17 files changed, 259 insertions, 96 deletions
diff --git a/meta/recipes-connectivity/bind/bind_9.18.26.bb b/meta/recipes-connectivity/bind/bind_9.18.27.bb
index b99f92537c..98b8bb5513 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.26.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.27.bb
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
           file://0001-avoid-start-failure-with-bind-user.patch \
           "
-SRC_URI[sha256sum] = "75ffee52731e9604c849b658df29e927f1c4f01d5a71ea3ebcbeb63702cb6651"
+SRC_URI[sha256sum] = "ea3f3d8cfa2f6ae78c8722751d008f54bc17a3aed2be3f7399eb7bf5f4cda8f1"
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
 # follow the ESV versions divisible by 2
diff --git a/meta/recipes-connectivity/connman/connman-conf.bb b/meta/recipes-connectivity/connman/connman-conf.bb
index a1a0e08faa..73c54cddae 100644
--- a/meta/recipes-connectivity/connman/connman-conf.bb
+++ b/meta/recipes-connectivity/connman/connman-conf.bb
@@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;m
 SRC_URI = "file://main.conf \
          "
-S = "${WORKDIR}"
+S = "${WORKDIR}/sources"
+UNPACKDIR = "${S}"
 PACKAGE_ARCH = "${MACHINE_ARCH}"
diff --git a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
index f6150d98ec..46b3f854c5 100644
--- a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
+++ b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
@@ -28,3 +28,7 @@ RDEPENDS:${PN} = "connman"
 do_install:append() {
    install -m 0644 ${UNPACKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/
 }
+# http://errors.yoctoproject.org/Errors/Details/766926/
+# connman-client.c:200:15: error: assignment to 'GtkTreeModel *' {aka 'struct _GtkTreeModel *'} from incompatible pointer type 'GtkTreeStore *' {aka 'struct _GtkTreeStore *'} [-Wincompatible-pointer-types]
+CFLAGS += "-Wno-error=incompatible-pointer-types"
diff --git a/meta/recipes-connectivity/iproute2/iproute2_6.8.0.bb b/meta/recipes-connectivity/iproute2/iproute2_6.9.0.bb
index 68f7611943..d21885cd73 100644
--- a/meta/recipes-connectivity/iproute2/iproute2_6.8.0.bb
+++ b/meta/recipes-connectivity/iproute2/iproute2_6.9.0.bb
@@ -13,7 +13,7 @@ DEPENDS = "flex-native bison-native iptables libcap"
 SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "03a6cca3d71a908d1f15f7b495be2b8fe851f941458dc4664900d7f45fcf68ce"
+SRC_URI[sha256sum] = "2f643d09ea11a4a2a043c92e2b469b5f73228cbf241ae806760296ed0ec413d0"
 inherit update-alternatives bash-completion pkgconfig
@@ -26,6 +26,8 @@ PACKAGECONFIG[selinux] = ",,libselinux"
 IPROUTE2_MAKE_SUBDIRS = "lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc rdma', d)}"
+# This is needed with GCC-14 and musl
+CFLAGS += "-Wno-error=incompatible-pointer-types"
 # CFLAGS are computed in Makefile and reference CCOPTS
 #
 EXTRA_OEMAKE = "\
diff --git a/meta/recipes-connectivity/iw/iw_6.7.bb b/meta/recipes-connectivity/iw/iw_6.9.bb
index b46b54bc93..dc570d1124 100644
--- a/meta/recipes-connectivity/iw/iw_6.7.bb
+++ b/meta/recipes-connectivity/iw/iw_6.9.bb
@@ -14,7 +14,7 @@ SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \
           file://separate-objdir.patch \
 "
-SRC_URI[sha256sum] = "b3ef3fa85fa1177b11d3e97d6d38cdfe10ee250ca31482b581f3bd0fc79cb015"
+SRC_URI[sha256sum] = "4c3194778b175d58442907d51d1977e7270fce5cbebff0eab11c45c1da287a4b"
 inherit pkgconfig
diff --git a/meta/recipes-connectivity/kea/kea_2.4.1.bb b/meta/recipes-connectivity/kea/kea_2.4.1.bb
index 6c1e457938..19309ce314 100644
--- a/meta/recipes-connectivity/kea/kea_2.4.1.bb
+++ b/meta/recipes-connectivity/kea/kea_2.4.1.bb
@@ -38,6 +38,7 @@ DEBUG_OPTIMIZATION:append:mipsel = " -O"
 BUILD_OPTIMIZATION:remove:mipsel = " -Og"
 BUILD_OPTIMIZATION:append:mipsel = " -O"
+CXXFLAGS:remove = "-fvisibility-inlines-hidden"
 EXTRA_OECONF = "--with-boost-libs=-lboost_system \
                --with-log4cplus=${STAGING_DIR_TARGET}${prefix} \
                --with-openssl=${STAGING_DIR_TARGET}${prefix}"
diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index a4030b7b32..06ded45934 100644
--- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -5,13 +5,13 @@ SECTION = "network"
 LICENSE = "PD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
