From c2858f16b31b065f92c42c838cf21d3592bc06e7 Mon Sep 17 00:00:00 2001
From: Patrick Williams <patrick@stwcx.xyz>
Date: Wed, 14 Jun 2023 17:50:09 -0500
Subject: subtree updates

poky: a631bfc3a3..733d919af4:
  Alex Kiernan (2):
        pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE
        openssh: Move sshdgenkeys.service to sshd.socket

  Arturo Buzarra (1):
        run-postinsts: Set dependency for ldconfig to avoid boot issues

  Ashish Sharma (2):
        connman: Fix CVE-2023-28488 DoS in client.c
        golang: Fix CVE-2023-24539

  Bruce Ashfield (5):
        linux-yocto/5.4: update to v5.4.238
        linux-yocto/5.4: update to v5.4.240
        linux-yocto/5.4: update to v5.4.241
        linux-yocto/5.4: update to v5.4.242
        linux-yocto/5.4: update to v5.4.243

  Dmitry Baryshkov (1):
        linux-firmware: upgrade 20230210 -> 20230404

  Hitendra Prajapati (2):
        git: fix CVE-2023-29007
        git: fix CVE-2023-25652

  Khem Raj (1):
        perf: Depend on native setuptools3

  Marek Vasut (1):
        cpio: Fix wrong CRC with ASCII CRC for large files

  Martin Jansa (1):
        populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO override

  Nikhil R (1):
        ffmpeg: Fix CVE-2022-48434

  Peter Marko (1):
        libxml2: patch CVE-2023-28484 and CVE-2023-29469

  Randolph Sapp (1):
        wic/bootimg-efi: if fixed-size is set then use that for mkdosfs

  Ranjitsinh Rathod (1):
        libbsd: Add correct license for all packages

  Shubham Kulkarni (1):
        go: Security fix for CVE-2023-24538

  Siddharth (1):
        curl: ammend fix for CVE-2023-27534 to fix error when ssh is enabled

  Steve Sakoman (1):
        selftest: skip virgl test on ubuntu 22.10, fedora 37, and all rocky

  Thomas Roos (1):
        oeqa/utils/metadata.py: Fix running oe-selftest running with no distro set

  Vijay Anusuri (3):
        ghostscript: Fix CVE-2023-28879
        xserver-xorg: Security fix CVE-2023-0494 and CVE-2023-1393
        go: Security fix CVE-2023-24540

  Vivek Kumbhar (1):
        freetype: fix CVE-2023-2004 integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c

  Yoann Congal (1):
        linux-yocto: Exclude 294 CVEs already fixed upstream

meta-openembedded: 7007d14c25..116bfe8d5e:
  Alex Yao (1):
        lcov: Fix Perl Path

  Hitendra Prajapati (1):
        multipath-tools: CVE-2022-41973 Symlink attack multipathd operates insecurely

  Hugo SIMELIERE (3):
        openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlist
        openvpn: upgrade 2.4.9 -> 2.4.12
        libmodbus: Fix CVE-2022-0367

  Jack Mitchell (2):
        nss: backport fix for native build failure due to implicit casting with gcc13
        nss: backport fix for native build failure due to dangling pointer with gcc13

  Narpat Mali (1):
        nodejs: make 14.18.1 available but not default

  Valeria Petrov (1):
        apache2: upgrade 2.4.56 -> 2.4.57

  Viktor Rosendahl (1):
        jsoncpp: Fix broken handling of escape characters

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I8260e0168ea1ddec7ee03555e4f5653155e0ab45
---
 .../recipes-support/openvpn/openvpn_2.4.12.bb      |   76 +
 .../recipes-support/openvpn/openvpn_2.4.9.bb       |   73 -
 ...-fix-inverted-sense-in-isAnyCharRequiredQ.patch |   52 +
 .../recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb      |    5 +-
 ...nning-gyp-files-for-bundled-deps-nodejs14.patch |   22 +
 ...1-jinja-tests.py-add-py-3.10-fix-nodejs14.patch |   40 +
 ...-not-use-mminimal-toc-with-clang-nodejs14.patch |   27 +
 .../0002-Using-native-binaries-nodejs14.patch      |   62 +
 ...all-both-binaries-and-use-libdir-nodejs14.patch |   84 +
 .../nodejs/nodejs/libatomic-nodejs14.patch         |   21 +
 .../nodejs/nodejs/mips-less-memory-nodejs14.patch  |   32 +
 .../recipes-devtools/nodejs/nodejs_14.18.1.bb      |  205 +++
 .../libmodbus/libmodbus/CVE-2022-0367.patch        |   38 +
 .../recipes-extended/libmodbus/libmodbus_3.1.6.bb  |    5 +-
 .../meta-oe/recipes-support/lcov/lcov_1.14.bb      |    2 +-
 .../multipath-tools/files/CVE-2022-41973.patch     |  154 ++
 .../multipath-tools/multipath-tools_0.8.4.bb       |    4 +
 ...-build-failure-while-implicitly-casting-S.patch |   46 +
 ...-cmd-ecperf-fix-dangling-pointer-warning-.patch |   75 +
 .../meta-oe/recipes-support/nss/nss_3.51.1.bb      |    2 +
 ...pers-config9.m4-Add-server-directory-to-i.patch |   31 +
 .../recipes-httpd/apache2/apache2_2.4.56.bb        |  225 ---
 .../recipes-httpd/apache2/apache2_2.4.57.bb        |  226 +++
 poky/meta/classes/populate_sdk_ext.bbclass         |    3 +-
 poky/meta/classes/pypi.bbclass                     |    2 +
 poky/meta/lib/oeqa/selftest/cases/runtime_test.py  |    6 +
 poky/meta/lib/oeqa/utils/metadata.py               |    6 +-
 .../connman/connman/CVE-2023-28488.patch           |   54 +
 .../recipes-connectivity/connman/connman_1.37.bb   |    1 +
 .../openssh/openssh/sshd.socket                    |    1 +
 .../openssh/openssh/sshd@.service                  |    2 -
 .../libxml/libxml2/CVE-2023-28484.patch            |   79 +
 .../libxml/libxml2/CVE-2023-29469.patch            |   42 +
 poky/meta/recipes-core/libxml/libxml2_2.9.10.bb    |    2 +
 .../git/files/CVE-2023-25652.patch                 |   94 +
 .../git/files/CVE-2023-29007.patch                 |  159 ++
 poky/meta/recipes-devtools/git/git.inc             |    2 +
 poky/meta/recipes-devtools/go/go-1.14.inc          |    5 +
 .../go/go-1.14/CVE-2023-24538-1.patch              |  125 ++
 .../go/go-1.14/CVE-2023-24538-2.patch              |  196 +++
 .../go/go-1.14/CVE-2023-24538-3.patch              |  208 +++
 .../go/go-1.14/CVE-2023-24539.patch                |   60 +
 .../go/go-1.14/CVE-2023-24540.patch                |   90 +
 .../run-postinsts/run-postinsts.service            |    2 +-
 ...-Wrong-CRC-with-ASCII-CRC-for-large-files.patch |   39 +
 poky/meta/recipes-extended/cpio/cpio_2.13.bb       |    1 +
 .../ghostscript/ghostscript/CVE-2023-28879.patch   |   54 +
 .../ghostscript/ghostscript_9.52.bb                |    1 +
 .../freetype/freetype/CVE-2023-2004.patch          |   40 +
 .../recipes-graphics/freetype/freetype_2.10.1.bb   |    1 +
 .../xorg-xserver/xserver-xorg/CVE-2023-0494.patch  |   38 +
 .../xorg-xserver/xserver-xorg/CVE-2023-1393.patch  |   46 +
 .../xorg-xserver/xserver-xorg_1.20.14.bb           |    2 +
 .../linux-firmware/linux-firmware_20230210.bb      | 1131 ------------
 .../linux-firmware/linux-firmware_20230404.bb      | 1131 ++++++++++++
 poky/meta/recipes-kernel/linux/cve-exclusion.inc   | 1840 ++++++++++++++++++++
 .../recipes-kernel/linux/linux-yocto-rt_5.4.bb     |    6 +-
 .../recipes-kernel/linux/linux-yocto-tiny_5.4.bb   |    8 +-
 poky/meta/recipes-kernel/linux/linux-yocto.inc     |    3 +
 poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb  |   22 +-
 poky/meta/recipes-kernel/perf/perf.bb              |    2 +-
 .../ffmpeg/ffmpeg/CVE-2022-48434.patch             |  136 ++
 .../meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb |    1 +
 .../curl/curl/CVE-2023-27534-pre1.patch            |   51 +
 .../recipes-support/curl/curl/CVE-2023-27534.patch |  122 +-
 poky/meta/recipes-support/curl/curl_7.69.1.bb      |    1 +
 poky/meta/recipes-support/libbsd/libbsd_0.10.0.bb  |    6 +
 poky/scripts/lib/wic/plugins/source/bootimg-efi.py |    7 +
 68 files changed, 5771 insertions(+), 1564 deletions(-)
 create mode 100644 meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.4.12.bb
 delete mode 100644 meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb
 create mode 100644 meta-openembedded/meta-oe/recipes-devtools/jsoncpp/jsoncpp/0001-json_writer-fix-inverted-sense-in-isAnyCharRequiredQ.patch
 create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps-nodejs14.patch
 create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-jinja-tests.py-add-py-3.10-fix-nodejs14.patch
 create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-ppc64-Do-not-use-mminimal-toc-with-clang-nodejs14.patch
 create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries-nodejs14.patch
 create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0003-Install-both-binaries-and-use-libdir-nodejs14.patch
 create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/libatomic-nodejs14.patch
 create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/mips-less-memory-nodejs14.patch
 create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_14.18.1.bb
 create mode 100644 meta-openembedded/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch
 create mode 100644 meta-openembedded/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41973.patch
 create mode 100644 meta-openembedded/meta-oe/recipes-support/nss/nss/0001-Bug-1812671-build-failure-while-implicitly-casting-S.patch
 create mode 100644 meta-openembedded/meta-oe/recipes-support/nss/nss/0001-Bug-1826650-cmd-ecperf-fix-dangling-pointer-warning-.patch
 create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch
 delete mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.56.bb
 create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb
 create mode 100644 poky/meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
 create mode 100644 poky/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
 create mode 100644 poky/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
 create mode 100644 poky/meta/recipes-devtools/git/files/CVE-2023-25652.patch
 create mode 100644 poky/meta/recipes-devtools/git/files/CVE-2023-29007.patch
 create mode 100644 poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch
 create mode 100644 poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-2.patch
 create mode 100644 poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-3.patch
 create mode 100644 poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24539.patch
 create mode 100644 poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24540.patch
 create mode 100644 poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch
 create mode 100644 poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-28879.patch
 create mode 100644 poky/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
 create mode 100644 poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch
 create mode 100644 poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-1393.patch
 delete mode 100644 poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb
 create mode 100644 poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230404.bb
 create mode 100644 poky/meta/recipes-kernel/linux/cve-exclusion.inc
 create mode 100644 poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch
 create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2023-27534-pre1.patch

diff --git a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.4.12.bb b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.4.12.bb
new file mode 100644
index 0000000000..55e66036b7
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.4.12.bb
@@ -0,0 +1,76 @@
+SUMMARY = "A full-featured SSL VPN solution via tun device."
+HOMEPAGE = "https://openvpn.net/"
+SECTION = "net"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=7aee596ed2deefe3e8a861e24292abba"
+DEPENDS = "lzo openssl iproute2 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+
+inherit autotools systemd update-rc.d
+
+SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \
+           file://openvpn \
+           file://openvpn@.service \
+           file://openvpn-volatile.conf"
+
+UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads"
+
+SRC_URI[md5sum] = "e83d430947fb7c9ad1a174987317d1dc"
+SRC_URI[sha256sum] = "66952d9c95490e5875f04c9f8fa313b5e816d1b7b4d6cda3fb2ff749ad405dee"
+
+# CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn.
+CVE_CHECK_WHITELIST += "CVE-2020-7224 CVE-2020-27569"
+
+SYSTEMD_SERVICE_${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service"
+SYSTEMD_AUTO_ENABLE = "disable"
+
+INITSCRIPT_PACKAGES = "${PN}"
+INITSCRIPT_NAME_${PN} = "openvpn"
+INITSCRIPT_PARAMS_${PN} = "start 10 2 3 4 5 . stop 70 0 1 6 ."
+
+CFLAGS += "-fno-inline"
+
+# I want openvpn to be able to read password from file (hrw)
+EXTRA_OECONF += "--enable-iproute2"
+EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '--disable-plugin-auth-pam', d)}"
+
+# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host.
+EXTRA_OECONF += "IPROUTE=${base_sbindir}/ip"
+
+do_install_append() {
+    install -d ${D}/${sysconfdir}/init.d
+    install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d
+
+    install -d ${D}/${sysconfdir}/openvpn
+    install -d ${D}/${sysconfdir}/openvpn/sample
+    install -m 755 ${S}/sample/sample-config-files/loopback-server  ${D}${sysconfdir}/openvpn/sample/loopback-server.conf
+    install -m 755 ${S}/sample/sample-config-files/loopback-client  ${D}${sysconfdir}/openvpn/sample/loopback-client.conf
+    install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-keys
+    install -m 644 ${S}/sample/sample-keys/* ${D}${sysconfdir}/openvpn/sample/sample-keys
+
+    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+        install -d ${D}/${systemd_unitdir}/system
+        install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system
+        install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-server.service
+        install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-client.service
+
+        install -d ${D}/${localstatedir}
+        install -d ${D}/${localstatedir}/lib
+        install -d -m 710 ${D}/${localstatedir}/lib/openvpn
+
+        install -d ${D}${sysconfdir}/tmpfiles.d
+        install -m 0644 ${WORKDIR}/openvpn-volatile.conf ${D}${sysconfdir}/tmpfiles.d/openvpn.conf
+        sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/tmpfiles.d/openvpn.conf
+    fi
+}
+
+PACKAGES =+ " ${PN}-sample "
+
+RRECOMMENDS_${PN} = "kernel-module-tun"
+
+FILES_${PN}-dbg += "${libdir}/openvpn/plugins/.debug"
+FILES_${PN} += "${systemd_unitdir}/system/openvpn@.service \
+                ${sysconfdir}/tmpfiles.d \
+               "
+FILES_${PN}-sample += "${systemd_unitdir}/system/openvpn@loopback-server.service \
+                       ${systemd_unitdir}/system/openvpn@loopback-client.service \
+                       ${sysconfdir}/openvpn/sample/"
diff --git a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb b/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb
deleted file mode 100644
index 529e3912bb..0000000000
--- a/meta-openembedded/meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb
+++ /dev/null
@@ -1,73 +0,0 @@
-SUMMARY = "A full-featured SSL VPN solution via tun device."
-HOMEPAGE = "https://openvpn.net/"
-SECTION = "net"
-LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://COPYING;md5=7aee596ed2deefe3e8a861e24292abba"
-DEPENDS = "lzo openssl iproute2 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
-
-inherit autotools systemd update-rc.d
-
-SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \
-           file://openvpn \
-           file://openvpn@.service \
-           file://openvpn-volatile.conf"
-
-UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads"
-
-SRC_URI[md5sum] = "52863fa9b98e5a3d7f8bec1d5785a2ba"
-SRC_URI[sha256sum] = "46b268ef88e67ca6de2e9f19943eb9e5ac8544e55f5c1f3af677298d03e64b6e"
-
-SYSTEMD_SERVICE_${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service"
-SYSTEMD_AUTO_ENABLE = "disable"
-
-INITSCRIPT_PACKAGES = "${PN}"
-INITSCRIPT_NAME_${PN} = "openvpn"
-INITSCRIPT_PARAMS_${PN} = "start 10 2 3 4 5 . stop 70 0 1 6 ."
-
-CFLAGS += "-fno-inline"
-
-# I want openvpn to be able to read password from file (hrw)
-EXTRA_OECONF += "--enable-iproute2"
-EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '--disable-plugin-auth-pam', d)}"
-
-# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host.
-EXTRA_OECONF += "IPROUTE=${base_sbindir}/ip"
-
-do_install_append() {
-    install -d ${D}/${sysconfdir}/init.d
-    install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d
-
-    install -d ${D}/${sysconfdir}/openvpn
-    install -d ${D}/${sysconfdir}/openvpn/sample
-    install -m 755 ${S}/sample/sample-config-files/loopback-server  ${D}${sysconfdir}/openvpn/sample/loopback-server.conf
-    install -m 755 ${S}/sample/sample-config-files/loopback-client  ${D}${sysconfdir}/openvpn/sample/loopback-client.conf
-    install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-keys
-    install -m 644 ${S}/sample/sample-keys/* ${D}${sysconfdir}/openvpn/sample/sample-keys
-
-    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
-        install -d ${D}/${systemd_unitdir}/system
-        install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system
-        install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-server.service
-        install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-client.service
-
-        install -d ${D}/${localstatedir}
-        install -d ${D}/${localstatedir}/lib
-        install -d -m 710 ${D}/${localstatedir}/lib/openvpn
-
-        install -d ${D}${sysconfdir}/tmpfiles.d
-        install -m 0644 ${WORKDIR}/openvpn-volatile.conf ${D}${sysconfdir}/tmpfiles.d/openvpn.conf
-        sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/tmpfiles.d/openvpn.conf
-    fi
-}
-
-PACKAGES =+ " ${PN}-sample "
-
-RRECOMMENDS_${PN} = "kernel-module-tun"
-
-FILES_${PN}-dbg += "${libdir}/openvpn/plugins/.debug"
-FILES_${PN} += "${systemd_unitdir}/system/openvpn@.service \
-                ${sysconfdir}/tmpfiles.d \
-               "
-FILES_${PN}-sample += "${systemd_unitdir}/system/openvpn@loopback-server.service \
-                       ${systemd_unitdir}/system/openvpn@loopback-client.service \
-                       ${sysconfdir}/openvpn/sample/"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/jsoncpp/jsoncpp/0001-json_writer-fix-inverted-sense-in-isAnyCharRequiredQ.patch b/meta-openembedded/meta-oe/recipes-devtools/jsoncpp/jsoncpp/0001-json_writer-fix-inverted-sense-in-isAnyCharRequiredQ.patch
new file mode 100644
index 0000000000..784f175eea
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/jsoncpp/jsoncpp/0001-json_writer-fix-inverted-sense-in-isAnyCharRequiredQ.patch
@@ -0,0 +1,52 @@
+From 2d5a94aeeab01f0448b5a0bb8d4a9a23a5b790d5 Mon Sep 17 00:00:00 2001
+From: Andrew Childs <lorne@cons.org.nz>
+Date: Sat, 28 Dec 2019 16:04:24 +0900
+Subject: [PATCH] json_writer: fix inverted sense in isAnyCharRequiredQuoting
+ (#1120)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This bug is only affects platforms where `char` is unsigned.
+
+When char is a signed type, values >= 0x80 are also considered < 0,
+and hence require escaping due to the < ' ' condition.
+
+When char is an unsigned type, values >= 0x80 match none of the
+conditions and are considered safe to emit without escaping.
+
+This shows up as a test failure:
+
+* Detail of EscapeSequenceTest/writeEscapeSequence test failure:
+/build/source/src/test_lib_json/main.cpp(3370): expected == result
+  Expected: '["\"","\\","\b","\f","\n","\r","\t","\u0278","\ud852\udf62"]
+  '
+  Actual  : '["\"","\\","\b","\f","\n","\r","\t","ɸ","𤭢"]
+  '
+Upstream-Status: Backport [https://github.com/open-source-parsers/jsoncpp/commit/f11611c8785082ead760494cba06196f14a06dcb]
+
+Signed-off-by: Viktor Rosendahl <Viktor.Rosendahl@bmw.de>
+
+---
+ src/lib_json/json_writer.cpp | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib_json/json_writer.cpp b/src/lib_json/json_writer.cpp
+index 519ce23..b68a638 100644
+--- a/src/lib_json/json_writer.cpp
++++ b/src/lib_json/json_writer.cpp
+@@ -178,8 +178,9 @@ static bool isAnyCharRequiredQuoting(char const* s, size_t n) {
+ 
+   char const* const end = s + n;
+   for (char const* cur = s; cur < end; ++cur) {
+-    if (*cur == '\\' || *cur == '\"' || *cur < ' ' ||
+-        static_cast<unsigned char>(*cur) < 0x80)
++    if (*cur == '\\' || *cur == '\"' ||
++        static_cast<unsigned char>(*cur) < ' ' ||
++        static_cast<unsigned char>(*cur) >= 0x80)
+       return true;
+   }
+   return false;
+-- 
+2.17.1
+
diff --git a/meta-openembedded/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb b/meta-openembedded/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
index 629881f0cf..ae4b4c9840 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
@@ -14,7 +14,10 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=fa2a23dd1dc6c139f35105379d76df2b"
 
 SRCREV = "d2e6a971f4544c55b8e3b25cf96db266971b778f"
-SRC_URI = "git://github.com/open-source-parsers/jsoncpp;branch=master;protocol=https"
+SRC_URI = "\
+           git://github.com/open-source-parsers/jsoncpp;branch=master;protocol=https \
+           file://0001-json_writer-fix-inverted-sense-in-isAnyCharRequiredQ.patch \
+          "
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps-nodejs14.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps-nodejs14.patch
new file mode 100644
index 0000000000..c719c9c3b0
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps-nodejs14.patch
@@ -0,0 +1,22 @@
+From 7d94bfe53beeb2d25eb5f2ff6b1d509df7e6ab80 Mon Sep 17 00:00:00 2001
+From: Zuzana Svetlikova <zsvetlik@redhat.com>
+Date: Thu, 27 Apr 2017 14:25:42 +0200
+Subject: [PATCH] Disable running gyp on shared deps
+
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 93d63110..79caaec2 100644
+--- a/Makefile
++++ b/Makefile
+@@ -138,7 +138,7 @@ with-code-cache test-code-cache:
+	$(warning '$@' target is a noop)
+
+ out/Makefile: config.gypi common.gypi node.gyp \
+-	deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \
++	deps/llhttp/llhttp.gyp \
+	tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
+	tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
+	$(PYTHON) tools/gyp_node.py -f make
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-jinja-tests.py-add-py-3.10-fix-nodejs14.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-jinja-tests.py-add-py-3.10-fix-nodejs14.patch
new file mode 100644
index 0000000000..8c5f75112d
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-jinja-tests.py-add-py-3.10-fix-nodejs14.patch
@@ -0,0 +1,40 @@
+From e1d838089cd461d9efcf4d29d9f18f65994d2d6b Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Sun, 3 Oct 2021 22:48:39 +0200
+Subject: [PATCH] jinja/tests.py: add py 3.10 fix
+
+Upstream-Status: Pending
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ deps/v8/third_party/jinja2/tests.py      | 2 +-
+ tools/inspector_protocol/jinja2/tests.py | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/deps/v8/third_party/jinja2/tests.py b/deps/v8/third_party/jinja2/tests.py
+index 0adc3d4..b14f85f 100644
+--- a/deps/v8/third_party/jinja2/tests.py
++++ b/deps/v8/third_party/jinja2/tests.py
+@@ -10,7 +10,7 @@
+ """
+ import operator
+ import re
+-from collections import Mapping
++from collections.abc import Mapping
+ from jinja2.runtime import Undefined
+ from jinja2._compat import text_type, string_types, integer_types
+ import decimal
+diff --git a/tools/inspector_protocol/jinja2/tests.py b/tools/inspector_protocol/jinja2/tests.py
+index 0adc3d4..b14f85f 100644
+--- a/tools/inspector_protocol/jinja2/tests.py
++++ b/tools/inspector_protocol/jinja2/tests.py
+@@ -10,7 +10,7 @@
+ """
+ import operator
+ import re
+-from collections import Mapping
++from collections.abc import Mapping
+ from jinja2.runtime import Undefined
+ from jinja2._compat import text_type, string_types, integer_types
+ import decimal
+--
+2.20.1
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-ppc64-Do-not-use-mminimal-toc-with-clang-nodejs14.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-ppc64-Do-not-use-mminimal-toc-with-clang-nodejs14.patch
new file mode 100644
index 0000000000..ee287bf94a
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-ppc64-Do-not-use-mminimal-toc-with-clang-nodejs14.patch
@@ -0,0 +1,27 @@
+From 0976af0f3b328436ea44a74a406f311adb2ab211 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 15 Jun 2021 19:01:31 -0700
+Subject: [PATCH] ppc64: Do not use -mminimal-toc with clang
+
+clang does not support this option
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ common.gypi | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/common.gypi b/common.gypi
+index ee91fb1d..049c8f8c 100644
+--- a/common.gypi
++++ b/common.gypi
+@@ -413,7 +413,7 @@
+             'ldflags': [ '-m32' ],
+           }],
+           [ 'target_arch=="ppc64" and OS!="aix"', {
+-            'cflags': [ '-m64', '-mminimal-toc' ],
++            'cflags': [ '-m64' ],
+             'ldflags': [ '-m64' ],
+           }],
+           [ 'target_arch=="s390x"', {
+--
+2.32.0
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries-nodejs14.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries-nodejs14.patch
new file mode 100644
index 0000000000..c6fc2dcd76
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries-nodejs14.patch
@@ -0,0 +1,62 @@
+From 6c3ac20477a4bac643088f24df3c042e627fafa9 Mon Sep 17 00:00:00 2001
+From: Guillaume Burel <guillaume.burel@stormshield.eu>
+Date: Fri, 3 Jan 2020 11:25:54 +0100
+Subject: [PATCH] Using native binaries
+
+---
+ node.gyp                 |  4 ++--
+ tools/v8_gypfiles/v8.gyp | 11 ++++-------
+ 2 files changed, 6 insertions(+), 9 deletions(-)
+
+--- a/node.gyp
++++ b/node.gyp
+@@ -487,6 +487,7 @@
+               'action_name': 'run_mkcodecache',
+               'process_outputs_as_sources': 1,
+               'inputs': [
++                '<(PRODUCT_DIR)/v8-qemu-wrapper.sh',
+                 '<(mkcodecache_exec)',
+               ],
+               'outputs': [
+@@ -512,6 +513,7 @@
+               'action_name': 'node_mksnapshot',
+               'process_outputs_as_sources': 1,
+               'inputs': [
++                '<(PRODUCT_DIR)/v8-qemu-wrapper.sh',
+                 '<(node_mksnapshot_exec)',
+               ],
+               'outputs': [
+--- a/tools/v8_gypfiles/v8.gyp
++++ b/tools/v8_gypfiles/v8.gyp
+@@ -220,6 +220,7 @@
+         {
+           'action_name': 'run_torque_action',
+           'inputs': [  # Order matters.
++            '<(PRODUCT_DIR)/v8-qemu-wrapper.sh',
+             '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)torque<(EXECUTABLE_SUFFIX)',
+             '<@(torque_files)',
+           ],
+@@ -351,6 +352,7 @@
+         {
+           'action_name': 'generate_bytecode_builtins_list_action',
+           'inputs': [
++            '<(PRODUCT_DIR)/v8-qemu-wrapper.sh',
+             '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)bytecode_builtins_list_generator<(EXECUTABLE_SUFFIX)',
+           ],
+           'outputs': [
+@@ -533,6 +535,7 @@
+             ],
+           },
+           'inputs': [
++            '<(PRODUCT_DIR)/v8-qemu-wrapper.sh',
+             '<(mksnapshot_exec)',
+           ],
+           'outputs': [
+@@ -1448,6 +1451,7 @@
+         {
+           'action_name': 'run_gen-regexp-special-case_action',
+           'inputs': [
++            '<(PRODUCT_DIR)/v8-qemu-wrapper.sh',
+             '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)gen-regexp-special-case<(EXECUTABLE_SUFFIX)',
+           ],
+           'outputs': [
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0003-Install-both-binaries-and-use-libdir-nodejs14.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0003-Install-both-binaries-and-use-libdir-nodejs14.patch
new file mode 100644
index 0000000000..3c4b2317d8
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0003-Install-both-binaries-and-use-libdir-nodejs14.patch
@@ -0,0 +1,84 @@
+From 5b22fac923d1ca3e9fefb97f5a171124a88f5e22 Mon Sep 17 00:00:00 2001
+From: Elliott Sales de Andrade <quantum.analyst@gmail.com>
+Date: Tue, 19 Mar 2019 23:22:40 -0400
+Subject: [PATCH] Install both binaries and use libdir.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This allows us to build with a shared library for other users while
+still providing the normal executable.
+
+Taken from - https://src.fedoraproject.org/rpms/nodejs/raw/rawhide/f/0002-Install-both-binaries-and-use-libdir.patch
+
+Upstream-Status: Pending
+
+Signed-off-by: Elliott Sales de Andrade <quantum.analyst@gmail.com>
+Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ configure.py     |  7 +++++++
+ tools/install.py | 21 +++++++++------------
+ 2 files changed, 16 insertions(+), 12 deletions(-)
+
+diff --git a/configure.py b/configure.py
+index e6f7e4db..6cf5c45d 100755
+--- a/configure.py
++++ b/configure.py
+@@ -626,6 +626,12 @@ parser.add_option('--shared',
+     help='compile shared library for embedding node in another project. ' +
+          '(This mode is not officially supported for regular applications)')
+
++parser.add_option('--libdir',
++    action='store',
++    dest='libdir',
++    default='lib',
++    help='a directory to install the shared library into')
++
+ parser.add_option('--without-v8-platform',
+     action='store_true',
+     dest='without_v8_platform',
+@@ -1202,6 +1208,7 @@ def configure_node(o):
+   o['variables']['node_no_browser_globals'] = b(options.no_browser_globals)
+
+   o['variables']['node_shared'] = b(options.shared)
++  o['variables']['libdir'] = options.libdir
+   node_module_version = getmoduleversion.get_version()
+
+   if options.dest_os == 'android':
+diff --git a/tools/install.py b/tools/install.py
+index 729b416f..9bfc6234 100755
+--- a/tools/install.py
++++ b/tools/install.py
+@@ -121,22 +121,19 @@ def subdir_files(path, dest, action):
+
+ def files(action):
+   is_windows = sys.platform == 'win32'
+-  output_file = 'node'
+   output_prefix = 'out/Release/'
++  output_libprefix = output_prefix
+
+-  if 'false' == variables.get('node_shared'):
+-    if is_windows:
+-      output_file += '.exe'
++  if is_windows:
++    output_bin = 'node.exe'
++    output_lib = 'node.dll'
+   else:
+-    if is_windows:
+-      output_file += '.dll'
+-    else:
+-      output_file = 'lib' + output_file + '.' + variables.get('shlib_suffix')
++    output_bin = 'node'
++    output_lib = 'libnode.' + variables.get('shlib_suffix')
+
+-  if 'false' == variables.get('node_shared'):
+-    action([output_prefix + output_file], 'bin/' + output_file)
+-  else:
+-    action([output_prefix + output_file], 'lib/' + output_file)
++  action([output_prefix + output_bin], 'bin/' + output_bin)
++  if 'true' == variables.get('node_shared'):
++    action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib)
+
+   if 'true' == variables.get('node_use_dtrace'):
+     action(['out/Release/node.d'], 'lib/dtrace/node.d')
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/libatomic-nodejs14.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/libatomic-nodejs14.patch
new file mode 100644
index 0000000000..cdf6bc8e23
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/libatomic-nodejs14.patch
@@ -0,0 +1,21 @@
+Link mksnapshot with libatomic on x86
+
+Clang-12 on x86 emits atomic builtins
+
+Fixes
+| module-compiler.cc:(.text._ZN2v88internal4wasm12_GLOBAL__N_123ExecuteCompilationUnitsERKSt10shared_ptrINS2_22BackgroundCompileTokenEEPNS0_8CountersEiNS2_19CompileBaselineOnlyE+0x558): un
+defined reference to `__atomic_load'
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+--- a/tools/v8_gypfiles/v8.gyp
++++ b/tools/v8_gypfiles/v8.gyp
+@@ -1336,6 +1336,7 @@
+     {
+       'target_name': 'mksnapshot',
+       'type': 'executable',
++      'libraries': [ '-latomic' ],
+       'dependencies': [
+         'v8_base_without_compiler',
+         'v8_compiler_for_mksnapshot',
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/mips-less-memory-nodejs14.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/mips-less-memory-nodejs14.patch
new file mode 100644
index 0000000000..21a2281231
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/mips-less-memory-nodejs14.patch
@@ -0,0 +1,32 @@
+Description: mksnapshot uses too much memory on 32-bit mipsel
+Author: Jérémy Lal <kapouer@melix.org>
+Last-Update: 2020-06-03
+Forwarded: https://bugs.chromium.org/p/v8/issues/detail?id=10586
+
+This ensures that we reserve 500M instead of 2G range for codegen
+ensures that qemu-mips can allocate such large ranges
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+--- a/deps/v8/src/common/globals.h
++++ b/deps/v8/src/common/globals.h
+@@ -224,7 +224,7 @@ constexpr size_t kMinimumCodeRangeSize =
+ constexpr size_t kMinExpectedOSPageSize = 64 * KB;  // OS page on PPC Linux
+ #elif V8_TARGET_ARCH_MIPS
+ constexpr bool kPlatformRequiresCodeRange = false;
+-constexpr size_t kMaximalCodeRangeSize = 2048LL * MB;
++constexpr size_t kMaximalCodeRangeSize = 512 * MB;
+ constexpr size_t kMinimumCodeRangeSize = 0 * MB;
+ constexpr size_t kMinExpectedOSPageSize = 4 * KB;  // OS page.
+ #else
+--- a/deps/v8/src/codegen/mips/constants-mips.h
++++ b/deps/v8/src/codegen/mips/constants-mips.h
+@@ -140,7 +140,7 @@ const uint32_t kLeastSignificantByteInIn
+ namespace v8 {
+ namespace internal {
+
+-constexpr size_t kMaxPCRelativeCodeRangeInMB = 4096;
++constexpr size_t kMaxPCRelativeCodeRangeInMB = 1024;
+
+ // -----------------------------------------------------------------------------
+ // Registers and FPURegisters.
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_14.18.1.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_14.18.1.bb
new file mode 100644
index 0000000000..fc886817ac
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_14.18.1.bb
@@ -0,0 +1,205 @@
+DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript"
+HOMEPAGE = "http://nodejs.org"
+LICENSE = "MIT & BSD & Artistic-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=6768abdfc4dae4fde59d6b4df96930f3"
+
+DEFAULT_PREFERENCE = "-1"
+
+DEPENDS = "openssl"
+DEPENDS:append:class-target = " qemu-native"
+DEPENDS:append:class-native = " c-ares-native"
+
+inherit pkgconfig python3native qemu
+
+COMPATIBLE_MACHINE:armv4 = "(!.*armv4).*"
+COMPATIBLE_MACHINE:armv5 = "(!.*armv5).*"
+COMPATIBLE_MACHINE:mips64 = "(!.*mips64).*"
+
+COMPATIBLE_HOST:riscv64 = "null"
+COMPATIBLE_HOST:riscv32 = "null"
+
+SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
+           file://0001-Disable-running-gyp-files-for-bundled-deps-nodejs14.patch \
+           file://0003-Install-both-binaries-and-use-libdir-nodejs14.patch \
+           file://0004-v8-don-t-override-ARM-CFLAGS.patch \
+           file://big-endian.patch \
+           file://mips-warnings.patch \
+           file://mips-less-memory-nodejs14.patch \
+           file://0001-jinja-tests.py-add-py-3.10-fix-nodejs14.patch \
+           file://CVE-2022-32212.patch \
+           file://CVE-2022-35255.patch \
+           file://CVE-2022-43548.patch \
+           "
+SRC_URI:append:class-target = " \
+           file://0002-Using-native-binaries-nodejs14.patch \
+           "
+SRC_URI:append:toolchain-clang:x86 = " \
+           file://libatomic-nodejs14.patch \
+           "
+SRC_URI:append:toolchain-clang:powerpc64le = " \
+           file://0001-ppc64-Do-not-use-mminimal-toc-with-clang-nodejs14.patch \
+           "
+SRC_URI[sha256sum] = "3fa1d71adddfab2f5e3e41874b4eddbdf92b65cade4a43922fb1e437afcf89ed"
+
+S = "${WORKDIR}/node-v${PV}"
+
+# v8 errors out if you have set CCACHE
+CCACHE = ""
+
+def map_nodejs_arch(a, d):
+    import re
+
+    if   re.match('i.86$', a): return 'ia32'
+    elif re.match('x86_64$', a): return 'x64'
+    elif re.match('aarch64$', a): return 'arm64'
+    elif re.match('(powerpc64|powerpc64le|ppc64le)$', a): return 'ppc64'
+    elif re.match('powerpc$', a): return 'ppc'
+    return a
+
+ARCHFLAGS:arm = "${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', '--with-arm-float-abi=hard', '--with-arm-float-abi=softfp', d)} \
+                 ${@bb.utils.contains('TUNE_FEATURES', 'neon', '--with-arm-fpu=neon', \
+                    bb.utils.contains('TUNE_FEATURES', 'vfpv3d16', '--with-arm-fpu=vfpv3-d16', \
+                    bb.utils.contains('TUNE_FEATURES', 'vfpv3', '--with-arm-fpu=vfpv3', \
+                    '--with-arm-fpu=vfp', d), d), d)}"
+GYP_DEFINES:append:mipsel = " mips_arch_variant='r1' "
+ARCHFLAGS ?= ""
+
+PACKAGECONFIG ??= "brotli icu zlib"
+
+PACKAGECONFIG[ares] = "--shared-cares,,c-ares"
+PACKAGECONFIG[brotli] = "--shared-brotli,,brotli"
+PACKAGECONFIG[icu] = "--with-intl=system-icu,--without-intl,icu"
+PACKAGECONFIG[libuv] = "--shared-libuv,,libuv"
+PACKAGECONFIG[nghttp2] = "--shared-nghttp2,,nghttp2"
+PACKAGECONFIG[shared] = "--shared"
+PACKAGECONFIG[zlib] = "--shared-zlib,,zlib"
+
+# We don't want to cross-compile during target compile,
+# and we need to use the right flags during host compile,
+# too.
+EXTRA_OEMAKE = "\
+    CC.host='${CC}' \
+    CFLAGS.host='${CPPFLAGS} ${CFLAGS}' \
+    CXX.host='${CXX}' \
+    CXXFLAGS.host='${CPPFLAGS} ${CXXFLAGS}' \
+    LDFLAGS.host='${LDFLAGS}' \
+    AR.host='${AR}' \
+    \
+    builddir_name=./ \
+"
+
+python do_unpack() {
+    import shutil
+
+    bb.build.exec_func('base_do_unpack', d)
+
+    if 'ares' in d.getVar('PACKAGECONFIG'):
+        shutil.rmtree(d.getVar('S') + '/deps/cares', True)
+    if 'brotli' in d.getVar('PACKAGECONFIG'):
+        shutil.rmtree(d.getVar('S') + '/deps/brotli', True)
+    if 'libuv' in d.getVar('PACKAGECONFIG'):
+        shutil.rmtree(d.getVar('S') + '/deps/uv', True)
+    if 'nghttp2' in d.getVar('PACKAGECONFIG'):
+        shutil.rmtree(d.getVar('S') + '/deps/nghttp2', True)
+    if 'zlib' in d.getVar('PACKAGECONFIG'):
+        shutil.rmtree(d.getVar('S') + '/deps/zlib', True)
+}
+
+# V8's JIT infrastructure requires binaries such as mksnapshot and
+# mkpeephole to be run in the host during the build. However, these
+# binaries must have the same bit-width as the target (e.g. a x86_64
+# host targeting ARMv6 needs to produce a 32-bit binary). Instead of
+# depending on a third Yocto toolchain, we just build those binaries
+# for the target and run them on the host with QEMU.
+python do_create_v8_qemu_wrapper () {
+    """Creates a small wrapper that invokes QEMU to run some target V8 binaries
+    on the host."""
+    qemu_libdirs = [d.expand('${STAGING_DIR_HOST}${libdir}'),
+                    d.expand('${STAGING_DIR_HOST}${base_libdir}')]
+    qemu_cmd = qemu_wrapper_cmdline(d, d.getVar('STAGING_DIR_HOST', True),
+                                    qemu_libdirs)
+    wrapper_path = d.expand('${B}/v8-qemu-wrapper.sh')
+    with open(wrapper_path, 'w') as wrapper_file:
+        wrapper_file.write("""#!/bin/sh
+
+# This file has been generated automatically.
+# It invokes QEMU to run binaries built for the target in the host during the
+# build process.
+
+%s "$@"
+""" % qemu_cmd)
+    os.chmod(wrapper_path, 0o755)
+}
+
+do_create_v8_qemu_wrapper[dirs] = "${B}"
+addtask create_v8_qemu_wrapper after do_configure before do_compile
+
+LDFLAGS:append:x86 = " -latomic"
+
+# Node is way too cool to use proper autotools, so we install two wrappers to forcefully inject proper arch cflags to workaround gypi
+do_configure () {
+    export LD="${CXX}"
+    GYP_DEFINES="${GYP_DEFINES}" export GYP_DEFINES
+    # $TARGET_ARCH settings don't match --dest-cpu settings
+    python3 configure.py --prefix=${prefix} --cross-compiling \
+               --without-dtrace \
+               --without-etw \
+               --dest-cpu="${@map_nodejs_arch(d.getVar('TARGET_ARCH'), d)}" \
+               --dest-os=linux \
+               --libdir=${D}${libdir} \
+               ${ARCHFLAGS} \
+               ${PACKAGECONFIG_CONFARGS}
+}
+
+do_compile () {
+    export LD="${CXX}"
+    install -Dm 0755 ${B}/v8-qemu-wrapper.sh ${B}/out/Release/v8-qemu-wrapper.sh
+    oe_runmake BUILDTYPE=Release
+}
+
+do_install () {
+    oe_runmake install DESTDIR=${D}
+
+    # wasn't updated since 2009 and is the only thing requiring python2 in runtime
+    # ERROR: nodejs-12.14.1-r0 do_package_qa: QA Issue: /usr/lib/node_modules/npm/node_modules/node-gyp/gyp/samples/samples contained in package nodejs-npm requires /usr/bin/python, but no providers found in RDEPENDS:nodejs-npm? [file-rdeps]
+    rm -f ${D}${exec_prefix}/lib/node_modules/npm/node_modules/node-gyp/gyp/samples/samples
+}
+
+do_install:append:class-native() {
+    # use node from PATH instead of absolute path to sysroot
+    # node-v0.10.25/tools/install.py is using:
+    # shebang = os.path.join(node_prefix, 'bin/node')
+    # update_shebang(link_path, shebang)
+    # and node_prefix can be very long path to bindir in native sysroot and
+    # when it exceeds 128 character shebang limit it's stripped to incorrect path
+    # and npm fails to execute like in this case with 133 characters show in log.do_install:
+    # updating shebang of /home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/work/x86_64-linux/nodejs-native/0.10.15-r0/image/home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/sysroots/x86_64-linux/usr/bin/npm to /home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/sysroots/x86_64-linux/usr/bin/node
+    # /usr/bin/npm is symlink to /usr/lib/node_modules/npm/bin/npm-cli.js
+    # use sed on npm-cli.js because otherwise symlink is replaced with normal file and
+    # npm-cli.js continues to use old shebang
+    sed "1s^.*^#\!/usr/bin/env node^g" -i ${D}${exec_prefix}/lib/node_modules/npm/bin/npm-cli.js
+
+    # Install the native binaries to provide it within sysroot for the target compilation
+    install -d ${D}${bindir}
+    install -m 0755 ${S}/out/Release/torque ${D}${bindir}/torque
+    install -m 0755 ${S}/out/Release/bytecode_builtins_list_generator ${D}${bindir}/bytecode_builtins_list_generator
+    if ${@bb.utils.contains('PACKAGECONFIG','icu','true','false',d)}; then
+        install -m 0755 ${S}/out/Release/gen-regexp-special-case ${D}${bindir}/gen-regexp-special-case
+    fi
+    install -m 0755 ${S}/out/Release/mkcodecache ${D}${bindir}/mkcodecache
+    install -m 0755 ${S}/out/Release/node_mksnapshot ${D}${bindir}/node_mksnapshot
+}
+
+do_install:append:class-target() {
+    sed "1s^.*^#\!${bindir}/env node^g" -i ${D}${exec_prefix}/lib/node_modules/npm/bin/npm-cli.js
+}
+
+PACKAGES =+ "${PN}-npm"
+FILES:${PN}-npm = "${exec_prefix}/lib/node_modules ${bindir}/npm ${bindir}/npx"
+RDEPENDS:${PN}-npm = "bash python3-core python3-shell python3-datetime \
+    python3-misc python3-multiprocessing"
+
+PACKAGES =+ "${PN}-systemtap"
+FILES:${PN}-systemtap = "${datadir}/systemtap"
+
+BBCLASSEXTEND = "native"
diff --git a/meta-openembedded/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch b/meta-openembedded/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch
new file mode 100644
index 0000000000..2aec818574
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch
@@ -0,0 +1,38 @@
+From 790ff6dad16b70e68804a2d53ad54db40412e889 Mon Sep 17 00:00:00 2001
+From: Michael Heimpold <mhei@heimpold.de>
+Date: Sat, 8 Jan 2022 20:00:50 +0100
+Subject: [PATCH] modbus_reply: fix copy & paste error in sanity check (fixes
+ #614)
+
+[ Upstream commit b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 ]
+
+While handling MODBUS_FC_WRITE_AND_READ_REGISTERS, both address offsets
+must be checked, i.e. the read and the write address must be within the
+mapping range.
+
+At the moment, only the read address was considered, it looks like a
+simple copy and paste error, so let's fix it.
+
+CVE: CVE-2022-0367
+
+Signed-off-by: Michael Heimpold <mhei@heimpold.de>
+---
+ src/modbus.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/modbus.c b/src/modbus.c
+index 68a28a3..c871152 100644
+--- a/src/modbus.c
++++ b/src/modbus.c
+@@ -961,7 +961,7 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req,
+                 nb_write, nb, MODBUS_MAX_WR_WRITE_REGISTERS, MODBUS_MAX_WR_READ_REGISTERS);
+         } else if (mapping_address < 0 ||
+                    (mapping_address + nb) > mb_mapping->nb_registers ||
+-                   mapping_address < 0 ||
++                   mapping_address_write < 0 ||
+                    (mapping_address_write + nb_write) > mb_mapping->nb_registers) {
+             rsp_length = response_exception(
+                 ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE,
+--
+2.39.1
+
diff --git a/meta-openembedded/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb b/meta-openembedded/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb
index 075487ae90..5c59312760 100644
--- a/meta-openembedded/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb
@@ -2,7 +2,10 @@ require libmodbus.inc
 
