subtree updates

meta-openembedded: 7d8115d550..098dc606f9:
  Alex Kiernan (2):
        c-ares: Filter out "Live" tests
        ptest-packagelists-meta-oe.inc Add c-ares to PTESTS_SLOW_META_OE

  Alexander Kanavin (25):
        fontforge: add a readline PACKAGECONFIG
        volume-key: disable python bindings
        audit: disable python bindings as incompatible with python 3.12
        cmpi-bindings: update 1.0.1 -> 1.0.4
        libpwquality: backport a python 3.12 compatibility patch
        mycroft: do not depend on python3-xmlrunner
        python3-xmlrunner: remove the recipe
        system-config-printer: rely on setuptools to obtain distutils copy
        python3-gmpy2: fix python 3.12 issues
        python3-custom-inherit: fix python 3.12 builds
        python3-jsonrpcserver: remove
        python3-oslash: remove
        nmap: disable ndiff
        wireshark: update 4.0.10 -> 4.2.0
        openipmi: update 2.0.32 -> 2.0.34
        libsigrokdecode: add python 3.12 support
        cockpit: add setuptools dependency to bring in distutils copy
        mongodb: skip until python 3.12 fixes are available.
        mercurial: ensure setuptools is present as distutils is no longer (mercurial tries both)
        rwmem: fix python modules packaging
        upm: get disutils copy via setuptools
        python3-kmod: remove the recipe
        hplip: provide setuptools for the distutils copy
        audit: reenable python bindings and bring in distutils via setuptools (needed with python 3.12)
        python3-h5py: backport a cython 3.x compatibility patch

  Christophe Vu-Brugier (1):
        nvme-cli: upgrade 2.6 -> 2.7.1

  Enrico Scholz (1):
        krb5: use PACKAGE_BEFORE_PN

  Fabio Estevam (2):
        i2cdev_git: Remove AUTHOR field
        picocom: Update to 2023-04

  Ilya A. Kriveshko (1):
        srecord: fix install prefix

  Jordan Crouse (2):
        collectd: Remove rrdtool from DEPENDS
        keepalived: Move the sample configuration files to a separate package

  Jose Quaresma (1):
        layer.conf: Add libdevmapper-native PREFERRED_RPROVIDER

  Khem Raj (8):
        mraa: Update to latest tip of trunk
        libcppkafka: Update to tip of trunk
        python3-pydantic-core: Rename the cpython module on musl
        libtinyxml2: Package needed resources to run ptests
        python3-pylint: Ignore failing ptests
        libconfig-general-perl: Enable on musl targets
        tgt: Fix build with musl
        kernel-selftest: remove Wno-alloc-size-larger-than from scripts/Makefile.extrawarn

  Leon Anavi (5):
        ssd1306_git.bb: Add ssd1306_linux
        ssd1306: Update and remove patch
        python3-webargs: Upgrade 8.3.0 -> 8.4.0
        python3-wtforms: Upgrade 3.1.1 -> 3.1.2
        python3-kivy: Upgrade 2.2.1 -> 2.3.0

  Markus Volk (9):
        luajit: upgrade 2.1beta -> 2.1
        gnome-terminal: fix search_provider build
        libplist: make sure rm doesn't fail on nonexistent file
        imagemagick: upgrade 7.1.1-8 -> 7.1.1.26
        mutter: update 45.1 -> 45.3
        gnome-shell: update 45.1 -> 45.3
        gnome-control-center: update 45.1 -> 45.2
        gnome-software: update 45.1 -> 45.3
        gnome-shell-extensions: update 45.1 -> 45.2

  Martin Jansa (1):
        libpwquality: respect PYTHONSITEDIR

  Michael Haener (1):
        mdio-tools: upgrade 1.3.0 -> 1.3.1

  Mingli Yu (2):
        usleep: Make the version consistent
        ipmitool: Make the version consistent

  Peter Marko (1):
        protobuf-c: upgrade 1.4.1 -> 1.5.0

  Richard Leitner (1):
        python3-pytest-cov: add missing python3-coverage dependency

  Robert Yang (1):
        v4l-utils: Add PACKAGECONFIG for v4l2-tracer to fix determinstic build

