396 files changed, 49543 insertions, 581 deletions

diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.10.3.bb
index b29716ad49..37a8106bb0 100644
--- a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.10.3.bb
@@ -10,7 +10,7 @@ SRC_URI = "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \
            file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \
 "
 S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
-SRC_URI[sha256sum] = "0489fbb6972581e1b417ab578d543f6ae522e7fa648c3c9b49c789510fd5eb93"
+SRC_URI[sha256sum] = "f20e36ee68074b845e3629e6bced4706ad053804cbaf062fbae60738f854170c"
 
 UPSTREAM_CHECK_URI = "https://www.tuxera.com/community/open-source-ntfs-3g/"
 UPSTREAM_CHECK_REGEX = "ntfs-3g_ntfsprogs-(?P<pver>\d+(\.\d+)+)\.tgz"
diff --git a/meta-gnome/recipes-connectivity/geary/geary_40.0.bb b/meta-gnome/recipes-connectivity/geary/geary_40.0.bb
index 501b27a544..7faa69c55c 100644
--- a/meta-gnome/recipes-connectivity/geary/geary_40.0.bb
+++ b/meta-gnome/recipes-connectivity/geary/geary_40.0.bb
@@ -33,7 +33,7 @@ RDEPENDS:${PN} = "gnome-keyring"
 inherit meson pkgconfig mime-xdg gtk-icon-cache gobject-introspection vala features_check
 
 SRC_URI = " \
-	git://github.com/GNOME/geary.git;nobranch=1;protocol=https \
+	git://github.com/GNOME/geary.git;branch=main;protocol=https \
         file://0001-Util.Cache.Lru-Workaround-missing-generic-type-argum.patch \
         file://0002-Fix-accessibility-issues-with-initializer-of-constan.patch \
 "
diff --git a/meta-initramfs/recipes-devtools/grubby/grubby_git.bb b/meta-initramfs/recipes-devtools/grubby/grubby_git.bb
index a276bf423c..7c40c52cf6 100644
--- a/meta-initramfs/recipes-devtools/grubby/grubby_git.bb
+++ b/meta-initramfs/recipes-devtools/grubby/grubby_git.bb
@@ -14,7 +14,7 @@ DEPENDS:append:libc-musl = " libexecinfo"
 
 S = "${WORKDIR}/git"
 SRCREV = "a1d2ae93408c3408e672d7eba4550fdf27fb0201"
-SRC_URI = "git://github.com/rhboot/grubby.git;protocol=https;;branch=master \
+SRC_URI = "git://github.com/rhboot/grubby.git;protocol=https;branch=main \
            file://grubby-rename-grub2-editenv-to-grub-editenv.patch \
            file://run-ptest \
            file://0001-Add-another-variable-LIBS-to-provides-libraries-from.patch \
diff --git a/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb b/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb
index 3e43c0d2a7..e7f918333a 100644
--- a/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb
+++ b/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb
@@ -22,4 +22,4 @@ inherit autotools pkgconfig
 CFLAGS += " -I${S}"
 
 FILES:${PN} += "${datadir}/dbus-1"
-FILES:${PN}-dev += "${libdir}/${PN}/*.so"
+FILES:${PN}-dev += "${libdir}/${BPN}/*.so"
diff --git a/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb b/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb
index b25e446c41..071379758c 100644
--- a/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb
+++ b/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb
@@ -19,4 +19,4 @@ S = "${WORKDIR}/git"
 inherit autotools pkgconfig
 
 FILES:${PN} += "${datadir}/dbus-1"
-FILES:${PN}-dev += "${libdir}/${PN}/*.so"
+FILES:${PN}-dev += "${libdir}/${BPN}/*.so"
diff --git a/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc b/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc
index 14d09e5f0b..a4590d61a9 100644
--- a/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc
+++ b/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc
@@ -4,7 +4,7 @@ SECTION = "libs/multimedia"
 LICENSE = "LGPL-2.1-only"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=fc178bcd425090939a8b634d1d6a9594"
 
-SRC_URI = "git://github.com/FluidSynth/fluidsynth.git;branch=2.2.x;protocol=https"
+SRC_URI = "git://github.com/FluidSynth/fluidsynth.git;branch=master;protocol=https"
 SRCREV = "8b00644751578ba67b709a827cbe5133d849d339"
 S = "${WORKDIR}/git"
 PV = "2.2.6"
diff --git a/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.6.bb b/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb
index c74f1074cc..13938444c8 100644
--- a/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.6.bb
+++ b/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb
@@ -21,7 +21,7 @@ DEPENDS += " \
 SRC_URI = "git://github.com/MusicPlayerDaemon/MPD;branch=v0.23.x;protocol=https \
            file://mpd.conf.in \
            "
-SRCREV = "f591193ddaa7f9bcb6c85ff5899517fc7b53e35a"
+SRCREV = "d91da9679801224847c30147f5914785b6f8f240"
 S = "${WORKDIR}/git"
 
 EXTRA_OEMESON += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '-Dsystemd=enabled -Dsystemd_system_unit_dir=${systemd_system_unitdir} -Dsystemd_user_unit_dir=${systemd_system_unitdir}', '-Dsystemd=disabled', d)}"
diff --git a/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch b/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch
new file mode 100644
index 0000000000..92094af1f2
--- /dev/null
+++ b/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch
@@ -0,0 +1,37 @@
+From 2e8dc2c28c0938dbbb85ebbac2b9a60be9ccd9f3 Mon Sep 17 00:00:00 2001
+From: Max Kellermann <max@musicpd.org>
+Date: Wed, 23 Nov 2022 12:25:50 +0100
+Subject: [PATCH] SearchPage: use regular integer to fix -Wenum-constexpr-conversion
+
+Upstream-Status: Backport [https://github.com/MusicPlayerDaemon/ncmpc/commit/ddd1757907f0376b5843f707bf182b7827ff6591]
+---
+ src/SearchPage.cxx | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/SearchPage.cxx b/src/SearchPage.cxx
+index 2fa5edbc..3f91c4fe 100644
+--- a/src/SearchPage.cxx
++++ b/src/SearchPage.cxx
+@@ -81,7 +81,7 @@ search_get_tag_id(const char *name)
+ }
+ 
+ struct SearchMode {
+-	enum mpd_tag_type table;
++	int table;
+ 	const char *label;
+ };
+ 
+@@ -89,8 +89,8 @@ static constexpr SearchMode mode[] = {
+ 	{ MPD_TAG_TITLE, N_("Title") },
+ 	{ MPD_TAG_ARTIST, N_("Artist") },
+ 	{ MPD_TAG_ALBUM, N_("Album") },
+-	{ (enum mpd_tag_type)SEARCH_URI, N_("Filename") },
+-	{ (enum mpd_tag_type)SEARCH_ARTIST_TITLE, N_("Artist + Title") },
++	{ SEARCH_URI, N_("Filename") },
++	{ SEARCH_ARTIST_TITLE, N_("Artist + Title") },
+ 	{ MPD_TAG_COUNT, nullptr }
+ };
+ 
+-- 
+2.39.0
+
diff --git a/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb b/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb
index a77d4f9783..44046912ed 100644
--- a/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb
+++ b/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb
@@ -34,6 +34,7 @@ PACKAGECONFIG[chat_screen] = "-Dchat_screen=true,-Dchat_screen=false"
 
 SRC_URI = " \
     git://github.com/MusicPlayerDaemon/ncmpc;branch=master;protocol=https \
+    file://0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch \
 "
-SRCREV = "b9b5e11e10d8f66cd672ffb51728aa447f78ecd4"
+SRCREV = "fc8de01c71acdf10ad07c7aae756dc522b848124"
 S = "${WORKDIR}/git"
diff --git a/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb b/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb
index 2b7a43b93d..b0fce73b53 100644
--- a/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb
+++ b/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb
@@ -55,7 +55,7 @@ RDEPENDS:packagegroup-meta-multimedia = "\
     tearsofsteel-1080p \
     schroedinger \
     pipewire \
-    ${@bb.utils.contains("LICENSE_FLAGS_ACCEPTED", "commercial", "projucer", "", d)} \
+    ${@bb.utils.contains("LICENSE_FLAGS_ACCEPTED", "commercial", bb.utils.contains("DISTRO_FEATURES", "x11", "projucer", "", d), "", d)} \
     libcamera \
     ${@bb.utils.contains("LICENSE_FLAGS_ACCEPTED", "commercial", "libde265 openh264", "", d)} \
     vorbis-tools \
diff --git a/meta-networking/classes/kernel_wireless_regdb.bbclass b/meta-networking/classes/kernel_wireless_regdb.bbclass
index 1238172bd4..9ad566c837 100644
--- a/meta-networking/classes/kernel_wireless_regdb.bbclass
+++ b/meta-networking/classes/kernel_wireless_regdb.bbclass
@@ -17,4 +17,4 @@ do_kernel_add_regdb() {
     cp ${STAGING_LIBDIR_NATIVE}/crda/db.txt ${S}/net/wireless/db.txt
 }
 do_kernel_add_regdb[dirs] = "${S}"
-addtask kernel_add_regdb before do_build after do_configure
+addtask kernel_add_regdb before do_compile after do_configure
diff --git a/meta-networking/licenses/netperf b/meta-networking/licenses/netperf
deleted file mode 100644
index 3f3ceb2fc2..0000000000
--- a/meta-networking/licenses/netperf
+++ /dev/null
@@ -1,43 +0,0 @@
-
- 
-              Copyright (C) 1993 Hewlett-Packard Company
-                         ALL RIGHTS RESERVED.
- 
-  The enclosed software and documentation includes copyrighted works
-  of Hewlett-Packard Co. For as long as you comply with the following
-  limitations, you are hereby authorized to (i) use, reproduce, and
-  modify the software and documentation, and to (ii) distribute the
-  software and documentation, including modifications, for
-  non-commercial purposes only.
-      
-  1.  The enclosed software and documentation is made available at no
-      charge in order to advance the general development of
-      high-performance networking products.
- 
-  2.  You may not delete any copyright notices contained in the
-      software or documentation. All hard copies, and copies in
-      source code or object code form, of the software or
-      documentation (including modifications) must contain at least
-      one of the copyright notices.
- 
-  3.  The enclosed software and documentation has not been subjected
-      to testing and quality control and is not a Hewlett-Packard Co.
-      product. At a future time, Hewlett-Packard Co. may or may not
-      offer a version of the software and documentation as a product.
-  
-  4.  THE SOFTWARE AND DOCUMENTATION IS PROVIDED "AS IS".
-      HEWLETT-PACKARD COMPANY DOES NOT WARRANT THAT THE USE,
-      REPRODUCTION, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
-      DOCUMENTATION WILL NOT INFRINGE A THIRD PARTY'S INTELLECTUAL
-      PROPERTY RIGHTS. HP DOES NOT WARRANT THAT THE SOFTWARE OR
-      DOCUMENTATION IS ERROR FREE. HP DISCLAIMS ALL WARRANTIES,
-      EXPRESS AND IMPLIED, WITH REGARD TO THE SOFTWARE AND THE
-      DOCUMENTATION. HP SPECIFICALLY DISCLAIMS ALL WARRANTIES OF
-      MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-  
-  5.  HEWLETT-PACKARD COMPANY WILL NOT IN ANY EVENT BE LIABLE FOR ANY
-      DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
-      (INCLUDING LOST PROFITS) RELATED TO ANY USE, REPRODUCTION,
-      MODIFICATION, OR DISTRIBUTION OF THE SOFTWARE OR DOCUMENTATION.
- 
-
diff --git a/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch
new file mode 100644
index 0000000000..4ea519c752
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch
@@ -0,0 +1,118 @@
+From f1cdbb33ec61c4a64a32e107d4d02f936051c708 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Mon, 7 Feb 2022 22:26:05 -0500
+Subject: [PATCH] it's probably wrong to be completely retarded.  Let's fix
+ that.
+
+CVE: CVE-2022-41860
+
+Upstream-Status: Backport
+[https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/modules/rlm_eap/libeap/eapsimlib.c | 69 +++++++++++++++++++-------
+ 1 file changed, 52 insertions(+), 17 deletions(-)
+
+diff --git a/src/modules/rlm_eap/libeap/eapsimlib.c b/src/modules/rlm_eap/libeap/eapsimlib.c
+index cf1e8a7dd9..e438a844ea 100644
+--- a/src/modules/rlm_eap/libeap/eapsimlib.c
++++ b/src/modules/rlm_eap/libeap/eapsimlib.c
+@@ -307,42 +307,77 @@ int unmap_eapsim_basictypes(RADIUS_PACKET *r,
+ 	newvp->vp_length = 1;
+ 	fr_pair_add(&(r->vps), newvp);
+ 
++	/*
++	 *	EAP-SIM has a 1 octet of subtype, and 2 octets
++	 *	reserved.
++	 */
+ 	attr     += 3;
+ 	attrlen  -= 3;
+ 
+-	/* now, loop processing each attribute that we find */
+-	while(attrlen > 0) {
++	/*
++	 *	Loop over each attribute.  The format is:
++	 *
++	 *	1 octet of type
++	 *	1 octet of length (value 1..255)
++	 *	((4 * length) - 2) octets of data.
++	 */
++	while (attrlen > 0) {
+ 		uint8_t *p;
+ 
+-		if(attrlen < 2) {
++		if (attrlen < 2) {
+ 			fr_strerror_printf("EAP-Sim attribute %d too short: %d < 2", es_attribute_count, attrlen);
+ 			return 0;
+ 		}
+ 
++		if (!attr[1]) {
++			fr_strerror_printf("EAP-Sim attribute %d (no.%d) has no data", eapsim_attribute,
++					   es_attribute_count);
++			return 0;
++		}
++
+ 		eapsim_attribute = attr[0];
+ 		eapsim_len = attr[1] * 4;
+ 
++		/*
++		 *	The length includes the 2-byte header.
++		 */
+ 		if (eapsim_len > attrlen) {
+ 			fr_strerror_printf("EAP-Sim attribute %d (no.%d) has length longer than data (%d > %d)",
+ 					   eapsim_attribute, es_attribute_count, eapsim_len, attrlen);
+ 			return 0;
+ 		}
+ 
+-		if(eapsim_len > MAX_STRING_LEN) {
+-			eapsim_len = MAX_STRING_LEN;
+-		}
+-		if (eapsim_len < 2) {
+-			fr_strerror_printf("EAP-Sim attribute %d (no.%d) has length too small", eapsim_attribute,
+-					   es_attribute_count);
+-			return 0;
+-		}
++		newvp = fr_pair_afrom_num(r, eapsim_attribute + PW_EAP_SIM_BASE, 0);
++		if (!newvp) {
++			/*
++			 *	RFC 4186 Section 8.1 says 0..127 are
++			 *	"non-skippable".  If one such
++			 *	attribute is found and we don't
++			 *	understand it, the server has to send:
++			 *
++			 *	EAP-Request/SIM/Notification packet with an
++			 *	(AT_NOTIFICATION code, which implies general failure ("General
++			 *	failure after authentication" (0), or "General failure" (16384),
++			 *	depending on the phase of the exchange), which terminates the
++			 *	authentication exchange.
++			 */
++			if (eapsim_attribute <= 127) {
++				fr_strerror_printf("Unknown mandatory attribute %d, failing",
++						   eapsim_attribute);
++				return 0;
++			}
+ 
+-		newvp = fr_pair_afrom_num(r, eapsim_attribute+PW_EAP_SIM_BASE, 0);
+-		newvp->vp_length = eapsim_len-2;
+-		newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length);
+-		memcpy(p, &attr[2], eapsim_len-2);
+-		fr_pair_add(&(r->vps), newvp);
+-		newvp = NULL;
++		} else {
++			/*
++			 *	It's known, ccount for header, and
++			 *	copy the value over.
++			 */
++			newvp->vp_length = eapsim_len - 2;
++
++			newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length);
++			memcpy(p, &attr[2], newvp->vp_length);
++			fr_pair_add(&(r->vps), newvp);
++		}
+ 
+ 		/* advance pointers, decrement length */
+ 		attr += eapsim_len;
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch
new file mode 100644
index 0000000000..352c02137a
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch
@@ -0,0 +1,53 @@
+From 0ec2b39d260e08e4c3464f6b95005821dc559c62 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Mon, 28 Feb 2022 10:34:15 -0500
+Subject: [PATCH] manual port of commit 5906bfa1
+
+CVE: CVE-2022-41861
+
+Upstream-Status: Backport
+[https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/lib/filters.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib/filters.c b/src/lib/filters.c
+index 4868cd385d..3f3b63daee 100644
+--- a/src/lib/filters.c
++++ b/src/lib/filters.c
+@@ -1205,13 +1205,19 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in
+ 			}
+ 		}
+ 	} else if (filter->type == RAD_FILTER_GENERIC) {
+-		int count;
++		size_t count, masklen;
++
++		masklen = ntohs(filter->u.generic.len);
++		if (masklen >= sizeof(filter->u.generic.mask)) {
++			*p = '\0';
++			return;
++		}
+ 
+ 		i = snprintf(p, outlen, " %u ", (unsigned int) ntohs(filter->u.generic.offset));
+ 		p += i;
+ 
+ 		/* show the mask */
+-		for (count = 0; count < ntohs(filter->u.generic.len); count++) {
++		for (count = 0; count < masklen; count++) {
+ 			i = snprintf(p, outlen, "%02x", filter->u.generic.mask[count]);
+ 			p += i;
+ 			outlen -= i;
+@@ -1222,7 +1228,7 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in
+ 		outlen--;
+ 
+ 		/* show the value */
+-		for (count = 0; count < ntohs(filter->u.generic.len); count++) {
++		for (count = 0; count < masklen; count++) {
+ 			i = snprintf(p, outlen, "%02x", filter->u.generic.value[count]);
+ 			p += i;
+ 			outlen -= i;
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
index 1407b798b5..db37f65918 100644
--- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
+++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
@@ -33,6 +33,8 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0
     file://radiusd-volatiles.conf \
     file://check-openssl-cmds-in-script-bootstrap.patch \
     file://0001-version.c-don-t-print-build-flags.patch \
+    file://CVE-2022-41860.patch \
+    file://CVE-2022-41861.patch \
 "
 
 raddbdir="${sysconfdir}/${MLPREFIX}raddb"
diff --git a/meta-networking/recipes-connectivity/libdnet/libdnet_1.14.bb b/meta-networking/recipes-connectivity/libdnet/libdnet_1.14.bb
index 9f2ff51576..c7cd21b6bf 100644
--- a/meta-networking/recipes-connectivity/libdnet/libdnet_1.14.bb
+++ b/meta-networking/recipes-connectivity/libdnet/libdnet_1.14.bb
@@ -4,7 +4,7 @@ SECTION = "libs"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=0036c1b155f4e999f3e0a373490b5db9"
 
-SRC_URI = "git://github.com/dugsong/libdnet.git;nobranch=1;protocol=https"
+SRC_URI = "git://github.com/dugsong/libdnet.git;branch=master;protocol=https"
 SRCREV = "3e782472d2a58d5e1b94d04eda4a364c2d257600"
 
 UPSTREAM_CHECK_GITTAGREGEX = "libdnet-(?P<pver>\d+(\.\d+)+)"
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-AES-NI-use-target-attributes-for-x86-32-bit-intrinsi.patch b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-AES-NI-use-target-attributes-for-x86-32-bit-intrinsi.patch
new file mode 100644
index 0000000000..5030fb99f9
--- /dev/null
+++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-AES-NI-use-target-attributes-for-x86-32-bit-intrinsi.patch
@@ -0,0 +1,87 @@
+From 80d3e73ad0648f558a067a9dbfe3bc80e6b614f8 Mon Sep 17 00:00:00 2001
+From: Beniamin Sandu <beniaminsandu@gmail.com>
+Date: Mon, 30 Oct 2023 19:15:56 +0000
+Subject: [PATCH] AES-NI: use target attributes for x86 32-bit intrinsics
+
+This way we build with 32-bit gcc/clang out of the box.
+We also fallback to assembly for 64-bit clang-cl if needed cpu
+flags are not provided, instead of throwing an error.
+
+Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/commit/800f2b7c020678a84abfa9688962b91c36e6693d]
+
+Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
+---
+ library/aesni.c | 20 ++++++++++++++++++++
+ library/aesni.h |  8 +++++---
+ 2 files changed, 25 insertions(+), 3 deletions(-)
+
+diff --git a/library/aesni.c b/library/aesni.c
+index 5f25a8249..481fa3822 100644
+--- a/library/aesni.c
++++ b/library/aesni.c
+@@ -41,6 +41,17 @@
+ #include <immintrin.h>
+ #endif
+
++#if defined(MBEDTLS_ARCH_IS_X86)
++#if defined(MBEDTLS_COMPILER_IS_GCC)
++#pragma GCC push_options
++#pragma GCC target ("pclmul,sse2,aes")
++#define MBEDTLS_POP_TARGET_PRAGMA
++#elif defined(__clang__)
++#pragma clang attribute push (__attribute__((target("pclmul,sse2,aes"))), apply_to=function)
++#define MBEDTLS_POP_TARGET_PRAGMA
++#endif
++#endif
++
+ #if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
+ /*
+  * AES-NI support detection routine
+@@ -396,6 +407,15 @@ static void aesni_setkey_enc_256(unsigned char *rk_bytes,
+ }
+ #endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
+
++#if defined(MBEDTLS_POP_TARGET_PRAGMA)
++#if defined(__clang__)
++#pragma clang attribute pop
++#elif defined(__GNUC__)
++#pragma GCC pop_options
++#endif
++#undef MBEDTLS_POP_TARGET_PRAGMA
++#endif
++
+ #else /* MBEDTLS_AESNI_HAVE_CODE == 1 */
+
+ #if defined(__has_feature)
+diff --git a/library/aesni.h b/library/aesni.h
+index ba1429029..37ae02c82 100644
+--- a/library/aesni.h
++++ b/library/aesni.h
+@@ -50,6 +50,10 @@
+ #if defined(__GNUC__) && defined(__AES__) && defined(__PCLMUL__)
+ #define MBEDTLS_AESNI_HAVE_INTRINSICS
+ #endif
++/* For 32-bit, we only support intrinsics */
++#if defined(MBEDTLS_ARCH_IS_X86) && (defined(__GNUC__) || defined(__clang__))
++#define MBEDTLS_AESNI_HAVE_INTRINSICS
++#endif
+
+ /* Choose the implementation of AESNI, if one is available.
+  *
+@@ -60,13 +64,11 @@
+ #if defined(MBEDTLS_AESNI_HAVE_INTRINSICS)
+ #define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics
+ #elif defined(MBEDTLS_HAVE_ASM) && \
+-    defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X64)
++    (defined(__GNUC__) || defined(__clang__)) && defined(MBEDTLS_ARCH_IS_X64)
+ /* Can we do AESNI with inline assembly?
+  * (Only implemented with gas syntax, only for 64-bit.)
+  */
+ #define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly
+-#elif defined(__GNUC__)
+-#   error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C"
+ #else
+ #error "MBEDTLS_AESNI_C defined, but neither intrinsics nor assembly available"
+ #endif
+--
+2.34.1
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/run-ptest b/meta-networking/recipes-connectivity/mbedtls/mbedtls/run-ptest
new file mode 100644
index 0000000000..059ab4ecbb
--- /dev/null
+++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls/run-ptest
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+ptestdir=$(dirname "$(readlink -f "$0")")
+cd "$ptestdir"/tests || exit
+
+tests=$(find * -type f -name 'test_suite_*')
+
+for f in $tests
+do
+    if test -x ./"$f"; then
+        if ./"$f" > ./"$f".out 2> ./"$f".err; then
+            echo "PASS: $f"
+        else
+            echo "FAIL: $f"
+        fi
+    fi
+done
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.0.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.7.bb
index d4a9c7bf8d..793cdcaff7 100644
--- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.0.bb
+++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.7.bb
@@ -17,16 +17,16 @@ understand what the code does. It features:                          \
 
 HOMEPAGE = "https://tls.mbed.org/"
 
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
+LICENSE = "Apache-2.0 | GPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=379d5819937a6c2f1ef1630d341e026d"
 
 SECTION = "libs"
 
 S = "${WORKDIR}/git"
-SRCREV = "8b3f26a5ac38d4fdccbc5c5366229f3e01dafcc0"
+SRCREV = "555f84735aecdbd76a566cf087ec8425dfb0c8ab"
 SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=mbedtls-2.28"
 
-inherit cmake
+inherit cmake update-alternatives
 
 PACKAGECONFIG ??= "shared-libs programs"
 PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF"
@@ -41,4 +41,7 @@ RPROVIDES:${PN} = "polarssl"
 PACKAGES =+ "${PN}-programs"
 FILES:${PN}-programs = "${bindir}/"
 
+ALTERNATIVE:${PN}-programs = "hello"
+ALTERNATIVE_LINK_NAME[hello] = "${bindir}/hello"
+
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.2.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.2.bb
new file mode 100644
index 0000000000..2fedac48cf
--- /dev/null
+++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.2.bb
@@ -0,0 +1,81 @@
+SUMMARY = "Lightweight crypto and SSL/TLS library"
+DESCRIPTION = "mbedtls is a lean open source crypto library          \
+for providing SSL and TLS support in your programs. It offers        \
+an intuitive API and documented header files, so you can actually    \
+understand what the code does. It features:                          \
+                                                                     \
+ - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4,  \
+   Camellia and XTEA                                                 \
+ - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5            \
+ - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG   \
+ - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \
+   ECDSA and ECDH                                                    \
+ - SSL v3 and TLS 1.0, 1.1 and 1.2                                   \
+ - Abstraction layers for ciphers, hashes, public key operations,    \
+   platform abstraction and threading                                \
+"
+
+HOMEPAGE = "https://tls.mbed.org/"
+
+LICENSE = "Apache-2.0 | GPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=379d5819937a6c2f1ef1630d341e026d"
+
+SECTION = "libs"
+
+S = "${WORKDIR}/git"
+SRCREV = "daca7a3979c22da155ec9dce49ab1abf3b65d3a9"
+SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master \
+	file://0001-AES-NI-use-target-attributes-for-x86-32-bit-intrinsi.patch \
+	file://run-ptest"
+UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
+
+inherit cmake update-alternatives ptest
+
+# Build with the v2 LTS version by default
+DEFAULT_PREFERENCE = "-1"
+
+PACKAGECONFIG ??= "shared-libs programs ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
+PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF"
+PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF"
+PACKAGECONFIG[werror] = "-DMBEDTLS_FATAL_WARNINGS=ON,-DMBEDTLS_FATAL_WARNINGS=OFF"
+# Make X.509 and TLS calls use PSA
+# https://github.com/Mbed-TLS/mbedtls/blob/development/docs/use-psa-crypto.md
+PACKAGECONFIG[psa] = ""
+PACKAGECONFIG[tests] = "-DENABLE_TESTING=ON,-DENABLE_TESTING=OFF"
+
+EXTRA_OECMAKE = "-DLIB_INSTALL_DIR:STRING=${libdir}"
+
+# For now the only way to enable PSA is to explicitly pass a -D via CFLAGS
+CFLAGS:append = "${@bb.utils.contains('PACKAGECONFIG', 'psa', ' -DMBEDTLS_USE_PSA_CRYPTO', '', d)}"
+
+PROVIDES += "polarssl"
+RPROVIDES:${PN} = "polarssl"
+
+PACKAGES =+ "${PN}-programs"
+FILES:${PN}-programs = "${bindir}/"
+
+ALTERNATIVE:${PN}-programs = "hello"
+ALTERNATIVE_LINK_NAME[hello] = "${bindir}/hello"
+
+BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT = "mbed_tls"
+
+# Strip host paths from autogenerated test files
+do_compile:append() {
+	sed -i 's+${S}/++g' ${B}/tests/*.c 2>/dev/null || :
+	sed -i 's+${B}/++g' ${B}/tests/*.c 2>/dev/null || :
+}
+
+# Export source files/headers needed by Arm Trusted Firmware
+sysroot_stage_all:append() {
+	sysroot_stage_dir "${S}/library" "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/library"
+	sysroot_stage_dir "${S}/include" "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/include"
+}
+
+do_install_ptest () {
+	install -d ${D}${PTEST_PATH}/tests
+	cp -f ${B}/tests/test_suite_* ${D}${PTEST_PATH}/tests/
+	find ${D}${PTEST_PATH}/tests/ -type f -name "*.c" -delete
+	cp -fR ${S}/tests/data_files ${D}${PTEST_PATH}/tests/
+}
diff --git a/meta-networking/recipes-connectivity/mosquitto/files/2894.patch b/meta-networking/recipes-connectivity/mosquitto/files/2894.patch
new file mode 100644
index 0000000000..7374cbd26f
--- /dev/null
+++ b/meta-networking/recipes-connectivity/mosquitto/files/2894.patch
@@ -0,0 +1,25 @@
+From: Joachim Zobel <jz-2017@heute-morgen.de>
+Date: Wed, 13 Sep 2023 09:55:34 +0200
+Subject: [PATCH] Link correctly with shared websockets library if needed see:
+ https://github.com/eclipse/mosquitto/pull/2751
+
+Patch contributed by Joachim Zobel <jz-2017@heute-morgen.de> and  Daniel Engberg <daniel.engberg.lists@pyret.net>
+---
+Upstream-Status: Pending
+
+ src/CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index 9380a04..dce8313 100644
+--- a/src/CMakeLists.txt
++++ b/src/CMakeLists.txt
+@@ -200,7 +200,7 @@ if (WITH_WEBSOCKETS)
+ 			link_directories(${mosquitto_SOURCE_DIR})
+ 		endif (WIN32)
+ 	else (STATIC_WEBSOCKETS)
+-		set (MOSQ_LIBS ${MOSQ_LIBS} websockets)
++		set (MOSQ_LIBS ${MOSQ_LIBS} websockets_shared)
+ 	endif (STATIC_WEBSOCKETS)
+ endif (WITH_WEBSOCKETS)
+ 
diff --git a/meta-networking/recipes-connectivity/mosquitto/files/2895.patch b/meta-networking/recipes-connectivity/mosquitto/files/2895.patch
new file mode 100644
index 0000000000..853f881754
--- /dev/null
+++ b/meta-networking/recipes-connectivity/mosquitto/files/2895.patch
@@ -0,0 +1,27 @@
+From: Joachim Zobel <jz-2017@heute-morgen.de>
+Date: Wed, 13 Sep 2023 10:05:43 +0200
+Subject: [PATCH] Mosquitto now waits for network-online when starting
+ (Closes: #1036450)
+
+See: https://github.com/eclipse/mosquitto/issues/2878
+---
+Upstream-Status: Pending
+
+ service/systemd/mosquitto.service.simple | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/service/systemd/mosquitto.service.simple b/service/systemd/mosquitto.service.simple
+index 15ee0d6..c2a330b 100644
+--- a/service/systemd/mosquitto.service.simple
++++ b/service/systemd/mosquitto.service.simple
+@@ -1,8 +1,8 @@
+ [Unit]
+ Description=Mosquitto MQTT Broker
+ Documentation=man:mosquitto.conf(5) man:mosquitto(8)
+-After=network.target
+-Wants=network.target
++After=network-online.target
++Wants=network-online.target
+ 
+ [Service]
+ ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
diff --git a/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init b/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init
index 9d5963c418..d0da219d6d 100644
--- a/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init
+++ b/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init
@@ -1,18 +1,18 @@
-#! /bin/sh
+#!/bin/sh
 
 # Based on the Debian initscript for mosquitto
 
 ### BEGIN INIT INFO
-# Provides:         mosquitto
-# Required-Start:   $remote_fs $syslog
-# Required-Stop:    $remote_fs $syslog
-# Default-Start:    2 3 4 5
-# Default-Stop:     0 1 6
-# Short-Description:    mosquitto MQTT message broker
-# Description: 
-#  This is a message broker that supports version 3.1/3.1.1 of the MQ Telemetry
+# Provides:       mosquitto
+# Required-Start: $remote_fs $syslog
+# Required-Stop:  $remote_fs $syslog
+# Default-Start:  2 3 4 5
+# Default-Stop:   0 1 6
+# Short-Description: mosquitto MQTT 3.1/3.1.1 message broker
+# Description:
+#  This is a message broker that supports version 3.1 of the MQ Telemetry
 #  Transport (MQTT) protocol.
-#  
+#
 #  MQTT provides a method of carrying out messaging using a publish/subscribe
 #  model. It is lightweight, both in terms of bandwidth usage and ease of
 #  implementation. This makes it particularly useful at the edge of the network
diff --git a/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.14.bb b/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.18.bb
index 739b7de625..ea9eb4857b 100644
--- a/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.14.bb
+++ b/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.18.bb
@@ -17,13 +17,15 @@ DEPENDS = "uthash cjson"
 SRC_URI = "http://mosquitto.org/files/source/mosquitto-${PV}.tar.gz \
            file://mosquitto.init \
            file://1571.patch \
+           file://2894.patch \
+           file://2895.patch \
 "
 
-SRC_URI[sha256sum] = "d0dde8fdb12caf6e2426b4f28081919a2fce3448773bdb8af0d3cd5fe5776925"
+SRC_URI[sha256sum] = "d665fe7d0032881b1371a47f34169ee4edab67903b2cd2b4c083822823f4448a"
 
 inherit systemd update-rc.d useradd cmake pkgconfig
 
-PACKAGECONFIG ??= "ssl dlt websockets \
+PACKAGECONFIG ??= "ssl websockets \
                   ${@bb.utils.filter('DISTRO_FEATURES','systemd', d)} \
                   "
 
@@ -87,4 +89,4 @@ USERADD_PACKAGES = "${PN}"
 USERADD_PARAM:${PN} = "--system --no-create-home --shell /bin/false \
                        --user-group mosquitto"
 
-BBCLASSEXTEND += "native nativesdk"
+BBCLASSEXTEND = "native"
diff --git a/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb b/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb
index e715135dc3..03eff43dd2 100644
--- a/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb
+++ b/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb
@@ -9,11 +9,11 @@ LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://../LICENSE;md5=f399b62ce0a152525d1589a5a40c0ff6"
 DEPENDS = "asio fmt http-parser"
 
-SRC_URI = "https://github.com/Stiffstream/restinio/releases/download/v.${PV}/restinio-${PV}.tar.bz2"
+SRC_URI = "https://github.com/Stiffstream/restinio/releases/download/v.${PV}/${BP}.tar.bz2"
 SRC_URI[md5sum] = "37a4310e98912030a74bdd4ed789f33c"
 SRC_URI[sha256sum] = "b35d696e6fafd4563ca708fcecf9d0cf6705c846d417b5000f5252e0188848e7"
 
-S = "${WORKDIR}/${PN}-${PV}/dev"
+S = "${WORKDIR}/${BP}/dev"
 
 inherit cmake
 
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0001.patch
new file mode 100644
index 0000000000..d938e8cd66
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0001.patch
@@ -0,0 +1,147 @@
+From cbbfc917b9635bc62825ea64a157028297f54fb7 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Fri, 29 Jan 2016 23:35:31 +0100
+Subject: [PATCH] CVE-2018-14628: python:descriptor: let samba-tool dbcheck fix
+  the nTSecurityDescriptor on CN=Deleted Objects containers
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 97e4aab1a6e2feda7c6c6fdeaa7c3e1818c55566)
+
+Autobuild-User(v4-18-test): Jule Anger <janger@samba.org>
+Autobuild-Date(v4-18-test): Mon Oct 23 09:52:22 UTC 2023 on atb-devel-224
+
+CVE: CVE-2018-14628
+
+Upstream-Status: Backport[https://github.com/samba-team/samba/commit/cbbfc917b9635bc62825ea64a157028297f54fb7]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ python/samba/dbchecker.py           | 10 ++++++++--
+ python/samba/descriptor.py          | 15 ++++++++++++++-
+ testprogs/blackbox/dbcheck-links.sh | 12 ++++++++++++
+ 3 files changed, 34 insertions(+), 3 deletions(-)
+
+diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
+index d10d765..d8c2341 100644
+--- a/python/samba/dbchecker.py
++++ b/python/samba/dbchecker.py
+@@ -2433,7 +2433,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
+                     error_count += 1
+                     continue
+
+-                if self.reset_well_known_acls:
++                if dn == deleted_objects_dn or self.reset_well_known_acls:
+                     try:
+                         well_known_sd = self.get_wellknown_sd(dn)
+                     except KeyError:
+@@ -2442,7 +2442,13 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
+                     current_sd = ndr_unpack(security.descriptor,
+                                             obj[attrname][0])
+
+-                    diff = get_diff_sds(well_known_sd, current_sd, security.dom_sid(self.samdb.get_domain_sid()))
++                    ignoreAdditionalACEs = False
++                    if not self.reset_well_known_acls:
++                        ignoreAdditionalACEs = True
++
++                    diff = get_diff_sds(well_known_sd, current_sd,
++                                        security.dom_sid(self.samdb.get_domain_sid()),
++                                        ignoreAdditionalACEs=ignoreAdditionalACEs)
+                     if diff != "":
+                         self.err_wrong_default_sd(dn, well_known_sd, diff)
+                         error_count += 1
+diff --git a/python/samba/descriptor.py b/python/samba/descriptor.py
+index 0998348..08cfab0 100644
+--- a/python/samba/descriptor.py
++++ b/python/samba/descriptor.py
+@@ -407,6 +407,7 @@ def get_wellknown_sds(samdb):
+     # Then subcontainers
+     subcontainers = [
+         (ldb.Dn(samdb, "%s" % str(samdb.domain_dn())), get_domain_descriptor),
++        (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(samdb.domain_dn())), get_deletedobjects_descriptor),
+         (ldb.Dn(samdb, "CN=LostAndFound,%s" % str(samdb.domain_dn())), get_domain_delete_protected2_descriptor),
+         (ldb.Dn(samdb, "CN=System,%s" % str(samdb.domain_dn())), get_domain_delete_protected1_descriptor),
+         (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(samdb.domain_dn())), get_domain_infrastructure_descriptor),
+@@ -417,6 +418,7 @@ def get_wellknown_sds(samdb):
+         (ldb.Dn(samdb, "CN=MicrosoftDNS,CN=System,%s" % str(samdb.domain_dn())), get_dns_domain_microsoft_dns_descriptor),
+
+         (ldb.Dn(samdb, "%s" % str(samdb.get_config_basedn())), get_config_descriptor),
++        (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(samdb.get_config_basedn())), get_deletedobjects_descriptor),
+         (ldb.Dn(samdb, "CN=NTDS Quotas,%s" % str(samdb.get_config_basedn())), get_config_ntds_quotas_descriptor),
+         (ldb.Dn(samdb, "CN=LostAndFoundConfig,%s" % str(samdb.get_config_basedn())), get_config_delete_protected1wd_descriptor),
+         (ldb.Dn(samdb, "CN=Services,%s" % str(samdb.get_config_basedn())), get_config_delete_protected1_descriptor),
+@@ -441,6 +443,9 @@ def get_wellknown_sds(samdb):
+         if ldb.Dn(samdb, nc.decode('utf8')) == dnsforestdn:
+             c = (ldb.Dn(samdb, "%s" % str(dnsforestdn)), get_dns_partition_descriptor)
+             subcontainers.append(c)
++            c = (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(dnsforestdn)),
++                 get_deletedobjects_descriptor)
++            subcontainers.append(c)
+             c = (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(dnsforestdn)),
+                  get_domain_delete_protected1_descriptor)
+             subcontainers.append(c)
+@@ -456,6 +461,9 @@ def get_wellknown_sds(samdb):
+         if ldb.Dn(samdb, nc.decode('utf8')) == dnsdomaindn:
+             c = (ldb.Dn(samdb, "%s" % str(dnsdomaindn)), get_dns_partition_descriptor)
+             subcontainers.append(c)
++            c = (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(dnsdomaindn)),
++                 get_deletedobjects_descriptor)
++            subcontainers.append(c)
+             c = (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(dnsdomaindn)),
+                  get_domain_delete_protected1_descriptor)
+             subcontainers.append(c)
+@@ -548,7 +556,8 @@ def get_clean_sd(sd):
+     return sd_clean
+
+
+-def get_diff_sds(refsd, cursd, domainsid, checkSacl=True):
++def get_diff_sds(refsd, cursd, domainsid, checkSacl=True,
++                 ignoreAdditionalACEs=False):
+     """Get the difference between 2 sd
+
+     This function split the textual representation of ACL into smaller
+@@ -603,6 +612,10 @@ def get_diff_sds(refsd, cursd, domainsid, checkSacl=True):
+                     h_ref.remove(k)
+
+             if len(h_cur) + len(h_ref) > 0:
++                if txt == "" and len(h_ref) == 0:
++                    if ignoreAdditionalACEs:
++                        return ""
++
+                 txt = "%s\tPart %s is different between reference" \
+                       " and current here is the detail:\n" % (txt, part)
+
+diff --git a/testprogs/blackbox/dbcheck-links.sh b/testprogs/blackbox/dbcheck-links.sh
+index f00fe46..06b24fb 100755
+--- a/testprogs/blackbox/dbcheck-links.sh
++++ b/testprogs/blackbox/dbcheck-links.sh
+@@ -58,6 +58,16 @@ dbcheck() {
+     fi
+ }
+
++dbcheck_acl_reset()
++{
++	$PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --cross-ncs --fix --yes --attrs=nTSecurityDescriptor
++}
++
++dbcheck_acl_clean()
++{
++	$PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --cross-ncs --attrs=nTSecurityDescriptor
++}
++
+ dbcheck_dangling() {
+     dbcheck "" "1" "--selftest-check-expired-tombstones"
+     return $?
+@@ -893,6 +903,8 @@ EOF
+ remove_directory $PREFIX_ABS/${RELEASE}
+
+ testit $RELEASE undump || failed=`expr $failed + 1`
++testit_expect_failure "dbcheck_acl_reset" dbcheck_acl_reset || failed=$(expr $failed + 1)
++testit "dbcheck_acl_clean" dbcheck_acl_clean || failed=$(expr $failed + 1)
+ testit "add_two_more_users" add_two_more_users || failed=`expr $failed + 1`
+ testit "add_four_more_links" add_four_more_links || failed=`expr $failed + 1`
+ testit "remove_one_link" remove_one_link || failed=`expr $failed + 1`
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0002.patch
new file mode 100644
index 0000000000..e3d45627a5
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0002.patch
@@ -0,0 +1,72 @@
+From f967b91da76f86a9feb4c1469fccfce93be8bc79 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 7 Jun 2023 18:18:58 +0200
+Subject: [PATCH] CVE-2018-14628: dbchecker: use get_deletedobjects_descriptor
+ for missing deleted objects container
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 70586061128f90afa33f25e104d4570a1cf778db)
+
+CVE: CVE-2018-14628
+
+Upstream-Status: Backport
+[https://github.com/samba-team/samba/commit/f967b91da76f86a9feb4c1469fccfce93be8bc79]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ python/samba/dbchecker.py | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
+index d8c2341..35b6eeb 100644
+--- a/python/samba/dbchecker.py
++++ b/python/samba/dbchecker.py
+@@ -21,7 +21,7 @@ from __future__ import print_function
+ import ldb
+ import samba
+ import time
+-from base64 import b64decode
++from base64 import b64decode, b64encode
+ from samba import dsdb
+ from samba import common
+ from samba.dcerpc import misc
+@@ -30,7 +30,11 @@ from samba.ndr import ndr_unpack, ndr_pack
+ from samba.dcerpc import drsblobs
+ from samba.samdb import dsdb_Dn
+ from samba.dcerpc import security
+-from samba.descriptor import get_wellknown_sds, get_diff_sds
++from samba.descriptor import (
++        get_wellknown_sds,
++        get_deletedobjects_descriptor,
++        get_diff_sds
++)
+ from samba.auth import system_session, admin_session
+ from samba.netcmd import CommandError
+ from samba.netcmd.fsmo import get_fsmo_roleowner
+@@ -340,6 +344,11 @@ class dbcheck(object):
+                 wko_prefix = "B:32:%s" % dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER
+                 listwko.append('%s:%s' % (wko_prefix, dn))
+                 guid_suffix = ""
++
++            domain_sid = security.dom_sid(self.samdb.get_domain_sid())
++            sec_desc = get_deletedobjects_descriptor(domain_sid,
++                                                     name_map=self.name_map)
++            sec_desc_b64 = b64encode(sec_desc).decode('utf8')
+
+             # Insert a brand new Deleted Objects container
+             self.samdb.add_ldif("""dn: %s
+@@ -349,7 +358,8 @@ description: Container for deleted objects
+ isDeleted: TRUE
+ isCriticalSystemObject: TRUE
+ showInAdvancedViewOnly: TRUE
+-systemFlags: -1946157056%s""" % (dn, guid_suffix),
++nTSecurityDescriptor:: %s
++systemFlags: -1946157056%s""" % (dn, sec_desc_b64, guid_suffix),
+                                 controls=["relax:0", "provision:0"])
+
+             delta = ldb.Message()
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0003.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0003.patch
new file mode 100644
index 0000000000..df30e0c106
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0003.patch
@@ -0,0 +1,106 @@
+From edac27f5408191567233983562091484ebbbad0a Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Mon, 26 Jun 2023 15:14:24 +0200
+Subject: [PATCH] CVE-2018-14628: s4:dsdb: remove unused code in
+ dirsync_filter_entry()
+
+This makes the next change easier to understand.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 498542be0bbf4f26558573c1f87b77b8e3509371)
+
+CVE: CVE-2018-14628
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/edac27f5408191567233983562091484ebbbad0a]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source4/dsdb/samdb/ldb_modules/dirsync.c | 53 +++---------------------
+ 1 file changed, 5 insertions(+), 48 deletions(-)
+
+diff --git a/source4/dsdb/samdb/ldb_modules/dirsync.c b/source4/dsdb/samdb/ldb_modules/dirsync.c
+index e61ade8..e7fb27f 100644
+--- a/source4/dsdb/samdb/ldb_modules/dirsync.c
++++ b/source4/dsdb/samdb/ldb_modules/dirsync.c
+@@ -152,10 +152,6 @@ static int dirsync_filter_entry(struct ldb_request *req,
+	 * list only the attribute that have been modified since last interogation
+	 *
+	 */
+-	newmsg = ldb_msg_new(dsc->req);
+-	if (newmsg == NULL) {
+-		return ldb_oom(ldb);
+-	}
+	for (i = msg->num_elements - 1; i >= 0; i--) {
+		if (ldb_attr_cmp(msg->elements[i].name, "uSNChanged") == 0) {
+			int error = 0;
+@@ -202,11 +198,6 @@ static int dirsync_filter_entry(struct ldb_request *req,
+			 */
+			return LDB_SUCCESS;
+		}
+-		newmsg->dn = ldb_dn_new(newmsg, ldb, "");
+-		if (newmsg->dn == NULL) {
+-			return ldb_oom(ldb);
+-		}
+-
+		el = ldb_msg_find_element(msg, "objectGUID");
+		if ( el != NULL) {
+			guidfound = true;
+@@ -217,48 +208,14 @@ static int dirsync_filter_entry(struct ldb_request *req,
+		 * well will uncomment the code bellow
+		 */
+		SMB_ASSERT(guidfound == true);
+-		/*
+-		if (guidfound == false) {
+-			struct GUID guid;
+-			struct ldb_val *new_val;
+-			DATA_BLOB guid_blob;
+-
+-			tmp[0] = '\0';
+-			txt = strrchr(txt, ':');
+-			if (txt == NULL) {
+-				return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+-			}
+-			txt++;
+-
+-			status = GUID_from_string(txt, &guid);
+-			if (!NT_STATUS_IS_OK(status)) {
+-				return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+-			}
+-
+-			status = GUID_to_ndr_blob(&guid, msg, &guid_blob);
+-			if (!NT_STATUS_IS_OK(status)) {
+-				return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+-			}
+-
+-			new_val = talloc(msg, struct ldb_val);
+-			if (new_val == NULL) {
+-				return ldb_oom(ldb);
+-			}
+-			new_val->data = talloc_steal(new_val, guid_blob.data);
+-			new_val->length = guid_blob.length;
+-			if (ldb_msg_add_value(msg, "objectGUID", new_val, NULL) != 0) {
+-				return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+-			}
+-		}
+-		*/
+-		ldb_msg_add(newmsg, el, LDB_FLAG_MOD_ADD);
+-		talloc_steal(newmsg->elements, el->name);
+-		talloc_steal(newmsg->elements, el->values);
+-
+-		talloc_steal(newmsg->elements, msg);
+		return ldb_module_send_entry(dsc->req, msg, controls);
+	}
+
++	newmsg = ldb_msg_new(dsc->req);
++	if (newmsg == NULL) {
++		return ldb_oom(ldb);
++	}
++
+	ndr_err = ndr_pull_struct_blob(replMetaData, dsc, &rmd,
+		(ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0004.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0004.patch
new file mode 100644
index 0000000000..6fa4ef10dd
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0004.patch
@@ -0,0 +1,64 @@
+From 74a508b39e6fd5036a2adc99d559bd3852f8ce8d Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Fri, 29 Jan 2016 23:34:15 +0100
+Subject: [PATCH] CVE-2018-14628: s4:setup: set the correct
+ nTSecurityDescriptor on the CN=Deleted Objects container
+
+This revealed a bug in our dirsync code, so we mark
+test_search_with_dirsync_deleted_objects as knownfail.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 7f8b15faa76d05023c987fac2c4c31f9ac61bb47)
+
+CVE: CVE-2018-14628
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/74a508b39e6fd5036a2adc99d559bd3852f8ce8d]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source4/setup/provision.ldif               | 1 +
+ source4/setup/provision_configuration.ldif | 1 +
+ source4/setup/provision_dnszones_add.ldif  | 1 +
+ 3 files changed, 3 insertions(+)
+
+diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
+index 5d9eba4..7f966fd 100644
+--- a/source4/setup/provision.ldif
++++ b/source4/setup/provision.ldif
+@@ -34,6 +34,7 @@ isDeleted: TRUE
+ isCriticalSystemObject: TRUE
+ showInAdvancedViewOnly: TRUE
+ systemFlags: -1946157056
++nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
+
+ # Computers located in "provision_computers*.ldif"
+ # Users/Groups located in "provision_users*.ldif"
+diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
+index 53c9c85..8fcbddb 100644
+--- a/source4/setup/provision_configuration.ldif
++++ b/source4/setup/provision_configuration.ldif
+@@ -14,6 +14,7 @@ description: Container for deleted objects
+ isDeleted: TRUE
+ isCriticalSystemObject: TRUE
+ systemFlags: -1946157056
++nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
+
+ # Extended rights
+
+diff --git a/source4/setup/provision_dnszones_add.ldif b/source4/setup/provision_dnszones_add.ldif
+index 860aa4b..a2d6b6b 100644
+--- a/source4/setup/provision_dnszones_add.ldif
++++ b/source4/setup/provision_dnszones_add.ldif
+@@ -8,6 +8,7 @@ description: Deleted objects
+ isDeleted: TRUE
+ isCriticalSystemObject: TRUE
+ systemFlags: -1946157056
++nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR}
+
+ dn: CN=LostAndFound,${ZONE_DN}
+ objectClass: top
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0005.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0005.patch
new file mode 100644
index 0000000000..b0a8ef2535
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0005.patch
@@ -0,0 +1,98 @@
+From 46a168c9a89e82ccaf8d27669d1ae5459f7becb9 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Fri, 29 Jan 2016 23:33:37 +0100
+Subject: [PATCH] CVE-2018-14628: python:provision: make
+ DELETEDOBJECTS_DESCRIPTOR available in the ldif files
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 0c329a0fda37d87ed737e4b579b6d04ec907604c)
+
+CVE: CVE-2018-14628
+
+Upstream-Status: Backport
+[https://github.com/samba-team/samba/commit/46a168c9a89e82ccaf8d27669d1ae5459f7becb9]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ python/samba/provision/__init__.py | 5 +++++
+ python/samba/provision/sambadns.py | 4 ++++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
+index e8903ad..0c52cc1 100644
+--- a/python/samba/provision/__init__.py
++++ b/python/samba/provision/__init__.py
+@@ -79,6 +79,7 @@ from samba.provision.backend import (
+     LDBBackend,
+ )
+ from samba.descriptor import (
++    get_deletedobjects_descriptor,
+     get_empty_descriptor,
+     get_config_descriptor,
+     get_config_partitions_descriptor,
+@@ -1441,6 +1442,8 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
+     msg["subRefs"] = ldb.MessageElement(names.configdn, ldb.FLAG_MOD_ADD,
+                                         "subRefs")
+
++    deletedobjects_descr = b64encode(get_deletedobjects_descriptor(names.domainsid)).decode('utf8')
++
+     samdb.invocation_id = invocationid
+
+     # If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
+@@ -1472,6 +1475,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
+                 "FOREST_FUNCTIONALITY": str(forestFunctionality),
+                 "DOMAIN_FUNCTIONALITY": str(domainFunctionality),
+                 "NTDSQUOTAS_DESCRIPTOR": ntdsquotas_descr,
++                "DELETEDOBJECTS_DESCRIPTOR": deletedobjects_descr,
+                 "LOSTANDFOUND_DESCRIPTOR": protected1wd_descr,
+                 "SERVICES_DESCRIPTOR": protected1_descr,
+                 "PHYSICALLOCATIONS_DESCRIPTOR": protected1wd_descr,
+@@ -1536,6 +1540,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
+         "RIDAVAILABLESTART": str(next_rid + 600),
+         "POLICYGUID_DC": policyguid_dc,
+         "INFRASTRUCTURE_DESCRIPTOR": infrastructure_desc,
++        "DELETEDOBJECTS_DESCRIPTOR": deletedobjects_descr,
+         "LOSTANDFOUND_DESCRIPTOR": lostandfound_desc,
+         "SYSTEM_DESCRIPTOR": system_desc,
+         "BUILTIN_DESCRIPTOR": builtin_desc,
+diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
+index 8a5d8a9..61beb16 100644
+--- a/python/samba/provision/sambadns.py
++++ b/python/samba/provision/sambadns.py
+@@ -41,6 +41,7 @@ from samba.dsdb import (
+     DS_DOMAIN_FUNCTION_2016
+ )
+ from samba.descriptor import (
++    get_deletedobjects_descriptor,
+     get_domain_descriptor,
+     get_domain_delete_protected1_descriptor,
+     get_domain_delete_protected2_descriptor,
+@@ -245,6 +246,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
+     domainzone_dn = "DC=DomainDnsZones,%s" % domaindn
+     forestzone_dn = "DC=ForestDnsZones,%s" % forestdn
+     descriptor = get_dns_partition_descriptor(domainsid)
++    deletedobjects_desc = get_deletedobjects_descriptor(domainsid)
+
+     setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), {
+         "ZONE_DN": domainzone_dn,
+@@ -268,6 +270,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
+         "ZONE_DNS": domainzone_dns,
+         "CONFIGDN": configdn,
+         "SERVERDN": serverdn,
++        "DELETEDOBJECTS_DESCRIPTOR": b64encode(deletedobjects_desc).decode('utf8'),
+         "LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'),
+         "INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'),
+     })
+@@ -288,6 +291,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
+             "ZONE_DNS": forestzone_dns,
+             "CONFIGDN": configdn,
+             "SERVERDN": serverdn,
++            "DELETEDOBJECTS_DESCRIPTOR": b64encode(deletedobjects_desc).decode('utf8')
+             "LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'),
+             "INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'),
+         })
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0006.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0006.patch
new file mode 100644
index 0000000000..d92ad41df1
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0006.patch
@@ -0,0 +1,51 @@
+From e884fc791e59bd6ebd41b4a2ab7c9d7dc45415f4 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Fri, 29 Jan 2016 23:30:59 +0100
+Subject: [PATCH] CVE-2018-14628: python:descriptor: add
+ get_deletedobjects_descriptor()
+
+samba-tool drs clone-dc-database was quite useful to find
+the true value of nTSecurityDescriptor of the CN=Delete Objects
+containers.
+
+Only the auto inherited SACL is available via a ldap search.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 3be190dcf7153e479383f7f3d29ddca43fe121b8)
+
+CVE: CVE-2018-14628
+
+Upstream-Status: Backport
+[https://github.com/samba-team/samba/commit/e884fc791e59bd6ebd41b4a2ab7c9d7dc45415f4]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ python/samba/descriptor.py | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/python/samba/descriptor.py b/python/samba/descriptor.py
+index 08cfab0..0141f38 100644
+--- a/python/samba/descriptor.py
++++ b/python/samba/descriptor.py
+@@ -52,6 +52,16 @@ def get_empty_descriptor(domain_sid, name_map={}):
+ # "get_schema_descriptor" is located in "schema.py"
+
+
++def get_deletedobjects_descriptor(domain_sid, name_map=None):
++    if name_map is None:
++        name_map = {}
++
++    sddl = "O:SYG:SYD:PAI" \
++        "(A;;RPWPCCDCLCRCWOWDSDSW;;;SY)" \
++        "(A;;RPLC;;;BA)"
++    return sddl2binary(sddl, domain_sid, name_map)
++
++
+ def get_config_descriptor(domain_sid, name_map={}):
+     sddl = "O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
+            "(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2021-44758.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2021-44758.patch
new file mode 100644
index 0000000000..6610899458
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2021-44758.patch
@@ -0,0 +1,72 @@
+From f9ec7002cdd526ae84fbacbf153162e118f22580 Mon Sep 17 00:00:00 2001
+From: Nicolas Williams <nico@twosigma.com>
+Date: Wed Mar 9 10:18:52 2022 -0600
+Subject: [PATCH] spnego: CVE-2021-44758 send_reject when no mech selected
+
+    This fixes a DoS where an initial SPNEGO token that has no acceptable
+    mechanisms causes a NULL dereference in acceptors.
+
+    send_accept() when called with a non-zero 'initial_response' did
+    not handle the case of gssspnego_ctx.preferred_mech_type equal
+    to GSS_C_NO_OID.
+
+    The failure to handle GSS_C_NO_OID has been present since the
+    initial revision of gssapi/spnego,
+    2baa7e7d613c26b2b037b368931519a84baec53d but might not have
+    been exercised until later revisions.
+
+    The introduction of opportunistic token handling in
+    gss_accept_sec_context(), 3c9d3266f47f594a29068c9d629908e7000ac663,
+    introduced two bugs:
+
+     1. The optional mechToken field is used unconditionally
+        possibly resulting in a segmentation fault.
+
+     2. If use of the opportunistic token is unsuccessful and the
+        mech type list length is one, send_accept() can be called
+        with 'initial_response' true and preferred mech set to
+        GSS_C_NO_OID.
+
+    b53c90da0890a9cce6f95c552f094ff6d69027bf ("Make error reporting
+    somewhat more correct for SPNEGO") attempted to fix the first
+    issue and increased the likelihood of the second.
+
+    This change alters the behavior of acceptor_start() so it calls
+    send_reject() when no mechanism was selected.
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580]
+CVE: CVE-2021-44758
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ .../heimdal/lib/gssapi/spnego/accept_sec_context.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/lib/gssapi/spnego/accept_sec_context.c b/lib/gssapi/spnego/accept_sec_context.c
+index 3a51dd3..b60dc19 100644
+--- a/lib/gssapi/spnego/accept_sec_context.c
++++ b/lib/gssapi/spnego/accept_sec_context.c
+@@ -619,13 +619,15 @@ acceptor_start
+	    if (ret == 0)
+		break;
+	}
+-	if (preferred_mech_type == GSS_C_NO_OID) {
+-	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+-	    free_NegotiationToken(&nt);
+-	    return ret;
+-	}
++    }
++
++    ctx->preferred_mech_type = preferred_mech_type;
+
+-	ctx->preferred_mech_type = preferred_mech_type;
++    if (preferred_mech_type == GSS_C_NO_OID) {
++        send_reject(minor_status, output_token);
++        HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
++        free_NegotiationToken(&nt);
++        return ret;
+     }
+
+     /*
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-2127.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-2127.patch
new file mode 100644
index 0000000000..e94d5d538b
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-2127.patch
@@ -0,0 +1,44 @@
+From 53838682570135b753fa622dfcde111528563c2d Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Fri, 16 Jun 2023 12:28:47 +0200
+Subject: [PATCH] CVE-2022-2127: ntlm_auth: cap lanman response length value
+
+We already copy at most sizeof(request.data.auth_crap.lm_resp) bytes to the
+lm_resp buffer, but we don't cap the length indicator.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+
+CVE: CVE-2022-2127
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/53838682570135b753fa622dfcde111528563c2d]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/utils/ntlm_auth.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
+index 02a2379..c82ea45 100644
+--- a/source3/utils/ntlm_auth.c
++++ b/source3/utils/ntlm_auth.c
+@@ -574,10 +574,14 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
+	memcpy(request.data.auth_crap.chal, challenge->data, MIN(challenge->length, 8));
+
+	if (lm_response && lm_response->length) {
++		size_t capped_lm_response_len = MIN(
++			lm_response->length,
++			sizeof(request.data.auth_crap.lm_resp));
++
+		memcpy(request.data.auth_crap.lm_resp,
+		       lm_response->data,
+-		       MIN(lm_response->length, sizeof(request.data.auth_crap.lm_resp)));
+-		request.data.auth_crap.lm_resp_len = lm_response->length;
++		       capped_lm_response_len);
++		request.data.auth_crap.lm_resp_len = capped_lm_response_len;
+	}
+
+	if (nt_response && nt_response->length) {
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0001.patch
new file mode 100644
index 0000000000..abc778b731
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0001.patch
@@ -0,0 +1,77 @@
+From f6edaafcfefd843ca1b1a041f942a853d85ee7c3 Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Wed, 12 Oct 2022 13:57:13 +1300
+Subject: [PATCH] gsskrb5: CVE-2022-3437 Use constant-time memcmp() for arcfour
+ unwrap
+
+Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/f6edaafcfefd843ca1b1a041f942a853d85ee7c3]
+CVE: CVE-2022-3437
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/arcfour.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c
+index a61f768..4fc46ce 100644
+--- a/lib/gssapi/krb5/arcfour.c
++++ b/lib/gssapi/krb5/arcfour.c
+@@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
+	return GSS_S_FAILURE;
+     }
+
+-    cmp = ct_memcmp(cksum_data, p + 8, 8);
++    cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0);
+     if (cmp) {
+	*minor_status = 0;
+	return GSS_S_BAD_MIC;
+@@ -385,9 +385,9 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
+     _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
+
+     if (context_handle->more_flags & LOCAL)
+-	cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
++	cmp = (ct_memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4) != 0);
+     else
+-	cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
++	cmp = (ct_memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4) != 0);
+
+     memset(SND_SEQ, 0, sizeof(SND_SEQ));
+     if (cmp != 0) {
+@@ -656,9 +656,9 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
+     _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
+
+     if (context_handle->more_flags & LOCAL)
+-	cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
++	cmp = (ct_memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4) != 0);
+     else
+-	cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
++	cmp = (ct_memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4) != 0);
+
+     if (cmp != 0) {
+	*minor_status = 0;
+@@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
+	return GSS_S_FAILURE;
+     }
+
+-    cmp = ct_memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */
++    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */
+     if (cmp) {
+	_gsskrb5_release_buffer(minor_status, output_message_buffer);
+	*minor_status = 0;
+@@ -1266,9 +1266,9 @@ _gssapi_unwrap_iov_arcfour(OM_uint32 *minor_status,
+     _gsskrb5_decode_be_om_uint32(snd_seq, &seq_number);
+
+     if (ctx->more_flags & LOCAL) {
+-	cmp = memcmp(&snd_seq[4], "\xff\xff\xff\xff", 4);
++	cmp = (ct_memcmp(&snd_seq[4], "\xff\xff\xff\xff", 4) != 0);
+     } else {
+-	cmp = memcmp(&snd_seq[4], "\x00\x00\x00\x00", 4);
++	cmp = (ct_memcmp(&snd_seq[4], "\x00\x00\x00\x00", 4) != 0);
+     }
+     if (cmp != 0) {
+	*minor_status = 0;
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0002.patch
new file mode 100644
index 0000000000..5686df78e1
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0002.patch
@@ -0,0 +1,35 @@
+From c9cc34334bd64b08fe91a2f720262462e9f6bb49 Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Wed, 12 Oct 2022 13:57:55 +1300
+Subject: [PATCH] gsskrb5: CVE-2022-3437 Use constant-time memcmp() in
+ unwrap_des3()
+
+The surrounding checks all use ct_memcmp(), so this one was presumably
+meant to as well.
+
+Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/c9cc34334bd64b08fe91a2f720262462e9f6bb49]
+CVE: CVE-2022-3437
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/unwrap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c
+index da939c0529..61a341ee43 100644
+--- a/lib/gssapi/krb5/unwrap.c
++++ b/lib/gssapi/krb5/unwrap.c
+@@ -227,7 +227,7 @@ unwrap_des3
+   if (ret)
+       return ret;
+
+-  if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
++  if (ct_memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
+     return GSS_S_BAD_SIG;
+   p += 2;
+   if (ct_memcmp (p, "\x02\x00", 2) == 0) {
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0003.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0003.patch
new file mode 100644
index 0000000000..55239356e4
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0003.patch
@@ -0,0 +1,50 @@
+From a587a4bcb28d5b9047f332573b1e7c8f89ca3edd Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Wed, 12 Oct 2022 13:57:42 +1300
+Subject: [PATCH] gsskrb5: CVE-2022-3437 Don't pass NULL pointers to memcpy()
+ in DES unwrap
+
+Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/a587a4bcb28d5b9047f332573b1e7c8f89ca3edd]
+CVE: CVE-2022-3437
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/unwrap.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c
+index 61a341ee43..d3987240dd 100644
+--- a/lib/gssapi/krb5/unwrap.c
++++ b/lib/gssapi/krb5/unwrap.c
+@@ -180,9 +180,10 @@ unwrap_des
+   output_message_buffer->value  = malloc(output_message_buffer->length);
+   if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
+       return GSS_S_FAILURE;
+-  memcpy (output_message_buffer->value,
+-	  p + 24,
+-	  output_message_buffer->length);
++  if (output_message_buffer->value != NULL)
++      memcpy (output_message_buffer->value,
++	      p + 24,
++	      output_message_buffer->length);
+   return GSS_S_COMPLETE;
+ }
+ #endif
+@@ -374,9 +375,10 @@ unwrap_des3
+   output_message_buffer->value  = malloc(output_message_buffer->length);
+   if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
+       return GSS_S_FAILURE;
+-  memcpy (output_message_buffer->value,
+-	  p + 36,
+-	  output_message_buffer->length);
++  if (output_message_buffer->value != NULL)
++      memcpy (output_message_buffer->value,
++	      p + 36,
++	      output_message_buffer->length);
+   return GSS_S_COMPLETE;
+ }
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0004.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0004.patch
new file mode 100644
index 0000000000..4e750f0dc6
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0004.patch
@@ -0,0 +1,57 @@
+From c758910eaad3c0de2cfb68830a661c4739675a7d Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Mon, 15 Aug 2022 16:53:45 +1200
+Subject: [PATCH] gsskrb5: CVE-2022-3437 Avoid undefined behaviour in
+ _gssapi_verify_pad()
+
+By decrementing 'pad' only when we know it's safe, we ensure we can't
+stray backwards past the start of a buffer, which would be undefined
+behaviour.
+
+In the previous version of the loop, 'i' is the number of bytes left to
+check, and 'pad' is the current byte we're checking. 'pad' was
+decremented at the end of each loop iteration. If 'i' was 1 (so we
+checked the final byte), 'pad' could potentially be pointing to the
+first byte of the input buffer, and the decrement would put it one
+byte behind the buffer.
+
+That would be undefined behaviour.
+
+The patch changes it so that 'pad' is the byte we previously checked,
+which allows us to ensure that we only decrement it when we know we
+have a byte to check.
+
+Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/c758910eaad3c0de2cfb68830a661c4739675a7d]
+CVE: CVE-2022-3437
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/decapsulate.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/lib/gssapi/krb5/decapsulate.c b/lib/gssapi/krb5/decapsulate.c
+index 86085f5695..4e3fcd659e 100644
+--- a/lib/gssapi/krb5/decapsulate.c
++++ b/lib/gssapi/krb5/decapsulate.c
+@@ -193,13 +193,13 @@ _gssapi_verify_pad(gss_buffer_t wrapped_token,
+     if (wrapped_token->length < 1)
+	return GSS_S_BAD_MECH;
+
+-    pad = (u_char *)wrapped_token->value + wrapped_token->length - 1;
+-    padlength = *pad;
++    pad = (u_char *)wrapped_token->value + wrapped_token->length;
++    padlength = pad[-1];
+
+     if (padlength > datalen)
+	return GSS_S_BAD_MECH;
+
+-    for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
++    for (i = padlength; i > 0 && *--pad == padlength; i--)
+	;
+     if (i != 0)
+	return GSS_S_BAD_MIC;
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0005.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0005.patch
new file mode 100644
index 0000000000..d6ea22e3df
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0005.patch
@@ -0,0 +1,37 @@
+From 414b2a77fd61c26d64562e3800dc5578d9d0f15d Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Mon, 15 Aug 2022 16:53:55 +1200
+Subject: [PATCH] gsskrb5: CVE-2022-3437 Check the result of
+ _gsskrb5_get_mech()
+
+We should make sure that the result of 'total_len - mech_len' won't
+overflow, and that we don't memcmp() past the end of the buffer.
+
+Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/414b2a77fd61c26d64562e3800dc5578d9d0f15d]
+CVE: CVE-2022-3437
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/decapsulate.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/gssapi/krb5/decapsulate.c b/lib/gssapi/krb5/decapsulate.c
+index 4e3fcd659e..031a621eab 100644
+--- a/lib/gssapi/krb5/decapsulate.c
++++ b/lib/gssapi/krb5/decapsulate.c
+@@ -80,6 +80,10 @@ _gssapi_verify_mech_header(u_char **str,
+
+     if (mech_len != mech->length)
+	return GSS_S_BAD_MECH;
++    if (mech_len > total_len)
++	return GSS_S_BAD_MECH;
++    if (p - *str > total_len - mech_len)
++	return GSS_S_BAD_MECH;
+     if (ct_memcmp(p,
+		  mech->elements,
+		  mech->length) != 0)
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0006.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0006.patch
new file mode 100644
index 0000000000..9fa59c29b0
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0006.patch
@@ -0,0 +1,65 @@
+From be9bbd93ed8f204b4bc1b92d1bc3c16aac194696 Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Mon, 15 Aug 2022 16:54:23 +1200
+Subject: [PATCH] gsskrb5: CVE-2022-3437 Check buffer length against overflow
+ for DES{,3} unwrap
+
+Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/be9bbd93ed8f204b4bc1b92d1bc3c16aac194696]
+CVE: CVE-2022-3437
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/unwrap.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c
+index d3987240dd..fddb64bc53 100644
+--- a/lib/gssapi/krb5/unwrap.c
++++ b/lib/gssapi/krb5/unwrap.c
+@@ -64,6 +64,8 @@ unwrap_des
+
+   if (IS_DCE_STYLE(context_handle)) {
+      token_len = 22 + 8 + 15; /* 45 */
++     if (input_message_buffer->length < token_len)
++	  return GSS_S_BAD_MECH;
+   } else {
+      token_len = input_message_buffer->length;
+   }
+@@ -76,6 +78,11 @@ unwrap_des
+   if (ret)
+       return ret;
+
++  len = (p - (u_char *)input_message_buffer->value)
++      + 22 + 8;
++  if (input_message_buffer->length < len)
++      return GSS_S_BAD_MECH;
++
+   if (memcmp (p, "\x00\x00", 2) != 0)
+     return GSS_S_BAD_SIG;
+   p += 2;
+@@ -216,6 +223,8 @@ unwrap_des3
+
+   if (IS_DCE_STYLE(context_handle)) {
+      token_len = 34 + 8 + 15; /* 57 */
++     if (input_message_buffer->length < token_len)
++	  return GSS_S_BAD_MECH;
+   } else {
+      token_len = input_message_buffer->length;
+   }
+@@ -228,6 +237,11 @@ unwrap_des3
+   if (ret)
+       return ret;
+
++  len = (p - (u_char *)input_message_buffer->value)
++      + 34 + 8;
++  if (input_message_buffer->length < len)
++      return GSS_S_BAD_MECH;
++
+   if (ct_memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
+     return GSS_S_BAD_SIG;
+   p += 2;
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0007.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0007.patch
new file mode 100644
index 0000000000..b3197afc34
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0007.patch
@@ -0,0 +1,39 @@
+From c8407ca079294d76a5ed140ba5b546f870d23ed2 Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Mon, 10 Oct 2022 20:33:09 +1300
+Subject: [PATCH] gsskrb5: CVE-2022-3437 Check for overflow in
+ _gsskrb5_get_mech()
+
+If len_len is equal to total_len - 1 (i.e. the input consists only of a
+0x60 byte and a length), the expression 'total_len - 1 - len_len - 1',
+used as the 'len' parameter to der_get_length(), will overflow to
+SIZE_MAX. Then der_get_length() will proceed to read, unconstrained,
+whatever data follows in memory. Add a check to ensure that doesn't
+happen.
+
+Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/c8407ca079294d76a5ed140ba5b546f870d23ed2]
+CVE: CVE-2022-3437
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/decapsulate.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/gssapi/krb5/decapsulate.c b/lib/gssapi/krb5/decapsulate.c
+index 031a621eab..d7b75a6422 100644
+--- a/lib/gssapi/krb5/decapsulate.c
++++ b/lib/gssapi/krb5/decapsulate.c
+@@ -54,6 +54,8 @@ _gsskrb5_get_mech (const u_char *ptr,
+     e = der_get_length (p, total_len - 1, &len, &len_len);
+     if (e || 1 + len_len + len != total_len)
+	return -1;
++    if (total_len < 1 + len_len + 1)
++	return -1;
+     p += len_len;
+     if (*p++ != 0x06)
+	return -1;
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0008.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0008.patch
new file mode 100644
index 0000000000..6d64312211
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0008.patch
@@ -0,0 +1,48 @@
+From 8fb508a25a6a47289c73e3f4339352a73a396eef Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Wed, 12 Oct 2022 13:57:33 +1300
+Subject: [PATCH] gsskrb5: CVE-2022-3437 Pass correct length to
+ _gssapi_verify_pad()
+
+We later subtract 8 when calculating the length of the output message
+buffer. If padlength is excessively high, this calculation can underflow
+and result in a very large positive value.
+
+Now we properly constrain the value of padlength so underflow shouldn't
+be possible.
+
+Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/8fb508a25a6a47289c73e3f4339352a73a396eef]
+CVE: CVE-2022-3437
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/unwrap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c
+index fddb64bc53..bab30f4501 100644
+--- a/lib/gssapi/krb5/unwrap.c
++++ b/lib/gssapi/krb5/unwrap.c
+@@ -124,7 +124,7 @@ unwrap_des
+   } else {
+     /* check pad */
+     ret = _gssapi_verify_pad(input_message_buffer,
+-			     input_message_buffer->length - len,
++			     input_message_buffer->length - len - 8,
+			     &padlength);
+     if (ret)
+         return ret;
+@@ -289,7 +289,7 @@ unwrap_des3
+   } else {
+     /* check pad */
+     ret = _gssapi_verify_pad(input_message_buffer,
+-			     input_message_buffer->length - len,
++			     input_message_buffer->length - len - 8,
+			     &padlength);
+     if (ret)
+         return ret;
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch
new file mode 100644
index 0000000000..07f4a18a2f
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch
@@ -0,0 +1,38 @@
+From eb87af0c2d189c25294c7daf483a47b03af80c2c Mon Sep 17 00:00:00 2001
+From: Jeffrey Altman <jaltman@secure-endpoints.com>
+Date: Wed, 17 Nov 2021 20:00:29 -0500
+Subject: [PATCH] lib/wind: find_normalize read past end of array
+
+find_normalize() can under some circumstances read one element
+beyond the input array.  The contents are discarded immediately
+without further use.
+
+This change prevents the unintended read.
+
+(cherry picked from commit 357a38fc7fb582ae73f4b7f4a90a4b0b871b149e)
+
+Change-Id: Ia2759a5632d64f7fa6553f879b5bbbf43ba3513e
+
+Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c]
+CVE: CVE-2022-41916
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/wind/normalize.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/wind/normalize.c b/lib/wind/normalize.c
+index 20e8a4a04b..8f3991d10e 100644
+--- a/lib/wind/normalize.c
++++ b/lib/wind/normalize.c
+@@ -227,9 +227,9 @@ find_composition(const uint32_t *in, unsigned in_len)
+	unsigned i;
+
+	if (n % 5 == 0) {
+-	    cur = *in++;
+	    if (in_len-- == 0)
+		return c->val;
++	    cur = *in++;
+	}
+
+	i = cur >> 16;
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-45142.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-45142.patch
new file mode 100644
index 0000000000..d6b9826e4b
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-45142.patch
@@ -0,0 +1,51 @@
+From: Helmut Grohne <helmut@...divi.de>
+Subject: [PATCH v3] CVE-2022-45142: gsskrb5: fix accidental logic inversions
+
+The referenced commit attempted to fix miscompilations with gcc-9 and
+gcc-10 by changing `memcmp(...)` to `memcmp(...) != 0`. Unfortunately,
+it also inverted the result of the comparison in two occasions. This
+inversion happened during backporting the patch to 7.7.1 and 7.8.0.
+
+Fixes: f6edaafcfefd ("gsskrb5: CVE-2022-3437 Use constant-time memcmp()
+ for arcfour unwrap")
+Signed-off-by: Helmut Grohne <helmut@...divi.de>
+
+Upstream-Status: Backport [https://www.openwall.com/lists/oss-security/2023/02/08/1]
+CVE: CVE-2022-45142
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/gssapi/krb5/arcfour.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Changes since v1:
+ * Fix typo in commit message.
+ * Mention 7.8.0 in commit message. Thanks to Jeffrey Altman.
+
+Changes since v2:
+ * Add CVE identifier.
+
+diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c
+index e838d007a..eee6ad72f 100644
+--- a/lib/gssapi/krb5/arcfour.c
++++ b/lib/gssapi/krb5/arcfour.c
+@@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
+	return GSS_S_FAILURE;
+     }
+
+-    cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0);
++    cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0);
+     if (cmp) {
+	*minor_status = 0;
+	return GSS_S_BAD_MIC;
+@@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
+	return GSS_S_FAILURE;
+     }
+
+-    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */
++    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
+     if (cmp) {
+	_gsskrb5_release_buffer(minor_status, output_message_buffer);
+	*minor_status = 0;
+--
+2.38.1
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-0922.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-0922.patch
new file mode 100644
index 0000000000..b8cb06bee1
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-0922.patch
@@ -0,0 +1,111 @@
+From 04e5a7eb03a1e913f34d77b7b6c2353b41ef546a Mon Sep 17 00:00:00 2001
+From: Rob van der Linde <rob@catalyst.net.nz>
+Date: Mon, 27 Feb 2023 14:06:23 +1300
+Subject: [PATCH] CVE-2023-0922 set default ldap client sasl wrapping to seal
+
+This avoids sending new or reset passwords in the clear
+(integrity protected only) from samba-tool in particular.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315
+
+Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
+Signed-off-by: Andrew Bartlett <abartlet@samba.org>
+Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+
+CVE: CVE-2023-0922
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/04e5a7eb03a]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ .../ldap/clientldapsaslwrapping.xml           | 27 +++++++++----------
+ lib/param/loadparm.c                          |  2 +-
+ python/samba/tests/auth_log.py                |  2 +-
+ source3/param/loadparm.c                      |  2 +-
+ 4 files changed, 16 insertions(+), 17 deletions(-)
+
+diff --git a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml
+index 3152f06..21bd209 100644
+--- a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml
++++ b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml
+@@ -18,25 +18,24 @@
+ 	</para>
+ 	
+ 	<para>
+-	This option is needed in the case of Domain Controllers enforcing 
+-	the usage of signed LDAP connections (e.g. Windows 2000 SP3 or higher).
+-	LDAP sign and seal can be controlled with the registry key
+-	"<literal>HKLM\System\CurrentControlSet\Services\</literal>
+-	<literal>NTDS\Parameters\LDAPServerIntegrity</literal>"
+-	on the Windows server side.  
+-	</para>
++	This option is needed firstly to secure the privacy of
++	administrative connections from <command>samba-tool</command>,
++	including in particular new or reset passwords for users. For
++	this reason the default is <emphasis>seal</emphasis>.</para>
+ 
+-	<para>
+-	Depending on the used KRB5 library (MIT and older Heimdal versions)
+-	it is possible that the message "integrity only" is not supported. 
+-	In this case, <emphasis>sign</emphasis> is just an alias for 
+-	<emphasis>seal</emphasis>.
++	<para>Additionally, <command>winbindd</command> and the
++	<command>net</command> tool can use LDAP to communicate with
++	Domain Controllers, so this option also controls the level of
++	privacy for those connections.  All supported AD DC versions
++	will enforce the usage of at least signed LDAP connections by
++	default, so a value of at least <emphasis>sign</emphasis> is
++	required in practice.
+ 	</para>
+ 
+ 	<para>
+-	The default value is <emphasis>sign</emphasis>. That implies synchronizing the time
++	The default value is <emphasis>seal</emphasis>. That implies synchronizing the time
+ 	with the KDC in the case of using <emphasis>Kerberos</emphasis>.
+ 	</para>
+ </description>
+-<value type="default">sign</value>
++<value type="default">seal</value>
+ </samba:parameter>
+diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
+index 75687f5..d260691 100644
+--- a/lib/param/loadparm.c
++++ b/lib/param/loadparm.c
+@@ -2970,7 +2970,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
+ 
+ 	lpcfg_do_global_parameter(lp_ctx, "ldap debug threshold", "10");
+ 
+-	lpcfg_do_global_parameter(lp_ctx, "client ldap sasl wrapping", "sign");
++	lpcfg_do_global_parameter(lp_ctx, "client ldap sasl wrapping", "seal");
+ 
+ 	lpcfg_do_global_parameter(lp_ctx, "mdns name", "netbios");
+ 
+diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py
+index 8ac76fe..d2db380 100644
+--- a/python/samba/tests/auth_log.py
++++ b/python/samba/tests/auth_log.py
+@@ -471,7 +471,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
+         def isLastExpectedMessage(msg):
+             return (msg["type"] == "Authorization" and
+                     msg["Authorization"]["serviceDescription"] == "LDAP" and
+-                    msg["Authorization"]["transportProtection"] == "SIGN" and
++                    msg["Authorization"]["transportProtection"] == "SEAL" and
+                     msg["Authorization"]["authType"] == "krb5")
+ 
+         self.samdb = SamDB(url="ldap://%s" % os.environ["SERVER"],
+diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
+index a99ab35..c47c5f6 100644
+--- a/source3/param/loadparm.c
++++ b/source3/param/loadparm.c
+@@ -754,7 +754,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
+ 	Globals.ldap_debug_level = 0;
+ 	Globals.ldap_debug_threshold = 10;
+ 
+-	Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
++	Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SEAL;
+ 
+ 	Globals.ldap_server_require_strong_auth =
+ 		LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
+-- 
+2.40.0
+
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0001.patch
new file mode 100644
index 0000000000..77a383f09e
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0001.patch
@@ -0,0 +1,78 @@
+From 38664163fcac985d87e4274d198568e0fe88595e Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Fri, 26 May 2023 13:06:19 +0200
+Subject: [PATCH] CVE-2023-34966: mdssvc: harden sl_unpack_loop()
+
+A malicious client could send a packet where subcount is zero, leading to a busy
+loop because
+
+    count -= subcount
+=>  count -= 0
+=>  while (count > 0)
+
+loops forever.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15340
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/38664163fcac985d87e4274d198568e0fe88595e]
+
+CVE: CVE-2023-34966
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpc_server/mdssvc/marshalling.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/source3/rpc_server/mdssvc/marshalling.c b/source3/rpc_server/mdssvc/marshalling.c
+index 9ba6ef571f2..d794ba15838 100644
+--- a/source3/rpc_server/mdssvc/marshalling.c
++++ b/source3/rpc_server/mdssvc/marshalling.c
+@@ -1119,7 +1119,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query,
+			sl_nil_t nil = 0;
+
+			subcount = tag.count;
+-			if (subcount > count) {
++			if (subcount < 1 || subcount > count) {
+				return -1;
+			}
+			for (i = 0; i < subcount; i++) {
+@@ -1147,7 +1147,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query,
+
+		case SQ_TYPE_INT64:
+			subcount = sl_unpack_ints(query, buf, offset, bufsize, encoding);
+-			if (subcount == -1 || subcount > count) {
++			if (subcount < 1 || subcount > count) {
+				return -1;
+			}
+			offset += tag.size;
+@@ -1156,7 +1156,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query,
+
+		case SQ_TYPE_UUID:
+			subcount = sl_unpack_uuid(query, buf, offset, bufsize, encoding);
+-			if (subcount == -1 || subcount > count) {
++			if (subcount < 1 || subcount > count) {
+				return -1;
+			}
+			offset += tag.size;
+@@ -1165,7 +1165,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query,
+
+		case SQ_TYPE_FLOAT:
+			subcount = sl_unpack_floats(query, buf, offset, bufsize, encoding);
+-			if (subcount == -1 || subcount > count) {
++			if (subcount < 1 || subcount > count) {
+				return -1;
+			}
+			offset += tag.size;
+@@ -1174,7 +1174,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query,
+
+		case SQ_TYPE_DATE:
+			subcount = sl_unpack_date(query, buf, offset, bufsize, encoding);
+-			if (subcount == -1 || subcount > count) {
++			if (subcount < 1 || subcount > count) {
+				return -1;
+			}
+			offset += tag.size;
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0002.patch
new file mode 100644
index 0000000000..a86d1729cf
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0002.patch
@@ -0,0 +1,140 @@
+From 10b6890d26b3c7a829a9e9a05ad1d1ff54daeca9 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Wed, 31 May 2023 15:34:26 +0200
+Subject: [PATCH] CVE-2023-34966: CI: test for sl_unpack_loop()
+
+Send a maliciously crafted packet where a nil type has a subcount of 0. This
+triggers an endless loop in mdssvc sl_unpack_loop().
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15340
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/10b6890d26b3c7a829a9e9a05ad1d1ff54daeca9]
+
+CVE: CVE-2023-34966
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source4/torture/rpc/mdssvc.c | 100 +++++++++++++++++++++++++++++++++++
+ 1 file changed, 100 insertions(+)
+
+diff --git a/source4/torture/rpc/mdssvc.c b/source4/torture/rpc/mdssvc.c
+index 2d2a8306412..a9956ef8f1d 100644
+--- a/source4/torture/rpc/mdssvc.c
++++ b/source4/torture/rpc/mdssvc.c
+@@ -581,6 +581,102 @@ done:
+	return ok;
+ }
+
++static uint8_t test_sl_unpack_loop_buf[] = {
++	0x34, 0x33, 0x32, 0x31, 0x33, 0x30, 0x64, 0x6d,
++	0x1d, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00,
++	0x01, 0x00, 0x00, 0x02, 0x01, 0x00, 0x00, 0x00,
++	0x01, 0x00, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00,
++	0x01, 0x00, 0x00, 0x02, 0x03, 0x00, 0x00, 0x00,
++	0x06, 0x00, 0x00, 0x07, 0x04, 0x00, 0x00, 0x00,
++	0x66, 0x65, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74,
++	0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x3a,
++	0x66, 0x6f, 0x72, 0x4f, 0x49, 0x44, 0x41, 0x72,
++	0x72, 0x61, 0x79, 0x3a, 0x63, 0x6f, 0x6e, 0x74,
++	0x65, 0x78, 0x74, 0x3a, 0x00, 0x00, 0x00, 0xea,
++	0x02, 0x00, 0x00, 0x84, 0x02, 0x00, 0x00, 0x00,
++	0x0a, 0x50, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++	0x01, 0x00, 0x00, 0x02, 0x04, 0x00, 0x00, 0x00,
++	0x01, 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00,
++	0x03, 0x00, 0x00, 0x07, 0x03, 0x00, 0x00, 0x00,
++	0x6b, 0x4d, 0x44, 0x49, 0x74, 0x65, 0x6d, 0x50,
++	0x61, 0x74, 0x68, 0x00, 0x00, 0x00, 0x00, 0x00,
++	0x01, 0x00, 0x00, 0x02, 0x06, 0x00, 0x00, 0x00,
++	0x03, 0x00, 0x00, 0x87, 0x08, 0x00, 0x00, 0x00,
++	0x01, 0x00, 0xdd, 0x0a, 0x20, 0x00, 0x00, 0x6b,
++	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++	0x07, 0x00, 0x00, 0x88, 0x00, 0x00, 0x00, 0x00,
++	0x02, 0x00, 0x00, 0x0a, 0x03, 0x00, 0x00, 0x00,
++	0x03, 0x00, 0x00, 0x0a, 0x03, 0x00, 0x00, 0x00,
++	0x04, 0x00, 0x00, 0x0c, 0x04, 0x00, 0x00, 0x00,
++	0x0e, 0x00, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x00,
++	0x0f, 0x00, 0x00, 0x0c, 0x03, 0x00, 0x00, 0x00,
++	0x13, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00, 0x00,
++	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++	0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
++	0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
++	0x00, 0x00, 0x00, 0x00
++};
++
++static bool test_mdssvc_sl_unpack_loop(struct torture_context *tctx,
++				       void *data)
++{
++	struct torture_mdsscv_state *state = talloc_get_type_abort(
++		data, struct torture_mdsscv_state);
++	struct dcerpc_binding_handle *b = state->p->binding_handle;
++	struct mdssvc_blob request_blob;
++	struct mdssvc_blob response_blob;
++	uint32_t device_id;
++	uint32_t unkn2;
++	uint32_t unkn9;
++	uint32_t fragment;
++	uint32_t flags;
++	NTSTATUS status;
++	bool ok = true;
++
++	device_id = UINT32_C(0x2f000045);
++	unkn2 = 23;
++	unkn9 = 0;
++	fragment = 0;
++	flags = UINT32_C(0x6b000001);
++
++	request_blob.spotlight_blob = test_sl_unpack_loop_buf;
++	request_blob.size = sizeof(test_sl_unpack_loop_buf);
++	request_blob.length = sizeof(test_sl_unpack_loop_buf);
++
++	response_blob.spotlight_blob = talloc_array(state,
++						    uint8_t,
++						    0);
++	torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
++				     ok, done, "dalloc_zero failed\n");
++	response_blob.size = 0;
++
++	status = dcerpc_mdssvc_cmd(b,
++				   state,
++				   &state->ph,
++				   0,
++				   device_id,
++				   unkn2,
++				   0,
++				   flags,
++				   request_blob,
++				   0,
++				   64 * 1024,
++				   1,
++				   64 * 1024,
++				   0,
++				   0,
++				   &fragment,
++				   &response_blob,
++				   &unkn9);
++	torture_assert_ntstatus_ok_goto(
++		tctx, status, ok, done,
++		"dcerpc_mdssvc_unknown1 failed\n");
++
++done:
++	return ok;
++}
++
+ static bool test_mdssvc_invalid_ph_close(struct torture_context *tctx,
+					 void *data)
+ {
+@@ -856,5 +952,9 @@ struct torture_suite *torture_rpc_mdssvc(TALLOC_CTX *mem_ctx)
+				      "fetch_unknown_cnid",
+				      test_mdssvc_fetch_attr_unknown_cnid);
+
++	torture_tcase_add_simple_test(tcase,
++				      "mdssvc_sl_unpack_loop",
++				      test_mdssvc_sl_unpack_loop);
++
+	return suite;
+ }
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0001.patch
new file mode 100644
index 0000000000..e30e54ab96
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0001.patch
@@ -0,0 +1,178 @@
+From 3b3c30e2acfb00d04c4013e32343bc277d5b1aa8 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Wed, 31 May 2023 16:26:14 +0200
+Subject: [PATCH] CVE-2023-34967: CI: add a test for type checking of
+ dalloc_value_for_key()
+
+Sends a maliciously crafted packet where the value in a key/value style
+dictionary for the "scope" key is a simple string object whereas the server
+expects an array. As the server doesn't perform type validation on the value, it
+crashes when trying to use the "simple" object as a "complex" one.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15341
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/3b3c30e2acfb00d04c4013e32343bc277d5b1aa8]
+
+CVE: CVE-2023-34967
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source4/torture/rpc/mdssvc.c | 134 +++++++++++++++++++++++++++++++++++
+ 1 file changed, 134 insertions(+)
+
+diff --git a/source4/torture/rpc/mdssvc.c b/source4/torture/rpc/mdssvc.c
+index f5f5939..1dce403 100644
+--- a/source4/torture/rpc/mdssvc.c
++++ b/source4/torture/rpc/mdssvc.c
+@@ -666,6 +666,136 @@ done:
+	return ok;
+ }
+
++static bool test_sl_dict_type_safety(struct torture_context *tctx,
++				     void *data)
++{
++	struct torture_mdsscv_state *state = talloc_get_type_abort(
++		data, struct torture_mdsscv_state);
++	struct dcerpc_binding_handle *b = state->p->binding_handle;
++	struct mdssvc_blob request_blob;
++	struct mdssvc_blob response_blob;
++	uint64_t ctx1 = 0xdeadbeef;
++	uint64_t ctx2 = 0xcafebabe;
++	uint32_t device_id;
++	uint32_t unkn2;
++	uint32_t unkn9;
++	uint32_t fragment;
++	uint32_t flags;
++	DALLOC_CTX *d = NULL;
++	sl_array_t *array1 = NULL, *array2 = NULL;
++	sl_dict_t *arg = NULL;
++	int result;
++	NTSTATUS status;
++	bool ok = true;
++
++	device_id = UINT32_C(0x2f000045);
++	unkn2 = 23;
++	unkn9 = 0;
++	fragment = 0;
++	flags = UINT32_C(0x6b000001);
++
++	d = dalloc_new(tctx);
++	torture_assert_not_null_goto(tctx, d,
++				     ok, done, "dalloc_new failed\n");
++
++	array1 = dalloc_zero(d, sl_array_t);
++	torture_assert_not_null_goto(tctx, array1,
++				     ok, done, "dalloc_zero failed\n");
++
++	array2 = dalloc_zero(d, sl_array_t);
++	torture_assert_not_null_goto(tctx, array2,
++				     ok, done, "dalloc_new failed\n");
++
++	result = dalloc_stradd(array2, "openQueryWithParams:forContext:");
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_stradd failed\n");
++
++	result = dalloc_add_copy(array2, &ctx1, uint64_t);
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_stradd failed\n");
++
++	result = dalloc_add_copy(array2, &ctx2, uint64_t);
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_stradd failed\n");
++
++	arg = dalloc_zero(array1, sl_dict_t);
++	torture_assert_not_null_goto(tctx, d,
++				     ok, done, "dalloc_zero failed\n");
++
++	result = dalloc_stradd(arg, "kMDQueryString");
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_stradd failed\n");
++
++	result = dalloc_stradd(arg, "*");
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_stradd failed\n");
++
++	result = dalloc_stradd(arg, "kMDScopeArray");
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_stradd failed\n");
++
++	result = dalloc_stradd(arg, "AAAABBBB");
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_stradd failed\n");
++
++	result = dalloc_add(array1, array2, sl_array_t);
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_add failed\n");
++
++	result = dalloc_add(array1, arg, sl_dict_t);
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_add failed\n");
++
++	result = dalloc_add(d, array1, sl_array_t);
++	torture_assert_goto(tctx, result == 0,
++			    ok, done, "dalloc_add failed\n");
++
++	torture_comment(tctx, "%s", dalloc_dump(d, 0));
++
++	request_blob.spotlight_blob = talloc_array(tctx,
++						   uint8_t,
++						   64 * 1024);
++	torture_assert_not_null_goto(tctx, request_blob.spotlight_blob,
++				     ok, done, "dalloc_new failed\n");
++	request_blob.size = 64 * 1024;
++
++	request_blob.length = sl_pack(d,
++				      (char *)request_blob.spotlight_blob,
++				      request_blob.size);
++	torture_assert_goto(tctx, request_blob.length > 0,
++			    ok, done, "sl_pack failed\n");
++
++	response_blob.spotlight_blob = talloc_array(state, uint8_t, 0);
++	torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
++				     ok, done, "dalloc_zero failed\n");
++	response_blob.size = 0;
++
++	status = dcerpc_mdssvc_cmd(b,
++				   state,
++				   &state->ph,
++				   0,
++				   device_id,
++				   unkn2,
++				   0,
++				   flags,
++				   request_blob,
++				   0,
++				   64 * 1024,
++				   1,
++				   64 * 1024,
++				   0,
++				   0,
++				   &fragment,
++				   &response_blob,
++				   &unkn9);
++	torture_assert_ntstatus_ok_goto(
++		tctx, status, ok, done,
++		"dcerpc_mdssvc_cmd failed\n");
++
++done:
++	return ok;
++}
++
+ static bool test_mdssvc_invalid_ph_close(struct torture_context *tctx,
+					 void *data)
+ {
+@@ -940,6 +1070,10 @@ struct torture_suite *torture_rpc_mdssvc(TALLOC_CTX *mem_ctx)
+	torture_tcase_add_simple_test(tcase,
+				      "mdssvc_sl_unpack_loop",
+				      test_mdssvc_sl_unpack_loop);
++	torture_tcase_add_simple_test(tcase,
++				      "sl_dict_type_safety",
++				      test_sl_dict_type_safety);
++
+
+	return suite;
+ }
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0002.patch
new file mode 100644
index 0000000000..2e4907ab62
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0002.patch
@@ -0,0 +1,125 @@
+From 049c13245649fab412b61a5b55e5a7dea72d7c72 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Fri, 26 May 2023 15:06:38 +0200
+Subject: [PATCH] CVE-2023-34967: mdssvc: add type checking to
+ dalloc_value_for_key()
+
+Change the dalloc_value_for_key() function to require an additional final
+argument which denotes the expected type of the value associated with a key. If
+the types don't match, return NULL.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15341
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/4c60e35add4a1abd04334012a8d6edf1c3f396ba]
+
+CVE: CVE-2023-34967
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpc_server/mdssvc/dalloc.c | 14 ++++++++++----
+ source3/rpc_server/mdssvc/mdssvc.c | 17 +++++++++++++----
+ 2 files changed, 23 insertions(+), 8 deletions(-)
+
+diff --git a/source3/rpc_server/mdssvc/dalloc.c b/source3/rpc_server/mdssvc/dalloc.c
+index 007702d..8b79b41 100644
+--- a/source3/rpc_server/mdssvc/dalloc.c
++++ b/source3/rpc_server/mdssvc/dalloc.c
+@@ -159,7 +159,7 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...)
+	int result = 0;
+	void *p = NULL;
+	va_list args;
+-	const char *type;
++	const char *type = NULL;
+	int elem;
+	size_t array_len;
+
+@@ -170,7 +170,6 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...)
+		array_len = talloc_array_length(d->dd_talloc_array);
+		elem = va_arg(args, int);
+		if (elem >= array_len) {
+-			va_end(args);
+			result = -1;
+			goto done;
+		}
+@@ -178,8 +177,6 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...)
+		type = va_arg(args, const char *);
+	}
+
+-	va_end(args);
+-
+	array_len = talloc_array_length(d->dd_talloc_array);
+
+	for (elem = 0; elem + 1 < array_len; elem += 2) {
+@@ -192,8 +189,17 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...)
+			break;
+		}
+	}
++	if (p == NULL) {
++		goto done;
++	}
++
++	type = va_arg(args, const char *);
++	if (strcmp(talloc_get_name(p), type) != 0) {
++		p = NULL;
++	}
+
+ done:
++	va_end(args);
+	if (result != 0) {
+		p = NULL;
+	}
+diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
+index a983a88..fe6e0c2 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.c
++++ b/source3/rpc_server/mdssvc/mdssvc.c
+@@ -884,7 +884,8 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx,
+
+	querystring = dalloc_value_for_key(query, "DALLOC_CTX", 0,
+					   "DALLOC_CTX", 1,
+-					   "kMDQueryString");
++					   "kMDQueryString",
++					   "char *");
+	if (querystring == NULL) {
+		DEBUG(1, ("missing kMDQueryString\n"));
+		goto error;
+@@ -924,8 +925,11 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx,
+	slq->ctx2 = *uint64p;
+
+	path_scope = dalloc_value_for_key(query, "DALLOC_CTX", 0,
+-					  "DALLOC_CTX", 1, "kMDScopeArray");
++                                          "DALLOC_CTX", 1,
++					  "kMDScopeArray",
++					  "sl_array_t");
+	if (path_scope == NULL) {
++		DBG_ERR("missing kMDScopeArray\n");
+		goto error;
+	}
+
+@@ -940,8 +944,11 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx,
+	}
+
+	reqinfo = dalloc_value_for_key(query, "DALLOC_CTX", 0,
+-				       "DALLOC_CTX", 1, "kMDAttributeArray");
++		                       "DALLOC_CTX", 1,
++				       "kMDAttributeArray",
++				       "sl_array_t");
+	if (reqinfo == NULL) {
++		DBG_ERR("missing kMDAttributeArray\n");
+		goto error;
+	}
+
+@@ -949,7 +956,9 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx,
+	DEBUG(10, ("requested attributes: %s", dalloc_dump(reqinfo, 0)));
+
+	cnids = dalloc_value_for_key(query, "DALLOC_CTX", 0,
+-				     "DALLOC_CTX", 1, "kMDQueryItemArray");
++			             "DALLOC_CTX", 1,
++				     "kMDQueryItemArray",
++				     "sl_array_t");
+	if (cnids) {
+		ok = sort_cnids(slq, cnids->ca_cnids);
+		if (!ok) {
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0001.patch
new file mode 100644
index 0000000000..ad8e3e4ce3
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0001.patch
@@ -0,0 +1,104 @@
+From 98b2a013bc723cd660978d5a1db40b987816f90e Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Tue, 6 Jun 2023 15:17:26 +0200
+Subject: [PATCH] CVE-2023-34968: mdssvc: cache and reuse stat info in struct
+ sl_inode_path_map
+
+Prepare for the "path" being a fake path and not the real server-side
+path where we won't be able to vfs_stat_fsp() this fake path. Luckily we already
+got stat info for the object in mds_add_result() so we can just pass stat info
+from there.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/98b2a013bc723cd660978d5a1db40b987816f90e]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpc_server/mdssvc/mdssvc.c | 32 +++++++-----------------------
+ source3/rpc_server/mdssvc/mdssvc.h |  1 +
+ 2 files changed, 8 insertions(+), 25 deletions(-)
+
+diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
+index 26a3ec7..a6cc653 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.c
++++ b/source3/rpc_server/mdssvc/mdssvc.c
+@@ -446,7 +446,10 @@ static int ino_path_map_destr_cb(struct sl_inode_path_map *entry)
+  * entries by calling talloc_free() on the query slq handles.
+  **/
+
+-static bool inode_map_add(struct sl_query *slq, uint64_t ino, const char *path)
++static bool inode_map_add(struct sl_query *slq,
++			  uint64_t ino,
++			  const char *path,
++			  struct stat_ex *st)
+ {
+	NTSTATUS status;
+	struct sl_inode_path_map *entry;
+@@ -493,6 +496,7 @@ static bool inode_map_add(struct sl_query *slq, uint64_t ino, const char *path)
+
+	entry->ino = ino;
+	entry->mds_ctx = slq->mds_ctx;
++	entry->st = *st;
+	entry->path = talloc_strdup(entry, path);
+	if (entry->path == NULL) {
+		DEBUG(1, ("talloc failed\n"));
+@@ -629,7 +633,7 @@ bool mds_add_result(struct sl_query *slq, const char *path)
+		return false;
+	}
+
+-	ok = inode_map_add(slq, ino64, path);
++	ok = inode_map_add(slq, ino64, path, &sb);
+	if (!ok) {
+		DEBUG(1, ("inode_map_add error\n"));
+		slq->state = SLQ_STATE_ERROR;
+@@ -1350,29 +1354,7 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx,
+		elem = talloc_get_type_abort(p, struct sl_inode_path_map);
+		path = elem->path;
+
+-		status = synthetic_pathref(talloc_tos(),
+-					   mds_ctx->conn->cwd_fsp,
+-					   path,
+-					   NULL,
+-					   NULL,
+-					   0,
+-					   0,
+-					   &smb_fname);
+-		if (!NT_STATUS_IS_OK(status)) {
+-			/* This is not an error, the user may lack permissions */
+-			DBG_DEBUG("synthetic_pathref [%s]: %s\n",
+-				  smb_fname_str_dbg(smb_fname),
+-				  nt_errstr(status));
+-			return true;
+-		}
+-
+-		result = SMB_VFS_FSTAT(smb_fname->fsp, &smb_fname->st);
+-		if (result != 0) {
+-			TALLOC_FREE(smb_fname);
+-			return true;
+-		}
+-
+-		sp = &smb_fname->st;
++		sp = &elem->st;
+	}
+
+	ok = add_filemeta(mds_ctx, reqinfo, fm_array, path, sp);
+diff --git a/source3/rpc_server/mdssvc/mdssvc.h b/source3/rpc_server/mdssvc/mdssvc.h
+index 3924827..a097991 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.h
++++ b/source3/rpc_server/mdssvc/mdssvc.h
+@@ -105,6 +105,7 @@ struct sl_inode_path_map {
+	struct mds_ctx    *mds_ctx;
+	uint64_t           ino;
+	char              *path;
++	struct stat_ex     st;
+ };
+
+ /* Per process state */
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0002.patch
new file mode 100644
index 0000000000..21b98c4d7e
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0002.patch
@@ -0,0 +1,39 @@
+From 47a0c1681dd1e7ec407679793966ec8bdc08a24e Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Sat, 17 Jun 2023 13:39:55 +0200
+Subject: [PATCH] CVE-2023-34968: mdssvc: add missing "kMDSStoreMetaScopes"
+ dict key in slrpc_fetch_properties()
+
+We were adding the value, but not the key.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/47a0c1681dd1e7ec407679793966ec8bdc08a24e]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpc_server/mdssvc/mdssvc.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
+index a6d09a43b9c..9c23ef95753 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.c
++++ b/source3/rpc_server/mdssvc/mdssvc.c
+@@ -730,6 +730,10 @@ static bool slrpc_fetch_properties(struct mds_ctx *mds_ctx,
+	}
+
+	/* kMDSStoreMetaScopes array */
++	result = dalloc_stradd(dict, "kMDSStoreMetaScopes");
++	if (result != 0) {
++		return false;
++	}
+	array = dalloc_zero(dict, sl_array_t);
+	if (array == NULL) {
+		return NULL;
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0003.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0003.patch
new file mode 100644
index 0000000000..42106d82b8
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0003.patch
@@ -0,0 +1,65 @@
+From 56a21b3bc8fb24416ead9061f9305c8122bc7f86 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Mon, 19 Jun 2023 17:14:38 +0200
+Subject: [PATCH] CVE-2023-34968: mdscli: use correct TALLOC memory context
+ when allocating spotlight_blob
+
+d is talloc_free()d at the end of the functions and the buffer was later used
+after beeing freed in the DCERPC layer when sending the packet.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/56a21b3bc8fb24416ead9061f9305c8122bc7f86]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpc_client/cli_mdssvc_util.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/source3/rpc_client/cli_mdssvc_util.c b/source3/rpc_client/cli_mdssvc_util.c
+index fe5092c3790..892a844e71a 100644
+--- a/source3/rpc_client/cli_mdssvc_util.c
++++ b/source3/rpc_client/cli_mdssvc_util.c
+@@ -209,7 +209,7 @@ NTSTATUS mdscli_blob_search(TALLOC_CTX *mem_ctx,
+		return NT_STATUS_NO_MEMORY;
+	}
+
+-	blob->spotlight_blob = talloc_array(d,
++	blob->spotlight_blob = talloc_array(mem_ctx,
+					    uint8_t,
+					    ctx->max_fragment_size);
+	if (blob->spotlight_blob == NULL) {
+@@ -293,7 +293,7 @@ NTSTATUS mdscli_blob_get_results(TALLOC_CTX *mem_ctx,
+		return NT_STATUS_NO_MEMORY;
+	}
+
+-	blob->spotlight_blob = talloc_array(d,
++	blob->spotlight_blob = talloc_array(mem_ctx,
+					    uint8_t,
+					    ctx->max_fragment_size);
+	if (blob->spotlight_blob == NULL) {
+@@ -426,7 +426,7 @@ NTSTATUS mdscli_blob_get_path(TALLOC_CTX *mem_ctx,
+		return NT_STATUS_NO_MEMORY;
+	}
+
+-	blob->spotlight_blob = talloc_array(d,
++	blob->spotlight_blob = talloc_array(mem_ctx,
+					    uint8_t,
+					    ctx->max_fragment_size);
+	if (blob->spotlight_blob == NULL) {
+@@ -510,7 +510,7 @@ NTSTATUS mdscli_blob_close_search(TALLOC_CTX *mem_ctx,
+		return NT_STATUS_NO_MEMORY;
+	}
+
+-	blob->spotlight_blob = talloc_array(d,
++	blob->spotlight_blob = talloc_array(mem_ctx,
+					    uint8_t,
+					    ctx->max_fragment_size);
+	if (blob->spotlight_blob == NULL) {
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch
new file mode 100644
index 0000000000..785908b528
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch
@@ -0,0 +1,85 @@
+From 0ae6084d1a9c4eb12e9f1ab1902e00f96bcbea55 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Mon, 19 Jun 2023 18:28:41 +0200
+Subject: [PATCH] CVE-2023-34968: mdscli: remove response blob allocation
+
+This is handled by the NDR code transparently.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+---
+ source3/rpc_client/cli_mdssvc.c | 36 ---------------------------------
+ 1 file changed, 36 deletions(-)
+
+diff --git a/source3/rpc_client/cli_mdssvc.c b/source3/rpc_client/cli_mdssvc.c
+index 046d37135cb..474d7c0b150 100644
+--- a/source3/rpc_client/cli_mdssvc.c
++++ b/source3/rpc_client/cli_mdssvc.c
+@@ -276,15 +276,6 @@ struct tevent_req *mdscli_search_send(TALLOC_CTX *mem_ctx,
+		return tevent_req_post(req, ev);
+	}
+
+-	state->response_blob.spotlight_blob = talloc_array(
+-		state,
+-		uint8_t,
+-		mdscli_ctx->max_fragment_size);
+-	if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
+-		return tevent_req_post(req, ev);
+-	}
+-	state->response_blob.size = mdscli_ctx->max_fragment_size;
+-
+	subreq = dcerpc_mdssvc_cmd_send(state,
+					ev,
+					mdscli_ctx->bh,
+@@ -457,15 +448,6 @@ struct tevent_req *mdscli_get_results_send(
+		return tevent_req_post(req, ev);
+	}
+
+-	state->response_blob.spotlight_blob = talloc_array(
+-		state,
+-		uint8_t,
+-		mdscli_ctx->max_fragment_size);
+-	if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
+-		return tevent_req_post(req, ev);
+-	}
+-	state->response_blob.size = mdscli_ctx->max_fragment_size;
+-
+	subreq = dcerpc_mdssvc_cmd_send(state,
+					ev,
+					mdscli_ctx->bh,
+@@ -681,15 +663,6 @@ struct tevent_req *mdscli_get_path_send(TALLOC_CTX *mem_ctx,
+		return tevent_req_post(req, ev);
+	}
+
+-	state->response_blob.spotlight_blob = talloc_array(
+-		state,
+-		uint8_t,
+-		mdscli_ctx->max_fragment_size);
+-	if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
+-		return tevent_req_post(req, ev);
+-	}
+-	state->response_blob.size = mdscli_ctx->max_fragment_size;
+-
+	subreq = dcerpc_mdssvc_cmd_send(state,
+					ev,
+					mdscli_ctx->bh,
+@@ -852,15 +825,6 @@ struct tevent_req *mdscli_close_search_send(TALLOC_CTX *mem_ctx,
+		return tevent_req_post(req, ev);
+	}
+
+-	state->response_blob.spotlight_blob = talloc_array(
+-		state,
+-		uint8_t,
+-		mdscli_ctx->max_fragment_size);
+-	if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
+-		return tevent_req_post(req, ev);
+-	}
+-	state->response_blob.size = mdscli_ctx->max_fragment_size;
+-
+	subreq = dcerpc_mdssvc_cmd_send(state,
+					ev,
+					mdscli_ctx->bh,
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0005.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0005.patch
new file mode 100644
index 0000000000..308b441e95
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0005.patch
@@ -0,0 +1,83 @@
+From 353a9ccea6ff93ea2cd604dcc2b0372f056f819d Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Tue, 20 Jun 2023 11:28:47 +0200
+Subject: [PATCH] CVE-2023-34968: smbtorture: remove response blob allocation
+ in mdssvc.c
+
+This is alreay done by NDR for us.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/353a9ccea6ff93ea2cd604dcc2b0372f056f819d]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+
+---
+ source4/torture/rpc/mdssvc.c | 26 --------------------------
+ 1 file changed, 26 deletions(-)
+
+diff --git a/source4/torture/rpc/mdssvc.c b/source4/torture/rpc/mdssvc.c
+index 3689692f7de..a16bd5b47e3 100644
+--- a/source4/torture/rpc/mdssvc.c
++++ b/source4/torture/rpc/mdssvc.c
+@@ -536,13 +536,6 @@ static bool test_mdssvc_invalid_ph_cmd(struct torture_context *tctx,
+	request_blob.length = 0;
+	request_blob.size = 0;
+
+-	response_blob.spotlight_blob = talloc_array(state,
+-						    uint8_t,
+-						    0);
+-	torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
+-				     ok, done, "dalloc_zero failed\n");
+-	response_blob.size = 0;
+-
+	status =  dcerpc_mdssvc_cmd(b,
+				    state,
+				    &ph,
+@@ -632,13 +625,6 @@ static bool test_mdssvc_sl_unpack_loop(struct torture_context *tctx,
+	request_blob.size = sizeof(test_sl_unpack_loop_buf);
+	request_blob.length = sizeof(test_sl_unpack_loop_buf);
+
+-	response_blob.spotlight_blob = talloc_array(state,
+-						    uint8_t,
+-						    0);
+-	torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
+-				     ok, done, "dalloc_zero failed\n");
+-	response_blob.size = 0;
+-
+	status = dcerpc_mdssvc_cmd(b,
+				   state,
+				   &state->ph,
+@@ -764,11 +750,6 @@ static bool test_sl_dict_type_safety(struct torture_context *tctx,
+	torture_assert_goto(tctx, request_blob.length > 0,
+			    ok, done, "sl_pack failed\n");
+
+-	response_blob.spotlight_blob = talloc_array(state, uint8_t, 0);
+-	torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
+-				     ok, done, "dalloc_zero failed\n");
+-	response_blob.size = 0;
+-
+	status = dcerpc_mdssvc_cmd(b,
+				   state,
+				   &state->ph,
+@@ -926,13 +907,6 @@ static bool test_mdssvc_fetch_attr_unknown_cnid(struct torture_context *tctx,
+				     ret, done, "dalloc_zero failed\n");
+	request_blob.size = max_fragment_size;
+
+-	response_blob.spotlight_blob = talloc_array(state,
+-						    uint8_t,
+-						    max_fragment_size);
+-	torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
+-				     ret, done, "dalloc_zero failed\n");
+-	response_blob.size = max_fragment_size;
+-
+	len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
+	torture_assert_goto(tctx, len != -1, ret, done, "sl_pack failed\n");
+
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch
new file mode 100644
index 0000000000..34526a8c8e
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch
@@ -0,0 +1,57 @@
+From 449f1280b718c6da3b8e309fe124be4e9bfd8184 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Tue, 20 Jun 2023 11:35:41 +0200
+Subject: [PATCH] CVE-2023-34968: rpcclient: remove response blob allocation
+
+This is alreay done by NDR for us.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/449f1280b718c6da3b8e309fe124be4e9bfd8184]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpcclient/cmd_spotlight.c | 16 ----------------
+ 1 file changed, 16 deletions(-)
+
+diff --git a/source3/rpcclient/cmd_spotlight.c b/source3/rpcclient/cmd_spotlight.c
+index 24db9893df6..64fe321089c 100644
+--- a/source3/rpcclient/cmd_spotlight.c
++++ b/source3/rpcclient/cmd_spotlight.c
+@@ -144,13 +144,6 @@ static NTSTATUS cmd_mdssvc_fetch_properties(
+	}
+	request_blob.size = max_fragment_size;
+
+-	response_blob.spotlight_blob = talloc_array(mem_ctx, uint8_t, max_fragment_size);
+-	if (response_blob.spotlight_blob == NULL) {
+-		status = NT_STATUS_INTERNAL_ERROR;
+-		goto done;
+-	}
+-	response_blob.size = max_fragment_size;
+-
+	len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
+	if (len == -1) {
+		status = NT_STATUS_INTERNAL_ERROR;
+@@ -368,15 +361,6 @@ static NTSTATUS cmd_mdssvc_fetch_attributes(
+	}
+	request_blob.size = max_fragment_size;
+
+-	response_blob.spotlight_blob = talloc_array(mem_ctx,
+-						    uint8_t,
+-						    max_fragment_size);
+-	if (response_blob.spotlight_blob == NULL) {
+-		status = NT_STATUS_INTERNAL_ERROR;
+-		goto done;
+-	}
+-	response_blob.size = max_fragment_size;
+-
+	len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
+	if (len == -1) {
+		status = NT_STATUS_INTERNAL_ERROR;
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0007.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0007.patch
new file mode 100644
index 0000000000..679e174c05
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0007.patch
@@ -0,0 +1,49 @@
+From cc593a6ac531f02f2fe70fd4f7dfe649a02f9206 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Tue, 20 Jun 2023 11:42:10 +0200
+Subject: [PATCH] CVE-2023-34968: mdssvc: remove response blob allocation
+
+This is alreay done by NDR for us.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/cc593a6ac531f02f2fe70fd4f7dfe649a02f9206]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpc_server/mdssvc/srv_mdssvc_nt.c | 8 --------
+ 1 file changed, 8 deletions(-)
+
+diff --git a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+index b8eed8b..714e6c1 100644
+--- a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
++++ b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+@@ -209,7 +209,6 @@ void _mdssvc_unknown1(struct pipes_struct *p, struct mdssvc_unknown1 *r)
+ void _mdssvc_cmd(struct pipes_struct *p, struct mdssvc_cmd *r)
+ {
+	bool ok;
+-	char *rbuf;
+	struct mds_ctx *mds_ctx;
+	NTSTATUS status;
+
+@@ -266,13 +265,6 @@ void _mdssvc_cmd(struct pipes_struct *p, struct mdssvc_cmd *r)
+		return;
+	}
+
+-	rbuf = talloc_zero_array(p->mem_ctx, char, r->in.max_fragment_size1);
+-	if (rbuf == NULL) {
+-		p->fault_state = DCERPC_FAULT_CANT_PERFORM;
+-		return;
+-	}
+-	r->out.response_blob->spotlight_blob = (uint8_t *)rbuf;
+-	r->out.response_blob->size = r->in.max_fragment_size1;
+
+	/* We currently don't use fragmentation at the mdssvc RPC layer */
+	*r->out.fragment = 0;
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0008.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0008.patch
new file mode 100644
index 0000000000..e65379fe83
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0008.patch
@@ -0,0 +1,62 @@
+From 397919e82b493206ae9b60bb9c539d52c3207729 Mon Sep 17 00:00:00 2001
+From: Archana Polampalli <archana.polampalli@windriver.com>
+Date: Fri, 29 Sep 2023 08:59:31 +0000
+Subject: [PATCH] CVE-2023-34968: mdssvc: switch to doing an early return
+
+Just reduce indentation of the code handling the success case. No change in
+behaviour.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/397919e82b493206ae9b60bb9c539d52c3207729]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpc_server/mdssvc/mdssvc.c | 26 ++++++++++++++------------
+ 1 file changed, 14 insertions(+), 12 deletions(-)
+
+diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
+index a6cc653..0e6a916 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.c
++++ b/source3/rpc_server/mdssvc/mdssvc.c
+@@ -1798,19 +1798,21 @@ bool mds_dispatch(struct mds_ctx *mds_ctx,
+	}
+
+	ok = slcmd->function(mds_ctx, query, reply);
+-	if (ok) {
+-		DBG_DEBUG("%s", dalloc_dump(reply, 0));
+-
+-		len = sl_pack(reply,
+-			      (char *)response_blob->spotlight_blob,
+-			      response_blob->size);
+-		if (len == -1) {
+-			DBG_ERR("error packing Spotlight RPC reply\n");
+-			ok = false;
+-			goto cleanup;
+-		}
+-		response_blob->length = len;
++        if (!ok) {
++		goto cleanup;
++	}
++
++	DBG_DEBUG("%s", dalloc_dump(reply, 0));
++
++	len = sl_pack(reply,
++		      (char *)response_blob->spotlight_blob,
++		      response_blob->size);
++	if (len == -1) {
++		DBG_ERR("error packing Spotlight RPC reply\n");
++		ok = false;
++		goto cleanup;
+	}
++	response_blob->length = len;
+
+ cleanup:
+	talloc_free(query);
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0009.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0009.patch
new file mode 100644
index 0000000000..e21f2ba4be
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0009.patch
@@ -0,0 +1,465 @@
+From cb8313e7bee75454ce29d2b2f657927259298f52 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Mon, 19 Jun 2023 18:16:57 +0200
+Subject: [PATCH] CVE-2023-34968: mdssvc: introduce an allocating wrapper to
+ sl_pack()
+
+sl_pack_alloc() does the buffer allocation that previously all callers of
+sl_pack() did themselves.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/cb8313e7bee75454ce29d2b2f657927259298f52]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/rpc_client/cli_mdssvc_util.c      | 80 +++++------------------
+ source3/rpc_server/mdssvc/marshalling.c   | 35 ++++++++--
+ source3/rpc_server/mdssvc/marshalling.h   |  9 ++-
+ source3/rpc_server/mdssvc/mdssvc.c        | 18 ++---
+ source3/rpc_server/mdssvc/mdssvc.h        |  5 +-
+ source3/rpc_server/mdssvc/srv_mdssvc_nt.c |  5 +-
+ source3/rpcclient/cmd_spotlight.c         | 32 ++-------
+ source4/torture/rpc/mdssvc.c              | 24 ++-----
+ 8 files changed, 80 insertions(+), 128 deletions(-)
+
+diff --git a/source3/rpc_client/cli_mdssvc_util.c b/source3/rpc_client/cli_mdssvc_util.c
+index 892a844..a39202d 100644
+--- a/source3/rpc_client/cli_mdssvc_util.c
++++ b/source3/rpc_client/cli_mdssvc_util.c
+@@ -42,7 +42,7 @@ NTSTATUS mdscli_blob_search(TALLOC_CTX *mem_ctx,
+	sl_array_t *scope_array = NULL;
+	double dval;
+	uint64_t uint64val;
+-	ssize_t len;
++	NTSTATUS status;
+	int ret;
+
+	d = dalloc_new(mem_ctx);
+@@ -209,23 +209,11 @@ NTSTATUS mdscli_blob_search(TALLOC_CTX *mem_ctx,
+		return NT_STATUS_NO_MEMORY;
+	}
+
+-	blob->spotlight_blob = talloc_array(mem_ctx,
+-					    uint8_t,
+-					    ctx->max_fragment_size);
+-	if (blob->spotlight_blob == NULL) {
+-		TALLOC_FREE(d);
+-		return NT_STATUS_NO_MEMORY;
+-	}
+-	blob->size = ctx->max_fragment_size;
+-
+-	len = sl_pack(d, (char *)blob->spotlight_blob, blob->size);
++	status = sl_pack_alloc(mem_ctx, d, blob, ctx->max_fragment_size);
+	TALLOC_FREE(d);
+-	if (len == -1) {
+-		return NT_STATUS_NO_MEMORY;
++	if (!NT_STATUS_IS_OK(status)) {
++		return status;
+	}
+-
+-	blob->length = len;
+-	blob->size = len;
+	return NT_STATUS_OK;
+ }
+
+@@ -238,7 +226,7 @@ NTSTATUS mdscli_blob_get_results(TALLOC_CTX *mem_ctx,
+	uint64_t *uint64p = NULL;
+	sl_array_t *array = NULL;
+	sl_array_t *cmd_array = NULL;
+-	ssize_t len;
++	NTSTATUS status;
+	int ret;
+
+	d = dalloc_new(mem_ctx);
+@@ -293,23 +281,11 @@ NTSTATUS mdscli_blob_get_results(TALLOC_CTX *mem_ctx,
+		return NT_STATUS_NO_MEMORY;
+	}
+
+-	blob->spotlight_blob = talloc_array(mem_ctx,
+-					    uint8_t,
+-					    ctx->max_fragment_size);
+-	if (blob->spotlight_blob == NULL) {
+-		TALLOC_FREE(d);
+-		return NT_STATUS_NO_MEMORY;
+-	}
+-	blob->size = ctx->max_fragment_size;
+-
+-	len = sl_pack(d, (char *)blob->spotlight_blob, blob->size);
++	status = sl_pack_alloc(mem_ctx, d, blob, ctx->max_fragment_size);
+	TALLOC_FREE(d);
+-	if (len == -1) {
+-		return NT_STATUS_NO_MEMORY;
++	if (!NT_STATUS_IS_OK(status)) {
++		return status;
+	}
+-
+-	blob->length = len;
+-	blob->size = len;
+	return NT_STATUS_OK;
+ }
+
+@@ -325,7 +301,7 @@ NTSTATUS mdscli_blob_get_path(TALLOC_CTX *mem_ctx,
+	sl_array_t *cmd_array = NULL;
+	sl_array_t *attr_array = NULL;
+	sl_cnids_t *cnids = NULL;
+-	ssize_t len;
++	NTSTATUS status;
+	int ret;
+
+	d = dalloc_new(mem_ctx);
+@@ -426,23 +402,11 @@ NTSTATUS mdscli_blob_get_path(TALLOC_CTX *mem_ctx,
+		return NT_STATUS_NO_MEMORY;
+	}
+
+-	blob->spotlight_blob = talloc_array(mem_ctx,
+-					    uint8_t,
+-					    ctx->max_fragment_size);
+-	if (blob->spotlight_blob == NULL) {
+-		TALLOC_FREE(d);
+-		return NT_STATUS_NO_MEMORY;
+-	}
+-	blob->size = ctx->max_fragment_size;
+-
+-	len = sl_pack(d, (char *)blob->spotlight_blob, blob->size);
++	status = sl_pack_alloc(mem_ctx, d, blob, ctx->max_fragment_size);
+	TALLOC_FREE(d);
+-	if (len == -1) {
+-		return NT_STATUS_NO_MEMORY;
++	if (!NT_STATUS_IS_OK(status)) {
++		return status;
+	}
+-
+-	blob->length = len;
+-	blob->size = len;
+	return NT_STATUS_OK;
+ }
+
+@@ -455,7 +419,7 @@ NTSTATUS mdscli_blob_close_search(TALLOC_CTX *mem_ctx,
+	uint64_t *uint64p = NULL;
+	sl_array_t *array = NULL;
+	sl_array_t *cmd_array = NULL;
+-	ssize_t len;
++	NTSTATUS status;
+	int ret;
+
+	d = dalloc_new(mem_ctx);
+@@ -510,22 +474,10 @@ NTSTATUS mdscli_blob_close_search(TALLOC_CTX *mem_ctx,
+		return NT_STATUS_NO_MEMORY;
+	}
+
+-	blob->spotlight_blob = talloc_array(mem_ctx,
+-					    uint8_t,
+-					    ctx->max_fragment_size);
+-	if (blob->spotlight_blob == NULL) {
+-		TALLOC_FREE(d);
+-		return NT_STATUS_NO_MEMORY;
+-	}
+-	blob->size = ctx->max_fragment_size;
+-
+-	len = sl_pack(d, (char *)blob->spotlight_blob, blob->size);
++	status = sl_pack_alloc(mem_ctx, d, blob, ctx->max_fragment_size);
+	TALLOC_FREE(d);
+-	if (len == -1) {
+-		return NT_STATUS_NO_MEMORY;
++	if (!NT_STATUS_IS_OK(status)) {
++		return status;
+	}
+-
+-	blob->length = len;
+-	blob->size = len;
+	return NT_STATUS_OK;
+ }
+diff --git a/source3/rpc_server/mdssvc/marshalling.c b/source3/rpc_server/mdssvc/marshalling.c
+index 441d411..34bfda5 100644
+--- a/source3/rpc_server/mdssvc/marshalling.c
++++ b/source3/rpc_server/mdssvc/marshalling.c
+@@ -78,6 +78,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query, const char *buf,
+			      ssize_t offset, size_t bufsize,
+			      int count, ssize_t toc_offset,
+			      int encoding);
++static ssize_t sl_pack(DALLOC_CTX *query, char *buf, size_t bufsize);
+
+ /******************************************************************************
+  * Wrapper functions for the *VAL macros with bound checking
+@@ -1190,11 +1191,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query,
+	return offset;
+ }
+
+-/******************************************************************************
+- * Global functions for packing und unpacking
+- ******************************************************************************/
+-
+-ssize_t sl_pack(DALLOC_CTX *query, char *buf, size_t bufsize)
++static ssize_t sl_pack(DALLOC_CTX *query, char *buf, size_t bufsize)
+ {
+	ssize_t result;
+	char *toc_buf;
+@@ -1274,6 +1271,34 @@ ssize_t sl_pack(DALLOC_CTX *query, char *buf, size_t bufsize)
+	return len;
+ }
+
++/******************************************************************************
++ * Global functions for packing und unpacking
++ ******************************************************************************/
++
++NTSTATUS sl_pack_alloc(TALLOC_CTX *mem_ctx,
++		       DALLOC_CTX *d,
++		       struct mdssvc_blob *b,
++		       size_t max_fragment_size)
++{
++	ssize_t len;
++
++	b->spotlight_blob = talloc_zero_array(mem_ctx,
++					      uint8_t,
++					      max_fragment_size);
++	if (b->spotlight_blob == NULL) {
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	len = sl_pack(d, (char *)b->spotlight_blob, max_fragment_size);
++	if (len == -1) {
++		return NT_STATUS_DATA_ERROR;
++	}
++
++	b->length = len;
++	b->size = len;
++	return NT_STATUS_OK;
++}
++
+ bool sl_unpack(DALLOC_CTX *query, const char *buf, size_t bufsize)
+ {
+	ssize_t result;
+diff --git a/source3/rpc_server/mdssvc/marshalling.h b/source3/rpc_server/mdssvc/marshalling.h
+index 086ca74..2cc1b44 100644
+--- a/source3/rpc_server/mdssvc/marshalling.h
++++ b/source3/rpc_server/mdssvc/marshalling.h
+@@ -22,6 +22,9 @@
+ #define _MDSSVC_MARSHALLING_H
+
+ #include "dalloc.h"
++#include "libcli/util/ntstatus.h"
++#include "lib/util/data_blob.h"
++#include "librpc/gen_ndr/mdssvc.h"
+
+ #define MAX_SL_FRAGMENT_SIZE 0xFFFFF
+
+@@ -49,7 +52,11 @@ typedef struct {
+  * Function declarations
+  ******************************************************************************/
+
+-extern ssize_t sl_pack(DALLOC_CTX *query, char *buf, size_t bufsize);
++extern NTSTATUS sl_pack_alloc(TALLOC_CTX *mem_ctx,
++			      DALLOC_CTX *d,
++			      struct mdssvc_blob *b,
++			      size_t max_fragment_size);
++
+ extern bool sl_unpack(DALLOC_CTX *query, const char *buf, size_t bufsize);
+
+ #endif
+diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
+index 0e6a916..19257e8 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.c
++++ b/source3/rpc_server/mdssvc/mdssvc.c
+@@ -1726,11 +1726,11 @@ error:
+  **/
+ bool mds_dispatch(struct mds_ctx *mds_ctx,
+		  struct mdssvc_blob *request_blob,
+-		  struct mdssvc_blob *response_blob)
++		  struct mdssvc_blob *response_blob,
++		  size_t max_fragment_size)
+ {
+	bool ok;
+	int ret;
+-	ssize_t len;
+	DALLOC_CTX *query = NULL;
+	DALLOC_CTX *reply = NULL;
+	char *rpccmd;
+@@ -1738,6 +1738,7 @@ bool mds_dispatch(struct mds_ctx *mds_ctx,
+	const struct smb_filename conn_basedir = {
+		.base_name = mds_ctx->conn->connectpath,
+	};
++	NTSTATUS status;
+
+	if (CHECK_DEBUGLVL(10)) {
+		const struct sl_query *slq;
+@@ -1804,15 +1805,14 @@ bool mds_dispatch(struct mds_ctx *mds_ctx,
+
+	DBG_DEBUG("%s", dalloc_dump(reply, 0));
+
+-	len = sl_pack(reply,
+-		      (char *)response_blob->spotlight_blob,
+-		      response_blob->size);
+-	if (len == -1) {
+-		DBG_ERR("error packing Spotlight RPC reply\n");
+-		ok = false;
++	status = sl_pack_alloc(response_blob,
++			       reply,
++			       response_blob,
++			       max_fragment_size);
++	if (!NT_STATUS_IS_OK(status)) {
++		DBG_ERR("sl_pack_alloc() failed\n");
+		goto cleanup;
+	}
+-	response_blob->length = len;
+
+ cleanup:
+	talloc_free(query);
+diff --git a/source3/rpc_server/mdssvc/mdssvc.h b/source3/rpc_server/mdssvc/mdssvc.h
+index a097991..b3bd8b9 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.h
++++ b/source3/rpc_server/mdssvc/mdssvc.h
+@@ -157,9 +157,10 @@ struct mds_ctx *mds_init_ctx(TALLOC_CTX *mem_ctx,
+			     int snum,
+			     const char *sharename,
+			     const char *path);
+-extern bool mds_dispatch(struct mds_ctx *query_ctx,
++extern bool mds_dispatch(struct mds_ctx *mds_ctx,
+			 struct mdssvc_blob *request_blob,
+-			 struct mdssvc_blob *response_blob);
++			 struct mdssvc_blob *response_blob,
++			 size_t max_fragment_size);
+ bool mds_add_result(struct sl_query *slq, const char *path);
+
+ #endif /* _MDSSVC_H */
+diff --git a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+index 714e6c1..59e2a97 100644
+--- a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
++++ b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+@@ -269,7 +269,10 @@ void _mdssvc_cmd(struct pipes_struct *p, struct mdssvc_cmd *r)
+	/* We currently don't use fragmentation at the mdssvc RPC layer */
+	*r->out.fragment = 0;
+
+-	ok = mds_dispatch(mds_ctx, &r->in.request_blob, r->out.response_blob);
++	ok = mds_dispatch(mds_ctx,
++			  &r->in.request_blob,
++			  r->out.response_blob,
++			  r->in.max_fragment_size1);
+	if (ok) {
+		*r->out.unkn9 = 0;
+	} else {
+diff --git a/source3/rpcclient/cmd_spotlight.c b/source3/rpcclient/cmd_spotlight.c
+index 64fe321..ba3f61f 100644
+--- a/source3/rpcclient/cmd_spotlight.c
++++ b/source3/rpcclient/cmd_spotlight.c
+@@ -43,7 +43,6 @@ static NTSTATUS cmd_mdssvc_fetch_properties(
+	uint32_t unkn3;	     /* server always returns 0 ? */
+	struct mdssvc_blob request_blob;
+	struct mdssvc_blob response_blob;
+-	ssize_t len;
+	uint32_t max_fragment_size = 64 * 1024;
+	DALLOC_CTX *d, *mds_reply;
+	uint64_t *uint64var;
+@@ -137,20 +136,10 @@ static NTSTATUS cmd_mdssvc_fetch_properties(
+		goto done;
+	}
+
+-	request_blob.spotlight_blob = talloc_array(mem_ctx, uint8_t, max_fragment_size);
+-	if (request_blob.spotlight_blob == NULL) {
+-		status = NT_STATUS_INTERNAL_ERROR;
+-		goto done;
+-	}
+-	request_blob.size = max_fragment_size;
+-
+-	len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
+-	if (len == -1) {
+-		status = NT_STATUS_INTERNAL_ERROR;
++	status = sl_pack_alloc(mem_ctx, d, &request_blob, max_fragment_size);
++	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+-	request_blob.length = len;
+-	request_blob.size = len;
+
+	status =  dcerpc_mdssvc_cmd(b, mem_ctx,
+				    &share_handle,
+@@ -204,7 +193,6 @@ static NTSTATUS cmd_mdssvc_fetch_attributes(
+	uint32_t unkn3;	     /* server always returns 0 ? */
+	struct mdssvc_blob request_blob;
+	struct mdssvc_blob response_blob;
+-	ssize_t len;
+	uint32_t max_fragment_size = 64 * 1024;
+	DALLOC_CTX *d, *mds_reply;
+	uint64_t *uint64var;
+@@ -352,22 +340,10 @@ static NTSTATUS cmd_mdssvc_fetch_attributes(
+		goto done;
+	}
+
+-	request_blob.spotlight_blob = talloc_array(mem_ctx,
+-						   uint8_t,
+-						   max_fragment_size);
+-	if (request_blob.spotlight_blob == NULL) {
+-		status = NT_STATUS_INTERNAL_ERROR;
+-		goto done;
+-	}
+-	request_blob.size = max_fragment_size;
+-
+-	len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
+-	if (len == -1) {
+-		status = NT_STATUS_INTERNAL_ERROR;
++	status = sl_pack_alloc(mem_ctx, d, &request_blob, max_fragment_size);
++	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+-	request_blob.length = len;
+-	request_blob.size = len;
+
+	status = dcerpc_mdssvc_cmd(b, mem_ctx,
+				   &share_handle,
+diff --git a/source4/torture/rpc/mdssvc.c b/source4/torture/rpc/mdssvc.c
+index e99c82c..1305456 100644
+--- a/source4/torture/rpc/mdssvc.c
++++ b/source4/torture/rpc/mdssvc.c
+@@ -745,11 +745,9 @@ static bool test_sl_dict_type_safety(struct torture_context *tctx,
+				     ok, done, "dalloc_new failed\n");
+	request_blob.size = 64 * 1024;
+
+-	request_blob.length = sl_pack(d,
+-				      (char *)request_blob.spotlight_blob,
+-				      request_blob.size);
+-	torture_assert_goto(tctx, request_blob.length > 0,
+-			    ok, done, "sl_pack failed\n");
++	status = sl_pack_alloc(tctx, d, &request_blob, 64 * 1024);
++	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
++					"sl_pack_alloc() failed\n");
+
+	status = dcerpc_mdssvc_cmd(b,
+				   state,
+@@ -836,7 +834,6 @@ static bool test_mdssvc_fetch_attr_unknown_cnid(struct torture_context *tctx,
+	const char *path_type = NULL;
+	uint64_t ino64;
+	NTSTATUS status;
+-	ssize_t len;
+	int ret;
+	bool ok = true;
+
+@@ -901,19 +898,10 @@ static bool test_mdssvc_fetch_attr_unknown_cnid(struct torture_context *tctx,
+	ret = dalloc_add(array, cnids, sl_cnids_t);
+	torture_assert_goto(tctx, ret == 0, ret, done, "dalloc_add failed\n");
+
+-	request_blob.spotlight_blob = talloc_array(state,
+-						   uint8_t,
+-						   max_fragment_size);
+-	torture_assert_not_null_goto(tctx, request_blob.spotlight_blob,
+-				     ret, done, "dalloc_zero failed\n");
+-	request_blob.size = max_fragment_size;
+-
+-	len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
+-	torture_assert_goto(tctx, len != -1, ret, done, "sl_pack failed\n");
+-
+-	request_blob.length = len;
+-	request_blob.size = len;
+
++	status = sl_pack_alloc(tctx, d, &request_blob, max_fragment_size);
++	torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
++					"sl_pack_alloc() failed\n");
+	status =  dcerpc_mdssvc_cmd(b,
+				    state,
+				    &state->ph,
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0010.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0010.patch
new file mode 100644
index 0000000000..57668f5eef
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0010.patch
@@ -0,0 +1,484 @@
+From a5c570e262911874e43e82de601d809aa5b1b729 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Sat, 17 Jun 2023 13:53:27 +0200
+Subject: [PATCH] CVE-2023-34968: mdscli: return share relative paths The next
+ commit will change the Samba Spotlight server to return absolute paths that
+ start with the sharename as "/SHARENAME/..." followed by the share path
+ relative appended.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+So given a share
+
+  [spotlight]
+    path = /foo/bar
+    spotlight = yes
+
+and a file inside this share with a full path of
+
+  /foo/bar/dir/file
+
+previously a search that matched this file would returns the absolute
+server-side pato of the file, ie
+
+  /foo/bar/dir/file
+
+This will be change to
+
+  /spotlight/dir/file
+
+As currently the mdscli library and hence the mdsearch tool print out these
+paths returned from the server, we have to change the output to accomodate these
+fake paths. The only way to do this sensibly is by makeing the paths relative to
+the containing share, so just
+
+  dir/file
+
+in the example above.
+
+The client learns about the share root path prefix – real server-side of fake in
+the future – in an initial handshake in the "share_path" out argument of the
+mdssvc_open() RPC call, so the client can use this path to convert the absolute
+path to relative.
+
+There is however an additional twist: the macOS Spotlight server prefixes this
+absolute path with another prefix, typically "/System/Volumes/Data", so in the
+example above the full path for the same search would be
+
+  /System/Volumes/Data/foo/bar/dir/file
+
+So macOS does return the full server-side path too, just prefixed with an
+additional path. This path prefixed can be queried by the client in the
+mdssvc_cmd() RPC call with an Spotlight command of "fetchPropertiesForContext:"
+and the path is returned in a dictionary with key "kMDSStorePathScopes". Samba
+just returns "/" for this.
+
+Currently the mdscli library doesn't issue this Spotlight RPC
+request (fetchPropertiesForContext), so this is added in this commit. In the
+end, all search result paths are stripped of the combined prefix
+
+  kMDSStorePathScopes + share_path (from mdssvc_open).
+
+eg
+
+  kMDSStorePathScopes = /System/Volumes/Data
+  share_path = /foo/bar
+  search result = /System/Volumes/Data/foo/bar/dir/file
+  relative path returned by mdscli = dir/file
+
+Makes sense? :)
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/a5c570e262911874e43e82de601d809aa5b1b729]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ python/samba/tests/dcerpc/mdssvc.py     |  26 ++--
+ source3/rpc_client/cli_mdssvc.c         | 155 +++++++++++++++++++++++-
+ source3/rpc_client/cli_mdssvc_private.h |   4 +
+ source3/rpc_client/cli_mdssvc_util.c    |  68 +++++++++++
+ source3/rpc_client/cli_mdssvc_util.h    |   4 +
+ 5 files changed, 243 insertions(+), 14 deletions(-)
+
+diff --git a/python/samba/tests/dcerpc/mdssvc.py b/python/samba/tests/dcerpc/mdssvc.py
+index b0df509..5002e5d 100644
+--- a/python/samba/tests/dcerpc/mdssvc.py
++++ b/python/samba/tests/dcerpc/mdssvc.py
+@@ -84,10 +84,11 @@ class MdssvcTests(RpcInterfaceTestCase):
+         self.t = threading.Thread(target=MdssvcTests.http_server, args=(self,))
+         self.t.setDaemon(True)
+         self.t.start()
++        self.sharepath = os.environ["LOCAL_PATH"]
+         time.sleep(1)
+
+         conn = mdscli.conn(self.pipe, 'spotlight', '/foo')
+-        self.sharepath = conn.sharepath()
++        self.fakepath = conn.sharepath()
+         conn.disconnect(self.pipe)
+
+         for file in testfiles:
+@@ -105,12 +106,11 @@ class MdssvcTests(RpcInterfaceTestCase):
+         self.server.serve_forever()
+
+     def run_test(self, query, expect, json_in, json_out):
+-        expect = [s.replace("%BASEPATH%", self.sharepath) for s in expect]
+         self.server.json_in = json_in.replace("%BASEPATH%", self.sharepath)
+         self.server.json_out = json_out.replace("%BASEPATH%", self.sharepath)
+
+         self.conn = mdscli.conn(self.pipe, 'spotlight', '/foo')
+-        search = self.conn.search(self.pipe, query, self.sharepath)
++        search = self.conn.search(self.pipe, query, self.fakepath)
+
+         # Give it some time, the get_results() below returns immediately
+         # what's available, so if we ask to soon, we might get back no results
+@@ -141,7 +141,7 @@ class MdssvcTests(RpcInterfaceTestCase):
+             ]
+           }
+         }'''
+-        exp_results = ["%BASEPATH%/foo", "%BASEPATH%/bar"]
++        exp_results = ["foo", "bar"]
+         self.run_test('*=="samba*"', exp_results, exp_json_query, fake_json_response)
+
+     def test_mdscli_search_escapes(self):
+@@ -181,14 +181,14 @@ class MdssvcTests(RpcInterfaceTestCase):
+           }
+         }'''
+         exp_results = [
+-            r"%BASEPATH%/x+x",
+-            r"%BASEPATH%/x*x",
+-            r"%BASEPATH%/x=x",
+-            r"%BASEPATH%/x'x",
+-            r"%BASEPATH%/x?x",
+-            r"%BASEPATH%/x x",
+-            r"%BASEPATH%/x(x",
+-            "%BASEPATH%/x\"x",
+-            r"%BASEPATH%/x\x",
++            r"x+x",
++            r"x*x",
++            r"x=x",
++            r"x'x",
++            r"x?x",
++            r"x x",
++            r"x(x",
++            "x\"x",
++            r"x\x",
+         ]
+         self.run_test(sl_query, exp_results, exp_json_query, fake_json_response)
+diff --git a/source3/rpc_client/cli_mdssvc.c b/source3/rpc_client/cli_mdssvc.c
+index 07c19b5..a047b91 100644
+--- a/source3/rpc_client/cli_mdssvc.c
++++ b/source3/rpc_client/cli_mdssvc.c
+@@ -43,10 +43,12 @@ char *mdscli_get_basepath(TALLOC_CTX *mem_ctx,
+ struct mdscli_connect_state {
+	struct tevent_context *ev;
+	struct mdscli_ctx *mdscli_ctx;
++	struct mdssvc_blob response_blob;
+ };
+
+ static void mdscli_connect_open_done(struct tevent_req *subreq);
+ static void mdscli_connect_unknown1_done(struct tevent_req *subreq);
++static void mdscli_connect_fetch_props_done(struct tevent_req *subreq);
+
+ struct tevent_req *mdscli_connect_send(TALLOC_CTX *mem_ctx,
+				       struct tevent_context *ev,
+@@ -111,6 +113,7 @@ static void mdscli_connect_open_done(struct tevent_req *subreq)
+	struct mdscli_connect_state *state = tevent_req_data(
+		req, struct mdscli_connect_state);
+	struct mdscli_ctx *mdscli_ctx = state->mdscli_ctx;
++	size_t share_path_len;
+	NTSTATUS status;
+
+	status = dcerpc_mdssvc_open_recv(subreq, state);
+@@ -120,6 +123,18 @@ static void mdscli_connect_open_done(struct tevent_req *subreq)
+		return;
+	}
+
++	share_path_len = strlen(mdscli_ctx->mdscmd_open.share_path);
++	if (share_path_len < 1 || share_path_len > UINT16_MAX) {
++		tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
++		return;
++	}
++	mdscli_ctx->mdscmd_open.share_path_len = share_path_len;
++
++	if (mdscli_ctx->mdscmd_open.share_path[share_path_len-1] == '/') {
++		mdscli_ctx->mdscmd_open.share_path[share_path_len-1] = '\0';
++		mdscli_ctx->mdscmd_open.share_path_len--;
++	}
++
+	subreq = dcerpc_mdssvc_unknown1_send(
+			state,
+			state->ev,
+@@ -146,6 +161,8 @@ static void mdscli_connect_unknown1_done(struct tevent_req *subreq)
+		subreq, struct tevent_req);
+	struct mdscli_connect_state *state = tevent_req_data(
+		req, struct mdscli_connect_state);
++	struct mdscli_ctx *mdscli_ctx = state->mdscli_ctx;
++	struct mdssvc_blob request_blob;
+	NTSTATUS status;
+
+	status = dcerpc_mdssvc_unknown1_recv(subreq, state);
+@@ -153,6 +170,108 @@ static void mdscli_connect_unknown1_done(struct tevent_req *subreq)
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
++	status = mdscli_blob_fetch_props(state,
++					 state->mdscli_ctx,
++					 &request_blob);
++	if (tevent_req_nterror(req, status)) {
++		return;
++	}
++
++	subreq = dcerpc_mdssvc_cmd_send(state,
++					state->ev,
++					mdscli_ctx->bh,
++					&mdscli_ctx->ph,
++					0,
++					mdscli_ctx->dev,
++					mdscli_ctx->mdscmd_open.unkn2,
++					0,
++					mdscli_ctx->flags,
++					request_blob,
++					0,
++					mdscli_ctx->max_fragment_size,
++					1,
++					mdscli_ctx->max_fragment_size,
++					0,
++					0,
++					&mdscli_ctx->mdscmd_cmd.fragment,
++					&state->response_blob,
++					&mdscli_ctx->mdscmd_cmd.unkn9);
++	if (tevent_req_nomem(subreq, req)) {
++		return;
++	}
++	tevent_req_set_callback(subreq, mdscli_connect_fetch_props_done, req);
++	mdscli_ctx->async_pending++;
++	return;
++}
++
++static void mdscli_connect_fetch_props_done(struct tevent_req *subreq)
++{
++	struct tevent_req *req = tevent_req_callback_data(
++		subreq, struct tevent_req);
++	struct mdscli_connect_state *state = tevent_req_data(
++		req, struct mdscli_connect_state);
++	struct mdscli_ctx *mdscli_ctx = state->mdscli_ctx;
++	DALLOC_CTX *d = NULL;
++	sl_array_t *path_scope_array = NULL;
++	char *path_scope = NULL;
++	NTSTATUS status;
++	bool ok;
++
++	status = dcerpc_mdssvc_cmd_recv(subreq, state);
++	TALLOC_FREE(subreq);
++	state->mdscli_ctx->async_pending--;
++	if (tevent_req_nterror(req, status)) {
++		return;
++	}
++
++	d = dalloc_new(state);
++	if (tevent_req_nomem(d, req)) {
++		return;
++	}
++
++	ok = sl_unpack(d,
++		       (char *)state->response_blob.spotlight_blob,
++		       state->response_blob.length);
++	if (!ok) {
++		tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
++		return;
++	}
++
++	path_scope_array = dalloc_value_for_key(d,
++						"DALLOC_CTX", 0,
++						"kMDSStorePathScopes",
++						"sl_array_t");
++	if (path_scope_array == NULL) {
++		DBG_ERR("Missing kMDSStorePathScopes\n");
++		tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
++		return;
++	}
++
++	path_scope = dalloc_get(path_scope_array, "char *", 0);
++	if (path_scope == NULL) {
++		DBG_ERR("Missing path in kMDSStorePathScopes\n");
++		tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
++		return;
++	}
++
++	mdscli_ctx->path_scope_len = strlen(path_scope);
++	if (mdscli_ctx->path_scope_len < 1 ||
++	    mdscli_ctx->path_scope_len > UINT16_MAX)
++	{
++		DBG_ERR("Bad path_scope: %s\n", path_scope);
++		tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
++		return;
++	}
++	mdscli_ctx->path_scope = talloc_strdup(mdscli_ctx, path_scope);
++	if (tevent_req_nomem(mdscli_ctx->path_scope, req)) {
++		return;
++	}
++
++	if (mdscli_ctx->path_scope[mdscli_ctx->path_scope_len-1] == '/') {
++		mdscli_ctx->path_scope[mdscli_ctx->path_scope_len-1] = '\0';
++		mdscli_ctx->path_scope_len--;
++	}
++
+
+	tevent_req_done(req);
+ }
+@@ -697,7 +816,10 @@ static void mdscli_get_path_done(struct tevent_req *subreq)
+	struct mdscli_get_path_state *state = tevent_req_data(
+		req, struct mdscli_get_path_state);
+	DALLOC_CTX *d = NULL;
++	size_t pathlen;
++	size_t prefixlen;
+	char *path = NULL;
++	const char *p = NULL;
+	NTSTATUS status;
+	bool ok;
+
+@@ -732,7 +854,38 @@ static void mdscli_get_path_done(struct tevent_req *subreq)
+		tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+		return;
+	}
+-	state->path = talloc_move(state, &path);
++
++	/* Path is prefixed by /PATHSCOPE/SHARENAME/, strip it */
++	pathlen = strlen(path);
++
++	/*
++	 * path_scope_len and share_path_len are already checked to be smaller
++	 * then UINT16_MAX so this can't overflow
++	 */
++	prefixlen = state->mdscli_ctx->path_scope_len
++		+ state->mdscli_ctx->mdscmd_open.share_path_len;
++
++	if (pathlen < prefixlen) {
++		DBG_DEBUG("Bad path: %s\n", path);
++		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
++		return;
++	}
++
++	p = path + prefixlen;
++	while (*p == '/') {
++		p++;
++	}
++	if (*p == '\0') {
++		DBG_DEBUG("Bad path: %s\n", path);
++		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
++		return;
++	}
++
++	state->path = talloc_strdup(state, p);
++	if (state->path == NULL) {
++		tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
++		return;
++	}
+	DBG_DEBUG("path: %s\n", state->path);
+
+	tevent_req_done(req);
+diff --git a/source3/rpc_client/cli_mdssvc_private.h b/source3/rpc_client/cli_mdssvc_private.h
+index 031af85..b10aca0 100644
+--- a/source3/rpc_client/cli_mdssvc_private.h
++++ b/source3/rpc_client/cli_mdssvc_private.h
+@@ -42,6 +42,7 @@ struct mdscli_ctx {
+	/* cmd specific or unknown fields */
+	struct {
+		char share_path[1025];
++		size_t share_path_len;
+		uint32_t unkn2;
+		uint32_t unkn3;
+	} mdscmd_open;
+@@ -56,6 +57,9 @@ struct mdscli_ctx {
+	struct {
+		uint32_t status;
+	} mdscmd_close;
++
++	char *path_scope;
++	size_t path_scope_len;
+ };
+
+ struct mdscli_search_ctx {
+diff --git a/source3/rpc_client/cli_mdssvc_util.c b/source3/rpc_client/cli_mdssvc_util.c
+index a39202d..1eaaca7 100644
+--- a/source3/rpc_client/cli_mdssvc_util.c
++++ b/source3/rpc_client/cli_mdssvc_util.c
+@@ -28,6 +28,74 @@
+ #include "rpc_server/mdssvc/dalloc.h"
+ #include "rpc_server/mdssvc/marshalling.h"
+
++NTSTATUS mdscli_blob_fetch_props(TALLOC_CTX *mem_ctx,
++				 struct mdscli_ctx *ctx,
++				 struct mdssvc_blob *blob)
++{
++	DALLOC_CTX *d = NULL;
++	uint64_t *uint64p = NULL;
++	sl_array_t *array = NULL;
++	sl_array_t *cmd_array = NULL;
++	NTSTATUS status;
++	int ret;
++
++	d = dalloc_new(mem_ctx);
++	if (d == NULL) {
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	array = dalloc_zero(d, sl_array_t);
++	if (array == NULL) {
++		TALLOC_FREE(d);
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	ret = dalloc_add(d, array, sl_array_t);
++	if (ret != 0) {
++		TALLOC_FREE(d);
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	cmd_array = dalloc_zero(d, sl_array_t);
++	if (cmd_array == NULL) {
++		TALLOC_FREE(d);
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	ret = dalloc_add(array, cmd_array, sl_array_t);
++	if (ret != 0) {
++		TALLOC_FREE(d);
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	ret = dalloc_stradd(cmd_array, "fetchPropertiesForContext:");
++	if (ret != 0) {
++		TALLOC_FREE(d);
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	uint64p = talloc_zero_array(cmd_array, uint64_t, 2);
++	if (uint64p == NULL) {
++		TALLOC_FREE(d);
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	talloc_set_name(uint64p, "uint64_t *");
++
++	ret = dalloc_add(cmd_array, uint64p, uint64_t *);
++	if (ret != 0) {
++		TALLOC_FREE(d);
++		return NT_STATUS_NO_MEMORY;
++	}
++
++	status = sl_pack_alloc(mem_ctx, d, blob, ctx->max_fragment_size);
++	TALLOC_FREE(d);
++	if (!NT_STATUS_IS_OK(status)) {
++		return status;
++	}
++	return NT_STATUS_OK;
++}
++
+ NTSTATUS mdscli_blob_search(TALLOC_CTX *mem_ctx,
+			    struct mdscli_search_ctx *search,
+			    struct mdssvc_blob *blob)
+diff --git a/source3/rpc_client/cli_mdssvc_util.h b/source3/rpc_client/cli_mdssvc_util.h
+index 7a98c85..3f32475 100644
+--- a/source3/rpc_client/cli_mdssvc_util.h
++++ b/source3/rpc_client/cli_mdssvc_util.h
+@@ -21,6 +21,10 @@
+ #ifndef _MDSCLI_UTIL_H_
+ #define _MDSCLI_UTIL_H_
+
++NTSTATUS mdscli_blob_fetch_props(TALLOC_CTX *mem_ctx,
++				 struct mdscli_ctx *ctx,
++				 struct mdssvc_blob *blob);
++
+ NTSTATUS mdscli_blob_search(TALLOC_CTX *mem_ctx,
+			    struct mdscli_search_ctx *search,
+			    struct mdssvc_blob *blob);
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0011.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0011.patch
new file mode 100644
index 0000000000..d2bef187f7
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0011.patch
@@ -0,0 +1,295 @@
+From 091b0265fe42878d676def5d4f5b4f8f3977b0e2 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Mon, 5 Jun 2023 18:02:20 +0200
+Subject: [PATCH] CVE-2023-34968: mdssvc: return a fake share path Instead of
+ returning the real server-side absolute path of shares and search results,
+ return a fake absolute path replacing the path of the share with the share
+ name, iow for a share "test" with a server-side path of "/foo/bar", we
+ previously returned
+
+  /foo/bar and
+  /foo/bar/search/result
+
+and now return
+
+  /test and
+  /test/search/result
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/091b0265fe42878d676def5d4f5b4f8f3977b0e2]
+
+CVE: CVE-2023-34968
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ source3/lib/util_path.c                   | 52 ++++++++++++++++++++
+ source3/lib/util_path.h                   |  5 ++
+ source3/rpc_server/mdssvc/mdssvc.c        | 60 +++++++++++++++++++++--
+ source3/rpc_server/mdssvc/mdssvc.h        |  1 +
+ source3/rpc_server/mdssvc/srv_mdssvc_nt.c | 17 +++++--
+ 6 files changed, 128 insertions(+), 7 deletions(-)
+ mode change 100755 => 100644 source3/libads/ldap.c
+
+diff --git a/source3/lib/util_path.c b/source3/lib/util_path.c
+index c34b734..5b5a51c 100644
+--- a/source3/lib/util_path.c
++++ b/source3/lib/util_path.c
+@@ -21,8 +21,10 @@
+  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+  */
+
++#include "includes.h"
+ #include "replace.h"
+ #include <talloc.h>
++#include "lib/util/debug.h"
+ #include "lib/util/samba_util.h"
+ #include "lib/util_path.h"
+
+@@ -210,3 +212,53 @@ char *canonicalize_absolute_path(TALLOC_CTX *ctx, const char *pathname_in)
+	*p++ = '\0';
+	return pathname;
+ }
++
++/*
++ * Take two absolute paths, figure out if "subdir" is a proper
++ * subdirectory of "parent". Return the component relative to the
++ * "parent" without the potential "/". Take care of "parent"
++ * possibly ending in "/".
++ */
++bool subdir_of(const char *parent,
++	       size_t parent_len,
++	       const char *subdir,
++	       const char **_relative)
++{
++	const char *relative = NULL;
++	bool matched;
++
++	SMB_ASSERT(parent[0] == '/');
++	SMB_ASSERT(subdir[0] == '/');
++
++	if (parent_len == 1) {
++		/*
++		 * Everything is below "/"
++		 */
++		*_relative = subdir+1;
++		return true;
++	}
++
++	if (parent[parent_len-1] == '/') {
++		parent_len -= 1;
++	}
++
++	matched = (strncmp(subdir, parent, parent_len) == 0);
++	if (!matched) {
++		return false;
++	}
++
++	relative = &subdir[parent_len];
++
++	if (relative[0] == '\0') {
++		*_relative = relative; /* nothing left */
++		return true;
++	}
++
++	if (relative[0] == '/') {
++		/* End of parent must match a '/' in subdir. */
++		*_relative = relative+1;
++		return true;
++	}
++
++	return false;
++}
+diff --git a/source3/lib/util_path.h b/source3/lib/util_path.h
+index 3e7d04d..6d2155a 100644
+--- a/source3/lib/util_path.h
++++ b/source3/lib/util_path.h
+@@ -31,5 +31,10 @@ char *lock_path(TALLOC_CTX *mem_ctx, const char *name);
+ char *state_path(TALLOC_CTX *mem_ctx, const char *name);
+ char *cache_path(TALLOC_CTX *mem_ctx, const char *name);
+ char *canonicalize_absolute_path(TALLOC_CTX *ctx, const char *abs_path);
++bool subdir_of(const char *parent,
++               size_t parent_len,
++               const char *subdir,
++               const char **_relative);
++
+
+ #endif
+diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
+index 19257e8..d442d8d 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.c
++++ b/source3/rpc_server/mdssvc/mdssvc.c
+@@ -520,11 +520,14 @@ static bool inode_map_add(struct sl_query *slq,
+ bool mds_add_result(struct sl_query *slq, const char *path)
+ {
+	struct smb_filename *smb_fname = NULL;
++	char *fake_path = NULL;
++	const char *relative = NULL;
+	struct stat_ex sb;
+	uint32_t attr;
+	uint64_t ino64;
+	int result;
+	NTSTATUS status;
++	bool sub;
+	bool ok;
+
+	/*
+@@ -610,6 +613,17 @@ bool mds_add_result(struct sl_query *slq, const char *path)
+		}
+	}
+
++	sub = subdir_of(slq->mds_ctx->spath,
++			slq->mds_ctx->spath_len,
++			path,
++			&relative);
++	if (!sub) {
++		DBG_ERR("[%s] is not inside [%s]\n",
++			path, slq->mds_ctx->spath);
++		slq->state = SLQ_STATE_ERROR;
++		return false;
++	}
++
+	/*
+	 * Add inode number and filemeta to result set, this is what
+	 * we return as part of the result set of a query
+@@ -622,18 +636,30 @@ bool mds_add_result(struct sl_query *slq, const char *path)
+		slq->state = SLQ_STATE_ERROR;
+		return false;
+	}
++
++	fake_path = talloc_asprintf(slq,
++				    "/%s/%s",
++				    slq->mds_ctx->sharename,
++				    relative);
++	if (fake_path == NULL) {
++		slq->state = SLQ_STATE_ERROR;
++		return false;
++	}
++
+	ok = add_filemeta(slq->mds_ctx,
+			  slq->reqinfo,
+			  slq->query_results->fm_array,
+-			  path,
++			  fake_path,
+			  &sb);
+	if (!ok) {
+		DBG_ERR("add_filemeta error\n");
++		TALLOC_FREE(fake_path);
+		slq->state = SLQ_STATE_ERROR;
+		return false;
+	}
+
+-	ok = inode_map_add(slq, ino64, path, &sb);
++	ok = inode_map_add(slq, ino64, fake_path, &sb);
++	TALLOC_FREE(fake_path);
+	if (!ok) {
+		DEBUG(1, ("inode_map_add error\n"));
+		slq->state = SLQ_STATE_ERROR;
+@@ -840,6 +866,32 @@ static void slq_close_timer(struct tevent_context *ev,
+	}
+ }
+
++/**
++ * Translate a fake scope from the client like /sharename/dir
++ * to the real server-side path, replacing the "/sharename" part
++ * with the absolute server-side path of the share.
++ **/
++static bool mdssvc_real_scope(struct sl_query *slq, const char *fake_scope)
++{
++	size_t sname_len = strlen(slq->mds_ctx->sharename);
++	size_t fake_scope_len = strlen(fake_scope);
++
++	if (fake_scope_len < sname_len + 1) {
++		DBG_ERR("Short scope [%s] for share [%s]\n",
++			fake_scope, slq->mds_ctx->sharename);
++		return false;
++	}
++
++	slq->path_scope = talloc_asprintf(slq,
++					  "%s%s",
++					  slq->mds_ctx->spath,
++					  fake_scope + sname_len + 1);
++	if (slq->path_scope == NULL) {
++		return false;
++	}
++	return true;
++}
++
+ /**
+  * Begin a search query
+  **/
+@@ -946,8 +998,8 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx,
+		goto error;
+	}
+
+-	slq->path_scope = talloc_strdup(slq, scope);
+-	if (slq->path_scope == NULL) {
++	ok = mdssvc_real_scope(slq, scope);
++	if (!ok) {
+		goto error;
+	}
+
+diff --git a/source3/rpc_server/mdssvc/mdssvc.h b/source3/rpc_server/mdssvc/mdssvc.h
+index b3bd8b9..8434812 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.h
++++ b/source3/rpc_server/mdssvc/mdssvc.h
+@@ -127,6 +127,7 @@ struct mds_ctx {
+	int snum;
+	const char *sharename;
+	const char *spath;
++	size_t spath_len;
+	struct connection_struct *conn;
+	struct sl_query *query_list;     /* list of active queries */
+	struct db_context *ino_path_map; /* dbwrap rbt for storing inode->path mappings */
+diff --git a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+index 59e2a97..b20bd2a 100644
+--- a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
++++ b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+@@ -121,6 +121,7 @@ void _mdssvc_open(struct pipes_struct *p, struct mdssvc_open *r)
+		loadparm_s3_global_substitution();
+	int snum;
+	char *outpath = discard_const_p(char, r->out.share_path);
++	char *fake_path = NULL;
+	char *path;
+	NTSTATUS status;
+
+@@ -144,21 +145,31 @@ void _mdssvc_open(struct pipes_struct *p, struct mdssvc_open *r)
+		return;
+	}
+
++	fake_path = talloc_asprintf(p->mem_ctx, "/%s", r->in.share_name);
++	if (fake_path == NULL) {
++		DBG_ERR("Couldn't create fake share path for %s\n",
++			r->in.share_name);
++		talloc_free(path);
++		p->fault_state = DCERPC_FAULT_CANT_PERFORM;
++		return;
++	}
++
+	status = create_mdssvc_policy_handle(p->mem_ctx, p,
+					     snum,
+					     r->in.share_name,
+					     path,
+					     r->out.handle);
+	if (!NT_STATUS_IS_OK(status)) {
+-		DBG_ERR("Couldn't create policy handle for %s\n",
++		DBG_ERR("Couldn't create path for %s\n",
+			r->in.share_name);
+		talloc_free(path);
++		talloc_free(fake_path);
+		p->fault_state = DCERPC_FAULT_CANT_PERFORM;
+		return;
+	}
+
+-	strlcpy(outpath, path, 1024);
+-	talloc_free(path);
++	strlcpy(outpath, fake_path, 1024);
++	talloc_free(fake_path);
+	return;
+ }
+
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0001.patch
new file mode 100644
index 0000000000..908ab85baf
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0001.patch
@@ -0,0 +1,193 @@
+From b08a60160e6ab8d982d31844bcbf7ab67ff3a8de Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Tue, 1 Aug 2023 12:30:00 +0200
+Subject: [PATCH 2/2] CVE-2023-4091: smbtorture: test overwrite dispositions on
+ read-only file
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+
+CVE: CVE-2023-4091
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/b08a60160e6ab8d982d31844bcbf7ab67ff3a8de]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ selftest/knownfail.d/samba3.smb2.acls |   1 +
+ source4/torture/smb2/acls.c           | 145 ++++++++++++++++++++++++++
+ 2 files changed, 146 insertions(+)
+ create mode 100644 selftest/knownfail.d/samba3.smb2.acls
+
+diff --git a/selftest/knownfail.d/samba3.smb2.acls b/selftest/knownfail.d/samba3.smb2.acls
+new file mode 100644
+index 0000000..18df260
+--- /dev/null
++++ b/selftest/knownfail.d/samba3.smb2.acls
+@@ -0,0 +1 @@
++^samba3.smb2.acls.OVERWRITE_READ_ONLY_FILE
+diff --git a/source4/torture/smb2/acls.c b/source4/torture/smb2/acls.c
+index 4f4538b..d26caeb 100644
+--- a/source4/torture/smb2/acls.c
++++ b/source4/torture/smb2/acls.c
+@@ -3023,6 +3023,149 @@ done:
+	return ret;
+ }
+
++static bool test_overwrite_read_only_file(struct torture_context *tctx,
++					  struct smb2_tree *tree)
++{
++	NTSTATUS status;
++	struct smb2_create c;
++	const char *fname = BASEDIR "\\test_overwrite_read_only_file.txt";
++	struct smb2_handle handle = {{0}};
++	union smb_fileinfo q;
++	union smb_setfileinfo set;
++	struct security_descriptor *sd = NULL, *sd_orig = NULL;
++	const char *owner_sid = NULL;
++	int i;
++	bool ret = true;
++
++	struct tcase {
++		int disposition;
++		const char *disposition_string;
++		NTSTATUS expected_status;
++	} tcases[] = {
++#define TCASE(d, s) {				\
++		.disposition = d,		\
++		.disposition_string = #d,	\
++		.expected_status = s,		\
++	}
++		TCASE(NTCREATEX_DISP_OPEN, NT_STATUS_OK),
++		TCASE(NTCREATEX_DISP_SUPERSEDE, NT_STATUS_ACCESS_DENIED),
++		TCASE(NTCREATEX_DISP_OVERWRITE, NT_STATUS_ACCESS_DENIED),
++		TCASE(NTCREATEX_DISP_OVERWRITE_IF, NT_STATUS_ACCESS_DENIED),
++	};
++#undef TCASE
++
++	ret = smb2_util_setup_dir(tctx, tree, BASEDIR);
++	torture_assert_goto(tctx, ret, ret, done, "smb2_util_setup_dir not ok");
++
++	c = (struct smb2_create) {
++		.in.desired_access = SEC_STD_READ_CONTROL |
++			SEC_STD_WRITE_DAC |
++			SEC_STD_WRITE_OWNER,
++		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
++		.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
++			NTCREATEX_SHARE_ACCESS_WRITE,
++		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
++		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
++		.in.fname = fname,
++	};
++
++	status = smb2_create(tree, tctx, &c);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_create failed\n");
++	handle = c.out.file.handle;
++
++	torture_comment(tctx, "get the original sd\n");
++
++	ZERO_STRUCT(q);
++	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
++	q.query_secdesc.in.file.handle = handle;
++	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
++
++	status = smb2_getinfo_file(tree, tctx, &q);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_getinfo_file failed\n");
++	sd_orig = q.query_secdesc.out.sd;
++
++	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
++
++	sd = security_descriptor_dacl_create(tctx,
++					0, NULL, NULL,
++					owner_sid,
++					SEC_ACE_TYPE_ACCESS_ALLOWED,
++					SEC_FILE_READ_DATA,
++					0,
++					NULL);
++
++	ZERO_STRUCT(set);
++	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
++	set.set_secdesc.in.file.handle = handle;
++	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
++	set.set_secdesc.in.sd = sd;
++
++	status = smb2_setinfo_file(tree, &set);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_setinfo_file failed\n");
++
++	smb2_util_close(tree, handle);
++	ZERO_STRUCT(handle);
++
++	for (i = 0; i < ARRAY_SIZE(tcases); i++) {
++		torture_comment(tctx, "Verify open with %s dispostion\n",
++				tcases[i].disposition_string);
++
++		c = (struct smb2_create) {
++			.in.create_disposition = tcases[i].disposition,
++			.in.desired_access = SEC_FILE_READ_DATA,
++			.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
++			.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
++			.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
++			.in.fname = fname,
++		};
++
++		status = smb2_create(tree, tctx, &c);
++		smb2_util_close(tree, c.out.file.handle);
++		torture_assert_ntstatus_equal_goto(
++			tctx, status, tcases[i].expected_status, ret, done,
++			"smb2_create failed\n");
++	};
++
++	torture_comment(tctx, "put back original sd\n");
++
++	c = (struct smb2_create) {
++		.in.desired_access = SEC_STD_WRITE_DAC,
++		.in.file_attributes = FILE_ATTRIBUTE_NORMAL,
++		.in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
++		.in.create_disposition = NTCREATEX_DISP_OPEN_IF,
++		.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
++		.in.fname = fname,
++	};
++
++	status = smb2_create(tree, tctx, &c);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_create failed\n");
++	handle = c.out.file.handle;
++
++	ZERO_STRUCT(set);
++	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
++	set.set_secdesc.in.file.handle = handle;
++	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
++	set.set_secdesc.in.sd = sd_orig;
++
++	status = smb2_setinfo_file(tree, &set);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_setinfo_file failed\n");
++
++	smb2_util_close(tree, handle);
++	ZERO_STRUCT(handle);
++
++done:
++	smb2_util_close(tree, handle);
++	smb2_util_unlink(tree, fname);
++	smb2_deltree(tree, BASEDIR);
++	return ret;
++}
++
++
+ /*
+    basic testing of SMB2 ACLs
+ */
+@@ -3051,6 +3194,8 @@ struct torture_suite *torture_smb2_acls_init(TALLOC_CTX *ctx)
+			test_deny1);
+	torture_suite_add_1smb2_test(suite, "MXAC-NOT-GRANTED",
+			test_mxac_not_granted);
++	torture_suite_add_1smb2_test(suite, "OVERWRITE_READ_ONLY_FILE",
++			test_overwrite_read_only_file);
+
+	suite->description = talloc_strdup(suite, "SMB2-ACLS tests");
+
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0002.patch
new file mode 100644
index 0000000000..43d3b4929f
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0002.patch
@@ -0,0 +1,59 @@
+From 8b26f634372f11edcbea33dfd68a3d57889dfcc5 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Tue, 1 Aug 2023 13:04:36 +0200
+Subject: [PATCH] CVE-2023-4091: smbd: use open_access_mask for access check in
+    open_file()
+
+If the client requested FILE_OVERWRITE[_IF], we're implicitly adding
+FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the
+access check we're using access_mask which doesn't contain the additional
+right, which means we can end up truncating a file for which the user has
+only read-only access via an SD.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+
+CVE: CVE-2023-4091
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/8b26f634372f11edcbea33dfd68a3d57889dfcc5]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ selftest/knownfail.d/samba3.smb2.acls | 1 -
+ source3/smbd/open.c                   | 4 ++--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+ delete mode 100644 selftest/knownfail.d/samba3.smb2.acls
+
+diff --git a/selftest/knownfail.d/samba3.smb2.acls b/selftest/knownfail.d/samba3.smb2.acls
+deleted file mode 100644
+index 18df260..0000000
+--- a/selftest/knownfail.d/samba3.smb2.acls
++++ /dev/null
+@@ -1 +0,0 @@
+-^samba3.smb2.acls.OVERWRITE_READ_ONLY_FILE
+diff --git a/source3/smbd/open.c b/source3/smbd/open.c
+index 2c3bf9e..4bec5cb 100644
+--- a/source3/smbd/open.c
++++ b/source3/smbd/open.c
+@@ -1402,7 +1402,7 @@ static NTSTATUS open_file(files_struct *fsp,
+ 						conn->cwd_fsp,
+ 						smb_fname,
+ 						false,
+-						access_mask);
++						open_access_mask);
+ 
+ 				if (!NT_STATUS_IS_OK(status)) {
+ 					DEBUG(10, ("open_file: "
+@@ -1585,7 +1585,7 @@ static NTSTATUS open_file(files_struct *fsp,
+ 				conn->cwd_fsp,
+ 				smb_fname,
+ 				false,
+-				access_mask);
++				open_access_mask);
+ 
+ 		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
+ 				(fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) &&
+-- 
+2.40.0
+
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch
new file mode 100644
index 0000000000..dfa6aeb023
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch
@@ -0,0 +1,94 @@
+From 9989568b20c8f804140c22f51548d766a18ed887 Mon Sep 17 00:00:00 2001
+From: Andrew Bartlett <abartlet@samba.org>
+Date: Tue, 12 Sep 2023 18:59:44 +1200
+Subject: [PATCH] CVE-2023-42669 s4-rpc_server: Disable rpcecho server by
+ default
+
+The rpcecho server is useful in development and testing, but should never
+have been allowed into production, as it includes the facility to
+do a blocking sleep() in the single-threaded rpc worker.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
+
+Signed-off-by: Andrew Bartlett <abartlet@samba.org>
+
+CVE: CVE-2023-42669
+
+Upstream-Status: Backport [https://github.com/samba-team/samba/commit/9989568b20c8f804140c22f51548d766a18ed887]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml | 2 +-
+ lib/param/loadparm.c                                   | 2 +-
+ selftest/target/Samba4.pm                              | 2 +-
+ source3/param/loadparm.c                               | 2 +-
+ source4/rpc_server/wscript_build                       | 3 ++-
+ 5 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
+index 8a217cc..c6642b7 100644
+--- a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
++++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
+@@ -6,6 +6,6 @@
+	<para>Specifies which DCE/RPC endpoint servers should be run.</para>
+ </description>
+
+-<value type="default">epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
++<value type="default">epmapper, wkssvc, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
+ <value type="example">rpcecho</value>
+ </samba:parameter>
+diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
+index eedfa00..75687f5 100644
+--- a/lib/param/loadparm.c
++++ b/lib/param/loadparm.c
+@@ -2717,7 +2717,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
+	lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default");
+	lpcfg_do_global_parameter(lp_ctx, "max connections", "0");
+
+-	lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
++	lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc  samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
+	lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns");
+	lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true");
+	/* the winbind method for domain controllers is for both RODC
+diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
+index 651faa7..c7b33d2 100755
+--- a/selftest/target/Samba4.pm
++++ b/selftest/target/Samba4.pm
+@@ -773,7 +773,7 @@ sub provision_raw_step1($$)
+	wins support = yes
+	server role = $ctx->{server_role}
+	server services = +echo $services
+-        dcerpc endpoint servers = +winreg +srvsvc
++        dcerpc endpoint servers = +winreg +srvsvc +rpcecho
+	notify:inotify = false
+	ldb:nosync = true
+	ldap server require strong auth = yes
+diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
+index 8bcd35f..a99ab35 100644
+--- a/source3/param/loadparm.c
++++ b/source3/param/loadparm.c
+@@ -879,7 +879,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
+
+	Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
+
+-	Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
++	Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc  samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
+
+	Globals.tls_enabled = true;
+	Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
+diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
+index 8c75672..a2520da 100644
+--- a/source4/rpc_server/wscript_build
++++ b/source4/rpc_server/wscript_build
+@@ -29,7 +29,8 @@ bld.SAMBA_MODULE('dcerpc_rpcecho',
+	source='echo/rpc_echo.c',
+	subsystem='dcerpc_server',
+	init_function='dcerpc_server_rpcecho_init',
+-	deps='ndr-standard events'
++    deps='ndr-standard events',
++    enabled=bld.CONFIG_GET('ENABLE_SELFTEST')
+	)
+
+
+--
+2.40.0
diff --git a/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb b/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb
index 53526a26b6..2fb93be0a9 100644
--- a/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb
+++ b/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb
@@ -22,6 +22,43 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
            file://0005-samba-build-dnsserver_common-code.patch \
            file://0001-Fix-pyext_PATTERN-for-cross-compilation.patch \
            file://0001-smbtorture-skip-test-case-tfork_cmd_send.patch \
+           file://CVE-2022-3437-0001.patch;patchdir=source4/heimdal \
+           file://CVE-2022-3437-0002.patch;patchdir=source4/heimdal \
+           file://CVE-2022-3437-0003.patch;patchdir=source4/heimdal \
+           file://CVE-2022-3437-0004.patch;patchdir=source4/heimdal \
+           file://CVE-2022-3437-0005.patch;patchdir=source4/heimdal \
+           file://CVE-2022-3437-0006.patch;patchdir=source4/heimdal \
+           file://CVE-2022-3437-0007.patch;patchdir=source4/heimdal \
+           file://CVE-2022-3437-0008.patch;patchdir=source4/heimdal \
+           file://CVE-2022-45142.patch;patchdir=source4/heimdal \
+           file://CVE-2022-41916.patch;patchdir=source4/heimdal \
+           file://CVE-2021-44758.patch;patchdir=source4/heimdal \
+           file://CVE-2023-34966_0001.patch \
+           file://CVE-2023-34966_0002.patch \
+           file://CVE-2022-2127.patch \
+           file://CVE-2023-34967_0001.patch \
+           file://CVE-2023-34967_0002.patch \
+           file://CVE-2023-34968_0001.patch \
+           file://CVE-2023-34968_0002.patch \
+           file://CVE-2023-34968_0003.patch \
+           file://CVE-2023-34968_0004.patch \
+           file://CVE-2023-34968_0005.patch \
+           file://CVE-2023-34968_0006.patch \
+           file://CVE-2023-34968_0007.patch \
+           file://CVE-2023-34968_0008.patch \
+           file://CVE-2023-34968_0009.patch \
+           file://CVE-2023-34968_0010.patch \
+           file://CVE-2023-34968_0011.patch \
+           file://CVE-2023-4091-0001.patch \
+           file://CVE-2023-4091-0002.patch \
+           file://CVE-2023-42669.patch \
+           file://CVE-2018-14628-0001.patch \
+           file://CVE-2018-14628-0002.patch \
+           file://CVE-2018-14628-0003.patch \
+           file://CVE-2018-14628-0004.patch \
+           file://CVE-2018-14628-0005.patch \
+           file://CVE-2018-14628-0006.patch \
+           file://CVE-2023-0922.patch \
            "
 
