73 files changed, 1772 insertions, 546 deletions

diff --git a/meta-oe/recipes-support/atop/atop_2.12.1.bb b/meta-oe/recipes-support/atop/atop_2.12.1.bb
index 4ca74edbaf..d40b95ce6c 100644
--- a/meta-oe/recipes-support/atop/atop_2.12.1.bb
+++ b/meta-oe/recipes-support/atop/atop_2.12.1.bb
@@ -7,7 +7,7 @@ etc. At regular intervals, it shows system-level activity related to the CPU, \
 memory, swap, disks (including LVM) and network layers, and for every process \
 (and thread) it shows e.g. the CPU utilization, memory growth, disk \
 utilization, priority, username, state, and exit code."
-HOMEPAGE = "http://www.atoptool.nl"
+HOMEPAGE = "https://www.atoptool.nl"
 SECTION = "console/utils"
 
 LICENSE = "GPL-2.0-only"
@@ -37,7 +37,7 @@ do_compile() {
 do_install() {
     if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
         make DESTDIR=${D} VERS=${PV} SYSDPATH=${systemd_system_unitdir} \
-            PMPATHD=${systemd_unitdir}/system-sleep install
+            PMPATHD=${systemd_unitdir}/system-sleep SBINPATH=${sbindir} install
         install -d ${D}${sysconfdir}/tmpfiles.d
         install -m 644 ${UNPACKDIR}/volatiles.atop.conf ${D}${sysconfdir}/tmpfiles.d/atop.conf
         rm -f ${D}${systemd_system_unitdir}/atopacct.service
@@ -51,16 +51,19 @@ do_install() {
     # /var/log/atop will be created in runtime
     rm -rf ${D}${localstatedir}/log
     rmdir --ignore-fail-on-non-empty ${D}${localstatedir}
-
-    # remove atopacct related files
-    rm -rf ${D}${sbindir} ${D}${mandir}/man8
 }
 
 inherit systemd
 
+PACKAGES =+ "${PN}-acctd ${PN}-gpud"
+
 SYSTEMD_SERVICE:${PN} = "atop.service atopgpu.service atop-rotate.service"
 SYSTEMD_AUTO_ENABLE = "disable"
 
 FILES:${PN} += "${systemd_unitdir}/system-sleep ${systemd_system_unitdir}/atop-rotate.timer"
+FILES:${PN}-acctd += "${sbindir}/atopacctd ${mandir}/man8/atopacctd.8"
+FILES:${PN}-gpud += "${sbindir}/atopgpud ${mandir}/man8/atopgpud.8"
 
 RDEPENDS:${PN} = "procps"
+RDEPENDS:${PN}-gpud = "python3-core"
+RRECOMMENDS:${PN} = "${PN}-acctd ${PN}-gpud"
diff --git a/meta-oe/recipes-support/bmap-writer/bmap-writer_1.0.3.bb b/meta-oe/recipes-support/bmap-writer/bmap-writer_1.0.4.bb
index e08525b1c9..657ba60e1d 100644
--- a/meta-oe/recipes-support/bmap-writer/bmap-writer_1.0.3.bb
+++ b/meta-oe/recipes-support/bmap-writer/bmap-writer_1.0.4.bb
@@ -9,11 +9,14 @@ LICENSE = "GPL-3.0-only"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=e49f4652534af377a713df3d9dec60cb"
 
 SRC_URI = "git://github.com/embetrix/${BPN};branch=master;protocol=https;tag=${PV}"
-SRCREV = "991e2c4264b843f61e502712f497103472a1b6e7"
+SRCREV = "52919b145d04953a91cf846f3db3d8cee8d989ac"
 
 DEPENDS = "libtinyxml2 libarchive"
 inherit cmake pkgconfig
 
+PACKAGECONFIG ?= ""
+PACKAGECONFIG[libkcapi]  = "-DUSE_KERNEL_CRYPTO_API=ON, -DUSE_KERNEL_CRYPTO_API=OFF, libkcapi"
+
 FILES:${PN} = "${bindir}"
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-oe/recipes-support/ceres-solver/ceres-solver_2.2.0.bb b/meta-oe/recipes-support/ceres-solver/ceres-solver_2.2.0.bb
index 0a8f237180..5368bdeeb4 100644
--- a/meta-oe/recipes-support/ceres-solver/ceres-solver_2.2.0.bb
+++ b/meta-oe/recipes-support/ceres-solver/ceres-solver_2.2.0.bb
@@ -3,12 +3,11 @@ HOMEPAGE = "http://ceres-solver.org/"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=3585a26c9cd9ec0cb36a7d65542878ca"
 
-DEPENDS = "libeigen glog"
+DEPENDS = "libeigen"
 
 SRC_URI = "git://github.com/ceres-solver/ceres-solver.git;branch=master;protocol=https"
 SRCREV = "85331393dc0dff09f6fb9903ab0c4bfa3e134b01"
 
-
 inherit cmake
 
 do_configure:prepend() {
@@ -19,6 +18,14 @@ do_configure:prepend() {
     touch ${S}/.git/hooks/commit-msg 2>/dev/null || :
 }
 
+EXTRA_OECMAKE += " \
+    -DBUILD_BENCHMARKS=OFF \
+    -DBUILD_EXAMPLES=OFF \
+    -DBUILD_TESTING=OFF \
+    -DGFLAGS=OFF \
+    -DUSE_CUDA=OFF \
+"
+
 # We don't want path to eigen3 in ceres-solver RSS to be
 # used by components which use CeresConfig.cmake from their
 # own RSS
@@ -27,11 +34,12 @@ do_configure:prepend() {
 # ceres-solver/1.14-r0/packages-split/ceres-solver-dev/usr/lib/cmake/Ceres/CeresConfig.cmake:    set(glog_DIR ceres-solver/1.14-r0/recipe-sysroot/usr/lib/cmake/glog)
 SSTATE_SCAN_FILES += "*.cmake"
 
-PACKAGECONFIG ??= ""
+PACKAGECONFIG ??= "glog"
 
 # suitesparse* recipes will be in meta-ros layer
 PACKAGECONFIG[suitesparse] = "-DSUITESPARSE=ON,-DSUITESPARSE=OFF,suitesparse-config suitesparse-amd suitesparse-camd suitesparse-colamd suitesparse-ccolamd suitesparse-cholmod suitesparse-metis suitesparse-spqr"
 PACKAGECONFIG[cxsparse] = "-DCXSPARSE=ON,-DCXSPARSE=OFF,suitesparse-cxsparse"
+PACKAGECONFIG[glog] = "-DMINIGLOG=OFF,-DMINIGLOG=ON,glog"
 PACKAGECONFIG[lapack] = "-DLAPACK=ON,-DLAPACK=OFF,lapack"
 
 # Only a static library and headers are created
diff --git a/meta-oe/recipes-support/composefs/composefs/0001-mkcomposefs-use-const-char-for-memchr-return-values.patch b/meta-oe/recipes-support/composefs/composefs/0001-mkcomposefs-use-const-char-for-memchr-return-values.patch
new file mode 100644
index 0000000000..9c45d4fcc0
--- /dev/null
+++ b/meta-oe/recipes-support/composefs/composefs/0001-mkcomposefs-use-const-char-for-memchr-return-values.patch
@@ -0,0 +1,45 @@
+From 9d82303c7a3a780d481469cd8eafa016dcbff86f Mon Sep 17 00:00:00 2001
+From: Khem Raj <khem.raj@oss.qualcomm.com>
+Date: Thu, 16 Apr 2026 08:25:28 -0700
+Subject: [PATCH] mkcomposefs: use const char* for memchr return values
+
+memchr returns void*, which when assigned to char* discards the
+const qualifier of the input pointer. Cast to const char* to
+preserve const'ness.
+
+Fixes build with clang-22/glibc-2.43
+
+tools/mkcomposefs.c
+../sources/composefs-1.0.8/tools/mkcomposefs.c:413:8: error: initializing 'char *' with an expression of type 'const void *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
+  413 |         char *embedded_nul_offset = memchr(line, 0, line_len);
+      |               ^                     ~~~~~~~~~~~~~~~~~~~~~~~~~
+1 error generated.
+
+Upstream-Status: Submitted [https://github.com/composefs/composefs/pull/435]
+Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
+---
+ tools/mkcomposefs.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tools/mkcomposefs.c b/tools/mkcomposefs.c
+index 13b505d..e14d8d0 100644
+--- a/tools/mkcomposefs.c
++++ b/tools/mkcomposefs.c
+@@ -63,7 +63,7 @@ static __attribute__((format(printf, 1, 2))) char *make_error(const char *fmt, .
+ static size_t split_at(const char **start, size_t *length, char split_char,
+                       bool *partial)
+ {
+-       char *end = memchr(*start, split_char, *length);
++       const char *end = (const char*)memchr(*start, split_char, *length);
+        if (end == NULL) {
+                size_t part_len = *length;
+                *start = *start + *length;
+@@ -410,7 +410,7 @@ static char *tree_from_dump_line(dump_info *info, const char *line,
+         * We didn't document support for embedded NULs, and it only introduces
+         * ambiguity in parsing, so let's just reject this early on.
+         */
+-       char *embedded_nul_offset = memchr(line, 0, line_len);
++       const char *embedded_nul_offset = (const char*)memchr(line, 0, line_len);
+        if (embedded_nul_offset != NULL) {
+                size_t off = embedded_nul_offset - line;
+                return make_error("Invalid embedded NUL character at position %lld",
diff --git a/meta-oe/recipes-support/composefs/composefs_1.0.8.bb b/meta-oe/recipes-support/composefs/composefs_1.0.8.bb
index f2bae91f44..3450f9a339 100644
--- a/meta-oe/recipes-support/composefs/composefs_1.0.8.bb
+++ b/meta-oe/recipes-support/composefs/composefs_1.0.8.bb
@@ -14,8 +14,9 @@ LIC_FILES_CHKSUM = "\
 "
 
 SRCREV = "858ce1b38e1534c2602eb431124b5dca706bc746"
-SRC_URI = "git://github.com/containers/composefs.git;protocol=https;branch=main"
-
+SRC_URI = "git://github.com/containers/composefs.git;protocol=https;branch=main;tag=v${PV} \
+           file://0001-mkcomposefs-use-const-char-for-memchr-return-values.patch \
+          "
 
 inherit meson
 
diff --git a/meta-oe/recipes-support/crow/crow_1.3.2.bb b/meta-oe/recipes-support/crow/crow_1.3.2.bb
new file mode 100644
index 0000000000..09970fcfc2
--- /dev/null
+++ b/meta-oe/recipes-support/crow/crow_1.3.2.bb
@@ -0,0 +1,20 @@
+SUMMARY = "A Fast and Easy to use microframework for the web"
+HOMEPAGE = "https://crowcpp.org/"
+DESCRIPTION = "Crow is a C++ framework for creating HTTP or Websocket web services. \
+It uses routing similar to Python's Flask which makes it easy to use. \
+It is also extremely fast, beating multiple existing C++ frameworks as well as non-C++ frameworks."
+SECTION = "libs"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=e08502e395a6f7c037ddfe7d2915f58e"
+
+SRC_URI = "git://github.com/CrowCpp/Crow.git;protocol=https;branch=v1.3;tag=v${PV}"
+SRCREV = "f8c060c51feeca2c65828fb6f538603db4392d55"
+
+inherit cmake
+
+DEPENDS = "asio"
+
+EXTRA_OECMAKE = "\
+    -DCROW_BUILD_EXAMPLES=OFF \
+    -DCROW_BUILD_TESTS=OFF \
+"
diff --git a/meta-oe/recipes-support/enca/enca_1.19.bb b/meta-oe/recipes-support/enca/enca_1.19.bb
index 61da50ba52..395d7abe70 100644
--- a/meta-oe/recipes-support/enca/enca_1.19.bb
+++ b/meta-oe/recipes-support/enca/enca_1.19.bb
@@ -17,4 +17,6 @@ SRC_URI[sha256sum] = "4c305cc59f3e57f2cfc150a6ac511690f43633595760e1cb266bf23362
 
 inherit autotools
 
+CACHED_CONFIGUREVARS += "ac_cv_prog_cc_c23=no"
+
 EXTRA_OECONF += "MKTEMP_PROG=mktemp"
diff --git a/meta-oe/recipes-support/fastfetch/fastfetch_2.60.0.bb b/meta-oe/recipes-support/fastfetch/fastfetch_2.61.0.bb
index dbb999969b..8db0b608f1 100644
--- a/meta-oe/recipes-support/fastfetch/fastfetch_2.60.0.bb
+++ b/meta-oe/recipes-support/fastfetch/fastfetch_2.61.0.bb
@@ -10,14 +10,13 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2090e7d93df7ad5a3d41f6fb4226ac76"
 
 DEPENDS = "yyjson"
 
-SRC_URI = "git://github.com/fastfetch-cli/fastfetch.git;protocol=https;branch=dev;tag=${PV}"
-SRCREV = "06ecc9c4805794ca8d632844e64950e82a6d5f7e"
+SRC_URI = "git://github.com/fastfetch-cli/fastfetch.git;protocol=https;branch=master;tag=${PV}"
+SRCREV = "e5d600600614f5496b02907a11a7bc80c369d266"
 
 inherit cmake pkgconfig
 
 EXTRA_OECMAKE += "\
     -DENABLE_SYSTEM_YYJSON=ON \
-    -DENABLE_DIRECTX_HEADERS=OFF \
 "
 
 PACKAGECONFIG ??= "\
diff --git a/meta-oe/recipes-support/freeipmi/freeipmi_1.6.16.bb b/meta-oe/recipes-support/freeipmi/freeipmi_1.6.17.bb
index f5be870b1d..7970e0f563 100644
--- a/meta-oe/recipes-support/freeipmi/freeipmi_1.6.16.bb
+++ b/meta-oe/recipes-support/freeipmi/freeipmi_1.6.17.bb
@@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
                     file://COPYING.sunbmc;md5=c03f21cd76ff5caba6b890d1213cbfbb"
 
 SRC_URI = "${GNU_MIRROR}/freeipmi/freeipmi-${PV}.tar.gz"
-SRC_URI[sha256sum] = "5bcef6bb9eb680e49b4a3623579930ace7899f53925b2045fe9f91ad6904111d"
+SRC_URI[sha256sum] = "16783d10faa28847a795cce0bf86deeaa72b8fbe71d1f0dc1101d13a6b501ec1"
 
 DEPENDS = "libgcrypt"
 DEPENDS:append:libc-musl = " argp-standalone"
@@ -23,3 +23,4 @@ inherit pkgconfig autotools
 
 EXTRA_OECONF = "--without-random-device"
 
+CVE_STATUS[CVE-2026-33554] = "fixed-version: fixed since 1.6.17"
diff --git a/meta-oe/recipes-support/gd/gd_2.3.3.bb b/meta-oe/recipes-support/gd/gd_2.3.3.bb
index 0d7a6d34f9..062c4b4a8f 100644
--- a/meta-oe/recipes-support/gd/gd_2.3.3.bb
+++ b/meta-oe/recipes-support/gd/gd_2.3.3.bb
@@ -23,14 +23,23 @@ SRCREV = "b5319a41286107b53daa0e08e402aa1819764bdc"
 
 inherit autotools binconfig gettext pkgconfig
 
-EXTRA_OECONF += " --disable-rpath \
-                  --with-jpeg=${STAGING_LIBDIR}/.. \
-                  --with-freetype=yes \
-                  --without-fontconfig \
-                  --without-webp \
-                  --without-xpm \
-                  --without-x \
-                "
+PACKAGECONFIG ?= "jpeg freetype"
+
+PACKAGECONFIG[avif] = "--with-avif,--without-avif"
+PACKAGECONFIG[fontconfig] = "--with-fontconfig,--without-fontconfig"
+PACKAGECONFIG[freetype] = "--with-freetype,--without-freetype"
+PACKAGECONFIG[heif] = "--with-heif,--without-heif"
+PACKAGECONFIG[jpeg] = "--with-jpeg,--without-jpeg"
+PACKAGECONFIG[liq] = "--with-liq,--without-liq"
+PACKAGECONFIG[png] = "--with-png,--without-png"
+PACKAGECONFIG[raqm] = "--with-raqm,--without-raqm,libraqm"
+PACKAGECONFIG[tiff] = "--with-tiff,--without-tiff"
+PACKAGECONFIG[webp] = "--with-webp,--without-webp"
+PACKAGECONFIG[x] = "--with-x,--without-x"
+PACKAGECONFIG[xpm] = "--with-xpm,--without-xpm"
+PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib"
+
+EXTRA_OECONF += "--disable-rpath"
 
 EXTRA_OEMAKE = 'LDFLAGS="${LDFLAGS}"'
 
diff --git a/meta-oe/recipes-support/glaze/glaze_7.2.1.bb b/meta-oe/recipes-support/glaze/glaze_7.3.3.bb
index 9750253005..e733d166b2 100644
--- a/meta-oe/recipes-support/glaze/glaze_7.2.1.bb
+++ b/meta-oe/recipes-support/glaze/glaze_7.3.3.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=ea4d29875d83fbbf50485c846dbbbed8"
 
 SRC_URI = "git://github.com/stephenberry/glaze;protocol=https;branch=main;tag=v${PV}"
 