-SRCREV = "aae7c68671d225e6d35224613d5b98192b9b2ffe"
+SRCREV = "55ba955d53305df96123534488fd160ea882b4dd"
-PV = "20230416"
+PV = "20240407"
 PE = "1"
 SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main"
 S = "${WORKDIR}/git"
-inherit autotools
+inherit meson
 DEPENDS += "libxslt-native"
diff --git a/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch b/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch
deleted file mode 100644
index 8a5a300adc..0000000000
--- a/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 22b52db4842611ac31a356f023fc09595384e2ad Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Thu, 23 May 2019 18:11:22 -0700
-Subject: [PATCH] mbim: add an optional TEMP_FAILURE_RETRY macro copy
-Fixes build on musl which does not provide this macro
-Upstream-Status: Submitted [https://lists.ofono.org/pipermail/ofono/2019-May/019370.html]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
- drivers/mbimmodem/mbim-private.h | 9 +++++++++
- 1 file changed, 9 insertions(+)
-diff --git a/drivers/mbimmodem/mbim-private.h b/drivers/mbimmodem/mbim-private.h
-index e159235..51693ea 100644
--- a/drivers/mbimmodem/mbim-private.h
-+++ b/drivers/mbimmodem/mbim-private.h
-@@ -21,6 +21,15 @@
- 
- #define align_len(len, boundary) (((len)+(boundary)-1) & ~((boundary)-1))
- 
-+#ifndef TEMP_FAILURE_RETRY
-+#define TEMP_FAILURE_RETRY(expression) ({     \
-+  __typeof(expression) __result;              \
-+  do {                                        \
-+    __result = (expression);                  \
-+  } while (__result == -1 && errno == EINTR); \
-+  __result; })
-+#endif
-+
- enum mbim_control_message {
-        MBIM_OPEN_MSG = 0x1,
-        MBIM_CLOSE_MSG = 0x2,
-- 
-2.21.0
diff --git a/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch b/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch
deleted file mode 100644
index 3655b3fd66..0000000000
--- a/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 76e4054801350ebd4a44057379431a33d460ad0f Mon Sep 17 00:00:00 2001
-From: Martin Jansa <Martin.Jansa@gmail.com>
-Date: Wed, 21 Apr 2021 11:01:34 +0000
-Subject: [PATCH] mbim: Fix build with ell-0.39 by restoring unlikely macro
- from ell/util.h
-Upstream-Status: Pending
-Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
---
- drivers/mbimmodem/mbim-private.h | 4 ++++
- 1 file changed, 4 insertions(+)
-diff --git a/drivers/mbimmodem/mbim-private.h b/drivers/mbimmodem/mbim-private.h
-index 51693eae..d917312c 100644
--- a/drivers/mbimmodem/mbim-private.h
-+++ b/drivers/mbimmodem/mbim-private.h
-@@ -30,6 +30,10 @@
-   __result; })
- #endif
- 
-+/* used to be part of ell/util.h before 0.39:
-+   https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=2a682421b06e41c45098217a686157f576847021 */
-+#define unlikely(x) __builtin_expect(!!(x), 0)
-+
- enum mbim_control_message {
-        MBIM_OPEN_MSG = 0x1,
-        MBIM_CLOSE_MSG = 0x2,
diff --git a/meta/recipes-connectivity/ofono/ofono_2.4.bb b/meta/recipes-connectivity/ofono/ofono_2.7.bb
index 5e1e5f3b6a..bc1f3efd04 100644
--- a/meta/recipes-connectivity/ofono/ofono_2.4.bb
+++ b/meta/recipes-connectivity/ofono/ofono_2.7.bb
@@ -10,10 +10,8 @@ DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell"
 SRC_URI = "\
    ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
    file://ofono \
-    file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \
-    file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \
 "
-SRC_URI[sha256sum] = "93580adc1afd1890dc516efb069de0c5cdfef014415256ddfb28ab172df2d11d"
+SRC_URI[sha256sum] = "dabf6ef06b94beaad65253200abe3887046a4e722f4fe373c4264f357ae47ad3"
 inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data
@@ -30,11 +28,6 @@ PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5"
 EXTRA_OECONF += "--enable-test --enable-external-ell"
-do_configure:prepend() {
-    bbnote "Removing bundled ell from ${S}/ell to prevent including it"
-    rm -rf ${S}/ell
-}
 do_install:append() {
    install -d ${D}${sysconfdir}/init.d/
    install -m 0755 ${UNPACKDIR}/ofono ${D}${sysconfdir}/init.d/ofono
diff --git a/meta/recipes-connectivity/openssh/openssh_9.7p1.bb b/meta/recipes-connectivity/openssh/openssh_9.7p1.bb
