethodcode: %empty  */
++#line 4048 "parser.y"
++               {
+             (yyval.codeb) = NULL;
+         }
++#line 7424 "../parser.c"
+     break;
+ 
+-  case 513:
+-#line 4025 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 514: /* premethodcode: TK_PREMETHODCODE codeblock  */
++#line 4051 "parser.y"
++                                   {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 7432 "../parser.c"
+     break;
+ 
+-  case 514:
+-#line 4030 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 515: /* virtualcatchercode: %empty  */
++#line 4056 "parser.y"
++                    {
+             (yyval.codeb) = NULL;
+         }
++#line 7440 "../parser.c"
+     break;
+ 
+-  case 515:
+-#line 4033 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 516: /* virtualcatchercode: TK_VIRTUALCATCHERCODE codeblock  */
++#line 4059 "parser.y"
++                                        {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 7448 "../parser.c"
+     break;
+ 
+-  case 516:
+-#line 4038 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 517: /* arglist: rawarglist  */
++#line 4064 "parser.y"
++                       {
+             int a, nrrxcon, nrrxdis, nrslotcon, nrslotdis, nrarray, nrarraysize;
+ 
+             nrrxcon = nrrxdis = nrslotcon = nrslotdis = nrarray = nrarraysize = 0;
+ 
+-            for (a = 0; a < (yyvsp[(1) - (1)].signature).nrArgs; ++a)
++            for (a = 0; a < (yyvsp[0].signature).nrArgs; ++a)
+             {
+-                argDef *ad = &(yyvsp[(1) - (1)].signature).args[a];
++                argDef *ad = &(yyvsp[0].signature).args[a];
+ 
+                 switch (ad -> atype)
+                 {
+@@ -7497,226 +7497,243 @@ yyreduce:
+             if (nrarray != nrarraysize || nrarray > 1)
+                 yyerror("/Array/ and /ArraySize/ must both be given and at most once");
+ 
+-            (yyval.signature) = (yyvsp[(1) - (1)].signature);
++            (yyval.signature) = (yyvsp[0].signature);
+         }
++#line 7503 "../parser.c"
+     break;
+ 
+-  case 517:
+-#line 4090 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 518: /* rawarglist: %empty  */
++#line 4116 "parser.y"
++            {
+             /* No arguments. */
+ 
+             (yyval.signature).nrArgs = 0;
+         }
++#line 7513 "../parser.c"
+     break;
+ 
+-  case 518:
+-#line 4095 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 519: /* rawarglist: argvalue  */
++#line 4121 "parser.y"
++                 {
+             /* The single or first argument. */
+ 
+-            (yyval.signature).args[0] = (yyvsp[(1) - (1)].memArg);
++            (yyval.signature).args[0] = (yyvsp[0].memArg);
+             (yyval.signature).nrArgs = 1;
+         }
++#line 7524 "../parser.c"
+     break;
+ 
+-  case 519:
+-#line 4101 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 520: /* rawarglist: rawarglist ',' argvalue  */
++#line 4127 "parser.y"
++                                {
+             /* Check that it wasn't ...(,arg...). */
+-            if ((yyvsp[(1) - (3)].signature).nrArgs == 0)
++            if ((yyvsp[-2].signature).nrArgs == 0)
+                 yyerror("First argument of the list is missing");
+ 
+             /*
+              * If this argument has no default value, then the
+              * previous one mustn't either.
+              */
+-            if ((yyvsp[(3) - (3)].memArg).defval == NULL && (yyvsp[(1) - (3)].signature).args[(yyvsp[(1) - (3)].signature).nrArgs - 1].defval != NULL)
++            if ((yyvsp[0].memArg).defval == NULL && (yyvsp[-2].signature).args[(yyvsp[-2].signature).nrArgs - 1].defval != NULL)
+                 yyerror("Compulsory argument given after optional argument");
+ 
+             /* Check there is room. */
+-            if ((yyvsp[(1) - (3)].signature).nrArgs == MAX_NR_ARGS)
++            if ((yyvsp[-2].signature).nrArgs == MAX_NR_ARGS)
+                 yyerror("Internal error - increase the value of MAX_NR_ARGS");
+ 
+-            (yyval.signature) = (yyvsp[(1) - (3)].signature);
++            (yyval.signature) = (yyvsp[-2].signature);
+ 
+-            (yyval.signature).args[(yyval.signature).nrArgs] = (yyvsp[(3) - (3)].memArg);
++            (yyval.signature).args[(yyval.signature).nrArgs] = (yyvsp[0].memArg);
+             (yyval.signature).nrArgs++;
+         }
++#line 7550 "../parser.c"
+     break;
+ 
+-  case 520:
+-#line 4124 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 521: /* argvalue: TK_SIPSIGNAL optname optflags optassign  */
++#line 4150 "parser.y"
++                                                    {
+             deprecated("SIP_SIGNAL is deprecated\n");
+-            checkNoAnnos(&(yyvsp[(3) - (4)].optflags), "SIP_SIGNAL has no annotations");
++            checkNoAnnos(&(yyvsp[-1].optflags), "SIP_SIGNAL has no annotations");
+ 
+             (yyval.memArg).atype = signal_type;
+             (yyval.memArg).argflags = ARG_IS_CONST;
+             (yyval.memArg).nrderefs = 0;
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (4)].text));
+-            (yyval.memArg).defval = (yyvsp[(4) - (4)].valp);
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-2].text));
++            (yyval.memArg).defval = (yyvsp[0].valp);
+ 
+             currentSpec -> sigslots = TRUE;
+         }
++#line 7567 "../parser.c"
+     break;
+ 
+-  case 521:
+-#line 4136 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 522: /* argvalue: TK_SIPSLOT optname optflags optassign  */
++#line 4162 "parser.y"
++                                              {
+             deprecated("SIP_SLOT is deprecated\n");
+-            checkNoAnnos(&(yyvsp[(3) - (4)].optflags), "SIP_SLOT has no annotations");
++            checkNoAnnos(&(yyvsp[-1].optflags), "SIP_SLOT has no annotations");
+ 
+             (yyval.memArg).atype = slot_type;
+             (yyval.memArg).argflags = ARG_IS_CONST;
+             (yyval.memArg).nrderefs = 0;
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (4)].text));
+-            (yyval.memArg).defval = (yyvsp[(4) - (4)].valp);
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-2].text));
++            (yyval.memArg).defval = (yyvsp[0].valp);
+ 
+             currentSpec -> sigslots = TRUE;
+         }
++#line 7584 "../parser.c"
+     break;
+ 
+-  case 522:
+-#line 4148 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 523: /* argvalue: TK_SIPANYSLOT optname optflags optassign  */
++#line 4174 "parser.y"
++                                                 {
+             deprecated("SIP_ANYSLOT is deprecated\n");
+-            checkNoAnnos(&(yyvsp[(3) - (4)].optflags), "SIP_ANYSLOT has no annotations");
++            checkNoAnnos(&(yyvsp[-1].optflags), "SIP_ANYSLOT has no annotations");
+ 
+             (yyval.memArg).atype = anyslot_type;
+             (yyval.memArg).argflags = ARG_IS_CONST;
+             (yyval.memArg).nrderefs = 0;
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (4)].text));
+-            (yyval.memArg).defval = (yyvsp[(4) - (4)].valp);
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-2].text));
++            (yyval.memArg).defval = (yyvsp[0].valp);
+ 
+             currentSpec -> sigslots = TRUE;
+         }
++#line 7601 "../parser.c"
+     break;
+ 
+-  case 523:
+-#line 4160 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 524: /* argvalue: TK_SIPRXCON optname optflags  */
++#line 4186 "parser.y"
++                                     {
+             const char *annos[] = {
+                 "SingleShot",
+                 NULL
+             };
+ 
+             deprecated("SIP_RXOBJ_CON is deprecated\n");
+-            checkAnnos(&(yyvsp[(3) - (3)].optflags), annos);
++            checkAnnos(&(yyvsp[0].optflags), annos);
+ 
+             (yyval.memArg).atype = rxcon_type;
+             (yyval.memArg).argflags = 0;
+             (yyval.memArg).nrderefs = 0;
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (3)].text));
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text));
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags), "SingleShot", bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags), "SingleShot", bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_SINGLE_SHOT;
+ 
+             currentSpec -> sigslots = TRUE;
+         }
++#line 7625 "../parser.c"
+     break;
+ 
+-  case 524:
+-#line 4179 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 525: /* argvalue: TK_SIPRXDIS optname optflags  */
++#line 4205 "parser.y"
++                                     {
+             deprecated("SIP_RXOBJ_DIS is deprecated\n");
+-            checkNoAnnos(&(yyvsp[(3) - (3)].optflags), "SIP_RXOBJ_DIS has no annotations");
++            checkNoAnnos(&(yyvsp[0].optflags), "SIP_RXOBJ_DIS has no annotations");
+ 
+             (yyval.memArg).atype = rxdis_type;
+             (yyval.memArg).argflags = 0;
+             (yyval.memArg).nrderefs = 0;
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (3)].text));
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text));
+ 
+             currentSpec -> sigslots = TRUE;
+         }
++#line 7641 "../parser.c"
+     break;
+ 
+-  case 525:
+-#line 4190 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 526: /* argvalue: TK_SIPSLOTCON '(' arglist ')' optname optflags  */
++#line 4216 "parser.y"
++                                                       {
+             deprecated("SIP_SLOT_CON is deprecated\n");
+-            checkNoAnnos(&(yyvsp[(6) - (6)].optflags), "SIP_SLOT_CON has no annotations");
++            checkNoAnnos(&(yyvsp[0].optflags), "SIP_SLOT_CON has no annotations");
+ 
+             (yyval.memArg).atype = slotcon_type;
+             (yyval.memArg).argflags = ARG_IS_CONST;
+             (yyval.memArg).nrderefs = 0;
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(5) - (6)].text));
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text));
+ 
+-            memset(&(yyvsp[(3) - (6)].signature).result, 0, sizeof (argDef));
+-            (yyvsp[(3) - (6)].signature).result.atype = void_type;
++            memset(&(yyvsp[-3].signature).result, 0, sizeof (argDef));
++            (yyvsp[-3].signature).result.atype = void_type;
+ 
+             (yyval.memArg).u.sa = sipMalloc(sizeof (signatureDef));
+-            *(yyval.memArg).u.sa = (yyvsp[(3) - (6)].signature);
++            *(yyval.memArg).u.sa = (yyvsp[-3].signature);
+ 
+             currentSpec -> sigslots = TRUE;
+         }
++#line 7663 "../parser.c"
+     break;
+ 
+-  case 526:
+-#line 4207 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 527: /* argvalue: TK_SIPSLOTDIS '(' arglist ')' optname optflags  */
++#line 4233 "parser.y"
++                                                       {
+             deprecated("SIP_SLOT_DIS is deprecated\n");
+-            checkNoAnnos(&(yyvsp[(6) - (6)].optflags), "SIP_SLOT_DIS has no annotations");
++            checkNoAnnos(&(yyvsp[0].optflags), "SIP_SLOT_DIS has no annotations");
+ 
+             (yyval.memArg).atype = slotdis_type;
+             (yyval.memArg).argflags = ARG_IS_CONST;
+             (yyval.memArg).nrderefs = 0;
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(5) - (6)].text));
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text));
+ 
+-            memset(&(yyvsp[(3) - (6)].signature).result, 0, sizeof (argDef));
+-            (yyvsp[(3) - (6)].signature).result.atype = void_type;
++            memset(&(yyvsp[-3].signature).result, 0, sizeof (argDef));
++            (yyvsp[-3].signature).result.atype = void_type;
+ 
+             (yyval.memArg).u.sa = sipMalloc(sizeof (signatureDef));
+-            *(yyval.memArg).u.sa = (yyvsp[(3) - (6)].signature);
++            *(yyval.memArg).u.sa = (yyvsp[-3].signature);
+ 
+             currentSpec -> sigslots = TRUE;
+         }
++#line 7685 "../parser.c"
+     break;
+ 
+-  case 527:
+-#line 4224 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 528: /* argvalue: TK_QOBJECT optname optflags  */
++#line 4250 "parser.y"
++                                    {
+             deprecated("SIP_QOBJECT is deprecated\n");
+-            checkNoAnnos(&(yyvsp[(3) - (3)].optflags), "SIP_QOBJECT has no annotations");
++            checkNoAnnos(&(yyvsp[0].optflags), "SIP_QOBJECT has no annotations");
+ 
+             (yyval.memArg).atype = qobject_type;
+             (yyval.memArg).argflags = 0;
+             (yyval.memArg).nrderefs = 0;
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (3)].text));
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text));
+         }
++#line 7699 "../parser.c"
+     break;
+ 
+-  case 528:
+-#line 4233 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.memArg) = (yyvsp[(1) - (2)].memArg);
+-            (yyval.memArg).defval = (yyvsp[(2) - (2)].valp);
++  case 529: /* argvalue: argtype optassign  */
++#line 4259 "parser.y"
++                          {
++            (yyval.memArg) = (yyvsp[-1].memArg);
++            (yyval.memArg).defval = (yyvsp[0].valp);
+         }
++#line 7708 "../parser.c"
+     break;
+ 
+-  case 529:
+-#line 4240 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {currentIsSignal = TRUE;}
++  case 530: /* $@19: %empty  */
++#line 4266 "parser.y"
++                         {currentIsSignal = TRUE;}
++#line 7714 "../parser.c"
+     break;
+ 
+-  case 531:
+-#line 4241 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {currentIsSlot = TRUE;}
++  case 532: /* $@20: %empty  */
++#line 4267 "parser.y"
++                       {currentIsSlot = TRUE;}
++#line 7720 "../parser.c"
+     break;
+ 
+-  case 534:
+-#line 4246 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {currentIsStatic = TRUE;}
++  case 535: /* $@21: %empty  */
++#line 4272 "parser.y"
++                  {currentIsStatic = TRUE;}
++#line 7726 "../parser.c"
+     break;
+ 
+-  case 539:
+-#line 4256 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {currentIsVirt = TRUE;}
++  case 540: /* $@22: %empty  */
++#line 4282 "parser.y"
++                   {currentIsVirt = TRUE;}
++#line 7732 "../parser.c"
+     break;
+ 
+-  case 542:
+-#line 4260 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 543: /* variable: cpptype TK_NAME_VALUE optflags variable_body ';' optaccesscode optgetcode optsetcode  */
++#line 4286 "parser.y"
++                                                                                                 {
+             if (notSkipping())
+             {
+                 const char *annos[] = {
+@@ -7730,99 +7747,105 @@ yyreduce:
+                     NULL
+                 };
+ 
+-                checkAnnos(&(yyvsp[(3) - (8)].optflags), annos);
++                checkAnnos(&(yyvsp[-5].optflags), annos);
+ 
+-                if ((yyvsp[(6) - (8)].codeb) != NULL)
++                if ((yyvsp[-2].codeb) != NULL)
+                 {
+-                    if ((yyvsp[(4) - (8)].variable).access_code != NULL)
++                    if ((yyvsp[-4].variable).access_code != NULL)
+                         yyerror("%AccessCode already defined");
+ 
+-                    (yyvsp[(4) - (8)].variable).access_code = (yyvsp[(6) - (8)].codeb);
++                    (yyvsp[-4].variable).access_code = (yyvsp[-2].codeb);
+ 
+                     deprecated("%AccessCode should be used as a sub-directive");
+                 }
+ 
+-                if ((yyvsp[(7) - (8)].codeb) != NULL)
++                if ((yyvsp[-1].codeb) != NULL)
+                 {
+-                    if ((yyvsp[(4) - (8)].variable).get_code != NULL)
++                    if ((yyvsp[-4].variable).get_code != NULL)
+                         yyerror("%GetCode already defined");
+ 
+-                    (yyvsp[(4) - (8)].variable).get_code = (yyvsp[(7) - (8)].codeb);
++                    (yyvsp[-4].variable).get_code = (yyvsp[-1].codeb);
+ 
+                     deprecated("%GetCode should be used as a sub-directive");
+                 }
+ 
+-                if ((yyvsp[(8) - (8)].codeb) != NULL)
++                if ((yyvsp[0].codeb) != NULL)
+                 {
+-                    if ((yyvsp[(4) - (8)].variable).set_code != NULL)
++                    if ((yyvsp[-4].variable).set_code != NULL)
+                         yyerror("%SetCode already defined");
+ 
+-                    (yyvsp[(4) - (8)].variable).set_code = (yyvsp[(8) - (8)].codeb);
++                    (yyvsp[-4].variable).set_code = (yyvsp[0].codeb);
+ 
+                     deprecated("%SetCode should be used as a sub-directive");
+                 }
+ 
+-                newVar(currentSpec, currentModule, (yyvsp[(2) - (8)].text), currentIsStatic, &(yyvsp[(1) - (8)].memArg),
+-                        &(yyvsp[(3) - (8)].optflags), (yyvsp[(4) - (8)].variable).access_code, (yyvsp[(4) - (8)].variable).get_code, (yyvsp[(4) - (8)].variable).set_code,
++                newVar(currentSpec, currentModule, (yyvsp[-6].text), currentIsStatic, &(yyvsp[-7].memArg),
++                        &(yyvsp[-5].optflags), (yyvsp[-4].variable).access_code, (yyvsp[-4].variable).get_code, (yyvsp[-4].variable).set_code,
+                         sectionFlags);
+             }
+ 
+             currentIsStatic = FALSE;
+         }
++#line 7790 "../parser.c"
+     break;
+ 
+-  case 543:
+-#line 4315 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 544: /* variable_body: %empty  */
++#line 4341 "parser.y"
++                {
+             (yyval.variable).token = 0;
+             (yyval.variable).access_code = NULL;
+             (yyval.variable).get_code = NULL;
+             (yyval.variable).set_code = NULL;
+         }
++#line 7801 "../parser.c"
+     break;
+ 
+-  case 544:
+-#line 4321 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.variable) = (yyvsp[(2) - (3)].variable);
++  case 545: /* variable_body: '{' variable_body_directives '}'  */
++#line 4347 "parser.y"
++                                         {
++            (yyval.variable) = (yyvsp[-1].variable);
+         }
++#line 7809 "../parser.c"
+     break;
+ 
+-  case 546:
+-#line 4327 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.variable) = (yyvsp[(1) - (2)].variable);
++  case 547: /* variable_body_directives: variable_body_directives variable_body_directive  */
++#line 4353 "parser.y"
++                                                         {
++            (yyval.variable) = (yyvsp[-1].variable);
+ 
+-            switch ((yyvsp[(2) - (2)].variable).token)
++            switch ((yyvsp[0].variable).token)
+             {
+-            case TK_ACCESSCODE: (yyval.variable).access_code = (yyvsp[(2) - (2)].variable).access_code; break;
+-            case TK_GETCODE: (yyval.variable).get_code = (yyvsp[(2) - (2)].variable).get_code; break;
+-            case TK_SETCODE: (yyval.variable).set_code = (yyvsp[(2) - (2)].variable).set_code; break;
++            case TK_ACCESSCODE: (yyval.variable).access_code = (yyvsp[0].variable).access_code; break;
++            case TK_GETCODE: (yyval.variable).get_code = (yyvsp[0].variable).get_code; break;
++            case TK_SETCODE: (yyval.variable).set_code = (yyvsp[0].variable).set_code; break;
+             }
+         }
++#line 7824 "../parser.c"
+     break;
+ 
+-  case 547:
+-#line 4339 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 548: /* variable_body_directive: ifstart  */
++#line 4365 "parser.y"
++                                    {
+             (yyval.variable).token = TK_IF;
+         }
++#line 7832 "../parser.c"
+     break;
+ 
+-  case 548:
+-#line 4342 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 549: /* variable_body_directive: ifend  */
++#line 4368 "parser.y"
++              {
+             (yyval.variable).token = TK_END;
+         }
++#line 7840 "../parser.c"
+     break;
+ 
+-  case 549:
+-#line 4345 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 550: /* variable_body_directive: TK_ACCESSCODE codeblock  */
++#line 4371 "parser.y"
++                                {
+             if (notSkipping())
+             {
+                 (yyval.variable).token = TK_ACCESSCODE;
+-                (yyval.variable).access_code = (yyvsp[(2) - (2)].codeb);
++                (yyval.variable).access_code = (yyvsp[0].codeb);
+             }
+             else
+             {
+@@ -7833,15 +7856,16 @@ yyreduce:
+             (yyval.variable).get_code = NULL;
+             (yyval.variable).set_code = NULL;
+         }
++#line 7860 "../parser.c"
+     break;
+ 
+-  case 550:
+-#line 4360 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 551: /* variable_body_directive: TK_GETCODE codeblock  */
++#line 4386 "parser.y"
++                             {
+             if (notSkipping())
+             {
+                 (yyval.variable).token = TK_GETCODE;
+-                (yyval.variable).get_code = (yyvsp[(2) - (2)].codeb);
++                (yyval.variable).get_code = (yyvsp[0].codeb);
+             }
+             else
+             {
+@@ -7852,15 +7876,16 @@ yyreduce:
+             (yyval.variable).access_code = NULL;
+             (yyval.variable).set_code = NULL;
+         }
++#line 7880 "../parser.c"
+     break;
+ 
+-  case 551:
+-#line 4375 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 552: /* variable_body_directive: TK_SETCODE codeblock  */
++#line 4401 "parser.y"
++                             {
+             if (notSkipping())
+             {
+                 (yyval.variable).token = TK_SETCODE;
+-                (yyval.variable).set_code = (yyvsp[(2) - (2)].codeb);
++                (yyval.variable).set_code = (yyvsp[0].codeb);
+             }
+             else
+             {
+@@ -7871,36 +7896,39 @@ yyreduce:
+             (yyval.variable).access_code = NULL;
+             (yyval.variable).get_code = NULL;
+         }
++#line 7900 "../parser.c"
+     break;
+ 
+-  case 552:
+-#line 4392 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.memArg) = (yyvsp[(2) - (4)].memArg);
+-            add_derefs(&(yyval.memArg), &(yyvsp[(3) - (4)].memArg));
+-            (yyval.memArg).argflags |= ARG_IS_CONST | (yyvsp[(4) - (4)].number);
++  case 553: /* cpptype: TK_CONST basetype deref optref  */
++#line 4418 "parser.y"
++                                           {
++            (yyval.memArg) = (yyvsp[-2].memArg);
++            add_derefs(&(yyval.memArg), &(yyvsp[-1].memArg));
++            (yyval.memArg).argflags |= ARG_IS_CONST | (yyvsp[0].number);
+         }
++#line 7910 "../parser.c"
+     break;
+ 
+-  case 553:
+-#line 4397 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.memArg) = (yyvsp[(1) - (3)].memArg);
+-            add_derefs(&(yyval.memArg), &(yyvsp[(2) - (3)].memArg));
+-            (yyval.memArg).argflags |= (yyvsp[(3) - (3)].number);
++  case 554: /* cpptype: basetype deref optref  */
++#line 4423 "parser.y"
++                              {
++            (yyval.memArg) = (yyvsp[-2].memArg);
++            add_derefs(&(yyval.memArg), &(yyvsp[-1].memArg));
++            (yyval.memArg).argflags |= (yyvsp[0].number);
+ 
+             /* PyObject * is a synonym for SIP_PYOBJECT. */
+-            if ((yyvsp[(1) - (3)].memArg).atype == defined_type && strcmp((yyvsp[(1) - (3)].memArg).u.snd->name, "PyObject") == 0 && (yyvsp[(1) - (3)].memArg).u.snd->next == NULL && (yyvsp[(2) - (3)].memArg).nrderefs == 1 && (yyvsp[(3) - (3)].number) == 0)
++            if ((yyvsp[-2].memArg).atype == defined_type && strcmp((yyvsp[-2].memArg).u.snd->name, "PyObject") == 0 && (yyvsp[-2].memArg).u.snd->next == NULL && (yyvsp[-1].memArg).nrderefs == 1 && (yyvsp[0].number) == 0)
+             {
+                 (yyval.memArg).atype = pyobject_type;
+                 (yyval.memArg).nrderefs = 0;
+             }
+         }
++#line 7927 "../parser.c"
+     break;
+ 
+-  case 554:
+-#line 4411 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 555: /* argtype: cpptype optname optflags  */
++#line 4437 "parser.y"
++                                     {
+             const char *annos[] = {
+                 "AllowNone",
+                 "Array",
+@@ -7930,54 +7958,54 @@ yyreduce:
+ 
+             optFlag *of;
+ 
+-            checkAnnos(&(yyvsp[(3) - (3)].optflags), annos);
++            checkAnnos(&(yyvsp[0].optflags), annos);
+ 
+-            (yyval.memArg) = (yyvsp[(1) - (3)].memArg);
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (3)].text));
++            (yyval.memArg) = (yyvsp[-2].memArg);
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text));
+ 
+-            handleKeepReference(&(yyvsp[(3) - (3)].optflags), &(yyval.memArg), currentModule);
++            handleKeepReference(&(yyvsp[0].optflags), &(yyval.memArg), currentModule);
+ 
+-            if ((of = getOptFlag(&(yyvsp[(3) - (3)].optflags), "ScopesStripped", opt_integer_flag)) != NULL)
++            if ((of = getOptFlag(&(yyvsp[0].optflags), "ScopesStripped", opt_integer_flag)) != NULL)
+                 if (((yyval.memArg).scopes_stripped = of->fvalue.ival) <= 0)
+                     yyerror("/ScopesStripped/ must be greater than 0");
+ 
+-            if (getAllowNone(&(yyvsp[(3) - (3)].optflags)))
++            if (getAllowNone(&(yyvsp[0].optflags)))
+                 (yyval.memArg).argflags |= ARG_ALLOW_NONE;
+ 
+-            if (getDisallowNone(&(yyvsp[(3) - (3)].optflags)))
++            if (getDisallowNone(&(yyvsp[0].optflags)))
+                 (yyval.memArg).argflags |= ARG_DISALLOW_NONE;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"GetWrapper",bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags),"GetWrapper",bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_GET_WRAPPER;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"Array",bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags),"Array",bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_ARRAY;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"ArraySize",bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags),"ArraySize",bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_ARRAY_SIZE;
+ 
+-            if (getTransfer(&(yyvsp[(3) - (3)].optflags)))
++            if (getTransfer(&(yyvsp[0].optflags)))
+                 (yyval.memArg).argflags |= ARG_XFERRED;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"TransferThis",bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags),"TransferThis",bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_THIS_XFERRED;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"TransferBack",bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags),"TransferBack",bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_XFERRED_BACK;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"In",bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags),"In",bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_IN;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"Out",bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags),"Out",bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_OUT;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags), "ResultSize", bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags), "ResultSize", bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_RESULT_SIZE;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags), "NoCopy", bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags), "NoCopy", bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_NO_COPY;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"Constrained",bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags),"Constrained",bool_flag) != NULL)
+             {
+                 (yyval.memArg).argflags |= ARG_CONSTRAINED;
+ 
+@@ -8005,499 +8033,518 @@ yyreduce:
+                 }
+             }
+ 
+-            applyTypeFlags(currentModule, &(yyval.memArg), &(yyvsp[(3) - (3)].optflags));
+-            (yyval.memArg).typehint_value = getTypeHintValue(&(yyvsp[(3) - (3)].optflags));
++            applyTypeFlags(currentModule, &(yyval.memArg), &(yyvsp[0].optflags));
++            (yyval.memArg).typehint_value = getTypeHintValue(&(yyvsp[0].optflags));
+         }
++#line 8040 "../parser.c"
+     break;
+ 
+-  case 555:
+-#line 4521 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 556: /* optref: %empty  */
++#line 4547 "parser.y"
++        {
+             (yyval.number) = 0;
+         }
++#line 8048 "../parser.c"
+     break;
+ 
+-  case 556:
+-#line 4524 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 557: /* optref: '&'  */
++#line 4550 "parser.y"
++            {
+             if (currentSpec -> genc)
+                 yyerror("References not allowed in a C module");
+ 
+             (yyval.number) = ARG_IS_REF;
+         }
++#line 8059 "../parser.c"
+     break;
+ 
+-  case 557:
+-#line 4532 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 558: /* deref: %empty  */
++#line 4558 "parser.y"
++        {
+             (yyval.memArg).nrderefs = 0;
+         }
++#line 8067 "../parser.c"
+     break;
+ 
+-  case 558:
+-#line 4535 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            add_new_deref(&(yyval.memArg), &(yyvsp[(1) - (3)].memArg), TRUE);
++  case 559: /* deref: deref '*' TK_CONST  */
++#line 4561 "parser.y"
++                           {
++            add_new_deref(&(yyval.memArg), &(yyvsp[-2].memArg), TRUE);
+         }
++#line 8075 "../parser.c"
+     break;
+ 
+-  case 559:
+-#line 4538 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            add_new_deref(&(yyval.memArg), &(yyvsp[(1) - (2)].memArg), FALSE);
++  case 560: /* deref: deref '*'  */
++#line 4564 "parser.y"
++                  {
++            add_new_deref(&(yyval.memArg), &(yyvsp[-1].memArg), FALSE);
+         }
++#line 8083 "../parser.c"
+     break;
+ 
+-  case 560:
+-#line 4543 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 561: /* basetype: scopedname  */
++#line 4569 "parser.y"
++                       {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = defined_type;
+-            (yyval.memArg).u.snd = (yyvsp[(1) - (1)].scpvalp);
++            (yyval.memArg).u.snd = (yyvsp[0].scpvalp);
+ 
+             /* Try and resolve typedefs as early as possible. */
+             resolveAnyTypedef(currentSpec, &(yyval.memArg));
+         }
++#line 8096 "../parser.c"
+     break;
+ 
+-  case 561:
+-#line 4551 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 562: /* basetype: scopedname '<' cpptypelist '>'  */
++#line 4577 "parser.y"
++                                       {
+             templateDef *td;
+ 
+             td = sipMalloc(sizeof(templateDef));
+-            td->fqname = (yyvsp[(1) - (4)].scpvalp);
+-            td->types = (yyvsp[(3) - (4)].signature);
++            td->fqname = (yyvsp[-3].scpvalp);
++            td->types = (yyvsp[-1].signature);
+ 
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = template_type;
+             (yyval.memArg).u.td = td;
+         }
++#line 8112 "../parser.c"
+     break;
+ 
+-  case 562:
+-#line 4562 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 563: /* basetype: TK_STRUCT scopedname  */
++#line 4588 "parser.y"
++                             {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+ 
+             /* In a C module all structures must be defined. */
+             if (currentSpec -> genc)
+             {
+                 (yyval.memArg).atype = defined_type;
+-                (yyval.memArg).u.snd = (yyvsp[(2) - (2)].scpvalp);
++                (yyval.memArg).u.snd = (yyvsp[0].scpvalp);
+             }
+             else
+             {
+                 (yyval.memArg).atype = struct_type;
+-                (yyval.memArg).u.sname = (yyvsp[(2) - (2)].scpvalp);
++                (yyval.memArg).u.sname = (yyvsp[0].scpvalp);
+             }
+         }
++#line 8132 "../parser.c"
+     break;
+ 
+-  case 563:
+-#line 4577 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 564: /* basetype: TK_UNSIGNED TK_SHORT  */
++#line 4603 "parser.y"
++                             {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = ushort_type;
+         }
++#line 8141 "../parser.c"
+     break;
+ 
+-  case 564:
+-#line 4581 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 565: /* basetype: TK_SHORT  */
++#line 4607 "parser.y"
++                 {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = short_type;
+         }
++#line 8150 "../parser.c"
+     break;
+ 
+-  case 565:
+-#line 4585 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 566: /* basetype: TK_UNSIGNED  */
++#line 4611 "parser.y"
++                    {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = uint_type;
+         }
++#line 8159 "../parser.c"
+     break;
+ 
+-  case 566:
+-#line 4589 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 567: /* basetype: TK_UNSIGNED TK_INT  */
++#line 4615 "parser.y"
++                           {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = uint_type;
+         }
++#line 8168 "../parser.c"
+     break;
+ 
+-  case 567:
+-#line 4593 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 568: /* basetype: TK_INT  */
++#line 4619 "parser.y"
++               {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = int_type;
+         }
++#line 8177 "../parser.c"
+     break;
+ 
+-  case 568:
+-#line 4597 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 569: /* basetype: TK_LONG  */
++#line 4623 "parser.y"
++                {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = long_type;
+         }
++#line 8186 "../parser.c"
+     break;
+ 
+-  case 569:
+-#line 4601 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 570: /* basetype: TK_UNSIGNED TK_LONG  */
++#line 4627 "parser.y"
++                            {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = ulong_type;
+         }
++#line 8195 "../parser.c"
+     break;
+ 
+-  case 570:
+-#line 4605 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 571: /* basetype: TK_LONG TK_LONG  */
++#line 4631 "parser.y"
++                        {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = longlong_type;
+         }
++#line 8204 "../parser.c"
+     break;
+ 
+-  case 571:
+-#line 4609 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 572: /* basetype: TK_UNSIGNED TK_LONG TK_LONG  */
++#line 4635 "parser.y"
++                                    {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = ulonglong_type;
+         }
++#line 8213 "../parser.c"
+     break;
+ 
+-  case 572:
+-#line 4613 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 573: /* basetype: TK_FLOAT  */
++#line 4639 "parser.y"
++                 {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = float_type;
+         }
++#line 8222 "../parser.c"
+     break;
+ 
+-  case 573:
+-#line 4617 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 574: /* basetype: TK_DOUBLE  */
++#line 4643 "parser.y"
++                  {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = double_type;
+         }
++#line 8231 "../parser.c"
+     break;
+ 
+-  case 574:
+-#line 4621 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 575: /* basetype: TK_BOOL  */
++#line 4647 "parser.y"
++                {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = bool_type;
+         }
++#line 8240 "../parser.c"
+     break;
+ 
+-  case 575:
+-#line 4625 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 576: /* basetype: TK_SIGNED TK_CHAR  */
++#line 4651 "parser.y"
++                          {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = sstring_type;
+         }
++#line 8249 "../parser.c"
+     break;
+ 
+-  case 576:
+-#line 4629 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 577: /* basetype: TK_UNSIGNED TK_CHAR  */
++#line 4655 "parser.y"
++                            {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = ustring_type;
+         }
++#line 8258 "../parser.c"
+     break;
+ 
+-  case 577:
+-#line 4633 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 578: /* basetype: TK_CHAR  */
++#line 4659 "parser.y"
++                {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = string_type;
+         }
++#line 8267 "../parser.c"
+     break;
+ 
+-  case 578:
+-#line 4637 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 579: /* basetype: TK_WCHAR_T  */
++#line 4663 "parser.y"
++                   {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = wstring_type;
+         }
++#line 8276 "../parser.c"
+     break;
+ 
+-  case 579:
+-#line 4641 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 580: /* basetype: TK_VOID  */
++#line 4667 "parser.y"
++                {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = void_type;
+         }
++#line 8285 "../parser.c"
+     break;
+ 
+-  case 580:
+-#line 4645 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 581: /* basetype: TK_PYOBJECT  */
++#line 4671 "parser.y"
++                    {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = pyobject_type;
+         }
++#line 8294 "../parser.c"
+     break;
+ 
+-  case 581:
+-#line 4649 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 582: /* basetype: TK_PYTUPLE  */
++#line 4675 "parser.y"
++                   {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = pytuple_type;
+         }
++#line 8303 "../parser.c"
+     break;
+ 
+-  case 582:
+-#line 4653 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 583: /* basetype: TK_PYLIST  */
++#line 4679 "parser.y"
++                  {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = pylist_type;
+         }
++#line 8312 "../parser.c"
+     break;
+ 
+-  case 583:
+-#line 4657 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 584: /* basetype: TK_PYDICT  */
++#line 4683 "parser.y"
++                  {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = pydict_type;
+         }
++#line 8321 "../parser.c"
+     break;
+ 
+-  case 584:
+-#line 4661 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 585: /* basetype: TK_PYCALLABLE  */
++#line 4687 "parser.y"
++                      {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = pycallable_type;
+         }
++#line 8330 "../parser.c"
+     break;
+ 
+-  case 585:
+-#line 4665 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 586: /* basetype: TK_PYSLICE  */
++#line 4691 "parser.y"
++                   {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = pyslice_type;
+         }
++#line 8339 "../parser.c"
+     break;
+ 
+-  case 586:
+-#line 4669 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 587: /* basetype: TK_PYTYPE  */
++#line 4695 "parser.y"
++                  {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = pytype_type;
+         }
++#line 8348 "../parser.c"
+     break;
+ 
+-  case 587:
+-#line 4673 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 588: /* basetype: TK_PYBUFFER  */
++#line 4699 "parser.y"
++                    {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = pybuffer_type;
+         }
++#line 8357 "../parser.c"
+     break;
+ 
+-  case 588:
+-#line 4677 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 589: /* basetype: TK_SIPSSIZET  */
++#line 4703 "parser.y"
++                     {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = ssize_type;
+         }
++#line 8366 "../parser.c"
+     break;
+ 
+-  case 589:
+-#line 4681 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 590: /* basetype: TK_SIZET  */
++#line 4707 "parser.y"
++                 {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = size_type;
+         }
++#line 8375 "../parser.c"
+     break;
+ 
+-  case 590:
+-#line 4685 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 591: /* basetype: TK_ELLIPSIS  */
++#line 4711 "parser.y"
++                    {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = ellipsis_type;
+         }
++#line 8384 "../parser.c"
+     break;
+ 
+-  case 591:
+-#line 4691 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 592: /* cpptypelist: cpptype  */
++#line 4717 "parser.y"
++                        {
+             /* The single or first type. */
+ 
+-            (yyval.signature).args[0] = (yyvsp[(1) - (1)].memArg);
++            (yyval.signature).args[0] = (yyvsp[0].memArg);
+             (yyval.signature).nrArgs = 1;
+         }
++#line 8395 "../parser.c"
+     break;
+ 
+-  case 592:
+-#line 4697 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 593: /* cpptypelist: cpptypelist ',' cpptype  */
++#line 4723 "parser.y"
++                                {
+             /* Check there is nothing after an ellipsis. */
+-            if ((yyvsp[(1) - (3)].signature).args[(yyvsp[(1) - (3)].signature).nrArgs - 1].atype == ellipsis_type)
++            if ((yyvsp[-2].signature).args[(yyvsp[-2].signature).nrArgs - 1].atype == ellipsis_type)
+                 yyerror("An ellipsis must be at the end of the argument list");
+ 
+             /* Check there is room. */
+-            if ((yyvsp[(1) - (3)].signature).nrArgs == MAX_NR_ARGS)
++            if ((yyvsp[-2].signature).nrArgs == MAX_NR_ARGS)
+                 yyerror("Internal error - increase the value of MAX_NR_ARGS");
+ 
+-            (yyval.signature) = (yyvsp[(1) - (3)].signature);
++            (yyval.signature) = (yyvsp[-2].signature);
+ 
+-            (yyval.signature).args[(yyval.signature).nrArgs] = (yyvsp[(3) - (3)].memArg);
++            (yyval.signature).args[(yyval.signature).nrArgs] = (yyvsp[0].memArg);
+             (yyval.signature).nrArgs++;
+         }
++#line 8414 "../parser.c"
+     break;
+ 
+-  case 593:
+-#line 4713 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 594: /* optexceptions: %empty  */
++#line 4739 "parser.y"
++                {
+             (yyval.throwlist) = NULL;
+         }
++#line 8422 "../parser.c"
+     break;
+ 
+-  case 594:
+-#line 4716 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 595: /* optexceptions: TK_THROW '(' exceptionlist ')'  */
++#line 4742 "parser.y"
++                                       {
+             if (currentSpec->genc)
+                 yyerror("Exceptions not allowed in a C module");
+ 
+-            (yyval.throwlist) = (yyvsp[(3) - (4)].throwlist);
++            (yyval.throwlist) = (yyvsp[-1].throwlist);
+         }
++#line 8433 "../parser.c"
+     break;
+ 
+-  case 595:
+-#line 4724 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 596: /* exceptionlist: %empty  */
++#line 4750 "parser.y"
++                {
+             /* Empty list so use a blank. */
+ 
+             (yyval.throwlist) = sipMalloc(sizeof (throwArgs));
+             (yyval.throwlist) -> nrArgs = 0;
+         }
++#line 8444 "../parser.c"
+     break;
+ 
+-  case 596:
+-#line 4730 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 597: /* exceptionlist: scopedname  */
++#line 4756 "parser.y"
++                   {
+             /* The only or first exception. */
+ 
+             (yyval.throwlist) = sipMalloc(sizeof (throwArgs));
+             (yyval.throwlist) -> nrArgs = 1;
+-            (yyval.throwlist) -> args[0] = findException(currentSpec, (yyvsp[(1) - (1)].scpvalp), FALSE);
++            (yyval.throwlist) -> args[0] = findException(currentSpec, (yyvsp[0].scpvalp), FALSE);
+         }
++#line 8456 "../parser.c"
+     break;
+ 
+-  case 597:
+-#line 4737 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 598: /* exceptionlist: exceptionlist ',' scopedname  */
++#line 4763 "parser.y"
++                                     {
+             /* Check that it wasn't ...(,arg...). */
+ 
+-            if ((yyvsp[(1) - (3)].throwlist) -> nrArgs == 0)
++            if ((yyvsp[-2].throwlist) -> nrArgs == 0)
+                 yyerror("First exception of throw specifier is missing");
+ 
+             /* Check there is room. */
+ 
+-            if ((yyvsp[(1) - (3)].throwlist) -> nrArgs == MAX_NR_ARGS)
++            if ((yyvsp[-2].throwlist) -> nrArgs == MAX_NR_ARGS)
+                 yyerror("Internal error - increase the value of MAX_NR_ARGS");
+ 
+-            (yyval.throwlist) = (yyvsp[(1) - (3)].throwlist);
+-            (yyval.throwlist) -> args[(yyval.throwlist) -> nrArgs++] = findException(currentSpec, (yyvsp[(3) - (3)].scpvalp), FALSE);
++            (yyval.throwlist) = (yyvsp[-2].throwlist);
++            (yyval.throwlist) -> args[(yyval.throwlist) -> nrArgs++] = findException(currentSpec, (yyvsp[0].scpvalp), FALSE);
+         }
++#line 8475 "../parser.c"
+     break;
+ 
+ 
+-/* Line 1267 of yacc.c.  */
+-#line 8408 "sip-4.19.23/sipgen/parser.c"
++#line 8479 "../parser.c"
++
+       default: break;
+     }
+-  YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
++  /* User semantic actions sometimes alter yychar, and that requires
++     that yytoken be updated with the new translation.  We take the
++     approach of translating immediately before every use of yytoken.
++     One alternative is translating here after every semantic action,
++     but that translation would be missed if the semantic action invokes
++     YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or
++     if it invokes YYBACKUP.  In the case of YYABORT or YYACCEPT, an
++     incorrect destructor might then be invoked immediately.  In the
++     case of YYERROR or YYBACKUP, subsequent parser actions might lead
++     to an incorrect destructor call or verbose syntax error message
++     before the lookahead is translated.  */
++  YY_SYMBOL_PRINT ("-> $$ =", YY_CAST (yysymbol_kind_t, yyr1[yyn]), &yyval, &yyloc);
+ 
+   YYPOPSTACK (yylen);
+   yylen = 0;
+-  YY_STACK_PRINT (yyss, yyssp);
+ 
+   *++yyvsp = yyval;
+ 
+-
+-  /* Now `shift' the result of the reduction.  Determine what state
++  /* Now 'shift' the result of the reduction.  Determine what state
+      that goes to, based on the state we popped back to and the rule
+      number reduced by.  */
+-
+-  yyn = yyr1[yyn];
+-
+-  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
+-  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
+-    yystate = yytable[yystate];
+-  else
+-    yystate = yydefgoto[yyn - YYNTOKENS];
++  {
++    const int yylhs = yyr1[yyn] - YYNTOKENS;
++    const int yyi = yypgoto[yylhs] + *yyssp;
++    yystate = (0 <= yyi && yyi <= YYLAST && yycheck[yyi] == *yyssp
++               ? yytable[yyi]
++               : yydefgoto[yylhs]);
++  }
+ 
+   goto yynewstate;
+ 
+ 
+-/*------------------------------------.
+-| yyerrlab -- here on detecting error |
+-`------------------------------------*/
++/*--------------------------------------.
++| yyerrlab -- here on detecting error.  |
++`--------------------------------------*/
+ yyerrlab:
++  /* Make sure we have latest lookahead translation.  See comments at
++     user semantic actions for why this is necessary.  */
++  yytoken = yychar == YYEMPTY ? YYSYMBOL_YYEMPTY : YYTRANSLATE (yychar);
+   /* If not already recovering from an error, report this error.  */
+   if (!yyerrstatus)
+     {
+       ++yynerrs;
+-#if ! YYERROR_VERBOSE
+       yyerror (YY_("syntax error"));
+-#else
+-      {
+-	YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
+-	if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
+-	  {
+-	    YYSIZE_T yyalloc = 2 * yysize;
+-	    if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
+-	      yyalloc = YYSTACK_ALLOC_MAXIMUM;
+-	    if (yymsg != yymsgbuf)
+-	      YYSTACK_FREE (yymsg);
+-	    yymsg = (char *) YYSTACK_ALLOC (yyalloc);
+-	    if (yymsg)
+-	      yymsg_alloc = yyalloc;
+-	    else
+-	      {
+-		yymsg = yymsgbuf;
+-		yymsg_alloc = sizeof yymsgbuf;
+-	      }
+-	  }
+-
+-	if (0 < yysize && yysize <= yymsg_alloc)
+-	  {
+-	    (void) yysyntax_error (yymsg, yystate, yychar);
+-	    yyerror (yymsg);
+-	  }
+-	else
+-	  {
+-	    yyerror (YY_("syntax error"));
+-	    if (yysize != 0)
+-	      goto yyexhaustedlab;
+-	  }
+-      }
+-#endif
+     }
+ 
+-
+-
+   if (yyerrstatus == 3)
+     {
+-      /* If just tried and failed to reuse look-ahead token after an
+-	 error, discard it.  */
++      /* If just tried and failed to reuse lookahead token after an
++         error, discard it.  */
+ 
+       if (yychar <= YYEOF)
+-	{
+-	  /* Return failure if at end of input.  */
+-	  if (yychar == YYEOF)
+-	    YYABORT;
+-	}
++        {
++          /* Return failure if at end of input.  */
++          if (yychar == YYEOF)
++            YYABORT;
++        }
+       else
+-	{
+-	  yydestruct ("Error: discarding",
+-		      yytoken, &yylval);
+-	  yychar = YYEMPTY;
+-	}
++        {
++          yydestruct ("Error: discarding",
++                      yytoken, &yylval);
++          yychar = YYEMPTY;
++        }
+     }
+ 
+-  /* Else will try to reuse look-ahead token after shifting the error
++  /* Else will try to reuse lookahead token after shifting the error
+      token.  */
+   goto yyerrlab1;
+ 
+@@ -8506,14 +8553,13 @@ yyerrlab:
+ | yyerrorlab -- error raised explicitly by YYERROR.  |
+ `---------------------------------------------------*/
+ yyerrorlab:
++  /* Pacify compilers when the user code never invokes YYERROR and the
++     label yyerrorlab therefore never appears in user code.  */
++  if (0)
++    YYERROR;
++  ++yynerrs;
+ 
+-  /* Pacify compilers like GCC when the user code never invokes
+-     YYERROR and the label yyerrorlab therefore never appears in user
+-     code.  */
+-  if (/*CONSTCOND*/ 0)
+-     goto yyerrorlab;
+-
+-  /* Do not reclaim the symbols of the rule which action triggered
++  /* Do not reclaim the symbols of the rule whose action triggered
+      this YYERROR.  */
+   YYPOPSTACK (yylen);
+   yylen = 0;
+@@ -8526,42 +8572,42 @@ yyerrorlab:
+ | yyerrlab1 -- common code for both syntax error and YYERROR.  |
+ `-------------------------------------------------------------*/
+ yyerrlab1:
+-  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
++  yyerrstatus = 3;      /* Each real token shifted decrements this.  */
+ 
++  /* Pop stack until we find a state that shifts the error token.  */
+   for (;;)
+     {
+       yyn = yypact[yystate];
+-      if (yyn != YYPACT_NINF)
+-	{
+-	  yyn += YYTERROR;
+-	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
+-	    {
+-	      yyn = yytable[yyn];
+-	      if (0 < yyn)
+-		break;
+-	    }
+-	}
++      if (!yypact_value_is_default (yyn))
++        {
++          yyn += YYSYMBOL_YYerror;
++          if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYSYMBOL_YYerror)
++            {
++              yyn = yytable[yyn];
++              if (0 < yyn)
++                break;
++            }
++        }
+ 
+       /* Pop the current state because it cannot handle the error token.  */
+       if (yyssp == yyss)
+-	YYABORT;
++        YYABORT;
+ 
+ 
+       yydestruct ("Error: popping",
+-		  yystos[yystate], yyvsp);
++                  YY_ACCESSING_SYMBOL (yystate), yyvsp);
+       YYPOPSTACK (1);
+       yystate = *yyssp;
+       YY_STACK_PRINT (yyss, yyssp);
+     }
+ 
+-  if (yyn == YYFINAL)
+-    YYACCEPT;
+-
++  YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
+   *++yyvsp = yylval;
++  YY_IGNORE_MAYBE_UNINITIALIZED_END
+ 
+ 
+   /* Shift the error token.  */
+-  YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
++  YY_SYMBOL_PRINT ("Shifting", YY_ACCESSING_SYMBOL (yyn), yyvsp, yylsp);
+ 
+   yystate = yyn;
+   goto yynewstate;
+@@ -8572,53 +8618,57 @@ yyerrlab1:
+ `-------------------------------------*/
+ yyacceptlab:
+   yyresult = 0;
+-  goto yyreturn;
++  goto yyreturnlab;
++
+ 
+ /*-----------------------------------.
+ | yyabortlab -- YYABORT comes here.  |
+ `-----------------------------------*/
+ yyabortlab:
+   yyresult = 1;
+-  goto yyreturn;
++  goto yyreturnlab;
+ 
+-#ifndef yyoverflow
+-/*-------------------------------------------------.
+-| yyexhaustedlab -- memory exhaustion comes here.  |
+-`-------------------------------------------------*/
++
++/*-----------------------------------------------------------.
++| yyexhaustedlab -- YYNOMEM (memory exhaustion) comes here.  |
++`-----------------------------------------------------------*/
+ yyexhaustedlab:
+   yyerror (YY_("memory exhausted"));
+   yyresult = 2;
+-  /* Fall through.  */
+-#endif
++  goto yyreturnlab;
++
+ 
+-yyreturn:
+-  if (yychar != YYEOF && yychar != YYEMPTY)
+-     yydestruct ("Cleanup: discarding lookahead",
+-		 yytoken, &yylval);
+-  /* Do not reclaim the symbols of the rule which action triggered
++/*----------------------------------------------------------.
++| yyreturnlab -- parsing is finished, clean up and return.  |
++`----------------------------------------------------------*/
++yyreturnlab:
++  if (yychar != YYEMPTY)
++    {
++      /* Make sure we have latest lookahead translation.  See comments at
++         user semantic actions for why this is necessary.  */
++      yytoken = YYTRANSLATE (yychar);
++      yydestruct ("Cleanup: discarding lookahead",
++                  yytoken, &yylval);
++    }
++  /* Do not reclaim the symbols of the rule whose action triggered
+      this YYABORT or YYACCEPT.  */
+   YYPOPSTACK (yylen);
+   YY_STACK_PRINT (yyss, yyssp);
+   while (yyssp != yyss)
+     {
+       yydestruct ("Cleanup: popping",
+-		  yystos[*yyssp], yyvsp);
++                  YY_ACCESSING_SYMBOL (+*yyssp), yyvsp);
+       YYPOPSTACK (1);
+     }
+ #ifndef yyoverflow
+   if (yyss != yyssa)
+     YYSTACK_FREE (yyss);
+ #endif
+-#if YYERROR_VERBOSE
+-  if (yymsg != yymsgbuf)
+-    YYSTACK_FREE (yymsg);
+-#endif
+-  /* Make sure YYID is used.  */
+-  return YYID (yyresult);
+-}
+ 
++  return yyresult;
++}
+ 
+-#line 4753 "sip-4.19.23/sipgen/metasrc/parser.y"
++#line 4779 "parser.y"
+ 
+ 
+ 
+@@ -13382,9 +13432,9 @@ static void addProperty(sipSpec *pt, mod
+  */
+ static moduleDef *configureModule(sipSpec *pt, moduleDef *module,
+         const char *filename, const char *name, int c_module, KwArgs kwargs,
+-        int use_arg_names, int use_limited_api, int call_super_init,
+-        int all_raise_py_exc, const char *def_error_handler,
+-        docstringDef *docstring)
++        int use_arg_names, int py_ssize_t_clean, int use_limited_api,
++        int call_super_init, int all_raise_py_exc,
++        const char *def_error_handler, docstringDef *docstring)
+ {
+     moduleDef *mod;
+ 
+@@ -13418,6 +13468,9 @@ static moduleDef *configureModule(sipSpe
+     if (use_arg_names)
+         setUseArgNames(module);
+ 
++    if (py_ssize_t_clean)
++        setPY_SSIZE_T_CLEAN(module);
++
+     if (use_limited_api)
+         setUseLimitedAPI(module);
+ 
+@@ -13597,4 +13650,3 @@ static void checkEllipsis(signatureDef *
+         if (sd->args[a].atype == ellipsis_type && a < sd->nrArgs - 1)
+             yyerror("An ellipsis must be at the end of the argument list if /NoArgParser/ is not specified");
+ }
+-
+Index: sip-4.19.23/sipgen/parser.h
+===================================================================
+--- sip-4.19.23.orig/sipgen/parser.h
++++ sip-4.19.23/sipgen/parser.h
+@@ -1,14 +1,14 @@
+-/* A Bison parser, made by GNU Bison 2.3.  */
++/* A Bison parser, made by GNU Bison 3.8.2.  */
+ 
+-/* Skeleton interface for Bison's Yacc-like parsers in C
++/* Bison interface for Yacc-like parsers in C
+ 
+-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+-   Free Software Foundation, Inc.
++   Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2021 Free Software Foundation,
++   Inc.
+ 
+-   This program is free software; you can redistribute it and/or modify
++   This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+-   the Free Software Foundation; either version 2, or (at your option)
+-   any later version.
++   the Free Software Foundation, either version 3 of the License, or
++   (at your option) any later version.
+ 
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+@@ -16,9 +16,7 @@
+    GNU General Public License for more details.
+ 
+    You should have received a copy of the GNU General Public License
+-   along with this program; if not, write to the Free Software
+-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
+-   Boston, MA 02110-1301, USA.  */
++   along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
+ 
+ /* As a special exception, you may create a larger work that contains
+    part or all of the Bison parser skeleton and distribute that work
+@@ -33,164 +31,187 @@
+    This special exception was added by the Free Software Foundation in
+    version 2.2 of Bison.  */
+ 
+-/* Tokens.  */
++/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual,
++   especially those whose name start with YY_ or yy_.  They are
++   private implementation details that can be changed or removed.  */
++
++#ifndef YY_YY_PARSER_H_INCLUDED
++# define YY_YY_PARSER_H_INCLUDED
++/* Debug traces.  */
++#ifndef YYDEBUG
++# define YYDEBUG 0
++#endif
++#if YYDEBUG
++extern int yydebug;
++#endif
++
++/* Token kinds.  */
+ #ifndef YYTOKENTYPE
+ # define YYTOKENTYPE
+-   /* Put the tokens into the symbol table, so that GDB and other debuggers
+-      know about them.  */
+-   enum yytokentype {
+-     TK_API = 258,
+-     TK_AUTOPYNAME = 259,
+-     TK_DEFDOCSTRFMT = 260,
+-     TK_DEFDOCSTRSIG = 261,
+-     TK_DEFENCODING = 262,
+-     TK_PLUGIN = 263,
+-     TK_VIRTERRORHANDLER = 264,
+-     TK_EXPTYPEHINTCODE = 265,
+-     TK_TYPEHINTCODE = 266,
+-     TK_DOCSTRING = 267,
+-     TK_DOC = 268,
+-     TK_EXPORTEDDOC = 269,
+-     TK_EXTRACT = 270,
+-     TK_MAKEFILE = 271,
+-     TK_ACCESSCODE = 272,
+-     TK_GETCODE = 273,
+-     TK_SETCODE = 274,
+-     TK_PREINITCODE = 275,
+-     TK_INITCODE = 276,
+-     TK_POSTINITCODE = 277,
+-     TK_FINALCODE = 278,
+-     TK_UNITCODE = 279,
+-     TK_UNITPOSTINCLUDECODE = 280,
+-     TK_MODCODE = 281,
+-     TK_TYPECODE = 282,
+-     TK_PREPYCODE = 283,
+-     TK_COPYING = 284,
+-     TK_MAPPEDTYPE = 285,
+-     TK_CODELINE = 286,
+-     TK_IF = 287,
+-     TK_END = 288,
+-     TK_NAME_VALUE = 289,
+-     TK_PATH_VALUE = 290,
+-     TK_STRING_VALUE = 291,
+-     TK_VIRTUALCATCHERCODE = 292,
+-     TK_TRAVERSECODE = 293,
+-     TK_CLEARCODE = 294,
+-     TK_GETBUFFERCODE = 295,
+-     TK_RELEASEBUFFERCODE = 296,
+-     TK_READBUFFERCODE = 297,
+-     TK_WRITEBUFFERCODE = 298,
+-     TK_SEGCOUNTCODE = 299,
+-     TK_CHARBUFFERCODE = 300,
+-     TK_PICKLECODE = 301,
+-     TK_VIRTUALCALLCODE = 302,
+-     TK_METHODCODE = 303,
+-     TK_PREMETHODCODE = 304,
+-     TK_INSTANCECODE = 305,
+-     TK_FROMTYPE = 306,
+-     TK_TOTYPE = 307,
+-     TK_TOSUBCLASS = 308,
+-     TK_INCLUDE = 309,
+-     TK_OPTINCLUDE = 310,
+-     TK_IMPORT = 311,
+-     TK_EXPHEADERCODE = 312,
+-     TK_MODHEADERCODE = 313,
+-     TK_TYPEHEADERCODE = 314,
+-     TK_MODULE = 315,
+-     TK_CMODULE = 316,
+-     TK_CONSMODULE = 317,
+-     TK_COMPOMODULE = 318,
+-     TK_CLASS = 319,
+-     TK_STRUCT = 320,
+-     TK_PUBLIC = 321,
+-     TK_PROTECTED = 322,
+-     TK_PRIVATE = 323,
+-     TK_SIGNALS = 324,
+-     TK_SIGNAL_METHOD = 325,
+-     TK_SLOTS = 326,
+-     TK_SLOT_METHOD = 327,
+-     TK_BOOL = 328,
+-     TK_SHORT = 329,
+-     TK_INT = 330,
+-     TK_LONG = 331,
+-     TK_FLOAT = 332,
+-     TK_DOUBLE = 333,
+-     TK_CHAR = 334,
+-     TK_WCHAR_T = 335,
+-     TK_VOID = 336,
+-     TK_PYOBJECT = 337,
+-     TK_PYTUPLE = 338,
+-     TK_PYLIST = 339,
+-     TK_PYDICT = 340,
+-     TK_PYCALLABLE = 341,
+-     TK_PYSLICE = 342,
+-     TK_PYTYPE = 343,
+-     TK_PYBUFFER = 344,
+-     TK_VIRTUAL = 345,
+-     TK_ENUM = 346,
+-     TK_SIGNED = 347,
+-     TK_UNSIGNED = 348,
+-     TK_SCOPE = 349,
+-     TK_LOGICAL_OR = 350,
+-     TK_CONST = 351,
+-     TK_STATIC = 352,
+-     TK_SIPSIGNAL = 353,
+-     TK_SIPSLOT = 354,
+-     TK_SIPANYSLOT = 355,
+-     TK_SIPRXCON = 356,
+-     TK_SIPRXDIS = 357,
+-     TK_SIPSLOTCON = 358,
+-     TK_SIPSLOTDIS = 359,
+-     TK_SIPSSIZET = 360,
+-     TK_SIZET = 361,
+-     TK_NUMBER_VALUE = 362,
+-     TK_REAL_VALUE = 363,
+-     TK_TYPEDEF = 364,
+-     TK_NAMESPACE = 365,
+-     TK_TIMELINE = 366,
+-     TK_PLATFORMS = 367,
+-     TK_FEATURE = 368,
+-     TK_LICENSE = 369,
+-     TK_QCHAR_VALUE = 370,
+-     TK_TRUE_VALUE = 371,
+-     TK_FALSE_VALUE = 372,
+-     TK_NULL_VALUE = 373,
+-     TK_OPERATOR = 374,
+-     TK_THROW = 375,
+-     TK_QOBJECT = 376,
+-     TK_EXCEPTION = 377,
+-     TK_RAISECODE = 378,
+-     TK_EXPLICIT = 379,
+-     TK_TEMPLATE = 380,
+-     TK_FINAL = 381,
+-     TK_ELLIPSIS = 382,
+-     TK_DEFMETATYPE = 383,
+-     TK_DEFSUPERTYPE = 384,
+-     TK_PROPERTY = 385,
+-     TK_HIDE_NS = 386,
+-     TK_FORMAT = 387,
+-     TK_GET = 388,
+-     TK_ID = 389,
+-     TK_KWARGS = 390,
+-     TK_LANGUAGE = 391,
+-     TK_LICENSEE = 392,
+-     TK_NAME = 393,
+-     TK_OPTIONAL = 394,
+-     TK_ORDER = 395,
+-     TK_REMOVELEADING = 396,
+-     TK_SET = 397,
+-     TK_SIGNATURE = 398,
+-     TK_TIMESTAMP = 399,
+-     TK_TYPE = 400,
+-     TK_USEARGNAMES = 401,
+-     TK_USELIMITEDAPI = 402,
+-     TK_ALLRAISEPYEXC = 403,
+-     TK_CALLSUPERINIT = 404,
+-     TK_DEFERRORHANDLER = 405,
+-     TK_VERSION = 406
+-   };
++  enum yytokentype
++  {
++    YYEMPTY = -2,
++    YYEOF = 0,                     /* "end of file"  */
++    YYerror = 256,                 /* error  */
++    YYUNDEF = 257,                 /* "invalid token"  */
++    TK_API = 258,                  /* TK_API  */
++    TK_AUTOPYNAME = 259,           /* TK_AUTOPYNAME  */
++    TK_DEFDOCSTRFMT = 260,         /* TK_DEFDOCSTRFMT  */
++    TK_DEFDOCSTRSIG = 261,         /* TK_DEFDOCSTRSIG  */
++    TK_DEFENCODING = 262,          /* TK_DEFENCODING  */
++    TK_PLUGIN = 263,               /* TK_PLUGIN  */
++    TK_VIRTERRORHANDLER = 264,     /* TK_VIRTERRORHANDLER  */
++    TK_EXPTYPEHINTCODE = 265,      /* TK_EXPTYPEHINTCODE  */
++    TK_TYPEHINTCODE = 266,         /* TK_TYPEHINTCODE  */
++    TK_DOCSTRING = 267,            /* TK_DOCSTRING  */
++    TK_DOC = 268,                  /* TK_DOC  */
++    TK_EXPORTEDDOC = 269,          /* TK_EXPORTEDDOC  */
++    TK_EXTRACT = 270,              /* TK_EXTRACT  */
++    TK_MAKEFILE = 271,             /* TK_MAKEFILE  */
++    TK_ACCESSCODE = 272,           /* TK_ACCESSCODE  */
++    TK_GETCODE = 273,              /* TK_GETCODE  */
++    TK_SETCODE = 274,              /* TK_SETCODE  */
++    TK_PREINITCODE = 275,          /* TK_PREINITCODE  */
++    TK_INITCODE = 276,             /* TK_INITCODE  */
++    TK_POSTINITCODE = 277,         /* TK_POSTINITCODE  */
++    TK_FINALCODE = 278,            /* TK_FINALCODE  */
++    TK_UNITCODE = 279,             /* TK_UNITCODE  */
++    TK_UNITPOSTINCLUDECODE = 280,  /* TK_UNITPOSTINCLUDECODE  */
++    TK_MODCODE = 281,              /* TK_MODCODE  */
++    TK_TYPECODE = 282,             /* TK_TYPECODE  */
++    TK_PREPYCODE = 283,            /* TK_PREPYCODE  */
++    TK_COPYING = 284,              /* TK_COPYING  */
++    TK_MAPPEDTYPE = 285,           /* TK_MAPPEDTYPE  */
++    TK_CODELINE = 286,             /* TK_CODELINE  */
++    TK_IF = 287,                   /* TK_IF  */
++    TK_END = 288,                  /* TK_END  */
++    TK_NAME_VALUE = 289,           /* TK_NAME_VALUE  */
++    TK_PATH_VALUE = 290,           /* TK_PATH_VALUE  */
++    TK_STRING_VALUE = 291,         /* TK_STRING_VALUE  */
++    TK_VIRTUALCATCHERCODE = 292,   /* TK_VIRTUALCATCHERCODE  */
++    TK_TRAVERSECODE = 293,         /* TK_TRAVERSECODE  */
++    TK_CLEARCODE = 294,            /* TK_CLEARCODE  */
++    TK_GETBUFFERCODE = 295,        /* TK_GETBUFFERCODE  */
++    TK_RELEASEBUFFERCODE = 296,    /* TK_RELEASEBUFFERCODE  */
++    TK_READBUFFERCODE = 297,       /* TK_READBUFFERCODE  */
++    TK_WRITEBUFFERCODE = 298,      /* TK_WRITEBUFFERCODE  */
++    TK_SEGCOUNTCODE = 299,         /* TK_SEGCOUNTCODE  */
++    TK_CHARBUFFERCODE = 300,       /* TK_CHARBUFFERCODE  */
++    TK_PICKLECODE = 301,           /* TK_PICKLECODE  */
++    TK_VIRTUALCALLCODE = 302,      /* TK_VIRTUALCALLCODE  */
++    TK_METHODCODE = 303,           /* TK_METHODCODE  */
++    TK_PREMETHODCODE = 304,        /* TK_PREMETHODCODE  */
++    TK_INSTANCECODE = 305,         /* TK_INSTANCECODE  */
++    TK_FROMTYPE = 306,             /* TK_FROMTYPE  */
++    TK_TOTYPE = 307,               /* TK_TOTYPE  */
++    TK_TOSUBCLASS = 308,           /* TK_TOSUBCLASS  */
++    TK_INCLUDE = 309,              /* TK_INCLUDE  */
++    TK_OPTINCLUDE = 310,           /* TK_OPTINCLUDE  */
++    TK_IMPORT = 311,               /* TK_IMPORT  */
++    TK_EXPHEADERCODE = 312,        /* TK_EXPHEADERCODE  */
++    TK_MODHEADERCODE = 313,        /* TK_MODHEADERCODE  */
++    TK_TYPEHEADERCODE = 314,       /* TK_TYPEHEADERCODE  */
++    TK_MODULE = 315,               /* TK_MODULE  */
++    TK_CMODULE = 316,              /* TK_CMODULE  */
++    TK_CONSMODULE = 317,           /* TK_CONSMODULE  */
++    TK_COMPOMODULE = 318,          /* TK_COMPOMODULE  */
++    TK_CLASS = 319,                /* TK_CLASS  */
++    TK_STRUCT = 320,               /* TK_STRUCT  */
++    TK_PUBLIC = 321,               /* TK_PUBLIC  */
++    TK_PROTECTED = 322,            /* TK_PROTECTED  */
++    TK_PRIVATE = 323,              /* TK_PRIVATE  */
++    TK_SIGNALS = 324,              /* TK_SIGNALS  */
++    TK_SIGNAL_METHOD = 325,        /* TK_SIGNAL_METHOD  */
++    TK_SLOTS = 326,                /* TK_SLOTS  */
++    TK_SLOT_METHOD = 327,          /* TK_SLOT_METHOD  */
++    TK_BOOL = 328,                 /* TK_BOOL  */
++    TK_SHORT = 329,                /* TK_SHORT  */
++    TK_INT = 330,                  /* TK_INT  */
++    TK_LONG = 331,                 /* TK_LONG  */
++    TK_FLOAT = 332,                /* TK_FLOAT  */
++    TK_DOUBLE = 333,               /* TK_DOUBLE  */
++    TK_CHAR = 334,                 /* TK_CHAR  */
++    TK_WCHAR_T = 335,              /* TK_WCHAR_T  */
++    TK_VOID = 336,                 /* TK_VOID  */
++    TK_PYOBJECT = 337,             /* TK_PYOBJECT  */
++    TK_PYTUPLE = 338,              /* TK_PYTUPLE  */
++    TK_PYLIST = 339,               /* TK_PYLIST  */
++    TK_PYDICT = 340,               /* TK_PYDICT  */
++    TK_PYCALLABLE = 341,           /* TK_PYCALLABLE  */
++    TK_PYSLICE = 342,              /* TK_PYSLICE  */
++    TK_PYTYPE = 343,               /* TK_PYTYPE  */
++    TK_PYBUFFER = 344,             /* TK_PYBUFFER  */
++    TK_VIRTUAL = 345,              /* TK_VIRTUAL  */
++    TK_ENUM = 346,                 /* TK_ENUM  */
++    TK_SIGNED = 347,               /* TK_SIGNED  */
++    TK_UNSIGNED = 348,             /* TK_UNSIGNED  */
++    TK_SCOPE = 349,                /* TK_SCOPE  */
++    TK_LOGICAL_OR = 350,           /* TK_LOGICAL_OR  */
++    TK_CONST = 351,                /* TK_CONST  */
++    TK_STATIC = 352,               /* TK_STATIC  */
++    TK_SIPSIGNAL = 353,            /* TK_SIPSIGNAL  */
++    TK_SIPSLOT = 354,              /* TK_SIPSLOT  */
++    TK_SIPANYSLOT = 355,           /* TK_SIPANYSLOT  */
++    TK_SIPRXCON = 356,             /* TK_SIPRXCON  */
++    TK_SIPRXDIS = 357,             /* TK_SIPRXDIS  */
++    TK_SIPSLOTCON = 358,           /* TK_SIPSLOTCON  */
++    TK_SIPSLOTDIS = 359,           /* TK_SIPSLOTDIS  */
++    TK_SIPSSIZET = 360,            /* TK_SIPSSIZET  */
++    TK_SIZET = 361,                /* TK_SIZET  */
++    TK_NUMBER_VALUE = 362,         /* TK_NUMBER_VALUE  */
++    TK_REAL_VALUE = 363,           /* TK_REAL_VALUE  */
++    TK_TYPEDEF = 364,              /* TK_TYPEDEF  */
++    TK_NAMESPACE = 365,            /* TK_NAMESPACE  */
++    TK_TIMELINE = 366,             /* TK_TIMELINE  */
++    TK_PLATFORMS = 367,            /* TK_PLATFORMS  */
++    TK_FEATURE = 368,              /* TK_FEATURE  */
++    TK_LICENSE = 369,              /* TK_LICENSE  */
++    TK_QCHAR_VALUE = 370,          /* TK_QCHAR_VALUE  */
++    TK_TRUE_VALUE = 371,           /* TK_TRUE_VALUE  */
++    TK_FALSE_VALUE = 372,          /* TK_FALSE_VALUE  */
++    TK_NULL_VALUE = 373,           /* TK_NULL_VALUE  */
++    TK_OPERATOR = 374,             /* TK_OPERATOR  */
++    TK_THROW = 375,                /* TK_THROW  */
++    TK_QOBJECT = 376,              /* TK_QOBJECT  */
++    TK_EXCEPTION = 377,            /* TK_EXCEPTION  */
++    TK_RAISECODE = 378,            /* TK_RAISECODE  */
++    TK_EXPLICIT = 379,             /* TK_EXPLICIT  */
++    TK_TEMPLATE = 380,             /* TK_TEMPLATE  */
++    TK_FINAL = 381,                /* TK_FINAL  */
++    TK_ELLIPSIS = 382,             /* TK_ELLIPSIS  */
++    TK_DEFMETATYPE = 383,          /* TK_DEFMETATYPE  */
++    TK_DEFSUPERTYPE = 384,         /* TK_DEFSUPERTYPE  */
++    TK_PROPERTY = 385,             /* TK_PROPERTY  */
++    TK_HIDE_NS = 386,              /* TK_HIDE_NS  */
++    TK_FORMAT = 387,               /* TK_FORMAT  */
++    TK_GET = 388,                  /* TK_GET  */
++    TK_ID = 389,                   /* TK_ID  */
++    TK_KWARGS = 390,               /* TK_KWARGS  */
++    TK_LANGUAGE = 391,             /* TK_LANGUAGE  */
++    TK_LICENSEE = 392,             /* TK_LICENSEE  */
++    TK_NAME = 393,                 /* TK_NAME  */
++    TK_OPTIONAL = 394,             /* TK_OPTIONAL  */
++    TK_ORDER = 395,                /* TK_ORDER  */
++    TK_REMOVELEADING = 396,        /* TK_REMOVELEADING  */
++    TK_SET = 397,                  /* TK_SET  */
++    TK_SIGNATURE = 398,            /* TK_SIGNATURE  */
++    TK_TIMESTAMP = 399,            /* TK_TIMESTAMP  */
++    TK_TYPE = 400,                 /* TK_TYPE  */
++    TK_USEARGNAMES = 401,          /* TK_USEARGNAMES  */
++    TK_PYSSIZETCLEAN = 402,        /* TK_PYSSIZETCLEAN  */
++    TK_USELIMITEDAPI = 403,        /* TK_USELIMITEDAPI  */
++    TK_ALLRAISEPYEXC = 404,        /* TK_ALLRAISEPYEXC  */
++    TK_CALLSUPERINIT = 405,        /* TK_CALLSUPERINIT  */
++    TK_DEFERRORHANDLER = 406,      /* TK_DEFERRORHANDLER  */
++    TK_VERSION = 407               /* TK_VERSION  */
++  };
++  typedef enum yytokentype yytoken_kind_t;
+ #endif
+-/* Tokens.  */
++/* Token kinds.  */
++#define YYEMPTY -2
++#define YYEOF 0
++#define YYerror 256
++#define YYUNDEF 257
+ #define TK_API 258
+ #define TK_AUTOPYNAME 259
+ #define TK_DEFDOCSTRFMT 260
+@@ -335,19 +356,19 @@
+ #define TK_TIMESTAMP 399
+ #define TK_TYPE 400
+ #define TK_USEARGNAMES 401
+-#define TK_USELIMITEDAPI 402
+-#define TK_ALLRAISEPYEXC 403
+-#define TK_CALLSUPERINIT 404
+-#define TK_DEFERRORHANDLER 405
+-#define TK_VERSION 406
+-
+-
+-
++#define TK_PYSSIZETCLEAN 402
++#define TK_USELIMITEDAPI 403
++#define TK_ALLRAISEPYEXC 404
++#define TK_CALLSUPERINIT 405
++#define TK_DEFERRORHANDLER 406
++#define TK_VERSION 407
+ 
++/* Value type.  */
+ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+-typedef union YYSTYPE
+-#line 202 "sip-4.19.23/sipgen/metasrc/parser.y"
++union YYSTYPE
+ {
++#line 202 "parser.y"
++
+     char            qchar;
+     char            *text;
+     long            number;
+@@ -390,14 +411,20 @@ typedef union YYSTYPE
+     variableCfg     variable;
+     vehCfg          veh;
+     int             token;
+-}
+-/* Line 1529 of yacc.c.  */
+-#line 396 "sip-4.19.23/sipgen/parser.h"
+-	YYSTYPE;
+-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+-# define YYSTYPE_IS_DECLARED 1
++
++#line 416 "../parser.h"
++
++};
++typedef union YYSTYPE YYSTYPE;
+ # define YYSTYPE_IS_TRIVIAL 1
++# define YYSTYPE_IS_DECLARED 1
+ #endif
+ 
++
+ extern YYSTYPE yylval;
+ 
++
++int yyparse (void);
++
++
++#endif /* !YY_YY_PARSER_H_INCLUDED  */
diff --git a/meta-oe/recipes-devtools/sip/sip3_4.19.23.bb b/meta-oe/recipes-devtools/sip/sip3_4.19.23.bb
index d6335585e2..dc3db1fcd4 100644
--- a/meta-oe/recipes-devtools/sip/sip3_4.19.23.bb
+++ b/meta-oe/recipes-devtools/sip/sip3_4.19.23.bb
@@ -5,7 +5,9 @@ LICENSE = "GPL-2.0-or-later"
 LIC_FILES_CHKSUM = "file://LICENSE-GPL2;md5=e91355d8a6f8bd8f7c699d62863c7303"
 
 SRC_URI = "https://www.riverbankcomputing.com/static/Downloads/sip/${PV}/sip-${PV}.tar.gz \
+    file://added-the-py_ssize_t_clean-argument-to-the-module-directive.patch \
 "
+
 SRC_URI[md5sum] = "70adc0c9734e2d9dcd241d3f931dfc74"
 SRC_URI[sha256sum] = "22ca9bcec5388114e40d4aafd7ccd0c4fe072297b628d0c5cdfa2f010c0bc7e7"
 
@@ -29,11 +31,28 @@ do_configure:prepend() {
     echo "sip_inc_dir = ${D}/${includedir}" >> sip.cfg
     echo "sip_module_dir = ${D}/${libdir}/python%(py_major).%(py_minor)/site-packages" >> sip.cfg
     echo "sip_sip_dir = ${D}/${datadir}/sip" >> sip.cfg
-    ${PYTHON} configure.py --configuration sip.cfg --sip-module PyQt5.sip --sysroot ${CONFIGURE_SYSROOT} CC="${CC}" CXX="${CXX}" LINK="${CXX}" STRIP="" LINK_SHLIB="${CXX}" CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" LFLAGS="${LDFLAGS}"
+    ${PYTHON} configure.py --configuration sip.cfg --destdir /${D}${libdir}/${PYTHON_DIR}/site-packages/ --sip-module PyQt5.sip --sysroot ${CONFIGURE_SYSROOT} CC="${CC}" CXX="${CXX}" LINK="${CXX}" STRIP="" LINK_SHLIB="${CXX}" CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" LFLAGS="${LDFLAGS}"
 }
 
 do_install() {
     oe_runmake install
+
+    sed -i \
+         -e "s@[^ ]*-fdebug-prefix-map=[^ ']*@@g" \
+         -e "s@[^ ]*-fmacro-prefix-map=[^ ']*@@g" \
+         -e "s@[^ ]*-ffile-prefix-map=[^ ']*@@g" \
+         ${D}${libdir}/${PYTHON_DIR}/site-packages/sipconfig.py
+
+    # Remove the destination directory
+    sed -i -e "s@${D}/@@g" ${D}${libdir}/${PYTHON_DIR}/site-packages/sipconfig.py
+
+    if [ -n "${STAGING_DIR_NATIVE}" ]; then
+        sed -i -e "s@${STAGING_DIR_NATIVE}@@g" ${D}${libdir}/${PYTHON_DIR}/site-packages/sipconfig.py
+    fi
+
+    if [ -n "${STAGING_DIR_TARGET}" ]; then
+       sed -i -e "s@${STAGING_DIR_TARGET}@@g" ${D}${libdir}/${PYTHON_DIR}/site-packages/sipconfig.py
+    fi
 }
 