-SRCREV = "527b419fecfcc19261866dcfdf62dbf6e393970c"
+SRCREV = "dbf6caec935b768546587a413e45d033480c4483"
 
 inherit cmake
 
diff --git a/meta-oe/recipes-support/gtk-layer-shell/gtk-layer-shell_0.10.0.bb b/meta-oe/recipes-support/gtk-layer-shell/gtk-layer-shell_0.10.1.bb
index 2bfe9b0e77..46a0562d2c 100644
--- a/meta-oe/recipes-support/gtk-layer-shell/gtk-layer-shell_0.10.0.bb
+++ b/meta-oe/recipes-support/gtk-layer-shell/gtk-layer-shell_0.10.1.bb
@@ -18,7 +18,7 @@ DEPENDS += " \
 SRC_URI = " \
         git://github.com/wmww/gtk-layer-shell.git;protocol=https;branch=master;tag=v${PV} \
 "
-SRCREV = "3964966d72ea3359f4ff748081493e979c080b7e"
+SRCREV = "fd88ba666c18ff65ea786bf7b2e270d840030817"
 
 inherit meson pkgconfig features_check gobject-introspection vala
 
diff --git a/meta-oe/recipes-support/htop/files/0001-configure.ac-Remove-usr-include-libnl3.patch b/meta-oe/recipes-support/htop/files/0001-configure.ac-Remove-usr-include-libnl3.patch
index f00f3ac4db..c1f763ce17 100644
--- a/meta-oe/recipes-support/htop/files/0001-configure.ac-Remove-usr-include-libnl3.patch
+++ b/meta-oe/recipes-support/htop/files/0001-configure.ac-Remove-usr-include-libnl3.patch
@@ -1,6 +1,6 @@
-From 87d66b3b60176197e785670214b0bbc5bedd6552 Mon Sep 17 00:00:00 2001
-From: Leon Anavi <leon.anavi@konsulko.com>
-Date: Mon, 8 Dec 2025 11:06:01 +0000
+From 652b208b8c3038934fb55169f44068bbdf399b69 Mon Sep 17 00:00:00 2001
+From: Liu Yiding <liuyd.fnst@fujitsu.com>
+Date: Wed, 15 Apr 2026 01:34:56 +0000
 Subject: [PATCH] configure.ac: Remove /usr/include/libnl3
 
 Fixes:
@@ -11,40 +11,35 @@ netlink/attr.h, netlink/handlers.h, netlink/msg.h
 Upstream-Status: Inappropriate [OE-specific]
 
 Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
+
+Update for 3.5.0.
+Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
 ---
- configure.ac | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index 9f2f46b3..f3906692 100644
+index 2d174d73..ee8b29ca 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -980,14 +980,14 @@ case "$enable_delayacct" in
-          enable_delayacct=no
-       else
-          old_CFLAGS="$CFLAGS"
--         CFLAGS="$CFLAGS -I/usr/include/libnl3"
-+         CFLAGS="$CFLAGS"
-          AC_CHECK_HEADERS([netlink/attr.h netlink/handlers.h netlink/msg.h], [enable_delayacct=yes], [enable_delayacct=no])
-          CFLAGS="$old_CFLAGS"
-       fi
-       ;;
-    yes)
-       old_CFLAGS="$CFLAGS"
--      CFLAGS="$CFLAGS -I/usr/include/libnl3"
+@@ -1638,7 +1638,7 @@ case "$enable_delayacct" in
+ 
+       htop_save_CFLAGS=$CFLAGS
+       # New include path searched after what user has specified
+-      CFLAGS="$CFLAGS $LIBNL3_CFLAGS"
 +      CFLAGS="$CFLAGS"
-       AC_CHECK_HEADERS([netlink/attr.h netlink/handlers.h netlink/msg.h], [], [AC_MSG_ERROR([can not find required header files netlink/attr.h, netlink/handlers.h, netlink/msg.h])])
-       CFLAGS="$old_CFLAGS"
-       ;;
-@@ -997,7 +997,7 @@ case "$enable_delayacct" in
+       AC_CHECK_HEADERS(
+          [netlink/attr.h netlink/handlers.h netlink/msg.h],
+          [],
+@@ -1681,7 +1681,7 @@ case "$enable_delayacct" in
  esac
  if test "$enable_delayacct" = yes; then
-   AC_DEFINE([HAVE_DELAYACCT], [1], [Define if delay accounting support should be enabled.])
--  AM_CFLAGS="$AM_CFLAGS -I/usr/include/libnl3"
-+  AM_CFLAGS="$AM_CFLAGS"
+    AC_DEFINE([HAVE_DELAYACCT], [1], [Define if delay accounting support should be enabled.])
+-   AM_CFLAGS="$AM_CFLAGS $LIBNL3_CFLAGS"
++   AM_CFLAGS="$AM_CFLAGS"
  fi
  AM_CONDITIONAL([HAVE_DELAYACCT], [test "$enable_delayacct" = yes])
  
 -- 
-2.47.3
+2.43.0
 
diff --git a/meta-oe/recipes-support/htop/htop_3.4.1.bb b/meta-oe/recipes-support/htop/htop_3.5.0.bb
index e3f8a7fdb4..961a87097b 100644
--- a/meta-oe/recipes-support/htop/htop_3.4.1.bb
+++ b/meta-oe/recipes-support/htop/htop_3.5.0.bb
@@ -6,10 +6,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
 DEPENDS = "ncurses libnl"
 
-SRC_URI = "git://github.com/htop-dev/htop.git;branch=main;protocol=https \
+SRC_URI = "git://github.com/htop-dev/htop.git;branch=main;protocol=https;tag=${PV} \
            file://0001-configure.ac-Remove-usr-include-libnl3.patch \
 "
-SRCREV = "348c0a6bf4f33571835a0b6a1a0f5deb15132128"
+SRCREV = "a21f043b253a6dfa89df1ff4130fe7d2e505000f"
 
 
 inherit autotools pkgconfig
@@ -23,7 +23,7 @@ PACKAGECONFIG ??= " \
 "
 PACKAGECONFIG[unicode] = "--enable-unicode,--disable-unicode"
 PACKAGECONFIG[affinity] = "--enable-affinity,--disable-affinity,,,,hwloc"
-PACKAGECONFIG[unwind] = "--enable-unwind,--disable-unwind,libunwind"
+PACKAGECONFIG[unwind] = "--with-libunwind,--without-libunwind,libunwind"
 PACKAGECONFIG[hwloc] = "--enable-hwloc,--disable-hwloc,hwloc,,,affinity"
 PACKAGECONFIG[openvz] = "--enable-openvz,--disable-openvz"
 PACKAGECONFIG[vserver] = "--enable-vserver,--disable-vserver"
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-18.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-19.bb
index 49bf257cd3..18c23cb0d4 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-18.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-19.bb
@@ -17,7 +17,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
            file://imagemagick-ptest.sh \
 "
 
-SRCREV = "d4e4b2b35a573fb7d96bc64ff1a417415bbe0f4c"
+SRCREV = "9fbd2b79450e930edb95e8158d412e57a7b27e83"
 
 inherit autotools pkgconfig update-alternatives ptest
 export ac_cv_sys_file_offset_bits = "64"
diff --git a/meta-oe/recipes-support/jsoncons/jsoncons_1.5.0.bb b/meta-oe/recipes-support/jsoncons/jsoncons_1.6.0.bb
index 1321f824ee..64860c06dd 100644
--- a/meta-oe/recipes-support/jsoncons/jsoncons_1.5.0.bb
+++ b/meta-oe/recipes-support/jsoncons/jsoncons_1.6.0.bb
@@ -5,7 +5,7 @@ LICENSE = "BSL-1.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=6ee7f7ed2001e4cde4679fdb8926f820"
 
 SRC_URI = "git://github.com/danielaparker/jsoncons.git;protocol=https;branch=master;tag=v${PV}"
-SRCREV = "95a220dff2d927f15e1fe0c7dac2821b7134e4c9"
+SRCREV = "128553c8d1b222c30819656d123590accb60689d"
 
 
 inherit cmake
diff --git a/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch
new file mode 100644
index 0000000000..2ed8e9f587
--- /dev/null
+++ b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch
@@ -0,0 +1,28 @@
+From c83cfcd249d06950a307cee8d1e22b7f6a78a8a7 Mon Sep 17 00:00:00 2001
+From: Marti Maria <marti.maria@littlecms.com>
+Date: Thu, 19 Feb 2026 09:07:20 +0100
+Subject: [PATCH] Fix integer overflow in CubeSize()
+
+Thanks to @zerojackyi for reporting
+
+CVE: CVE-2026-41254
+Upstream-Status: Backport [https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/cmslut.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/cmslut.c b/src/cmslut.c
+index 1089148..b245209 100644
+--- a/src/cmslut.c
++++ b/src/cmslut.c
+@@ -460,7 +460,8 @@ void EvaluateCLUTfloatIn16(const cmsFloat32Number In[], cmsFloat32Number Out[],
+ static
+ cmsUInt32Number CubeSize(const cmsUInt32Number Dims[], cmsUInt32Number b)
+ {
+-    cmsUInt32Number rv, dim;
++    cmsUInt32Number dim;
++    cmsUInt64Number rv;
+ 
+     _cmsAssert(Dims != NULL);
+ 
diff --git a/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch
new file mode 100644
index 0000000000..be8c759a6f
--- /dev/null
+++ b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch
@@ -0,0 +1,34 @@
+From f5994aea02d5620f3182cafdcf116ffe9d6c9fd2 Mon Sep 17 00:00:00 2001
+From: Marti Maria <marti.maria@littlecms.com>
+Date: Thu, 12 Mar 2026 22:57:35 +0100
+Subject: [PATCH] check for overflow
+
+Thanks to Guanni Qu for detecting & reporting the issue
+
+CVE: CVE-2026-41254
+Upstream-Status: Backport [https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/cmslut.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/cmslut.c b/src/cmslut.c
+index b245209..c1dbb32 100644
+--- a/src/cmslut.c
++++ b/src/cmslut.c
+@@ -468,12 +468,12 @@ cmsUInt32Number CubeSize(const cmsUInt32Number Dims[], cmsUInt32Number b)
+     for (rv = 1; b > 0; b--) {
+ 
+         dim = Dims[b-1];
+-        if (dim <= 1) return 0;  // Error
+-
+-        rv *= dim;
++        if (dim <= 1) return 0;  
+ 
+         // Check for overflow
+         if (rv > UINT_MAX / dim) return 0;
++
++        rv *= dim;
+     }
+ 
+     // Again, prevent overflow
diff --git a/meta-oe/recipes-support/lcms/lcms_2.18.bb b/meta-oe/recipes-support/lcms/lcms_2.18.bb
index 79e4a6f694..1ff3b3908f 100644
--- a/meta-oe/recipes-support/lcms/lcms_2.18.bb
+++ b/meta-oe/recipes-support/lcms/lcms_2.18.bb
@@ -3,7 +3,10 @@ SECTION = "libs"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=e9ce323c4b71c943a785db90142b228a"
 
-SRC_URI = "${SOURCEFORGE_MIRROR}/lcms/lcms2-${PV}.tar.gz"
+SRC_URI = "${SOURCEFORGE_MIRROR}/lcms/lcms2-${PV}.tar.gz \
+           file://CVE-2026-41254_1.patch \
+           file://CVE-2026-41254_2.patch \
+           "
 SRC_URI[sha256sum] = "ee67be3566f459362c1ee094fde2c159d33fa0390aa4ed5f5af676f9e5004347"
 
 DEPENDS = "tiff"
diff --git a/meta-oe/recipes-support/libcanberra/libcanberra_0.30-19.bb b/meta-oe/recipes-support/libcanberra/libcanberra_0.30-20.bb
index 2c063fd995..2f10a10931 100644
--- a/meta-oe/recipes-support/libcanberra/libcanberra_0.30-19.bb
+++ b/meta-oe/recipes-support/libcanberra/libcanberra_0.30-20.bb
@@ -12,13 +12,14 @@ SRC_URI = " \
     git://salsa.debian.org/gnome-team/libcanberra;protocol=https;branch=debian/latest;tag=debian/${PV} \
     file://0001-Determine-audio-buffer-size-for-a-time-of-500ms.patch \
 "
-SRCREV = "d1ed1ac0c9950ed3908c04abb7c4a6de5c51ed94"
+SRCREV = "47d67f43c58af36143060888fc8e69a9cb0eddea"
 
 EXTRA_OECONF = "\
     --enable-null \
     --disable-oss \
     --disable-tdb \
     --disable-lynx \
+    --disable-gtk-doc \
 "
 
 PACKAGECONFIG ??= " \
diff --git a/meta-oe/recipes-support/libgpiod/libgpiod-2.x/0001-tools-tests-remove-SIGINT-test-cases.patch b/meta-oe/recipes-support/libgpiod/libgpiod-2.x/0001-tools-tests-remove-SIGINT-test-cases.patch
deleted file mode 100644
index 7fe06b9882..0000000000
--- a/meta-oe/recipes-support/libgpiod/libgpiod-2.x/0001-tools-tests-remove-SIGINT-test-cases.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From 3c38c5f9ab49384039f35408656a88f87619dd03 Mon Sep 17 00:00:00 2001
-From: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
-Date: Wed, 18 Mar 2026 14:07:06 +0100
-Subject: [libgpiod][PATCH] tools: tests: remove SIGINT test cases
-
-In coreutils v9.10 (specifically with commit 8c2461933411 ("timeout:
-honor ignored signal dispositions")) the behavior of timeout changed and
-it will no longer propagate SIGINT or SIGQUIT in shell background jobs.
-This breaks the test cases checking the behavior of tools after SIGINT.
-We have to assume that if exit after SIGTERM works, then so does it
-after SIGINT and remove the failing tests.
-
-Upstream-Status: Submitted [https://lore.kernel.org/all/20260318131413.56575-1-bartosz.golaszewski@oss.qualcomm.com/]
-Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
----
- tools/gpio-tools-test.bash | 37 -------------------------------------
- 1 file changed, 37 deletions(-)
-
-diff --git a/tools/gpio-tools-test.bash b/tools/gpio-tools-test.bash
-index 71d6e3d..62f6836 100755
---- a/tools/gpio-tools-test.bash
-+++ b/tools/gpio-tools-test.bash
-@@ -1415,17 +1415,6 @@ test_gpioset_with_lines_strictly_by_name() {
-        gpiosim_check_value sim0 6 0
- }
- 
--test_gpioset_interactive_after_SIGINT() {
--       gpiosim_chip sim0 num_lines=8 line_name=1:foo
--
--       dut_run gpioset -i foo=1
--
--       dut_kill -SIGINT
--       dut_wait
--
--       status_is 130
--}
--
- test_gpioset_interactive_after_SIGTERM() {
-        gpiosim_chip sim0 num_lines=8 line_name=1:foo
- 
-@@ -1907,20 +1896,6 @@ test_gpiomon_multiple_lines_across_multiple_chips() {
-        assert_fail dut_readable
- }
- 
--test_gpiomon_exit_after_SIGINT() {
--       gpiosim_chip sim0 num_lines=8
--
--       local sim0=${GPIOSIM_CHIP_NAME[sim0]}
--
--       dut_run gpiomon --banner --chip "$sim0" 4
--       dut_regex_match "Monitoring line .*"
--
--       dut_kill -SIGINT
--       dut_wait
--
--       status_is 130
--}
--
- test_gpiomon_exit_after_SIGTERM() {
-        gpiosim_chip sim0 num_lines=8
- 
-@@ -2503,18 +2478,6 @@ test_gpionotify_multiple_lines_across_multiple_chips() {
-        assert_fail dut_readable
- }
- 
--test_gpionotify_exit_after_SIGINT() {
--       gpiosim_chip sim0 num_lines=8
--
--       dut_run gpionotify --banner --chip "${GPIOSIM_CHIP_NAME[sim0]}" 4
--       dut_regex_match "Watching line .*"
--
--       dut_kill -SIGINT
--       dut_wait
--
--       status_is 130
--}
--
- test_gpionotify_exit_after_SIGTERM() {
-        gpiosim_chip sim0 num_lines=8
- 
--- 
-2.47.3
-
diff --git a/meta-oe/recipes-support/libgpiod/libgpiod_2.2.3.bb b/meta-oe/recipes-support/libgpiod/libgpiod_2.2.4.bb
index 38829a620f..2c8d9f1873 100644
--- a/meta-oe/recipes-support/libgpiod/libgpiod_2.2.3.bb
+++ b/meta-oe/recipes-support/libgpiod/libgpiod_2.2.4.bb
@@ -13,10 +13,9 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}-2.x:"
 
 SRC_URI += " \
     file://gpio-manager.init \
-    file://0001-tools-tests-remove-SIGINT-test-cases.patch \
 "
 
-SRC_URI[sha256sum] = "70012b0262e4b90f140431efa841ca89643b02ea6c09f507e23cec664a51b71a"
+SRC_URI[sha256sum] = "13207176b0eb9b3e0f02552d5f49f5a6a449343ce47416158bb484d9d3019592"
 
 # Enable all project features for ptest
 PACKAGECONFIG[tests] = " \
diff --git a/meta-oe/recipes-support/libgusb/libgusb_0.4.9.bb b/meta-oe/recipes-support/libgusb/libgusb_0.4.9.bb
index 9007574fc6..25750247f8 100644
--- a/meta-oe/recipes-support/libgusb/libgusb_0.4.9.bb
+++ b/meta-oe/recipes-support/libgusb/libgusb_0.4.9.bb
@@ -10,7 +10,7 @@ inherit meson gobject-introspection gi-docgen gettext vala pkgconfig
 PACKAGECONFIG:class-target ??= "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'vapi', '', d)}"
 PACKAGECONFIG[vapi] = "-Dvapi=true,-Dvapi=false"
 
-EXTRA_OEMESON:class-native += "-Dtests=false  -Dintrospection=false"
+EXTRA_OEMESON:class-native = "-Dtests=false  -Dintrospection=false"
 
 GIDOCGEN_MESON_OPTION = 'docs'
 
diff --git a/meta-oe/recipes-support/libharu/libharu_2.4.5.bb b/meta-oe/recipes-support/libharu/libharu_2.4.6.bb
index 0ad4bd92c0..714cccbc3c 100644
--- a/meta-oe/recipes-support/libharu/libharu_2.4.5.bb
+++ b/meta-oe/recipes-support/libharu/libharu_2.4.6.bb
@@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=924546dab2bef90e370d7c0c090ddcf0"
 
 DEPENDS += "libpng zlib"
 