index 36ffa49398..82da92f63f 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.7p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.7p1.bb
@@ -112,7 +112,7 @@ do_compile_ptest() {
 do_install:append () {
        if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
-                install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
+                install -D -m 0644 ${UNPACKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
                sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config
        fi
@@ -121,11 +121,11 @@ do_install:append () {
        fi
        install -d ${D}${sysconfdir}/init.d
-        install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
+        install -m 0755 ${UNPACKDIR}/init ${D}${sysconfdir}/init.d/sshd
        rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
        rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir}
        install -d ${D}/${sysconfdir}/default/volatiles
-        install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd
+        install -m 644 ${UNPACKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd
        install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir}
        # Create config files for read-only rootfs
@@ -138,8 +138,8 @@ do_install:append () {
        install -d ${D}${systemd_system_unitdir}
        if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','true','false',d)}; then
-            install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_system_unitdir}
+            install -c -m 0644 ${UNPACKDIR}/sshd.socket ${D}${systemd_system_unitdir}
-            install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_system_unitdir}
+            install -c -m 0644 ${UNPACKDIR}/sshd@.service ${D}${systemd_system_unitdir}
            sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
                    -e 's,@SBINDIR@,${sbindir},g' \
                    -e 's,@BINDIR@,${bindir},g' \
@@ -147,9 +147,9 @@ do_install:append () {
            ${D}${systemd_system_unitdir}/sshd.socket
        fi
        if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','true','false',d)}; then
-            install -c -m 0644 ${WORKDIR}/sshd.service ${D}${systemd_system_unitdir}
+            install -c -m 0644 ${UNPACKDIR}/sshd.service ${D}${systemd_system_unitdir}
        fi
-        install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir}
+        install -c -m 0644 ${UNPACKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir}
        sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
                -e 's,@SBINDIR@,${sbindir},g' \
                -e 's,@BINDIR@,${bindir},g' \
@@ -159,7 +159,7 @@ do_install:append () {
        sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
                ${D}${sysconfdir}/init.d/sshd
-        install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys
+        install -D -m 0755 ${UNPACKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys
 }
 do_install_ptest () {
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Implement-riscv_vlen_asm-for-riscv32.patch b/meta/recipes-connectivity/openssl/openssl/0001-Implement-riscv_vlen_asm-for-riscv32.patch
new file mode 100644
index 0000000000..e398d1074a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Implement-riscv_vlen_asm-for-riscv32.patch
@@ -0,0 +1,43 @@
+From 725b1530456545e8511adc9cbdd265309dffad53 Mon Sep 17 00:00:00 2001
+From: Hongren Zheng <i@zenithal.me>
+Date: Fri, 26 Apr 2024 06:03:43 +0000
+Subject: [PATCH] Implement riscv_vlen_asm for riscv32
+riscvcap.c: undefined reference to 'riscv_vlen_asm'
+Upstream-Status: Backport [https://github.com/openssl/openssl/pull/24270]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ crypto/riscv32cpuid.pl | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+diff --git a/crypto/riscv32cpuid.pl b/crypto/riscv32cpuid.pl
+index 20694e7..ac1c043 100644
+--- a/crypto/riscv32cpuid.pl
+++ b/crypto/riscv32cpuid.pl
+@@ -84,5 +84,22 @@ OPENSSL_cleanse:
+ ___
+ }
+ 
+{
+my ($ret) = ('a0');
+$code .= <<___;
+################################################################################
+# size_t riscv_vlen_asm(void)
+# Return VLEN (i.e. the length of a vector register in bits).