 FILES:python3-sip3 = "${libdir}/${PYTHON_DIR}/site-packages/"
diff --git a/meta-oe/recipes-devtools/suitesparse/suitesparse_5.10.1.bb b/meta-oe/recipes-devtools/suitesparse/suitesparse_5.10.1.bb
index 38e34b93c6..56cbfce20e 100644
--- a/meta-oe/recipes-devtools/suitesparse/suitesparse_5.10.1.bb
+++ b/meta-oe/recipes-devtools/suitesparse/suitesparse_5.10.1.bb
@@ -1,6 +1,6 @@
 LICENSE = "GPL-2.0-only & GPL-3.0-only & BSD-3-Clause & LGPL-2.0-only & Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5fa987762101f748a6cdd951b64ffc6b"
-SRC_URI = "git://github.com/DrTimothyAldenDavis/SuiteSparse;protocol=https;branch=master \
+SRC_URI = "git://github.com/DrTimothyAldenDavis/SuiteSparse;protocol=https;branch=stable \
            file://0001-Preserve-CXXFLAGS-from-environment-in-Mongoose.patch \
            file://0002-Preserve-links-when-installing-libmetis.patch \
            file://0003-Add-version-information-to-libmetis.patch \
diff --git a/meta-oe/recipes-devtools/unifex/unifex_git.bb b/meta-oe/recipes-devtools/unifex/unifex_git.bb
index 85fe39b6de..f55d7e32c8 100644
--- a/meta-oe/recipes-devtools/unifex/unifex_git.bb
+++ b/meta-oe/recipes-devtools/unifex/unifex_git.bb
@@ -20,5 +20,3 @@ EXTRA_OECMAKE += " \
     -DCMAKE_CXX_STANDARD=20 \
     -DUNIFEX_BUILD_EXAMPLES=OFF \
     "
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
index e9cb7adb81..df90b629a9 100644
--- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
+++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
@@ -18,6 +18,10 @@ SRC_URI[sha256sum] = "53e15a2b5c1bc80161d42e9f69792a3fa18332b7b771910131004eb520
 
 S = "${WORKDIR}/imap-${PV}"
 
+CVE_CHECK_IGNORE += "\
+    CVE-2005-0198 \
+"
+
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}"
 PACKAGECONFIG[pam] = ",,libpam"
 
diff --git a/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch b/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch
new file mode 100644
index 0000000000..169784d427
--- /dev/null
+++ b/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch
@@ -0,0 +1,29 @@
+From 23a122eddaa28165a6c219000adcc31ff9a8a698 Mon Sep 17 00:00:00 2001
+From: "zhang.jiujiu" <282627424@qq.com>
+Date: Tue, 7 Dec 2021 22:37:02 +0800
+Subject: [PATCH] fix memory leaks
+
+Upstream-Status: Backport [https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698]
+CVE: CVE-2023-33460
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/yajl_tree.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/yajl_tree.c b/src/yajl_tree.c
+index 3d357a3..a71167e 100644
+--- a/src/yajl_tree.c
++++ b/src/yajl_tree.c
+@@ -445,6 +445,9 @@ yajl_val yajl_tree_parse (const char *input,
+              YA_FREE(&(handle->alloc), internal_err_str);
+         }
+         yajl_free (handle);
++	//If the requested memory is not released in time, it will cause memory leakage
++	if(ctx.root)
++	     yajl_tree_free(ctx.root);
+         return NULL;
+     }
+ 
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb b/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb
index cf8dbb183e..697f54d9fb 100644
--- a/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb
+++ b/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb
@@ -8,7 +8,9 @@ HOMEPAGE = "http://lloyd.github.com/yajl/"
 LICENSE = "ISC"
 LIC_FILES_CHKSUM = "file://COPYING;md5=39af6eb42999852bdd3ea00ad120a36d"
 
-SRC_URI = "git://github.com/lloyd/yajl;branch=master;protocol=https"
+SRC_URI = "git://github.com/lloyd/yajl;branch=master;protocol=https \
+           file://CVE-2023-33460.patch \
+          "
 SRCREV = "a0ecdde0c042b9256170f2f8890dd9451a4240aa"
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch
new file mode 100644
index 0000000000..ae10e99c2f
--- /dev/null
+++ b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch
@@ -0,0 +1,29 @@
+From b2cc5a1693b17ac415df76d0795b15994c106441 Mon Sep 17 00:00:00 2001
+From: Katsuhiko Gondow <gondow@cs.titech.ac.jp>
+Date: Tue, 13 Jun 2023 05:00:47 +0900
+Subject: [PATCH] Fix memory leak in bin-objfmt (#231)
+
+Upstream-Status: Backport [https://github.com/yasm/yasm/commit/b2cc5a1693b17ac415df76d0795b15994c106441]
+
+CVE: CVE-2023-31975
+---
+ modules/objfmts/bin/bin-objfmt.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/modules/objfmts/bin/bin-objfmt.c b/modules/objfmts/bin/bin-objfmt.c
+index 18026750..a38c3422 100644
+--- a/modules/objfmts/bin/bin-objfmt.c
++++ b/modules/objfmts/bin/bin-objfmt.c
+@@ -1680,6 +1680,10 @@ static void
+ bin_section_data_destroy(void *data)
+ {
+     bin_section_data *bsd = (bin_section_data *)data;
++    if (bsd->align)
++        yasm_xfree(bsd->align);
++    if (bsd->valign)
++        yasm_xfree(bsd->valign);
+     if (bsd->start)
+         yasm_expr_destroy(bsd->start);
+     if (bsd->vstart)
+--
+2.40.0
diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch
new file mode 100644
index 0000000000..1ca33f0a92
--- /dev/null
+++ b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch
@@ -0,0 +1,41 @@
+From 2cd3bb50e256f5ed5f611ac611d25fe673f2cec3 Mon Sep 17 00:00:00 2001
+From: Peter Johnson <johnson.peter@gmail.com>
+Date: Fri, 11 Aug 2023 10:49:51 +0000
+Subject: [PATCH] elf.c: Fix NULL deref on bad xsize expression (#234)
+
+CVE: CVE-2023-37732
+
+Upstream-Status: Backport [https://github.com/yasm/yasm/commit/2cd3bb50e256f5ed5f611ac611d25fe673f2cec3]
+
+Signed-off-by: Soumya <soumya.sambu@windriver.com>
+---
+ modules/objfmts/elf/elf.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/modules/objfmts/elf/elf.c b/modules/objfmts/elf/elf.c
+index 2486bba8..bab4c9ca 100644
+--- a/modules/objfmts/elf/elf.c
++++ b/modules/objfmts/elf/elf.c
+@@ -482,15 +482,15 @@ elf_symtab_write_to_file(FILE *f, elf_symtab_head *symtab,
+
+         /* get size (if specified); expr overrides stored integer */
+         if (entry->xsize) {
+-            size_intn = yasm_intnum_copy(
+-                yasm_expr_get_intnum(&entry->xsize, 1));
+-            if (!size_intn) {
++            yasm_intnum *intn = yasm_expr_get_intnum(&entry->xsize, 1);
++            if (!intn) {
+                 yasm_error_set(YASM_ERROR_VALUE,
+                                N_("size specifier not an integer expression"));
+                 yasm_errwarn_propagate(errwarns, entry->xsize->line);
+-            }
++            } else
++                size_intn = yasm_intnum_copy(intn);
+         }
+-        else
++        if (!size_intn)
+             size_intn = yasm_intnum_create_uint(entry->size);
+
+         /* get EQU value for constants */
+--
+2.40.0
diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-oe/recipes-devtools/yasm/yasm_git.bb
index b5cd35ab3a..60b00f7ff4 100644
--- a/meta-oe/recipes-devtools/yasm/yasm_git.bb
+++ b/meta-oe/recipes-devtools/yasm/yasm_git.bb
@@ -11,6 +11,8 @@ PV = "1.3.0+git${SRCPV}"
 SRCREV = "ba463d3c26c0ece2e797b8d6381b161633b5971a"
 SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \
            file://0001-Do-not-use-AC_HEADER_STDC.patch \
+           file://CVE-2023-31975.patch \
+           file://CVE-2023-37732.patch \
 "
 
 S = "${WORKDIR}/git"
@@ -22,3 +24,8 @@ CACHED_CONFIGUREVARS = "CCLD_FOR_BUILD='${CC_FOR_BUILD}'"
 BBCLASSEXTEND = "native"
 
 PARALLEL_MAKE = ""
+
+do_configure:prepend() {
+     # Don't include $CC (which includes path to sysroot) in generated header.
+     sed -i -e "s/^echo \"\/\* generated \$ac_cv_stdint_message \*\/\" >>\$ac_stdint$"// ${S}/m4/ax_create_stdint_h.m4
+}
diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/0001-Fix-memory-leak.patch b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/0001-Fix-memory-leak.patch
new file mode 100644
index 0000000000..72e3b9802d
--- /dev/null
+++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/0001-Fix-memory-leak.patch
@@ -0,0 +1,34 @@
+From b6149e203f919c899fefc702a17fbb78bdec3700 Mon Sep 17 00:00:00 2001
+From: Le Van Khanh <Khanh.LeVan@vn.bosch.com>
+Date: Thu, 9 Feb 2023 03:17:13 -0500
+Subject: [PATCH] Fix memory leak
+
+Free the ecuid_conf in case of memory alllocated
+
+CVE: CVE-2023-26257
+
+Upstream-Status: Backport
+[https://github.com/COVESA/dlt-daemon/pull/441/commits/b6149e203f919c899fefc702a17fbb78bdec3700]
+
+Signed-off-by: Le Van Khanh <Khanh.LeVan@vn.bosch.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/console/dlt-control-common.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/console/dlt-control-common.c b/src/console/dlt-control-common.c
+index abcaf92..64951c1 100644
+--- a/src/console/dlt-control-common.c
++++ b/src/console/dlt-control-common.c
+@@ -124,6 +124,8 @@ void set_ecuid(char *ecuid)
+             if (dlt_parse_config_param("ECUId", &ecuid_conf) == 0) {
+                 memset(local_ecuid, 0, DLT_CTRL_ECUID_LEN);
+                 strncpy(local_ecuid, ecuid_conf, DLT_CTRL_ECUID_LEN);
++                if (ecuid_conf !=NULL)
++                    free(ecuid_conf);
+                 local_ecuid[DLT_CTRL_ECUID_LEN - 1] = '\0';
+             }
+             else {
+--
+2.34.1
diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb
index 2cea50dfb0..b98cfadf3e 100644
--- a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb
+++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb
@@ -18,8 +18,9 @@ SRC_URI = "git://github.com/GENIVI/${BPN}.git;protocol=https;branch=master \
            file://0002-Don-t-execute-processes-as-a-specific-user.patch \
            file://0004-Modify-systemd-config-directory.patch \
            file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \
+           file://0001-Fix-memory-leak.patch \
            "
-SRCREV = "0138c00811c86eab4ff6bff3c6528163885ade19"
+SRCREV = "6a3bd901d825c7206797e36ea98e10a218f5aad2"
 
 PV .= "+2.18.9git${SRCPV}"
 
@@ -27,7 +28,7 @@ S = "${WORKDIR}/git"
 
 LDFLAGS:append:riscv64 = " -latomic"
 
-PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', ' systemd systemd-watchdog systemd-journal dlt-examples dlt-adaptor dlt-console ', '', d)} \
+PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', ' systemd systemd-watchdog systemd-journal dlt-examples dlt-adaptor dlt-adaptor-udp dlt-console ', '', d)} \
  udp-connection dlt-system dlt-filetransfer "
 # dlt-dbus
 
@@ -44,6 +45,7 @@ PACKAGECONFIG[udp-connection] = "-DWITH_UDP_CONNECTION=ON,-DWITH_UDP_CONNECTION=
 # Command line options
 PACKAGECONFIG[dlt-system] = "-DWITH_DLT_SYSTEM=ON,-DWITH_DLT_SYSTEM=OFF"
 PACKAGECONFIG[dlt-adaptor] = "-DWITH_DLT_ADAPTOR=ON,-DWITH_DLT_ADAPTOR=OFF,,dlt-daemon-systemd"
+PACKAGECONFIG[dlt-adaptor-udp] = "-DWITH_DLT_ADAPTOR_UDP=ON,-DWITH_DLT_ADAPTOR_UDP=OFF,,dlt-daemon-systemd"
 PACKAGECONFIG[dlt-filetransfer] = "-DWITH_DLT_FILETRANSFER=ON,-DWITH_DLT_FILETRANSFER=OFF"
 PACKAGECONFIG[dlt-console] = "-DWITH_DLT_CONSOLE=ON,-DWITH_DLT_CONSOLE=OFF,,dlt-daemon-systemd"
 
@@ -58,7 +60,7 @@ SYSTEMD_SERVICE:${PN} = " ${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'dlt.
                           ${@bb.utils.contains('PACKAGECONFIG', 'dlt-dbus', 'dlt-dbus.service', '', d)}"
 SYSTEMD_AUTO_ENABLE:${PN} = "enable"
 SYSTEMD_SERVICE:${PN}-systemd = " \
-    ${@bb.utils.contains('PACKAGECONFIG', 'dlt-adaptor', 'dlt-adaptor-udp.service', '', d)} \
+    ${@bb.utils.contains('PACKAGECONFIG', 'dlt-adaptor-udp', 'dlt-adaptor-udp.service', '', d)} \
     ${@bb.utils.contains('PACKAGECONFIG', 'dlt-examples', 'dlt-example-user.service', '', d)} \
     ${@bb.utils.contains('PACKAGECONFIG', 'dlt-examples dlt-console', 'dlt-receive.service', '', d)} \
 "
diff --git a/meta-oe/recipes-extended/duktape/duktape_2.7.0.bb b/meta-oe/recipes-extended/duktape/duktape_2.7.0.bb
index 7674785437..583e8337e7 100644
--- a/meta-oe/recipes-extended/duktape/duktape_2.7.0.bb
+++ b/meta-oe/recipes-extended/duktape/duktape_2.7.0.bb
@@ -4,7 +4,11 @@ HOMEPAGE = "https://duktape.org"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b7825df97b52f926fc71300f7880408"
 
-SRC_URI = "https://duktape.org/duktape-${PV}.tar.xz"
+SRC_URI = "https://duktape.org/duktape-${PV}.tar.xz \
+           file://run-ptest \
+          "
+inherit ptest
+
 SRC_URI[sha256sum] = "90f8d2fa8b5567c6899830ddef2c03f3c27960b11aca222fa17aa7ac613c2890"
 
 EXTRA_OEMAKE = "INSTALL_PREFIX='${prefix}' DESTDIR='${D}' LIBDIR='/${baselib}'"
@@ -13,8 +17,24 @@ do_compile () {
     oe_runmake -f Makefile.sharedlibrary INSTALL_PREFIX="${prefix}" DESTDIR="${D}"
 }
 
+do_compile_ptest() {
+    oe_runmake -f Makefile.hello INSTALL_PREFIX="${prefix}" DESTDIR="${D}"
+    oe_runmake -f Makefile.eval INSTALL_PREFIX="${prefix}" DESTDIR="${D}"
+    oe_runmake -f Makefile.eventloop INSTALL_PREFIX="${prefix}" DESTDIR="${D}"
+}
+
 do_install () {
     oe_runmake -f Makefile.sharedlibrary INSTALL_PREFIX="${prefix}" DESTDIR="${D}" install
     # libduktaped is identical to libduktape but has an hard-coded -g build flags, remove it
     rm -f ${D}${libdir}/libduktaped.so*
 }
+
+do_install_ptest() {
+    install -m 0755 "${WORKDIR}/duktape-2.7.0/hello" "${D}${PTEST_PATH}"
+    install -m 0755 "${WORKDIR}/duktape-2.7.0/eval" "${D}${PTEST_PATH}"
+    install -m 0755 "${WORKDIR}/duktape-2.7.0/evloop" "${D}${PTEST_PATH}"
+    install -m 0755 "${WORKDIR}/duktape-2.7.0/examples/eventloop/timer-test.js" "${D}${PTEST_PATH}"
+    install -m 0755 "${WORKDIR}/duktape-2.7.0/examples/eventloop/ecma_eventloop.js" "${D}${PTEST_PATH}"
+}
+
+RDEPENDS_${PN}-ptest += "make"
diff --git a/meta-oe/recipes-extended/duktape/files/run-ptest b/meta-oe/recipes-extended/duktape/files/run-ptest
new file mode 100644
index 0000000000..852fb15de4
--- /dev/null
+++ b/meta-oe/recipes-extended/duktape/files/run-ptest
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+./hello &> $test.output 2>&1
+out="Hello world!"
+
+if grep -i "$out" $test.output 2>&1 ; then
+   echo "PASS: Hello duktape"
+else
+   echo "FAIL: Hello duktape"
+fi
+rm -f $test.output
+
+./eval "print('Hello world!'); 123;" > out.log
+
+sed -n '2p' out.log > eval.log
+sed -n '3p' out.log >> eval.log
+
+if grep  -w 'Hello world!\|123' eval.log 2>&1; then
+   echo "PASS: eval duktape"
+else
+   echo "FAIL: eval duktape"
+fi
+rm -f eval.log out.log
+
+./evloop timer-test.js > evloop.log 2>&1
+
+if grep -i "no active timers and no sockets to poll" evloop.log 2>&1; then
+   echo "PASS: evloop duktape"
+else
+   echo "FAIL: evloop duktape"
+fi
+rm -f evloop.log
diff --git a/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch b/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch
new file mode 100644
index 0000000000..bfeb9b405d
--- /dev/null
+++ b/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch
@@ -0,0 +1,77 @@
+From ac1f8db9a0790d2bf153711ff4cbf6101f89aace Mon Sep 17 00:00:00 2001
+From: Brice Goglin <Brice.Goglin@inria.fr>
+Date: Wed, 23 Aug 2023 19:52:47 +0200
+Subject: [PATCH] linux: handle glibc cpuset allocation failures
+
+Closes #544
+CVE-2022-47022
+
+Signed-off-by: Brice Goglin <Brice.Goglin@inria.fr>
+
+CVE: CVE-2022-47022
+
+Upstream-Status: Backport [https://github.com/open-mpi/hwloc/commit/ac1f8db9a0790d2bf153711ff4cbf6101f89aace]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ src/topology-linux.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/src/topology-linux.c b/src/topology-linux.c
+index 62c3b44..86be150 100644
+--- a/src/topology-linux.c
++++ b/src/topology-linux.c
+@@ -623,6 +623,8 @@ hwloc_linux_set_tid_cpubind(hwloc_topology_t topology __hwloc_attribute_unused,
+
+   setsize = CPU_ALLOC_SIZE(last+1);
+   plinux_set = CPU_ALLOC(last+1);
++  if (!plinux_set)
++    return -1;
+
+   CPU_ZERO_S(setsize, plinux_set);
+   hwloc_bitmap_foreach_begin(cpu, hwloc_set)
+@@ -703,7 +705,10 @@ hwloc_linux_find_kernel_nr_cpus(hwloc_topology_t topology)
+   while (1) {
+     cpu_set_t *set = CPU_ALLOC(nr_cpus);
+     size_t setsize = CPU_ALLOC_SIZE(nr_cpus);
+-    int err = sched_getaffinity(0, setsize, set); /* always works, unless setsize is too small */
++    int err;
++    if (!set)
++      return -1; /* caller will return an error, and we'll try again later */
++    err = sched_getaffinity(0, setsize, set); /* always works, unless setsize is too small */
+     CPU_FREE(set);
+     nr_cpus = setsize * 8; /* that's the value that was actually tested */
+     if (!err)
+@@ -732,8 +737,12 @@ hwloc_linux_get_tid_cpubind(hwloc_topology_t topology __hwloc_attribute_unused,
+
+   /* find the kernel nr_cpus so as to use a large enough cpu_set size */
+   kernel_nr_cpus = hwloc_linux_find_kernel_nr_cpus(topology);
++  if (kernel_nr_cpus < 0)
++    return -1;
+   setsize = CPU_ALLOC_SIZE(kernel_nr_cpus);
+   plinux_set = CPU_ALLOC(kernel_nr_cpus);
++  if (!plinux_set)
++    return -1;
+
+   err = sched_getaffinity(tid, setsize, plinux_set);
+
+@@ -1092,6 +1101,8 @@ hwloc_linux_set_thread_cpubind(hwloc_topology_t topology, pthread_t tid, hwloc_c
+
+      setsize = CPU_ALLOC_SIZE(last+1);
+      plinux_set = CPU_ALLOC(last+1);
++     if (!plinux_set)
++       return -1;
+
+      CPU_ZERO_S(setsize, plinux_set);
+      hwloc_bitmap_foreach_begin(cpu, hwloc_set)
+@@ -1184,6 +1195,8 @@ hwloc_linux_get_thread_cpubind(hwloc_topology_t topology, pthread_t tid, hwloc_b
+
+      setsize = CPU_ALLOC_SIZE(last+1);
+      plinux_set = CPU_ALLOC(last+1);
++     if (!plinux_set)
++       return -1;
+
+      err = pthread_getaffinity_np(tid, setsize, plinux_set);
+      if (err) {
+--
+2.40.0
diff --git a/meta-oe/recipes-extended/hwloc/hwloc_1.11.13.bb b/meta-oe/recipes-extended/hwloc/hwloc_1.11.13.bb
index e6fed584f9..83c85dbe3e 100644
--- a/meta-oe/recipes-extended/hwloc/hwloc_1.11.13.bb
+++ b/meta-oe/recipes-extended/hwloc/hwloc_1.11.13.bb
@@ -7,7 +7,9 @@ SECTION = "base"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=3282e20dc3cec311deda3c6d4b1f990b"
 
-SRC_URI = "https://www.open-mpi.org/software/${BPN}/v1.11/downloads/${BP}.tar.bz2"
+SRC_URI = "https://www.open-mpi.org/software/${BPN}/v1.11/downloads/${BP}.tar.bz2 \
+           file://CVE-2022-47022.patch \
+          "
 SRC_URI[md5sum] = "3c792e23c209e9e1bafe9bdbc613d401"
 SRC_URI[sha256sum] = "a4494b7765f517c0990d1c7f09d98cb87755bb6b841e4e2cbfebca1b14bac9c8"
 
diff --git a/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0001.patch b/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0001.patch
new file mode 100644
index 0000000000..367202e3c5
--- /dev/null
+++ b/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0001.patch
@@ -0,0 +1,4196 @@
+From df4ab2d19e247d059e0025789ba513418073ab6f Mon Sep 17 00:00:00 2001
+From: Petr Písař <ppisar@redhat.com>
+Date: Thu, 19 Oct 2023 07:36:32 +0000
+Subject: [PATCH] Fix an out-of-buffer read in search_brace()/lexi() on an
+ condition without parentheses followed with an overlong comment
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reproducer:
+
+$ hexdump -C /tmp/short
+00000000  69 66 20 30 3b 65 6c 73  65 2f 2a 0a 0a 0a 0a 0a  |if 0;else/*.....|
+00000010  0a 0a 0a 0a 0a 0a 0a 0a  0a 0a 0a 0a 0a 0a 0a 0a  |................|
+*
+00000800  0a 0a 2a 2f 78 0a                                 |..*/x.|
+00000806
+
+$ valgrind -- ./indent -o /dev/null /tmp/short
+[...]
+==21830== Invalid read of size 1
+==21830==    at 0x40586A: lexi (lexi.c:251)
+==21830==    by 0x40198C: search_brace (indent.c:387)
+==21830==    by 0x401CC2: indent_main_loop (indent.c:548)
+==21830==    by 0x402298: indent (indent.c:758)
+==21830==    by 0x402941: indent_single_file (indent.c:1003)
+==21830==    by 0x402A0F: indent_all (indent.c:1041)
+==21830==    by 0x402BC5: main (indent.c:1122)
+==21830==  Address 0x4ab2210 is 0 bytes inside a block of size 2,048 free'd
+==21830==    at 0x4847A40: realloc (vg_replace_malloc.c:1649)
+==21830==    by 0x408BC0: xrealloc (globs.c:64)
+==21830==    by 0x40BF03: need_chars (handletoken.c:89)
+==21830==    by 0x401433: sw_buffer (indent.c:149)
+==21830==    by 0x401973: search_brace (indent.c:380)
+==21830==    by 0x401CC2: indent_main_loop (indent.c:548)
+==21830==    by 0x402298: indent (indent.c:758)
+==21830==    by 0x402941: indent_single_file (indent.c:1003)
+==21830==    by 0x402A0F: indent_all (indent.c:1041)
+==21830==    by 0x402BC5: main (indent.c:1122)
+==21830==  Block was alloc'd at
+==21830==    at 0x4847A40: realloc (vg_replace_malloc.c:1649)
+==21830==    by 0x408BC0: xrealloc (globs.c:64)
+==21830==    by 0x40BF03: need_chars (handletoken.c:89)
+==21830==    by 0x401696: search_brace (indent.c:281)
+==21830==    by 0x401CC2: indent_main_loop (indent.c:548)
+==21830==    by 0x402298: indent (indent.c:758)
+==21830==    by 0x402941: indent_single_file (indent.c:1003)
+==21830==    by 0x402A0F: indent_all (indent.c:1041)
+==21830==    by 0x402BC5: main (indent.c:1122)
+
+The cause was that need_chars(&save_com, ...) could reallocate save_com.ptr
+pointer keeping a dangling copy of that pointer saved to buf_ptr
+a line above.
+
+Related to CVE-2023-40305
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+CVE: CVE-2023-40305
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/indent.git/commit/?id=df4ab2d19e247d059e0025789ba513418073ab6f]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ regression/TEST                             |    3 +-
+ regression/input/comment-heap-overread.c    | 2040 ++++++++++++++++++
+ regression/standard/comment-heap-overread.c | 2042 +++++++++++++++++++
+ src/indent.c                                |    2 +-
+ 4 files changed, 4085 insertions(+), 2 deletions(-)
+ create mode 100644 regression/input/comment-heap-overread.c
+ create mode 100644 regression/standard/comment-heap-overread.c
+
+diff --git a/regression/TEST b/regression/TEST
+index 56f41d9..a7a6747 100755
+--- a/regression/TEST
++++ b/regression/TEST
+@@ -37,7 +37,8 @@ BUGS="case-label.c one-line-1.c one-line-2.c one-line-3.c \
+         one-line-4.c struct-decl.c sizeof-in-while.c line-break-comment.c \
+         macro.c enum.c elif.c nested.c wrapped-string.c minus_predecrement.c \
+         bug-gnu-33364.c float-constant-suffix.c block-comments.c \
+-        no-forced-nl-in-block-init.c hexadecimal_float.c"
++        no-forced-nl-in-block-init.c hexadecimal_float.c \
++        comment-heap-overread.c"
+
+ INDENTSRC="args.c backup.h backup.c dirent_def.h globs.c indent.h \
+         indent.c indent_globs.h io.c lexi.c memcpy.c parse.c pr_comment.c \
+diff --git a/regression/input/comment-heap-overread.c b/regression/input/comment-heap-overread.c
+new file mode 100644
+index 0000000..5b0b172
+--- /dev/null
++++ b/regression/input/comment-heap-overread.c
+@@ -0,0 +1,2040 @@
++if 0;else/*
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++*/x
+diff --git a/regression/standard/comment-heap-overread.c b/regression/standard/comment-heap-overread.c
+new file mode 100644
+index 0000000..e601fb4
+--- /dev/null
++++ b/regression/standard/comment-heap-overread.c
+@@ -0,0 +1,2042 @@
++if 0;
++else				/*
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++				 */
++  x
+diff --git a/src/indent.c b/src/indent.c
+index 0c2780b..208b48a 100644
+--- a/src/indent.c
++++ b/src/indent.c
+@@ -145,8 +145,8 @@ static void sw_buffer(void)
+     parser_state_tos->search_brace = false;
+     bp_save = buf_ptr;
+     be_save = buf_end;
+-    buf_ptr = save_com.ptr;
+     need_chars (&save_com, 1);
++    buf_ptr = save_com.ptr;
+     buf_end = save_com.end;
+     save_com.end = save_com.ptr;        /* make save_com empty */
+ }
+--
+2.35.5
diff --git a/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0002.patch b/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0002.patch
new file mode 100644
index 0000000000..d02521bb06
--- /dev/null
+++ b/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0002.patch
@@ -0,0 +1,4254 @@
+From 2685cc0bef0200733b634932ea7399b6cf91b6d7 Mon Sep 17 00:00:00 2001
+From: Petr Písař <ppisar@redhat.com>
+Date: Thu, 19 Oct 2023 08:42:59 +0000
+Subject: [PATCH] Fix a heap buffer overwrite in search_brace()
+ (CVE-2023-40305)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If there was a comment between if-condition and an statement opening
+bracket and the comment size aligned to an indent-internal 1024 B
+buffer for comments, indent attempted to write into a nonallocated
+memory on heap.
+
+$ hexdump -C /tmp/write1
+00000000  69 66 20 30 3b 65 6c 73  65 2f 2a 0a 0a 0a 0a 0a  |if 0;else/*.....|
+00000010  0a 0a 0a 0a 0a 0a 0a 0a  0a 0a 0a 0a 0a 0a 0a 0a  |................|
+*
+00000800  0a 0a 0a 0a 2a 2f 7b 0a                           |....*/{.|
+00000808
+
+$ valgrind -- ./indent -o /dev/null /tmp/write1 2>&1 | head -n 23
+==26345== Memcheck, a memory error detector
+==26345== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
+==26345== Using Valgrind-3.21.0 and LibVEX; rerun with -h for copyright info
+==26345== Command: ./indent -o /dev/null /tmp/write1
+==26345==
+==26345== Invalid write of size 1
+==26345==    at 0x401558: search_brace (indent.c:232)
+==26345==    by 0x401CB2: indent_main_loop (indent.c:548)
+==26345==    by 0x402288: indent (indent.c:758)
+==26345==    by 0x402931: indent_single_file (indent.c:1003)
+==26345==    by 0x4029FF: indent_all (indent.c:1041)
+==26345==    by 0x402BA6: main (indent.c:1122)
+==26345==  Address 0x4aa7830 is 0 bytes after a block of size 2,048 alloc'd
+==26345==    at 0x4847A40: realloc (vg_replace_malloc.c:1649)
+==26345==    by 0x408BA1: xrealloc (globs.c:64)
+==26345==    by 0x40BEE4: need_chars (handletoken.c:89)
+==26345==    by 0x401686: search_brace (indent.c:281)
+==26345==    by 0x401CB2: indent_main_loop (indent.c:548)
+==26345==    by 0x402288: indent (indent.c:758)
+==26345==    by 0x402931: indent_single_file (indent.c:1003)
+==26345==    by 0x4029FF: indent_all (indent.c:1041)
+==26345==    by 0x402BA6: main (indent.c:1122)
+
+The cause was that the buffer was exhausted by the comment text and no
+space left for the following new-line and curly bracket characters.
+
+This patch fixes it by enlarging the buffer two fit these two
+additional characters.
+
+<https://savannah.gnu.org/bugs/index.php?64503>
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+CVE: CVE-2023-40305
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/indent.git/commit/?id=2685cc0bef0200733b634932ea7399b6cf91b6d7]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ regression/TEST                               |   44 +-
+ regression/input/comment-heap-overwrite.c     | 2042 ++++++++++++++++
+ regression/standard/comment-heap-overwrite.c  | 2044 +++++++++++++++++
+ .../standard/comment-heap-overwrite.err       |    1 +
+ src/indent.c                                  |    1 +
+ 5 files changed, 4111 insertions(+), 21 deletions(-)
+ create mode 100644 regression/input/comment-heap-overwrite.c
+ create mode 100644 regression/standard/comment-heap-overwrite.c
+ create mode 100644 regression/standard/comment-heap-overwrite.err
+
+diff --git a/regression/TEST b/regression/TEST
+index a7a6747..a76c112 100755
+--- a/regression/TEST
++++ b/regression/TEST
+@@ -427,6 +427,7 @@ echo Testing new comment stuff...Done.
+
+
+ echo Testing bad code handling....
++ERR=output/errors
+
+ # print_comment() was reading past the end of the buffer...
+ echo -ne '/*' | $INDENT -npro -st > /dev/null 2>&1
+@@ -444,29 +445,30 @@ then
+     echo >> $ERR
+ fi
+
+-# This ends in a error from indent but it shouldn't coredump.
+-$INDENT -npro input/bug206785.c -o output/bug206785.c 2>output/bug206785.err
++# This ends in an error from indent but it shouldn't coredump.
++for TEST in bug206785 comment-heap-overwrite; do
++    $INDENT -npro input/"$TEST".c -o output/"$TEST".c 2>output/"$TEST".err
+
+-if [ $? -ne 2 ]
+-then
+-    printf ERROR: bad return status from indent. | tee -a $ERR
+-    echo >> $ERR
+-fi
+-cd output
++    if [ $? -ne 2 ]
++    then
++        printf "ERROR: bad return status from indent for %s.c" "$TEST" | tee -a $ERR
++        echo >> $ERR
++    fi
+
+-for i in bug206785.c bug206785.err
+-do
+-  printf ...$i...
+-  diff --initial-tab ../standard/$i $i > $i-diffs 2>&1
+-  if [ -s $i-diffs ]
+-  then
+-    printf ERROR: $i failed | tee -a $ERR
+-    echo >> $ERR
+-  else
+-    rm $i-diffs
+-    rm $i
+-  fi
+-  echo
++    for i in "$TEST".c "$TEST".err
++    do
++      printf "...%s..." "$i"
++      diff --initial-tab standard/"$i" output/"$i" > output/"$i"-diffs 2>&1
++      if [ -s output/"$i"-diffs ]
++      then
++        printf "ERROR: %s failed" "$i" | tee -a $ERR
++        echo >> $ERR
++      else
++        rm output/"$i"-diffs
++        rm output/"$i"
++      fi
++      echo
++    done
+ done
+
+ echo Testing bad code handling...Done.
+diff --git a/regression/input/comment-heap-overwrite.c b/regression/input/comment-heap-overwrite.c
+new file mode 100644
+index 0000000..5b1ca6a
+--- /dev/null
++++ b/regression/input/comment-heap-overwrite.c
+@@ -0,0 +1,2042 @@
++if 0;else/*
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++*/{
+diff --git a/regression/standard/comment-heap-overwrite.c b/regression/standard/comment-heap-overwrite.c
+new file mode 100644
+index 0000000..8650d51
+--- /dev/null
++++ b/regression/standard/comment-heap-overwrite.c
+@@ -0,0 +1,2044 @@
++if 0;
++else				/*
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++				 */
++  {
+diff --git a/regression/standard/comment-heap-overwrite.err b/regression/standard/comment-heap-overwrite.err
+new file mode 100644
+index 0000000..fa571c8
+--- /dev/null
++++ b/regression/standard/comment-heap-overwrite.err
+@@ -0,0 +1 @@
++indent: input/comment-heap-overwrite.c:2044: Error:Unexpected end of file
+diff --git a/src/indent.c b/src/indent.c
+index 208b48a..a9f88a2 100644
+--- a/src/indent.c
++++ b/src/indent.c
+@@ -228,6 +228,7 @@ static BOOLEAN search_brace(
+                  * a `dump_line' call, thus ensuring that the brace
+                  * will go into the right column. */
+
++		need_chars (&save_com, 2);
+                 *save_com.end++ = EOL;
+                 *save_com.end++ = '{';
+                 save_com.len += 2;
+--
+2.35.5
diff --git a/meta-oe/recipes-extended/indent/indent_2.2.12.bb b/meta-oe/recipes-extended/indent/indent_2.2.12.bb
index 1a7d61abc0..a846682c13 100644
--- a/meta-oe/recipes-extended/indent/indent_2.2.12.bb
+++ b/meta-oe/recipes-extended/indent/indent_2.2.12.bb
@@ -17,6 +17,8 @@ SRC_URI = "${GNU_MIRROR}/${BPN}/${BP}.tar.gz \
            file://0001-Makefile.am-remove-regression-dir.patch \
            file://0001-Fix-builds-with-recent-gettext.patch \
            file://0001-Remove-dead-paren_level-code.patch \
+           file://CVE-2023-40305_0001.patch \
+           file://CVE-2023-40305_0002.patch \
            "
 SRC_URI[md5sum] = "4764b6ac98f6654a35da117b8e5e8e14"
 SRC_URI[sha256sum] = "e77d68c0211515459b8812118d606812e300097cfac0b4e9fb3472664263bb8b"
diff --git a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb
index d6e56ea768..edc5e00f52 100644
--- a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb
+++ b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb
@@ -11,4 +11,7 @@ SRC_URI[sha256sum] = "f4f377da17b10201a60c1108613e78ee15df6b12016b116b6de42209f4
 
 inherit autotools pkgconfig
 
+# upstream considers it isn't a real bug https://github.com/akheron/jansson/issues/548
+CVE_CHECK_IGNORE = "CVE-2020-36325 "
+
 BBCLASSEXTEND = "native"
diff --git a/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb b/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb
index cd586897a4..599416cb2a 100644
--- a/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb
+++ b/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb
@@ -29,6 +29,9 @@ EXTRA_OECMAKE += "${PLATFORM_CMAKE_FLAGS}"
 PACKAGE_BEFORE_PN += "${PN}-examples-python ${PN}-examples"
 FILES:${PN}-examples-python = "${bindir}/py*"
 FILES:${PN}-examples = "${bindir}"
+# cec-client doesn't link with libcec, but uses LibCecInitialise to dlopen libcec, so do_package
+# cannot add the runtime dependency automatically
+RDEPENDS:${PN}-examples = "${PN}"
 RDEPENDS:${PN}-examples-python = "python3-${BPN} python3-core"
 
 # Create the wrapper for python3
diff --git a/meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb b/meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb
index db4f507b7c..daaff00395 100644
--- a/meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb
+++ b/meta-oe/recipes-extended/libimobiledevice/libplist_2.2.0.bb
@@ -13,6 +13,12 @@ SRC_URI = "git://github.com/libimobiledevice/libplist;protocol=https;branch=mast
 
 S = "${WORKDIR}/git"
 
+CVE_CHECK_IGNORE += "\
+    CVE-2017-5834 \
+    CVE-2017-5835 \
+    CVE-2017-5836 \
+"
+
 do_install:append () {
     if [ -e ${D}${libdir}/python*/site-packages/plist/_plist.so ]; then
         chrpath -d ${D}${libdir}/python*/site-packages/plist/_plist.so
diff --git a/meta-oe/recipes-extended/liblockfile/liblockfile/0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch b/meta-oe/recipes-extended/liblockfile/liblockfile/0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch
new file mode 100644
index 0000000000..8ac61aa55d
--- /dev/null
+++ b/meta-oe/recipes-extended/liblockfile/liblockfile/0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch
@@ -0,0 +1,63 @@
+From db9b4be854bb9a84319b81ce0afecd98f4f84ff7 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 27 Feb 2023 08:28:21 +0000
+Subject: [PATCH] Makefile.in: fix install failure on host without ldconfig
+
+fix syntax error when ldconfig is not installed on host
+
+when ldconfig is not installed on the build host, install will failed with
+error:
+ln -sf nfslock.so.0.1 /mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image/usr/lib64/nfslock.so.0
+install -m 644 lockfile.h maillock.h /mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image/usr/include
+if test "/mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image" = ""; then ; fi
+if [ "mail" != "" ]; then\
+          install -g mail -m 2755 dotlockfile /mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image/usr/bin;\
+        else \
+          install -g root -m 755 dotlockfile /mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image/usr/bin; \
+        fi
+/bin/sh: -c: line 1: syntax error near unexpected token `;'
+/bin/sh: -c: line 1: `if test "/mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image" = ""; then ; fi'
+
+Upstream-Status: Submitted [https://github.com/miquels/liblockfile/pull/21]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ Makefile.in | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 6e53179..d003899 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -9,6 +9,10 @@ NFSVER		= 0.1
+ CFLAGS		= @CFLAGS@ -I.
+ LDFLAGS		= @LDFLAGS@
+ CC		= @CC@
++LDCONFIG       = @LDCONFIG@
++ifeq ($(LDCONFIG),)
++    LDCONFIG = ":"
++endif
+ 
+ prefix		= $(DESTDIR)@prefix@
+ exec_prefix	= @exec_prefix@
+@@ -58,7 +62,7 @@ install_shared:	shared install_static install_common
+ 			$(libdir)/liblockfile.so.$(SOVER)
+ 		ln -s liblockfile.so.$(SOVER) $(libdir)/liblockfile.so.$(MAJOR)
+ 		ln -s liblockfile.so.$(SOVER) $(libdir)/liblockfile.so
+-		if test "$(DESTDIR)" = ""; then @LDCONFIG@; fi
++		if test "$(DESTDIR)" = ""; then $(LDCONFIG); fi
+ 
+ install_common:
+ 		install -d -m 755 -g root -p $(includedir)
+@@ -79,7 +83,7 @@ install_nfslib:	nfslib
+ 		install -m 755 nfslock.so.$(NFSVER) $(nfslockdir)
+ 		ln -sf nfslock.so.$(NFSVER) $(libdir)/nfslock.so
+ 		ln -sf nfslock.so.$(NFSVER) $(libdir)/nfslock.so.0
+-		if test "$(DESTDIR)" = ""; then @LDCONFIG@; fi
++		if test "$(DESTDIR)" = ""; then $(LDCONFIG); fi
+ 
+ clean:
+ 		rm -f *.a *.o *.so *.so.* dotlockfile
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-extended/liblockfile/liblockfile_1.14.bb b/meta-oe/recipes-extended/liblockfile/liblockfile_1.14.bb
index bac3a2c0bd..eefc25dc46 100644
--- a/meta-oe/recipes-extended/liblockfile/liblockfile_1.14.bb
+++ b/meta-oe/recipes-extended/liblockfile/liblockfile_1.14.bb
@@ -10,6 +10,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/libl/liblockfile/liblockfile_1.14.orig.tar.gz \
     file://0001-Makefile.in-add-DESTDIR.patch \
     file://0001-Makefile.in-install-nfslock-libs.patch \
     file://liblockfile-fix-install-so-to-man-dir.patch \
+    file://0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch \
 "
 
 SRC_URI[md5sum] = "420c056ba0cc4d1477e402f70ba2f5eb"
diff --git a/meta-oe/recipes-extended/libqb/libqb_2.0.6.bb b/meta-oe/recipes-extended/libqb/libqb_2.0.8.bb
index ce3606d777..3db9e2e66f 100644
--- a/meta-oe/recipes-extended/libqb/libqb_2.0.6.bb
+++ b/meta-oe/recipes-extended/libqb/libqb_2.0.8.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=321bf41f280cf805086dd5a720b37785"
 
 inherit autotools pkgconfig
 
-SRCREV = "758044bed5f615c90818aa5431d00303288888e5"
+SRCREV = "002171bbcf4bc4728da56c1538afd9e9d814ecaf"
 SRC_URI = "git://github.com/ClusterLabs/${BPN}.git;branch=main;protocol=https \
           "
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch
new file mode 100644
index 0000000000..f3af3dbffd
--- /dev/null
+++ b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch
@@ -0,0 +1,57 @@
+From dc668d296f9f05aeab6315d44cff3208641e3096 Mon Sep 17 00:00:00 2001
+From: Michal Vasko <mvasko@cesnet.cz>
+Date: Mon, 13 Feb 2023 10:23:13 +0100
+Subject: [PATCH] schema compile UPDATE do not implement 2 same modules
+
+CVE: CVE-2023-26916
+Upstream-Status: Backport [https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096]
+
+Refs #1979
+---
+ src/schema_compile.c | 20 +++++++-------------
+ 1 file changed, 7 insertions(+), 13 deletions(-)
+
+diff --git a/src/schema_compile.c b/src/schema_compile.c
+index ed768ba0..68c0d681 100644
+--- a/src/schema_compile.c
++++ b/src/schema_compile.c
+@@ -1748,7 +1748,7 @@ lys_has_compiled_import_r(struct lys_module *mod)
+ LY_ERR
+ lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unres *unres)
+ {
+-    LY_ERR ret;
++    LY_ERR r;
+     struct lys_module *m;
+ 
+     assert(!mod->implemented);
+@@ -1757,21 +1757,15 @@ lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unr
+     m = ly_ctx_get_module_implemented(mod->ctx, mod->name);
+     if (m) {
+         assert(m != mod);
+-        if (!strcmp(mod->name, "yang") && (strcmp(m->revision, mod->revision) > 0)) {
+-            /* special case for newer internal module, continue */
+-            LOGVRB("Internal module \"%s@%s\" is already implemented in revision \"%s\", using it instead.",
+-                    mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>");
+-        } else {
+-            LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".",
+-                    mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>");
+-            return LY_EDENIED;
+-        }
++        LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".",
++                mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>");
++        return LY_EDENIED;
+     }
+ 
+     /* set features */
+-    ret = lys_set_features(mod->parsed, features);
+-    if (ret && (ret != LY_EEXIST)) {
+-        return ret;
++    r = lys_set_features(mod->parsed, features);
++    if (r && (r != LY_EEXIST)) {
++        return r;
+     }
+ 
+     /*
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch
new file mode 100644
index 0000000000..d7ba2fb9a0
--- /dev/null
+++ b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch
@@ -0,0 +1,40 @@
+From cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090 Mon Sep 17 00:00:00 2001
+From: Michal Vasko <mvasko@cesnet.cz>
+Date: Tue, 18 Jul 2023 10:41:21 +0000
+Subject: [PATCH] parser common BUGFIX handle missing YANG strings
+
+Fixes #1987
+
+CVE: CVE-2023-26917
+
+Upstream-Status:
+Backport[https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/parser_stmt.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/parser_stmt.c b/src/parser_stmt.c
+index 81ccbfca6..2ebf822ab 100644
+--- a/src/parser_stmt.c
++++ b/src/parser_stmt.c
+@@ -52,6 +52,16 @@ lysp_stmt_validate_value(struct lys_parser_ctx *ctx, enum yang_arg val_type, con
+     uint32_t c;
+     size_t utf8_char_len;
+
++    if (!val) {
++	    if (val_type == Y_MAYBE_STR_ARG) {
++		    /* fine */
++		    return LY_SUCCESS;
++	    }
++
++	    LOGVAL_PARSER(ctx, LYVE_SYNTAX, "Missing an expected string.");
++	    return LY_EVALID;
++    }
++
+     while (*val) {
+         LY_CHECK_ERR_RET(ly_getutf8(&val, &c, &utf8_char_len),
+                 LOGVAL_PARSER(ctx, LY_VCODE_INCHAR, (val)[-utf8_char_len]), LY_EVALID);
+--
+2.35.5
diff --git a/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb b/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb
index 2817be7c86..eb3f322519 100644
--- a/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb
+++ b/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb
@@ -11,6 +11,8 @@ SRCREV = "a0cc89516ab5eca84d01c85309f320a94752a64c"
 SRC_URI = "git://github.com/CESNET/libyang.git;branch=master;protocol=https \
            file://libyang-add-stdint-h.patch \
            file://run-ptest \
+           file://CVE-2023-26916.patch \
+	    file://CVE-2023-26917.patch \
            "
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb b/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb
index af0a3c2bd2..6801020ef9 100644
--- a/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb
+++ b/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb
@@ -17,7 +17,7 @@ REQUIRED_DISTRO_FEATURES = "pam"
 
 SRCREV = "d8eba6cb6682b59d84ca1da67a523520b879ade6"
 
-SRC_URI = "git://github.com/Openwsman/openwsman.git;branch=master;protocol=https \
+SRC_URI = "git://github.com/Openwsman/openwsman.git;branch=main;protocol=https \
            file://libssl-is-required-if-eventint-supported.patch \
            file://openwsmand.service \
            file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \
diff --git a/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch
new file mode 100644
index 0000000000..42ea716bea
--- /dev/null
+++ b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch
@@ -0,0 +1,30 @@
+From: Robert Luberda <robert@debian.org>
+Date: Sat, 19 Nov 2016 08:48:08 +0100
+Subject: Fix nullptr dereference (CVE-2016-9296)
+
+Patch taken from https://sourceforge.net/p/p7zip/bugs/185/
+
+CVE: CVE-2016-9296
+
+Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-debug/20180205T215659Z/pool/main/p/p7zip/p7zip_16.02%2Bdfsg-6.debian.tar.xz]
+
+Signed-off-by: Zahir Hussain <zahir.basha@kpit.com>
+Signed-off-by: aszh07 <mail2szahir@gmail.com>
+---
+ CPP/7zip/Archive/7z/7zIn.cpp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/Archive/7z/7zIn.cpp b/CPP/7zip/Archive/7z/7zIn.cpp
+index b0c6b98..7c6dde2 100644
+--- a/CPP/7zip/Archive/7z/7zIn.cpp
++++ b/CPP/7zip/Archive/7z/7zIn.cpp
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedStreams(
+       if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+         ThrowIncorrect();
+   }
+-  HeadersSize += folders.PackPositions[folders.NumPackStreams];
++  if (folders.PackPositions)
++      HeadersSize += folders.PackPositions[folders.NumPackStreams];
+   return S_OK;
+ }
+ 
diff --git a/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch b/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch
new file mode 100644
index 0000000000..6b337b8d2d
--- /dev/null
+++ b/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch
@@ -0,0 +1,228 @@
+From: Robert Luberda <robert@debian.org>
+Date: Sun, 28 Jan 2018 23:47:40 +0100
+Subject: CVE-2018-5996
+
+Hopefully fix Memory Corruptions via RAR PPMd (CVE-2018-5996) by
+applying a few changes from 7Zip 18.00-beta.
+
+Bug-Debian: https://bugs.debian.org/#888314
+
+CVE: CVE-2018-5996
+
+Upstream-Status: Backport [https://sources.debian.org/data/non-free/p/p7zip-rar/16.02-3/debian/patches/06-CVE-2018-5996.patch]
+
+Signed-off-by: Zahir Hussain <zahir.basha@kpit.com>
+Signed-off-by: aszh07 <mail2szahir@gmail.com>
+---
+ CPP/7zip/Compress/Rar1Decoder.cpp | 13 +++++++++----
+ CPP/7zip/Compress/Rar1Decoder.h   |  1 +
+ CPP/7zip/Compress/Rar2Decoder.cpp | 10 +++++++++-
+ CPP/7zip/Compress/Rar2Decoder.h   |  1 +
+ CPP/7zip/Compress/Rar3Decoder.cpp | 23 ++++++++++++++++++++---
+ CPP/7zip/Compress/Rar3Decoder.h   |  2 ++
+ 6 files changed, 42 insertions(+), 8 deletions(-)
+
+diff --git a/CPP/7zip/Compress/Rar1Decoder.cpp b/CPP/7zip/Compress/Rar1Decoder.cpp
+index 1aaedcc..68030c7 100644
+--- a/CPP/7zip/Compress/Rar1Decoder.cpp
++++ b/CPP/7zip/Compress/Rar1Decoder.cpp
+@@ -29,7 +29,7 @@ public:
+ };
+ */
+ 
+-CDecoder::CDecoder(): m_IsSolid(false) { }
++CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { }
+ 
+ void CDecoder::InitStructures()
+ {
+@@ -406,9 +406,14 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+   InitData();
+   if (!m_IsSolid)
+   {
++    _errorMode = false;
+     InitStructures();
+     InitHuff();
+   }
++
++  if (_errorMode)
++    return S_FALSE;
++
+   if (m_UnpackSize > 0)
+   {
+     GetFlagsBuf();
+@@ -477,9 +482,9 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream
+     const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress)
+ {
+   try { return CodeReal(inStream, outStream, inSize, outSize, progress); }
+-  catch(const CInBufferException &e) { return e.ErrorCode; }
+-  catch(const CLzOutWindowException &e) { return e.ErrorCode; }
+-  catch(...) { return S_FALSE; }
++  catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; }
++  catch(const CLzOutWindowException &e) { _errorMode = true; return e.ErrorCode; }
++  catch(...) { _errorMode = true; return S_FALSE; }
+ }
+ 
+ STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size)
+diff --git a/CPP/7zip/Compress/Rar1Decoder.h b/CPP/7zip/Compress/Rar1Decoder.h
+index 630f089..01b606b 100644
+--- a/CPP/7zip/Compress/Rar1Decoder.h
++++ b/CPP/7zip/Compress/Rar1Decoder.h
+@@ -39,6 +39,7 @@ public:
+ 
+   Int64 m_UnpackSize;
+   bool m_IsSolid;
++  bool _errorMode;
+ 
+   UInt32 ReadBits(int numBits);
+   HRESULT CopyBlock(UInt32 distance, UInt32 len);
+diff --git a/CPP/7zip/Compress/Rar2Decoder.cpp b/CPP/7zip/Compress/Rar2Decoder.cpp
+index b3f2b4b..0580c8d 100644
+--- a/CPP/7zip/Compress/Rar2Decoder.cpp
++++ b/CPP/7zip/Compress/Rar2Decoder.cpp
+@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << 20;
+ static const UInt32 kWindowReservSize = (1 << 22) + 256;
+ 
+ CDecoder::CDecoder():
+-  m_IsSolid(false)
++  m_IsSolid(false),
++  m_TablesOK(false)
+ {
+ }
+ 
+@@ -100,6 +101,8 @@ UInt32 CDecoder::ReadBits(unsigned numBits) { return m_InBitStream.ReadBits(numB
+ 
+ bool CDecoder::ReadTables(void)
+ {
++  m_TablesOK = false;
++
+   Byte levelLevels[kLevelTableSize];
+   Byte newLevels[kMaxTableSize];
+   m_AudioMode = (ReadBits(1) == 1);
+@@ -170,6 +173,8 @@ bool CDecoder::ReadTables(void)
+   }
+   
+   memcpy(m_LastLevels, newLevels, kMaxTableSize);
++  m_TablesOK = true;
++
+   return true;
+ }
+ 
+@@ -344,6 +349,9 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+       return S_FALSE;
+   }
+ 
++  if (!m_TablesOK)
++    return S_FALSE;
++
+   UInt64 startPos = m_OutWindowStream.GetProcessedSize();
+   while (pos < unPackSize)
+   {
+diff --git a/CPP/7zip/Compress/Rar2Decoder.h b/CPP/7zip/Compress/Rar2Decoder.h
+index 3a0535c..0e9005f 100644
+--- a/CPP/7zip/Compress/Rar2Decoder.h
++++ b/CPP/7zip/Compress/Rar2Decoder.h
+@@ -139,6 +139,7 @@ class CDecoder :
+ 
+   UInt64 m_PackSize;
+   bool m_IsSolid;
++  bool m_TablesOK;
+ 
+   void InitStructures();
+   UInt32 ReadBits(unsigned numBits);
+diff --git a/CPP/7zip/Compress/Rar3Decoder.cpp b/CPP/7zip/Compress/Rar3Decoder.cpp
+index 3bf2513..6cb8a6a 100644
+--- a/CPP/7zip/Compress/Rar3Decoder.cpp
++++ b/CPP/7zip/Compress/Rar3Decoder.cpp
+@@ -92,7 +92,8 @@ CDecoder::CDecoder():
+   _writtenFileSize(0),
+   _vmData(0),
+   _vmCode(0),
+-  m_IsSolid(false)
++  m_IsSolid(false),
++  _errorMode(false)
+ {
+   Ppmd7_Construct(&_ppmd);
+ }
+@@ -545,6 +546,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing)
+     return InitPPM();
+   }
+ 
++  TablesRead = false;
++  TablesOK = false;
++
+   _lzMode = true;
+   PrevAlignBits = 0;
+   PrevAlignCount = 0;
+@@ -606,6 +610,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing)
+       }
+     }
+   }
++  if (InputEofError())
++    return S_FALSE;
++
+   TablesRead = true;
+ 
+   // original code has check here:
+@@ -623,6 +630,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing)
+   RIF(m_LenDecoder.Build(&newLevels[kMainTableSize + kDistTableSize + kAlignTableSize]));
+ 
+   memcpy(m_LastLevels, newLevels, kTablesSizesSum);
++
++  TablesOK = true;
++
+   return S_OK;
+ }
+ 
+@@ -824,7 +834,12 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress)
+     PpmEscChar = 2;
+     PpmError = true;
+     InitFilters();
++    _errorMode = false;
+   }
++
++  if (_errorMode)
++    return S_FALSE;
++
+   if (!m_IsSolid || !TablesRead)
+   {
+     bool keepDecompressing;
+@@ -838,6 +853,8 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress)
+     bool keepDecompressing;
+     if (_lzMode)
+     {
++      if (!TablesOK)
++        return S_FALSE;
+       RINOK(DecodeLZ(keepDecompressing))
+     }
+     else
+@@ -901,8 +918,8 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream
+     _unpackSize = outSize ? *outSize : (UInt64)(Int64)-1;
+     return CodeReal(progress);
+   }
+-  catch(const CInBufferException &e)  { return e.ErrorCode; }
+-  catch(...) { return S_FALSE; }
++  catch(const CInBufferException &e)  { _errorMode = true; return e.ErrorCode; }
++  catch(...) { _errorMode = true; return S_FALSE; }
+   // CNewException is possible here. But probably CNewException is caused
+   // by error in data stream.
+ }
+diff --git a/CPP/7zip/Compress/Rar3Decoder.h b/CPP/7zip/Compress/Rar3Decoder.h
+index c130cec..2f72d7d 100644
+--- a/CPP/7zip/Compress/Rar3Decoder.h
++++ b/CPP/7zip/Compress/Rar3Decoder.h
+@@ -192,6 +192,7 @@ class CDecoder:
+   UInt32 _lastFilter;
+ 
+   bool m_IsSolid;
++  bool _errorMode;
+ 
+   bool _lzMode;
+   bool _unsupportedFilter;
+@@ -200,6 +201,7 @@ class CDecoder:
+   UInt32 PrevAlignCount;
+ 
+   bool TablesRead;
++  bool TablesOK;
+ 
+   CPpmd7 _ppmd;
+   int PpmEscChar;
diff --git a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb
index 04923116cf..e795482eb6 100644
--- a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb
+++ b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb
@@ -10,6 +10,8 @@ SRC_URI = "http://downloads.sourceforge.net/p7zip/p7zip/${PV}/p7zip_${PV}_src_al
            file://CVE-2017-17969.patch \
            file://0001-Fix-narrowing-errors-Wc-11-narrowing.patch \
            file://change_numMethods_from_bool_to_unsigned.patch \
+           file://CVE-2018-5996.patch \
+           file://CVE-2016-9296.patch \
            "
 
 SRC_URI[md5sum] = "a0128d661cfe7cc8c121e73519c54fbf"
diff --git a/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules b/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules
new file mode 100644
index 0000000000..2ffa4087a8
--- /dev/null
+++ b/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules
@@ -0,0 +1,24 @@
+polkit.addRule(function(action, subject) {
+  var YES = polkit.Result.YES;
+  var permission = {
+    // required for udisks1:
+    "org.freedesktop.udisks.filesystem-mount": YES,
+    "org.freedesktop.udisks.luks-unlock": YES,
+    "org.freedesktop.udisks.drive-eject": YES,
+    "org.freedesktop.udisks.drive-detach": YES,
+    // required for udisks2:
+    "org.freedesktop.udisks2.filesystem-mount": YES,
+    "org.freedesktop.udisks2.encrypted-unlock": YES,
+    "org.freedesktop.udisks2.eject-media": YES,
+    "org.freedesktop.udisks2.power-off-drive": YES,
+    // required for udisks2 if using udiskie from another seat (e.g. systemd):
+    "org.freedesktop.udisks2.filesystem-mount-other-seat": YES,
+    "org.freedesktop.udisks2.filesystem-unmount-others": YES,
+    "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
+    "org.freedesktop.udisks2.eject-media-other-seat": YES,
+    "org.freedesktop.udisks2.power-off-drive-other-seat": YES
+  };
+  if (subject.isInGroup("plugdev")) {
+    return permission[action.id];
+  }
+});
diff --git a/meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb b/meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb
new file mode 100644
index 0000000000..db2ed015b4
--- /dev/null
+++ b/meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb
@@ -0,0 +1,17 @@
+DESCRIPTION = "Polkit rule to allow non-priviledged users mount/umount block devices via udisks2"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+require polkit-group-rule.inc
+
+# The file originates from https://github.com/coldfix/udiskie/wiki/Permissions
+SRC_URI = "file://50-org.freedesktop.udiskie.rules"
+
+RDEPENDS:${PN} += "udisks2"
+
+do_install() {
+    install -m 0755 ${WORKDIR}/50-org.freedesktop.udiskie.rules ${D}${sysconfdir}/polkit-1/rules.d
+}
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM:${PN} = "--system plugdev"
diff --git a/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch b/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch
index e44e4f6e4a..b8562f8ce2 100644
--- a/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch
+++ b/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch
@@ -1,15 +1,18 @@
-From eaecfb21e1bca42e99321cc731e21dbfc1ea0d0c Mon Sep 17 00:00:00 2001
+From 4af72493cb380ab5ce0dd7c5bcd25a8b5457d770 Mon Sep 17 00:00:00 2001
 From: Gustavo Lima Chaves <limachaves@gmail.com>
 Date: Tue, 25 Jan 2022 09:43:21 +0000
-Subject: [PATCH 3/3] Added support for duktape as JS engine
+Subject: [PATCH] Added support for duktape as JS engine
 
 Original author: Wu Xiaotian (@yetist)
 Resurrection author, runaway-killer author: Gustavo Lima Chaves (@limachaves)
 
 Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
 
+Upstream-Status: Backport [c7fc4e1b61f0fd82fc697c19c604af7e9fb291a2]
+Dropped change to .gitlab-ci.yml and adapted configure.ac due to other
+patches in meta-oe.
+
 ---
- .gitlab-ci.yml                                |    1 +
  buildutil/ax_pthread.m4                       |  522 ++++++++
  configure.ac                                  |   34 +-
  docs/man/polkit.xml                           |    4 +-
@@ -23,16 +26,12 @@ Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
  .../polkitbackendjsauthority.cpp              |  721 +----------
  .../etc/polkit-1/rules.d/10-testing.rules     |    6 +-
  .../test-polkitbackendjsauthority.c           |    2 +-
- 14 files changed, 2399 insertions(+), 678 deletions(-)
+ 13 files changed, 2398 insertions(+), 678 deletions(-)
  create mode 100644 buildutil/ax_pthread.m4
  create mode 100644 src/polkitbackend/polkitbackendcommon.c
  create mode 100644 src/polkitbackend/polkitbackendcommon.h
  create mode 100644 src/polkitbackend/polkitbackendduktapeauthority.c
 
-Upstream-Status: Backport [c7fc4e1b61f0fd82fc697c19c604af7e9fb291a2]
-Dropped change to .gitlab-ci.yml and adapted configure.ac due to other
-patches in meta-oe.
-
 diff --git a/buildutil/ax_pthread.m4 b/buildutil/ax_pthread.m4
 new file mode 100644
 index 0000000..9f35d13
@@ -603,7 +602,7 @@ index b625743..bbf4768 100644
 +CC="$PTHREAD_CC"
 +AC_CHECK_FUNCS([pthread_condattr_setclock])
 +
- AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
+ AC_CHECK_FUNCS(clearenv fdatasync)
  
  if test "x$GCC" = "xyes"; then
 @@ -581,6 +598,13 @@ echo "
@@ -3458,6 +3457,3 @@ index f97e0e0..2103b17 100644
    },
  
    {
--- 
-2.20.1
-
diff --git a/meta-oe/recipes-extended/polkit/polkit/0003-make-netgroup-support-optional.patch b/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch
index 1a268f2d0d..218c860fbd 100644
--- a/meta-oe/recipes-extended/polkit/polkit/0003-make-netgroup-support-optional.patch
+++ b/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch
@@ -1,49 +1,68 @@
-From 0c1debb380fee7f5b2bc62406e45856dc9c9e1a1 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 22 May 2019 13:18:55 -0700
-Subject: [PATCH] make netgroup support optional
+From 5cf1a5fe6f8a24f1c95a749e3f347eeed2f591dd Mon Sep 17 00:00:00 2001
+From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
+Date: Sun, 15 May 2022 05:04:10 +0000
+Subject: [PATCH] Make netgroup support optional
 
-On at least Linux/musl and Linux/uclibc, netgroup
-support is not available.  PolKit fails to compile on these systems
-for that reason.
+On at least Linux/musl and Linux/uclibc, netgroup support is not
+available.  PolKit fails to compile on these systems for that reason.
 
 This change makes netgroup support conditional on the presence of the
 setnetgrent(3) function which is required for the support to work.  If
 that function is not available on the system, an error will be returned
 to the administrator if unix-netgroup: is specified in configuration.
 
-Fixes bug 50145.
+(sam: rebased for Meson and Duktape.)
 
-Closes polkit/polkit#14.
+Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
+Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/163
+Closes: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/52
 Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Ported back the change in configure.ac (upstream removed autotools
+support).
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
 
 ---
- configure.ac                                     |  2 +-
- src/polkit/polkitidentity.c                      | 16 ++++++++++++++++
- src/polkit/polkitunixnetgroup.c                  |  3 +++
- .../polkitbackendinteractiveauthority.c          | 14 ++++++++------
- src/polkitbackend/polkitbackendjsauthority.cpp   |  3 +++
- test/polkit/polkitidentitytest.c                 |  9 ++++++++-
- test/polkit/polkitunixnetgrouptest.c             |  3 +++
- .../test-polkitbackendjsauthority.c              |  2 ++
- 8 files changed, 44 insertions(+), 8 deletions(-)
+ configure.ac                                    |  2 +-
+ meson.build                                     |  1 +
+ src/polkit/polkitidentity.c                     | 17 +++++++++++++++++
+ src/polkit/polkitunixnetgroup.c                 |  3 +++
+ .../polkitbackendinteractiveauthority.c         | 14 ++++++++------
+ src/polkitbackend/polkitbackendjsauthority.cpp  |  2 ++
+ test/polkit/polkitidentitytest.c                |  8 +++++++-
+ test/polkit/polkitunixnetgrouptest.c            |  2 ++
+ .../test-polkitbackendjsauthority.c             |  2 ++
+ 9 files changed, 43 insertions(+), 8 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index b625743..d807086 100644
+index 18e4223..0f87ea0 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
- 	     [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
+@@ -117,7 +117,7 @@ CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+ CC="$PTHREAD_CC"
+ AC_CHECK_FUNCS([pthread_condattr_setclock])
  
 -AC_CHECK_FUNCS(clearenv fdatasync)
 +AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
  
  if test "x$GCC" = "xyes"; then
    LDFLAGS="-Wl,--as-needed $LDFLAGS"
+diff --git a/meson.build b/meson.build
+index 7506231..2d9d67a 100644
+--- a/meson.build
++++ b/meson.build
+@@ -82,6 +82,7 @@ config_h.set('_GNU_SOURCE', true)
+ check_functions = [
+   'clearenv',
+   'fdatasync',
++  'setnetgrent',
+ ]
+ 
+ foreach func: check_functions
 diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
-index 3aa1f7f..10e9c17 100644
+index 3aa1f7f..793f17d 100644
 --- a/src/polkit/polkitidentity.c
 +++ b/src/polkit/polkitidentity.c
 @@ -182,7 +182,15 @@ polkit_identity_from_string  (const gchar   *str,
@@ -62,7 +81,7 @@ index 3aa1f7f..10e9c17 100644
      }
  
    if (identity == NULL && (error != NULL && *error == NULL))
-@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
+@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
        GVariant *v;
        const char *name;
  
@@ -73,10 +92,11 @@ index 3aa1f7f..10e9c17 100644
 +                   "Netgroups are not available on this machine");
 +      goto out;
 +#else
++
        v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
        if (v == NULL)
          {
-@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
+@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
        name = g_variant_get_string (v, NULL);
        ret = polkit_unix_netgroup_new (name);
        g_variant_unref (v);
@@ -144,10 +164,10 @@ index 056d9a8..36c2f3d 100644
  }
  
 diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
-index ca17108..41d8d5c 100644
+index 11e91c0..9ee0391 100644
 --- a/src/polkitbackend/polkitbackendjsauthority.cpp
 +++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1520,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
+@@ -1291,6 +1291,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
  
    JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
  
@@ -155,28 +175,19 @@ index ca17108..41d8d5c 100644
    JS::RootedString usrstr (authority->priv->cx);
    usrstr = args[0].toString();
    user = JS_EncodeStringToUTF8 (cx, usrstr);
-@@ -1535,6 +1536,8 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
+@@ -1305,6 +1306,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
+     {
        is_in_netgroup =  true;
      }
- 
 +#endif
-+
+ 
    ret = true;
  
-   args.rval ().setBoolean (is_in_netgroup);
 diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
-index e91967b..e829aaa 100644
+index e91967b..2635c4c 100644
 --- a/test/polkit/polkitidentitytest.c
 +++ b/test/polkit/polkitidentitytest.c
-@@ -19,6 +19,7 @@
-  * Author: Nikki VonHollen <vonhollen@google.com>
-  */
- 
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <polkit/polkitprivate.h>
-@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
+@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = {
    {"unix-group:root", "unix-group:jane", FALSE},
    {"unix-group:jane", "unix-group:jane", TRUE},
  
@@ -192,7 +203,7 @@ index e91967b..e829aaa 100644
  
    {NULL},
  };
-@@ -181,11 +186,13 @@ main (int argc, char *argv[])
+@@ -181,11 +185,13 @@ main (int argc, char *argv[])
    g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
    g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
  
@@ -208,18 +219,10 @@ index e91967b..e829aaa 100644
    add_comparison_tests ();
  
 diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
-index 3701ba1..e3352eb 100644
+index 3701ba1..e1d211e 100644
 --- a/test/polkit/polkitunixnetgrouptest.c
 +++ b/test/polkit/polkitunixnetgrouptest.c
-@@ -19,6 +19,7 @@
-  * Author: Nikki VonHollen <vonhollen@google.com>
-  */
- 
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <string.h>
-@@ -69,7 +70,9 @@ int
+@@ -69,7 +69,9 @@ int
  main (int argc, char *argv[])
  {
    g_test_init (&argc, &argv, NULL);
@@ -230,7 +233,7 @@ index 3701ba1..e3352eb 100644
    return g_test_run ();
  }
 diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
-index f97e0e0..fc52149 100644
+index 2103b17..b187a2f 100644
 --- a/test/polkitbackend/test-polkitbackendjsauthority.c
 +++ b/test/polkitbackend/test-polkitbackendjsauthority.c
 @@ -137,12 +137,14 @@ test_get_admin_identities (void)
diff --git a/meta-oe/recipes-extended/polkit/polkit/0005-Make-netgroup-support-optional-duktape.patch b/meta-oe/recipes-extended/polkit/polkit/0005-Make-netgroup-support-optional-duktape.patch
new file mode 100644
index 0000000000..12988ad94f
--- /dev/null
+++ b/meta-oe/recipes-extended/polkit/polkit/0005-Make-netgroup-support-optional-duktape.patch
@@ -0,0 +1,34 @@
+From 792f8e2151c120ec51b50a4098e4f9642409cbec Mon Sep 17 00:00:00 2001
+From: Marta Rybczynska <rybczynska@gmail.com>
+Date: Fri, 29 Jul 2022 11:52:59 +0200
+Subject: [PATCH] Make netgroup support optional
+
+This patch adds a fragment of the netgroup patch to apply on the duktape-related
+code. This change is needed to compile with duktape+musl.
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66]
+Signed-off-by: Marta Rybczynska <martarybczynska@huawei.com>
+---
+ src/polkitbackend/polkitbackendduktapeauthority.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/polkitbackend/polkitbackendduktapeauthority.c b/src/polkitbackend/polkitbackendduktapeauthority.c
+index c89dbcf..58a5936 100644
+--- a/src/polkitbackend/polkitbackendduktapeauthority.c
++++ b/src/polkitbackend/polkitbackendduktapeauthority.c
+@@ -1036,6 +1036,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
+   user = duk_require_string (cx, 0);
+   netgroup = duk_require_string (cx, 1);
+ 
++#ifdef HAVE_SETNETGRENT
+   if (innetgr (netgroup,
+                NULL,  /* host */
+                user,
+@@ -1043,6 +1044,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
+     {
+       is_in_netgroup = TRUE;
+     }
++#endif
+ 
+   duk_push_boolean (cx, is_in_netgroup);
+   return 1;
diff --git a/meta-oe/recipes-extended/polkit/polkit_0.119.bb b/meta-oe/recipes-extended/polkit/polkit_0.119.bb
index 66bbf735f0..eff80cd43d 100644
--- a/meta-oe/recipes-extended/polkit/polkit_0.119.bb
+++ b/meta-oe/recipes-extended/polkit/polkit_0.119.bb
@@ -24,10 +24,10 @@ PACKAGECONFIG[consolekit] = ",,,consolekit"
 PAM_SRC_URI = "file://polkit-1_pam.patch"
 SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \
            ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
-           file://0003-make-netgroup-support-optional.patch \
            file://0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch \
            file://0002-CVE-2021-4115-GHSL-2021-077-fix.patch \
            file://0003-Added-support-for-duktape-as-JS-engine.patch \
+           file://0004-Make-netgroup-support-optional.patch \
            "
 SRC_URI[sha256sum] = "c8579fdb86e94295404211285fee0722ad04893f0213e571bd75c00972fd1f5c"
 
@@ -58,7 +58,7 @@ FILES:${PN}:append = " \
 FILES:${PN}-examples = "${bindir}/*example*"
 
 USERADD_PACKAGES = "${PN}"
-USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/${BPN}-1 polkitd"
+USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/${BPN}-1 --shell /bin/nologin polkitd"
 
 SYSTEMD_SERVICE:${PN} = "${BPN}.service"
 SYSTEMD_AUTO_ENABLE = "disable"
diff --git a/meta-oe/recipes-extended/redis/redis-7/0001-src-Do-not-reset-FINAL_LIBS.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/0001-src-Do-not-reset-FINAL_LIBS.patch
index e8d8b1d53f..e8d8b1d53f 100644
--- a/meta-oe/recipes-extended/redis/redis-7/0001-src-Do-not-reset-FINAL_LIBS.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/0001-src-Do-not-reset-FINAL_LIBS.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/0006-Define-correct-gregs-for-RISCV32.patch
index 01f8421811..385b0aeed0 100644
--- a/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/0006-Define-correct-gregs-for-RISCV32.patch
@@ -1,4 +1,4 @@
-From f26a978c638bcbc621669dce0ab89e43af42af98 Mon Sep 17 00:00:00 2001
+From b6b2c652abfa98093401b232baca8719c50cadf4 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 26 Oct 2020 21:32:22 -0700
 Subject: [PATCH] Define correct gregs for RISCV32
@@ -6,18 +6,17 @@ Subject: [PATCH] Define correct gregs for RISCV32
 Upstream-Status: Pending
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 
-Updated patch for 6.2.1
-Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
-
+Updated patch for 6.2.8
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
 ---
  src/debug.c | 26 ++++++++++++++++++++++++--
  1 file changed, 24 insertions(+), 2 deletions(-)
 
 diff --git a/src/debug.c b/src/debug.c
-index 2da2c5d..1d778fa 100644
+index ebda858..90bc450 100644
 --- a/src/debug.c
 +++ b/src/debug.c
-@@ -1116,7 +1116,9 @@ static void *getMcontextEip(ucontext_t *uc) {
+@@ -1168,7 +1168,9 @@ static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) {
      #endif
  #elif defined(__linux__)
      /* Linux */
@@ -25,10 +24,10 @@ index 2da2c5d..1d778fa 100644
 +    #if defined(__riscv) && __riscv_xlen == 32
 +    return (void*) uc->uc_mcontext.__gregs[REG_PC];
 +    #elif defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__))
-     return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */
+     GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip);
      #elif defined(__X86_64__) || defined(__x86_64__)
-     return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */
-@@ -1298,8 +1300,28 @@ void logRegisters(ucontext_t *uc) {
+     GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip);
+@@ -1350,8 +1352,28 @@ void logRegisters(ucontext_t *uc) {
      #endif
  /* Linux */
  #elif defined(__linux__)
@@ -58,3 +57,6 @@ index 2da2c5d..1d778fa 100644
      serverLog(LL_WARNING,
      "\n"
      "EAX:%08lx EBX:%08lx ECX:%08lx EDX:%08lx\n"
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/GNU_SOURCE-7.patch
index 6e07c25c6a..6e07c25c6a 100644
--- a/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/GNU_SOURCE-7.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/hiredis-use-default-CC-if-it-is-set.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/hiredis-use-default-CC-if-it-is-set.patch
index 657b0923e2..657b0923e2 100644
--- a/meta-oe/recipes-extended/redis/redis-7/hiredis-use-default-CC-if-it-is-set.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/hiredis-use-default-CC-if-it-is-set.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/init-redis-server b/meta-oe/recipes-extended/redis/redis-7.0.13/init-redis-server
index 6014d70c0e..6014d70c0e 100755
--- a/meta-oe/recipes-extended/redis/redis-7/init-redis-server
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/init-redis-server
diff --git a/meta-oe/recipes-extended/redis/redis-7/lua-update-Makefile-to-use-environment-build-setting.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/lua-update-Makefile-to-use-environment-build-setting.patch
index c6c6fde162..c6c6fde162 100644
--- a/meta-oe/recipes-extended/redis/redis-7/lua-update-Makefile-to-use-environment-build-setting.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/lua-update-Makefile-to-use-environment-build-setting.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/oe-use-libc-malloc.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/oe-use-libc-malloc.patch
index bf6d0cf3c1..bf6d0cf3c1 100644
--- a/meta-oe/recipes-extended/redis/redis-7/oe-use-libc-malloc.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/oe-use-libc-malloc.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/redis.conf b/meta-oe/recipes-extended/redis/redis-7.0.13/redis.conf
index 75037d6dc8..75037d6dc8 100644
--- a/meta-oe/recipes-extended/redis/redis-7/redis.conf
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/redis.conf
diff --git a/meta-oe/recipes-extended/redis/redis-7/redis.service b/meta-oe/recipes-extended/redis/redis-7.0.13/redis.service
index 36d29852da..a52204cc70 100644
--- a/meta-oe/recipes-extended/redis/redis-7/redis.service
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/redis.service
@@ -9,6 +9,7 @@ ExecStart=/usr/bin/redis-server /etc/redis/redis.conf
 ExecStop=/usr/bin/redis-cli shutdown
 Restart=always
 LimitNOFILE=10032
+Type=notify
 