-SRC_URI = "git://github.com/libharu/libharu.git;branch=master;protocol=https"
-SRCREV = "8fe5a738541a04642885fb7a75b2b5b9c5b416fa"
+SRC_URI = "git://github.com/libharu/libharu.git;branch=master;protocol=https;tag=v${PV}"
+SRCREV = "3467749fd1c0ab6ca6ed424d053b1ea53c1bf67c"
 
 
 inherit cmake
diff --git a/meta-oe/recipes-support/liboauth2/liboauth2/0001-build-guard-coverage-linker-flag-behind-CODE_COVERAG.patch b/meta-oe/recipes-support/liboauth2/liboauth2/0001-build-guard-coverage-linker-flag-behind-CODE_COVERAG.patch
new file mode 100644
index 0000000000..f234cbd50b
--- /dev/null
+++ b/meta-oe/recipes-support/liboauth2/liboauth2/0001-build-guard-coverage-linker-flag-behind-CODE_COVERAG.patch
@@ -0,0 +1,33 @@
+From 7c70315f7f6b4305d761804fb03f8f90ad7572eb Mon Sep 17 00:00:00 2001
+From: Khem Raj <khem.raj@oss.qualcomm.com>
+Date: Fri, 17 Apr 2026 14:01:46 -0700
+Subject: [PATCH] build: guard --coverage linker flag behind
+ CODE_COVERAGE_ENABLED
+
+AM_LDFLAGS passes --coverage to the linker unconditionally,
+it causes coverage instrumentation to be enabled even when
+configured with --disable-code-coverage. Wrap it in the
+automake conditional provided by AX_CODE_COVERAGE.
+
+Upstream-Status: Submitted [https://github.com/OpenIDC/liboauth2/pull/74]
+Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
+---
+ Makefile.am | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index a079dcc..a3f991d 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -8,7 +8,10 @@ EXTRA_DIST = autogen.sh ChangeLog README.md LICENSE
+
+ AM_CPPFLAGS = -Wall -Werror -Wno-error=deprecated-declarations -I${srcdir}/include -I${srcdir}/src @JANSSON_CFLAGS@ @OPENSSL_CFLAGS@
+ AM_CPPFLAGS += $(CODE_COVERAGE_CPPFLAGS) $(CODE_COVERAGE_CFLAGS)
+-AM_LDFLAGS = --coverage
++AM_LDFLAGS =
++if CODE_COVERAGE_ENABLED
++AM_LDFLAGS += --coverage
++endif
+
+ LDADD = @JANSSON_LIBS@ @OPENSSL_LIBS@
+ LDADD += $(CODE_COVERAGE_LIBS)
diff --git a/meta-oe/recipes-support/liboauth2/liboauth2_2.2.0.bb b/meta-oe/recipes-support/liboauth2/liboauth2_2.2.0.bb
index 5b1ecd23dd..83825c69a5 100644
--- a/meta-oe/recipes-support/liboauth2/liboauth2_2.2.0.bb
+++ b/meta-oe/recipes-support/liboauth2/liboauth2_2.2.0.bb
@@ -7,6 +7,7 @@ SRC_URI = " \
     git://github.com/OpenIDC/liboauth2;protocol=https;branch=master;tag=v${PV} \
     file://0001-fix-clang-curl_easy_setopt-takes-a-long-not-an-int.patch \
     file://0002-Fix-use-of-strchr-with-new-GCC.patch \
+    file://0001-build-guard-coverage-linker-flag-behind-CODE_COVERAG.patch \
     "
 
 SRCREV = "12571b6d6568c2db7d5f080f60ecb55795c0db19"
@@ -20,4 +21,4 @@ PACKAGECONFIG[memcache] = "--with-memcache,--without-memcache,libmemcached"
 PACKAGECONFIG[redis] = "--with-redis,--without-redis,hiredis"
 PACKAGECONFIG[jq] = "--with-jq,--without-jq,jq"
 PACKAGECONFIG[apache] = "--with-apache,--without-apache,apache2"
-
+PACKAGECONFIG[ccov] = "--enable-code-coverage,--disable-code-coverage,"
diff --git a/meta-oe/recipes-support/libraw/libraw_0.21.4.bb b/meta-oe/recipes-support/libraw/libraw_0.21.4.bb
deleted file mode 100644
index ef0a0255d9..0000000000
--- a/meta-oe/recipes-support/libraw/libraw_0.21.4.bb
+++ /dev/null
@@ -1,10 +0,0 @@
-SUMMARY = "raw image decoder"
-LICENSE = "LGPL-2.1-only | CDDL-1.0"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=1501ae0aa3c8544e63f08d6f7bf88a6f"
-
-SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=0.21-stable;protocol=https;tag=${PV}"
-SRCREV = "9646d776c7c61976080a8f2be67928df0750493e"
-
-inherit autotools pkgconfig
-
-DEPENDS = "jpeg jasper lcms"
diff --git a/meta-oe/recipes-support/libraw/libraw_0.22.1.bb b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb
new file mode 100644
index 0000000000..e99f0e46b6
--- /dev/null
+++ b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb
@@ -0,0 +1,17 @@
+SUMMARY = "raw image decoder"
+LICENSE = "LGPL-2.1-only | CDDL-1.0"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=1d66195044cfbe4327c055d1c9c1a229"
+
+SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=0.22-stable;protocol=https;tag=${PV}"
+SRCREV = "b860248a89d9082b8e0a1e202e516f46af9adb29"
+
+inherit autotools pkgconfig
+
+DEPENDS = "jpeg jasper lcms"
+
+CVE_STATUS[CVE-2026-5318] = "fixed-version: fixed since 0.22.1"
+CVE_STATUS[CVE-2026-5342] = "fixed-version: fixed since 0.22.1"
+CVE_STATUS[CVE-2026-20884] = "fixed-version: fixed since 0.22.1"
+CVE_STATUS[CVE-2026-24450] = "fixed-version: fixed since 0.22.1"
+CVE_STATUS[CVE-2026-20911] = "fixed-version: fixed since 0.22.1"
+CVE_STATUS[CVE-2026-21413] = "fixed-version: fixed since 0.22.1"
diff --git a/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb b/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb
index 85eac33369..99d0939b34 100644
--- a/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb
+++ b/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb
@@ -20,6 +20,9 @@ UPSTREAM_CHECK_REGEX = "${BPN}-(?P<pver>\d+(\.\d+)+)"
 DEPENDS += "bison-native flex-native wget-native gawk-native"
 