+.p2align 3
+.globl riscv_vlen_asm
+.type riscv_vlen_asm,\@function
+riscv_vlen_asm:
+    csrr $ret, vlenb
+    slli $ret, $ret, 3
+    ret
+.size riscv_vlen_asm,.-riscv_vlen_asm
+___
+}
+
+ print $code;
+ close STDOUT or die "error closing STDOUT: $!";
+-- 
+2.45.0
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch
new file mode 100644
index 0000000000..cdc3d0d503
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch
@@ -0,0 +1,179 @@
+From 53ea06486d296b890d565fb971b2764fcd826e7e Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Wed, 8 May 2024 15:23:45 +0200
+Subject: [PATCH] Check DSA parameters for excessive sizes before validating
+This avoids overly long computation of various validation
+checks.
+Fixes CVE-2024-4603
+Reviewed-by: Paul Dale <ppzgs1@gmail.com>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+(Merged from https://github.com/openssl/openssl/pull/24346)
+(cherry picked from commit 85ccbab216da245cf9a6503dd327072f21950d9b)
+<dropped CHANGES.md modifications as it would need backport of all previous changes>
+CVE: CVE-2024-4603
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ crypto/dsa/dsa_check.c                        | 44 ++++++++++++--
+ .../invalid/p10240_q256_too_big.pem           | 57 +++++++++++++++++++
+ 2 files changed, 97 insertions(+), 4 deletions(-)
+diff --git a/crypto/dsa/dsa_check.c b/crypto/dsa/dsa_check.c
+index 7b6d7df88f..e1375dfad9 100644
+--- a/crypto/dsa/dsa_check.c
+++ b/crypto/dsa/dsa_check.c
+@@ -19,8 +19,34 @@
+ #include "dsa_local.h"
+ #include "crypto/dsa.h"
+ 
+static int dsa_precheck_params(const DSA *dsa, int *ret)
+{
+    if (dsa->params.p == NULL || dsa->params.q == NULL) {
+        ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS);
+        *ret = FFC_CHECK_INVALID_PQ;
+        return 0;
+    }
+
+    if (BN_num_bits(dsa->params.p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
+        ERR_raise(ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE);
+        *ret = FFC_CHECK_INVALID_PQ;
+        return 0;
+    }
+
+    if (BN_num_bits(dsa->params.q) >= BN_num_bits(dsa->params.p)) {
+        ERR_raise(ERR_LIB_DSA, DSA_R_BAD_Q_VALUE);
+        *ret = FFC_CHECK_INVALID_PQ;
+        return 0;
+    }
+
+    return 1;
+}
+
+ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
+ {
+    if (!dsa_precheck_params(dsa, ret))
+        return 0;
+
+     if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK)
+         return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params,
+                                                FFC_PARAM_TYPE_DSA, ret);
+@@ -39,6 +65,9 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
+  */
+ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
+ {
+    if (!dsa_precheck_params(dsa, ret))
+        return 0;
+