 [Install]
 WantedBy=multi-user.target
diff --git a/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch b/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch
index b2d1a32eda..9d7e502717 100644
--- a/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch
+++ b/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch
@@ -1,4 +1,4 @@
-From 6134b471c35df826ccb41aab9a47e5c89e15a0c4 Mon Sep 17 00:00:00 2001
+From 26bd72f3b8de22e5036d86e6c79f815853b83473 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 26 Oct 2020 21:32:22 -0700
 Subject: [PATCH] Define correct gregs for RISCV32
@@ -13,10 +13,10 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
  1 file changed, 24 insertions(+), 2 deletions(-)
 
 diff --git a/src/debug.c b/src/debug.c
-index e7fec29..5abb404 100644
+index 5318c14..8c21b47 100644
 --- a/src/debug.c
 +++ b/src/debug.c
-@@ -1039,7 +1039,9 @@ static void *getMcontextEip(ucontext_t *uc) {
+@@ -1055,7 +1055,9 @@ static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) {
      #endif
  #elif defined(__linux__)
      /* Linux */
@@ -24,10 +24,10 @@ index e7fec29..5abb404 100644
 +    #if defined(__riscv) && __riscv_xlen == 32
 +    return (void*) uc->uc_mcontext.__gregs[REG_PC];
 +    #elif defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__))
-     return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */
+     GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip);
      #elif defined(__X86_64__) || defined(__x86_64__)
-     return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */
-@@ -1206,8 +1208,28 @@ void logRegisters(ucontext_t *uc) {
+     GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip);
+@@ -1222,8 +1224,28 @@ void logRegisters(ucontext_t *uc) {
      #endif
  /* Linux */
  #elif defined(__linux__)
@@ -57,3 +57,6 @@ index e7fec29..5abb404 100644
      serverLog(LL_WARNING,
      "\n"
      "EAX:%08lx EBX:%08lx ECX:%08lx EDX:%08lx\n"
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-extended/redis/redis/GNU_SOURCE.patch b/meta-oe/recipes-extended/redis/redis/GNU_SOURCE.patch
index 12994da569..20f689bd0b 100644
--- a/meta-oe/recipes-extended/redis/redis/GNU_SOURCE.patch
+++ b/meta-oe/recipes-extended/redis/redis/GNU_SOURCE.patch
@@ -1,4 +1,4 @@
-From 18dc1457db8f66237e016b85a04dc50833c33c50 Mon Sep 17 00:00:00 2001
+From 98d526f76049be21bf3d77158236b2189419a78e Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Sat, 21 Dec 2019 12:09:51 -0800
 Subject: [PATCH] Define _GNU_SOURCE to get PTHREAD_MUTEX_INITIALIZER
@@ -10,20 +10,22 @@ Fixes
 
 Upstream-Status: Pending
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
 ---
  src/zmalloc.c | 1 +
  1 file changed, 1 insertion(+)
 
 diff --git a/src/zmalloc.c b/src/zmalloc.c
-index ba03685..322304f 100644
+index 1f33d09..5e182d1 100644
 --- a/src/zmalloc.c
 +++ b/src/zmalloc.c
-@@ -32,6 +32,7 @@
- #include "config.h"
- #include "solarisfixes.h"
+@@ -28,6 +28,7 @@
+  * POSSIBILITY OF SUCH DAMAGE.
+  */
  
 +#define _GNU_SOURCE
  #include <stdio.h>
  #include <stdlib.h>
  #include <stdint.h>
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-extended/redis/redis_6.2.6.bb b/meta-oe/recipes-extended/redis/redis_6.2.12.bb
index 87fade7e04..3ed6867816 100644
--- a/meta-oe/recipes-extended/redis/redis_6.2.6.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.12.bb
@@ -17,7 +17,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
            file://GNU_SOURCE.patch \
            file://0006-Define-correct-gregs-for-RISCV32.patch \
            "
-SRC_URI[sha256sum] = "5b2b8b7a50111ef395bf1c1d5be11e6e167ac018125055daa8b5c2317ae131ab"
+SRC_URI[sha256sum] = "75352eef41e97e84bfa94292cbac79e5add5345fc79787df5cbdff703353fb1b"
 
 inherit autotools-brokensep update-rc.d systemd useradd
 
diff --git a/meta-oe/recipes-extended/redis/redis_7.0-rc3.bb b/meta-oe/recipes-extended/redis/redis_7.0.13.bb
index e977d67f6b..e88ab4ddf5 100644
--- a/meta-oe/recipes-extended/redis/redis_7.0-rc3.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.0.13.bb
@@ -6,8 +6,6 @@ LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=8ffdd6c926faaece928cf9d9640132d2"
 DEPENDS = "readline lua ncurses"
 
-FILESPATH =. "${FILE_DIRNAME}/${PN}-7:"
-
 SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
            file://redis.conf \
            file://init-redis-server \
@@ -16,10 +14,10 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
            file://lua-update-Makefile-to-use-environment-build-setting.patch \
            file://oe-use-libc-malloc.patch \
            file://0001-src-Do-not-reset-FINAL_LIBS.patch \
-           file://GNU_SOURCE.patch \
+           file://GNU_SOURCE-7.patch \
            file://0006-Define-correct-gregs-for-RISCV32.patch \
            "
-SRC_URI[sha256sum] = "66b2ecc2e4b53c62940589434ea8af3a85546df131001680ed294028cd84ecdc"
+SRC_URI[sha256sum] = "97065774d5fb8388eb0d8913458decfcb167d356e40d31dd01cd30c1cc391673"
 
 inherit autotools-brokensep update-rc.d systemd useradd
 
@@ -35,7 +33,10 @@ USERADD_PACKAGES = "${PN}"
 USERADD_PARAM:${PN}  = "--system --home-dir /var/lib/redis -g redis --shell /bin/false redis"
 GROUPADD_PARAM:${PN} = "--system redis"
 
-REDIS_ON_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}"
+PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
+PACKAGECONFIG[systemd] = "USE_SYSTEMD=yes,USE_SYSTEMD=no,systemd"
+
+EXTRA_OEMAKE += "${PACKAGECONFIG_CONFARGS}"
 
 do_compile:prepend() {
     (cd deps && oe_runmake hiredis lua linenoise)
@@ -55,8 +56,9 @@ do_install() {
     install -m 0644 ${WORKDIR}/redis.service ${D}${systemd_system_unitdir}
     sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${systemd_system_unitdir}/redis.service
 
-    if [ "${REDIS_ON_SYSTEMD}" = true ]; then
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
         sed -i 's!daemonize yes!# daemonize yes!' ${D}/${sysconfdir}/redis/redis.conf
+        sed -i 's!supervised no!supervised systemd!' ${D}/${sysconfdir}/redis/redis.conf
     fi
 }
 
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog_8.2202.0.bb b/meta-oe/recipes-extended/rsyslog/rsyslog_8.2206.0.bb
index ebb8ecf9bd..a39de3acb5 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog_8.2202.0.bb
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog_8.2206.0.bb
@@ -31,7 +31,7 @@ SRC_URI:append:libc-musl = " \
     file://0001-Include-sys-time-h.patch \
 "
 
-SRC_URI[sha256sum] = "e41308a5a171939b3cbc246e9d4bd30be44e801521e04cd95d051fa3867d6738"
+SRC_URI[sha256sum] = "a1377218b26c0767a7a3f67d166d5338af7c24b455d35ec99974e18e6845ba27"
 
 UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/releases"
 UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)"
diff --git a/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb b/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb
index ecbfad394d..a59a5c41df 100644
--- a/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb
+++ b/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb
@@ -21,6 +21,10 @@ SRCREV = "a181e951376d49a82eef17920c8ebedec80b4823"
 
 S = "${WORKDIR}/git"
 
+CVE_CHECK_IGNORE += "\
+    CVE-2012-5638 \
+"
+
 DEPENDS = "libaio util-linux"
 
 inherit setuptools3 useradd
diff --git a/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb b/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb
index 7e00f150d3..4b9ae4758f 100644
--- a/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb
+++ b/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb
@@ -32,6 +32,10 @@ SRC_URI = "http://downloads.sourceforge.net/sblim/${BP}.tar.bz2 \
 SRC_URI[md5sum] = "28021cdabc73690a94f4f9d57254ce30"
 SRC_URI[sha256sum] = "634a67b2f7ac3b386a79160eb44413d618e33e4e7fc74ae68b0240484af149dd"
 
+CVE_CHECK_IGNORE += "\
+    CVE-2012-3381 \
+"
+
 inherit autotools
 inherit systemd
 
diff --git a/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb b/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb
index 6ef9f74c70..2f4f16589d 100644
--- a/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb
+++ b/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb
@@ -7,14 +7,24 @@ SRC_URI = "https://sourceforge.net/projects/${BPN}/files/${BPN}/${PV}/${BPN}-${P
 SRC_URI[md5sum] = "cd5c670c1086358598a6d4a9d166949d"
 SRC_URI[sha256sum] = "d4000e02102acaf259998c870e25214739d1f16f67f99cb35e4f46841399da68"
 
-inherit cmake features_check
+inherit cmake features_check pkgconfig
 
-# depends on virtual/libx11, virtual/libgl
-REQUIRED_DISTRO_FEATURES = "x11 opengl"
+# depends on virtual/libgl
+REQUIRED_DISTRO_FEATURES = "opengl"
 
+PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'wayland x11', d)}"
+PACKAGECONFIG[gles] = "-DFREEGLUT_GLES=ON,-DFREEGLUT_GLES=OFF,"
+PACKAGECONFIG[wayland] = "-DFREEGLUT_WAYLAND=ON,-DFREEGLUT_WAYLAND=OFF,libxkbcommon"
+PACKAGECONFIG[demos] = "-DFREEGLUT_BUILD_DEMOS=ON,-DFREEGLUT_BUILD_DEMOS=OFF,"
+PACKAGECONFIG[x11] = ",,virtual/libx11 libice libxmu libglu libxrandr libxext"
 # Do not use -fno-common, check back when upgrading to new version it might not be needed
 CFLAGS += "-fcommon"
 
 PROVIDES += "mesa-glut"
 
-DEPENDS = "virtual/libx11 libxmu libxi virtual/libgl libglu libxrandr"
+DEPENDS = "virtual/libgl libxi"
+
+do_install:append() {
+    # Remove buildpaths
+    sed -i "s#${RECIPE_SYSROOT}##g" ${D}${libdir}/cmake/FreeGLUT/FreeGLUTTargets.cmake
+}
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch
new file mode 100644
index 0000000000..a48f8aa06a
--- /dev/null
+++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch
@@ -0,0 +1,38 @@
+From 361f274ca901c3c476697a6404662d95f4dd43cb Mon Sep 17 00:00:00 2001
+From: Matthew Fernandez <matthew.fernandez@gmail.com>
+Date: Fri, 12 Jan 2024 17:06:17 +1100
+Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope 
+ 'gv_api'
+
+Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb]
+CVE: CVE-2023-46045
+ 
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ lib/gvc/gvconfig.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
+index 2d86321..f9d1dcc 100644
+--- a/lib/gvc/gvconfig.c
++++ b/lib/gvc/gvconfig.c
+@@ -173,7 +173,6 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
+ {
+     char *package_path, *name, *api;
+     const char *type;
+-    api_t gv_api;
+     int quality, rc;
+     int nest = 0;
+     gvplugin_package_t *package;
+@@ -188,7 +187,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
+         package = gvplugin_package_record(gvc, package_path, name);
+ 	do {
+ 	    api = token(&nest, &s);
+-	    gv_api = gvplugin_api(api);
++	    const api_t gv_api = gvplugin_api(api);
+ 	    do {
+ 		if (nest == 2) {
+ 		    type = token(&nest, &s);
+-- 
+2.40.0
+
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch
new file mode 100644
index 0000000000..4c70b1a877
--- /dev/null
+++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch
@@ -0,0 +1,39 @@
+From 3f31704cafd7da3e86bb2861accf5e90c973e62a Mon Sep 17 00:00:00 2001
+From: Matthew Fernandez <matthew.fernandez@gmail.com>
+Date: Fri, 12 Jan 2024 17:06:17 +1100
+Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope 
+ 'api'
+
+Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a]
+CVE: CVE-2023-46045
+
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ lib/gvc/gvconfig.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
+index f9d1dcc..95e8c6c 100644
+--- a/lib/gvc/gvconfig.c
++++ b/lib/gvc/gvconfig.c
+@@ -171,7 +171,7 @@ static char *token(int *nest, char **tokens)
+ 
+ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
+ {
+-    char *package_path, *name, *api;
++    char *package_path, *name;
+     const char *type;
+     int quality, rc;
+     int nest = 0;
+@@ -186,7 +186,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
+ 	    name = "x";
+         package = gvplugin_package_record(gvc, package_path, name);
+ 	do {
+-	    api = token(&nest, &s);
++	    const char *api = token(&nest, &s);
+ 	    const api_t gv_api = gvplugin_api(api);
+ 	    do {
+ 		if (nest == 2) {
+-- 
+2.40.0
+
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch
new file mode 100644
index 0000000000..4746265eeb
--- /dev/null
+++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch
@@ -0,0 +1,31 @@
+From a95f977f5d809915ec4b14836d2b5b7f5e74881e Mon Sep 17 00:00:00 2001
+From: Matthew Fernandez <matthew.fernandez@gmail.com>
+Date: Fri, 12 Jan 2024 17:06:17 +1100
+Subject: [PATCH] gvc: detect plugin installation failure and display an error
+
+Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e]
+CVE: CVE-2023-46045
+
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ lib/gvc/gvconfig.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
+index 95e8c6c..77d0865 100644
+--- a/lib/gvc/gvconfig.c
++++ b/lib/gvc/gvconfig.c
+@@ -188,6 +188,10 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
+ 	do {
+ 	    const char *api = token(&nest, &s);
+ 	    const api_t gv_api = gvplugin_api(api);
++	    if (gv_api == (api_t)-1) {
++		agerr(AGERR, "config error: %s %s not found\n", package_path, api);
++		return 0;
++	    }
+ 	    do {
+ 		if (nest == 2) {
+ 		    type = token(&nest, &s);
+-- 
+2.40.0
+
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb
index aa597cd8e4..f06e2adb02 100644
--- a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb
+++ b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb
@@ -20,6 +20,9 @@ DEPENDS:append:class-nativesdk = " ${BPN}-native"
 inherit autotools-brokensep pkgconfig gettext qemu
 
 SRC_URI = "https://gitlab.com/api/v4/projects/4207231/packages/generic/${BPN}-releases/${PV}/${BP}.tar.xz \
+	   file://CVE-2023-46045-1.patch \
+           file://CVE-2023-46045-2.patch \
+           file://CVE-2023-46045-3.patch \
            "
 # Use native mkdefs
 SRC_URI:append:class-target = "\
@@ -31,6 +34,10 @@ SRC_URI:append:class-nativesdk = "\
 
 SRC_URI[sha256sum] = "6b16bf990df114195be669773a1dae975dbbffada45e1de2849ddeb5851bb9a8"
 
+CVE_CHECK_IGNORE += "\
+    CVE-2014-9157 \
+"
+
 PACKAGECONFIG ??= "librsvg"
 PACKAGECONFIG[librsvg] = "--with-librsvg,--without-librsvg,librsvg"
 
diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
index 4c17105a99..27dff82df5 100644
--- a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
+++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb
@@ -6,6 +6,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb"
 SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master"
 SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"
 
+CVE_CHECK_IGNORE += "\
+    CVE-2015-8751 \
+"
+
 S = "${WORKDIR}/git"
 
 inherit cmake
diff --git a/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb b/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb
index 9085c6d2fe..4ec0dc6ca3 100644
--- a/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb
+++ b/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb
@@ -82,3 +82,6 @@ do_configure:prepend() {
 }
 
 BBCLASSEXTEND = "native nativesdk"
+
+#CVE-2019-14906 is a RHEL specific vulnerability.
+CVE_CHECK_IGNORE += "CVE-2019-14906"
diff --git a/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb b/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb
index 1a94215839..7f93f704e0 100644
--- a/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb
+++ b/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb
@@ -9,7 +9,7 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=d6fc0df890c5270ef045981b516bb8f2"
 
 # TODO: Pin upstream release (current v7.11.0-80-g419a757)
-SRC_URI = "git://github.com/lvgl/lv_drivers;destsuffix=${S};protocol=https;nobranch=1"
+SRC_URI = "git://github.com/lvgl/lv_drivers;protocol=https;branch=master"
 SRCREV = "419a757c23aaa67c676fe3a2196d64808fcf2254"
 
 DEPENDS = "libxkbcommon lvgl wayland"
@@ -19,15 +19,15 @@ REQUIRED_DISTRO_FEATURES = "wayland"
 inherit cmake
 inherit features_check
 
-S = "${WORKDIR}/${PN}-${PV}"
+S = "${WORKDIR}/git"
 
 LVGL_CONFIG_WAYLAND_HOR_RES ?= "480"
 LVGL_CONFIG_WAYLAND_VER_RES ?= "320"
 
-EXTRA_OECMAKE += "-Dinstall:BOOL=ON -DLIB_INSTALL_DIR=${BASELIB}"
+EXTRA_OECMAKE += "-Dinstall:BOOL=ON -DLIB_INSTALL_DIR=${baselib}"
 
 TARGET_CFLAGS += "-DLV_CONF_INCLUDE_SIMPLE=1"
-TARGET_CFLAGS += "-I${RECIPE_SYSROOT}/${includedir}/lvgl"
+TARGET_CFLAGS += "-I${STAGING_INCDIR}/lvgl"
 
 # Upstream does not support a default configuration
 # but propose a default "disabled" template, which is used as reference
diff --git a/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb b/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb
index 032e85f522..0049bbe237 100644
--- a/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb
+++ b/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb
@@ -8,21 +8,23 @@ DESCRIPTION = "Allow the use of PNG images in LVGL. This implementation uses lod
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=d6fc0df890c5270ef045981b516bb8f2"
 
-SRC_URI = "git://github.com/lvgl/lv_lib_png;destsuffix=${S};protocol=https;nobranch=1"
+SRC_URI = "git://github.com/lvgl/lv_lib_png;;protocol=https;branch=master"
 SRCREV = "bf1531afe07c9f861107559e29ab8a2d83e4715a"
 
+S = "${WORKDIR}/git"
+
 # because of lvgl dependency
 REQUIRED_DISTRO_FEATURES = "wayland"
 
 DEPENDS += "lvgl"
 
-EXTRA_OECMAKE += "-DLIB_INSTALL_DIR=${BASELIB}"
+EXTRA_OECMAKE += "-DLIB_INSTALL_DIR=${baselib}"
 
 inherit cmake
 inherit features_check
 
 TARGET_CFLAGS += "-DLV_CONF_INCLUDE_SIMPLE=1"
-TARGET_CFLAGS += "-I${RECIPE_SYSROOT}/${includedir}/lvgl"
+TARGET_CFLAGS += "-I${STAGING_INCDIR}/lvgl"
 
 FILES:${PN}-dev = "\
     ${includedir}/lvgl/lv_lib_png/ \
diff --git a/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb b/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb
index 2005afa2fd..0021da01fb 100644
--- a/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb
+++ b/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb
@@ -8,7 +8,7 @@ SUMMARY = "Light and Versatile Graphics Library"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENCE.txt;md5=bf1198c89ae87f043108cea62460b03a"
 
-SRC_URI = "gitsm://github.com/lvgl/lvgl;destsuffix=${S};protocol=https;nobranch=1"
+SRC_URI = "gitsm://github.com/lvgl/lvgl;protocol=https;branch=master"
 SRCREV = "d38eb1e689fa5a64c25e677275172d9c8a4ab2f0"
 
 REQUIRED_DISTRO_FEATURES = "wayland"
@@ -16,8 +16,8 @@ REQUIRED_DISTRO_FEATURES = "wayland"
 inherit cmake
 inherit features_check
 
-EXTRA_OECMAKE = "-DLIB_INSTALL_DIR=${BASELIB}"
-S = "${WORKDIR}/${PN}-${PV}"
+EXTRA_OECMAKE = "-DLIB_INSTALL_DIR=${baselib}"
+S = "${WORKDIR}/git"
 
 LVGL_CONFIG_LV_MEM_CUSTOM ?= "0"
 
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch
new file mode 100644
index 0000000000..0322f55cc7
--- /dev/null
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch
@@ -0,0 +1,45 @@
+From 7bd884f8750892de4f50bf4642fcfbe7011c6bdf Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 18 Feb 2024 17:02:25 +0100
+Subject: [PATCH] opj_decompress: fix off-by-one read heap-buffer-overflow in
+ sycc420_to_rgb() when x0 and y0 are odd (CVE-2021-3575, fixes #1347)
+
+Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/7bd884f8750892de4f50bf4642fcfbe7011c6bdf]
+CVE: CVE-2021-3575
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/bin/common/color.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/bin/common/color.c b/src/bin/common/color.c
+index 27f15f13..ae5d648d 100644
+--- a/src/bin/common/color.c
++++ b/src/bin/common/color.c
+@@ -358,7 +358,15 @@ static void sycc420_to_rgb(opj_image_t *img)
+     if (i < loopmaxh) {
+         size_t j;
+
+-        for (j = 0U; j < (maxw & ~(size_t)1U); j += 2U) {
++        if (offx > 0U) {
++            sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
++            ++y;
++            ++r;
++            ++g;
++            ++b;
++        }
++
++        for (j = 0U; j < (loopmaxw & ~(size_t)1U); j += 2U) {
+             sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+
+             ++y;
+@@ -375,7 +383,7 @@ static void sycc420_to_rgb(opj_image_t *img)
+             ++cb;
+             ++cr;
+         }
+-        if (j < maxw) {
++        if (j < loopmaxw) {
+             sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+         }
+     }
+--
+2.39.3
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
index f248619ec8..a619c07aa4 100644
--- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
@@ -11,10 +11,15 @@ SRC_URI = " \
     file://0001-This-patch-fixed-include-dir-to-usr-include-.-Obviou.patch \
     file://CVE-2021-29338.patch \
     file://CVE-2022-1122.patch \
+    file://CVE-2021-3575.patch \
 "
 SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505"
 S = "${WORKDIR}/git"
 
+CVE_CHECK_IGNORE += "\
+    CVE-2015-1239 \
+"
+
 inherit cmake
 
 # for multilib
@@ -22,4 +27,4 @@ EXTRA_OECMAKE += "-DOPENJPEG_INSTALL_LIB_DIR=${@d.getVar('baselib').replace('/',
 
 FILES:${PN} += "${libdir}/openjpeg*"
 
-BBCLASSEXTEND = "native nativesdk"
+BBCLASSEXTEND = "native"
diff --git a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb
index 5f404f2aa2..5cde7c9fb4 100644
--- a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb
+++ b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "http://www.tigervnc.com/"
 LICENSE = "GPL-2.0-or-later"
 SECTION = "x11/utils"
 DEPENDS = "xserver-xorg gnutls jpeg libxtst gettext-native fltk libpam"
-RDEPENDS:${PN} = "coreutils hicolor-icon-theme perl bash"
+RDEPENDS:${PN} = "coreutils hicolor-icon-theme perl bash xkbcomp"
 
 LIC_FILES_CHKSUM = "file://LICENCE.TXT;md5=75b02c2872421380bbd47781d2bd75d3"
 
diff --git a/meta-oe/recipes-graphics/tslib/tslib_1.22.bb b/meta-oe/recipes-graphics/tslib/tslib_1.22.bb
index c2000b264b..cb2563225f 100644
--- a/meta-oe/recipes-graphics/tslib/tslib_1.22.bb
+++ b/meta-oe/recipes-graphics/tslib/tslib_1.22.bb
@@ -81,3 +81,5 @@ FILES:tslib-uinput += "${bindir}/ts_uinput"
 
 FILES:tslib-tests = "${bindir}/ts_harvest ${bindir}/ts_print ${bindir}/ts_print_raw ${bindir}/ts_print_mt \
                      ${bindir}/ts_test ${bindir}/ts_test_mt ${bindir}/ts_verify ${bindir}/ts_finddev ${bindir}/ts_conf"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb b/meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb
index 6a05e98e32..d394b33de2 100644
--- a/meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb
+++ b/meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb
@@ -13,7 +13,5 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=64322fab5239f5c8d97cf6e0e14f1c62"
 
 DEPENDS += "libxaw libxkbfile"
 
-BBCLASSEXTEND = "native"
-
 SRC_URI[md5sum] = "502b14843f610af977dffc6cbf2102d5"
 SRC_URI[sha256sum] = "d2a18ab90275e8bca028773c44264d2266dab70853db4321bdbc18da75148130"
diff --git a/meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb b/meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb
index 30a1e089e3..a9a8acf05c 100644
--- a/meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb
+++ b/meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb
@@ -8,7 +8,6 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6ea29dbee22324787c061f039e0529de"
 
 DEPENDS += "xbitmaps libxcursor"
-BBCLASSEXTEND = "native"
 
 SRC_URI[md5sum] = "5fe769c8777a6e873ed1305e4ce2c353"
 SRC_URI[sha256sum] = "10c442ba23591fb5470cea477a0aa5f679371f4f879c8387a1d9d05637ae417c"
diff --git a/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2022-45063.patch b/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2022-45063.patch
new file mode 100644
index 0000000000..167c326822
--- /dev/null
+++ b/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2022-45063.patch
@@ -0,0 +1,782 @@
+From 787636674918873a091e7a4ef5977263ba982322 Mon Sep 17 00:00:00 2001
+From: "Thomas E. Dickey" <dickey@invisible-island.net>
+Date: Sun, 23 Oct 2022 22:59:52 +0000
+Subject: [PATCH] snapshot of project "xterm", label xterm-374c
+
+Upstream-Status: https://github.com/ThomasDickey/xterm-snapshots/commit/787636674918873a091e7a4ef5977263ba982322
+CVE: CVE-2022-45063
+
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ button.c       |  14 +--
+ charproc.c     |   9 +-
+ doublechr.c    |   4 +-
+ fontutils.c    | 266 ++++++++++++++++++++++++++-----------------------
+ fontutils.h    |   4 +-
+ misc.c         |   7 +-
+ screen.c       |   2 +-
+ xterm.h        |   2 +-
+ xterm.log.html |   6 ++
+ 9 files changed, 163 insertions(+), 151 deletions(-)
+
+diff --git a/button.c b/button.c
+index f10092a..0bbf76e 100644
+--- a/button.c
++++ b/button.c
+@@ -2051,13 +2051,8 @@ void
+ UnmapSelections(XtermWidget xw)
+ {
+     TScreen *screen = TScreenOf(xw);
+-    Cardinal n;
+ 
+-    if (screen->mappedSelect) {
+-	for (n = 0; screen->mappedSelect[n] != 0; ++n)
+-	    free((void *) screen->mappedSelect[n]);
+-	FreeAndNull(screen->mappedSelect);
+-    }
++    FreeAndNull(screen->mappedSelect);
+ }
+ 
+ /*
+@@ -2093,14 +2088,11 @@ MapSelections(XtermWidget xw, String *params, Cardinal num_params)
+ 	    if ((result = TypeMallocN(String, num_params + 1)) != 0) {
+ 		result[num_params] = 0;
+ 		for (j = 0; j < num_params; ++j) {
+-		    result[j] = x_strdup((isSELECT(params[j])
++		    result[j] = (String) (isSELECT(params[j])
+ 					  ? mapTo
+-					  : params[j]));
++					  : params[j]);
+ 		    if (result[j] == 0) {
+ 			UnmapSelections(xw);
+-			while (j != 0) {
+-			    free((void *) result[--j]);
+-			}
+ 			FreeAndNull(result);
+ 			break;
+ 		    }
+diff --git a/charproc.c b/charproc.c
+index 2a3c69a..91cbcea 100644
+--- a/charproc.c
++++ b/charproc.c
+@@ -13605,7 +13605,6 @@ DoSetSelectedFont(Widget w,
+ 	Bell(xw, XkbBI_MinorError, 0);
+     } else {
+ 	Boolean failed = False;
+-	int oldFont = TScreenOf(xw)->menu_font_number;
+ 	char *save = TScreenOf(xw)->SelectFontName();
+ 	char *val;
+ 	char *test;
+@@ -13650,10 +13649,6 @@ DoSetSelectedFont(Widget w,
+ 		failed = True;
+ 	    }
+ 	    if (failed) {
+-		(void) xtermLoadFont(xw,
+-				     xtermFontName(TScreenOf(xw)->MenuFontName(oldFont)),
+-				     True,
+-				     oldFont);
+ 		Bell(xw, XkbBI_MinorError, 0);
+ 	    }
+ 	    free(used);
+@@ -13662,7 +13657,7 @@ DoSetSelectedFont(Widget w,
+     }
+ }
+ 
+-void
++Bool
+ FindFontSelection(XtermWidget xw, const char *atom_name, Bool justprobe)
+ {
+     TScreen *screen = TScreenOf(xw);
+@@ -13702,7 +13697,7 @@ FindFontSelection(XtermWidget xw, const char *atom_name, Bool justprobe)
+ 			    DoSetSelectedFont, NULL,
+ 			    XtLastTimestampProcessed(XtDisplay(xw)));
+     }
+-    return;
++    return (screen->SelectFontName() != NULL) ? True : False;
+ }
+ 
+ Bool
+diff --git a/doublechr.c b/doublechr.c
+index a802e32..6416849 100644
+--- a/doublechr.c
++++ b/doublechr.c
+@@ -295,7 +295,7 @@ xterm_DoubleGC(XTermDraw * params, GC old_gc, int *inxp)
+ 	    temp.flags = (params->attr_flags & BOLD);
+ 	    temp.warn = fwResource;
+ 
+-	    if (!xtermOpenFont(params->xw, name, &temp, False)) {
++	    if (!xtermOpenFont(params->xw, name, &temp, NULL, False)) {
+ 		XTermDraw local = *params;
+ 		char *nname;
+ 
+@@ -304,7 +304,7 @@ xterm_DoubleGC(XTermDraw * params, GC old_gc, int *inxp)
+ 		nname = xtermSpecialFont(&local);
+ 		if (nname != 0) {
+ 		    found = (Boolean) xtermOpenFont(params->xw, nname, &temp,
+-						    False);
++						    NULL, False);
+ 		    free(nname);
+ 		}
+ 	    } else {
+diff --git a/fontutils.c b/fontutils.c
+index 1646b4b..71f4ec2 100644
+--- a/fontutils.c
++++ b/fontutils.c
+@@ -92,9 +92,9 @@
+ }
+ 
+ #define FREE_FNAME(field) \
+-	    if (fonts == 0 || myfonts.field != fonts->field) { \
+-		FREE_STRING(myfonts.field); \
+-		myfonts.field = 0; \
++	    if (fonts == 0 || new_fnames.field != fonts->field) { \
++		FREE_STRING(new_fnames.field); \
++		new_fnames.field = 0; \
+ 	    }
+ 
+ /*
+@@ -573,7 +573,7 @@ open_italic_font(XtermWidget xw, int n, FontNameProperties *fp, XTermFonts * dat
+ 	if ((name = italic_font_name(fp, slant[pass])) != 0) {
+ 	    TRACE(("open_italic_font %s %s\n",
+ 		   whichFontEnum((VTFontEnum) n), name));
+-	    if (xtermOpenFont(xw, name, data, False)) {
++	    if (xtermOpenFont(xw, name, data, NULL, False)) {
+ 		result = (data->fs != 0);
+ #if OPT_REPORT_FONTS
+ 		if (resource.reportFonts) {
+@@ -1037,20 +1037,26 @@ xtermLoadQueryFont(XtermWidget xw, const char *name)
+ }
+ 
+ /*
+- * Open the given font and verify that it is non-empty.  Return a null on
++ * Open the given font and verify that it is non-empty.  Return false on
+  * failure.
+  */
+ Bool
+ xtermOpenFont(XtermWidget xw,
+ 	      const char *name,
+ 	      XTermFonts * result,
++	      XTermFonts * current,
+ 	      Bool force)
+ {
+     Bool code = False;
+ 
+     TRACE(("xtermOpenFont %d:%d '%s'\n",
+ 	   result->warn, xw->misc.fontWarnings, NonNull(name)));
++
+     if (!IsEmpty(name)) {
++	Bool existing = (current != NULL
++			 && current->fs != NULL
++			 && current->fn != NULL);
++
+ 	if ((result->fs = xtermLoadQueryFont(xw, name)) != 0) {
+ 	    code = True;
+ 	    if (EmptyFont(result->fs)) {
+@@ -1069,9 +1075,13 @@ xtermOpenFont(XtermWidget xw,
+ 	    } else {
+ 		TRACE(("xtermOpenFont: cannot load font '%s'\n", name));
+ 	    }
+-	    if (force) {
++	    if (existing) {
++		TRACE(("...continue using font '%s'\n", current->fn));
++		result->fn = x_strdup(current->fn);
++		result->fs = current->fs;
++	    } else if (force) {
+ 		NoFontWarning(result);
+-		code = xtermOpenFont(xw, DEFFONT, result, True);
++		code = xtermOpenFont(xw, DEFFONT, result, NULL, True);
+ 	    }
+ 	}
+     }
+@@ -1321,6 +1331,7 @@ static Bool
+ loadNormFP(XtermWidget xw,
+ 	   char **nameOutP,
+ 	   XTermFonts * infoOut,
++	   XTermFonts * current,
+ 	   int fontnum)
+ {
+     Bool status = True;
+@@ -1330,7 +1341,7 @@ loadNormFP(XtermWidget xw,
+     if (!xtermOpenFont(xw,
+ 		       *nameOutP,
+ 		       infoOut,
+-		       (fontnum == fontMenu_default))) {
++		       current, (fontnum == fontMenu_default))) {
+ 	/*
+ 	 * If we are opening the default font, and it happens to be missing,
+ 	 * force that to the compiled-in default font, e.g., "fixed".  If we
+@@ -1365,10 +1376,10 @@ loadBoldFP(XtermWidget xw,
+ 	if (fp != 0) {
+ 	    NoFontWarning(infoOut);
+ 	    *nameOutP = bold_font_name(fp, fp->average_width);
+-	    if (!xtermOpenFont(xw, *nameOutP, infoOut, False)) {
++	    if (!xtermOpenFont(xw, *nameOutP, infoOut, NULL, False)) {
+ 		free(*nameOutP);
+ 		*nameOutP = bold_font_name(fp, -1);
+-		xtermOpenFont(xw, *nameOutP, infoOut, False);
++		xtermOpenFont(xw, *nameOutP, infoOut, NULL, False);
+ 	    }
+ 	    TRACE(("...derived bold '%s'\n", NonNull(*nameOutP)));
+ 	}
+@@ -1386,7 +1397,7 @@ loadBoldFP(XtermWidget xw,
+ 	    TRACE(("...did not get a matching bold font\n"));
+ 	}
+ 	free(normal);
+-    } else if (!xtermOpenFont(xw, *nameOutP, infoOut, False)) {
++    } else if (!xtermOpenFont(xw, *nameOutP, infoOut, NULL, False)) {
+ 	xtermCopyFontInfo(infoOut, infoRef);
+ 	TRACE(("...cannot load bold font '%s'\n", NonNull(*nameOutP)));
+     } else {
+@@ -1440,7 +1451,7 @@ loadWideFP(XtermWidget xw,
+     }
+ 
+     if (check_fontname(*nameOutP)) {
+-	if (xtermOpenFont(xw, *nameOutP, infoOut, False)
++	if (xtermOpenFont(xw, *nameOutP, infoOut, NULL, False)
+ 	    && is_derived_font_name(*nameOutP)
+ 	    && EmptyFont(infoOut->fs)) {
+ 	    xtermCloseFont2(xw, infoOut - fWide, fWide);
+@@ -1493,7 +1504,7 @@ loadWBoldFP(XtermWidget xw,
+ 
+     if (check_fontname(*nameOutP)) {
+ 
+-	if (xtermOpenFont(xw, *nameOutP, infoOut, False)
++	if (xtermOpenFont(xw, *nameOutP, infoOut, NULL, False)
+ 	    && is_derived_font_name(*nameOutP)
+ 	    && !compatibleWideCounts(wideInfoRef->fs, infoOut->fs)) {
+ 	    xtermCloseFont2(xw, infoOut - fWBold, fWBold);
+@@ -1546,6 +1557,10 @@ loadWBoldFP(XtermWidget xw,
+ }
+ #endif
+ 
++/*
++ * Load a given bitmap font, along with the bold/wide variants.
++ * Returns nonzero on success.
++ */
+ int
+ xtermLoadFont(XtermWidget xw,
+ 	      const VTFontNames * fonts,
+@@ -1555,33 +1570,37 @@ xtermLoadFont(XtermWidget xw,
+     TScreen *screen = TScreenOf(xw);
+     VTwin *win = WhichVWin(screen);
+ 
+-    VTFontNames myfonts;
+-    XTermFonts fnts[fMAX];
++    VTFontNames new_fnames;
++    XTermFonts new_fonts[fMAX];
++    XTermFonts old_fonts[fMAX];
+     char *tmpname = NULL;
+     Boolean proportional = False;
++    Boolean recovered;
++    int code = 0;
+ 
+-    memset(&myfonts, 0, sizeof(myfonts));
+-    memset(fnts, 0, sizeof(fnts));
++    memset(&new_fnames, 0, sizeof(new_fnames));
++    memset(new_fonts, 0, sizeof(new_fonts));
++    memcpy(&old_fonts, screen->fnts, sizeof(old_fonts));
+ 
+     if (fonts != 0)
+-	myfonts = *fonts;
+-    if (!check_fontname(myfonts.f_n))
+-	return 0;
++	new_fnames = *fonts;
++    if (!check_fontname(new_fnames.f_n))
++	return code;
+ 
+     if (fontnum == fontMenu_fontescape
+-	&& myfonts.f_n != screen->MenuFontName(fontnum)) {
+-	if ((tmpname = x_strdup(myfonts.f_n)) == 0)
+-	    return 0;
++	&& new_fnames.f_n != screen->MenuFontName(fontnum)) {
++	if ((tmpname = x_strdup(new_fnames.f_n)) == 0)
++	    return code;
+     }
+ 
+-    TRACE(("Begin Cgs - xtermLoadFont(%s)\n", myfonts.f_n));
++    TRACE(("Begin Cgs - xtermLoadFont(%s)\n", new_fnames.f_n));
+     releaseWindowGCs(xw, win);
+ 
+ #define DbgResource(name, field, index) \
+     TRACE(("xtermLoadFont #%d "name" %s%s\n", \
+     	   fontnum, \
+-	   (fnts[index].warn == fwResource) ? "*" : " ", \
+-	   NonNull(myfonts.field)))
++	   (new_fonts[index].warn == fwResource) ? "*" : " ", \
++	   NonNull(new_fnames.field)))
+     DbgResource("normal", f_n, fNorm);
+     DbgResource("bold  ", f_b, fBold);
+ #if OPT_WIDE_CHARS
+@@ -1590,16 +1609,17 @@ xtermLoadFont(XtermWidget xw,
+ #endif
+ 
+     if (!loadNormFP(xw,
+-		    &myfonts.f_n,
+-		    &fnts[fNorm],
++		    &new_fnames.f_n,
++		    &new_fonts[fNorm],
++		    &old_fonts[fNorm],
+ 		    fontnum))
+ 	goto bad;
+ 
+     if (!loadBoldFP(xw,
+-		    &myfonts.f_b,
+-		    &fnts[fBold],
+-		    myfonts.f_n,
+-		    &fnts[fNorm],
++		    &new_fnames.f_b,
++		    &new_fonts[fBold],
++		    new_fnames.f_n,
++		    &new_fonts[fNorm],
+ 		    fontnum))
+ 	goto bad;
+ 
+@@ -1611,20 +1631,20 @@ xtermLoadFont(XtermWidget xw,
+     if_OPT_WIDE_CHARS(screen, {
+ 
+ 	if (!loadWideFP(xw,
+-			&myfonts.f_w,
+-			&fnts[fWide],
+-			myfonts.f_n,
+-			&fnts[fNorm],
++			&new_fnames.f_w,
++			&new_fonts[fWide],
++			new_fnames.f_n,
++			&new_fonts[fNorm],
+ 			fontnum))
+ 	    goto bad;
+ 
+ 	if (!loadWBoldFP(xw,
+-			 &myfonts.f_wb,
+-			 &fnts[fWBold],
+-			 myfonts.f_w,
+-			 &fnts[fWide],
+-			 myfonts.f_b,
+-			 &fnts[fBold],
++			 &new_fnames.f_wb,
++			 &new_fonts[fWBold],
++			 new_fnames.f_w,
++			 &new_fonts[fWide],
++			 new_fnames.f_b,
++			 &new_fonts[fBold],
+ 			 fontnum))
+ 	    goto bad;
+ 
+@@ -1634,30 +1654,30 @@ xtermLoadFont(XtermWidget xw,
+      * Normal/bold fonts should be the same width.  Also, the min/max
+      * values should be the same.
+      */
+-    if (fnts[fNorm].fs != 0
+-	&& fnts[fBold].fs != 0
+-	&& (!is_fixed_font(fnts[fNorm].fs)
+-	    || !is_fixed_font(fnts[fBold].fs)
+-	    || differing_widths(fnts[fNorm].fs, fnts[fBold].fs))) {
++    if (new_fonts[fNorm].fs != 0
++	&& new_fonts[fBold].fs != 0
++	&& (!is_fixed_font(new_fonts[fNorm].fs)
++	    || !is_fixed_font(new_fonts[fBold].fs)
++	    || differing_widths(new_fonts[fNorm].fs, new_fonts[fBold].fs))) {
+ 	TRACE(("Proportional font! normal %d/%d, bold %d/%d\n",
+-	       fnts[fNorm].fs->min_bounds.width,
+-	       fnts[fNorm].fs->max_bounds.width,
+-	       fnts[fBold].fs->min_bounds.width,
+-	       fnts[fBold].fs->max_bounds.width));
++	       new_fonts[fNorm].fs->min_bounds.width,
++	       new_fonts[fNorm].fs->max_bounds.width,
++	       new_fonts[fBold].fs->min_bounds.width,
++	       new_fonts[fBold].fs->max_bounds.width));
+ 	proportional = True;
+     }
+ 
+     if_OPT_WIDE_CHARS(screen, {
+-	if (fnts[fWide].fs != 0
+-	    && fnts[fWBold].fs != 0
+-	    && (!is_fixed_font(fnts[fWide].fs)
+-		|| !is_fixed_font(fnts[fWBold].fs)
+-		|| differing_widths(fnts[fWide].fs, fnts[fWBold].fs))) {
++	if (new_fonts[fWide].fs != 0
++	    && new_fonts[fWBold].fs != 0
++	    && (!is_fixed_font(new_fonts[fWide].fs)
++		|| !is_fixed_font(new_fonts[fWBold].fs)
++		|| differing_widths(new_fonts[fWide].fs, new_fonts[fWBold].fs))) {
+ 	    TRACE(("Proportional font! wide %d/%d, wide bold %d/%d\n",
+-		   fnts[fWide].fs->min_bounds.width,
+-		   fnts[fWide].fs->max_bounds.width,
+-		   fnts[fWBold].fs->min_bounds.width,
+-		   fnts[fWBold].fs->max_bounds.width));
++		   new_fonts[fWide].fs->min_bounds.width,
++		   new_fonts[fWide].fs->max_bounds.width,
++		   new_fonts[fWBold].fs->min_bounds.width,
++		   new_fonts[fWBold].fs->max_bounds.width));
+ 	    proportional = True;
+ 	}
+     });
+@@ -1676,13 +1696,13 @@ xtermLoadFont(XtermWidget xw,
+     screen->ifnts_ok = False;
+ #endif
+ 
+-    xtermCopyFontInfo(GetNormalFont(screen, fNorm), &fnts[fNorm]);
+-    xtermCopyFontInfo(GetNormalFont(screen, fBold), &fnts[fBold]);
++    xtermCopyFontInfo(GetNormalFont(screen, fNorm), &new_fonts[fNorm]);
++    xtermCopyFontInfo(GetNormalFont(screen, fBold), &new_fonts[fBold]);
+ #if OPT_WIDE_CHARS
+-    xtermCopyFontInfo(GetNormalFont(screen, fWide), &fnts[fWide]);
+-    if (fnts[fWBold].fs == NULL)
+-	xtermCopyFontInfo(GetNormalFont(screen, fWide), &fnts[fWide]);
+-    xtermCopyFontInfo(GetNormalFont(screen, fWBold), &fnts[fWBold]);
++    xtermCopyFontInfo(GetNormalFont(screen, fWide), &new_fonts[fWide]);
++    if (new_fonts[fWBold].fs == NULL)
++	xtermCopyFontInfo(GetNormalFont(screen, fWide), &new_fonts[fWide]);
++    xtermCopyFontInfo(GetNormalFont(screen, fWBold), &new_fonts[fWBold]);
+ #endif
+ 
+     xtermUpdateFontGCs(xw, getNormalFont);
+@@ -1713,7 +1733,7 @@ xtermLoadFont(XtermWidget xw,
+ 	unsigned ch;
+ 
+ #if OPT_TRACE
+-#define TRACE_MISS(index) show_font_misses(#index, &fnts[index])
++#define TRACE_MISS(index) show_font_misses(#index, &new_fonts[index])
+ 	TRACE_MISS(fNorm);
+ 	TRACE_MISS(fBold);
+ #if OPT_WIDE_CHARS
+@@ -1730,8 +1750,8 @@ xtermLoadFont(XtermWidget xw,
+ 		if ((n != UCS_REPL)
+ 		    && (n != ch)
+ 		    && (screen->fnt_boxes & 2)) {
+-		    if (xtermMissingChar(n, &fnts[fNorm]) ||
+-			xtermMissingChar(n, &fnts[fBold])) {
++		    if (xtermMissingChar(n, &new_fonts[fNorm]) ||
++			xtermMissingChar(n, &new_fonts[fBold])) {
+ 			UIntClr(screen->fnt_boxes, 2);
+ 			TRACE(("missing graphics character #%d, U+%04X\n",
+ 			       ch, n));
+@@ -1743,12 +1763,12 @@ xtermLoadFont(XtermWidget xw,
+ #endif
+ 
+ 	for (ch = 1; ch < 32; ch++) {
+-	    if (xtermMissingChar(ch, &fnts[fNorm])) {
++	    if (xtermMissingChar(ch, &new_fonts[fNorm])) {
+ 		TRACE(("missing normal char #%d\n", ch));
+ 		UIntClr(screen->fnt_boxes, 1);
+ 		break;
+ 	    }
+-	    if (xtermMissingChar(ch, &fnts[fBold])) {
++	    if (xtermMissingChar(ch, &new_fonts[fBold])) {
+ 		TRACE(("missing bold   char #%d\n", ch));
+ 		UIntClr(screen->fnt_boxes, 1);
+ 		break;
+@@ -1765,8 +1785,8 @@ xtermLoadFont(XtermWidget xw,
+ 	screen->enbolden = screen->bold_mode;
+     } else {
+ 	screen->enbolden = screen->bold_mode
+-	    && ((fnts[fNorm].fs == fnts[fBold].fs)
+-		|| same_font_name(myfonts.f_n, myfonts.f_b));
++	    && ((new_fonts[fNorm].fs == new_fonts[fBold].fs)
++		|| same_font_name(new_fnames.f_n, new_fnames.f_b));
+     }
+     TRACE(("Will %suse 1-pixel offset/overstrike to simulate bold\n",
+ 	   screen->enbolden ? "" : "not "));
+@@ -1782,7 +1802,7 @@ xtermLoadFont(XtermWidget xw,
+ 	    update_font_escape();
+ 	}
+ #if OPT_SHIFT_FONTS
+-	screen->menu_font_sizes[fontnum] = FontSize(fnts[fNorm].fs);
++	screen->menu_font_sizes[fontnum] = FontSize(new_fonts[fNorm].fs);
+ #endif
+     }
+     set_cursor_gcs(xw);
+@@ -1797,20 +1817,21 @@ xtermLoadFont(XtermWidget xw,
+     FREE_FNAME(f_w);
+     FREE_FNAME(f_wb);
+ #endif
+-    if (fnts[fNorm].fn == fnts[fBold].fn) {
+-	free(fnts[fNorm].fn);
++    if (new_fonts[fNorm].fn == new_fonts[fBold].fn) {
++	free(new_fonts[fNorm].fn);
+     } else {
+-	free(fnts[fNorm].fn);
+-	free(fnts[fBold].fn);
++	free(new_fonts[fNorm].fn);
++	free(new_fonts[fBold].fn);
+     }
+ #if OPT_WIDE_CHARS
+-    free(fnts[fWide].fn);
+-    free(fnts[fWBold].fn);
++    free(new_fonts[fWide].fn);
++    free(new_fonts[fWBold].fn);
+ #endif
+     xtermSetWinSize(xw);
+     return 1;
+ 
+   bad:
++    recovered = False;
+     free(tmpname);
+ 
+ #if OPT_RENDERFONT
+@@ -1820,15 +1841,15 @@ xtermLoadFont(XtermWidget xw,
+ 	SetItemSensitivity(fontMenuEntries[fontnum].widget, True);
+ #endif
+ 	Bell(xw, XkbBI_MinorError, 0);
+-	myfonts.f_n = screen->MenuFontName(old_fontnum);
+-	return xtermLoadFont(xw, &myfonts, doresize, old_fontnum);
+-    } else if (x_strcasecmp(myfonts.f_n, DEFFONT)) {
+-	int code;
+-
+-	myfonts.f_n = x_strdup(DEFFONT);
+-	TRACE(("...recovering for TrueType fonts\n"));
+-	code = xtermLoadFont(xw, &myfonts, doresize, fontnum);
+-	if (code) {
++	new_fnames.f_n = screen->MenuFontName(old_fontnum);
++	if (xtermLoadFont(xw, &new_fnames, doresize, old_fontnum))
++	    recovered = True;
++    } else if (x_strcasecmp(new_fnames.f_n, DEFFONT)
++	       && x_strcasecmp(new_fnames.f_n, old_fonts[fNorm].fn)) {
++	new_fnames.f_n = x_strdup(old_fonts[fNorm].fn);
++	TRACE(("...recovering from failed font-load\n"));
++	if (xtermLoadFont(xw, &new_fnames, doresize, fontnum)) {
++	    recovered = True;
+ 	    if (fontnum != fontMenu_fontsel) {
+ 		SetItemSensitivity(fontMenuEntries[fontnum].widget,
+ 				   UsingRenderFont(xw));
+@@ -1837,15 +1858,15 @@ xtermLoadFont(XtermWidget xw,
+ 		   FontHeight(screen),
+ 		   FontWidth(screen)));
+ 	}
+-	return code;
+     }
+ #endif
+-
+-    releaseWindowGCs(xw, win);
+-
+-    xtermCloseFonts(xw, fnts);
+-    TRACE(("Fail Cgs - xtermLoadFont\n"));
+-    return 0;
++    if (!recovered) {
++	releaseWindowGCs(xw, win);
++	xtermCloseFonts(xw, new_fonts);
++	TRACE(("Fail Cgs - xtermLoadFont\n"));
++	code = 0;
++    }
++    return code;
+ }
+ 
+ #if OPT_WIDE_ATTRS
+@@ -1893,7 +1914,7 @@ xtermLoadItalics(XtermWidget xw)
+ 			} else {
+ 			    xtermOpenFont(xw,
+ 					  getNormalFont(screen, n)->fn,
+-					  data, False);
++					  data, NULL, False);
+ 			}
+ 		    }
+ 		}
+@@ -4250,6 +4271,8 @@ findXftGlyph(XtermWidget xw, XftFont *given, unsigned wc)
+ 		    }
+ #endif
+ 		    if (foundXftGlyph(xw, check, wc)) {
++	    (void) added;
++	    (void) actual;
+ 			markXftOpened(xw, which, n, wc);
+ 			reportXftFonts(xw, check, "fallback", tag, myReport);
+ 			result = check;
+@@ -4451,7 +4474,7 @@ lookupOneFontSize(XtermWidget xw, int fontnum)
+ 
+ 	memset(&fnt, 0, sizeof(fnt));
+ 	screen->menu_font_sizes[fontnum] = -1;
+-	if (xtermOpenFont(xw, screen->MenuFontName(fontnum), &fnt, True)) {
++	if (xtermOpenFont(xw, screen->MenuFontName(fontnum), &fnt, NULL, True)) {
+ 	    if (fontnum <= fontMenu_lastBuiltin
+ 		|| strcmp(fnt.fn, DEFFONT)) {
+ 		screen->menu_font_sizes[fontnum] = FontSize(fnt.fs);
+@@ -4864,13 +4887,14 @@ HandleSetFont(Widget w,
+     }
+ }
+ 
+-void
++Bool
+ SetVTFont(XtermWidget xw,
+ 	  int which,
+ 	  Bool doresize,
+ 	  const VTFontNames * fonts)
+ {
+     TScreen *screen = TScreenOf(xw);
++    Bool result = False;
+ 
+     TRACE(("SetVTFont(which=%d, f_n=%s, f_b=%s)\n", which,
+ 	   (fonts && fonts->f_n) ? fonts->f_n : "<null>",
+@@ -4879,34 +4903,31 @@ SetVTFont(XtermWidget xw,
+     if (IsIcon(screen)) {
+ 	Bell(xw, XkbBI_MinorError, 0);
+     } else if (which >= 0 && which < NMENUFONTS) {
+-	VTFontNames myfonts;
++	VTFontNames new_fnames;
+ 
+-	memset(&myfonts, 0, sizeof(myfonts));
++	memset(&new_fnames, 0, sizeof(new_fnames));
+ 	if (fonts != 0)
+-	    myfonts = *fonts;
++	    new_fnames = *fonts;
+ 
+ 	if (which == fontMenu_fontsel) {	/* go get the selection */
+-	    FindFontSelection(xw, myfonts.f_n, False);
++	    result = FindFontSelection(xw, new_fnames.f_n, False);
+ 	} else {
+-	    int oldFont = screen->menu_font_number;
+-
+ #define USE_CACHED(field, name) \
+-	    if (myfonts.field == 0) { \
+-		myfonts.field = x_strdup(screen->menu_font_names[which][name]); \
+-		TRACE(("set myfonts." #field " from menu_font_names[%d][" #name "] %s\n", \
+-		       which, NonNull(myfonts.field))); \
++	    if (new_fnames.field == NULL) { \
++		new_fnames.field = x_strdup(screen->menu_font_names[which][name]); \
++		TRACE(("set new_fnames." #field " from menu_font_names[%d][" #name "] %s\n", \
++		       which, NonNull(new_fnames.field))); \
+ 	    } else { \
+-		TRACE(("set myfonts." #field " reused\n")); \
++		TRACE(("set new_fnames." #field " reused\n")); \
+ 	    }
+ #define SAVE_FNAME(field, name) \
+-	    if (myfonts.field != 0) { \
+-		if (screen->menu_font_names[which][name] == 0 \
+-		 || strcmp(screen->menu_font_names[which][name], myfonts.field)) { \
+-		    TRACE(("updating menu_font_names[%d][" #name "] to \"%s\"\n", \
+-			   which, myfonts.field)); \
+-		    FREE_STRING(screen->menu_font_names[which][name]); \
+-		    screen->menu_font_names[which][name] = x_strdup(myfonts.field); \
+-		} \
++	    if (new_fnames.field != NULL \
++		&& (screen->menu_font_names[which][name] == NULL \
++		 || strcmp(screen->menu_font_names[which][name], new_fnames.field))) { \
++		TRACE(("updating menu_font_names[%d][" #name "] to \"%s\"\n", \
++		       which, new_fnames.field)); \
++		FREE_STRING(screen->menu_font_names[which][name]); \
++		screen->menu_font_names[which][name] = x_strdup(new_fnames.field); \
+ 	    }
+ 
+ 	    USE_CACHED(f_n, fNorm);
+@@ -4916,7 +4937,7 @@ SetVTFont(XtermWidget xw,
+ 	    USE_CACHED(f_wb, fWBold);
+ #endif
+ 	    if (xtermLoadFont(xw,
+-			      &myfonts,
++			      &new_fnames,
+ 			      doresize, which)) {
+ 		/*
+ 		 * If successful, save the data so that a subsequent query via
+@@ -4928,10 +4949,8 @@ SetVTFont(XtermWidget xw,
+ 		SAVE_FNAME(f_w, fWide);
+ 		SAVE_FNAME(f_wb, fWBold);
+ #endif
++		result = True;
+ 	    } else {
+-		(void) xtermLoadFont(xw,
+-				     xtermFontName(screen->MenuFontName(oldFont)),
+-				     doresize, oldFont);
+ 		Bell(xw, XkbBI_MinorError, 0);
+ 	    }
+ 	    FREE_FNAME(f_n);
+@@ -4944,7 +4963,8 @@ SetVTFont(XtermWidget xw,
+     } else {
+ 	Bell(xw, XkbBI_MinorError, 0);
+     }
+-    return;
++    TRACE(("...SetVTFont: %d\n", result));
++    return result;
+ }
+ 
+ #if OPT_RENDERFONT
+diff --git a/fontutils.h b/fontutils.h
+index 2267f24..5b3afe0 100644
+--- a/fontutils.h
++++ b/fontutils.h
+@@ -37,7 +37,7 @@
+ /* *INDENT-OFF* */
+ 
+ extern Bool xtermLoadDefaultFonts (XtermWidget /* xw */);
+-extern Bool xtermOpenFont (XtermWidget /* xw */, const char */* name */, XTermFonts * /* result */, Bool /* force */);
++extern Bool xtermOpenFont (XtermWidget /* xw */, const char */* name */, XTermFonts * /* result */, XTermFonts * /* current */, Bool /* force */);
+ extern XFontStruct * xtermLoadQueryFont(XtermWidget /* xw */, const char * /*name */);
+ extern XTermFonts * getDoubleFont (TScreen * /* screen */, int /* which */);
+ extern XTermFonts * getItalicFont (TScreen * /* screen */, int /* which */);
+@@ -51,7 +51,7 @@ extern int lookupRelativeFontSize (XtermWidget /* xw */, int /* old */, int /* r
+ extern int xtermGetFont (const char * /* param */);
+ extern int xtermLoadFont (XtermWidget /* xw */, const VTFontNames */* fonts */, Bool /* doresize */, int /* fontnum */);
+ extern void HandleSetFont PROTO_XT_ACTIONS_ARGS;
+-extern void SetVTFont (XtermWidget /* xw */, int /* i */, Bool /* doresize */, const VTFontNames */* fonts */);
++extern Bool SetVTFont (XtermWidget /* xw */, int /* i */, Bool /* doresize */, const VTFontNames */* fonts */);
+ extern void allocFontList (XtermWidget /* xw */, const char * /* name */, XtermFontNames * /* target */, VTFontEnum /* which */, const char * /* source */, Bool /* ttf */);
+ extern void copyFontList (char *** /* targetp */, char ** /* source */);
+ extern void initFontLists (XtermWidget /* xw */);
+diff --git a/misc.c b/misc.c
+index cbb2679..aafbb08 100644
+--- a/misc.c
++++ b/misc.c
+@@ -3941,9 +3941,9 @@ ChangeFontRequest(XtermWidget xw, String buf)
+ 	    {
+ 		memset(&fonts, 0, sizeof(fonts));
+ 		fonts.f_n = name;
+-		SetVTFont(xw, num, True, &fonts);
+-		if (num == screen->menu_font_number &&
+-		    num != fontMenu_fontescape) {
++		if (SetVTFont(xw, num, True, &fonts)
++		    && num == screen->menu_font_number
++		    && num != fontMenu_fontescape) {
+ 		    screen->EscapeFontName() = x_strdup(name);
+ 		}
+ 	    }
+@@ -6422,7 +6422,6 @@ xtermSetenv(const char *var, const char *value)
+ 
+ 	    found = envindex;
+ 	    environ[found + 1] = NULL;
+-	    environ = environ;
+ 	}
+ 
+ 	environ[found] = malloc(2 + len + strlen(value));
+diff --git a/screen.c b/screen.c
+index 93e36b3..f82ee44 100644
+--- a/screen.c
++++ b/screen.c
+@@ -1454,7 +1454,7 @@ ScrnRefresh(XtermWidget xw,
+ 	maxrow += StatusLineRows;
+     }
+ #endif
+-
++    (void) recurse;
+     ++recurse;
+ 
+     if (screen->cursorp.col >= leftcol
+diff --git a/xterm.h b/xterm.h
+index e6bd123..c4fe811 100644
+--- a/xterm.h
++++ b/xterm.h
+@@ -999,7 +999,7 @@ extern Bool CheckBufPtrs (TScreen * /* screen */);
+ extern Bool set_cursor_gcs (XtermWidget /* xw */);
+ extern char * vt100ResourceToString (XtermWidget /* xw */, const char * /* name */);
+ extern int VTInit (XtermWidget /* xw */);
+-extern void FindFontSelection (XtermWidget /* xw */, const char * /* atom_name */, Bool  /* justprobe */);
++extern Bool FindFontSelection (XtermWidget /* xw */, const char * /* atom_name */, Bool  /* justprobe */);
+ extern void HideCursor (XtermWidget /* xw */);
+ extern void RestartBlinking(XtermWidget /* xw */);
+ extern void ShowCursor (XtermWidget /* xw */);
+diff --git a/xterm.log.html b/xterm.log.html
+index 03324b1..0f28658 100644
+--- a/xterm.log.html
++++ b/xterm.log.html
+@@ -1026,6 +1026,12 @@
+   2022/03/09</a></h1>
+ 
+   <ul>
++    <li>improve error-recovery when setting a bitmap font for the
++    VT100 window, e.g., in case <em>OSC&nbsp;50</em> failed,
++    restoring the most recent valid font so that a subsequent
++    <em>OSC&nbsp;50</em> reports this correctly (report by David
++    Leadbeater).</li>
++
+     <li>amend allocation/freeing of scrollback lines, eliminating
+     an adjustment for status-line added in <a href=
+     "#xterm_371">patch #371</a> (report/testcase by Rajeev V.
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-graphics/xorg-app/xterm_372.bb b/meta-oe/recipes-graphics/xorg-app/xterm_372.bb
index 3e1e9d7042..223bc0a498 100644
--- a/meta-oe/recipes-graphics/xorg-app/xterm_372.bb
+++ b/meta-oe/recipes-graphics/xorg-app/xterm_372.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://xterm.h;beginline=3;endline=31;md5=5ec6748ed90e588caa
 
 SRC_URI = "http://invisible-mirror.net/archives/${BPN}/${BP}.tgz \
            file://0001-Add-configure-time-check-for-setsid.patch \
+           file://CVE-2022-45063.patch \
           "
 
 SRC_URI[sha256sum] = "c6d08127cb2409c3a04bcae559b7025196ed770bb7bf26630abcb45d95f60ab1"
diff --git a/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.01.bb b/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.01.bb
index 2ab5297949..a5271f08bd 100644
--- a/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.01.bb
+++ b/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.01.bb
@@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://driver/xscreensaver.h;endline=10;md5=c3ce41cdff745eb1
 SRC_URI = "https://www.jwz.org/${BPN}/${BP}.tar.gz"
 SRC_URI[sha256sum] = "085484665d91f60b4a1dedacd94bcf9b74b0fb096bcedc89ff1c245168e5473b"
 
+MIRRORS += "https://www.jwz.org/${BPN} https://ftp.osuosl.org/pub/blfs/conglomeration/${BPN}"
+
 SRC_URI += " \
     file://xscreensaver.service \
     file://0001-build-Do-not-build-po-files.patch \
diff --git a/meta-oe/recipes-kernel/kernel-selftest/kernel-selftest.bb b/meta-oe/recipes-kernel/kernel-selftest/kernel-selftest.bb
index d5e8e4b497..3d97ea0967 100644
--- a/meta-oe/recipes-kernel/kernel-selftest/kernel-selftest.bb
+++ b/meta-oe/recipes-kernel/kernel-selftest/kernel-selftest.bb
@@ -85,7 +85,13 @@ do_install() {
     for i in ${TEST_LIST}
     do
         oe_runmake -C ${S}/tools/testing/selftests/${i} INSTALL_PATH=${D}/usr/kernel-selftest/${i} install
+        # Install kselftest-list.txt that required by kselftest runner.
+        oe_runmake -s --no-print-directory COLLECTION=${i} -C ${S}/tools/testing/selftests/${i} emit_tests \
+            >> ${D}/usr/kernel-selftest/kselftest-list.txt
     done
+    # Install kselftest runner.
+    install -m 0755 ${S}/tools/testing/selftests/run_kselftest.sh ${D}/usr/kernel-selftest/
+    cp -R --no-dereference --preserve=mode,links -v ${S}/tools/testing/selftests/kselftest ${D}/usr/kernel-selftest/
     if [ -e ${D}/usr/kernel-selftest/bpf/test_offload.py ]; then
 	sed -i -e '1s,#!.*python3,#! /usr/bin/env python3,' ${D}/usr/kernel-selftest/bpf/test_offload.py
     fi
@@ -127,7 +133,7 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
 INHIBIT_PACKAGE_DEBUG_SPLIT="1"
 FILES:${PN} += "/usr/kernel-selftest"
 
-RDEPENDS:${PN} += "python3"
+RDEPENDS:${PN} += "python3 perl"
 # tools/testing/selftests/vm/Makefile doesn't respect LDFLAGS and tools/testing/selftests/Makefile explicitly overrides to empty
 INSANE_SKIP:${PN} += "ldflags"
 
diff --git a/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb b/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb
index 461e6b05ed..5f687b27b3 100644
--- a/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb
+++ b/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb
@@ -17,6 +17,7 @@ COMPATIBLE_HOST = "(x86_64|i.86|aarch64|riscv64|powerpc64).*-linux"
 S = "${WORKDIR}/git/src"
 
 EXTRA_OEMAKE += "DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir}"
+EXTRA_OEMAKE:append:class-native = " UAPIDIR=${includedir}"
 
 inherit pkgconfig
 
@@ -27,3 +28,9 @@ do_compile() {
 do_install() {
 	oe_runmake install
 }
+
+do_install:append:class-native() {
+	oe_runmake install_uapi_headers
+}
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-oe/recipes-kernel/minicoredumper/files/0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch b/meta-oe/recipes-kernel/minicoredumper/files/0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch
new file mode 100644
index 0000000000..8d5b8b6cbb
--- /dev/null
+++ b/meta-oe/recipes-kernel/minicoredumper/files/0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch
@@ -0,0 +1,128 @@
+From 7a8c6a06c86e133e4346b1dc66483bd8d0d3c716 Mon Sep 17 00:00:00 2001
+From: John Ogness <john.ogness@linutronix.de>
+Date: Tue, 24 Aug 2021 21:10:43 +0200
+Subject: [PATCH] minicoredumper: retry elf parsing as long as needed
+
+As was reported in github issue #2 ("maximum number of tries
+insufficient, in rare cases, for elf parse"), the number of retries
+for parsing a process may be insufficient. Rather than setting an
+upper limit on the maximum number of retries, track the number of
+headers seen. As long as the number of seen headers is greater than
+the previous try, try again.
+
+In order to avoid introducing any new issues, preserve the behavior
+of retrying at least 10 times, even if no new headers are seen.
+
+Reported-by: github.com/ssajal-wr
+Signed-off-by: John Ogness <john.ogness@linutronix.de>
+
+Upstream-Status: Backport [7a8c6a06c86e133e4346b1dc66483bd8d0d3c716]
+
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ src/minicoredumper/corestripper.c | 30 +++++++++++++++++++++++-------
+ 1 file changed, 23 insertions(+), 7 deletions(-)
+
+diff --git a/src/minicoredumper/corestripper.c b/src/minicoredumper/corestripper.c
+index d96d1df..c96b350 100644
+--- a/src/minicoredumper/corestripper.c
++++ b/src/minicoredumper/corestripper.c
+@@ -761,7 +761,7 @@ static int init_log(struct dump_info *di)
+ typedef int elf_parse_cb(struct dump_info *di, Elf *elf, GElf_Phdr *phdr);
+ 
+ static int do_elf_ph_parse(struct dump_info *di, GElf_Phdr *type,
+-			   elf_parse_cb *callback)
++			   elf_parse_cb *callback, size_t *phnum_found)
+ {
+ 	GElf_Ehdr ehdr_mem;
+ 	GElf_Ehdr *ehdr;
+@@ -770,6 +770,9 @@ static int do_elf_ph_parse(struct dump_info *di, GElf_Phdr *type,
+ 	size_t phnum;
+ 	size_t cnt;
+ 
++	if (phnum_found)
++		*phnum_found = 0;
++
+ 	/* start from beginning of core */
+ 	if (lseek64(di->elf_fd, 0, SEEK_SET) == -1) {
+ 		info("lseek failed: %s", strerror(errno));
+@@ -809,6 +812,9 @@ static int do_elf_ph_parse(struct dump_info *di, GElf_Phdr *type,
+ 		goto out;
+ 	}
+ 
++	if (phnum_found)
++		*phnum_found = phnum;
++
+ 	for (cnt = 0; cnt < phnum; cnt++) {
+ 		GElf_Phdr phdr_mem;
+ 		GElf_Phdr *phdr;
+@@ -891,7 +897,7 @@ static int vma_cb(struct dump_info *di, Elf *elf, GElf_Phdr *phdr)
+ /*
+  * Tries to parse the found ELF headers and reads all vmas from it.
+  */
+-static int parse_vma_info(struct dump_info *di)
++static int parse_vma_info(struct dump_info *di, size_t *phnum_found)
+ {
+ 	unsigned long min_off = ULONG_MAX;
+ 	unsigned long max_len = 0;
+@@ -911,7 +917,7 @@ static int parse_vma_info(struct dump_info *di)
+ 	memset(&type, 0, sizeof(type));
+ 	type.p_type = PT_LOAD;
+ 	type.p_flags = PF_R;
+-	if (do_elf_ph_parse(di, &type, vma_cb) != 0)
++	if (do_elf_ph_parse(di, &type, vma_cb, phnum_found) != 0)
+ 		return -1;
+ 
+ 	for (v = di->vma; v; v = v->next) {
+@@ -1614,8 +1620,10 @@ int add_core_data(struct dump_info *di, off64_t dest_offset, size_t len,
+  */
+ static int init_src_core(struct dump_info *di, int src)
+ {
++	size_t last_phnum = 0;
+ 	int tries = 0;
+ 	int ret = -1;
++	size_t phnum;
+ 	size_t len;
+ 	char *buf;
+ 	long pos;
+@@ -1642,7 +1650,7 @@ again:
+ 		goto out;
+ 
+ 	/* try to elf-parse the core to read vma info */
+-	ret = parse_vma_info(di);
++	ret = parse_vma_info(di, &phnum);
+ 
+ 	/* restore our position */
+ 	if (lseek64(di->elf_fd, pos, SEEK_SET) == -1)
+@@ -1653,9 +1661,17 @@ again:
+ 
+ 		tries++;
+ 
+-		/* maybe try again */
+-		if (tries < 10)
++		if (phnum > last_phnum) {
++			/* new headers found, keep trying */
++			last_phnum = phnum;
+ 			goto again;
++		} else if (tries < 10) {
++			/*
++			 * even if no new headers are found,
++			 * retry at least 10 times
++			 */
++			goto again;
++		}
+ 
+ 		goto out;
+ 	}
+@@ -2106,7 +2122,7 @@ static int dump_stacks(struct dump_info *di)
+ 		/* find and set the first task */
+ 		memset(&type, 0, sizeof(type));
+ 		type.p_type = PT_NOTE;
+-		do_elf_ph_parse(di, &type, note_cb);
++		do_elf_ph_parse(di, &type, note_cb, NULL);
+ 	}
+ 
+ 	if (di->first_pid)
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb b/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb
index bf99152942..0b934ee2d8 100644
--- a/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb
+++ b/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb
@@ -17,6 +17,7 @@ SRC_URI = "git://github.com/diamon/minicoredumper;protocol=https;branch=master \
            file://0001-replace-pthread_mutexattr_setrobust_np-with-pthread_.patch \
            file://minicoredumper.service \
            file://minicoredumper.init \
+           file://0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch \
            "
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-multimedia/jack/jack/0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch b/meta-oe/recipes-multimedia/jack/jack/0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch
new file mode 100644
index 0000000000..d3b203111f
--- /dev/null
+++ b/meta-oe/recipes-multimedia/jack/jack/0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch
@@ -0,0 +1,52 @@
+From 415d50fc56b82963e5570c7738c61b22f4a83748 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Mon, 11 Jul 2022 00:56:28 +0200
+Subject: [PATCH] Remove usage of 'U' mode bit for opening files in python
+
+The 'U' mode bit is removed in python 3.11. It has been
+deprecated for a long time. The 'U' mode bit has no effect
+so this change doesn't change any behavior.
+
+See https://docs.python.org/3.11/whatsnew/3.11.html#changes-in-the-python-api
+
+Upstream-Status: Submitted [https://github.com/jackaudio/jack2/pull/884]
+---
+ waflib/ConfigSet.py | 2 +-
+ waflib/Context.py   | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/waflib/ConfigSet.py b/waflib/ConfigSet.py
+index b300bb56..84736c9c 100644
+--- a/waflib/ConfigSet.py
++++ b/waflib/ConfigSet.py
+@@ -312,7 +312,7 @@ class ConfigSet(object):
+ 		:type filename: string
+ 		"""
+ 		tbl = self.table
+-		code = Utils.readf(filename, m='rU')
++		code = Utils.readf(filename, m='r')
+ 		for m in re_imp.finditer(code):
+ 			g = m.group
+ 			tbl[g(2)] = eval(g(3))
+diff --git a/waflib/Context.py b/waflib/Context.py
+index 9fee3fa1..761b521f 100644
+--- a/waflib/Context.py
++++ b/waflib/Context.py
+@@ -266,7 +266,7 @@ class Context(ctx):
+ 				cache[node] = True
+ 				self.pre_recurse(node)
+ 				try:
+-					function_code = node.read('rU', encoding)
++					function_code = node.read('r', encoding)
+ 					exec(compile(function_code, node.abspath(), 'exec'), self.exec_dict)
+ 				finally:
+ 					self.post_recurse(node)
+@@ -662,7 +662,7 @@ def load_module(path, encoding=None):
+ 
+ 	module = imp.new_module(WSCRIPT_FILE)
+ 	try:
+-		code = Utils.readf(path, m='rU', encoding=encoding)
++		code = Utils.readf(path, m='r', encoding=encoding)
+ 	except EnvironmentError:
+ 		raise Errors.WafError('Could not read the file %r' % path)
+ 
diff --git a/meta-oe/recipes-multimedia/jack/jack_1.19.20.bb b/meta-oe/recipes-multimedia/jack/jack_1.19.20.bb
index 452f066559..ea8c0f385a 100644
--- a/meta-oe/recipes-multimedia/jack/jack_1.19.20.bb
+++ b/meta-oe/recipes-multimedia/jack/jack_1.19.20.bb
@@ -14,7 +14,9 @@ LIC_FILES_CHKSUM = " \
 
 DEPENDS = "libsamplerate0 libsndfile1 readline"
 
-SRC_URI = "git://github.com/jackaudio/jack2.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/jackaudio/jack2.git;branch=master;protocol=https \
+    file://0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch \
+"
 SRCREV = "a2fe7ec2fdbd315f112c8035282d94a429451178"
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch b/meta-oe/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
index 740bcb5a7f..b023c80ae4 100644
--- a/meta-oe/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
+++ b/meta-oe/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
@@ -18,11 +18,9 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
  bindings/swig/src/auditswig.i     | 2 +-
  2 files changed, 3 insertions(+), 2 deletions(-)
 
-diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am
-index dd9d934..61b486d 100644
 --- a/bindings/swig/python3/Makefile.am
 +++ b/bindings/swig/python3/Makefile.am
-@@ -22,6 +22,7 @@
+@@ -23,6 +23,7 @@
  CONFIG_CLEAN_FILES = *.loT *.rej *.orig
  AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing $(PYTHON3_CFLAGS)
  AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES)
@@ -30,7 +28,7 @@ index dd9d934..61b486d 100644
  LIBS = $(top_builddir)/lib/libaudit.la
  SWIG_FLAGS = -python -py3 -modern
  SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES)
-@@ -36,7 +37,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi
+@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/li
  _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la
  nodist__audit_la_SOURCES  = audit_wrap.c
  audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i 
@@ -39,8 +37,6 @@ index dd9d934..61b486d 100644
  
  CLEANFILES = audit.py* audit_wrap.c *~
  
-diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
-index 21aafca..dd0f62c 100644
 --- a/bindings/swig/src/auditswig.i
 +++ b/bindings/swig/src/auditswig.i
 @@ -39,7 +39,7 @@ signed
@@ -48,10 +44,7 @@ index 21aafca..dd0f62c 100644
  typedef unsigned __u32;
  typedef unsigned uid_t;
 -%include "/usr/include/linux/audit.h"
-+%include "linux/audit.h"
++%include "../lib/audit.h"
  #define __extension__ /*nothing*/
  %include <stdint.i>
  %include "../lib/libaudit.h"
--- 
-2.17.1
-
diff --git a/meta-oe/recipes-security/audit/audit_3.0.7.bb b/meta-oe/recipes-security/audit/audit_3.0.8.bb
index d77aec2964..c17899d4f6 100644
--- a/meta-oe/recipes-security/audit/audit_3.0.7.bb
+++ b/meta-oe/recipes-security/audit/audit_3.0.8.bb
@@ -15,7 +15,7 @@ SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master;proto
 "
 
 S = "${WORKDIR}/git"
-SRCREV = "f60b2d8f55c74be798a7f5bcbd6c587987f2578a"
+SRCREV = "54a62e78792fe583267cf80da717ee480b8f42bc"
 
 inherit autotools python3native update-rc.d systemd
 
@@ -71,7 +71,14 @@ FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
 
 CONFFILES:auditd = "${sysconfdir}/audit/audit.rules"
 