 SRC_URI += "file://f1eb4bc7ccb09cd8d19ab641ee37637f8c34d16d.patch \
 	    file://Fix-float-endianness-issue-on-big-endian-arch.patch \
-	    file://Fix-typo.patch"
+	    file://Fix-typo.patch \
+        file://CVE-2022-0367.patch \
+        "
+
 SRC_URI[md5sum] = "15c84c1f7fb49502b3efaaa668cfd25e"
 SRC_URI[sha256sum] = "d7d9fa94a16edb094e5fdf5d87ae17a0dc3f3e3d687fead81835d9572cf87c16"
 
diff --git a/meta-openembedded/meta-oe/recipes-support/lcov/lcov_1.14.bb b/meta-openembedded/meta-oe/recipes-support/lcov/lcov_1.14.bb
index 0cc8b31b3f..5e8fb938cf 100755
--- a/meta-openembedded/meta-oe/recipes-support/lcov/lcov_1.14.bb
+++ b/meta-openembedded/meta-oe/recipes-support/lcov/lcov_1.14.bb
@@ -59,7 +59,7 @@ SRC_URI[md5sum] = "0220d01753469f83921f8f41ae5054c1"
 SRC_URI[sha256sum] = "14995699187440e0ae4da57fe3a64adc0a3c5cf14feab971f8db38fb7d8f071a"
 
 do_install() {
-    oe_runmake install PREFIX=${D}${prefix} CFG_DIR=${D}${sysconfdir}
+    oe_runmake install PREFIX=${D}${prefix} CFG_DIR=${D}${sysconfdir} LCOV_PERL_PATH="/usr/bin/env perl"
 }
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41973.patch b/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41973.patch
new file mode 100644
index 0000000000..d06ef44f68
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41973.patch
@@ -0,0 +1,154 @@
+From cb57b930fa690ab79b3904846634681685e3470f Mon Sep 17 00:00:00 2001
+From: Martin Wilck <mwilck@suse.com>
+Date: Thu, 1 Sep 2022 19:21:30 +0200
+Subject: [PATCH] multipath-tools: use /run instead of /dev/shm
+
+/dev/shm may have unsafe permissions. Use /run instead.
+Use systemd's tmpfiles.d mechanism to create /run/multipath
+early during boot.
+
+For backward compatibilty, make the runtime directory configurable
+via the "runtimedir" make variable.
+
+Signed-off-by: Martin Wilck <mwilck@suse.com>
+Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
+
+CVE: CVE-2022-41973
+Upstream-Status: Backport [https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ .gitignore                                        |  2 ++
+ Makefile.inc                                      |  7 ++++++-
+ libmultipath/defaults.h                           |  3 +--
+ multipath/Makefile                                | 11 ++++++++---
+ multipath/{multipath.rules => multipath.rules.in} |  4 ++--
+ multipath/tmpfiles.conf.in                        |  1 +
+ 6 files changed, 20 insertions(+), 8 deletions(-)
+ rename multipath/{multipath.rules => multipath.rules.in} (95%)
+ create mode 100644 multipath/tmpfiles.conf.in
+
+diff --git a/.gitignore b/.gitignore
+index 9926756b..f90b0350 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -8,6 +8,8 @@
+ *.d
+ kpartx/kpartx
+ multipath/multipath
++multipath/multipath.rules
++multipath/tmpfiles.conf
+ multipathd/multipathd
+ mpathpersist/mpathpersist
+ .nfs*
+diff --git a/Makefile.inc b/Makefile.inc
+index 4eb08eed..648f91b4 100644
+--- a/Makefile.inc
++++ b/Makefile.inc
+@@ -44,6 +44,7 @@ exec_prefix	= $(prefix)
+ usr_prefix	= $(prefix)
+ bindir		= $(exec_prefix)/usr/sbin
+ libudevdir	= $(prefix)/$(SYSTEMDPATH)/udev
++tmpfilesdir	= $(prefix)/$(SYSTEMDPATH)/tmpfiles.d
+ udevrulesdir	= $(libudevdir)/rules.d
+ multipathdir	= $(TOPDIR)/libmultipath
+ man8dir		= $(prefix)/usr/share/man/man8
+@@ -60,6 +61,7 @@ libdmmpdir	= $(TOPDIR)/libdmmp
+ nvmedir		= $(TOPDIR)/libmultipath/nvme
+ includedir	= $(prefix)/usr/include
+ pkgconfdir	= $(usrlibdir)/pkgconfig
++runtimedir      := /$(RUN)
+ 
+ GZIP		= gzip -9 -c
+ RM		= rm -f
+@@ -95,7 +97,10 @@ OPTFLAGS       += -Wextra -Wstrict-prototypes -Wformat=2 -Werror=implicit-int \
+                   -Wno-unused-parameter -Werror=cast-qual \
+                   -Werror=discarded-qualifiers
+ 
+-CPPFLAGS	:= -Wp,-D_FORTIFY_SOURCE=2 
++CPPFLAGS	:= $(FORTIFY_OPT) \
++		   -DBIN_DIR=\"$(bindir)\" -DMULTIPATH_DIR=\"$(plugindir)\" -DRUN_DIR=\"${RUN}\" \
++		   -DRUNTIME_DIR=\"$(runtimedir)\" \
++		   -DCONFIG_DIR=\"$(configdir)\" -DEXTRAVERSION=\"$(EXTRAVERSION)\" -MMD -MP 
+ CFLAGS		:= $(OPTFLAGS) -DBIN_DIR=\"$(bindir)\" -DLIB_STRING=\"${LIB}\" -DRUN_DIR=\"${RUN}\" \
+ 		   -MMD -MP $(CFLAGS)
+ BIN_CFLAGS	= -fPIE -DPIE
+diff --git a/libmultipath/defaults.h b/libmultipath/defaults.h
+index c2164c16..908e0ca3 100644
+--- a/libmultipath/defaults.h
++++ b/libmultipath/defaults.h
+@@ -64,8 +64,7 @@
+ #define DEFAULT_WWIDS_FILE	"/etc/multipath/wwids"
+ #define DEFAULT_PRKEYS_FILE    "/etc/multipath/prkeys"
+ #define DEFAULT_CONFIG_DIR	"/etc/multipath/conf.d"
+-#define MULTIPATH_SHM_BASE	"/dev/shm/multipath/"
+-
++#define MULTIPATH_SHM_BASE	RUNTIME_DIR "/multipath/"
+ 
+ static inline char *set_default(char *str)
+ {
+diff --git a/multipath/Makefile b/multipath/Makefile
+index e720c7f6..28976546 100644
+--- a/multipath/Makefile
++++ b/multipath/Makefile
+@@ -12,7 +12,7 @@ EXEC = multipath
+ 
+ OBJS = main.o
+ 
+-all: $(EXEC)
++all: $(EXEC) multipath.rules tmpfiles.conf
+ 
+ $(EXEC): $(OBJS) $(multipathdir)/libmultipath.so $(mpathcmddir)/libmpathcmd.so
+ 	$(CC) $(CFLAGS) $(OBJS) -o $(EXEC) $(LDFLAGS) $(LIBDEPS)
+@@ -26,7 +26,9 @@ install:
+ 	$(INSTALL_PROGRAM) -m 755 mpathconf $(DESTDIR)$(bindir)/
+ 	$(INSTALL_PROGRAM) -d $(DESTDIR)$(udevrulesdir)
+ 	$(INSTALL_PROGRAM) -m 644 11-dm-mpath.rules $(DESTDIR)$(udevrulesdir)
+-	$(INSTALL_PROGRAM) -m 644 $(EXEC).rules $(DESTDIR)$(libudevdir)/rules.d/62-multipath.rules
++	$(INSTALL_PROGRAM) -m 644 multipath.rules $(DESTDIR)$(udevrulesdir)/56-multipath.rules
++	$(INSTALL_PROGRAM) -d $(DESTDIR)$(tmpfilesdir)
++	$(INSTALL_PROGRAM) -m 644 tmpfiles.conf $(DESTDIR)$(tmpfilesdir)/multipath.conf
+ 	$(INSTALL_PROGRAM) -d $(DESTDIR)$(man8dir)
+ 	$(INSTALL_PROGRAM) -m 644 $(EXEC).8.gz $(DESTDIR)$(man8dir)
+ 	$(INSTALL_PROGRAM) -d $(DESTDIR)$(man5dir)
+@@ -43,9 +45,12 @@ uninstall:
+ 	$(RM) $(DESTDIR)$(man8dir)/mpathconf.8.gz
+ 
+ clean: dep_clean
+-	$(RM) core *.o $(EXEC) *.gz
++	$(RM) core *.o $(EXEC) multipath.rules tmpfiles.conf
+ 
+ include $(wildcard $(OBJS:.o=.d))
+ 
+ dep_clean:
+ 	$(RM) $(OBJS:.o=.d)
++
++%:	%.in
++	sed 's,@RUNTIME_DIR@,$(runtimedir),' $< >$@	
+diff --git a/multipath/multipath.rules b/multipath/multipath.rules.in
+similarity index 95%
+rename from multipath/multipath.rules
+rename to multipath/multipath.rules.in
+index 0486bf70..5fb499e6 100644
+--- a/multipath/multipath.rules
++++ b/multipath/multipath.rules.in
+@@ -1,8 +1,8 @@
+ # Set DM_MULTIPATH_DEVICE_PATH if the device should be handled by multipath
+ SUBSYSTEM!="block", GOTO="end_mpath"
+ KERNEL!="sd*|dasd*|nvme*", GOTO="end_mpath"
+-ACTION=="remove", TEST=="/dev/shm/multipath/find_multipaths/$major:$minor", \
+-	RUN+="/usr/bin/rm -f /dev/shm/multipath/find_multipaths/$major:$minor"
++ACTION=="remove", TEST=="@RUNTIME_DIR@/multipath/find_multipaths/$major:$minor", \
++	RUN+="/usr/bin/rm -f @RUNTIME_DIR@/multipath/find_multipaths/$major:$minor"
+ ACTION!="add|change", GOTO="end_mpath"
+ 
+ IMPORT{cmdline}="nompath"
+diff --git a/multipath/tmpfiles.conf.in b/multipath/tmpfiles.conf.in
+new file mode 100644
+index 00000000..21be438a
+--- /dev/null
++++ b/multipath/tmpfiles.conf.in
+@@ -0,0 +1 @@
++d @RUNTIME_DIR@/multipath 0700 root root -
+-- 
+2.25.1
+
diff --git a/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb b/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
index 90cfd7d202..23273f5d5b 100644
--- a/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
+++ b/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
@@ -45,6 +45,7 @@ SRC_URI = "git://github.com/opensvc/multipath-tools.git;protocol=http;branch=mas
            file://0031-Always-use-devmapper-for-kpartx.patch \
            file://0001-fix-bug-of-do_compile-and-do_install.patch \
            file://0001-add-explicit-dependency-on-libraries.patch \
+           file://CVE-2022-41973.patch \
            "
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
@@ -117,3 +118,6 @@ FILES_kpartx = "${base_sbindir}/kpartx \
 
 RDEPENDS_${PN} += "kpartx"
 PARALLEL_MAKE = ""
+
+FILES:${PN}-libs += "usr/lib/*.so.*"
+FILES:${PN}-libs += "usr/lib/tmpfiles.d/*"
diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-Bug-1812671-build-failure-while-implicitly-casting-S.patch b/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-Bug-1812671-build-failure-while-implicitly-casting-S.patch
new file mode 100644
index 0000000000..b935d9eec5
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-Bug-1812671-build-failure-while-implicitly-casting-S.patch
@@ -0,0 +1,46 @@
+From 4e7e332b25a2794f381323518e52d8d95273b69e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Franti=C5=A1ek=20Kren=C5=BEelok?= <fkrenzel@redhat.com>
+Date: Mon, 30 Jan 2023 12:59:20 +0000
+Subject: [PATCH] Bug 1812671 - build failure while implicitly casting
+ SECStatus to PRUInt32. r=nss-reviewers,mt
+
+Author of the patch: Bob Relyea <rrelyea@redhat.com>
+
+Differential Revision: https://phabricator.services.mozilla.com/D167983
+
+--HG--
+extra : moz-landing-system : lando
+---
+ lib/ssl/ssl3exthandle.c | 2 +-
+ lib/ssl/sslsnce.c       | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/ssl/ssl3exthandle.c b/lib/ssl/ssl3exthandle.c
+index b5ae62f39..7134447bf 100644
+--- a/lib/ssl/ssl3exthandle.c
++++ b/lib/ssl/ssl3exthandle.c
+@@ -201,7 +201,7 @@ ssl3_FreeSniNameArray(TLSExtensionData *xtnData)
+  * Clients sends a filled in session ticket if one is available, and otherwise
+  * sends an empty ticket.  Servers always send empty tickets.
+  */
+-PRInt32
++SECStatus
+ ssl3_ClientSendSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                 sslBuffer *buf, PRBool *added)
+ {
+diff --git a/lib/ssl/sslsnce.c b/lib/ssl/sslsnce.c
+index 56edafa1f..49f041c97 100644
+--- a/lib/ssl/sslsnce.c
++++ b/lib/ssl/sslsnce.c
+@@ -1820,7 +1820,7 @@ ssl_GetSelfEncryptKeyPair(SECKEYPublicKey **pubKey,
+     return SECSuccess;
+ }
+ 
+-static PRBool
++static SECStatus
+ ssl_GenerateSelfEncryptKeys(void *pwArg, PRUint8 *keyName,
+                             PK11SymKey **aesKey, PK11SymKey **macKey);
+ 
+-- 
+2.40.1
+
diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-Bug-1826650-cmd-ecperf-fix-dangling-pointer-warning-.patch b/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-Bug-1826650-cmd-ecperf-fix-dangling-pointer-warning-.patch
new file mode 100644
index 0000000000..dc7e172aae
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-Bug-1826650-cmd-ecperf-fix-dangling-pointer-warning-.patch
@@ -0,0 +1,75 @@
+From cbf5a2bce75ca2c2fd3e247796b9892f5298584e Mon Sep 17 00:00:00 2001
+From: "John M. Schanck" <jschanck@mozilla.com>
+Date: Thu, 13 Apr 2023 17:43:46 +0000
+Subject: [PATCH] Bug 1826650 - cmd/ecperf: fix dangling pointer warning on gcc
+ 13. r=djackson
+
+Differential Revision: https://phabricator.services.mozilla.com/D174822
+
+--HG--
+extra : moz-landing-system : lando
+---
+ cmd/ecperf/ecperf.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/cmd/ecperf/ecperf.c b/cmd/ecperf/ecperf.c
+index 705d68f35..a07004d8e 100644
+--- a/cmd/ecperf/ecperf.c
++++ b/cmd/ecperf/ecperf.c
+@@ -53,6 +53,7 @@ PKCS11Thread(void *data)
+     SECItem sig;
+     CK_SESSION_HANDLE session;
+     CK_RV crv;
++    void *tmp = NULL;
+ 
+     threadData->status = SECSuccess;
+     threadData->count = 0;
+@@ -68,6 +69,7 @@ PKCS11Thread(void *data)
+     if (threadData->isSign) {
+         sig.data = sigData;
+         sig.len = sizeof(sigData);
++        tmp = threadData->p2;
+         threadData->p2 = (void *)&sig;
+     }
+ 
+@@ -79,6 +81,10 @@ PKCS11Thread(void *data)
+         }
+         threadData->count++;
+     }
++
++    if (threadData->isSign) {
++        threadData->p2 = tmp;
++    }
+     return;
+ }
+ 
+@@ -89,6 +95,7 @@ genericThread(void *data)
+     int iters = threadData->iters;
+     unsigned char sigData[256];
+     SECItem sig;
++    void *tmp = NULL;
+ 
+     threadData->status = SECSuccess;
+     threadData->count = 0;
+@@ -96,6 +103,7 @@ genericThread(void *data)
+     if (threadData->isSign) {
+         sig.data = sigData;
+         sig.len = sizeof(sigData);
++        tmp = threadData->p2;
+         threadData->p2 = (void *)&sig;
+     }
+ 
+@@ -107,6 +115,10 @@ genericThread(void *data)
+         }
+         threadData->count++;
+     }
++
++    if (threadData->isSign) {
++        threadData->p2 = tmp;
++    }
+     return;
+ }
+ 
+-- 
+2.40.1
+
diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb
index 1de2a40094..af842ee67c 100644
--- a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb
+++ b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb
@@ -43,6 +43,8 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
            file://CVE-2021-43527.patch \
            file://CVE-2022-22747.patch \
            file://CVE-2023-0767.patch \
+           file://0001-Bug-1812671-build-failure-while-implicitly-casting-S.patch;patchdir=nss \
+           file://0001-Bug-1826650-cmd-ecperf-fix-dangling-pointer-warning-.patch;patchdir=nss \
            "
 
 SRC_URI[md5sum] = "6acaf1ddff69306ae30a908881c6f233"
diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch
new file mode 100644
index 0000000000..996eabf586
--- /dev/null
+++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch
@@ -0,0 +1,31 @@
+From 5c9257fa34335ff83f7c01581cf953111072a457 Mon Sep 17 00:00:00 2001
+From: Valeria Petrov <valeria.petrov@spinetix.com>
+Date: Tue, 18 Apr 2023 15:38:53 +0200
+Subject: [PATCH] * modules/mappers/config9.m4: Add 'server' directory to
+ include path if mod_rewrite is enabled.
+
+Upstream-Status: Accepted [https://svn.apache.org/viewvc?view=revision&revision=1909241]
+
+---
+ modules/mappers/config9.m4 | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/modules/mappers/config9.m4 b/modules/mappers/config9.m4
+index 55a97ab993..7120b729b7 100644
+--- a/modules/mappers/config9.m4
++++ b/modules/mappers/config9.m4
+@@ -14,6 +14,11 @@ APACHE_MODULE(userdir, mapping of requests to user-specific directories, , , mos
+ APACHE_MODULE(alias, mapping of requests to different filesystem parts, , , yes)
+ APACHE_MODULE(rewrite, rule based URL manipulation, , , most)
+ 
++if test "x$enable_rewrite" != "xno"; then
++    # mod_rewrite needs test_char.h
++    APR_ADDTO(INCLUDES, [-I\$(top_builddir)/server])
++fi
++
+ APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current])
+ 
+ APACHE_MODPATH_FINISH
+-- 
+2.25.1
+
diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.56.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.56.bb
deleted file mode 100644
index ed5690a4ab..0000000000
--- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.56.bb
+++ /dev/null
@@ -1,225 +0,0 @@
-DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \
-extensible web server."
-SUMMARY = "Apache HTTP Server"
-HOMEPAGE = "http://httpd.apache.org/"
-SECTION = "net"
-LICENSE = "Apache-2.0"
-
-SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
-           file://0001-configure-use-pkg-config-for-PCRE-detection.patch \
-           file://0002-apache2-bump-up-the-core-size-limit-if-CoreDumpDirec.patch \
-           file://0003-apache2-do-not-export-apr-apr-util-symbols-when-usin.patch \
-           file://0004-apache2-log-the-SELinux-context-at-startup.patch \
-           file://0005-replace-lynx-to-curl-in-apachectl-script.patch \
-           file://0006-apache2-fix-the-race-issue-of-parallel-installation.patch \
-           file://0007-apache2-allow-to-disable-selinux-support.patch \
-           file://0008-Fix-perl-install-directory-to-usr-bin.patch \
-           file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \
-          "
-
-SRC_URI:append:class-target = " \
-           file://0010-apache2-do-not-use-relative-path-for-gen_test_char.patch \
-           file://init \
-           file://apache2-volatile.conf \
-           file://apache2.service \
-           file://volatiles.04_apache2 \
-           "
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3"
-SRC_URI[sha256sum] = "d8d45f1398ba84edd05bb33ca7593ac2989b17cb9c7a0cafe5442d41afdb2d7c"
-
-S = "${WORKDIR}/httpd-${PV}"
-
-inherit autotools update-rc.d pkgconfig systemd update-alternatives
-
-DEPENDS = "openssl expat pcre apr apr-util apache2-native "
-
-CVE_PRODUCT = "http_server"
-
-SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"
-
-PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}"
-PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,libselinux"
-PACKAGECONFIG[openldap] = "--enable-ldap --enable-authnz-ldap,--disable-ldap --disable-authnz-ldap,openldap"
-PACKAGECONFIG[zlib] = "--enable-deflate,,zlib,zlib"
-
-CFLAGS_append = " -DPATH_MAX=4096"
-
-EXTRA_OECONF_class-target = "\
-    --enable-layout=Debian \
-    --prefix=${base_prefix} \
-    --exec_prefix=${exec_prefix} \
-    --includedir=${includedir}/${BPN} \
-    --sysconfdir=${sysconfdir}/${BPN} \
-    --datadir=${datadir}/${BPN} \
-    --libdir=${libdir} \
-    --libexecdir=${libexecdir}/${BPN}/modules \
-    --localstatedir=${localstatedir} \
-    --enable-ssl \
-    --with-dbm=sdbm \
-    --with-gdbm=no \
-    --with-ndbm=no \
-    --with-berkeley-db=no \
-    --enable-info \
-    --enable-rewrite \
-    --enable-mpms-shared \
-    ap_cv_void_ptr_lt_long=no \
-    ac_cv_have_threadsafe_pollset=no \
-    "
-
-EXTRA_OECONF_class-native = "\
-    --prefix=${prefix} \
-    --includedir=${includedir}/${BPN} \
-    --sysconfdir=${sysconfdir}/${BPN} \
-    --datadir=${datadir}/${BPN} \
-    --libdir=${libdir} \
-    --libexecdir=${libdir}/${BPN}/modules \
-    --localstatedir=${localstatedir} \
-    "
-
-do_configure_prepend() {
-    sed -i -e 's:$''{prefix}/usr/lib/cgi-bin:$''{libexecdir}/cgi-bin:g' ${S}/config.layout
-}
-
-do_install_append_class-target() {
-    install -d ${D}/${sysconfdir}/init.d
-
-    cat ${WORKDIR}/init | \
-        sed -e 's,/usr/sbin/,${sbindir}/,g' \
-            -e 's,/usr/bin/,${bindir}/,g' \
-            -e 's,/usr/lib/,${libdir}/,g' \
-            -e 's,/etc/,${sysconfdir}/,g' \
-            -e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${BPN}
-
-    chmod 755 ${D}/${sysconfdir}/init.d/${BPN}
-
-    # Remove the goofy original files...
-    rm -rf ${D}/${sysconfdir}/${BPN}/original
-
-    install -d ${D}${sysconfdir}/${BPN}/conf.d
-    install -d ${D}${sysconfdir}/${BPN}/modules.d
-
-    # Ensure configuration file pulls in conf.d and modules.d
-    printf "\nIncludeOptional ${sysconfdir}/${BPN}/conf.d/*.conf" >> ${D}/${sysconfdir}/${BPN}/httpd.conf
-    printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.load" >> ${D}/${sysconfdir}/${BPN}/httpd.conf
-    printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.conf\n\n" >> ${D}/${sysconfdir}/${BPN}/httpd.conf
-
-    # Match with that is in init script
-    printf "\nPidFile /run/httpd.pid" >> ${D}/${sysconfdir}/${BPN}/httpd.conf
-
-    # Set 'ServerName' to fix error messages when restart apache service
-    sed -i 's/^#ServerName www.example.com/ServerName localhost/' ${D}/${sysconfdir}/${BPN}/httpd.conf
-
-    sed -i 's/^ServerRoot/#ServerRoot/' ${D}/${sysconfdir}/${BPN}/httpd.conf
-
-    sed -i -e 's,${STAGING_DIR_TARGET},,g' \
-           -e 's,${DEBUG_PREFIX_MAP},,g' \
-           -e 's,-fdebug-prefix-map[^ ]*,,g; s,-fmacro-prefix-map[^ ]*,,g' \
-           -e 's,${HOSTTOOLS_DIR}/,,g' \
-           -e 's,APU_INCLUDEDIR = .*,APU_INCLUDEDIR = ,g' \
-           -e 's,APU_CONFIG = .*,APU_CONFIG = ,g' ${D}${datadir}/apache2/build/config_vars.mk
-
-    sed -i -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
-           -e 's,${DEBUG_PREFIX_MAP},,g' \
-           -e 's,${RECIPE_SYSROOT},,g' \
-           -e 's,-fdebug-prefix-map[^ ]*,,g; s,-fmacro-prefix-map[^ ]*,,g' \
-           -e 's,APU_INCLUDEDIR = .*,APU_INCLUDEDIR = ,g' \
-           -e 's,".*/configure","configure",g' ${D}${datadir}/apache2/build/config.nice
-
-    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
-        install -d ${D}${sysconfdir}/tmpfiles.d/
-        install -m 0644 ${WORKDIR}/apache2-volatile.conf ${D}${sysconfdir}/tmpfiles.d/
-
-        install -d ${D}${systemd_unitdir}/system
-        install -m 0644 ${WORKDIR}/apache2.service ${D}${systemd_unitdir}/system
-        sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/apache2.service
-        sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' ${D}${systemd_unitdir}/system/apache2.service
-    elif ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
-        install -d ${D}${sysconfdir}/default/volatiles
-        install -m 0644 ${WORKDIR}/volatiles.04_apache2 ${D}${sysconfdir}/default/volatiles/04_apache2
-    fi
-
-    rm -rf ${D}${localstatedir} ${D}${sbindir}/envvars*
-    chown -R root:root ${D}
-}
-
-do_install_append_class-native() {
-    install -d ${D}${bindir} ${D}${libdir}
-    install -m 755 server/gen_test_char ${D}${bindir}
-}
-
-SYSROOT_PREPROCESS_FUNCS_append_class-target = " apache_sysroot_preprocess"
-
-apache_sysroot_preprocess() {
-    install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}
-    install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts}
-    install -d ${SYSROOT_DESTDIR}${sbindir}
-    install -m 755 ${D}${sbindir}/apachectl ${SYSROOT_DESTDIR}${sbindir}
-    sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${BPN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs
-    sed -i 's!my $libtool = .*!my $libtool = "${STAGING_BINDIR_CROSS}/${HOST_SYS}-libtool";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs
-
-    sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
-    sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
-    sed -i 's!^includedir = .*!includedir = ${STAGING_INCDIR}/apache2!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
-    sed -i 's!^CFLAGS = -I[^ ]*!CFLAGS = -I${STAGING_INCDIR}/openssl!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
-    sed -i 's!^EXTRA_LDFLAGS = .*!EXTRA_LDFLAGS = -L${STAGING_LIBDIR}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
-    sed -i 's!^EXTRA_INCLUDES = .*!EXTRA_INCLUDES = -I$(includedir) -I. -I${STAGING_INCDIR}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
-    sed -i 's!--sysroot=[^ ]*!--sysroot=${STAGING_DIR_HOST}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
-}
-
-# Implications - used by update-rc.d scripts
-INITSCRIPT_NAME = "apache2"
-INITSCRIPT_PARAMS = "defaults 91 20"
-
-SYSTEMD_SERVICE_${PN} = "apache2.service"
-SYSTEMD_AUTO_ENABLE_${PN} = "enable"
-
-ALTERNATIVE_${PN}-doc = "htpasswd.1"
-ALTERNATIVE_LINK_NAME[htpasswd.1] = "${mandir}/man1/htpasswd.1"
-
-PACKAGES = "${PN}-scripts ${PN}-doc ${PN}-dev ${PN}-dbg ${PN}"
-
-CONFFILES_${PN} = "${sysconfdir}/${BPN}/httpd.conf \
-                   ${sysconfdir}/${BPN}/magic \
-                   ${sysconfdir}/${BPN}/mime.types \
-                   ${sysconfdir}/${BPN}/extra/*"
-
-# We override here rather than append so that .so links are
-# included in the runtime package rather than here (-dev)
-# and to get build, icons, error into the -dev package
-FILES_${PN}-dev = "${datadir}/${BPN}/build \
-                   ${datadir}/${BPN}/icons \
-                   ${datadir}/${BPN}/error \
-                   ${includedir}/${BPN} \
-                   ${bindir}/apxs \
-                  "
-
-# Add the manual to -doc
-FILES_${PN}-doc += " ${datadir}/${BPN}/manual"
-
-FILES_${PN}-scripts += "${bindir}/dbmmanage"
-
-# Override this too - here is the default, less datadir
-FILES_${PN} =  "${bindir} ${sbindir} ${libexecdir} ${libdir} \
-                ${sysconfdir} ${libdir}/${BPN}"
-
-# We want htdocs and cgi-bin to go with the binary
-FILES_${PN} += "${datadir}/${BPN}/ ${libdir}/cgi-bin"
-
-FILES_${PN}-dbg += "${libdir}/${BPN}/modules/.debug"
-
-RDEPENDS_${PN} += "openssl libgcc"
-RDEPENDS_${PN}-scripts += "perl ${PN}"
-RDEPENDS_${PN}-dev = "perl"
-
-BBCLASSEXTEND = "native"
-
-pkg_postinst_${PN}() {
-    if [ -z "$D" ]; then
-        if type systemd-tmpfiles >/dev/null; then
-            systemd-tmpfiles --create
-        elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
-            ${sysconfdir}/init.d/populate-volatile.sh update
-        fi
-    fi
-}
diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb
new file mode 100644
index 0000000000..669d277567
--- /dev/null
+++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb
@@ -0,0 +1,226 @@
+DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \
+extensible web server."
+SUMMARY = "Apache HTTP Server"
+HOMEPAGE = "http://httpd.apache.org/"
+SECTION = "net"
+LICENSE = "Apache-2.0"
+
+SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
+           file://0001-configure-use-pkg-config-for-PCRE-detection.patch \
+           file://0002-apache2-bump-up-the-core-size-limit-if-CoreDumpDirec.patch \
+           file://0003-apache2-do-not-export-apr-apr-util-symbols-when-usin.patch \
+           file://0004-apache2-log-the-SELinux-context-at-startup.patch \
+           file://0005-replace-lynx-to-curl-in-apachectl-script.patch \
+           file://0006-apache2-fix-the-race-issue-of-parallel-installation.patch \
+           file://0007-apache2-allow-to-disable-selinux-support.patch \
+           file://0008-Fix-perl-install-directory-to-usr-bin.patch \
+           file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \
+           file://0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch \
+          "
+
+SRC_URI:append:class-target = " \
+           file://0010-apache2-do-not-use-relative-path-for-gen_test_char.patch \
+           file://init \
+           file://apache2-volatile.conf \
+           file://apache2.service \
+           file://volatiles.04_apache2 \
+           "
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3"
+SRC_URI[sha256sum] = "dbccb84aee95e095edfbb81e5eb926ccd24e6ada55dcd83caecb262e5cf94d2a"
+
+S = "${WORKDIR}/httpd-${PV}"
+
+inherit autotools update-rc.d pkgconfig systemd update-alternatives
+
+DEPENDS = "openssl expat pcre apr apr-util apache2-native "
+
+CVE_PRODUCT = "http_server"
+
+SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"
+
+PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}"
+PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,libselinux"
+PACKAGECONFIG[openldap] = "--enable-ldap --enable-authnz-ldap,--disable-ldap --disable-authnz-ldap,openldap"
+PACKAGECONFIG[zlib] = "--enable-deflate,,zlib,zlib"
+
+CFLAGS_append = " -DPATH_MAX=4096"
+
+EXTRA_OECONF_class-target = "\
+    --enable-layout=Debian \
+    --prefix=${base_prefix} \
+    --exec_prefix=${exec_prefix} \
+    --includedir=${includedir}/${BPN} \
+    --sysconfdir=${sysconfdir}/${BPN} \
+    --datadir=${datadir}/${BPN} \
+    --libdir=${libdir} \
+    --libexecdir=${libexecdir}/${BPN}/modules \
+    --localstatedir=${localstatedir} \
+    --enable-ssl \
+    --with-dbm=sdbm \
+    --with-gdbm=no \
+    --with-ndbm=no \
+    --with-berkeley-db=no \
+    --enable-info \
+    --enable-rewrite \
+    --enable-mpms-shared \
+    ap_cv_void_ptr_lt_long=no \
+    ac_cv_have_threadsafe_pollset=no \
+    "
+
+EXTRA_OECONF_class-native = "\
+    --prefix=${prefix} \
+    --includedir=${includedir}/${BPN} \
+    --sysconfdir=${sysconfdir}/${BPN} \
+    --datadir=${datadir}/${BPN} \
+    --libdir=${libdir} \
+    --libexecdir=${libdir}/${BPN}/modules \
+    --localstatedir=${localstatedir} \
+    "
+
+do_configure_prepend() {
+    sed -i -e 's:$''{prefix}/usr/lib/cgi-bin:$''{libexecdir}/cgi-bin:g' ${S}/config.layout
+}
+
+do_install_append_class-target() {
+    install -d ${D}/${sysconfdir}/init.d
+
+    cat ${WORKDIR}/init | \
+        sed -e 's,/usr/sbin/,${sbindir}/,g' \
+            -e 's,/usr/bin/,${bindir}/,g' \
+            -e 's,/usr/lib/,${libdir}/,g' \
+            -e 's,/etc/,${sysconfdir}/,g' \
+            -e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${BPN}
+
+    chmod 755 ${D}/${sysconfdir}/init.d/${BPN}
+
+    # Remove the goofy original files...
+    rm -rf ${D}/${sysconfdir}/${BPN}/original
+
+    install -d ${D}${sysconfdir}/${BPN}/conf.d
+    install -d ${D}${sysconfdir}/${BPN}/modules.d
+
+    # Ensure configuration file pulls in conf.d and modules.d
+    printf "\nIncludeOptional ${sysconfdir}/${BPN}/conf.d/*.conf" >> ${D}/${sysconfdir}/${BPN}/httpd.conf
+    printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.load" >> ${D}/${sysconfdir}/${BPN}/httpd.conf
+    printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.conf\n\n" >> ${D}/${sysconfdir}/${BPN}/httpd.conf
+
+    # Match with that is in init script
+    printf "\nPidFile /run/httpd.pid" >> ${D}/${sysconfdir}/${BPN}/httpd.conf
+
+    # Set 'ServerName' to fix error messages when restart apache service
+    sed -i 's/^#ServerName www.example.com/ServerName localhost/' ${D}/${sysconfdir}/${BPN}/httpd.conf
+
+    sed -i 's/^ServerRoot/#ServerRoot/' ${D}/${sysconfdir}/${BPN}/httpd.conf
+
+    sed -i -e 's,${STAGING_DIR_TARGET},,g' \
+           -e 's,${DEBUG_PREFIX_MAP},,g' \
+           -e 's,-fdebug-prefix-map[^ ]*,,g; s,-fmacro-prefix-map[^ ]*,,g' \
+           -e 's,${HOSTTOOLS_DIR}/,,g' \
+           -e 's,APU_INCLUDEDIR = .*,APU_INCLUDEDIR = ,g' \
+           -e 's,APU_CONFIG = .*,APU_CONFIG = ,g' ${D}${datadir}/apache2/build/config_vars.mk
+
+    sed -i -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
+           -e 's,${DEBUG_PREFIX_MAP},,g' \
+           -e 's,${RECIPE_SYSROOT},,g' \
+           -e 's,-fdebug-prefix-map[^ ]*,,g; s,-fmacro-prefix-map[^ ]*,,g' \
+           -e 's,APU_INCLUDEDIR = .*,APU_INCLUDEDIR = ,g' \
+           -e 's,".*/configure","configure",g' ${D}${datadir}/apache2/build/config.nice
+
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+        install -d ${D}${sysconfdir}/tmpfiles.d/
+        install -m 0644 ${WORKDIR}/apache2-volatile.conf ${D}${sysconfdir}/tmpfiles.d/
+
+        install -d ${D}${systemd_unitdir}/system
+        install -m 0644 ${WORKDIR}/apache2.service ${D}${systemd_unitdir}/system
+        sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/apache2.service
+        sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' ${D}${systemd_unitdir}/system/apache2.service
+    elif ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
+        install -d ${D}${sysconfdir}/default/volatiles
+        install -m 0644 ${WORKDIR}/volatiles.04_apache2 ${D}${sysconfdir}/default/volatiles/04_apache2
+    fi
+
+    rm -rf ${D}${localstatedir} ${D}${sbindir}/envvars*
+    chown -R root:root ${D}
+}
+
+do_install_append_class-native() {
+    install -d ${D}${bindir} ${D}${libdir}
+    install -m 755 server/gen_test_char ${D}${bindir}
+}
+
+SYSROOT_PREPROCESS_FUNCS_append_class-target = " apache_sysroot_preprocess"
+
+apache_sysroot_preprocess() {
+    install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}
+    install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts}
+    install -d ${SYSROOT_DESTDIR}${sbindir}
+    install -m 755 ${D}${sbindir}/apachectl ${SYSROOT_DESTDIR}${sbindir}
+    sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${BPN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs
+    sed -i 's!my $libtool = .*!my $libtool = "${STAGING_BINDIR_CROSS}/${HOST_SYS}-libtool";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs
+
+    sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
+    sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
+    sed -i 's!^includedir = .*!includedir = ${STAGING_INCDIR}/apache2!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
+    sed -i 's!^CFLAGS = -I[^ ]*!CFLAGS = -I${STAGING_INCDIR}/openssl!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
+    sed -i 's!^EXTRA_LDFLAGS = .*!EXTRA_LDFLAGS = -L${STAGING_LIBDIR}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
+    sed -i 's!^EXTRA_INCLUDES = .*!EXTRA_INCLUDES = -I$(includedir) -I. -I${STAGING_INCDIR}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
+    sed -i 's!--sysroot=[^ ]*!--sysroot=${STAGING_DIR_HOST}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
+}
+
+# Implications - used by update-rc.d scripts
+INITSCRIPT_NAME = "apache2"
+INITSCRIPT_PARAMS = "defaults 91 20"
+
+SYSTEMD_SERVICE_${PN} = "apache2.service"
+SYSTEMD_AUTO_ENABLE_${PN} = "enable"
+
+ALTERNATIVE_${PN}-doc = "htpasswd.1"
+ALTERNATIVE_LINK_NAME[htpasswd.1] = "${mandir}/man1/htpasswd.1"
+
+PACKAGES = "${PN}-scripts ${PN}-doc ${PN}-dev ${PN}-dbg ${PN}"
+
+CONFFILES_${PN} = "${sysconfdir}/${BPN}/httpd.conf \
+                   ${sysconfdir}/${BPN}/magic \
+                   ${sysconfdir}/${BPN}/mime.types \
+                   ${sysconfdir}/${BPN}/extra/*"
+
+# We override here rather than append so that .so links are
+# included in the runtime package rather than here (-dev)
+# and to get build, icons, error into the -dev package
+FILES_${PN}-dev = "${datadir}/${BPN}/build \
+                   ${datadir}/${BPN}/icons \
+                   ${datadir}/${BPN}/error \
+                   ${includedir}/${BPN} \
+                   ${bindir}/apxs \
+                  "
+
+# Add the manual to -doc
+FILES_${PN}-doc += " ${datadir}/${BPN}/manual"
+
+FILES_${PN}-scripts += "${bindir}/dbmmanage"
+
+# Override this too - here is the default, less datadir
+FILES_${PN} =  "${bindir} ${sbindir} ${libexecdir} ${libdir} \
+                ${sysconfdir} ${libdir}/${BPN}"
+
+# We want htdocs and cgi-bin to go with the binary
+FILES_${PN} += "${datadir}/${BPN}/ ${libdir}/cgi-bin"
+
+FILES_${PN}-dbg += "${libdir}/${BPN}/modules/.debug"
+
+RDEPENDS_${PN} += "openssl libgcc"
+RDEPENDS_${PN}-scripts += "perl ${PN}"
+RDEPENDS_${PN}-dev = "perl"
+
+BBCLASSEXTEND = "native"
+
+pkg_postinst_${PN}() {
+    if [ -z "$D" ]; then
+        if type systemd-tmpfiles >/dev/null; then
+            systemd-tmpfiles --create
+        elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
+            ${sysconfdir}/init.d/populate-volatile.sh update
+        fi
+    fi
+}
diff --git a/poky/meta/classes/populate_sdk_ext.bbclass b/poky/meta/classes/populate_sdk_ext.bbclass
index a43ff3fb32..1bdfd92847 100644
--- a/poky/meta/classes/populate_sdk_ext.bbclass
+++ b/poky/meta/classes/populate_sdk_ext.bbclass
@@ -363,7 +363,8 @@ python copy_buildsystem () {
             f.write('BUILDCFG_HEADER = ""\n\n')
 
             # Write METADATA_REVISION
-            f.write('METADATA_REVISION = "%s"\n\n' % d.getVar('METADATA_REVISION'))
+            # Needs distro override so it can override the value set in the bbclass code (later than local.conf)
+            f.write('METADATA_REVISION:%s = "%s"\n\n' % (d.getVar('DISTRO'), d.getVar('METADATA_REVISION')))
 
             f.write('# Provide a flag to indicate we are in the EXT_SDK Context\n')
             f.write('WITHIN_EXT_SDK = "1"\n\n')
diff --git a/poky/meta/classes/pypi.bbclass b/poky/meta/classes/pypi.bbclass
index 87b4c85fc0..c68367449a 100644
--- a/poky/meta/classes/pypi.bbclass
+++ b/poky/meta/classes/pypi.bbclass
@@ -24,3 +24,5 @@ S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}"
 
 UPSTREAM_CHECK_URI ?= "https://pypi.org/project/${PYPI_PACKAGE}/"
 UPSTREAM_CHECK_REGEX ?= "/${PYPI_PACKAGE}/(?P<pver>(\d+[\.\-_]*)+)/"
+
+CVE_PRODUCT ?= "python:${PYPI_PACKAGE}"
diff --git a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
index 5439bd426b..d80f85dba2 100644
--- a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
+++ b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
@@ -177,6 +177,8 @@ class TestImage(OESelftestTestCase):
         distro = oe.lsb.distro_identifier()
         if distro and distro.startswith('almalinux'):
             self.skipTest('virgl isn\'t working with Alma Linux')
+        if distro and distro.startswith('rocky'):
+            self.skipTest('virgl isn\'t working with Rocky Linux')
         if distro and distro == 'debian-8':
             self.skipTest('virgl isn\'t working with Debian 8')
         if distro and distro == 'centos-7':
@@ -189,10 +191,14 @@ class TestImage(OESelftestTestCase):
             self.skipTest('virgl isn\'t working with Fedora 35')
         if distro and distro == 'fedora-36':
             self.skipTest('virgl isn\'t working with Fedora 36')
+        if distro and distro == 'fedora-37':
+            self.skipTest('virgl isn\'t working with Fedora 37')
         if distro and distro == 'opensuseleap-15.0':
             self.skipTest('virgl isn\'t working with Opensuse 15.0')
         if distro and distro == 'ubuntu-22.04':
             self.skipTest('virgl isn\'t working with Ubuntu 22.04')
+        if distro and distro == 'ubuntu-22.10':
+            self.skipTest('virgl isn\'t working with Ubuntu 22.10')
 
         qemu_packageconfig = get_bb_var('PACKAGECONFIG', 'qemu-system-native')
         sdl_packageconfig = get_bb_var('PACKAGECONFIG', 'libsdl2-native')
diff --git a/poky/meta/lib/oeqa/utils/metadata.py b/poky/meta/lib/oeqa/utils/metadata.py
index 8013aa684d..15ec190c4a 100644
--- a/poky/meta/lib/oeqa/utils/metadata.py
+++ b/poky/meta/lib/oeqa/utils/metadata.py
@@ -27,9 +27,9 @@ def metadata_from_bb():
     data_dict = get_bb_vars()
 
     # Distro information
-    info_dict['distro'] = {'id': data_dict['DISTRO'],
-                           'version_id': data_dict['DISTRO_VERSION'],
-                           'pretty_name': '%s %s' % (data_dict['DISTRO'], data_dict['DISTRO_VERSION'])}
+    info_dict['distro'] = {'id': data_dict.get('DISTRO', 'NODISTRO'),
+                                'version_id': data_dict.get('DISTRO_VERSION', 'NO_DISTRO_VERSION'),
+                                'pretty_name': '%s %s' % (data_dict.get('DISTRO', 'NODISTRO'), data_dict.get('DISTRO_VERSION', 'NO_DISTRO_VERSION'))}
 
     # Host distro information
     os_release = get_os_release()
diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
new file mode 100644
index 0000000000..ea1601cc04
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
@@ -0,0 +1,54 @@
+From 99e2c16ea1cced34a5dc450d76287a1c3e762138 Mon Sep 17 00:00:00 2001
+From: Daniel Wagner <wagi@monom.org>
+Date: Tue, 11 Apr 2023 08:12:56 +0200
+Subject: gdhcp: Verify and sanitize packet length first
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/patch/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138]
+CVE: CVE-2023-28488
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ gdhcp/client.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/gdhcp/client.c b/gdhcp/client.c
+index 7efa7e45..82017692 100644
+--- a/gdhcp/client.c
++++ b/gdhcp/client.c
+@@ -1319,9 +1319,9 @@ static bool sanity_check(struct ip_udp_dhcp_packet *packet, int bytes)
+ static int dhcp_recv_l2_packet(struct dhcp_packet *dhcp_pkt, int fd,
+ 				struct sockaddr_in *dst_addr)
+ {
+-	int bytes;
+ 	struct ip_udp_dhcp_packet packet;
+ 	uint16_t check;
++	int bytes, tot_len;
+ 
+ 	memset(&packet, 0, sizeof(packet));
+ 
+@@ -1329,15 +1329,17 @@ static int dhcp_recv_l2_packet(struct dhcp_packet *dhcp_pkt, int fd,
+ 	if (bytes < 0)
+ 		return -1;
+ 
+-	if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp)))
+-		return -1;
+-
+-	if (bytes < ntohs(packet.ip.tot_len))
++	tot_len = ntohs(packet.ip.tot_len);
++	if (bytes > tot_len) {
++		/* ignore any extra garbage bytes */
++		bytes = tot_len;
++	} else if (bytes < tot_len) {
+ 		/* packet is bigger than sizeof(packet), we did partial read */
+ 		return -1;
++	}
+ 
+-	/* ignore any extra garbage bytes */
+-	bytes = ntohs(packet.ip.tot_len);
++	if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp)))
++		return -1;
+ 
+ 	if (!sanity_check(&packet, bytes))
+ 		return -1;
+-- 
+cgit 
+
diff --git a/poky/meta/recipes-connectivity/connman/connman_1.37.bb b/poky/meta/recipes-connectivity/connman/connman_1.37.bb
index 73d7f7527e..8062a094d3 100644
--- a/poky/meta/recipes-connectivity/connman/connman_1.37.bb
+++ b/poky/meta/recipes-connectivity/connman/connman_1.37.bb
@@ -14,6 +14,7 @@ SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
             file://CVE-2022-23098.patch \
             file://CVE-2022-32292.patch \
 	     file://CVE-2022-32293.patch \
+            file://CVE-2023-28488.patch \
 "
 
 SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshd.socket b/poky/meta/recipes-connectivity/openssh/openssh/sshd.socket
index 12c39b26b5..8d76d62309 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh/sshd.socket
+++ b/poky/meta/recipes-connectivity/openssh/openssh/sshd.socket
@@ -1,5 +1,6 @@
 [Unit]
 Conflicts=sshd.service
+Wants=sshdgenkeys.service
 
 [Socket]
 ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshd@.service b/poky/meta/recipes-connectivity/openssh/openssh/sshd@.service
index 9d83dfb2bb..422450c7a1 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh/sshd@.service
+++ b/poky/meta/recipes-connectivity/openssh/openssh/sshd@.service
@@ -1,13 +1,11 @@
 [Unit]
 Description=OpenSSH Per-Connection Daemon
-Wants=sshdgenkeys.service
 After=sshdgenkeys.service
 
 [Service]
 Environment="SSHD_OPTS="
 EnvironmentFile=-/etc/default/ssh
 ExecStart=-@SBINDIR@/sshd -i $SSHD_OPTS
-ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
 StandardInput=socket
 StandardError=syslog
 KillMode=process
diff --git a/poky/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch b/poky/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
new file mode 100644
index 0000000000..907f2c4d47
--- /dev/null
+++ b/poky/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
@@ -0,0 +1,79 @@
+From e4f85f1bd2eb34d9b49da9154a4cc3a1bc284f68 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Apr 2023 11:46:35 +0200
+Subject: [PATCH] [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
+
+Fix a null pointer dereference when parsing (invalid) XML schemas.
+
+Thanks to Robby Simpson for the report!
+
+Fixes #491.
+
+CVE: CVE-2023-28484
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/e4f85f1bd2eb34d9b49da9154a4cc3a1bc284f68]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ result/schemas/issue491_0_0.err |  1 +
+ test/schemas/issue491_0.xml     |  1 +
+ test/schemas/issue491_0.xsd     | 18 ++++++++++++++++++
+ xmlschemas.c                    |  2 +-
+ 4 files changed, 21 insertions(+), 1 deletion(-)
+ create mode 100644 result/schemas/issue491_0_0.err
+ create mode 100644 test/schemas/issue491_0.xml
+ create mode 100644 test/schemas/issue491_0.xsd
+
+diff --git a/result/schemas/issue491_0_0.err b/result/schemas/issue491_0_0.err
+new file mode 100644
+index 00000000..9b2bb969
+--- /dev/null
++++ b/result/schemas/issue491_0_0.err
+@@ -0,0 +1 @@
++./test/schemas/issue491_0.xsd:8: element complexType: Schemas parser error : complex type 'ChildType': The content type of both, the type and its base type, must either 'mixed' or 'element-only'.
+diff --git a/test/schemas/issue491_0.xml b/test/schemas/issue491_0.xml
+new file mode 100644
+index 00000000..e2b2fc2e
+--- /dev/null
++++ b/test/schemas/issue491_0.xml
+@@ -0,0 +1 @@
++<Child xmlns="http://www.test.com">5</Child>
+diff --git a/test/schemas/issue491_0.xsd b/test/schemas/issue491_0.xsd
+new file mode 100644
+index 00000000..81702649
+--- /dev/null
++++ b/test/schemas/issue491_0.xsd
+@@ -0,0 +1,18 @@
++<?xml version='1.0' encoding='UTF-8'?>
++<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://www.test.com" targetNamespace="http://www.test.com" elementFormDefault="qualified" attributeFormDefault="unqualified">
++  <xs:complexType name="BaseType">
++    <xs:simpleContent>
++      <xs:extension base="xs:int" />
++    </xs:simpleContent>
++  </xs:complexType>
++  <xs:complexType name="ChildType">
++    <xs:complexContent>
++      <xs:extension base="BaseType">
++        <xs:sequence>
++          <xs:element name="bad" type="xs:int" minOccurs="0" maxOccurs="1"/>
++        </xs:sequence>
++      </xs:extension>
++    </xs:complexContent>
++  </xs:complexType>
++  <xs:element name="Child" type="ChildType" />
++</xs:schema>
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 6a353858..a4eaf591 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -18632,7 +18632,7 @@ xmlSchemaFixupComplexType(xmlSchemaParserCtxtPtr pctxt,
+ 			"allowed to appear inside other model groups",
+ 			NULL, NULL);
+ 
+-		} else if (! dummySequence) {
++		} else if ((!dummySequence) && (baseType->subtypes != NULL)) {
+ 		    xmlSchemaTreeItemPtr effectiveContent =
+ 			(xmlSchemaTreeItemPtr) type->subtypes;
+ 		    /*
+-- 
+GitLab
+
diff --git a/poky/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch b/poky/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
new file mode 100644
index 0000000000..1252668577
--- /dev/null
+++ b/poky/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
@@ -0,0 +1,42 @@
+From 547edbf1cbdccd46b2e8ff322a456eaa5931c5df Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Apr 2023 11:49:27 +0200
+Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't
+ deterministic
+
+When hashing empty strings which aren't null-terminated,
+xmlDictComputeFastKey could produce inconsistent results. This could
+lead to various logic or memory errors, including double frees.
+
+For consistency the seed is also taken into account, but this shouldn't
+have an impact on security.
+
+Found by OSS-Fuzz.
+
+Fixes #510.
+
+CVE: CVE-2023-29469
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/547edbf1cbdccd46b2e8ff322a456eaa5931c5df]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ dict.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/dict.c b/dict.c
+index 86c3f6d7..d7fd1a06 100644
+--- a/dict.c
++++ b/dict.c
+@@ -451,7 +451,8 @@ static unsigned long
+ xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) {
+     unsigned long value = seed;
+ 
+-    if (name == NULL) return(0);
++    if ((name == NULL) || (namelen <= 0))
++        return(value);
+     value = *name;
+     value <<= 5;
+     if (namelen > 10) {
+-- 
+GitLab
+
diff --git a/poky/meta/recipes-core/libxml/libxml2_2.9.10.bb b/poky/meta/recipes-core/libxml/libxml2_2.9.10.bb
index 40e3434ead..034192d64e 100644
--- a/poky/meta/recipes-core/libxml/libxml2_2.9.10.bb
+++ b/poky/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -36,6 +36,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te
            file://CVE-2016-3709.patch \
            file://CVE-2022-40303.patch \
            file://CVE-2022-40304.patch \
+           file://CVE-2023-28484.patch \
+           file://CVE-2023-29469.patch \
            "
 
 SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813"
diff --git a/poky/meta/recipes-devtools/git/files/CVE-2023-25652.patch b/poky/meta/recipes-devtools/git/files/CVE-2023-25652.patch
new file mode 100644
index 0000000000..d6b17a2b8a
--- /dev/null
+++ b/poky/meta/recipes-devtools/git/files/CVE-2023-25652.patch
@@ -0,0 +1,94 @@
+From 9db05711c98efc14f414d4c87135a34c13586e0b Mon Sep 17 00:00:00 2001
+From: Johannes Schindelin <johannes.schindelin@gmx.de>
+Date: Thu, 9 Mar 2023 16:02:54 +0100
+Subject: [PATCH] apply --reject: overwrite existing `.rej` symlink if it
+ exists
+
+The `git apply --reject` is expected to write out `.rej` files in case
+one or more hunks fail to apply cleanly. Historically, the command
+overwrites any existing `.rej` files. The idea being that
+apply/reject/edit cycles are relatively common, and the generated `.rej`
+files are not considered precious.
+
+But the command does not overwrite existing `.rej` symbolic links, and
+instead follows them. This is unsafe because the same patch could
+potentially create such a symbolic link and point at arbitrary paths
+outside the current worktree, and `git apply` would write the contents
+of the `.rej` file into that location.
+
+Therefore, let's make sure that any existing `.rej` file or symbolic
+link is removed before writing it.
+
+Reported-by: RyotaK <ryotak.mail@gmail.com>
+Helped-by: Taylor Blau <me@ttaylorr.com>
+Helped-by: Junio C Hamano <gitster@pobox.com>
+Helped-by: Linus Torvalds <torvalds@linuxfoundation.org>
+Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+
+Upstream-Status: Backport [https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b]
+CVE: CVE-2023-25652
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ apply.c                  | 14 ++++++++++++--
+ t/t4115-apply-symlink.sh | 15 +++++++++++++++
+ 2 files changed, 27 insertions(+), 2 deletions(-)
+
+diff --git a/apply.c b/apply.c
+index 4f303bf..aa7111d 100644
+--- a/apply.c
++++ b/apply.c
+@@ -4531,7 +4531,7 @@ static int write_out_one_reject(struct apply_state *state, struct patch *patch)
+ 	FILE *rej;
+ 	char namebuf[PATH_MAX];
+ 	struct fragment *frag;
+-	int cnt = 0;
++	int fd, cnt = 0;
+ 	struct strbuf sb = STRBUF_INIT;
+ 
+ 	for (cnt = 0, frag = patch->fragments; frag; frag = frag->next) {
+@@ -4571,7 +4571,17 @@ static int write_out_one_reject(struct apply_state *state, struct patch *patch)
+ 	memcpy(namebuf, patch->new_name, cnt);
+ 	memcpy(namebuf + cnt, ".rej", 5);
+ 
+-	rej = fopen(namebuf, "w");
++	fd = open(namebuf, O_CREAT | O_EXCL | O_WRONLY, 0666);
++	if (fd < 0) {
++		if (errno != EEXIST)
++			return error_errno(_("cannot open %s"), namebuf);
++		if (unlink(namebuf))
++			return error_errno(_("cannot unlink '%s'"), namebuf);
++		fd = open(namebuf, O_CREAT | O_EXCL | O_WRONLY, 0666);
++		if (fd < 0)
++			return error_errno(_("cannot open %s"), namebuf);
++	}
++	rej = fdopen(fd, "w");
+ 	if (!rej)
+ 		return error_errno(_("cannot open %s"), namebuf);
+ 
+diff --git a/t/t4115-apply-symlink.sh b/t/t4115-apply-symlink.sh
+index 1acb7b2..2b034ff 100755
+--- a/t/t4115-apply-symlink.sh
++++ b/t/t4115-apply-symlink.sh
+@@ -125,4 +125,19 @@ test_expect_success SYMLINKS 'symlink escape when deleting file' '
+ 	test_path_is_file .git/delete-me
+ '
+ 
++test_expect_success SYMLINKS '--reject removes .rej symlink if it exists' '
++	test_when_finished "git reset --hard && git clean -dfx" &&
++
++	test_commit file &&
++	echo modified >file.t &&
++	git diff -- file.t >patch &&
++	echo modified-again >file.t &&
++
++	ln -s foo file.t.rej &&
++	test_must_fail git apply patch --reject 2>err &&
++	test_i18ngrep "Rejected hunk" err &&
++	test_path_is_missing foo &&
++	test_path_is_file file.t.rej
++'
++
+ test_done
+-- 
+2.25.1
+
diff --git a/poky/meta/recipes-devtools/git/files/CVE-2023-29007.patch b/poky/meta/recipes-devtools/git/files/CVE-2023-29007.patch
new file mode 100644
index 0000000000..e166c01412
--- /dev/null
+++ b/poky/meta/recipes-devtools/git/files/CVE-2023-29007.patch
@@ -0,0 +1,159 @@
+From 057c07a7b1fae22fdeef26c243f4cfbe3afc90ce Mon Sep 17 00:00:00 2001
+From: Taylor Blau <me@ttaylorr.com>
+Date: Fri, 14 Apr 2023 11:46:59 -0400
+Subject: [PATCH] Merge branch 'tb/config-copy-or-rename-in-file-injection'
+
+Avoids issues with renaming or deleting sections with long lines, where
+configuration values may be interpreted as sections, leading to
+configuration injection. Addresses CVE-2023-29007.
+
+* tb/config-copy-or-rename-in-file-injection:
+  config.c: disallow overly-long lines in `copy_or_rename_section_in_file()`
+  config.c: avoid integer truncation in `copy_or_rename_section_in_file()`
+  config: avoid fixed-sized buffer when renaming/deleting a section
+  t1300: demonstrate failure when renaming sections with long lines
+
+Signed-off-by: Taylor Blau <me@ttaylorr.com>
+
+Upstream-Status: Backport [https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4]
+CVE: CVE-2023-29007
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ config.c          | 36 +++++++++++++++++++++++++-----------
+ t/t1300-config.sh | 30 ++++++++++++++++++++++++++++++
+ 2 files changed, 55 insertions(+), 11 deletions(-)
+
+diff --git a/config.c b/config.c
+index e7052b3..676b687 100644
+--- a/config.c
++++ b/config.c
+@@ -2987,9 +2987,10 @@ void git_config_set_multivar(const char *key, const char *value,
+ 					multi_replace);
+ }
+ 
+-static int section_name_match (const char *buf, const char *name)
++static size_t section_name_match (const char *buf, const char *name)
+ {
+-	int i = 0, j = 0, dot = 0;
++	size_t i = 0, j = 0;
++	int dot = 0;
+ 	if (buf[i] != '[')
+ 		return 0;
+ 	for (i = 1; buf[i] && buf[i] != ']'; i++) {
+@@ -3042,6 +3043,8 @@ static int section_name_is_ok(const char *name)
+ 	return 1;
+ }
+ 
++#define GIT_CONFIG_MAX_LINE_LEN (512 * 1024)
++
+ /* if new_name == NULL, the section is removed instead */
+ static int git_config_copy_or_rename_section_in_file(const char *config_filename,
+ 				      const char *old_name,
+@@ -3051,11 +3054,12 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+ 	char *filename_buf = NULL;
+ 	struct lock_file lock = LOCK_INIT;
+ 	int out_fd;
+-	char buf[1024];
++	struct strbuf buf = STRBUF_INIT;
+ 	FILE *config_file = NULL;
+ 	struct stat st;
+ 	struct strbuf copystr = STRBUF_INIT;
+ 	struct config_store_data store;
++	uint32_t line_nr = 0;
+ 
+ 	memset(&store, 0, sizeof(store));
+ 
+@@ -3092,16 +3096,25 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+ 		goto out;
+ 	}
+ 
+-	while (fgets(buf, sizeof(buf), config_file)) {
+-		int i;
+-		int length;
++	while (!strbuf_getwholeline(&buf, config_file, '\n')) {
++		size_t i, length;
+ 		int is_section = 0;
+-		char *output = buf;
+-		for (i = 0; buf[i] && isspace(buf[i]); i++)
++		char *output = buf.buf;
++
++		line_nr++;
++
++		if (buf.len >= GIT_CONFIG_MAX_LINE_LEN) {
++			ret = error(_("refusing to work with overly long line "
++				      "in '%s' on line %"PRIuMAX),
++				    config_filename, (uintmax_t)line_nr);
++			goto out;
++		}
++
++		for (i = 0; buf.buf[i] && isspace(buf.buf[i]); i++)
+ 			; /* do nothing */
+-		if (buf[i] == '[') {
++		if (buf.buf[i] == '[') {
+ 			/* it's a section */
+-			int offset;
++			size_t offset;
+ 			is_section = 1;
+ 
+ 			/*
+@@ -3118,7 +3131,7 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+ 				strbuf_reset(&copystr);
+ 			}
+ 
+-			offset = section_name_match(&buf[i], old_name);
++			offset = section_name_match(&buf.buf[i], old_name);
+ 			if (offset > 0) {
+ 				ret++;
+ 				if (new_name == NULL) {
+@@ -3193,6 +3206,7 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+ out_no_rollback:
+ 	free(filename_buf);
+ 	config_store_data_clear(&store);
++	strbuf_release(&buf);
+ 	return ret;
+ }
+ 
+diff --git a/t/t1300-config.sh b/t/t1300-config.sh
+index 983a0a1..9b67f6b 100755
+--- a/t/t1300-config.sh
++++ b/t/t1300-config.sh
+@@ -616,6 +616,36 @@ test_expect_success 'renaming to bogus section is rejected' '
+ 	test_must_fail git config --rename-section branch.zwei "bogus name"
+ '
+ 
++test_expect_success 'renaming a section with a long line' '
++	{
++		printf "[b]\\n" &&
++		printf "  c = d %1024s [a] e = f\\n" " " &&
++		printf "[a] g = h\\n"
++	} >y &&
++	git config -f y --rename-section a xyz &&
++	test_must_fail git config -f y b.e
++'
++
++test_expect_success 'renaming an embedded section with a long line' '
++	{
++		printf "[b]\\n" &&
++		printf "  c = d %1024s [a] [foo] e = f\\n" " " &&
++		printf "[a] g = h\\n"
++	} >y &&
++	git config -f y --rename-section a xyz &&
++	test_must_fail git config -f y foo.e
++'
++
++test_expect_success 'renaming a section with an overly-long line' '
++	{
++		printf "[b]\\n" &&
++		printf "  c = d %525000s e" " " &&
++		printf "[a] g = h\\n"
++	} >y &&
++	test_must_fail git config -f y --rename-section a xyz 2>err &&
++	test_i18ngrep "refusing to work with overly long line in .y. on line 2" err
++'
++
+ cat >> .git/config << EOF
+   [branch "zwei"] a = 1 [branch "vier"]
+ EOF
+-- 
+2.25.1
+
diff --git a/poky/meta/recipes-devtools/git/git.inc b/poky/meta/recipes-devtools/git/git.inc
index 36318eed20..e64472ea28 100644
--- a/poky/meta/recipes-devtools/git/git.inc
+++ b/poky/meta/recipes-devtools/git/git.inc
@@ -28,6 +28,8 @@ SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
            file://CVE-2023-22490-2.patch \
            file://CVE-2023-22490-3.patch \
            file://CVE-2023-23946.patch \
+           file://CVE-2023-29007.patch \
+           file://CVE-2023-25652.patch \
            "
 S = "${WORKDIR}/git-${PV}"
 
diff --git a/poky/meta/recipes-devtools/go/go-1.14.inc b/poky/meta/recipes-devtools/go/go-1.14.inc
index 3b99b8fe7e..2c500e8331 100644
--- a/poky/meta/recipes-devtools/go/go-1.14.inc
+++ b/poky/meta/recipes-devtools/go/go-1.14.inc
@@ -58,6 +58,11 @@ SRC_URI += "\
     file://CVE-2020-29510.patch \
     file://CVE-2023-24537.patch \
     file://CVE-2023-24534.patch \
+    file://CVE-2023-24538-1.patch \
+    file://CVE-2023-24538-2.patch \
+    file://CVE-2023-24538-3.patch \
+    file://CVE-2023-24539.patch \
+    file://CVE-2023-24540.patch \
 "
 
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
diff --git a/poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch b/poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch
new file mode 100644
index 0000000000..eda26e5ff6
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch
@@ -0,0 +1,125 @@
+From 8acd01094d9ee17f6e763a61e49a8a808b3a9ddb Mon Sep 17 00:00:00 2001
+From: Brad Fitzpatrick <bradfitz@golang.org>
+Date: Mon, 2 Aug 2021 14:55:51 -0700
+Subject: [PATCH 1/3] net/netip: add new IP address package
+
+Co-authored-by: Alex Willmer <alex@moreati.org.uk> (GitHub @moreati)
+Co-authored-by: Alexander Yastrebov <yastrebov.alex@gmail.com>
+Co-authored-by: David Anderson <dave@natulte.net> (Tailscale CLA)
+Co-authored-by: David Crawshaw <crawshaw@tailscale.com> (Tailscale CLA)
+Co-authored-by: Dmytro Shynkevych <dmytro@tailscale.com> (Tailscale CLA)
+Co-authored-by: Elias Naur <mail@eliasnaur.com>
+Co-authored-by: Joe Tsai <joetsai@digital-static.net> (Tailscale CLA)
+Co-authored-by: Jonathan Yu <jawnsy@cpan.org> (GitHub @jawnsy)
+Co-authored-by: Josh Bleecher Snyder <josharian@gmail.com> (Tailscale CLA)
+Co-authored-by: Maisem Ali <maisem@tailscale.com> (Tailscale CLA)
+Co-authored-by: Manuel Mendez (Go AUTHORS mmendez534@...)
+Co-authored-by: Matt Layher <mdlayher@gmail.com>
+Co-authored-by: Noah Treuhaft <noah.treuhaft@gmail.com> (GitHub @nwt)
+Co-authored-by: Stefan Majer <stefan.majer@gmail.com>
+Co-authored-by: Terin Stock <terinjokes@gmail.com> (Cloudflare CLA)
+Co-authored-by: Tobias Klauser <tklauser@distanz.ch>
+
+Fixes #46518
+
+Change-Id: I0041f9e1115d61fa6e95fcf32b01d9faee708712
+Reviewed-on: https://go-review.googlesource.com/c/go/+/339309
+Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
+TryBot-Result: Go Bot <gobot@golang.org>
+Reviewed-by: Russ Cox <rsc@golang.org>
+Trust: Brad Fitzpatrick <bradfitz@golang.org>
+
+Dependency Patch #1
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/a59e33224e42d60a97fa720a45e1b74eb6aaa3d0]
+CVE: CVE-2023-24538
+Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
+---
+ src/internal/godebug/godebug.go      | 34 ++++++++++++++++++++++++++++++++++
+ src/internal/godebug/godebug_test.go | 34 ++++++++++++++++++++++++++++++++++
+ 2 files changed, 68 insertions(+)
+ create mode 100644 src/internal/godebug/godebug.go
+ create mode 100644 src/internal/godebug/godebug_test.go
+
+diff --git a/src/internal/godebug/godebug.go b/src/internal/godebug/godebug.go
+new file mode 100644
+index 0000000..ac434e5
+--- /dev/null
++++ b/src/internal/godebug/godebug.go
+@@ -0,0 +1,34 @@
++// Copyright 2021 The Go Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++// Package godebug parses the GODEBUG environment variable.
++package godebug
++
++import "os"
++
++// Get returns the value for the provided GODEBUG key.
++func Get(key string) string {
++	return get(os.Getenv("GODEBUG"), key)
++}
++
++// get returns the value part of key=value in s (a GODEBUG value).
++func get(s, key string) string {
++	for i := 0; i < len(s)-len(key)-1; i++ {
++		if i > 0 && s[i-1] != ',' {
++			continue
++		}
++		afterKey := s[i+len(key):]
++		if afterKey[0] != '=' || s[i:i+len(key)] != key {
++			continue
++		}
++		val := afterKey[1:]
++		for i, b := range val {
++			if b == ',' {
++				return val[:i]
++			}
++		}
++		return val
++	}
++	return ""
++}
+diff --git a/src/internal/godebug/godebug_test.go b/src/internal/godebug/godebug_test.go
+new file mode 100644
+index 0000000..41b9117
+--- /dev/null
++++ b/src/internal/godebug/godebug_test.go
+@@ -0,0 +1,34 @@
++// Copyright 2021 The Go Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++package godebug
++
++import "testing"
++
++func TestGet(t *testing.T) {
++	tests := []struct {
++		godebug string
++		key     string
++		want    string
++	}{
++		{"", "", ""},
++		{"", "foo", ""},
++		{"foo=bar", "foo", "bar"},
++		{"foo=bar,after=x", "foo", "bar"},
++		{"before=x,foo=bar,after=x", "foo", "bar"},
++		{"before=x,foo=bar", "foo", "bar"},
++		{",,,foo=bar,,,", "foo", "bar"},
++		{"foodecoy=wrong,foo=bar", "foo", "bar"},
++		{"foo=", "foo", ""},
++		{"foo", "foo", ""},
++		{",foo", "foo", ""},
++		{"foo=bar,baz", "loooooooong", ""},
++	}
++	for _, tt := range tests {
++		got := get(tt.godebug, tt.key)
++		if got != tt.want {
++			t.Errorf("get(%q, %q) = %q; want %q", tt.godebug, tt.key, got, tt.want)
++		}
++	}
++}
+--
+2.7.4
diff --git a/poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-2.patch b/poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-2.patch
new file mode 100644
index 0000000000..5036f2890b
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-2.patch
@@ -0,0 +1,196 @@
+From 6fc21505614f36178df0dad7034b6b8e3f7588d5 Mon Sep 17 00:00:00 2001
+From: empijei <robclap8@gmail.com>
+Date: Fri, 27 Mar 2020 19:27:55 +0100
+Subject: [PATCH 2/3] html/template,text/template: switch to Unicode escapes
+ for JSON compatibility
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The existing implementation is not compatible with JSON
+escape as it uses hex escaping.
+Unicode escape, instead, is valid for both JSON and JS.
+This fix avoids creating a separate escaping context for
+scripts of type "application/ld+json" and it is more
+future-proof in case more JSON+JS contexts get added
+to the platform (e.g. import maps).
+
+Fixes #33671
+Fixes #37634
+
+Change-Id: Id6f6524b4abc52e81d9d744d46bbe5bf2e081543
+Reviewed-on: https://go-review.googlesource.com/c/go/+/226097
+Reviewed-by: Carl Johnson <me@carlmjohnson.net>
+Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
+Run-TryBot: Daniel Martí <mvdan@mvdan.cc>
+TryBot-Result: Gobot Gobot <gobot@golang.org>
+
+Dependency Patch #2
+
+Upstream-Status: Backport from https://github.com/golang/go/commit/d4d298040d072ddacea0e0d6b55fb148fff18070
+CVE: CVE-2023-24538
+Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
+---
+ src/html/template/js.go    | 70 +++++++++++++++++++++++++++-------------------
+ src/text/template/funcs.go |  8 +++---
+ 2 files changed, 46 insertions(+), 32 deletions(-)
+
+diff --git a/src/html/template/js.go b/src/html/template/js.go
+index 0e91458..ea9c183 100644
+--- a/src/html/template/js.go
++++ b/src/html/template/js.go
+@@ -163,7 +163,6 @@ func jsValEscaper(args ...interface{}) string {
+	}
+	// TODO: detect cycles before calling Marshal which loops infinitely on
+	// cyclic data. This may be an unacceptable DoS risk.
+-
+	b, err := json.Marshal(a)
+	if err != nil {
+		// Put a space before comment so that if it is flush against
+@@ -178,8 +177,8 @@ func jsValEscaper(args ...interface{}) string {
+	// TODO: maybe post-process output to prevent it from containing
+	// "<!--", "-->", "<![CDATA[", "]]>", or "</script"
+	// in case custom marshalers produce output containing those.
+-
+-	// TODO: Maybe abbreviate \u00ab to \xab to produce more compact output.
++	// Note: Do not use \x escaping to save bytes because it is not JSON compatible and this escaper
++	// supports ld+json content-type.
+	if len(b) == 0 {
+		// In, `x=y/{{.}}*z` a json.Marshaler that produces "" should
+		// not cause the output `x=y/*z`.
+@@ -260,6 +259,8 @@ func replace(s string, replacementTable []string) string {
+		r, w = utf8.DecodeRuneInString(s[i:])
+		var repl string
+		switch {
++		case int(r) < len(lowUnicodeReplacementTable):
++			repl = lowUnicodeReplacementTable[r]
+		case int(r) < len(replacementTable) && replacementTable[r] != "":
+			repl = replacementTable[r]
+		case r == '\u2028':
+@@ -283,67 +284,80 @@ func replace(s string, replacementTable []string) string {
+	return b.String()
+ }
+
++var lowUnicodeReplacementTable = []string{
++	0: `\u0000`, 1: `\u0001`, 2: `\u0002`, 3: `\u0003`, 4: `\u0004`, 5: `\u0005`, 6: `\u0006`,
++	'\a': `\u0007`,
++	'\b': `\u0008`,
++	'\t': `\t`,
++	'\n': `\n`,
++	'\v': `\u000b`, // "\v" == "v" on IE 6.
++	'\f': `\f`,
++	'\r': `\r`,
++	0xe:  `\u000e`, 0xf: `\u000f`, 0x10: `\u0010`, 0x11: `\u0011`, 0x12: `\u0012`, 0x13: `\u0013`,
++	0x14: `\u0014`, 0x15: `\u0015`, 0x16: `\u0016`, 0x17: `\u0017`, 0x18: `\u0018`, 0x19: `\u0019`,
++	0x1a: `\u001a`, 0x1b: `\u001b`, 0x1c: `\u001c`, 0x1d: `\u001d`, 0x1e: `\u001e`, 0x1f: `\u001f`,
++}
++
+ var jsStrReplacementTable = []string{
+-	0:    `\0`,
++	0:    `\u0000`,
+	'\t': `\t`,
+	'\n': `\n`,
+-	'\v': `\x0b`, // "\v" == "v" on IE 6.
++	'\v': `\u000b`, // "\v" == "v" on IE 6.
+	'\f': `\f`,
+	'\r': `\r`,
+	// Encode HTML specials as hex so the output can be embedded
+	// in HTML attributes without further encoding.
+-	'"':  `\x22`,
+-	'&':  `\x26`,
+-	'\'': `\x27`,
+-	'+':  `\x2b`,
++	'"':  `\u0022`,
++	'&':  `\u0026`,
++	'\'': `\u0027`,
++	'+':  `\u002b`,
+	'/':  `\/`,
+-	'<':  `\x3c`,
+-	'>':  `\x3e`,
++	'<':  `\u003c`,
++	'>':  `\u003e`,
+	'\\': `\\`,
+ }
+
+ // jsStrNormReplacementTable is like jsStrReplacementTable but does not
+ // overencode existing escapes since this table has no entry for `\`.
+ var jsStrNormReplacementTable = []string{
+-	0:    `\0`,
++	0:    `\u0000`,
+	'\t': `\t`,
+	'\n': `\n`,
+-	'\v': `\x0b`, // "\v" == "v" on IE 6.
++	'\v': `\u000b`, // "\v" == "v" on IE 6.
+	'\f': `\f`,
+	'\r': `\r`,
+	// Encode HTML specials as hex so the output can be embedded
+	// in HTML attributes without further encoding.
+-	'"':  `\x22`,
+-	'&':  `\x26`,
+-	'\'': `\x27`,
+-	'+':  `\x2b`,
++	'"':  `\u0022`,
++	'&':  `\u0026`,
++	'\'': `\u0027`,
++	'+':  `\u002b`,
+	'/':  `\/`,
+-	'<':  `\x3c`,
+-	'>':  `\x3e`,
++	'<':  `\u003c`,
++	'>':  `\u003e`,
+ }
+-
+ var jsRegexpReplacementTable = []string{
+-	0:    `\0`,
++	0:    `\u0000`,
+	'\t': `\t`,
+	'\n': `\n`,
+-	'\v': `\x0b`, // "\v" == "v" on IE 6.
++	'\v': `\u000b`, // "\v" == "v" on IE 6.
+	'\f': `\f`,
+	'\r': `\r`,
+	// Encode HTML specials as hex so the output can be embedded
+	// in HTML attributes without further encoding.
+-	'"':  `\x22`,
++	'"':  `\u0022`,
+	'$':  `\$`,
+-	'&':  `\x26`,
+-	'\'': `\x27`,
++	'&':  `\u0026`,
++	'\'': `\u0027`,
+	'(':  `\(`,
+	')':  `\)`,
+	'*':  `\*`,
+-	'+':  `\x2b`,
++	'+':  `\u002b`,
+	'-':  `\-`,
+	'.':  `\.`,
+	'/':  `\/`,
+-	'<':  `\x3c`,
+-	'>':  `\x3e`,
++	'<':  `\u003c`,
++	'>':  `\u003e`,
+	'?':  `\?`,
+	'[':  `\[`,
+	'\\': `\\`,
+diff --git a/src/text/template/funcs.go b/src/text/template/funcs.go
+index 46125bc..f3de9fb 100644
+--- a/src/text/template/funcs.go
++++ b/src/text/template/funcs.go
+@@ -640,10 +640,10 @@ var (
+	jsBackslash = []byte(`\\`)
+	jsApos      = []byte(`\'`)
+	jsQuot      = []byte(`\"`)
+-	jsLt        = []byte(`\x3C`)
+-	jsGt        = []byte(`\x3E`)
+-	jsAmp       = []byte(`\x26`)
+-	jsEq        = []byte(`\x3D`)
++	jsLt        = []byte(`\u003C`)
++	jsGt        = []byte(`\u003E`)
++	jsAmp       = []byte(`\u0026`)
++	jsEq        = []byte(`\u003D`)
+ )
+
+ // JSEscape writes to w the escaped JavaScript equivalent of the plain text data b.
+--
+2.7.4
diff --git a/poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-3.patch b/poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-3.patch
new file mode 100644
index 0000000000..d5bb33e091
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-3.patch
@@ -0,0 +1,208 @@
+From 16f4882984569f179d73967c9eee679bb9b098c5 Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <bracewell@google.com>
+Date: Mon, 20 Mar 2023 11:01:13 -0700
+Subject: [PATCH 3/3] html/template: disallow actions in JS template literals
+
+ECMAScript 6 introduced template literals[0][1] which are delimited with
+backticks. These need to be escaped in a similar fashion to the
+delimiters for other string literals. Additionally template literals can
+contain special syntax for string interpolation.
+
+There is no clear way to allow safe insertion of actions within JS
+template literals, as handling (JS) string interpolation inside of these
+literals is rather complex. As such we've chosen to simply disallow
+template actions within these template literals.
+
+A new error code is added for this parsing failure case, errJsTmplLit,
+but it is unexported as it is not backwards compatible with other minor
+release versions to introduce an API change in a minor release. We will
+export this code in the next major release.
+
+The previous behavior (with the cavet that backticks are now escaped
+properly) can be re-enabled with GODEBUG=jstmpllitinterp=1.
+
+This change subsumes CL471455.
+
+Thanks to Sohom Datta, Manipal Institute of Technology, for reporting
+this issue.
+
+Fixes CVE-2023-24538
+For #59234
+Fixes #59271
+
+[0] https://tc39.es/ecma262/multipage/ecmascript-language-expressions.html#sec-template-literals
+[1] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals
+
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802457
+Reviewed-by: Damien Neil <dneil@google.com>
+Run-TryBot: Damien Neil <dneil@google.com>
+Reviewed-by: Julie Qiu <julieqiu@google.com>
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802612
+Run-TryBot: Roland Shoemaker <bracewell@google.com>
+Change-Id: Ic7f10595615f2b2740d9c85ad7ef40dc0e78c04c
+Reviewed-on: https://go-review.googlesource.com/c/go/+/481987
+Auto-Submit: Michael Knyszek <mknyszek@google.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Run-TryBot: Michael Knyszek <mknyszek@google.com>
+Reviewed-by: Matthew Dempsky <mdempsky@google.com>
+
+Upstream-Status: Backport from https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
+CVE: CVE-2023-24538
+Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
+---
+ src/html/template/context.go      |  2 ++
+ src/html/template/error.go        | 13 +++++++++++++
+ src/html/template/escape.go       | 11 +++++++++++
+ src/html/template/js.go           |  2 ++
+ src/html/template/jsctx_string.go |  9 +++++++++
+ src/html/template/transition.go   |  7 ++++++-
+ 6 files changed, 43 insertions(+), 1 deletion(-)
+
+diff --git a/src/html/template/context.go b/src/html/template/context.go
+index f7d4849..0b65313 100644
+--- a/src/html/template/context.go
++++ b/src/html/template/context.go
+@@ -116,6 +116,8 @@ const (
+	stateJSDqStr
+	// stateJSSqStr occurs inside a JavaScript single quoted string.
+	stateJSSqStr
++	// stateJSBqStr occurs inside a JavaScript back quoted string.
++	stateJSBqStr
+	// stateJSRegexp occurs inside a JavaScript regexp literal.
+	stateJSRegexp
+	// stateJSBlockCmt occurs inside a JavaScript /* block comment */.
+diff --git a/src/html/template/error.go b/src/html/template/error.go
+index 0e52706..fd26b64 100644
+--- a/src/html/template/error.go
++++ b/src/html/template/error.go
+@@ -211,6 +211,19 @@ const (
+	//   pipeline occurs in an unquoted attribute value context, "html" is
+	//   disallowed. Avoid using "html" and "urlquery" entirely in new templates.
+	ErrPredefinedEscaper
++
++	// errJSTmplLit: "... appears in a JS template literal"
++	// Example:
++	//     <script>var tmpl = `{{.Interp}`</script>
++	// Discussion:
++	//   Package html/template does not support actions inside of JS template
++	//   literals.
++	//
++	// TODO(rolandshoemaker): we cannot add this as an exported error in a minor
++	// release, since it is backwards incompatible with the other minor
++	// releases. As such we need to leave it unexported, and then we'll add it
++	// in the next major release.
++	errJSTmplLit
+ )
+
+ func (e *Error) Error() string {
+diff --git a/src/html/template/escape.go b/src/html/template/escape.go
+index f12dafa..29ca5b3 100644
+--- a/src/html/template/escape.go
++++ b/src/html/template/escape.go
+@@ -8,6 +8,7 @@ import (
+	"bytes"
+	"fmt"
+	"html"
++	"internal/godebug"
+	"io"
+	"text/template"
+	"text/template/parse"
+@@ -203,6 +204,16 @@ func (e *escaper) escapeAction(c context, n *parse.ActionNode) context {
+		c.jsCtx = jsCtxDivOp
+	case stateJSDqStr, stateJSSqStr:
+		s = append(s, "_html_template_jsstrescaper")
++	case stateJSBqStr:
++		debugAllowActionJSTmpl := godebug.Get("jstmpllitinterp")
++		if debugAllowActionJSTmpl == "1" {
++			s = append(s, "_html_template_jsstrescaper")
++		} else {
++			return context{
++				state: stateError,
++				err:   errorf(errJSTmplLit, n, n.Line, "%s appears in a JS template literal", n),
++			}
++		}
+	case stateJSRegexp:
+		s = append(s, "_html_template_jsregexpescaper")
+	case stateCSS:
+diff --git a/src/html/template/js.go b/src/html/template/js.go
+index ea9c183..b888eaf 100644
+--- a/src/html/template/js.go
++++ b/src/html/template/js.go
+@@ -308,6 +308,7 @@ var jsStrReplacementTable = []string{
+	// Encode HTML specials as hex so the output can be embedded
+	// in HTML attributes without further encoding.
+	'"':  `\u0022`,
++	'`':  `\u0060`,
+	'&':  `\u0026`,
+	'\'': `\u0027`,
+	'+':  `\u002b`,
+@@ -331,6 +332,7 @@ var jsStrNormReplacementTable = []string{
+	'"':  `\u0022`,
+	'&':  `\u0026`,
+	'\'': `\u0027`,
++	'`':  `\u0060`,
+	'+':  `\u002b`,
+	'/':  `\/`,
+	'<':  `\u003c`,
+diff --git a/src/html/template/jsctx_string.go b/src/html/template/jsctx_string.go
+index dd1d87e..2394893 100644
+--- a/src/html/template/jsctx_string.go
++++ b/src/html/template/jsctx_string.go
+@@ -4,6 +4,15 @@ package template
+
+ import "strconv"
+
++func _() {
++	// An "invalid array index" compiler error signifies that the constant values have changed.
++	// Re-run the stringer command to generate them again.
++	var x [1]struct{}
++	_ = x[jsCtxRegexp-0]
++	_ = x[jsCtxDivOp-1]
++	_ = x[jsCtxUnknown-2]
++}
++
+ const _jsCtx_name = "jsCtxRegexpjsCtxDivOpjsCtxUnknown"
+
+ var _jsCtx_index = [...]uint8{0, 11, 21, 33}
+diff --git a/src/html/template/transition.go b/src/html/template/transition.go
+index 06df679..92eb351 100644
+--- a/src/html/template/transition.go
++++ b/src/html/template/transition.go
+@@ -27,6 +27,7 @@ var transitionFunc = [...]func(context, []byte) (context, int){
+	stateJS:          tJS,
+	stateJSDqStr:     tJSDelimited,
+	stateJSSqStr:     tJSDelimited,
++	stateJSBqStr:     tJSDelimited,
+	stateJSRegexp:    tJSDelimited,
+	stateJSBlockCmt:  tBlockCmt,
+	stateJSLineCmt:   tLineCmt,
+@@ -262,7 +263,7 @@ func tURL(c context, s []byte) (context, int) {
+
+ // tJS is the context transition function for the JS state.
+ func tJS(c context, s []byte) (context, int) {
+-	i := bytes.IndexAny(s, `"'/`)
++	i := bytes.IndexAny(s, "\"`'/")
+	if i == -1 {
+		// Entire input is non string, comment, regexp tokens.
+		c.jsCtx = nextJSCtx(s, c.jsCtx)
+@@ -274,6 +275,8 @@ func tJS(c context, s []byte) (context, int) {
+		c.state, c.jsCtx = stateJSDqStr, jsCtxRegexp
+	case '\'':
+		c.state, c.jsCtx = stateJSSqStr, jsCtxRegexp
++	case '`':
++		c.state, c.jsCtx = stateJSBqStr, jsCtxRegexp
+	case '/':
+		switch {
+		case i+1 < len(s) && s[i+1] == '/':
+@@ -303,6 +306,8 @@ func tJSDelimited(c context, s []byte) (context, int) {
+	switch c.state {
+	case stateJSSqStr:
+		specials = `\'`
++	case stateJSBqStr:
++		specials = "`\\"
+	case stateJSRegexp:
+		specials = `\/[]`
+	}
+--
+2.7.4
diff --git a/poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24539.patch b/poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24539.patch
new file mode 100644
index 0000000000..281b6486a8
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24539.patch
@@ -0,0 +1,60 @@
+From 8673ca81e5340b87709db2d9749c92a3bf925df1 Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <bracewell@google.com>
+Date: Thu, 13 Apr 2023 15:40:44 -0700
+Subject: [PATCH] html/template: disallow angle brackets in CSS values
+
+Angle brackets should not appear in CSS contexts, as they may affect
+token boundaries (such as closing a <style> tag, resulting in
+injection). Instead emit filterFailsafe, matching the behavior for other
+dangerous characters.
+
+Thanks to Juho Nurminen of Mattermost for reporting this issue.
+
+Fixes #59720
+Fixes CVE-2023-24539
+
+Change-Id: Iccc659c9a18415992b0c05c178792228e3a7bae4
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1826636
+Reviewed-by: Julie Qiu <julieqiu@google.com>
+Run-TryBot: Roland Shoemaker <bracewell@google.com>
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/491615
+Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+Run-TryBot: Carlos Amedee <carlos@golang.org>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+
+Upstream-Status: Backport from [https://github.com/golang/go/commit/8673ca81e5340b87709db2d9749c92a3bf925df1]
+CVE: CVE-2023-24539
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+---
+ src/html/template/css.go      | 2 +-
+ src/html/template/css_test.go | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/html/template/css.go b/src/html/template/css.go
+index 890a0c6b227fe..f650d8b3e843a 100644
+--- a/src/html/template/css.go
++++ b/src/html/template/css.go
+@@ -238,7 +238,7 @@ func cssValueFilter(args ...any) string {
+ 	// inside a string that might embed JavaScript source.
+ 	for i, c := range b {
+ 		switch c {
+-		case 0, '"', '\'', '(', ')', '/', ';', '@', '[', '\\', ']', '`', '{', '}':
++		case 0, '"', '\'', '(', ')', '/', ';', '@', '[', '\\', ']', '`', '{', '}', '<', '>':
+ 			return filterFailsafe
+ 		case '-':
+ 			// Disallow <!-- or -->.
+diff --git a/src/html/template/css_test.go b/src/html/template/css_test.go
+index a735638b0314f..2b76256a766e9 100644
+--- a/src/html/template/css_test.go
++++ b/src/html/template/css_test.go
+@@ -231,6 +231,8 @@ func TestCSSValueFilter(t *testing.T) {
+ 		{`-exp\000052 ession(alert(1337))`, "ZgotmplZ"},
+ 		{`-expre\0000073sion`, "-expre\x073sion"},
+ 		{`@import url evil.css`, "ZgotmplZ"},
++		{"<", "ZgotmplZ"},
++		{">", "ZgotmplZ"},
+ 	}
+ 	for _, test := range tests {
+ 		got := cssValueFilter(test.css)
diff --git a/poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24540.patch b/poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24540.patch
new file mode 100644
index 0000000000..799a0dfcda
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.14/CVE-2023-24540.patch
@@ -0,0 +1,90 @@
+From ce7bd33345416e6d8cac901792060591cafc2797 Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <bracewell@google.com>
+Date: Tue, 11 Apr 2023 16:27:43 +0100
+Subject: [PATCH] [release-branch.go1.19] html/template: handle all JS
+ whitespace characters
+
+Rather than just a small set. Character class as defined by \s [0].
+
+Thanks to Juho Nurminen of Mattermost for reporting this.
+
+For #59721
+Fixes  #59813
+Fixes CVE-2023-24540
+
+[0] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions/Character_Classes
+
+Change-Id: I56d4fa1ef08125b417106ee7dbfb5b0923b901ba
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1821459
+Reviewed-by: Julie Qiu <julieqiu@google.com>
+Run-TryBot: Roland Shoemaker <bracewell@google.com>
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1851497
+Run-TryBot: Damien Neil <dneil@google.com>
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/491355
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+Reviewed-by: Carlos Amedee <carlos@golang.org>
+TryBot-Bypass: Carlos Amedee <carlos@golang.org>
+Run-TryBot: Carlos Amedee <carlos@golang.org>
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797]
+CVE: CVE-2023-24540
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/html/template/js.go      |  8 +++++++-
+ src/html/template/js_test.go | 11 +++++++----
+ 2 files changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/src/html/template/js.go b/src/html/template/js.go
+index fe7054efe5cd8..4e05c1455723f 100644
+--- a/src/html/template/js.go
++++ b/src/html/template/js.go
+@@ -13,6 +13,11 @@ import (
+ 	"unicode/utf8"
+ )
+ 
++// jsWhitespace contains all of the JS whitespace characters, as defined
++// by the \s character class.
++// See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_expressions/Character_classes.
++const jsWhitespace = "\f\n\r\t\v\u0020\u00a0\u1680\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200a\u2028\u2029\u202f\u205f\u3000\ufeff"
++
+ // nextJSCtx returns the context that determines whether a slash after the
+ // given run of tokens starts a regular expression instead of a division
+ // operator: / or /=.
+@@ -26,7 +31,8 @@ import (
+ // JavaScript 2.0 lexical grammar and requires one token of lookbehind:
+ // https://www.mozilla.org/js/language/js20-2000-07/rationale/syntax.html
+ func nextJSCtx(s []byte, preceding jsCtx) jsCtx {
+-	s = bytes.TrimRight(s, "\t\n\f\r \u2028\u2029")
++	// Trim all JS whitespace characters
++	s = bytes.TrimRight(s, jsWhitespace)
+ 	if len(s) == 0 {
+ 		return preceding
+ 	}
+diff --git a/src/html/template/js_test.go b/src/html/template/js_test.go
+index e07c695f7a77d..e52180cc113b5 100644
+--- a/src/html/template/js_test.go
++++ b/src/html/template/js_test.go
+@@ -81,14 +81,17 @@ func TestNextJsCtx(t *testing.T) {
+ 		{jsCtxDivOp, "0"},
+ 		// Dots that are part of a number are div preceders.
+ 		{jsCtxDivOp, "0."},
++		// Some JS interpreters treat NBSP as a normal space, so
++		// we must too in order to properly escape things.
++		{jsCtxRegexp, "=\u00A0"},
+ 	}
+ 
+ 	for _, test := range tests {
+-		if nextJSCtx([]byte(test.s), jsCtxRegexp) != test.jsCtx {
+-			t.Errorf("want %s got %q", test.jsCtx, test.s)
++		if ctx := nextJSCtx([]byte(test.s), jsCtxRegexp); ctx != test.jsCtx {
++			t.Errorf("%q: want %s got %s", test.s, test.jsCtx, ctx)
+ 		}
+-		if nextJSCtx([]byte(test.s), jsCtxDivOp) != test.jsCtx {
+-			t.Errorf("want %s got %q", test.jsCtx, test.s)
++		if ctx := nextJSCtx([]byte(test.s), jsCtxDivOp); ctx != test.jsCtx {
++			t.Errorf("%q: want %s got %s", test.s, test.jsCtx, ctx)
+ 		}
+ 	}
+ 
diff --git a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service
index 7f72f3388a..b6b81d5c1a 100644
--- a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service
+++ b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=Run pending postinsts
 DefaultDependencies=no
-After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount
+After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount ldconfig.service
 Before=sysinit.target
 
 [Service]
diff --git a/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch
new file mode 100644
index 0000000000..4b96e4316c
--- /dev/null
+++ b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch
@@ -0,0 +1,39 @@
+From 77ff5f1be394eb2c786df561ff37dde7f982ec76 Mon Sep 17 00:00:00 2001
+From: Stefano Babic <sbabic@denx.de>
+Date: Fri, 28 Jul 2017 13:20:52 +0200
+Subject: [PATCH] Wrong CRC with ASCII CRC for large files
+
+Due to signedness, the checksum is not computed when filesize is bigger
+a 2GB.
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/bug-cpio/2017-07/msg00004.html]
+Signed-off-by: Stefano Babic <sbabic@denx.de>
+---
+ src/copyout.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/copyout.c b/src/copyout.c
+index 1f0987a..727aeca 100644
+--- a/src/copyout.c
++++ b/src/copyout.c
+@@ -34,13 +34,13 @@
+    compute and return a checksum for them.  */
+ 
+ static uint32_t
+-read_for_checksum (int in_file_des, int file_size, char *file_name)
++read_for_checksum (int in_file_des, unsigned int file_size, char *file_name)
+ {
+   uint32_t crc;
+   char buf[BUFSIZ];
+-  int bytes_left;
+-  int bytes_read;
+-  int i;
++  unsigned int bytes_left;
++  unsigned int bytes_read;
++  unsigned int i;
+ 
+   crc = 0;
+ 
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-extended/cpio/cpio_2.13.bb b/poky/meta/recipes-extended/cpio/cpio_2.13.bb
index 7c8a465cd0..86527da744 100644
--- a/poky/meta/recipes-extended/cpio/cpio_2.13.bb
+++ b/poky/meta/recipes-extended/cpio/cpio_2.13.bb
@@ -10,6 +10,7 @@ SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \
            file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
            file://0002-src-global.c-Remove-superfluous-declaration-of-progr.patch \
            file://CVE-2021-38185.patch \
+           file://0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch \
            "
 
 SRC_URI[md5sum] = "389c5452d667c23b5eceb206f5000810"
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-28879.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-28879.patch
new file mode 100644
index 0000000000..852f2459f7
--- /dev/null
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-28879.patch
@@ -0,0 +1,54 @@
+From 37ed5022cecd584de868933b5b60da2e995b3179 Mon Sep 17 00:00:00 2001
+From: Ken Sharp <ken.sharp@artifex.com>
+Date: Fri, 24 Mar 2023 13:19:57 +0000
+Subject: [PATCH] Graphics library - prevent buffer overrun in (T)BCP encoding
+
+Bug #706494 "Buffer Overflow in s_xBCPE_process"
+
+As described in detail in the bug report, if the write buffer is filled
+to one byte less than full, and we then try to write an escaped
+character, we overrun the buffer because we don't check before
+writing two bytes to it.
+
+This just checks if we have two bytes before starting to write an
+escaped character and exits if we don't (replacing the consumed byte
+of the input).
+
+Up for further discussion; why do we even permit a BCP encoding filter
+anyway ? I think we should remove this, at least when SAFER is true.
+
+Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;h=37ed5022cecd584de868933b5b60da2e995b3179]
+CVE: CVE-2023-28879
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ base/sbcp.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/base/sbcp.c b/base/sbcp.c
+index 6b0383c..90784b5 100644
+--- a/base/sbcp.c
++++ b/base/sbcp.c
+@@ -1,4 +1,4 @@
+-/* Copyright (C) 2001-2019 Artifex Software, Inc.
++/* Copyright (C) 2001-2023 Artifex Software, Inc.
+    All Rights Reserved.
+ 
+    This software is provided AS-IS with no warranty, either express or
+@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr,
+         byte ch = *++p;
+ 
+         if (ch <= 31 && escaped[ch]) {
++            /* Make sure we have space to store two characters in the write buffer,
++	     * if we don't then exit without consuming the input character, we'll process
++	     * that on the next time round.
++	     */
++            if (pw->limit - q < 2) {
++                p--;
++                break;
++            }
+             if (p == rlimit) {
+                 p--;
+                 break;
+-- 
+2.25.1
+
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_9.52.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_9.52.bb
index a829d4b4ae..57f0b51ad3 100644
--- a/poky/meta/recipes-extended/ghostscript/ghostscript_9.52.bb
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript_9.52.bb
@@ -39,6 +39,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
                 file://CVE-2021-3781_1.patch \
                 file://CVE-2021-3781_2.patch \
                 file://CVE-2021-3781_3.patch \
+                file://CVE-2023-28879.patch \
 "
 