 SRC_URI:append:libc-musl = " \
diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb
index e344733ef4..3fc1b0fd17 100644
--- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb
+++ b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb
@@ -73,6 +73,7 @@ do_install:append() {
 }
 
 USERADD_PACKAGES = "${PN}-bin"
+GROUPADD_PARAM:${PN}-bin = "--system mail"
 USERADD_PARAM:${PN}-bin = "--system --home=/var/spool/mail -g mail cyrus"
 
 SYSTEMD_PACKAGES = "${PN}-bin"
diff --git a/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch b/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch
new file mode 100644
index 0000000000..ad1704520c
--- /dev/null
+++ b/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch
@@ -0,0 +1,35 @@
+From e5ddcf9575437bacd64c2b68501b413014186a6a Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 19 Oct 2022 10:15:01 -0700
+Subject: [PATCH] makedefs: Account for linux 6.x version
+
+Major version has bumped to 6 and script needs to know that
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ makedefs | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/makedefs
++++ b/makedefs
+@@ -613,7 +613,7 @@ EOF
+ 		: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
+ 		: ${PLUGIN_LD="${CC-gcc} -shared"}
+ 		;;
+- Linux.[345].*)	SYSTYPE=LINUX$RELEASE_MAJOR
++ Linux.[3-6]*)	SYSTYPE=LINUX$RELEASE_MAJOR
+ 		case "$CCARGS" in
+ 		 *-DNO_DB*) ;;
+ 		 *-DHAS_DB*) ;;
+--- a/src/util/sys_defs.h
++++ b/src/util/sys_defs.h
+@@ -751,7 +751,7 @@ extern int initgroups(const char *, int)
+  /*
+   * LINUX.
+   */
+-#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5)
++#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) || defined(LINUX6)
+ #define SUPPORTED
+ #define UINT32_TYPE	unsigned int
+ #define UINT16_TYPE	unsigned short
diff --git a/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-1.patch b/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-1.patch
new file mode 100644
index 0000000000..65436b704e
--- /dev/null
+++ b/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-1.patch
@@ -0,0 +1,377 @@
+From a6596ec37a4892e1d9c2498ecbfc4b8e6be5156a Mon Sep 17 00:00:00 2001
+From: Wietse Venema <wietse@porcupine.org>
+Date: Fri, 22 Dec 2023 00:00:00 -0500
+Subject: [PATCH] postfix-3.6.13
+---
+Upstream-Status: Backport from [https://launchpad.net/ubuntu/+source/postfix/3.6.4-1ubuntu1.3]
+CVE: CVE-2023-51764
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ man/man5/postconf.5      |   55 +++++++++++++++++++++++++++++++++++++++++++++++
+ man/man8/smtpd.8         |    9 +++++++
+ mantools/postlink        |    2 +
+ proto/postconf.proto     |   52 ++++++++++++++++++++++++++++++++++++++++++++
+ src/global/mail_params.h |   11 ++++++++-
+ src/global/smtp_stream.c |   14 +++++++++++
+ src/global/smtp_stream.h |    2 +
+ src/smtpd/smtpd.c        |   42 +++++++++++++++++++++++++++++++++++
+ 8 files changed, 185 insertions(+), 2 deletions(-)
+
+--- a/man/man5/postconf.5
++++ b/man/man5/postconf.5
+@@ -10412,6 +10412,61 @@
+ parameter $name expansion.
+ .PP
+ This feature is available in Postfix 2.0 and later.
++.SH smtpd_forbid_bare_newline (default: Postfix < 3.9: no)
++Reply with "Error: bare <LF> received" and disconnect
++when a remote SMTP client sends a line ending in <LF>, violating
++the RFC 5321 requirement that lines must end in <CR><LF>.
++This feature is disbled by default with Postfix < 3.9. Use
++smtpd_forbid_bare_newline_exclusions to exclude non\-standard clients
++such as netcat. Specify "smtpd_forbid_bare_newline = no" to disable
++(not recommended for an Internet\-connected MTA).
++.PP
++See
++https://www.postfix.org/smtp\-smuggling.html for details.
++.PP
++Example:
++.sp
++.in +4
++.nf
++.na
++.ft C
++# Disconnect remote SMTP clients that send bare newlines, but allow
++# local clients with non\-standard SMTP implementations such as netcat,
++# fax machines, or load balancer health checks.
++#
++smtpd_forbid_bare_newline = yes
++smtpd_forbid_bare_newline_exclusions = $mynetworks
++.fi
++.ad
++.ft R
++.in -4
++.PP
++This feature is available in Postfix >= 3.9, 3.8.4, 3.7.9,
++3.6.13, and 3.5.23.
++.SH smtpd_forbid_bare_newline_exclusions (default: $mynetworks)
++Exclude the specified clients from smtpd_forbid_bare_newline
++enforcement. It uses the same syntax and parent\-domain matching
++behavior as mynetworks.
++.PP
++Example:
++.sp
++.in +4
++.nf
++.na
++.ft C
++# Disconnect remote SMTP clients that send bare newlines, but allow
++# local clients with non\-standard SMTP implementations such as netcat,
++# fax machines, or load balancer health checks.
++#
++smtpd_forbid_bare_newline = yes
++smtpd_forbid_bare_newline_exclusions = $mynetworks
++.fi
++.ad
++.ft R
++.in -4
++.PP
++This feature is available in Postfix >= 3.9, 3.8.4, 3.7.9,
++3.6.13, and 3.5.23.
+ .SH smtpd_forbidden_commands (default: CONNECT, GET, POST)
+ List of commands that cause the Postfix SMTP server to immediately
+ terminate the session with a 221 code. This can be used to disconnect
+--- a/man/man8/smtpd.8
++++ b/man/man8/smtpd.8
+@@ -808,6 +808,15 @@
+ The maximal number of AUTH commands that any client is allowed to
+ send to this service per time unit, regardless of whether or not
+ Postfix actually accepts those commands.
++.PP
++Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
++.IP "\fBsmtpd_forbid_bare_newline (Postfix < 3.9: no)\fR"
++Reply with "Error: bare <LF> received" and disconnect
++when a remote SMTP client sends a line ending in <LF>, violating
++the RFC 5321 requirement that lines must end in <CR><LF>.
++.IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR"
++Exclude the specified clients from smtpd_forbid_bare_newline
++enforcement.
+ .SH "TARPIT CONTROLS"
+ .na
+ .nf
+--- a/mantools/postlink
++++ b/mantools/postlink
+@@ -547,6 +547,8 @@
+     s;\bsmtpd_error_sleep_time\b;<a href="postconf.5.html#smtpd_error_sleep_time">$&</a>;g;
+     s;\bsmtpd_etrn_restrictions\b;<a href="postconf.5.html#smtpd_etrn_restrictions">$&</a>;g;
+     s;\bsmtpd_expansion_filter\b;<a href="postconf.5.html#smtpd_expansion_filter">$&</a>;g;
++    s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_newline\b;<a href="postconf.5.html#smtpd_forbi    d_bare_newline">$&</a>;g;
++    s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_newline_exclusions\b;<a href="postconf.5.html#    smtpd_forbid_bare_newline_exclusions">$&</a>;g;
+     s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bidden_commands\b;<a href="postconf.5.html#smtpd_forbidden_commands">$&</a>;g;
+     s;\bsmtpd_hard_error_limit\b;<a href="postconf.5.html#smtpd_hard_error_limit">$&</a>;g;
+     s;\bsmtpd_helo_required\b;<a href="postconf.5.html#smtpd_helo_required">$&</a>;g;
+--- a/proto/postconf.proto
++++ b/proto/postconf.proto
+@@ -18058,3 +18058,55 @@
+ name or port number. </p>
+ 
+ <p> This feature is available in Postfix 3.6 and later. </p>
++
++%PARAM smtpd_forbid_bare_newline Postfix &lt; 3.9: no
++
++<p> Reply with "Error: bare &lt;LF&gt; received" and disconnect
++when a remote SMTP client sends a line ending in &lt;LF&gt;, violating
++the RFC 5321 requirement that lines must end in &lt;CR&gt;&lt;LF&gt;.
++This feature is disbled by default with Postfix &lt; 3.9. Use
++smtpd_forbid_bare_newline_exclusions to exclude non-standard clients
++such as netcat. Specify "smtpd_forbid_bare_newline = no" to disable
++(not recommended for an Internet-connected MTA). </p>
++
++<p> See <a href="https://www.postfix.org/smtp-smuggling.html">
++https://www.postfix.org/smtp-smuggling.html</a> for details.
++
++<p> Example: </p>
++
++<blockquote>
++<pre>
++# Disconnect remote SMTP clients that send bare newlines, but allow
++# local clients with non-standard SMTP implementations such as netcat,
++# fax machines, or load balancer health checks.
++#
++smtpd_forbid_bare_newline = yes
++smtpd_forbid_bare_newline_exclusions = $mynetworks
++</pre>
++</blockquote>
++
++<p> This feature is available in Postfix &ge; 3.9, 3.8.4, 3.7.9,
++3.6.13, and 3.5.23. </p>
++
++%PARAM smtpd_forbid_bare_newline_exclusions $mynetworks
++
++<p> Exclude the specified clients from smtpd_forbid_bare_newline
++enforcement. It uses the same syntax and parent-domain matching
++behavior as mynetworks. </p>
++
++<p> Example: </p>
++
++<blockquote>
++<pre>
++# Disconnect remote SMTP clients that send bare newlines, but allow
++# local clients with non-standard SMTP implementations such as netcat,
++# fax machines, or load balancer health checks.
++#
++smtpd_forbid_bare_newline = yes
++smtpd_forbid_bare_newline_exclusions = $mynetworks
++</pre>
++</blockquote>
++
++<p> This feature is available in Postfix &ge; 3.9, 3.8.4, 3.7.9,
++3.6.13, and 3.5.23. </p>
++
+--- a/src/global/mail_params.h
++++ b/src/global/mail_params.h
+@@ -4170,7 +4170,16 @@
+ extern char *var_smtpd_dns_re_filter;
+ 
+  /*
+-  * Share TLS sessions through tlproxy(8).
++  * Backwards compatibility.
++  */
++#define VAR_SMTPD_FORBID_BARE_LF	"smtpd_forbid_bare_newline"
++#define DEF_SMTPD_FORBID_BARE_LF	0
++
++#define VAR_SMTPD_FORBID_BARE_LF_EXCL	"smtpd_forbid_bare_newline_exclusions"
++#define DEF_SMTPD_FORBID_BARE_LF_EXCL	"$" VAR_MYNETWORKS
++
++ /*
++  * Share TLS sessions through tlsproxy(8).
+   */
+ #define VAR_SMTP_TLS_CONN_REUSE		"smtp_tls_connection_reuse"
+ #define DEF_SMTP_TLS_CONN_REUSE		0
+--- a/src/global/smtp_stream.c
++++ b/src/global/smtp_stream.c
+@@ -50,6 +50,8 @@
+ /*	VSTREAM *stream;
+ /*	char	*format;
+ /*	va_list	ap;
++/*
++/*	int	smtp_forbid_bare_lf;
+ /* AUXILIARY API
+ /*	int	smtp_get_noexcept(vp, stream, maxlen, flags)
+ /*	VSTRING	*vp;
+@@ -124,11 +126,16 @@
+ /*	smtp_vprintf() is the machine underneath smtp_printf().
+ /*
+ /*	smtp_get_noexcept() implements the subset of smtp_get()
+-/*	without timeouts and without making long jumps. Instead,
++/*	without long jumps for timeout or EOF errors. Instead,
+ /*	query the stream status with vstream_feof() etc.
++/*	This function will make a VSTREAM long jump (error code
++/*	SMTP_ERR_LF) when rejecting input with a bare newline byte.
+ /*
+ /*	smtp_timeout_setup() is a backwards-compatibility interface
+ /*	for programs that don't require per-record deadline support.
++/*
++/*	smtp_forbid_bare_lf controls whether smtp_get_noexcept()
++/*	will reject input with a bare newline byte.
+ /* DIAGNOSTICS
+ /* .fi
+ /* .ad
+@@ -201,6 +208,8 @@
+ 
+ #include "smtp_stream.h"
+ 
++int     smtp_forbid_bare_lf;
++
+ /* smtp_timeout_reset - reset per-stream error flags, restart deadline timer */
+ 
+ static void smtp_timeout_reset(VSTREAM *stream)
+@@ -404,6 +413,9 @@
+ 	 */
+     case '\n':
+ 	vstring_truncate(vp, VSTRING_LEN(vp) - 1);
++	if (smtp_forbid_bare_lf
++	    && (VSTRING_LEN(vp) == 0 || vstring_end(vp)[-1] != '\r'))
++	    vstream_longjmp(stream, SMTP_ERR_LF);
+ 	while (VSTRING_LEN(vp) > 0 && vstring_end(vp)[-1] == '\r')
+ 	    vstring_truncate(vp, VSTRING_LEN(vp) - 1);
+ 	VSTRING_TERMINATE(vp);
+--- a/src/global/smtp_stream.h
++++ b/src/global/smtp_stream.h
+@@ -32,6 +32,7 @@
+ #define SMTP_ERR_QUIET	3		/* silent cleanup (application) */
+ #define SMTP_ERR_NONE	4		/* non-error case */
+ #define SMTP_ERR_DATA	5		/* application data error */
++#define SMTP_ERR_LF	6		/* bare <LF> protocol error */
+ 
+ extern void smtp_stream_setup(VSTREAM *, int, int);
+ extern void PRINTFLIKE(2, 3) smtp_printf(VSTREAM *, const char *,...);
+@@ -43,6 +44,7 @@
+ extern void smtp_fwrite(const char *, ssize_t len, VSTREAM *);
+ extern void smtp_fread_buf(VSTRING *, ssize_t len, VSTREAM *);
+ extern void smtp_fputc(int, VSTREAM *);
++extern int smtp_forbid_bare_lf;
+ 
+ extern void smtp_vprintf(VSTREAM *, const char *, va_list);
+ 
+--- a/src/smtpd/smtpd.c
++++ b/src/smtpd/smtpd.c
+@@ -762,6 +762,15 @@
+ /*	The maximal number of AUTH commands that any client is allowed to
+ /*	send to this service per time unit, regardless of whether or not
+ /*	Postfix actually accepts those commands.
++/* .PP
++/*	Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
++/* .IP "\fBsmtpd_forbid_bare_newline (Postfix < 3.9: no)\fR"
++/*	Reply with "Error: bare <LF> received" and disconnect
++/*	when a remote SMTP client sends a line ending in <LF>, violating
++/*	the RFC 5321 requirement that lines must end in <CR><LF>.
++/* .IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR"
++/*	Exclude the specified clients from smtpd_forbid_bare_newline
++/*	enforcement.
+ /* TARPIT CONTROLS
+ /* .ad
+ /* .fi
+@@ -1467,6 +1476,10 @@
+ int     var_smtpd_uproxy_tmout;
+ bool    var_relay_before_rcpt_checks;
+ 
++bool    var_smtpd_forbid_bare_lf;
++char   *var_smtpd_forbid_bare_lf_excl;
++static NAMADR_LIST *bare_lf_excl;
++
+  /*
+   * Silly little macros.
+   */
+@@ -1541,6 +1554,7 @@
+ #define REASON_TIMEOUT		"timeout"
+ #define REASON_LOST_CONNECTION	"lost connection"
+ #define REASON_ERROR_LIMIT	"too many errors"
++#define REASON_BARE_LF		"bare <LF> received"
+ 
+ #ifdef USE_TLS
+ 
+@@ -3967,6 +3981,7 @@
+      */
+     done = 0;
+     do {
++	int     payload_err;
+ 
+ 	/*
+ 	 * Do not skip the smtp_fread_buf() call if read_len == 0. We still
+@@ -3980,6 +3995,10 @@
+ 	smtp_fread_buf(state->buffer, read_len, state->client);
+ 	state->bdat_get_stream = vstream_memreopen(
+ 			   state->bdat_get_stream, state->buffer, O_RDONLY);
++	vstream_control(state->bdat_get_stream, CA_VSTREAM_CTL_EXCEPT,
++			CA_VSTREAM_CTL_END);
++	if ((payload_err = vstream_setjmp(state->bdat_get_stream)) != 0)
++	    vstream_longjmp(state->client, payload_err);
+ 
+ 	/*
+ 	 * Read lines from the fragment. The last line may continue in the
+@@ -4655,6 +4674,9 @@
+      */
+     xclient_allowed =
+ 	namadr_list_match(xclient_hosts, state->name, state->addr);
++    smtp_forbid_bare_lf = SMTPD_STAND_ALONE((state)) == 0
++	&& var_smtpd_forbid_bare_lf
++	&& !namadr_list_match(bare_lf_excl, state->name, state->addr);
+     /* NOT: tls_reset() */
+     if (got_helo == 0)
+ 	helo_reset(state);
+@@ -5446,6 +5468,13 @@
+ 			     var_myhostname);
+ 	break;
+ 
++    case SMTP_ERR_LF:
++	state->reason = REASON_BARE_LF;
++	if (vstream_setjmp(state->client) == 0)
++	    smtpd_chat_reply(state, "521 5.5.2 %s Error: bare <LF> received",
++			     var_myhostname);
++	break;
++
+     case 0:
+ 
+ 	/*
+@@ -5995,6 +6024,13 @@
+ 	namadr_list_match(xforward_hosts, state.name, state.addr);
+ 
+     /*
++     * Enforce strict SMTP line endings, with compatibility exclusions.
++     */
++    smtp_forbid_bare_lf = SMTPD_STAND_ALONE((&state)) == 0
++	&& var_smtpd_forbid_bare_lf
++	&& !namadr_list_match(bare_lf_excl, state.name, state.addr);
++
++    /*
+      * See if we need to turn on verbose logging for this client.
+      */
+     debug_peer_check(state.name, state.addr);
+@@ -6055,6 +6091,10 @@
+     hogger_list = namadr_list_init(VAR_SMTPD_HOGGERS, MATCH_FLAG_RETURN
+ 				   | match_parent_style(VAR_SMTPD_HOGGERS),
+ 				   var_smtpd_hoggers);
++    bare_lf_excl = namadr_list_init(VAR_SMTPD_FORBID_BARE_LF_EXCL,
++				    MATCH_FLAG_RETURN
++				    | match_parent_style(VAR_MYNETWORKS),
++				    var_smtpd_forbid_bare_lf_excl);
+ 
+     /*
+      * Open maps before dropping privileges so we can read passwords etc.
+@@ -6412,6 +6452,7 @@
+ 	VAR_SMTPD_PEERNAME_LOOKUP, DEF_SMTPD_PEERNAME_LOOKUP, &var_smtpd_peername_lookup,
+ 	VAR_SMTPD_DELAY_OPEN, DEF_SMTPD_DELAY_OPEN, &var_smtpd_delay_open,
+ 	VAR_SMTPD_CLIENT_PORT_LOG, DEF_SMTPD_CLIENT_PORT_LOG, &var_smtpd_client_port_log,
++    VAR_SMTPD_FORBID_BARE_LF, DEF_SMTPD_FORBID_BARE_LF, &var_smtpd_forbid_bare_lf,
+ 	0,
+     };
+     static const CONFIG_NBOOL_TABLE nbool_table[] = {
+@@ -6527,6 +6568,7 @@
+ 	VAR_SMTPD_POLICY_CONTEXT, DEF_SMTPD_POLICY_CONTEXT, &var_smtpd_policy_context, 0, 0,
+ 	VAR_SMTPD_DNS_RE_FILTER, DEF_SMTPD_DNS_RE_FILTER, &var_smtpd_dns_re_filter, 0, 0,
+ 	VAR_SMTPD_REJ_FTR_MAPS, DEF_SMTPD_REJ_FTR_MAPS, &var_smtpd_rej_ftr_maps, 0, 0,
++	VAR_SMTPD_FORBID_BARE_LF_EXCL, DEF_SMTPD_FORBID_BARE_LF_EXCL, &var_smtpd_forbid_bare_lf_excl, 0, 0,
+ 	0,
+     };
+     static const CONFIG_RAW_TABLE raw_table[] = {
diff --git a/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-2.patch b/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-2.patch
new file mode 100644
index 0000000000..e97a088557
--- /dev/null
+++ b/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-2.patch
@@ -0,0 +1,978 @@
+From cb3b1cbda3dec086a7f4541fe64751d9bb2988bd Mon Sep 17 00:00:00 2001
+From: Wietse Venema <wietse@porcupine.org>
+Date: Sun, 21 Jan 2024 00:00:00 -0500
+Subject: [PATCH] postfix-3.6.14
+
+---
+
+Upstream-Status: Backport from [https://launchpad.net/ubuntu/+source/postfix/3.6.4-1ubuntu1.3]
+CVE: CVE-2023-51764
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ man/man5/postconf.5           |  173 +++++++++++++++++++++++++++++++++++-------
+ man/man8/cleanup.8            |    8 +
+ man/man8/smtpd.8              |   11 +-
+ mantools/postlink             |    6 -
+ proto/postconf.proto          |  142 +++++++++++++++++++++++++++-------
+ src/cleanup/cleanup.c         |    8 +
+ src/cleanup/cleanup_init.c    |    2 
+ src/cleanup/cleanup_message.c |   17 ++++
+ src/global/cleanup_strerror.c |    1 
+ src/global/cleanup_user.h     |    6 +
+ src/global/mail_params.h      |    9 +-
+ src/global/smtp_stream.c      |   34 +++++---
+ src/global/smtp_stream.h      |    4 
+ src/smtpd/smtpd.c             |  114 ++++++++++++++++++++-------
+ src/smtpd/smtpd_check.c       |   14 ++-
+ src/smtpd/smtpd_check.h       |    1 
+ 16 files changed, 443 insertions(+), 107 deletions(-)
+
+--- a/man/man5/postconf.5
++++ b/man/man5/postconf.5
+@@ -845,6 +845,32 @@
+ .fi
+ .ad
+ .ft R
++.SH cleanup_replace_stray_cr_lf (default: yes)
++Replace each stray <CR> or <LF> character in message
++content with a space character, to prevent outbound SMTP smuggling,
++and to make the evaluation of Postfix\-added DKIM or other signatures
++independent from how a remote mail server handles such characters.
++.PP
++SMTP does not allow such characters unless they are part of a
++<CR><LF> sequence, and different mail systems handle
++such stray characters in an implementation\-dependent manner. Stray
++<CR> or <LF> characters could be used for outbound
++SMTP smuggling, where an attacker uses a Postfix server to send
++message content with a non\-standard End\-of\-DATA sequence that
++triggers inbound SMTP smuggling at a remote SMTP server.
++.PP
++The replacement happens before all other content management,
++and before Postfix may add a DKIM etc. signature; if the signature
++were created first, the replacement could invalidate the signature.
++.PP
++In addition to preventing SMTP smuggling, replacing stray
++<CR> or <LF> characters ensures that the result of
++signature validation by later mail system will not depend on how
++that mail system handles those stray characters in an
++implementation\-dependent manner.
++.PP
++This feature is available in Postfix >= 3.9, 3.8.5, 3.7.10,
++3.6.14, and 3.5.24.
+ .SH cleanup_service_name (default: cleanup)
+ The name of the \fBcleanup\fR(8) service. This service rewrites addresses
+ into the standard form, and performs \fBcanonical\fR(5) address mapping
+@@ -10413,60 +10439,153 @@
+ .PP
+ This feature is available in Postfix 2.0 and later.
+ .SH smtpd_forbid_bare_newline (default: Postfix < 3.9: no)
+-Reply with "Error: bare <LF> received" and disconnect
+-when a remote SMTP client sends a line ending in <LF>, violating
+-the RFC 5321 requirement that lines must end in <CR><LF>.
+-This feature is disbled by default with Postfix < 3.9. Use
+-smtpd_forbid_bare_newline_exclusions to exclude non\-standard clients
+-such as netcat. Specify "smtpd_forbid_bare_newline = no" to disable
+-(not recommended for an Internet\-connected MTA).
+-.PP
+-See
+-https://www.postfix.org/smtp\-smuggling.html for details.
++Reject or restrict input lines from an SMTP client that end in
++<LF> instead of the standard <CR><LF>. Such line
++endings are commonly allowed with UNIX\-based SMTP servers, but they
++violate RFC 5321, and allowing such line endings can make a server
++vulnerable to
++SMTP smuggling.
++.PP
++Specify one of the following values (case does not matter):
++.IP "\fBnormalize\fR"
++Require the standard
++End\-of\-DATA sequence <CR><LF>.<CR><LF>.
++Otherwise, allow command or message content lines ending in the
++non\-standard <LF>, and process them as if the client sent the
++standard <CR><LF>.
++.br
++.br
++This maintains compatibility
++with many legitimate SMTP client applications that send a mix of
++standard and non\-standard line endings, but will fail to receive
++email from client implementations that do not terminate DATA content
++with the standard End\-of\-DATA sequence
++<CR><LF>.<CR><LF>.
++.br
++.br
++Such clients
++can be excluded with smtpd_forbid_bare_newline_exclusions.
++.br
++.IP "\fByes\fR"
++Compatibility alias for \fBnormalize\fR.
++.br
++.IP "\fBreject\fR"
++Require the standard End\-of\-DATA
++sequence <CR><LF>.<CR><LF>. Reject a command
++or message content when a line contains bare <LF>, log a "bare
++<LF> received" error, and reply with the SMTP status code in
++$smtpd_forbid_bare_newline_reject_code.
++.br
++.br
++This will reject
++email from SMTP clients that send any non\-standard line endings
++such as web applications, netcat, or load balancer health checks.
++.br
++.br
++This will also reject email from services that use BDAT
++to send MIME text containing a bare newline (RFC 3030 Section 3
++requires canonical MIME format for text message types, defined in
++RFC 2045 Sections 2.7 and 2.8).
++.br
++.br
++Such clients can be
++excluded with smtpd_forbid_bare_newline_exclusions (or, in the case
++of BDAT violations, BDAT can be selectively disabled with
++smtpd_discard_ehlo_keyword_address_maps, or globally disabled with
++smtpd_discard_ehlo_keywords).
++.br
++.IP "\fBno\fR (default)"
++Do not require the standard
++End\-of\-DATA
++sequence <CR><LF>.<CR><LF>. Always process
++a bare <LF> as if the client sent <CR><LF>. This
++option is fully backwards compatible, but is not recommended for
++an Internet\-facing SMTP server, because it is vulnerable to  SMTP smuggling.
++.br
++.br
+ .PP
+-Example:
++Recommended settings:
+ .sp
+ .in +4
+ .nf
+ .na
+ .ft C
+-# Disconnect remote SMTP clients that send bare newlines, but allow
+-# local clients with non\-standard SMTP implementations such as netcat,
+-# fax machines, or load balancer health checks.
++# Require the standard End\-of\-DATA sequence <CR><LF>.<CR><LF>.
++# Otherwise, allow bare <LF> and process it as if the client sent
++# <CR><LF>.
+ #
+-smtpd_forbid_bare_newline = yes
++# This maintains compatibility with many legitimate SMTP client
++# applications that send a mix of standard and non\-standard line
++# endings, but will fail to receive email from client implementations
++# that do not terminate DATA content with the standard End\-of\-DATA
++# sequence <CR><LF>.<CR><LF>.
++#
++# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions.
++# The example below allowlists SMTP clients in trusted networks.
++#
++smtpd_forbid_bare_newline = normalize
+ smtpd_forbid_bare_newline_exclusions = $mynetworks
+ .fi
+ .ad
+ .ft R
+ .in -4
+ .PP
+-This feature is available in Postfix >= 3.9, 3.8.4, 3.7.9,
+-3.6.13, and 3.5.23.
+-.SH smtpd_forbid_bare_newline_exclusions (default: $mynetworks)
+-Exclude the specified clients from smtpd_forbid_bare_newline
+-enforcement. It uses the same syntax and parent\-domain matching
+-behavior as mynetworks.
+-.PP
+-Example:
++Alternative:
+ .sp
+ .in +4
+ .nf
+ .na
+ .ft C
+-# Disconnect remote SMTP clients that send bare newlines, but allow
+-# local clients with non\-standard SMTP implementations such as netcat,
+-# fax machines, or load balancer health checks.
++# Reject input lines that contain <LF> and log a "bare <LF> received"
++# error. Require that input lines end in <CR><LF>, and require the
++# standard End\-of\-DATA sequence <CR><LF>.<CR><LF>.
++#
++# This will reject email from SMTP clients that send any non\-standard
++# line endings such as web applications, netcat, or load balancer
++# health checks.
+ #
+-smtpd_forbid_bare_newline = yes
++# This will also reject email from services that use BDAT to send
++# MIME text containing a bare newline (RFC 3030 Section 3 requires
++# canonical MIME format for text message types, defined in RFC 2045
++# Sections 2.7 and 2.8).
++#
++# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions.
++# The example below allowlists SMTP clients in trusted networks.
++#
++smtpd_forbid_bare_newline = reject
+ smtpd_forbid_bare_newline_exclusions = $mynetworks
++#
++# Alternatively, in the case of BDAT violations, BDAT can be selectively
++# disabled with smtpd_discard_ehlo_keyword_address_maps, or globally
++# disabled with smtpd_discard_ehlo_keywords.
++#
++# smtpd_discard_ehlo_keyword_address_maps = cidr:/path/to/file
++# /path/to/file:
++#     10.0.0.0/24 chunking, silent\-discard
++# smtpd_discard_ehlo_keywords = chunking, silent\-discard
+ .fi
+ .ad
+ .ft R
+ .in -4
+ .PP
++This feature with settings \fByes\fR and \fBno\fR is available
++in Postfix 3.8.4, 3.7.9, 3.6.13, and 3.5.23. Additionally, the
++settings \fBreject\fR, and \fBnormalize\fR are available with
++Postfix >= 3.9, 3.8.5, 3.7.10, 3.6.14, and 3.5.24.
++.SH smtpd_forbid_bare_newline_exclusions (default: $mynetworks)
++Exclude the specified clients from smtpd_forbid_bare_newline
++enforcement. This setting uses the same syntax and parent\-domain
++matching behavior as mynetworks.
++.PP
+ This feature is available in Postfix >= 3.9, 3.8.4, 3.7.9,
+ 3.6.13, and 3.5.23.
++.SH smtpd_forbid_bare_newline_reject_code (default: 550)
++The numerical Postfix SMTP server response code when rejecting a
++request with "smtpd_forbid_bare_newline = reject".
++Specify a 5XX status code (521 to disconnect).
++.PP
++This feature is available in Postfix >= 3.9, 3.8.5, 3.7.10,
++3.6.14, and 3.5.24.
+ .SH smtpd_forbidden_commands (default: CONNECT, GET, POST)
+ List of commands that cause the Postfix SMTP server to immediately
+ terminate the session with a 221 code. This can be used to disconnect
+--- a/man/man8/cleanup.8
++++ b/man/man8/cleanup.8
+@@ -163,6 +163,14 @@
+ .IP "\fBmessage_strip_characters (empty)\fR"
+ The set of characters that Postfix will remove from message
+ content.
++.PP
++Available in Postfix version 3.9, 3.8.5, 3.7.10, 3.6.14,
++3.5.24, and later:
++.IP "\fBcleanup_replace_stray_cr_lf (yes)\fR"
++Replace each stray <CR> or <LF> character in message
++content with a space character, to prevent outbound SMTP smuggling,
++and to make the evaluation of Postfix\-added DKIM or other signatures
++independent from how a remote mail server handles such characters.
+ .SH "BEFORE QUEUE MILTER CONTROLS"
+ .na
+ .nf
+--- a/man/man8/smtpd.8
++++ b/man/man8/smtpd.8
+@@ -811,12 +811,17 @@
+ .PP
+ Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
+ .IP "\fBsmtpd_forbid_bare_newline (Postfix < 3.9: no)\fR"
+-Reply with "Error: bare <LF> received" and disconnect
+-when a remote SMTP client sends a line ending in <LF>, violating
+-the RFC 5321 requirement that lines must end in <CR><LF>.
++Reject or restrict input lines from an SMTP client that end in
++<LF> instead of the standard <CR><LF>.
+ .IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR"
+ Exclude the specified clients from smtpd_forbid_bare_newline
+ enforcement.
++.PP
++Available in Postfix 3.9, 3.8.5, 3.7.10, 3.6.14, 3.5.24 and
++later:
++.IP "\fBsmtpd_forbid_bare_newline_reject_code (550)\fR"
++The numerical Postfix SMTP server response code when rejecting a
++request with "smtpd_forbid_bare_newline = reject".
+ .SH "TARPIT CONTROLS"
+ .na
+ .nf
+--- a/mantools/postlink
++++ b/mantools/postlink
+@@ -547,8 +547,10 @@
+     s;\bsmtpd_error_sleep_time\b;<a href="postconf.5.html#smtpd_error_sleep_time">$&</a>;g;
+     s;\bsmtpd_etrn_restrictions\b;<a href="postconf.5.html#smtpd_etrn_restrictions">$&</a>;g;
+     s;\bsmtpd_expansion_filter\b;<a href="postconf.5.html#smtpd_expansion_filter">$&</a>;g;
+-    s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_newline\b;<a href="postconf.5.html#smtpd_forbi    d_bare_newline">$&</a>;g;
+-    s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_newline_exclusions\b;<a href="postconf.5.html#    smtpd_forbid_bare_newline_exclusions">$&</a>;g;
++    s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_new[-</bB>]*\n*[ <bB>]*line\b;<a href="postconf.5.html#smtpd_forbid_bare_newline">$&</a>;g;
++    s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_new[-</bB>]*\n*[ <bB>]*line_reject_code\b;<a href="postconf.5.html#smtpd_forbid_bare_newline_reject_code">$&</a>;g;
++    s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_new[-</bB>]*\n*[ <bB>]*line_exclusions\b;<a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">$&</a>;g;
++    s;\bcleanup_replace_stray_cr_lf\b;<a href="postconf.5.html#cleanup_replace_stray_cr_lf">$&</a>;g;
+     s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bidden_commands\b;<a href="postconf.5.html#smtpd_forbidden_commands">$&</a>;g;
+     s;\bsmtpd_hard_error_limit\b;<a href="postconf.5.html#smtpd_hard_error_limit">$&</a>;g;
+     s;\bsmtpd_helo_required\b;<a href="postconf.5.html#smtpd_helo_required">$&</a>;g;
+--- a/proto/postconf.proto
++++ b/proto/postconf.proto
+@@ -18061,52 +18061,138 @@
+ 
+ %PARAM smtpd_forbid_bare_newline Postfix &lt; 3.9: no
+ 
+-<p> Reply with "Error: bare &lt;LF&gt; received" and disconnect
+-when a remote SMTP client sends a line ending in &lt;LF&gt;, violating
+-the RFC 5321 requirement that lines must end in &lt;CR&gt;&lt;LF&gt;.
+-This feature is disbled by default with Postfix &lt; 3.9. Use
+-smtpd_forbid_bare_newline_exclusions to exclude non-standard clients
+-such as netcat. Specify "smtpd_forbid_bare_newline = no" to disable
+-(not recommended for an Internet-connected MTA). </p>
++<p> Reject or restrict input lines from an SMTP client that end in
++&lt;LF&gt; instead of the standard &lt;CR&gt;&lt;LF&gt;. Such line
++endings are commonly allowed with UNIX-based SMTP servers, but they
++violate RFC 5321, and allowing such line endings can make a server
++vulnerable to <a href="https://www.postfix.org/smtp-smuggling.html">
++SMTP smuggling</a>.  </p>
++
++<p> Specify one of the following values (case does not matter): </p>
++
++<dl compact>
++
++<dt> <b>normalize</b></dt> <dd> Require the standard
++End-of-DATA sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;.
++Otherwise, allow command or message content lines ending in the
++non-standard &lt;LF&gt;, and process them as if the client sent the
++standard &lt;CR&gt;&lt;LF&gt;. <br> <br> This maintains compatibility
++with many legitimate SMTP client applications that send a mix of
++standard and non-standard line endings, but will fail to receive
++email from client implementations that do not terminate DATA content
++with the standard End-of-DATA sequence
++&lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;. <br> <br> Such clients
++can be excluded with smtpd_forbid_bare_newline_exclusions. </dd>
++
++<dt> <b>yes</b> </dt> <dd> Compatibility alias for <b>normalize</b>. </dd>
++
++<dt> <b>reject</b> </dt> <dd> Require the standard End-of-DATA
++sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;. Reject a command
++or message content when a line contains bare &lt;LF&gt;, log a "bare
++&lt;LF&gt; received" error, and reply with the SMTP status code in
++$smtpd_forbid_bare_newline_reject_code. <br> <br> This will reject
++email from SMTP clients that send any non-standard line endings
++such as web applications, netcat, or load balancer health checks.
++<br> <br> This will also reject email from services that use BDAT
++to send MIME text containing a bare newline (RFC 3030 Section 3
++requires canonical MIME format for text message types, defined in
++RFC 2045 Sections 2.7 and 2.8). <br> <br> Such clients can be
++excluded with smtpd_forbid_bare_newline_exclusions (or, in the case
++of BDAT violations, BDAT can be selectively disabled with
++smtpd_discard_ehlo_keyword_address_maps, or globally disabled with
++smtpd_discard_ehlo_keywords). </dd>
++
++<dt> <b>no</b> (default)</dt> <dd> Do not require the standard
++End-of-DATA
++sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;. Always process
++a bare &lt;LF&gt; as if the client sent &lt;CR&gt;&lt;LF&gt;. This
++option is fully backwards compatible, but is not recommended for
++an Internet-facing SMTP server, because it is vulnerable to <a
++href="https://www.postfix.org/smtp-smuggling.html"> SMTP smuggling</a>.
++</dd>
+ 
+-<p> See <a href="https://www.postfix.org/smtp-smuggling.html">
+-https://www.postfix.org/smtp-smuggling.html</a> for details.
++</dl>
+ 
+-<p> Example: </p>
++<p> Recommended settings: </p>
+ 
+ <blockquote>
+ <pre>
+-# Disconnect remote SMTP clients that send bare newlines, but allow
+-# local clients with non-standard SMTP implementations such as netcat,
+-# fax machines, or load balancer health checks.
++# Require the standard End-of-DATA sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;.
++# Otherwise, allow bare &lt;LF&gt; and process it as if the client sent
++# &lt;CR&gt;&lt;LF&gt;.
+ #
+-smtpd_forbid_bare_newline = yes
++# This maintains compatibility with many legitimate SMTP client
++# applications that send a mix of standard and non-standard line
++# endings, but will fail to receive email from client implementations
++# that do not terminate DATA content with the standard End-of-DATA
++# sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;.
++#
++# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions.
++# The example below allowlists SMTP clients in trusted networks.
++#
++smtpd_forbid_bare_newline = normalize
+ smtpd_forbid_bare_newline_exclusions = $mynetworks
+ </pre>
+ </blockquote>
+ 
+-<p> This feature is available in Postfix &ge; 3.9, 3.8.4, 3.7.9,
+-3.6.13, and 3.5.23. </p>
+-
+-%PARAM smtpd_forbid_bare_newline_exclusions $mynetworks
+-
+-<p> Exclude the specified clients from smtpd_forbid_bare_newline
+-enforcement. It uses the same syntax and parent-domain matching
+-behavior as mynetworks. </p>
+-
+-<p> Example: </p>
++<p> Alternative: </p>
+ 
+ <blockquote>
+ <pre>
+-# Disconnect remote SMTP clients that send bare newlines, but allow
+-# local clients with non-standard SMTP implementations such as netcat,
+-# fax machines, or load balancer health checks.
++# Reject input lines that contain &lt;LF&gt; and log a "bare &lt;LF&gt; received"
++# error. Require that input lines end in &lt;CR&gt;&lt;LF&gt;, and require the
++# standard End-of-DATA sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;.
++#
++# This will reject email from SMTP clients that send any non-standard
++# line endings such as web applications, netcat, or load balancer
++# health checks.
++#
++# This will also reject email from services that use BDAT to send
++# MIME text containing a bare newline (RFC 3030 Section 3 requires
++# canonical MIME format for text message types, defined in RFC 2045
++# Sections 2.7 and 2.8).
++#
++# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions.
++# The example below allowlists SMTP clients in trusted networks.
+ #
+-smtpd_forbid_bare_newline = yes
++smtpd_forbid_bare_newline = reject
+ smtpd_forbid_bare_newline_exclusions = $mynetworks
++#
++# Alternatively, in the case of BDAT violations, BDAT can be selectively
++# disabled with smtpd_discard_ehlo_keyword_address_maps, or globally
++# disabled with smtpd_discard_ehlo_keywords.
++#
++# smtpd_discard_ehlo_keyword_address_maps = cidr:/path/to/file
++# /path/to/file:
++#     10.0.0.0/24 chunking, silent-discard
++# smtpd_discard_ehlo_keywords = chunking, silent-discard
+ </pre>
+ </blockquote>
+ 
++<p> This feature with settings <b>yes</b> and <b>no</b> is available
++in Postfix 3.8.4, 3.7.9, 3.6.13, and 3.5.23. Additionally, the
++settings <b>reject</b>, and <b>normalize</b> are available with
++Postfix &ge; 3.9, 3.8.5, 3.7.10, 3.6.14, and 3.5.24. </p>
++
++%PARAM smtpd_forbid_bare_newline_exclusions $mynetworks
++
++<p> Exclude the specified clients from smtpd_forbid_bare_newline
++enforcement. This setting uses the same syntax and parent-domain
++matching behavior as mynetworks. </p>
++
+ <p> This feature is available in Postfix &ge; 3.9, 3.8.4, 3.7.9,
+ 3.6.13, and 3.5.23. </p>
+ 
++%PARAM smtpd_forbid_bare_newline_reject_code 550
++
++<p>
++The numerical Postfix SMTP server response code when rejecting a
++request with "smtpd_forbid_bare_newline = reject".
++Specify a 5XX status code (521 to disconnect).
++</p>
++
++<p> This feature is available in Postfix &ge; 3.9, 3.8.5, 3.7.10,
++3.6.14, and 3.5.24. </p>
++
++%PARAM cleanup_replace_stray_cr_lf yes
++
+--- a/src/cleanup/cleanup.c
++++ b/src/cleanup/cleanup.c
+@@ -145,6 +145,14 @@
+ /* .IP "\fBmessage_strip_characters (empty)\fR"
+ /*	The set of characters that Postfix will remove from message
+ /*	content.
++/* .PP
++/*	Available in Postfix version 3.9, 3.8.5, 3.7.10, 3.6.14,
++/*	3.5.24, and later:
++/* .IP "\fBcleanup_replace_stray_cr_lf (yes)\fR"
++/*	Replace each stray <CR> or <LF> character in message
++/*	content with a space character, to prevent outbound SMTP smuggling,
++/*	and to make the evaluation of Postfix-added DKIM or other signatures
++/*	independent from how a remote mail server handles such characters.
+ /* BEFORE QUEUE MILTER CONTROLS
+ /* .ad
+ /* .fi
+--- a/src/cleanup/cleanup_init.c
++++ b/src/cleanup/cleanup_init.c
+@@ -173,6 +173,7 @@
+ int     var_always_add_hdrs;		/* always add missing headers */
+ int     var_virt_addrlen_limit;		/* stop exponential growth */
+ char   *var_hfrom_format;		/* header_from_format */
++int     var_cleanup_mask_stray_cr_lf;	/* replace stray CR or LF with space */
+ 
+ const CONFIG_INT_TABLE cleanup_int_table[] = {
+     VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0,
+@@ -189,6 +190,7 @@
+     VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
+     VAR_AUTO_8BIT_ENC_HDR, DEF_AUTO_8BIT_ENC_HDR, &var_auto_8bit_enc_hdr,
+     VAR_ALWAYS_ADD_HDRS, DEF_ALWAYS_ADD_HDRS, &var_always_add_hdrs,
++    VAR_CLEANUP_MASK_STRAY_CR_LF, DEF_CLEANUP_MASK_STRAY_CR_LF, &var_cleanup_mask_stray_cr_lf,
+     0,
+ };
+ 
+--- a/src/cleanup/cleanup_message.c
++++ b/src/cleanup/cleanup_message.c
+@@ -930,6 +930,23 @@
+     char   *dst;
+ 
+     /*
++     * Replace each stray CR or LF with one space. These are not allowed in
++     * SMTP, and can be used to enable outbound (remote) SMTP smuggling.
++     * Replacing these early ensures that our later DKIM etc. signature will
++     * not be invalidated. Besides preventing SMTP smuggling, replacing stray
++     * <CR> or <LF> ensures that the result of signature validation by a
++     * later mail system will not depend on how that mail system handles
++     * those stray characters in an implementation-dependent manner.
++     *
++     * The input length is not changed, therefore it is safe to overwrite the
++     * input.
++     */
++    if (var_cleanup_mask_stray_cr_lf)
++	for (dst = (char *) buf; dst < buf + len; dst++)
++	    if (*dst == '\r' || *dst == '\n')
++		*dst = ' ';
++
++    /*
+      * Reject unwanted characters.
+      * 
+      * XXX Possible optimization: simplify the loop when the "reject" set
+--- a/src/global/cleanup_strerror.c
++++ b/src/global/cleanup_strerror.c
+@@ -73,6 +73,7 @@
+     CLEANUP_STAT_CONT, 550, "5.7.1", "message content rejected",
+     CLEANUP_STAT_WRITE, 451, "4.3.0", "queue file write error",
+     CLEANUP_STAT_NOPERM, 550, "5.7.1", "service denied",
++    CLEANUP_STAT_BARE_LF, 521, "5.5.2", "bare <LF> received",
+ };
+ 
+ static CLEANUP_STAT_DETAIL cleanup_stat_success = {
+--- a/src/global/cleanup_user.h
++++ b/src/global/cleanup_user.h
+@@ -65,6 +65,12 @@
+ #define CLEANUP_STAT_NOPERM	(1<<9)	/* Denied by non-content policy */
+ 
+  /*
++  * Non-cleanup errors that live in the same bitmask space, to centralize
++  * error handling.
++  */
++#define CLEANUP_STAT_BARE_LF   (1<<16)	/* Bare <LF> received */
++
++ /*
+   * These are set when we can't bounce even if we were asked to.
+   */
+ #define CLEANUP_STAT_MASK_CANT_BOUNCE \
+--- a/src/global/mail_params.h
++++ b/src/global/mail_params.h
+@@ -4173,11 +4173,18 @@
+   * Backwards compatibility.
+   */
+ #define VAR_SMTPD_FORBID_BARE_LF	"smtpd_forbid_bare_newline"
+-#define DEF_SMTPD_FORBID_BARE_LF	0
++#define DEF_SMTPD_FORBID_BARE_LF	"no"
+ 
+ #define VAR_SMTPD_FORBID_BARE_LF_EXCL	"smtpd_forbid_bare_newline_exclusions"
+ #define DEF_SMTPD_FORBID_BARE_LF_EXCL	"$" VAR_MYNETWORKS
+ 
++#define VAR_SMTPD_FORBID_BARE_LF_CODE	"smtpd_forbid_bare_newline_reject_code"
++#define DEF_SMTPD_FORBID_BARE_LF_CODE	550
++
++#define VAR_CLEANUP_MASK_STRAY_CR_LF	"cleanup_replace_stray_cr_lf"
++#define DEF_CLEANUP_MASK_STRAY_CR_LF	1
++extern int var_cleanup_mask_stray_cr_lf;
++
+  /*
+   * Share TLS sessions through tlsproxy(8).
+   */
+--- a/src/global/smtp_stream.c
++++ b/src/global/smtp_stream.c
+@@ -51,7 +51,8 @@
+ /*	char	*format;
+ /*	va_list	ap;
+ /*
+-/*	int	smtp_forbid_bare_lf;
++/*	int	smtp_detect_bare_lf;
++/*	int	smtp_got_bare_lf;
+ /* AUXILIARY API
+ /*	int	smtp_get_noexcept(vp, stream, maxlen, flags)
+ /*	VSTRING	*vp;
+@@ -126,16 +127,16 @@
+ /*	smtp_vprintf() is the machine underneath smtp_printf().
+ /*
+ /*	smtp_get_noexcept() implements the subset of smtp_get()
+-/*	without long jumps for timeout or EOF errors. Instead,
++/*	without timeouts and without making long jumps. Instead,
+ /*	query the stream status with vstream_feof() etc.
+-/*	This function will make a VSTREAM long jump (error code
+-/*	SMTP_ERR_LF) when rejecting input with a bare newline byte.
++/*
++/*	This function assigns smtp_got_bare_lf = smtp_detect_bare_lf,
++/*	if smtp_detect_bare_lf is non-zero and the last read line
++/*	was terminated with a bare newline. Otherwise, this function
++/*	sets smtp_got_bare_lf to zero.
+ /*
+ /*	smtp_timeout_setup() is a backwards-compatibility interface
+ /*	for programs that don't require per-record deadline support.
+-/*
+-/*	smtp_forbid_bare_lf controls whether smtp_get_noexcept()
+-/*	will reject input with a bare newline byte.
+ /* DIAGNOSTICS
+ /* .fi
+ /* .ad
+@@ -208,7 +209,8 @@
+ 
+ #include "smtp_stream.h"
+ 
+-int     smtp_forbid_bare_lf;
++int     smtp_detect_bare_lf;
++int     smtp_got_bare_lf;
+ 
+ /* smtp_timeout_reset - reset per-stream error flags, restart deadline timer */
+ 
+@@ -371,6 +373,8 @@
+     int     last_char;
+     int     next_char;
+ 
++    smtp_got_bare_lf = 0;
++
+     /*
+      * It's painful to do I/O with records that may span multiple buffers.
+      * Allow for partial long lines (we will read the remainder later) and
+@@ -413,11 +417,15 @@
+ 	 */
+     case '\n':
+ 	vstring_truncate(vp, VSTRING_LEN(vp) - 1);
+-	if (smtp_forbid_bare_lf
+-	    && (VSTRING_LEN(vp) == 0 || vstring_end(vp)[-1] != '\r'))
+-	    vstream_longjmp(stream, SMTP_ERR_LF);
+-	while (VSTRING_LEN(vp) > 0 && vstring_end(vp)[-1] == '\r')
+-	    vstring_truncate(vp, VSTRING_LEN(vp) - 1);
++	if (smtp_detect_bare_lf) {
++	    if (VSTRING_LEN(vp) == 0 || vstring_end(vp)[-1] != '\r')
++		smtp_got_bare_lf = smtp_detect_bare_lf;
++	    else
++		vstring_truncate(vp, VSTRING_LEN(vp) - 1);
++	} else {
++	    while (VSTRING_LEN(vp) > 0 && vstring_end(vp)[-1] == '\r')
++		vstring_truncate(vp, VSTRING_LEN(vp) - 1);
++	}
+ 	VSTRING_TERMINATE(vp);
+ 	/* FALLTRHOUGH */
+ 
+--- a/src/global/smtp_stream.h
++++ b/src/global/smtp_stream.h
+@@ -32,7 +32,6 @@
+ #define SMTP_ERR_QUIET	3		/* silent cleanup (application) */
+ #define SMTP_ERR_NONE	4		/* non-error case */
+ #define SMTP_ERR_DATA	5		/* application data error */
+-#define SMTP_ERR_LF	6		/* bare <LF> protocol error */
+ 
+ extern void smtp_stream_setup(VSTREAM *, int, int);
+ extern void PRINTFLIKE(2, 3) smtp_printf(VSTREAM *, const char *,...);
+@@ -44,7 +43,8 @@
+ extern void smtp_fwrite(const char *, ssize_t len, VSTREAM *);
+ extern void smtp_fread_buf(VSTRING *, ssize_t len, VSTREAM *);
+ extern void smtp_fputc(int, VSTREAM *);
+-extern int smtp_forbid_bare_lf;
++extern int smtp_detect_bare_lf;
++extern int smtp_got_bare_lf;
+ 
+ extern void smtp_vprintf(VSTREAM *, const char *, va_list);
+ 
+--- a/src/smtpd/smtpd.c
++++ b/src/smtpd/smtpd.c
+@@ -765,12 +765,17 @@
+ /* .PP
+ /*	Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
+ /* .IP "\fBsmtpd_forbid_bare_newline (Postfix < 3.9: no)\fR"
+-/*	Reply with "Error: bare <LF> received" and disconnect
+-/*	when a remote SMTP client sends a line ending in <LF>, violating
+-/*	the RFC 5321 requirement that lines must end in <CR><LF>.
++/*	Reject or restrict input lines from an SMTP client that end in
++/*	<LF> instead of the standard <CR><LF>.
+ /* .IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR"
+ /*	Exclude the specified clients from smtpd_forbid_bare_newline
+ /*	enforcement.
++/* .PP
++/*	Available in Postfix 3.9, 3.8.5, 3.7.10, 3.6.14, 3.5.24 and
++/*	later:
++/* .IP "\fBsmtpd_forbid_bare_newline_reject_code (550)\fR"
++/*	The numerical Postfix SMTP server response code when rejecting a
++/*	request with "smtpd_forbid_bare_newline = reject".
+ /* TARPIT CONTROLS
+ /* .ad
+ /* .fi
+@@ -1476,8 +1481,10 @@
+ int     var_smtpd_uproxy_tmout;
+ bool    var_relay_before_rcpt_checks;
+ 
+-bool    var_smtpd_forbid_bare_lf;
++char   *var_smtpd_forbid_bare_lf;
+ char   *var_smtpd_forbid_bare_lf_excl;
++int     var_smtpd_forbid_bare_lf_code;
++static int bare_lf_mask;
+ static NAMADR_LIST *bare_lf_excl;
+ 
+  /*
+@@ -1554,7 +1561,6 @@
+ #define REASON_TIMEOUT		"timeout"
+ #define REASON_LOST_CONNECTION	"lost connection"
+ #define REASON_ERROR_LIMIT	"too many errors"
+-#define REASON_BARE_LF		"bare <LF> received"
+ 
+ #ifdef USE_TLS
+ 
+@@ -1573,6 +1579,40 @@
+   */
+ static DICT *smtpd_cmd_filter;
+ 
++ /*
++  * Bare LF and End-of-DATA controls (bare CR is handled elsewhere).
++  *
++  * At the smtp_get*() line reader level, setting any of these flags in the
++  * smtp_detect_bare_lf variable enables the detection of bare newlines. The
++  * line reader will set the same flags in the smtp_got_bare_lf variable
++  * after it detects a bare newline, otherwise it clears smtp_got_bare_lf.
++  *
++  * At the SMTP command level, the flags in smtp_got_bare_lf control whether
++  * commands ending in a bare newline are rejected.
++  *
++  * At the DATA and BDAT content level, the flags in smtp_got_bare_lf control
++  * whether the standard End-of-DATA sequence CRLF.CRLF is required, and
++  * whether lines ending in bare newlines are rejected.
++  *
++  * Postfix implements "delayed reject" after detecting a bare newline in BDAT
++  * or DATA content. The SMTP server delays a REJECT response until the
++  * command is finished, instead of replying and hanging up immediately. The
++  * End-of-DATA detection is secured with BARE_LF_FLAG_WANT_STD_EOD.
++  */
++#define BARE_LF_FLAG_WANT_STD_EOD	(1<<0)	/* Require CRLF.CRLF */
++#define BARE_LF_FLAG_REPLY_REJECT	(1<<1)	/* Reject bare newline */
++
++#define IS_BARE_LF_WANT_STD_EOD(m)	((m) & BARE_LF_FLAG_WANT_STD_EOD)
++#define IS_BARE_LF_REPLY_REJECT(m)	((m) & BARE_LF_FLAG_REPLY_REJECT)
++
++static const NAME_CODE bare_lf_mask_table[] = {
++    "normalize", BARE_LF_FLAG_WANT_STD_EOD,	/* Default */
++    "yes", BARE_LF_FLAG_WANT_STD_EOD,	/* Migration aid */
++    "reject", BARE_LF_FLAG_WANT_STD_EOD | BARE_LF_FLAG_REPLY_REJECT,
++    "no", 0,
++    0, -1,				/* error */
++};
++
+ #ifdef USE_SASL_AUTH
+ 
+  /*
+@@ -3515,6 +3555,7 @@
+     int     curr_rec_type;
+     int     prev_rec_type;
+     int     first = 1;
++    int     prev_got_bare_lf = 0;
+ 
+     /*
+      * Copy the message content. If the cleanup process has a problem, keep
+@@ -3528,12 +3569,15 @@
+      * XXX Deal with UNIX-style From_ lines at the start of message content
+      * because sendmail permits it.
+      */
+-    for (prev_rec_type = 0; /* void */ ; prev_rec_type = curr_rec_type) {
++    for (prev_rec_type = 0; /* void */ ; prev_rec_type = curr_rec_type,
++	 prev_got_bare_lf = smtp_got_bare_lf) {
+ 	if (smtp_get(state->buffer, state->client, var_line_limit,
+ 		     SMTP_GET_FLAG_NONE) == '\n')
+ 	    curr_rec_type = REC_TYPE_NORM;
+ 	else
+ 	    curr_rec_type = REC_TYPE_CONT;
++	if (IS_BARE_LF_REPLY_REJECT(smtp_got_bare_lf))
++	    state->err |= CLEANUP_STAT_BARE_LF;
+ 	start = vstring_str(state->buffer);
+ 	len = VSTRING_LEN(state->buffer);
+ 	if (first) {
+@@ -3546,9 +3590,14 @@
+ 	    if (len > 0 && IS_SPACE_TAB(start[0]))
+ 		out_record(out_stream, REC_TYPE_NORM, "", 0);
+ 	}
+-	if (prev_rec_type != REC_TYPE_CONT && *start == '.'
+-	    && (proxy == 0 ? (++start, --len) == 0 : len == 1))
+-	    break;
++	if (prev_rec_type != REC_TYPE_CONT && *start == '.') {
++	    if (len == 1 && IS_BARE_LF_WANT_STD_EOD(smtp_detect_bare_lf)
++		&& (smtp_got_bare_lf || prev_got_bare_lf))
++		/* Do not store or send to proxy filter. */
++		continue;
++	    if (proxy == 0 ? (++start, --len) == 0 : len == 1)
++		break;
++	}
+ 	if (state->err == CLEANUP_STAT_OK) {
+ 	    if (ENFORCING_SIZE_LIMIT(var_message_limit)
+ 		&& var_message_limit - state->act_size < len + 2) {
+@@ -3701,6 +3750,11 @@
+ 	else
+ 	    smtpd_chat_reply(state,
+ 			     "250 2.0.0 Ok: queued as %s", state->queue_id);
++    } else if ((state->err & CLEANUP_STAT_BARE_LF) != 0) {
++	state->error_mask |= MAIL_ERROR_PROTOCOL;
++	log_whatsup(state, "reject", "bare <LF> received");
++	smtpd_chat_reply(state, "%d 5.5.2 %s Error: bare <LF> received",
++			 var_smtpd_forbid_bare_lf_code, var_myhostname);
+     } else if (why && IS_SMTP_REJECT(STR(why))) {
+ 	state->error_mask |= MAIL_ERROR_POLICY;
+ 	smtpd_chat_reply(state, "%s", STR(why));
+@@ -3981,7 +4035,6 @@
+      */
+     done = 0;
+     do {
+-	int     payload_err;
+ 
+ 	/*
+ 	 * Do not skip the smtp_fread_buf() call if read_len == 0. We still
+@@ -3995,10 +4048,6 @@
+ 	smtp_fread_buf(state->buffer, read_len, state->client);
+ 	state->bdat_get_stream = vstream_memreopen(
+ 			   state->bdat_get_stream, state->buffer, O_RDONLY);
+-	vstream_control(state->bdat_get_stream, CA_VSTREAM_CTL_EXCEPT,
+-			CA_VSTREAM_CTL_END);
+-	if ((payload_err = vstream_setjmp(state->bdat_get_stream)) != 0)
+-	    vstream_longjmp(state->client, payload_err);
+ 
+ 	/*
+ 	 * Read lines from the fragment. The last line may continue in the
+@@ -4023,6 +4072,8 @@
+ 		/* Skip the out_record() and VSTRING_RESET() calls below. */
+ 		break;
+ 	    }
++	    if (IS_BARE_LF_REPLY_REJECT(smtp_got_bare_lf))
++		state->err |= CLEANUP_STAT_BARE_LF;
+ 	    start = vstring_str(state->bdat_get_buffer);
+ 	    len = VSTRING_LEN(state->bdat_get_buffer);
+ 	    if (state->err == CLEANUP_STAT_OK) {
+@@ -4674,9 +4725,9 @@
+      */
+     xclient_allowed =
+ 	namadr_list_match(xclient_hosts, state->name, state->addr);
+-    smtp_forbid_bare_lf = SMTPD_STAND_ALONE((state)) == 0
+-	&& var_smtpd_forbid_bare_lf
+-	&& !namadr_list_match(bare_lf_excl, state->name, state->addr);
++    smtp_detect_bare_lf = (SMTPD_STAND_ALONE((state)) == 0 && bare_lf_mask
++	    && !namadr_list_match(bare_lf_excl, state->name, state->addr)) ?
++	bare_lf_mask : 0;
+     /* NOT: tls_reset() */
+     if (got_helo == 0)
+ 	helo_reset(state);
+@@ -5468,13 +5519,6 @@
+ 			     var_myhostname);
+ 	break;
+ 
+-    case SMTP_ERR_LF:
+-	state->reason = REASON_BARE_LF;
+-	if (vstream_setjmp(state->client) == 0)
+-	    smtpd_chat_reply(state, "521 5.5.2 %s Error: bare <LF> received",
+-			     var_myhostname);
+-	break;
+-
+     case 0:
+ 
+ 	/*
+@@ -5676,6 +5720,13 @@
+ 	    }
+ 	    watchdog_pat();
+ 	    smtpd_chat_query(state);
++	    if (IS_BARE_LF_REPLY_REJECT(smtp_got_bare_lf)) {
++		log_whatsup(state, "reject", "bare <LF> received");
++		state->error_mask |= MAIL_ERROR_PROTOCOL;
++		smtpd_chat_reply(state, "%d 5.5.2 %s Error: bare <LF> received",
++			     var_smtpd_forbid_bare_lf_code, var_myhostname);
++		break;
++	    }
+ 	    /* Safety: protect internal interfaces against malformed UTF-8. */
+ 	    if (var_smtputf8_enable && valid_utf8_string(STR(state->buffer),
+ 						 LEN(state->buffer)) == 0) {
+@@ -6024,11 +6075,11 @@
+ 	namadr_list_match(xforward_hosts, state.name, state.addr);
+ 
+     /*
+-     * Enforce strict SMTP line endings, with compatibility exclusions.
++     * Reject or normalize bare LF, with compatibility exclusions.
+      */
+-    smtp_forbid_bare_lf = SMTPD_STAND_ALONE((&state)) == 0
+-	&& var_smtpd_forbid_bare_lf
+-	&& !namadr_list_match(bare_lf_excl, state.name, state.addr);
++    smtp_detect_bare_lf = (SMTPD_STAND_ALONE((&state)) == 0 && bare_lf_mask
++	      && !namadr_list_match(bare_lf_excl, state.name, state.addr)) ?
++	bare_lf_mask : 0;
+ 
+     /*
+      * See if we need to turn on verbose logging for this client.
+@@ -6095,6 +6146,10 @@
+ 				    MATCH_FLAG_RETURN
+ 				    | match_parent_style(VAR_MYNETWORKS),
+ 				    var_smtpd_forbid_bare_lf_excl);
++    if ((bare_lf_mask = name_code(bare_lf_mask_table, NAME_CODE_FLAG_NONE,
++				  var_smtpd_forbid_bare_lf)) < 0)
++	msg_fatal("bad parameter value: '%s = %s'",
++		  VAR_SMTPD_FORBID_BARE_LF, var_smtpd_forbid_bare_lf);
+ 
+     /*
+      * Open maps before dropping privileges so we can read passwords etc.
+@@ -6390,6 +6445,7 @@
+ 	VAR_VIRT_MAILBOX_CODE, DEF_VIRT_MAILBOX_CODE, &var_virt_mailbox_code, 0, 0,
+ 	VAR_RELAY_RCPT_CODE, DEF_RELAY_RCPT_CODE, &var_relay_rcpt_code, 0, 0,
+ 	VAR_PLAINTEXT_CODE, DEF_PLAINTEXT_CODE, &var_plaintext_code, 0, 0,
++	VAR_SMTPD_FORBID_BARE_LF_CODE, DEF_SMTPD_FORBID_BARE_LF_CODE, &var_smtpd_forbid_bare_lf_code, 500, 599,
+ 	VAR_SMTPD_CRATE_LIMIT, DEF_SMTPD_CRATE_LIMIT, &var_smtpd_crate_limit, 0, 0,
+ 	VAR_SMTPD_CCONN_LIMIT, DEF_SMTPD_CCONN_LIMIT, &var_smtpd_cconn_limit, 0, 0,
+ 	VAR_SMTPD_CMAIL_LIMIT, DEF_SMTPD_CMAIL_LIMIT, &var_smtpd_cmail_limit, 0, 0,
+@@ -6452,7 +6508,6 @@
+ 	VAR_SMTPD_PEERNAME_LOOKUP, DEF_SMTPD_PEERNAME_LOOKUP, &var_smtpd_peername_lookup,
+ 	VAR_SMTPD_DELAY_OPEN, DEF_SMTPD_DELAY_OPEN, &var_smtpd_delay_open,
+ 	VAR_SMTPD_CLIENT_PORT_LOG, DEF_SMTPD_CLIENT_PORT_LOG, &var_smtpd_client_port_log,
+-    VAR_SMTPD_FORBID_BARE_LF, DEF_SMTPD_FORBID_BARE_LF, &var_smtpd_forbid_bare_lf,
+ 	0,
+     };
+     static const CONFIG_NBOOL_TABLE nbool_table[] = {
+@@ -6569,6 +6624,7 @@
+ 	VAR_SMTPD_DNS_RE_FILTER, DEF_SMTPD_DNS_RE_FILTER, &var_smtpd_dns_re_filter, 0, 0,
+ 	VAR_SMTPD_REJ_FTR_MAPS, DEF_SMTPD_REJ_FTR_MAPS, &var_smtpd_rej_ftr_maps, 0, 0,
+ 	VAR_SMTPD_FORBID_BARE_LF_EXCL, DEF_SMTPD_FORBID_BARE_LF_EXCL, &var_smtpd_forbid_bare_lf_excl, 0, 0,
++	VAR_SMTPD_FORBID_BARE_LF, DEF_SMTPD_FORBID_BARE_LF, &var_smtpd_forbid_bare_lf, 1, 0,
+ 	0,
+     };
+     static const CONFIG_RAW_TABLE raw_table[] = {
+--- a/src/smtpd/smtpd_check.c
++++ b/src/smtpd/smtpd_check.c
+@@ -48,6 +48,11 @@
+ /*
+ /*	char	*smtpd_check_queue(state)
+ /*	SMTPD_STATE *state;
++/* AUXILIARY FUNCTIONS
++/*	void	log_whatsup(state, action, text)
++/*	SMTPD_STATE *state;
++/*	const char *action;
++/*	const char *text;
+ /* DESCRIPTION
+ /*	This module implements additional checks on SMTP client requests.
+ /*	A client request is validated in the context of the session state.
+@@ -146,6 +151,11 @@
+ /*	The recipient address given with the RCPT TO or VRFY command.
+ /* .IP size
+ /*	The message size given with the MAIL FROM command (zero if unknown).
++/* .PP
++/*	log_whatsup() logs "<queueid>: <action>: <protocol state>
++/*	from: <client-name[client-addr]>: <text>" plus the protocol
++/*	(SMTP or ESMTP), and if available, EHLO, MAIL FROM, or RCPT
++/*	TO.
+ /* BUGS
+ /*	Policies like these should not be hard-coded in C, but should
+ /*	be user-programmable instead.
+@@ -987,8 +997,8 @@
+ 
+ /* log_whatsup - log as much context as we have */
+ 
+-static void log_whatsup(SMTPD_STATE *state, const char *whatsup,
+-			        const char *text)
++void    log_whatsup(SMTPD_STATE *state, const char *whatsup,
++		            const char *text)
+ {
+     VSTRING *buf = vstring_alloc(100);
+ 
+--- a/src/smtpd/smtpd_check.h
++++ b/src/smtpd/smtpd_check.h
+@@ -25,6 +25,7 @@
+ extern char *smtpd_check_data(SMTPD_STATE *);
+ extern char *smtpd_check_eod(SMTPD_STATE *);
+ extern char *smtpd_check_policy(SMTPD_STATE *, char *);
++extern void log_whatsup(SMTPD_STATE *, const char *, const char *);
+ 
+ /* LICENSE
+ /* .ad
diff --git a/meta-networking/recipes-daemons/postfix/postfix_3.6.5.bb b/meta-networking/recipes-daemons/postfix/postfix_3.6.7.bb
index 343a8b2df0..fdda2e749e 100644
--- a/meta-networking/recipes-daemons/postfix/postfix_3.6.5.bb
+++ b/meta-networking/recipes-daemons/postfix/postfix_3.6.7.bb
@@ -12,6 +12,9 @@ SRC_URI += "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${P
             file://0003-makedefs-Use-native-compiler-to-build-makedefs.test.patch \
             file://0004-Fix-icu-config.patch \
             file://0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \
+            file://0006-makedefs-Account-for-linux-6.x-version.patch \
+            file://CVE-2023-51764-1.patch \
+            file://CVE-2023-51764-2.patch \ 
            "
-SRC_URI[sha256sum] = "300fa8811cea20d01d25c619d359bffab82656e704daa719e0c9afc4ecff4808"
+SRC_URI[sha256sum] = "e471df7e0eb11c4a1e574b6d7298f635386e2843b6b3584c25a04543d587e07f"
 UPSTREAM_CHECK_REGEX = "postfix\-(?P<pver>3\.6(\.\d+)+).tar.gz"
diff --git a/meta-networking/recipes-daemons/proftpd/files/CVE-2023-51713.patch b/meta-networking/recipes-daemons/proftpd/files/CVE-2023-51713.patch
new file mode 100644
index 0000000000..4b2cac1870
--- /dev/null
+++ b/meta-networking/recipes-daemons/proftpd/files/CVE-2023-51713.patch
@@ -0,0 +1,277 @@
+From 97bbe68363ccf2de0c07f67170ec64a8b4d62592 Mon Sep 17 00:00:00 2001
+From: TJ Saunders <tj@castaglia.org>
+Date: Sun, 6 Aug 2023 13:16:26 -0700
+Subject: [PATCH] Issue #1683: Avoid an edge case when handling unexpectedly
+ formatted input text from client, caused by quote/backslash semantics, by
+ skipping those semantics.
+
+Upstream-Status: Backport [https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592]
+CVE: CVE-2023-51713
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ include/str.h   |  3 ++-
+ src/main.c      | 34 +++++++++++++++++++++++++++++----
+ src/str.c       | 22 +++++++++++++---------
+ tests/api/str.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++-
+ 4 files changed, 94 insertions(+), 15 deletions(-)
+
+diff --git a/include/str.h b/include/str.h
+index f08398017..1261ae2c2 100644
+--- a/include/str.h
++++ b/include/str.h
+@@ -1,6 +1,6 @@
+ /*
+  * ProFTPD - FTP server daemon
+- * Copyright (c) 2008-2020 The ProFTPD Project team
++ * Copyright (c) 2008-2023 The ProFTPD Project team
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -131,6 +131,7 @@ const char *pr_gid2str(pool *, gid_t);
+ #define PR_STR_FL_PRESERVE_COMMENTS		0x0001
+ #define PR_STR_FL_PRESERVE_WHITESPACE		0x0002
+ #define PR_STR_FL_IGNORE_CASE			0x0004
++#define PR_STR_FL_IGNORE_QUOTES			0x0008
+ 
+ char *pr_str_get_token(char **, char *);
+ char *pr_str_get_token2(char **, char *, size_t *);
+diff --git a/src/main.c b/src/main.c
+index ee9c1eecb..e6b70731d 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -811,8 +811,24 @@ static cmd_rec *make_ftp_cmd(pool *p, char *buf, size_t buflen, int flags) {
+     return NULL;
+   }
+ 
++  /* By default, pr_str_get_word will handle quotes and backslashes for
++   * escaping characters.  This can produce words which are shorter, use
++   * fewer bytes than the corresponding input buffer.
++   *
++   * In this particular situation, we use the length of this initial word
++   * for determining the length of the remaining buffer bytes, assumed to
++   * contain the FTP command arguments.  If this initial word is thus
++   * unexpectedly "shorter", due to nonconformant FTP text, it can lead
++   * the subsequent buffer scan, looking for CRNUL sequencees, to access
++   * unexpected memory addresses (Issue #1683).
++   *
++   * Thus for this particular situation, we tell the function to ignore/skip
++   * such quote/backslash semantics, and treat them as any other character
++   * using the IGNORE_QUOTES flag.
++   */
++
+   ptr = buf;
+-  wrd = pr_str_get_word(&ptr, str_flags);
++  wrd = pr_str_get_word(&ptr, str_flags|PR_STR_FL_IGNORE_QUOTES);
+   if (wrd == NULL) {
+     /* Nothing there...bail out. */
+     pr_trace_msg("ctrl", 5, "command '%s' is empty, ignoring", buf);
+@@ -820,6 +836,11 @@ static cmd_rec *make_ftp_cmd(pool *p, char *buf, size_t buflen, int flags) {
+     return NULL;
+   }
+ 
++  /* Note that this first word is the FTP command.  This is why we make
++   * use of the ptr buffer, which advances through the input buffer as
++   * we read words from the buffer.
++   */
++
+   subpool = make_sub_pool(p);
+   pr_pool_tag(subpool, "make_ftp_cmd pool");
+   cmd = pcalloc(subpool, sizeof(cmd_rec));
+@@ -846,6 +867,7 @@ static cmd_rec *make_ftp_cmd(pool *p, char *buf, size_t buflen, int flags) {
+   arg_len = buflen - strlen(wrd);
+   arg = pcalloc(cmd->pool, arg_len + 1);
+ 
++  /* Remember that ptr here is advanced past the first word. */
+   for (i = 0, j = 0; i < arg_len; i++) {
+     pr_signals_handle();
+     if (i > 1 &&
+@@ -854,14 +876,13 @@ static cmd_rec *make_ftp_cmd(pool *p, char *buf, size_t buflen, int flags) {
+ 
+       /* Strip out the NUL by simply not copying it into the new buffer. */
+       have_crnul = TRUE;
++
+     } else {
+       arg[j++] = ptr[i];
+     }
+   }
+ 
+-  cmd->arg = arg;
+-
+-  if (have_crnul) {
++  if (have_crnul == TRUE) {
+     char *dup_arg;
+ 
+     /* Now make a copy of the stripped argument; this is what we need to
+@@ -871,6 +892,11 @@ static cmd_rec *make_ftp_cmd(pool *p, char *buf, size_t buflen, int flags) {
+     ptr = dup_arg;
+   }
+ 
++  cmd->arg = arg;
++
++  /* Now we can read the remamining words, as command arguments, from the
++   * input buffer.
++   */
+   while ((wrd = pr_str_get_word(&ptr, str_flags)) != NULL) {
+     pr_signals_handle();
+     *((char **) push_array(tarr)) = pstrdup(cmd->pool, wrd);
+diff --git a/src/str.c b/src/str.c
+index bcca4ae4d..a2ff74daf 100644
+--- a/src/str.c
++++ b/src/str.c
+@@ -1,6 +1,6 @@
+ /*
+  * ProFTPD - FTP server daemon
+- * Copyright (c) 2008-2017 The ProFTPD Project team
++ * Copyright (c) 2008-2023 The ProFTPD Project team
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -1209,7 +1209,7 @@ int pr_str_get_nbytes(const char *str, const char *units, off_t *nbytes) {
+ 
+ char *pr_str_get_word(char **cp, int flags) {
+   char *res, *dst;
+-  char quote_mode = 0;
++  int quote_mode = FALSE;
+ 
+   if (cp == NULL ||
+      !*cp ||
+@@ -1238,24 +1238,28 @@ char *pr_str_get_word(char **cp, int flags) {
+     }
+   }
+ 
+-  if (**cp == '\"') {
+-    quote_mode++;
+-    (*cp)++;
++  if (!(flags & PR_STR_FL_IGNORE_QUOTES)) {
++    if (**cp == '\"') {
++      quote_mode = TRUE;
++      (*cp)++;
++    }
+   }
+ 
+   while (**cp && (quote_mode ? (**cp != '\"') : !PR_ISSPACE(**cp))) {
+     pr_signals_handle();
+ 
+-    if (**cp == '\\' && quote_mode) {
+-
++    if (**cp == '\\' &&
++        quote_mode == TRUE) {
+       /* Escaped char */
+       if (*((*cp)+1)) {
+-        *dst = *(++(*cp));
++        *dst++ = *(++(*cp));
++        (*cp)++;
++        continue;
+       }
+     }
+ 
+     *dst++ = **cp;
+-    ++(*cp);
++    (*cp)++;
+   }
+ 
+   if (**cp) {
+diff --git a/tests/api/str.c b/tests/api/str.c
+index 050f5c563..bc64f0fb0 100644
+--- a/tests/api/str.c
++++ b/tests/api/str.c
+@@ -1,6 +1,6 @@
+ /*
+  * ProFTPD - FTP server testsuite
+- * Copyright (c) 2008-2017 The ProFTPD Project team
++ * Copyright (c) 2008-2023 The ProFTPD Project team
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -695,19 +695,23 @@ END_TEST
+ START_TEST (get_word_test) {
+   char *ok, *res, *str;
+ 
++  mark_point();
+   res = pr_str_get_word(NULL, 0);
+   fail_unless(res == NULL, "Failed to handle null arguments");
+   fail_unless(errno == EINVAL, "Failed to set errno to EINVAL");
+ 
++  mark_point();
+   str = NULL;
+   res = pr_str_get_word(&str, 0);
+   fail_unless(res == NULL, "Failed to handle null str argument");
+   fail_unless(errno == EINVAL, "Failed to set errno to EINVAL");
+ 
++  mark_point();
+   str = pstrdup(p, "  ");
+   res = pr_str_get_word(&str, 0);
+   fail_unless(res == NULL, "Failed to handle whitespace argument");
+ 
++  mark_point();
+   str = pstrdup(p, " foo");
+   res = pr_str_get_word(&str, PR_STR_FL_PRESERVE_WHITESPACE);
+   fail_unless(res != NULL, "Failed to handle whitespace argument: %s",
+@@ -723,6 +727,7 @@ START_TEST (get_word_test) {
+   ok = "foo";
+   fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res);
+ 
++  mark_point();
+   str = pstrdup(p, "  # foo");
+   res = pr_str_get_word(&str, 0);
+   fail_unless(res == NULL, "Failed to handle commented argument");
+@@ -742,6 +747,8 @@ START_TEST (get_word_test) {
+   fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res);
+ 
+   /* Test multiple embedded quotes. */
++
++  mark_point();
+   str = pstrdup(p, "foo \"bar baz\" qux \"quz norf\"");
+   res = pr_str_get_word(&str, 0);
+   fail_unless(res != NULL, "Failed to handle quoted argument: %s",
+@@ -770,6 +777,47 @@ START_TEST (get_word_test) {
+ 
+   ok = "quz norf";
+   fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res);
++
++
++  /* Test embedded quotes with backslashes (Issue #1683). */
++  mark_point();
++
++  str = pstrdup(p, "\"\\\\SYST\"");
++  res = pr_str_get_word(&str, 0);
++  fail_unless(res != NULL, "Failed to handle quoted argument: %s",
++    strerror(errno));
++
++  ok = "\\SYST";
++  fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res);
++
++  mark_point();
++  str = pstrdup(p, "\"\"\\\\SYST");
++  res = pr_str_get_word(&str, 0);
++  fail_unless(res != NULL, "Failed to handle quoted argument: %s",
++    strerror(errno));
++
++  /* Note that pr_str_get_word() is intended to be called multiple times
++   * on an advancing buffer, effectively tokenizing the buffer.  This is
++   * why the function does NOT decrement its quote mode.
++   */
++  ok = "";
++  fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res);
++
++  /* Now do the same tests with the IGNORE_QUOTES flag */
++  mark_point();
++
++  str = ok = pstrdup(p, "\"\\\\SYST\"");
++  res = pr_str_get_word(&str, PR_STR_FL_IGNORE_QUOTES);
++  fail_unless(res != NULL, "Failed to handle quoted argument: %s",
++    strerror(errno));
++  fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res);
++
++  mark_point();
++  str = ok = pstrdup(p, "\"\"\\\\SYST");
++  res = pr_str_get_word(&str, PR_STR_FL_IGNORE_QUOTES);
++  fail_unless(res != NULL, "Failed to handle quoted argument: %s",
++    strerror(errno));
++  fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res);
+ }
+ END_TEST
+ 
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb
index 686f1e5cdf..9d846f46a2 100644
--- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb
+++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb
@@ -15,6 +15,7 @@ SRC_URI = "git://github.com/proftpd/proftpd.git;branch=${BRANCH};protocol=https
            file://contrib.patch  \
            file://build_fixup.patch \
            file://proftpd.service \
+           file://CVE-2023-51713.patch \
            "
 
 S = "${WORKDIR}/git"
diff --git a/meta-networking/recipes-daemons/radvd/radvd.inc b/meta-networking/recipes-daemons/radvd/radvd.inc
index 2afaa48411..5da31b3f0e 100644
--- a/meta-networking/recipes-daemons/radvd/radvd.inc
+++ b/meta-networking/recipes-daemons/radvd/radvd.inc
@@ -58,7 +58,8 @@ do_install:append () {
 }
 
 USERADD_PACKAGES = "${PN}"
-USERADD_PARAM:${PN} = "--system --home ${localstatedir}/run/radvd/ -M -g nogroup radvd"
+GROUPADD_PARAM:${PN} = "--system nogroup"
+USERADD_PARAM:${PN} = "--system --home ${localstatedir}/run/radvd/ -M -g nogroup --shell /sbin/nologin radvd"
 
 pkg_postinst:${PN} () {
     if [ -z "$D" -a -x /etc/init.d/populate-volatile.sh ]; then
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-46728.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-46728.patch
new file mode 100644
index 0000000000..b11721041e
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-46728.patch
@@ -0,0 +1,608 @@
+Partial backport of:
+
+From 6ea12e8fb590ac6959e9356a81aa3370576568c3 Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov@measurement-factory.com>
+Date: Tue, 26 Jul 2022 15:05:54 +0000
+Subject: [PATCH] Remove support for Gopher protocol (#1092)
+
+Gopher code quality remains too low for production use in most
+environments. The code is a persistent source of vulnerabilities and
+fixing it requires significant effort. We should not be spending scarce
+Project resources on improving that code, especially given the lack of
+strong demand for Gopher support.
+
+With this change, Gopher requests will be handled like any other request
+with an unknown (to Squid) protocol. For example, HTTP requests with
+Gopher URI scheme result in ERR_UNSUP_REQ.
+
+Default Squid configuration still considers TCP port 70 "safe". The
+corresponding Safe_ports ACL rule has not been removed for consistency
+sake: We consider WAIS port safe even though Squid refuses to forward
+WAIS requests:
+
+    acl Safe_ports port 70          # gopher
+    acl Safe_ports port 210         # wais
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches/CVE-2023-46728.patch?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
+Upstream commit https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3]
+CVE: CVE-2023-46728
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ doc/Programming-Guide/Groups.dox         |   5 -
+ doc/debug-sections.txt                   |   1 -
+ doc/manuals/de.po                        |   2 +-
+ doc/manuals/en.po                        |   2 +-
+ doc/manuals/en_AU.po                     |   2 +-
+ doc/manuals/es.po                        |   2 +-
+ doc/manuals/fr.po                        |   2 +-
+ doc/manuals/it.po                        |   2 +-
+ errors/af.po                             |   6 +-
+ errors/az.po                             |   6 +-
+ errors/bg.po                             |   6 +-
+ errors/ca.po                             |   6 +-
+ errors/cs.po                             |   6 +-
+ errors/da.po                             |   6 +-
+ errors/de.po                             |   6 +-
+ errors/el.po                             |   4 +-
+ errors/en.po                             |   6 +-
+ errors/errorpage.css                     |   2 +-
+ errors/es-mx.po                          |   3 +-
+ errors/es.po                             |   4 +-
+ errors/et.po                             |   6 +-
+ errors/fi.po                             |   7 +-
+ errors/fr.po                             |   6 +-
+ errors/he.po                             |   6 +-
+ errors/hu.po                             |   6 +-
+ errors/hy.po                             |   6 +-
+ errors/it.po                             |   4 +-
+ errors/ja.po                             |   6 +-
+ errors/ko.po                             |   6 +-
+ errors/lt.po                             |   6 +-
+ errors/lv.po                             |   6 +-
+ errors/nl.po                             |   6 +-
+ errors/pl.po                             |   6 +-
+ errors/pt-br.po                          |   6 +-
+ errors/pt.po                             |   6 +-
+ errors/ro.po                             |   4 +-
+ errors/ru.po                             |   6 +-
+ errors/sk.po                             |   6 +-
+ errors/sl.po                             |   6 +-
+ errors/sr-latn.po                        |   4 +-
+ errors/sv.po                             |   6 +-
+ errors/templates/ERR_UNSUP_REQ           |   2 +-
+ errors/tr.po                             |   6 +-
+ errors/uk.po                             |   6 +-
+ errors/vi.po                             |   4 +-
+ errors/zh-hans.po                        |   6 +-
+ errors/zh-hant.po                        |   7 +-
+ src/FwdState.cc                          |   5 -
+ src/HttpRequest.cc                       |   6 -
+ src/IoStats.h                            |   2 +-
+ src/Makefile.am                          |   8 -
+ src/adaptation/ecap/Host.cc              |   1 -
+ src/adaptation/ecap/MessageRep.cc        |   2 -
+ src/anyp/ProtocolType.h                  |   1 -
+ src/anyp/Uri.cc                          |   1 -
+ src/anyp/UriScheme.cc                    |   3 -
+ src/cf.data.pre                          |   5 +-
+ src/client_side_request.cc               |   4 -
+ src/error/forward.h                      |   2 +-
+ src/gopher.cc                            | 993 -----------------------
+ src/gopher.h                             |  29 -
+ src/http/Message.h                       |   1 -
+ src/mgr/IoAction.cc                      |   3 -
+ src/mgr/IoAction.h                       |   2 -
+ src/squid.8.in                           |   2 +-
+ src/stat.cc                              |  19 -
+ src/tests/Stub.am                        |   1 -
+ src/tests/stub_gopher.cc                 |  17 -
+ test-suite/squidconf/regressions-3.4.0.1 |   1 -
+ 69 files changed, 88 insertions(+), 1251 deletions(-)
+ delete mode 100644 src/gopher.cc
+ delete mode 100644 src/gopher.h
+ delete mode 100644 src/tests/stub_gopher.cc
+
+--- a/src/FwdState.cc
++++ b/src/FwdState.cc
+@@ -28,7 +28,6 @@
+ #include "fde.h"
+ #include "FwdState.h"
+ #include "globals.h"
+-#include "gopher.h"
+ #include "hier_code.h"
+ #include "http.h"
+ #include "http/Stream.h"
+@@ -1004,10 +1003,6 @@ FwdState::dispatch()
+             httpStart(this);
+             break;
+ 
+-        case AnyP::PROTO_GOPHER:
+-            gopherStart(this);
+-            break;
+-
+         case AnyP::PROTO_FTP:
+             if (request->flags.ftpNative)
+                 Ftp::StartRelay(this);
+--- a/src/HttpRequest.cc
++++ b/src/HttpRequest.cc
+@@ -18,7 +18,6 @@
+ #include "Downloader.h"
+ #include "err_detail_type.h"
+ #include "globals.h"
+-#include "gopher.h"
+ #include "http.h"
+ #include "http/one/RequestParser.h"
+ #include "http/Stream.h"
+@@ -556,11 +555,6 @@ HttpRequest::maybeCacheable()
+             return false;
+         break;
+ 
+-    case AnyP::PROTO_GOPHER:
+-        if (!gopherCachable(this))
+-            return false;
+-        break;
+-
+     case AnyP::PROTO_CACHE_OBJECT:
+         return false;
+ 
+--- a/src/IoStats.h
++++ b/src/IoStats.h
+@@ -22,7 +22,7 @@ public:
+         int writes;
+         int write_hist[histSize];
+     }
+-    Http, Ftp, Gopher;
++    Http, Ftp;
+ };
+ 
+ #endif /* SQUID_IOSTATS_H_ */
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -306,8 +306,6 @@ squid_SOURCES = \
+ 	FwdState.h \
+ 	Generic.h \
+ 	globals.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	helper.h \
+ 	hier_code.h \
+@@ -1259,8 +1257,6 @@ tests_testCacheManager_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	hier_code.h \
+ 	helper.cc \
+ 	$(HTCPSOURCE) \
+@@ -1678,8 +1674,6 @@ tests_testEvent_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -1914,8 +1908,6 @@ tests_testEventLoop_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -2145,8 +2137,6 @@ tests_test_http_range_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -2461,8 +2451,6 @@ tests_testHttpRequest_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -3307,8 +3295,6 @@ tests_testURL_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+--- a/src/adaptation/ecap/Host.cc
++++ b/src/adaptation/ecap/Host.cc
+@@ -49,7 +49,6 @@ Adaptation::Ecap::Host::Host()
+     libecap::protocolHttp.assignHostId(AnyP::PROTO_HTTP);
+     libecap::protocolHttps.assignHostId(AnyP::PROTO_HTTPS);
+     libecap::protocolFtp.assignHostId(AnyP::PROTO_FTP);
+-    libecap::protocolGopher.assignHostId(AnyP::PROTO_GOPHER);
+     libecap::protocolWais.assignHostId(AnyP::PROTO_WAIS);
+     libecap::protocolUrn.assignHostId(AnyP::PROTO_URN);
+     libecap::protocolWhois.assignHostId(AnyP::PROTO_WHOIS);
+--- a/src/adaptation/ecap/MessageRep.cc
++++ b/src/adaptation/ecap/MessageRep.cc
+@@ -140,8 +140,6 @@ Adaptation::Ecap::FirstLineRep::protocol
+         return libecap::protocolHttps;
+     case AnyP::PROTO_FTP:
+         return libecap::protocolFtp;
+-    case AnyP::PROTO_GOPHER:
+-        return libecap::protocolGopher;
+     case AnyP::PROTO_WAIS:
+         return libecap::protocolWais;
+     case AnyP::PROTO_WHOIS:
+--- a/src/anyp/ProtocolType.h
++++ b/src/anyp/ProtocolType.h
+@@ -27,7 +27,6 @@ typedef enum {
+     PROTO_HTTPS,
+     PROTO_COAP,
+     PROTO_COAPS,
+-    PROTO_GOPHER,
+     PROTO_WAIS,
+     PROTO_CACHE_OBJECT,
+     PROTO_ICP,
+--- a/src/anyp/Uri.cc
++++ b/src/anyp/Uri.cc
+@@ -852,8 +852,6 @@ urlCheckRequest(const HttpRequest * r)
+         if (r->method == Http::METHOD_PUT)
+             rc = 1;
+ 
+-    case AnyP::PROTO_GOPHER:
+-
+     case AnyP::PROTO_WAIS:
+ 
+     case AnyP::PROTO_WHOIS:
+--- a/src/anyp/UriScheme.cc
++++ b/src/anyp/UriScheme.cc
+@@ -87,9 +87,6 @@ AnyP::UriScheme::defaultPort() const
+         // Assuming IANA policy of allocating same port for base and TLS protocol versions will occur.
+         return 5683;
+ 
+-    case AnyP::PROTO_GOPHER:
+-        return 70;
+-
+     case AnyP::PROTO_WAIS:
+         return 210;
+ 
+--- a/src/client_side_request.cc
++++ b/src/client_side_request.cc
+@@ -33,7 +33,6 @@
+ #include "fd.h"
+ #include "fde.h"
+ #include "format/Token.h"
+-#include "gopher.h"
+ #include "helper.h"
+ #include "helper/Reply.h"
+ #include "http.h"
+@@ -965,9 +964,6 @@ clientHierarchical(ClientHttpRequest * h
+     if (request->url.getScheme() == AnyP::PROTO_HTTP)
+         return method.respMaybeCacheable();
+ 
+-    if (request->url.getScheme() == AnyP::PROTO_GOPHER)
+-        return gopherCachable(request);
+-
+     if (request->url.getScheme() == AnyP::PROTO_CACHE_OBJECT)
+         return 0;
+ 
+--- a/src/err_type.h
++++ b/src/err_type.h
+@@ -65,7 +65,7 @@ typedef enum {
+     ERR_GATEWAY_FAILURE,
+ 
+     /* Special Cases */
+-    ERR_DIR_LISTING,            /* Display of remote directory (FTP, Gopher) */
++    ERR_DIR_LISTING,            /* Display of remote directory (FTP) */
+     ERR_SQUID_SIGNATURE,        /* not really an error */
+     ERR_SHUTTING_DOWN,
+     ERR_PROTOCOL_UNKNOWN,
+--- a/src/HttpMsg.h
++++ b/src/HttpMsg.h
+@@ -38,7 +38,6 @@ public:
+         srcFtp = 1 << (16 + 1), ///< ftp_port or FTP server
+         srcIcap = 1 << (16 + 2), ///< traditional ICAP service without encryption
+         srcEcap = 1 << (16 + 3), ///< eCAP service that uses insecure libraries/daemons
+-        srcGopher = 1 << (16 + 14), ///< Gopher server
+         srcWhois = 1 << (16 + 15), ///< Whois server
+         srcUnsafe = 0xFFFF0000,  ///< Unsafe sources mask
+         srcSafe = 0x0000FFFF ///< Safe sources mask
+--- a/src/mgr/IoAction.cc
++++ b/src/mgr/IoAction.cc
+@@ -35,9 +35,6 @@ Mgr::IoActionData::operator += (const Io
+     ftp_reads += stats.ftp_reads;
+     for (int i = 0; i < IoStats::histSize; ++i)
+         ftp_read_hist[i] += stats.ftp_read_hist[i];
+-    gopher_reads += stats.gopher_reads;
+-    for (int i = 0; i < IoStats::histSize; ++i)
+-        gopher_read_hist[i] += stats.gopher_read_hist[i];
+ 
+     return *this;
+ }
+--- a/src/mgr/IoAction.h
++++ b/src/mgr/IoAction.h
+@@ -27,10 +27,8 @@ public:
+ public:
+     double http_reads;
+     double ftp_reads;
+-    double gopher_reads;
+     double http_read_hist[IoStats::histSize];
+     double ftp_read_hist[IoStats::histSize];
+-    double gopher_read_hist[IoStats::histSize];
+ };
+ 
+ /// implement aggregated 'io' action
+--- a/src/stat.cc
++++ b/src/stat.cc
+@@ -206,12 +206,6 @@ GetIoStats(Mgr::IoActionData& stats)
+     for (i = 0; i < IoStats::histSize; ++i) {
+         stats.ftp_read_hist[i] = IOStats.Ftp.read_hist[i];
+     }
+-
+-    stats.gopher_reads = IOStats.Gopher.reads;
+-
+-    for (i = 0; i < IoStats::histSize; ++i) {
+-        stats.gopher_read_hist[i] = IOStats.Gopher.read_hist[i];
+-    }
+ }
+ 
+ void
+@@ -245,19 +239,6 @@ DumpIoStats(Mgr::IoActionData& stats, St
+     }
+ 
+     storeAppendPrintf(sentry, "\n");
+-    storeAppendPrintf(sentry, "Gopher I/O\n");
+-    storeAppendPrintf(sentry, "number of reads: %.0f\n", stats.gopher_reads);
+-    storeAppendPrintf(sentry, "Read Histogram:\n");
+-
+-    for (i = 0; i < IoStats::histSize; ++i) {
+-        storeAppendPrintf(sentry, "%5d-%5d: %9.0f %2.0f%%\n",
+-                          i ? (1 << (i - 1)) + 1 : 1,
+-                          1 << i,
+-                          stats.gopher_read_hist[i],
+-                          Math::doublePercent(stats.gopher_read_hist[i], stats.gopher_reads));
+-    }
+-
+-    storeAppendPrintf(sentry, "\n");
+ }
+ 
+ static const char *
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -263,7 +263,7 @@ am__squid_SOURCES_DIST = AclRegs.cc Auth
+ 	ExternalACL.h ExternalACLEntry.cc ExternalACLEntry.h \
+ 	FadingCounter.h FadingCounter.cc fatal.h fatal.cc fd.h fd.cc \
+ 	fde.cc fde.h FileMap.h filemap.cc fqdncache.h fqdncache.cc \
+-	FwdState.cc FwdState.h Generic.h globals.h gopher.h gopher.cc \
++	FwdState.cc FwdState.h Generic.h globals.h \
+ 	helper.cc helper.h hier_code.h HierarchyLogEntry.h htcp.cc \
+ 	htcp.h http.cc http.h HttpHeaderFieldStat.h HttpHdrCc.h \
+ 	HttpHdrCc.cc HttpHdrCc.cci HttpHdrRange.cc HttpHdrSc.cc \
+@@ -352,7 +352,7 @@ am_squid_OBJECTS = $(am__objects_1) Acce
+ 	EventLoop.$(OBJEXT) external_acl.$(OBJEXT) \
+ 	ExternalACLEntry.$(OBJEXT) FadingCounter.$(OBJEXT) \
+ 	fatal.$(OBJEXT) fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \
+-	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
++	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
+ 	helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
+ 	HttpHdrCc.$(OBJEXT) HttpHdrRange.$(OBJEXT) HttpHdrSc.$(OBJEXT) \
+ 	HttpHdrScTarget.$(OBJEXT) HttpHdrContRange.$(OBJEXT) \
+@@ -539,7 +539,7 @@ am__tests_testCacheManager_SOURCES_DIST
+ 	tests/stub_ETag.cc event.cc external_acl.cc \
+ 	ExternalACLEntry.cc fatal.h tests/stub_fatal.cc fd.h fd.cc \
+ 	fde.cc FileMap.h filemap.cc fqdncache.h fqdncache.cc \
+-	FwdState.cc FwdState.h gopher.h gopher.cc hier_code.h \
++	FwdState.cc FwdState.h hier_code.h \
+ 	helper.cc htcp.cc htcp.h http.cc HttpBody.h HttpBody.cc \
+ 	HttpHeader.h HttpHeader.cc HttpHeaderFieldInfo.h \
+ 	HttpHeaderTools.h HttpHeaderTools.cc HttpHeaderFieldStat.h \
+@@ -594,7 +594,7 @@ am_tests_testCacheManager_OBJECTS = Acce
+ 	event.$(OBJEXT) external_acl.$(OBJEXT) \
+ 	ExternalACLEntry.$(OBJEXT) tests/stub_fatal.$(OBJEXT) \
+ 	fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \
+-	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
++	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
+ 	helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
+ 	HttpBody.$(OBJEXT) HttpHeader.$(OBJEXT) \
+ 	HttpHeaderTools.$(OBJEXT) HttpHdrCc.$(OBJEXT) \
+@@ -838,7 +838,7 @@ am__tests_testEvent_SOURCES_DIST = Acces
+ 	EventLoop.h EventLoop.cc external_acl.cc ExternalACLEntry.cc \
+ 	FadingCounter.cc fatal.h tests/stub_fatal.cc fd.h fd.cc fde.cc \
+ 	FileMap.h filemap.cc fqdncache.h fqdncache.cc FwdState.cc \
+-	FwdState.h gopher.h gopher.cc helper.cc hier_code.h htcp.cc \
++	FwdState.h helper.cc hier_code.h htcp.cc \
+ 	htcp.h http.cc HttpBody.h HttpBody.cc \
+ 	tests/stub_HttpControlMsg.cc HttpHeader.h HttpHeader.cc \
+ 	HttpHeaderFieldInfo.h HttpHeaderTools.h HttpHeaderTools.cc \
+@@ -891,7 +891,7 @@ am_tests_testEvent_OBJECTS = AccessLogEn
+ 	external_acl.$(OBJEXT) ExternalACLEntry.$(OBJEXT) \
+ 	FadingCounter.$(OBJEXT) tests/stub_fatal.$(OBJEXT) \
+ 	fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \
+-	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
++	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
+ 	helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
+ 	HttpBody.$(OBJEXT) tests/stub_HttpControlMsg.$(OBJEXT) \
+ 	HttpHeader.$(OBJEXT) HttpHeaderTools.$(OBJEXT) \
+@@ -975,8 +975,8 @@ am__tests_testEventLoop_SOURCES_DIST = A
+ 	tests/stub_ETag.cc EventLoop.h EventLoop.cc event.cc \
+ 	external_acl.cc ExternalACLEntry.cc FadingCounter.cc fatal.h \
+ 	tests/stub_fatal.cc fd.h fd.cc fde.cc FileMap.h filemap.cc \
+-	fqdncache.h fqdncache.cc FwdState.cc FwdState.h gopher.h \
+-	gopher.cc helper.cc hier_code.h htcp.cc htcp.h http.cc \
++	fqdncache.h fqdncache.cc FwdState.cc FwdState.h \
++	helper.cc hier_code.h htcp.cc htcp.h http.cc \
+ 	HttpBody.h HttpBody.cc tests/stub_HttpControlMsg.cc \
+ 	HttpHeader.h HttpHeader.cc HttpHeaderFieldInfo.h \
+ 	HttpHeaderTools.h HttpHeaderTools.cc HttpHeaderFieldStat.h \
+@@ -1029,7 +1029,7 @@ am_tests_testEventLoop_OBJECTS = AccessL
+ 	external_acl.$(OBJEXT) ExternalACLEntry.$(OBJEXT) \
+ 	FadingCounter.$(OBJEXT) tests/stub_fatal.$(OBJEXT) \
+ 	fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \
+-	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
++	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
+ 	helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
+ 	HttpBody.$(OBJEXT) tests/stub_HttpControlMsg.$(OBJEXT) \
+ 	HttpHeader.$(OBJEXT) HttpHeaderTools.$(OBJEXT) \
+@@ -1187,7 +1187,7 @@ am__tests_testHttpRequest_SOURCES_DIST =
+ 	fs_io.cc dlink.h dlink.cc dns_internal.cc errorpage.cc \
+ 	tests/stub_ETag.cc external_acl.cc ExternalACLEntry.cc fatal.h \
+ 	tests/stub_fatal.cc fd.h fd.cc fde.cc fqdncache.h fqdncache.cc \
+-	FwdState.cc FwdState.h gopher.h gopher.cc helper.cc \
++	FwdState.cc FwdState.h helper.cc \
+ 	hier_code.h htcp.cc htcp.h http.cc HttpBody.h HttpBody.cc \
+ 	tests/stub_HttpControlMsg.cc HttpHeader.h HttpHeader.cc \
+ 	HttpHeaderFieldInfo.h HttpHeaderTools.h HttpHeaderTools.cc \
+@@ -1243,7 +1243,7 @@ am_tests_testHttpRequest_OBJECTS = Acces
+ 	$(am__objects_4) errorpage.$(OBJEXT) tests/stub_ETag.$(OBJEXT) \
+ 	external_acl.$(OBJEXT) ExternalACLEntry.$(OBJEXT) \
+ 	tests/stub_fatal.$(OBJEXT) fd.$(OBJEXT) fde.$(OBJEXT) \
+-	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
++	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
+ 	helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
+ 	HttpBody.$(OBJEXT) tests/stub_HttpControlMsg.$(OBJEXT) \
+ 	HttpHeader.$(OBJEXT) HttpHeaderTools.$(OBJEXT) \
+@@ -1670,8 +1670,8 @@ am__tests_testURL_SOURCES_DIST = AccessL
+ 	fs_io.cc dlink.h dlink.cc dns_internal.cc errorpage.cc ETag.cc \
+ 	event.cc external_acl.cc ExternalACLEntry.cc fatal.h \
+ 	tests/stub_fatal.cc fd.h fd.cc fde.cc FileMap.h filemap.cc \
+-	fqdncache.h fqdncache.cc FwdState.cc FwdState.h gopher.h \
+-	gopher.cc helper.cc hier_code.h htcp.cc htcp.h http.cc \
++	fqdncache.h fqdncache.cc FwdState.cc FwdState.h \
++	helper.cc hier_code.h htcp.cc htcp.h http.cc \
+ 	HttpBody.h HttpBody.cc tests/stub_HttpControlMsg.cc \
+ 	HttpHeaderFieldStat.h HttpHdrCc.h HttpHdrCc.cc HttpHdrCc.cci \
+ 	HttpHdrContRange.cc HttpHdrRange.cc HttpHdrSc.cc \
+@@ -1725,7 +1725,7 @@ am_tests_testURL_OBJECTS = AccessLogEntr
+ 	event.$(OBJEXT) external_acl.$(OBJEXT) \
+ 	ExternalACLEntry.$(OBJEXT) tests/stub_fatal.$(OBJEXT) \
+ 	fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \
+-	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
++	fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
+ 	helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
+ 	HttpBody.$(OBJEXT) tests/stub_HttpControlMsg.$(OBJEXT) \
+ 	HttpHdrCc.$(OBJEXT) HttpHdrContRange.$(OBJEXT) \
+@@ -1925,8 +1925,8 @@ am__tests_test_http_range_SOURCES_DIST =
+ 	dns_internal.cc errorpage.cc tests/stub_ETag.cc event.cc \
+ 	FadingCounter.cc fatal.h tests/stub_libauth.cc \
+ 	tests/stub_fatal.cc fd.h fd.cc fde.cc FileMap.h filemap.cc \
+-	fqdncache.h fqdncache.cc FwdState.cc FwdState.h gopher.h \
+-	gopher.cc helper.cc hier_code.h htcp.cc htcp.h http.cc \
++	fqdncache.h fqdncache.cc FwdState.cc FwdState.h \
++	helper.cc hier_code.h htcp.cc htcp.h http.cc \
+ 	HttpBody.h HttpBody.cc tests/stub_HttpControlMsg.cc \
+ 	HttpHeaderFieldStat.h HttpHdrCc.h HttpHdrCc.cc HttpHdrCc.cci \
+ 	HttpHdrContRange.cc HttpHdrRange.cc HttpHdrSc.cc \
+@@ -1979,7 +1979,7 @@ am_tests_test_http_range_OBJECTS = Acces
+ 	FadingCounter.$(OBJEXT) tests/stub_libauth.$(OBJEXT) \
+ 	tests/stub_fatal.$(OBJEXT) fd.$(OBJEXT) fde.$(OBJEXT) \
+ 	filemap.$(OBJEXT) fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
+-	gopher.$(OBJEXT) helper.$(OBJEXT) $(am__objects_5) \
++	helper.$(OBJEXT) $(am__objects_5) \
+ 	http.$(OBJEXT) HttpBody.$(OBJEXT) \
+ 	tests/stub_HttpControlMsg.$(OBJEXT) HttpHdrCc.$(OBJEXT) \
+ 	HttpHdrContRange.$(OBJEXT) HttpHdrRange.$(OBJEXT) \
+@@ -2131,7 +2131,7 @@ am__depfiles_remade = ./$(DEPDIR)/Access
+ 	./$(DEPDIR)/external_acl.Po ./$(DEPDIR)/fatal.Po \
+ 	./$(DEPDIR)/fd.Po ./$(DEPDIR)/fde.Po ./$(DEPDIR)/filemap.Po \
+ 	./$(DEPDIR)/fqdncache.Po ./$(DEPDIR)/fs_io.Po \
+-	./$(DEPDIR)/globals.Po ./$(DEPDIR)/gopher.Po \
++	./$(DEPDIR)/globals.Po \
+ 	./$(DEPDIR)/helper.Po ./$(DEPDIR)/hier_code.Po \
+ 	./$(DEPDIR)/htcp.Po ./$(DEPDIR)/http.Po \
+ 	./$(DEPDIR)/icp_opcode.Po ./$(DEPDIR)/icp_v2.Po \
+@@ -3043,7 +3043,7 @@ squid_SOURCES = $(ACL_REGISTRATION_SOURC
+ 	ExternalACL.h ExternalACLEntry.cc ExternalACLEntry.h \
+ 	FadingCounter.h FadingCounter.cc fatal.h fatal.cc fd.h fd.cc \
+ 	fde.cc fde.h FileMap.h filemap.cc fqdncache.h fqdncache.cc \
+-	FwdState.cc FwdState.h Generic.h globals.h gopher.h gopher.cc \
++	FwdState.cc FwdState.h Generic.h globals.h \
+ 	helper.cc helper.h hier_code.h HierarchyLogEntry.h \
+ 	$(HTCPSOURCE) http.cc http.h HttpHeaderFieldStat.h HttpHdrCc.h \
+ 	HttpHdrCc.cc HttpHdrCc.cci HttpHdrRange.cc HttpHdrSc.cc \
+@@ -3708,8 +3708,6 @@ tests_testCacheManager_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	hier_code.h \
+ 	helper.cc \
+ 	$(HTCPSOURCE) \
+@@ -4134,8 +4132,6 @@ tests_testEvent_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -4371,8 +4367,6 @@ tests_testEventLoop_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -4604,8 +4598,6 @@ tests_test_http_range_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -4924,8 +4916,6 @@ tests_testHttpRequest_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -5777,8 +5767,6 @@ tests_testURL_SOURCES = \
+ 	fqdncache.cc \
+ 	FwdState.cc \
+ 	FwdState.h \
+-	gopher.h \
+-	gopher.cc \
+ 	helper.cc \
+ 	hier_code.h \
+ 	$(HTCPSOURCE) \
+@@ -6823,7 +6811,6 @@ distclean-compile:
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fqdncache.Po@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fs_io.Po@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/globals.Po@am__quote@ # am--include-marker
+-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gopher.Po@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/helper.Po@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hier_code.Po@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/htcp.Po@am__quote@ # am--include-marker
+@@ -7804,7 +7791,6 @@ distclean: distclean-recursive
+ 	-rm -f ./$(DEPDIR)/fqdncache.Po
+ 	-rm -f ./$(DEPDIR)/fs_io.Po
+ 	-rm -f ./$(DEPDIR)/globals.Po
+-	-rm -f ./$(DEPDIR)/gopher.Po
+ 	-rm -f ./$(DEPDIR)/helper.Po
+ 	-rm -f ./$(DEPDIR)/hier_code.Po
+ 	-rm -f ./$(DEPDIR)/htcp.Po
+@@ -8129,7 +8115,6 @@ maintainer-clean: maintainer-clean-recur
+ 	-rm -f ./$(DEPDIR)/fqdncache.Po
+ 	-rm -f ./$(DEPDIR)/fs_io.Po
+ 	-rm -f ./$(DEPDIR)/globals.Po
+-	-rm -f ./$(DEPDIR)/gopher.Po
+ 	-rm -f ./$(DEPDIR)/helper.Po
+ 	-rm -f ./$(DEPDIR)/hier_code.Po
+ 	-rm -f ./$(DEPDIR)/htcp.Po
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-46846-pre1.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-46846-pre1.patch
new file mode 100644
index 0000000000..5b4e370d49
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-46846-pre1.patch
@@ -0,0 +1,1154 @@
+Backport of:
+
+From 417da4006cf5c97d44e74431b816fc58fec9e270 Mon Sep 17 00:00:00 2001
+From: Eduard Bagdasaryan <eduard.bagdasaryan@measurement-factory.com>
+Date: Mon, 18 Mar 2019 17:48:21 +0000
+Subject: [PATCH] Fix incremental parsing of chunked quoted extensions (#310)
+
+Before this change, incremental parsing of quoted chunked extensions
+was broken for two reasons:
+
+* Http::One::Parser::skipLineTerminator() unexpectedly threw after
+  partially received quoted chunk extension value.
+
+* When Http::One::Tokenizer was unable to parse a quoted extension,
+  it incorrectly restored the input buffer to the beginning of the
+  extension value (instead of the extension itself), thus making
+  further incremental parsing iterations impossible.
+
+IMO, the reason for this problem was that Http::One::Tokenizer::qdText()
+could not distinguish two cases (returning false in both):
+
+* the end of the quoted string not yet reached
+
+* an input error, e.g., wrong/unexpected character
+
+A possible approach could be to improve Http::One::Tokenizer, making it
+aware about "needs more data" state.  However, to be acceptable,
+these improvements should be done in the base Parser::Tokenizer
+class instead. These changes seem to be non-trivial and could be
+done separately and later.
+
+Another approach, used here, is to simplify the complex and error-prone
+chunked extensions parsing algorithm, fixing incremental parsing bugs
+and still parse incrementally in almost all cases. The performance
+regression could be expected only in relatively rare cases of partially
+received or malformed extensions.
+
+Also:
+* fixed parsing of partial use-original-body extension values
+* do not treat an invalid use-original-body as an unknown extension
+* optimization: parse use-original-body extension only in ICAP context
+  (i.e., where it is expected)
+* improvement: added a new API to TeChunkedParser to specify known
+  chunked extensions list
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches/CVE-2023-46846-pre1.patch?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
+Upstream commit https://github.com/squid-cache/squid/commit/417da4006cf5c97d44e74431b816fc58fec9e270]
+CVE: CVE-2023-46846 #Dependency Patch1
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/adaptation/icap/ModXact.cc  |  21 ++++-
+ src/adaptation/icap/ModXact.h   |  20 +++++
+ src/http/one/Parser.cc          |  35 ++++----
+ src/http/one/Parser.h           |  10 ++-
+ src/http/one/RequestParser.cc   |  16 ++--
+ src/http/one/RequestParser.h    |   8 +-
+ src/http/one/ResponseParser.cc  |  17 ++--
+ src/http/one/ResponseParser.h   |   2 +-
+ src/http/one/TeChunkedParser.cc | 139 ++++++++++++++++++--------------
+ src/http/one/TeChunkedParser.h  |  41 ++++++++--
+ src/http/one/Tokenizer.cc       | 104 ++++++++++++------------
+ src/http/one/Tokenizer.h        |  89 ++++++++------------
+ src/http/one/forward.h          |   3 +
+ src/parser/BinaryTokenizer.h    |   3 +-
+ src/parser/Makefile.am          |   1 +
+ src/parser/Tokenizer.cc         |  40 +++++++++
+ src/parser/Tokenizer.h          |  13 +++
+ src/parser/forward.h            |  22 +++++
+ 18 files changed, 364 insertions(+), 220 deletions(-)
+ create mode 100644 src/parser/forward.h
+
+--- a/src/adaptation/icap/ModXact.cc
++++ b/src/adaptation/icap/ModXact.cc
+@@ -25,12 +25,13 @@
+ #include "comm.h"
+ #include "comm/Connection.h"
+ #include "err_detail_type.h"
+-#include "http/one/TeChunkedParser.h"
+ #include "HttpHeaderTools.h"
+ #include "HttpMsg.h"
+ #include "HttpReply.h"
+ #include "HttpRequest.h"
+ #include "MasterXaction.h"
++#include "parser/Tokenizer.h"
++#include "sbuf/Stream.h"
+ #include "SquidTime.h"
+ 
+ // flow and terminology:
+@@ -44,6 +45,8 @@ CBDATA_NAMESPACED_CLASS_INIT(Adaptation:
+ 
+ static const size_t TheBackupLimit = BodyPipe::MaxCapacity;
+ 
++const SBuf Adaptation::Icap::ChunkExtensionValueParser::UseOriginalBodyName("use-original-body");
++
+ Adaptation::Icap::ModXact::State::State()
+ {
+     memset(this, 0, sizeof(*this));
+@@ -1108,6 +1111,7 @@ void Adaptation::Icap::ModXact::decideOn
+         state.parsing = State::psBody;
+         replyHttpBodySize = 0;
+         bodyParser = new Http1::TeChunkedParser;
++        bodyParser->parseExtensionValuesWith(&extensionParser);
+         makeAdaptedBodyPipe("adapted response from the ICAP server");
+         Must(state.sending == State::sendingAdapted);
+     } else {
+@@ -1142,9 +1146,8 @@ void Adaptation::Icap::ModXact::parseBod
+     }
+ 
+     if (parsed) {
+-        if (state.readyForUob && bodyParser->useOriginBody >= 0) {
+-            prepPartialBodyEchoing(
+-                static_cast<uint64_t>(bodyParser->useOriginBody));
++        if (state.readyForUob && extensionParser.sawUseOriginalBody()) {
++            prepPartialBodyEchoing(extensionParser.useOriginalBody());
+             stopParsing();
+             return;
+         }
+@@ -2014,3 +2017,14 @@ void Adaptation::Icap::ModXactLauncher::
+     }
+ }
+ 
++void
++Adaptation::Icap::ChunkExtensionValueParser::parse(Tokenizer &tok, const SBuf &extName)
++{
++    if (extName == UseOriginalBodyName) {
++        useOriginalBody_ = tok.udec64("use-original-body");
++        assert(useOriginalBody_ >= 0);
++    } else {
++        Ignore(tok, extName);
++    }
++}
++
+--- a/src/adaptation/icap/ModXact.h
++++ b/src/adaptation/icap/ModXact.h
+@@ -15,6 +15,7 @@
+ #include "adaptation/icap/Xaction.h"
+ #include "BodyPipe.h"
+ #include "http/one/forward.h"
++#include "http/one/TeChunkedParser.h"
+ 
+ /*
+  * ICAPModXact implements ICAP REQMOD and RESPMOD transaction using
+@@ -105,6 +106,23 @@ private:
+     enum State { stDisabled, stWriting, stIeof, stDone } theState;
+ };
+ 
++/// handles ICAP-specific chunk extensions supported by Squid
++class ChunkExtensionValueParser: public Http1::ChunkExtensionValueParser
++{
++public:
++    /* Http1::ChunkExtensionValueParser API */
++    virtual void parse(Tokenizer &tok, const SBuf &extName) override;
++
++    bool sawUseOriginalBody() const { return useOriginalBody_ >= 0; }
++    uint64_t useOriginalBody() const { assert(sawUseOriginalBody()); return static_cast<uint64_t>(useOriginalBody_); }
++
++private:
++    static const SBuf UseOriginalBodyName;
++
++    /// the value of the parsed use-original-body chunk extension (or -1)
++    int64_t useOriginalBody_ = -1;
++};
++
+ class ModXact: public Xaction, public BodyProducer, public BodyConsumer
+ {
+     CBDATA_CLASS(ModXact);
+@@ -270,6 +288,8 @@ private:
+ 
+     int adaptHistoryId; ///< adaptation history slot reservation
+ 
++    ChunkExtensionValueParser extensionParser;
++
+     class State
+     {
+ 
+--- a/src/http/one/Parser.cc
++++ b/src/http/one/Parser.cc
+@@ -7,10 +7,11 @@
+  */
+ 
+ #include "squid.h"
++#include "base/CharacterSet.h"
+ #include "Debug.h"
+ #include "http/one/Parser.h"
+-#include "http/one/Tokenizer.h"
+ #include "mime_header.h"
++#include "parser/Tokenizer.h"
+ #include "SquidConfig.h"
+ 
+ /// RFC 7230 section 2.6 - 7 magic octets
+@@ -61,20 +62,19 @@ Http::One::Parser::DelimiterCharacters()
+            RelaxedDelimiterCharacters() : CharacterSet::SP;
+ }
+ 
+-bool
+-Http::One::Parser::skipLineTerminator(Http1::Tokenizer &tok) const
++void
++Http::One::Parser::skipLineTerminator(Tokenizer &tok) const
+ {
+     if (tok.skip(Http1::CrLf()))
+-        return true;
++        return;
+ 
+     if (Config.onoff.relaxed_header_parser && tok.skipOne(CharacterSet::LF))
+-        return true;
++        return;
+ 
+     if (tok.atEnd() || (tok.remaining().length() == 1 && tok.remaining().at(0) == '\r'))
+-        return false; // need more data
++        throw InsufficientInput();
+ 
+     throw TexcHere("garbage instead of CRLF line terminator");
+-    return false; // unreachable, but make naive compilers happy
+ }
+ 
+ /// all characters except the LF line terminator
+@@ -102,7 +102,7 @@ LineCharacters()
+ void
+ Http::One::Parser::cleanMimePrefix()
+ {
+-    Http1::Tokenizer tok(mimeHeaderBlock_);
++    Tokenizer tok(mimeHeaderBlock_);
+     while (tok.skipOne(RelaxedDelimiterCharacters())) {
+         (void)tok.skipAll(LineCharacters()); // optional line content
+         // LF terminator is required.
+@@ -137,7 +137,7 @@ Http::One::Parser::cleanMimePrefix()
+ void
+ Http::One::Parser::unfoldMime()
+ {
+-    Http1::Tokenizer tok(mimeHeaderBlock_);
++    Tokenizer tok(mimeHeaderBlock_);
+     const auto szLimit = mimeHeaderBlock_.length();
+     mimeHeaderBlock_.clear();
+     // prevent the mime sender being able to make append() realloc/grow multiple times.
+@@ -228,7 +228,7 @@ Http::One::Parser::getHostHeaderField()
+     debugs(25, 5, "looking for " << name);
+ 
+     // while we can find more LF in the SBuf
+-    Http1::Tokenizer tok(mimeHeaderBlock_);
++    Tokenizer tok(mimeHeaderBlock_);
+     SBuf p;
+ 
+     while (tok.prefix(p, LineCharacters())) {
+@@ -250,7 +250,7 @@ Http::One::Parser::getHostHeaderField()
+         p.consume(namelen + 1);
+ 
+         // TODO: optimize SBuf::trim to take CharacterSet directly
+-        Http1::Tokenizer t(p);
++        Tokenizer t(p);
+         t.skipAll(CharacterSet::WSP);
+         p = t.remaining();
+ 
+@@ -278,10 +278,15 @@ Http::One::ErrorLevel()
+ }
+ 
+ // BWS = *( SP / HTAB ) ; WhitespaceCharacters() may relax this RFC 7230 rule
+-bool
+-Http::One::ParseBws(Tokenizer &tok)
++void
++Http::One::ParseBws(Parser::Tokenizer &tok)
+ {
+-    if (const auto count = tok.skipAll(Parser::WhitespaceCharacters())) {
++    const auto count = tok.skipAll(Parser::WhitespaceCharacters());
++
++    if (tok.atEnd())
++        throw InsufficientInput(); // even if count is positive
++
++    if (count) {
+         // Generating BWS is a MUST-level violation so warn about it as needed.
+         debugs(33, ErrorLevel(), "found " << count << " BWS octets");
+         // RFC 7230 says we MUST parse BWS, so we fall through even if
+@@ -289,6 +294,6 @@ Http::One::ParseBws(Tokenizer &tok)
+     }
+     // else we successfully "parsed" an empty BWS sequence
+ 
+-    return true;
++    // success: no more BWS characters expected
+ }
+ 
+--- a/src/http/one/Parser.h
++++ b/src/http/one/Parser.h
+@@ -12,6 +12,7 @@
+ #include "anyp/ProtocolVersion.h"
+ #include "http/one/forward.h"
+ #include "http/StatusCode.h"
++#include "parser/forward.h"
+ #include "sbuf/SBuf.h"
+ 
+ namespace Http {
+@@ -40,6 +41,7 @@ class Parser : public RefCountable
+ {
+ public:
+     typedef SBuf::size_type size_type;
++    typedef ::Parser::Tokenizer Tokenizer;
+ 
+     Parser() : parseStatusCode(Http::scNone), parsingStage_(HTTP_PARSE_NONE), hackExpectsMime_(false) {}
+     virtual ~Parser() {}
+@@ -118,11 +120,11 @@ protected:
+      * detect and skip the CRLF or (if tolerant) LF line terminator
+      * consume from the tokenizer.
+      *
+-     * throws if non-terminator is detected.
++     * \throws exception on bad or InsuffientInput.
+      * \retval true only if line terminator found.
+      * \retval false incomplete or missing line terminator, need more data.
+      */
+-    bool skipLineTerminator(Http1::Tokenizer &tok) const;
++    void skipLineTerminator(Tokenizer &) const;
+ 
+     /**
+      * Scan to find the mime headers block for current message.
+@@ -159,8 +161,8 @@ private:
+ };
+ 
+ /// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace)
+-/// \returns true (always; unlike all the skip*() functions)
+-bool ParseBws(Tokenizer &tok);
++/// \throws InsufficientInput when the end of BWS cannot be confirmed
++void ParseBws(Parser::Tokenizer &);
+ 
+ /// the right debugs() level for logging HTTP violation messages
+ int ErrorLevel();
+--- a/src/http/one/RequestParser.cc
++++ b/src/http/one/RequestParser.cc
+@@ -9,8 +9,8 @@
+ #include "squid.h"
+ #include "Debug.h"
+ #include "http/one/RequestParser.h"
+-#include "http/one/Tokenizer.h"
+ #include "http/ProtocolVersion.h"
++#include "parser/Tokenizer.h"
+ #include "profiler/Profiler.h"
+ #include "SquidConfig.h"
+ 
+@@ -64,7 +64,7 @@ Http::One::RequestParser::skipGarbageLin
+  *  RFC 7230 section 2.6, 3.1 and 3.5
+  */
+ bool
+-Http::One::RequestParser::parseMethodField(Http1::Tokenizer &tok)
++Http::One::RequestParser::parseMethodField(Tokenizer &tok)
+ {
+     // method field is a sequence of TCHAR.
+     // Limit to 32 characters to prevent overly long sequences of non-HTTP
+@@ -145,7 +145,7 @@ Http::One::RequestParser::RequestTargetC
+ }
+ 
+ bool
+-Http::One::RequestParser::parseUriField(Http1::Tokenizer &tok)
++Http::One::RequestParser::parseUriField(Tokenizer &tok)
+ {
+     /* Arbitrary 64KB URI upper length limit.
+      *
+@@ -178,7 +178,7 @@ Http::One::RequestParser::parseUriField(
+ }
+ 
+ bool
+-Http::One::RequestParser::parseHttpVersionField(Http1::Tokenizer &tok)
++Http::One::RequestParser::parseHttpVersionField(Tokenizer &tok)
+ {
+     static const SBuf http1p0("HTTP/1.0");
+     static const SBuf http1p1("HTTP/1.1");
+@@ -253,7 +253,7 @@ Http::One::RequestParser::skipDelimiter(
+ 
+ /// Parse CRs at the end of request-line, just before the terminating LF.
+ bool
+-Http::One::RequestParser::skipTrailingCrs(Http1::Tokenizer &tok)
++Http::One::RequestParser::skipTrailingCrs(Tokenizer &tok)
+ {
+     if (Config.onoff.relaxed_header_parser) {
+         (void)tok.skipAllTrailing(CharacterSet::CR); // optional; multiple OK
+@@ -289,12 +289,12 @@ Http::One::RequestParser::parseRequestFi
+     // Earlier, skipGarbageLines() took care of any leading LFs (if allowed).
+     // Now, the request line has to end at the first LF.
+     static const CharacterSet lineChars = CharacterSet::LF.complement("notLF");
+-    ::Parser::Tokenizer lineTok(buf_);
++    Tokenizer lineTok(buf_);
+     if (!lineTok.prefix(line, lineChars) || !lineTok.skip('\n')) {
+         if (buf_.length() >= Config.maxRequestHeaderSize) {
+             /* who should we blame for our failure to parse this line? */
+ 
+-            Http1::Tokenizer methodTok(buf_);
++            Tokenizer methodTok(buf_);
+             if (!parseMethodField(methodTok))
+                 return -1; // blame a bad method (or its delimiter)
+ 
+@@ -308,7 +308,7 @@ Http::One::RequestParser::parseRequestFi
+         return 0;
+     }
+ 
+-    Http1::Tokenizer tok(line);
++    Tokenizer tok(line);
+ 
+     if (!parseMethodField(tok))
+         return -1;
+--- a/src/http/one/RequestParser.h
++++ b/src/http/one/RequestParser.h
+@@ -54,11 +54,11 @@ private:
+     bool doParse(const SBuf &aBuf);
+ 
+     /* all these return false and set parseStatusCode on parsing failures */
+-    bool parseMethodField(Http1::Tokenizer &);
+-    bool parseUriField(Http1::Tokenizer &);
+-    bool parseHttpVersionField(Http1::Tokenizer &);
++    bool parseMethodField(Tokenizer &);
++    bool parseUriField(Tokenizer &);
++    bool parseHttpVersionField(Tokenizer &);
+     bool skipDelimiter(const size_t count, const char *where);
+-    bool skipTrailingCrs(Http1::Tokenizer &tok);
++    bool skipTrailingCrs(Tokenizer &tok);
+ 
+     bool http0() const {return !msgProtocol_.major;}
+     static const CharacterSet &RequestTargetCharacters();
+--- a/src/http/one/ResponseParser.cc
++++ b/src/http/one/ResponseParser.cc
+@@ -9,8 +9,8 @@
+ #include "squid.h"
+ #include "Debug.h"
+ #include "http/one/ResponseParser.h"
+-#include "http/one/Tokenizer.h"
+ #include "http/ProtocolVersion.h"
++#include "parser/Tokenizer.h"
+ #include "profiler/Profiler.h"
+ #include "SquidConfig.h"
+ 
+@@ -47,7 +47,7 @@ Http::One::ResponseParser::firstLineSize
+ // NP: we found the protocol version and consumed it already.
+ // just need the status code and reason phrase
+ int
+-Http::One::ResponseParser::parseResponseStatusAndReason(Http1::Tokenizer &tok, const CharacterSet &WspDelim)
++Http::One::ResponseParser::parseResponseStatusAndReason(Tokenizer &tok, const CharacterSet &WspDelim)
+ {
+     if (!completedStatus_) {
+         debugs(74, 9, "seek status-code in: " << tok.remaining().substr(0,10) << "...");
+@@ -87,14 +87,13 @@ Http::One::ResponseParser::parseResponse
+     static const CharacterSet phraseChars = CharacterSet::WSP + CharacterSet::VCHAR + CharacterSet::OBSTEXT;
+     (void)tok.prefix(reasonPhrase_, phraseChars); // optional, no error if missing
+     try {
+-        if (skipLineTerminator(tok)) {
+-            debugs(74, DBG_DATA, "parse remaining buf={length=" << tok.remaining().length() << ", data='" << tok.remaining() << "'}");
+-            buf_ = tok.remaining(); // resume checkpoint
+-            return 1;
+-        }
++        skipLineTerminator(tok);
++        buf_ = tok.remaining(); // resume checkpoint
++        debugs(74, DBG_DATA, Raw("leftovers", buf_.rawContent(), buf_.length()));
++        return 1;
++    } catch (const InsufficientInput &) {
+         reasonPhrase_.clear();
+         return 0; // need more to be sure we have it all
+-
+     } catch (const std::exception &ex) {
+         debugs(74, 6, "invalid status-line: " << ex.what());
+     }
+@@ -119,7 +118,7 @@ Http::One::ResponseParser::parseResponse
+ int
+ Http::One::ResponseParser::parseResponseFirstLine()
+ {
+-    Http1::Tokenizer tok(buf_);
++    Tokenizer tok(buf_);
+ 
+     const CharacterSet &WspDelim = DelimiterCharacters();
+ 
+--- a/src/http/one/ResponseParser.h
++++ b/src/http/one/ResponseParser.h
+@@ -43,7 +43,7 @@ public:
+ 
+ private:
+     int parseResponseFirstLine();
+-    int parseResponseStatusAndReason(Http1::Tokenizer&, const CharacterSet &);
++    int parseResponseStatusAndReason(Tokenizer&, const CharacterSet &);
+ 
+     /// magic prefix for identifying ICY response messages
+     static const SBuf IcyMagic;
+--- a/src/http/one/TeChunkedParser.cc
++++ b/src/http/one/TeChunkedParser.cc
+@@ -13,10 +13,13 @@
+ #include "http/one/Tokenizer.h"
+ #include "http/ProtocolVersion.h"
+ #include "MemBuf.h"
++#include "parser/Tokenizer.h"
+ #include "Parsing.h"
++#include "sbuf/Stream.h"
+ #include "SquidConfig.h"
+ 
+-Http::One::TeChunkedParser::TeChunkedParser()
++Http::One::TeChunkedParser::TeChunkedParser():
++    customExtensionValueParser(nullptr)
+ {
+     // chunked encoding only exists in HTTP/1.1
+     Http1::Parser::msgProtocol_ = Http::ProtocolVersion(1,1);
+@@ -31,7 +34,11 @@ Http::One::TeChunkedParser::clear()
+     buf_.clear();
+     theChunkSize = theLeftBodySize = 0;
+     theOut = NULL;
+-    useOriginBody = -1;
++    // XXX: We do not reset customExtensionValueParser here. Based on the
++    // clear() API description, we must, but it makes little sense and could
++    // break method callers if they appear because some of them may forget to
++    // reset customExtensionValueParser. TODO: Remove Http1::Parser as our
++    // parent class and this unnecessary method with it.
+ }
+ 
+ bool
+@@ -49,14 +56,14 @@ Http::One::TeChunkedParser::parse(const
+     if (parsingStage_ == Http1::HTTP_PARSE_NONE)
+         parsingStage_ = Http1::HTTP_PARSE_CHUNK_SZ;
+ 
+-    Http1::Tokenizer tok(buf_);
++    Tokenizer tok(buf_);
+ 
+     // loop for as many chunks as we can
+     // use do-while instead of while so that we can incrementally
+     // restart in the middle of a chunk/frame
+     do {
+ 
+-        if (parsingStage_ == Http1::HTTP_PARSE_CHUNK_EXT && !parseChunkExtension(tok, theChunkSize))
++        if (parsingStage_ == Http1::HTTP_PARSE_CHUNK_EXT && !parseChunkMetadataSuffix(tok))
+             return false;
+ 
+         if (parsingStage_ == Http1::HTTP_PARSE_CHUNK && !parseChunkBody(tok))
+@@ -80,7 +87,7 @@ Http::One::TeChunkedParser::needsMoreSpa
+ 
+ /// RFC 7230 section 4.1 chunk-size
+ bool
+-Http::One::TeChunkedParser::parseChunkSize(Http1::Tokenizer &tok)
++Http::One::TeChunkedParser::parseChunkSize(Tokenizer &tok)
+ {
+     Must(theChunkSize <= 0); // Should(), really
+ 
+@@ -104,66 +111,75 @@ Http::One::TeChunkedParser::parseChunkSi
+     return false; // should not be reachable
+ }
+ 
+-/**
+- * Parses chunk metadata suffix, looking for interesting extensions and/or
+- * getting to the line terminator. RFC 7230 section 4.1.1 and its Errata #4667:
+- *
+- *   chunk-ext = *( BWS  ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
+- *   chunk-ext-name = token
+- *   chunk-ext-val  = token / quoted-string
+- *
+- * ICAP 'use-original-body=N' extension is supported.
+- */
+-bool
+-Http::One::TeChunkedParser::parseChunkExtension(Http1::Tokenizer &tok, bool skipKnown)
+-{
+-    SBuf ext;
+-    SBuf value;
+-    while (
+-        ParseBws(tok) && // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
+-        tok.skip(';') &&
+-        ParseBws(tok) && // Bug 4492: ICAP servers send SP before chunk-ext-name
+-        tok.prefix(ext, CharacterSet::TCHAR)) { // chunk-ext-name
+-
+-        // whole value part is optional. if no '=' expect next chunk-ext
+-        if (ParseBws(tok) && tok.skip('=') && ParseBws(tok)) {
+-
+-            if (!skipKnown) {
+-                if (ext.cmp("use-original-body",17) == 0 && tok.int64(useOriginBody, 10)) {
+-                    debugs(94, 3, "Found chunk extension " << ext << "=" << useOriginBody);
+-                    buf_ = tok.remaining(); // parse checkpoint
+-                    continue;
+-                }
+-            }
+-
+-            debugs(94, 5, "skipping unknown chunk extension " << ext);
+-
+-            // unknown might have a value token or quoted-string
+-            if (tok.quotedStringOrToken(value) && !tok.atEnd()) {
+-                buf_ = tok.remaining(); // parse checkpoint
+-                continue;
+-            }
+-
+-            // otherwise need more data OR corrupt syntax
+-            break;
+-        }
+-
+-        if (!tok.atEnd())
+-            buf_ = tok.remaining(); // parse checkpoint (unless there might be more token name)
+-    }
+-
+-    if (skipLineTerminator(tok)) {
+-        buf_ = tok.remaining(); // checkpoint
+-        // non-0 chunk means data, 0-size means optional Trailer follows
++/// Parses "[chunk-ext] CRLF" from RFC 7230 section 4.1.1:
++///   chunk = chunk-size [ chunk-ext ] CRLF chunk-data CRLF
++///   last-chunk = 1*"0" [ chunk-ext ] CRLF
++bool
++Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
++{
++    // Code becomes much simpler when incremental parsing functions throw on
++    // bad or insufficient input, like in the code below. TODO: Expand up.
++    try {
++        parseChunkExtensions(tok); // a possibly empty chunk-ext list
++        skipLineTerminator(tok);
++        buf_ = tok.remaining();
+         parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME;
+         return true;
++    } catch (const InsufficientInput &) {
++        tok.reset(buf_); // backtrack to the last commit point
++        return false;
+     }
++    // other exceptions bubble up to kill message parsing
++}
++
++/// Parses the chunk-ext list (RFC 7230 section 4.1.1 and its Errata #4667):
++/// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
++void
++Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &tok)
++{
++    do {
++        ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
+ 
+-    return false;
++        if (!tok.skip(';'))
++            return; // reached the end of extensions (if any)
++
++        parseOneChunkExtension(tok);
++        buf_ = tok.remaining(); // got one extension
++    } while (true);
++}
++
++void
++Http::One::ChunkExtensionValueParser::Ignore(Tokenizer &tok, const SBuf &extName)
++{
++    const auto ignoredValue = tokenOrQuotedString(tok);
++    debugs(94, 5, extName << " with value " << ignoredValue);
++}
++
++/// Parses a single chunk-ext list element:
++/// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
++void
++Http::One::TeChunkedParser::parseOneChunkExtension(Tokenizer &tok)
++{
++    ParseBws(tok); // Bug 4492: ICAP servers send SP before chunk-ext-name
++
++    const auto extName = tok.prefix("chunk-ext-name", CharacterSet::TCHAR);
++
++    ParseBws(tok);
++
++    if (!tok.skip('='))
++        return; // parsed a valueless chunk-ext
++
++    ParseBws(tok);
++
++    // optimization: the only currently supported extension needs last-chunk
++    if (!theChunkSize && customExtensionValueParser)
++        customExtensionValueParser->parse(tok, extName);
++    else
++        ChunkExtensionValueParser::Ignore(tok, extName);
+ }
+ 
+ bool
+-Http::One::TeChunkedParser::parseChunkBody(Http1::Tokenizer &tok)
++Http::One::TeChunkedParser::parseChunkBody(Tokenizer &tok)
+ {
+     if (theLeftBodySize > 0) {
+         buf_ = tok.remaining(); // sync buffers before buf_ use
+@@ -188,17 +204,20 @@ Http::One::TeChunkedParser::parseChunkBo
+ }
+ 
+ bool
+-Http::One::TeChunkedParser::parseChunkEnd(Http1::Tokenizer &tok)
++Http::One::TeChunkedParser::parseChunkEnd(Tokenizer &tok)
+ {
+     Must(theLeftBodySize == 0); // Should(), really
+ 
+-    if (skipLineTerminator(tok)) {
++    try {
++        skipLineTerminator(tok);
+         buf_ = tok.remaining(); // parse checkpoint
+         theChunkSize = 0; // done with the current chunk
+         parsingStage_ = Http1::HTTP_PARSE_CHUNK_SZ;
+         return true;
+     }
+-
+-    return false;
++    catch (const InsufficientInput &) {
++        return false;
++    }
++    // other exceptions bubble up to kill message parsing
+ }
+ 
+--- a/src/http/one/TeChunkedParser.h
++++ b/src/http/one/TeChunkedParser.h
+@@ -18,6 +18,26 @@ namespace Http
+ namespace One
+ {
+ 
++using ::Parser::InsufficientInput;
++
++// TODO: Move this class into http/one/ChunkExtensionValueParser.*
++/// A customizable parser of a single chunk extension value (chunk-ext-val).
++/// From RFC 7230 section 4.1.1 and its Errata #4667:
++/// chunk-ext = *( BWS  ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
++/// chunk-ext-name = token
++/// chunk-ext-val  = token / quoted-string
++class ChunkExtensionValueParser
++{
++public:
++    typedef ::Parser::Tokenizer Tokenizer;
++
++    /// extracts and ignores the value of a named extension
++    static void Ignore(Tokenizer &tok, const SBuf &extName);
++
++    /// extracts and then interprets (or ignores) the extension value
++    virtual void parse(Tokenizer &tok, const SBuf &extName) = 0;
++};
++
+ /**
+  * An incremental parser for chunked transfer coding
+  * defined in RFC 7230 section 4.1.
+@@ -25,7 +45,7 @@ namespace One
+  *
+  * The parser shovels content bytes from the raw
+  * input buffer into the content output buffer, both caller-supplied.
+- * Ignores chunk extensions except for ICAP's ieof.
++ * Chunk extensions like use-original-body are handled via parseExtensionValuesWith().
+  * Trailers are available via mimeHeader() if wanted.
+  */
+ class TeChunkedParser : public Http1::Parser
+@@ -37,6 +57,10 @@ public:
+     /// set the buffer to be used to store decoded chunk data
+     void setPayloadBuffer(MemBuf *parsedContent) {theOut = parsedContent;}
+ 
++    /// Instead of ignoring all chunk extension values, give the supplied
++    /// parser a chance to handle them. Only applied to last-chunk (for now).
++    void parseExtensionValuesWith(ChunkExtensionValueParser *parser) { customExtensionValueParser = parser; }
++
+     bool needsMoreSpace() const;
+ 
+     /* Http1::Parser API */
+@@ -45,17 +69,20 @@ public:
+     virtual Parser::size_type firstLineSize() const {return 0;} // has no meaning with multiple chunks
+ 
+ private:
+-    bool parseChunkSize(Http1::Tokenizer &tok);
+-    bool parseChunkExtension(Http1::Tokenizer &tok, bool skipKnown);
+-    bool parseChunkBody(Http1::Tokenizer &tok);
+-    bool parseChunkEnd(Http1::Tokenizer &tok);
++    bool parseChunkSize(Tokenizer &tok);
++    bool parseChunkMetadataSuffix(Tokenizer &);
++    void parseChunkExtensions(Tokenizer &);
++    void parseOneChunkExtension(Tokenizer &);
++    bool parseChunkBody(Tokenizer &tok);
++    bool parseChunkEnd(Tokenizer &tok);
+ 
+     MemBuf *theOut;
+     uint64_t theChunkSize;
+     uint64_t theLeftBodySize;
+ 
+-public:
+-    int64_t useOriginBody;
++    /// An optional plugin for parsing and interpreting custom chunk-ext-val.
++    /// This "visitor" object is owned by our creator.
++    ChunkExtensionValueParser *customExtensionValueParser;
+ };
+ 
+ } // namespace One
+--- a/src/http/one/Tokenizer.cc
++++ b/src/http/one/Tokenizer.cc
+@@ -8,35 +8,18 @@
+ 
+ #include "squid.h"
+ #include "Debug.h"
++#include "http/one/Parser.h"
+ #include "http/one/Tokenizer.h"
++#include "parser/Tokenizer.h"
++#include "sbuf/Stream.h"
+ 
+-bool
+-Http::One::Tokenizer::quotedString(SBuf &returnedToken, const bool http1p0)
++/// Extracts quoted-string after the caller removes the initial '"'.
++/// \param http1p0 whether to prohibit \-escaped characters in quoted strings
++/// \throws InsufficientInput when input can be a token _prefix_
++/// \returns extracted quoted string (without quotes and with chars unescaped)
++static SBuf
++parseQuotedStringSuffix(Parser::Tokenizer &tok, const bool http1p0)
+ {
+-    checkpoint();
+-
+-    if (!skip('"'))
+-        return false;
+-
+-    return qdText(returnedToken, http1p0);
+-}
+-
+-bool
+-Http::One::Tokenizer::quotedStringOrToken(SBuf &returnedToken, const bool http1p0)
+-{
+-    checkpoint();
+-
+-    if (!skip('"'))
+-        return prefix(returnedToken, CharacterSet::TCHAR);
+-
+-    return qdText(returnedToken, http1p0);
+-}
+-
+-bool
+-Http::One::Tokenizer::qdText(SBuf &returnedToken, const bool http1p0)
+-{
+-    // the initial DQUOTE has been skipped by the caller
+-
+     /*
+      * RFC 1945 - defines qdtext:
+      *   inclusive of LWS (which includes CR and LF)
+@@ -61,12 +44,17 @@ Http::One::Tokenizer::qdText(SBuf &retur
+     // best we can do is a conditional reference since http1p0 value may change per-client
+     const CharacterSet &tokenChars = (http1p0 ? qdtext1p0 : qdtext1p1);
+ 
+-    for (;;) {
+-        SBuf::size_type prefixLen = buf().findFirstNotOf(tokenChars);
+-        returnedToken.append(consume(prefixLen));
++    SBuf parsedToken;
++
++    while (!tok.atEnd()) {
++        SBuf qdText;
++        if (tok.prefix(qdText, tokenChars))
++            parsedToken.append(qdText);
++
++        if (!http1p0 && tok.skip('\\')) { // HTTP/1.1 allows quoted-pair, HTTP/1.0 does not
++            if (tok.atEnd())
++                break;
+ 
+-        // HTTP/1.1 allows quoted-pair, HTTP/1.0 does not
+-        if (!http1p0 && skip('\\')) {
+             /* RFC 7230 section 3.2.6
+              *
+              * The backslash octet ("\") can be used as a single-octet quoting
+@@ -78,32 +66,42 @@ Http::One::Tokenizer::qdText(SBuf &retur
+              */
+             static const CharacterSet qPairChars = CharacterSet::HTAB + CharacterSet::SP + CharacterSet::VCHAR + CharacterSet::OBSTEXT;
+             SBuf escaped;
+-            if (!prefix(escaped, qPairChars, 1)) {
+-                returnedToken.clear();
+-                restoreLastCheckpoint();
+-                return false;
+-            }
+-            returnedToken.append(escaped);
++            if (!tok.prefix(escaped, qPairChars, 1))
++                throw TexcHere("invalid escaped character in quoted-pair");
++
++            parsedToken.append(escaped);
+             continue;
++        }
+ 
+-        } else if (skip('"')) {
+-            break; // done
++        if (tok.skip('"'))
++            return parsedToken; // may be empty
+ 
+-        } else if (atEnd()) {
+-            // need more data
+-            returnedToken.clear();
+-            restoreLastCheckpoint();
+-            return false;
+-        }
++        if (tok.atEnd())
++            break;
+ 
+-        // else, we have an error
+-        debugs(24, 8, "invalid bytes for set " << tokenChars.name);
+-        returnedToken.clear();
+-        restoreLastCheckpoint();
+-        return false;
++        throw TexcHere(ToSBuf("invalid bytes for set ", tokenChars.name));
+     }
+ 
+-    // found the whole string
+-    return true;
++    throw Http::One::InsufficientInput();
++}
++
++SBuf
++Http::One::tokenOrQuotedString(Parser::Tokenizer &tok, const bool http1p0)
++{
++    if (tok.skip('"'))
++        return parseQuotedStringSuffix(tok, http1p0);
++
++    if (tok.atEnd())
++        throw InsufficientInput();
++
++    SBuf parsedToken;
++    if (!tok.prefix(parsedToken, CharacterSet::TCHAR))
++        throw TexcHere("invalid input while expecting an HTTP token");
++
++    if (tok.atEnd())
++        throw InsufficientInput();
++
++    // got the complete token
++    return parsedToken;
+ }
+ 
+--- a/src/http/one/Tokenizer.h
++++ b/src/http/one/Tokenizer.h
+@@ -9,68 +9,47 @@
+ #ifndef SQUID_SRC_HTTP_ONE_TOKENIZER_H
+ #define SQUID_SRC_HTTP_ONE_TOKENIZER_H
+ 
+-#include "parser/Tokenizer.h"
++#include "parser/forward.h"
++#include "sbuf/forward.h"
+ 
+ namespace Http {
+ namespace One {
+ 
+ /**
+- * Lexical processor extended to tokenize HTTP/1.x syntax.
++ * Extracts either an HTTP/1 token or quoted-string while dealing with
++ * possibly incomplete input typical for incremental text parsers.
++ * Unescapes escaped characters in HTTP/1.1 quoted strings.
+  *
+- * \see ::Parser::Tokenizer for more detail
++ * \param http1p0 whether to prohibit \-escaped characters in quoted strings
++ * \throws InsufficientInput as appropriate, including on unterminated tokens
++ * \returns extracted token or quoted string (without quotes)
++ *
++ * Governed by:
++ *  - RFC 1945 section 2.1
++ *  "
++ *    A string of text is parsed as a single word if it is quoted using
++ *    double-quote marks.
++ *
++ *        quoted-string  = ( <"> *(qdtext) <"> )
++ *
++ *        qdtext         = <any CHAR except <"> and CTLs,
++ *                         but including LWS>
++ *
++ *    Single-character quoting using the backslash ("\") character is not
++ *    permitted in HTTP/1.0.
++ *  "
++ *
++ *  - RFC 7230 section 3.2.6
++ *  "
++ *    A string of text is parsed as a single value if it is quoted using
++ *    double-quote marks.
++ *
++ *    quoted-string  = DQUOTE *( qdtext / quoted-pair ) DQUOTE
++ *    qdtext         = HTAB / SP /%x21 / %x23-5B / %x5D-7E / obs-text
++ *    obs-text       = %x80-FF
++ *  "
+  */
+-class Tokenizer : public ::Parser::Tokenizer
+-{
+-public:
+-    Tokenizer(SBuf &s) : ::Parser::Tokenizer(s), savedStats_(0) {}
+-
+-    /**
+-     * Attempt to parse a quoted-string lexical construct.
+-     *
+-     * Governed by:
+-     *  - RFC 1945 section 2.1
+-     *  "
+-     *    A string of text is parsed as a single word if it is quoted using
+-     *    double-quote marks.
+-     *
+-     *        quoted-string  = ( <"> *(qdtext) <"> )
+-     *
+-     *        qdtext         = <any CHAR except <"> and CTLs,
+-     *                         but including LWS>
+-     *
+-     *    Single-character quoting using the backslash ("\") character is not
+-     *    permitted in HTTP/1.0.
+-     *  "
+-     *
+-     *  - RFC 7230 section 3.2.6
+-     *  "
+-     *    A string of text is parsed as a single value if it is quoted using
+-     *    double-quote marks.
+-     *
+-     *    quoted-string  = DQUOTE *( qdtext / quoted-pair ) DQUOTE
+-     *    qdtext         = HTAB / SP /%x21 / %x23-5B / %x5D-7E / obs-text
+-     *    obs-text       = %x80-FF
+-     *  "
+-     *
+-     * \param escaped HTTP/1.0 does not permit \-escaped characters
+-     */
+-    bool quotedString(SBuf &value, const bool http1p0 = false);
+-
+-    /**
+-     * Attempt to parse a (token / quoted-string ) lexical construct.
+-     */
+-    bool quotedStringOrToken(SBuf &value, const bool http1p0 = false);
+-
+-private:
+-    /// parse the internal component of a quote-string, and terminal DQUOTE
+-    bool qdText(SBuf &value, const bool http1p0);
+-
+-    void checkpoint() { savedCheckpoint_ = buf(); savedStats_ = parsedSize(); }
+-    void restoreLastCheckpoint() { undoParse(savedCheckpoint_, savedStats_); }
+-
+-    SBuf savedCheckpoint_;
+-    SBuf::size_type savedStats_;
+-};
++SBuf tokenOrQuotedString(Parser::Tokenizer &tok, const bool http1p0 = false);
+ 
+ } // namespace One
+ } // namespace Http
+--- a/src/http/one/forward.h
++++ b/src/http/one/forward.h
+@@ -10,6 +10,7 @@
+ #define SQUID_SRC_HTTP_ONE_FORWARD_H
+ 
+ #include "base/RefCount.h"
++#include "parser/forward.h"
+ #include "sbuf/forward.h"
+ 
+ namespace Http {
+@@ -31,6 +32,8 @@ typedef RefCount<Http::One::ResponsePars
+ /// CRLF textual representation
+ const SBuf &CrLf();
+ 
++using ::Parser::InsufficientInput;
++
+ } // namespace One
+ } // namespace Http
+ 
+--- a/src/parser/BinaryTokenizer.h
++++ b/src/parser/BinaryTokenizer.h
+@@ -9,6 +9,7 @@
+ #ifndef SQUID_SRC_PARSER_BINARYTOKENIZER_H
+ #define SQUID_SRC_PARSER_BINARYTOKENIZER_H
+ 
++#include "parser/forward.h"
+ #include "sbuf/SBuf.h"
+ 
+ namespace Parser
+@@ -44,7 +45,7 @@ public:
+ class BinaryTokenizer
+ {
+ public:
+-    class InsufficientInput {}; // thrown when a method runs out of data
++    typedef ::Parser::InsufficientInput InsufficientInput;
+     typedef uint64_t size_type; // enough for the largest supported offset
+ 
+     BinaryTokenizer();
+--- a/src/parser/Makefile.am
++++ b/src/parser/Makefile.am
+@@ -13,6 +13,7 @@ noinst_LTLIBRARIES = libparser.la
+ libparser_la_SOURCES = \
+ 	BinaryTokenizer.h \
+ 	BinaryTokenizer.cc \
++	forward.h \
+ 	Tokenizer.h \
+ 	Tokenizer.cc
+ 
+--- a/src/parser/Tokenizer.cc
++++ b/src/parser/Tokenizer.cc
+@@ -10,7 +10,9 @@
+ 
+ #include "squid.h"
+ #include "Debug.h"
++#include "parser/forward.h"
+ #include "parser/Tokenizer.h"
++#include "sbuf/Stream.h"
+ 
+ #include <cerrno>
+ #if HAVE_CTYPE_H
+@@ -96,6 +98,23 @@ Parser::Tokenizer::prefix(SBuf &returned
+     return true;
+ }
+ 
++SBuf
++Parser::Tokenizer::prefix(const char *description, const CharacterSet &tokenChars, const SBuf::size_type limit)
++{
++    if (atEnd())
++        throw InsufficientInput();
++
++    SBuf result;
++
++    if (!prefix(result, tokenChars, limit))
++        throw TexcHere(ToSBuf("cannot parse ", description));
++
++    if (atEnd())
++        throw InsufficientInput();
++
++    return result;
++}
++
+ bool
+ Parser::Tokenizer::suffix(SBuf &returnedToken, const CharacterSet &tokenChars, const SBuf::size_type limit)
+ {
+@@ -283,3 +302,24 @@ Parser::Tokenizer::int64(int64_t & resul
+     return success(s - range.rawContent());
+ }
+ 
++int64_t
++Parser::Tokenizer::udec64(const char *description, const SBuf::size_type limit)
++{
++    if (atEnd())
++        throw InsufficientInput();
++
++    int64_t result = 0;
++
++    // Since we only support unsigned decimals, a parsing failure with a
++    // non-empty input always implies invalid/malformed input (or a buggy
++    // limit=0 caller). TODO: Support signed and non-decimal integers by
++    // refactoring int64() to detect insufficient input.
++    if (!int64(result, 10, false, limit))
++        throw TexcHere(ToSBuf("cannot parse ", description));
++
++    if (atEnd())
++        throw InsufficientInput(); // more digits may be coming
++
++    return result;
++}
++
+--- a/src/parser/Tokenizer.h
++++ b/src/parser/Tokenizer.h
+@@ -143,6 +143,19 @@ public:
+      */
+     bool int64(int64_t &result, int base = 0, bool allowSign = true, SBuf::size_type limit = SBuf::npos);
+ 
++    /*
++     * The methods below mimic their counterparts documented above, but they
++     * throw on errors, including InsufficientInput. The field description
++     * parameter is used for error reporting and debugging.
++     */
++
++    /// prefix() wrapper but throws InsufficientInput if input contains
++    /// nothing but the prefix (i.e. if the prefix is not "terminated")
++    SBuf prefix(const char *description, const CharacterSet &tokenChars, SBuf::size_type limit = SBuf::npos);
++
++    /// int64() wrapper but limited to unsigned decimal integers (for now)
++    int64_t udec64(const char *description, SBuf::size_type limit = SBuf::npos);
++
+ protected:
+     SBuf consume(const SBuf::size_type n);
+     SBuf::size_type success(const SBuf::size_type n);
+--- /dev/null
++++ b/src/parser/forward.h
+@@ -0,0 +1,22 @@
++/*
++ * Copyright (C) 1996-2019 The Squid Software Foundation and contributors
++ *
++ * Squid software is distributed under GPLv2+ license and includes
++ * contributions from numerous individuals and organizations.
++ * Please see the COPYING and CONTRIBUTORS files for details.
++ */
++
++#ifndef SQUID_PARSER_FORWARD_H
++#define SQUID_PARSER_FORWARD_H
++
++namespace Parser {
++class Tokenizer;
++class BinaryTokenizer;
++
++// TODO: Move this declaration (to parser/Elements.h) if we need more like it.
++/// thrown by modern "incremental" parsers when they need more data
++class InsufficientInput {};
++} // namespace Parser
++
++#endif /* SQUID_PARSER_FORWARD_H */
++
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-46846.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-46846.patch
new file mode 100644
index 0000000000..a6d0965e7a
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-46846.patch
@@ -0,0 +1,169 @@
+From 05f6af2f4c85cc99323cfff6149c3d74af661b6d Mon Sep 17 00:00:00 2001
+From: Amos Jeffries <yadij@users.noreply.github.com>
+Date: Fri, 13 Oct 2023 08:44:16 +0000
+Subject: [PATCH] RFC 9112: Improve HTTP chunked encoding compliance (#1498)
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches/CVE-2023-46846.patch?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
+Upstream commit https://github.com/squid-cache/squid/commit/05f6af2f4c85cc99323cfff6149c3d74af661b6d]
+CVE: CVE-2023-46846
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/http/one/Parser.cc          |  8 +-------
+ src/http/one/Parser.h           |  4 +---
+ src/http/one/TeChunkedParser.cc | 23 ++++++++++++++++++-----
+ src/parser/Tokenizer.cc         | 12 ++++++++++++
+ src/parser/Tokenizer.h          |  7 +++++++
+ 5 files changed, 39 insertions(+), 15 deletions(-)
+
+--- a/src/http/one/Parser.cc
++++ b/src/http/one/Parser.cc
+@@ -65,16 +65,10 @@ Http::One::Parser::DelimiterCharacters()
+ void
+ Http::One::Parser::skipLineTerminator(Tokenizer &tok) const
+ {
+-    if (tok.skip(Http1::CrLf()))
+-        return;
+-
+     if (Config.onoff.relaxed_header_parser && tok.skipOne(CharacterSet::LF))
+         return;
+ 
+-    if (tok.atEnd() || (tok.remaining().length() == 1 && tok.remaining().at(0) == '\r'))
+-        throw InsufficientInput();
+-
+-    throw TexcHere("garbage instead of CRLF line terminator");
++    tok.skipRequired("line-terminating CRLF", Http1::CrLf());
+ }
+ 
+ /// all characters except the LF line terminator
+--- a/src/http/one/Parser.h
++++ b/src/http/one/Parser.h
+@@ -120,9 +120,7 @@ protected:
+      * detect and skip the CRLF or (if tolerant) LF line terminator
+      * consume from the tokenizer.
+      *
+-     * \throws exception on bad or InsuffientInput.
+-     * \retval true only if line terminator found.
+-     * \retval false incomplete or missing line terminator, need more data.
++     * \throws exception on bad or InsufficientInput
+      */
+     void skipLineTerminator(Tokenizer &) const;
+ 
+--- a/src/http/one/TeChunkedParser.cc
++++ b/src/http/one/TeChunkedParser.cc
+@@ -91,6 +91,11 @@ Http::One::TeChunkedParser::parseChunkSi
+ {
+     Must(theChunkSize <= 0); // Should(), really
+ 
++    static const SBuf bannedHexPrefixLower("0x");
++    static const SBuf bannedHexPrefixUpper("0X");
++    if (tok.skip(bannedHexPrefixLower) || tok.skip(bannedHexPrefixUpper))
++        throw TextException("chunk starts with 0x", Here());
++
+     int64_t size = -1;
+     if (tok.int64(size, 16, false) && !tok.atEnd()) {
+         if (size < 0)
+@@ -121,7 +126,7 @@ Http::One::TeChunkedParser::parseChunkMe
+     // bad or insufficient input, like in the code below. TODO: Expand up.
+     try {
+         parseChunkExtensions(tok); // a possibly empty chunk-ext list
+-        skipLineTerminator(tok);
++        tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf());
+         buf_ = tok.remaining();
+         parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME;
+         return true;
+@@ -132,12 +137,14 @@ Http::One::TeChunkedParser::parseChunkMe
+     // other exceptions bubble up to kill message parsing
+ }
+ 
+-/// Parses the chunk-ext list (RFC 7230 section 4.1.1 and its Errata #4667):
++/// Parses the chunk-ext list (RFC 9112 section 7.1.1:
+ /// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
+ void
+-Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &tok)
++Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok)
+ {
+     do {
++        auto tok = callerTok;
++
+         ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
+ 
+         if (!tok.skip(';'))
+@@ -145,6 +152,7 @@ Http::One::TeChunkedParser::parseChunkEx
+ 
+         parseOneChunkExtension(tok);
+         buf_ = tok.remaining(); // got one extension
++        callerTok = tok;
+     } while (true);
+ }
+ 
+@@ -158,11 +166,14 @@ Http::One::ChunkExtensionValueParser::Ig
+ /// Parses a single chunk-ext list element:
+ /// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
+ void
+-Http::One::TeChunkedParser::parseOneChunkExtension(Tokenizer &tok)
++Http::One::TeChunkedParser::parseOneChunkExtension(Tokenizer &callerTok)
+ {
++    auto tok = callerTok;
++
+     ParseBws(tok); // Bug 4492: ICAP servers send SP before chunk-ext-name
+ 
+     const auto extName = tok.prefix("chunk-ext-name", CharacterSet::TCHAR);
++    callerTok = tok; // in case we determine that this is a valueless chunk-ext
+ 
+     ParseBws(tok);
+ 
+@@ -176,6 +187,8 @@ Http::One::TeChunkedParser::parseOneChun
+         customExtensionValueParser->parse(tok, extName);
+     else
+         ChunkExtensionValueParser::Ignore(tok, extName);
++
++    callerTok = tok;
+ }
+ 
+ bool
+@@ -209,7 +222,7 @@ Http::One::TeChunkedParser::parseChunkEn
+     Must(theLeftBodySize == 0); // Should(), really
+ 
+     try {
+-        skipLineTerminator(tok);
++        tok.skipRequired("chunk CRLF", Http1::CrLf());
+         buf_ = tok.remaining(); // parse checkpoint
+         theChunkSize = 0; // done with the current chunk
+         parsingStage_ = Http1::HTTP_PARSE_CHUNK_SZ;
+--- a/src/parser/Tokenizer.cc
++++ b/src/parser/Tokenizer.cc
+@@ -147,6 +147,18 @@ Parser::Tokenizer::skipAll(const Charact
+     return success(prefixLen);
+ }
+ 
++void
++Parser::Tokenizer::skipRequired(const char *description, const SBuf &tokenToSkip)
++{
++    if (skip(tokenToSkip) || tokenToSkip.isEmpty())
++        return;
++
++    if (tokenToSkip.startsWith(buf_))
++        throw InsufficientInput();
++
++    throw TextException(ToSBuf("cannot skip ", description), Here());
++}
++
+ bool
+ Parser::Tokenizer::skipOne(const CharacterSet &chars)
+ {
+--- a/src/parser/Tokenizer.h
++++ b/src/parser/Tokenizer.h
+@@ -115,6 +115,13 @@ public:
+      */
+     SBuf::size_type skipAll(const CharacterSet &discardables);
+ 
++    /** skips a given character sequence (string);
++     * does nothing if the sequence is empty
++     *
++     * \throws exception on mismatching prefix or InsufficientInput
++     */
++    void skipRequired(const char *description, const SBuf &tokenToSkip);
++
+     /** Removes a single trailing character from the set.
+      *
+      * \return whether a character was removed
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-46847.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-46847.patch
new file mode 100644
index 0000000000..9071872c01
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-46847.patch
@@ -0,0 +1,47 @@
+From 052cf082b0faaef4eaaa4e94119d7a1437aac4a3 Mon Sep 17 00:00:00 2001
+From: squidadm <squidadm@users.noreply.github.com>
+Date: Wed, 18 Oct 2023 04:50:56 +1300
+Subject: [PATCH] Fix stack buffer overflow when parsing Digest Authorization
+ (#1517)
+
+The bug was discovered and detailed by Joshua Rogers at
+https://megamansec.github.io/Squid-Security-Audit/digest-overflow.html
+where it was filed as "Stack Buffer Overflow in Digest Authentication".
+
+---------
+
+Co-authored-by: Alex Bason <nonsleepr@gmail.com>
+Co-authored-by: Amos Jeffries <yadij@users.noreply.github.com>
+
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/052cf082b0faaef4eaaa4e94119d7a1437aac4a3]
+CVE: CVE-2023-46847
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/auth/digest/Config.cc | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/auth/digest/Config.cc b/src/auth/digest/Config.cc
+index 6a9736f..0a883fa 100644
+--- a/src/auth/digest/Config.cc
++++ b/src/auth/digest/Config.cc
+@@ -847,11 +847,15 @@ Auth::Digest::Config::decode(char const *proxy_auth, const char *aRequestRealm)
+             break;
+
+         case DIGEST_NC:
+-            if (value.size() != 8) {
++            if (value.size() == 8) {
++                // for historical reasons, the nc value MUST be exactly 8 bytes
++                static_assert(sizeof(digest_request->nc) == 8 + 1, "bad nc buffer size");
++                xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1);
++                debugs(29, 9, "Found noncecount '" << digest_request->nc << "'");
++            } else {
+                 debugs(29, 9, "Invalid nc '" << value << "' in '" << temp << "'");
++                digest_request->nc[0] = 0;
+             }
+-            xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1);
+-            debugs(29, 9, "Found noncecount '" << digest_request->nc << "'");
+             break;
+
+         case DIGEST_CNONCE:
+--
+2.40.1
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch
new file mode 100644
index 0000000000..6909f754f3
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch
@@ -0,0 +1,37 @@
+From 77b3fb4df0f126784d5fd4967c28ed40eb8d521b Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov@measurement-factory.com>
+Date: Wed, 25 Oct 2023 19:41:45 +0000
+Subject: [PATCH] RFC 1123: Fix date parsing (#1538)
+
+The bug was discovered and detailed by Joshua Rogers at
+https://megamansec.github.io/Squid-Security-Audit/datetime-overflow.html
+where it was filed as "1-Byte Buffer OverRead in RFC 1123 date/time
+Handling".
+
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b]
+CVE: CVE-2023-49285
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ lib/rfc1123.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/rfc1123.c b/lib/rfc1123.c
+index 2d889cc..add63f0 100644
+--- a/lib/rfc1123.c
++++ b/lib/rfc1123.c
+@@ -50,7 +50,13 @@ make_month(const char *s)
+     char month[3];
+
+     month[0] = xtoupper(*s);
++    if (!month[0])
++        return -1; // protects *(s + 1) below
++
+     month[1] = xtolower(*(s + 1));
++    if (!month[1])
++        return -1; // protects *(s + 2) below
++
+     month[2] = xtolower(*(s + 2));
+
+     for (i = 0; i < 12; i++)
+--
+2.39.3
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-49286.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-49286.patch
new file mode 100644
index 0000000000..8e0bdf387c
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-49286.patch
@@ -0,0 +1,87 @@
+From 6014c6648a2a54a4ecb7f952ea1163e0798f9264 Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov@measurement-factory.com>
+Date: Fri, 27 Oct 2023 21:27:20 +0000
+Subject: [PATCH] Exit without asserting when helper process startup fails
+ (#1543)
+
+... to dup() after fork() and before execvp().
+
+Assertions are for handling program logic errors. Helper initialization
+code already handled system call errors correctly (i.e. by exiting the
+newly created helper process with an error), except for a couple of
+assert()s that could be triggered by dup(2) failures.
+
+This bug was discovered and detailed by Joshua Rogers at
+https://megamansec.github.io/Squid-Security-Audit/ipc-assert.html
+where it was filed as 'Assertion in Squid "Helper" Process Creator'.
+
+Origin: http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch
+
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264]
+CVE: CVE-2023-49286
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/ipc.cc | 33 +++++++++++++++++++++++++++------
+ 1 file changed, 27 insertions(+), 6 deletions(-)
+
+--- a/src/ipc.cc
++++ b/src/ipc.cc
+@@ -20,6 +20,12 @@
+ #include "SquidIpc.h"
+ #include "tools.h"
+ 
++#include <cstdlib>
++
++#if HAVE_UNISTD_H
++#include <unistd.h>
++#endif
++
+ static const char *hello_string = "hi there\n";
+ #ifndef HELLO_BUF_SZ
+ #define HELLO_BUF_SZ 32
+@@ -365,6 +371,22 @@
+     }
+ 
+     PutEnvironment();
++
++    // A dup(2) wrapper that reports and exits the process on errors. The
++    // exiting logic is only suitable for this child process context.
++    const auto dupOrExit = [prog,name](const int oldFd) {
++        const auto newFd = dup(oldFd);
++        if (newFd < 0) {
++            const auto savedErrno = errno;
++            debugs(54, DBG_CRITICAL, "ERROR: Helper process initialization failure: " << name);
++            debugs(54, DBG_CRITICAL, "helper (CHILD) PID: " << getpid());
++            debugs(54, DBG_CRITICAL, "helper program name: " << prog);
++            debugs(54, DBG_CRITICAL, "dup(2) system call error for FD " << oldFd << ": " << xstrerr(savedErrno));
++            _exit(1);
++        }
++        return newFd;
++    };
++
+     /*
+      * This double-dup stuff avoids problems when one of
+      *  crfd, cwfd, or debug_log are in the rage 0-2.
+@@ -372,17 +394,16 @@
+ 
+     do {
+         /* First make sure 0-2 is occupied by something. Gets cleaned up later */
+-        x = dup(crfd);
+-        assert(x > -1);
+-    } while (x < 3 && x > -1);
++        x = dupOrExit(crfd);
++    } while (x < 3);
+ 
+     close(x);
+ 
+-    t1 = dup(crfd);
++    t1 = dupOrExit(crfd);
+ 
+-    t2 = dup(cwfd);
++    t2 = dupOrExit(cwfd);
+ 
+-    t3 = dup(fileno(debug_log));
++    t3 = dupOrExit(fileno(debug_log));
+ 
+     assert(t1 > 2 && t2 > 2 && t3 > 2);
+ 
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-50269.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-50269.patch
new file mode 100644
index 0000000000..51c895e0ef
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-50269.patch
@@ -0,0 +1,62 @@
+From: Markus Koschany <apo@debian.org>
+Date: Tue, 26 Dec 2023 19:58:12 +0100
+Subject: CVE-2023-50269
+
+Bug-Debian: https://bugs.debian.org/1058721
+Origin: http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches/CVE-2023-50269.patch?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
+Upstream commit https://github.com/squid-cache/squid/commit/9f7136105bff920413042a8806cc5de3f6086d6d]
+CVE: CVE-2023-50269
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/ClientRequestContext.h |  4 ++++
+ src/client_side_request.cc | 17 +++++++++++++++--
+ 2 files changed, 19 insertions(+), 2 deletions(-)
+
+--- a/src/ClientRequestContext.h
++++ b/src/ClientRequestContext.h
+@@ -81,6 +81,10 @@
+ #endif
+     ErrorState *error; ///< saved error page for centralized/delayed processing
+     bool readNextRequest; ///< whether Squid should read after error handling
++
++#if FOLLOW_X_FORWARDED_FOR
++    size_t currentXffHopNumber = 0; ///< number of X-Forwarded-For header values processed so far
++#endif
+ };
+ 
+ #endif /* SQUID_CLIENTREQUESTCONTEXT_H */
+--- a/src/client_side_request.cc
++++ b/src/client_side_request.cc
+@@ -78,6 +78,11 @@
+ static const char *const crlf = "\r\n";
+ 
+ #if FOLLOW_X_FORWARDED_FOR
++
++#if !defined(SQUID_X_FORWARDED_FOR_HOP_MAX)
++#define SQUID_X_FORWARDED_FOR_HOP_MAX 64
++#endif
++
+ static void clientFollowXForwardedForCheck(allow_t answer, void *data);
+ #endif /* FOLLOW_X_FORWARDED_FOR */
+ 
+@@ -485,8 +490,16 @@
+                 /* override the default src_addr tested if we have to go deeper than one level into XFF */
+                 Filled(calloutContext->acl_checklist)->src_addr = request->indirect_client_addr;
+             }
+-            calloutContext->acl_checklist->nonBlockingCheck(clientFollowXForwardedForCheck, data);
+-            return;
++            if (++calloutContext->currentXffHopNumber < SQUID_X_FORWARDED_FOR_HOP_MAX) {
++                calloutContext->acl_checklist->nonBlockingCheck(clientFollowXForwardedForCheck, data);
++                return;
++            }
++            const auto headerName = Http::HeaderLookupTable.lookup(Http::HdrType::X_FORWARDED_FOR).name;
++            debugs(28, DBG_CRITICAL, "ERROR: Ignoring trailing " << headerName << " addresses");
++            debugs(28, DBG_CRITICAL, "addresses allowed by follow_x_forwarded_for: " << calloutContext->currentXffHopNumber);
++            debugs(28, DBG_CRITICAL, "last/accepted address: " << request->indirect_client_addr);
++            debugs(28, DBG_CRITICAL, "ignored trailing addresses: " << request->x_forwarded_for_iterator);
++            // fall through to resume clientAccessCheck() processing
+         }
+     }
+ 
diff --git a/meta-networking/recipes-daemons/squid/squid_4.15.bb b/meta-networking/recipes-daemons/squid/squid_4.15.bb
index a1122a3cd4..69b62aa5a5 100644
--- a/meta-networking/recipes-daemons/squid/squid_4.15.bb
+++ b/meta-networking/recipes-daemons/squid/squid_4.15.bb
@@ -25,6 +25,13 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2
            file://0001-tools.cc-fixed-unused-result-warning.patch \
            file://0001-splay.cc-fix-bind-is-not-a-member-of-std.patch \
            file://0001-Fix-build-on-Fedora-Rawhide-772.patch \
+           file://CVE-2023-46847.patch \
+           file://CVE-2023-49285.patch \
+           file://CVE-2023-46728.patch \
+           file://CVE-2023-46846-pre1.patch \
+           file://CVE-2023-46846.patch \
+           file://CVE-2023-49286.patch \
+           file://CVE-2023-50269.patch \
            "
 
 SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"
diff --git a/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb b/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb
index e078be79a1..080a0ed85c 100644
--- a/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb
+++ b/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb
@@ -38,7 +38,7 @@ RDEPENDS:${PN}-ptest += " make bash python3-core python3-ctypes python3-json pyt
 
 TESTDIR = "tests"
 