+do_configure:prepend() {
+	sed -e 's|buf\[];|buf[0];|g'  ${STAGING_INCDIR}/linux/audit.h > ${S}/lib/audit.h
+        sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g' ${S}/lib/libaudit.h
+}
+
 do_install:append() {
+        sed -i -e 's|#include "audit.h"|#include <linux/audit.h>|g' ${D}${includedir}/libaudit.h
+
 	rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
 	rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
 
diff --git a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch
new file mode 100644
index 0000000000..fb8fa3427f
--- /dev/null
+++ b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch
@@ -0,0 +1,60 @@
+Origin: commit c187154f47697cdbf822c2f9d714d570ed4a0fd1
+From: Oliver Kiddle <opk@zsh.org>
+Date: Wed, 15 Dec 2021 01:56:40 +0100
+Subject: [PATCH 1/9] security/41: Don't perform PROMPT_SUBST evaluation on
+ %F/%K arguments
+
+Mitigates CVE-2021-45444
+
+https://salsa.debian.org/debian/zsh/-/raw/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_1.patch?inline=false
+Upstream-Status: Backport
+CVE: CVE-2021-45444
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ ChangeLog    |  5 +++++
+ Src/prompt.c | 10 ++++++++++
+ 2 files changed, 15 insertions(+)
+
+diff --git a/ChangeLog b/ChangeLog
+index 8d7dfc169..eb248ec06 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,8 @@
++2022-01-27  dana  <dana@dana.is>
++
++	* Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive
++	PROMPT_SUBST
++
+ 2020-02-14  dana  <dana@dana.is>
+ 
+ 	* unposted: Config/version.mk: Update for 5.8
+diff --git a/Src/prompt.c b/Src/prompt.c
+index b65bfb86b..91e21c8e9 100644
+--- a/Src/prompt.c
++++ b/Src/prompt.c
+@@ -244,6 +244,12 @@ parsecolorchar(zattr arg, int is_fg)
+ 	bv->fm += 2; /* skip over F{ */
+ 	if ((ep = strchr(bv->fm, '}'))) {
+ 	    char oc = *ep, *col, *coll;
++	    int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG];
++	    int opp = opts[PROMPTPERCENT];
++
++	    opts[PROMPTPERCENT] = 1;
++	    opts[PROMPTSUBST] = opts[PROMPTBANG] = 0;
++
+ 	    *ep = '\0';
+ 	    /* expand the contents of the argument so you can use
+ 	     * %v for example */
+@@ -252,6 +258,10 @@ parsecolorchar(zattr arg, int is_fg)
+ 	    arg = match_colour((const char **)&coll, is_fg, 0);
+ 	    free(col);
+ 	    bv->fm = ep;
++
++	    opts[PROMPTSUBST] = ops;
++	    opts[PROMPTBANG] = opb;
++	    opts[PROMPTPERCENT] = opp;
+ 	} else {
+ 	    arg = match_colour((const char **)&bv->fm, is_fg, 0);
+ 	    if (*bv->fm != '}')
+-- 
+2.34.1
diff --git a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch
new file mode 100644
index 0000000000..e5b6d7cdc9
--- /dev/null
+++ b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch
@@ -0,0 +1,140 @@
+From 8a4d65ef6d0023ab9b238529410afb433553d2fa Mon Sep 17 00:00:00 2001
+From: Marc Cornellà <hello@mcornella.com>
+Date: Mon, 24 Jan 2022 09:43:28 +0100
+Subject: [PATCH 2/9] security/89: Add patch which can optionally be used to
+ work around CVE-2021-45444 in VCS_Info
+Comment: Updated to use the same file name without blanks as actually
+ used in the final 5.8.1 release.
+
+
+https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_2.patch
+Upstream-Status: Backport
+CVE: CVE-2021-45444
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ ChangeLog                                    |  5 +
+ Etc/CVE-2021-45444-VCS_Info-workaround.patch | 98 ++++++++++++++++++++
+ 2 files changed, 103 insertions(+)
+ create mode 100644 Etc/CVE-2021-45444-VCS_Info-workaround.patch
+
+diff --git a/ChangeLog b/ChangeLog
+index eb248ec06..9a05a09e1 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,5 +1,10 @@
+ 2022-01-27  dana  <dana@dana.is>
+ 
++	* Marc Cornellà: security/89:
++	Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which
++	can optionally be used to work around recursive PROMPT_SUBST
++	issue in VCS_Info
++
+ 	* Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive
+ 	PROMPT_SUBST
+ 
+diff --git a/Etc/CVE-2021-45444-VCS_Info-workaround.patch b/Etc/CVE-2021-45444-VCS_Info-workaround.patch
+new file mode 100644
+index 000000000..13e54be77
+--- /dev/null
++++ b/Etc/CVE-2021-45444-VCS_Info-workaround.patch
+@@ -0,0 +1,98 @@
++From 972887bbe5eb6a00e5f0e73781d6d73bfdcafb93 Mon Sep 17 00:00:00 2001
++From: =?UTF-8?q?Marc=20Cornell=C3=A0?= <hello@mcornella.com>
++Date: Mon, 24 Jan 2022 09:43:28 +0100
++Subject: [PATCH] security/89: Partially work around CVE-2021-45444 in VCS_Info
++MIME-Version: 1.0
++Content-Type: text/plain; charset=UTF-8
++Content-Transfer-Encoding: 8bit
++
++This patch is a partial, VCS_Info-specific work-around for CVE-2021-45444,
++which is mitigated in the shell itself in 5.8.1 and later versions. It is
++offered for users who are concerned about an exploit but are unable to update
++their binaries to receive the complete fix.
++
++The patch works around the vulnerability by pre-escaping values substituted
++into format strings in VCS_Info. Please note that this may break some user
++configurations that rely on those values being un-escaped (which is why it was
++not included directly in 5.8.1). It may be possible to limit this breakage by
++adjusting exactly which ones are pre-escaped, but of course this may leave
++them vulnerable again.
++
++If applying the patch to the file system is inconvenient or not possible, the
++following script can be used to idempotently patch the relevant function
++running in memory (and thus must be re-run when the shell is restarted):
++
++
++# Impacted versions go from v5.0.3 to v5.8 (v5.8.1 is the first patched version)
++autoload -Uz is-at-least
++if is-at-least 5.8.1 || ! is-at-least 5.0.3; then
++  return
++fi
++
++# Quote necessary $hook_com[<field>] items just before they are used
++# in the line "VCS_INFO_hook 'post-backend'" of the VCS_INFO_formats
++# function, where <field> is:
++#
++#   base:       the full path of the repository's root directory.
++#   base-name:  the name of the repository's root directory.
++#   branch:     the name of the currently checked out branch.
++#   revision:   an identifier of the currently checked out revision.
++#   subdir:     the path of the current directory relative to the
++#               repository's root directory.
++#   misc:       a string that may contain anything the vcs_info backend wants.
++#
++# This patch %-quotes these fields previous to their use in vcs_info hooks and
++# the zformat call and, eventually, when they get expanded in the prompt.
++# It's important to quote these here, and not later after hooks have modified the
++# fields, because then we could be quoting % characters from valid prompt sequences,
++# like %F{color}, %B, etc.
++#
++#  32   │ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})"
++#  33   │ hook_com[subdir_orig]="${hook_com[subdir]}"
++#  34   │
++#  35 + │ for tmp in base base-name branch misc revision subdir; do
++#  36 + │     hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"
++#  37 + │ done
++#  38 + │
++#  39   │ VCS_INFO_hook 'post-backend'
++#
++# This is especially important so that no command substitution is performed
++# due to malicious input as a consequence of CVE-2021-45444, which affects
++# zsh versions from 5.0.3 to 5.8.
++#
++autoload -Uz +X regexp-replace VCS_INFO_formats
++
++# We use $tmp here because it's already a local variable in VCS_INFO_formats
++typeset PATCH='for tmp (base base-name branch misc revision subdir) hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"'
++# Unique string to avoid reapplying the patch if this code gets called twice
++typeset PATCH_ID=vcs_info-patch-9b9840f2-91e5-4471-af84-9e9a0dc68c1b
++# Only patch the VCS_INFO_formats function if not already patched
++if [[ "$functions[VCS_INFO_formats]" != *$PATCH_ID* ]]; then
++  regexp-replace 'functions[VCS_INFO_formats]' \
++    "VCS_INFO_hook 'post-backend'" \
++    ': ${PATCH_ID}; ${PATCH}; ${MATCH}'
++fi
++unset PATCH PATCH_ID
++
++
++---
++ Functions/VCS_Info/VCS_INFO_formats | 4 ++++
++ 1 file changed, 4 insertions(+)
++
++diff --git a/Functions/VCS_Info/VCS_INFO_formats b/Functions/VCS_Info/VCS_INFO_formats
++index e0e1dc738..4d88e28b6 100644
++--- a/Functions/VCS_Info/VCS_INFO_formats
+++++ b/Functions/VCS_Info/VCS_INFO_formats
++@@ -32,6 +32,10 @@ hook_com[base-name_orig]="${hook_com[base_name]}"
++ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})"
++ hook_com[subdir_orig]="${hook_com[subdir]}"
++ 
+++for tmp in base base-name branch misc revision subdir; do
+++    hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"
+++done
+++
++ VCS_INFO_hook 'post-backend'
++ 
++ ## description (for backend authors):
++-- 
++2.34.1
+-- 
+2.34.1
diff --git a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch
new file mode 100644
index 0000000000..adfc00ae57
--- /dev/null
+++ b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch
@@ -0,0 +1,77 @@
+From 4abf2fc193fc2f3e680deecbf81289a7b02e245b Mon Sep 17 00:00:00 2001
+From: dana <dana@dana.is>
+Date: Tue, 21 Dec 2021 13:13:33 -0600
+Subject: [PATCH 3/9] CVE-2021-45444: Update NEWS/README
+
+https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_3.patch
+Upstream-Status: Backport
+CVE: CVE-2021-45444
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ ChangeLog |  2 ++
+ NEWS      | 20 ++++++++++++++++++++
+ README    |  6 ++++++
+ 3 files changed, 28 insertions(+)
+
+diff --git a/ChangeLog b/ChangeLog
+index 9a05a09e1..93b0bc337 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,5 +1,7 @@
+ 2022-01-27  dana  <dana@dana.is>
+ 
++	* CVE-2021-45444: NEWS, README: Document preceding two changes
++
+ 	* Marc Cornellà: security/89:
+ 	Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which
+ 	can optionally be used to work around recursive PROMPT_SUBST
+diff --git a/NEWS b/NEWS
+index 964e1633f..d34b3f79e 100644
+--- a/NEWS
++++ b/NEWS
+@@ -4,6 +4,26 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH
+ 
+ Note also the list of incompatibilities in the README file.
+ 
++Changes since 5.8
++-----------------
++
++CVE-2021-45444: Some prompt expansion sequences, such as %F, support
++'arguments' which are themselves expanded in case they contain colour
++values, etc. This additional expansion would trigger PROMPT_SUBST
++evaluation, if enabled. This could be abused to execute code the user
++didn't expect. e.g., given a certain prompt configuration, an attacker
++could trick a user into executing arbitrary code by having them check
++out a Git branch with a specially crafted name.
++
++This is fixed in the shell itself by no longer performing PROMPT_SUBST
++evaluation on these prompt-expansion arguments.
++
++Users who are concerned about an exploit but unable to update their
++binaries may apply the partial work-around described in the file
++'Etc/CVE-2021-45444 VCS_Info workaround.patch' included with the shell
++source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to
++Marc Cornellà <hello@mcornella.com>. ]
++
+ Changes since 5.7.1-test-3
+ --------------------------
+ 
+diff --git a/README b/README
+index 7f1dd5f92..c9e994ab3 100644
+--- a/README
++++ b/README
+@@ -31,6 +31,12 @@ Zsh is a shell with lots of features.  For a list of some of these, see the
+ file FEATURES, and for the latest changes see NEWS.  For more
+ details, see the documentation.
+ 
++Incompatibilities since 5.8
++---------------------------
++
++PROMPT_SUBST expansion is no longer performed on arguments to prompt-
++expansion sequences such as %F.
++
+ Incompatibilities since 5.7.1
+ -----------------------------
+ 
+-- 
+2.34.1
diff --git a/meta-oe/recipes-shells/zsh/zsh_5.8.bb b/meta-oe/recipes-shells/zsh/zsh_5.8.bb
index 0429cb9cc7..7602ff9f64 100644
--- a/meta-oe/recipes-shells/zsh/zsh_5.8.bb
+++ b/meta-oe/recipes-shells/zsh/zsh_5.8.bb
@@ -10,7 +10,11 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=1a4c4cda3e8096d2fd483ff2f4514fec"
 
 DEPENDS = "ncurses bison-native libcap libpcre gdbm groff-native"
 
-SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/5.8/${BP}.tar.xz"
+SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/5.8/${BP}.tar.xz \
+	file://CVE-2021-45444_1.patch \
+	file://CVE-2021-45444_2.patch \
+	file://CVE-2021-45444_3.patch \
+	"
 SRC_URI[sha256sum] = "dcc4b54cc5565670a65581760261c163d720991f0d06486da61f8d839b52de27"
 
 inherit autotools-brokensep gettext update-alternatives manpages
@@ -18,8 +22,8 @@ inherit autotools-brokensep gettext update-alternatives manpages
 EXTRA_OECONF = " \
     --bindir=${base_bindir} \
     --enable-etcdir=${sysconfdir} \
-    --enable-fndir=${datadir}/${PN}/${PV}/functions \
-    --enable-site-fndir=${datadir}/${PN}/site-functions \
+    --enable-fndir=${datadir}/${BPN}/${PV}/functions \
+    --enable-site-fndir=${datadir}/${BPN}/site-functions \
     --with-term-lib='ncursesw ncurses' \
     --with-tcsetpgrp \
     --enable-cap \
diff --git a/meta-oe/recipes-support/atop/atop_2.4.0.bb b/meta-oe/recipes-support/atop/atop_2.4.0.bb
index 35540b3b8f..b1d2abde73 100644
--- a/meta-oe/recipes-support/atop/atop_2.4.0.bb
+++ b/meta-oe/recipes-support/atop/atop_2.4.0.bb
@@ -24,6 +24,10 @@ SRC_URI = "http://www.atoptool.nl/download/${BP}.tar.gz \
 SRC_URI[md5sum] = "1077da884ed94f2bc3c81ac3ab970436"
 SRC_URI[sha256sum] = "be1c010a77086b7d98376fce96514afcd73c3f20a8d1fe01520899ff69a73d69"
 
+CVE_CHECK_IGNORE += "\
+    CVE-2011-3618 \
+"
+
 do_compile() {
     oe_runmake all
 }
diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch
new file mode 100644
index 0000000000..328075ca64
--- /dev/null
+++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch
@@ -0,0 +1,66 @@
+From 9903253c347f9e0bffd285ae3829aef251cc852d Mon Sep 17 00:00:00 2001
+From: hopper-vul <118949689+hopper-vul@users.noreply.github.com>
+Date: Wed, 18 Jan 2023 22:14:26 +0800
+Subject: [PATCH] Add str len check in config_sortlist to avoid stack overflow
+ (#497)
+
+In ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse
+the input str and initialize a sortlist configuration.
+
+However, ares_set_sortlist has not any checks about the validity of the input str.
+It is very easy to create an arbitrary length stack overflow with the unchecked
+`memcpy(ipbuf, str, q-str);` and `memcpy(ipbufpfx, str, q-str);`
+statements in the config_sortlist call, which could potentially cause severe
+security impact in practical programs.
+
+This commit add necessary check for `ipbuf` and `ipbufpfx` which avoid the
+potential stack overflows.
+
+fixes #496
+
+Fix By: @hopper-vul
+
+CVE: CVE-2022-4904
+Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/9903253c347f9e0bffd285ae3829aef251cc852d]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/lib/ares_init.c    | 4 ++++
+ test/ares-test-init.cc | 2 ++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/src/lib/ares_init.c b/src/lib/ares_init.c
+index 51668a5c..3f9cec65 100644
+--- a/src/lib/ares_init.c
++++ b/src/lib/ares_init.c
+@@ -1913,6 +1913,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
+       q = str;
+       while (*q && *q != '/' && *q != ';' && !ISSPACE(*q))
+         q++;
++      if (q-str >= 16)
++        return ARES_EBADSTR;
+       memcpy(ipbuf, str, q-str);
+       ipbuf[q-str] = '\0';
+       /* Find the prefix */
+@@ -1921,6 +1923,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
+           const char *str2 = q+1;
+           while (*q && *q != ';' && !ISSPACE(*q))
+             q++;
++          if (q-str >= 32)
++            return ARES_EBADSTR;
+           memcpy(ipbufpfx, str, q-str);
+           ipbufpfx[q-str] = '\0';
+           str = str2;
+diff --git a/test/ares-test-init.cc b/test/ares-test-init.cc
+index 63c6a228..ee845181 100644
+--- a/test/ares-test-init.cc
++++ b/test/ares-test-init.cc
+@@ -275,6 +275,8 @@ TEST_F(DefaultChannelTest, SetAddresses) {
+ 
+ TEST_F(DefaultChannelTest, SetSortlistFailures) {
+   EXPECT_EQ(ARES_ENODATA, ares_set_sortlist(nullptr, "1.2.3.4"));
++  EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111*/16"));
++  EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111/255.255.255.240*"));
+   EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; lwk"));
+   EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; 0x123"));
+ }
diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31130.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31130.patch
new file mode 100644
index 0000000000..3e507f7cda
--- /dev/null
+++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31130.patch
@@ -0,0 +1,328 @@
+From f22cc01039b6473b736d3bf438f56a2654cdf2b2 Mon Sep 17 00:00:00 2001
+From: Brad House <brad@brad-house.com>
+Date: Mon, 22 May 2023 06:51:34 -0400
+Subject: [PATCH] Merge pull request from GHSA-x6mf-cxr9-8q6v
+
+* Merged latest OpenBSD changes for inet_net_pton_ipv6() into c-ares.
+* Always use our own IP conversion functions now, do not delegate to OS
+  so we can have consistency in testing and fuzzing.
+* Removed bogus test cases that never should have passed.
+* Add new test case for crash bug found.
+
+Fix By: Brad House (@bradh352)
+
+Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/f22cc01039b6473b736d3bf438f56a2654cdf2b2.patch]
+CVE: CVE-2023-31130
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/lib/inet_net_pton.c    | 155 ++++++++++++++++++++-----------------
+ test/ares-test-internal.cc |   7 +-
+ 2 files changed, 86 insertions(+), 76 deletions(-)
+
+diff --git a/src/lib/inet_net_pton.c b/src/lib/inet_net_pton.c
+index 840de50..fc50425 100644
+--- a/src/lib/inet_net_pton.c
++++ b/src/lib/inet_net_pton.c
+@@ -1,19 +1,20 @@
+ 
+ /*
+- * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
++ * Copyright (c) 2012 by Gilles Chehade <gilles@openbsd.org>
+  * Copyright (c) 1996,1999 by Internet Software Consortium.
+  *
+  * Permission to use, copy, modify, and distribute this software for any
+  * purpose with or without fee is hereby granted, provided that the above
+  * copyright notice and this permission notice appear in all copies.
+  *
+- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
+- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+- * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
+- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+- * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
++ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
++ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
++ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
++ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
++ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
++ * SOFTWARE.
+  */
+ 
+ #include "ares_setup.h"
+@@ -35,9 +36,6 @@
+ 
+ const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } } };
+ 
+-
+-#ifndef HAVE_INET_NET_PTON
+-
+ /*
+  * static int
+  * inet_net_pton_ipv4(src, dst, size)
+@@ -60,7 +58,7 @@ const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+  *      Paul Vixie (ISC), June 1996
+  */
+ static int
+-inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size)
++ares_inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size)
+ {
+   static const char xdigits[] = "0123456789abcdef";
+   static const char digits[] = "0123456789";
+@@ -261,19 +259,14 @@ getv4(const char *src, unsigned char *dst, int *bitsp)
+ }
+ 
+ static int
+-inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
++ares_inet_pton6(const char *src, unsigned char *dst)
+ {
+   static const char xdigits_l[] = "0123456789abcdef",
+-    xdigits_u[] = "0123456789ABCDEF";
++        xdigits_u[] = "0123456789ABCDEF";
+   unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
+   const char *xdigits, *curtok;
+-  int ch, saw_xdigit;
++  int ch, saw_xdigit, count_xdigit;
+   unsigned int val;
+-  int digits;
+-  int bits;
+-  size_t bytes;
+-  int words;
+-  int ipv4;
+ 
+   memset((tp = tmp), '\0', NS_IN6ADDRSZ);
+   endp = tp + NS_IN6ADDRSZ;
+@@ -283,22 +276,22 @@ inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
+     if (*++src != ':')
+       goto enoent;
+   curtok = src;
+-  saw_xdigit = 0;
++  saw_xdigit = count_xdigit = 0;
+   val = 0;
+-  digits = 0;
+-  bits = -1;
+-  ipv4 = 0;
+   while ((ch = *src++) != '\0') {
+     const char *pch;
+ 
+     if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
+       pch = strchr((xdigits = xdigits_u), ch);
+     if (pch != NULL) {
++      if (count_xdigit >= 4)
++        goto enoent;
+       val <<= 4;
+-      val |= aresx_sztoui(pch - xdigits);
+-      if (++digits > 4)
++      val |= (pch - xdigits);
++      if (val > 0xffff)
+         goto enoent;
+       saw_xdigit = 1;
++      count_xdigit++;
+       continue;
+     }
+     if (ch == ':') {
+@@ -308,78 +301,107 @@ inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
+           goto enoent;
+         colonp = tp;
+         continue;
+-      } else if (*src == '\0')
++      } else if (*src == '\0') {
+         goto enoent;
++      }
+       if (tp + NS_INT16SZ > endp)
+-        return (0);
+-      *tp++ = (unsigned char)((val >> 8) & 0xff);
+-      *tp++ = (unsigned char)(val & 0xff);
++        goto enoent;
++      *tp++ = (unsigned char) (val >> 8) & 0xff;
++      *tp++ = (unsigned char) val & 0xff;
+       saw_xdigit = 0;
+-      digits = 0;
++      count_xdigit = 0;
+       val = 0;
+       continue;
+     }
+     if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
+-        getv4(curtok, tp, &bits) > 0) {
+-      tp += NS_INADDRSZ;
++        ares_inet_net_pton_ipv4(curtok, tp, INADDRSZ) > 0) {
++      tp += INADDRSZ;
+       saw_xdigit = 0;
+-      ipv4 = 1;
++      count_xdigit = 0;
+       break;  /* '\0' was seen by inet_pton4(). */
+     }
+-    if (ch == '/' && getbits(src, &bits) > 0)
+-      break;
+     goto enoent;
+   }
+   if (saw_xdigit) {
+     if (tp + NS_INT16SZ > endp)
+       goto enoent;
+-    *tp++ = (unsigned char)((val >> 8) & 0xff);
+-    *tp++ = (unsigned char)(val & 0xff);
++    *tp++ = (unsigned char) (val >> 8) & 0xff;
++    *tp++ = (unsigned char) val & 0xff;
+   }
+-  if (bits == -1)
+-    bits = 128;
+-
+-  words = (bits + 15) / 16;
+-  if (words < 2)
+-    words = 2;
+-  if (ipv4)
+-    words = 8;
+-  endp =  tmp + 2 * words;
+-
+   if (colonp != NULL) {
+     /*
+      * Since some memmove()'s erroneously fail to handle
+      * overlapping regions, we'll do the shift by hand.
+      */
+-    const ares_ssize_t n = tp - colonp;
+-    ares_ssize_t i;
++    const int n = tp - colonp;
++    int i;
+ 
+     if (tp == endp)
+       goto enoent;
+     for (i = 1; i <= n; i++) {
+-      *(endp - i) = *(colonp + n - i);
+-      *(colonp + n - i) = 0;
++      endp[- i] = colonp[n - i];
++      colonp[n - i] = 0;
+     }
+     tp = endp;
+   }
+   if (tp != endp)
+     goto enoent;
+ 
+-  bytes = (bits + 7) / 8;
+-  if (bytes > size)
+-    goto emsgsize;
+-  memcpy(dst, tmp, bytes);
+-  return (bits);
++  memcpy(dst, tmp, NS_IN6ADDRSZ);
++  return (1);
+ 
+-  enoent:
++enoent:
+   SET_ERRNO(ENOENT);
+   return (-1);
+ 
+-  emsgsize:
++emsgsize:
+   SET_ERRNO(EMSGSIZE);
+   return (-1);
+ }
+ 
++static int
++ares_inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
++{
++  struct ares_in6_addr in6;
++  int                  ret;
++  int                  bits;
++  size_t               bytes;
++  char                 buf[INET6_ADDRSTRLEN + sizeof("/128")];
++  char                *sep;
++  const char          *errstr;
++
++  if (strlen(src) >= sizeof buf) {
++    SET_ERRNO(EMSGSIZE);
++    return (-1);
++  }
++  strncpy(buf, src, sizeof buf);
++
++  sep = strchr(buf, '/');
++  if (sep != NULL)
++    *sep++ = '\0';
++
++  ret = ares_inet_pton6(buf, (unsigned char *)&in6);
++  if (ret != 1)
++    return (-1);
++
++  if (sep == NULL)
++    bits = 128;
++  else {
++    if (!getbits(sep, &bits)) {
++      SET_ERRNO(ENOENT);
++      return (-1);
++    }
++  }
++
++  bytes = (bits + 7) / 8;
++  if (bytes > size) {
++    SET_ERRNO(EMSGSIZE);
++    return (-1);
++  }
++  memcpy(dst, &in6, bytes);
++  return (bits);
++}
++
+ /*
+  * int
+  * inet_net_pton(af, src, dst, size)
+@@ -403,18 +425,15 @@ ares_inet_net_pton(int af, const char *src, void *dst, size_t size)
+ {
+   switch (af) {
+   case AF_INET:
+-    return (inet_net_pton_ipv4(src, dst, size));
++    return (ares_inet_net_pton_ipv4(src, dst, size));
+   case AF_INET6:
+-    return (inet_net_pton_ipv6(src, dst, size));
++    return (ares_inet_net_pton_ipv6(src, dst, size));
+   default:
+     SET_ERRNO(EAFNOSUPPORT);
+     return (-1);
+   }
+ }
+ 
+-#endif /* HAVE_INET_NET_PTON */
+-
+-#ifndef HAVE_INET_PTON
+ int ares_inet_pton(int af, const char *src, void *dst)
+ {
+   int result;
+@@ -434,11 +453,3 @@ int ares_inet_pton(int af, const char *src, void *dst)
+     return 0;
+   return (result > -1 ? 1 : -1);
+ }
+-#else /* HAVE_INET_PTON */
+-int ares_inet_pton(int af, const char *src, void *dst)
+-{
+-  /* just relay this to the underlying function */
+-  return inet_pton(af, src, dst);
+-}
+-
+-#endif
+diff --git a/test/ares-test-internal.cc b/test/ares-test-internal.cc
+index 96d4ede..161f0a5 100644
+--- a/test/ares-test-internal.cc
++++ b/test/ares-test-internal.cc
+@@ -81,6 +81,7 @@ TEST_F(LibraryTest, InetPtoN) {
+   EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "12:34::ff/0", &a6, sizeof(a6)));
+   EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "12:34::ffff:0.2", &a6, sizeof(a6)));
+   EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234", &a6, sizeof(a6)));
++  EXPECT_EQ(2, ares_inet_net_pton(AF_INET6, "0::00:00:00/2", &a6, sizeof(a6)));
+ 
+   // Various malformed versions
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "", &a4, sizeof(a4)));
+@@ -118,11 +119,9 @@ TEST_F(LibraryTest, InetPtoN) {
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":1234:1234:1234:1234:1234:1234:1234:1234", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":1234:1234:1234:1234:1234:1234:1234:1234:", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678", &a6, sizeof(a6)));
+-  // TODO(drysdale): check whether the next two tests should give -1.
+-  EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678", &a6, sizeof(a6)));
+-  EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678:5678", &a6, sizeof(a6)));
++  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678", &a6, sizeof(a6)));
++  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678:5678", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:257.2.3.4", &a6, sizeof(a6)));
+-  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:002.2.3.4", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4.5.6", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4.5", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.z", &a6, sizeof(a6)));
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31147.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31147.patch
new file mode 100644
index 0000000000..bbd6aa0aec
--- /dev/null
+++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31147.patch
@@ -0,0 +1,717 @@
+From c543406f44fa070ea101d4d4b173c2c88af0c2a5 Mon Sep 17 00:00:00 2001
+From: Brad House <brad@brad-house.com>
+Date: Mon, 22 May 2023 06:51:06 -0400
+Subject: [PATCH] Merge pull request from GHSA-8r8p-23f3-64c2
+
+* segment random number generation into own file
+
+* abstract random code to make it more modular so we can have multiple backends
+
+* rand: add support for arc4random_buf() and also direct CARES_RANDOM_FILE reading
+
+* autotools: fix detection of arc4random_buf
+
+* rework initial rc4 seed for PRNG as last fallback
+
+* rc4: more proper implementation, simplified for clarity
+
+* clarifications
+
+CVE: CVE-2023-31147
+Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/823df3b989e59465d17b0a2eb1239a5fc048b4e5]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ CMakeLists.txt              |   2 +
+ configure.ac                |   1 +
+ m4/cares-functions.m4       |  85 +++++++++++
+ src/lib/Makefile.inc        |   1 +
+ src/lib/ares_config.h.cmake |   3 +
+ src/lib/ares_destroy.c      |   3 +
+ src/lib/ares_init.c         |  82 ++---------
+ src/lib/ares_private.h      |  19 ++-
+ src/lib/ares_query.c        |  36 +----
+ src/lib/ares_rand.c         | 274 ++++++++++++++++++++++++++++++++++++
+ 10 files changed, 387 insertions(+), 119 deletions(-)
+ create mode 100644 src/lib/ares_rand.c
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 194485a..1fb9af5 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -386,6 +386,8 @@ CHECK_SYMBOL_EXISTS (strncasecmp     "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNCAS
+ CHECK_SYMBOL_EXISTS (strncmpi        "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNCMPI)
+ CHECK_SYMBOL_EXISTS (strnicmp        "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNICMP)
+ CHECK_SYMBOL_EXISTS (writev          "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_WRITEV)
++CHECK_SYMBOL_EXISTS (arc4random_buf  "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_ARC4RANDOM_BUF)
++
+ 
+ # On Android, the system headers may define __system_property_get(), but excluded
+ # from libc.  We need to perform a link test instead of a header/symbol test.
+diff --git a/configure.ac b/configure.ac
+index 1d0fb5c..9a76369 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -683,6 +683,7 @@ CARES_CHECK_FUNC_STRNCASECMP
+ CARES_CHECK_FUNC_STRNCMPI
+ CARES_CHECK_FUNC_STRNICMP
+ CARES_CHECK_FUNC_WRITEV
++CARES_CHECK_FUNC_ARC4RANDOM_BUF
+ 
+ 
+ dnl check for AF_INET6
+diff --git a/m4/cares-functions.m4 b/m4/cares-functions.m4
+index 0f3992c..d4f4f99 100644
+--- a/m4/cares-functions.m4
++++ b/m4/cares-functions.m4
+@@ -3753,3 +3753,88 @@ AC_DEFUN([CARES_CHECK_FUNC_WRITEV], [
+     ac_cv_func_writev="no"
+   fi
+ ])
++
++dnl CARES_CHECK_FUNC_ARC4RANDOM_BUF
++dnl -------------------------------------------------
++dnl Verify if arc4random_buf is available, prototyped, and
++dnl can be compiled. If all of these are true, and
++dnl usage has not been previously disallowed with
++dnl shell variable cares_disallow_arc4random_buf, then
++dnl HAVE_ARC4RANDOM_BUF will be defined.
++
++AC_DEFUN([CARES_CHECK_FUNC_ARC4RANDOM_BUF], [
++  AC_REQUIRE([CARES_INCLUDES_STDLIB])dnl
++  #
++  tst_links_arc4random_buf="unknown"
++  tst_proto_arc4random_buf="unknown"
++  tst_compi_arc4random_buf="unknown"
++  tst_allow_arc4random_buf="unknown"
++  #
++  AC_MSG_CHECKING([if arc4random_buf can be linked])
++  AC_LINK_IFELSE([
++    AC_LANG_FUNC_LINK_TRY([arc4random_buf])
++  ],[
++    AC_MSG_RESULT([yes])
++    tst_links_arc4random_buf="yes"
++  ],[
++    AC_MSG_RESULT([no])
++    tst_links_arc4random_buf="no"
++  ])
++  #
++  if test "$tst_links_arc4random_buf" = "yes"; then
++    AC_MSG_CHECKING([if arc4random_buf is prototyped])
++    AC_EGREP_CPP([arc4random_buf],[
++      $cares_includes_stdlib
++    ],[
++      AC_MSG_RESULT([yes])
++      tst_proto_arc4random_buf="yes"
++    ],[
++      AC_MSG_RESULT([no])
++      tst_proto_arc4random_buf="no"
++    ])
++  fi
++  #
++  if test "$tst_proto_arc4random_buf" = "yes"; then
++    AC_MSG_CHECKING([if arc4random_buf is compilable])
++    AC_COMPILE_IFELSE([
++      AC_LANG_PROGRAM([[
++        $cares_includes_stdlib
++      ]],[[
++          arc4random_buf(NULL, 0);
++          return 1;
++      ]])
++    ],[
++      AC_MSG_RESULT([yes])
++      tst_compi_arc4random_buf="yes"
++    ],[
++      AC_MSG_RESULT([no])
++      tst_compi_arc4random_buf="no"
++    ])
++  fi
++  #
++  if test "$tst_compi_arc4random_buf" = "yes"; then
++    AC_MSG_CHECKING([if arc4random_buf usage allowed])
++    if test "x$cares_disallow_arc4random_buf" != "xyes"; then
++      AC_MSG_RESULT([yes])
++      tst_allow_arc4random_buf="yes"
++    else
++      AC_MSG_RESULT([no])
++      tst_allow_arc4random_buf="no"
++    fi
++  fi
++  #
++  AC_MSG_CHECKING([if arc4random_buf might be used])
++  if test "$tst_links_arc4random_buf" = "yes" &&
++     test "$tst_proto_arc4random_buf" = "yes" &&
++     test "$tst_compi_arc4random_buf" = "yes" &&
++     test "$tst_allow_arc4random_buf" = "yes"; then
++    AC_MSG_RESULT([yes])
++    AC_DEFINE_UNQUOTED(HAVE_ARC4RANDOM_BUF, 1,
++      [Define to 1 if you have the arc4random_buf function.])
++    ac_cv_func_arc4random_buf="yes"
++  else
++    AC_MSG_RESULT([no])
++    ac_cv_func_arc4random_buf="no"
++  fi
++])
++
+diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc
+index a3b060c..72a7673 100644
+--- a/src/lib/Makefile.inc
++++ b/src/lib/Makefile.inc
+@@ -45,6 +45,7 @@ CSOURCES = ares__addrinfo2hostent.c	\
+   ares_platform.c			\
+   ares_process.c			\
+   ares_query.c				\
++  ares_rand.c \
+   ares_search.c				\
+   ares_send.c				\
+   ares_strcasecmp.c			\
+diff --git a/src/lib/ares_config.h.cmake b/src/lib/ares_config.h.cmake
+index fddb785..798820a 100644
+--- a/src/lib/ares_config.h.cmake
++++ b/src/lib/ares_config.h.cmake
+@@ -346,6 +346,9 @@
+ /* Define to 1 if you need the memory.h header file even with stdlib.h */
+ #cmakedefine NEED_MEMORY_H
+ 
++/* Define if have arc4random_buf() */
++#cmakedefine HAVE_ARC4RANDOM_BUF
++
+ /* a suitable file/device to read random data from */
+ #cmakedefine CARES_RANDOM_FILE "@CARES_RANDOM_FILE@"
+ 
+diff --git a/src/lib/ares_destroy.c b/src/lib/ares_destroy.c
+index fed2009..0447af4 100644
+--- a/src/lib/ares_destroy.c
++++ b/src/lib/ares_destroy.c
+@@ -90,6 +90,9 @@ void ares_destroy(ares_channel channel)
+   if (channel->resolvconf_path)
+     ares_free(channel->resolvconf_path);
+ 
++  if (channel->rand_state)
++    ares__destroy_rand_state(channel->rand_state);
++
+   ares_free(channel);
+ }
+ 
+diff --git a/src/lib/ares_init.c b/src/lib/ares_init.c
+index de5d86c..2607ed6 100644
+--- a/src/lib/ares_init.c
++++ b/src/lib/ares_init.c
+@@ -72,7 +72,6 @@ static int config_nameserver(struct server_state **servers, int *nservers,
+ static int set_search(ares_channel channel, const char *str);
+ static int set_options(ares_channel channel, const char *str);
+ static const char *try_option(const char *p, const char *q, const char *opt);
+-static int init_id_key(rc4_key* key,int key_data_len);
+ 
+ static int config_sortlist(struct apattern **sortlist, int *nsort,
+                            const char *str);
+@@ -149,6 +148,7 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options,
+   channel->sock_funcs = NULL;
+   channel->sock_func_cb_data = NULL;
+   channel->resolvconf_path = NULL;
++  channel->rand_state = NULL;
+ 
+   channel->last_server = 0;
+   channel->last_timeout_processed = (time_t)now.tv_sec;
+@@ -202,9 +202,13 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options,
+   /* Generate random key */
+ 
+   if (status == ARES_SUCCESS) {
+-    status = init_id_key(&channel->id_key, ARES_ID_KEY_LEN);
++    channel->rand_state = ares__init_rand_state();
++    if (channel->rand_state == NULL) {
++      status = ARES_ENOMEM;
++    }
++
+     if (status == ARES_SUCCESS)
+-      channel->next_id = ares__generate_new_id(&channel->id_key);
++      channel->next_id = ares__generate_new_id(channel->rand_state);
+     else
+       DEBUGF(fprintf(stderr, "Error: init_id_key failed: %s\n",
+                      ares_strerror(status)));
+@@ -224,6 +228,8 @@ done:
+         ares_free(channel->lookups);
+       if(channel->resolvconf_path)
+         ares_free(channel->resolvconf_path);
++      if (channel->rand_state)
++        ares__destroy_rand_state(channel->rand_state);
+       ares_free(channel);
+       return status;
+     }
+@@ -2495,76 +2501,6 @@ static int sortlist_alloc(struct apattern **sortlist, int *nsort,
+   return 1;
+ }
+ 
+-/* initialize an rc4 key. If possible a cryptographically secure random key
+-   is generated using a suitable function (for example win32's RtlGenRandom as
+-   described in
+-   http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx
+-   otherwise the code defaults to cross-platform albeit less secure mechanism
+-   using rand
+-*/
+-static void randomize_key(unsigned char* key,int key_data_len)
+-{
+-  int randomized = 0;
+-  int counter=0;
+-#ifdef WIN32
+-  BOOLEAN res;
+-  if (ares_fpSystemFunction036)
+-    {
+-      res = (*ares_fpSystemFunction036) (key, key_data_len);
+-      if (res)
+-        randomized = 1;
+-    }
+-#else /* !WIN32 */
+-#ifdef CARES_RANDOM_FILE
+-  FILE *f = fopen(CARES_RANDOM_FILE, "rb");
+-  if(f) {
+-    setvbuf(f, NULL, _IONBF, 0);
+-    counter = aresx_uztosi(fread(key, 1, key_data_len, f));
+-    fclose(f);
+-  }
+-#endif
+-#endif /* WIN32 */
+-
+-  if (!randomized) {
+-    for (;counter<key_data_len;counter++)
+-      key[counter]=(unsigned char)(rand() % 256);  /* LCOV_EXCL_LINE */
+-  }
+-}
+-
+-static int init_id_key(rc4_key* key,int key_data_len)
+-{
+-  unsigned char index1;
+-  unsigned char index2;
+-  unsigned char* state;
+-  short counter;
+-  unsigned char *key_data_ptr = 0;
+-
+-  key_data_ptr = ares_malloc(key_data_len);
+-  if (!key_data_ptr)
+-    return ARES_ENOMEM;
+-  memset(key_data_ptr, 0, key_data_len);
+-
+-  state = &key->state[0];
+-  for(counter = 0; counter < 256; counter++)
+-    /* unnecessary AND but it keeps some compilers happier */
+-    state[counter] = (unsigned char)(counter & 0xff);
+-  randomize_key(key->state,key_data_len);
+-  key->x = 0;
+-  key->y = 0;
+-  index1 = 0;
+-  index2 = 0;
+-  for(counter = 0; counter < 256; counter++)
+-  {
+-    index2 = (unsigned char)((key_data_ptr[index1] + state[counter] +
+-                              index2) % 256);
+-    ARES_SWAP_BYTE(&state[counter], &state[index2]);
+-
+-    index1 = (unsigned char)((index1 + 1) % key_data_len);
+-  }
+-  ares_free(key_data_ptr);
+-  return ARES_SUCCESS;
+-}
+-
+ void ares_set_local_ip4(ares_channel channel, unsigned int local_ip)
+ {
+   channel->local_ip4 = local_ip;
+diff --git a/src/lib/ares_private.h b/src/lib/ares_private.h
+index 60d69e0..518b5c3 100644
+--- a/src/lib/ares_private.h
++++ b/src/lib/ares_private.h
+@@ -101,8 +101,6 @@ W32_FUNC const char *_w32_GetHostsFile (void);
+ 
+ #endif
+ 
+-#define ARES_ID_KEY_LEN 31
+-
+ #include "ares_ipv6.h"
+ #include "ares_llist.h"
+ 
+@@ -262,12 +260,8 @@ struct apattern {
+   unsigned short type;
+ };
+ 
+-typedef struct rc4_key
+-{
+-  unsigned char state[256];
+-  unsigned char x;
+-  unsigned char y;
+-} rc4_key;
++struct ares_rand_state;
++typedef struct ares_rand_state ares_rand_state;
+ 
+ struct ares_channeldata {
+   /* Configuration data */
+@@ -302,8 +296,8 @@ struct ares_channeldata {
+ 
+   /* ID to use for next query */
+   unsigned short next_id;
+-  /* key to use when generating new ids */
+-  rc4_key id_key;
++  /* random state to use when generating new ids */
++  ares_rand_state *rand_state;
+ 
+   /* Generation number to use for the next TCP socket open/close */
+   int tcp_connection_generation;
+@@ -359,7 +353,10 @@ void ares__close_sockets(ares_channel channel, struct server_state *server);
+ int ares__get_hostent(FILE *fp, int family, struct hostent **host);
+ int ares__read_line(FILE *fp, char **buf, size_t *bufsize);
+ void ares__free_query(struct query *query);
+-unsigned short ares__generate_new_id(rc4_key* key);
++
++ares_rand_state *ares__init_rand_state(void);
++void ares__destroy_rand_state(ares_rand_state *state);
++unsigned short ares__generate_new_id(ares_rand_state *state);
+ struct timeval ares__tvnow(void);
+ int ares__expand_name_validated(const unsigned char *encoded,
+                                 const unsigned char *abuf,
+diff --git a/src/lib/ares_query.c b/src/lib/ares_query.c
+index 508274d..42323be 100644
+--- a/src/lib/ares_query.c
++++ b/src/lib/ares_query.c
+@@ -33,32 +33,6 @@ struct qquery {
+ 
+ static void qcallback(void *arg, int status, int timeouts, unsigned char *abuf, int alen);
+ 
+-static void rc4(rc4_key* key, unsigned char *buffer_ptr, int buffer_len)
+-{
+-  unsigned char x;
+-  unsigned char y;
+-  unsigned char* state;
+-  unsigned char xorIndex;
+-  int counter;
+-
+-  x = key->x;
+-  y = key->y;
+-
+-  state = &key->state[0];
+-  for(counter = 0; counter < buffer_len; counter ++)
+-  {
+-    x = (unsigned char)((x + 1) % 256);
+-    y = (unsigned char)((state[x] + y) % 256);
+-    ARES_SWAP_BYTE(&state[x], &state[y]);
+-
+-    xorIndex = (unsigned char)((state[x] + state[y]) % 256);
+-
+-    buffer_ptr[counter] = (unsigned char)(buffer_ptr[counter]^state[xorIndex]);
+-  }
+-  key->x = x;
+-  key->y = y;
+-}
+-
+ static struct query* find_query_by_id(ares_channel channel, unsigned short id)
+ {
+   unsigned short qid;
+@@ -78,7 +52,6 @@ static struct query* find_query_by_id(ares_channel channel, unsigned short id)
+   return NULL;
+ }
+ 
+-
+ /* a unique query id is generated using an rc4 key. Since the id may already
+    be used by a running query (as infrequent as it may be), a lookup is
+    performed per id generation. In practice this search should happen only
+@@ -89,19 +62,12 @@ static unsigned short generate_unique_id(ares_channel channel)
+   unsigned short id;
+ 
+   do {
+-    id = ares__generate_new_id(&channel->id_key);
++    id = ares__generate_new_id(channel->rand_state);
+   } while (find_query_by_id(channel, id));
+ 
+   return (unsigned short)id;
+ }
+ 
+-unsigned short ares__generate_new_id(rc4_key* key)
+-{
+-  unsigned short r=0;
+-  rc4(key, (unsigned char *)&r, sizeof(r));
+-  return r;
+-}
+-
+ void ares_query(ares_channel channel, const char *name, int dnsclass,
+                 int type, ares_callback callback, void *arg)
+ {
+diff --git a/src/lib/ares_rand.c b/src/lib/ares_rand.c
+new file mode 100644
+index 0000000..a564bc2
+--- /dev/null
++++ b/src/lib/ares_rand.c
+@@ -0,0 +1,274 @@
++/* Copyright 1998 by the Massachusetts Institute of Technology.
++ * Copyright (C) 2007-2013 by Daniel Stenberg
++ *
++ * Permission to use, copy, modify, and distribute this
++ * software and its documentation for any purpose and without
++ * fee is hereby granted, provided that the above copyright
++ * notice appear in all copies and that both that copyright
++ * notice and this permission notice appear in supporting
++ * documentation, and that the name of M.I.T. not be used in
++ * advertising or publicity pertaining to distribution of the
++ * software without specific, written prior permission.
++ * M.I.T. makes no representations about the suitability of
++ * this software for any purpose.  It is provided "as is"
++ * without express or implied warranty.
++ */
++
++#include "ares_setup.h"
++#include "ares.h"
++#include "ares_private.h"
++#include "ares_nowarn.h"
++#include <stdlib.h>
++
++typedef enum  {
++  ARES_RAND_OS   = 1,  /* OS-provided such as RtlGenRandom or arc4random */
++  ARES_RAND_FILE = 2,  /* OS file-backed random number generator */
++  ARES_RAND_RC4  = 3   /* Internal RC4 based PRNG */
++} ares_rand_backend;
++
++typedef struct ares_rand_rc4
++{
++  unsigned char S[256];
++  size_t        i;
++  size_t        j;
++} ares_rand_rc4;
++
++struct ares_rand_state
++{
++  ares_rand_backend type;
++  union {
++    FILE *rand_file;
++    ares_rand_rc4 rc4;
++  } state;
++};
++
++
++/* Define RtlGenRandom = SystemFunction036.  This is in advapi32.dll.  There is
++ * no need to dynamically load this, other software used widely does not.
++ * http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx
++ * https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-rtlgenrandom
++ */
++#ifdef _WIN32
++BOOLEAN WINAPI SystemFunction036(PVOID RandomBuffer, ULONG RandomBufferLength);
++#  ifndef RtlGenRandom
++#    define RtlGenRandom(a,b) SystemFunction036(a,b)
++#  endif
++#endif
++
++
++#define ARES_RC4_KEY_LEN 32 /* 256 bits */
++
++static unsigned int ares_u32_from_ptr(void *addr)
++{
++    if (sizeof(void *) == 8) {
++        return (unsigned int)((((size_t)addr >> 32) & 0xFFFFFFFF) | ((size_t)addr & 0xFFFFFFFF));
++    }
++    return (unsigned int)((size_t)addr & 0xFFFFFFFF);
++}
++
++
++/* initialize an rc4 key as the last possible fallback. */
++static void ares_rc4_generate_key(ares_rand_rc4 *rc4_state, unsigned char *key, size_t key_len)
++{
++  size_t         i;
++  size_t         len = 0;
++  unsigned int   data;
++  struct timeval tv;
++
++  if (key_len != ARES_RC4_KEY_LEN)
++    return;
++
++  /* Randomness is hard to come by.  Maybe the system randomizes heap and stack addresses.
++   * Maybe the current timestamp give us some randomness.
++   * Use  rc4_state (heap), &i (stack), and ares__tvnow()
++   */
++  data = ares_u32_from_ptr(rc4_state);
++  memcpy(key + len, &data, sizeof(data));
++  len += sizeof(data);
++
++  data = ares_u32_from_ptr(&i);
++  memcpy(key + len, &data, sizeof(data));
++  len += sizeof(data);
++
++  tv = ares__tvnow();
++  data = (unsigned int)((tv.tv_sec | tv.tv_usec) & 0xFFFFFFFF);
++  memcpy(key + len, &data, sizeof(data));
++  len += sizeof(data);
++
++  srand(ares_u32_from_ptr(rc4_state) | ares_u32_from_ptr(&i) | (unsigned int)((tv.tv_sec | tv.tv_usec) & 0xFFFFFFFF));
++
++  for (i=len; i<key_len; i++) {
++    key[i]=(unsigned char)(rand() % 256);  /* LCOV_EXCL_LINE */
++  }
++}
++
++
++static void ares_rc4_init(ares_rand_rc4 *rc4_state)
++{
++  unsigned char key[ARES_RC4_KEY_LEN];
++  size_t        i;
++  size_t        j;
++
++  ares_rc4_generate_key(rc4_state, key, sizeof(key));
++
++  for (i = 0; i < sizeof(rc4_state->S); i++) {
++    rc4_state->S[i] = i & 0xFF;
++  }
++
++  for(i = 0, j = 0; i < 256; i++) {
++    j = (j + rc4_state->S[i] + key[i % sizeof(key)]) % 256;
++    ARES_SWAP_BYTE(&rc4_state->S[i], &rc4_state->S[j]);
++  }
++
++  rc4_state->i = 0;
++  rc4_state->j = 0;
++}
++
++/* Just outputs the key schedule, no need to XOR with any data since we have none */
++static void ares_rc4_prng(ares_rand_rc4 *rc4_state, unsigned char *buf, int len)
++{
++  unsigned char *S = rc4_state->S;
++  size_t         i = rc4_state->i;
++  size_t         j = rc4_state->j;
++  size_t         cnt;
++
++  for (cnt=0; cnt<len; cnt++) {
++    i = (i + 1) % 256;
++    j = (j + S[i]) % 256;
++
++    ARES_SWAP_BYTE(&S[i], &S[j]);
++    buf[cnt] = S[(S[i] + S[j]) % 256];
++  }
++
++  rc4_state->i = i;
++  rc4_state->j = j;
++}
++
++
++static int ares__init_rand_engine(ares_rand_state *state)
++{
++  memset(state, 0, sizeof(*state));
++
++#if defined(HAVE_ARC4RANDOM_BUF) || defined(_WIN32)
++  state->type = ARES_RAND_OS;
++  return 1;
++#elif defined(CARES_RANDOM_FILE)
++  state->type            = ARES_RAND_FILE;
++  state->state.rand_file = fopen(CARES_RANDOM_FILE, "rb");
++  if (state->state.rand_file) {
++    setvbuf(state->state.rand_file, NULL, _IONBF, 0);
++    return 1;
++  }
++  /* Fall-Thru on failure to RC4 */
++#endif
++
++  state->type = ARES_RAND_RC4;
++  ares_rc4_init(&state->state.rc4);
++
++  /* Currently cannot fail */
++  return 1;
++}
++
++
++ares_rand_state *ares__init_rand_state()
++{
++  ares_rand_state *state = NULL;
++
++  state = ares_malloc(sizeof(*state));
++  if (!state)
++    return NULL;
++
++  if (!ares__init_rand_engine(state)) {
++    ares_free(state);
++    return NULL;
++  }
++
++  return state;
++}
++
++
++static void ares__clear_rand_state(ares_rand_state *state)
++{
++  if (!state)
++    return;
++
++  switch (state->type) {
++    case ARES_RAND_OS:
++      break;
++    case ARES_RAND_FILE:
++      fclose(state->state.rand_file);
++      break;
++    case ARES_RAND_RC4:
++      break;
++  }
++}
++
++
++static void ares__reinit_rand(ares_rand_state *state)
++{
++  ares__clear_rand_state(state);
++  ares__init_rand_engine(state);
++}
++
++
++void ares__destroy_rand_state(ares_rand_state *state)
++{
++  if (!state)
++    return;
++
++  ares__clear_rand_state(state);
++  ares_free(state);
++}
++
++
++static void ares__rand_bytes(ares_rand_state *state, unsigned char *buf, size_t len)
++{
++
++  while (1) {
++    size_t rv;
++    size_t bytes_read = 0;
++
++    switch (state->type) {
++      case ARES_RAND_OS:
++#ifdef _WIN32
++        RtlGenRandom(buf, len);
++        return;
++#elif defined(HAVE_ARC4RANDOM_BUF)
++        arc4random_buf(buf, len);
++        return;
++#else
++        /* Shouldn't be possible to be here */
++        break;
++#endif
++
++      case ARES_RAND_FILE:
++        while (1) {
++          size_t rv = fread(buf + bytes_read, 1, len - bytes_read, state->state.rand_file);
++          if (rv == 0)
++            break; /* critical error, will reinit rand state */
++
++          bytes_read += rv;
++          if (bytes_read == len)
++            return;
++        }
++        break;
++
++      case ARES_RAND_RC4:
++        ares_rc4_prng(&state->state.rc4, buf, len);
++        return;
++    }
++
++    /* If we didn't return before we got here, that means we had a critical rand
++     * failure and need to reinitialized */
++    ares__reinit_rand(state);
++  }
++}
++
++unsigned short ares__generate_new_id(ares_rand_state *state)
++{
++  unsigned short r=0;
++
++  ares__rand_bytes(state, (unsigned char *)&r, sizeof(r));
++  return r;
++}
++
+-- 
+2.30.2
+
diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-32067.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-32067.patch
new file mode 100644
index 0000000000..f6bcaee534
--- /dev/null
+++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-32067.patch
@@ -0,0 +1,85 @@
+From b9b8413cfdb70a3f99e1573333b23052d57ec1ae Mon Sep 17 00:00:00 2001
+From: Brad House <brad@brad-house.com>
+Date: Mon, 22 May 2023 06:51:49 -0400
+Subject: [PATCH] Merge pull request from GHSA-9g78-jv2r-p7vc
+
+Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/b9b8413cfdb70a3f99e1573333b23052d57ec1ae.patch]
+CVE: CVE-2023-32067
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/lib/ares_process.c | 41 +++++++++++++++++++++++++----------------
+ 1 file changed, 25 insertions(+), 16 deletions(-)
+
+diff --git a/src/lib/ares_process.c b/src/lib/ares_process.c
+index 87329e3..605e5f8 100644
+--- a/src/lib/ares_process.c
++++ b/src/lib/ares_process.c
+@@ -457,7 +457,7 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
+ {
+   struct server_state *server;
+   int i;
+-  ares_ssize_t count;
++  ares_ssize_t read_len;
+   unsigned char buf[MAXENDSSZ + 1];
+ #ifdef HAVE_RECVFROM
+   ares_socklen_t fromlen;
+@@ -500,32 +500,41 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
+       /* To reduce event loop overhead, read and process as many
+        * packets as we can. */
+       do {
+-        if (server->udp_socket == ARES_SOCKET_BAD)
+-          count = 0;
+-
+-        else {
+-          if (server->addr.family == AF_INET)
++        if (server->udp_socket == ARES_SOCKET_BAD) {
++          read_len = -1;
++        } else {
++          if (server->addr.family == AF_INET) {
+             fromlen = sizeof(from.sa4);
+-          else
++          } else {
+             fromlen = sizeof(from.sa6);
+-          count = socket_recvfrom(channel, server->udp_socket, (void *)buf,
+-                                  sizeof(buf), 0, &from.sa, &fromlen);
++          }
++          read_len = socket_recvfrom(channel, server->udp_socket, (void *)buf,
++                                     sizeof(buf), 0, &from.sa, &fromlen);
+         }
+ 
+-        if (count == -1 && try_again(SOCKERRNO))
++        if (read_len == 0) {
++          /* UDP is connectionless, so result code of 0 is a 0-length UDP
++           * packet, and not an indication the connection is closed like on
++           * tcp */
+           continue;
+-        else if (count <= 0)
++        } else if (read_len < 0) {
++          if (try_again(SOCKERRNO))
++            continue;
++
+           handle_error(channel, i, now);
++
+ #ifdef HAVE_RECVFROM
+-        else if (!same_address(&from.sa, &server->addr))
++        } else if (!same_address(&from.sa, &server->addr)) {
+           /* The address the response comes from does not match the address we
+            * sent the request to. Someone may be attempting to perform a cache
+            * poisoning attack. */
+-          break;
++          continue;
+ #endif
+-        else
+-          process_answer(channel, buf, (int)count, i, 0, now);
+-       } while (count > 0);
++
++        } else {
++          process_answer(channel, buf, (int)read_len, i, 0, now);
++        }
++      } while (read_len >= 0);
+     }
+ }
+ 
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch
new file mode 100644
index 0000000000..4c97eda3c7
--- /dev/null
+++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch
@@ -0,0 +1,34 @@
+From: a804c04ddc8245fc8adf0e92368709639125e183 Mon Sep 17 00:00:00 2001
+From: Brad House <brad@brad-house.com>
+Date: Mon, 11 Mar 2024 14:29:39 +0000
+Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q
+
+CVE: CVE-2024-25629
+Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/lib/ares__read_line.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/lib/ares__read_line.c b/src/lib/ares__read_line.c
+index c62ad2a..d6625a3 100644
+--- a/src/lib/ares__read_line.c
++++ b/src/lib/ares__read_line.c
+@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize)
+       if (!fgets(*buf + offset, bytestoread, fp))
+         return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
+       len = offset + strlen(*buf + offset);
++
++      /* Probably means there was an embedded NULL as the first character in
++       * the line, throw away line */
++      if (len == 0) {
++        offset = 0;
++        continue;
++      }
++
+       if ((*buf)[len - 1] == '\n')
+         {
+           (*buf)[len - 1] = 0;
+--
+2.40.0
diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
index 2cd00cb578..838046146f 100644
--- a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
+++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
@@ -5,7 +5,13 @@ SECTION = "libs"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006"
 
-SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https"
+SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https \
+           file://CVE-2022-4904.patch \
+           file://CVE-2023-31130.patch \
+           file://CVE-2023-32067.patch \
+           file://CVE-2023-31147.patch \
+           file://CVE-2024-25629.patch \
+          "
 SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed"
 
 UPSTREAM_CHECK_GITTAGREGEX = "cares-(?P<pver>\d+_(\d_?)+)"
@@ -19,3 +25,7 @@ PACKAGES =+ "${PN}-utils"
 FILES:${PN}-utils = "${bindir}"
 
 BBCLASSEXTEND = "native nativesdk"
+
+# this vulneribility applies only when cross-compiling using autotools
+# yocto cross-compiles via cmake which is also listed as official workaround
+CVE_CHECK_IGNORE += "CVE-2023-31124"
diff --git a/meta-oe/recipes-support/dool/dool/0001-Fix-rename-in-docs.patch b/meta-oe/recipes-support/dool/dool/0001-Fix-rename-in-docs.patch
new file mode 100644
index 0000000000..8d576f5d58
--- /dev/null
+++ b/meta-oe/recipes-support/dool/dool/0001-Fix-rename-in-docs.patch
@@ -0,0 +1,261 @@
+From 689c65fb050976d5a548a5b9a0f5d2c14eaa3301 Mon Sep 17 00:00:00 2001
+From: Alexander Stein <alexander.stein@tq-group.com>
+Date: Thu, 8 Dec 2022 14:11:46 +0100
+Subject: [PATCH 1/1] Fix rename in docs
+
+The content of dool.1.adoc is completly unchanged from dstat.1.adoc.
+Unfortunately the 'NAME' specifies the created file name. So
+building/cleaning docs is currently broken
+
+Upstream-Status: Pending
+https://github.com/scottchiefbaker/dool/pull/30
+
+Signed-off-by: Alexander Stein <alexander.stein@tq-group.com>
+---
+ docs/dool.1.adoc | 108 +++++++++++++++++++++++------------------------
+ 1 file changed, 54 insertions(+), 54 deletions(-)
+
+diff --git a/docs/dool.1.adoc b/docs/dool.1.adoc
+index 24c4a54..921df1f 100644
+--- a/docs/dool.1.adoc
++++ b/docs/dool.1.adoc
+@@ -1,35 +1,35 @@
+-= dstat(1)
++= dool(1)
+ Dag Wieers <dag@wieers.com>
+ v0.7.3, August 2014
+ 
+ 
+ == NAME
+-dstat - versatile tool for generating system resource statistics
++dool - versatile tool for generating system resource statistics
+ 
+ 
+ == SYNOPSIS
+-dstat [-afv] [options..] [delay [count]]
++dool [-afv] [options..] [delay [count]]
+ 
+ 
+ == DESCRIPTION
+-Dstat is a versatile replacement for vmstat, iostat and ifstat. Dstat
++Dool is a versatile replacement for vmstat, iostat and ifstat. Dool
+ overcomes some of the limitations and adds some extra features.
+ 
+-Dstat allows you to view all of your system resources instantly, you
++Dool allows you to view all of your system resources instantly, you
+ can eg. compare disk usage in combination with interrupts from your
+ IDE controller, or compare the network bandwidth numbers directly with
+ the disk throughput (in the same interval).
+ 
+-Dstat also cleverly gives you the most detailed information in columns
++Dool also cleverly gives you the most detailed information in columns
+ and clearly indicates in what magnitude and unit the output is displayed.
+ Less confusion, less mistakes, more efficient.
+ 
+-Dstat is unique in letting you aggregate block device throughput for a
++Dool is unique in letting you aggregate block device throughput for a
+ certain diskset or network bandwidth for a group of interfaces, ie. 
+ you can see the throughput for all the block devices that make up a
+ single filesystem or storage system.
+ 
+-Dstat allows its data to be directly written to a CSV file to be
++Dool allows its data to be directly written to a CSV file to be
+ imported and used by OpenOffice, Gnumeric or Excel to create graphs.
+ 
+ [NOTE]
+@@ -187,13 +187,13 @@ Possible internal stats are::
+     write CSV output to file
+ 
+ --profile::
+-    show profiling statistics when exiting dstat
++    show profiling statistics when exiting dool
+ 
+ 
+ == PLUGINS
+-While anyone can create their own dstat plugins (and contribute them) dstat
++While anyone can create their own dool plugins (and contribute them) dool
+ ships with a number of plugins already that extend its capabilities greatly.
+-Here is an overview of the plugins dstat ships with:
++Here is an overview of the plugins dool ships with:
+ 
+ --battery::
+     battery in percentage (needs ACPI)
+@@ -225,17 +225,17 @@ Here is an overview of the plugins dstat ships with:
+ --disk-wait::
+     average time (in milliseconds) for I/O requests issued to the device to be served
+ 
+---dstat::
+-    show dstat cputime consumption and latency
++--dool::
++    show dool cputime consumption and latency
+ 
+---dstat-cpu::
+-    show dstat advanced cpu usage
++--dool-cpu::
++    show dool advanced cpu usage
+ 
+---dstat-ctxt::
+-    show dstat context switches
++--dool-ctxt::
++    show dool context switches
+ 
+---dstat-mem::
+-    show dstat advanced memory usage
++--dool-mem::
++    show dool advanced memory usage
+ 
+ --fan::
+     fan speed (needs ACPI)
+@@ -250,7 +250,7 @@ Here is an overview of the plugins dstat ships with:
+     GPFS filesystem operations (needs mmpmon)
+ 
+ --helloworld::
+-    Hello world example dstat plugin
++    Hello world example dool plugin
+ 
+ --innodb-buffer::
+     show innodb buffer stats
+@@ -340,22 +340,22 @@ Here is an overview of the plugins dstat ships with:
+     show sendmail queue size (needs sendmail)
+ 
+ --snmp-cpu::
+-    show CPU stats using SNMP from DSTAT_SNMPSERVER
++    show CPU stats using SNMP from DOOL_SNMPSERVER
+ 
+ --snmp-load::
+-    show load stats using SNMP from DSTAT_SNMPSERVER
++    show load stats using SNMP from DOOL_SNMPSERVER
+ 
+ --snmp-mem::
+-    show memory stats using SNMP from DSTAT_SNMPSERVER
++    show memory stats using SNMP from DOOL_SNMPSERVER
+ 
+ --snmp-net::
+-    show network stats using SNMP from DSTAT_SNMPSERVER
++    show network stats using SNMP from DOOL_SNMPSERVER
+ 
+ --snmp-net-err:
+-    show network errors using SNMP from DSTAT_SNMPSERVER
++    show network errors using SNMP from DOOL_SNMPSERVER
+ 
+ --snmp-sys::
+-    show system stats (interrupts and context switches) using SNMP from DSTAT_SNMPSERVER
++    show system stats (interrupts and context switches) using SNMP from DOOL_SNMPSERVER
+ 
+ --snooze::
+     show number of ticks per second
+@@ -463,7 +463,7 @@ The default delay is 1 and count is unspecified (unlimited)
+ 
+ 
+ == INTERMEDIATE UPDATES
+-When invoking dstat with a *delay* greater than 1 and without the
++When invoking dool with a *delay* greater than 1 and without the
+ *--noupdate* option, it will show intermediate updates, ie. the first
+ time a 1 sec average, the second update a 2 second average, etc. until
+ the delay has been reached.
+@@ -475,34 +475,34 @@ average on a new line, just like with vmstat.
+ 
+ 
+ == EXAMPLES
+-Using dstat to relate disk-throughput with network-usage (eth0), total CPU-usage and system counters:
++Using dool to relate disk-throughput with network-usage (eth0), total CPU-usage and system counters:
+ ----
+-dstat -dnyc -N eth0 -C total -f 5
++dool -dnyc -N eth0 -C total -f 5
+ ----
+ 
+-Checking dstat's behaviour and the system impact of dstat:
++Checking dool's behaviour and the system impact of dool:
+ ----
+-dstat -taf --debug
++dool -taf --debug
+ ----
+ 
+ Using the time plugin together with cpu, net, disk, system, load, proc and
+ top_cpu plugins:
+ ----
+-dstat -tcndylp --top-cpu
++dool -tcndylp --top-cpu
+ ----
+ this is identical to
+ ----
+-dstat --time --cpu --net --disk --sys --load --proc --top-cpu
++dool --time --cpu --net --disk --sys --load --proc --top-cpu
+ ----
+ 
+-Using dstat to relate advanced cpu stats with interrupts per device:
++Using dool to relate advanced cpu stats with interrupts per device:
+ ----
+-dstat -t --cpu-adv -yif
++dool -t --cpu-adv -yif
+ ----
+ 
+ 
+ == BUGS
+-Since it is practically impossible to test dstat on every possible
++Since it is practically impossible to test dool on every possible
+ permutation of kernel, python or distribution version, I need your
+ help and your feedback to fix the remaining problems. If you have
+ improvements or bugreports, please send them to:
+@@ -513,40 +513,40 @@ Please see the TODO file for known bugs and future plans.
+ 
+ 
+ == FILES
+-Paths that may contain external dstat_*.py plugins:
++Paths that may contain external dool_*.py plugins:
+ 
+-    ~/.dstat/
++    ~/.dool/
+     (path of binary)/plugins/
+-    /usr/share/dstat/
+-    /usr/local/share/dstat/
++    /usr/share/dool/
++    /usr/local/share/dool/
+ 
+ == ENVIRONMENT VARIABLES
+ 
+-Dstat will read additional command line arguments from the environment
+-variable *DSTAT_OPTS*. You can use this to configure Dstat's default
++Dool will read additional command line arguments from the environment
++variable *DOOL_OPTS*. You can use this to configure Dool's default
+ behavior, e.g. if you have a black-on-white terminal:
+ 
+-    export DSTAT_OPTS="--bw --noupdate"
++    export DOOL_OPTS="--bw --noupdate"
+ 
+ Other internal or external plugins have their own environment variables
+ to influence their behavior, e.g.
+ 
+ 
+-    DSTAT_NTPSERVER
++    DOOL_NTPSERVER
+ 
+-    DSTAT_MYSQL
+-    DSTAT_MYSQL_HOST
+-    DSTAT_MYSQL_PORT
+-    DSTAT_MYSQL_SOCKET
+-    DSTAT_MYSQL_USER
+-    DSTAT_MYSQL_PWD
++    DOOL_MYSQL
++    DOOL_MYSQL_HOST
++    DOOL_MYSQL_PORT
++    DOOL_MYSQL_SOCKET
++    DOOL_MYSQL_USER
++    DOOL_MYSQL_PWD
+ 
+-    DSTAT_SNMPSERVER
+-    DSTAT_SNMPCOMMUNITY
++    DOOL_SNMPSERVER
++    DOOL_SNMPCOMMUNITY
+ 
+-    DSTAT_SQUID_OPTS
++    DOOL_SQUID_OPTS
+ 
+-    DSTAT_TIMEFMT
++    DOOL_TIMEFMT
+ 
+ == SEE ALSO
+ 
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/dool/dool_1.0.0.bb b/meta-oe/recipes-support/dool/dool_1.0.0.bb
index d34397c12a..b70f41cb98 100644
--- a/meta-oe/recipes-support/dool/dool_1.0.0.bb
+++ b/meta-oe/recipes-support/dool/dool_1.0.0.bb
@@ -11,6 +11,7 @@ DEPENDS += "asciidoc-native xmlto-native"
 
 SRC_URI = "git://github.com/scottchiefbaker/dool.git;branch=master;protocol=https \
 	   file://0001-Fix-build-error-as-following.patch \
+	   file://0001-Fix-rename-in-docs.patch \
           "
 
 SRCREV = "34a3244b46aa70a31f871a7ca8ffa8d3a7b950d2"
diff --git a/meta-oe/recipes-support/emacs/emacs_27.2.bb b/meta-oe/recipes-support/emacs/emacs_27.2.bb
index b78dc5e450..4a7e7aba5c 100644
--- a/meta-oe/recipes-support/emacs/emacs_27.2.bb
+++ b/meta-oe/recipes-support/emacs/emacs_27.2.bb
@@ -11,6 +11,10 @@ SRC_URI:append:class-target = " file://usemake-docfile-native.patch"
 
 SRC_URI[sha256sum] = "b4a7cc4e78e63f378624e0919215b910af5bb2a0afc819fad298272e9f40c1b9"
 
+CVE_CHECK_IGNORE = "\
+    CVE-2007-6109 \
+"
+
 PACKAGECONFIG[gnutls] = "--with-gnutls=yes,--with-gnutls=no,gnutls"
 PACKAGECONFIG[kerberos] = "--with-kerberos=yes,--with-kerberos=no,krb5"
 PACKAGECONFIG[libgmp] = "--with-libgmp=yes,--with-libgmp=no,gmp"
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index 31afe78e45..b210fa6340 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
 
 DEPENDS = "zlib expat"
 
-SRC_URI = "https://exiv2.org/releases/${BPN}-${PV}-Source.tar.gz"
+SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source.tar.gz"
 SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"
 
 # Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch
new file mode 100644
index 0000000000..a60b2854c8
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch
@@ -0,0 +1,53 @@
+https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0
+CVE: CVE-2022-39316
+Upstream-Status: Backport
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+
+From e865c24efc40ebc52e75979c94cdd4ee2c1495b0 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Thu, 13 Oct 2022 09:09:28 +0200
+Subject: [PATCH] Added missing length checks in zgfx_decompress_segment
+
+(cherry picked from commit 64716b335858109d14f27b51acc4c4d71a92a816)
+---
+ libfreerdp/codec/zgfx.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/libfreerdp/codec/zgfx.c b/libfreerdp/codec/zgfx.c
+index 20fbd354571..e260aa6e28a 100644
+--- a/libfreerdp/codec/zgfx.c
++++ b/libfreerdp/codec/zgfx.c
+@@ -230,19 +230,19 @@ static BOOL zgfx_decompress_segment(ZGFX_CONTEXT* zgfx, wStream* stream, size_t
+ 	BYTE* pbSegment;
+ 	size_t cbSegment;
+ 
+-	if (!zgfx || !stream)
++	if (!zgfx || !stream || (segmentSize < 2))
+ 		return FALSE;
+ 
+ 	cbSegment = segmentSize - 1;
+ 
+-	if ((Stream_GetRemainingLength(stream) < segmentSize) || (segmentSize < 1) ||
+-	    (segmentSize > UINT32_MAX))
++	if ((Stream_GetRemainingLength(stream) < segmentSize) || (segmentSize > UINT32_MAX))
+ 		return FALSE;
+ 
+ 	Stream_Read_UINT8(stream, flags); /* header (1 byte) */
+ 	zgfx->OutputCount = 0;
+ 	pbSegment = Stream_Pointer(stream);
+-	Stream_Seek(stream, cbSegment);
++	if (!Stream_SafeSeek(stream, cbSegment))
++		return FALSE;
+ 
+ 	if (!(flags & PACKET_COMPRESSED))
+ 	{
+@@ -346,6 +346,9 @@ static BOOL zgfx_decompress_segment(ZGFX_CONTEXT* zgfx, wStream* stream, size_t
+ 						if (count > sizeof(zgfx->OutputBuffer) - zgfx->OutputCount)
+ 							return FALSE;
+ 
++						if (count > zgfx->cBitsRemaining / 8)
++							return FALSE;
++
+ 						CopyMemory(&(zgfx->OutputBuffer[zgfx->OutputCount]), zgfx->pbInputCurrent,
+ 						           count);
+ 						zgfx_history_buffer_ring_write(zgfx, zgfx->pbInputCurrent, count);
diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch
new file mode 100644
index 0000000000..76a9e00dd3
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch
@@ -0,0 +1,41 @@
+https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea
+CVE: CVE-2022-39318 CVE-2022-39319
+Upstream-Status: Backport
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+
+From 80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Thu, 13 Oct 2022 08:27:41 +0200
+Subject: [PATCH] Fixed division by zero in urbdrc
+
+(cherry picked from commit 731f8419d04b481d7160de1f34062d630ed48765)
+---
+ channels/urbdrc/client/libusb/libusb_udevice.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/channels/urbdrc/client/libusb/libusb_udevice.c b/channels/urbdrc/client/libusb/libusb_udevice.c
+index 505c31d7b55..ef87f195f38 100644
+--- a/channels/urbdrc/client/libusb/libusb_udevice.c
++++ b/channels/urbdrc/client/libusb/libusb_udevice.c
+@@ -1221,12 +1221,18 @@ static int libusb_udev_isoch_transfer(IUDEVICE* idev, URBDRC_CHANNEL_CALLBACK* c
+ 	if (!Buffer)
+ 		Stream_Seek(user_data->data, (NumberOfPackets * 12));
+ 
+-	iso_packet_size = BufferSize / NumberOfPackets;
+-	iso_transfer = libusb_alloc_transfer(NumberOfPackets);
++	if (NumberOfPackets > 0)
++	{
++		iso_packet_size = BufferSize / NumberOfPackets;
++		iso_transfer = libusb_alloc_transfer((int)NumberOfPackets);
++	}
+ 
+ 	if (iso_transfer == NULL)
+ 	{
+-		WLog_Print(urbdrc->log, WLOG_ERROR, "Error: libusb_alloc_transfer.");
++		WLog_Print(urbdrc->log, WLOG_ERROR,
++		           "Error: libusb_alloc_transfer [NumberOfPackets=%" PRIu32 ", BufferSize=%" PRIu32
++		           " ]",
++		           NumberOfPackets, BufferSize);
+ 		async_transfer_user_data_free(user_data);
+ 		return -1;
+ 	}
diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
index ece2f56960..9da8b27c0d 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
@@ -16,6 +16,8 @@ PKGV = "${GITPKGVTAG}"
 SRCREV = "658a72980f6e93241d927c46cfa664bf2547b8b1"
 SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https \
     file://winpr-makecert-Build-with-install-RPATH.patch \
+    file://CVE-2022-39316.patch \
+    file://CVE-2022-39318-39319.patch \
 "
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/gd/gd/0001-Fix-deprecared-function-prototypes.patch b/meta-oe/recipes-support/gd/gd/0001-Fix-deprecared-function-prototypes.patch
new file mode 100644
index 0000000000..5ac5170721
--- /dev/null
+++ b/meta-oe/recipes-support/gd/gd/0001-Fix-deprecared-function-prototypes.patch
@@ -0,0 +1,115 @@
+From 6379331cd0647fc6f149f55e4505a9a92e4f159f Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 22 Aug 2022 22:43:26 -0700
+Subject: [PATCH] Fix deprecared function prototypes
+
+Fixes following errors:
+error: a function definition without a prototype is deprecated in all versions of C and is not supported in C2x [-Werror,-Wdeprecated-non-prototype]
+
+Upstream-Status: Submitted [https://github.com/libgd/libgd/pull/835]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/gd_nnquant.c | 32 +++++++-------------------------
+ src/gd_tiff.c    |  4 +---
+ 2 files changed, 8 insertions(+), 28 deletions(-)
+
+diff --git a/src/gd_nnquant.c b/src/gd_nnquant.c
+index 8b9aa794..013f7160 100644
+--- a/src/gd_nnquant.c
++++ b/src/gd_nnquant.c
+@@ -112,12 +112,7 @@ typedef struct {
+ 
+ /* Initialise network in range (0,0,0,0) to (255,255,255,255) and set parameters
+    ----------------------------------------------------------------------- */
+-static void initnet(nnq, thepic, len, sample, colours)
+-nn_quant *nnq;
+-unsigned char *thepic;
+-int len;
+-int sample;
+-int colours;
++static void initnet(nn_quant *nnq, unsigned char *thepic, int len, int sample, int colours)
+ {
+ 	register int i;
+ 	register int *p;
+@@ -163,9 +158,7 @@ static void unbiasnet(nn_quant *nnq)
+ }
+ 
+ /* Output colormap to unsigned char ptr in RGBA format */
+-static void getcolormap(nnq, map)
+-nn_quant *nnq;
+-unsigned char *map;
++static void getcolormap(nn_quant *nnq, unsigned char *map)
+ {
+ 	int i,j;
+ 	for(j=0; j < nnq->netsize; j++) {
+@@ -232,9 +225,7 @@ static void inxbuild(nn_quant *nnq)
+ 
+ /* Search for ABGR values 0..255 (after net is unbiased) and return colour index
+ 	 ---------------------------------------------------------------------------- */
+-static unsigned int inxsearch(nnq, al,b,g,r)
+-nn_quant *nnq;
+-register int al, b, g, r;
++static unsigned int inxsearch(nn_quant *nnq, int al, int b, int g, int r)
+ {
+ 	register int i, j, dist, a, bestd;
+ 	register int *p;
+@@ -306,9 +297,7 @@ register int al, b, g, r;
+ 
+ /* Search for biased ABGR values
+    ---------------------------- */
+-static int contest(nnq, al,b,g,r)
+-nn_quant *nnq;
+-register int al,b,g,r;
++static int contest(nn_quant *nnq, int al, int b, int g, int r)
+ {
+ 	/* finds closest neuron (min dist) and updates freq */
+ 	/* finds best neuron (min dist-bias) and returns position */
+@@ -362,9 +351,7 @@ register int al,b,g,r;
+ /* Move neuron i towards biased (a,b,g,r) by factor alpha
+ 	 ---------------------------------------------------- */
+ 
+-static void altersingle(nnq, alpha,i,al,b,g,r)
+-nn_quant *nnq;
+-register int alpha,i,al,b,g,r;
++static void altersingle(nn_quant *nnq, int alpha, int i,int al, int b, int g, int r)
+ {
+ 	register int *n;
+ 
+@@ -382,10 +369,7 @@ register int alpha,i,al,b,g,r;
+ /* Move adjacent neurons by precomputed alpha*(1-((i-j)^2/[r]^2)) in radpower[|i-j|]
+ 	 --------------------------------------------------------------------------------- */
+ 
+-static void alterneigh(nnq, rad,i,al,b,g,r)
+-nn_quant *nnq;
+-int rad,i;
+-register int al,b,g,r;
++static void alterneigh(nn_quant *nnq, int rad, int i, int al,int b,int g, int r)
+ {
+ 	register int j,k,lo,hi,a;
+ 	register int *p, *q;
+@@ -429,9 +413,7 @@ register int al,b,g,r;
+ /* Main Learning Loop
+    ------------------ */
+ 
+-static void learn(nnq, verbose) /* Stu: N.B. added parameter so that main() could control verbosity. */
+-nn_quant *nnq;
+-int verbose;
++static void learn(nn_quant *nnq, int verbose) /* Stu: N.B. added parameter so that main() could control verbosity. */
+ {
+ 	register int i,j,al,b,g,r;
+ 	int radius,rad,alpha,step,delta,samplepixels;
+diff --git a/src/gd_tiff.c b/src/gd_tiff.c
+index 7f72b610..3d90e61a 100644
+--- a/src/gd_tiff.c
++++ b/src/gd_tiff.c
+@@ -446,9 +446,7 @@ BGD_DECLARE(void) gdImageTiffCtx(gdImagePtr image, gdIOCtx *out)
+ }
+ 
+ /* Check if we are really in 8bit mode */
+-static int checkColorMap(n, r, g, b)
+-int n;
+-uint16_t *r, *g, *b;
++static int checkColorMap(int n, uint16_t *r, uint16_t *g, uint16_t *b)
+ {
+ 	while (n-- > 0)
+ 		if (*r++ >= 256 || *g++ >= 256 || *b++ >= 256)
diff --git a/meta-oe/recipes-support/gd/gd_2.3.3.bb b/meta-oe/recipes-support/gd/gd_2.3.3.bb
index 9d4ee1fe4b..cc2c1571e6 100644
--- a/meta-oe/recipes-support/gd/gd_2.3.3.bb
+++ b/meta-oe/recipes-support/gd/gd_2.3.3.bb
@@ -14,6 +14,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ace63adfdac78400fc30fa22ee9c1bb1"
 DEPENDS = "freetype libpng jpeg zlib tiff"
 