 SRC_URI = "${SRC_URI_BASE} \
diff --git a/poky/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch b/poky/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
new file mode 100644
index 0000000000..800d77579e
--- /dev/null
+++ b/poky/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
@@ -0,0 +1,40 @@
+From e6fda039ad638866b7a6a5d046f03278ba1b7611 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Mon, 14 Nov 2022 19:18:19 +0100
+Subject: [PATCH] * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer
+ overflow.
+
+Reported as
+
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
+
+Upstream-Status: Backport [https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611]
+CVE: CVE-2023-2004
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/truetype/ttgxvar.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
+index 78d87dc..258d701 100644
+--- a/src/truetype/ttgxvar.c
++++ b/src/truetype/ttgxvar.c
+@@ -43,6 +43,7 @@
+ #include FT_INTERNAL_DEBUG_H
+ #include FT_CONFIG_CONFIG_H
+ #include FT_INTERNAL_STREAM_H
++#include <freetype/internal/ftcalc.h>
+ #include FT_INTERNAL_SFNT_H
+ #include FT_TRUETYPE_TAGS_H
+ #include FT_TRUETYPE_IDS_H
+@@ -1065,7 +1066,7 @@
+                 delta == 1 ? "" : "s",
+                 vertical ? "VVAR" : "HVAR" ));
+
+-    *avalue += delta;
++    *avalue = ADD_INT( *avalue, delta );
+
+   Exit:
+     return error;
+--
+2.17.1
diff --git a/poky/meta/recipes-graphics/freetype/freetype_2.10.1.bb b/poky/meta/recipes-graphics/freetype/freetype_2.10.1.bb
index 72001c529a..6af744b981 100644
--- a/poky/meta/recipes-graphics/freetype/freetype_2.10.1.bb
+++ b/poky/meta/recipes-graphics/freetype/freetype_2.10.1.bb
@@ -18,6 +18,7 @@ SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz \
            file://CVE-2022-27404.patch \
            file://CVE-2022-27405.patch \
            file://CVE-2022-27406.patch \
+           file://CVE-2023-2004.patch \
           "
 SRC_URI[md5sum] = "bd42e75127f8431923679480efb5ba8f"
 SRC_URI[sha256sum] = "16dbfa488a21fe827dc27eaf708f42f7aa3bb997d745d31a19781628c36ba26f"
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch
new file mode 100644
index 0000000000..ef2ee5d55e
--- /dev/null
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch
@@ -0,0 +1,38 @@
+From 0ba6d8c37071131a49790243cdac55392ecf71ec Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Wed, 25 Jan 2023 11:41:40 +1000
+Subject: [PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses
+
+CVE-2023-0494, ZDI-CAN-19596
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec]
+CVE: CVE-2023-0494
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Xi/exevents.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/Xi/exevents.c b/Xi/exevents.c
+index 217baa9561..dcd4efb3bc 100644
+--- a/Xi/exevents.c
++++ b/Xi/exevents.c
+@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
+             memcpy(to->button->xkb_acts, from->button->xkb_acts,
+                    sizeof(XkbAction));
+         }
+-        else
++        else {
+             free(to->button->xkb_acts);
++            to->button->xkb_acts = NULL;
++        }
+ 
+         memcpy(to->button->labels, from->button->labels,
+                from->button->numButtons * sizeof(Atom));
+-- 
+GitLab
+
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-1393.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-1393.patch
new file mode 100644
index 0000000000..51d0e0cab6
--- /dev/null
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-1393.patch
@@ -0,0 +1,46 @@
+From 26ef545b3502f61ca722a7a3373507e88ef64110 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 13 Mar 2023 11:08:47 +0100
+Subject: [PATCH] composite: Fix use-after-free of the COW
+
+ZDI-CAN-19866/CVE-2023-1393
+
+If a client explicitly destroys the compositor overlay window (aka COW),
+we would leave a dangling pointer to that window in the CompScreen
+structure, which will trigger a use-after-free later.
+
+Make sure to clear the CompScreen pointer to the COW when the latter gets
+destroyed explicitly by the client.
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Adam Jackson <ajax@redhat.com>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110]
+CVE: CVE-2023-1393
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ composite/compwindow.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/composite/compwindow.c b/composite/compwindow.c
+index 4e2494b86b..b30da589e9 100644
+--- a/composite/compwindow.c
++++ b/composite/compwindow.c
+@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin)
+     ret = (*pScreen->DestroyWindow) (pWin);
+     cs->DestroyWindow = pScreen->DestroyWindow;
+     pScreen->DestroyWindow = compDestroyWindow;
++
++    /* Did we just destroy the overlay window? */
++    if (pWin == cs->pOverlayWin)
++        cs->pOverlayWin = NULL;
++
+ /*    compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/
+     return ret;
+ }
+-- 
+GitLab
+
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
index ab18a87a3d..5c604fa86e 100644
--- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
@@ -14,6 +14,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
            file://CVE-2022-46342.patch \
            file://CVE-2022-46343.patch \
            file://CVE-2022-46344.patch \
+           file://CVE-2023-0494.patch \
+           file://CVE-2023-1393.patch \
 "
 SRC_URI[md5sum] = "453fc86aac8c629b3a5b77e8dcca30bf"
 SRC_URI[sha256sum] = "54b199c9280ff8bf0f73a54a759645bd0eeeda7255d1c99310d5b7595f3ac066"
diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb
deleted file mode 100644
index fb1ea61906..0000000000
--- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb
+++ /dev/null
@@ -1,1131 +0,0 @@
-SUMMARY = "Firmware files for use with Linux kernel"
-HOMEPAGE = "https://www.kernel.org/"
-DESCRIPTION = "Linux firmware is a package distributed alongside the Linux kernel \
-that contains firmware binary blobs necessary for partial or full functionality \
-of certain hardware devices."
-SECTION = "kernel"
-
-LICENSE = "\
-    Firmware-Abilis \
-    & Firmware-adsp_sst \
-    & Firmware-agere \
-    & Firmware-amdgpu \
-    & Firmware-amd-ucode \
-    & Firmware-amlogic_vdec \
-    & Firmware-atheros_firmware \
-    & Firmware-atmel \
-    & Firmware-broadcom_bcm43xx \
-    & Firmware-ca0132 \
-    & Firmware-cavium \
-    & Firmware-chelsio_firmware \
-    & Firmware-cw1200 \
-    & Firmware-cypress \
-    & Firmware-dib0700 \
-    & Firmware-e100 \
-    & Firmware-ene_firmware \
-    & Firmware-fw_sst_0f28 \
-    & Firmware-go7007 \
-    & Firmware-GPLv2 \
-    & Firmware-hfi1_firmware \
-    & Firmware-i915 \
-    & Firmware-ibt_firmware \
-    & Firmware-ice \
-    & Firmware-it913x \
-    & Firmware-iwlwifi_firmware \
-    & Firmware-IntcSST2 \
-    & Firmware-kaweth \
-    & Firmware-Lontium \
-    & Firmware-Marvell \
-    & Firmware-moxa \
-    & Firmware-myri10ge_firmware \
-    & Firmware-netronome \
-    & Firmware-nvidia \
-    & Firmware-OLPC \
-    & Firmware-ath9k-htc \
-    & Firmware-phanfw \
-    & Firmware-qat \
-    & Firmware-qcom \
-    & Firmware-qcom-yamato \
-    & Firmware-qla1280 \
-    & Firmware-qla2xxx \
-    & Firmware-qualcommAthos_ar3k \
-    & Firmware-qualcommAthos_ath10k \
-    & Firmware-r8a779x_usb3 \
-    & Firmware-radeon \
-    & Firmware-ralink_a_mediatek_company_firmware \
-    & Firmware-ralink-firmware \
-    & Firmware-rtlwifi_firmware \
-    & Firmware-imx-sdma_firmware \
-    & Firmware-siano \
-    & Firmware-ti-connectivity \
-    & Firmware-ti-keystone \
-    & Firmware-ueagle-atm4-firmware \
-    & Firmware-via_vt6656 \
-    & Firmware-wl1251 \
-    & Firmware-xc4000 \
-    & Firmware-xc5000 \
-    & Firmware-xc5000c \
-    & WHENCE \
-"
-
-LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
-                    file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
-                    file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
-                    file://LICENSE.amdgpu;md5=a2589a05ea5b6bd2b7f4f623c7e7a649 \
-                    file://LICENSE.amd-ucode;md5=6ca90c57f7b248de1e25c7f68ffc4698 \
-                    file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \
-                    file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \
-                    file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \
-                    file://LICENCE.broadcom_bcm43xx;md5=3160c14df7228891b868060e1951dfbc \
-                    file://LICENCE.ca0132;md5=209b33e66ee5be0461f13d31da392198 \
-                    file://LICENCE.cadence;md5=009f46816f6956cfb75ede13d3e1cee0 \
-                    file://LICENCE.cavium;md5=c37aaffb1ebe5939b2580d073a95daea \
-                    file://LICENCE.chelsio_firmware;md5=819aa8c3fa453f1b258ed8d168a9d903 \
-                    file://LICENCE.cw1200;md5=f0f770864e7a8444a5c5aa9d12a3a7ed \
-                    file://LICENCE.cypress;md5=48cd9436c763bf873961f9ed7b5c147b \
-                    file://LICENSE.dib0700;md5=f7411825c8a555a1a3e5eab9ca773431 \
-                    file://LICENCE.e100;md5=ec0f84136766df159a3ae6d02acdf5a8 \
-                    file://LICENCE.ene_firmware;md5=ed67f0f62f8f798130c296720b7d3921 \
-                    file://LICENCE.fw_sst_0f28;md5=6353931c988ad52818ae733ac61cd293 \
-                    file://LICENCE.go7007;md5=c0bb9f6aaaba55b0529ee9b30aa66beb \
-                    file://GPL-2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-                    file://LICENSE.hfi1_firmware;md5=5e7b6e586ce7339d12689e49931ad444 \
-                    file://LICENSE.i915;md5=2b0b2e0d20984affd4490ba2cba02570 \
-                    file://LICENCE.ibt_firmware;md5=fdbee1ddfe0fb7ab0b2fcd6b454a366b \
-                    file://LICENSE.ice;md5=742ab4850f2670792940e6d15c974b2f \
-                    file://LICENCE.IntcSST2;md5=9e7d8bea77612d7cc7d9e9b54b623062 \
-                    file://LICENCE.it913x;md5=1fbf727bfb6a949810c4dbfa7e6ce4f8 \
-                    file://LICENCE.iwlwifi_firmware;md5=2ce6786e0fc11ac6e36b54bb9b799f1b \
-                    file://LICENCE.kaweth;md5=b1d876e562f4b3b8d391ad8395dfe03f \
-                    file://LICENSE.Lontium;md5=4ec8dc582ff7295f39e2ca6a7b0be2b6 \
-                    file://LICENCE.Marvell;md5=28b6ed8bd04ba105af6e4dcd6e997772 \
-                    file://LICENCE.mediatek;md5=7c1976b63217d76ce47d0a11d8a79cf2 \
-                    file://LICENCE.moxa;md5=1086614767d8ccf744a923289d3d4261 \
-                    file://LICENCE.myri10ge_firmware;md5=42e32fb89f6b959ca222e25ac8df8fed \
-                    file://LICENCE.Netronome;md5=4add08f2577086d44447996503cddf5f \
-                    file://LICENCE.nvidia;md5=4428a922ed3ba2ceec95f076a488ce07 \
-                    file://LICENCE.NXP;md5=58bb8ba632cd729b9ba6183bc6aed36f \
-                    file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \
-                    file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \
-                    file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \
-                    file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \
-                    file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \
-                    file://LICENSE.qcom_yamato;md5=d0de0eeccaf1843a850bf7a6777eec5c \
-                    file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \
-                    file://LICENCE.qla2xxx;md5=505855e921b75f1be4a437ad9b79dff0 \
-                    file://LICENSE.QualcommAtheros_ar3k;md5=b5fe244fb2b532311de1472a3bc06da5 \
-                    file://LICENSE.QualcommAtheros_ath10k;md5=cb42b686ee5f5cb890275e4321db60a8 \
-                    file://LICENCE.r8a779x_usb3;md5=4c1671656153025d7076105a5da7e498 \
-                    file://LICENSE.radeon;md5=68ec28bacb3613200bca44f404c69b16 \
-                    file://LICENCE.ralink_a_mediatek_company_firmware;md5=728f1a85fd53fd67fa8d7afb080bc435 \
-                    file://LICENCE.ralink-firmware.txt;md5=ab2c269277c45476fb449673911a2dfd \
-                    file://LICENCE.rtlwifi_firmware.txt;md5=00d06cfd3eddd5a2698948ead2ad54a5 \
-                    file://LICENSE.sdma_firmware;md5=51e8c19ecc2270f4b8ea30341ad63ce9 \
-                    file://LICENCE.siano;md5=4556c1bf830067f12ca151ad953ec2a5 \
-                    file://LICENCE.ti-connectivity;md5=c5e02be633f1499c109d1652514d85ec \
-                    file://LICENCE.ti-keystone;md5=3a86335d32864b0bef996bee26cc0f2c \
-                    file://LICENCE.ueagle-atm4-firmware;md5=4ed7ea6b507ccc583b9d594417714118 \
-                    file://LICENCE.via_vt6656;md5=e4159694cba42d4377a912e78a6e850f \
-                    file://LICENCE.wl1251;md5=ad3f81922bb9e197014bb187289d3b5b \
-                    file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
-                    file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
-                    file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
-                    file://WHENCE;md5=${WHENCE_CHKSUM} \
-                    "
-# WHENCE checksum is defined separately to ease overriding it if
-# class-devupstream is selected.
-WHENCE_CHKSUM  = "aadb3cccbde1e53fc244a409e9bd5a22"
-
-# These are not common licenses, set NO_GENERIC_LICENSE for them
-# so that the license files will be copied from fetched source
-NO_GENERIC_LICENSE[Firmware-Abilis] = "LICENCE.Abilis"
-NO_GENERIC_LICENSE[Firmware-adsp_sst] = "LICENCE.adsp_sst"
-NO_GENERIC_LICENSE[Firmware-agere] = "LICENCE.agere"
-NO_GENERIC_LICENSE[Firmware-amdgpu] = "LICENSE.amdgpu"
-NO_GENERIC_LICENSE[Firmware-amd-ucode] = "LICENSE.amd-ucode"
-NO_GENERIC_LICENSE[Firmware-amlogic_vdec] = "LICENSE.amlogic_vdec"
-NO_GENERIC_LICENSE[Firmware-atheros_firmware] = "LICENCE.atheros_firmware"
-NO_GENERIC_LICENSE[Firmware-atmel] = "LICENSE.atmel"
-NO_GENERIC_LICENSE[Firmware-broadcom_bcm43xx] = "LICENCE.broadcom_bcm43xx"
-NO_GENERIC_LICENSE[Firmware-ca0132] = "LICENCE.ca0132"
-NO_GENERIC_LICENSE[Firmware-cadence] = "LICENCE.cadence"
-NO_GENERIC_LICENSE[Firmware-cavium] = "LICENCE.cavium"
-NO_GENERIC_LICENSE[Firmware-chelsio_firmware] = "LICENCE.chelsio_firmware"
-NO_GENERIC_LICENSE[Firmware-cw1200] = "LICENCE.cw1200"
-NO_GENERIC_LICENSE[Firmware-cypress] = "LICENCE.cypress"
-NO_GENERIC_LICENSE[Firmware-dib0700] = "LICENSE.dib0700"
-NO_GENERIC_LICENSE[Firmware-e100] = "LICENCE.e100"
-NO_GENERIC_LICENSE[Firmware-ene_firmware] = "LICENCE.ene_firmware"
-NO_GENERIC_LICENSE[Firmware-fw_sst_0f28] = "LICENCE.fw_sst_0f28"
-NO_GENERIC_LICENSE[Firmware-go7007] = "LICENCE.go7007"
-NO_GENERIC_LICENSE[Firmware-GPLv2] = "GPL-2"
-NO_GENERIC_LICENSE[Firmware-hfi1_firmware] = "LICENSE.hfi1_firmware"
-NO_GENERIC_LICENSE[Firmware-i915] = "LICENSE.i915"
-NO_GENERIC_LICENSE[Firmware-ibt_firmware] = "LICENCE.ibt_firmware"
-NO_GENERIC_LICENSE[Firmware-ice] = "LICENSE.ice"
-NO_GENERIC_LICENSE[Firmware-IntcSST2] = "LICENCE.IntcSST2"
-NO_GENERIC_LICENSE[Firmware-it913x] = "LICENCE.it913x"
-NO_GENERIC_LICENSE[Firmware-iwlwifi_firmware] = "LICENCE.iwlwifi_firmware"
-NO_GENERIC_LICENSE[Firmware-kaweth] = "LICENCE.kaweth"
-NO_GENERIC_LICENSE[Firmware-Lontium] = "LICENSE.Lontium"
-NO_GENERIC_LICENSE[Firmware-Marvell] = "LICENCE.Marvell"
-NO_GENERIC_LICENSE[Firmware-mediatek] = "LICENCE.mediatek"
-NO_GENERIC_LICENSE[Firmware-moxa] = "LICENCE.moxa"
-NO_GENERIC_LICENSE[Firmware-myri10ge_firmware] = "LICENCE.myri10ge_firmware"
-NO_GENERIC_LICENSE[Firmware-netronome] = "LICENCE.Netronome"
-NO_GENERIC_LICENSE[Firmware-nvidia] = "LICENCE.nvidia"
-NO_GENERIC_LICENSE[Firmware-OLPC] = "LICENCE.OLPC"
-NO_GENERIC_LICENSE[Firmware-ath9k-htc] = "LICENCE.open-ath9k-htc-firmware"
-NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw"
-NO_GENERIC_LICENSE[Firmware-qat] = "LICENCE.qat_firmware"
-NO_GENERIC_LICENSE[Firmware-qcom] = "LICENSE.qcom"
-NO_GENERIC_LICENSE[Firmware-qcom-yamato] = "LICENSE.qcom_yamato"
-NO_GENERIC_LICENSE[Firmware-qla1280] = "LICENCE.qla1280"
-NO_GENERIC_LICENSE[Firmware-qla2xxx] = "LICENCE.qla2xxx"
-NO_GENERIC_LICENSE[Firmware-qualcommAthos_ar3k] = "LICENSE.QualcommAtheros_ar3k"
-NO_GENERIC_LICENSE[Firmware-qualcommAthos_ath10k] = "LICENSE.QualcommAtheros_ath10k"
-NO_GENERIC_LICENSE[Firmware-r8a779x_usb3] = "LICENCE.r8a779x_usb3"
-NO_GENERIC_LICENSE[Firmware-radeon] = "LICENSE.radeon"
-NO_GENERIC_LICENSE[Firmware-ralink_a_mediatek_company_firmware] = "LICENCE.ralink_a_mediatek_company_firmware"
-NO_GENERIC_LICENSE[Firmware-ralink-firmware] = "LICENCE.ralink-firmware.txt"
-NO_GENERIC_LICENSE[Firmware-rtlwifi_firmware] = "LICENCE.rtlwifi_firmware.txt"
-NO_GENERIC_LICENSE[Firmware-siano] = "LICENCE.siano"
-NO_GENERIC_LICENSE[Firmware-imx-sdma_firmware] = "LICENSE.sdma_firmware"
-NO_GENERIC_LICENSE[Firmware-ti-connectivity] = "LICENCE.ti-connectivity"
-NO_GENERIC_LICENSE[Firmware-ti-keystone] = "LICENCE.ti-keystone"
-NO_GENERIC_LICENSE[Firmware-ueagle-atm4-firmware] = "LICENCE.ueagle-atm4-firmware"
-NO_GENERIC_LICENSE[Firmware-via_vt6656] = "LICENCE.via_vt6656"
-NO_GENERIC_LICENSE[Firmware-wl1251] = "LICENCE.wl1251"
-NO_GENERIC_LICENSE[Firmware-xc4000] = "LICENCE.xc4000"
-NO_GENERIC_LICENSE[Firmware-xc5000] = "LICENCE.xc5000"
-NO_GENERIC_LICENSE[Firmware-xc5000c] = "LICENCE.xc5000c"
-NO_GENERIC_LICENSE[WHENCE] = "WHENCE"
-
-PE = "1"
-
-SRC_URI = "\
-  ${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz \
-"
-
-BBCLASSEXTEND = "devupstream:target"
-SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git;protocol=https;branch=main"
-# Pin this to the 20220509 release, override this in local.conf
-SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
-
-SRC_URI[sha256sum] = "6e3d9e8d52cffc4ec0dbe8533a8445328e0524a20f159a5b61c2706f983ce38a"
-
-inherit allarch
-
-CLEANBROKEN = "1"
-
-do_compile() {
-	:
-}
-
-do_install() {
-        oe_runmake 'DESTDIR=${D}' 'FIRMWAREDIR=${nonarch_base_libdir}/firmware' install
-        cp GPL-2 LICEN[CS]E.* WHENCE ${D}${nonarch_base_libdir}/firmware/
-}
-
-
-PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
-             ${PN}-mt7601u-license ${PN}-mt7601u \
-             ${PN}-radeon-license ${PN}-radeon \
-             ${PN}-marvell-license ${PN}-pcie8897 ${PN}-pcie8997 \
-             ${PN}-sd8686 ${PN}-sd8688 ${PN}-sd8787 ${PN}-sd8797 ${PN}-sd8801 \
-             ${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \
-             ${PN}-ti-connectivity-license ${PN}-wlcommon ${PN}-wl12xx ${PN}-wl18xx \
-             ${PN}-vt6656-license ${PN}-vt6656 \
-             ${PN}-rs9113 ${PN}-rs9116 \
-             ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \
-             ${PN}-rtl8168 \
-             ${PN}-cypress-license \
-             ${PN}-broadcom-license \
-             ${PN}-bcm-0bb4-0306 \
-             ${PN}-bcm43143 \
-             ${PN}-bcm43236b \
-             ${PN}-bcm43241b0 \
-             ${PN}-bcm43241b4 \
-             ${PN}-bcm43241b5 \
-             ${PN}-bcm43242a \
-             ${PN}-bcm4329 \
-             ${PN}-bcm4329-fullmac \
-             ${PN}-bcm4330 \
-             ${PN}-bcm4334 \
-             ${PN}-bcm43340 \
-             ${PN}-bcm4335 \
-             ${PN}-bcm43362 \
-             ${PN}-bcm4339 \
-             ${PN}-bcm43430 \
-             ${PN}-bcm43430a0 \
-             ${PN}-bcm43455 \
-             ${PN}-bcm4350 \
-             ${PN}-bcm4350c2 \
-             ${PN}-bcm4354 \
-             ${PN}-bcm4356 \
-             ${PN}-bcm4356-pcie \
-             ${PN}-bcm43569 \
-             ${PN}-bcm43570 \
-             ${PN}-bcm4358 \
-             ${PN}-bcm43602 \
-             ${PN}-bcm4366b \
-             ${PN}-bcm4366c \
-             ${PN}-bcm4371 \
-             ${PN}-bcm4373 \
-             ${PN}-bcm43xx \
-             ${PN}-bcm43xx-hdr \
-             ${PN}-atheros-license ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k \
-             ${PN}-gplv2-license ${PN}-carl9170 \
-             ${PN}-ar3k-license ${PN}-ar3k ${PN}-ath10k-license ${PN}-ath10k ${PN}-ath11k ${PN}-qca \
-             \
-             ${PN}-imx-sdma-license ${PN}-imx-sdma-imx6q ${PN}-imx-sdma-imx7d \
-             \
-             ${PN}-iwlwifi-license ${PN}-iwlwifi \
-             ${PN}-iwlwifi-135-6 \
-             ${PN}-iwlwifi-3160-7 ${PN}-iwlwifi-3160-8 ${PN}-iwlwifi-3160-9 \
-             ${PN}-iwlwifi-3160-10 ${PN}-iwlwifi-3160-12 ${PN}-iwlwifi-3160-13 \
-             ${PN}-iwlwifi-3160-16 ${PN}-iwlwifi-3160-17 \
-             ${PN}-iwlwifi-6000-4 ${PN}-iwlwifi-6000g2a-5 ${PN}-iwlwifi-6000g2a-6 \
-             ${PN}-iwlwifi-6000g2b-5 ${PN}-iwlwifi-6000g2b-6 \
-             ${PN}-iwlwifi-6050-4 ${PN}-iwlwifi-6050-5 \
-             ${PN}-iwlwifi-7260 \
-             ${PN}-iwlwifi-7265 \
-             ${PN}-iwlwifi-7265d ${PN}-iwlwifi-8000c ${PN}-iwlwifi-8265 \
-             ${PN}-iwlwifi-9000 \
-             ${PN}-iwlwifi-misc \
-             ${PN}-ibt-license ${PN}-ibt \
-             ${PN}-ibt-11-5 ${PN}-ibt-12-16 ${PN}-ibt-hw-37-7 ${PN}-ibt-hw-37-8 \
-             ${PN}-ibt-17 \
-             ${PN}-ibt-20 \
-             ${PN}-ibt-misc \
-             ${PN}-i915-license ${PN}-i915 \
-             ${PN}-ice-license ${PN}-ice \
-             ${PN}-adsp-sst-license ${PN}-adsp-sst \
-             ${PN}-bnx2-mips \
-             ${PN}-liquidio \
-             ${PN}-nvidia-license \
-             ${PN}-nvidia-tegra-k1 ${PN}-nvidia-tegra \
-             ${PN}-nvidia-gpu \
-             ${PN}-netronome-license ${PN}-netronome \
-             ${PN}-qat ${PN}-qat-license \
-             ${PN}-qcom-license ${PN}-qcom-yamato-license \
-             ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \
-             ${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \
-             ${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \
-             ${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 \
-             ${PN}-qcom-apq8096-audio ${PN}-qcom-apq8096-modem \
-             ${PN}-qcom-sc8280xp-lenovo-x13s-compat \
-             ${PN}-qcom-sc8280xp-lenovo-x13s-audio \
-             ${PN}-qcom-sc8280xp-lenovo-x13s-adreno \
-             ${PN}-qcom-sc8280xp-lenovo-x13s-compute \
-             ${PN}-qcom-sc8280xp-lenovo-x13s-sensors \
-             ${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \
-             ${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \
-             ${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \
-             ${PN}-lt9611uxc ${PN}-lontium-license \
-             ${PN}-whence-license \
-             ${PN}-license \
-             "
-
-# For atheros
-LICENSE_${PN}-ar9170 = "Firmware-atheros_firmware"
-LICENSE_${PN}-ath6k = "Firmware-atheros_firmware"
-LICENSE_${PN}-ath9k = "Firmware-atheros_firmware"
-LICENSE_${PN}-atheros-license = "Firmware-atheros_firmware"
-
-FILES_${PN}-atheros-license = "${nonarch_base_libdir}/firmware/LICENCE.atheros_firmware"
-FILES_${PN}-ar9170 = " \
-  ${nonarch_base_libdir}/firmware/ar9170*.fw \
-"
-FILES_${PN}-ath6k = " \
-  ${nonarch_base_libdir}/firmware/ath6k \
-"
-FILES_${PN}-ath9k = " \
-  ${nonarch_base_libdir}/firmware/ar9271.fw \
-  ${nonarch_base_libdir}/firmware/ar7010*.fw \
-  ${nonarch_base_libdir}/firmware/htc_9271.fw \
-  ${nonarch_base_libdir}/firmware/htc_7010.fw \
-  ${nonarch_base_libdir}/firmware/ath9k_htc/htc_7010-1.4.0.fw \
-  ${nonarch_base_libdir}/firmware/ath9k_htc/htc_9271-1.4.0.fw \
-"
-
-RDEPENDS_${PN}-ar9170 += "${PN}-atheros-license"
-RDEPENDS_${PN}-ath6k += "${PN}-atheros-license"
-RDEPENDS_${PN}-ath9k += "${PN}-atheros-license"
-
-# For carl9170
-LICENSE_${PN}-carl9170 = "Firmware-GPLv2"
-LICENSE_${PN}-gplv2-license = "Firmware-GPLv2"
-
-FILES_${PN}-gplv2-license = "${nonarch_base_libdir}/firmware/GPL-2"
-FILES_${PN}-carl9170 = " \
-  ${nonarch_base_libdir}/firmware/carl9170*.fw \
-"
-
-RDEPENDS_${PN}-carl9170 += "${PN}-gplv2-license"
-
-# For QualCommAthos
-LICENSE_${PN}-ar3k = "Firmware-qualcommAthos_ar3k & Firmware-atheros_firmware"
-LICENSE_${PN}-ar3k-license = "Firmware-qualcommAthos_ar3k"
-LICENSE_${PN}-ath10k = "Firmware-qualcommAthos_ath10k"
-LICENSE_${PN}-ath10k-license = "Firmware-qualcommAthos_ath10k"
-LICENSE_${PN}-qca = "Firmware-qualcommAthos_ath10k"
-
-FILES_${PN}-ar3k-license = "${nonarch_base_libdir}/firmware/LICENSE.QualcommAtheros_ar3k"
-FILES_${PN}-ar3k = " \
-  ${nonarch_base_libdir}/firmware/ar3k \
-"
-
-FILES_${PN}-ath10k-license = "${nonarch_base_libdir}/firmware/LICENSE.QualcommAtheros_ath10k"
-FILES_${PN}-ath10k = " \
-  ${nonarch_base_libdir}/firmware/ath10k \
-"
-
-FILES_${PN}-ath11k = " \
-  ${nonarch_base_libdir}/firmware/ath11k \
-"
-
-FILES_${PN}-qca = " \
-  ${nonarch_base_libdir}/firmware/qca \
-"
-
-RDEPENDS_${PN}-ar3k += "${PN}-ar3k-license ${PN}-atheros-license"
-RDEPENDS_${PN}-ath10k += "${PN}-ath10k-license"
-RDEPENDS_${PN}-ath11k += "${PN}-ath10k-license"
-RDEPENDS_${PN}-qca += "${PN}-ath10k-license"
-
-# For ralink
-LICENSE_${PN}-ralink = "Firmware-ralink-firmware"
-LICENSE_${PN}-ralink-license = "Firmware-ralink-firmware"
-
-FILES_${PN}-ralink-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink-firmware.txt"
-FILES_${PN}-ralink = " \
-  ${nonarch_base_libdir}/firmware/rt*.bin \
-"
-
-RDEPENDS_${PN}-ralink += "${PN}-ralink-license"
-
-# For mediatek MT7601U
-LICENSE_${PN}-mt7601u = "Firmware-ralink_a_mediatek_company_firmware"
-LICENSE_${PN}-mt7601u-license = "Firmware-ralink_a_mediatek_company_firmware"
-
-FILES_${PN}-mt7601u-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware"
-FILES_${PN}-mt7601u = " \
-  ${nonarch_base_libdir}/firmware/mt7601u.bin \
-"
-
-RDEPENDS_${PN}-mt7601u += "${PN}-mt7601u-license"
-
-# For radeon
-LICENSE_${PN}-radeon = "Firmware-radeon"
-LICENSE_${PN}-radeon-license = "Firmware-radeon"
-
-FILES_${PN}-radeon-license = "${nonarch_base_libdir}/firmware/LICENSE.radeon"
-FILES_${PN}-radeon = " \
-  ${nonarch_base_libdir}/firmware/radeon \
-"
-
-RDEPENDS_${PN}-radeon += "${PN}-radeon-license"
-
-# For lontium
-LICENSE_${PN}-lt9611uxc = "Firmware-Lontium"
-
-FILES_${PN}-lontium-license = "${nonarch_base_libdir}/firmware/LICENSE.Lontium"
-FILES_${PN}-lt9611uxc = "${nonarch_base_libdir}/firmware/lt9611uxc_fw.bin"
-
-# For marvell
-LICENSE_${PN}-pcie8897 = "Firmware-Marvell"
-LICENSE_${PN}-pcie8997 = "Firmware-Marvell"
-LICENSE_${PN}-sd8686 = "Firmware-Marvell"
-LICENSE_${PN}-sd8688 = "Firmware-Marvell"
-LICENSE_${PN}-sd8787 = "Firmware-Marvell"
-LICENSE_${PN}-sd8797 = "Firmware-Marvell"
-LICENSE_${PN}-sd8801 = "Firmware-Marvell"
-LICENSE_${PN}-sd8887 = "Firmware-Marvell"
-LICENSE_${PN}-sd8897 = "Firmware-Marvell"
-LICENSE_${PN}-sd8997 = "Firmware-Marvell"
-LICENSE_${PN}-usb8997 = "Firmware-Marvell"
-LICENSE_${PN}-marvell-license = "Firmware-Marvell"
-
-FILES_${PN}-marvell-license = "${nonarch_base_libdir}/firmware/LICENCE.Marvell"
-FILES_${PN}-pcie8897 = " \
-  ${nonarch_base_libdir}/firmware/mrvl/pcie8897_uapsta.bin \
-"
-FILES_${PN}-pcie8997 = " \
-  ${nonarch_base_libdir}/firmware/mrvl/pcie8997_wlan_v4.bin \
-  ${nonarch_base_libdir}/firmware/mrvl/pcieuart8997_combo_v4.bin \
-  ${nonarch_base_libdir}/firmware/mrvl/pcieusb8997_combo_v4.bin \
-"
-FILES_${PN}-sd8686 = " \
-  ${nonarch_base_libdir}/firmware/libertas/sd8686_v9* \
-  ${nonarch_base_libdir}/firmware/sd8686* \
-"
-FILES_${PN}-sd8688 = " \
-  ${nonarch_base_libdir}/firmware/libertas/sd8688* \
-  ${nonarch_base_libdir}/firmware/mrvl/sd8688* \
-"
-FILES_${PN}-sd8787 = " \
-  ${nonarch_base_libdir}/firmware/mrvl/sd8787_uapsta.bin \
-"
-FILES_${PN}-sd8797 = " \
-  ${nonarch_base_libdir}/firmware/mrvl/sd8797_uapsta.bin \
-"
-FILES_${PN}-sd8801 = " \
-  ${nonarch_base_libdir}/firmware/mrvl/sd8801_uapsta.bin \
-"
-FILES_${PN}-sd8887 = " \
-  ${nonarch_base_libdir}/firmware/mrvl/sd8887_uapsta.bin \
-"
-FILES_${PN}-sd8897 = " \
-  ${nonarch_base_libdir}/firmware/mrvl/sd8897_uapsta.bin \
-"
-do_install_append() {
-    # The kernel 5.6.x driver still uses the old name, provide a symlink for
-    # older kernels
-    ln -fs sdsd8997_combo_v4.bin ${D}${nonarch_base_libdir}/firmware/mrvl/sd8997_uapsta.bin
-}
-FILES_${PN}-sd8997 = " \
-  ${nonarch_base_libdir}/firmware/mrvl/sd8997_uapsta.bin \
-  ${nonarch_base_libdir}/firmware/mrvl/sdsd8997_combo_v4.bin \
-"
-FILES_${PN}-usb8997 = " \
-  ${nonarch_base_libdir}/firmware/mrvl/usbusb8997_combo_v4.bin \
-"
-
-RDEPENDS_${PN}-sd8686 += "${PN}-marvell-license"
-RDEPENDS_${PN}-sd8688 += "${PN}-marvell-license"
-RDEPENDS_${PN}-sd8787 += "${PN}-marvell-license"
-RDEPENDS_${PN}-sd8797 += "${PN}-marvell-license"
-RDEPENDS_${PN}-sd8801 += "${PN}-marvell-license"
-RDEPENDS_${PN}-sd8887 += "${PN}-marvell-license"
-RDEPENDS_${PN}-sd8897 += "${PN}-marvell-license"
-RDEPENDS_${PN}-sd8997 += "${PN}-marvell-license"
-RDEPENDS_${PN}-usb8997 += "${PN}-marvell-license"
-
-# For netronome
-LICENSE_${PN}-netronome = "Firmware-netronome"
-
-FILES_${PN}-netronome-license = " \
-  ${nonarch_base_libdir}/firmware/LICENCE.Netronome \
-"
-FILES_${PN}-netronome = " \
-  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0081*.nffw \
-  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0096*.nffw \
-  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0097*.nffw \
-  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0099*.nffw \
-  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0058-0011_2x40.nffw \
-  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0058-0012_2x40.nffw \
-  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0078-0011_1x100.nffw \
-  ${nonarch_base_libdir}/firmware/netronome/bpf \
-  ${nonarch_base_libdir}/firmware/netronome/flower \
-  ${nonarch_base_libdir}/firmware/netronome/nic \
-  ${nonarch_base_libdir}/firmware/netronome/nic-sriov \
-"
-
-RDEPENDS_${PN}-netronome += "${PN}-netronome-license"
-
-# For Nvidia
-LICENSE_${PN}-nvidia-gpu = "Firmware-nvidia"
-LICENSE_${PN}-nvidia-tegra = "Firmware-nvidia"
-LICENSE_${PN}-nvidia-tegra-k1 = "Firmware-nvidia"
-LICENSE_${PN}-nvidia-license = "Firmware-nvidia"
-
-FILES_${PN}-nvidia-gpu = "${nonarch_base_libdir}/firmware/nvidia"
-FILES_${PN}-nvidia-tegra = " \
-  ${nonarch_base_libdir}/firmware/nvidia/tegra* \
-  ${nonarch_base_libdir}/firmware/nvidia/gm20b \
-  ${nonarch_base_libdir}/firmware/nvidia/gp10b \
-"
-FILES_${PN}-nvidia-tegra-k1 = " \
-  ${nonarch_base_libdir}/firmware/nvidia/tegra124 \
-  ${nonarch_base_libdir}/firmware/nvidia/gk20a \
-"
-FILES_${PN}-nvidia-license = "${nonarch_base_libdir}/firmware/LICENCE.nvidia"
-
-RDEPENDS_${PN}-nvidia-gpu += "${PN}-nvidia-license"
-RDEPENDS_${PN}-nvidia-tegra += "${PN}-nvidia-license"
-RDEPENDS_${PN}-nvidia-tegra-k1 += "${PN}-nvidia-license"
-
-# For RSI RS911x WiFi
-LICENSE_${PN}-rs9113 = "WHENCE"
-LICENSE_${PN}-rs9116 = "WHENCE"
-
-FILES_${PN}-rs9113 = " ${nonarch_base_libdir}/firmware/rsi/rs9113*.rps "
-FILES_${PN}-rs9116 = " ${nonarch_base_libdir}/firmware/rsi/rs9116*.rps "
-
-RDEPENDS_${PN}-rs9113 += "${PN}-whence-license"
-RDEPENDS_${PN}-rs9116 += "${PN}-whence-license"
-
-# For rtl
-LICENSE_${PN}-rtl8188 = "Firmware-rtlwifi_firmware"
-LICENSE_${PN}-rtl8192cu = "Firmware-rtlwifi_firmware"
-LICENSE_${PN}-rtl8192ce = "Firmware-rtlwifi_firmware"
-LICENSE_${PN}-rtl8192su = "Firmware-rtlwifi_firmware"
-LICENSE_${PN}-rtl8723 = "Firmware-rtlwifi_firmware"
-LICENSE_${PN}-rtl8821 = "Firmware-rtlwifi_firmware"
-LICENSE_${PN}-rtl-license = "Firmware-rtlwifi_firmware"
-LICENSE_${PN}-rtl8168 = "WHENCE"
-
-FILES_${PN}-rtl-license = " \
-  ${nonarch_base_libdir}/firmware/LICENCE.rtlwifi_firmware.txt \
-"
-FILES_${PN}-rtl8188 = " \
-  ${nonarch_base_libdir}/firmware/rtlwifi/rtl8188*.bin \
-"
-FILES_${PN}-rtl8192cu = " \
-  ${nonarch_base_libdir}/firmware/rtlwifi/rtl8192cufw*.bin \
-"
-FILES_${PN}-rtl8192ce = " \
-  ${nonarch_base_libdir}/firmware/rtlwifi/rtl8192cfw*.bin \
-"
-FILES_${PN}-rtl8192su = " \
-  ${nonarch_base_libdir}/firmware/rtlwifi/rtl8712u.bin \
-"
-FILES_${PN}-rtl8723 = " \
-  ${nonarch_base_libdir}/firmware/rtlwifi/rtl8723*.bin \
-"
-FILES_${PN}-rtl8821 = " \
-  ${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \
-"
-FILES_${PN}-rtl8168 = " \
-  ${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \
-"
-
-RDEPENDS_${PN}-rtl8188 += "${PN}-rtl-license"
-RDEPENDS_${PN}-rtl8192ce += "${PN}-rtl-license"
-RDEPENDS_${PN}-rtl8192cu += "${PN}-rtl-license"
-RDEPENDS_${PN}-rtl8192su = "${PN}-rtl-license"
-RDEPENDS_${PN}-rtl8723 += "${PN}-rtl-license"
-RDEPENDS_${PN}-rtl8821 += "${PN}-rtl-license"
-RDEPENDS_${PN}-rtl8168 += "${PN}-whence-license"
-
-# For ti-connectivity
-LICENSE_${PN}-wlcommon = "Firmware-ti-connectivity"
-LICENSE_${PN}-wl12xx = "Firmware-ti-connectivity"
-LICENSE_${PN}-wl18xx = "Firmware-ti-connectivity"
-LICENSE_${PN}-ti-connectivity-license = "Firmware-ti-connectivity"
-
-FILES_${PN}-ti-connectivity-license = "${nonarch_base_libdir}/firmware/LICENCE.ti-connectivity"
-# wl18xx optionally needs wl1271-nvs.bin (which itself is a symlink to
-# wl127x-nvs.bin) - see linux/drivers/net/wireless/ti/wlcore/sdio.c
-# and drivers/net/wireless/ti/wlcore/spi.c.
-# While they're optional and actually only used to override the MAC
-# address on wl18xx, driver loading will delay (by udev timout - 60s)
-# if not there. So let's make it available always. Because it's a
-# symlink, both need to go to wlcommon.
-FILES_${PN}-wlcommon = " \
-  ${nonarch_base_libdir}/firmware/ti-connectivity/TI* \
-  ${nonarch_base_libdir}/firmware/ti-connectivity/wl127x-nvs.bin \
-  ${nonarch_base_libdir}/firmware/ti-connectivity/wl1271-nvs.bin \
-"
-FILES_${PN}-wl12xx = " \
-  ${nonarch_base_libdir}/firmware/ti-connectivity/wl12* \
-"
-FILES_${PN}-wl18xx = " \
-  ${nonarch_base_libdir}/firmware/ti-connectivity/wl18* \
-"
-
-RDEPENDS_${PN}-wl12xx = "${PN}-ti-connectivity-license ${PN}-wlcommon"
-RDEPENDS_${PN}-wl18xx = "${PN}-ti-connectivity-license ${PN}-wlcommon"
-
-# For vt6656
-LICENSE_${PN}-vt6656 = "Firmware-via_vt6656"
-LICENSE_${PN}-vt6656-license = "Firmware-via_vt6656"
-
-FILES_${PN}-vt6656-license = "${nonarch_base_libdir}/firmware/LICENCE.via_vt6656"
-FILES_${PN}-vt6656 = " \
-  ${nonarch_base_libdir}/firmware/vntwusb.fw \
-"
-
-RDEPENDS_${PN}-vt6656 = "${PN}-vt6656-license"
-
-# For broadcom
-
-# for i in `grep brcm WHENCE  | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e "             \${PN}-$pkg \\"; done  | sort -u
-
-LICENSE_${PN}-broadcom-license = "Firmware-broadcom_bcm43xx"
-FILES_${PN}-broadcom-license = "${nonarch_base_libdir}/firmware/LICENCE.broadcom_bcm43xx"
-
-# for i in `grep brcm WHENCE  | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo "$i - $pkg"; echo -e "FILES_\${PN}-$pkg = \"\${nonarch_base_libdir}/firmware/brcm/$i\""; done | grep ^FILES
-
-FILES_${PN}-bcm43xx = "${nonarch_base_libdir}/firmware/brcm/bcm43xx-0.fw"
-FILES_${PN}-bcm43xx-hdr = "${nonarch_base_libdir}/firmware/brcm/bcm43xx_hdr-0.fw"
-FILES_${PN}-bcm4329-fullmac = "${nonarch_base_libdir}/firmware/brcm/bcm4329-fullmac-4.bin"
-FILES_${PN}-bcm43236b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43236b.bin"
-FILES_${PN}-bcm4329 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4329-sdio.bin"
-FILES_${PN}-bcm4330 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4330-sdio.*"
-FILES_${PN}-bcm4334 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4334-sdio.bin"
-FILES_${PN}-bcm4335 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4335-sdio.bin"
-FILES_${PN}-bcm4339 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4339-sdio.bin \
-  ${nonarch_base_libdir}/firmware/cypress/cyfmac4339-sdio.bin \
-"
-FILES_${PN}-bcm43241b0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b0-sdio.bin"
-FILES_${PN}-bcm43241b4 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b4-sdio.bin"
-FILES_${PN}-bcm43241b5 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b5-sdio.bin"
-FILES_${PN}-bcm43242a = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43242a.bin"
-FILES_${PN}-bcm43143 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43143.bin \
-  ${nonarch_base_libdir}/firmware/brcm/brcmfmac43143-sdio.bin \
-"
-FILES_${PN}-bcm43430a0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430a0-sdio.*"
-FILES_${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.* \
-  ${nonarch_base_libdir}/firmware/cypress/cyfmac43455-sdio.* \
-"
-FILES_${PN}-bcm4350c2 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350c2-pcie.bin"
-FILES_${PN}-bcm4350 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350-pcie.bin"
-FILES_${PN}-bcm4356 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-sdio.* \
-  ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-sdio.* \
-"
-FILES_${PN}-bcm43569 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43569.bin"
-FILES_${PN}-bcm43570 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43570-pcie.bin \
-  ${nonarch_base_libdir}/firmware/cypress/cyfmac43570-pcie.bin \
-"
-FILES_${PN}-bcm4358 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4358-pcie.bin"
-FILES_${PN}-bcm43602 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.bin \
-  ${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.ap.bin \
-"
-FILES_${PN}-bcm4366b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366b-pcie.bin"
-FILES_${PN}-bcm4366c = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366c-pcie.bin"
-FILES_${PN}-bcm4371 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4371-pcie.bin"
-
-# for i in `grep brcm WHENCE  | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e "LICENSE_\${PN}-$pkg = \"Firmware-broadcom_bcm43xx\"\nRDEPENDS_\${PN}-$pkg += \"\${PN}-broadcom-license\""; done
-# Currently 1st one and last 6 have cypress LICENSE
-
-LICENSE_${PN}-bcm43xx = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm43xx += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm43xx-hdr = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm43xx-hdr += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm4329-fullmac = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm4329-fullmac += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm43236b = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm43236b += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm4329 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm4329 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm4330 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm4330 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm4334 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm4334 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm4335 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm4335 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm4339 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm4339 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm43241b0 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm43241b0 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm43241b4 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm43241b4 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm43241b5 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm43241b5 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm43242a = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm43242a += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm43143 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm43143 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm43430a0 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm43430a0 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm43455 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm43455 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm4350c2 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm4350c2 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm4350 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm4350 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm4356 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm4356 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm43569 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm43569 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm43570 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm43570 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm4358 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm4358 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm43602 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm43602 += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm4366b = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm4366b += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm4366c = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm4366c += "${PN}-broadcom-license"
-LICENSE_${PN}-bcm4371 = "Firmware-broadcom_bcm43xx"
-RDEPENDS_${PN}-bcm4371 += "${PN}-broadcom-license"
-
-# For broadcom cypress
-
-LICENSE_${PN}-cypress-license = "Firmware-cypress"
-FILES_${PN}-cypress-license = "${nonarch_base_libdir}/firmware/LICENCE.cypress"
-
-FILES_${PN}-bcm-0bb4-0306 = "${nonarch_base_libdir}/firmware/brcm/BCM-0bb4-0306.hcd"
-FILES_${PN}-bcm43340 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.* \
-  ${nonarch_base_libdir}/firmware/cypress/cyfmac43340-sdio.*"
-FILES_${PN}-bcm43362 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.* \
-  ${nonarch_base_libdir}/firmware/cypress/cyfmac43362-sdio.*"
-FILES_${PN}-bcm43430 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.* \
-  ${nonarch_base_libdir}/firmware/cypress/cyfmac43430-sdio.*"
-FILES_${PN}-bcm4354 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4354-sdio.bin \
-  ${nonarch_base_libdir}/firmware/cypress/cyfmac4354-sdio.bin \
-"
-FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pcie.* \
-  ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-pcie.* \
-"
-FILES_${PN}-bcm4373 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.bin \
-  ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373.bin \
-  ${nonarch_base_libdir}/firmware/cypress/cyfmac4373-sdio.bin \
-  ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.clm_blob \
-"
-
-LICENSE_${PN}-bcm-0bb4-0306 = "Firmware-cypress"
-RDEPENDS_${PN}-bcm-0bb4-0306 += "${PN}-cypress-license"
-LICENSE_${PN}-bcm43340 = "Firmware-cypress"
-RDEPENDS_${PN}-bcm43340 += "${PN}-cypress-license"
-LICENSE_${PN}-bcm43362 = "Firmware-cypress"
-RDEPENDS_${PN}-bcm43362 += "${PN}-cypress-license"
-LICENSE_${PN}-bcm43430 = "Firmware-cypress"
-RDEPENDS_${PN}-bcm43430 += "${PN}-cypress-license"
-LICENSE_${PN}-bcm4354 = "Firmware-cypress"
-RDEPENDS_${PN}-bcm4354 += "${PN}-cypress-license"
-LICENSE_${PN}-bcm4356-pcie = "Firmware-cypress"
-RDEPENDS_${PN}-bcm4356-pcie += "${PN}-cypress-license"
-LICENSE_${PN}-bcm4373 = "Firmware-cypress"
-RDEPENDS_${PN}-bcm4373 += "${PN}-cypress-license"
-
-# For Broadcom bnx2-mips
-#
-# which is a separate case to the other Broadcom firmwares since its
-# license is contained in the shared WHENCE file.
-
-LICENSE_${PN}-bnx2-mips = "WHENCE"
-LICENSE_${PN}-whence-license = "WHENCE"
-
-FILES_${PN}-bnx2-mips = "${nonarch_base_libdir}/firmware/bnx2/bnx2-mips-09-6.2.1b.fw"
-FILES_${PN}-whence-license = "${nonarch_base_libdir}/firmware/WHENCE"
-
-RDEPENDS_${PN}-bnx2-mips += "${PN}-whence-license"
-
-# For imx-sdma
-LICENSE_${PN}-imx-sdma-imx6q       = "Firmware-imx-sdma_firmware"
-LICENSE_${PN}-imx-sdma-imx7d       = "Firmware-imx-sdma_firmware"
-LICENSE_${PN}-imx-sdma-license       = "Firmware-imx-sdma_firmware"
-
-FILES_${PN}-imx-sdma-imx6q = "${nonarch_base_libdir}/firmware/imx/sdma/sdma-imx6q.bin"
-
-RPROVIDES_${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q"
-RREPLACES_${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q"
-RCONFLICTS_${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q"
-
-FILES_${PN}-imx-sdma-imx7d = "${nonarch_base_libdir}/firmware/imx/sdma/sdma-imx7d.bin"
-
-FILES_${PN}-imx-sdma-license = "${nonarch_base_libdir}/firmware/LICENSE.sdma_firmware"
-
-RDEPENDS_${PN}-imx-sdma-imx6q += "${PN}-imx-sdma-license"
-RDEPENDS_${PN}-imx-sdma-imx7d += "${PN}-imx-sdma-license"
-
-# For iwlwifi
-LICENSE_${PN}-iwlwifi           = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-135-6     = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-3160-7    = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-3160-8    = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-3160-9    = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-3160-10   = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-3160-12   = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-3160-13   = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-3160-16   = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-3160-17   = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-6000-4    = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-6000g2a-5 = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-6000g2a-6 = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-6000g2b-5 = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-6000g2b-6 = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-6050-4    = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-6050-5    = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-7260      = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-7265      = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-7265d     = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-8000c     = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-8265      = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-9000      = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-misc      = "Firmware-iwlwifi_firmware"
-LICENSE_${PN}-iwlwifi-license   = "Firmware-iwlwifi_firmware"
-
-
-FILES_${PN}-iwlwifi-license = "${nonarch_base_libdir}/firmware/LICENCE.iwlwifi_firmware"
-FILES_${PN}-iwlwifi-135-6 = "${nonarch_base_libdir}/firmware/iwlwifi-135-6.ucode"
-FILES_${PN}-iwlwifi-3160-7 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-7.ucode"
-FILES_${PN}-iwlwifi-3160-8 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-8.ucode"
-FILES_${PN}-iwlwifi-3160-9 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-9.ucode"
-FILES_${PN}-iwlwifi-3160-10 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-10.ucode"
-FILES_${PN}-iwlwifi-3160-12 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-12.ucode"
-FILES_${PN}-iwlwifi-3160-13 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-13.ucode"
-FILES_${PN}-iwlwifi-3160-16 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-16.ucode"
-FILES_${PN}-iwlwifi-3160-17 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-17.ucode"
-FILES_${PN}-iwlwifi-6000-4 = "${nonarch_base_libdir}/firmware/iwlwifi-6000-4.ucode"
-FILES_${PN}-iwlwifi-6000g2a-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2a-5.ucode"
-FILES_${PN}-iwlwifi-6000g2a-6 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2a-6.ucode"
-FILES_${PN}-iwlwifi-6000g2b-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2b-5.ucode"
-FILES_${PN}-iwlwifi-6000g2b-6 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2b-6.ucode"
-FILES_${PN}-iwlwifi-6050-4 = "${nonarch_base_libdir}/firmware/iwlwifi-6050-4.ucode"
-FILES_${PN}-iwlwifi-6050-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6050-5.ucode"
-FILES_${PN}-iwlwifi-7260   = "${nonarch_base_libdir}/firmware/iwlwifi-7260-*.ucode"
-FILES_${PN}-iwlwifi-7265   = "${nonarch_base_libdir}/firmware/iwlwifi-7265-*.ucode"
-FILES_${PN}-iwlwifi-7265d   = "${nonarch_base_libdir}/firmware/iwlwifi-7265D-*.ucode"
-FILES_${PN}-iwlwifi-8000c   = "${nonarch_base_libdir}/firmware/iwlwifi-8000C-*.ucode"
-FILES_${PN}-iwlwifi-8265   = "${nonarch_base_libdir}/firmware/iwlwifi-8265-*.ucode"
-FILES_${PN}-iwlwifi-9000   = "${nonarch_base_libdir}/firmware/iwlwifi-9000-*.ucode"
-FILES_${PN}-iwlwifi-misc   = "${nonarch_base_libdir}/firmware/iwlwifi-*.ucode"
-
-RDEPENDS_${PN}-iwlwifi-135-6     = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-3160-7    = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-3160-8    = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-3160-9    = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-3160-10   = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-3160-12   = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-3160-13   = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-3160-16   = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-3160-17   = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-6000-4    = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-6000g2a-5 = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-6000g2a-6 = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-6000g2b-5 = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-6000g2b-6 = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-6050-4    = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-6050-5    = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-7260      = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-7265      = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-7265d     = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-8000c     = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-8265      = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-9000      = "${PN}-iwlwifi-license"
-RDEPENDS_${PN}-iwlwifi-misc      = "${PN}-iwlwifi-license"
-
-# -iwlwifi-misc is a "catch all" package that includes all the iwlwifi
-# firmwares that are not already included in other -iwlwifi- packages.
-# -iwlwifi is a virtual package that depends upon all iwlwifi packages.
-# These are distinct in order to allow the -misc firmwares to be installed
-# without pulling in every other iwlwifi package.
-ALLOW_EMPTY_${PN}-iwlwifi = "1"
-ALLOW_EMPTY_${PN}-iwlwifi-misc = "1"
-
-# Handle package updating for the newly merged iwlwifi groupings
-RPROVIDES_${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9"
-RREPLACES_${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9"
-RCONFLICTS_${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9"
-
-RPROVIDES_${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9"
-RREPLACES_${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9"
-RCONFLICTS_${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9"
-
-# For ibt
-LICENSE_${PN}-ibt-license = "Firmware-ibt_firmware"
-LICENSE_${PN}-ibt-hw-37-7 = "Firmware-ibt_firmware"
-LICENSE_${PN}-ibt-hw-37-8 = "Firmware-ibt_firmware"
-LICENSE_${PN}-ibt-11-5    = "Firmware-ibt_firmware"
-LICENSE_${PN}-ibt-12-16   = "Firmware-ibt_firmware"
-LICENSE_${PN}-ibt-17 = "Firmware-ibt_firmware"
-LICENSE_${PN}-ibt-20 = "Firmware-ibt_firmware"
-LICENSE_${PN}-ibt-misc    = "Firmware-ibt_firmware"
-
-FILES_${PN}-ibt-license = "${nonarch_base_libdir}/firmware/LICENCE.ibt_firmware"
-FILES_${PN}-ibt-hw-37-7 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.7*.bseq"
-FILES_${PN}-ibt-hw-37-8 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.8*.bseq"
-FILES_${PN}-ibt-11-5    = "${nonarch_base_libdir}/firmware/intel/ibt-11-5.sfi ${nonarch_base_libdir}/firmware/intel/ibt-11-5.ddc"
-FILES_${PN}-ibt-12-16   = "${nonarch_base_libdir}/firmware/intel/ibt-12-16.sfi ${nonarch_base_libdir}/firmware/intel/ibt-12-16.ddc"
-FILES_${PN}-ibt-17 = "${nonarch_base_libdir}/firmware/intel/ibt-17-*.sfi ${nonarch_base_libdir}/firmware/intel/ibt-17-*.ddc"
-FILES_${PN}-ibt-20 = "${nonarch_base_libdir}/firmware/intel/ibt-20-*.sfi ${nonarch_base_libdir}/firmware/intel/ibt-20-*.ddc"
-FILES_${PN}-ibt-misc    = "${nonarch_base_libdir}/firmware/intel/ibt-*"
-
-RDEPENDS_${PN}-ibt-hw-37-7 = "${PN}-ibt-license"
-RDEPENDS_${PN}-ibt-hw-37.8 = "${PN}-ibt-license"
-RDEPENDS_${PN}-ibt-11-5    = "${PN}-ibt-license"
-RDEPENDS_${PN}-ibt-12-16   = "${PN}-ibt-license"
-RDEPENDS_${PN}-ibt-17 = "${PN}-ibt-license"
-RDEPENDS_${PN}-ibt-20 = "${PN}-ibt-license"
-RDEPENDS_${PN}-ibt-misc    = "${PN}-ibt-license"
-
-ALLOW_EMPTY_${PN}-ibt= "1"
-ALLOW_EMPTY_${PN}-ibt-misc = "1"
-
-LICENSE_${PN}-i915       = "Firmware-i915"
-LICENSE_${PN}-i915-license = "Firmware-i915"
-FILES_${PN}-i915-license = "${nonarch_base_libdir}/firmware/LICENSE.i915"
-FILES_${PN}-i915         = "${nonarch_base_libdir}/firmware/i915"
-RDEPENDS_${PN}-i915      = "${PN}-i915-license"
-
-LICENSE_${PN}-ice       = "Firmware-ice"
-LICENSE_${PN}-ice-license = "Firmware-ice"
-FILES_${PN}-ice-license = "${nonarch_base_libdir}/firmware/LICENSE.ice"
-FILES_${PN}-ice         = "${nonarch_base_libdir}/firmware/intel/ice"
-RDEPENDS_${PN}-ice      = "${PN}-ice-license"
-
-FILES_${PN}-adsp-sst-license      = "${nonarch_base_libdir}/firmware/LICENCE.adsp_sst"
-LICENSE_${PN}-adsp-sst            = "Firmware-adsp_sst"
-LICENSE_${PN}-adsp-sst-license    = "Firmware-adsp_sst"
-FILES_${PN}-adsp-sst              = "${nonarch_base_libdir}/firmware/intel/dsp_fw*"
-RDEPENDS_${PN}-adsp-sst           = "${PN}-adsp-sst-license"
-
-# For QAT
-LICENSE_${PN}-qat         = "Firmware-qat"
-LICENSE_${PN}-qat-license = "Firmware-qat"
-FILES_${PN}-qat-license   = "${nonarch_base_libdir}/firmware/LICENCE.qat_firmware"
-FILES_${PN}-qat           = "${nonarch_base_libdir}/firmware/qat*.bin"
-RDEPENDS_${PN}-qat        = "${PN}-qat-license"
-
-# For QCOM VPU/GPU and SDM845
-LICENSE_${PN}-qcom-license = "Firmware-qcom"
-LICENSE_${PN}-qcom-yamato-license = "Firmware-qcom-yamato"
-LICENSE_${PN}-qcom-venus-1.8 = "Firmware-qcom"
-LICENSE_${PN}-qcom-venus-4.2 = "Firmware-qcom"
-LICENSE_${PN}-qcom-venus-5.2 = "Firmware-qcom"
-LICENSE_${PN}-qcom-venus-5.4 = "Firmware-qcom"
-LICENSE_${PN}-qcom-vpu-1.0 = "Firmware-qcom"
-LICENSE_${PN}-qcom-vpu-2.0 = "Firmware-qcom"
-LICENSE_${PN}-qcom-adreno-a2xx = "Firmware-qcom Firmware-qcom-yamato"
-LICENSE_${PN}-qcom-adreno-a3xx = "Firmware-qcom"
-LICENSE_${PN}-qcom-adreno-a4xx = "Firmware-qcom"
-LICENSE_${PN}-qcom-adreno-a530 = "Firmware-qcom"
-LICENSE_${PN}-qcom-adreno-a630 = "Firmware-qcom"
-LICENSE_${PN}-qcom-adreno-a650 = "Firmware-qcom"
-LICENSE_${PN}-qcom-adreno-a660 = "Firmware-qcom"
-LICENSE_${PN}-qcom-apq8096-audio = "Firmware-qcom"
-LICENSE_${PN}-qcom-apq8096-modem = "Firmware-qcom"
-LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-audio = "Firmware-qcom"
-LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "Firmware-qcom"
-LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-compute = "Firmware-qcom"
-LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "Firmware-qcom"
-LICENSE_${PN}-qcom-sdm845-audio = "Firmware-qcom"
-LICENSE_${PN}-qcom-sdm845-compute = "Firmware-qcom"
-LICENSE_${PN}-qcom-sdm845-modem = "Firmware-qcom"
-LICENSE_${PN}-qcom-sm8250-audio = "Firmware-qcom"
-LICENSE_${PN}-qcom-sm8250-compute = "Firmware-qcom"
-
-FILES_${PN}-qcom-license   = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt"
-FILES_${PN}-qcom-yamato-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom_yamato"
-FILES_${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*"
-FILES_${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*"
-FILES_${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*"
-FILES_${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*"
-FILES_${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*"
-FILES_${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*"
-FILES_${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw ${nonarch_base_libdir}/firmware/qcom/yamato_*.fw"
-FILES_${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a3*_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw"
-FILES_${PN}-qcom-adreno-a4xx = "${nonarch_base_libdir}/firmware/qcom/a4*_*.fw"
-FILES_${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*"
-FILES_${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*"
-FILES_${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*"
-FILES_${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*"
-FILES_${PN}-qcom-apq8096-audio = "${nonarch_base_libdir}/firmware/qcom/apq8096/adsp*.*"
-FILES_${PN}-qcom-apq8096-modem = "${nonarch_base_libdir}/firmware/qcom/apq8096/mba.mbn ${nonarch_base_libdir}/firmware/qcom/apq8096/modem*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/wlanmdsp.mbn"
-FILES_${PN}-qcom-sc8280xp-lenovo-x13s-compat = "${nonarch_base_libdir}/firmware/qcom/LENOVO/21BX"
-FILES_${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*adsp*.* ${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/battmgr.jsn"
-FILES_${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/qcdxkmsuc8280.mbn"
-FILES_${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*cdsp*.*"
-FILES_${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*slpi*.*"
-FILES_${PN}-qcom-sdm845-audio = "${nonarch_base_libdir}/firmware/qcom/sdm845/adsp*.*"
-FILES_${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/cdsp*.*"
-FILES_${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn"
-FILES_${PN}-qcom-sm8250-audio = "${nonarch_base_libdir}/firmware/qcom/sm8250/adsp*.*"
-FILES_${PN}-qcom-sm8250-compute = "${nonarch_base_libdir}/firmware/qcom/sm8250/cdsp*.*"
-RDEPENDS_${PN}-qcom-venus-1.8 = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-venus-4.2 = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-venus-5.2 = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-venus-5.4 = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-vpu-1.0 = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-vpu-2.0 = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-adreno-a2xx = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-adreno-a2xx = "${PN}-qcom-license ${PN}-qcom-yamato-license"
-RDEPENDS_${PN}-qcom-adreno-a4xx = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-adreno-a530 = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-adreno-a630 = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-adreno-a650 = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-adreno-a660 = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-apq8096-audio = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-apq8096-modem = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-sdm845-audio = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-sdm845-compute = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-sdm845-modem = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-sm8250-audio = "${PN}-qcom-license"
-RDEPENDS_${PN}-qcom-sm8250-compute = "${PN}-qcom-license"
-
-RRECOMMENDS_${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${PN}-qcom-sc8280xp-lenovo-x13s-compat"
-RRECOMMENDS_${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${PN}-qcom-sc8280xp-lenovo-x13s-compat"
-RRECOMMENDS_${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${PN}-qcom-sc8280xp-lenovo-x13s-compat"
-RRECOMMENDS_${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${PN}-qcom-sc8280xp-lenovo-x13s-compat"
-
-FILES_${PN}-liquidio = "${nonarch_base_libdir}/firmware/liquidio"
-
-# For Amlogic VDEC
-LICENSE_${PN}-amlogic-vdec = "Firmware-amlogic_vdec"
-FILES_${PN}-amlogic-vdec-license = "${nonarch_base_libdir}/firmware/LICENSE.amlogic_vdec"
-FILES_${PN}-amlogic-vdec = "${nonarch_base_libdir}/firmware/meson/vdec/*"
-RDEPENDS_${PN}-amlogic-vdec = "${PN}-amlogic-vdec-license"
-
-# For other firmwares
-# Maybe split out to separate packages when needed.
-LICENSE_${PN} = "\
-    Firmware-Abilis \
-    & Firmware-agere \
-    & Firmware-amdgpu \
-    & Firmware-amd-ucode \
-    & Firmware-amlogic_vdec \
-    & Firmware-atmel \
-    & Firmware-ca0132 \
-    & Firmware-cavium \
-    & Firmware-chelsio_firmware \
-    & Firmware-cw1200 \
-    & Firmware-dib0700 \
-    & Firmware-e100 \
-    & Firmware-ene_firmware \
-    & Firmware-fw_sst_0f28 \
-    & Firmware-go7007 \
-    & Firmware-hfi1_firmware \
-    & Firmware-ibt_firmware \
-    & Firmware-it913x \
-    & Firmware-IntcSST2 \
-    & Firmware-kaweth \
-    & Firmware-moxa \
-    & Firmware-myri10ge_firmware \
-    & Firmware-nvidia \
-    & Firmware-OLPC \
-    & Firmware-ath9k-htc \
-    & Firmware-phanfw \
-    & Firmware-qat \
-    & Firmware-qcom \
-    & Firmware-qla1280 \
-    & Firmware-qla2xxx \
-    & Firmware-r8a779x_usb3 \
-    & Firmware-radeon \
-    & Firmware-ralink_a_mediatek_company_firmware \
-    & Firmware-ralink-firmware \
-    & Firmware-imx-sdma_firmware \
-    & Firmware-siano \
-    & Firmware-ti-connectivity \
-    & Firmware-ti-keystone \
-    & Firmware-ueagle-atm4-firmware \
-    & Firmware-wl1251 \
-    & Firmware-xc4000 \
-    & Firmware-xc5000 \
-    & Firmware-xc5000c \
-    & WHENCE \
-"
-
-FILES_${PN}-license += "${nonarch_base_libdir}/firmware/LICEN*"
-FILES_${PN} += "${nonarch_base_libdir}/firmware/*"
-RDEPENDS_${PN} += "${PN}-license"
-RDEPENDS_${PN} += "${PN}-whence-license"
-
-# Make linux-firmware depend on all of the split-out packages.
-# Make linux-firmware-iwlwifi depend on all of the split-out iwlwifi packages.
-# Make linux-firmware-ibt depend on all of the split-out ibt packages.
-python populate_packages_prepend () {
-    firmware_pkgs = oe.utils.packages_filter_out_system(d)
-    d.appendVar('RRECOMMENDS_linux-firmware', ' ' + ' '.join(firmware_pkgs))
-
-    iwlwifi_pkgs = filter(lambda x: x.find('-iwlwifi-') != -1, firmware_pkgs)
-    d.appendVar('RRECOMMENDS_linux-firmware-iwlwifi', ' ' + ' '.join(iwlwifi_pkgs))
-
-    ibt_pkgs = filter(lambda x: x.find('-ibt-') != -1, firmware_pkgs)
-    d.appendVar('RRECOMMENDS_linux-firmware-ibt', ' ' + ' '.join(ibt_pkgs))
-}
-
-# Firmware files are generally not ran on the CPU, so they can be
-# allarch despite being architecture specific
-INSANE_SKIP = "arch"
-
-# Don't warn about already stripped files
-INSANE_SKIP:${PN} = "already-stripped"
diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230404.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230404.bb
new file mode 100644
index 0000000000..9ac70b2a3a
--- /dev/null
+++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230404.bb
@@ -0,0 +1,1131 @@
+SUMMARY = "Firmware files for use with Linux kernel"
+HOMEPAGE = "https://www.kernel.org/"
+DESCRIPTION = "Linux firmware is a package distributed alongside the Linux kernel \
+that contains firmware binary blobs necessary for partial or full functionality \
+of certain hardware devices."
+SECTION = "kernel"
+
+LICENSE = "\
+    Firmware-Abilis \
+    & Firmware-adsp_sst \
+    & Firmware-agere \
+    & Firmware-amdgpu \
+    & Firmware-amd-ucode \
+    & Firmware-amlogic_vdec \
+    & Firmware-atheros_firmware \
+    & Firmware-atmel \
+    & Firmware-broadcom_bcm43xx \
+    & Firmware-ca0132 \
+    & Firmware-cavium \
+    & Firmware-chelsio_firmware \
+    & Firmware-cw1200 \
+    & Firmware-cypress \
+    & Firmware-dib0700 \
+    & Firmware-e100 \
+    & Firmware-ene_firmware \
+    & Firmware-fw_sst_0f28 \
+    & Firmware-go7007 \
+    & Firmware-GPLv2 \
+    & Firmware-hfi1_firmware \
+    & Firmware-i915 \
+    & Firmware-ibt_firmware \
+    & Firmware-ice \
+    & Firmware-it913x \
+    & Firmware-iwlwifi_firmware \
+    & Firmware-IntcSST2 \
+    & Firmware-kaweth \
+    & Firmware-Lontium \
+    & Firmware-Marvell \
+    & Firmware-moxa \
+    & Firmware-myri10ge_firmware \
+    & Firmware-netronome \
+    & Firmware-nvidia \
+    & Firmware-OLPC \
+    & Firmware-ath9k-htc \
+    & Firmware-phanfw \
+    & Firmware-qat \
+    & Firmware-qcom \
+    & Firmware-qcom-yamato \
+    & Firmware-qla1280 \
+    & Firmware-qla2xxx \
+    & Firmware-qualcommAthos_ar3k \
+    & Firmware-qualcommAthos_ath10k \
+    & Firmware-r8a779x_usb3 \
+    & Firmware-radeon \
+    & Firmware-ralink_a_mediatek_company_firmware \
+    & Firmware-ralink-firmware \
+    & Firmware-rtlwifi_firmware \
+    & Firmware-imx-sdma_firmware \
+    & Firmware-siano \
+    & Firmware-ti-connectivity \
+    & Firmware-ti-keystone \
+    & Firmware-ueagle-atm4-firmware \
+    & Firmware-via_vt6656 \
+    & Firmware-wl1251 \
+    & Firmware-xc4000 \
+    & Firmware-xc5000 \
+    & Firmware-xc5000c \
+    & WHENCE \
+"
+
+LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
+                    file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
+                    file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
+                    file://LICENSE.amdgpu;md5=a2589a05ea5b6bd2b7f4f623c7e7a649 \
+                    file://LICENSE.amd-ucode;md5=6ca90c57f7b248de1e25c7f68ffc4698 \
+                    file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \
+                    file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \
+                    file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \
+                    file://LICENCE.broadcom_bcm43xx;md5=3160c14df7228891b868060e1951dfbc \
+                    file://LICENCE.ca0132;md5=209b33e66ee5be0461f13d31da392198 \
+                    file://LICENCE.cadence;md5=009f46816f6956cfb75ede13d3e1cee0 \
+                    file://LICENCE.cavium;md5=c37aaffb1ebe5939b2580d073a95daea \
+                    file://LICENCE.chelsio_firmware;md5=819aa8c3fa453f1b258ed8d168a9d903 \
+                    file://LICENCE.cw1200;md5=f0f770864e7a8444a5c5aa9d12a3a7ed \
+                    file://LICENCE.cypress;md5=48cd9436c763bf873961f9ed7b5c147b \
+                    file://LICENSE.dib0700;md5=f7411825c8a555a1a3e5eab9ca773431 \
+                    file://LICENCE.e100;md5=ec0f84136766df159a3ae6d02acdf5a8 \
+                    file://LICENCE.ene_firmware;md5=ed67f0f62f8f798130c296720b7d3921 \
+                    file://LICENCE.fw_sst_0f28;md5=6353931c988ad52818ae733ac61cd293 \
+                    file://LICENCE.go7007;md5=c0bb9f6aaaba55b0529ee9b30aa66beb \
+                    file://GPL-2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+                    file://LICENSE.hfi1_firmware;md5=5e7b6e586ce7339d12689e49931ad444 \
+                    file://LICENSE.i915;md5=2b0b2e0d20984affd4490ba2cba02570 \
+                    file://LICENCE.ibt_firmware;md5=fdbee1ddfe0fb7ab0b2fcd6b454a366b \
+                    file://LICENSE.ice;md5=742ab4850f2670792940e6d15c974b2f \
+                    file://LICENCE.IntcSST2;md5=9e7d8bea77612d7cc7d9e9b54b623062 \
+                    file://LICENCE.it913x;md5=1fbf727bfb6a949810c4dbfa7e6ce4f8 \
+                    file://LICENCE.iwlwifi_firmware;md5=2ce6786e0fc11ac6e36b54bb9b799f1b \
+                    file://LICENCE.kaweth;md5=b1d876e562f4b3b8d391ad8395dfe03f \
+                    file://LICENSE.Lontium;md5=4ec8dc582ff7295f39e2ca6a7b0be2b6 \
+                    file://LICENCE.Marvell;md5=28b6ed8bd04ba105af6e4dcd6e997772 \
+                    file://LICENCE.mediatek;md5=7c1976b63217d76ce47d0a11d8a79cf2 \
+                    file://LICENCE.moxa;md5=1086614767d8ccf744a923289d3d4261 \
+                    file://LICENCE.myri10ge_firmware;md5=42e32fb89f6b959ca222e25ac8df8fed \
+                    file://LICENCE.Netronome;md5=4add08f2577086d44447996503cddf5f \
+                    file://LICENCE.nvidia;md5=4428a922ed3ba2ceec95f076a488ce07 \
+                    file://LICENCE.NXP;md5=58bb8ba632cd729b9ba6183bc6aed36f \
+                    file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \
+                    file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \
+                    file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \
+                    file://LICENCE.qat_firmware;md5=72de83dfd9b87be7685ed099a39fbea4 \
+                    file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \
+                    file://LICENSE.qcom_yamato;md5=d0de0eeccaf1843a850bf7a6777eec5c \
+                    file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \
+                    file://LICENCE.qla2xxx;md5=505855e921b75f1be4a437ad9b79dff0 \
+                    file://LICENSE.QualcommAtheros_ar3k;md5=b5fe244fb2b532311de1472a3bc06da5 \
+                    file://LICENSE.QualcommAtheros_ath10k;md5=cb42b686ee5f5cb890275e4321db60a8 \
+                    file://LICENCE.r8a779x_usb3;md5=4c1671656153025d7076105a5da7e498 \
+                    file://LICENSE.radeon;md5=68ec28bacb3613200bca44f404c69b16 \
+                    file://LICENCE.ralink_a_mediatek_company_firmware;md5=728f1a85fd53fd67fa8d7afb080bc435 \
+                    file://LICENCE.ralink-firmware.txt;md5=ab2c269277c45476fb449673911a2dfd \
+                    file://LICENCE.rtlwifi_firmware.txt;md5=00d06cfd3eddd5a2698948ead2ad54a5 \
+                    file://LICENSE.sdma_firmware;md5=51e8c19ecc2270f4b8ea30341ad63ce9 \
+                    file://LICENCE.siano;md5=4556c1bf830067f12ca151ad953ec2a5 \
+                    file://LICENCE.ti-connectivity;md5=c5e02be633f1499c109d1652514d85ec \
+                    file://LICENCE.ti-keystone;md5=3a86335d32864b0bef996bee26cc0f2c \
+                    file://LICENCE.ueagle-atm4-firmware;md5=4ed7ea6b507ccc583b9d594417714118 \
+                    file://LICENCE.via_vt6656;md5=e4159694cba42d4377a912e78a6e850f \
+                    file://LICENCE.wl1251;md5=ad3f81922bb9e197014bb187289d3b5b \
+                    file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
+                    file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
+                    file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
+                    file://WHENCE;md5=${WHENCE_CHKSUM} \
+                    "
+# WHENCE checksum is defined separately to ease overriding it if
+# class-devupstream is selected.
+WHENCE_CHKSUM  = "0782deea054d4b1b7f10c92c3a245da4"
+
+# These are not common licenses, set NO_GENERIC_LICENSE for them
+# so that the license files will be copied from fetched source
+NO_GENERIC_LICENSE[Firmware-Abilis] = "LICENCE.Abilis"
+NO_GENERIC_LICENSE[Firmware-adsp_sst] = "LICENCE.adsp_sst"
+NO_GENERIC_LICENSE[Firmware-agere] = "LICENCE.agere"
+NO_GENERIC_LICENSE[Firmware-amdgpu] = "LICENSE.amdgpu"
+NO_GENERIC_LICENSE[Firmware-amd-ucode] = "LICENSE.amd-ucode"
+NO_GENERIC_LICENSE[Firmware-amlogic_vdec] = "LICENSE.amlogic_vdec"
+NO_GENERIC_LICENSE[Firmware-atheros_firmware] = "LICENCE.atheros_firmware"
+NO_GENERIC_LICENSE[Firmware-atmel] = "LICENSE.atmel"
+NO_GENERIC_LICENSE[Firmware-broadcom_bcm43xx] = "LICENCE.broadcom_bcm43xx"
+NO_GENERIC_LICENSE[Firmware-ca0132] = "LICENCE.ca0132"
+NO_GENERIC_LICENSE[Firmware-cadence] = "LICENCE.cadence"
+NO_GENERIC_LICENSE[Firmware-cavium] = "LICENCE.cavium"
+NO_GENERIC_LICENSE[Firmware-chelsio_firmware] = "LICENCE.chelsio_firmware"
+NO_GENERIC_LICENSE[Firmware-cw1200] = "LICENCE.cw1200"
+NO_GENERIC_LICENSE[Firmware-cypress] = "LICENCE.cypress"
+NO_GENERIC_LICENSE[Firmware-dib0700] = "LICENSE.dib0700"
+NO_GENERIC_LICENSE[Firmware-e100] = "LICENCE.e100"
+NO_GENERIC_LICENSE[Firmware-ene_firmware] = "LICENCE.ene_firmware"
+NO_GENERIC_LICENSE[Firmware-fw_sst_0f28] = "LICENCE.fw_sst_0f28"
+NO_GENERIC_LICENSE[Firmware-go7007] = "LICENCE.go7007"
+NO_GENERIC_LICENSE[Firmware-GPLv2] = "GPL-2"
+NO_GENERIC_LICENSE[Firmware-hfi1_firmware] = "LICENSE.hfi1_firmware"
+NO_GENERIC_LICENSE[Firmware-i915] = "LICENSE.i915"
+NO_GENERIC_LICENSE[Firmware-ibt_firmware] = "LICENCE.ibt_firmware"
+NO_GENERIC_LICENSE[Firmware-ice] = "LICENSE.ice"
+NO_GENERIC_LICENSE[Firmware-IntcSST2] = "LICENCE.IntcSST2"
+NO_GENERIC_LICENSE[Firmware-it913x] = "LICENCE.it913x"
+NO_GENERIC_LICENSE[Firmware-iwlwifi_firmware] = "LICENCE.iwlwifi_firmware"
+NO_GENERIC_LICENSE[Firmware-kaweth] = "LICENCE.kaweth"
+NO_GENERIC_LICENSE[Firmware-Lontium] = "LICENSE.Lontium"
+NO_GENERIC_LICENSE[Firmware-Marvell] = "LICENCE.Marvell"
+NO_GENERIC_LICENSE[Firmware-mediatek] = "LICENCE.mediatek"
+NO_GENERIC_LICENSE[Firmware-moxa] = "LICENCE.moxa"
+NO_GENERIC_LICENSE[Firmware-myri10ge_firmware] = "LICENCE.myri10ge_firmware"
+NO_GENERIC_LICENSE[Firmware-netronome] = "LICENCE.Netronome"
+NO_GENERIC_LICENSE[Firmware-nvidia] = "LICENCE.nvidia"
+NO_GENERIC_LICENSE[Firmware-OLPC] = "LICENCE.OLPC"
+NO_GENERIC_LICENSE[Firmware-ath9k-htc] = "LICENCE.open-ath9k-htc-firmware"
+NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw"
+NO_GENERIC_LICENSE[Firmware-qat] = "LICENCE.qat_firmware"
+NO_GENERIC_LICENSE[Firmware-qcom] = "LICENSE.qcom"
+NO_GENERIC_LICENSE[Firmware-qcom-yamato] = "LICENSE.qcom_yamato"
+NO_GENERIC_LICENSE[Firmware-qla1280] = "LICENCE.qla1280"
+NO_GENERIC_LICENSE[Firmware-qla2xxx] = "LICENCE.qla2xxx"
+NO_GENERIC_LICENSE[Firmware-qualcommAthos_ar3k] = "LICENSE.QualcommAtheros_ar3k"
+NO_GENERIC_LICENSE[Firmware-qualcommAthos_ath10k] = "LICENSE.QualcommAtheros_ath10k"
+NO_GENERIC_LICENSE[Firmware-r8a779x_usb3] = "LICENCE.r8a779x_usb3"
+NO_GENERIC_LICENSE[Firmware-radeon] = "LICENSE.radeon"
+NO_GENERIC_LICENSE[Firmware-ralink_a_mediatek_company_firmware] = "LICENCE.ralink_a_mediatek_company_firmware"
+NO_GENERIC_LICENSE[Firmware-ralink-firmware] = "LICENCE.ralink-firmware.txt"
+NO_GENERIC_LICENSE[Firmware-rtlwifi_firmware] = "LICENCE.rtlwifi_firmware.txt"
+NO_GENERIC_LICENSE[Firmware-siano] = "LICENCE.siano"
+NO_GENERIC_LICENSE[Firmware-imx-sdma_firmware] = "LICENSE.sdma_firmware"
+NO_GENERIC_LICENSE[Firmware-ti-connectivity] = "LICENCE.ti-connectivity"
+NO_GENERIC_LICENSE[Firmware-ti-keystone] = "LICENCE.ti-keystone"
+NO_GENERIC_LICENSE[Firmware-ueagle-atm4-firmware] = "LICENCE.ueagle-atm4-firmware"
+NO_GENERIC_LICENSE[Firmware-via_vt6656] = "LICENCE.via_vt6656"
+NO_GENERIC_LICENSE[Firmware-wl1251] = "LICENCE.wl1251"
+NO_GENERIC_LICENSE[Firmware-xc4000] = "LICENCE.xc4000"
+NO_GENERIC_LICENSE[Firmware-xc5000] = "LICENCE.xc5000"
+NO_GENERIC_LICENSE[Firmware-xc5000c] = "LICENCE.xc5000c"
+NO_GENERIC_LICENSE[WHENCE] = "WHENCE"
+
+PE = "1"
+
+SRC_URI = "\
+  ${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz \
+"
+
+BBCLASSEXTEND = "devupstream:target"
+SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git;protocol=https;branch=main"
+# Pin this to the 20220509 release, override this in local.conf
+SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
+
+SRC_URI[sha256sum] = "c3f9ad2bb5311cce2490f37a8052f836703d6936aabd840246b6576f1f71f607"
+
+inherit allarch
+
+CLEANBROKEN = "1"
+
+do_compile() {
+	:
+}
+
+do_install() {
+        oe_runmake 'DESTDIR=${D}' 'FIRMWAREDIR=${nonarch_base_libdir}/firmware' install
+        cp GPL-2 LICEN[CS]E.* WHENCE ${D}${nonarch_base_libdir}/firmware/
+}
+
+
+PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
+             ${PN}-mt7601u-license ${PN}-mt7601u \
+             ${PN}-radeon-license ${PN}-radeon \
+             ${PN}-marvell-license ${PN}-pcie8897 ${PN}-pcie8997 \
+             ${PN}-sd8686 ${PN}-sd8688 ${PN}-sd8787 ${PN}-sd8797 ${PN}-sd8801 \
+             ${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \
+             ${PN}-ti-connectivity-license ${PN}-wlcommon ${PN}-wl12xx ${PN}-wl18xx \
+             ${PN}-vt6656-license ${PN}-vt6656 \
+             ${PN}-rs9113 ${PN}-rs9116 \
+             ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \
+             ${PN}-rtl8168 \
+             ${PN}-cypress-license \
+             ${PN}-broadcom-license \
+             ${PN}-bcm-0bb4-0306 \
+             ${PN}-bcm43143 \
+             ${PN}-bcm43236b \
+             ${PN}-bcm43241b0 \
+             ${PN}-bcm43241b4 \
+             ${PN}-bcm43241b5 \
+             ${PN}-bcm43242a \
+             ${PN}-bcm4329 \
+             ${PN}-bcm4329-fullmac \
+             ${PN}-bcm4330 \
+             ${PN}-bcm4334 \
+             ${PN}-bcm43340 \
+             ${PN}-bcm4335 \
+             ${PN}-bcm43362 \
+             ${PN}-bcm4339 \
+             ${PN}-bcm43430 \
+             ${PN}-bcm43430a0 \
+             ${PN}-bcm43455 \
+             ${PN}-bcm4350 \
+             ${PN}-bcm4350c2 \
+             ${PN}-bcm4354 \
+             ${PN}-bcm4356 \
+             ${PN}-bcm4356-pcie \
+             ${PN}-bcm43569 \
+             ${PN}-bcm43570 \
+             ${PN}-bcm4358 \
+             ${PN}-bcm43602 \
+             ${PN}-bcm4366b \
+             ${PN}-bcm4366c \
+             ${PN}-bcm4371 \
+             ${PN}-bcm4373 \
+             ${PN}-bcm43xx \
+             ${PN}-bcm43xx-hdr \
+             ${PN}-atheros-license ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k \
+             ${PN}-gplv2-license ${PN}-carl9170 \
+             ${PN}-ar3k-license ${PN}-ar3k ${PN}-ath10k-license ${PN}-ath10k ${PN}-ath11k ${PN}-qca \
+             \
+             ${PN}-imx-sdma-license ${PN}-imx-sdma-imx6q ${PN}-imx-sdma-imx7d \
+             \
+             ${PN}-iwlwifi-license ${PN}-iwlwifi \
+             ${PN}-iwlwifi-135-6 \
+             ${PN}-iwlwifi-3160-7 ${PN}-iwlwifi-3160-8 ${PN}-iwlwifi-3160-9 \
+             ${PN}-iwlwifi-3160-10 ${PN}-iwlwifi-3160-12 ${PN}-iwlwifi-3160-13 \
+             ${PN}-iwlwifi-3160-16 ${PN}-iwlwifi-3160-17 \
+             ${PN}-iwlwifi-6000-4 ${PN}-iwlwifi-6000g2a-5 ${PN}-iwlwifi-6000g2a-6 \
+             ${PN}-iwlwifi-6000g2b-5 ${PN}-iwlwifi-6000g2b-6 \
+             ${PN}-iwlwifi-6050-4 ${PN}-iwlwifi-6050-5 \
+             ${PN}-iwlwifi-7260 \
+             ${PN}-iwlwifi-7265 \
+             ${PN}-iwlwifi-7265d ${PN}-iwlwifi-8000c ${PN}-iwlwifi-8265 \
+             ${PN}-iwlwifi-9000 \
+             ${PN}-iwlwifi-misc \
+             ${PN}-ibt-license ${PN}-ibt \
+             ${PN}-ibt-11-5 ${PN}-ibt-12-16 ${PN}-ibt-hw-37-7 ${PN}-ibt-hw-37-8 \
+             ${PN}-ibt-17 \
+             ${PN}-ibt-20 \
+             ${PN}-ibt-misc \
+             ${PN}-i915-license ${PN}-i915 \
+             ${PN}-ice-license ${PN}-ice \
+             ${PN}-adsp-sst-license ${PN}-adsp-sst \
+             ${PN}-bnx2-mips \
+             ${PN}-liquidio \
+             ${PN}-nvidia-license \
+             ${PN}-nvidia-tegra-k1 ${PN}-nvidia-tegra \
+             ${PN}-nvidia-gpu \
+             ${PN}-netronome-license ${PN}-netronome \
+             ${PN}-qat ${PN}-qat-license \
+             ${PN}-qcom-license ${PN}-qcom-yamato-license \
+             ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \
+             ${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \
+             ${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \
+             ${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 \
+             ${PN}-qcom-apq8096-audio ${PN}-qcom-apq8096-modem \
+             ${PN}-qcom-sc8280xp-lenovo-x13s-compat \
+             ${PN}-qcom-sc8280xp-lenovo-x13s-audio \
+             ${PN}-qcom-sc8280xp-lenovo-x13s-adreno \
+             ${PN}-qcom-sc8280xp-lenovo-x13s-compute \
+             ${PN}-qcom-sc8280xp-lenovo-x13s-sensors \
+             ${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \
+             ${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \
+             ${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \
+             ${PN}-lt9611uxc ${PN}-lontium-license \
+             ${PN}-whence-license \
+             ${PN}-license \
+             "
+
+# For atheros
+LICENSE_${PN}-ar9170 = "Firmware-atheros_firmware"
+LICENSE_${PN}-ath6k = "Firmware-atheros_firmware"
+LICENSE_${PN}-ath9k = "Firmware-atheros_firmware"
+LICENSE_${PN}-atheros-license = "Firmware-atheros_firmware"
+
+FILES_${PN}-atheros-license = "${nonarch_base_libdir}/firmware/LICENCE.atheros_firmware"
+FILES_${PN}-ar9170 = " \
+  ${nonarch_base_libdir}/firmware/ar9170*.fw \
+"
+FILES_${PN}-ath6k = " \
+  ${nonarch_base_libdir}/firmware/ath6k \
+"
+FILES_${PN}-ath9k = " \
+  ${nonarch_base_libdir}/firmware/ar9271.fw \
+  ${nonarch_base_libdir}/firmware/ar7010*.fw \
+  ${nonarch_base_libdir}/firmware/htc_9271.fw \
+  ${nonarch_base_libdir}/firmware/htc_7010.fw \
+  ${nonarch_base_libdir}/firmware/ath9k_htc/htc_7010-1.4.0.fw \
+  ${nonarch_base_libdir}/firmware/ath9k_htc/htc_9271-1.4.0.fw \
+"
+
+RDEPENDS_${PN}-ar9170 += "${PN}-atheros-license"
+RDEPENDS_${PN}-ath6k += "${PN}-atheros-license"
+RDEPENDS_${PN}-ath9k += "${PN}-atheros-license"
+
+# For carl9170
+LICENSE_${PN}-carl9170 = "Firmware-GPLv2"
+LICENSE_${PN}-gplv2-license = "Firmware-GPLv2"
+
+FILES_${PN}-gplv2-license = "${nonarch_base_libdir}/firmware/GPL-2"
+FILES_${PN}-carl9170 = " \
+  ${nonarch_base_libdir}/firmware/carl9170*.fw \
+"
+
+RDEPENDS_${PN}-carl9170 += "${PN}-gplv2-license"
+
+# For QualCommAthos
+LICENSE_${PN}-ar3k = "Firmware-qualcommAthos_ar3k & Firmware-atheros_firmware"
+LICENSE_${PN}-ar3k-license = "Firmware-qualcommAthos_ar3k"
+LICENSE_${PN}-ath10k = "Firmware-qualcommAthos_ath10k"
+LICENSE_${PN}-ath10k-license = "Firmware-qualcommAthos_ath10k"
+LICENSE_${PN}-qca = "Firmware-qualcommAthos_ath10k"
+
+FILES_${PN}-ar3k-license = "${nonarch_base_libdir}/firmware/LICENSE.QualcommAtheros_ar3k"
+FILES_${PN}-ar3k = " \
+  ${nonarch_base_libdir}/firmware/ar3k \
+"
+
+FILES_${PN}-ath10k-license = "${nonarch_base_libdir}/firmware/LICENSE.QualcommAtheros_ath10k"
+FILES_${PN}-ath10k = " \
+  ${nonarch_base_libdir}/firmware/ath10k \
+"
+
+FILES_${PN}-ath11k = " \
+  ${nonarch_base_libdir}/firmware/ath11k \
+"
+
+FILES_${PN}-qca = " \
+  ${nonarch_base_libdir}/firmware/qca \
+"
+
+RDEPENDS_${PN}-ar3k += "${PN}-ar3k-license ${PN}-atheros-license"
+RDEPENDS_${PN}-ath10k += "${PN}-ath10k-license"
+RDEPENDS_${PN}-ath11k += "${PN}-ath10k-license"
+RDEPENDS_${PN}-qca += "${PN}-ath10k-license"
+
+# For ralink
+LICENSE_${PN}-ralink = "Firmware-ralink-firmware"
+LICENSE_${PN}-ralink-license = "Firmware-ralink-firmware"
+
+FILES_${PN}-ralink-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink-firmware.txt"
+FILES_${PN}-ralink = " \
+  ${nonarch_base_libdir}/firmware/rt*.bin \
+"
+
+RDEPENDS_${PN}-ralink += "${PN}-ralink-license"
+
+# For mediatek MT7601U
+LICENSE_${PN}-mt7601u = "Firmware-ralink_a_mediatek_company_firmware"
+LICENSE_${PN}-mt7601u-license = "Firmware-ralink_a_mediatek_company_firmware"
+
+FILES_${PN}-mt7601u-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware"
+FILES_${PN}-mt7601u = " \
+  ${nonarch_base_libdir}/firmware/mt7601u.bin \
+"
+
+RDEPENDS_${PN}-mt7601u += "${PN}-mt7601u-license"
+
+# For radeon
+LICENSE_${PN}-radeon = "Firmware-radeon"
+LICENSE_${PN}-radeon-license = "Firmware-radeon"
+
+FILES_${PN}-radeon-license = "${nonarch_base_libdir}/firmware/LICENSE.radeon"
+FILES_${PN}-radeon = " \
+  ${nonarch_base_libdir}/firmware/radeon \
+"
+
+RDEPENDS_${PN}-radeon += "${PN}-radeon-license"
+
+# For lontium
+LICENSE_${PN}-lt9611uxc = "Firmware-Lontium"
+
+FILES_${PN}-lontium-license = "${nonarch_base_libdir}/firmware/LICENSE.Lontium"
+FILES_${PN}-lt9611uxc = "${nonarch_base_libdir}/firmware/lt9611uxc_fw.bin"
+
+# For marvell
+LICENSE_${PN}-pcie8897 = "Firmware-Marvell"
+LICENSE_${PN}-pcie8997 = "Firmware-Marvell"
+LICENSE_${PN}-sd8686 = "Firmware-Marvell"
+LICENSE_${PN}-sd8688 = "Firmware-Marvell"
+LICENSE_${PN}-sd8787 = "Firmware-Marvell"
+LICENSE_${PN}-sd8797 = "Firmware-Marvell"
+LICENSE_${PN}-sd8801 = "Firmware-Marvell"
+LICENSE_${PN}-sd8887 = "Firmware-Marvell"
+LICENSE_${PN}-sd8897 = "Firmware-Marvell"
+LICENSE_${PN}-sd8997 = "Firmware-Marvell"
+LICENSE_${PN}-usb8997 = "Firmware-Marvell"
+LICENSE_${PN}-marvell-license = "Firmware-Marvell"
+
+FILES_${PN}-marvell-license = "${nonarch_base_libdir}/firmware/LICENCE.Marvell"
+FILES_${PN}-pcie8897 = " \
+  ${nonarch_base_libdir}/firmware/mrvl/pcie8897_uapsta.bin \
+"
+FILES_${PN}-pcie8997 = " \
+  ${nonarch_base_libdir}/firmware/mrvl/pcie8997_wlan_v4.bin \
+  ${nonarch_base_libdir}/firmware/mrvl/pcieuart8997_combo_v4.bin \
+  ${nonarch_base_libdir}/firmware/mrvl/pcieusb8997_combo_v4.bin \
+"
+FILES_${PN}-sd8686 = " \
+  ${nonarch_base_libdir}/firmware/libertas/sd8686_v9* \
+  ${nonarch_base_libdir}/firmware/sd8686* \
+"
+FILES_${PN}-sd8688 = " \
+  ${nonarch_base_libdir}/firmware/libertas/sd8688* \
+  ${nonarch_base_libdir}/firmware/mrvl/sd8688* \
+"
+FILES_${PN}-sd8787 = " \
+  ${nonarch_base_libdir}/firmware/mrvl/sd8787_uapsta.bin \
+"
+FILES_${PN}-sd8797 = " \
+  ${nonarch_base_libdir}/firmware/mrvl/sd8797_uapsta.bin \
+"
+FILES_${PN}-sd8801 = " \
+  ${nonarch_base_libdir}/firmware/mrvl/sd8801_uapsta.bin \
+"
+FILES_${PN}-sd8887 = " \
+  ${nonarch_base_libdir}/firmware/mrvl/sd8887_uapsta.bin \
+"
+FILES_${PN}-sd8897 = " \
+  ${nonarch_base_libdir}/firmware/mrvl/sd8897_uapsta.bin \
+"
+do_install_append() {
+    # The kernel 5.6.x driver still uses the old name, provide a symlink for
+    # older kernels
+    ln -fs sdsd8997_combo_v4.bin ${D}${nonarch_base_libdir}/firmware/mrvl/sd8997_uapsta.bin
+}
+FILES_${PN}-sd8997 = " \
+  ${nonarch_base_libdir}/firmware/mrvl/sd8997_uapsta.bin \
+  ${nonarch_base_libdir}/firmware/mrvl/sdsd8997_combo_v4.bin \
+"
+FILES_${PN}-usb8997 = " \
+  ${nonarch_base_libdir}/firmware/mrvl/usbusb8997_combo_v4.bin \
+"
+
+RDEPENDS_${PN}-sd8686 += "${PN}-marvell-license"
+RDEPENDS_${PN}-sd8688 += "${PN}-marvell-license"
+RDEPENDS_${PN}-sd8787 += "${PN}-marvell-license"
+RDEPENDS_${PN}-sd8797 += "${PN}-marvell-license"
+RDEPENDS_${PN}-sd8801 += "${PN}-marvell-license"
+RDEPENDS_${PN}-sd8887 += "${PN}-marvell-license"
+RDEPENDS_${PN}-sd8897 += "${PN}-marvell-license"
+RDEPENDS_${PN}-sd8997 += "${PN}-marvell-license"
+RDEPENDS_${PN}-usb8997 += "${PN}-marvell-license"
+
+# For netronome
+LICENSE_${PN}-netronome = "Firmware-netronome"
+
+FILES_${PN}-netronome-license = " \
+  ${nonarch_base_libdir}/firmware/LICENCE.Netronome \
+"
+FILES_${PN}-netronome = " \
+  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0081*.nffw \
+  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0096*.nffw \
+  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0097*.nffw \
+  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0099*.nffw \
+  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0058-0011_2x40.nffw \
+  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0058-0012_2x40.nffw \
+  ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0078-0011_1x100.nffw \
+  ${nonarch_base_libdir}/firmware/netronome/bpf \
+  ${nonarch_base_libdir}/firmware/netronome/flower \
+  ${nonarch_base_libdir}/firmware/netronome/nic \
+  ${nonarch_base_libdir}/firmware/netronome/nic-sriov \
+"
+
+RDEPENDS_${PN}-netronome += "${PN}-netronome-license"
+
+# For Nvidia
+LICENSE_${PN}-nvidia-gpu = "Firmware-nvidia"
+LICENSE_${PN}-nvidia-tegra = "Firmware-nvidia"
+LICENSE_${PN}-nvidia-tegra-k1 = "Firmware-nvidia"
+LICENSE_${PN}-nvidia-license = "Firmware-nvidia"
+
+FILES_${PN}-nvidia-gpu = "${nonarch_base_libdir}/firmware/nvidia"
+FILES_${PN}-nvidia-tegra = " \
+  ${nonarch_base_libdir}/firmware/nvidia/tegra* \
+  ${nonarch_base_libdir}/firmware/nvidia/gm20b \
+  ${nonarch_base_libdir}/firmware/nvidia/gp10b \
+"
+FILES_${PN}-nvidia-tegra-k1 = " \
+  ${nonarch_base_libdir}/firmware/nvidia/tegra124 \
+  ${nonarch_base_libdir}/firmware/nvidia/gk20a \
+"
+FILES_${PN}-nvidia-license = "${nonarch_base_libdir}/firmware/LICENCE.nvidia"
+
+RDEPENDS_${PN}-nvidia-gpu += "${PN}-nvidia-license"
+RDEPENDS_${PN}-nvidia-tegra += "${PN}-nvidia-license"
+RDEPENDS_${PN}-nvidia-tegra-k1 += "${PN}-nvidia-license"
+
+# For RSI RS911x WiFi
+LICENSE_${PN}-rs9113 = "WHENCE"
+LICENSE_${PN}-rs9116 = "WHENCE"
+
+FILES_${PN}-rs9113 = " ${nonarch_base_libdir}/firmware/rsi/rs9113*.rps "
+FILES_${PN}-rs9116 = " ${nonarch_base_libdir}/firmware/rsi/rs9116*.rps "
+
+RDEPENDS_${PN}-rs9113 += "${PN}-whence-license"
+RDEPENDS_${PN}-rs9116 += "${PN}-whence-license"
+
+# For rtl
+LICENSE_${PN}-rtl8188 = "Firmware-rtlwifi_firmware"
+LICENSE_${PN}-rtl8192cu = "Firmware-rtlwifi_firmware"
+LICENSE_${PN}-rtl8192ce = "Firmware-rtlwifi_firmware"
+LICENSE_${PN}-rtl8192su = "Firmware-rtlwifi_firmware"
+LICENSE_${PN}-rtl8723 = "Firmware-rtlwifi_firmware"
+LICENSE_${PN}-rtl8821 = "Firmware-rtlwifi_firmware"
+LICENSE_${PN}-rtl-license = "Firmware-rtlwifi_firmware"
+LICENSE_${PN}-rtl8168 = "WHENCE"
+
+FILES_${PN}-rtl-license = " \
+  ${nonarch_base_libdir}/firmware/LICENCE.rtlwifi_firmware.txt \
+"
+FILES_${PN}-rtl8188 = " \
+  ${nonarch_base_libdir}/firmware/rtlwifi/rtl8188*.bin \
+"
+FILES_${PN}-rtl8192cu = " \
+  ${nonarch_base_libdir}/firmware/rtlwifi/rtl8192cufw*.bin \
+"
+FILES_${PN}-rtl8192ce = " \
+  ${nonarch_base_libdir}/firmware/rtlwifi/rtl8192cfw*.bin \
+"
+FILES_${PN}-rtl8192su = " \
+  ${nonarch_base_libdir}/firmware/rtlwifi/rtl8712u.bin \
+"
+FILES_${PN}-rtl8723 = " \
+  ${nonarch_base_libdir}/firmware/rtlwifi/rtl8723*.bin \
+"
+FILES_${PN}-rtl8821 = " \
+  ${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \
+"
+FILES_${PN}-rtl8168 = " \
+  ${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \
+"
+
+RDEPENDS_${PN}-rtl8188 += "${PN}-rtl-license"
+RDEPENDS_${PN}-rtl8192ce += "${PN}-rtl-license"
+RDEPENDS_${PN}-rtl8192cu += "${PN}-rtl-license"
+RDEPENDS_${PN}-rtl8192su = "${PN}-rtl-license"
+RDEPENDS_${PN}-rtl8723 += "${PN}-rtl-license"
+RDEPENDS_${PN}-rtl8821 += "${PN}-rtl-license"
+RDEPENDS_${PN}-rtl8168 += "${PN}-whence-license"
+
+# For ti-connectivity
+LICENSE_${PN}-wlcommon = "Firmware-ti-connectivity"
+LICENSE_${PN}-wl12xx = "Firmware-ti-connectivity"
+LICENSE_${PN}-wl18xx = "Firmware-ti-connectivity"
+LICENSE_${PN}-ti-connectivity-license = "Firmware-ti-connectivity"
+
+FILES_${PN}-ti-connectivity-license = "${nonarch_base_libdir}/firmware/LICENCE.ti-connectivity"
+# wl18xx optionally needs wl1271-nvs.bin (which itself is a symlink to
+# wl127x-nvs.bin) - see linux/drivers/net/wireless/ti/wlcore/sdio.c
+# and drivers/net/wireless/ti/wlcore/spi.c.
+# While they're optional and actually only used to override the MAC
+# address on wl18xx, driver loading will delay (by udev timout - 60s)
+# if not there. So let's make it available always. Because it's a
+# symlink, both need to go to wlcommon.
+FILES_${PN}-wlcommon = " \
+  ${nonarch_base_libdir}/firmware/ti-connectivity/TI* \
+  ${nonarch_base_libdir}/firmware/ti-connectivity/wl127x-nvs.bin \
+  ${nonarch_base_libdir}/firmware/ti-connectivity/wl1271-nvs.bin \
+"
+FILES_${PN}-wl12xx = " \
+  ${nonarch_base_libdir}/firmware/ti-connectivity/wl12* \
+"
+FILES_${PN}-wl18xx = " \
+  ${nonarch_base_libdir}/firmware/ti-connectivity/wl18* \
+"
+
+RDEPENDS_${PN}-wl12xx = "${PN}-ti-connectivity-license ${PN}-wlcommon"
+RDEPENDS_${PN}-wl18xx = "${PN}-ti-connectivity-license ${PN}-wlcommon"
+
+# For vt6656
+LICENSE_${PN}-vt6656 = "Firmware-via_vt6656"
+LICENSE_${PN}-vt6656-license = "Firmware-via_vt6656"
+
+FILES_${PN}-vt6656-license = "${nonarch_base_libdir}/firmware/LICENCE.via_vt6656"
+FILES_${PN}-vt6656 = " \
+  ${nonarch_base_libdir}/firmware/vntwusb.fw \
+"
+
+RDEPENDS_${PN}-vt6656 = "${PN}-vt6656-license"
+
+# For broadcom
+
+# for i in `grep brcm WHENCE  | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e "             \${PN}-$pkg \\"; done  | sort -u
+
+LICENSE_${PN}-broadcom-license = "Firmware-broadcom_bcm43xx"
+FILES_${PN}-broadcom-license = "${nonarch_base_libdir}/firmware/LICENCE.broadcom_bcm43xx"
+
+# for i in `grep brcm WHENCE  | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo "$i - $pkg"; echo -e "FILES_\${PN}-$pkg = \"\${nonarch_base_libdir}/firmware/brcm/$i\""; done | grep ^FILES
+
+FILES_${PN}-bcm43xx = "${nonarch_base_libdir}/firmware/brcm/bcm43xx-0.fw"
+FILES_${PN}-bcm43xx-hdr = "${nonarch_base_libdir}/firmware/brcm/bcm43xx_hdr-0.fw"
+FILES_${PN}-bcm4329-fullmac = "${nonarch_base_libdir}/firmware/brcm/bcm4329-fullmac-4.bin"
+FILES_${PN}-bcm43236b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43236b.bin"
+FILES_${PN}-bcm4329 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4329-sdio.bin"
+FILES_${PN}-bcm4330 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4330-sdio.*"
+FILES_${PN}-bcm4334 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4334-sdio.bin"
+FILES_${PN}-bcm4335 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4335-sdio.bin"
+FILES_${PN}-bcm4339 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4339-sdio.bin \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac4339-sdio.bin \
+"
+FILES_${PN}-bcm43241b0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b0-sdio.bin"
+FILES_${PN}-bcm43241b4 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b4-sdio.bin"
+FILES_${PN}-bcm43241b5 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b5-sdio.bin"
+FILES_${PN}-bcm43242a = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43242a.bin"
+FILES_${PN}-bcm43143 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43143.bin \
+  ${nonarch_base_libdir}/firmware/brcm/brcmfmac43143-sdio.bin \
+"
+FILES_${PN}-bcm43430a0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430a0-sdio.*"
+FILES_${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.* \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac43455-sdio.* \
+"
+FILES_${PN}-bcm4350c2 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350c2-pcie.bin"
+FILES_${PN}-bcm4350 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350-pcie.bin"
+FILES_${PN}-bcm4356 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-sdio.* \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-sdio.* \
+"
+FILES_${PN}-bcm43569 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43569.bin"
+FILES_${PN}-bcm43570 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43570-pcie.bin \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac43570-pcie.bin \
+"
+FILES_${PN}-bcm4358 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4358-pcie.bin"
+FILES_${PN}-bcm43602 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.bin \
+  ${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.ap.bin \
+"
+FILES_${PN}-bcm4366b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366b-pcie.bin"
+FILES_${PN}-bcm4366c = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366c-pcie.bin"
+FILES_${PN}-bcm4371 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4371-pcie.bin"
+
+# for i in `grep brcm WHENCE  | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e "LICENSE_\${PN}-$pkg = \"Firmware-broadcom_bcm43xx\"\nRDEPENDS_\${PN}-$pkg += \"\${PN}-broadcom-license\""; done
+# Currently 1st one and last 6 have cypress LICENSE
+
+LICENSE_${PN}-bcm43xx = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43xx += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43xx-hdr = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43xx-hdr += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4329-fullmac = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4329-fullmac += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43236b = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43236b += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4329 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4329 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4330 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4330 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4334 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4334 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4335 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4335 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4339 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4339 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43241b0 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43241b0 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43241b4 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43241b4 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43241b5 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43241b5 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43242a = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43242a += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43143 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43143 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43430a0 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43430a0 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43455 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43455 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4350c2 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4350c2 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4350 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4350 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4356 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4356 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43569 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43569 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43570 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43570 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4358 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4358 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43602 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43602 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4366b = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4366b += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4366c = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4366c += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4371 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4371 += "${PN}-broadcom-license"
+
+# For broadcom cypress
+
+LICENSE_${PN}-cypress-license = "Firmware-cypress"
+FILES_${PN}-cypress-license = "${nonarch_base_libdir}/firmware/LICENCE.cypress"
+
+FILES_${PN}-bcm-0bb4-0306 = "${nonarch_base_libdir}/firmware/brcm/BCM-0bb4-0306.hcd"
+FILES_${PN}-bcm43340 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.* \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac43340-sdio.*"
+FILES_${PN}-bcm43362 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.* \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac43362-sdio.*"
+FILES_${PN}-bcm43430 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.* \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac43430-sdio.*"
+FILES_${PN}-bcm4354 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4354-sdio.bin \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac4354-sdio.bin \
+"
+FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pcie.* \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-pcie.* \
+"
+FILES_${PN}-bcm4373 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.bin \
+  ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373.bin \
+  ${nonarch_base_libdir}/firmware/cypress/cyfmac4373-sdio.bin \
+  ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.clm_blob \
+"
+
+LICENSE_${PN}-bcm-0bb4-0306 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm-0bb4-0306 += "${PN}-cypress-license"
+LICENSE_${PN}-bcm43340 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm43340 += "${PN}-cypress-license"
+LICENSE_${PN}-bcm43362 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm43362 += "${PN}-cypress-license"
+LICENSE_${PN}-bcm43430 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm43430 += "${PN}-cypress-license"
+LICENSE_${PN}-bcm4354 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm4354 += "${PN}-cypress-license"
+LICENSE_${PN}-bcm4356-pcie = "Firmware-cypress"
+RDEPENDS_${PN}-bcm4356-pcie += "${PN}-cypress-license"
+LICENSE_${PN}-bcm4373 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm4373 += "${PN}-cypress-license"
+
+# For Broadcom bnx2-mips
+#
+# which is a separate case to the other Broadcom firmwares since its
+# license is contained in the shared WHENCE file.
+
+LICENSE_${PN}-bnx2-mips = "WHENCE"
+LICENSE_${PN}-whence-license = "WHENCE"
+
+FILES_${PN}-bnx2-mips = "${nonarch_base_libdir}/firmware/bnx2/bnx2-mips-09-6.2.1b.fw"
+FILES_${PN}-whence-license = "${nonarch_base_libdir}/firmware/WHENCE"
+
+RDEPENDS_${PN}-bnx2-mips += "${PN}-whence-license"
+
+# For imx-sdma
+LICENSE_${PN}-imx-sdma-imx6q       = "Firmware-imx-sdma_firmware"
+LICENSE_${PN}-imx-sdma-imx7d       = "Firmware-imx-sdma_firmware"
+LICENSE_${PN}-imx-sdma-license       = "Firmware-imx-sdma_firmware"
+
+FILES_${PN}-imx-sdma-imx6q = "${nonarch_base_libdir}/firmware/imx/sdma/sdma-imx6q.bin"
+
+RPROVIDES_${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q"
+RREPLACES_${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q"
+RCONFLICTS_${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q"
+
+FILES_${PN}-imx-sdma-imx7d = "${nonarch_base_libdir}/firmware/imx/sdma/sdma-imx7d.bin"
+
+FILES_${PN}-imx-sdma-license = "${nonarch_base_libdir}/firmware/LICENSE.sdma_firmware"
+
+RDEPENDS_${PN}-imx-sdma-imx6q += "${PN}-imx-sdma-license"
+RDEPENDS_${PN}-imx-sdma-imx7d += "${PN}-imx-sdma-license"
+
+# For iwlwifi
+LICENSE_${PN}-iwlwifi           = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-135-6     = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-3160-7    = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-3160-8    = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-3160-9    = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-3160-10   = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-3160-12   = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-3160-13   = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-3160-16   = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-3160-17   = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-6000-4    = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-6000g2a-5 = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-6000g2a-6 = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-6000g2b-5 = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-6000g2b-6 = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-6050-4    = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-6050-5    = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-7260      = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-7265      = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-7265d     = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-8000c     = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-8265      = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-9000      = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-misc      = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-license   = "Firmware-iwlwifi_firmware"
+
+
+FILES_${PN}-iwlwifi-license = "${nonarch_base_libdir}/firmware/LICENCE.iwlwifi_firmware"
+FILES_${PN}-iwlwifi-135-6 = "${nonarch_base_libdir}/firmware/iwlwifi-135-6.ucode"
+FILES_${PN}-iwlwifi-3160-7 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-7.ucode"
+FILES_${PN}-iwlwifi-3160-8 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-8.ucode"
+FILES_${PN}-iwlwifi-3160-9 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-9.ucode"
+FILES_${PN}-iwlwifi-3160-10 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-10.ucode"
+FILES_${PN}-iwlwifi-3160-12 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-12.ucode"
+FILES_${PN}-iwlwifi-3160-13 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-13.ucode"
+FILES_${PN}-iwlwifi-3160-16 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-16.ucode"
+FILES_${PN}-iwlwifi-3160-17 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-17.ucode"
+FILES_${PN}-iwlwifi-6000-4 = "${nonarch_base_libdir}/firmware/iwlwifi-6000-4.ucode"
+FILES_${PN}-iwlwifi-6000g2a-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2a-5.ucode"
+FILES_${PN}-iwlwifi-6000g2a-6 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2a-6.ucode"
+FILES_${PN}-iwlwifi-6000g2b-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2b-5.ucode"
+FILES_${PN}-iwlwifi-6000g2b-6 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2b-6.ucode"
+FILES_${PN}-iwlwifi-6050-4 = "${nonarch_base_libdir}/firmware/iwlwifi-6050-4.ucode"
+FILES_${PN}-iwlwifi-6050-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6050-5.ucode"
+FILES_${PN}-iwlwifi-7260   = "${nonarch_base_libdir}/firmware/iwlwifi-7260-*.ucode"
+FILES_${PN}-iwlwifi-7265   = "${nonarch_base_libdir}/firmware/iwlwifi-7265-*.ucode"
+FILES_${PN}-iwlwifi-7265d   = "${nonarch_base_libdir}/firmware/iwlwifi-7265D-*.ucode"
+FILES_${PN}-iwlwifi-8000c   = "${nonarch_base_libdir}/firmware/iwlwifi-8000C-*.ucode"
+FILES_${PN}-iwlwifi-8265   = "${nonarch_base_libdir}/firmware/iwlwifi-8265-*.ucode"
+FILES_${PN}-iwlwifi-9000   = "${nonarch_base_libdir}/firmware/iwlwifi-9000-*.ucode"
+FILES_${PN}-iwlwifi-misc   = "${nonarch_base_libdir}/firmware/iwlwifi-*.ucode"
+
+RDEPENDS_${PN}-iwlwifi-135-6     = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-3160-7    = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-3160-8    = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-3160-9    = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-3160-10   = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-3160-12   = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-3160-13   = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-3160-16   = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-3160-17   = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-6000-4    = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-6000g2a-5 = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-6000g2a-6 = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-6000g2b-5 = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-6000g2b-6 = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-6050-4    = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-6050-5    = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-7260      = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-7265      = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-7265d     = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-8000c     = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-8265      = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-9000      = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-misc      = "${PN}-iwlwifi-license"
+
+# -iwlwifi-misc is a "catch all" package that includes all the iwlwifi
+# firmwares that are not already included in other -iwlwifi- packages.
+# -iwlwifi is a virtual package that depends upon all iwlwifi packages.
+# These are distinct in order to allow the -misc firmwares to be installed
+# without pulling in every other iwlwifi package.
+ALLOW_EMPTY_${PN}-iwlwifi = "1"
+ALLOW_EMPTY_${PN}-iwlwifi-misc = "1"
+
+# Handle package updating for the newly merged iwlwifi groupings
+RPROVIDES_${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9"
+RREPLACES_${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9"
+RCONFLICTS_${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9"
+
+RPROVIDES_${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9"
+RREPLACES_${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9"
+RCONFLICTS_${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9"
+
+# For ibt
+LICENSE_${PN}-ibt-license = "Firmware-ibt_firmware"
+LICENSE_${PN}-ibt-hw-37-7 = "Firmware-ibt_firmware"
+LICENSE_${PN}-ibt-hw-37-8 = "Firmware-ibt_firmware"
+LICENSE_${PN}-ibt-11-5    = "Firmware-ibt_firmware"
+LICENSE_${PN}-ibt-12-16   = "Firmware-ibt_firmware"
+LICENSE_${PN}-ibt-17 = "Firmware-ibt_firmware"
+LICENSE_${PN}-ibt-20 = "Firmware-ibt_firmware"
+LICENSE_${PN}-ibt-misc    = "Firmware-ibt_firmware"
+
+FILES_${PN}-ibt-license = "${nonarch_base_libdir}/firmware/LICENCE.ibt_firmware"
+FILES_${PN}-ibt-hw-37-7 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.7*.bseq"
+FILES_${PN}-ibt-hw-37-8 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.8*.bseq"
+FILES_${PN}-ibt-11-5    = "${nonarch_base_libdir}/firmware/intel/ibt-11-5.sfi ${nonarch_base_libdir}/firmware/intel/ibt-11-5.ddc"
+FILES_${PN}-ibt-12-16   = "${nonarch_base_libdir}/firmware/intel/ibt-12-16.sfi ${nonarch_base_libdir}/firmware/intel/ibt-12-16.ddc"
+FILES_${PN}-ibt-17 = "${nonarch_base_libdir}/firmware/intel/ibt-17-*.sfi ${nonarch_base_libdir}/firmware/intel/ibt-17-*.ddc"
+FILES_${PN}-ibt-20 = "${nonarch_base_libdir}/firmware/intel/ibt-20-*.sfi ${nonarch_base_libdir}/firmware/intel/ibt-20-*.ddc"
+FILES_${PN}-ibt-misc    = "${nonarch_base_libdir}/firmware/intel/ibt-*"
+
+RDEPENDS_${PN}-ibt-hw-37-7 = "${PN}-ibt-license"
+RDEPENDS_${PN}-ibt-hw-37.8 = "${PN}-ibt-license"
+RDEPENDS_${PN}-ibt-11-5    = "${PN}-ibt-license"
+RDEPENDS_${PN}-ibt-12-16   = "${PN}-ibt-license"
+RDEPENDS_${PN}-ibt-17 = "${PN}-ibt-license"
+RDEPENDS_${PN}-ibt-20 = "${PN}-ibt-license"
+RDEPENDS_${PN}-ibt-misc    = "${PN}-ibt-license"
+
+ALLOW_EMPTY_${PN}-ibt= "1"
+ALLOW_EMPTY_${PN}-ibt-misc = "1"
+
+LICENSE_${PN}-i915       = "Firmware-i915"
+LICENSE_${PN}-i915-license = "Firmware-i915"
+FILES_${PN}-i915-license = "${nonarch_base_libdir}/firmware/LICENSE.i915"
+FILES_${PN}-i915         = "${nonarch_base_libdir}/firmware/i915"
+RDEPENDS_${PN}-i915      = "${PN}-i915-license"
+
+LICENSE_${PN}-ice       = "Firmware-ice"
+LICENSE_${PN}-ice-license = "Firmware-ice"
+FILES_${PN}-ice-license = "${nonarch_base_libdir}/firmware/LICENSE.ice"
+FILES_${PN}-ice         = "${nonarch_base_libdir}/firmware/intel/ice"
+RDEPENDS_${PN}-ice      = "${PN}-ice-license"
+
+FILES_${PN}-adsp-sst-license      = "${nonarch_base_libdir}/firmware/LICENCE.adsp_sst"
+LICENSE_${PN}-adsp-sst            = "Firmware-adsp_sst"
+LICENSE_${PN}-adsp-sst-license    = "Firmware-adsp_sst"
+FILES_${PN}-adsp-sst              = "${nonarch_base_libdir}/firmware/intel/dsp_fw*"
+RDEPENDS_${PN}-adsp-sst           = "${PN}-adsp-sst-license"
+
+# For QAT
+LICENSE_${PN}-qat         = "Firmware-qat"
+LICENSE_${PN}-qat-license = "Firmware-qat"
+FILES_${PN}-qat-license   = "${nonarch_base_libdir}/firmware/LICENCE.qat_firmware"
+FILES_${PN}-qat           = "${nonarch_base_libdir}/firmware/qat*.bin"
+RDEPENDS_${PN}-qat        = "${PN}-qat-license"
+
+# For QCOM VPU/GPU and SDM845
+LICENSE_${PN}-qcom-license = "Firmware-qcom"
+LICENSE_${PN}-qcom-yamato-license = "Firmware-qcom-yamato"
+LICENSE_${PN}-qcom-venus-1.8 = "Firmware-qcom"
+LICENSE_${PN}-qcom-venus-4.2 = "Firmware-qcom"
+LICENSE_${PN}-qcom-venus-5.2 = "Firmware-qcom"