  Wang Mingyu (52):
        cglm: upgrade 0.9.1 -> 0.9.2
        ctags: upgrade 6.0.20231224.0 -> 6.1.20231231.0
        exiftool: upgrade 12.71 -> 12.72
        feh: upgrade 3.10.1 -> 3.10.2
        libssh: upgrade 0.10.5 -> 0.10.6
        squid: upgrade 6.5 -> 6.6
        imapfilter: upgrade 2.8.1 -> 2.8.2
        redis-plus-plus: upgrade 1.3.10 -> 1.3.11
        python3-netaddr: upgrade 0.9.0 -> 0.10.0
        plocate: upgrade 1.1.19 -> 1.1.20
        python3-cantools: upgrade 39.4.1 -> 39.4.2
        python3-coverage: upgrade 7.3.4 -> 7.4.0
        python3-flask: upgrade 2.3.3 -> 3.0.0
        python3-gspread: upgrade 5.12.3 -> 5.12.4
        python3-pydot: upgrade 1.4.2 -> 2.0.0
        qpdf: upgrade 11.6.4 -> 11.7.0
        thingsboard-gateway: upgrade 3.4.3.1 -> 3.4.4
        python3-pydantic-core: upgrade 2.14.5 -> 2.14.6
        libtinyxml2: upgrade 9.0.0 -> 10.0.0
        adw-gtk3: upgrade 5.1 -> 5.2
        dialog: upgrade 1.3-20231002 -> 1.3-20240101
        ghex: upgrade 45.0 -> 45.1
        jwt-cpp: upgrade 0.6.0 -> 0.7.0
        libcloudproviders: upgrade 0.3.4 -> 0.3.5
        libgedit-gtksourceview: upgrade 299.0.4 -> 299.0.5
        libjcat: upgrade 0.1.14 -> 0.2.0
        libraw: upgrade 0.21.1 -> 0.21.2
        libsass: upgrade 3.6.5 -> 3.6.6
        chrony: upgrade 4.4 -> 4.5
        tgt: upgrade 1.0.83 -> 1.0.90
        lapack: upgrade 3.10.1 -> 3.12.0
        libio-pty-perl: upgrade 1.17 -> 1.20
        webkitgtk3: upgrade 2.42.3 -> 2.42.4
        xmlsec1: upgrade 1.3.2 -> 1.3.3
        python3-argh: upgrade 0.30.5 -> 0.31.0
        python3-cvxopt: upgrade 1.2.7 -> 1.3.2
        python3-sqlalchemy: upgrade 2.0.24 -> 2.0.25
        python3-aiohttp-jinja2: upgrade 1.5.1 -> 1.6
        python3-bitarray: upgrade 2.9.1 -> 2.9.2
        python3-google-api-python-client: upgrade 2.111.0 -> 2.112.0
        python3-google-auth: upgrade 2.25.2 -> 2.26.1
        python3-lz4: upgrade 4.3.2 -> 4.3.3
        python3-pdm: upgrade 2.11.1 -> 2.11.2
        python3-pyflakes: upgrade 3.1.0 -> 3.2.0
        python3-pymisp: upgrade 2.4.182 -> 2.4.183
        python3-pytest-asyncio: upgrade 0.23.2 -> 0.23.3
        python3-traitlets: upgrade 5.14.0 -> 5.14.1
        traceroute: upgrade 2.1.3 -> 2.1.5
        wolfssl: upgrade 5.6.4 -> 5.6.6
        xerces-c: upgrade 3.2.4 -> 3.2.5
        zenity: upgrade 4.0.0 -> 4.0.1
        daq: Fix install conflict when enable multilib.

  Yi Zhao (6):
        vsomeip: upgrade 3.3.8 -> 3.4.10
        libtdb: upgrade 1.4.8 -> 1.4.9
        libtalloc: upgrade 2.4.0 -> 2.4.1
        libtevent: upgrade 0.14.1 -> 0.16.0
        libldb: upgrade 2.7.2 -> 2.8.0
        samba: upgrade 4.18.9 -> 4.19.3

  alperak (10):
        libnvme: upgrade 1.6 -> 1.7.1
        libpaper: upgrade 2.1.0 -> 2.1.2
        onig: upgrade 6.9.8 -> 6.9.9
        clinfo: upgrade 3.0.21.02.21 -> 3.0.23.01.25
        opensc: upgrade 0.23.0 -> 0.24.0
        pcsc-lite: upgrade 2.0.0 -> 2.0.1
        pcsc-tools: upgrade 1.6.2 -> 1.7.1
        wavpack: upgrade 5.1.0 -> 5.6.0
        nginx: fix CVE-2023-44487
        grpc: upgrade 1.59.2 -> 1.60.0

meta-arm: 4d22f982bc..5712422011:
  Emekcan Aras (1):
        arm-bsp/linux-yocto: corstone1000: bump to v6.6%

  Jon Mason (8):
        arm-bsp/trusted-firmware-m: update libmetal and open-amp to a release
        arm-bsp/trusted-firmware-m: update libmetal and open-amp to 2023.04.0
        arm: modify patches to have email headers and correct date fields
        arm-bsp/optee-os: remove unused 3.18 files
        arm/optee-os: use sysroot in CFLAGS
        arm/optee-os: remove unneeded clang patches
        arm/scp-firmware: update git repository to new location
        arm-bsp/u-boot: rebase patches for v2024.01