 SRC_URI = "git://github.com/libgd/libgd.git;nobranch=1;protocol=https \
+           file://0001-Fix-deprecared-function-prototypes.patch \
            "
 
 SRCREV = "b5319a41286107b53daa0e08e402aa1819764bdc"
diff --git a/meta-oe/recipes-support/glog/glog_0.5.0.bb b/meta-oe/recipes-support/glog/glog_0.5.0.bb
index 61581d96d7..f0b1293965 100644
--- a/meta-oe/recipes-support/glog/glog_0.5.0.bb
+++ b/meta-oe/recipes-support/glog/glog_0.5.0.bb
@@ -7,7 +7,7 @@ LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=dc9db360e0bbd4e46672f3fd91dd6c4b"
 
 SRC_URI = " \
-    git://github.com/google/glog.git;nobranch=1;protocol=https \
+    git://github.com/google/glog.git;branch=master;protocol=https \
     file://libexecinfo.patch \
 "
 
diff --git a/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb b/meta-oe/recipes-support/gnulib/gnulib_2018-12-18.bb
index a27968079e..a27968079e 100644
--- a/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb
+++ b/meta-oe/recipes-support/gnulib/gnulib_2018-12-18.bb
diff --git a/meta-oe/recipes-support/hdf5/files/CVE-2021-37501.patch b/meta-oe/recipes-support/hdf5/files/CVE-2021-37501.patch
new file mode 100644
index 0000000000..01099f3438
--- /dev/null
+++ b/meta-oe/recipes-support/hdf5/files/CVE-2021-37501.patch
@@ -0,0 +1,37 @@
+From 602015eacc53bf2699bf4c4e5420b63c3f067547 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Mon, 11 Sep 2023 14:01:37 +0800
+Subject: [PATCH] Check for overflow when calculating on-disk attribute data
+ size
+
+Bogus sizes in this test case causes the on-disk data size
+calculation in H5O_attr_decode() to overflow so that the
+calculated size becomes 0. This causes the read to overflow
+and h5dump to segfault.
+
+CVE: CVE-2021-37501
+
+Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/b16ec83d4bd79f9ffaad85de16056419f3532887]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ src/H5Oattr.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/H5Oattr.c b/src/H5Oattr.c
+index c2c0fe3..c289344 100644
+--- a/src/H5Oattr.c
++++ b/src/H5Oattr.c
+@@ -217,6 +217,9 @@ H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED
+ 
+     /* Compute the size of the data */
+     H5_CHECKED_ASSIGN(attr->shared->data_size, size_t, H5S_GET_EXTENT_NPOINTS(attr->shared->ds) * H5T_get_size(attr->shared->dt), hsize_t);
++    /* Check if multiplication has overflown */
++    if ((attr->shared->data_size / H5T_get_size(attr->shared->dt)) != H5S_GET_EXTENT_NPOINTS(attr->shared->ds))
++        HGOTO_ERROR(H5E_RESOURCE, H5E_OVERFLOW, NULL, "data size exceeds addressable range");
+ 
+     /* Go get the data */
+     if(attr->shared->data_size) {
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-support/hdf5/hdf5_1.8.21.bb b/meta-oe/recipes-support/hdf5/hdf5_1.8.21.bb
index 7b886a4635..4110e9cea4 100644
--- a/meta-oe/recipes-support/hdf5/hdf5_1.8.21.bb
+++ b/meta-oe/recipes-support/hdf5/hdf5_1.8.21.bb
@@ -17,6 +17,7 @@ SRC_URI = " \
     file://0001-cross-compiling-support.patch \
     file://0002-Remove-suffix-shared-from-shared-library-name.patch \
     file://0001-cmake-remove-build-flags.patch \
+    file://CVE-2021-37501.patch \
 "
 SRC_URI[md5sum] = "2d2408f2a9dfb5c7b79998002e9a90e9"
 SRC_URI[sha256sum] = "e5b1b1dee44a64b795a91c3321ab7196d9e0871fe50d42969761794e3899f40d"
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index 008a83f46d..b8167f5a72 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -4,15 +4,15 @@ HOMEPAGE = "https://www.imagemagick.org/"
 DESCRIPTION = "ImageMagick is a collection of tools for displaying, converting, and \
 editing raster and vector image files. It can read and write over 200 image file formats."
 LICENSE = "ImageMagick"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=41b4fa9af60c88e61484b02c0561181a \
-                    file://NOTICE;md5=a2aa6e41f8a40700196a9ce301693e34"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=b97c12a9213df1499565d69b92c73dd7 \
+                    file://NOTICE;md5=d8b9d2ccf273687ad12ebd06e5d8478f"
 # FIXME: There are many more checked libraries. All should be added or explicitly disabled to get consistent results.
 DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool"
 
 BASE_PV := "${PV}"
-PV .= "_25"
+PV .= "-62"
 SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https"
-SRCREV = "8b4e00829eb84d4e7b4da11acf1f98f1e8166e5b"
+SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-oe/recipes-support/libbytesize/libbytesize_2.6.bb b/meta-oe/recipes-support/libbytesize/libbytesize_2.6.bb
index 154973254d..abafaaf7a7 100644
--- a/meta-oe/recipes-support/libbytesize/libbytesize_2.6.bb
+++ b/meta-oe/recipes-support/libbytesize/libbytesize_2.6.bb
@@ -10,7 +10,7 @@ S = "${WORKDIR}/git"
 B = "${S}"
 
 SRCREV = "c9864f4dd03736839f40d225da494cb1eb64e654"
-SRC_URI = "git://github.com/rhinstaller/libbytesize;branch=master;protocol=https"
+SRC_URI = "git://github.com/rhinstaller/libbytesize;branch=main;protocol=https"
 
 inherit gettext autotools pkgconfig python3native
 
diff --git a/meta-oe/recipes-support/libiio/libiio_git.bb b/meta-oe/recipes-support/libiio/libiio_git.bb
index bb253f421a..612dd897be 100644
--- a/meta-oe/recipes-support/libiio/libiio_git.bb
+++ b/meta-oe/recipes-support/libiio/libiio_git.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING.txt;md5=7c13b3376cea0ce68d2d2da0a1b3a72c"
 SRCREV = "92d6a35f3d8d721cda7d6fe664b435311dd368b4"
 PV = "0.23"
 
-SRC_URI = "git://github.com/analogdevicesinc/libiio.git;protocol=https;branch=master \
+SRC_URI = "git://github.com/analogdevicesinc/libiio.git;protocol=https;branch=main \
            file://0001-CMake-Move-include-CheckCSourceCompiles-before-its-m.patch \
 "
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
diff --git a/meta-oe/recipes-support/libmxml/libmxml_3.3.bb b/meta-oe/recipes-support/libmxml/libmxml_3.3.bb
index c8e2167795..5169337f58 100644
--- a/meta-oe/recipes-support/libmxml/libmxml_3.3.bb
+++ b/meta-oe/recipes-support/libmxml/libmxml_3.3.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
 HOMEPAGE = "https://www.msweet.org/mxml/"
 BUGTRACKER = "https://github.com/michaelrsweet/mxml/issues"
 
-SRC_URI = "git://github.com/michaelrsweet/mxml.git;nobranch=1;protocol=https"
+SRC_URI = "git://github.com/michaelrsweet/mxml.git;branch=master;protocol=https"
 SRCREV = "0237559fdbcecae34157b547aa2b99e12de305a2"
 S = "${WORKDIR}/git"
 
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch
new file mode 100644
index 0000000000..63b78688dd
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch
@@ -0,0 +1,44 @@
+From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 3 Jun 2020 10:04:09 +0200
+Subject: CVE-2020-16135: Add missing NULL check for ssh_buffer_new()
+
+Add a missing NULL check for the pointer returned by ssh_buffer_new() in
+sftpserver.c.
+
+Thanks to Ramin Farajpour Cami for spotting this.
+
+Fixes T232
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53)
+
+Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/patch/?id=0a9268a60f2d3748ca69bde5651f20e72761058c]
+CVE: CVE-2020-16135
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/sftpserver.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/sftpserver.c b/src/sftpserver.c
+index 1717aa417..1af8a0e76 100644
+--- a/src/sftpserver.c
++++ b/src/sftpserver.c
+@@ -64,6 +64,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
+ 
+   /* take a copy of the whole packet */
+   msg->complete_message = ssh_buffer_new();
++  if (msg->complete_message == NULL) {
++      ssh_set_error_oom(session);
++      sftp_client_message_free(msg);
++      return NULL;
++  }
++
+   ssh_buffer_add_data(msg->complete_message,
+                       ssh_buffer_get(payload),
+                       ssh_buffer_get_len(payload));
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-1.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-1.patch
new file mode 100644
index 0000000000..413e5b3d11
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-1.patch
@@ -0,0 +1,385 @@
+From 4cef5e965a46e9271aed62631b152e4bd23c1e3c Mon Sep 17 00:00:00 2001
+From: Aris Adamantiadis <aris@0xbadc0de.be>
+Date: Tue, 12 Dec 2023 23:09:57 +0100
+Subject: [PATCH] CVE-2023-48795: client side mitigation
+
+Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Upstream-Status: Backport [https://gitlab.com/libssh/libssh-mirror/-/commit/4cef5e965a46e9271aed62631b152e4bd23c1e3c]
+CVE: CVE-2023-48795
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ include/libssh/packet.h  |  1 +
+ include/libssh/session.h |  6 +++++
+ src/curve25519.c         | 18 +++----------
+ src/dh.c                 |  6 +----
+ src/ecdh.c               |  7 +----
+ src/ecdh_crypto.c        | 10 ++-----
+ src/ecdh_gcrypt.c        | 10 +++----
+ src/ecdh_mbedcrypto.c    | 11 +++-----
+ src/kex.c                | 34 ++++++++++++++++++++----
+ src/packet.c             | 56 +++++++++++++++++++++++++++++++++++++++-
+ src/packet_cb.c          | 12 +++++++++
+ 11 files changed, 118 insertions(+), 53 deletions(-)
+
+diff --git a/include/libssh/packet.h b/include/libssh/packet.h
+index fbe09700..8800e16b 100644
+--- a/include/libssh/packet.h
++++ b/include/libssh/packet.h
+@@ -63,6 +63,7 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info);
+ SSH_PACKET_CALLBACK(ssh_packet_kexdh_init);
+ #endif
+ 
++int ssh_packet_send_newkeys(ssh_session session);
+ int ssh_packet_send_unimplemented(ssh_session session, uint32_t seqnum);
+ int ssh_packet_parse_type(ssh_session session);
+ //int packet_flush(ssh_session session, int enforce_blocking);
+diff --git a/include/libssh/session.h b/include/libssh/session.h
+index 23633cc2..b8810f54 100644
+--- a/include/libssh/session.h
++++ b/include/libssh/session.h
+@@ -69,6 +69,12 @@ enum ssh_pending_call_e {
+ /* Client successfully authenticated */
+ #define SSH_SESSION_FLAG_AUTHENTICATED 2
+ 
++/* The current SSH2 session implements the "strict KEX" feature and should behave
++ * differently on SSH2_MSG_NEWKEYS. */
++#define SSH_SESSION_FLAG_KEX_STRICT 0x0010
++/* Unexpected packets have been sent while the session was still unencrypted */
++#define SSH_SESSION_FLAG_KEX_TAINTED 0x0020
++
+ /* codes to use with ssh_handle_packets*() */
+ /* Infinite timeout */
+ #define SSH_TIMEOUT_INFINITE -1
+diff --git a/src/curve25519.c b/src/curve25519.c
+index 167209f4..6eda5feb 100644
+--- a/src/curve25519.c
++++ b/src/curve25519.c
+@@ -166,12 +166,7 @@ int ssh_client_curve25519_reply(ssh_session session, ssh_buffer packet){
+   }
+ 
+   /* Send the MSG_NEWKEYS */
+-  if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
+-    goto error;
+-  }
+-
+-  rc=ssh_packet_send(session);
+-  SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
++  rc = ssh_packet_send_newkeys(session);
+   return rc;
+ error:
+   return SSH_ERROR;
+@@ -297,15 +292,10 @@ int ssh_server_curve25519_init(ssh_session session, ssh_buffer packet){
+         return SSH_ERROR;
+     }
+ 
+-    /* Send the MSG_NEWKEYS */
+-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
+-    if (rc < 0) {
+-        goto error;
+-    }
+-
+     session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+-    rc = ssh_packet_send(session);
+-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
++
++    /* Send the MSG_NEWKEYS */
++    rc = ssh_packet_send_newkeys(session);
+ 
+     return rc;
+ error:
+diff --git a/src/dh.c b/src/dh.c
+index cc12fd46..33883f2d 100644
+--- a/src/dh.c
++++ b/src/dh.c
+@@ -735,11 +735,7 @@ int ssh_client_dh_reply(ssh_session session, ssh_buffer packet){
+   }
+ 
+   /* Send the MSG_NEWKEYS */
+-  if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
+-    goto error;
+-  }
+-
+-  rc=ssh_packet_send(session);
++  rc = ssh_packet_send_newkeys(session);
+   SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
+   return rc;
+ error:
+diff --git a/src/ecdh.c b/src/ecdh.c
+index f7fcaf13..1fef7ec9 100644
+--- a/src/ecdh.c
++++ b/src/ecdh.c
+@@ -72,12 +72,7 @@ int ssh_client_ecdh_reply(ssh_session session, ssh_buffer packet){
+   }
+ 
+   /* Send the MSG_NEWKEYS */
+-  if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
+-    goto error;
+-  }
+-
+-  rc=ssh_packet_send(session);
+-  SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
++  rc = ssh_packet_send_newkeys(session);
+   return rc;
+ error:
+   return SSH_ERROR;
+diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c
+index 24f21c03..7e5f0cc7 100644
+--- a/src/ecdh_crypto.c
++++ b/src/ecdh_crypto.c
+@@ -318,15 +318,9 @@ int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet){
+         return SSH_ERROR;
+     }
+ 
+-    /* Send the MSG_NEWKEYS */
+-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
+-    if (rc < 0) {
+-        return SSH_ERROR;;
+-    }
+-
+     session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+-    rc = ssh_packet_send(session);
+-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
++    /* Send the MSG_NEWKEYS */
++    rc = ssh_packet_send_newkeys(session);
+ 
+     return rc;
+ }
+diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c
+index e43cacea..c1db7f5d 100644
+--- a/src/ecdh_gcrypt.c
++++ b/src/ecdh_gcrypt.c
+@@ -362,17 +362,13 @@ int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet) {
+         goto out;
+     }
+ 
+-
++    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+     /* Send the MSG_NEWKEYS */
+-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
+-    if (rc != SSH_OK) {
++    rc = ssh_packet_send_newkeys(session);
++    if (rc == SSH_ERROR) {
+         goto out;
+     }
+ 
+-    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+-    rc = ssh_packet_send(session);
+-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
+-
+  out:
+     gcry_sexp_release(param);
+     gcry_sexp_release(key);
+diff --git a/src/ecdh_mbedcrypto.c b/src/ecdh_mbedcrypto.c
+index fa350028..24924508 100644
+--- a/src/ecdh_mbedcrypto.c
++++ b/src/ecdh_mbedcrypto.c
+@@ -293,16 +293,13 @@ int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet)
+         goto out;
+     }
+ 
+-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
+-    if (rc < 0) {
+-        rc = SSH_ERROR;
++        session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
++	/* Send the MSG_NEWKEYS */
++	rc = ssh_packet_send_newkeys(session);
++	if (rc == SSH_ERROR) {
+         goto out;
+     }
+ 
+-    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+-    rc = ssh_packet_send(session);
+-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
+-
+ out:
+     mbedtls_ecp_group_free(&grp);
+     return rc;
+diff --git a/src/kex.c b/src/kex.c
+index 82686e4b..7f1bb324 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -105,6 +105,9 @@
+ 
+ /* RFC 8308 */
+ #define KEX_EXTENSION_CLIENT "ext-info-c"
++/* Strict kex mitigation against CVE-2023-48795 */
++#define KEX_STRICT_CLIENT "kex-strict-c-v00@openssh.com"
++#define KEX_STRICT_SERVER "kex-strict-s-v00@openssh.com"
+ 
+ /* NOTE: This is a fixed API and the index is defined by ssh_kex_types_e */
+ static const char *default_methods[] = {
+@@ -521,6 +524,27 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
+             goto error;
+         }
+ 
++	/*
++	 * handle the "strict KEX" feature. If supported by peer, then set up the
++	 * flag and verify packet sequence numbers.
++	 */
++	if (server_kex) {
++	    ok = ssh_match_group(session->next_crypto->client_kex.methods[SSH_KEX],
++			         KEX_STRICT_CLIENT);
++	    if (ok) {
++		SSH_LOG(SSH_LOG_DEBUG, "Client supports strict kex, enabling.");
++		session->flags |= SSH_SESSION_FLAG_KEX_STRICT;
++	    }
++	} else {
++	    /* client kex */
++	    ok = ssh_match_group(session->next_crypto->server_kex.methods[SSH_KEX],
++			         KEX_STRICT_SERVER);
++	    if (ok) {
++		SSH_LOG(SSH_LOG_DEBUG, "Server supports strict kex, enabling.");
++		session->flags |= SSH_SESSION_FLAG_KEX_STRICT;
++	    }
++	}
++
+         /*
+          * If client sent a ext-info-c message in the kex list, it supports
+          * RFC 8308 extension negotiation.
+@@ -778,21 +802,21 @@ int ssh_set_client_kex(ssh_session session)
+         return SSH_OK;
+     }
+ 
+-    /* Here we append  ext-info-c  to the list of kex algorithms */
++    /* Here we append ext-info-c and kex-strict-c-v00@openssh.com to the list of kex algorithms */
+     kex = client->methods[SSH_KEX];
+     len = strlen(kex);
+-    if (len + strlen(KEX_EXTENSION_CLIENT) + 2 < len) {
++    /* Comma, comma, nul byte */
++    kex_len = len + 1 + strlen(KEX_EXTENSION_CLIENT) + 1 + strlen(KEX_STRICT_CLIENT ) + 1;
++    if (kex_len >= MAX_PACKET_LEN) {
+         /* Overflow */
+         return SSH_ERROR;
+     }
+-    kex_len = len + strlen(KEX_EXTENSION_CLIENT) + 2; /* comma, NULL */
+     kex_tmp = realloc(kex, kex_len);
+     if (kex_tmp == NULL) {
+-        free(kex);
+         ssh_set_error_oom(session);
+         return SSH_ERROR;
+     }
+-    snprintf(kex_tmp + len, kex_len - len, ",%s", KEX_EXTENSION_CLIENT);
++    snprintf(kex_tmp + len, kex_len - len, ",%s,%s", KEX_EXTENSION_CLIENT, KEX_STRICT_CLIENT);
+     client->methods[SSH_KEX] = kex_tmp;
+ 
+     return SSH_OK;
+diff --git a/src/packet.c b/src/packet.c
+index 61a44237..8025a7ff 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -1126,6 +1126,19 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
+             }
+ #endif /* WITH_ZLIB */
+             payloadsize = ssh_buffer_get_len(session->in_buffer);
++	    if (session->recv_seq == UINT32_MAX) {
++		/* Overflowing sequence numbers is always fishy */
++		if (session->current_crypto == NULL) {
++		    /* don't allow sequence number overflow when unencrypted */
++		    ssh_set_error(session,
++				  SSH_FATAL,
++				  "Incoming sequence number overflow");
++		    goto error;
++		} else {
++		    SSH_LOG(SSH_LOG_WARNING,
++			    "Incoming sequence number overflow");
++		}
++	    }
+             session->recv_seq++;
+             if (session->raw_counter != NULL) {
+                 session->raw_counter->in_bytes += payloadsize;
+@@ -1141,7 +1154,19 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
+             SSH_LOG(SSH_LOG_PACKET,
+                     "packet: read type %hhd [len=%d,padding=%hhd,comp=%d,payload=%d]",
+                     session->in_packet.type, packet_len, padding, compsize, payloadsize);
+-
++	    if (session->current_crypto == NULL) {
++		/* In strict kex, only a few packets are allowed. Taint the session
++		 * if we received packets that are normally allowed but to be
++		 * refused if we are in strict kex when KEX is over.
++		 */
++		uint8_t type = session->in_packet.type;
++
++		if (type != SSH2_MSG_KEXINIT && type != SSH2_MSG_NEWKEYS &&
++		    (type < SSH2_MSG_KEXDH_INIT ||
++		     type > SSH2_MSG_KEX_DH_GEX_REQUEST)) {
++		    session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
++		}
++	    }
+             /* Check if the packet is expected */
+             filter_result = ssh_packet_incoming_filter(session);
+ 
+@@ -1153,6 +1178,9 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
+             case SSH_PACKET_DENIED:
+                 goto error;
+             case SSH_PACKET_UNKNOWN:
++		if (session->current_crypto == NULL) {
++		    session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
++		}
+                 ssh_packet_send_unimplemented(session, session->recv_seq - 1);
+                 break;
+             }
+@@ -1276,9 +1304,35 @@ void ssh_packet_process(ssh_session session, uint8_t type){
+ 	if(r==SSH_PACKET_NOT_USED){
+ 		SSH_LOG(SSH_LOG_RARE,"Couldn't do anything with packet type %d",type);
+ 		ssh_packet_send_unimplemented(session, session->recv_seq-1);
++		if (session->current_crypto == NULL) {
++		    session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
++		}
+ 	}
+ }
+ 
++/** @internal
++ * @brief sends a SSH_MSG_NEWKEYS when enabling the new negotiated ciphers
++ * @param session the SSH session
++ * @return SSH_ERROR on error, else SSH_OK
++ */
++int ssh_packet_send_newkeys(ssh_session session)
++{
++    int rc;
++
++    /* Send the MSG_NEWKEYS */
++    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
++    if (rc < 0) {
++	return rc;
++    }
++
++    rc = ssh_packet_send(session);
++    if (rc == SSH_ERROR) {
++	return rc;
++    }
++    SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent");
++    return rc;
++}
++
+ /** @internal
+  * @brief sends a SSH_MSG_UNIMPLEMENTED answer to an unhandled packet
+  * @param session the SSH session
+diff --git a/src/packet_cb.c b/src/packet_cb.c
+index 6aa64766..de03fb07 100644
+--- a/src/packet_cb.c
++++ b/src/packet_cb.c
+@@ -154,6 +154,18 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
+       goto error;
+   }
+ 
++  if (session->flags & SSH_SESSION_FLAG_KEX_STRICT) {
++      /* reset packet sequence number when running in strict kex mode */
++      session->recv_seq = 0;
++      /* Check that we aren't tainted */
++      if (session->flags & SSH_SESSION_FLAG_KEX_TAINTED) {
++	  ssh_set_error(session,
++			SSH_FATAL,
++			"Received unexpected packets in strict KEX mode.");
++	  goto error;
++      }
++}
++
+   if(session->server){
+     /* server things are done in server.c */
+     session->dh_handshake_state=DH_STATE_FINISHED;
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-2.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-2.patch
new file mode 100644
index 0000000000..fe3300503f
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-2.patch
@@ -0,0 +1,126 @@
+From 0870c8db28be9eb457ee3d4f9a168959d9507efd Mon Sep 17 00:00:00 2001
+From: Aris Adamantiadis <aris@0xbadc0de.be>
+Date: Tue, 12 Dec 2023 23:30:26 +0100
+Subject: [PATCH] CVE-2023-48795: Server side mitigations
+
+Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Upstream-Status: Backport [https://gitlab.com/libssh/libssh-mirror/-/commit/0870c8db28be9eb457ee3d4f9a168959d9507efd]
+CVE: CVE-2023-48795
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ include/libssh/kex.h |  1 +
+ src/kex.c            | 46 ++++++++++++++++++++++++++++++++++----------
+ src/server.c         |  8 +++++++-
+ 3 files changed, 44 insertions(+), 11 deletions(-)
+
+diff --git a/include/libssh/kex.h b/include/libssh/kex.h
+index a626d105..2b1a74d5 100644
+--- a/include/libssh/kex.h
++++ b/include/libssh/kex.h
+@@ -36,6 +36,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit);
+ int ssh_send_kex(ssh_session session, int server_kex);
+ void ssh_list_kex(struct ssh_kex_struct *kex);
+ int ssh_set_client_kex(ssh_session session);
++int ssh_kex_append_extensions(ssh_session session, struct ssh_kex_struct *pkex);
+ int ssh_kex_select_methods(ssh_session session);
+ int ssh_verify_existing_algo(enum ssh_kex_types_e algo, const char *name);
+ char *ssh_keep_known_algos(enum ssh_kex_types_e algo, const char *list);
+diff --git a/src/kex.c b/src/kex.c
+index 2ed90235..b03e6484 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -766,11 +766,8 @@ int ssh_set_client_kex(ssh_session session)
+ {
+     struct ssh_kex_struct *client= &session->next_crypto->client_kex;
+     const char *wanted;
+-    char *kex = NULL;
+-    char *kex_tmp = NULL;
+     int ok;
+     int i;
+-    size_t kex_len, len;
+ 
+     ok = ssh_get_random(client->cookie, 16, 0);
+     if (!ok) {
+@@ -802,11 +799,33 @@ int ssh_set_client_kex(ssh_session session)
+         return SSH_OK;
+     }
+ 
+-    /* Here we append ext-info-c and kex-strict-c-v00@openssh.com to the list of kex algorithms */
+-    kex = client->methods[SSH_KEX];
++    ok = ssh_kex_append_extensions(session, client);
++    if (ok != SSH_OK){
++	return ok;
++    }
++
++    return SSH_OK;
++}
++
++int ssh_kex_append_extensions(ssh_session session, struct ssh_kex_struct *pkex)
++{
++    char *kex = NULL;
++    char *kex_tmp = NULL;
++    size_t kex_len, len;
++
++    /* Here we append ext-info-c and kex-strict-c-v00@openssh.com for client
++     * and kex-strict-s-v00@openssh.com for server to the list of kex algorithms
++     */
++    kex = pkex->methods[SSH_KEX];
+     len = strlen(kex);
+-    /* Comma, comma, nul byte */
+-    kex_len = len + 1 + strlen(KEX_EXTENSION_CLIENT) + 1 + strlen(KEX_STRICT_CLIENT ) + 1;
++    if (session->server) {
++	/* Comma, nul byte */
++	kex_len = len + 1 + strlen(KEX_STRICT_SERVER) + 1;
++    } else {
++	/* Comma, comma, nul byte */
++	kex_len = len + 1 + strlen(KEX_EXTENSION_CLIENT) + 1 +
++		  strlen(KEX_STRICT_CLIENT) + 1;
++    }
+     if (kex_len >= MAX_PACKET_LEN) {
+         /* Overflow */
+         return SSH_ERROR;
+@@ -816,9 +835,16 @@ int ssh_set_client_kex(ssh_session session)
+         ssh_set_error_oom(session);
+         return SSH_ERROR;
+     }
+-    snprintf(kex_tmp + len, kex_len - len, ",%s,%s", KEX_EXTENSION_CLIENT, KEX_STRICT_CLIENT);
+-    client->methods[SSH_KEX] = kex_tmp;
+-
++    if (session->server){
++	snprintf(kex_tmp + len, kex_len - len, ",%s", KEX_STRICT_SERVER);
++    } else {
++	snprintf(kex_tmp + len,
++		 kex_len - len,
++		 ",%s,%s",
++		 KEX_EXTENSION_CLIENT,
++		 KEX_STRICT_CLIENT);
++    }
++    pkex->methods[SSH_KEX] = kex_tmp;
+     return SSH_OK;
+ }
+ 
+diff --git a/src/server.c b/src/server.c
+index bc98da4f..f3d24a7b 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -158,7 +158,13 @@ static int server_set_kex(ssh_session session) {
+     }
+   }
+ 
+-  return 0;
++  /* Do not append the extensions during rekey */
++  if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) {
++      return SSH_OK;
++  }
++
++  rc = ssh_kex_append_extensions(session, server);
++  return rc;
+ }
+ 
+ int ssh_server_init_kex(ssh_session session) {
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-3.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-3.patch
new file mode 100644
index 0000000000..1635a4c2dc
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-3.patch
@@ -0,0 +1,47 @@
+From 5846e57538c750c5ce67df887d09fa99861c79c6 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 14 Dec 2023 12:22:01 +0100
+Subject: [PATCH] CVE-2023-48795: Strip extensions from both kex lists for
+ matching
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Upstream-Status: Backport [https://gitlab.com/libssh/libssh-mirror/-/commit/5846e57538c750c5ce67df887d09fa99861c79c6]
+CVE: CVE-2023-48795
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/kex.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/src/kex.c b/src/kex.c
+index b03e6484..c100d908 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -857,11 +857,19 @@ int ssh_kex_select_methods (ssh_session session){
+     char *ext_start = NULL;
+     int i;
+ 
+-    /* Here we should drop the  ext-info-c  from the list so we avoid matching.
++    /* Here we should drop the extensions from the list so we avoid matching.
+      * it. We added it to the end, so we can just truncate the string here */
+-    ext_start = strstr(client->methods[SSH_KEX], ","KEX_EXTENSION_CLIENT);
+-    if (ext_start != NULL) {
+-        ext_start[0] = '\0';
++    if (session->client) {
++	ext_start = strstr(client->methods[SSH_KEX], "," KEX_EXTENSION_CLIENT);
++	if (ext_start != NULL) {
++	    ext_start[0] = '\0';
++	}
++    }
++    if (session->server) {
++	ext_start = strstr(server->methods[SSH_KEX], "," KEX_STRICT_SERVER);
++	if (ext_start != NULL) {
++	    ext_start[0] = '\0';
++	}
+     }
+ 
+     for (i = 0; i < KEX_METHODS_SIZE; i++) {
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb b/meta-oe/recipes-support/libssh/libssh_0.8.9.bb
index c7e9c3320c..530dda1f4a 100644
--- a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb
+++ b/meta-oe/recipes-support/libssh/libssh_0.8.9.bb
@@ -6,7 +6,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=dabb4958b830e5df11d2b0ed8ea255a0"
 
 DEPENDS = "zlib openssl"
 
-SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.8"
+SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.8 \
+           file://CVE-2020-16135.patch \
+           file://CVE-2023-48795-1.patch \
+           file://CVE-2023-48795-2.patch \
+           file://CVE-2023-48795-3.patch \
+          "
 SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8"
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/multipath-tools/files/0001-multipath-tools-use-run-instead-of-dev-shm.patch b/meta-oe/recipes-support/multipath-tools/files/0001-multipath-tools-use-run-instead-of-dev-shm.patch
new file mode 100644
index 0000000000..dd6af413ef
--- /dev/null
+++ b/meta-oe/recipes-support/multipath-tools/files/0001-multipath-tools-use-run-instead-of-dev-shm.patch
@@ -0,0 +1,159 @@
+From 23e13a52a6213b11eda9a3b09df455f495f74e8d Mon Sep 17 00:00:00 2001
+From: Yogita Urade <yogita.urade@windriver.com>
+Date: Tue, 13 Dec 2022 09:18:33 +0000
+Subject: [PATCH] multipath-tools: use /run instead of /dev/shm
+
+/dev/shm may have unsafe permissions. Use /run instead.
+Use systemd's tmpfiles.d mechanism to create /run/multipath
+early during boot.
+
+For backward compatibilty, make the runtime directory configurable
+via the "runtimedir" make variable.
+
+Signed-off-by: Martin Wilck <mwilck@suse.com>
+Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
+
+CVE: CVE-2022-41973
+
+References:
+https://nvd.nist.gov/vuln/detail/CVE-2022-41973
+
+Upstream-Status: Backport [https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ .gitignore                                        |  2 ++
+ Makefile.inc                                      |  7 ++++++-
+ libmultipath/defaults.h                           |  3 +--
+ multipath/Makefile                                | 11 ++++++++---
+ multipath/{multipath.rules => multipath.rules.in} |  4 ++--
+ multipath/tmpfiles.conf.in                        |  1 +
+ 6 files changed, 20 insertions(+), 8 deletions(-)
+ rename multipath/{multipath.rules => multipath.rules.in} (95%)
+ create mode 100644 multipath/tmpfiles.conf.in
+
+diff --git a/.gitignore b/.gitignore
+index 9926756b..f90b0350 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -8,6 +8,8 @@
+ *.d
+ kpartx/kpartx
+ multipath/multipath
++multipath/multipath.rules
++multipath/tmpfiles.conf
+ multipathd/multipathd
+ mpathpersist/mpathpersist
+ .nfs*
+diff --git a/Makefile.inc b/Makefile.inc
+index 4eb08eed..648f91b4 100644
+--- a/Makefile.inc
++++ b/Makefile.inc
+@@ -44,6 +44,7 @@ exec_prefix	= $(prefix)
+ usr_prefix	= $(prefix)
+ bindir		= $(exec_prefix)/usr/sbin
+ libudevdir	= $(prefix)/$(SYSTEMDPATH)/udev
++tmpfilesdir	= $(prefix)/$(SYSTEMDPATH)/tmpfiles.d
+ udevrulesdir	= $(libudevdir)/rules.d
+ multipathdir	= $(TOPDIR)/libmultipath
+ man8dir		= $(prefix)/usr/share/man/man8
+@@ -60,6 +61,7 @@ libdmmpdir	= $(TOPDIR)/libdmmp
+ nvmedir		= $(TOPDIR)/libmultipath/nvme
+ includedir	= $(prefix)/usr/include
+ pkgconfdir	= $(usrlibdir)/pkgconfig
++runtimedir      := /$(RUN)
+ 
+ GZIP		= gzip -9 -c
+ RM		= rm -f
+@@ -95,7 +97,10 @@ OPTFLAGS       += -Wextra -Wstrict-prototypes -Wformat=2 -Werror=implicit-int \
+                   -Wno-unused-parameter -Werror=cast-qual \
+                   -Werror=discarded-qualifiers
+ 
+-CPPFLAGS	:= -Wp,-D_FORTIFY_SOURCE=2 
++CPPFLAGS	:= $(FORTIFY_OPT) \
++		   -DBIN_DIR=\"$(bindir)\" -DMULTIPATH_DIR=\"$(plugindir)\" -DRUN_DIR=\"${RUN}\" \
++		   -DRUNTIME_DIR=\"$(runtimedir)\" \
++		   -DCONFIG_DIR=\"$(configdir)\" -DEXTRAVERSION=\"$(EXTRAVERSION)\" -MMD -MP 
+ CFLAGS		:= $(OPTFLAGS) -DBIN_DIR=\"$(bindir)\" -DLIB_STRING=\"${LIB}\" -DRUN_DIR=\"${RUN}\" \
+ 		   -MMD -MP $(CFLAGS)
+ BIN_CFLAGS	= -fPIE -DPIE
+diff --git a/libmultipath/defaults.h b/libmultipath/defaults.h
+index c2164c16..908e0ca3 100644
+--- a/libmultipath/defaults.h
++++ b/libmultipath/defaults.h
+@@ -64,8 +64,7 @@
+ #define DEFAULT_WWIDS_FILE	"/etc/multipath/wwids"
+ #define DEFAULT_PRKEYS_FILE    "/etc/multipath/prkeys"
+ #define DEFAULT_CONFIG_DIR	"/etc/multipath/conf.d"
+-#define MULTIPATH_SHM_BASE	"/dev/shm/multipath/"
+-
++#define MULTIPATH_SHM_BASE	RUNTIME_DIR "/multipath/"
+ 
+ static inline char *set_default(char *str)
+ {
+diff --git a/multipath/Makefile b/multipath/Makefile
+index e720c7f6..28976546 100644
+--- a/multipath/Makefile
++++ b/multipath/Makefile
+@@ -12,7 +12,7 @@ EXEC = multipath
+ 
+ OBJS = main.o
+ 
+-all: $(EXEC)
++all: $(EXEC) multipath.rules tmpfiles.conf
+ 
+ $(EXEC): $(OBJS) $(multipathdir)/libmultipath.so $(mpathcmddir)/libmpathcmd.so
+ 	$(CC) $(CFLAGS) $(OBJS) -o $(EXEC) $(LDFLAGS) $(LIBDEPS)
+@@ -26,7 +26,9 @@ install:
+ 	$(INSTALL_PROGRAM) -m 755 mpathconf $(DESTDIR)$(bindir)/
+ 	$(INSTALL_PROGRAM) -d $(DESTDIR)$(udevrulesdir)
+ 	$(INSTALL_PROGRAM) -m 644 11-dm-mpath.rules $(DESTDIR)$(udevrulesdir)
+-	$(INSTALL_PROGRAM) -m 644 $(EXEC).rules $(DESTDIR)$(libudevdir)/rules.d/62-multipath.rules
++	$(INSTALL_PROGRAM) -m 644 multipath.rules $(DESTDIR)$(udevrulesdir)/56-multipath.rules
++	$(INSTALL_PROGRAM) -d $(DESTDIR)$(tmpfilesdir)
++	$(INSTALL_PROGRAM) -m 644 tmpfiles.conf $(DESTDIR)$(tmpfilesdir)/multipath.conf
+ 	$(INSTALL_PROGRAM) -d $(DESTDIR)$(man8dir)
+ 	$(INSTALL_PROGRAM) -m 644 $(EXEC).8.gz $(DESTDIR)$(man8dir)
+ 	$(INSTALL_PROGRAM) -d $(DESTDIR)$(man5dir)
+@@ -43,9 +45,12 @@ uninstall:
+ 	$(RM) $(DESTDIR)$(man8dir)/mpathconf.8.gz
+ 
+ clean: dep_clean
+-	$(RM) core *.o $(EXEC) *.gz
++	$(RM) core *.o $(EXEC) multipath.rules tmpfiles.conf
+ 
+ include $(wildcard $(OBJS:.o=.d))
+ 
+ dep_clean:
+ 	$(RM) $(OBJS:.o=.d)
++
++%:	%.in
++	sed 's,@RUNTIME_DIR@,$(runtimedir),' $< >$@	
+diff --git a/multipath/multipath.rules b/multipath/multipath.rules.in
+similarity index 95%
+rename from multipath/multipath.rules
+rename to multipath/multipath.rules.in
+index 0486bf70..5fb499e6 100644
+--- a/multipath/multipath.rules
++++ b/multipath/multipath.rules.in
+@@ -1,8 +1,8 @@
+ # Set DM_MULTIPATH_DEVICE_PATH if the device should be handled by multipath
+ SUBSYSTEM!="block", GOTO="end_mpath"
+ KERNEL!="sd*|dasd*|nvme*", GOTO="end_mpath"
+-ACTION=="remove", TEST=="/dev/shm/multipath/find_multipaths/$major:$minor", \
+-	RUN+="/usr/bin/rm -f /dev/shm/multipath/find_multipaths/$major:$minor"
++ACTION=="remove", TEST=="@RUNTIME_DIR@/multipath/find_multipaths/$major:$minor", \
++	RUN+="/usr/bin/rm -f @RUNTIME_DIR@/multipath/find_multipaths/$major:$minor"
+ ACTION!="add|change", GOTO="end_mpath"
+ 
+ IMPORT{cmdline}="nompath"
+diff --git a/multipath/tmpfiles.conf.in b/multipath/tmpfiles.conf.in
+new file mode 100644
+index 00000000..21be438a
+--- /dev/null
++++ b/multipath/tmpfiles.conf.in
+@@ -0,0 +1 @@
++d @RUNTIME_DIR@/multipath 0700 root root -
+-- 
+2.32.0
+
diff --git a/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch b/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch
new file mode 100644
index 0000000000..7cdb5f9bda
--- /dev/null
+++ b/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch
@@ -0,0 +1,164 @@
+From 0168696f95b5c610c3861ced8ef98accd1a83b91 Mon Sep 17 00:00:00 2001
+From: Benjamin Marzinski <bmarzins@redhat.com>
+Date: Tue, 27 Sep 2022 12:36:37 +0200
+Subject: [PATCH] multipathd: ignore duplicated multipathd command keys
+
+multipath adds rather than or-s the values of command keys. Fix this.
+Also, return an invalid fingerprint if a key is used more than once.
+
+CVE: CVE-2022-41974
+
+References:
+https://nvd.nist.gov/vuln/detail/CVE-2022-41974
+https://github.com/opensvc/multipath-tools/issues/59
+
+Upstream-Status: Backport
+[https://github.com/openSUSE/multipath-tools/commit/fbbf280a0e26026c19879d938ebb2a8200b6357c]
+
+Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ multipathd/cli.c  |   8 ++--
+ multipathd/main.c | 104 +++++++++++++++++++++++-----------------------
+ 2 files changed, 57 insertions(+), 55 deletions(-)
+
+diff --git a/multipathd/cli.c b/multipathd/cli.c
+index 800c0fbe..0a266761 100644
+--- a/multipathd/cli.c
++++ b/multipathd/cli.c
+@@ -336,9 +336,11 @@ fingerprint(vector vec)
+	if (!vec)
+		return 0;
+
+-	vector_foreach_slot(vec, kw, i)
+-		fp += kw->code;
+-
++	vector_foreach_slot(vec, kw, i) {
++		if (fp & kw->code)
++			return (uint64_t)-1;
++		fp |= kw->code;
++	}
+	return fp;
+ }
+
+diff --git a/multipathd/main.c b/multipathd/main.c
+index 8baf9abe..975287d2 100644
+--- a/multipathd/main.c
++++ b/multipathd/main.c
+@@ -1522,61 +1522,61 @@ uxlsnrloop (void * ap)
+	/* Tell main thread that thread has started */
+	post_config_state(DAEMON_CONFIGURE);
+
+-	set_handler_callback(LIST+PATHS, cli_list_paths);
+-	set_handler_callback(LIST+PATHS+FMT, cli_list_paths_fmt);
+-	set_handler_callback(LIST+PATHS+RAW+FMT, cli_list_paths_raw);
+-	set_handler_callback(LIST+PATH, cli_list_path);
+-	set_handler_callback(LIST+MAPS, cli_list_maps);
+-	set_handler_callback(LIST+STATUS, cli_list_status);
+-	set_unlocked_handler_callback(LIST+DAEMON, cli_list_daemon);
+-	set_handler_callback(LIST+MAPS+STATUS, cli_list_maps_status);
+-	set_handler_callback(LIST+MAPS+STATS, cli_list_maps_stats);
+-	set_handler_callback(LIST+MAPS+FMT, cli_list_maps_fmt);
+-	set_handler_callback(LIST+MAPS+RAW+FMT, cli_list_maps_raw);
+-	set_handler_callback(LIST+MAPS+TOPOLOGY, cli_list_maps_topology);
+-	set_handler_callback(LIST+TOPOLOGY, cli_list_maps_topology);
+-	set_handler_callback(LIST+MAPS+JSON, cli_list_maps_json);
+-	set_handler_callback(LIST+MAP+TOPOLOGY, cli_list_map_topology);
+-	set_handler_callback(LIST+MAP+FMT, cli_list_map_fmt);
+-	set_handler_callback(LIST+MAP+RAW+FMT, cli_list_map_fmt);
+-	set_handler_callback(LIST+MAP+JSON, cli_list_map_json);
+-	set_handler_callback(LIST+CONFIG+LOCAL, cli_list_config_local);
+-	set_handler_callback(LIST+CONFIG, cli_list_config);
+-	set_handler_callback(LIST+BLACKLIST, cli_list_blacklist);
+-	set_handler_callback(LIST+DEVICES, cli_list_devices);
+-	set_handler_callback(LIST+WILDCARDS, cli_list_wildcards);
+-	set_handler_callback(RESET+MAPS+STATS, cli_reset_maps_stats);
+-	set_handler_callback(RESET+MAP+STATS, cli_reset_map_stats);
+-	set_handler_callback(ADD+PATH, cli_add_path);
+-	set_handler_callback(DEL+PATH, cli_del_path);
+-	set_handler_callback(ADD+MAP, cli_add_map);
+-	set_handler_callback(DEL+MAP, cli_del_map);
+-	set_handler_callback(SWITCH+MAP+GROUP, cli_switch_group);
++	set_handler_callback(LIST|PATHS, cli_list_paths);
++	set_handler_callback(LIST|PATHS|FMT, cli_list_paths_fmt);
++	set_handler_callback(LIST|PATHS|RAW|FMT, cli_list_paths_raw);
++	set_handler_callback(LIST|PATH, cli_list_path);
++	set_handler_callback(LIST|MAPS, cli_list_maps);
++	set_handler_callback(LIST|STATUS, cli_list_status);
++	set_unlocked_handler_callback(LIST|DAEMON, cli_list_daemon);
++	set_handler_callback(LIST|MAPS|STATUS, cli_list_maps_status);
++	set_handler_callback(LIST|MAPS|STATS, cli_list_maps_stats);
++	set_handler_callback(LIST|MAPS|FMT, cli_list_maps_fmt);
++	set_handler_callback(LIST|MAPS|RAW|FMT, cli_list_maps_raw);
++	set_handler_callback(LIST|MAPS|TOPOLOGY, cli_list_maps_topology);
++	set_handler_callback(LIST|TOPOLOGY, cli_list_maps_topology);
++	set_handler_callback(LIST|MAPS|JSON, cli_list_maps_json);
++	set_handler_callback(LIST|MAP|TOPOLOGY, cli_list_map_topology);
++	set_handler_callback(LIST|MAP|FMT, cli_list_map_fmt);
++	set_handler_callback(LIST|MAP|RAW|FMT, cli_list_map_fmt);
++	set_handler_callback(LIST|MAP|JSON, cli_list_map_json);
++	set_handler_callback(LIST|CONFIG|LOCAL, cli_list_config_local);
++	set_handler_callback(LIST|CONFIG, cli_list_config);
++	set_handler_callback(LIST|BLACKLIST, cli_list_blacklist);
++	set_handler_callback(LIST|DEVICES, cli_list_devices);
++	set_handler_callback(LIST|WILDCARDS, cli_list_wildcards);
++	set_handler_callback(RESET|MAPS|STATS, cli_reset_maps_stats);
++	set_handler_callback(RESET|MAP|STATS, cli_reset_map_stats);
++	set_handler_callback(ADD|PATH, cli_add_path);
++	set_handler_callback(DEL|PATH, cli_del_path);
++	set_handler_callback(ADD|MAP, cli_add_map);
++	set_handler_callback(DEL|MAP, cli_del_map);
++	set_handler_callback(SWITCH|MAP|GROUP, cli_switch_group);
+	set_unlocked_handler_callback(RECONFIGURE, cli_reconfigure);
+-	set_handler_callback(SUSPEND+MAP, cli_suspend);
+-	set_handler_callback(RESUME+MAP, cli_resume);
+-	set_handler_callback(RESIZE+MAP, cli_resize);
+-	set_handler_callback(RELOAD+MAP, cli_reload);
+-	set_handler_callback(RESET+MAP, cli_reassign);
+-	set_handler_callback(REINSTATE+PATH, cli_reinstate);
+-	set_handler_callback(FAIL+PATH, cli_fail);
+-	set_handler_callback(DISABLEQ+MAP, cli_disable_queueing);
+-	set_handler_callback(RESTOREQ+MAP, cli_restore_queueing);
+-	set_handler_callback(DISABLEQ+MAPS, cli_disable_all_queueing);
+-	set_handler_callback(RESTOREQ+MAPS, cli_restore_all_queueing);
++	set_handler_callback(SUSPEND|MAP, cli_suspend);
++	set_handler_callback(RESUME|MAP, cli_resume);
++	set_handler_callback(RESIZE|MAP, cli_resize);
++	set_handler_callback(RELOAD|MAP, cli_reload);
++	set_handler_callback(RESET|MAP, cli_reassign);
++	set_handler_callback(REINSTATE|PATH, cli_reinstate);
++	set_handler_callback(FAIL|PATH, cli_fail);
++	set_handler_callback(DISABLEQ|MAP, cli_disable_queueing);
++	set_handler_callback(RESTOREQ|MAP, cli_restore_queueing);
++	set_handler_callback(DISABLEQ|MAPS, cli_disable_all_queueing);
++	set_handler_callback(RESTOREQ|MAPS, cli_restore_all_queueing);
+	set_unlocked_handler_callback(QUIT, cli_quit);
+	set_unlocked_handler_callback(SHUTDOWN, cli_shutdown);
+-	set_handler_callback(GETPRSTATUS+MAP, cli_getprstatus);
+-	set_handler_callback(SETPRSTATUS+MAP, cli_setprstatus);
+-	set_handler_callback(UNSETPRSTATUS+MAP, cli_unsetprstatus);
+-	set_handler_callback(FORCEQ+DAEMON, cli_force_no_daemon_q);
+-	set_handler_callback(RESTOREQ+DAEMON, cli_restore_no_daemon_q);
+-	set_handler_callback(GETPRKEY+MAP, cli_getprkey);
+-	set_handler_callback(SETPRKEY+MAP+KEY, cli_setprkey);
+-	set_handler_callback(UNSETPRKEY+MAP, cli_unsetprkey);
+-	set_handler_callback(SETMARGINAL+PATH, cli_set_marginal);
+-	set_handler_callback(UNSETMARGINAL+PATH, cli_unset_marginal);
+-	set_handler_callback(UNSETMARGINAL+MAP, cli_unset_all_marginal);
++	set_handler_callback(GETPRSTATUS|MAP, cli_getprstatus);
++	set_handler_callback(SETPRSTATUS|MAP, cli_setprstatus);
++	set_handler_callback(UNSETPRSTATUS|MAP, cli_unsetprstatus);
++	set_handler_callback(FORCEQ|DAEMON, cli_force_no_daemon_q);
++	set_handler_callback(RESTOREQ|DAEMON, cli_restore_no_daemon_q);
++	set_handler_callback(GETPRKEY|MAP, cli_getprkey);
++	set_handler_callback(SETPRKEY|MAP|KEY, cli_setprkey);
++	set_handler_callback(UNSETPRKEY|MAP, cli_unsetprkey);
++	set_handler_callback(SETMARGINAL|PATH, cli_set_marginal);
++	set_handler_callback(UNSETMARGINAL|PATH, cli_unset_marginal);
++	set_handler_callback(UNSETMARGINAL|MAP, cli_unset_all_marginal);
+
+	umask(077);
+	uxsock_listen(&uxsock_trigger, ux_sock, ap);
+--
+2.31.1
diff --git a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
index 5a8db08771..0d51263f66 100644
--- a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
+++ b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
@@ -48,6 +48,8 @@ SRC_URI = "git://github.com/opensvc/multipath-tools.git;protocol=http;branch=mas
            file://0001-add-explicit-dependency-on-libraries.patch \
            file://0001-fix-boolean-value-with-json-c-0.14.patch \
            file://0001-libmultipath-uevent.c-fix-error-handling-for-udev_mo.patch \
+           file://0001-multipath-tools-use-run-instead-of-dev-shm.patch \
+	   file://CVE-2022-41974.patch \
            "
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
@@ -120,3 +122,6 @@ FILES:kpartx = "${base_sbindir}/kpartx \
 
 RDEPENDS:${PN} += "kpartx"
 PARALLEL_MAKE = ""
+
+FILES:${PN}-libs += "usr/lib/*.so.*"
+FILES:${PN}-libs += "usr/lib/tmpfiles.d/*"
diff --git a/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch b/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch
index eb6174a7b0..950fae667a 100644
--- a/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch
+++ b/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch
@@ -18,7 +18,12 @@ diff --git a/nss/coreconf/arch.mk b/nss/coreconf/arch.mk
 index 2012d18..78fca62 100644
 --- a/nss/coreconf/arch.mk
 +++ b/nss/coreconf/arch.mk
-@@ -30,7 +30,7 @@ OS_TEST := $(shell uname -m)
+@@ -26,11 +26,11 @@ OS_ARCH := $(subst /,_,$(shell uname -s)
+ # Attempt to differentiate between sparc and x86 Solaris
+ #
+ 
+-OS_TEST := $(shell uname -m)
++OS_TEST ?= $(shell uname -m)
  ifeq ($(OS_TEST),i86pc)
      OS_RELEASE := $(shell uname -r)_$(OS_TEST)
  else
diff --git a/meta-oe/recipes-support/opencv/opencv/CVE-2023-2617.patch b/meta-oe/recipes-support/opencv/opencv/CVE-2023-2617.patch
new file mode 100644
index 0000000000..e5eafd4790
--- /dev/null
+++ b/meta-oe/recipes-support/opencv/opencv/CVE-2023-2617.patch
@@ -0,0 +1,88 @@
+commit ccc277247ac1a7aef0a90353edcdec35fbc5903c
+Author: Nano <nanoapezlk@gmail.com>
+Date:   Wed Apr 26 15:09:52 2023 +0800
+
+    fix(wechat_qrcode): Init nBytes after the count value is determined (#3480)
+
+    * fix(wechat_qrcode): Initialize nBytes after the count value is determined
+
+    * fix(wechat_qrcode): Incorrect count data repair
+
+    * chore: format expr
+
+    * fix(wechat_qrcode): Avoid null pointer exception
+
+    * fix(wechat_qrcode): return when bytes_ is empty
+
+    * test(wechat_qrcode): add test case
+
+    ---------
+
+    Co-authored-by: GZTime <Time.GZ@outlook.com>
+
+CVE: CVE-2023-2617
+
+Upstream-Status: Backport [https://github.com/opencv/opencv_contrib/commit/ccc277247ac1a7aef0a90353edcdec35fbc5903c]
+
+Signed-off-by: Soumya <soumya.sambu@windriver.com>
+---
+
+diff --git a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+index 05de793c..b3a0a69c 100644
+--- a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
++++ b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+@@ -65,7 +65,8 @@ void DecodedBitStreamParser::append(std::string& result, string const& in,
+
+ void DecodedBitStreamParser::append(std::string& result, const char* bufIn, size_t nIn,
+                                     ErrorHandler& err_handler) {
+-    if (err_handler.ErrCode()) return;
++    // avoid null pointer exception
++    if (err_handler.ErrCode() || bufIn == nullptr) return;
+ #ifndef NO_ICONV_INSIDE
+     if (nIn == 0) {
+         return;
+@@ -190,16 +191,20 @@ void DecodedBitStreamParser::decodeByteSegment(Ref<BitSource> bits_, string& res
+                                                CharacterSetECI* currentCharacterSetECI,
+                                                ArrayRef<ArrayRef<char> >& byteSegments,
+                                                ErrorHandler& err_handler) {
+-    int nBytes = count;
+     BitSource& bits(*bits_);
+     // Don't crash trying to read more bits than we have available.
+     int available = bits.available();
+     // try to repair count data if count data is invalid
+     if (count * 8 > available) {
+-        count = (available + 7 / 8);
++        count = (available + 7) / 8;
+     }
++    size_t nBytes = count;
++
++    ArrayRef<char> bytes_(nBytes);
++    // issue https://github.com/opencv/opencv_contrib/issues/3478
++    if (bytes_->empty())
++        return;
+
+-    ArrayRef<char> bytes_(count);
+     char* readBytes = &(*bytes_)[0];
+     for (int i = 0; i < count; i++) {
+         //    readBytes[i] = (char) bits.readBits(8);
+diff --git a/modules/wechat_qrcode/test/test_qrcode.cpp b/modules/wechat_qrcode/test/test_qrcode.cpp
+index d59932b8..ec2559b0 100644
+--- a/modules/wechat_qrcode/test/test_qrcode.cpp
++++ b/modules/wechat_qrcode/test/test_qrcode.cpp
+@@ -289,5 +289,16 @@ TEST_P(Objdetect_QRCode_Multi, regression) {
+ INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Curved, testing::ValuesIn(qrcode_images_curved));
+ // INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Multi, testing::ValuesIn(qrcode_images_multiple));
+
++TEST(Objdetect_QRCode_bug, issue_3478) {
++    auto detector = wechat_qrcode::WeChatQRCode();
++    std::string image_path = findDataFile("qrcode/issue_3478.png");
++    Mat src = imread(image_path, IMREAD_GRAYSCALE);
++    ASSERT_FALSE(src.empty()) << "Can't read image: " << image_path;
++    std::vector<std::string> outs = detector.detectAndDecode(src);
++    ASSERT_EQ(1, (int) outs.size());
++    ASSERT_EQ(16, (int) outs[0].size());
++    ASSERT_EQ("KFCVW50         ", outs[0]);
++}
++
+ }  // namespace
+ }  // namespace opencv_test
diff --git a/meta-oe/recipes-support/opencv/opencv/CVE-2023-2618.patch b/meta-oe/recipes-support/opencv/opencv/CVE-2023-2618.patch
new file mode 100644
index 0000000000..4cd3003e3c
--- /dev/null
+++ b/meta-oe/recipes-support/opencv/opencv/CVE-2023-2618.patch
@@ -0,0 +1,32 @@
+From 2b62ff6181163eea029ed1cab11363b4996e9cd6 Mon Sep 17 00:00:00 2001
+From: Nano <nanoapezlk@gmail.com>
+Date: Thu, 27 Apr 2023 17:38:35 +0800
+Subject: [PATCH] fix(wechat_qrcode): fixed memory leaks
+
+CVE: CVE-2023-2618
+
+Upstream-Status: Backport [https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ .../src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp   | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+index b3a0a69c..f02435d5 100644
+--- a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
++++ b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+@@ -127,7 +127,10 @@ void DecodedBitStreamParser::decodeHanziSegment(Ref<BitSource> bits_, string& re
+     while (count > 0) {
+         // Each 13 bits encodes a 2-byte character
+         int twoBytes = bits.readBits(13, err_handler);
+-        if (err_handler.ErrCode()) return;
++        if (err_handler.ErrCode()) {
++            delete[] buffer;
++            return;
++        }
+         int assembledTwoBytes = ((twoBytes / 0x060) << 8) | (twoBytes % 0x060);
+         if (assembledTwoBytes < 0x003BF) {
+             // In the 0xA1A1 to 0xAAFE range
+--
+2.40.0
diff --git a/meta-oe/recipes-support/opencv/opencv_4.5.5.bb b/meta-oe/recipes-support/opencv/opencv_4.5.5.bb
index e4fb676f7e..5b5685f990 100644
--- a/meta-oe/recipes-support/opencv/opencv_4.5.5.bb
+++ b/meta-oe/recipes-support/opencv/opencv_4.5.5.bb
@@ -39,12 +39,12 @@ IPP_MD5 = "${@ipp_md5sum(d)}"
 
 SRCREV_FORMAT = "opencv_contrib_ipp_boostdesc_vgg"
 SRC_URI = "git://github.com/opencv/opencv.git;name=opencv;branch=master;protocol=https \
-           git://github.com/opencv/opencv_contrib.git;destsuffix=contrib;name=contrib;branch=master;protocol=https \
-           git://github.com/opencv/opencv_3rdparty.git;branch=ippicv/master_20191018;destsuffix=ipp;name=ipp;protocol=https \
-           git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_boostdesc_20161012;destsuffix=boostdesc;name=boostdesc;protocol=https \
-           git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_vgg_20160317;destsuffix=vgg;name=vgg;protocol=https \
-           git://github.com/opencv/opencv_3rdparty.git;branch=contrib_face_alignment_20170818;destsuffix=face;name=face;protocol=https \
-           git://github.com/WeChatCV/opencv_3rdparty.git;branch=wechat_qrcode;destsuffix=wechat_qrcode;name=wechat-qrcode;protocol=https \
+           git://github.com/opencv/opencv_contrib.git;destsuffix=git/contrib;name=contrib;branch=master;protocol=https \
+           git://github.com/opencv/opencv_3rdparty.git;branch=ippicv/master_20191018;destsuffix=git/ipp;name=ipp;protocol=https \
+           git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_boostdesc_20161012;destsuffix=git/boostdesc;name=boostdesc;protocol=https \
+           git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_vgg_20160317;destsuffix=git/vgg;name=vgg;protocol=https \
+           git://github.com/opencv/opencv_3rdparty.git;branch=contrib_face_alignment_20170818;destsuffix=git/face;name=face;protocol=https \
+           git://github.com/WeChatCV/opencv_3rdparty.git;branch=wechat_qrcode;destsuffix=git/wechat_qrcode;name=wechat-qrcode;protocol=https \
            file://0001-3rdparty-ippicv-Use-pre-downloaded-ipp.patch \
            file://0003-To-fix-errors-as-following.patch \
            file://0001-Temporarliy-work-around-deprecated-ffmpeg-RAW-functi.patch \
@@ -52,8 +52,10 @@ SRC_URI = "git://github.com/opencv/opencv.git;name=opencv;branch=master;protocol
            file://download.patch \
            file://0001-Make-ts-module-external.patch \
            file://0001-core-vsx-update-vec_absd-workaround-condition.patch \
+           file://CVE-2023-2617.patch;patchdir=contrib \
+           file://CVE-2023-2618.patch;patchdir=contrib \
            "
-SRC_URI:append:riscv64 = " file://0001-Use-Os-to-compile-tinyxml2.cpp.patch;patchdir=../contrib"
+SRC_URI:append:riscv64 = " file://0001-Use-Os-to-compile-tinyxml2.cpp.patch;patchdir=contrib"
 
 S = "${WORKDIR}/git"
 
@@ -62,7 +64,7 @@ S = "${WORKDIR}/git"
 OPENCV_DLDIR = "${WORKDIR}/downloads"
 
 do_unpack_extra() {
-    tar xzf ${WORKDIR}/ipp/ippicv/${IPP_FILENAME} -C ${WORKDIR}
+    tar xzf ${S}/ipp/ippicv/${IPP_FILENAME} -C ${S}
 
     md5() {
         # Return the MD5 of $1
@@ -77,22 +79,22 @@ do_unpack_extra() {
             test -e $DEST || ln -s $F $DEST
         done
     }
-    cache xfeatures2d/boostdesc ${WORKDIR}/boostdesc/*.i
-    cache xfeatures2d/vgg ${WORKDIR}/vgg/*.i
-    cache data ${WORKDIR}/face/*.dat
-    cache wechat_qrcode ${WORKDIR}/wechat_qrcode/*.caffemodel
-    cache wechat_qrcode ${WORKDIR}/wechat_qrcode/*.prototxt
+    cache xfeatures2d/boostdesc ${S}/boostdesc/*.i
+    cache xfeatures2d/vgg ${S}/vgg/*.i
+    cache data ${S}/face/*.dat
+    cache wechat_qrcode ${S}/wechat_qrcode/*.caffemodel
+    cache wechat_qrcode ${S}/wechat_qrcode/*.prototxt
 }
 addtask unpack_extra after do_unpack before do_patch
 
 CMAKE_VERBOSE = "VERBOSE=1"
 
-EXTRA_OECMAKE = "-DOPENCV_EXTRA_MODULES_PATH=${WORKDIR}/contrib/modules \
+EXTRA_OECMAKE = "-DOPENCV_EXTRA_MODULES_PATH=${S}/contrib/modules \
     -DWITH_1394=OFF \
     -DENABLE_PRECOMPILED_HEADERS=OFF \
     -DCMAKE_SKIP_RPATH=ON \
     -DOPENCV_ICV_HASH=${IPP_MD5} \
-    -DIPPROOT=${WORKDIR}/ippicv_lnx \
+    -DIPPROOT=${S}/ippicv_lnx \
     -DOPENCV_GENERATE_PKGCONFIG=ON \
     -DOPENCV_DOWNLOAD_PATH=${OPENCV_DLDIR} \
     -DOPENCV_ALLOW_DOWNLOADS=OFF \
diff --git a/meta-oe/recipes-support/openldap/openldap/0001-ldif-filter-fix-parallel-build-failure.patch b/meta-oe/recipes-support/openldap/openldap/0001-ldif-filter-fix-parallel-build-failure.patch
deleted file mode 100644
index b42bd9764f..0000000000
--- a/meta-oe/recipes-support/openldap/openldap/0001-ldif-filter-fix-parallel-build-failure.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 9e4ccd1e78ceac8de1ab66ee62ee216f1fbd4956 Mon Sep 17 00:00:00 2001
-From: Yi Zhao <yi.zhao@windriver.com>
-Date: Thu, 2 Dec 2021 11:38:15 +0800
-Subject: [PATCH] ldif-filter: fix parallel build failure
-
-Add slapd-common.o as dependency for ldif-filter to fix the parallel
-build failure:
-  ld: cannot find slapd-common.o: No such file or directory
-
-Upstream-Status: Pending
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- tests/progs/Makefile.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/progs/Makefile.in b/tests/progs/Makefile.in
-index 13f1e8be2..e4f4ccf98 100644
---- a/tests/progs/Makefile.in
-+++ b/tests/progs/Makefile.in
-@@ -56,7 +56,7 @@ slapd-modify: slapd-modify.o $(OBJS) $(XLIBS)
- slapd-bind: slapd-bind.o $(OBJS) $(XLIBS)
- 	$(LTLINK) -o $@ slapd-bind.o $(OBJS) $(LIBS)
- 
--ldif-filter: ldif-filter.o $(XLIBS)
-+ldif-filter: ldif-filter.o $(OBJS) $(XLIBS)
- 	$(LTLINK) -o $@ ldif-filter.o $(OBJS) $(LIBS)
- 
- slapd-mtread: slapd-mtread.o $(OBJS) $(XLIBS)
--- 
-2.25.1
-
diff --git a/meta-oe/recipes-support/openldap/openldap/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch b/meta-oe/recipes-support/openldap/openldap/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch
deleted file mode 100644
index 552726bb0a..0000000000
--- a/meta-oe/recipes-support/openldap/openldap/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 690f69791eb6cd0d7e94b4d73219ee864de27f62 Mon Sep 17 00:00:00 2001
-From: Yi Zhao <yi.zhao@windriver.com>
-Date: Mon, 10 Jan 2022 10:13:51 +0800
-Subject: [PATCH] libraries/Makefile.in: ignore the mkdir errors
-
-Ignore the mkdir errors to fix the parallel build failure:
-
-../../build/shtool mkdir -p TOPDIR/tmp-glibc/work/cortexa15t2hf-neon-wrs-linux-gnueabi/openldap/2.5.9-r0/image/usr/lib
-mkdir: cannot create directory 'TOPDIR/tmp-glibc/work/cortexa15t2hf-neon-wrs-linux-gnueabi/openldap/2.5.9-r0/image/usr/lib': File exists
-
-Upstream-Status: Pending
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- libraries/Makefile.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libraries/Makefile.in b/libraries/Makefile.in
-index d9cb2ff..c6b251f 100644
---- a/libraries/Makefile.in
-+++ b/libraries/Makefile.in
-@@ -24,7 +24,7 @@ PKGCONFIG_DIR=$(DESTDIR)$(libdir)/pkgconfig
- PKGCONFIG_SRCDIRS=liblber libldap
- 
- install-local:
--	@$(MKDIR) $(PKGCONFIG_DIR)
-+	@-$(MKDIR) $(PKGCONFIG_DIR)
- 	@for i in $(PKGCONFIG_SRCDIRS); do \
- 	    $(INSTALL_DATA) $$i/*.pc $(PKGCONFIG_DIR); \
- 	done
--- 
-2.17.1
-
diff --git a/meta-oe/recipes-support/openldap/openldap/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch b/meta-oe/recipes-support/openldap/openldap/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch
deleted file mode 100644
index bcd1525b67..0000000000
--- a/meta-oe/recipes-support/openldap/openldap/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 79381ab335898c9184e22dd25b544adefa9bf6c5 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 7 Feb 2022 16:26:57 -0800
-Subject: [PATCH] librewrite: include ldap_pvt_thread.h before redefining
- calloc
-
-This helps compiling with musl, where sched.h is included by
-ldap_pvt_thread.h which provides prototype for calloc() and conflicts
-
-/usr/include/sched.h:84:7: error: conflicting types for 'ber_memcalloc'
-| void *calloc(size_t, size_t);
-|       ^1
-|  warning and 1 error generated.
-| ./rewrite-int.h:44:21: note: expanded from macro 'calloc'
-| #define calloc(x,y)     ber_memcalloc(x,y)
-|                         ^
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- libraries/librewrite/rewrite-int.h | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/libraries/librewrite/rewrite-int.h b/libraries/librewrite/rewrite-int.h
-index 4481dd3..5ec226d 100644
---- a/libraries/librewrite/rewrite-int.h
-+++ b/libraries/librewrite/rewrite-int.h
-@@ -40,6 +40,11 @@
- 
- #include <rewrite.h>
- 
-+#ifndef NO_THREADS
-+#define USE_REWRITE_LDAP_PVT_THREADS
-+#include <ldap_pvt_thread.h>
-+#endif
-+
- #define malloc(x)	ber_memalloc(x)
- #define calloc(x,y)	ber_memcalloc(x,y)
- #define realloc(x,y)	ber_memrealloc(x,y)
-@@ -47,11 +52,6 @@
- #undef strdup
- #define	strdup(x)	ber_strdup(x)
- 
--#ifndef NO_THREADS
--#define USE_REWRITE_LDAP_PVT_THREADS
--#include <ldap_pvt_thread.h>
--#endif
--
- /*
-  * For details, see RATIONALE.
-  */
--- 
-2.35.1
-
diff --git a/meta-oe/recipes-support/openldap/openldap_2.5.12.bb b/meta-oe/recipes-support/openldap/openldap_2.5.16.bb
index e4475e5069..9e9d05917d 100644
--- a/meta-oe/recipes-support/openldap/openldap_2.5.12.bb
+++ b/meta-oe/recipes-support/openldap/openldap_2.5.16.bb
@@ -19,13 +19,10 @@ SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$
     file://initscript \
     file://slapd.service \
     file://remove-user-host-pwd-from-version.patch \
-    file://0001-ldif-filter-fix-parallel-build-failure.patch \
     file://0001-build-top.mk-unset-STRIP_OPTS.patch \
-    file://0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch \
-    file://0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch \
 "
 
-SRC_URI[sha256sum] = "d5086cbfc49597fa7d0670a429a9054552d441b16ee8b2435412797ab0e37b96"
+SRC_URI[sha256sum] = "546ba591822e8bb0e467d40c4d4a30f89d937c3a507fe83a578f582f6a211327"
 
 DEPENDS = "util-linux groff-native"
 
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch b/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch
new file mode 100644
index 0000000000..6a635a7ce6
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch
@@ -0,0 +1,53 @@
+commit 81944d1529202bd28359bede57c0a15deb65ba8a
+Author: fullwaywang <fullwaywang@tencent.com>
+Date:   Mon May 29 10:38:48 2023 +0800
+Subject: [PATCH] pkcs15init: correct left length calculation to fix buffer overrun bug.
+
+    Fixes #2785
+
+CVE: CVE-2023-2977
+
+Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/pull/2787/commits/3bf3ab2f9091f984cda6dd910654ccbbe3f06a40]
+
+Signed-off-by: Soumya <soumya.sambu@windriver.com>
+---
+
+diff --git a/src/pkcs15init/pkcs15-cardos.c b/src/pkcs15init/pkcs15-cardos.c
+index 9715cf39..f41f73c3 100644
+--- a/src/pkcs15init/pkcs15-cardos.c
++++ b/src/pkcs15init/pkcs15-cardos.c
+@@ -872,7 +872,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card)
+	sc_apdu_t apdu;
+         u8        rbuf[SC_MAX_APDU_BUFFER_SIZE];
+         int       r;
+-	const u8  *p = rbuf, *q;
++	const u8  *p = rbuf, *q, *pp;
+	size_t    len, tlen = 0, ilen = 0;
+
+	sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x88);
+@@ -888,13 +888,13 @@ static int cardos_have_verifyrc_package(sc_card_t *card)
+		return 0;
+
+	while (len != 0) {
+-		p = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen);
+-		if (p == NULL)
++		pp = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen);
++		if (pp == NULL)
+			return 0;
+		if (card->type == SC_CARD_TYPE_CARDOS_M4_3)	{
+			/* the verifyRC package on CardOS 4.3B use Manufacturer ID 0x01	*/
+			/* and Package Number 0x07					*/
+-			q = sc_asn1_find_tag(card->ctx, p, tlen, 0x01, &ilen);
++			q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x01, &ilen);
+			if (q == NULL || ilen != 4)
+				return 0;
+			if (q[0] == 0x07)
+@@ -902,7 +902,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card)
+		} else if (card->type == SC_CARD_TYPE_CARDOS_M4_4)	{
+			/* the verifyRC package on CardOS 4.4 use Manufacturer ID 0x03	*/
+			/* and Package Number 0x02					*/
+-			q = sc_asn1_find_tag(card->ctx, p, tlen, 0x03, &ilen);
++			q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x03, &ilen);
+			if (q == NULL || ilen != 4)
+				return 0;
+			if (q[0] == 0x02)
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40660.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40660.patch
new file mode 100644
index 0000000000..74e547298f
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40660.patch
@@ -0,0 +1,55 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/868f76fb31255fd3fdacfc3e476452efeb61c3e7
+From: Frank Morgner <frankmorgner@gmail.com>
+Date: Wed, 21 Jun 2023 12:27:23 +0200
+Subject: Fixed PIN authentication bypass
+
+If two processes are accessing a token, then one process may leave the
+card usable with an authenticated PIN so that a key may sign/decrypt any
+data. This is especially the case if the token does not support a way of
+resetting the authentication status (logout).
+
+We have some tracking of the authentication status in software via
+PKCS#11, Minidriver (os-wise) and CryptoTokenKit, which is why a
+PIN-prompt will appear even though the card may technically be unlocked
+as described in the above example. However, before this change, an empty
+PIN was not verified (likely yielding an error during PIN-verification),
+but it was just checked whether the PIN is authenticated. This defeats
+the purpose of the PIN verification, because an empty PIN is not the
+correct one. Especially during OS Logon, we don't want that kind of
+shortcut, but we want the user to verify the correct PIN (even though
+the token was left unattended and authentication at the computer).
+
+This essentially reverts commit e6f7373ef066cfab6e3162e8b5f692683db23864.
+
+CVE: CVE-2023-40660
+Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/940e8bc764047c873f88bb1396933a5368d03533]
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+---
+ src/libopensc/pkcs15-pin.c | 13 -------------
+ 1 file changed, 13 deletions(-)
+
+diff --git a/src/libopensc/pkcs15-pin.c b/src/libopensc/pkcs15-pin.c
+index 80a185fecd..393234efe4 100644
+--- a/src/libopensc/pkcs15-pin.c
++++ b/src/libopensc/pkcs15-pin.c
+@@ -307,19 +307,6 @@
+ 		LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_PIN_REFERENCE);
+ 	auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
+ 
+-	/*
+-	 * if pin cache is disabled, we can get here with no PIN data.
+-	 * in this case, to avoid error or unnecessary pin prompting on pinpad,
+-	 * check if the PIN has been already verified and the access condition
+-	 * is still open on card.
+-	 */
+-	if (pinlen == 0) {
+-	    r = sc_pkcs15_get_pin_info(p15card, pin_obj);
+-
+-	    if (r == SC_SUCCESS && auth_info->logged_in == SC_PIN_STATE_LOGGED_IN)
+-		LOG_FUNC_RETURN(ctx, r);
+-	}
+-
+ 	r = _validate_pin(p15card, auth_info, pinlen);
+ 
+ 	if (r)
+
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-1.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-1.patch
new file mode 100644
index 0000000000..3ecff558cf
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-1.patch
@@ -0,0 +1,47 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/245efe608d083fd4e4ec96793fdefd218e26fde7
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 17 Aug 2023 13:54:42 +0200
+Subject: pkcs15: Avoid buffer overflow when getting last update
+
+Thanks oss-fuzz
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60769
+
+CVE: CVE-2023-40661
+Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50]
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Hunk refreshed based on codebase.
+
+---
+ src/libopensc/pkcs15.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/src/libopensc/pkcs15.c b/src/libopensc/pkcs15.c
+index eb7fc6afcd..4215b733a8 100644
+--- a/src/libopensc/pkcs15.c
++++ b/src/libopensc/pkcs15.c
+@@ -528,7 +528,7 @@
+ 	struct sc_context *ctx  = p15card->card->ctx;
+ 	struct sc_file *file = NULL;
+ 	struct sc_asn1_entry asn1_last_update[C_ASN1_LAST_UPDATE_SIZE];
+-	unsigned char *content, last_update[32];
++        unsigned char *content, last_update[32] = {0};
+ 	size_t lupdate_len = sizeof(last_update) - 1;
+ 	int r, content_len;
+ 	size_t size;
+@@ -564,9 +564,11 @@
+ 	if (r < 0)
+ 		return NULL;
+ 
+-	p15card->tokeninfo->last_update.gtime = strdup((char *)last_update);
+-	if (!p15card->tokeninfo->last_update.gtime)
+-		return NULL;
++        if (asn1_last_update[0].flags & SC_ASN1_PRESENT) {
++                p15card->tokeninfo->last_update.gtime = strdup((char *)last_update);
++                if (!p15card->tokeninfo->last_update.gtime)
++                        return NULL;
++        }
+ done:
+ 	sc_log(ctx, "lastUpdate.gtime '%s'", p15card->tokeninfo->last_update.gtime);
+ 	return p15card->tokeninfo->last_update.gtime;
+
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-2.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-2.patch
new file mode 100644
index 0000000000..39e729c5a9
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-2.patch
@@ -0,0 +1,32 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/440ca666eff10cc7011901252d20f3fc4ea23651
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 17 Aug 2023 13:41:36 +0200
+Subject: setcos: Avoid buffer underflow
+
+Thanks oss-fuzz
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60672
+CVE: CVE-2023-40661
+Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50]
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Hunk refreshed based on codebase.
+---
+ src/pkcs15init/pkcs15-setcos.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/pkcs15init/pkcs15-setcos.c b/src/pkcs15init/pkcs15-setcos.c
+index 1b56afe6d9..1907b47f9d 100644
+--- a/src/pkcs15init/pkcs15-setcos.c
++++ b/src/pkcs15init/pkcs15-setcos.c
+@@ -346,6 +346,10 @@
+ 
+ 	/* Replace the path of instantiated key template by the path from the object data. */
+         memcpy(&file->path, &key_info->path, sizeof(file->path));
++	if (file->path.len < 2) {
++		sc_file_free(file);
++		LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid path");
++	}
+         file->id = file->path.value[file->path.len - 2] * 0x100
+ 		+ file->path.value[file->path.len - 1];
+ 
+
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-3.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-3.patch
new file mode 100644
index 0000000000..7950cf91df
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-3.patch
@@ -0,0 +1,31 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/41d61da8481582e12710b5858f8b635e0a71ab5e
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 20 Sep 2023 10:13:57 +0200
+Subject: oberthur: Avoid buffer overflow
+
+Thanks oss-fuzz
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60650
+CVE: CVE-2023-40661
+Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50]
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Hunk refreshed based on codebase.
+---
+ src/pkcs15init/pkcs15-oberthur.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/pkcs15init/pkcs15-oberthur.c b/src/pkcs15init/pkcs15-oberthur.c
+index ad2cabd530..c441ab1e76 100644
+--- a/src/pkcs15init/pkcs15-oberthur.c
++++ b/src/pkcs15init/pkcs15-oberthur.c
+@@ -688,6 +688,9 @@
+ 	if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
+ 		LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Create key failed: RSA only supported");
+ 
++	if (key_info->path.len < 2)
++		LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_VALID, "The path needs to be at least to bytes long");
++
+ 	sc_log(ctx,  "create private key ID:%s",  sc_pkcs15_print_id(&key_info->id));
+ 	/* Here, the path of private key file should be defined.
+ 	 * Nevertheless, we need to instantiate private key to get the ACLs. */
+
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-4.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-4.patch
new file mode 100644
index 0000000000..797f8ad3b1
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-4.patch
@@ -0,0 +1,28 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/578aed8391ef117ca64a9e0cba8e5c264368a0ec
+From: Frank Morgner <frankmorgner@gmail.com>
+Date: Thu, 8 Dec 2022 00:27:18 +0100
+Subject: sc_pkcs15init_rmdir: prevent out of bounds write
+
+fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53927
+CVE: CVE-2023-40661
+Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50]
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Hunk refreshed based on codebase.
+---
+ src/pkcs15init/pkcs15-lib.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
+index 91cee37310..3df03c6e1f 100644
+--- a/src/pkcs15init/pkcs15-lib.c
++++ b/src/pkcs15init/pkcs15-lib.c
+@@ -666,6 +666,8 @@
+ 
+ 		path = df->path;
+ 		path.len += 2;
++		if (path.len > SC_MAX_PATH_SIZE)
++			return SC_ERROR_INTERNAL;
+ 
+ 		nfids = r / 2;
+ 		while (r >= 0 && nfids--) {
+
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-5.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-5.patch
new file mode 100644
index 0000000000..e173e65575
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-5.patch
@@ -0,0 +1,30 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/c449a181a6988cc1e8dc8764d23574e48cdc3fa6
+From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
+Date: Mon, 19 Jun 2023 16:14:51 +0200
+Subject: pkcs15-cflex: check path length to prevent underflow
+
+Thanks OSS-Fuzz
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58932
+CVE: CVE-2023-40661
+Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50]
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Hunk refreshed based on codebase.
+---
+ src/pkcs15init/pkcs15-cflex.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/pkcs15init/pkcs15-cflex.c b/src/pkcs15init/pkcs15-cflex.c
+index d06568073d..ce1d48e62c 100644
+--- a/src/pkcs15init/pkcs15-cflex.c
++++ b/src/pkcs15init/pkcs15-cflex.c
+@@ -56,6 +56,9 @@
+         int             r = 0;
+         /* Select the parent DF */
+         path = df->path;
++		if (path.len < 2) {
++			return SC_ERROR_INVALID_ARGUMENTS;
++		}
+         path.len -= 2;
+         r = sc_select_file(p15card->card, &path, &parent);
+         if (r < 0)
+
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-6.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-6.patch
new file mode 100644
index 0000000000..abb524de29
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-6.patch
@@ -0,0 +1,30 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/df5a176bfdf8c52ba89c7fef1f82f6f3b9312bc1
+From: Veronika Hanulikova <xhanulik@fi.muni.cz>
+Date: Fri, 10 Feb 2023 11:47:34 +0100
+Subject: Check array bounds
+
+Thanks OSS-Fuzz
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54312
+CVE: CVE-2023-40661
+Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50]
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Hunk refreshed based on codebase.
+---
+ src/libopensc/muscle.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/libopensc/muscle.c b/src/libopensc/muscle.c
+index 61a4ec24d8..9d01e0c113 100644
+--- a/src/libopensc/muscle.c
++++ b/src/libopensc/muscle.c
+@@ -183,6 +183,9 @@
+ 	sc_apdu_t apdu;
+ 	int r;
+ 
++	if (dataLength + 9 > MSC_MAX_APDU)
++		return SC_ERROR_INVALID_ARGUMENTS;
++
+ 	sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x54, 0x00, 0x00);
+ 	apdu.lc = dataLength + 9;
+ 	if (card->ctx->debug >= 2)
+
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-7.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-7.patch
new file mode 100644
index 0000000000..858a996ed7
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-7.patch
@@ -0,0 +1,40 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/5631e9843c832a99769def85b7b9b68b4e3e3959
+From: Veronika Hanulikova <xhanulik@fi.muni.cz>
+Date: Fri, 3 Mar 2023 16:07:38 +0100
+Subject: Check length of string before making copy
+
+Thanks OSS-Fuzz
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55851
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55998
+CVE: CVE-2023-40661
+Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50]
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Hunk refreshed based on codebase.
+---
+ src/pkcs15init/profile.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/pkcs15init/profile.c b/src/pkcs15init/profile.c
+index 2b793b0282..3bad1e8536 100644
+--- a/src/pkcs15init/profile.c
++++ b/src/pkcs15init/profile.c
+@@ -1465,6 +1465,8 @@
+ 	while (argc--) {
+ 		unsigned int	op, method, id;
+ 
++		if (strlen(*argv) >= sizeof(oper))
++			goto bad;
+ 		strlcpy(oper, *argv++, sizeof(oper));
+ 		if ((what = strchr(oper, '=')) == NULL)
+ 			goto bad;
+@@ -2128,6 +2130,9 @@
+ 		return get_uint(cur, value, type);
+ 	}
+ 
++	if (strlen(value) >= sizeof(temp))
++		return 1;
++
+ 	n = strcspn(value, "0123456789x");
+ 	strlcpy(temp, value, (sizeof(temp) > n) ? n + 1 : sizeof(temp));
+ 
+
diff --git a/meta-oe/recipes-support/opensc/opensc_0.22.0.bb b/meta-oe/recipes-support/opensc/opensc_0.22.0.bb
index f8b4af0c4f..770c2d686b 100644
--- a/meta-oe/recipes-support/opensc/opensc_0.22.0.bb
+++ b/meta-oe/recipes-support/opensc/opensc_0.22.0.bb
@@ -14,7 +14,21 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=cb8aedd3bced19bd8026d96a8b6876d7"
 #v0.21.0
 SRCREV = "c902e1992195e00ada12d71beb1029287cd72037"
 SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \
+           file://CVE-2023-2977.patch \
+           file://CVE-2023-40660.patch \
+           file://CVE-2023-40661-1.patch \
+           file://CVE-2023-40661-2.patch \
+           file://CVE-2023-40661-3.patch \
+           file://CVE-2023-40661-4.patch \
+           file://CVE-2023-40661-5.patch \
+           file://CVE-2023-40661-6.patch \
+           file://CVE-2023-40661-7.patch \
           "
+
+# CVE-2021-34193 is a duplicate CVE covering the 5 individual
+# https://github.com/OpenSC/OpenSC/pull/2855/commits/7a049fc3922060fb75cb9fea9e58eef9edc357ae
+CVE_CHECK_IGNORE += "CVE-2021-34193"
+
 DEPENDS = "virtual/libiconv openssl"
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb b/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb
index 14b1aaf01c..3d8a45786d 100644
--- a/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb
+++ b/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb
@@ -15,6 +15,11 @@ SRC_URI = "\
 