 inherit autotools-brokensep update-alternatives
+
+CACHED_CONFIGUREVARS += "ac_cv_prog_cc_c23=no"
+
 ALTERNATIVE_PRIORITY = "50"
 ALTERNATIVE:${PN}-yang = " ietf-interfaces ietf-netconf-acm ietf-netconf-with-defaults ietf-netconf"
 ALTERNATIVE_LINK_NAME[ietf-interfaces] = "${datadir}/yang/ietf-interfaces.yang"
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch
new file mode 100644
index 0000000000..7815dba55a
--- /dev/null
+++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch
@@ -0,0 +1,52 @@
+From d6028a6e6a8417b7fb6c89f6c10fb94781435ee6 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 4 Feb 2026 15:08:50 +0800
+Subject: [PATCH] Reject duplicate Host headers (for libsoup 2)
+
+This is a simplified version of my patch for libsoup 3:
+
+!491
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/d3db5a6f8f03e1f0133754872877c92c0284c472]
+CVE: CVE-2025-14523
+
+This patch is a MR for branch 2-74, but not merged yet, maybe it will
+not be merged.
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-headers.c         | 3 +++
+ libsoup/soup-message-headers.c | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index ea2f986..6cd3dad 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -138,6 +138,9 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+                for (p = strchr (value, '\r'); p; p = strchr (p, '\r'))
+                        *p = ' ';
+ 
++               if (g_ascii_strcasecmp (name, "Host") == 0 && soup_message_headers_get_one (dest, "Host"))
++                       goto done;
++
+                soup_message_headers_append (dest, name, value);
+         }
+        success = TRUE;
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index f612bff..bb20bbb 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -220,6 +220,9 @@ soup_message_headers_append (SoupMessageHeaders *hdrs,
+        }
+ #endif
+ 
++       if (g_ascii_strcasecmp (name, "Host") == 0 && soup_message_headers_get_one (hdrs, "Host"))
++               return;
++
+        header.name = intern_header_name (name, &setter);
+        header.value = g_strdup (value);
+        g_array_append_val (hdrs->array, header);
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-1.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-1.patch
new file mode 100644
index 0000000000..64e87cb1ec
--- /dev/null
+++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-1.patch
@@ -0,0 +1,229 @@
+From c574e659c41c18fad3973bbaa3b3ec75664b3137 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 5 Feb 2026 16:20:02 +0800
+Subject: [PATCH 1/2] websocket: add a way to restrict the total message size
+
+Otherwise a client could send small packages smaller than
+total-incoming-payload-size but still to break the server
+with a big allocation
+
+Fixes: #390
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/db87805ab565d67533dfed2cb409dbfd63c7fdce]
+CVE: CVE-2025-32049
+
+libsoup2 is not maintained, the patch is backported from libsoup3, and
+change accordingly
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-websocket-connection.c | 104 ++++++++++++++++++++++++++--
+ libsoup/soup-websocket-connection.h |   7 ++
+ 2 files changed, 107 insertions(+), 4 deletions(-)
+
+diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
+index 9d5f4f8..3dad477 100644
+--- a/libsoup/soup-websocket-connection.c
++++ b/libsoup/soup-websocket-connection.c
+@@ -85,7 +85,8 @@ enum {
+        PROP_STATE,
+        PROP_MAX_INCOMING_PAYLOAD_SIZE,
+        PROP_KEEPALIVE_INTERVAL,
+-       PROP_EXTENSIONS
++       PROP_EXTENSIONS,
++       PROP_MAX_TOTAL_MESSAGE_SIZE,
+ };
+ 
+ enum {
+@@ -120,6 +121,7 @@ struct _SoupWebsocketConnectionPrivate {
+        char *origin;
+        char *protocol;
+        guint64 max_incoming_payload_size;
++       guint64 max_total_message_size;
+        guint keepalive_interval;
+ 
+        gushort peer_close_code;
+@@ -152,6 +154,7 @@ struct _SoupWebsocketConnectionPrivate {
+ };
+ 
+ #define MAX_INCOMING_PAYLOAD_SIZE_DEFAULT   128 * 1024
++#define MAX_TOTAL_MESSAGE_SIZE_DEFAULT   128 * 1024
+ #define READ_BUFFER_SIZE 1024
+ #define MASK_LENGTH 4
+ 
+@@ -664,7 +667,7 @@ bad_data_error_and_close (SoupWebsocketConnection *self)
+ }
+ 
+ static void
+-too_big_error_and_close (SoupWebsocketConnection *self,
++too_big_incoming_payload_error_and_close (SoupWebsocketConnection *self,
+                          guint64 payload_len)
+ {
+        GError *error;
+@@ -680,6 +683,23 @@ too_big_error_and_close (SoupWebsocketConnection *self,
+        emit_error_and_close (self, error, TRUE);
+ }
+ 
++static void
++too_big_message_error_and_close (SoupWebsocketConnection *self,
++                                 guint64 len)
++{
++       GError *error;
++
++       error = g_error_new_literal (SOUP_WEBSOCKET_ERROR,
++                                    SOUP_WEBSOCKET_CLOSE_TOO_BIG,
++                                    self->pv->connection_type == SOUP_WEBSOCKET_CONNECTION_SERVER ?
++                                    "Received WebSocket payload from the client larger than configured max-total-message-size" :
++                                    "Received WebSocket payload from the server larger than configured max-total-message-size");
++       g_debug ("%s received message of size %" G_GUINT64_FORMAT " or greater, but max supported size is %" G_GUINT64_FORMAT,
++                self->pv->connection_type == SOUP_WEBSOCKET_CONNECTION_SERVER ? "server" : "client",
++                len, self->pv->max_total_message_size);
++       emit_error_and_close (self, error, TRUE);
++}
++
+ static void
+ close_connection (SoupWebsocketConnection *self,
+                   gushort                  code,
+@@ -913,6 +933,12 @@ process_contents (SoupWebsocketConnection *self,
+                switch (pv->message_opcode) {
+                case 0x01:
+                case 0x02:
++                       /* Safety valve */
++                       if (pv->max_total_message_size > 0 &&
++                           (pv->message_data->len + payload_len) > pv->max_total_message_size) {
++                               too_big_message_error_and_close (self, (pv->message_data->len + payload_len));
++                               return;
++                       }
+                        g_byte_array_append (pv->message_data, payload, payload_len);
+                        break;
+                default:
+@@ -1050,7 +1076,7 @@ process_frame (SoupWebsocketConnection *self)
+        /* Safety valve */
+        if (self->pv->max_incoming_payload_size > 0 &&
+            payload_len >= self->pv->max_incoming_payload_size) {
+-               too_big_error_and_close (self, payload_len);
++               too_big_incoming_payload_error_and_close (self, payload_len);
+                return FALSE;
+        }
+ 
+@@ -1357,6 +1383,10 @@ soup_websocket_connection_get_property (GObject *object,
+                g_value_set_pointer (value, pv->extensions);
+                break;
+ 
++       case PROP_MAX_TOTAL_MESSAGE_SIZE:
++               g_value_set_uint64 (value, pv->max_total_message_size);
++               break;
++
+        default:
+                G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+                break;
+@@ -1410,6 +1440,10 @@ soup_websocket_connection_set_property (GObject *object,
+                pv->extensions = g_value_get_pointer (value);
+                break;
+ 
++       case PROP_MAX_TOTAL_MESSAGE_SIZE:
++               pv->max_total_message_size = g_value_get_uint64 (value);
++               break;
++
+        default:
+                G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+                break;
+@@ -1631,7 +1665,24 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass)
+                                                                G_PARAM_READWRITE |
+                                                                G_PARAM_CONSTRUCT_ONLY |
+                                                                G_PARAM_STATIC_STRINGS));
+-
++       /**
++        * SoupWebsocketConnection:max-total-message-size:
++        *
++        * The total message size for incoming packets.
++        *
++        * The protocol expects or 0 to not limit it.
++        *
++        */
++       g_object_class_install_property (gobject_class, PROP_MAX_TOTAL_MESSAGE_SIZE,
++                                       g_param_spec_uint64 ("max-total-message-size",
++                                                            "Max total message size",
++                                                            "Max total message size ",
++                                                            0,
++                                                            G_MAXUINT64,
++                                                            MAX_TOTAL_MESSAGE_SIZE_DEFAULT,
++                                                            G_PARAM_READWRITE |
++                                                            G_PARAM_CONSTRUCT |
++                                                            G_PARAM_STATIC_STRINGS));
+        /**
+         * SoupWebsocketConnection::message:
+         * @self: the WebSocket
+@@ -2145,6 +2196,51 @@ soup_websocket_connection_set_max_incoming_payload_size (SoupWebsocketConnection
+        }
+ }
+ 
++/**
++ * soup_websocket_connection_get_max_total_message_size:
++ * @self: the WebSocket
++ *
++ * Gets the maximum total message size allowed for packets.
++ *
++ * Returns: the maximum total message size.
++ *
++ */
++guint64
++soup_websocket_connection_get_max_total_message_size (SoupWebsocketConnection *self)
++{
++   SoupWebsocketConnectionPrivate *pv;
++
++   g_return_val_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self), MAX_TOTAL_MESSAGE_SIZE_DEFAULT);
++   pv = self->pv;
++
++   return pv->max_total_message_size;
++}
++
++/**
++ * soup_websocket_connection_set_max_total_message_size:
++ * @self: the WebSocket
++ * @max_total_message_size: the maximum total message size
++ *
++ * Sets the maximum total message size allowed for packets.
++ *
++ * It does not limit the outgoing packet size.
++ *
++ */
++void
++soup_websocket_connection_set_max_total_message_size (SoupWebsocketConnection *self,
++                                                      guint64                  max_total_message_size)
++{
++   SoupWebsocketConnectionPrivate *pv;
++
++   g_return_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self));
++   pv = self->pv;
++
++   if (pv->max_total_message_size != max_total_message_size) {
++       pv->max_total_message_size = max_total_message_size;
++       g_object_notify (G_OBJECT (self), "max-total-message-size");
++   }
++}
++
+ /**
+  * soup_websocket_connection_get_keepalive_interval:
+  * @self: the WebSocket
+diff --git a/libsoup/soup-websocket-connection.h b/libsoup/soup-websocket-connection.h
+index f82d723..d2a60e9 100644
+--- a/libsoup/soup-websocket-connection.h
++++ b/libsoup/soup-websocket-connection.h
+@@ -136,6 +136,13 @@ SOUP_AVAILABLE_IN_2_58
+ void                soup_websocket_connection_set_keepalive_interval (SoupWebsocketConnection *self,
+                                                                       guint                    interval);
+ 
++SOUP_AVAILABLE_IN_2_72
++guint64             soup_websocket_connection_get_max_total_message_size    (SoupWebsocketConnection *self);
++
++SOUP_AVAILABLE_IN_2_72
++void                soup_websocket_connection_set_max_total_message_size    (SoupWebsocketConnection *self,
++                                                                             guint64                  max_total_message_size);
++
+ G_END_DECLS
+ 
+ #endif /* __SOUP_WEBSOCKET_CONNECTION_H__ */
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-2.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-2.patch
new file mode 100644
index 0000000000..f9c894aaec
--- /dev/null
+++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-2.patch
@@ -0,0 +1,131 @@
+From 0bfc66f1082f5d47df99b6fc03f742ef7fa1051e Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 5 Feb 2026 17:19:51 +0800
+Subject: [PATCH] Set message size limit in SoupServer rather than 
+ SoupWebsocketConnection
+
+We're not sure about the compatibility implications of having a default
+size limit for clients.
+
+Also not sure whether the server limit is actually set appropriately,
+but there is probably very little server usage of
+SoupWebsocketConnection in the wild, so it's not so likely to break
+things.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/2df34d9544cabdbfdedd3b36f098cf69233b1df7]
+CVE: CVE-2025-32049
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-server.c               | 24 +++++++++++++++++++-----
+ libsoup/soup-websocket-connection.c | 23 ++++++++++++++++-------
+ 2 files changed, 35 insertions(+), 12 deletions(-)
+
+diff --git a/libsoup/soup-server.c b/libsoup/soup-server.c
+index 63875f3..a3f8597 100644
+--- a/libsoup/soup-server.c
++++ b/libsoup/soup-server.c
+@@ -216,6 +216,16 @@ enum {
+ 
+ G_DEFINE_TYPE_WITH_PRIVATE (SoupServer, soup_server, G_TYPE_OBJECT)
+ 
++/* SoupWebsocketConnection by default limits only maximum packet size. But a
++ * message may consist of multiple packets, so SoupServer additionally restricts
++ * total message size to mitigate denial of service attacks on the server.
++ * SoupWebsocketConnection does not do this by default because I don't know
++ * whether that would or would not cause compatibility problems for websites.
++ *
++ * This size is in bytes and it is arbitrary.
++ */
++#define MAX_TOTAL_MESSAGE_SIZE_DEFAULT   128 * 1024
++
+ static SoupClientContext *soup_client_context_ref (SoupClientContext *client);
+ static void soup_client_context_unref (SoupClientContext *client);
+ 
+@@ -1445,11 +1455,15 @@ complete_websocket_upgrade (SoupMessage *msg, gpointer user_data)
+ 
+        soup_client_context_ref (client);
+        stream = soup_client_context_steal_connection (client);
+-       conn = soup_websocket_connection_new_with_extensions (stream, uri,
+-                                                             SOUP_WEBSOCKET_CONNECTION_SERVER,
+-                                                             soup_message_headers_get_one (msg->request_headers, "Origin"),
+-                                                             soup_message_headers_get_one (msg->response_headers, "Sec-WebSocket-Protocol"),
+-                                                             handler->websocket_extensions);
++       conn = SOUP_WEBSOCKET_CONNECTION (g_object_new (SOUP_TYPE_WEBSOCKET_CONNECTION,
++                                                         "io-stream", stream,
++                                                         "uri", uri,
++                                                         "connection-type", SOUP_WEBSOCKET_CONNECTION_SERVER,
++                                                         "origin", soup_message_headers_get_one (msg->request_headers, "Origin"),
++                                                         "protocol", soup_message_headers_get_one (msg->response_headers, "Sec-WebSocket-Protocol"),
++                                                         "extensions", handler->websocket_extensions,
++                                                         "max-total-message-size", (guint64)MAX_TOTAL_MESSAGE_SIZE_DEFAULT,
++                                 NULL));
+        handler->websocket_extensions = NULL;
+        g_object_unref (stream);
+        soup_client_context_unref (client);
+diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
+index 3dad477..e7fa9b7 100644
+--- a/libsoup/soup-websocket-connection.c
++++ b/libsoup/soup-websocket-connection.c
+@@ -154,7 +154,6 @@ struct _SoupWebsocketConnectionPrivate {
+ };
+ 
+ #define MAX_INCOMING_PAYLOAD_SIZE_DEFAULT   128 * 1024
+-#define MAX_TOTAL_MESSAGE_SIZE_DEFAULT   128 * 1024
+ #define READ_BUFFER_SIZE 1024
+ #define MASK_LENGTH 4
+ 
+@@ -1615,8 +1614,9 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass)
+        /**
+         * SoupWebsocketConnection:max-incoming-payload-size:
+         *
+-        * The maximum payload size for incoming packets the protocol expects
+-        * or 0 to not limit it.
++        * The maximum payload size for incoming packets, or 0 to not limit it.
++        * Each message may consist of multiple packets, so also refer to
++        * [property@WebSocketConnection:max-total-message-size].
+         *
+         * Since: 2.56
+         */
+@@ -1668,9 +1668,18 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass)
+        /**
+         * SoupWebsocketConnection:max-total-message-size:
+         *
+-        * The total message size for incoming packets.
++        * The maximum size for incoming messages.
++        * Set to a value to limit the total message size, or 0 to not
++        * limit it.
+         *
+-        * The protocol expects or 0 to not limit it.
++        * [method@Server.add_websocket_handler] will set this to a nonzero
++        * default value to mitigate denial of service attacks. Clients must
++        * choose their own default if they need to mitigate denial of service
++        * attacks. You also need to set your own default if creating your own
++        * server SoupWebsocketConnection without using SoupServer.
++        *
++        * Each message may consist of multiple packets, so also refer to
++        *[property@WebSocketConnection:max-incoming-payload-size].
+         *
+         */
+        g_object_class_install_property (gobject_class, PROP_MAX_TOTAL_MESSAGE_SIZE,
+@@ -1679,7 +1688,7 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass)
+                                                             "Max total message size ",
+                                                             0,
+                                                             G_MAXUINT64,
+-                                                            MAX_TOTAL_MESSAGE_SIZE_DEFAULT,
++                                                            0,
+                                                             G_PARAM_READWRITE |
+                                                             G_PARAM_CONSTRUCT |
+                                                             G_PARAM_STATIC_STRINGS));
+@@ -2210,7 +2219,7 @@ soup_websocket_connection_get_max_total_message_size (SoupWebsocketConnection *s
+ {
+    SoupWebsocketConnectionPrivate *pv;
+ 
+-   g_return_val_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self), MAX_TOTAL_MESSAGE_SIZE_DEFAULT);
++   g_return_val_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self), 0);
+    pv = self->pv;
+ 
+    return pv->max_total_message_size;
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1467.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1467.patch
new file mode 100644
index 0000000000..a1a130ee3a
--- /dev/null
+++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1467.patch
@@ -0,0 +1,151 @@
+From b4f1dcb89a552fc03bfd0e65830b4f76fdc4a232 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Tue, 21 Apr 2026 17:10:37 +0800
+Subject: [PATCH] Fix CVE-2026-1467
+
+CVE: CVE-2026-1467
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/6dfe506618d2d5856618e5c0f85bd93386dc8012]
+
+The original backport patch targets libsoup3. This patch has been
+adapted accordingly for libsoup2, refer the openSUSE patch, see [1]
+
+[1] https://www.suse.com/security/cve/CVE-2026-1467.html
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-auth.c    |  2 +-
+ libsoup/soup-message.c |  5 +++-
+ libsoup/soup-uri.c     | 60 ++++++++++++++++++++++++++++++++++++++++++
+ libsoup/soup-uri.h     |  2 ++
+ 4 files changed, 67 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/soup-auth.c b/libsoup/soup-auth.c
+index 1896aab..e205fe3 100644
+--- a/libsoup/soup-auth.c
++++ b/libsoup/soup-auth.c
+@@ -535,7 +535,7 @@ GSList *
+ soup_auth_get_protection_space (SoupAuth *auth, SoupURI *source_uri)
+ {
+        g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL);
+-       g_return_val_if_fail (source_uri != NULL, NULL);
++       g_return_val_if_fail (soup_uri_is_valid (source_uri), NULL);
+ 
+        return SOUP_AUTH_GET_CLASS (auth)->get_protection_space (auth, source_uri);
+ }
+diff --git a/libsoup/soup-message.c b/libsoup/soup-message.c
+index da32b42..cc4f22b 100644
+--- a/libsoup/soup-message.c
++++ b/libsoup/soup-message.c
+@@ -1044,7 +1044,7 @@ soup_message_new (const char *method, const char *uri_string)
+        uri = soup_uri_new (uri_string);
+        if (!uri)
+                return NULL;
+-       if (!uri->host) {
++       if (!soup_uri_is_valid (uri)) {
+                soup_uri_free (uri);
+                return NULL;
+        }
+@@ -1066,6 +1066,8 @@ soup_message_new (const char *method, const char *uri_string)
+ SoupMessage *
+ soup_message_new_from_uri (const char *method, SoupURI *uri)
+ {
++       g_return_val_if_fail (soup_uri_is_valid (uri), NULL);
++
+        return g_object_new (SOUP_TYPE_MESSAGE,
+                             SOUP_MESSAGE_METHOD, method,
+                             SOUP_MESSAGE_URI, uri,
+@@ -1676,6 +1678,7 @@ soup_message_set_uri (SoupMessage *msg, SoupURI *uri)
+        SoupMessagePrivate *priv;
+ 
+        g_return_if_fail (SOUP_IS_MESSAGE (msg));
++       g_return_if_fail (soup_uri_is_valid (uri));
+        priv = soup_message_get_instance_private (msg);
+ 
+        if (priv->uri)
+diff --git a/libsoup/soup-uri.c b/libsoup/soup-uri.c
+index bdb7a17..d781ff1 100644
+--- a/libsoup/soup-uri.c
++++ b/libsoup/soup-uri.c
+@@ -1342,6 +1342,66 @@ soup_uri_host_equal (gconstpointer v1, gconstpointer v2)
+        return g_ascii_strcasecmp (one->host, two->host) == 0;
+ }
+ 
++static gboolean
++is_valid_character_for_host (char c)
++{
++        static const char forbidden_chars[] = { '\t', '\n', '\r', ' ', '#', '/', ':', '<', '>', '?', '@', '[', '\\', ']', '^', '|' };
++        int i;
++
++        for (i = 0; i < G_N_ELEMENTS (forbidden_chars); ++i) {
++                if (c == forbidden_chars[i])
++                        return FALSE;
++        }
++
++        return TRUE;
++}
++
++static gboolean
++is_host_valid (const char* host)
++{
++        int i;
++        gboolean is_valid;
++        char *ascii_host = NULL;
++
++        if (!host || !host[0])
++                return FALSE;
++
++        if (g_hostname_is_non_ascii (host)) {
++                ascii_host = g_hostname_to_ascii (host);
++                if (!ascii_host)
++                  return FALSE;
++
++                host = ascii_host;
++        }
++
++        if ((g_ascii_isdigit (host[0]) || strchr (host, ':')) && g_hostname_is_ip_address (host)) {
++                g_free (ascii_host);
++                return TRUE;
++        }
++        is_valid = TRUE;
++        for (i = 0; host[i] && is_valid; i++)
++                is_valid = is_valid_character_for_host (host[i]);
++
++        g_free (ascii_host);
++
++        return is_valid;
++}
++
++gboolean
++soup_uri_is_valid (SoupURI *uri)
++{
++        if (!uri)
++                return FALSE;
++
++        if (!is_host_valid (soup_uri_get_host (uri)))
++                return FALSE;
++
++        /* FIXME: validate other URI components? */
++
++        return TRUE;
++}
++
++
+ gboolean
+ soup_uri_is_http (SoupURI *uri, char **aliases)
+ {
+diff --git a/libsoup/soup-uri.h b/libsoup/soup-uri.h
+index 8015e4f..64099c3 100644
+--- a/libsoup/soup-uri.h
++++ b/libsoup/soup-uri.h
+@@ -133,6 +133,8 @@ guint       soup_uri_host_hash             (gconstpointer key);
+ SOUP_AVAILABLE_IN_2_28
+ gboolean    soup_uri_host_equal            (gconstpointer v1,
+                                            gconstpointer v2);
++SOUP_AVAILABLE_IN_2_68
++gboolean     soup_uri_is_valid             (SoupURI       *uri);
+ 
+ #define   SOUP_URI_IS_VALID(uri)       ((uri) && (uri)->scheme && (uri)->path)
+ #define   SOUP_URI_VALID_FOR_HTTP(uri) ((uri) && ((uri)->scheme == SOUP_URI_SCHEME_HTTP || (uri)->scheme == SOUP_URI_SCHEME_HTTPS) && (uri)->host && (uri)->path)
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1539.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1539.patch
new file mode 100644
index 0000000000..c6b813a98f
--- /dev/null
+++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1539.patch
@@ -0,0 +1,31 @@
+From 285faea567e1e2a95226201175dbf745a64a2439 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Fri, 20 Mar 2026 15:04:22 +0800
+Subject: [PATCH 4/4] Also remove Proxy-Authorization header on cross origin
+ redirect
+
+Closes #489
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/98c1285d9d78662c38bf14b4a128af01ccfdb446]
+CVE: CVE-2026-1539
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-session.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c
+index cc0d04c..0361856 100644
+--- a/libsoup/soup-session.c
++++ b/libsoup/soup-session.c
+@@ -1190,6 +1190,7 @@ soup_session_redirect_message (SoupSession *session, SoupMessage *msg)
+        /* Strip all credentials on cross-origin redirect. */
+        if (!soup_uri_host_equal (soup_message_get_uri (msg), new_uri)) {
+                soup_message_headers_remove (msg->request_headers, "Authorization");
++               soup_message_headers_remove (msg->request_headers, "Proxy-Authorization");
+                soup_message_set_auth (msg, NULL);
+        }
+ 
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1760.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1760.patch
new file mode 100644
index 0000000000..a5547132a2
--- /dev/null
+++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1760.patch
@@ -0,0 +1,153 @@
+From 0fca37e0fce479284e62091ffb9b7d6caff1c7e4 Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <cgarcia@igalia.com>
+Date: Thu, 29 Jan 2026 16:43:28 +0100
+Subject: [PATCH] server: close the connection after responsing a request
+ containing Content-Length and Transfer-Encoding
+
+Closes #475
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/6224df5a471e9040a99dd3dc2e91817a701b1bf6]
+CVE: CVE-2026-1760
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-message-headers.c   | 86 +++++++++++++++-----------------
+ libsoup/soup-message-server-io.c |  8 +++
+ 2 files changed, 49 insertions(+), 45 deletions(-)
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index 535cf14..06d9600 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -666,38 +666,13 @@ clear_special_headers (SoupMessageHeaders *hdrs)
+ static void
+ transfer_encoding_setter (SoupMessageHeaders *hdrs, const char *value)
+ {
+-       if (value) {
+-               /* "identity" is a wrong value according to RFC errata 408,
+-                * and RFC 7230 does not list it as valid transfer-coding.
+-                * Nevertheless, the obsolete RFC 2616 stated "identity"
+-                * as valid, so we can't handle it as unrecognized here
+-                * for compatibility reasons.
+-                */
+-               if (g_ascii_strcasecmp (value, "chunked") == 0)
+-                       hdrs->encoding = SOUP_ENCODING_CHUNKED;
+-               else if (g_ascii_strcasecmp (value, "identity") != 0)
+-                       hdrs->encoding = SOUP_ENCODING_UNRECOGNIZED;
+-       } else
+-               hdrs->encoding = -1;
++       hdrs->encoding = -1;
+ }
+ 
+ static void
+ content_length_setter (SoupMessageHeaders *hdrs, const char *value)
+ {
+-       /* Transfer-Encoding trumps Content-Length */
+-       if (hdrs->encoding == SOUP_ENCODING_CHUNKED)
+-               return;
+-
+-       if (value) {
+-               char *end;
+-
+-               hdrs->content_length = g_ascii_strtoull (value, &end, 10);
+-               if (*end)
+-                       hdrs->encoding = SOUP_ENCODING_UNRECOGNIZED;
+-               else
+-                       hdrs->encoding = SOUP_ENCODING_CONTENT_LENGTH;
+-       } else
+-               hdrs->encoding = -1;
++       hdrs->encoding = -1;
+ }
+ 
+ /**
+@@ -730,29 +705,50 @@ SoupEncoding
+ soup_message_headers_get_encoding (SoupMessageHeaders *hdrs)
+ {
+        const char *header;
++       const char *content_length;
++       const char *transfer_encoding;
+ 
+        if (hdrs->encoding != -1)
+                return hdrs->encoding;
+ 
+-       /* If Transfer-Encoding was set, hdrs->encoding would already
+-        * be set. So we don't need to check that possibility.
+-        */
+-       header = soup_message_headers_get_one (hdrs, "Content-Length");
+-       if (header) {
+-               content_length_setter (hdrs, header);
+-               if (hdrs->encoding != -1)
+-                       return hdrs->encoding;
+-       }
++                       /* Transfer-Encoding is checked first because it overrides the Content-Length */
++                       transfer_encoding = soup_message_headers_get_one (hdrs, "Transfer-Encoding");
++                       if (transfer_encoding) {
++                                       /* "identity" is a wrong value according to RFC errata 408,
++                                        * and RFC 7230 does not list it as valid transfer-coding.
++                                        * Nevertheless, the obsolete RFC 2616 stated "identity"
++                                        * as valid, so we can't handle it as unrecognized here
++                                        * for compatibility reasons.
++                                        */
++                                       if (g_ascii_strcasecmp (transfer_encoding, "chunked") == 0)
++                                                       hdrs->encoding = SOUP_ENCODING_CHUNKED;
++                                       else if (g_ascii_strcasecmp (transfer_encoding, "identity") != 0)
++                                                       hdrs->encoding = SOUP_ENCODING_UNRECOGNIZED;
++                       } else {
++                                       content_length = soup_message_headers_get_one (hdrs, "Content-Length");
++                                       if (content_length) {
++                                                       char *end;
++
++                                                       hdrs->content_length = g_ascii_strtoull (content_length, &end, 10);
++                                                       if (*end)
++                                                                       hdrs->encoding = SOUP_ENCODING_UNRECOGNIZED;
++                                                       else
++                                                                       hdrs->encoding = SOUP_ENCODING_CONTENT_LENGTH;
++                                       }
++                       }
++
++                       if (hdrs->encoding == -1) {
++                                       /* Per RFC 2616 4.4, a response body that doesn't indicate its
++                                        * encoding otherwise is terminated by connection close, and a
++                                        * request that doesn't indicate otherwise has no body. Note
++                                        * that SoupMessage calls soup_message_headers_set_encoding()
++                                        * to override the response body default for our own
++                                        * server-side messages.
++                                        */
++                                       hdrs->encoding = (hdrs->type == SOUP_MESSAGE_HEADERS_RESPONSE) ?
++                                                       SOUP_ENCODING_EOF : SOUP_ENCODING_NONE;
++                       }
+ 
+-       /* Per RFC 2616 4.4, a response body that doesn't indicate its
+-        * encoding otherwise is terminated by connection close, and a
+-        * request that doesn't indicate otherwise has no body. Note
+-        * that SoupMessage calls soup_message_headers_set_encoding()
+-        * to override the response body default for our own
+-        * server-side messages.
+-        */
+-       hdrs->encoding = (hdrs->type == SOUP_MESSAGE_HEADERS_RESPONSE) ?
+-               SOUP_ENCODING_EOF : SOUP_ENCODING_NONE;
+        return hdrs->encoding;
+ }
+ 
+diff --git a/libsoup/soup-message-server-io.c b/libsoup/soup-message-server-io.c
+index 71e943b..df5eafc 100644
+--- a/libsoup/soup-message-server-io.c
++++ b/libsoup/soup-message-server-io.c
+@@ -80,6 +80,14 @@ parse_request_headers (SoupMessage *msg, char *headers, guint headers_len,
+                        return SOUP_STATUS_BAD_REQUEST;
+        }
+ 
++       /* A server MAY reject a request that contains both Content-Length and
++        * Transfer-Encoding or process such a request in accordance with the
++        * Transfer-Encoding alone. Regardless, the server MUST close the connection
++        * after responding to such a request to avoid the potential attacks
++        */
++       if (*encoding == SOUP_ENCODING_CHUNKED && soup_message_headers_get_one (msg->request_headers, "Content-Length"))
++                       soup_message_headers_replace (msg->request_headers, "Connection", "close");
++
+        /* Generate correct context for request */
+        req_host = soup_message_headers_get_one (msg->request_headers, "Host");
+        if (req_host && strchr (req_host, '/')) {
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1761.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1761.patch
new file mode 100644
index 0000000000..573e3e1dd0
--- /dev/null
+++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1761.patch
@@ -0,0 +1,36 @@
+From 07757b7feacfc660c6c463ff2b773c13bc42d2c9 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 19 Mar 2026 17:21:32 +0800
+Subject: [PATCH 3/4] multipart: check length of bytes read
+ soup_filter_input_stream_read_until()
+
+We do make sure the read length is smaller than the buffer length when
+the boundary is not found, but we should do the same when the boundary
+is found.
+
+Spotted in #YWH-PGM9867-149
+Closes #493
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/cfa9d90d1a5c274233554a264c56551c13d6a6f0]
+CVE: CVE-2026-1761
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-filter-input-stream.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-filter-input-stream.c b/libsoup/soup-filter-input-stream.c
+index 2c30bf9..c34510b 100644
+--- a/libsoup/soup-filter-input-stream.c
++++ b/libsoup/soup-filter-input-stream.c
+@@ -272,6 +272,6 @@ soup_filter_input_stream_read_until (SoupFilterInputStream  *fstream,
+        if (eof && !*got_boundary)
+                read_length = MIN (fstream->priv->buf->len, length);
+        else
+-               read_length = p - buf;
++               read_length = MIN ((gsize)(p - buf), length);
+        return read_from_buf (fstream, buffer, read_length);
+ }
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1801.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1801.patch
new file mode 100644
index 0000000000..5f445f7354
--- /dev/null
+++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-1801.patch
@@ -0,0 +1,126 @@
+From f9c933e258e9ef2f221cca6395f8092a1c4b93dd Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 19 Mar 2026 17:10:36 +0800
+Subject: [PATCH 2/4] Fix CVE-2026-1801
+
+This patch merges 3 upstream patches
+
+Chery-pick the first two patches to make the context is the same as the
+third patch that fix CVE-2026-1801
+
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/commit/1e32b5e123aa1689505472bdbfcbd897eac41977,
+https://gitlab.gnome.org/GNOME/libsoup/-/commit/8a2e15c88512ae4517d2c2c887d39299725b22da,
+https://gitlab.gnome.org/GNOME/libsoup/-/commit/b9a1c0663ff8ab6e79715db4b35b54f560416ddd]
+CVE: CVE-2026-1801
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-body-input-stream.c | 66 ++++++++++++++++++++------------
+ 1 file changed, 41 insertions(+), 25 deletions(-)
+
+diff --git a/libsoup/soup-body-input-stream.c b/libsoup/soup-body-input-stream.c
+index 6b95884..25d9312 100644
+--- a/libsoup/soup-body-input-stream.c
++++ b/libsoup/soup-body-input-stream.c
+@@ -159,15 +159,18 @@ soup_body_input_stream_read_chunked (SoupBodyInputStream  *bistream,
+ again:
+        switch (bistream->priv->chunked_state) {
+        case SOUP_BODY_INPUT_STREAM_STATE_CHUNK_SIZE:
+-               nread = soup_filter_input_stream_read_line (
+-                       fstream, metabuf, sizeof (metabuf), blocking,
+-                       &got_line, cancellable, error);
+-               if (nread <= 0)
++               nread = soup_filter_input_stream_read_until (
++                               fstream, metabuf, sizeof (metabuf),
++                               "\r\n", 2, blocking, TRUE,
++                               &got_line, cancellable, error);
++               if (nread < 0)
+                        return nread;
+-               if (!got_line) {
+-                       g_set_error_literal (error, G_IO_ERROR,
+-                                            G_IO_ERROR_PARTIAL_INPUT,
+-                                            _("Connection terminated unexpectedly"));
++               if (nread == 0 || !got_line) {
++                       if (error && *error == NULL) {
++                               g_set_error_literal (error, G_IO_ERROR,
++                                                                       G_IO_ERROR_PARTIAL_INPUT,
++                                                                       ("Connection terminated unexpectedly"));
++                       }
+                        return -1;
+                }
+ 
+@@ -180,9 +183,9 @@ again:
+ 
+        case SOUP_BODY_INPUT_STREAM_STATE_CHUNK:
+                nread = soup_body_input_stream_read_raw (
+-                       bistream, buffer,
+-                       MIN (count, bistream->priv->read_length),
+-                       blocking, cancellable, error);
++                               bistream, buffer,
++                               MIN (count, bistream->priv->read_length),
++                               blocking, cancellable, error);
+                if (nread > 0) {
+                        bistream->priv->read_length -= nread;
+                        if (bistream->priv->read_length == 0)
+@@ -191,16 +194,19 @@ again:
+                return nread;
+ 
+        case SOUP_BODY_INPUT_STREAM_STATE_CHUNK_END:
+-               nread = soup_filter_input_stream_read_line (
+-                       SOUP_FILTER_INPUT_STREAM (bistream->priv->base_stream),
+-                       metabuf, sizeof (metabuf), blocking,
+-                       &got_line, cancellable, error);
+-               if (nread <= 0)
++               nread = soup_filter_input_stream_read_until (
++                               SOUP_FILTER_INPUT_STREAM (bistream->priv->base_stream),
++                               metabuf, sizeof (metabuf),
++                               "\r\n", 2, blocking, TRUE,
++                               &got_line, cancellable, error);
++               if (nread < 0)
+                        return nread;
+-               if (!got_line) {
+-                       g_set_error_literal (error, G_IO_ERROR,
+-                                            G_IO_ERROR_PARTIAL_INPUT,
+-                                            _("Connection terminated unexpectedly"));
++               if (nread == 0 || !got_line) {
++                       if (error && *error == NULL) {
++                               g_set_error_literal (error, G_IO_ERROR,
++                               G_IO_ERROR_PARTIAL_INPUT,
++                               _("Connection terminated unexpectedly"));
++                       }
+                        return -1;
+                }
+ 
+@@ -208,13 +214,23 @@ again:
+                break;
+ 
+        case SOUP_BODY_INPUT_STREAM_STATE_TRAILERS:
+-               nread = soup_filter_input_stream_read_line (
+-                       fstream, buffer, count, blocking,
+-                       &got_line, cancellable, error);
+-               if (nread <= 0)
++               nread = soup_filter_input_stream_read_until (
++                               fstream, metabuf, sizeof (metabuf),
++                               "\r\n", 2, blocking, TRUE,
++                               &got_line, cancellable, error);
++               if (nread < 0)
+                        return nread;
+ 
+-               if (strncmp (buffer, "\r\n", nread) || strncmp (buffer, "\n", nread)) {
++               if (nread == 0) {
++                       if (error && *error == NULL) {
++                               g_set_error_literal (error, G_IO_ERROR,
++                               G_IO_ERROR_PARTIAL_INPUT,
++                               _("Connection terminated unexpectedly"));
++                       }
++                       return -1;
++               }
++
++               if (nread == 2 && strncmp (metabuf, "\r\n", nread) == 0) {
+                        bistream->priv->chunked_state = SOUP_BODY_INPUT_STREAM_STATE_DONE;
+                        bistream->priv->eof = TRUE;
+                }
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-2369.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-2369.patch
new file mode 100644
index 0000000000..814672caca
--- /dev/null
+++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-2369.patch
@@ -0,0 +1,33 @@
+From 5c4e65fd99ff4e3ae76c7985c5e160bb07ea0f92 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 25 Mar 2026 11:24:36 +0800
+Subject: [PATCH] sniffer: Handle potential underflow
+
+Closes #498
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/b91bbd7d7888c85b17a8b33173caa806dff51681]
+CVE: CVE-2026-2369
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-content-sniffer.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
+index 3edc568..b091bca 100644
+--- a/libsoup/soup-content-sniffer.c
++++ b/libsoup/soup-content-sniffer.c
+@@ -504,6 +504,10 @@ sniff_unknown (SoupContentSniffer *sniffer, SoupBuffer *buffer,
+                if (!sniff_scriptable && type_row->scriptable)
+                        continue;
+ 
++               /* Ensure we have data to sniff - prevents underflow in resource_length - 1 */
++               if (resource_length == 0)
++                       continue;
++
+                if (type_row->has_ws) {
+                        guint index_stream = 0;
+                        guint index_pattern = 0;
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-2443.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-2443.patch
new file mode 100644
index 0000000000..99d42acb1e
--- /dev/null
+++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2026-2443.patch
@@ -0,0 +1,135 @@
+From 7bb3115a296154e3f465900ea5c984a493385a7f Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Fri, 19 Dec 2025 23:49:05 +0000
+Subject: [PATCH] Fix CVE-2026-2443
+
+Upstream-Status: Backport [
+c1796442 soup-message-headers: Rework Range response statuses to match Apache
+191ef313 soup-message-headers: Fix rejection of Range headers with trailing garbage
+be677bea soup-message-headers: Fix parsing of invalid Range suffix lengths
+2bbfdfe8 soup-message-headers: Reject ranges where end is before start
+739bf7cb soup-message-headers: Reject invalid Range ends longer than the content
+]
+CVE: CVE-2026-2443
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-message-headers.c | 62 ++++++++++++++++++++++++----------
+ 1 file changed, 44 insertions(+), 18 deletions(-)
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index bb20bbb..535cf14 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -943,10 +943,16 @@ sort_ranges (gconstpointer a, gconstpointer b)
+ }
+ 
+ /* like soup_message_headers_get_ranges(), except it returns:
+- *   SOUP_STATUS_OK if there is no Range or it should be ignored.
+- *   SOUP_STATUS_PARTIAL_CONTENT if there is at least one satisfiable range.
+- *   SOUP_STATUS_REQUESTED_RANGE_NOT_SATISFIABLE if @check_satisfiable
+- *     is %TRUE and the request is not satisfiable given @total_length.
++ *  - SOUP_STATUS_OK if there is no Range or it should be ignored due to being
++ *    entirely invalid.
++ *  - SOUP_STATUS_PARTIAL_CONTENT if there is at least one satisfiable range.
++ *  - SOUP_STATUS_REQUESTED_RANGE_NOT_SATISFIABLE if @check_satisfiable
++ *     is %TRUE, the Range is valid, but no part of the request is satisfiable
++ *     given @total_length.
++ *
++ * @ranges and @length are only set if SOUP_STATUS_PARTIAL_CONTENT is returned.
++ *
++ * See https://httpwg.org/specs/rfc9110.html#field.range
+  */
+ guint
+ soup_message_headers_get_ranges_internal (SoupMessageHeaders  *hdrs,
+@@ -960,22 +966,28 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders  *hdrs,
+        GArray *array;
+        char *spec, *end;
+        guint status = SOUP_STATUS_OK;
++       gboolean is_all_valid = TRUE;
+ 
+        if (!range || strncmp (range, "bytes", 5) != 0)
+-               return status;
++               return SOUP_STATUS_OK;  /* invalid header or unknown range unit */
+ 
+        range += 5;
+        while (g_ascii_isspace (*range))
+                range++;
+        if (*range++ != '=')
+-               return status;
++               return SOUP_STATUS_OK;  /* invalid header */
+        while (g_ascii_isspace (*range))
+                range++;
+ 
+        range_list = soup_header_parse_list (range);
+        if (!range_list)
+-               return status;
++               return SOUP_STATUS_OK;  /* invalid list */
+ 
++       /* Loop through the ranges and modify the status accordingly. Default to
++        * status 200 (OK, ignoring the ranges). Switch to status 206 (Partial
++        * Content) if there is at least one partially valid range. Switch to
++        * status 416 (Range Not Satisfiable) if there are no partially valid
++        * ranges at all. */
+        array = g_array_new (FALSE, FALSE, sizeof (SoupRange));
+        for (r = range_list; r; r = r->next) {
+                SoupRange cur;
+@@ -988,30 +1000,44 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders  *hdrs,
+                        cur.start = g_ascii_strtoull (spec, &end, 10);
+                        if (*end == '-')
+                                end++;
+-                       if (*end) {
++                       if (*end)
+                                cur.end = g_ascii_strtoull (end, &end, 10);
+-                               if (cur.end < cur.start) {
+-                                       status = SOUP_STATUS_OK;
+-                                       break;
+-                               }
+-                       } else
++                       else
+                                cur.end = total_length - 1;
+                }
++
+                if (*end) {
+-                       status = SOUP_STATUS_OK;
+-                       break;
+-               } else if (check_satisfiable && cur.start >= total_length) {
+-                       if (status == SOUP_STATUS_OK)
+-                               status = SOUP_STATUS_REQUESTED_RANGE_NOT_SATISFIABLE;
++                       /* Junk after the range */
++                       is_all_valid = FALSE;
++                       continue;
++               }
++
++               if (cur.end < cur.start) {
++                       is_all_valid = FALSE;
++                       continue;
++               }
++
++               g_assert (cur.start >= 0);
++               if (cur.end >= total_length)
++                       cur.end = total_length - 1;
++
++               if (cur.start >= total_length) {
++                       /* Range is valid, but unsatisfiable */
+                        continue;
+                }
+ 
++               /* We have at least one (at least partially) satisfiable range */
+                g_array_append_val (array, cur);
+                status = SOUP_STATUS_PARTIAL_CONTENT;
+        }
+        soup_header_free_list (range_list);
+ 
+        if (status != SOUP_STATUS_PARTIAL_CONTENT) {
++               g_assert (status == SOUP_STATUS_OK);
++
++               if (is_all_valid && check_satisfiable)
++                       status = SOUP_STATUS_REQUESTED_RANGE_NOT_SATISFIABLE;
++
+                g_array_free (array, TRUE);
+                return status;
+        }
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 68ec576d9b..e588e60cd5 100644
--- a/meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -40,6 +40,16 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-4948.patch \
            file://CVE-2025-4969.patch \
            file://CVE-2025-4945.patch \
+           file://CVE-2025-14523.patch \
+           file://CVE-2025-32049-1.patch \
+           file://CVE-2025-32049-2.patch \
+           file://CVE-2026-2443.patch \
+           file://CVE-2026-1801.patch \
+           file://CVE-2026-1761.patch \
+           file://CVE-2026-1539.patch \
+           file://CVE-2026-2369.patch \
+           file://CVE-2026-1760.patch \
+           file://CVE-2026-1467.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 
diff --git a/meta-oe/recipes-support/libspdm/libspdm_3.8.2.bb b/meta-oe/recipes-support/libspdm/libspdm_3.8.2.bb
index 04f1ffc1fc..7d227d4148 100644
--- a/meta-oe/recipes-support/libspdm/libspdm_3.8.2.bb
+++ b/meta-oe/recipes-support/libspdm/libspdm_3.8.2.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=8f9b59a81a88da8e812af43728b72dd7"
 DEPENDS = "openssl"
 