+     return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret)
+            && *ret == 0;
+ }
+@@ -50,6 +79,9 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
+  */
+ int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
+ {
+    if (!dsa_precheck_params(dsa, ret))
+        return 0;
+
+     return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret)
+            && *ret == 0;
+ }
+@@ -58,8 +90,10 @@ int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)
+ {
+     *ret = 0;
+ 
+-    return (dsa->params.q != NULL
+-            && ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret));
+    if (!dsa_precheck_params(dsa, ret))
+        return 0;
+
+    return ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret);
+ }
+ 
+ /*
+@@ -72,8 +106,10 @@ int ossl_dsa_check_pairwise(const DSA *dsa)
+     BN_CTX *ctx = NULL;
+     BIGNUM *pub_key = NULL;
+ 
+-    if (dsa->params.p == NULL
+-        || dsa->params.g == NULL
+    if (!dsa_precheck_params(dsa, &ret))
+        return 0;
+
+    if (dsa->params.g == NULL
+         || dsa->priv_key == NULL
+         || dsa->pub_key == NULL)
+         return 0;
+diff --git a/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem b/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem
+new file mode 100644
+index 0000000000..e85e2953b7
+--- /dev/null
+++ b/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem
+@@ -0,0 +1,57 @@
+-----BEGIN DSA PARAMETERS-----
+MIIKLAKCBQEAym47LzPFZdbz16WvjczLKuzLtsP8yRk/exxL4bBthJhP1qOwctja
+p1586SF7gDxCMn7yWVEYdfRbFefGoq0gj1XOE917XqlbnkmZhMgxut2KbNJo/xil
+XNFUjGvKs3F413U9rAodC8f07cWHP1iTcWL+vPe6u2yilKWYYfnLWHQH+Z6aPrrF
+x/R08LI6DZ6nEsIo+hxaQnEtx+iqNTJC6Q1RIjWDqxQkFVTkJ0Y7miRDXmRdneWk
+oLrMZRpaXr5l5tSjEghh1pBgJcdyOv0lh4dlDy/alAiqE2Qlb667yHl6A9dDPlpW
+dAntpffy4LwOxfbuEhISvKjjQoBwIvYE4TBPqL0Q6bC6HgQ4+tqd9b44pQjdIQjb
+Xcjc6azheITSnPEex3OdKtKoQeRq01qCeLBpMXu1c+CTf4ApKArZvT3vZSg0hM1O
+pR71bRZrEEegDj0LH2HCgI5W6H3blOS9A0kUTddCoQXr2lsVdiPtRbPKH1gcd9FQ
+P8cGrvbakpTiC0dCczOMDaCteM1QNILlkM7ZoV6VghsKvDnFPxFsiIr5GgjasXP5
+hhbn3g7sDoq1LiTEo+IKQY28pBWx7etSOSRuXW/spnvCkivZla7lSEGljoy9QlQ2
+UZmsEQI9G3YyzgpxHvKZBK1CiZVTywdYKTZ4TYCxvqzhYhjv2bqbpjI12HRFLojB
+koyEmMSp53lldCzp158PrIanqSp2rksMR8SmmCL3FwfAp2OjqFMEglG9DT8x0WaN
+TLSkjGC6t2csMte7WyU1ekNoFDKfMjDSAz0+xIx21DEmZtYqFOg1DNPK1xYLS0pl
+RSMRRkJVN2mk/G7/1oxlB8Wb9wgi3GKUqqCYT11SnBjzq0NdoJ3E4GMedp5Lx3AZ
+4mFuRPUd4iV86tE0XDSHSFE7Y3ZkrOjD7Q/26/L53L/UH5z4HW6CHP5os7QERJjg
+c1S3x87wXWo9QXbB9b2xmf+c+aWwAAr1cviw38tru58jF3/IGyduj9H8claKQqBG
+cIOUF4aNe1hK2K3ArAOApUxr4KE+tCvrltRfiTmVFip0g9Jt1CPY3Zu7Bd4Z2ZkE
+DtSztpwa49HrWF5E9xpquvBL2U8jQ68E7Xd8Wp4orI/TIChriamBmdkgRz3H2LvN
+Ozb6+hsnEGrz3sp2RVAToSqA9ysa6nHZdfufPNtMEbQdO/k1ehmGRb0ljBRsO6b2
+rsG2eYuC8tg8eCrIkua0TGRI7g6a4K32AJdzaX6NsISaaIW+OYJuoDSscvD3oOg8
+PPEhU+zM7xJskTA+jxvPlikKx8V7MNHOCQECldJlUBwzJvqp40JvwfnDsF+8VYwd