 SRC_URI[sha256sum] = "19654ad276b149646371fbdac21bc7620742f2975f7399fed0ffc1a18fbaf603"
 
+CVE_CHECK_IGNORE += "\
+    CVE-2010-1624 \
+    CVE-2011-3594 \
+"
+
 PACKAGECONFIG ??= "gnutls consoleui avahi dbus idn nss \
     ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 gtk startup-notification', '', d)} \
 "
diff --git a/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch b/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch
new file mode 100644
index 0000000000..4a8ea233c8
--- /dev/null
+++ b/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch
@@ -0,0 +1,41 @@
+From 27354e9d9696ee2bc063910a6c9a6b27c5184a52 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Thu, 25 Aug 2022 00:14:22 +0200
+Subject: [PATCH] JBIG2Stream: Fix crash on broken file
+
+https://github.com/jeffssh/CVE-2021-30860
+
+Thanks to David Warren for the heads up
+
+CVE: CVE-2021-30860
+
+References:
+https://nvd.nist.gov/vuln/detail/CVE-2021-30860
+
+Upstream-Status: Backport
+[https://gitlab.freedesktop.org/poppler/poppler/-/commit/27354e9d9696ee2bc063910a6c9a6b27c5184a52]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ poppler/JBIG2Stream.cc | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
+index 662276e5..9f70431d 100644
+--- a/poppler/JBIG2Stream.cc
++++ b/poppler/JBIG2Stream.cc
+@@ -1976,7 +1976,11 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm, bool lossless
+     for (i = 0; i < nRefSegs; ++i) {
+         if ((seg = findSegment(refSegs[i]))) {
+             if (seg->getType() == jbig2SegSymbolDict) {
+-                numSyms += ((JBIG2SymbolDict *)seg)->getSize();
++                const unsigned int segSize = ((JBIG2SymbolDict *)seg)->getSize();
++                if (unlikely(checkedAdd(numSyms, segSize, &numSyms))) {
++                    error(errSyntaxError, getPos(), "Too many symbols in JBIG2 text region");
++                    return;
++                }
+             } else if (seg->getType() == jbig2SegCodeTable) {
+                 codeTables.push_back(seg);
+             }
+--
+2.25.1
diff --git a/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch b/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch
new file mode 100644
index 0000000000..7fdc293aac
--- /dev/null
+++ b/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch
@@ -0,0 +1,46 @@
+From 591235c8b6c65a2eee88991b9ae73490fd9afdfe Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Fri, 18 Aug 2023 08:22:06 +0000
+Subject: [PATCH] OutlineItem::open: Fix crash on malformed files
+
+Fixes #1399
+
+CVE: CVE-2023-34872
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ poppler/Outline.cc | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/poppler/Outline.cc b/poppler/Outline.cc
+index cbb6cb4..4c68be9 100644
+--- a/poppler/Outline.cc
++++ b/poppler/Outline.cc
+@@ -14,7 +14,7 @@
+ // under GPL version 2 or later
+ //
+ // Copyright (C) 2005 Marco Pesenti Gritti <mpg@redhat.com>
+-// Copyright (C) 2008, 2016-2019, 2021 Albert Astals Cid <aacid@kde.org>
++// Copyright (C) 2008, 2016-2019, 2021, 2023 Albert Astals Cid <aacid@kde.org>
+ // Copyright (C) 2009 Nick Jones <nick.jones@network-box.com>
+ // Copyright (C) 2016 Jason Crain <jason@aquaticape.us>
+ // Copyright (C) 2017 Adrian Johnson <ajohnson@redneon.com>
+@@ -483,8 +483,12 @@ void OutlineItem::open()
+ {
+     if (!kids) {
+         Object itemDict = xref->fetch(ref);
+-        const Object &firstRef = itemDict.dictLookupNF("First");
+-        kids = readItemList(this, &firstRef, xref, doc);
++        if (itemDict.isDict()) {
++            const Object &firstRef = itemDict.dictLookupNF("First");
++            kids = readItemList(this, &firstRef, xref, doc);
++        } else {
++            kids = new std::vector<OutlineItem *>();
++        }
+     }
+ }
+
+--
+2.35.5
diff --git a/meta-oe/recipes-support/poppler/poppler_22.04.0.bb b/meta-oe/recipes-support/poppler/poppler_22.04.0.bb
index b7cdb4f1be..04106f11aa 100644
--- a/meta-oe/recipes-support/poppler/poppler_22.04.0.bb
+++ b/meta-oe/recipes-support/poppler/poppler_22.04.0.bb
@@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
 SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \
            file://0001-Do-not-overwrite-all-our-build-flags.patch \
            file://basename-include.patch \
+           file://0001-JBIG2Stream-Fix-crash-on-broken-file.patch \
+	   file://CVE-2023-34872.patch \
            "
 SRC_URI[sha256sum] = "813fb4b90e7bda63df53205c548602bae728887a60f4048aae4dbd9b1927deff"
 
diff --git a/meta-oe/recipes-support/re2/re2_2020.11.01.bb b/meta-oe/recipes-support/re2/re2_2020.11.01.bb
index 698fe7e497..5ec1c6b5ab 100644
--- a/meta-oe/recipes-support/re2/re2_2020.11.01.bb
+++ b/meta-oe/recipes-support/re2/re2_2020.11.01.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b5c31eb512bdf3cb11ffd5713963760"
 
 SRCREV = "166dbbeb3b0ab7e733b278e8f42a84f6882b8a25"
 
-SRC_URI = "git://github.com/google/re2.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/google/re2.git;branch=main;protocol=https"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-oe/recipes-support/spdlog/spdlog_1.9.2.bb b/meta-oe/recipes-support/spdlog/spdlog_1.9.2.bb
index d377241ad1..6362fc7a4b 100644
--- a/meta-oe/recipes-support/spdlog/spdlog_1.9.2.bb
+++ b/meta-oe/recipes-support/spdlog/spdlog_1.9.2.bb
@@ -12,7 +12,7 @@ DEPENDS += "fmt"
 S = "${WORKDIR}/git"
 
 BBCLASSEXTEND = "native"
-# no need to build example&text&benchmarks on pure yocto
-EXTRA_OECMAKE += "-DSPDLOG_INSTALL=on -DSPDLOG_BUILD_SHARED=on -DSPDLOG_BUILD_EXAMPLES=off -DSPDLOG_BUILD_TESTS=off -DSPDLOG_BUILD_BENCH=off -DSPDLOG_FMT_EXTERNAL=on"
+# no need to build example & tests & benchmarks on pure yocto
+EXTRA_OECMAKE += "-DSPDLOG_INSTALL=on -DSPDLOG_BUILD_SHARED=on -DSPDLOG_BUILD_EXAMPLE=off -DSPDLOG_BUILD_TESTS=off -DSPDLOG_BUILD_BENCH=off -DSPDLOG_FMT_EXTERNAL=on"
 
 inherit cmake
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0001.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0001.patch
new file mode 100644
index 0000000000..7d1dd6582f
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0001.patch
@@ -0,0 +1,65 @@
+From b5a060f2ebb8d794f508436a12e4d4163f94b1b8 Mon Sep 17 00:00:00 2001
+From: Laszlo Varady <laszlo.varady@protonmail.com>
+Date: Sat, 20 Aug 2022 12:26:05 +0200
+Subject: [PATCH 1/8] syslogformat: fix out-of-bounds reading of data buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE: CVE-2022-38725
+
+Upstream-Status: Backport
+[https://github.com/syslog-ng/syslog-ng/commit/b5a060f2ebb8d794f508436a12e4d4163f94b1b8]
+
+Signed-off-by: László Várady <laszlo.varady@protonmail.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ modules/syslogformat/syslog-format.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/modules/syslogformat/syslog-format.c b/modules/syslogformat/syslog-format.c
+index aacb525b3..872cc1d71 100644
+--- a/modules/syslogformat/syslog-format.c
++++ b/modules/syslogformat/syslog-format.c
+@@ -223,6 +223,9 @@ log_msg_parse_cisco_timestamp_attributes(LogMessage *self, const guchar **data,
+   const guchar *src = *data;
+   gint left = *length;
+ 
++  if (!left)
++    return;
++
+   /* Cisco timestamp extensions, the first '*' indicates that the clock is
+    * unsynced, '.' if it is known to be synced */
+   if (G_UNLIKELY(src[0] == '*'))
+@@ -562,7 +565,7 @@ log_msg_parse_sd(LogMessage *self, const guchar **data, gint *length, const MsgF
+       open_sd++;
+       do
+         {
+-          if (!isascii(*src) || *src == '=' || *src == ' ' || *src == ']' || *src == '"')
++          if (!left || !isascii(*src) || *src == '=' || *src == ' ' || *src == ']' || *src == '"')
+             goto error;
+           /* read sd_id */
+           pos = 0;
+@@ -595,7 +598,8 @@ log_msg_parse_sd(LogMessage *self, const guchar **data, gint *length, const MsgF
+           sd_id_len = pos;
+           strcpy(sd_value_name, logmsg_sd_prefix);
+           strncpy(sd_value_name + logmsg_sd_prefix_len, sd_id_name, sizeof(sd_value_name) - logmsg_sd_prefix_len);
+-          if (*src == ']')
++
++          if (left && *src == ']')
+             {
+               log_msg_set_value_by_name(self, sd_value_name, "", 0);
+             }
+@@ -612,7 +616,7 @@ log_msg_parse_sd(LogMessage *self, const guchar **data, gint *length, const MsgF
+               else
+                 goto error;
+ 
+-              if (!isascii(*src) || *src == '=' || *src == ' ' || *src == ']' || *src == '"')
++              if (!left || !isascii(*src) || *src == '=' || *src == ' ' || *src == ']' || *src == '"')
+                 goto error;
+ 
+               /* read sd-param */
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0002.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0002.patch
new file mode 100644
index 0000000000..9ccb24ddea
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0002.patch
@@ -0,0 +1,150 @@
+From 81a07263f1e522a376d3a30f96f51df3f2879f8a Mon Sep 17 00:00:00 2001
+From: Laszlo Varady <laszlo.varady@protonmail.com>
+Date: Sat, 20 Aug 2022 12:22:44 +0200
+Subject: [PATCH 2/8] syslogformat: add bug reproducer test for non-zero terminated
+ input
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE: CVE-2022-38725
+
+Upstream-Status: Backport
+[https://github.com/syslog-ng/syslog-ng/commit/81a07263f1e522a376d3a30f96f51df3f2879f8a]
+
+Signed-off-by: László Várady <laszlo.varady@protonmail.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ modules/syslogformat/CMakeLists.txt           |  1 +
+ modules/syslogformat/Makefile.am              |  2 +
+ modules/syslogformat/tests/CMakeLists.txt     |  1 +
+ modules/syslogformat/tests/Makefile.am        |  9 +++
+ .../syslogformat/tests/test_syslog_format.c   | 72 +++++++++++++++++++
+ 5 files changed, 85 insertions(+)
+ create mode 100644 modules/syslogformat/tests/CMakeLists.txt
+ create mode 100644 modules/syslogformat/tests/Makefile.am
+ create mode 100644 modules/syslogformat/tests/test_syslog_format.c
+
+diff --git a/modules/syslogformat/CMakeLists.txt b/modules/syslogformat/CMakeLists.txt
+index 94ee01aa2..64848efee 100644
+--- a/modules/syslogformat/CMakeLists.txt
++++ b/modules/syslogformat/CMakeLists.txt
+@@ -14,3 +14,4 @@ add_module(
+   SOURCES ${SYSLOGFORMAT_SOURCES}
+ )
+ 
++add_test_subdirectory(tests)
+diff --git a/modules/syslogformat/Makefile.am b/modules/syslogformat/Makefile.am
+index f13f88c1b..14cdf589d 100644
+--- a/modules/syslogformat/Makefile.am
++++ b/modules/syslogformat/Makefile.am
+@@ -31,3 +31,5 @@ modules_syslogformat_libsyslogformat_la_DEPENDENCIES =	\
+ modules/syslogformat modules/syslogformat/ mod-syslogformat: \
+ 	modules/syslogformat/libsyslogformat.la
+ .PHONY: modules/syslogformat/ mod-syslogformat
++
++include modules/syslogformat/tests/Makefile.am
+diff --git a/modules/syslogformat/tests/CMakeLists.txt b/modules/syslogformat/tests/CMakeLists.txt
+new file mode 100644
+index 000000000..2e45b7194
+--- /dev/null
++++ b/modules/syslogformat/tests/CMakeLists.txt
+@@ -0,0 +1 @@
++add_unit_test(CRITERION TARGET test_syslog_format DEPENDS syslogformat)
+diff --git a/modules/syslogformat/tests/Makefile.am b/modules/syslogformat/tests/Makefile.am
+new file mode 100644
+index 000000000..7ee66a59c
+--- /dev/null
++++ b/modules/syslogformat/tests/Makefile.am
+@@ -0,0 +1,9 @@
++modules_syslogformat_tests_TESTS = \
++    modules/syslogformat/tests/test_syslog_format
++
++check_PROGRAMS += ${modules_syslogformat_tests_TESTS}
++
++EXTRA_DIST += modules/syslogformat/tests/CMakeLists.txt
++
++modules_syslogformat_tests_test_syslog_format_CFLAGS = $(TEST_CFLAGS) -I$(top_srcdir)/modules/syslogformat
++modules_syslogformat_tests_test_syslog_format_LDADD = $(TEST_LDADD) $(PREOPEN_SYSLOGFORMAT)
+diff --git a/modules/syslogformat/tests/test_syslog_format.c b/modules/syslogformat/tests/test_syslog_format.c
+new file mode 100644
+index 000000000..b247fe3c5
+--- /dev/null
++++ b/modules/syslogformat/tests/test_syslog_format.c
+@@ -0,0 +1,72 @@
++/*
++ * Copyright (c) 2022 One Identity
++ * Copyright (c) 2022 László Várady
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 as published
++ * by the Free Software Foundation, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
++ *
++ * As an additional exemption you are allowed to compile & link against the
++ * OpenSSL libraries as published by the OpenSSL project. See the file
++ * COPYING for details.
++ *
++ */
++
++#include <criterion/criterion.h>
++
++#include "apphook.h"
++#include "cfg.h"
++#include "syslog-format.h"
++#include "logmsg/logmsg.h"
++#include "msg-format.h"
++#include "scratch-buffers.h"
++
++#include <string.h>
++
++GlobalConfig *cfg;
++MsgFormatOptions parse_options;
++
++static void
++setup(void)
++{
++  app_startup();
++  syslog_format_init();
++
++  cfg = cfg_new_snippet();
++  msg_format_options_defaults(&parse_options);
++}
++
++static void
++teardown(void)
++{
++  scratch_buffers_explicit_gc();
++  app_shutdown();
++  cfg_free(cfg);
++}
++
++TestSuite(syslog_format, .init = setup, .fini = teardown);
++
++Test(syslog_format, parser_should_not_spin_on_non_zero_terminated_input, .timeout = 10)
++{
++  const gchar *data = "<182>2022-08-17T05:02:28.217 mymachine su: 'su root' failed for lonvick on /dev/pts/8";
++  /* chosen carefully to reproduce a bug */
++  gsize data_length = 27;
++
++  msg_format_options_init(&parse_options, cfg);
++  LogMessage *msg = msg_format_construct_message(&parse_options, (const guchar *) data, data_length);
++
++  gsize problem_position;
++  cr_assert(syslog_format_handler(&parse_options, msg, (const guchar *) data, data_length, &problem_position));
++
++  msg_format_options_destroy(&parse_options);
++  log_msg_unref(msg);
++}
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0003.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0003.patch
new file mode 100644
index 0000000000..5801165048
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0003.patch
@@ -0,0 +1,77 @@
+From 4b8dc56ca8eaeac4c8751a305eb7eeefab8dc89d Mon Sep 17 00:00:00 2001
+From: Laszlo Varady <laszlo.varady@protonmail.com>
+Date: Sun, 21 Aug 2022 18:44:28 +0200
+Subject: [PATCH 3/8] syslogformat: fix reading cisco sequence id out of bounds
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE: CVE-2022-38725
+
+Upstream-Status: Backport
+[https://github.com/syslog-ng/syslog-ng/commit/4b8dc56ca8eaeac4c8751a305eb7eeefab8dc89d]
+
+Signed-off-by: László Várady <laszlo.varady@protonmail.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ modules/syslogformat/syslog-format.c          |  2 +-
+ .../syslogformat/tests/test_syslog_format.c   | 32 +++++++++++++++++++
+ 2 files changed, 33 insertions(+), 1 deletion(-)
+
+diff --git a/modules/syslogformat/syslog-format.c b/modules/syslogformat/syslog-format.c
+index 872cc1d71..a3d48d6f2 100644
+--- a/modules/syslogformat/syslog-format.c
++++ b/modules/syslogformat/syslog-format.c
+@@ -207,7 +207,7 @@ log_msg_parse_cisco_sequence_id(LogMessage *self, const guchar **data, gint *len
+ 
+   /* if the next char is not space, then we may try to read a date */
+ 
+-  if (*src != ' ')
++  if (!left || *src != ' ')
+     return;
+ 
+   log_msg_set_value(self, handles.cisco_seqid, (gchar *) *data, *length - left - 1);
+diff --git a/modules/syslogformat/tests/test_syslog_format.c b/modules/syslogformat/tests/test_syslog_format.c
+index b247fe3c5..d0f5b4043 100644
+--- a/modules/syslogformat/tests/test_syslog_format.c
++++ b/modules/syslogformat/tests/test_syslog_format.c
+@@ -70,3 +70,35 @@ Test(syslog_format, parser_should_not_spin_on_non_zero_terminated_input, .timeou
+   msg_format_options_destroy(&parse_options);
+   log_msg_unref(msg);
+ }
++
++Test(syslog_format, cisco_sequence_id_non_zero_termination)
++{
++  const gchar *data = "<189>65536: ";
++  gsize data_length = strlen(data);
++
++  msg_format_options_init(&parse_options, cfg);
++  LogMessage *msg = msg_format_construct_message(&parse_options, (const guchar *) data, data_length);
++
++  gsize problem_position;
++  cr_assert(syslog_format_handler(&parse_options, msg, (const guchar *) data, data_length, &problem_position));
++  cr_assert_str_eq(log_msg_get_value_by_name(msg, ".SDATA.meta.sequenceId", NULL), "65536");
++
++  msg_format_options_destroy(&parse_options);
++  log_msg_unref(msg);
++}
++
++Test(syslog_format, minimal_non_zero_terminated_numeric_message_is_parsed_as_program_name)
++{
++  const gchar *data = "<189>65536";
++  gsize data_length = strlen(data);
++
++  msg_format_options_init(&parse_options, cfg);
++  LogMessage *msg = msg_format_construct_message(&parse_options, (const guchar *) data, data_length);
++
++  gsize problem_position;
++  cr_assert(syslog_format_handler(&parse_options, msg, (const guchar *) data, data_length, &problem_position));
++  cr_assert_str_eq(log_msg_get_value_by_name(msg, "PROGRAM", NULL), "65536");
++
++  msg_format_options_destroy(&parse_options);
++  log_msg_unref(msg);
++}
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch
new file mode 100644
index 0000000000..cb81b1c122
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch
@@ -0,0 +1,37 @@
+From 73b5c300b8fde5e7a4824baa83a04931279abb37 Mon Sep 17 00:00:00 2001
+From: Laszlo Varady <laszlo.varady@protonmail.com>
+Date: Sat, 20 Aug 2022 12:42:38 +0200
+Subject: [PATCH 4/8] timeutils: fix iterating out of the range of timestamp buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE: CVE-2022-38725
+
+Upstream-Status: Backport
+[https://github.com/syslog-ng/syslog-ng/commit/73b5c300b8fde5e7a4824baa83a04931279abb37]
+
+Signed-off-by: László Várady <laszlo.varady@protonmail.com>
+Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ lib/timeutils/scan-timestamp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c
+index 304a57673..4fbe94a36 100644
+--- a/lib/timeutils/scan-timestamp.c
++++ b/lib/timeutils/scan-timestamp.c
+@@ -332,7 +332,7 @@ __parse_usec(const guchar **data, gint *length)
+           src++;
+           (*length)--;
+         }
+-      while (isdigit(*src))
++      while (*length > 0 && isdigit(*src))
+         {
+           src++;
+           (*length)--;
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0005.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0005.patch
new file mode 100644
index 0000000000..70964b328b
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0005.patch
@@ -0,0 +1,211 @@
+From 45f051239312e43bd4f92b9339fe67c6798a0321 Mon Sep 17 00:00:00 2001
+From: Balazs Scheidler <bazsi77@gmail.com>
+Date: Sat, 20 Aug 2022 12:43:42 +0200
+Subject: [PATCH 5/8] timeutils: add tests for non-zero terminated inputs
+
+CVE: CVE-2022-38725
+
+Upstream-Status: Backport
+[https://github.com/syslog-ng/syslog-ng/commit/45f051239312e43bd4f92b9339fe67c6798a0321]
+
+Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ lib/timeutils/tests/test_scan-timestamp.c | 126 +++++++++++++++++++---
+ 1 file changed, 113 insertions(+), 13 deletions(-)
+
+diff --git a/lib/timeutils/tests/test_scan-timestamp.c b/lib/timeutils/tests/test_scan-timestamp.c
+index 27b76f12d..468bbf779 100644
+--- a/lib/timeutils/tests/test_scan-timestamp.c
++++ b/lib/timeutils/tests/test_scan-timestamp.c
+@@ -50,17 +50,21 @@ fake_time_add(time_t diff)
+ }
+ 
+ static gboolean
+-_parse_rfc3164(const gchar *ts, gchar isotimestamp[32])
++_parse_rfc3164(const gchar *ts, gint len, gchar isotimestamp[32])
+ {
+   UnixTime stamp;
+-  const guchar *data = (const guchar *) ts;
+-  gint length = strlen(ts);
++  const guchar *tsu = (const guchar *) ts;
++  gint tsu_len = len < 0 ? strlen(ts) : len;
+   GString *result = g_string_new("");
+   WallClockTime wct = WALL_CLOCK_TIME_INIT;
+ 
+-
++  const guchar *data = tsu;
++  gint length = tsu_len;
+   gboolean success = scan_rfc3164_timestamp(&data, &length, &wct);
+ 
++  cr_assert(length >= 0);
++  cr_assert(data == &tsu[tsu_len - length]);
++
+   unix_time_unset(&stamp);
+   convert_wall_clock_time_to_unix_time(&wct, &stamp);
+ 
+@@ -71,16 +75,21 @@ _parse_rfc3164(const gchar *ts, gchar isotimestamp[32])
+ }
+ 
+ static gboolean
+-_parse_rfc5424(const gchar *ts, gchar isotimestamp[32])
++_parse_rfc5424(const gchar *ts, gint len, gchar isotimestamp[32])
+ {
+   UnixTime stamp;
+-  const guchar *data = (const guchar *) ts;
+-  gint length = strlen(ts);
++  const guchar *tsu = (const guchar *) ts;
++  gint tsu_len = len < 0 ? strlen(ts) : len;
+   GString *result = g_string_new("");
+   WallClockTime wct = WALL_CLOCK_TIME_INIT;
+ 
++  const guchar *data = tsu;
++  gint length = tsu_len;
+   gboolean success = scan_rfc5424_timestamp(&data, &length, &wct);
+ 
++  cr_assert(length >= 0);
++  cr_assert(data == &tsu[tsu_len - length]);
++
+   unix_time_unset(&stamp);
+   convert_wall_clock_time_to_unix_time(&wct, &stamp);
+ 
+@@ -91,31 +100,60 @@ _parse_rfc5424(const gchar *ts, gchar isotimestamp[32])
+ }
+ 
+ static gboolean
+-_rfc3164_timestamp_eq(const gchar *ts, const gchar *expected, gchar converted[32])
++_rfc3164_timestamp_eq(const gchar *ts, gint len, const gchar *expected, gchar converted[32])
+ {
+-  cr_assert(_parse_rfc3164(ts, converted));
++  cr_assert(_parse_rfc3164(ts, len, converted));
+   return strcmp(converted, expected) == 0;
+ }
+ 
+ static gboolean
+-_rfc5424_timestamp_eq(const gchar *ts, const gchar *expected, gchar converted[32])
++_rfc5424_timestamp_eq(const gchar *ts, gint len, const gchar *expected, gchar converted[32])
+ {
+-  cr_assert(_parse_rfc5424(ts, converted));
++  cr_assert(_parse_rfc5424(ts, len, converted));
+   return strcmp(converted, expected) == 0;
+ }
+ 
+ #define _expect_rfc3164_timestamp_eq(ts, expected) \
+   ({ \
+     gchar converted[32]; \
+-    cr_expect(_rfc3164_timestamp_eq(ts, expected, converted), "Parsed RFC3164 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \
++    cr_expect(_rfc3164_timestamp_eq(ts, -1, expected, converted), "Parsed RFC3164 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \
++  })
++
++#define _expect_rfc3164_timestamp_len_eq(ts, len, expected) \
++  ({ \
++    gchar converted[32]; \
++    cr_expect(_rfc3164_timestamp_eq(ts, len, expected, converted), "Parsed RFC3164 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \
++  })
++
++#define _expect_rfc3164_fails(ts, len) \
++  ({  \
++    WallClockTime wct = WALL_CLOCK_TIME_INIT; \
++    const guchar *data = (guchar *) ts; \
++    gint length = len < 0 ? strlen(ts) : len; \
++    cr_assert_not(scan_rfc3164_timestamp(&data, &length, &wct)); \
+   })
+ 
+ #define _expect_rfc5424_timestamp_eq(ts, expected) \
+   ({ \
+     gchar converted[32]; \
+-    cr_expect(_rfc5424_timestamp_eq(ts, expected, converted), "Parsed RFC5424 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \
++    cr_expect(_rfc5424_timestamp_eq(ts, -1, expected, converted), "Parsed RFC5424 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \
++  })
++
++#define _expect_rfc5424_timestamp_len_eq(ts, len, expected) \
++  ({ \
++    gchar converted[32]; \
++    cr_expect(_rfc5424_timestamp_eq(ts, len, expected, converted), "Parsed RFC5424 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \
++  })
++
++#define _expect_rfc5424_fails(ts, len) \
++  ({  \
++    WallClockTime wct = WALL_CLOCK_TIME_INIT; \
++    const guchar *data = (guchar *) ts; \
++    gint length = len < 0 ? strlen(ts) : len; \
++    cr_assert_not(scan_rfc5424_timestamp(&data, &length, &wct)); \
+   })
+ 
++
+ Test(parse_timestamp, standard_bsd_format)
+ {
+   _expect_rfc3164_timestamp_eq("Oct  1 17:46:12", "2017-10-01T17:46:12.000+02:00");
+@@ -164,6 +202,68 @@ Test(parse_timestamp, standard_bsd_format_year_in_the_past)
+   _expect_rfc3164_timestamp_eq("Dec 31 17:46:12", "2017-12-31T17:46:12.000+01:00");
+ }
+ 
++Test(parse_timestamp, non_zero_terminated_rfc3164_iso_input_is_handled_properly)
++{
++  gchar *ts = "2022-08-17T05:02:28.417Z whatever";
++  gint ts_len = 24;
++
++  _expect_rfc3164_timestamp_len_eq(ts, strlen(ts), "2022-08-17T05:02:28.417+00:00");
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len + 5, "2022-08-17T05:02:28.417+00:00");
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len, "2022-08-17T05:02:28.417+00:00");
++
++  /* no "Z" parsed, timezone defaults to local, forced CET */
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len - 1, "2022-08-17T05:02:28.417+02:00");
++
++  /* msec is partially parsed as we trim the string from the right */
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len - 2, "2022-08-17T05:02:28.410+02:00");
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len - 3, "2022-08-17T05:02:28.400+02:00");
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len - 4, "2022-08-17T05:02:28.000+02:00");
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len - 5, "2022-08-17T05:02:28.000+02:00");
++
++  for (gint i = 6; i < ts_len; i++)
++    _expect_rfc3164_fails(ts, ts_len - i);
++
++}
++
++Test(parse_timestamp, non_zero_terminated_rfc3164_bsd_pix_or_asa_input_is_handled_properly)
++{
++  gchar *ts = "Aug 17 2022 05:02:28: whatever";
++  gint ts_len = 21;
++
++  _expect_rfc3164_timestamp_len_eq(ts, strlen(ts), "2022-08-17T05:02:28.000+02:00");
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len + 5, "2022-08-17T05:02:28.000+02:00");
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len, "2022-08-17T05:02:28.000+02:00");
++
++  /* no ":" at the end, that's a problem, unrecognized */
++  _expect_rfc3164_fails(ts, ts_len - 1);
++
++  for (gint i = 1; i < ts_len; i++)
++    _expect_rfc3164_fails(ts, ts_len - i);
++}
++
++Test(parse_timestamp, non_zero_terminated_rfc5424_input_is_handled_properly)
++{
++  gchar *ts = "2022-08-17T05:02:28.417Z whatever";
++  gint ts_len = 24;
++
++  _expect_rfc5424_timestamp_len_eq(ts, strlen(ts), "2022-08-17T05:02:28.417+00:00");
++  _expect_rfc5424_timestamp_len_eq(ts, ts_len + 5, "2022-08-17T05:02:28.417+00:00");
++  _expect_rfc5424_timestamp_len_eq(ts, ts_len, "2022-08-17T05:02:28.417+00:00");
++
++  /* no "Z" parsed, timezone defaults to local, forced CET */
++  _expect_rfc5424_timestamp_len_eq(ts, ts_len - 1, "2022-08-17T05:02:28.417+02:00");
++
++  /* msec is partially parsed as we trim the string from the right */
++  _expect_rfc5424_timestamp_len_eq(ts, ts_len - 2, "2022-08-17T05:02:28.410+02:00");
++  _expect_rfc5424_timestamp_len_eq(ts, ts_len - 3, "2022-08-17T05:02:28.400+02:00");
++  _expect_rfc5424_timestamp_len_eq(ts, ts_len - 4, "2022-08-17T05:02:28.000+02:00");
++  _expect_rfc5424_timestamp_len_eq(ts, ts_len - 5, "2022-08-17T05:02:28.000+02:00");
++
++  for (gint i = 6; i < ts_len; i++)
++    _expect_rfc5424_fails(ts, ts_len - i);
++
++}
++
+ 
+ Test(parse_timestamp, daylight_saving_behavior_at_spring_with_explicit_timezones)
+ {
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0006.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0006.patch
new file mode 100644
index 0000000000..81e36c6501
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0006.patch
@@ -0,0 +1,180 @@
+From 09f489c89c826293ff8cbd282cfc866ab56054c4 Mon Sep 17 00:00:00 2001
+From: Laszlo Varady <laszlo.varady@protonmail.com>
+Date: Sat, 20 Aug 2022 14:29:43 +0200
+Subject: [PATCH 6/8] timeutils: name repeating constant
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE: CVE-2022-38725
+
+Upstream-Status: Backport
+[https://github.com/syslog-ng/syslog-ng/commit/09f489c89c826293ff8cbd282cfc866ab56054c4]
+
+Signed-off-by: László Várady <laszlo.varady@protonmail.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ lib/timeutils/scan-timestamp.c | 54 ++++++++++++++++++----------------
+ 1 file changed, 29 insertions(+), 25 deletions(-)
+
+diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c
+index 4fbe94a36..d22d50973 100644
+--- a/lib/timeutils/scan-timestamp.c
++++ b/lib/timeutils/scan-timestamp.c
+@@ -34,41 +34,43 @@ scan_day_abbrev(const gchar **buf, gint *left, gint *wday)
+ {
+   *wday = -1;
+ 
+-  if (*left < 3)
++  const gsize abbrev_length = 3;
++
++  if (*left < abbrev_length)
+     return FALSE;
+ 
+   switch (**buf)
+     {
+     case 'S':
+-      if (strncasecmp(*buf, "Sun", 3) == 0)
++      if (strncasecmp(*buf, "Sun", abbrev_length) == 0)
+         *wday = 0;
+-      else if (strncasecmp(*buf, "Sat", 3) == 0)
++      else if (strncasecmp(*buf, "Sat", abbrev_length) == 0)
+         *wday = 6;
+       else
+         return FALSE;
+       break;
+     case 'M':
+-      if (strncasecmp(*buf, "Mon", 3) == 0)
++      if (strncasecmp(*buf, "Mon", abbrev_length) == 0)
+         *wday = 1;
+       else
+         return FALSE;
+       break;
+     case 'T':
+-      if (strncasecmp(*buf, "Tue", 3) == 0)
++      if (strncasecmp(*buf, "Tue", abbrev_length) == 0)
+         *wday = 2;
+-      else if (strncasecmp(*buf, "Thu", 3) == 0)
++      else if (strncasecmp(*buf, "Thu", abbrev_length) == 0)
+         *wday = 4;
+       else
+         return FALSE;
+       break;
+     case 'W':
+-      if (strncasecmp(*buf, "Wed", 3) == 0)
++      if (strncasecmp(*buf, "Wed", abbrev_length) == 0)
+         *wday = 3;
+       else
+         return FALSE;
+       break;
+     case 'F':
+-      if (strncasecmp(*buf, "Fri", 3) == 0)
++      if (strncasecmp(*buf, "Fri", abbrev_length) == 0)
+         *wday = 5;
+       else
+         return FALSE;
+@@ -77,8 +79,8 @@ scan_day_abbrev(const gchar **buf, gint *left, gint *wday)
+       return FALSE;
+     }
+ 
+-  (*buf) += 3;
+-  (*left) -= 3;
++  (*buf) += abbrev_length;
++  (*left) -= abbrev_length;
+   return TRUE;
+ }
+ 
+@@ -87,63 +89,65 @@ scan_month_abbrev(const gchar **buf, gint *left, gint *mon)
+ {
+   *mon = -1;
+ 
+-  if (*left < 3)
++  const gsize abbrev_length = 3;
++
++  if (*left < abbrev_length)
+     return FALSE;
+ 
+   switch (**buf)
+     {
+     case 'J':
+-      if (strncasecmp(*buf, "Jan", 3) == 0)
++      if (strncasecmp(*buf, "Jan", abbrev_length) == 0)
+         *mon = 0;
+-      else if (strncasecmp(*buf, "Jun", 3) == 0)
++      else if (strncasecmp(*buf, "Jun", abbrev_length) == 0)
+         *mon = 5;
+-      else if (strncasecmp(*buf, "Jul", 3) == 0)
++      else if (strncasecmp(*buf, "Jul", abbrev_length) == 0)
+         *mon = 6;
+       else
+         return FALSE;
+       break;
+     case 'F':
+-      if (strncasecmp(*buf, "Feb", 3) == 0)
++      if (strncasecmp(*buf, "Feb", abbrev_length) == 0)
+         *mon = 1;
+       else
+         return FALSE;
+       break;
+     case 'M':
+-      if (strncasecmp(*buf, "Mar", 3) == 0)
++      if (strncasecmp(*buf, "Mar", abbrev_length) == 0)
+         *mon = 2;
+-      else if (strncasecmp(*buf, "May", 3) == 0)
++      else if (strncasecmp(*buf, "May", abbrev_length) == 0)
+         *mon = 4;
+       else
+         return FALSE;
+       break;
+     case 'A':
+-      if (strncasecmp(*buf, "Apr", 3) == 0)
++      if (strncasecmp(*buf, "Apr", abbrev_length) == 0)
+         *mon = 3;
+-      else if (strncasecmp(*buf, "Aug", 3) == 0)
++      else if (strncasecmp(*buf, "Aug", abbrev_length) == 0)
+         *mon = 7;
+       else
+         return FALSE;
+       break;
+     case 'S':
+-      if (strncasecmp(*buf, "Sep", 3) == 0)
++      if (strncasecmp(*buf, "Sep", abbrev_length) == 0)
+         *mon = 8;
+       else
+         return FALSE;
+       break;
+     case 'O':
+-      if (strncasecmp(*buf, "Oct", 3) == 0)
++      if (strncasecmp(*buf, "Oct", abbrev_length) == 0)
+         *mon = 9;
+       else
+         return FALSE;
+       break;
+     case 'N':
+-      if (strncasecmp(*buf, "Nov", 3) == 0)
++      if (strncasecmp(*buf, "Nov", abbrev_length) == 0)
+         *mon = 10;
+       else
+         return FALSE;
+       break;
+     case 'D':
+-      if (strncasecmp(*buf, "Dec", 3) == 0)
++      if (strncasecmp(*buf, "Dec", abbrev_length) == 0)
+         *mon = 11;
+       else
+         return FALSE;
+@@ -152,8 +156,8 @@ scan_month_abbrev(const gchar **buf, gint *left, gint *mon)
+       return FALSE;
+     }
+ 
+-  (*buf) += 3;
+-  (*left) -= 3;
++  (*buf) += abbrev_length;
++  (*left) -= abbrev_length;
+   return TRUE;
+ }
+ 
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0007.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0007.patch
new file mode 100644
index 0000000000..abb36fdf5f
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0007.patch
@@ -0,0 +1,81 @@
+From 8c6e2c1c41b0fcc5fbd464c35f4dac7102235396 Mon Sep 17 00:00:00 2001
+From: Laszlo Varady <laszlo.varady@protonmail.com>
+Date: Sat, 20 Aug 2022 14:30:22 +0200
+Subject: [PATCH 7/8] timeutils: fix invalid calculation of ISO timestamp length
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE: CVE-2022-38725
+
+Upstream-Status: Backport
+[https://github.com/syslog-ng/syslog-ng/commit/8c6e2c1c41b0fcc5fbd464c35f4dac7102235396]
+
+Signed-off-by: László Várady <laszlo.varady@protonmail.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ lib/timeutils/scan-timestamp.c            | 8 ++++++--
+ lib/timeutils/tests/test_scan-timestamp.c | 7 +++++++
+ 2 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c
+index d22d50973..125264677 100644
+--- a/lib/timeutils/scan-timestamp.c
++++ b/lib/timeutils/scan-timestamp.c
+@@ -350,19 +350,21 @@ __parse_usec(const guchar **data, gint *length)
+ static gboolean
+ __has_iso_timezone(const guchar *src, gint length)
+ {
+-  return (length >= 5) &&
++  return (length >= 6) &&
+          (*src == '+' || *src == '-') &&
+          isdigit(*(src+1)) &&
+          isdigit(*(src+2)) &&
+          *(src+3) == ':' &&
+          isdigit(*(src+4)) &&
+          isdigit(*(src+5)) &&
+-         !isdigit(*(src+6));
++         (length < 7 || !isdigit(*(src+6)));
+ }
+ 
+ static guint32
+ __parse_iso_timezone(const guchar **data, gint *length)
+ {
++  g_assert(*length >= 6);
++
+   gint hours, mins;
+   const guchar *src = *data;
+   guint32 tz = 0;
+@@ -372,8 +374,10 @@ __parse_iso_timezone(const guchar **data, gint *length)
+   hours = (*(src + 1) - '0') * 10 + *(src + 2) - '0';
+   mins = (*(src + 4) - '0') * 10 + *(src + 5) - '0';
+   tz = sign * (hours * 3600 + mins * 60);
++
+   src += 6;
+   (*length) -= 6;
++
+   *data = src;
+   return tz;
+ }
+diff --git a/lib/timeutils/tests/test_scan-timestamp.c b/lib/timeutils/tests/test_scan-timestamp.c
+index 468bbf779..d18bdc65d 100644
+--- a/lib/timeutils/tests/test_scan-timestamp.c
++++ b/lib/timeutils/tests/test_scan-timestamp.c
+@@ -264,6 +264,13 @@ Test(parse_timestamp, non_zero_terminated_rfc5424_input_is_handled_properly)
+ 
+ }
+ 
++Test(parse_timestamp, non_zero_terminated_rfc5424_timestamp_only)
++{
++  const gchar *ts = "2022-08-17T05:02:28.417+03:00";
++  gint ts_len = strlen(ts);
++  _expect_rfc5424_timestamp_len_eq(ts, ts_len, ts);
++}
++
+ 
+ Test(parse_timestamp, daylight_saving_behavior_at_spring_with_explicit_timezones)
+ {
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0008.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0008.patch
new file mode 100644
index 0000000000..56c71e8a21
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0008.patch
@@ -0,0 +1,45 @@
+From 56f881c5eaa3d8c02c96607c4b9e4eaf959a044d Mon Sep 17 00:00:00 2001
+From: Laszlo Varady <laszlo.varady@protonmail.com>
+Date: Sat, 20 Aug 2022 14:30:51 +0200
+Subject: [PATCH 8/8/] timeutils: fix out-of-bounds reading of data buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE: CVE-2022-38725
+
+Upstream-Status: Backport
+[https://github.com/syslog-ng/syslog-ng/commit/56f881c5eaa3d8c02c96607c4b9e4eaf959a044d]
+
+Signed-off-by: László Várady <laszlo.varady@protonmail.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ lib/timeutils/scan-timestamp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c
+index 125264677..c00d8e6a9 100644
+--- a/lib/timeutils/scan-timestamp.c
++++ b/lib/timeutils/scan-timestamp.c
+@@ -431,7 +431,7 @@ __parse_bsd_timestamp(const guchar **data, gint *length, WallClockTime *wct)
+       if (!scan_pix_timestamp((const gchar **) &src, &left, wct))
+         return FALSE;
+ 
+-      if (*src == ':')
++      if (left && *src == ':')
+         {
+           src++;
+           left--;
+@@ -482,7 +482,7 @@ scan_rfc3164_timestamp(const guchar **data, gint *length, WallClockTime *wct)
+    * looking at you, skip that as well, so we can reliably detect IPv6
+    * addresses as hostnames, which would be using ":" as well. */
+ 
+-  if (*src == ':')
++  if (left && *src == ':')
+     {
+       ++src;
+       --left;
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.systemd b/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.systemd
index b63f46ddc3..851bf252b7 100644
--- a/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.systemd
+++ b/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.systemd
@@ -1,4 +1,4 @@
-@version: 3.31
+@version: 3.36
 #
 # Syslog-ng configuration file, compatible with default Debian syslogd
 # installation. Originally written by anonymous (I can't find his name)
diff --git a/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.sysvinit b/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.sysvinit
index 07cd3b0868..70afd0da84 100644
--- a/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.sysvinit
+++ b/meta-oe/recipes-support/syslog-ng/files/syslog-ng.conf.sysvinit
@@ -1,4 +1,4 @@
-@version: 3.31
+@version: 3.36
 #
 # Syslog-ng configuration file, compatible with default Debian syslogd
 # installation. Originally written by anonymous (I can't find his name)
diff --git a/meta-oe/recipes-support/syslog-ng/syslog-ng_3.36.1.bb b/meta-oe/recipes-support/syslog-ng/syslog-ng_3.36.1.bb
index 40bbfe495a..045b9b71c9 100644
--- a/meta-oe/recipes-support/syslog-ng/syslog-ng_3.36.1.bb
+++ b/meta-oe/recipes-support/syslog-ng/syslog-ng_3.36.1.bb
@@ -22,6 +22,14 @@ SRC_URI = "https://github.com/balabit/syslog-ng/releases/download/${BP}/${BP}.ta
            file://volatiles.03_syslog-ng \
            file://syslog-ng-tmp.conf \
            file://syslog-ng.service-the-syslog-ng-service.patch \
+	   file://CVE-2022-38725-0001.patch \
+           file://CVE-2022-38725-0002.patch \
+           file://CVE-2022-38725-0003.patch \
+           file://CVE-2022-38725-0004.patch \
+           file://CVE-2022-38725-0005.patch \
+           file://CVE-2022-38725-0006.patch \
+           file://CVE-2022-38725-0007.patch \
+           file://CVE-2022-38725-0008.patch \
 "
 
 SRC_URI[sha256sum] = "90a25c9767fe749db50f118ddfc92ec71399763d2ecd5ad4f11ff5eea049e60b"
diff --git a/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch b/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch
new file mode 100644
index 0000000000..7d37ad6042
--- /dev/null
+++ b/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch
@@ -0,0 +1,53 @@
+From 45f501e1be2db6b017cc242c79bfb9de32b332a1 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 29 Jan 2024 08:27:29 +0100
+Subject: [PATCH] PostgreSQL driver: Fix incompatible pointer-to-integer types
+
+These result in out-of-bounds stack writes on 64-bit architectures
+(caller has 4 bytes, callee writes 8 bytes), and seem to have gone
+unnoticed on little-endian architectures (although big-endian
+architectures must be broken).
+
+This change is required to avoid a build failure with GCC 14.
+
+CVE: CVE-2024-1013
+
+Upstream-Status: Backport [https://github.com/lurcher/unixODBC/commit/45f501e1be2db6b017cc242c79bfb9de32b332a1]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ Drivers/Postgre7.1/info.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/Drivers/Postgre7.1/info.c b/Drivers/Postgre7.1/info.c
+index 63ac91f..2216ecd 100755
+--- a/Drivers/Postgre7.1/info.c
++++ b/Drivers/Postgre7.1/info.c
+@@ -1779,14 +1779,14 @@ char *table_name;
+ char index_name[MAX_INFO_STRING];
+ short fields_vector[8];
+ char isunique[10], isclustered[10];
+-SDWORD index_name_len, fields_vector_len;
++SQLLEN index_name_len, fields_vector_len;
+ TupleNode *row;
+ int i;
+ HSTMT hcol_stmt;
+ StatementClass *col_stmt, *indx_stmt;
+ char column_name[MAX_INFO_STRING], relhasrules[MAX_INFO_STRING];
+ char **column_names = 0;
+-Int4 column_name_len;
++SQLLEN column_name_len;
+ int total_columns = 0;
+ char error = TRUE;
+ ConnInfo *ci;
+@@ -2136,7 +2136,7 @@ HSTMT htbl_stmt;
+ StatementClass *tbl_stmt;
+ char tables_query[STD_STATEMENT_LEN];
+ char attname[MAX_INFO_STRING];
+-SDWORD attname_len;
++SQLLEN attname_len;
+ char pktab[MAX_TABLE_LEN + 1];
+ Int2 result_cols;
+
+--
+2.40.0
diff --git a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.9.bb b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.9.bb
index c194739cb1..283546cf0e 100644
--- a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.9.bb
+++ b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.9.bb
@@ -10,6 +10,7 @@ DEPENDS = "libtool readline"
 
 SRC_URI = "http://ftp.unixodbc.org/unixODBC-${PV}.tar.gz \
            file://do-not-use-libltdl-source-directory.patch \
+           file://CVE-2024-1013.patch \
 "
 SRC_URI[sha256sum] = "52833eac3d681c8b0c9a5a65f2ebd745b3a964f208fc748f977e44015a31b207"
 
diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb b/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb
index 7ec6ae15f6..947ca75388 100644
--- a/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb
+++ b/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb
@@ -49,6 +49,7 @@ do_configure:prepend() {
 
 do_compile:prepend() {
     sed -i 's/(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am/(MAKE) $(AM_MAKEFLAGS) install-exec-am/g' ${S}/keygen/Makefile.in
+    echo "" > ${B}/xrdp_configure_options.h
 }
 
 do_install:append() {
diff --git a/meta-oe/recipes-support/yaml-cpp/yaml-cpp/0001-Fix-CMake-export-files-1077.patch b/meta-oe/recipes-support/yaml-cpp/yaml-cpp/0001-Fix-CMake-export-files-1077.patch
new file mode 100644
index 0000000000..b6c4a3b883
--- /dev/null
+++ b/meta-oe/recipes-support/yaml-cpp/yaml-cpp/0001-Fix-CMake-export-files-1077.patch
@@ -0,0 +1,117 @@
+From 3d436f6cfc2dfe52fc1533c01f57c25ae7ffac9c Mon Sep 17 00:00:00 2001
+From: Felix Schwitzer <flx107809@gmail.com>
+Date: Fri, 1 Apr 2022 05:26:47 +0200
+Subject: [PATCH] Fix CMake export files (#1077)
+
+After configuring the file `yaml-cpp-config.cmake.in`, the result ends up with
+empty variables.  (see also the discussion in #774).
+
+Rework this file and the call to `configure_package_config_file` according the
+cmake documentation
+(https://cmake.org/cmake/help/v3.22/module/CMakePackageConfigHelpers.html?highlight=configure_package_config#command:configure_package_config_file)
+to overcome this issue and allow a simple `find_package` after install.
+
+As there was some discussion about the place where to install the
+`yaml-cpp-config.cmake` file, e.g. #1055, factor out the install location into
+an extra variable to make it easier changing this location in the future.
+
+Also untabify CMakeLists.txt in some places to align with the other code parts in this file.
+
+Upstream-Status: Accepted [https://github.com/jbeder/yaml-cpp/pull/1077]
+
+Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu> 
+---
+ CMakeLists.txt           | 29 ++++++++++++++++++-----------
+ yaml-cpp-config.cmake.in | 10 ++++++----
+ 2 files changed, 24 insertions(+), 15 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index b230b9e..983d1a4 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -127,10 +127,16 @@ set_target_properties(yaml-cpp PROPERTIES
+   PROJECT_LABEL "yaml-cpp ${yaml-cpp-label-postfix}"
+   DEBUG_POSTFIX "${CMAKE_DEBUG_POSTFIX}")
+ 
++# FIXME(felix2012): A more common place for the cmake export would be
++# `CMAKE_INSTALL_LIBDIR`, as e.g. done in ubuntu or in this project for GTest
++set(CONFIG_EXPORT_DIR "${CMAKE_INSTALL_DATADIR}/cmake/yaml-cpp")
++set(EXPORT_TARGETS yaml-cpp)
+ configure_package_config_file(
+   "${PROJECT_SOURCE_DIR}/yaml-cpp-config.cmake.in"
+   "${PROJECT_BINARY_DIR}/yaml-cpp-config.cmake"
+-  INSTALL_DESTINATION "${CMAKE_INSTALL_DATADIR}/cmake/yaml-cpp")
++  INSTALL_DESTINATION "${CONFIG_EXPORT_DIR}"
++  PATH_VARS CMAKE_INSTALL_INCLUDEDIR CONFIG_EXPORT_DIR)
++unset(EXPORT_TARGETS)
+ 
+ write_basic_package_version_file(
+   "${PROJECT_BINARY_DIR}/yaml-cpp-config-version.cmake"
+@@ -139,30 +145,31 @@ write_basic_package_version_file(
+ configure_file(yaml-cpp.pc.in yaml-cpp.pc @ONLY)
+ 
+ if (YAML_CPP_INSTALL)
+-	install(TARGETS yaml-cpp
++  install(TARGETS yaml-cpp
+     EXPORT yaml-cpp-targets
+     RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+     LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
+     ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
+-	install(DIRECTORY ${PROJECT_SOURCE_DIR}/include/
++  install(DIRECTORY ${PROJECT_SOURCE_DIR}/include/
+     DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
+-		FILES_MATCHING PATTERN "*.h")
++                FILES_MATCHING PATTERN "*.h")
+   install(EXPORT yaml-cpp-targets
+-    DESTINATION "${CMAKE_INSTALL_DATADIR}/cmake/yaml-cpp")
+-	install(FILES
+-		"${PROJECT_BINARY_DIR}/yaml-cpp-config.cmake"
+-		"${PROJECT_BINARY_DIR}/yaml-cpp-config-version.cmake"
+-    DESTINATION "${CMAKE_INSTALL_DATADIR}/cmake/yaml-cpp")
++    DESTINATION "${CONFIG_EXPORT_DIR}")
++  install(FILES
++      "${PROJECT_BINARY_DIR}/yaml-cpp-config.cmake"
++      "${PROJECT_BINARY_DIR}/yaml-cpp-config-version.cmake"
++    DESTINATION "${CONFIG_EXPORT_DIR}")
+   install(FILES "${PROJECT_BINARY_DIR}/yaml-cpp.pc"
+     DESTINATION ${CMAKE_INSTALL_DATADIR}/pkgconfig)
+ endif()
++unset(CONFIG_EXPORT_DIR)
+ 
+ if(YAML_CPP_BUILD_TESTS)
+-	add_subdirectory(test)
++  add_subdirectory(test)
+ endif()
+ 
+ if(YAML_CPP_BUILD_TOOLS)
+-	add_subdirectory(util)
++  add_subdirectory(util)
+ endif()
+ 
+ if (YAML_CPP_CLANG_FORMAT_EXE)
+diff --git a/yaml-cpp-config.cmake.in b/yaml-cpp-config.cmake.in
+index 7b41e3f..a7ace3d 100644
+--- a/yaml-cpp-config.cmake.in
++++ b/yaml-cpp-config.cmake.in
+@@ -3,12 +3,14 @@
+ #  YAML_CPP_INCLUDE_DIR - include directory
+ #  YAML_CPP_LIBRARIES    - libraries to link against
+ 
+-# Compute paths
+-get_filename_component(YAML_CPP_CMAKE_DIR "${CMAKE_CURRENT_LIST_FILE}" PATH)
+-set(YAML_CPP_INCLUDE_DIR "@CONFIG_INCLUDE_DIRS@")
++@PACKAGE_INIT@
++
++set_and_check(YAML_CPP_INCLUDE_DIR "@PACKAGE_CMAKE_INSTALL_INCLUDEDIR@")
+ 
+ # Our library dependencies (contains definitions for IMPORTED targets)
+-include("${YAML_CPP_CMAKE_DIR}/yaml-cpp-targets.cmake")
++include(@PACKAGE_CONFIG_EXPORT_DIR@/yaml-cpp-targets.cmake)
+ 
+ # These are IMPORTED targets created by yaml-cpp-targets.cmake
+ set(YAML_CPP_LIBRARIES "@EXPORT_TARGETS@")
++
++check_required_components(@EXPORT_TARGETS@)
+-- 
+2.39.2
+
diff --git a/meta-oe/recipes-support/yaml-cpp/yaml-cpp_0.7.0.bb b/meta-oe/recipes-support/yaml-cpp/yaml-cpp_0.7.0.bb
index d3984abe8b..e04d4705a4 100644
--- a/meta-oe/recipes-support/yaml-cpp/yaml-cpp_0.7.0.bb
+++ b/meta-oe/recipes-support/yaml-cpp/yaml-cpp_0.7.0.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=6a8aaf0595c2efc1a9c2e0913e9c1a2c"
 # yaml-cpp releases are stored as archive files in github.
 # download the exact revision of release
 SRC_URI = "git://github.com/jbeder/yaml-cpp.git;branch=master;protocol=https"
+SRC_URI += "file://0001-Fix-CMake-export-files-1077.patch"
 SRCREV = "0579ae3d976091d7d664aa9d2527e0d0cff25763"
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-test/googletest/files/0001-work-around-GCC-6-11-ADL-bug.patch b/meta-oe/recipes-test/googletest/files/0001-work-around-GCC-6-11-ADL-bug.patch
new file mode 100644
index 0000000000..c2828e6a94
--- /dev/null
+++ b/meta-oe/recipes-test/googletest/files/0001-work-around-GCC-6-11-ADL-bug.patch
@@ -0,0 +1,42 @@
+From 8c70e2680bec526012d96578160901e4c24e1c48 Mon Sep 17 00:00:00 2001
+From: Paul Groke <paul.groke@dynatrace.com>
+Date: Thu, 15 Sep 2022 13:36:49 +0200
+Subject: [PATCH] work around GCC 6~11 ADL bug
+
+see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=51577
+ADL seems to work properly when we do the SFINAE check via the return type, but not when using a dummy template parameter
+
+fix #3992
+Upstream-Status: Backport [https://github.com/google/googletest/pull/3993/commits/096014a45dc38dff993f5b7bb28a258d8323344b]
+Signed-off-by: Paul Groke <paul.groke@dynatrace.com>
+Signed-off-by: Sana Kazi <sana.kazi@kpit.com>
+---
+ googletest/include/gtest/gtest-printers.h | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/googletest/include/gtest/gtest-printers.h b/googletest/include/gtest/gtest-printers.h
+index 8e4d295344..19c3e0b69b 100644
+--- a/googletest/include/gtest/gtest-printers.h
++++ b/googletest/include/gtest/gtest-printers.h
+@@ -205,12 +205,13 @@ struct StreamPrinter {
+             // Don't accept member pointers here. We'd print them via implicit
+             // conversion to bool, which isn't useful.
+             typename = typename std::enable_if<
+-                !std::is_member_pointer<T>::value>::type,
+-            // Only accept types for which we can find a streaming operator via
+-            // ADL (possibly involving implicit conversions).
+-            typename = decltype(std::declval<std::ostream&>()
+-                                << std::declval<const T&>())>
+-  static void PrintValue(const T& value, ::std::ostream* os) {
++                !std::is_member_pointer<T>::value>::type>
++  // Only accept types for which we can find a streaming operator via
++  // ADL (possibly involving implicit conversions).
++  // (Use SFINAE via return type, because it seems GCC < 12 doesn't handle name
++  // lookup properly when we do it in the template parameter list.)
++  static auto PrintValue(const T& value, ::std::ostream* os) 
++  -> decltype((void)(*os << value)) {
+     // Call streaming operator found by ADL, possibly with implicit conversions
+     // of the arguments.
+     *os << value;
+-- 
+2.25.1
diff --git a/meta-oe/recipes-test/googletest/googletest_git.bb b/meta-oe/recipes-test/googletest/googletest_git.bb
index 869c2c86b6..917a68e95b 100644
--- a/meta-oe/recipes-test/googletest/googletest_git.bb
+++ b/meta-oe/recipes-test/googletest/googletest_git.bb
@@ -10,7 +10,8 @@ PROVIDES += "gmock gtest"
 
 S = "${WORKDIR}/git"
 SRCREV = "9e712372214d75bb30ec2847a44bf124d48096f3"
-SRC_URI = "git://github.com/google/googletest.git;branch=main;protocol=https"
+SRC_URI = "git://github.com/google/googletest.git;branch=main;protocol=https \
+           file://0001-work-around-GCC-6-11-ADL-bug.patch "
 
 inherit cmake
 
diff --git a/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.16.bb b/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.16.bb
index 8545eb50f7..a9eec69502 100644
--- a/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.16.bb
+++ b/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.16.bb
@@ -5,7 +5,7 @@ protocols should be able to share."
 HOMEPAGE = "http://search.cpan.org/dist/Authen-SASL/"
 SECTION = "libs"
 
-LICENSE = "Artistic-1.0|GPL-1.0-or-later"
+LICENSE = "Artistic-1.0 | GPL-1.0-or-later"
 LIC_FILES_CHKSUM = "file://lib/Authen/SASL/Perl.pm;beginline=1;endline=3;md5=17123315bbcda19f484c07227594a609"
 
 DEPENDS = "perl"
diff --git a/meta-perl/recipes-perl/libconfig/libconfig-autoconf-perl_0.319.bb b/meta-perl/recipes-perl/libconfig/libconfig-autoconf-perl_0.319.bb
index 5db0bb4269..5c3701f16b 100644
--- a/meta-perl/recipes-perl/libconfig/libconfig-autoconf-perl_0.319.bb
+++ b/meta-perl/recipes-perl/libconfig/libconfig-autoconf-perl_0.319.bb
@@ -38,4 +38,4 @@ S = "${WORKDIR}/Config-AutoConf-${PV}"
 
 inherit cpan ptest-perl
 
-BBCLASSEXTEND = "native nativesdk"
+BBCLASSEXTEND = "native"
diff --git a/meta-perl/recipes-perl/libcrypt/files/0001-Fix-for-Issue-31.patch b/meta-perl/recipes-perl/libcrypt/files/0001-Fix-for-Issue-31.patch
deleted file mode 100644
index a5ea43f88b..0000000000
--- a/meta-perl/recipes-perl/libcrypt/files/0001-Fix-for-Issue-31.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 5e8202458e41ba1f7801746c503fe7c60ae340d5 Mon Sep 17 00:00:00 2001
-From: kambe-mikb <77083885+kambe-mikb@users.noreply.github.com>
-Date: Tue, 28 Sep 2021 17:40:18 +1000
-Subject: [PATCH] Fix for Issue 31
-
-Fix Issue 31 by removing reference to RSA_SSLV23_PADDING (removed from OpenSSL starting from v3.0.0)
-
-Upstream-Status: Submitted [https://github.com/toddr/Crypt-OpenSSL-RSA/pull/32]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- RSA.xs | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/RSA.xs b/RSA.xs
-index 46cb199..4f65dfc 100644
---- a/RSA.xs
-+++ b/RSA.xs
-@@ -640,12 +640,16 @@ use_pkcs1_oaep_padding(p_rsa)
-   CODE:
-     p_rsa->padding = RSA_PKCS1_OAEP_PADDING;
- 
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-+
- void
- use_sslv23_padding(p_rsa)
-     rsaData* p_rsa;
-   CODE:
-     p_rsa->padding = RSA_SSLV23_PADDING;
- 
-+#endif
-+
- # Sign text. Returns the signature.
- 
- SV*
--- 
-2.33.1
-
diff --git a/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.32.bb b/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.33.bb
index fd92c8a8db..aa8d138f2c 100644
--- a/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.32.bb
+++ b/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.33.bb
@@ -4,10 +4,9 @@ LICENSE = "Artistic-1.0 | GPL-1.0-or-later"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=a67ceecc5d9a91a5a0d003ba50c26346"
 
 SRC_URI = "http://www.cpan.org/modules/by-module/Crypt/Crypt-OpenSSL-RSA-${PV}.tar.gz \
-           file://0001-Fix-for-Issue-31.patch \
 "
 
-SRC_URI[sha256sum] = "adc74f0ae125c77f65d5dd32abb9c3429300a79543bf263494f333f9c0b62a61"
+SRC_URI[sha256sum] = "bdbe630f6d6f540325746ad99977272ac8664ff81bd19f0adaba6d6f45efd864"
 
 DEPENDS += "libcrypt-openssl-guess-perl-native openssl"
 
diff --git a/meta-perl/recipes-perl/libdigest/libdigest-hmac-perl_1.03.bb b/meta-perl/recipes-perl/libdigest/libdigest-hmac-perl_1.03.bb
index 51a2ad3498..43b7f4d5a9 100644
--- a/meta-perl/recipes-perl/libdigest/libdigest-hmac-perl_1.03.bb
+++ b/meta-perl/recipes-perl/libdigest/libdigest-hmac-perl_1.03.bb
@@ -3,7 +3,7 @@ DESCRIPTION = "Keyed-Hashing for Message Authentication"
 HOMEPAGE = "http://search.cpan.org/~gaas/Digest-HMAC-1.03/"
 SECTION = "libs"
 
-LICENSE = "Artistic-1.0|GPL-1.0-or-later"
+LICENSE = "Artistic-1.0 | GPL-1.0-or-later"
 LIC_FILES_CHKSUM = "file://README;beginline=13;endline=17;md5=da980cdc026faa065e5d5004115334e6"
 
 RDEPENDS:${PN} = "libdigest-sha1-perl perl-module-extutils-makemaker perl-module-digest-md5"
diff --git a/meta-perl/recipes-perl/libdigest/libdigest-sha1-perl_2.13.bb b/meta-perl/recipes-perl/libdigest/libdigest-sha1-perl_2.13.bb
index cd63675128..df89c9bcdb 100644
--- a/meta-perl/recipes-perl/libdigest/libdigest-sha1-perl_2.13.bb
+++ b/meta-perl/recipes-perl/libdigest/libdigest-sha1-perl_2.13.bb
@@ -3,7 +3,7 @@ DESCRIPTION = "Digest::SHA1 - Perl interface to the SHA-1 algorithm"
 HOMEPAGE = "http://search.cpan.org/~gaas/Digest-SHA1-2.13/"
 SECTION = "libs"
 
-LICENSE = "Artistic-1.0|GPL-1.0-or-later"
+LICENSE = "Artistic-1.0 | GPL-1.0-or-later"
 LIC_FILES_CHKSUM = "file://README;beginline=10;endline=14;md5=ff5867ebb4bc1103a7a416aef2fce00a"
 
 SRC_URI = "http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/Digest-SHA1-${PV}.tar.gz \
diff --git a/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb b/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb
index 1d04f0054f..6e04e40dcf 100644
--- a/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb
+++ b/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb
@@ -9,7 +9,7 @@ mod_perl."
 HOMEPAGE = "http://search.cpan.org/dist/IO-Socket-SSL/"
 SECTION = "libs"
 
-LICENSE = "Artistic-1.0|GPL-1.0-or-later"
+LICENSE = "Artistic-1.0 | GPL-1.0-or-later"
 LIC_FILES_CHKSUM = "file://META.yml;beginline=12;endline=12;md5=963ce28228347875ace682de56eef8e8"
 
 RDEPENDS:${PN} += "\
@@ -42,5 +42,3 @@ do_install_ptest () {
     cp -r ${B}/t ${D}${PTEST_PATH}
     cp -r ${B}/certs ${D}${PTEST_PATH}
 }
-
-BBCLASSEXTEND = "native"
diff --git a/meta-perl/recipes-perl/libipc/libipc-signal-perl_1.00.bb b/meta-perl/recipes-perl/libipc/libipc-signal-perl_1.00.bb
index 389be2c16c..203db7b10c 100644
--- a/meta-perl/recipes-perl/libipc/libipc-signal-perl_1.00.bb
+++ b/meta-perl/recipes-perl/libipc/libipc-signal-perl_1.00.bb
@@ -5,7 +5,7 @@ dealing with signals."
 HOMEPAGE = "http://search.cpan.org/~rosch/IPC-Signal-1.00/"
 SECTION = "libs"
 
-LICENSE = "Artistic-1.0|GPL-1.0-or-later"
+LICENSE = "Artistic-1.0 | GPL-1.0-or-later"
 LIC_FILES_CHKSUM = "file://README;beginline=16;endline=18;md5=f36550f59a0ae5e6e3b0be6a4da60d26"
 
 S = "${WORKDIR}/IPC-Signal-${PV}"
diff --git a/meta-perl/recipes-perl/libmime/libmime-types-perl_2.17.bb b/meta-perl/recipes-perl/libmime/libmime-types-perl_2.17.bb
index 2c06728ed2..d1f6f8c59c 100644
--- a/meta-perl/recipes-perl/libmime/libmime-types-perl_2.17.bb
+++ b/meta-perl/recipes-perl/libmime/libmime-types-perl_2.17.bb
@@ -8,7 +8,7 @@ one known mime type."
 HOMEPAGE = "http://search.cpan.org/~markov/MIME-Types-${PV}"
 SECTION = "libraries"
 
-LICENSE = "Artistic-1.0|GPL-1.0-or-later"
+LICENSE = "Artistic-1.0 | GPL-1.0-or-later"
 LIC_FILES_CHKSUM = "file://META.yml;beginline=11;endline=11;md5=963ce28228347875ace682de56eef8e8"
 
 SRC_URI = "http://search.cpan.org/CPAN/authors/id/M/MA/MARKOV/MIME-Types-${PV}.tar.gz \
diff --git a/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb b/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb
index 2c7d793a7b..c768d64e32 100644
--- a/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb
+++ b/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb
@@ -61,5 +61,3 @@ python __anonymous () {
        raise bb.parse.SkipRecipe("incompatible with %s C library" %
                                    d.getVar('TCLIBC'))
 }
-
-BBCLASSEXTEND = "native"
diff --git a/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb b/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb
index 293f421205..a77381dce8 100644
--- a/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb
+++ b/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb
@@ -6,7 +6,7 @@ deleting or modifying entries."
 
 SECTION = "libs"
 
-LICENSE = "Artistic-1.0|GPL-1.0-or-later"
+LICENSE = "Artistic-1.0 | GPL-1.0-or-later"
 LIC_FILES_CHKSUM = "file://README;beginline=3;endline=5;md5=4d6588c2fa0d38ae162f6314d201d89e"
 
 SRC_URI = "${CPAN_MIRROR}/authors/id/M/MA/MARSCHAP/perl-ldap-${PV}.tar.gz"
@@ -41,5 +41,3 @@ RDEPENDS:${PN}-ptest += " \
     perl-module-perlio \
     perl-module-test-more \
 "
-
-BBCLASSEXTEND = "native"
diff --git a/meta-perl/recipes-perl/libnet/libnet-telnet-perl_3.05.bb b/meta-perl/recipes-perl/libnet/libnet-telnet-perl_3.05.bb
index d7d4201048..d1365f269c 100644
--- a/meta-perl/recipes-perl/libnet/libnet-telnet-perl_3.05.bb
+++ b/meta-perl/recipes-perl/libnet/libnet-telnet-perl_3.05.bb
@@ -11,7 +11,7 @@ shell."
 HOMEPAGE = "http://search.cpan.org/dist/Net-Telnet/"
 SECTION = "Development/Libraries"
 
-LICENSE = "Artistic-1.0|GPL-1.0-or-later"
+LICENSE = "Artistic-1.0 | GPL-1.0-or-later"
 LIC_FILES_CHKSUM = "file://README;beginline=4;endline=7;md5=e94ab3b72335e3cdadd6c1ff736dd714"
 
 SRC_URI = "http://search.cpan.org/CPAN/authors/id/J/JR/JROGERS/Net-Telnet-${PV}.tar.gz"
diff --git a/meta-perl/recipes-perl/libproc/libproc-waitstat-perl_1.00.bb b/meta-perl/recipes-perl/libproc/libproc-waitstat-perl_1.00.bb
index ffd87ed0b5..643a704a1d 100644
--- a/meta-perl/recipes-perl/libproc/libproc-waitstat-perl_1.00.bb
+++ b/meta-perl/recipes-perl/libproc/libproc-waitstat-perl_1.00.bb
@@ -5,7 +5,7 @@ on wait status values."
 HOMEPAGE = "http://search.cpan.org/~rosch/Proc-WaitStat/"
 SECTION = "libraries"
 
-LICENSE = "Artistic-1.0|GPL-1.0-or-later"
+LICENSE = "Artistic-1.0 | GPL-1.0-or-later"
 LIC_FILES_CHKSUM = "file://README;beginline=21;endline=23;md5=f36550f59a0ae5e6e3b0be6a4da60d26"
 
 RDEPENDS:${PN} += "perl libipc-signal-perl"
diff --git a/meta-perl/recipes-perl/libstatgrab/libunix-statgrab_0.112.bb b/meta-perl/recipes-perl/libstatgrab/libunix-statgrab_0.112.bb
index c568ade997..01261d547a 100644
--- a/meta-perl/recipes-perl/libstatgrab/libunix-statgrab_0.112.bb
+++ b/meta-perl/recipes-perl/libstatgrab/libunix-statgrab_0.112.bb
@@ -36,5 +36,3 @@ S = "${WORKDIR}/Unix-Statgrab-${PV}"
 export LD = "${CCLD}"
 
 inherit cpan pkgconfig ptest-perl
-
-BBCLASSEXTEND = "native"
diff --git a/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0134.bb b/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0134.bb
index c2898a9012..c2ea47ae5b 100644
--- a/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0134.bb
+++ b/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0134.bb
@@ -8,7 +8,7 @@ your programs."
 