 SRC_URI = "git://github.com/DMTF/libspdm.git;branch=release-3.8;protocol=https;tag=${PV}"
-SRCREV = "5cf0acb87b2f36f8d70a89e5da8476d85db59f46"
+SRCREV = "f55cf6d48ec69b4ac60a63903e9c6a2cb0fd155d"
 
 inherit cmake
 
diff --git a/meta-oe/recipes-support/libtar/files/0001-compat-convert-K-R-function-definitions-to-ANSI-C-pr.patch b/meta-oe/recipes-support/libtar/files/0001-compat-convert-K-R-function-definitions-to-ANSI-C-pr.patch
new file mode 100644
index 0000000000..4585c586b4
--- /dev/null
+++ b/meta-oe/recipes-support/libtar/files/0001-compat-convert-K-R-function-definitions-to-ANSI-C-pr.patch
@@ -0,0 +1,62 @@
+From 5ea04d70221a18cbd711a9d570c81ef0b9be6765 Mon Sep 17 00:00:00 2001
+From: Khem Raj <khem.raj@oss.qualcomm.com>
+Date: Fri, 10 Apr 2026 18:41:04 -0700
+Subject: [PATCH] compat: convert K&R function definitions to ANSI C prototypes
+
+Replace old-style K&R parameter declarations with modern ANSI C
+function prototypes in basename.c, dirname.c, and strmode.c.
+
+Required for compatibility with clang 22 under -std=gnu23, which
+no longer supports K&R-style function definitions.
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
+---
+ compat/basename.c | 3 +--
+ compat/dirname.c  | 3 +--
+ compat/strmode.c  | 4 +---
+ 3 files changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/compat/basename.c b/compat/basename.c
+index 2ac1e13..7b0384a 100644
+--- a/compat/basename.c
++++ b/compat/basename.c
+@@ -36,8 +36,7 @@ static char rcsid[] = "$OpenBSD: basename.c,v 1.4 1999/05/30 17:10:30 espie Exp
+ #include <sys/param.h>
+ 
+ char *
+-openbsd_basename(path)
+-       const char *path;
++openbsd_basename(const char *path)
+ {
+        static char bname[MAXPATHLEN];
+        register const char *endp, *startp;
+diff --git a/compat/dirname.c b/compat/dirname.c
+index 986db4a..6c1231d 100644
+--- a/compat/dirname.c
++++ b/compat/dirname.c
+@@ -36,8 +36,7 @@ static char rcsid[] = "$OpenBSD: dirname.c,v 1.4 1999/05/30 17:10:30 espie Exp $
+ #include <sys/param.h>
+ 
+ char *
+-openbsd_dirname(path)
+-       const char *path;
++openbsd_dirname (const char *path)
+ {
+        static char bname[MAXPATHLEN];
+        register const char *endp;
+diff --git a/compat/strmode.c b/compat/strmode.c
+index 5e7f15e..2ffab61 100644
+--- a/compat/strmode.c
++++ b/compat/strmode.c
+@@ -40,9 +40,7 @@ static char *rcsid = "$OpenBSD: strmode.c,v 1.3 1997/06/13 13:57:20 deraadt Exp
+ #include <string.h>
+ 
+ void
+-strmode(mode, p)
+-       register mode_t mode;
+-       register char *p;
++strmode (register mode_t mode, register char *p)
+ {
+         /* print type */
+        switch (mode & S_IFMT) {
diff --git a/meta-oe/recipes-support/libtar/libtar_1.2.20.bb b/meta-oe/recipes-support/libtar/libtar_1.2.20.bb
index a17509d2e5..39d410064e 100644
--- a/meta-oe/recipes-support/libtar/libtar_1.2.20.bb
+++ b/meta-oe/recipes-support/libtar/libtar_1.2.20.bb
@@ -20,6 +20,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/libt/${BPN}/${BPN}_${PV}.orig.tar.gz \
            file://CVE-2021-33643-CVE-2021-33644.patch \
            file://CVE-2021-33640-CVE-2021-33645-CVE-2021-33646.patch \
            file://CVE-2013-4420.patch \
+           file://0001-compat-convert-K-R-function-definitions-to-ANSI-C-pr.patch \
            "
 