+LICENSE_${PN}-qcom-venus-5.4 = "Firmware-qcom"
+LICENSE_${PN}-qcom-vpu-1.0 = "Firmware-qcom"
+LICENSE_${PN}-qcom-vpu-2.0 = "Firmware-qcom"
+LICENSE_${PN}-qcom-adreno-a2xx = "Firmware-qcom Firmware-qcom-yamato"
+LICENSE_${PN}-qcom-adreno-a3xx = "Firmware-qcom"
+LICENSE_${PN}-qcom-adreno-a4xx = "Firmware-qcom"
+LICENSE_${PN}-qcom-adreno-a530 = "Firmware-qcom"
+LICENSE_${PN}-qcom-adreno-a630 = "Firmware-qcom"
+LICENSE_${PN}-qcom-adreno-a650 = "Firmware-qcom"
+LICENSE_${PN}-qcom-adreno-a660 = "Firmware-qcom"
+LICENSE_${PN}-qcom-apq8096-audio = "Firmware-qcom"
+LICENSE_${PN}-qcom-apq8096-modem = "Firmware-qcom"
+LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-audio = "Firmware-qcom"
+LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "Firmware-qcom"
+LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-compute = "Firmware-qcom"
+LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "Firmware-qcom"
+LICENSE_${PN}-qcom-sdm845-audio = "Firmware-qcom"
+LICENSE_${PN}-qcom-sdm845-compute = "Firmware-qcom"
+LICENSE_${PN}-qcom-sdm845-modem = "Firmware-qcom"
+LICENSE_${PN}-qcom-sm8250-audio = "Firmware-qcom"
+LICENSE_${PN}-qcom-sm8250-compute = "Firmware-qcom"
+
+FILES_${PN}-qcom-license   = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt"
+FILES_${PN}-qcom-yamato-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom_yamato"
+FILES_${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*"
+FILES_${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*"
+FILES_${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*"
+FILES_${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*"
+FILES_${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*"
+FILES_${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*"
+FILES_${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw ${nonarch_base_libdir}/firmware/qcom/yamato_*.fw"
+FILES_${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a3*_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw"
+FILES_${PN}-qcom-adreno-a4xx = "${nonarch_base_libdir}/firmware/qcom/a4*_*.fw"
+FILES_${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*"
+FILES_${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*"
+FILES_${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*"
+FILES_${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*"
+FILES_${PN}-qcom-apq8096-audio = "${nonarch_base_libdir}/firmware/qcom/apq8096/adsp*.*"
+FILES_${PN}-qcom-apq8096-modem = "${nonarch_base_libdir}/firmware/qcom/apq8096/mba.mbn ${nonarch_base_libdir}/firmware/qcom/apq8096/modem*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/wlanmdsp.mbn"
+FILES_${PN}-qcom-sc8280xp-lenovo-x13s-compat = "${nonarch_base_libdir}/firmware/qcom/LENOVO/21BX"
+FILES_${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*adsp*.* ${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/battmgr.jsn"
+FILES_${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/qcdxkmsuc8280.mbn"
+FILES_${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*cdsp*.*"
+FILES_${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*slpi*.*"
+FILES_${PN}-qcom-sdm845-audio = "${nonarch_base_libdir}/firmware/qcom/sdm845/adsp*.*"
+FILES_${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/cdsp*.*"
+FILES_${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn"
+FILES_${PN}-qcom-sm8250-audio = "${nonarch_base_libdir}/firmware/qcom/sm8250/adsp*.*"
+FILES_${PN}-qcom-sm8250-compute = "${nonarch_base_libdir}/firmware/qcom/sm8250/cdsp*.*"
+RDEPENDS_${PN}-qcom-venus-1.8 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-venus-4.2 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-venus-5.2 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-venus-5.4 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-vpu-1.0 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-vpu-2.0 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-adreno-a2xx = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-adreno-a2xx = "${PN}-qcom-license ${PN}-qcom-yamato-license"
+RDEPENDS_${PN}-qcom-adreno-a4xx = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-adreno-a530 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-adreno-a630 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-adreno-a650 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-adreno-a660 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-apq8096-audio = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-apq8096-modem = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-sdm845-audio = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-sdm845-compute = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-sdm845-modem = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-sm8250-audio = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-sm8250-compute = "${PN}-qcom-license"
+
+RRECOMMENDS_${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${PN}-qcom-sc8280xp-lenovo-x13s-compat"
+RRECOMMENDS_${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${PN}-qcom-sc8280xp-lenovo-x13s-compat"
+RRECOMMENDS_${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${PN}-qcom-sc8280xp-lenovo-x13s-compat"
+RRECOMMENDS_${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${PN}-qcom-sc8280xp-lenovo-x13s-compat"
+
+FILES_${PN}-liquidio = "${nonarch_base_libdir}/firmware/liquidio"
+
+# For Amlogic VDEC
+LICENSE_${PN}-amlogic-vdec = "Firmware-amlogic_vdec"
+FILES_${PN}-amlogic-vdec-license = "${nonarch_base_libdir}/firmware/LICENSE.amlogic_vdec"
+FILES_${PN}-amlogic-vdec = "${nonarch_base_libdir}/firmware/meson/vdec/*"
+RDEPENDS_${PN}-amlogic-vdec = "${PN}-amlogic-vdec-license"
+
+# For other firmwares
+# Maybe split out to separate packages when needed.
+LICENSE_${PN} = "\
+    Firmware-Abilis \
+    & Firmware-agere \
+    & Firmware-amdgpu \
+    & Firmware-amd-ucode \
+    & Firmware-amlogic_vdec \
+    & Firmware-atmel \
+    & Firmware-ca0132 \
+    & Firmware-cavium \
+    & Firmware-chelsio_firmware \
+    & Firmware-cw1200 \
+    & Firmware-dib0700 \
+    & Firmware-e100 \
+    & Firmware-ene_firmware \
+    & Firmware-fw_sst_0f28 \
+    & Firmware-go7007 \
+    & Firmware-hfi1_firmware \
+    & Firmware-ibt_firmware \
+    & Firmware-it913x \
+    & Firmware-IntcSST2 \
+    & Firmware-kaweth \
+    & Firmware-moxa \
+    & Firmware-myri10ge_firmware \
+    & Firmware-nvidia \
+    & Firmware-OLPC \
+    & Firmware-ath9k-htc \
+    & Firmware-phanfw \
+    & Firmware-qat \
+    & Firmware-qcom \
+    & Firmware-qla1280 \
+    & Firmware-qla2xxx \
+    & Firmware-r8a779x_usb3 \
+    & Firmware-radeon \
+    & Firmware-ralink_a_mediatek_company_firmware \
+    & Firmware-ralink-firmware \
+    & Firmware-imx-sdma_firmware \
+    & Firmware-siano \
+    & Firmware-ti-connectivity \
+    & Firmware-ti-keystone \
+    & Firmware-ueagle-atm4-firmware \
+    & Firmware-wl1251 \
+    & Firmware-xc4000 \
+    & Firmware-xc5000 \
+    & Firmware-xc5000c \
+    & WHENCE \
+"
+
+FILES_${PN}-license += "${nonarch_base_libdir}/firmware/LICEN*"
+FILES_${PN} += "${nonarch_base_libdir}/firmware/*"
+RDEPENDS_${PN} += "${PN}-license"
+RDEPENDS_${PN} += "${PN}-whence-license"
+
+# Make linux-firmware depend on all of the split-out packages.
+# Make linux-firmware-iwlwifi depend on all of the split-out iwlwifi packages.
+# Make linux-firmware-ibt depend on all of the split-out ibt packages.
+python populate_packages_prepend () {
+    firmware_pkgs = oe.utils.packages_filter_out_system(d)
+    d.appendVar('RRECOMMENDS_linux-firmware', ' ' + ' '.join(firmware_pkgs))
+
+    iwlwifi_pkgs = filter(lambda x: x.find('-iwlwifi-') != -1, firmware_pkgs)
+    d.appendVar('RRECOMMENDS_linux-firmware-iwlwifi', ' ' + ' '.join(iwlwifi_pkgs))
+
+    ibt_pkgs = filter(lambda x: x.find('-ibt-') != -1, firmware_pkgs)
+    d.appendVar('RRECOMMENDS_linux-firmware-ibt', ' ' + ' '.join(ibt_pkgs))
+}
+
+# Firmware files are generally not ran on the CPU, so they can be
+# allarch despite being architecture specific
+INSANE_SKIP = "arch"
+
+# Don't warn about already stripped files
+INSANE_SKIP:${PN} = "already-stripped"
diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion.inc b/poky/meta/recipes-kernel/linux/cve-exclusion.inc
new file mode 100644
index 0000000000..a18e603bc9
--- /dev/null
+++ b/poky/meta/recipes-kernel/linux/cve-exclusion.inc
@@ -0,0 +1,1840 @@
+# Kernel CVE exclusion file
+
+# https://nvd.nist.gov/vuln/detail/CVE-2014-8171
+# Patched in kernel since v3.12 4942642080ea82d99ab5b653abb9a12b7ba31f4a
+CVE_CHECK_WHITELIST += "CVE-2014-8171"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2017-1000255
+# Patched in kernel since v4.14 265e60a170d0a0ecfc2d20490134ed2c48dd45ab
+CVE_CHECK_WHITELIST += "CVE-2017-1000255"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2018-5873
+# Patched in kernel since v4.11 073c516ff73557a8f7315066856c04b50383ac34
+CVE_CHECK_WHITELIST += "CVE-2018-5873"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2018-10840
+# Patched in kernel since v4.18 8a2b307c21d4b290e3cbe33f768f194286d07c23
+CVE_CHECK_WHITELIST += "CVE-2018-10840"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2018-10876
+# Patched in kernel since v4.18 8844618d8aa7a9973e7b527d038a2a589665002c
+CVE_CHECK_WHITELIST += "CVE-2018-10876"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2018-10882
+# Patched in kernel since v4.18 c37e9e013469521d9adb932d17a1795c139b36db
+CVE_CHECK_WHITELIST += "CVE-2018-10882"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2018-10902
+# Patched in kernel since v4.18 39675f7a7c7e7702f7d5341f1e0d01db746543a0
+CVE_CHECK_WHITELIST += "CVE-2018-10902"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2018-14625
+# Patched in kernel since v4.20 834e772c8db0c6a275d75315d90aba4ebbb1e249
+CVE_CHECK_WHITELIST += "CVE-2018-14625"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2018-16880
+# Patched in kernel since v5.0 b46a0bf78ad7b150ef5910da83859f7f5a514ffd
+CVE_CHECK_WHITELIST += "CVE-2018-16880"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2018-16884
+# Patched in kernel since v5.0 d4b09acf924b84bae77cad090a9d108e70b43643
+CVE_CHECK_WHITELIST += "CVE-2018-16884"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2019-3819
+# Patched in kernel since v5.0 13054abbaa4f1fd4e6f3b4b63439ec033b4c8035
+CVE_CHECK_WHITELIST += "CVE-2019-3819"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2019-20810
+# Patched in kernel since v5.6 9453264ef58638ce8976121ac44c07a3ef375983
+# Backported in version v5.4.48 6e688a315acf9c2b9b6e8c3e3b7a0c2720f72cba
+CVE_CHECK_WHITELIST += "CVE-2019-20810"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-1749
+# Patched in kernel since v5.5 6c8991f41546c3c472503dff1ea9daaddf9331c2
+# Backported in version v5.4.5 48d58ae9e87aaa11814364ddb52b3461f9abac57
+CVE_CHECK_WHITELIST += "CVE-2020-1749"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-8428
+# Patched in kernel since v5.5 d0cb50185ae942b03c4327be322055d622dc79f6
+# Backported in version v5.4.16 454759886d0b463213fad0f1c733469e2c501ab9
+CVE_CHECK_WHITELIST += "CVE-2020-8428"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-8647
+# Patched in kernel since v5.6 513dc792d6060d5ef572e43852683097a8420f56
+# Backported in version v5.4.25 5d230547476eea90b57ed9fda4bfe5307779abbb
+CVE_CHECK_WHITELIST += "CVE-2020-8647"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-8649
+# Patched in kernel since v5.6 513dc792d6060d5ef572e43852683097a8420f56
+# Backported in version v5.4.25 5d230547476eea90b57ed9fda4bfe5307779abbb
+CVE_CHECK_WHITELIST += "CVE-2020-8649"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-8992
+# Patched in kernel since v5.6 af133ade9a40794a37104ecbcc2827c0ea373a3c
+# Backported in version v5.4.21 94f0fe04da78adc214b51523499031664f9db408
+CVE_CHECK_WHITELIST += "CVE-2020-8992"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-9383
+# Patched in kernel since v5.6 2e90ca68b0d2f5548804f22f0dd61145516171e3
+# Backported in version v5.4.23 1eb78bc92c847f9e1c01a01b2773fc2fe7b134cf
+CVE_CHECK_WHITELIST += "CVE-2020-9383"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10690
+# Patched in kernel since v5.5 a33121e5487b424339636b25c35d3a180eaa5f5e
+# Backported in version v5.4.8 bfa2e0cd3dfda64fde43c3dca3aeba298d2fe7ad
+CVE_CHECK_WHITELIST += "CVE-2020-10690"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10711
+# Patched in kernel since v5.7 eead1c2ea2509fd754c6da893a94f0e69e83ebe4
+# Backported in version v5.4.42 debcbc56fdfc2847804d3d00d43f68f3074c5987
+CVE_CHECK_WHITELIST += "CVE-2020-10711"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10732
+# Patched in kernel since v5.7 1d605416fb7175e1adf094251466caa52093b413
+# Backported in version v5.4.44 a02c130efbbce91af1e9dd99a5a381dd43494e15
+CVE_CHECK_WHITELIST += "CVE-2020-10732"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10742
+# Patched in kernel since v3.16 91f79c43d1b54d7154b118860d81b39bad07dfff
+CVE_CHECK_WHITELIST += "CVE-2020-10742"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10757
+# Patched in kernel since v5.8 5bfea2d9b17f1034a68147a8b03b9789af5700f9
+# Backported in version v5.4.45 df4988aa1c9618d9c612639e96002cd4e772def2
+CVE_CHECK_WHITELIST += "CVE-2020-10757"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10766
+# Patched in kernel since v5.8 dbbe2ad02e9df26e372f38cc3e70dab9222c832e
+# Backported in version v5.4.47 9d1dcba6dd48cf7c5801d8aee12852ca41110896
+CVE_CHECK_WHITELIST += "CVE-2020-10766"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10767
+# Patched in kernel since v5.8 21998a351512eba4ed5969006f0c55882d995ada
+# Backported in version v5.4.47 6d60d5462a91eb46fb88b016508edfa8ee0bc7c8
+CVE_CHECK_WHITELIST += "CVE-2020-10767"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10768
+# Patched in kernel since v5.8 4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf
+# Backported in version v5.4.47 e1545848ad5510e82eb75717c1f5757b984014cb
+CVE_CHECK_WHITELIST += "CVE-2020-10768"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10781
+# Patched in kernel since v5.8 853eab68afc80f59f36bbdeb715e5c88c501e680
+# Backported in version v5.4.53 72648019cd52488716891c2cbb096ad1023ab83e
+CVE_CHECK_WHITELIST += "CVE-2020-10781"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10942
+# Patched in kernel since v5.6 42d84c8490f9f0931786f1623191fcab397c3d64
+# Backported in version v5.4.24 f09fbb1175cffdbbb36b28e2ff7db96dcc90de08
+CVE_CHECK_WHITELIST += "CVE-2020-10942"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-11494
+# Patched in kernel since v5.7 b9258a2cece4ec1f020715fe3554bc2e360f6264
+# Backported in version v5.4.32 fdb6a094ba41e985d9fb14ae2bfc180e3e983720
+CVE_CHECK_WHITELIST += "CVE-2020-11494"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-11565
+# Patched in kernel since v5.7 aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd
+# Backported in version v5.4.31 c3f87e03f90ff2901525cc99c0e3bfb6fcbfd184
+CVE_CHECK_WHITELIST += "CVE-2020-11565"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-11608
+# Patched in kernel since v5.7 998912346c0da53a6dbb71fab3a138586b596b30
+# Backported in version v5.4.29 e4af1cf37b901839320e40515d9a60a1c8b51f3a
+CVE_CHECK_WHITELIST += "CVE-2020-11608"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-11609
+# Patched in kernel since v5.7 485b06aadb933190f4bc44e006076bc27a23f205
+# Backported in version v5.4.29 4490085a9e2d2cde69e865e3691223ea9e94513b
+CVE_CHECK_WHITELIST += "CVE-2020-11609"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-11668
+# Patched in kernel since v5.7 a246b4d547708f33ff4d4b9a7a5dbac741dc89d8
+# Backported in version v5.4.29 e7cd85f398cd1ffe3ce707ce7e2ec0e4a5010475
+CVE_CHECK_WHITELIST += "CVE-2020-11668"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-11884
+# Patched in kernel since v5.7 316ec154810960052d4586b634156c54d0778f74
+# Backported in version v5.4.36 44d9eb0ebe8fd04f46b18d10a18b2c543b379a0c
+CVE_CHECK_WHITELIST += "CVE-2020-11884"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12464
+# Patched in kernel since v5.7 056ad39ee9253873522f6469c3364964a322912b
+# Backported in version v5.4.36 b48193a7c303272d357b27dd7d72cbf89f7b2d35
+CVE_CHECK_WHITELIST += "CVE-2020-12464"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12465
+# Patched in kernel since v5.6 b102f0c522cf668c8382c56a4f771b37d011cda2
+# Backported in version v5.4.26 02013734629bf57070525a3515509780092a63ab
+CVE_CHECK_WHITELIST += "CVE-2020-12465"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12653
+# Patched in kernel since v5.6 b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d
+# Backported in version v5.4.20 3c822e1f31186767d6b7261c3c066f01907ecfca
+CVE_CHECK_WHITELIST += "CVE-2020-12653"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12654
+# Patched in kernel since v5.6 3a9b153c5591548612c3955c9600a98150c81875
+# Backported in version v5.4.20 c5b071e3f44d1125694ad4dcf1234fb9a78d0be6
+CVE_CHECK_WHITELIST += "CVE-2020-12654"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12655
+# Patched in kernel since v5.7 d0c7feaf87678371c2c09b3709400be416b2dc62
+# Backported in version v5.4.50 ffd40b7962d463daa531a8110e5b708bcb5c6da7
+CVE_CHECK_WHITELIST += "CVE-2020-12655"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12657
+# Patched in kernel since v5.7 2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9
+# Backported in version v5.4.33 b37de1b1e882fa3741d252333e5745eea444483b
+CVE_CHECK_WHITELIST += "CVE-2020-12657"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12659
+# Patched in kernel since v5.7 99e3a236dd43d06c65af0a2ef9cb44306aef6e02
+# Backported in version v5.4.35 25c9cdef57488578da21d99eb614b97ffcf6e59f
+CVE_CHECK_WHITELIST += "CVE-2020-12659"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12768
+# Patched in kernel since v5.6 d80b64ff297e40c2b6f7d7abc1b3eba70d22a068
+# Backported in version v5.4.43 ac46cea606d59be18a6afd4560c48bcca836c44c
+CVE_CHECK_WHITELIST += "CVE-2020-12768"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12770
+# Patched in kernel since v5.7 83c6f2390040f188cc25b270b4befeb5628c1aee
+# Backported in version v5.4.42 2d6d0ce4de03832c8deedeb16c7af52868d7e99e
+CVE_CHECK_WHITELIST += "CVE-2020-12770"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12771
+# Patched in kernel since v5.8 be23e837333a914df3f24bf0b32e87b0331ab8d1
+# Backported in version v5.4.49 f651e94899ed08b1766bda30f410d33fdd3970ff
+CVE_CHECK_WHITELIST += "CVE-2020-12771"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12826
+# Patched in kernel since v5.7 d1e7fd6462ca9fc76650fbe6ca800e35b24267da
+# Backported in version v5.4.33 5f2d04139aa5ed04eab54b84e8a25bab87a2449c
+CVE_CHECK_WHITELIST += "CVE-2020-12826"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12888
+# Patched in kernel since v5.8 abafbc551fddede3e0a08dee1dcde08fc0eb8476
+# Backported in version v5.4.64 8f747b0149c5a0c72626a87eb0dd2a5ec91f1a7d
+CVE_CHECK_WHITELIST += "CVE-2020-12888"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-13143
+# Patched in kernel since v5.7 15753588bcd4bbffae1cca33c8ced5722477fe1f
+# Backported in version v5.4.42 6bb054f006c3df224cc382f1ebd81b7276dcfb1c
+CVE_CHECK_WHITELIST += "CVE-2020-13143"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-14314
+# Patched in kernel since v5.9 5872331b3d91820e14716632ebb56b1399b34fe1
+# Backported in version v5.4.61 ea54176e5821936d109bb45dc2c19bd53559e735
+CVE_CHECK_WHITELIST += "CVE-2020-14314"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-14331
+# Patched in kernel since v5.9 ebfdfeeae8c01fcb2b3b74ffaf03876e20835d2d
+# Backported in version v5.4.58 8c3215a0426c404f4b7b02a1e0fdb0f7f4f1e6d3
+CVE_CHECK_WHITELIST += "CVE-2020-14331"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-14351
+# Patched in kernel since v5.10 f91072ed1b7283b13ca57fcfbece5a3b92726143
+# Backported in version v5.4.78 c5cf5c7b585c7f48195892e44b76237010c0747a
+CVE_CHECK_WHITELIST += "CVE-2020-14351"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-14381
+# Patched in kernel since v5.6 8019ad13ef7f64be44d4f892af9c840179009254
+# Backported in version v5.4.28 553d46b07dc4813e1d8e6a3b3d6eb8603b4dda74
+CVE_CHECK_WHITELIST += "CVE-2020-14381"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-14385
+# Patched in kernel since v5.9 f4020438fab05364018c91f7e02ebdd192085933
+# Backported in version v5.4.64 da7a1676d6c19971758976a84e87f5b1009409e7
+CVE_CHECK_WHITELIST += "CVE-2020-14385"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-14390
+# Patched in kernel since v5.9 50145474f6ef4a9c19205b173da6264a644c7489
+# Backported in version v5.4.66 cf5a7ded53652c3d63d7243944c6a8ec1f0ef392
+CVE_CHECK_WHITELIST += "CVE-2020-14390"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-15393
+# Patched in kernel since v5.8 28ebeb8db77035e058a510ce9bd17c2b9a009dba
+# Backported in version v5.4.51 3dca0a299ff43204a69c9a7a00ce2b3e7ab3088c
+CVE_CHECK_WHITELIST += "CVE-2020-15393"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-15436
+# Patched in kernel since v5.8 2d3a8e2deddea6c89961c422ec0c5b851e648c14
+# Backported in version v5.4.49 b3dc33946a742256ad9d2ccac848c9e3c2aaafef
+CVE_CHECK_WHITELIST += "CVE-2020-15436"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-15437
+# Patched in kernel since v5.8 f4c23a140d80ef5e6d3d1f8f57007649014b60fa
+# Backported in version v5.4.54 af811869db0698b587aa5418eab05c9f7e0bea3c
+CVE_CHECK_WHITELIST += "CVE-2020-15437"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-15780
+# Patched in kernel since v5.8 75b0cea7bf307f362057cc778efe89af4c615354
+# Backported in version v5.4.50 824d0b6225f3fa2992704478a8df520537cfcb56
+CVE_CHECK_WHITELIST += "CVE-2020-15780"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-16119
+# Patched in kernel since v5.15 d9ea761fdd197351890418acd462c51f241014a7
+# Backported in version v5.4.148 5ab04a4ffed02f66e8e6310ba8261a43d1572343
+# Backported in version v5.10.68 6c3cb65d561e76fd0398026c023e587fec70e188
+CVE_CHECK_WHITELIST += "CVE-2020-16119"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-16166
+# Patched in kernel since v5.8 f227e3ec3b5cad859ad15666874405e8c1bbc1d4
+# Backported in version v5.4.57 c15a77bdda2c4f8acaa3e436128630a81f904ae7
+CVE_CHECK_WHITELIST += "CVE-2020-16166"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-24394
+# Patched in kernel since v5.8 22cf8419f1319ff87ec759d0ebdff4cbafaee832
+# Backported in version v5.4.51 fe05e114d0fde7f644ac9ab5edfce3fa65650875
+CVE_CHECK_WHITELIST += "CVE-2020-24394"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25211
+# Patched in kernel since v5.9 1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6
+# Backported in version v5.4.70 253052b636e98083b1ecc3e9b0cf6f151e1cb8c6
+CVE_CHECK_WHITELIST += "CVE-2020-25211"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25212
+# Patched in kernel since v5.9 b4487b93545214a9db8cbf32e86411677b0cca21
+# Backported in version v5.4.60 75cf7f895f563e14c82c1aeea0362dc155b5baf3
+CVE_CHECK_WHITELIST += "CVE-2020-25212"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25284
+# Patched in kernel since v5.9 f44d04e696feaf13d192d942c4f14ad2e117065a
+# Backported in version v5.4.66 ea3d3bf85669195247ad6a522f4e4209695edca2
+CVE_CHECK_WHITELIST += "CVE-2020-25284"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25285
+# Patched in kernel since v5.9 17743798d81238ab13050e8e2833699b54e15467
+# Backported in version v5.4.64 af7786b20c717ff13d9148161dad4b8e286bfd39
+CVE_CHECK_WHITELIST += "CVE-2020-25285"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25639
+# Patched in kernel since v5.12 eaba3b28401f50e22d64351caa8afe8d29509f27
+# Backported in version v5.4.102 0faef25462f886a77e0b397cca31d51163215332
+# Backported in version v5.10.20 e3fcff9f45aa82dacad26e5828598340d2742f47
+CVE_CHECK_WHITELIST += "CVE-2020-25639"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25641
+# Patched in kernel since v5.9 7e24969022cbd61ddc586f14824fc205661bb124
+# Backported in version v5.4.64 84c041c12442d233c9b3c593cbe9eb8a77875578
+CVE_CHECK_WHITELIST += "CVE-2020-25641"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25643
+# Patched in kernel since v5.9 66d42ed8b25b64eb63111a2b8582c5afc8bf1105
+# Backported in version v5.4.68 c3de9daa662617132744731f1b4eb7b5cd1270a8
+CVE_CHECK_WHITELIST += "CVE-2020-25643"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25645
+# Patched in kernel since v5.9 34beb21594519ce64a55a498c2fe7d567bc1ca20
+# Backported in version v5.4.68 745c24fd1d79b588a951d3c5beca43575907f881
+CVE_CHECK_WHITELIST += "CVE-2020-25645"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25656
+# Patched in kernel since v5.10 82e61c3909db51d91b9d3e2071557b6435018b80
+# Backported in version v5.4.75 87d398f348b8a2d5246d3670a93fb63d4fd9f62a
+CVE_CHECK_WHITELIST += "CVE-2020-25656"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25672
+# Patched in kernel since v5.12 7574fcdbdcb335763b6b322f6928dc0fd5730451
+# Backported in version v5.4.112 404daa4d62a364623b48349eb73a18579edf51ac
+# Backported in version v5.10.30 568ac94df580b1a65837dc299e8758635e7b1423
+CVE_CHECK_WHITELIST += "CVE-2020-25672"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25704
+# Patched in kernel since v5.10 7bdb157cdebbf95a1cd94ed2e01b338714075d00
+# Backported in version v5.4.76 b7f7474b392194530d1ec07203c8668e81b7fdb9
+CVE_CHECK_WHITELIST += "CVE-2020-25704"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25705
+# Patched in kernel since v5.10 b38e7819cae946e2edf869e604af1e65a5d241c5
+# Backported in version v5.4.73 8df0ffe2f32c09b4627cbce5cd5faf8e98a6a71e
+CVE_CHECK_WHITELIST += "CVE-2020-25705"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-26088
+# Patched in kernel since v5.9 26896f01467a28651f7a536143fe5ac8449d4041
+# Backported in version v5.4.59 0b305f259ca9b85c48f9cb3159d034b7328ed225
+CVE_CHECK_WHITELIST += "CVE-2020-26088"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-26541
+# Patched in kernel since v5.13 56c5812623f95313f6a46fbf0beee7fa17c68bbf
+# Backported in version v5.4.129 e20b90e4f81bb04e2b180824caae585928e24ba9
+# Backported in version v5.10.47 45109066f686597116467a53eaf4330450702a96
+CVE_CHECK_WHITELIST += "CVE-2020-26541"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27170
+# Patched in kernel since v5.12 f232326f6966cf2a1d1db7bc917a4ce5f9f55f76
+# Backported in version v5.4.107 ea8fb45eaac141b13f656a7056e4823845aa3b69
+# Backported in version v5.10.25 c4d37eea1c641a9319baf34253cc373abb39d3e1
+CVE_CHECK_WHITELIST += "CVE-2020-27170"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27171
+# Patched in kernel since v5.12 10d2bb2e6b1d8c4576c56a748f697dbeb8388899
+# Backported in version v5.4.107 2da0540739e43154b500a817d9c95d36c2f6a323
+# Backported in version v5.10.25 ac1b87a18c1ffbe3d093000b762121b5aae0a3f9
+CVE_CHECK_WHITELIST += "CVE-2020-27171"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27675
+# Patched in kernel since v5.10 073d0552ead5bfc7a3a9c01de590e924f11b5dd2
+# Backported in version v5.4.75 a01379671d67d34f254cc81f42cf854aa628f3a3
+CVE_CHECK_WHITELIST += "CVE-2020-27675"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27777
+# Patched in kernel since v5.10 bd59380c5ba4147dcbaad3e582b55ccfd120b764
+# Backported in version v5.4.75 240baebeda09e1e010fff58acc9183992f41f638
+CVE_CHECK_WHITELIST += "CVE-2020-27777"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27784
+# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1
+# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3
+CVE_CHECK_WHITELIST += "CVE-2020-27784"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27830
+# Patched in kernel since v5.10 f0992098cadb4c9c6a00703b66cafe604e178fea
+# Backported in version v5.4.83 b0d4fa10bfcc3051e9426b6286fb2d80bad04d74
+CVE_CHECK_WHITELIST += "CVE-2020-27830"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-28097
+# Patched in kernel since v5.9 973c096f6a85e5b5f2a295126ba6928d9a6afd45
+# Backported in version v5.4.66 087b6cb17df5834d395ab72da3f937380470ba15
+CVE_CHECK_WHITELIST += "CVE-2020-28097"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-28374
+# Patched in kernel since v5.11 2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
+# Backported in version v5.4.89 485e21729b1e1235e6075318225c09e76b376e81
+# Backported in version v5.10.7 6f1e88527c1869de08632efa2cc796e0131850dc
+CVE_CHECK_WHITELIST += "CVE-2020-28374"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-28915
+# Patched in kernel since v5.9 5af08640795b2b9a940c9266c0260455377ae262
+# Backported in version v5.4.71 1b2fcd82c0ca23f6fa01298c0d7b59eb4efbaf48
+CVE_CHECK_WHITELIST += "CVE-2020-28915"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-28941
+# Patched in kernel since v5.10 d4122754442799187d5d537a9c039a49a67e57f1
+# Backported in version v5.4.80 3b78db264675e47ad3cf9c1e809e85d02fe1de90
+CVE_CHECK_WHITELIST += "CVE-2020-28941"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-28974
+# Patched in kernel since v5.10 3c4e0dff2095c579b142d5a0693257f1c58b4804
+# Backported in version v5.4.76 642181fe3567419d84d2457b58f262c37467f525
+CVE_CHECK_WHITELIST += "CVE-2020-28974"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-29368
+# Patched in kernel since v5.8 c444eb564fb16645c172d550359cb3d75fe8a040
+# Backported in version v5.4.48 a88d8aaf9b8b5e0af163a235a3baa9fdcb7d430a
+CVE_CHECK_WHITELIST += "CVE-2020-29368"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-29369
+# Patched in kernel since v5.8 246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c
+# Backported in version v5.4.54 549bfc14270681cd776c6d9b78fe544cbd21673a
+CVE_CHECK_WHITELIST += "CVE-2020-29369"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-29370
+# Patched in kernel since v5.6 fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8
+# Backported in version v5.4.27 ae119b7e12472517bc35c1c003d5abf26653674a
+CVE_CHECK_WHITELIST += "CVE-2020-29370"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-29371
+# Patched in kernel since v5.9 bcf85fcedfdd17911982a3e3564fcfec7b01eebd
+# Backported in version v5.4.61 19a77c937a1914bdd655366e79a2a1b7d675f554
+CVE_CHECK_WHITELIST += "CVE-2020-29371"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-29373
+# Patched in kernel since v5.6 ff002b30181d30cdfbca316dadd099c3ca0d739c
+# Backported in version v5.4.24 cac68d12c531aa3010509a5a55a5dfd18dedaa80
+CVE_CHECK_WHITELIST += "CVE-2020-29373"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-29374
+# Patched in kernel since v5.8 17839856fd588f4ab6b789f482ed3ffd7c403e1f
+# Backported in version v5.4.47 1027dc04f557328eb7b7b7eea48698377a959157
+CVE_CHECK_WHITELIST += "CVE-2020-29374"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-29660
+# Patched in kernel since v5.10 c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9
+# Backported in version v5.4.83 35ee9ac513280f46eeb1196bac82ed5320380412
+CVE_CHECK_WHITELIST += "CVE-2020-29660"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-35508
+# Patched in kernel since v5.10 b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948
+# Backported in version v5.4.76 beeb658cfd3544ceca894375c36b6572e4ae7a5f
+CVE_CHECK_WHITELIST += "CVE-2020-35508"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-36158
+# Patched in kernel since v5.11 5c455c5ab332773464d02ba17015acdca198f03d
+# Backported in version v5.4.88 0a49aaf4df2936bca119ee38fe5a570a7024efdc
+# Backported in version v5.10.6 94cc73b27a2599e4c88b7b2d6fd190107c58e480
+CVE_CHECK_WHITELIST += "CVE-2020-36158"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-36311
+# Patched in kernel since v5.9 7be74942f184fdfba34ddd19a0d995deb34d4a03
+# Backported in version v5.4.131 abbd42939db646f7210e1473e9cb17c6bc6f184c
+CVE_CHECK_WHITELIST += "CVE-2020-36311"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-36312
+# Patched in kernel since v5.9 f65886606c2d3b562716de030706dfe1bea4ed5e
+# Backported in version v5.4.66 41b2ea7a6a11e2b1a7f2c29e1675a709a6b2b98d
+CVE_CHECK_WHITELIST += "CVE-2020-36312"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-36322
+# Patched in kernel since v5.11 5d069dbe8aaf2a197142558b6fb2978189ba3454
+# Backported in version v5.4.88 732251cabeb3bfd917d453a42274d769d6883fc4
+# Backported in version v5.10.6 36cf9ae54b0ead0daab7701a994de3dcd9ef605d
+CVE_CHECK_WHITELIST += "CVE-2020-36322"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-36386
+# Patched in kernel since v5.9 51c19bf3d5cfaa66571e4b88ba2a6f6295311101
+# Backported in version v5.4.58 c26eaaf547b785ae98fa08607b599c7df0da51bc
+CVE_CHECK_WHITELIST += "CVE-2020-36386"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-36516
+# Patched in kernel since v5.17 23f57406b82de51809d5812afd96f210f8b627f3
+# Backported in version v5.4.176 1f748455a8f0e984dc91fc09e6dfe99f0e58cfbe
+# Backported in version v5.10.96 b26fed25e67bc09f28f998569ed14022e07b174b
+# Backported in version v5.15.19 dee686cbfdd13ca022f20be344a14f595a93f303
+CVE_CHECK_WHITELIST += "CVE-2020-36516"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-36557
+# Patched in kernel since v5.7 ca4463bf8438b403596edd0ec961ca0d4fbe0220
+# Backported in version v5.4.30 acf0e94019310a9e1c4b6807c208f49a25f74573
+CVE_CHECK_WHITELIST += "CVE-2020-36557"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-36558
+# Patched in kernel since v5.6 6cd1ed50efd88261298577cd92a14f2768eddeeb
+# Backported in version v5.4.23 897d5aaf3397e64a56274f2176d9e1b13adcb92e
+CVE_CHECK_WHITELIST += "CVE-2020-36558"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3178
+# Patched in kernel since v5.11 51b2ee7d006a736a9126e8111d1f24e4fd0afaa6
+# Backported in version v5.4.92 4aef760c28e8bd1860a27fd78067b4ea77124987
+# Backported in version v5.10.10 fdcaa4af5e70e2d984c9620a09e9dade067f2620
+CVE_CHECK_WHITELIST += "CVE-2021-3178"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3348
+# Patched in kernel since v5.11 b98e762e3d71e893b221f871825dc64694cfb258
+# Backported in version v5.4.95 587c6b75d7fdd366ad7dc615471006ce73c03a51
+# Backported in version v5.10.13 41f6f4a3143506ea1499cda2f14a16a2f82118a8
+CVE_CHECK_WHITELIST += "CVE-2021-3348"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3483
+# Patched in kernel since v5.12 829933ef05a951c8ff140e814656d73e74915faf
+# Backported in version v5.4.110 5ecfad1efbc31ab913f16ed60f0efff301aebfca
+# Backported in version v5.10.28 c04adcc819d3bdd85a5dc2523687707b89724df7
+CVE_CHECK_WHITELIST += "CVE-2021-3483"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3506
+# Patched in kernel since v5.13 b862676e371715456c9dade7990c8004996d0d9e
+# Backported in version v5.4.118 27a130638406815eba083c632ee083f0c5e688c2
+# Backported in version v5.10.36 9aa4602237d535b83c579eb752e8fc1c3e7e7055
+CVE_CHECK_WHITELIST += "CVE-2021-3506"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3564
+# Patched in kernel since v5.13 6a137caec23aeb9e036cdfd8a46dd8a366460e5d
+# Backported in version v5.4.125 8d3d0ac73a4a1d31e3d4f7c068312aba78470166
+# Backported in version v5.10.43 3795007c8dfc8bca176529bfeceb17c6f4ef7e44
+CVE_CHECK_WHITELIST += "CVE-2021-3564"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3573
+# Patched in kernel since v5.13 e305509e678b3a4af2b3cfd410f409f7cdaabb52
+# Backported in version v5.4.125 b6f97555c71f78288682bc967121572f10715c89
+# Backported in version v5.10.43 74caf718cc7422a957aac381c73d798c0a999a65
+CVE_CHECK_WHITELIST += "CVE-2021-3573"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3609
+# Patched in kernel since v5.14 d5f9023fa61ee8b94f37a93f08e94b136cf1e463
+# Backported in version v5.4.132 70a9116b9e5ccd5332d3a60b359fb5902d268fd0
+# Backported in version v5.10.50 b52e0cf0bfc1ede495de36aec86f6013efa18f60
+CVE_CHECK_WHITELIST += "CVE-2021-3609"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3612
+# Patched in kernel since v5.14 f8f84af5da9ee04ef1d271528656dac42a090d00
+# Backported in version v5.4.132 0f382fa359ca1cb717ce27407538eb579b29a99f
+# Backported in version v5.10.50 b4c35e9e8061b2386da1aa0d708e991204e76c45
+CVE_CHECK_WHITELIST += "CVE-2021-3612"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3635
+# Patched in kernel since v5.5 335178d5429c4cee61b58f4ac80688f556630818
+# Backported in version v5.4.14 8f4dc50b5c12e159ac846fdc00702c547fdf2e95
+CVE_CHECK_WHITELIST += "CVE-2021-3635"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3640
+# Patched in kernel since v5.16 99c23da0eed4fd20cae8243f2b51e10e66aa0951
+# Backported in version v5.4.160 d416020f1a9cc5f903ae66649b2c56d9ad5256ab
+# Backported in version v5.10.80 4dfba42604f08a505f1a1efc69ec5207ea6243de
+# Backported in version v5.15.3 b990c219c4c9d4993ef65ea9db73d9497e70f697
+CVE_CHECK_WHITELIST += "CVE-2021-3640"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3653
+# Patched in kernel since v5.14 0f923e07124df069ba68d8bb12324398f4b6b709
+# Backported in version v5.4.142 7c1c96ffb658fbfe66c5ebed6bcb5909837bc267
+# Backported in version v5.10.60 c0883f693187c646c0972d73e525523f9486c2e3
+CVE_CHECK_WHITELIST += "CVE-2021-3653"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3679
+# Patched in kernel since v5.14 67f0d6d9883c13174669f88adac4f0ee656cc16a
+# Backported in version v5.4.136 f899f24d34d964593b16122a774c192a78e2ca56
+# Backported in version v5.10.54 757bdba8026be19b4f447487695cd0349a648d9e
+CVE_CHECK_WHITELIST += "CVE-2021-3679"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3732
+# Patched in kernel since v5.14 427215d85e8d1476da1a86b8d67aceb485eb3631
+# Backported in version v5.4.141 812f39ed5b0b7f34868736de3055c92c7c4cf459
+# Backported in version v5.10.59 6a002d48a66076524f67098132538bef17e8445e
+CVE_CHECK_WHITELIST += "CVE-2021-3732"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3739
+# Patched in kernel since v5.15 e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091
+# Backported in version v5.4.144 d7f7eca72ecc08f0bb6897fda2290293fca63068
+# Backported in version v5.10.62 c43add24dffdbac269d5610465ced70cfc1bad9e
+CVE_CHECK_WHITELIST += "CVE-2021-3739"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3744
+# Patched in kernel since v5.15 505d9dcb0f7ddf9d075e729523a33d38642ae680
+# Backported in version v5.4.151 24f3d2609114f1e1f6b487b511ce5fa36f21e0ae
+# Backported in version v5.10.71 17ccc64e4fa5d3673528474bfeda814d95dc600a
+CVE_CHECK_WHITELIST += "CVE-2021-3744"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3752
+# Patched in kernel since v5.16 1bff51ea59a9afb67d2dd78518ab0582a54a472c
+# Backported in version v5.4.160 67bd269a84ce29dfc543c1683a2553b4169f9a55
+# Backported in version v5.10.80 c10465f6d6208db2e45a6dac1db312b9589b2583
+# Backported in version v5.15.3 7e22e4db95b04f09adcce18c75d27cbca8f53b99
+CVE_CHECK_WHITELIST += "CVE-2021-3752"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3753
+# Patched in kernel since v5.15 2287a51ba822384834dafc1c798453375d1107c7
+# Backported in version v5.4.144 f4418015201bdca0cd4e28b363d88096206e4ad0
+# Backported in version v5.10.62 60d69cb4e60de0067e5d8aecacd86dfe92a5384a
+CVE_CHECK_WHITELIST += "CVE-2021-3753"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3759
+# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f
+# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92
+# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196
+CVE_CHECK_WHITELIST += "CVE-2021-3759"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3764
+# Patched in kernel since v5.15 505d9dcb0f7ddf9d075e729523a33d38642ae680
+# Backported in version v5.4.151 24f3d2609114f1e1f6b487b511ce5fa36f21e0ae
+# Backported in version v5.10.71 17ccc64e4fa5d3673528474bfeda814d95dc600a
+CVE_CHECK_WHITELIST += "CVE-2021-3764"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3923
+# Patched in kernel since v5.16 b35a0f4dd544eaa6162b6d2f13a2557a121ae5fd
+# Backported in version v5.4.171 5eb5d9c6591d7e58f32088ef848503a4a947fc46
+# Backported in version v5.10.91 beeb0fdedae802a7fb606e955a81a56a2e3bbac1
+# Backported in version v5.15.14 e1e354771812b12f0b4c433bbaf916f87cd0f6c7
+CVE_CHECK_WHITELIST += "CVE-2021-3923"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4002
+# Patched in kernel since v5.16 a4a118f2eead1d6c49e00765de89878288d4b890
+# Backported in version v5.4.162 201340ca4eb748c52062c5e938826ddfbe313088
+# Backported in version v5.10.82 40bc831ab5f630431010d1ff867390b07418a7ee
+# Backported in version v5.15.5 556d59293a2a94863797a7a50890992aa5e8db16
+CVE_CHECK_WHITELIST += "CVE-2021-4002"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4083
+# Patched in kernel since v5.16 054aa8d439b9185d4f5eb9a90282d1ce74772969
+# Backported in version v5.4.164 03d4462ba3bc8f830d9807e3c3fde54fad06e2e2
+# Backported in version v5.10.84 4baba6ba56eb91a735a027f783cc4b9276b48d5b
+# Backported in version v5.15.7 6fe4eadd54da3040cf6f6579ae157ae1395dc0f8
+CVE_CHECK_WHITELIST += "CVE-2021-4083"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4135
+# Patched in kernel since v5.16 481221775d53d6215a6e5e9ce1cce6d2b4ab9a46
+# Backported in version v5.4.168 699e794c12a3cd79045ff135bc87a53b97024e43
+# Backported in version v5.10.88 1a34fb9e2bf3029f7c0882069d67ff69cbd645d8
+# Backported in version v5.15.11 27358aa81a7d60e6bd36f0bb1db65cd084c2cad0
+CVE_CHECK_WHITELIST += "CVE-2021-4135"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4149
+# Patched in kernel since v5.15 19ea40dddf1833db868533958ca066f368862211
+# Backported in version v5.4.155 005a07c9acd6cf8a40555884f0650dfd4ec23fbe
+# Backported in version v5.10.75 206868a5b6c14adc4098dd3210a2f7510d97a670
+CVE_CHECK_WHITELIST += "CVE-2021-4149"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4155
+# Patched in kernel since v5.16 983d8e60f50806f90534cc5373d0ce867e5aaf79
+# Backported in version v5.4.171 102af6edfd3a372db6e229177762a91f552e5f5e
+# Backported in version v5.10.91 16d8568378f9ee2d1e69216d39961aa72710209f
+# Backported in version v5.15.14 b0e72ba9e520b95346e68800afff0db65e766ca8
+CVE_CHECK_WHITELIST += "CVE-2021-4155"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4159
+# Patched in kernel since v5.7 294f2fc6da27620a506e6c050241655459ccd6bd
+# Backported in version v5.4.210 7c1134c7da997523e2834dd516e2ddc51920699a
+CVE_CHECK_WHITELIST += "CVE-2021-4159"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4203
+# Patched in kernel since v5.15 35306eb23814444bd4021f8a1c3047d3cb0c8b2b
+# Backported in version v5.4.151 0fcfaa8ed9d1dcbe377b202a1b3cdfd4e566114c
+# Backported in version v5.10.71 3db53827a0e9130d9e2cbe3c3b5bca601caa4c74
+CVE_CHECK_WHITELIST += "CVE-2021-4203"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-20265
+# Patched in kernel since v4.5 fa0dc04df259ba2df3ce1920e9690c7842f8fa4b
+CVE_CHECK_WHITELIST += "CVE-2021-20265"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-20292
+# Patched in kernel since v5.9 5de5b6ecf97a021f29403aa272cb4e03318ef586
+# Backported in version v5.4.59 c6d2ddf1a30d524106265ad2c48b907cd7a083d4
+CVE_CHECK_WHITELIST += "CVE-2021-20292"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-20321
+# Patched in kernel since v5.15 a295aef603e109a47af355477326bd41151765b6
+# Backported in version v5.4.153 fab338f33c25c4816ca0b2d83a04a0097c2c4aaf
+# Backported in version v5.10.73 9763ffd4da217adfcbdcd519e9f434dfa3952fc3
+CVE_CHECK_WHITELIST += "CVE-2021-20321"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-23133
+# Patched in kernel since v5.13 34e5b01186858b36c4d7c87e1a025071e8e2401f
+# Backported in version v5.4.119 3fe9ee040fb7332e2b4cc04c85561eced0a7f227
+# Backported in version v5.10.37 42f1b8653f85924743ea5b57b051a4e1f05b5e43
+CVE_CHECK_WHITELIST += "CVE-2021-23133"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-23134
+# Patched in kernel since v5.13 c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
+# Backported in version v5.4.119 e32352070bcac22be6ed8ab635debc280bb65b8c
+# Backported in version v5.10.37 6b7021ed36dabf29e56842e3408781cd3b82ef6e
+CVE_CHECK_WHITELIST += "CVE-2021-23134"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-27363
+# Patched in kernel since v5.12 688e8128b7a92df982709a4137ea4588d16f24aa
+# Backported in version v5.4.103 ca3afdd0377379f5031f376aec4b0c1b0285b556
+# Backported in version v5.10.21 c71edc5d2480774ec2fec62bb84064aed6d582bd
+CVE_CHECK_WHITELIST += "CVE-2021-27363"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-27364
+# Patched in kernel since v5.12 688e8128b7a92df982709a4137ea4588d16f24aa
+# Backported in version v5.4.103 ca3afdd0377379f5031f376aec4b0c1b0285b556
+# Backported in version v5.10.21 c71edc5d2480774ec2fec62bb84064aed6d582bd
+CVE_CHECK_WHITELIST += "CVE-2021-27364"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-28714
+# Patched in kernel since v5.16 6032046ec4b70176d247a71836186d47b25d1684
+# Backported in version v5.4.168 8bfcd0385211044627f93d170991da1ae5937245
+# Backported in version v5.10.88 525875c410df5d876b9615c44885ca7640aed6f2
+# Backported in version v5.15.11 88449dbe6203c3a91cf1c39ea3032ad61a297bd7
+CVE_CHECK_WHITELIST += "CVE-2021-28714"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-28715
+# Patched in kernel since v5.16 be81992f9086b230623ae3ebbc85ecee4d00a3d3
+# Backported in version v5.4.168 0d99b3c6bd39a0a023e972d8f912fd47698bbbb8
+# Backported in version v5.10.88 88f20cccbeec9a5e83621df5cc2453b5081454dc
+# Backported in version v5.15.11 bd926d189210cd1d5b4e618e45898053be6b4b3b
+CVE_CHECK_WHITELIST += "CVE-2021-28715"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-28950
+# Patched in kernel since v5.12 775c5033a0d164622d9d10dd0f0a5531639ed3ed
+# Backported in version v5.4.107 187ae04636531065cdb4d0f15deac1fe0e812104
+# Backported in version v5.10.25 d955f13ea2120269319d6133d0dd82b66d1eeca3
+CVE_CHECK_WHITELIST += "CVE-2021-28950"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-28964
+# Patched in kernel since v5.12 dbcc7d57bffc0c8cac9dac11bec548597d59a6a5
+# Backported in version v5.4.108 5b3b99525c4f18e543f6ef17ef97c29f5694e8b4
+# Backported in version v5.10.26 38ffe9eaeb7cce383525439f0948f9eb74632e1d
+CVE_CHECK_WHITELIST += "CVE-2021-28964"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-28971
+# Patched in kernel since v5.12 d88d05a9e0b6d9356e97129d4ff9942d765f46ea
+# Backported in version v5.4.108 da326ba3b84aae8ac0513aa4725a49843f2f871e
+# Backported in version v5.10.26 514ea597be8e4b6a787bc34da111c44944fbf5a5
+CVE_CHECK_WHITELIST += "CVE-2021-28971"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-28972
+# Patched in kernel since v5.12 cc7a0bb058b85ea03db87169c60c7cfdd5d34678
+# Backported in version v5.4.108 51a2b19b554c8c75ee2d253b87240309cd81f1fc
+# Backported in version v5.10.26 be1f58e58f7644ab33f1413685c84173766408d3
+CVE_CHECK_WHITELIST += "CVE-2021-28972"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-29265
+# Patched in kernel since v5.12 9380afd6df70e24eacbdbde33afc6a3950965d22
+# Backported in version v5.4.106 8698133003cfb67e0f04dd044c954198e421b152
+# Backported in version v5.10.24 ab5c3186686aa87c741381d10a948817f1deb9b2
+CVE_CHECK_WHITELIST += "CVE-2021-29265"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-29647
+# Patched in kernel since v5.12 50535249f624d0072cd885bcdce4e4b6fb770160
+# Backported in version v5.4.109 ae23957bd1fb3184a9935bd99c5ad2351a59d7c8
+# Backported in version v5.10.27 fce6fb90218935f7319265459484b3762c80d0a8
+CVE_CHECK_WHITELIST += "CVE-2021-29647"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-29650
+# Patched in kernel since v5.12 175e476b8cdf2a4de7432583b49c871345e4f8a1
+# Backported in version v5.4.109 19a5fb4ceada903e692de96b8aa8494179abbf0b
+# Backported in version v5.10.27 3fdebc2d8e7965f946a3d716ffdd482e66c1f46c
+CVE_CHECK_WHITELIST += "CVE-2021-29650"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-30002
+# Patched in kernel since v5.12 fb18802a338b36f675a388fc03d2aa504a0d0899
+# Backported in version v5.4.103 027ddd67f68583a178a9bd65220611e9f978f014
+# Backported in version v5.10.21 5400770e31e8b80efc25b4c1d619361255174d11
+CVE_CHECK_WHITELIST += "CVE-2021-30002"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-31916
+# Patched in kernel since v5.12 4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a
+# Backported in version v5.4.109 e6587d142d0214eb466f9978e25f0575c19b1ea0
+# Backported in version v5.10.27 921aae17bb0f02181fa05cf5580ebc855fdbd74d
+CVE_CHECK_WHITELIST += "CVE-2021-31916"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-32399
+# Patched in kernel since v5.13 e2cb6b891ad2b8caa9131e3be70f45243df82a80
+# Backported in version v5.4.119 eeec325c9944b4427f482018d00b737220c31fd9
+# Backported in version v5.10.37 2d84ef4e6569a818f912d93d5345c21542807ac7
+CVE_CHECK_WHITELIST += "CVE-2021-32399"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-33656
+# Patched in kernel since v5.12 ff2047fb755d4415ec3c70ac799889371151796d
+# Backported in version v5.4.202 c87e851b23e5cb2ba90a3049ef38340ed7d5746f
+# Backported in version v5.10.127 3acb7dc242ca25eb258493b513ef2f4b0f2a9ad1
+CVE_CHECK_WHITELIST += "CVE-2021-33656"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-34693
+# Patched in kernel since v5.13 5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc
+# Backported in version v5.4.128 c297559a2a2a6b6f0de61ed333a978a118b0e660
+# Backported in version v5.10.46 acb755be1f7adb204dcedc4d3b204ef098628623
+CVE_CHECK_WHITELIST += "CVE-2021-34693"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-35039
+# Patched in kernel since v5.13 0c18f29aae7ce3dadd26d8ee3505d07cc982df75
+# Backported in version v5.4.129 e2dc07ca4e0148d75963e14d2b78afc12426a487
+# Backported in version v5.10.47 3051f230f19feb02dfe5b36794f8c883b576e184
+CVE_CHECK_WHITELIST += "CVE-2021-35039"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-37159
+# Patched in kernel since v5.14 a6ecfb39ba9d7316057cea823b196b734f6b18ca
+# Backported in version v5.4.151 fe57d53dd91d7823f1ceef5ea8e9458a4aeb47fa
+# Backported in version v5.10.54 115e4f5b64ae8d9dd933167cafe2070aaac45849
+CVE_CHECK_WHITELIST += "CVE-2021-37159"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-38160
+# Patched in kernel since v5.14 d00d8da5869a2608e97cfede094dfc5e11462a46
+# Backported in version v5.4.134 52bd1bce8624acb861fa96b7c8fc2e75422dc8f7
+# Backported in version v5.10.52 f6ec306b93dc600a0ab3bb2693568ef1cc5f7f7a
+CVE_CHECK_WHITELIST += "CVE-2021-38160"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-38198
+# Patched in kernel since v5.13 b1bd5cba3306691c771d558e94baa73e8b0b96b7
+# Backported in version v5.4.141 d28adaabbbf4a6949d0f6f71daca6744979174e2
+# Backported in version v5.10.44 6b6ff4d1f349cb35a7c7d2057819af1b14f80437
+CVE_CHECK_WHITELIST += "CVE-2021-38198"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-38199
+# Patched in kernel since v5.14 dd99e9f98fbf423ff6d365b37a98e8879170f17c
+# Backported in version v5.4.134 81e03fe5bf8f5f66b8a62429fb4832b11ec6b272
+# Backported in version v5.10.52 ff4023d0194263a0827c954f623c314978cf7ddd
+CVE_CHECK_WHITELIST += "CVE-2021-38199"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-38204
+# Patched in kernel since v5.14 b5fdf5c6e6bee35837e160c00ac89327bdad031b
+# Backported in version v5.4.136 863d071dbcd54dacf47192a1365faec46b7a68ca
+# Backported in version v5.10.54 7af54a4e221e5619a87714567e2258445dc35435
+CVE_CHECK_WHITELIST += "CVE-2021-38204"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-38205
+# Patched in kernel since v5.14 d0d62baa7f505bd4c59cd169692ff07ec49dde37
+# Backported in version v5.4.141 38b8485b72cbe4521fd2e0b8770e3d78f9b89e60
+# Backported in version v5.10.59 25cff25ec60690247db8138cd1af8b867df2c489
+CVE_CHECK_WHITELIST += "CVE-2021-38205"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-38207
+# Patched in kernel since v5.13 c364df2489b8ef2f5e3159b1dff1ff1fdb16040d
+# Backported in version v5.4.128 b6c0ab11c88fb016bfc85fa4f6f878f5f4263646
+# Backported in version v5.10.46 cfe403f209b11fad123a882100f0822a52a7630f
+CVE_CHECK_WHITELIST += "CVE-2021-38207"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-38208
+# Patched in kernel since v5.13 4ac06a1e013cf5fdd963317ffd3b968560f33bba
+# Backported in version v5.4.125 5d4c4b06ed9fb7a69d0b2e2a73fc73226d25ab70
+# Backported in version v5.10.43 48ee0db61c8299022ec88c79ad137f290196cac2
+CVE_CHECK_WHITELIST += "CVE-2021-38208"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-38209
+# Patched in kernel since v5.13 2671fa4dc0109d3fb581bc3078fdf17b5d9080f6
+# Backported in version v5.4.120 baea536cf51f8180ab993e374cb134b5edad25e2
+# Backported in version v5.10.35 d3598eb3915cc0c0d8cab42f4a6258ff44c4033e
+CVE_CHECK_WHITELIST += "CVE-2021-38209"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-40490
+# Patched in kernel since v5.15 a54c4613dac1500b40e4ab55199f7c51f028e848
+# Backported in version v5.4.145 9b3849ba667af99ee99a7853a021a7786851b9fd
+# Backported in version v5.10.63 09a379549620f122de3aa4e65df9329976e4cdf5
+CVE_CHECK_WHITELIST += "CVE-2021-40490"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-41864
+# Patched in kernel since v5.15 30e29a9a2bc6a4888335a6ede968b75cd329657a
+# Backported in version v5.4.153 b14f28126c51533bb329379f65de5b0dd689b13a
+# Backported in version v5.10.73 064faa8e8a9b50f5010c5aa5740e06d477677a89
+CVE_CHECK_WHITELIST += "CVE-2021-41864"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-42008
+# Patched in kernel since v5.14 19d1532a187669ce86d5a2696eb7275310070793
+# Backported in version v5.4.143 a73b9aa142691c2ae313980a8734997a78f74b22
+# Backported in version v5.10.61 85e0518f181a0ff060f5543d2655fb841a83d653
+CVE_CHECK_WHITELIST += "CVE-2021-42008"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-42252
+# Patched in kernel since v5.15 b49a0e69a7b1a68c8d3f64097d06dabb770fec96
+# Backported in version v5.4.148 2712f29c44f18db826c7e093915a727b6f3a20e4
+# Backported in version v5.10.67 3fdf2feb6cbe76c6867224ed8527b356e805352c
+CVE_CHECK_WHITELIST += "CVE-2021-42252"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-42739
+# Patched in kernel since v5.16 35d2969ea3c7d32aee78066b1f3cf61a0d935a4e
+# Backported in version v5.4.158 2461f38384d50dd966e1db44fe165b1896f5df5a
+# Backported in version v5.10.78 d7fc85f6104259541ec136199d3bf7c8a736613d
+# Backported in version v5.15.1 cb667140875a3b1db92e4c50b4617a7cbf84659b
+CVE_CHECK_WHITELIST += "CVE-2021-42739"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-43389
+# Patched in kernel since v5.15 1f3e2e97c003f80c4b087092b225c8787ff91e4d
+# Backported in version v5.4.156 285e9210b1fab96a11c0be3ed5cea9dd48b6ac54
+# Backported in version v5.10.76 7f221ccbee4ec662e2292d490a43ce6c314c4594
+CVE_CHECK_WHITELIST += "CVE-2021-43389"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-43975
+# Patched in kernel since v5.16 b922f622592af76b57cbc566eaeccda0b31a3496
+# Backported in version v5.4.164 89d15a2e40d7edaaa16da2763b349dd7b056cc09
+# Backported in version v5.10.84 2c514d25003ac89bb7716bb4402918ccb141f8f5
+# Backported in version v5.15.7 cec49b6dfdb0b9fefd0f17c32014223f73ee2605
+CVE_CHECK_WHITELIST += "CVE-2021-43975"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-43976
+# Patched in kernel since v5.17 04d80663f67ccef893061b49ec8a42ff7045ae84
+# Backported in version v5.4.174 ae56c5524a750fd8cf32565cb3902ce5baaeb4e6
+# Backported in version v5.10.94 6036500fdf77caaca9333003f78d25a3d61c4e40
+# Backported in version v5.15.17 b2762757f4e484f8a164546f93aca82568d87649
+CVE_CHECK_WHITELIST += "CVE-2021-43976"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-44733
+# Patched in kernel since v5.16 dfd0743f1d9ea76931510ed150334d571fbab49d
+# Backported in version v5.4.170 940e68e57ab69248fabba5889e615305789db8a7
+# Backported in version v5.10.89 c05d8f66ec3470e5212c4d08c46d6cb5738d600d
+# Backported in version v5.15.12 492eb7afe858d60408b2da09adc78540c4d16543
+CVE_CHECK_WHITELIST += "CVE-2021-44733"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-45095
+# Patched in kernel since v5.16 bcd0f93353326954817a4f9fa55ec57fb38acbb0
+# Backported in version v5.4.171 2a6a811a45fde5acb805ead4d1e942be3875b302
+# Backported in version v5.10.91 4f260ea5537db35d2eeec9bca78a74713078a544
+# Backported in version v5.15.14 9ca97a693aa8b86e8424f0047198ea3ab997d50f
+CVE_CHECK_WHITELIST += "CVE-2021-45095"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-45480
+# Patched in kernel since v5.16 5f9562ebe710c307adc5f666bf1a2162ee7977c0
+# Backported in version v5.4.168 166f0adf7e7525c87595ceadb21a91e2a9519a1e
+# Backported in version v5.10.88 74dc97dfb276542f12746d706abef63364d816bb
+# Backported in version v5.15.11 68014890e4382ff9192e1357be39b7d0455665fa
+CVE_CHECK_WHITELIST += "CVE-2021-45480"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-45485
+# Patched in kernel since v5.14 62f20e068ccc50d6ab66fdb72ba90da2b9418c99
+# Backported in version v5.4.133 ccde03a6a0fbdc3c0ba81930e629b8b14974cce4
+# Backported in version v5.10.51 8f939b79579715b195dc3ad36669707fce6853ee
+CVE_CHECK_WHITELIST += "CVE-2021-45485"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-45486
+# Patched in kernel since v5.13 aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba
+# Backported in version v5.4.119 fee81285bd09ec2080ce2cbb5063aad0e58eb272
+# Backported in version v5.10.37 a273c27d7255fc527023edeb528386d1b64bedf5
+CVE_CHECK_WHITELIST += "CVE-2021-45486"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-45868
+# Patched in kernel since v5.16 9bf3d20331295b1ecb81f4ed9ef358c51699a050
+# Backported in version v5.4.160 10b808307d37d09b132fc086002bc1aa9910d315
+# Backported in version v5.10.80 ceeb0a8a8716a1c72af3fa4d4f98c3aced32b037
+# Backported in version v5.15.3 332db0909293f3f4d853ee2ea695272c75082d87
+CVE_CHECK_WHITELIST += "CVE-2021-45868"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0322
+# Patched in kernel since v5.15 a2d859e3fc97e79d907761550dbc03ff1b36479c
+# Backported in version v5.4.155 d88774539539dcbf825a25e61234f110513f5963
+# Backported in version v5.10.75 d84a69ac410f6228873d05d35120f6bdddab7fc3
+CVE_CHECK_WHITELIST += "CVE-2022-0322"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0330
+# Patched in kernel since v5.17 7938d61591d33394a21bdd7797a245b65428f44c
+# Backported in version v5.4.175 1b5553c79d52f17e735cd924ff2178a2409e6d0b
+# Backported in version v5.10.95 6a6acf927895c38bdd9f3cd76b8dbfc25ac03e88
+# Backported in version v5.15.18 8a17a077e7e9ecce25c95dbdb27843d2d6c2f0f7
+CVE_CHECK_WHITELIST += "CVE-2022-0330"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0487
+# Patched in kernel since v5.17 bd2db32e7c3e35bd4d9b8bbff689434a50893546
+# Backported in version v5.4.179 3a0a7ec5574b510b067cfc734b8bdb6564b31d4e
+# Backported in version v5.10.100 be93028d306dac9f5b59ebebd9ec7abcfc69c156
+# Backported in version v5.15.23 af0e6c49438b1596e4be8a267d218a0c88a42323
+CVE_CHECK_WHITELIST += "CVE-2022-0487"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0492
+# Patched in kernel since v5.17 24f6008564183aa120d07c03d9289519c2fe02af
+# Backported in version v5.4.177 0e8283cbe4996ae046cd680b3ed598a8f2b0d5d8
+# Backported in version v5.10.97 1fc3444cda9a78c65b769e3fa93455e09ff7a0d3
+# Backported in version v5.15.20 4b1c32bfaa02255a5df602b41587174004996477
+CVE_CHECK_WHITELIST += "CVE-2022-0492"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0494
+# Patched in kernel since v5.17 cc8f7fe1f5eab010191aa4570f27641876fa1267
+# Backported in version v5.4.193 c7337efd1d11acb6f84c68ffee57d3f312e87b24
+# Backported in version v5.10.115 a439819f4797f0846c7cffa9475f44aef23c541f
+# Backported in version v5.15.27 a1ba98731518b811ff90009505c1aebf6e400bc2
+CVE_CHECK_WHITELIST += "CVE-2022-0494"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0812
+# Patched in kernel since v5.8 912288442cb2f431bf3c8cb097a5de83bc6dbac1
+# Backported in version v5.4.53 c8a4452da9f4b09c28d904f70247b097d4c14932
+CVE_CHECK_WHITELIST += "CVE-2022-0812"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0850
+# Patched in kernel since v5.14 ce3aba43599f0b50adbebff133df8d08a3d5fffe
+# Backported in version v5.4.132 ed628b2531196cc76d7c9b730abe4020cad26b0b
+# Backported in version v5.10.50 ea5466f1a77720217a25a859b5a58b618aaba544
+CVE_CHECK_WHITELIST += "CVE-2022-0850"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0854
+# Patched in kernel since v5.18 901c7280ca0d5e2b4a8929fbe0bfb007ac2a6544
+# Backported in version v5.4.196 b2f140a9f980806f572d672e1780acea66b9a25c
+# Backported in version v5.10.118 f3f2247ac31cb71d1f05f56536df5946c6652f4a
+# Backported in version v5.15.33 7007c894631cf43041dcfa0da7142bbaa7eb673c
+CVE_CHECK_WHITELIST += "CVE-2022-0854"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1011
+# Patched in kernel since v5.17 0c4bcfdecb1ac0967619ee7ff44871d93c08c909
+# Backported in version v5.4.185 a9174077febfb1608ec3361622bf5f91e2668d7f
+# Backported in version v5.10.106 ab5595b45f732212b3b1974041b43a257153edb7
+# Backported in version v5.15.29 ca62747b38f59d4e75967ebf63c992de8852ca1b
+CVE_CHECK_WHITELIST += "CVE-2022-1011"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1016
+# Patched in kernel since v5.18 4c905f6740a365464e91467aa50916555b28213d
+# Backported in version v5.4.188 06f0ff82c70241a766a811ae1acf07d6e2734dcb
+# Backported in version v5.10.109 2c74374c2e88c7b7992bf808d9f9391f7452f9d9
+# Backported in version v5.15.32 fafb904156fbb8f1dd34970cd5223e00b47c33be
+CVE_CHECK_WHITELIST += "CVE-2022-1016"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1055
+# Patched in kernel since v5.17 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
+# Backported in version v5.4.177 b1d17e920dfcd4b56fa2edced5710c191f7e50b5
+# Backported in version v5.10.97 e7be56926397cf9d992be8913f74a76152f8f08d
+# Backported in version v5.15.20 f36cacd6c933183c1a8827d5987cf2cfc0a44c76
+CVE_CHECK_WHITELIST += "CVE-2022-1055"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1195
+# Patched in kernel since v5.16 b2f37aead1b82a770c48b5d583f35ec22aabb61e
+# Backported in version v5.4.169 a5c6a13e9056d87805ba3042c208fbd4164ad22b
+# Backported in version v5.10.89 7dd52af1eb5798f590d9d9e1c56ed8f5744ee0ca
+# Backported in version v5.15.12 03d00f7f1815ec00dab5035851b3de83afd054a8
+CVE_CHECK_WHITELIST += "CVE-2022-1195"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1198
+# Patched in kernel since v5.17 efe4186e6a1b54bf38b9e05450d43b0da1fd7739
+# Backported in version v5.4.189 28c8fd84bea13cbf238d7b19d392de2fcc31331c
+# Backported in version v5.10.110 f67a1400788f550d201c71aeaf56706afe57f0da
+# Backported in version v5.15.33 3eb18f8a1d02a9462a0e4903efc674ca3d0406d1
+CVE_CHECK_WHITELIST += "CVE-2022-1198"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1199
+# Patched in kernel since v5.17 71171ac8eb34ce7fe6b3267dce27c313ab3cb3ac
+# Backported in version v5.4.185 0a64aea5fe023cf1e4973676b11f49038b1f045b
+# Backported in version v5.10.106 e2201ef32f933944ee02e59205adb566bafcdf91
+# Backported in version v5.15.29 46ad629e58ce3a88c924ff3c5a7e9129b0df5659
+CVE_CHECK_WHITELIST += "CVE-2022-1199"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1353
+# Patched in kernel since v5.17 9a564bccb78a76740ea9d75a259942df8143d02c
+# Backported in version v5.4.189 ef388db2fe351230ff7194b37d507784bef659ec
+# Backported in version v5.10.110 8d3f4ad43054619379ccc697cfcbdb2c266800d8
+# Backported in version v5.15.33 d06ee4572fd916fbb34d16dc81eb37d1dff83446
+CVE_CHECK_WHITELIST += "CVE-2022-1353"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1419
+# Patched in kernel since v5.6 4b848f20eda5974020f043ca14bacf7a7e634fc8
+# Backported in version v5.4.21 3ea7f138cec139be98f8bb9fc1a6b432003f834e
+CVE_CHECK_WHITELIST += "CVE-2022-1419"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1462
+# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23
+# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132
+# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c
+# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29
+CVE_CHECK_WHITELIST += "CVE-2022-1462"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1734
+# Patched in kernel since v5.18 d270453a0d9ec10bb8a802a142fb1b3601a83098
+# Backported in version v5.4.193 33d3e76fc7a7037f402246c824d750542e2eb37f
+# Backported in version v5.10.115 1961c5a688edb53fe3bc25cbda57f47adf12563c
+# Backported in version v5.15.39 b8f2b836e7d0a553b886654e8b3925a85862d2eb
+CVE_CHECK_WHITELIST += "CVE-2022-1734"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2196
+# Patched in kernel since v6.2 2e7eab81425ad6c875f2ed47c0ce01e78afc38a5
+# Backported in version v5.4.233 f93a1a5bdcdd122aae0a3eab7a52c15b71fb725b
+# Backported in version v5.10.170 1b0cafaae8884726c597caded50af185ffc13349
+# Backported in version v5.15.96 6b539a7dbb49250f92515c2ba60aea239efc9e35
+# Backported in version v6.1.14 63fada296062e91ad9f871970d4e7f19e21a6a15
+CVE_CHECK_WHITELIST += "CVE-2022-2196"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2318
+# Patched in kernel since v5.19 9cc02ede696272c5271a401e4f27c262359bc2f6
+# Backported in version v5.4.204 bb91556d2af066f8ca2e7fd8e334d652e731ee29
+# Backported in version v5.10.129 8f74cb27c2b4872fd14bf046201fa7b36a46885e
+# Backported in version v5.15.53 659d39545260100628d8a30020d09fb6bf63b915
+CVE_CHECK_WHITELIST += "CVE-2022-2318"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2380
+# Patched in kernel since v5.18 bd771cf5c4254511cc4abb88f3dab3bd58bdf8e8
+# Backported in version v5.4.189 478154be3a8c21ff106310bb1037b1fc9d81dc62
+# Backported in version v5.10.110 72af8810922eb143ed4f116db246789ead2d8543
+# Backported in version v5.15.33 46cdbff26c88fd75dccbf28df1d07cbe18007eac
+CVE_CHECK_WHITELIST += "CVE-2022-2380"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2503
+# Patched in kernel since v5.19 4caae58406f8ceb741603eee460d79bacca9b1b5
+# Backported in version v5.4.197 fd2f7e9984850a0162bfb6948b98ffac9fb5fa58
+# Backported in version v5.10.120 8df42bcd364cc3b41105215d841792aea787b133
+# Backported in version v5.15.45 69712b170237ec5979f168149cd31e851a465853
+CVE_CHECK_WHITELIST += "CVE-2022-2503"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2663
+# Patched in kernel since v6.0 e8d5dfd1d8747b56077d02664a8838c71ced948e
+# Backported in version v5.4.215 d0a24bc8e2aa703030d80affa3e5237fe3ad4dd2
+# Backported in version v5.10.146 9a5d7e0acb41bb2aac552f8eeb4b404177f3f66d
+# Backported in version v5.15.71 dc33ffbc361e2579a8f31b8724ef85d4117440e4
+# Backported in version v5.19.12 510ea9eae5ee45f4e443023556532bda99387351
+CVE_CHECK_WHITELIST += "CVE-2022-2663"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2873
+# Patched in kernel since v6.2 39244cc754829bf707dccd12e2ce37510f5b1f8d
+# Backported in version v5.4.229 cdcbae2c5003747ddfd14e29db9c1d5d7e7c44dd
+# Backported in version v5.10.163 9ac541a0898e8ec187a3fa7024b9701cffae6bf2
+# Backported in version v5.15.86 96c12fd0ec74641295e1c3c34dea3dce1b6c3422
+# Backported in version v6.1.2 233348a04becf133283f0076e20b317302de21d9
+CVE_CHECK_WHITELIST += "CVE-2022-2873"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3028
+# Patched in kernel since v6.0 ba953a9d89a00c078b85f4b190bc1dde66fe16b5
+# Backported in version v5.4.212 8ee27a4f0f1ad36d430221842767880df6494147
+# Backported in version v5.10.140 c5c4d4c9806dadac7bc82f9c29ef4e1b78894775
+# Backported in version v5.15.64 103bd319c0fc90f1cb013c3a508615e6df8af823
+# Backported in version v5.19.6 6901885656c029c976498290b52f67f2c251e6a0
+CVE_CHECK_WHITELIST += "CVE-2022-3028"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3105
+# Patched in kernel since v5.16 7694a7de22c53a312ea98960fcafc6ec62046531
+# Backported in version v5.4.171 7646a340b25bb68cfb6d2e087a608802346d0f7b
+# Backported in version v5.10.91 16e5cad6eca1e506c38c39dc256298643fa1852a
+# Backported in version v5.15.14 0ea8bb0811ba0ec22903cbb48ff2cd872382e8d4
+CVE_CHECK_WHITELIST += "CVE-2022-3105"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3107
+# Patched in kernel since v5.17 886e44c9298a6b428ae046e2fa092ca52e822e6a
+# Backported in version v5.4.187 b01e2df5fbf68719dfb8e766c1ca6089234144c2
+# Backported in version v5.10.108 9b763ceda6f8963cc99df5772540c54ba46ba37c
+# Backported in version v5.15.31 ab0ab176183191cffc69fe9dd8ac6c8db23f60d3
+CVE_CHECK_WHITELIST += "CVE-2022-3107"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3111
+# Patched in kernel since v5.18 6dee930f6f6776d1e5a7edf542c6863b47d9f078
+# Backported in version v5.4.189 90bec38f6a4c81814775c7f3dfc9acf281d5dcfa
+# Backported in version v5.10.110 48d23ef90116c8c702bfa4cad93744e4e5588d7d
+# Backported in version v5.15.33 4124966fbd95eeecca26d52433f393e2b9649a33
+CVE_CHECK_WHITELIST += "CVE-2022-3111"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3115
+# Patched in kernel since v5.19 73c3ed7495c67b8fbdc31cf58e6ca8757df31a33
+# Backported in version v5.4.198 fa0d7ba25a53ac2e4bb24ef31aec49ff3578b44f
+# Backported in version v5.10.121 b4c7dd0037e6aeecad9b947b30f0d9eaeda11762
+# Backported in version v5.15.46 4cb37f715f601cee5b026c6f9091a466266b5ba5
+CVE_CHECK_WHITELIST += "CVE-2022-3115"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3202
+# Patched in kernel since v5.18 a53046291020ec41e09181396c1e829287b48d47
+# Backported in version v5.4.189 e19c3149a80e4fc8df298d6546640e01601f3758
+# Backported in version v5.10.111 b9c5ac0a15f24d63b20f899072fa6dd8c93af136
+# Backported in version v5.15.34 d925b7e78b62805fcc5440d1521181c82b6f03cb
+CVE_CHECK_WHITELIST += "CVE-2022-3202"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3303
+# Patched in kernel since v6.0 8423f0b6d513b259fdab9c9bf4aaa6188d054c2d
+# Backported in version v5.4.215 4051324a6dafd7053c74c475e80b3ba10ae672b0
+# Backported in version v5.10.148 fce793a056c604b41a298317cf704dae255f1b36
+# Backported in version v5.15.68 8015ef9e8a0ee5cecfd0cb6805834d007ab26f86
+# Backported in version v5.19.9 723ac5ab2891b6c10dd6cc78ef5456af593490eb
+CVE_CHECK_WHITELIST += "CVE-2022-3303"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3424
+# Patched in kernel since v6.2 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
+# Backported in version v5.4.229 0078dd8758561540ed30b2c5daa1cb647e758977
+# Backported in version v5.10.163 0f67ed565f20ea2fdd98e3b0b0169d9e580bb83c
+# Backported in version v5.15.86 d5c8f9003a289ee2a9b564d109e021fc4d05d106
+# Backported in version v6.1.2 4e947fc71bec7c7da791f8562d5da233b235ba5e
+CVE_CHECK_WHITELIST += "CVE-2022-3424"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3435
+# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883
+# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
+# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e
+# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133
+CVE_CHECK_WHITELIST += "CVE-2022-3435"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3521
+# Patched in kernel since v6.1 ec7eede369fe5b0d085ac51fdbb95184f87bfc6c
+# Backported in version v5.4.225 ad39d09190a545d0f05ae0a82900eee96c5facea
+# Backported in version v5.10.156 7deb7a9d33e4941c5ff190108146d3a56bf69e9d
+# Backported in version v5.15.80 27d706b0d394a907ff8c4f83ffef9d3e5817fa84
+CVE_CHECK_WHITELIST += "CVE-2022-3521"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3545
+# Patched in kernel since v6.0 02e1a114fdb71e59ee6770294166c30d437bf86a
+# Backported in version v5.4.228 3c837460f920a63165961d2b88b425703f59affb
+# Backported in version v5.10.160 eb6313c12955c58c3d3d40f086c22e44ca1c9a1b
+# Backported in version v5.15.84 9d933af8fef33c32799b9f2d3ff6bf58a63d7f24
+CVE_CHECK_WHITELIST += "CVE-2022-3545"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3564
+# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966
+# Backported in version v5.4.224 4cd094fd5d872862ca278e15b9b51b07e915ef3f
+# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569
+# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde
+CVE_CHECK_WHITELIST += "CVE-2022-3564"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3586
+# Patched in kernel since v6.0 9efd23297cca530bb35e1848665805d3fcdd7889
+# Backported in version v5.4.213 279c7668e354fa151d5fd2e8c42b5153a1de3135
+# Backported in version v5.10.143 2ee85ac1b29dbd2ebd2d8e5ac1dd5793235d516b
+# Backported in version v5.15.68 1a889da60afc017050e1f517b3b976b462846668
+# Backported in version v5.19.9 8f796f36f5ba839c11eb4685150ebeed496c546f
+CVE_CHECK_WHITELIST += "CVE-2022-3586"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3594
+# Patched in kernel since v6.1 93e2be344a7db169b7119de21ac1bf253b8c6907
+# Backported in version v5.4.220 61fd56b0a1a3e923aced4455071177778dd59e88
+# Backported in version v5.10.150 484400d433ca1903a87268c55f019e932297538a
+# Backported in version v5.15.75 b3179865cf7e892b26eedab3d6c54b4747c774a2
+# Backported in version v5.19.17 2e896abccf99fef76691d8e1019bd44105a12e1f
+CVE_CHECK_WHITELIST += "CVE-2022-3594"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3621
+# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856
+# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c
+# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2
+# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55
+# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd
+CVE_CHECK_WHITELIST += "CVE-2022-3621"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3623
+# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f
+# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c
+# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850
+# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff
+# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54
+CVE_CHECK_WHITELIST += "CVE-2022-3623"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3629
+# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d
+# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d
+# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50
+# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795
+# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72
+CVE_CHECK_WHITELIST += "CVE-2022-3629"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3633
+# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6
+# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93
+# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027
+# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2
+# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de
+CVE_CHECK_WHITELIST += "CVE-2022-3633"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3635
+# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b
+# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253
+# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e
+# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4
+# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835
+CVE_CHECK_WHITELIST += "CVE-2022-3635"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3646
+# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306
+# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393
+# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee
+# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc
+# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570
+CVE_CHECK_WHITELIST += "CVE-2022-3646"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3649
+# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09
+# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926
+# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652
+# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006
+# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4
+CVE_CHECK_WHITELIST += "CVE-2022-3649"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3707
+# Patched in kernel since v6.2 4a61648af68f5ba4884f0e3b494ee1cabc4b6620
+# Backported in version v5.4.233 787ef0db014085df8691e5aeb58ab0bb081e5ff0
+# Backported in version v5.10.170 3d743415c6fb092167df6c23e9c7e9f6df7db625
+# Backported in version v5.15.96 0d3d5099a50badadad6837edda00e42149b2f657
+# Backported in version v6.1.5 1022519da69d99d455c58ca181a6c499c562c70e
+CVE_CHECK_WHITELIST += "CVE-2022-3707"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4095
+# Patched in kernel since v6.0 e230a4455ac3e9b112f0367d1b8e255e141afae0
+# Backported in version v5.4.213 d0aac7146e96bf39e79c65087d21dfa02ef8db38
+# Backported in version v5.10.142 19e3f69d19801940abc2ac37c169882769ed9770
+# Backported in version v5.15.66 dc02aaf950015850e7589696521c7fca767cea77
+# Backported in version v5.19.8 b1727def850904e4b8ba384043775672841663a1
+CVE_CHECK_WHITELIST += "CVE-2022-4095"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4139
+# Patched in kernel since v6.1 04aa64375f48a5d430b5550d9271f8428883e550
+# Backported in version v5.4.226 3659e33c1e4f8cfc62c6c15aca5d797010c277a4
+# Backported in version v5.10.157 86f0082fb9470904b15546726417f28077088fee
+# Backported in version v5.15.81 ee2d04f23bbb16208045c3de545c6127aaa1ed0e
+CVE_CHECK_WHITELIST += "CVE-2022-4139"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4382
+# Patched in kernel since v6.2 d18dcfe9860e842f394e37ba01ca9440ab2178f4
+# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae
+# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4
+# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9
+# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3
+CVE_CHECK_WHITELIST += "CVE-2022-4382"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4662
+# Patched in kernel since v6.0 9c6d778800b921bde3bff3cff5003d1650f942d1
+# Backported in version v5.4.213 df1875084898b15cbc42f712e93d7f113ae6271b
+# Backported in version v5.10.142 abe3cfb7a7c8e907b312c7dbd7bf4d142b745aa8
+# Backported in version v5.15.66 c548b99e1c37db6f7df86ecfe9a1f895d6c5966e
+# Backported in version v5.19.8 d5eb850b3e8836197a38475840725260b9783e94
+CVE_CHECK_WHITELIST += "CVE-2022-4662"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-24448
+# Patched in kernel since v5.17 ac795161c93699d600db16c1a8cc23a65a1eceaf
+# Backported in version v5.4.176 0dfacee40021dcc0a9aa991edd965addc04b9370
+# Backported in version v5.10.96 ce8c552b88ca25d775ecd0a0fbef4e0e03de9ed2
+# Backported in version v5.15.19 4c36ca387af4a9b5d775e46a6cb9dc2d151bf057
+CVE_CHECK_WHITELIST += "CVE-2022-24448"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-24959
+# Patched in kernel since v5.17 29eb31542787e1019208a2e1047bb7c76c069536
+# Backported in version v5.4.176 7afc09c8915b0735203ebcb8d766d7db37b794c0
+# Backported in version v5.10.96 729e54636b3ebefb77796702a5b1f1ed5586895e
+# Backported in version v5.15.19 0690c3943ed0fa76654e600eca38cde6a13c87ac
+CVE_CHECK_WHITELIST += "CVE-2022-24959"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-25258
+# Patched in kernel since v5.17 75e5b4849b81e19e9efe1654b30d7f3151c33c2c
+# Backported in version v5.4.180 38fd68f55a7ef57fb9cc3102ac65d1ac474a1a18
+# Backported in version v5.10.101 22ec1004728548598f4f5b4a079a7873409eacfd
+# Backported in version v5.15.24 3e33e5c67cb9ebd2b791b9a9fb2b71daacebd8d4
+CVE_CHECK_WHITELIST += "CVE-2022-25258"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-25375
+# Patched in kernel since v5.17 38ea1eac7d88072bbffb630e2b3db83ca649b826
+# Backported in version v5.4.180 c9e952871ae47af784b4aef0a77db02e557074d6
+# Backported in version v5.10.101 fb4ff0f96de37c44236598e8b53fe43b1df36bf3
+# Backported in version v5.15.24 2da3b0ab54fb7f4d7c5a82757246d0ee33a47197
+CVE_CHECK_WHITELIST += "CVE-2022-25375"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-25636
+# Patched in kernel since v5.17 b1a5983f56e371046dcf164f90bfaf704d2b89f6
+# Backported in version v5.4.182 49c011a44edd14adb555dbcbaf757f52b1f2f748
+# Backported in version v5.10.103 68f19845f580a1d3ac1ef40e95b0250804e046bb
+# Backported in version v5.15.26 6c5d780469d6c3590729940e2be8a3bd66ea4814
+CVE_CHECK_WHITELIST += "CVE-2022-25636"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-26365
+# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7
+# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506
+# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1
+# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9
+CVE_CHECK_WHITELIST += "CVE-2022-26365"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-26490
+# Patched in kernel since v5.17 4fbcc1a4cb20fe26ad0225679c536c80f1648221
+# Backported in version v5.4.188 0aef7184630b599493a0dcad4eec6d42b3e68e91
+# Backported in version v5.10.109 25c23fe40e6e1ef8e6d503c52b4f518b2e520ab7
+# Backported in version v5.15.32 a34c47b1ab07153a047476de83581dc822287f39
+CVE_CHECK_WHITELIST += "CVE-2022-26490"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-26966
+# Patched in kernel since v5.17 e9da0b56fe27206b49f39805f7dcda8a89379062
+# Backported in version v5.4.182 b95d71abeb7d31d4d51cd836d80f99fd783fd6d5
+# Backported in version v5.10.103 4f5f5411f0c14ac0b61d5e6a77d996dd3d5b5fd3
+# Backported in version v5.15.26 9f2d614779906f3d8ad4fb882c5b3e5ad6150bbe
+CVE_CHECK_WHITELIST += "CVE-2022-26966"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-27223
+# Patched in kernel since v5.17 7f14c7227f342d9932f9b918893c8814f86d2a0d
+# Backported in version v5.4.182 6b23eda989236fd75b4a9893cc816cd690c29dfc
+# Backported in version v5.10.103 bfa8ffbaaaaf9752f66bc7cabcef2de715e7621f
+# Backported in version v5.15.26 2c775ad1fd5e014b35e483da2aab8400933fb09d
+CVE_CHECK_WHITELIST += "CVE-2022-27223"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-27666
+# Patched in kernel since v5.17 ebe48d368e97d007bfeb76fcb065d6cfc4c96645
+# Backported in version v5.4.188 fee4dfbda68ba10f3bbcf51c861d6aa32f08f9e4
+# Backported in version v5.10.108 9248694dac20eda06e22d8503364dc9d03df4e2f
+# Backported in version v5.15.29 4aaabbffc3b0658ce80eebdde9bafa20a3f932e0
+CVE_CHECK_WHITELIST += "CVE-2022-27666"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-28356
+# Patched in kernel since v5.18 764f4eb6846f5475f1244767d24d25dd86528a4a
+# Backported in version v5.4.188 572f9a0d3f3feb8bd3422e88ad71882bc034b3ff
+# Backported in version v5.10.109 571df3393f523b59cba87e2f3e80a3a624030f9c
+# Backported in version v5.15.32 e9072996108387ab19b497f5b557c93f98d96b0b
+CVE_CHECK_WHITELIST += "CVE-2022-28356"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-28388
+# Patched in kernel since v5.18 3d3925ff6433f98992685a9679613a2cc97f3ce2
+# Backported in version v5.4.191 660784e7194ac2953aebe874c1f75f2441ba3d19
+# Backported in version v5.10.110 5318cdf4fd834856ce71238b064f35386f9ef528
+# Backported in version v5.15.33 f2ce5238904f539648aaf56c5ee49e5eaf44d8fc
+CVE_CHECK_WHITELIST += "CVE-2022-28388"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-28389
+# Patched in kernel since v5.18 04c9b00ba83594a29813d6b1fb8fdc93a3915174
+# Backported in version v5.4.189 2dfe9422d528630e2ce0d454147230cce113f814
+# Backported in version v5.10.110 0801a51d79389282c1271e623613b2e1886e071e
+# Backported in version v5.15.33 37f07ad24866c6c1423b37b131c9a42414bcf8a1
+CVE_CHECK_WHITELIST += "CVE-2022-28389"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-28390
+# Patched in kernel since v5.18 c70222752228a62135cee3409dccefd494a24646
+# Backported in version v5.4.189 e27caad38b59b5b00b9c5228d04c13111229deec
+# Backported in version v5.10.110 b417f9c50586588754b2b0453a1f99520cf7c0e8
+# Backported in version v5.15.33 459b19f42fd5e031e743dfa119f44aba0b62ff97
+CVE_CHECK_WHITELIST += "CVE-2022-28390"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-28893
+# Patched in kernel since v5.18 f00432063db1a0db484e85193eccc6845435b80e
+# Backported in version v5.4.196 2f8f6c393b11b5da059b1fc10a69fc2f2b6c446a
+# Backported in version v5.10.117 e68b60ae29de10c7bd7636e227164a8dbe305a82
+# Backported in version v5.15.41 54f6834b283d9b4d070b0639d9ef5e1d156fe7b0
+CVE_CHECK_WHITELIST += "CVE-2022-28893"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-32250
+# Patched in kernel since v5.19 520778042ccca019f3ffa136dd0ca565c486cedd
+# Backported in version v5.4.198 f36736fbd48491a8d85cd22f4740d542c5a1546e
+# Backported in version v5.10.120 ea62d169b6e731e0b54abda1d692406f6bc6a696
+# Backported in version v5.15.45 f692bcffd1f2ce5488d24fbcb8eab5f351abf79d
+CVE_CHECK_WHITELIST += "CVE-2022-32250"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-32296
+# Patched in kernel since v5.18 4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5
+# Backported in version v5.4.201 c26e1addf15763ae404f4bbf131719a724e768ab
+# Backported in version v5.10.125 9429b75bc271b6f29e50dbb0ee0751800ff87dd9
+# Backported in version v5.15.41 952a238d779eea4ecb2f8deb5004c8f56be79bc9
+CVE_CHECK_WHITELIST += "CVE-2022-32296"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-32981
+# Patched in kernel since v5.19 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9
+# Backported in version v5.4.198 0c4bc0a2f8257f79a70fe02b9a698eb14695a64b
+# Backported in version v5.10.122 3be74fc0afbeadc2aff8dc69f3bf9716fbe66486
+# Backported in version v5.15.47 2a0165d278973e30f2282c15c52d91788749d2d4
+CVE_CHECK_WHITELIST += "CVE-2022-32981"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33740
+# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010
+# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14
+# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404
+# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961
+CVE_CHECK_WHITELIST += "CVE-2022-33740"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33741
+# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e
+# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd
+# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca
+# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49
+CVE_CHECK_WHITELIST += "CVE-2022-33741"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33742
+# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9
+# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997
+# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6
+# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3
+CVE_CHECK_WHITELIST += "CVE-2022-33742"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33744
+# Patched in kernel since v5.19 b75cd218274e01d026dc5240e86fdeb44bbed0c8
+# Backported in version v5.4.204 5c03cad51b84fb26ccea7fd99130d8ec47949cfc
+# Backported in version v5.10.129 43c8d33ce353091f15312cb6de3531517d7bba90
+# Backported in version v5.15.53 9f83c8f6ab14bbf4311b70bf1b7290d131059101
+CVE_CHECK_WHITELIST += "CVE-2022-33744"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33981
+# Patched in kernel since v5.18 233087ca063686964a53c829d547c7571e3f67bf
+# Backported in version v5.4.192 7dea5913000c6a2974a00d9af8e7ffb54e47eac1
+# Backported in version v5.10.114 54c028cfc49624bfc27a571b94edecc79bbaaab4
+# Backported in version v5.15.37 e52da8e4632f9c8fe78bf1c5881ce6871c7e08f3
+CVE_CHECK_WHITELIST += "CVE-2022-33981"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-36123
+# Patched in kernel since v5.19 38fa5479b41376dc9d7f57e71c83514285a25ca0
+# Backported in version v5.4.207 a3c7c1a726a4c6b63b85e8c183f207543fd75e1b
+# Backported in version v5.10.132 136d7987fcfdeca73ee3c6a29e48f99fdd0f4d87
+# Backported in version v5.15.56 26bb7afc027ce6ac8ab6747babec674d55689ff0
+CVE_CHECK_WHITELIST += "CVE-2022-36123"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-36280
+# Patched in kernel since v6.2 4cf949c7fafe21e085a4ee386bb2dade9067316e
+# Backported in version v5.4.229 94b283341f9f3f0ed56a360533766377a01540e0
+# Backported in version v5.10.163 439cbbc1519547f9a7b483f0de33b556ebfec901
+# Backported in version v5.15.87 6948e570f54f2044dd4da444b10471373a047eeb
+# Backported in version v6.1.4 622d527decaac0eb65512acada935a0fdc1d0202
+CVE_CHECK_WHITELIST += "CVE-2022-36280"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-36879
+# Patched in kernel since v5.19 f85daf0e725358be78dfd208dea5fd665d8cb901
+# Backported in version v5.4.208 f4248bdb7d5c1150a2a6f8c3d3b6da0b71f62a20
+# Backported in version v5.10.134 47b696dd654450cdec3103a833e5bf29c4b83bfa
+# Backported in version v5.15.58 c8e32bca0676ac663266a3b16562cb017300adcd
+CVE_CHECK_WHITELIST += "CVE-2022-36879"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-36946
+# Patched in kernel since v5.19 99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164
+# Backported in version v5.4.209 52be29e8b6455788a4d0f501bd87aa679ca3ba3c
+# Backported in version v5.10.135 440dccd80f627e0e11ceb0429e4cdab61857d17e
+# Backported in version v5.15.59 91c11008aab0282957b8b8ccb0707d90e74cc3b9
+CVE_CHECK_WHITELIST += "CVE-2022-36946"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-39188
+# Patched in kernel since v5.19 b67fbebd4cf980aecbcc750e1462128bffe8ae15
+# Backported in version v5.4.212 c9c5501e815132530d741ec9fdd22657f91656bc
+# Backported in version v5.10.141 895428ee124ad70b9763259308354877b725c31d
+# Backported in version v5.15.65 3ffb97fce282df03723995f5eed6a559d008078e
+CVE_CHECK_WHITELIST += "CVE-2022-39188"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-39842
+# Patched in kernel since v5.19 a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7
+# Backported in version v5.4.215 1878eaf0edb8c9e58a6ca0cf31b7a647ca346be9
+# Backported in version v5.10.145 06e194e1130c98f82d46beb40cdbc88a0d4fd6de
+# Backported in version v5.15.70 ab5140c6ddd7473509e12f468948de91138b124e
+CVE_CHECK_WHITELIST += "CVE-2022-39842"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-40307
+# Patched in kernel since v6.0 9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95
+# Backported in version v5.4.213 8028ff4cdbb3f20d3c1c04be33a83bab0cb94997
+# Backported in version v5.10.143 918d9c4a4bdf5205f2fb3f64dddfb56c9a1d01d6
+# Backported in version v5.15.68 dd291e070be0eca8807476b022bda00c891d9066
+# Backported in version v5.19.9 d46815a8f26ca6db2336106a148265239f73b0af
+CVE_CHECK_WHITELIST += "CVE-2022-40307"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-40768
+# Patched in kernel since v6.1 6022f210461fef67e6e676fd8544ca02d1bcfa7a
+# Backported in version v5.4.218 20a5bde605979af270f94b9151f753ec2caf8b05
+# Backported in version v5.10.148 36b33c63515a93246487691046d18dd37a9f589b
+# Backported in version v5.15.74 76efb4897bc38b2f16176bae27ae801037ebf49a
+# Backported in version v5.19.16 6ae8aa5dcf0d7ada07964c8638e55d3af5896a86
+CVE_CHECK_WHITELIST += "CVE-2022-40768"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41218
+# Patched in kernel since v6.2 fd3d91ab1c6ab0628fe642dd570b56302c30a792
+# Backported in version v5.4.229 a29d6213098816ed4574824b6adae94fb1c0457d
+# Backported in version v5.10.163 3df07728abde249e2d3f47cf22f134cb4d4f5fb1
+# Backported in version v5.15.87 8b45a3b19a2e909e830d09a90a7e1ec8601927d9
+# Backported in version v6.1.4 530ca64b44625f7d39eb1d5efb6f9ff21da991e2
+CVE_CHECK_WHITELIST += "CVE-2022-41218"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41222
+# Patched in kernel since v5.14 97113eb39fa7972722ff490b947d8af023e1f6a2
+# Backported in version v5.4.211 79e522101cf40735f1936a10312e17f937b8dcad
+# Backported in version v5.10.137 2613baa3ab2153cc45b175c58700d93f72ef36c4
+CVE_CHECK_WHITELIST += "CVE-2022-41222"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41849
+# Patched in kernel since v6.1 5610bcfe8693c02e2e4c8b31427f1bdbdecc839c
+# Backported in version v5.4.220 3742e9fd552e6c4193ebc5eb3d2cd02d429cad9c
+# Backported in version v5.10.150 e50472949604f385e09ce3fa4e74dce9f44fb19b
+# Backported in version v5.15.75 2b0897e33682a332167b7d355eec28693b62119e
+# Backported in version v5.19.17 02c871d44090c851b07770176f88c6f5564808a1
+CVE_CHECK_WHITELIST += "CVE-2022-41849"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41850
+# Patched in kernel since v6.1 cacdb14b1c8d3804a3a7d31773bc7569837b71a4
+# Backported in version v5.4.220 e30c3a9a88818e5cf3df3fda6ab8388bef3bc6cd
+# Backported in version v5.10.150 dbcca76435a606a352c794956e6df62eedd3a353
+# Backported in version v5.15.75 c61786dc727d1850336d12c85a032c9a36ae396d
+# Backported in version v5.19.17 2d38886ae0365463cdba3db669170eef1e3d55c0
+CVE_CHECK_WHITELIST += "CVE-2022-41850"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41858
+# Patched in kernel since v5.18 ec4eb8a86ade4d22633e1da2a7d85a846b7d1798
+# Backported in version v5.4.190 d05cd68ed8460cb158cc62c41ffe39fe0ca16169
+# Backported in version v5.10.112 ca24c5e8f0ac3d43ec0cff29e1c861be73aff165
+# Backported in version v5.15.35 efb020924a71391fc12e6f204eaf25694cc116a1
+CVE_CHECK_WHITELIST += "CVE-2022-41858"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42328
+# Patched in kernel since v6.1 74e7e1efdad45580cc3839f2a155174cf158f9b5
+# Backported in version v5.4.227 50e1ab7e638f1009d953658af8f6b2d7813a7883
+# Backported in version v5.10.159 83632fc41449c480f2d0193683ec202caaa186c9
+# Backported in version v5.15.83 5d0fa6fc8899fe842329c0109f8ddd01144b1ed8
+CVE_CHECK_WHITELIST += "CVE-2022-42328"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42329
+# Patched in kernel since v6.1 74e7e1efdad45580cc3839f2a155174cf158f9b5
+# Backported in version v5.4.227 50e1ab7e638f1009d953658af8f6b2d7813a7883
+# Backported in version v5.10.159 83632fc41449c480f2d0193683ec202caaa186c9
+# Backported in version v5.15.83 5d0fa6fc8899fe842329c0109f8ddd01144b1ed8
+CVE_CHECK_WHITELIST += "CVE-2022-42329"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42703
+# Patched in kernel since v6.0 2555283eb40df89945557273121e9393ef9b542b
+# Backported in version v5.4.212 2fe3eee48899a890310177d54537d5b8e255eb31
+# Backported in version v5.10.141 98f401d36396134c0c86e9e3bd00b6b6b028b521
+# Backported in version v5.15.65 c18a209b56e37b2a60414f714bd70b084ef25835
+# Backported in version v5.19.7 7877eaa1131147b4d6a063962f3aac0ab1b8ea1c
+CVE_CHECK_WHITELIST += "CVE-2022-42703"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42721
+# Patched in kernel since v6.1 bcca852027e5878aec911a347407ecc88d6fff7f
+# Backported in version v5.4.218 77bb20ccb9dfc9ed4f9c93788c90d08cfd891cdc
+# Backported in version v5.10.148 b0e5c5deb7880be5b8a459d584e13e1f9879d307
+# Backported in version v5.15.74 0a8ee682e4f992eccce226b012bba600bb2251e2
+# Backported in version v5.19.16 1d73c990e9bafc2754b1ced71345f73f5beb1781
+CVE_CHECK_WHITELIST += "CVE-2022-42721"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42895
+# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e
+# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89
+# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7
+# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422
+CVE_CHECK_WHITELIST += "CVE-2022-42895"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-47929
+# Patched in kernel since v6.2 96398560f26aa07e8f2969d73c8197e6a6d10407
+# Backported in version v5.4.229 9b83ec63d0de7b1f379daa1571e128bc7b9570f8
+# Backported in version v5.10.163 9f7bc28a6b8afc2274e25650511555e93f45470f
+# Backported in version v5.15.88 04941c1d5bb59d64165e09813de2947bdf6f4f28
+# Backported in version v6.1.6 e8988e878af693ac13b0fa80ba2e72d22d68f2dd
+CVE_CHECK_WHITELIST += "CVE-2022-47929"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0394
+# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17
+# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d
+# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5
+# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf
+# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
+CVE_CHECK_WHITELIST += "CVE-2023-0394"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0458
+# Patched in kernel since v6.2 739790605705ddcf18f21782b9c99ad7d53a8c11
+# Backported in version v5.4.230 96b02125dd68d77e28a29488e6f370a5eac7fb1c
+# Backported in version v5.10.165 9f8e45720e0e7edb661d0082422f662ed243d8d8
+# Backported in version v5.15.90 f01aefe374d32c4bb1e5fd1e9f931cf77fca621a
+# Backported in version v6.1.8 91185568c99d60534bacf38439846103962d1e2c
+CVE_CHECK_WHITELIST += "CVE-2023-0458"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0461
+# Patched in kernel since v6.2 2c02d41d71f90a5168391b6a5f2954112ba2307c
+# Backported in version v5.4.229 c6d29a5ffdbc362314853462a0e24e63330a654d
+# Backported in version v5.10.163 f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0
+# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6
+# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c
+CVE_CHECK_WHITELIST += "CVE-2023-0461"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1073
+# Patched in kernel since v6.2 b12fece4c64857e5fab4290bf01b2e0317a88456
+# Backported in version v5.4.231 89e7fe3999e057c91f157b6ba663264f4cdfcb55
+# Backported in version v5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58
+# Backported in version v5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64
+# Backported in version v6.1.9 cdcdc0531a51659527fea4b4d064af343452062d
+CVE_CHECK_WHITELIST += "CVE-2023-1073"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1074
+# Patched in kernel since v6.2 458e279f861d3f61796894cd158b780765a1569f
+# Backported in version v5.4.231 a7585028ac0a5836f39139c11594d79ede97d975
+# Backported in version v5.10.166 6ef652f35dcfaa1ab2b2cf6c1694718595148eee
+# Backported in version v5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32
+# Backported in version v6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3
+CVE_CHECK_WHITELIST += "CVE-2023-1074"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1077
+# Patched in kernel since v6.3 7c4a5b89a0b5a57a64b601775b296abf77a9fe97
+# Backported in version v5.4.235 084cd75643b61fb924f70cba98a71dea14942938
+# Backported in version v5.10.173 80a1751730b302d8ab63a084b2fa52c820ad0273
+# Backported in version v5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7
+# Backported in version v6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3
+# Backported in version v6.2.3 1099004ae1664703ec573fc4c61ffb24144bcb63
+CVE_CHECK_WHITELIST += "CVE-2023-1077"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1078
+# Patched in kernel since v6.2 f753a68980cf4b59a80fe677619da2b1804f526d
+# Backported in version v5.4.232 ba38eacade35dd2316d77b37494e6e0c01bab595
+# Backported in version v5.10.168 c53f34ec3fbf3e9f67574118a6bb35ae1146f7ca
+# Backported in version v5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba
+# Backported in version v6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3
+CVE_CHECK_WHITELIST += "CVE-2023-1078"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1079
+# Patched in kernel since v6.3 4ab3a086d10eeec1424f2e8a968827a6336203df
+# Backported in version v5.4.235 dd08e68d04d08d2f42b09162c939a0b0841216cc
+# Backported in version v5.10.173 21a2eec4a440060a6eb294dc890eaf553101ba09
+# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138
+# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e
+# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540
+CVE_CHECK_WHITELIST += "CVE-2023-1079"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1095
+# Patched in kernel since v6.0 580077855a40741cf511766129702d97ff02f4d9
+# Backported in version v5.4.211 a452bc3deb23bf93f8a13d3e24611b7ef39645dc
+# Backported in version v5.10.137 80977126bc20309f7f7bae6d8621356b393e8b41
+# Backported in version v5.15.61 8a2df34b5bf652566f2889d9fa321f3b398547ef
+# Backported in version v5.19.2 109539c9ba8497aad2948af4f09077f6a65059fe
+CVE_CHECK_WHITELIST += "CVE-2023-1095"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1118
+# Patched in kernel since v6.3 29b0589a865b6f66d141d79b2dd1373e4e50fe17
+# Backported in version v5.4.235 d120334278b370b6a1623a75ebe53b0c76cb247c
+# Backported in version v5.10.173 78da5a378bdacd5bf68c3a6389bdc1dd0c0f5b3c
+# Backported in version v5.15.99 29962c478e8b2e6a6154d8d84b8806dbe36f9c28
+# Backported in version v6.1.16 029c1410e345ce579db5c007276340d072aac54a
+# Backported in version v6.2.3 182ea492aae5b64067277e60a4ea5995c4628555
+CVE_CHECK_WHITELIST += "CVE-2023-1118"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1382
+# Patched in kernel since v6.1 a7b42969d63f47320853a802efd879fbdc4e010e
+# Backported in version v5.4.226 59f9aad22fd743572bdafa37d3e1dd5dc5658e26
+# Backported in version v5.10.157 4058e3b74ab3eabe0835cee9a0c6deda79e8a295
+# Backported in version v5.15.81 33fb115a76ae6683e34f76f7e07f6f0734b2525f
+CVE_CHECK_WHITELIST += "CVE-2023-1382"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1390
+# Patched in kernel since v5.11 b77413446408fdd256599daf00d5be72b5f3e7c6
+# Backported in version v5.4.92 56e8947bcf814d195eb4954b4821868803d3dd67
+# Backported in version v5.10.10 60b8b4e6310b7dfc551ba68e8639eeaf70a0b2dd
+CVE_CHECK_WHITELIST += "CVE-2023-1390"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1513
+# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952
+# Backported in version v5.4.232 9f95a161a7deef62d6d2f57b1a69f94e0546d8d8
+# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107
+# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8
+# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb
+CVE_CHECK_WHITELIST += "CVE-2023-1513"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1829
+# Patched in kernel since v6.3 8c710f75256bb3cf05ac7b1672c82b92c43f3d28
+# Backported in version v5.4.235 7a6fb69bbcb21e9ce13bdf18c008c268874f0480
+# Backported in version v5.10.173 18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6
+# Backported in version v5.15.100 7c183dc0af472dec33d2c0786a5e356baa8cad19
+# Backported in version v6.1.18 3abebc503a5148072052c229c6b04b329a420ecd
+# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd
+CVE_CHECK_WHITELIST += "CVE-2023-1829"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1838
+# Patched in kernel since v5.18 fb4554c2232e44d595920f4d5c66cf8f7d13f9bc
+# Backported in version v5.4.196 3a12b2c413b20c17832ec51cb836a0b713b916ac
+# Backported in version v5.10.118 ec0d801d1a44d9259377142c6218885ecd685e41
+# Backported in version v5.15.42 42d8a6dc45fc6619b8def1a70b7bd0800bcc4574
+CVE_CHECK_WHITELIST += "CVE-2023-1838"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1998
+# Patched in kernel since v6.3 6921ed9049bc7457f66c1596c5b78aec0dae4a9d
+# Backported in version v5.4.235 34c1b60e7a80404056c03936dd9c2438da2789d4
+# Backported in version v5.10.173 abfed855f05863d292de2d0ebab4656791bab9c8
+# Backported in version v5.15.99 e7f1ddebd9f5b12de40bc37db9243957678f1448
+# Backported in version v6.1.16 08d87c87d6461d16827c9b88d84c48c26b6c994a
+# Backported in version v6.2.3 ead3c8e54d28fa1d5454b1f8a21b96b4a969b1cb
+CVE_CHECK_WHITELIST += "CVE-2023-1998"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2008
+# Patched in kernel since v5.19 05b252cccb2e5c3f56119d25de684b4f810ba40a
+# Backported in version v5.4.202 c7bdaad9cbfe17c83e4f56c7bb7a2d87d944f0fb
+# Backported in version v5.10.127 20119c1e0fff89542ff3272ace87e04cf6ee6bea
+# Backported in version v5.15.51 5b45535865d62633e3816ee30eb8d3213038dc17
+CVE_CHECK_WHITELIST += "CVE-2023-2008"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2162
+# Patched in kernel since v6.2 f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3
+# Backported in version v5.4.232 d4d765f4761f9e3a2d62992f825aeee593bcb6b9
+# Backported in version v5.10.168 9758ffe1c07b86aefd7ca8e40d9a461293427ca0
+# Backported in version v5.15.93 0aaabdb900c7415caa2006ef580322f7eac5f6b6
+# Backported in version v6.1.11 61e43ebfd243bcbad11be26bd921723027b77441
+CVE_CHECK_WHITELIST += "CVE-2023-2162"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2166
+# Patched in kernel since v6.1 0acc442309a0a1b01bcdaa135e56e6398a49439c
+# Backported in version v5.4.227 3982652957e8d79ac32efcb725450580650a8644
+# Backported in version v5.10.159 c42221efb1159d6a3c89e96685ee38acdce86b6f
+# Backported in version v5.15.83 c142cba37de29f740a3852f01f59876af8ae462a
+CVE_CHECK_WHITELIST += "CVE-2023-2166"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2177
+# Patched in kernel since v5.19 181d8d2066c000ba0a0e6940a7ad80f1a0e68e9d
+# Backported in version v5.4.209 8d6dab81ee3d0309c09987ff76164a25486c43e0
+# Backported in version v5.10.135 6f3505588d66b27220f07d0cab18da380fae2e2d
+# Backported in version v5.15.59 e796e1fe20ecaf6da419ef6a5841ba181bba7a0c
+CVE_CHECK_WHITELIST += "CVE-2023-2177"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23006
+# Patched in kernel since v5.16 6b8b42585886c59a008015083282aae434349094
+# Backported in version v5.4.170 db484d35a9482d21a7f36da4dfc7a68aa2e9e1d6
+# Backported in version v5.10.90 4cd1da02f0c39606e3378c9255f17d6f85d106c7
+# Backported in version v5.15.13 4595dffccfa5b9360162c72cc0f6a33477d871cf
+CVE_CHECK_WHITELIST += "CVE-2023-23006"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23454
+# Patched in kernel since v6.2 caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12
+# Backported in version v5.4.229 6b17b84634f932f4787f04578f5d030874b9ff32
+# Backported in version v5.10.163 b2c917e510e5ddbc7896329c87d20036c8b82952
+# Backported in version v5.15.87 04dc4003e5df33fb38d3dd85568b763910c479d4
+# Backported in version v6.1.5 dc46e39b727fddc5aacc0272ef83ee872d51be16
+CVE_CHECK_WHITELIST += "CVE-2023-23454"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23455
+# Patched in kernel since v6.2 a2965c7be0522eaa18808684b7b82b248515511b
+# Backported in version v5.4.229 63e469cb54a87df53edcfd85bb5bcdd84327ae4a
+# Backported in version v5.10.163 5f65f48516bfeebaab1ccc52c8fad698ddf21282
+# Backported in version v5.15.87 f02327a4877a06cbc8277e22d4834cb189565187
+# Backported in version v6.1.5 85655c63877aeafdc23226510ea268a9fa0af807
+CVE_CHECK_WHITELIST += "CVE-2023-23455"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23559
+# Patched in kernel since v6.2 b870e73a56c4cccbec33224233eaf295839f228c
+# Backported in version v5.4.231 9042a9a3f29c942387e6d6036551d90c9ae6ce4f
+# Backported in version v5.10.166 802fd7623e9ed19ee809b503e93fccc1e3f37bd6
+# Backported in version v5.15.91 8cbf932c5c40b0c20597fa623c308d5bde0848b5
+# Backported in version v6.1.9 7794efa358bca8b8a2a80070c6e088a74945f018
+CVE_CHECK_WHITELIST += "CVE-2023-23559"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-25012
+# Patched in kernel since v6.3 76ca8da989c7d97a7f76c75d475fe95a584439d7
+# Backported in version v5.4.235 25e14bf0c894f9003247e3475372f33d9be1e424
+# Backported in version v5.10.173 fddde36316da8acb45a3cca2e5fda102f5215877
+# Backported in version v5.15.99 0fd9998052926ed24cfb30ab1a294cfeda4d0a8f
+# Backported in version v6.1.16 f2bf592ebd5077661e00aa11e12e054c4c8f6dd0
+# Backported in version v6.2.3 90289e71514e9533a9c44d694e2b492be9ed2b77
+CVE_CHECK_WHITELIST += "CVE-2023-25012"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-26545
+# Patched in kernel since v6.2 fda6c89fe3d9aca073495a664e1d5aea28cd4377
+# Backported in version v5.4.232 df099e65564aa47478eb1cacf81ba69024fb5c69
+# Backported in version v5.10.169 7ff0fdba82298d1f456c685e24930da89703c0fb
+# Backported in version v5.15.95 59a74da8da75bdfb464cbdb399e87ba4f7500e96
+# Backported in version v6.1.13 c376227845eef8f2e62e2c29c3cf2140d35dd8e8
+CVE_CHECK_WHITELIST += "CVE-2023-26545"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-28327
+# Patched in kernel since v6.1 b3abe42e94900bdd045c472f9c9be620ba5ce553
+# Backported in version v5.4.227 c66d78aee55dab72c92020ebfbebc464d4f5dd2a
+# Backported in version v5.10.159 575a6266f63dbb3b8eb1da03671451f0d81b8034
+# Backported in version v5.15.83 5c014eb0ed6c8c57f483e94cc6e90f34ce426d91
+CVE_CHECK_WHITELIST += "CVE-2023-28327"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-28328
+# Patched in kernel since v6.2 0ed554fd769a19ea8464bb83e9ac201002ef74ad
+# Backported in version v5.4.229 8b256d23361c51aa4b7fdb71176c1ca50966fb39
+# Backported in version v5.10.163 559891d430e3f3a178040c4371ed419edbfa7d65
+# Backported in version v5.15.86 210fcf64be4db82c0e190e74b5111e4eef661a7a
+# Backported in version v6.1.2 6b60cf73a931af34b7a0a3f467a79d9fe0df2d70
+CVE_CHECK_WHITELIST += "CVE-2023-28328"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-28772
+# Patched in kernel since v5.14 d3b16034a24a112bb83aeb669ac5b9b01f744bb7
+# Backported in version v5.4.133 33ab9138a13e379cf1c4ccd76b97ae2ee8c5421b
+# Backported in version v5.10.51 f9fb4986f4d81182f938d16beb4f983fe71212aa
+CVE_CHECK_WHITELIST += "CVE-2023-28772"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index e0967223b9..01eca24a00 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "f064f6017b7ce09ade0f365e1b7d776dc9e2e168"
-SRCREV_meta ?= "c7e2e528893abbebd14447510d38ded1ef98dcd2"
+SRCREV_machine ?= "c705bb899d37bbd61a87a2f850e4d6f04613a908"
+SRCREV_meta ?= "c7d5b73674d53f51772862b951d8cc56683ef04f"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.237"
+LINUX_VERSION ?= "5.4.243"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 6cdf00763b..c3d4ff4608 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.237"
+LINUX_VERSION ?= "5.4.243"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "00c3a33c0f772ff1fa8902e8fe8856131c27a9b5"
-SRCREV_machine ?= "0693cbc007cf6a7b335edb5f78542d77b048d5dd"
-SRCREV_meta ?= "c7e2e528893abbebd14447510d38ded1ef98dcd2"
+SRCREV_machine_qemuarm ?= "140d4ff6bab1e5959377d4974ade490c837ef9cc"
+SRCREV_machine ?= "66990885cd865944a093b47ee7164ef2838f75a3"
+SRCREV_meta ?= "c7d5b73674d53f51772862b951d8cc56683ef04f"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto.inc b/poky/meta/recipes-kernel/linux/linux-yocto.inc
index 0a4d528aab..2978c2fb90 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto.inc
+++ b/poky/meta/recipes-kernel/linux/linux-yocto.inc
@@ -56,3 +56,6 @@ do_install_append(){
 