-PRIVATE_LIBS:${PN}-ptest:append = "libnftables.so.1"
+PRIVATE_LIBS:${PN}-ptest:append = " libnftables.so.1"
 
 do_install_ptest() {
     cp -rf ${S}/build-aux ${D}${PTEST_PATH}
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2022-36440.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2022-36440.patch
new file mode 100644
index 0000000000..c06de49eb3
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2022-36440.patch
@@ -0,0 +1,71 @@
+From 02a0e45f66160f571196a105b217e1bb84d1a835 Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Fri, 30 Sep 2022 08:51:45 -0400
+Subject: [PATCH] bgpd: Ensure FRR has enough data to read 2 bytes in
+ peek_for_as4_capability
+
+In peek_for_as4_capability the code is checking that the
+stream has at least 2 bytes to read ( the opt_type and the
+opt_length ).  However if BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
+is configured then FRR is reading 3 bytes.  Which is not good
+since the packet could be badly formated.  Ensure that
+FRR has the appropriate data length to read the data.
+
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+(cherry picked from commit 3e46b43e3788f0f87bae56a86b54d412b4710286)
+
+CVE: CVE-2022-36440
+CVE: CVE-2022-40302
+
+Upstream-Status: Backport
+[https://github.com/FRRouting/frr/commit/02a0e45f66160f571196a105b217e1bb84d1a835]
+
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+---
+ bgpd/bgp_open.c | 27 +++++++++++++++++++++------
+ 1 file changed, 21 insertions(+), 6 deletions(-)
+
+diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c
+index c2562c75d3fc..fe4c24a8c979 100644
+--- a/bgpd/bgp_open.c
++++ b/bgpd/bgp_open.c
+@@ -1116,15 +1116,30 @@ as_t peek_for_as4_capability(struct peer *peer, uint16_t length)
+ 		uint8_t opt_type;
+ 		uint16_t opt_length;
+ 
+-		/* Check the length. */
+-		if (stream_get_getp(s) + 2 > end)
++		/* Ensure we can read the option type */
++		if (stream_get_getp(s) + 1 > end)
+ 			goto end;
+ 
+-		/* Fetch option type and length. */
++		/* Fetch the option type */
+ 		opt_type = stream_getc(s);
+-		opt_length = BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
+-				     ? stream_getw(s)
+-				     : stream_getc(s);
++
++		/*
++		 * Check the length and fetch the opt_length
++		 * If the peer is BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
++		 * then we do a getw which is 2 bytes.  So we need to
++		 * ensure that we can read that as well
++		 */
++		if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
++			if (stream_get_getp(s) + 2 > end)
++				goto end;
++
++			opt_length = stream_getw(s);
++		} else {
++			if (stream_get_getp(s) + 1 > end)
++				goto end;
++
++			opt_length = stream_getc(s);
++		}
+ 
+ 		/* Option length check. */
+ 		if (stream_get_getp(s) + opt_length > end)
+-- 
+2.40.1
+
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2022-40318.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2022-40318.patch
new file mode 100644
index 0000000000..9d6dcfb920
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2022-40318.patch
@@ -0,0 +1,81 @@
+From 72088b05d469a6b6a8b9a2b250885246ea0c2acb Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Fri, 30 Sep 2022 08:57:43 -0400
+Subject: [PATCH] bgpd: Ensure FRR has enough data to read 2 bytes in
+ bgp_open_option_parse
+
+In bgp_open_option_parse the code is checking that the
+stream has at least 2 bytes to read ( the opt_type and
+the opt_length).  However if BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
+is configured then FRR is reading 3 bytes.  Which is not good
+since the packet could be badly formateed.  Ensure that
+FRR has the appropriate data length to read the data.
+
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+(cherry picked from commit 1117baca3c592877a4d8a13ed6a1d9bd83977487)
+
+CVE: CVE-2022-40318
+
+Upstream-Status: Backport
+[https://github.com/FRRouting/frr/commit/72088b05d469a6b6a8b9a2b250885246ea0c2acb]
+
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+---
+ bgpd/bgp_open.c | 35 ++++++++++++++++++++++++++++-------
+ 1 file changed, 28 insertions(+), 7 deletions(-)
+
+diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c
+index fe4c24a8c979..de550d2ac607 100644
+--- a/bgpd/bgp_open.c
++++ b/bgpd/bgp_open.c
+@@ -1209,19 +1209,40 @@ int bgp_open_option_parse(struct peer *peer, uint16_t length,
+ 		uint8_t opt_type;
+ 		uint16_t opt_length;
+ 
+-		/* Must have at least an OPEN option header */
+-		if (STREAM_READABLE(s) < 2) {
++		/*
++		 * Check that we can read the opt_type and fetch it
++		 */
++		if (STREAM_READABLE(s) < 1) {
+ 			zlog_info("%s Option length error", peer->host);
+ 			bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
+ 					BGP_NOTIFY_OPEN_MALFORMED_ATTR);
+ 			return -1;
+ 		}
+-
+-		/* Fetch option type and length. */
+ 		opt_type = stream_getc(s);
+-		opt_length = BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
+-				     ? stream_getw(s)
+-				     : stream_getc(s);
++
++		/*
++		 * Check the length of the stream to ensure that
++		 * FRR can properly read the opt_length. Then read it
++		 */
++		if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
++			if (STREAM_READABLE(s) < 2) {
++				zlog_info("%s Option length error", peer->host);
++				bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
++						BGP_NOTIFY_OPEN_MALFORMED_ATTR);
++				return -1;
++			}
++
++			opt_length = stream_getw(s);
++		} else {
++			if (STREAM_READABLE(s) < 1) {
++				zlog_info("%s Option length error", peer->host);
++				bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
++						BGP_NOTIFY_OPEN_MALFORMED_ATTR);
++				return -1;
++			}
++
++			opt_length = stream_getc(s);
++		}
+ 
+ 		/* Option length check. */
+ 		if (STREAM_READABLE(s) < opt_length) {
+-- 
+2.40.1
+
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch
new file mode 100644
index 0000000000..73493bb120
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch
@@ -0,0 +1,36 @@
+From 5216a05b32390a64efeb598051411e1776042624 Mon Sep 17 00:00:00 2001
+From: Marius Tomaschewski <mt@suse.com>
+Date: Fri, 11 Nov 2022 12:26:04 +0100
+Subject: [PATCH] tools: remove backslash from declare check regex
+
+The backslash in `grep -q '^declare \-a'` is not needed and
+causes `grep: warning: stray \ before -` warning in grep-3.8.
+
+Signed-off-by: Marius Tomaschewski <mt@suse.com>
+
+CVE: CVE-2022-42917
+
+Upstream-Status: Backport
+[https://github.com/FRRouting/frr/commit/5216a05b32390a64efeb598051411e1776042624]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ tools/frrcommon.sh.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in
+index 61f1abb37..3c16c27c6 100755
+--- a/tools/frrcommon.sh.in
++++ b/tools/frrcommon.sh.in
+@@ -335,7 +335,7 @@ if [ -z "$FRR_PATHSPACE" ]; then
+ 	load_old_config "/etc/sysconfig/frr"
+ fi
+ 
+-if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare \-a'; then
++if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare -a'; then
+ 	log_warning_msg "watchfrr_options contains a bash array value." \
+ 		"The configured value is intentionally ignored since it is likely wrong." \
+ 		"Please remove or fix the setting."
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2022-43681.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2022-43681.patch
new file mode 100644
index 0000000000..77a011dbc9
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2022-43681.patch
@@ -0,0 +1,58 @@
+From f316975cedd8ef17d47b56be0d3d21711fe44a25 Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Wed, 2 Nov 2022 13:24:48 -0400
+Subject: [PATCH] bgpd: Ensure that bgp open message stream has enough data to
+ read
+
+If a operator receives an invalid packet that is of insufficient size
+then it is possible for BGP to assert during reading of the packet
+instead of gracefully resetting the connection with the peer.
+
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+(cherry picked from commit 766eec1b7accffe2c04a5c9ebb14e9f487bb9f78)
+
+CVE: CVE-2022-43681
+
+Upstream-Status: Backport
+[https://github.com/FRRouting/frr/commit/766eec1b7accffe2c04a5c9ebb14e9f487bb9f78]
+
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+---
+ bgpd/bgp_packet.c | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
+index bcd47e32d453..5225db29fe09 100644
+--- a/bgpd/bgp_packet.c
++++ b/bgpd/bgp_packet.c
+@@ -1176,8 +1176,27 @@ static int bgp_open_receive(struct peer *peer, bgp_size_t size)
+ 	    || CHECK_FLAG(peer->flags, PEER_FLAG_EXTENDED_OPT_PARAMS)) {
+ 		uint8_t opttype;
+ 
++		if (STREAM_READABLE(peer->curr) < 1) {
++			flog_err(
++				EC_BGP_PKT_OPEN,
++				"%s: stream does not have enough bytes for extended optional parameters",
++				peer->host);
++			bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
++					BGP_NOTIFY_OPEN_MALFORMED_ATTR);
++			return BGP_Stop;
++		}
++
+ 		opttype = stream_getc(peer->curr);
+ 		if (opttype == BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH) {
++			if (STREAM_READABLE(peer->curr) < 2) {
++				flog_err(
++					EC_BGP_PKT_OPEN,
++					"%s: stream does not have enough bytes to read the extended optional parameters optlen",
++					peer->host);
++				bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
++						BGP_NOTIFY_OPEN_MALFORMED_ATTR);
++				return BGP_Stop;
++			}
+ 			optlen = stream_getw(peer->curr);
+ 			SET_FLAG(peer->sflags,
+ 				 PEER_STATUS_EXT_OPT_PARAMS_LENGTH);
+-- 
+2.40.1
+
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-31489.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-31489.patch
new file mode 100644
index 0000000000..6fd6792087
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-31489.patch
@@ -0,0 +1,52 @@
+From 4e1fc50394df0b69f32a9cf8ba8e1dcee2c67563 Mon Sep 17 00:00:00 2001
+From: Narpat Mali <narpat.mali@windriver.com>
+Date: Tue, 20 Jun 2023 14:01:46 +0000
+Subject: [PATCH] bgpd: Check 7 bytes for Long-lived Graceful-Restart
+ capability
+
+It's not 4 bytes, it was assuming the same as Graceful-Restart tuples.
+LLGR has more 3 bytes (Long-lived Stale Time).
+
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+CVE: CVE-2023-31489
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/b1d33ec293e8e36fbb8766252f3b016d268e31ce]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_open.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c
+index 6bdefd0e9..ad56149f6 100644
+--- a/bgpd/bgp_open.c
++++ b/bgpd/bgp_open.c
+@@ -578,12 +578,24 @@ static int bgp_capability_restart(struct peer *peer,
+ static int bgp_capability_llgr(struct peer *peer,
+			       struct capability_header *caphdr)
+ {
++/*
++ * +--------------------------------------------------+
++ * | Address Family Identifier (16 bits)              |
++ * +--------------------------------------------------+
++ * | Subsequent Address Family Identifier (8 bits)    |
++ * +--------------------------------------------------+
++ * | Flags for Address Family (8 bits)                |
++ * +--------------------------------------------------+
++ * | Long-lived Stale Time (24 bits)                  |
++ * +--------------------------------------------------+
++ */
++#define BGP_CAP_LLGR_MIN_PACKET_LEN 7
+	struct stream *s = BGP_INPUT(peer);
+	size_t end = stream_get_getp(s) + caphdr->length;
+
+	SET_FLAG(peer->cap, PEER_CAP_LLGR_RCV);
+
+-	while (stream_get_getp(s) + 4 <= end) {
++	while (stream_get_getp(s) + BGP_CAP_LLGR_MIN_PACKET_LEN <= end) {
+		afi_t afi;
+		safi_t safi;
+		iana_afi_t pkt_afi = stream_getw(s);
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-31490.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-31490.patch
new file mode 100644
index 0000000000..893c856c66
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-31490.patch
@@ -0,0 +1,160 @@
+From 72c13aac2eb7c8f3a10ad806d80ab635c28f4c04 Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Wed, 21 Jun 2023 15:24:50 +0000
+Subject: [PATCH] bgpd: Ensure stream received has enough data
+
+BGP_PREFIX_SID_SRV6_L3_SERVICE attributes must not
+fully trust the length value specified in the nlri.
+Always ensure that the amount of data we need to read
+can be fullfilled.
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+
+CVE: CVE-2023-31490
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/pull/12454/commits/06431bfa7570f169637ebb5898f0b0cc3b010802]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_attr.c | 79 ++++++++++++++++---------------------------------
+ 1 file changed, 25 insertions(+), 54 deletions(-)
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index 2154baf4e..5d06991e2 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+@@ -2722,9 +2722,21 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length,
+	uint8_t sid_type, sid_flags;
+	char buf[BUFSIZ];
+
++	/*
++	 * Check that we actually have at least as much data as
++	 * specified by the length field
++	 */
++	if (STREAM_READABLE(peer->curr) < length) {
++		flog_err(
++			EC_BGP_ATTR_LEN,
++			"Prefix SID specifies length %hu, but only %zu bytes remain",
++			length, STREAM_READABLE(peer->curr));
++		return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
++					  args->total);
++	}
++
+	if (type == BGP_PREFIX_SID_LABEL_INDEX) {
+-		if (STREAM_READABLE(peer->curr) < length
+-		    || length != BGP_PREFIX_SID_LABEL_INDEX_LENGTH) {
++		if (length != BGP_PREFIX_SID_LABEL_INDEX_LENGTH) {
+			flog_err(EC_BGP_ATTR_LEN,
+				 "Prefix SID label index length is %hu instead of %u",
+				 length, BGP_PREFIX_SID_LABEL_INDEX_LENGTH);
+@@ -2746,12 +2758,8 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length,
+		/* Store label index; subsequently, we'll check on
+		 * address-family */
+		attr->label_index = label_index;
+-	}
+-
+-	/* Placeholder code for the IPv6 SID type */
+-	else if (type == BGP_PREFIX_SID_IPV6) {
+-		if (STREAM_READABLE(peer->curr) < length
+-		    || length != BGP_PREFIX_SID_IPV6_LENGTH) {
++	} else if (type == BGP_PREFIX_SID_IPV6) {
++		if (length != BGP_PREFIX_SID_IPV6_LENGTH) {
+			flog_err(EC_BGP_ATTR_LEN,
+				 "Prefix SID IPv6 length is %hu instead of %u",
+				 length, BGP_PREFIX_SID_IPV6_LENGTH);
+@@ -2765,10 +2773,7 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length,
+		stream_getw(peer->curr);
+
+		stream_get(&ipv6_sid, peer->curr, 16);
+-	}
+-
+-	/* Placeholder code for the Originator SRGB type */
+-	else if (type == BGP_PREFIX_SID_ORIGINATOR_SRGB) {
++	} else if (type == BGP_PREFIX_SID_ORIGINATOR_SRGB) {
+		/*
+		 * ietf-idr-bgp-prefix-sid-05:
+		 *     Length is the total length of the value portion of the
+@@ -2793,19 +2798,6 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length,
+				args->total);
+		}
+
+-		/*
+-		 * Check that we actually have at least as much data as
+-		 * specified by the length field
+-		 */
+-		if (STREAM_READABLE(peer->curr) < length) {
+-			flog_err(EC_BGP_ATTR_LEN,
+-				 "Prefix SID Originator SRGB specifies length %hu, but only %zu bytes remain",
+-				 length, STREAM_READABLE(peer->curr));
+-			return bgp_attr_malformed(
+-				args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
+-				args->total);
+-		}
+-
+		/*
+		 * Check that the portion of the TLV containing the sequence of
+		 * SRGBs corresponds to a multiple of the SRGB size; to get
+@@ -2829,12 +2821,8 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length,
+			stream_get(&srgb_base, peer->curr, 3);
+			stream_get(&srgb_range, peer->curr, 3);
+		}
+-	}
+-
+-	/* Placeholder code for the VPN-SID Service type */
+-	else if (type == BGP_PREFIX_SID_VPN_SID) {
+-		if (STREAM_READABLE(peer->curr) < length
+-		    || length != BGP_PREFIX_SID_VPN_SID_LENGTH) {
++	} else if (type == BGP_PREFIX_SID_VPN_SID) {
++		if (length != BGP_PREFIX_SID_VPN_SID_LENGTH) {
+			flog_err(EC_BGP_ATTR_LEN,
+				 "Prefix SID VPN SID length is %hu instead of %u",
+				 length, BGP_PREFIX_SID_VPN_SID_LENGTH);
+@@ -2870,39 +2858,22 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length,
+		attr->srv6_vpn->sid_flags = sid_flags;
+		sid_copy(&attr->srv6_vpn->sid, &ipv6_sid);
+		attr->srv6_vpn = srv6_vpn_intern(attr->srv6_vpn);
+-	}
+-
+-	/* Placeholder code for the SRv6 L3 Service type */
+-	else if (type == BGP_PREFIX_SID_SRV6_L3_SERVICE) {
+-		if (STREAM_READABLE(peer->curr) < length) {
++	} else if (type == BGP_PREFIX_SID_SRV6_L3_SERVICE) {
++		if (STREAM_READABLE(peer->curr) < 1) {
+			flog_err(
+				EC_BGP_ATTR_LEN,
+-				"Prefix SID SRv6 L3-Service length is %hu, but only %zu bytes remain",
+-				length, STREAM_READABLE(peer->curr));
+-			return bgp_attr_malformed(args,
+-				 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
+-				 args->total);
++				"Prefix SID SRV6 L3 Service not enough data left, it must be at least 1 byte");
++			return bgp_attr_malformed(
++				args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
++				args->total);
+		}
+-
+		/* ignore reserved */
+		stream_getc(peer->curr);
+
+		return bgp_attr_srv6_service(args);
+	}
+-
+	/* Placeholder code for Unsupported TLV */
+	else {
+-
+-		if (STREAM_READABLE(peer->curr) < length) {
+-			flog_err(
+-				EC_BGP_ATTR_LEN,
+-				"Prefix SID SRv6 length is %hu - too long, only %zu remaining in this UPDATE",
+-				length, STREAM_READABLE(peer->curr));
+-			return bgp_attr_malformed(
+-				args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
+-				args->total);
+-		}
+-
+		if (bgp_debug_update(peer, NULL, NULL, 1))
+			zlog_debug(
+				"%s attr Prefix-SID sub-type=%u is not supported, skipped",
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-38406.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38406.patch
new file mode 100644
index 0000000000..9d5f306fe4
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38406.patch
@@ -0,0 +1,42 @@
+From f2a5c583fc8f7c515f3d6e6f929dcbcc61f7e4b7 Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Mon, 20 Nov 2023 11:43:27 +0000
+Subject: [PATCH 1/6] bgpd: Flowspec overflow issue
+
+According to the flowspec RFC 8955 a flowspec nlri is <length, <nlri data>>
+Specifying 0 as a length makes BGP get all warm on the inside.  Which
+in this case is not a good thing at all.  Prevent warmth, stay cold
+on the inside.
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+
+CVE: CVE-2023-38406
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/0b999c886e241c52bd1f7ef0066700e4b618ebb3]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_flowspec.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c
+index 3e2b1ac49..95fbd340a 100644
+--- a/bgpd/bgp_flowspec.c
++++ b/bgpd/bgp_flowspec.c
+@@ -148,6 +148,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
+				psize);
+			return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
+		}
++
++		if (psize == 0) {
++			flog_err(EC_BGP_FLOWSPEC_PACKET,
++				 "Flowspec NLRI length 0 which makes no sense");
++			return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
++		}
++
+		if (bgp_fs_nlri_validate(pnt, psize, afi) < 0) {
+			flog_err(
+				EC_BGP_FLOWSPEC_PACKET,
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-38407.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38407.patch
new file mode 100644
index 0000000000..782b44615a
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38407.patch
@@ -0,0 +1,63 @@
+From 3880f66bd053d1f56af74852ca57ba166d880920 Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Mon, 20 Nov 2023 12:03:29 +0000
+Subject: [PATCH 2/6] bgpd: Fix use beyond end of stream of labeled unicast
+ parsing
+
+Fixes a couple crashes associated with attempting to read
+beyond the end of the stream.
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+
+CVE: CVE-2023-38407
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/7404a914b0cafe046703c8381903a80d3def8f8b]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_label.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/bgpd/bgp_label.c b/bgpd/bgp_label.c
+index 4a20f2c09..b65c98e86 100644
+--- a/bgpd/bgp_label.c
++++ b/bgpd/bgp_label.c
+@@ -299,6 +299,9 @@ static int bgp_nlri_get_labels(struct peer *peer, uint8_t *pnt, uint8_t plen,
+	uint8_t llen = 0;
+	uint8_t label_depth = 0;
+
++	if (plen < BGP_LABEL_BYTES)
++		return 0;
++
+	for (; data < lim; data += BGP_LABEL_BYTES) {
+		memcpy(label, data, BGP_LABEL_BYTES);
+		llen += BGP_LABEL_BYTES;
+@@ -361,6 +364,9 @@ int bgp_nlri_parse_label(struct peer *peer, struct attr *attr,
+			memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN);
+			addpath_id = ntohl(addpath_id);
+			pnt += BGP_ADDPATH_ID_LEN;
++
++			if (pnt >= lim)
++				return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
+		}
+
+		/* Fetch prefix length. */
+@@ -379,6 +385,15 @@ int bgp_nlri_parse_label(struct peer *peer, struct attr *attr,
+
+		/* Fill in the labels */
+		llen = bgp_nlri_get_labels(peer, pnt, psize, &label);
++		if (llen == 0) {
++			flog_err(
++				EC_BGP_UPDATE_RCV,
++				"%s [Error] Update packet error (wrong label length 0)",
++				peer->host);
++			bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
++					BGP_NOTIFY_UPDATE_INVAL_NETWORK);
++			return BGP_NLRI_PARSE_ERROR_LABEL_LENGTH;
++		}
+		p.prefixlen = prefixlen - BSIZE(llen);
+
+		/* There needs to be at least one label */
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-38802.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38802.patch
new file mode 100644
index 0000000000..60801bf06e
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38802.patch
@@ -0,0 +1,136 @@
+From ad32e04f3db364694edc678327326ae6b771db9e Mon Sep 17 00:00:00 2001
+From: Donatas Abraitis <donatas@opensourcerouting.org>
+Date: Tue, 5 Sep 2023 11:30:53 +0000
+Subject: [PATCH 1/2] bgpd: Use treat-as-withdraw for tunnel encapsulation
+ attribute
+
+Before this path we used session reset method, which is discouraged by rfc7606.
+
+Handle this as rfc requires.
+
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+CVE: CVE-2023-38802
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/bcb6b58d9530173df41d3a3cbc4c600ee0b4b186]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_attr.c | 61 ++++++++++++++++++++-----------------------------
+ 1 file changed, 25 insertions(+), 36 deletions(-)
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index 5d06991e2..b10a60351 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+@@ -1310,6 +1310,7 @@ bgp_attr_malformed(struct bgp_attr_parser_args *args, uint8_t subcode,
+	case BGP_ATTR_LARGE_COMMUNITIES:
+	case BGP_ATTR_ORIGINATOR_ID:
+	case BGP_ATTR_CLUSTER_LIST:
++	case BGP_ATTR_ENCAP:
+		return BGP_ATTR_PARSE_WITHDRAW;
+	case BGP_ATTR_MP_REACH_NLRI:
+	case BGP_ATTR_MP_UNREACH_NLRI:
+@@ -2411,26 +2412,21 @@ bgp_attr_ipv6_ext_communities(struct bgp_attr_parser_args *args)
+ }
+
+ /* Parse Tunnel Encap attribute in an UPDATE */
+-static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
+-			  bgp_size_t length, /* IN: attr's length field */
+-			  struct attr *attr, /* IN: caller already allocated */
+-			  uint8_t flag,      /* IN: attr's flags field */
+-			  uint8_t *startp)
++static int bgp_attr_encap(struct bgp_attr_parser_args *args)
+ {
+-	bgp_size_t total;
+	uint16_t tunneltype = 0;
+-
+-	total = length + (CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN) ? 4 : 3);
++	struct peer *const peer = args->peer;
++	struct attr *const attr = args->attr;
++	bgp_size_t length = args->length;
++	uint8_t type = args->type;
++	uint8_t flag = args->flags;
+
+	if (!CHECK_FLAG(flag, BGP_ATTR_FLAG_TRANS)
+	    || !CHECK_FLAG(flag, BGP_ATTR_FLAG_OPTIONAL)) {
+-		zlog_info(
+-			"Tunnel Encap attribute flag isn't optional and transitive %d",
+-			flag);
+-		bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR,
+-					  BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR,
+-					  startp, total);
+-		return -1;
++		zlog_err("Tunnel Encap attribute flag isn't optional and transitive %d",
++			 flag);
++		return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
++					  args->total);
+	}
+
+	if (BGP_ATTR_ENCAP == type) {
+@@ -2438,12 +2434,11 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
+		uint16_t tlv_length;
+
+		if (length < 4) {
+-			zlog_info(
++			zlog_err(
+				"Tunnel Encap attribute not long enough to contain outer T,L");
+-			bgp_notify_send_with_data(
+-				peer, BGP_NOTIFY_UPDATE_ERR,
+-				BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, startp, total);
+-			return -1;
++			return bgp_attr_malformed(args,
++						  BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
++						  args->total);
+		}
+		tunneltype = stream_getw(BGP_INPUT(peer));
+		tlv_length = stream_getw(BGP_INPUT(peer));
+@@ -2473,13 +2468,11 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
+		}
+
+		if (sublength > length) {
+-			zlog_info(
+-				"Tunnel Encap attribute sub-tlv length %d exceeds remaining length %d",
+-				sublength, length);
+-			bgp_notify_send_with_data(
+-				peer, BGP_NOTIFY_UPDATE_ERR,
+-				BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, startp, total);
+-			return -1;
++			zlog_err("Tunnel Encap attribute sub-tlv length %d exceeds remaining length %d",
++				 sublength, length);
++			return bgp_attr_malformed(args,
++						  BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
++						  args->total);
+		}
+
+		/* alloc and copy sub-tlv */
+@@ -2527,13 +2520,10 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
+
+	if (length) {
+		/* spurious leftover data */
+-		zlog_info(
+-			"Tunnel Encap attribute length is bad: %d leftover octets",
+-			length);
+-		bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR,
+-					  BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
+-					  startp, total);
+-		return -1;
++		zlog_err("Tunnel Encap attribute length is bad: %d leftover octets",
++			 length);
++		return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
++					  args->total);
+	}
+
+	return 0;
+@@ -3332,8 +3322,7 @@ bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr,
+		case BGP_ATTR_VNC:
+ #endif
+		case BGP_ATTR_ENCAP:
+-			ret = bgp_attr_encap(type, peer, length, attr, flag,
+-					     startp);
++			ret = bgp_attr_encap(&attr_args);
+			break;
+		case BGP_ATTR_PREFIX_SID:
+			ret = bgp_attr_prefix_sid(&attr_args);
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch
new file mode 100644
index 0000000000..e10d3e5267
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch
@@ -0,0 +1,105 @@
+From ef9b66e742f9016b3bf283920b528cf20d2c969f Mon Sep 17 00:00:00 2001
+From: Donatas Abraitis <donatas@opensourcerouting.org>
+Date: Tue, 5 Sep 2023 11:36:13 +0000
+Subject: [PATCH 2/2] bgpd: Do not process NLRIs if the attribute length is
+ zero
+
+```
+3  0x00007f423aa42476 in __GI_raise (sig=sig@entry=11) at ../sysdeps/posix/raise.c:26
+4  0x00007f423aef9740 in core_handler (signo=11, siginfo=0x7fffc414deb0, context=<optimized out>) at lib/sigevent.c:246
+5  <signal handler called>
+6  0x0000564dea2fc71e in route_set_aspath_prepend (rule=0x564debd66d50, prefix=0x7fffc414ea30, object=0x7fffc414e400)
+    at bgpd/bgp_routemap.c:2258
+7  0x00007f423aeec7e0 in route_map_apply_ext (map=<optimized out>, prefix=prefix@entry=0x7fffc414ea30,
+    match_object=match_object@entry=0x7fffc414e400, set_object=set_object@entry=0x7fffc414e400, pref=pref@entry=0x0) at lib/routemap.c:2690
+8  0x0000564dea2d277e in bgp_input_modifier (peer=peer@entry=0x7f4238f59010, p=p@entry=0x7fffc414ea30, attr=attr@entry=0x7fffc414e770,
+    afi=afi@entry=AFI_IP, safi=safi@entry=SAFI_UNICAST, rmap_name=rmap_name@entry=0x0, label=0x0, num_labels=0, dest=0x564debdd5130)
+    at bgpd/bgp_route.c:1772
+9  0x0000564dea2df762 in bgp_update (peer=peer@entry=0x7f4238f59010, p=p@entry=0x7fffc414ea30, addpath_id=addpath_id@entry=0,
+    attr=0x7fffc414eb50, afi=afi@entry=AFI_IP, safi=<optimized out>, safi@entry=SAFI_UNICAST, type=9, sub_type=0, prd=0x0, label=0x0,
+    num_labels=0, soft_reconfig=0, evpn=0x0) at bgpd/bgp_route.c:4374
+10 0x0000564dea2e2047 in bgp_nlri_parse_ip (peer=0x7f4238f59010, attr=attr@entry=0x7fffc414eb50, packet=0x7fffc414eaf0)
+    at bgpd/bgp_route.c:6249
+11 0x0000564dea2c5a58 in bgp_nlri_parse (peer=peer@entry=0x7f4238f59010, attr=attr@entry=0x7fffc414eb50,
+    packet=packet@entry=0x7fffc414eaf0, mp_withdraw=mp_withdraw@entry=false) at bgpd/bgp_packet.c:339
+12 0x0000564dea2c5d66 in bgp_update_receive (peer=peer@entry=0x7f4238f59010, size=size@entry=109) at bgpd/bgp_packet.c:2024
+13 0x0000564dea2c901d in bgp_process_packet (thread=<optimized out>) at bgpd/bgp_packet.c:2933
+14 0x00007f423af0bf71 in event_call (thread=thread@entry=0x7fffc414ee40) at lib/event.c:1995
+15 0x00007f423aebb198 in frr_run (master=0x564deb73c670) at lib/libfrr.c:1213
+16 0x0000564dea261b83 in main (argc=<optimized out>, argv=<optimized out>) at bgpd/bgp_main.c:505
+```
+
+With the configuration:
+
+```
+frr version 9.1-dev-MyOwnFRRVersion
+frr defaults traditional
+hostname ip-172-31-13-140
+log file /tmp/debug.log
+log syslog
+service integrated-vtysh-config
+!
+debug bgp keepalives
+debug bgp neighbor-events
+debug bgp updates in
+debug bgp updates out
+!
+router bgp 100
+ bgp router-id 9.9.9.9
+ no bgp ebgp-requires-policy
+ bgp bestpath aigp
+ neighbor 172.31.2.47 remote-as 200
+ !
+ address-family ipv4 unicast
+  neighbor 172.31.2.47 default-originate
+  neighbor 172.31.2.47 route-map RM_IN in
+ exit-address-family
+exit
+!
+route-map RM_IN permit 10
+ set as-path prepend 200
+exit
+!
+```
+
+The issue is that we try to process NLRIs even if the attribute length is 0.
+
+Later bgp_update() will handle route-maps and a crash occurs because all the
+attributes are NULL, including aspath, where we dereference.
+
+According to the RFC 4271:
+
+A value of 0 indicates that neither the Network Layer
+         Reachability Information field nor the Path Attribute field is
+         present in this UPDATE message.
+
+But with a fuzzed UPDATE message this can be faked. I think it's reasonable
+to skip processing NLRIs if both update_len and attribute_len are 0.
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+CVE: CVE-2023-41358
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/pull/14260/commits/28ccc24d38df1d51ed8a563507e5d6f6171fdd38]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_packet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
+index 0166dc6a2..2fd28aae3 100644
+--- a/bgpd/bgp_packet.c
++++ b/bgpd/bgp_packet.c
+@@ -1767,7 +1767,7 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size)
+	/* Network Layer Reachability Information. */
+	update_len = end - stream_pnt(s);
+
+-	if (update_len) {
++	if (update_len && attribute_len) {
+		/* Set NLRI portion to structure. */
+		nlris[NLRI_UPDATE].afi = AFI_IP;
+		nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-41909.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41909.patch
new file mode 100644
index 0000000000..b27d7af166
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41909.patch
@@ -0,0 +1,42 @@
+From 5966b6a1fc72d3698d08199922cc4f42ea7fc9eb Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Fri, 8 Sep 2023 11:46:12 +0000
+Subject: [PATCH] bgpd: Limit flowspec to no attribute means a implicit
+ withdrawal
+
+All other parsing functions done from bgp_nlri_parse() assume
+no attributes == an implicit withdrawal.  Let's move
+bgp_nlri_parse_flowspec() into the same alignment.
+
+Reported-by: Matteo Memelli <mmemelli@amazon.it>
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+
+CVE: CVE-2023-41909
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/cfd04dcb3e689754a72507d086ba3b9709fc5ed8]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_flowspec.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c
+index 341cfe9d0..3e2b1ac49 100644
+--- a/bgpd/bgp_flowspec.c
++++ b/bgpd/bgp_flowspec.c
+@@ -112,6 +112,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
+	afi = packet->afi;
+	safi = packet->safi;
+
++	/*
++	 * All other AFI/SAFI's treat no attribute as a implicit
++	 * withdraw.  Flowspec should as well.
++	 */
++	if (!attr)
++		withdraw = 1;
++
+	if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) {
+		flog_err(EC_BGP_FLOWSPEC_PACKET,
+			 "BGP flowspec nlri length maximum reached (%u)",
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch
new file mode 100644
index 0000000000..17ba41037c
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch
@@ -0,0 +1,127 @@
+From 1c4882b83a1db705abd5d384dd0b7ef4c0e3b4ee Mon Sep 17 00:00:00 2001
+From: Donatas Abraitis <donatas@opensourcerouting.org>
+Date: Mon, 20 Nov 2023 14:11:13 +0000
+Subject: [PATCH 3/6] bgpd: Handle MP_REACH_NLRI malformed packets with session
+ reset
+
+Avoid crashing bgpd.
+
+```
+(gdb)
+bgp_mp_reach_parse (args=<optimized out>, mp_update=0x7fffffffe140) at bgpd/bgp_attr.c:2341
+2341			stream_get(&attr->mp_nexthop_global, s, IPV6_MAX_BYTELEN);
+(gdb)
+stream_get (dst=0x7fffffffe1ac, s=0x7ffff0006e80, size=16) at lib/stream.c:320
+320	{
+(gdb)
+321		STREAM_VERIFY_SANE(s);
+(gdb)
+323		if (STREAM_READABLE(s) < size) {
+(gdb)
+34	  return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
+(gdb)
+
+Thread 1 "bgpd" received signal SIGSEGV, Segmentation fault.
+0x00005555556e37be in route_set_aspath_prepend (rule=0x555555aac0d0, prefix=0x7fffffffe050,
+    object=0x7fffffffdb00) at bgpd/bgp_routemap.c:2282
+2282		if (path->attr->aspath->refcnt)
+(gdb)
+```
+
+With the configuration:
+
+```
+ neighbor 127.0.0.1 remote-as external
+ neighbor 127.0.0.1 passive
+ neighbor 127.0.0.1 ebgp-multihop
+ neighbor 127.0.0.1 disable-connected-check
+ neighbor 127.0.0.1 update-source 127.0.0.2
+ neighbor 127.0.0.1 timers 3 90
+ neighbor 127.0.0.1 timers connect 1
+ address-family ipv4 unicast
+  redistribute connected
+  neighbor 127.0.0.1 default-originate
+  neighbor 127.0.0.1 route-map RM_IN in
+ exit-address-family
+!
+route-map RM_IN permit 10
+ set as-path prepend 200
+exit
+```
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+CVE: CVE-2023-46752
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/b08afc81c60607a4f736f418f2e3eb06087f1a35]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_attr.c   | 6 +-----
+ bgpd/bgp_attr.h   | 1 -
+ bgpd/bgp_packet.c | 6 +-----
+ 3 files changed, 2 insertions(+), 11 deletions(-)
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index b10a60351..e0542356c 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+@@ -2207,7 +2207,7 @@ int bgp_mp_reach_parse(struct bgp_attr_parser_args *args,
+
+		mp_update->afi = afi;
+		mp_update->safi = safi;
+-		return BGP_ATTR_PARSE_EOR;
++		return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_MAL_ATTR, 0);
+	}
+
+	mp_update->afi = afi;
+@@ -3345,10 +3345,6 @@ bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr,
+			goto done;
+		}
+
+-		if (ret == BGP_ATTR_PARSE_EOR) {
+-			goto done;
+-		}
+-
+		if (ret == BGP_ATTR_PARSE_ERROR) {
+			flog_warn(EC_BGP_ATTRIBUTE_PARSE_ERROR,
+				  "%s: Attribute %s, parse error", peer->host,
+diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h
+index 781bfdec3..69f962134 100644
+--- a/bgpd/bgp_attr.h
++++ b/bgpd/bgp_attr.h
+@@ -378,7 +378,6 @@ typedef enum {
+	/* only used internally, send notify + convert to BGP_ATTR_PARSE_ERROR
+	   */
+	BGP_ATTR_PARSE_ERROR_NOTIFYPLS = -3,
+-	BGP_ATTR_PARSE_EOR = -4,
+ } bgp_attr_parse_ret_t;
+
+ struct bpacket_attr_vec_arr;
+diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
+index 2fd28aae3..261695198 100644
+--- a/bgpd/bgp_packet.c
++++ b/bgpd/bgp_packet.c
+@@ -1843,8 +1843,7 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size)
+	 * Non-MP IPv4/Unicast EoR is a completely empty UPDATE
+	 * and MP EoR should have only an empty MP_UNREACH
+	 */
+-	if ((!update_len && !withdraw_len && nlris[NLRI_MP_UPDATE].length == 0)
+-	    || (attr_parse_ret == BGP_ATTR_PARSE_EOR)) {
++	if (!update_len && !withdraw_len && nlris[NLRI_MP_UPDATE].length == 0) {
+		afi_t afi = 0;
+		safi_t safi;
+		struct graceful_restart_info *gr_info;
+@@ -1865,9 +1864,6 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size)
+			   && nlris[NLRI_MP_WITHDRAW].length == 0) {
+			afi = nlris[NLRI_MP_WITHDRAW].afi;
+			safi = nlris[NLRI_MP_WITHDRAW].safi;
+-		} else if (attr_parse_ret == BGP_ATTR_PARSE_EOR) {
+-			afi = nlris[NLRI_MP_UPDATE].afi;
+-			safi = nlris[NLRI_MP_UPDATE].safi;
+		}
+
+		if (afi && peer->afc[afi][safi]) {
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch
new file mode 100644
index 0000000000..855eb190db
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch
@@ -0,0 +1,119 @@
+From 60bd794a9cf6df05503a062e113161dcbdbfac9d Mon Sep 17 00:00:00 2001
+From: Donatas Abraitis <donatas@opensourcerouting.org>
+Date: Mon, 20 Nov 2023 14:22:22 +0000
+Subject: [PATCH 4/6] bgpd: Check mandatory attributes more carefully for
+ UPDATE message
+
+If we send a crafted BGP UPDATE message without mandatory attributes, we do
+not check if the length of the path attributes is zero or not. We only check
+if attr->flag is at least set or not. Imagine we send only unknown transit
+attribute, then attr->flag is always 0. Also, this is true only if graceful-restart
+capability is received.
+
+A crash:
+
+```
+bgpd[7834]: [TJ23Y-GY0RH] 127.0.0.1 Unknown attribute is received (type 31, length 16)
+bgpd[7834]: [PCFFM-WMARW] 127.0.0.1(donatas-pc) rcvd UPDATE wlen 0 attrlen 20 alen 17
+BGP[7834]: Received signal 11 at 1698089639 (si_addr 0x0, PC 0x55eefd375b4a); aborting...
+BGP[7834]: /usr/local/lib/libfrr.so.0(zlog_backtrace_sigsafe+0x6d) [0x7f3205ca939d]
+BGP[7834]: /usr/local/lib/libfrr.so.0(zlog_signal+0xf3) [0x7f3205ca9593]
+BGP[7834]: /usr/local/lib/libfrr.so.0(+0xf5181) [0x7f3205cdd181]
+BGP[7834]: /lib/x86_64-linux-gnu/libpthread.so.0(+0x12980) [0x7f3204ff3980]
+BGP[7834]: /usr/lib/frr/bgpd(+0x18ab4a) [0x55eefd375b4a]
+BGP[7834]: /usr/local/lib/libfrr.so.0(route_map_apply_ext+0x310) [0x7f3205cd1290]
+BGP[7834]: /usr/lib/frr/bgpd(+0x163610) [0x55eefd34e610]
+BGP[7834]: /usr/lib/frr/bgpd(bgp_update+0x9a5) [0x55eefd35c1d5]
+BGP[7834]: /usr/lib/frr/bgpd(bgp_nlri_parse_ip+0xb7) [0x55eefd35e867]
+BGP[7834]: /usr/lib/frr/bgpd(+0x1555e6) [0x55eefd3405e6]
+BGP[7834]: /usr/lib/frr/bgpd(bgp_process_packet+0x747) [0x55eefd345597]
+BGP[7834]: /usr/local/lib/libfrr.so.0(event_call+0x83) [0x7f3205cef4a3]
+BGP[7834]: /usr/local/lib/libfrr.so.0(frr_run+0xc0) [0x7f3205ca10a0]
+BGP[7834]: /usr/lib/frr/bgpd(main+0x409) [0x55eefd2dc979]
+```
+
+Sending:
+
+```
+import socket
+import time
+
+OPEN = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+b"\xff\xff\x00\x62\x01\x04\xfd\xea\x00\x5a\x0a\x00\x00\x01\x45\x02"
+b"\x06\x01\x04\x00\x01\x00\x01\x02\x02\x02\x00\x02\x02\x46\x00\x02"
+b"\x06\x41\x04\x00\x00\xfd\xea\x02\x02\x06\x00\x02\x06\x45\x04\x00"
+b"\x01\x01\x03\x02\x0e\x49\x0c\x0a\x64\x6f\x6e\x61\x74\x61\x73\x2d"
+b"\x70\x63\x00\x02\x04\x40\x02\x00\x78\x02\x09\x47\x07\x00\x01\x01"
+b"\x80\x00\x00\x00")
+
+KEEPALIVE = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+b"\xff\xff\xff\xff\xff\xff\x00\x13\x04")
+
+UPDATE = bytearray.fromhex("ffffffffffffffffffffffffffffffff003c0200000014ff1f001000040146464646460004464646464646664646f50d05800100010200ffff000000")
+
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.connect(('127.0.0.2', 179))
+s.send(OPEN)
+data = s.recv(1024)
+s.send(KEEPALIVE)
+data = s.recv(1024)
+s.send(UPDATE)
+data = s.recv(1024)
+time.sleep(1000)
+s.close()
+```
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+CVE: CVE-2023-46753
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/d8482bf011cb2b173e85b65b4bf3d5061250cdb9]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_attr.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index e0542356c..35122943e 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+@@ -3044,13 +3044,15 @@ static bgp_attr_parse_ret_t bgp_attr_unknown(struct bgp_attr_parser_args *args)
+ }
+
+ /* Well-known attribute check. */
+-static int bgp_attr_check(struct peer *peer, struct attr *attr)
++static int bgp_attr_check(struct peer *peer, struct attr *attr,
++			  bgp_size_t length)
+ {
+	uint8_t type = 0;
+
+	/* BGP Graceful-Restart End-of-RIB for IPv4 unicast is signaled as an
+	 * empty UPDATE.  */
+-	if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag)
++	if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag &&
++	    !length)
+		return BGP_ATTR_PARSE_PROCEED;
+
+	/* "An UPDATE message that contains the MP_UNREACH_NLRI is not required
+@@ -3101,7 +3103,7 @@ bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr,
+	bgp_attr_parse_ret_t ret;
+	uint8_t flag = 0;
+	uint8_t type = 0;
+-	bgp_size_t length;
++	bgp_size_t length = 0;
+	uint8_t *startp, *endp;
+	uint8_t *attr_endp;
+	uint8_t seen[BGP_ATTR_BITMAP_SIZE];
+@@ -3416,7 +3418,7 @@ bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr,
+	}
+
+	/* Check all mandatory well-known attributes are present */
+-	ret = bgp_attr_check(peer, attr);
++	ret = bgp_attr_check(peer, attr, length);
+	if (ret < 0)
+		goto done;
+
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch
new file mode 100644
index 0000000000..9bf63372a4
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch
@@ -0,0 +1,98 @@
+From 682f100cd8d1bf7510939faa033f69ce64f965e9 Mon Sep 17 00:00:00 2001
+From: Donatas Abraitis <donatas@opensourcerouting.org>
+Date: Mon, 20 Nov 2023 14:32:38 +0000
+Subject: [PATCH 5/6] bgpd: Ignore handling NLRIs if we received
+ MP_UNREACH_NLRI
+
+If we receive MP_UNREACH_NLRI, we should stop handling remaining NLRIs if
+no mandatory path attributes received.
+
+In other words, if MP_UNREACH_NLRI received, the remaining NLRIs should be handled
+as a new data, but without mandatory attributes, it's a malformed packet.
+
+In normal case, this MUST not happen at all, but to avoid crashing bgpd, we MUST
+handle that.
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+CVE: CVE-2023-47234
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/c37119df45bbf4ef713bc10475af2ee06e12f3bf]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_attr.c   | 19 ++++++++++---------
+ bgpd/bgp_attr.h   |  1 +
+ bgpd/bgp_packet.c |  7 ++++++-
+ 3 files changed, 17 insertions(+), 10 deletions(-)
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index 35122943e..13da27e99 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+@@ -3055,15 +3055,6 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr,
+	    !length)
+		return BGP_ATTR_PARSE_PROCEED;
+
+-	/* "An UPDATE message that contains the MP_UNREACH_NLRI is not required
+-	   to carry any other path attributes.", though if MP_REACH_NLRI or NLRI
+-	   are present, it should.  Check for any other attribute being present
+-	   instead.
+-	 */
+-	if ((!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI)) &&
+-	     CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI))))
+-		return BGP_ATTR_PARSE_PROCEED;
+-
+	if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGIN)))
+		type = BGP_ATTR_ORIGIN;
+
+@@ -3082,6 +3073,16 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr,
+	    && !CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_LOCAL_PREF)))
+		type = BGP_ATTR_LOCAL_PREF;
+
++	/* An UPDATE message that contains the MP_UNREACH_NLRI is not required
++	 * to carry any other path attributes. Though if MP_REACH_NLRI or NLRI
++	 * are present, it should. Check for any other attribute being present
++	 * instead.
++	 */
++	if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI)) &&
++	    CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI)))
++		return type ? BGP_ATTR_PARSE_MISSING_MANDATORY
++			    : BGP_ATTR_PARSE_PROCEED;
++
+	/* If any of the well-known mandatory attributes are not present
+	 * in an UPDATE message, then "treat-as-withdraw" MUST be used.
+	 */
+diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h
+index 69f962134..77640dd5b 100644
+--- a/bgpd/bgp_attr.h
++++ b/bgpd/bgp_attr.h
+@@ -378,6 +378,7 @@ typedef enum {
+	/* only used internally, send notify + convert to BGP_ATTR_PARSE_ERROR
+	   */
+	BGP_ATTR_PARSE_ERROR_NOTIFYPLS = -3,
++	BGP_ATTR_PARSE_MISSING_MANDATORY = -4,
+ } bgp_attr_parse_ret_t;
+
+ struct bpacket_attr_vec_arr;
+diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
+index 261695198..c1c28f344 100644
+--- a/bgpd/bgp_packet.c
++++ b/bgpd/bgp_packet.c
+@@ -1767,7 +1767,12 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size)
+	/* Network Layer Reachability Information. */
+	update_len = end - stream_pnt(s);
+
+-	if (update_len && attribute_len) {
++	/* If we received MP_UNREACH_NLRI attribute, but also NLRIs, then
++	 * NLRIs should be handled as a new data. Though, if we received
++	 * NLRIs without mandatory attributes, they should be ignored.
++	 */
++	if (update_len && attribute_len &&
++	    attr_parse_ret != BGP_ATTR_PARSE_MISSING_MANDATORY) {
+		/* Set NLRI portion to structure. */
+		nlris[NLRI_UPDATE].afi = AFI_IP;
+		nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch
new file mode 100644
index 0000000000..218dcba510
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch
@@ -0,0 +1,114 @@
+From 024bdfcdf1d52db3a74f00a3370c3834a4bb78d0 Mon Sep 17 00:00:00 2001
+From: Donatas Abraitis <donatas@opensourcerouting.org>
+Date: Mon, 20 Nov 2023 14:39:33 +0000
+Subject: [PATCH 6/6] bgpd: Treat EOR as withdrawn to avoid unwanted handling
+ of malformed attrs
+
+Treat-as-withdraw, otherwise if we just ignore it, we will pass it to be
+processed as a normal UPDATE without mandatory attributes, that could lead
+to harmful behavior. In this case, a crash for route-maps with the configuration
+such as:
+
+```
+router bgp 65001
+ no bgp ebgp-requires-policy
+ neighbor 127.0.0.1 remote-as external
+ neighbor 127.0.0.1 passive
+ neighbor 127.0.0.1 ebgp-multihop
+ neighbor 127.0.0.1 disable-connected-check
+ neighbor 127.0.0.1 update-source 127.0.0.2
+ neighbor 127.0.0.1 timers 3 90
+ neighbor 127.0.0.1 timers connect 1
+ !
+ address-family ipv4 unicast
+  neighbor 127.0.0.1 addpath-tx-all-paths
+  neighbor 127.0.0.1 default-originate
+  neighbor 127.0.0.1 route-map RM_IN in
+ exit-address-family
+exit
+!
+route-map RM_IN permit 10
+ set as-path prepend 200
+exit
+```
+
+Send a malformed optional transitive attribute:
+
+```
+import socket
+import time
+
+OPEN = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+b"\xff\xff\x00\x62\x01\x04\xfd\xea\x00\x5a\x0a\x00\x00\x01\x45\x02"
+b"\x06\x01\x04\x00\x01\x00\x01\x02\x02\x02\x00\x02\x02\x46\x00\x02"
+b"\x06\x41\x04\x00\x00\xfd\xea\x02\x02\x06\x00\x02\x06\x45\x04\x00"
+b"\x01\x01\x03\x02\x0e\x49\x0c\x0a\x64\x6f\x6e\x61\x74\x61\x73\x2d"
+b"\x70\x63\x00\x02\x04\x40\x02\x00\x78\x02\x09\x47\x07\x00\x01\x01"
+b"\x80\x00\x00\x00")
+
+KEEPALIVE = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+b"\xff\xff\xff\xff\xff\xff\x00\x13\x04")
+
+UPDATE = bytearray.fromhex("ffffffffffffffffffffffffffffffff002b0200000003c0ff00010100eb00ac100b0b001ad908ac100b0b")
+
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.connect(('127.0.0.2', 179))
+s.send(OPEN)
+data = s.recv(1024)
+s.send(KEEPALIVE)
+data = s.recv(1024)
+s.send(UPDATE)
+data = s.recv(1024)
+time.sleep(100)
+s.close()
+```
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+CVE: CVE-2023-47235
+
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/6814f2e0138a6ea5e1f83bdd9085d9a77999900b]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ bgpd/bgp_attr.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index 13da27e99..1e08a218e 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+@@ -3050,10 +3050,13 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr,
+	uint8_t type = 0;
+
+	/* BGP Graceful-Restart End-of-RIB for IPv4 unicast is signaled as an
+-	 * empty UPDATE.  */
++	 * empty UPDATE. Treat-as-withdraw, otherwise if we just ignore it,
++	 * we will pass it to be processed as a normal UPDATE without mandatory
++	 * attributes, that could lead to harmful behavior.
++	 */
+	if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag &&
+	    !length)
+-		return BGP_ATTR_PARSE_PROCEED;
++		return BGP_ATTR_PARSE_WITHDRAW;
+
+	if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGIN)))
+		type = BGP_ATTR_ORIGIN;
+@@ -3477,7 +3480,13 @@ done:
+	}
+
+	transit = bgp_attr_get_transit(attr);
+-	if (ret != BGP_ATTR_PARSE_ERROR) {
++	/* If we received an UPDATE with mandatory attributes, then
++	 * the unrecognized transitive optional attribute of that
++	 * path MUST be passed. Otherwise, it's an error, and from
++	 * security perspective it might be very harmful if we continue
++	 * here with the unrecognized attributes.
++	 */
++	if (ret == BGP_ATTR_PARSE_PROCEED) {
+		/* Finally intern unknown attribute. */
+		if (transit)
+			bgp_attr_set_transit(attr, transit_intern(transit));
+--
+2.40.0
diff --git a/meta-networking/recipes-protocols/frr/frr/frr.pam b/meta-networking/recipes-protocols/frr/frr/frr.pam
index 3541a975ae..a9ec35dd69 100644
--- a/meta-networking/recipes-protocols/frr/frr/frr.pam
+++ b/meta-networking/recipes-protocols/frr/frr/frr.pam
@@ -1,10 +1,11 @@
 #
-# The PAM configuration file for the quagga `vtysh' service
+# The PAM configuration file for the frr `vtysh' service
 #
 
 # This allows root to change user infomation without being
 # prompted for a password
 auth		sufficient	pam_rootok.so
+account		sufficient	pam_rootok.so
 
 # The standard Unix authentication modules, used with
 # NIS (man nsswitch) as well as normal /etc/passwd and
diff --git a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
index 658731567d..03b106131f 100644
--- a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
+++ b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
@@ -12,6 +12,21 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \
            file://CVE-2022-37035.patch \
            file://CVE-2022-37032.patch \
+           file://CVE-2022-42917.patch \
+           file://CVE-2022-36440.patch \
+           file://CVE-2022-40318.patch \
+           file://CVE-2022-43681.patch \
+           file://CVE-2023-31489.patch \
+           file://CVE-2023-31490.patch \
+           file://CVE-2023-38802.patch \
+           file://CVE-2023-41358.patch \
+           file://CVE-2023-41909.patch \
+           file://CVE-2023-38406.patch \
+           file://CVE-2023-38407.patch \
+           file://CVE-2023-46752.patch \
+           file://CVE-2023-46753.patch \
+           file://CVE-2023-47234.patch \
+           file://CVE-2023-47235.patch \
            file://frr.pam \
 	      "
 
diff --git a/meta-networking/recipes-protocols/mdns/files/0001-Create-subroutine-for-cleaning-recent-interfaces.patch b/meta-networking/recipes-protocols/mdns/mdns/0001-Create-subroutine-for-cleaning-recent-interfaces.patch
index f8efc10448..f8efc10448 100644
--- a/meta-networking/recipes-protocols/mdns/files/0001-Create-subroutine-for-cleaning-recent-interfaces.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0001-Create-subroutine-for-cleaning-recent-interfaces.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0001-dns-sd-Include-missing-headers.patch b/meta-networking/recipes-protocols/mdns/mdns/0001-dns-sd-Include-missing-headers.patch
index c743b3eddb..c743b3eddb 100644
--- a/meta-networking/recipes-protocols/mdns/files/0001-dns-sd-Include-missing-headers.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0001-dns-sd-Include-missing-headers.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0001-mdns-include-stddef.h-for-NULL.patch b/meta-networking/recipes-protocols/mdns/mdns/0001-mdns-include-stddef.h-for-NULL.patch
index c57ce8fa53..c57ce8fa53 100644
--- a/meta-networking/recipes-protocols/mdns/files/0001-mdns-include-stddef.h-for-NULL.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0001-mdns-include-stddef.h-for-NULL.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0002-Create-subroutine-for-tearing-down-an-interface.patch b/meta-networking/recipes-protocols/mdns/mdns/0002-Create-subroutine-for-tearing-down-an-interface.patch
index 21ba318499..21ba318499 100644
--- a/meta-networking/recipes-protocols/mdns/files/0002-Create-subroutine-for-tearing-down-an-interface.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0002-Create-subroutine-for-tearing-down-an-interface.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0002-mdns-cross-compilation-fixes-for-bitbake.patch b/meta-networking/recipes-protocols/mdns/mdns/0002-mdns-cross-compilation-fixes-for-bitbake.patch
index 33590ffc57..33590ffc57 100644
--- a/meta-networking/recipes-protocols/mdns/files/0002-mdns-cross-compilation-fixes-for-bitbake.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0002-mdns-cross-compilation-fixes-for-bitbake.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0003-Track-interface-socket-family.patch b/meta-networking/recipes-protocols/mdns/mdns/0003-Track-interface-socket-family.patch
index 8c0e6bf397..8c0e6bf397 100644
--- a/meta-networking/recipes-protocols/mdns/files/0003-Track-interface-socket-family.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0003-Track-interface-socket-family.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0004-Use-list-for-changed-interfaces.patch b/meta-networking/recipes-protocols/mdns/mdns/0004-Use-list-for-changed-interfaces.patch
index db3a63ea48..db3a63ea48 100644
--- a/meta-networking/recipes-protocols/mdns/files/0004-Use-list-for-changed-interfaces.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0004-Use-list-for-changed-interfaces.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0006-Remove-unneeded-function.patch b/meta-networking/recipes-protocols/mdns/mdns/0006-Remove-unneeded-function.patch
index b461a60df7..b461a60df7 100644
--- a/meta-networking/recipes-protocols/mdns/files/0006-Remove-unneeded-function.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0006-Remove-unneeded-function.patch
diff --git a/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch b/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch
new file mode 100644
index 0000000000..b7d9ad5bba
--- /dev/null
+++ b/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch
@@ -0,0 +1,175 @@
+From 177abf68e5ac5f82c6261af63528f8b6160bca0f Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alex.kiernan@gmail.com>
+Date: Tue, 6 Dec 2022 13:28:31 +0000
+Subject: [PATCH] make: Add top-level Makefile
+
+Simple top level Makefile that just delegates to mDNSPosix.
+
+Upstream-Status: Inappropriate [oe-specific]
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ Makefile | 154 +------------------------------------------------------
+ 1 file changed, 2 insertions(+), 152 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 8b6fa77..feb6ac6 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,152 +1,2 @@
+-#
+-# Copyright (c) 2003-2018 Apple Inc. All rights reserved.
+-#
+-# Top level makefile for Build & Integration (B&I).
+-# 
+-# This file is used to facilitate checking the mDNSResponder project directly from git and submitting to B&I at Apple.
+-#
+-# The various platform directories contain makefiles or projects specific to that platform.
+-#
+-#    B&I builds must respect the following target:
+-#         install:
+-#         installsrc:
+-#         installhdrs:
+-#         installapi:
+-#         clean:
+-#
+-
+-include $(MAKEFILEPATH)/pb_makefiles/platform.make
+-
+-MVERS = "mDNSResponder-1310.140.1"
+-
+-VER =
+-ifneq ($(strip $(GCC_VERSION)),)
+-	VER = -- GCC_VERSION=$(GCC_VERSION)
+-endif
+-echo "VER = $(VER)"
+-
+-projectdir	:= $(SRCROOT)/mDNSMacOSX
+-buildsettings	:= OBJROOT=$(OBJROOT) SYMROOT=$(SYMROOT) DSTROOT=$(DSTROOT) MVERS=$(MVERS) SDKROOT=$(SDKROOT)
+-
+-.PHONY: install installSome installEmpty installExtras SystemLibraries installhdrs installapi installsrc java clean
+-
+-# Sanitizer support
+-# Disable Sanitizer instrumentation in LibSystem contributors. See rdar://problem/29952210.
+-UNSUPPORTED_SANITIZER_PROJECTS := mDNSResponderSystemLibraries mDNSResponderSystemLibraries_Sim
+-PROJECT_SUPPORTS_SANITIZERS := 1
+-ifneq ($(words $(filter $(UNSUPPORTED_SANITIZER_PROJECTS), $(RC_ProjectName))), 0)
+-  PROJECT_SUPPORTS_SANITIZERS := 0
+-endif
+-ifeq ($(RC_ENABLE_ADDRESS_SANITIZATION),1)
+-  ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1)
+-    $(info Enabling Address Sanitizer)
+-    buildsettings += -enableAddressSanitizer YES
+-  else
+-    $(warning WARNING: Address Sanitizer not supported for project $(RC_ProjectName))
+-  endif
+-endif
+-ifeq ($(RC_ENABLE_THREAD_SANITIZATION),1)
+-  ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1)
+-    $(info Enabling Thread Sanitizer)
+-    buildsettings += -enableThreadSanitizer YES
+-  else
+-    $(warning WARNING: Thread Sanitizer not supported for project $(RC_ProjectName))
+-  endif
+-endif
+-ifeq ($(RC_ENABLE_UNDEFINED_BEHAVIOR_SANITIZATION),1)
+-  ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1)
+-    $(info Enabling Undefined Behavior Sanitizer)
+-    buildsettings += -enableUndefinedBehaviorSanitizer YES
+-  else
+-    $(warning WARNING: Undefined Behavior Sanitizer not supported for project $(RC_ProjectName))
+-  endif
+-endif
+-
+-# B&I install build targets
+-#
+-# For the mDNSResponder build alias, the make target used by B&I depends on the platform:
+-#
+-#	Platform	Make Target
+-#	--------	-----------
+-#	osx		install
+-#	ios		installSome
+-#	atv		installSome
+-#	watch		installSome
+-#
+-# For the mDNSResponderSystemLibraries and mDNSResponderSystemLibraries_sim build aliases, B&I uses the SystemLibraries
+-# target for all platforms.
+-
+-install:
+-ifeq ($(RC_ProjectName), mDNSResponderServices)
+-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx)
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Services-macOS' $(VER)
+-else
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Services' $(VER)
+-endif
+-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim)
+-	mkdir -p $(DSTROOT)/AppleInternal
+-else
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) $(VER)
+-endif
+-
+-installSome:
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) $(VER)
+-
+-installEmpty:
+-	mkdir -p $(DSTROOT)/AppleInternal
+-
+-installExtras:
+-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx)
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-macOS' $(VER)
+-else ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), ios)
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-iOS' $(VER)
+-else ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), atv)
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-tvOS' $(VER)
+-else
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras' $(VER)
+-endif
+-
+-SystemLibraries:
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) -target SystemLibraries $(VER)
+-
+-# B&I installhdrs build targets
+-
+-installhdrs::
+-ifeq ($(RC_ProjectName), mDNSResponderServices)
+-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx)
+-	cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target 'Build Services-macOS' $(VER)
+-else
+-	cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target 'Build Services' $(VER)
+-endif
+-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim)
+-	mkdir -p $(DSTROOT)/AppleInternal
+-else ifneq ($(findstring SystemLibraries,$(RC_ProjectName)),)
+-	cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target SystemLibraries $(VER)
+-endif
+-
+-# B&I installapi build targets
+-
+-installapi:
+-ifeq ($(RC_ProjectName), mDNSResponderServices)
+-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx)
+-	cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target 'Build Services-macOS' $(VER)
+-else
+-	cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target 'Build Services' $(VER)
+-endif
+-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim)
+-	mkdir -p $(DSTROOT)/AppleInternal
+-else ifneq ($(findstring SystemLibraries,$(RC_ProjectName)),)
+-	cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target SystemLibrariesDynamic $(VER)
+-endif
+-
+-# Misc. targets
+-
+-installsrc:
+-	ditto . '$(SRCROOT)'
+-	rm -rf '$(SRCROOT)/mDNSWindows' '$(SRCROOT)/Clients/FirefoxExtension'
+-
+-java:
+-	cd '$(projectdir)'; xcodebuild install $(buildsettings) -target libjdns_sd.jnilib $(VER)
+-
+-clean::
+-	echo clean
++all clean:
++	cd mDNSPosix && $(MAKE) $@
+-- 
+2.38.1
+
diff --git a/meta-networking/recipes-protocols/mdns/files/0008-Mark-deleted-interfaces-as-being-changed.patch b/meta-networking/recipes-protocols/mdns/mdns/0008-Mark-deleted-interfaces-as-being-changed.patch
index fdc5105cb9..fdc5105cb9 100644
--- a/meta-networking/recipes-protocols/mdns/files/0008-Mark-deleted-interfaces-as-being-changed.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0008-Mark-deleted-interfaces-as-being-changed.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0009-Fix-possible-NULL-dereference.patch b/meta-networking/recipes-protocols/mdns/mdns/0009-Fix-possible-NULL-dereference.patch
index 362d69768e..362d69768e 100644
--- a/meta-networking/recipes-protocols/mdns/files/0009-Fix-possible-NULL-dereference.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0009-Fix-possible-NULL-dereference.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0010-Handle-errors-from-socket-calls.patch b/meta-networking/recipes-protocols/mdns/mdns/0010-Handle-errors-from-socket-calls.patch
index b9b0157276..b9b0157276 100644
--- a/meta-networking/recipes-protocols/mdns/files/0010-Handle-errors-from-socket-calls.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0010-Handle-errors-from-socket-calls.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch b/meta-networking/recipes-protocols/mdns/mdns/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch
index d9adde04c2..d9adde04c2 100644
--- a/meta-networking/recipes-protocols/mdns/files/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch
+++ b/meta-networking/recipes-protocols/mdns/mdns/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch
diff --git a/meta-networking/recipes-protocols/mdns/files/mdns.service b/meta-networking/recipes-protocols/mdns/mdns/mdns.service
index 531d142dcd..531d142dcd 100644
--- a/meta-networking/recipes-protocols/mdns/files/mdns.service
+++ b/meta-networking/recipes-protocols/mdns/mdns/mdns.service
diff --git a/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb b/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb
index 205dc929be..65f4847d8f 100644
--- a/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb
+++ b/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb
@@ -2,28 +2,31 @@ SUMMARY = "Publishes & browses available services on a link according to the Zer
 DESCRIPTION = "Bonjour, also known as zero-configuration networking, enables automatic discovery of computers, devices, and services on IP networks."
 HOMEPAGE = "http://developer.apple.com/networking/bonjour/"
 LICENSE = "Apache-2.0 & BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://../LICENSE;md5=31c50371921e0fb731003bbc665f29bf"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=31c50371921e0fb731003bbc665f29bf"
 
 DEPENDS:append:libc-musl = " musl-nscd"
 
 RPROVIDES:${PN} += "libdns_sd.so"
 
-SRC_URI = "https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-${PV}.tar.gz \
+# matches annotated tag mDNSResponder-1310.140.1
+SRCREV = "1d1de95b98fba2077d34c9d78b839a96aa0e1c77"
+BRANCH = "rel/mDNSResponder-1310"
+SRC_URI = "git://github.com/apple-oss-distributions/mDNSResponder;protocol=https;branch=${BRANCH} \
            file://mdns.service \
-           file://0001-mdns-include-stddef.h-for-NULL.patch;patchdir=.. \
-           file://0002-mdns-cross-compilation-fixes-for-bitbake.patch;patchdir=.. \
-           file://0001-Create-subroutine-for-cleaning-recent-interfaces.patch;patchdir=.. \
-           file://0002-Create-subroutine-for-tearing-down-an-interface.patch;patchdir=.. \
-           file://0003-Track-interface-socket-family.patch;patchdir=.. \
-           file://0004-Use-list-for-changed-interfaces.patch;patchdir=.. \
-           file://0006-Remove-unneeded-function.patch;patchdir=.. \
-           file://0008-Mark-deleted-interfaces-as-being-changed.patch;patchdir=.. \
-           file://0009-Fix-possible-NULL-dereference.patch;patchdir=.. \
-           file://0010-Handle-errors-from-socket-calls.patch;patchdir=.. \
-           file://0011-Change-a-dynamic-allocation-to-file-scope-variable.patch;patchdir=.. \
-           file://0001-dns-sd-Include-missing-headers.patch;patchdir=.. \
+           file://0001-mdns-include-stddef.h-for-NULL.patch \
+           file://0002-mdns-cross-compilation-fixes-for-bitbake.patch \
+           file://0001-Create-subroutine-for-cleaning-recent-interfaces.patch \
+           file://0002-Create-subroutine-for-tearing-down-an-interface.patch \
+           file://0003-Track-interface-socket-family.patch \
+           file://0004-Use-list-for-changed-interfaces.patch \
+           file://0006-Remove-unneeded-function.patch \
+           file://0008-Mark-deleted-interfaces-as-being-changed.patch \
+           file://0009-Fix-possible-NULL-dereference.patch \
+           file://0010-Handle-errors-from-socket-calls.patch \
+           file://0011-Change-a-dynamic-allocation-to-file-scope-variable.patch \
+           file://0001-dns-sd-Include-missing-headers.patch \
+           file://0006-make-Add-top-level-Makefile.patch \
            "
-SRC_URI[sha256sum] = "040f6495c18b9f0557bcf9e00cbcfc82b03405f5ba6963dc147730ca0ca90d6f"
 
 CVE_PRODUCT = "apple:mdnsresponder"
 
@@ -42,13 +45,22 @@ CVE_CHECK_IGNORE += "CVE-2007-0613"
 
 PARALLEL_MAKE = ""
 
-S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix"
+# We install a stub Makefile in the top directory so that the various checks
+# in base.bbclass pass their tests for a Makefile, this ensures (that amongst
+# other things) the sstate checks will clean the build directory when the
+# task hashes changes.
+#
+# We can't use the approach of setting ${S} to mDNSPosix as we need
+# DEBUG_PREFIX_MAP to cover files which come from the Clients directory too.
+S = "${WORKDIR}/git"
 
 EXTRA_OEMAKE += "os=linux DEBUG=0 'CC=${CC}' 'LD=${CCLD} ${LDFLAGS}'"
 
 TARGET_CC_ARCH += "${LDFLAGS}"
 
 do_install () {
+    cd mDNSPosix
+
     install -d ${D}${sbindir}
     install -m 0755 build/prod/mdnsd ${D}${sbindir}
 
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch
new file mode 100644
index 0000000000..ce7e3422ed
--- /dev/null
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch
@@ -0,0 +1,116 @@
+From 4589352dac3ae111c7621298cf231742209efd9b Mon Sep 17 00:00:00 2001
+From: Bill Fenner <fenner@gmail.com>
+Date: Fri, 25 Nov 2022 08:41:24 -0800
+Subject: [PATCH ] snmp_agent: disallow SET with NULL varbind
+
+Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57]
+CVE: CVE-2022-44792 & CVE-2022-44793
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ agent/snmp_agent.c                            | 32 +++++++++++++++++++
+ apps/snmpset.c                                |  1 +
+ .../default/T0142snmpv2csetnull_simple        | 31 ++++++++++++++++++
+ 3 files changed, 64 insertions(+)
+ create mode 100644 testing/fulltests/default/T0142snmpv2csetnull_simple
+
+diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
+index 3376357..f51c252 100644
+--- a/agent/snmp_agent.c
++++ b/agent/snmp_agent.c
+@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status)
+     return 1;
+ }
+ 
++static int
++check_set_pdu_for_null_varbind(netsnmp_agent_session *asp)
++{
++    int i;
++    netsnmp_variable_list *v = NULL;
++
++    for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) {
++	if (v->type == ASN_NULL) {
++	    /*
++	     * Protect SET implementations that do not protect themselves
++	     * against wrong type.
++	     */
++	    DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i));
++	    asp->index = i;
++	    return SNMP_ERR_WRONGTYPE;
++	}
++    }
++    return SNMP_ERR_NOERROR;
++}
++
+ int
+ handle_pdu(netsnmp_agent_session *asp)
+ {
+     int             status, inclusives = 0;
+     netsnmp_variable_list *v = NULL;
+ 
++#ifndef NETSNMP_NO_WRITE_SUPPORT
++    /*
++     * Check for ASN_NULL in SET request
++     */
++    if (asp->pdu->command == SNMP_MSG_SET) {
++	status = check_set_pdu_for_null_varbind(asp);
++	if (status != SNMP_ERR_NOERROR) {
++	    return status;
++	}
++    }
++#endif /* NETSNMP_NO_WRITE_SUPPORT */
++
+     /*
+      * for illegal requests, mark all nodes as ASN_NULL 
+      */
+diff --git a/apps/snmpset.c b/apps/snmpset.c
+index 50f33db..387a51d 100644
+--- a/apps/snmpset.c
++++ b/apps/snmpset.c
+@@ -182,6 +182,7 @@ main(int argc, char *argv[])
+             case 'x':
+             case 'd':
+             case 'b':
++            case 'n': /* undocumented */
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+             case 'I':
+             case 'U':
+diff --git a/testing/fulltests/default/T0142snmpv2csetnull_simple b/testing/fulltests/default/T0142snmpv2csetnull_simple
+new file mode 100644
+index 0000000..0f1b8f3
+--- /dev/null
++++ b/testing/fulltests/default/T0142snmpv2csetnull_simple
+@@ -0,0 +1,31 @@
++#!/bin/sh
++
++. ../support/simple_eval_tools.sh
++
++HEADER SNMPv2c set of system.sysContact.0 with NULL varbind
++
++SKIPIF NETSNMP_DISABLE_SET_SUPPORT
++SKIPIF NETSNMP_NO_WRITE_SUPPORT
++SKIPIF NETSNMP_DISABLE_SNMPV2C
++SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE
++
++#
++# Begin test
++#
++
++# standard V2C configuration: testcomunnity
++snmp_write_access='all'
++. ./Sv2cconfig
++STARTAGENT
++
++CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0"
++
++CHECK ".1.3.6.1.2.1.1.4.0 = STRING:"
++
++CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x"
++
++CHECK "Reason: wrongType"
++
++STOPAGENT
++
++FINISHED
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb
index 7af5147566..eb8e1599fb 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb
@@ -26,6 +26,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \
            file://net-snmp-fix-for-disable-des.patch \
            file://reproducibility-have-printcap.patch \
            file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \
+           file://CVE-2022-44792-CVE-2022-44793.patch \
            "
 SRC_URI[sha256sum] = "2097f29b7e1bf3f1300b4bae52fa2308d0bb8d5d3998dbe02f9462a413a2ef0a"
 
diff --git a/meta-networking/recipes-support/chrony/chrony_4.2.bb b/meta-networking/recipes-support/chrony/chrony_4.2.bb
index 8d12cc75e2..b7d21b7e91 100644
--- a/meta-networking/recipes-support/chrony/chrony_4.2.bb
+++ b/meta-networking/recipes-support/chrony/chrony_4.2.bb
@@ -45,7 +45,7 @@ DEPENDS = "pps-tools"
 
 # Note: Despite being built via './configure; make; make install',
 #       chrony does not use GNU Autotools.
-inherit update-rc.d systemd
+inherit update-rc.d systemd pkgconfig
 
 # Add chronyd user if privdrop packageconfig is selected
 inherit ${@bb.utils.contains('PACKAGECONFIG', 'privdrop', 'useradd', '', d)}
diff --git a/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb b/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb
index d4cdda0f81..516e467ee4 100644
--- a/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb
+++ b/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb
@@ -5,7 +5,10 @@ LICENSE = "GPL-3.0-only & LGPL-3.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 
 SRCREV = "8c06dce7d596e478c20bc54bdcec87ad97f80a1b"
-SRC_URI = "git://git.samba.org/cifs-utils.git;branch=master"
+SRC_URI = "git://git.samba.org/cifs-utils.git;branch=master \
+           file://CVE-2022-27239.patch \
+           file://CVE-2022-29869.patch \
+"
 
 S = "${WORKDIR}/git"
 DEPENDS += "libtalloc"
diff --git a/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch b/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch
new file mode 100644
index 0000000000..77f6745abe
--- /dev/null
+++ b/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch
@@ -0,0 +1,40 @@
+From 007c07fd91b6d42f8bd45187cf78ebb06801139d Mon Sep 17 00:00:00 2001
+From: Jeffrey Bencteux <jbe@improsec.com>
+Date: Thu, 17 Mar 2022 12:58:52 -0400
+Subject: [PATCH] CVE-2022-27239: mount.cifs: fix length check for ip option
+ parsing
+
+Previous check was true whatever the length of the input string was,
+leading to a buffer overflow in the subsequent strcpy call.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=15025
+
+Signed-off-by: Jeffrey Bencteux <jbe@improsec.com>
+Reviewed-by: David Disseldorp <ddiss@suse.de>
+
+Upstream-Status: Backport [ https://git.samba.org/?p=cifs-utils.git;a=commit;h=007c07fd91b6d42f8bd45187cf78ebb06801139d]
+CVE: CVE-2022-27239
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ mount.cifs.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/mount.cifs.c b/mount.cifs.c
+index 84274c9..3a6b449 100644
+--- a/mount.cifs.c
++++ b/mount.cifs.c
+@@ -926,9 +926,10 @@ parse_options(const char *data, struct parsed_mount_info *parsed_info)
+ 			if (!value || !*value) {
+ 				fprintf(stderr,
+ 					"target ip address argument missing\n");
+-			} else if (strnlen(value, MAX_ADDRESS_LEN) <=
++			} else if (strnlen(value, MAX_ADDRESS_LEN) <
+ 				MAX_ADDRESS_LEN) {
+-				strcpy(parsed_info->addrlist, value);
++				strlcpy(parsed_info->addrlist, value,
++					MAX_ADDRESS_LEN);
+ 				if (parsed_info->verboseflag)
+ 					fprintf(stderr,
+ 						"ip address %s override specified\n",
+-- 
+2.34.1
diff --git a/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch b/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch
new file mode 100644
index 0000000000..f0c3f37dec
--- /dev/null
+++ b/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch
@@ -0,0 +1,48 @@
+From 8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379 Mon Sep 17 00:00:00 2001
+From: Jeffrey Bencteux <jbe@improsec.com>
+Date: Sat, 19 Mar 2022 13:41:15 -0400
+Subject: [PATCH] mount.cifs: fix verbose messages on option parsing
+
+When verbose logging is enabled, invalid credentials file lines may be
+dumped to stderr. This may lead to information disclosure in particular
+conditions when the credentials file given is sensitive and contains '='
+signs.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=15026
+
+Signed-off-by: Jeffrey Bencteux <jbe@improsec.com>
+Reviewed-by: David Disseldorp <ddiss@suse.de>
+
+Upstream-Status: Backport [https://git.samba.org/?p=cifs-utils.git;a=commit;h=8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379]
+CVE: CVE-2022-29869
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ mount.cifs.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/mount.cifs.c b/mount.cifs.c
+index 3a6b449..2278995 100644
+--- a/mount.cifs.c
++++ b/mount.cifs.c
+@@ -628,17 +628,13 @@ static int open_cred_file(char *file_name,
+ 				goto return_i;
+ 			break;
+ 		case CRED_DOM:
+-			if (parsed_info->verboseflag)
+-				fprintf(stderr, "domain=%s\n",
+-					temp_val);
+ 			strlcpy(parsed_info->domain, temp_val,
+ 				sizeof(parsed_info->domain));
+ 			break;
+ 		case CRED_UNPARSEABLE:
+ 			if (parsed_info->verboseflag)
+ 				fprintf(stderr, "Credential formatted "
+-					"incorrectly: %s\n",
+-					temp_val ? temp_val : "(null)");
++					"incorrectly\n");
+ 			break;
+ 		}
+ 	}
+-- 
+2.34.1
+
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq/lua.patch b/meta-networking/recipes-support/dnsmasq/dnsmasq/lua.patch
deleted file mode 100644
index be2bb42fc2..0000000000
--- a/meta-networking/recipes-support/dnsmasq/dnsmasq/lua.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From be1b3d2d0f1608cba5efee73d6aac5ad0709041b Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe_macdonald@mentor.com>
-Date: Tue, 9 Sep 2014 10:24:58 -0400
-Subject: [PATCH] Upstream-Status: Inappropriate [OE specific]
-
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
-Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
-
----
- Makefile | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 73ea23e..ed3eeb9 100644
---- a/Makefile
-+++ b/Makefile
-@@ -60,8 +60,8 @@ idn2_cflags =   `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFI
- idn2_libs =     `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --libs libidn2`
- ct_cflags =     `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --cflags libnetfilter_conntrack`
- ct_libs =       `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack`
--lua_cflags =    `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua5.2` 
--lua_libs =      `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.2` 
-+lua_cflags =    `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua`
-+lua_libs =      `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua`
- nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC     $(PKG_CONFIG) --cflags 'nettle hogweed' \
-                                                         HAVE_CRYPTOHASH $(PKG_CONFIG) --cflags nettle \
-                                                         HAVE_NETTLEHASH $(PKG_CONFIG) --cflags nettle`
-
--- 
-2.9.5
-
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb
deleted file mode 100644
index 793b61d712..0000000000
--- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require dnsmasq.inc
-
-SRC_URI[dnsmasq-2.87.sha256sum] = "ae39bffde9c37e4d64849b528afeb060be6bad6d1044a3bd94a49fce41357284"
-SRC_URI += "\
-    file://lua.patch \
-"
-
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb
new file mode 100644
index 0000000000..6e4c331102
--- /dev/null
+++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb
@@ -0,0 +1,3 @@
+require dnsmasq.inc
+
+SRC_URI[dnsmasq-2.90.sha256sum] = "8f6666b542403b5ee7ccce66ea73a4a51cf19dd49392aaccd37231a2c51b303b"
diff --git a/meta-networking/recipes-support/netsniff-ng/netsniff-ng_0.6.8.bb b/meta-networking/recipes-support/netsniff-ng/netsniff-ng_0.6.8.bb
index 004330e1b4..341eab015c 100644
--- a/meta-networking/recipes-support/netsniff-ng/netsniff-ng_0.6.8.bb
+++ b/meta-networking/recipes-support/netsniff-ng/netsniff-ng_0.6.8.bb
@@ -33,4 +33,4 @@ do_install() {
     oe_runmake DESTDIR=${D} netsniff-ng_install
 }
 
-BBCLASSEXTEND = "native nativesdk"
+BBCLASSEXTEND = "native"
diff --git a/meta-networking/recipes-support/ntp/ntp/CVE-2023-2655x.patch b/meta-networking/recipes-support/ntp/ntp/CVE-2023-2655x.patch
new file mode 100755
index 0000000000..fbd0ec151a
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/ntp/CVE-2023-2655x.patch
@@ -0,0 +1,323 @@
+CVE: CVE-2023-26551
+CVE: CVE-2023-26552
+CVE: CVE-2023-26553
+CVE: CVE-2023-26554
+CVE: CVE-2023-26555
+Upstream-Status: Backport [https://archive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p15-3806-3807.patch]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+--- include/ntp_fp.h	2019-06-03 23:41:14.000000000 -0500
++++ ../ntp-stable-p16-sec/include/ntp_fp.h	2023-04-17 03:17:01.655121000 -0500
+@@ -195,9 +195,9 @@
+ 	do { \
+ 		int32 add_f = (int32)(f); \
+ 		if (add_f >= 0) \
+-			M_ADD((r_i), (r_f), 0, (uint32)( add_f)); \
++			M_ADD((r_i), (r_f), 0, (u_int32)( add_f)); \
+ 		else \
+-			M_SUB((r_i), (r_f), 0, (uint32)(-add_f)); \
++			M_SUB((r_i), (r_f), 0, (u_int32)(-add_f)); \
+ 	} while(0)
+ 
+ #define	M_ISNEG(v_i)			/* v < 0 */ \
+--- libntp/mstolfp.c	2019-06-03 23:41:14.000000000 -0500
++++ ../ntp-stable-p16-sec/libntp/mstolfp.c	2023-04-17 03:07:38.598581000 -0500
+@@ -14,86 +14,58 @@
+ 	l_fp *lfp
+ 	)
+ {
+-	register const char *cp;
+-	register char *bp;
+-	register const char *cpdec;
+-	char buf[100];
++	int        ch, neg = 0; 
++	u_int32    q, r;
+ 
+ 	/*
+ 	 * We understand numbers of the form:
+ 	 *
+ 	 * [spaces][-|+][digits][.][digits][spaces|\n|\0]
+ 	 *
+-	 * This is one enormous hack.  Since I didn't feel like
+-	 * rewriting the decoding routine for milliseconds, what
+-	 * is essentially done here is to make a copy of the string
+-	 * with the decimal moved over three places so the seconds
+-	 * decoding routine can be used.
++	 * This is kinda hack.  We use 'atolfp' to do the basic parsing
++	 * (after some initial checks) and then divide the result by
++	 * 1000.  The original implementation avoided that by
++	 * hacking up the input string to move the decimal point, but
++	 * that needed string manipulations prone to buffer overruns.
++	 * To avoid that trouble we do the conversion first and adjust
++	 * the result.
+ 	 */
+-	bp = buf;
+-	cp = str;
+-	while (isspace((unsigned char)*cp))
+-	    cp++;
+ 	
+-	if (*cp == '-' || *cp == '+') {
+-		*bp++ = *cp++;
+-	}
+-
+-	if (*cp != '.' && !isdigit((unsigned char)*cp))
+-	    return 0;
+-
+-
+-	/*
+-	 * Search forward for the decimal point or the end of the string.
+-	 */
+-	cpdec = cp;
+-	while (isdigit((unsigned char)*cpdec))
+-	    cpdec++;
+-
+-	/*
+-	 * Found something.  If we have more than three digits copy the
+-	 * excess over, else insert a leading 0.
+-	 */
+-	if ((cpdec - cp) > 3) {
+-		do {
+-			*bp++ = (char)*cp++;
+-		} while ((cpdec - cp) > 3);
+-	} else {
+-		*bp++ = '0';
+-	}
+-
+-	/*
+-	 * Stick the decimal in.  If we've got less than three digits in
+-	 * front of the millisecond decimal we insert the appropriate number
+-	 * of zeros.
+-	 */
+-	*bp++ = '.';
+-	if ((cpdec - cp) < 3) {
+-		size_t i = 3 - (cpdec - cp);
+-		do {
+-			*bp++ = '0';
+-		} while (--i > 0);
+-	}
+-
+-	/*
+-	 * Copy the remainder up to the millisecond decimal.  If cpdec
+-	 * is pointing at a decimal point, copy in the trailing number too.
+-	 */
+-	while (cp < cpdec)
+-	    *bp++ = (char)*cp++;
++	while (isspace(ch = *(const unsigned char*)str))
++		++str;
+ 	
+-	if (*cp == '.') {
+-		cp++;
+-		while (isdigit((unsigned char)*cp))
+-		    *bp++ = (char)*cp++;
++	switch (ch) {
++	    case '-': neg = TRUE;
++	    case '+': ++str;
++	    default : break;
+ 	}
+-	*bp = '\0';
+-
+-	/*
+-	 * Check to make sure the string is properly terminated.  If
+-	 * so, give the buffer to the decoding routine.
+-	 */
+-	if (*cp != '\0' && !isspace((unsigned char)*cp))
+-	    return 0;
+-	return atolfp(buf, lfp);
++	
++	if (!isdigit(ch = *(const unsigned char*)str) && (ch != '.'))
++		return 0;
++	if (!atolfp(str, lfp))
++		return 0;
++
++	/* now do a chained/overlapping division by 1000 to get from
++	 * seconds to msec. 1000 is small enough to go with temporary
++	 * 32bit accus for Q and R.
++	 */
++	q = lfp->l_ui / 1000u;
++	r = lfp->l_ui - (q * 1000u);
++	lfp->l_ui = q;
++
++	r = (r << 16) | (lfp->l_uf >> 16);
++	q = r / 1000u;
++	r = ((r - q * 1000) << 16) | (lfp->l_uf & 0x0FFFFu);
++	lfp->l_uf = q << 16;
++	q = r / 1000;
++	lfp->l_uf |= q;
++	r -= q * 1000u;
++
++	/* fix sign */
++	if (neg)
++		L_NEG(lfp);
++	/* round */
++	if (r >= 500)
++		L_ADDF(lfp, (neg ? -1 : 1));
++	return 1;
+ }
+--- ntpd/refclock_palisade.c	2020-04-11 04:31:33.000000000 -0500
++++ ../ntp-stable-p16-sec/ntpd/refclock_palisade.c	2023-04-15 18:09:29.787588000 -0500
+@@ -1225,9 +1225,9 @@
+ 		return;  /* using synchronous packet input */
+ 
+ 	if(up->type == CLK_PRAECIS) {
+-		if(write(peer->procptr->io.fd,"SPSTAT\r\n",8) < 0)
++		if (write(peer->procptr->io.fd,"SPSTAT\r\n",8) < 0) {
+ 			msyslog(LOG_ERR, "Palisade(%d) write: %m:",unit);
+-		else {
++		} else {
+ 			praecis_msg = 1;
+ 			return;
+ 		}
+@@ -1249,20 +1249,53 @@
+ 
+ 	pp = peer->procptr;
+ 
+-	memcpy(buf+p,rbufp->recv_space.X_recv_buffer, rbufp->recv_length);
++	if (p + rbufp->recv_length >= sizeof buf) {
++		struct palisade_unit *up;
++		up = pp->unitptr;
++
++		/*
++		 * We COULD see if there is a \r\n in the incoming
++		 * buffer before it overflows, and then process the
++		 * current line.
++		 *
++		 * Similarly, if we already have a hunk of data that
++		 * we're now flushing, that will cause the line of
++		 * data we're in the process of collecting to be garbage.
++		 *
++		 * Since we now check for this overflow and log when it
++		 * happens, we're now in a better place to easily see
++		 * what's going on and perhaps better choices can be made.
++		 */
++
++		/* Do we need to log the size of the overflow? */
++		msyslog(LOG_ERR, "Palisade(%d) praecis_parse(): input buffer overflow", 
++			up->unit);
++
++		p = 0;
++		praecis_msg = 0;
++
++		refclock_report(peer, CEVNT_BADREPLY);
++
++		return;
++	}
++
++	memcpy(buf+p, rbufp->recv_buffer, rbufp->recv_length);
+ 	p += rbufp->recv_length;
+ 
+-	if(buf[p-2] == '\r' && buf[p-1] == '\n') {
++	if (   p >= 2
++	    && buf[p-2] == '\r' 
++	    && buf[p-1] == '\n') {
+ 		buf[p-2] = '\0';
+ 		record_clock_stats(&peer->srcadr, buf);
+ 
+ 		p = 0;
+ 		praecis_msg = 0;
+ 
+-		if (HW_poll(pp) < 0)
++		if (HW_poll(pp) < 0) {
+ 			refclock_report(peer, CEVNT_FAULT);
+-
++		}
+ 	}
++	return;
+ }
+ 
+ static void
+@@ -1407,7 +1440,10 @@
+ 
+ 	/* Edge trigger */
+ 	if (up->type == CLK_ACUTIME)
+-		write (pp->io.fd, "", 1);
++		if (write (pp->io.fd, "", 1) != 1)
++			msyslog(LOG_WARNING,
++				"Palisade(%d) HW_poll: failed to send trigger: %m", 
++				up->unit);
+ 		
+ 	if (ioctl(pp->io.fd, TIOCMSET, &x) < 0) { 
+ #ifdef DEBUG
+--- tests/libntp/strtolfp.c	2020-05-22 01:33:24.000000000 -0500
++++ ../ntp-stable-p16-sec/tests/libntp/strtolfp.c	2023-04-16 03:28:16.967582000 -0500
+@@ -26,6 +26,13 @@
+ 	return;
+ }
+ 
++static const char* fmtLFP(const l_fp *e, const l_fp *a)
++{
++    static char buf[100];
++    snprintf(buf, sizeof(buf), "e=$%08x.%08x, a=$%08x.%08x",
++	     e->l_ui, e->l_uf, a->l_ui, a->l_uf);
++    return buf;
++}
+ 
+ void test_PositiveInteger(void) {
+ 	const char *str = "500";
+@@ -37,8 +44,8 @@
+ 	TEST_ASSERT_TRUE(atolfp(str, &actual));
+ 	TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms));
+ 
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual));
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual_ms));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms));
+ }
+ 
+ void test_NegativeInteger(void) {
+@@ -54,8 +61,8 @@
+ 	TEST_ASSERT_TRUE(atolfp(str, &actual));
+ 	TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms));
+ 
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual));
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual_ms));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms));
+ }
+ 
+ void test_PositiveFraction(void) {
+@@ -68,8 +75,8 @@
+ 	TEST_ASSERT_TRUE(atolfp(str, &actual));
+ 	TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms));
+ 
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual));
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual_ms));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms));
+ }
+ 
+ void test_NegativeFraction(void) {
+@@ -85,8 +92,8 @@
+ 	TEST_ASSERT_TRUE(atolfp(str, &actual));
+ 	TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms));
+ 
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual));
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual_ms));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms));
+ }
+ 
+ void test_PositiveMsFraction(void) {
+@@ -100,9 +107,8 @@
+ 	TEST_ASSERT_TRUE(atolfp(str, &actual));
+ 	TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms));
+ 
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual));
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual_ms));
+-
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms));
+ }
+ 
+ void test_NegativeMsFraction(void) {
+@@ -118,9 +124,8 @@
+ 	TEST_ASSERT_TRUE(atolfp(str, &actual));
+ 	TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms));
+ 
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual));
+-	TEST_ASSERT_TRUE(IsEqual(expected, actual_ms));
+-
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual));
++	TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms));
+ }
+ 
+ void test_InvalidChars(void) {
diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
index a30f720bb5..7861a5e3e6 100644
--- a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
+++ b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
@@ -24,11 +24,13 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g
            file://sntp.service \
            file://sntp \
            file://ntpd.list \
+           file://CVE-2023-2655x.patch;striplevel=0 \
 "
 
 SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19"
 
 # CVE-2016-9312 is only for windows.
+# CVE-2019-11331 is inherent to RFC 5905 and cannot be fixed without breaking compatibility
 # The other CVEs are not correctly identified because cve-check
 # is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference)
 CVE_CHECK_IGNORE += "\
@@ -52,6 +54,7 @@ CVE_CHECK_IGNORE += "\
     CVE-2016-7433 \
     CVE-2016-9310 \
     CVE-2016-9311 \
+    CVE-2019-11331 \
 "
 
 
@@ -90,6 +93,14 @@ PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging"
 PACKAGECONFIG[mdns] = "ac_cv_header_dns_sd_h=yes,ac_cv_header_dns_sd_h=no,mdns"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
 
+do_configure:append() {
+    # tests are generated but also checked-in to source control
+    # when CVE-2023-2655x.patch changes timestamp of test source file, Makefile detects it and tries to regenerate it
+    # however it fails because of missing ruby interpretter; adding ruby-native as dependency fixes it
+    # since the regenerated file is identical to the one from source control, touch the generated file instead of adding heavy dependency
+    touch ${S}/tests/libntp/run-strtolfp.c
+}
+
 do_install:append() {
     install -d ${D}${sysconfdir}/init.d
     install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir}
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20867.patch b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20867.patch
new file mode 100644
index 0000000000..071ddf45d1
--- /dev/null
+++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20867.patch
@@ -0,0 +1,158 @@
+From 32fe1b6ac239255a91020020510453685459b28a Mon Sep 17 00:00:00 2001
+From: John Wolfe <jwolfe@vmware.com>
+Date: Mon, 8 May 2023 19:04:57 -0700
+Subject: [PATCH] open-vm-tools: Remove some dead code.
+
+Address CVE-2023-20867.
+Remove some authentication types which were deprecated long
+ago and are no longer in use. These are dead code.
+
+Upstream-Status: Backport [https://github.com/vmware/open-vm-tools/blob/CVE-2023-20867.patch/2023-20867-Remove-some-dead-code.patch]
+CVE: CVE-2023-20867
+
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ open-vm-tools/services/plugins/vix/vixTools.c | 100 ------------------
+ 1 file changed, 100 deletions(-)
+
+diff --git a/open-vm-tools/services/plugins/vix/vixTools.c b/open-vm-tools/services/plugins/vix/vixTools.c
+index bde74021..6e51d1f4 100644
+--- a/open-vm-tools/services/plugins/vix/vixTools.c
++++ b/open-vm-tools/services/plugins/vix/vixTools.c
+@@ -254,7 +254,6 @@ char *gImpersonatedUsername = NULL;
+ #define  VIX_TOOLS_CONFIG_API_AUTHENTICATION          "Authentication"
+ #define  VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS             "InfrastructureAgents"
+
+-#define VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT  TRUE
+
+ /*
+  * The switch that controls all APIs
+@@ -730,8 +729,6 @@ VixError GuestAuthSAMLAuthenticateAndImpersonate(
+
+ void GuestAuthUnimpersonate();
+
+-static Bool VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef,
+-                                                     const char *typeName);
+
+ #if SUPPORT_VGAUTH
+
+@@ -7913,29 +7910,6 @@ VixToolsImpersonateUser(VixCommandRequestHeader *requestMsg,   // IN
+                                           userToken);
+       break;
+    }
+-   case VIX_USER_CREDENTIAL_ROOT:
+-   {
+-      if ((requestMsg->requestFlags & VIX_REQUESTMSG_HAS_HASHED_SHARED_SECRET) &&
+-          !VixToolsCheckIfAuthenticationTypeEnabled(gConfDictRef,
+-                                            VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS)) {
+-          /*
+-           * Don't accept hashed shared secret if disabled.
+-           */
+-          g_message("%s: Requested authentication type has been disabled.\n",
+-                    __FUNCTION__);
+-          err = VIX_E_GUEST_AUTHTYPE_DISABLED;
+-          goto done;
+-      }
+-   }
+-   // fall through
+-
+-   case VIX_USER_CREDENTIAL_CONSOLE_USER:
+-      err = VixToolsImpersonateUserImplEx(NULL,
+-                                          credentialType,
+-                                          NULL,
+-                                          loadUserProfile,
+-                                          userToken);
+-      break;
+    case VIX_USER_CREDENTIAL_NAME_PASSWORD:
+    case VIX_USER_CREDENTIAL_NAME_PASSWORD_OBFUSCATED:
+    case VIX_USER_CREDENTIAL_NAMED_INTERACTIVE_USER:
+@@ -8104,36 +8078,6 @@ VixToolsImpersonateUserImplEx(char const *credentialTypeStr,         // IN
+          }
+       }
+
+-      /*
+-       * If the VMX asks to be root, then we allow them.
+-       * The VMX will make sure that only it will pass this value in,
+-       * and only when the VM and host are configured to allow this.
+-       */
+-      if ((VIX_USER_CREDENTIAL_ROOT == credentialType)
+-            && (thisProcessRunsAsRoot)) {
+-         *userToken = PROCESS_CREATOR_USER_TOKEN;
+-
+-         gImpersonatedUsername = Util_SafeStrdup("_ROOT_");
+-         err = VIX_OK;
+-         goto quit;
+-      }
+-
+-      /*
+-       * If the VMX asks to be root, then we allow them.
+-       * The VMX will make sure that only it will pass this value in,
+-       * and only when the VM and host are configured to allow this.
+-       *
+-       * XXX This has been deprecated XXX
+-       */
+-      if ((VIX_USER_CREDENTIAL_CONSOLE_USER == credentialType)
+-            && ((allowConsoleUserOps) || !(thisProcessRunsAsRoot))) {
+-         *userToken = PROCESS_CREATOR_USER_TOKEN;
+-
+-         gImpersonatedUsername = Util_SafeStrdup("_CONSOLE_USER_NAME_");
+-         err = VIX_OK;
+-         goto quit;
+-      }
+-
+       /*
+        * If the VMX asks us to run commands in the context of the current
+        * user, make sure that the user who requested the command is the
+@@ -10814,50 +10758,6 @@ VixToolsCheckIfVixCommandEnabled(int opcode,                          // IN
+ }
+
+
+-/*
+- *-----------------------------------------------------------------------------
+- *
+- * VixToolsCheckIfAuthenticationTypeEnabled --
+- *
+- *    Checks to see if a given authentication type has been
+- *    disabled via the tools configuration.
+- *
+- * Return value:
+- *    TRUE if enabled, FALSE otherwise.
+- *
+- * Side effects:
+- *    None
+- *
+- *-----------------------------------------------------------------------------
+- */
+-
+-static Bool
+-VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef,     // IN
+-                                         const char *typeName)      // IN
+-{
+-   char authnDisabledName[64]; // Authentication.<AuthenticationType>.disabled
+-   gboolean disabled;
+-
+-   Str_Snprintf(authnDisabledName, sizeof(authnDisabledName),
+-                VIX_TOOLS_CONFIG_API_AUTHENTICATION ".%s.disabled",
+-                typeName);
+-
+-   ASSERT(confDictRef != NULL);
+-
+-   /*
+-    * XXX Skip doing the strcmp() to verify the auth type since we only
+-    * have the one typeName (VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS), and default
+-    * it to VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT.
+-    */
+-   disabled = VMTools_ConfigGetBoolean(confDictRef,
+-                                       VIX_TOOLS_CONFIG_API_GROUPNAME,
+-                                       authnDisabledName,
+-                                       VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT);
+-
+-   return !disabled;
+-}
+-
+-
+ /*
+  *-----------------------------------------------------------------------------
+  *
+--
+2.40.0
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20900.patch b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20900.patch
new file mode 100644
index 0000000000..1b51e500aa
--- /dev/null
+++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20900.patch
@@ -0,0 +1,36 @@
+From 108d81c70d0a6792847051d121a660ef3511517d Mon Sep 17 00:00:00 2001
+From: Katy Feng <fkaty@vmware.com>
+Date: Fri, 22 Sep 2023 10:15:58 +0000
+Subject: [PATCH] Allow only X509 certs to verify the SAML token signature.
+
+CVE: CVE-2023-20900
+
+Upstream-Status: Backport [https://github.com/vmware/open-vm-tools/commit/74b6d0d9000eda1a2c8f31c40c725fb0b8520b16]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+index aaa5082a..ad8fe304 100644
+--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
++++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+@@ -1273,7 +1273,14 @@ VerifySignature(xmlDocPtr doc,
+     */
+    bRet = RegisterID(xmlDocGetRootElement(doc), "ID");
+    if (bRet == FALSE) {
+-      g_warning("failed to register ID\n");
++      g_warning("Failed to register ID\n");
++      goto done;
++   }
++
++   /* Use only X509 certs to validate the signature */
++   if (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
++                        BAD_CAST xmlSecKeyDataX509Id) < 0) {
++      g_warning("Failed to limit allowed key data\n");
+       goto done;
+    }
+
+--
+2.40.0
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch
new file mode 100644
index 0000000000..d24dd3695c
--- /dev/null
+++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch
@@ -0,0 +1,241 @@
+From 6822b5a84f8cfa60d46479d6b8f1c63eb85eac87 Mon Sep 17 00:00:00 2001
+From: John Wolfe <jwolfe@vmware.com>
+Date: Wed, 18 Oct 2023 09:04:07 -0700
+Subject: [PATCH] Address CVE-2023-34058
+
+VGAuth: don't accept tokens with unrelated certs.
+
+CVE: CVE-2023-34058
+
+Upstream-Status: Backport [https://github.com/vmware/open-vm-tools/commit/e5be40b9cc025d03ccd5689ef9192d29abd68bfe]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ open-vm-tools/vgauth/common/certverify.c      | 145 ++++++++++++++++++
+ open-vm-tools/vgauth/common/certverify.h      |   4 +
+ open-vm-tools/vgauth/common/prefs.h           |   2 +
+ .../vgauth/serviceImpl/saml-xmlsec1.c         |  14 ++
+ 4 files changed, 165 insertions(+)
+
+diff --git a/open-vm-tools/vgauth/common/certverify.c b/open-vm-tools/vgauth/common/certverify.c
+index edf54928..29b12df3 100644
+--- a/open-vm-tools/vgauth/common/certverify.c
++++ b/open-vm-tools/vgauth/common/certverify.c
+@@ -893,3 +893,148 @@ done:
+
+    return err;
+ }
++
++
++/*
++ * Finds a cert with a subject (if checkSubj is set) or issuer (if
++ * checkSUbj is unset), matching 'val' in the list
++ * of certs.  Returns a match or NULL.
++ */
++
++static X509 *
++FindCert(GList *cList,
++         X509_NAME *val,
++         int checkSubj)
++{
++   GList *l;
++   X509 *c;
++   X509_NAME *v;
++
++   l = cList;
++   while (l != NULL) {
++      c = (X509 *) l->data;
++      if (checkSubj) {
++         v = X509_get_subject_name(c);
++      } else {
++         v = X509_get_issuer_name(c);
++      }
++      if (X509_NAME_cmp(val, v) == 0) {
++         return c;
++      }
++      l = l->next;
++   }
++   return NULL;
++}
++
++
++/*
++ ******************************************************************************
++ * CertVerify_CheckForUnrelatedCerts --                                  */ /**
++ *
++ * Looks over a list of certs.  If it finds that they are not all
++ * part of the same chain, returns failure.
++ *
++ * @param[in]     numCerts      The number of certs in the chain.
++ * @param[in]     pemCerts      The chain of certificates to verify.
++ *
++ * @return VGAUTH_E_OK on success, VGAUTH_E_FAIL if unrelated certs are found.
++ *
++ ******************************************************************************
++ */
++
++VGAuthError
++CertVerify_CheckForUnrelatedCerts(int numCerts,
++                                  const char **pemCerts)
++{
++   VGAuthError err = VGAUTH_E_FAIL;
++   int chainLen = 0;
++   int i;
++   X509 **certs = NULL;
++   GList *rawList = NULL;
++   X509 *baseCert;
++   X509 *curCert;
++   X509_NAME *subject;
++   X509_NAME *issuer;
++
++   /* common single cert case; nothing to do */
++   if (numCerts == 1) {
++      return VGAUTH_E_OK;
++   }
++
++   /* convert all PEM to X509 objects */
++   certs = g_malloc0(numCerts * sizeof(X509 *));
++   for (i = 0; i < numCerts; i++) {
++      certs[i] = CertStringToX509(pemCerts[i]);
++      if (NULL == certs[i]) {
++         g_warning("%s: failed to convert cert to X509\n", __FUNCTION__);
++         goto done;
++      }
++   }
++
++   /* choose the cert to start the chain.  shouldn't matter which */
++   baseCert = certs[0];
++
++   /* put the rest into a list */
++   for (i = 1; i < numCerts; i++) {
++      rawList = g_list_append(rawList, certs[i]);
++   }
++
++   /* now chase down to a leaf, looking for certs the baseCert issued */
++   subject = X509_get_subject_name(baseCert);
++   while ((curCert = FindCert(rawList, subject, 0)) != NULL) {
++      /* pull it from the list */
++      rawList = g_list_remove(rawList, curCert);
++      /* set up the next find */
++      subject = X509_get_subject_name(curCert);
++   }
++
++   /*
++    * walk up to the root cert, by finding a cert where the
++    * issuer equals the subject of the current
++    */
++   issuer = X509_get_issuer_name(baseCert);
++   while ((curCert = FindCert(rawList, issuer, 1)) != NULL) {
++      /* pull it from the list */
++      rawList = g_list_remove(rawList, curCert);
++      /* set up the next find */
++      issuer = X509_get_issuer_name(curCert);
++   }
++
++   /*
++    * At this point, anything on the list should be certs that are not part
++    * of the chain that includes the original 'baseCert'.
++    *
++    * For a valid token, the list should be empty.
++    */
++   chainLen = g_list_length(rawList);
++   if (chainLen != 0 ) {
++      GList *l;
++
++      g_warning("%s: %d unrelated certs found in list\n",
++                __FUNCTION__, chainLen);
++
++      /* debug helper */
++      l = rawList;
++      while (l != NULL) {
++         X509* c = (X509 *) l->data;
++         char *s = X509_NAME_oneline(X509_get_subject_name(c), NULL, 0);
++
++         g_debug("%s: unrelated cert subject: %s\n", __FUNCTION__, s);
++         free(s);
++         l = l->next;
++      }
++
++      goto done;
++   }
++
++   g_debug("%s: Success!  no unrelated certs found\n", __FUNCTION__);
++   err = VGAUTH_E_OK;
++
++done:
++   g_list_free(rawList);
++   for (i = 0; i < numCerts; i++) {
++      X509_free(certs[i]);
++   }
++   g_free(certs);
++   return err;
++}
+diff --git a/open-vm-tools/vgauth/common/certverify.h b/open-vm-tools/vgauth/common/certverify.h
+index d7c6410b..f582bb82 100644
+--- a/open-vm-tools/vgauth/common/certverify.h
++++ b/open-vm-tools/vgauth/common/certverify.h
+@@ -67,6 +67,10 @@ VGAuthError CertVerify_CheckSignatureUsingCert(VGAuthHashAlg hash,
+                                                size_t signatureLen,
+                                                const unsigned char *signature);
+
++
++VGAuthError CertVerify_CheckForUnrelatedCerts(int numCerts,
++                                              const char **pemCerts);
++
+ gchar * CertVerify_StripPEMCert(const gchar *pemCert);
+
+ gchar * CertVerify_CertToX509String(const gchar *pemCert);
+diff --git a/open-vm-tools/vgauth/common/prefs.h b/open-vm-tools/vgauth/common/prefs.h
+index ff116928..87ccc9b3 100644
+--- a/open-vm-tools/vgauth/common/prefs.h
++++ b/open-vm-tools/vgauth/common/prefs.h
+@@ -136,6 +136,8 @@ msgCatalog = /etc/vmware-tools/vgauth/messages
+ #define VGAUTH_PREF_ALIASSTORE_DIR         "aliasStoreDir"
+ /** The number of seconds slack allowed in either direction in SAML token date checks. */
+ #define VGAUTH_PREF_CLOCK_SKEW_SECS        "clockSkewAdjustment"
++/** If unrelated certificates are allowed in a SAML token */
++#define VGAUTH_PREF_ALLOW_UNRELATED_CERTS  "allowUnrelatedCerts"
+
+ /** Ticket group name. */
+ #define VGAUTH_PREF_GROUP_NAME_TICKET      "ticket"
+diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+index aaa5082a..17b56de9 100644
+--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
++++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+@@ -47,6 +47,7 @@
+ #include "vmxlog.h"
+
+ static int gClockSkewAdjustment = VGAUTH_PREF_DEFAULT_CLOCK_SKEW_SECS;
++static gboolean gAllowUnrelatedCerts = FALSE;
+ static xmlSchemaPtr gParsedSchemas = NULL;
+ static xmlSchemaValidCtxtPtr gSchemaValidateCtx = NULL;
+
+@@ -313,6 +314,10 @@ LoadPrefs(void)
+                                       VGAUTH_PREF_DEFAULT_CLOCK_SKEW_SECS);
+     Log("%s: Allowing %d of clock skew for SAML date validation\n",
+         __FUNCTION__, gClockSkewAdjustment);
++    gAllowUnrelatedCerts = Pref_GetBool(gPrefs,
++                                        VGAUTH_PREF_ALLOW_UNRELATED_CERTS,
++                                        VGAUTH_PREF_GROUP_NAME_SERVICE,
++                                        FALSE);
+ }
+
+
+@@ -1526,6 +1531,15 @@ SAML_VerifyBearerTokenAndChain(const char *xmlText,
+    if (FALSE == bRet) {
+       return VGAUTH_E_AUTHENTICATION_DENIED;
+    }
++   if (!gAllowUnrelatedCerts) {
++      err = CertVerify_CheckForUnrelatedCerts(num, (const char **) certChain);
++      if (err != VGAUTH_E_OK) {
++         VMXLog_Log(VMXLOG_LEVEL_WARNING,
++                    "Unrelated certs found in SAML token, failing\n");
++         return VGAUTH_E_AUTHENTICATION_DENIED;
++      }
++   }
++
+
+    subj.type = SUBJECT_TYPE_NAMED;
+    subj.name = *subjNameOut;
+--
+2.40.0
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb
index 4670a85a67..c54fd4de48 100644
--- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb
+++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb
@@ -45,6 +45,9 @@ SRC_URI = "git://github.com/vmware/open-vm-tools.git;protocol=https;branch=maste
            file://0002-hgfsServerLinux-Consider-64bit-time_t-possibility.patch;patchdir=.. \
            file://0001-open-vm-tools-Correct-include-path-for-poll.h.patch;patchdir=.. \
            file://0001-Properly-check-authorization-on-incoming-guestOps-re.patch;patchdir=.. \
+           file://CVE-2023-20867.patch;patchdir=.. \
+           file://CVE-2023-20900.patch;patchdir=.. \
+           file://CVE-2023-34058.patch;patchdir=.. \
            "
 
 UPSTREAM_CHECK_GITTAGREGEX = "stable-(?P<pver>\d+(\.\d+)+)"
diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb b/meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb
index 218e72b7a8..828cd5033e 100644
--- a/meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb
+++ b/meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb
@@ -19,6 +19,9 @@ SRC_URI[sha256sum] = "333a7ef3d5b317968aca2c77bdc29aa7c6d6bb3316eb3f79743b59c532
 # CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn.
 CVE_CHECK_IGNORE += "CVE-2020-7224 CVE-2020-27569"
 
+# CVE-2023-7235 is specific to Windows platform
+CVE_CHECK_IGNORE += "CVE-2023-7235"
+
 SYSTEMD_SERVICE:${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service"
 SYSTEMD_AUTO_ENABLE = "disable"
 
diff --git a/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb b/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb
index 9ce019ed86..3c8458baac 100644
--- a/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb
+++ b/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb
@@ -16,4 +16,6 @@ S = "${WORKDIR}/git"
 
 inherit meson pkgconfig
 
+ALLOW_EMPTY:${PN} = "1"
+
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb
index b8d44db26b..afa1a684b1 100644
--- a/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb
@@ -8,12 +8,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 DEPENDS = "flex-native flex bison-native"
 DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', '  tpm2-tss', '', d)}"
 
-SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \
-           file://0001-enum-Fix-compiler-warning.patch \
-           file://CVE-2022-40617.patch \
+SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \
            "
 
-SRC_URI[sha256sum] = "91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7"
+SRC_URI[sha256sum] = "56e30effb578fd9426d8457e3b76c8c3728cd8a5589594b55649b2719308ba55"
 
 UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar"
 
@@ -41,7 +39,6 @@ PACKAGECONFIG[gmp] = "--enable-gmp,--disable-gmp,gmp,${PN}-plugin-gmp"
 PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap,${PN}-plugin-ldap"
 PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5,${PN}-plugin-mysql"
 PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl,${PN}-plugin-openssl"
-PACKAGECONFIG[scep] = "--enable-scepclient,--disable-scepclient,"
 PACKAGECONFIG[soup] = "--enable-soup,--disable-soup,libsoup-2.4,${PN}-plugin-soup"
 PACKAGECONFIG[sqlite3] = "--enable-sqlite,--disable-sqlite,sqlite3,${PN}-plugin-sqlite"
 PACKAGECONFIG[stroke] = "--enable-stroke,--disable-stroke,,${PN}-plugin-stroke"
@@ -146,11 +143,16 @@ RDEPENDS:${PN} += "\
     ${PN}-plugin-attr \
     ${PN}-plugin-cmac \
     ${PN}-plugin-constraints \
+    ${PN}-plugin-drbg \
+    ${PN}-plugin-fips-prf \
     ${PN}-plugin-des \
     ${PN}-plugin-dnskey \
+    ${PN}-plugin-gcm \
     ${PN}-plugin-hmac \
+    ${PN}-plugin-kdf \
     ${PN}-plugin-kernel-netlink \
     ${PN}-plugin-md5 \
+    ${PN}-plugin-mgf1 \
     ${PN}-plugin-nonce \
     ${PN}-plugin-pem \
     ${PN}-plugin-pgp \
diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.1.bb b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb
index 322a826f07..803a9bb5f5 100644
--- a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.1.bb
+++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb
@@ -26,8 +26,7 @@ SRC_URI = " \
     file://run-ptest \
 "
 
-SRC_URI[md5sum] = "929a255c71a9933608bd7c31927760f7"
-SRC_URI[sha256sum] = "79b36985fb2703146618d87c4acde3e068b91c553fb93f021a337f175fd10ebe"
+SRC_URI[sha256sum] = "0232231bb2f29d6bf2426e70a08a7e0c63a0d59a9b44863b7f5e2357a6e49fea"
 
 UPSTREAM_CHECK_REGEX = "tcpdump-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
index 165a0e735b..1e2495efd6 100644
--- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
+++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8"
 
 SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz"
 
-SRC_URI[sha256sum] = "5b272cd83b67d6288a234ea15f89ecd93b4fadda65eddc44e7b5fcb2f395b615"
+SRC_URI[sha256sum] = "44f18fb6d3470ecaf77a51b901a119dae16da5be4d4140ffbb2785e37ad6d4bf"
 
 UPSTREAM_CHECK_URI = "https://github.com/appneta/tcpreplay/releases"
 
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
new file mode 100644
index 0000000000..4e2157ca75
--- /dev/null
+++ b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
@@ -0,0 +1,33 @@
+From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001
+From: rofl0r <rofl0r@users.noreply.github.com>
+Date: Thu, 8 Sep 2022 15:18:04 +0000
+Subject: [PATCH] prevent junk from showing up in error page in invalid
+ requests
+
+fixes #457
+
+https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
+Upstream-Status: Backport
+CVE: CVE-2022-40468
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ src/reqs.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/reqs.c b/src/reqs.c
+index bce69819..45db118d 100644
+--- a/src/reqs.c
++++ b/src/reqs.c
+@@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr,
+                 goto fail;
+         }
+ 
++        /* zero-terminate the strings so they don't contain junk in error page */
++        request->method[0] = url[0] = request->protocol[0] = 0;
++
+         ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]",
+                       request->method, url, request->protocol);
++
+         if (ret == 2 && !strcasecmp (request->method, "GET")) {
+                 request->protocol[0] = 0;
+ 
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb
index 388f7aecbb..4ddb202268 100644
--- a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb
+++ b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb
@@ -7,6 +7,7 @@ SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz
            file://disable-documentation.patch \
            file://tinyproxy.service \
            file://tinyproxy.conf \
+           file://CVE-2022-40468.patch \
            "
 
 SRC_URI[md5sum] = "658db5558ffb849414341b756a546a99"
diff --git a/meta-networking/recipes-support/traceroute/traceroute_2.1.0.bb b/meta-networking/recipes-support/traceroute/traceroute_2.1.3.bb
index 9cac204998..ed75ba34de 100644
--- a/meta-networking/recipes-support/traceroute/traceroute_2.1.0.bb
+++ b/meta-networking/recipes-support/traceroute/traceroute_2.1.3.bb
@@ -17,8 +17,7 @@ UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/traceroute/files/tracerou
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/traceroute/traceroute/${BP}/${BP}.tar.gz \
 "
-SRC_URI[md5sum] = "84d329d67abc3fb83fc8cb12aeaddaba"
-SRC_URI[sha256sum] = "3669d22a34d3f38ed50caba18cd525ba55c5c00d5465f2d20d7472e5d81603b6"
+SRC_URI[sha256sum] = "05ebc7aba28a9100f9bbae54ceecbf75c82ccf46bdfce8b5d64806459a7e0412"
 
 EXTRA_OEMAKE = "VPATH=${STAGING_LIBDIR}"
 LTOEXTRA += "-flto-partition=none"
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch b/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch
new file mode 100644
index 0000000000..ccf04459e8
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch
@@ -0,0 +1,52 @@
+From 39db474f80af87449ce0f034522dccc80ed4153f Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Thu, 1 Dec 2022 20:46:15 -0500
+Subject: [PATCH] openflow_v6: Prevent infinite loops in too short ofp_stats
+
+The ofp_stats struct length field includes the fixed 4 bytes.
+If the length is smaller than that, report the length error
+and break out. In particular, a value of zero can cause
+infinite loops if this isn't done.
+
+
+(cherry picked from commit 13823bb1059cf70f401892ba1b1eaa2400cdf3db)
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f]
+CVE: CVE-2022-4345
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ epan/dissectors/packet-openflow_v6.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/epan/dissectors/packet-openflow_v6.c b/epan/dissectors/packet-openflow_v6.c
+index 16016af..3e24d76 100644
+--- a/epan/dissectors/packet-openflow_v6.c
++++ b/epan/dissectors/packet-openflow_v6.c
+@@ -1118,17 +1118,23 @@ dissect_openflow_v6_oxs(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
+ static int
+ dissect_openflow_stats_v6(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, guint16 length _U_)
+ {
++    proto_item *ti;
+     guint32 stats_length;
+     int oxs_end;
+     guint32 padding;
+ 
+     proto_tree_add_item(tree, hf_openflow_v6_stats_reserved, tvb, offset, 2, ENC_NA);
+ 
+-    proto_tree_add_item_ret_uint(tree, hf_openflow_v6_stats_length, tvb, offset+2, 2, ENC_BIG_ENDIAN, &stats_length);
++    ti = proto_tree_add_item_ret_uint(tree, hf_openflow_v6_stats_length, tvb, offset+2, 2, ENC_BIG_ENDIAN, &stats_length);
+ 
+     oxs_end = offset + stats_length;
+     offset+=4;
+ 
++    if (stats_length < 4) {
++        expert_add_info(pinfo, ti, &ei_openflow_v6_length_too_short);
++        return offset;
++    }
++
+     while (offset < oxs_end) {
+         offset = dissect_openflow_v6_oxs(tvb, pinfo, tree, offset, oxs_end - offset);
+     }
+-- 
+2.40.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch
new file mode 100644
index 0000000000..7732916826
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch
@@ -0,0 +1,122 @@
+From 265cbf15a418b629c3c8f02c0ba901913b1c8fd2 Mon Sep 17 00:00:00 2001
+From: Gerald Combs <gerald@wireshark.org>
+Date: Thu, 18 May 2023 13:52:48 -0700
+Subject: [PATCH] RTPS: Fixup our g_strlcpy dest_sizes
+
+Use the proper dest_size in various g_strlcpy calls.
+
+Fixes #19085
+
+(cherry picked from commit 28fdce547c417b868c521f87fb58f71ca6b1e3f7)
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/265cbf15a418b629c3c8f02c0ba901913b1c8fd2]
+CVE: CVE-2023-0666
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-rtps.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/epan/dissectors/packet-rtps.c b/epan/dissectors/packet-rtps.c
+index 5c2d1c1..ef592d7 100644
+--- a/epan/dissectors/packet-rtps.c
++++ b/epan/dissectors/packet-rtps.c
+@@ -3025,7 +3025,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+     ++tk_id;
+   }
+ 
+-  g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), 40);
++  g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), sizeof(type_name));
+ 
+     /* Structure of the typecode data:
+      *
+@@ -3196,7 +3196,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+                     member_name, -1, NULL, ndds_40_hack);
+         }
+         /* Finally prints the name of the struct (if provided) */
+-        g_strlcpy(type_name, "}", 40);
++        g_strlcpy(type_name, "}", sizeof(type_name));
+         break;
+ 
+     } /* end of case UNION */
+@@ -3367,7 +3367,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+           }
+         }
+         /* Finally prints the name of the struct (if provided) */
+-        g_strlcpy(type_name, "}", 40);
++        g_strlcpy(type_name, "}", sizeof(type_name));
+         break;
+       }
+ 
+@@ -3459,7 +3459,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+         offset += 4;
+         alias_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, alias_name_length, ENC_ASCII);
+         offset += alias_name_length;
+-        g_strlcpy(type_name, alias_name, 40);
++        g_strlcpy(type_name, alias_name, sizeof(type_name));
+         break;
+     }
+ 
+@@ -3494,7 +3494,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+         if (tk_id == RTI_CDR_TK_VALUE_PARAM) {
+           type_id_name = "valueparam";
+         }
+-        g_snprintf(type_name, 40, "%s '%s'", type_id_name, value_name);
++        g_snprintf(type_name, sizeof(type_name), "%s '%s'", type_id_name, value_name);
+         break;
+     }
+   } /* switch(tk_id) */
+@@ -3673,7 +3673,7 @@ static gint rtps_util_add_type_library_type(proto_tree *tree,
+   long_number = tvb_get_guint32(tvb, offset_tmp, encoding);
+   name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset_tmp+4, long_number, ENC_ASCII);
+   if (info)
+-    g_strlcpy(info->member_name, name, long_number);
++    g_strlcpy(info->member_name, name, sizeof(info->member_name));
+ 
+   proto_item_append_text(tree, " %s", name);
+   offset += member_length;
+@@ -3848,13 +3848,13 @@ static gint rtps_util_add_type_member(proto_tree *tree,
+   proto_item_append_text(tree, " %s (ID: %d)", name, member_id);
+   if (member_object) {
+     member_object->member_id = member_id;
+-    g_strlcpy(member_object->member_name, name, long_number < 256 ? long_number : 256);
++    g_strlcpy(member_object->member_name, name, sizeof(member_object->member_name));
+     member_object->type_id = member_type_id;
+   }
+   if (info && info->extensibility == EXTENSIBILITY_MUTABLE) {
+       mutable_member_mapping * mutable_mapping = NULL;
+       mutable_mapping = wmem_new(wmem_file_scope(), mutable_member_mapping);
+-      g_strlcpy(mutable_mapping->member_name, name, long_number < 256 ? long_number : 256);
++      g_strlcpy(mutable_mapping->member_name, name, sizeof(mutable_mapping->member_name));
+       mutable_mapping->struct_type_id = info->type_id;
+       mutable_mapping->member_type_id = member_type_id;
+       mutable_mapping->member_id = member_id;
+@@ -3909,7 +3909,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
+     union_member_mapping * mapping = NULL;
+ 
+     mapping = wmem_new(wmem_file_scope(), union_member_mapping);
+-    g_strlcpy(mapping->member_name, object.member_name, 256);
++    g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
+     mapping->member_type_id = object.type_id;
+     mapping->discriminator = HASHMAP_DISCRIMINATOR_CONSTANT;
+     mapping->union_type_id = union_type_id + mapping->discriminator;
+@@ -3922,7 +3922,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
+     union_member_mapping * mapping = NULL;
+ 
+     mapping = wmem_new(wmem_file_scope(), union_member_mapping);
+-    g_strlcpy(mapping->member_name, object.member_name, 256);
++    g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
+     mapping->member_type_id = object.type_id;
+     mapping->discriminator = -1;
+     mapping->union_type_id = union_type_id + mapping->discriminator;
+@@ -3942,7 +3942,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
+     ti = proto_tree_add_item(labels, hf_rtps_type_object_union_label, tvb, offset_tmp, 4, encoding);
+     offset_tmp += 4;
+ 
+-    g_strlcpy(mapping->member_name, object.member_name, 256);
++    g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
+     mapping->member_type_id = object.type_id;
+     mapping->discriminator = discriminator_case;
+     mapping->union_type_id = union_type_id + discriminator_case;
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch
new file mode 100644
index 0000000000..cd07395aac
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch
@@ -0,0 +1,66 @@
+From 85fbca8adb09ea8e1af635db3d92727fbfa1e28a Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Thu, 18 May 2023 18:06:36 -0400
+Subject: [PATCH] MS-MMS: Use format_text_string()
+
+The length of a string transcoded from UTF-16 to UTF-8 can be
+shorter (or longer) than the original length in bytes in the packet.
+Use the new string length, not the original length.
+
+Use format_text_string, which is a convenience function that
+calls strlen.
+
+Fix #19086
+
+(cherry picked from commit 1c45a899f83fa88e60ab69936bea3c4754e7808b)
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/85fbca8adb09ea8e1af635db3d92727fbfa1e28a]
+CVE: CVE-2023-0667
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-ms-mms.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/epan/dissectors/packet-ms-mms.c b/epan/dissectors/packet-ms-mms.c
+index f4dbcd0..092a64b 100644
+--- a/epan/dissectors/packet-ms-mms.c
++++ b/epan/dissectors/packet-ms-mms.c
+@@ -740,7 +740,7 @@ static void dissect_client_transport_info(tvbuff_t *tvb, packet_info *pinfo, pro
+                                  transport_info, "Transport: (%s)", transport_info);
+ 
+     col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
+-                    format_text(wmem_packet_scope(), (guchar*)transport_info, length_remaining - 20));
++                    format_text_string(pinfo->pool, (const guchar*)transport_info));
+ 
+ 
+     /* Try to extract details from this string */
+@@ -837,7 +837,7 @@ static void dissect_server_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t
+                             ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_version);
+ 
+         col_append_fstr(pinfo->cinfo, COL_INFO, " (version='%s')",
+-                    format_text(wmem_packet_scope(), (const guchar*)server_version, strlen(server_version)));
++                    format_text_string(pinfo->pool, (const guchar*)server_version));
+     }
+     offset += (server_version_length*2);
+ 
+@@ -891,7 +891,7 @@ static void dissect_client_player_info(tvbuff_t *tvb, packet_info *pinfo, proto_
+                         ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &player_info);
+ 
+     col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
+-                    format_text(wmem_packet_scope(), (const guchar*)player_info, strlen(player_info)));
++                    format_text_string(pinfo->pool, (const guchar*)player_info));
+ }
+ 
+ /* Dissect info about where client wants to start playing from */
+@@ -966,7 +966,7 @@ static void dissect_request_server_file(tvbuff_t *tvb, packet_info *pinfo, proto
+                         ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_file);
+ 
+     col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
+-                    format_text(wmem_packet_scope(), (const guchar*)server_file, strlen(server_file)));
++                    format_text_string(pinfo->pool, (const guchar*)server_file));
+ }
+ 
+ /* Dissect media details from server */
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch
new file mode 100644
index 0000000000..0009939330
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch
@@ -0,0 +1,33 @@
+From c4f37d77b29ec6a9754795d0efb6f68d633728d9 Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Sat, 20 May 2023 23:08:08 -0400
+Subject: [PATCH] synphasor: Use val_to_str_const
+
+Don't use a value from packet data to directly index a value_string,
+particularly when the value string doesn't cover all possible values.
+
+Fix #19087
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/c4f37d77b29ec6a9754795d0efb6f68d633728d9]
+CVE: CVE-2023-0668
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-synphasor.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/epan/dissectors/packet-synphasor.c b/epan/dissectors/packet-synphasor.c
+index 12b388b..fbde875 100644
+--- a/epan/dissectors/packet-synphasor.c
++++ b/epan/dissectors/packet-synphasor.c
+@@ -1212,7 +1212,7 @@ static gint dissect_PHSCALE(tvbuff_t *tvb, proto_tree *tree, gint offset, gint c
+ 
+ 		data_flag_tree = proto_tree_add_subtree_format(single_phasor_scaling_and_flags_tree, tvb, offset, 4,
+ 							       ett_conf_phflags, NULL, "Phasor Data flags: %s",
+-							       conf_phasor_type[tvb_get_guint8(tvb, offset + 2)].strptr);
++							       val_to_str_const(tvb_get_guint8(tvb, offset + 2), conf_phasor_type, "Unknown"));
+ 
+ 		/* first and second bytes - phasor modification flags*/
+ 		phasor_flag1_tree = proto_tree_add_subtree_format(data_flag_tree, tvb, offset, 2, ett_conf_phmod_flags,
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch
new file mode 100644
index 0000000000..6bddf975d0
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch
@@ -0,0 +1,61 @@
+From 3c8be14c827f1587da3c2b3bb0d9c04faff57413 Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Sun, 19 Mar 2023 15:16:39 -0400
+Subject: [PATCH] RPCoRDMA: Frame end cleanup for global write offsets
+
+Add a frame end routine for a global which is assigned to packet
+scoped memory. It really should be made proto data, but is used
+in a function in the header (that doesn't take the packet info
+struct as an argument) and this fix needs to be made in stable
+branches.
+
+Fix #18852
+
+Upstream-Status: Backport [https://gitlab.com/colin.mcinnes/wireshark/-/commit/3c8be14c827f1587da3c2b3bb0d9c04faff5741]
+CVE: CVE-2023-1992
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ epan/dissectors/packet-rpcrdma.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/epan/dissectors/packet-rpcrdma.c b/epan/dissectors/packet-rpcrdma.c
+index 76085c7..9d57bae 100644
+--- a/epan/dissectors/packet-rpcrdma.c
++++ b/epan/dissectors/packet-rpcrdma.c
+@@ -24,6 +24,7 @@
+ #include <epan/addr_resolv.h>
+
+ #include "packet-rpcrdma.h"
++#include "packet-frame.h"
+ #include "packet-infiniband.h"
+ #include "packet-iwarp-ddp-rdmap.h"
+
+@@ -270,6 +271,18 @@ void rpcrdma_insert_offset(gint offset)
+     wmem_array_append_one(gp_rdma_write_offsets, offset);
+ }
+
++/*
++ * Reset the array of write offsets at the end of the frame. These
++ * are packet scoped, so they don't need to be freed, but we want
++ * to ensure that the global doesn't point to no longer allocated
++ * memory in a later packet.
++ */
++static void
++reset_write_offsets(void)
++{
++    gp_rdma_write_offsets = NULL;
++}
++
+ /* Get conversation state, it is created if it does not exist */
+ static rdma_conv_info_t *get_rdma_conv_info(packet_info *pinfo)
+ {
+@@ -1392,6 +1405,7 @@ dissect_rpcrdma(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data
+             if (write_size > 0 && !pinfo->fd->visited) {
+                 /* Initialize array of write chunk offsets */
+                 gp_rdma_write_offsets = wmem_array_new(wmem_packet_scope(), sizeof(gint));
++                register_frame_end_routine(pinfo, reset_write_offsets);
+                 TRY {
+                     /*
+                      * Call the upper layer dissector to get a list of offsets
+--
+2.40.1
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2855.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2855.patch
new file mode 100644
index 0000000000..b4718f4607
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2855.patch
@@ -0,0 +1,108 @@
+From 0181fafb2134a177328443a60b5e29c4ee1041cb Mon Sep 17 00:00:00 2001
+From: Guy Harris <gharris@sonic.net>
+Date: Tue, 16 May 2023 12:05:07 -0700
+Subject: [PATCH] candump: check for a too-long frame length.
+
+If the frame length is longer than the maximum, report an error in the
+file.
+
+Fixes #19062, preventing the overflow on a buffer on the stack (assuming
+your compiler doesn't call a bounds-checknig version of memcpy() if the
+size of the target space is known).
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/0181fafb2134a177328443a60b5e29c4ee1041cb]
+CVE: CVE-2023-2855
+
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ wiretap/candump.c | 39 +++++++++++++++++++++++++++++++--------
+ 1 file changed, 31 insertions(+), 8 deletions(-)
+
+diff --git a/wiretap/candump.c b/wiretap/candump.c
+index 0def7bc..3f7c2b2 100644
+--- a/wiretap/candump.c
++++ b/wiretap/candump.c
+@@ -26,8 +26,9 @@ static gboolean candump_seek_read(wtap *wth, gint64 seek_off,
+                                   wtap_rec *rec, Buffer *buf,
+                                   int *err, gchar **err_info);
+ 
+-static void
+-candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg)
++static gboolean
++candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg, int *err,
++                     gchar **err_info)
+ {
+     static const char *can_proto_name    = "can-hostendian";
+     static const char *canfd_proto_name  = "canfd";
+@@ -59,6 +60,18 @@ candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg)
+     {
+         canfd_frame_t canfd_frame = {0};
+ 
++        /*
++         * There's a maximum of CANFD_MAX_DLEN bytes in a CAN-FD frame.
++         */
++        if (msg->data.length > CANFD_MAX_DLEN) {
++            *err = WTAP_ERR_BAD_FILE;
++            if (err_info != NULL) {
++	        *err_info = g_strdup_printf("candump: File has %u-byte CAN FD packet, bigger than maximum of %u",
++                                             msg->data.length, CANFD_MAX_DLEN);
++            }
++            return FALSE;
++        }
++
+         canfd_frame.can_id = msg->id;
+         canfd_frame.flags  = msg->flags;
+         canfd_frame.len    = msg->data.length;
+@@ -70,6 +83,18 @@ candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg)
+     {
+         can_frame_t can_frame = {0};
+ 
++        /*
++         * There's a maximum of CAN_MAX_DLEN bytes in a CAN frame.
++         */
++        if (msg->data.length > CAN_MAX_DLEN) {
++            *err = WTAP_ERR_BAD_FILE;
++            if (err_info != NULL) {
++	        *err_info = g_strdup_printf("candump: File has %u-byte CAN packet, bigger than maximum of %u",
++                                             msg->data.length, CAN_MAX_DLEN);
++            }
++            return FALSE;
++        }
++
+         can_frame.can_id  = msg->id;
+         can_frame.can_dlc = msg->data.length;
+         memcpy(can_frame.data, msg->data.data, msg->data.length);
+@@ -84,6 +109,8 @@ candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg)
+ 
+     rec->rec_header.packet_header.caplen = packet_length;
+     rec->rec_header.packet_header.len    = packet_length;
++
++    return TRUE;
+ }
+ 
+ static gboolean
+@@ -190,9 +217,7 @@ candump_read(wtap *wth, wtap_rec *rec, Buffer *buf, int *err, gchar **err_info,
+     ws_debug_printf("%s: Stopped at offset %" PRIi64 "\n", G_STRFUNC, file_tell(wth->fh));
+ #endif
+ 
+-    candump_write_packet(rec, buf, &msg);
+-
+-    return TRUE;
++    return candump_write_packet(rec, buf, &msg, err, err_info);
+ }
+ 
+ static gboolean
+@@ -216,9 +241,7 @@ candump_seek_read(wtap *wth , gint64 seek_off, wtap_rec *rec,
+     if (!candump_parse(wth->random_fh, &msg, NULL, err, err_info))
+         return FALSE;
+ 
+-    candump_write_packet(rec, buf, &msg);
+-
+-    return TRUE;
++    return candump_write_packet(rec, buf, &msg, err, err_info);
+ }
+ 
+ /*
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2856.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2856.patch
new file mode 100644
index 0000000000..863421f986
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2856.patch
@@ -0,0 +1,69 @@
+From db5135826de3a5fdb3618225c2ff02f4207012ca Mon Sep 17 00:00:00 2001
+From: Guy Harris <gharris@sonic.net>
+Date: Thu, 18 May 2023 15:03:23 -0700
+Subject: [PATCH] vms: fix the search for the packet length field.
+
+The packet length field is of the form
+
+    Total Length = DDD = ^xXXX
+
+where "DDD" is the length in decimal and "XXX" is the length in
+hexadecimal.
+
+Search for "length ". not just "Length", as we skip past "Length ", not
+just "Length", so if we assume we found "Length " but only found
+"Length", we'd skip past the end of the string.
+
+While we're at it, fail if we don't find a length field, rather than
+just blithely acting as if the packet length were zero.
+
+Fixes #19083.
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/db5135826de3a5fdb3618225c2ff02f4207012ca]
+CVE: CVE-2023-2856
+
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ wiretap/vms.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/wiretap/vms.c b/wiretap/vms.c
+index 0aa83ea..5f5fdbb 100644
+--- a/wiretap/vms.c
++++ b/wiretap/vms.c
+@@ -318,6 +318,7 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
+ {
+     char    line[VMS_LINE_LENGTH + 1];
+     int     num_items_scanned;
++    gboolean have_pkt_len = FALSE;
+     guint32 pkt_len = 0;
+     int     pktnum;
+     int     csec = 101;
+@@ -374,7 +375,7 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
+                 return FALSE;
+             }
+         }
+-        if ( (! pkt_len) && (p = strstr(line, "Length"))) {
++        if ( (! have_pkt_len) && (p = strstr(line, "Length "))) {
+             p += sizeof("Length ");
+             while (*p && ! g_ascii_isdigit(*p))
+                 p++;
+@@ -390,9 +391,15 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
+                 *err_info = g_strdup_printf("vms: Length field '%s' not valid", p);
+                 return FALSE;
+             }
++            have_pkt_len = TRUE;
+             break;
+         }
+     } while (! isdumpline(line));
++    if (! have_pkt_len) {
++        *err = WTAP_ERR_BAD_FILE;
++        *err_info = g_strdup_printf("vms: Length field not found");
++        return FALSE;
++    }
+     if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) {
+         /*
+          * Probably a corrupt capture file; return an error,
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2858.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2858.patch
new file mode 100644
index 0000000000..7174e9155c
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2858.patch
@@ -0,0 +1,95 @@
+From cb190d6839ddcd4596b0205844f45553f1e77105 Mon Sep 17 00:00:00 2001
+From: Guy Harris <gharris@sonic.net>
+Date: Fri, 19 May 2023 16:29:45 -0700
+Subject: [PATCH] netscaler: add more checks to make sure the record is within
+ the page.
+
+Whie we're at it, restructure some other checks to test-before-casting -
+it's OK to test afterwards, but testing before makes it follow the
+pattern used elsewhere.
+
+Fixes #19081.
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/cb190d6839ddcd4596b0205844f45553f1e77105]
+CVE: CVE-2023-2858
+
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ wiretap/netscaler.c | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/wiretap/netscaler.c b/wiretap/netscaler.c
+index 01a7f6d..4fa020b 100644
+--- a/wiretap/netscaler.c
++++ b/wiretap/netscaler.c
+@@ -1091,13 +1091,13 @@ static gboolean nstrace_set_start_time(wtap *wth, int *err, gchar **err_info)
+ 
+ #define PACKET_DESCRIBE(rec,buf,FULLPART,fullpart,ver,type,HEADERVER) \
+     do {\
+-        nspr_pktrace##fullpart##_v##ver##_t *type = (nspr_pktrace##fullpart##_v##ver##_t *) &nstrace_buf[nstrace_buf_offset];\
+         /* Make sure the record header is entirely contained in the page */\
+-        if ((nstrace_buflen - nstrace_buf_offset) < sizeof *type) {\
++        if ((nstrace_buflen - nstrace_buf_offset) < sizeof(nspr_pktrace##fullpart##_v##ver##_t)) {\
+             *err = WTAP_ERR_BAD_FILE;\
+             *err_info = g_strdup("nstrace: record header crosses page boundary");\
+             return FALSE;\
+         }\
++        nspr_pktrace##fullpart##_v##ver##_t *type = (nspr_pktrace##fullpart##_v##ver##_t *) &nstrace_buf[nstrace_buf_offset];\
+         /* Check sanity of record size */\
+         if (pletoh16(&type->nsprRecordSize) < sizeof *type) {\
+             *err = WTAP_ERR_BAD_FILE;\
+@@ -1162,6 +1162,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf,
+ 
+                 case NSPR_ABSTIME_V10:
+                 {
++                    if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info))
++                        return FALSE;
+                     nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset];
+                     if (pletoh16(&fp->nsprRecordSize) == 0) {
+                         *err = WTAP_ERR_BAD_FILE;
+@@ -1175,6 +1177,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf,
+ 
+                 case NSPR_RELTIME_V10:
+                 {
++                    if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info))
++                        return FALSE;
+                     nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset];
+                     if (pletoh16(&fp->nsprRecordSize) == 0) {
+                         *err = WTAP_ERR_BAD_FILE;
+@@ -1192,6 +1196,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf,
+ 
+                 default:
+                 {
++                    if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info))
++                        return FALSE;
+                     nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset];
+                     if (pletoh16(&fp->nsprRecordSize) == 0) {
+                         *err = WTAP_ERR_BAD_FILE;
+@@ -1475,14 +1481,14 @@ static gboolean nstrace_read_v20(wtap *wth, wtap_rec *rec, Buffer *buf,
+ 
+ #define PACKET_DESCRIBE(rec,buf,FULLPART,ver,enumprefix,type,structname,HEADERVER)\
+     do {\
+-        nspr_##structname##_t *fp = (nspr_##structname##_t *) &nstrace_buf[nstrace_buf_offset];\
+         /* Make sure the record header is entirely contained in the page */\
+-        if ((nstrace->nstrace_buflen - nstrace_buf_offset) < sizeof *fp) {\
++        if ((nstrace->nstrace_buflen - nstrace_buf_offset) < sizeof(nspr_##structname##_t)) {\
+             *err = WTAP_ERR_BAD_FILE;\
+             *err_info = g_strdup("nstrace: record header crosses page boundary");\
+             g_free(nstrace_tmpbuff);\
+             return FALSE;\
+         }\
++        nspr_##structname##_t *fp = (nspr_##structname##_t *) &nstrace_buf[nstrace_buf_offset];\
+         (rec)->rec_type = REC_TYPE_PACKET;\
+         TIMEDEFV##ver((rec),fp,type);\
+         FULLPART##SIZEDEFV##ver((rec),fp,ver);\
+@@ -1589,7 +1595,6 @@ static gboolean nstrace_read_v30(wtap *wth, wtap_rec *rec, Buffer *buf,
+                 g_free(nstrace_tmpbuff);
+                 return FALSE;
+             }
+-
+             hdp = (nspr_hd_v20_t *) &nstrace_buf[nstrace_buf_offset];
+             if (nspr_getv20recordsize(hdp) == 0) {
+                 *err = WTAP_ERR_BAD_FILE;
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2879.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2879.patch
new file mode 100644
index 0000000000..0a8247923e
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2879.patch
@@ -0,0 +1,37 @@
+From 118815ca7c9f82c1f83f8f64d9e0e54673f31677 Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Sat, 13 May 2023 21:45:16 -0400
+Subject: [PATCH] GDSDB: Make sure our offset advances.
+
+add_uint_string() returns the next offset to use, not the number
+of bytes consumed. So to consume all the bytes and make sure the
+offset advances, return the entire reported tvb length, not the
+number of bytes remaining.
+
+Fixup 8d3c2177793e900cfc7cfaac776a2807e4ea289f
+Fixes #19068
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/118815ca7c9f82c1f83f8f64d9e0e54673f31677]
+CVE: CVE-2023-2879
+
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-gdsdb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/epan/dissectors/packet-gdsdb.c b/epan/dissectors/packet-gdsdb.c
+index 75bcfb9..950d68f 100644
+--- a/epan/dissectors/packet-gdsdb.c
++++ b/epan/dissectors/packet-gdsdb.c
+@@ -480,7 +480,7 @@ static int add_uint_string(proto_tree *tree, int hf_string, tvbuff_t *tvb, int o
+ 	int ret_offset = offset + length;
+ 	if (length < 4 || ret_offset < offset) {
+ 		expert_add_info_format(NULL, ti, &ei_gdsdb_invalid_length, "Invalid length: %d", length);
+-		return tvb_reported_length_remaining(tvb, offset);
++		return tvb_reported_length(tvb);
+ 	}
+ 	return ret_offset;
+ }
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2906.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2906.patch
new file mode 100644
index 0000000000..fe21097286
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2906.patch
@@ -0,0 +1,38 @@
+From 44dc70cc5aadca91cb8ba3710c59c3651b7b0d4d Mon Sep 17 00:00:00 2001
+From: Jaap Keuter <jaap.keuter@xs4all.nl>
+Date: Thu, 27 Jul 2023 20:21:19 +0200
+Subject: [PATCH] CP2179: Handle timetag info response without records
+
+Fixes #19229
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/44dc70cc5aadca91cb8ba3710c59c3651b7b0d4d]
+CVE: CVE-2023-2906
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-cp2179.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/epan/dissectors/packet-cp2179.c b/epan/dissectors/packet-cp2179.c
+index 30f53f8..70fe033 100644
+--- a/epan/dissectors/packet-cp2179.c
++++ b/epan/dissectors/packet-cp2179.c
+@@ -721,11 +721,14 @@ dissect_response_frame(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, int
+                     proto_tree_add_item(cp2179_proto_tree, hf_cp2179_timetag_numsets, tvb, offset, 1, ENC_LITTLE_ENDIAN);
+ 
+                     num_records = tvb_get_guint8(tvb, offset) & 0x7F;
++                    offset += 1;
++
++                    if (num_records == 0 || numberofcharacters <= 1)
++                        break;
++
+                     recordsize = (numberofcharacters-1) / num_records;
+                     num_values = (recordsize-6) / 2;      /* Determine how many 16-bit analog values are present in each event record */
+ 
+-                    offset += 1;
+-
+                     for (x = 0; x < num_records; x++)
+                     {
+                         cp2179_event_tree = proto_tree_add_subtree_format(cp2179_proto_tree, tvb, offset, recordsize, ett_cp2179_event, NULL, "Event Record # %d", x+1);
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2952.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2952.patch
new file mode 100644
index 0000000000..41b02bb3fa
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2952.patch
@@ -0,0 +1,98 @@
+From ce87eac0325581b600b3093fcd75080df14ccfda Mon Sep 17 00:00:00 2001
+From: Gerald Combs <gerald@wireshark.org>
+Date: Tue, 23 May 2023 13:52:03 -0700
+Subject: [PATCH] XRA: Fix an infinite loop
+
+C compilers don't care what size a value was on the wire. Use
+naturally-sized ints, including in dissect_message_channel_mb where we
+would otherwise overflow and loop infinitely.
+
+Fixes #19100
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/e18d0e369729b0fff5f76f41cbae67e97c2e52e5]
+CVE: CVE-2023-2952
+
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-xra.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/epan/dissectors/packet-xra.c b/epan/dissectors/packet-xra.c
+index 68a8e72..6c7ab74 100644
+--- a/epan/dissectors/packet-xra.c
++++ b/epan/dissectors/packet-xra.c
+@@ -478,7 +478,7 @@ dissect_xra_tlv_cw_info(tvbuff_t * tvb, proto_tree * tree, void* data _U_, guint
+   it = proto_tree_add_item (tree, hf_xra_tlv_cw_info, tvb, 0, tlv_length, ENC_NA);
+   xra_tlv_cw_info_tree = proto_item_add_subtree (it, ett_xra_tlv_cw_info);
+ 
+-  guint32 tlv_index =0;
++  unsigned tlv_index = 0;
+   while (tlv_index < tlv_length) {
+     guint8 type = tvb_get_guint8 (tvb, tlv_index);
+     ++tlv_index;
+@@ -533,7 +533,7 @@ dissect_xra_tlv_ms_info(tvbuff_t * tvb, proto_tree * tree, void* data _U_, guint
+   it = proto_tree_add_item (tree, hf_xra_tlv_ms_info, tvb, 0, tlv_length, ENC_NA);
+   xra_tlv_ms_info_tree = proto_item_add_subtree (it, ett_xra_tlv_ms_info);
+ 
+-  guint32 tlv_index =0;
++  unsigned tlv_index = 0;
+   while (tlv_index < tlv_length) {
+     guint8 type = tvb_get_guint8 (tvb, tlv_index);
+     ++tlv_index;
+@@ -567,7 +567,7 @@ dissect_xra_tlv_burst_info(tvbuff_t * tvb, proto_tree * tree, void* data _U_, gu
+   it = proto_tree_add_item (tree, hf_xra_tlv_burst_info, tvb, 0, tlv_length, ENC_NA);
+   xra_tlv_burst_info_tree = proto_item_add_subtree (it, ett_xra_tlv_burst_info);
+ 
+-  guint32 tlv_index =0;
++  unsigned tlv_index = 0;
+   while (tlv_index < tlv_length) {
+     guint8 type = tvb_get_guint8 (tvb, tlv_index);
+     ++tlv_index;
+@@ -607,7 +607,7 @@ dissect_xra_tlv(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* da
+   it = proto_tree_add_item (tree, hf_xra_tlv, tvb, 0, tlv_length, ENC_NA);
+   xra_tlv_tree = proto_item_add_subtree (it, ett_xra_tlv);
+ 
+-  guint32 tlv_index =0;
++  unsigned tlv_index = 0;
+   tvbuff_t *xra_tlv_cw_info_tvb, *xra_tlv_ms_info_tvb, *xra_tlv_burst_info_tvb;
+ 
+   while (tlv_index < tlv_length) {
+@@ -751,7 +751,7 @@ dissect_message_channel_mb(tvbuff_t * tvb, packet_info * pinfo, proto_tree* tree
+   if(packet_start_pointer_field_present) {
+     proto_tree_add_item_ret_uint (tree, hf_plc_mb_mc_psp, tvb, 1, 2, FALSE, &packet_start_pointer);
+ 
+-    guint16 docsis_start = 3 + packet_start_pointer;
++    unsigned docsis_start = 3 + packet_start_pointer;
+     while (docsis_start + 6 < remaining_length) {
+       /*DOCSIS header in packet*/
+       guint8 fc = tvb_get_guint8(tvb,docsis_start + 0);
+@@ -760,7 +760,7 @@ dissect_message_channel_mb(tvbuff_t * tvb, packet_info * pinfo, proto_tree* tree
+         docsis_start += 1;
+         continue;
+       }
+-      guint16 docsis_length = 256*tvb_get_guint8(tvb,docsis_start + 2) + tvb_get_guint8(tvb,docsis_start + 3);
++      unsigned docsis_length = 256*tvb_get_guint8(tvb,docsis_start + 2) + tvb_get_guint8(tvb,docsis_start + 3);
+       if (docsis_start + 6 + docsis_length <= remaining_length) {
+         /*DOCSIS packet included in packet*/
+         tvbuff_t *docsis_tvb;
+@@ -830,7 +830,7 @@ dissect_ncp_message_block(tvbuff_t * tvb, proto_tree * tree) {
+ static int
+ dissect_plc(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* data _U_) {
+ 
+-  guint16 offset = 0;
++  int offset = 0;
+   proto_tree *plc_tree;
+   proto_item *plc_item;
+   tvbuff_t *mb_tvb;
+@@ -890,7 +890,7 @@ dissect_plc(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* data _
+ 
+ static int
+ dissect_ncp(tvbuff_t * tvb, proto_tree * tree, void* data _U_) {
+-  guint16 offset = 0;
++  int offset = 0;
+   proto_tree *ncp_tree;
+   proto_item *ncp_item;
+   tvbuff_t *ncp_mb_tvb;
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-4511.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-4511.patch
new file mode 100644
index 0000000000..6a2f20163c
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-4511.patch
@@ -0,0 +1,81 @@
+From ef9c79ae81b00a63aa8638076ec81dc9482972e9 Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Thu, 10 Aug 2023 05:29:09 -0400
+Subject: [PATCH] btsdp: Keep offset advancing
+
+hf_data_element_value is a FT_NONE, so we can add the item with
+the expected length and get_hfi_length() will adjust the length
+without throwing an exception. There's no need to add it with
+zero length and call proto_item_set_len. Also, don't increment
+the offset by 0 instead of the real length when there isn't
+enough data in the packet, as that can lead to failing to advance
+the offset.
+
+When dissecting a sequence type (sequence or alternative) and
+recursing into the sequence member, instead of using the main
+packet tvb directly, create a subset using the indicated length
+of the sequence. That will properly throw an exception if a
+contained item is larger than the containing sequence, instead of
+dissecting the same bytes as several different items (inside
+the sequence recursively, as well in the outer loop.)
+
+Fix #19258
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/ef9c79ae81b00a63aa8638076ec81dc9482972e9]
+CVE: CVE-2023-4511
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ epan/dissectors/packet-btsdp.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/epan/dissectors/packet-btsdp.c b/epan/dissectors/packet-btsdp.c
+index 397ece7..eb7f5fa 100644
+--- a/epan/dissectors/packet-btsdp.c
++++ b/epan/dissectors/packet-btsdp.c
+@@ -1925,13 +1925,11 @@ dissect_data_element(proto_tree *tree, proto_tree **next_tree,
+         offset += len - length;
+     }
+ 
+-    pitem = proto_tree_add_item(ptree, hf_data_element_value, tvb, offset,  0, ENC_NA);
++    pitem = proto_tree_add_item(ptree, hf_data_element_value, tvb, offset, length, ENC_NA);
+     if (length > tvb_reported_length_remaining(tvb, offset)) {
+         expert_add_info(pinfo, pitem, &ei_data_element_value_large);
+-        length = 0;
+-    }
+-    proto_item_set_len(pitem, length);
+-    if (length == 0)
++	proto_item_append_text(pitem, ": MISSING");
++    } else if (length == 0)
+         proto_item_append_text(pitem, ": MISSING");
+ 
+     if (next_tree) *next_tree = proto_item_add_subtree(pitem, ett_btsdp_data_element_value);
+@@ -3523,6 +3521,8 @@ dissect_sdp_type(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb,
+         gint           bytes_to_go = size;
+         gint           first       = 1;
+         wmem_strbuf_t *substr;
++	tvbuff_t      *next_tvb = tvb_new_subset_length(tvb, offset, size);
++	gint           next_offset = 0;
+ 
+         ti = proto_tree_add_item(next_tree, (type == 6) ? hf_data_element_value_sequence : hf_data_element_value_alternative,
+                 tvb, offset, size, ENC_NA);
+@@ -3537,14 +3537,15 @@ dissect_sdp_type(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb,
+                 first = 0;
+             }
+ 
+-            size = dissect_sdp_type(st, pinfo, tvb, offset, attribute, service_uuid,
++            size = dissect_sdp_type(st, pinfo, next_tvb, next_offset,
++		    attribute, service_uuid,
+                     service_did_vendor_id, service_did_vendor_id_source,
+                     service_hdp_data_exchange_specification, service_info, &substr);
+             if (size < 1) {
+                 break;
+             }
+             wmem_strbuf_append_printf(info_buf, "%s ", wmem_strbuf_get_str(substr));
+-            offset += size ;
++            next_offset += size;
+             bytes_to_go -= size;
+         }
+ 
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch b/meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch
new file mode 100644
index 0000000000..4c9f8d29c0
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch
@@ -0,0 +1,42 @@
+From a8586fde3a6512466afb2a660538ef3fe712076b Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Thu, 23 Nov 2023 13:47:51 -0500
+Subject: [PATCH] gvcp: Don't try to add a NULL string to a column
+
+This was caught as an invalid argument by g_strlcpy before 4.2,
+but it was never a good idea.
+
+Fix #19496
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/a8586fde3a6512466afb2a660538ef3fe712076b]
+CVE: CVE-2024-0208
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-gvcp.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/epan/dissectors/packet-gvcp.c b/epan/dissectors/packet-gvcp.c
+index 6a17cff..eb849c0 100644
+--- a/epan/dissectors/packet-gvcp.c
++++ b/epan/dissectors/packet-gvcp.c
+@@ -2222,15 +2222,12 @@ static void dissect_readreg_ack(proto_tree *gvcp_telegram_tree, tvbuff_t *tvb, p
+ 			if (addr_list_size > 0)
+ 			{
+ 				address_string = get_register_name_from_address(*((guint32*)wmem_array_index(gvcp_trans->addr_list, 0)), gvcp_info, &is_custom_register);
++				col_append_str(pinfo->cinfo, COL_INFO, address_string);
+ 			}
+ 
+ 			if (num_registers)
+ 			{
+-				col_append_fstr(pinfo->cinfo, COL_INFO, "%s Value=0x%08X", address_string, tvb_get_ntohl(tvb, offset));
+-			}
+-			else
+-			{
+-				col_append_str(pinfo->cinfo, COL_INFO, address_string);
++				col_append_sep_fstr(pinfo->cinfo, COL_INFO, " ", "Value=0x%08X", tvb_get_ntohl(tvb, offset));
+ 			}
+ 		}
+ 	}
+-- 
+2.25.1
+
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
index 1a4aedc139..41c363ad30 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
@@ -16,6 +16,19 @@ SRC_URI += " \
     file://0003-bison-Remove-line-directives.patch \
     file://0004-lemon-Remove-line-directives.patch \
     file://CVE-2022-3190.patch \
+    file://CVE-2023-2855.patch \
+    file://CVE-2023-2856.patch \
+    file://CVE-2023-2858.patch \
+    file://CVE-2023-2879.patch \
+    file://CVE-2023-2952.patch \
+    file://CVE-2023-0666.patch \
+    file://CVE-2023-0667.patch \
+    file://CVE-2023-0668.patch \
+    file://CVE-2023-2906.patch \
+    file://CVE-2023-1992.patch \
+    file://CVE-2022-4345.patch \
+    file://CVE-2024-0208.patch \
+    file://CVE-2023-4511.patch \
 "
 
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
diff --git a/meta-oe/conf/layer.conf b/meta-oe/conf/layer.conf
index 88715d5e82..a0c644a2f4 100644
--- a/meta-oe/conf/layer.conf
+++ b/meta-oe/conf/layer.conf
@@ -47,6 +47,7 @@ LAYERSERIES_COMPAT_openembedded-layer = "kirkstone"
 LICENSE_PATH += "${LAYERDIR}/licenses"
 
 PREFERRED_RPROVIDER_libdevmapper = "lvm2"
+PREFERRED_RPROVIDER_libdevmapper-native = "lvm2-native"
 PREFERRED_PROVIDER_android-tools-conf ?= "android-tools-conf"
 
 SIGGEN_EXCLUDERECIPES_ABISAFE += " \
@@ -105,4 +106,4 @@ SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
 
 DEFAULT_TEST_SUITES:pn-meta-oe-ptest-image = " ${PTESTTESTSUITE}"
 
-NON_MULTILIB_RECIPES:append = " crash"
+NON_MULTILIB_RECIPES:append = " crash pahole"
diff --git a/meta-oe/dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb b/meta-oe/dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb
index 7bca24cc0a..b59fc1bc95 100644
--- a/meta-oe/dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb
+++ b/meta-oe/dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb
@@ -22,7 +22,7 @@ SRCREV_FORMAT = "rwmem_inih"
 
 SRC_URI = " \
     git://github.com/tomba/rwmem.git;protocol=https;name=rwmem;branch=master \
-    git://github.com/benhoyt/inih.git;protocol=https;name=inih;nobranch=1;destsuffix=git/ext/inih \
+    git://github.com/benhoyt/inih.git;protocol=https;name=inih;branch=master;destsuffix=git/ext/inih \
 "
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb b/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb
index fe9685924b..226543bbd8 100644
--- a/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb
+++ b/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb
@@ -49,9 +49,9 @@ do_configure:append() {
 
 # Create PYTHON_TARBALL which LIRC needs for install-nodist_pkgdataDATA
 do_install:prepend() {
-    rm -rf ${WORKDIR}/${PN}-${PV}/python-pkg/dist/
-    mkdir ${WORKDIR}/${PN}-${PV}/python-pkg/dist/
-    tar --exclude='${WORKDIR}/${PN}-${PV}/python-pkg/*' -czf ${WORKDIR}/${PN}-${PV}/python-pkg/dist/${PN}-${PV}.tar.gz ${S}
+    rm -rf ${S}/python-pkg/dist/
+    mkdir ${S}/python-pkg/dist/
+    tar --exclude='${S}/python-pkg/*' -czf ${S}/python-pkg/dist/${BP}.tar.gz ${S}
 }
 
 # In code, path to python is a variable that is replaced with path to native version of it
diff --git a/meta-oe/dynamic-layers/meta-python/recipes-core/packagegroups/packagegroup-meta-oe.bbappend b/meta-oe/dynamic-layers/meta-python/recipes-core/packagegroups/packagegroup-meta-oe.bbappend
index 09f3e34f4c..e1db8bac9e 100644
--- a/meta-oe/dynamic-layers/meta-python/recipes-core/packagegroups/packagegroup-meta-oe.bbappend
+++ b/meta-oe/dynamic-layers/meta-python/recipes-core/packagegroups/packagegroup-meta-oe.bbappend
@@ -11,7 +11,7 @@ RDEPENDS:packagegroup-meta-oe-connectivity += "\
 
 RDEPENDS:packagegroup-meta-oe-extended += "\
     lcdproc \
-    mozjs \
+    mozjs-91 \
 "
 RDEPENDS:packagegroup-meta-oe-support += "\
     smem \
diff --git a/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb b/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb
index ff4a16e9f2..0969fb6ce2 100644
--- a/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb
+++ b/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb
@@ -117,7 +117,7 @@ scons_do_install() {
 
     # install mongo data folder
     install -m 755 -d ${D}${localstatedir}/lib/${BPN}
-    chown ${PN}:${PN} ${D}${localstatedir}/lib/${BPN}
+    chown ${BPN}:${BPN} ${D}${localstatedir}/lib/${BPN}
 
     # Create /var/log/mongodb in runtime.
     if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then
diff --git a/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb b/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb
index 188d4e5bdf..68c42b329a 100644
--- a/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb
+++ b/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb
@@ -24,7 +24,7 @@ SRCREV = "0858b450cd88c84a15b99dda9698d44e7f7e8c70"
 
 S = "${WORKDIR}/git"
 
-inherit waf pkgconfig features_check
+inherit waf pkgconfig features_check python3native
 
 ANY_OF_DISTRO_FEATURES = "opengl dispmanx"
 
diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3_3.11.bb b/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb
index 2142a8ef1d..d181eb3b02 100644
--- a/meta-oe/recipes-benchmark/iperf3/iperf3_3.11.bb
+++ b/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb
@@ -11,14 +11,14 @@ BUGTRACKER = "https://github.com/esnet/iperf/issues"
 AUTHOR = "ESNET <info@es.net>, Lawrence Berkeley National Laboratory <websupport@lbl.gov>"
 
 LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=68ae8cfc577a2c8c51bb51e9628e80b7"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=dc6301c8256ceb8f71c9e3c2ae9096b9"
 
 SRC_URI = "git://github.com/esnet/iperf.git;branch=master;protocol=https \
            file://0002-Remove-pg-from-profile_CFLAGS.patch \
            file://0001-configure.ac-check-for-CPP-prog.patch \
            "
 
-SRCREV = "76bd67f6e90e239a7686202d2b1b595159826d24"
+SRCREV = "a0be85934144bc04712a6695b14ea6e45c379e1d"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch b/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch
new file mode 100644
index 0000000000..8b6405b4ad
--- /dev/null
+++ b/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch
@@ -0,0 +1,46 @@
+From d3880d9d3ba795138444da83f1153c3c3ac27640 Mon Sep 17 00:00:00 2001
+From: Michael Larabel <michael@phoronix.com>
+Date: Sat, 23 Jul 2022 07:32:43 -0500
+Subject: [PATCH] phoromatic: Explicitly check both $_GET abd $_POST in
+ phoromatic_quit_if_invalid_input_found()
+
+Fixes: https://github.com/phoronix-test-suite/phoronix-test-suite/issues/650#issuecomment-1193116678
+
+Upstream-Status: Backport
+CVE: CVE-2022-40704
+
+Reference to upstream patch:
+https://github.com/phoronix-test-suite/phoronix-test-suite/commit/d3880d9d3ba795138444da83f1153c3c3ac27640
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ pts-core/phoromatic/phoromatic_functions.php | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/pts-core/phoromatic/phoromatic_functions.php b/pts-core/phoromatic/phoromatic_functions.php
+index 74ccc5444c..c2313dcdea 100644
+--- a/pts-core/phoromatic/phoromatic_functions.php
++++ b/pts-core/phoromatic/phoromatic_functions.php
+@@ -37,9 +37,20 @@ function phoromatic_quit_if_invalid_input_found($input_keys = null)
+ 	{
+ 		foreach($input_keys as $key)
+ 		{
+-			if(isset($_REQUEST[$key]) && !empty($_REQUEST[$key]))
++			if(isset($_GET[$key]) && !empty($_GET[$key]))
+ 			{
+-				foreach(pts_arrays::to_array($_REQUEST[$key]) as $val_to_check)
++				foreach(pts_arrays::to_array($_GET[$key]) as $val_to_check)
++				{
++					if(stripos($val_to_check, $invalid_string) !== false)
++					{
++						echo '<strong>Exited due to invalid input ( ' . $invalid_string . ') attempted:</strong> ' . htmlspecialchars($val_to_check);
++						exit;
++					}
++				}
++			}
++			if(isset($_POST[$key]) && !empty($_POST[$key]))
++			{
++				foreach(pts_arrays::to_array($_POST[$key]) as $val_to_check)
+ 				{
+ 					if(stripos($val_to_check, $invalid_string) !== false)
+ 					{
diff --git a/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb b/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb
index 825f7024e7..44f2249bc9 100644
--- a/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb
+++ b/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb
@@ -5,7 +5,11 @@ LICENSE = "GPL-3.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 SECTION = "console/tests"
 
-SRC_URI = "http://www.phoronix-test-suite.com/releases/${BP}.tar.gz"
+SRC_URI = "http://www.phoronix-test-suite.com/releases/${BP}.tar.gz \
+           file://CVE-2022-40704.patch \
+          "
+
+
 SRC_URI[md5sum] = "459c3c45b39bb3d720ddc8ba5f944332"
 SRC_URI[sha256sum] = "86681343d20415831ab16ef6c3d1c317e2345e771925e0698ae920a03a9eaab6"
 
diff --git a/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb b/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb
index f821cdaf4a..aba5ab5878 100644
--- a/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb
+++ b/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb
@@ -151,12 +151,13 @@ RRECOMMENDS:${PN}-fancontrol = "lmsensors-config-fancontrol"
 # sensors-detect script files
 FILES:${PN}-sensorsdetect = "${sbindir}/sensors-detect"
 FILES:${PN}-sensorsdetect-doc = "${mandir}/man8/sensors-detect.8"
-RDEPENDS:${PN}-sensorsdetect = "${PN}-sensors perl perl-modules"
+RDEPENDS:${PN}-sensorsdetect = "${PN}-sensors perl perl-module-fcntl perl-module-file-basename \
+	perl-module-strict perl-module-constant"
 
 # sensors-conf-convert script files
 FILES:${PN}-sensorsconfconvert = "${bindir}/sensors-conf-convert"
 FILES:${PN}-sensorsconfconvert-doc = "${mandir}/man8/sensors-conf-convert.8"
-RDEPENDS:${PN}-sensorsconfconvert = "${PN}-sensors perl perl-modules"
+RDEPENDS:${PN}-sensorsconfconvert = "${PN}-sensors perl perl-module-strict perl-module-vars"
 
 # pwmconfig script files
 FILES:${PN}-pwmconfig = "${sbindir}/pwmconfig"
diff --git a/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb b/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb
index d3e7973329..9b72ffefe4 100644
--- a/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb
+++ b/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb
@@ -20,3 +20,5 @@ do_install() {
 ALLOW_EMPTY:${PN} = "1"
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 INHIBIT_DEFAULT_DEPS = "1"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch
new file mode 100644
index 0000000000..6d04bf8980
--- /dev/null
+++ b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch
@@ -0,0 +1,110 @@
+From 4e661f0085ec5f969c76c0896a34322c6c432de4 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Mon, 17 Oct 2022 20:25:11 -0400
+Subject: [PATCH] Fix integer overflows in PAC parsing
+
+In krb5_parse_pac(), check for buffer counts large enough to threaten
+integer overflow in the header length and memory length calculations.
+Avoid potential integer overflows when checking the length of each
+buffer.  Credit to OSS-Fuzz for discovering one of the issues.
+
+CVE-2022-42898:
+
+In MIT krb5 releases 1.8 and later, an authenticated attacker may be
+able to cause a KDC or kadmind process to crash by reading beyond the
+bounds of allocated memory, creating a denial of service.  A
+privileged attacker may similarly be able to cause a Kerberos or GSS
+application service to crash.  On 32-bit platforms, an attacker can
+also cause insufficient memory to be allocated for the result,
+potentially leading to remote code execution in a KDC, kadmind, or GSS
+or Kerberos application server process.  An attacker with the
+privileges of a cross-realm KDC may be able to extract secrets from a
+KDC process's memory by having them copied into the PAC of a new
+ticket.
+
+(cherry picked from commit ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583)
+
+ticket: 9074
+version_fixed: 1.19.4
+
+Upstream-Status: Backport [https://github.com/krb5/krb5/commit/4e661f0085ec5f969c76c0896a34322c6c432de4]
+CVE: CVE-2022-42898
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/lib/krb5/krb/pac.c   |  9 +++++++--
+ src/lib/krb5/krb/t_pac.c | 18 ++++++++++++++++++
+ 2 files changed, 25 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
+index cc74f37..70428a1 100644
+--- a/src/lib/krb5/krb/pac.c
++++ b/src/lib/krb5/krb/pac.c
+@@ -27,6 +27,8 @@
+ #include "k5-int.h"
+ #include "authdata.h"
+ 
++#define MAX_BUFFERS 4096
++
+ /* draft-brezak-win2k-krb-authz-00 */
+ 
+ /*
+@@ -316,6 +318,9 @@ krb5_pac_parse(krb5_context context,
+     if (version != 0)
+         return EINVAL;
+ 
++    if (cbuffers < 1 || cbuffers > MAX_BUFFERS)
++        return ERANGE;
++
+     header_len = PACTYPE_LENGTH + (cbuffers * PAC_INFO_BUFFER_LENGTH);
+     if (len < header_len)
+         return ERANGE;
+@@ -348,8 +353,8 @@ krb5_pac_parse(krb5_context context,
+             krb5_pac_free(context, pac);
+             return EINVAL;
+         }
+-        if (buffer->Offset < header_len ||
+-            buffer->Offset + buffer->cbBufferSize > len) {
++        if (buffer->Offset < header_len || buffer->Offset > len ||
++            buffer->cbBufferSize > len - buffer->Offset) {
+             krb5_pac_free(context, pac);
+             return ERANGE;
+         }
+diff --git a/src/lib/krb5/krb/t_pac.c b/src/lib/krb5/krb/t_pac.c
+index 7b756a2..2353e9f 100644
+--- a/src/lib/krb5/krb/t_pac.c
++++ b/src/lib/krb5/krb/t_pac.c
+@@ -431,6 +431,16 @@ static const unsigned char s4u_pac_ent_xrealm[] = {
+     0x8a, 0x81, 0x9c, 0x9c, 0x00, 0x00, 0x00, 0x00
+ };
+ 
++static const unsigned char fuzz1[] = {
++    0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00,
++    0x06, 0xff, 0xff, 0xff, 0x00, 0x00, 0xf5
++};
++
++static const unsigned char fuzz2[] = {
++    0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00,
++    0x20, 0x20
++};
++
+ static const char *s4u_principal = "w2k8u@ACME.COM";
+ static const char *s4u_enterprise = "w2k8u@abc@ACME.COM";
+ 
+@@ -646,6 +656,14 @@ main(int argc, char **argv)
+         krb5_free_principal(context, sep);
+     }
+ 
++    /* Check problematic PACs found by fuzzing. */
++    ret = krb5_pac_parse(context, fuzz1, sizeof(fuzz1), &pac);
++    if (!ret)
++        err(context, ret, "krb5_pac_parse should have failed");
++    ret = krb5_pac_parse(context, fuzz2, sizeof(fuzz2), &pac);
++    if (!ret)
++        err(context, ret, "krb5_pac_parse should have failed");
++
+     /*
+      * Test empty free
+      */
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-connectivity/krb5/krb5/CVE-2023-36054.patch b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2023-36054.patch
new file mode 100644
index 0000000000..160c090bce
--- /dev/null
+++ b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2023-36054.patch
@@ -0,0 +1,68 @@
+From ef08b09c9459551aabbe7924fb176f1583053cdd Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Mon, 21 Aug 2023 03:08:15 +0000
+Subject: [PATCH] Ensure array count consistency in kadm5 RPC
+
+In _xdr_kadm5_principal_ent_rec(), ensure that n_key_data matches the
+key_data array count when decoding.  Otherwise when the structure is
+later freed, xdr_array() could iterate over the wrong number of
+elements, either leaking some memory or freeing uninitialized
+pointers.  Reported by Robert Morris.
+
+CVE: CVE-2023-36054
+
+An authenticated attacker can cause a kadmind process to crash by
+freeing uninitialized pointers.  Remote code execution is unlikely.
+An attacker with control of a kadmin server can cause a kadmin client
+to crash by freeing uninitialized pointers.
+
+ticket: 9099 (new)
+tags: pullup
+target_version: 1.21-next
+target_version: 1.20-next
+
+Upstream-Status: Backport [https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ src/lib/kadm5/kadm_rpc_xdr.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
+index 2892d41..94b1ce8 100644
+--- a/src/lib/kadm5/kadm_rpc_xdr.c
++++ b/src/lib/kadm5/kadm_rpc_xdr.c
+@@ -390,6 +390,7 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
+			     int v)
+ {
+	unsigned int n;
++	bool_t r;
+
+	if (!xdr_krb5_principal(xdrs, &objp->principal)) {
+		return (FALSE);
+@@ -443,6 +444,9 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
+	if (!xdr_krb5_int16(xdrs, &objp->n_key_data)) {
+		return (FALSE);
+	}
++	if (xdrs->x_op == XDR_DECODE && objp->n_key_data < 0) {
++		return (FALSE);
++	}
+	if (!xdr_krb5_int16(xdrs, &objp->n_tl_data)) {
+		return (FALSE);
+	}
+@@ -451,9 +455,10 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
+		return FALSE;
+	}
+	n = objp->n_key_data;
+-	if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
+-		       &n, ~0, sizeof(krb5_key_data),
+-		       xdr_krb5_key_data_nocontents)) {
++	r = xdr_array(xdrs, (caddr_t *) &objp->key_data, &n, objp->n_key_data,
++		      sizeof(krb5_key_data), xdr_krb5_key_data_nocontents);
++	objp->n_key_data = n;
++	if (!r) {
+		return (FALSE);
+	}
+
+--
+2.40.0
diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb
index 6e0b2fdacb..a92066171b 100644
--- a/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb
+++ b/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb
@@ -32,6 +32,8 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \
            file://krb5-admin-server.service \
            file://CVE-2021-36222.patch;striplevel=2 \
            file://CVE-2021-37750.patch;striplevel=2 \
+           file://CVE-2022-42898.patch;striplevel=2 \
+           file://CVE-2023-36054.patch;striplevel=2 \
 "
 SRC_URI[md5sum] = "aa4337fffa3b61f22dbd0167f708818f"
 SRC_URI[sha256sum] = "1a4bba94df92f6d39a197a10687653e8bfbc9a2076e129f6eb92766974f86134"
diff --git a/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb b/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb
index 2a3a4ebd06..24b9e9a071 100644
--- a/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb
+++ b/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb
@@ -4,6 +4,7 @@ LICENSE = "MIT & Zlib & BSD-3-Clause & Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c8bea43a2eb5d713c338819a0be07797"
 
 DEPENDS = "zlib"
+DEPENDS:append:class-native = " libcap-native"
 
 S = "${WORKDIR}/git"
 SRCREV = "8d605f0649ed1ab6d27a443c7688598ea21fdb75"
@@ -44,3 +45,5 @@ RDEPENDS:${PN}-dev += " ${@bb.utils.contains('PACKAGECONFIG', 'static', '${PN}-s
 
 # Avoid absolute paths to end up in the sysroot.
 SSTATE_SCAN_FILES += "*.cmake"
+
+BBCLASSEXTEND = "native"
diff --git a/meta-oe/recipes-connectivity/linuxptp/linuxptp/0001-makefile-use-conditional-assignment-for-KBUILD_OUTPU.patch b/meta-oe/recipes-connectivity/linuxptp/linuxptp/0001-makefile-use-conditional-assignment-for-KBUILD_OUTPU.patch
new file mode 100644
index 0000000000..83bdae858f
--- /dev/null
+++ b/meta-oe/recipes-connectivity/linuxptp/linuxptp/0001-makefile-use-conditional-assignment-for-KBUILD_OUTPU.patch
@@ -0,0 +1,42 @@
+From dfd38cb29c0768692f886d3ab9158bd2b3132582 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Tue, 22 Nov 2022 15:20:48 +0800
+Subject: [PATCH] makefile: use conditional assignment for KBUILD_OUTPUT
+
+Refer [1],from make 4.4, all variables that are marked as export will
+also be passed to the shell started by the shell function. use "=" will
+make KBUILD_OUTPUT always empty for shell function, use "?=" to make
+"export KBUILD_OUTPUT" in enrironment can work.
+
+[snip of 4.4 NEWS]
+* WARNING: Backward-incompatibility!
+   Previously makefile variables marked as export were not exported to commands
+   started by the $(shell ...) function.  Now, all exported variables are
+   exported to $(shell ...).
+[snip]
+
+[1] https://git.savannah.gnu.org/cgit/make.git/tree/NEWS?h=4.4&id=ed493f6c9116cc217b99c2cfa6a95f15803235a2#n74
+
+Upstream-Status: Backport [d3dd51ba611802d7cbb28631cb943cb882fa4aac]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/makefile b/makefile
+index 529d8a0..3db60fa 100644
+--- a/makefile
++++ b/makefile
+@@ -15,7 +15,7 @@
+ # with this program; if not, write to the Free Software Foundation, Inc.,
+ # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ 
+-KBUILD_OUTPUT =
++KBUILD_OUTPUT ?=
+ 
+ DEBUG	=
+ CC	?= $(CROSS_COMPILE)gcc
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb b/meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb
index 9c0f56e736..9c8e649b1a 100644
--- a/meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb
+++ b/meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 SRC_URI = "http://sourceforge.net/projects/linuxptp/files/v3.1/linuxptp-${PV}.tgz \
            file://build-Allow-CC-and-prefix-to-be-overriden.patch \
            file://Use-cross-cpp-in-incdefs.patch \
+           file://0001-makefile-use-conditional-assignment-for-KBUILD_OUTPU.patch \
            "
 
 UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/linuxptp/files/"
diff --git a/meta-oe/recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch b/meta-oe/recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch
new file mode 100644
index 0000000000..93949fc21d
--- /dev/null
+++ b/meta-oe/recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch
@@ -0,0 +1,135 @@
+From 463054383fbeef889b409a7f843df5365288e2a0 Mon Sep 17 00:00:00 2001
+From: Christian Kastner <ckk@kvr.at>
+Date: Tue, 13 Jun 2023 14:21:52 +0200
+Subject: [PATCH] Add option to read username/password from file (#781)
+
+* Add option to read username/password from file
+
+CVE: CVE-2023-35789
+
+Upstream-Status: Backport [https://github.com/alanxz/rabbitmq-c/commit/463054383fbeef889b409a7f843df5365288e2a0]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ tools/common.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 66 insertions(+)
+
+diff --git a/tools/common.c b/tools/common.c
+index 53ea788..35b2b9f 100644
+--- a/tools/common.c
++++ b/tools/common.c
+@@ -54,6 +54,11 @@
+ #include "compat.h"
+ #endif
+
++/* For when reading auth data from a file */
++#define MAXAUTHTOKENLEN 128
++#define USERNAMEPREFIX "username:"
++#define PASSWORDPREFIX "password:"
++
+ void die(const char *fmt, ...) {
+   va_list ap;
+   va_start(ap, fmt);
+@@ -161,6 +166,7 @@ static char *amqp_vhost;
+ static char *amqp_username;
+ static char *amqp_password;
+ static int amqp_heartbeat = 0;
++static char *amqp_authfile;
+ #ifdef WITH_SSL
+ static int amqp_ssl = 0;
+ static char *amqp_cacert = "/etc/ssl/certs/cacert.pem";
+@@ -183,6 +189,8 @@ struct poptOption connect_options[] = {
+      "the password to login with", "password"},
+     {"heartbeat", 0, POPT_ARG_INT, &amqp_heartbeat, 0,
+      "heartbeat interval, set to 0 to disable", "heartbeat"},
++    {"authfile", 0, POPT_ARG_STRING, &amqp_authfile, 0,
++     "path to file containing username/password for authentication", "file"},
+ #ifdef WITH_SSL
+     {"ssl", 0, POPT_ARG_NONE, &amqp_ssl, 0, "connect over SSL/TLS", NULL},
+     {"cacert", 0, POPT_ARG_STRING, &amqp_cacert, 0,
+@@ -194,6 +202,50 @@ struct poptOption connect_options[] = {
+ #endif /* WITH_SSL */
+     {NULL, '\0', 0, NULL, 0, NULL, NULL}};
+
++void read_authfile(const char *path) {
++  size_t n;
++  FILE *fp = NULL;
++  char token[MAXAUTHTOKENLEN];
++
++  if ((amqp_username = malloc(MAXAUTHTOKENLEN)) == NULL ||
++      (amqp_password = malloc(MAXAUTHTOKENLEN)) == NULL) {
++    die("Out of memory");
++  } else if ((fp = fopen(path, "r")) == NULL) {
++    die("Could not read auth data file %s", path);
++  }
++
++  if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL ||
++      strncmp(token, USERNAMEPREFIX, strlen(USERNAMEPREFIX))) {
++    die("Malformed auth file (missing username)");
++  }
++  strncpy(amqp_username, &token[strlen(USERNAMEPREFIX)], MAXAUTHTOKENLEN);
++  /* Missing newline means token was cut off */
++  n = strlen(amqp_username);
++  if (amqp_username[n - 1] != '\n') {
++    die("Username too long");
++  } else {
++    amqp_username[n - 1] = '\0';
++  }
++
++  if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL ||
++      strncmp(token, PASSWORDPREFIX, strlen(PASSWORDPREFIX))) {
++    die("Malformed auth file (missing password)");
++  }
++  strncpy(amqp_password, &token[strlen(PASSWORDPREFIX)], MAXAUTHTOKENLEN);
++  /* Missing newline means token was cut off */
++  n = strlen(amqp_password);
++  if (amqp_password[n - 1] != '\n') {
++    die("Password too long");
++  } else {
++    amqp_password[n - 1] = '\0';
++  }
++
++  (void)fgetc(fp);
++  if (!feof(fp)) {
++    die("Malformed auth file (trailing data)");
++  }
++}
++
+ static void init_connection_info(struct amqp_connection_info *ci) {
+   ci->user = NULL;
+   ci->password = NULL;
+@@ -269,6 +321,8 @@ static void init_connection_info(struct amqp_connection_info *ci) {
+   if (amqp_username) {
+     if (amqp_url) {
+       die("--username and --url options cannot be used at the same time");
++    } else if (amqp_authfile) {
++      die("--username and --authfile options cannot be used at the same time");
+     }
+
+     ci->user = amqp_username;
+@@ -277,11 +331,23 @@ static void init_connection_info(struct amqp_connection_info *ci) {
+   if (amqp_password) {
+     if (amqp_url) {
+       die("--password and --url options cannot be used at the same time");
++    } else if (amqp_authfile) {
++      die("--password and --authfile options cannot be used at the same time");
+     }
+
+     ci->password = amqp_password;
+   }
+
++  if (amqp_authfile) {
++    if (amqp_url) {
++      die("--authfile and --url options cannot be used at the same time");
++    }
++
++    read_authfile(amqp_authfile);
++    ci->user = amqp_username;
++    ci->password = amqp_password;
++  }
++
+   if (amqp_vhost) {
+     if (amqp_url) {
+       die("--vhost and --url options cannot be used at the same time");
+--
+2.40.0
diff --git a/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb b/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb
index 304171c88c..1cc4ada3b5 100644
--- a/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb
+++ b/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb
@@ -3,7 +3,9 @@ HOMEPAGE = "https://github.com/alanxz/rabbitmq-c"
 LIC_FILES_CHKSUM = "file://LICENSE-MIT;md5=6b7424f9db80cfb11fdd5c980b583f53"
 LICENSE = "MIT"
 