 S = "${UNPACKDIR}/${BPN}"
diff --git a/meta-oe/recipes-support/libvarlink/libvarlink/0001-transport-tool-use-const-for-strchr-return-pointers.patch b/meta-oe/recipes-support/libvarlink/libvarlink/0001-transport-tool-use-const-for-strchr-return-pointers.patch
new file mode 100644
index 0000000000..348dc88838
--- /dev/null
+++ b/meta-oe/recipes-support/libvarlink/libvarlink/0001-transport-tool-use-const-for-strchr-return-pointers.patch
@@ -0,0 +1,96 @@
+From 27e4f4504b3c60356b9507e926aae2b82ba47275 Mon Sep 17 00:00:00 2001
+From: Khem Raj <khem.raj@oss.qualcomm.com>
+Date: Wed, 15 Apr 2026 11:10:01 -0700
+Subject: [PATCH] transport,tool: use const for strchr return pointers
+
+Fixes errors seen after c23 implemented in glibc
+
+lib/transport-device.c:13:14: error: assigning to 'char *' from 'const char *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
+   13 |         parm = strchr(address, ';');
+      |              ^ ~~~~~~~~~~~~~~~~~~~~
+1 error generated.
+
+Upstream-Status: Submitted [https://github.com/varlink/libvarlink/pull/85]
+Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
+---
+ lib/transport-device.c | 2 +-
+ lib/transport-tcp.c    | 4 ++--
+ lib/transport-unix.c   | 2 +-
+ tool/command-format.c  | 2 +-
+ tool/command-info.c    | 2 +-
+ 5 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/lib/transport-device.c b/lib/transport-device.c
+index 0b8cec5..205eac4 100644
+--- a/lib/transport-device.c
++++ b/lib/transport-device.c
+@@ -7,7 +7,7 @@
+ #include <fcntl.h>
+
+ static int strip_parameters(const char *address, char **devicep) {
+-        char *parm;
++        const char *parm;
+         _cleanup_(freep) char *device = NULL;
+
+         parm = strchr(address, ';');
+diff --git a/lib/transport-tcp.c b/lib/transport-tcp.c
+index 92a0e7b..fff2379 100644
+--- a/lib/transport-tcp.c
++++ b/lib/transport-tcp.c
+@@ -10,7 +10,7 @@
+ #include <sys/socket.h>
+
+ static int strip_parameters(const char *address, char **hostp) {
+-        char *parm;
++        const char *parm;
+         _cleanup_(freep) char *host = NULL;
+
+         parm = strchr(address, ';');
+@@ -34,7 +34,7 @@ static void freeaddrinfop(struct addrinfo **ai) {
+ static int resolve_addrinfo(const char *address, struct addrinfo **resultp) {
+         _cleanup_(freep) char *host = NULL;
+         char *endptr;
+-        char *port;
++        const char *port;
+         struct addrinfo hints = {
+                 .ai_family = AF_UNSPEC,
+                 .ai_socktype = SOCK_STREAM,
+diff --git a/lib/transport-unix.c b/lib/transport-unix.c
+index 5dc3853..2414b29 100644
+--- a/lib/transport-unix.c
++++ b/lib/transport-unix.c
+@@ -10,7 +10,7 @@
+ #include <unistd.h>
+
+ static int strip_parameters(const char *address, char **pathp) {
+-        char *parm;
++        const char *parm;
+         _cleanup_(freep) char *path = NULL;
+
+         parm = strchr(address, ';');
+diff --git a/tool/command-format.c b/tool/command-format.c
+index 6932bc4..0f5ef8c 100644
+--- a/tool/command-format.c
++++ b/tool/command-format.c
+@@ -155,7 +155,7 @@ static long format_run(Cli *UNUSED(cli), int argc, char **argv) {
+ static long format_complete(Cli *cli, int argc, char **UNUSED(argv), const char *current) {
+         _cleanup_(freep) char *prefix = NULL;
+         DIR *dir;
+-        char *p;
++        const char *p;
+
+         if (argc != 1)
+                 return 0;
+diff --git a/tool/command-info.c b/tool/command-info.c
+index 571b6fd..9d252f7 100644
+--- a/tool/command-info.c
++++ b/tool/command-info.c
+@@ -137,7 +137,7 @@ static long info_run(Cli *cli, int argc, char **argv) {
+ static long info_complete(Cli *UNUSED(cli), int argc, char **UNUSED(argv), const char *current) {
+         _cleanup_(freep) char *prefix = NULL;
+         DIR *dir;
+-        char *p;
++        const char *p;
+
+         if (argc != 1)
+                 return 0;
diff --git a/meta-oe/recipes-support/libvarlink/libvarlink_24.0.1.bb b/meta-oe/recipes-support/libvarlink/libvarlink_24.0.1.bb
new file mode 100644
index 0000000000..1d1419a878
--- /dev/null
+++ b/meta-oe/recipes-support/libvarlink/libvarlink_24.0.1.bb
@@ -0,0 +1,19 @@
+SUMMARY = "Varlink C library and command line tool"
+HOMEPAGE = "https://varlink.org/"
+DESCRIPTION = "Varlink is an interface description format and protocol that aims \
+to make services accessible to both humans and machines in the simplest feasible way."
+SECION = "devel"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e"
+
+SRC_URI = "git://github.com/varlink/libvarlink.git;protocol=https;branch=master;tag=v${PV} \
+           file://0001-transport-tool-use-const-for-strchr-return-pointers.patch \
+          "
+SRCREV = "2ad4ec7ca62e148dbf0ad98646ec68c2e7e8a88e"
+
+inherit meson bash-completion lib_package
+
+do_install:append() {
+    # vim integration is not needed
+    rm -rf ${D}${datadir}/vim
+}
diff --git a/meta-oe/recipes-support/log4c/log4c/0001-sd-malloc-convert-K-R-function-declarations-to-ANSI-.patch b/meta-oe/recipes-support/log4c/log4c/0001-sd-malloc-convert-K-R-function-declarations-to-ANSI-.patch
new file mode 100644
index 0000000000..fae1a2d0c2
--- /dev/null
+++ b/meta-oe/recipes-support/log4c/log4c/0001-sd-malloc-convert-K-R-function-declarations-to-ANSI-.patch
@@ -0,0 +1,92 @@
+From b0ecadec662a8e35b017e16e92c5b1a04ed72598 Mon Sep 17 00:00:00 2001
+From: Khem Raj <khem.raj@oss.qualcomm.com>
+Date: Sat, 11 Apr 2026 00:24:17 -0700
+Subject: [PATCH] sd/malloc: convert K&R function declarations to ANSI C
+ prototypes
+
+Replace old-style K&R parameter declarations with modern ANSI C
+(C89/C90) function prototypes across all functions in malloc.c.
+Also remove trailing whitespace in fixup_null_alloc().
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
+---
+ src/sd/malloc.c | 23 ++++++++---------------
+ 1 file changed, 8 insertions(+), 15 deletions(-)
+
+diff --git a/src/sd/malloc.c b/src/sd/malloc.c
+index 7d241ad..43dd460 100644
+--- a/src/sd/malloc.c
++++ b/src/sd/malloc.c
+@@ -41,8 +41,7 @@ typedef void (*sd_malloc_handler_t)();
+ static sd_malloc_handler_t handler  = NULL;
+ 
+ static void *
+-fixup_null_alloc (n)
+-    size_t n;
++fixup_null_alloc (size_t n)
+ {
+     void* p = 0;
+ 
+@@ -62,8 +61,8 @@ fixup_null_alloc (n)
+            allocated = (char *) sbrk (0) - (char *) &environ;
+        sd_error("\nCannot allocate %lu bytes after allocating %lu bytes\n",
+                 (unsigned long) n, (unsigned long) allocated);
+-       
+-       if (handler) 
++
++       if (handler)
+            handler();
+        else {
+            sd_error("\n\tMemory exhausted !! Aborting.\n");
+@@ -75,8 +74,7 @@ fixup_null_alloc (n)
+ }
+ 
+ sd_malloc_handler_t
+-sd_malloc_set_handler(a_handler)
+-    sd_malloc_handler_t a_handler;
++sd_malloc_set_handler(sd_malloc_handler_t a_handler)
+ {
+     sd_malloc_handler_t previous = handler;
+ 
+@@ -87,8 +85,7 @@ sd_malloc_set_handler(a_handler)
+ /* Allocate N bytes of memory dynamically, with error checking.  */
+ 
+ void *
+-sd_malloc (n)
+-    size_t n;
++sd_malloc (size_t n)
+ {
+     void *p;
+ 
+@@ -101,8 +98,7 @@ sd_malloc (n)
+ /* Allocate memory for N elements of S bytes, with error checking.  */
+ 
+ void *
+-sd_calloc (n, s)
+-    size_t n, s;
++sd_calloc (size_t n, size_t s)
+ {
+     void *p;
+ 
+@@ -117,9 +113,7 @@ sd_calloc (n, s)
+    If P is NULL, run sd_malloc.  */
+ 
+ void *
+-sd_realloc (p, n)
+-    void *p;
+-    size_t n;
++sd_realloc (void *p, size_t n)
+ {
+     if (p == 0)
+        return sd_malloc (n);
+@@ -132,8 +126,7 @@ sd_realloc (p, n)
+ /* Return a newly allocated copy of STRING.  */
+ 
+ char *
+-sd_strdup (string)
+-     const char *string;
++sd_strdup (const char *string)
+ {
+   return strcpy (sd_malloc (strlen (string) + 1), string);
+ }
diff --git a/meta-oe/recipes-support/log4c/log4c_1.2.4.bb b/meta-oe/recipes-support/log4c/log4c_1.2.4.bb
index a0bd40b03a..eca800dc5e 100644
--- a/meta-oe/recipes-support/log4c/log4c_1.2.4.bb
+++ b/meta-oe/recipes-support/log4c/log4c_1.2.4.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
 SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.gz \
            file://fix_configure_with-expat.patch \
            file://0001-Use-the-API-properly-in-the-example-format-security-.patch \
+           file://0001-sd-malloc-convert-K-R-function-declarations-to-ANSI-.patch \
           "
 
 SRC_URI[sha256sum] = "5991020192f52cc40fa852fbf6bbf5bd5db5d5d00aa9905c67f6f0eadeed48ea"
diff --git a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.12.2.bb b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.12.2.bb
index bfb75718f2..0c572d1bd3 100644
--- a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.12.2.bb
+++ b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.12.2.bb
@@ -110,6 +110,7 @@ PACKAGES =+ "${PN}-libs"
 FILES:${PN}-libs = "${base_libdir}/lib*.so.* \
                     ${base_libdir}/multipath/lib*.so*"
 RDEPENDS:${PN} += "${PN}-libs bash libgcc"
+RRECOMMENDS:${PN} = "kernel-module-dm-multipath"
 
 PROVIDES += "device-mapper-multipath"
 RPROVIDES:${PN} += "device-mapper-multipath"
diff --git a/meta-oe/recipes-support/nano/nano_8.7.1.bb b/meta-oe/recipes-support/nano/nano_9.0.bb
index e62529ff9b..06bb7a63ce 100644
--- a/meta-oe/recipes-support/nano/nano_8.7.1.bb
+++ b/meta-oe/recipes-support/nano/nano_9.0.bb
@@ -13,7 +13,7 @@ RDEPENDS:${PN} = "ncurses-terminfo-base"
 PV_MAJOR = "${@d.getVar('PV').split('.')[0]}"
 
 SRC_URI = "https://nano-editor.org/dist/v${PV_MAJOR}/nano-${PV}.tar.xz"
-SRC_URI[sha256sum] = "76f0dcb248f2e2f1251d4ecd20fd30fb400a360a3a37c6c340e0a52c2d1cdedf"
+SRC_URI[sha256sum] = "9f384374b496110a25b73ad5a5febb384783c6e3188b37063f677ac908013fde"
 
 UPSTREAM_CHECK_URI = "${GNU_MIRROR}/nano"
 
diff --git a/meta-oe/recipes-support/nss/nss_3.121.bb b/meta-oe/recipes-support/nss/nss_3.122.bb
index 99f54c948a..70aee3d9db 100644
--- a/meta-oe/recipes-support/nss/nss_3.121.bb
+++ b/meta-oe/recipes-support/nss/nss_3.122.bb
@@ -33,7 +33,7 @@ SRC_URI = "https://ftp.mozilla.org/pub/security/nss/releases/${VERSION_DIR}/src/
            file://0006-Fix-nss-multilib-build-on-openSUSE-11.x-32bit.patch \
            file://0007-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
            "
-SRC_URI[sha256sum] = "cb3a8f8781bea78b7b8edd3afb7a2cb58e4881bb0160d189a39b98216ba7632e"
+SRC_URI[sha256sum] = "2699478b843b9f09c61f85341578df514463a0069447c816bef0d59bd800d777"
 