 # enable kernel-sample for oeqa/runtime/cases's ksample.py test
 KERNEL_FEATURES_append_qemuall=" features/kernel-sample/kernel-sample.scc"
+
+# CVE exclusion
+include recipes-kernel/linux/cve-exclusion.inc
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index e95a044099..c361f0c701 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "981be716d817e38d2d67269aab3caaa095bd2bdd"
-SRCREV_machine_qemuarm64 ?= "32083245f7eb993b85a33a8d30bd9f41128b6147"
-SRCREV_machine_qemumips ?= "4d002b5ac3b434b21ae58ac15cd73be3ae5ef5a8"
-SRCREV_machine_qemuppc ?= "82b4b51143a6beeb49efa548494bdb5c01f336b2"
-SRCREV_machine_qemuriscv64 ?= "936721bc390034d774b28393bf61808de8899718"
-SRCREV_machine_qemux86 ?= "936721bc390034d774b28393bf61808de8899718"
-SRCREV_machine_qemux86-64 ?= "936721bc390034d774b28393bf61808de8899718"
-SRCREV_machine_qemumips64 ?= "d662d749c441de5a09bfd8870cd10e41b1e27b6b"
-SRCREV_machine ?= "936721bc390034d774b28393bf61808de8899718"
-SRCREV_meta ?= "c7e2e528893abbebd14447510d38ded1ef98dcd2"
+SRCREV_machine_qemuarm ?= "3c105623bdba36118195e9c188d728edcc00345a"
+SRCREV_machine_qemuarm64 ?= "993c666984249097d093ee71eb3dffa0844fef6c"
+SRCREV_machine_qemumips ?= "2469bc35f1c2ef5ab2e85b7b705b32e33c6350c7"
+SRCREV_machine_qemuppc ?= "98229034b888ad319d7d030d279381a671c41dc0"
+SRCREV_machine_qemuriscv64 ?= "ba7e46214a9d60247170245cc09e2e1faf6622a1"
+SRCREV_machine_qemux86 ?= "ba7e46214a9d60247170245cc09e2e1faf6622a1"
+SRCREV_machine_qemux86-64 ?= "ba7e46214a9d60247170245cc09e2e1faf6622a1"
+SRCREV_machine_qemumips64 ?= "fb1936fa93be6bfd1b18cd8568cfc5b279904fa5"
+SRCREV_machine ?= "ba7e46214a9d60247170245cc09e2e1faf6622a1"
+SRCREV_meta ?= "c7d5b73674d53f51772862b951d8cc56683ef04f"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.237"
+LINUX_VERSION ?= "5.4.243"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb
index 9c9bf1647f..91bf648caa 100644
--- a/poky/meta/recipes-kernel/perf/perf.bb
+++ b/poky/meta/recipes-kernel/perf/perf.bb
@@ -13,7 +13,7 @@ PR = "r9"
 