  Ross Burton (1):
        arm-bsp/linux-yocto: add linux-yocto 6.5 temporarily

meta-raspberrypi: 4c033eb074..b859bc3eca:
  Leon Anavi (1):
        bcm2835: update 1.71 -> 1.73

poky: 4675bbb757..61182659c2:
  Adrian Freihofer (1):
        ref-manual: document cmake-qemu class

  Alassane Yattara (7):
        bitbake: toaster/tests: Bug-fix on TestProjectConfigTab::test_image_recipe_show_rows
        bitbake: toaster/tests: Bug-fix element click intercepted
        bitbake: toaster/tests: Delay driver first action on create new project page
        bitbake: toaster/tests: Setup delay after driver action self.get(url)
        bitbake: toaster/tests: bug-fix "#hint-error-project-name" should be visible
        bitbake: toaster/tests: Bug-fix "element not interactable" in TestLayerDetailsPage::test_edit_layerdetails
        bitbake: toaster/tests: Bug-fix ToasterTable show_rows testcases

  Alexander Kanavin (16):
        speexdsp: enable native variant
        devtool/standard: correctly escape \
        bitbake: fetch/checkstatus(): do not print the URI twice in FetchError exception
        bitbake: fetch/wget/checkstatus(): include the URL in debugging output about status check failure
        bitbake: bitbake/runqueue: rework 'bitbake -S printdiff' logic
        selftest/sstatetests: fix up printdiff test to match rework of printdiff logic
        selftest/sstatetest: re-enable gcc printdiff test
        python3-pyyaml: make compatible with cython 3.x
        python3-cython: update 0.29.36 -> 3.0.7
        taglib: fix upstream version check
        libpcre2: fix upstream version check
        icon-naming-utils: take tarball from debian
        selftest/sstatetests: include fetcher diagnostics into CDN test failure message
        selftest/SStatePrintdiff: ensure all base signatures are present in sstate in test_image_minimal_vs_base_do_configure
        shadow: update 4.13 -> 4.14.2
        shadow: link executables statically for -native variant

  Chen Qi (5):
        gawk: upgrade from 5.2.2 to 5.3.0
        systemd-bootchart: upgrade from 234 to 235
        dbus-wait: bump srcrev
        sudo: upgrade from 1.9.15p2 to 1.9.15p5
        util-linux/util-linux-libuuid: ugprade from 2.39.2 to 2.39.3

  Corentin Guillevic (1):
        systemd: add udev-bash-completion package

  Enguerrand de Ribaucourt (1):
        manuals: document VSCode extension

  Fabio Estevam (5):
        libusb1: Do not match on -rc versions
        usbutils: Update to version 017
        u-boot: Upgrade to 2024.01
        kmscube: Change header file to <GLES3/gl3.h>
        kmscube: Add package version

  Ilya A. Kriveshko (1):
        dev-manual: update license manifest path

  Jamin Lin (1):
        devtool: modify: fix exception

  Joshua Watt (1):
        syslinux: Allow mtools to be optional

  Jörg Sommer (1):
        documentation: Add UBOOT_BINARY, extend UBOOT_CONFIG

  Khem Raj (6):
        connman: Fix build with musl
        rpm: Fix build with musl
        gawk: Add coreutils to rdeps for ptests package
        tcl: Fix prepending to run-ptest script
        coreutils: Ignore line-bytes.sh and no-allocate tests on musl
        opkg-utils: Backport fix to drop --numeric-owner parameter

  Lee Chee Yang (1):
        migration-guide: add release notes for 4.3.2

  Mark Asselstine (2):
        bitbake: server/process: catch and expand multiprocessing connection exceptions
        bitbake: ui/knotty: properly handle exceptions when calling runCommand()

  Maxin B. John (1):
        ref-manual: classes: remove insserv bbclass

  Michael Opdenacker (2):
        contributor-guide: use "apt" instead of "aptitude"
        ref-manual: update tested and supported distros

  Mikko Rapeli (1):
        oeqa systemd.py: settle() using "running" or "degraded" state

  Ming Liu (1):
        qemu.bbclass: fix a python TypeError

  Mingli Yu (2):
        openssh: Add PACKAGECONFIG option to customize sshd mode
        gptfdisk: Make the version consistent

  Richard Purdie (2):
        bitbake: ast: Fix EXPORT_FUNCTIONS bug
        bitbake: runqueue: Fix runall all bug

  Robert Yang (2):
        bitbake: bitbake: event: Inject empty lines to make code match lineno in filename
        bitbake: bitbake: tests/event: Add test_lineno_in_eventhandler