+UaiieR3pzMzyTjpReXRmZbnRPusRcsVzxb2OhB79wmuy4UPjjQBX+7eD0rs8xxvW
+5a5q1Cjq4AvbwmmcA/wDrHDOjcbD/zodad2O1QtBWa/R4xyWea4zKsflgACE1zY9
+wW2br7+YQFekcrXkkkEzgxd6zxv8KVEDpXRZjmAM1cI5LvkoN64To4GedN8Qe/G7
+R9SZh9gnS17PTP64hK+aYqhFafMdu87q/+qLfxaSux727qE5hiW01u4nnWhACf9s
+xuOozowKqxZxkolMIyZv6Lddwy1Zv5qjCyd0DvM/1skpXWkb9kfabYC+OhjsjVhs
+0Ktfs6a5B3eixiw5x94hhIcTEcS4hmvhGUL72FiTca6ZeSERTKmNBy8CIQC9/ZUN
+uU/V5JTcnYyUGHzm7+XcZBjyGBagBj9rCmW3SQKCBQAJ/k9rb39f1cO+/3XDEMjy
+9bIEXSuS48g5RAc1UGd5nrrBQwuDxGWFyz0yvAY7LgyidZuJS21+MAp9EY7AOMmx
+TDttifNaBJYt4GZ8of166PcqTKkHQwq5uBpxeSDv/ZE8YbYfaCtLTcUC8KlO+l36
+gjJHSkdkflSsGy1yObSNDQDfVAAwQs//TjDMnuEtvlNXZllsTvFFBceXVETn10K2
+ZMmdSIJNfLnjReUKEN6PfeGqv7F4xoyGwUybEfRE4u5RmXrqCODaIjY3SNMrOq8B
+R3Ata/cCozsM1jIdIW2z+OybDJH+BYsYm2nkSZQjZS6javTYClLrntEKG/hAQwL8
+F16YLOQXpHhgiAaWnTZzANtLppB2+5qCVy5ElzKongOwT8JTjTFXOaRnqe/ngm9W
+SSbrxfDaoWUOyK9XD8Cydzpv3n4Y8nWNGayi7/yAFCU36Ri040ufgv/TZLuKacnl
++3ga3ZUpRlSigzx0kb1+KjTSWeQ8vE/psdWjvBukVEbzdUauMLyRLo/6znSVvvPX
+UGhviThE5uhrsUg+wEPFINriSHfF7JDKVhDcJnLBdaXvfN52pkF/naLBF5Rt3Gvq
+fjCxjx0Sy9Lag1hDN4dor7dzuO7wmwOS01DJW1PtNLuuH0Bbqh1kYSaQkmyXBZWX
+qo8K3nkoDM0niOtJJubOhTNrGmSaZpNXkK3Mcy9rBbdvEs5O0Jmqaax/eOdU0Yot
+B3lX+3ddOseT2ZEFjzObqTtkWuFBeBxuYNcRTsu3qMdIBsEb8URQdsTtjoIja2fK
+hreVgjK36GW70KXEl8V/vq5qjQulmqkBEjmilcDuiREKqQuyeagUOnhQaBplqVco
+4xznh5DMBMRbpGb5lHxKv4cPNi+uNAJ5i98zWUM1JRt6aXnRCuWcll1z8fRZ+5kD
+vK9FaZU3VRMK/eknEG49cGr8OuJ6ZRSaC+tKwV1y+amkSZpKPWnk2bUnQI3ApJv3
+k1e1EToeECpMUkLMDgNbpKBoz4nqMEvAAlYgw9xKNbLlQlahqTVEAmaJHh4yDMDy
+i7IZ9Wrn47IGoR7s3cvhDHUpRPeW4nsmgzj+tf5EAxemI61STZJTTWo0iaPGJxct
+9nhOOhw1I38Mvm4vkAbFH7YJ0B6QrjjYL2MbOTp5JiIh4vdOeWwNo9/y4ffyaN5+
+ADpxuuIAmcbdr6GPOhkOFFixRJa0B2eP1i032HESlLs8RB9oYtdTXdXQotnIgJGd
+Y8tSKOa1zjzeLHn3AVpRZTUW++/BxmApV3GKIeG8fsUjg/df0QRrBcdC/1uccdaG
+KKlAOwlywVn5jUlwHkTmDiTM9w5AqVVGHZ2b+4ZgQW8jnPKN0SrKf6U555D+zp7E
+x4uXoE8ojN9y8m8UKf0cTLnujH2XgZorjPfuMOt5VZEhQFMS2QaljSeni5CJJ8gk
+XtztNqfBlAtWR4V5iAHeQOfIB2YaOy8GESda89tyKraKeaez41VblpTVHTeq9IIF
+YB4cQA2PfuNaGVRGLMAgT3Dvl+mxxxeJyxnGAiUcETU/jJJt9QombiuszBlYGQ5d
+ELOSm/eQSRARV9zNSt5jaQlMSjMBqenIEM09BzYqa7jDwqoztFxNdO8bcuQPuKwa
+4z3bBZ1yYm63WFdNbQqqGEwc0OYmqg1raJ0zltgHyjFyw8IGu4g/wETs+nVQcH7D
+vKuje86bePD6kD/LH3wmkA==
+-----END DSA PARAMETERS-----
+-- 
+2.30.2
diff --git a/meta/recipes-connectivity/openssl/openssl_3.3.0.bb b/meta/recipes-connectivity/openssl/openssl_3.3.0.bb
index 66cb361baa..a361185b65 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.3.0.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.3.0.bb
@@ -12,7 +12,9 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
           file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
           file://0001-Configure-do-not-tweak-mips-cflags.patch \
           file://0001-Added-handshake-history-reporting-when-test-fails.patch \