-SRC_URI = "git://github.com/alanxz/rabbitmq-c.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/alanxz/rabbitmq-c.git;branch=master;protocol=https \
+           file://CVE-2023-35789.patch \
+          "
 # v0.11.0-master
 SRCREV = "a64c08c68aff34d49a2ac152f04988cd921084f9"
 
diff --git a/meta-oe/recipes-connectivity/ser2net/ser2net_4.3.5.bb b/meta-oe/recipes-connectivity/ser2net/ser2net_4.3.5.bb
index 79d54038eb..a33265063c 100644
--- a/meta-oe/recipes-connectivity/ser2net/ser2net_4.3.5.bb
+++ b/meta-oe/recipes-connectivity/ser2net/ser2net_4.3.5.bb
@@ -14,5 +14,3 @@ SRC_URI[sha256sum] = "848c4fe863806e506832f1ee85b8b68258f06eb19dad43dbeee16a2cfe
 UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/ser2net/files/ser2net"
 
 inherit autotools pkgconfig
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch
new file mode 100644
index 0000000000..6028520923
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch
@@ -0,0 +1,37 @@
+From 6b5dfdb31aa503bb0358784c632ff3a04e7a8ff4 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 4 Jan 2023 13:51:03 +0800
+Subject: [PATCH] [DEV-2301] fixed spoofing X-Forwarded-For request header
+ allows to access Frontend in maintenace mode
+
+Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/50668e9d64af32cdc67a45082c556699ff86565e]
+CVE: CVE-2022-43515
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ ui/include/classes/user/CWebUser.php | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/ui/include/classes/user/CWebUser.php b/ui/include/classes/user/CWebUser.php
+index e6e651e..bfacce7 100644
+--- a/ui/include/classes/user/CWebUser.php
++++ b/ui/include/classes/user/CWebUser.php
+@@ -231,13 +231,11 @@ class CWebUser {
+ 	}
+ 
+ 	/**
+-	 * Get user ip address.
++	 * Get user IP address.
+ 	 *
+ 	 * @return string
+ 	 */
+ 	public static function getIp(): string {
+-		return (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && $_SERVER['HTTP_X_FORWARDED_FOR'] !== '')
+-			? $_SERVER['HTTP_X_FORWARDED_FOR']
+-			: $_SERVER['REMOTE_ADDR'];
++		return $_SERVER['REMOTE_ADDR'];
+ 	}
+ }
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch
new file mode 100644
index 0000000000..debd0aaa8e
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch
@@ -0,0 +1,53 @@
+From 7373f92c80eb89941428468cd6b9d5c8879a7f93 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 4 Jan 2023 14:23:34 +0800
+Subject: [PATCH] [DEV-2283] added validation of the scheduled report
+ generation URL to zabbix-web-service
+
+Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/fdb03971867]
+CVE: CVE-2022-46768
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ .../zabbix_web_service/pdf_report_creator.go   | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+index 391b58b..8452a3d 100644
+--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
++++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+@@ -29,6 +29,7 @@ import (
+ 	"net/http"
+ 	"net/url"
+ 	"strconv"
++	"strings"
+ 	"time"
+ 
+ 	"github.com/chromedp/cdproto/emulation"
+@@ -123,6 +124,23 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
+ 		return
+ 	}
+ 
++	if u.Scheme != "http" && u.Scheme != "https" {
++		logAndWriteError(w, fmt.Sprintf("Unexpected URL scheme: \"%s\"", u.Scheme), http.StatusBadRequest)
++		return
++	}
++
++	if !strings.HasSuffix(u.Path, "/zabbix.php") {
++		logAndWriteError(w, fmt.Sprintf("Unexpected URL path: \"%s\"", u.Path), http.StatusBadRequest)
++		return
++	}
++
++	queryParams := u.Query()
++
++	if queryParams.Get("action") != "dashboard.print" {
++		logAndWriteError(w, fmt.Sprintf("Unexpected URL action: \"%s\"", queryParams.Get("action")), http.StatusBadRequest)
++		return
++	}
++
+ 	log.Tracef(
+ 		"making chrome headless request with parameters url: %s, width: %s, height: %s for report request from %s",
+ 		u.String(), req.Parameters["width"], req.Parameters["height"], r.RemoteAddr)
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29449.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29449.patch
new file mode 100644
index 0000000000..675d9e0f35
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29449.patch
@@ -0,0 +1,247 @@
+From 240754ccee1b6b35ac47862be56dacec11e65b32 Mon Sep 17 00:00:00 2001
+From: Dmitrijs Goloscapovs <dmitrijs.goloscapovs@zabbix.com>
+Date: Thu, 27 Jul 2023 11:23:54 +0000
+Subject: [PATCH] .......PS. [DEV-2387] added new limits for JS objects
+
+Merge in ZBX/zabbix from feature/DEV-2387-6.0 to release/6.0
+
+* commit '16e5f15a70cfbf00c646cb92d1fcb8a362900285':
+  .......PS. [DEV-2387] removed logsize check based on json buffer
+  .......PS. [DEV-2387] removed logsize check based on json buffer
+  .......PS. [DEV-2387] fixed pr comments
+  .......PS. [DEV-2387] removed useless include
+  .......PS. [DEV-2387] added limits for logging and adding httprequest headers
+  .......PS. [DEV-2387] limited initialization of new HttpRequest objects
+
+CVE: CVE-2023-29449
+
+Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/240754ccee1]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/libs/zbxembed/console.c     | 23 ++++++++++++-----------
+ src/libs/zbxembed/embed.c       |  1 +
+ src/libs/zbxembed/embed.h       |  3 +++
+ src/libs/zbxembed/httprequest.c | 28 ++++++++++++++++++++++++++++
+ src/libs/zbxembed/zabbix.c      | 23 ++++++++++++-----------
+ 5 files changed, 56 insertions(+), 22 deletions(-)
+
+diff --git a/src/libs/zbxembed/console.c b/src/libs/zbxembed/console.c
+index c733487..60c48fc 100644
+--- a/src/libs/zbxembed/console.c
++++ b/src/libs/zbxembed/console.c
+@@ -90,27 +90,28 @@ static duk_ret_t	es_log_message(duk_context *ctx, int level)
+	else
+		msg_output = zbx_strdup(msg_output, "undefined");
+
+-	zabbix_log(level, "%s", msg_output);
+-
+	duk_get_memory_functions(ctx, &out_funcs);
+	env = (zbx_es_env_t *)out_funcs.udata;
+
+-	if (NULL == env->json)
+-		goto out;
+-
+-	if (ZBX_ES_LOG_MEMORY_LIMIT < env->json->buffer_size)	/* approximate limit */
++	if (ZBX_ES_LOG_MEMORY_LIMIT < env->log_size)
+	{
+		err_index = duk_push_error_object(ctx, DUK_RET_EVAL_ERROR, "log exceeds the maximum size of "
+				ZBX_FS_UI64 " bytes.", ZBX_ES_LOG_MEMORY_LIMIT);
+		goto out;
+	}
+
+-	zbx_json_addobject(env->json, NULL);
+-	zbx_json_adduint64(env->json, "level", (zbx_uint64_t)level);
+-	zbx_json_adduint64(env->json, "ms", zbx_get_duration_ms(&env->start_time));
+-	zbx_json_addstring(env->json, "message", msg_output, ZBX_JSON_TYPE_STRING);
+-	zbx_json_close(env->json);
++	zabbix_log(level, "%s", msg_output);
++
++	if (NULL != env->json)
++	{
++		zbx_json_addobject(env->json, NULL);
++		zbx_json_adduint64(env->json, "level", (zbx_uint64_t)level);
++		zbx_json_adduint64(env->json, "ms", zbx_get_duration_ms(&env->start_time));
++		zbx_json_addstring(env->json, "message", msg_output, ZBX_JSON_TYPE_STRING);
++		zbx_json_close(env->json);
++	}
+ out:
++	env->log_size += strlen(msg_output);
+	zbx_free(msg_output);
+
+	if (-1 != err_index)
+diff --git a/src/libs/zbxembed/embed.c b/src/libs/zbxembed/embed.c
+index 34d8d18..cc80925 100644
+--- a/src/libs/zbxembed/embed.c
++++ b/src/libs/zbxembed/embed.c
+@@ -444,6 +444,7 @@ int	zbx_es_execute(zbx_es_t *es, const char *script, const char *code, int size,
+	zabbix_log(LOG_LEVEL_DEBUG, "In %s() param:%s", __func__, param);
+
+	zbx_timespec(&es->env->start_time);
++	es->env->http_req_objects = 0;
+
+	if (NULL != es->env->json)
+	{
+diff --git a/src/libs/zbxembed/embed.h b/src/libs/zbxembed/embed.h
+index a0a360c..2b954a8 100644
+--- a/src/libs/zbxembed/embed.h
++++ b/src/libs/zbxembed/embed.h
+@@ -48,6 +48,9 @@ struct zbx_es_env
+	struct zbx_json	*json;
+
+	jmp_buf		loc;
++
++	int		http_req_objects;
++	size_t		log_size;
+ };
+
+ zbx_es_env_t	*zbx_es_get_env(duk_context *ctx);
+diff --git a/src/libs/zbxembed/httprequest.c b/src/libs/zbxembed/httprequest.c
+index 8c2839c..7f0eed9 100644
+--- a/src/libs/zbxembed/httprequest.c
++++ b/src/libs/zbxembed/httprequest.c
+@@ -52,6 +52,7 @@ typedef struct
+	size_t			headers_in_alloc;
+	size_t			headers_in_offset;
+	unsigned char		custom_header;
++	size_t			headers_sz;
+ }
+ zbx_es_httprequest_t;
+
+@@ -145,13 +146,21 @@ static duk_ret_t	es_httprequest_dtor(duk_context *ctx)
+  ******************************************************************************/
+ static duk_ret_t	es_httprequest_ctor(duk_context *ctx)
+ {
++#define MAX_HTTPREQUEST_OBJECT_COUNT	10
+	zbx_es_httprequest_t	*request;
+	CURLcode		err;
++	zbx_es_env_t		*env;
+	int			err_index = -1;
+
+	if (!duk_is_constructor_call(ctx))
+		return DUK_RET_TYPE_ERROR;
+
++	if (NULL == (env = zbx_es_get_env(ctx)))
++		return duk_error(ctx, DUK_RET_TYPE_ERROR, "cannot access internal environment");
++
++	if (MAX_HTTPREQUEST_OBJECT_COUNT == env->http_req_objects)
++		return duk_error(ctx, DUK_RET_EVAL_ERROR, "maximum count of HttpRequest objects was reached");
++
+	duk_push_this(ctx);
+
+	request = (zbx_es_httprequest_t *)zbx_malloc(NULL, sizeof(zbx_es_httprequest_t));
+@@ -189,7 +198,10 @@ out:
+		return duk_throw(ctx);
+	}
+
++	env->http_req_objects++;
++
+	return 0;
++#undef MAX_HTTPREQUEST_OBJECT_COUNT
+ }
+
+ /******************************************************************************
+@@ -201,10 +213,12 @@ out:
+  ******************************************************************************/
+ static duk_ret_t	es_httprequest_add_header(duk_context *ctx)
+ {
++#define ZBX_ES_MAX_HEADERS_SIZE	ZBX_KIBIBYTE * 128
+	zbx_es_httprequest_t	*request;
+	CURLcode		err;
+	char			*utf8 = NULL;
+	int			err_index = -1;
++	size_t			header_sz;
+
+	if (NULL == (request = es_httprequest(ctx)))
+		return duk_error(ctx, DUK_RET_EVAL_ERROR, "internal scripting error: null object");
+@@ -215,9 +229,20 @@ static duk_ret_t	es_httprequest_add_header(duk_context *ctx)
+		goto out;
+	}
+
++	header_sz = strlen(utf8);
++
++	if (ZBX_ES_MAX_HEADERS_SIZE < request->headers_sz + header_sz)
++	{
++		err_index = duk_push_error_object(ctx, DUK_RET_TYPE_ERROR, "headers exceeded maximum size of "
++			ZBX_FS_UI64 " bytes.", ZBX_ES_MAX_HEADERS_SIZE);
++
++		goto out;
++	}
++
+	request->headers = curl_slist_append(request->headers, utf8);
+	ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_HTTPHEADER, request->headers, err);
+	request->custom_header = 1;
++	request->headers_sz += header_sz + 1;
+ out:
+	zbx_free(utf8);
+
+@@ -225,6 +250,7 @@ out:
+		return duk_throw(ctx);
+
+	return 0;
++#undef ZBX_ES_MAX_HEADERS_SIZE
+ }
+
+ /******************************************************************************
+@@ -244,6 +270,7 @@ static duk_ret_t	es_httprequest_clear_header(duk_context *ctx)
+	curl_slist_free_all(request->headers);
+	request->headers = NULL;
+	request->custom_header = 0;
++	request->headers_sz = 0;
+
+	return 0;
+ }
+@@ -311,6 +338,7 @@ static duk_ret_t	es_httprequest_query(duk_context *ctx, const char *http_request
+		{
+			curl_slist_free_all(request->headers);
+			request->headers = NULL;
++			request->headers_sz = 0;
+		}
+
+		if (NULL != contents)
+diff --git a/src/libs/zbxembed/zabbix.c b/src/libs/zbxembed/zabbix.c
+index 820768f..0ecde86 100644
+--- a/src/libs/zbxembed/zabbix.c
++++ b/src/libs/zbxembed/zabbix.c
+@@ -81,27 +81,28 @@ static duk_ret_t	es_zabbix_log(duk_context *ctx)
+		zbx_replace_invalid_utf8(message);
+	}
+
+-	zabbix_log(level, "%s", message);
+-
+	duk_get_memory_functions(ctx, &out_funcs);
+	env = (zbx_es_env_t *)out_funcs.udata;
+
+-	if (NULL == env->json)
+-		goto out;
+-
+-	if (ZBX_ES_LOG_MEMORY_LIMIT < env->json->buffer_size)	/* approximate limit */
++	if (ZBX_ES_LOG_MEMORY_LIMIT < env->log_size)
+	{
+		err_index = duk_push_error_object(ctx, DUK_RET_EVAL_ERROR, "log exceeds the maximum size of "
+				ZBX_FS_UI64 " bytes.", ZBX_ES_LOG_MEMORY_LIMIT);
+		goto out;
+	}
+
+-	zbx_json_addobject(env->json, NULL);
+-	zbx_json_adduint64(env->json, "level", (zbx_uint64_t)level);
+-	zbx_json_adduint64(env->json, "ms", zbx_get_duration_ms(&env->start_time));
+-	zbx_json_addstring(env->json, "message", message, ZBX_JSON_TYPE_STRING);
+-	zbx_json_close(env->json);
++	zabbix_log(level, "%s", message);
++
++	if (NULL != env->json)
++	{
++		zbx_json_addobject(env->json, NULL);
++		zbx_json_adduint64(env->json, "level", (zbx_uint64_t)level);
++		zbx_json_adduint64(env->json, "ms", zbx_get_duration_ms(&env->start_time));
++		zbx_json_addstring(env->json, "message", message, ZBX_JSON_TYPE_STRING);
++		zbx_json_close(env->json);
++	}
+ out:
++	env->log_size += strlen(message);
+	zbx_free(message);
+
+	if (-1 != err_index)
+--
+2.35.5
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch
new file mode 100644
index 0000000000..ea790f0a93
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch
@@ -0,0 +1,241 @@
+From 76f6a80cb3d6131e9c3e98918305c1bf1805fa2a Mon Sep 17 00:00:00 2001
+From: Vladislavs Sokurenko <vladislavs.sokurenko@zabbix.com>
+Date: Thu, 27 Jul 2023 12:43:02 +0000
+Subject: [PATCH] ...G...PS. [DEV-2429] fixed unauthorised file system access
+ when using cURL
+
+Merge in ZBX/zabbix from feature/DEV-2429-6.0 to release/6.0
+
+* commit 'abf345230ee185d61cc0bd70d432fa4b093b8a53':
+  ...G...PS. [DEV-2429] fixed unautorized file system access when using curl
+  .......PS. [DEV-2429] fixed unautorized file system access in JS preprocessing
+
+CVE: CVE-2023-29450
+
+Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/76f6a80cb3d]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/libs/zbxembed/httprequest.c            |  4 +++
+ src/libs/zbxhistory/history_elastic.c      | 30 ++++++++++++++++++++++
+ src/libs/zbxhttp/http.c                    |  9 +++++++
+ src/libs/zbxmedia/email.c                  |  6 +++++
+ src/libs/zbxsysinfo/common/http.c          |  9 +++++++
+ src/libs/zbxsysinfo/simple/simple.c        | 11 ++++++++
+ src/zabbix_server/httppoller/httptest.c    |  9 +++++++
+ src/zabbix_server/reporter/report_writer.c | 10 ++++++++
+ src/zabbix_server/vmware/vmware.c          |  9 +++++++
+ 9 files changed, 97 insertions(+)
+
+diff --git a/src/libs/zbxembed/httprequest.c b/src/libs/zbxembed/httprequest.c
+index 7f0eed9..871b925 100644
+--- a/src/libs/zbxembed/httprequest.c
++++ b/src/libs/zbxembed/httprequest.c
+@@ -354,6 +354,10 @@ static duk_ret_t	es_httprequest_query(duk_context *ctx, const char *http_request
+	ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_CUSTOMREQUEST, http_request, err);
+	ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_TIMEOUT_MS, timeout_ms - elapsed_ms, err);
+	ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_POSTFIELDS, ZBX_NULL2EMPTY_STR(contents), err);
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS, err);
++#endif
+
+	request->data_offset = 0;
+	request->headers_in_offset = 0;
+diff --git a/src/libs/zbxhistory/history_elastic.c b/src/libs/zbxhistory/history_elastic.c
+index 8b3ea84..fc881da 100644
+--- a/src/libs/zbxhistory/history_elastic.c
++++ b/src/libs/zbxhistory/history_elastic.c
+@@ -406,6 +406,16 @@ static void	elastic_writer_add_iface(zbx_history_iface_t *hist)
+		goto out;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PROTOCOLS,
++			CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		zabbix_log(LOG_LEVEL_ERR, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err));
++		goto out;
++	}
++#endif
++
+	*page_w[hist->value_type].errbuf = '\0';
+
+	if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PRIVATE, &page_w[hist->value_type])))
+@@ -722,6 +732,16 @@ static int	elastic_get_values(zbx_history_iface_t *hist, zbx_uint64_t itemid, in
+		goto out;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PROTOCOLS,
++			CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		zabbix_log(LOG_LEVEL_ERR, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err));
++		goto out;
++	}
++#endif
++
+	zabbix_log(LOG_LEVEL_DEBUG, "sending query to %s; post data: %s", data->post_url, query.buffer);
+
+	page_r.offset = 0;
+@@ -1065,6 +1085,16 @@ void	zbx_elastic_version_extract(struct zbx_json *json)
+		goto clean;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(handle, opt = CURLOPT_PROTOCOLS,
++			CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		zabbix_log(LOG_LEVEL_WARNING, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err));
++		goto clean;
++	}
++#endif
++
+	*errbuf = '\0';
+
+	if (CURLE_OK != (err = curl_easy_perform(handle)))
+diff --git a/src/libs/zbxhttp/http.c b/src/libs/zbxhttp/http.c
+index c10922c..36774cc 100644
+--- a/src/libs/zbxhttp/http.c
++++ b/src/libs/zbxhttp/http.c
+@@ -333,6 +333,15 @@ int	zbx_http_get(const char *url, const char *header, long timeout, char **out,
+		goto clean;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		*error = zbx_dsprintf(NULL, "Cannot set allowed protocols: %s", curl_easy_strerror(err));
++		goto clean;
++	}
++#endif
++
+	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_URL, url)))
+	{
+		*error = zbx_dsprintf(NULL, "Cannot specify URL: %s", curl_easy_strerror(err));
+diff --git a/src/libs/zbxmedia/email.c b/src/libs/zbxmedia/email.c
+index 3b987d9..d3af744 100644
+--- a/src/libs/zbxmedia/email.c
++++ b/src/libs/zbxmedia/email.c
+@@ -661,6 +661,12 @@ static int	send_email_curl(const char *smtp_server, unsigned short smtp_port, co
+	if ('\0' != *smtp_helo)
+		zbx_snprintf(url + url_offset, sizeof(url) - url_offset, "/%s", smtp_helo);
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_SMTPS | CURLPROTO_SMTP)))
++		goto error;
++#endif
++
+	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_URL, url)))
+		goto error;
+
+diff --git a/src/libs/zbxsysinfo/common/http.c b/src/libs/zbxsysinfo/common/http.c
+index acd77e1..8dc4793 100644
+--- a/src/libs/zbxsysinfo/common/http.c
++++ b/src/libs/zbxsysinfo/common/http.c
+@@ -176,6 +176,15 @@ static int	curl_page_get(char *url, char **buffer, char **error)
+		goto out;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		*error = zbx_dsprintf(*error, "Cannot set allowed protocols: %s", curl_easy_strerror(err));
++		goto out;
++	}
++#endif
++
+	if (CURLE_OK == (err = curl_easy_perform(easyhandle)))
+	{
+		if (NULL != buffer)
+diff --git a/src/libs/zbxsysinfo/simple/simple.c b/src/libs/zbxsysinfo/simple/simple.c
+index be1b9f9..80c5eac 100644
+--- a/src/libs/zbxsysinfo/simple/simple.c
++++ b/src/libs/zbxsysinfo/simple/simple.c
+@@ -189,6 +189,17 @@ static int	check_https(const char *host, unsigned short port, int timeout, int *
+		goto clean;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_PROTOCOLS,
++			CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		zabbix_log(LOG_LEVEL_DEBUG, "%s: could not set cURL option [%d]: %s",
++				__func__, (int)opt, curl_easy_strerror(err));
++		goto clean;
++	}
++#endif
++
+	if (NULL != CONFIG_SOURCE_IP)
+	{
+		if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_INTERFACE, CONFIG_SOURCE_IP)))
+diff --git a/src/zabbix_server/httppoller/httptest.c b/src/zabbix_server/httppoller/httptest.c
+index 0ff70ef..0201442 100644
+--- a/src/zabbix_server/httppoller/httptest.c
++++ b/src/zabbix_server/httppoller/httptest.c
+@@ -696,6 +696,15 @@ static void	process_httptest(DC_HOST *host, zbx_httptest_t *httptest)
+		goto clean;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		err_str = zbx_strdup(err_str, curl_easy_strerror(err));
++		goto clean;
++	}
++#endif
++
+	if (SUCCEED != zbx_http_prepare_ssl(easyhandle, httptest->httptest.ssl_cert_file,
+			httptest->httptest.ssl_key_file, httptest->httptest.ssl_key_password,
+			httptest->httptest.verify_peer, httptest->httptest.verify_host, &err_str))
+diff --git a/src/zabbix_server/reporter/report_writer.c b/src/zabbix_server/reporter/report_writer.c
+index 87d1364..7530ed0 100644
+--- a/src/zabbix_server/reporter/report_writer.c
++++ b/src/zabbix_server/reporter/report_writer.c
+@@ -162,6 +162,16 @@ static int	rw_get_report(const char *url, const char *cookie, int width, int hei
+		goto out;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(curl, opt = CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		*error = zbx_dsprintf(*error, "Cannot set cURL option %d: %s.", (int)opt,
++				(curl_error = rw_curl_error(err)));
++		goto out;
++	}
++#endif
++
+	if (NULL != CONFIG_TLS_CA_FILE && '\0' != *CONFIG_TLS_CA_FILE)
+	{
+		if (CURLE_OK != (err = curl_easy_setopt(curl, opt = CURLOPT_CAINFO, CONFIG_TLS_CA_FILE)) ||
+diff --git a/src/zabbix_server/vmware/vmware.c b/src/zabbix_server/vmware/vmware.c
+index b02c8c7..718d519 100644
+--- a/src/zabbix_server/vmware/vmware.c
++++ b/src/zabbix_server/vmware/vmware.c
+@@ -2045,6 +2045,15 @@ static int	vmware_service_authenticate(zbx_vmware_service_t *service, CURL *easy
+		goto out;
+	}
+
++#if LIBCURL_VERSION_NUM >= 0x071304
++	/* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */
++	if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS)))
++	{
++		*error = zbx_dsprintf(*error, "Cannot set cURL option %d: %s.", (int)opt, curl_easy_strerror(err));
++		goto out;
++	}
++#endif
++
+	if (NULL != CONFIG_SOURCE_IP)
+	{
+		if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_INTERFACE, CONFIG_SOURCE_IP)))
+--
+2.35.5
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch
new file mode 100644
index 0000000000..453f67a920
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch
@@ -0,0 +1,116 @@
+From 90274a56b2505997cd1677f0bd6a8b89b21df163 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 26 Apr 2023 15:00:07 +0800
+Subject: [PATCH] Fix CVE-2023-29451
+
+.......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character
+
+Merge in ZBX/zabbix from feature/DEV-2450-6.0 to release/6.0
+
+* commit '97efb4ed5069d4febe825671e2c3d106478d082d':
+  .......PS. [DEV-2450] added mock test
+  .......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character
+  .......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character
+
+Upstream-Status: Backport
+[https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/3b6a8c84612a67daaf89879226349420104bff24]
+CVE: CVE-2023-29451
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/libs/zbxdiag/diag.c                      |  3 ++-
+ src/libs/zbxjson/json.c                      |  2 +-
+ src/libs/zbxjson/json.h                      |  1 +
+ src/libs/zbxjson/json_parser.c               | 15 +++++----------
+ src/zabbix_server/reporter/report_protocol.c |  3 ++-
+ 5 files changed, 11 insertions(+), 13 deletions(-)
+
+diff --git a/src/libs/zbxdiag/diag.c b/src/libs/zbxdiag/diag.c
+index 6fc5509..dc47407 100644
+--- a/src/libs/zbxdiag/diag.c
++++ b/src/libs/zbxdiag/diag.c
+@@ -673,7 +673,8 @@ static void	diag_get_simple_values(const struct zbx_json_parse *jp, char **msg)
+ 	{
+ 		if (FAIL == zbx_json_brackets_open(pnext, &jp_value))
+ 		{
+-			zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, &type);
++			if (NULL == zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, &type))
++				type = ZBX_JSON_TYPE_NULL;
+ 
+ 			if (0 != msg_offset)
+ 				zbx_chrcpy_alloc(msg, &msg_alloc, &msg_offset, ' ');
+diff --git a/src/libs/zbxjson/json.c b/src/libs/zbxjson/json.c
+index 4161ef0..c043d7e 100644
+--- a/src/libs/zbxjson/json.c
++++ b/src/libs/zbxjson/json.c
+@@ -764,7 +764,7 @@ static unsigned int	zbx_hex2num(char c)
+  *               0 on error (invalid escape sequence)                         *
+  *                                                                            *
+  ******************************************************************************/
+-static unsigned int	zbx_json_decode_character(const char **p, unsigned char *bytes)
++unsigned int	zbx_json_decode_character(const char **p, unsigned char *bytes)
+ {
+ 	bytes[0] = '\0';
+ 
+diff --git a/src/libs/zbxjson/json.h b/src/libs/zbxjson/json.h
+index c59646a..4008411 100644
+--- a/src/libs/zbxjson/json.h
++++ b/src/libs/zbxjson/json.h
+@@ -29,5 +29,6 @@
+ 	SKIP_WHITESPACE(src)
+ 
+ void	zbx_set_json_strerror(const char *fmt, ...) __zbx_attr_format_printf(1, 2);
++unsigned int	zbx_json_decode_character(const char **p, unsigned char *bytes);
+ 
+ #endif
+diff --git a/src/libs/zbxjson/json_parser.c b/src/libs/zbxjson/json_parser.c
+index c8dcee4..64d24cf 100644
+--- a/src/libs/zbxjson/json_parser.c
++++ b/src/libs/zbxjson/json_parser.c
+@@ -88,7 +88,7 @@ static zbx_int64_t	json_parse_string(const char *start, char **error)
+ 		if ('\\' == *ptr)
+ 		{
+ 			const char	*escape_start = ptr;
+-			int		i;
++			unsigned char	uc[4];	/* decoded Unicode character takes 1-4 bytes in UTF-8 */
+ 
+ 			/* unexpected end of string data, failing */
+ 			if ('\0' == *(++ptr))
+@@ -107,16 +107,11 @@ static zbx_int64_t	json_parse_string(const char *start, char **error)
+ 					break;
+ 				case 'u':
+ 					/* check if the \u is followed with 4 hex digits */
+-					for (i = 0; i < 4; i++)
+-					{
+-						if (0 == isxdigit((unsigned char)*(++ptr)))
+-						{
+-							return json_error("invalid escape sequence in string",
+-									escape_start, error);
+-						}
++					if (0 == zbx_json_decode_character(&ptr, uc)) {
++						return json_error("invalid escape sequence in string",
++							escape_start, error);
+ 					}
+-
+-					break;
++					continue;
+ 				default:
+ 					return json_error("invalid escape sequence in string data",
+ 							escape_start, error);
+diff --git a/src/zabbix_server/reporter/report_protocol.c b/src/zabbix_server/reporter/report_protocol.c
+index 5f55f51..ee0e02e 100644
+--- a/src/zabbix_server/reporter/report_protocol.c
++++ b/src/zabbix_server/reporter/report_protocol.c
+@@ -421,7 +421,8 @@ void	zbx_report_test(const struct zbx_json_parse *jp, zbx_uint64_t userid, struc
+ 			size_t		value_alloc = 0;
+ 			zbx_ptr_pair_t	pair;
+ 
+-			zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, NULL);
++			if (NULL == zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, NULL))
++				continue;
+ 			pair.first = zbx_strdup(NULL, key);
+ 			pair.second = value;
+ 			zbx_vector_ptr_pair_append(&params, pair);
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32726.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32726.patch
new file mode 100644
index 0000000000..b9c37bc045
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32726.patch
@@ -0,0 +1,160 @@
+From 53ef2b7119f57f4140e6bd9c5cd2d3c6af228179 Mon Sep 17 00:00:00 2001
+From: Armands Arseniuss Skolmeisters <armands.skolmeisters@zabbix.com>
+Date: Thu, 11 Jan 2024 12:00:24 +0000
+Subject: [PATCH] ...G...... [DEV-2702] fixed buffer overread in DNS response
+
+* commit '893902999ab7f0b15cce91e8555cb251b32b6df4':
+ ...G...... [DEV-2702] fixed DNS record data length check
+ ...G...... [DEV-2702] improved DNS error messages
+ ...G...... [DEV-2702] fixed DNS error messages
+ ...G...... [DEV-2702] improved DNS error messages
+ ...G...... [DEV-2702] fixed buffer overread in DNS response
+
+CVE: CVE-2023-32726
+Upstream-Status: Backport [https://github.com/zabbix/zabbix/commit/53ef2b7119f57f4140e6bd9c5cd2d3c6af228179]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/libs/zbxsysinfo/common/dns.c | 65 +++++++++++++++++++++++++++-----
+ 1 file changed, 56 insertions(+), 9 deletions(-)
+
+diff --git a/src/libs/zbxsysinfo/common/dns.c b/src/libs/zbxsysinfo/common/dns.c
+index e8938d8..bf456f2 100644
+--- a/src/libs/zbxsysinfo/common/dns.c
++++ b/src/libs/zbxsysinfo/common/dns.c
+@@ -638,7 +638,8 @@ static int	dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans
+	{
+		if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))
+		{
+-			SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++			SET_MSG_RESULT(result, zbx_strdup(NULL,
++					"Cannot decode DNS response: cannot expand domain name."));
+			ret = SYSINFO_RET_FAIL;
+			goto clean;
+		}
+@@ -651,6 +652,13 @@ static int	dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans
+		GETSHORT(q_len, msg_ptr);
+		offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %-8s", decode_type(q_type));
+
++		if (msg_ptr + q_len > msg_end)
++		{
++			SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response: record overflow."));
++			ret = SYSINFO_RET_FAIL;
++			goto clean;
++		}
++
+		switch (q_type)
+		{
+			case T_A:
+@@ -695,8 +703,40 @@ static int	dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans
+			case T_PTR:
+				if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))
+				{
+-					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++#define ERR_MSG_PREFIX	"Cannot decode DNS response: cannot expand "
++					const char	*err_msg = NULL;
++
++					switch (q_type)
++					{
++						case T_NS:
++							err_msg = ERR_MSG_PREFIX "name server name.";
++							break;
++						case T_CNAME:
++							err_msg = ERR_MSG_PREFIX "canonical name.";
++							break;
++						case T_MB:
++							err_msg = ERR_MSG_PREFIX "mailbox name.";
++							break;
++						case T_MD:
++							err_msg = ERR_MSG_PREFIX "mail destination name.";
++							break;
++						case T_MF:
++							err_msg = ERR_MSG_PREFIX "mail forwarder name.";
++							break;
++						case T_MG:
++							err_msg = ERR_MSG_PREFIX "mail group name.";
++							break;
++						case T_MR:
++							err_msg = ERR_MSG_PREFIX "renamed mailbox name.";
++							break;
++						case T_PTR:
++							err_msg = ERR_MSG_PREFIX "PTR name.";
++							break;
++					}
++
++					SET_MSG_RESULT(result, zbx_strdup(NULL, err_msg));
+					return SYSINFO_RET_FAIL;
++#undef ERR_MSG_PREFIX
+				}
+				offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name);
+				break;
+@@ -706,7 +746,8 @@ static int	dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans
+
+				if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))	/* exchange */
+				{
+-					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:"
++							" cannot expand mail exchange name."));
+					return SYSINFO_RET_FAIL;
+				}
+				offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name);
+@@ -715,14 +756,16 @@ static int	dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans
+			case T_SOA:
+				if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))	/* source host */
+				{
+-					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:"
++							" cannot expand source nameserver name."));
+					return SYSINFO_RET_FAIL;
+				}
+				offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name);
+
+				if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))	/* administrator */
+				{
+-					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:"
++							" cannot expand administrator mailbox name."));
+					return SYSINFO_RET_FAIL;
+				}
+				offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name);
+@@ -750,7 +793,8 @@ static int	dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans
+			case T_WKS:
+				if (INT32SZ + 1 > q_len)
+				{
+-					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:"
++							" malformed WKS resource record."));
+					return SYSINFO_RET_FAIL;
+				}
+
+@@ -816,14 +860,16 @@ static int	dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans
+			case T_MINFO:
+				if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))	/* mailbox responsible for mailing lists */
+				{
+-					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:"
++							" cannot expand mailbox responsible for mailing lists."));
+					return SYSINFO_RET_FAIL;
+				}
+				offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name);
+
+				if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))	/* mailbox for error messages */
+				{
+-					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:"
++							" cannot expand mailbox for error messages."));
+					return SYSINFO_RET_FAIL;
+				}
+				offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name);
+@@ -854,7 +900,8 @@ static int	dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans
+
+				if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr)))	/* target */
+				{
+-					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response."));
++					SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:"
++							" cannot expand service target hostname."));
+					return SYSINFO_RET_FAIL;
+				}
+				offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name);
+--
+2.40.0
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0001.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0001.patch
new file mode 100644
index 0000000000..5c1e0c5af6
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0001.patch
@@ -0,0 +1,193 @@
+From 93e090592fc6de7ec5d3d42c1bb9074ad1f3ba34 Mon Sep 17 00:00:00 2001
+From: Andris Zeila <andris.zeila@zabbix.com>
+Date: Fri, 12 Jan 2024 05:48:31 +0000
+Subject: [PATCH] .......PS. [DEV-2695] changed fping tests to read address
+ from file
+
+Merge in ZBX/zabbix from feature/DEV-2695-6.0 to release/6.0
+
+* commit '6603893ff94620e28fc543d5d0d4c86b9be3342e':
+  .......PS. [DEV-2695] fixed signal blocking
+  .......PS. [DEV-2695] added target hostname/ip validation in fping feature tests
+  .......PS. [DEV-2695] added error messages when failed to prepare temporary file for fping tests
+  .......PS. [DEV-2695] changed fping tests to read address from file
+
+CVE: CVE-2023-32727
+Upstream-Status: BAckport [https://github.com/zabbix/zabbix/commit/93e090592fc6de7ec5d3d42c1bb9074ad1f3ba34]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/libs/zbxicmpping/icmpping.c | 125 ++++++++++++++++++++++++++++----
+ 1 file changed, 112 insertions(+), 13 deletions(-)
+
+diff --git a/src/libs/zbxicmpping/icmpping.c b/src/libs/zbxicmpping/icmpping.c
+index 72f7e86..9a751b7 100644
+--- a/src/libs/zbxicmpping/icmpping.c
++++ b/src/libs/zbxicmpping/icmpping.c
+@@ -59,6 +59,8 @@ static void	get_source_ip_option(const char *fping, const char **option, unsigne
+
+	zbx_snprintf(tmp, sizeof(tmp), "%s -h 2>&1", fping);
+
++	zabbix_log(LOG_LEVEL_DEBUG, "executing %s", tmp);
++
+	if (NULL == (f = popen(tmp, "r")))
+		return;
+
+@@ -85,6 +87,110 @@ static void	get_source_ip_option(const char *fping, const char **option, unsigne
+	*checked = 1;
+ }
+
++/******************************************************************************
++ *                                                                            *
++ * Purpose: execute external program and return stdout and stderr values      *
++ *                                                                            *
++ * Parameters: fping         - [IN] location of fping program                 *
++ *             out           - [OUT] stdout and stderr values                 *
++ *             error         - [OUT] error string if function fails           *
++ *             max_error_len - [IN] length of error buffer                    *
++ *                                                                            *
++ * Return value: SUCCEED if processed successfully or FAIL otherwise          *
++ *                                                                            *
++ ******************************************************************************/
++static int	get_fping_out(const char *fping, const char *address, char **out, char *error, size_t max_error_len)
++{
++	FILE		*f;
++	size_t		buf_size = 0, offset = 0, len;
++	ssize_t		n;
++	char		tmp[MAX_STRING_LEN], *buffer = NULL;
++	int		ret = FAIL, fd;
++	sigset_t	mask, orig_mask;
++	char		filename[MAX_STRING_LEN];
++
++	if (FAIL == zbx_validate_hostname(address) && FAIL == is_supported_ip(address))
++	{
++		zbx_strlcpy(error, "Invalid host name or IP address", max_error_len);
++		return FAIL;
++	}
++
++	zbx_snprintf(filename, sizeof(filename), "%s/%s_XXXXXX", CONFIG_TMPDIR, progname);
++	if (-1 == (fd = mkstemp(filename)))
++	{
++		zbx_snprintf(error, max_error_len, "Cannot create temporary file \"%s\": %s", filename,
++				zbx_strerror(errno));
++
++		return FAIL;
++	}
++
++	sigemptyset(&mask);
++	sigaddset(&mask, SIGINT);
++	sigaddset(&mask, SIGQUIT);
++
++	len = strlen(address);
++	if (-1 == (n = write(fd, address, len)))
++	{
++		zbx_snprintf(error, max_error_len, "Cannot write address into temporary file: %s", zbx_strerror(errno));
++		(void)close(fd);
++		goto out;
++	}
++
++	if (n != (ssize_t)len)
++	{
++		zbx_strlcpy(error, "Cannot write full address into temporary file", max_error_len);
++		(void)close(fd);
++		goto out;
++	}
++
++	if (-1 == close(fd))
++	{
++		zbx_snprintf(error, max_error_len, "Cannot close temporary file: %s", zbx_strerror(errno));
++		goto out;
++	}
++
++	zbx_snprintf(tmp, sizeof(tmp), "%s 2>&1 < %s", fping, filename);
++
++	if (0 > sigprocmask(SIG_BLOCK, &mask, &orig_mask))
++		zbx_error("cannot set sigprocmask to block the user signal");
++
++	zabbix_log(LOG_LEVEL_DEBUG, "executing %s", tmp);
++
++	if (NULL == (f = popen(tmp, "r")))
++	{
++		zbx_strlcpy(error, zbx_strerror(errno), max_error_len);
++		goto out;
++	}
++
++	while (NULL != zbx_fgets(tmp, sizeof(tmp), f))
++	{
++		len = strlen(tmp);
++
++		if (MAX_EXECUTE_OUTPUT_LEN < offset + len)
++			break;
++
++		zbx_strncpy_alloc(&buffer, &buf_size, &offset, tmp, len);
++	}
++
++	pclose(f);
++
++	if (NULL == buffer)
++	{
++		zbx_strlcpy(error, "Cannot obtain the program output", max_error_len);
++		goto out;
++	}
++
++	*out = buffer;
++	ret = SUCCEED;
++out:
++	unlink(filename);
++
++	if (0 > sigprocmask(SIG_SETMASK, &orig_mask, NULL))
++		zbx_error("cannot restore sigprocmask");
++
++	return ret;
++}
++
+ /******************************************************************************
+  *                                                                            *
+  * Function: get_interval_option                                              *
+@@ -137,19 +243,12 @@ static int	get_interval_option(const char *fping, ZBX_FPING_HOST *hosts, int hos
+
+			zabbix_log(LOG_LEVEL_DEBUG, "testing fping interval %u ms", intervals[j]);
+
+-			zbx_snprintf(tmp, sizeof(tmp), "%s -c1 -t50 -i%u %s", fping, intervals[j], dst);
++			zbx_snprintf(tmp, sizeof(tmp), "%s -c1 -t50 -i%u", fping, intervals[j]);
+
+			zbx_free(out);
+
+			/* call fping, ignore its exit code but mind execution failures */
+-			if (TIMEOUT_ERROR == (ret_exec = zbx_execute(tmp, &out, err, sizeof(err), 1,
+-					ZBX_EXIT_CODE_CHECKS_DISABLED, NULL)))
+-			{
+-				zbx_snprintf(error, max_error_len, "Timeout while executing \"%s\"", tmp);
+-				goto out;
+-			}
+-
+-			if (FAIL == ret_exec)
++			if (SUCCEED != (ret_exec = get_fping_out(tmp, dst, &out, err, sizeof(err))))
+			{
+				zbx_snprintf(error, max_error_len, "Cannot execute \"%s\": %s", tmp, err);
+				goto out;
+@@ -251,10 +350,10 @@ static int	get_ipv6_support(const char * fping, const char *dst)
+	int	ret;
+	char	tmp[MAX_STRING_LEN], error[255], *out = NULL;
+
+-	zbx_snprintf(tmp, sizeof(tmp), "%s -6 -c1 -t50 %s", fping, dst);
++	zbx_snprintf(tmp, sizeof(tmp), "%s -6 -c1 -t50", fping);
+
+-	if ((SUCCEED == (ret = zbx_execute(tmp, &out, error, sizeof(error), 1, ZBX_EXIT_CODE_CHECKS_DISABLED, NULL)) &&
+-				ZBX_KIBIBYTE > strlen(out) && NULL != strstr(out, dst)) || TIMEOUT_ERROR == ret)
++	if (SUCCEED == (ret = get_fping_out(tmp, dst, &out, error, sizeof(error)) &&
++				ZBX_KIBIBYTE > strlen(out) && NULL != strstr(out, dst)))
+	{
+		ret = SUCCEED;
+	}
+@@ -538,7 +637,7 @@ static int	process_ping(ZBX_FPING_HOST *hosts, int hosts_count, int count, int i
+
+	fclose(f);
+
+-	zabbix_log(LOG_LEVEL_DEBUG, "%s", tmp);
++	zabbix_log(LOG_LEVEL_DEBUG, "executing %s", tmp);
+
+	sigemptyset(&mask);
+	sigaddset(&mask, SIGINT);
+--
+2.40.0
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0002.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0002.patch
new file mode 100644
index 0000000000..aabc675b6a
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0002.patch
@@ -0,0 +1,49 @@
+From 610f9fdbb86667f4094972547deb936c6cdfc6d5 Mon Sep 17 00:00:00 2001
+From: Andris Zeila <andris.zeila@zabbix.com>
+Date: Fri, 12 Jan 2024 06:06:02 +0000
+Subject: [PATCH] .......PS. [DEV-2695] removed group/all access flags for
+ fping temporary files
+
+Merge in ZBX/zabbix from feature/DEV-2695-6.5 to master
+
+* commit 'cf07db1d5c2b8fe4a9de85fed22cf05035e08914':
+  .......PS. [DEV-2695] remove group/all access flags when creating fping input file for testing fping features
+
+(cherry picked from commit cd12f0a2d89c3ef05f0e9f50dcb73fdaf3a7e8a9)
+
+CVE: CVE-2023-32727
+Upstream_Status: Backport [https://github.com/zabbix/zabbix/commit/610f9fdbb86667f4094972547deb936c6cdfc6d5]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/libs/zbxicmpping/icmpping.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/libs/zbxicmpping/icmpping.c b/src/libs/zbxicmpping/icmpping.c
+index 9a751b7..bab3d09 100644
+--- a/src/libs/zbxicmpping/icmpping.c
++++ b/src/libs/zbxicmpping/icmpping.c
+@@ -108,6 +108,7 @@ static int	get_fping_out(const char *fping, const char *address, char **out, cha
+	int		ret = FAIL, fd;
+	sigset_t	mask, orig_mask;
+	char		filename[MAX_STRING_LEN];
++	mode_t		mode;
+
+	if (FAIL == zbx_validate_hostname(address) && FAIL == is_supported_ip(address))
+	{
+@@ -116,7 +117,12 @@ static int	get_fping_out(const char *fping, const char *address, char **out, cha
+	}
+
+	zbx_snprintf(filename, sizeof(filename), "%s/%s_XXXXXX", CONFIG_TMPDIR, progname);
+-	if (-1 == (fd = mkstemp(filename)))
++
++	mode = umask(077);
++	fd = mkstemp(filename);
++	umask(mode);
++
++	if (-1 == fd)
+	{
+		zbx_snprintf(error, max_error_len, "Cannot create temporary file \"%s\": %s", filename,
+				zbx_strerror(errno));
+--
+2.40.0
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb b/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb
index f5d89d6c3d..2793f0ca5f 100644
--- a/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb
@@ -26,6 +26,14 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
 SRC_URI = "https://cdn.zabbix.com/zabbix/sources/stable/5.4/${BPN}-${PV}.tar.gz \
     file://0001-Fix-configure.ac.patch \
     file://zabbix-agent.service \
+    file://CVE-2022-43515.patch \
+    file://CVE-2022-46768.patch \
+    file://CVE-2023-29451.patch \
+    file://CVE-2023-29449.patch \
+    file://CVE-2023-29450.patch \
+    file://CVE-2023-32726.patch \
+    file://CVE-2023-32727_0001.patch \
+    file://CVE-2023-32727_0002.patch \
 "
 
 SRC_URI[md5sum] = "f295fd2df86143d72f6ff26e47d9e39e"
diff --git a/meta-oe/recipes-connectivity/zeromq/czmq_4.2.1.bb b/meta-oe/recipes-connectivity/zeromq/czmq_4.2.1.bb
index 86fde7ccfb..ce9d758d9f 100644
--- a/meta-oe/recipes-connectivity/zeromq/czmq_4.2.1.bb
+++ b/meta-oe/recipes-connectivity/zeromq/czmq_4.2.1.bb
@@ -30,8 +30,6 @@ PACKAGECONFIG[nss] = "-DCZMQ_WITH_NSS=ON,-DCZMQ_WITH_NSS=OFF,nss"
 PACKAGECONFIG[systemd] = "-DCZMQ_WITH_SYSTEMD=ON,-DCZMQ_WITH_SYSTEMD=OFF,systemd"
 PACKAGECONFIG[uuid] = "-DCZMQ_WITH_UUID=ON,-DCZMQ_WITH_UUID=OFF,util-linux"
 
-BBCLASSEXTEND = "nativesdk"
-
 do_install:append() {
         mkdir -p ${D}/${includedir}/${BPN}
         mv ${D}/${includedir}/sha1.h ${D}/${includedir}/${BPN}/.
diff --git a/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb b/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb
index c8dabc5ead..44804545de 100644
--- a/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb
+++ b/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb
@@ -9,7 +9,7 @@ SRC_URI = "git://github.com/dbus-cxx/dbus-cxx.git;branch=master;protocol=https \
            file://0001-Include-typeinfo-for-typeid.patch \
            file://0001-include-utility-header.patch \
 "
-SRC_URI:append:libc-musl = "file://fix_build_musl.patch"
+SRC_URI:append:libc-musl = " file://fix_build_musl.patch"
 SRCREV = "73532d6a5faae9c721c2cc9535b8ef32d4d18264"
 
 DEPENDS = "\
diff --git a/meta-oe/recipes-core/emlog/emlog.inc b/meta-oe/recipes-core/emlog/emlog.inc
index 824787083a..9d48e9cba3 100644
--- a/meta-oe/recipes-core/emlog/emlog.inc
+++ b/meta-oe/recipes-core/emlog/emlog.inc
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
 
 SRC_URI = "git://github.com/nicupavel/emlog.git;protocol=http;branch=master;protocol=https"
 SRCREV = "aee53e8dee862f35291242ba41b0ca88010f6c71"
-
+PV = "0.70+git${SRCPV}"
 S = "${WORKDIR}/git"
 
 EXTRA_OEMAKE += " \
diff --git a/meta-oe/recipes-core/emlog/emlog_git.bb b/meta-oe/recipes-core/emlog/emlog_git.bb
index 05fa0c334c..2ded3e204f 100644
--- a/meta-oe/recipes-core/emlog/emlog_git.bb
+++ b/meta-oe/recipes-core/emlog/emlog_git.bb
@@ -34,4 +34,6 @@ CVE_CHECK_IGNORE += "\
     CVE-2019-17073 \
     CVE-2021-44584 \
     CVE-2022-1526 \
+    CVE-2022-3968 \
+    CVE-2023-43291 \
 "
diff --git a/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.0.0.bb b/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.0.0.bb
index 76fd6b65b1..6fd826cbbd 100644
--- a/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.0.0.bb
+++ b/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.0.0.bb
@@ -39,6 +39,11 @@ do_install:append() {
     fi
 }
 
-PTEST_PATH = "${libdir}/${BPN}/tests"
+PTEST_PATH = "${libdir}/${BPN}/ptest"
+do_install_ptest() {
+    install -d ${D}${PTEST_PATH}
+    cp -r ${B}/tests/sdbus-c++-unit-tests  ${D}${PTEST_PATH}
+}
+
 FILES:${PN}-ptest =+ "${sysconfdir}/dbus-1/system.d/"
 FILES:${PN}-dev += "${bindir}/sdbus-c++-xml2cpp"
diff --git a/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb b/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb
index c95a5b2d32..1c2c6e21e0 100644
--- a/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb
+++ b/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb
@@ -16,7 +16,7 @@ S = "${WORKDIR}/git"
 
 DEPENDS = "openssl"
 
-EXTRA_OEMAKE:append = "PREFIX=${prefix} LIBDIR=${libdir} USE_SHARED_LIB=1"
+EXTRA_OEMAKE:append = " PREFIX=${prefix} LIBDIR=${libdir} USE_SHARED_LIB=1"
 # We want to statically link the binary to libfsverity on native Windows
 EXTRA_OEMAKE:remove:mingw32:class-nativesdk = "USE_SHARED_LIB=1"
 EXTRA_OEMAKE:remove:mingw32:class-native = "USE_SHARED_LIB=1"
diff --git a/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.7.bb b/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.8.bb
index 17a06349b0..17a06349b0 100644
--- a/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.7.bb
+++ b/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.8.bb
diff --git a/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-oe/recipes-dbs/mysql/mariadb.inc
index 097766e792..7c4b0a467f 100644
--- a/meta-oe/recipes-dbs/mysql/mariadb.inc
+++ b/meta-oe/recipes-dbs/mysql/mariadb.inc
@@ -21,10 +21,12 @@ SRC_URI = "https://archive.mariadb.org/${BP}/source/${BP}.tar.gz \
            file://sys_futex.patch \
            file://cross-compiling.patch \
            file://0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch \
+           file://0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch \
+	   file://CVE-2023-22084.patch \
           "
 SRC_URI:append:libc-musl = " file://ppc-remove-glibc-dep.patch"
 
-SRC_URI[sha256sum] = "fd2f9fa3f135823c1626c9700e3bd736b829bfc09f61f5557d7313a7c9e02c29"
+SRC_URI[sha256sum] = "f8c69d9080d85eafb3e3a84837bfa566a7f5527a8af6f9a081429d4de0de4778"
 
 UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/releases"
 
diff --git a/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch b/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch
new file mode 100644
index 0000000000..2fe768d754
--- /dev/null
+++ b/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch
@@ -0,0 +1,320 @@
+From b98375f9df0b024857c03c03bc3e73e8ced8d772 Mon Sep 17 00:00:00 2001
+From: Nayuta Yanagisawa <nayuta.yanagisawa@hey.com>
+Date: Tue, 27 Sep 2022 15:22:57 +0900
+Subject: [PATCH] MDEV-29644 a potential bug of null pointer dereference in
+ spider_db_mbase::print_warnings()
+
+The function spider_db_mbase::print_warnings() can potentially result
+in a null pointer dereference.
+
+Remove the null pointer dereference by cleaning up the function.
+
+Some small changes to the original commit
+422fb63a9bbee35c50b6c7be19d199afe0bc98fa.
+
+CVE: CVE-2022-47015
+
+Upstream-Status: Backport [https://github.com/MariaDB/server/commit/b98375f9df0]
+
+Co-Authored-By: Yuchen Pei <yuchen.pei@mariadb.com>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ .../spider/bugfix/r/mdev_29644.result         |  41 ++++++
+ .../mysql-test/spider/bugfix/t/mdev_29644.cnf |   3 +
+ .../spider/bugfix/t/mdev_29644.test           |  56 ++++++++
+ storage/spider/spd_db_mysql.cc                | 124 ++++++++----------
+ storage/spider/spd_db_mysql.h                 |   2 +-
+ 5 files changed, 154 insertions(+), 72 deletions(-)
+ create mode 100644 storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result
+ create mode 100644 storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf
+ create mode 100644 storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test
+
+diff --git a/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result b/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result
+new file mode 100644
+index 00000000000..b52cecc5bb7
+--- /dev/null
++++ b/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result
+@@ -0,0 +1,41 @@
++#
++# MDEV-29644 a potential bug of null pointer dereference in spider_db_mbase::print_warnings()
++#
++for master_1
++for child2
++child2_1
++child2_2
++child2_3
++for child3
++connection child2_1;
++CREATE DATABASE auto_test_remote;
++USE auto_test_remote;
++CREATE TABLE tbl_a (
++a CHAR(5)
++) ENGINE=InnoDB DEFAULT CHARSET=utf8;
++SET GLOBAL sql_mode='';
++connection master_1;
++CREATE DATABASE auto_test_local;
++USE auto_test_local;
++CREATE TABLE tbl_a (
++a CHAR(255)
++) ENGINE=Spider DEFAULT CHARSET=utf8 COMMENT='table "tbl_a", srv "s_2_1"';
++SET sql_mode='';
++INSERT INTO tbl_a VALUES ("this will be truncated");
++NOT FOUND /\[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*/ in mysqld.1.1.err
++SET GLOBAL spider_log_result_errors=4;
++INSERT INTO tbl_a VALUES ("this will be truncated");
++FOUND 1 /\[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*/ in mysqld.1.1.err
++connection master_1;
++SET GLOBAL spider_log_result_errors=DEFAULT;
++SET sql_mode=DEFAULT;
++DROP DATABASE IF EXISTS auto_test_local;
++connection child2_1;
++SET GLOBAL sql_mode=DEFAULT;
++DROP DATABASE IF EXISTS auto_test_remote;
++for master_1
++for child2
++child2_1
++child2_2
++child2_3
++for child3
+diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf
+new file mode 100644
+index 00000000000..05dfd8a0bce
+--- /dev/null
++++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf
+@@ -0,0 +1,3 @@
++!include include/default_mysqld.cnf
++!include ../my_1_1.cnf
++!include ../my_2_1.cnf
+diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test
+new file mode 100644
+index 00000000000..3a8fbb251e1
+--- /dev/null
++++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test
+@@ -0,0 +1,56 @@
++--echo #
++--echo # MDEV-29644 a potential bug of null pointer dereference in spider_db_mbase::print_warnings()
++--echo #
++
++# The test case below does not cause the potential null pointer dereference.
++# It is just for checking spider_db_mbase::fetch_and_print_warnings() works.
++
++--disable_query_log
++--disable_result_log
++--source ../../t/test_init.inc
++--enable_result_log
++--enable_query_log
++
++--connection child2_1
++CREATE DATABASE auto_test_remote;
++USE auto_test_remote;
++eval CREATE TABLE tbl_a (
++    a CHAR(5)
++) $CHILD2_1_ENGINE $CHILD2_1_CHARSET;
++
++SET GLOBAL sql_mode='';
++
++--connection master_1
++CREATE DATABASE auto_test_local;
++USE auto_test_local;
++eval CREATE TABLE tbl_a (
++    a CHAR(255)
++) $MASTER_1_ENGINE $MASTER_1_CHARSET COMMENT='table "tbl_a", srv "s_2_1"';
++
++SET sql_mode='';
++
++let SEARCH_FILE= $MYSQLTEST_VARDIR/log/mysqld.1.1.err;
++let SEARCH_PATTERN= \[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*;
++
++INSERT INTO tbl_a VALUES ("this will be truncated");
++--source include/search_pattern_in_file.inc # should not find
++
++SET GLOBAL spider_log_result_errors=4;
++
++INSERT INTO tbl_a VALUES ("this will be truncated");
++--source include/search_pattern_in_file.inc # should find
++
++--connection master_1
++SET GLOBAL spider_log_result_errors=DEFAULT;
++SET sql_mode=DEFAULT;
++DROP DATABASE IF EXISTS auto_test_local;
++
++--connection child2_1
++SET GLOBAL sql_mode=DEFAULT;
++DROP DATABASE IF EXISTS auto_test_remote;
++
++--disable_query_log
++--disable_result_log
++--source ../t/test_deinit.inc
++--enable_query_log
++--enable_result_log
+diff --git a/storage/spider/spd_db_mysql.cc b/storage/spider/spd_db_mysql.cc
+index d377d2bd807..bc8383017f7 100644
+--- a/storage/spider/spd_db_mysql.cc
++++ b/storage/spider/spd_db_mysql.cc
+@@ -2207,7 +2207,7 @@ int spider_db_mbase::exec_query(
+         db_conn->affected_rows, db_conn->insert_id,
+         db_conn->server_status, db_conn->warning_count);
+       if (spider_param_log_result_errors() >= 3)
+-        print_warnings(l_time);
++        fetch_and_print_warnings(l_time);
+     } else if (log_result_errors >= 4)
+     {
+       time_t cur_time = (time_t) time((time_t*) 0);
+@@ -2289,81 +2289,63 @@ bool spider_db_mbase::is_xa_nota_error(
+   DBUG_RETURN(xa_nota);
+ }
+ 
+-int spider_db_mbase::print_warnings(
+-  struct tm *l_time
+-) {
++int spider_db_mbase::fetch_and_print_warnings(struct tm *l_time)
++{
+   int error_num = 0;
+-  DBUG_ENTER("spider_db_mbase::print_warnings");
++  DBUG_ENTER("spider_db_mbase::fetch_and_print_warnings");
+   DBUG_PRINT("info",("spider this=%p", this));
+-  if (db_conn->status == MYSQL_STATUS_READY)
++
++  if (spider_param_dry_access() || db_conn->status != MYSQL_STATUS_READY ||
++      db_conn->server_status & SERVER_MORE_RESULTS_EXISTS ||
++      !db_conn->warning_count)
++    DBUG_RETURN(0);
++
++  if (mysql_real_query(db_conn, SPIDER_SQL_SHOW_WARNINGS_STR,
++                       SPIDER_SQL_SHOW_WARNINGS_LEN))
++    DBUG_RETURN(0);
++
++  MYSQL_RES *res= mysql_store_result(db_conn);
++  if (!res)
++    DBUG_RETURN(0);
++
++  uint num_fields= mysql_num_fields(res);
++  if (num_fields != 3)
+   {
+-    if (
+-#if MYSQL_VERSION_ID < 50500
+-      !(db_conn->last_used_con->server_status & SERVER_MORE_RESULTS_EXISTS) &&
+-      db_conn->last_used_con->warning_count
+-#else
+-      !(db_conn->server_status & SERVER_MORE_RESULTS_EXISTS) &&
+-      db_conn->warning_count
+-#endif
+-    ) {
+-      if (
+-        spider_param_dry_access() ||
+-        !mysql_real_query(db_conn, SPIDER_SQL_SHOW_WARNINGS_STR,
+-          SPIDER_SQL_SHOW_WARNINGS_LEN)
+-      ) {
+-        MYSQL_RES *res = NULL;
+-        MYSQL_ROW row = NULL;
+-        uint num_fields;
+-        if (
+-          spider_param_dry_access() ||
+-          !(res = mysql_store_result(db_conn)) ||
+-          !(row = mysql_fetch_row(res))
+-        ) {
+-          if (mysql_errno(db_conn))
+-          {
+-            if (res)
+-              mysql_free_result(res);
+-            DBUG_RETURN(0);
+-          }
+-          /* no record is ok */
+-        }
+-        num_fields = mysql_num_fields(res);
+-        if (num_fields != 3)
+-        {
+-          mysql_free_result(res);
+-          DBUG_RETURN(0);
+-        }
+-        if (l_time)
+-        {
+-          while (row)
+-          {
+-            fprintf(stderr, "%04d%02d%02d %02d:%02d:%02d [WARN SPIDER RESULT] "
+-              "from [%s] %ld to %ld: %s %s %s\n",
++    mysql_free_result(res);
++    DBUG_RETURN(0);
++  }
++
++  MYSQL_ROW row= mysql_fetch_row(res);
++  if (l_time)
++  {
++    while (row)
++    {
++      fprintf(stderr,
++              "%04d%02d%02d %02d:%02d:%02d [WARN SPIDER RESULT] from [%s] %ld "
++              "to %ld: %s %s %s\n",
+               l_time->tm_year + 1900, l_time->tm_mon + 1, l_time->tm_mday,
+-              l_time->tm_hour, l_time->tm_min, l_time->tm_sec,
+-              conn->tgt_host, (ulong) db_conn->thread_id,
+-              (ulong) current_thd->thread_id, row[0], row[1], row[2]);
+-            row = mysql_fetch_row(res);
+-          }
+-        } else {
+-          while (row)
+-          {
+-            DBUG_PRINT("info",("spider row[0]=%s", row[0]));
+-            DBUG_PRINT("info",("spider row[1]=%s", row[1]));
+-            DBUG_PRINT("info",("spider row[2]=%s", row[2]));
+-            longlong res_num =
+-              (longlong) my_strtoll10(row[1], (char**) NULL, &error_num);
+-            DBUG_PRINT("info",("spider res_num=%lld", res_num));
+-            my_printf_error((int) res_num, row[2], MYF(0));
+-            error_num = (int) res_num;
+-            row = mysql_fetch_row(res);
+-          }
+-        }
+-        if (res)
+-          mysql_free_result(res);
+-      }
++              l_time->tm_hour, l_time->tm_min, l_time->tm_sec, conn->tgt_host,
++              (ulong) db_conn->thread_id, (ulong) current_thd->thread_id, row[0],
++              row[1], row[2]);
++      row= mysql_fetch_row(res);
++    }
++  } else {
++    while (row)
++    {
++      DBUG_PRINT("info",("spider row[0]=%s", row[0]));
++      DBUG_PRINT("info",("spider row[1]=%s", row[1]));
++      DBUG_PRINT("info",("spider row[2]=%s", row[2]));
++      longlong res_num =
++        (longlong) my_strtoll10(row[1], (char**) NULL, &error_num);
++      DBUG_PRINT("info",("spider res_num=%lld", res_num));
++      my_printf_error((int) res_num, row[2], MYF(0));
++      error_num = (int) res_num;
++      row = mysql_fetch_row(res);
+     }
+   }
++    
++  mysql_free_result(res);
++
+   DBUG_RETURN(error_num);
+ }
+ 
+@@ -14668,7 +14650,7 @@ int spider_mbase_handler::show_table_status(
+       DBUG_RETURN(error_num);
+     }
+   }
+-  if ((error_num = ((spider_db_mbase *) conn->db_conn)->print_warnings(NULL)))
++  if ((error_num = ((spider_db_mbase *) conn->db_conn)->fetch_and_print_warnings(NULL)))
+   {
+     DBUG_RETURN(error_num);
+   }
+diff --git a/storage/spider/spd_db_mysql.h b/storage/spider/spd_db_mysql.h
+index e90461ea278..a2012352f21 100644
+--- a/storage/spider/spd_db_mysql.h
++++ b/storage/spider/spd_db_mysql.h
+@@ -442,7 +442,7 @@ class spider_db_mbase: public spider_db_conn
+   bool is_xa_nota_error(
+     int error_num
+   );
+-  int print_warnings(
++  int fetch_and_print_warnings(
+     struct tm *l_time
+   );
+   spider_db_result *store_result(
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-dbs/mysql/mariadb/CVE-2023-22084.patch b/meta-oe/recipes-dbs/mysql/mariadb/CVE-2023-22084.patch
new file mode 100644
index 0000000000..3053614854
--- /dev/null
+++ b/meta-oe/recipes-dbs/mysql/mariadb/CVE-2023-22084.patch
@@ -0,0 +1,91 @@
+From 15ae97b1c2c14f1263cdc853673c4129625323de Mon Sep 17 00:00:00 2001
+From: Marko Mäkelä <marko.makela@mariadb.com>
+Date: Thu, 8 Feb 2024 08:09:20 +0000
+Subject: [PATCH] MDEV-32578 row_merge_fts_doc_tokenize() handles parser plugin
+  inconsistently
+
+When mysql/mysql-server@0c954c2
+added a plugin interface for FULLTEXT INDEX tokenization to MySQL 5.7,
+fts_tokenize_ctx::processed_len got a second meaning, which is only
+partly implemented in row_merge_fts_doc_tokenize().
+
+This inconsistency could cause a crash when using FULLTEXT...WITH PARSER.
+A test case that would crash MySQL 8.0 when using an n-gram parser and
+single-character words would fail to crash in MySQL 5.7, because the
+buf_full condition in row_merge_fts_doc_tokenize() was not met.
+
+This change is inspired by
+mysql/mysql-server@38e9a07
+that appeared in MySQL 5.7.44.
+
+CVE: CVE-2023-22084
+Upstream-Status: Backport [https://github.com/MariaDB/server/commit/15ae97b1c2c1]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ storage/innobase/include/row0ftsort.h |  6 +++++-
+ storage/innobase/row/row0ftsort.cc    | 11 ++++++++---
+ 2 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/storage/innobase/include/row0ftsort.h b/storage/innobase/include/row0ftsort.h
+index 65508caf..3ffa8243 100644
+--- a/storage/innobase/include/row0ftsort.h
++++ b/storage/innobase/include/row0ftsort.h
+@@ -104,7 +104,10 @@ typedef UT_LIST_BASE_NODE_T(row_fts_token_t)     fts_token_list_t;
+
+ /** Structure stores information from string tokenization operation */
+ struct fts_tokenize_ctx {
+-	ulint			processed_len;  /*!< processed string length */
++	/** the processed string length in bytes
++	(when using the built-in tokenizer),
++	or the number of row_merge_fts_doc_tokenize_by_parser() calls */
++	ulint			processed_len;
+	ulint			init_pos;       /*!< doc start position */
+	ulint			buf_used;       /*!< the sort buffer (ID) when
+						tokenization stops, which
+@@ -115,6 +118,7 @@ struct fts_tokenize_ctx {
+	ib_rbt_t*		cached_stopword;/*!< in: stopword list */
+	dfield_t		sort_field[FTS_NUM_FIELDS_SORT];
+						/*!< in: sort field */
++	/** parsed tokens (when using an external parser) */
+	fts_token_list_t	fts_token_list;
+
+	fts_tokenize_ctx() :
+diff --git a/storage/innobase/row/row0ftsort.cc b/storage/innobase/row/row0ftsort.cc
+index 86e96624..406ff60f 100644
+--- a/storage/innobase/row/row0ftsort.cc
++++ b/storage/innobase/row/row0ftsort.cc
+@@ -491,7 +491,10 @@ row_merge_fts_doc_tokenize(
+
+	/* Tokenize the data and add each word string, its corresponding
+	doc id and position to sort buffer */
+-	while (t_ctx->processed_len < doc->text.f_len) {
++	while (parser
++               ? (!t_ctx->processed_len
++                  || UT_LIST_GET_LEN(t_ctx->fts_token_list))
++               : t_ctx->processed_len < doc->text.f_len) {
+		ulint		idx = 0;
+		ulint		cur_len;
+		doc_id_t	write_doc_id;
+@@ -831,7 +834,8 @@ void fts_parallel_tokenization(
+			/* Not yet finish processing the "doc" on hand,
+			continue processing it */
+			ut_ad(doc.text.f_str);
+-			ut_ad(t_ctx.processed_len < doc.text.f_len);
++			ut_ad(buf[0]->index->parser
++			      || t_ctx.processed_len < doc.text.f_len);
+		}
+
+		processed = row_merge_fts_doc_tokenize(
+@@ -841,7 +845,8 @@ void fts_parallel_tokenization(
+
+		/* Current sort buffer full, need to recycle */
+		if (!processed) {
+-			ut_ad(t_ctx.processed_len < doc.text.f_len);
++			ut_ad(buf[0]->index->parser
++			      || t_ctx.processed_len < doc.text.f_len);
+			ut_ad(t_ctx.rows_added[t_ctx.buf_used]);
+			break;
+		}
+--
+2.40.0
diff --git a/meta-oe/recipes-dbs/mysql/mariadb_10.7.7.bb b/meta-oe/recipes-dbs/mysql/mariadb_10.7.8.bb
index 87faabfa27..87faabfa27 100644
--- a/meta-oe/recipes-dbs/mysql/mariadb_10.7.7.bb
+++ b/meta-oe/recipes-dbs/mysql/mariadb_10.7.8.bb
diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch
index 90b7419495..46343674fc 100644
--- a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch
+++ b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch
@@ -1,16 +1,17 @@
-From 780fd27ea6f7f2c446c46a7a5e26d94106c67efd Mon Sep 17 00:00:00 2001
+From 0801befde991250b4502954fdec61bec8c33da3b Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Sun, 20 Nov 2016 15:04:52 +0000
 Subject: [PATCH] Add support for RISC-V.
 
 The architecture is sufficiently similar to aarch64 that simply
 extending the existing aarch64 macro works.
+
 ---
  src/include/storage/s_lock.h | 5 +++--
  1 file changed, 3 insertions(+), 2 deletions(-)
 
 diff --git a/src/include/storage/s_lock.h b/src/include/storage/s_lock.h
-index dccbd29..ad60429 100644
+index 95049f0..e08c963 100644
 --- a/src/include/storage/s_lock.h
 +++ b/src/include/storage/s_lock.h
 @@ -317,11 +317,12 @@ tas(volatile slock_t *lock)
@@ -35,7 +36,4 @@ index dccbd29..ad60429 100644
 +#endif	 /* __arm__ || __arm || __aarch64__ || __aarch64 || __riscv */
  
  
- /*
--- 
-2.34.1
-
+ /* S/390 and S/390x Linux (32- and 64-bit zSeries) */
diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch
index 02f4c9e513..eeffe6bcb1 100644
--- a/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch
+++ b/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch
@@ -1,4 +1,4 @@
-From bbba8a5261a99e79c9cd4693ef56021014a9856b Mon Sep 17 00:00:00 2001
+From e167d58d6be1b1ee4d49571650444700ab97ed7c Mon Sep 17 00:00:00 2001
 From: Changqing Li <changqing.li@windriver.com>
 Date: Mon, 28 Dec 2020 16:38:21 +0800
 Subject: [PATCH] Improve reproducibility,
@@ -18,6 +18,7 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 
 update patch for v13.1
 Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
 ---
  src/common/Makefile | 3 ---
  1 file changed, 3 deletions(-)
@@ -36,6 +37,3 @@ index 880722f..7a9b9d4 100644
  override CPPFLAGS += -DVAL_CFLAGS_SL="\"$(CFLAGS_SL)\""
  override CPPFLAGS += -DVAL_LDFLAGS="\"$(STD_LDFLAGS)\""
  override CPPFLAGS += -DVAL_LDFLAGS_EX="\"$(LDFLAGS_EX)\""
--- 
-2.34.1
-
diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch b/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch
index 52ca276da6..eff69140f7 100644
--- a/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch
+++ b/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch
@@ -1,4 +1,4 @@
-From b92eebe8b0760fee7bd55c6c22318620c2c07579 Mon Sep 17 00:00:00 2001
+From 805f03529c7fc33685979651562112bab524e5a5 Mon Sep 17 00:00:00 2001
 From: Mingli Yu <mingli.yu@windriver.com>
 Date: Mon, 1 Aug 2022 15:44:38 +0800
 Subject: [PATCH] config_info.c: not expose build info
@@ -8,13 +8,14 @@ Don't collect the build information to fix the buildpaths issue.
 Upstream-Status: Inappropriate [oe specific]
 
 Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+
 ---
  configure.ac             |  2 +-
- src/common/config_info.c | 68 ----------------------------------------
- 2 files changed, 1 insertion(+), 69 deletions(-)
+ src/common/config_info.c | 70 +---------------------------------------
+ 2 files changed, 2 insertions(+), 70 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index 0eb595b..508487b 100644
+index 54a539e..c6edc0a 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -23,7 +23,7 @@ AC_COPYRIGHT([Copyright (c) 1996-2021, PostgreSQL Global Development Group])
@@ -27,10 +28,10 @@ index 0eb595b..508487b 100644
  [PG_MAJORVERSION=`expr "$PACKAGE_VERSION" : '\([0-9][0-9]*\)'`]
  [PG_MINORVERSION=`expr "$PACKAGE_VERSION" : '.*\.\([0-9][0-9]*\)'`]
 diff --git a/src/common/config_info.c b/src/common/config_info.c
-index e72e729..b482c20 100644
+index e72e729..a020236 100644
 --- a/src/common/config_info.c
 +++ b/src/common/config_info.c
-@@ -38,7 +38,7 @@
+@@ -38,7 +38,7 @@ get_configdata(const char *my_exec_path, size_t *configdata_len)
  	int			i = 0;
  
  	/* Adjust this to match the number of items filled below */
@@ -39,7 +40,7 @@ index e72e729..b482c20 100644
  	configdata = (ConfigData *) palloc(*configdata_len * sizeof(ConfigData));
  
  	configdata[i].name = pstrdup("BINDIR");
-@@ -123,74 +123,6 @@
+@@ -123,74 +123,6 @@ get_configdata(const char *my_exec_path, size_t *configdata_len)
  	configdata[i].setting = pstrdup(path);
  	i++;
  
@@ -114,6 +115,3 @@ index e72e729..b482c20 100644
  	configdata[i].name = pstrdup("VERSION");
  	configdata[i].setting = pstrdup("PostgreSQL " PG_VERSION);
  	i++;
--- 
-2.25.1
-
diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch b/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch
index 4a576d7172..807eac219b 100644
--- a/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch
+++ b/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch
@@ -1,4 +1,4 @@
-From 258c6bd2ad96f2c42f1cb5f4c84e4ca5865059f0 Mon Sep 17 00:00:00 2001
+From c48f2f132744a0b4a2473ec178d63c1d4d1a4a86 Mon Sep 17 00:00:00 2001
 From: Yi Fan Yu <yifan.yu@windriver.com>
 Date: Fri, 5 Feb 2021 17:15:42 -0500
 Subject: [PATCH] configure.ac: bypass autoconf 2.69 version check
@@ -14,12 +14,12 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
  1 file changed, 4 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index ffe878e..c39799b 100644
+index e59dc99..41b4732 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros
  
- AC_INIT([PostgreSQL], [14.5], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/])
+ AC_INIT([PostgreSQL], [14.11], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/])
  
 -m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required.
 -Untested combinations of 'autoconf' and PostgreSQL versions are not
diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch b/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch
new file mode 100644
index 0000000000..555fd7f1fc
--- /dev/null
+++ b/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch
@@ -0,0 +1,47 @@
+From 5a17b7b88776cbbe5b37838baff71726b8a6e7dd Mon Sep 17 00:00:00 2001
+From: Manoj Saun <manojsingh.saun@windriver.com>
+Date: Wed, 22 Mar 2023 08:07:26 +0000
+Subject: [PATCH] postgresql: fix ptest failure of sysviews
+
+The patch "0001-config_info.c-not-expose-build-info.patch" hides the debug info
+in pg_config table which reduces the count of rows from pg_config and leads to
+sysviews test failure.
+To fix it we need to reduce the count of parameters in sysviews test.
+Also we need to reduce the row count in expected result of sysview test
+to make the test output shown as pass.
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Manoj Saun <manojsingh.saun@windriver.com>
+
+---
+ src/test/regress/expected/sysviews.out | 2 +-
+ src/test/regress/sql/sysviews.sql      | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/test/regress/expected/sysviews.out b/src/test/regress/expected/sysviews.out
+index 2088857..96a15cc 100644
+--- a/src/test/regress/expected/sysviews.out
++++ b/src/test/regress/expected/sysviews.out
+@@ -29,7 +29,7 @@ select name, ident, parent, level, total_bytes >= free_bytes
+ (1 row)
+ 
+ -- At introduction, pg_config had 23 entries; it may grow
+-select count(*) > 20 as ok from pg_config;
++select count(*) > 13 as ok from pg_config;
+  ok 
+ ----
+  t
+diff --git a/src/test/regress/sql/sysviews.sql b/src/test/regress/sql/sysviews.sql
+index b24816e..72ff887 100644
+--- a/src/test/regress/sql/sysviews.sql
++++ b/src/test/regress/sql/sysviews.sql
+@@ -18,7 +18,7 @@ select name, ident, parent, level, total_bytes >= free_bytes
+   from pg_backend_memory_contexts where level = 0;
+ 
+ -- At introduction, pg_config had 23 entries; it may grow
+-select count(*) > 20 as ok from pg_config;
++select count(*) > 13 as ok from pg_config;
+ 
+ -- We expect no cursors in this test; see also portals.sql
+ select count(*) = 0 as ok from pg_cursors;
diff --git a/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch b/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch
index fa46912eef..b742bd53bd 100644
--- a/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch
+++ b/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch
@@ -1,4 +1,4 @@
-From 56b830edecff1cac5f8a8a956e7a7eeef2aa7c17 Mon Sep 17 00:00:00 2001
+From 09fad1883f3312965a8d066f8477166eaa4db2c7 Mon Sep 17 00:00:00 2001
 From: Changqing Li <changqing.li@windriver.com>
 Date: Tue, 27 Nov 2018 13:25:15 +0800
 Subject: [PATCH] not check libperl under cross compiling
@@ -15,15 +15,16 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com>
 
 update patch to version 11.1
 Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
 ---
  configure.ac | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/configure.ac b/configure.ac
-index fba79ee..7170f26 100644
+index 159f2a2..d0f0b14 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -2261,7 +2261,7 @@ Use --without-tcl to disable building PL/Tcl.])
+@@ -2332,7 +2332,7 @@ Use --without-tcl to disable building PL/Tcl.])
  fi
  
  # check for <perl.h>
@@ -32,6 +33,3 @@ index fba79ee..7170f26 100644
    ac_save_CPPFLAGS=$CPPFLAGS
    CPPFLAGS="$CPPFLAGS $perl_includespec"
    AC_CHECK_HEADER(perl.h, [], [AC_MSG_ERROR([header file <perl.h> is required for Perl])],
--- 
-2.34.1
-
diff --git a/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch b/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch
deleted file mode 100644
index 92a3dcc710..0000000000
--- a/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Remove duplicate code for riscv
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
---- a/src/include/storage/s_lock.h
-+++ b/src/include/storage/s_lock.h
-@@ -341,30 +341,6 @@ tas(volatile slock_t *lock)
- #endif	 /* HAVE_GCC__SYNC_INT32_TAS */
- #endif	 /* __arm__ || __arm || __aarch64__ || __aarch64 || __riscv */
- 
--
--/*
-- * RISC-V likewise uses __sync_lock_test_and_set(int *, int) if available.
-- */
--#if defined(__riscv)
--#ifdef HAVE_GCC__SYNC_INT32_TAS
--#define HAS_TEST_AND_SET
--
--#define TAS(lock) tas(lock)
--
--typedef int slock_t;
--
--static __inline__ int
--tas(volatile slock_t *lock)
--{
--	return __sync_lock_test_and_set(lock, 1);
--}
--
--#define S_UNLOCK(lock) __sync_lock_release(lock)
--
--#endif	 /* HAVE_GCC__SYNC_INT32_TAS */
--#endif	 /* __riscv */
--
--
- /* S/390 and S/390x Linux (32- and 64-bit zSeries) */
- #if defined(__s390__) || defined(__s390x__)
- #define HAS_TEST_AND_SET
diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb b/meta-oe/recipes-dbs/postgresql/postgresql_14.11.bb
index 1551d34053..8a8c3b9f1e 100644
--- a/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb
+++ b/meta-oe/recipes-dbs/postgresql/postgresql_14.11.bb
@@ -1,17 +1,17 @@
 require postgresql.inc
 
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=75af6e3eeec4a06cdd2e578673236fc3"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=89afbb2d7716371015101c2b2cb4297a"
 
 SRC_URI += "\
    file://not-check-libperl.patch \
    file://0001-Add-support-for-RISC-V.patch \
    file://0001-Improve-reproducibility.patch \
    file://0001-configure.ac-bypass-autoconf-2.69-version-check.patch \
-   file://remove_duplicate.patch \
    file://0001-config_info.c-not-expose-build-info.patch \
+   file://0001-postgresql-fix-ptest-failure-of-sysviews.patch \
 "
 
-SRC_URI[sha256sum] = "d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30"
+SRC_URI[sha256sum] = "a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8"
 
 CVE_CHECK_IGNORE += "\
    CVE-2017-8806 \
diff --git a/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch b/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch
new file mode 100644
index 0000000000..88f3816b0f
--- /dev/null
+++ b/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch
@@ -0,0 +1,31 @@
+From b436bc4ef31e29d73363d60b84e77eb419f46c50 Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <slyich@gmail.com>
+Date: Fri, 27 May 2022 22:27:58 +0100
+Subject: [PATCH] absl/strings/internal/str_format/extension.h: add missing
+ <stdint.h> include
+
+Without the change absl-cpp build fails on this week's gcc-13 snapshot as:
+
+    /build/abseil-cpp/absl/strings/internal/str_format/extension.h:34:33: error: found ':' in nested-name-specifier, expected '::'
+       34 | enum class FormatConversionChar : uint8_t;
+          |                                 ^
+          |                                 ::
+
+Upstream-Status: Backport [20220623.0 36a4b073f1e7e02ed7d1ac140767e36f82f09b7c]
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ absl/strings/internal/str_format/extension.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/absl/strings/internal/str_format/extension.h b/absl/strings/internal/str_format/extension.h
+index c47536d6..08c3fbeb 100644
+--- a/absl/strings/internal/str_format/extension.h
++++ b/absl/strings/internal/str_format/extension.h
+@@ -17,6 +17,7 @@
+ #define ABSL_STRINGS_INTERNAL_STR_FORMAT_EXTENSION_H_
+ 
+ #include <limits.h>
++#include <stdint.h>
+ 
+ #include <cstddef>
+ #include <cstring>
diff --git a/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb b/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb
index 1bb27d4369..30eef75ffb 100644
--- a/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb
+++ b/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/abseil/abseil-cpp;branch=${BRANCH};protocol=https \
            file://0001-absl-always-use-asm-sgidefs.h.patch             \
            file://0002-Remove-maes-option-from-cross-compilation.patch \
            file://abseil-ppc-fixes.patch \
+           file://0001-absl-strings-internal-str_format-extension.h-add-mis.patch \
           "
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-devtools/capnproto/capnproto_0.9.1.bb b/meta-oe/recipes-devtools/capnproto/capnproto_0.9.2.bb
index d14bd843ef..d114ad0c63 100644
--- a/meta-oe/recipes-devtools/capnproto/capnproto_0.9.1.bb
+++ b/meta-oe/recipes-devtools/capnproto/capnproto_0.9.2.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://../LICENSE;md5=a05663ae6cca874123bf667a60dca8c9"
 
 SRC_URI = "git://github.com/sandstorm-io/capnproto.git;branch=release-${PV};protocol=https \
            "
-SRCREV = "b49431c48d40490ef979247d308af63345376cee"
+SRCREV = "0274bf17374df912ea834687c667bed33bd318db"
 
 S = "${WORKDIR}/git/c++"
 
diff --git a/meta-oe/recipes-devtools/cjson/cjson_1.7.15.bb b/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb
index 200f751669..c9c38a9fe3 100644
--- a/meta-oe/recipes-devtools/cjson/cjson_1.7.15.bb
+++ b/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb
@@ -6,7 +6,7 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=218947f77e8cb8e2fa02918dc41c50d0"
 
 SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https"
-SRCREV = "d348621ca93571343a56862df7de4ff3bc9b5667"
+SRCREV = "87d8f0961a01bf09bef98ff89bae9fdec42181ee"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-oe/recipes-devtools/exprtk/exprtk_git.bb b/meta-oe/recipes-devtools/exprtk/exprtk_git.bb
index 52975c8215..4019f26899 100644
--- a/meta-oe/recipes-devtools/exprtk/exprtk_git.bb
+++ b/meta-oe/recipes-devtools/exprtk/exprtk_git.bb
@@ -3,9 +3,9 @@ HOMEPAGE = "https://github.com/ArashPartow/exprtk"
 SECTION = "libs"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
-SRCREV = "281c2ccc65b8f91c012ea3725ebcef406378a225"
+SRCREV = "f46bffcd6966d38a09023fb37ba9335214c9b959"
 
-SRC_URI = "git://github.com/ArashPartow/exprtk.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/ArashPartow/exprtk.git;branch=release;protocol=https"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb b/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb
index bf74f1229f..44478ea0b2 100644
--- a/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb
+++ b/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb
@@ -25,12 +25,17 @@ BUILD_CXXFLAGS += "-fPIC"
 # BUILD_TYPE=Release is required, otherwise flatc is not installed
 EXTRA_OECMAKE += "\
     -DCMAKE_BUILD_TYPE=Release \
-    -DFLATBUFFERS_BUILD_TESTS=OFF \    
+    -DFLATBUFFERS_BUILD_TESTS=OFF \
     -DFLATBUFFERS_BUILD_SHAREDLIB=ON \
 "
 
 inherit cmake
 
+rm_flatc_cmaketarget_for_target() {
+    rm -f "${SYSROOT_DESTDIR}/${libdir}/cmake/flatbuffers/FlatcTargets.cmake"
+}
+SYSROOT_PREPROCESS_FUNCS:class-target += "rm_flatc_cmaketarget_for_target"
+
 do_install:append() {
     install -d ${D}${PYTHON_SITEPACKAGES_DIR}
     cp -rf ${S}/python/flatbuffers ${D}${PYTHON_SITEPACKAGES_DIR}
diff --git a/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb b/meta-oe/recipes-devtools/grpc/grpc_1.46.7.bb
index c2f952fc64..ab6f6e46cd 100644
--- a/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb
+++ b/meta-oe/recipes-devtools/grpc/grpc_1.46.7.bb
@@ -20,8 +20,8 @@ RDEPENDS:${PN}-dev:append:class-native = " ${PN}-compiler"
 # RDEPENDS:${PN}-dev += "${PN}-compiler"
 
 S = "${WORKDIR}/git"
-SRCREV_grpc = "b39ffcc425ea990a537f98ec6fe6a1dcb90470d7"
-BRANCH = "v1.45.x"
+SRCREV_grpc = "02384e39185f109bd299eb8482306229967dc970"
+BRANCH = "v1.46.x"
 SRC_URI = "git://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BRANCH} \
            file://0001-Revert-Changed-GRPCPP_ABSEIL_SYNC-to-GPR_ABSEIL_SYNC.patch \
            file://0001-cmake-add-separate-export-for-plugin-targets.patch \
@@ -66,3 +66,6 @@ FILES:${PN}-compiler += " \
     ${bindir} \
     ${libdir}/libgrpc_plugin_support${SOLIBS} \
     "
+
+# this CVE was introduced in v1.53.0 and not backported to v1.46.x branch
+CVE_CHECK_IGNORE += "CVE-2023-32732"
diff --git a/meta-oe/recipes-devtools/heaptrack/heaptrack_1.2.0.bb b/meta-oe/recipes-devtools/heaptrack/heaptrack_1.2.0.bb
index 29937e26d0..be2c0f5394 100644
--- a/meta-oe/recipes-devtools/heaptrack/heaptrack_1.2.0.bb
+++ b/meta-oe/recipes-devtools/heaptrack/heaptrack_1.2.0.bb
@@ -29,4 +29,4 @@ EXTRA_OECMAKE += "-DHEAPTRACK_BUILD_GUI=OFF"
 COMPATIBLE_HOST:riscv32 = "null"
 COMPATIBLE_HOST:riscv64 = "null"
 
-BBCLASSEXTEND = "native nativesdk"
+BBCLASSEXTEND = "native"
diff --git a/meta-oe/recipes-devtools/lapack/lapack_3.10.0.bb b/meta-oe/recipes-devtools/lapack/lapack_3.10.0.bb
index c82761ac34..87d51d8a4d 100644
--- a/meta-oe/recipes-devtools/lapack/lapack_3.10.0.bb
+++ b/meta-oe/recipes-devtools/lapack/lapack_3.10.0.bb
@@ -17,6 +17,9 @@ SRCREV = "aa631b4b4bd13f6ae2dbab9ae9da209e1e05b0fc"
 SRC_URI = "git://github.com/Reference-LAPACK/lapack.git;protocol=https;branch=master"
 S = "${WORKDIR}/git"
 
+PACKAGECONFIG ?= ""
+PACKAGECONFIG[lapacke] = "-DLAPACKE=ON,-DLAPACKE=OFF"
+
 EXTRA_OECMAKE = " -DBUILD_SHARED_LIBS=ON "
 OECMAKE_GENERATOR = "Unix Makefiles"
 
diff --git a/meta-oe/recipes-devtools/nlohmann-json/files/run-ptest b/meta-oe/recipes-devtools/nlohmann-json/files/run-ptest
new file mode 100755
index 0000000000..2f00267d50
--- /dev/null
+++ b/meta-oe/recipes-devtools/nlohmann-json/files/run-ptest
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+cd tests
+for atest in test-* ; do
+    rm -rf tests.log
+    ./${atest} > tests.log 2>&1
+    if [ $? = 0 ] ; then
+        echo "PASS: ${atest}"
+    else
+        echo "FAIL: ${atest}"
+    fi
+done
diff --git a/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb b/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb
index 0cf6fd36bc..8c45949142 100644
--- a/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb
+++ b/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb
@@ -6,23 +6,37 @@ LIC_FILES_CHKSUM = "file://LICENSE.MIT;md5=f969127d7b7ed0a8a63c2bbeae002588"
 
 CVE_PRODUCT = "json-for-modern-cpp"
 
-SRC_URI = "git://github.com/nlohmann/json.git;nobranch=1;protocol=https \
-           "
+SRC_URI = "git://github.com/nlohmann/json.git;branch=develop;protocol=https \
+           git://github.com/nlohmann/json_test_data.git;destsuffix=git/json_test_data;name=json-test-data;branch=master;protocol=https \
+           file://run-ptest \
+"
 
 SRCREV = "4f8fba14066156b73f1189a2b8bd568bde5284c5"
+SRCREV_json-test-data = "a1375cea09d27cc1c4cadb8d00470375b421ac37"
+
+SRCREV_FORMAT = "json-test-data"
 
 S = "${WORKDIR}/git"
 
-inherit cmake
+inherit cmake ptest
 
-EXTRA_OECMAKE += "-DJSON_BuildTests=OFF"
+EXTRA_OECMAKE += "${@bb.utils.contains('PTEST_ENABLED', '1', '-DJSON_BuildTests=ON -DJSON_TestDataDirectory=${PTEST_PATH}/json_test_data', '-DJSON_BuildTests=OFF', d)}"
 
 # nlohmann-json is a header only C++ library, so the main package will be empty.
-
+ALLOW_EMPTY:${PN} = "1"
 RDEPENDS:${PN}-dev = ""
+RDEPENDS:${PN}-ptest = "perl"
 
 BBCLASSEXTEND = "native nativesdk"
 
+
+do_install_ptest () {
+    install -d ${D}${PTEST_PATH}/tests
+    cp -r ${S}/json_test_data/ ${D}${PTEST_PATH}/
+    cp -r ${B}/test/test-* ${D}${PTEST_PATH}/tests
+}
+
+
 # other packages commonly reference the file directly as "json.hpp"
 # create symlink to allow this usage
 do_install:append() {
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.18/oe-npm-cache b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.20/oe-npm-cache
index f596207648..f596207648 100755
--- a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.18/oe-npm-cache
+++ b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.20/oe-npm-cache
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.18.bb b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.20.bb
index a61dd5018f..a61dd5018f 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.18.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.20.bb
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-25883.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-25883.patch
new file mode 100644
index 0000000000..4c73b556f9
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-25883.patch
@@ -0,0 +1,262 @@
+From 717534ee353682f3bcf33e60a8af4292626d4441 Mon Sep 17 00:00:00 2001
+From: Luke Karrys <luke@lukekarrys.com>
+Date: Thu, 15 Jun 2023 12:21:14 -0700
+Subject: [PATCH] fix: better handling of whitespace (#564)
+
+CVE: CVE-2022-25883
+
+Upstream-Status: Backport [https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ .../node_modules/semver/classes/comparator.js |  3 +-
+ deps/npm/node_modules/semver/classes/range.js | 64 +++++++++++--------
+ .../npm/node_modules/semver/classes/semver.js |  2 +-
+ .../node_modules/semver/functions/coerce.js   |  2 +-
+ deps/npm/node_modules/semver/internal/re.js   | 11 ++++
+ deps/npm/node_modules/semver/package.json     |  2 +-
+ 6 files changed, 53 insertions(+), 31 deletions(-)
+
+diff --git a/deps/npm/node_modules/semver/classes/comparator.js b/deps/npm/node_modules/semver/classes/comparator.js
+index 62cd204..c909446 100644
+--- a/deps/npm/node_modules/semver/classes/comparator.js
++++ b/deps/npm/node_modules/semver/classes/comparator.js
+@@ -16,6 +16,7 @@ class Comparator {
+       }
+     }
+
++    comp = comp.trim().split(/\s+/).join(' ')
+     debug('comparator', comp, options)
+     this.options = options
+     this.loose = !!options.loose
+@@ -129,7 +130,7 @@ class Comparator {
+ module.exports = Comparator
+
+ const parseOptions = require('../internal/parse-options')
+-const { re, t } = require('../internal/re')
++const { safeRe: re, t } = require('../internal/re')
+ const cmp = require('../functions/cmp')
+ const debug = require('../internal/debug')
+ const SemVer = require('./semver')
+diff --git a/deps/npm/node_modules/semver/classes/range.js b/deps/npm/node_modules/semver/classes/range.js
+index 7dc24bc..8e2e1f9 100644
+--- a/deps/npm/node_modules/semver/classes/range.js
++++ b/deps/npm/node_modules/semver/classes/range.js
+@@ -26,19 +26,26 @@ class Range {
+     this.loose = !!options.loose
+     this.includePrerelease = !!options.includePrerelease
+
+-    // First, split based on boolean or ||
++    // First reduce all whitespace as much as possible so we do not have to rely
++    // on potentially slow regexes like \s*. This is then stored and used for
++    // future error messages as well.
+     this.raw = range
+-    this.set = range
++      .trim()
++      .split(/\s+/)
++      .join(' ')
++
++    // First, split on ||
++    this.set = this.raw
+       .split('||')
+       // map the range to a 2d array of comparators
+-      .map(r => this.parseRange(r.trim()))
++      .map(r => this.parseRange(r))
+       // throw out any comparator lists that are empty
+       // this generally means that it was not a valid range, which is allowed
+       // in loose mode, but will still throw if the WHOLE range is invalid.
+       .filter(c => c.length)
+
+     if (!this.set.length) {
+-      throw new TypeError(`Invalid SemVer Range: ${range}`)
++      throw new TypeError(`Invalid SemVer Range: ${this.raw}`)
+     }
+
+     // if we have any that are not the null set, throw out null sets.
+@@ -64,9 +71,7 @@ class Range {
+
+   format () {
+     this.range = this.set
+-      .map((comps) => {
+-        return comps.join(' ').trim()
+-      })
++      .map((comps) => comps.join(' ').trim())
+       .join('||')
+       .trim()
+     return this.range
+@@ -77,8 +82,6 @@ class Range {
+   }
+
+   parseRange (range) {
+-    range = range.trim()
+-
+     // memoize range parsing for performance.
+     // this is a very hot path, and fully deterministic.
+     const memoOpts = Object.keys(this.options).join(',')
+@@ -103,9 +106,6 @@ class Range {
+     // `^ 1.2.3` => `^1.2.3`
+     range = range.replace(re[t.CARETTRIM], caretTrimReplace)
+
+-    // normalize spaces
+-    range = range.split(/\s+/).join(' ')
+-
+     // At this point, the range is completely trimmed and
+     // ready to be split into comparators.
+
+@@ -200,7 +200,7 @@ const Comparator = require('./comparator')
+ const debug = require('../internal/debug')
+ const SemVer = require('./semver')
+ const {
+-  re,
++  safeRe: re,
+   t,
+   comparatorTrimReplace,
+   tildeTrimReplace,
+@@ -252,10 +252,13 @@ const isX = id => !id || id.toLowerCase() === 'x' || id === '*'
+ // ~1.2, ~1.2.x, ~>1.2, ~>1.2.x --> >=1.2.0 <1.3.0-0
+ // ~1.2.3, ~>1.2.3 --> >=1.2.3 <1.3.0-0
+ // ~1.2.0, ~>1.2.0 --> >=1.2.0 <1.3.0-0
+-const replaceTildes = (comp, options) =>
+-  comp.trim().split(/\s+/).map((c) => {
+-    return replaceTilde(c, options)
+-  }).join(' ')
++const replaceTildes = (comp, options) => {
++  return comp
++    .trim()
++    .split(/\s+/)
++    .map((c) => replaceTilde(c, options))
++    .join(' ')
++}
+
+ const replaceTilde = (comp, options) => {
+   const r = options.loose ? re[t.TILDELOOSE] : re[t.TILDE]
+@@ -291,10 +294,13 @@ const replaceTilde = (comp, options) => {
+ // ^1.2, ^1.2.x --> >=1.2.0 <2.0.0-0
+ // ^1.2.3 --> >=1.2.3 <2.0.0-0
+ // ^1.2.0 --> >=1.2.0 <2.0.0-0
+-const replaceCarets = (comp, options) =>
+-  comp.trim().split(/\s+/).map((c) => {
+-    return replaceCaret(c, options)
+-  }).join(' ')
++const replaceCarets = (comp, options) => {
++  return comp
++    .trim()
++    .split(/\s+/)
++    .map((c) => replaceCaret(c, options))
++    .join(' ')
++}
+
+ const replaceCaret = (comp, options) => {
+   debug('caret', comp, options)
+@@ -351,9 +357,10 @@ const replaceCaret = (comp, options) => {
+
+ const replaceXRanges = (comp, options) => {
+   debug('replaceXRanges', comp, options)
+-  return comp.split(/\s+/).map((c) => {
+-    return replaceXRange(c, options)
+-  }).join(' ')
++  return comp
++    .split(/\s+/)
++    .map((c) => replaceXRange(c, options))
++    .join(' ')
+ }
+
+ const replaceXRange = (comp, options) => {
+@@ -436,12 +443,15 @@ const replaceXRange = (comp, options) => {
+ const replaceStars = (comp, options) => {
+   debug('replaceStars', comp, options)
+   // Looseness is ignored here.  star is always as loose as it gets!
+-  return comp.trim().replace(re[t.STAR], '')
++  return comp
++    .trim()
++    .replace(re[t.STAR], '')
+ }
+
+ const replaceGTE0 = (comp, options) => {
+   debug('replaceGTE0', comp, options)
+-  return comp.trim()
++  return comp
++    .trim()
+     .replace(re[options.includePrerelease ? t.GTE0PRE : t.GTE0], '')
+ }
+
+@@ -479,7 +489,7 @@ const hyphenReplace = incPr => ($0,
+     to = `<=${to}`
+   }
+
+-  return (`${from} ${to}`).trim()
++  return `${from} ${to}`.trim()
+ }
+
+ const testSet = (set, version, options) => {
+diff --git a/deps/npm/node_modules/semver/classes/semver.js b/deps/npm/node_modules/semver/classes/semver.js
+index af62955..ad4e877 100644
+--- a/deps/npm/node_modules/semver/classes/semver.js
++++ b/deps/npm/node_modules/semver/classes/semver.js
+@@ -1,6 +1,6 @@
+ const debug = require('../internal/debug')
+ const { MAX_LENGTH, MAX_SAFE_INTEGER } = require('../internal/constants')
+-const { re, t } = require('../internal/re')
++const { safeRe: re, t } = require('../internal/re')
+
+ const parseOptions = require('../internal/parse-options')
+ const { compareIdentifiers } = require('../internal/identifiers')
+diff --git a/deps/npm/node_modules/semver/functions/coerce.js b/deps/npm/node_modules/semver/functions/coerce.js
+index 2e01452..febbff9 100644
+--- a/deps/npm/node_modules/semver/functions/coerce.js
++++ b/deps/npm/node_modules/semver/functions/coerce.js
+@@ -1,6 +1,6 @@
+ const SemVer = require('../classes/semver')
+ const parse = require('./parse')
+-const { re, t } = require('../internal/re')
++const { safeRe: re, t } = require('../internal/re')
+
+ const coerce = (version, options) => {
+   if (version instanceof SemVer) {
+diff --git a/deps/npm/node_modules/semver/internal/re.js b/deps/npm/node_modules/semver/internal/re.js
+index ed88398..f73ef1a 100644
+--- a/deps/npm/node_modules/semver/internal/re.js
++++ b/deps/npm/node_modules/semver/internal/re.js
+@@ -4,16 +4,27 @@ exports = module.exports = {}
+
+ // The actual regexps go on exports.re
+ const re = exports.re = []
++const safeRe = exports.safeRe = []
+ const src = exports.src = []
+ const t = exports.t = {}
+ let R = 0
+
+ const createToken = (name, value, isGlobal) => {
++  // Replace all greedy whitespace to prevent regex dos issues. These regex are
++  // used internally via the safeRe object since all inputs in this library get
++  // normalized first to trim and collapse all extra whitespace. The original
++  // regexes are exported for userland consumption and lower level usage. A
++  // future breaking change could export the safer regex only with a note that
++  // all input should have extra whitespace removed.
++  const safe = value
++    .split('\\s*').join('\\s{0,1}')
++    .split('\\s+').join('\\s')
+   const index = R++
+   debug(name, index, value)
+   t[name] = index
+   src[index] = value
+   re[index] = new RegExp(value, isGlobal ? 'g' : undefined)
++  safeRe[index] = new RegExp(safe, isGlobal ? 'g' : undefined)
+ }
+
+ // The following Regular Expressions can be used for tokenizing,
+diff --git a/deps/npm/node_modules/semver/package.json b/deps/npm/node_modules/semver/package.json
+index 7898f59..d8ae619 100644
+--- a/deps/npm/node_modules/semver/package.json
++++ b/deps/npm/node_modules/semver/package.json
+@@ -40,7 +40,7 @@
+     "range.bnf"
+   ],
+   "tap": {
+-    "check-coverage": true,
++    "timeout": 30,
+     "coverage-map": "map.js"
+   },
+   "engines": {
+--
+2.40.0
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2023-46809.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2023-46809.patch
new file mode 100644
index 0000000000..991d39fcf9
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2023-46809.patch
@@ -0,0 +1,625 @@
+From d3d357ab096884f10f5d2f164149727eea875635 Mon Sep 17 00:00:00 2001
+From: Michael Dawson <midawson@redhat.com>
+Date: Thu, 4 Jan 2024 21:32:51 +0000
+Subject: [PATCH] crypto: disable PKCS#1 padding for privateDecrypt
+
+Refs: https://hackerone.com/bugs?subject=nodejs&report_id=2269177
+
+Disable RSA_PKCS1_PADDING for crypto.privateDecrypt() in order
+to protect against the Marvin attack.
+
+Includes a security revert flag that can be used to restore
+support.
+
+Signed-off-by: Michael Dawson <midawson@redhat.com>
+PR-URL: https://github.com/nodejs-private/node-private/pull/525
+Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
+Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
+
+CVE-ID: CVE-2023-46809
+
+Upstream-Status: Backport [https://github.com/nodejs/node/commit/d3d357ab096884f1]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/crypto/crypto_cipher.cc                 |  28 ++
+ src/node_revert.h                           |   1 +
+ test/parallel/test-crypto-rsa-dsa-revert.js | 475 ++++++++++++++++++++
+ test/parallel/test-crypto-rsa-dsa.js        |  42 +-
+ 4 files changed, 533 insertions(+), 13 deletions(-)
+ create mode 100644 test/parallel/test-crypto-rsa-dsa-revert.js
+
+diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc
+index 10579ce..0311c68 100644
+--- a/src/crypto/crypto_cipher.cc
++++ b/src/crypto/crypto_cipher.cc
+@@ -6,6 +6,7 @@
+ #include "node_buffer.h"
+ #include "node_internals.h"
+ #include "node_process-inl.h"
++#include "node_revert.h"
+ #include "v8.h"
+
+ namespace node {
+@@ -1061,6 +1062,33 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
+   uint32_t padding;
+   if (!args[offset + 1]->Uint32Value(env->context()).To(&padding)) return;
+
++  if (EVP_PKEY_cipher == EVP_PKEY_decrypt &&
++      operation == PublicKeyCipher::kPrivate && padding == RSA_PKCS1_PADDING &&
++      !IsReverted(SECURITY_REVERT_CVE_2023_46809)) {
++    EVPKeyCtxPointer ctx(EVP_PKEY_CTX_new(pkey.get(), nullptr));
++    CHECK(ctx);
++
++    if (EVP_PKEY_decrypt_init(ctx.get()) <= 0) {
++      return ThrowCryptoError(env, ERR_get_error());
++    }
++
++    int rsa_pkcs1_implicit_rejection =
++        EVP_PKEY_CTX_ctrl_str(ctx.get(), "rsa_pkcs1_implicit_rejection", "1");
++    // From the doc -2 means that the option is not supported.
++    // The default for the option is enabled and if it has been
++    // specifically disabled we want to respect that so we will
++    // not throw an error if the option is supported regardless
++    // of how it is set. The call to set the value
++    // will not affect what is used since a different context is
++    // used in the call if the option is supported
++    if (rsa_pkcs1_implicit_rejection <= 0) {
++      return THROW_ERR_INVALID_ARG_VALUE(
++          env,
++          "RSA_PKCS1_PADDING is no longer supported for private decryption,"
++          " this can be reverted with --security-revert=CVE-2023-46809");
++    }
++  }
++
+   const EVP_MD* digest = nullptr;
+   if (args[offset + 2]->IsString()) {
+     const Utf8Value oaep_str(env->isolate(), args[offset + 2]);
+diff --git a/src/node_revert.h b/src/node_revert.h
+index 83dcb62..bc2a288 100644
+--- a/src/node_revert.h
++++ b/src/node_revert.h
+@@ -18,6 +18,7 @@ namespace node {
+ #define SECURITY_REVERSIONS(XX)                                            \
+   XX(CVE_2021_44531, "CVE-2021-44531", "Cert Verif Bypass via URI SAN")    \
+   XX(CVE_2021_44532, "CVE-2021-44532", "Cert Verif Bypass via Str Inject") \
++  XX(CVE_2023_46809, "CVE-2023-46809", "Marvin attack on PKCS#1 padding") \
+ //  XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")
+
+ enum reversion {
+diff --git a/test/parallel/test-crypto-rsa-dsa-revert.js b/test/parallel/test-crypto-rsa-dsa-revert.js
+new file mode 100644
+index 0000000..84ec8f6
+--- /dev/null
++++ b/test/parallel/test-crypto-rsa-dsa-revert.js
+@@ -0,0 +1,475 @@
++'use strict';
++// Flags: --security-revert=CVE-2023-46809
++const common = require('../common');
++if (!common.hasCrypto)
++  common.skip('missing crypto');
++
++const assert = require('assert');
++const crypto = require('crypto');
++
++const constants = crypto.constants;
++
++const fixtures = require('../common/fixtures');
++
++// Test certificates
++const certPem = fixtures.readKey('rsa_cert.crt');
++const keyPem = fixtures.readKey('rsa_private.pem');
++const rsaKeySize = 2048;
++const rsaPubPem = fixtures.readKey('rsa_public.pem', 'ascii');
++const rsaKeyPem = fixtures.readKey('rsa_private.pem', 'ascii');
++const rsaKeyPemEncrypted = fixtures.readKey('rsa_private_encrypted.pem',
++                                            'ascii');
++const dsaPubPem = fixtures.readKey('dsa_public.pem', 'ascii');
++const dsaKeyPem = fixtures.readKey('dsa_private.pem', 'ascii');
++const dsaKeyPemEncrypted = fixtures.readKey('dsa_private_encrypted.pem',
++                                            'ascii');
++const rsaPkcs8KeyPem = fixtures.readKey('rsa_private_pkcs8.pem');
++const dsaPkcs8KeyPem = fixtures.readKey('dsa_private_pkcs8.pem');
++
++const ec = new TextEncoder();
++
++const openssl1DecryptError = {
++  message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:' +
++    'bad decrypt',
++  code: 'ERR_OSSL_EVP_BAD_DECRYPT',
++  reason: 'bad decrypt',
++  function: 'EVP_DecryptFinal_ex',
++  library: 'digital envelope routines',
++};
++
++const decryptError = common.hasOpenSSL3 ?
++  { message: 'error:1C800064:Provider routines::bad decrypt' } :
++  openssl1DecryptError;
++
++const decryptPrivateKeyError = common.hasOpenSSL3 ? {
++  message: 'error:1C800064:Provider routines::bad decrypt',
++} : openssl1DecryptError;
++
++function getBufferCopy(buf) {
++  return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);
++}
++
++// Test RSA encryption/decryption
++{
++  const input = 'I AM THE WALRUS';
++  const bufferToEncrypt = Buffer.from(input);
++  const bufferPassword = Buffer.from('password');
++
++  let encryptedBuffer = crypto.publicEncrypt(rsaPubPem, bufferToEncrypt);
++
++  // Test other input types
++  let otherEncrypted;
++  {
++    const ab = getBufferCopy(ec.encode(rsaPubPem));
++    const ab2enc = getBufferCopy(bufferToEncrypt);
++
++    crypto.publicEncrypt(ab, ab2enc);
++    crypto.publicEncrypt(new Uint8Array(ab), new Uint8Array(ab2enc));
++    crypto.publicEncrypt(new DataView(ab), new DataView(ab2enc));
++    otherEncrypted = crypto.publicEncrypt({
++      key: Buffer.from(ab).toString('hex'),
++      encoding: 'hex'
++    }, Buffer.from(ab2enc).toString('hex'));
++  }
++
++  let decryptedBuffer = crypto.privateDecrypt(rsaKeyPem, encryptedBuffer);
++  const otherDecrypted = crypto.privateDecrypt(rsaKeyPem, otherEncrypted);
++  assert.strictEqual(decryptedBuffer.toString(), input);
++  assert.strictEqual(otherDecrypted.toString(), input);
++
++  decryptedBuffer = crypto.privateDecrypt(rsaPkcs8KeyPem, encryptedBuffer);
++  assert.strictEqual(decryptedBuffer.toString(), input);
++
++  let decryptedBufferWithPassword = crypto.privateDecrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: 'password'
++  }, encryptedBuffer);
++
++  const otherDecryptedBufferWithPassword = crypto.privateDecrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: ec.encode('password')
++  }, encryptedBuffer);
++
++  assert.strictEqual(
++    otherDecryptedBufferWithPassword.toString(),
++    decryptedBufferWithPassword.toString());
++
++  decryptedBufferWithPassword = crypto.privateDecrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: 'password'
++  }, encryptedBuffer);
++
++  assert.strictEqual(decryptedBufferWithPassword.toString(), input);
++
++  encryptedBuffer = crypto.publicEncrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: 'password'
++  }, bufferToEncrypt);
++
++  decryptedBufferWithPassword = crypto.privateDecrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: 'password'
++  }, encryptedBuffer);
++  assert.strictEqual(decryptedBufferWithPassword.toString(), input);
++
++  encryptedBuffer = crypto.privateEncrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: bufferPassword
++  }, bufferToEncrypt);
++
++  decryptedBufferWithPassword = crypto.publicDecrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: bufferPassword
++  }, encryptedBuffer);
++  assert.strictEqual(decryptedBufferWithPassword.toString(), input);
++
++  // Now with explicit RSA_PKCS1_PADDING.
++  encryptedBuffer = crypto.privateEncrypt({
++    padding: crypto.constants.RSA_PKCS1_PADDING,
++    key: rsaKeyPemEncrypted,
++    passphrase: bufferPassword
++  }, bufferToEncrypt);
++
++  decryptedBufferWithPassword = crypto.publicDecrypt({
++    padding: crypto.constants.RSA_PKCS1_PADDING,
++    key: rsaKeyPemEncrypted,
++    passphrase: bufferPassword
++  }, encryptedBuffer);
++  assert.strictEqual(decryptedBufferWithPassword.toString(), input);
++
++  // Omitting padding should be okay because RSA_PKCS1_PADDING is the default.
++  decryptedBufferWithPassword = crypto.publicDecrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: bufferPassword
++  }, encryptedBuffer);
++  assert.strictEqual(decryptedBufferWithPassword.toString(), input);
++
++  // Now with RSA_NO_PADDING. Plaintext needs to match key size.
++  // OpenSSL 3.x has a rsa_check_padding that will cause an error if
++  // RSA_NO_PADDING is used.
++  if (!common.hasOpenSSL3) {
++    {
++      const plaintext = 'x'.repeat(rsaKeySize / 8);
++      encryptedBuffer = crypto.privateEncrypt({
++        padding: crypto.constants.RSA_NO_PADDING,
++        key: rsaKeyPemEncrypted,
++        passphrase: bufferPassword
++      }, Buffer.from(plaintext));
++
++      decryptedBufferWithPassword = crypto.publicDecrypt({
++        padding: crypto.constants.RSA_NO_PADDING,
++        key: rsaKeyPemEncrypted,
++        passphrase: bufferPassword
++      }, encryptedBuffer);
++      assert.strictEqual(decryptedBufferWithPassword.toString(), plaintext);
++    }
++  }
++
++  encryptedBuffer = crypto.publicEncrypt(certPem, bufferToEncrypt);
++
++  decryptedBuffer = crypto.privateDecrypt(keyPem, encryptedBuffer);
++  assert.strictEqual(decryptedBuffer.toString(), input);
++
++  encryptedBuffer = crypto.publicEncrypt(keyPem, bufferToEncrypt);
++
++  decryptedBuffer = crypto.privateDecrypt(keyPem, encryptedBuffer);
++  assert.strictEqual(decryptedBuffer.toString(), input);
++
++  encryptedBuffer = crypto.privateEncrypt(keyPem, bufferToEncrypt);
++
++  decryptedBuffer = crypto.publicDecrypt(keyPem, encryptedBuffer);
++  assert.strictEqual(decryptedBuffer.toString(), input);
++
++  assert.throws(() => {
++    crypto.privateDecrypt({
++      key: rsaKeyPemEncrypted,
++      passphrase: 'wrong'
++    }, bufferToEncrypt);
++  }, decryptError);
++
++  assert.throws(() => {
++    crypto.publicEncrypt({
++      key: rsaKeyPemEncrypted,
++      passphrase: 'wrong'
++    }, encryptedBuffer);
++  }, decryptError);
++
++  encryptedBuffer = crypto.privateEncrypt({
++    key: rsaKeyPemEncrypted,
++    passphrase: Buffer.from('password')
++  }, bufferToEncrypt);
++
++  assert.throws(() => {
++    crypto.publicDecrypt({
++      key: rsaKeyPemEncrypted,
++      passphrase: Buffer.from('wrong')
++    }, encryptedBuffer);
++  }, decryptError);
++}
++
++function test_rsa(padding, encryptOaepHash, decryptOaepHash) {
++  const size = (padding === 'RSA_NO_PADDING') ? rsaKeySize / 8 : 32;
++  const input = Buffer.allocUnsafe(size);
++  for (let i = 0; i < input.length; i++)
++    input[i] = (i * 7 + 11) & 0xff;
++  const bufferToEncrypt = Buffer.from(input);
++
++  padding = constants[padding];
++
++  const encryptedBuffer = crypto.publicEncrypt({
++    key: rsaPubPem,
++    padding: padding,
++    oaepHash: encryptOaepHash
++  }, bufferToEncrypt);
++
++  let decryptedBuffer = crypto.privateDecrypt({
++    key: rsaKeyPem,
++    padding: padding,
++    oaepHash: decryptOaepHash
++  }, encryptedBuffer);
++  assert.deepStrictEqual(decryptedBuffer, input);
++
++  decryptedBuffer = crypto.privateDecrypt({
++    key: rsaPkcs8KeyPem,
++    padding: padding,
++    oaepHash: decryptOaepHash
++  }, encryptedBuffer);
++  assert.deepStrictEqual(decryptedBuffer, input);
++}
++
++test_rsa('RSA_NO_PADDING');
++test_rsa('RSA_PKCS1_PADDING');
++test_rsa('RSA_PKCS1_OAEP_PADDING');
++
++// Test OAEP with different hash functions.
++test_rsa('RSA_PKCS1_OAEP_PADDING', undefined, 'sha1');
++test_rsa('RSA_PKCS1_OAEP_PADDING', 'sha1', undefined);
++test_rsa('RSA_PKCS1_OAEP_PADDING', 'sha256', 'sha256');
++test_rsa('RSA_PKCS1_OAEP_PADDING', 'sha512', 'sha512');
++assert.throws(() => {
++  test_rsa('RSA_PKCS1_OAEP_PADDING', 'sha256', 'sha512');
++}, {
++  code: 'ERR_OSSL_RSA_OAEP_DECODING_ERROR'
++});
++
++// The following RSA-OAEP test cases were created using the WebCrypto API to
++// ensure compatibility when using non-SHA1 hash functions.
++{
++  const { decryptionTests } =
++      JSON.parse(fixtures.readSync('rsa-oaep-test-vectors.js', 'utf8'));
++
++  for (const { ct, oaepHash, oaepLabel } of decryptionTests) {
++    const label = oaepLabel ? Buffer.from(oaepLabel, 'hex') : undefined;
++    const copiedLabel = oaepLabel ? getBufferCopy(label) : undefined;
++
++    const decrypted = crypto.privateDecrypt({
++      key: rsaPkcs8KeyPem,
++      oaepHash,
++      oaepLabel: oaepLabel ? label : undefined
++    }, Buffer.from(ct, 'hex'));
++
++    assert.strictEqual(decrypted.toString('utf8'), 'Hello Node.js');
++
++    const otherDecrypted = crypto.privateDecrypt({
++      key: rsaPkcs8KeyPem,
++      oaepHash,
++      oaepLabel: copiedLabel
++    }, Buffer.from(ct, 'hex'));
++
++    assert.strictEqual(otherDecrypted.toString('utf8'), 'Hello Node.js');
++  }
++}
++
++// Test invalid oaepHash and oaepLabel options.
++for (const fn of [crypto.publicEncrypt, crypto.privateDecrypt]) {
++  assert.throws(() => {
++    fn({
++      key: rsaPubPem,
++      oaepHash: 'Hello world'
++    }, Buffer.alloc(10));
++  }, {
++    code: 'ERR_OSSL_EVP_INVALID_DIGEST'
++  });
++
++  for (const oaepHash of [0, false, null, Symbol(), () => {}]) {
++    assert.throws(() => {
++      fn({
++        key: rsaPubPem,
++        oaepHash
++      }, Buffer.alloc(10));
++    }, {
++      code: 'ERR_INVALID_ARG_TYPE'
++    });
++  }
++
++  for (const oaepLabel of [0, false, null, Symbol(), () => {}, {}]) {
++    assert.throws(() => {
++      fn({
++        key: rsaPubPem,
++        oaepLabel
++      }, Buffer.alloc(10));
++    }, {
++      code: 'ERR_INVALID_ARG_TYPE'
++    });
++  }
++}
++
++// Test RSA key signing/verification
++let rsaSign = crypto.createSign('SHA1');
++let rsaVerify = crypto.createVerify('SHA1');
++assert.ok(rsaSign);
++assert.ok(rsaVerify);
++
++const expectedSignature = fixtures.readKey(
++  'rsa_public_sha1_signature_signedby_rsa_private_pkcs8.sha1',
++  'hex'
++);
++
++rsaSign.update(rsaPubPem);
++let rsaSignature = rsaSign.sign(rsaKeyPem, 'hex');
++assert.strictEqual(rsaSignature, expectedSignature);
++
++rsaVerify.update(rsaPubPem);
++assert.strictEqual(rsaVerify.verify(rsaPubPem, rsaSignature, 'hex'), true);
++
++// Test RSA PKCS#8 key signing/verification
++rsaSign = crypto.createSign('SHA1');
++rsaSign.update(rsaPubPem);
++rsaSignature = rsaSign.sign(rsaPkcs8KeyPem, 'hex');
++assert.strictEqual(rsaSignature, expectedSignature);
++
++rsaVerify = crypto.createVerify('SHA1');
++rsaVerify.update(rsaPubPem);
++assert.strictEqual(rsaVerify.verify(rsaPubPem, rsaSignature, 'hex'), true);
++
++// Test RSA key signing/verification with encrypted key
++rsaSign = crypto.createSign('SHA1');
++rsaSign.update(rsaPubPem);
++const signOptions = { key: rsaKeyPemEncrypted, passphrase: 'password' };
++rsaSignature = rsaSign.sign(signOptions, 'hex');
++assert.strictEqual(rsaSignature, expectedSignature);
++
++rsaVerify = crypto.createVerify('SHA1');
++rsaVerify.update(rsaPubPem);
++assert.strictEqual(rsaVerify.verify(rsaPubPem, rsaSignature, 'hex'), true);
++
++rsaSign = crypto.createSign('SHA1');
++rsaSign.update(rsaPubPem);
++assert.throws(() => {
++  const signOptions = { key: rsaKeyPemEncrypted, passphrase: 'wrong' };
++  rsaSign.sign(signOptions, 'hex');
++}, decryptPrivateKeyError);
++
++//
++// Test RSA signing and verification
++//
++{
++  const privateKey = fixtures.readKey('rsa_private_b.pem');
++  const publicKey = fixtures.readKey('rsa_public_b.pem');
++
++  const input = 'I AM THE WALRUS';
++
++  const signature = fixtures.readKey(
++    'I_AM_THE_WALRUS_sha256_signature_signedby_rsa_private_b.sha256',
++    'hex'
++  );
++
++  const sign = crypto.createSign('SHA256');
++  sign.update(input);
++
++  const output = sign.sign(privateKey, 'hex');
++  assert.strictEqual(output, signature);
++
++  const verify = crypto.createVerify('SHA256');
++  verify.update(input);
++
++  assert.strictEqual(verify.verify(publicKey, signature, 'hex'), true);
++
++  // Test the legacy signature algorithm name.
++  const sign2 = crypto.createSign('RSA-SHA256');
++  sign2.update(input);
++
++  const output2 = sign2.sign(privateKey, 'hex');
++  assert.strictEqual(output2, signature);
++
++  const verify2 = crypto.createVerify('SHA256');
++  verify2.update(input);
++
++  assert.strictEqual(verify2.verify(publicKey, signature, 'hex'), true);
++}
++
++
++//
++// Test DSA signing and verification
++//
++{
++  const input = 'I AM THE WALRUS';
++
++  // DSA signatures vary across runs so there is no static string to verify
++  // against.
++  const sign = crypto.createSign('SHA1');
++  sign.update(input);
++  const signature = sign.sign(dsaKeyPem, 'hex');
++
++  const verify = crypto.createVerify('SHA1');
++  verify.update(input);
++
++  assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true);
++
++  // Test the legacy 'DSS1' name.
++  const sign2 = crypto.createSign('DSS1');
++  sign2.update(input);
++  const signature2 = sign2.sign(dsaKeyPem, 'hex');
++
++  const verify2 = crypto.createVerify('DSS1');
++  verify2.update(input);
++
++  assert.strictEqual(verify2.verify(dsaPubPem, signature2, 'hex'), true);
++}
++
++
++//
++// Test DSA signing and verification with PKCS#8 private key
++//
++{
++  const input = 'I AM THE WALRUS';
++
++  // DSA signatures vary across runs so there is no static string to verify
++  // against.
++  const sign = crypto.createSign('SHA1');
++  sign.update(input);
++  const signature = sign.sign(dsaPkcs8KeyPem, 'hex');
++
++  const verify = crypto.createVerify('SHA1');
++  verify.update(input);
++
++  assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true);
++}
++
++
++//
++// Test DSA signing and verification with encrypted key
++//
++const input = 'I AM THE WALRUS';
++
++{
++  const sign = crypto.createSign('SHA1');
++  sign.update(input);
++  assert.throws(() => {
++    sign.sign({ key: dsaKeyPemEncrypted, passphrase: 'wrong' }, 'hex');
++  }, decryptPrivateKeyError);
++}
++
++{
++  // DSA signatures vary across runs so there is no static string to verify
++  // against.
++  const sign = crypto.createSign('SHA1');
++  sign.update(input);
++  const signOptions = { key: dsaKeyPemEncrypted, passphrase: 'password' };
++  const signature = sign.sign(signOptions, 'hex');
++
++  const verify = crypto.createVerify('SHA1');
++  verify.update(input);
++
++  assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true);
++}
+diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js
+index 9afcb38..fd27827 100644
+--- a/test/parallel/test-crypto-rsa-dsa.js
++++ b/test/parallel/test-crypto-rsa-dsa.js
+@@ -220,20 +220,36 @@ function test_rsa(padding, encryptOaepHash, decryptOaepHash) {
+     padding: padding,
+     oaepHash: encryptOaepHash
+   }, bufferToEncrypt);
++  if (padding === constants.RSA_PKCS1_PADDING) {
++    assert.throws(() => {
++      crypto.privateDecrypt({
++        key: rsaKeyPem,
++        padding: padding,
++        oaepHash: decryptOaepHash
++      }, encryptedBuffer);
++    }, { code: 'ERR_INVALID_ARG_VALUE' });
++    assert.throws(() => {
++      crypto.privateDecrypt({
++        key: rsaPkcs8KeyPem,
++        padding: padding,
++        oaepHash: decryptOaepHash
++      }, encryptedBuffer);
++    }, { code: 'ERR_INVALID_ARG_VALUE' });
++  } else {
++    let decryptedBuffer = crypto.privateDecrypt({
++      key: rsaKeyPem,
++      padding: padding,
++      oaepHash: decryptOaepHash
++    }, encryptedBuffer);
++    assert.deepStrictEqual(decryptedBuffer, input);
+
+-  let decryptedBuffer = crypto.privateDecrypt({
+-    key: rsaKeyPem,
+-    padding: padding,
+-    oaepHash: decryptOaepHash
+-  }, encryptedBuffer);
+-  assert.deepStrictEqual(decryptedBuffer, input);
+-
+-  decryptedBuffer = crypto.privateDecrypt({
+-    key: rsaPkcs8KeyPem,
+-    padding: padding,
+-    oaepHash: decryptOaepHash
+-  }, encryptedBuffer);
+-  assert.deepStrictEqual(decryptedBuffer, input);
++    decryptedBuffer = crypto.privateDecrypt({
++      key: rsaPkcs8KeyPem,
++      padding: padding,
++      oaepHash: decryptOaepHash
++    }, encryptedBuffer);
++    assert.deepStrictEqual(decryptedBuffer, input);
++  }
+ }
+
+ test_rsa('RSA_NO_PADDING');
+--
+2.40.0
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22019.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22019.patch
new file mode 100644
index 0000000000..ca1c7981cc
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22019.patch
@@ -0,0 +1,556 @@
+From 911cb33cdadab57a75f97186290ea8f3903a6171 Mon Sep 17 00:00:00 2001
+From: Paolo Insogna <paolo@cowtech.it>
+Date: Tue, 9 Jan 2024 18:10:04 +0100
+Subject: [PATCH] http: add maximum chunk extension size
+
+PR-URL: https://github.com/nodejs-private/node-private/pull/520
+Refs: https://github.com/nodejs-private/node-private/pull/518
+
+CVE-ID: CVE-2024-22019
+
+Upstream-Status: Backport [https://github.com/nodejs/node/commit/911cb33cdadab57a]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ deps/llhttp/CMakeLists.txt                    |   2 +-
+ deps/llhttp/include/llhttp.h                  |   7 +-
+ deps/llhttp/src/api.c                         |   7 +
+ deps/llhttp/src/llhttp.c                      | 122 ++++++++++++++--
+ doc/api/errors.md                             |  12 ++
+ lib/_http_server.js                           |   8 ++
+ src/node_http_parser.cc                       |  20 ++-
+ .../test-http-chunk-extensions-limit.js       | 131 ++++++++++++++++++
+ tools/update-llhttp.sh                        |   2 +-
+ 9 files changed, 292 insertions(+), 19 deletions(-)
+ create mode 100644 test/parallel/test-http-chunk-extensions-limit.js
+
+diff --git a/deps/llhttp/CMakeLists.txt b/deps/llhttp/CMakeLists.txt
+index d038203..747564a 100644
+--- a/deps/llhttp/CMakeLists.txt
++++ b/deps/llhttp/CMakeLists.txt
+@@ -1,7 +1,7 @@
+ cmake_minimum_required(VERSION 3.5.1)
+ cmake_policy(SET CMP0069 NEW)
+
+-project(llhttp VERSION 6.0.11)
++project(llhttp VERSION 6.1.0)
+ include(GNUInstallDirs)
+
+ set(CMAKE_C_STANDARD 99)
+diff --git a/deps/llhttp/include/llhttp.h b/deps/llhttp/include/llhttp.h
+index 2da66f1..78f27ab 100644
+--- a/deps/llhttp/include/llhttp.h
++++ b/deps/llhttp/include/llhttp.h
+@@ -2,8 +2,8 @@
+ #define INCLUDE_LLHTTP_H_
+
+ #define LLHTTP_VERSION_MAJOR 6
+-#define LLHTTP_VERSION_MINOR 0
+-#define LLHTTP_VERSION_PATCH 11
++#define LLHTTP_VERSION_MINOR 1
++#define LLHTTP_VERSION_PATCH 0
+
+ #ifndef LLHTTP_STRICT_MODE
+ # define LLHTTP_STRICT_MODE 0
+@@ -348,6 +348,9 @@ struct llhttp_settings_s {
+    */
+   llhttp_cb      on_headers_complete;
+
++  /* Possible return values 0, -1, HPE_USER */
++  llhttp_data_cb on_chunk_parameters;
++
+   /* Possible return values 0, -1, HPE_USER */
+   llhttp_data_cb on_body;
+
+diff --git a/deps/llhttp/src/api.c b/deps/llhttp/src/api.c
+index c4ce197..d3065b3 100644
+--- a/deps/llhttp/src/api.c
++++ b/deps/llhttp/src/api.c
+@@ -355,6 +355,13 @@ int llhttp__on_chunk_header(llhttp_t* s, const char* p, const char* endp) {
+ }
+
+
++int llhttp__on_chunk_parameters(llhttp_t* s, const char* p, const char* endp) {
++  int err;
++  SPAN_CALLBACK_MAYBE(s, on_chunk_parameters, p, endp - p);
++  return err;
++}
++
++
+ int llhttp__on_chunk_complete(llhttp_t* s, const char* p, const char* endp) {
+   int err;
+   CALLBACK_MAYBE(s, on_chunk_complete);
+diff --git a/deps/llhttp/src/llhttp.c b/deps/llhttp/src/llhttp.c
+index 5e7c5d1..5eb19f6 100644
+--- a/deps/llhttp/src/llhttp.c
++++ b/deps/llhttp/src/llhttp.c
+@@ -340,6 +340,8 @@ enum llparse_state_e {
+   s_n_llhttp__internal__n_invoke_is_equal_content_length,
+   s_n_llhttp__internal__n_chunk_size_almost_done,
+   s_n_llhttp__internal__n_chunk_parameters,
++  s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters,
++  s_n_llhttp__internal__n_chunk_parameters_ows,
+   s_n_llhttp__internal__n_chunk_size_otherwise,
+   s_n_llhttp__internal__n_chunk_size,
+   s_n_llhttp__internal__n_chunk_size_digit,
+@@ -539,6 +541,10 @@ int llhttp__on_body(
+     llhttp__internal_t* s, const unsigned char* p,
+     const unsigned char* endp);
+
++int llhttp__on_chunk_parameters(
++    llhttp__internal_t* s, const unsigned char* p,
++    const unsigned char* endp);
++
+ int llhttp__on_status(
+     llhttp__internal_t* s, const unsigned char* p,
+     const unsigned char* endp);
+@@ -1226,8 +1232,7 @@ static llparse_state_t llhttp__internal__run(
+           goto s_n_llhttp__internal__n_chunk_parameters;
+         }
+         case 2: {
+-          p++;
+-          goto s_n_llhttp__internal__n_chunk_size_almost_done;
++	  goto s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters;
+         }
+         default: {
+           goto s_n_llhttp__internal__n_error_10;
+@@ -1236,6 +1241,34 @@ static llparse_state_t llhttp__internal__run(
+       /* UNREACHABLE */;
+       abort();
+     }
++    case s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters:
++    s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters: {
++      if (p == endp) {
++        return s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
++      }
++      state->_span_pos0 = (void*) p;
++      state->_span_cb0 = llhttp__on_chunk_parameters;
++      goto s_n_llhttp__internal__n_chunk_parameters;
++      /* UNREACHABLE */;
++      abort();
++    }
++    case s_n_llhttp__internal__n_chunk_parameters_ows:
++    s_n_llhttp__internal__n_chunk_parameters_ows: {
++      if (p == endp) {
++        return s_n_llhttp__internal__n_chunk_parameters_ows;
++      }
++      switch (*p) {
++        case ' ': {
++          p++;
++          goto s_n_llhttp__internal__n_chunk_parameters_ows;
++        }
++        default: {
++          goto s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
++        }
++      }
++      /* UNREACHABLE */;
++      abort();
++    }
+     case s_n_llhttp__internal__n_chunk_size_otherwise:
+     s_n_llhttp__internal__n_chunk_size_otherwise: {
+       if (p == endp) {
+@@ -1246,13 +1279,9 @@ static llparse_state_t llhttp__internal__run(
+           p++;
+           goto s_n_llhttp__internal__n_chunk_size_almost_done;
+         }
+-        case ' ': {
+-          p++;
+-          goto s_n_llhttp__internal__n_chunk_parameters;
+-        }
+         case ';': {
+           p++;
+-          goto s_n_llhttp__internal__n_chunk_parameters;
++          goto s_n_llhttp__internal__n_chunk_parameters_ows;
+         }
+         default: {
+           goto s_n_llhttp__internal__n_error_11;
+@@ -6074,6 +6103,24 @@ static llparse_state_t llhttp__internal__run(
+     /* UNREACHABLE */;
+     abort();
+   }
++  s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters: {
++    const unsigned char* start;
++    int err;
++
++    start = state->_span_pos0;
++    state->_span_pos0 = NULL;
++    err = llhttp__on_chunk_parameters(state, start, p);
++    if (err != 0) {
++      state->error = err;
++      state->error_pos = (const char*) (p + 1);
++      state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_chunk_size_almost_done;
++      return s_error;
++    }
++    p++;
++    goto s_n_llhttp__internal__n_chunk_size_almost_done;
++    /* UNREACHABLE */;
++    abort();
++  }
+   s_n_llhttp__internal__n_error_10: {
+     state->error = 0x2;
+     state->reason = "Invalid character in chunk parameters";
+@@ -8441,6 +8488,8 @@ enum llparse_state_e {
+   s_n_llhttp__internal__n_invoke_is_equal_content_length,
+   s_n_llhttp__internal__n_chunk_size_almost_done,
+   s_n_llhttp__internal__n_chunk_parameters,
++  s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters,
++  s_n_llhttp__internal__n_chunk_parameters_ows,
+   s_n_llhttp__internal__n_chunk_size_otherwise,
+   s_n_llhttp__internal__n_chunk_size,
+   s_n_llhttp__internal__n_chunk_size_digit,
+@@ -8635,6 +8684,10 @@ int llhttp__on_body(
+     llhttp__internal_t* s, const unsigned char* p,
+     const unsigned char* endp);
+
++int llhttp__on_chunk_parameters(
++    llhttp__internal_t* s, const unsigned char* p,
++    const unsigned char* endp);
++
+ int llhttp__on_status(
+     llhttp__internal_t* s, const unsigned char* p,
+     const unsigned char* endp);
+@@ -9299,8 +9352,7 @@ static llparse_state_t llhttp__internal__run(
+           goto s_n_llhttp__internal__n_chunk_parameters;
+         }
+         case 2: {
+-          p++;
+-          goto s_n_llhttp__internal__n_chunk_size_almost_done;
++	  goto s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters;
+         }
+         default: {
+           goto s_n_llhttp__internal__n_error_6;
+@@ -9309,6 +9361,34 @@ static llparse_state_t llhttp__internal__run(
+       /* UNREACHABLE */;
+       abort();
+     }
++    case s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters:
++    s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters: {
++      if (p == endp) {
++        return s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
++      }
++      state->_span_pos0 = (void*) p;
++      state->_span_cb0 = llhttp__on_chunk_parameters;
++      goto s_n_llhttp__internal__n_chunk_parameters;
++      /* UNREACHABLE */;
++      abort();
++    }
++    case s_n_llhttp__internal__n_chunk_parameters_ows:
++    s_n_llhttp__internal__n_chunk_parameters_ows: {
++      if (p == endp) {
++        return s_n_llhttp__internal__n_chunk_parameters_ows;
++      }
++      switch (*p) {
++        case ' ': {
++          p++;
++          goto s_n_llhttp__internal__n_chunk_parameters_ows;
++        }
++        default: {
++          goto s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters;
++        }
++      }
++      /* UNREACHABLE */;
++      abort();
++    }
+     case s_n_llhttp__internal__n_chunk_size_otherwise:
+     s_n_llhttp__internal__n_chunk_size_otherwise: {
+       if (p == endp) {
+@@ -9319,13 +9399,9 @@ static llparse_state_t llhttp__internal__run(
+           p++;
+           goto s_n_llhttp__internal__n_chunk_size_almost_done;
+         }
+-        case ' ': {
+-          p++;
+-          goto s_n_llhttp__internal__n_chunk_parameters;
+-        }
+         case ';': {
+           p++;
+-          goto s_n_llhttp__internal__n_chunk_parameters;
++          goto s_n_llhttp__internal__n_chunk_parameters_ows;
+         }
+         default: {
+           goto s_n_llhttp__internal__n_error_7;
+@@ -13951,6 +14027,24 @@ static llparse_state_t llhttp__internal__run(
+     /* UNREACHABLE */;
+     abort();
+   }
++  s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters: {
++    const unsigned char* start;
++    int err;
++
++    start = state->_span_pos0;
++    state->_span_pos0 = NULL;
++    err = llhttp__on_chunk_parameters(state, start, p);
++    if (err != 0) {
++      state->error = err;
++      state->error_pos = (const char*) (p + 1);
++      state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_chunk_size_almost_done;
++      return s_error;
++    }
++    p++;
++    goto s_n_llhttp__internal__n_chunk_size_almost_done;
++    /* UNREACHABLE */;
++    abort();
++  }
+   s_n_llhttp__internal__n_error_6: {
+     state->error = 0x2;
+     state->reason = "Invalid character in chunk parameters";
+diff --git a/doc/api/errors.md b/doc/api/errors.md
+index dcf8744..a76bfe5 100644
+--- a/doc/api/errors.md
++++ b/doc/api/errors.md
+@@ -3043,6 +3043,18 @@ malconfigured clients, if more than 8 KiB of HTTP header data is received then
+ HTTP parsing will abort without a request or response object being created, and
+ an `Error` with this code will be emitted.
+
++<a id="HPE_CHUNK_EXTENSIONS_OVERFLOW"></a>
++
++### `HPE_CHUNK_EXTENSIONS_OVERFLOW`
++
++<!-- YAML
++added: REPLACEME
++-->
++
++Too much data was received for a chunk extensions. In order to protect against
++malicious or malconfigured clients, if more than 16 KiB of data is received
++then an `Error` with this code will be emitted.
++
+ <a id="HPE_UNEXPECTED_CONTENT_LENGTH"></a>
+
+ ### `HPE_UNEXPECTED_CONTENT_LENGTH`
+diff --git a/lib/_http_server.js b/lib/_http_server.js
+index 4e23266..263bb52 100644
+--- a/lib/_http_server.js
++++ b/lib/_http_server.js
+@@ -706,6 +706,11 @@ const requestHeaderFieldsTooLargeResponse = Buffer.from(
+   `HTTP/1.1 431 ${STATUS_CODES[431]}\r\n` +
+   'Connection: close\r\n\r\n', 'ascii'
+ );
++const requestChunkExtensionsTooLargeResponse = Buffer.from(
++  `HTTP/1.1 413 ${STATUS_CODES[413]}\r\n` +
++  'Connection: close\r\n\r\n', 'ascii',
++);
++
+ function socketOnError(e) {
+   // Ignore further errors
+   this.removeListener('error', socketOnError);
+@@ -719,6 +724,9 @@ function socketOnError(e) {
+         case 'HPE_HEADER_OVERFLOW':
+           response = requestHeaderFieldsTooLargeResponse;
+           break;
++	case 'HPE_CHUNK_EXTENSIONS_OVERFLOW':
++          response = requestChunkExtensionsTooLargeResponse;
++          break;
+         case 'ERR_HTTP_REQUEST_TIMEOUT':
+           response = requestTimeoutResponse;
+           break;
+diff --git a/src/node_http_parser.cc b/src/node_http_parser.cc
+index 74f3248..b92e848 100644
+--- a/src/node_http_parser.cc
++++ b/src/node_http_parser.cc
+@@ -79,6 +79,8 @@ const uint32_t kOnExecute = 5;
+ const uint32_t kOnTimeout = 6;
+ // Any more fields than this will be flushed into JS
+ const size_t kMaxHeaderFieldsCount = 32;
++// Maximum size of chunk extensions
++const size_t kMaxChunkExtensionsSize = 16384;
+
+ const uint32_t kLenientNone = 0;
+ const uint32_t kLenientHeaders = 1 << 0;
+@@ -206,6 +208,7 @@ class Parser : public AsyncWrap, public StreamListener {
+
+   int on_message_begin() {
+     num_fields_ = num_values_ = 0;
++    chunk_extensions_nread_ = 0;
+     url_.Reset();
+     status_message_.Reset();
+     header_parsing_start_time_ = uv_hrtime();
+@@ -443,9 +446,22 @@ class Parser : public AsyncWrap, public StreamListener {
+     return 0;
+   }
+
+-  // Reset nread for the next chunk
++  int on_chunk_extension(const char* at, size_t length) {
++    chunk_extensions_nread_ += length;
++
++    if (chunk_extensions_nread_ > kMaxChunkExtensionsSize) {
++      llhttp_set_error_reason(&parser_,
++        "HPE_CHUNK_EXTENSIONS_OVERFLOW:Chunk extensions overflow");
++      return HPE_USER;
++    }
++
++    return 0;
++  }
++
++  // Reset nread for the next chunk and also reset the extensions counter
+   int on_chunk_header() {
+     header_nread_ = 0;
++    chunk_extensions_nread_ = 0;
+     return 0;
+   }
+
+@@ -887,6 +903,7 @@ class Parser : public AsyncWrap, public StreamListener {
+   const char* current_buffer_data_;
+   bool pending_pause_ = false;
+   uint64_t header_nread_ = 0;
++  uint64_t chunk_extensions_nread_ = 0;
+   uint64_t max_http_header_size_;
+   uint64_t headers_timeout_;
+   uint64_t header_parsing_start_time_ = 0;
+@@ -921,6 +938,7 @@ const llhttp_settings_t Parser::settings = {
+   Proxy<DataCall, &Parser::on_header_field>::Raw,
+   Proxy<DataCall, &Parser::on_header_value>::Raw,
+   Proxy<Call, &Parser::on_headers_complete>::Raw,
++  Proxy<DataCall, &Parser::on_chunk_extension>::Raw,
+   Proxy<DataCall, &Parser::on_body>::Raw,
+   Proxy<Call, &Parser::on_message_complete>::Raw,
+   Proxy<Call, &Parser::on_chunk_header>::Raw,
+diff --git a/test/parallel/test-http-chunk-extensions-limit.js b/test/parallel/test-http-chunk-extensions-limit.js
+new file mode 100644
+index 0000000..6868b3d
+--- /dev/null
++++ b/test/parallel/test-http-chunk-extensions-limit.js
+@@ -0,0 +1,131 @@
++'use strict';
++
++const common = require('../common');
++const http = require('http');
++const net = require('net');
++const assert = require('assert');
++
++// Verify that chunk extensions are limited in size when sent all together.
++{
++  const server = http.createServer((req, res) => {
++    req.on('end', () => {
++      res.writeHead(200, { 'Content-Type': 'text/plain' });
++      res.end('bye');
++    });
++
++    req.resume();
++  });
++
++  server.listen(0, () => {
++    const sock = net.connect(server.address().port);
++    let data = '';
++
++    sock.on('data', (chunk) => data += chunk.toString('utf-8'));
++
++    sock.on('end', common.mustCall(function() {
++      assert.strictEqual(data, 'HTTP/1.1 413 Payload Too Large\r\nConnection: close\r\n\r\n');
++      server.close();
++    }));
++
++    sock.end('' +
++      'GET / HTTP/1.1\r\n' +
++      'Host: localhost:8080\r\n' +
++      'Transfer-Encoding: chunked\r\n\r\n' +
++      '2;' + 'A'.repeat(20000) + '=bar\r\nAA\r\n' +
++      '0\r\n\r\n'
++    );
++  });
++}
++
++// Verify that chunk extensions are limited in size when sent in intervals.
++{
++  const server = http.createServer((req, res) => {
++    req.on('end', () => {
++      res.writeHead(200, { 'Content-Type': 'text/plain' });
++      res.end('bye');
++    });
++
++    req.resume();
++  });
++
++  server.listen(0, () => {
++    const sock = net.connect(server.address().port);
++    let remaining = 20000;
++    let data = '';
++
++    const interval = setInterval(
++      () => {
++        if (remaining > 0) {
++          sock.write('A'.repeat(1000));
++        } else {
++          sock.write('=bar\r\nAA\r\n0\r\n\r\n');
++          clearInterval(interval);
++        }
++
++        remaining -= 1000;
++      },
++      common.platformTimeout(20),
++    ).unref();
++
++    sock.on('data', (chunk) => data += chunk.toString('utf-8'));
++
++    sock.on('end', common.mustCall(function() {
++      assert.strictEqual(data, 'HTTP/1.1 413 Payload Too Large\r\nConnection: close\r\n\r\n');
++      server.close();
++    }));
++
++    sock.write('' +
++    'GET / HTTP/1.1\r\n' +
++    'Host: localhost:8080\r\n' +
++    'Transfer-Encoding: chunked\r\n\r\n' +
++    '2;'
++    );
++  });
++}
++
++// Verify the chunk extensions is correctly reset after a chunk
++{
++  const server = http.createServer((req, res) => {
++    req.on('end', () => {
++      res.writeHead(200, { 'content-type': 'text/plain', 'connection': 'close', 'date': 'now' });
++      res.end('bye');
++    });
++
++    req.resume();
++  });
++
++  server.listen(0, () => {
++    const sock = net.connect(server.address().port);
++    let data = '';
++
++    sock.on('data', (chunk) => data += chunk.toString('utf-8'));
++
++    sock.on('end', common.mustCall(function() {
++      assert.strictEqual(
++        data,
++        'HTTP/1.1 200 OK\r\n' +
++        'content-type: text/plain\r\n' +
++        'connection: close\r\n' +
++        'date: now\r\n' +
++        'Transfer-Encoding: chunked\r\n' +
++        '\r\n' +
++        '3\r\n' +
++        'bye\r\n' +
++        '0\r\n' +
++        '\r\n',
++      );
++
++      server.close();
++    }));
++
++    sock.end('' +
++      'GET / HTTP/1.1\r\n' +
++      'Host: localhost:8080\r\n' +
++      'Transfer-Encoding: chunked\r\n\r\n' +
++      '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' +
++      '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' +
++      '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' +
++      '0\r\n\r\n'
++    );
++  });
++}
+diff --git a/tools/update-llhttp.sh b/tools/update-llhttp.sh
+index 12e2f46..a95eef1 100755
+--- a/tools/update-llhttp.sh
++++ b/tools/update-llhttp.sh
+@@ -59,5 +59,5 @@ echo ""
+ echo "Please git add llhttp, commit the new version:"
+ echo ""
+ echo "$ git add -A deps/llhttp"
+-echo "$ git commit -m \"deps: update nghttp2 to $LLHTTP_VERSION\""
++echo "$ git commit -m \"deps: update llhttp to $LLHTTP_VERSION\""
+ echo ""
+--
+2.40.0
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22025.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22025.patch
new file mode 100644
index 0000000000..ac3a54aba6
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22025.patch
@@ -0,0 +1,148 @@
+From 9052ef43dc2d1b0db340591a9bc9e45a25c01d90 Mon Sep 17 00:00:00 2001
+From: Matteo Collina <hello@matteocollina.com>
+Date: Tue, 6 Feb 2024 16:47:20 +0100
+Subject: [PATCH 4/5] zlib: pause stream if outgoing buffer is full
+
+Signed-off-by: Matteo Collina <hello@matteocollina.com>
+PR-URL: https://github.com/nodejs-private/node-private/pull/540
+Reviewed-By: Robert Nagy <ronagy@icloud.com>
+Ref: https://hackerone.com/reports/2284065
+
+CVE-ID: CVE-2024-22025
+
+Upstream-Status: Backport [https://github.com/nodejs/node/commit/9052ef43dc2d1b0d]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/zlib.js                            | 32 +++++++++++++++++++-------
+ test/parallel/test-zlib-brotli-16GB.js | 22 ++++++++++++++++++
+ test/parallel/test-zlib-params.js      | 24 +++++++++++--------
+ 3 files changed, 61 insertions(+), 17 deletions(-)
+ create mode 100644 test/parallel/test-zlib-brotli-16GB.js
+
+diff --git a/lib/zlib.js b/lib/zlib.js
+index 9bde199..8e033e5 100644
+--- a/lib/zlib.js
++++ b/lib/zlib.js
+@@ -560,10 +560,11 @@ function processCallback() {
+   self.bytesWritten += inDelta;
+
+   const have = handle.availOutBefore - availOutAfter;
++  let streamBufferIsFull = false;
+   if (have > 0) {
+     const out = self._outBuffer.slice(self._outOffset, self._outOffset + have);
+     self._outOffset += have;
+-    self.push(out);
++    streamBufferIsFull = !self.push(out);
+   } else {
+     assert(have === 0, 'have should not go down');
+   }
+@@ -588,13 +589,28 @@ function processCallback() {
+     handle.inOff += inDelta;
+     handle.availInBefore = availInAfter;
+
+-    this.write(handle.flushFlag,
+-               this.buffer, // in
+-               handle.inOff, // in_off
+-               handle.availInBefore, // in_len
+-               self._outBuffer, // out
+-               self._outOffset, // out_off
+-               self._chunkSize); // out_len
++    if (!streamBufferIsFull) {
++      this.write(handle.flushFlag,
++                 this.buffer, // in
++                 handle.inOff, // in_off
++                 handle.availInBefore, // in_len
++                 self._outBuffer, // out
++                 self._outOffset, // out_off
++                 self._chunkSize); // out_len
++    } else {
++      const oldRead = self._read;
++      self._read = (n) => {
++        self._read = oldRead;
++        this.write(handle.flushFlag,
++                   this.buffer, // in
++                   handle.inOff, // in_off
++                   handle.availInBefore, // in_len
++                   self._outBuffer, // out
++                   self._outOffset, // out_off
++                   self._chunkSize); // out_len
++        self._read(n);
++      };
++    }
+     return;
+   }
+
+diff --git a/test/parallel/test-zlib-brotli-16GB.js b/test/parallel/test-zlib-brotli-16GB.js
+new file mode 100644
+index 0000000..1ca10f7
+--- /dev/null
++++ b/test/parallel/test-zlib-brotli-16GB.js
+@@ -0,0 +1,22 @@
++use strict';
++
++const common = require('../common');
++const { createBrotliDecompress } = require('node:zlib');
++const strictEqual = require('node:assert').strictEqual;
++
++// This tiny HEX string is a 16GB file.
++// This test verifies that the stream actually stops.
++/* eslint-disable max-len */
++const content = 'cfffff7ff82700e2b14020f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c32200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bff3f';
++
++const buf = Buffer.from(content, 'hex');
++
++const decoder = createBrotliDecompress();
++decoder.end(buf);
++
++// We need to wait to verify that the libuv thread pool had time
++// to process the data and the buffer is not empty.
++setTimeout(common.mustCall(() => {
++  // There is only one chunk in the buffer
++  strictEqual(decoder._readableState.buffer.length, 1);
++}), common.platformTimeout(100));
+diff --git a/test/parallel/test-zlib-params.js b/test/parallel/test-zlib-params.js
+index 30d4f13..18271fe 100644
+--- a/test/parallel/test-zlib-params.js
++++ b/test/parallel/test-zlib-params.js
+@@ -12,23 +12,29 @@ const deflater = zlib.createDeflate(opts);
+ const chunk1 = file.slice(0, chunkSize);
+ const chunk2 = file.slice(chunkSize);
+ const blkhdr = Buffer.from([0x00, 0x5a, 0x82, 0xa5, 0x7d]);
+-const expected = Buffer.concat([blkhdr, chunk2]);
+-let actual;
++const blkftr = Buffer.from('010000ffff7dac3072', 'hex');
++const expected = Buffer.concat([blkhdr, chunk2, blkftr]);
++const bufs = [];
++
++function read() {
++  let buf;
++  while ((buf = deflater.read()) !== null) {
++    bufs.push(buf);
++  }
++}
+
+ deflater.write(chunk1, function() {
+   deflater.params(0, zlib.constants.Z_DEFAULT_STRATEGY, function() {
+     while (deflater.read());
+-    deflater.end(chunk2, function() {
+-      const bufs = [];
+-      let buf;
+-      while ((buf = deflater.read()) !== null)
+-        bufs.push(buf);
+-      actual = Buffer.concat(bufs);
+-    });
++
++    deflater.on('readable', read);
++
++    deflater.end(chunk2);
+   });
+   while (deflater.read());
+ });
+
+ process.once('exit', function() {
++  const actual = Buffer.concat(bufs);
+   assert.deepStrictEqual(actual, expected);
+ });
+--
+2.40.0
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.18.1.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb
index e755d0c9aa..95b36c926d 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_16.18.1.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb
@@ -1,7 +1,7 @@
 DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript"
 HOMEPAGE = "http://nodejs.org"
-LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=6e54852cd826c41e80c6d80f6db00a85"
+LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0 & OpenSSL"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ab4d0d45e717c9978737499a3489e515"
 
 DEPENDS = "openssl"
 DEPENDS:append:class-target = " qemu-native"
@@ -26,6 +26,10 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
            file://0001-liftoff-Correct-function-signatures.patch \
            file://0001-mips-Use-32bit-cast-for-operand-on-mips32.patch \
            file://0001-Nodejs-Fixed-pipes-DeprecationWarning.patch \
+           file://CVE-2022-25883.patch \
+           file://CVE-2024-22019.patch \
+           file://CVE-2024-22025.patch \
+           file://CVE-2023-46809.patch \
            "
 SRC_URI:append:class-target = " \
            file://0001-Using-native-binaries.patch \
@@ -36,10 +40,12 @@ SRC_URI:append:toolchain-clang:x86 = " \
 SRC_URI:append:toolchain-clang:powerpc64le = " \
            file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \
            "
-SRC_URI[sha256sum] = "1f8051a88f86f42064f4415fe7a980e59b0a502ecc8def583f6303bc4d445238"
+SRC_URI[sha256sum] = "576f1a03c455e491a8d132b587eb6b3b84651fc8974bb3638433dd44d22c8f49"
 
 S = "${WORKDIR}/node-v${PV}"
 
+CVE_PRODUCT += "node.js"
+
 # v8 errors out if you have set CCACHE
 CCACHE = ""
 
diff --git a/meta-oe/recipes-devtools/pahole/pahole_1.22.bb b/meta-oe/recipes-devtools/pahole/pahole_1.22.bb
index 449508a5d5..ec642ec3b2 100644
--- a/meta-oe/recipes-devtools/pahole/pahole_1.22.bb
+++ b/meta-oe/recipes-devtools/pahole/pahole_1.22.bb
@@ -21,7 +21,7 @@ inherit cmake pkgconfig
 
 PACKAGECONFIG[python3] = ",,python3-core,python3-core"
 
-EXTRA_OECMAKE = "-D__LIB=lib -DCMAKE_BUILD_TYPE=Release -DLIBBPF_EMBEDDED=OFF"
+EXTRA_OECMAKE = "-D__LIB=${@os.path.relpath(d.getVar('libdir'), d.getVar('prefix') + '/')} -DCMAKE_BUILD_TYPE=Release -DLIBBPF_EMBEDDED=OFF"
 
 FILES:${PN} =  "${bindir}/pahole \
 		${libdir}/libdwarves.so* \
diff --git a/meta-oe/recipes-devtools/php/php_8.1.12.bb b/meta-oe/recipes-devtools/php/php_8.1.22.bb
index 794330dcb7..ffa3318441 100644
--- a/meta-oe/recipes-devtools/php/php_8.1.12.bb
+++ b/meta-oe/recipes-devtools/php/php_8.1.22.bb
@@ -33,7 +33,7 @@ SRC_URI:append:class-target = " \
           "
 
 S = "${WORKDIR}/php-${PV}"
-SRC_URI[sha256sum] = "f87d73e917facf78de7bcde53fc2faa4d4dbe0487a9406e1ab68c8ae8f33eb03"
+SRC_URI[sha256sum] = "992354e382c6c618d01ed4be06beea8dec3178b14153df64d3c8c48b85e9fbc2"
 
 CVE_CHECK_IGNORE += "\
     CVE-2007-2728 \
diff --git a/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb b/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb
index b6ff62b91c..65294fafad 100644
--- a/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb
+++ b/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb
@@ -4,7 +4,7 @@ SECTION = "libs"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://license.txt;md5=ba04aa8f65de1396a7e59d1d746c2125"
 
-SRC_URI = "git://github.com/miloyip/rapidjson.git;nobranch=1;protocol=https"
+SRC_URI = "git://github.com/miloyip/rapidjson.git;branch=master;protocol=https"
 