  Rodrigo M. Duarte (1):
        linux-firmware: Fix the linux-firmware-bcm4373 FILES variable

  Ross Burton (12):
        glib-2.0: no need to depend on target gtk-doc
        autotools: append to EXTRA_AUTORECONF
        autotools: don't exclude gtkdocize
        gtk-doc: fix DEPENDS
        gtk-doc: remove obsolete logic
        gtk-doc: don't use docdir set in environment in gtkdocize
        gtk-doc: don't manually call gtkdocize
        kmod: fix configure with autopoint calling gtkdocize
        util-linux: enable gtk-doc
        meson: use pkg-config in the cross files
        cairo: upgrade to 1.18.0
        xmlcatalog: limit to native recipes only

  Simone Weiß (2):
        dev-manual: start.rst: update use of Download page
        glibc: Set status for CVE-2023-5156 & CVE-2023-0687

  Tim Orling (2):
        python3-bcrypt: upgrade 4.1.1 -> 4.1.2
        python3-attrs: enable ptest

  Wang Mingyu (13):
        ffmpeg: upgrade 6.1 -> 6.1.1
        meson: upgrade 1.3.0 -> 1.3.1
        ccache: upgrade 4.8.3 -> 4.9
        mesa: upgrade 23.3.1 -> 23.3.2
        subversion: upgrade 1.14.2 -> 1.14.3
        python3-dbusmock: upgrade 0.30.1 -> 0.30.2
        python3-hatch-fancy-pypi-readme: upgrade 23.1.0 -> 24.1.0
        python3-hypothesis: upgrade 6.92.1 -> 6.92.2
        python3-pycryptodome: upgrade 3.19.0 -> 3.19.1
        python3-pycryptodomex: upgrade 3.19.0 -> 3.19.1
        python3-pytest: upgrade 7.4.3 -> 7.4.4
        python3-attrs: upgrade 22.1.0 -> 23.2.0
        python3-lxml: upgrade 4.9.4 -> 45.0.0

  William Lyu (1):
        elfutils: Update license information

  Yang Xu (1):
        rootfs.py: check depmodwrapper execution result

  Yi Zhao (2):
        libcap-ng: upgrade 0.8.3 -> 0.8.4
        libcap-ng-python: upgrade 0.8.3 -> 0.8.4

  david d zuhn (1):
        rng-tools: remove obsolete build time dependency on sysfsutils

Change-Id: I43eda44bb889eedb45fae65caf2e5ed8d2c9de39
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

10 files changed, 29 insertions, 381 deletions

diff --git a/poky/meta/recipes-extended/gawk/gawk_5.2.2.bb b/poky/meta/recipes-extended/gawk/gawk_5.3.0.bb
index 3c18b6911a..d7a0fc616d 100644
--- a/poky/meta/recipes-extended/gawk/gawk_5.2.2.bb
+++ b/poky/meta/recipes-extended/gawk/gawk_5.3.0.bb
@@ -19,7 +19,7 @@ SRC_URI = "${GNU_MIRROR}/gawk/gawk-${PV}.tar.gz \
            file://run-ptest \
            "
 
-SRC_URI[sha256sum] = "945aef7ccff101f20b22a10802bc005e994ab2b8ea3e724cc1a197c62f41f650"
+SRC_URI[sha256sum] = "378f8864ec21cfceaa048f7e1869ac9b4597b449087caf1eb55e440d30273336"
 
 inherit autotools gettext texinfo update-alternatives
 
@@ -79,7 +79,7 @@ do_install_ptest:append:libc-musl() {
 	done
 }
 
-RDEPENDS:${PN}-ptest += "make locale-base-en-us"
+RDEPENDS:${PN}-ptest += "make locale-base-en-us coreutils"
 
 RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-en-us.iso-8859-1"
 RDEPENDS:${PN}-ptest:append:libc-musl = " musl-locales"
diff --git a/poky/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/poky/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
deleted file mode 100644
index fa1532c831..0000000000
--- a/poky/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 85d0444229ee3d14fefcf10d093f49c862826f82 Mon Sep 17 00:00:00 2001
-From: Richard Purdie <richard.purdie@linuxfoundation.org>
-Date: Thu, 14 Apr 2022 23:11:53 +0000
-Subject: [PATCH] Disable use of syslog for shadow-native tools
-
-Disable use of syslog to prevent sysroot user and group additions from
-writing entries to the host's syslog. This patch should only be used
-with the shadow-native recipe.
-
-Upstream-Status: Inappropriate [OE specific configuration]
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
-
----
- configure.ac      | 2 +-
- src/login_nopam.c | 3 ++-
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 924254a..603af81 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -191,7 +191,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
- 	[Path to passwd program.])
- 
- dnl XXX - quick hack, should disappear before anyone notices :).
--AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().])
-+#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().])
- if test "$ac_cv_func_ruserok" = "yes"; then
- 	AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.])
- 	AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).])
-diff --git a/src/login_nopam.c b/src/login_nopam.c
-index df6ba88..fc24e13 100644
---- a/src/login_nopam.c
-+++ b/src/login_nopam.c
-@@ -29,7 +29,6 @@
- #ifndef USE_PAM
- #ident "$Id$"
- 
--#include "prototypes.h"
-     /*
-      * This module implements a simple but effective form of login access
-      * control based on login names and on host (or domain) names, internet
-@@ -57,6 +56,8 @@
- #include <netinet/in.h>
- #include <arpa/inet.h>		/* for inet_ntoa() */
- 
-+#include "prototypes.h"
-+
- #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64)
- #undef MAXHOSTNAMELEN
- #define MAXHOSTNAMELEN 256
diff --git a/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch b/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch
deleted file mode 100644
index 89f9c05c8d..0000000000
--- a/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-commit 670cae834827a8f794e6f7464fa57790d911b63c
-Author: SoumyaWind <121475834+SoumyaWind@users.noreply.github.com>
-Date:   Tue Dec 27 17:40:17 2022 +0530
-
-    shadow: Fix can not print full login timeout message
-    
-    Login timed out message prints only first few bytes when write is immediately followed by exit.
-    Calling exit from new handler provides enough time to display full message.
-
-Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c]
-
-diff --git a/src/login.c b/src/login.c
-index 116e2cb3..c55f4de0 100644
---- a/src/login.c
-+++ b/src/login.c
-@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user);
- 
- static void init_env (void);
- static void alarm_handler (int);
-+static void exit_handler (int);
- 
- /*
-  * usage - print login command usage and exit
-@@ -391,11 +392,16 @@ static void init_env (void)
- #endif				/* !USE_PAM */
- }
- 
-+static void exit_handler (unused int sig)
-+{
-+	_exit (0);
-+}
- 
- static void alarm_handler (unused int sig)
- {
- 	write (STDERR_FILENO, tmsg, strlen (tmsg));
--	_exit (0);
-+	signal(SIGALRM, exit_handler);
-+	alarm(2);
- }
- 
- #ifdef USE_PAM
diff --git a/poky/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch b/poky/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch
deleted file mode 100644
index ac08be515b..0000000000
--- a/poky/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
-Date: Fri, 31 Mar 2023 14:46:50 +0200
-Subject: [PATCH] Overhaul valid_field()
-
-e5905c4b ("Added control character check") introduced checking for
-control characters but had the logic inverted, so it rejects all
-characters that are not control ones.
-
-Cast the character to `unsigned char` before passing to the character
-checking functions to avoid UB.
-
-Use strpbrk(3) for the illegal character test and return early.
-
-Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d55998386e4ceb4273c19eb4]
-
-Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
----
- lib/fields.c | 24 ++++++++++--------------
- 1 file changed, 10 insertions(+), 14 deletions(-)
-
-diff --git a/lib/fields.c b/lib/fields.c
-index fb51b582..53929248 100644
---- a/lib/fields.c
-+++ b/lib/fields.c
-@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal)
- 
- 	/* For each character of field, search if it appears in the list
- 	 * of illegal characters. */
-+	if (illegal && NULL != strpbrk (field, illegal)) {
-+		return -1;
-+	}
-+
-+	/* Search if there are non-printable or control characters */
- 	for (cp = field; '\0' != *cp; cp++) {
--		if (strchr (illegal, *cp) != NULL) {
-+		unsigned char c = *cp;
-+		if (!isprint (c)) {
-+			err = 1;
-+		}
-+		if (iscntrl (c)) {
- 			err = -1;
- 			break;
- 		}
- 	}
- 
--	if (0 == err) {
--		/* Search if there are non-printable or control characters */
--		for (cp = field; '\0' != *cp; cp++) {
--			if (!isprint (*cp)) {
--				err = 1;
--			}
--			if (!iscntrl (*cp)) {
--				err = -1;
--				break;
--			}
--		}
--	}
--
- 	return err;
- }
- 
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-extended/shadow/files/CVE-2023-29383.patch b/poky/meta/recipes-extended/shadow/files/CVE-2023-29383.patch
deleted file mode 100644
index f53341d3fc..0000000000
--- a/poky/meta/recipes-extended/shadow/files/CVE-2023-29383.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001
-From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com>
-Date: Thu, 23 Mar 2023 23:39:38 +0000
-Subject: [PATCH] Added control character check
-
-Added control character check, returning -1 (to "err") if control characters are present.
-
-CVE: CVE-2023-29383
-Upstream-Status: Backport
-
-Reference to upstream:
-https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d
-
-Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
----
- lib/fields.c | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/lib/fields.c b/lib/fields.c
-index 640be931..fb51b582 100644
---- a/lib/fields.c
-+++ b/lib/fields.c
-@@ -21,9 +21,9 @@
-  *
-  * The supplied field is scanned for non-printable and other illegal
-  * characters.
-- *  + -1 is returned if an illegal character is present.
-- *  +  1 is returned if no illegal characters are present, but the field
-- *       contains a non-printable character.
-+ *  + -1 is returned if an illegal or control character is present.
-+ *  +  1 is returned if no illegal or control characters are present,
-+ *       but the field contains a non-printable character.
-  *  +  0 is returned otherwise.
-  */
- int valid_field (const char *field, const char *illegal)