+           file://0001-Implement-riscv_vlen_asm-for-riscv32.patch \
           file://bti.patch \
+           file://CVE-2024-4603.patch \
           "
 SRC_URI:append:class-nativesdk = " \
@@ -136,16 +138,12 @@ do_configure () {
                ;;
        esac
-        useprefix=${prefix}
-        if [ "x$useprefix" = "x" ]; then
-                useprefix=/
-        fi
        # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
        # environment variables set by bitbake. Adjust the environment variables instead.
        PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)"
        test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!"
        HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \
-        perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target
+        perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=${prefix} --openssldir=${libdir}/ssl-3 --libdir=${baselib} $target
        perl ${B}/configdata.pm --dump
 }
diff --git a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
index 0c3085d3a8..0ee47d47c2 100644
--- a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
+++ b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
@@ -11,7 +11,8 @@ SRC_URI = "file://host-peer \
 inherit allarch useradd
-S = "${WORKDIR}"
+S = "${WORKDIR}/sources"
+UNPACKDIR = "${S}"
 do_install() {
        install -d ${D}${sysconfdir}/ppp/peers
diff --git a/meta/recipes-connectivity/slirp/libslirp_git.bb b/meta/recipes-connectivity/slirp/libslirp_git.bb
index 334b786b9b..05830ce833 100644
--- a/meta/recipes-connectivity/slirp/libslirp_git.bb
+++ b/meta/recipes-connectivity/slirp/libslirp_git.bb
@@ -5,8 +5,8 @@ LICENSE = "BSD-3-Clause & MIT"
 LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bca0186b14e6b05e338e729f106db727"
 SRC_URI = "git://gitlab.freedesktop.org/slirp/libslirp.git;protocol=https;branch=master"
-SRCREV = "3ad1710a96678fe79066b1469cead4058713a1d9"
+SRCREV = "ce314e39458223c2c42245fe536fbe1bcd94e9b1"
-PV = "4.7.0"
+PV = "4.8.0"
 S = "${WORKDIR}/git"
 DEPENDS = " \
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb
index ede18a0031..db5a0eb8ce 100644
--- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb
@@ -6,8 +6,13 @@ SRC_URI = "file://dropbear_rsa_host_key \
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+S = "${WORKDIR}/sources"
+UNPACKDIR = "${S}"
 INHIBIT_DEFAULT_DEPS = "1"
+COMPATIBLE_MACHINE = "^qemu.*$"
 do_install () {
        install -d ${D}${sysconfdir}/dropbear
        install ${UNPACKDIR}/dropbear_rsa_host_key -m 0600 ${D}${sysconfdir}/dropbear/
@@ -16,4 +21,4 @@ do_install () {
        install ${UNPACKDIR}/openssh/* ${D}${sysconfdir}/ssh/
        chmod 0600 ${D}${sysconfdir}/ssh/*
        chmod 0644 ${D}${sysconfdir}/ssh/*.pub
-}
-\ No newline at end of file
+}