 SRCREV = "0ccdbf364c577803e2a751f5aededce935314313"
 
diff --git a/meta-oe/recipes-devtools/sip/sip3/added-the-py_ssize_t_clean-argument-to-the-module-directive.patch b/meta-oe/recipes-devtools/sip/sip3/added-the-py_ssize_t_clean-argument-to-the-module-directive.patch
new file mode 100644
index 0000000000..d7ed0770b2
--- /dev/null
+++ b/meta-oe/recipes-devtools/sip/sip3/added-the-py_ssize_t_clean-argument-to-the-module-directive.patch
@@ -0,0 +1,17679 @@
+Added the 'py_ssize_t_clean' argument to '%Module' directive
+
+This is based on an upstream changeset to SIP.  It was backported to
+sip-4.19.23 and the parser was regenerated with the following
+commands:
+
+  cd sipgen/metasrc
+  flex -o../lexer.c lexer.l
+  bison -y -d -o ../parser.c parser.y
+
+Signed-off-by: Rob Woolley <rob.woolley@windriver.com>
+
+# HG changeset patch
+# User Phil Thompson <phil@riverbankcomputing.com>
+# Date 1635086052 -3600
+# Node ID 5d67349bb5a9954590a896ab35da93b2237b99c2
+# Parent  d837f2a3147fc5eb364f1c54798b668da1a83333
+Added the 'py_ssize_t_clean' argument to the '%Module' directive.
+
+Index: sip-4.19.23/sipgen/gencode.c
+===================================================================
+--- sip-4.19.23.orig/sipgen/gencode.c
++++ sip-4.19.23/sipgen/gencode.c
+@@ -1138,6 +1138,12 @@ static void generateCompositeCpp(sipSpec
+ 
+     declareLimitedAPI(py_debug, NULL, fp);
+ 
++    if (isPY_SSIZE_T_CLEAN(mod))
++        prcode(fp,
++"\n"
++"#define PY_SSIZE_T_CLEAN\n"
++            );
++
+     prcode(fp,
+ "\n"
+ "#include <Python.h>\n"
+Index: sip-4.19.23/sipgen/metasrc/lexer.l
+===================================================================
+--- sip-4.19.23.orig/sipgen/metasrc/lexer.l
++++ sip-4.19.23/sipgen/metasrc/lexer.l
+@@ -155,6 +155,7 @@ SIP_RXOBJ_DIS               {return TK_S
+ SIP_SLOT_CON                {return TK_SIPSLOTCON;}
+ SIP_SLOT_DIS                {return TK_SIPSLOTDIS;}
+ SIP_SSIZE_T                 {return TK_SIPSSIZET;}
++Py_ssize_t                  {return TK_SIPSSIZET;}
+ SIP_QOBJECT                 {return TK_QOBJECT;}
+ \.\.\.                      {return TK_ELLIPSIS;}
+ 
+@@ -173,6 +174,7 @@ SIP_QOBJECT                 {return TK_Q
+ <directive>timestamp        {return TK_TIMESTAMP;}
+ <directive>type             {return TK_TYPE;}
+ <directive>use_argument_names   {return TK_USEARGNAMES;}
++<directive>py_ssize_t_clean {return TK_PYSSIZETCLEAN;}
+ <directive>use_limited_api  {return TK_USELIMITEDAPI;}
+ <directive>all_raise_py_exception   {return TK_ALLRAISEPYEXC;}
+ <directive>call_super_init  {return TK_CALLSUPERINIT;}
+Index: sip-4.19.23/sipgen/metasrc/parser.y
+===================================================================
+--- sip-4.19.23.orig/sipgen/metasrc/parser.y
++++ sip-4.19.23/sipgen/metasrc/parser.y
+@@ -182,9 +182,9 @@ static void addProperty(sipSpec *pt, mod
+         docstringDef *docstring);
+ static moduleDef *configureModule(sipSpec *pt, moduleDef *module,
+         const char *filename, const char *name, int c_module, KwArgs kwargs,
+-        int use_arg_names, int use_limited_api, int call_super_init,
+-        int all_raise_py_exc, const char *def_error_handler,
+-        docstringDef *docstring);
++        int use_arg_names, int py_ssize_t_clean, int use_limited_api,
++        int call_super_init, int all_raise_py_exc,
++        const char *def_error_handler, docstringDef *docstring);
+ static void addAutoPyName(moduleDef *mod, const char *remove_leading);
+ static KwArgs convertKwArgs(const char *kwargs);
+ static void checkAnnos(optFlags *annos, const char *valid[]);
+@@ -389,6 +389,7 @@ static scopedNameDef *fullyQualifiedName
+ %token          TK_TIMESTAMP
+ %token          TK_TYPE
+ %token          TK_USEARGNAMES
++%token          TK_PYSSIZETCLEAN
+ %token          TK_USELIMITEDAPI
+ %token          TK_ALLRAISEPYEXC
+ %token          TK_CALLSUPERINIT
+@@ -1908,9 +1909,10 @@ module: TK_MODULE module_args module_bod
+             if (notSkipping())
+                 currentModule = configureModule(currentSpec, currentModule,
+                         currentContext.filename, $2.name, $2.c_module,
+-                        $2.kwargs, $2.use_arg_names, $2.use_limited_api,
+-                        $2.call_super_init, $2.all_raise_py_exc,
+-                        $2.def_error_handler, $3.docstring);
++                        $2.kwargs, $2.use_arg_names, $2.py_ssize_t_clean,
++                        $2.use_limited_api, $2.call_super_init,
++                        $2.all_raise_py_exc, $2.def_error_handler,
++                        $3.docstring);
+         }
+     |   TK_CMODULE dottedname optnumber {
+             deprecated("%CModule is deprecated, use %Module and the 'language' argument instead");
+@@ -1918,7 +1920,7 @@ module: TK_MODULE module_args module_bod
+             if (notSkipping())
+                 currentModule = configureModule(currentSpec, currentModule,
+                         currentContext.filename, $2, TRUE, defaultKwArgs,
+-                        FALSE, FALSE, -1, FALSE, NULL, NULL);
++                        FALSE, FALSE, FALSE, -1, FALSE, NULL, NULL);
+         }
+     ;
+ 
+@@ -1930,6 +1932,7 @@ module_args:    dottedname {resetLexerSt
+             $$.kwargs = defaultKwArgs;
+             $$.name = $1;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = -1;
+@@ -1950,6 +1953,7 @@ module_arg_list:    module_arg
+             case TK_LANGUAGE: $$.c_module = $3.c_module; break;
+             case TK_NAME: $$.name = $3.name; break;
+             case TK_USEARGNAMES: $$.use_arg_names = $3.use_arg_names; break;
++            case TK_PYSSIZETCLEAN: $$.py_ssize_t_clean = $3.py_ssize_t_clean; break;
+             case TK_USELIMITEDAPI: $$.use_limited_api = $3.use_limited_api; break;
+             case TK_ALLRAISEPYEXC: $$.all_raise_py_exc = $3.all_raise_py_exc; break;
+             case TK_CALLSUPERINIT: $$.call_super_init = $3.call_super_init; break;
+@@ -1965,6 +1969,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = convertKwArgs($3);
+             $$.name = NULL;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = -1;
+@@ -1983,6 +1988,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = defaultKwArgs;
+             $$.name = NULL;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = -1;
+@@ -1995,6 +2001,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = defaultKwArgs;
+             $$.name = $3;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = -1;
+@@ -2007,6 +2014,20 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = defaultKwArgs;
+             $$.name = NULL;
+             $$.use_arg_names = $3;
++            $$.py_ssize_t_clean = FALSE;
++            $$.use_limited_api = FALSE;
++            $$.all_raise_py_exc = FALSE;
++            $$.call_super_init = -1;
++            $$.def_error_handler = NULL;
++        }
++    |   TK_PYSSIZETCLEAN '=' bool_value {
++            $$.token = TK_PYSSIZETCLEAN;
++
++            $$.c_module = FALSE;
++            $$.kwargs = defaultKwArgs;
++            $$.name = NULL;
++            $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = $3;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = -1;
+@@ -2019,6 +2040,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = defaultKwArgs;
+             $$.name = NULL;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = $3;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = -1;
+@@ -2031,6 +2053,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = defaultKwArgs;
+             $$.name = NULL;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = $3;
+             $$.call_super_init = -1;
+@@ -2043,6 +2066,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = defaultKwArgs;
+             $$.name = NULL;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = $3;
+@@ -2055,6 +2079,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = defaultKwArgs;
+             $$.name = NULL;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = -1;
+@@ -2072,6 +2097,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU
+             $$.kwargs = defaultKwArgs;
+             $$.name = NULL;
+             $$.use_arg_names = FALSE;
++            $$.py_ssize_t_clean = FALSE;
+             $$.use_limited_api = FALSE;
+             $$.all_raise_py_exc = FALSE;
+             $$.call_super_init = -1;
+@@ -9513,9 +9539,9 @@ static void addProperty(sipSpec *pt, mod
+  */
+ static moduleDef *configureModule(sipSpec *pt, moduleDef *module,
+         const char *filename, const char *name, int c_module, KwArgs kwargs,
+-        int use_arg_names, int use_limited_api, int call_super_init,
+-        int all_raise_py_exc, const char *def_error_handler,
+-        docstringDef *docstring)
++        int use_arg_names, int py_ssize_t_clean, int use_limited_api,
++        int call_super_init, int all_raise_py_exc,
++        const char *def_error_handler, docstringDef *docstring)
+ {
+     moduleDef *mod;
+ 
+@@ -9549,6 +9575,9 @@ static moduleDef *configureModule(sipSpe
+     if (use_arg_names)
+         setUseArgNames(module);
+ 
++    if (py_ssize_t_clean)
++        setPY_SSIZE_T_CLEAN(module);
++
+     if (use_limited_api)
+         setUseLimitedAPI(module);
+ 
+Index: sip-4.19.23/sipgen/sip.h
+===================================================================
+--- sip-4.19.23.orig/sipgen/sip.h
++++ sip-4.19.23/sipgen/sip.h
+@@ -93,6 +93,7 @@
+ #define MOD_SUPER_INIT_UNDEF    0x0000  /* Calling super().__init__() is undefined. */
+ #define MOD_SUPER_INIT_MASK     0x0180  /* The mask for the above flags. */
+ #define MOD_SETTING_IMPORTS     0x0200  /* Imports are being set. */
++#define MOD_PY_SSIZE_T_CLEAN    0x0400  /* #define PY_SSIZE_T_CLEAN. */
+ 
+ #define hasDelayedDtors(m)  ((m)->modflags & MOD_HAS_DELAYED_DTORS)
+ #define setHasDelayedDtors(m)   ((m)->modflags |= MOD_HAS_DELAYED_DTORS)
+@@ -116,6 +117,8 @@
+ #define settingImports(m)   ((m)->modflags & MOD_SETTING_IMPORTS)
+ #define setSettingImports(m)    ((m)->modflags |= MOD_SETTING_IMPORTS)
+ #define resetSettingImports(m)  ((m)->modflags &= ~MOD_SETTING_IMPORTS)
++#define setPY_SSIZE_T_CLEAN(m)  ((m)->modflags |= MOD_PY_SSIZE_T_CLEAN)
++#define isPY_SSIZE_T_CLEAN(m)   ((m)->modflags & MOD_PY_SSIZE_T_CLEAN)
+ 
+ 
+ /* Handle section flags. */
+@@ -1630,6 +1633,7 @@ typedef struct _moduleCfg {
+     KwArgs kwargs;
+     const char *name;
+     int use_arg_names;
++    int py_ssize_t_clean;
+     int use_limited_api;
+     int all_raise_py_exc;
+     int call_super_init;
+Index: sip-4.19.23/sphinx/directives.rst
+===================================================================
+--- sip-4.19.23.orig/sphinx/directives.rst
++++ sip-4.19.23/sphinx/directives.rst
+@@ -1966,6 +1966,7 @@ then the pattern should instead be::
+             [, default_VirtualErrorHandler = *name*]
+             [, keyword_arguments = ["None" | "All" | "Optional"]]
+             [, language = *string*]
++            [, py_ssize_t_clean = [True | False]]
+             [, use_argument_names = [True | False]]
+             [, use_limited_api = [True | False]]
+             [, version = *integer*])
+@@ -2004,6 +2005,9 @@ implied by the (deprecated) :option:`-k
+ ``language`` specifies the implementation language of the library being
+ wrapped.  Its value is either ``"C++"`` (the default) or ``"C"``.
+ 
++``py_ssize_t_clean`` specifies that the generated code should include ``#define
++PY_SSIZE_T_CLEAN`` before any ``#include <Python.h>``.
++
+ When providing handwritten code as part of either the :directive:`%MethodCode`
+ or :directive:`%VirtualCatcherCode` directives the names of the arguments of
+ the function or method are based on the number of the argument, i.e. the first
+Index: sip-4.19.23/sipgen/lexer.c
+===================================================================
+--- sip-4.19.23.orig/sipgen/lexer.c
++++ sip-4.19.23/sipgen/lexer.c
+@@ -1,6 +1,6 @@
+-#line 2 "sip-4.19.23/sipgen/lexer.c"
++#line 2 "../lexer.c"
+ 
+-#line 4 "sip-4.19.23/sipgen/lexer.c"
++#line 4 "../lexer.c"
+ 
+ #define  YY_INT_ALIGNED short int
+ 
+@@ -8,8 +8,8 @@
+ 
+ #define FLEX_SCANNER
+ #define YY_FLEX_MAJOR_VERSION 2
+-#define YY_FLEX_MINOR_VERSION 5
+-#define YY_FLEX_SUBMINOR_VERSION 35
++#define YY_FLEX_MINOR_VERSION 6
++#define YY_FLEX_SUBMINOR_VERSION 4
+ #if YY_FLEX_SUBMINOR_VERSION > 0
+ #define FLEX_BETA
+ #endif
+@@ -47,7 +47,6 @@ typedef int16_t flex_int16_t;
+ typedef uint16_t flex_uint16_t;
+ typedef int32_t flex_int32_t;
+ typedef uint32_t flex_uint32_t;
+-typedef uint64_t flex_uint64_t;
+ #else
+ typedef signed char flex_int8_t;
+ typedef short int flex_int16_t;
+@@ -55,7 +54,6 @@ typedef int flex_int32_t;
+ typedef unsigned char flex_uint8_t; 
+ typedef unsigned short int flex_uint16_t;
+ typedef unsigned int flex_uint32_t;
+-#endif /* ! C99 */
+ 
+ /* Limits of integral types. */
+ #ifndef INT8_MIN
+@@ -86,63 +84,61 @@ typedef unsigned int flex_uint32_t;
+ #define UINT32_MAX             (4294967295U)
+ #endif
+ 
+-#endif /* ! FLEXINT_H */
+-
+-#ifdef __cplusplus
+-
+-/* The "const" storage-class-modifier is valid. */
+-#define YY_USE_CONST
+-
+-#else	/* ! __cplusplus */
++#ifndef SIZE_MAX
++#define SIZE_MAX               (~(size_t)0)
++#endif
+ 
+-/* C99 requires __STDC__ to be defined as 1. */
+-#if defined (__STDC__)
++#endif /* ! C99 */
+ 
+-#define YY_USE_CONST
++#endif /* ! FLEXINT_H */
+ 
+-#endif	/* defined (__STDC__) */
+-#endif	/* ! __cplusplus */
++/* begin standard C++ headers. */
+ 
+-#ifdef YY_USE_CONST
++/* TODO: this is always defined, so inline it */
+ #define yyconst const
++
++#if defined(__GNUC__) && __GNUC__ >= 3
++#define yynoreturn __attribute__((__noreturn__))
+ #else
+-#define yyconst
++#define yynoreturn
+ #endif
+ 
+ /* Returned upon end-of-file. */
+ #define YY_NULL 0
+ 
+-/* Promotes a possibly negative, possibly signed char to an unsigned
+- * integer for use as an array index.  If the signed char is negative,
+- * we want to instead treat it as an 8-bit unsigned char, hence the
+- * double cast.
++/* Promotes a possibly negative, possibly signed char to an
++ *   integer in range [0..255] for use as an array index.
+  */
+-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
++#define YY_SC_TO_UI(c) ((YY_CHAR) (c))
+ 
+ /* Enter a start condition.  This macro really ought to take a parameter,
+  * but we do it the disgusting crufty way forced on us by the ()-less
+  * definition of BEGIN.
+  */
+ #define BEGIN (yy_start) = 1 + 2 *
+-
+ /* Translate the current start state into a value that can be later handed
+  * to BEGIN to return to the state.  The YYSTATE alias is for lex
+  * compatibility.
+  */
+ #define YY_START (((yy_start) - 1) / 2)
+ #define YYSTATE YY_START
+-
+ /* Action number for EOF rule of a given start state. */
+ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
+-
+ /* Special action meaning "start processing a new file". */
+-#define YY_NEW_FILE yyrestart(yyin  )
+-
++#define YY_NEW_FILE yyrestart( yyin  )
+ #define YY_END_OF_BUFFER_CHAR 0
+ 
+ /* Size of default input buffer. */
+ #ifndef YY_BUF_SIZE
++#ifdef __ia64__
++/* On IA-64, the buffer size is 16k, not 8k.
++ * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case.
++ * Ditto for the __ia64__ case accordingly.
++ */
++#define YY_BUF_SIZE 32768
++#else
+ #define YY_BUF_SIZE 16384
++#endif /* __ia64__ */
+ #endif
+ 
+ /* The state buf must be large enough to hold one state per character in the main buffer.
+@@ -159,15 +155,16 @@ typedef struct yy_buffer_state *YY_BUFFE
+ typedef size_t yy_size_t;
+ #endif
+ 
+-extern yy_size_t yyleng;
++extern int yyleng;
+ 
+ extern FILE *yyin, *yyout;
+ 
+ #define EOB_ACT_CONTINUE_SCAN 0
+ #define EOB_ACT_END_OF_FILE 1
+ #define EOB_ACT_LAST_MATCH 2
+-
++    
+     #define YY_LESS_LINENO(n)
++    #define YY_LINENO_REWIND_TO(ptr)
+     
+ /* Return all but the first "n" matched characters back to the input stream. */
+ #define yyless(n) \
+@@ -182,7 +179,6 @@ extern FILE *yyin, *yyout;
+ 		YY_DO_BEFORE_ACTION; /* set up yytext again */ \
+ 		} \
+ 	while ( 0 )
+-
+ #define unput(c) yyunput( c, (yytext_ptr)  )
+ 
+ #ifndef YY_STRUCT_YY_BUFFER_STATE
+@@ -197,12 +193,12 @@ struct yy_buffer_state
+ 	/* Size of input buffer in bytes, not including room for EOB
+ 	 * characters.
+ 	 */
+-	yy_size_t yy_buf_size;
++	int yy_buf_size;
+ 
+ 	/* Number of characters read into yy_ch_buf, not including EOB
+ 	 * characters.
+ 	 */
+-	yy_size_t yy_n_chars;
++	int yy_n_chars;
+ 
+ 	/* Whether we "own" the buffer - i.e., we know we created it,
+ 	 * and can realloc() it to grow it, and should free() it to
+@@ -225,7 +221,7 @@ struct yy_buffer_state
+ 
+     int yy_bs_lineno; /**< The line count. */
+     int yy_bs_column; /**< The column count. */
+-    
++
+ 	/* Whether to try to fill the input buffer when we reach the
+ 	 * end of it.
+ 	 */
+@@ -253,7 +249,7 @@ struct yy_buffer_state
+ /* Stack of input buffers. */
+ static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
+ static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
+-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
++static YY_BUFFER_STATE * yy_buffer_stack = NULL; /**< Stack as an array. */
+ 
+ /* We provide macros for accessing buffer states in case in the
+  * future we want to put the buffer states in a more general
+@@ -264,7 +260,6 @@ static YY_BUFFER_STATE * yy_buffer_stack
+ #define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
+                           ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
+                           : NULL)
+-
+ /* Same as previous macro, but useful when we know that the buffer stack is not
+  * NULL or when we need an lvalue. For internal use only.
+  */
+@@ -272,11 +267,11 @@ static YY_BUFFER_STATE * yy_buffer_stack
+ 
+ /* yy_hold_char holds the character lost when yytext is formed. */
+ static char yy_hold_char;
+-static yy_size_t yy_n_chars;		/* number of characters read into yy_ch_buf */
+-yy_size_t yyleng;
++static int yy_n_chars;		/* number of characters read into yy_ch_buf */
++int yyleng;
+ 
+ /* Points to current character in buffer. */
+-static char *yy_c_buf_p = (char *) 0;
++static char *yy_c_buf_p = NULL;
+ static int yy_init = 0;		/* whether we need to initialize */
+ static int yy_start = 0;	/* start state number */
+ 
+@@ -285,84 +280,80 @@ static int yy_start = 0;	/* start state
+  */
+ static int yy_did_buffer_switch_on_eof;
+ 
+-void yyrestart (FILE *input_file  );
+-void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer  );
+-YY_BUFFER_STATE yy_create_buffer (FILE *file,int size  );
+-void yy_delete_buffer (YY_BUFFER_STATE b  );
+-void yy_flush_buffer (YY_BUFFER_STATE b  );
+-void yypush_buffer_state (YY_BUFFER_STATE new_buffer  );
+-void yypop_buffer_state (void );
+-
+-static void yyensure_buffer_stack (void );
+-static void yy_load_buffer_state (void );
+-static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file  );
+-
+-#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
+-
+-YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size  );
+-YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str  );
+-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,yy_size_t len  );
+-
+-void *yyalloc (yy_size_t  );
+-void *yyrealloc (void *,yy_size_t  );
+-void yyfree (void *  );
++void yyrestart ( FILE *input_file  );
++void yy_switch_to_buffer ( YY_BUFFER_STATE new_buffer  );
++YY_BUFFER_STATE yy_create_buffer ( FILE *file, int size  );
++void yy_delete_buffer ( YY_BUFFER_STATE b  );
++void yy_flush_buffer ( YY_BUFFER_STATE b  );
++void yypush_buffer_state ( YY_BUFFER_STATE new_buffer  );
++void yypop_buffer_state ( void );
++
++static void yyensure_buffer_stack ( void );
++static void yy_load_buffer_state ( void );
++static void yy_init_buffer ( YY_BUFFER_STATE b, FILE *file  );
++#define YY_FLUSH_BUFFER yy_flush_buffer( YY_CURRENT_BUFFER )
++
++YY_BUFFER_STATE yy_scan_buffer ( char *base, yy_size_t size  );
++YY_BUFFER_STATE yy_scan_string ( const char *yy_str  );
++YY_BUFFER_STATE yy_scan_bytes ( const char *bytes, int len  );
++
++void *yyalloc ( yy_size_t  );
++void *yyrealloc ( void *, yy_size_t  );
++void yyfree ( void *  );
+ 
+ #define yy_new_buffer yy_create_buffer
+-
+ #define yy_set_interactive(is_interactive) \
+ 	{ \
+ 	if ( ! YY_CURRENT_BUFFER ){ \
+         yyensure_buffer_stack (); \
+ 		YY_CURRENT_BUFFER_LVALUE =    \
+-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
++            yy_create_buffer( yyin, YY_BUF_SIZE ); \
+ 	} \
+ 	YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
+ 	}
+-
+ #define yy_set_bol(at_bol) \
+ 	{ \
+ 	if ( ! YY_CURRENT_BUFFER ){\
+         yyensure_buffer_stack (); \
+ 		YY_CURRENT_BUFFER_LVALUE =    \
+-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
++            yy_create_buffer( yyin, YY_BUF_SIZE ); \
+ 	} \
+ 	YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
+ 	}
+-
+ #define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
+ 
+ /* Begin user sect3 */
++typedef flex_uint8_t YY_CHAR;
+ 
+-typedef unsigned char YY_CHAR;
+-
+-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
++FILE *yyin = NULL, *yyout = NULL;
+ 
+ typedef int yy_state_type;
+ 
+ extern int yylineno;
+-
+ int yylineno = 1;
+ 
+ extern char *yytext;
++#ifdef yytext_ptr
++#undef yytext_ptr
++#endif
+ #define yytext_ptr yytext
+ 
+-static yy_state_type yy_get_previous_state (void );
+-static yy_state_type yy_try_NUL_trans (yy_state_type current_state  );
+-static int yy_get_next_buffer (void );
+-static void yy_fatal_error (yyconst char msg[]  );
++static yy_state_type yy_get_previous_state ( void );
++static yy_state_type yy_try_NUL_trans ( yy_state_type current_state  );
++static int yy_get_next_buffer ( void );
++static void yynoreturn yy_fatal_error ( const char* msg  );
+ 
+ /* Done after the current pattern has been matched and before the
+  * corresponding action - sets up yytext.
+  */
+ #define YY_DO_BEFORE_ACTION \
+ 	(yytext_ptr) = yy_bp; \
+-	yyleng = (yy_size_t) (yy_cp - yy_bp); \
++	yyleng = (int) (yy_cp - yy_bp); \
+ 	(yy_hold_char) = *yy_cp; \
+ 	*yy_cp = '\0'; \
+ 	(yy_c_buf_p) = yy_cp;
+-
+-#define YY_NUM_RULES 168
+-#define YY_END_OF_BUFFER 169
++#define YY_NUM_RULES 170
++#define YY_END_OF_BUFFER 171
+ /* This struct is not used in this scanner,
+    but its presence is necessary. */
+ struct yy_trans_info
+@@ -370,147 +361,149 @@ struct yy_trans_info
+ 	flex_int32_t yy_verify;
+ 	flex_int32_t yy_nxt;
+ 	};
+-static yyconst flex_int16_t yy_accept[1235] =
++static const flex_int16_t yy_accept[1261] =
+     {   0,
+         0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-      169,  167,  106,  109,  167,  167,  167,  167,  167,  111,
+-      111,  167,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,  167,  106,  167,  166,  165,  166,  166,  121,  119,
+-      121,  108,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  106,
+-      167,  107,  106,  167,    0,  116,    0,    0,  117,    0,
+-      111,    0,  115,  112,  115,  118,  110,  112,    0,  112,
+-      111,    0,   64,  114,  114,  114,  114,  114,  114,  114,
+-
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,   65,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,  120,
+-      114,  114,  114,  114,  114,  114,  114,   86,  114,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,    0,    0,    0,    0,    0,    0,  112,   83,  115,
+-      112,  110,  112,    0,  112,  113,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,   42,
+-
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,   16,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,  114,  114,  114,  114,  114,  114,
+-       85,  114,  114,  114,  114,  114,  114,  114,   94,  114,
+-      114,  114,  114,  114,    0,    0,  112,   55,  114,  114,
+-      114,   40,   38,  114,  114,  114,   48,  114,  114,  114,
+-      114,   43,  114,  114,  114,  114,  114,  114,  114,  114,
+-
+-      114,  114,  114,  114,  114,   53,  114,  114,  114,   46,
+-      114,    1,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,  157,   11,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,  164,  114,  104,  114,  114,  114,
+-      114,  114,  114,  114,   90,  114,  114,  114,  114,  114,
+-       97,  114,  114,   12,  114,  114,  114,  114,  114,  114,
+-      114,   27,   51,  114,  114,   54,   62,   44,  114,  114,
+-      114,  114,  114,   41,  114,  114,  114,   35,  114,  114,
+-
+-      114,   59,  114,  114,  114,  114,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-      105,  114,  114,  114,  114,  114,  114,  114,  114,   92,
+-      114,  114,  114,  114,  114,  114,  114,   37,  114,  114,
+-      114,  114,  114,  114,  114,   45,  114,  114,  114,  114,
+-      114,   29,  114,   49,   63,   52,   28,  114,  114,  114,
+-      114,  114,    0,    0,    0,    0,    0,    0,    0,    0,
+-
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,  114,  114,
+-      114,   84,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,  114,  114,   36,  114,  114,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-       31,  114,   32,  114,   56,  114,   47,   39,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-
+-        0,    0,   17,    0,    0,    0,    0,    0,    0,    0,
+-       21,    0,    0,    0,   24,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-      114,  103,   34,  114,  114,  114,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,   75,  114,   60,  114,   58,
+-      114,   61,   50,    0,    0,    0,    0,    0,    0,    0,
+-        0,    3,    0,    0,    0,  122,    0,    0,    0,    0,
+-      127,   14,    0,    0,    0,  161,    0,   18,    0,    0,
+-       19,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-
+-        0,    0,    0,    0,    0,  162,    0,    0,    0,    0,
+-        0,    0,    0,  114,  114,  114,  114,   88,   89,   91,
+-      114,  114,  114,  114,  114,   33,  114,  114,  114,  114,
+-      114,  114,  114,  114,  114,  114,  114,  114,  114,  114,
+-       57,   30,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,  159,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,   25,
+-        0,   26,  137,    0,    0,  134,    0,    0,    0,  114,
+-      114,  114,  114,  114,   95,   96,  114,  114,  114,  114,
+-
+-      114,   69,   68,  114,  114,  114,   72,  114,  114,   74,
+-      114,  114,  114,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,  156,
+-       13,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,   23,    0,    0,    0,
+-        0,  153,    0,    0,    0,    0,    0,  114,  114,  114,
+-      114,  114,  114,  114,   76,  114,  114,  114,   71,   67,
+-       82,  114,  114,  114,  114,   81,  160,    2,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-
+-        0,    0,   20,  138,  136,    0,    0,  151,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,  114,  114,
+-      114,  114,  114,  114,  114,   73,  114,   66,  114,  114,
+-       79,   80,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,  158,    0,    0,
+-        0,  143,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,  114,  114,
+-      114,  114,  114,  114,  114,  114,   77,   78,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,  150,
+-
+-        0,    0,    0,    0,    0,    0,    0,  155,    0,    0,
+-        0,    0,  114,  114,  114,  114,  114,  114,  114,   70,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,   15,
+-        0,    0,    0,    0,    0,  139,  152,    0,    0,    0,
+-        0,    0,  114,  114,  114,  114,   93,  114,  114,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,    0,    0,  142,    0,    0,
+-        0,    0,    0,  129,    0,    0,    0,    0,  114,  101,
+-      114,  114,  114,   99,  144,    0,    0,    0,    0,    0,
+-
+-        4,    0,    0,    0,    0,    0,    8,    9,    0,    0,
+-        0,    0,    0,    0,   22,    0,    0,    0,  140,    0,
+-        0,  114,  114,  114,  114,    0,    0,    0,    0,    0,
+-        0,    0,    0,    0,    0,   10,    0,    0,  133,    0,
+-      128,    0,    0,    0,    0,    0,  114,  114,   87,  114,
+-        0,    0,  148,    0,    0,    0,    0,    0,  124,    0,
+-        0,    0,    0,    0,    0,    0,    0,    0,    0,  114,
+-      114,   98,    0,    0,    0,    0,    5,    0,    0,    0,
+-        0,  126,    0,  131,    0,    0,    0,  141,    0,  114,
+-      114,  149,  146,    0,  145,  123,    0,    0,    0,    0,
+-
+-        0,    0,  135,  163,  114,  114,  147,    0,    0,    0,
+-      154,    0,    0,  114,  114,  125,    0,    0,    0,  130,
+-      100,  114,    6,    0,  132,  114,    0,  114,    0,  114,
+-        7,  114,  102,    0
++      171,  169,  108,  111,  169,  169,  169,  169,  169,  113,
++      113,  169,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  169,  108,  169,  168,  167,  168,  168,  123,
++      121,  123,  110,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  108,  169,  109,  108,  169,    0,  118,    0,    0,
++      119,    0,  113,    0,  117,  114,  117,  120,  112,  114,
++        0,  114,  113,    0,   64,  116,  116,  116,  116,  116,
++
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,   65,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,  122,  116,  116,  116,  116,  116,  116,  116,
++       87,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,    0,    0,    0,    0,    0,
++        0,  114,   84,  117,  114,  112,  114,    0,  114,  115,
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++
++      116,  116,  116,  116,   42,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++       16,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,  116,
++      116,  116,  116,  116,  116,   86,  116,  116,  116,  116,
++      116,  116,  116,  116,   95,  116,  116,  116,  116,  116,
++        0,    0,  114,   55,  116,  116,  116,  116,   40,   38,
++      116,  116,  116,   48,  116,  116,  116,  116,   43,  116,
++
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,   53,  116,  116,  116,   46,  116,    1,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,  159,   11,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,  166,  116,  106,  116,  116,  116,  116,  116,  116,
++      116,   91,  116,  116,  116,  116,  116,  116,   98,  116,
++      116,   12,  116,  116,  116,  116,  116,  116,  116,  116,
++       27,   51,  116,  116,   54,   62,   44,  116,  116,  116,
++
++      116,  116,   41,  116,  116,  116,   35,  116,  116,  116,
++       59,  116,  116,  116,  116,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,  107,
++      116,  116,  116,  116,  116,  116,  116,  116,   93,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,   37,  116,
++      116,  116,  116,  116,  116,  116,   45,  116,  116,  116,
++      116,  116,   29,  116,   49,   63,   52,   28,  116,  116,
++
++      116,  116,  116,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,  116,
++      116,  116,   85,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,  116,   36,  116,  116,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,   31,  116,   32,  116,   56,  116,   47,
++       39,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,   17,    0,    0,    0,    0,
++        0,    0,    0,   21,    0,    0,    0,   24,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,  116,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,  105,  116,   34,  116,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,  116,  116,
++       75,  116,   60,  116,   58,  116,   61,   50,    0,    0,
++        0,    0,    0,    0,    0,    0,    3,    0,    0,    0,
++      124,    0,    0,    0,    0,  129,   14,    0,    0,    0,
++
++      163,    0,   18,    0,    0,   19,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++      164,    0,    0,    0,    0,    0,    0,    0,  116,  116,
++      116,  116,   89,   90,   92,  116,  116,  116,  116,  116,
++      116,  116,   33,  116,  116,  116,  116,  116,  116,  116,
++      116,  116,  116,  116,  116,  116,  116,   57,   30,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,  161,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,   25,    0,   26,  139,
++
++        0,    0,  136,    0,    0,    0,  116,  116,  116,  116,
++      116,  116,   96,   97,  116,  116,   82,  116,  116,  116,
++       69,   68,  116,  116,  116,   72,  116,  116,   74,  116,
++      116,  116,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,  158,   13,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,   23,    0,    0,    0,    0,
++      155,    0,    0,    0,    0,    0,  116,  116,  116,  116,
++      116,  116,  116,  116,   76,  116,  116,  116,   71,   67,
++       83,  116,  116,  116,  116,   81,  162,    2,    0,    0,
++
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,   20,  140,  138,    0,    0,  153,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,  116,  116,
++      116,  116,  116,  116,  116,  116,   73,  116,   66,  116,
++      116,   79,   80,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,  160,    0,
++        0,    0,  145,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,  116,
++      116,  116,  116,  116,  116,  116,  116,  116,   77,   78,
++
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,  152,    0,    0,    0,    0,    0,    0,    0,  157,
++        0,    0,    0,    0,  116,  116,  116,  116,  116,  116,
++      116,  116,   70,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,   15,    0,    0,    0,    0,    0,  141,  154,
++        0,    0,    0,    0,    0,  116,  116,  116,  116,  116,
++       94,  116,  116,    0,    0,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++
++        0,  144,    0,    0,    0,    0,    0,  131,    0,    0,
++        0,    0,  116,  103,  116,  116,  116,  116,  101,  146,
++        0,    0,    0,    0,    0,    4,    0,    0,    0,    0,
++        0,    8,    9,    0,    0,    0,    0,    0,    0,   22,
++        0,    0,    0,  142,    0,    0,  116,  116,  116,  100,
++      116,    0,    0,    0,    0,    0,    0,    0,    0,    0,
++        0,   10,    0,    0,  135,    0,  130,    0,    0,    0,
++        0,    0,  116,  116,   88,  116,    0,    0,  150,    0,
++        0,    0,    0,    0,  126,    0,    0,    0,    0,    0,
++        0,    0,    0,    0,    0,  116,  116,   99,    0,    0,
++
++        0,    0,    5,    0,    0,    0,    0,  128,    0,  133,
++        0,    0,    0,  143,    0,  116,  116,  151,  148,    0,
++      147,  125,    0,    0,    0,    0,    0,    0,  137,  165,
++      116,  116,  149,    0,    0,    0,  156,    0,    0,  116,
++      116,  127,    0,    0,    0,  132,  102,  116,    6,    0,
++      134,  116,    0,  116,    0,  116,    7,  116,  104,    0
+     } ;
+ 
+-static yyconst flex_int32_t yy_ec[256] =
++static const YY_CHAR yy_ec[256] =
+     {   0,
+         1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
+         1,    1,    4,    1,    1,    1,    1,    1,    1,    1,
+@@ -542,7 +535,7 @@ static yyconst flex_int32_t yy_ec[256] =
+         1,    1,    1,    1,    1
+     } ;
+ 
+-static yyconst flex_int32_t yy_meta[71] =
++static const YY_CHAR yy_meta[71] =
+     {   0,
+         1,    1,    2,    1,    1,    1,    1,    1,    1,    1,
+         1,    3,    3,    3,    4,    4,    1,    4,    4,    4,
+@@ -553,614 +546,629 @@ static yyconst flex_int32_t yy_meta[71]
+         3,    3,    3,    3,    3,    3,    3,    3,    3,    1
+     } ;
+ 
+-static yyconst flex_int16_t yy_base[1243] =
++static const flex_int16_t yy_base[1269] =
+     {   0,
+-        0,   69, 2841,   70,   71,   74,   76,   76, 2835,   81,
+-     2842, 2845, 2845, 2845,   74,   83,   78,   88,   78,  129,
+-     2774, 2823,   83,   95,   98,  103,  107,  135,  141,  147,
+-      156,  150,  159,  163,  169,  185,  203,  208,  212,  218,
+-      223, 2769,  144,  260, 2845, 2845,  172, 2816, 2845, 2845,
+-     2823, 2845,  227,  230,  238,  288,  292,  299,  296,  303,
+-      306,  311,  241,  314,  317,  323,  350,  326,  369,  184,
+-     2814, 2845,  201, 2813,  121, 2845, 2831,  216, 2845,   90,
+-     2766,  175,  250,  375,  192, 2845,    0,  379,  394, 2845,
+-     2845,    0, 2845,  336,  402,  408,  420,  423,  426,  429,
+-
+-      433,  436,  442,  445,  448,  451,  454,  457,  464,  467,
+-      471,  474,  480,  483,  489,  498,  502,  505,  517,  522,
+-      525,  531,  537,  540,  547, 2845,  232,    0,  321, 2806,
+-      154,   64,  134,  253,  225, 2777,  489, 2776,  518, 2769,
+-      511, 2782, 2777,  179, 2768, 2771,  366, 2802, 2765, 2845,
+-      561,  567,  570,  576,  583,  589,  592,  595,  598,  601,
+-      606,  610,  615,  623,  626,  629,  632,  639,  635,  644,
+-      648,  390, 2800, 2754,  406, 2798,  207,  648,  366,  665,
+-      511,    0,  688,  141,  670,    0,  661,  693,  675,  700,
+-      703,  711,  714,  718,  721,  728,  731,  734,  737,  740,
+-
+-      745,  748,  754,  757,  773,  776,  782,  787,  790,  793,
+-      796,  799,  804,  807,  811,  815,  821,  825,  834,  838,
+-     2793, 2770, 2754,  297, 2757,  717, 2764, 2766, 2764,  794,
+-     2766, 2753,  191, 2747, 2760, 2845, 2748,  345, 2759,  311,
+-     2743, 2756, 2741, 2755,   34, 2740,  439, 2747, 2737, 2742,
+-     2738, 2743, 2735, 2746,  855,  858,  864,  867,  873,  877,
+-      880,  883,  886,  889,  892,  898,  901,  908,  912,  915,
+-      918,  931,  934,  923, 2745,  941,  946,  951,  958,  962,
+-      974,  977,  986,  989,  992, 1000, 1003, 1006, 1009, 1012,
+-     1015, 1018, 1021, 1024, 1027, 1030, 1033, 1036, 1040, 1049,
+-
+-     1052, 1062, 1079, 1083, 1088, 1091, 1094, 1097, 1105, 1108,
+-     1111, 2845, 2743, 2733, 2741, 2740, 2740, 2728,  362, 2719,
+-     2740, 2723, 2845, 2734, 2724, 2721, 2718, 2734, 2723, 2717,
+-     2757, 2726, 2716, 2718, 2710, 2709, 2721, 2720, 2709, 2715,
+-     2703, 2712, 2710, 2701, 2711, 2699, 1051, 2701, 2698, 2739,
+-     2708, 2707, 2693, 2692, 2845, 1116, 1119, 1122, 1128, 1132,
+-     1138, 1143, 1146, 1149, 1162, 1166, 1173, 1176, 1180, 1185,
+-     1191, 1199, 1202, 2845, 1205, 1209, 1219, 1215, 1230, 1225,
+-     1239, 1246, 1257, 1260, 1264, 1267, 1270, 1273, 1276, 1279,
+-     1282, 1285, 1289, 1292, 1295, 1301, 1304, 1307, 1310, 1313,
+-
+-     1316, 1326, 1334, 1340, 1343, 1347, 2692, 2720, 2689, 2695,
+-     2686, 2690, 2689, 2697, 2692, 2681, 2681, 2683, 2681, 2695,
+-     2676, 2683, 2688, 2691, 2677, 2704, 2673, 2669, 2678, 2685,
+-     2672, 2678, 2678, 2668, 2670, 2666, 2668, 2672, 2668, 2695,
+-     2662, 2669, 2650, 2667, 2666, 2656, 2658,  546,  536, 2649,
+-     1351, 1356, 1359, 1366, 1369, 1373, 1381, 1387, 1392, 1395,
+-     1398, 1401, 1404, 1411, 1416, 1423, 1426, 1429, 1433, 1442,
+-     1439, 1471, 1474, 1477, 1480, 1483, 1487, 1498, 1501, 1504,
+-     1507, 1510, 1513, 1516, 1519, 1522, 1525, 1533, 1536, 1539,
+-     1543, 1549, 2650, 2643, 1545, 2660, 2653, 2646, 2651, 2645,
+-
+-     2647, 2648, 2642, 2639, 2638, 2652, 2638, 2644, 2651, 2631,
+-     2646, 2648, 2630, 2643, 2645, 2632, 2627, 2634, 2638, 2637,
+-     2635, 2626, 2633, 2623, 2623, 2622, 2625, 2615, 2614, 2615,
+-     2655, 2625, 2619, 2613,  363, 2612, 2611, 2623, 1554, 1559,
+-     1564, 1570, 1579, 1588, 1591, 1597, 1601, 1604, 1607, 1612,
+-     1617, 1620, 1623, 1635, 1643, 1646, 1649, 1657, 1663, 1668,
+-     1678, 1681, 1684, 1687, 1690, 1696, 1700, 1703, 1712, 1715,
+-     1718, 1722, 1725, 1728, 1732, 1735, 1738, 1741, 2648, 2636,
+-     2602, 2612, 2614, 2613, 2601, 2615, 2610, 2605, 2604, 2594,
+-     2604, 2592, 2600, 2599, 2602, 2588, 2600, 2587, 2587, 2597,
+-
+-     2596, 2588, 2845, 2594, 2587, 2594, 2591, 2584, 2602, 2618,
+-      567, 2591, 2616, 2574, 2845, 2580, 2570, 2579, 2578, 2567,
+-     2570, 2578, 2569, 2577, 2579, 2566, 2574, 2560, 2565, 1744,
+-     1749, 1755, 1767, 1761, 1773, 1776, 1779, 1782, 1785, 1789,
+-     1801, 1804, 1808, 1812, 1815, 1833, 1836, 1845, 1851, 1854,
+-     1857, 1860, 1863, 1870, 1874, 1882, 1886, 1889, 1892, 1897,
+-     1900, 1903, 1906, 2561, 2573, 2565, 2547, 2546, 2539, 2536,
+-     2527, 2845, 2525, 2538,  593, 2845, 1313, 2528, 2526, 2535,
+-     2845, 2845, 2537, 2562, 2520, 2845, 2530, 2845, 2525, 2528,
+-     2845, 2527, 2506, 2514, 2513, 2521, 2514, 2510, 2511, 2503,
+-
+-     2511, 2505, 2504, 2493, 2511, 2845, 2509, 2508, 2508, 2493,
+-     2505, 2491,  680, 1909, 1912, 1916, 1919, 1922, 1925, 1931,
+-     1934, 1938, 1944, 1954, 1957, 1960, 1963, 1966, 1969, 1973,
+-     1978, 1987, 1993, 2004, 2009, 2012, 2015, 2022, 2025, 2028,
+-     2035, 2040, 2504, 2494, 2492, 2480, 2487, 2515, 2465, 2466,
+-     2465, 2458, 2438, 2439, 2388, 2388, 2393, 2377, 2387, 2379,
+-      837, 2373, 2373, 2368, 2367, 2362, 2399, 2845, 2334, 2340,
+-     2338, 2340, 2336, 2311, 2297, 2291, 2297, 2293, 2268, 2845,
+-     2268, 2845, 2845, 2259, 2286, 2845, 2277, 2255, 2239, 2043,
+-     2049, 2052, 2055, 2058, 2062, 2065, 2068, 2071, 2077, 2080,
+-
+-     2083, 2086, 2095, 2099, 2110, 2113, 2116, 2124, 2127, 2130,
+-     2137, 2140, 2143, 2245, 2243, 2242, 2241, 2233, 2188, 2196,
+-     2225, 2213, 2163, 2166,  231, 2175, 2174, 2157, 2145, 2845,
+-     2845, 2145, 2152, 2123, 2136, 2127, 2118, 2107, 2119, 2087,
+-     2095, 2084, 2083, 2082, 2062, 2067, 2845, 2069, 2049, 2083,
+-     2067, 2845, 2025, 2000, 2000,  673, 1989, 2146, 2150, 2158,
+-     2161, 2165, 2169, 2172, 2175, 2180, 2184, 2187, 2195, 2198,
+-     2204, 2216, 2219, 2222, 2225, 2228, 2845, 2845, 1983, 1979,
+-     1966, 1955, 1995, 1948, 1949, 1953, 1945, 1933, 1928, 1932,
+-     1934, 1918, 1913, 1913, 1914, 1894, 1894, 1891, 1920, 1861,
+-
+-     1828, 1840, 2845, 2845, 2845, 1829, 1813, 2845, 1804, 1800,
+-     1793, 1792, 1820, 1790, 1789, 1780, 1786, 1774, 2237, 2242,
+-     2245, 2250, 2253, 2256, 2259, 2262, 2265, 2268, 2271, 2274,
+-     2277, 2285, 1811, 1779, 1768, 1752, 1744, 1756, 1756, 1755,
+-     1746, 1735, 1717, 1708, 1721, 1702, 1703, 2845, 1710, 1672,
+-     1662, 2845, 1659, 1657, 1634, 1636, 1624, 1617, 1618, 1604,
+-     1616, 1605, 1592, 1600, 1589, 1624, 1589, 1578, 2299, 2303,
+-     2308, 2311, 2315, 2318, 2321, 2324, 2327, 2335, 1579, 1571,
+-     1556, 1543, 1547, 1546, 1531, 1564, 1522, 1568, 1536, 1518,
+-     1520, 1501, 1496, 1508, 1518, 1522, 1491, 1458, 1448, 2845,
+-
+-     1485, 1440, 1440, 1435, 1430, 1427, 1427, 2845, 1409, 1410,
+-     1418, 1441, 2338, 2341, 2344, 2352, 2357, 2362, 2365, 2368,
+-     1411, 1409, 1383, 1411, 1375, 1370, 1363, 1344, 1337, 1340,
+-     1371, 1336, 1330, 1317, 1307, 1313, 1312, 1285, 1291, 2845,
+-     1274, 1272, 1262, 1254, 1204, 2845, 2845, 1214, 1214, 1212,
+-     1193, 1203, 2371, 2379, 2384, 2387, 2391, 2398, 2394, 1198,
+-     1174, 1159, 1150, 1158, 1145, 1151, 1151, 1145, 1145, 1123,
+-     1123, 1125, 1121, 1110, 1148, 1109, 1116, 2845, 1144, 1104,
+-     1098, 1084, 1084, 2845, 1087, 1076, 1095,   78, 2401, 2404,
+-     2409, 2414, 2421, 2438, 2845,  175,  207,  199,  199,  268,
+-
+-     2845,  250,  302,  271,  294,  307, 2845, 2845,  310,  392,
+-      389,  423,  415,  440, 2845,  445,  448,  488, 2845,  467,
+-      483, 2441, 2444, 2447, 2450,  496,  517,  541,  579,  562,
+-      569,  574,  606,  619,  756, 2845,  633,  671, 2845,  648,
+-     2845,  649,  660,  678,  706,  707, 2453, 2456, 2459, 2462,
+-      723,  732, 2845,  723,  742,  764,  777,  810, 2845,  772,
+-      787,  794,  790,  803,  797,  840,  824,  832,  857, 2467,
+-     2470, 2473,  866,  868,  884,  890, 2845,  891,  891,  893,
+-      907, 2845,  917, 2845,  957,  919,  930, 2845,  922, 2480,
+-     2476, 2845, 2845,  934, 2845, 2845,  944,  938,  938,  961,
+-
+-      998, 1009, 2845, 2845, 2483, 2489, 2845, 1017, 1023, 1025,
+-     2845, 1023, 1029, 2494, 2498, 2845, 1019, 1022, 1038, 2845,
+-     2506, 2509, 2845, 1025, 2845, 2513, 1037, 2519, 1062, 2526,
+-     2845, 2533, 2536, 2845, 2594, 2598, 2602, 2606, 2608, 2610,
+-     2614, 1109
++        0,   69, 2946,   70,   71,   74,   76,   76, 2940,   81,
++     2947, 2950, 2950, 2950,   74,   83,   78,   88,   78,  129,
++     2879, 2928,   83,   95,   98,  102,  136,  141,  151,  147,
++      156,  159,  162,  169,  175,  178,  185,  189,  204,  212,
++      217,  220, 2874,  115,  259, 2950, 2950,  117, 2921, 2950,
++     2950, 2928, 2950,  223,  246,  249,  287,  261,  296,  301,
++      290,  304,  310,  313,  316,  322,  348,  353,  358,  366,
++      375,  206, 2919, 2950,  238, 2918,  151, 2950, 2936,  244,
++     2950,   90, 2871,  172,  361,  421,  197, 2950,    0,  398,
++      380, 2950, 2950,    0, 2950,  387,  418,  428,  438,  442,
++
++      445,  448,  451,  454,  464,  467,  470,  473,  476,  479,
++      486,  489,  493,  496,  501,  504,  507,  510,  513,  523,
++      528,  531,  540,  545,  551,  561,  564,  568, 2950,  284,
++        0,  273, 2911,  189,   70,  183,  291,  299, 2882,  388,
++     2881,  335, 2874,  532, 2887, 2882,   89, 2873, 2876,  351,
++     2907, 2870, 2950,  582,  585,  588,  594,  597,  602,  611,
++      614,  617,  620,  623,  627,  633,  639,  642,  645,  648,
++      652,  655,  663,  667,  677,  391, 2905, 2859,  416, 2903,
++      197,  677,  370,  694,  390,    0,  703,  162,  699,    0,
++      717,  720,  723,  727,  730,  743,  746,  749,  752,  755,
++
++      761,  764,  767,  775,  771,  778,  781,  784,  788,  793,
++      802,  806,  810,  815,  820,  823,  826,  829,  834,  837,
++      847,  850,  857,  860,  864, 2898, 2875, 2859,  232, 2862,
++      510, 2869, 2871, 2869,  284, 2871, 2858,  202, 2852, 2865,
++     2950, 2853,  834, 2864,  303, 2848, 2861, 2846, 2860,   34,
++     2845,  489, 2852, 2842, 2847, 2843, 2848, 2840, 2851,  867,
++      886,  889,  893,  899,  902,  905,  909,  912,  918,  926,
++      929,  934,  938,  942,  948,  953,  957,  960,  967,  973,
++     2850,  976,  981, 1001, 1004, 1007, 1010, 1015, 1024, 1027,
++     1031, 1040, 1043, 1046, 1050, 1055, 1058, 1061, 1064, 1067,
++
++     1070, 1073, 1076, 1082, 1088, 1094, 1097, 1108, 1118, 1121,
++     1125, 1133, 1136, 1140, 1143, 1146, 1149, 1152, 2950, 2848,
++     2838, 2846, 2845, 2845, 2833,  525, 2824, 2845, 2828, 2950,
++     2839, 2829, 2826, 2823, 2839, 2828, 2822, 2862, 2831, 2821,
++     2823, 2815, 2814, 2826, 2825, 2814, 2820, 2808, 2817, 2815,
++     2806, 2816, 2804,  668, 2806, 2803, 2844, 2813, 2812, 2798,
++     2797, 2950, 1161, 1164, 1170, 1173, 1178, 1184, 1188, 1191,
++     1194, 1202, 1207, 1210, 1213, 1220, 1223, 1226, 1231, 1236,
++     1244, 2950, 1247, 1264, 1277, 1290, 1293, 1296, 1299, 1303,
++     1306, 1310, 1313, 1324, 1329, 1332, 1335, 1338, 1341, 1344,
++
++     1347, 1352, 1355, 1361, 1364, 1367, 1370, 1373, 1376, 1379,
++     1389, 1396, 1402, 1406, 1410, 2797, 2825, 2794, 2800, 2791,
++     2795, 2794, 2802, 2797, 2786, 2786, 2788, 2786, 2800, 2781,
++     2788, 2793, 2796, 2782, 2809, 2778, 2774, 2783, 2790, 2777,
++     2783, 2783, 2773, 2775, 2771, 2773, 2777, 2773, 2800, 2767,
++     2774, 2755, 2772, 2771, 2761, 2763,  385,  233, 2754, 1414,
++     1419, 1422, 1429, 1435, 1444, 1449, 1454, 1457, 1460, 1463,
++     1468, 1474, 1477, 1480, 1488, 1494, 1497, 1507, 1500, 1510,
++     1514, 1535, 1543, 1546, 1549, 1559, 1555, 1564, 1570, 1574,
++     1577, 1580, 1583, 1586, 1589, 1592, 1595, 1598, 1601, 1607,
++
++     1610, 1616, 1622, 2755, 2748, 1606, 2765, 2758, 2751, 2756,
++     2750, 2752, 2753, 2747, 2744, 2743, 2757, 2743, 2749, 2756,
++     2736, 2751, 2753, 2735, 2748, 2750, 2737, 2732, 2739, 2743,
++     2742, 2740, 2731, 2738, 2728, 2728, 2727, 2730, 2720, 2719,
++     2720, 2760, 2730, 2724, 2718,  373, 2717, 2716, 2728, 1625,
++     1637, 1640, 1643, 1649, 1653, 1656, 1661, 1664, 1668, 1674,
++     1677, 1680, 1683, 1696, 1702, 1705, 1708, 1712, 1715, 1723,
++     1730, 1733, 1748, 1737, 1751, 1756, 1759, 1763, 1767, 1772,
++     1778, 1783, 1786, 1789, 1793, 1796, 1799, 1804, 1807, 1810,
++     1813, 2753, 2741, 2707, 2717, 2719, 2718, 2706, 2720, 2715,
++
++     2710, 2709, 2699, 2709, 2697, 2705, 2704, 2707, 2693, 2705,
++     2692, 2692, 2702, 2701, 2693, 2950, 2699, 2692, 2699, 2696,
++     2689, 2707, 2723,  536, 2696, 2721, 2679, 2950, 2685, 2675,
++     2682, 2659, 2648, 2651, 2659, 2650, 2658, 2660, 2647, 2655,
++     2641, 2646, 1816, 1820, 1823, 1826, 1832, 1838, 1841, 1845,
++     1848, 1851, 1860, 1863, 1871, 1877, 1886, 1880, 1889, 1896,
++     1893, 1901, 1916, 1920, 1923, 1926, 1929, 1932, 1943, 1951,
++     1954, 1959, 1962, 1965, 1970, 1973, 1976, 1979, 2641, 2652,
++     2646, 2650, 2649, 2642, 2639, 2630, 2950, 2627, 2640,  566,
++     2950, 1158, 2630, 2628, 2637, 2950, 2950, 2638, 2663, 2621,
++
++     2950, 2630, 2950, 2625, 2628, 2950, 2627, 2608, 2616, 2612,
++     2620, 2598, 2594, 2594, 2559, 2567, 2557, 2555, 2532, 2550,
++     2950, 2547, 2546, 2545, 2529, 2541, 2507,  395, 1982, 1988,
++     1991, 1994, 1997, 2000, 2004, 2007, 2011, 2014, 2021, 2029,
++     2032, 2035, 2041, 2044, 2054, 2058, 2066, 2070, 2077, 2080,
++     2092, 2096, 2099, 2102, 2110, 2113, 2116, 2061, 2123, 2520,
++     2476, 2477, 2463, 2470, 2491, 2437, 2449, 2447, 2446, 2429,
++     2430, 2416, 2416, 2422, 2404, 2415, 2390,  957, 2384, 2386,
++     2357, 2349, 2347, 2387, 2950, 2334, 2344, 2342, 2338, 2335,
++     2304, 2282, 2277, 2283, 2268, 2250, 2950, 2246, 2950, 2950,
++
++     2244, 2273, 2950, 2253, 2222, 2206, 2128, 2131, 2136, 2139,
++     2142, 2145, 2150, 2153, 2156, 2162, 2165, 2170, 2173, 2184,
++     2196, 2201, 2204, 2207, 2213, 2218, 2224, 2227, 2230, 2237,
++     2240, 2243, 2215, 2196, 2195, 2215, 2214, 2169, 2173, 2203,
++     2181, 2141, 2144,  433, 2153, 2151, 2131, 2133, 2950, 2950,
++     2130, 2138, 2113, 2126, 2123, 2121, 2100, 2100, 2079, 2082,
++     2081, 2070, 2068, 2044, 2051, 2950, 2051, 2040, 2068, 2065,
++     2950, 2008, 2006, 2005,  275, 2001, 2246, 2250, 2258, 2261,
++     2264, 2269, 2272, 2275, 2278, 2285, 2288, 2291, 2298, 2302,
++     2309, 2313, 2320, 2323, 2326, 2329, 2950, 2950, 1999, 1995,
++
++     1987, 1986, 2020, 1973, 1977, 1981, 1972, 1934, 1929, 1918,
++     1902, 1914, 1908, 1905, 1905, 1890, 1889, 1876, 1904, 1877,
++     1857, 1862, 2950, 2950, 2950, 1846, 1839, 2950, 1830, 1827,
++     1820, 1811, 1849, 1818, 1818, 1792, 1794, 1755, 2335, 2338,
++     2343, 2346, 2351, 2354, 2357, 2360, 2363, 2366, 2369, 2373,
++     2376, 2384, 2388, 1768, 1736, 1731, 1716, 1694, 1706, 1706,
++     1690, 1694, 1683, 1652, 1648, 1655, 1639, 1639, 2950, 1650,
++     1634, 1625, 2950, 1612, 1611, 1593, 1595, 1583, 1584, 1578,
++     1569, 1568, 1531, 1520, 1524, 1509, 1544, 1492, 1483, 2401,
++     2404, 2409, 2412, 2415, 2418, 2421, 2424, 2427, 2430, 2438,
++
++     1480, 1487, 1481, 1468, 1478, 1453, 1439, 1469, 1429, 1476,
++     1433, 1418, 1424, 1396, 1396, 1404, 1428, 1431, 1401, 1395,
++     1385, 2950, 1420, 1374, 1375, 1383, 1362, 1361, 1357, 2950,
++     1341, 1340, 1347, 1371, 2441, 2444, 2447, 2451, 2465, 2468,
++     2471, 2474, 2482, 1345, 1321, 1320, 1342, 1283, 1283, 1275,
++     1271, 1240, 1243, 1277, 1242, 1236, 1233, 1219, 1225, 1230,
++     1224, 1231, 2950, 1221, 1215, 1223, 1224, 1205, 2950, 2950,
++     1217, 1216, 1214, 1201, 1208, 2490, 2493, 2496, 2500, 2504,
++     2509, 2513, 2518, 1203, 1190, 1185, 1182, 1179, 1167, 1167,
++     1163, 1159, 1147, 1112, 1110, 1115, 1093, 1081, 1108, 1069,
++
++     1076, 2950, 1103, 1069, 1067, 1052, 1059, 2950, 1062, 1048,
++     1077,   68, 2523, 2526, 2529, 2532, 2535, 2541, 2548, 2950,
++      126,  174,  178,  226,  273, 2950,  248,  348,  376,  404,
++      443, 2950, 2950,  446,  452,  469,  483,  512,  533, 2950,
++      558,  558,  599, 2950,  561,  593, 2551, 2554, 2561, 2564,
++     2567,  584,  611,  622,  653,  623,  630,  636,  635,  653,
++      684, 2950,  664,  696, 2950,  675, 2950,  686,  689,  689,
++      702,  714, 2570, 2573, 2576, 2590,  722,  754, 2950,  750,
++      761,  775,  795,  832, 2950,  795,  801,  807,  807,  825,
++      826,  865,  842,  842,  844, 2593, 2596, 2599,  845,  858,
++
++      878,  878, 2950,  883,  876,  876,  892, 2950,  904, 2950,
++      937,  899,  913, 2950,  916, 2606, 2612, 2950, 2950,  939,
++     2950, 2950,  949,  942,  944,  953,  946,  957, 2950, 2950,
++     2615, 2619, 2950,  958,  963,  979, 2950,  977,  980, 2623,
++     2626, 2950,  971,  983,  997, 2950, 2629, 2633, 2950,  997,
++     2950, 2636, 1004, 2645, 1041, 2649, 2950, 2652, 2655, 2950,
++     2713, 2717, 2721, 2725, 2727, 2729, 2733, 1088
+     } ;
+ 
+-static yyconst flex_int16_t yy_def[1243] =
++static const flex_int16_t yy_def[1269] =
+     {   0,
+-     1234,    1, 1235, 1235, 1236, 1236,    1,    7,    1,    1,
+-     1234, 1234, 1234, 1234, 1237, 1238, 1234, 1239, 1234, 1234,
+-       20, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1234,
+-       44, 1234, 1234,   44, 1237, 1234, 1237, 1238, 1234, 1234,
+-       20, 1239, 1239, 1239, 1239, 1234, 1241, 1234, 1234, 1234,
+-     1234, 1242, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1234, 1234,   44, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1234,   44, 1234, 1234,   44, 1234, 1234, 1239, 1239,
+-     1239, 1241, 1234, 1234, 1234, 1242, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1234, 1239, 1239, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1234, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-
+-     1240, 1240, 1240, 1240, 1240, 1240, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240,
+-     1240, 1240, 1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234,
+-
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1240, 1240, 1240, 1240, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240, 1240, 1240,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240,
+-     1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240,
+-     1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-
+-     1234, 1234, 1234, 1234, 1240, 1240, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1240, 1240, 1234, 1234, 1234, 1234, 1234,
+-     1240, 1240, 1234, 1234, 1234, 1240, 1234, 1240, 1234, 1240,
+-     1234, 1240, 1240,    0, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234
++     1260,    1, 1261, 1261, 1262, 1262,    1,    7,    1,    1,
++     1260, 1260, 1260, 1260, 1263, 1264, 1260, 1265, 1260, 1260,
++       20, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1260,   45, 1260, 1260,   45, 1263, 1260, 1263, 1264,
++     1260, 1260,   20, 1265, 1265, 1265, 1265, 1260, 1267, 1260,
++     1260, 1260, 1260, 1268, 1260, 1266, 1266, 1266, 1266, 1266,
++
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1260, 1260,
++       45, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1260,   45, 1260, 1260,   45,
++     1260, 1260, 1265, 1265, 1265, 1267, 1260, 1260, 1260, 1268,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1260, 1265, 1265, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++
++     1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++
++     1260, 1260, 1260, 1260, 1260, 1260, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1260, 1260, 1260, 1260,
++
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266,
++     1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266,
++
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1266, 1266, 1266, 1266, 1266,
++     1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1266, 1266, 1266, 1266,
++     1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1266, 1266, 1266, 1266, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1266, 1266, 1266, 1260, 1260,
++
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1266, 1266, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266,
++     1266, 1260, 1260, 1260, 1260, 1260, 1266, 1266, 1260, 1260,
++     1260, 1266, 1260, 1266, 1260, 1266, 1260, 1266, 1266,    0,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260
+     } ;
+ 
+-static yyconst flex_int16_t yy_nxt[2916] =
++static const flex_int16_t yy_nxt[3021] =
+     {   0,
+        12,   13,   14,   13,   15,   12,   16,   12,   12,   12,
+        12,   17,   18,   19,   20,   21,   22,   23,   23,   23,
+        23,   23,   23,   23,   23,   23,   23,   23,   23,   23,
+-       24,   23,   23,   25,   23,   26,   23,   23,   23,   23,
+-       23,   23,   23,   12,   23,   23,   27,   28,   29,   30,
+-       31,   23,   23,   32,   23,   33,   23,   34,   35,   36,
+-       23,   37,   38,   39,   40,   41,   23,   23,   23,   42,
+-       43,   47,   46,   50,   44,   48,   50,   70,   76,  344,
+-       51,   71,   73,   51,   52,   79,   74,   86,   72,   79,
+-       80,   87,   81,   81,   82,   85,   82,  345,   53,   82,
+-
+-       83,   82,   84,   84,  178,  178,   82,   85,   82,   82,
+-       85,   82,   54,  227,   82,   85,   82,   77,   82,   85,
+-       82,   55,  228,   56,   57,   76,   58,   59,   97,   60,
+-       61,   62,   95,   63,   64, 1121,   65,   66,   67,   68,
+-       69,   88,   96,   81,   81,  127,   82,   85,   82,  128,
+-       89,   90,   82,   85,   82,  185,  185,   91,   82,   85,
+-       82,   82,   85,   82,   77,   98,   91,   82,   85,   82,
+-       82,   85,   82,  147,   82,   85,   82,  148,   89,   90,
+-       82,   85,   82,  225,   91,  172,   82,   99,   82,  173,
+-      100,  229,   91,  101, 1126,   92,   82,   85,   82,  102,
+-
+-      230,  105,  175,   82,  103,   82,  176,  108,  110,  106,
+-      329,  107,  226,  104,   82,   85,   82,  109,   79,   82,
+-       85,   82,   79,   82,   85,   82, 1127,  330,  111,   82,
+-       85,   82,  250,  127,   82,   85,   82,  128,   82,   85,
+-       82,   82,   85,   82,  233,  112,  251, 1128,  113,   82,
+-       85,   82,   82,   85,   82,  114,  115,  118,  116, 1129,
+-      119,   82,  179,   82,  275,  117,  888,  889,  120,  122,
+-      125,  123,  151,  230,  234,  121,  124,  129,  130,  131,
+-      132,  133,  134,  135,  136,  137,  162, 1130,  138,  139,
+-      152,  140,  141,  153,  142,  143,  144,  145,  146,   82,
+-
+-       85,   82,  231,   82,   85,   82,  232,   82,   85,   82,
+-       82,   85,   82, 1131,   82,   85,   82,   82,   85,   82,
+-      315, 1132,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,  316, 1133,  154,   82,   85,   82,   82,   85,   82,
+-       99,  155, 1134,  100,  105,  157,  101,   82,   85,   82,
+-      102,  158,  106,  221,  107,  159,  160,  156, 1135, 1136,
+-      108,   82,   85,   82,  161,  338,  165,  147,  222,  109,
+-      339,  148,  166,  163,  164,  114,  167,   82,  116,   82,
+-       82,   85,   82,  122,  223,  117,   82,  170,   82,   84,
+-       84,  172,  334,  183,  183,  173,  180,  181,  335,  118,
+-
+-       89,   90,  119,  168,  184,  184,  336,  175,  185,  185,
+-      120,  176,  625,   82,   85,   82,  626,  169,  171,   82,
+-       85,   82,  123,  413,  180,  181,  414,  124,   89,   90,
+-      187,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,  188,   82,   85,   82,   82,   85,   82,
+-     1137, 1138,  189,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,  191, 1139, 1140,  192,   82,   85,   82,   82,   85,
+-       82,  190,   82,   85,   82,   82,   85,   82,  347, 1141,
+-      193,   82,   85,   82,   82,   85,   82,  348, 1142,  194,
+-
+-       82,   85,   82,  197,  196,  195, 1143, 1144,  198,   82,
+-       85,   82,  199,   82,   85,   82,   82,   85,   82,  200,
+-      203,  201,   82,  202,   82, 1145,  206,  204,   82,   85,
+-       82, 1146,  205,   82,   85,   82,   82,   85,   82,  236,
+-      208,  207,   82,   85,   82,  237,  238,  211,   82,   85,
+-       82,   82,   85,   82, 1151,  536,  210,  209,   82,   85,
+-       82,  213,  212,  240,  244,  534,  245,  241,  537,  246,
+-      535,  247,   82,   85,   82, 1152,  242,  214,   82,   85,
+-       82,   82,   85,   82,  216,  215,  695,   82,   85,   82,
+-     1153,  696,  217,  219,   82,   85,   82,  218, 1154,  220,
+-
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,  753,  255,   82,   85,   82,
+-     1155,   82,   85,   82, 1156,  257,   82,   85,   82,  754,
+-      256,  258, 1157,  259,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,  260,
+-       82,   85,   82,  264,  261,   82,   85,   82,  263,   82,
+-       85,   82,  178,  178,  203,  262,  265, 1158, 1159,   89,
+-       90,  267,   82,   85,   82,  184,  276,  266,   82,  277,
+-      277, 1162,  268,  270,  185,  185,   82,   85,   82,  278,
+-     1163,  269,   90,  273,  272,  271, 1164,   89,   90,  788,
+-
+-      209,  789,  183,  183,   82,   85,   82, 1165,  274,   89,
+-       90,   82,   85,   82,   82,   85,   82, 1166,  279,  281,
+-       90,  280,   82,   85,   82,   82,   85,   82,  916,   82,
+-       85,   82,   82,   85,   82,  917, 1167,   89,   90,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82, 1168,  282,   82,   85,   82,   82,
+-       85,   82, 1169,  283,  286,   82,   85,   82,   82,   85,
+-       82, 1173,  284,  318,  319,  285,  320,  287, 1160,  290,
+-     1174, 1175,  291,  288,   82,   85,   82,   82,   85,   82,
+-     1176, 1161,  289,   82,   85,   82,  292,  293,   82,   85,
+-
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82, 1177,  294,   82,   85,   82,   82,   85,
+-       82,  295,   82,   85,   82, 1178,   82,   85,   82, 1179,
+-     1180,  297,   82,   85,   82,  296,   82,   85,   82,  300,
+-     1181,  324,  298, 1182,  299,   82,   85,   82, 1183,   82,
+-       85,   82, 1184,  325, 1185,  301,  326,  832,  302, 1186,
+-      306,  833,  303,  304,  307,  305,   82,   85,   82,   82,
+-       85,   82, 1187,  834,  308,   82,   85,   82,   82,   85,
+-       82, 1188,  310,  311,   82,   85,   82,  309,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-
+-       82,   85,   82,   82,   85,   82, 1189,  357,  358,   82,
+-       85,   82,   82,   85,   82, 1192,  356, 1193,  360,   82,
+-       85,   82,  359,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82, 1194,  361,   82,   85,   82,  363,  364, 1195,
+-     1196,  365,   82,   85,   82,   82,   85,   82,  362, 1197,
+-      367,  366,   82, 1198,   82,  277,  277,   82, 1199,   82,
+-      277,  277,   82,   85,   82, 1200,  368,  370,  181,   82,
+-       85,   82,  369,   82,   85,   82, 1201, 1202,  372, 1203,
+-      371,  375, 1204, 1207,  373,   82,   85,   82,   82,   85,
+-       82,  377, 1208,  376, 1209, 1210,  181,   82,   85,   82,
+-
+-       82,   85,   82,   82,   85,   82,  378,  379,  380,  381,
+-     1211,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-      382,   82,   85,   82,  383,  384, 1212, 1213,  386,  385,
+-       82,   85,   82,   82,   85,   82, 1216,  387, 1217,  390,
+-     1218, 1219,  391,   82,   85,   82,  441,  388, 1220,  392,
+-      442, 1223,  389,  443, 1224,  395,  393, 1225, 1227,  396,
+-       82,   85,   82,  397,   82,   85,   82, 1229,  394,   82,
+-
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82, 1231,  186,  398, 1120,  399,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82, 1119,  400,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82, 1118, 1117,  401,   82,
+-       85,   82,  403,   82,   85,   82, 1116, 1115,  404,   82,
+-       85,   82, 1114,  402,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82, 1113, 1112,  451, 1111, 1110,  405, 1109,
+-     1108,  406,  453,   82,   85,   82, 1107,   82,   85,   82,
+-     1106, 1105,  452,  455,   82,   85,   82,   82,   85,   82,
+-     1104,   82,   85,   82, 1103,  454,   82,   85,   82, 1102,
+-
+-     1101,  456,   82,   85,   82, 1100,  458, 1099, 1098,  457,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82, 1097,
+-       82,   85,   82,  389,  459,  462,   82,   85,   82,  396,
+-       82,   85,   82,  460, 1096,  467,   82,   85,   82,  403,
+-      461,   82,   85,   82,  464,  468,  463, 1095, 1088,  469,
+-       82,   85,   82, 1087,  465,  466,  470,   82,   85,   82,
+-     1086,  471, 1085, 1084,  473,  472, 1083,  474,   82,   85,
+-       82,   82,   85,   82,  475,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82, 1082,
+-
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,  476,
+-     1081,  477,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-     1080, 1079,  481,  755,  756,  478,  482,   82,   85,   82,
+-     1078,  479,  757, 1077,  480,   82,   85,   82,  758,  484,
+-      483,   82,   85,   82,   82,   85,   82,  486,   82,   85,
+-       82,  488,   82,   85,   82, 1076,  485,   82,   85,   82,
+-       82,   85,   82, 1075, 1074,  487, 1073,   82,   85,   82,
+-       82,   85,   82,  489,   82,   85,   82, 1072,  491, 1071,
+-     1070,  492,   82,   85,   82, 1069, 1068,  490,   82,   85,
+-
+-       82,  539, 1067,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82, 1066, 1065,
+-      540,  541,   82,   85,   82, 1064,  544,   82,   85,   82,
+-     1063,  542, 1062,  543,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,  553,   82,   85,   82,  547,  545,  546,
+-       82,   85,   82,   82,   85,   82,  483,  563, 1061, 1060,
+-      556,  557,  558,  548,  554, 1052,  549, 1051, 1050,  551,
+-      559,  550, 1049,  560,  555, 1048, 1047,  561,  562, 1046,
+-     1045,  552,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,  565,   82,   85,
+-
+-       82, 1044,  564, 1043, 1042,  567, 1041, 1040,  566,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82, 1039,
+-      568, 1038, 1037,  569,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,  571,   82,   85,   82, 1036, 1035,  570,
+-       82,   85,   82,  581,  582,   82,   85,   82, 1034,  572,
+-       82,   85,   82, 1033,  573,   82,   85,   82, 1032,  583,
+-      584,   82,   85,   82,  585, 1031,  575, 1030,  576, 1029,
+-       82,   85,   82, 1028, 1027,  574, 1026, 1025,  577,   82,
+-
+-       85,   82,   82,   85,   82, 1024, 1023,  630,   82,   85,
+-       82,  578,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82, 1022,  631,   82,   85,   82,  632,  633,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82, 1021, 1012,  634,
+-      635, 1011,  636, 1010, 1009,  637,   82,   85,   82, 1008,
+-     1007,  643,  639, 1006,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,  640, 1005, 1004,  646,  638,   82,   85,
+-       82, 1003, 1002,  641,   82,   85,   82,  642,  644,   82,
+-       85,   82,  647,  645, 1001, 1000,  649,  999,  648,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-
+-       82,   82,   85,   82,  998,  654,  650,   82,   85,   82,
+-      653,   82,   85,   82,   82,   85,   82,  997,  651,  996,
+-      655,  995,  652,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,  656,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,  657,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,  994,  659,
+-       82,   85,   82,  993,  992,  658,   82,   85,   82,  991,
+-      990,  661,   82,   85,   82,  660,  989,  662,   82,   85,
+-       82,  988,  987,  663,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,  716,
+-
+-       82,   85,   82,  986,  985,  714,  984,  983,  715,  982,
+-      718,  717,   82,   85,   82,   82,   85,   82,  981,   82,
+-       85,   82,  719,   82,   85,   82,   82,   85,   82,  980,
+-      979,  720,  968,  967,  721,  966,  965,  728,  964,  963,
+-      727,  723,  722,  726,   82,   85,   82,   82,   85,   82,
+-      962,  961,  724,  960,  725,  730,   82,   85,   82,  959,
+-      958,  729,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,  732,  957,  733,
+-      731,   82,   85,   82,  736,   82,   85,   82,  956,  734,
+-      955,  738,  735,   82,   85,   82,  737,   82,   85,   82,
+-
+-       82,   85,   82,   82,   85,   82,  954,  740,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,  739,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,  953,
+-      952,  741,   82,   85,   82,   82,   85,   82,  742,   82,
+-       85,   82,  951,  950,  792,   82,   85,   82,  790,  949,
+-      948,  791,  947,  946,  793,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,  794,   82,   85,   82,  795,  800,   82,
+-       85,   82,  945,  944,  799,  943,  942,  801,   82,   85,
+-
+-       82,  941,  940,  796,   82,   85,   82,  939,  804,  802,
+-      797,  938,  805,  937,  803,   82,   85,   82,  936,  798,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,  935,
+-      807,  808,  806,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,  934,  933,  811,  812,   82,   85,   82,  918,
+-      810,   82,   85,   82,   82,   85,   82,  915,  914,  809,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,  813,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,  913,  912,  858,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-
+-      867,  866,  911,  862,  910,  860,   82,   85,   82,  859,
+-       82,   85,   82,  865,  909,  861,  908,  863,  868,  907,
+-      864,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-      906,  869,  905,  904,  870,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,  903,  902,  872,  873,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-      871,   82,   85,   82,  901,  875,  900,  899,  874,   82,
+-       85,   82,   82,   85,   82,  898,   82,   85,   82,  876,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,  897,
+-      896,   82,   85,   82,  920,   82,   85,   82,   82,   85,
+-
+-       82,  895,  927,  894,  893,  919,   82,   85,   82,   82,
+-       85,   82,  922,  923,  926,   82,   85,   82,  921,  892,
+-      925,  891,  890,  928,  887,  886,  924,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,  885,  884,  930,  883,  882,  929,   82,   85,
+-       82,  881,  931,   82,   85,   82,   82,   85,   82,  880,
+-      932,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,  879,  878,  976,  877,  970,   82,   85,   82,  857,
+-
+-      856,  977,  855,  975,  969,  854,  973,  971,  853,  978,
+-       82,   85,   82,  972,   82,   85,   82,  852,  974,   82,
+-       85,   82,   82,   85,   82,  851,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,  850,  849, 1013,  848, 1020,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,  847,  846,
+-     1014,  845, 1018,   82,   85,   82, 1019, 1016,   82,   85,
+-       82, 1015, 1017,   82,   85,   82,   82,   85,   82,   82,
+-       85,   82,   82,   85,   82,  844,  843, 1053,  842, 1055,
+-       82,   85,   82,  841, 1054,   82,   85,   82,   82,   85,
+-
+-       82, 1056,   82,   85,   82,   82,   85,   82, 1057,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,  840, 1058,
+-       82,   85,   82,  839, 1059,   82,   85,   82,  838,  837,
+-     1123,  836,   82,   85,   82,  835,  831, 1089,  830, 1091,
+-      829, 1090,  828, 1093, 1092,  827,  826, 1094, 1122,   82,
+-       85,   82,   82,   85,   82,   82,   85,   82,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-       82,   85,   82,   82,   85,   82, 1124, 1125,   82,   85,
+-       82,   82,   85,   82,   82,   85,   82,   82,   85,   82,
+-     1147,   82,   85,   82,   82,   85,   82,  825,  824, 1150,
+-
+-       82,   85,   82,  823, 1148,   82,   85,   82, 1149,   82,
+-       85,   82, 1170, 1215,  822,  821, 1171,   82,   85,   82,
+-       82,   85,   82, 1172,   82,   85,   82,  820, 1191, 1190,
+-       82,   85,   82, 1205,  819,  818, 1206,   82,   85,   82,
+-      817, 1214,  816, 1222,   82,   85,   82,   82,   85,   82,
+-      815, 1221,  814,  787,  786,  785,  784,  783,  782,  781,
+-      780, 1228,  779,  778,  777,  776, 1226,  775,  774,  773,
+-      772,  771,  770,  769, 1230, 1232,  768,  767,  766,  765,
+-      764,  763,  762,  761,  760,  759,  752,  751,  750,  749,
+-      748,  747,  746, 1233,   45,   45,   45,   45,   49,   49,
+-
+-       49,   49,   75,   75,   75,   75,   78,   78,   78,   78,
+-       85,   85,   94,   94,  182,  745,  182,  182,  744,  743,
+-      713,  712,  711,  710,  709,  708,  707,  706,  705,  704,
+-      703,  702,  701,  700,  699,  698,  697,  694,  693,  692,
++       24,   23,   25,   26,   23,   27,   23,   23,   23,   23,
++       23,   23,   23,   12,   23,   23,   28,   29,   30,   31,
++       32,   23,   23,   33,   23,   34,   23,   35,   36,   37,
++       23,   38,   39,   40,   41,   42,   23,   23,   23,   43,
++       44,   48,   47,   51,   45,   49,   51,   72,   78,  351,
++       52,   73,   75,   52,   53,   81,   76,   88,   74,   81,
++       82,   89,   83,   83,   84,   87,   84,  352,   54,   84,
++
++       85,   84,   86,   86,  182,  182,   84,   87,   84,   84,
++       87,   84,   55,   84,   87,   84,  130,   79,  150,  232,
++      131,   56,  151,   57,   58, 1146,   59,   60,  233,   61,
++       62,   63,   97,   64,   65,   66,   67,   68,   69,   70,
++       71,   90,  255,   83,   83, 1152,   99,   84,   87,   84,
++       91,   92,   84,   87,   84,   78,  256,   93,   84,   87,
++       84,  100,   84,   87,   84,   98,   93,   84,   87,   84,
++       84,   87,   84,   84,   87,   84,  189,  189,   91,   92,
++       84,   87,   84,   84,   93,   84,   84,   87,   84,   84,
++       87,   84,   93, 1153,   79,   94,   84,   87,   84,  101,
++
++       84,   87,   84,  102,  108,  105,  103,  176,   84,  104,
++       84,  177,  109,  106,  110,   84,   87,   84,  230,  111,
++      113,  336,  107,   84,   87,   84, 1154,  112,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,  114,  337,  179,
++      234,  117,  118,  180,  119,  115,   81,  231,  116,  235,
++       81,  120,  547,  121,  281,  322,  122,   84,   87,   84,
++       84,   87,   84,  235,  123,  548,  323,  128,  154,  125,
++      126,  124,   84,   87,   84,  127,  132,  133,  134,  135,
++      136,  137,  138,  139,  140,  130, 1155,  141,  142,  131,
++      143,  144, 1156,  145,  146,  147,  148,  149,   84,   87,
++
++       84,   84,   87,   84,  156,  226,  155,   84,   87,   84,
++      158, 1157,   84,   87,   84,   84,   87,   84,  238,  105,
++      227,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++      936,  331,  157,   84,   87,   84,  228,  937,  161,  102,
++      236,  108,  103,  332,  237,  104,  333,  111,  239,  109,
++      160,  110,  150,  162,  159,  163,  151,  345,  165,   84,
++       87,   84,  346,  164,   84,   87,   84, 1158,  112,   84,
++       87,   84,   84,  183,   84,  166,  167,   84,   87,   84,
++      245,   84,  115,   84,  246,  116,   84,   87,   84,  168,
++      188,  188,  176,  247,  189,  189,  177,  169,   84,   87,
++
++       84,   84,  170,   84,  545,  117,  171,  121,  119,  546,
++      122,  172,  187,  187,  805,  120,  806,  179,  123,   91,
++       92,  180,  638,  125,  175,  173,  639,  174,  126,   84,
++       87,   84,   84,  127,   84,   86,   86, 1159,  241,   84,
++       87,   84,  184,  185,  242,  243,  191,   91,   92,   84,
++       87,   84, 1160,   84,   87,   84,   84,   87,   84,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,  908,  909,
++      184,  185,  192,  193,  194,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,  196, 1161, 1162,  197,   84,   87,   84,
++
++       84,   87,   84,  195,   84,   87,   84,   84,   87,   84,
++     1163,  198,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,  199,  202,  201,
++      200, 1164, 1165,  203,   84,   87,   84,  204,  354,   84,
++       87,   84,   84,   87,   84,  208,  206,  355,  205,  207,
++      211,   84,   87,   84,  209,  710,   84,   87,   84,  210,
++      711,  213,   84,   87,   84,  212,  325,  326,  216,  327,
++     1166,  215,   84,   87,   84,   84,   87,   84,  214,   84,
++       87,   84, 1167,  217,  218,  249,  422,  250,  770,  423,
++      251,  219,  252,   84,   87,   84,   84,   87,   84,   84,
++
++       87,   84,  771,  220,  221,   84,   87,   84,   84,   87,
++       84, 1168,  222,   84,   87,   84, 1169,  224, 1170, 1171,
++      225,  223,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,  260,   84,   87,
++       84, 1172, 1177,  262,   84,   87,   84,  264,  261,  263,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,   84,
++       87,   84,  265,   84,   87,   84,   84,   87,   84, 1178,
++      269, 1179, 1180,  266,   84,   87,   84,  268,   84,   87,
++       84, 1181,  208,  270,  267, 1182,  273,  272,   84,   87,
++       84,  182,  182,  450, 1183,  271, 1184,  451,   91,   92,
++
++      452,  274, 1185,  276,  188,  282, 1186,   84,  283,  283,
++      275,  277, 1188,  189,  189, 1189,  279,  187,  187, 1187,
++      214,   92,  278, 1190,   91,   92,   91,   92,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,  280,   84,   87,
++       84,   84,   87,   84, 1191,  284, 1192, 1193,  286,   92,
++     1194,  287,   91,   92,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,   84,   87,   84,   84,   87,   84, 1195,
++     1199,  288,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,  285,   84,   87,   84,  289,   84,   87,   84,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,  293,   84,
++
++       87,   84, 1200,  290,   84,   87,   84,  291, 1201, 1202,
++      292,  294,  297,   84,   87,   84,  295,   84,   87,   84,
++      298,   84,   87,   84, 1203,  296,   84,   87,   84,  299,
++      300,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84, 1204,  301,   84,   87,   84,   84,   87,
++       84, 1205,  302, 1206, 1207,  303, 1208,  304,   84,   87,
++       84,   84,   87,   84,  307, 1209,  305,  306,   84,   87,
++       84,   84,   87,   84, 1210,   84,   87,   84,   84,   87,
++       84,  341,  308, 1211, 1212,  309,  313,  342,  311,  310,
++     1213, 1214,  312, 1215, 1218,  343,  314,   84,   87,   84,
++
++       84,   87,   84,  315,   84,   87,   84, 1219,  317,  318,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,  316,
++       84,   87,   84,   84,   87,   84, 1220, 1221,  363,   84,
++       87,   84, 1222,  365, 1223,  364, 1224,   84,   87,   84,
++       84,   87,   84, 1225,  367,   84,   87,   84,  366,   84,
++       87,   84, 1226,   84,   87,   84, 1227, 1228,  368,   84,
++       87,   84, 1229,  370,   84,   87,   84,  371,   84,   87,
++       84,   84,   87,   84,  369,  372, 1230,  851,   84,   87,
++       84,  852,  373,  374,   84,   87,   84,   84, 1233,   84,
++      283,  283,   84,  853,   84,  283,  283, 1234, 1235,  375,
++
++      376, 1236, 1237,  185, 1238, 1239,  378, 1242, 1243,  379,
++      377,  380,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84, 1244, 1245,   84,   87,   84, 1246,
++      384,  185,  386, 1249,  381,   84,   87,   84,   84,   87,
++       84,  385,   84,   87,   84, 1250, 1251,  387,  388,  389,
++      390,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++     1253,   84,   87,   84, 1255,  383,   84,   87,   84,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++     1257,  190,  391,   84,   87,   84, 1145, 1144,  393,   84,
++
++       87,   84,  392,  394,  395,   84,   87,   84,   84,   87,
++       84, 1143, 1142,  396, 1141,  399, 1140, 1139,  400,   84,
++       87,   84, 1138,  397, 1137,  401, 1136, 1135,  398,   84,
++       87,   84,   84,   87,   84,  402,   84,   87,   84,  404,
++     1134,  406, 1133,  405,   84,   87,   84,   84,   87,   84,
++      403,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,   84,   87,   84, 1132, 1131,  409,  407,
++     1130,  408,   84,   87,   84,   84,   87,   84,  772,  773,
++      410,   84,   87,   84,   84,   87,   84,  774,  412,   84,
++       87,   84, 1129,  775,  413,   84,   87,   84,  411,   84,
++
++       87,   84,   84,   87,   84,   84,   87,   84, 1128,  414,
++      460, 1127,  415,   84,   87,   84, 1126,  462,   84,   87,
++       84,   84,   87,   84,   84,   87,   84, 1125, 1124,  464,
++      461,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++     1123,  463,   84,   87,   84, 1122,  465,   84,   87,   84,
++     1121,  467, 1120, 1112,  466,   84,   87,   84,   84,   87,
++       84, 1111, 1110,  398, 1109,  468, 1108, 1107,  472, 1106,
++      469, 1105,  405, 1104,  470,   84,   87,   84, 1103,  412,
++     1102,  474, 1101, 1100,  471, 1099, 1098,  473,   84,   87,
++       84,  475, 1097, 1096,  478, 1095, 1094,  476, 1093, 1092,
++
++      477,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,  479,   84,   87,   84,   84,   87,   84,
++      480,   84,   87,   84,   84,   87,   84,  482,  484, 1091,
++     1090,  485, 1089, 1088,  481,   84,   87,   84,  486,  483,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,   84,   87,
++       84, 1087,  487,   84,   87,   84,   84,   87,   84, 1086,
++     1085,  488,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84, 1084,  492, 1075, 1074,  489, 1073,  493,
++
++       84,   87,   84,  490, 1072, 1071,  491,   84,   87,   84,
++     1070, 1069,  495,   84,   87,   84,  494,   84,   87,   84,
++      497,   84,   87,   84,  499,   84,   87,   84, 1068,  496,
++       84,   87,   84,   84,   87,   84, 1067, 1066,  498, 1065,
++       84,   87,   84, 1064, 1063,  500,   84,   87,   84, 1062,
++     1061,  502, 1060, 1059,  503,   84,   87,   84, 1058,  501,
++       84,   87,   84, 1057,  550,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84, 1056, 1055,   84,
++       87,   84, 1054,  551,  552,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,  555, 1053, 1052,  553, 1051,   84,
++
++       87,   84, 1050, 1049,  554,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,  557,  556,  558,  559,   84,   87,
++       84,   84,   87,   84,  566,   84,   87,   84, 1048,  494,
++     1047, 1046,  569,  570,  571,  567,  560, 1045, 1044,  561,
++      562,  563,  572, 1034, 1033,  573,   84,   87,   84,  574,
++      575,  568,  564,  576,   84,   87,   84,   84,   87,   84,
++       84,   87,   84, 1032, 1031,  565,   84,   87,   84,  578,
++       84,   87,   84, 1030,  577,   84,   87,   84, 1029, 1028,
++      579,   84,   87,   84,  580,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++
++       84,   87,   84,   84,   87,   84,   84,   87,   84,   84,
++       87,   84,   84,   87,   84,  582, 1027,  581,   84,   87,
++       84,   84,   87,   84,  594,  595,  584,   84,   87,   84,
++     1026, 1025,  583,   84,   87,   84,   84,   87,   84, 1024,
++      596,  597,  585, 1023, 1022,  598, 1021,  586,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,  588, 1020,  589,
++       84,   87,   84,  587,   84,   87,   84,   84,   87,   84,
++     1019,  590,   84,   87,   84,   84,   87,   84,  643,   84,
++       87,   84, 1018, 1017,  591,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,  646, 1016, 1015,
++
++      644, 1014,  645, 1013,  647,  648,  649,   84,   87,   84,
++     1012, 1011,  651,   84,   87,   84,   84,   87,   84,   84,
++       87,   84,  653,   84,   87,   84,   84,   87,   84, 1010,
++     1009,  654,  650,  658,   84,   87,   84,  652, 1008,  655,
++      661,   84,   87,   84,   84,   87,   84,  659,   84,   87,
++       84,  657,  660,  656, 1007,  662, 1006, 1005,  663,   84,
++       87,   84,   84,   87,   84,  665,  664,   84,   87,   84,
++       84,   87,   84, 1004,   84,   87,   84,  669,   84,   87,
++       84, 1003,  668,   84,   87,   84, 1002, 1001,  666,   84,
++       87,   84,  667,  670,   84,   87,   84,   84,   87,   84,
++
++       84,   87,   84,  671,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,  989,  672,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++      674,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++      673,  988,  676,   84,   87,   84,  675,  987,  677,   84,
++       87,   84,   84,   87,   84,  678,   84,   87,   84,   84,
++       87,   84,   84,   87,   84,  986,  985,  731,  984,  983,
++      732,   84,   87,   84,   84,   87,   84,  729,  982,  730,
++      981,  733,   84,   87,   84,  980,  979,  734,   84,   87,
++       84,   84,   87,   84,  736,  978,  735,   84,   87,   84,
++
++       84,   87,   84,  737,   84,   87,   84,   84,   87,   84,
++      977,  738,   84,   87,   84,  743,  739,  744,  745,  976,
++      747,  746,  975,  974,  741,  973,  740,   84,   87,   84,
++      742,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,   84,   87,   84,  749,  972,  750,  971,
++      970,  748,  969,  753,   84,   87,   84,  968,  751,  967,
++      966,  752,   84,   87,   84,   84,   87,   84,  755,  754,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,  965,
++      757,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,   84,   87,   84,  964,  963,  756,   84,
++
++       87,   84,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,  758,   84,   87,   84,   84,   87,
++       84,  759,   84,   87,   84,   84,   87,   84,  962,  809,
++      961,  807,   84,   87,   84,  960,  959,  808,  958,  810,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,  957,
++      956,  811,   84,   87,   84,   84,   87,   84,  955,  954,
++      812,  938,  935,  813,  934,   84,   87,   84,  933,   84,
++       87,   84,   84,   87,   84,  818,  819,   84,   87,   84,
++      814,   84,   87,   84,  932,  815,  820,  931,   84,   87,
++       84,   84,   87,   84,  816,  930,  929,  817,  823,  824,
++
++      928,  927,  821,   84,   87,   84,  822,   84,   87,   84,
++       84,   87,   84,   84,   87,   84,  926,  826,  827,  925,
++      825,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++      924,  923,  830,  831,   84,   87,   84,  922,  829,   84,
++       87,   84,   84,   87,   84,  921,  828,   84,   87,   84,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,  920,
++      832,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++      919,  918,  877,   84,   87,   84,   84,   87,   84,  917,
++      916,   84,   87,   84,   84,   87,   84,  915,  914,  879,
++      882,  878,  913,  912,  886,   84,   87,   84,  911,  880,
++
++      910,  887,  907,  906,  881,  883,  885,   84,   87,   84,
++      905,  884,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,  904,  903,  888,   84,   87,   84,  902,  889,   84,
++       87,   84,  901,  900,  890,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,  899,  898,  892,  893,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++      891,   84,   87,   84,  897,  895,  876,  875,  894,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,  874,  896,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,   84,
++       87,   84,  873,  872,  940,  871,   84,   87,   84,   84,
++
++       87,   84,   84,   87,   84,  939,  948,  870,  943,   84,
++       87,   84,  942,   84,   87,   84,  869,  944,  941,  947,
++       84,   87,   84,  946,   84,   87,   84,  949,  868,  945,
++      867,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,  866,  950,  951,   84,   87,   84,   84,
++       87,   84,  865,  952,   84,   87,   84,   84,   87,   84,
++      864,  953,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,  863,   84,   87,   84,   84,   87,   84,
++      862,  991,  861,  860,  998,   84,   87,   84,  994,   84,
++
++       87,   84,  990,  999,  997,  992,  859,  995,  858,  993,
++      857, 1000,   84,   87,   84,   84,   87,   84,  856,  996,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,  855, 1035,  854,  850, 1043,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,   84,   87,
++       84, 1036,   84,   87,   84, 1041,  849,  848, 1038, 1042,
++     1039,  847, 1037,  846,  845, 1040,   84,   87,   84,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,  844,  843,
++     1076,  842, 1078,   84,   87,   84,  841, 1077,  840,  839,
++
++     1079,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++      838,   84,   87,   84, 1080,   84,   87,   84,  837, 1081,
++       84,   87,   84,  836,   84,   87,   84,  835, 1082,   84,
++       87,   84,  834, 1083,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,   84,   87,   84,   84,   87,   84, 1117,
++     1148, 1115,   84,   87,   84, 1114, 1113, 1116, 1118,   84,
++       87,   84,   84,   87,   84,   84,   87,   84,  833,  804,
++     1147, 1119,   84,   87,   84,   84,   87,   84,   84,   87,
++       84,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++      803,  802, 1150,  801, 1149,  800,  799, 1151,  798,  797,
++
++     1173,   84,   87,   84,   84,   87,   84,   84,   87,   84,
++       84,   87,   84,  796, 1174,  795, 1176,   84,   87,   84,
++      794,  793, 1175,   84,   87,   84,   84,   87,   84, 1196,
++       84,   87,   84, 1197,   84,   87,   84,   84,   87,   84,
++       84,   87,   84, 1241,   84,   87,   84,   84,   87,   84,
++      792, 1198,  791,  790, 1217, 1216,   84,   87,   84, 1231,
++       84,   87,   84,   84,   87,   84,   84,   87,   84,  789,
++      788, 1248, 1232, 1240,  787,  786,  785,  784,  783,  782,
++     1247,  781,  780,  779, 1254,  778,  777,  776,  769,  768,
++     1252,  767,  766,  765,  764,  763,  762,  761, 1258,  760,
++
++     1256,  728,  727,  726,  725,  724,  723,  722,  721,  720,
++      719,  718, 1259,   46,   46,   46,   46,   50,   50,   50,
++       50,   77,   77,   77,   77,   80,   80,   80,   80,   87,
++       87,   96,   96,  186,  717,  186,  186,  716,  715,  714,
++      713,  712,  709,  708,  707,  706,  705,  704,  703,  702,
++      701,  700,  699,  698,  697,  696,  695,  694,  693,  692,
+       691,  690,  689,  688,  687,  686,  685,  684,  683,  682,
+-      681,  680,  679,  678,  677,  676,  675,  674,  673,  672,
+-      671,  670,  669,  668,  667,  666,  665,  664,  629,  628,
+-      627,  624,  623,  622,  621,  620,  619,  618,  617,  616,
+-      615,  614,  613,  612,  611,  610,  609,  608,  607,  606,
+-      605,  604,  603,  602,  601,  600,  599,  598,  597,  596,
+-
+-      595,  594,  593,  592,  591,  590,  589,  588,  587,  586,
+-      580,  579,  538,  533,  532,  531,  530,  529,  528,  527,
+-      526,  525,  524,  523,  522,  521,  520,  519,  518,  517,
+-      516,  515,  514,  513,  512,  511,  510,  509,  508,  507,
+-      506,  505,  504,  503,  502,  501,  500,  499,  498,  497,
+-      496,  495,  494,  493,  450,  449,  448,  447,  446,  445,
+-      444,  440,  439,  438,  437,  436,  435,  434,  433,  432,
+-      431,  430,  429,  428,  427,  426,  425,  424,  423,  422,
+-      421,  420,  419,  418,  417,  416,  415,  412,  411,  410,
+-      409,  408,  407,  374,  355,  354,  353,  352,  351,  350,
+-
+-      349,  346,  343,  342,  341,  340,  337,  333,  332,  331,
+-      328,  327,  323,  322,  321,  317,  314,  313,  312,  177,
+-      230,  174,  254,  149,  253,  252,  249,  248,  243,  239,
+-      235,  224, 1234, 1234,  177,  174,  150,  149,  126,   93,
+-     1234, 1234,   72,   46,   11, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
++      681,  680,  679,  642,  641,  640,  637,  636,  635,  634,
++      633,  632,  631,  630,  629,  628,  627,  626,  625,  624,
++      623,  622,  621,  620,  619,  618,  617,  616,  615,  614,
++
++      613,  612,  611,  610,  609,  608,  607,  606,  605,  604,
++      603,  602,  601,  600,  599,  593,  592,  549,  544,  543,
++      542,  541,  540,  539,  538,  537,  536,  535,  534,  533,
++      532,  531,  530,  529,  528,  527,  526,  525,  524,  523,
++      522,  521,  520,  519,  518,  517,  516,  515,  514,  513,
++      512,  511,  510,  509,  508,  507,  506,  505,  504,  459,
++      458,  457,  456,  455,  454,  453,  449,  448,  447,  446,
++      445,  444,  443,  442,  441,  440,  439,  438,  437,  436,
++      435,  434,  433,  432,  431,  430,  429,  428,  427,  426,
++      425,  424,  421,  420,  419,  418,  417,  416,  382,  362,
++
++      361,  360,  359,  358,  357,  356,  353,  350,  349,  348,
++      347,  344,  340,  339,  338,  335,  334,  330,  329,  328,
++      324,  321,  320,  319,  181,  235,  178,  259,  152,  258,
++      257,  254,  253,  248,  244,  240,  229, 1260, 1260,  181,
++      178,  153,  152,  129,   95, 1260, 1260,   74,   47,   11,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
+ 
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260
+     } ;
+ 
+-static yyconst flex_int16_t yy_chk[2916] =
++static const flex_int16_t yy_chk[3021] =
+     {   0,
+         1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+         1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+@@ -1169,320 +1177,331 @@ static yyconst flex_int16_t yy_chk[2916]
+         1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+         1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+         1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+-        2,    4,    4,    5,    2,    4,    6,    8,   15,  245,
++        2,    4,    4,    5,    2,    4,    6,    8,   15,  250,
+         5,    8,   10,    6,    7,   16,   10,   19,   10,   16,
+-       17,   19,   17,   17,   23,   23,   23,  245,    7,   18,
++       17,   19,   17,   17,   23,   23,   23,  250,    7,   18,
+ 
+-       18,   18,   18,   18,   80,   80,   24,   24,   24,   25,
+-       25,   25,    7,  132,   26,   26,   26,   15,   27,   27,
+-       27,    7,  132,    7,    7,   75,    7,    7,   26,    7,
+-        7,    7,   24,    7,    7, 1088,    7,    7,    7,    7,
+-        7,   20,   25,   20,   20,   43,   28,   28,   28,   43,
+-       20,   20,   29,   29,   29,  184,  184,   20,   30,   30,
+-       30,   32,   32,   32,   75,   27,   20,   31,   31,   31,
+-       33,   33,   33,   47,   34,   34,   34,   47,   20,   20,
+-       35,   35,   35,  131,   20,   70,   82,   28,   82,   70,
+-       28,  133,   20,   28, 1096,   20,   36,   36,   36,   29,
+-
+-      133,   31,   73,   85,   30,   85,   73,   32,   34,   31,
+-      233,   31,  131,   30,   37,   37,   37,   33,   78,   38,
+-       38,   38,   78,   39,   39,   39, 1097,  233,   35,   40,
+-       40,   40,  144,  127,   41,   41,   41,  127,   53,   53,
+-       53,   54,   54,   54,  135,   36,  144, 1098,   36,   55,
+-       55,   55,   63,   63,   63,   37,   37,   38,   37, 1099,
+-       38,   83,   83,   83,  177,   37,  825,  825,   38,   39,
+-       41,   40,   53,  177,  135,   38,   40,   44,   44,   44,
+-       44,   44,   44,   44,   44,   44,   63, 1100,   44,   44,
+-       54,   44,   44,   55,   44,   44,   44,   44,   44,   56,
+-
+-       56,   56,  134,   57,   57,   57,  134,   59,   59,   59,
+-       58,   58,   58, 1102,   60,   60,   60,   61,   61,   61,
+-      224, 1103,   62,   62,   62,   64,   64,   64,   65,   65,
+-       65,  224, 1104,   56,   66,   66,   66,   68,   68,   68,
+-       56,   57, 1105,   56,   58,   59,   56,   94,   94,   94,
+-       57,   60,   58,  129,   58,   61,   62,   58, 1106, 1109,
+-       60,   67,   67,   67,   62,  240,   65,  147,  129,   62,
+-      240,  147,   66,   64,   64,   66,   66,  179,   66,  179,
+-       69,   69,   69,   68,  129,   66,   84,   68,   84,   84,
+-       84,  172,  238,   88,   88,  172,   84,   84,  238,   67,
+-
+-       88,   88,   67,   67,   89,   89,  238,  175,   89,   89,
+-       67,  175,  535,   95,   95,   95,  535,   67,   69,   96,
+-       96,   96,   69,  319,   84,   84,  319,   69,   88,   88,
+-       95,   97,   97,   97,   98,   98,   98,   99,   99,   99,
+-      100,  100,  100,   96,  101,  101,  101,  102,  102,  102,
+-     1110, 1111,   97,  103,  103,  103,  104,  104,  104,  105,
+-      105,  105,  106,  106,  106,  107,  107,  107,  108,  108,
+-      108,   99, 1112, 1113,  100,  109,  109,  109,  110,  110,
+-      110,   98,  111,  111,  111,  112,  112,  112,  247, 1114,
+-      101,  113,  113,  113,  114,  114,  114,  247, 1116,  102,
+-
+-      115,  115,  115,  105,  104,  103, 1117, 1118,  106,  116,
+-      116,  116,  107,  117,  117,  117,  118,  118,  118,  108,
+-      111,  109,  181,  110,  181, 1120,  113,  112,  119,  119,
+-      119, 1121,  112,  120,  120,  120,  121,  121,  121,  137,
+-      115,  114,  122,  122,  122,  137,  137,  117,  123,  123,
+-      123,  124,  124,  124, 1126,  449,  116,  115,  125,  125,
+-      125,  118,  117,  139,  141,  448,  141,  139,  449,  141,
+-      448,  141,  151,  151,  151, 1127,  139,  119,  152,  152,
+-      152,  153,  153,  153,  121,  120,  611,  154,  154,  154,
+-     1128,  611,  122,  124,  155,  155,  155,  123, 1129,  125,
+-
+-      156,  156,  156,  157,  157,  157,  158,  158,  158,  159,
+-      159,  159,  160,  160,  160,  675,  151,  161,  161,  161,
+-     1130,  162,  162,  162, 1131,  153,  163,  163,  163,  675,
+-      152,  154, 1132,  155,  164,  164,  164,  165,  165,  165,
+-      166,  166,  166,  167,  167,  167,  169,  169,  169,  156,
+-      168,  168,  168,  161,  157,  170,  170,  170,  160,  171,
+-      171,  171,  178,  178,  163,  159,  162, 1133, 1134,  178,
+-      178,  164,  187,  187,  187,  180,  180,  163,  180,  180,
+-      180, 1137,  165,  167,  185,  185,  189,  189,  189,  187,
+-     1138,  166,  185,  170,  169,  168, 1140,  178,  178,  713,
+-
+-      167,  713,  183,  183,  188,  188,  188, 1142,  171,  183,
+-      183,  190,  190,  190,  191,  191,  191, 1143,  188,  189,
+-      185,  188,  192,  192,  192,  193,  193,  193,  856,  194,
+-      194,  194,  195,  195,  195,  856, 1144,  183,  183,  196,
+-      196,  196,  197,  197,  197,  198,  198,  198,  199,  199,
+-      199,  200,  200,  200, 1145,  190,  201,  201,  201,  202,
+-      202,  202, 1146,  191,  194,  203,  203,  203,  204,  204,
+-      204, 1151,  192,  226,  226,  193,  226,  195, 1135,  198,
+-     1152, 1154,  199,  196,  205,  205,  205,  206,  206,  206,
+-     1155, 1135,  197,  207,  207,  207,  201,  202,  208,  208,
+-
+-      208,  209,  209,  209,  210,  210,  210,  211,  211,  211,
+-      212,  212,  212, 1156,  203,  213,  213,  213,  214,  214,
+-      214,  204,  215,  215,  215, 1157,  216,  216,  216, 1158,
+-     1160,  206,  217,  217,  217,  205,  218,  218,  218,  209,
+-     1161,  230,  207, 1162,  208,  219,  219,  219, 1163,  220,
+-      220,  220, 1164,  230, 1165,  210,  230,  761,  211, 1166,
+-      215,  761,  212,  213,  216,  214,  255,  255,  255,  256,
+-      256,  256, 1167,  761,  217,  257,  257,  257,  258,  258,
+-      258, 1168,  219,  220,  259,  259,  259,  218,  260,  260,
+-      260,  261,  261,  261,  262,  262,  262,  263,  263,  263,
+-
+-      264,  264,  264,  265,  265,  265, 1169,  256,  257,  266,
+-      266,  266,  267,  267,  267, 1173,  255, 1174,  259,  268,
+-      268,  268,  258,  269,  269,  269,  270,  270,  270,  271,
+-      271,  271, 1175,  260,  274,  274,  274,  263,  264, 1176,
+-     1178,  265,  272,  272,  272,  273,  273,  273,  262, 1179,
+-      267,  266,  276, 1180,  276,  276,  276,  277, 1181,  277,
+-      277,  277,  278,  278,  278, 1183,  268,  271,  277,  279,
+-      279,  279,  270,  280,  280,  280, 1185, 1186,  273, 1187,
+-      272,  279, 1189, 1194,  274,  281,  281,  281,  282,  282,
+-      282,  281, 1197,  280, 1198, 1199,  277,  283,  283,  283,
+-
+-      284,  284,  284,  285,  285,  285,  281,  281,  281,  281,
+-     1200,  286,  286,  286,  287,  287,  287,  288,  288,  288,
+-      289,  289,  289,  290,  290,  290,  291,  291,  291,  292,
+-      292,  292,  293,  293,  293,  294,  294,  294,  295,  295,
+-      295,  296,  296,  296,  297,  297,  297,  298,  298,  298,
+-      284,  299,  299,  299,  285,  286, 1201, 1202,  289,  288,
+-      300,  300,  300,  301,  301,  301, 1208,  290, 1209,  294,
+-     1210, 1212,  295,  302,  302,  302,  347,  291, 1213,  296,
+-      347, 1217,  293,  347, 1218,  299,  297, 1219, 1224,  299,
+-      303,  303,  303,  300,  304,  304,  304, 1227,  298,  305,
+-
+-      305,  305,  306,  306,  306,  307,  307,  307,  308,  308,
+-      308, 1229, 1242,  301, 1087,  302,  309,  309,  309,  310,
+-      310,  310,  311,  311,  311, 1086,  303,  356,  356,  356,
+-      357,  357,  357,  358,  358,  358, 1085, 1083,  304,  359,
+-      359,  359,  307,  360,  360,  360, 1082, 1081,  308,  361,
+-      361,  361, 1080,  305,  362,  362,  362,  363,  363,  363,
+-      364,  364,  364, 1079, 1077,  356, 1076, 1075,  309, 1074,
+-     1073,  311,  359,  365,  365,  365, 1072,  366,  366,  366,
+-     1071, 1070,  358,  361,  367,  367,  367,  368,  368,  368,
+-     1069,  369,  369,  369, 1068,  360,  370,  370,  370, 1067,
+-
+-     1066,  362,  371,  371,  371, 1065,  364, 1064, 1063,  363,
+-      372,  372,  372,  373,  373,  373,  375,  375,  375, 1062,
+-      376,  376,  376,  365,  366,  369,  378,  378,  378,  369,
+-      377,  377,  377,  367, 1061,  375,  380,  380,  380,  371,
+-      368,  379,  379,  379,  372,  376,  370, 1060, 1052,  377,
+-      381,  381,  381, 1051,  372,  373,  378,  382,  382,  382,
+-     1050,  379, 1049, 1048,  381,  380, 1045,  381,  383,  383,
+-      383,  384,  384,  384,  381,  385,  385,  385,  386,  386,
+-      386,  387,  387,  387,  388,  388,  388,  389,  389,  389,
+-      390,  390,  390,  391,  391,  391,  392,  392,  392, 1044,
+-
+-      393,  393,  393,  394,  394,  394,  395,  395,  395,  384,
+-     1043,  385,  396,  396,  396,  397,  397,  397,  398,  398,
+-      398,  399,  399,  399,  400,  400,  400,  401,  401,  401,
+-     1042, 1041,  392,  677,  677,  389,  393,  402,  402,  402,
+-     1039,  390,  677, 1038,  391,  403,  403,  403,  677,  396,
+-      395,  404,  404,  404,  405,  405,  405,  399,  406,  406,
+-      406,  401,  451,  451,  451, 1037,  397,  452,  452,  452,
+-      453,  453,  453, 1036, 1035,  400, 1034,  454,  454,  454,
+-      455,  455,  455,  403,  456,  456,  456, 1033,  405, 1032,
+-     1031,  406,  457,  457,  457, 1030, 1029,  404,  458,  458,
+-
+-      458,  452, 1028,  459,  459,  459,  460,  460,  460,  461,
+-      461,  461,  462,  462,  462,  463,  463,  463, 1027, 1026,
+-      453,  454,  464,  464,  464, 1025,  457,  465,  465,  465,
+-     1024,  455, 1023,  456,  466,  466,  466,  467,  467,  467,
+-      468,  468,  468,  467,  469,  469,  469,  461,  458,  459,
+-      471,  471,  471,  470,  470,  470,  462,  471, 1022, 1021,
+-      470,  470,  470,  462,  468, 1012,  463, 1011, 1010,  465,
+-      470,  464, 1009,  470,  469, 1007, 1006,  470,  470, 1005,
+-     1004,  466,  472,  472,  472,  473,  473,  473,  474,  474,
+-      474,  475,  475,  475,  476,  476,  476,  473,  477,  477,
+-
+-      477, 1003,  472, 1002, 1001,  475,  999,  998,  474,  478,
+-      478,  478,  479,  479,  479,  480,  480,  480,  481,  481,
+-      481,  482,  482,  482,  483,  483,  483,  484,  484,  484,
+-      485,  485,  485,  486,  486,  486,  487,  487,  487,  997,
+-      477,  996,  995,  478,  488,  488,  488,  489,  489,  489,
+-      490,  490,  490,  480,  491,  491,  491,  994,  993,  479,
+-      492,  492,  492,  495,  495,  539,  539,  539,  992,  481,
+-      540,  540,  540,  991,  483,  541,  541,  541,  990,  495,
+-      495,  542,  542,  542,  495,  989,  489,  988,  490,  987,
+-      543,  543,  543,  986,  985,  488,  984,  983,  491,  544,
+-
+-      544,  544,  545,  545,  545,  982,  981,  539,  546,  546,
+-      546,  492,  547,  547,  547,  548,  548,  548,  549,  549,
+-      549,  980,  540,  550,  550,  550,  541,  543,  551,  551,
+-      551,  552,  552,  552,  553,  553,  553,  979,  968,  544,
+-      545,  967,  546,  966,  965,  547,  554,  554,  554,  964,
+-      963,  553,  549,  962,  555,  555,  555,  556,  556,  556,
+-      557,  557,  557,  550,  961,  960,  557,  548,  558,  558,
+-      558,  959,  958,  551,  559,  559,  559,  552,  555,  560,
+-      560,  560,  558,  556,  957,  956,  560,  955,  559,  561,
+-      561,  561,  562,  562,  562,  563,  563,  563,  564,  564,
+-
+-      564,  565,  565,  565,  954,  564,  561,  566,  566,  566,
+-      563,  567,  567,  567,  568,  568,  568,  953,  562,  951,
+-      565,  950,  562,  569,  569,  569,  570,  570,  570,  571,
+-      571,  571,  566,  572,  572,  572,  573,  573,  573,  574,
+-      574,  574,  567,  575,  575,  575,  576,  576,  576,  577,
+-      577,  577,  578,  578,  578,  630,  630,  630,  949,  569,
+-      631,  631,  631,  947,  946,  568,  632,  632,  632,  945,
+-      944,  572,  634,  634,  634,  570,  943,  574,  633,  633,
+-      633,  942,  941,  576,  635,  635,  635,  636,  636,  636,
+-      637,  637,  637,  638,  638,  638,  639,  639,  639,  632,
+-
+-      640,  640,  640,  940,  939,  630,  938,  937,  631,  936,
+-      634,  633,  641,  641,  641,  642,  642,  642,  935,  643,
+-      643,  643,  635,  644,  644,  644,  645,  645,  645,  934,
+-      933,  636,  918,  917,  637,  916,  915,  645,  914,  913,
+-      644,  639,  638,  643,  646,  646,  646,  647,  647,  647,
+-      912,  911,  640,  910,  641,  647,  648,  648,  648,  909,
+-      907,  646,  649,  649,  649,  650,  650,  650,  651,  651,
+-      651,  652,  652,  652,  653,  653,  653,  649,  906,  650,
+-      648,  654,  654,  654,  653,  655,  655,  655,  902,  651,
+-      901,  655,  652,  656,  656,  656,  654,  657,  657,  657,
+-
+-      658,  658,  658,  659,  659,  659,  900,  657,  660,  660,
+-      660,  661,  661,  661,  662,  662,  662,  663,  663,  663,
+-      714,  714,  714,  715,  715,  715,  656,  716,  716,  716,
+-      717,  717,  717,  718,  718,  718,  719,  719,  719,  899,
+-      898,  659,  720,  720,  720,  721,  721,  721,  661,  722,
+-      722,  722,  897,  896,  716,  723,  723,  723,  714,  895,
+-      894,  715,  893,  892,  717,  724,  724,  724,  725,  725,
+-      725,  726,  726,  726,  727,  727,  727,  728,  728,  728,
+-      729,  729,  729,  721,  730,  730,  730,  722,  728,  731,
+-      731,  731,  891,  890,  727,  889,  888,  729,  732,  732,
+-
+-      732,  887,  886,  723,  733,  733,  733,  885,  732,  730,
+-      724,  884,  733,  883,  731,  734,  734,  734,  882,  725,
+-      735,  735,  735,  736,  736,  736,  737,  737,  737,  881,
+-      735,  736,  734,  738,  738,  738,  739,  739,  739,  740,
+-      740,  740,  880,  879,  739,  739,  741,  741,  741,  857,
+-      738,  742,  742,  742,  790,  790,  790,  855,  854,  737,
+-      791,  791,  791,  792,  792,  792,  793,  793,  793,  794,
+-      794,  794,  740,  795,  795,  795,  796,  796,  796,  797,
+-      797,  797,  798,  798,  798,  853,  851,  790,  799,  799,
+-      799,  800,  800,  800,  801,  801,  801,  802,  802,  802,
+-
+-      801,  800,  850,  794,  849,  792,  803,  803,  803,  791,
+-      804,  804,  804,  799,  848,  793,  846,  797,  804,  845,
+-      798,  805,  805,  805,  806,  806,  806,  807,  807,  807,
+-      844,  805,  843,  842,  806,  808,  808,  808,  809,  809,
+-      809,  810,  810,  810,  841,  840,  809,  809,  811,  811,
+-      811,  812,  812,  812,  813,  813,  813,  858,  858,  858,
+-      808,  859,  859,  859,  839,  812,  838,  837,  811,  860,
+-      860,  860,  861,  861,  861,  836,  862,  862,  862,  813,
+-      863,  863,  863,  864,  864,  864,  865,  865,  865,  835,
+-      834,  866,  866,  866,  859,  867,  867,  867,  868,  868,
+-
+-      868,  833,  867,  832,  829,  858,  869,  869,  869,  870,
+-      870,  870,  861,  862,  866,  871,  871,  871,  860,  828,
+-      864,  827,  826,  868,  824,  823,  863,  872,  872,  872,
+-      873,  873,  873,  874,  874,  874,  875,  875,  875,  876,
+-      876,  876,  822,  821,  873,  820,  819,  872,  919,  919,
+-      919,  818,  874,  920,  920,  920,  921,  921,  921,  817,
+-      875,  922,  922,  922,  923,  923,  923,  924,  924,  924,
+-      925,  925,  925,  926,  926,  926,  927,  927,  927,  928,
+-      928,  928,  929,  929,  929,  930,  930,  930,  931,  931,
+-      931,  816,  815,  927,  814,  920,  932,  932,  932,  789,
+-
+-      788,  929,  787,  925,  919,  785,  923,  921,  784,  930,
+-      969,  969,  969,  922,  970,  970,  970,  781,  924,  971,
+-      971,  971,  972,  972,  972,  779,  973,  973,  973,  974,
+-      974,  974,  975,  975,  975,  976,  976,  976,  977,  977,
+-      977,  778,  777,  969,  776,  976,  978,  978,  978, 1013,
+-     1013, 1013, 1014, 1014, 1014, 1015, 1015, 1015,  775,  774,
+-      970,  773,  974, 1016, 1016, 1016,  975,  972, 1017, 1017,
+-     1017,  971,  973, 1018, 1018, 1018, 1019, 1019, 1019, 1020,
+-     1020, 1020, 1053, 1053, 1053,  772,  771, 1013,  770, 1015,
+-     1054, 1054, 1054,  769, 1014, 1055, 1055, 1055, 1056, 1056,
+-
+-     1056, 1016, 1057, 1057, 1057, 1059, 1059, 1059, 1017, 1058,
+-     1058, 1058, 1089, 1089, 1089, 1090, 1090, 1090,  767, 1018,
+-     1091, 1091, 1091,  766, 1019, 1092, 1092, 1092,  765,  764,
+-     1091,  763, 1093, 1093, 1093,  762,  760, 1053,  759, 1055,
+-      758, 1054,  757, 1058, 1056,  756,  755, 1059, 1089, 1094,
+-     1094, 1094, 1122, 1122, 1122, 1123, 1123, 1123, 1124, 1124,
+-     1124, 1125, 1125, 1125, 1147, 1147, 1147, 1148, 1148, 1148,
+-     1149, 1149, 1149, 1150, 1150, 1150, 1092, 1093, 1170, 1170,
+-     1170, 1171, 1171, 1171, 1172, 1172, 1172, 1191, 1191, 1191,
+-     1122, 1190, 1190, 1190, 1205, 1205, 1205,  754,  753, 1125,
+-
+-     1206, 1206, 1206,  752, 1123, 1214, 1214, 1214, 1124, 1215,
+-     1215, 1215, 1147, 1206,  751,  750, 1148, 1221, 1221, 1221,
+-     1222, 1222, 1222, 1150, 1226, 1226, 1226,  749, 1171, 1170,
+-     1228, 1228, 1228, 1190,  748,  747, 1191, 1230, 1230, 1230,
+-      746, 1205,  745, 1215, 1232, 1232, 1232, 1233, 1233, 1233,
+-      744, 1214,  743,  712,  711,  710,  709,  708,  707,  705,
+-      704, 1226,  703,  702,  701,  700, 1222,  699,  698,  697,
+-      696,  695,  694,  693, 1228, 1230,  692,  690,  689,  687,
+-      685,  684,  683,  680,  679,  678,  674,  673,  671,  670,
+-      669,  668,  667, 1232, 1235, 1235, 1235, 1235, 1236, 1236,
+-
+-     1236, 1236, 1237, 1237, 1237, 1237, 1238, 1238, 1238, 1238,
+-     1239, 1239, 1240, 1240, 1241,  666, 1241, 1241,  665,  664,
+-      629,  628,  627,  626,  625,  624,  623,  622,  621,  620,
+-      619,  618,  617,  616,  614,  613,  612,  610,  609,  608,
+-      607,  606,  605,  604,  602,  601,  600,  599,  598,  597,
+-      596,  595,  594,  593,  592,  591,  590,  589,  588,  587,
+-      586,  585,  584,  583,  582,  581,  580,  579,  538,  537,
+-      536,  534,  533,  532,  531,  530,  529,  528,  527,  526,
+-      525,  524,  523,  522,  521,  520,  519,  518,  517,  516,
+-      515,  514,  513,  512,  511,  510,  509,  508,  507,  506,
+-
+-      505,  504,  503,  502,  501,  500,  499,  498,  497,  496,
+-      494,  493,  450,  447,  446,  445,  444,  443,  442,  441,
+-      440,  439,  438,  437,  436,  435,  434,  433,  432,  431,
+-      430,  429,  428,  427,  426,  425,  424,  423,  422,  421,
+-      420,  419,  418,  417,  416,  415,  414,  413,  412,  411,
+-      410,  409,  408,  407,  354,  353,  352,  351,  350,  349,
+-      348,  346,  345,  344,  343,  342,  341,  340,  339,  338,
+-      337,  336,  335,  334,  333,  332,  331,  330,  329,  328,
+-      327,  326,  325,  324,  322,  321,  320,  318,  317,  316,
+-      315,  314,  313,  275,  254,  253,  252,  251,  250,  249,
+-
+-      248,  246,  244,  243,  242,  241,  239,  237,  235,  234,
+-      232,  231,  229,  228,  227,  225,  223,  222,  221,  176,
+-      174,  173,  149,  148,  146,  145,  143,  142,  140,  138,
+-      136,  130,   81,   77,   74,   71,   51,   48,   42,   22,
+-       21,   11,    9,    3, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
++       18,   18,   18,   18,   82,   82,   24,   24,   24,   25,
++       25,   25,    7,   26,   26,   26,   44,   15,   48,  135,
++       44,    7,   48,    7,    7, 1112,    7,    7,  135,    7,
++        7,    7,   24,    7,    7,    7,    7,    7,    7,    7,
++        7,   20,  147,   20,   20, 1121,   26,   27,   27,   27,
++       20,   20,   28,   28,   28,   77,  147,   20,   30,   30,
++       30,   27,   29,   29,   29,   25,   20,   31,   31,   31,
++       32,   32,   32,   33,   33,   33,  188,  188,   20,   20,
++       34,   34,   34,   84,   20,   84,   35,   35,   35,   36,
++       36,   36,   20, 1122,   77,   20,   37,   37,   37,   28,
++
++       38,   38,   38,   29,   32,   30,   29,   72,   87,   29,
++       87,   72,   32,   31,   32,   39,   39,   39,  134,   33,
++       35,  238,   31,   40,   40,   40, 1123,   34,   41,   41,
++       41,   42,   42,   42,   54,   54,   54,   36,  238,   75,
++      136,   38,   38,   75,   38,   37,   80,  134,   37,  136,
++       80,   38,  458,   39,  181,  229,   39,   55,   55,   55,
++       56,   56,   56,  181,   39,  458,  229,   42,   54,   40,
++       41,   39,   58,   58,   58,   41,   45,   45,   45,   45,
++       45,   45,   45,   45,   45,  130, 1124,   45,   45,  130,
++       45,   45, 1125,   45,   45,   45,   45,   45,   57,   57,
++
++       57,   61,   61,   61,   56,  132,   55,   59,   59,   59,
++       58, 1127,   60,   60,   60,   62,   62,   62,  138,   58,
++      132,   63,   63,   63,   64,   64,   64,   65,   65,   65,
++      875,  235,   57,   66,   66,   66,  132,  875,   61,   57,
++      137,   59,   57,  235,  137,   57,  235,   61,  138,   59,
++       60,   59,  150,   62,   59,   63,  150,  245,   64,   67,
++       67,   67,  245,   63,   68,   68,   68, 1128,   63,   69,
++       69,   69,   85,   85,   85,   65,   65,   70,   70,   70,
++      142,  183,   66,  183,  142,   66,   71,   71,   71,   66,
++       91,   91,  176,  142,   91,   91,  176,   67,   96,   96,
++
++       96,  185,   68,  185,  457,   68,   68,   69,   68,  457,
++       69,   69,   90,   90,  728,   68,  728,  179,   69,   90,
++       90,  179,  546,   70,   71,   69,  546,   70,   71,   97,
++       97,   97,   86,   71,   86,   86,   86, 1129,  140,   98,
++       98,   98,   86,   86,  140,  140,   97,   90,   90,   99,
++       99,   99, 1130,  100,  100,  100,  101,  101,  101,  102,
++      102,  102,  103,  103,  103,  104,  104,  104,  844,  844,
++       86,   86,   98,   99,  100,  105,  105,  105,  106,  106,
++      106,  107,  107,  107,  108,  108,  108,  109,  109,  109,
++      110,  110,  110,  102, 1131, 1134,  103,  111,  111,  111,
++
++      112,  112,  112,  101,  113,  113,  113,  114,  114,  114,
++     1135,  104,  115,  115,  115,  116,  116,  116,  117,  117,
++      117,  118,  118,  118,  119,  119,  119,  105,  108,  107,
++      106, 1136, 1137,  109,  120,  120,  120,  110,  252,  121,
++      121,  121,  122,  122,  122,  114,  112,  252,  111,  113,
++      116,  123,  123,  123,  115,  624,  124,  124,  124,  115,
++      624,  118,  125,  125,  125,  117,  231,  231,  120,  231,
++     1138,  119,  126,  126,  126,  127,  127,  127,  118,  128,
++      128,  128, 1139,  120,  121,  144,  326,  144,  690,  326,
++      144,  122,  144,  154,  154,  154,  155,  155,  155,  156,
++
++      156,  156,  690,  123,  124,  157,  157,  157,  158,  158,
++      158, 1141,  125,  159,  159,  159, 1142,  127, 1143, 1145,
++      128,  126,  160,  160,  160,  161,  161,  161,  162,  162,
++      162,  163,  163,  163,  164,  164,  164,  154,  165,  165,
++      165, 1146, 1152,  156,  166,  166,  166,  158,  155,  157,
++      167,  167,  167,  168,  168,  168,  169,  169,  169,  170,
++      170,  170,  159,  171,  171,  171,  172,  172,  172, 1153,
++      164, 1154, 1155,  160,  173,  173,  173,  163,  174,  174,
++      174, 1156,  166,  165,  162, 1157,  168,  167,  175,  175,
++      175,  182,  182,  354, 1158,  166, 1159,  354,  182,  182,
++
++      354,  169, 1160,  171,  184,  184, 1161,  184,  184,  184,
++      170,  172, 1163,  189,  189, 1164,  174,  187,  187, 1161,
++      171,  189,  173, 1166,  187,  187,  182,  182,  191,  191,
++      191,  192,  192,  192,  193,  193,  193,  175,  194,  194,
++      194,  195,  195,  195, 1168,  191, 1169, 1170,  193,  189,
++     1171,  193,  187,  187,  196,  196,  196,  197,  197,  197,
++      198,  198,  198,  199,  199,  199,  200,  200,  200, 1172,
++     1177,  194,  201,  201,  201,  202,  202,  202,  203,  203,
++      203,  192,  205,  205,  205,  195,  204,  204,  204,  206,
++      206,  206,  207,  207,  207,  208,  208,  208,  199,  209,
++
++      209,  209, 1178,  196,  210,  210,  210,  197, 1180, 1181,
++      198,  200,  203,  211,  211,  211,  201,  212,  212,  212,
++      204,  213,  213,  213, 1182,  202,  214,  214,  214,  206,
++      207,  215,  215,  215,  216,  216,  216,  217,  217,  217,
++      218,  218,  218, 1183,  208,  219,  219,  219,  220,  220,
++      220, 1184,  209, 1186, 1187,  210, 1188,  211,  221,  221,
++      221,  222,  222,  222,  214, 1189,  212,  213,  223,  223,
++      223,  224,  224,  224, 1190,  225,  225,  225,  260,  260,
++      260,  243,  215, 1191, 1192,  216,  220,  243,  218,  217,
++     1193, 1194,  219, 1195, 1199,  243,  221,  261,  261,  261,
++
++      262,  262,  262,  222,  263,  263,  263, 1200,  224,  225,
++      264,  264,  264,  265,  265,  265,  266,  266,  266,  223,
++      267,  267,  267,  268,  268,  268, 1201, 1202,  260,  269,
++      269,  269, 1204,  262, 1205,  261, 1206,  270,  270,  270,
++      271,  271,  271, 1207,  264,  272,  272,  272,  263,  273,
++      273,  273, 1209,  274,  274,  274, 1211, 1212,  265,  275,
++      275,  275, 1213,  268,  276,  276,  276,  269,  277,  277,
++      277,  278,  278,  278,  267,  270, 1215,  778,  279,  279,
++      279,  778,  271,  272,  280,  280,  280,  282, 1220,  282,
++      282,  282,  283,  778,  283,  283,  283, 1223, 1224,  273,
++
++      274, 1225, 1226,  283, 1227, 1228,  277, 1234, 1235,  278,
++      276,  279,  284,  284,  284,  285,  285,  285,  286,  286,
++      286,  287,  287,  287, 1236, 1238,  288,  288,  288, 1239,
++      286,  283,  288, 1243,  280,  289,  289,  289,  290,  290,
++      290,  287,  291,  291,  291, 1244, 1245,  288,  288,  288,
++      288,  292,  292,  292,  293,  293,  293,  294,  294,  294,
++     1250,  295,  295,  295, 1253,  285,  296,  296,  296,  297,
++      297,  297,  298,  298,  298,  299,  299,  299,  300,  300,
++      300,  301,  301,  301,  302,  302,  302,  303,  303,  303,
++     1255, 1268,  291,  304,  304,  304, 1111, 1110,  293,  305,
++
++      305,  305,  292,  295,  296,  306,  306,  306,  307,  307,
++      307, 1109, 1107,  297, 1106,  301, 1105, 1104,  302,  308,
++      308,  308, 1103,  298, 1101,  303, 1100, 1099,  300,  309,
++      309,  309,  310,  310,  310,  304,  311,  311,  311,  306,
++     1098,  307, 1097,  306,  312,  312,  312,  313,  313,  313,
++      305,  314,  314,  314,  315,  315,  315,  316,  316,  316,
++      317,  317,  317,  318,  318,  318, 1096, 1095,  310,  308,
++     1094,  309,  363,  363,  363,  364,  364,  364,  692,  692,
++      311,  365,  365,  365,  366,  366,  366,  692,  314,  367,
++      367,  367, 1093,  692,  315,  368,  368,  368,  312,  369,
++
++      369,  369,  370,  370,  370,  371,  371,  371, 1092,  316,
++      363, 1091,  318,  372,  372,  372, 1090,  366,  373,  373,
++      373,  374,  374,  374,  375,  375,  375, 1089, 1088,  368,
++      365,  376,  376,  376,  377,  377,  377,  378,  378,  378,
++     1087,  367,  379,  379,  379, 1086,  369,  380,  380,  380,
++     1085,  371, 1084, 1075,  370,  381,  381,  381,  383,  383,
++      383, 1074, 1073,  372, 1072,  373, 1071, 1068,  377, 1067,
++      374, 1066,  377, 1065,  375,  384,  384,  384, 1064,  379,
++     1062,  380, 1061, 1060,  376, 1059, 1058,  378,  385,  385,
++      385,  380, 1057, 1056,  384, 1055, 1054,  381, 1053, 1052,
++
++      383,  386,  386,  386,  387,  387,  387,  388,  388,  388,
++      389,  389,  389,  385,  390,  390,  390,  391,  391,  391,
++      386,  392,  392,  392,  393,  393,  393,  388,  390, 1051,
++     1050,  390, 1049, 1048,  387,  394,  394,  394,  390,  389,
++      395,  395,  395,  396,  396,  396,  397,  397,  397,  398,
++      398,  398,  399,  399,  399,  400,  400,  400,  401,  401,
++      401, 1047,  393,  402,  402,  402,  403,  403,  403, 1046,
++     1045,  394,  404,  404,  404,  405,  405,  405,  406,  406,
++      406,  407,  407,  407,  408,  408,  408,  409,  409,  409,
++      410,  410,  410, 1044,  401, 1034, 1033,  398, 1032,  402,
++
++      411,  411,  411,  399, 1031, 1029,  400,  412,  412,  412,
++     1028, 1027,  405,  413,  413,  413,  404,  414,  414,  414,
++      408,  415,  415,  415,  410,  460,  460,  460, 1026,  406,
++      461,  461,  461,  462,  462,  462, 1025, 1024,  409, 1023,
++      463,  463,  463, 1021, 1020,  412,  464,  464,  464, 1019,
++     1018,  414, 1017, 1016,  415,  465,  465,  465, 1015,  413,
++      466,  466,  466, 1014,  461,  467,  467,  467,  468,  468,
++      468,  469,  469,  469,  470,  470,  470, 1013, 1012,  471,
++      471,  471, 1011,  462,  463,  472,  472,  472,  473,  473,
++      473,  474,  474,  474,  466, 1010, 1009,  464, 1008,  475,
++
++      475,  475, 1007, 1006,  465,  476,  476,  476,  477,  477,
++      477,  479,  479,  479,  468,  467,  470,  471,  478,  478,
++      478,  480,  480,  480,  478,  481,  481,  481, 1005,  472,
++     1004, 1003,  481,  481,  481,  479,  472, 1002, 1001,  473,
++      474,  475,  481,  989,  988,  481,  482,  482,  482,  481,
++      481,  480,  476,  482,  483,  483,  483,  484,  484,  484,
++      485,  485,  485,  987,  986,  477,  487,  487,  487,  484,
++      486,  486,  486,  985,  483,  488,  488,  488,  984,  983,
++      485,  489,  489,  489,  486,  490,  490,  490,  491,  491,
++      491,  492,  492,  492,  493,  493,  493,  494,  494,  494,
++
++      495,  495,  495,  496,  496,  496,  497,  497,  497,  498,
++      498,  498,  499,  499,  499,  489,  982,  488,  500,  500,
++      500,  501,  501,  501,  506,  506,  491,  502,  502,  502,
++      981,  980,  490,  503,  503,  503,  550,  550,  550,  979,
++      506,  506,  492,  978,  977,  506,  976,  494,  551,  551,
++      551,  552,  552,  552,  553,  553,  553,  500,  975,  501,
++      554,  554,  554,  499,  555,  555,  555,  556,  556,  556,
++      974,  502,  557,  557,  557,  558,  558,  558,  550,  559,
++      559,  559,  972,  971,  503,  560,  560,  560,  561,  561,
++      561,  562,  562,  562,  563,  563,  563,  554,  970,  968,
++
++      551,  967,  552,  966,  555,  556,  557,  564,  564,  564,
++      965,  964,  559,  565,  565,  565,  566,  566,  566,  567,
++      567,  567,  561,  568,  568,  568,  569,  569,  569,  963,
++      962,  562,  558,  566,  570,  570,  570,  560,  961,  563,
++      570,  571,  571,  571,  572,  572,  572,  568,  574,  574,
++      574,  565,  569,  564,  960,  571,  959,  958,  572,  573,
++      573,  573,  575,  575,  575,  574,  573,  576,  576,  576,
++      577,  577,  577,  957,  578,  578,  578,  577,  579,  579,
++      579,  956,  576,  580,  580,  580,  955,  954,  575,  581,
++      581,  581,  575,  578,  582,  582,  582,  583,  583,  583,
++
++      584,  584,  584,  579,  585,  585,  585,  586,  586,  586,
++      587,  587,  587,  938,  580,  588,  588,  588,  589,  589,
++      589,  590,  590,  590,  591,  591,  591,  643,  643,  643,
++      582,  644,  644,  644,  645,  645,  645,  646,  646,  646,
++      581,  937,  585,  647,  647,  647,  583,  936,  587,  648,
++      648,  648,  649,  649,  649,  589,  650,  650,  650,  651,
++      651,  651,  652,  652,  652,  935,  934,  645,  933,  932,
++      646,  653,  653,  653,  654,  654,  654,  643,  931,  644,
++      930,  647,  655,  655,  655,  929,  927,  648,  656,  656,
++      656,  658,  658,  658,  650,  926,  649,  657,  657,  657,
++
++      659,  659,  659,  651,  661,  661,  661,  660,  660,  660,
++      922,  652,  662,  662,  662,  658,  653,  659,  660,  921,
++      662,  661,  920,  919,  655,  918,  654,  663,  663,  663,
++      657,  664,  664,  664,  665,  665,  665,  666,  666,  666,
++      667,  667,  667,  668,  668,  668,  664,  917,  665,  916,
++      915,  663,  914,  668,  669,  669,  669,  913,  666,  912,
++      911,  667,  670,  670,  670,  671,  671,  671,  670,  669,
++      672,  672,  672,  673,  673,  673,  674,  674,  674,  910,
++      672,  675,  675,  675,  676,  676,  676,  677,  677,  677,
++      678,  678,  678,  729,  729,  729,  909,  908,  671,  730,
++
++      730,  730,  731,  731,  731,  732,  732,  732,  733,  733,
++      733,  734,  734,  734,  674,  735,  735,  735,  736,  736,
++      736,  676,  737,  737,  737,  738,  738,  738,  907,  731,
++      906,  729,  739,  739,  739,  905,  904,  730,  903,  732,
++      740,  740,  740,  741,  741,  741,  742,  742,  742,  902,
++      901,  736,  743,  743,  743,  744,  744,  744,  900,  899,
++      737,  876,  874,  738,  873,  745,  745,  745,  872,  746,
++      746,  746,  758,  758,  758,  744,  745,  747,  747,  747,
++      739,  748,  748,  748,  870,  740,  746,  869,  749,  749,
++      749,  750,  750,  750,  741,  868,  867,  742,  749,  750,
++
++      865,  864,  747,  751,  751,  751,  748,  752,  752,  752,
++      753,  753,  753,  754,  754,  754,  863,  752,  753,  862,
++      751,  755,  755,  755,  756,  756,  756,  757,  757,  757,
++      861,  860,  756,  756,  759,  759,  759,  859,  755,  807,
++      807,  807,  808,  808,  808,  858,  754,  809,  809,  809,
++      810,  810,  810,  811,  811,  811,  812,  812,  812,  857,
++      757,  813,  813,  813,  814,  814,  814,  815,  815,  815,
++      856,  855,  807,  816,  816,  816,  817,  817,  817,  854,
++      853,  818,  818,  818,  819,  819,  819,  852,  851,  809,
++      812,  808,  848,  847,  819,  820,  820,  820,  846,  810,
++
++      845,  820,  843,  842,  811,  815,  818,  821,  821,  821,
++      841,  816,  822,  822,  822,  823,  823,  823,  824,  824,
++      824,  840,  839,  823,  825,  825,  825,  838,  824,  826,
++      826,  826,  837,  836,  825,  827,  827,  827,  828,  828,
++      828,  829,  829,  829,  835,  834,  828,  828,  830,  830,
++      830,  831,  831,  831,  832,  832,  832,  877,  877,  877,
++      827,  878,  878,  878,  833,  831,  806,  805,  830,  879,
++      879,  879,  880,  880,  880,  881,  881,  881,  804,  832,
++      882,  882,  882,  883,  883,  883,  884,  884,  884,  885,
++      885,  885,  802,  801,  878,  798,  886,  886,  886,  887,
++
++      887,  887,  888,  888,  888,  877,  887,  796,  881,  889,
++      889,  889,  880,  890,  890,  890,  795,  882,  879,  886,
++      891,  891,  891,  884,  892,  892,  892,  888,  794,  883,
++      793,  893,  893,  893,  894,  894,  894,  895,  895,  895,
++      896,  896,  896,  792,  892,  893,  939,  939,  939,  940,
++      940,  940,  791,  894,  941,  941,  941,  942,  942,  942,
++      790,  895,  943,  943,  943,  944,  944,  944,  945,  945,
++      945,  946,  946,  946,  947,  947,  947,  948,  948,  948,
++      949,  949,  949,  789,  950,  950,  950,  951,  951,  951,
++      788,  940,  787,  786,  948,  952,  952,  952,  943,  953,
++
++      953,  953,  939,  950,  946,  941,  784,  944,  783,  942,
++      782,  951,  990,  990,  990,  991,  991,  991,  781,  945,
++      992,  992,  992,  993,  993,  993,  994,  994,  994,  995,
++      995,  995,  996,  996,  996,  997,  997,  997,  998,  998,
++      998,  999,  999,  999,  780,  990,  779,  777,  998, 1000,
++     1000, 1000, 1035, 1035, 1035, 1036, 1036, 1036, 1037, 1037,
++     1037,  991, 1038, 1038, 1038,  996,  776,  775,  993,  997,
++      994,  774,  992,  773,  772,  995, 1039, 1039, 1039, 1040,
++     1040, 1040, 1041, 1041, 1041, 1042, 1042, 1042,  771,  770,
++     1035,  769, 1037, 1043, 1043, 1043,  768, 1036,  767,  766,
++
++     1038, 1076, 1076, 1076, 1077, 1077, 1077, 1078, 1078, 1078,
++      765, 1079, 1079, 1079, 1039, 1080, 1080, 1080,  764, 1040,
++     1081, 1081, 1081,  763, 1082, 1082, 1082,  762, 1041, 1083,
++     1083, 1083,  761, 1042, 1113, 1113, 1113, 1114, 1114, 1114,
++     1115, 1115, 1115, 1116, 1116, 1116, 1117, 1117, 1117, 1080,
++     1115, 1078, 1118, 1118, 1118, 1077, 1076, 1079, 1082, 1119,
++     1119, 1119, 1147, 1147, 1147, 1148, 1148, 1148,  760,  727,
++     1113, 1083, 1149, 1149, 1149, 1150, 1150, 1150, 1151, 1151,
++     1151, 1173, 1173, 1173, 1174, 1174, 1174, 1175, 1175, 1175,
++      726,  725, 1117,  724, 1116,  723,  722, 1118,  720,  719,
++
++     1147, 1176, 1176, 1176, 1196, 1196, 1196, 1197, 1197, 1197,
++     1198, 1198, 1198,  718, 1148,  717, 1151, 1216, 1216, 1216,
++      716,  715, 1149, 1217, 1217, 1217, 1231, 1231, 1231, 1173,
++     1232, 1232, 1232, 1174, 1240, 1240, 1240, 1241, 1241, 1241,
++     1247, 1247, 1247, 1232, 1248, 1248, 1248, 1252, 1252, 1252,
++      714, 1176,  713,  712, 1197, 1196, 1254, 1254, 1254, 1216,
++     1256, 1256, 1256, 1258, 1258, 1258, 1259, 1259, 1259,  711,
++      710, 1241, 1217, 1231,  709,  708,  707,  705,  704,  702,
++     1240,  700,  699,  698, 1252,  695,  694,  693,  689,  688,
++     1248,  686,  685,  684,  683,  682,  681,  680, 1256,  679,
++
++     1254,  642,  641,  640,  639,  638,  637,  636,  635,  634,
++      633,  632, 1258, 1261, 1261, 1261, 1261, 1262, 1262, 1262,
++     1262, 1263, 1263, 1263, 1263, 1264, 1264, 1264, 1264, 1265,
++     1265, 1266, 1266, 1267,  631, 1267, 1267,  630,  629,  627,
++      626,  625,  623,  622,  621,  620,  619,  618,  617,  615,
++      614,  613,  612,  611,  610,  609,  608,  607,  606,  605,
++      604,  603,  602,  601,  600,  599,  598,  597,  596,  595,
++      594,  593,  592,  549,  548,  547,  545,  544,  543,  542,
++      541,  540,  539,  538,  537,  536,  535,  534,  533,  532,
++      531,  530,  529,  528,  527,  526,  525,  524,  523,  522,
++
++      521,  520,  519,  518,  517,  516,  515,  514,  513,  512,
++      511,  510,  509,  508,  507,  505,  504,  459,  456,  455,
++      454,  453,  452,  451,  450,  449,  448,  447,  446,  445,
++      444,  443,  442,  441,  440,  439,  438,  437,  436,  435,
++      434,  433,  432,  431,  430,  429,  428,  427,  426,  425,
++      424,  423,  422,  421,  420,  419,  418,  417,  416,  361,
++      360,  359,  358,  357,  356,  355,  353,  352,  351,  350,
++      349,  348,  347,  346,  345,  344,  343,  342,  341,  340,
++      339,  338,  337,  336,  335,  334,  333,  332,  331,  329,
++      328,  327,  325,  324,  323,  322,  321,  320,  281,  259,
++
++      258,  257,  256,  255,  254,  253,  251,  249,  248,  247,
++      246,  244,  242,  240,  239,  237,  236,  234,  233,  232,
++      230,  228,  227,  226,  180,  178,  177,  152,  151,  149,
++      148,  146,  145,  143,  141,  139,  133,   83,   79,   76,
++       73,   52,   49,   43,   22,   21,   11,    9,    3, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
+ 
+-     1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234,
+-     1234, 1234, 1234, 1234, 1234
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260,
++     1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260
+     } ;
+ 
+ static yy_state_type yy_last_accepting_state;
+@@ -1499,7 +1518,7 @@ int yy_flex_debug = 0;
+ #define YY_MORE_ADJ 0
+ #define YY_RESTORE_YY_MORE_OFFSET
+ char *yytext;
+-#line 1 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 1 "lexer.l"
+ /*
+  * The SIP lexer.
+  *
+@@ -1517,7 +1536,7 @@ char *yytext;
+  * SIP is supplied WITHOUT ANY WARRANTY; without even the implied warranty of
+  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  */
+-#line 20 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 20 "lexer.l"
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -1563,11 +1582,9 @@ static int parenDepth = 0;
+ 
+ static FILE *openFile(const char *);
+ static void fatallex(char *);
++#line 1586 "../lexer.c"
+ 
+-
+-
+-
+-#line 1571 "sip-4.19.23/sipgen/lexer.c"
++#line 1588 "../lexer.c"
+ 
+ #define INITIAL 0
+ #define code 1
+@@ -1587,36 +1604,36 @@ static void fatallex(char *);
+ #define YY_EXTRA_TYPE void *
+ #endif
+ 
+-static int yy_init_globals (void );
++static int yy_init_globals ( void );
+ 
+ /* Accessor methods to globals.
+    These are made visible to non-reentrant scanners for convenience. */
+ 
+-int yylex_destroy (void );
++int yylex_destroy ( void );
+ 
+-int yyget_debug (void );
++int yyget_debug ( void );
+ 
+-void yyset_debug (int debug_flag  );
++void yyset_debug ( int debug_flag  );
+ 
+-YY_EXTRA_TYPE yyget_extra (void );
++YY_EXTRA_TYPE yyget_extra ( void );
+ 
+-void yyset_extra (YY_EXTRA_TYPE user_defined  );
++void yyset_extra ( YY_EXTRA_TYPE user_defined  );
+ 
+-FILE *yyget_in (void );
++FILE *yyget_in ( void );
+ 
+-void yyset_in  (FILE * in_str  );
++void yyset_in  ( FILE * _in_str  );
+ 
+-FILE *yyget_out (void );
++FILE *yyget_out ( void );
+ 
+-void yyset_out  (FILE * out_str  );
++void yyset_out  ( FILE * _out_str  );
+ 
+-yy_size_t yyget_leng (void );
++			int yyget_leng ( void );
+ 
+-char *yyget_text (void );
++char *yyget_text ( void );
+ 
+-int yyget_lineno (void );
++int yyget_lineno ( void );
+ 
+-void yyset_lineno (int line_number  );
++void yyset_lineno ( int _line_number  );
+ 
+ /* Macros after this point can all be overridden by user definitions in
+  * section 1.
+@@ -1624,28 +1641,31 @@ void yyset_lineno (int line_number  );
+ 
+ #ifndef YY_SKIP_YYWRAP
+ #ifdef __cplusplus
+-extern "C" int yywrap (void );
++extern "C" int yywrap ( void );
+ #else
+-extern int yywrap (void );
++extern int yywrap ( void );
+ #endif
+ #endif
+ 
+-    static void yyunput (int c,char *buf_ptr  );
++#ifndef YY_NO_UNPUT
+     
++    static void yyunput ( int c, char *buf_ptr  );
++    
++#endif
++
+ #ifndef yytext_ptr
+-static void yy_flex_strncpy (char *,yyconst char *,int );
++static void yy_flex_strncpy ( char *, const char *, int );
+ #endif
+ 
+ #ifdef YY_NEED_STRLEN
+-static int yy_flex_strlen (yyconst char * );
++static int yy_flex_strlen ( const char * );
+ #endif
+ 
+ #ifndef YY_NO_INPUT
+-
+ #ifdef __cplusplus
+-static int yyinput (void );
++static int yyinput ( void );
+ #else
+-static int input (void );
++static int input ( void );
+ #endif
+ 
+ #endif
+@@ -1654,15 +1674,20 @@ static int input (void );
+         static int yy_start_stack_depth = 0;
+         static int *yy_start_stack = NULL;
+     
+-    static void yy_push_state (int new_state );
++    static void yy_push_state ( int _new_state );
+     
+-    static void yy_pop_state (void );
++    static void yy_pop_state ( void );
+     
+-    static int yy_top_state (void );
++    static int yy_top_state ( void );
+     
+ /* Amount of stuff to slurp up with each read. */
+ #ifndef YY_READ_BUF_SIZE
++#ifdef __ia64__
++/* On IA-64, the buffer size is 16k, not 8k */
++#define YY_READ_BUF_SIZE 16384
++#else
+ #define YY_READ_BUF_SIZE 8192
++#endif /* __ia64__ */
+ #endif
+ 
+ /* Copy whatever the last rule matched to the standard output. */
+@@ -1670,7 +1695,7 @@ static int input (void );
+ /* This used to be an fputs(), but since the string might contain NUL's,
+  * we now use fwrite().
+  */
+-#define ECHO fwrite( yytext, yyleng, 1, yyout )
++#define ECHO do { if (fwrite( yytext, (size_t) yyleng, 1, yyout )) {} } while (0)
+ #endif
+ 
+ /* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
+@@ -1681,7 +1706,7 @@ static int input (void );
+ 	if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
+ 		{ \
+ 		int c = '*'; \
+-		yy_size_t n; \
++		int n; \
+ 		for ( n = 0; n < max_size && \
+ 			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
+ 			buf[n] = (char) c; \
+@@ -1694,7 +1719,7 @@ static int input (void );
+ 	else \
+ 		{ \
+ 		errno=0; \
+-		while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
++		while ( (result = (int) fread(buf, 1, (yy_size_t) max_size, yyin)) == 0 && ferror(yyin)) \
+ 			{ \
+ 			if( errno != EINTR) \
+ 				{ \
+@@ -1749,7 +1774,7 @@ extern int yylex (void);
+ 
+ /* Code executed at the end of each rule. */
+ #ifndef YY_BREAK
+-#define YY_BREAK break;
++#define YY_BREAK /*LINTED*/break;
+ #endif
+ 
+ #define YY_RULE_SETUP \
+@@ -1762,15 +1787,10 @@ extern int yylex (void);
+  */
+ YY_DECL
+ {
+-	register yy_state_type yy_current_state;
+-	register char *yy_cp, *yy_bp;
+-	register int yy_act;
++	yy_state_type yy_current_state;
++	char *yy_cp, *yy_bp;
++	int yy_act;
+     
+-#line 74 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-
+-
+-#line 1773 "sip-4.19.23/sipgen/lexer.c"
+-
+ 	if ( !(yy_init) )
+ 		{
+ 		(yy_init) = 1;
+@@ -1791,13 +1811,19 @@ YY_DECL
+ 		if ( ! YY_CURRENT_BUFFER ) {
+ 			yyensure_buffer_stack ();
+ 			YY_CURRENT_BUFFER_LVALUE =
+-				yy_create_buffer(yyin,YY_BUF_SIZE );
++				yy_create_buffer( yyin, YY_BUF_SIZE );
+ 		}
+ 
+-		yy_load_buffer_state( );
++		yy_load_buffer_state(  );
+ 		}
+ 
+-	while ( 1 )		/* loops until end-of-file is reached */
++	{
++#line 74 "lexer.l"
++
++
++#line 1825 "../lexer.c"
++
++	while ( /*CONSTCOND*/1 )		/* loops until end-of-file is reached */
+ 		{
+ 		yy_cp = (yy_c_buf_p);
+ 
+@@ -1814,7 +1840,7 @@ YY_DECL
+ yy_match:
+ 		do
+ 			{
+-			register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
++			YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ;
+ 			if ( yy_accept[yy_current_state] )
+ 				{
+ 				(yy_last_accepting_state) = yy_current_state;
+@@ -1823,13 +1849,13 @@ yy_match:
+ 			while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ 				{
+ 				yy_current_state = (int) yy_def[yy_current_state];
+-				if ( yy_current_state >= 1235 )
+-					yy_c = yy_meta[(unsigned int) yy_c];
++				if ( yy_current_state >= 1261 )
++					yy_c = yy_meta[yy_c];
+ 				}
+-			yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
++			yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
+ 			++yy_cp;
+ 			}
+-		while ( yy_base[yy_current_state] != 2845 );
++		while ( yy_base[yy_current_state] != 2950 );
+ 
+ yy_find_action:
+ 		yy_act = yy_accept[yy_current_state];
+@@ -1855,540 +1881,550 @@ do_action:	/* This label is used only to
+ 
+ case 1:
+ YY_RULE_SETUP
+-#line 76 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 76 "lexer.l"
+ {BEGIN directive_start; return TK_API;}
+ 	YY_BREAK
+ case 2:
+ YY_RULE_SETUP
+-#line 77 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 77 "lexer.l"
+ {BEGIN directive_start; return TK_AUTOPYNAME;}
+ 	YY_BREAK
+ case 3:
+ YY_RULE_SETUP
+-#line 78 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 78 "lexer.l"
+ {return TK_CMODULE;}
+ 	YY_BREAK
+ case 4:
+ YY_RULE_SETUP
+-#line 79 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 79 "lexer.l"
+ {BEGIN directive_start; return TK_COMPOMODULE;}
+ 	YY_BREAK
+ case 5:
+ YY_RULE_SETUP
+-#line 80 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 80 "lexer.l"
+ {BEGIN directive_start; return TK_CONSMODULE;}
+ 	YY_BREAK
+ case 6:
+ YY_RULE_SETUP
+-#line 81 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 81 "lexer.l"
+ {BEGIN directive_start; return TK_DEFDOCSTRFMT;}
+ 	YY_BREAK
+ case 7:
+ YY_RULE_SETUP
+-#line 82 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 82 "lexer.l"
+ {BEGIN directive_start; return TK_DEFDOCSTRSIG;}
+ 	YY_BREAK
+ case 8:
+ YY_RULE_SETUP
+-#line 83 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 83 "lexer.l"
+ {BEGIN directive_start; return TK_DEFENCODING;}
+ 	YY_BREAK
+ case 9:
+ YY_RULE_SETUP
+-#line 84 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 84 "lexer.l"
+ {BEGIN directive_start; return TK_DEFMETATYPE;}
+ 	YY_BREAK
+ case 10:
+ YY_RULE_SETUP
+-#line 85 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 85 "lexer.l"
+ {BEGIN directive_start; return TK_DEFSUPERTYPE;}
+ 	YY_BREAK
+ case 11:
+ YY_RULE_SETUP
+-#line 86 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 86 "lexer.l"
+ {return TK_END;}
+ 	YY_BREAK
+ case 12:
+ YY_RULE_SETUP
+-#line 87 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 87 "lexer.l"
+ {BEGIN INITIAL; return TK_END;}
+ 	YY_BREAK
+ case 13:
+ YY_RULE_SETUP
+-#line 88 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 88 "lexer.l"
+ {return TK_EXCEPTION;}
+ 	YY_BREAK
+ case 14:
+ YY_RULE_SETUP
+-#line 89 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 89 "lexer.l"
+ {BEGIN directive_start; return TK_FEATURE;}
+ 	YY_BREAK
+ case 15:
+ YY_RULE_SETUP
+-#line 90 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 90 "lexer.l"
+ {BEGIN directive_start; return TK_HIDE_NS;}
+ 	YY_BREAK
+ case 16:
+ YY_RULE_SETUP
+-#line 91 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 91 "lexer.l"
+ {return TK_IF;}
+ 	YY_BREAK
+ case 17:
+ YY_RULE_SETUP
+-#line 92 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 92 "lexer.l"
+ {BEGIN directive_start; return TK_IMPORT;}
+ 	YY_BREAK
+ case 18:
+ YY_RULE_SETUP
+-#line 93 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 93 "lexer.l"
+ {BEGIN directive_start; return TK_INCLUDE;}
+ 	YY_BREAK
+ case 19:
+ YY_RULE_SETUP
+-#line 94 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 94 "lexer.l"
+ {BEGIN directive_start; return TK_LICENSE;}
+ 	YY_BREAK
+ case 20:
+ YY_RULE_SETUP
+-#line 95 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 95 "lexer.l"
+ {return TK_MAPPEDTYPE;}
+ 	YY_BREAK
+ case 21:
+ YY_RULE_SETUP
+-#line 96 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 96 "lexer.l"
+ {BEGIN directive_start; return TK_MODULE;}
+ 	YY_BREAK
+ case 22:
+ YY_RULE_SETUP
+-#line 97 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 97 "lexer.l"
+ {return TK_OPTINCLUDE;}
+ 	YY_BREAK
+ case 23:
+ YY_RULE_SETUP
+-#line 98 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 98 "lexer.l"
+ {return TK_PLATFORMS;}
+ 	YY_BREAK
+ case 24:
+ YY_RULE_SETUP
+-#line 99 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 99 "lexer.l"
+ {BEGIN directive_start; return TK_PLUGIN;}
+ 	YY_BREAK
+ case 25:
+ YY_RULE_SETUP
+-#line 100 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 100 "lexer.l"
+ {BEGIN directive_start; return TK_PROPERTY;}
+ 	YY_BREAK
+ case 26:
+ YY_RULE_SETUP
+-#line 101 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 101 "lexer.l"
+ {return TK_TIMELINE;}
+ 	YY_BREAK
+ case 27:
+ YY_RULE_SETUP
+-#line 103 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 103 "lexer.l"
+ {return TK_CLASS;}
+ 	YY_BREAK
+ case 28:
+ YY_RULE_SETUP
+-#line 104 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 104 "lexer.l"
+ {return TK_STRUCT;}
+ 	YY_BREAK
+ case 29:
+ YY_RULE_SETUP
+-#line 105 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 105 "lexer.l"
+ {return TK_PUBLIC;}
+ 	YY_BREAK
+ case 30:
+ YY_RULE_SETUP
+-#line 106 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 106 "lexer.l"
+ {return TK_PROTECTED;}
+ 	YY_BREAK
+ case 31:
+ YY_RULE_SETUP
+-#line 107 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 107 "lexer.l"
+ {return TK_PRIVATE;}
+ 	YY_BREAK
+ case 32:
+ YY_RULE_SETUP
+-#line 108 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 108 "lexer.l"
+ {return TK_SIGNALS;}
+ 	YY_BREAK
+ case 33:
+ YY_RULE_SETUP
+-#line 109 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 109 "lexer.l"
+ {return TK_SIGNALS;}
+ 	YY_BREAK
+ case 34:
+ YY_RULE_SETUP
+-#line 110 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 110 "lexer.l"
+ {return TK_SIGNAL_METHOD;}
+ 	YY_BREAK
+ case 35:
+ YY_RULE_SETUP
+-#line 111 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 111 "lexer.l"
+ {return TK_SLOTS;}
+ 	YY_BREAK
+ case 36:
+ YY_RULE_SETUP
+-#line 112 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 112 "lexer.l"
+ {return TK_SLOTS;}
+ 	YY_BREAK
+ case 37:
+ YY_RULE_SETUP
+-#line 113 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 113 "lexer.l"
+ {return TK_SLOT_METHOD;}
+ 	YY_BREAK
+ case 38:
+ YY_RULE_SETUP
+-#line 114 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 114 "lexer.l"
+ {return TK_CHAR;}
+ 	YY_BREAK
+ case 39:
+ YY_RULE_SETUP
+-#line 115 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 115 "lexer.l"
+ {return TK_WCHAR_T;}
+ 	YY_BREAK
+ case 40:
+ YY_RULE_SETUP
+-#line 116 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 116 "lexer.l"
+ {return TK_BOOL;}
+ 	YY_BREAK
+ case 41:
+ YY_RULE_SETUP
+-#line 117 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 117 "lexer.l"
+ {return TK_SHORT;}
+ 	YY_BREAK
+ case 42:
+ YY_RULE_SETUP
+-#line 118 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 118 "lexer.l"
+ {return TK_INT;}
+ 	YY_BREAK
+ case 43:
+ YY_RULE_SETUP
+-#line 119 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 119 "lexer.l"
+ {return TK_LONG;}
+ 	YY_BREAK
+ case 44:
+ YY_RULE_SETUP
+-#line 120 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 120 "lexer.l"
+ {return TK_FLOAT;}
+ 	YY_BREAK
+ case 45:
+ YY_RULE_SETUP
+-#line 121 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 121 "lexer.l"
+ {return TK_DOUBLE;}
+ 	YY_BREAK
+ case 46:
+ YY_RULE_SETUP
+-#line 122 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 122 "lexer.l"
+ {return TK_VOID;}
+ 	YY_BREAK
+ case 47:
+ YY_RULE_SETUP
+-#line 123 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 123 "lexer.l"
+ {return TK_VIRTUAL;}
+ 	YY_BREAK
+ case 48:
+ YY_RULE_SETUP
+-#line 124 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 124 "lexer.l"
+ {return TK_ENUM;}
+ 	YY_BREAK
+ case 49:
+ YY_RULE_SETUP
+-#line 125 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 125 "lexer.l"
+ {return TK_SIGNED;}
+ 	YY_BREAK
+ case 50:
+ YY_RULE_SETUP
+-#line 126 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 126 "lexer.l"
+ {return TK_UNSIGNED;}
+ 	YY_BREAK
+ case 51:
+ YY_RULE_SETUP
+-#line 127 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 127 "lexer.l"
+ {return TK_CONST;}
+ 	YY_BREAK
+ case 52:
+ YY_RULE_SETUP
+-#line 128 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 128 "lexer.l"
+ {return TK_STATIC;}
+ 	YY_BREAK
+ case 53:
+ YY_RULE_SETUP
+-#line 129 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 129 "lexer.l"
+ {return TK_TRUE_VALUE;}
+ 	YY_BREAK
+ case 54:
+ YY_RULE_SETUP
+-#line 130 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 130 "lexer.l"
+ {return TK_FALSE_VALUE;}
+ 	YY_BREAK
+ case 55:
+ YY_RULE_SETUP
+-#line 131 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 131 "lexer.l"
+ {return TK_NULL_VALUE;}
+ 	YY_BREAK
+ case 56:
+ YY_RULE_SETUP
+-#line 132 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 132 "lexer.l"
+ {return TK_TYPEDEF;}
+ 	YY_BREAK
+ case 57:
+ YY_RULE_SETUP
+-#line 133 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 133 "lexer.l"
+ {return TK_NAMESPACE;}
+ 	YY_BREAK
+ case 58:
+ YY_RULE_SETUP
+-#line 134 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 134 "lexer.l"
+ {return TK_OPERATOR;}
+ 	YY_BREAK
+ case 59:
+ YY_RULE_SETUP
+-#line 135 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 135 "lexer.l"
+ {return TK_THROW;}
+ 	YY_BREAK
+ case 60:
+ YY_RULE_SETUP
+-#line 136 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 136 "lexer.l"
+ {return TK_EXPLICIT;}
+ 	YY_BREAK
+ case 61:
+ YY_RULE_SETUP
+-#line 137 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 137 "lexer.l"
+ {return TK_TEMPLATE;}
+ 	YY_BREAK
+ case 62:
+ YY_RULE_SETUP
+-#line 138 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 138 "lexer.l"
+ {return TK_FINAL;}
+ 	YY_BREAK
+ case 63:
+ YY_RULE_SETUP
+-#line 139 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 139 "lexer.l"
+ {return TK_SIZET;}
+ 	YY_BREAK
+ case 64:
+ YY_RULE_SETUP
+-#line 140 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 140 "lexer.l"
+ {return TK_SCOPE;}
+ 	YY_BREAK
+ case 65:
+ YY_RULE_SETUP
+-#line 141 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 141 "lexer.l"
+ {return TK_LOGICAL_OR;}
+ 	YY_BREAK
+ case 66:
+ YY_RULE_SETUP
+-#line 142 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 142 "lexer.l"
+ {return TK_PYOBJECT;}
+ 	YY_BREAK
+ case 67:
+ YY_RULE_SETUP
+-#line 143 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 143 "lexer.l"
+ {return TK_PYTUPLE;}
+ 	YY_BREAK
+ case 68:
+ YY_RULE_SETUP
+-#line 144 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 144 "lexer.l"
+ {return TK_PYLIST;}
+ 	YY_BREAK
+ case 69:
+ YY_RULE_SETUP
+-#line 145 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 145 "lexer.l"
+ {return TK_PYDICT;}
+ 	YY_BREAK
+ case 70:
+ YY_RULE_SETUP
+-#line 146 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 146 "lexer.l"
+ {return TK_PYCALLABLE;}
+ 	YY_BREAK
+ case 71:
+ YY_RULE_SETUP
+-#line 147 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 147 "lexer.l"
+ {return TK_PYSLICE;}
+ 	YY_BREAK
+ case 72:
+ YY_RULE_SETUP
+-#line 148 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 148 "lexer.l"
+ {return TK_PYTYPE;}
+ 	YY_BREAK
+ case 73:
+ YY_RULE_SETUP
+-#line 149 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 149 "lexer.l"
+ {return TK_PYBUFFER;}
+ 	YY_BREAK
+ case 74:
+ YY_RULE_SETUP
+-#line 150 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 150 "lexer.l"
+ {return TK_SIPSIGNAL;}
+ 	YY_BREAK
+ case 75:
+ YY_RULE_SETUP
+-#line 151 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 151 "lexer.l"
+ {return TK_SIPSLOT;}
+ 	YY_BREAK
+ case 76:
+ YY_RULE_SETUP
+-#line 152 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 152 "lexer.l"
+ {return TK_SIPANYSLOT;}
+ 	YY_BREAK
+ case 77:
+ YY_RULE_SETUP
+-#line 153 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 153 "lexer.l"
+ {return TK_SIPRXCON;}
+ 	YY_BREAK
+ case 78:
+ YY_RULE_SETUP
+-#line 154 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 154 "lexer.l"
+ {return TK_SIPRXDIS;}
+ 	YY_BREAK
+ case 79:
+ YY_RULE_SETUP
+-#line 155 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 155 "lexer.l"
+ {return TK_SIPSLOTCON;}
+ 	YY_BREAK
+ case 80:
+ YY_RULE_SETUP
+-#line 156 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 156 "lexer.l"
+ {return TK_SIPSLOTDIS;}
+ 	YY_BREAK
+ case 81:
+ YY_RULE_SETUP
+-#line 157 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 157 "lexer.l"
+ {return TK_SIPSSIZET;}
+ 	YY_BREAK
+ case 82:
+ YY_RULE_SETUP
+-#line 158 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_QOBJECT;}
++#line 158 "lexer.l"
++{return TK_SIPSSIZET;}
+ 	YY_BREAK
+ case 83:
+ YY_RULE_SETUP
+-#line 159 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_ELLIPSIS;}
++#line 159 "lexer.l"
++{return TK_QOBJECT;}
+ 	YY_BREAK
+ case 84:
+ YY_RULE_SETUP
+-#line 161 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_FORMAT;}
++#line 160 "lexer.l"
++{return TK_ELLIPSIS;}
+ 	YY_BREAK
+ case 85:
+ YY_RULE_SETUP
+-#line 162 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_GET;}
++#line 162 "lexer.l"
++{return TK_FORMAT;}
+ 	YY_BREAK
+ case 86:
+ YY_RULE_SETUP
+-#line 163 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_ID;}
++#line 163 "lexer.l"
++{return TK_GET;}
+ 	YY_BREAK
+ case 87:
+ YY_RULE_SETUP
+-#line 164 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_KWARGS;}
++#line 164 "lexer.l"
++{return TK_ID;}
+ 	YY_BREAK
+ case 88:
+ YY_RULE_SETUP
+-#line 165 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_LANGUAGE;}
++#line 165 "lexer.l"
++{return TK_KWARGS;}
+ 	YY_BREAK
+ case 89:
+ YY_RULE_SETUP
+-#line 166 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_LICENSEE;}
++#line 166 "lexer.l"
++{return TK_LANGUAGE;}
+ 	YY_BREAK
+ case 90:
+ YY_RULE_SETUP
+-#line 167 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_NAME;}
++#line 167 "lexer.l"
++{return TK_LICENSEE;}
+ 	YY_BREAK
+ case 91:
+ YY_RULE_SETUP
+-#line 168 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_OPTIONAL;}
++#line 168 "lexer.l"
++{return TK_NAME;}
+ 	YY_BREAK
+ case 92:
+ YY_RULE_SETUP
+-#line 169 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_ORDER;}
++#line 169 "lexer.l"
++{return TK_OPTIONAL;}
+ 	YY_BREAK
+ case 93:
+ YY_RULE_SETUP
+-#line 170 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_REMOVELEADING;}
++#line 170 "lexer.l"
++{return TK_ORDER;}
+ 	YY_BREAK
+ case 94:
+ YY_RULE_SETUP
+-#line 171 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_SET;}
++#line 171 "lexer.l"
++{return TK_REMOVELEADING;}
+ 	YY_BREAK
+ case 95:
+ YY_RULE_SETUP
+-#line 172 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_SIGNATURE;}
++#line 172 "lexer.l"
++{return TK_SET;}
+ 	YY_BREAK
+ case 96:
+ YY_RULE_SETUP
+-#line 173 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_TIMESTAMP;}
++#line 173 "lexer.l"
++{return TK_SIGNATURE;}
+ 	YY_BREAK
+ case 97:
+ YY_RULE_SETUP
+-#line 174 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_TYPE;}
++#line 174 "lexer.l"
++{return TK_TIMESTAMP;}
+ 	YY_BREAK
+ case 98:
+ YY_RULE_SETUP
+-#line 175 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_USEARGNAMES;}
++#line 175 "lexer.l"
++{return TK_TYPE;}
+ 	YY_BREAK
+ case 99:
+ YY_RULE_SETUP
+-#line 176 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_USELIMITEDAPI;}
++#line 176 "lexer.l"
++{return TK_USEARGNAMES;}
+ 	YY_BREAK
+ case 100:
+ YY_RULE_SETUP
+-#line 177 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_ALLRAISEPYEXC;}
++#line 177 "lexer.l"
++{return TK_PYSSIZETCLEAN;}
+ 	YY_BREAK
+ case 101:
+ YY_RULE_SETUP
+-#line 178 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_CALLSUPERINIT;}
++#line 178 "lexer.l"
++{return TK_USELIMITEDAPI;}
+ 	YY_BREAK
+ case 102:
+ YY_RULE_SETUP
+-#line 179 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_DEFERRORHANDLER;}
++#line 179 "lexer.l"
++{return TK_ALLRAISEPYEXC;}
+ 	YY_BREAK
+ case 103:
+ YY_RULE_SETUP
+-#line 180 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_VERSION;}
++#line 180 "lexer.l"
++{return TK_CALLSUPERINIT;}
+ 	YY_BREAK
+ case 104:
+ YY_RULE_SETUP
+-#line 182 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_TRUE_VALUE;}
++#line 181 "lexer.l"
++{return TK_DEFERRORHANDLER;}
+ 	YY_BREAK
+ case 105:
+ YY_RULE_SETUP
+-#line 183 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-{return TK_FALSE_VALUE;}
++#line 182 "lexer.l"
++{return TK_VERSION;}
+ 	YY_BREAK
+ case 106:
+ YY_RULE_SETUP
+-#line 186 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 184 "lexer.l"
++{return TK_TRUE_VALUE;}
++	YY_BREAK
++case 107:
++YY_RULE_SETUP
++#line 185 "lexer.l"
++{return TK_FALSE_VALUE;}
++	YY_BREAK
++case 108:
++YY_RULE_SETUP
++#line 188 "lexer.l"
+ {
+     /* Ignore whitespace. */
+     ;
+ }
+ 	YY_BREAK
+-case 107:
++case 109:
+ YY_RULE_SETUP
+-#line 191 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 193 "lexer.l"
+ {
+     /*
+      * Maintain the parenthesis depth so that we don't enter the 'code' state
+@@ -2401,9 +2437,9 @@ YY_RULE_SETUP
+     return '(';
+ }
+ 	YY_BREAK
+-case 108:
++case 110:
+ YY_RULE_SETUP
+-#line 203 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 205 "lexer.l"
+ {
+     /* Maintain the parenthesis depth. */
+     --parenDepth;
+@@ -2413,10 +2449,10 @@ YY_RULE_SETUP
+     return ')';
+ }
+ 	YY_BREAK
+-case 109:
+-/* rule 109 can match eol */
++case 111:
++/* rule 111 can match eol */
+ YY_RULE_SETUP
+-#line 212 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 214 "lexer.l"
+ {
+     /* Maintain the line number. */
+     ++inputFileStack[currentFile].sloc.linenr;
+@@ -2427,63 +2463,63 @@ YY_RULE_SETUP
+     }
+ }
+ 	YY_BREAK
+-case 110:
++case 112:
+ YY_RULE_SETUP
+-#line 222 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 224 "lexer.l"
+ {
+     /* Ignore C++ style comments. */
+     ;
+ }
+ 	YY_BREAK
+-case 111:
++case 113:
+ YY_RULE_SETUP
+-#line 228 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 230 "lexer.l"
+ {
+     /* A signed decimal number. */
+     yylval.number = strtol(yytext,NULL,0);
+     return TK_NUMBER_VALUE;
+ }
+ 	YY_BREAK
+-case 112:
++case 114:
+ YY_RULE_SETUP
+-#line 235 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 237 "lexer.l"
+ {
+     /* A floating point number. */
+     yylval.real = strtod(yytext,NULL);
+     return TK_REAL_VALUE;
+ }
+ 	YY_BREAK
+-case 113:
++case 115:
+ YY_RULE_SETUP
+-#line 242 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 244 "lexer.l"
+ {
+     /* An unsigned hexadecimal number. */
+     yylval.number = strtol(yytext,NULL,16);
+     return TK_NUMBER_VALUE;
+ }
+ 	YY_BREAK
+-case 114:
++case 116:
+ YY_RULE_SETUP
+-#line 249 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 251 "lexer.l"
+ {
+     /* An identifier name. */
+     yylval.text = sipStrdup(yytext);
+     return TK_NAME_VALUE;
+ }
+ 	YY_BREAK
+-case 115:
++case 117:
+ YY_RULE_SETUP
+-#line 256 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 258 "lexer.l"
+ {
+     /* A relative pathname. */
+     yylval.text = sipStrdup(yytext);
+     return TK_PATH_VALUE;
+ }
+ 	YY_BREAK
+-case 116:
+-/* rule 116 can match eol */
++case 118:
++/* rule 118 can match eol */
+ YY_RULE_SETUP
+-#line 263 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 265 "lexer.l"
+ {
+     /* A double-quoted string. */
+     char ch, *dp, *sp;
+@@ -2519,10 +2555,10 @@ YY_RULE_SETUP
+     return TK_STRING_VALUE;
+ }
+ 	YY_BREAK
+-case 117:
+-/* rule 117 can match eol */
++case 119:
++/* rule 119 can match eol */
+ YY_RULE_SETUP
+-#line 299 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 301 "lexer.l"
+ {
+     /* A single-quoted character. */
+     if (strlen(yytext) != 3)
+@@ -2533,84 +2569,84 @@ YY_RULE_SETUP
+     return TK_QCHAR_VALUE;
+ }
+ 	YY_BREAK
+-case 118:
++case 120:
+ YY_RULE_SETUP
+-#line 310 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 312 "lexer.l"
+ {
+     /* Ignore C-style comments. */
+     yy_push_state(ccomment);
+ }
+ 	YY_BREAK
+-case 119:
+-/* rule 119 can match eol */
++case 121:
++/* rule 121 can match eol */
+ YY_RULE_SETUP
+-#line 314 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 316 "lexer.l"
+ {
+     ++inputFileStack[currentFile].sloc.linenr;
+ }
+ 	YY_BREAK
+-case 120:
++case 122:
+ YY_RULE_SETUP
+-#line 317 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 319 "lexer.l"
+ {
+     yy_pop_state();
+ }
+ 	YY_BREAK
+-case 121:
++case 123:
+ YY_RULE_SETUP
+-#line 320 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 322 "lexer.l"
+ {
+     ;
+ }
+ 	YY_BREAK
+-case 122:
++case 124:
+ YY_RULE_SETUP
+-#line 325 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 327 "lexer.l"
+ {
+     /* The software license. */
+     codeIdx = 0;
+     return TK_COPYING;
+ }
+ 	YY_BREAK
+-case 123:
++case 125:
+ YY_RULE_SETUP
+-#line 331 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 333 "lexer.l"
+ {
+     /* The start of a from-type code block. */
+     codeIdx = 0;
+     return TK_FROMTYPE;
+ }
+ 	YY_BREAK
+-case 124:
++case 126:
+ YY_RULE_SETUP
+-#line 337 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 339 "lexer.l"
+ {
+     /* The start of a to-type code block. */
+     codeIdx = 0;
+     return TK_TOTYPE;
+ }
+ 	YY_BREAK
+-case 125:
++case 127:
+ YY_RULE_SETUP
+-#line 343 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 345 "lexer.l"
+ {
+     /* The start of a to-sub-class code block. */
+     codeIdx = 0;
+     return TK_TOSUBCLASS;
+ }
+ 	YY_BREAK
+-case 126:
++case 128:
+ YY_RULE_SETUP
+-#line 349 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 351 "lexer.l"
+ {
+     /* The start of an exported header code block. */
+     codeIdx = 0;
+     return TK_EXPHEADERCODE;
+ }
+ 	YY_BREAK
+-case 127:
++case 129:
+ YY_RULE_SETUP
+-#line 355 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 357 "lexer.l"
+ {
+     /* The start of part of an extract. */
+     codeIdx = 0;
+@@ -2620,225 +2656,225 @@ YY_RULE_SETUP
+     return TK_EXTRACT;
+ }
+ 	YY_BREAK
+-case 128:
++case 130:
+ YY_RULE_SETUP
+-#line 364 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 366 "lexer.l"
+ {
+     /* The start of a module header code block. */
+     codeIdx = 0;
+     return TK_MODHEADERCODE;
+ }
+ 	YY_BREAK
+-case 129:
++case 131:
+ YY_RULE_SETUP
+-#line 370 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 372 "lexer.l"
+ {
+     /* The start of a type header code block. */
+     codeIdx = 0;
+     return TK_TYPEHEADERCODE;
+ }
+ 	YY_BREAK
+-case 130:
++case 132:
+ YY_RULE_SETUP
+-#line 376 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 378 "lexer.l"
+ {
+     /* The start of a pre-initialisation code block. */
+     codeIdx = 0;
+     return TK_PREINITCODE;
+ }
+ 	YY_BREAK
+-case 131:
++case 133:
+ YY_RULE_SETUP
+-#line 382 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 384 "lexer.l"
+ {
+     /* The start of an initialisation code block. */
+     codeIdx = 0;
+     return TK_INITCODE;
+ }
+ 	YY_BREAK
+-case 132:
++case 134:
+ YY_RULE_SETUP
+-#line 388 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 390 "lexer.l"
+ {
+     /* The start of a post-initialisation code block. */
+     codeIdx = 0;
+     return TK_POSTINITCODE;
+ }
+ 	YY_BREAK
+-case 133:
++case 135:
+ YY_RULE_SETUP
+-#line 394 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 396 "lexer.l"
+ {
+     /* The start of a class finalisation code block. */
+     codeIdx = 0;
+     return TK_FINALCODE;
+ }
+ 	YY_BREAK
+-case 134:
++case 136:
+ YY_RULE_SETUP
+-#line 400 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 402 "lexer.l"
+ {
+     /* The start of a unit code block. */
+     codeIdx = 0;
+     return TK_UNITCODE;
+ }
+ 	YY_BREAK
+-case 135:
++case 137:
+ YY_RULE_SETUP
+-#line 406 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 408 "lexer.l"
+ {
+     /* The start of a unit post-include code block. */
+     codeIdx = 0;
+     return TK_UNITPOSTINCLUDECODE;
+ }
+ 	YY_BREAK
+-case 136:
++case 138:
+ YY_RULE_SETUP
+-#line 412 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 414 "lexer.l"
+ {
+     /* The start of a module code block. */
+     codeIdx = 0;
+     return TK_MODCODE;
+ }
+ 	YY_BREAK
+-case 137:
++case 139:
+ YY_RULE_SETUP
+-#line 418 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 420 "lexer.l"
+ {
+     /* The start of a type code block. */
+     codeIdx = 0;
+     return TK_TYPECODE;
+ }
+ 	YY_BREAK
+-case 138:
++case 140:
+ YY_RULE_SETUP
+-#line 424 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 426 "lexer.l"
+ {
+     /* The start of a C++ method code block. */
+     codeIdx = 0;
+     return TK_METHODCODE;
+ }
+ 	YY_BREAK
+-case 139:
++case 141:
+ YY_RULE_SETUP
+-#line 430 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 432 "lexer.l"
+ {
+     /* The start of a C++ code block to insert before the MethodCode. */
+     codeIdx = 0;
+     return TK_PREMETHODCODE;
+ }
+ 	YY_BREAK
+-case 140:
++case 142:
+ YY_RULE_SETUP
+-#line 436 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 438 "lexer.l"
+ {
+     /* The start of a C++ virtual call code block. */
+     codeIdx = 0;
+     return TK_VIRTUALCALLCODE;
+ }
+ 	YY_BREAK
+-case 141:
++case 143:
+ YY_RULE_SETUP
+-#line 442 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 444 "lexer.l"
+ {
+     /* The start of a C++ virtual code block. */
+     codeIdx = 0;
+     return TK_VIRTUALCATCHERCODE;
+ }
+ 	YY_BREAK
+-case 142:
++case 144:
+ YY_RULE_SETUP
+-#line 448 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 450 "lexer.l"
+ {
+     /* The start of a traverse code block. */
+     codeIdx = 0;
+     return TK_TRAVERSECODE;
+ }
+ 	YY_BREAK
+-case 143:
++case 145:
+ YY_RULE_SETUP
+-#line 454 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 456 "lexer.l"
+ {
+     /* The start of a clear code block. */
+     codeIdx = 0;
+     return TK_CLEARCODE;
+ }
+ 	YY_BREAK
+-case 144:
++case 146:
+ YY_RULE_SETUP
+-#line 460 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 462 "lexer.l"
+ {
+     /* The start of a get buffer code block. */
+     codeIdx = 0;
+     return TK_GETBUFFERCODE;
+ }
+ 	YY_BREAK
+-case 145:
++case 147:
+ YY_RULE_SETUP
+-#line 466 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 468 "lexer.l"
+ {
+     /* The start of a release buffer code block. */
+     codeIdx = 0;
+     return TK_RELEASEBUFFERCODE;
+ }
+ 	YY_BREAK
+-case 146:
++case 148:
+ YY_RULE_SETUP
+-#line 472 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 474 "lexer.l"
+ {
+     /* The start of a read buffer code block. */
+     codeIdx = 0;
+     return TK_READBUFFERCODE;
+ }
+ 	YY_BREAK
+-case 147:
++case 149:
+ YY_RULE_SETUP
+-#line 478 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 480 "lexer.l"
+ {
+     /* The start of a write buffer code block. */
+     codeIdx = 0;
+     return TK_WRITEBUFFERCODE;
+ }
+ 	YY_BREAK
+-case 148:
++case 150:
+ YY_RULE_SETUP
+-#line 484 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 486 "lexer.l"
+ {
+     /* The start of a segment count code block. */
+     codeIdx = 0;
+     return TK_SEGCOUNTCODE;
+ }
+ 	YY_BREAK
+-case 149:
++case 151:
+ YY_RULE_SETUP
+-#line 490 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 492 "lexer.l"
+ {
+     /* The start of a char buffer code block. */
+     codeIdx = 0;
+     return TK_CHARBUFFERCODE;
+ }
+ 	YY_BREAK
+-case 150:
++case 152:
+ YY_RULE_SETUP
+-#line 496 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 498 "lexer.l"
+ {
+     /* The start of a create instance code block. */
+     codeIdx = 0;
+     return TK_INSTANCECODE;
+ }
+ 	YY_BREAK
+-case 151:
++case 153:
+ YY_RULE_SETUP
+-#line 502 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 504 "lexer.l"
+ {
+     /* The start of a pickle code block. */
+     codeIdx = 0;
+     return TK_PICKLECODE;
+ }
+ 	YY_BREAK
+-case 152:
++case 154:
+ YY_RULE_SETUP
+-#line 508 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 510 "lexer.l"
+ {
+     /* The start of a pre-Python code block. */
+     deprecated("%PrePythonCode is deprecated");
+@@ -2847,36 +2883,36 @@ YY_RULE_SETUP
+     return TK_PREPYCODE;
+ }
+ 	YY_BREAK
+-case 153:
++case 155:
+ YY_RULE_SETUP
+-#line 516 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 518 "lexer.l"
+ {
+     /* The start of a raise Python exception code block. */
+     codeIdx = 0;
+     return TK_RAISECODE;
+ }
+ 	YY_BREAK
+-case 154:
++case 156:
+ YY_RULE_SETUP
+-#line 522 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 524 "lexer.l"
+ {
+     /* The start of an exported type hint code block. */
+     codeIdx = 0;
+     return TK_EXPTYPEHINTCODE;
+ }
+ 	YY_BREAK
+-case 155:
++case 157:
+ YY_RULE_SETUP
+-#line 528 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 530 "lexer.l"
+ {
+     /* The start of a type hint code block. */
+     codeIdx = 0;
+     return TK_TYPEHINTCODE;
+ }
+ 	YY_BREAK
+-case 156:
++case 158:
+ YY_RULE_SETUP
+-#line 534 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 536 "lexer.l"
+ {
+     /* The start of a docstring block. */
+     codeIdx = 0;
+@@ -2886,9 +2922,9 @@ YY_RULE_SETUP
+     return TK_DOCSTRING;
+ }
+ 	YY_BREAK
+-case 157:
++case 159:
+ YY_RULE_SETUP
+-#line 543 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 545 "lexer.l"
+ {
+     /* The start of a documentation block. */
+     deprecated("%Doc is deprecated, use %Extract instead");
+@@ -2897,9 +2933,9 @@ YY_RULE_SETUP
+     return TK_DOC;
+ }
+ 	YY_BREAK
+-case 158:
++case 160:
+ YY_RULE_SETUP
+-#line 551 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 553 "lexer.l"
+ {
+     /* The start of an exported documentation block. */
+     deprecated("%ExportedDoc is deprecated, use %Extract instead");
+@@ -2908,9 +2944,9 @@ YY_RULE_SETUP
+     return TK_EXPORTEDDOC;
+ }
+ 	YY_BREAK
+-case 159:
++case 161:
+ YY_RULE_SETUP
+-#line 559 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 561 "lexer.l"
+ {
+     /* The start of a Makefile code block. */
+     deprecated("%Makefile is deprecated");
+@@ -2919,36 +2955,36 @@ YY_RULE_SETUP
+     return TK_MAKEFILE;
+ }
+ 	YY_BREAK
+-case 160:
++case 162:
+ YY_RULE_SETUP
+-#line 567 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 569 "lexer.l"
+ {
+     /* The start of an access code block. */
+     codeIdx = 0;
+     return TK_ACCESSCODE;
+ }
+ 	YY_BREAK
+-case 161:
++case 163:
+ YY_RULE_SETUP
+-#line 573 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 575 "lexer.l"
+ {
+     /* The start of a get code block. */
+     codeIdx = 0;
+     return TK_GETCODE;
+ }
+ 	YY_BREAK
+-case 162:
++case 164:
+ YY_RULE_SETUP
+-#line 579 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 581 "lexer.l"
+ {
+     /* The start of a set code block. */
+     codeIdx = 0;
+     return TK_SETCODE;
+ }
+ 	YY_BREAK
+-case 163:
++case 165:
+ YY_RULE_SETUP
+-#line 585 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 587 "lexer.l"
+ {
+     /* The start of part of a virtual error handler. */
+     codeIdx = 0;
+@@ -2958,9 +2994,9 @@ YY_RULE_SETUP
+     return TK_VIRTERRORHANDLER;
+ }
+ 	YY_BREAK
+-case 164:
++case 166:
+ YY_RULE_SETUP
+-#line 594 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 596 "lexer.l"
+ {
+     /* The end of a code block. */
+     BEGIN INITIAL;
+@@ -2968,10 +3004,10 @@ YY_RULE_SETUP
+     return TK_END;
+ }
+ 	YY_BREAK
+-case 165:
+-/* rule 165 can match eol */
++case 167:
++/* rule 167 can match eol */
+ YY_RULE_SETUP
+-#line 601 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 603 "lexer.l"
+ {
+     /* The end of a code line . */
+     struct inputFile *ifp;
+@@ -2991,9 +3027,9 @@ YY_RULE_SETUP
+     return TK_CODELINE;
+ }
+ 	YY_BREAK
+-case 166:
++case 168:
+ YY_RULE_SETUP
+-#line 620 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 622 "lexer.l"
+ {
+     /* The contents of a code line. */
+     if (codeIdx == MAX_CODE_LINE_LENGTH)
+@@ -3002,20 +3038,20 @@ YY_RULE_SETUP
+     codeLine[codeIdx++] = yytext[0];
+ }
+ 	YY_BREAK
+-case 167:
++case 169:
+ YY_RULE_SETUP
+-#line 628 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 630 "lexer.l"
+ {
+     /* Anything else is returned as is. */
+     return yytext[0];
+ }
+ 	YY_BREAK
+-case 168:
++case 170:
+ YY_RULE_SETUP
+-#line 633 "sip-4.19.23/sipgen/metasrc/lexer.l"
++#line 635 "lexer.l"
+ ECHO;
+ 	YY_BREAK
+-#line 3019 "sip-4.19.23/sipgen/lexer.c"
++#line 3055 "../lexer.c"
+ case YY_STATE_EOF(INITIAL):
+ case YY_STATE_EOF(code):
+ case YY_STATE_EOF(ccomment):
+@@ -3097,7 +3133,7 @@ case YY_STATE_EOF(directive_start):
+ 				{
+ 				(yy_did_buffer_switch_on_eof) = 0;
+ 
+-				if ( yywrap( ) )
++				if ( yywrap(  ) )
+ 					{
+ 					/* Note: because we've taken care in
+ 					 * yy_get_next_buffer() to have set up
+@@ -3150,6 +3186,7 @@ case YY_STATE_EOF(directive_start):
+ 			"fatal flex scanner internal error--no action found" );
+ 	} /* end of action switch */
+ 		} /* end of scanning one token */
++	} /* end of user's declarations */
+ } /* end of yylex */
+ 
+ /* yy_get_next_buffer - try to read in a new buffer
+@@ -3161,9 +3198,9 @@ case YY_STATE_EOF(directive_start):
+  */
+ static int yy_get_next_buffer (void)
+ {
+-    	register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
+-	register char *source = (yytext_ptr);
+-	register int number_to_move, i;
++    	char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
++	char *source = (yytext_ptr);
++	int number_to_move, i;
+ 	int ret_val;
+ 
+ 	if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
+@@ -3192,7 +3229,7 @@ static int yy_get_next_buffer (void)
+ 	/* Try to read more data. */
+ 
+ 	/* First move last chars to start of buffer. */
+-	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
++	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr) - 1);
+ 
+ 	for ( i = 0; i < number_to_move; ++i )
+ 		*(dest++) = *(source++);
+@@ -3205,21 +3242,21 @@ static int yy_get_next_buffer (void)
+ 
+ 	else
+ 		{
+-			yy_size_t num_to_read =
++			int num_to_read =
+ 			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+ 
+ 		while ( num_to_read <= 0 )
+ 			{ /* Not enough room in the buffer - grow it. */
+ 
+ 			/* just a shorter name for the current buffer */
+-			YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
++			YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE;
+ 
+ 			int yy_c_buf_p_offset =
+ 				(int) ((yy_c_buf_p) - b->yy_ch_buf);
+ 
+ 			if ( b->yy_is_our_buffer )
+ 				{
+-				yy_size_t new_size = b->yy_buf_size * 2;
++				int new_size = b->yy_buf_size * 2;
+ 
+ 				if ( new_size <= 0 )
+ 					b->yy_buf_size += b->yy_buf_size / 8;
+@@ -3228,11 +3265,12 @@ static int yy_get_next_buffer (void)
+ 
+ 				b->yy_ch_buf = (char *)
+ 					/* Include room in for 2 EOB chars. */
+-					yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2  );
++					yyrealloc( (void *) b->yy_ch_buf,
++							 (yy_size_t) (b->yy_buf_size + 2)  );
+ 				}
+ 			else
+ 				/* Can't grow it, we don't own it. */
+-				b->yy_ch_buf = 0;
++				b->yy_ch_buf = NULL;
+ 
+ 			if ( ! b->yy_ch_buf )
+ 				YY_FATAL_ERROR(
+@@ -3260,7 +3298,7 @@ static int yy_get_next_buffer (void)
+ 		if ( number_to_move == YY_MORE_ADJ )
+ 			{
+ 			ret_val = EOB_ACT_END_OF_FILE;
+-			yyrestart(yyin  );
++			yyrestart( yyin  );
+ 			}
+ 
+ 		else
+@@ -3274,12 +3312,15 @@ static int yy_get_next_buffer (void)
+ 	else
+ 		ret_val = EOB_ACT_CONTINUE_SCAN;
+ 
+-	if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
++	if (((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
+ 		/* Extend the array by 50%, plus the number we really need. */
+-		yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1);
+-		YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size  );
++		int new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1);
++		YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc(
++			(void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf, (yy_size_t) new_size  );
+ 		if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
+ 			YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" );
++		/* "- 2" to take care of EOB's */
++		YY_CURRENT_BUFFER_LVALUE->yy_buf_size = (int) (new_size - 2);
+ 	}
+ 
+ 	(yy_n_chars) += number_to_move;
+@@ -3295,15 +3336,15 @@ static int yy_get_next_buffer (void)
+ 
+     static yy_state_type yy_get_previous_state (void)
+ {