-@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal)
- 	}
- 
- 	if (0 == err) {
--		/* Search if there are some non-printable characters */
-+		/* Search if there are non-printable or control characters */
- 		for (cp = field; '\0' != *cp; cp++) {
- 			if (!isprint (*cp)) {
- 				err = 1;
-+			}
-+			if (!iscntrl (*cp)) {
-+				err = -1;
- 				break;
- 			}
- 		}
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-extended/shadow/files/CVE-2023-4641.patch b/poky/meta/recipes-extended/shadow/files/CVE-2023-4641.patch
deleted file mode 100644
index 1fabfe928e..0000000000
--- a/poky/meta/recipes-extended/shadow/files/CVE-2023-4641.patch
+++ /dev/null
@@ -1,147 +0,0 @@
-From 25dbe2ce166a13322b7536ff2f738786ea2e61e7 Mon Sep 17 00:00:00 2001
-From: Alejandro Colomar <alx@kernel.org>
-Date: Sat, 10 Jun 2023 16:20:05 +0200
-Subject: [PATCH] gpasswd(1): Fix password leak
-
-How to trigger this password leak?
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-When gpasswd(1) asks for the new password, it asks twice (as is usual
-for confirming the new password).  Each of those 2 password prompts
-uses agetpass() to get the password.  If the second agetpass() fails,
-the first password, which has been copied into the 'static' buffer
-'pass' via STRFCPY(), wasn't being zeroed.
-
-agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and
-can fail for any of the following reasons:
-
--  malloc(3) or readpassphrase(3) failure.
-
-   These are going to be difficult to trigger.  Maybe getting the system
-   to the limits of memory utilization at that exact point, so that the
-   next malloc(3) gets ENOMEM, and possibly even the OOM is triggered.
-   About readpassphrase(3), ENFILE and EINTR seem the only plausible
-   ones, and EINTR probably requires privilege or being the same user;
-   but I wouldn't discard ENFILE so easily, if a process starts opening
-   files.
-
--  The password is longer than PASS_MAX.
-
-   The is plausible with physical access.  However, at that point, a
-   keylogger will be a much simpler attack.
-
-And, the attacker must be able to know when the second password is being
-introduced, which is not going to be easy.
-
-How to read the password after the leak?
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Provoking the leak yourself at the right point by entering a very long
-password is easy, and inspecting the process stack at that point should
-be doable.  Try to find some consistent patterns.
-
-Then, search for those patterns in free memory, right after the victim
-leaks their password.
-
-Once you get the leak, a program should read all the free memory
-searching for patterns that gpasswd(1) leaves nearby the leaked
-password.
-
-On 6/10/23 03:14, Seth Arnold wrote:
-> An attacker process wouldn't be able to use malloc(3) for this task.
-> There's a handful of tools available for userspace to allocate memory:
->
-> -  brk / sbrk
-> -  mmap MAP_ANONYMOUS
-> -  mmap /dev/zero
-> -  mmap some other file
-> -  shm_open
-> -  shmget
->
-> Most of these return only pages of zeros to a process.  Using mmap of an
-> existing file, you can get some of the contents of the file demand-loaded
-> into the memory space on the first use.
->
-> The MAP_UNINITIALIZED flag only works if the kernel was compiled with
-> CONFIG_MMAP_ALLOW_UNINITIALIZED.  This is rare.
->
-> malloc(3) doesn't zero memory, to our collective frustration, but all the
-> garbage in the allocations is from previous allocations in the current
-> process.  It isn't leftover from other processes.
->
-> The avenues available for reading the memory:
-> -  /dev/mem and /dev/kmem (requires root, not available with Secure Boot)
-> -  /proc/pid/mem (requires ptrace privileges, mediated by YAMA)
-> -  ptrace (requires ptrace privileges, mediated by YAMA)
-> -  causing memory to be swapped to disk, and then inspecting the swap
->
-> These all require a certain amount of privileges.
-
-How to fix it?
-~~~~~~~~~~~~~~
-
-memzero(), which internally calls explicit_bzero(3), or whatever
-alternative the system provides with a slightly different name, will
-make sure that the buffer is zeroed in memory, and optimizations are not
-allowed to impede this zeroing.
-
-This is not really 100% effective, since compilers may place copies of
-the string somewhere hidden in the stack.  Those copies won't get zeroed
-by explicit_bzero(3).  However, that's arguably a compiler bug, since
-compilers should make everything possible to avoid optimizing strings
-that are later passed to explicit_bzero(3).  But we all know that
-sometimes it's impossible to have perfect knowledge in the compiler, so
-this is plausible.  Nevertheless, there's nothing we can do against such
-issues, except minimizing the time such passwords are stored in plain
-text.
-
-Security concerns
-~~~~~~~~~~~~~~~~~
-
-We believe this isn't easy to exploit.  Nevertheless, and since the fix
-is trivial, this fix should probably be applied soon, and backported to
-all supported distributions, to prevent someone else having more
-imagination than us to find a way.
-
-Affected versions
-~~~~~~~~~~~~~~~~~
-
-All.  Bug introduced in shadow 19990709.  That's the second commit in
-the git history.
-
-Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)")
-
-CVE: CVE-2023-4641
-Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904]
-
-Reported-by: Alejandro Colomar <alx@kernel.org>
-Cc: Serge Hallyn <serge@hallyn.com>
-Cc: Iker Pedrosa <ipedrosa@redhat.com>
-Cc: Seth Arnold <seth.arnold@canonical.com>
-Cc: Christian Brauner <christian@brauner.io>
-Cc: Balint Reczey <rbalint@debian.org>
-Cc: Sam James <sam@gentoo.org>
-Cc: David Runge <dvzrv@archlinux.org>
-Cc: Andreas Jaeger <aj@suse.de>
-Cc: <~hallyn/shadow@lists.sr.ht>
-Signed-off-by: Alejandro Colomar <alx@kernel.org>
-Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
----
- src/gpasswd.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/gpasswd.c b/src/gpasswd.c
-index 5983f787..2d8869ef 100644
---- a/src/gpasswd.c
-+++ b/src/gpasswd.c
-@@ -896,6 +896,7 @@ static void change_passwd (struct group *gr)
- 		strzero (cp);
- 		cp = getpass (_("Re-enter new password: "));
- 		if (NULL == cp) {
-+			memzero (pass, sizeof pass);
- 			exit (1);
- 		}
- 
--- 
-2.34.1
-
diff --git a/poky/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/poky/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
index 85d9175105..4a932d2dbb 100644
--- a/poky/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
+++ b/poky/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
@@ -1,4 +1,4 @@
-From 21583da072aa66901d859ac00ce209bac87ddecc Mon Sep 17 00:00:00 2001
+From a773c6b240d27e23d6be41decef0edf24fcee523 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Thu, 17 Jul 2014 15:53:34 +0800
 Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env
@@ -15,35 +15,37 @@ Note that this patch doesn't change the logic in the code, it just expands
 the codes.
 
 Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
-
 ---
  lib/commonio.c | 16 ++++++++++++----
  1 file changed, 12 insertions(+), 4 deletions(-)
 
 diff --git a/lib/commonio.c b/lib/commonio.c
-index 9a02ce1..61384ec 100644
+index 73fdb3a..d1231e9 100644
 --- a/lib/commonio.c
 +++ b/lib/commonio.c
-@@ -616,10 +616,18 @@ int commonio_open (struct commonio_db *db, int mode)
+@@ -606,10 +606,18 @@ int commonio_open (struct commonio_db *db, int mode)
  	db->cursor = NULL;
  	db->changed = false;
  
 -	fd = open (db->filename,
 -	             (db->readonly ? O_RDONLY : O_RDWR)
--	           | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
+-	           | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC);
 -	saved_errno = errno;
 +	if (db->readonly) {
 +		fd = open (db->filename,
 +			   (true ? O_RDONLY : O_RDWR)
-+			   | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
++			   | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC);
 +		saved_errno = errno;
 +	} else {
 +		fd = open (db->filename,
 +			   (false ? O_RDONLY : O_RDWR)
-+			   | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
++			   | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW| O_CLOEXEC);
 +		saved_errno = errno;
 +	}
 +
  	db->fp = NULL;
  	if (fd >= 0) {
  #ifdef WITH_TCB
+-- 
+2.30.2
+
diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc
index ce3ce62715..43f456251a 100644
--- a/poky/meta/recipes-extended/shadow/shadow.inc
+++ b/poky/meta/recipes-extended/shadow/shadow.inc
@@ -5,7 +5,7 @@ BUGTRACKER = "http://github.com/shadow-maint/shadow/issues"
 SECTION = "base/utils"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=c9a450b7be84eac23e6353efecb60b5b \
-                    file://src/passwd.c;beginline=2;endline=30;md5=758c26751513b6795395275969dd3be1 \
+                    file://src/passwd.c;beginline=2;endline=7;md5=67bcf314687820b2f010d4863fce3fc5 \
                     "
 