 PACKAGECONFIG ??= "scripting tui libunwind"
 PACKAGECONFIG[dwarf] = ",NO_DWARF=1"
-PACKAGECONFIG[scripting] = ",NO_LIBPERL=1 NO_LIBPYTHON=1,perl python3"
+PACKAGECONFIG[scripting] = ",NO_LIBPERL=1 NO_LIBPYTHON=1,perl python3 python3-setuptools-native"
 # gui support was added with kernel 3.6.35
 # since 3.10 libnewt was replaced by slang
 # to cover a wide range of kernel we add both dependencies
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch
new file mode 100644
index 0000000000..707073709a
--- /dev/null
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch
@@ -0,0 +1,136 @@
+From d4b7b3c03ee2baf0166ce49dff17ec9beff684db Mon Sep 17 00:00:00 2001
+From: Anton Khirnov <anton@khirnov.net>
+Date: Fri, 2 Sep 2022 22:21:27 +0200
+Subject: [PATCH] lavc/pthread_frame: avoid leaving stale hwaccel state in
+ worker threads
+
+This state is not refcounted, so make sure it always has a well-defined
+owner.
+
+Remove the block added in 091341f2ab5bd35ca1a2aae90503adc74f8d3523, as
+this commit also solves that issue in a more general way.
+
+(cherry picked from commit cc867f2c09d2b69cee8a0eccd62aff002cbbfe11)
+Signed-off-by: Anton Khirnov <anton@khirnov.net>
+(cherry picked from commit 35aa7e70e7ec350319e7634a30d8d8aa1e6ecdda)
+Signed-off-by: Anton Khirnov <anton@khirnov.net>
+(cherry picked from commit 3bc28e9d1ab33627cea3c632dd6b0c33e22e93ba)
+Signed-off-by: Anton Khirnov <anton@khirnov.net>
+
+CVE: CVE-2022-48434
+Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d4b7b3c03ee2baf0166ce49dff17ec9beff684db]
+Signed-off-by: Ranjitsinh Rathod ranjitsinh.rathod@kpit.com
+Comment: Hunk#6 refreshed to backport changes and other to remove patch-fuzz warnings
+---
+ libavcodec/pthread_frame.c | 46 +++++++++++++++++++++++++++++---------
+ 1 file changed, 35 insertions(+), 11 deletions(-)
+
+diff --git a/libavcodec/pthread_frame.c b/libavcodec/pthread_frame.c
+index 36ac0ac..bbc5ba6 100644
+--- a/libavcodec/pthread_frame.c
++++ b/libavcodec/pthread_frame.c
+@@ -135,6 +135,12 @@ typedef struct FrameThreadContext {
+                                     * Set for the first N packets, where N is the number of threads.
+                                     * While it is set, ff_thread_en/decode_frame won't return any results.
+                                     */
++
++    /* hwaccel state is temporarily stored here in order to transfer its ownership
++     * to the next decoding thread without the need for extra synchronization */
++    const AVHWAccel *stash_hwaccel;
++    void            *stash_hwaccel_context;
++    void            *stash_hwaccel_priv;
+ } FrameThreadContext;
+ 
+ #define THREAD_SAFE_CALLBACKS(avctx) \
+@@ -211,9 +217,17 @@ static attribute_align_arg void *frame_worker_thread(void *arg)
+             ff_thread_finish_setup(avctx);
+ 
+         if (p->hwaccel_serializing) {
++            /* wipe hwaccel state to avoid stale pointers lying around;
++             * the state was transferred to FrameThreadContext in
++             * ff_thread_finish_setup(), so nothing is leaked */
++            avctx->hwaccel                     = NULL;
++            avctx->hwaccel_context             = NULL;
++            avctx->internal->hwaccel_priv_data = NULL;
++
+             p->hwaccel_serializing = 0;
+             pthread_mutex_unlock(&p->parent->hwaccel_mutex);
+         }
++        av_assert0(!avctx->hwaccel);
+ 
+         if (p->async_serializing) {
+             p->async_serializing = 0;
+@@ -275,14 +289,10 @@ static int update_context_from_thread(AVCodecContext *dst, AVCodecContext *src,
+         dst->color_range = src->color_range;
+         dst->chroma_sample_location = src->chroma_sample_location;
+ 
+-        dst->hwaccel = src->hwaccel;
+-        dst->hwaccel_context = src->hwaccel_context;
+-
+         dst->channels       = src->channels;
+         dst->sample_rate    = src->sample_rate;
+         dst->sample_fmt     = src->sample_fmt;
+         dst->channel_layout = src->channel_layout;
+-        dst->internal->hwaccel_priv_data = src->internal->hwaccel_priv_data;
+ 
+         if (!!dst->hw_frames_ctx != !!src->hw_frames_ctx ||
+             (dst->hw_frames_ctx && dst->hw_frames_ctx->data != src->hw_frames_ctx->data)) {
+@@ -415,6 +425,12 @@ static int submit_packet(PerThreadContext *p, AVCodecContext *user_avctx,
+             pthread_mutex_unlock(&p->mutex);
+             return err;
+         }
++
++        /* transfer hwaccel state stashed from previous thread, if any */
++        av_assert0(!p->avctx->hwaccel);
++        FFSWAP(const AVHWAccel*, p->avctx->hwaccel,                     fctx->stash_hwaccel);
++        FFSWAP(void*,            p->avctx->hwaccel_context,             fctx->stash_hwaccel_context);
++        FFSWAP(void*,            p->avctx->internal->hwaccel_priv_data, fctx->stash_hwaccel_priv);
+     }
+ 
+     av_packet_unref(&p->avpkt);
+@@ -616,6 +632,14 @@ void ff_thread_finish_setup(AVCodecContext *avctx) {
+         async_lock(p->parent);
+     }
+ 
++    /* save hwaccel state for passing to the next thread;
++     * this is done here so that this worker thread can wipe its own hwaccel
++     * state after decoding, without requiring synchronization */
++    av_assert0(!p->parent->stash_hwaccel);
++    p->parent->stash_hwaccel         = avctx->hwaccel;
++    p->parent->stash_hwaccel_context = avctx->hwaccel_context;
++    p->parent->stash_hwaccel_priv    = avctx->internal->hwaccel_priv_data;
++
+     pthread_mutex_lock(&p->progress_mutex);
+     if(atomic_load(&p->state) == STATE_SETUP_FINISHED){
+         av_log(avctx, AV_LOG_WARNING, "Multiple ff_thread_finish_setup() calls\n");
+@@ -657,13 +681,6 @@ void ff_frame_thread_free(AVCodecContext *avctx, int thread_count)
+ 
+     park_frame_worker_threads(fctx, thread_count);
+ 
+-    if (fctx->prev_thread && fctx->prev_thread != fctx->threads)
+-        if (update_context_from_thread(fctx->threads->avctx, fctx->prev_thread->avctx, 0) < 0) {
+-            av_log(avctx, AV_LOG_ERROR, "Final thread update failed\n");
+-            fctx->prev_thread->avctx->internal->is_copy = fctx->threads->avctx->internal->is_copy;
+-            fctx->threads->avctx->internal->is_copy = 1;
+-        }
+-
+     for (i = 0; i < thread_count; i++) {
+         PerThreadContext *p = &fctx->threads[i];
+ 
+@@ -713,6 +730,13 @@ void ff_frame_thread_free(AVCodecContext *avctx, int thread_count)
+     pthread_mutex_destroy(&fctx->async_mutex);
+     pthread_cond_destroy(&fctx->async_cond);
+ 
++    /* if we have stashed hwaccel state, move it to the user-facing context,
++     * so it will be freed in avcodec_close() */
++    av_assert0(!avctx->hwaccel);
++    FFSWAP(const AVHWAccel*, avctx->hwaccel,                     fctx->stash_hwaccel);
++    FFSWAP(void*,            avctx->hwaccel_context,             fctx->stash_hwaccel_context);
++    FFSWAP(void*,            avctx->internal->hwaccel_priv_data, fctx->stash_hwaccel_priv);
++
+     av_freep(&avctx->internal->thread_ctx);
+ 
+     if (avctx->priv_data && avctx->codec && avctx->codec->priv_class)
+-- 
+2.25.1
+
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
index 1e000dddfa..f12052548f 100644
--- a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
@@ -32,6 +32,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
            file://CVE-2022-1475.patch \
            file://CVE-2022-3109.patch \
            file://CVE-2022-3341.patch \
+           file://CVE-2022-48434.patch \
           "
 SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3"
 SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c"
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-27534-pre1.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-27534-pre1.patch
new file mode 100644
index 0000000000..46c57afb73
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2023-27534-pre1.patch
@@ -0,0 +1,51 @@
+From 6c51adeb71da076c5c40a45e339e06bb4394a86b Mon Sep 17 00:00:00 2001
+From: Eric Vigeant <evigeant@gmail.com>
+Date: Wed, 2 Nov 2022 11:47:09 -0400
+Subject: [PATCH] cur_path: do not add '/' if homedir ends with one
+
+When using SFTP and a path relative to the user home, do not add a
+trailing '/' to the user home dir if it already ends with one.
+
+Closes #9844
+
+CVE: CVE-2023-27534
+Note:
+- The upstream patch for CVE-2023-27534 does three things:
+1) creates new path with dynbuf(dynamic buffer)
+2) solves the tilde error which causes CVE-2023-27534
+3) modifies the below added functionality to not add a trailing "/" to the user home dir if it already ends with one with dynbuf.
+- dynbuf functionalities are added in curl in later versions and are not essential to fix the vulnerability but does add extra feature in later versions.
+- This patch completes the 3rd task of the patch which was implemented without using dynbuf
+Upstream-Status: Backport from [https://github.com/curl/curl/commit/6c51adeb71da076c5c40a45e339e06bb4394a86b]
+
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ lib/curl_path.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/lib/curl_path.c b/lib/curl_path.c
+index f429634..40b92ee 100644
+--- a/lib/curl_path.c
++++ b/lib/curl_path.c
+@@ -70,10 +70,14 @@ CURLcode Curl_getworkingpath(struct connectdata *conn,
+       /* It is referenced to the home directory, so strip the
+          leading '/' */
+       memcpy(real_path, homedir, homelen);
+-      real_path[homelen] = '/';
+-      real_path[homelen + 1] = '\0';
++      /* Only add a trailing '/' if homedir does not end with one */
++      if(homelen == 0 || real_path[homelen - 1] != '/') {
++        real_path[homelen] = '/';
++        homelen++;
++        real_path[homelen] = '\0';
++      }
+       if(working_path_len > 3) {
+-        memcpy(real_path + homelen + 1, working_path + 3,
++        memcpy(real_path + homelen, working_path + 3,
+                1 + working_path_len -3);
+       }
+     }
+-- 
+2.24.4
+
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-27534.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-27534.patch
index aeeffd5fea..3ecd181290 100644
--- a/poky/meta/recipes-support/curl/curl/CVE-2023-27534.patch
+++ b/poky/meta/recipes-support/curl/curl/CVE-2023-27534.patch
@@ -3,121 +3,31 @@ From: Daniel Stenberg <daniel@haxx.se>
 Date: Thu, 9 Mar 2023 16:22:11 +0100
 Subject: [PATCH] curl_path: create the new path with dynbuf
 