+-	register yy_state_type yy_current_state;
+-	register char *yy_cp;
++	yy_state_type yy_current_state;
++	char *yy_cp;
+     
+ 	yy_current_state = (yy_start);
+ 	yy_current_state += YY_AT_BOL();
+ 
+ 	for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
+ 		{
+-		register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
++		YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+ 		if ( yy_accept[yy_current_state] )
+ 			{
+ 			(yy_last_accepting_state) = yy_current_state;
+@@ -3312,10 +3353,10 @@ static int yy_get_next_buffer (void)
+ 		while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ 			{
+ 			yy_current_state = (int) yy_def[yy_current_state];
+-			if ( yy_current_state >= 1235 )
+-				yy_c = yy_meta[(unsigned int) yy_c];
++			if ( yy_current_state >= 1261 )
++				yy_c = yy_meta[yy_c];
+ 			}
+-		yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
++		yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
+ 		}
+ 
+ 	return yy_current_state;
+@@ -3328,10 +3369,10 @@ static int yy_get_next_buffer (void)
+  */
+     static yy_state_type yy_try_NUL_trans  (yy_state_type yy_current_state )
+ {
+-	register int yy_is_jam;
+-    	register char *yy_cp = (yy_c_buf_p);
++	int yy_is_jam;
++    	char *yy_cp = (yy_c_buf_p);
+ 
+-	register YY_CHAR yy_c = 1;
++	YY_CHAR yy_c = 1;
+ 	if ( yy_accept[yy_current_state] )
+ 		{
+ 		(yy_last_accepting_state) = yy_current_state;
+@@ -3340,18 +3381,20 @@ static int yy_get_next_buffer (void)
+ 	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ 		{
+ 		yy_current_state = (int) yy_def[yy_current_state];
+-		if ( yy_current_state >= 1235 )
+-			yy_c = yy_meta[(unsigned int) yy_c];
++		if ( yy_current_state >= 1261 )
++			yy_c = yy_meta[yy_c];
+ 		}
+-	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+-	yy_is_jam = (yy_current_state == 1234);
++	yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
++	yy_is_jam = (yy_current_state == 1260);
+ 
+-	return yy_is_jam ? 0 : yy_current_state;
++		return yy_is_jam ? 0 : yy_current_state;
+ }
+ 
+-    static void yyunput (int c, register char * yy_bp )
++#ifndef YY_NO_UNPUT
++
++    static void yyunput (int c, char * yy_bp )
+ {
+-	register char *yy_cp;
++	char *yy_cp;
+     
+     yy_cp = (yy_c_buf_p);
+ 
+@@ -3361,10 +3404,10 @@ static int yy_get_next_buffer (void)
+ 	if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ 		{ /* need to shift things up to make room */
+ 		/* +2 for EOB chars. */
+-		register yy_size_t number_to_move = (yy_n_chars) + 2;
+-		register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
++		int number_to_move = (yy_n_chars) + 2;
++		char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
+ 					YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
+-		register char *source =
++		char *source =
+ 				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
+ 
+ 		while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
+@@ -3373,7 +3416,7 @@ static int yy_get_next_buffer (void)
+ 		yy_cp += (int) (dest - source);
+ 		yy_bp += (int) (dest - source);
+ 		YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
+-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
++			(yy_n_chars) = (int) YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
+ 
+ 		if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ 			YY_FATAL_ERROR( "flex scanner push-back overflow" );
+@@ -3386,6 +3429,8 @@ static int yy_get_next_buffer (void)
+ 	(yy_c_buf_p) = yy_cp;
+ }
+ 
++#endif
++
+ #ifndef YY_NO_INPUT
+ #ifdef __cplusplus
+     static int yyinput (void)
+@@ -3410,7 +3455,7 @@ static int yy_get_next_buffer (void)
+ 
+ 		else
+ 			{ /* need more input */
+-			yy_size_t offset = (yy_c_buf_p) - (yytext_ptr);
++			int offset = (int) ((yy_c_buf_p) - (yytext_ptr));
+ 			++(yy_c_buf_p);
+ 
+ 			switch ( yy_get_next_buffer(  ) )
+@@ -3427,13 +3472,13 @@ static int yy_get_next_buffer (void)
+ 					 */
+ 
+ 					/* Reset buffer status. */
+-					yyrestart(yyin );
++					yyrestart( yyin );
+ 
+ 					/*FALLTHROUGH*/
+ 
+ 				case EOB_ACT_END_OF_FILE:
+ 					{
+-					if ( yywrap( ) )
++					if ( yywrap(  ) )
+ 						return 0;
+ 
+ 					if ( ! (yy_did_buffer_switch_on_eof) )
+@@ -3473,11 +3518,11 @@ static int yy_get_next_buffer (void)
+ 	if ( ! YY_CURRENT_BUFFER ){
+         yyensure_buffer_stack ();
+ 		YY_CURRENT_BUFFER_LVALUE =
+-            yy_create_buffer(yyin,YY_BUF_SIZE );
++            yy_create_buffer( yyin, YY_BUF_SIZE );
+ 	}
+ 
+-	yy_init_buffer(YY_CURRENT_BUFFER,input_file );
+-	yy_load_buffer_state( );
++	yy_init_buffer( YY_CURRENT_BUFFER, input_file );
++	yy_load_buffer_state(  );
+ }
+ 
+ /** Switch to a different input buffer.
+@@ -3505,7 +3550,7 @@ static int yy_get_next_buffer (void)
+ 		}
+ 
+ 	YY_CURRENT_BUFFER_LVALUE = new_buffer;
+-	yy_load_buffer_state( );
++	yy_load_buffer_state(  );
+ 
+ 	/* We don't actually know whether we did this switch during
+ 	 * EOF (yywrap()) processing, but the only time this flag
+@@ -3533,7 +3578,7 @@ static void yy_load_buffer_state  (void)
+ {
+ 	YY_BUFFER_STATE b;
+     
+-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
++	b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state )  );
+ 	if ( ! b )
+ 		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+ 
+@@ -3542,13 +3587,13 @@ static void yy_load_buffer_state  (void)
+ 	/* yy_ch_buf has to be 2 characters longer than the size given because
+ 	 * we need to put in 2 end-of-buffer characters.
+ 	 */
+-	b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2  );
++	b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2)  );
+ 	if ( ! b->yy_ch_buf )
+ 		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+ 
+ 	b->yy_is_our_buffer = 1;
+ 
+-	yy_init_buffer(b,file );
++	yy_init_buffer( b, file );
+ 
+ 	return b;
+ }
+@@ -3567,15 +3612,11 @@ static void yy_load_buffer_state  (void)
+ 		YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
+ 
+ 	if ( b->yy_is_our_buffer )
+-		yyfree((void *) b->yy_ch_buf  );
++		yyfree( (void *) b->yy_ch_buf  );
+ 
+-	yyfree((void *) b  );
++	yyfree( (void *) b  );
+ }
+ 
+-#ifndef __cplusplus
+-extern int isatty (int );
+-#endif /* __cplusplus */
+-    
+ /* Initializes or reinitializes a buffer.
+  * This function is sometimes called more than once on the same buffer,
+  * such as during a yyrestart() or at EOF.
+@@ -3585,7 +3626,7 @@ extern int isatty (int );
+ {
+ 	int oerrno = errno;
+     
+-	yy_flush_buffer(b );
++	yy_flush_buffer( b );
+ 
+ 	b->yy_input_file = file;
+ 	b->yy_fill_buffer = 1;
+@@ -3628,7 +3669,7 @@ extern int isatty (int );
+ 	b->yy_buffer_status = YY_BUFFER_NEW;
+ 
+ 	if ( b == YY_CURRENT_BUFFER )
+-		yy_load_buffer_state( );
++		yy_load_buffer_state(  );
+ }
+ 
+ /** Pushes the new state onto the stack. The new state becomes
+@@ -3659,7 +3700,7 @@ void yypush_buffer_state (YY_BUFFER_STAT
+ 	YY_CURRENT_BUFFER_LVALUE = new_buffer;
+ 
+ 	/* copied from yy_switch_to_buffer. */
+-	yy_load_buffer_state( );
++	yy_load_buffer_state(  );
+ 	(yy_did_buffer_switch_on_eof) = 1;
+ }
+ 
+@@ -3678,7 +3719,7 @@ void yypop_buffer_state (void)
+ 		--(yy_buffer_stack_top);
+ 
+ 	if (YY_CURRENT_BUFFER) {
+-		yy_load_buffer_state( );
++		yy_load_buffer_state(  );
+ 		(yy_did_buffer_switch_on_eof) = 1;
+ 	}
+ }
+@@ -3696,15 +3737,15 @@ static void yyensure_buffer_stack (void)
+ 		 * scanner will even need a stack. We use 2 instead of 1 to avoid an
+ 		 * immediate realloc on the next call.
+          */
+-		num_to_alloc = 1;
++      num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */
+ 		(yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
+ 								(num_to_alloc * sizeof(struct yy_buffer_state*)
+ 								);
+ 		if ( ! (yy_buffer_stack) )
+ 			YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" );
+-								  
++
+ 		memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
+-				
++
+ 		(yy_buffer_stack_max) = num_to_alloc;
+ 		(yy_buffer_stack_top) = 0;
+ 		return;
+@@ -3713,7 +3754,7 @@ static void yyensure_buffer_stack (void)
+ 	if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
+ 
+ 		/* Increase the buffer to prepare for a possible push. */
+-		int grow_size = 8 /* arbitrary grow size */;
++		yy_size_t grow_size = 8 /* arbitrary grow size */;
+ 
+ 		num_to_alloc = (yy_buffer_stack_max) + grow_size;
+ 		(yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
+@@ -3733,7 +3774,7 @@ static void yyensure_buffer_stack (void)
+  * @param base the character buffer
+  * @param size the size in bytes of the character buffer
+  * 
+- * @return the newly allocated buffer state object. 
++ * @return the newly allocated buffer state object.
+  */
+ YY_BUFFER_STATE yy_scan_buffer  (char * base, yy_size_t  size )
+ {
+@@ -3743,23 +3784,23 @@ YY_BUFFER_STATE yy_scan_buffer  (char *
+ 	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
+ 	     base[size-1] != YY_END_OF_BUFFER_CHAR )
+ 		/* They forgot to leave room for the EOB's. */
+-		return 0;
++		return NULL;
+ 
+-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
++	b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state )  );
+ 	if ( ! b )
+ 		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
+ 
+-	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
++	b->yy_buf_size = (int) (size - 2);	/* "- 2" to take care of EOB's */
+ 	b->yy_buf_pos = b->yy_ch_buf = base;
+ 	b->yy_is_our_buffer = 0;
+-	b->yy_input_file = 0;
++	b->yy_input_file = NULL;
+ 	b->yy_n_chars = b->yy_buf_size;
+ 	b->yy_is_interactive = 0;
+ 	b->yy_at_bol = 1;
+ 	b->yy_fill_buffer = 0;
+ 	b->yy_buffer_status = YY_BUFFER_NEW;
+ 
+-	yy_switch_to_buffer(b  );
++	yy_switch_to_buffer( b  );
+ 
+ 	return b;
+ }
+@@ -3772,28 +3813,29 @@ YY_BUFFER_STATE yy_scan_buffer  (char *
+  * @note If you want to scan bytes that may contain NUL values, then use
+  *       yy_scan_bytes() instead.
+  */
+-YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
++YY_BUFFER_STATE yy_scan_string (const char * yystr )
+ {
+     
+-	return yy_scan_bytes(yystr,strlen(yystr) );
++	return yy_scan_bytes( yystr, (int) strlen(yystr) );
+ }
+ 
+ /** Setup the input buffer state to scan the given bytes. The next call to yylex() will
+  * scan from a @e copy of @a bytes.
+- * @param bytes the byte buffer to scan
+- * @param len the number of bytes in the buffer pointed to by @a bytes.
++ * @param yybytes the byte buffer to scan
++ * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes.
+  * 
+  * @return the newly allocated buffer state object.
+  */
+-YY_BUFFER_STATE yy_scan_bytes  (yyconst char * yybytes, yy_size_t  _yybytes_len )
++YY_BUFFER_STATE yy_scan_bytes  (const char * yybytes, int  _yybytes_len )
+ {
+ 	YY_BUFFER_STATE b;
+ 	char *buf;
+-	yy_size_t n, i;
++	yy_size_t n;
++	int i;
+     
+ 	/* Get memory for full buffer, including space for trailing EOB's. */
+-	n = _yybytes_len + 2;
+-	buf = (char *) yyalloc(n  );
++	n = (yy_size_t) (_yybytes_len + 2);
++	buf = (char *) yyalloc( n  );
+ 	if ( ! buf )
+ 		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
+ 
+@@ -3802,7 +3844,7 @@ YY_BUFFER_STATE yy_scan_bytes  (yyconst
+ 
+ 	buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
+ 
+-	b = yy_scan_buffer(buf,n );
++	b = yy_scan_buffer( buf, n );
+ 	if ( ! b )
+ 		YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
+ 
+@@ -3814,20 +3856,21 @@ YY_BUFFER_STATE yy_scan_bytes  (yyconst
+ 	return b;
+ }
+ 
+-    static void yy_push_state (int  new_state )
++    static void yy_push_state (int  _new_state )
+ {
+     	if ( (yy_start_stack_ptr) >= (yy_start_stack_depth) )
+ 		{
+ 		yy_size_t new_size;
+ 
+ 		(yy_start_stack_depth) += YY_START_STACK_INCR;
+-		new_size = (yy_start_stack_depth) * sizeof( int );
++		new_size = (yy_size_t) (yy_start_stack_depth) * sizeof( int );
+ 
+ 		if ( ! (yy_start_stack) )
+-			(yy_start_stack) = (int *) yyalloc(new_size  );
++			(yy_start_stack) = (int *) yyalloc( new_size  );
+ 
+ 		else
+-			(yy_start_stack) = (int *) yyrealloc((void *) (yy_start_stack),new_size  );
++			(yy_start_stack) = (int *) yyrealloc(
++					(void *) (yy_start_stack), new_size  );
+ 
+ 		if ( ! (yy_start_stack) )
+ 			YY_FATAL_ERROR( "out of memory expanding start-condition stack" );
+@@ -3835,7 +3878,7 @@ YY_BUFFER_STATE yy_scan_bytes  (yyconst
+ 
+ 	(yy_start_stack)[(yy_start_stack_ptr)++] = YY_START;
+ 
+-	BEGIN(new_state);
++	BEGIN(_new_state);
+ }
+ 
+     static void yy_pop_state  (void)
+@@ -3855,9 +3898,9 @@ YY_BUFFER_STATE yy_scan_bytes  (yyconst
+ #define YY_EXIT_FAILURE 2
+ #endif
+ 
+-static void yy_fatal_error (yyconst char* msg )
++static void yynoreturn yy_fatal_error (const char* msg )
+ {
+-    	(void) fprintf( stderr, "%s\n", msg );
++			fprintf( stderr, "%s\n", msg );
+ 	exit( YY_EXIT_FAILURE );
+ }
+ 
+@@ -3885,7 +3928,7 @@ static void yy_fatal_error (yyconst char
+  */
+ int yyget_lineno  (void)
+ {
+-        
++    
+     return yylineno;
+ }
+ 
+@@ -3908,7 +3951,7 @@ FILE *yyget_out  (void)
+ /** Get the length of the current token.
+  * 
+  */
+-yy_size_t yyget_leng  (void)
++int yyget_leng  (void)
+ {
+         return yyleng;
+ }
+@@ -3923,29 +3966,29 @@ char *yyget_text  (void)
+ }
+ 
+ /** Set the current line number.
+- * @param line_number
++ * @param _line_number line number
+  * 
+  */
+-void yyset_lineno (int  line_number )
++void yyset_lineno (int  _line_number )
+ {
+     
+-    yylineno = line_number;
++    yylineno = _line_number;
+ }
+ 
+ /** Set the input stream. This does not discard the current
+  * input buffer.
+- * @param in_str A readable stream.
++ * @param _in_str A readable stream.
+  * 
+  * @see yy_switch_to_buffer
+  */
+-void yyset_in (FILE *  in_str )
++void yyset_in (FILE *  _in_str )
+ {
+-        yyin = in_str ;
++        yyin = _in_str ;
+ }
+ 
+-void yyset_out (FILE *  out_str )
++void yyset_out (FILE *  _out_str )
+ {
+-        yyout = out_str ;
++        yyout = _out_str ;
+ }
+ 
+ int yyget_debug  (void)
+@@ -3953,9 +3996,9 @@ int yyget_debug  (void)
+         return yy_flex_debug;
+ }
+ 
+-void yyset_debug (int  bdebug )
++void yyset_debug (int  _bdebug )
+ {
+-        yy_flex_debug = bdebug ;
++        yy_flex_debug = _bdebug ;
+ }
+ 
+ static int yy_init_globals (void)
+@@ -3964,10 +4007,10 @@ static int yy_init_globals (void)
+      * This function is called from yylex_destroy(), so don't allocate here.
+      */
+ 
+-    (yy_buffer_stack) = 0;
++    (yy_buffer_stack) = NULL;
+     (yy_buffer_stack_top) = 0;
+     (yy_buffer_stack_max) = 0;
+-    (yy_c_buf_p) = (char *) 0;
++    (yy_c_buf_p) = NULL;
+     (yy_init) = 0;
+     (yy_start) = 0;
+ 
+@@ -3980,8 +4023,8 @@ static int yy_init_globals (void)
+     yyin = stdin;
+     yyout = stdout;
+ #else
+-    yyin = (FILE *) 0;
+-    yyout = (FILE *) 0;
++    yyin = NULL;
++    yyout = NULL;
+ #endif
+ 
+     /* For future reference: Set errno on error, since we are called by
+@@ -3996,7 +4039,7 @@ int yylex_destroy  (void)
+     
+     /* Pop the buffer stack, destroying each element. */
+ 	while(YY_CURRENT_BUFFER){
+-		yy_delete_buffer(YY_CURRENT_BUFFER  );
++		yy_delete_buffer( YY_CURRENT_BUFFER  );
+ 		YY_CURRENT_BUFFER_LVALUE = NULL;
+ 		yypop_buffer_state();
+ 	}
+@@ -4006,7 +4049,7 @@ int yylex_destroy  (void)
+ 	(yy_buffer_stack) = NULL;
+ 
+     /* Destroy the start condition stack. */
+-        yyfree((yy_start_stack)  );
++        yyfree( (yy_start_stack)  );
+         (yy_start_stack) = NULL;
+ 
+     /* Reset the globals. This is important in a non-reentrant scanner so the next time
+@@ -4021,18 +4064,19 @@ int yylex_destroy  (void)
+  */
+ 
+ #ifndef yytext_ptr
+-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
++static void yy_flex_strncpy (char* s1, const char * s2, int n )
+ {
+-	register int i;
++		
++	int i;
+ 	for ( i = 0; i < n; ++i )
+ 		s1[i] = s2[i];
+ }
+ #endif
+ 
+ #ifdef YY_NEED_STRLEN
+-static int yy_flex_strlen (yyconst char * s )
++static int yy_flex_strlen (const char * s )
+ {
+-	register int n;
++	int n;
+ 	for ( n = 0; s[n]; ++n )
+ 		;
+ 
+@@ -4042,11 +4086,12 @@ static int yy_flex_strlen (yyconst char
+ 
+ void *yyalloc (yy_size_t  size )
+ {
+-	return (void *) malloc( size );
++			return malloc(size);
+ }
+ 
+ void *yyrealloc  (void * ptr, yy_size_t  size )
+ {
++		
+ 	/* The cast to (char *) in the following accommodates both
+ 	 * implementations that use char* generic pointers, and those
+ 	 * that use void* generic pointers.  It works with the latter
+@@ -4054,18 +4099,17 @@ void *yyrealloc  (void * ptr, yy_size_t
+ 	 * any pointer type to void*, and deal with argument conversions
+ 	 * as though doing an assignment.
+ 	 */
+-	return (void *) realloc( (char *) ptr, size );
++	return realloc(ptr, size);
+ }
+ 
+ void yyfree (void * ptr )
+ {
+-	free( (char *) ptr );	/* see yyrealloc() for (char *) cast */
++			free( (char *) ptr );	/* see yyrealloc() for (char *) cast */
+ }
+ 
+ #define YYTABLES_NAME "yytables"
+ 
+-#line 633 "sip-4.19.23/sipgen/metasrc/lexer.l"
+-
++#line 635 "lexer.l"
+ 
+ 
+ /*
+Index: sip-4.19.23/sipgen/parser.c
+===================================================================
+--- sip-4.19.23.orig/sipgen/parser.c
++++ sip-4.19.23/sipgen/parser.c
+@@ -1,14 +1,14 @@
+-/* A Bison parser, made by GNU Bison 2.3.  */
++/* A Bison parser, made by GNU Bison 3.8.2.  */
+ 
+-/* Skeleton implementation for Bison's Yacc-like parsers in C
++/* Bison implementation for Yacc-like parsers in C
+ 
+-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+-   Free Software Foundation, Inc.
++   Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2021 Free Software Foundation,
++   Inc.
+ 
+-   This program is free software; you can redistribute it and/or modify
++   This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+-   the Free Software Foundation; either version 2, or (at your option)
+-   any later version.
++   the Free Software Foundation, either version 3 of the License, or
++   (at your option) any later version.
+ 
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+@@ -16,9 +16,7 @@
+    GNU General Public License for more details.
+ 
+    You should have received a copy of the GNU General Public License
+-   along with this program; if not, write to the Free Software
+-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
+-   Boston, MA 02110-1301, USA.  */
++   along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
+ 
+ /* As a special exception, you may create a larger work that contains
+    part or all of the Bison parser skeleton and distribute that work
+@@ -36,6 +34,10 @@
+ /* C LALR(1) parser skeleton written by Richard Stallman, by
+    simplifying the original so-called "semantic" parser.  */
+ 
++/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual,
++   especially those whose name start with YY_ or yy_.  They are
++   private implementation details that can be changed or removed.  */
++
+ /* All symbols defined below should begin with yy or YY, to avoid
+    infringing on user name space.  This should be done even for local
+    variables, as they might otherwise be expanded by user macros.
+@@ -43,11 +45,11 @@
+    define necessary library symbols; they are noted "INFRINGES ON
+    USER NAME SPACE" below.  */
+ 
+-/* Identify Bison output.  */
+-#define YYBISON 1
++/* Identify Bison output, and Bison version.  */
++#define YYBISON 30802
+ 
+-/* Bison version.  */
+-#define YYBISON_VERSION "2.3"
++/* Bison version string.  */
++#define YYBISON_VERSION "3.8.2"
+ 
+ /* Skeleton name.  */
+ #define YYSKELETON_NAME "yacc.c"
+@@ -55,324 +57,17 @@
+ /* Pure parsers.  */
+ #define YYPURE 0
+ 
+-/* Using locations.  */
+-#define YYLSP_NEEDED 0
+-
++/* Push parsers.  */
++#define YYPUSH 0
+ 
+-
+-/* Tokens.  */
+-#ifndef YYTOKENTYPE
+-# define YYTOKENTYPE
+-   /* Put the tokens into the symbol table, so that GDB and other debuggers
+-      know about them.  */
+-   enum yytokentype {
+-     TK_API = 258,
+-     TK_AUTOPYNAME = 259,
+-     TK_DEFDOCSTRFMT = 260,
+-     TK_DEFDOCSTRSIG = 261,
+-     TK_DEFENCODING = 262,
+-     TK_PLUGIN = 263,
+-     TK_VIRTERRORHANDLER = 264,
+-     TK_EXPTYPEHINTCODE = 265,
+-     TK_TYPEHINTCODE = 266,
+-     TK_DOCSTRING = 267,
+-     TK_DOC = 268,
+-     TK_EXPORTEDDOC = 269,
+-     TK_EXTRACT = 270,
+-     TK_MAKEFILE = 271,
+-     TK_ACCESSCODE = 272,
+-     TK_GETCODE = 273,
+-     TK_SETCODE = 274,
+-     TK_PREINITCODE = 275,
+-     TK_INITCODE = 276,
+-     TK_POSTINITCODE = 277,
+-     TK_FINALCODE = 278,
+-     TK_UNITCODE = 279,
+-     TK_UNITPOSTINCLUDECODE = 280,
+-     TK_MODCODE = 281,
+-     TK_TYPECODE = 282,
+-     TK_PREPYCODE = 283,
+-     TK_COPYING = 284,
+-     TK_MAPPEDTYPE = 285,
+-     TK_CODELINE = 286,
+-     TK_IF = 287,
+-     TK_END = 288,
+-     TK_NAME_VALUE = 289,
+-     TK_PATH_VALUE = 290,
+-     TK_STRING_VALUE = 291,
+-     TK_VIRTUALCATCHERCODE = 292,
+-     TK_TRAVERSECODE = 293,
+-     TK_CLEARCODE = 294,
+-     TK_GETBUFFERCODE = 295,
+-     TK_RELEASEBUFFERCODE = 296,
+-     TK_READBUFFERCODE = 297,
+-     TK_WRITEBUFFERCODE = 298,
+-     TK_SEGCOUNTCODE = 299,
+-     TK_CHARBUFFERCODE = 300,
+-     TK_PICKLECODE = 301,
+-     TK_VIRTUALCALLCODE = 302,
+-     TK_METHODCODE = 303,
+-     TK_PREMETHODCODE = 304,
+-     TK_INSTANCECODE = 305,
+-     TK_FROMTYPE = 306,
+-     TK_TOTYPE = 307,
+-     TK_TOSUBCLASS = 308,
+-     TK_INCLUDE = 309,
+-     TK_OPTINCLUDE = 310,
+-     TK_IMPORT = 311,
+-     TK_EXPHEADERCODE = 312,
+-     TK_MODHEADERCODE = 313,
+-     TK_TYPEHEADERCODE = 314,
+-     TK_MODULE = 315,
+-     TK_CMODULE = 316,
+-     TK_CONSMODULE = 317,
+-     TK_COMPOMODULE = 318,
+-     TK_CLASS = 319,
+-     TK_STRUCT = 320,
+-     TK_PUBLIC = 321,
+-     TK_PROTECTED = 322,
+-     TK_PRIVATE = 323,
+-     TK_SIGNALS = 324,
+-     TK_SIGNAL_METHOD = 325,
+-     TK_SLOTS = 326,
+-     TK_SLOT_METHOD = 327,
+-     TK_BOOL = 328,
+-     TK_SHORT = 329,
+-     TK_INT = 330,
+-     TK_LONG = 331,
+-     TK_FLOAT = 332,
+-     TK_DOUBLE = 333,
+-     TK_CHAR = 334,
+-     TK_WCHAR_T = 335,
+-     TK_VOID = 336,
+-     TK_PYOBJECT = 337,
+-     TK_PYTUPLE = 338,
+-     TK_PYLIST = 339,
+-     TK_PYDICT = 340,
+-     TK_PYCALLABLE = 341,
+-     TK_PYSLICE = 342,
+-     TK_PYTYPE = 343,
+-     TK_PYBUFFER = 344,
+-     TK_VIRTUAL = 345,
+-     TK_ENUM = 346,
+-     TK_SIGNED = 347,
+-     TK_UNSIGNED = 348,
+-     TK_SCOPE = 349,
+-     TK_LOGICAL_OR = 350,
+-     TK_CONST = 351,
+-     TK_STATIC = 352,
+-     TK_SIPSIGNAL = 353,
+-     TK_SIPSLOT = 354,
+-     TK_SIPANYSLOT = 355,
+-     TK_SIPRXCON = 356,
+-     TK_SIPRXDIS = 357,
+-     TK_SIPSLOTCON = 358,
+-     TK_SIPSLOTDIS = 359,
+-     TK_SIPSSIZET = 360,
+-     TK_SIZET = 361,
+-     TK_NUMBER_VALUE = 362,
+-     TK_REAL_VALUE = 363,
+-     TK_TYPEDEF = 364,
+-     TK_NAMESPACE = 365,
+-     TK_TIMELINE = 366,
+-     TK_PLATFORMS = 367,
+-     TK_FEATURE = 368,
+-     TK_LICENSE = 369,
+-     TK_QCHAR_VALUE = 370,
+-     TK_TRUE_VALUE = 371,
+-     TK_FALSE_VALUE = 372,
+-     TK_NULL_VALUE = 373,
+-     TK_OPERATOR = 374,
+-     TK_THROW = 375,
+-     TK_QOBJECT = 376,
+-     TK_EXCEPTION = 377,
+-     TK_RAISECODE = 378,
+-     TK_EXPLICIT = 379,
+-     TK_TEMPLATE = 380,
+-     TK_FINAL = 381,
+-     TK_ELLIPSIS = 382,
+-     TK_DEFMETATYPE = 383,
+-     TK_DEFSUPERTYPE = 384,
+-     TK_PROPERTY = 385,
+-     TK_HIDE_NS = 386,
+-     TK_FORMAT = 387,
+-     TK_GET = 388,
+-     TK_ID = 389,
+-     TK_KWARGS = 390,
+-     TK_LANGUAGE = 391,
+-     TK_LICENSEE = 392,
+-     TK_NAME = 393,
+-     TK_OPTIONAL = 394,
+-     TK_ORDER = 395,
+-     TK_REMOVELEADING = 396,
+-     TK_SET = 397,
+-     TK_SIGNATURE = 398,
+-     TK_TIMESTAMP = 399,
+-     TK_TYPE = 400,
+-     TK_USEARGNAMES = 401,
+-     TK_USELIMITEDAPI = 402,
+-     TK_ALLRAISEPYEXC = 403,
+-     TK_CALLSUPERINIT = 404,
+-     TK_DEFERRORHANDLER = 405,
+-     TK_VERSION = 406
+-   };
+-#endif
+-/* Tokens.  */
+-#define TK_API 258
+-#define TK_AUTOPYNAME 259
+-#define TK_DEFDOCSTRFMT 260
+-#define TK_DEFDOCSTRSIG 261
+-#define TK_DEFENCODING 262
+-#define TK_PLUGIN 263
+-#define TK_VIRTERRORHANDLER 264
+-#define TK_EXPTYPEHINTCODE 265
+-#define TK_TYPEHINTCODE 266
+-#define TK_DOCSTRING 267
+-#define TK_DOC 268
+-#define TK_EXPORTEDDOC 269
+-#define TK_EXTRACT 270
+-#define TK_MAKEFILE 271
+-#define TK_ACCESSCODE 272
+-#define TK_GETCODE 273
+-#define TK_SETCODE 274
+-#define TK_PREINITCODE 275
+-#define TK_INITCODE 276
+-#define TK_POSTINITCODE 277
+-#define TK_FINALCODE 278
+-#define TK_UNITCODE 279
+-#define TK_UNITPOSTINCLUDECODE 280
+-#define TK_MODCODE 281
+-#define TK_TYPECODE 282
+-#define TK_PREPYCODE 283
+-#define TK_COPYING 284
+-#define TK_MAPPEDTYPE 285
+-#define TK_CODELINE 286
+-#define TK_IF 287
+-#define TK_END 288
+-#define TK_NAME_VALUE 289
+-#define TK_PATH_VALUE 290
+-#define TK_STRING_VALUE 291
+-#define TK_VIRTUALCATCHERCODE 292
+-#define TK_TRAVERSECODE 293
+-#define TK_CLEARCODE 294
+-#define TK_GETBUFFERCODE 295
+-#define TK_RELEASEBUFFERCODE 296
+-#define TK_READBUFFERCODE 297
+-#define TK_WRITEBUFFERCODE 298
+-#define TK_SEGCOUNTCODE 299
+-#define TK_CHARBUFFERCODE 300
+-#define TK_PICKLECODE 301
+-#define TK_VIRTUALCALLCODE 302
+-#define TK_METHODCODE 303
+-#define TK_PREMETHODCODE 304
+-#define TK_INSTANCECODE 305
+-#define TK_FROMTYPE 306
+-#define TK_TOTYPE 307
+-#define TK_TOSUBCLASS 308
+-#define TK_INCLUDE 309
+-#define TK_OPTINCLUDE 310
+-#define TK_IMPORT 311
+-#define TK_EXPHEADERCODE 312
+-#define TK_MODHEADERCODE 313
+-#define TK_TYPEHEADERCODE 314
+-#define TK_MODULE 315
+-#define TK_CMODULE 316
+-#define TK_CONSMODULE 317
+-#define TK_COMPOMODULE 318
+-#define TK_CLASS 319
+-#define TK_STRUCT 320
+-#define TK_PUBLIC 321
+-#define TK_PROTECTED 322
+-#define TK_PRIVATE 323
+-#define TK_SIGNALS 324
+-#define TK_SIGNAL_METHOD 325
+-#define TK_SLOTS 326
+-#define TK_SLOT_METHOD 327
+-#define TK_BOOL 328
+-#define TK_SHORT 329
+-#define TK_INT 330
+-#define TK_LONG 331
+-#define TK_FLOAT 332
+-#define TK_DOUBLE 333
+-#define TK_CHAR 334
+-#define TK_WCHAR_T 335
+-#define TK_VOID 336
+-#define TK_PYOBJECT 337
+-#define TK_PYTUPLE 338
+-#define TK_PYLIST 339
+-#define TK_PYDICT 340
+-#define TK_PYCALLABLE 341
+-#define TK_PYSLICE 342
+-#define TK_PYTYPE 343
+-#define TK_PYBUFFER 344
+-#define TK_VIRTUAL 345
+-#define TK_ENUM 346
+-#define TK_SIGNED 347
+-#define TK_UNSIGNED 348
+-#define TK_SCOPE 349
+-#define TK_LOGICAL_OR 350
+-#define TK_CONST 351
+-#define TK_STATIC 352
+-#define TK_SIPSIGNAL 353
+-#define TK_SIPSLOT 354
+-#define TK_SIPANYSLOT 355
+-#define TK_SIPRXCON 356
+-#define TK_SIPRXDIS 357
+-#define TK_SIPSLOTCON 358
+-#define TK_SIPSLOTDIS 359
+-#define TK_SIPSSIZET 360
+-#define TK_SIZET 361
+-#define TK_NUMBER_VALUE 362
+-#define TK_REAL_VALUE 363
+-#define TK_TYPEDEF 364
+-#define TK_NAMESPACE 365
+-#define TK_TIMELINE 366
+-#define TK_PLATFORMS 367
+-#define TK_FEATURE 368
+-#define TK_LICENSE 369
+-#define TK_QCHAR_VALUE 370
+-#define TK_TRUE_VALUE 371
+-#define TK_FALSE_VALUE 372
+-#define TK_NULL_VALUE 373
+-#define TK_OPERATOR 374
+-#define TK_THROW 375
+-#define TK_QOBJECT 376
+-#define TK_EXCEPTION 377
+-#define TK_RAISECODE 378
+-#define TK_EXPLICIT 379
+-#define TK_TEMPLATE 380
+-#define TK_FINAL 381
+-#define TK_ELLIPSIS 382
+-#define TK_DEFMETATYPE 383
+-#define TK_DEFSUPERTYPE 384
+-#define TK_PROPERTY 385
+-#define TK_HIDE_NS 386
+-#define TK_FORMAT 387
+-#define TK_GET 388
+-#define TK_ID 389
+-#define TK_KWARGS 390
+-#define TK_LANGUAGE 391
+-#define TK_LICENSEE 392
+-#define TK_NAME 393
+-#define TK_OPTIONAL 394
+-#define TK_ORDER 395
+-#define TK_REMOVELEADING 396
+-#define TK_SET 397
+-#define TK_SIGNATURE 398
+-#define TK_TIMESTAMP 399
+-#define TK_TYPE 400
+-#define TK_USEARGNAMES 401
+-#define TK_USELIMITEDAPI 402
+-#define TK_ALLRAISEPYEXC 403
+-#define TK_CALLSUPERINIT 404
+-#define TK_DEFERRORHANDLER 405
+-#define TK_VERSION 406
++/* Pull parsers.  */
++#define YYPULL 1
+ 
+ 
+ 
+ 
+-/* Copy the first part of user declarations.  */
+-#line 19 "sip-4.19.23/sipgen/metasrc/parser.y"
++/* First part of user prologue.  */
++#line 19 "parser.y"
+ 
+ #include <stdlib.h>
+ #include <string.h>
+@@ -539,9 +234,9 @@ static void addProperty(sipSpec *pt, mod
+         docstringDef *docstring);
+ static moduleDef *configureModule(sipSpec *pt, moduleDef *module,
+         const char *filename, const char *name, int c_module, KwArgs kwargs,
+-        int use_arg_names, int use_limited_api, int call_super_init,
+-        int all_raise_py_exc, const char *def_error_handler,
+-        docstringDef *docstring);
++        int use_arg_names, int py_ssize_t_clean, int use_limited_api,
++        int call_super_init, int all_raise_py_exc,
++        const char *def_error_handler, docstringDef *docstring);
+ static void addAutoPyName(moduleDef *mod, const char *remove_leading);
+ static KwArgs convertKwArgs(const char *kwargs);
+ static void checkAnnos(optFlags *annos, const char *valid[]);
+@@ -555,117 +250,555 @@ static int isBackstop(qualDef *qd);
+ static void checkEllipsis(signatureDef *sd);
+ static scopedNameDef *fullyQualifiedName(scopedNameDef *snd);
+ 
++#line 254 "../parser.c"
+ 
+-/* Enabling traces.  */
+-#ifndef YYDEBUG
+-# define YYDEBUG 0
+-#endif
+-
+-/* Enabling verbose error messages.  */
+-#ifdef YYERROR_VERBOSE
+-# undef YYERROR_VERBOSE
+-# define YYERROR_VERBOSE 1
+-#else
+-# define YYERROR_VERBOSE 0
+-#endif
+-
+-/* Enabling the token table.  */
+-#ifndef YYTOKEN_TABLE
+-# define YYTOKEN_TABLE 0
+-#endif
+-
+-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+-typedef union YYSTYPE
+-#line 202 "sip-4.19.23/sipgen/metasrc/parser.y"
+-{
+-    char            qchar;
+-    char            *text;
+-    long            number;
+-    double          real;
+-    argDef          memArg;
+-    signatureDef    signature;
+-    signatureDef    *optsignature;
+-    throwArgs       *throwlist;
+-    codeBlock       *codeb;
+-    docstringDef    *docstr;
+-    valueDef        value;
+-    valueDef        *valp;
+-    optFlags        optflags;
+-    optFlag         flag;
+-    scopedNameDef   *scpvalp;
+-    fcallDef        fcall;
+-    int             boolean;
+-    exceptionDef    exceptionbase;
+-    classDef        *klass;
+-    apiCfg          api;
+-    autoPyNameCfg   autopyname;
+-    compModuleCfg   compmodule;
+-    consModuleCfg   consmodule;
+-    defDocstringFmtCfg  defdocstringfmt;
+-    defDocstringSigCfg  defdocstringsig;
+-    defEncodingCfg  defencoding;
+-    defMetatypeCfg  defmetatype;
+-    defSupertypeCfg defsupertype;
+-    hiddenNsCfg     hiddenns;
+-    exceptionCfg    exception;
+-    docstringCfg    docstring;
+-    extractCfg      extract;
+-    featureCfg      feature;
+-    licenseCfg      license;
+-    importCfg       import;
+-    includeCfg      include;
+-    moduleCfg       module;
+-    pluginCfg       plugin;
+-    propertyCfg     property;
+-    variableCfg     variable;
+-    vehCfg          veh;
+-    int             token;
+-}
+-/* Line 193 of yacc.c.  */
+-#line 626 "sip-4.19.23/sipgen/parser.c"
+-	YYSTYPE;
+-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+-# define YYSTYPE_IS_DECLARED 1
+-# define YYSTYPE_IS_TRIVIAL 1
+-#endif
+-
++# ifndef YY_CAST
++#  ifdef __cplusplus
++#   define YY_CAST(Type, Val) static_cast<Type> (Val)
++#   define YY_REINTERPRET_CAST(Type, Val) reinterpret_cast<Type> (Val)
++#  else
++#   define YY_CAST(Type, Val) ((Type) (Val))
++#   define YY_REINTERPRET_CAST(Type, Val) ((Type) (Val))
++#  endif
++# endif
++# ifndef YY_NULLPTR
++#  if defined __cplusplus
++#   if 201103L <= __cplusplus
++#    define YY_NULLPTR nullptr
++#   else
++#    define YY_NULLPTR 0
++#   endif
++#  else
++#   define YY_NULLPTR ((void*)0)
++#  endif
++# endif
+ 
++#include "parser.h"
++/* Symbol kind.  */
++enum yysymbol_kind_t
++{
++  YYSYMBOL_YYEMPTY = -2,
++  YYSYMBOL_YYEOF = 0,                      /* "end of file"  */
++  YYSYMBOL_YYerror = 1,                    /* error  */
++  YYSYMBOL_YYUNDEF = 2,                    /* "invalid token"  */
++  YYSYMBOL_TK_API = 3,                     /* TK_API  */
++  YYSYMBOL_TK_AUTOPYNAME = 4,              /* TK_AUTOPYNAME  */
++  YYSYMBOL_TK_DEFDOCSTRFMT = 5,            /* TK_DEFDOCSTRFMT  */
++  YYSYMBOL_TK_DEFDOCSTRSIG = 6,            /* TK_DEFDOCSTRSIG  */
++  YYSYMBOL_TK_DEFENCODING = 7,             /* TK_DEFENCODING  */
++  YYSYMBOL_TK_PLUGIN = 8,                  /* TK_PLUGIN  */
++  YYSYMBOL_TK_VIRTERRORHANDLER = 9,        /* TK_VIRTERRORHANDLER  */
++  YYSYMBOL_TK_EXPTYPEHINTCODE = 10,        /* TK_EXPTYPEHINTCODE  */
++  YYSYMBOL_TK_TYPEHINTCODE = 11,           /* TK_TYPEHINTCODE  */
++  YYSYMBOL_TK_DOCSTRING = 12,              /* TK_DOCSTRING  */
++  YYSYMBOL_TK_DOC = 13,                    /* TK_DOC  */
++  YYSYMBOL_TK_EXPORTEDDOC = 14,            /* TK_EXPORTEDDOC  */
++  YYSYMBOL_TK_EXTRACT = 15,                /* TK_EXTRACT  */
++  YYSYMBOL_TK_MAKEFILE = 16,               /* TK_MAKEFILE  */
++  YYSYMBOL_TK_ACCESSCODE = 17,             /* TK_ACCESSCODE  */
++  YYSYMBOL_TK_GETCODE = 18,                /* TK_GETCODE  */
++  YYSYMBOL_TK_SETCODE = 19,                /* TK_SETCODE  */
++  YYSYMBOL_TK_PREINITCODE = 20,            /* TK_PREINITCODE  */
++  YYSYMBOL_TK_INITCODE = 21,               /* TK_INITCODE  */
++  YYSYMBOL_TK_POSTINITCODE = 22,           /* TK_POSTINITCODE  */
++  YYSYMBOL_TK_FINALCODE = 23,              /* TK_FINALCODE  */
++  YYSYMBOL_TK_UNITCODE = 24,               /* TK_UNITCODE  */
++  YYSYMBOL_TK_UNITPOSTINCLUDECODE = 25,    /* TK_UNITPOSTINCLUDECODE  */
++  YYSYMBOL_TK_MODCODE = 26,                /* TK_MODCODE  */
++  YYSYMBOL_TK_TYPECODE = 27,               /* TK_TYPECODE  */
++  YYSYMBOL_TK_PREPYCODE = 28,              /* TK_PREPYCODE  */
++  YYSYMBOL_TK_COPYING = 29,                /* TK_COPYING  */
++  YYSYMBOL_TK_MAPPEDTYPE = 30,             /* TK_MAPPEDTYPE  */
++  YYSYMBOL_TK_CODELINE = 31,               /* TK_CODELINE  */
++  YYSYMBOL_TK_IF = 32,                     /* TK_IF  */
++  YYSYMBOL_TK_END = 33,                    /* TK_END  */
++  YYSYMBOL_TK_NAME_VALUE = 34,             /* TK_NAME_VALUE  */
++  YYSYMBOL_TK_PATH_VALUE = 35,             /* TK_PATH_VALUE  */
++  YYSYMBOL_TK_STRING_VALUE = 36,           /* TK_STRING_VALUE  */
++  YYSYMBOL_TK_VIRTUALCATCHERCODE = 37,     /* TK_VIRTUALCATCHERCODE  */
++  YYSYMBOL_TK_TRAVERSECODE = 38,           /* TK_TRAVERSECODE  */
++  YYSYMBOL_TK_CLEARCODE = 39,              /* TK_CLEARCODE  */
++  YYSYMBOL_TK_GETBUFFERCODE = 40,          /* TK_GETBUFFERCODE  */
++  YYSYMBOL_TK_RELEASEBUFFERCODE = 41,      /* TK_RELEASEBUFFERCODE  */
++  YYSYMBOL_TK_READBUFFERCODE = 42,         /* TK_READBUFFERCODE  */
++  YYSYMBOL_TK_WRITEBUFFERCODE = 43,        /* TK_WRITEBUFFERCODE  */
++  YYSYMBOL_TK_SEGCOUNTCODE = 44,           /* TK_SEGCOUNTCODE  */
++  YYSYMBOL_TK_CHARBUFFERCODE = 45,         /* TK_CHARBUFFERCODE  */
++  YYSYMBOL_TK_PICKLECODE = 46,             /* TK_PICKLECODE  */
++  YYSYMBOL_TK_VIRTUALCALLCODE = 47,        /* TK_VIRTUALCALLCODE  */
++  YYSYMBOL_TK_METHODCODE = 48,             /* TK_METHODCODE  */
++  YYSYMBOL_TK_PREMETHODCODE = 49,          /* TK_PREMETHODCODE  */
++  YYSYMBOL_TK_INSTANCECODE = 50,           /* TK_INSTANCECODE  */
++  YYSYMBOL_TK_FROMTYPE = 51,               /* TK_FROMTYPE  */
++  YYSYMBOL_TK_TOTYPE = 52,                 /* TK_TOTYPE  */
++  YYSYMBOL_TK_TOSUBCLASS = 53,             /* TK_TOSUBCLASS  */
++  YYSYMBOL_TK_INCLUDE = 54,                /* TK_INCLUDE  */
++  YYSYMBOL_TK_OPTINCLUDE = 55,             /* TK_OPTINCLUDE  */
++  YYSYMBOL_TK_IMPORT = 56,                 /* TK_IMPORT  */
++  YYSYMBOL_TK_EXPHEADERCODE = 57,          /* TK_EXPHEADERCODE  */
++  YYSYMBOL_TK_MODHEADERCODE = 58,          /* TK_MODHEADERCODE  */
++  YYSYMBOL_TK_TYPEHEADERCODE = 59,         /* TK_TYPEHEADERCODE  */
++  YYSYMBOL_TK_MODULE = 60,                 /* TK_MODULE  */
++  YYSYMBOL_TK_CMODULE = 61,                /* TK_CMODULE  */
++  YYSYMBOL_TK_CONSMODULE = 62,             /* TK_CONSMODULE  */
++  YYSYMBOL_TK_COMPOMODULE = 63,            /* TK_COMPOMODULE  */
++  YYSYMBOL_TK_CLASS = 64,                  /* TK_CLASS  */
++  YYSYMBOL_TK_STRUCT = 65,                 /* TK_STRUCT  */
++  YYSYMBOL_TK_PUBLIC = 66,                 /* TK_PUBLIC  */
++  YYSYMBOL_TK_PROTECTED = 67,              /* TK_PROTECTED  */
++  YYSYMBOL_TK_PRIVATE = 68,                /* TK_PRIVATE  */
++  YYSYMBOL_TK_SIGNALS = 69,                /* TK_SIGNALS  */
++  YYSYMBOL_TK_SIGNAL_METHOD = 70,          /* TK_SIGNAL_METHOD  */
++  YYSYMBOL_TK_SLOTS = 71,                  /* TK_SLOTS  */
++  YYSYMBOL_TK_SLOT_METHOD = 72,            /* TK_SLOT_METHOD  */
++  YYSYMBOL_TK_BOOL = 73,                   /* TK_BOOL  */
++  YYSYMBOL_TK_SHORT = 74,                  /* TK_SHORT  */
++  YYSYMBOL_TK_INT = 75,                    /* TK_INT  */
++  YYSYMBOL_TK_LONG = 76,                   /* TK_LONG  */
++  YYSYMBOL_TK_FLOAT = 77,                  /* TK_FLOAT  */
++  YYSYMBOL_TK_DOUBLE = 78,                 /* TK_DOUBLE  */
++  YYSYMBOL_TK_CHAR = 79,                   /* TK_CHAR  */
++  YYSYMBOL_TK_WCHAR_T = 80,                /* TK_WCHAR_T  */
++  YYSYMBOL_TK_VOID = 81,                   /* TK_VOID  */
++  YYSYMBOL_TK_PYOBJECT = 82,               /* TK_PYOBJECT  */
++  YYSYMBOL_TK_PYTUPLE = 83,                /* TK_PYTUPLE  */
++  YYSYMBOL_TK_PYLIST = 84,                 /* TK_PYLIST  */
++  YYSYMBOL_TK_PYDICT = 85,                 /* TK_PYDICT  */
++  YYSYMBOL_TK_PYCALLABLE = 86,             /* TK_PYCALLABLE  */
++  YYSYMBOL_TK_PYSLICE = 87,                /* TK_PYSLICE  */
++  YYSYMBOL_TK_PYTYPE = 88,                 /* TK_PYTYPE  */
++  YYSYMBOL_TK_PYBUFFER = 89,               /* TK_PYBUFFER  */
++  YYSYMBOL_TK_VIRTUAL = 90,                /* TK_VIRTUAL  */
++  YYSYMBOL_TK_ENUM = 91,                   /* TK_ENUM  */
++  YYSYMBOL_TK_SIGNED = 92,                 /* TK_SIGNED  */
++  YYSYMBOL_TK_UNSIGNED = 93,               /* TK_UNSIGNED  */
++  YYSYMBOL_TK_SCOPE = 94,                  /* TK_SCOPE  */
++  YYSYMBOL_TK_LOGICAL_OR = 95,             /* TK_LOGICAL_OR  */
++  YYSYMBOL_TK_CONST = 96,                  /* TK_CONST  */
++  YYSYMBOL_TK_STATIC = 97,                 /* TK_STATIC  */
++  YYSYMBOL_TK_SIPSIGNAL = 98,              /* TK_SIPSIGNAL  */
++  YYSYMBOL_TK_SIPSLOT = 99,                /* TK_SIPSLOT  */
++  YYSYMBOL_TK_SIPANYSLOT = 100,            /* TK_SIPANYSLOT  */
++  YYSYMBOL_TK_SIPRXCON = 101,              /* TK_SIPRXCON  */
++  YYSYMBOL_TK_SIPRXDIS = 102,              /* TK_SIPRXDIS  */
++  YYSYMBOL_TK_SIPSLOTCON = 103,            /* TK_SIPSLOTCON  */
++  YYSYMBOL_TK_SIPSLOTDIS = 104,            /* TK_SIPSLOTDIS  */
++  YYSYMBOL_TK_SIPSSIZET = 105,             /* TK_SIPSSIZET  */
++  YYSYMBOL_TK_SIZET = 106,                 /* TK_SIZET  */
++  YYSYMBOL_TK_NUMBER_VALUE = 107,          /* TK_NUMBER_VALUE  */
++  YYSYMBOL_TK_REAL_VALUE = 108,            /* TK_REAL_VALUE  */
++  YYSYMBOL_TK_TYPEDEF = 109,               /* TK_TYPEDEF  */
++  YYSYMBOL_TK_NAMESPACE = 110,             /* TK_NAMESPACE  */
++  YYSYMBOL_TK_TIMELINE = 111,              /* TK_TIMELINE  */
++  YYSYMBOL_TK_PLATFORMS = 112,             /* TK_PLATFORMS  */
++  YYSYMBOL_TK_FEATURE = 113,               /* TK_FEATURE  */
++  YYSYMBOL_TK_LICENSE = 114,               /* TK_LICENSE  */
++  YYSYMBOL_TK_QCHAR_VALUE = 115,           /* TK_QCHAR_VALUE  */
++  YYSYMBOL_TK_TRUE_VALUE = 116,            /* TK_TRUE_VALUE  */
++  YYSYMBOL_TK_FALSE_VALUE = 117,           /* TK_FALSE_VALUE  */
++  YYSYMBOL_TK_NULL_VALUE = 118,            /* TK_NULL_VALUE  */
++  YYSYMBOL_TK_OPERATOR = 119,              /* TK_OPERATOR  */
++  YYSYMBOL_TK_THROW = 120,                 /* TK_THROW  */
++  YYSYMBOL_TK_QOBJECT = 121,               /* TK_QOBJECT  */
++  YYSYMBOL_TK_EXCEPTION = 122,             /* TK_EXCEPTION  */
++  YYSYMBOL_TK_RAISECODE = 123,             /* TK_RAISECODE  */
++  YYSYMBOL_TK_EXPLICIT = 124,              /* TK_EXPLICIT  */
++  YYSYMBOL_TK_TEMPLATE = 125,              /* TK_TEMPLATE  */
++  YYSYMBOL_TK_FINAL = 126,                 /* TK_FINAL  */
++  YYSYMBOL_TK_ELLIPSIS = 127,              /* TK_ELLIPSIS  */
++  YYSYMBOL_TK_DEFMETATYPE = 128,           /* TK_DEFMETATYPE  */
++  YYSYMBOL_TK_DEFSUPERTYPE = 129,          /* TK_DEFSUPERTYPE  */
++  YYSYMBOL_TK_PROPERTY = 130,              /* TK_PROPERTY  */
++  YYSYMBOL_TK_HIDE_NS = 131,               /* TK_HIDE_NS  */
++  YYSYMBOL_TK_FORMAT = 132,                /* TK_FORMAT  */
++  YYSYMBOL_TK_GET = 133,                   /* TK_GET  */
++  YYSYMBOL_TK_ID = 134,                    /* TK_ID  */
++  YYSYMBOL_TK_KWARGS = 135,                /* TK_KWARGS  */
++  YYSYMBOL_TK_LANGUAGE = 136,              /* TK_LANGUAGE  */
++  YYSYMBOL_TK_LICENSEE = 137,              /* TK_LICENSEE  */
++  YYSYMBOL_TK_NAME = 138,                  /* TK_NAME  */
++  YYSYMBOL_TK_OPTIONAL = 139,              /* TK_OPTIONAL  */
++  YYSYMBOL_TK_ORDER = 140,                 /* TK_ORDER  */
++  YYSYMBOL_TK_REMOVELEADING = 141,         /* TK_REMOVELEADING  */
++  YYSYMBOL_TK_SET = 142,                   /* TK_SET  */
++  YYSYMBOL_TK_SIGNATURE = 143,             /* TK_SIGNATURE  */
++  YYSYMBOL_TK_TIMESTAMP = 144,             /* TK_TIMESTAMP  */
++  YYSYMBOL_TK_TYPE = 145,                  /* TK_TYPE  */
++  YYSYMBOL_TK_USEARGNAMES = 146,           /* TK_USEARGNAMES  */
++  YYSYMBOL_TK_PYSSIZETCLEAN = 147,         /* TK_PYSSIZETCLEAN  */
++  YYSYMBOL_TK_USELIMITEDAPI = 148,         /* TK_USELIMITEDAPI  */
++  YYSYMBOL_TK_ALLRAISEPYEXC = 149,         /* TK_ALLRAISEPYEXC  */
++  YYSYMBOL_TK_CALLSUPERINIT = 150,         /* TK_CALLSUPERINIT  */
++  YYSYMBOL_TK_DEFERRORHANDLER = 151,       /* TK_DEFERRORHANDLER  */
++  YYSYMBOL_TK_VERSION = 152,               /* TK_VERSION  */
++  YYSYMBOL_153_ = 153,                     /* '('  */
++  YYSYMBOL_154_ = 154,                     /* ')'  */
++  YYSYMBOL_155_ = 155,                     /* ','  */
++  YYSYMBOL_156_ = 156,                     /* '='  */
++  YYSYMBOL_157_ = 157,                     /* '{'  */
++  YYSYMBOL_158_ = 158,                     /* '}'  */
++  YYSYMBOL_159_ = 159,                     /* ';'  */
++  YYSYMBOL_160_ = 160,                     /* '!'  */
++  YYSYMBOL_161_ = 161,                     /* '-'  */
++  YYSYMBOL_162_ = 162,                     /* '+'  */
++  YYSYMBOL_163_ = 163,                     /* '*'  */
++  YYSYMBOL_164_ = 164,                     /* '/'  */
++  YYSYMBOL_165_ = 165,                     /* '&'  */
++  YYSYMBOL_166_ = 166,                     /* '|'  */
++  YYSYMBOL_167_ = 167,                     /* '~'  */
++  YYSYMBOL_168_ = 168,                     /* '<'  */
++  YYSYMBOL_169_ = 169,                     /* '>'  */
++  YYSYMBOL_170_ = 170,                     /* ':'  */
++  YYSYMBOL_171_ = 171,                     /* '['  */
++  YYSYMBOL_172_ = 172,                     /* ']'  */
++  YYSYMBOL_173_ = 173,                     /* '%'  */
++  YYSYMBOL_174_ = 174,                     /* '^'  */
++  YYSYMBOL_YYACCEPT = 175,                 /* $accept  */
++  YYSYMBOL_specification = 176,            /* specification  */
++  YYSYMBOL_statement = 177,                /* statement  */
++  YYSYMBOL_178_1 = 178,                    /* $@1  */
++  YYSYMBOL_modstatement = 179,             /* modstatement  */
++  YYSYMBOL_nsstatement = 180,              /* nsstatement  */
++  YYSYMBOL_defdocstringfmt = 181,          /* defdocstringfmt  */
++  YYSYMBOL_defdocstringfmt_args = 182,     /* defdocstringfmt_args  */
++  YYSYMBOL_defdocstringfmt_arg_list = 183, /* defdocstringfmt_arg_list  */
++  YYSYMBOL_defdocstringfmt_arg = 184,      /* defdocstringfmt_arg  */
++  YYSYMBOL_defdocstringsig = 185,          /* defdocstringsig  */
++  YYSYMBOL_defdocstringsig_args = 186,     /* defdocstringsig_args  */
++  YYSYMBOL_defdocstringsig_arg_list = 187, /* defdocstringsig_arg_list  */
++  YYSYMBOL_defdocstringsig_arg = 188,      /* defdocstringsig_arg  */
++  YYSYMBOL_defencoding = 189,              /* defencoding  */
++  YYSYMBOL_defencoding_args = 190,         /* defencoding_args  */
++  YYSYMBOL_defencoding_arg_list = 191,     /* defencoding_arg_list  */
++  YYSYMBOL_defencoding_arg = 192,          /* defencoding_arg  */
++  YYSYMBOL_plugin = 193,                   /* plugin  */
++  YYSYMBOL_plugin_args = 194,              /* plugin_args  */
++  YYSYMBOL_plugin_arg_list = 195,          /* plugin_arg_list  */
++  YYSYMBOL_plugin_arg = 196,               /* plugin_arg  */
++  YYSYMBOL_virterrorhandler = 197,         /* virterrorhandler  */
++  YYSYMBOL_veh_args = 198,                 /* veh_args  */
++  YYSYMBOL_veh_arg_list = 199,             /* veh_arg_list  */
++  YYSYMBOL_veh_arg = 200,                  /* veh_arg  */
++  YYSYMBOL_api = 201,                      /* api  */
++  YYSYMBOL_api_args = 202,                 /* api_args  */
++  YYSYMBOL_api_arg_list = 203,             /* api_arg_list  */
++  YYSYMBOL_api_arg = 204,                  /* api_arg  */
++  YYSYMBOL_exception = 205,                /* exception  */
++  YYSYMBOL_baseexception = 206,            /* baseexception  */
++  YYSYMBOL_exception_body = 207,           /* exception_body  */
++  YYSYMBOL_exception_body_directives = 208, /* exception_body_directives  */
++  YYSYMBOL_exception_body_directive = 209, /* exception_body_directive  */
++  YYSYMBOL_raisecode = 210,                /* raisecode  */
++  YYSYMBOL_mappedtype = 211,               /* mappedtype  */
++  YYSYMBOL_212_2 = 212,                    /* $@2  */
++  YYSYMBOL_mappedtypetmpl = 213,           /* mappedtypetmpl  */
++  YYSYMBOL_214_3 = 214,                    /* $@3  */
++  YYSYMBOL_mtdefinition = 215,             /* mtdefinition  */
++  YYSYMBOL_mtbody = 216,                   /* mtbody  */
++  YYSYMBOL_mtline = 217,                   /* mtline  */
++  YYSYMBOL_mtfunction = 218,               /* mtfunction  */
++  YYSYMBOL_namespace = 219,                /* namespace  */
++  YYSYMBOL_220_4 = 220,                    /* $@4  */
++  YYSYMBOL_optnsbody = 221,                /* optnsbody  */
++  YYSYMBOL_nsbody = 222,                   /* nsbody  */
++  YYSYMBOL_platforms = 223,                /* platforms  */
++  YYSYMBOL_224_5 = 224,                    /* $@5  */
++  YYSYMBOL_platformlist = 225,             /* platformlist  */
++  YYSYMBOL_platform = 226,                 /* platform  */
++  YYSYMBOL_feature = 227,                  /* feature  */
++  YYSYMBOL_feature_args = 228,             /* feature_args  */
++  YYSYMBOL_feature_arg_list = 229,         /* feature_arg_list  */
++  YYSYMBOL_feature_arg = 230,              /* feature_arg  */
++  YYSYMBOL_timeline = 231,                 /* timeline  */
++  YYSYMBOL_232_6 = 232,                    /* $@6  */
++  YYSYMBOL_qualifierlist = 233,            /* qualifierlist  */
++  YYSYMBOL_qualifiername = 234,            /* qualifiername  */
++  YYSYMBOL_ifstart = 235,                  /* ifstart  */
++  YYSYMBOL_236_7 = 236,                    /* $@7  */
++  YYSYMBOL_oredqualifiers = 237,           /* oredqualifiers  */
++  YYSYMBOL_qualifiers = 238,               /* qualifiers  */
++  YYSYMBOL_ifend = 239,                    /* ifend  */
++  YYSYMBOL_license = 240,                  /* license  */
++  YYSYMBOL_license_args = 241,             /* license_args  */
++  YYSYMBOL_license_arg_list = 242,         /* license_arg_list  */
++  YYSYMBOL_license_arg = 243,              /* license_arg  */
++  YYSYMBOL_defmetatype = 244,              /* defmetatype  */
++  YYSYMBOL_defmetatype_args = 245,         /* defmetatype_args  */
++  YYSYMBOL_defmetatype_arg_list = 246,     /* defmetatype_arg_list  */
++  YYSYMBOL_defmetatype_arg = 247,          /* defmetatype_arg  */
++  YYSYMBOL_defsupertype = 248,             /* defsupertype  */
++  YYSYMBOL_defsupertype_args = 249,        /* defsupertype_args  */
++  YYSYMBOL_defsupertype_arg_list = 250,    /* defsupertype_arg_list  */
++  YYSYMBOL_defsupertype_arg = 251,         /* defsupertype_arg  */
++  YYSYMBOL_hiddenns = 252,                 /* hiddenns  */
++  YYSYMBOL_hiddenns_args = 253,            /* hiddenns_args  */
++  YYSYMBOL_hiddenns_arg_list = 254,        /* hiddenns_arg_list  */
++  YYSYMBOL_hiddenns_arg = 255,             /* hiddenns_arg  */
++  YYSYMBOL_consmodule = 256,               /* consmodule  */
++  YYSYMBOL_consmodule_args = 257,          /* consmodule_args  */
++  YYSYMBOL_consmodule_arg_list = 258,      /* consmodule_arg_list  */
++  YYSYMBOL_consmodule_arg = 259,           /* consmodule_arg  */
++  YYSYMBOL_consmodule_body = 260,          /* consmodule_body  */
++  YYSYMBOL_consmodule_body_directives = 261, /* consmodule_body_directives  */
++  YYSYMBOL_consmodule_body_directive = 262, /* consmodule_body_directive  */
++  YYSYMBOL_compmodule = 263,               /* compmodule  */
++  YYSYMBOL_compmodule_args = 264,          /* compmodule_args  */
++  YYSYMBOL_compmodule_arg_list = 265,      /* compmodule_arg_list  */
++  YYSYMBOL_compmodule_arg = 266,           /* compmodule_arg  */
++  YYSYMBOL_compmodule_body = 267,          /* compmodule_body  */
++  YYSYMBOL_compmodule_body_directives = 268, /* compmodule_body_directives  */
++  YYSYMBOL_compmodule_body_directive = 269, /* compmodule_body_directive  */
++  YYSYMBOL_module = 270,                   /* module  */
++  YYSYMBOL_module_args = 271,              /* module_args  */
++  YYSYMBOL_272_8 = 272,                    /* $@8  */
++  YYSYMBOL_module_arg_list = 273,          /* module_arg_list  */
++  YYSYMBOL_module_arg = 274,               /* module_arg  */
++  YYSYMBOL_module_body = 275,              /* module_body  */
++  YYSYMBOL_module_body_directives = 276,   /* module_body_directives  */
++  YYSYMBOL_module_body_directive = 277,    /* module_body_directive  */
++  YYSYMBOL_dottedname = 278,               /* dottedname  */
++  YYSYMBOL_optnumber = 279,                /* optnumber  */
++  YYSYMBOL_include = 280,                  /* include  */
++  YYSYMBOL_include_args = 281,             /* include_args  */
++  YYSYMBOL_include_arg_list = 282,         /* include_arg_list  */
++  YYSYMBOL_include_arg = 283,              /* include_arg  */
++  YYSYMBOL_optinclude = 284,               /* optinclude  */
++  YYSYMBOL_import = 285,                   /* import  */
++  YYSYMBOL_import_args = 286,              /* import_args  */
++  YYSYMBOL_import_arg_list = 287,          /* import_arg_list  */
++  YYSYMBOL_import_arg = 288,               /* import_arg  */
++  YYSYMBOL_optaccesscode = 289,            /* optaccesscode  */
++  YYSYMBOL_optgetcode = 290,               /* optgetcode  */
++  YYSYMBOL_optsetcode = 291,               /* optsetcode  */
++  YYSYMBOL_copying = 292,                  /* copying  */
++  YYSYMBOL_exphdrcode = 293,               /* exphdrcode  */
++  YYSYMBOL_modhdrcode = 294,               /* modhdrcode  */
++  YYSYMBOL_typehdrcode = 295,              /* typehdrcode  */
++  YYSYMBOL_travcode = 296,                 /* travcode  */
++  YYSYMBOL_clearcode = 297,                /* clearcode  */
++  YYSYMBOL_getbufcode = 298,               /* getbufcode  */
++  YYSYMBOL_releasebufcode = 299,           /* releasebufcode  */
++  YYSYMBOL_readbufcode = 300,              /* readbufcode  */
++  YYSYMBOL_writebufcode = 301,             /* writebufcode  */
++  YYSYMBOL_segcountcode = 302,             /* segcountcode  */
++  YYSYMBOL_charbufcode = 303,              /* charbufcode  */
++  YYSYMBOL_instancecode = 304,             /* instancecode  */
++  YYSYMBOL_picklecode = 305,               /* picklecode  */
++  YYSYMBOL_finalcode = 306,                /* finalcode  */
++  YYSYMBOL_modcode = 307,                  /* modcode  */
++  YYSYMBOL_typecode = 308,                 /* typecode  */
++  YYSYMBOL_preinitcode = 309,              /* preinitcode  */
++  YYSYMBOL_initcode = 310,                 /* initcode  */
++  YYSYMBOL_postinitcode = 311,             /* postinitcode  */
++  YYSYMBOL_unitcode = 312,                 /* unitcode  */
++  YYSYMBOL_unitpostinccode = 313,          /* unitpostinccode  */
++  YYSYMBOL_prepycode = 314,                /* prepycode  */
++  YYSYMBOL_exptypehintcode = 315,          /* exptypehintcode  */
++  YYSYMBOL_modtypehintcode = 316,          /* modtypehintcode  */
++  YYSYMBOL_classtypehintcode = 317,        /* classtypehintcode  */
++  YYSYMBOL_doc = 318,                      /* doc  */
++  YYSYMBOL_exporteddoc = 319,              /* exporteddoc  */
++  YYSYMBOL_autopyname = 320,               /* autopyname  */
++  YYSYMBOL_autopyname_args = 321,          /* autopyname_args  */
++  YYSYMBOL_autopyname_arg_list = 322,      /* autopyname_arg_list  */
++  YYSYMBOL_autopyname_arg = 323,           /* autopyname_arg  */
++  YYSYMBOL_docstring = 324,                /* docstring  */
++  YYSYMBOL_docstring_args = 325,           /* docstring_args  */
++  YYSYMBOL_docstring_arg_list = 326,       /* docstring_arg_list  */
++  YYSYMBOL_docstring_arg = 327,            /* docstring_arg  */
++  YYSYMBOL_optdocstring = 328,             /* optdocstring  */
++  YYSYMBOL_extract = 329,                  /* extract  */
++  YYSYMBOL_extract_args = 330,             /* extract_args  */
++  YYSYMBOL_extract_arg_list = 331,         /* extract_arg_list  */
++  YYSYMBOL_extract_arg = 332,              /* extract_arg  */
++  YYSYMBOL_makefile = 333,                 /* makefile  */
++  YYSYMBOL_codeblock = 334,                /* codeblock  */
++  YYSYMBOL_codelines = 335,                /* codelines  */
++  YYSYMBOL_enum = 336,                     /* enum  */
++  YYSYMBOL_337_9 = 337,                    /* $@9  */
++  YYSYMBOL_optenumkey = 338,               /* optenumkey  */
++  YYSYMBOL_optfilename = 339,              /* optfilename  */
++  YYSYMBOL_optname = 340,                  /* optname  */
++  YYSYMBOL_optenumbody = 341,              /* optenumbody  */
++  YYSYMBOL_enumbody = 342,                 /* enumbody  */
++  YYSYMBOL_enumline = 343,                 /* enumline  */
++  YYSYMBOL_optcomma = 344,                 /* optcomma  */
++  YYSYMBOL_optenumassign = 345,            /* optenumassign  */
++  YYSYMBOL_optassign = 346,                /* optassign  */
++  YYSYMBOL_expr = 347,                     /* expr  */
++  YYSYMBOL_binop = 348,                    /* binop  */
++  YYSYMBOL_optunop = 349,                  /* optunop  */
++  YYSYMBOL_value = 350,                    /* value  */
++  YYSYMBOL_optcast = 351,                  /* optcast  */
++  YYSYMBOL_scopedname = 352,               /* scopedname  */
++  YYSYMBOL_scopednamehead = 353,           /* scopednamehead  */
++  YYSYMBOL_scopepart = 354,                /* scopepart  */
++  YYSYMBOL_bool_value = 355,               /* bool_value  */
++  YYSYMBOL_simplevalue = 356,              /* simplevalue  */
++  YYSYMBOL_exprlist = 357,                 /* exprlist  */
++  YYSYMBOL_typedef = 358,                  /* typedef  */
++  YYSYMBOL_struct = 359,                   /* struct  */
++  YYSYMBOL_360_10 = 360,                   /* $@10  */
++  YYSYMBOL_361_11 = 361,                   /* $@11  */
++  YYSYMBOL_classtmpl = 362,                /* classtmpl  */
++  YYSYMBOL_363_12 = 363,                   /* $@12  */
++  YYSYMBOL_template = 364,                 /* template  */
++  YYSYMBOL_class = 365,                    /* class  */
++  YYSYMBOL_366_13 = 366,                   /* $@13  */
++  YYSYMBOL_367_14 = 367,                   /* $@14  */
++  YYSYMBOL_superclasses = 368,             /* superclasses  */
++  YYSYMBOL_superlist = 369,                /* superlist  */
++  YYSYMBOL_superclass = 370,               /* superclass  */
++  YYSYMBOL_class_access = 371,             /* class_access  */
++  YYSYMBOL_optclassbody = 372,             /* optclassbody  */
++  YYSYMBOL_classbody = 373,                /* classbody  */
++  YYSYMBOL_classline = 374,                /* classline  */
++  YYSYMBOL_property = 375,                 /* property  */
++  YYSYMBOL_property_args = 376,            /* property_args  */
++  YYSYMBOL_property_arg_list = 377,        /* property_arg_list  */
++  YYSYMBOL_property_arg = 378,             /* property_arg  */
++  YYSYMBOL_property_body = 379,            /* property_body  */
++  YYSYMBOL_property_body_directives = 380, /* property_body_directives  */
++  YYSYMBOL_property_body_directive = 381,  /* property_body_directive  */
++  YYSYMBOL_name_or_string = 382,           /* name_or_string  */
++  YYSYMBOL_optslot = 383,                  /* optslot  */
++  YYSYMBOL_dtor = 384,                     /* dtor  */
++  YYSYMBOL_385_15 = 385,                   /* $@15  */
++  YYSYMBOL_dtor_decl = 386,                /* dtor_decl  */
++  YYSYMBOL_ctor = 387,                     /* ctor  */
++  YYSYMBOL_388_16 = 388,                   /* $@16  */
++  YYSYMBOL_simplector = 389,               /* simplector  */
++  YYSYMBOL_optctorsig = 390,               /* optctorsig  */
++  YYSYMBOL_391_17 = 391,                   /* $@17  */
++  YYSYMBOL_optsig = 392,                   /* optsig  */
++  YYSYMBOL_393_18 = 393,                   /* $@18  */
++  YYSYMBOL_function = 394,                 /* function  */
++  YYSYMBOL_operatorname = 395,             /* operatorname  */
++  YYSYMBOL_optconst = 396,                 /* optconst  */
++  YYSYMBOL_optfinal = 397,                 /* optfinal  */
++  YYSYMBOL_optabstract = 398,              /* optabstract  */
++  YYSYMBOL_optflags = 399,                 /* optflags  */
++  YYSYMBOL_flaglist = 400,                 /* flaglist  */
++  YYSYMBOL_flag = 401,                     /* flag  */
++  YYSYMBOL_flagvalue = 402,                /* flagvalue  */
++  YYSYMBOL_virtualcallcode = 403,          /* virtualcallcode  */
++  YYSYMBOL_methodcode = 404,               /* methodcode  */
++  YYSYMBOL_premethodcode = 405,            /* premethodcode  */
++  YYSYMBOL_virtualcatchercode = 406,       /* virtualcatchercode  */
++  YYSYMBOL_arglist = 407,                  /* arglist  */
++  YYSYMBOL_rawarglist = 408,               /* rawarglist  */
++  YYSYMBOL_argvalue = 409,                 /* argvalue  */
++  YYSYMBOL_varmember = 410,                /* varmember  */
++  YYSYMBOL_411_19 = 411,                   /* $@19  */
++  YYSYMBOL_412_20 = 412,                   /* $@20  */
++  YYSYMBOL_simple_varmem = 413,            /* simple_varmem  */
++  YYSYMBOL_414_21 = 414,                   /* $@21  */
++  YYSYMBOL_varmem = 415,                   /* varmem  */
++  YYSYMBOL_member = 416,                   /* member  */
++  YYSYMBOL_417_22 = 417,                   /* $@22  */
++  YYSYMBOL_variable = 418,                 /* variable  */
++  YYSYMBOL_variable_body = 419,            /* variable_body  */
++  YYSYMBOL_variable_body_directives = 420, /* variable_body_directives  */
++  YYSYMBOL_variable_body_directive = 421,  /* variable_body_directive  */
++  YYSYMBOL_cpptype = 422,                  /* cpptype  */
++  YYSYMBOL_argtype = 423,                  /* argtype  */
++  YYSYMBOL_optref = 424,                   /* optref  */
++  YYSYMBOL_deref = 425,                    /* deref  */
++  YYSYMBOL_basetype = 426,                 /* basetype  */
++  YYSYMBOL_cpptypelist = 427,              /* cpptypelist  */
++  YYSYMBOL_optexceptions = 428,            /* optexceptions  */
++  YYSYMBOL_exceptionlist = 429             /* exceptionlist  */
++};
++typedef enum yysymbol_kind_t yysymbol_kind_t;
+ 
+-/* Copy the second part of user declarations.  */
+ 
+ 
+-/* Line 216 of yacc.c.  */
+-#line 639 "sip-4.19.23/sipgen/parser.c"
+ 
+ #ifdef short
+ # undef short
+ #endif
+ 
+-#ifdef YYTYPE_UINT8
+-typedef YYTYPE_UINT8 yytype_uint8;
+-#else
+-typedef unsigned char yytype_uint8;
++/* On compilers that do not define __PTRDIFF_MAX__ etc., make sure
++   <limits.h> and (if available) <stdint.h> are included
++   so that the code can choose integer types of a good width.  */
++
++#ifndef __PTRDIFF_MAX__
++# include <limits.h> /* INFRINGES ON USER NAME SPACE */
++# if defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__
++#  include <stdint.h> /* INFRINGES ON USER NAME SPACE */
++#  define YY_STDINT_H
++# endif
+ #endif
+ 
+-#ifdef YYTYPE_INT8
+-typedef YYTYPE_INT8 yytype_int8;
+-#elif (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
++/* Narrow types that promote to a signed type and that can represent a
++   signed or unsigned integer of at least N bits.  In tables they can
++   save space and decrease cache pressure.  Promoting to a signed type
++   helps avoid bugs in integer arithmetic.  */
++
++#ifdef __INT_LEAST8_MAX__
++typedef __INT_LEAST8_TYPE__ yytype_int8;
++#elif defined YY_STDINT_H
++typedef int_least8_t yytype_int8;
++#else
+ typedef signed char yytype_int8;
++#endif
++
++#ifdef __INT_LEAST16_MAX__
++typedef __INT_LEAST16_TYPE__ yytype_int16;
++#elif defined YY_STDINT_H
++typedef int_least16_t yytype_int16;
+ #else
+-typedef short int yytype_int8;
++typedef short yytype_int16;
++#endif
++
++/* Work around bug in HP-UX 11.23, which defines these macros
++   incorrectly for preprocessor constants.  This workaround can likely
++   be removed in 2023, as HPE has promised support for HP-UX 11.23
++   (aka HP-UX 11i v2) only through the end of 2022; see Table 2 of
++   <https://h20195.www2.hpe.com/V2/getpdf.aspx/4AA4-7673ENW.pdf>.  */
++#ifdef __hpux
++# undef UINT_LEAST8_MAX
++# undef UINT_LEAST16_MAX
++# define UINT_LEAST8_MAX 255
++# define UINT_LEAST16_MAX 65535
+ #endif
+ 
+-#ifdef YYTYPE_UINT16
+-typedef YYTYPE_UINT16 yytype_uint16;
++#if defined __UINT_LEAST8_MAX__ && __UINT_LEAST8_MAX__ <= __INT_MAX__
++typedef __UINT_LEAST8_TYPE__ yytype_uint8;
++#elif (!defined __UINT_LEAST8_MAX__ && defined YY_STDINT_H \
++       && UINT_LEAST8_MAX <= INT_MAX)
++typedef uint_least8_t yytype_uint8;
++#elif !defined __UINT_LEAST8_MAX__ && UCHAR_MAX <= INT_MAX
++typedef unsigned char yytype_uint8;
+ #else
+-typedef unsigned short int yytype_uint16;
++typedef short yytype_uint8;
+ #endif
+ 
+-#ifdef YYTYPE_INT16
+-typedef YYTYPE_INT16 yytype_int16;
++#if defined __UINT_LEAST16_MAX__ && __UINT_LEAST16_MAX__ <= __INT_MAX__
++typedef __UINT_LEAST16_TYPE__ yytype_uint16;
++#elif (!defined __UINT_LEAST16_MAX__ && defined YY_STDINT_H \
++       && UINT_LEAST16_MAX <= INT_MAX)
++typedef uint_least16_t yytype_uint16;
++#elif !defined __UINT_LEAST16_MAX__ && USHRT_MAX <= INT_MAX
++typedef unsigned short yytype_uint16;
+ #else
+-typedef short int yytype_int16;
++typedef int yytype_uint16;
++#endif
++
++#ifndef YYPTRDIFF_T
++# if defined __PTRDIFF_TYPE__ && defined __PTRDIFF_MAX__
++#  define YYPTRDIFF_T __PTRDIFF_TYPE__
++#  define YYPTRDIFF_MAXIMUM __PTRDIFF_MAX__
++# elif defined PTRDIFF_MAX
++#  ifndef ptrdiff_t
++#   include <stddef.h> /* INFRINGES ON USER NAME SPACE */
++#  endif
++#  define YYPTRDIFF_T ptrdiff_t
++#  define YYPTRDIFF_MAXIMUM PTRDIFF_MAX
++# else
++#  define YYPTRDIFF_T long
++#  define YYPTRDIFF_MAXIMUM LONG_MAX
++# endif
+ #endif
+ 
+ #ifndef YYSIZE_T
+@@ -673,55 +806,106 @@ typedef short int yytype_int16;
+ #  define YYSIZE_T __SIZE_TYPE__
+ # elif defined size_t
+ #  define YYSIZE_T size_t
+-# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
++# elif defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__
+ #  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
+ #  define YYSIZE_T size_t
+ # else
+-#  define YYSIZE_T unsigned int
++#  define YYSIZE_T unsigned
+ # endif
+ #endif
+ 
+-#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
++#define YYSIZE_MAXIMUM                                  \
++  YY_CAST (YYPTRDIFF_T,                                 \
++           (YYPTRDIFF_MAXIMUM < YY_CAST (YYSIZE_T, -1)  \
++            ? YYPTRDIFF_MAXIMUM                         \
++            : YY_CAST (YYSIZE_T, -1)))
++
++#define YYSIZEOF(X) YY_CAST (YYPTRDIFF_T, sizeof (X))
++
++
++/* Stored state numbers (used for stacks). */
++typedef yytype_int16 yy_state_t;
++
++/* State numbers in computations.  */
++typedef int yy_state_fast_t;
+ 
+ #ifndef YY_
+ # if defined YYENABLE_NLS && YYENABLE_NLS
+ #  if ENABLE_NLS
+ #   include <libintl.h> /* INFRINGES ON USER NAME SPACE */
+-#   define YY_(msgid) dgettext ("bison-runtime", msgid)
++#   define YY_(Msgid) dgettext ("bison-runtime", Msgid)
+ #  endif
+ # endif
+ # ifndef YY_
+-#  define YY_(msgid) msgid
++#  define YY_(Msgid) Msgid
++# endif
++#endif
++
++
++#ifndef YY_ATTRIBUTE_PURE
++# if defined __GNUC__ && 2 < __GNUC__ + (96 <= __GNUC_MINOR__)
++#  define YY_ATTRIBUTE_PURE __attribute__ ((__pure__))
++# else
++#  define YY_ATTRIBUTE_PURE
++# endif
++#endif
++
++#ifndef YY_ATTRIBUTE_UNUSED
++# if defined __GNUC__ && 2 < __GNUC__ + (7 <= __GNUC_MINOR__)
++#  define YY_ATTRIBUTE_UNUSED __attribute__ ((__unused__))
++# else
++#  define YY_ATTRIBUTE_UNUSED
+ # endif
+ #endif
+ 
+ /* Suppress unused-variable warnings by "using" E.  */
+ #if ! defined lint || defined __GNUC__
+-# define YYUSE(e) ((void) (e))
++# define YY_USE(E) ((void) (E))
+ #else
+-# define YYUSE(e) /* empty */
++# define YY_USE(E) /* empty */
+ #endif
+ 
+-/* Identity function, used to suppress warnings about constant conditions.  */
+-#ifndef lint
+-# define YYID(n) (n)
+-#else
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+-static int
+-YYID (int i)
++/* Suppress an incorrect diagnostic about yylval being uninitialized.  */
++#if defined __GNUC__ && ! defined __ICC && 406 <= __GNUC__ * 100 + __GNUC_MINOR__
++# if __GNUC__ * 100 + __GNUC_MINOR__ < 407
++#  define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN                           \
++    _Pragma ("GCC diagnostic push")                                     \
++    _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"")
++# else
++#  define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN                           \
++    _Pragma ("GCC diagnostic push")                                     \
++    _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"")              \
++    _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
++# endif
++# define YY_IGNORE_MAYBE_UNINITIALIZED_END      \
++    _Pragma ("GCC diagnostic pop")
+ #else
+-static int
+-YYID (i)
+-    int i;
++# define YY_INITIAL_VALUE(Value) Value
+ #endif
+-{
+-  return i;
+-}
++#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
++# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
++# define YY_IGNORE_MAYBE_UNINITIALIZED_END
++#endif
++#ifndef YY_INITIAL_VALUE
++# define YY_INITIAL_VALUE(Value) /* Nothing. */
++#endif
++
++#if defined __cplusplus && defined __GNUC__ && ! defined __ICC && 6 <= __GNUC__
++# define YY_IGNORE_USELESS_CAST_BEGIN                          \
++    _Pragma ("GCC diagnostic push")                            \
++    _Pragma ("GCC diagnostic ignored \"-Wuseless-cast\"")
++# define YY_IGNORE_USELESS_CAST_END            \
++    _Pragma ("GCC diagnostic pop")
+ #endif
++#ifndef YY_IGNORE_USELESS_CAST_BEGIN
++# define YY_IGNORE_USELESS_CAST_BEGIN
++# define YY_IGNORE_USELESS_CAST_END
++#endif
++
++
++#define YY_ASSERT(E) ((void) (0 && (E)))
+ 
+-#if ! defined yyoverflow || YYERROR_VERBOSE
++#if !defined yyoverflow
+ 
+ /* The parser invokes alloca or malloc; define the necessary symbols.  */
+ 
+@@ -738,11 +922,11 @@ YYID (i)
+ #    define alloca _alloca
+ #   else
+ #    define YYSTACK_ALLOC alloca
+-#    if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
++#    if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS
+ #     include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+-#     ifndef _STDLIB_H
+-#      define _STDLIB_H 1
++      /* Use EXIT_SUCCESS as a witness for stdlib.h.  */
++#     ifndef EXIT_SUCCESS
++#      define EXIT_SUCCESS 0
+ #     endif
+ #    endif
+ #   endif
+@@ -750,8 +934,8 @@ YYID (i)
+ # endif
+ 
+ # ifdef YYSTACK_ALLOC
+-   /* Pacify GCC's `empty if-body' warning.  */
+-#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
++   /* Pacify GCC's 'empty if-body' warning.  */
++#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (0)
+ #  ifndef YYSTACK_ALLOC_MAXIMUM
+     /* The OS might guarantee only one guard page at the bottom of the stack,
+        and a page size can be as small as 4096 bytes.  So we cannot safely
+@@ -765,125 +949,131 @@ YYID (i)
+ #  ifndef YYSTACK_ALLOC_MAXIMUM
+ #   define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
+ #  endif
+-#  if (defined __cplusplus && ! defined _STDLIB_H \
++#  if (defined __cplusplus && ! defined EXIT_SUCCESS \
+        && ! ((defined YYMALLOC || defined malloc) \
+-	     && (defined YYFREE || defined free)))
++             && (defined YYFREE || defined free)))
+ #   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+-#   ifndef _STDLIB_H
+-#    define _STDLIB_H 1
++#   ifndef EXIT_SUCCESS
++#    define EXIT_SUCCESS 0
+ #   endif
+ #  endif
+ #  ifndef YYMALLOC
+ #   define YYMALLOC malloc
+-#   if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
++#   if ! defined malloc && ! defined EXIT_SUCCESS
+ void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
+ #   endif
+ #  endif
+ #  ifndef YYFREE
+ #   define YYFREE free
+-#   if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
++#   if ! defined free && ! defined EXIT_SUCCESS
+ void free (void *); /* INFRINGES ON USER NAME SPACE */
+ #   endif
+ #  endif
+ # endif
+-#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
+-
++#endif /* !defined yyoverflow */
+ 
+ #if (! defined yyoverflow \
+      && (! defined __cplusplus \
+-	 || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
++         || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
+ 
+ /* A type that is properly aligned for any stack member.  */
+ union yyalloc
+ {
+-  yytype_int16 yyss;
+-  YYSTYPE yyvs;
+-  };
++  yy_state_t yyss_alloc;
++  YYSTYPE yyvs_alloc;
++};
+ 
+ /* The size of the maximum gap between one aligned stack and the next.  */
+-# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
++# define YYSTACK_GAP_MAXIMUM (YYSIZEOF (union yyalloc) - 1)
+ 
+ /* The size of an array large to enough to hold all stacks, each with
+    N elements.  */
+ # define YYSTACK_BYTES(N) \
+-     ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
++     ((N) * (YYSIZEOF (yy_state_t) + YYSIZEOF (YYSTYPE)) \
+       + YYSTACK_GAP_MAXIMUM)
+ 
+-/* Copy COUNT objects from FROM to TO.  The source and destination do
+-   not overlap.  */
+-# ifndef YYCOPY
+-#  if defined __GNUC__ && 1 < __GNUC__
+-#   define YYCOPY(To, From, Count) \
+-      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
+-#  else
+-#   define YYCOPY(To, From, Count)		\
+-      do					\
+-	{					\
+-	  YYSIZE_T yyi;				\
+-	  for (yyi = 0; yyi < (Count); yyi++)	\
+-	    (To)[yyi] = (From)[yyi];		\
+-	}					\
+-      while (YYID (0))
+-#  endif
+-# endif
++# define YYCOPY_NEEDED 1
+ 
+ /* Relocate STACK from its old location to the new one.  The
+    local variables YYSIZE and YYSTACKSIZE give the old and new number of
+    elements in the stack, and YYPTR gives the new location of the
+    stack.  Advance YYPTR to a properly aligned location for the next
+    stack.  */
+-# define YYSTACK_RELOCATE(Stack)					\
+-    do									\
+-      {									\
+-	YYSIZE_T yynewbytes;						\
+-	YYCOPY (&yyptr->Stack, Stack, yysize);				\
+-	Stack = &yyptr->Stack;						\
+-	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
+-	yyptr += yynewbytes / sizeof (*yyptr);				\
+-      }									\
+-    while (YYID (0))
++# define YYSTACK_RELOCATE(Stack_alloc, Stack)                           \
++    do                                                                  \
++      {                                                                 \
++        YYPTRDIFF_T yynewbytes;                                         \
++        YYCOPY (&yyptr->Stack_alloc, Stack, yysize);                    \
++        Stack = &yyptr->Stack_alloc;                                    \
++        yynewbytes = yystacksize * YYSIZEOF (*Stack) + YYSTACK_GAP_MAXIMUM; \
++        yyptr += yynewbytes / YYSIZEOF (*yyptr);                        \
++      }                                                                 \
++    while (0)
+ 
+ #endif
+ 
++#if defined YYCOPY_NEEDED && YYCOPY_NEEDED
++/* Copy COUNT objects from SRC to DST.  The source and destination do
++   not overlap.  */
++# ifndef YYCOPY
++#  if defined __GNUC__ && 1 < __GNUC__
++#   define YYCOPY(Dst, Src, Count) \
++      __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src)))
++#  else
++#   define YYCOPY(Dst, Src, Count)              \
++      do                                        \
++        {                                       \
++          YYPTRDIFF_T yyi;                      \
++          for (yyi = 0; yyi < (Count); yyi++)   \
++            (Dst)[yyi] = (Src)[yyi];            \
++        }                                       \
++      while (0)
++#  endif
++# endif
++#endif /* !YYCOPY_NEEDED */
++
+ /* YYFINAL -- State number of the termination state.  */
+ #define YYFINAL  4
+ /* YYLAST -- Last index in YYTABLE.  */
+-#define YYLAST   1630
++#define YYLAST   1669
+ 
+ /* YYNTOKENS -- Number of terminals.  */
+-#define YYNTOKENS  174
++#define YYNTOKENS  175
+ /* YYNNTS -- Number of nonterminals.  */
+ #define YYNNTS  255
+ /* YYNRULES -- Number of rules.  */
+-#define YYNRULES  597
+-/* YYNRULES -- Number of states.  */
+-#define YYNSTATES  1047
+-
+-/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
+-#define YYUNDEFTOK  2
+-#define YYMAXUTOK   406
+-
+-#define YYTRANSLATE(YYX)						\
+-  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
++#define YYNRULES  598
++/* YYNSTATES -- Number of states.  */
++#define YYNSTATES  1050
++
++/* YYMAXUTOK -- Last valid token kind.  */
++#define YYMAXUTOK   407
++
++
++/* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM
++   as returned by yylex, with out-of-bounds checking.  */
++#define YYTRANSLATE(YYX)                                \
++  (0 <= (YYX) && (YYX) <= YYMAXUTOK                     \
++   ? YY_CAST (yysymbol_kind_t, yytranslate[YYX])        \
++   : YYSYMBOL_YYUNDEF)
+ 
+-/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
++/* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM
++   as returned by yylex.  */
+ static const yytype_uint8 yytranslate[] =
+ {
+        0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+-       2,     2,     2,   159,     2,     2,     2,   172,   164,     2,
+-     152,   153,   162,   161,   154,   160,     2,   163,     2,     2,
+-       2,     2,     2,     2,     2,     2,     2,     2,   169,   158,
+-     167,   155,   168,     2,     2,     2,     2,     2,     2,     2,
++       2,     2,     2,   160,     2,     2,     2,   173,   165,     2,
++     153,   154,   163,   162,   155,   161,     2,   164,     2,     2,
++       2,     2,     2,     2,     2,     2,     2,     2,   170,   159,
++     168,   156,   169,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+-       2,   170,     2,   171,   173,     2,     2,     2,     2,     2,
++       2,   171,     2,   172,   174,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+-       2,     2,     2,   156,   165,   157,   166,     2,     2,     2,
++       2,     2,     2,   157,   166,   158,   167,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+@@ -911,334 +1101,97 @@ static const yytype_uint8 yytranslate[]
+      115,   116,   117,   118,   119,   120,   121,   122,   123,   124,
+      125,   126,   127,   128,   129,   130,   131,   132,   133,   134,
+      135,   136,   137,   138,   139,   140,   141,   142,   143,   144,
+-     145,   146,   147,   148,   149,   150,   151
++     145,   146,   147,   148,   149,   150,   151,   152
+ };
+ 
+ #if YYDEBUG
+-/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
+-   YYRHS.  */
+-static const yytype_uint16 yyprhs[] =
+-{
+-       0,     0,     3,     5,     8,     9,    12,    14,    16,    18,
+-      20,    22,    24,    26,    28,    30,    32,    34,    36,    38,
+-      40,    42,    44,    46,    48,    50,    52,    54,    56,    58,
+-      60,    62,    64,    66,    68,    70,    72,    74,    76,    78,
+-      80,    82,    84,    86,    88,    90,    92,    94,    96,    98,
+-     100,   102,   104,   106,   108,   110,   112,   115,   117,   121,
+-     123,   127,   131,   134,   136,   140,   142,   146,   150,   153,
+-     155,   159,   161,   165,   169,   172,   174,   178,   180,   184,
+-     188,   192,   194,   198,   200,   204,   208,   211,   214,   218,
+-     220,   224,   228,   232,   238,   239,   243,   248,   250,   253,
+-     255,   257,   259,   261,   264,   265,   271,   272,   279,   284,
+-     286,   289,   291,   293,   295,   297,   300,   303,   305,   307,
+-     309,   324,   325,   331,   332,   336,   338,   341,   342,   348,
+-     350,   353,   355,   358,   360,   364,   366,   370,   374,   375,
+-     381,   383,   386,   388,   389,   395,   397,   400,   404,   409,
+-     411,   415,   417,   421,   422,   424,   428,   430,   434,   438,
+-     442,   446,   450,   453,   455,   459,   461,   465,   469,   472,
+-     474,   478,   480,   484,   488,   491,   493,   497,   499,   503,
+-     507,   511,   513,   517,   519,   523,   527,   528,   533,   535,
+-     538,   540,   542,   544,   548,   550,   554,   556,   560,   564,
+-     565,   570,   572,   575,   577,   579,   581,   585,   589,   590,
+-     594,   598,   600,   604,   608,   612,   616,   620,   624,   628,
+-     632,   636,   640,   641,   646,   648,   651,   653,   655,   657,
+-     659,   661,   663,   664,   666,   669,   671,   675,   677,   681,
+-     685,   689,   692,   695,   697,   701,   703,   707,   711,   712,
+-     715,   716,   719,   720,   723,   726,   729,   732,   735,   738,
+-     741,   744,   747,   750,   753,   756,   759,   762,   765,   768,
+-     771,   774,   777,   780,   783,   786,   789,   792,   795,   798,
+-     801,   804,   807,   810,   814,   816,   820,   824,   828,   829,
+-     831,   835,   837,   841,   845,   849,   850,   852,   856,   858,
+-     862,   864,   868,   872,   876,   881,   884,   886,   889,   890,
+-     900,   901,   903,   905,   906,   908,   909,   911,   912,   914,
+-     916,   919,   921,   923,   928,   929,   931,   932,   935,   936,
+-     939,   941,   945,   947,   949,   951,   953,   955,   957,   958,
+-     960,   962,   964,   966,   968,   970,   974,   975,   979,   982,
+-     984,   986,   990,   992,   994,   996,   998,  1003,  1006,  1008,
+-    1010,  1012,  1014,  1016,  1018,  1019,  1021,  1025,  1032,  1045,
+-    1046,  1047,  1056,  1057,  1061,  1066,  1067,  1068,  1077,  1078,
+-    1081,  1083,  1087,  1090,  1091,  1093,  1095,  1097,  1098,  1102,
+-    1103,  1105,  1108,  1110,  1112,  1114,  1116,  1118,  1120,  1122,
+-    1124,  1126,  1128,  1130,  1132,  1134,  1136,  1138,  1140,  1142,
+-    1144,  1146,  1148,  1150,  1152,  1154,  1156,  1158,  1160,  1162,
+-    1164,  1167,  1170,  1173,  1177,  1181,  1185,  1188,  1192,  1196,
+-    1198,  1202,  1206,  1210,  1214,  1215,  1220,  1222,  1225,  1227,
+-    1229,  1231,  1233,  1235,  1236,  1238,  1239,  1243,  1245,  1257,
+-    1258,  1262,  1264,  1276,  1277,  1278,  1285,  1286,  1287,  1295,
+-    1313,  1321,  1339,  1356,  1358,  1360,  1362,  1364,  1366,  1368,
+-    1370,  1372,  1375,  1378,  1381,  1384,  1387,  1390,  1393,  1396,
+-    1399,  1402,  1406,  1410,  1412,  1415,  1418,  1420,  1423,  1426,
+-    1429,  1431,  1434,  1435,  1437,  1438,  1440,  1441,  1444,  1445,
+-    1449,  1451,  1455,  1457,  1461,  1463,  1469,  1471,  1473,  1474,
+-    1477,  1478,  1481,  1482,  1485,  1486,  1489,  1491,  1492,  1494,
+-    1498,  1503,  1508,  1513,  1517,  1521,  1528,  1535,  1539,  1542,
+-    1543,  1547,  1548,  1552,  1554,  1555,  1559,  1561,  1563,  1565,
+-    1566,  1570,  1572,  1581,  1582,  1586,  1588,  1591,  1593,  1595,
+-    1598,  1601,  1604,  1609,  1613,  1617,  1618,  1620,  1621,  1625,
+-    1628,  1630,  1635,  1638,  1641,  1643,  1645,  1648,  1650,  1652,
+-    1655,  1658,  1662,  1664,  1666,  1668,  1671,  1674,  1676,  1678,
+-    1680,  1682,  1684,  1686,  1688,  1690,  1692,  1694,  1696,  1698,
+-    1700,  1702,  1704,  1708,  1709,  1714,  1715,  1717
+-};
+-
+-/* YYRHS -- A `-1'-separated list of the rules' RHS.  */
+-static const yytype_int16 yyrhs[] =
+-{
+-     175,     0,    -1,   176,    -1,   175,   176,    -1,    -1,   177,
+-     178,    -1,   269,    -1,   255,    -1,   262,    -1,   192,    -1,
+-     291,    -1,   279,    -1,   283,    -1,   284,    -1,   200,    -1,
+-     230,    -1,   222,    -1,   226,    -1,   239,    -1,   180,    -1,
+-     184,    -1,   188,    -1,   243,    -1,   247,    -1,   251,    -1,
+-     292,    -1,   293,    -1,   306,    -1,   308,    -1,   309,    -1,
+-     310,    -1,   311,    -1,   312,    -1,   313,    -1,   314,    -1,
+-     315,    -1,   317,    -1,   318,    -1,   328,    -1,   332,    -1,
+-     210,    -1,   212,    -1,   196,    -1,   179,    -1,   234,    -1,
+-     238,    -1,   218,    -1,   358,    -1,   364,    -1,   361,    -1,
+-     204,    -1,   357,    -1,   335,    -1,   393,    -1,   417,    -1,
+-     294,    -1,     5,   181,    -1,    36,    -1,   152,   182,   153,
+-      -1,   183,    -1,   182,   154,   183,    -1,   138,   155,    36,
+-      -1,     6,   185,    -1,    36,    -1,   152,   186,   153,    -1,
+-     187,    -1,   186,   154,   187,    -1,   138,   155,    36,    -1,
+-       7,   189,    -1,    36,    -1,   152,   190,   153,    -1,   191,
+-      -1,   190,   154,   191,    -1,   138,   155,    36,    -1,     8,
+-     193,    -1,    34,    -1,   152,   194,   153,    -1,   195,    -1,
+-     194,   154,   195,    -1,   138,   155,    34,    -1,     9,   197,
+-     333,    -1,    34,    -1,   152,   198,   153,    -1,   199,    -1,
+-     198,   154,   199,    -1,   138,   155,    34,    -1,     3,   201,
+-      -1,    34,   107,    -1,   152,   202,   153,    -1,   203,    -1,
+-     202,   154,   203,    -1,   138,   155,   381,    -1,   151,   155,
+-     107,    -1,   122,   351,   205,   398,   206,    -1,    -1,   152,
+-     351,   153,    -1,   156,   207,   157,   158,    -1,   208,    -1,
+-     207,   208,    -1,   234,    -1,   238,    -1,   209,    -1,   294,
+-      -1,   123,   333,    -1,    -1,    30,   425,   398,   211,   214,
+-      -1,    -1,   363,    30,   425,   398,   213,   214,    -1,   156,
+-     215,   157,   158,    -1,   216,    -1,   215,   216,    -1,   234,
+-      -1,   238,    -1,   294,    -1,   307,    -1,    51,   333,    -1,
+-      52,   333,    -1,   303,    -1,   335,    -1,   217,    -1,    97,
+-     421,    34,   152,   406,   153,   395,   427,   398,   391,   158,
+-     327,   404,   403,    -1,    -1,   110,    34,   219,   220,   158,
+-      -1,    -1,   156,   221,   157,    -1,   179,    -1,   221,   179,
+-      -1,    -1,   112,   223,   156,   224,   157,    -1,   225,    -1,
+-     224,   225,    -1,    34,    -1,   113,   227,    -1,    34,    -1,
+-     152,   228,   153,    -1,   229,    -1,   228,   154,   229,    -1,
+-     138,   155,   381,    -1,    -1,   111,   231,   156,   232,   157,
+-      -1,   233,    -1,   232,   233,    -1,    34,    -1,    -1,    32,
+-     152,   235,   237,   153,    -1,    34,    -1,   159,    34,    -1,
+-     236,    95,    34,    -1,   236,    95,   159,    34,    -1,   236,
+-      -1,   339,   160,   339,    -1,    33,    -1,   114,   240,   398,
+-      -1,    -1,    36,    -1,   152,   241,   153,    -1,   242,    -1,
+-     241,   154,   242,    -1,   145,   155,    36,    -1,   137,   155,
+-      36,    -1,   143,   155,    36,    -1,   144,   155,    36,    -1,
+-     128,   244,    -1,   277,    -1,   152,   245,   153,    -1,   246,
+-      -1,   245,   154,   246,    -1,   138,   155,   277,    -1,   129,
+-     248,    -1,   277,    -1,   152,   249,   153,    -1,   250,    -1,
+-     249,   154,   250,    -1,   138,   155,   277,    -1,   131,   252,
+-      -1,   351,    -1,   152,   253,   153,    -1,   254,    -1,   253,
+-     154,   254,    -1,   138,   155,   351,    -1,    62,   256,   259,
+-      -1,   277,    -1,   152,   257,   153,    -1,   258,    -1,   257,
+-     154,   258,    -1,   138,   155,   277,    -1,    -1,   156,   260,
+-     157,   158,    -1,   261,    -1,   260,   261,    -1,   234,    -1,
+-     238,    -1,   323,    -1,    63,   263,   266,    -1,   277,    -1,
+-     152,   264,   153,    -1,   265,    -1,   264,   154,   265,    -1,
+-     138,   155,   277,    -1,    -1,   156,   267,   157,   158,    -1,
+-     268,    -1,   267,   268,    -1,   234,    -1,   238,    -1,   323,
+-      -1,    60,   270,   274,    -1,    61,   277,   278,    -1,    -1,
+-     277,   271,   278,    -1,   152,   272,   153,    -1,   273,    -1,
+-     272,   154,   273,    -1,   135,   155,    36,    -1,   136,   155,
+-      36,    -1,   138,   155,   277,    -1,   146,   155,   354,    -1,
+-     147,   155,   354,    -1,   148,   155,   354,    -1,   149,   155,
+-     354,    -1,   150,   155,    34,    -1,   151,   155,   107,    -1,
+-      -1,   156,   275,   157,   158,    -1,   276,    -1,   275,   276,
+-      -1,   234,    -1,   238,    -1,   319,    -1,   323,    -1,    34,
+-      -1,    35,    -1,    -1,   107,    -1,    54,   280,    -1,    35,
+-      -1,   152,   281,   153,    -1,   282,    -1,   281,   154,   282,
+-      -1,   138,   155,    35,    -1,   139,   155,   354,    -1,    55,
+-      35,    -1,    56,   285,    -1,    35,    -1,   152,   286,   153,
+-      -1,   287,    -1,   286,   154,   287,    -1,   138,   155,    35,
+-      -1,    -1,    17,   333,    -1,    -1,    18,   333,    -1,    -1,
+-      19,   333,    -1,    29,   333,    -1,    57,   333,    -1,    58,
+-     333,    -1,    59,   333,    -1,    38,   333,    -1,    39,   333,
+-      -1,    40,   333,    -1,    41,   333,    -1,    42,   333,    -1,
+-      43,   333,    -1,    44,   333,    -1,    45,   333,    -1,    50,
+-     333,    -1,    46,   333,    -1,    23,   333,    -1,    26,   333,
+-      -1,    27,   333,    -1,    20,   333,    -1,    21,   333,    -1,
+-      22,   333,    -1,    24,   333,    -1,    25,   333,    -1,    28,
+-     333,    -1,    10,   333,    -1,    11,   333,    -1,    11,   333,
+-      -1,    13,   333,    -1,    14,   333,    -1,     4,   320,    -1,
+-     152,   321,   153,    -1,   322,    -1,   321,   154,   322,    -1,
+-     141,   155,    36,    -1,    12,   324,   333,    -1,    -1,    36,
+-      -1,   152,   325,   153,    -1,   326,    -1,   325,   154,   326,
+-      -1,   132,   155,    36,    -1,   143,   155,    36,    -1,    -1,
+-     323,    -1,    15,   329,   333,    -1,    34,    -1,   152,   330,
+-     153,    -1,   331,    -1,   330,   154,   331,    -1,   134,   155,
+-      34,    -1,   140,   155,   107,    -1,    16,    35,   338,   333,
+-      -1,   334,    33,    -1,    31,    -1,   334,    31,    -1,    -1,
+-      91,   337,   339,   398,   336,   156,   340,   157,   158,    -1,
+-      -1,    64,    -1,    65,    -1,    -1,    35,    -1,    -1,    34,
+-      -1,    -1,   341,    -1,   342,    -1,   341,   342,    -1,   234,
+-      -1,   238,    -1,    34,   344,   398,   343,    -1,    -1,   154,
+-      -1,    -1,   155,   349,    -1,    -1,   155,   346,    -1,   349,
+-      -1,   346,   347,   349,    -1,   160,    -1,   161,    -1,   162,
+-      -1,   163,    -1,   164,    -1,   165,    -1,    -1,   159,    -1,
+-     166,    -1,   160,    -1,   161,    -1,   162,    -1,   164,    -1,
+-     350,   348,   355,    -1,    -1,   152,   351,   153,    -1,    94,
+-     352,    -1,   352,    -1,   353,    -1,   352,    94,   353,    -1,
+-      34,    -1,   116,    -1,   117,    -1,   351,    -1,   425,   152,
+-     356,   153,    -1,   156,   157,    -1,   108,    -1,   107,    -1,
+-     354,    -1,   118,    -1,    36,    -1,   115,    -1,    -1,   346,
+-      -1,   356,   154,   346,    -1,   109,   421,    34,   398,   158,
+-     327,    -1,   109,   421,   152,   162,    34,   153,   152,   426,
+-     153,   398,   158,   327,    -1,    -1,    -1,    65,   351,   359,
+-     367,   398,   360,   371,   158,    -1,    -1,   363,   362,   364,
+-      -1,   125,   167,   426,   168,    -1,    -1,    -1,    64,   351,
+-     365,   367,   398,   366,   371,   158,    -1,    -1,   169,   368,
+-      -1,   369,    -1,   368,   154,   369,    -1,   370,   351,    -1,
+-      -1,    66,    -1,    67,    -1,    68,    -1,    -1,   156,   372,
+-     157,    -1,    -1,   373,    -1,   372,   373,    -1,   234,    -1,
+-     238,    -1,   218,    -1,   358,    -1,   364,    -1,   361,    -1,
+-     204,    -1,   357,    -1,   335,    -1,   374,    -1,   323,    -1,
+-     307,    -1,   294,    -1,   295,    -1,   296,    -1,   297,    -1,
+-     298,    -1,   299,    -1,   300,    -1,   301,    -1,   302,    -1,
+-     303,    -1,   304,    -1,   305,    -1,   316,    -1,   386,    -1,
+-     383,    -1,   409,    -1,    53,   333,    -1,    52,   333,    -1,
+-      51,   333,    -1,    66,   382,   169,    -1,    67,   382,   169,
+-      -1,    68,   382,   169,    -1,    69,   169,    -1,   130,   375,
+-     378,    -1,   152,   376,   153,    -1,   377,    -1,   376,   154,
+-     377,    -1,   133,   155,    34,    -1,   138,   155,   381,    -1,
+-     142,   155,    34,    -1,    -1,   156,   379,   157,   158,    -1,
+-     380,    -1,   379,   380,    -1,   234,    -1,   238,    -1,   323,
+-      -1,    34,    -1,    36,    -1,    -1,    71,    -1,    -1,    90,
+-     384,   385,    -1,   385,    -1,   166,    34,   152,   153,   427,
+-     397,   398,   158,   404,   403,   405,    -1,    -1,   124,   387,
+-     388,    -1,   388,    -1,    34,   152,   406,   153,   427,   398,
+-     389,   158,   327,   404,   403,    -1,    -1,    -1,   170,   390,
+-     152,   406,   153,   171,    -1,    -1,    -1,   170,   392,   421,
+-     152,   406,   153,   171,    -1,   421,    34,   152,   406,   153,
+-     395,   396,   427,   397,   398,   391,   158,   327,   404,   403,
+-     405,   402,    -1,   421,   119,   155,   152,   421,   153,   158,
+-      -1,   421,   119,   394,   152,   406,   153,   395,   396,   427,
+-     397,   398,   391,   158,   404,   403,   405,   402,    -1,   119,
+-     421,   152,   406,   153,   395,   396,   427,   397,   398,   391,
+-     158,   404,   403,   405,   402,    -1,   161,    -1,   160,    -1,
+-     162,    -1,   163,    -1,   172,    -1,   164,    -1,   165,    -1,
+-     173,    -1,   167,   167,    -1,   168,   168,    -1,   161,   155,
+-      -1,   160,   155,    -1,   162,   155,    -1,   163,   155,    -1,
+-     172,   155,    -1,   164,   155,    -1,   165,   155,    -1,   173,
+-     155,    -1,   167,   167,   155,    -1,   168,   168,   155,    -1,
+-     166,    -1,   152,   153,    -1,   170,   171,    -1,   167,    -1,
+-     167,   155,    -1,   155,   155,    -1,   159,   155,    -1,   168,
+-      -1,   168,   155,    -1,    -1,    96,    -1,    -1,   126,    -1,
+-      -1,   155,   107,    -1,    -1,   163,   399,   163,    -1,   400,
+-      -1,   399,   154,   400,    -1,    34,    -1,    34,   155,   401,
+-      -1,   277,    -1,    34,   169,   278,   160,   278,    -1,    36,
+-      -1,   107,    -1,    -1,    47,   333,    -1,    -1,    48,   333,
+-      -1,    -1,    49,   333,    -1,    -1,    37,   333,    -1,   407,
+-      -1,    -1,   408,    -1,   407,   154,   408,    -1,    98,   339,
+-     398,   345,    -1,    99,   339,   398,   345,    -1,   100,   339,
+-     398,   345,    -1,   101,   339,   398,    -1,   102,   339,   398,
+-      -1,   103,   152,   406,   153,   339,   398,    -1,   104,   152,
+-     406,   153,   339,   398,    -1,   121,   339,   398,    -1,   422,
+-     345,    -1,    -1,    70,   410,   412,    -1,    -1,    72,   411,
+-     412,    -1,   412,    -1,    -1,    97,   413,   414,    -1,   414,
+-      -1,   415,    -1,   417,    -1,    -1,    90,   416,   393,    -1,
+-     393,    -1,   421,    34,   398,   418,   158,   288,   289,   290,
+-      -1,    -1,   156,   419,   157,    -1,   420,    -1,   419,   420,
+-      -1,   234,    -1,   238,    -1,    17,   333,    -1,    18,   333,
+-      -1,    19,   333,    -1,    96,   425,   424,   423,    -1,   425,
+-     424,   423,    -1,   421,   339,   398,    -1,    -1,   164,    -1,
+-      -1,   424,   162,    96,    -1,   424,   162,    -1,   351,    -1,
+-     351,   167,   426,   168,    -1,    65,   351,    -1,    93,    74,
+-      -1,    74,    -1,    93,    -1,    93,    75,    -1,    75,    -1,
+-      76,    -1,    93,    76,    -1,    76,    76,    -1,    93,    76,
+-      76,    -1,    77,    -1,    78,    -1,    73,    -1,    92,    79,
+-      -1,    93,    79,    -1,    79,    -1,    80,    -1,    81,    -1,
+-      82,    -1,    83,    -1,    84,    -1,    85,    -1,    86,    -1,
+-      87,    -1,    88,    -1,    89,    -1,   105,    -1,   106,    -1,
+-     127,    -1,   421,    -1,   426,   154,   421,    -1,    -1,   120,
+-     152,   428,   153,    -1,    -1,   351,    -1,   428,   154,   351,
+-      -1
+-};
+-
+-/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
+-static const yytype_uint16 yyrline[] =
++/* YYRLINE[YYN] -- Source line where rule number YYN was defined.  */
++static const yytype_int16 yyrline[] =
+ {
+-       0,   574,   574,   575,   578,   578,   597,   598,   599,   600,
+-     601,   602,   603,   604,   605,   606,   607,   608,   609,   610,
+-     611,   612,   613,   614,   615,   616,   617,   618,   619,   620,
+-     621,   622,   623,   624,   625,   626,   627,   628,   629,   630,
+-     631,   632,   633,   634,   637,   638,   639,   640,   641,   642,
+-     643,   644,   645,   646,   647,   648,   661,   667,   672,   677,
+-     678,   688,   695,   701,   706,   711,   712,   722,   729,   738,
+-     743,   748,   749,   759,   766,   777,   782,   787,   788,   798,
+-     805,   834,   839,   844,   845,   855,   862,   888,   896,   901,
+-     902,   913,   919,   927,   974,   978,  1085,  1090,  1091,  1102,
+-    1105,  1108,  1122,  1138,  1143,  1143,  1166,  1166,  1233,  1247,
+-    1248,  1251,  1252,  1253,  1257,  1261,  1270,  1279,  1288,  1289,
+-    1292,  1307,  1307,  1344,  1345,  1348,  1349,  1352,  1352,  1381,
+-    1382,  1385,  1391,  1397,  1402,  1407,  1408,  1418,  1425,  1425,
+-    1451,  1452,  1455,  1461,  1461,  1480,  1483,  1486,  1489,  1494,
+-    1495,  1500,  1508,  1545,  1553,  1559,  1564,  1565,  1578,  1586,
+-    1594,  1602,  1612,  1623,  1628,  1633,  1634,  1644,  1651,  1662,
+-    1667,  1672,  1673,  1683,  1690,  1702,  1707,  1712,  1713,  1723,
+-    1730,  1750,  1755,  1760,  1761,  1771,  1778,  1782,  1787,  1788,
+-    1798,  1801,  1804,  1818,  1836,  1841,  1846,  1847,  1857,  1864,
+-    1868,  1873,  1874,  1884,  1887,  1890,  1904,  1915,  1925,  1925,
+-    1938,  1943,  1944,  1961,  1973,  1991,  2003,  2015,  2027,  2039,
+-    2051,  2063,  2082,  2086,  2091,  2092,  2102,  2105,  2108,  2111,
+-    2125,  2126,  2142,  2145,  2148,  2157,  2163,  2168,  2169,  2180,
+-    2186,  2194,  2202,  2208,  2213,  2218,  2219,  2229,  2236,  2239,
+-    2244,  2247,  2252,  2255,  2260,  2266,  2272,  2278,  2283,  2288,
+-    2293,  2298,  2303,  2308,  2313,  2318,  2323,  2328,  2333,  2338,
+-    2344,  2349,  2355,  2361,  2367,  2373,  2379,  2384,  2390,  2396,
+-    2401,  2407,  2413,  2419,  2424,  2425,  2435,  2442,  2526,  2530,
+-    2536,  2541,  2542,  2553,  2559,  2567,  2570,  2573,  2582,  2588,
+-    2593,  2594,  2605,  2611,  2622,  2627,  2630,  2631,  2641,  2641,
+-    2665,  2668,  2671,  2676,  2679,  2684,  2687,  2692,  2693,  2696,
+-    2697,  2700,  2701,  2702,  2746,  2747,  2750,  2751,  2754,  2757,
+-    2762,  2763,  2781,  2784,  2787,  2790,  2793,  2796,  2801,  2804,
+-    2807,  2810,  2813,  2816,  2819,  2824,  2839,  2842,  2847,  2853,
+-    2856,  2857,  2865,  2870,  2873,  2878,  2887,  2897,  2900,  2904,
+-    2908,  2912,  2916,  2920,  2926,  2931,  2937,  2955,  2977,  3016,
+-    3022,  3016,  3066,  3066,  3092,  3097,  3103,  3097,  3143,  3144,
+-    3147,  3148,  3151,  3203,  3206,  3209,  3212,  3217,  3220,  3225,
+-    3226,  3227,  3230,  3231,  3232,  3233,  3234,  3235,  3236,  3237,
+-    3238,  3239,  3240,  3251,  3255,  3259,  3270,  3281,  3292,  3303,
+-    3314,  3325,  3336,  3347,  3358,  3369,  3380,  3391,  3392,  3393,
+-    3394,  3405,  3416,  3427,  3434,  3441,  3448,  3457,  3470,  3475,
+-    3476,  3488,  3495,  3502,  3511,  3515,  3520,  3521,  3531,  3534,
+-    3537,  3551,  3552,  3555,  3558,  3564,  3564,  3565,  3568,  3634,
+-    3634,  3635,  3638,  3684,  3687,  3687,  3698,  3701,  3701,  3713,
+-    3731,  3751,  3795,  3876,  3877,  3878,  3879,  3880,  3881,  3882,
+-    3883,  3884,  3885,  3886,  3887,  3888,  3889,  3890,  3891,  3892,
+-    3893,  3894,  3895,  3896,  3897,  3898,  3899,  3900,  3901,  3902,
+-    3903,  3904,  3907,  3910,  3915,  3918,  3923,  3926,  3934,  3937,
+-    3943,  3947,  3959,  3963,  3969,  3973,  3996,  4000,  4006,  4009,
+-    4014,  4017,  4022,  4025,  4030,  4033,  4038,  4090,  4095,  4101,
+-    4124,  4136,  4148,  4160,  4179,  4190,  4207,  4224,  4233,  4240,
+-    4240,  4241,  4241,  4242,  4246,  4246,  4247,  4251,  4252,  4256,
+-    4256,  4257,  4260,  4315,  4321,  4326,  4327,  4339,  4342,  4345,
+-    4360,  4375,  4392,  4397,  4411,  4521,  4524,  4532,  4535,  4538,
+-    4543,  4551,  4562,  4577,  4581,  4585,  4589,  4593,  4597,  4601,
+-    4605,  4609,  4613,  4617,  4621,  4625,  4629,  4633,  4637,  4641,
+-    4645,  4649,  4653,  4657,  4661,  4665,  4669,  4673,  4677,  4681,
+-    4685,  4691,  4697,  4713,  4716,  4724,  4730,  4737
++       0,   575,   575,   576,   579,   579,   598,   599,   600,   601,
++     602,   603,   604,   605,   606,   607,   608,   609,   610,   611,
++     612,   613,   614,   615,   616,   617,   618,   619,   620,   621,
++     622,   623,   624,   625,   626,   627,   628,   629,   630,   631,
++     632,   633,   634,   635,   638,   639,   640,   641,   642,   643,
++     644,   645,   646,   647,   648,   649,   662,   668,   673,   678,
++     679,   689,   696,   702,   707,   712,   713,   723,   730,   739,
++     744,   749,   750,   760,   767,   778,   783,   788,   789,   799,
++     806,   835,   840,   845,   846,   856,   863,   889,   897,   902,
++     903,   914,   920,   928,   975,   979,  1086,  1091,  1092,  1103,
++    1106,  1109,  1123,  1139,  1144,  1144,  1167,  1167,  1234,  1248,
++    1249,  1252,  1253,  1254,  1258,  1262,  1271,  1280,  1289,  1290,
++    1293,  1308,  1308,  1345,  1346,  1349,  1350,  1353,  1353,  1382,
++    1383,  1386,  1392,  1398,  1403,  1408,  1409,  1419,  1426,  1426,
++    1452,  1453,  1456,  1462,  1462,  1481,  1484,  1487,  1490,  1495,
++    1496,  1501,  1509,  1546,  1554,  1560,  1565,  1566,  1579,  1587,
++    1595,  1603,  1613,  1624,  1629,  1634,  1635,  1645,  1652,  1663,
++    1668,  1673,  1674,  1684,  1691,  1703,  1708,  1713,  1714,  1724,
++    1731,  1751,  1756,  1761,  1762,  1772,  1779,  1783,  1788,  1789,
++    1799,  1802,  1805,  1819,  1837,  1842,  1847,  1848,  1858,  1865,
++    1869,  1874,  1875,  1885,  1888,  1891,  1905,  1917,  1927,  1927,
++    1941,  1946,  1947,  1965,  1978,  1997,  2010,  2023,  2036,  2049,
++    2062,  2075,  2088,  2108,  2112,  2117,  2118,  2128,  2131,  2134,
++    2137,  2151,  2152,  2168,  2171,  2174,  2183,  2189,  2194,  2195,
++    2206,  2212,  2220,  2228,  2234,  2239,  2244,  2245,  2255,  2262,
++    2265,  2270,  2273,  2278,  2281,  2286,  2292,  2298,  2304,  2309,
++    2314,  2319,  2324,  2329,  2334,  2339,  2344,  2349,  2354,  2359,
++    2364,  2370,  2375,  2381,  2387,  2393,  2399,  2405,  2410,  2416,
++    2422,  2427,  2433,  2439,  2445,  2450,  2451,  2461,  2468,  2552,
++    2556,  2562,  2567,  2568,  2579,  2585,  2593,  2596,  2599,  2608,
++    2614,  2619,  2620,  2631,  2637,  2648,  2653,  2656,  2657,  2667,
++    2667,  2691,  2694,  2697,  2702,  2705,  2710,  2713,  2718,  2719,
++    2722,  2723,  2726,  2727,  2728,  2772,  2773,  2776,  2777,  2780,
++    2783,  2788,  2789,  2807,  2810,  2813,  2816,  2819,  2822,  2827,
++    2830,  2833,  2836,  2839,  2842,  2845,  2850,  2865,  2868,  2873,
++    2879,  2882,  2883,  2891,  2896,  2899,  2904,  2913,  2923,  2926,
++    2930,  2934,  2938,  2942,  2946,  2952,  2957,  2963,  2981,  3003,
++    3042,  3048,  3042,  3092,  3092,  3118,  3123,  3129,  3123,  3169,
++    3170,  3173,  3174,  3177,  3229,  3232,  3235,  3238,  3243,  3246,
++    3251,  3252,  3253,  3256,  3257,  3258,  3259,  3260,  3261,  3262,
++    3263,  3264,  3265,  3266,  3277,  3281,  3285,  3296,  3307,  3318,
++    3329,  3340,  3351,  3362,  3373,  3384,  3395,  3406,  3417,  3418,
++    3419,  3420,  3431,  3442,  3453,  3460,  3467,  3474,  3483,  3496,
++    3501,  3502,  3514,  3521,  3528,  3537,  3541,  3546,  3547,  3557,
++    3560,  3563,  3577,  3578,  3581,  3584,  3590,  3590,  3591,  3594,
++    3660,  3660,  3661,  3664,  3710,  3713,  3713,  3724,  3727,  3727,
++    3739,  3757,  3777,  3821,  3902,  3903,  3904,  3905,  3906,  3907,
++    3908,  3909,  3910,  3911,  3912,  3913,  3914,  3915,  3916,  3917,
++    3918,  3919,  3920,  3921,  3922,  3923,  3924,  3925,  3926,  3927,
++    3928,  3929,  3930,  3933,  3936,  3941,  3944,  3949,  3952,  3960,
++    3963,  3969,  3973,  3985,  3989,  3995,  3999,  4022,  4026,  4032,
++    4035,  4040,  4043,  4048,  4051,  4056,  4059,  4064,  4116,  4121,
++    4127,  4150,  4162,  4174,  4186,  4205,  4216,  4233,  4250,  4259,
++    4266,  4266,  4267,  4267,  4268,  4272,  4272,  4273,  4277,  4278,
++    4282,  4282,  4283,  4286,  4341,  4347,  4352,  4353,  4365,  4368,
++    4371,  4386,  4401,  4418,  4423,  4437,  4547,  4550,  4558,  4561,
++    4564,  4569,  4577,  4588,  4603,  4607,  4611,  4615,  4619,  4623,
++    4627,  4631,  4635,  4639,  4643,  4647,  4651,  4655,  4659,  4663,
++    4667,  4671,  4675,  4679,  4683,  4687,  4691,  4695,  4699,  4703,
++    4707,  4711,  4717,  4723,  4739,  4742,  4750,  4756,  4763
+ };
+ #endif
+ 
+-#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
++/** Accessing symbol of state STATE.  */
++#define YY_ACCESSING_SYMBOL(State) YY_CAST (yysymbol_kind_t, yystos[State])
++
++#if YYDEBUG || 0
++/* The user-facing name of the symbol whose (internal) number is
++   YYSYMBOL.  No bounds checking.  */
++static const char *yysymbol_name (yysymbol_kind_t yysymbol) YY_ATTRIBUTE_UNUSED;
++
+ /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
+    First, the terminals, then, starting at YYNTOKENS, nonterminals.  */
+ static const char *const yytname[] =
+ {
+-  "$end", "error", "$undefined", "TK_API", "TK_AUTOPYNAME",
+-  "TK_DEFDOCSTRFMT", "TK_DEFDOCSTRSIG", "TK_DEFENCODING", "TK_PLUGIN",
+-  "TK_VIRTERRORHANDLER", "TK_EXPTYPEHINTCODE", "TK_TYPEHINTCODE",
+-  "TK_DOCSTRING", "TK_DOC", "TK_EXPORTEDDOC", "TK_EXTRACT", "TK_MAKEFILE",
+-  "TK_ACCESSCODE", "TK_GETCODE", "TK_SETCODE", "TK_PREINITCODE",
+-  "TK_INITCODE", "TK_POSTINITCODE", "TK_FINALCODE", "TK_UNITCODE",
+-  "TK_UNITPOSTINCLUDECODE", "TK_MODCODE", "TK_TYPECODE", "TK_PREPYCODE",
+-  "TK_COPYING", "TK_MAPPEDTYPE", "TK_CODELINE", "TK_IF", "TK_END",
+-  "TK_NAME_VALUE", "TK_PATH_VALUE", "TK_STRING_VALUE",
++  "\"end of file\"", "error", "\"invalid token\"", "TK_API",
++  "TK_AUTOPYNAME", "TK_DEFDOCSTRFMT", "TK_DEFDOCSTRSIG", "TK_DEFENCODING",
++  "TK_PLUGIN", "TK_VIRTERRORHANDLER", "TK_EXPTYPEHINTCODE",
++  "TK_TYPEHINTCODE", "TK_DOCSTRING", "TK_DOC", "TK_EXPORTEDDOC",
++  "TK_EXTRACT", "TK_MAKEFILE", "TK_ACCESSCODE", "TK_GETCODE", "TK_SETCODE",
++  "TK_PREINITCODE", "TK_INITCODE", "TK_POSTINITCODE", "TK_FINALCODE",
++  "TK_UNITCODE", "TK_UNITPOSTINCLUDECODE", "TK_MODCODE", "TK_TYPECODE",
++  "TK_PREPYCODE", "TK_COPYING", "TK_MAPPEDTYPE", "TK_CODELINE", "TK_IF",
++  "TK_END", "TK_NAME_VALUE", "TK_PATH_VALUE", "TK_STRING_VALUE",
+   "TK_VIRTUALCATCHERCODE", "TK_TRAVERSECODE", "TK_CLEARCODE",
+   "TK_GETBUFFERCODE", "TK_RELEASEBUFFERCODE", "TK_READBUFFERCODE",
+   "TK_WRITEBUFFERCODE", "TK_SEGCOUNTCODE", "TK_CHARBUFFERCODE",
+@@ -1264,13 +1217,13 @@ static const char *const yytname[] =
+   "TK_DEFSUPERTYPE", "TK_PROPERTY", "TK_HIDE_NS", "TK_FORMAT", "TK_GET",
+   "TK_ID", "TK_KWARGS", "TK_LANGUAGE", "TK_LICENSEE", "TK_NAME",
+   "TK_OPTIONAL", "TK_ORDER", "TK_REMOVELEADING", "TK_SET", "TK_SIGNATURE",
+-  "TK_TIMESTAMP", "TK_TYPE", "TK_USEARGNAMES", "TK_USELIMITEDAPI",
+-  "TK_ALLRAISEPYEXC", "TK_CALLSUPERINIT", "TK_DEFERRORHANDLER",
+-  "TK_VERSION", "'('", "')'", "','", "'='", "'{'", "'}'", "';'", "'!'",
+-  "'-'", "'+'", "'*'", "'/'", "'&'", "'|'", "'~'", "'<'", "'>'", "':'",
+-  "'['", "']'", "'%'", "'^'", "$accept", "specification", "statement",
+-  "@1", "modstatement", "nsstatement", "defdocstringfmt",
+-  "defdocstringfmt_args", "defdocstringfmt_arg_list",
++  "TK_TIMESTAMP", "TK_TYPE", "TK_USEARGNAMES", "TK_PYSSIZETCLEAN",
++  "TK_USELIMITEDAPI", "TK_ALLRAISEPYEXC", "TK_CALLSUPERINIT",
++  "TK_DEFERRORHANDLER", "TK_VERSION", "'('", "')'", "','", "'='", "'{'",
++  "'}'", "';'", "'!'", "'-'", "'+'", "'*'", "'/'", "'&'", "'|'", "'~'",
++  "'<'", "'>'", "':'", "'['", "']'", "'%'", "'^'", "$accept",
++  "specification", "statement", "$@1", "modstatement", "nsstatement",
++  "defdocstringfmt", "defdocstringfmt_args", "defdocstringfmt_arg_list",
+   "defdocstringfmt_arg", "defdocstringsig", "defdocstringsig_args",
+   "defdocstringsig_arg_list", "defdocstringsig_arg", "defencoding",
+   "defencoding_args", "defencoding_arg_list", "defencoding_arg", "plugin",
+@@ -1278,13 +1231,13 @@ static const char *const yytname[] =
+   "veh_args", "veh_arg_list", "veh_arg", "api", "api_args", "api_arg_list",
+   "api_arg", "exception", "baseexception", "exception_body",
+   "exception_body_directives", "exception_body_directive", "raisecode",
+-  "mappedtype", "@2", "mappedtypetmpl", "@3", "mtdefinition", "mtbody",
+-  "mtline", "mtfunction", "namespace", "@4", "optnsbody", "nsbody",
+-  "platforms", "@5", "platformlist", "platform", "feature", "feature_args",
+-  "feature_arg_list", "feature_arg", "timeline", "@6", "qualifierlist",
+-  "qualifiername", "ifstart", "@7", "oredqualifiers", "qualifiers",
+-  "ifend", "license", "license_args", "license_arg_list", "license_arg",
+-  "defmetatype", "defmetatype_args", "defmetatype_arg_list",
++  "mappedtype", "$@2", "mappedtypetmpl", "$@3", "mtdefinition", "mtbody",
++  "mtline", "mtfunction", "namespace", "$@4", "optnsbody", "nsbody",
++  "platforms", "$@5", "platformlist", "platform", "feature",
++  "feature_args", "feature_arg_list", "feature_arg", "timeline", "$@6",
++  "qualifierlist", "qualifiername", "ifstart", "$@7", "oredqualifiers",
++  "qualifiers", "ifend", "license", "license_args", "license_arg_list",
++  "license_arg", "defmetatype", "defmetatype_args", "defmetatype_arg_list",
+   "defmetatype_arg", "defsupertype", "defsupertype_args",
+   "defsupertype_arg_list", "defsupertype_arg", "hiddenns", "hiddenns_args",
+   "hiddenns_arg_list", "hiddenns_arg", "consmodule", "consmodule_args",
+@@ -1292,7 +1245,7 @@ static const char *const yytname[] =
+   "consmodule_body_directives", "consmodule_body_directive", "compmodule",
+   "compmodule_args", "compmodule_arg_list", "compmodule_arg",
+   "compmodule_body", "compmodule_body_directives",
+-  "compmodule_body_directive", "module", "module_args", "@8",
++  "compmodule_body_directive", "module", "module_args", "$@8",
+   "module_arg_list", "module_arg", "module_body", "module_body_directives",
+   "module_body_directive", "dottedname", "optnumber", "include",
+   "include_args", "include_arg_list", "include_arg", "optinclude",
+@@ -1307,1011 +1260,950 @@ static const char *const yytname[] =
+   "autopyname_args", "autopyname_arg_list", "autopyname_arg", "docstring",
+   "docstring_args", "docstring_arg_list", "docstring_arg", "optdocstring",
+   "extract", "extract_args", "extract_arg_list", "extract_arg", "makefile",
+-  "codeblock", "codelines", "enum", "@9", "optenumkey", "optfilename",
++  "codeblock", "codelines", "enum", "$@9", "optenumkey", "optfilename",
+   "optname", "optenumbody", "enumbody", "enumline", "optcomma",
+   "optenumassign", "optassign", "expr", "binop", "optunop", "value",
+   "optcast", "scopedname", "scopednamehead", "scopepart", "bool_value",
+-  "simplevalue", "exprlist", "typedef", "struct", "@10", "@11",
+-  "classtmpl", "@12", "template", "class", "@13", "@14", "superclasses",
++  "simplevalue", "exprlist", "typedef", "struct", "$@10", "$@11",
++  "classtmpl", "$@12", "template", "class", "$@13", "$@14", "superclasses",
+   "superlist", "superclass", "class_access", "optclassbody", "classbody",
+   "classline", "property", "property_args", "property_arg_list",
+   "property_arg", "property_body", "property_body_directives",
+-  "property_body_directive", "name_or_string", "optslot", "dtor", "@15",
+-  "dtor_decl", "ctor", "@16", "simplector", "optctorsig", "@17", "optsig",
+-  "@18", "function", "operatorname", "optconst", "optfinal", "optabstract",
+-  "optflags", "flaglist", "flag", "flagvalue", "virtualcallcode",
+-  "methodcode", "premethodcode", "virtualcatchercode", "arglist",
+-  "rawarglist", "argvalue", "varmember", "@19", "@20", "simple_varmem",
+-  "@21", "varmem", "member", "@22", "variable", "variable_body",
+-  "variable_body_directives", "variable_body_directive", "cpptype",
+-  "argtype", "optref", "deref", "basetype", "cpptypelist", "optexceptions",
+-  "exceptionlist", 0
++  "property_body_directive", "name_or_string", "optslot", "dtor", "$@15",
++  "dtor_decl", "ctor", "$@16", "simplector", "optctorsig", "$@17",
++  "optsig", "$@18", "function", "operatorname", "optconst", "optfinal",
++  "optabstract", "optflags", "flaglist", "flag", "flagvalue",
++  "virtualcallcode", "methodcode", "premethodcode", "virtualcatchercode",
++  "arglist", "rawarglist", "argvalue", "varmember", "$@19", "$@20",
++  "simple_varmem", "$@21", "varmem", "member", "$@22", "variable",
++  "variable_body", "variable_body_directives", "variable_body_directive",
++  "cpptype", "argtype", "optref", "deref", "basetype", "cpptypelist",
++  "optexceptions", "exceptionlist", YY_NULLPTR
+ };
++
++static const char *
++yysymbol_name (yysymbol_kind_t yysymbol)
++{
++  return yytname[yysymbol];
++}
+ #endif
+ 
+-# ifdef YYPRINT
+-/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
+-   token YYLEX-NUM.  */
+-static const yytype_uint16 yytoknum[] =
+-{
+-       0,   256,   257,   258,   259,   260,   261,   262,   263,   264,
+-     265,   266,   267,   268,   269,   270,   271,   272,   273,   274,
+-     275,   276,   277,   278,   279,   280,   281,   282,   283,   284,
+-     285,   286,   287,   288,   289,   290,   291,   292,   293,   294,
+-     295,   296,   297,   298,   299,   300,   301,   302,   303,   304,
+-     305,   306,   307,   308,   309,   310,   311,   312,   313,   314,
+-     315,   316,   317,   318,   319,   320,   321,   322,   323,   324,
+-     325,   326,   327,   328,   329,   330,   331,   332,   333,   334,
+-     335,   336,   337,   338,   339,   340,   341,   342,   343,   344,
+-     345,   346,   347,   348,   349,   350,   351,   352,   353,   354,
+-     355,   356,   357,   358,   359,   360,   361,   362,   363,   364,
+-     365,   366,   367,   368,   369,   370,   371,   372,   373,   374,
+-     375,   376,   377,   378,   379,   380,   381,   382,   383,   384,
+-     385,   386,   387,   388,   389,   390,   391,   392,   393,   394,
+-     395,   396,   397,   398,   399,   400,   401,   402,   403,   404,
+-     405,   406,    40,    41,    44,    61,   123,   125,    59,    33,
+-      45,    43,    42,    47,    38,   124,   126,    60,    62,    58,
+-      91,    93,    37,    94
+-};
+-# endif
++#define YYPACT_NINF (-840)
+ 
+-/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
+-static const yytype_uint16 yyr1[] =
+-{
+-       0,   174,   175,   175,   177,   176,   178,   178,   178,   178,
+-     178,   178,   178,   178,   178,   178,   178,   178,   178,   178,
+-     178,   178,   178,   178,   178,   178,   178,   178,   178,   178,
+-     178,   178,   178,   178,   178,   178,   178,   178,   178,   178,
+-     178,   178,   178,   178,   179,   179,   179,   179,   179,   179,
+-     179,   179,   179,   179,   179,   179,   180,   181,   181,   182,
+-     182,   183,   184,   185,   185,   186,   186,   187,   188,   189,
+-     189,   190,   190,   191,   192,   193,   193,   194,   194,   195,
+-     196,   197,   197,   198,   198,   199,   200,   201,   201,   202,
+-     202,   203,   203,   204,   205,   205,   206,   207,   207,   208,
+-     208,   208,   208,   209,   211,   210,   213,   212,   214,   215,
+-     215,   216,   216,   216,   216,   216,   216,   216,   216,   216,
+-     217,   219,   218,   220,   220,   221,   221,   223,   222,   224,
+-     224,   225,   226,   227,   227,   228,   228,   229,   231,   230,
+-     232,   232,   233,   235,   234,   236,   236,   236,   236,   237,
+-     237,   238,   239,   240,   240,   240,   241,   241,   242,   242,
+-     242,   242,   243,   244,   244,   245,   245,   246,   247,   248,
+-     248,   249,   249,   250,   251,   252,   252,   253,   253,   254,
+-     255,   256,   256,   257,   257,   258,   259,   259,   260,   260,
+-     261,   261,   261,   262,   263,   263,   264,   264,   265,   266,
+-     266,   267,   267,   268,   268,   268,   269,   269,   271,   270,
+-     270,   272,   272,   273,   273,   273,   273,   273,   273,   273,
+-     273,   273,   274,   274,   275,   275,   276,   276,   276,   276,
+-     277,   277,   278,   278,   279,   280,   280,   281,   281,   282,
+-     282,   283,   284,   285,   285,   286,   286,   287,   288,   288,
+-     289,   289,   290,   290,   291,   292,   293,   294,   295,   296,
+-     297,   298,   299,   300,   301,   302,   303,   304,   305,   306,
+-     307,   308,   309,   310,   311,   312,   313,   314,   315,   316,
+-     317,   318,   319,   320,   321,   321,   322,   323,   324,   324,
+-     324,   325,   325,   326,   326,   327,   327,   328,   329,   329,
+-     330,   330,   331,   331,   332,   333,   334,   334,   336,   335,
+-     337,   337,   337,   338,   338,   339,   339,   340,   340,   341,
+-     341,   342,   342,   342,   343,   343,   344,   344,   345,   345,
+-     346,   346,   347,   347,   347,   347,   347,   347,   348,   348,
+-     348,   348,   348,   348,   348,   349,   350,   350,   351,   351,
+-     352,   352,   353,   354,   354,   355,   355,   355,   355,   355,
+-     355,   355,   355,   355,   356,   356,   356,   357,   357,   359,
+-     360,   358,   362,   361,   363,   365,   366,   364,   367,   367,
+-     368,   368,   369,   370,   370,   370,   370,   371,   371,   372,
+-     372,   372,   373,   373,   373,   373,   373,   373,   373,   373,
+-     373,   373,   373,   373,   373,   373,   373,   373,   373,   373,
+-     373,   373,   373,   373,   373,   373,   373,   373,   373,   373,
+-     373,   373,   373,   373,   373,   373,   373,   374,   375,   376,
+-     376,   377,   377,   377,   378,   378,   379,   379,   380,   380,
+-     380,   381,   381,   382,   382,   384,   383,   383,   385,   387,
+-     386,   386,   388,   389,   390,   389,   391,   392,   391,   393,
+-     393,   393,   393,   394,   394,   394,   394,   394,   394,   394,
+-     394,   394,   394,   394,   394,   394,   394,   394,   394,   394,
+-     394,   394,   394,   394,   394,   394,   394,   394,   394,   394,
+-     394,   394,   395,   395,   396,   396,   397,   397,   398,   398,
+-     399,   399,   400,   400,   401,   401,   401,   401,   402,   402,
+-     403,   403,   404,   404,   405,   405,   406,   407,   407,   407,
+-     408,   408,   408,   408,   408,   408,   408,   408,   408,   410,
+-     409,   411,   409,   409,   413,   412,   412,   414,   414,   416,
+-     415,   415,   417,   418,   418,   419,   419,   420,   420,   420,
+-     420,   420,   421,   421,   422,   423,   423,   424,   424,   424,
+-     425,   425,   425,   425,   425,   425,   425,   425,   425,   425,
+-     425,   425,   425,   425,   425,   425,   425,   425,   425,   425,
+-     425,   425,   425,   425,   425,   425,   425,   425,   425,   425,
+-     425,   426,   426,   427,   427,   428,   428,   428
+-};
++#define yypact_value_is_default(Yyn) \
++  ((Yyn) == YYPACT_NINF)
+ 
+-/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
+-static const yytype_uint8 yyr2[] =
++#define YYTABLE_NINF (-564)
++
++#define yytable_value_is_error(Yyn) \
++  0
++
++/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
++   STATE-NUM.  */
++static const yytype_int16 yypact[] =
+ {
+-       0,     2,     1,     2,     0,     2,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     2,     1,     3,     1,
+-       3,     3,     2,     1,     3,     1,     3,     3,     2,     1,
+-       3,     1,     3,     3,     2,     1,     3,     1,     3,     3,
+-       3,     1,     3,     1,     3,     3,     2,     2,     3,     1,
+-       3,     3,     3,     5,     0,     3,     4,     1,     2,     1,
+-       1,     1,     1,     2,     0,     5,     0,     6,     4,     1,
+-       2,     1,     1,     1,     1,     2,     2,     1,     1,     1,
+-      14,     0,     5,     0,     3,     1,     2,     0,     5,     1,
+-       2,     1,     2,     1,     3,     1,     3,     3,     0,     5,
+-       1,     2,     1,     0,     5,     1,     2,     3,     4,     1,
+-       3,     1,     3,     0,     1,     3,     1,     3,     3,     3,
+-       3,     3,     2,     1,     3,     1,     3,     3,     2,     1,
+-       3,     1,     3,     3,     2,     1,     3,     1,     3,     3,
+-       3,     1,     3,     1,     3,     3,     0,     4,     1,     2,
+-       1,     1,     1,     3,     1,     3,     1,     3,     3,     0,
+-       4,     1,     2,     1,     1,     1,     3,     3,     0,     3,
+-       3,     1,     3,     3,     3,     3,     3,     3,     3,     3,
+-       3,     3,     0,     4,     1,     2,     1,     1,     1,     1,
+-       1,     1,     0,     1,     2,     1,     3,     1,     3,     3,
+-       3,     2,     2,     1,     3,     1,     3,     3,     0,     2,
+-       0,     2,     0,     2,     2,     2,     2,     2,     2,     2,
+-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+-       2,     2,     2,     3,     1,     3,     3,     3,     0,     1,
+-       3,     1,     3,     3,     3,     0,     1,     3,     1,     3,
+-       1,     3,     3,     3,     4,     2,     1,     2,     0,     9,
+-       0,     1,     1,     0,     1,     0,     1,     0,     1,     1,
+-       2,     1,     1,     4,     0,     1,     0,     2,     0,     2,
+-       1,     3,     1,     1,     1,     1,     1,     1,     0,     1,
+-       1,     1,     1,     1,     1,     3,     0,     3,     2,     1,
+-       1,     3,     1,     1,     1,     1,     4,     2,     1,     1,
+-       1,     1,     1,     1,     0,     1,     3,     6,    12,     0,
+-       0,     8,     0,     3,     4,     0,     0,     8,     0,     2,
+-       1,     3,     2,     0,     1,     1,     1,     0,     3,     0,
+-       1,     2,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       2,     2,     2,     3,     3,     3,     2,     3,     3,     1,
+-       3,     3,     3,     3,     0,     4,     1,     2,     1,     1,
+-       1,     1,     1,     0,     1,     0,     3,     1,    11,     0,
+-       3,     1,    11,     0,     0,     6,     0,     0,     7,    17,
+-       7,    17,    16,     1,     1,     1,     1,     1,     1,     1,
+-       1,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+-       2,     3,     3,     1,     2,     2,     1,     2,     2,     2,
+-       1,     2,     0,     1,     0,     1,     0,     2,     0,     3,
+-       1,     3,     1,     3,     1,     5,     1,     1,     0,     2,
+-       0,     2,     0,     2,     0,     2,     1,     0,     1,     3,
+-       4,     4,     4,     3,     3,     6,     6,     3,     2,     0,
+-       3,     0,     3,     1,     0,     3,     1,     1,     1,     0,
+-       3,     1,     8,     0,     3,     1,     2,     1,     1,     2,
+-       2,     2,     4,     3,     3,     0,     1,     0,     3,     2,
+-       1,     4,     2,     2,     1,     1,     2,     1,     1,     2,
+-       2,     3,     1,     1,     1,     2,     2,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     3,     0,     4,     0,     1,     3
++    -840,   125,  -840,  1218,  -840,  -840,    42,    -2,    54,    55,
++      58,    74,   100,   100,   100,   100,    75,   181,   100,   100,
++     100,   100,   100,   100,   100,   100,  1542,    51,  -840,  -840,
++      23,   228,    46,   100,   100,   100,    48,   238,    62,    64,
++      84,    84,  -840,  -840,  -840,   190,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,   218,
++     224,   277,   279,  1542,  -840,  -840,  1506,   309,  -840,  -840,
++      76,    59,  1506,    84,   203,  -840,    66,    68,    53,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,   206,   285,  -840,  -840,  -840,  -840,
++     359,  -840,  -840,  -840,    79,  -840,   297,   -26,  -840,  -840,
++     254,  -840,  -840,   268,  -840,  -840,   271,  -840,  -840,   281,
++    -840,  -840,   286,   100,  -840,  -840,   257,  -840,  -840,  -840,
++    -840,   101,   100,   395,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,    84,   276,  -840,  -840,   158,  -840,  -840,  -840,
++     298,  -840,  -840,  -840,  -840,  -840,  -840,   338,   287,  -840,
++     335,   324,   342,  -840,   331,   344,  -840,  -840,    18,  -840,
++    -840,  -840,   418,  -840,  -840,  -840,   447,  -840,   285,  -840,
++      77,  -840,   378,   380,  -840,   400,  -840,  -840,   171,   276,
++     388,   390,  1506,   404,  -840,  -840,   406,  -840,  -840,   407,
++    -840,  -840,  1506,   279,  1542,   482,   -49,   234,   146,  -840,
++     391,   392,   169,  -840,   393,   210,  -840,   396,   214,  -840,
++     399,   222,  -840,   401,   295,  -840,   402,   306,  -840,  -840,
++    -840,  -840,   403,   405,   312,  -840,  -840,  -840,   100,  -840,
++     516,  -840,     4,   408,   409,   316,  -840,   410,   323,  -840,
++     412,   413,   414,   416,   417,   419,   420,   421,   422,   423,
++     326,  -840,   244,  -840,   335,  -840,  -840,   424,   337,  -840,
++     267,  -840,   425,   339,  -840,   267,  -840,   381,   381,  -840,
++     276,  -840,   146,   276,   397,   426,   528,   529,   428,   341,
++    -840,   429,   430,   431,   432,   343,  -840,  -840,  1279,    84,
++     276,  -840,   -21,   433,   349,  -840,   435,   352,  -840,   436,
++     354,  -840,    -9,  -840,   276,  -840,  1279,   437,   439,   105,
++     440,   441,   442,   443,   444,   449,   450,  -840,    34,   -34,
++     438,   451,   452,   456,   486,  -840,  -840,   314,   488,  -840,
++     -26,   567,  -840,   254,   575,  -840,   268,   576,  -840,   271,
++     579,  -840,   281,   580,  -840,   286,   581,   513,  -840,   101,
++    -840,   465,   -11,  -840,   466,   461,   590,   530,   472,   467,
++     592,   394,  -840,   158,   594,  -840,   298,   595,   596,   238,
++     394,   394,   394,   394,   394,   599,   523,  -840,   338,   485,
++      81,  -840,  -840,    36,  -840,  -840,  -840,  -840,   238,  -840,
++     324,  -840,  -840,    38,  -840,  -840,   238,  -840,   331,  -840,
++    -840,    45,  -840,  -840,   315,   276,   276,  -840,  -840,   480,
++     606,   253,   483,  -840,    -1,  -840,  -840,    33,  -840,   314,
++    -840,   400,   605,   607,   608,   609,  -840,   171,   418,   418,
++     418,   418,   418,   493,   494,   418,   495,   497,  -840,   418,
++     492,   496,   498,  1506,  -840,   238,  -840,   404,   238,  -840,
++     406,    84,  -840,   407,  -840,  -840,   499,   288,   500,  -840,
++    1506,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++     502,  -840,   504,  -840,  -840,  -840,  1279,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,    93,   516,  -840,   334,
++    -840,  -840,    11,  -840,   418,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,   515,  -840,  -840,   128,   100,   505,  -840,
++    -840,  -840,   506,  -840,  -840,  -840,   507,  -840,  -840,  -840,
++    -840,   508,  -840,    84,  -840,  -840,   510,   642,   517,  -840,
++     735,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,   276,   276,   276,   276,   276,  1279,
++    1279,   276,   573,  1279,   276,   519,  -840,  -840,   232,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,   466,   573,   100,
++     100,   100,  -840,  -840,    56,  -840,   656,   520,  -840,  -840,
++     521,   509,  -840,  -840,  -840,  -840,  -840,   100,   100,   100,
++     100,  1506,   134,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,   643,  -840,   522,   358,  -840,   525,   526,   360,
++    -840,  -840,  -840,  -840,  -840,   315,  -840,   527,   527,   389,
++    -840,  -840,   533,  -840,  -840,   492,   492,   492,  -840,  -840,
++     535,   536,  -840,  -840,   561,  -840,  -840,    84,   293,  -840,
++     272,   100,    47,  -840,  -840,  -840,  -840,  -840,  -840,   561,
++    -840,  -840,  -840,  -840,  -840,   100,   673,   534,   573,   335,
++    -840,  -840,  -840,  -840,   658,   537,  -840,  -840,   659,  -840,
++     515,   661,   662,  -840,   128,  -840,  1092,   540,   541,   538,
++    -840,  -840,   545,   389,  -840,  1506,  -840,  -840,  -840,   418,
++     418,  -840,   584,   552,  -840,  -840,  -840,  -840,  -840,  -840,
++     519,  -840,  -840,  -840,  -840,  -840,  -840,   843,  -840,   548,
++    -840,   584,  -840,   100,   690,  -840,   561,   549,   558,  -840,
++    -840,  -840,  -840,  -840,  -840,   100,   100,   559,   100,   100,
++     100,   100,   100,   100,   100,   100,   100,   100,   100,   100,
++     644,   644,   644,   543,  -840,  -840,   547,  -840,  -840,   563,
++     683,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,   983,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++     519,   276,   562,  -840,   362,   276,   276,   565,   564,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,   568,   -30,  -840,  -840,
++     569,  -840,   564,  -840,   100,  -840,   584,   335,  1279,  -840,
++    -840,  1279,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,   553,   555,   560,  -840,  1336,
++    1336,   566,  1450,  1393,   694,   156,   572,   578,  -840,  -840,
++    -840,   577,  -840,   276,  -840,  -840,    84,   627,   276,  -840,
++     274,   276,  -840,   564,  -840,   583,   585,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,    90,  -840,   559,  -840,   582,
++     586,   587,   364,  -840,   267,  -840,   593,  -840,  -840,   589,
++    -840,   367,  -840,   570,   293,   373,   570,   276,   573,   584,
++     591,   701,   314,   712,  -840,   156,  -840,  -840,  -840,    52,
++    -840,   584,   642,  -840,    84,  -840,   597,  -840,   519,   600,
++     570,   584,   276,  -840,  -840,  -840,  -840,   602,  -840,   564,
++    -840,  -840,  1506,   700,   293,   642,   603,   276,   616,  -840,
++     276,   598,   100,   702,   700,   700,   570,  -840,   611,   612,
++    1279,  -840,   100,   715,   702,   702,   615,   601,   642,   700,
++     604,  -840,   100,   706,   715,   715,   642,  1279,   700,   702,
++     617,  -840,   100,  -840,   706,   706,   700,   610,   702,   715,
++    -840,  -840,  -840,  -840,   702,   618,  -840,  -840,  -840,  -840
+ };
+ 
+-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
+-   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
++/* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM.
++   Performed when YYTABLE does not specify something else to do.  Zero
+    means the default is an error.  */
+-static const yytype_uint16 yydefact[] =
++static const yytype_int16 yydefact[] =
+ {
+        4,     4,     2,     0,     1,     3,     0,     0,     0,     0,
+        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+-       0,     0,     0,     0,     0,     0,     0,     0,   151,   352,
++       0,     0,     0,     0,     0,     0,     0,     0,   151,   353,
+        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+-       0,     0,   574,   564,   567,   568,   572,   573,   577,   578,
+-     579,   580,   581,   582,   583,   584,   585,   586,   587,   310,
+-       0,   565,     0,     0,   588,   589,     0,     0,   138,   127,
+-       0,   153,     0,     0,     0,   590,     0,     0,     0,     5,
++       0,     0,   575,   565,   568,   569,   573,   574,   578,   579,
++     580,   581,   582,   583,   584,   585,   586,   587,   588,   311,
++       0,   566,     0,     0,   589,   590,     0,     0,   138,   127,
++       0,   153,     0,     0,     0,   591,     0,     0,     0,     5,
+       43,    19,    20,    21,     9,    42,    14,    50,    40,    41,
+       46,    16,    17,    15,    44,    45,    18,    22,    23,    24,
+        7,     8,     6,    11,    12,    13,    10,    25,    26,    55,
+       27,    28,    29,    30,    31,    32,    33,    34,    35,    36,
+-      37,    38,    39,    52,   560,   349,   350,    51,    47,    49,
+-     372,    48,    53,    54,     0,   557,     0,     0,    86,    57,
++      37,    38,    39,    52,   561,   350,   351,    51,    47,    49,
++     373,    48,    53,    54,     0,   558,     0,     0,    86,    57,
+        0,    56,    63,     0,    62,    69,     0,    68,    75,     0,
+-      74,    81,     0,     0,   306,   277,     0,   278,   280,   281,
+-     298,     0,     0,   313,   271,   272,   273,   274,   275,   269,
+-     276,   254,     0,   498,   143,   235,     0,   234,   241,   243,
+-       0,   242,   255,   256,   257,   230,   231,     0,   222,   208,
+-     232,     0,   186,   181,     0,   199,   194,   375,   369,   570,
+-     311,   312,   315,   575,   563,   566,   569,   576,   348,   557,
+-       0,   121,     0,     0,   133,     0,   132,   154,     0,   498,
++      74,    81,     0,     0,   307,   278,     0,   279,   281,   282,
++     299,     0,     0,   314,   272,   273,   274,   275,   276,   270,
++     277,   255,     0,   499,   143,   236,     0,   235,   242,   244,
++       0,   243,   256,   257,   258,   231,   232,     0,   223,   208,
++     233,     0,   186,   181,     0,   199,   194,   376,   370,   571,
++     312,   313,   316,   576,   564,   567,   570,   577,   349,   558,
++       0,   121,     0,     0,   133,     0,   132,   154,     0,   499,
+        0,    94,     0,     0,   162,   163,     0,   168,   169,     0,
+-     174,   175,     0,     0,     0,     0,   498,     0,   555,    87,
++     174,   175,     0,     0,     0,     0,   499,     0,   556,    87,
+        0,     0,     0,    89,     0,     0,    59,     0,     0,    65,
+        0,     0,    71,     0,     0,    77,     0,     0,    83,    80,
+-     307,   305,     0,     0,     0,   300,   297,   314,     0,   562,
+-       0,   104,   315,     0,     0,     0,   237,     0,     0,   245,
++     308,   306,     0,     0,     0,   301,   298,   315,     0,   563,
++       0,   104,   316,     0,     0,     0,   238,     0,     0,   246,
+        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+-     211,     0,   206,   232,   233,   207,     0,     0,   183,     0,
+-     180,     0,     0,   196,     0,   193,   378,   378,   316,   498,
+-     571,   555,   498,     0,   123,     0,     0,     0,     0,   135,
+-       0,     0,     0,     0,     0,   156,   152,   517,     0,   498,
+-     591,     0,     0,     0,   165,     0,     0,   171,     0,     0,
+-     177,     0,   351,   498,   373,   517,   543,     0,     0,     0,
+-     464,   463,   465,   466,   468,   469,   483,   486,   490,     0,
+-     467,   470,     0,   559,   556,   553,     0,     0,    88,     0,
+-       0,    58,     0,     0,    64,     0,     0,    70,     0,     0,
+-      76,     0,     0,    82,     0,     0,     0,   299,     0,   304,
+-     502,     0,   500,     0,   145,     0,   149,     0,     0,     0,
+-       0,   236,     0,     0,   244,     0,     0,     0,     0,     0,
+-       0,     0,     0,     0,     0,   210,     0,     0,   288,   226,
+-     227,     0,   224,   228,   229,   209,     0,   182,     0,   190,
+-     191,     0,   188,   192,     0,   195,     0,   203,   204,     0,
+-     201,   205,   383,   498,   498,   308,   552,     0,     0,     0,
+-       0,   142,     0,   140,   131,     0,   129,     0,   134,     0,
+-       0,     0,     0,     0,   155,     0,   315,   315,   315,   315,
+-     315,     0,     0,   315,     0,   516,   518,   315,   328,     0,
+-       0,     0,   374,     0,   164,     0,     0,   170,     0,     0,
+-     176,     0,   561,   106,     0,     0,     0,   484,     0,   488,
+-     489,   474,   473,   475,   476,   478,   479,   487,   471,   491,
+-     472,   485,   477,   480,   517,   558,   441,   442,    91,    92,
+-      90,    61,    60,    67,    66,    73,    72,    79,    78,    85,
+-      84,   302,   303,   301,     0,     0,   499,     0,   105,   146,
+-       0,   144,   315,   239,   353,   354,   240,   238,   247,   246,
+-     213,   214,   215,   216,   217,   218,   219,   220,   221,   212,
+-       0,   282,   289,     0,     0,     0,   225,   185,   184,     0,
+-     189,   198,   197,     0,   202,   384,   385,   386,   379,   380,
+-       0,   376,   370,     0,   295,     0,   125,     0,   372,   122,
+-     139,   141,   128,   130,   137,   136,   159,   160,   161,   158,
+-     157,   498,   498,   498,   498,   498,   517,   517,   498,   492,
+-       0,   498,   346,   528,    95,     0,    93,   592,   167,   166,
+-     173,   172,   179,   178,     0,   492,     0,     0,     0,   547,
+-     548,     0,   545,   248,     0,   481,   482,     0,   230,   506,
+-     507,   504,   503,   501,     0,     0,     0,     0,     0,     0,
+-     109,   119,   111,   112,   113,   117,   114,   118,   147,     0,
+-     150,     0,     0,   284,     0,     0,     0,   291,   287,   223,
+-     187,   200,   383,   382,   387,   387,   317,   296,   367,     0,
+-     124,   126,   328,   328,   328,   523,   524,     0,     0,   527,
+-     493,   494,   519,   554,     0,   329,   330,   338,     0,     0,
+-      97,   101,    99,   100,   102,   107,   494,   549,   550,   551,
+-     544,   546,     0,   250,     0,   492,   232,   270,   266,   115,
+-     116,     0,     0,   110,   148,     0,   283,     0,     0,     0,
+-     290,     0,   381,   389,     0,     0,   326,   321,   322,     0,
+-     318,   319,     0,   520,   521,   522,   315,   315,   495,   593,
+-       0,   332,   333,   334,   335,   336,   337,   346,   339,   341,
+-     342,   343,   344,   340,     0,   103,     0,    98,   593,   249,
+-       0,   252,   460,   494,     0,     0,   108,   286,   285,   293,
+-     294,   292,     0,     0,   352,     0,     0,     0,     0,     0,
+-       0,     0,     0,     0,     0,     0,     0,   443,   443,   443,
+-       0,   529,   531,   539,   534,   449,     0,     0,   398,   394,
+-     392,   393,   404,   405,   406,   407,   408,   409,   410,   411,
+-     412,   413,   414,   415,   403,   416,   402,   400,   399,   395,
+-     397,   396,     0,   390,   401,   418,   447,   417,   451,   541,
+-     419,   533,   536,   537,   538,   377,   371,   346,   498,     0,
+-     320,     0,   498,   498,     0,   496,   347,   331,   362,   359,
+-     358,   363,   361,     0,   355,   360,   345,     0,    96,   496,
+-     251,     0,   542,   593,   232,   517,   279,   268,   517,   258,
+-     259,   260,   261,   262,   263,   264,   265,   267,   422,   421,
+-     420,   444,     0,     0,     0,   426,     0,     0,     0,     0,
+-       0,     0,     0,   434,     0,   388,   391,   327,   324,   309,
+-     498,   525,   526,   595,     0,   498,   357,   346,   498,   253,
+-     496,   505,     0,     0,   423,   424,   425,   539,   530,   532,
+-     446,   540,     0,   535,     0,   450,     0,     0,     0,     0,
+-     429,     0,   427,     0,   325,   323,     0,   596,     0,   497,
+-     456,   365,     0,   456,   498,   492,   593,     0,     0,     0,
+-       0,   428,     0,   438,   439,   440,     0,   436,   593,   295,
+-     594,     0,   457,     0,   356,   346,     0,   456,   593,   498,
+-     431,   432,   433,   430,     0,   437,   496,   368,   597,     0,
+-     512,   366,   295,     0,   498,   453,   435,   498,     0,     0,
+-     510,   512,   512,   456,   454,     0,     0,   517,   513,     0,
+-     514,   510,   510,     0,     0,   295,   512,     0,   511,     0,
+-     508,   514,   514,   295,   517,   512,   510,     0,   515,     0,
+-     462,   508,   508,   512,     0,   510,   514,   458,   509,   459,
+-     461,   510,     0,   452,   448,   120,   455
++       0,   211,     0,   206,   233,   234,   207,     0,     0,   183,
++       0,   180,     0,     0,   196,     0,   193,   379,   379,   317,
++     499,   572,   556,   499,     0,   123,     0,     0,     0,     0,
++     135,     0,     0,     0,     0,     0,   156,   152,   518,     0,
++     499,   592,     0,     0,     0,   165,     0,     0,   171,     0,
++       0,   177,     0,   352,   499,   374,   518,   544,     0,     0,
++       0,   465,   464,   466,   467,   469,   470,   484,   487,   491,
++       0,   468,   471,     0,   560,   557,   554,     0,     0,    88,
++       0,     0,    58,     0,     0,    64,     0,     0,    70,     0,
++       0,    76,     0,     0,    82,     0,     0,     0,   300,     0,
++     305,   503,     0,   501,     0,   145,     0,   149,     0,     0,
++       0,     0,   237,     0,     0,   245,     0,     0,     0,     0,
++       0,     0,     0,     0,     0,     0,     0,   210,     0,     0,
++     289,   227,   228,     0,   225,   229,   230,   209,     0,   182,
++       0,   190,   191,     0,   188,   192,     0,   195,     0,   203,
++     204,     0,   201,   205,   384,   499,   499,   309,   553,     0,
++       0,     0,     0,   142,     0,   140,   131,     0,   129,     0,
++     134,     0,     0,     0,     0,     0,   155,     0,   316,   316,
++     316,   316,   316,     0,     0,   316,     0,   517,   519,   316,
++     329,     0,     0,     0,   375,     0,   164,     0,     0,   170,
++       0,     0,   176,     0,   562,   106,     0,     0,     0,   485,
++       0,   489,   490,   475,   474,   476,   477,   479,   480,   488,
++     472,   492,   473,   486,   478,   481,   518,   559,   442,   443,
++      91,    92,    90,    61,    60,    67,    66,    73,    72,    79,
++      78,    85,    84,   303,   304,   302,     0,     0,   500,     0,
++     105,   146,     0,   144,   316,   240,   354,   355,   241,   239,
++     248,   247,   213,   214,   215,   216,   217,   218,   219,   220,
++     221,   222,   212,     0,   283,   290,     0,     0,     0,   226,
++     185,   184,     0,   189,   198,   197,     0,   202,   385,   386,
++     387,   380,   381,     0,   377,   371,     0,   296,     0,   125,
++       0,   373,   122,   139,   141,   128,   130,   137,   136,   159,
++     160,   161,   158,   157,   499,   499,   499,   499,   499,   518,
++     518,   499,   493,     0,   499,   347,   529,    95,     0,    93,
++     593,   167,   166,   173,   172,   179,   178,     0,   493,     0,
++       0,     0,   548,   549,     0,   546,   249,     0,   482,   483,
++       0,   231,   507,   508,   505,   504,   502,     0,     0,     0,
++       0,     0,     0,   109,   119,   111,   112,   113,   117,   114,
++     118,   147,     0,   150,     0,     0,   285,     0,     0,     0,
++     292,   288,   224,   187,   200,   384,   383,   388,   388,   318,
++     297,   368,     0,   124,   126,   329,   329,   329,   524,   525,
++       0,     0,   528,   494,   495,   520,   555,     0,   330,   331,
++     339,     0,     0,    97,   101,    99,   100,   102,   107,   495,
++     550,   551,   552,   545,   547,     0,   251,     0,   493,   233,
++     271,   267,   115,   116,     0,     0,   110,   148,     0,   284,
++       0,     0,     0,   291,     0,   382,   390,     0,     0,   327,
++     322,   323,     0,   319,   320,     0,   521,   522,   523,   316,
++     316,   496,   594,     0,   333,   334,   335,   336,   337,   338,
++     347,   340,   342,   343,   344,   345,   341,     0,   103,     0,
++      98,   594,   250,     0,   253,   461,   495,     0,     0,   108,
++     287,   286,   294,   295,   293,     0,     0,   353,     0,     0,
++       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
++     444,   444,   444,     0,   530,   532,   540,   535,   450,     0,
++       0,   399,   395,   393,   394,   405,   406,   407,   408,   409,
++     410,   411,   412,   413,   414,   415,   416,   404,   417,   403,
++     401,   400,   396,   398,   397,     0,   391,   402,   419,   448,
++     418,   452,   542,   420,   534,   537,   538,   539,   378,   372,
++     347,   499,     0,   321,     0,   499,   499,     0,   497,   348,
++     332,   363,   360,   359,   364,   362,     0,   356,   361,   346,
++       0,    96,   497,   252,     0,   543,   594,   233,   518,   280,
++     269,   518,   259,   260,   261,   262,   263,   264,   265,   266,
++     268,   423,   422,   421,   445,     0,     0,     0,   427,     0,
++       0,     0,     0,     0,     0,     0,   435,     0,   389,   392,
++     328,   325,   310,   499,   526,   527,   596,     0,   499,   358,
++     347,   499,   254,   497,   506,     0,     0,   424,   425,   426,
++     540,   531,   533,   447,   541,     0,   536,     0,   451,     0,
++       0,     0,     0,   430,     0,   428,     0,   326,   324,     0,
++     597,     0,   498,   457,   366,     0,   457,   499,   493,   594,
++       0,     0,     0,     0,   429,     0,   439,   440,   441,     0,
++     437,   594,   296,   595,     0,   458,     0,   357,   347,     0,
++     457,   594,   499,   432,   433,   434,   431,     0,   438,   497,
++     369,   598,     0,   513,   367,   296,     0,   499,   454,   436,
++     499,     0,     0,   511,   513,   513,   457,   455,     0,     0,
++     518,   514,     0,   515,   511,   511,     0,     0,   296,   513,
++       0,   512,     0,   509,   515,   515,   296,   518,   513,   511,
++       0,   516,     0,   463,   509,   509,   513,     0,   511,   515,
++     459,   510,   460,   462,   511,     0,   453,   449,   120,   456
++};
++
++/* YYPGOTO[NTERM-NUM].  */
++static const yytype_int16 yypgoto[] =
++{
++    -840,  -840,   754,  -840,  -840,  -408,  -840,  -840,  -840,   434,
++    -840,  -840,  -840,   415,  -840,  -840,  -840,   386,  -840,  -840,
++    -840,   384,  -840,  -840,  -840,   411,  -840,  -840,  -840,   427,
++    -622,  -840,  -840,  -840,    91,  -840,  -840,  -840,  -840,  -840,
++     165,  -840,   143,  -840,  -615,  -840,  -840,  -840,  -840,  -840,
++    -840,   345,  -840,  -840,  -840,   340,  -840,  -840,  -840,   350,
++    -264,  -840,  -840,  -840,  -261,  -840,  -840,  -840,   363,  -840,
++    -840,  -840,   311,  -840,  -840,  -840,   346,  -840,  -840,  -840,
++     332,  -840,  -840,  -840,   375,  -840,  -840,   445,  -840,  -840,
++    -840,   446,  -840,  -840,   398,  -840,  -840,  -840,  -840,   448,
++    -840,  -840,   453,    17,  -276,  -840,  -840,  -840,   455,  -840,
++    -840,  -840,  -840,   457,  -840,  -840,  -840,  -840,  -840,  -840,
++    -513,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,  -595,
++    -840,  -840,  -840,  -593,  -840,  -840,  -840,  -840,  -840,  -840,
++    -840,  -840,  -840,  -840,  -840,  -840,  -840,  -840,   102,  -268,
++    -840,  -840,    99,  -839,  -840,  -840,  -840,   454,  -840,   -13,
++    -840,  -510,  -840,  -840,  -840,  -225,  -840,  -840,    94,  -840,
++    -840,  -239,  -790,  -840,  -840,  -653,  -840,   -27,   772,   613,
++    -351,  -840,  -840,  -578,  -573,  -840,  -840,  -561,  -840,   835,
++    -216,  -840,  -840,   539,  -840,   167,  -840,   170,  -840,    15,
++    -840,  -840,  -840,  -116,  -840,  -840,  -118,  -436,  -272,  -840,
++    -840,   -48,  -840,  -840,   -52,  -840,  -840,  -788,  -840,    12,
++    -840,  -598,  -644,  -837,  -194,  -840,   318,  -840,  -503,  -734,
++    -735,  -786,  -342,  -840,   243,  -840,  -840,  -840,  -366,  -840,
++     -44,  -840,  -840,    14,  -840,  -840,   230,     0,  -840,   556,
++     660,   -10,  -205,  -722,  -840
+ };
+ 
+ /* YYDEFGOTO[NTERM-NUM].  */
+ static const yytype_int16 yydefgoto[] =
+ {
+-      -1,     1,     2,     3,    79,    80,    81,   141,   245,   246,
++       0,     1,     2,     3,    79,    80,    81,   141,   245,   246,
+       82,   144,   248,   249,    83,   147,   251,   252,    84,   150,
+      254,   255,    85,   153,   257,   258,    86,   138,   242,   243,
+-      87,   329,   616,   699,   700,   701,    88,   393,    89,   624,
+-     538,   649,   650,   651,    90,   314,   450,   587,    91,   213,
+-     455,   456,    92,   216,   318,   319,    93,   212,   452,   453,
+-      94,   272,   396,   397,    95,    96,   219,   324,   325,    97,
+-     224,   333,   334,    98,   227,   336,   337,    99,   230,   339,
+-     340,   100,   192,   297,   298,   300,   431,   432,   101,   195,
+-     302,   303,   305,   439,   440,   102,   188,   293,   289,   290,
+-     292,   421,   422,   189,   295,   103,   177,   275,   276,   104,
+-     105,   181,   278,   279,   713,   771,   872,   106,   107,   108,
+-     109,   813,   814,   815,   816,   817,   818,   819,   820,   655,
+-     822,   823,   110,   656,   111,   112,   113,   114,   115,   116,
+-     117,   118,   825,   119,   120,   423,   561,   662,   663,   677,
+-     564,   666,   667,   678,   121,   162,   264,   265,   122,   155,
+-     156,   123,   583,   202,   268,   309,   739,   740,   741,   945,
+-     848,   613,   695,   757,   764,   696,   697,   124,   125,   126,
+-     546,   866,   952,   127,   128,   307,   675,   129,   235,   588,
+-     131,   306,   674,   443,   578,   579,   580,   734,   832,   833,
+-     834,   903,   939,   940,   942,   966,   967,   518,   892,   835,
+-     898,   836,   837,   901,   838,  1005,  1014,   973,   989,   839,
+-     362,   691,   749,   915,   271,   391,   392,   642,  1030,  1010,
+-    1000,  1020,   474,   475,   476,   840,   896,   897,   841,   900,
+-     842,   843,   899,   844,   496,   631,   632,   477,   478,   365,
+-     238,   135,   331,   855,   948
+-};
+-
+-/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
+-   STATE-NUM.  */
+-#define YYPACT_NINF -823
+-static const yytype_int16 yypact[] =
+-{
+-    -823,   143,  -823,  1215,  -823,  -823,    -1,    60,    86,    87,
+-      68,    69,   119,   119,   119,   119,    71,    24,   119,   119,
+-     119,   119,   119,   119,   119,   119,  1503,     8,  -823,  -823,
+-      13,   137,    34,   119,   119,   119,    46,   322,    50,    52,
+-      85,    85,  -823,  -823,  -823,   111,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,   364,
+-     154,   296,   217,  1503,  -823,  -823,   497,   270,  -823,  -823,
+-      74,    89,   497,    85,   102,  -823,    63,    65,    67,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,   140,   167,  -823,  -823,  -823,  -823,
+-     311,  -823,  -823,  -823,    94,  -823,   219,   160,  -823,  -823,
+-     207,  -823,  -823,   214,  -823,  -823,   216,  -823,  -823,   221,
+-    -823,  -823,   231,   119,  -823,  -823,   175,  -823,  -823,  -823,
+-    -823,    28,   119,   341,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,    85,   215,  -823,  -823,   309,  -823,  -823,  -823,
+-     243,  -823,  -823,  -823,  -823,  -823,  -823,   295,   242,  -823,
+-     276,   263,   249,  -823,   285,   265,  -823,  -823,    45,  -823,
+-    -823,  -823,   405,  -823,  -823,  -823,   384,  -823,   167,  -823,
+-      75,  -823,   308,   366,  -823,   406,  -823,  -823,   259,   215,
+-     336,   345,   497,   407,  -823,  -823,   408,  -823,  -823,   409,
+-    -823,  -823,   497,   217,  1503,   479,   107,   227,   138,  -823,
+-     393,   394,   313,  -823,   395,   320,  -823,   399,   324,  -823,
+-     400,   326,  -823,   401,   329,  -823,   402,   331,  -823,  -823,
+-    -823,  -823,   403,   410,   333,  -823,  -823,  -823,   119,  -823,
+-     518,  -823,    18,   411,   414,   337,  -823,   433,   340,  -823,
+-     437,   439,   440,   441,   442,   443,   445,   449,   450,   342,
+-    -823,   332,  -823,   276,  -823,  -823,   451,   346,  -823,   306,
+-    -823,   452,   348,  -823,   306,  -823,   390,   390,  -823,   215,
+-    -823,   138,   215,   398,   453,   527,   529,   455,   350,  -823,
+-     457,   462,   463,   464,   352,  -823,  -823,  1276,    85,   215,
+-    -823,   -22,   465,   354,  -823,   466,   356,  -823,   467,   358,
+-    -823,    29,  -823,   215,  -823,  1276,   469,   470,   108,   471,
+-     472,   473,   474,   475,   480,   481,  -823,   -40,   185,   468,
+-     482,   483,   456,   544,  -823,  -823,   287,   534,  -823,   160,
+-     606,  -823,   207,   607,  -823,   214,   608,  -823,   216,   611,
+-    -823,   221,   612,  -823,   231,   613,   542,  -823,    28,  -823,
+-     495,   -21,  -823,   496,   491,   620,   560,   503,   499,   625,
+-     397,  -823,   309,   626,  -823,   243,   627,   628,   322,   397,
+-     397,   397,   397,   631,   555,  -823,   295,   516,    90,  -823,
+-    -823,    38,  -823,  -823,  -823,  -823,   322,  -823,   263,  -823,
+-    -823,    25,  -823,  -823,   322,  -823,   285,  -823,  -823,    35,
+-    -823,  -823,   359,   215,   215,  -823,  -823,   511,   636,   842,
+-     513,  -823,    21,  -823,  -823,    31,  -823,   287,  -823,   406,
+-     638,   639,   642,   643,  -823,   259,   405,   405,   405,   405,
+-     405,   520,   528,   405,   531,   532,  -823,   405,   526,   535,
+-     533,   497,  -823,   322,  -823,   407,   322,  -823,   408,    85,
+-    -823,   409,  -823,  -823,   537,   330,   524,  -823,   497,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,   536,  -823,
+-     538,  -823,  -823,  -823,  1276,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,   103,   518,  -823,   283,  -823,  -823,
+-      22,  -823,   405,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-     546,  -823,  -823,   171,   119,   539,  -823,  -823,  -823,   545,
+-    -823,  -823,  -823,   547,  -823,  -823,  -823,  -823,   540,  -823,
+-      85,  -823,  -823,   548,   680,   543,  -823,   203,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,   215,   215,   215,   215,   215,  1276,  1276,   215,   599,
+-    1276,   215,   554,  -823,  -823,   152,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,   496,   599,   119,   119,   119,  -823,
+-    -823,    59,  -823,   683,   556,  -823,  -823,   557,   549,  -823,
+-    -823,  -823,  -823,  -823,   119,   119,   119,   119,   497,    61,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,   673,
+-    -823,   553,   362,  -823,   558,   559,   365,  -823,  -823,  -823,
+-    -823,  -823,   359,  -823,   561,   561,   404,  -823,  -823,   564,
+-    -823,  -823,   526,   526,   526,  -823,  -823,   566,   568,  -823,
+-    -823,   585,  -823,  -823,    85,   294,  -823,   258,   119,    57,
+-    -823,  -823,  -823,  -823,  -823,  -823,   585,  -823,  -823,  -823,
+-    -823,  -823,   119,   694,   567,   599,   276,  -823,  -823,  -823,
+-    -823,   688,   569,  -823,  -823,   690,  -823,   546,   692,   693,
+-    -823,   171,  -823,  1089,   572,   573,   577,  -823,  -823,   578,
+-     404,  -823,   497,  -823,  -823,  -823,   405,   405,  -823,   604,
+-     581,  -823,  -823,  -823,  -823,  -823,  -823,   554,  -823,  -823,
+-    -823,  -823,  -823,  -823,   732,  -823,   580,  -823,   604,  -823,
+-     119,   717,  -823,   585,   579,   588,  -823,  -823,  -823,  -823,
+-    -823,  -823,   119,   119,   589,   119,   119,   119,   119,   119,
+-     119,   119,   119,   119,   119,   119,   119,   672,   672,   672,
+-     575,  -823,  -823,   582,  -823,  -823,   593,   712,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,   980,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,   554,   215,   591,
+-    -823,   367,   215,   215,   595,   596,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,   598,   -31,  -823,  -823,   600,  -823,   596,
+-    -823,   119,  -823,   604,   276,  1276,  -823,  -823,  1276,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,   584,   587,   592,  -823,  1333,  1333,   594,  1447,
+-    1390,   716,   235,   602,   610,  -823,  -823,  -823,   609,  -823,
+-     215,  -823,  -823,    85,   657,   215,  -823,   298,   215,  -823,
+-     596,  -823,   614,   618,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,   121,  -823,   589,  -823,   630,   632,   633,   372,
+-    -823,   306,  -823,   637,  -823,  -823,   634,  -823,   376,  -823,
+-     616,   294,   379,   616,   215,   599,   604,   641,   731,   287,
+-     755,  -823,   235,  -823,  -823,  -823,    42,  -823,   604,   680,
+-    -823,    85,  -823,   640,  -823,   554,   645,   616,   604,   215,
+-    -823,  -823,  -823,  -823,   646,  -823,   596,  -823,  -823,   497,
+-     742,   294,   680,   664,   215,   624,  -823,   215,   644,   119,
+-     747,   742,   742,   616,  -823,   665,   669,  1276,  -823,   119,
+-     763,   747,   747,   670,   649,   680,   742,   676,  -823,   119,
+-     783,   763,   763,   680,  1276,   742,   747,   660,  -823,   119,
+-    -823,   783,   783,   742,   681,   747,   763,  -823,  -823,  -823,
+-    -823,   747,   662,  -823,  -823,  -823,  -823
++      87,   330,   619,   702,   703,   704,    88,   394,    89,   627,
++     540,   652,   653,   654,    90,   315,   452,   590,    91,   213,
++     457,   458,    92,   216,   319,   320,    93,   212,   454,   455,
++      94,   272,   397,   398,    95,    96,   219,   325,   326,    97,
++     224,   334,   335,    98,   227,   337,   338,    99,   230,   340,
++     341,   100,   192,   298,   299,   301,   433,   434,   101,   195,
++     303,   304,   306,   441,   442,   102,   188,   294,   290,   291,
++     293,   423,   424,   189,   296,   103,   177,   275,   276,   104,
++     105,   181,   278,   279,   716,   774,   875,   106,   107,   108,
++     109,   816,   817,   818,   819,   820,   821,   822,   823,   658,
++     825,   826,   110,   659,   111,   112,   113,   114,   115,   116,
++     117,   118,   828,   119,   120,   425,   564,   665,   666,   680,
++     567,   669,   670,   681,   121,   162,   264,   265,   122,   155,
++     156,   123,   586,   202,   268,   310,   742,   743,   744,   948,
++     851,   616,   698,   760,   767,   699,   700,   124,   125,   126,
++     548,   869,   955,   127,   128,   308,   678,   129,   235,   591,
++     131,   307,   677,   445,   581,   582,   583,   737,   835,   836,
++     837,   906,   942,   943,   945,   969,   970,   520,   895,   838,
++     901,   839,   840,   904,   841,  1008,  1017,   976,   992,   842,
++     363,   694,   752,   918,   271,   392,   393,   645,  1033,  1013,
++    1003,  1023,   476,   477,   478,   843,   899,   900,   844,   903,
++     845,   846,   902,   847,   498,   634,   635,   479,   480,   366,
++     238,   135,   332,   858,   951
+ };
+ 
+-/* YYPGOTO[NTERM-NUM].  */
+-static const yytype_int16 yypgoto[] =
+-{
+-    -823,  -823,   834,  -823,  -823,  -411,  -823,  -823,  -823,   484,
+-    -823,  -823,  -823,   461,  -823,  -823,  -823,   476,  -823,  -823,
+-    -823,   460,  -823,  -823,  -823,   458,  -823,  -823,  -823,   477,
+-    -638,  -823,  -823,  -823,   144,  -823,  -823,  -823,  -823,  -823,
+-     220,  -823,   196,  -823,  -629,  -823,  -823,  -823,  -823,  -823,
+-    -823,   396,  -823,  -823,  -823,   412,  -823,  -823,  -823,   413,
+-    -265,  -823,  -823,  -823,  -264,  -823,  -823,  -823,   387,  -823,
+-    -823,  -823,   368,  -823,  -823,  -823,   369,  -823,  -823,  -823,
+-     370,  -823,  -823,  -823,   427,  -823,  -823,   429,  -823,  -823,
+-    -823,   426,  -823,  -823,   424,  -823,  -823,  -823,  -823,   448,
+-    -823,  -823,   446,     6,  -263,  -823,  -823,  -823,   478,  -823,
+-    -823,  -823,  -823,   485,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -508,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,  -627,
+-    -823,  -823,  -823,  -603,  -823,  -823,  -823,  -823,  -823,  -823,
+-    -823,  -823,  -823,  -823,  -823,  -823,  -823,  -823,   139,  -268,
+-    -823,  -823,   141,  -822,  -823,  -823,  -823,   489,  -823,   -13,
+-    -823,  -505,  -823,  -823,  -823,  -223,  -823,  -823,   128,  -823,
+-    -823,  -212,  -786,  -823,  -823,  -647,  -823,   -27,   807,   648,
+-    -349,  -823,  -823,  -598,  -579,  -823,  -823,  -574,  -823,   867,
+-    -216,  -823,  -823,   571,  -823,   201,  -823,   204,  -823,    51,
+-    -823,  -823,  -823,   -80,  -823,  -823,   -82,  -432,  -260,  -823,
+-    -823,   -11,  -823,  -823,   -16,  -823,  -823,  -660,  -823,    12,
+-    -823,  -597,  -577,  -796,  -195,  -823,   357,  -823,  -496,  -680,
+-    -696,  -765,  -341,  -823,   279,  -823,  -823,  -823,  -355,  -823,
+-      -9,  -823,  -823,    14,  -823,  -823,   262,     0,  -823,   583,
+-     686,   -10,  -214,  -704,  -823
+-};
+-
+-/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
+-   positive, shift that token.  If negative, reduce the rule which
+-   number is the opposite.  If zero, do what YYDEFACT says.
+-   If YYTABLE_NINF, syntax error.  */
+-#define YYTABLE_NINF -563
++/* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM.  If
++   positive, shift that token.  If negative, reduce the rule whose
++   number is the opposite.  If YYTABLE_NINF, syntax error.  */
+ static const yytype_int16 yytable[] =
+ {
+-     157,   158,   159,   134,   494,   164,   165,   166,   167,   168,
+-     169,   170,   171,   197,   198,   132,   173,   133,   341,   344,
+-     182,   183,   184,   424,   326,   594,   419,   420,   706,   654,
+-     425,   433,   657,   136,   429,   430,   441,   418,   586,   437,
+-     438,   346,   417,   190,   193,   196,   221,   418,   175,   398,
+-     418,   231,   394,   209,   418,   451,   658,    27,    28,   163,
+-     553,   554,   555,   556,   869,   454,   210,    27,    28,   179,
+-      27,    28,   220,   918,    27,    28,   626,   627,   628,  -562,
+-     185,   186,   225,   228,   185,   186,   185,   186,   644,    27,
+-      28,    27,    28,    27,    28,   808,   139,   185,   186,   185,
+-     186,    29,   148,   151,   809,   160,   821,   704,   214,   312,
+-     857,   645,   646,   647,   445,   507,    35,   447,   773,    29,
+-      35,  -560,   142,   145,   954,   217,   562,   508,   236,   768,
+-     824,   951,   481,   535,   480,   828,   232,   638,   186,   639,
+-     259,   654,   536,     4,   657,   269,   482,   987,   493,   266,
+-     154,   137,    59,   424,   829,   957,   419,   420,   648,   830,
+-     174,    62,   262,   433,  -562,   176,   429,   430,   263,   920,
+-    1001,   441,   178,   637,   437,   438,   681,   395,   590,    62,
+-     698,   659,   569,   481,    27,    28,   180,   199,   592,   991,
+-     997,   704,   573,  1025,   808,   565,   873,   492,   187,   984,
+-     907,  1033,   191,   809,   194,   821,   260,  -562,   261,  -562,
+-     640,    35,   140,   237,   766,   223,   710,   226,   722,   229,
+-     149,   152,   330,   161,   343,   812,   215,   313,   827,   824,
+-     629,   630,   330,   203,   828,    27,    28,    29,   143,   146,
+-     237,   218,   563,   601,   602,   603,   604,   605,   581,   582,
+-     608,    29,   979,   829,   611,   389,  1031,  1032,   830,   345,
+-     498,   233,    35,   499,   986,   687,   688,    40,    41,   222,
+-     270,  1044,   652,   653,   994,   698,    42,    43,    44,    45,
++     157,   158,   159,   134,   496,   164,   165,   166,   167,   168,
++     169,   170,   171,   197,   198,   132,   173,   133,   427,   345,
++     182,   183,   184,   597,   426,   327,   657,   342,   421,   660,
++     709,   422,   435,   453,   139,   921,   431,   443,   395,   432,
++     419,   439,   347,   589,   440,   661,   221,   399,   420,   872,
++     420,   231,  -563,   209,   190,   193,   196,   420,   175,   555,
++     556,   557,   558,   559,   420,   771,   210,   456,    27,    28,
++      27,    28,   220,   629,   630,   631,   136,    27,    28,    27,
++      28,   179,   185,   186,    27,    28,   957,    29,    27,    28,
++     142,   145,   148,   225,   228,   217,   185,   186,   185,   186,
++     185,   186,   185,   186,   346,   707,    35,   860,   151,   160,
++     214,   313,   240,   236,   811,   270,   447,   565,    29,   449,
++     776,   812,   511,  -561,   960,     4,   241,   641,   186,   642,
++     954,   154,   876,   990,   483,   512,   482,  -563,   232,   657,
++     259,   824,   660,   827,   537,   269,   483,    62,   484,   266,
++     495,   140,  1000,   538,   923,   426,  1004,   593,   831,   421,
++     494,   647,   422,   832,   396,   435,    27,    28,   979,   431,
++     701,   662,   432,   443,   640,   833,   176,   439,    62,  1028,
++     440,  -563,   684,  -563,   648,   649,   650,  1036,   994,   707,
++     509,   595,   996,    35,   568,   137,   572,   910,   237,   180,
++     643,   187,   510,   576,   174,   769,   229,   143,   146,   237,
++     987,   149,   218,   811,   713,   191,   163,   194,  1016,   223,
++     812,   226,   331,   815,   344,    59,   830,   152,   161,   215,
++     314,   651,   331,   632,   566,   262,   633,   982,  1034,  1035,
++     824,   263,   827,   604,   605,   606,   607,   608,   419,   989,
++     611,   584,   585,  1047,   614,   390,   420,   831,   500,   997,
++     667,   501,   832,   178,    27,    28,   199,   690,   691,  1014,
++    1015,   668,   185,   186,   833,   655,    27,    28,   656,   420,
++    1024,  1025,   200,   201,  1029,    27,    28,    29,   260,   939,
++     261,    35,   725,  1038,   940,  1039,   273,   274,   941,    27,
++      28,  1044,   481,   203,  1046,   629,   630,   631,   321,   364,
++    1048,   365,    35,    29,   322,   323,   324,    40,    41,   663,
++      27,    28,   815,   369,   370,   830,    42,    43,    44,    45,
+       46,    47,    48,    49,    50,    51,    52,    53,    54,    55,
+-      56,    57,    58,   976,    59,    60,    61,    62,   240,    63,
+-     363,   479,   364,   664,   211,  1011,  1012,   232,    64,    65,
+-     644,   241,    66,    67,   665,    27,    28,   993,   418,   660,
+-    1026,   516,    72,   517,   812,    73,   239,   827,    74,  1035,
+-      75,  1021,  1022,   645,   646,   647,   417,  1041,    27,    28,
+-     509,   234,    35,  1013,   418,   244,  1036,   626,   627,   628,
+-     702,   703,   247,   510,   250,  1043,   185,   186,   978,   253,
+-     680,  1045,    27,    28,    27,    28,   629,   630,   936,   256,
+-     204,   205,   206,   937,    59,   207,   267,   938,   270,   347,
+-     648,   277,   348,   294,   652,   653,   349,   350,   351,   352,
+-     353,   354,   355,   356,   357,   358,   320,   359,   291,   360,
+-     361,   296,   321,   322,   323,   299,   682,   683,   684,   685,
+-     686,   737,   738,   689,   552,   865,   693,   758,   759,   760,
+-     761,   304,   762,   301,   763,   575,   576,   577,   200,   201,
+-     280,   281,   567,   282,   702,   703,    27,    28,   736,   308,
+-     571,   283,   284,   285,   286,   287,   288,   273,   274,   134,
+-     694,  -364,  -364,   774,   751,   752,   753,   754,   755,   756,
+-     310,   132,   622,   133,   315,   826,   368,   369,   810,   811,
+-     743,   744,   745,   371,   372,   737,   738,   374,   375,   377,
+-     378,   617,   380,   381,   383,   384,   387,   388,   327,   618,
+-     401,   402,   620,   404,   405,   415,   416,   328,   634,   427,
+-     428,   435,   436,   458,   459,   464,   465,   484,   485,   487,
+-     488,   490,   491,   544,   545,   726,   727,   831,   730,   731,
+-     910,   481,   316,   852,   853,   961,   962,   981,   851,   970,
+-     971,    29,   974,   975,   922,  1039,  1040,   923,   893,   894,
+-     641,   928,   929,    40,   317,   332,   335,   338,   366,   367,
+-     370,   668,   390,   673,   373,   376,   379,   382,   385,   442,
+-     448,   451,   172,   454,   826,   386,   399,   810,   811,   400,
+-      42,    43,    44,    45,    46,    47,    48,    49,    50,    51,
+-      52,    53,    54,    55,    56,    57,    58,   134,   403,    60,
+-      61,    62,   406,    63,   407,   408,   409,   410,   411,   132,
+-     412,   133,    64,    65,   413,   414,   426,   434,   514,   449,
+-     457,   921,   460,   707,   708,   709,   831,   461,   462,   463,
+-     483,   486,   489,   497,    75,   495,   500,   501,   502,   503,
+-     504,   717,   718,   719,   720,   505,   506,   512,   513,   511,
+-     515,   519,   521,   523,   525,   527,   529,   531,   721,   532,
+-     534,  -316,   537,   908,   539,   540,   541,   911,   912,   542,
+-     543,   548,   558,   550,   551,   557,  1017,   750,   560,   584,
+-     585,   589,   606,   965,   596,   597,   963,   964,   598,   599,
+-     607,   612,   633,  1034,   609,   765,   610,   661,   614,   615,
+-     625,   635,   418,   636,   672,   690,   679,   669,   965,   769,
+-     712,   963,   964,   670,   676,   671,   694,   724,   725,   714,
+-     715,   748,   770,   728,   729,   946,   742,   733,   716,   746,
+-     950,   747,   775,   953,   854,   772,   777,   776,   779,   780,
+-     845,   846,   847,   134,   856,   849,   871,   864,   868,   874,
+-     875,   878,   330,   891,   895,   902,   904,   913,  -445,   909,
+-     934,   914,   917,   924,   867,   916,   925,   870,   941,   977,
+-     807,   926,   943,   944,   949,   980,    29,   955,   858,   876,
+-     877,   956,   879,   880,   881,   882,   883,   884,   885,   886,
+-     887,   888,   889,   890,   995,   958,   972,   959,   960,   982,
+-     968,   999,   969,   345,  1004,  1009,  1007,   172,   990,  1003,
+-    1019,  1024,  1006,   992,   996,    42,    43,    44,    45,    46,
+-      47,    48,    49,    50,    51,    52,    53,    54,    55,    56,
+-      57,    58,  1002,  1015,    60,    61,    62,  1016,  1023,  1027,
+-    1029,  1037,   134,  1046,  1042,     5,   524,    64,    65,   859,
+-     860,   528,   530,   767,   705,   723,   520,   861,   544,   545,
+-     862,   593,   600,   619,   526,   568,   522,   621,   919,    75,
+-     570,   623,   572,   574,   559,   591,   778,   566,   850,   208,
+-     130,   595,   781,   732,    27,    28,    29,   533,   444,   735,
+-     547,   342,   983,   906,   985,   935,   947,   930,   863,   692,
+-     549,   933,   643,   711,   446,   311,   134,   134,     0,   932,
+-     134,    35,     0,     0,     0,     0,    40,    41,     0,     0,
+-       0,   931,     0,     0,     0,    42,    43,    44,    45,    46,
++      56,    57,    58,   211,    59,    60,    61,    62,   518,    63,
++     519,   204,   205,   206,   705,   701,   207,   706,    64,    65,
++     981,   647,    66,    67,   372,   373,    27,    28,   375,   376,
++     632,   222,    72,   633,   232,    73,   378,   379,    74,   233,
++      75,   578,   579,   580,   648,   649,   650,   348,   655,   234,
++     349,   656,   244,    35,   350,   351,   352,   353,   354,   355,
++     356,   357,   358,   359,   239,   360,   247,   361,   362,   250,
++     685,   686,   687,   688,   689,   740,   868,   692,   741,   253,
++     696,    27,    28,   739,   256,    59,   554,   697,  -365,  -365,
++     267,   651,   761,   762,   763,   764,   277,   765,   705,   766,
++     270,   706,   295,   777,   292,   570,   746,   747,   748,   381,
++     382,   134,   309,   574,   754,   755,   756,   757,   758,   759,
++     384,   385,   297,   132,   625,   133,   388,   389,   829,   302,
++     402,   403,   813,   280,   281,   814,   282,   405,   406,   740,
++     417,   418,   741,   620,   283,   284,   285,   286,   287,   288,
++     289,   429,   430,   437,   438,   460,   461,   466,   467,   300,
++     637,   305,   621,   486,   487,   623,   489,   490,   492,   493,
++     546,   547,   729,   730,   733,   734,   913,   483,   964,   965,
++     834,   973,   974,   311,   855,   856,   984,   977,   978,   896,
++     897,  1042,  1043,   931,   932,   316,   925,   317,   318,   926,
++     854,   328,   333,   329,   336,   339,    40,   367,   368,   371,
++     391,   444,   374,   644,   671,   377,   676,   380,   383,   386,
++     450,   387,   453,   456,   400,   401,   404,   829,   407,   408,
++     409,   813,   410,   411,   814,   412,   413,   414,   415,   416,
++     428,   436,   517,   451,   459,   462,   463,   464,   465,   485,
++     134,   488,   491,   499,   497,   521,   502,   503,   504,   505,
++     506,   924,   132,   523,   133,   507,   508,   514,   515,   516,
++     513,   525,   527,   529,   531,   533,   710,   711,   712,   834,
++     534,   536,  -317,   539,   541,   542,   543,   545,   544,   550,
++     561,   552,   553,   560,   720,   721,   722,   723,   563,   587,
++     588,   599,   592,   600,   601,   602,   609,   610,   615,   612,
++     617,   724,   613,   628,   420,   618,   664,   911,   638,   636,
++     639,   914,   915,   675,   672,   673,   674,   679,  1020,   693,
++     753,   682,   697,   715,   717,   718,   968,   727,   728,   719,
++     966,   731,   732,   967,   736,  1037,   745,   751,   768,   749,
++     750,   773,   778,   775,   850,   780,   779,   782,   783,   848,
++     849,   968,   772,   852,   857,   966,   859,   871,   967,   874,
++     877,   878,   881,   898,  -446,   894,   905,   907,   916,   949,
++     917,   912,   920,   927,   953,   928,   919,   956,   937,   944,
++     929,   946,   947,   810,   952,   983,   134,   958,   961,   959,
++     867,   975,   962,   963,   346,   331,   985,   971,   972,  1002,
++    1012,  1010,  1022,  1032,  1027,     5,   993,   870,  1030,   995,
++     873,   999,  1005,   980,  1045,   528,   530,    27,    28,    29,
++    1018,  1019,   879,   880,  1026,   882,   883,   884,   885,   886,
++     887,   888,   889,   890,   891,   892,   893,  1007,   998,  1040,
++    1049,   526,   708,   770,    35,   726,   532,   522,   622,    40,
++      41,   598,   596,  1006,   594,   571,  1009,   524,    42,    43,
++      44,    45,    46,    47,    48,    49,    50,    51,    52,    53,
++      54,    55,    56,    57,    58,   626,    59,    60,    61,    62,
++     603,    63,   781,   784,   208,   134,   624,   853,   130,   577,
++      64,    65,   735,   535,    66,    67,   343,   446,   738,   986,
++     909,   988,   938,   933,    72,   646,   695,    73,   549,   936,
++      74,   922,    75,   551,   714,     0,   562,     0,   448,   312,
++       0,     0,     0,     0,     0,     0,   569,    29,   573,   861,
++       0,     0,     0,     0,   575,     0,     0,     0,     0,   950,
++       0,     0,     0,   683,     0,     0,     0,     0,     0,   134,
++     134,     0,   935,   134,     0,     0,     0,     0,   172,     0,
++       0,     0,     0,     0,   934,     0,    42,    43,    44,    45,
++      46,    47,    48,    49,    50,    51,    52,    53,    54,    55,
++      56,    57,    58,     0,     0,    60,    61,    62,     0,     0,
++       0,     0,     0,     0,     0,     0,     0,   991,    64,    65,
++     862,   863,     0,     0,     0,     0,     0,     0,   864,   546,
++     547,   865,     0,     0,     0,     0,     0,     0,     0,     0,
++      75,     0,     0,     0,     0,     0,     0,     0,     0,     0,
++       0,     0,     0,     0,     0,     0,     0,     0,     0,  1011,
++       0,     0,  1001,     0,   785,   420,     0,     0,     0,  1021,
++     866,     0,     0,     0,     0,     0,   786,     0,     0,  1031,
++     647,     0,     0,     0,     0,    27,    28,   787,     0,  1041,
++       0,   788,   789,   790,   791,   792,   793,   794,   795,   796,
++       0,     0,     0,   648,   797,   798,   799,     0,     0,     0,
++       0,     0,    35,     0,     0,     0,     0,    40,    41,   800,
++     801,   802,   803,   804,     0,   805,    42,    43,    44,    45,
++      46,    47,    48,    49,    50,    51,    52,    53,    54,    55,