 UPSTREAM_CHECK_URI = "https://ftp.mozilla.org/pub/security/nss/releases/"
 UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>\d+(\_\d+)+)"
diff --git a/meta-oe/recipes-support/openct/openct/0001-Fix-incompatible-pointer-type-error-with-gcc-option.patch b/meta-oe/recipes-support/openct/openct/0001-Fix-incompatible-pointer-type-error-with-gcc-option.patch
deleted file mode 100644
index 73c9d06667..0000000000
--- a/meta-oe/recipes-support/openct/openct/0001-Fix-incompatible-pointer-type-error-with-gcc-option.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From c4351058da555e1e6a2b4b15d913baee80f55865 Mon Sep 17 00:00:00 2001
-From: Wang Mingyu <wangmy@fujitsu.com>
-Date: Thu, 27 Jun 2024 06:27:18 +0000
-Subject: Fix incompatible pointer type error with gcc option 
- -Wincompatible-pointer-types
-
-| ../../../openct-0.6.20/src/ifd/ifdhandler.c: In function 'ifdhandler_run':
-| ../../../openct-0.6.20/src/ifd/ifdhandler.c:239:52: error: passing argument 2 of 'ifd_get_eventfd' from incompatible pointer type [-Wincompatible-pointer-types]
-|   239 |                 sock->fd = ifd_get_eventfd(reader, &sock->events);
-|       |                                                    ^~~~~~~~~~~~~
-|       |                                                    |
-|       |                                                    int *
-| In file included from ../../../openct-0.6.20/src/ifd/internal.h:17,
-|                  from ../../../openct-0.6.20/src/ifd/ifdhandler.c:7:
-| ../../../openct-0.6.20/src/include/openct/ifd.h:182:65: note: expected 'short int *' but argument is of type 'int *'
-|   182 | extern int                      ifd_get_eventfd(ifd_reader_t *, short *);
-|       |                                                                 ^~~~~~~
-
-| ../../../openct-0.6.20/src/ifd/process.c: In function 'do_memory_write':
-| ../../../openct-0.6.20/src/ifd/process.c:461:61: error: passing argument 4 of 'ct_tlv_get_opaque' from incompatible pointer type [-Wincompatible-pointer-types]
-|   461 |             || !ct_tlv_get_opaque(args, CT_TAG_DATA, &data, &data_len))
-|       |                                                             ^~~~~~~~~
-|       |                                                             |
-|       |                                                             unsigned int *
-| In file included from ../../../openct-0.6.20/src/ifd/process.c:20:
-| ../../../openct-0.6.20/src/include/openct/tlv.h:40:62: note: expected 'size_t *' {aka 'long unsigned int *'} but argument is of type 'unsigned int *'
-|    40 |                                 ifd_tag_t, unsigned char **, size_t *);
-
-Upstream-Status: Submitted
-
-Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
----
- src/ifd/ifdhandler.c | 2 +-
- src/ifd/process.c    | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/ifd/ifdhandler.c b/src/ifd/ifdhandler.c
-index 12686c9..ebd1b53 100644
---- a/src/ifd/ifdhandler.c
-+++ b/src/ifd/ifdhandler.c
-@@ -236,7 +236,7 @@ static void ifdhandler_run(ifd_reader_t * reader)
-                sock->fd = -1;
-        }
-        else {
--               sock->fd = ifd_get_eventfd(reader, &sock->events);
-+               sock->fd = ifd_get_eventfd(reader, (short int *)&sock->events);
-        }
-        if (sock->fd == -1) {
-                ifd_debug(1, "events inactive for reader %s", reader->name);
-diff --git a/src/ifd/process.c b/src/ifd/process.c
-index 4563bdf..7088a76 100644
---- a/src/ifd/process.c
-+++ b/src/ifd/process.c
-@@ -458,7 +458,7 @@ static int do_memory_write(ifd_reader_t * reader, int unit,
-                return IFD_ERROR_INVALID_SLOT;
- 
-        if (ct_tlv_get_int(args, CT_TAG_ADDRESS, &address) == 0
--           || !ct_tlv_get_opaque(args, CT_TAG_DATA, &data, &data_len))
-+           || !ct_tlv_get_opaque(args, CT_TAG_DATA, &data, (size_t *)&data_len))
-                return IFD_ERROR_MISSING_ARG;
- 
-        rc = ifd_card_write_memory(reader, unit, address, data, data_len);
--- 
-2.34.1
-
diff --git a/meta-oe/recipes-support/openct/openct/0001-m4-Just-emit-the-first-line-of-compiler-version.patch b/meta-oe/recipes-support/openct/openct/0001-m4-Just-emit-the-first-line-of-compiler-version.patch
deleted file mode 100644
index 9bd3d18d6e..0000000000
--- a/meta-oe/recipes-support/openct/openct/0001-m4-Just-emit-the-first-line-of-compiler-version.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 146b5116140d719e4e9ae19748c0b6dee7d82f96 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 22 May 2023 22:01:28 -0700
-Subject: [PATCH] m4: Just emit the first line of compiler version
-
-Avoids emitting buildpaths into comments
-Fixes
-WARNING: openct-0.6.20-r0 do_package_qa: QA Issue: File /usr/include/openct/types.h in package openct-dev contains reference to TMPDIR [buildpaths]
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- m4/ac_create_stdint_h.m4 | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/m4/ac_create_stdint_h.m4 b/m4/ac_create_stdint_h.m4
-index 66de704..4b7223a 100644
---- a/m4/ac_create_stdint_h.m4
-+++ b/m4/ac_create_stdint_h.m4
-@@ -110,7 +110,7 @@ echo "#define" $_ac_stdint_h "1" >>$ac_stdint_h
- echo "#ifndef" _GENERATED_STDINT_H >>$ac_stdint_h
- echo "#define" _GENERATED_STDINT_H '"'$PACKAGE $VERSION'"' >>$ac_stdint_h
- if test "$GCC" = "yes" ; then
--  echo "/* generated using a gnu compiler version" `$CC --version` "*/" \
-+  echo "/* generated using a gnu compiler version" `$CC --version|head -1` "*/" \
-   >>$ac_stdint_h
- else
-   echo "/* generated using $CC */" >>$ac_stdint_h
--- 
-2.40.1
-
diff --git a/meta-oe/recipes-support/openct/openct/etc-openct.udev.in-disablePROGRAM.patch b/meta-oe/recipes-support/openct/openct/etc-openct.udev.in-disablePROGRAM.patch
deleted file mode 100644
index e2401bb31b..0000000000
--- a/meta-oe/recipes-support/openct/openct/etc-openct.udev.in-disablePROGRAM.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From e0d3e0bb1e38ff851696a7d8826e651d364ad8ce Mon Sep 17 00:00:00 2001
-From: Li xin <lixin.fnst@cn.fujitsu.com>
-Date: Fri, 5 Dec 2014 02:00:57 +0900
-Subject: [PATCH 1/2] etc/openct.udev.in: disablePROGRAM
-
-Bug fix: https://bugzilla.redhat.com/show_bug.cgi?id=287871
-
-Upstream-Status: Pending
-
-Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
----
- etc/openct.udev.in | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/etc/openct.udev.in b/etc/openct.udev.in
-index d11d0e1..48083c9 100644
---- a/etc/openct.udev.in
-+++ b/etc/openct.udev.in
-@@ -22,7 +22,8 @@ ACTION!="add", GOTO="openct_usb_rules_end"
- # 2010-01-06 removed, as latest udev doesn't know WAIT_FOR_ATTR any more.
- 
- # sleep for 100ms - the wait_for_sysfs might not be enough
--PROGRAM="/bin/sleep 0.1"
-+# Disabled in this package - see https://bugzilla.redhat.com/287871
-+# PROGRAM="/bin/sleep 0.1"
- 
- # ccid
- ATTR{bInterfaceClass}=="0b", ATTR{bInterfaceSubClass}=="00", ATTR{bInterfaceProtocol}=="00", ATTRS{idVendor}=="?*"  RUN+="@udevdir@/openct_usb /dev/$parent"
--- 
-1.8.4.2
-
diff --git a/meta-oe/recipes-support/openct/openct/etc-openct_usb.in-modify-UDEVINFO.patch b/meta-oe/recipes-support/openct/openct/etc-openct_usb.in-modify-UDEVINFO.patch
deleted file mode 100644
index 22eda729fb..0000000000
--- a/meta-oe/recipes-support/openct/openct/etc-openct_usb.in-modify-UDEVINFO.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From d93985a137b553b2723235d03bda341dab14064f Mon Sep 17 00:00:00 2001
-From: Li xin <lixin.fnst@cn.fujitsu.com>
-Date: Fri, 5 Dec 2014 02:04:03 +0900
-Subject: [PATCH 2/2] etc/openct_usb.in: modify UDEVINFO
-
-this patch is from Fedora
-
-Upstream-Status: Pending
-
-Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
----
- etc/openct_usb.in | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/etc/openct_usb.in b/etc/openct_usb.in
-index 32f91aa..917467d 100644
---- a/etc/openct_usb.in
-+++ b/etc/openct_usb.in
-@@ -15,10 +15,10 @@ if [ -z "$DEVNAME" ]; then
-        # Guess udev info interface.
-        # Newer udev uses udevadm
-        #
--       if which udevinfo > /dev/null 2>&1; then
--               UDEVINFO="udevinfo"
--       else
-+       if which udevadm > /dev/null 2>&1; then
-                UDEVINFO="udevadm info"
-+       else
-+               UDEVINFO="udevinfo"
-        fi
-        DEVNAME=/dev/$($UDEVINFO --query=name --path=$(dirname $DEVPATH))
- fi
--- 
-1.8.4.2
-
diff --git a/meta-oe/recipes-support/openct/openct/openct.init b/meta-oe/recipes-support/openct/openct/openct.init
deleted file mode 100644
index c6896095e3..0000000000
--- a/meta-oe/recipes-support/openct/openct/openct.init
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/bin/sh
-#
-# openct       This shell script takes care of starting and stopping OpenCT.
-#
-# chkconfig:   2345 24 89
-# description: OpenCT is a middleware framework for smart card terminals.
-#
-# processname: ifdhandler
-# config:      /etc/openct.conf
-
-### BEGIN INIT INFO
-# Provides: openct
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Should-Start: $syslog $network
-# Should-Stop: $syslog $network
-# Short-Description: Middleware framework for smart card terminals
-# Description: This starts/stops the OpenCT middleware framework support
-#              for smart card terminals.
-### END INIT INFO
-
-. /etc/init.d/functions
-
-exec="/usr/sbin/openct-control"
-prog=openct
-proc=ifdhandler
-
-OPENCT_OPTIONS=
-[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
-
-lockfile=/var/lock/subsys/$prog
-
-start() {
-    retval=0
-    if ! status $proc >/dev/null 2>&1 ; then
-        action $"Initializing OpenCT smart card terminals: " \
-            $exec $OPENCT_OPTIONS init
-        retval=$?
-        [ $retval -eq 0 ] && touch $lockfile
-    fi
-    return $retval
-}
-
-stop() {
-    if status $proc >/dev/null 2>&1 ; then
-        action $"Stopping OpenCT smart card terminals: " \
-            $exec $OPENCT_OPTIONS shutdown
-    fi
-    retval=$?
-    if [ $retval -eq 0 ] ; then
-        rm -f /var/run/openct/status
-        rm -f $lockfile
-    fi
-    return $retval
-}
-
-restart() {
-    stop
-    start
-}
-
-oct_status() {
-    status $proc
-    retval=$?
-    if [ -e /var/run/openct/status ] ; then
-        $exec $OPENCT_OPTIONS status
-        [ -e /var/run/openct/status ] && \
-            echo $"Waiting for reader attach/detach events..."
-    fi
-    return $retval
-}
-
-case "$1" in
-    start|stop|restart)
-        $1
-        ;;
-    reload|force-reload)
-        restart
-        ;;
-    status)
-        oct_status
-        ;;
-    try-restart|condrestart)
-        [ ! -f $lockfile ] || restart
-        ;;
-    *)
-        echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload}"
-        exit 2
-esac
diff --git a/meta-oe/recipes-support/openct/openct/openct.service b/meta-oe/recipes-support/openct/openct/openct.service
deleted file mode 100644
index 57de8c0a88..0000000000
--- a/meta-oe/recipes-support/openct/openct/openct.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Openct Middleware framework for smart card terminals
-After=syslog.target network.target
-
-[Service]
-EnvironmentFile=-/etc/sysconfig/openct
-ExecStart=/usr/sbin/openct-control $OPENCT_OPTIONS init 
-ExecStop=/usr/sbin/openct-control $OPENCT_OPTIONS shutdown
-RemainAfterExit=yes
-KillMode=mixed
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta-oe/recipes-support/openct/openct/openct.sysconfig b/meta-oe/recipes-support/openct/openct/openct.sysconfig
deleted file mode 100644
index ffc270790f..0000000000
--- a/meta-oe/recipes-support/openct/openct/openct.sysconfig
+++ /dev/null
@@ -1,5 +0,0 @@
-#                                                                    -*- sh -*-
-# Extra options to pass to openct-control.
-# Consult "/usr/sbin/openct-control -h" for available options.
-#
-OPENCT_OPTIONS=""
diff --git a/meta-oe/recipes-support/openct/openct_0.6.20.bb b/meta-oe/recipes-support/openct/openct_0.6.20.bb
deleted file mode 100644
index c7b0d0d56d..0000000000
--- a/meta-oe/recipes-support/openct/openct_0.6.20.bb
+++ /dev/null
@@ -1,91 +0,0 @@
-SUMMARY = "Middleware framework for smart card terminals"
-HOMEPAGE = "https://github.com/OpenSC/openct/wiki"
-DESCRIPTION = " \
-OpenCT implements drivers for several smart card readers. \
-It comes as driver in ifdhandler format for PC/SC-Lite, \
-as CT-API driver, or as a small and lean middleware, \
-so applications can use it with minimal overhead. \
-OpenCT also has a primitive mechanism to export smart card \
-readers to remote machines via TCP/IP."
-
-DEPENDS += "libtool pcsc-lite libusb-compat"
-
-SRC_URI = " \
-    https://downloads.sourceforge.net/project/opensc/${BPN}/${BPN}-${PV}.tar.gz \
-    file://etc-openct.udev.in-disablePROGRAM.patch \
-    file://etc-openct_usb.in-modify-UDEVINFO.patch \
-    file://0001-m4-Just-emit-the-first-line-of-compiler-version.patch \
-    file://openct.init \
-    file://openct.sysconfig \
-    file://openct.service \
-    file://0001-Fix-incompatible-pointer-type-error-with-gcc-option.patch \
-"
-
-SRC_URI[sha256sum] = "6cd3e2933d29eb1f875c838ee58b8071fd61f0ec8ed5922a86c01c805d181a68"
-
-UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/opensc/files/openct/"
-
-LICENSE = "LGPL-2.0-or-later"
-LIC_FILES_CHKSUM = "file://LGPL-2.1;md5=2d5025d4aa3495befef8f17206a5b0a1"
-
-inherit systemd
-SYSTEMD_SERVICE:${PN} += "openct.service "
-SYSTEMD_AUTO_ENABLE = "enable"
-
-EXTRA_OECONF = " \
-    --disable-static \
-    --enable-usb \
-    --enable-pcsc \
-    --enable-doc \
-    --enable-api-doc \
-    --with-udev=${nonarch_libdir}/udev \
-    --with-bundle=${libdir}/pcsc/drivers \
-"
-
-inherit autotools pkgconfig
-
-FILES:${PN} += " \
-    ${libdir}/ctapi \
-    ${nonarch_libdir}/udev \
-    ${libdir}/openct-ifd.so \
-    ${libdir}/pcsc \
-"
-
-FILES:${PN}-dbg += " \
-    ${libdir}/ctapi/.debug \
-    ${libdir}/pcsc/drivers/openct-ifd.bundle/Contents/Linux/.debug \
-"
-
-INSANE_SKIP:${PN} += "dev-deps"
-
-do_install[cleandirs] += "${D}"
-
-do_install () {
-    install -d ${D}${sysconfdir}
-    # fix up hardcoded paths
-    sed -i -e 's,/etc/,${sysconfdir}/,' -e 's,/usr/sbin/,${sbindir}/,' \
-        ${UNPACKDIR}/openct.service ${UNPACKDIR}/openct.init
-
-    oe_runmake install DESTDIR=${D}
-    install -dm 755 ${D}${libdir}/ctapi/
-    mv ${D}${libdir}/libopenctapi.so ${D}${libdir}/ctapi/
-    install -Dpm 644 etc/openct.udev ${D}${nonarch_libdir}/udev/rules.d/60-openct.rules
-    install -pm 644 etc/openct.conf ${D}${sysconfdir}/openct.conf
-
-    install -Dpm 755 ${UNPACKDIR}/openct.init ${D}${sysconfdir}/init.d/openct
-    install -Dpm 644 ${UNPACKDIR}/openct.sysconfig ${D}${sysconfdir}/sysconfig/openct
-
-    install -d ${D}${systemd_unitdir}/system
-    install -m 644 ${UNPACKDIR}/openct.service ${D}${systemd_unitdir}/system
-
-    so=$(find ${D} -name \*.so | sed "s|^${D}||")
-    sed -i -e 's|\\(LIBPATH\\s*\\).*|\\1$so|' etc/reader.conf
-    install -Dpm 644 etc/reader.conf ${D}${sysconfdir}/reader.conf.d/openct.conf
-}
-
-BBCLASSEXTEND = "native"
-
-# http://errors.yoctoproject.org/Errors/Details/766890/
-# openct-0.6.20/src/ifd/ifdhandler.c:239:52: error: passing argument 2 of 'ifd_get_eventfd' from incompatible pointer type [-Wincompatible-pointer-types]
-# openct-0.6.20/src/ifd/process.c:461:61: error: passing argument 4 of 'ct_tlv_get_opaque' from incompatible pointer type [-Wincompatible-pointer-types]
-CFLAGS += "-Wno-error=incompatible-pointer-types"
diff --git a/meta-oe/recipes-support/opensc/opensc_0.26.1.bb b/meta-oe/recipes-support/opensc/opensc_0.27.1.bb
index 78258c965a..d659fd1bee 100644
--- a/meta-oe/recipes-support/opensc/opensc_0.26.1.bb
+++ b/meta-oe/recipes-support/opensc/opensc_0.27.1.bb
@@ -11,8 +11,8 @@ LICENSE = "LGPL-2.1-or-later"
 LIC_FILES_CHKSUM = "file://COPYING;md5=cb8aedd3bced19bd8026d96a8b6876d7"
 DEPENDS = "openssl"
 
-SRCREV = "043343d2df7b09d1938bc3dc313d86a96be457cc"
-SRC_URI = "git://github.com/OpenSC/OpenSC;branch=0.26.1;protocol=https"
+SRCREV = "19868984dc4dc697af6a86d65ab32a1f19a43ea4"
+SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https"
 
 CVE_STATUS[CVE-2024-8443] = "fixed-version: this is fixed since 0.26.0"
 
@@ -36,6 +36,7 @@ PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline"
 FILES:${PN} += "\
     ${libdir}/opensc-pkcs11.so \
     ${libdir}/pkcs11-spy.so \
+    ${datadir}/p11-kit/modules/opensc.module \
 "
 FILES:${PN}-dev += "\
     ${libdir}/onepin-opensc-pkcs11.so \
diff --git a/meta-oe/recipes-support/pcsc-lite/pcsc-lite_2.0.3.bb b/meta-oe/recipes-support/pcsc-lite/pcsc-lite_2.0.3.bb
index 169630d319..9e3c98bb97 100644
--- a/meta-oe/recipes-support/pcsc-lite/pcsc-lite_2.0.3.bb
+++ b/meta-oe/recipes-support/pcsc-lite/pcsc-lite_2.0.3.bb
@@ -34,7 +34,7 @@ PACKAGES = "${PN} ${PN}-dbg ${PN}-dev ${PN}-lib ${PN}-doc ${PN}-spy ${PN}-spy-de
 
 RRECOMMENDS:${PN} = "ccid"
 RRECOMMENDS:${PN}:class-native = ""
-RPROVIDES:${PN}:class-native += "pcsc-lite-lib-native"
+RPROVIDES:${PN}:append:class-native = " pcsc-lite-lib-native"
 
 FILES:${PN} = "${sbindir}/pcscd \
                ${datadir}/polkit-1"
diff --git a/meta-oe/recipes-support/pidgin/pidgin_2.14.14.bb b/meta-oe/recipes-support/pidgin/pidgin_2.14.14.bb
index 13a22f6e59..af44864fa9 100644
--- a/meta-oe/recipes-support/pidgin/pidgin_2.14.14.bb
+++ b/meta-oe/recipes-support/pidgin/pidgin_2.14.14.bb
@@ -14,7 +14,6 @@ SRC_URI = "\
 
 SRC_URI[sha256sum] = "0ffc9994def10260f98a55cd132deefa8dc4a9835451cc0e982747bd458e2356"
 
-CVE_STATUS[CVE-2010-1624] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
 CVE_STATUS[CVE-2011-3594] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
 
 PACKAGECONFIG ??= "gnutls consoleui avahi dbus idn nss \
@@ -51,6 +50,7 @@ EXTRA_OECONF = " \
     --disable-farstream \
     --disable-vv \
 "
+CACHED_CONFIGUREVARS += "ac_cv_prog_cc_c23=no"
 
 # CONFIG_ARGS is used to display build info. Replace full paths by reproducible
 # variables ($S, $WORKDIR)
diff --git a/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_1.1.bb b/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_1.2.bb
index 015c2287ef..1bdb4445e5 100644
--- a/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_1.1.bb
+++ b/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_1.2.bb
@@ -15,7 +15,7 @@ DEPENDS = "\
     p11-kit \
 "
 
-SRCREV = "acb7086e44849d019956233348046c4f07c0670b"
+SRCREV = "c7a5c8b62a0ff012b16574f01651254ef7e664ee"
 