+Closes #10729
+
 CVE: CVE-2023-27534
-Upstream-Status: Backport [https://github.com/curl/curl/commit/4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6]
+Note: This patch is needed to backport CVE-2023-27534
+Upstream-Status: Backport from [https://github.com/curl/curl/commit/4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6]
 
 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
 ---
- lib/curl_path.c | 71 ++++++++++++++++++++++++-------------------------
- 1 file changed, 35 insertions(+), 36 deletions(-)
+ lib/curl_path.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/lib/curl_path.c b/lib/curl_path.c
-index f429634..e17db4b 100644
+index 40b92ee..598c5dd 100644
 --- a/lib/curl_path.c
 +++ b/lib/curl_path.c
-@@ -30,6 +30,8 @@
- #include "escape.h"
- #include "memdebug.h"
- 
-+#define MAX_SSHPATH_LEN 100000 /* arbitrary */
-+
- /* figure out the path to work with in this particular request */
- CURLcode Curl_getworkingpath(struct connectdata *conn,
-                              char *homedir,  /* when SFTP is used */
-@@ -37,60 +39,57 @@ CURLcode Curl_getworkingpath(struct connectdata *conn,
-                                              real path to work with */
- {
-   struct Curl_easy *data = conn->data;
--  char *real_path = NULL;
-   char *working_path;
-   size_t working_path_len;
-+  struct dynbuf npath;
-   CURLcode result =
-     Curl_urldecode(data, data->state.up.path, 0, &working_path,
-                    &working_path_len, FALSE);
-   if(result)
-     return result;
- 
-+  /* new path to switch to in case we need to */
-+  Curl_dyn_init(&npath, MAX_SSHPATH_LEN);
-+
-   /* Check for /~/, indicating relative to the user's home directory */
--  if(conn->handler->protocol & CURLPROTO_SCP) {
--    real_path = malloc(working_path_len + 1);
--    if(real_path == NULL) {
-+  if((data->conn->handler->protocol & CURLPROTO_SCP) &&
-+     (working_path_len > 3) && (!memcmp(working_path, "/~/", 3))) {
-+    /* It is referenced to the home directory, so strip the leading '/~/' */
-+    if(Curl_dyn_addn(&npath, &working_path[3], working_path_len - 3)) {
-       free(working_path);
-       return CURLE_OUT_OF_MEMORY;
-     }
--    if((working_path_len > 3) && (!memcmp(working_path, "/~/", 3)))
--      /* It is referenced to the home directory, so strip the leading '/~/' */
--      memcpy(real_path, working_path + 3, working_path_len - 2);
--    else
--      memcpy(real_path, working_path, 1 + working_path_len);
+@@ -60,7 +60,7 @@ CURLcode Curl_getworkingpath(struct connectdata *conn,
+       memcpy(real_path, working_path, 1 + working_path_len);
    }
--  else if(conn->handler->protocol & CURLPROTO_SFTP) {
+   else if(conn->handler->protocol & CURLPROTO_SFTP) {
 -    if((working_path_len > 1) && (working_path[1] == '~')) {
--      size_t homelen = strlen(homedir);
--      real_path = malloc(homelen + working_path_len + 1);
--      if(real_path == NULL) {
--        free(working_path);
--        return CURLE_OUT_OF_MEMORY;
--      }
--      /* It is referenced to the home directory, so strip the
--         leading '/' */
--      memcpy(real_path, homedir, homelen);
--      real_path[homelen] = '/';
--      real_path[homelen + 1] = '\0';
--      if(working_path_len > 3) {
--        memcpy(real_path + homelen + 1, working_path + 3,
--               1 + working_path_len -3);
--      }
-+  else if((data->conn->handler->protocol & CURLPROTO_SFTP) &&
-+          (working_path_len > 2) && !memcmp(working_path, "/~/", 3)) {
-+    size_t len;
-+    const char *p;
-+    int copyfrom = 3;
-+    if(Curl_dyn_add(&npath, homedir)) {
-+      free(working_path);
-+      return CURLE_OUT_OF_MEMORY;
-     }
--    else {
--      real_path = malloc(working_path_len + 1);
--      if(real_path == NULL) {
--        free(working_path);
--        return CURLE_OUT_OF_MEMORY;
--      }
--      memcpy(real_path, working_path, 1 + working_path_len);
-+    /* Copy a separating '/' if homedir does not end with one */
-+    len = Curl_dyn_len(&npath);
-+    p = Curl_dyn_ptr(&npath);
-+    if(len && (p[len-1] != '/'))
-+      copyfrom = 2;
-+
-+    if(Curl_dyn_addn(&npath,
-+                     &working_path[copyfrom], working_path_len - copyfrom)) {
-+      free(working_path);
-+      return CURLE_OUT_OF_MEMORY;
-     }
-   }
- 
--  free(working_path);
-+  if(Curl_dyn_len(&npath)) {
-+    free(working_path);
- 
--  /* store the pointer for the caller to receive */
--  *path = real_path;
-+    /* store the pointer for the caller to receive */
-+    *path = Curl_dyn_ptr(&npath);
-+  }
-+  else
-+    *path = working_path;
- 
-   return CURLE_OK;
- }
++    if((working_path_len > 2) && !memcmp(working_path, "/~/", 3)) {
+       size_t homelen = strlen(homedir);
+       real_path = malloc(homelen + working_path_len + 1);
+       if(real_path == NULL) {
 -- 
-2.25.1
+2.24.4
 
diff --git a/poky/meta/recipes-support/curl/curl_7.69.1.bb b/poky/meta/recipes-support/curl/curl_7.69.1.bb
index 32d18ddb3a..13ec117099 100644
--- a/poky/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/poky/meta/recipes-support/curl/curl_7.69.1.bb
@@ -43,6 +43,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
            file://CVE-2022-35260.patch \
            file://CVE-2022-43552.patch \
            file://CVE-2023-23916.patch \
+           file://CVE-2023-27534-pre1.patch \
            file://CVE-2023-27534.patch \
            file://CVE-2023-27538.patch \
            file://CVE-2023-27533.patch \
diff --git a/poky/meta/recipes-support/libbsd/libbsd_0.10.0.bb b/poky/meta/recipes-support/libbsd/libbsd_0.10.0.bb
index 5b32b9af41..58925738cb 100644
--- a/poky/meta/recipes-support/libbsd/libbsd_0.10.0.bb
+++ b/poky/meta/recipes-support/libbsd/libbsd_0.10.0.bb
@@ -29,6 +29,12 @@ HOMEPAGE = "https://libbsd.freedesktop.org/wiki/"
 # License: public-domain-Colin-Plumb
 LICENSE = "BSD-3-Clause & BSD-4-Clause & ISC & PD"
 LICENSE_${PN} = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-dbg = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-dev = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-doc = "BSD-3-Clause & BSD-4-Clause & ISC & PD"
+LICENSE:${PN}-locale = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-src = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-staticdev = "BSD-3-Clause & ISC & PD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=2120be0173469a06ed185b688e0e1ae0"
 SECTION = "libs"
 
diff --git a/poky/scripts/lib/wic/plugins/source/bootimg-efi.py b/poky/scripts/lib/wic/plugins/source/bootimg-efi.py
index 2cfdc10ecd..05e8471116 100644
--- a/poky/scripts/lib/wic/plugins/source/bootimg-efi.py
+++ b/poky/scripts/lib/wic/plugins/source/bootimg-efi.py
@@ -277,6 +277,13 @@ class BootimgEFIPlugin(SourcePlugin):
         logger.debug("Added %d extra blocks to %s to get to %d total blocks",
                      extra_blocks, part.mountpoint, blocks)
 
+        # required for compatibility with certain devices expecting file system
+        # block count to be equal to partition block count
+        if blocks < part.fixed_size:
+            blocks = part.fixed_size
+            logger.debug("Overriding %s to %d total blocks for compatibility",
+                     part.mountpoint, blocks)
+
         # dosfs image, created by mkdosfs
         bootimg = "%s/boot.img" % cr_workdir
 
-- 
cgit v1.2.3