++      56,    57,    58,   806,    59,    60,    61,    62,     0,    63,
++     807,     0,     0,     0,     0,     0,     0,     0,    64,    65,
++       0,     0,    66,    67,     0,     0,     0,     0,     0,     0,
++       0,     0,    72,   785,   420,    73,     0,   808,    74,     0,
++      75,     0,     0,   809,     0,   786,     0,     0,     0,   647,
++       0,     0,     0,     0,    27,    28,   787,     0,     0,     0,
++     788,   789,   790,   791,   792,   793,   794,   795,   796,     0,
++       0,   908,   648,   797,   798,   799,     0,     0,     0,     0,
++     810,    35,     0,     0,     0,     0,    40,    41,   800,   801,
++     802,   803,   804,     0,   805,    42,    43,    44,    45,    46,
+       47,    48,    49,    50,    51,    52,    53,    54,    55,    56,
+-      57,    58,     0,    59,    60,    61,    62,     0,    63,     0,
+-       0,     0,     0,     0,   988,     0,     0,    64,    65,     0,
++      57,    58,   806,    59,    60,    61,    62,     0,    63,   807,
++       0,     0,     0,     0,     0,     0,     0,    64,    65,     0,
+        0,    66,    67,     0,     0,     0,     0,     0,     0,     0,
+-       0,    72,     0,     0,    73,     0,     0,    74,     0,    75,
++       0,    72,     0,     0,    73,     0,   808,    74,     0,    75,
++       0,     6,   809,     7,     8,     9,    10,    11,    12,    13,
++       0,    14,    15,    16,    17,     0,     0,     0,    18,    19,
++      20,     0,    21,    22,    23,     0,    24,    25,    26,     0,
++      27,    28,    29,     0,     0,     0,     0,     0,     0,   810,
+        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+-       0,     0,     0,     0,     0,     0,  1008,     0,     0,   998,
+-       0,   782,   418,     0,     0,     0,  1018,     0,     0,     0,
+-       0,     0,     0,   783,     0,     0,  1028,   644,     0,     0,
+-       0,     0,    27,    28,   784,     0,  1038,     0,   785,   786,
+-     787,   788,   789,   790,   791,   792,   793,     0,     0,     0,
+-     645,   794,   795,   796,     0,     0,     0,     0,     0,    35,
+-       0,     0,     0,     0,    40,    41,   797,   798,   799,   800,
+-     801,     0,   802,    42,    43,    44,    45,    46,    47,    48,
+-      49,    50,    51,    52,    53,    54,    55,    56,    57,    58,
+-     803,    59,    60,    61,    62,     0,    63,   804,     0,     0,
+-       0,     0,     0,     0,     0,    64,    65,     0,     0,    66,
+-      67,     0,     0,     0,     0,     0,     0,     0,     0,    72,
+-     782,   418,    73,     0,   805,    74,     0,    75,     0,     0,
+-     806,     0,   783,     0,     0,     0,   644,     0,     0,     0,
+-       0,    27,    28,   784,     0,     0,     0,   785,   786,   787,
+-     788,   789,   790,   791,   792,   793,     0,   905,     0,   645,
+-     794,   795,   796,     0,     0,     0,   807,     0,    35,     0,
+-       0,     0,     0,    40,    41,   797,   798,   799,   800,   801,
+-       0,   802,    42,    43,    44,    45,    46,    47,    48,    49,
+-      50,    51,    52,    53,    54,    55,    56,    57,    58,   803,
+-      59,    60,    61,    62,     0,    63,   804,     0,     0,     0,
+-       0,     0,     0,     0,    64,    65,     0,     0,    66,    67,
+-       0,     0,     0,     0,     0,     0,     0,     0,    72,     0,
+-       0,    73,     0,   805,    74,     0,    75,     0,     6,   806,
+-       7,     8,     9,    10,    11,    12,    13,     0,    14,    15,
+-      16,    17,     0,     0,     0,    18,    19,    20,     0,    21,
+-      22,    23,     0,    24,    25,    26,     0,    27,    28,    29,
+-       0,     0,     0,     0,     0,   807,     0,     0,     0,     0,
+-       0,     0,     0,     0,     0,     0,     0,     0,     0,    30,
+-      31,    32,    33,    34,    35,    36,    37,    38,    39,    40,
+-      41,     0,     0,     0,     0,     0,     0,     0,    42,    43,
+-      44,    45,    46,    47,    48,    49,    50,    51,    52,    53,
+-      54,    55,    56,    57,    58,     0,    59,    60,    61,    62,
+-      29,    63,     0,     0,     0,     0,     0,     0,     0,     0,
+-      64,    65,     0,     0,    66,    67,    68,    69,    70,    71,
+-       0,     0,     0,     0,    72,     0,     0,    73,     0,     0,
+-      74,   172,    75,    76,    77,     0,    78,     0,     0,    42,
++       0,     0,    30,    31,    32,    33,    34,    35,    36,    37,
++      38,    39,    40,    41,     0,     0,     0,     0,     0,     0,
++       0,    42,    43,    44,    45,    46,    47,    48,    49,    50,
++      51,    52,    53,    54,    55,    56,    57,    58,     0,    59,
++      60,    61,    62,    29,    63,     0,     0,     0,     0,     0,
++       0,     0,     0,    64,    65,     0,     0,    66,    67,    68,
++      69,    70,    71,     0,     0,     0,     0,    72,     0,     0,
++      73,     0,     0,    74,   172,    75,    76,    77,     0,    78,
++       0,     0,    42,    43,    44,    45,    46,    47,    48,    49,
++      50,    51,    52,    53,    54,    55,    56,    57,    58,     0,
++      29,    60,    61,    62,     0,    63,     0,   468,   469,   470,
++     471,   472,   473,   474,    64,    65,     0,     0,     0,     0,
++       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
++     475,   172,     0,     0,     0,     0,    75,     0,     0,    42,
+       43,    44,    45,    46,    47,    48,    49,    50,    51,    52,
+-      53,    54,    55,    56,    57,    58,     0,    29,    60,    61,
+-      62,     0,    63,     0,   466,   467,   468,   469,   470,   471,
+-     472,    64,    65,     0,     0,     0,     0,     0,     0,     0,
+-       0,     0,     0,     0,     0,     0,     0,   473,   172,     0,
++      53,    54,    55,    56,    57,    58,   930,    29,    60,    61,
++      62,     0,    63,   807,     0,     0,     0,     0,     0,     0,
++       0,    64,    65,     0,     0,     0,     0,     0,     0,     0,
++       0,     0,     0,     0,     0,    72,     0,     0,   172,     0,
+        0,     0,     0,    75,     0,     0,    42,    43,    44,    45,
+       46,    47,    48,    49,    50,    51,    52,    53,    54,    55,
+-      56,    57,    58,   927,    29,    60,    61,    62,     0,    63,
+-     804,     0,     0,     0,     0,     0,     0,     0,    64,    65,
++      56,    57,    58,   930,    29,    60,    61,    62,     0,    63,
++       0,     0,     0,     0,     0,     0,     0,     0,    64,    65,
+        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+        0,     0,    72,     0,     0,   172,     0,     0,     0,     0,
+       75,     0,     0,    42,    43,    44,    45,    46,    47,    48,
+       49,    50,    51,    52,    53,    54,    55,    56,    57,    58,
+-     927,    29,    60,    61,    62,     0,    63,     0,     0,     0,
++      29,     0,    60,    61,    62,     0,    63,     0,     0,     0,
+        0,     0,     0,     0,     0,    64,    65,     0,     0,     0,
+        0,     0,     0,     0,     0,     0,     0,     0,     0,    72,
+-       0,     0,   172,     0,     0,     0,     0,    75,     0,     0,
+-      42,    43,    44,    45,    46,    47,    48,    49,    50,    51,
+-      52,    53,    54,    55,    56,    57,    58,    29,     0,    60,
+-      61,    62,     0,    63,     0,     0,     0,     0,     0,     0,
+-       0,     0,    64,    65,     0,     0,     0,     0,     0,     0,
+-       0,     0,     0,     0,     0,     0,    72,     0,   172,     0,
+-       0,     0,     0,     0,    75,     0,    42,    43,    44,    45,
+-      46,    47,    48,    49,    50,    51,    52,    53,    54,    55,
+-      56,    57,    58,     0,     0,    60,    61,    62,     0,     0,
+-       0,     0,     0,     0,     0,     0,     0,     0,    64,    65,
+-       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
++       0,   172,     0,     0,     0,     0,    29,    75,     0,    42,
++      43,    44,    45,    46,    47,    48,    49,    50,    51,    52,
++      53,    54,    55,    56,    57,    58,     0,     0,    60,    61,
++      62,     0,    63,     0,     0,     0,     0,   172,     0,     0,
++       0,    64,    65,     0,     0,    42,    43,    44,    45,    46,
++      47,    48,    49,    50,    51,    52,    53,    54,    55,    56,
++      57,    58,     0,    75,    60,    61,    62,     0,     0,     0,
++       0,     0,     0,     0,     0,     0,     0,    64,    65,     0,
+        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+-      75
++       0,     0,     0,     0,     0,     0,     0,     0,     0,    75
+ };
+ 
+ static const yytype_int16 yycheck[] =
+ {
+-      13,    14,    15,     3,   345,    18,    19,    20,    21,    22,
+-      23,    24,    25,    40,    41,     3,    26,     3,   232,   235,
+-      33,    34,    35,   291,   219,   457,   291,   291,   625,   537,
+-     293,   299,   537,    34,   299,   299,   304,    12,   449,   304,
+-     304,   236,     4,    37,    38,    39,    73,    12,    35,   272,
+-      12,    78,    34,    63,    12,    34,    34,    32,    33,    35,
+-     409,   410,   411,   412,   768,    34,    66,    32,    33,    35,
+-      32,    33,    72,   869,    32,    33,    17,    18,    19,    34,
+-      34,    35,    76,    77,    34,    35,    34,    35,    27,    32,
+-      33,    32,    33,    32,    33,   733,    36,    34,    35,    34,
+-      35,    34,    34,    34,   733,    34,   733,   615,    34,    34,
+-     757,    50,    51,    52,   309,   155,    59,   312,   715,    34,
+-      59,   152,    36,    36,   920,    36,    36,   167,    34,   706,
+-     733,   917,   154,   154,   329,   733,   167,    34,    35,    36,
+-     153,   649,   163,     0,   649,   172,   168,   969,   343,   162,
+-      31,   152,    91,   421,   733,    34,   421,   421,    97,   733,
+-     152,    94,   134,   431,   119,   152,   431,   431,   140,   873,
+-     992,   439,    35,   514,   439,   439,   587,   159,   157,    94,
+-     123,   159,   157,   154,    32,    33,   152,    76,   157,   975,
+-     986,   699,   157,  1015,   832,   157,   773,   168,   152,   157,
+-     847,  1023,   152,   832,   152,   832,    31,   162,    33,   164,
+-     107,    59,   152,   119,   157,   152,   157,   152,   157,   152,
+-     152,   152,   222,   152,   234,   733,   152,   152,   733,   832,
+-     495,   495,   232,    79,   832,    32,    33,    34,   152,   152,
+-     119,   152,   152,   466,   467,   468,   469,   470,   443,   444,
+-     473,    34,   956,   832,   477,   268,  1021,  1022,   832,   152,
+-     152,    94,    59,   155,   968,   606,   607,    64,    65,   167,
+-     163,  1036,   537,   537,   978,   123,    73,    74,    75,    76,
++      13,    14,    15,     3,   346,    18,    19,    20,    21,    22,
++      23,    24,    25,    40,    41,     3,    26,     3,   294,   235,
++      33,    34,    35,   459,   292,   219,   539,   232,   292,   539,
++     628,   292,   300,    34,    36,   872,   300,   305,    34,   300,
++       4,   305,   236,   451,   305,    34,    73,   272,    12,   771,
++      12,    78,    34,    63,    37,    38,    39,    12,    35,   410,
++     411,   412,   413,   414,    12,   709,    66,    34,    32,    33,
++      32,    33,    72,    17,    18,    19,    34,    32,    33,    32,
++      33,    35,    34,    35,    32,    33,   923,    34,    32,    33,
++      36,    36,    34,    76,    77,    36,    34,    35,    34,    35,
++      34,    35,    34,    35,   153,   618,    59,   760,    34,    34,
++      34,    34,   138,    34,   736,   164,   310,    36,    34,   313,
++     718,   736,   156,   153,    34,     0,   152,    34,    35,    36,
++     920,    31,   776,   972,   155,   169,   330,   119,   168,   652,
++     153,   736,   652,   736,   155,   172,   155,    94,   169,   162,
++     344,   153,   989,   164,   876,   423,   995,   158,   736,   423,
++     169,    27,   423,   736,   160,   433,    32,    33,   956,   433,
++     123,   160,   433,   441,   516,   736,   153,   441,    94,  1018,
++     441,   163,   590,   165,    50,    51,    52,  1026,   978,   702,
++     156,   158,   980,    59,   158,   153,   158,   850,   119,   153,
++     107,   153,   168,   158,   153,   158,   153,   153,   153,   119,
++     158,   153,   153,   835,   158,   153,    35,   153,  1006,   153,
++     835,   153,   222,   736,   234,    91,   736,   153,   153,   153,
++     153,    97,   232,   497,   153,   134,   497,   959,  1024,  1025,
++     835,   140,   835,   468,   469,   470,   471,   472,     4,   971,
++     475,   445,   446,  1039,   479,   268,    12,   835,   153,   981,
++     132,   156,   835,    35,    32,    33,    76,   609,   610,  1004,
++    1005,   143,    34,    35,   835,   539,    32,    33,   539,    12,
++    1014,  1015,    64,    65,  1019,    32,    33,    34,    31,   133,
++      33,    59,   158,  1028,   138,  1029,   138,   139,   142,    32,
++      33,  1036,   329,    79,  1038,    17,    18,    19,   137,   163,
++    1044,   165,    59,    34,   143,   144,   145,    64,    65,   544,
++      32,    33,   835,   154,   155,   835,    73,    74,    75,    76,
+       77,    78,    79,    80,    81,    82,    83,    84,    85,    86,
+-      87,    88,    89,   953,    91,    92,    93,    94,   138,    96,
+-     162,   328,   164,   132,    34,  1001,  1002,   167,   105,   106,
+-      27,   151,   109,   110,   143,    32,    33,   977,    12,   542,
+-    1016,    34,   119,    36,   832,   122,   107,   832,   125,  1025,
+-     127,  1011,  1012,    50,    51,    52,     4,  1033,    32,    33,
+-     155,    30,    59,  1003,    12,   138,  1026,    17,    18,    19,
+-     615,   615,   138,   168,   138,  1035,    34,    35,   955,   138,
+-     157,  1041,    32,    33,    32,    33,   631,   631,   133,   138,
+-      74,    75,    76,   138,    91,    79,    35,   142,   163,   152,
+-      97,   138,   155,   107,   649,   649,   159,   160,   161,   162,
+-     163,   164,   165,   166,   167,   168,   137,   170,   156,   172,
+-     173,   138,   143,   144,   145,   156,   601,   602,   603,   604,
+-     605,   676,   676,   608,   408,   764,   611,   159,   160,   161,
+-     162,   156,   164,   138,   166,    66,    67,    68,    64,    65,
+-     135,   136,   426,   138,   699,   699,    32,    33,    34,    34,
+-     434,   146,   147,   148,   149,   150,   151,   138,   139,   449,
+-     152,   153,   154,   716,   160,   161,   162,   163,   164,   165,
+-      76,   449,   489,   449,   156,   733,   153,   154,   733,   733,
+-     682,   683,   684,   153,   154,   740,   740,   153,   154,   153,
+-     154,   481,   153,   154,   153,   154,   153,   154,   152,   483,
+-     153,   154,   486,   153,   154,   153,   154,   152,   498,   153,
+-     154,   153,   154,   153,   154,   153,   154,   153,   154,   153,
+-     154,   153,   154,   116,   117,   153,   154,   733,   153,   154,
+-     153,   154,   156,   746,   747,   153,   154,   959,   742,   153,
+-     154,    34,   153,   154,   875,  1031,  1032,   878,   798,   799,
+-     534,   896,   897,    64,   138,   138,   138,   138,   155,   155,
+-     155,   564,    34,   580,   155,   155,   155,   155,   155,   169,
+-     162,    34,    65,    34,   832,   155,   155,   832,   832,   155,
+-      73,    74,    75,    76,    77,    78,    79,    80,    81,    82,
+-      83,    84,    85,    86,    87,    88,    89,   587,   155,    92,
+-      93,    94,   155,    96,   155,   155,   155,   155,   155,   587,
+-     155,   587,   105,   106,   155,   155,   155,   155,   152,   156,
+-     155,   874,   155,   626,   627,   628,   832,   155,   155,   155,
+-     155,   155,   155,   153,   127,   156,   155,   155,   155,   155,
+-     155,   644,   645,   646,   647,   155,   155,   155,   155,   171,
+-      96,   107,    36,    36,    36,    34,    34,    34,   648,   107,
+-     155,   160,   156,   848,    34,    95,   153,   852,   853,   160,
+-      35,    35,   107,    36,    36,    34,  1007,   694,   152,   158,
+-      34,   158,   152,   941,    36,    36,   941,   941,    36,    36,
+-     152,   155,   158,  1024,   153,   698,   154,   141,   153,   156,
+-     153,   155,    12,   155,   154,    96,   153,   158,   966,   712,
+-      17,   966,   966,   158,   156,   158,   152,    34,   155,   153,
+-     153,   126,    18,   155,   155,   910,   152,   156,   169,   153,
+-     915,   153,    34,   918,   120,   158,    36,   158,    36,    36,
+-     158,   158,   155,   733,   153,   157,    19,   764,   158,   160,
+-     152,   152,   742,    71,   169,   152,    34,   152,   166,   158,
+-      34,   155,   152,   169,   764,   157,   169,   770,   156,   954,
+-     166,   169,   152,   154,   107,    34,    34,   153,    36,   782,
+-     783,   153,   785,   786,   787,   788,   789,   790,   791,   792,
+-     793,   794,   795,   796,   979,   155,   170,   155,   155,    34,
+-     153,    49,   158,   152,   170,    48,   152,    65,   158,   994,
+-      37,   152,   997,   158,   158,    73,    74,    75,    76,    77,
+-      78,    79,    80,    81,    82,    83,    84,    85,    86,    87,
+-      88,    89,   158,   158,    92,    93,    94,   158,   158,   153,
+-      47,   171,   832,   171,   153,     1,   375,   105,   106,   107,
+-     108,   381,   384,   699,   624,   649,   369,   115,   116,   117,
+-     118,   455,   465,   485,   378,   428,   372,   488,   871,   127,
+-     431,   491,   436,   439,   416,   452,   727,   421,   740,    62,
+-       3,   459,   731,   672,    32,    33,    34,   388,   307,   675,
+-     402,   233,   962,   832,   966,   901,   913,   898,   156,   610,
+-     405,   900,   535,   631,   311,   209,   896,   897,    -1,   899,
+-     900,    59,    -1,    -1,    -1,    -1,    64,    65,    -1,    -1,
+-      -1,   899,    -1,    -1,    -1,    73,    74,    75,    76,    77,
++      87,    88,    89,    34,    91,    92,    93,    94,    34,    96,
++      36,    74,    75,    76,   618,   123,    79,   618,   105,   106,
++     958,    27,   109,   110,   154,   155,    32,    33,   154,   155,
++     634,   168,   119,   634,   168,   122,   154,   155,   125,    94,
++     127,    66,    67,    68,    50,    51,    52,   153,   652,    30,
++     156,   652,   138,    59,   160,   161,   162,   163,   164,   165,
++     166,   167,   168,   169,   107,   171,   138,   173,   174,   138,
++     604,   605,   606,   607,   608,   679,   767,   611,   679,   138,
++     614,    32,    33,    34,   138,    91,   409,   153,   154,   155,
++      35,    97,   160,   161,   162,   163,   138,   165,   702,   167,
++     164,   702,   107,   719,   157,   428,   685,   686,   687,   154,
++     155,   451,    34,   436,   161,   162,   163,   164,   165,   166,
++     154,   155,   138,   451,   491,   451,   154,   155,   736,   138,
++     154,   155,   736,   135,   136,   736,   138,   154,   155,   743,
++     154,   155,   743,   483,   146,   147,   148,   149,   150,   151,
++     152,   154,   155,   154,   155,   154,   155,   154,   155,   157,
++     500,   157,   485,   154,   155,   488,   154,   155,   154,   155,
++     116,   117,   154,   155,   154,   155,   154,   155,   154,   155,
++     736,   154,   155,    76,   749,   750,   962,   154,   155,   801,
++     802,  1034,  1035,   899,   900,   157,   878,   157,   138,   881,
++     745,   153,   138,   153,   138,   138,    64,   156,   156,   156,
++      34,   170,   156,   536,   567,   156,   583,   156,   156,   156,
++     163,   156,    34,    34,   156,   156,   156,   835,   156,   156,
++     156,   835,   156,   156,   835,   156,   156,   156,   156,   156,
++     156,   156,    96,   157,   156,   156,   156,   156,   156,   156,
++     590,   156,   156,   154,   157,   107,   156,   156,   156,   156,
++     156,   877,   590,    36,   590,   156,   156,   156,   156,   153,
++     172,    36,    36,    34,    34,    34,   629,   630,   631,   835,
++     107,   156,   161,   157,    34,    95,   154,    35,   161,    35,
++     107,    36,    36,    34,   647,   648,   649,   650,   153,   159,
++      34,    36,   159,    36,    36,    36,   153,   153,   156,   154,
++     154,   651,   155,   154,    12,   157,   141,   851,   156,   159,
++     156,   855,   856,   155,   159,   159,   159,   157,  1010,    96,
++     697,   154,   153,    17,   154,   154,   944,    34,   156,   170,
++     944,   156,   156,   944,   157,  1027,   153,   126,   701,   154,
++     154,    18,    34,   159,   156,    36,   159,    36,    36,   159,
++     159,   969,   715,   158,   120,   969,   154,   159,   969,    19,
++     161,   153,   153,   170,   167,    71,   153,    34,   153,   913,
++     156,   159,   153,   170,   918,   170,   158,   921,    34,   157,
++     170,   153,   155,   167,   107,    34,   736,   154,   156,   154,
++     767,   171,   156,   156,   153,   745,    34,   154,   159,    49,
++      48,   153,    37,    47,   153,     1,   159,   767,   154,   159,
++     773,   159,   159,   957,   154,   379,   382,    32,    33,    34,
++     159,   159,   785,   786,   159,   788,   789,   790,   791,   792,
++     793,   794,   795,   796,   797,   798,   799,   171,   982,   172,
++     172,   376,   627,   702,    59,   652,   385,   370,   487,    64,
++      65,   461,   457,   997,   454,   430,  1000,   373,    73,    74,
++      75,    76,    77,    78,    79,    80,    81,    82,    83,    84,
++      85,    86,    87,    88,    89,   493,    91,    92,    93,    94,
++     467,    96,   730,   734,    62,   835,   490,   743,     3,   441,
++     105,   106,   675,   389,   109,   110,   233,   308,   678,   965,
++     835,   969,   904,   901,   119,   537,   613,   122,   403,   903,
++     125,   874,   127,   406,   634,    -1,   418,    -1,   312,   209,
++      -1,    -1,    -1,    -1,    -1,    -1,   423,    34,   433,    36,
++      -1,    -1,    -1,    -1,   438,    -1,    -1,    -1,    -1,   916,
++      -1,    -1,    -1,   158,    -1,    -1,    -1,    -1,    -1,   899,
++     900,    -1,   902,   903,    -1,    -1,    -1,    -1,    65,    -1,
++      -1,    -1,    -1,    -1,   902,    -1,    73,    74,    75,    76,
++      77,    78,    79,    80,    81,    82,    83,    84,    85,    86,
++      87,    88,    89,    -1,    -1,    92,    93,    94,    -1,    -1,
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,   974,   105,   106,
++     107,   108,    -1,    -1,    -1,    -1,    -1,    -1,   115,   116,
++     117,   118,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
++     127,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,  1002,
++      -1,    -1,   992,    -1,    11,    12,    -1,    -1,    -1,  1012,
++     157,    -1,    -1,    -1,    -1,    -1,    23,    -1,    -1,  1022,
++      27,    -1,    -1,    -1,    -1,    32,    33,    34,    -1,  1032,
++      -1,    38,    39,    40,    41,    42,    43,    44,    45,    46,
++      -1,    -1,    -1,    50,    51,    52,    53,    -1,    -1,    -1,
++      -1,    -1,    59,    -1,    -1,    -1,    -1,    64,    65,    66,
++      67,    68,    69,    70,    -1,    72,    73,    74,    75,    76,
++      77,    78,    79,    80,    81,    82,    83,    84,    85,    86,
++      87,    88,    89,    90,    91,    92,    93,    94,    -1,    96,
++      97,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   105,   106,
++      -1,    -1,   109,   110,    -1,    -1,    -1,    -1,    -1,    -1,
++      -1,    -1,   119,    11,    12,   122,    -1,   124,   125,    -1,
++     127,    -1,    -1,   130,    -1,    23,    -1,    -1,    -1,    27,
++      -1,    -1,    -1,    -1,    32,    33,    34,    -1,    -1,    -1,
++      38,    39,    40,    41,    42,    43,    44,    45,    46,    -1,
++      -1,   158,    50,    51,    52,    53,    -1,    -1,    -1,    -1,
++     167,    59,    -1,    -1,    -1,    -1,    64,    65,    66,    67,
++      68,    69,    70,    -1,    72,    73,    74,    75,    76,    77,
+       78,    79,    80,    81,    82,    83,    84,    85,    86,    87,
+-      88,    89,    -1,    91,    92,    93,    94,    -1,    96,    -1,
+-      -1,    -1,    -1,    -1,   971,    -1,    -1,   105,   106,    -1,
++      88,    89,    90,    91,    92,    93,    94,    -1,    96,    97,
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,   105,   106,    -1,
+       -1,   109,   110,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+-      -1,   119,    -1,    -1,   122,    -1,    -1,   125,    -1,   127,
++      -1,   119,    -1,    -1,   122,    -1,   124,   125,    -1,   127,
++      -1,     3,   130,     5,     6,     7,     8,     9,    10,    11,
++      -1,    13,    14,    15,    16,    -1,    -1,    -1,    20,    21,
++      22,    -1,    24,    25,    26,    -1,    28,    29,    30,    -1,
++      32,    33,    34,    -1,    -1,    -1,    -1,    -1,    -1,   167,
+       -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+-      -1,    -1,    -1,    -1,    -1,    -1,   999,    -1,    -1,   989,
+-      -1,    11,    12,    -1,    -1,    -1,  1009,    -1,    -1,    -1,
+-      -1,    -1,    -1,    23,    -1,    -1,  1019,    27,    -1,    -1,
+-      -1,    -1,    32,    33,    34,    -1,  1029,    -1,    38,    39,
+-      40,    41,    42,    43,    44,    45,    46,    -1,    -1,    -1,
+-      50,    51,    52,    53,    -1,    -1,    -1,    -1,    -1,    59,
+-      -1,    -1,    -1,    -1,    64,    65,    66,    67,    68,    69,
+-      70,    -1,    72,    73,    74,    75,    76,    77,    78,    79,
+-      80,    81,    82,    83,    84,    85,    86,    87,    88,    89,
+-      90,    91,    92,    93,    94,    -1,    96,    97,    -1,    -1,
+-      -1,    -1,    -1,    -1,    -1,   105,   106,    -1,    -1,   109,
+-     110,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   119,
+-      11,    12,   122,    -1,   124,   125,    -1,   127,    -1,    -1,
+-     130,    -1,    23,    -1,    -1,    -1,    27,    -1,    -1,    -1,
+-      -1,    32,    33,    34,    -1,    -1,    -1,    38,    39,    40,
+-      41,    42,    43,    44,    45,    46,    -1,   157,    -1,    50,
+-      51,    52,    53,    -1,    -1,    -1,   166,    -1,    59,    -1,
+-      -1,    -1,    -1,    64,    65,    66,    67,    68,    69,    70,
+-      -1,    72,    73,    74,    75,    76,    77,    78,    79,    80,
+-      81,    82,    83,    84,    85,    86,    87,    88,    89,    90,
+-      91,    92,    93,    94,    -1,    96,    97,    -1,    -1,    -1,
+-      -1,    -1,    -1,    -1,   105,   106,    -1,    -1,   109,   110,
+-      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   119,    -1,
+-      -1,   122,    -1,   124,   125,    -1,   127,    -1,     3,   130,
+-       5,     6,     7,     8,     9,    10,    11,    -1,    13,    14,
+-      15,    16,    -1,    -1,    -1,    20,    21,    22,    -1,    24,
+-      25,    26,    -1,    28,    29,    30,    -1,    32,    33,    34,
+-      -1,    -1,    -1,    -1,    -1,   166,    -1,    -1,    -1,    -1,
+-      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    54,
+-      55,    56,    57,    58,    59,    60,    61,    62,    63,    64,
+-      65,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    73,    74,
+-      75,    76,    77,    78,    79,    80,    81,    82,    83,    84,
+-      85,    86,    87,    88,    89,    -1,    91,    92,    93,    94,
+-      34,    96,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+-     105,   106,    -1,    -1,   109,   110,   111,   112,   113,   114,
+-      -1,    -1,    -1,    -1,   119,    -1,    -1,   122,    -1,    -1,
+-     125,    65,   127,   128,   129,    -1,   131,    -1,    -1,    73,
++      -1,    -1,    54,    55,    56,    57,    58,    59,    60,    61,
++      62,    63,    64,    65,    -1,    -1,    -1,    -1,    -1,    -1,
++      -1,    73,    74,    75,    76,    77,    78,    79,    80,    81,
++      82,    83,    84,    85,    86,    87,    88,    89,    -1,    91,
++      92,    93,    94,    34,    96,    -1,    -1,    -1,    -1,    -1,
++      -1,    -1,    -1,   105,   106,    -1,    -1,   109,   110,   111,
++     112,   113,   114,    -1,    -1,    -1,    -1,   119,    -1,    -1,
++     122,    -1,    -1,   125,    65,   127,   128,   129,    -1,   131,
++      -1,    -1,    73,    74,    75,    76,    77,    78,    79,    80,
++      81,    82,    83,    84,    85,    86,    87,    88,    89,    -1,
++      34,    92,    93,    94,    -1,    96,    -1,    98,    99,   100,
++     101,   102,   103,   104,   105,   106,    -1,    -1,    -1,    -1,
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
++     121,    65,    -1,    -1,    -1,    -1,   127,    -1,    -1,    73,
+       74,    75,    76,    77,    78,    79,    80,    81,    82,    83,
+-      84,    85,    86,    87,    88,    89,    -1,    34,    92,    93,
+-      94,    -1,    96,    -1,    98,    99,   100,   101,   102,   103,
+-     104,   105,   106,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+-      -1,    -1,    -1,    -1,    -1,    -1,    -1,   121,    65,    -1,
++      84,    85,    86,    87,    88,    89,    90,    34,    92,    93,
++      94,    -1,    96,    97,    -1,    -1,    -1,    -1,    -1,    -1,
++      -1,   105,   106,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
++      -1,    -1,    -1,    -1,    -1,   119,    -1,    -1,    65,    -1,
+       -1,    -1,    -1,   127,    -1,    -1,    73,    74,    75,    76,
+       77,    78,    79,    80,    81,    82,    83,    84,    85,    86,
+       87,    88,    89,    90,    34,    92,    93,    94,    -1,    96,
+-      97,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   105,   106,
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   105,   106,
+       -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+       -1,    -1,   119,    -1,    -1,    65,    -1,    -1,    -1,    -1,
+      127,    -1,    -1,    73,    74,    75,    76,    77,    78,    79,
+       80,    81,    82,    83,    84,    85,    86,    87,    88,    89,
+-      90,    34,    92,    93,    94,    -1,    96,    -1,    -1,    -1,
++      34,    -1,    92,    93,    94,    -1,    96,    -1,    -1,    -1,
+       -1,    -1,    -1,    -1,    -1,   105,   106,    -1,    -1,    -1,
+       -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   119,
+-      -1,    -1,    65,    -1,    -1,    -1,    -1,   127,    -1,    -1,
+-      73,    74,    75,    76,    77,    78,    79,    80,    81,    82,
+-      83,    84,    85,    86,    87,    88,    89,    34,    -1,    92,
+-      93,    94,    -1,    96,    -1,    -1,    -1,    -1,    -1,    -1,
+-      -1,    -1,   105,   106,    -1,    -1,    -1,    -1,    -1,    -1,
+-      -1,    -1,    -1,    -1,    -1,    -1,   119,    -1,    65,    -1,
+-      -1,    -1,    -1,    -1,   127,    -1,    73,    74,    75,    76,
+-      77,    78,    79,    80,    81,    82,    83,    84,    85,    86,
+-      87,    88,    89,    -1,    -1,    92,    93,    94,    -1,    -1,
+-      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   105,   106,
+-      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
++      -1,    65,    -1,    -1,    -1,    -1,    34,   127,    -1,    73,
++      74,    75,    76,    77,    78,    79,    80,    81,    82,    83,
++      84,    85,    86,    87,    88,    89,    -1,    -1,    92,    93,
++      94,    -1,    96,    -1,    -1,    -1,    -1,    65,    -1,    -1,
++      -1,   105,   106,    -1,    -1,    73,    74,    75,    76,    77,
++      78,    79,    80,    81,    82,    83,    84,    85,    86,    87,
++      88,    89,    -1,   127,    92,    93,    94,    -1,    -1,    -1,
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,   105,   106,    -1,
+       -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+-     127
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   127
+ };
+ 
+-/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
+-   symbol of state STATE-NUM.  */
+-static const yytype_uint16 yystos[] =
++/* YYSTOS[STATE-NUM] -- The symbol kind of the accessing symbol of
++   state STATE-NUM.  */
++static const yytype_int16 yystos[] =
+ {
+-       0,   175,   176,   177,     0,   176,     3,     5,     6,     7,
++       0,   176,   177,   178,     0,   177,     3,     5,     6,     7,
+        8,     9,    10,    11,    13,    14,    15,    16,    20,    21,
+       22,    24,    25,    26,    28,    29,    30,    32,    33,    34,
+       54,    55,    56,    57,    58,    59,    60,    61,    62,    63,
+       64,    65,    73,    74,    75,    76,    77,    78,    79,    80,
+       81,    82,    83,    84,    85,    86,    87,    88,    89,    91,
+       92,    93,    94,    96,   105,   106,   109,   110,   111,   112,
+-     113,   114,   119,   122,   125,   127,   128,   129,   131,   178,
+-     179,   180,   184,   188,   192,   196,   200,   204,   210,   212,
+-     218,   222,   226,   230,   234,   238,   239,   243,   247,   251,
+-     255,   262,   269,   279,   283,   284,   291,   292,   293,   294,
+-     306,   308,   309,   310,   311,   312,   313,   314,   315,   317,
+-     318,   328,   332,   335,   351,   352,   353,   357,   358,   361,
+-     363,   364,   393,   417,   421,   425,    34,   152,   201,    36,
+-     152,   181,    36,   152,   185,    36,   152,   189,    34,   152,
+-     193,    34,   152,   197,    31,   333,   334,   333,   333,   333,
+-      34,   152,   329,    35,   333,   333,   333,   333,   333,   333,
+-     333,   333,    65,   425,   152,    35,   152,   280,    35,    35,
+-     152,   285,   333,   333,   333,    34,    35,   152,   270,   277,
+-     277,   152,   256,   277,   152,   263,   277,   351,   351,    76,
+-      64,    65,   337,    79,    74,    75,    76,    79,   352,   425,
+-     421,    34,   231,   223,    34,   152,   227,    36,   152,   240,
+-     421,   351,   167,   152,   244,   277,   152,   248,   277,   152,
+-     252,   351,   167,    94,    30,   362,    34,   119,   424,   107,
+-     138,   151,   202,   203,   138,   182,   183,   138,   186,   187,
+-     138,   190,   191,   138,   194,   195,   138,   198,   199,   333,
+-      31,    33,   134,   140,   330,   331,   333,    35,   338,   351,
+-     163,   398,   235,   138,   139,   281,   282,   138,   286,   287,
+-     135,   136,   138,   146,   147,   148,   149,   150,   151,   272,
+-     273,   156,   274,   271,   107,   278,   138,   257,   258,   156,
+-     259,   138,   264,   265,   156,   266,   365,   359,    34,   339,
+-      76,   424,    34,   152,   219,   156,   156,   138,   228,   229,
+-     137,   143,   144,   145,   241,   242,   398,   152,   152,   205,
+-     421,   426,   138,   245,   246,   138,   249,   250,   138,   253,
+-     254,   426,   353,   425,   364,   152,   398,   152,   155,   159,
+-     160,   161,   162,   163,   164,   165,   166,   167,   168,   170,
+-     172,   173,   394,   162,   164,   423,   155,   155,   153,   154,
+-     155,   153,   154,   155,   153,   154,   155,   153,   154,   155,
+-     153,   154,   155,   153,   154,   155,   155,   153,   154,   333,
+-      34,   399,   400,   211,    34,   159,   236,   237,   339,   155,
+-     155,   153,   154,   155,   153,   154,   155,   155,   155,   155,
+-     155,   155,   155,   155,   155,   153,   154,     4,    12,   234,
+-     238,   275,   276,   319,   323,   278,   155,   153,   154,   234,
+-     238,   260,   261,   323,   155,   153,   154,   234,   238,   267,
+-     268,   323,   169,   367,   367,   398,   423,   398,   162,   156,
+-     220,    34,   232,   233,    34,   224,   225,   155,   153,   154,
+-     155,   155,   155,   155,   153,   154,    98,    99,   100,   101,
+-     102,   103,   104,   121,   406,   407,   408,   421,   422,   351,
+-     398,   154,   168,   155,   153,   154,   155,   153,   154,   155,
+-     153,   154,   168,   398,   406,   156,   418,   153,   152,   155,
+-     155,   155,   155,   155,   155,   155,   155,   155,   167,   155,
+-     168,   171,   155,   155,   152,    96,    34,    36,   381,   107,
+-     203,    36,   183,    36,   187,    36,   191,    34,   195,    34,
+-     199,    34,   107,   331,   155,   154,   163,   156,   214,    34,
+-      95,   153,   160,    35,   116,   117,   354,   282,    35,   287,
+-      36,    36,   277,   354,   354,   354,   354,    34,   107,   273,
+-     152,   320,    36,   152,   324,   157,   276,   277,   258,   157,
+-     261,   277,   265,   157,   268,    66,    67,    68,   368,   369,
+-     370,   398,   398,   336,   158,    34,   179,   221,   363,   158,
+-     157,   233,   157,   225,   381,   229,    36,    36,    36,    36,
+-     242,   339,   339,   339,   339,   339,   152,   152,   339,   153,
+-     154,   339,   155,   345,   153,   156,   206,   421,   277,   246,
+-     277,   250,   351,   254,   213,   153,    17,    18,    19,   234,
+-     238,   419,   420,   158,   421,   155,   155,   406,    34,    36,
+-     107,   277,   401,   400,    27,    50,    51,    52,    97,   215,
+-     216,   217,   234,   238,   294,   303,   307,   335,    34,   159,
+-     339,   141,   321,   322,   132,   143,   325,   326,   333,   158,
+-     158,   158,   154,   351,   366,   360,   156,   323,   327,   153,
+-     157,   179,   398,   398,   398,   398,   398,   406,   406,   398,
+-      96,   395,   408,   398,   152,   346,   349,   350,   123,   207,
+-     208,   209,   234,   238,   294,   214,   395,   333,   333,   333,
+-     157,   420,    17,   288,   153,   153,   169,   333,   333,   333,
+-     333,   421,   157,   216,    34,   155,   153,   154,   155,   155,
+-     153,   154,   369,   156,   371,   371,    34,   234,   238,   340,
+-     341,   342,   152,   345,   345,   345,   153,   153,   126,   396,
+-     351,   160,   161,   162,   163,   164,   165,   347,   159,   160,
+-     161,   162,   164,   166,   348,   333,   157,   208,   396,   333,
+-      18,   289,   158,   395,   278,    34,   158,    36,   322,    36,
+-      36,   326,    11,    23,    34,    38,    39,    40,    41,    42,
+-      43,    44,    45,    46,    51,    52,    53,    66,    67,    68,
+-      69,    70,    72,    90,    97,   124,   130,   166,   204,   218,
+-     234,   238,   294,   295,   296,   297,   298,   299,   300,   301,
+-     302,   303,   304,   305,   307,   316,   323,   335,   357,   358,
+-     361,   364,   372,   373,   374,   383,   385,   386,   388,   393,
+-     409,   412,   414,   415,   417,   158,   158,   155,   344,   157,
+-     342,   426,   339,   339,   120,   427,   153,   349,    36,   107,
+-     108,   115,   118,   156,   351,   354,   355,   425,   158,   427,
+-     333,    19,   290,   396,   160,   152,   333,   333,   152,   333,
+-     333,   333,   333,   333,   333,   333,   333,   333,   333,   333,
+-     333,    71,   382,   382,   382,   169,   410,   411,   384,   416,
+-     413,   387,   152,   375,    34,   157,   373,   349,   398,   158,
+-     153,   398,   398,   152,   155,   397,   157,   152,   397,   333,
+-     427,   278,   406,   406,   169,   169,   169,    90,   412,   412,
+-     385,   393,   421,   414,    34,   388,   133,   138,   142,   376,
+-     377,   156,   378,   152,   154,   343,   398,   351,   428,   107,
+-     398,   346,   356,   398,   397,   153,   153,    34,   155,   155,
+-     155,   153,   154,   234,   238,   323,   379,   380,   153,   158,
+-     153,   154,   170,   391,   153,   154,   391,   398,   395,   427,
+-      34,   381,    34,   377,   157,   380,   427,   327,   351,   392,
+-     158,   346,   158,   391,   427,   398,   158,   397,   421,    49,
+-     404,   327,   158,   398,   170,   389,   398,   152,   333,    48,
+-     403,   404,   404,   391,   390,   158,   158,   406,   333,    37,
+-     405,   403,   403,   158,   152,   327,   404,   153,   333,    47,
+-     402,   405,   405,   327,   406,   404,   403,   171,   333,   402,
+-     402,   404,   153,   403,   405,   403,   171
++     113,   114,   119,   122,   125,   127,   128,   129,   131,   179,
++     180,   181,   185,   189,   193,   197,   201,   205,   211,   213,
++     219,   223,   227,   231,   235,   239,   240,   244,   248,   252,
++     256,   263,   270,   280,   284,   285,   292,   293,   294,   295,
++     307,   309,   310,   311,   312,   313,   314,   315,   316,   318,
++     319,   329,   333,   336,   352,   353,   354,   358,   359,   362,
++     364,   365,   394,   418,   422,   426,    34,   153,   202,    36,
++     153,   182,    36,   153,   186,    36,   153,   190,    34,   153,
++     194,    34,   153,   198,    31,   334,   335,   334,   334,   334,
++      34,   153,   330,    35,   334,   334,   334,   334,   334,   334,
++     334,   334,    65,   426,   153,    35,   153,   281,    35,    35,
++     153,   286,   334,   334,   334,    34,    35,   153,   271,   278,
++     278,   153,   257,   278,   153,   264,   278,   352,   352,    76,
++      64,    65,   338,    79,    74,    75,    76,    79,   353,   426,
++     422,    34,   232,   224,    34,   153,   228,    36,   153,   241,
++     422,   352,   168,   153,   245,   278,   153,   249,   278,   153,
++     253,   352,   168,    94,    30,   363,    34,   119,   425,   107,
++     138,   152,   203,   204,   138,   183,   184,   138,   187,   188,
++     138,   191,   192,   138,   195,   196,   138,   199,   200,   334,
++      31,    33,   134,   140,   331,   332,   334,    35,   339,   352,
++     164,   399,   236,   138,   139,   282,   283,   138,   287,   288,
++     135,   136,   138,   146,   147,   148,   149,   150,   151,   152,
++     273,   274,   157,   275,   272,   107,   279,   138,   258,   259,
++     157,   260,   138,   265,   266,   157,   267,   366,   360,    34,
++     340,    76,   425,    34,   153,   220,   157,   157,   138,   229,
++     230,   137,   143,   144,   145,   242,   243,   399,   153,   153,
++     206,   422,   427,   138,   246,   247,   138,   250,   251,   138,
++     254,   255,   427,   354,   426,   365,   153,   399,   153,   156,
++     160,   161,   162,   163,   164,   165,   166,   167,   168,   169,
++     171,   173,   174,   395,   163,   165,   424,   156,   156,   154,
++     155,   156,   154,   155,   156,   154,   155,   156,   154,   155,
++     156,   154,   155,   156,   154,   155,   156,   156,   154,   155,
++     334,    34,   400,   401,   212,    34,   160,   237,   238,   340,
++     156,   156,   154,   155,   156,   154,   155,   156,   156,   156,
++     156,   156,   156,   156,   156,   156,   156,   154,   155,     4,
++      12,   235,   239,   276,   277,   320,   324,   279,   156,   154,
++     155,   235,   239,   261,   262,   324,   156,   154,   155,   235,
++     239,   268,   269,   324,   170,   368,   368,   399,   424,   399,
++     163,   157,   221,    34,   233,   234,    34,   225,   226,   156,
++     154,   155,   156,   156,   156,   156,   154,   155,    98,    99,
++     100,   101,   102,   103,   104,   121,   407,   408,   409,   422,
++     423,   352,   399,   155,   169,   156,   154,   155,   156,   154,
++     155,   156,   154,   155,   169,   399,   407,   157,   419,   154,
++     153,   156,   156,   156,   156,   156,   156,   156,   156,   156,
++     168,   156,   169,   172,   156,   156,   153,    96,    34,    36,
++     382,   107,   204,    36,   184,    36,   188,    36,   192,    34,
++     196,    34,   200,    34,   107,   332,   156,   155,   164,   157,
++     215,    34,    95,   154,   161,    35,   116,   117,   355,   283,
++      35,   288,    36,    36,   278,   355,   355,   355,   355,   355,
++      34,   107,   274,   153,   321,    36,   153,   325,   158,   277,
++     278,   259,   158,   262,   278,   266,   158,   269,    66,    67,
++      68,   369,   370,   371,   399,   399,   337,   159,    34,   180,
++     222,   364,   159,   158,   234,   158,   226,   382,   230,    36,
++      36,    36,    36,   243,   340,   340,   340,   340,   340,   153,
++     153,   340,   154,   155,   340,   156,   346,   154,   157,   207,
++     422,   278,   247,   278,   251,   352,   255,   214,   154,    17,
++      18,    19,   235,   239,   420,   421,   159,   422,   156,   156,
++     407,    34,    36,   107,   278,   402,   401,    27,    50,    51,
++      52,    97,   216,   217,   218,   235,   239,   295,   304,   308,
++     336,    34,   160,   340,   141,   322,   323,   132,   143,   326,
++     327,   334,   159,   159,   159,   155,   352,   367,   361,   157,
++     324,   328,   154,   158,   180,   399,   399,   399,   399,   399,
++     407,   407,   399,    96,   396,   409,   399,   153,   347,   350,
++     351,   123,   208,   209,   210,   235,   239,   295,   215,   396,
++     334,   334,   334,   158,   421,    17,   289,   154,   154,   170,
++     334,   334,   334,   334,   422,   158,   217,    34,   156,   154,
++     155,   156,   156,   154,   155,   370,   157,   372,   372,    34,
++     235,   239,   341,   342,   343,   153,   346,   346,   346,   154,
++     154,   126,   397,   352,   161,   162,   163,   164,   165,   166,
++     348,   160,   161,   162,   163,   165,   167,   349,   334,   158,
++     209,   397,   334,    18,   290,   159,   396,   279,    34,   159,
++      36,   323,    36,    36,   327,    11,    23,    34,    38,    39,
++      40,    41,    42,    43,    44,    45,    46,    51,    52,    53,
++      66,    67,    68,    69,    70,    72,    90,    97,   124,   130,
++     167,   205,   219,   235,   239,   295,   296,   297,   298,   299,
++     300,   301,   302,   303,   304,   305,   306,   308,   317,   324,
++     336,   358,   359,   362,   365,   373,   374,   375,   384,   386,
++     387,   389,   394,   410,   413,   415,   416,   418,   159,   159,
++     156,   345,   158,   343,   427,   340,   340,   120,   428,   154,
++     350,    36,   107,   108,   115,   118,   157,   352,   355,   356,
++     426,   159,   428,   334,    19,   291,   397,   161,   153,   334,
++     334,   153,   334,   334,   334,   334,   334,   334,   334,   334,
++     334,   334,   334,   334,    71,   383,   383,   383,   170,   411,
++     412,   385,   417,   414,   388,   153,   376,    34,   158,   374,
++     350,   399,   159,   154,   399,   399,   153,   156,   398,   158,
++     153,   398,   334,   428,   279,   407,   407,   170,   170,   170,
++      90,   413,   413,   386,   394,   422,   415,    34,   389,   133,
++     138,   142,   377,   378,   157,   379,   153,   155,   344,   399,
++     352,   429,   107,   399,   347,   357,   399,   398,   154,   154,
++      34,   156,   156,   156,   154,   155,   235,   239,   324,   380,
++     381,   154,   159,   154,   155,   171,   392,   154,   155,   392,
++     399,   396,   428,    34,   382,    34,   378,   158,   381,   428,
++     328,   352,   393,   159,   347,   159,   392,   428,   399,   159,
++     398,   422,    49,   405,   328,   159,   399,   171,   390,   399,
++     153,   334,    48,   404,   405,   405,   392,   391,   159,   159,
++     407,   334,    37,   406,   404,   404,   159,   153,   328,   405,
++     154,   334,    47,   403,   406,   406,   328,   407,   405,   404,
++     172,   334,   403,   403,   405,   154,   404,   406,   404,   172
+ };
+ 
+-#define yyerrok		(yyerrstatus = 0)
+-#define yyclearin	(yychar = YYEMPTY)
+-#define YYEMPTY		(-2)
+-#define YYEOF		0
+-
+-#define YYACCEPT	goto yyacceptlab
+-#define YYABORT		goto yyabortlab
+-#define YYERROR		goto yyerrorlab
+-
++/* YYR1[RULE-NUM] -- Symbol kind of the left-hand side of rule RULE-NUM.  */
++static const yytype_int16 yyr1[] =
++{
++       0,   175,   176,   176,   178,   177,   179,   179,   179,   179,
++     179,   179,   179,   179,   179,   179,   179,   179,   179,   179,
++     179,   179,   179,   179,   179,   179,   179,   179,   179,   179,
++     179,   179,   179,   179,   179,   179,   179,   179,   179,   179,
++     179,   179,   179,   179,   180,   180,   180,   180,   180,   180,
++     180,   180,   180,   180,   180,   180,   181,   182,   182,   183,
++     183,   184,   185,   186,   186,   187,   187,   188,   189,   190,
++     190,   191,   191,   192,   193,   194,   194,   195,   195,   196,
++     197,   198,   198,   199,   199,   200,   201,   202,   202,   203,
++     203,   204,   204,   205,   206,   206,   207,   208,   208,   209,
++     209,   209,   209,   210,   212,   211,   214,   213,   215,   216,
++     216,   217,   217,   217,   217,   217,   217,   217,   217,   217,
++     218,   220,   219,   221,   221,   222,   222,   224,   223,   225,
++     225,   226,   227,   228,   228,   229,   229,   230,   232,   231,
++     233,   233,   234,   236,   235,   237,   237,   237,   237,   238,
++     238,   239,   240,   241,   241,   241,   242,   242,   243,   243,
++     243,   243,   244,   245,   245,   246,   246,   247,   248,   249,
++     249,   250,   250,   251,   252,   253,   253,   254,   254,   255,
++     256,   257,   257,   258,   258,   259,   260,   260,   261,   261,
++     262,   262,   262,   263,   264,   264,   265,   265,   266,   267,
++     267,   268,   268,   269,   269,   269,   270,   270,   272,   271,
++     271,   273,   273,   274,   274,   274,   274,   274,   274,   274,
++     274,   274,   274,   275,   275,   276,   276,   277,   277,   277,
++     277,   278,   278,   279,   279,   280,   281,   281,   282,   282,
++     283,   283,   284,   285,   286,   286,   287,   287,   288,   289,
++     289,   290,   290,   291,   291,   292,   293,   294,   295,   296,
++     297,   298,   299,   300,   301,   302,   303,   304,   305,   306,
++     307,   308,   309,   310,   311,   312,   313,   314,   315,   316,
++     317,   318,   319,   320,   321,   322,   322,   323,   324,   325,
++     325,   325,   326,   326,   327,   327,   328,   328,   329,   330,
++     330,   331,   331,   332,   332,   333,   334,   335,   335,   337,
++     336,   338,   338,   338,   339,   339,   340,   340,   341,   341,
++     342,   342,   343,   343,   343,   344,   344,   345,   345,   346,
++     346,   347,   347,   348,   348,   348,   348,   348,   348,   349,
++     349,   349,   349,   349,   349,   349,   350,   351,   351,   352,
++     352,   353,   353,   354,   355,   355,   356,   356,   356,   356,
++     356,   356,   356,   356,   356,   357,   357,   357,   358,   358,
++     360,   361,   359,   363,   362,   364,   366,   367,   365,   368,
++     368,   369,   369,   370,   371,   371,   371,   371,   372,   372,
++     373,   373,   373,   374,   374,   374,   374,   374,   374,   374,
++     374,   374,   374,   374,   374,   374,   374,   374,   374,   374,
++     374,   374,   374,   374,   374,   374,   374,   374,   374,   374,
++     374,   374,   374,   374,   374,   374,   374,   374,   375,   376,
++     377,   377,   378,   378,   378,   379,   379,   380,   380,   381,
++     381,   381,   382,   382,   383,   383,   385,   384,   384,   386,
++     388,   387,   387,   389,   390,   391,   390,   392,   393,   392,
++     394,   394,   394,   394,   395,   395,   395,   395,   395,   395,
++     395,   395,   395,   395,   395,   395,   395,   395,   395,   395,
++     395,   395,   395,   395,   395,   395,   395,   395,   395,   395,
++     395,   395,   395,   396,   396,   397,   397,   398,   398,   399,
++     399,   400,   400,   401,   401,   402,   402,   402,   402,   403,
++     403,   404,   404,   405,   405,   406,   406,   407,   408,   408,
++     408,   409,   409,   409,   409,   409,   409,   409,   409,   409,
++     411,   410,   412,   410,   410,   414,   413,   413,   415,   415,
++     417,   416,   416,   418,   419,   419,   420,   420,   421,   421,
++     421,   421,   421,   422,   422,   423,   424,   424,   425,   425,
++     425,   426,   426,   426,   426,   426,   426,   426,   426,   426,
++     426,   426,   426,   426,   426,   426,   426,   426,   426,   426,
++     426,   426,   426,   426,   426,   426,   426,   426,   426,   426,
++     426,   426,   427,   427,   428,   428,   429,   429,   429
++};
+ 
+-/* Like YYERROR except do call yyerror.  This remains here temporarily
+-   to ease the transition to the new meaning of YYERROR, for GCC.
+-   Once GCC version 2 has supplanted version 1, this can go.  */
++/* YYR2[RULE-NUM] -- Number of symbols on the right-hand side of rule RULE-NUM.  */
++static const yytype_int8 yyr2[] =
++{
++       0,     2,     1,     2,     0,     2,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     2,     1,     3,     1,
++       3,     3,     2,     1,     3,     1,     3,     3,     2,     1,
++       3,     1,     3,     3,     2,     1,     3,     1,     3,     3,
++       3,     1,     3,     1,     3,     3,     2,     2,     3,     1,
++       3,     3,     3,     5,     0,     3,     4,     1,     2,     1,
++       1,     1,     1,     2,     0,     5,     0,     6,     4,     1,
++       2,     1,     1,     1,     1,     2,     2,     1,     1,     1,
++      14,     0,     5,     0,     3,     1,     2,     0,     5,     1,
++       2,     1,     2,     1,     3,     1,     3,     3,     0,     5,
++       1,     2,     1,     0,     5,     1,     2,     3,     4,     1,
++       3,     1,     3,     0,     1,     3,     1,     3,     3,     3,
++       3,     3,     2,     1,     3,     1,     3,     3,     2,     1,
++       3,     1,     3,     3,     2,     1,     3,     1,     3,     3,
++       3,     1,     3,     1,     3,     3,     0,     4,     1,     2,
++       1,     1,     1,     3,     1,     3,     1,     3,     3,     0,
++       4,     1,     2,     1,     1,     1,     3,     3,     0,     3,
++       3,     1,     3,     3,     3,     3,     3,     3,     3,     3,
++       3,     3,     3,     0,     4,     1,     2,     1,     1,     1,
++       1,     1,     1,     0,     1,     2,     1,     3,     1,     3,
++       3,     3,     2,     2,     1,     3,     1,     3,     3,     0,
++       2,     0,     2,     0,     2,     2,     2,     2,     2,     2,
++       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
++       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
++       2,     2,     2,     2,     3,     1,     3,     3,     3,     0,
++       1,     3,     1,     3,     3,     3,     0,     1,     3,     1,
++       3,     1,     3,     3,     3,     4,     2,     1,     2,     0,
++       9,     0,     1,     1,     0,     1,     0,     1,     0,     1,
++       1,     2,     1,     1,     4,     0,     1,     0,     2,     0,
++       2,     1,     3,     1,     1,     1,     1,     1,     1,     0,
++       1,     1,     1,     1,     1,     1,     3,     0,     3,     2,
++       1,     1,     3,     1,     1,     1,     1,     4,     2,     1,
++       1,     1,     1,     1,     1,     0,     1,     3,     6,    12,
++       0,     0,     8,     0,     3,     4,     0,     0,     8,     0,
++       2,     1,     3,     2,     0,     1,     1,     1,     0,     3,
++       0,     1,     2,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     2,     2,     2,     3,     3,     3,     2,     3,     3,
++       1,     3,     3,     3,     3,     0,     4,     1,     2,     1,
++       1,     1,     1,     1,     0,     1,     0,     3,     1,    11,
++       0,     3,     1,    11,     0,     0,     6,     0,     0,     7,
++      17,     7,    17,    16,     1,     1,     1,     1,     1,     1,
++       1,     1,     2,     2,     2,     2,     2,     2,     2,     2,
++       2,     2,     3,     3,     1,     2,     2,     1,     2,     2,
++       2,     1,     2,     0,     1,     0,     1,     0,     2,     0,
++       3,     1,     3,     1,     3,     1,     5,     1,     1,     0,
++       2,     0,     2,     0,     2,     0,     2,     1,     0,     1,
++       3,     4,     4,     4,     3,     3,     6,     6,     3,     2,
++       0,     3,     0,     3,     1,     0,     3,     1,     1,     1,
++       0,     3,     1,     8,     0,     3,     1,     2,     1,     1,
++       2,     2,     2,     4,     3,     3,     0,     1,     0,     3,
++       2,     1,     4,     2,     2,     1,     1,     2,     1,     1,
++       2,     2,     3,     1,     1,     1,     2,     2,     1,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     3,     0,     4,     0,     1,     3
++};
+ 
+-#define YYFAIL		goto yyerrlab
+ 
+-#define YYRECOVERING()  (!!yyerrstatus)
++enum { YYENOMEM = -2 };
+ 
+-#define YYBACKUP(Token, Value)					\
+-do								\
+-  if (yychar == YYEMPTY && yylen == 1)				\
+-    {								\
+-      yychar = (Token);						\
+-      yylval = (Value);						\
+-      yytoken = YYTRANSLATE (yychar);				\
+-      YYPOPSTACK (1);						\
+-      goto yybackup;						\
+-    }								\
+-  else								\
+-    {								\
+-      yyerror (YY_("syntax error: cannot back up")); \
+-      YYERROR;							\
+-    }								\
+-while (YYID (0))
+-
+-
+-#define YYTERROR	1
+-#define YYERRCODE	256
+-
+-
+-/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
+-   If N is 0, then set CURRENT to the empty location which ends
+-   the previous symbol: RHS[0] (always defined).  */
+-
+-#define YYRHSLOC(Rhs, K) ((Rhs)[K])
+-#ifndef YYLLOC_DEFAULT
+-# define YYLLOC_DEFAULT(Current, Rhs, N)				\
+-    do									\
+-      if (YYID (N))                                                    \
+-	{								\
+-	  (Current).first_line   = YYRHSLOC (Rhs, 1).first_line;	\
+-	  (Current).first_column = YYRHSLOC (Rhs, 1).first_column;	\
+-	  (Current).last_line    = YYRHSLOC (Rhs, N).last_line;		\
+-	  (Current).last_column  = YYRHSLOC (Rhs, N).last_column;	\
+-	}								\
+-      else								\
+-	{								\
+-	  (Current).first_line   = (Current).last_line   =		\
+-	    YYRHSLOC (Rhs, 0).last_line;				\
+-	  (Current).first_column = (Current).last_column =		\
+-	    YYRHSLOC (Rhs, 0).last_column;				\
+-	}								\
+-    while (YYID (0))
+-#endif
++#define yyerrok         (yyerrstatus = 0)
++#define yyclearin       (yychar = YYEMPTY)
+ 
++#define YYACCEPT        goto yyacceptlab
++#define YYABORT         goto yyabortlab
++#define YYERROR         goto yyerrorlab
++#define YYNOMEM         goto yyexhaustedlab
+ 
+-/* YY_LOCATION_PRINT -- Print the location on the stream.
+-   This macro was not mandated originally: define only if we know
+-   we won't break user code: when these are the locations we know.  */
+-
+-#ifndef YY_LOCATION_PRINT
+-# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
+-#  define YY_LOCATION_PRINT(File, Loc)			\
+-     fprintf (File, "%d.%d-%d.%d",			\
+-	      (Loc).first_line, (Loc).first_column,	\
+-	      (Loc).last_line,  (Loc).last_column)
+-# else
+-#  define YY_LOCATION_PRINT(File, Loc) ((void) 0)
+-# endif
+-#endif
+ 
++#define YYRECOVERING()  (!!yyerrstatus)
+ 
+-/* YYLEX -- calling `yylex' with the right arguments.  */
++#define YYBACKUP(Token, Value)                                    \
++  do                                                              \
++    if (yychar == YYEMPTY)                                        \
++      {                                                           \
++        yychar = (Token);                                         \
++        yylval = (Value);                                         \
++        YYPOPSTACK (yylen);                                       \
++        yystate = *yyssp;                                         \
++        goto yybackup;                                            \
++      }                                                           \
++    else                                                          \
++      {                                                           \
++        yyerror (YY_("syntax error: cannot back up")); \
++        YYERROR;                                                  \
++      }                                                           \
++  while (0)
++
++/* Backward compatibility with an undocumented macro.
++   Use YYerror or YYUNDEF. */
++#define YYERRCODE YYUNDEF
+ 
+-#ifdef YYLEX_PARAM
+-# define YYLEX yylex (YYLEX_PARAM)
+-#else
+-# define YYLEX yylex ()
+-#endif
+ 
+ /* Enable debugging if requested.  */
+ #if YYDEBUG
+@@ -2321,80 +2213,58 @@ while (YYID (0))
+ #  define YYFPRINTF fprintf
+ # endif
+ 
+-# define YYDPRINTF(Args)			\
+-do {						\
+-  if (yydebug)					\
+-    YYFPRINTF Args;				\
+-} while (YYID (0))
+-
+-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)			  \
+-do {									  \
+-  if (yydebug)								  \
+-    {									  \
+-      YYFPRINTF (stderr, "%s ", Title);					  \
+-      yy_symbol_print (stderr,						  \
+-		  Type, Value); \
+-      YYFPRINTF (stderr, "\n");						  \
+-    }									  \
+-} while (YYID (0))
+-
+-
+-/*--------------------------------.
+-| Print this symbol on YYOUTPUT.  |
+-`--------------------------------*/
+-
+-/*ARGSUSED*/
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+-static void
+-yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+-#else
++# define YYDPRINTF(Args)                        \
++do {                                            \
++  if (yydebug)                                  \
++    YYFPRINTF Args;                             \
++} while (0)
++
++
++
++
++# define YY_SYMBOL_PRINT(Title, Kind, Value, Location)                    \
++do {                                                                      \
++  if (yydebug)                                                            \
++    {                                                                     \
++      YYFPRINTF (stderr, "%s ", Title);                                   \
++      yy_symbol_print (stderr,                                            \
++                  Kind, Value); \
++      YYFPRINTF (stderr, "\n");                                           \
++    }                                                                     \
++} while (0)
++
++
++/*-----------------------------------.
++| Print this symbol's value on YYO.  |
++`-----------------------------------*/
++
+ static void
+-yy_symbol_value_print (yyoutput, yytype, yyvaluep)
+-    FILE *yyoutput;
+-    int yytype;
+-    YYSTYPE const * const yyvaluep;
+-#endif
++yy_symbol_value_print (FILE *yyo,
++                       yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep)
+ {
++  FILE *yyoutput = yyo;
++  YY_USE (yyoutput);
+   if (!yyvaluep)
+     return;
+-# ifdef YYPRINT
+-  if (yytype < YYNTOKENS)
+-    YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
+-# else
+-  YYUSE (yyoutput);
+-# endif
+-  switch (yytype)
+-    {
+-      default:
+-	break;
+-    }
++  YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
++  YY_USE (yykind);
++  YY_IGNORE_MAYBE_UNINITIALIZED_END
+ }
+ 
+ 
+-/*--------------------------------.
+-| Print this symbol on YYOUTPUT.  |
+-`--------------------------------*/
++/*---------------------------.
++| Print this symbol on YYO.  |
++`---------------------------*/
+ 
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+-static void
+-yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+-#else
+ static void
+-yy_symbol_print (yyoutput, yytype, yyvaluep)
+-    FILE *yyoutput;
+-    int yytype;
+-    YYSTYPE const * const yyvaluep;
+-#endif
++yy_symbol_print (FILE *yyo,
++                 yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep)
+ {
+-  if (yytype < YYNTOKENS)
+-    YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
+-  else
+-    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
++  YYFPRINTF (yyo, "%s %s (",
++             yykind < YYNTOKENS ? "token" : "nterm", yysymbol_name (yykind));
+ 
+-  yy_symbol_value_print (yyoutput, yytype, yyvaluep);
+-  YYFPRINTF (yyoutput, ")");
++  yy_symbol_value_print (yyo, yykind, yyvaluep);
++  YYFPRINTF (yyo, ")");
+ }
+ 
+ /*------------------------------------------------------------------.
+@@ -2402,80 +2272,68 @@ yy_symbol_print (yyoutput, yytype, yyval
+ | TOP (included).                                                   |
+ `------------------------------------------------------------------*/
+ 
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+-static void
+-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
+-#else
+ static void
+-yy_stack_print (bottom, top)
+-    yytype_int16 *bottom;
+-    yytype_int16 *top;
+-#endif
++yy_stack_print (yy_state_t *yybottom, yy_state_t *yytop)
+ {
+   YYFPRINTF (stderr, "Stack now");
+-  for (; bottom <= top; ++bottom)
+-    YYFPRINTF (stderr, " %d", *bottom);
++  for (; yybottom <= yytop; yybottom++)
++    {
++      int yybot = *yybottom;
++      YYFPRINTF (stderr, " %d", yybot);
++    }
+   YYFPRINTF (stderr, "\n");
+ }
+ 
+-# define YY_STACK_PRINT(Bottom, Top)				\
+-do {								\
+-  if (yydebug)							\
+-    yy_stack_print ((Bottom), (Top));				\
+-} while (YYID (0))
++# define YY_STACK_PRINT(Bottom, Top)                            \
++do {                                                            \
++  if (yydebug)                                                  \
++    yy_stack_print ((Bottom), (Top));                           \
++} while (0)
+ 
+ 
+ /*------------------------------------------------.
+ | Report that the YYRULE is going to be reduced.  |
+ `------------------------------------------------*/
+ 
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+ static void
+-yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
+-#else
+-static void
+-yy_reduce_print (yyvsp, yyrule)
+-    YYSTYPE *yyvsp;
+-    int yyrule;
+-#endif
++yy_reduce_print (yy_state_t *yyssp, YYSTYPE *yyvsp,
++                 int yyrule)
+ {
++  int yylno = yyrline[yyrule];
+   int yynrhs = yyr2[yyrule];
+   int yyi;
+-  unsigned long int yylno = yyrline[yyrule];
+-  YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
+-	     yyrule - 1, yylno);
++  YYFPRINTF (stderr, "Reducing stack by rule %d (line %d):\n",
++             yyrule - 1, yylno);
+   /* The symbols being reduced.  */
+   for (yyi = 0; yyi < yynrhs; yyi++)
+     {
+-      fprintf (stderr, "   $%d = ", yyi + 1);
+-      yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
+-		       &(yyvsp[(yyi + 1) - (yynrhs)])
+-		       		       );
+-      fprintf (stderr, "\n");
++      YYFPRINTF (stderr, "   $%d = ", yyi + 1);
++      yy_symbol_print (stderr,
++                       YY_ACCESSING_SYMBOL (+yyssp[yyi + 1 - yynrhs]),
++                       &yyvsp[(yyi + 1) - (yynrhs)]);
++      YYFPRINTF (stderr, "\n");
+     }
+ }
+ 
+-# define YY_REDUCE_PRINT(Rule)		\
+-do {					\
+-  if (yydebug)				\
+-    yy_reduce_print (yyvsp, Rule); \
+-} while (YYID (0))
++# define YY_REDUCE_PRINT(Rule)          \
++do {                                    \
++  if (yydebug)                          \
++    yy_reduce_print (yyssp, yyvsp, Rule); \
++} while (0)
+ 
+ /* Nonzero means print parse trace.  It is left uninitialized so that
+    multiple parsers can coexist.  */
+ int yydebug;
+ #else /* !YYDEBUG */
+-# define YYDPRINTF(Args)
+-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
++# define YYDPRINTF(Args) ((void) 0)
++# define YY_SYMBOL_PRINT(Title, Kind, Value, Location)
+ # define YY_STACK_PRINT(Bottom, Top)
+ # define YY_REDUCE_PRINT(Rule)
+ #endif /* !YYDEBUG */
+ 
+ 
+ /* YYINITDEPTH -- initial size of the parser's stacks.  */
+-#ifndef	YYINITDEPTH
++#ifndef YYINITDEPTH
+ # define YYINITDEPTH 200
+ #endif
+ 
+@@ -2490,478 +2348,219 @@ int yydebug;
+ # define YYMAXDEPTH 10000
+ #endif
+ 
+-
+ 
+-#if YYERROR_VERBOSE
+ 
+-# ifndef yystrlen
+-#  if defined __GLIBC__ && defined _STRING_H
+-#   define yystrlen strlen
+-#  else
+-/* Return the length of YYSTR.  */
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+-static YYSIZE_T
+-yystrlen (const char *yystr)
+-#else
+-static YYSIZE_T
+-yystrlen (yystr)
+-    const char *yystr;
+-#endif
+-{
+-  YYSIZE_T yylen;
+-  for (yylen = 0; yystr[yylen]; yylen++)
+-    continue;
+-  return yylen;
+-}
+-#  endif
+-# endif
+ 
+-# ifndef yystpcpy
+-#  if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
+-#   define yystpcpy stpcpy
+-#  else
+-/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
+-   YYDEST.  */
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+-static char *
+-yystpcpy (char *yydest, const char *yysrc)
+-#else
+-static char *
+-yystpcpy (yydest, yysrc)
+-    char *yydest;
+-    const char *yysrc;
+-#endif
+-{
+-  char *yyd = yydest;
+-  const char *yys = yysrc;
+ 
+-  while ((*yyd++ = *yys++) != '\0')
+-    continue;
+-
+-  return yyd - 1;
+-}
+-#  endif
+-# endif
+-
+-# ifndef yytnamerr
+-/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
+-   quotes and backslashes, so that it's suitable for yyerror.  The
+-   heuristic is that double-quoting is unnecessary unless the string
+-   contains an apostrophe, a comma, or backslash (other than
+-   backslash-backslash).  YYSTR is taken from yytname.  If YYRES is
+-   null, do not copy; instead, return the length of what the result
+-   would have been.  */
+-static YYSIZE_T
+-yytnamerr (char *yyres, const char *yystr)
+-{
+-  if (*yystr == '"')
+-    {
+-      YYSIZE_T yyn = 0;
+-      char const *yyp = yystr;
+-
+-      for (;;)
+-	switch (*++yyp)
+-	  {
+-	  case '\'':
+-	  case ',':
+-	    goto do_not_strip_quotes;
+-
+-	  case '\\':
+-	    if (*++yyp != '\\')
+-	      goto do_not_strip_quotes;
+-	    /* Fall through.  */
+-	  default:
+-	    if (yyres)
+-	      yyres[yyn] = *yyp;
+-	    yyn++;
+-	    break;
+-
+-	  case '"':
+-	    if (yyres)
+-	      yyres[yyn] = '\0';
+-	    return yyn;
+-	  }
+-    do_not_strip_quotes: ;
+-    }
+-
+-  if (! yyres)
+-    return yystrlen (yystr);
+-
+-  return yystpcpy (yyres, yystr) - yyres;
+-}
+-# endif
+-
+-/* Copy into YYRESULT an error message about the unexpected token
+-   YYCHAR while in state YYSTATE.  Return the number of bytes copied,
+-   including the terminating null byte.  If YYRESULT is null, do not
+-   copy anything; just return the number of bytes that would be
+-   copied.  As a special case, return 0 if an ordinary "syntax error"
+-   message will do.  Return YYSIZE_MAXIMUM if overflow occurs during
+-   size calculation.  */
+-static YYSIZE_T
+-yysyntax_error (char *yyresult, int yystate, int yychar)
+-{
+-  int yyn = yypact[yystate];
+-
+-  if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
+-    return 0;
+-  else
+-    {
+-      int yytype = YYTRANSLATE (yychar);
+-      YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
+-      YYSIZE_T yysize = yysize0;
+-      YYSIZE_T yysize1;
+-      int yysize_overflow = 0;
+-      enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
+-      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
+-      int yyx;
+-
+-# if 0
+-      /* This is so xgettext sees the translatable formats that are
+-	 constructed on the fly.  */
+-      YY_("syntax error, unexpected %s");
+-      YY_("syntax error, unexpected %s, expecting %s");
+-      YY_("syntax error, unexpected %s, expecting %s or %s");
+-      YY_("syntax error, unexpected %s, expecting %s or %s or %s");
+-      YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
+-# endif
+-      char *yyfmt;
+-      char const *yyf;
+-      static char const yyunexpected[] = "syntax error, unexpected %s";
+-      static char const yyexpecting[] = ", expecting %s";
+-      static char const yyor[] = " or %s";
+-      char yyformat[sizeof yyunexpected
+-		    + sizeof yyexpecting - 1
+-		    + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
+-		       * (sizeof yyor - 1))];
+-      char const *yyprefix = yyexpecting;
+-
+-      /* Start YYX at -YYN if negative to avoid negative indexes in
+-	 YYCHECK.  */
+-      int yyxbegin = yyn < 0 ? -yyn : 0;
+-
+-      /* Stay within bounds of both yycheck and yytname.  */
+-      int yychecklim = YYLAST - yyn + 1;
+-      int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
+-      int yycount = 1;
+-
+-      yyarg[0] = yytname[yytype];
+-      yyfmt = yystpcpy (yyformat, yyunexpected);
+-
+-      for (yyx = yyxbegin; yyx < yyxend; ++yyx)
+-	if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
+-	  {
+-	    if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
+-	      {
+-		yycount = 1;
+-		yysize = yysize0;
+-		yyformat[sizeof yyunexpected - 1] = '\0';
+-		break;
+-	      }
+-	    yyarg[yycount++] = yytname[yyx];
+-	    yysize1 = yysize + yytnamerr (0, yytname[yyx]);
+-	    yysize_overflow |= (yysize1 < yysize);
+-	    yysize = yysize1;
+-	    yyfmt = yystpcpy (yyfmt, yyprefix);
+-	    yyprefix = yyor;
+-	  }
+-
+-      yyf = YY_(yyformat);
+-      yysize1 = yysize + yystrlen (yyf);
+-      yysize_overflow |= (yysize1 < yysize);
+-      yysize = yysize1;
+-
+-      if (yysize_overflow)
+-	return YYSIZE_MAXIMUM;
+-
+-      if (yyresult)
+-	{
+-	  /* Avoid sprintf, as that infringes on the user's name space.
+-	     Don't have undefined behavior even if the translation
+-	     produced a string with the wrong number of "%s"s.  */
+-	  char *yyp = yyresult;
+-	  int yyi = 0;
+-	  while ((*yyp = *yyf) != '\0')
+-	    {
+-	      if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
+-		{
+-		  yyp += yytnamerr (yyp, yyarg[yyi++]);
+-		  yyf += 2;
+-		}
+-	      else
+-		{
+-		  yyp++;
+-		  yyf++;
+-		}
+-	    }
+-	}
+-      return yysize;
+-    }
+-}
+-#endif /* YYERROR_VERBOSE */
+-
+ 
+ /*-----------------------------------------------.
+ | Release the memory associated to this symbol.  |
+ `-----------------------------------------------*/
+ 
+-/*ARGSUSED*/
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+-static void
+-yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
+-#else
+ static void
+-yydestruct (yymsg, yytype, yyvaluep)
+-    const char *yymsg;
+-    int yytype;
+-    YYSTYPE *yyvaluep;
+-#endif
++yydestruct (const char *yymsg,
++            yysymbol_kind_t yykind, YYSTYPE *yyvaluep)
+ {
+-  YYUSE (yyvaluep);
+-
++  YY_USE (yyvaluep);
+   if (!yymsg)
+     yymsg = "Deleting";
+-  YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
+-
+-  switch (yytype)
+-    {
++  YY_SYMBOL_PRINT (yymsg, yykind, yyvaluep, yylocationp);
+ 
+-      default:
+-	break;
+-    }
++  YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
++  YY_USE (yykind);
++  YY_IGNORE_MAYBE_UNINITIALIZED_END
+ }
+-
+-
+-/* Prevent warnings from -Wmissing-prototypes.  */
+-
+-#ifdef YYPARSE_PARAM
+-#if defined __STDC__ || defined __cplusplus
+-int yyparse (void *YYPARSE_PARAM);
+-#else
+-int yyparse ();
+-#endif
+-#else /* ! YYPARSE_PARAM */
+-#if defined __STDC__ || defined __cplusplus
+-int yyparse (void);
+-#else
+-int yyparse ();
+-#endif
+-#endif /* ! YYPARSE_PARAM */
+-
+ 
+ 
+-/* The look-ahead symbol.  */
++/* Lookahead token kind.  */
+ int yychar;
+ 
+-/* The semantic value of the look-ahead symbol.  */
++/* The semantic value of the lookahead symbol.  */
+ YYSTYPE yylval;
+-
+ /* Number of syntax errors so far.  */
+ int yynerrs;
+ 
+ 
+ 
++
+ /*----------.
+ | yyparse.  |
+ `----------*/
+ 
+-#ifdef YYPARSE_PARAM
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+-int
+-yyparse (void *YYPARSE_PARAM)
+-#else
+-int
+-yyparse (YYPARSE_PARAM)
+-    void *YYPARSE_PARAM;
+-#endif
+-#else /* ! YYPARSE_PARAM */
+-#if (defined __STDC__ || defined __C99__FUNC__ \
+-     || defined __cplusplus || defined _MSC_VER)
+ int
+ yyparse (void)
+-#else
+-int
+-yyparse ()
+-
+-#endif
+-#endif
+ {
+-  
+-  int yystate;
++    yy_state_fast_t yystate = 0;
++    /* Number of tokens to shift before error messages enabled.  */
++    int yyerrstatus = 0;
++
++    /* Refer to the stacks through separate pointers, to allow yyoverflow
++       to reallocate them elsewhere.  */
++
++    /* Their size.  */
++    YYPTRDIFF_T yystacksize = YYINITDEPTH;
++
++    /* The state stack: array, bottom, top.  */
++    yy_state_t yyssa[YYINITDEPTH];
++    yy_state_t *yyss = yyssa;
++    yy_state_t *yyssp = yyss;
++
++    /* The semantic value stack: array, bottom, top.  */
++    YYSTYPE yyvsa[YYINITDEPTH];
++    YYSTYPE *yyvs = yyvsa;
++    YYSTYPE *yyvsp = yyvs;
++
+   int yyn;
++  /* The return value of yyparse.  */
+   int yyresult;
+-  /* Number of tokens to shift before error messages enabled.  */
+-  int yyerrstatus;
+-  /* Look-ahead token as an internal (translated) token number.  */
+-  int yytoken = 0;
+-#if YYERROR_VERBOSE
+-  /* Buffer for error messages, and its allocated size.  */
+-  char yymsgbuf[128];
+-  char *yymsg = yymsgbuf;
+-  YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
+-#endif
+-
+-  /* Three stacks and their tools:
+-     `yyss': related to states,
+-     `yyvs': related to semantic values,
+-     `yyls': related to locations.
+-
+-     Refer to the stacks thru separate pointers, to allow yyoverflow
+-     to reallocate them elsewhere.  */
+-
+-  /* The state stack.  */
+-  yytype_int16 yyssa[YYINITDEPTH];
+-  yytype_int16 *yyss = yyssa;
+-  yytype_int16 *yyssp;
+-
+-  /* The semantic value stack.  */
+-  YYSTYPE yyvsa[YYINITDEPTH];
+-  YYSTYPE *yyvs = yyvsa;
+-  YYSTYPE *yyvsp;
+-
+-
+-
+-#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
+-
+-  YYSIZE_T yystacksize = YYINITDEPTH;
+-
++  /* Lookahead symbol kind.  */
++  yysymbol_kind_t yytoken = YYSYMBOL_YYEMPTY;
+   /* The variables used to return semantic value and location from the
+      action routines.  */
+   YYSTYPE yyval;
+ 
+ 
++
++#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
++
+   /* The number of symbols on the RHS of the reduced rule.
+      Keep to zero when no symbol should be popped.  */
+   int yylen = 0;
+ 
+   YYDPRINTF ((stderr, "Starting parse\n"));
+ 
+-  yystate = 0;
+-  yyerrstatus = 0;
+-  yynerrs = 0;
+-  yychar = YYEMPTY;		/* Cause a token to be read.  */
+-
+-  /* Initialize stack pointers.
+-     Waste one element of value and location stack
+-     so that they stay on the same level as the state stack.
+-     The wasted elements are never initialized.  */
+-
+-  yyssp = yyss;
+-  yyvsp = yyvs;
++  yychar = YYEMPTY; /* Cause a token to be read.  */
+ 
+   goto yysetstate;
+ 
++
+ /*------------------------------------------------------------.
+-| yynewstate -- Push a new state, which is found in yystate.  |
++| yynewstate -- push a new state, which is found in yystate.  |
+ `------------------------------------------------------------*/
+- yynewstate:
++yynewstate:
+   /* In all cases, when you get here, the value and location stacks
+      have just been pushed.  So pushing a state here evens the stacks.  */
+   yyssp++;
+ 
+- yysetstate:
+-  *yyssp = yystate;
++
++/*--------------------------------------------------------------------.
++| yysetstate -- set current state (the top of the stack) to yystate.  |
++`--------------------------------------------------------------------*/
++yysetstate:
++  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
++  YY_ASSERT (0 <= yystate && yystate < YYNSTATES);
++  YY_IGNORE_USELESS_CAST_BEGIN
++  *yyssp = YY_CAST (yy_state_t, yystate);
++  YY_IGNORE_USELESS_CAST_END
++  YY_STACK_PRINT (yyss, yyssp);
+ 
+   if (yyss + yystacksize - 1 <= yyssp)
++#if !defined yyoverflow && !defined YYSTACK_RELOCATE
++    YYNOMEM;
++#else
+     {
+       /* Get the current used size of the three stacks, in elements.  */
+-      YYSIZE_T yysize = yyssp - yyss + 1;
++      YYPTRDIFF_T yysize = yyssp - yyss + 1;
+ 
+-#ifdef yyoverflow
++# if defined yyoverflow
+       {
+-	/* Give user a chance to reallocate the stack.  Use copies of
+-	   these so that the &'s don't force the real ones into
+-	   memory.  */
+-	YYSTYPE *yyvs1 = yyvs;
+-	yytype_int16 *yyss1 = yyss;
+-
+-
+-	/* Each stack pointer address is followed by the size of the
+-	   data in use in that stack, in bytes.  This used to be a
+-	   conditional around just the two extra args, but that might
+-	   be undefined if yyoverflow is a macro.  */
+-	yyoverflow (YY_("memory exhausted"),
+-		    &yyss1, yysize * sizeof (*yyssp),
+-		    &yyvs1, yysize * sizeof (*yyvsp),
+-
+-		    &yystacksize);
+-
+-	yyss = yyss1;
+-	yyvs = yyvs1;
++        /* Give user a chance to reallocate the stack.  Use copies of
++           these so that the &'s don't force the real ones into
++           memory.  */
++        yy_state_t *yyss1 = yyss;
++        YYSTYPE *yyvs1 = yyvs;
++
++        /* Each stack pointer address is followed by the size of the
++           data in use in that stack, in bytes.  This used to be a
++           conditional around just the two extra args, but that might
++           be undefined if yyoverflow is a macro.  */
++        yyoverflow (YY_("memory exhausted"),
++                    &yyss1, yysize * YYSIZEOF (*yyssp),
++                    &yyvs1, yysize * YYSIZEOF (*yyvsp),
++                    &yystacksize);
++        yyss = yyss1;
++        yyvs = yyvs1;
+       }
+-#else /* no yyoverflow */
+-# ifndef YYSTACK_RELOCATE
+-      goto yyexhaustedlab;
+-# else
++# else /* defined YYSTACK_RELOCATE */
+       /* Extend the stack our own way.  */
+       if (YYMAXDEPTH <= yystacksize)
+-	goto yyexhaustedlab;
++        YYNOMEM;
+       yystacksize *= 2;
+       if (YYMAXDEPTH < yystacksize)
+-	yystacksize = YYMAXDEPTH;
++        yystacksize = YYMAXDEPTH;
+ 
+       {
+-	yytype_int16 *yyss1 = yyss;
+-	union yyalloc *yyptr =
+-	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
+-	if (! yyptr)
+-	  goto yyexhaustedlab;
+-	YYSTACK_RELOCATE (yyss);
+-	YYSTACK_RELOCATE (yyvs);
+-
++        yy_state_t *yyss1 = yyss;
++        union yyalloc *yyptr =
++          YY_CAST (union yyalloc *,
++                   YYSTACK_ALLOC (YY_CAST (YYSIZE_T, YYSTACK_BYTES (yystacksize))));
++        if (! yyptr)
++          YYNOMEM;
++        YYSTACK_RELOCATE (yyss_alloc, yyss);
++        YYSTACK_RELOCATE (yyvs_alloc, yyvs);
+ #  undef YYSTACK_RELOCATE
+-	if (yyss1 != yyssa)
+-	  YYSTACK_FREE (yyss1);
++        if (yyss1 != yyssa)
++          YYSTACK_FREE (yyss1);
+       }
+ # endif
+-#endif /* no yyoverflow */
+ 
+       yyssp = yyss + yysize - 1;
+       yyvsp = yyvs + yysize - 1;
+ 
+-
+-      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
+-		  (unsigned long int) yystacksize));
++      YY_IGNORE_USELESS_CAST_BEGIN
++      YYDPRINTF ((stderr, "Stack size increased to %ld\n",
++                  YY_CAST (long, yystacksize)));
++      YY_IGNORE_USELESS_CAST_END
+ 
+       if (yyss + yystacksize - 1 <= yyssp)
+-	YYABORT;
++        YYABORT;
+     }
++#endif /* !defined yyoverflow && !defined YYSTACK_RELOCATE */
+ 
+-  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
++
++  if (yystate == YYFINAL)
++    YYACCEPT;
+ 
+   goto yybackup;
+ 
++
+ /*-----------.
+ | yybackup.  |
+ `-----------*/
+ yybackup:
+-
+   /* Do appropriate processing given the current state.  Read a
+-     look-ahead token if we need one and don't already have one.  */
++     lookahead token if we need one and don't already have one.  */
+ 
+-  /* First try to decide what to do without reference to look-ahead token.  */
++  /* First try to decide what to do without reference to lookahead token.  */
+   yyn = yypact[yystate];
+-  if (yyn == YYPACT_NINF)
++  if (yypact_value_is_default (yyn))
+     goto yydefault;
+ 
+-  /* Not known => get a look-ahead token if don't already have one.  */
++  /* Not known => get a lookahead token if don't already have one.  */
+ 
+-  /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol.  */
++  /* YYCHAR is either empty, or end-of-input, or a valid lookahead.  */
+   if (yychar == YYEMPTY)
+     {
+-      YYDPRINTF ((stderr, "Reading a token: "));
+-      yychar = YYLEX;
++      YYDPRINTF ((stderr, "Reading a token\n"));
++      yychar = yylex ();
+     }
+ 
+   if (yychar <= YYEOF)
+     {
+-      yychar = yytoken = YYEOF;
++      yychar = YYEOF;
++      yytoken = YYSYMBOL_YYEOF;
+       YYDPRINTF ((stderr, "Now at end of input.\n"));
+     }
++  else if (yychar == YYerror)
++    {
++      /* The scanner already issued an error message, process directly
++         to error recovery.  But do not keep the error token as
++         lookahead, it is too special and may lead us to an endless
++         loop in error recovery. */
++      yychar = YYUNDEF;
++      yytoken = YYSYMBOL_YYerror;
++      goto yyerrlab1;
++    }
+   else
+     {
+       yytoken = YYTRANSLATE (yychar);
+@@ -2976,30 +2575,26 @@ yybackup:
+   yyn = yytable[yyn];
+   if (yyn <= 0)
+     {
+-      if (yyn == 0 || yyn == YYTABLE_NINF)
+-	goto yyerrlab;
++      if (yytable_value_is_error (yyn))
++        goto yyerrlab;
+       yyn = -yyn;
+       goto yyreduce;
+     }
+ 
+-  if (yyn == YYFINAL)
+-    YYACCEPT;
+-
+   /* Count tokens shifted since error; after three, turn off error
+      status.  */
+   if (yyerrstatus)
+     yyerrstatus--;
+ 
+-  /* Shift the look-ahead token.  */
++  /* Shift the lookahead token.  */
+   YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
+-
+-  /* Discard the shifted token unless it is eof.  */
+-  if (yychar != YYEOF)
+-    yychar = YYEMPTY;
+-
+   yystate = yyn;
++  YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
+   *++yyvsp = yylval;
++  YY_IGNORE_MAYBE_UNINITIALIZED_END
+ 
++  /* Discard the shifted token.  */
++  yychar = YYEMPTY;
+   goto yynewstate;
+ 
+ 
+@@ -3014,14 +2609,14 @@ yydefault:
+ 
+ 
+ /*-----------------------------.
+-| yyreduce -- Do a reduction.  |
++| yyreduce -- do a reduction.  |
+ `-----------------------------*/
+ yyreduce:
+   /* yyn is the number of a rule to reduce with.  */
+   yylen = yyr2[yyn];
+ 
+   /* If YYLEN is nonzero, implement the default value of the action:
+-     `$$ = $1'.
++     '$$ = $1'.
+ 
+      Otherwise, the following line sets YYVAL to garbage.
+      This behavior is undocumented and Bison
+@@ -3034,9 +2629,9 @@ yyreduce:
+   YY_REDUCE_PRINT (yyn);
+   switch (yyn)
+     {
+-        case 4:
+-#line 578 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 4: /* $@1: %empty  */
++#line 579 "parser.y"
++            {
+             /*
+              * We don't do these in parserEOF() because the parser is reading
+              * ahead and that would be too early.
+@@ -3053,11 +2648,12 @@ yyreduce:
+                 previousFile = NULL;
+             }
+     }
++#line 2652 "../parser.c"
+     break;
+ 
+-  case 55:
+-#line 648 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 55: /* nsstatement: typehdrcode  */
++#line 649 "parser.y"
++                    {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -3065,203 +2661,224 @@ yyreduce:
+                 if (scope == NULL)
+                     yyerror("%TypeHeaderCode can only be used in a namespace, class or mapped type");
+ 
+-                appendCodeBlock(&scope->iff->hdrcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->iff->hdrcode, (yyvsp[0].codeb));
+             }
+         }
++#line 2668 "../parser.c"
+     break;
+ 
+-  case 56:
+-#line 661 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 56: /* defdocstringfmt: TK_DEFDOCSTRFMT defdocstringfmt_args  */
++#line 662 "parser.y"
++                                                      {
+             if (notSkipping())
+-                currentModule->defdocstringfmt = convertFormat((yyvsp[(2) - (2)].defdocstringfmt).name);
++                currentModule->defdocstringfmt = convertFormat((yyvsp[0].defdocstringfmt).name);
+         }
++#line 2677 "../parser.c"
+     break;
+ 
+-  case 57:
+-#line 667 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 57: /* defdocstringfmt_args: TK_STRING_VALUE  */
++#line 668 "parser.y"
++                                        {
+             resetLexerState();
+ 
+-            (yyval.defdocstringfmt).name = (yyvsp[(1) - (1)].text);
++            (yyval.defdocstringfmt).name = (yyvsp[0].text);
+         }
++#line 2687 "../parser.c"
+     break;
+ 
+-  case 58:
+-#line 672 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defdocstringfmt) = (yyvsp[(2) - (3)].defdocstringfmt);
++  case 58: /* defdocstringfmt_args: '(' defdocstringfmt_arg_list ')'  */
++#line 673 "parser.y"
++                                         {
++            (yyval.defdocstringfmt) = (yyvsp[-1].defdocstringfmt);
+         }
++#line 2695 "../parser.c"
+     break;
+ 
+-  case 60:
+-#line 678 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defdocstringfmt) = (yyvsp[(1) - (3)].defdocstringfmt);
++  case 60: /* defdocstringfmt_arg_list: defdocstringfmt_arg_list ',' defdocstringfmt_arg  */
++#line 679 "parser.y"
++                                                         {
++            (yyval.defdocstringfmt) = (yyvsp[-2].defdocstringfmt);
+ 
+-            switch ((yyvsp[(3) - (3)].defdocstringfmt).token)
++            switch ((yyvsp[0].defdocstringfmt).token)
+             {
+-            case TK_NAME: (yyval.defdocstringfmt).name = (yyvsp[(3) - (3)].defdocstringfmt).name; break;
++            case TK_NAME: (yyval.defdocstringfmt).name = (yyvsp[0].defdocstringfmt).name; break;
+             }
+         }
++#line 2708 "../parser.c"
+     break;
+ 
+-  case 61:
+-#line 688 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 61: /* defdocstringfmt_arg: TK_NAME '=' TK_STRING_VALUE  */
++#line 689 "parser.y"
++                                                    {
+             (yyval.defdocstringfmt).token = TK_NAME;
+ 
+-            (yyval.defdocstringfmt).name = (yyvsp[(3) - (3)].text);
++            (yyval.defdocstringfmt).name = (yyvsp[0].text);
+         }
++#line 2718 "../parser.c"
+     break;
+ 
+-  case 62:
+-#line 695 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 62: /* defdocstringsig: TK_DEFDOCSTRSIG defdocstringsig_args  */
++#line 696 "parser.y"
++                                                      {
+             if (notSkipping())
+-                currentModule->defdocstringsig = convertSignature((yyvsp[(2) - (2)].defdocstringsig).name);
++                currentModule->defdocstringsig = convertSignature((yyvsp[0].defdocstringsig).name);
+         }
++#line 2727 "../parser.c"
+     break;
+ 
+-  case 63:
+-#line 701 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 63: /* defdocstringsig_args: TK_STRING_VALUE  */
++#line 702 "parser.y"
++                                        {
+             resetLexerState();
+ 
+-            (yyval.defdocstringsig).name = (yyvsp[(1) - (1)].text);
++            (yyval.defdocstringsig).name = (yyvsp[0].text);
+         }
++#line 2737 "../parser.c"
+     break;
+ 
+-  case 64:
+-#line 706 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defdocstringsig) = (yyvsp[(2) - (3)].defdocstringsig);
++  case 64: /* defdocstringsig_args: '(' defdocstringsig_arg_list ')'  */
++#line 707 "parser.y"
++                                         {
++            (yyval.defdocstringsig) = (yyvsp[-1].defdocstringsig);
+         }
++#line 2745 "../parser.c"
+     break;
+ 
+-  case 66:
+-#line 712 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defdocstringsig) = (yyvsp[(1) - (3)].defdocstringsig);
++  case 66: /* defdocstringsig_arg_list: defdocstringsig_arg_list ',' defdocstringsig_arg  */
++#line 713 "parser.y"
++                                                         {
++            (yyval.defdocstringsig) = (yyvsp[-2].defdocstringsig);
+ 
+-            switch ((yyvsp[(3) - (3)].defdocstringsig).token)
++            switch ((yyvsp[0].defdocstringsig).token)
+             {
+-            case TK_NAME: (yyval.defdocstringsig).name = (yyvsp[(3) - (3)].defdocstringsig).name; break;
++            case TK_NAME: (yyval.defdocstringsig).name = (yyvsp[0].defdocstringsig).name; break;
+             }
+         }
++#line 2758 "../parser.c"
+     break;
+ 
+-  case 67:
+-#line 722 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 67: /* defdocstringsig_arg: TK_NAME '=' TK_STRING_VALUE  */
++#line 723 "parser.y"
++                                                    {
+             (yyval.defdocstringsig).token = TK_NAME;
+ 
+-            (yyval.defdocstringsig).name = (yyvsp[(3) - (3)].text);
++            (yyval.defdocstringsig).name = (yyvsp[0].text);
+         }
++#line 2768 "../parser.c"
+     break;
+ 
+-  case 68:
+-#line 729 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 68: /* defencoding: TK_DEFENCODING defencoding_args  */
++#line 730 "parser.y"
++                                                {
+             if (notSkipping())
+             {
+-                if ((currentModule->encoding = convertEncoding((yyvsp[(2) - (2)].defencoding).name)) == no_type)
++                if ((currentModule->encoding = convertEncoding((yyvsp[0].defencoding).name)) == no_type)
+                     yyerror("The %DefaultEncoding name must be one of \"ASCII\", \"Latin-1\", \"UTF-8\" or \"None\"");
+             }
+         }
++#line 2780 "../parser.c"
+     break;
+ 
+-  case 69:
+-#line 738 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 69: /* defencoding_args: TK_STRING_VALUE  */
++#line 739 "parser.y"
++                                    {
+             resetLexerState();
+ 
+-            (yyval.defencoding).name = (yyvsp[(1) - (1)].text);
++            (yyval.defencoding).name = (yyvsp[0].text);
+         }
++#line 2790 "../parser.c"
+     break;
+ 
+-  case 70:
+-#line 743 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defencoding) = (yyvsp[(2) - (3)].defencoding);
++  case 70: /* defencoding_args: '(' defencoding_arg_list ')'  */
++#line 744 "parser.y"
++                                     {
++            (yyval.defencoding) = (yyvsp[-1].defencoding);
+         }
++#line 2798 "../parser.c"
+     break;
+ 
+-  case 72:
+-#line 749 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defencoding) = (yyvsp[(1) - (3)].defencoding);
++  case 72: /* defencoding_arg_list: defencoding_arg_list ',' defencoding_arg  */
++#line 750 "parser.y"
++                                                 {
++            (yyval.defencoding) = (yyvsp[-2].defencoding);
+ 
+-            switch ((yyvsp[(3) - (3)].defencoding).token)
++            switch ((yyvsp[0].defencoding).token)
+             {
+-            case TK_NAME: (yyval.defencoding).name = (yyvsp[(3) - (3)].defencoding).name; break;
++            case TK_NAME: (yyval.defencoding).name = (yyvsp[0].defencoding).name; break;
+             }
+         }
++#line 2811 "../parser.c"
+     break;
+ 
+-  case 73:
+-#line 759 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 73: /* defencoding_arg: TK_NAME '=' TK_STRING_VALUE  */
++#line 760 "parser.y"
++                                                {
+             (yyval.defencoding).token = TK_NAME;
+ 
+-            (yyval.defencoding).name = (yyvsp[(3) - (3)].text);
++            (yyval.defencoding).name = (yyvsp[0].text);
+         }
++#line 2821 "../parser.c"
+     break;
+ 
+-  case 74:
+-#line 766 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 74: /* plugin: TK_PLUGIN plugin_args  */
++#line 767 "parser.y"
++                                  {
+             /*
+              * Note that %Plugin is internal in SIP v4.  The current thinking
+              * is that it won't be needed for SIP v5.
+              */
+ 
+             if (notSkipping())
+-                appendString(&currentSpec->plugins, (yyvsp[(2) - (2)].plugin).name);
++                appendString(&currentSpec->plugins, (yyvsp[0].plugin).name);
+         }
++#line 2835 "../parser.c"
+     break;
+ 
+-  case 75:
+-#line 777 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 75: /* plugin_args: TK_NAME_VALUE  */
++#line 778 "parser.y"
++                              {
+             resetLexerState();
+ 
+-            (yyval.plugin).name = (yyvsp[(1) - (1)].text);
++            (yyval.plugin).name = (yyvsp[0].text);
+         }
++#line 2845 "../parser.c"
+     break;
+ 
+-  case 76:
+-#line 782 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.plugin) = (yyvsp[(2) - (3)].plugin);
++  case 76: /* plugin_args: '(' plugin_arg_list ')'  */
++#line 783 "parser.y"
++                                {
++            (yyval.plugin) = (yyvsp[-1].plugin);
+         }
++#line 2853 "../parser.c"
+     break;
+ 
+-  case 78:
+-#line 788 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.plugin) = (yyvsp[(1) - (3)].plugin);
++  case 78: /* plugin_arg_list: plugin_arg_list ',' plugin_arg  */
++#line 789 "parser.y"
++                                       {
++            (yyval.plugin) = (yyvsp[-2].plugin);
+ 
+-            switch ((yyvsp[(3) - (3)].plugin).token)
++            switch ((yyvsp[0].plugin).token)
+             {
+-            case TK_NAME: (yyval.plugin).name = (yyvsp[(3) - (3)].plugin).name; break;
++            case TK_NAME: (yyval.plugin).name = (yyvsp[0].plugin).name; break;
+             }
+         }
++#line 2866 "../parser.c"
+     break;
+ 
+-  case 79:
+-#line 798 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 79: /* plugin_arg: TK_NAME '=' TK_NAME_VALUE  */
++#line 799 "parser.y"
++                                      {
+             (yyval.plugin).token = TK_NAME;
+ 
+-            (yyval.plugin).name = (yyvsp[(3) - (3)].text);
++            (yyval.plugin).name = (yyvsp[0].text);
+         }
++#line 2876 "../parser.c"
+     break;
+ 
+-  case 80:
+-#line 805 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if ((yyvsp[(2) - (3)].veh).name == NULL)
++  case 80: /* virterrorhandler: TK_VIRTERRORHANDLER veh_args codeblock  */
++#line 806 "parser.y"
++                                                           {
++            if ((yyvsp[-1].veh).name == NULL)
+                 yyerror("%VirtualErrorHandler must have a 'name' argument");
+ 
+             if (notSkipping())
+@@ -3270,7 +2887,7 @@ yyreduce:
+ 
+                 /* Check there isn't already a handler with the same name. */
+                 for (tailp = &currentSpec->errorhandlers; (veh = *tailp) != NULL; tailp = &veh->next)
+-                    if (strcmp(veh->name, (yyvsp[(2) - (3)].veh).name) == 0)
++                    if (strcmp(veh->name, (yyvsp[-1].veh).name) == 0)
+                         break;
+ 
+                 if (veh != NULL)
+@@ -3278,8 +2895,8 @@ yyreduce:
+ 
+                 veh = sipMalloc(sizeof (virtErrorHandler));
+ 
+-                veh->name = (yyvsp[(2) - (3)].veh).name;
+-                appendCodeBlock(&veh->code, (yyvsp[(3) - (3)].codeb));
++                veh->name = (yyvsp[-1].veh).name;
++                appendCodeBlock(&veh->code, (yyvsp[0].codeb));
+                 veh->mod = currentModule;
+                 veh->index = -1;
+                 veh->next = NULL;
+@@ -3287,62 +2904,67 @@ yyreduce:
+                 *tailp = veh;
+             }
+         }
++#line 2908 "../parser.c"
+     break;
+ 
+-  case 81:
+-#line 834 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 81: /* veh_args: TK_NAME_VALUE  */
++#line 835 "parser.y"
++                           {
+             resetLexerState();
+ 
+-            (yyval.veh).name = (yyvsp[(1) - (1)].text);
++            (yyval.veh).name = (yyvsp[0].text);
+         }
++#line 2918 "../parser.c"
+     break;
+ 
+-  case 82:
+-#line 839 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.veh) = (yyvsp[(2) - (3)].veh);
++  case 82: /* veh_args: '(' veh_arg_list ')'  */
++#line 840 "parser.y"
++                             {
++            (yyval.veh) = (yyvsp[-1].veh);
+         }
++#line 2926 "../parser.c"
+     break;
+ 
+-  case 84:
+-#line 845 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.veh) = (yyvsp[(1) - (3)].veh);
++  case 84: /* veh_arg_list: veh_arg_list ',' veh_arg  */
++#line 846 "parser.y"
++                                 {
++            (yyval.veh) = (yyvsp[-2].veh);
+ 
+-            switch ((yyvsp[(3) - (3)].veh).token)
++            switch ((yyvsp[0].veh).token)
+             {
+-            case TK_NAME: (yyval.veh).name = (yyvsp[(3) - (3)].veh).name; break;
++            case TK_NAME: (yyval.veh).name = (yyvsp[0].veh).name; break;
+             }
+         }
++#line 2939 "../parser.c"
+     break;
+ 
+-  case 85:
+-#line 855 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 85: /* veh_arg: TK_NAME '=' TK_NAME_VALUE  */
++#line 856 "parser.y"
++                                   {
+             (yyval.veh).token = TK_NAME;
+ 
+-            (yyval.veh).name = (yyvsp[(3) - (3)].text);
++            (yyval.veh).name = (yyvsp[0].text);
+         }
++#line 2949 "../parser.c"
+     break;
+ 
+-  case 86:
+-#line 862 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 86: /* api: TK_API api_args  */
++#line 863 "parser.y"
++                        {
+             if (notSkipping())
+             {
+                 apiVersionRangeDef *avd;
+ 
+-                if (findAPI(currentSpec, (yyvsp[(2) - (2)].api).name) != NULL)
++                if (findAPI(currentSpec, (yyvsp[0].api).name) != NULL)
+                     yyerror("The API name in the %API directive has already been defined");
+ 
+-                if ((yyvsp[(2) - (2)].api).version < 1)
++                if ((yyvsp[0].api).version < 1)
+                     yyerror("The version number in the %API directive must be greater than or equal to 1");
+ 
+                 avd = sipMalloc(sizeof (apiVersionRangeDef));
+ 
+-                avd->api_name = cacheName(currentSpec, (yyvsp[(2) - (2)].api).name);
+-                avd->from = (yyvsp[(2) - (2)].api).version;
++                avd->api_name = cacheName(currentSpec, (yyvsp[0].api).name);
++                avd->from = (yyvsp[0].api).version;
+                 avd->to = -1;
+ 
+                 avd->next = currentModule->api_versions;
+@@ -3352,63 +2974,69 @@ yyreduce:
+                     setIsUsedName(avd->api_name);
+             }
+         }
++#line 2978 "../parser.c"
+     break;
+ 
+-  case 87:
+-#line 888 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 87: /* api_args: TK_NAME_VALUE TK_NUMBER_VALUE  */
++#line 889 "parser.y"
++                                          {
+             resetLexerState();
+ 
+             deprecated("%API name and version number should be specified using the 'name' and 'version' arguments");
+ 
+-            (yyval.api).name = (yyvsp[(1) - (2)].text);
+-            (yyval.api).version = (yyvsp[(2) - (2)].number);
++            (yyval.api).name = (yyvsp[-1].text);
++            (yyval.api).version = (yyvsp[0].number);
+         }
++#line 2991 "../parser.c"
+     break;
+ 
+-  case 88:
+-#line 896 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.api) = (yyvsp[(2) - (3)].api);
++  case 88: /* api_args: '(' api_arg_list ')'  */
++#line 897 "parser.y"
++                             {
++            (yyval.api) = (yyvsp[-1].api);
+         }
++#line 2999 "../parser.c"
+     break;
+ 
+-  case 90:
+-#line 902 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.api) = (yyvsp[(1) - (3)].api);
++  case 90: /* api_arg_list: api_arg_list ',' api_arg  */
++#line 903 "parser.y"
++                                 {
++            (yyval.api) = (yyvsp[-2].api);
+ 
+-            switch ((yyvsp[(3) - (3)].api).token)
++            switch ((yyvsp[0].api).token)
+             {
+-            case TK_NAME: (yyval.api).name = (yyvsp[(3) - (3)].api).name; break;
+-            case TK_VERSION: (yyval.api).version = (yyvsp[(3) - (3)].api).version; break;
++            case TK_NAME: (yyval.api).name = (yyvsp[0].api).name; break;
++            case TK_VERSION: (yyval.api).version = (yyvsp[0].api).version; break;
+             }
+         }
++#line 3013 "../parser.c"
+     break;
+ 
+-  case 91:
+-#line 913 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 91: /* api_arg: TK_NAME '=' name_or_string  */
++#line 914 "parser.y"
++                                       {
+             (yyval.api).token = TK_NAME;
+ 
+-            (yyval.api).name = (yyvsp[(3) - (3)].text);
++            (yyval.api).name = (yyvsp[0].text);
+             (yyval.api).version = 0;
+         }
++#line 3024 "../parser.c"
+     break;
+ 
+-  case 92:
+-#line 919 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 92: /* api_arg: TK_VERSION '=' TK_NUMBER_VALUE  */
++#line 920 "parser.y"
++                                       {
+             (yyval.api).token = TK_VERSION;
+ 
+             (yyval.api).name = NULL;
+-            (yyval.api).version = (yyvsp[(3) - (3)].number);
++            (yyval.api).version = (yyvsp[0].number);
+         }
++#line 3035 "../parser.c"
+     break;
+ 
+-  case 93:
+-#line 927 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 93: /* exception: TK_EXCEPTION scopedname baseexception optflags exception_body  */
++#line 928 "parser.y"
++                                                                          {
+             if (notSkipping())
+             {
+                 static const char *annos[] = {
+@@ -3420,20 +3048,20 @@ yyreduce:
+                 exceptionDef *xd;
+                 const char *pyname;
+ 
+-                checkAnnos(&(yyvsp[(4) - (5)].optflags), annos);
++                checkAnnos(&(yyvsp[-1].optflags), annos);
+ 
+                 if (currentSpec->genc)
+                     yyerror("%Exception not allowed in a C module");
+ 
+-                if ((yyvsp[(5) - (5)].exception).raise_code == NULL)
++                if ((yyvsp[0].exception).raise_code == NULL)
+                     yyerror("%Exception must have a %RaiseCode sub-directive");
+ 
+-                pyname = getPythonName(currentModule, &(yyvsp[(4) - (5)].optflags), scopedNameTail((yyvsp[(2) - (5)].scpvalp)));
++                pyname = getPythonName(currentModule, &(yyvsp[-1].optflags), scopedNameTail((yyvsp[-3].scpvalp)));
+ 
+                 checkAttributes(currentSpec, currentModule, NULL, NULL,
+                         pyname, FALSE);
+ 
+-                xd = findException(currentSpec, (yyvsp[(2) - (5)].scpvalp), TRUE);
++                xd = findException(currentSpec, (yyvsp[-3].scpvalp), TRUE);
+ 
+                 if (xd->cd != NULL)
+                     yyerror("%Exception name has already been seen as a class name - it must be defined before being used");
+@@ -3443,29 +3071,31 @@ yyreduce:
+ 
+                 /* Complete the definition. */
+                 xd->iff->module = currentModule;
+-                appendCodeBlock(&xd->iff->hdrcode, (yyvsp[(5) - (5)].exception).type_header_code);
++                appendCodeBlock(&xd->iff->hdrcode, (yyvsp[0].exception).type_header_code);
+                 xd->pyname = pyname;
+-                xd->bibase = (yyvsp[(3) - (5)].exceptionbase).bibase;
+-                xd->base = (yyvsp[(3) - (5)].exceptionbase).base;
+-                appendCodeBlock(&xd->raisecode, (yyvsp[(5) - (5)].exception).raise_code);
++                xd->bibase = (yyvsp[-2].exceptionbase).bibase;
++                xd->base = (yyvsp[-2].exceptionbase).base;
++                appendCodeBlock(&xd->raisecode, (yyvsp[0].exception).raise_code);
+ 
+-                if (getOptFlag(&(yyvsp[(4) - (5)].optflags), "Default", bool_flag) != NULL)
++                if (getOptFlag(&(yyvsp[-1].optflags), "Default", bool_flag) != NULL)
+                     currentModule->defexception = xd;
+             }
+         }
++#line 3085 "../parser.c"
+     break;
+ 
+-  case 94:
+-#line 974 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 94: /* baseexception: %empty  */
++#line 975 "parser.y"
++                {
+             (yyval.exceptionbase).bibase = NULL;
+             (yyval.exceptionbase).base = NULL;
+         }
++#line 3094 "../parser.c"
+     break;
+ 
+-  case 95:
+-#line 978 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 95: /* baseexception: '(' scopedname ')'  */
++#line 979 "parser.y"
++                           {
+             exceptionDef *xd;
+ 
+             (yyval.exceptionbase).bibase = NULL;
+@@ -3473,13 +3103,13 @@ yyreduce:
+ 
+             /* See if it is a defined exception. */
+             for (xd = currentSpec->exceptions; xd != NULL; xd = xd->next)
+-                if (compareScopedNames(xd->iff->fqcname, (yyvsp[(2) - (3)].scpvalp)) == 0)
++                if (compareScopedNames(xd->iff->fqcname, (yyvsp[-1].scpvalp)) == 0)
+                 {
+                     (yyval.exceptionbase).base = xd;
+                     break;
+                 }
+ 
+-            if (xd == NULL && (yyvsp[(2) - (3)].scpvalp)->next == NULL && strncmp((yyvsp[(2) - (3)].scpvalp)->name, "SIP_", 4) == 0)
++            if (xd == NULL && (yyvsp[-1].scpvalp)->next == NULL && strncmp((yyvsp[-1].scpvalp)->name, "SIP_", 4) == 0)
+             {
+                 /* See if it is a builtin exception. */
+ 
+@@ -3560,7 +3190,7 @@ yyreduce:
+                 char **cp;
+ 
+                 for (cp = builtins; *cp != NULL; ++cp)
+-                    if (strcmp((yyvsp[(2) - (3)].scpvalp)->name + 4, *cp) == 0)
++                    if (strcmp((yyvsp[-1].scpvalp)->name + 4, *cp) == 0)
+                     {
+                         (yyval.exceptionbase).bibase = *cp;
+                         break;
+@@ -3570,49 +3200,54 @@ yyreduce:
+             if ((yyval.exceptionbase).bibase == NULL && (yyval.exceptionbase).base == NULL)
+                 yyerror("Unknown exception base type");
+         }
++#line 3204 "../parser.c"
+     break;
+ 
+-  case 96:
+-#line 1085 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.exception) = (yyvsp[(2) - (4)].exception);
++  case 96: /* exception_body: '{' exception_body_directives '}' ';'  */
++#line 1086 "parser.y"
++                                                      {
++            (yyval.exception) = (yyvsp[-2].exception);
+         }
++#line 3212 "../parser.c"
+     break;
+ 
+-  case 98:
+-#line 1091 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.exception) = (yyvsp[(1) - (2)].exception);
++  case 98: /* exception_body_directives: exception_body_directives exception_body_directive  */
++#line 1092 "parser.y"
++                                                           {
++            (yyval.exception) = (yyvsp[-1].exception);
+ 
+-            switch ((yyvsp[(2) - (2)].exception).token)
++            switch ((yyvsp[0].exception).token)
+             {
+-            case TK_RAISECODE: (yyval.exception).raise_code = (yyvsp[(2) - (2)].exception).raise_code; break;
+-            case TK_TYPEHEADERCODE: (yyval.exception).type_header_code = (yyvsp[(2) - (2)].exception).type_header_code; break;
++            case TK_RAISECODE: (yyval.exception).raise_code = (yyvsp[0].exception).raise_code; break;
++            case TK_TYPEHEADERCODE: (yyval.exception).type_header_code = (yyvsp[0].exception).type_header_code; break;
+             }
+         }
++#line 3226 "../parser.c"
+     break;
+ 
+-  case 99:
+-#line 1102 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 99: /* exception_body_directive: ifstart  */
++#line 1103 "parser.y"
++                                   {
+             (yyval.exception).token = TK_IF;
+         }
++#line 3234 "../parser.c"
+     break;
+ 
+-  case 100:
+-#line 1105 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 100: /* exception_body_directive: ifend  */
++#line 1106 "parser.y"
++              {
+             (yyval.exception).token = TK_END;
+         }
++#line 3242 "../parser.c"
+     break;
+ 
+-  case 101:
+-#line 1108 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 101: /* exception_body_directive: raisecode  */
++#line 1109 "parser.y"
++                  {
+             if (notSkipping())
+             {
+                 (yyval.exception).token = TK_RAISECODE;
+-                (yyval.exception).raise_code = (yyvsp[(1) - (1)].codeb);
++                (yyval.exception).raise_code = (yyvsp[0].codeb);
+             }
+             else
+             {
+@@ -3622,15 +3257,16 @@ yyreduce:
+ 
+             (yyval.exception).type_header_code = NULL;
+         }
++#line 3261 "../parser.c"
+     break;
+ 
+-  case 102:
+-#line 1122 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 102: /* exception_body_directive: typehdrcode  */
++#line 1123 "parser.y"
++                    {
+             if (notSkipping())
+             {
+                 (yyval.exception).token = TK_TYPEHEADERCODE;
+-                (yyval.exception).type_header_code = (yyvsp[(1) - (1)].codeb);
++                (yyval.exception).type_header_code = (yyvsp[0].codeb);
+             }
+             else
+             {
+@@ -3640,18 +3276,20 @@ yyreduce:
+ 
+             (yyval.exception).raise_code = NULL;
+         }
++#line 3280 "../parser.c"
+     break;
+ 
+-  case 103:
+-#line 1138 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 103: /* raisecode: TK_RAISECODE codeblock  */
++#line 1139 "parser.y"
++                                   {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 3288 "../parser.c"
+     break;
+ 
+-  case 104:
+-#line 1143 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 104: /* $@2: %empty  */
++#line 1144 "parser.y"
++                                            {
+             if (notSkipping())
+             {
+                 static const char *annos[] = {
+@@ -3667,16 +3305,17 @@ yyreduce:
+                     NULL
+                 };
+ 
+-                checkAnnos(&(yyvsp[(3) - (3)].optflags), annos);
++                checkAnnos(&(yyvsp[0].optflags), annos);
+ 
+-                currentMappedType = newMappedType(currentSpec, &(yyvsp[(2) - (3)].memArg), &(yyvsp[(3) - (3)].optflags));
++                currentMappedType = newMappedType(currentSpec, &(yyvsp[-1].memArg), &(yyvsp[0].optflags));
+             }
+         }
++#line 3314 "../parser.c"
+     break;
+ 
+-  case 106:
+-#line 1166 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 106: /* $@3: %empty  */
++#line 1167 "parser.y"
++                                                         {
+             if (notSkipping())
+             {
+                 static const char *annos[] = {
+@@ -3694,7 +3333,7 @@ yyreduce:
+                 mappedTypeTmplDef *mtt;
+                 ifaceFileDef *iff;
+ 
+-                checkAnnos(&(yyvsp[(4) - (4)].optflags), annos);
++                checkAnnos(&(yyvsp[0].optflags), annos);
+ 
+                 if (currentSpec->genc)
+                     yyerror("%MappedType templates not allowed in a C module");
+@@ -3703,32 +3342,32 @@ yyreduce:
+                  * Check the template arguments are basic types or simple
+                  * names.
+                  */
+-                for (a = 0; a < (yyvsp[(1) - (4)].signature).nrArgs; ++a)
++                for (a = 0; a < (yyvsp[-3].signature).nrArgs; ++a)
+                 {
+-                    argDef *ad = &(yyvsp[(1) - (4)].signature).args[a];
++                    argDef *ad = &(yyvsp[-3].signature).args[a];
+ 
+                     if (ad->atype == defined_type && ad->u.snd->next != NULL)
+                         yyerror("%MappedType template arguments must be simple names");
+                 }
+ 
+-                if ((yyvsp[(3) - (4)].memArg).atype != template_type)
++                if ((yyvsp[-1].memArg).atype != template_type)
+                     yyerror("%MappedType template must map a template type");
+ 
+-                (yyvsp[(3) - (4)].memArg).u.td->fqname  = fullyQualifiedName((yyvsp[(3) - (4)].memArg).u.td->fqname);
++                (yyvsp[-1].memArg).u.td->fqname  = fullyQualifiedName((yyvsp[-1].memArg).u.td->fqname);
+ 
+                 /* Check a template hasn't already been provided. */
+                 for (mtt = currentSpec->mappedtypetemplates; mtt != NULL; mtt = mtt->next)
+-                    if (compareScopedNames(mtt->mt->type.u.td->fqname, (yyvsp[(3) - (4)].memArg).u.td->fqname ) == 0 && sameTemplateSignature(&mtt->mt->type.u.td->types, &(yyvsp[(3) - (4)].memArg).u.td->types, TRUE))
++                    if (compareScopedNames(mtt->mt->type.u.td->fqname, (yyvsp[-1].memArg).u.td->fqname ) == 0 && sameTemplateSignature(&mtt->mt->type.u.td->types, &(yyvsp[-1].memArg).u.td->types, TRUE))
+                         yyerror("%MappedType template for this type has already been defined");
+ 
+-                (yyvsp[(3) - (4)].memArg).nrderefs = 0;
+-                (yyvsp[(3) - (4)].memArg).argflags = 0;
++                (yyvsp[-1].memArg).nrderefs = 0;
++                (yyvsp[-1].memArg).argflags = 0;
+ 
+                 mtt = sipMalloc(sizeof (mappedTypeTmplDef));
+ 
+-                mtt->sig = (yyvsp[(1) - (4)].signature);
+-                mtt->mt = allocMappedType(currentSpec, &(yyvsp[(3) - (4)].memArg));
+-                mappedTypeAnnos(mtt->mt, &(yyvsp[(4) - (4)].optflags));
++                mtt->sig = (yyvsp[-3].signature);
++                mtt->mt = allocMappedType(currentSpec, &(yyvsp[-1].memArg));
++                mappedTypeAnnos(mtt->mt, &(yyvsp[0].optflags));
+                 mtt->next = currentSpec->mappedtypetemplates;
+ 
+                 currentSpec->mappedtypetemplates = mtt;
+@@ -3741,11 +3380,12 @@ yyreduce:
+                 mtt->mt->iff = iff;
+             }
+         }
++#line 3384 "../parser.c"
+     break;
+ 
+-  case 108:
+-#line 1233 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 108: /* mtdefinition: '{' mtbody '}' ';'  */
++#line 1234 "parser.y"
++                                   {
+             if (notSkipping())
+             {
+                 if (currentMappedType->convfromcode == NULL)
+@@ -3757,83 +3397,90 @@ yyreduce:
+                 currentMappedType = NULL;
+             }
+         }
++#line 3401 "../parser.c"
+     break;
+ 
+-  case 113:
+-#line 1253 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 113: /* mtline: typehdrcode  */
++#line 1254 "parser.y"
++                    {
+             if (notSkipping())
+-                appendCodeBlock(&currentMappedType->iff->hdrcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&currentMappedType->iff->hdrcode, (yyvsp[0].codeb));
+         }
++#line 3410 "../parser.c"
+     break;
+ 
+-  case 114:
+-#line 1257 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 114: /* mtline: typecode  */
++#line 1258 "parser.y"
++                 {
+             if (notSkipping())
+-                appendCodeBlock(&currentMappedType->typecode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&currentMappedType->typecode, (yyvsp[0].codeb));
+         }
++#line 3419 "../parser.c"
+     break;
+ 
+-  case 115:
+-#line 1261 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 115: /* mtline: TK_FROMTYPE codeblock  */
++#line 1262 "parser.y"
++                              {
+             if (notSkipping())
+             {
+                 if (currentMappedType->convfromcode != NULL)
+                     yyerror("%MappedType has more than one %ConvertFromTypeCode directive");
+ 
+-                appendCodeBlock(&currentMappedType->convfromcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentMappedType->convfromcode, (yyvsp[0].codeb));
+             }
+         }
++#line 3433 "../parser.c"
+     break;
+ 
+-  case 116:
+-#line 1270 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 116: /* mtline: TK_TOTYPE codeblock  */
++#line 1271 "parser.y"
++                            {
+             if (notSkipping())
+             {
+                 if (currentMappedType->convtocode != NULL)
+                     yyerror("%MappedType has more than one %ConvertToTypeCode directive");
+ 
+-                appendCodeBlock(&currentMappedType->convtocode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentMappedType->convtocode, (yyvsp[0].codeb));
+             }
+         }
++#line 3447 "../parser.c"
+     break;
+ 
+-  case 117:
+-#line 1279 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 117: /* mtline: instancecode  */
++#line 1280 "parser.y"
++                     {
+             if (notSkipping())
+             {
+                 if (currentMappedType->instancecode != NULL)
+                     yyerror("%MappedType has more than one %InstanceCode directive");
+ 
+-                appendCodeBlock(&currentMappedType->instancecode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&currentMappedType->instancecode, (yyvsp[0].codeb));
+             }
+         }
++#line 3461 "../parser.c"
+     break;
+ 
+-  case 120:
+-#line 1292 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 120: /* mtfunction: TK_STATIC cpptype TK_NAME_VALUE '(' arglist ')' optconst optexceptions optflags optsig ';' optdocstring premethodcode methodcode  */
++#line 1293 "parser.y"
++                                                                                                                                             {
+             if (notSkipping())
+             {
+-                applyTypeFlags(currentModule, &(yyvsp[(2) - (14)].memArg), &(yyvsp[(9) - (14)].optflags));
++                applyTypeFlags(currentModule, &(yyvsp[-12].memArg), &(yyvsp[-5].optflags));
+ 
+-                (yyvsp[(5) - (14)].signature).result = (yyvsp[(2) - (14)].memArg);
++                (yyvsp[-9].signature).result = (yyvsp[-12].memArg);
+ 
+                 newFunction(currentSpec, currentModule, NULL, NULL,
+-                        currentMappedType, 0, TRUE, FALSE, FALSE, FALSE, (yyvsp[(3) - (14)].text),
+-                        &(yyvsp[(5) - (14)].signature), (yyvsp[(7) - (14)].number), FALSE, &(yyvsp[(9) - (14)].optflags), (yyvsp[(14) - (14)].codeb), NULL, NULL, (yyvsp[(8) - (14)].throwlist), (yyvsp[(10) - (14)].optsignature), (yyvsp[(12) - (14)].docstr),
+-                        FALSE, (yyvsp[(13) - (14)].codeb));
++                        currentMappedType, 0, TRUE, FALSE, FALSE, FALSE, (yyvsp[-11].text),
++                        &(yyvsp[-9].signature), (yyvsp[-7].number), FALSE, &(yyvsp[-5].optflags), (yyvsp[0].codeb), NULL, NULL, (yyvsp[-6].throwlist), (yyvsp[-4].optsignature), (yyvsp[-2].docstr),
++                        FALSE, (yyvsp[-1].codeb));
+             }
+         }
++#line 3479 "../parser.c"
+     break;
+ 
+-  case 121:
+-#line 1307 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 121: /* $@4: %empty  */
++#line 1308 "parser.y"
++                                       {
+             if (currentSpec -> genc)
+                 yyerror("namespace definition not allowed in a C module");
+ 
+@@ -3848,18 +3495,19 @@ yyreduce:
+                     scope = NULL;
+ 
+                 ns = newClass(currentSpec, namespace_iface, NULL,
+-                        text2scopedName(scope, (yyvsp[(2) - (2)].text)), NULL, NULL, NULL, NULL);
++                        text2scopedName(scope, (yyvsp[0].text)), NULL, NULL, NULL, NULL);
+ 
+                 pushScope(ns);
+ 
+                 sectionFlags = 0;
+             }
+         }
++#line 3506 "../parser.c"
+     break;
+ 
+-  case 122:
+-#line 1328 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 122: /* namespace: TK_NAMESPACE TK_NAME_VALUE $@4 optnsbody ';'  */
++#line 1329 "parser.y"
++                        {
+             if (notSkipping())
+             {
+                 if (inMainModule())
+@@ -3873,11 +3521,12 @@ yyreduce:
+                 popScope();
+             }
+         }
++#line 3525 "../parser.c"
+     break;
+ 
+-  case 127:
+-#line 1352 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 127: /* $@5: %empty  */
++#line 1353 "parser.y"
++                         {
+             if (notSkipping())
+             {
+                 qualDef *qd;
+@@ -3887,11 +3536,12 @@ yyreduce:
+                         yyerror("%Platforms has already been defined for this module");
+             }
+         }
++#line 3540 "../parser.c"
+     break;
+ 
+-  case 128:
+-#line 1362 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 128: /* platforms: TK_PLATFORMS $@5 '{' platformlist '}'  */
++#line 1363 "parser.y"
++                             {
+             if (notSkipping())
+             {
+                 qualDef *qd;
+@@ -3908,71 +3558,79 @@ yyreduce:
+                     yyerror("No more than one of these %Platforms must be specified with the -t flag");
+             }
+         }
++#line 3562 "../parser.c"
+     break;
+ 
+-  case 131:
+-#line 1385 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            newQualifier(currentModule, -1, -1, notSkipping(), (yyvsp[(1) - (1)].text),
++  case 131: /* platform: TK_NAME_VALUE  */
++#line 1386 "parser.y"
++                          {
++            newQualifier(currentModule, -1, -1, notSkipping(), (yyvsp[0].text),
+                     platform_qualifier);
+         }
++#line 3571 "../parser.c"
+     break;
+ 
+-  case 132:
+-#line 1391 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            newQualifier(currentModule, -1, -1, notSkipping(), (yyvsp[(2) - (2)].feature).name,
++  case 132: /* feature: TK_FEATURE feature_args  */
++#line 1392 "parser.y"
++                                    {
++            newQualifier(currentModule, -1, -1, notSkipping(), (yyvsp[0].feature).name,
+                     feature_qualifier);
+         }
++#line 3580 "../parser.c"
+     break;
+ 
+-  case 133:
+-#line 1397 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 133: /* feature_args: TK_NAME_VALUE  */
++#line 1398 "parser.y"
++                              {
+             resetLexerState();
+ 
+-            (yyval.feature).name = (yyvsp[(1) - (1)].text);
++            (yyval.feature).name = (yyvsp[0].text);
+         }
++#line 3590 "../parser.c"
+     break;
+ 
+-  case 134:
+-#line 1402 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.feature) = (yyvsp[(2) - (3)].feature);
++  case 134: /* feature_args: '(' feature_arg_list ')'  */
++#line 1403 "parser.y"
++                                 {
++            (yyval.feature) = (yyvsp[-1].feature);
+         }
++#line 3598 "../parser.c"
+     break;
+ 
+-  case 136:
+-#line 1408 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.feature) = (yyvsp[(1) - (3)].feature);
++  case 136: /* feature_arg_list: feature_arg_list ',' feature_arg  */
++#line 1409 "parser.y"
++                                         {
++            (yyval.feature) = (yyvsp[-2].feature);
+ 
+-            switch ((yyvsp[(3) - (3)].feature).token)
++            switch ((yyvsp[0].feature).token)
+             {
+-            case TK_NAME: (yyval.feature).name = (yyvsp[(3) - (3)].feature).name; break;
++            case TK_NAME: (yyval.feature).name = (yyvsp[0].feature).name; break;
+             }
+         }
++#line 3611 "../parser.c"
+     break;
+ 
+-  case 137:
+-#line 1418 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 137: /* feature_arg: TK_NAME '=' name_or_string  */
++#line 1419 "parser.y"
++                                           {
+             (yyval.feature).token = TK_NAME;
+ 
+-            (yyval.feature).name = (yyvsp[(3) - (3)].text);
++            (yyval.feature).name = (yyvsp[0].text);
+         }
++#line 3621 "../parser.c"
+     break;
+ 
+-  case 138:
+-#line 1425 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 138: /* $@6: %empty  */
++#line 1426 "parser.y"
++                        {
+             currentTimelineOrder = 0;
+         }
++#line 3629 "../parser.c"
+     break;
+ 
+-  case 139:
+-#line 1428 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 139: /* timeline: TK_TIMELINE $@6 '{' qualifierlist '}'  */
++#line 1429 "parser.y"
++                              {
+             if (notSkipping())
+             {
+                 qualDef *qd;
+@@ -3993,129 +3651,140 @@ yyreduce:
+                 currentModule->nrtimelines++;
+             }
+         }
++#line 3655 "../parser.c"
+     break;
+ 
+-  case 142:
+-#line 1455 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 142: /* qualifiername: TK_NAME_VALUE  */
++#line 1456 "parser.y"
++                              {
+             newQualifier(currentModule, currentModule->nrtimelines,
+-                    currentTimelineOrder++, TRUE, (yyvsp[(1) - (1)].text), time_qualifier);
++                    currentTimelineOrder++, TRUE, (yyvsp[0].text), time_qualifier);
+         }
++#line 3664 "../parser.c"
+     break;
+ 
+-  case 143:
+-#line 1461 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 143: /* $@7: %empty  */
++#line 1462 "parser.y"
++                      {
+             currentPlatforms = NULL;
+         }
++#line 3672 "../parser.c"
+     break;
+ 
+-  case 144:
+-#line 1463 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 144: /* ifstart: TK_IF '(' $@7 qualifiers ')'  */
++#line 1464 "parser.y"
++                         {
+             if (stackPtr >= MAX_NESTED_IF)
+                 yyerror("Internal error: increase the value of MAX_NESTED_IF");
+ 
+             /* Nested %Ifs are implicit logical ands. */
+ 
+             if (stackPtr > 0)
+-                (yyvsp[(4) - (5)].boolean) = ((yyvsp[(4) - (5)].boolean) && skipStack[stackPtr - 1]);
++                (yyvsp[-1].boolean) = ((yyvsp[-1].boolean) && skipStack[stackPtr - 1]);
+ 
+-            skipStack[stackPtr] = (yyvsp[(4) - (5)].boolean);
++            skipStack[stackPtr] = (yyvsp[-1].boolean);
+ 
+             platformStack[stackPtr] = currentPlatforms;
+ 
+             ++stackPtr;
+         }
++#line 3692 "../parser.c"
+     break;
+ 
+-  case 145:
+-#line 1480 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.boolean) = platOrFeature((yyvsp[(1) - (1)].text), FALSE);
++  case 145: /* oredqualifiers: TK_NAME_VALUE  */
++#line 1481 "parser.y"
++                              {
++            (yyval.boolean) = platOrFeature((yyvsp[0].text), FALSE);
+         }
++#line 3700 "../parser.c"
+     break;
+ 
+-  case 146:
+-#line 1483 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.boolean) = platOrFeature((yyvsp[(2) - (2)].text), TRUE);
++  case 146: /* oredqualifiers: '!' TK_NAME_VALUE  */
++#line 1484 "parser.y"
++                          {
++            (yyval.boolean) = platOrFeature((yyvsp[0].text), TRUE);
+         }
++#line 3708 "../parser.c"
+     break;
+ 
+-  case 147:
+-#line 1486 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.boolean) = (platOrFeature((yyvsp[(3) - (3)].text), FALSE) || (yyvsp[(1) - (3)].boolean));
++  case 147: /* oredqualifiers: oredqualifiers TK_LOGICAL_OR TK_NAME_VALUE  */
++#line 1487 "parser.y"
++                                                   {
++            (yyval.boolean) = (platOrFeature((yyvsp[0].text), FALSE) || (yyvsp[-2].boolean));
+         }
++#line 3716 "../parser.c"
+     break;
+ 
+-  case 148:
+-#line 1489 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.boolean) = (platOrFeature((yyvsp[(4) - (4)].text), TRUE) || (yyvsp[(1) - (4)].boolean));
++  case 148: /* oredqualifiers: oredqualifiers TK_LOGICAL_OR '!' TK_NAME_VALUE  */
++#line 1490 "parser.y"
++                                                       {
++            (yyval.boolean) = (platOrFeature((yyvsp[0].text), TRUE) || (yyvsp[-3].boolean));
+         }
++#line 3724 "../parser.c"
+     break;
+ 
+-  case 150:
+-#line 1495 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.boolean) = timePeriod((yyvsp[(1) - (3)].text), (yyvsp[(3) - (3)].text));
++  case 150: /* qualifiers: optname '-' optname  */
++#line 1496 "parser.y"
++                            {
++            (yyval.boolean) = timePeriod((yyvsp[-2].text), (yyvsp[0].text));
+         }
++#line 3732 "../parser.c"
+     break;
+ 
+-  case 151:
+-#line 1500 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 151: /* ifend: TK_END  */
++#line 1501 "parser.y"
++                   {
+             if (stackPtr-- <= 0)
+                 yyerror("Too many %End directives");
+ 
+             currentPlatforms = (stackPtr == 0 ? NULL : platformStack[stackPtr - 1]);
+         }
++#line 3743 "../parser.c"
+     break;
+ 
+-  case 152:
+-#line 1508 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 152: /* license: TK_LICENSE license_args optflags  */
++#line 1509 "parser.y"
++                                             {
+             optFlag *of;
+ 
+-            if ((yyvsp[(3) - (3)].optflags).nrFlags != 0)
++            if ((yyvsp[0].optflags).nrFlags != 0)
+                 deprecated("%License annotations are deprecated, use arguments instead");
+ 
+-            if ((yyvsp[(2) - (3)].license).type == NULL)
+-                if ((of = getOptFlag(&(yyvsp[(3) - (3)].optflags), "Type", string_flag)) != NULL)
+-                    (yyvsp[(2) - (3)].license).type = of->fvalue.sval;
+-
+-            if ((yyvsp[(2) - (3)].license).licensee == NULL)
+-                if ((of = getOptFlag(&(yyvsp[(3) - (3)].optflags), "Licensee", string_flag)) != NULL)
+-                    (yyvsp[(2) - (3)].license).licensee = of->fvalue.sval;
+-
+-            if ((yyvsp[(2) - (3)].license).signature == NULL)
+-                if ((of = getOptFlag(&(yyvsp[(3) - (3)].optflags), "Signature", string_flag)) != NULL)
+-                    (yyvsp[(2) - (3)].license).signature = of->fvalue.sval;
+-
+-            if ((yyvsp[(2) - (3)].license).timestamp == NULL)
+-                if ((of = getOptFlag(&(yyvsp[(3) - (3)].optflags), "Timestamp", string_flag)) != NULL)
+-                    (yyvsp[(2) - (3)].license).timestamp = of->fvalue.sval;
++            if ((yyvsp[-1].license).type == NULL)
++                if ((of = getOptFlag(&(yyvsp[0].optflags), "Type", string_flag)) != NULL)
++                    (yyvsp[-1].license).type = of->fvalue.sval;
++
++            if ((yyvsp[-1].license).licensee == NULL)
++                if ((of = getOptFlag(&(yyvsp[0].optflags), "Licensee", string_flag)) != NULL)
++                    (yyvsp[-1].license).licensee = of->fvalue.sval;
++
++            if ((yyvsp[-1].license).signature == NULL)
++                if ((of = getOptFlag(&(yyvsp[0].optflags), "Signature", string_flag)) != NULL)
++                    (yyvsp[-1].license).signature = of->fvalue.sval;
++
++            if ((yyvsp[-1].license).timestamp == NULL)
++                if ((of = getOptFlag(&(yyvsp[0].optflags), "Timestamp", string_flag)) != NULL)
++                    (yyvsp[-1].license).timestamp = of->fvalue.sval;
+ 
+-            if ((yyvsp[(2) - (3)].license).type == NULL)
++            if ((yyvsp[-1].license).type == NULL)
+                 yyerror("%License must have a 'type' argument");
+ 
+             if (notSkipping())
+             {
+                 currentModule->license = sipMalloc(sizeof (licenseDef));
+ 
+-                currentModule->license->type = (yyvsp[(2) - (3)].license).type;
+-                currentModule->license->licensee = (yyvsp[(2) - (3)].license).licensee;
+-                currentModule->license->sig = (yyvsp[(2) - (3)].license).signature;
+-                currentModule->license->timestamp = (yyvsp[(2) - (3)].license).timestamp;
++                currentModule->license->type = (yyvsp[-1].license).type;
++                currentModule->license->licensee = (yyvsp[-1].license).licensee;
++                currentModule->license->sig = (yyvsp[-1].license).signature;
++                currentModule->license->timestamp = (yyvsp[-1].license).timestamp;
+             }
+         }
++#line 3783 "../parser.c"
+     break;
+ 
+-  case 153:
+-#line 1545 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 153: /* license_args: %empty  */
++#line 1546 "parser.y"
++                {
+             resetLexerState();
+ 
+             (yyval.license).type = NULL;
+@@ -4123,242 +3792,265 @@ yyreduce:
+             (yyval.license).signature = NULL;
+             (yyval.license).timestamp = NULL;
+         }
++#line 3796 "../parser.c"
+     break;
+ 
+-  case 154:
+-#line 1553 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.license).type = (yyvsp[(1) - (1)].text);
++  case 154: /* license_args: TK_STRING_VALUE  */
++#line 1554 "parser.y"
++                        {
++            (yyval.license).type = (yyvsp[0].text);
+             (yyval.license).licensee = NULL;
+             (yyval.license).signature = NULL;
+             (yyval.license).timestamp = NULL;
+         }
++#line 3807 "../parser.c"
+     break;
+ 
+-  case 155:
+-#line 1559 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.license) = (yyvsp[(2) - (3)].license);
++  case 155: /* license_args: '(' license_arg_list ')'  */
++#line 1560 "parser.y"
++                                 {
++            (yyval.license) = (yyvsp[-1].license);
+         }
++#line 3815 "../parser.c"
+     break;
+ 
+-  case 157:
+-#line 1565 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.license) = (yyvsp[(1) - (3)].license);
++  case 157: /* license_arg_list: license_arg_list ',' license_arg  */
++#line 1566 "parser.y"
++                                         {
++            (yyval.license) = (yyvsp[-2].license);
+ 
+-            switch ((yyvsp[(3) - (3)].license).token)
++            switch ((yyvsp[0].license).token)
+             {
+-            case TK_TYPE: (yyval.license).type = (yyvsp[(3) - (3)].license).type; break;
+-            case TK_LICENSEE: (yyval.license).licensee = (yyvsp[(3) - (3)].license).licensee; break;
+-            case TK_SIGNATURE: (yyval.license).signature = (yyvsp[(3) - (3)].license).signature; break;
+-            case TK_TIMESTAMP: (yyval.license).timestamp = (yyvsp[(3) - (3)].license).timestamp; break;
++            case TK_TYPE: (yyval.license).type = (yyvsp[0].license).type; break;
++            case TK_LICENSEE: (yyval.license).licensee = (yyvsp[0].license).licensee; break;
++            case TK_SIGNATURE: (yyval.license).signature = (yyvsp[0].license).signature; break;
++            case TK_TIMESTAMP: (yyval.license).timestamp = (yyvsp[0].license).timestamp; break;
+             }
+         }
++#line 3831 "../parser.c"
+     break;
+ 
+-  case 158:
+-#line 1578 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 158: /* license_arg: TK_TYPE '=' TK_STRING_VALUE  */
++#line 1579 "parser.y"
++                                            {
+             (yyval.license).token = TK_NAME;
+ 
+-            (yyval.license).type = (yyvsp[(3) - (3)].text);
++            (yyval.license).type = (yyvsp[0].text);
+             (yyval.license).licensee = NULL;
+             (yyval.license).signature = NULL;
+             (yyval.license).timestamp = NULL;
+         }
++#line 3844 "../parser.c"
+     break;
+ 
+-  case 159:
+-#line 1586 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 159: /* license_arg: TK_LICENSEE '=' TK_STRING_VALUE  */
++#line 1587 "parser.y"
++                                        {
+             (yyval.license).token = TK_LICENSEE;
+ 
+             (yyval.license).type = NULL;
+-            (yyval.license).licensee = (yyvsp[(3) - (3)].text);
++            (yyval.license).licensee = (yyvsp[0].text);
+             (yyval.license).signature = NULL;
+             (yyval.license).timestamp = NULL;
+         }
++#line 3857 "../parser.c"
+     break;
+ 
+-  case 160:
+-#line 1594 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 160: /* license_arg: TK_SIGNATURE '=' TK_STRING_VALUE  */
++#line 1595 "parser.y"
++                                         {
+             (yyval.license).token = TK_SIGNATURE;
+ 
+             (yyval.license).type = NULL;
+             (yyval.license).licensee = NULL;
+-            (yyval.license).signature = (yyvsp[(3) - (3)].text);
++            (yyval.license).signature = (yyvsp[0].text);
+             (yyval.license).timestamp = NULL;
+         }
++#line 3870 "../parser.c"
+     break;
+ 
+-  case 161:
+-#line 1602 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 161: /* license_arg: TK_TIMESTAMP '=' TK_STRING_VALUE  */
++#line 1603 "parser.y"
++                                         {
+             (yyval.license).token = TK_TIMESTAMP;
+ 
+             (yyval.license).type = NULL;
+             (yyval.license).licensee = NULL;
+             (yyval.license).signature = NULL;
+-            (yyval.license).timestamp = (yyvsp[(3) - (3)].text);
++            (yyval.license).timestamp = (yyvsp[0].text);
+         }
++#line 3883 "../parser.c"
+     break;
+ 
+-  case 162:
+-#line 1612 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 162: /* defmetatype: TK_DEFMETATYPE defmetatype_args  */
++#line 1613 "parser.y"
++                                                {
+             if (notSkipping())
+             {
+                 if (currentModule->defmetatype != NULL)
+                     yyerror("%DefaultMetatype has already been defined for this module");
+ 
+-                currentModule->defmetatype = cacheName(currentSpec, (yyvsp[(2) - (2)].defmetatype).name);
++                currentModule->defmetatype = cacheName(currentSpec, (yyvsp[0].defmetatype).name);
+             }
+         }
++#line 3897 "../parser.c"
+     break;
+ 
+-  case 163:
+-#line 1623 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 163: /* defmetatype_args: dottedname  */
++#line 1624 "parser.y"
++                               {
+             resetLexerState();
+ 
+-            (yyval.defmetatype).name = (yyvsp[(1) - (1)].text);
++            (yyval.defmetatype).name = (yyvsp[0].text);
+         }
++#line 3907 "../parser.c"
+     break;
+ 
+-  case 164:
+-#line 1628 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defmetatype) = (yyvsp[(2) - (3)].defmetatype);
++  case 164: /* defmetatype_args: '(' defmetatype_arg_list ')'  */
++#line 1629 "parser.y"
++                                     {
++            (yyval.defmetatype) = (yyvsp[-1].defmetatype);
+         }
++#line 3915 "../parser.c"
+     break;
+ 
+-  case 166:
+-#line 1634 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defmetatype) = (yyvsp[(1) - (3)].defmetatype);
++  case 166: /* defmetatype_arg_list: defmetatype_arg_list ',' defmetatype_arg  */
++#line 1635 "parser.y"
++                                                 {
++            (yyval.defmetatype) = (yyvsp[-2].defmetatype);
+ 
+-            switch ((yyvsp[(3) - (3)].defmetatype).token)
++            switch ((yyvsp[0].defmetatype).token)
+             {
+-            case TK_NAME: (yyval.defmetatype).name = (yyvsp[(3) - (3)].defmetatype).name; break;
++            case TK_NAME: (yyval.defmetatype).name = (yyvsp[0].defmetatype).name; break;
+             }
+         }
++#line 3928 "../parser.c"
+     break;
+ 
+-  case 167:
+-#line 1644 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 167: /* defmetatype_arg: TK_NAME '=' dottedname  */
++#line 1645 "parser.y"
++                                           {
+             (yyval.defmetatype).token = TK_NAME;
+ 
+-            (yyval.defmetatype).name = (yyvsp[(3) - (3)].text);
++            (yyval.defmetatype).name = (yyvsp[0].text);
+         }
++#line 3938 "../parser.c"
+     break;
+ 
+-  case 168:
+-#line 1651 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 168: /* defsupertype: TK_DEFSUPERTYPE defsupertype_args  */
++#line 1652 "parser.y"
++                                                  {
+             if (notSkipping())
+             {
+                 if (currentModule->defsupertype != NULL)
+                     yyerror("%DefaultSupertype has already been defined for this module");
+ 
+-                currentModule->defsupertype = cacheName(currentSpec, (yyvsp[(2) - (2)].defsupertype).name);
++                currentModule->defsupertype = cacheName(currentSpec, (yyvsp[0].defsupertype).name);
+             }
+         }
++#line 3952 "../parser.c"
+     break;
+ 
+-  case 169:
+-#line 1662 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 169: /* defsupertype_args: dottedname  */
++#line 1663 "parser.y"
++                               {
+             resetLexerState();
+ 
+-            (yyval.defsupertype).name = (yyvsp[(1) - (1)].text);
++            (yyval.defsupertype).name = (yyvsp[0].text);
+         }
++#line 3962 "../parser.c"
+     break;
+ 
+-  case 170:
+-#line 1667 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defsupertype) = (yyvsp[(2) - (3)].defsupertype);
++  case 170: /* defsupertype_args: '(' defsupertype_arg_list ')'  */
++#line 1668 "parser.y"
++                                      {
++            (yyval.defsupertype) = (yyvsp[-1].defsupertype);
+         }
++#line 3970 "../parser.c"
+     break;
+ 
+-  case 172:
+-#line 1673 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.defsupertype) = (yyvsp[(1) - (3)].defsupertype);
++  case 172: /* defsupertype_arg_list: defsupertype_arg_list ',' defsupertype_arg  */
++#line 1674 "parser.y"
++                                                   {
++            (yyval.defsupertype) = (yyvsp[-2].defsupertype);
+ 
+-            switch ((yyvsp[(3) - (3)].defsupertype).token)
++            switch ((yyvsp[0].defsupertype).token)
+             {
+-            case TK_NAME: (yyval.defsupertype).name = (yyvsp[(3) - (3)].defsupertype).name; break;
++            case TK_NAME: (yyval.defsupertype).name = (yyvsp[0].defsupertype).name; break;
+             }
+         }
++#line 3983 "../parser.c"
+     break;
+ 
+-  case 173:
+-#line 1683 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 173: /* defsupertype_arg: TK_NAME '=' dottedname  */
++#line 1684 "parser.y"
++                                           {
+             (yyval.defsupertype).token = TK_NAME;
+ 
+-            (yyval.defsupertype).name = (yyvsp[(3) - (3)].text);
++            (yyval.defsupertype).name = (yyvsp[0].text);
+         }
++#line 3993 "../parser.c"
+     break;
+ 
+-  case 174:
+-#line 1690 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 174: /* hiddenns: TK_HIDE_NS hiddenns_args  */
++#line 1691 "parser.y"
++                                     {
+             if (notSkipping())
+             {
+                 classDef *ns;
+ 
+                 ns = newClass(currentSpec, namespace_iface, NULL,
+-                        fullyQualifiedName((yyvsp[(2) - (2)].hiddenns).name), NULL, NULL, NULL, NULL);
++                        fullyQualifiedName((yyvsp[0].hiddenns).name), NULL, NULL, NULL, NULL);
+                 setHiddenNamespace(ns);
+             }
+         }
++#line 4008 "../parser.c"
+     break;
+ 
+-  case 175:
+-#line 1702 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 175: /* hiddenns_args: scopedname  */
++#line 1703 "parser.y"
++                           {
+             resetLexerState();
+ 
+-            (yyval.hiddenns).name = (yyvsp[(1) - (1)].scpvalp);
++            (yyval.hiddenns).name = (yyvsp[0].scpvalp);
+         }
++#line 4018 "../parser.c"
+     break;
+ 
+-  case 176:
+-#line 1707 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.hiddenns) = (yyvsp[(2) - (3)].hiddenns);
++  case 176: /* hiddenns_args: '(' hiddenns_arg_list ')'  */
++#line 1708 "parser.y"
++                                  {
++            (yyval.hiddenns) = (yyvsp[-1].hiddenns);
+         }
++#line 4026 "../parser.c"
+     break;
+ 
+-  case 178:
+-#line 1713 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.hiddenns) = (yyvsp[(1) - (3)].hiddenns);
++  case 178: /* hiddenns_arg_list: hiddenns_arg_list ',' hiddenns_arg  */
++#line 1714 "parser.y"
++                                           {
++            (yyval.hiddenns) = (yyvsp[-2].hiddenns);
+ 
+-            switch ((yyvsp[(3) - (3)].hiddenns).token)
++            switch ((yyvsp[0].hiddenns).token)
+             {
+-            case TK_NAME: (yyval.hiddenns).name = (yyvsp[(3) - (3)].hiddenns).name; break;
++            case TK_NAME: (yyval.hiddenns).name = (yyvsp[0].hiddenns).name; break;
+             }
+         }
++#line 4039 "../parser.c"
+     break;
+ 
+-  case 179:
+-#line 1723 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 179: /* hiddenns_arg: TK_NAME '=' scopedname  */
++#line 1724 "parser.y"
++                                       {
+             (yyval.hiddenns).token = TK_NAME;
+ 
+-            (yyval.hiddenns).name = (yyvsp[(3) - (3)].scpvalp);
++            (yyval.hiddenns).name = (yyvsp[0].scpvalp);
+         }
++#line 4049 "../parser.c"
+     break;
+ 
+-  case 180:
+-#line 1730 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 180: /* consmodule: TK_CONSMODULE consmodule_args consmodule_body  */
++#line 1731 "parser.y"
++                                                          {
+             deprecated("%ConsolidatedModule is deprecated and will not be supported by SIP v5");
+ 
+             if (notSkipping())
+@@ -4370,99 +4062,109 @@ yyreduce:
+                 if (currentModule->fullname != NULL)
+                     yyerror("%ConsolidatedModule must appear before any %Module or %CModule directive");
+ 
+-                setModuleName(currentSpec, currentModule, (yyvsp[(2) - (3)].consmodule).name);
+-                currentModule->docstring = (yyvsp[(3) - (3)].consmodule).docstring;
++                setModuleName(currentSpec, currentModule, (yyvsp[-1].consmodule).name);
++                currentModule->docstring = (yyvsp[0].consmodule).docstring;
+ 
+                 setIsConsolidated(currentModule);
+             }
+         }
++#line 4072 "../parser.c"
+     break;
+ 
+-  case 181:
+-#line 1750 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 181: /* consmodule_args: dottedname  */
++#line 1751 "parser.y"
++                               {
+             resetLexerState();
+ 
+-            (yyval.consmodule).name = (yyvsp[(1) - (1)].text);
++            (yyval.consmodule).name = (yyvsp[0].text);
+         }
++#line 4082 "../parser.c"
+     break;
+ 
+-  case 182:
+-#line 1755 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.consmodule) = (yyvsp[(2) - (3)].consmodule);
++  case 182: /* consmodule_args: '(' consmodule_arg_list ')'  */
++#line 1756 "parser.y"
++                                    {
++            (yyval.consmodule) = (yyvsp[-1].consmodule);
+         }
++#line 4090 "../parser.c"
+     break;
+ 
+-  case 184:
+-#line 1761 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.consmodule) = (yyvsp[(1) - (3)].consmodule);
++  case 184: /* consmodule_arg_list: consmodule_arg_list ',' consmodule_arg  */
++#line 1762 "parser.y"
++                                               {
++            (yyval.consmodule) = (yyvsp[-2].consmodule);
+ 
+-            switch ((yyvsp[(3) - (3)].consmodule).token)
++            switch ((yyvsp[0].consmodule).token)
+             {
+-            case TK_NAME: (yyval.consmodule).name = (yyvsp[(3) - (3)].consmodule).name; break;
++            case TK_NAME: (yyval.consmodule).name = (yyvsp[0].consmodule).name; break;
+             }
+         }
++#line 4103 "../parser.c"
+     break;
+ 
+-  case 185:
+-#line 1771 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 185: /* consmodule_arg: TK_NAME '=' dottedname  */
++#line 1772 "parser.y"
++                                       {
+             (yyval.consmodule).token = TK_NAME;
+ 
+-            (yyval.consmodule).name = (yyvsp[(3) - (3)].text);
++            (yyval.consmodule).name = (yyvsp[0].text);
+         }
++#line 4113 "../parser.c"
+     break;
+ 
+-  case 186:
+-#line 1778 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 186: /* consmodule_body: %empty  */
++#line 1779 "parser.y"
++                    {
+             (yyval.consmodule).token = 0;
+             (yyval.consmodule).docstring = NULL;
+         }
++#line 4122 "../parser.c"
+     break;
+ 
+-  case 187:
+-#line 1782 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.consmodule) = (yyvsp[(2) - (4)].consmodule);
++  case 187: /* consmodule_body: '{' consmodule_body_directives '}' ';'  */
++#line 1783 "parser.y"
++                                               {
++            (yyval.consmodule) = (yyvsp[-2].consmodule);
+         }
++#line 4130 "../parser.c"
+     break;
+ 
+-  case 189:
+-#line 1788 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.consmodule) = (yyvsp[(1) - (2)].consmodule);
++  case 189: /* consmodule_body_directives: consmodule_body_directives consmodule_body_directive  */
++#line 1789 "parser.y"
++                                                             {
++            (yyval.consmodule) = (yyvsp[-1].consmodule);
+ 
+-            switch ((yyvsp[(2) - (2)].consmodule).token)
++            switch ((yyvsp[0].consmodule).token)
+             {
+-            case TK_DOCSTRING: (yyval.consmodule).docstring = (yyvsp[(2) - (2)].consmodule).docstring; break;
++            case TK_DOCSTRING: (yyval.consmodule).docstring = (yyvsp[0].consmodule).docstring; break;
+             }
+         }
++#line 4143 "../parser.c"
+     break;
+ 
+-  case 190:
+-#line 1798 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 190: /* consmodule_body_directive: ifstart  */
++#line 1799 "parser.y"
++                                    {
+             (yyval.consmodule).token = TK_IF;
+         }
++#line 4151 "../parser.c"
+     break;
+ 
+-  case 191:
+-#line 1801 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 191: /* consmodule_body_directive: ifend  */
++#line 1802 "parser.y"
++              {
+             (yyval.consmodule).token = TK_END;
+         }
++#line 4159 "../parser.c"
+     break;
+ 
+-  case 192:
+-#line 1804 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 192: /* consmodule_body_directive: docstring  */
++#line 1805 "parser.y"
++                  {
+             if (notSkipping())
+             {
+                 (yyval.consmodule).token = TK_DOCSTRING;
+-                (yyval.consmodule).docstring = (yyvsp[(1) - (1)].docstr);
++                (yyval.consmodule).docstring = (yyvsp[0].docstr);
+             }
+             else
+             {
+@@ -4470,11 +4172,12 @@ yyreduce:
+                 (yyval.consmodule).docstring = NULL;
+             }
+         }
++#line 4176 "../parser.c"
+     break;
+ 
+-  case 193:
+-#line 1818 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 193: /* compmodule: TK_COMPOMODULE compmodule_args compmodule_body  */
++#line 1819 "parser.y"
++                                                           {
+             if (notSkipping())
+             {
+                 /* Make sure this is the first mention of a module. */
+@@ -4484,99 +4187,109 @@ yyreduce:
+                 if (currentModule->fullname != NULL)
+                     yyerror("%CompositeModule must appear before any %Module directive");
+ 
+-                setModuleName(currentSpec, currentModule, (yyvsp[(2) - (3)].compmodule).name);
+-                currentModule->docstring = (yyvsp[(3) - (3)].compmodule).docstring;
++                setModuleName(currentSpec, currentModule, (yyvsp[-1].compmodule).name);
++                currentModule->docstring = (yyvsp[0].compmodule).docstring;
+ 
+                 setIsComposite(currentModule);
+             }
+         }
++#line 4197 "../parser.c"
+     break;
+ 
+-  case 194:
+-#line 1836 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 194: /* compmodule_args: dottedname  */
++#line 1837 "parser.y"
++                               {
+             resetLexerState();
+ 
+-            (yyval.compmodule).name = (yyvsp[(1) - (1)].text);
++            (yyval.compmodule).name = (yyvsp[0].text);
+         }
++#line 4207 "../parser.c"
+     break;
+ 
+-  case 195:
+-#line 1841 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.compmodule) = (yyvsp[(2) - (3)].compmodule);
++  case 195: /* compmodule_args: '(' compmodule_arg_list ')'  */
++#line 1842 "parser.y"
++                                    {
++            (yyval.compmodule) = (yyvsp[-1].compmodule);
+         }
++#line 4215 "../parser.c"
+     break;
+ 
+-  case 197:
+-#line 1847 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.compmodule) = (yyvsp[(1) - (3)].compmodule);
++  case 197: /* compmodule_arg_list: compmodule_arg_list ',' compmodule_arg  */
++#line 1848 "parser.y"
++                                               {
++            (yyval.compmodule) = (yyvsp[-2].compmodule);
+ 
+-            switch ((yyvsp[(3) - (3)].compmodule).token)
++            switch ((yyvsp[0].compmodule).token)
+             {
+-            case TK_NAME: (yyval.compmodule).name = (yyvsp[(3) - (3)].compmodule).name; break;
++            case TK_NAME: (yyval.compmodule).name = (yyvsp[0].compmodule).name; break;
+             }
+         }
++#line 4228 "../parser.c"
+     break;
+ 
+-  case 198:
+-#line 1857 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 198: /* compmodule_arg: TK_NAME '=' dottedname  */
++#line 1858 "parser.y"
++                                       {
+             (yyval.compmodule).token = TK_NAME;
+ 
+-            (yyval.compmodule).name = (yyvsp[(3) - (3)].text);
++            (yyval.compmodule).name = (yyvsp[0].text);
+         }
++#line 4238 "../parser.c"
+     break;
+ 
+-  case 199:
+-#line 1864 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 199: /* compmodule_body: %empty  */
++#line 1865 "parser.y"
++                    {
+             (yyval.compmodule).token = 0;
+             (yyval.compmodule).docstring = NULL;
+         }
++#line 4247 "../parser.c"
+     break;
+ 
+-  case 200:
+-#line 1868 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.compmodule) = (yyvsp[(2) - (4)].compmodule);
++  case 200: /* compmodule_body: '{' compmodule_body_directives '}' ';'  */
++#line 1869 "parser.y"
++                                               {
++            (yyval.compmodule) = (yyvsp[-2].compmodule);
+         }
++#line 4255 "../parser.c"
+     break;
+ 
+-  case 202:
+-#line 1874 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.compmodule) = (yyvsp[(1) - (2)].compmodule);
++  case 202: /* compmodule_body_directives: compmodule_body_directives compmodule_body_directive  */
++#line 1875 "parser.y"
++                                                             {
++            (yyval.compmodule) = (yyvsp[-1].compmodule);
+ 
+-            switch ((yyvsp[(2) - (2)].compmodule).token)
++            switch ((yyvsp[0].compmodule).token)
+             {
+-            case TK_DOCSTRING: (yyval.compmodule).docstring = (yyvsp[(2) - (2)].compmodule).docstring; break;
++            case TK_DOCSTRING: (yyval.compmodule).docstring = (yyvsp[0].compmodule).docstring; break;
+             }
+         }
++#line 4268 "../parser.c"
+     break;
+ 
+-  case 203:
+-#line 1884 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 203: /* compmodule_body_directive: ifstart  */
++#line 1885 "parser.y"
++                                    {
+             (yyval.compmodule).token = TK_IF;
+         }
++#line 4276 "../parser.c"
+     break;
+ 
+-  case 204:
+-#line 1887 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 204: /* compmodule_body_directive: ifend  */
++#line 1888 "parser.y"
++              {
+             (yyval.compmodule).token = TK_END;
+         }
++#line 4284 "../parser.c"
+     break;
+ 
+-  case 205:
+-#line 1890 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 205: /* compmodule_body_directive: docstring  */
++#line 1891 "parser.y"
++                  {
+             if (notSkipping())
+             {
+                 (yyval.compmodule).token = TK_DOCSTRING;
+-                (yyval.compmodule).docstring = (yyvsp[(1) - (1)].docstr);
++                (yyval.compmodule).docstring = (yyvsp[0].docstr);
+             }
+             else
+             {
+@@ -4584,107 +4297,119 @@ yyreduce:
+                 (yyval.compmodule).docstring = NULL;
+             }
+         }
++#line 4301 "../parser.c"
+     break;
+ 
+-  case 206:
+-#line 1904 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if ((yyvsp[(2) - (3)].module).name == NULL)
++  case 206: /* module: TK_MODULE module_args module_body  */
++#line 1905 "parser.y"
++                                          {
++            if ((yyvsp[-1].module).name == NULL)
+                 yyerror("%Module must have a 'name' argument");
+ 
+             if (notSkipping())
+                 currentModule = configureModule(currentSpec, currentModule,
+-                        currentContext.filename, (yyvsp[(2) - (3)].module).name, (yyvsp[(2) - (3)].module).c_module,
+-                        (yyvsp[(2) - (3)].module).kwargs, (yyvsp[(2) - (3)].module).use_arg_names, (yyvsp[(2) - (3)].module).use_limited_api,
+-                        (yyvsp[(2) - (3)].module).call_super_init, (yyvsp[(2) - (3)].module).all_raise_py_exc,
+-                        (yyvsp[(2) - (3)].module).def_error_handler, (yyvsp[(3) - (3)].module).docstring);
+-        }
++                        currentContext.filename, (yyvsp[-1].module).name, (yyvsp[-1].module).c_module,
++                        (yyvsp[-1].module).kwargs, (yyvsp[-1].module).use_arg_names, (yyvsp[-1].module).py_ssize_t_clean,
++                        (yyvsp[-1].module).use_limited_api, (yyvsp[-1].module).call_super_init,
++                        (yyvsp[-1].module).all_raise_py_exc, (yyvsp[-1].module).def_error_handler,
++                        (yyvsp[0].module).docstring);
++        }
++#line 4318 "../parser.c"
+     break;
+ 
+-  case 207:
+-#line 1915 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 207: /* module: TK_CMODULE dottedname optnumber  */
++#line 1917 "parser.y"
++                                        {
+             deprecated("%CModule is deprecated, use %Module and the 'language' argument instead");
+ 
+             if (notSkipping())
+                 currentModule = configureModule(currentSpec, currentModule,
+-                        currentContext.filename, (yyvsp[(2) - (3)].text), TRUE, defaultKwArgs,
+-                        FALSE, FALSE, -1, FALSE, NULL, NULL);
++                        currentContext.filename, (yyvsp[-1].text), TRUE, defaultKwArgs,
++                        FALSE, FALSE, FALSE, -1, FALSE, NULL, NULL);
+         }
++#line 4331 "../parser.c"
+     break;
+ 
+-  case 208:
+-#line 1925 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {resetLexerState();}
++  case 208: /* $@8: %empty  */
++#line 1927 "parser.y"
++                           {resetLexerState();}
++#line 4337 "../parser.c"
+     break;
+ 
+-  case 209:
+-#line 1925 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if ((yyvsp[(3) - (3)].number) >= 0)
++  case 209: /* module_args: dottedname $@8 optnumber  */
++#line 1927 "parser.y"
++                                                          {
++            if ((yyvsp[0].number) >= 0)
+                 deprecated("%Module version number should be specified using the 'version' argument");
+ 
+             (yyval.module).c_module = FALSE;
+             (yyval.module).kwargs = defaultKwArgs;
+-            (yyval.module).name = (yyvsp[(1) - (3)].text);
++            (yyval.module).name = (yyvsp[-2].text);
+             (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+             (yyval.module).all_raise_py_exc = FALSE;
+             (yyval.module).call_super_init = -1;
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4356 "../parser.c"
+     break;
+ 
+-  case 210:
+-#line 1938 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.module) = (yyvsp[(2) - (3)].module);
++  case 210: /* module_args: '(' module_arg_list ')'  */
++#line 1941 "parser.y"
++                                {
++            (yyval.module) = (yyvsp[-1].module);
+         }
++#line 4364 "../parser.c"
+     break;
+ 
+-  case 212:
+-#line 1944 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.module) = (yyvsp[(1) - (3)].module);
++  case 212: /* module_arg_list: module_arg_list ',' module_arg  */
++#line 1947 "parser.y"
++                                       {
++            (yyval.module) = (yyvsp[-2].module);
+ 
+-            switch ((yyvsp[(3) - (3)].module).token)
++            switch ((yyvsp[0].module).token)
+             {
+-            case TK_KWARGS: (yyval.module).kwargs = (yyvsp[(3) - (3)].module).kwargs; break;
+-            case TK_LANGUAGE: (yyval.module).c_module = (yyvsp[(3) - (3)].module).c_module; break;
+-            case TK_NAME: (yyval.module).name = (yyvsp[(3) - (3)].module).name; break;
+-            case TK_USEARGNAMES: (yyval.module).use_arg_names = (yyvsp[(3) - (3)].module).use_arg_names; break;
+-            case TK_USELIMITEDAPI: (yyval.module).use_limited_api = (yyvsp[(3) - (3)].module).use_limited_api; break;
+-            case TK_ALLRAISEPYEXC: (yyval.module).all_raise_py_exc = (yyvsp[(3) - (3)].module).all_raise_py_exc; break;
+-            case TK_CALLSUPERINIT: (yyval.module).call_super_init = (yyvsp[(3) - (3)].module).call_super_init; break;
+-            case TK_DEFERRORHANDLER: (yyval.module).def_error_handler = (yyvsp[(3) - (3)].module).def_error_handler; break;
++            case TK_KWARGS: (yyval.module).kwargs = (yyvsp[0].module).kwargs; break;
++            case TK_LANGUAGE: (yyval.module).c_module = (yyvsp[0].module).c_module; break;
++            case TK_NAME: (yyval.module).name = (yyvsp[0].module).name; break;
++            case TK_USEARGNAMES: (yyval.module).use_arg_names = (yyvsp[0].module).use_arg_names; break;
++            case TK_PYSSIZETCLEAN: (yyval.module).py_ssize_t_clean = (yyvsp[0].module).py_ssize_t_clean; break;
++            case TK_USELIMITEDAPI: (yyval.module).use_limited_api = (yyvsp[0].module).use_limited_api; break;
++            case TK_ALLRAISEPYEXC: (yyval.module).all_raise_py_exc = (yyvsp[0].module).all_raise_py_exc; break;
++            case TK_CALLSUPERINIT: (yyval.module).call_super_init = (yyvsp[0].module).call_super_init; break;
++            case TK_DEFERRORHANDLER: (yyval.module).def_error_handler = (yyvsp[0].module).def_error_handler; break;
+             }
+         }
++#line 4385 "../parser.c"
+     break;
+ 
+-  case 213:
+-#line 1961 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 213: /* module_arg: TK_KWARGS '=' TK_STRING_VALUE  */
++#line 1965 "parser.y"
++                                          {
+             (yyval.module).token = TK_KWARGS;
+ 
+             (yyval.module).c_module = FALSE;
+-            (yyval.module).kwargs = convertKwArgs((yyvsp[(3) - (3)].text));
++            (yyval.module).kwargs = convertKwArgs((yyvsp[0].text));
+             (yyval.module).name = NULL;
+             (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+             (yyval.module).all_raise_py_exc = FALSE;
+             (yyval.module).call_super_init = -1;
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4403 "../parser.c"
+     break;
+ 
+-  case 214:
+-#line 1973 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 214: /* module_arg: TK_LANGUAGE '=' TK_STRING_VALUE  */
++#line 1978 "parser.y"
++                                        {
+             (yyval.module).token = TK_LANGUAGE;
+ 
+-            if (strcmp((yyvsp[(3) - (3)].text), "C++") == 0)
++            if (strcmp((yyvsp[0].text), "C++") == 0)
+                 (yyval.module).c_module = FALSE;
+-            else if (strcmp((yyvsp[(3) - (3)].text), "C") == 0)
++            else if (strcmp((yyvsp[0].text), "C") == 0)
+                 (yyval.module).c_module = TRUE;
+             else
+                 yyerror("%Module 'language' argument must be either \"C++\" or \"C\"");
+@@ -4692,115 +4417,147 @@ yyreduce:
+             (yyval.module).kwargs = defaultKwArgs;
+             (yyval.module).name = NULL;
+             (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+             (yyval.module).all_raise_py_exc = FALSE;
+             (yyval.module).call_super_init = -1;
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4427 "../parser.c"
+     break;
+ 
+-  case 215:
+-#line 1991 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 215: /* module_arg: TK_NAME '=' dottedname  */
++#line 1997 "parser.y"
++                               {
+             (yyval.module).token = TK_NAME;
+ 
+             (yyval.module).c_module = FALSE;
+             (yyval.module).kwargs = defaultKwArgs;
+-            (yyval.module).name = (yyvsp[(3) - (3)].text);
++            (yyval.module).name = (yyvsp[0].text);
+             (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+             (yyval.module).all_raise_py_exc = FALSE;
+             (yyval.module).call_super_init = -1;
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4445 "../parser.c"
+     break;
+ 
+-  case 216:
+-#line 2003 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 216: /* module_arg: TK_USEARGNAMES '=' bool_value  */
++#line 2010 "parser.y"
++                                      {
+             (yyval.module).token = TK_USEARGNAMES;
+ 
+             (yyval.module).c_module = FALSE;
+             (yyval.module).kwargs = defaultKwArgs;
+             (yyval.module).name = NULL;
+-            (yyval.module).use_arg_names = (yyvsp[(3) - (3)].boolean);
++            (yyval.module).use_arg_names = (yyvsp[0].boolean);
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+             (yyval.module).all_raise_py_exc = FALSE;
+             (yyval.module).call_super_init = -1;
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4463 "../parser.c"
+     break;
+ 
+-  case 217:
+-#line 2015 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 217: /* module_arg: TK_PYSSIZETCLEAN '=' bool_value  */
++#line 2023 "parser.y"
++                                        {
++            (yyval.module).token = TK_PYSSIZETCLEAN;
++
++            (yyval.module).c_module = FALSE;
++            (yyval.module).kwargs = defaultKwArgs;
++            (yyval.module).name = NULL;
++            (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = (yyvsp[0].boolean);
++            (yyval.module).use_limited_api = FALSE;
++            (yyval.module).all_raise_py_exc = FALSE;
++            (yyval.module).call_super_init = -1;
++            (yyval.module).def_error_handler = NULL;
++        }
++#line 4481 "../parser.c"
++    break;
++
++  case 218: /* module_arg: TK_USELIMITEDAPI '=' bool_value  */
++#line 2036 "parser.y"
++                                        {
+             (yyval.module).token = TK_USELIMITEDAPI;
+ 
+             (yyval.module).c_module = FALSE;
+             (yyval.module).kwargs = defaultKwArgs;
+             (yyval.module).name = NULL;
+             (yyval.module).use_arg_names = FALSE;
+-            (yyval.module).use_limited_api = (yyvsp[(3) - (3)].boolean);
++            (yyval.module).py_ssize_t_clean = FALSE;
++            (yyval.module).use_limited_api = (yyvsp[0].boolean);
+             (yyval.module).all_raise_py_exc = FALSE;
+             (yyval.module).call_super_init = -1;
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4499 "../parser.c"
+     break;
+ 
+-  case 218:
+-#line 2027 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 219: /* module_arg: TK_ALLRAISEPYEXC '=' bool_value  */
++#line 2049 "parser.y"
++                                        {
+             (yyval.module).token = TK_ALLRAISEPYEXC;
+ 
+             (yyval.module).c_module = FALSE;
+             (yyval.module).kwargs = defaultKwArgs;
+             (yyval.module).name = NULL;
+             (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+-            (yyval.module).all_raise_py_exc = (yyvsp[(3) - (3)].boolean);
++            (yyval.module).all_raise_py_exc = (yyvsp[0].boolean);
+             (yyval.module).call_super_init = -1;
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4517 "../parser.c"
+     break;
+ 
+-  case 219:
+-#line 2039 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 220: /* module_arg: TK_CALLSUPERINIT '=' bool_value  */
++#line 2062 "parser.y"
++                                        {
+             (yyval.module).token = TK_CALLSUPERINIT;
+ 
+             (yyval.module).c_module = FALSE;
+             (yyval.module).kwargs = defaultKwArgs;
+             (yyval.module).name = NULL;
+             (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+             (yyval.module).all_raise_py_exc = FALSE;
+-            (yyval.module).call_super_init = (yyvsp[(3) - (3)].boolean);
++            (yyval.module).call_super_init = (yyvsp[0].boolean);
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4535 "../parser.c"
+     break;
+ 
+-  case 220:
+-#line 2051 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 221: /* module_arg: TK_DEFERRORHANDLER '=' TK_NAME_VALUE  */
++#line 2075 "parser.y"
++                                             {
+             (yyval.module).token = TK_DEFERRORHANDLER;
+ 
+             (yyval.module).c_module = FALSE;
+             (yyval.module).kwargs = defaultKwArgs;
+             (yyval.module).name = NULL;
+             (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+             (yyval.module).all_raise_py_exc = FALSE;
+             (yyval.module).call_super_init = -1;
+-            (yyval.module).def_error_handler = (yyvsp[(3) - (3)].text);
++            (yyval.module).def_error_handler = (yyvsp[0].text);
+         }
++#line 4553 "../parser.c"
+     break;
+ 
+-  case 221:
+-#line 2063 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 222: /* module_arg: TK_VERSION '=' TK_NUMBER_VALUE  */
++#line 2088 "parser.y"
++                                       {
+             deprecated("%Module version numbers are deprecated and ignored");
+ 
+-            if ((yyvsp[(3) - (3)].number) < 0)
++            if ((yyvsp[0].number) < 0)
+                 yyerror("%Module 'version' argument cannot be negative");
+ 
+             (yyval.module).token = TK_VERSION;
+@@ -4809,68 +4566,76 @@ yyreduce:
+             (yyval.module).kwargs = defaultKwArgs;
+             (yyval.module).name = NULL;
+             (yyval.module).use_arg_names = FALSE;
++            (yyval.module).py_ssize_t_clean = FALSE;
+             (yyval.module).use_limited_api = FALSE;