 DEPENDS = "virtual/crypt"
@@ -14,10 +14,6 @@ GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases"
 SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \
            ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
            file://useradd \
-	   file://0001-Fix-can-not-print-full-login.patch \
-           file://CVE-2023-29383.patch \
-           file://0001-Overhaul-valid_field.patch \
-           file://CVE-2023-4641.patch \
            "
 
 SRC_URI:append:class-target = " \
@@ -26,14 +22,9 @@ SRC_URI:append:class-target = " \
            "
 
 SRC_URI:append:class-native = " \
-           file://0001-Disable-use-of-syslog-for-sysroot.patch \
            file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \
            "
-SRC_URI:append:class-nativesdk = " \
-           file://0001-Disable-use-of-syslog-for-sysroot.patch \
-           "
-SRC_URI[sha256sum] = "813057047499c7fe81108adcf0cffa3ad4ec75e19a80151f9cbaa458ff2e86cd"
-
+SRC_URI[sha256sum] = "a305edf5d19bddbdf5e836d2d609fa8bff2d35458819de4d9f06306a1cf24342"
 
 # Additional Policy files for PAM
 PAM_SRC_URI = "file://pam.d/chfn \
@@ -44,7 +35,7 @@ PAM_SRC_URI = "file://pam.d/chfn \
                file://pam.d/passwd \
                file://pam.d/su"
 
-inherit autotools gettext github-releases
+inherit autotools gettext github-releases pkgconfig
 
 export CONFIG_SHELL="/bin/sh"
 
@@ -54,6 +45,18 @@ EXTRA_OECONF += "--without-libcrack \
                  --without-sssd \
                  ${NSCDOPT}"
 
+CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY"
+
+# Force static linking of utilities so we can use from the sysroot/sstate for useradd
+# without worrying about the dependency libraries being available
+LDFLAGS:append:class-native = " -no-pie"
+do_compile:prepend:class-native () {
+	sed -i -e 's#\(LIBS.*\)-lbsd#\1 ${STAGING_LIBDIR}/libbsd.a ${STAGING_LIBDIR}/libmd.a#g' \
+	       -e 's#\(LIBBSD.*\)-lbsd#\1 ${STAGING_LIBDIR}/libbsd.a ${STAGING_LIBDIR}/libmd.a#g' \
+	       -e 's#\(LIBATTR.*\)-lattr#\1 ${STAGING_LIBDIR}/libattr.a#g' \
+               ${B}/lib/Makefile ${B}/src/Makefile
+}
+
 NSCDOPT = ""
 NSCDOPT:class-native = "--without-nscd"
 NSCDOPT:class-nativesdk = "--without-nscd"
@@ -73,13 +76,14 @@ PAM_PLUGINS = "libpam-runtime \
 
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
                    ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}"
-PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}"
+PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)} libbsd"
 PACKAGECONFIG:class-nativesdk = ""
 PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}"
 PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr"
 PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl"
 PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit"
 PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage"
+PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd"
 
 RDEPENDS:${PN} = "shadow-securetty \
                   base-passwd \
diff --git a/poky/meta/recipes-extended/shadow/shadow_4.13.bb b/poky/meta/recipes-extended/shadow/shadow_4.14.2.bb
index 4e55446312..4e55446312 100644
--- a/poky/meta/recipes-extended/shadow/shadow_4.13.bb
+++ b/poky/meta/recipes-extended/shadow/shadow_4.14.2.bb
diff --git a/poky/meta/recipes-extended/sudo/sudo_1.9.15p2.bb b/poky/meta/recipes-extended/sudo/sudo_1.9.15p5.bb
index 431dfba3c2..8e542015ad 100644
--- a/poky/meta/recipes-extended/sudo/sudo_1.9.15p2.bb
+++ b/poky/meta/recipes-extended/sudo/sudo_1.9.15p5.bb
@@ -7,7 +7,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
 
 PAM_SRC_URI = "file://sudo.pam"
 
-SRC_URI[sha256sum] = "199c0cdbfa7efcfffa9c88684a8e2fb206a62b70a316507e4a91c89c873bbcc8"
+SRC_URI[sha256sum] = "558d10b9a1991fb3b9fa7fa7b07ec4405b7aefb5b3cb0b0871dbc81e3a88e558"
 
 DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"