 SRC_URI = "git://github.com/latchset/${BPN}.git;branch=main;protocol=https"
 
diff --git a/meta-oe/recipes-support/poco/poco/0003-quill-rdtsc-fallback-for-32-bit-powerpc.patch b/meta-oe/recipes-support/poco/poco/0003-quill-rdtsc-fallback-for-32-bit-powerpc.patch
new file mode 100644
index 0000000000..293321bfa8
--- /dev/null
+++ b/meta-oe/recipes-support/poco/poco/0003-quill-rdtsc-fallback-for-32-bit-powerpc.patch
@@ -0,0 +1,35 @@
+From dce2cc2886a9097971856e69737cc5c05c9239ea Mon Sep 17 00:00:00 2001
+From: Peter Marko <peter.marko@siemens.com>
+Date: Wed, 8 Apr 2026 10:54:25 +0200
+Subject: [PATCH] quill: use soft rdtsc fallback on 32-bit PowerPC
+
+Quill's rdtsc helper already avoids __rdtsc() on ARM and PPC64, but
+32-bit PowerPC was not included in that guard. On powerpc targets this
+falls through to the x86-specific intrinsic and fails with:
+
+  error: '__rdtsc' was not declared in this scope
+
+Treat common 32-bit PowerPC compiler define the same way as PPC64 and
+use the existing steady_clock-based fallback.
+
+Upstream-Status: Submitted [https://github.com/odygrd/quill/pull/911]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ dependencies/quill/include/quill/core/Rdtsc.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dependencies/quill/include/quill/core/Rdtsc.h b/dependencies/quill/include/quill/core/Rdtsc.h
+index 3d0ae9f26..67f26cb89 100644
+--- a/dependencies/quill/include/quill/core/Rdtsc.h
++++ b/dependencies/quill/include/quill/core/Rdtsc.h
+@@ -95,7 +95,7 @@ QUILL_NODISCARD QUILL_ATTRIBUTE_HOT inline uint64_t rdtsc() noexcept
+   __asm__ volatile("stck %0" : "=Q"(tsc) : : "cc");
+   return tsc;
+ }
+-#elif (defined(_M_ARM) || defined(_M_ARM64) || defined(__PPC64__))
++#elif (defined(_M_ARM) || defined(_M_ARM64) || defined(__PPC64__) || defined(__PPC__))
+ QUILL_NODISCARD QUILL_ATTRIBUTE_HOT inline uint64_t rdtsc() noexcept
+ {
+   // soft failover
+-- 
+2.47.2
diff --git a/meta-oe/recipes-support/poco/poco_1.15.1.bb b/meta-oe/recipes-support/poco/poco_1.15.2.bb
index 7dd87606ef..5a873a1d85 100644
--- a/meta-oe/recipes-support/poco/poco_1.15.1.bb
+++ b/meta-oe/recipes-support/poco/poco_1.15.2.bb
@@ -11,9 +11,10 @@ DEPENDS = "libpcre2 utf8proc zlib"
 SRC_URI = "git://github.com/pocoproject/poco.git;branch=poco-${PV};protocol=https;tag=poco-${PV}-release \
            file://0001-cppignore.lnx-Ignore-PKCS12-and-testLaunch-test.patch \
            file://0002-DataTest-disable-testSQLChannel-test.patch \
+           file://0003-quill-rdtsc-fallback-for-32-bit-powerpc.patch \
            file://run-ptest \
            "
-SRCREV = "a1aacbba1bda4301db01bb1a2c2ab80677756b90"
+SRCREV = "afbb1ab68f29eec7079e2fdfa04b3efdbec6529d"
 
 UPSTREAM_CHECK_GITTAGREGEX = "poco-(?P<pver>\d+(\.\d+)+)"
 
@@ -23,7 +24,7 @@ inherit cmake ptest
 # By default the most commonly used poco components are built
 # Foundation is built anyway and doesn't need to be listed explicitly
 # these don't have dependencies outside oe-core
-PACKAGECONFIG ??= "XML JSON PDF Util Net NetSSL Crypto JWT Data DataPostgreSQL DataSQLite DNSSDAvahi Zip Encodings Prometheus"
+PACKAGECONFIG ??= "XML JSON PDF Util Net NetSSL Crypto JWT Data DataPostgreSQL DataSQLite DNSSDAvahi Zip Encodings Prometheus FastLogger"
 # MongoDB does not build for all architectures yet keep in sync with COMPATIBLE_HOST list in mongodb recipe
 # and mongodb needs meta-python enabled as well
 PACKAGECONFIG:remove:riscv32 = "MongoDB"
@@ -48,6 +49,7 @@ PACKAGECONFIG[DNSSDAvahi] = "-DENABLE_DNSSD=ON -DENABLE_DNSSD_AVAHI=ON,-DENABLE_
 PACKAGECONFIG[Zip] = "-DENABLE_ZIP=ON,-DENABLE_ZIP=OFF"
 PACKAGECONFIG[Encodings] = "-DENABLE_ENCODINGS=ON,-DENABLE_ENCODINGS=OFF"
 PACKAGECONFIG[Prometheus] = "-DENABLE_PROMETHEUS=ON,-DENABLE_PROMETHEUS=OFF"
+PACKAGECONFIG[FastLogger] = "-DENABLE_FASTLOGGER=ON,-DENABLE_FASTLOGGER=OFF"
 
 # Additional components not build by default,
 # they might have dependencies not included in oe-core
@@ -74,11 +76,6 @@ EXTRA_OECMAKE:append:class-native = " -DPOCO_UNBUNDLED=OFF"
 # do not use rpath
 EXTRA_OECMAKE:append = " -DCMAKE_SKIP_RPATH=ON"
 
-LDFLAGS:append:riscv32 = "${@bb.utils.contains('PACKAGECONFIG', 'Prometheus', ' -Wl,--no-as-needed -latomic -Wl,--as-needed', '', d)}"
-LDFLAGS:append:mips = "${@bb.utils.contains('PACKAGECONFIG', 'Prometheus', ' -Wl,--no-as-needed -latomic -Wl,--as-needed', '', d)}"
-LDFLAGS:append:powerpc = "${@bb.utils.contains('PACKAGECONFIG', 'Prometheus', ' -Wl,--no-as-needed -latomic -Wl,--as-needed', '', d)}"
-LDFLAGS:append:x86 = "${@bb.utils.contains('PACKAGECONFIG', 'Prometheus', ' -Wl,--no-as-needed -latomic -Wl,--as-needed', '', d)}"
-
 python populate_packages:prepend () {
     poco_libdir = d.expand('${libdir}')
     pn = d.getVar("PN")
diff --git a/meta-oe/recipes-support/systemd-netlogd/systemd-netlogd/0001-Fix-const-correctness-for-pointer-variables-to-refer.patch b/meta-oe/recipes-support/systemd-netlogd/systemd-netlogd/0001-Fix-const-correctness-for-pointer-variables-to-refer.patch
new file mode 100644
index 0000000000..190baff606
--- /dev/null
+++ b/meta-oe/recipes-support/systemd-netlogd/systemd-netlogd/0001-Fix-const-correctness-for-pointer-variables-to-refer.patch
@@ -0,0 +1,60 @@
+From 515e23b37ad1400bfb73797771c4f0fd78655328 Mon Sep 17 00:00:00 2001
+From: Khem Raj <khem.raj@oss.qualcomm.com>
+Date: Wed, 15 Apr 2026 10:52:05 -0700
+Subject: [PATCH] Fix const-correctness for pointer variables to referred
+ strings
+
+Mark pointer variables 'e' as 'const char *' in
+config_parse_netlog_remote_address,file_in_same_dir, and
+socket_address_parse, since they point to memory they do not
+own or modify.
+
+Upstream-Status: Submitted [https://github.com/systemd/systemd-netlogd/pull/148]
+Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
+---
+ src/netlog/netlog-conf.c | 2 +-
+ src/share/path-util.c    | 3 ++-
+ src/share/socket-util.c  | 3 ++-
+ 3 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/netlog/netlog-conf.c b/src/netlog/netlog-conf.c
+index a4cf0da..59bdd23 100644
+--- a/src/netlog/netlog-conf.c
++++ b/src/netlog/netlog-conf.c
+@@ -22,7 +22,7 @@ int config_parse_netlog_remote_address(const char *unit,
+                                        void *data,
+                                        void *userdata) {
+         Manager *m = userdata;
+-        char *e;
++        const char *e;
+         int r;
+
+         assert(filename);
+diff --git a/src/share/path-util.c b/src/share/path-util.c
+index dda7ec6..ad6f24a 100644
+--- a/src/share/path-util.c
++++ b/src/share/path-util.c
+@@ -327,7 +327,8 @@ bool path_is_safe(const char *p) {
+ }
+
+ char *file_in_same_dir(const char *path, const char *filename) {
+-        char *e, *ret;
++        const char *e;
++        char *ret;
+         size_t k;
+
+         assert(path);
+diff --git a/src/share/socket-util.c b/src/share/socket-util.c
+index ae33338..5a6284b 100644
+--- a/src/share/socket-util.c
++++ b/src/share/socket-util.c
+@@ -33,7 +33,8 @@
+ #include "util.h"
+
+ int socket_address_parse(SocketAddress *a, const char *s) {
+-        char *e, *n;
++        const char *e;
++        char *n;
+         unsigned u;
+         int r;
+
diff --git a/meta-oe/recipes-support/systemd-netlogd/systemd-netlogd_1.4.4.bb b/meta-oe/recipes-support/systemd-netlogd/systemd-netlogd_1.4.5.bb
index 019098fdf7..c52940ec70 100644
--- a/meta-oe/recipes-support/systemd-netlogd/systemd-netlogd_1.4.4.bb
+++ b/meta-oe/recipes-support/systemd-netlogd/systemd-netlogd_1.4.5.bb
@@ -3,8 +3,10 @@ SUMMARY = "Forwards messages from the journal to other hosts over the network us
 LICENSE = "LGPL-2.1-or-later"
 LIC_FILES_CHKSUM = "file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
 
-SRC_URI = "git://github.com/systemd/systemd-netlogd.git;protocol=https;branch=main"
-SRCREV = "b03cc3b1a75048c7cf19467d8918a4b7320767e6"
+SRC_URI = "git://github.com/systemd/systemd-netlogd.git;protocol=https;branch=main;tag=v${PV} \
+           file://0001-Fix-const-correctness-for-pointer-variables-to-refer.patch \
+                  "
+SRCREV = "20534091417686d1185acb3f29e93944d8663c4b"
 
 inherit meson systemd pkgconfig useradd features_check
 
diff --git a/meta-oe/recipes-support/tbb/tbb_2022.3.0.bb b/meta-oe/recipes-support/tbb/tbb_2022.3.0.bb
index 01115e7e4d..440b6e0f46 100644
--- a/meta-oe/recipes-support/tbb/tbb_2022.3.0.bb
+++ b/meta-oe/recipes-support/tbb/tbb_2022.3.0.bb
@@ -17,6 +17,7 @@ SRCREV = "f1862f38f83568d96e814e469ab61f88336cc595"
 SRC_URI = "git://github.com/oneapi-src/oneTBB.git;protocol=https;branch=${BRANCH} \
           "
 
+LDFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-lld', ' -Wl,--undefined-version', '', d)}"
 
 inherit cmake pkgconfig
 
diff --git a/meta-oe/recipes-support/upower/upower_1.91.1.bb b/meta-oe/recipes-support/upower/upower_1.91.2.bb
index d4107a959a..d6505974e9 100644
--- a/meta-oe/recipes-support/upower/upower_1.91.1.bb
+++ b/meta-oe/recipes-support/upower/upower_1.91.2.bb
@@ -13,7 +13,7 @@ DEPENDS = " \
 "
 
 SRC_URI = "https://gitlab.freedesktop.org/${BPN}/${BPN}/-/archive/v${PV}/${BPN}-v${PV}.tar.bz2"
-SRC_URI[sha256sum] = "d568638d670a63a1886335b7b136f4888cb38a3b28f3f4bcdeaffcca0b0f6df8"
+SRC_URI[sha256sum] = "f07f19b78a43a5053973d95a2fe96a12ede270b8db232b2e2c4ac4186fb42539"
 S = "${UNPACKDIR}/${BPN}-v${PV}"
 
 UPSTREAM_CHECK_URI = "https://gitlab.freedesktop.org/${BPN}/${BPN}/-/tags"
diff --git a/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.50.5.bb b/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.50.6.bb
index e6007a6667..c3f736568f 100644
--- a/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.50.5.bb
+++ b/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.50.6.bb
@@ -22,7 +22,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/webkitgtk-${PV}.tar.xz \
            file://fix-ftbfs-riscv64.patch \
            file://0001-CMake-Add-a-variable-to-control-macro-__PAS_ALWAYS_I.patch \
            "
-SRC_URI[sha256sum] = "8737631bac3e9c7ad3e5208f9370e076c09d9c45b39980021ce54edadcc6f94f"
+SRC_URI[sha256sum] = "2b281abf8894ffc6172152e5660b75eeeedbe1cc43d6783d09dc79f7c865bb42"
 
 inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gi-docgen
 
@@ -31,7 +31,7 @@ S = "${UNPACKDIR}/webkitgtk-${PV}"
 ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
 REQUIRED_DISTRO_FEATURES = "opengl"
 
-CVE_PRODUCT = "webkitgtk webkitgtk\+"
+CVE_PRODUCT = "webkitgtk webkitgtk+"
 
 DEPENDS += " \
           ruby-native \
diff --git a/meta-oe/recipes-support/xdg-dbus-proxy/xdg-dbus-proxy_0.1.6.bb b/meta-oe/recipes-support/xdg-dbus-proxy/xdg-dbus-proxy_0.1.7.bb
index 28773163c5..a8e0a651ad 100644
--- a/meta-oe/recipes-support/xdg-dbus-proxy/xdg-dbus-proxy_0.1.6.bb
+++ b/meta-oe/recipes-support/xdg-dbus-proxy/xdg-dbus-proxy_0.1.7.bb
@@ -12,11 +12,13 @@ DEPENDS = " \
 inherit meson pkgconfig ptest-gnome
 
 SRC_URI = " \
-    git://github.com/flatpak/xdg-dbus-proxy.git;protocol=https;branch=main \
+    git://github.com/flatpak/xdg-dbus-proxy.git;protocol=https;branch=main;tag=${PV} \
     file://run-ptest \
     "
 
-SRCREV = "1c1989e56f94b9eb3b7567f8a6e8a0aa16cba496"
+SRCREV = "6a170fa77e3cbecb48f9dd2478fe5c0a119eb467"
+
+CVE_STATUS[CVE-2026-34080] = "fixed-version: fixed in 0.1.7"
 
 PACKAGECONFIG = "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
 PACKAGECONFIG[tests] = "-Dtests=true -Dinstalled_tests=true,-Dtests=false -Dinstalled_tests=false"
diff --git a/meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.20.3.bb b/meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.20.4.bb
index e0aca558fd..bb48b59dd8 100644
--- a/meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.20.3.bb
+++ b/meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.20.4.bb
@@ -27,11 +27,17 @@ RDEPENDS:${PN} = "bubblewrap rtkit ${PORTAL_BACKENDS} fuse3-utils"
 inherit meson pkgconfig python3native features_check
 
 SRC_URI = " \
-        git://github.com/flatpak/xdg-desktop-portal.git;protocol=https;branch=xdg-desktop-portal-1.20 \
+        git://github.com/flatpak/xdg-desktop-portal.git;protocol=https;branch=xdg-desktop-portal-1.20;name=main;tag=${PV} \
+        git://gitlab.gnome.org/GNOME/libglnx.git;protocol=https;branch=master;name=libglnx;destsuffix=${BB_GIT_DEFAULT_DESTSUFFIX}/subprojects/libglnx \
         file://0001-meson.build-add-a-hack-for-crosscompile.patch \
 "
 
-SRCREV = "23a76c392170dbbd26230f85ef56c3a57e52b857"
+SRCREV_main = "f5aec228c9eb0c9a70eadd6424d92c0ca8a78247"
+
+# this revision comes from subprojects/libglnx.wrap file of the main source repo
+SRCREV_libglnx = "ccea836b799256420788c463a638ded0636b1632"
+
+SRCREV_FORMAT = "main"
 
 FILES:${PN} += "${libdir}/systemd ${datadir}/dbus-1"
 
@@ -47,3 +53,5 @@ do_write_config:append() {
 bwrap = '${bindir}/bwrap'
 EOF
 }
+
+CVE_STATUS[CVE-2026-40354] = "fixed-version: fixed in 1.20.4"
diff --git a/meta-oe/recipes-support/xdg-user-dirs/xdg-user-dirs_0.19.bb b/meta-oe/recipes-support/xdg-user-dirs/xdg-user-dirs_0.20.bb
index 2550d4cd59..3d122981ca 100644
--- a/meta-oe/recipes-support/xdg-user-dirs/xdg-user-dirs_0.19.bb
+++ b/meta-oe/recipes-support/xdg-user-dirs/xdg-user-dirs_0.20.bb
@@ -3,11 +3,11 @@ LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
 
 SRC_URI = "http://user-dirs.freedesktop.org/releases/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "e92deb929c10d4b29329397af8a2585101247f7e6177ac6f1d28e82130ed8c19"
+SRC_URI[sha256sum] = "b8e34286278f4fef3e1bfe9685c395ccc0eb50c14d3a2fb4953dd00fbfd3af39"
 
-inherit autotools gettext pkgconfig
+inherit meson gettext pkgconfig
 
-EXTRA_OECONF = "--disable-documentation"
+EXTRA_OEMESON = "-Ddocs=false"
 
 CONFFILES:${PN} += " \
     ${sysconfdir}/xdg/user-dirs.conf \
diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.10.5.bb b/meta-oe/recipes-support/xrdp/xrdp_0.10.6.bb
index 8d7c5807f2..152b37cb37 100644
--- a/meta-oe/recipes-support/xrdp/xrdp_0.10.5.bb
+++ b/meta-oe/recipes-support/xrdp/xrdp_0.10.6.bb
@@ -17,7 +17,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN
            file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \
            file://0001-mark-count-with-unused-attribute.patch \
            "
-SRC_URI[sha256sum] = "9abc96d164de4b1c40e2f3f537d0593d052a640cf3388978c133715ea69fb123"
+SRC_URI[sha256sum] = "dfc21d5d603b642cf583987b36706b685bf05fd3aaaaacefb8f57c5f4a448677"
 
 UPSTREAM_CHECK_URI = "https://github.com/neutrinolabs/xrdp/releases"
 UPSTREAM_CHECK_REGEX = "releases/tag/v(?P<pver>\d+(\.\d+)+)"
@@ -127,3 +127,12 @@ pkg_postinst:${PN}() {
                 fi
         fi
 }
+
+CVE_STATUS[CVE-2026-32105] = "fixed-version: fixed in 0.10.6"
+CVE_STATUS[CVE-2026-32107] = "fixed-version: fixed in 0.10.6"
+CVE_STATUS[CVE-2026-32623] = "fixed-version: fixed in 0.10.6"
+CVE_STATUS[CVE-2026-32624] = "fixed-version: fixed in 0.10.6"
+CVE_STATUS[CVE-2026-33145] = "fixed-version: fixed in 0.10.6"
+CVE_STATUS[CVE-2026-33516] = "fixed-version: fixed in 0.10.6"
+CVE_STATUS[CVE-2026-33689] = "fixed-version: fixed in 0.10.6"
+CVE_STATUS[CVE-2026-35512] = "fixed-version: fixed in 0.10.6"