 HOMEPAGE = "http://search.cpan.org/dist/XML-LibXML-1.99/"
 SECTION = "libs"
-LICENSE = "Artistic-1.0|GPL-1.0-or-later"
+LICENSE = "Artistic-1.0 | GPL-1.0-or-later"
 DEPENDS += "libxml2 \
         libxml-sax-perl-native \
         zlib \
diff --git a/meta-python/recipes-devtools/python/python3-aiohttp-jinja2_1.5.bb b/meta-python/recipes-devtools/python/python3-aiohttp-jinja2_1.5.bb
index c86ec092a6..871eb7cae9 100644
--- a/meta-python/recipes-devtools/python/python3-aiohttp-jinja2_1.5.bb
+++ b/meta-python/recipes-devtools/python/python3-aiohttp-jinja2_1.5.bb
@@ -11,5 +11,3 @@ RDEPENDS:${PN} += " \
     ${PYTHON_PN}-jinja2 \
     ${PYTHON_PN}-aiohttp \
 "
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-python/recipes-devtools/python/python3-aiohttp_3.8.1.bb b/meta-python/recipes-devtools/python/python3-aiohttp_3.8.6.bb
index f2b8d52a72..f8ca9a4739 100644
--- a/meta-python/recipes-devtools/python/python3-aiohttp_3.8.1.bb
+++ b/meta-python/recipes-devtools/python/python3-aiohttp_3.8.6.bb
@@ -2,9 +2,9 @@ SUMMARY = "Async http client/server framework"
 DESCRIPTION = "Asynchronous HTTP client/server framework for asyncio and Python"
 HOMEPAGE = "https://github.com/aio-libs/aiohttp"
 LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8074d6c6e217873b2a018a4522243ea3"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=748073912af33aa59430d3702aa32d41"
 
-SRC_URI[sha256sum] = "fc5471e1a54de15ef71c1bc6ebe80d4dc681ea600e68bfd1cbce40427f0b7578"
+SRC_URI[sha256sum] = "b0cf2a4501bff9330a8a5248b4ce951851e415bdcce9dc158e76cfd55e15085c"
 
 PYPI_PACKAGE = "aiohttp"
 inherit python_setuptools_build_meta pypi
diff --git a/meta-python/recipes-devtools/python/python3-autobahn_22.3.2.bb b/meta-python/recipes-devtools/python/python3-autobahn_22.3.2.bb
index 78514a412f..afb798bd71 100644
--- a/meta-python/recipes-devtools/python/python3-autobahn_22.3.2.bb
+++ b/meta-python/recipes-devtools/python/python3-autobahn_22.3.2.bb
@@ -19,5 +19,3 @@ RDEPENDS:${PN} += " \
     ${PYTHON_PN}-txaio \
     ${PYTHON_PN}-six \
 "
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-python/recipes-devtools/python/python3-can_4.0.0.bb b/meta-python/recipes-devtools/python/python3-can_4.0.0.bb
index 2cd2e624b9..79aa3e19ec 100644
--- a/meta-python/recipes-devtools/python/python3-can_4.0.0.bb
+++ b/meta-python/recipes-devtools/python/python3-can_4.0.0.bb
@@ -11,16 +11,19 @@ inherit pypi setuptools3
 
 RDEPENDS:${PN}:class-target += "\
     ${PYTHON_PN}-aenum \
-    ${PYTHON_PN}-ctypes \
     ${PYTHON_PN}-codecs \
     ${PYTHON_PN}-compression \
+    ${PYTHON_PN}-ctypes \
     ${PYTHON_PN}-fcntl \
     ${PYTHON_PN}-logging \
     ${PYTHON_PN}-misc \
     ${PYTHON_PN}-netserver \
+    ${PYTHON_PN}-packaging \
+    ${PYTHON_PN}-pkg-resources \
+    ${PYTHON_PN}-setuptools \
     ${PYTHON_PN}-sqlite3 \
+    ${PYTHON_PN}-typing-extensions \
     ${PYTHON_PN}-wrapt \
-    ${PYTHON_PN}-pkg-resources \
 "
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2023-31047.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2023-31047.patch
new file mode 100644
index 0000000000..ab29a2ed97
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2023-31047.patch
@@ -0,0 +1,352 @@
+From fd3215dec5d50aa1f09cb1f8eba193524e7379f3 Mon Sep 17 00:00:00 2001
+From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
+Date: Thu, 25 May 2023 14:49:15 +0000
+Subject: [PATCH] Fixed CVE-2023-31047, Fixed #31710
+
+-- Prevented potential bypass of validation when uploading multiple files using one form field.
+
+Thanks Moataz Al-Sharida and nawaik for reports.
+
+Co-authored-by: Shai Berger <shai@platonix.com>
+Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
+
+CVE: CVE-2023-31047
+
+Upstream-Status: Backport [https://github.com/django/django/commit/fb4c55d9ec4bb812a7fb91fa20510d91645e411b]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ django/forms/widgets.py                       | 26 ++++++-
+ docs/releases/2.2.28.txt                      | 18 +++++
+ docs/topics/http/file-uploads.txt             | 65 ++++++++++++++++--
+ .../forms_tests/field_tests/test_filefield.py | 68 ++++++++++++++++++-
+ .../widget_tests/test_clearablefileinput.py   |  5 ++
+ .../widget_tests/test_fileinput.py            | 44 ++++++++++++
+ 6 files changed, 218 insertions(+), 8 deletions(-)
+
+diff --git a/django/forms/widgets.py b/django/forms/widgets.py
+index e37036c..d0cc131 100644
+--- a/django/forms/widgets.py
++++ b/django/forms/widgets.py
+@@ -372,17 +372,41 @@ class MultipleHiddenInput(HiddenInput):
+
+
+ class FileInput(Input):
++    allow_multiple_selected = False
+     input_type = 'file'
+     needs_multipart_form = True
+     template_name = 'django/forms/widgets/file.html'
+
++    def __init__(self, attrs=None):
++        if (
++            attrs is not None
++            and not self.allow_multiple_selected
++            and attrs.get("multiple", False)
++        ):
++            raise ValueError(
++                "%s doesn't support uploading multiple files."
++                % self.__class__.__qualname__
++            )
++        if self.allow_multiple_selected:
++            if attrs is None:
++                attrs = {"multiple": True}
++            else:
++                attrs.setdefault("multiple", True)
++        super().__init__(attrs)
++
+     def format_value(self, value):
+         """File input never renders a value."""
+         return
+
+     def value_from_datadict(self, data, files, name):
+         "File widgets take data from FILES, not POST"
+-        return files.get(name)
++        getter = files.get
++        if self.allow_multiple_selected:
++            try:
++                getter = files.getlist
++            except AttributeError:
++                pass
++        return getter(name)
+
+     def value_omitted_from_data(self, data, files, name):
+         return name not in files
+diff --git a/docs/releases/2.2.28.txt b/docs/releases/2.2.28.txt
+index 43270fc..854c6b0 100644
+--- a/docs/releases/2.2.28.txt
++++ b/docs/releases/2.2.28.txt
+@@ -20,3 +20,21 @@ CVE-2022-28347: Potential SQL injection via ``QuerySet.explain(**options)`` on P
+ :meth:`.QuerySet.explain` method was subject to SQL injection in option names,
+ using a suitably crafted dictionary, with dictionary expansion, as the
+ ``**options`` argument.
++
++Backporting the CVE-2023-31047 fix on Django 2.2.28.
++
++CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field
++=================================================================================================
++
++Uploading multiple files using one form field has never been supported by
++:class:`.forms.FileField` or :class:`.forms.ImageField` as only the last
++uploaded file was validated. Unfortunately, :ref:`uploading_multiple_files`
++topic suggested otherwise.
++
++In order to avoid the vulnerability, :class:`~django.forms.ClearableFileInput`
++and :class:`~django.forms.FileInput` form widgets now raise ``ValueError`` when
++the ``multiple`` HTML attribute is set on them. To prevent the exception and
++keep the old behavior, set ``allow_multiple_selected`` to ``True``.
++
++For more details on using the new attribute and handling of multiple files
++through a single field, see :ref:`uploading_multiple_files`.
+diff --git a/docs/topics/http/file-uploads.txt b/docs/topics/http/file-uploads.txt
+index 21a6f06..c1ffb80 100644
+--- a/docs/topics/http/file-uploads.txt
++++ b/docs/topics/http/file-uploads.txt
+@@ -127,19 +127,54 @@ field in the model::
+             form = UploadFileForm()
+         return render(request, 'upload.html', {'form': form})
+
++.. _uploading_multiple_files:
++
+ Uploading multiple files
+ ------------------------
+
+-If you want to upload multiple files using one form field, set the ``multiple``
+-HTML attribute of field's widget:
++..
++    Tests in tests.forms_tests.field_tests.test_filefield.MultipleFileFieldTest
++    should be updated after any changes in the following snippets.
++
++If you want to upload multiple files using one form field, create a subclass
++of the field's widget and set the ``allow_multiple_selected`` attribute on it
++to ``True``.
++
++In order for such files to be all validated by your form (and have the value of
++the field include them all), you will also have to subclass ``FileField``. See
++below for an example.
++
++.. admonition:: Multiple file field
++
++    Django is likely to have a proper multiple file field support at some point
++    in the future.
+
+ .. code-block:: python
+     :caption: forms.py
+
+     from django import forms
+
++
++    class MultipleFileInput(forms.ClearableFileInput):
++        allow_multiple_selected = True
++
++
++    class MultipleFileField(forms.FileField):
++        def __init__(self, *args, **kwargs):
++            kwargs.setdefault("widget", MultipleFileInput())
++            super().__init__(*args, **kwargs)
++
++        def clean(self, data, initial=None):
++            single_file_clean = super().clean
++            if isinstance(data, (list, tuple)):
++                result = [single_file_clean(d, initial) for d in data]
++            else:
++                result = single_file_clean(data, initial)
++            return result
++
++
+     class FileFieldForm(forms.Form):
+-        file_field = forms.FileField(widget=forms.ClearableFileInput(attrs={'multiple': True}))
++        file_field = MultipleFileField()
+
+ Then override the ``post`` method of your
+ :class:`~django.views.generic.edit.FormView` subclass to handle multiple file
+@@ -159,14 +194,32 @@ uploads:
+         def post(self, request, *args, **kwargs):
+             form_class = self.get_form_class()
+             form = self.get_form(form_class)
+-            files = request.FILES.getlist('file_field')
+             if form.is_valid():
+-                for f in files:
+-                    ...  # Do something with each file.
+                 return self.form_valid(form)
+             else:
+                 return self.form_invalid(form)
+
++        def form_valid(self, form):
++            files = form.cleaned_data["file_field"]
++            for f in files:
++                ...  # Do something with each file.
++            return super().form_valid()
++
++.. warning::
++
++   This will allow you to handle multiple files at the form level only. Be
++   aware that you cannot use it to put multiple files on a single model
++   instance (in a single field), for example, even if the custom widget is used
++   with a form field related to a model ``FileField``.
++
++.. backportedfix:: 2.2.28
++
++   In previous versions, there was no support for the ``allow_multiple_selected``
++   class attribute, and users were advised to create the widget with the HTML
++   attribute ``multiple`` set through the ``attrs`` argument. However, this
++   caused validation of the form field to be applied only to the last file
++   submitted, which could have adverse security implications.
++
+ Upload Handlers
+ ===============
+
+diff --git a/tests/forms_tests/field_tests/test_filefield.py b/tests/forms_tests/field_tests/test_filefield.py
+index 3357444..ba559ee 100644
+--- a/tests/forms_tests/field_tests/test_filefield.py
++++ b/tests/forms_tests/field_tests/test_filefield.py
+@@ -1,7 +1,8 @@
+ import pickle
+
+ from django.core.files.uploadedfile import SimpleUploadedFile
+-from django.forms import FileField, ValidationError
++from django.core.validators import validate_image_file_extension
++from django.forms import FileField, FileInput, ValidationError
+ from django.test import SimpleTestCase
+
+
+@@ -82,3 +83,68 @@ class FileFieldTest(SimpleTestCase):
+
+     def test_file_picklable(self):
+         self.assertIsInstance(pickle.loads(pickle.dumps(FileField())), FileField)
++
++
++class MultipleFileInput(FileInput):
++    allow_multiple_selected = True
++
++
++class MultipleFileField(FileField):
++    def __init__(self, *args, **kwargs):
++        kwargs.setdefault("widget", MultipleFileInput())
++        super().__init__(*args, **kwargs)
++
++    def clean(self, data, initial=None):
++        single_file_clean = super().clean
++        if isinstance(data, (list, tuple)):
++            result = [single_file_clean(d, initial) for d in data]
++        else:
++            result = single_file_clean(data, initial)
++        return result
++
++
++class MultipleFileFieldTest(SimpleTestCase):
++    def test_file_multiple(self):
++        f = MultipleFileField()
++        files = [
++            SimpleUploadedFile("name1", b"Content 1"),
++            SimpleUploadedFile("name2", b"Content 2"),
++        ]
++        self.assertEqual(f.clean(files), files)
++
++    def test_file_multiple_empty(self):
++        f = MultipleFileField()
++        files = [
++            SimpleUploadedFile("empty", b""),
++            SimpleUploadedFile("nonempty", b"Some Content"),
++        ]
++        msg = "'The submitted file is empty.'"
++        with self.assertRaisesMessage(ValidationError, msg):
++            f.clean(files)
++        with self.assertRaisesMessage(ValidationError, msg):
++            f.clean(files[::-1])
++
++    def test_file_multiple_validation(self):
++        f = MultipleFileField(validators=[validate_image_file_extension])
++
++        good_files = [
++            SimpleUploadedFile("image1.jpg", b"fake JPEG"),
++            SimpleUploadedFile("image2.png", b"faux image"),
++            SimpleUploadedFile("image3.bmp", b"fraudulent bitmap"),
++        ]
++        self.assertEqual(f.clean(good_files), good_files)
++
++        evil_files = [
++            SimpleUploadedFile("image1.sh", b"#!/bin/bash -c 'echo pwned!'\n"),
++            SimpleUploadedFile("image2.png", b"faux image"),
++            SimpleUploadedFile("image3.jpg", b"fake JPEG"),
++        ]
++
++        evil_rotations = (
++            evil_files[i:] + evil_files[:i]  # Rotate by i.
++            for i in range(len(evil_files))
++        )
++        msg = "File extension “sh” is not allowed. Allowed extensions are: "
++        for rotated_evil_files in evil_rotations:
++            with self.assertRaisesMessage(ValidationError, msg):
++                f.clean(rotated_evil_files)
+diff --git a/tests/forms_tests/widget_tests/test_clearablefileinput.py b/tests/forms_tests/widget_tests/test_clearablefileinput.py
+index 2ba376d..8d9e38a 100644
+--- a/tests/forms_tests/widget_tests/test_clearablefileinput.py
++++ b/tests/forms_tests/widget_tests/test_clearablefileinput.py
+@@ -161,3 +161,8 @@ class ClearableFileInputTest(WidgetTest):
+         self.assertIs(widget.value_omitted_from_data({}, {}, 'field'), True)
+         self.assertIs(widget.value_omitted_from_data({}, {'field': 'x'}, 'field'), False)
+         self.assertIs(widget.value_omitted_from_data({'field-clear': 'y'}, {}, 'field'), False)
++
++    def test_multiple_error(self):
++        msg = "ClearableFileInput doesn't support uploading multiple files."
++        with self.assertRaisesMessage(ValueError, msg):
++            ClearableFileInput(attrs={"multiple": True})
+diff --git a/tests/forms_tests/widget_tests/test_fileinput.py b/tests/forms_tests/widget_tests/test_fileinput.py
+index bbd7c7f..24daf5d 100644
+--- a/tests/forms_tests/widget_tests/test_fileinput.py
++++ b/tests/forms_tests/widget_tests/test_fileinput.py
+@@ -1,4 +1,6 @@
++from django.core.files.uploadedfile import SimpleUploadedFile
+ from django.forms import FileInput
++from django.utils.datastructures import MultiValueDict
+
+ from .base import WidgetTest
+
+@@ -18,3 +20,45 @@ class FileInputTest(WidgetTest):
+     def test_value_omitted_from_data(self):
+         self.assertIs(self.widget.value_omitted_from_data({}, {}, 'field'), True)
+         self.assertIs(self.widget.value_omitted_from_data({}, {'field': 'value'}, 'field'), False)
++
++    def test_multiple_error(self):
++        msg = "FileInput doesn't support uploading multiple files."
++        with self.assertRaisesMessage(ValueError, msg):
++            FileInput(attrs={"multiple": True})
++
++    def test_value_from_datadict_multiple(self):
++        class MultipleFileInput(FileInput):
++            allow_multiple_selected = True
++
++        file_1 = SimpleUploadedFile("something1.txt", b"content 1")
++        file_2 = SimpleUploadedFile("something2.txt", b"content 2")
++        # Uploading multiple files is allowed.
++        widget = MultipleFileInput(attrs={"multiple": True})
++        value = widget.value_from_datadict(
++            data={"name": "Test name"},
++            files=MultiValueDict({"myfile": [file_1, file_2]}),
++            name="myfile",
++        )
++        self.assertEqual(value, [file_1, file_2])
++        # Uploading multiple files is not allowed.
++        widget = FileInput()
++        value = widget.value_from_datadict(
++            data={"name": "Test name"},
++            files=MultiValueDict({"myfile": [file_1, file_2]}),
++            name="myfile",
++        )
++        self.assertEqual(value, file_2)
++
++    def test_multiple_default(self):
++        class MultipleFileInput(FileInput):
++            allow_multiple_selected = True
++
++        tests = [
++            (None, True),
++            ({"class": "myclass"}, True),
++            ({"multiple": False}, False),
++        ]
++        for attrs, expected in tests:
++            with self.subTest(attrs=attrs):
++                widget = MultipleFileInput(attrs=attrs)
++                self.assertIs(widget.attrs["multiple"], expected)
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2023-36053.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2023-36053.patch
new file mode 100644
index 0000000000..2ad38d8e95
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2023-36053.patch
@@ -0,0 +1,263 @@
+From a0b2eeeb7350d0c3a9b9be191783ff15daeffec5 Mon Sep 17 00:00:00 2001
+From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
+Date: Thu, 27 Jul 2023 14:51:48 +0000
+Subject: [PATCH] Fixed CVE-2023-36053
+
+-- Prevented potential ReDoS in EmailValidator and URLValidator.
+
+Thanks Seokchan Yoon for reports.
+
+CVE: CVE-2023-36053
+
+Upstream-Status: Backport [https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ django/core/validators.py                     |  9 +++++++--
+ django/forms/fields.py                        |  3 +++
+ docs/ref/forms/fields.txt                     |  4 ++++
+ docs/ref/validators.txt                       | 19 ++++++++++++++++++-
+ docs/releases/2.2.28.txt                      |  9 +++++++++
+ .../field_tests/test_emailfield.py            |  5 ++++-
+ tests/forms_tests/tests/test_forms.py         | 19 +++++++++++++------
+ tests/validators/tests.py                     | 11 +++++++++++
+ 8 files changed, 69 insertions(+), 10 deletions(-)
+
+diff --git a/django/core/validators.py b/django/core/validators.py
+index 2da0688..2dbd3bf 100644
+--- a/django/core/validators.py
++++ b/django/core/validators.py
+@@ -102,6 +102,7 @@ class URLValidator(RegexValidator):
+     message = _('Enter a valid URL.')
+     schemes = ['http', 'https', 'ftp', 'ftps']
+     unsafe_chars = frozenset('\t\r\n')
++    max_length = 2048
+
+     def __init__(self, schemes=None, **kwargs):
+         super().__init__(**kwargs)
+@@ -109,7 +110,9 @@ class URLValidator(RegexValidator):
+             self.schemes = schemes
+
+     def __call__(self, value):
+-        if isinstance(value, str) and self.unsafe_chars.intersection(value):
++        if not isinstance(value, str) or len(value) > self.max_length:
++            raise ValidationError(self.message, code=self.code)
++        if self.unsafe_chars.intersection(value):
+             raise ValidationError(self.message, code=self.code)
+         # Check if the scheme is valid.
+         scheme = value.split('://')[0].lower()
+@@ -190,7 +193,9 @@ class EmailValidator:
+             self.domain_whitelist = whitelist
+
+     def __call__(self, value):
+-        if not value or '@' not in value:
++        # The maximum length of an email is 320 characters per RFC 3696
++        # section 3.
++        if not value or '@' not in value or len(value) > 320:
+             raise ValidationError(self.message, code=self.code)
+
+         user_part, domain_part = value.rsplit('@', 1)
+diff --git a/django/forms/fields.py b/django/forms/fields.py
+index a977256..f939338 100644
+--- a/django/forms/fields.py
++++ b/django/forms/fields.py
+@@ -542,6 +542,9 @@ class FileField(Field):
+     def __init__(self, *, max_length=None, allow_empty_file=False, **kwargs):
+         self.max_length = max_length
+         self.allow_empty_file = allow_empty_file
++        # The default maximum length of an email is 320 characters per RFC 3696
++        # section 3.
++        kwargs.setdefault("max_length", 320)
+         super().__init__(**kwargs)
+
+     def to_python(self, data):
+diff --git a/docs/ref/forms/fields.txt b/docs/ref/forms/fields.txt
+index 6f76d0d..3a888ef 100644
+--- a/docs/ref/forms/fields.txt
++++ b/docs/ref/forms/fields.txt
+@@ -592,6 +592,10 @@ For each field, we describe the default widget used if you don't specify
+     Has two optional arguments for validation, ``max_length`` and ``min_length``.
+     If provided, these arguments ensure that the string is at most or at least the
+     given length.
++    ``empty_value`` which work just as they do for :class:`CharField`. The
++    ``max_length`` argument defaults to 320 (see :rfc:`3696#section-3`).
++
++    The default value for ``max_length`` was changed to 320 characters.
+
+ ``FileField``
+ -------------
+diff --git a/docs/ref/validators.txt b/docs/ref/validators.txt
+index 75d1394..4178a1f 100644
+--- a/docs/ref/validators.txt
++++ b/docs/ref/validators.txt
+@@ -125,6 +125,11 @@ to, or in lieu of custom ``field.clean()`` methods.
+     :param code: If not ``None``, overrides :attr:`code`.
+     :param whitelist: If not ``None``, overrides :attr:`whitelist`.
+
++    An :class:`EmailValidator` ensures that a value looks like an email, and
++    raises a :exc:`~django.core.exceptions.ValidationError` with
++    :attr:`message` and :attr:`code` if it doesn't. Values longer than 320
++    characters are always considered invalid.
++
+     .. attribute:: message
+
+         The error message used by
+@@ -145,13 +150,17 @@ to, or in lieu of custom ``field.clean()`` methods.
+         ``['localhost']``. Other domains that don't contain a dot won't pass
+         validation, so you'd need to whitelist them as necessary.
+
++        In older versions, values longer than 320 characters could be
++        considered valid.
++
+ ``URLValidator``
+ ----------------
+
+ .. class:: URLValidator(schemes=None, regex=None, message=None, code=None)
+
+     A :class:`RegexValidator` that ensures a value looks like a URL, and raises
+-    an error code of ``'invalid'`` if it doesn't.
++    an error code of ``'invalid'`` if it doesn't. Values longer than
++    :attr:`max_length` characters are always considered invalid.
+
+     Loopback addresses and reserved IP spaces are considered valid. Literal
+     IPv6 addresses (:rfc:`3986#section-3.2.2`) and unicode domains are both
+@@ -168,6 +177,14 @@ to, or in lieu of custom ``field.clean()`` methods.
+
+         .. _valid URI schemes: https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml
+
++     .. attribute:: max_length
++
++        The maximum length of values that could be considered valid. Defaults
++        to 2048 characters.
++
++        In older versions, values longer than 2048 characters could be
++        considered valid.
++
+ ``validate_email``
+ ------------------
+
+diff --git a/docs/releases/2.2.28.txt b/docs/releases/2.2.28.txt
+index 854c6b0..ab4884b 100644
+--- a/docs/releases/2.2.28.txt
++++ b/docs/releases/2.2.28.txt
+@@ -38,3 +38,12 @@ keep the old behavior, set ``allow_multiple_selected`` to ``True``.
+
+ For more details on using the new attribute and handling of multiple files
+ through a single field, see :ref:`uploading_multiple_files`.
++
++Backporting the CVE-2023-36053 fix on Django 2.2.28.
++
++CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator``
++===================================================================================================================
++
++``EmailValidator`` and ``URLValidator`` were subject to potential regular
++expression denial of service attack via a very large number of domain name
++labels of emails and URLs.
+diff --git a/tests/forms_tests/field_tests/test_emailfield.py b/tests/forms_tests/field_tests/test_emailfield.py
+index 826524a..fe5b644 100644
+--- a/tests/forms_tests/field_tests/test_emailfield.py
++++ b/tests/forms_tests/field_tests/test_emailfield.py
+@@ -8,7 +8,10 @@ class EmailFieldTest(FormFieldAssertionsMixin, SimpleTestCase):
+
+     def test_emailfield_1(self):
+         f = EmailField()
+-        self.assertWidgetRendersTo(f, '<input type="email" name="f" id="id_f" required>')
++        self.assertEqual(f.max_length, 320)
++        self.assertWidgetRendersTo(
++            f, '<input type="email" name="f" id="id_f" maxlength="320" required>'
++        )
+         with self.assertRaisesMessage(ValidationError, "'This field is required.'"):
+             f.clean('')
+         with self.assertRaisesMessage(ValidationError, "'This field is required.'"):
+diff --git a/tests/forms_tests/tests/test_forms.py b/tests/forms_tests/tests/test_forms.py
+index d4e421d..8893f89 100644
+--- a/tests/forms_tests/tests/test_forms.py
++++ b/tests/forms_tests/tests/test_forms.py
+@@ -422,11 +422,18 @@ class FormsTestCase(SimpleTestCase):
+             get_spam = BooleanField()
+
+         f = SignupForm(auto_id=False)
+-        self.assertHTMLEqual(str(f['email']), '<input type="email" name="email" required>')
++        self.assertHTMLEqual(
++            str(f["email"]),
++            '<input type="email" name="email" maxlength="320" required>',
++        )
+         self.assertHTMLEqual(str(f['get_spam']), '<input type="checkbox" name="get_spam" required>')
+
+         f = SignupForm({'email': 'test@example.com', 'get_spam': True}, auto_id=False)
+-        self.assertHTMLEqual(str(f['email']), '<input type="email" name="email" value="test@example.com" required>')
++        self.assertHTMLEqual(
++            str(f["email"]),
++            '<input type="email" name="email" maxlength="320" value="test@example.com" '
++            "required>",
++        )
+         self.assertHTMLEqual(
+             str(f['get_spam']),
+             '<input checked type="checkbox" name="get_spam" required>',
+@@ -2780,7 +2787,7 @@ Good luck picking a username that doesn&#39;t already exist.</p>
+ <option value="true">Yes</option>
+ <option value="false">No</option>
+ </select></li>
+-<li><label for="id_email">Email:</label> <input type="email" name="email" id="id_email"></li>
++<li><label for="id_email">Email:</label> <input type="email" name="email" id="id_email" maxlength="320"></li>
+ <li class="required error"><ul class="errorlist"><li>This field is required.</li></ul>
+ <label class="required" for="id_age">Age:</label> <input type="number" name="age" id="id_age" required></li>"""
+         )
+@@ -2796,7 +2803,7 @@ Good luck picking a username that doesn&#39;t already exist.</p>
+ <option value="true">Yes</option>
+ <option value="false">No</option>
+ </select></p>
+-<p><label for="id_email">Email:</label> <input type="email" name="email" id="id_email"></p>
++<p><label for="id_email">Email:</label> <input type="email" name="email" id="id_email" maxlength="320"></p>
+ <ul class="errorlist"><li>This field is required.</li></ul>
+ <p class="required error"><label class="required" for="id_age">Age:</label>
+ <input type="number" name="age" id="id_age" required></p>"""
+@@ -2815,7 +2822,7 @@ Good luck picking a username that doesn&#39;t already exist.</p>
+ <option value="false">No</option>
+ </select></td></tr>
+ <tr><th><label for="id_email">Email:</label></th><td>
+-<input type="email" name="email" id="id_email"></td></tr>
++<input type="email" name="email" id="id_email" maxlength="320"></td></tr>
+ <tr class="required error"><th><label class="required" for="id_age">Age:</label></th>
+ <td><ul class="errorlist"><li>This field is required.</li></ul>
+ <input type="number" name="age" id="id_age" required></td></tr>"""
+@@ -3428,7 +3435,7 @@ Good luck picking a username that doesn&#39;t already exist.</p>
+         f = CommentForm(data, auto_id=False, error_class=DivErrorList)
+         self.assertHTMLEqual(f.as_p(), """<p>Name: <input type="text" name="name" maxlength="50"></p>
+ <div class="errorlist"><div class="error">Enter a valid email address.</div></div>
+-<p>Email: <input type="email" name="email" value="invalid" required></p>
++<p>Email: <input type="email" name="email" value="invalid" maxlength="320" required></p>
+ <div class="errorlist"><div class="error">This field is required.</div></div>
+ <p>Comment: <input type="text" name="comment" required></p>""")
+
+diff --git a/tests/validators/tests.py b/tests/validators/tests.py
+index 1f09fb5..8204f00 100644
+--- a/tests/validators/tests.py
++++ b/tests/validators/tests.py
+@@ -58,6 +58,7 @@ TEST_DATA = [
+
+     (validate_email, 'example@atm.%s' % ('a' * 64), ValidationError),
+     (validate_email, 'example@%s.atm.%s' % ('b' * 64, 'a' * 63), ValidationError),
++    (validate_email, "example@%scom" % (("a" * 63 + ".") * 100), ValidationError),
+     (validate_email, None, ValidationError),
+     (validate_email, '', ValidationError),
+     (validate_email, 'abc', ValidationError),
+@@ -242,6 +243,16 @@ TEST_DATA = [
+     (URLValidator(EXTENDED_SCHEMES), 'git+ssh://git@github.com/example/hg-git.git', None),
+
+     (URLValidator(EXTENDED_SCHEMES), 'git://-invalid.com', ValidationError),
++    (
++        URLValidator(),
++        "http://example." + ("a" * 63 + ".") * 1000 + "com",
++        ValidationError,
++    ),
++    (
++        URLValidator(),
++        "http://userid:password" + "d" * 2000 + "@example.aaaaaaaaaaaaa.com",
++        None,
++    ),
+     # Newlines and tabs are not accepted.
+     (URLValidator(), 'http://www.djangoproject.com/\n', ValidationError),
+     (URLValidator(), 'http://[::ffff:192.9.5.5]\n', ValidationError),
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2023-41164.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2023-41164.patch
new file mode 100644
index 0000000000..9bc38b0cca
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2023-41164.patch
@@ -0,0 +1,105 @@
+From 9c95e8fec62153f8dfcc45a70b8a68d74333a66f Mon Sep 17 00:00:00 2001
+From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
+Date: Tue, 26 Sep 2023 10:23:30 +0000
+Subject: [PATCH] Fixed CVE-2023-41164 -- Fixed potential DoS in
+ django.utils.encoding.uri_to_iri().
+
+Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
+
+Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
+
+CVE: CVE-2023-41164
+
+Upstream-Status: Backport [https://github.com/django/django/commit/3f41d6d62929dfe53eda8109b3b836f26645bdce]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ django/utils/encoding.py           |  6 ++++--
+ docs/releases/2.2.28.txt           |  9 +++++++++
+ tests/utils_tests/test_encoding.py | 21 ++++++++++++++++++++-
+ 3 files changed, 33 insertions(+), 3 deletions(-)
+
+diff --git a/django/utils/encoding.py b/django/utils/encoding.py
+index 98da647..3769702 100644
+--- a/django/utils/encoding.py
++++ b/django/utils/encoding.py
+@@ -225,6 +225,7 @@ def repercent_broken_unicode(path):
+     repercent-encode any octet produced that is not part of a strictly legal
+     UTF-8 octet sequence.
+     """
++    changed_parts = []
+     while True:
+         try:
+             path.decode()
+@@ -232,9 +233,10 @@ def repercent_broken_unicode(path):
+             # CVE-2019-14235: A recursion shouldn't be used since the exception
+             # handling uses massive amounts of memory
+             repercent = quote(path[e.start:e.end], safe=b"/#%[]=:;$&()+,!?*@'~")
+-            path = path[:e.start] + force_bytes(repercent) + path[e.end:]
++            changed_parts.append(path[: e.start] + repercent.encode())
++            path = path[e.end :]
+         else:
+-            return path
++            return b"".join(changed_parts) + path
+
+
+ def filepath_to_uri(path):
+diff --git a/docs/releases/2.2.28.txt b/docs/releases/2.2.28.txt
+index ab4884b..40eb230 100644
+--- a/docs/releases/2.2.28.txt
++++ b/docs/releases/2.2.28.txt
+@@ -47,3 +47,12 @@ CVE-2023-36053: Potential regular expression denial of service vulnerability in
+ ``EmailValidator`` and ``URLValidator`` were subject to potential regular
+ expression denial of service attack via a very large number of domain name
+ labels of emails and URLs.
++
++Backporting the CVE-2023-41164 fix on Django 2.2.28.
++
++CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``
++===================================================================================================
++
++``django.utils.encoding.uri_to_iri()`` was subject to potential denial of
++service attack via certain inputs with a very large number of Unicode
++characters.
+diff --git a/tests/utils_tests/test_encoding.py b/tests/utils_tests/test_encoding.py
+index ea7ba5f..93a3162 100644
+--- a/tests/utils_tests/test_encoding.py
++++ b/tests/utils_tests/test_encoding.py
+@@ -1,8 +1,9 @@
+ import datetime
++import inspect
+ import sys
+ import unittest
+ from unittest import mock
+-from urllib.parse import quote_plus
++from urllib.parse import quote, quote_plus
+
+ from django.test import SimpleTestCase
+ from django.utils.encoding import (
+@@ -100,6 +101,24 @@ class TestEncodingUtils(SimpleTestCase):
+         except RecursionError:
+             self.fail('Unexpected RecursionError raised.')
+
++    def test_repercent_broken_unicode_small_fragments(self):
++        data = b"test\xfctest\xfctest\xfc"
++        decoded_paths = []
++
++        def mock_quote(*args, **kwargs):
++            # The second frame is the call to repercent_broken_unicode().
++            decoded_paths.append(inspect.currentframe().f_back.f_locals["path"])
++            return quote(*args, **kwargs)
++
++        with mock.patch("django.utils.encoding.quote", mock_quote):
++            self.assertEqual(repercent_broken_unicode(data), b"test%FCtest%FCtest%FC")
++
++        # decode() is called on smaller fragment of the path each time.
++        self.assertEqual(
++            decoded_paths,
++            [b"test\xfctest\xfctest\xfc", b"test\xfctest\xfc", b"test\xfc"],
++        )
++
+
+ class TestRFC3987IEncodingUtils(unittest.TestCase):
+
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2023-43665.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2023-43665.patch
new file mode 100644
index 0000000000..dbfb9b68a8
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2023-43665.patch
@@ -0,0 +1,199 @@
+From b269a0063e9b10a6c88c92b24d1b92c7421950de Mon Sep 17 00:00:00 2001
+From: Natalia <124304+nessita@users.noreply.github.com>
+Date: Wed, 29 Nov 2023 12:20:01 +0000
+Subject: [PATCH 1/2] Fixed CVE-2023-43665 -- Mitigated potential DoS in
+ django.utils.text.Truncator when truncating HTML text.
+
+Thanks Wenchao Li of Alibaba Group for the report.
+
+CVE: CVE-2023-43665
+
+Upstream-Status: Backport [https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ django/utils/text.py            | 18 ++++++++++++++++-
+ docs/ref/templates/builtins.txt | 20 +++++++++++++++++++
+ docs/releases/2.2.28.txt        | 20 +++++++++++++++++++
+ tests/utils_tests/test_text.py  | 35 ++++++++++++++++++++++++---------
+ 4 files changed, 83 insertions(+), 10 deletions(-)
+
+diff --git a/django/utils/text.py b/django/utils/text.py
+index 1fae7b2..06a377b 100644
+--- a/django/utils/text.py
++++ b/django/utils/text.py
+@@ -57,7 +57,14 @@ def wrap(text, width):
+ class Truncator(SimpleLazyObject):
+     """
+     An object used to truncate text, either by characters or words.
++
++    When truncating HTML text (either chars or words), input will be limited to
++    at most `MAX_LENGTH_HTML` characters.
+     """
++
++    # 5 million characters are approximately 4000 text pages or 3 web pages.
++    MAX_LENGTH_HTML = 5_000_000
++
+     def __init__(self, text):
+         super().__init__(lambda: str(text))
+
+@@ -154,6 +161,11 @@ class Truncator(SimpleLazyObject):
+         if words and length <= 0:
+             return ''
+
++        size_limited = False
++        if len(text) > self.MAX_LENGTH_HTML:
++            text = text[: self.MAX_LENGTH_HTML]
++            size_limited = True
++
+         html4_singlets = (
+             'br', 'col', 'link', 'base', 'img',
+             'param', 'area', 'hr', 'input'
+@@ -203,10 +215,14 @@ class Truncator(SimpleLazyObject):
+                 # Add it to the start of the open tags list
+                 open_tags.insert(0, tagname)
+
++        truncate_text = self.add_truncation_text("", truncate)
++
+         if current_len <= length:
++            if size_limited and truncate_text:
++                text += truncate_text
+             return text
++
+         out = text[:end_text_pos]
+-        truncate_text = self.add_truncation_text('', truncate)
+         if truncate_text:
+             out += truncate_text
+         # Close any tags still open
+diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt
+index c4b0fa3..4faab38 100644
+--- a/docs/ref/templates/builtins.txt
++++ b/docs/ref/templates/builtins.txt
+@@ -2318,6 +2318,16 @@ If ``value`` is ``"<p>Joel is a slug</p>"``, the output will be
+
+ Newlines in the HTML content will be preserved.
+
++.. admonition:: Size of input string
++
++    Processing large, potentially malformed HTML strings can be
++    resource-intensive and impact service performance. ``truncatechars_html``
++    limits input to the first five million characters.
++
++.. versionchanged:: 2.2.28
++
++    In older versions, strings over five million characters were processed.
++
+ .. templatefilter:: truncatewords
+
+ ``truncatewords``
+@@ -2356,6 +2366,16 @@ If ``value`` is ``"<p>Joel is a slug</p>"``, the output will be
+
+ Newlines in the HTML content will be preserved.
+
++.. admonition:: Size of input string
++
++    Processing large, potentially malformed HTML strings can be
++    resource-intensive and impact service performance. ``truncatewords_html``
++    limits input to the first five million characters.
++
++.. versionchanged:: 2.2.28
++
++    In older versions, strings over five million characters were processed.
++
+ .. templatefilter:: unordered_list
+
+ ``unordered_list``
+diff --git a/docs/releases/2.2.28.txt b/docs/releases/2.2.28.txt
+index 40eb230..6a38e9c 100644
+--- a/docs/releases/2.2.28.txt
++++ b/docs/releases/2.2.28.txt
+@@ -56,3 +56,23 @@ CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.enco
+ ``django.utils.encoding.uri_to_iri()`` was subject to potential denial of
+ service attack via certain inputs with a very large number of Unicode
+ characters.
++
++Backporting the CVE-2023-43665 fix on Django 2.2.28.
++
++CVE-2023-43665: Denial-of-service possibility in ``django.utils.text.Truncator``
++================================================================================
++
++Following the fix for :cve:`2019-14232`, the regular expressions used in the
++implementation of ``django.utils.text.Truncator``'s ``chars()`` and ``words()``
++methods (with ``html=True``) were revised and improved. However, these regular
++expressions still exhibited linear backtracking complexity, so when given a
++very long, potentially malformed HTML input, the evaluation would still be
++slow, leading to a potential denial of service vulnerability.
++
++The ``chars()`` and ``words()`` methods are used to implement the
++:tfilter:`truncatechars_html` and :tfilter:`truncatewords_html` template
++filters, which were thus also vulnerable.
++
++The input processed by ``Truncator``, when operating in HTML mode, has been
++limited to the first five million characters in order to avoid potential
++performance and memory issues.
+diff --git a/tests/utils_tests/test_text.py b/tests/utils_tests/test_text.py
+index 27e440b..cb3063d 100644
+--- a/tests/utils_tests/test_text.py
++++ b/tests/utils_tests/test_text.py
+@@ -1,5 +1,6 @@
+ import json
+ import sys
++from unittest.mock import patch
+
+ from django.core.exceptions import SuspiciousFileOperation
+ from django.test import SimpleTestCase
+@@ -87,11 +88,17 @@ class TestUtilsText(SimpleTestCase):
+         # lazy strings are handled correctly
+         self.assertEqual(text.Truncator(lazystr('The quick brown fox')).chars(10), 'The quick…')
+
+-    def test_truncate_chars_html(self):
++    @patch("django.utils.text.Truncator.MAX_LENGTH_HTML", 10_000)
++    def test_truncate_chars_html_size_limit(self):
++        max_len = text.Truncator.MAX_LENGTH_HTML
++        bigger_len = text.Truncator.MAX_LENGTH_HTML + 1
++        valid_html = "<p>Joel is a slug</p>"  # 14 chars
+         perf_test_values = [
+-            (('</a' + '\t' * 50000) + '//>', None),
+-            ('&' * 50000, '&' * 9 + '…'),
+-            ('_X<<<<<<<<<<<>', None),
++            ("</a" + "\t" * (max_len - 6) + "//>", None),
++            ("</p" + "\t" * bigger_len + "//>", "</p" + "\t" * 6 + "…"),
++            ("&" * bigger_len, "&" * 9 + "…"),
++            ("_X<<<<<<<<<<<>", None),
++            (valid_html * bigger_len, "<p>Joel is a…</p>"),  # 10 chars
+         ]
+         for value, expected in perf_test_values:
+             with self.subTest(value=value):
+@@ -149,15 +156,25 @@ class TestUtilsText(SimpleTestCase):
+         truncator = text.Truncator('<p>I &lt;3 python, what about you?</p>')
+         self.assertEqual('<p>I &lt;3 python,…</p>', truncator.words(3, html=True))
+
++    @patch("django.utils.text.Truncator.MAX_LENGTH_HTML", 10_000)
++    def test_truncate_words_html_size_limit(self):
++        max_len = text.Truncator.MAX_LENGTH_HTML
++        bigger_len = text.Truncator.MAX_LENGTH_HTML + 1
++        valid_html = "<p>Joel is a slug</p>"  # 4 words
+         perf_test_values = [
+-            ('</a' + '\t' * 50000) + '//>',
+-            '&' * 50000,
+-            '_X<<<<<<<<<<<>',
++            ("</a" + "\t" * (max_len - 6) + "//>", None),
++            ("</p" + "\t" * bigger_len + "//>", "</p" + "\t" * (max_len - 3) + "…"),
++            ("&" * max_len, None),  # no change
++            ("&" * bigger_len, "&" * max_len + "…"),
++            ("_X<<<<<<<<<<<>", None),
++            (valid_html * bigger_len, valid_html * 12 + "<p>Joel is…</p>"),  # 50 words
+         ]
+-        for value in perf_test_values:
++        for value, expected in perf_test_values:
+             with self.subTest(value=value):
+                 truncator = text.Truncator(value)
+-                self.assertEqual(value, truncator.words(50, html=True))
++                self.assertEqual(
++                    expected if expected else value, truncator.words(50, html=True)
++                )
+
+     def test_wrap(self):
+         digits = '1234 67 9'
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2023-46695.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2023-46695.patch
new file mode 100644
index 0000000000..b7dda41f8f
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2023-46695.patch
@@ -0,0 +1,90 @@
+From 32bc7fa517be1d50239827520cc13f3112d3d748 Mon Sep 17 00:00:00 2001
+From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
+Date: Wed, 29 Nov 2023 12:49:41 +0000
+Subject: [PATCH 2/2] Fixed CVE-2023-46695 -- Fixed potential DoS in
+ UsernameField on Windows.
+
+Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
+
+CVE: CVE-2023-46695
+
+Upstream-Status: Backport [https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ django/contrib/auth/forms.py   | 10 +++++++++-
+ docs/releases/2.2.28.txt       | 14 ++++++++++++++
+ tests/auth_tests/test_forms.py |  8 +++++++-
+ 3 files changed, 30 insertions(+), 2 deletions(-)
+
+diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
+index e6f73fe..26d3ca7 100644
+--- a/django/contrib/auth/forms.py
++++ b/django/contrib/auth/forms.py
+@@ -68,7 +68,15 @@ class ReadOnlyPasswordHashField(forms.Field):
+
+ class UsernameField(forms.CharField):
+     def to_python(self, value):
+-        return unicodedata.normalize('NFKC', super().to_python(value))
++        value = super().to_python(value)
++        if self.max_length is not None and len(value) > self.max_length:
++            # Normalization can increase the string length (e.g.
++            # "ff" -> "ff", "½" -> "1⁄2") but cannot reduce it, so there is no
++            # point in normalizing invalid data. Moreover, Unicode
++            # normalization is very slow on Windows and can be a DoS attack
++            # vector.
++            return value
++        return unicodedata.normalize("NFKC", value)
+
+
+ class UserCreationForm(forms.ModelForm):
+diff --git a/docs/releases/2.2.28.txt b/docs/releases/2.2.28.txt
+index 6a38e9c..c653cb6 100644
+--- a/docs/releases/2.2.28.txt
++++ b/docs/releases/2.2.28.txt
+@@ -76,3 +76,17 @@ filters, which were thus also vulnerable.
+ The input processed by ``Truncator``, when operating in HTML mode, has been
+ limited to the first five million characters in order to avoid potential
+ performance and memory issues.
++
++Backporting the CVE-2023-46695 fix on Django 2.2.28.
++
++CVE-2023-46695: Potential denial of service vulnerability in ``UsernameField`` on Windows
++=========================================================================================
++
++The :func:`NFKC normalization <python:unicodedata.normalize>` is slow on
++Windows. As a consequence, ``django.contrib.auth.forms.UsernameField`` was
++subject to a potential denial of service attack via certain inputs with a very
++large number of Unicode characters.
++
++In order to avoid the vulnerability, invalid values longer than
++``UsernameField.max_length`` are no longer normalized, since they cannot pass
++validation anyway.
+diff --git a/tests/auth_tests/test_forms.py b/tests/auth_tests/test_forms.py
+index bed23af..e73d4b8 100644
+--- a/tests/auth_tests/test_forms.py
++++ b/tests/auth_tests/test_forms.py
+@@ -6,7 +6,7 @@ from django import forms
+ from django.contrib.auth.forms import (
+     AdminPasswordChangeForm, AuthenticationForm, PasswordChangeForm,
+     PasswordResetForm, ReadOnlyPasswordHashField, ReadOnlyPasswordHashWidget,
+-    SetPasswordForm, UserChangeForm, UserCreationForm,
++    SetPasswordForm, UserChangeForm, UserCreationForm, UsernameField,
+ )
+ from django.contrib.auth.models import User
+ from django.contrib.auth.signals import user_login_failed
+@@ -132,6 +132,12 @@ class UserCreationFormTest(TestDataMixin, TestCase):
+         self.assertNotEqual(user.username, ohm_username)
+         self.assertEqual(user.username, 'testΩ')  # U+03A9 GREEK CAPITAL LETTER OMEGA
+
++    def test_invalid_username_no_normalize(self):
++        field = UsernameField(max_length=254)
++        # Usernames are not normalized if they are too long.
++        self.assertEqual(field.to_python("½" * 255), "½" * 255)
++        self.assertEqual(field.to_python("ff" * 254), "ff" * 254)
++
+     def test_duplicate_normalized_unicode(self):
+         """
+         To prevent almost identical usernames, visually identical but differing
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
index 9ef988176e..8c955e6bd8 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -5,6 +5,13 @@ UPSTREAM_CHECK_REGEX = "/${PYPI_PACKAGE}/(?P<pver>(2\.2\.\d*)+)/"
 
 inherit setuptools3
 
+SRC_URI += "file://CVE-2023-31047.patch \
+            file://CVE-2023-36053.patch \
+            file://CVE-2023-41164.patch \
+            file://CVE-2023-43665.patch \
+            file://CVE-2023-46695.patch \
+           "
+
 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
 
 RDEPENDS:${PN} += "\
diff --git a/meta-python/recipes-devtools/python/python3-django_3.2.12.bb b/meta-python/recipes-devtools/python/python3-django_3.2.23.bb
index adbc498bdf..beecaa607c 100644
--- a/meta-python/recipes-devtools/python/python3-django_3.2.12.bb
+++ b/meta-python/recipes-devtools/python/python3-django_3.2.23.bb
@@ -1,7 +1,7 @@
 require python-django.inc
 inherit setuptools3
 
-SRC_URI[sha256sum] = "9772e6935703e59e993960832d66a614cf0233a1c5123bc6224ecc6ad69e41e2"
+SRC_URI[sha256sum] = "82968f3640e29ef4a773af2c28448f5f7a08d001c6ac05b32d02aeee6509508b"
 
 RDEPENDS:${PN} += "\
     ${PYTHON_PN}-sqlparse \
@@ -9,5 +9,5 @@ RDEPENDS:${PN} += "\
 
 # Set DEFAULT_PREFERENCE so that the LTS version of django is built by
 # default. To build the 3.x branch, 
-# PREFERRED_VERSION_python3-django = "3.2.2" can be added to local.conf
+# PREFERRED_VERSION_python3-django = "3.2.23" can be added to local.conf
 DEFAULT_PREFERENCE = "-1"
diff --git a/meta-python/recipes-devtools/python/python3-django_4.0.2.bb b/meta-python/recipes-devtools/python/python3-django_4.2.10.bb
index 690b9809dc..a9f25ac2b3 100644
--- a/meta-python/recipes-devtools/python/python3-django_4.0.2.bb
+++ b/meta-python/recipes-devtools/python/python3-django_4.2.10.bb
@@ -1,7 +1,7 @@
 require python-django.inc
 inherit setuptools3
 
-SRC_URI[sha256sum] = "110fb58fb12eca59e072ad59fc42d771cd642dd7a2f2416582aa9da7a8ef954a"
+SRC_URI[sha256sum] = "b1260ed381b10a11753c73444408e19869f3241fc45c985cd55a30177c789d13"
 
 RDEPENDS:${PN} += "\
     ${PYTHON_PN}-sqlparse \
@@ -9,5 +9,5 @@ RDEPENDS:${PN} += "\
 
 # Set DEFAULT_PREFERENCE so that the LTS version of django is built by
 # default. To build the 4.x branch, 
-# PREFERRED_VERSION_python3-django = "4.0.2" can be added to local.conf
+# PREFERRED_VERSION_python3-django = "4.2.7" can be added to local.conf
 DEFAULT_PREFERENCE = "-1"
diff --git a/meta-python/recipes-devtools/python/python3-gcovr/0001-Fix-parsing-of-gcov-metadata-601.patch b/meta-python/recipes-devtools/python/python3-gcovr/0001-Fix-parsing-of-gcov-metadata-601.patch
new file mode 100644
index 0000000000..5530a39857
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-gcovr/0001-Fix-parsing-of-gcov-metadata-601.patch
@@ -0,0 +1,84 @@
+From c4f53f28c4c537b75b5912a44083c41262807504 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20F=C3=B6rderer?= <michael.foerderer@gmx.de>
+Date: Sun, 3 Apr 2022 22:58:33 +0200
+Subject: [PATCH] Fix parsing of gcov metadata (#601)
+
+gcc-11 has metadata line "-: 0:Source is newer than graph" which throws an error.
+
+Upstream-Status: Backport [https://github.com/gcovr/gcovr/commit/7b6947bd4b6fd28a477606313fff3c13fcea8d3d]
+
+Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
+---
+ gcovr/gcov.py        |  5 ++++-
+ gcovr/gcov_parser.py | 24 ++++++++++++++++++++----
+ 2 files changed, 24 insertions(+), 5 deletions(-)
+
+diff --git a/gcovr/gcov.py b/gcovr/gcov.py
+index cc7a9af4..ff4cdb0b 100644
+--- a/gcovr/gcov.py
++++ b/gcovr/gcov.py
+@@ -98,8 +98,11 @@ def process_gcov_data(data_fname, covdata, source_fname, options, currdir=None):
+     # Find the source file
+     # TODO: instead of heuristics, use "working directory" if available
+     metadata = parse_metadata(lines)
++    source = metadata.get("Source")
++    if source is None:
++        raise RuntimeError("Unexpected value 'None' for metadata 'Source'.")
+     fname = guess_source_file_name(
+-        metadata["Source"].strip(),
++        source,
+         data_fname,
+         source_fname,
+         root_dir=options.root_dir,
+diff --git a/gcovr/gcov_parser.py b/gcovr/gcov_parser.py
+index 391ecd78..523ea406 100644
+--- a/gcovr/gcov_parser.py
++++ b/gcovr/gcov_parser.py
+@@ -121,7 +121,7 @@ class _MetadataLine(NamedTuple):
+     """A gcov line with metadata: ``-: 0:KEY:VALUE``"""
+
+     key: str
+-    value: str
++    value: Optional[str]
+
+
+ class _BlockLine(NamedTuple):
+@@ -214,7 +214,19 @@ def parse_metadata(lines: List[str]) -> Dict[str, str]:
+     ...   -: 0:Foo:bar
+     ...   -: 0:Key:123
+     ... '''.splitlines())
+-    {'Foo': 'bar', 'Key': '123'}
++    Traceback (most recent call last):
++       ...
++    RuntimeError: Missing key 'Source' in metadata. GCOV data was >>
++      -: 0:Foo:bar
++      -: 0:Key:123<< End of GCOV data
++    >>> parse_metadata('-: 0:Source: file \n -: 0:Foo: bar \n -: 0:Key: 123 '.splitlines())
++    {'Source': 'file', 'Foo': 'bar', 'Key': '123'}
++    >>> parse_metadata('''
++    ...   -: 0:Source:file
++    ...   -: 0:Foo:bar
++    ...   -: 0:Key
++    ... '''.splitlines())
++    {'Source': 'file', 'Foo': 'bar', 'Key': None}
+     """
+     collected = {}
+     for line in lines:
+@@ -721,8 +733,12 @@ def _parse_line(line: str) -> _Line:
+
+         # METADATA (key, value)
+         if count_str == "-" and lineno == "0":
+-            key, value = source_code.split(":", 1)
+-            return _MetadataLine(key, value)
++            if ":" in source_code:
++                key, value = source_code.split(":", 1)
++                return _MetadataLine(key, value.strip())
++            else:
++                # Add a syntethic metadata with no value
++                return _MetadataLine(source_code, None)
+
+         if count_str == "-":
+             count = 0
+--
+2.41.0
+
diff --git a/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb b/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb
index 995f3b779b..5dcd9496c5 100644
--- a/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb
+++ b/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb
@@ -4,7 +4,8 @@ SECTION = "devel/python"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=08208c66520e8d69d5367483186d94ed"
 
-SRC_URI = "git://github.com/gcovr/gcovr.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/gcovr/gcovr.git;branch=main;protocol=https"
+SRC_URI += "file://0001-Fix-parsing-of-gcov-metadata-601.patch"
 SRCREV = "e71e883521b78122c49016eb4e510e6da06c6916"
 
 S = "${WORKDIR}/git"
@@ -12,6 +13,6 @@ S = "${WORKDIR}/git"
 inherit setuptools3
 PIP_INSTALL_PACKAGE = "gcovr"
 
-RDEPENDS:${PN} += "${PYTHON_PN}-jinja2 ${PYTHON_PN}-lxml ${PYTHON_PN}-setuptools ${PYTHON_PN}-pygments"
+RDEPENDS:${PN} += "${PYTHON_PN}-jinja2 ${PYTHON_PN}-lxml ${PYTHON_PN}-setuptools ${PYTHON_PN}-pygments ${PYTHON_PN}-multiprocessing"
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-python/recipes-devtools/python/python3-gevent/CVE-2023-41419.patch b/meta-python/recipes-devtools/python/python3-gevent/CVE-2023-41419.patch
new file mode 100644
index 0000000000..c92ba876a8
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-gevent/CVE-2023-41419.patch
@@ -0,0 +1,673 @@
+From f80ee15e27b67b6fdd101d5f91cf584d19b2b26e Mon Sep 17 00:00:00 2001
+From: Jason Madden <jamadden@gmail.com>
+Date: Fri, 6 Oct 2023 12:41:59 +0000
+Subject: [PATCH] gevent.pywsgi: Much improved handling of chunk trailers.
+ Validation is much stricter to the specification.
+
+Fixes #1989
+
+CVE: CVE-2023-41419
+
+Upstream-Status: Backport [https://github.com/gevent/gevent/commit/2f53c851eaf926767fbac62385615efd4886221c]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ docs/changes/1989.bugfix         |  26 ++++
+ src/gevent/pywsgi.py             | 229 ++++++++++++++++++++++++-------
+ src/gevent/subprocess.py         |   7 +-
+ src/gevent/testing/testcase.py   |   2 +-
+ src/gevent/tests/test__pywsgi.py | 193 ++++++++++++++++++++++++--
+ 5 files changed, 390 insertions(+), 67 deletions(-)
+ create mode 100644 docs/changes/1989.bugfix
+
+diff --git a/docs/changes/1989.bugfix b/docs/changes/1989.bugfix
+new file mode 100644
+index 0000000..7ce4a93
+--- /dev/null
++++ b/docs/changes/1989.bugfix
+@@ -0,0 +1,26 @@
++Make ``gevent.pywsgi`` comply more closely with the HTTP specification
++for chunked transfer encoding. In particular, we are much stricter
++about trailers, and trailers that are invalid (too long or featuring
++disallowed characters) forcibly close the connection to the client
++*after* the results have been sent.
++
++Trailers otherwise continue to be ignored and are not available to the
++WSGI application.
++
++Previously, carefully crafted invalid trailers in chunked requests on
++keep-alive connections might appear as two requests to
++``gevent.pywsgi``. Because this was handled exactly as a normal
++keep-alive connection with two requests, the WSGI application should
++handle it normally. However, if you were counting on some upstream
++server to filter incoming requests based on paths or header fields,
++and the upstream server simply passed trailers through without
++validating them, then this embedded second request would bypass those
++checks. (If the upstream server validated that the trailers meet the
++HTTP specification, this could not occur, because characters that are
++required in an HTTP request, like a space, are not allowed in
++trailers.) CVE-2023-41419 was reserved for this.
++
++Our thanks to the original reporters, Keran Mu
++(mkr22@mails.tsinghua.edu.cn) and Jianjun Chen
++(jianjun@tsinghua.edu.cn), from Tsinghua University and Zhongguancun
++Laboratory.
+diff --git a/src/gevent/pywsgi.py b/src/gevent/pywsgi.py
+index 0ebe095..078398a 100644
+--- a/src/gevent/pywsgi.py
++++ b/src/gevent/pywsgi.py
+@@ -1,13 +1,28 @@
+ # Copyright (c) 2005-2009, eventlet contributors
+ # Copyright (c) 2009-2018, gevent contributors
+ """
+-A pure-Python, gevent-friendly WSGI server.
++A pure-Python, gevent-friendly WSGI server implementing HTTP/1.1.
+
+ The server is provided in :class:`WSGIServer`, but most of the actual
+ WSGI work is handled by :class:`WSGIHandler` --- a new instance is
+ created for each request. The server can be customized to use
+ different subclasses of :class:`WSGIHandler`.
+
++.. important::
++   This server is intended primarily for development and testing, and
++   secondarily for other "safe" scenarios where it will not be exposed to
++   potentially malicious input. The code has not been security audited,
++   and is not intended for direct exposure to the public Internet. For production
++   usage on the Internet, either choose a production-strength server such as
++   gunicorn, or put a reverse proxy between gevent and the Internet.
++.. versionchanged:: NEXT
++   Complies more closely with the HTTP specification for chunked transfer encoding.
++   In particular, we are much stricter about trailers, and trailers that
++   are invalid (too long or featuring disallowed characters) forcibly close
++   the connection to the client *after* the results have been sent.
++   Trailers otherwise continue to be ignored and are not available to the
++   WSGI application.
++
+ """
+ from __future__ import absolute_import
+
+@@ -22,10 +37,7 @@ import time
+ import traceback
+ from datetime import datetime
+
+-try:
+-    from urllib import unquote
+-except ImportError:
+-    from urllib.parse import unquote # python 2 pylint:disable=import-error,no-name-in-module
++from urllib.parse import unquote
+
+ from gevent import socket
+ import gevent
+@@ -53,29 +65,52 @@ __all__ = [
+
+ MAX_REQUEST_LINE = 8192
+ # Weekday and month names for HTTP date/time formatting; always English!
+-_WEEKDAYNAME = ["Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"]
+-_MONTHNAME = [None,  # Dummy so we can use 1-based month numbers
++_WEEKDAYNAME = ("Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun")
++_MONTHNAME = (None,  # Dummy so we can use 1-based month numbers
+               "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+-              "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"]
++              "Jul", "Aug", "Sep", "Oct", "Nov", "Dec")
+
+ # The contents of the "HEX" grammar rule for HTTP, upper and lowercase A-F plus digits,
+ # in byte form for comparing to the network.
+ _HEX = string.hexdigits.encode('ascii')
+
++# The characters allowed in "token" rules.
++
++# token          = 1*tchar
++# tchar          = "!" / "#" / "$" / "%" / "&" / "'" / "*"
++#                / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
++#                / DIGIT / ALPHA
++#                ; any VCHAR, except delimiters
++# ALPHA          =  %x41-5A / %x61-7A   ; A-Z / a-z
++_ALLOWED_TOKEN_CHARS = frozenset(
++    # Remember we have to be careful because bytestrings
++    # inexplicably iterate as integers, which are not equal to bytes.
++
++    # explicit chars then DIGIT
++    (c.encode('ascii') for c in "!#$%&'*+-.^_`|~0123456789")
++    # Then we add ALPHA
++) | {c.encode('ascii') for c in string.ascii_letters}
++assert b'A' in _ALLOWED_TOKEN_CHARS
++
++
+ # Errors
+ _ERRORS = {}
+ _INTERNAL_ERROR_STATUS = '500 Internal Server Error'
+ _INTERNAL_ERROR_BODY = b'Internal Server Error'
+-_INTERNAL_ERROR_HEADERS = [('Content-Type', 'text/plain'),
+-                           ('Connection', 'close'),
+-                           ('Content-Length', str(len(_INTERNAL_ERROR_BODY)))]
++_INTERNAL_ERROR_HEADERS = (
++    ('Content-Type', 'text/plain'),
++    ('Connection', 'close'),
++    ('Content-Length', str(len(_INTERNAL_ERROR_BODY)))
++)
+ _ERRORS[500] = (_INTERNAL_ERROR_STATUS, _INTERNAL_ERROR_HEADERS, _INTERNAL_ERROR_BODY)
+
+ _BAD_REQUEST_STATUS = '400 Bad Request'
+ _BAD_REQUEST_BODY = ''
+-_BAD_REQUEST_HEADERS = [('Content-Type', 'text/plain'),
+-                        ('Connection', 'close'),
+-                        ('Content-Length', str(len(_BAD_REQUEST_BODY)))]
++_BAD_REQUEST_HEADERS = (
++    ('Content-Type', 'text/plain'),
++    ('Connection', 'close'),
++    ('Content-Length', str(len(_BAD_REQUEST_BODY)))
++)
+ _ERRORS[400] = (_BAD_REQUEST_STATUS, _BAD_REQUEST_HEADERS, _BAD_REQUEST_BODY)
+
+ _REQUEST_TOO_LONG_RESPONSE = b"HTTP/1.1 414 Request URI Too Long\r\nConnection: close\r\nContent-length: 0\r\n\r\n"
+@@ -204,23 +239,32 @@ class Input(object):
+         # Read and return the next integer chunk length. If no
+         # chunk length can be read, raises _InvalidClientInput.
+
+-        # Here's the production for a chunk:
+-        # (http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html)
+-        #   chunk          = chunk-size [ chunk-extension ] CRLF
+-        #                    chunk-data CRLF
+-        #   chunk-size     = 1*HEX
+-        #   chunk-extension= *( ";" chunk-ext-name [ "=" chunk-ext-val ] )
+-        #   chunk-ext-name = token
+-        #   chunk-ext-val  = token | quoted-string
+-
+-        # To cope with malicious or broken clients that fail to send valid
+-        # chunk lines, the strategy is to read character by character until we either reach
+-        # a ; or newline. If at any time we read a non-HEX digit, we bail. If we hit a
+-        # ;, indicating an chunk-extension, we'll read up to the next
+-        # MAX_REQUEST_LINE characters
+-        # looking for the CRLF, and if we don't find it, we bail. If we read more than 16 hex characters,
+-        # (the number needed to represent a 64-bit chunk size), we bail (this protects us from
+-        # a client that sends an infinite stream of `F`, for example).
++        # Here's the production for a chunk (actually the whole body):
++        # (https://www.rfc-editor.org/rfc/rfc7230#section-4.1)
++
++        # chunked-body   = *chunk
++        #                  last-chunk
++        #                  trailer-part
++        #                  CRLF
++        #
++        # chunk          = chunk-size [ chunk-ext ] CRLF
++        #                  chunk-data CRLF
++        # chunk-size     = 1*HEXDIG
++        # last-chunk     = 1*("0") [ chunk-ext ] CRLF
++        # trailer-part   = *( header-field CRLF )
++        # chunk-data     = 1*OCTET ; a sequence of chunk-size octets
++
++        # To cope with malicious or broken clients that fail to send
++        # valid chunk lines, the strategy is to read character by
++        # character until we either reach a ; or newline. If at any
++        # time we read a non-HEX digit, we bail. If we hit a ;,
++        # indicating an chunk-extension, we'll read up to the next
++        # MAX_REQUEST_LINE characters ("A server ought to limit the
++        # total length of chunk extensions received") looking for the
++        # CRLF, and if we don't find it, we bail. If we read more than
++        # 16 hex characters, (the number needed to represent a 64-bit
++        # chunk size), we bail (this protects us from a client that
++        # sends an infinite stream of `F`, for example).
+
+         buf = BytesIO()
+         while 1:
+@@ -228,16 +272,20 @@ class Input(object):
+             if not char:
+                 self._chunked_input_error = True
+                 raise _InvalidClientInput("EOF before chunk end reached")
+-            if char == b'\r':
+-                break
+-            if char == b';':
++
++            if char in (
++                b'\r', # Beginning EOL
++                b';', # Beginning extension
++            ):
+                 break
+
+-            if char not in _HEX:
++            if char not in _HEX: # Invalid data.
+                 self._chunked_input_error = True
+                 raise _InvalidClientInput("Non-hex data", char)
++
+             buf.write(char)
+-            if buf.tell() > 16:
++
++            if buf.tell() > 16: # Too many hex bytes
+                 self._chunked_input_error = True
+                 raise _InvalidClientInput("Chunk-size too large.")
+
+@@ -257,11 +305,72 @@ class Input(object):
+         if char == b'\r':
+             # We either got here from the main loop or from the
+             # end of an extension
++            self.__read_chunk_size_crlf(rfile, newline_only=True)
++            result = int(buf.getvalue(), 16)
++            if result == 0:
++                # The only time a chunk size of zero is allowed is the final
++                # chunk. It is either followed by another \r\n, or some trailers
++                # which are then followed by \r\n.
++                while self.__read_chunk_trailer(rfile):
++                    pass
++            return result
++
++    # Trailers have the following production (they are a header-field followed by CRLF)
++    # See above for the definition of "token".
++    #
++    # header-field   = field-name ":" OWS field-value OWS
++    # field-name     = token
++    # field-value    = *( field-content / obs-fold )
++    # field-content  = field-vchar [ 1*( SP / HTAB ) field-vchar ]
++    # field-vchar    = VCHAR / obs-text
++    # obs-fold       = CRLF 1*( SP / HTAB )
++    #                ; obsolete line folding
++    #                ; see Section 3.2.4
++
++
++    def __read_chunk_trailer(self, rfile, ):
++        # With rfile positioned just after a \r\n, read a trailer line.
++        # Return a true value if a non-empty trailer was read, and
++        # return false if an empty trailer was read (meaning the trailers are
++        # done).
++        # If a single line exceeds the MAX_REQUEST_LINE, raise an exception.
++        # If the field-name portion contains invalid characters, raise an exception.
++
++        i = 0
++        empty = True
++        seen_field_name = False
++        while i < MAX_REQUEST_LINE:
++            char = rfile.read(1)
++            if char == b'\r':
++                # Either read the next \n or raise an error.
++                self.__read_chunk_size_crlf(rfile, newline_only=True)
++                break
++            # Not a \r, so we are NOT an empty chunk.
++            empty = False
++            if char == b':' and i > 0:
++                # We're ending the field-name part; stop validating characters.
++                # Unless : was the first character...
++                seen_field_name = True
++            if not seen_field_name and char not in _ALLOWED_TOKEN_CHARS:
++                raise _InvalidClientInput('Invalid token character: %r' % (char,))
++            i += 1
++        else:
++            # We read too much
++            self._chunked_input_error = True
++            raise _InvalidClientInput("Too large chunk trailer")
++        return not empty
++
++    def __read_chunk_size_crlf(self, rfile, newline_only=False):
++        # Also for safety, correctly verify that we get \r\n when expected.
++        if not newline_only:
+             char = rfile.read(1)
+-            if char != b'\n':
++            if char != b'\r':
+                 self._chunked_input_error = True
+-                raise _InvalidClientInput("Line didn't end in CRLF")
+-            return int(buf.getvalue(), 16)
++                raise _InvalidClientInput("Line didn't end in CRLF: %r" % (char,))
++        char = rfile.read(1)
++        if char != b'\n':
++            self._chunked_input_error = True
++            raise _InvalidClientInput("Line didn't end in LF: %r" % (char,))
+
+     def _chunked_read(self, length=None, use_readline=False):
+         # pylint:disable=too-many-branches
+@@ -294,7 +403,7 @@ class Input(object):
+
+                 self.position += datalen
+                 if self.chunk_length == self.position:
+-                    rfile.readline()
++                    self.__read_chunk_size_crlf(rfile)
+
+                 if length is not None:
+                     length -= datalen
+@@ -307,9 +416,9 @@ class Input(object):
+                 # determine the next size to read
+                 self.chunk_length = self.__read_chunk_length(rfile)
+                 self.position = 0
+-                if self.chunk_length == 0:
+-                    # Last chunk. Terminates with a CRLF.
+-                    rfile.readline()
++                # If chunk_length was 0, we already read any trailers and
++                # validated that we have ended with \r\n\r\n.
++
+         return b''.join(response)
+
+     def read(self, length=None):
+@@ -532,7 +641,8 @@ class WSGIHandler(object):
+         elif len(words) == 2:
+             self.command, self.path = words
+             if self.command != "GET":
+-                raise _InvalidClientRequest('Expected GET method: %r' % (raw_requestline,))
++                raise _InvalidClientRequest('Expected GET method; Got command=%r; path=%r; raw=%r' % (
++                    self.command, self.path, raw_requestline,))
+             self.request_version = "HTTP/0.9"
+             # QQQ I'm pretty sure we can drop support for HTTP/0.9
+         else:
+@@ -1000,14 +1110,28 @@ class WSGIHandler(object):
+             finally:
+                 try:
+                     self.wsgi_input._discard()
+-                except (socket.error, IOError):
+-                    # Don't let exceptions during discarding
++                except _InvalidClientInput:
++                    # This one is deliberately raised to the outer
++                    # scope, because, with the incoming stream in some bad state,
++                    # we can't be sure we can synchronize and properly parse the next
++                    # request.
++                    raise
++                except socket.error
++                    # Don't let socket exceptions during discarding
+                     # input override any exception that may have been
+                     # raised by the application, such as our own _InvalidClientInput.
+                     # In the general case, these aren't even worth logging (see the comment
+                     # just below)
+                     pass
+-        except _InvalidClientInput:
++        except _InvalidClientInput as ex:
++            # DO log this one because:
++            # - Some of the data may have been read and acted on by the
++            #   application;
++            # - The response may or may not have been sent;
++            # - It's likely that the client is bad, or malicious, and
++            #   users might wish to take steps to block the client.
++            self._handle_client_error(ex)
++            self.close_connection = True
+             self._send_error_response_if_possible(400)
+         except socket.error as ex:
+             if ex.args[0] in self.ignored_socket_errors:
+@@ -1054,17 +1178,22 @@ class WSGIHandler(object):
+     def _handle_client_error(self, ex):
+         # Called for invalid client input
+         # Returns the appropriate error response.
+-        if not isinstance(ex, ValueError):
++        if not isinstance(ex, (ValueError, _InvalidClientInput)):
+             # XXX: Why not self._log_error to send it through the loop's
+             # handle_error method?
++            # _InvalidClientRequest is a ValueError; _InvalidClientInput is an IOError.
+             traceback.print_exc()
+         if isinstance(ex, _InvalidClientRequest):
+             # No formatting needed, that's already been handled. In fact, because the
+             # formatted message contains user input, it might have a % in it, and attempting
+             # to format that with no arguments would be an error.
+-            self.log_error(ex.formatted_message)
++            # However, the error messages do not include the requesting IP
++            # necessarily, so we do add that.
++            self.log_error('(from %s) %s', self.client_address, ex.formatted_message)
+         else:
+-            self.log_error('Invalid request: %s', str(ex) or ex.__class__.__name__)
++            self.log_error('Invalid request (from %s): %s',
++                           self.client_address,
++                           str(ex) or ex.__class__.__name__)
+         return ('400', _BAD_REQUEST_RESPONSE)
+
+     def _headers(self):
+diff --git a/src/gevent/subprocess.py b/src/gevent/subprocess.py
+index 38c9bd3..8a8ccad 100644
+--- a/src/gevent/subprocess.py
++++ b/src/gevent/subprocess.py
+@@ -352,10 +352,11 @@ def check_output(*popenargs, **kwargs):
+
+     To capture standard error in the result, use ``stderr=STDOUT``::
+
+-        >>> print(check_output(["/bin/sh", "-c",
++        >>> output = check_output(["/bin/sh", "-c",
+         ...               "ls -l non_existent_file ; exit 0"],
+-        ...              stderr=STDOUT).decode('ascii').strip())
+-        ls: non_existent_file: No such file or directory
++        ...              stderr=STDOUT).decode('ascii').strip()
++        >>> print(output.rsplit(':', 1)[1].strip())
++        No such file or directory
+
+     There is an additional optional argument, "input", allowing you to
+     pass a string to the subprocess's stdin.  If you use this argument
+diff --git a/src/gevent/testing/testcase.py b/src/gevent/testing/testcase.py
+index cd5db80..aa86dcf 100644
+--- a/src/gevent/testing/testcase.py
++++ b/src/gevent/testing/testcase.py
+@@ -225,7 +225,7 @@ class TestCaseMetaClass(type):
+                 classDict.pop(key)
+                 # XXX: When did we stop doing this?
+                 #value = wrap_switch_count_check(value)
+-                value = _wrap_timeout(timeout, value)
++                #value = _wrap_timeout(timeout, value)
+                 error_fatal = getattr(value, 'error_fatal', error_fatal)
+                 if error_fatal:
+                     value = errorhandler.wrap_error_fatal(value)
+diff --git a/src/gevent/tests/test__pywsgi.py b/src/gevent/tests/test__pywsgi.py
+index d2125a8..d46030b 100644
+--- a/src/gevent/tests/test__pywsgi.py
++++ b/src/gevent/tests/test__pywsgi.py
+@@ -25,21 +25,11 @@ from gevent import monkey
+ monkey.patch_all()
+
+ from contextlib import contextmanager
+-try:
+-    from urllib.parse import parse_qs
+-except ImportError:
+-    # Python 2
+-    from urlparse import parse_qs
++from urllib.parse import parse_qs
+ import os
+ import sys
+-try:
+-    # On Python 2, we want the C-optimized version if
+-    # available; it has different corner-case behaviour than
+-    # the Python implementation, and it used by socket.makefile
+-    # by default.
+-    from cStringIO import StringIO
+-except ImportError:
+-    from io import BytesIO as StringIO
++from io import BytesIO as StringIO
++
+ import weakref
+ import unittest
+ from wsgiref.validate import validator
+@@ -156,6 +146,10 @@ class Response(object):
+     @classmethod
+     def read(cls, fd, code=200, reason='default', version='1.1',
+              body=None, chunks=None, content_length=None):
++        """
++        Read an HTTP response, optionally perform assertions,
++        and return the Response object.
++        """
+         # pylint:disable=too-many-branches
+         _status_line, headers = read_headers(fd)
+         self = cls(_status_line, headers)
+@@ -716,7 +710,14 @@ class TestNegativeReadline(TestCase):
+
+ class TestChunkedPost(TestCase):
+
++    calls = 0
++
++    def setUp(self):
++        super().setUp()
++        self.calls = 0
++
+     def application(self, env, start_response):
++        self.calls += 1
+         self.assertTrue(env.get('wsgi.input_terminated'))
+         start_response('200 OK', [('Content-Type', 'text/plain')])
+         if env['PATH_INFO'] == '/a':
+@@ -730,6 +731,8 @@ class TestChunkedPost(TestCase):
+         if env['PATH_INFO'] == '/c':
+             return list(iter(lambda: env['wsgi.input'].read(1), b''))
+
++        return [b'We should not get here', env['PATH_INFO'].encode('ascii')]
++
+     def test_014_chunked_post(self):
+         data = (b'POST /a HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n'
+                 b'Transfer-Encoding: chunked\r\n\r\n'
+@@ -797,6 +800,170 @@ class TestChunkedPost(TestCase):
+             fd.write(data)
+             read_http(fd, code=400)
+
++    def test_trailers_keepalive_ignored(self):
++        # Trailers after a chunk are ignored.
++        data = (
++            b'POST /a HTTP/1.1\r\n'
++            b'Host: localhost\r\n'
++            b'Connection: keep-alive\r\n'
++            b'Transfer-Encoding: chunked\r\n'
++            b'\r\n'
++            b'2\r\noh\r\n'
++            b'4\r\n hai\r\n'
++            b'0\r\n' # last-chunk
++            # Normally the final CRLF would go here, but if you put in a
++            # trailer, it doesn't.
++            b'trailer1: value1\r\n'
++            b'trailer2: value2\r\n'
++            b'\r\n' # Really terminate the chunk.
++            b'POST /a HTTP/1.1\r\n'
++            b'Host: localhost\r\n'
++            b'Connection: close\r\n'
++            b'Transfer-Encoding: chunked\r\n'
++            b'\r\n'
++            b'2\r\noh\r\n'
++            b'4\r\n bye\r\n'
++            b'0\r\n' # last-chunk
++        )
++        with self.makefile() as fd:
++            fd.write(data)
++            read_http(fd, body='oh hai')
++            read_http(fd, body='oh bye')
++
++        self.assertEqual(self.calls, 2)
++
++    def test_trailers_too_long(self):
++        # Trailers after a chunk are ignored.
++        data = (
++            b'POST /a HTTP/1.1\r\n'
++            b'Host: localhost\r\n'
++            b'Connection: keep-alive\r\n'
++            b'Transfer-Encoding: chunked\r\n'
++            b'\r\n'
++            b'2\r\noh\r\n'
++            b'4\r\n hai\r\n'
++            b'0\r\n' # last-chunk
++            # Normally the final CRLF would go here, but if you put in a
++            # trailer, it doesn't.
++            b'trailer2: value2' # not lack of \r\n
++        )
++        data += b't' * pywsgi.MAX_REQUEST_LINE
++        # No termination, because we detect the trailer as being too
++        # long and abort the connection.
++        with self.makefile() as fd:
++            fd.write(data)
++            read_http(fd, body='oh hai')
++            with self.assertRaises(ConnectionClosed):
++                read_http(fd, body='oh bye')
++
++    def test_trailers_request_smuggling_missing_last_chunk_keep_alive(self):
++        # When something that looks like a request line comes in the trailer
++        # as the first line, immediately after an invalid last chunk.
++        # We detect this and abort the connection, because the
++        # whitespace in the GET line isn't a legal part of a trailer.
++        # If we didn't abort the connection, then, because we specified
++        # keep-alive, the server would be hanging around waiting for more input.
++        data = (
++            b'POST /a HTTP/1.1\r\n'
++            b'Host: localhost\r\n'
++            b'Connection: keep-alive\r\n'
++            b'Transfer-Encoding: chunked\r\n'
++            b'\r\n'
++            b'2\r\noh\r\n'
++            b'4\r\n hai\r\n'
++            b'0' # last-chunk, but missing the \r\n
++            # Normally the final CRLF would go here, but if you put in a
++            # trailer, it doesn't.
++            # b'\r\n'
++            b'GET /path2?a=:123 HTTP/1.1\r\n'
++            b'Host: a.com\r\n'
++            b'Connection: close\r\n'
++            b'\r\n'
++        )
++        with self.makefile() as fd:
++            fd.write(data)
++            read_http(fd, body='oh hai')
++            with self.assertRaises(ConnectionClosed):
++                read_http(fd)
++
++        self.assertEqual(self.calls, 1)
++
++    def test_trailers_request_smuggling_missing_last_chunk_close(self):
++        # Same as the above, except the trailers are actually valid
++        # and since we ask to close the connection we don't get stuck
++        # waiting for more input.
++        data = (
++            b'POST /a HTTP/1.1\r\n'
++            b'Host: localhost\r\n'
++            b'Connection: close\r\n'
++            b'Transfer-Encoding: chunked\r\n'
++            b'\r\n'
++            b'2\r\noh\r\n'
++            b'4\r\n hai\r\n'
++            b'0\r\n' # last-chunk
++            # Normally the final CRLF would go here, but if you put in a
++            # trailer, it doesn't.
++            # b'\r\n'
++            b'GETpath2a:123 HTTP/1.1\r\n'
++            b'Host: a.com\r\n'
++            b'Connection: close\r\n'
++            b'\r\n'
++        )
++        with self.makefile() as fd:
++            fd.write(data)
++            read_http(fd, body='oh hai')
++            with self.assertRaises(ConnectionClosed):
++                read_http(fd)
++
++    def test_trailers_request_smuggling_header_first(self):
++        # When something that looks like a header comes in the first line.
++        data = (
++            b'POST /a HTTP/1.1\r\n'
++            b'Host: localhost\r\n'
++            b'Connection: keep-alive\r\n'
++            b'Transfer-Encoding: chunked\r\n'
++            b'\r\n'
++            b'2\r\noh\r\n'
++            b'4\r\n hai\r\n'
++            b'0\r\n' # last-chunk, but only one CRLF
++            b'Header: value\r\n'
++            b'GET /path2?a=:123 HTTP/1.1\r\n'
++            b'Host: a.com\r\n'
++            b'Connection: close\r\n'
++            b'\r\n'
++        )
++        with self.makefile() as fd:
++            fd.write(data)
++            read_http(fd, body='oh hai')
++            with self.assertRaises(ConnectionClosed):
++                read_http(fd, code=400)
++
++        self.assertEqual(self.calls, 1)
++
++    def test_trailers_request_smuggling_request_terminates_then_header(self):
++        data = (
++            b'POST /a HTTP/1.1\r\n'
++            b'Host: localhost\r\n'
++            b'Connection: keep-alive\r\n'
++            b'Transfer-Encoding: chunked\r\n'
++            b'\r\n'
++            b'2\r\noh\r\n'
++            b'4\r\n hai\r\n'
++            b'0\r\n' # last-chunk
++            b'\r\n'
++            b'Header: value'
++            b'GET /path2?a=:123 HTTP/1.1\r\n'
++            b'Host: a.com\r\n'
++            b'Connection: close\r\n'
++            b'\r\n'
++        )
++        with self.makefile() as fd:
++            fd.write(data)
++            read_http(fd, body='oh hai')
++            read_http(fd, code=400)
++
++        self.assertEqual(self.calls, 1)
++
+
+ class TestUseWrite(TestCase):
+
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb b/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb
index 9efeec4d9f..fd6b0f531a 100644
--- a/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb
+++ b/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb
@@ -13,6 +13,8 @@ RDEPENDS:${PN} = "${PYTHON_PN}-greenlet \
 
 SRC_URI[sha256sum] = "f48b64578c367b91fa793bf8eaaaf4995cb93c8bc45860e473bf868070ad094e"
 
+SRC_URI += "file://CVE-2023-41419.patch"
+
 inherit pypi setuptools3
 
 # Don't embed libraries, link to the system instead
diff --git a/meta-python/recipes-devtools/python/python3-kivy_2.1.0..bb b/meta-python/recipes-devtools/python/python3-kivy_2.1.0..bb
index 684bca03e1..b02c55a85b 100644
--- a/meta-python/recipes-devtools/python/python3-kivy_2.1.0..bb
+++ b/meta-python/recipes-devtools/python/python3-kivy_2.1.0..bb
@@ -43,7 +43,9 @@ export KIVY_GRAPHICS
 KIVY_CROSS_SYSROOT="${RECIPE_SYSROOT}"
 export KIVY_CROSS_SYSROOT
 
-REQUIRED_DISTRO_FEATURES += "x11 opengl"
+REQUIRED_DISTRO_FEATURES += "opengl gobject-introspection-data"
+
+ANY_OF_DISTRO_FEATURES = "x11 wayland"
 
 DEPENDS += " \
     gstreamer1.0 \
diff --git a/meta-python/recipes-devtools/python/python3-lxml/CVE-2022-2309.patch b/meta-python/recipes-devtools/python/python3-lxml/CVE-2022-2309.patch
new file mode 100644
index 0000000000..5ec55dfd2a
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-lxml/CVE-2022-2309.patch
@@ -0,0 +1,99 @@
+From 86368e9cf70a0ad23cccd5ee32de847149af0c6f Mon Sep 17 00:00:00 2001
+From: Stefan Behnel <stefan_ml@behnel.de>
+Date: Fri, 1 Jul 2022 21:06:10 +0200
+Subject: [PATCH] Fix a crash when incorrect parser input occurs together with
+ usages of iterwalk() on trees generated by the same parser.
+
+CVE: CVE-2022-2309
+
+Upstream-Status: Backport
+[https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f]
+
+Signed-off-by: Yue Tao <yue.tao@windriver.com>
+
+---
+ src/lxml/apihelpers.pxi      |  7 ++++---
+ src/lxml/iterparse.pxi       | 11 ++++++-----
+ src/lxml/tests/test_etree.py | 20 ++++++++++++++++++++
+ 3 files changed, 30 insertions(+), 8 deletions(-)
+
+diff --git a/src/lxml/apihelpers.pxi b/src/lxml/apihelpers.pxi
+index c1662762..9fae9fb1 100644
+--- a/src/lxml/apihelpers.pxi
++++ b/src/lxml/apihelpers.pxi
+@@ -246,9 +246,10 @@ cdef dict _build_nsmap(xmlNode* c_node):
+     while c_node is not NULL and c_node.type == tree.XML_ELEMENT_NODE:
+         c_ns = c_node.nsDef
+         while c_ns is not NULL:
+-            prefix = funicodeOrNone(c_ns.prefix)
+-            if prefix not in nsmap:
+-                nsmap[prefix] = funicodeOrNone(c_ns.href)
++            if c_ns.prefix or c_ns.href:
++                prefix = funicodeOrNone(c_ns.prefix)
++                if prefix not in nsmap:
++                    nsmap[prefix] = funicodeOrNone(c_ns.href)
+             c_ns = c_ns.next
+         c_node = c_node.parent
+     return nsmap
+diff --git a/src/lxml/iterparse.pxi b/src/lxml/iterparse.pxi
+index 138c23a6..a7299da6 100644
+--- a/src/lxml/iterparse.pxi
++++ b/src/lxml/iterparse.pxi
+@@ -420,7 +420,7 @@ cdef int _countNsDefs(xmlNode* c_node):
+     count = 0
+     c_ns = c_node.nsDef
+     while c_ns is not NULL:
+-        count += 1
++        count += (c_ns.href is not NULL)
+         c_ns = c_ns.next
+     return count
+ 
+@@ -431,9 +431,10 @@ cdef int _appendStartNsEvents(xmlNode* c_node, list event_list) except -1:
+     count = 0
+     c_ns = c_node.nsDef
+     while c_ns is not NULL:
+-        ns_tuple = (funicode(c_ns.prefix) if c_ns.prefix is not NULL else '',
+-                    funicode(c_ns.href))
+-        event_list.append( (u"start-ns", ns_tuple) )
+-        count += 1
++        if c_ns.href:
++            ns_tuple = (funicodeOrEmpty(c_ns.prefix),
++                        funicode(c_ns.href))
++            event_list.append( (u"start-ns", ns_tuple) )
++            count += 1
+         c_ns = c_ns.next
+     return count
+diff --git a/src/lxml/tests/test_etree.py b/src/lxml/tests/test_etree.py
+index e5f08469..285313f6 100644
+--- a/src/lxml/tests/test_etree.py
++++ b/src/lxml/tests/test_etree.py
+@@ -1460,6 +1460,26 @@ class ETreeOnlyTestCase(HelperTestCase):
+             [1,2,1,4],
+             counts)
+ 
++    def test_walk_after_parse_failure(self):
++        # This used to be an issue because libxml2 can leak empty namespaces
++        # between failed parser runs.  iterwalk() failed to handle such a tree.
++        try:
++            etree.XML('''<anot xmlns="1">''')
++        except etree.XMLSyntaxError:
++            pass
++        else:
++            assert False, "invalid input did not fail to parse"
++
++        et = etree.XML('''<root>  </root>''')
++        try:
++            ns = next(etree.iterwalk(et, events=('start-ns',)))
++        except StopIteration:
++            # This would be the expected result, because there was no namespace
++            pass
++        else:
++            # This is a bug in libxml2
++            assert not ns, repr(ns)
++
+     def test_itertext_comment_pi(self):
+         # https://bugs.launchpad.net/lxml/+bug/1844674
+         XML = self.etree.XML
+-- 
+2.17.1
+
diff --git a/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb b/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb
index c4d4df383a..0c78d97abd 100644
--- a/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb
+++ b/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb
@@ -20,7 +20,8 @@ DEPENDS += "libxml2 libxslt"
 
 SRC_URI[sha256sum] = "f63f62fc60e6228a4ca9abae28228f35e1bd3ce675013d1dfb828688d50c6e23"
 
-SRC_URI += "${PYPI_SRC_URI}"
+SRC_URI += "${PYPI_SRC_URI} \
+            file://CVE-2022-2309.patch "
 inherit pkgconfig pypi setuptools3
 
 # {standard input}: Assembler messages:
diff --git a/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch b/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch
new file mode 100644
index 0000000000..cc915f1478
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch
@@ -0,0 +1,175 @@
+From 2fa92e048b76fcc7bf2d4f4443478c8292d17470 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
+Date: Thu, 1 Jun 2023 14:56:34 +0000
+Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA
+ decryption API (CVE-2020-25657)
+
+Fixes #282
+
+CVE: CVE-2020-25657
+
+Upstream-Status: Backport [https://gitlab.com/m2crypto/m2crypto/-/commit/84c53958def0f510e92119fca14d74f94215827a]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++--------
+ src/SWIG/_rsa.i           | 20 ++++++++++++--------
+ tests/test_rsa.py         | 15 +++++++--------
+ 3 files changed, 31 insertions(+), 24 deletions(-)
+
+diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c
+index 3db88b9..6aafe1f 100644
+--- a/src/SWIG/_m2crypto_wrap.c
++++ b/src/SWIG/_m2crypto_wrap.c
+@@ -7129,9 +7129,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7159,9 +7160,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7186,9 +7188,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7213,9 +7216,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+
+diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i
+index bc714e0..1377b8b 100644
+--- a/src/SWIG/_rsa.i
++++ b/src/SWIG/_rsa.i
+@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+
+diff --git a/tests/test_rsa.py b/tests/test_rsa.py
+index 7bb3af7..5e75d68 100644
+--- a/tests/test_rsa.py
++++ b/tests/test_rsa.py
+@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase):
+         # The other paddings.
+         for padding in self.s_padding_nok:
+             p = getattr(RSA, padding)
+-            with self.assertRaises(RSA.RSAError):
+-                priv.private_encrypt(self.data, p)
++            # Exception disabled as a part of mitigation against CVE-2020-25657
++            # with self.assertRaises(RSA.RSAError):
++            priv.private_encrypt(self.data, p)
+         # Type-check the data to be encrypted.
+         with self.assertRaises(TypeError):
+             priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding)
+@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase):
+             self.assertEqual(ptxt, self.data)
+
+         # no_padding
+-        with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
+-            priv.public_encrypt(self.data, RSA.no_padding)
++        # Exception disabled as a part of mitigation against CVE-2020-25657
++        # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
++        priv.public_encrypt(self.data, RSA.no_padding)
+
+         # Type-check the data to be encrypted.
++        # Exception disabled as a part of mitigation against CVE-2020-25657
+         with self.assertRaises(TypeError):
+             priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding)
+
+@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase):
+                          b'\000\000\000\003\001\000\001')  # aka 65537 aka 0xf4
+         with self.assertRaises(RSA.RSAError):
+             setattr(rsa, 'e', '\000\000\000\003\001\000\001')
+-        with self.assertRaises(RSA.RSAError):
+-            rsa.private_encrypt(1)
+-        with self.assertRaises(RSA.RSAError):
+-            rsa.private_decrypt(1)
+         assert rsa.check_key()
+
+     def test_loadpub_bad(self):
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb b/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb
index 51a0dd676e..155a9066ca 100644
--- a/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb
+++ b/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \
            file://cross-compile-platform.patch \
            file://avoid-host-contamination.patch \
            file://0001-setup.py-address-openssl-3.x-build-issue.patch \
+           file://CVE-2020-25657.patch \
            "
 SRC_URI[sha256sum] = "99f2260a30901c949a8dc6d5f82cd5312ffb8abc92e76633baf231bbbcb2decb"
 
diff --git a/meta-python/recipes-devtools/python/python3-oauthlib_3.2.0.bb b/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb
index e7f7f0b47b..566279d71c 100644
--- a/meta-python/recipes-devtools/python/python3-oauthlib_3.2.0.bb
+++ b/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/idan/oauthlib"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=abd2675e944a2011aed7e505290ba482"
 
-SRC_URI[sha256sum] = "23a8208d75b902797ea29fd31fa80a15ed9dc2c6c16fe73f5d346f83f6fa27a2"
+SRC_URI[sha256sum] = "9859c40929662bec5d64f34d01c99e093149682a3f38915dc0655d5a633dd918"
 
 inherit pypi setuptools3
 
diff --git a/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch
new file mode 100644
index 0000000000..ad51f17288
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch
@@ -0,0 +1,156 @@
+From 1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 Mon Sep 17 00:00:00 2001
+From: Andrew Murray <radarhere@users.noreply.github.com>
+Date: Fri, 30 Jun 2023 23:32:26 +1000
+Subject: [PATCH] Added ImageFont.MAX_STRING_LENGTH
+
+Upstream-status: Backport [https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7]
+CVE: CVE-2023-44271
+Comment: Refresh hunk for test_imagefont.py, ImageFont.py and
+Remove hunk 10.0.0.rst because in our version it is 9.4.0
+
+Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
+Signed-off-by: Dnyandev Padalkar <padalkards17082001@gmail.com>
+---
+ Tests/test_imagefont.py      | 19 +++++++++++++++++++
+ docs/reference/ImageFont.rst | 18 ++++++++++++++++++
+ src/PIL/ImageFont.py         | 15 +++++++++++++++
+ 3 files changed, 52 insertions(+)
+
+diff --git a/Tests/test_imagefont.py b/Tests/test_imagefont.py
+index 7fa8ff8cbfd..c50447a153d 100644
+--- a/Tests/test_imagefont.py
++++ b/Tests/test_imagefont.py
+@@ -1107,6 +1107,25 @@
+     assert_image_equal_tofile(im, "Tests/images/text_mono.gif")
+ 
+ 
++def test_too_many_characters(font):
++    with pytest.raises(ValueError):
++        font.getlength("A" * 1000001)
++    with pytest.raises(ValueError):
++        font.getbbox("A" * 1000001)
++    with pytest.raises(ValueError):
++        font.getmask2("A" * 1000001)
++
++    transposed_font = ImageFont.TransposedFont(font)
++    with pytest.raises(ValueError):
++        transposed_font.getlength("A" * 1000001)
++
++    default_font = ImageFont.load_default()
++    with pytest.raises(ValueError):
++        default_font.getlength("A" * 1000001)
++    with pytest.raises(ValueError):
++        default_font.getbbox("A" * 1000001)
++
++
+ @pytest.mark.parametrize(
+     "test_file",
+     [
+diff --git a/docs/reference/ImageFont.rst b/docs/reference/ImageFont.rst
+index 946bd3c4bed..2abfa0cc997 100644
+--- a/docs/reference/ImageFont.rst
++++ b/docs/reference/ImageFont.rst
+@@ -18,6 +18,15 @@ OpenType fonts (as well as other font formats supported by the FreeType
+ library). For earlier versions, TrueType support is only available as part of
+ the imToolkit package.
+ 
++.. warning::
++    To protect against potential DOS attacks when using arbitrary strings as
++    text input, Pillow will raise a ``ValueError`` if the number of characters
++    is over a certain limit, :py:data:`MAX_STRING_LENGTH`.
++
++    This threshold can be changed by setting
++    :py:data:`MAX_STRING_LENGTH`. It can be disabled by setting
++    ``ImageFont.MAX_STRING_LENGTH = None``.
++
+ Example
+ -------
+ 
+@@ -73,3 +82,12 @@ Constants
+ 
+     Requires Raqm, you can check support using
+     :py:func:`PIL.features.check_feature` with ``feature="raqm"``.
++
++Constants
++---------
++
++.. data:: MAX_STRING_LENGTH
++
++    Set to 1,000,000, to protect against potential DOS attacks. Pillow will
++    raise a ``ValueError`` if the number of characters is over this limit. The
++    check can be disabled by setting ``ImageFont.MAX_STRING_LENGTH = None``. 
+diff --git a/src/PIL/ImageFont.py b/src/PIL/ImageFont.py
+index 3ddc1aaad64..1030985ebc4 100644
+--- a/src/PIL/ImageFont.py
++++ b/src/PIL/ImageFont.py
+@@ -43,6 +43,9 @@
+     RAQM = 1
+ 
+ 
++MAX_STRING_LENGTH = 1000000
++
++
+ def __getattr__(name):
+     for enum, prefix in {Layout: "LAYOUT_"}.items():
+         if name.startswith(prefix):
+@@ -67,6 +67,12 @@
+     core = _ImagingFtNotInstalled()
+ 
+ 
++def _string_length_check(text):
++    if MAX_STRING_LENGTH is not None and len(text) > MAX_STRING_LENGTH:
++        msg = "too many characters in string"
++        raise ValueError(msg)
++
++
+ _UNSPECIFIED = object()
+ 
+ 
+@@ -192,6 +192,7 @@
+ 
+         :return: ``(left, top, right, bottom)`` bounding box
+         """
++        _string_length_check(text)
+         width, height = self.font.getsize(text)
+         return 0, 0, width, height
+ 
+@@ -202,6 +202,7 @@
+ 
+         .. versionadded:: 9.2.0
+         """
++        _string_length_check(text)
+         width, height = self.font.getsize(text)
+         return width
+ 
+@@ -359,6 +359,7 @@
+ 
+         :return: Width for horizontal, height for vertical text.
+         """
++        _string_length_check(text)
+         return self.font.getlength(text, mode, direction, features, language) / 64
+ 
+     def getbbox(
+@@ -418,6 +418,7 @@
+ 
+         :return: ``(left, top, right, bottom)`` bounding box
+         """
++        _string_length_check(text)
+         size, offset = self.font.getsize(
+             text, mode, direction, features, language, anchor
+         )
+@@ -762,6 +762,7 @@
+                  :py:mod:`PIL.Image.core` interface module, and the text offset, the
+                  gap between the starting coordinate and the first marking
+         """
++        _string_length_check(text)
+         if fill is _UNSPECIFIED:
+             fill = Image.core.fill
+         else:
+@@ -924,6 +924,7 @@
+         if self.orientation in (Image.Transpose.ROTATE_90, Image.Transpose.ROTATE_270):
+             msg = "text length is undefined for text rotated by 90 or 270 degrees"
+             raise ValueError(msg)
++        _string_length_check(text)
+         return self.font.getlength(text, *args, **kwargs)
+ 
+ 
diff --git a/meta-python/recipes-devtools/python/python3-pillow/run-ptest b/meta-python/recipes-devtools/python/python3-pillow/run-ptest
new file mode 100644
index 0000000000..3385d68939
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pillow/run-ptest
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+pytest -o log_cli=true -o log_cli_level=INFO | sed -e 's/\[...%\]//g'| sed -e 's/PASSED/PASS/g'| sed -e 's/FAILED/FAIL/g'|sed -e 's/SKIPED/SKIP/g'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS"){printf "%s: %s\n", $NF, $0}else{print}}'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS") {$NF="";print $0}else{print}}'
diff --git a/meta-python/recipes-devtools/python/python3-pillow_9.0.1.bb b/meta-python/recipes-devtools/python/python3-pillow_9.0.1.bb
deleted file mode 100644
index fb86322f77..0000000000
--- a/meta-python/recipes-devtools/python/python3-pillow_9.0.1.bb
+++ /dev/null
@@ -1,42 +0,0 @@
-SUMMARY = "Python Imaging Library (Fork). Pillow is the friendly PIL fork by Alex \
-Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \
-Contributors."
-HOMEPAGE = "https://pillow.readthedocs.io"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=ad081a0aede51e89f8da13333a8fb849"
-
-SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=9.0.x;protocol=https \
-           file://0001-support-cross-compiling.patch \
-           file://0001-explicitly-set-compile-options.patch \
-"
-SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8"
-
-inherit setuptools3
-
-PIP_INSTALL_PACKAGE = "Pillow"
-PIP_INSTALL_DIST_PATH = "${S}/dist"
-
-DEPENDS += " \
-    zlib \
-    jpeg \
-    tiff \
-    freetype \
-    lcms \
-    openjpeg \
-"
-
-RDEPENDS:${PN} += " \
-    ${PYTHON_PN}-misc \
-    ${PYTHON_PN}-logging \
-    ${PYTHON_PN}-numbers \
-"
-
-CVE_PRODUCT = "pillow"
-
-S = "${WORKDIR}/git"
-
-RPROVIDES:${PN} += "python3-imaging"
-
-BBCLASSEXTEND = "native"
-
-SRCREV = "6deac9e3a23caffbfdd75c00d3f0a1cd36cdbd5d"
diff --git a/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb b/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb
new file mode 100644
index 0000000000..b9c09127c5
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb
@@ -0,0 +1,65 @@
+SUMMARY = "Python Imaging Library (Fork). Pillow is the friendly PIL fork by Alex \
+Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \
+Contributors."
+HOMEPAGE = "https://pillow.readthedocs.io"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=bc416d18f294943285560364be7cbec1"
+
+SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=main;protocol=https \
+           file://0001-support-cross-compiling.patch \
+           file://0001-explicitly-set-compile-options.patch \
+           file://run-ptest \
+           file://CVE-2023-44271.patch \
+           "
+SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8"
+
+inherit setuptools3 ptest
+
+PIP_INSTALL_PACKAGE = "Pillow"
+PIP_INSTALL_DIST_PATH = "${S}/dist"
+
+DEPENDS += " \
+    zlib \
+    jpeg \
+    tiff \
+    freetype \
+    lcms \
+    openjpeg \
+"
+
+RDEPENDS:${PN} += " \
+    ${PYTHON_PN}-misc \
+    ${PYTHON_PN}-logging \
+    ${PYTHON_PN}-numbers \
+"
+
+RDEPENDS:${PN}-ptest += " \
+    bash \
+    ghostscript \
+    jpeg-tools \
+    libwebp \
+    ${PYTHON_PN}-core \
+    ${PYTHON_PN}-distutils \
+    ${PYTHON_PN}-image \
+    ${PYTHON_PN}-mmap \
+    ${PYTHON_PN}-pytest \
+    ${PYTHON_PN}-pytest-timeout \
+    ${PYTHON_PN}-resource \
+    ${PYTHON_PN}-unixadmin\
+    ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'tk', '', d)} \
+"
+
+CVE_PRODUCT = "pillow"
+
+S = "${WORKDIR}/git"
+
+RPROVIDES:${PN} += "python3-imaging"
+
+do_install_ptest() {
+        install -d ${D}${PTEST_PATH}/Tests
+        cp -rf ${S}/Tests ${D}${PTEST_PATH}/
+}
+
+BBCLASSEXTEND = "native"
+
+SRCREV = "a5bbab1c1e63b439de191ef2040173713b26d2da"
diff --git a/meta-python/recipes-devtools/python/python3-protobuf_3.20.0.bb b/meta-python/recipes-devtools/python/python3-protobuf_3.20.3.bb
index 5c4de4ac2b..76b48e1ffc 100644
--- a/meta-python/recipes-devtools/python/python3-protobuf_3.20.0.bb
+++ b/meta-python/recipes-devtools/python/python3-protobuf_3.20.3.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://PKG-INFO;beginline=8;endline=8;md5=53dbfa56f61b90215a
 
 inherit pypi setuptools3
 
-SRC_URI[sha256sum] = "71b2c3d1cd26ed1ec7c8196834143258b2ad7f444efff26fdc366c6f5e752702"
+SRC_URI[sha256sum] = "2e3427429c9cffebf259491be0af70189607f365c2f41c7c3764af6f337105f2"
 
 # http://errors.yoctoproject.org/Errors/Details/184715/
 # Can't find required file: ../src/google/protobuf/descriptor.proto
diff --git a/meta-python/recipes-devtools/python/python3-pyudev_0.23.2.bb b/meta-python/recipes-devtools/python/python3-pyudev_0.23.2.bb
index 4c4c959eba..035e149518 100644
--- a/meta-python/recipes-devtools/python/python3-pyudev_0.23.2.bb
+++ b/meta-python/recipes-devtools/python/python3-pyudev_0.23.2.bb
@@ -21,4 +21,4 @@ RDEPENDS:${PN} = "\
     libudev \
 "
 
-BBCLASSEXTEND = "native nativesdk"
+BBCLASSEXTEND = "native"
diff --git a/meta-python/recipes-devtools/python/python3-requests-toolbelt/0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch b/meta-python/recipes-devtools/python/python3-requests-toolbelt/0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch
new file mode 100644
index 0000000000..baa833b6d2
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-requests-toolbelt/0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch
@@ -0,0 +1,41 @@
+From 7188b06330e5260be20bce8cbcf0d5ae44e34eaf Mon Sep 17 00:00:00 2001
+From: Jon Dufresne <jon.dufresne@gmail.com>
+Date: Fri, 1 Feb 2019 16:30:01 -0800
+Subject: [PATCH] Fix collections.abc deprecation warning in downloadutils
+
+Warning appears as:
+
+tests/test_downloadutils.py::test_stream_response_to_specific_filename
+  requests_toolbelt/downloadutils/stream.py:161: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working
+    if path and isinstance(getattr(path, 'write', None), collections.Callable):
+
+Upstream-Status: Backport [https://github.com/requests/toolbelt/commit/7188b06330e5260be20bce8cbcf0d5ae44e34eaf]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ requests_toolbelt/downloadutils/stream.py | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/requests_toolbelt/downloadutils/stream.py b/requests_toolbelt/downloadutils/stream.py
+index eed60a7..1d1c31b 100644
+--- a/requests_toolbelt/downloadutils/stream.py
++++ b/requests_toolbelt/downloadutils/stream.py
+@@ -1,6 +1,5 @@
+ # -*- coding: utf-8 -*-
+ """Utilities for dealing with streamed requests."""
+-import collections
+ import os.path
+ import re
+ 
+@@ -158,7 +157,7 @@ def stream_response_to_file(response, path=None, chunksize=_DEFAULT_CHUNKSIZE):
+     pre_opened = False
+     fd = None
+     filename = None
+-    if path and isinstance(getattr(path, 'write', None), collections.Callable):
++    if path and callable(getattr(path, 'write', None)):
+         pre_opened = True
+         fd = path
+         filename = getattr(fd, 'name', None)
+-- 
+2.25.1
+
diff --git a/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.9.1.bb b/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.9.1.bb
index 366f41ca81..72ad7a6180 100644
--- a/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.9.1.bb
+++ b/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.9.1.bb
@@ -6,7 +6,8 @@ LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=71760e0f1dda8cff91b0bc9246caf571"
 
 SRC_URI = "file://run-ptest \
-          "
+           file://0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch \
+           "
 
 SRC_URI[md5sum] = "b1509735c4b4cf95df2619facbc3672e"
 SRC_URI[sha256sum] = "968089d4584ad4ad7c171454f0a5c6dac23971e9472521ea3b6d49d610aa6fc0"
@@ -31,4 +32,4 @@ do_install_ptest() {
 	# remove test test_multipart_encoder.py as it fails,
 	# downloaded file is not supported
 	rm -f ${D}${PTEST_PATH}/tests/test_multipart_encoder.py
-}
+} 
diff --git a/meta-python/recipes-devtools/python/python3-robotframework-seriallibrary_0.3.1.bb b/meta-python/recipes-devtools/python/python3-robotframework-seriallibrary_0.3.1.bb
index d9465af081..ecc15499cf 100644
--- a/meta-python/recipes-devtools/python/python3-robotframework-seriallibrary_0.3.1.bb
+++ b/meta-python/recipes-devtools/python/python3-robotframework-seriallibrary_0.3.1.bb
@@ -16,5 +16,3 @@ RDEPENDS:${PN} += " \
     ${PYTHON_PN}-pyserial \
     ${PYTHON_PN}-robotframework \
 "
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-python/recipes-devtools/python/python3-snappy_0.6.1.bb b/meta-python/recipes-devtools/python/python3-snappy_0.6.1.bb
index 8a30f7cb78..bd0979d0b4 100644
--- a/meta-python/recipes-devtools/python/python3-snappy_0.6.1.bb
+++ b/meta-python/recipes-devtools/python/python3-snappy_0.6.1.bb
@@ -11,5 +11,3 @@ inherit pypi setuptools3
 PYPI_PACKAGE = "python-snappy"
 
 RDEPENDS:${PN} += "snappy"
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-python/recipes-devtools/python/python3-soupsieve_2.3.1.bb b/meta-python/recipes-devtools/python/python3-soupsieve_2.3.1.bb
index 7cb76b426f..631a45c99e 100644
--- a/meta-python/recipes-devtools/python/python3-soupsieve_2.3.1.bb
+++ b/meta-python/recipes-devtools/python/python3-soupsieve_2.3.1.bb
@@ -12,10 +12,6 @@ SRC_URI += " \
         file://run-ptest \
 "
 
-RDEPENDS:${PN} += "\
-        ${PYTHON_PN}-beautifulsoup4 \
-"
-
 RDEPENDS:${PN}-ptest += " \
         ${PYTHON_PN}-pytest \
         ${PYTHON_PN}-beautifulsoup4 \
diff --git a/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch b/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch
new file mode 100644
index 0000000000..41dbf088e1
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch
@@ -0,0 +1,75 @@
+From fa1cc25e1967228e5d47b9ddb626cc82dba92d7e Mon Sep 17 00:00:00 2001
+From: Andi Albrecht <albrecht.andi@gmail.com>
+Date: Wed, 31 May 2023 12:29:07 +0000
+Subject: [PATCH] Remove unnecessary parts in regex for bad escaping.
+
+The regex tried to deal with situations where escaping in the
+SQL to be parsed was suspicious.
+
+CVE: CVE-2023-30608
+
+Upstream-Status: Backport [https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ CHANGELOG            | 15 +++++++++++++++
+ sqlparse/keywords.py |  4 ++--
+ tests/test_split.py  |  4 ++--
+ 3 files changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 65e03fc..a584003 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -1,3 +1,18 @@
++Backport CVE-2023-30608 Fix
++---------------------------
++
++Notable Changes
++
++* IMPORTANT: This release fixes a security vulnerability in the
++  parser where a regular expression vulnerable to ReDOS (Regular
++  Expression Denial of Service) was used. See the security advisory
++  for details: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
++  The vulnerability was discovered by @erik-krogh from GitHub
++  Security Lab (GHSL). Thanks for reporting!
++
++* Fix regular expressions for string parsing.
++
++
+ Release 0.4.2 (Sep 10, 2021)
+ ----------------------------
+
+diff --git a/sqlparse/keywords.py b/sqlparse/keywords.py
+index 6850628..4e97477 100644
+--- a/sqlparse/keywords.py
++++ b/sqlparse/keywords.py
+@@ -66,9 +66,9 @@ SQL_REGEX = {
+         (r'(?![_A-ZÀ-Ü])-?(\d+(\.\d*)|\.\d+)(?![_A-ZÀ-Ü])',
+          tokens.Number.Float),
+         (r'(?![_A-ZÀ-Ü])-?\d+(?![_A-ZÀ-Ü])', tokens.Number.Integer),
+-        (r"'(''|\\\\|\\'|[^'])*'", tokens.String.Single),
++        (r"'(''|\\'|[^'])*'", tokens.String.Single),
+         # not a real string literal in ANSI SQL:
+-        (r'"(""|\\\\|\\"|[^"])*"', tokens.String.Symbol),
++        (r'"(""|\\"|[^"])*"', tokens.String.Symbol),
+         (r'(""|".*?[^\\]")', tokens.String.Symbol),
+         # sqlite names can be escaped with [square brackets]. left bracket
+         # cannot be preceded by word character or a right bracket --
+diff --git a/tests/test_split.py b/tests/test_split.py
+index a9d7576..e79750e 100644
+--- a/tests/test_split.py
++++ b/tests/test_split.py
+@@ -18,8 +18,8 @@ def test_split_semicolon():
+
+
+ def test_split_backslash():
+-    stmts = sqlparse.parse(r"select '\\'; select '\''; select '\\\'';")
+-    assert len(stmts) == 3
++    stmts = sqlparse.parse("select '\'; select '\'';")
++    assert len(stmts) == 2
+
+
+ @pytest.mark.parametrize('fn', ['function.sql',
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-sqlparse_0.4.2.bb b/meta-python/recipes-devtools/python/python3-sqlparse_0.4.2.bb
index 0980ff9c24..b5cc41e730 100644
--- a/meta-python/recipes-devtools/python/python3-sqlparse_0.4.2.bb
+++ b/meta-python/recipes-devtools/python/python3-sqlparse_0.4.2.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2b136f573f5386001ea3b7b9016222fc"
 
 SRC_URI += "file://0001-sqlparse-change-shebang-to-python3.patch \
             file://run-ptest \
+            file://CVE-2023-30608.patch \
 	    "
 
 SRC_URI[sha256sum] = "0c00730c74263a94e5a9919ade150dfc3b19c574389985446148402998287dae"
diff --git a/meta-python/recipes-devtools/python/python3-txaio_22.2.1.bb b/meta-python/recipes-devtools/python/python3-txaio_22.2.1.bb
index e2102695ec..50f14b17fd 100644
--- a/meta-python/recipes-devtools/python/python3-txaio_22.2.1.bb
+++ b/meta-python/recipes-devtools/python/python3-txaio_22.2.1.bb
@@ -10,5 +10,3 @@ inherit pypi setuptools3
 RDEPENDS:${PN} += " \
     ${PYTHON_PN}-twisted \
 "
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch
new file mode 100644
index 0000000000..3a0f4324a1
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch
@@ -0,0 +1,117 @@
+From db1457abec7fe27148673f5f8bfdf5c52eb7f29f Mon Sep 17 00:00:00 2001
+From: David Lord <davidism@gmail.com>
+Date: Wed, 10 May 2023 11:33:18 +0000
+Subject: [PATCH] Merge pull request from GHSA-px8h-6qxv-m22q
+
+don't strip leading `=` when parsing cookie
+
+"src/werkzeug/sansio/http.py" file is not available in the current recipe
+version 2.1.1 and this has been introduced from 2.2.0 version. Before 2.2.0
+version, this http.py file was only available in the "src/werkzeug/http.py"
+and we could see the same functions available there which are getting modified
+in the CVE fix commit. Hence, modifying the same at "src/werkzeug/http.py" file.
+
+CVE: CVE-2023-23934
+
+Upstream-Status: Backport [https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ CHANGES.rst               |  3 +++
+ src/werkzeug/_internal.py | 13 +++++++++----
+ src/werkzeug/http.py      |  4 ----
+ tests/test_http.py        |  4 +++-
+ 4 files changed, 15 insertions(+), 9 deletions(-)
+
+diff --git a/CHANGES.rst b/CHANGES.rst
+index 6e809ba..13ef75b 100644
+--- a/CHANGES.rst
++++ b/CHANGES.rst
+@@ -4,6 +4,9 @@
+     ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS
+     attack where a larger number of form/file parts would result in disproportionate
+     resource use.
++-   A cookie header that starts with ``=`` is treated as an empty key and discarded,
++    rather than stripping the leading ``==``.
++
+ 
+ Version 2.1.1
+ -------------
+diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
+index a8b3523..d6290ba 100644
+--- a/src/werkzeug/_internal.py
++++ b/src/werkzeug/_internal.py
+@@ -34,7 +34,7 @@ _quote_re = re.compile(rb"[\\].")
+ _legal_cookie_chars_re = rb"[\w\d!#%&\'~_`><@,:/\$\*\+\-\.\^\|\)\(\?\}\{\=]"
+ _cookie_re = re.compile(
+     rb"""
+-    (?P<key>[^=;]+)
++    (?P<key>[^=;]*)
+     (?:\s*=\s*
+         (?P<val>
+             "(?:[^\\"]|\\.)*" |
+@@ -382,16 +382,21 @@ def _cookie_parse_impl(b: bytes) -> t.Iterator[t.Tuple[bytes, bytes]]:
+     """Lowlevel cookie parsing facility that operates on bytes."""
+     i = 0
+     n = len(b)
++    b += b";"
+ 
+     while i < n:
+-        match = _cookie_re.search(b + b";", i)
++        match = _cookie_re.match(b, i)
++
+         if not match:
+             break
+ 
+-        key = match.group("key").strip()
+-        value = match.group("val") or b""
+         i = match.end(0)
++        key = match.group("key").strip()
++
++        if not key:
++            continue
+ 
++        value = match.group("val") or b""
+         yield key, _cookie_unquote(value)
+ 
+ 
+diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py
+index 9369900..ae133e3 100644
+--- a/src/werkzeug/http.py
++++ b/src/werkzeug/http.py
+@@ -1205,10 +1205,6 @@ def parse_cookie(
+     def _parse_pairs() -> t.Iterator[t.Tuple[str, str]]:
+         for key, val in _cookie_parse_impl(header):  # type: ignore
+             key_str = _to_str(key, charset, errors, allow_none_charset=True)
+-
+-            if not key_str:
+-                continue
+-
+             val_str = _to_str(val, charset, errors, allow_none_charset=True)
+             yield key_str, val_str
+ 
+diff --git a/tests/test_http.py b/tests/test_http.py
+index 5936bfa..59cc179 100644
+--- a/tests/test_http.py
++++ b/tests/test_http.py
+@@ -427,7 +427,8 @@ class TestHTTPUtility:
+     def test_parse_cookie(self):
+         cookies = http.parse_cookie(
+             "dismiss-top=6; CP=null*; PHPSESSID=0a539d42abc001cdc762809248d4beed;"
+-            'a=42; b="\\";"; ; fo234{=bar;blub=Blah; "__Secure-c"=d'
++            'a=42; b="\\";"; ; fo234{=bar;blub=Blah; "__Secure-c"=d;'
++            "==__Host-eq=bad;__Host-eq=good;"
+         )
+         assert cookies.to_dict() == {
+             "CP": "null*",
+@@ -438,6 +439,7 @@ class TestHTTPUtility:
+             "fo234{": "bar",
+             "blub": "Blah",
+             '"__Secure-c"': "d",
++            "__Host-eq": "good",
+         }
+ 
+     def test_dump_cookie(self):
+-- 
+2.40.0
+
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch
new file mode 100644
index 0000000000..61551d8fca
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch
@@ -0,0 +1,231 @@
+From 5a56cdcbaec2153cd67596c6c2c8056e1ea5ed56 Mon Sep 17 00:00:00 2001
+From: David Lord <davidism@gmail.com>
+Date: Tue, 2 May 2023 11:31:10 +0000
+Subject: [PATCH] Merge pull request from GHSA-xg9f-g7g7-2323
+
+limit the maximum number of multipart form parts
+
+CVE: CVE-2023-25577
+
+Upstream-Status: Backport [https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ CHANGES.rst                      |  5 +++++
+ docs/request_data.rst            | 37 +++++++++++++++++---------------
+ src/werkzeug/formparser.py       | 12 ++++++++++-
+ src/werkzeug/sansio/multipart.py |  8 +++++++
+ src/werkzeug/wrappers/request.py |  8 +++++++
+ tests/test_formparser.py         |  9 ++++++++
+ 6 files changed, 61 insertions(+), 18 deletions(-)
+
+diff --git a/CHANGES.rst b/CHANGES.rst
+index a351d7c..6e809ba 100644
+--- a/CHANGES.rst
++++ b/CHANGES.rst
+@@ -1,5 +1,10 @@
+ .. currentmodule:: werkzeug
+
++-   Specify a maximum number of multipart parts, default 1000, after which a
++    ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS
++    attack where a larger number of form/file parts would result in disproportionate
++    resource use.
++
+ Version 2.1.1
+ -------------
+
+diff --git a/docs/request_data.rst b/docs/request_data.rst
+index 83c6278..e55841e 100644
+--- a/docs/request_data.rst
++++ b/docs/request_data.rst
+@@ -73,23 +73,26 @@ read the stream *or* call :meth:`~Request.get_data`.
+ Limiting Request Data
+ ---------------------
+
+-To avoid being the victim of a DDOS attack you can set the maximum
+-accepted content length and request field sizes.  The :class:`Request`
+-class has two attributes for that: :attr:`~Request.max_content_length`
+-and :attr:`~Request.max_form_memory_size`.
+-
+-The first one can be used to limit the total content length.  For example
+-by setting it to ``1024 * 1024 * 16`` the request won't accept more than
+-16MB of transmitted data.
+-
+-Because certain data can't be moved to the hard disk (regular post data)
+-whereas temporary files can, there is a second limit you can set.  The
+-:attr:`~Request.max_form_memory_size` limits the size of `POST`
+-transmitted form data.  By setting it to ``1024 * 1024 * 2`` you can make
+-sure that all in memory-stored fields are not more than 2MB in size.
+-
+-This however does *not* affect in-memory stored files if the
+-`stream_factory` used returns a in-memory file.
++The :class:`Request` class provides a few attributes to control how much data is
++processed from the request body. This can help mitigate DoS attacks that craft the
++request in such a way that the server uses too many resources to handle it. Each of
++these limits will raise a :exc:`~werkzeug.exceptions.RequestEntityTooLarge` if they are
++exceeded.
++
++-   :attr:`~Request.max_content_length` Stop reading request data after this number
++    of bytes. It's better to configure this in the WSGI server or HTTP server, rather
++    than the WSGI application.
++-   :attr:`~Request.max_form_memory_size` Stop reading request data if any form part is
++    larger than this number of bytes. While file parts can be moved to disk, regular
++    form field data is stored in memory only.
++-   :attr:`~Request.max_form_parts` Stop reading request data if more than this number
++    of parts are sent in multipart form data. This is useful to stop a very large number
++    of very small parts, especially file parts. The default is 1000.
++
++Using Werkzeug to set these limits is only one layer of protection. WSGI servers
++and HTTPS servers should set their own limits on size and timeouts. The operating system
++or container manager should set limits on memory and processing time for server
++processes.
+
+
+ How to extend Parsing?
+diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py
+index 10d58ca..bebb2fc 100644
+--- a/src/werkzeug/formparser.py
++++ b/src/werkzeug/formparser.py
+@@ -179,6 +179,8 @@ class FormDataParser:
+     :param cls: an optional dict class to use.  If this is not specified
+                        or `None` the default :class:`MultiDict` is used.
+     :param silent: If set to False parsing errors will not be caught.
++    :param max_form_parts: The maximum number of parts to be parsed. If this is
++        exceeded, a :exc:`~exceptions.RequestEntityTooLarge` exception is raised.
+     """
+
+     def __init__(
+@@ -190,6 +192,8 @@ class FormDataParser:
+         max_content_length: t.Optional[int] = None,
+         cls: t.Optional[t.Type[MultiDict]] = None,
+         silent: bool = True,
++        *,
++        max_form_parts: t.Optional[int] = None,
+     ) -> None:
+         if stream_factory is None:
+             stream_factory = default_stream_factory
+@@ -199,6 +203,7 @@ class FormDataParser:
+         self.errors = errors
+         self.max_form_memory_size = max_form_memory_size
+         self.max_content_length = max_content_length
++        self.max_form_parts = max_form_parts
+
+         if cls is None:
+             cls = MultiDict
+@@ -281,6 +286,7 @@ class FormDataParser:
+             self.errors,
+             max_form_memory_size=self.max_form_memory_size,
+             cls=self.cls,
++            max_form_parts=self.max_form_parts,
+         )
+         boundary = options.get("boundary", "").encode("ascii")
+
+@@ -346,10 +352,12 @@ class MultiPartParser:
+         max_form_memory_size: t.Optional[int] = None,
+         cls: t.Optional[t.Type[MultiDict]] = None,
+         buffer_size: int = 64 * 1024,
++        max_form_parts: t.Optional[int] = None,
+     ) -> None:
+         self.charset = charset
+         self.errors = errors
+         self.max_form_memory_size = max_form_memory_size
++        self.max_form_parts = max_form_parts
+
+         if stream_factory is None:
+             stream_factory = default_stream_factory
+@@ -409,7 +417,9 @@ class MultiPartParser:
+             [None],
+         )
+
+-        parser = MultipartDecoder(boundary, self.max_form_memory_size)
++        parser = MultipartDecoder(
++            boundary, self.max_form_memory_size, max_parts=self.max_form_parts
++        )
+
+         fields = []
+         files = []
+diff --git a/src/werkzeug/sansio/multipart.py b/src/werkzeug/sansio/multipart.py
+index 2d54422..e7d742b 100644
+--- a/src/werkzeug/sansio/multipart.py
++++ b/src/werkzeug/sansio/multipart.py
+@@ -83,10 +83,13 @@ class MultipartDecoder:
+         self,
+         boundary: bytes,
+         max_form_memory_size: Optional[int] = None,
++        *,
++        max_parts: Optional[int] = None,
+     ) -> None:
+         self.buffer = bytearray()
+         self.complete = False
+         self.max_form_memory_size = max_form_memory_size
++        self.max_parts = max_parts
+         self.state = State.PREAMBLE
+         self.boundary = boundary
+
+@@ -113,6 +116,7 @@ class MultipartDecoder:
+             % (LINE_BREAK, re.escape(boundary), LINE_BREAK, LINE_BREAK),
+             re.MULTILINE,
+         )
++        self._parts_decoded = 0
+
+     def last_newline(self) -> int:
+         try:
+@@ -177,6 +181,10 @@ class MultipartDecoder:
+                         name=name,
+                     )
+                 self.state = State.DATA
++                self._parts_decoded += 1
++
++                if self.max_parts is not None and self._parts_decoded > self.max_parts:
++                    raise RequestEntityTooLarge()
+
+         elif self.state == State.DATA:
+             if self.buffer.find(b"--" + self.boundary) == -1:
+diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
+index 57b739c..a6d5429 100644
+--- a/src/werkzeug/wrappers/request.py
++++ b/src/werkzeug/wrappers/request.py
+@@ -83,6 +83,13 @@ class Request(_SansIORequest):
+     #: .. versionadded:: 0.5
+     max_form_memory_size: t.Optional[int] = None
+
++    #: The maximum number of multipart parts to parse, passed to
++    #: :attr:`form_data_parser_class`. Parsing form data with more than this
++    #: many parts will raise :exc:`~.RequestEntityTooLarge`.
++    #:
++    #: .. versionadded:: 2.2.3
++    max_form_parts = 1000
++
+     #: The form data parser that should be used.  Can be replaced to customize
+     #: the form date parsing.
+     form_data_parser_class: t.Type[FormDataParser] = FormDataParser
+@@ -246,6 +253,7 @@ class Request(_SansIORequest):
+             self.max_form_memory_size,
+             self.max_content_length,
+             self.parameter_storage_class,
++            max_form_parts=self.max_form_parts,
+         )
+
+     def _load_form_data(self) -> None:
+diff --git a/tests/test_formparser.py b/tests/test_formparser.py
+index 5fc803e..834324f 100644
+--- a/tests/test_formparser.py
++++ b/tests/test_formparser.py
+@@ -127,6 +127,15 @@ class TestFormParser:
+         req.max_form_memory_size = 400
+         assert req.form["foo"] == "Hello World"
+
++        req = Request.from_values(
++            input_stream=io.BytesIO(data),
++            content_length=len(data),
++            content_type="multipart/form-data; boundary=foo",
++            method="POST",
++        )
++        req.max_form_parts = 1
++        pytest.raises(RequestEntityTooLarge, lambda: req.form["foo"])
++
+     def test_missing_multipart_boundary(self):
+         data = (
+             b"--foo\r\nContent-Disposition: form-field; name=foo\r\n\r\n"
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb
index 476a3a5964..fc0789a73e 100644
--- a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb
+++ b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb
@@ -12,6 +12,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462"
 
 PYPI_PACKAGE = "Werkzeug"
 
+SRC_URI += "file://CVE-2023-25577.patch \
+            file://CVE-2023-23934.patch"
+
 SRC_URI[sha256sum] = "f8e89a20aeabbe8a893c24a461d3ee5dad2123b05cc6abd73ceed01d39c3ae74"
 
 inherit pypi setuptools3
diff --git a/meta-python/recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb b/meta-python/recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb
index 29e7a267d2..36ab065b51 100644
--- a/meta-python/recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb
+++ b/meta-python/recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb
@@ -9,7 +9,7 @@ S = "${WORKDIR}/git"
 B = "${S}"
 
 SRCREV = "42512ee48494cee71febf04078d9774f0146a085"
-SRC_URI = "git://github.com/storaged-project/blivet-gui.git;branch=master;protocol=https \
+SRC_URI = "git://github.com/storaged-project/blivet-gui.git;branch=main;protocol=https \
            file://0001-Use-setuptools-instead-of-distutils-in-setup.py.patch \
            file://0002-Use-symbolic-list-add-and-edit-icons.patch \
            "
diff --git a/meta-python/recipes-extended/python-cson/python3-cson_git.bb b/meta-python/recipes-extended/python-cson/python3-cson_git.bb
index c4fcc61ec0..da174ad550 100644
--- a/meta-python/recipes-extended/python-cson/python3-cson_git.bb
+++ b/meta-python/recipes-extended/python-cson/python3-cson_git.bb
@@ -13,7 +13,7 @@ SRC_URI = "git://github.com/gt3389b/python-cson.git;branch=master;protocol=https
 S = "${WORKDIR}/git"
 
 RDEPENDS:${PN}:class-native = ""
-DEPENDS:append:class-native = " python-native "
+DEPENDS:append:class-native = " python3-native "
 
 inherit setuptools3
 
diff --git a/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb b/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb
index 3a9f0ad6fd..976dd12d52 100644
--- a/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb
+++ b/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb
@@ -35,5 +35,3 @@ RDEPENDS:${PN}:class-target += "\
     ${PYTHON_PN}-nocaselist \
     ${PYTHON_PN}-custom-inherit \
 "
-
-BBCLASSEXTEND = "native"
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0001-make_exports.awk-not-expose-the-path.patch b/meta-webserver/recipes-httpd/apache2/apache2/0001-make_exports.awk-not-expose-the-path.patch
new file mode 100644
index 0000000000..78f23f0f2d
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/0001-make_exports.awk-not-expose-the-path.patch
@@ -0,0 +1,32 @@
+From 5b5eae9cdf3bae91756c717349f2f33a31888f24 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Wed, 3 Aug 2022 12:35:16 +0800
+Subject: [PATCH] make_exports.awk: not expose the path
+
+Don't print the full path in the comment line.
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ build/make_exports.awk | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/build/make_exports.awk b/build/make_exports.awk
+index 1cf0568..44d93c5 100644
+--- a/build/make_exports.awk
++++ b/build/make_exports.awk
+@@ -47,7 +47,9 @@ function push(line) {
+ 
+ function do_output() {
+     printf("/*\n")
+-    printf(" * %s\n", FILENAME)
++    file = FILENAME
++    sub("([^/]*[/])*", "", file)
++    printf(" * %s\n", file)
+     printf(" */\n")
+     
+     for (i = 0; i < stackptr; i++) {
+-- 
+2.25.1
+
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch b/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch
index 5d82919685..a652b7969a 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch
+++ b/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch
@@ -1,4 +1,4 @@
-From 37699e9be04d83c5923644e298f400e077f76e85 Mon Sep 17 00:00:00 2001
+From abd5b40c9b094e721e91a5d75132639149d7952f Mon Sep 17 00:00:00 2001
 From: Paul Eggleton <paul.eggleton@linux.intel.com>
 Date: Tue, 17 Jul 2012 11:27:39 +0100
 Subject: [PATCH] Log the SELinux context at startup.
@@ -14,7 +14,7 @@ Note: unlikely to be any interest in this upstream
  2 files changed, 31 insertions(+)
 
 diff --git a/configure.in b/configure.in
-index c799aec..76811e7 100644
+index ea6cec3..92b74b7 100644
 --- a/configure.in
 +++ b/configure.in
 @@ -491,6 +491,11 @@ getloadavg
@@ -30,7 +30,7 @@ index c799aec..76811e7 100644
  [AC_TRY_RUN(#define _GNU_SOURCE
  #include <unistd.h>
 diff --git a/server/core.c b/server/core.c
-index 3020090..8fef5fd 100644
+index 4da7209..d3ca25b 100644
 --- a/server/core.c
 +++ b/server/core.c
 @@ -65,6 +65,10 @@
@@ -43,7 +43,7 @@ index 3020090..8fef5fd 100644
 +
  /* LimitRequestBody handling */
  #define AP_LIMIT_REQ_BODY_UNSET         ((apr_off_t) -1)
- #define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 0)
+ #define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 1<<30) /* 1GB */
 @@ -5126,6 +5130,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
      }
  #endif
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb
index 8413f53790..84b19de592 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb
@@ -15,6 +15,7 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
            file://0007-apache2-allow-to-disable-selinux-support.patch \
            file://0008-Fix-perl-install-directory-to-usr-bin.patch \
            file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \
+           file://0001-make_exports.awk-not-expose-the-path.patch \
           "
 
 SRC_URI:append:class-target = " \
@@ -26,7 +27,7 @@ SRC_URI:append:class-target = " \
            "
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3"
-SRC_URI[sha256sum] = "d0bbd1121a57b5f2a6ff92d7b96f8050c5a45d3f14db118f64979d525858db63"
+SRC_URI[sha256sum] = "fa16d72a078210a54c47dd5bef2f8b9b8a01d94909a51453956b3ec6442ea4c5"
 
 S = "${WORKDIR}/httpd-${PV}"
 
@@ -34,7 +35,7 @@ inherit autotools update-rc.d pkgconfig systemd update-alternatives
 
 DEPENDS = "openssl expat pcre apr apr-util apache2-native "
 
-CVE_PRODUCT = "http_server"
+CVE_PRODUCT = "apache:http_server"
 
 SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"
 
diff --git a/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf b/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf
index ff2c587046..0852a8859a 100644
--- a/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf
+++ b/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf
@@ -1,2 +1,2 @@
-d  /var/run/apache2 0755 root root -
+d  /run/apache2 0755 root root -
 d  /var/log/apache2 0755 root root -
diff --git a/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch b/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch
new file mode 100644
index 0000000000..f4bab49aa7
--- /dev/null
+++ b/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch
@@ -0,0 +1,30 @@
+From 7f724bbafbb1e170401dd5de201273ab8c8bc75f Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sun, 28 Aug 2022 14:24:02 -0700
+Subject: [PATCH] fastcgi: Use value instead of address of sin6_port
+
+This seems to be wrongly assigned where ipv4 sin_port is
+equated to address of sin6_port and not value of sin6_port
+
+Upstream-Status: Submitted [https://github.com/monkey/monkey/pull/375]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ plugins/fastcgi/fcgi_handler.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plugins/fastcgi/fcgi_handler.c b/plugins/fastcgi/fcgi_handler.c
+index 9e095e3c..e8e1eec1 100644
+--- a/plugins/fastcgi/fcgi_handler.c
++++ b/plugins/fastcgi/fcgi_handler.c
+@@ -245,7 +245,7 @@ static inline int fcgi_add_param_net(struct fcgi_handler *handler)
+             struct sockaddr_in *s4 = (struct sockaddr_in *)&addr4;   
+             memset(&addr4, 0, sizeof(addr4));
+             addr4.sin_family = AF_INET;
+-            addr4.sin_port = &s->sin6_port;
++            addr4.sin_port = s->sin6_port;
+             memcpy(&addr4.sin_addr.s_addr, 
+                    s->sin6_addr.s6_addr + 12, 
+                    sizeof(addr4.sin_addr.s_addr));
+-- 
+2.37.2
+
diff --git a/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb b/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb
index fff406a3f2..d3e22757c4 100644
--- a/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb
+++ b/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb
@@ -7,11 +7,13 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2ee41112a44fe7014dce33e26468ba93"
 
 SECTION = "net"
 
-SRC_URI = "http://monkey-project.com/releases/1.6/monkey-${PV}.tar.gz \
+SRC_URI = "git://github.com/monkey/monkey;branch=1.6;protocol=https \
+           file://0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch \
            file://monkey.service \
            file://monkey.init"
 
-SRC_URI[sha256sum] = "f1122e89cda627123286542b0a18fcaa131cbe9d4f5dd897d9455157289148fb"
+SRCREV = "7999b487fded645381d387ec0e057e92407b0d2c"
+S = "${WORKDIR}/git"
 
 UPSTREAM_CHECK_URI = "https://github.com/monkey/monkey/releases"
 UPSTREAM_CHECK_REGEX = "v(?P<pver>\d+(\.\d+)+).tar.gz"
diff --git a/meta-webserver/recipes-httpd/nginx/files/0001-HTTP-2-per-iteration-stream-handling-limit.patch b/meta-webserver/recipes-httpd/nginx/files/0001-HTTP-2-per-iteration-stream-handling-limit.patch
new file mode 100644
index 0000000000..7dd1e721c0
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/files/0001-HTTP-2-per-iteration-stream-handling-limit.patch
@@ -0,0 +1,92 @@
+From 2b9667f36551406169e3e2a6a774466ac70a83c0 Mon Sep 17 00:00:00 2001
+From: Maxim Dounin <mdounin@mdounin.ru>
+Date: Tue, 10 Oct 2023 15:13:39 +0300
+Subject: [PATCH] HTTP/2: per-iteration stream handling limit.
+
+To ensure that attempts to flood servers with many streams are detected
+early, a limit of no more than 2 * max_concurrent_streams new streams per one
+event loop iteration was introduced.  This limit is applied even if
+max_concurrent_streams is not yet reached - for example, if corresponding
+streams are handled synchronously or reset.
+
+Further, refused streams are now limited to maximum of max_concurrent_streams
+and 100, similarly to priority_limit initial value, providing some tolerance
+to clients trying to open several streams at the connection start, yet
+low tolerance to flooding attempts.
+
+Upstream-Status: Backport
+[https://github.com/nginx/nginx/commit/6ceef192e7af1c507826ac38a2d43f08bf265fb9]
+
+Reduces the impact of HTTP/2 Stream Reset flooding in the nginx product
+(CVE-2023-44487).
+
+See: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
+
+This patch only reduces the impact and does not completely mitigate the CVE
+in question, the latter being due to a design flaw in the HTTP/2 protocol
+itself. For transparancy reasons I therefore opted to not mark the
+CVE as resolved, so that integrators can decide for themselves, wheither to
+enable HTTP/2 support or allow HTTP/1.1 connections only.
+
+Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
+---
+ src/http/v2/ngx_http_v2.c | 15 +++++++++++++++
+ src/http/v2/ngx_http_v2.h |  2 ++
+ 2 files changed, 17 insertions(+)
+
+diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
+index 3611a2e50..291677aca 100644
+--- a/src/http/v2/ngx_http_v2.c
++++ b/src/http/v2/ngx_http_v2.c
+@@ -361,6 +361,7 @@ ngx_http_v2_read_handler(ngx_event_t *rev)
+     ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http2 read handler");
+ 
+     h2c->blocked = 1;
++    h2c->new_streams = 0;
+ 
+     if (c->close) {
+         c->close = 0;
+@@ -1320,6 +1321,14 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos,
+         goto rst_stream;
+     }
+ 
++    if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) {
++        ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
++                      "client sent too many streams at once");
++
++        status = NGX_HTTP_V2_REFUSED_STREAM;
++        goto rst_stream;
++    }
++
+     if (!h2c->settings_ack
+         && !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG)
+         && h2scf->preread_size < NGX_HTTP_V2_DEFAULT_WINDOW)
+@@ -1385,6 +1394,12 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos,
+ 
+ rst_stream:
+ 
++    if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) {
++        ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
++                      "client sent too many refused streams");
++        return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR);
++    }
++
+     if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) {
+         return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR);
+     }
+diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h
+index 349229711..6a7aaa62c 100644
+--- a/src/http/v2/ngx_http_v2.h
++++ b/src/http/v2/ngx_http_v2.h
+@@ -125,6 +125,8 @@ struct ngx_http_v2_connection_s {
+     ngx_uint_t                       processing;
+     ngx_uint_t                       frames;
+     ngx_uint_t                       idle;
++    ngx_uint_t                       new_streams;
++    ngx_uint_t                       refused_streams;
+     ngx_uint_t                       priority_limit;
+ 
+     ngx_uint_t                       pushing;
+-- 
+2.42.1
+
diff --git a/meta-webserver/recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch b/meta-webserver/recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch
new file mode 100644
index 0000000000..7ba2a1fb85
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch
@@ -0,0 +1,39 @@
+From 0c3c669464a514cf8d0cac08282ecb2b486f440f Mon Sep 17 00:00:00 2001
+From: Joe Slater <joe.slater@windriver.com>
+Date: Tue, 3 Oct 2023 19:21:17 +0000
+Subject: [PATCH] configure: libxslt conf
+
+Modify to find libxslt related include files under sysroot.
+
+Upstream-Status: Pending
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+---
+ auto/lib/libxslt/conf | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/auto/lib/libxslt/conf b/auto/lib/libxslt/conf
+index 3063ac7..eb77886 100644
+--- a/auto/lib/libxslt/conf
++++ b/auto/lib/libxslt/conf
+@@ -12,7 +12,7 @@
+                       #include <libxslt/xsltInternals.h>
+                       #include <libxslt/transform.h>
+                       #include <libxslt/xsltutils.h>"
+-    ngx_feature_path="/usr/include/libxml2"
++    ngx_feature_path="=/usr/include/libxml2"
+     ngx_feature_libs="-lxml2 -lxslt"
+     ngx_feature_test="xmlParserCtxtPtr    ctxt = NULL;
+                       xsltStylesheetPtr   sheet = NULL;
+@@ -100,7 +100,7 @@ fi
+     ngx_feature_name=NGX_HAVE_EXSLT
+     ngx_feature_run=no
+     ngx_feature_incs="#include <libexslt/exslt.h>"
+-    ngx_feature_path="/usr/include/libxml2"
++    ngx_feature_path="=/usr/include/libxml2"
+     ngx_feature_libs="-lexslt"
+     ngx_feature_test="exsltRegisterAll();"
+     . auto/feature
+-- 
+2.35.5
+
diff --git a/meta-webserver/recipes-httpd/nginx/files/CVE-2022-41741-CVE-2022-41742.patch b/meta-webserver/recipes-httpd/nginx/files/CVE-2022-41741-CVE-2022-41742.patch
new file mode 100644
index 0000000000..d151256b37
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/files/CVE-2022-41741-CVE-2022-41742.patch
@@ -0,0 +1,319 @@
+From 91a3b5302d6a2467df70d3b43450991a53f9946b Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Wed, 16 Nov 2022 11:24:25 +0530
+Subject: [PATCH] CVE-2022-41741, CVE-2022-41742
+
+Upstream-Status: Backport [https://github.com/nginx/nginx/commit/6b022a5556af22b6e18532e547a6ae46b0d8c6ea]
+CVE: CVE-2022-41741, CVE-2022-41742
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+
+Mp4: disabled duplicate atoms.
+
+Most atoms should not appear more than once in a container.  Previously,
+this was not enforced by the module, which could result in worker process
+crash, memory corruption and disclosure.
+---
+ src/http/modules/ngx_http_mp4_module.c | 147 +++++++++++++++++++++++++
+ 1 file changed, 147 insertions(+)
+
+diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
+index 0e93fbd..4f4d89d 100644
+--- a/src/http/modules/ngx_http_mp4_module.c
++++ b/src/http/modules/ngx_http_mp4_module.c
+@@ -1070,6 +1070,12 @@ ngx_http_mp4_read_ftyp_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+         return NGX_ERROR;
+     }
+ 
++    if (mp4->ftyp_atom.buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 ftyp atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size;
+ 
+     ftyp_atom = ngx_palloc(mp4->request->pool, atom_size);
+@@ -1128,6 +1134,12 @@ ngx_http_mp4_read_moov_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+         return NGX_DECLINED;
+     }
+ 
++    if (mp4->moov_atom.buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 moov atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     conf = ngx_http_get_module_loc_conf(mp4->request, ngx_http_mp4_module);
+ 
+     if (atom_data_size > mp4->buffer_size) {
+@@ -1195,6 +1207,12 @@ ngx_http_mp4_read_mdat_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+ 
+     ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mdat atom");
+ 
++    if (mp4->mdat_atom.buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 mdat atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     data = &mp4->mdat_data_buf;
+     data->file = &mp4->file;
+     data->in_file = 1;
+@@ -1321,6 +1339,12 @@ ngx_http_mp4_read_mvhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+ 
+     ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mvhd atom");
+ 
++    if (mp4->mvhd_atom.buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 mvhd atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     atom_header = ngx_mp4_atom_header(mp4);
+     mvhd_atom = (ngx_mp4_mvhd_atom_t *) atom_header;
+     mvhd64_atom = (ngx_mp4_mvhd64_atom_t *) atom_header;
+@@ -1586,6 +1610,13 @@ ngx_http_mp4_read_tkhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+     atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size;
+ 
+     trak = ngx_mp4_last_trak(mp4);
++
++    if (trak->out[NGX_HTTP_MP4_TKHD_ATOM].buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 tkhd atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     trak->tkhd_size = atom_size;
+ 
+     ngx_mp4_set_32value(tkhd_atom->size, atom_size);
+@@ -1624,6 +1655,12 @@ ngx_http_mp4_read_mdia_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+ 
+     trak = ngx_mp4_last_trak(mp4);
+ 
++    if (trak->out[NGX_HTTP_MP4_MDIA_ATOM].buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 mdia atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     atom = &trak->mdia_atom_buf;
+     atom->temporary = 1;
+     atom->pos = atom_header;
+@@ -1747,6 +1784,13 @@ ngx_http_mp4_read_mdhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+     atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size;
+ 
+     trak = ngx_mp4_last_trak(mp4);
++
++    if (trak->out[NGX_HTTP_MP4_MDHD_ATOM].buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 mdhd atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     trak->mdhd_size = atom_size;
+     trak->timescale = timescale;
+ 
+@@ -1789,6 +1833,12 @@ ngx_http_mp4_read_hdlr_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+ 
+     trak = ngx_mp4_last_trak(mp4);
+ 
++    if (trak->out[NGX_HTTP_MP4_HDLR_ATOM].buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 hdlr atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     atom = &trak->hdlr_atom_buf;
+     atom->temporary = 1;
+     atom->pos = atom_header;
+@@ -1817,6 +1867,12 @@ ngx_http_mp4_read_minf_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+ 
+     trak = ngx_mp4_last_trak(mp4);
+ 
++    if (trak->out[NGX_HTTP_MP4_MINF_ATOM].buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 minf atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     atom = &trak->minf_atom_buf;
+     atom->temporary = 1;
+     atom->pos = atom_header;
+@@ -1860,6 +1916,15 @@ ngx_http_mp4_read_vmhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+ 
+     trak = ngx_mp4_last_trak(mp4);
+ 
++    if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf
++        || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf)
++    {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 vmhd/smhd atom in \"%s\"",
++                      mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     atom = &trak->vmhd_atom_buf;
+     atom->temporary = 1;
+     atom->pos = atom_header;
+@@ -1891,6 +1956,15 @@ ngx_http_mp4_read_smhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+ 
+     trak = ngx_mp4_last_trak(mp4);
+ 
++    if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf
++        || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf)
++    {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 vmhd/smhd atom in \"%s\"",
++                      mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     atom = &trak->smhd_atom_buf;
+     atom->temporary = 1;
+     atom->pos = atom_header;
+@@ -1922,6 +1996,12 @@ ngx_http_mp4_read_dinf_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+ 
+     trak = ngx_mp4_last_trak(mp4);
+ 
++    if (trak->out[NGX_HTTP_MP4_DINF_ATOM].buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 dinf atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     atom = &trak->dinf_atom_buf;
+     atom->temporary = 1;
+     atom->pos = atom_header;
+@@ -1950,6 +2030,12 @@ ngx_http_mp4_read_stbl_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+ 
+     trak = ngx_mp4_last_trak(mp4);
+ 
++    if (trak->out[NGX_HTTP_MP4_STBL_ATOM].buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 stbl atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     atom = &trak->stbl_atom_buf;
+     atom->temporary = 1;
+     atom->pos = atom_header;
+@@ -2018,6 +2104,12 @@ ngx_http_mp4_read_stsd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+ 
+     trak = ngx_mp4_last_trak(mp4);
+ 
++    if (trak->out[NGX_HTTP_MP4_STSD_ATOM].buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 stsd atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     atom = &trak->stsd_atom_buf;
+     atom->temporary = 1;
+     atom->pos = atom_header;
+@@ -2086,6 +2178,13 @@ ngx_http_mp4_read_stts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+     atom_end = atom_table + entries * sizeof(ngx_mp4_stts_entry_t);
+ 
+     trak = ngx_mp4_last_trak(mp4);
++
++    if (trak->out[NGX_HTTP_MP4_STTS_ATOM].buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 stts atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     trak->time_to_sample_entries = entries;
+ 
+     atom = &trak->stts_atom_buf;
+@@ -2291,6 +2390,13 @@ ngx_http_mp4_read_stss_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+                    "sync sample entries:%uD", entries);
+ 
+     trak = ngx_mp4_last_trak(mp4);
++
++    if (trak->out[NGX_HTTP_MP4_STSS_ATOM].buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 stss atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     trak->sync_samples_entries = entries;
+ 
+     atom_table = atom_header + sizeof(ngx_http_mp4_stss_atom_t);
+@@ -2489,6 +2595,13 @@ ngx_http_mp4_read_ctts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+                    "composition offset entries:%uD", entries);
+ 
+     trak = ngx_mp4_last_trak(mp4);
++
++    if (trak->out[NGX_HTTP_MP4_CTTS_ATOM].buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 ctts atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     trak->composition_offset_entries = entries;
+ 
+     atom_table = atom_header + sizeof(ngx_mp4_ctts_atom_t);
+@@ -2692,6 +2805,13 @@ ngx_http_mp4_read_stsc_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+     atom_end = atom_table + entries * sizeof(ngx_mp4_stsc_entry_t);
+ 
+     trak = ngx_mp4_last_trak(mp4);
++
++    if (trak->out[NGX_HTTP_MP4_STSC_ATOM].buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 stsc atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     trak->sample_to_chunk_entries = entries;
+ 
+     atom = &trak->stsc_atom_buf;
+@@ -3024,6 +3144,13 @@ ngx_http_mp4_read_stsz_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+                    "sample uniform size:%uD, entries:%uD", size, entries);
+ 
+     trak = ngx_mp4_last_trak(mp4);
++
++    if (trak->out[NGX_HTTP_MP4_STSZ_ATOM].buf) {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 stsz atom in \"%s\"", mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     trak->sample_sizes_entries = entries;
+ 
+     atom_table = atom_header + sizeof(ngx_mp4_stsz_atom_t);
+@@ -3207,6 +3334,16 @@ ngx_http_mp4_read_stco_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+     atom_end = atom_table + entries * sizeof(uint32_t);
+ 
+     trak = ngx_mp4_last_trak(mp4);
++
++    if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf
++        || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf)
++    {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 stco/co64 atom in \"%s\"",
++                      mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     trak->chunks = entries;
+ 
+     atom = &trak->stco_atom_buf;
+@@ -3413,6 +3550,16 @@ ngx_http_mp4_read_co64_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size)
+     atom_end = atom_table + entries * sizeof(uint64_t);
+ 
+     trak = ngx_mp4_last_trak(mp4);
++
++    if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf
++        || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf)
++    {
++        ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                      "duplicate mp4 stco/co64 atom in \"%s\"",
++                      mp4->file.name.data);
++        return NGX_ERROR;
++    }
++
+     trak->chunks = entries;
+ 
+     atom = &trak->co64_atom_buf;
+-- 
+2.25.1
+
diff --git a/meta-webserver/recipes-httpd/nginx/nginx.inc b/meta-webserver/recipes-httpd/nginx/nginx.inc
index dfced33300..9f93c7051d 100644
--- a/meta-webserver/recipes-httpd/nginx/nginx.inc
+++ b/meta-webserver/recipes-httpd/nginx/nginx.inc
@@ -22,6 +22,7 @@ SRC_URI = " \
     file://nginx-volatile.conf \
     file://nginx.service \
     file://nginx-fix-pidfile.patch \
+    file://0001-configure-libxslt-conf.patch \
 "
 
 inherit siteinfo update-rc.d useradd systemd
@@ -43,6 +44,9 @@ PACKAGECONFIG[gunzip] = "--with-http_gunzip_module,,"
 PACKAGECONFIG[http2] = "--with-http_v2_module,,"
 PACKAGECONFIG[ssl] = "--with-http_ssl_module,,openssl"
 PACKAGECONFIG[http-auth-request] = "--with-http_auth_request_module,,"
+PACKAGECONFIG[stream] = "--with-stream,,"
+
+PACKAGECONFIG[xslt] = "--with-http_xslt_module,,libxslt"
 
 do_configure () {
     if [ "${SITEINFO_BITS}" = "64" ]; then
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb
index d686c627f2..8bed04d6d8 100644
--- a/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb
+++ b/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb
@@ -1,6 +1,9 @@
 require nginx.inc
 
-SRC_URI += "file://CVE-2021-3618.patch"
+SRC_URI += "file://CVE-2021-3618.patch \
+            file://CVE-2022-41741-CVE-2022-41742.patch \
+            file://0001-HTTP-2-per-iteration-stream-handling-limit.patch \
+           "
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=206629dc7c7b3e87acb31162363ae505"
 
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb
index b69fd7dab0..73b5c93c90 100644
--- a/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb
+++ b/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb
@@ -1,5 +1,7 @@
 require nginx.inc
 
+SRC_URI += "file://0001-HTTP-2-per-iteration-stream-handling-limit.patch"
+
 # 1.20.x branch is the current stable branch, the recommended default
 # 1.21.x is the current mainline branches containing all new features
 DEFAULT_PREFERENCE = "-1"
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb
new file mode 100644
index 0000000000..2e865e400e
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb
@@ -0,0 +1,6 @@
+require nginx.inc
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=175abb631c799f54573dc481454c8632"
+
+SRC_URI[sha256sum] = "77a2541637b92a621e3ee76776c8b7b40cf6d707e69ba53a940283e30ff2f55d"
+
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch
new file mode 100644
index 0000000000..707334a517
--- /dev/null
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch
@@ -0,0 +1,37 @@
+From 0842f11158699a979437125756b26eeabedab9ab Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Maur=C3=ADcio=20Meneghini=20Fauth?= <mauricio@fauth.dev>
+Date: Fri, 5 Aug 2022 20:18:16 -0300
+Subject: [PATCH] Fix not escaped title when using drag and drop upload
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
+
+Upstream-Status: Backport
+CVE: CVE-2023-25727
+
+Reference to upstream patch:
+https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e
+
+Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com>
+---
+ js/src/drag_drop_import.js | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/js/src/drag_drop_import.js b/js/src/drag_drop_import.js
+index 55250c2..9b8710e 100644
+--- a/js/src/drag_drop_import.js
++++ b/js/src/drag_drop_import.js
+@@ -130,7 +130,7 @@ var DragDropImport = {
+                                 var filename = $this.parent('span').attr('data-filename');
+                                 $('body').append('<div class="pma_drop_result"><h2>' +
+                                 Messages.dropImportImportResultHeader + ' - ' +
+-                                filename + '<span class="close">x</span></h2>' + value.message + '</div>');
++                                Functions.escapeHtml(filename) + '<span class="close">x</span></h2>' + value.message + '</div>');
+                                 $('.pma_drop_result').draggable();  // to make this dialog draggable
+                             }
+                         });
+-- 
+2.39.1
+
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb
index 7ccc05ec3e..3f19194391 100644
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 
 SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \
            file://apache.conf \
+           file://CVE-2023-25727.patch \
 "
 
 SRC_URI[sha256sum] = "c562feddc0f8ff5e69629113f273a0d024a65fb928c48e89ce614744d478296f"
diff --git a/meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb b/meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb
index 98cd251d2d..8fe879b816 100644
--- a/meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb
+++ b/meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb
@@ -12,3 +12,12 @@ SRC_URI[sha256sum] = "e9a99a62d10981391508dd43f3cbfa2d50a69bd6b7d1eeef7d30ba4c67
 FILES:${PN} += "${datadir}/metainfo"
 
 RDEPENDS:${PN} += "python3-pygobject python3-dbus"
+
+do_install:append() {
+    #
+    # Until catfish upstream figures out a way to overcome this buildpath issue, we need to do such adjustments here.
+    #
+    sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' ${D}${datadir}/applications/org.xfce.Catfish.desktop
+    sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' ${D}${PYTHON_SITEPACKAGES_DIR}/catfish_lib/catfishconfig.py
+    rm -f ${D}${PYTHON_SITEPACKAGES_DIR}/catfish_lib/__pycache__/catfishconfig.*.pyc
+}
diff --git a/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.2.bb b/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.5.bb
index aa4265f7b0..4a4e9f1883 100644
--- a/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.2.bb
+++ b/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.5.bb
@@ -9,7 +9,7 @@ inherit xfce features_check mime-xdg
 REQUIRED_DISTRO_FEATURES = "x11"
 
 SRC_URI += "file://0001-xsettings.xml-Set-default-themes.patch"
-SRC_URI[sha256sum] = "4dd7cb420860535e687f673c0b5c0274e0d2fb67181281d4b85be9197da03d7e"
+SRC_URI[sha256sum] = "7a4f74802486d7e77a1c9fa4fda19b13fc8a8dec3e5074f367e34fa82b40d28e"
 
 EXTRA_OECONF += "--enable-maintainer-mode --disable-debug"