+             (yyval.module).all_raise_py_exc = FALSE;
+             (yyval.module).call_super_init = -1;
+             (yyval.module).def_error_handler = NULL;
+         }
++#line 4576 "../parser.c"
+     break;
+ 
+-  case 222:
+-#line 2082 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 223: /* module_body: %empty  */
++#line 2108 "parser.y"
++                {
+             (yyval.module).token = 0;
+             (yyval.module).docstring = NULL;
+         }
++#line 4585 "../parser.c"
+     break;
+ 
+-  case 223:
+-#line 2086 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.module) = (yyvsp[(2) - (4)].module);
++  case 224: /* module_body: '{' module_body_directives '}' ';'  */
++#line 2112 "parser.y"
++                                           {
++            (yyval.module) = (yyvsp[-2].module);
+         }
++#line 4593 "../parser.c"
+     break;
+ 
+-  case 225:
+-#line 2092 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.module) = (yyvsp[(1) - (2)].module);
++  case 226: /* module_body_directives: module_body_directives module_body_directive  */
++#line 2118 "parser.y"
++                                                     {
++            (yyval.module) = (yyvsp[-1].module);
+ 
+-            switch ((yyvsp[(2) - (2)].module).token)
++            switch ((yyvsp[0].module).token)
+             {
+-            case TK_DOCSTRING: (yyval.module).docstring = (yyvsp[(2) - (2)].module).docstring; break;
++            case TK_DOCSTRING: (yyval.module).docstring = (yyvsp[0].module).docstring; break;
+             }
+         }
++#line 4606 "../parser.c"
+     break;
+ 
+-  case 226:
+-#line 2102 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 227: /* module_body_directive: ifstart  */
++#line 2128 "parser.y"
++                                {
+             (yyval.module).token = TK_IF;
+         }
++#line 4614 "../parser.c"
+     break;
+ 
+-  case 227:
+-#line 2105 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 228: /* module_body_directive: ifend  */
++#line 2131 "parser.y"
++              {
+             (yyval.module).token = TK_END;
+         }
++#line 4622 "../parser.c"
+     break;
+ 
+-  case 228:
+-#line 2108 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 229: /* module_body_directive: autopyname  */
++#line 2134 "parser.y"
++                   {
+             (yyval.module).token = TK_AUTOPYNAME;
+         }
++#line 4630 "../parser.c"
+     break;
+ 
+-  case 229:
+-#line 2111 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 230: /* module_body_directive: docstring  */
++#line 2137 "parser.y"
++                  {
+             if (notSkipping())
+             {
+                 (yyval.module).token = TK_DOCSTRING;
+-                (yyval.module).docstring = (yyvsp[(1) - (1)].docstr);
++                (yyval.module).docstring = (yyvsp[0].docstr);
+             }
+             else
+             {
+@@ -4878,11 +4643,12 @@ yyreduce:
+                 (yyval.module).docstring = NULL;
+             }
+         }
++#line 4647 "../parser.c"
+     break;
+ 
+-  case 231:
+-#line 2126 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 232: /* dottedname: TK_PATH_VALUE  */
++#line 2152 "parser.y"
++                      {
+             /*
+              * The grammar design is a bit broken and this is the easiest way
+              * to allow periods in names.
+@@ -4890,435 +4656,487 @@ yyreduce:
+ 
+             char *cp;
+ 
+-            for (cp = (yyvsp[(1) - (1)].text); *cp != '\0'; ++cp)
++            for (cp = (yyvsp[0].text); *cp != '\0'; ++cp)
+                 if (*cp != '.' && *cp != '_' && !isalnum(*cp))
+                     yyerror("Invalid character in name");
+ 
+-            (yyval.text) = (yyvsp[(1) - (1)].text);
++            (yyval.text) = (yyvsp[0].text);
+         }
++#line 4666 "../parser.c"
+     break;
+ 
+-  case 232:
+-#line 2142 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 233: /* optnumber: %empty  */
++#line 2168 "parser.y"
++            {
+             (yyval.number) = -1;
+         }
++#line 4674 "../parser.c"
+     break;
+ 
+-  case 234:
+-#line 2148 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if ((yyvsp[(2) - (2)].include).name == NULL)
++  case 235: /* include: TK_INCLUDE include_args  */
++#line 2174 "parser.y"
++                                    {
++            if ((yyvsp[0].include).name == NULL)
+                 yyerror("%Include must have a 'name' argument");
+ 
+             if (notSkipping())
+-                parseFile(NULL, (yyvsp[(2) - (2)].include).name, NULL, (yyvsp[(2) - (2)].include).optional);
++                parseFile(NULL, (yyvsp[0].include).name, NULL, (yyvsp[0].include).optional);
+         }
++#line 4686 "../parser.c"
+     break;
+ 
+-  case 235:
+-#line 2157 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 236: /* include_args: TK_PATH_VALUE  */
++#line 2183 "parser.y"
++                              {
+             resetLexerState();
+ 
+-            (yyval.include).name = (yyvsp[(1) - (1)].text);
++            (yyval.include).name = (yyvsp[0].text);
+             (yyval.include).optional = FALSE;
+         }
++#line 4697 "../parser.c"
+     break;
+ 
+-  case 236:
+-#line 2163 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.include) = (yyvsp[(2) - (3)].include);
++  case 237: /* include_args: '(' include_arg_list ')'  */
++#line 2189 "parser.y"
++                                 {
++            (yyval.include) = (yyvsp[-1].include);
+         }
++#line 4705 "../parser.c"
+     break;
+ 
+-  case 238:
+-#line 2169 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.include) = (yyvsp[(1) - (3)].include);
++  case 239: /* include_arg_list: include_arg_list ',' include_arg  */
++#line 2195 "parser.y"
++                                         {
++            (yyval.include) = (yyvsp[-2].include);
+ 
+-            switch ((yyvsp[(3) - (3)].include).token)
++            switch ((yyvsp[0].include).token)
+             {
+-            case TK_NAME: (yyval.include).name = (yyvsp[(3) - (3)].include).name; break;
+-            case TK_OPTIONAL: (yyval.include).optional = (yyvsp[(3) - (3)].include).optional; break;
++            case TK_NAME: (yyval.include).name = (yyvsp[0].include).name; break;
++            case TK_OPTIONAL: (yyval.include).optional = (yyvsp[0].include).optional; break;
+             }
+         }
++#line 4719 "../parser.c"
+     break;
+ 
+-  case 239:
+-#line 2180 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 240: /* include_arg: TK_NAME '=' TK_PATH_VALUE  */
++#line 2206 "parser.y"
++                                          {
+             (yyval.include).token = TK_NAME;
+ 
+-            (yyval.include).name = (yyvsp[(3) - (3)].text);
++            (yyval.include).name = (yyvsp[0].text);
+             (yyval.include).optional = FALSE;
+         }
++#line 4730 "../parser.c"
+     break;
+ 
+-  case 240:
+-#line 2186 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 241: /* include_arg: TK_OPTIONAL '=' bool_value  */
++#line 2212 "parser.y"
++                                   {
+             (yyval.include).token = TK_OPTIONAL;
+ 
+             (yyval.include).name = NULL;
+-            (yyval.include).optional = (yyvsp[(3) - (3)].boolean);
++            (yyval.include).optional = (yyvsp[0].boolean);
+         }
++#line 4741 "../parser.c"
+     break;
+ 
+-  case 241:
+-#line 2194 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 242: /* optinclude: TK_OPTINCLUDE TK_PATH_VALUE  */
++#line 2220 "parser.y"
++                                        {
+             deprecated("%OptionalInclude is deprecated, use %Include and the 'optional' argument instead");
+ 
+             if (notSkipping())
+-                parseFile(NULL, (yyvsp[(2) - (2)].text), NULL, TRUE);
++                parseFile(NULL, (yyvsp[0].text), NULL, TRUE);
+         }
++#line 4752 "../parser.c"
+     break;
+ 
+-  case 242:
+-#line 2202 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 243: /* import: TK_IMPORT import_args  */
++#line 2228 "parser.y"
++                                  {
+             if (notSkipping())
+-                newImport((yyvsp[(2) - (2)].import).name);
++                newImport((yyvsp[0].import).name);
+         }
++#line 4761 "../parser.c"
+     break;
+ 
+-  case 243:
+-#line 2208 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 244: /* import_args: TK_PATH_VALUE  */
++#line 2234 "parser.y"
++                              {
+             resetLexerState();
+ 
+-            (yyval.import).name = (yyvsp[(1) - (1)].text);
++            (yyval.import).name = (yyvsp[0].text);
+         }
++#line 4771 "../parser.c"
+     break;
+ 
+-  case 244:
+-#line 2213 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.import) = (yyvsp[(2) - (3)].import);
++  case 245: /* import_args: '(' import_arg_list ')'  */
++#line 2239 "parser.y"
++                                {
++            (yyval.import) = (yyvsp[-1].import);
+         }
++#line 4779 "../parser.c"
+     break;
+ 
+-  case 246:
+-#line 2219 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.import) = (yyvsp[(1) - (3)].import);
++  case 247: /* import_arg_list: import_arg_list ',' import_arg  */
++#line 2245 "parser.y"
++                                       {
++            (yyval.import) = (yyvsp[-2].import);
+ 
+-            switch ((yyvsp[(3) - (3)].import).token)
++            switch ((yyvsp[0].import).token)
+             {
+-            case TK_NAME: (yyval.import).name = (yyvsp[(3) - (3)].import).name; break;
++            case TK_NAME: (yyval.import).name = (yyvsp[0].import).name; break;
+             }
+         }
++#line 4792 "../parser.c"
+     break;
+ 
+-  case 247:
+-#line 2229 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 248: /* import_arg: TK_NAME '=' TK_PATH_VALUE  */
++#line 2255 "parser.y"
++                                      {
+             (yyval.import).token = TK_NAME;
+ 
+-            (yyval.import).name = (yyvsp[(3) - (3)].text);
++            (yyval.import).name = (yyvsp[0].text);
+         }
++#line 4802 "../parser.c"
+     break;
+ 
+-  case 248:
+-#line 2236 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 249: /* optaccesscode: %empty  */
++#line 2262 "parser.y"
++                {
+             (yyval.codeb) = NULL;
+         }
++#line 4810 "../parser.c"
+     break;
+ 
+-  case 249:
+-#line 2239 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 250: /* optaccesscode: TK_ACCESSCODE codeblock  */
++#line 2265 "parser.y"
++                                {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4818 "../parser.c"
+     break;
+ 
+-  case 250:
+-#line 2244 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 251: /* optgetcode: %empty  */
++#line 2270 "parser.y"
++            {
+             (yyval.codeb) = NULL;
+         }
++#line 4826 "../parser.c"
+     break;
+ 
+-  case 251:
+-#line 2247 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 252: /* optgetcode: TK_GETCODE codeblock  */
++#line 2273 "parser.y"
++                             {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4834 "../parser.c"
+     break;
+ 
+-  case 252:
+-#line 2252 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 253: /* optsetcode: %empty  */
++#line 2278 "parser.y"
++            {
+             (yyval.codeb) = NULL;
+         }
++#line 4842 "../parser.c"
+     break;
+ 
+-  case 253:
+-#line 2255 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 254: /* optsetcode: TK_SETCODE codeblock  */
++#line 2281 "parser.y"
++                             {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4850 "../parser.c"
+     break;
+ 
+-  case 254:
+-#line 2260 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 255: /* copying: TK_COPYING codeblock  */
++#line 2286 "parser.y"
++                                 {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->copying, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->copying, (yyvsp[0].codeb));
+         }
++#line 4859 "../parser.c"
+     break;
+ 
+-  case 255:
+-#line 2266 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 256: /* exphdrcode: TK_EXPHEADERCODE codeblock  */
++#line 2292 "parser.y"
++                                       {
+             if (notSkipping())
+-                appendCodeBlock(&currentSpec->exphdrcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentSpec->exphdrcode, (yyvsp[0].codeb));
+         }
++#line 4868 "../parser.c"
+     break;
+ 
+-  case 256:
+-#line 2272 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 257: /* modhdrcode: TK_MODHEADERCODE codeblock  */
++#line 2298 "parser.y"
++                                       {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->hdrcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->hdrcode, (yyvsp[0].codeb));
+         }
++#line 4877 "../parser.c"
+     break;
+ 
+-  case 257:
+-#line 2278 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 258: /* typehdrcode: TK_TYPEHEADERCODE codeblock  */
++#line 2304 "parser.y"
++                                            {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4885 "../parser.c"
+     break;
+ 
+-  case 258:
+-#line 2283 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 259: /* travcode: TK_TRAVERSECODE codeblock  */
++#line 2309 "parser.y"
++                                      {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4893 "../parser.c"
+     break;
+ 
+-  case 259:
+-#line 2288 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 260: /* clearcode: TK_CLEARCODE codeblock  */
++#line 2314 "parser.y"
++                                   {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4901 "../parser.c"
+     break;
+ 
+-  case 260:
+-#line 2293 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 261: /* getbufcode: TK_GETBUFFERCODE codeblock  */
++#line 2319 "parser.y"
++                                       {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4909 "../parser.c"
+     break;
+ 
+-  case 261:
+-#line 2298 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 262: /* releasebufcode: TK_RELEASEBUFFERCODE codeblock  */
++#line 2324 "parser.y"
++                                               {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4917 "../parser.c"
+     break;
+ 
+-  case 262:
+-#line 2303 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 263: /* readbufcode: TK_READBUFFERCODE codeblock  */
++#line 2329 "parser.y"
++                                            {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4925 "../parser.c"
+     break;
+ 
+-  case 263:
+-#line 2308 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 264: /* writebufcode: TK_WRITEBUFFERCODE codeblock  */
++#line 2334 "parser.y"
++                                             {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4933 "../parser.c"
+     break;
+ 
+-  case 264:
+-#line 2313 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 265: /* segcountcode: TK_SEGCOUNTCODE codeblock  */
++#line 2339 "parser.y"
++                                          {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4941 "../parser.c"
+     break;
+ 
+-  case 265:
+-#line 2318 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 266: /* charbufcode: TK_CHARBUFFERCODE codeblock  */
++#line 2344 "parser.y"
++                                            {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4949 "../parser.c"
+     break;
+ 
+-  case 266:
+-#line 2323 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 267: /* instancecode: TK_INSTANCECODE codeblock  */
++#line 2349 "parser.y"
++                                          {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4957 "../parser.c"
+     break;
+ 
+-  case 267:
+-#line 2328 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 268: /* picklecode: TK_PICKLECODE codeblock  */
++#line 2354 "parser.y"
++                                    {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4965 "../parser.c"
+     break;
+ 
+-  case 268:
+-#line 2333 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 269: /* finalcode: TK_FINALCODE codeblock  */
++#line 2359 "parser.y"
++                                   {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4973 "../parser.c"
+     break;
+ 
+-  case 269:
+-#line 2338 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 270: /* modcode: TK_MODCODE codeblock  */
++#line 2364 "parser.y"
++                                 {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->cppcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->cppcode, (yyvsp[0].codeb));
+         }
++#line 4982 "../parser.c"
+     break;
+ 
+-  case 270:
+-#line 2344 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 271: /* typecode: TK_TYPECODE codeblock  */
++#line 2370 "parser.y"
++                                  {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 4990 "../parser.c"
+     break;
+ 
+-  case 271:
+-#line 2349 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 272: /* preinitcode: TK_PREINITCODE codeblock  */
++#line 2375 "parser.y"
++                                         {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->preinitcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->preinitcode, (yyvsp[0].codeb));
+         }
++#line 4999 "../parser.c"
+     break;
+ 
+-  case 272:
+-#line 2355 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 273: /* initcode: TK_INITCODE codeblock  */
++#line 2381 "parser.y"
++                                  {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->initcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->initcode, (yyvsp[0].codeb));
+         }
++#line 5008 "../parser.c"
+     break;
+ 
+-  case 273:
+-#line 2361 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 274: /* postinitcode: TK_POSTINITCODE codeblock  */
++#line 2387 "parser.y"
++                                          {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->postinitcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->postinitcode, (yyvsp[0].codeb));
+         }
++#line 5017 "../parser.c"
+     break;
+ 
+-  case 274:
+-#line 2367 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 275: /* unitcode: TK_UNITCODE codeblock  */
++#line 2393 "parser.y"
++                                  {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->unitcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->unitcode, (yyvsp[0].codeb));
+         }
++#line 5026 "../parser.c"
+     break;
+ 
+-  case 275:
+-#line 2373 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 276: /* unitpostinccode: TK_UNITPOSTINCLUDECODE codeblock  */
++#line 2399 "parser.y"
++                                                     {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->unitpostinccode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->unitpostinccode, (yyvsp[0].codeb));
+         }
++#line 5035 "../parser.c"
+     break;
+ 
+-  case 276:
+-#line 2379 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 277: /* prepycode: TK_PREPYCODE codeblock  */
++#line 2405 "parser.y"
++                                   {
+             /* Deprecated. */
+         }
++#line 5043 "../parser.c"
+     break;
+ 
+-  case 277:
+-#line 2384 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 278: /* exptypehintcode: TK_EXPTYPEHINTCODE codeblock  */
++#line 2410 "parser.y"
++                                              {
+             if (notSkipping() && !inMainModule())
+-                appendCodeBlock(&currentSpec->exptypehintcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentSpec->exptypehintcode, (yyvsp[0].codeb));
+         }
++#line 5052 "../parser.c"
+     break;
+ 
+-  case 278:
+-#line 2390 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 279: /* modtypehintcode: TK_TYPEHINTCODE codeblock  */
++#line 2416 "parser.y"
++                                           {
+             if (notSkipping())
+-                appendCodeBlock(&currentModule->typehintcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentModule->typehintcode, (yyvsp[0].codeb));
+         }
++#line 5061 "../parser.c"
+     break;
+ 
+-  case 279:
+-#line 2396 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 280: /* classtypehintcode: TK_TYPEHINTCODE codeblock  */
++#line 2422 "parser.y"
++                                             {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 5069 "../parser.c"
+     break;
+ 
+-  case 280:
+-#line 2401 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 281: /* doc: TK_DOC codeblock  */
++#line 2427 "parser.y"
++                             {
+             if (notSkipping() && inMainModule())
+-                appendCodeBlock(&currentSpec->docs, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentSpec->docs, (yyvsp[0].codeb));
+         }
++#line 5078 "../parser.c"
+     break;
+ 
+-  case 281:
+-#line 2407 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 282: /* exporteddoc: TK_EXPORTEDDOC codeblock  */
++#line 2433 "parser.y"
++                                         {
+             if (notSkipping())
+-                appendCodeBlock(&currentSpec->docs, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&currentSpec->docs, (yyvsp[0].codeb));
+         }
++#line 5087 "../parser.c"
+     break;
+ 
+-  case 282:
+-#line 2413 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 283: /* autopyname: TK_AUTOPYNAME autopyname_args  */
++#line 2439 "parser.y"
++                                          {
+             if (notSkipping())
+-                addAutoPyName(currentModule, (yyvsp[(2) - (2)].autopyname).remove_leading);
++                addAutoPyName(currentModule, (yyvsp[0].autopyname).remove_leading);
+         }
++#line 5096 "../parser.c"
+     break;
+ 
+-  case 283:
+-#line 2419 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.autopyname) = (yyvsp[(2) - (3)].autopyname);
++  case 284: /* autopyname_args: '(' autopyname_arg_list ')'  */
++#line 2445 "parser.y"
++                                                {
++            (yyval.autopyname) = (yyvsp[-1].autopyname);
+         }
++#line 5104 "../parser.c"
+     break;
+ 
+-  case 285:
+-#line 2425 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.autopyname) = (yyvsp[(1) - (3)].autopyname);
++  case 286: /* autopyname_arg_list: autopyname_arg_list ',' autopyname_arg  */
++#line 2451 "parser.y"
++                                               {
++            (yyval.autopyname) = (yyvsp[-2].autopyname);
+ 
+-            switch ((yyvsp[(3) - (3)].autopyname).token)
++            switch ((yyvsp[0].autopyname).token)
+             {
+-            case TK_REMOVELEADING: (yyval.autopyname).remove_leading = (yyvsp[(3) - (3)].autopyname).remove_leading; break;
++            case TK_REMOVELEADING: (yyval.autopyname).remove_leading = (yyvsp[0].autopyname).remove_leading; break;
+             }
+         }
++#line 5117 "../parser.c"
+     break;
+ 
+-  case 286:
+-#line 2435 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 287: /* autopyname_arg: TK_REMOVELEADING '=' TK_STRING_VALUE  */
++#line 2461 "parser.y"
++                                                     {
+             (yyval.autopyname).token = TK_REMOVELEADING;
+ 
+-            (yyval.autopyname).remove_leading = (yyvsp[(3) - (3)].text);
++            (yyval.autopyname).remove_leading = (yyvsp[0].text);
+         }
++#line 5127 "../parser.c"
+     break;
+ 
+-  case 287:
+-#line 2442 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 288: /* docstring: TK_DOCSTRING docstring_args codeblock  */
++#line 2468 "parser.y"
++                                                  {
+             (yyval.docstr) = sipMalloc(sizeof(docstringDef));
+ 
+-            (yyval.docstr)->signature = (yyvsp[(2) - (3)].docstring).signature;
+-            (yyval.docstr)->text = (yyvsp[(3) - (3)].codeb)->frag;
+-            free((yyvsp[(3) - (3)].codeb));
++            (yyval.docstr)->signature = (yyvsp[-1].docstring).signature;
++            (yyval.docstr)->text = (yyvsp[0].codeb)->frag;
++            free((yyvsp[0].codeb));
+ 
+             /* Format the docstring. */
+-            if ((yyvsp[(2) - (3)].docstring).format == deindented)
++            if ((yyvsp[-1].docstring).format == deindented)
+             {
+                 const char *cp;
+                 char *dp;
+@@ -5392,159 +5210,175 @@ yyreduce:
+                 *dp = '\0';
+             }
+         }
++#line 5214 "../parser.c"
+     break;
+ 
+-  case 288:
+-#line 2526 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 289: /* docstring_args: %empty  */
++#line 2552 "parser.y"
++                {
+             (yyval.docstring).format = currentModule->defdocstringfmt;
+             (yyval.docstring).signature = currentModule->defdocstringsig;
+         }
++#line 5223 "../parser.c"
+     break;
+ 
+-  case 289:
+-#line 2530 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 290: /* docstring_args: TK_STRING_VALUE  */
++#line 2556 "parser.y"
++                        {
+             resetLexerState();
+ 
+-            (yyval.docstring).format = convertFormat((yyvsp[(1) - (1)].text));
++            (yyval.docstring).format = convertFormat((yyvsp[0].text));
+             (yyval.docstring).signature = currentModule->defdocstringsig;
+         }
++#line 5234 "../parser.c"
+     break;
+ 
+-  case 290:
+-#line 2536 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.docstring) = (yyvsp[(2) - (3)].docstring);
++  case 291: /* docstring_args: '(' docstring_arg_list ')'  */
++#line 2562 "parser.y"
++                                   {
++            (yyval.docstring) = (yyvsp[-1].docstring);
+         }
++#line 5242 "../parser.c"
+     break;
+ 
+-  case 292:
+-#line 2542 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.docstring) = (yyvsp[(1) - (3)].docstring);
++  case 293: /* docstring_arg_list: docstring_arg_list ',' docstring_arg  */
++#line 2568 "parser.y"
++                                             {
++            (yyval.docstring) = (yyvsp[-2].docstring);
+ 
+-            switch ((yyvsp[(3) - (3)].docstring).token)
++            switch ((yyvsp[0].docstring).token)
+             {
+-            case TK_FORMAT: (yyval.docstring).format = (yyvsp[(3) - (3)].docstring).format; break;
+-            case TK_SIGNATURE: (yyval.docstring).signature = (yyvsp[(3) - (3)].docstring).signature; break;
++            case TK_FORMAT: (yyval.docstring).format = (yyvsp[0].docstring).format; break;
++            case TK_SIGNATURE: (yyval.docstring).signature = (yyvsp[0].docstring).signature; break;
+             }
+         }
++#line 5256 "../parser.c"
+     break;
+ 
+-  case 293:
+-#line 2553 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 294: /* docstring_arg: TK_FORMAT '=' TK_STRING_VALUE  */
++#line 2579 "parser.y"
++                                              {
+             (yyval.docstring).token = TK_FORMAT;
+ 
+-            (yyval.docstring).format = convertFormat((yyvsp[(3) - (3)].text));
++            (yyval.docstring).format = convertFormat((yyvsp[0].text));
+             (yyval.docstring).signature = currentModule->defdocstringsig;
+         }
++#line 5267 "../parser.c"
+     break;
+ 
+-  case 294:
+-#line 2559 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 295: /* docstring_arg: TK_SIGNATURE '=' TK_STRING_VALUE  */
++#line 2585 "parser.y"
++                                         {
+             (yyval.docstring).token = TK_SIGNATURE;
+ 
+             (yyval.docstring).format = currentModule->defdocstringfmt;
+-            (yyval.docstring).signature = convertSignature((yyvsp[(3) - (3)].text));
++            (yyval.docstring).signature = convertSignature((yyvsp[0].text));
+         }
++#line 5278 "../parser.c"
+     break;
+ 
+-  case 295:
+-#line 2567 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 296: /* optdocstring: %empty  */
++#line 2593 "parser.y"
++              {
+             (yyval.docstr) = NULL;
+         }
++#line 5286 "../parser.c"
+     break;
+ 
+-  case 297:
+-#line 2573 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if ((yyvsp[(2) - (3)].extract).id == NULL)
++  case 298: /* extract: TK_EXTRACT extract_args codeblock  */
++#line 2599 "parser.y"
++                                              {
++            if ((yyvsp[-1].extract).id == NULL)
+                 yyerror("%Extract must have an 'id' argument");
+ 
+             if (notSkipping())
+-                addExtractPart(currentSpec, (yyvsp[(2) - (3)].extract).id, (yyvsp[(2) - (3)].extract).order, (yyvsp[(3) - (3)].codeb));
++                addExtractPart(currentSpec, (yyvsp[-1].extract).id, (yyvsp[-1].extract).order, (yyvsp[0].codeb));
+         }
++#line 5298 "../parser.c"
+     break;
+ 
+-  case 298:
+-#line 2582 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 299: /* extract_args: TK_NAME_VALUE  */
++#line 2608 "parser.y"
++                              {
+             resetLexerState();
+ 
+-            (yyval.extract).id = (yyvsp[(1) - (1)].text);
++            (yyval.extract).id = (yyvsp[0].text);
+             (yyval.extract).order = -1;
+         }
++#line 5309 "../parser.c"
+     break;
+ 
+-  case 299:
+-#line 2588 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.extract) = (yyvsp[(2) - (3)].extract);
++  case 300: /* extract_args: '(' extract_arg_list ')'  */
++#line 2614 "parser.y"
++                                 {
++            (yyval.extract) = (yyvsp[-1].extract);
+         }
++#line 5317 "../parser.c"
+     break;
+ 
+-  case 301:
+-#line 2594 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.extract) = (yyvsp[(1) - (3)].extract);
++  case 302: /* extract_arg_list: extract_arg_list ',' extract_arg  */
++#line 2620 "parser.y"
++                                         {
++            (yyval.extract) = (yyvsp[-2].extract);
+ 
+-            switch ((yyvsp[(3) - (3)].extract).token)
++            switch ((yyvsp[0].extract).token)
+             {
+-            case TK_ID: (yyval.extract).id = (yyvsp[(3) - (3)].extract).id; break;
+-            case TK_ORDER: (yyval.extract).order = (yyvsp[(3) - (3)].extract).order; break;
++            case TK_ID: (yyval.extract).id = (yyvsp[0].extract).id; break;
++            case TK_ORDER: (yyval.extract).order = (yyvsp[0].extract).order; break;
+             }
+         }
++#line 5331 "../parser.c"
+     break;
+ 
+-  case 302:
+-#line 2605 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 303: /* extract_arg: TK_ID '=' TK_NAME_VALUE  */
++#line 2631 "parser.y"
++                                        {
+             (yyval.extract).token = TK_ID;
+ 
+-            (yyval.extract).id = (yyvsp[(3) - (3)].text);
++            (yyval.extract).id = (yyvsp[0].text);
+             (yyval.extract).order = -1;
+         }
++#line 5342 "../parser.c"
+     break;
+ 
+-  case 303:
+-#line 2611 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 304: /* extract_arg: TK_ORDER '=' TK_NUMBER_VALUE  */
++#line 2637 "parser.y"
++                                     {
+             (yyval.extract).token = TK_ORDER;
+ 
+-            if ((yyvsp[(3) - (3)].number) < 0)
++            if ((yyvsp[0].number) < 0)
+                 yyerror("The 'order' of an %Extract directive must not be negative");
+ 
+             (yyval.extract).id = NULL;
+-            (yyval.extract).order = (yyvsp[(3) - (3)].number);
++            (yyval.extract).order = (yyvsp[0].number);
+         }
++#line 5356 "../parser.c"
+     break;
+ 
+-  case 304:
+-#line 2622 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 305: /* makefile: TK_MAKEFILE TK_PATH_VALUE optfilename codeblock  */
++#line 2648 "parser.y"
++                                                            {
+             /* Deprecated. */
+         }
++#line 5364 "../parser.c"
+     break;
+ 
+-  case 307:
+-#line 2631 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(1) - (2)].codeb);
++  case 308: /* codelines: codelines TK_CODELINE  */
++#line 2657 "parser.y"
++                              {
++            (yyval.codeb) = (yyvsp[-1].codeb);
+ 
+-            append(&(yyval.codeb)->frag, (yyvsp[(2) - (2)].codeb)->frag);
++            append(&(yyval.codeb)->frag, (yyvsp[0].codeb)->frag);
+ 
+-            free((yyvsp[(2) - (2)].codeb)->frag);
+-            free((yyvsp[(2) - (2)].codeb));
++            free((yyvsp[0].codeb)->frag);
++            free((yyvsp[0].codeb));
+         }
++#line 5377 "../parser.c"
+     break;
+ 
+-  case 308:
+-#line 2641 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 309: /* $@9: %empty  */
++#line 2667 "parser.y"
++                                                {
+             if (notSkipping())
+             {
+                 const char *annos[] = {
+@@ -5554,72 +5388,80 @@ yyreduce:
+                     NULL
+                 };
+ 
+-                checkAnnos(&(yyvsp[(4) - (4)].optflags), annos);
++                checkAnnos(&(yyvsp[0].optflags), annos);
+ 
+                 if (sectionFlags != 0 && (sectionFlags & ~(SECT_IS_PUBLIC | SECT_IS_PROT)) != 0)
+                     yyerror("Class enums must be in the public or protected sections");
+ 
+-                if (currentSpec->genc && (yyvsp[(2) - (4)].boolean))
++                if (currentSpec->genc && (yyvsp[-2].boolean))
+                     yyerror("Scoped enums not allowed in a C module");
+ 
+                 currentEnum = newEnum(currentSpec, currentModule,
+-                        currentMappedType, (yyvsp[(3) - (4)].text), &(yyvsp[(4) - (4)].optflags), sectionFlags, (yyvsp[(2) - (4)].boolean));
++                        currentMappedType, (yyvsp[-1].text), &(yyvsp[0].optflags), sectionFlags, (yyvsp[-2].boolean));
+             }
+         }
++#line 5404 "../parser.c"
+     break;
+ 
+-  case 310:
+-#line 2665 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 311: /* optenumkey: %empty  */
++#line 2691 "parser.y"
++            {
+             (yyval.boolean) = FALSE;
+         }
++#line 5412 "../parser.c"
+     break;
+ 
+-  case 311:
+-#line 2668 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 312: /* optenumkey: TK_CLASS  */
++#line 2694 "parser.y"
++                 {
+             (yyval.boolean) = TRUE;
+         }
++#line 5420 "../parser.c"
+     break;
+ 
+-  case 312:
+-#line 2671 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 313: /* optenumkey: TK_STRUCT  */
++#line 2697 "parser.y"
++                  {
+             (yyval.boolean) = TRUE;
+         }
++#line 5428 "../parser.c"
+     break;
+ 
+-  case 313:
+-#line 2676 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 314: /* optfilename: %empty  */
++#line 2702 "parser.y"
++                {
+             (yyval.text) = NULL;
+         }
++#line 5436 "../parser.c"
+     break;
+ 
+-  case 314:
+-#line 2679 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.text) = (yyvsp[(1) - (1)].text);
++  case 315: /* optfilename: TK_PATH_VALUE  */
++#line 2705 "parser.y"
++                      {
++            (yyval.text) = (yyvsp[0].text);
+         }
++#line 5444 "../parser.c"
+     break;
+ 
+-  case 315:
+-#line 2684 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 316: /* optname: %empty  */
++#line 2710 "parser.y"
++            {
+             (yyval.text) = NULL;
+         }
++#line 5452 "../parser.c"
+     break;
+ 
+-  case 316:
+-#line 2687 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.text) = (yyvsp[(1) - (1)].text);
++  case 317: /* optname: TK_NAME_VALUE  */
++#line 2713 "parser.y"
++                      {
++            (yyval.text) = (yyvsp[0].text);
+         }
++#line 5460 "../parser.c"
+     break;
+ 
+-  case 323:
+-#line 2702 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 324: /* enumline: TK_NAME_VALUE optenumassign optflags optcomma  */
++#line 2728 "parser.y"
++                                                      {
+             if (notSkipping())
+             {
+                 const char *annos[] = {
+@@ -5630,15 +5472,15 @@ yyreduce:
+ 
+                 enumMemberDef *emd, **tail;
+ 
+-                checkAnnos(&(yyvsp[(3) - (4)].optflags), annos);
++                checkAnnos(&(yyvsp[-1].optflags), annos);
+ 
+                 /* Note that we don't use the assigned value. */
+                 emd = sipMalloc(sizeof (enumMemberDef));
+ 
+                 emd->pyname = cacheName(currentSpec,
+-                        getPythonName(currentModule, &(yyvsp[(3) - (4)].optflags), (yyvsp[(1) - (4)].text)));
+-                emd->cname = (yyvsp[(1) - (4)].text);
+-                emd->no_typehint = getNoTypeHint(&(yyvsp[(3) - (4)].optflags));
++                        getPythonName(currentModule, &(yyvsp[-1].optflags), (yyvsp[-3].text)));
++                emd->cname = (yyvsp[-3].text);
++                emd->no_typehint = getNoTypeHint(&(yyvsp[-1].optflags));
+                 emd->ed = currentEnum;
+                 emd->platforms = currentPlatforms;
+                 emd->next = NULL;
+@@ -5661,309 +5503,345 @@ yyreduce:
+                     setIsUsedName(emd->pyname);
+             }
+         }
++#line 5507 "../parser.c"
+     break;
+ 
+-  case 328:
+-#line 2754 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 329: /* optassign: %empty  */
++#line 2780 "parser.y"
++            {
+             (yyval.valp) = NULL;
+         }
++#line 5515 "../parser.c"
+     break;
+ 
+-  case 329:
+-#line 2757 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.valp) = (yyvsp[(2) - (2)].valp);
++  case 330: /* optassign: '=' expr  */
++#line 2783 "parser.y"
++                 {
++            (yyval.valp) = (yyvsp[0].valp);
+         }
++#line 5523 "../parser.c"
+     break;
+ 
+-  case 331:
+-#line 2763 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 332: /* expr: expr binop value  */
++#line 2789 "parser.y"
++                         {
+             valueDef *vd;
+  
+-            if ((yyvsp[(1) - (3)].valp) -> vtype == string_value || (yyvsp[(3) - (3)].valp) -> vtype == string_value)
++            if ((yyvsp[-2].valp) -> vtype == string_value || (yyvsp[0].valp) -> vtype == string_value)
+                 yyerror("Invalid binary operator for string");
+  
+             /* Find the last value in the existing expression. */
+  
+-            for (vd = (yyvsp[(1) - (3)].valp); vd -> next != NULL; vd = vd -> next)
++            for (vd = (yyvsp[-2].valp); vd -> next != NULL; vd = vd -> next)
+                 ;
+  
+-            vd -> vbinop = (yyvsp[(2) - (3)].qchar);
+-            vd -> next = (yyvsp[(3) - (3)].valp);
++            vd -> vbinop = (yyvsp[-1].qchar);
++            vd -> next = (yyvsp[0].valp);
+ 
+-            (yyval.valp) = (yyvsp[(1) - (3)].valp);
++            (yyval.valp) = (yyvsp[-2].valp);
+         }
++#line 5544 "../parser.c"
+     break;
+ 
+-  case 332:
+-#line 2781 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 333: /* binop: '-'  */
++#line 2807 "parser.y"
++            {
+             (yyval.qchar) = '-';
+         }
++#line 5552 "../parser.c"
+     break;
+ 
+-  case 333:
+-#line 2784 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 334: /* binop: '+'  */
++#line 2810 "parser.y"
++            {
+             (yyval.qchar) = '+';
+         }
++#line 5560 "../parser.c"
+     break;
+ 
+-  case 334:
+-#line 2787 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 335: /* binop: '*'  */
++#line 2813 "parser.y"
++            {
+             (yyval.qchar) = '*';
+         }
++#line 5568 "../parser.c"
+     break;
+ 
+-  case 335:
+-#line 2790 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 336: /* binop: '/'  */
++#line 2816 "parser.y"
++            {
+             (yyval.qchar) = '/';
+         }
++#line 5576 "../parser.c"
+     break;
+ 
+-  case 336:
+-#line 2793 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 337: /* binop: '&'  */
++#line 2819 "parser.y"
++            {
+             (yyval.qchar) = '&';
+         }
++#line 5584 "../parser.c"
+     break;
+ 
+-  case 337:
+-#line 2796 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 338: /* binop: '|'  */
++#line 2822 "parser.y"
++            {
+             (yyval.qchar) = '|';
+         }
++#line 5592 "../parser.c"
+     break;
+ 
+-  case 338:
+-#line 2801 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 339: /* optunop: %empty  */
++#line 2827 "parser.y"
++            {
+             (yyval.qchar) = '\0';
+         }
++#line 5600 "../parser.c"
+     break;
+ 
+-  case 339:
+-#line 2804 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 340: /* optunop: '!'  */
++#line 2830 "parser.y"
++            {
+             (yyval.qchar) = '!';
+         }
++#line 5608 "../parser.c"
+     break;
+ 
+-  case 340:
+-#line 2807 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 341: /* optunop: '~'  */
++#line 2833 "parser.y"
++            {
+             (yyval.qchar) = '~';
+         }
++#line 5616 "../parser.c"
+     break;
+ 
+-  case 341:
+-#line 2810 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 342: /* optunop: '-'  */
++#line 2836 "parser.y"
++            {
+             (yyval.qchar) = '-';
+         }
++#line 5624 "../parser.c"
+     break;
+ 
+-  case 342:
+-#line 2813 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 343: /* optunop: '+'  */
++#line 2839 "parser.y"
++            {
+             (yyval.qchar) = '+';
+         }
++#line 5632 "../parser.c"
+     break;
+ 
+-  case 343:
+-#line 2816 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 344: /* optunop: '*'  */
++#line 2842 "parser.y"
++            {
+             (yyval.qchar) = '*';
+         }
++#line 5640 "../parser.c"
+     break;
+ 
+-  case 344:
+-#line 2819 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 345: /* optunop: '&'  */
++#line 2845 "parser.y"
++            {
+             (yyval.qchar) = '&';
+         }
++#line 5648 "../parser.c"
+     break;
+ 
+-  case 345:
+-#line 2824 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if ((yyvsp[(2) - (3)].qchar) != '\0' && (yyvsp[(3) - (3)].value).vtype == string_value)
++  case 346: /* value: optcast optunop simplevalue  */
++#line 2850 "parser.y"
++                                        {
++            if ((yyvsp[-1].qchar) != '\0' && (yyvsp[0].value).vtype == string_value)
+                 yyerror("Invalid unary operator for string");
+  
+             /* Convert the value to a simple expression on the heap. */
+             (yyval.valp) = sipMalloc(sizeof (valueDef));
+  
+-            *(yyval.valp) = (yyvsp[(3) - (3)].value);
+-            (yyval.valp)->vunop = (yyvsp[(2) - (3)].qchar);
++            *(yyval.valp) = (yyvsp[0].value);
++            (yyval.valp)->vunop = (yyvsp[-1].qchar);
+             (yyval.valp)->vbinop = '\0';
+-            (yyval.valp)->cast = (yyvsp[(1) - (3)].scpvalp);
++            (yyval.valp)->cast = (yyvsp[-2].scpvalp);
+             (yyval.valp)->next = NULL;
+         }
++#line 5666 "../parser.c"
+     break;
+ 
+-  case 346:
+-#line 2839 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 347: /* optcast: %empty  */
++#line 2865 "parser.y"
++            {
+             (yyval.scpvalp) = NULL;
+         }
++#line 5674 "../parser.c"
+     break;
+ 
+-  case 347:
+-#line 2842 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.scpvalp) = (yyvsp[(2) - (3)].scpvalp);
++  case 348: /* optcast: '(' scopedname ')'  */
++#line 2868 "parser.y"
++                               {
++            (yyval.scpvalp) = (yyvsp[-1].scpvalp);
+         }
++#line 5682 "../parser.c"
+     break;
+ 
+-  case 348:
+-#line 2847 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 349: /* scopedname: TK_SCOPE scopednamehead  */
++#line 2873 "parser.y"
++                                    {
+             if (currentSpec->genc)
+                 yyerror("Scoped names are not allowed in a C module");
+ 
+-            (yyval.scpvalp) = scopeScopedName(NULL, (yyvsp[(2) - (2)].scpvalp));
++            (yyval.scpvalp) = scopeScopedName(NULL, (yyvsp[0].scpvalp));
+         }
++#line 5693 "../parser.c"
+     break;
+ 
+-  case 351:
+-#line 2857 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 352: /* scopednamehead: scopednamehead TK_SCOPE scopepart  */
++#line 2883 "parser.y"
++                                          {
+             if (currentSpec->genc)
+                 yyerror("Scoped names are not allowed in a C module");
+ 
+-            appendScopedName(&(yyvsp[(1) - (3)].scpvalp), (yyvsp[(3) - (3)].scpvalp));
++            appendScopedName(&(yyvsp[-2].scpvalp), (yyvsp[0].scpvalp));
+         }
++#line 5704 "../parser.c"
+     break;
+ 
+-  case 352:
+-#line 2865 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.scpvalp) = text2scopePart((yyvsp[(1) - (1)].text));
++  case 353: /* scopepart: TK_NAME_VALUE  */
++#line 2891 "parser.y"
++                          {
++            (yyval.scpvalp) = text2scopePart((yyvsp[0].text));
+         }
++#line 5712 "../parser.c"
+     break;
+ 
+-  case 353:
+-#line 2870 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 354: /* bool_value: TK_TRUE_VALUE  */
++#line 2896 "parser.y"
++                          {
+             (yyval.boolean) = TRUE;
+         }
++#line 5720 "../parser.c"
+     break;
+ 
+-  case 354:
+-#line 2873 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 355: /* bool_value: TK_FALSE_VALUE  */
++#line 2899 "parser.y"
++                       {
+             (yyval.boolean) = FALSE;
+         }
++#line 5728 "../parser.c"
+     break;
+ 
+-  case 355:
+-#line 2878 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 356: /* simplevalue: scopedname  */
++#line 2904 "parser.y"
++                           {
+             /*
+              * We let the C++ compiler decide if the value is a valid one - no
+              * point in building a full C++ parser here.
+              */
+ 
+             (yyval.value).vtype = scoped_value;
+-            (yyval.value).u.vscp = (yyvsp[(1) - (1)].scpvalp);
++            (yyval.value).u.vscp = (yyvsp[0].scpvalp);
+         }
++#line 5742 "../parser.c"
+     break;
+ 
+-  case 356:
+-#line 2887 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 357: /* simplevalue: basetype '(' exprlist ')'  */
++#line 2913 "parser.y"
++                                  {
+             fcallDef *fcd;
+ 
+             fcd = sipMalloc(sizeof (fcallDef));
+-            *fcd = (yyvsp[(3) - (4)].fcall);
+-            fcd -> type = (yyvsp[(1) - (4)].memArg);
++            *fcd = (yyvsp[-1].fcall);
++            fcd -> type = (yyvsp[-3].memArg);
+ 
+             (yyval.value).vtype = fcall_value;
+             (yyval.value).u.fcd = fcd;
+         }
++#line 5757 "../parser.c"
+     break;
+ 
+-  case 357:
+-#line 2897 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 358: /* simplevalue: '{' '}'  */
++#line 2923 "parser.y"
++                {
+             (yyval.value).vtype = empty_value;
+         }
++#line 5765 "../parser.c"
+     break;
+ 
+-  case 358:
+-#line 2900 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 359: /* simplevalue: TK_REAL_VALUE  */
++#line 2926 "parser.y"
++                      {
+             (yyval.value).vtype = real_value;
+-            (yyval.value).u.vreal = (yyvsp[(1) - (1)].real);
++            (yyval.value).u.vreal = (yyvsp[0].real);
+         }
++#line 5774 "../parser.c"
+     break;
+ 
+-  case 359:
+-#line 2904 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 360: /* simplevalue: TK_NUMBER_VALUE  */
++#line 2930 "parser.y"
++                        {
+             (yyval.value).vtype = numeric_value;
+-            (yyval.value).u.vnum = (yyvsp[(1) - (1)].number);
++            (yyval.value).u.vnum = (yyvsp[0].number);
+         }
++#line 5783 "../parser.c"
+     break;
+ 
+-  case 360:
+-#line 2908 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 361: /* simplevalue: bool_value  */
++#line 2934 "parser.y"
++                   {
+             (yyval.value).vtype = numeric_value;
+-            (yyval.value).u.vnum = (yyvsp[(1) - (1)].boolean);
++            (yyval.value).u.vnum = (yyvsp[0].boolean);
+         }
++#line 5792 "../parser.c"
+     break;
+ 
+-  case 361:
+-#line 2912 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 362: /* simplevalue: TK_NULL_VALUE  */
++#line 2938 "parser.y"
++                      {
+             (yyval.value).vtype = numeric_value;
+             (yyval.value).u.vnum = 0;
+         }
++#line 5801 "../parser.c"
+     break;
+ 
+-  case 362:
+-#line 2916 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 363: /* simplevalue: TK_STRING_VALUE  */
++#line 2942 "parser.y"
++                        {
+             (yyval.value).vtype = string_value;
+-            (yyval.value).u.vstr = (yyvsp[(1) - (1)].text);
++            (yyval.value).u.vstr = (yyvsp[0].text);
+         }
++#line 5810 "../parser.c"
+     break;
+ 
+-  case 363:
+-#line 2920 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 364: /* simplevalue: TK_QCHAR_VALUE  */
++#line 2946 "parser.y"
++                       {
+             (yyval.value).vtype = qchar_value;
+-            (yyval.value).u.vqchar = (yyvsp[(1) - (1)].qchar);
++            (yyval.value).u.vqchar = (yyvsp[0].qchar);
+         }
++#line 5819 "../parser.c"
+     break;
+ 
+-  case 364:
+-#line 2926 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 365: /* exprlist: %empty  */
++#line 2952 "parser.y"
++            {
+             /* No values. */
+ 
+             (yyval.fcall).nrArgs = 0;
+         }
++#line 5829 "../parser.c"
+     break;
+ 
+-  case 365:
+-#line 2931 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 366: /* exprlist: expr  */
++#line 2957 "parser.y"
++             {
+             /* The single or first expression. */
+ 
+-            (yyval.fcall).args[0] = (yyvsp[(1) - (1)].valp);
++            (yyval.fcall).args[0] = (yyvsp[0].valp);
+             (yyval.fcall).nrArgs = 1;
+         }
++#line 5840 "../parser.c"
+     break;
+ 
+-  case 366:
+-#line 2937 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 367: /* exprlist: exprlist ',' expr  */
++#line 2963 "parser.y"
++                          {
+             /* Check that it wasn't ...(,expression...). */
+ 
+             if ((yyval.fcall).nrArgs == 0)
+@@ -5971,19 +5849,20 @@ yyreduce:
+ 
+             /* Check there is room. */
+ 
+-            if ((yyvsp[(1) - (3)].fcall).nrArgs == MAX_NR_ARGS)
++            if ((yyvsp[-2].fcall).nrArgs == MAX_NR_ARGS)
+                 yyerror("Internal error - increase the value of MAX_NR_ARGS");
+ 
+-            (yyval.fcall) = (yyvsp[(1) - (3)].fcall);
++            (yyval.fcall) = (yyvsp[-2].fcall);
+ 
+-            (yyval.fcall).args[(yyval.fcall).nrArgs] = (yyvsp[(3) - (3)].valp);
++            (yyval.fcall).args[(yyval.fcall).nrArgs] = (yyvsp[0].valp);
+             (yyval.fcall).nrArgs++;
+         }
++#line 5861 "../parser.c"
+     break;
+ 
+-  case 367:
+-#line 2955 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 368: /* typedef: TK_TYPEDEF cpptype TK_NAME_VALUE optflags ';' optdocstring  */
++#line 2981 "parser.y"
++                                                                       {
+             if (notSkipping())
+             {
+                 const char *annos[] = {
+@@ -5999,17 +5878,18 @@ yyreduce:
+                     NULL
+                 };
+ 
+-                checkAnnos(&(yyvsp[(4) - (6)].optflags), annos);
++                checkAnnos(&(yyvsp[-2].optflags), annos);
+ 
+-                applyTypeFlags(currentModule, &(yyvsp[(2) - (6)].memArg), &(yyvsp[(4) - (6)].optflags));
+-                newTypedef(currentSpec, currentModule, (yyvsp[(3) - (6)].text), &(yyvsp[(2) - (6)].memArg), &(yyvsp[(4) - (6)].optflags), (yyvsp[(6) - (6)].docstr));
++                applyTypeFlags(currentModule, &(yyvsp[-4].memArg), &(yyvsp[-2].optflags));
++                newTypedef(currentSpec, currentModule, (yyvsp[-3].text), &(yyvsp[-4].memArg), &(yyvsp[-2].optflags), (yyvsp[0].docstr));
+             }
+         }
++#line 5888 "../parser.c"
+     break;
+ 
+-  case 368:
+-#line 2977 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 369: /* typedef: TK_TYPEDEF cpptype '(' '*' TK_NAME_VALUE ')' '(' cpptypelist ')' optflags ';' optdocstring  */
++#line 3003 "parser.y"
++                                                                                                   {
+             if (notSkipping())
+             {
+                 const char *annos[] = {
+@@ -6027,41 +5907,43 @@ yyreduce:
+                 signatureDef *sig;
+                 argDef ftype;
+ 
+-                checkAnnos(&(yyvsp[(10) - (12)].optflags), annos);
++                checkAnnos(&(yyvsp[-2].optflags), annos);
+ 
+-                applyTypeFlags(currentModule, &(yyvsp[(2) - (12)].memArg), &(yyvsp[(10) - (12)].optflags));
++                applyTypeFlags(currentModule, &(yyvsp[-10].memArg), &(yyvsp[-2].optflags));
+ 
+                 memset(&ftype, 0, sizeof (argDef));
+ 
+                 /* Create the full signature on the heap. */
+                 sig = sipMalloc(sizeof (signatureDef));
+-                *sig = (yyvsp[(8) - (12)].signature);
+-                sig->result = (yyvsp[(2) - (12)].memArg);
++                *sig = (yyvsp[-4].signature);
++                sig->result = (yyvsp[-10].memArg);
+ 
+                 /* Create the full type. */
+                 ftype.atype = function_type;
+                 ftype.nrderefs = 1;
+                 ftype.u.sa = sig;
+ 
+-                newTypedef(currentSpec, currentModule, (yyvsp[(5) - (12)].text), &ftype, &(yyvsp[(10) - (12)].optflags), (yyvsp[(12) - (12)].docstr));
++                newTypedef(currentSpec, currentModule, (yyvsp[-7].text), &ftype, &(yyvsp[-2].optflags), (yyvsp[0].docstr));
+             }
+         }
++#line 5930 "../parser.c"
+     break;
+ 
+-  case 369:
+-#line 3016 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if (currentSpec -> genc && (yyvsp[(2) - (2)].scpvalp)->next != NULL)
++  case 370: /* $@10: %empty  */
++#line 3042 "parser.y"
++                                 {
++            if (currentSpec -> genc && (yyvsp[0].scpvalp)->next != NULL)
+                 yyerror("Namespaces not allowed in a C module");
+ 
+             if (notSkipping())
+                 currentSupers = NULL;
+         }
++#line 5942 "../parser.c"
+     break;
+ 
+-  case 370:
+-#line 3022 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 371: /* $@11: %empty  */
++#line 3048 "parser.y"
++                                {
+             if (notSkipping())
+             {
+                 const char *annos[] = {
+@@ -6091,33 +5973,36 @@ yyreduce:
+                     NULL
+                 };
+ 
+-                checkAnnos(&(yyvsp[(5) - (5)].optflags), annos);
++                checkAnnos(&(yyvsp[0].optflags), annos);
+ 
+                 if (currentSpec->genc && currentSupers != NULL)
+                     yyerror("Super-classes not allowed in a C module struct");
+ 
+-                defineClass((yyvsp[(2) - (5)].scpvalp), currentSupers, &(yyvsp[(5) - (5)].optflags));
++                defineClass((yyvsp[-3].scpvalp), currentSupers, &(yyvsp[0].optflags));
+                 sectionFlags = SECT_IS_PUBLIC;
+             }
+         }
++#line 5986 "../parser.c"
+     break;
+ 
+-  case 371:
+-#line 3060 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 372: /* struct: TK_STRUCT scopedname $@10 superclasses optflags $@11 optclassbody ';'  */
++#line 3086 "parser.y"
++                           {
+             if (notSkipping())
+-                completeClass((yyvsp[(2) - (8)].scpvalp), &(yyvsp[(5) - (8)].optflags), (yyvsp[(7) - (8)].boolean));
++                completeClass((yyvsp[-6].scpvalp), &(yyvsp[-3].optflags), (yyvsp[-1].boolean));
+         }
++#line 5995 "../parser.c"
+     break;
+ 
+-  case 372:
+-#line 3066 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {currentIsTemplate = TRUE;}
++  case 373: /* $@12: %empty  */
++#line 3092 "parser.y"
++                     {currentIsTemplate = TRUE;}
++#line 6001 "../parser.c"
+     break;
+ 
+-  case 373:
+-#line 3066 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 374: /* classtmpl: template $@12 class  */
++#line 3092 "parser.y"
++                                                       {
+             if (currentSpec->genc)
+                 yyerror("Class templates not allowed in a C module");
+ 
+@@ -6128,12 +6013,12 @@ yyreduce:
+                 /*
+                  * Make sure there is room for the extra class name argument.
+                  */
+-                if ((yyvsp[(1) - (3)].signature).nrArgs == MAX_NR_ARGS)
++                if ((yyvsp[-2].signature).nrArgs == MAX_NR_ARGS)
+                     yyerror("Internal error - increase the value of MAX_NR_ARGS");
+ 
+                 tcd = sipMalloc(sizeof (classTmplDef));
+-                tcd->sig = (yyvsp[(1) - (3)].signature);
+-                tcd->cd = (yyvsp[(3) - (3)].klass);
++                tcd->sig = (yyvsp[-2].signature);
++                tcd->cd = (yyvsp[0].klass);
+                 tcd->next = currentSpec->classtemplates;
+ 
+                 currentSpec->classtemplates = tcd;
+@@ -6141,29 +6026,32 @@ yyreduce:
+ 
+             currentIsTemplate = FALSE;
+         }
++#line 6030 "../parser.c"
+     break;
+ 
+-  case 374:
+-#line 3092 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.signature) = (yyvsp[(3) - (4)].signature);
++  case 375: /* template: TK_TEMPLATE '<' cpptypelist '>'  */
++#line 3118 "parser.y"
++                                            {
++            (yyval.signature) = (yyvsp[-1].signature);
+         }
++#line 6038 "../parser.c"
+     break;
+ 
+-  case 375:
+-#line 3097 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 376: /* $@13: %empty  */
++#line 3123 "parser.y"
++                            {
+             if (currentSpec->genc)
+                 yyerror("Class definition not allowed in a C module");
+ 
+             if (notSkipping())
+                 currentSupers = NULL;
+         }
++#line 6050 "../parser.c"
+     break;
+ 
+-  case 376:
+-#line 3103 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 377: /* $@14: %empty  */
++#line 3129 "parser.y"
++                                {
+             if (notSkipping())
+             {
+                 const char *annos[] = {
+@@ -6192,30 +6080,32 @@ yyreduce:
+                     NULL
+                 };
+ 
+-                checkAnnos(&(yyvsp[(5) - (5)].optflags), annos);
++                checkAnnos(&(yyvsp[0].optflags), annos);
+ 
+-                defineClass((yyvsp[(2) - (5)].scpvalp), currentSupers, &(yyvsp[(5) - (5)].optflags));
++                defineClass((yyvsp[-3].scpvalp), currentSupers, &(yyvsp[0].optflags));
+                 sectionFlags = SECT_IS_PRIVATE;
+             }
+         }
++#line 6090 "../parser.c"
+     break;
+ 
+-  case 377:
+-#line 3137 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 378: /* class: TK_CLASS scopedname $@13 superclasses optflags $@14 optclassbody ';'  */
++#line 3163 "parser.y"
++                           {
+             if (notSkipping())
+-                (yyval.klass) = completeClass((yyvsp[(2) - (8)].scpvalp), &(yyvsp[(5) - (8)].optflags), (yyvsp[(7) - (8)].boolean));
++                (yyval.klass) = completeClass((yyvsp[-6].scpvalp), &(yyvsp[-3].optflags), (yyvsp[-1].boolean));
+         }
++#line 6099 "../parser.c"
+     break;
+ 
+-  case 382:
+-#line 3151 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if (notSkipping() && (yyvsp[(1) - (2)].token) == TK_PUBLIC)
++  case 383: /* superclass: class_access scopedname  */
++#line 3177 "parser.y"
++                                    {
++            if (notSkipping() && (yyvsp[-1].token) == TK_PUBLIC)
+             {
+                 argDef ad;
+                 classDef *super;
+-                scopedNameDef *snd = (yyvsp[(2) - (2)].scpvalp);
++                scopedNameDef *snd = (yyvsp[0].scpvalp);
+ 
+                 /*
+                  * This is a hack to allow typedef'ed classes to be used before
+@@ -6260,53 +6150,60 @@ yyreduce:
+                 appendToClassList(&currentSupers, super);
+             }
+         }
++#line 6154 "../parser.c"
+     break;
+ 
+-  case 383:
+-#line 3203 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 384: /* class_access: %empty  */
++#line 3229 "parser.y"
++                {
+         (yyval.token) = TK_PUBLIC;
+         }
++#line 6162 "../parser.c"
+     break;
+ 
+-  case 384:
+-#line 3206 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 385: /* class_access: TK_PUBLIC  */
++#line 3232 "parser.y"
++                  {
+         (yyval.token) = TK_PUBLIC;
+         }
++#line 6170 "../parser.c"
+     break;
+ 
+-  case 385:
+-#line 3209 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 386: /* class_access: TK_PROTECTED  */
++#line 3235 "parser.y"
++                     {
+         (yyval.token) = TK_PROTECTED;
+         }
++#line 6178 "../parser.c"
+     break;
+ 
+-  case 386:
+-#line 3212 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 387: /* class_access: TK_PRIVATE  */
++#line 3238 "parser.y"
++                   {
+         (yyval.token) = TK_PRIVATE;
+         }
++#line 6186 "../parser.c"
+     break;
+ 
+-  case 387:
+-#line 3217 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 388: /* optclassbody: %empty  */
++#line 3243 "parser.y"
++                {
+             (yyval.boolean) = FALSE;
+         }
++#line 6194 "../parser.c"
+     break;
+ 
+-  case 388:
+-#line 3220 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 389: /* optclassbody: '{' classbody '}'  */
++#line 3246 "parser.y"
++                          {
+             (yyval.boolean) = TRUE;
+         }
++#line 6202 "../parser.c"
+     break;
+ 
+-  case 402:
+-#line 3240 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 403: /* classline: docstring  */
++#line 3266 "parser.y"
++                  {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6314,30 +6211,33 @@ yyreduce:
+                 if (scope->docstring != NULL)
+                     yyerror("%Docstring already given for class");
+ 
+-                scope->docstring = (yyvsp[(1) - (1)].docstr);
++                scope->docstring = (yyvsp[0].docstr);
+             }
+         }
++#line 6218 "../parser.c"
+     break;
+ 
+-  case 403:
+-#line 3251 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 404: /* classline: typecode  */
++#line 3277 "parser.y"
++                 {
+             if (notSkipping())
+-                appendCodeBlock(&currentScope()->cppcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&currentScope()->cppcode, (yyvsp[0].codeb));
+         }
++#line 6227 "../parser.c"
+     break;
+ 
+-  case 404:
+-#line 3255 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 405: /* classline: typehdrcode  */
++#line 3281 "parser.y"
++                    {
+             if (notSkipping())
+-                appendCodeBlock(&currentScope()->iff->hdrcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&currentScope()->iff->hdrcode, (yyvsp[0].codeb));
+         }
++#line 6236 "../parser.c"
+     break;
+ 
+-  case 405:
+-#line 3259 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 406: /* classline: travcode  */
++#line 3285 "parser.y"
++                 {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6345,14 +6245,15 @@ yyreduce:
+                 if (scope->travcode != NULL)
+                     yyerror("%GCTraverseCode already given for class");
+ 
+-                appendCodeBlock(&scope->travcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->travcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6252 "../parser.c"
+     break;
+ 
+-  case 406:
+-#line 3270 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 407: /* classline: clearcode  */
++#line 3296 "parser.y"
++                  {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6360,14 +6261,15 @@ yyreduce:
+                 if (scope->clearcode != NULL)
+                     yyerror("%GCClearCode already given for class");
+ 
+-                appendCodeBlock(&scope->clearcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->clearcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6268 "../parser.c"
+     break;
+ 
+-  case 407:
+-#line 3281 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 408: /* classline: getbufcode  */
++#line 3307 "parser.y"
++                   {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6375,14 +6277,15 @@ yyreduce:
+                 if (scope->getbufcode != NULL)
+                     yyerror("%BIGetBufferCode already given for class");
+ 
+-                appendCodeBlock(&scope->getbufcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->getbufcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6284 "../parser.c"
+     break;
+ 
+-  case 408:
+-#line 3292 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 409: /* classline: releasebufcode  */
++#line 3318 "parser.y"
++                       {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6390,14 +6293,15 @@ yyreduce:
+                 if (scope->releasebufcode != NULL)
+                     yyerror("%BIReleaseBufferCode already given for class");
+ 
+-                appendCodeBlock(&scope->releasebufcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->releasebufcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6300 "../parser.c"
+     break;
+ 
+-  case 409:
+-#line 3303 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 410: /* classline: readbufcode  */
++#line 3329 "parser.y"
++                    {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6405,14 +6309,15 @@ yyreduce:
+                 if (scope->readbufcode != NULL)
+                     yyerror("%BIGetReadBufferCode already given for class");
+ 
+-                appendCodeBlock(&scope->readbufcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->readbufcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6316 "../parser.c"
+     break;
+ 
+-  case 410:
+-#line 3314 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 411: /* classline: writebufcode  */
++#line 3340 "parser.y"
++                     {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6420,14 +6325,15 @@ yyreduce:
+                 if (scope->writebufcode != NULL)
+                     yyerror("%BIGetWriteBufferCode already given for class");
+ 
+-                appendCodeBlock(&scope->writebufcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->writebufcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6332 "../parser.c"
+     break;
+ 
+-  case 411:
+-#line 3325 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 412: /* classline: segcountcode  */
++#line 3351 "parser.y"
++                     {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6435,14 +6341,15 @@ yyreduce:
+                 if (scope->segcountcode != NULL)
+                     yyerror("%BIGetSegCountCode already given for class");
+ 
+-                appendCodeBlock(&scope->segcountcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->segcountcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6348 "../parser.c"
+     break;
+ 
+-  case 412:
+-#line 3336 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 413: /* classline: charbufcode  */
++#line 3362 "parser.y"
++                    {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6450,14 +6357,15 @@ yyreduce:
+                 if (scope->charbufcode != NULL)
+                     yyerror("%BIGetCharBufferCode already given for class");
+ 
+-                appendCodeBlock(&scope->charbufcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->charbufcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6364 "../parser.c"
+     break;
+ 
+-  case 413:
+-#line 3347 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 414: /* classline: instancecode  */
++#line 3373 "parser.y"
++                     {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6465,14 +6373,15 @@ yyreduce:
+                 if (scope->instancecode != NULL)
+                     yyerror("%InstanceCode already given for class");
+ 
+-                appendCodeBlock(&scope->instancecode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->instancecode, (yyvsp[0].codeb));
+             }
+         }
++#line 6380 "../parser.c"
+     break;
+ 
+-  case 414:
+-#line 3358 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 415: /* classline: picklecode  */
++#line 3384 "parser.y"
++                   {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6480,14 +6389,15 @@ yyreduce:
+                 if (scope->picklecode != NULL)
+                     yyerror("%PickleCode already given for class");
+ 
+-                appendCodeBlock(&scope->picklecode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->picklecode, (yyvsp[0].codeb));
+             }
+         }
++#line 6396 "../parser.c"
+     break;
+ 
+-  case 415:
+-#line 3369 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 416: /* classline: finalcode  */
++#line 3395 "parser.y"
++                  {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6495,14 +6405,15 @@ yyreduce:
+                 if (scope->finalcode != NULL)
+                     yyerror("%FinalisationCode already given for class");
+ 
+-                appendCodeBlock(&scope->finalcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->finalcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6412 "../parser.c"
+     break;
+ 
+-  case 416:
+-#line 3380 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 417: /* classline: classtypehintcode  */
++#line 3406 "parser.y"
++                          {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6510,14 +6421,15 @@ yyreduce:
+                 if (scope->typehintcode != NULL)
+                     yyerror("%TypeHintCode already given for class");
+ 
+-                appendCodeBlock(&scope->typehintcode, (yyvsp[(1) - (1)].codeb));
++                appendCodeBlock(&scope->typehintcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6428 "../parser.c"
+     break;
+ 
+-  case 420:
+-#line 3394 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 421: /* classline: TK_TOSUBCLASS codeblock  */
++#line 3420 "parser.y"
++                                {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6525,14 +6437,15 @@ yyreduce:
+                 if (scope->convtosubcode != NULL)
+                     yyerror("Class has more than one %ConvertToSubClassCode directive");
+ 
+-                appendCodeBlock(&scope->convtosubcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&scope->convtosubcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6444 "../parser.c"
+     break;
+ 
+-  case 421:
+-#line 3405 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 422: /* classline: TK_TOTYPE codeblock  */
++#line 3431 "parser.y"
++                            {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6540,14 +6453,15 @@ yyreduce:
+                 if (scope->convtocode != NULL)
+                     yyerror("Class has more than one %ConvertToTypeCode directive");
+ 
+-                appendCodeBlock(&scope->convtocode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&scope->convtocode, (yyvsp[0].codeb));
+             }
+         }
++#line 6460 "../parser.c"
+     break;
+ 
+-  case 422:
+-#line 3416 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 423: /* classline: TK_FROMTYPE codeblock  */
++#line 3442 "parser.y"
++                              {
+             if (notSkipping())
+             {
+                 classDef *scope = currentScope();
+@@ -6555,172 +6469,188 @@ yyreduce:
+                 if (scope->convfromcode != NULL)
+                     yyerror("Class has more than one %ConvertFromTypeCode directive");
+ 
+-                appendCodeBlock(&scope->convfromcode, (yyvsp[(2) - (2)].codeb));
++                appendCodeBlock(&scope->convfromcode, (yyvsp[0].codeb));
+             }
+         }
++#line 6476 "../parser.c"
+     break;
+ 
+-  case 423:
+-#line 3427 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 424: /* classline: TK_PUBLIC optslot ':'  */
++#line 3453 "parser.y"
++                              {
+             if (currentSpec -> genc)
+                 yyerror("public section not allowed in a C module");
+ 
+             if (notSkipping())
+-                sectionFlags = SECT_IS_PUBLIC | (yyvsp[(2) - (3)].number);
++                sectionFlags = SECT_IS_PUBLIC | (yyvsp[-1].number);
+         }
++#line 6488 "../parser.c"
+     break;
+ 
+-  case 424:
+-#line 3434 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 425: /* classline: TK_PROTECTED optslot ':'  */
++#line 3460 "parser.y"
++                                 {
+             if (currentSpec -> genc)
+                 yyerror("protected section not allowed in a C module");
+ 
+             if (notSkipping())
+-                sectionFlags = SECT_IS_PROT | (yyvsp[(2) - (3)].number);
++                sectionFlags = SECT_IS_PROT | (yyvsp[-1].number);
+         }
++#line 6500 "../parser.c"
+     break;
+ 
+-  case 425:
+-#line 3441 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 426: /* classline: TK_PRIVATE optslot ':'  */
++#line 3467 "parser.y"
++                               {
+             if (currentSpec -> genc)
+                 yyerror("private section not allowed in a C module");
+ 
+             if (notSkipping())
+-                sectionFlags = SECT_IS_PRIVATE | (yyvsp[(2) - (3)].number);
++                sectionFlags = SECT_IS_PRIVATE | (yyvsp[-1].number);
+         }
++#line 6512 "../parser.c"
+     break;
+ 
+-  case 426:
+-#line 3448 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 427: /* classline: TK_SIGNALS ':'  */
++#line 3474 "parser.y"
++                       {
+             if (currentSpec -> genc)
+                 yyerror("signals section not allowed in a C module");
+ 
+             if (notSkipping())
+                 sectionFlags = SECT_IS_SIGNAL;
+         }
++#line 6524 "../parser.c"
+     break;
+ 
+-  case 427:
+-#line 3457 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if ((yyvsp[(2) - (3)].property).name == NULL)
++  case 428: /* property: TK_PROPERTY property_args property_body  */
++#line 3483 "parser.y"
++                                                    {
++            if ((yyvsp[-1].property).name == NULL)
+                 yyerror("A %Property directive must have a 'name' argument");
+ 
+-            if ((yyvsp[(2) - (3)].property).get == NULL)
++            if ((yyvsp[-1].property).get == NULL)
+                 yyerror("A %Property directive must have a 'get' argument");
+ 
+             if (notSkipping())
+                 addProperty(currentSpec, currentModule, currentScope(),
+-                        (yyvsp[(2) - (3)].property).name, (yyvsp[(2) - (3)].property).get, (yyvsp[(2) - (3)].property).set, (yyvsp[(3) - (3)].property).docstring);
++                        (yyvsp[-1].property).name, (yyvsp[-1].property).get, (yyvsp[-1].property).set, (yyvsp[0].property).docstring);
+         }
++#line 6540 "../parser.c"
+     break;
+ 
+-  case 428:
+-#line 3470 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.property) = (yyvsp[(2) - (3)].property);
++  case 429: /* property_args: '(' property_arg_list ')'  */
++#line 3496 "parser.y"
++                                          {
++            (yyval.property) = (yyvsp[-1].property);
+         }
++#line 6548 "../parser.c"
+     break;
+ 
+-  case 430:
+-#line 3476 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.property) = (yyvsp[(1) - (3)].property);
++  case 431: /* property_arg_list: property_arg_list ',' property_arg  */
++#line 3502 "parser.y"
++                                           {
++            (yyval.property) = (yyvsp[-2].property);
+ 
+-            switch ((yyvsp[(3) - (3)].property).token)
++            switch ((yyvsp[0].property).token)
+             {
+-            case TK_GET: (yyval.property).get = (yyvsp[(3) - (3)].property).get; break;
+-            case TK_NAME: (yyval.property).name = (yyvsp[(3) - (3)].property).name; break;
+-            case TK_SET: (yyval.property).set = (yyvsp[(3) - (3)].property).set; break;
++            case TK_GET: (yyval.property).get = (yyvsp[0].property).get; break;
++            case TK_NAME: (yyval.property).name = (yyvsp[0].property).name; break;
++            case TK_SET: (yyval.property).set = (yyvsp[0].property).set; break;
+             }
+         }
++#line 6563 "../parser.c"
+     break;
+ 
+-  case 431:
+-#line 3488 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 432: /* property_arg: TK_GET '=' TK_NAME_VALUE  */
++#line 3514 "parser.y"
++                                         {
+             (yyval.property).token = TK_GET;
+ 
+-            (yyval.property).get = (yyvsp[(3) - (3)].text);
++            (yyval.property).get = (yyvsp[0].text);
+             (yyval.property).name = NULL;
+             (yyval.property).set = NULL;
+         }
++#line 6575 "../parser.c"
+     break;
+ 
+-  case 432:
+-#line 3495 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 433: /* property_arg: TK_NAME '=' name_or_string  */
++#line 3521 "parser.y"
++                                   {
+             (yyval.property).token = TK_NAME;
+ 
+             (yyval.property).get = NULL;
+-            (yyval.property).name = (yyvsp[(3) - (3)].text);
++            (yyval.property).name = (yyvsp[0].text);
+             (yyval.property).set = NULL;
+         }
++#line 6587 "../parser.c"
+     break;
+ 
+-  case 433:
+-#line 3502 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 434: /* property_arg: TK_SET '=' TK_NAME_VALUE  */
++#line 3528 "parser.y"
++                                 {
+             (yyval.property).token = TK_SET;
+ 
+             (yyval.property).get = NULL;
+             (yyval.property).name = NULL;
+-            (yyval.property).set = (yyvsp[(3) - (3)].text);
++            (yyval.property).set = (yyvsp[0].text);
+         }
++#line 6599 "../parser.c"
+     break;
+ 
+-  case 434:
+-#line 3511 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 435: /* property_body: %empty  */
++#line 3537 "parser.y"
++                {
+             (yyval.property).token = 0;
+             (yyval.property).docstring = NULL;
+         }
++#line 6608 "../parser.c"
+     break;
+ 
+-  case 435:
+-#line 3515 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.property) = (yyvsp[(2) - (4)].property);
++  case 436: /* property_body: '{' property_body_directives '}' ';'  */
++#line 3541 "parser.y"
++                                             {
++            (yyval.property) = (yyvsp[-2].property);
+         }
++#line 6616 "../parser.c"
+     break;
+ 
+-  case 437:
+-#line 3521 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.property) = (yyvsp[(1) - (2)].property);
++  case 438: /* property_body_directives: property_body_directives property_body_directive  */
++#line 3547 "parser.y"
++                                                         {
++            (yyval.property) = (yyvsp[-1].property);
+ 
+-            switch ((yyvsp[(2) - (2)].property).token)
++            switch ((yyvsp[0].property).token)
+             {
+-            case TK_DOCSTRING: (yyval.property).docstring = (yyvsp[(2) - (2)].property).docstring; break;
++            case TK_DOCSTRING: (yyval.property).docstring = (yyvsp[0].property).docstring; break;
+             }
+         }
++#line 6629 "../parser.c"
+     break;
+ 
+-  case 438:
+-#line 3531 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 439: /* property_body_directive: ifstart  */
++#line 3557 "parser.y"
++                                    {
+             (yyval.property).token = TK_IF;
+         }
++#line 6637 "../parser.c"
+     break;
+ 
+-  case 439:
+-#line 3534 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 440: /* property_body_directive: ifend  */
++#line 3560 "parser.y"
++              {
+             (yyval.property).token = TK_END;
+         }
++#line 6645 "../parser.c"
+     break;
+ 
+-  case 440:
+-#line 3537 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 441: /* property_body_directive: docstring  */
++#line 3563 "parser.y"
++                  {
+             if (notSkipping())
+             {
+                 (yyval.property).token = TK_DOCSTRING;
+-                (yyval.property).docstring = (yyvsp[(1) - (1)].docstr);
++                (yyval.property).docstring = (yyvsp[0].docstr);
+             }
+             else
+             {
+@@ -6728,30 +6658,34 @@ yyreduce:
+                 (yyval.property).docstring = NULL;
+             }
+         }
++#line 6662 "../parser.c"
+     break;
+ 
+-  case 443:
+-#line 3555 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 444: /* optslot: %empty  */
++#line 3581 "parser.y"
++            {
+             (yyval.number) = 0;
+         }
++#line 6670 "../parser.c"
+     break;
+ 
+-  case 444:
+-#line 3558 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 445: /* optslot: TK_SLOTS  */
++#line 3584 "parser.y"
++                 {
+             (yyval.number) = SECT_IS_SLOT;
+         }
++#line 6678 "../parser.c"
+     break;
+ 
+-  case 445:
+-#line 3564 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {currentIsVirt = TRUE;}
++  case 446: /* $@15: %empty  */
++#line 3590 "parser.y"
++                   {currentIsVirt = TRUE;}
++#line 6684 "../parser.c"
+     break;
+ 
+-  case 448:
+-#line 3568 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 449: /* dtor_decl: '~' TK_NAME_VALUE '(' ')' optexceptions optabstract optflags ';' premethodcode methodcode virtualcatchercode  */
++#line 3594 "parser.y"
++                                                                                                                         {
+             /* Note that we allow non-virtual dtors in C modules. */
+ 
+             if (notSkipping())
+@@ -6764,22 +6698,22 @@ yyreduce:
+ 
+                 classDef *cd = currentScope();
+ 
+-                checkAnnos(&(yyvsp[(7) - (11)].optflags), annos);
++                checkAnnos(&(yyvsp[-4].optflags), annos);
+ 
+-                if (strcmp(classBaseName(cd),(yyvsp[(2) - (11)].text)) != 0)
++                if (strcmp(classBaseName(cd),(yyvsp[-9].text)) != 0)
+                     yyerror("Destructor doesn't have the same name as its class");
+ 
+                 if (isDtor(cd))
+                     yyerror("Destructor has already been defined");
+ 
+-                if (currentSpec -> genc && (yyvsp[(9) - (11)].codeb) == NULL)
++                if (currentSpec -> genc && (yyvsp[-2].codeb) == NULL)
+                     yyerror("Destructor in C modules must include %MethodCode");
+ 
+ 
+-                appendCodeBlock(&cd->dealloccode, (yyvsp[(9) - (11)].codeb));  /* premethodcode */
+-                appendCodeBlock(&cd->dealloccode, (yyvsp[(10) - (11)].codeb)); /* methodcode */
+-                appendCodeBlock(&cd->dtorcode, (yyvsp[(11) - (11)].codeb));
+-                cd -> dtorexceptions = (yyvsp[(5) - (11)].throwlist);
++                appendCodeBlock(&cd->dealloccode, (yyvsp[-2].codeb));  /* premethodcode */
++                appendCodeBlock(&cd->dealloccode, (yyvsp[-1].codeb)); /* methodcode */
++                appendCodeBlock(&cd->dtorcode, (yyvsp[0].codeb));
++                cd -> dtorexceptions = (yyvsp[-6].throwlist);
+ 
+                 /*
+                  * Note that we don't apply the protected/public hack to dtors
+@@ -6787,7 +6721,7 @@ yyreduce:
+                  */
+                 cd->classflags |= sectionFlags;
+ 
+-                if ((yyvsp[(6) - (11)].number))
++                if ((yyvsp[-5].number))
+                 {
+                     if (!currentIsVirt)
+                         yyerror("Abstract destructor must be virtual");
+@@ -6799,7 +6733,7 @@ yyreduce:
+                  * The class has a shadow if we have a virtual dtor or some
+                  * dtor code.
+                  */
+-                if (currentIsVirt || (yyvsp[(10) - (11)].codeb) != NULL)
++                if (currentIsVirt || (yyvsp[-1].codeb) != NULL)
+                 {
+                     if (currentSpec -> genc)
+                         yyerror("Virtual destructor or %VirtualCatcherCode not allowed in a C module");
+@@ -6807,24 +6741,26 @@ yyreduce:
+                     setNeedsShadow(cd);
+                 }
+ 
+-                if (getReleaseGIL(&(yyvsp[(7) - (11)].optflags)))
++                if (getReleaseGIL(&(yyvsp[-4].optflags)))
+                     setIsReleaseGILDtor(cd);
+-                else if (getHoldGIL(&(yyvsp[(7) - (11)].optflags)))
++                else if (getHoldGIL(&(yyvsp[-4].optflags)))
+                     setIsHoldGILDtor(cd);
+             }
+ 
+             currentIsVirt = FALSE;
+         }
++#line 6753 "../parser.c"
+     break;
+ 
+-  case 449:
+-#line 3634 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {currentCtorIsExplicit = TRUE;}
++  case 450: /* $@16: %empty  */
++#line 3660 "parser.y"
++                        {currentCtorIsExplicit = TRUE;}
++#line 6759 "../parser.c"
+     break;
+ 
+-  case 452:
+-#line 3638 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 453: /* simplector: TK_NAME_VALUE '(' arglist ')' optexceptions optflags optctorsig ';' optdocstring premethodcode methodcode  */
++#line 3664 "parser.y"
++                                                                                                                      {
+             /* Note that we allow ctors in C modules. */
+ 
+             if (notSkipping())
+@@ -6846,11 +6782,11 @@ yyreduce:
+                     NULL
+                 };
+ 
+-                checkAnnos(&(yyvsp[(6) - (11)].optflags), annos);
++                checkAnnos(&(yyvsp[-5].optflags), annos);
+ 
+                 if (currentSpec -> genc)
+                 {
+-                    if ((yyvsp[(10) - (11)].codeb) == NULL && (yyvsp[(3) - (11)].signature).nrArgs != 0)
++                    if ((yyvsp[-1].codeb) == NULL && (yyvsp[-8].signature).nrArgs != 0)
+                         yyerror("Constructors with arguments in C modules must include %MethodCode");
+ 
+                     if (currentCtorIsExplicit)
+@@ -6860,80 +6796,87 @@ yyreduce:
+                 if ((sectionFlags & (SECT_IS_PUBLIC | SECT_IS_PROT | SECT_IS_PRIVATE)) == 0)
+                     yyerror("Constructor must be in the public, private or protected sections");
+ 
+-                newCtor(currentModule, (yyvsp[(1) - (11)].text), sectionFlags, &(yyvsp[(3) - (11)].signature), &(yyvsp[(6) - (11)].optflags), (yyvsp[(11) - (11)].codeb), (yyvsp[(5) - (11)].throwlist), (yyvsp[(7) - (11)].optsignature),
+-                        currentCtorIsExplicit, (yyvsp[(9) - (11)].docstr), (yyvsp[(10) - (11)].codeb));
++                newCtor(currentModule, (yyvsp[-10].text), sectionFlags, &(yyvsp[-8].signature), &(yyvsp[-5].optflags), (yyvsp[0].codeb), (yyvsp[-6].throwlist), (yyvsp[-4].optsignature),
++                        currentCtorIsExplicit, (yyvsp[-2].docstr), (yyvsp[-1].codeb));
+             }
+ 
+-            free((yyvsp[(1) - (11)].text));
++            free((yyvsp[-10].text));
+ 
+             currentCtorIsExplicit = FALSE;
+         }
++#line 6808 "../parser.c"
+     break;
+ 
+-  case 453:
+-#line 3684 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 454: /* optctorsig: %empty  */
++#line 3710 "parser.y"
++            {
+             (yyval.optsignature) = NULL;
+         }
++#line 6816 "../parser.c"
+     break;
+ 
+-  case 454:
+-#line 3687 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 455: /* $@17: %empty  */
++#line 3713 "parser.y"
++            {
+             parsingCSignature = TRUE;
+         }
++#line 6824 "../parser.c"
+     break;
+ 
+-  case 455:
+-#line 3689 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 456: /* optctorsig: '[' $@17 '(' arglist ')' ']'  */
++#line 3715 "parser.y"
++                              {
+             (yyval.optsignature) = sipMalloc(sizeof (signatureDef));
+ 
+-            *(yyval.optsignature) = (yyvsp[(4) - (6)].signature);
++            *(yyval.optsignature) = (yyvsp[-2].signature);
+ 
+             parsingCSignature = FALSE;
+         }
++#line 6836 "../parser.c"
+     break;
+ 
+-  case 456:
+-#line 3698 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 457: /* optsig: %empty  */
++#line 3724 "parser.y"
++        {
+             (yyval.optsignature) = NULL;
+         }
++#line 6844 "../parser.c"
+     break;
+ 
+-  case 457:
+-#line 3701 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 458: /* $@18: %empty  */
++#line 3727 "parser.y"
++            {
+             parsingCSignature = TRUE;
+         }
++#line 6852 "../parser.c"
+     break;
+ 
+-  case 458:
+-#line 3703 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 459: /* optsig: '[' $@18 cpptype '(' arglist ')' ']'  */
++#line 3729 "parser.y"
++                                      {
+             (yyval.optsignature) = sipMalloc(sizeof (signatureDef));
+ 
+-            *(yyval.optsignature) = (yyvsp[(5) - (7)].signature);
+-            (yyval.optsignature)->result = (yyvsp[(3) - (7)].memArg);
++            *(yyval.optsignature) = (yyvsp[-2].signature);
++            (yyval.optsignature)->result = (yyvsp[-4].memArg);
+ 
+             parsingCSignature = FALSE;
+         }
++#line 6865 "../parser.c"
+     break;
+ 
+-  case 459:
+-#line 3713 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 460: /* function: cpptype TK_NAME_VALUE '(' arglist ')' optconst optfinal optexceptions optabstract optflags optsig ';' optdocstring premethodcode methodcode virtualcatchercode virtualcallcode  */
++#line 3739 "parser.y"
++                                                                                                                                                                                           {
+             if (notSkipping())
+             {
+-                applyTypeFlags(currentModule, &(yyvsp[(1) - (17)].memArg), &(yyvsp[(10) - (17)].optflags));
++                applyTypeFlags(currentModule, &(yyvsp[-16].memArg), &(yyvsp[-7].optflags));
+ 
+-                (yyvsp[(4) - (17)].signature).result = (yyvsp[(1) - (17)].memArg);
++                (yyvsp[-13].signature).result = (yyvsp[-16].memArg);
+ 
+                 newFunction(currentSpec, currentModule, currentScope(), NULL,
+                         NULL, sectionFlags, currentIsStatic, currentIsSignal,
+-                        currentIsSlot, currentIsVirt, (yyvsp[(2) - (17)].text), &(yyvsp[(4) - (17)].signature), (yyvsp[(6) - (17)].number), (yyvsp[(9) - (17)].number), &(yyvsp[(10) - (17)].optflags),
+-                        (yyvsp[(15) - (17)].codeb), (yyvsp[(16) - (17)].codeb), (yyvsp[(17) - (17)].codeb), (yyvsp[(8) - (17)].throwlist), (yyvsp[(11) - (17)].optsignature), (yyvsp[(13) - (17)].docstr), (yyvsp[(7) - (17)].number), (yyvsp[(14) - (17)].codeb));
++                        currentIsSlot, currentIsVirt, (yyvsp[-15].text), &(yyvsp[-13].signature), (yyvsp[-11].number), (yyvsp[-8].number), &(yyvsp[-7].optflags),
++                        (yyvsp[-2].codeb), (yyvsp[-1].codeb), (yyvsp[0].codeb), (yyvsp[-9].throwlist), (yyvsp[-6].optsignature), (yyvsp[-4].docstr), (yyvsp[-10].number), (yyvsp[-3].codeb));
+             }
+ 
+             currentIsStatic = FALSE;
+@@ -6941,11 +6884,12 @@ yyreduce:
+             currentIsSlot = FALSE;
+             currentIsVirt = FALSE;
+         }
++#line 6888 "../parser.c"
+     break;
+ 
+-  case 460:
+-#line 3731 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 461: /* function: cpptype TK_OPERATOR '=' '(' cpptype ')' ';'  */
++#line 3757 "parser.y"
++                                                    {
+             /*
+              * It looks like an assignment operator (though we don't bother to
+              * check the types) so make sure it is private.
+@@ -6965,11 +6909,12 @@ yyreduce:
+             currentIsSlot = FALSE;
+             currentIsVirt = FALSE;
+         }
++#line 6913 "../parser.c"
+     break;
+ 
+-  case 461:
+-#line 3751 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 462: /* function: cpptype TK_OPERATOR operatorname '(' arglist ')' optconst optfinal optexceptions optabstract optflags optsig ';' premethodcode methodcode virtualcatchercode virtualcallcode  */
++#line 3777 "parser.y"
++                                                                                                                                                                                     {
+             if (notSkipping())
+             {
+                 classDef *cd = currentScope();
+@@ -6989,23 +6934,23 @@ yyreduce:
+                     ns_scope = NULL;
+                 }
+ 
+-                applyTypeFlags(currentModule, &(yyvsp[(1) - (17)].memArg), &(yyvsp[(11) - (17)].optflags));
++                applyTypeFlags(currentModule, &(yyvsp[-16].memArg), &(yyvsp[-6].optflags));
+ 
+                 /* Handle the unary '+' and '-' operators. */
+-                if ((cd != NULL && (yyvsp[(5) - (17)].signature).nrArgs == 0) || (cd == NULL && (yyvsp[(5) - (17)].signature).nrArgs == 1))
++                if ((cd != NULL && (yyvsp[-12].signature).nrArgs == 0) || (cd == NULL && (yyvsp[-12].signature).nrArgs == 1))
+                 {
+-                    if (strcmp((yyvsp[(3) - (17)].text), "__add__") == 0)
+-                        (yyvsp[(3) - (17)].text) = "__pos__";
+-                    else if (strcmp((yyvsp[(3) - (17)].text), "__sub__") == 0)
+-                        (yyvsp[(3) - (17)].text) = "__neg__";
++                    if (strcmp((yyvsp[-14].text), "__add__") == 0)
++                        (yyvsp[-14].text) = "__pos__";
++                    else if (strcmp((yyvsp[-14].text), "__sub__") == 0)
++                        (yyvsp[-14].text) = "__neg__";
+                 }
+ 
+-                (yyvsp[(5) - (17)].signature).result = (yyvsp[(1) - (17)].memArg);
++                (yyvsp[-12].signature).result = (yyvsp[-16].memArg);
+ 
+                 newFunction(currentSpec, currentModule, cd, ns_scope, NULL,
+                         sectionFlags, currentIsStatic, currentIsSignal,
+-                        currentIsSlot, currentIsVirt, (yyvsp[(3) - (17)].text), &(yyvsp[(5) - (17)].signature), (yyvsp[(7) - (17)].number), (yyvsp[(10) - (17)].number), &(yyvsp[(11) - (17)].optflags),
+-                        (yyvsp[(15) - (17)].codeb), (yyvsp[(16) - (17)].codeb), (yyvsp[(17) - (17)].codeb), (yyvsp[(9) - (17)].throwlist), (yyvsp[(12) - (17)].optsignature), NULL, (yyvsp[(8) - (17)].number), (yyvsp[(14) - (17)].codeb));
++                        currentIsSlot, currentIsVirt, (yyvsp[-14].text), &(yyvsp[-12].signature), (yyvsp[-10].number), (yyvsp[-7].number), &(yyvsp[-6].optflags),
++                        (yyvsp[-2].codeb), (yyvsp[-1].codeb), (yyvsp[0].codeb), (yyvsp[-8].throwlist), (yyvsp[-5].optsignature), NULL, (yyvsp[-9].number), (yyvsp[-3].codeb));
+             }
+ 
+             currentIsStatic = FALSE;
+@@ -7013,22 +6958,23 @@ yyreduce:
+             currentIsSlot = FALSE;
+             currentIsVirt = FALSE;
+         }
++#line 6962 "../parser.c"
+     break;
+ 
+-  case 462:
+-#line 3795 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 463: /* function: TK_OPERATOR cpptype '(' arglist ')' optconst optfinal optexceptions optabstract optflags optsig ';' premethodcode methodcode virtualcatchercode virtualcallcode  */
++#line 3821 "parser.y"
++                                                                                                                                                                        {
+             if (notSkipping())
+             {
+                 char *sname;
+                 classDef *scope = currentScope();
+ 
+-                if (scope == NULL || (yyvsp[(4) - (16)].signature).nrArgs != 0)
++                if (scope == NULL || (yyvsp[-12].signature).nrArgs != 0)
+                     yyerror("Operator casts must be specified in a class and have no arguments");
+ 
+-                applyTypeFlags(currentModule, &(yyvsp[(2) - (16)].memArg), &(yyvsp[(10) - (16)].optflags));
++                applyTypeFlags(currentModule, &(yyvsp[-14].memArg), &(yyvsp[-6].optflags));
+ 
+-                switch ((yyvsp[(2) - (16)].memArg).atype)
++                switch ((yyvsp[-14].memArg).atype)
+                 {
+                 case defined_type:
+                     sname = NULL;
+@@ -7067,12 +7013,12 @@ yyreduce:
+ 
+                 if (sname != NULL)
+                 {
+-                    (yyvsp[(4) - (16)].signature).result = (yyvsp[(2) - (16)].memArg);
++                    (yyvsp[-12].signature).result = (yyvsp[-14].memArg);
+ 
+                     newFunction(currentSpec, currentModule, scope, NULL, NULL,
+                             sectionFlags, currentIsStatic, currentIsSignal,
+-                            currentIsSlot, currentIsVirt, sname, &(yyvsp[(4) - (16)].signature), (yyvsp[(6) - (16)].number), (yyvsp[(9) - (16)].number),
+-                            &(yyvsp[(10) - (16)].optflags), (yyvsp[(14) - (16)].codeb), (yyvsp[(15) - (16)].codeb), (yyvsp[(16) - (16)].codeb), (yyvsp[(8) - (16)].throwlist), (yyvsp[(11) - (16)].optsignature), NULL, (yyvsp[(7) - (16)].number), (yyvsp[(13) - (16)].codeb));
++                            currentIsSlot, currentIsVirt, sname, &(yyvsp[-12].signature), (yyvsp[-10].number), (yyvsp[-7].number),
++                            &(yyvsp[-6].optflags), (yyvsp[-2].codeb), (yyvsp[-1].codeb), (yyvsp[0].codeb), (yyvsp[-8].throwlist), (yyvsp[-5].optsignature), NULL, (yyvsp[-9].number), (yyvsp[-3].codeb));
+                 }
+                 else
+                 {
+@@ -7080,11 +7026,11 @@ yyreduce:
+ 
+                     /* Check it doesn't already exist. */
+                     for (al = scope->casts; al != NULL; al = al->next)
+-                        if (compareScopedNames((yyvsp[(2) - (16)].memArg).u.snd, al->arg.u.snd) == 0)
++                        if (compareScopedNames((yyvsp[-14].memArg).u.snd, al->arg.u.snd) == 0)
+                             yyerror("This operator cast has already been specified in this class");
+ 
+                     al = sipMalloc(sizeof (argList));
+-                    al->arg = (yyvsp[(2) - (16)].memArg);
++                    al->arg = (yyvsp[-14].memArg);
+                     al->next = scope->casts;
+ 
+                     scope->casts = al;
+@@ -7096,367 +7042,421 @@ yyreduce:
+             currentIsSlot = FALSE;
+             currentIsVirt = FALSE;
+         }
++#line 7046 "../parser.c"
+     break;
+ 
+-  case 463:
+-#line 3876 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__add__";}
++  case 464: /* operatorname: '+'  */
++#line 3902 "parser.y"
++                        {(yyval.text) = "__add__";}
++#line 7052 "../parser.c"
+     break;
+ 
+-  case 464:
+-#line 3877 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__sub__";}
++  case 465: /* operatorname: '-'  */
++#line 3903 "parser.y"
++                {(yyval.text) = "__sub__";}
++#line 7058 "../parser.c"
+     break;
+ 
+-  case 465:
+-#line 3878 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__mul__";}
++  case 466: /* operatorname: '*'  */
++#line 3904 "parser.y"
++                {(yyval.text) = "__mul__";}
++#line 7064 "../parser.c"
+     break;
+ 
+-  case 466:
+-#line 3879 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__div__";}
++  case 467: /* operatorname: '/'  */
++#line 3905 "parser.y"
++                {(yyval.text) = "__div__";}
++#line 7070 "../parser.c"
+     break;
+ 
+-  case 467:
+-#line 3880 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__mod__";}
++  case 468: /* operatorname: '%'  */
++#line 3906 "parser.y"
++                {(yyval.text) = "__mod__";}
++#line 7076 "../parser.c"
+     break;
+ 
+-  case 468:
+-#line 3881 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__and__";}
++  case 469: /* operatorname: '&'  */
++#line 3907 "parser.y"
++                {(yyval.text) = "__and__";}
++#line 7082 "../parser.c"
+     break;
+ 
+-  case 469:
+-#line 3882 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__or__";}
++  case 470: /* operatorname: '|'  */
++#line 3908 "parser.y"
++                {(yyval.text) = "__or__";}
++#line 7088 "../parser.c"
+     break;
+ 
+-  case 470:
+-#line 3883 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__xor__";}
++  case 471: /* operatorname: '^'  */
++#line 3909 "parser.y"
++                {(yyval.text) = "__xor__";}
++#line 7094 "../parser.c"
+     break;
+ 
+-  case 471:
+-#line 3884 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__lshift__";}
++  case 472: /* operatorname: '<' '<'  */
++#line 3910 "parser.y"
++                    {(yyval.text) = "__lshift__";}
++#line 7100 "../parser.c"
+     break;
+ 
+-  case 472:
+-#line 3885 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__rshift__";}
++  case 473: /* operatorname: '>' '>'  */
++#line 3911 "parser.y"
++                    {(yyval.text) = "__rshift__";}
++#line 7106 "../parser.c"
+     break;
+ 
+-  case 473:
+-#line 3886 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__iadd__";}
++  case 474: /* operatorname: '+' '='  */
++#line 3912 "parser.y"
++                    {(yyval.text) = "__iadd__";}
++#line 7112 "../parser.c"
+     break;
+ 
+-  case 474:
+-#line 3887 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__isub__";}
++  case 475: /* operatorname: '-' '='  */
++#line 3913 "parser.y"
++                    {(yyval.text) = "__isub__";}
++#line 7118 "../parser.c"
+     break;
+ 
+-  case 475:
+-#line 3888 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__imul__";}
++  case 476: /* operatorname: '*' '='  */
++#line 3914 "parser.y"
++                    {(yyval.text) = "__imul__";}
++#line 7124 "../parser.c"
+     break;
+ 
+-  case 476:
+-#line 3889 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__idiv__";}
++  case 477: /* operatorname: '/' '='  */
++#line 3915 "parser.y"
++                    {(yyval.text) = "__idiv__";}
++#line 7130 "../parser.c"
+     break;
+ 
+-  case 477:
+-#line 3890 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__imod__";}
++  case 478: /* operatorname: '%' '='  */
++#line 3916 "parser.y"
++                    {(yyval.text) = "__imod__";}
++#line 7136 "../parser.c"
+     break;
+ 
+-  case 478:
+-#line 3891 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__iand__";}
++  case 479: /* operatorname: '&' '='  */
++#line 3917 "parser.y"
++                    {(yyval.text) = "__iand__";}
++#line 7142 "../parser.c"
+     break;
+ 
+-  case 479:
+-#line 3892 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__ior__";}
++  case 480: /* operatorname: '|' '='  */
++#line 3918 "parser.y"
++                    {(yyval.text) = "__ior__";}
++#line 7148 "../parser.c"
+     break;
+ 
+-  case 480:
+-#line 3893 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__ixor__";}
++  case 481: /* operatorname: '^' '='  */
++#line 3919 "parser.y"
++                    {(yyval.text) = "__ixor__";}
++#line 7154 "../parser.c"
+     break;
+ 
+-  case 481:
+-#line 3894 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__ilshift__";}
++  case 482: /* operatorname: '<' '<' '='  */
++#line 3920 "parser.y"
++                    {(yyval.text) = "__ilshift__";}
++#line 7160 "../parser.c"
+     break;
+ 
+-  case 482:
+-#line 3895 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__irshift__";}
++  case 483: /* operatorname: '>' '>' '='  */
++#line 3921 "parser.y"
++                    {(yyval.text) = "__irshift__";}
++#line 7166 "../parser.c"
+     break;
+ 
+-  case 483:
+-#line 3896 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__invert__";}
++  case 484: /* operatorname: '~'  */
++#line 3922 "parser.y"
++                {(yyval.text) = "__invert__";}
++#line 7172 "../parser.c"
+     break;
+ 
+-  case 484:
+-#line 3897 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__call__";}
++  case 485: /* operatorname: '(' ')'  */
++#line 3923 "parser.y"
++                    {(yyval.text) = "__call__";}
++#line 7178 "../parser.c"
+     break;
+ 
+-  case 485:
+-#line 3898 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__getitem__";}
++  case 486: /* operatorname: '[' ']'  */
++#line 3924 "parser.y"
++                    {(yyval.text) = "__getitem__";}
++#line 7184 "../parser.c"
+     break;
+ 
+-  case 486:
+-#line 3899 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__lt__";}
++  case 487: /* operatorname: '<'  */
++#line 3925 "parser.y"
++                {(yyval.text) = "__lt__";}
++#line 7190 "../parser.c"
+     break;
+ 
+-  case 487:
+-#line 3900 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__le__";}
++  case 488: /* operatorname: '<' '='  */
++#line 3926 "parser.y"
++                    {(yyval.text) = "__le__";}
++#line 7196 "../parser.c"
+     break;
+ 
+-  case 488:
+-#line 3901 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__eq__";}
++  case 489: /* operatorname: '=' '='  */
++#line 3927 "parser.y"
++                    {(yyval.text) = "__eq__";}
++#line 7202 "../parser.c"
+     break;
+ 
+-  case 489:
+-#line 3902 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__ne__";}
++  case 490: /* operatorname: '!' '='  */
++#line 3928 "parser.y"
++                    {(yyval.text) = "__ne__";}
++#line 7208 "../parser.c"
+     break;
+ 
+-  case 490:
+-#line 3903 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__gt__";}
++  case 491: /* operatorname: '>'  */
++#line 3929 "parser.y"
++                {(yyval.text) = "__gt__";}
++#line 7214 "../parser.c"
+     break;
+ 
+-  case 491:
+-#line 3904 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {(yyval.text) = "__ge__";}
++  case 492: /* operatorname: '>' '='  */
++#line 3930 "parser.y"
++                    {(yyval.text) = "__ge__";}
++#line 7220 "../parser.c"
+     break;
+ 
+-  case 492:
+-#line 3907 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 493: /* optconst: %empty  */
++#line 3933 "parser.y"
++            {
+             (yyval.number) = FALSE;
+         }
++#line 7228 "../parser.c"
+     break;
+ 
+-  case 493:
+-#line 3910 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 494: /* optconst: TK_CONST  */
++#line 3936 "parser.y"
++                 {
+             (yyval.number) = TRUE;
+         }
++#line 7236 "../parser.c"
+     break;
+ 
+-  case 494:
+-#line 3915 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 495: /* optfinal: %empty  */
++#line 3941 "parser.y"
++            {
+             (yyval.number) = FALSE;
+         }
++#line 7244 "../parser.c"
+     break;
+ 
+-  case 495:
+-#line 3918 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 496: /* optfinal: TK_FINAL  */
++#line 3944 "parser.y"
++                 {
+             (yyval.number) = TRUE;
+         }
++#line 7252 "../parser.c"
+     break;
+ 
+-  case 496:
+-#line 3923 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 497: /* optabstract: %empty  */
++#line 3949 "parser.y"
++                {
+             (yyval.number) = 0;
+         }
++#line 7260 "../parser.c"
+     break;
+ 
+-  case 497:
+-#line 3926 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            if ((yyvsp[(2) - (2)].number) != 0)
++  case 498: /* optabstract: '=' TK_NUMBER_VALUE  */
++#line 3952 "parser.y"
++                            {
++            if ((yyvsp[0].number) != 0)
+                 yyerror("Abstract virtual function '= 0' expected");
+ 
+             (yyval.number) = TRUE;
+         }
++#line 7271 "../parser.c"
+     break;
+ 
+-  case 498:
+-#line 3934 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 499: /* optflags: %empty  */
++#line 3960 "parser.y"
++            {
+             (yyval.optflags).nrFlags = 0;
+         }
++#line 7279 "../parser.c"
+     break;
+ 
+-  case 499:
+-#line 3937 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.optflags) = (yyvsp[(2) - (3)].optflags);
++  case 500: /* optflags: '/' flaglist '/'  */
++#line 3963 "parser.y"
++                         {
++            (yyval.optflags) = (yyvsp[-1].optflags);
+         }
++#line 7287 "../parser.c"
+     break;
+ 
+-  case 500:
+-#line 3943 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.optflags).flags[0] = (yyvsp[(1) - (1)].flag);
++  case 501: /* flaglist: flag  */
++#line 3969 "parser.y"
++                 {
++            (yyval.optflags).flags[0] = (yyvsp[0].flag);
+             (yyval.optflags).nrFlags = 1;
+         }
++#line 7296 "../parser.c"
+     break;
+ 
+-  case 501:
+-#line 3947 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 502: /* flaglist: flaglist ',' flag  */
++#line 3973 "parser.y"
++                          {
+             /* Check there is room. */
+ 
+-            if ((yyvsp[(1) - (3)].optflags).nrFlags == MAX_NR_FLAGS)
++            if ((yyvsp[-2].optflags).nrFlags == MAX_NR_FLAGS)
+                 yyerror("Too many optional flags");
+ 
+-            (yyval.optflags) = (yyvsp[(1) - (3)].optflags);
++            (yyval.optflags) = (yyvsp[-2].optflags);
+ 
+-            (yyval.optflags).flags[(yyval.optflags).nrFlags++] = (yyvsp[(3) - (3)].flag);
++            (yyval.optflags).flags[(yyval.optflags).nrFlags++] = (yyvsp[0].flag);
+         }
++#line 7311 "../parser.c"
+     break;
+ 
+-  case 502:
+-#line 3959 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 503: /* flag: TK_NAME_VALUE  */
++#line 3985 "parser.y"
++                      {
+             (yyval.flag).ftype = bool_flag;
+-            (yyval.flag).fname = (yyvsp[(1) - (1)].text);
++            (yyval.flag).fname = (yyvsp[0].text);
+         }
++#line 7320 "../parser.c"
+     break;
+ 
+-  case 503:
+-#line 3963 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.flag) = (yyvsp[(3) - (3)].flag);
+-            (yyval.flag).fname = (yyvsp[(1) - (3)].text);
++  case 504: /* flag: TK_NAME_VALUE '=' flagvalue  */
++#line 3989 "parser.y"
++                                    {
++            (yyval.flag) = (yyvsp[0].flag);
++            (yyval.flag).fname = (yyvsp[-2].text);
+         }
++#line 7329 "../parser.c"
+     break;
+ 
+-  case 504:
+-#line 3969 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.flag).ftype = (strchr((yyvsp[(1) - (1)].text), '.') != NULL) ? dotted_name_flag : name_flag;
+-            (yyval.flag).fvalue.sval = (yyvsp[(1) - (1)].text);
++  case 505: /* flagvalue: dottedname  */
++#line 3995 "parser.y"
++                       {
++            (yyval.flag).ftype = (strchr((yyvsp[0].text), '.') != NULL) ? dotted_name_flag : name_flag;
++            (yyval.flag).fvalue.sval = (yyvsp[0].text);
+         }
++#line 7338 "../parser.c"
+     break;
+ 
+-  case 505:
+-#line 3973 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 506: /* flagvalue: TK_NAME_VALUE ':' optnumber '-' optnumber  */
++#line 3999 "parser.y"
++                                                  {
+             apiVersionRangeDef *avd;
+             int from, to;
+ 
+             (yyval.flag).ftype = api_range_flag;
+ 
+             /* Check that the API is known. */
+-            if ((avd = findAPI(currentSpec, (yyvsp[(1) - (5)].text))) == NULL)
++            if ((avd = findAPI(currentSpec, (yyvsp[-4].text))) == NULL)
+                 yyerror("unknown API name in API annotation");
+ 
+             if (inMainModule())
+                 setIsUsedName(avd->api_name);
+ 
+             /* Unbounded values are represented by 0. */
+-            if ((from = (yyvsp[(3) - (5)].number)) < 0)
++            if ((from = (yyvsp[-2].number)) < 0)
+                 from = 0;
+ 
+-            if ((to = (yyvsp[(5) - (5)].number)) < 0)
++            if ((to = (yyvsp[0].number)) < 0)
+                 to = 0;
+ 
+             (yyval.flag).fvalue.aval = convertAPIRange(currentModule, avd->api_name,
+                     from, to);
+         }
++#line 7366 "../parser.c"
+     break;
+ 
+-  case 506:
+-#line 3996 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 507: /* flagvalue: TK_STRING_VALUE  */
++#line 4022 "parser.y"
++                        {
+             (yyval.flag).ftype = string_flag;
+-            (yyval.flag).fvalue.sval = convertFeaturedString((yyvsp[(1) - (1)].text));
++            (yyval.flag).fvalue.sval = convertFeaturedString((yyvsp[0].text));
+         }
++#line 7375 "../parser.c"
+     break;
+ 
+-  case 507:
+-#line 4000 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 508: /* flagvalue: TK_NUMBER_VALUE  */
++#line 4026 "parser.y"
++                        {
+             (yyval.flag).ftype = integer_flag;
+-            (yyval.flag).fvalue.ival = (yyvsp[(1) - (1)].number);
++            (yyval.flag).fvalue.ival = (yyvsp[0].number);
+         }
++#line 7384 "../parser.c"
+     break;
+ 
+-  case 508:
+-#line 4006 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 509: /* virtualcallcode: %empty  */
++#line 4032 "parser.y"
++                 {
+             (yyval.codeb) = NULL;
+         }
++#line 7392 "../parser.c"
+     break;
+ 
+-  case 509:
+-#line 4009 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 510: /* virtualcallcode: TK_VIRTUALCALLCODE codeblock  */
++#line 4035 "parser.y"
++                                     {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 7400 "../parser.c"
+     break;
+ 
+-  case 510:
+-#line 4014 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 511: /* methodcode: %empty  */
++#line 4040 "parser.y"
++            {
+             (yyval.codeb) = NULL;
+         }
++#line 7408 "../parser.c"
+     break;
+ 
+-  case 511:
+-#line 4017 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 512: /* methodcode: TK_METHODCODE codeblock  */
++#line 4043 "parser.y"
++                                {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 7416 "../parser.c"
+     break;
+ 
+-  case 512:
+-#line 4022 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 513: /* premethodcode: %empty  */
++#line 4048 "parser.y"
++               {
+             (yyval.codeb) = NULL;
+         }
++#line 7424 "../parser.c"
+     break;
+ 
+-  case 513:
+-#line 4025 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 514: /* premethodcode: TK_PREMETHODCODE codeblock  */
++#line 4051 "parser.y"
++                                   {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 7432 "../parser.c"
+     break;
+ 
+-  case 514:
+-#line 4030 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 515: /* virtualcatchercode: %empty  */
++#line 4056 "parser.y"
++                    {
+             (yyval.codeb) = NULL;
+         }
++#line 7440 "../parser.c"
+     break;
+ 
+-  case 515:
+-#line 4033 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.codeb) = (yyvsp[(2) - (2)].codeb);
++  case 516: /* virtualcatchercode: TK_VIRTUALCATCHERCODE codeblock  */
++#line 4059 "parser.y"
++                                        {
++            (yyval.codeb) = (yyvsp[0].codeb);
+         }
++#line 7448 "../parser.c"
+     break;
+ 
+-  case 516:
+-#line 4038 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 517: /* arglist: rawarglist  */
++#line 4064 "parser.y"
++                       {
+             int a, nrrxcon, nrrxdis, nrslotcon, nrslotdis, nrarray, nrarraysize;
+ 
+             nrrxcon = nrrxdis = nrslotcon = nrslotdis = nrarray = nrarraysize = 0;
+ 
+-            for (a = 0; a < (yyvsp[(1) - (1)].signature).nrArgs; ++a)
++            for (a = 0; a < (yyvsp[0].signature).nrArgs; ++a)
+             {
+-                argDef *ad = &(yyvsp[(1) - (1)].signature).args[a];
++                argDef *ad = &(yyvsp[0].signature).args[a];
+ 
+                 switch (ad -> atype)
+                 {
+@@ -7497,226 +7497,243 @@ yyreduce:
+             if (nrarray != nrarraysize || nrarray > 1)
+                 yyerror("/Array/ and /ArraySize/ must both be given and at most once");
+ 
+-            (yyval.signature) = (yyvsp[(1) - (1)].signature);
++            (yyval.signature) = (yyvsp[0].signature);
+         }
++#line 7503 "../parser.c"
+     break;
+ 
+-  case 517:
+-#line 4090 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 518: /* rawarglist: %empty  */
++#line 4116 "parser.y"
++            {
+             /* No arguments. */
+ 
+             (yyval.signature).nrArgs = 0;
+         }
++#line 7513 "../parser.c"
+     break;
+ 
+-  case 518:
+-#line 4095 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 519: /* rawarglist: argvalue  */
++#line 4121 "parser.y"
++                 {
+             /* The single or first argument. */
+ 
+-            (yyval.signature).args[0] = (yyvsp[(1) - (1)].memArg);
++            (yyval.signature).args[0] = (yyvsp[0].memArg);
+             (yyval.signature).nrArgs = 1;
+         }
++#line 7524 "../parser.c"
+     break;
+ 
+-  case 519:
+-#line 4101 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 520: /* rawarglist: rawarglist ',' argvalue  */
++#line 4127 "parser.y"
++                                {
+             /* Check that it wasn't ...(,arg...). */
+-            if ((yyvsp[(1) - (3)].signature).nrArgs == 0)
++            if ((yyvsp[-2].signature).nrArgs == 0)
+                 yyerror("First argument of the list is missing");
+ 
+             /*
+              * If this argument has no default value, then the
+              * previous one mustn't either.
+              */
+-            if ((yyvsp[(3) - (3)].memArg).defval == NULL && (yyvsp[(1) - (3)].signature).args[(yyvsp[(1) - (3)].signature).nrArgs - 1].defval != NULL)
++            if ((yyvsp[0].memArg).defval == NULL && (yyvsp[-2].signature).args[(yyvsp[-2].signature).nrArgs - 1].defval != NULL)
+                 yyerror("Compulsory argument given after optional argument");
+ 
+             /* Check there is room. */
+-            if ((yyvsp[(1) - (3)].signature).nrArgs == MAX_NR_ARGS)
++            if ((yyvsp[-2].signature).nrArgs == MAX_NR_ARGS)
+                 yyerror("Internal error - increase the value of MAX_NR_ARGS");
+ 
+-            (yyval.signature) = (yyvsp[(1) - (3)].signature);
++            (yyval.signature) = (yyvsp[-2].signature);
+ 
+-            (yyval.signature).args[(yyval.signature).nrArgs] = (yyvsp[(3) - (3)].memArg);
++            (yyval.signature).args[(yyval.signature).nrArgs] = (yyvsp[0].memArg);
+             (yyval.signature).nrArgs++;
+         }
++#line 7550 "../parser.c"
+     break;
+ 
+-  case 520:
+-#line 4124 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 521: /* argvalue: TK_SIPSIGNAL optname optflags optassign  */
++#line 4150 "parser.y"
++                                                    {
+             deprecated("SIP_SIGNAL is deprecated\n");
+-            checkNoAnnos(&(yyvsp[(3) - (4)].optflags), "SIP_SIGNAL has no annotations");
++            checkNoAnnos(&(yyvsp[-1].optflags), "SIP_SIGNAL has no annotations");
+ 
+             (yyval.memArg).atype = signal_type;
+             (yyval.memArg).argflags = ARG_IS_CONST;
+             (yyval.memArg).nrderefs = 0;
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (4)].text));
+-            (yyval.memArg).defval = (yyvsp[(4) - (4)].valp);
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-2].text));
++            (yyval.memArg).defval = (yyvsp[0].valp);
+ 
+             currentSpec -> sigslots = TRUE;
+         }
++#line 7567 "../parser.c"
+     break;
+ 
+-  case 521:
+-#line 4136 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 522: /* argvalue: TK_SIPSLOT optname optflags optassign  */
++#line 4162 "parser.y"
++                                              {
+             deprecated("SIP_SLOT is deprecated\n");
+-            checkNoAnnos(&(yyvsp[(3) - (4)].optflags), "SIP_SLOT has no annotations");
++            checkNoAnnos(&(yyvsp[-1].optflags), "SIP_SLOT has no annotations");
+ 
+             (yyval.memArg).atype = slot_type;
+             (yyval.memArg).argflags = ARG_IS_CONST;
+             (yyval.memArg).nrderefs = 0;
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (4)].text));
+-            (yyval.memArg).defval = (yyvsp[(4) - (4)].valp);
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-2].text));
++            (yyval.memArg).defval = (yyvsp[0].valp);
+ 
+             currentSpec -> sigslots = TRUE;
+         }
++#line 7584 "../parser.c"
+     break;
+ 
+-  case 522:
+-#line 4148 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 523: /* argvalue: TK_SIPANYSLOT optname optflags optassign  */
++#line 4174 "parser.y"
++                                                 {
+             deprecated("SIP_ANYSLOT is deprecated\n");
+-            checkNoAnnos(&(yyvsp[(3) - (4)].optflags), "SIP_ANYSLOT has no annotations");
++            checkNoAnnos(&(yyvsp[-1].optflags), "SIP_ANYSLOT has no annotations");
+ 
+             (yyval.memArg).atype = anyslot_type;
+             (yyval.memArg).argflags = ARG_IS_CONST;
+             (yyval.memArg).nrderefs = 0;
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (4)].text));
+-            (yyval.memArg).defval = (yyvsp[(4) - (4)].valp);
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-2].text));
++            (yyval.memArg).defval = (yyvsp[0].valp);
+ 
+             currentSpec -> sigslots = TRUE;
+         }
++#line 7601 "../parser.c"
+     break;
+ 
+-  case 523:
+-#line 4160 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 524: /* argvalue: TK_SIPRXCON optname optflags  */
++#line 4186 "parser.y"
++                                     {
+             const char *annos[] = {
+                 "SingleShot",
+                 NULL
+             };
+ 
+             deprecated("SIP_RXOBJ_CON is deprecated\n");
+-            checkAnnos(&(yyvsp[(3) - (3)].optflags), annos);
++            checkAnnos(&(yyvsp[0].optflags), annos);
+ 
+             (yyval.memArg).atype = rxcon_type;
+             (yyval.memArg).argflags = 0;
+             (yyval.memArg).nrderefs = 0;
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (3)].text));
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text));
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags), "SingleShot", bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags), "SingleShot", bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_SINGLE_SHOT;
+ 
+             currentSpec -> sigslots = TRUE;
+         }
++#line 7625 "../parser.c"
+     break;
+ 
+-  case 524:
+-#line 4179 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 525: /* argvalue: TK_SIPRXDIS optname optflags  */
++#line 4205 "parser.y"
++                                     {
+             deprecated("SIP_RXOBJ_DIS is deprecated\n");
+-            checkNoAnnos(&(yyvsp[(3) - (3)].optflags), "SIP_RXOBJ_DIS has no annotations");
++            checkNoAnnos(&(yyvsp[0].optflags), "SIP_RXOBJ_DIS has no annotations");
+ 
+             (yyval.memArg).atype = rxdis_type;
+             (yyval.memArg).argflags = 0;
+             (yyval.memArg).nrderefs = 0;
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (3)].text));
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text));
+ 
+             currentSpec -> sigslots = TRUE;
+         }
++#line 7641 "../parser.c"
+     break;
+ 
+-  case 525:
+-#line 4190 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 526: /* argvalue: TK_SIPSLOTCON '(' arglist ')' optname optflags  */
++#line 4216 "parser.y"
++                                                       {
+             deprecated("SIP_SLOT_CON is deprecated\n");
+-            checkNoAnnos(&(yyvsp[(6) - (6)].optflags), "SIP_SLOT_CON has no annotations");
++            checkNoAnnos(&(yyvsp[0].optflags), "SIP_SLOT_CON has no annotations");
+ 
+             (yyval.memArg).atype = slotcon_type;
+             (yyval.memArg).argflags = ARG_IS_CONST;
+             (yyval.memArg).nrderefs = 0;
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(5) - (6)].text));
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text));
+ 
+-            memset(&(yyvsp[(3) - (6)].signature).result, 0, sizeof (argDef));
+-            (yyvsp[(3) - (6)].signature).result.atype = void_type;
++            memset(&(yyvsp[-3].signature).result, 0, sizeof (argDef));
++            (yyvsp[-3].signature).result.atype = void_type;
+ 
+             (yyval.memArg).u.sa = sipMalloc(sizeof (signatureDef));
+-            *(yyval.memArg).u.sa = (yyvsp[(3) - (6)].signature);
++            *(yyval.memArg).u.sa = (yyvsp[-3].signature);
+ 
+             currentSpec -> sigslots = TRUE;
+         }
++#line 7663 "../parser.c"
+     break;
+ 
+-  case 526:
+-#line 4207 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 527: /* argvalue: TK_SIPSLOTDIS '(' arglist ')' optname optflags  */
++#line 4233 "parser.y"
++                                                       {
+             deprecated("SIP_SLOT_DIS is deprecated\n");
+-            checkNoAnnos(&(yyvsp[(6) - (6)].optflags), "SIP_SLOT_DIS has no annotations");
++            checkNoAnnos(&(yyvsp[0].optflags), "SIP_SLOT_DIS has no annotations");
+ 
+             (yyval.memArg).atype = slotdis_type;
+             (yyval.memArg).argflags = ARG_IS_CONST;
+             (yyval.memArg).nrderefs = 0;
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(5) - (6)].text));
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text));
+ 
+-            memset(&(yyvsp[(3) - (6)].signature).result, 0, sizeof (argDef));
+-            (yyvsp[(3) - (6)].signature).result.atype = void_type;
++            memset(&(yyvsp[-3].signature).result, 0, sizeof (argDef));
++            (yyvsp[-3].signature).result.atype = void_type;
+ 
+             (yyval.memArg).u.sa = sipMalloc(sizeof (signatureDef));
+-            *(yyval.memArg).u.sa = (yyvsp[(3) - (6)].signature);
++            *(yyval.memArg).u.sa = (yyvsp[-3].signature);
+ 
+             currentSpec -> sigslots = TRUE;
+         }
++#line 7685 "../parser.c"
+     break;
+ 
+-  case 527:
+-#line 4224 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 528: /* argvalue: TK_QOBJECT optname optflags  */
++#line 4250 "parser.y"
++                                    {
+             deprecated("SIP_QOBJECT is deprecated\n");
+-            checkNoAnnos(&(yyvsp[(3) - (3)].optflags), "SIP_QOBJECT has no annotations");
++            checkNoAnnos(&(yyvsp[0].optflags), "SIP_QOBJECT has no annotations");
+ 
+             (yyval.memArg).atype = qobject_type;
+             (yyval.memArg).argflags = 0;
+             (yyval.memArg).nrderefs = 0;
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (3)].text));
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text));
+         }
++#line 7699 "../parser.c"
+     break;
+ 
+-  case 528:
+-#line 4233 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.memArg) = (yyvsp[(1) - (2)].memArg);
+-            (yyval.memArg).defval = (yyvsp[(2) - (2)].valp);
++  case 529: /* argvalue: argtype optassign  */
++#line 4259 "parser.y"
++                          {
++            (yyval.memArg) = (yyvsp[-1].memArg);
++            (yyval.memArg).defval = (yyvsp[0].valp);
+         }
++#line 7708 "../parser.c"
+     break;
+ 
+-  case 529:
+-#line 4240 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {currentIsSignal = TRUE;}
++  case 530: /* $@19: %empty  */
++#line 4266 "parser.y"
++                         {currentIsSignal = TRUE;}
++#line 7714 "../parser.c"
+     break;
+ 
+-  case 531:
+-#line 4241 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {currentIsSlot = TRUE;}
++  case 532: /* $@20: %empty  */
++#line 4267 "parser.y"
++                       {currentIsSlot = TRUE;}
++#line 7720 "../parser.c"
+     break;
+ 
+-  case 534:
+-#line 4246 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {currentIsStatic = TRUE;}
++  case 535: /* $@21: %empty  */
++#line 4272 "parser.y"
++                  {currentIsStatic = TRUE;}
++#line 7726 "../parser.c"
+     break;
+ 
+-  case 539:
+-#line 4256 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {currentIsVirt = TRUE;}
++  case 540: /* $@22: %empty  */
++#line 4282 "parser.y"
++                   {currentIsVirt = TRUE;}
++#line 7732 "../parser.c"
+     break;
+ 
+-  case 542:
+-#line 4260 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 543: /* variable: cpptype TK_NAME_VALUE optflags variable_body ';' optaccesscode optgetcode optsetcode  */
++#line 4286 "parser.y"
++                                                                                                 {
+             if (notSkipping())
+             {
+                 const char *annos[] = {
+@@ -7730,99 +7747,105 @@ yyreduce:
+                     NULL
+                 };
+ 
+-                checkAnnos(&(yyvsp[(3) - (8)].optflags), annos);
++                checkAnnos(&(yyvsp[-5].optflags), annos);
+ 
+-                if ((yyvsp[(6) - (8)].codeb) != NULL)
++                if ((yyvsp[-2].codeb) != NULL)
+                 {
+-                    if ((yyvsp[(4) - (8)].variable).access_code != NULL)
++                    if ((yyvsp[-4].variable).access_code != NULL)
+                         yyerror("%AccessCode already defined");
+ 
+-                    (yyvsp[(4) - (8)].variable).access_code = (yyvsp[(6) - (8)].codeb);
++                    (yyvsp[-4].variable).access_code = (yyvsp[-2].codeb);
+ 
+                     deprecated("%AccessCode should be used as a sub-directive");
+                 }
+ 
+-                if ((yyvsp[(7) - (8)].codeb) != NULL)
++                if ((yyvsp[-1].codeb) != NULL)
+                 {
+-                    if ((yyvsp[(4) - (8)].variable).get_code != NULL)
++                    if ((yyvsp[-4].variable).get_code != NULL)
+                         yyerror("%GetCode already defined");
+ 
+-                    (yyvsp[(4) - (8)].variable).get_code = (yyvsp[(7) - (8)].codeb);
++                    (yyvsp[-4].variable).get_code = (yyvsp[-1].codeb);
+ 
+                     deprecated("%GetCode should be used as a sub-directive");
+                 }
+ 
+-                if ((yyvsp[(8) - (8)].codeb) != NULL)
++                if ((yyvsp[0].codeb) != NULL)
+                 {
+-                    if ((yyvsp[(4) - (8)].variable).set_code != NULL)
++                    if ((yyvsp[-4].variable).set_code != NULL)
+                         yyerror("%SetCode already defined");
+ 
+-                    (yyvsp[(4) - (8)].variable).set_code = (yyvsp[(8) - (8)].codeb);
++                    (yyvsp[-4].variable).set_code = (yyvsp[0].codeb);
+ 
+                     deprecated("%SetCode should be used as a sub-directive");
+                 }
+ 
+-                newVar(currentSpec, currentModule, (yyvsp[(2) - (8)].text), currentIsStatic, &(yyvsp[(1) - (8)].memArg),
+-                        &(yyvsp[(3) - (8)].optflags), (yyvsp[(4) - (8)].variable).access_code, (yyvsp[(4) - (8)].variable).get_code, (yyvsp[(4) - (8)].variable).set_code,
++                newVar(currentSpec, currentModule, (yyvsp[-6].text), currentIsStatic, &(yyvsp[-7].memArg),
++                        &(yyvsp[-5].optflags), (yyvsp[-4].variable).access_code, (yyvsp[-4].variable).get_code, (yyvsp[-4].variable).set_code,
+                         sectionFlags);
+             }
+ 
+             currentIsStatic = FALSE;
+         }
++#line 7790 "../parser.c"
+     break;
+ 
+-  case 543:
+-#line 4315 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 544: /* variable_body: %empty  */
++#line 4341 "parser.y"
++                {
+             (yyval.variable).token = 0;
+             (yyval.variable).access_code = NULL;
+             (yyval.variable).get_code = NULL;
+             (yyval.variable).set_code = NULL;
+         }
++#line 7801 "../parser.c"
+     break;
+ 
+-  case 544:
+-#line 4321 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.variable) = (yyvsp[(2) - (3)].variable);
++  case 545: /* variable_body: '{' variable_body_directives '}'  */
++#line 4347 "parser.y"
++                                         {
++            (yyval.variable) = (yyvsp[-1].variable);
+         }
++#line 7809 "../parser.c"
+     break;
+ 
+-  case 546:
+-#line 4327 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.variable) = (yyvsp[(1) - (2)].variable);
++  case 547: /* variable_body_directives: variable_body_directives variable_body_directive  */
++#line 4353 "parser.y"
++                                                         {
++            (yyval.variable) = (yyvsp[-1].variable);
+ 
+-            switch ((yyvsp[(2) - (2)].variable).token)
++            switch ((yyvsp[0].variable).token)
+             {
+-            case TK_ACCESSCODE: (yyval.variable).access_code = (yyvsp[(2) - (2)].variable).access_code; break;
+-            case TK_GETCODE: (yyval.variable).get_code = (yyvsp[(2) - (2)].variable).get_code; break;
+-            case TK_SETCODE: (yyval.variable).set_code = (yyvsp[(2) - (2)].variable).set_code; break;
++            case TK_ACCESSCODE: (yyval.variable).access_code = (yyvsp[0].variable).access_code; break;
++            case TK_GETCODE: (yyval.variable).get_code = (yyvsp[0].variable).get_code; break;
++            case TK_SETCODE: (yyval.variable).set_code = (yyvsp[0].variable).set_code; break;
+             }
+         }
++#line 7824 "../parser.c"
+     break;
+ 
+-  case 547:
+-#line 4339 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 548: /* variable_body_directive: ifstart  */
++#line 4365 "parser.y"
++                                    {
+             (yyval.variable).token = TK_IF;
+         }
++#line 7832 "../parser.c"
+     break;
+ 
+-  case 548:
+-#line 4342 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 549: /* variable_body_directive: ifend  */
++#line 4368 "parser.y"
++              {
+             (yyval.variable).token = TK_END;
+         }
++#line 7840 "../parser.c"
+     break;
+ 
+-  case 549:
+-#line 4345 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 550: /* variable_body_directive: TK_ACCESSCODE codeblock  */
++#line 4371 "parser.y"
++                                {
+             if (notSkipping())
+             {
+                 (yyval.variable).token = TK_ACCESSCODE;
+-                (yyval.variable).access_code = (yyvsp[(2) - (2)].codeb);
++                (yyval.variable).access_code = (yyvsp[0].codeb);
+             }
+             else
+             {
+@@ -7833,15 +7856,16 @@ yyreduce:
+             (yyval.variable).get_code = NULL;
+             (yyval.variable).set_code = NULL;
+         }
++#line 7860 "../parser.c"
+     break;
+ 
+-  case 550:
+-#line 4360 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 551: /* variable_body_directive: TK_GETCODE codeblock  */
++#line 4386 "parser.y"
++                             {
+             if (notSkipping())
+             {
+                 (yyval.variable).token = TK_GETCODE;
+-                (yyval.variable).get_code = (yyvsp[(2) - (2)].codeb);
++                (yyval.variable).get_code = (yyvsp[0].codeb);
+             }
+             else
+             {
+@@ -7852,15 +7876,16 @@ yyreduce:
+             (yyval.variable).access_code = NULL;
+             (yyval.variable).set_code = NULL;
+         }
++#line 7880 "../parser.c"
+     break;
+ 
+-  case 551:
+-#line 4375 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 552: /* variable_body_directive: TK_SETCODE codeblock  */
++#line 4401 "parser.y"
++                             {
+             if (notSkipping())
+             {
+                 (yyval.variable).token = TK_SETCODE;
+-                (yyval.variable).set_code = (yyvsp[(2) - (2)].codeb);
++                (yyval.variable).set_code = (yyvsp[0].codeb);
+             }
+             else
+             {
+@@ -7871,36 +7896,39 @@ yyreduce:
+             (yyval.variable).access_code = NULL;
+             (yyval.variable).get_code = NULL;
+         }
++#line 7900 "../parser.c"
+     break;
+ 
+-  case 552:
+-#line 4392 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.memArg) = (yyvsp[(2) - (4)].memArg);
+-            add_derefs(&(yyval.memArg), &(yyvsp[(3) - (4)].memArg));
+-            (yyval.memArg).argflags |= ARG_IS_CONST | (yyvsp[(4) - (4)].number);
++  case 553: /* cpptype: TK_CONST basetype deref optref  */
++#line 4418 "parser.y"
++                                           {
++            (yyval.memArg) = (yyvsp[-2].memArg);
++            add_derefs(&(yyval.memArg), &(yyvsp[-1].memArg));
++            (yyval.memArg).argflags |= ARG_IS_CONST | (yyvsp[0].number);
+         }
++#line 7910 "../parser.c"
+     break;
+ 
+-  case 553:
+-#line 4397 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            (yyval.memArg) = (yyvsp[(1) - (3)].memArg);
+-            add_derefs(&(yyval.memArg), &(yyvsp[(2) - (3)].memArg));
+-            (yyval.memArg).argflags |= (yyvsp[(3) - (3)].number);
++  case 554: /* cpptype: basetype deref optref  */
++#line 4423 "parser.y"
++                              {
++            (yyval.memArg) = (yyvsp[-2].memArg);
++            add_derefs(&(yyval.memArg), &(yyvsp[-1].memArg));
++            (yyval.memArg).argflags |= (yyvsp[0].number);
+ 
+             /* PyObject * is a synonym for SIP_PYOBJECT. */
+-            if ((yyvsp[(1) - (3)].memArg).atype == defined_type && strcmp((yyvsp[(1) - (3)].memArg).u.snd->name, "PyObject") == 0 && (yyvsp[(1) - (3)].memArg).u.snd->next == NULL && (yyvsp[(2) - (3)].memArg).nrderefs == 1 && (yyvsp[(3) - (3)].number) == 0)
++            if ((yyvsp[-2].memArg).atype == defined_type && strcmp((yyvsp[-2].memArg).u.snd->name, "PyObject") == 0 && (yyvsp[-2].memArg).u.snd->next == NULL && (yyvsp[-1].memArg).nrderefs == 1 && (yyvsp[0].number) == 0)
+             {
+                 (yyval.memArg).atype = pyobject_type;
+                 (yyval.memArg).nrderefs = 0;
+             }
+         }
++#line 7927 "../parser.c"
+     break;
+ 
+-  case 554:
+-#line 4411 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 555: /* argtype: cpptype optname optflags  */
++#line 4437 "parser.y"
++                                     {
+             const char *annos[] = {
+                 "AllowNone",
+                 "Array",
+@@ -7930,54 +7958,54 @@ yyreduce:
+ 
+             optFlag *of;
+ 
+-            checkAnnos(&(yyvsp[(3) - (3)].optflags), annos);
++            checkAnnos(&(yyvsp[0].optflags), annos);
+ 
+-            (yyval.memArg) = (yyvsp[(1) - (3)].memArg);
+-            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (3)].text));
++            (yyval.memArg) = (yyvsp[-2].memArg);
++            (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text));
+ 
+-            handleKeepReference(&(yyvsp[(3) - (3)].optflags), &(yyval.memArg), currentModule);
++            handleKeepReference(&(yyvsp[0].optflags), &(yyval.memArg), currentModule);
+ 
+-            if ((of = getOptFlag(&(yyvsp[(3) - (3)].optflags), "ScopesStripped", opt_integer_flag)) != NULL)
++            if ((of = getOptFlag(&(yyvsp[0].optflags), "ScopesStripped", opt_integer_flag)) != NULL)
+                 if (((yyval.memArg).scopes_stripped = of->fvalue.ival) <= 0)
+                     yyerror("/ScopesStripped/ must be greater than 0");
+ 
+-            if (getAllowNone(&(yyvsp[(3) - (3)].optflags)))
++            if (getAllowNone(&(yyvsp[0].optflags)))
+                 (yyval.memArg).argflags |= ARG_ALLOW_NONE;
+ 
+-            if (getDisallowNone(&(yyvsp[(3) - (3)].optflags)))
++            if (getDisallowNone(&(yyvsp[0].optflags)))
+                 (yyval.memArg).argflags |= ARG_DISALLOW_NONE;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"GetWrapper",bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags),"GetWrapper",bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_GET_WRAPPER;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"Array",bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags),"Array",bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_ARRAY;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"ArraySize",bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags),"ArraySize",bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_ARRAY_SIZE;
+ 
+-            if (getTransfer(&(yyvsp[(3) - (3)].optflags)))
++            if (getTransfer(&(yyvsp[0].optflags)))
+                 (yyval.memArg).argflags |= ARG_XFERRED;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"TransferThis",bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags),"TransferThis",bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_THIS_XFERRED;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"TransferBack",bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags),"TransferBack",bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_XFERRED_BACK;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"In",bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags),"In",bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_IN;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"Out",bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags),"Out",bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_OUT;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags), "ResultSize", bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags), "ResultSize", bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_RESULT_SIZE;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags), "NoCopy", bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags), "NoCopy", bool_flag) != NULL)
+                 (yyval.memArg).argflags |= ARG_NO_COPY;
+ 
+-            if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"Constrained",bool_flag) != NULL)
++            if (getOptFlag(&(yyvsp[0].optflags),"Constrained",bool_flag) != NULL)
+             {
+                 (yyval.memArg).argflags |= ARG_CONSTRAINED;
+ 
+@@ -8005,499 +8033,518 @@ yyreduce:
+                 }
+             }
+ 
+-            applyTypeFlags(currentModule, &(yyval.memArg), &(yyvsp[(3) - (3)].optflags));
+-            (yyval.memArg).typehint_value = getTypeHintValue(&(yyvsp[(3) - (3)].optflags));
++            applyTypeFlags(currentModule, &(yyval.memArg), &(yyvsp[0].optflags));
++            (yyval.memArg).typehint_value = getTypeHintValue(&(yyvsp[0].optflags));
+         }
++#line 8040 "../parser.c"
+     break;
+ 
+-  case 555:
+-#line 4521 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 556: /* optref: %empty  */
++#line 4547 "parser.y"
++        {
+             (yyval.number) = 0;
+         }
++#line 8048 "../parser.c"
+     break;
+ 
+-  case 556:
+-#line 4524 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 557: /* optref: '&'  */
++#line 4550 "parser.y"
++            {
+             if (currentSpec -> genc)
+                 yyerror("References not allowed in a C module");
+ 
+             (yyval.number) = ARG_IS_REF;
+         }
++#line 8059 "../parser.c"
+     break;
+ 
+-  case 557:
+-#line 4532 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 558: /* deref: %empty  */
++#line 4558 "parser.y"
++        {
+             (yyval.memArg).nrderefs = 0;
+         }
++#line 8067 "../parser.c"
+     break;
+ 
+-  case 558:
+-#line 4535 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            add_new_deref(&(yyval.memArg), &(yyvsp[(1) - (3)].memArg), TRUE);
++  case 559: /* deref: deref '*' TK_CONST  */
++#line 4561 "parser.y"
++                           {
++            add_new_deref(&(yyval.memArg), &(yyvsp[-2].memArg), TRUE);
+         }
++#line 8075 "../parser.c"
+     break;
+ 
+-  case 559:
+-#line 4538 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
+-            add_new_deref(&(yyval.memArg), &(yyvsp[(1) - (2)].memArg), FALSE);
++  case 560: /* deref: deref '*'  */
++#line 4564 "parser.y"
++                  {
++            add_new_deref(&(yyval.memArg), &(yyvsp[-1].memArg), FALSE);
+         }
++#line 8083 "../parser.c"
+     break;
+ 
+-  case 560:
+-#line 4543 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 561: /* basetype: scopedname  */
++#line 4569 "parser.y"
++                       {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = defined_type;
+-            (yyval.memArg).u.snd = (yyvsp[(1) - (1)].scpvalp);
++            (yyval.memArg).u.snd = (yyvsp[0].scpvalp);
+ 
+             /* Try and resolve typedefs as early as possible. */
+             resolveAnyTypedef(currentSpec, &(yyval.memArg));
+         }
++#line 8096 "../parser.c"
+     break;
+ 
+-  case 561:
+-#line 4551 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 562: /* basetype: scopedname '<' cpptypelist '>'  */
++#line 4577 "parser.y"
++                                       {
+             templateDef *td;
+ 
+             td = sipMalloc(sizeof(templateDef));
+-            td->fqname = (yyvsp[(1) - (4)].scpvalp);
+-            td->types = (yyvsp[(3) - (4)].signature);
++            td->fqname = (yyvsp[-3].scpvalp);
++            td->types = (yyvsp[-1].signature);
+ 
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = template_type;
+             (yyval.memArg).u.td = td;
+         }
++#line 8112 "../parser.c"
+     break;
+ 
+-  case 562:
+-#line 4562 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 563: /* basetype: TK_STRUCT scopedname  */
++#line 4588 "parser.y"
++                             {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+ 
+             /* In a C module all structures must be defined. */
+             if (currentSpec -> genc)
+             {
+                 (yyval.memArg).atype = defined_type;
+-                (yyval.memArg).u.snd = (yyvsp[(2) - (2)].scpvalp);
++                (yyval.memArg).u.snd = (yyvsp[0].scpvalp);
+             }
+             else
+             {
+                 (yyval.memArg).atype = struct_type;
+-                (yyval.memArg).u.sname = (yyvsp[(2) - (2)].scpvalp);
++                (yyval.memArg).u.sname = (yyvsp[0].scpvalp);
+             }
+         }
++#line 8132 "../parser.c"
+     break;
+ 
+-  case 563:
+-#line 4577 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 564: /* basetype: TK_UNSIGNED TK_SHORT  */
++#line 4603 "parser.y"
++                             {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = ushort_type;
+         }
++#line 8141 "../parser.c"
+     break;
+ 
+-  case 564:
+-#line 4581 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 565: /* basetype: TK_SHORT  */
++#line 4607 "parser.y"
++                 {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = short_type;
+         }
++#line 8150 "../parser.c"
+     break;
+ 
+-  case 565:
+-#line 4585 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 566: /* basetype: TK_UNSIGNED  */
++#line 4611 "parser.y"
++                    {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = uint_type;
+         }
++#line 8159 "../parser.c"
+     break;
+ 
+-  case 566:
+-#line 4589 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 567: /* basetype: TK_UNSIGNED TK_INT  */
++#line 4615 "parser.y"
++                           {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = uint_type;
+         }
++#line 8168 "../parser.c"
+     break;
+ 
+-  case 567:
+-#line 4593 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 568: /* basetype: TK_INT  */
++#line 4619 "parser.y"
++               {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = int_type;
+         }
++#line 8177 "../parser.c"
+     break;
+ 
+-  case 568:
+-#line 4597 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 569: /* basetype: TK_LONG  */
++#line 4623 "parser.y"
++                {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = long_type;
+         }
++#line 8186 "../parser.c"
+     break;
+ 
+-  case 569:
+-#line 4601 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 570: /* basetype: TK_UNSIGNED TK_LONG  */
++#line 4627 "parser.y"
++                            {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = ulong_type;
+         }
++#line 8195 "../parser.c"
+     break;
+ 
+-  case 570:
+-#line 4605 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 571: /* basetype: TK_LONG TK_LONG  */
++#line 4631 "parser.y"
++                        {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = longlong_type;
+         }
++#line 8204 "../parser.c"
+     break;
+ 
+-  case 571:
+-#line 4609 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 572: /* basetype: TK_UNSIGNED TK_LONG TK_LONG  */
++#line 4635 "parser.y"
++                                    {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = ulonglong_type;
+         }
++#line 8213 "../parser.c"
+     break;
+ 
+-  case 572:
+-#line 4613 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 573: /* basetype: TK_FLOAT  */
++#line 4639 "parser.y"
++                 {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = float_type;
+         }
++#line 8222 "../parser.c"
+     break;
+ 
+-  case 573:
+-#line 4617 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 574: /* basetype: TK_DOUBLE  */
++#line 4643 "parser.y"
++                  {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = double_type;
+         }
++#line 8231 "../parser.c"
+     break;
+ 
+-  case 574:
+-#line 4621 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 575: /* basetype: TK_BOOL  */
++#line 4647 "parser.y"
++                {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = bool_type;
+         }
++#line 8240 "../parser.c"
+     break;
+ 
+-  case 575:
+-#line 4625 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 576: /* basetype: TK_SIGNED TK_CHAR  */
++#line 4651 "parser.y"
++                          {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = sstring_type;
+         }
++#line 8249 "../parser.c"
+     break;
+ 
+-  case 576:
+-#line 4629 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 577: /* basetype: TK_UNSIGNED TK_CHAR  */
++#line 4655 "parser.y"
++                            {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = ustring_type;
+         }
++#line 8258 "../parser.c"
+     break;
+ 
+-  case 577:
+-#line 4633 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 578: /* basetype: TK_CHAR  */
++#line 4659 "parser.y"
++                {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = string_type;
+         }
++#line 8267 "../parser.c"
+     break;
+ 
+-  case 578:
+-#line 4637 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 579: /* basetype: TK_WCHAR_T  */
++#line 4663 "parser.y"
++                   {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = wstring_type;
+         }
++#line 8276 "../parser.c"
+     break;
+ 
+-  case 579:
+-#line 4641 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 580: /* basetype: TK_VOID  */
++#line 4667 "parser.y"
++                {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = void_type;
+         }
++#line 8285 "../parser.c"
+     break;
+ 
+-  case 580:
+-#line 4645 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 581: /* basetype: TK_PYOBJECT  */
++#line 4671 "parser.y"
++                    {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = pyobject_type;
+         }
++#line 8294 "../parser.c"
+     break;
+ 
+-  case 581:
+-#line 4649 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 582: /* basetype: TK_PYTUPLE  */
++#line 4675 "parser.y"
++                   {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = pytuple_type;
+         }
++#line 8303 "../parser.c"
+     break;
+ 
+-  case 582:
+-#line 4653 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 583: /* basetype: TK_PYLIST  */
++#line 4679 "parser.y"
++                  {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = pylist_type;
+         }
++#line 8312 "../parser.c"
+     break;
+ 
+-  case 583:
+-#line 4657 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 584: /* basetype: TK_PYDICT  */
++#line 4683 "parser.y"
++                  {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = pydict_type;
+         }
++#line 8321 "../parser.c"
+     break;
+ 
+-  case 584:
+-#line 4661 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 585: /* basetype: TK_PYCALLABLE  */
++#line 4687 "parser.y"
++                      {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = pycallable_type;
+         }
++#line 8330 "../parser.c"
+     break;
+ 
+-  case 585:
+-#line 4665 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 586: /* basetype: TK_PYSLICE  */
++#line 4691 "parser.y"
++                   {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = pyslice_type;
+         }
++#line 8339 "../parser.c"
+     break;
+ 
+-  case 586:
+-#line 4669 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 587: /* basetype: TK_PYTYPE  */
++#line 4695 "parser.y"
++                  {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = pytype_type;
+         }
++#line 8348 "../parser.c"
+     break;
+ 
+-  case 587:
+-#line 4673 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 588: /* basetype: TK_PYBUFFER  */
++#line 4699 "parser.y"
++                    {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = pybuffer_type;
+         }
++#line 8357 "../parser.c"
+     break;
+ 
+-  case 588:
+-#line 4677 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 589: /* basetype: TK_SIPSSIZET  */
++#line 4703 "parser.y"
++                     {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = ssize_type;
+         }
++#line 8366 "../parser.c"
+     break;
+ 
+-  case 589:
+-#line 4681 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 590: /* basetype: TK_SIZET  */
++#line 4707 "parser.y"
++                 {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = size_type;
+         }
++#line 8375 "../parser.c"
+     break;
+ 
+-  case 590:
+-#line 4685 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 591: /* basetype: TK_ELLIPSIS  */
++#line 4711 "parser.y"
++                    {
+             memset(&(yyval.memArg), 0, sizeof (argDef));
+             (yyval.memArg).atype = ellipsis_type;
+         }
++#line 8384 "../parser.c"
+     break;
+ 
+-  case 591:
+-#line 4691 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 592: /* cpptypelist: cpptype  */
++#line 4717 "parser.y"
++                        {
+             /* The single or first type. */
+ 
+-            (yyval.signature).args[0] = (yyvsp[(1) - (1)].memArg);
++            (yyval.signature).args[0] = (yyvsp[0].memArg);
+             (yyval.signature).nrArgs = 1;
+         }
++#line 8395 "../parser.c"
+     break;
+ 
+-  case 592:
+-#line 4697 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 593: /* cpptypelist: cpptypelist ',' cpptype  */
++#line 4723 "parser.y"
++                                {
+             /* Check there is nothing after an ellipsis. */
+-            if ((yyvsp[(1) - (3)].signature).args[(yyvsp[(1) - (3)].signature).nrArgs - 1].atype == ellipsis_type)
++            if ((yyvsp[-2].signature).args[(yyvsp[-2].signature).nrArgs - 1].atype == ellipsis_type)
+                 yyerror("An ellipsis must be at the end of the argument list");
+ 
+             /* Check there is room. */
+-            if ((yyvsp[(1) - (3)].signature).nrArgs == MAX_NR_ARGS)
++            if ((yyvsp[-2].signature).nrArgs == MAX_NR_ARGS)
+                 yyerror("Internal error - increase the value of MAX_NR_ARGS");
+ 
+-            (yyval.signature) = (yyvsp[(1) - (3)].signature);
++            (yyval.signature) = (yyvsp[-2].signature);
+ 
+-            (yyval.signature).args[(yyval.signature).nrArgs] = (yyvsp[(3) - (3)].memArg);
++            (yyval.signature).args[(yyval.signature).nrArgs] = (yyvsp[0].memArg);
+             (yyval.signature).nrArgs++;
+         }
++#line 8414 "../parser.c"
+     break;
+ 
+-  case 593:
+-#line 4713 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 594: /* optexceptions: %empty  */
++#line 4739 "parser.y"
++                {
+             (yyval.throwlist) = NULL;
+         }
++#line 8422 "../parser.c"
+     break;
+ 
+-  case 594:
+-#line 4716 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 595: /* optexceptions: TK_THROW '(' exceptionlist ')'  */
++#line 4742 "parser.y"
++                                       {
+             if (currentSpec->genc)
+                 yyerror("Exceptions not allowed in a C module");
+ 
+-            (yyval.throwlist) = (yyvsp[(3) - (4)].throwlist);
++            (yyval.throwlist) = (yyvsp[-1].throwlist);
+         }
++#line 8433 "../parser.c"
+     break;
+ 
+-  case 595:
+-#line 4724 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 596: /* exceptionlist: %empty  */
++#line 4750 "parser.y"
++                {
+             /* Empty list so use a blank. */
+ 
+             (yyval.throwlist) = sipMalloc(sizeof (throwArgs));
+             (yyval.throwlist) -> nrArgs = 0;
+         }
++#line 8444 "../parser.c"
+     break;
+ 
+-  case 596:
+-#line 4730 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 597: /* exceptionlist: scopedname  */
++#line 4756 "parser.y"
++                   {
+             /* The only or first exception. */
+ 
+             (yyval.throwlist) = sipMalloc(sizeof (throwArgs));
+             (yyval.throwlist) -> nrArgs = 1;
+-            (yyval.throwlist) -> args[0] = findException(currentSpec, (yyvsp[(1) - (1)].scpvalp), FALSE);
++            (yyval.throwlist) -> args[0] = findException(currentSpec, (yyvsp[0].scpvalp), FALSE);
+         }
++#line 8456 "../parser.c"
+     break;
+ 
+-  case 597:
+-#line 4737 "sip-4.19.23/sipgen/metasrc/parser.y"
+-    {
++  case 598: /* exceptionlist: exceptionlist ',' scopedname  */
++#line 4763 "parser.y"
++                                     {
+             /* Check that it wasn't ...(,arg...). */
+ 
+-            if ((yyvsp[(1) - (3)].throwlist) -> nrArgs == 0)
++            if ((yyvsp[-2].throwlist) -> nrArgs == 0)
+                 yyerror("First exception of throw specifier is missing");
+ 
+             /* Check there is room. */
+ 
+-            if ((yyvsp[(1) - (3)].throwlist) -> nrArgs == MAX_NR_ARGS)
++            if ((yyvsp[-2].throwlist) -> nrArgs == MAX_NR_ARGS)
+                 yyerror("Internal error - increase the value of MAX_NR_ARGS");
+ 
+-            (yyval.throwlist) = (yyvsp[(1) - (3)].throwlist);
+-            (yyval.throwlist) -> args[(yyval.throwlist) -> nrArgs++] = findException(currentSpec, (yyvsp[(3) - (3)].scpvalp), FALSE);
++            (yyval.throwlist) = (yyvsp[-2].throwlist);
++            (yyval.throwlist) -> args[(yyval.throwlist) -> nrArgs++] = findException(currentSpec, (yyvsp[0].scpvalp), FALSE);
+         }
++#line 8475 "../parser.c"
+     break;
+ 
+ 
+-/* Line 1267 of yacc.c.  */
+-#line 8408 "sip-4.19.23/sipgen/parser.c"
++#line 8479 "../parser.c"
++
+       default: break;
+     }
+-  YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
++  /* User semantic actions sometimes alter yychar, and that requires
++     that yytoken be updated with the new translation.  We take the
++     approach of translating immediately before every use of yytoken.
++     One alternative is translating here after every semantic action,
++     but that translation would be missed if the semantic action invokes
++     YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or
++     if it invokes YYBACKUP.  In the case of YYABORT or YYACCEPT, an
++     incorrect destructor might then be invoked immediately.  In the
++     case of YYERROR or YYBACKUP, subsequent parser actions might lead
++     to an incorrect destructor call or verbose syntax error message
++     before the lookahead is translated.  */
++  YY_SYMBOL_PRINT ("-> $$ =", YY_CAST (yysymbol_kind_t, yyr1[yyn]), &yyval, &yyloc);
+ 
+   YYPOPSTACK (yylen);
+   yylen = 0;
+-  YY_STACK_PRINT (yyss, yyssp);
+ 
+   *++yyvsp = yyval;
+ 
+-
+-  /* Now `shift' the result of the reduction.  Determine what state
++  /* Now 'shift' the result of the reduction.  Determine what state
+      that goes to, based on the state we popped back to and the rule
+      number reduced by.  */
+-
+-  yyn = yyr1[yyn];
+-
+-  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
+-  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
+-    yystate = yytable[yystate];
+-  else
+-    yystate = yydefgoto[yyn - YYNTOKENS];
++  {
++    const int yylhs = yyr1[yyn] - YYNTOKENS;
++    const int yyi = yypgoto[yylhs] + *yyssp;
++    yystate = (0 <= yyi && yyi <= YYLAST && yycheck[yyi] == *yyssp
++               ? yytable[yyi]
++               : yydefgoto[yylhs]);
++  }
+ 
+   goto yynewstate;
+ 
+ 
+-/*------------------------------------.
+-| yyerrlab -- here on detecting error |
+-`------------------------------------*/
++/*--------------------------------------.
++| yyerrlab -- here on detecting error.  |
++`--------------------------------------*/
+ yyerrlab:
++  /* Make sure we have latest lookahead translation.  See comments at
++     user semantic actions for why this is necessary.  */
++  yytoken = yychar == YYEMPTY ? YYSYMBOL_YYEMPTY : YYTRANSLATE (yychar);
+   /* If not already recovering from an error, report this error.  */
+   if (!yyerrstatus)
+     {
+       ++yynerrs;
+-#if ! YYERROR_VERBOSE
+       yyerror (YY_("syntax error"));
+-#else
+-      {
+-	YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
+-	if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
+-	  {
+-	    YYSIZE_T yyalloc = 2 * yysize;
+-	    if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
+-	      yyalloc = YYSTACK_ALLOC_MAXIMUM;
+-	    if (yymsg != yymsgbuf)
+-	      YYSTACK_FREE (yymsg);
+-	    yymsg = (char *) YYSTACK_ALLOC (yyalloc);
+-	    if (yymsg)
+-	      yymsg_alloc = yyalloc;
+-	    else
+-	      {
+-		yymsg = yymsgbuf;
+-		yymsg_alloc = sizeof yymsgbuf;
+-	      }
+-	  }
+-
+-	if (0 < yysize && yysize <= yymsg_alloc)
+-	  {
+-	    (void) yysyntax_error (yymsg, yystate, yychar);
+-	    yyerror (yymsg);
+-	  }
+-	else
+-	  {
+-	    yyerror (YY_("syntax error"));
+-	    if (yysize != 0)
+-	      goto yyexhaustedlab;
+-	  }
+-      }
+-#endif
+     }
+ 
+-
+-
+   if (yyerrstatus == 3)
+     {
+-      /* If just tried and failed to reuse look-ahead token after an
+-	 error, discard it.  */
++      /* If just tried and failed to reuse lookahead token after an
++         error, discard it.  */
+ 
+       if (yychar <= YYEOF)
+-	{
+-	  /* Return failure if at end of input.  */
+-	  if (yychar == YYEOF)
+-	    YYABORT;
+-	}
++        {
++          /* Return failure if at end of input.  */
++          if (yychar == YYEOF)
++            YYABORT;
++        }
+       else
+-	{
+-	  yydestruct ("Error: discarding",
+-		      yytoken, &yylval);
+-	  yychar = YYEMPTY;
+-	}
++        {
++          yydestruct ("Error: discarding",
++                      yytoken, &yylval);
++          yychar = YYEMPTY;
++        }
+     }
+ 
+-  /* Else will try to reuse look-ahead token after shifting the error
++  /* Else will try to reuse lookahead token after shifting the error
+      token.  */
+   goto yyerrlab1;
+ 
+@@ -8506,14 +8553,13 @@ yyerrlab:
+ | yyerrorlab -- error raised explicitly by YYERROR.  |
+ `---------------------------------------------------*/
+ yyerrorlab:
++  /* Pacify compilers when the user code never invokes YYERROR and the
++     label yyerrorlab therefore never appears in user code.  */
++  if (0)
++    YYERROR;
++  ++yynerrs;
+ 
+-  /* Pacify compilers like GCC when the user code never invokes
+-     YYERROR and the label yyerrorlab therefore never appears in user
+-     code.  */
+-  if (/*CONSTCOND*/ 0)
+-     goto yyerrorlab;
+-
+-  /* Do not reclaim the symbols of the rule which action triggered
++  /* Do not reclaim the symbols of the rule whose action triggered
+      this YYERROR.  */
+   YYPOPSTACK (yylen);
+   yylen = 0;
+@@ -8526,42 +8572,42 @@ yyerrorlab:
+ | yyerrlab1 -- common code for both syntax error and YYERROR.  |
+ `-------------------------------------------------------------*/
+ yyerrlab1:
+-  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
++  yyerrstatus = 3;      /* Each real token shifted decrements this.  */
+ 
++  /* Pop stack until we find a state that shifts the error token.  */
+   for (;;)
+     {
+       yyn = yypact[yystate];
+-      if (yyn != YYPACT_NINF)
+-	{
+-	  yyn += YYTERROR;
+-	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
+-	    {
+-	      yyn = yytable[yyn];
+-	      if (0 < yyn)
+-		break;
+-	    }
+-	}
++      if (!yypact_value_is_default (yyn))
++        {
++          yyn += YYSYMBOL_YYerror;
++          if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYSYMBOL_YYerror)
++            {
++              yyn = yytable[yyn];
++              if (0 < yyn)
++                break;
++            }
++        }
+ 
+       /* Pop the current state because it cannot handle the error token.  */
+       if (yyssp == yyss)
+-	YYABORT;
++        YYABORT;
+ 
+ 
+       yydestruct ("Error: popping",
+-		  yystos[yystate], yyvsp);
++                  YY_ACCESSING_SYMBOL (yystate), yyvsp);
+       YYPOPSTACK (1);
+       yystate = *yyssp;
+       YY_STACK_PRINT (yyss, yyssp);
+     }
+ 
+-  if (yyn == YYFINAL)
+-    YYACCEPT;
+-
++  YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
+   *++yyvsp = yylval;
++  YY_IGNORE_MAYBE_UNINITIALIZED_END
+ 
+ 
+   /* Shift the error token.  */
+-  YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
++  YY_SYMBOL_PRINT ("Shifting", YY_ACCESSING_SYMBOL (yyn), yyvsp, yylsp);
+ 
+   yystate = yyn;
+   goto yynewstate;
+@@ -8572,53 +8618,57 @@ yyerrlab1:
+ `-------------------------------------*/
+ yyacceptlab:
+   yyresult = 0;
+-  goto yyreturn;
++  goto yyreturnlab;
++
+ 
+ /*-----------------------------------.
+ | yyabortlab -- YYABORT comes here.  |
+ `-----------------------------------*/
+ yyabortlab:
+   yyresult = 1;
+-  goto yyreturn;
++  goto yyreturnlab;
+ 
+-#ifndef yyoverflow
+-/*-------------------------------------------------.
+-| yyexhaustedlab -- memory exhaustion comes here.  |
+-`-------------------------------------------------*/
++
++/*-----------------------------------------------------------.
++| yyexhaustedlab -- YYNOMEM (memory exhaustion) comes here.  |
++`-----------------------------------------------------------*/
+ yyexhaustedlab:
+   yyerror (YY_("memory exhausted"));
+   yyresult = 2;
+-  /* Fall through.  */
+-#endif
++  goto yyreturnlab;
++
+ 
+-yyreturn:
+-  if (yychar != YYEOF && yychar != YYEMPTY)
+-     yydestruct ("Cleanup: discarding lookahead",
+-		 yytoken, &yylval);
+-  /* Do not reclaim the symbols of the rule which action triggered
++/*----------------------------------------------------------.
++| yyreturnlab -- parsing is finished, clean up and return.  |
++`----------------------------------------------------------*/
++yyreturnlab:
++  if (yychar != YYEMPTY)
++    {
++      /* Make sure we have latest lookahead translation.  See comments at
++         user semantic actions for why this is necessary.  */
++      yytoken = YYTRANSLATE (yychar);
++      yydestruct ("Cleanup: discarding lookahead",
++                  yytoken, &yylval);
++    }
++  /* Do not reclaim the symbols of the rule whose action triggered
+      this YYABORT or YYACCEPT.  */
+   YYPOPSTACK (yylen);
+   YY_STACK_PRINT (yyss, yyssp);
+   while (yyssp != yyss)
+     {
+       yydestruct ("Cleanup: popping",
+-		  yystos[*yyssp], yyvsp);
++                  YY_ACCESSING_SYMBOL (+*yyssp), yyvsp);
+       YYPOPSTACK (1);
+     }
+ #ifndef yyoverflow
+   if (yyss != yyssa)
+     YYSTACK_FREE (yyss);
+ #endif
+-#if YYERROR_VERBOSE
+-  if (yymsg != yymsgbuf)
+-    YYSTACK_FREE (yymsg);
+-#endif
+-  /* Make sure YYID is used.  */
+-  return YYID (yyresult);
+-}
+ 
++  return yyresult;
++}
+ 
+-#line 4753 "sip-4.19.23/sipgen/metasrc/parser.y"
++#line 4779 "parser.y"
+ 
+ 
+ 
+@@ -13382,9 +13432,9 @@ static void addProperty(sipSpec *pt, mod
+  */
+ static moduleDef *configureModule(sipSpec *pt, moduleDef *module,
+         const char *filename, const char *name, int c_module, KwArgs kwargs,
+-        int use_arg_names, int use_limited_api, int call_super_init,
+-        int all_raise_py_exc, const char *def_error_handler,
+-        docstringDef *docstring)
++        int use_arg_names, int py_ssize_t_clean, int use_limited_api,
++        int call_super_init, int all_raise_py_exc,
++        const char *def_error_handler, docstringDef *docstring)
+ {
+     moduleDef *mod;
+ 
+@@ -13418,6 +13468,9 @@ static moduleDef *configureModule(sipSpe
+     if (use_arg_names)
+         setUseArgNames(module);
+ 
++    if (py_ssize_t_clean)
++        setPY_SSIZE_T_CLEAN(module);
++
+     if (use_limited_api)
+         setUseLimitedAPI(module);
+ 
+@@ -13597,4 +13650,3 @@ static void checkEllipsis(signatureDef *
+         if (sd->args[a].atype == ellipsis_type && a < sd->nrArgs - 1)
+             yyerror("An ellipsis must be at the end of the argument list if /NoArgParser/ is not specified");
+ }
+-
+Index: sip-4.19.23/sipgen/parser.h
+===================================================================
+--- sip-4.19.23.orig/sipgen/parser.h
++++ sip-4.19.23/sipgen/parser.h
+@@ -1,14 +1,14 @@
+-/* A Bison parser, made by GNU Bison 2.3.  */
++/* A Bison parser, made by GNU Bison 3.8.2.  */
+ 
+-/* Skeleton interface for Bison's Yacc-like parsers in C
++/* Bison interface for Yacc-like parsers in C
+ 
+-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+-   Free Software Foundation, Inc.
++   Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2021 Free Software Foundation,
++   Inc.
+ 
+-   This program is free software; you can redistribute it and/or modify
++   This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+-   the Free Software Foundation; either version 2, or (at your option)
+-   any later version.
++   the Free Software Foundation, either version 3 of the License, or
++   (at your option) any later version.
+ 
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+@@ -16,9 +16,7 @@
+    GNU General Public License for more details.
+ 
+    You should have received a copy of the GNU General Public License
+-   along with this program; if not, write to the Free Software
+-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
+-   Boston, MA 02110-1301, USA.  */
++   along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
+ 
+ /* As a special exception, you may create a larger work that contains
+    part or all of the Bison parser skeleton and distribute that work
+@@ -33,164 +31,187 @@
+    This special exception was added by the Free Software Foundation in
+    version 2.2 of Bison.  */
+ 
+-/* Tokens.  */
++/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual,
++   especially those whose name start with YY_ or yy_.  They are
++   private implementation details that can be changed or removed.  */
++
++#ifndef YY_YY_PARSER_H_INCLUDED
++# define YY_YY_PARSER_H_INCLUDED
++/* Debug traces.  */
++#ifndef YYDEBUG
++# define YYDEBUG 0
++#endif
++#if YYDEBUG
++extern int yydebug;
++#endif
++
++/* Token kinds.  */
+ #ifndef YYTOKENTYPE
+ # define YYTOKENTYPE
+-   /* Put the tokens into the symbol table, so that GDB and other debuggers
+-      know about them.  */
+-   enum yytokentype {
+-     TK_API = 258,
+-     TK_AUTOPYNAME = 259,
+-     TK_DEFDOCSTRFMT = 260,
+-     TK_DEFDOCSTRSIG = 261,
+-     TK_DEFENCODING = 262,
+-     TK_PLUGIN = 263,
+-     TK_VIRTERRORHANDLER = 264,
+-     TK_EXPTYPEHINTCODE = 265,
+-     TK_TYPEHINTCODE = 266,
+-     TK_DOCSTRING = 267,
+-     TK_DOC = 268,
+-     TK_EXPORTEDDOC = 269,
+-     TK_EXTRACT = 270,
+-     TK_MAKEFILE = 271,
+-     TK_ACCESSCODE = 272,
+-     TK_GETCODE = 273,
+-     TK_SETCODE = 274,
+-     TK_PREINITCODE = 275,
+-     TK_INITCODE = 276,
+-     TK_POSTINITCODE = 277,
+-     TK_FINALCODE = 278,
+-     TK_UNITCODE = 279,
+-     TK_UNITPOSTINCLUDECODE = 280,
+-     TK_MODCODE = 281,
+-     TK_TYPECODE = 282,
+-     TK_PREPYCODE = 283,
+-     TK_COPYING = 284,
+-     TK_MAPPEDTYPE = 285,
+-     TK_CODELINE = 286,
+-     TK_IF = 287,
+-     TK_END = 288,
+-     TK_NAME_VALUE = 289,
+-     TK_PATH_VALUE = 290,
+-     TK_STRING_VALUE = 291,
+-     TK_VIRTUALCATCHERCODE = 292,
+-     TK_TRAVERSECODE = 293,
+-     TK_CLEARCODE = 294,
+-     TK_GETBUFFERCODE = 295,
+-     TK_RELEASEBUFFERCODE = 296,
+-     TK_READBUFFERCODE = 297,
+-     TK_WRITEBUFFERCODE = 298,
+-     TK_SEGCOUNTCODE = 299,
+-     TK_CHARBUFFERCODE = 300,
+-     TK_PICKLECODE = 301,
+-     TK_VIRTUALCALLCODE = 302,
+-     TK_METHODCODE = 303,
+-     TK_PREMETHODCODE = 304,
+-     TK_INSTANCECODE = 305,
+-     TK_FROMTYPE = 306,
+-     TK_TOTYPE = 307,
+-     TK_TOSUBCLASS = 308,
+-     TK_INCLUDE = 309,
+-     TK_OPTINCLUDE = 310,
+-     TK_IMPORT = 311,
+-     TK_EXPHEADERCODE = 312,
+-     TK_MODHEADERCODE = 313,
+-     TK_TYPEHEADERCODE = 314,
+-     TK_MODULE = 315,
+-     TK_CMODULE = 316,
+-     TK_CONSMODULE = 317,
+-     TK_COMPOMODULE = 318,
+-     TK_CLASS = 319,
+-     TK_STRUCT = 320,
+-     TK_PUBLIC = 321,
+-     TK_PROTECTED = 322,
+-     TK_PRIVATE = 323,
+-     TK_SIGNALS = 324,
+-     TK_SIGNAL_METHOD = 325,
+-     TK_SLOTS = 326,
+-     TK_SLOT_METHOD = 327,
+-     TK_BOOL = 328,
+-     TK_SHORT = 329,
+-     TK_INT = 330,
+-     TK_LONG = 331,
+-     TK_FLOAT = 332,
+-     TK_DOUBLE = 333,
+-     TK_CHAR = 334,
+-     TK_WCHAR_T = 335,
+-     TK_VOID = 336,
+-     TK_PYOBJECT = 337,
+-     TK_PYTUPLE = 338,
+-     TK_PYLIST = 339,
+-     TK_PYDICT = 340,
+-     TK_PYCALLABLE = 341,
+-     TK_PYSLICE = 342,
+-     TK_PYTYPE = 343,
+-     TK_PYBUFFER = 344,
+-     TK_VIRTUAL = 345,
+-     TK_ENUM = 346,
+-     TK_SIGNED = 347,
+-     TK_UNSIGNED = 348,
+-     TK_SCOPE = 349,
+-     TK_LOGICAL_OR = 350,
+-     TK_CONST = 351,
+-     TK_STATIC = 352,
+-     TK_SIPSIGNAL = 353,
+-     TK_SIPSLOT = 354,
+-     TK_SIPANYSLOT = 355,
+-     TK_SIPRXCON = 356,
+-     TK_SIPRXDIS = 357,
+-     TK_SIPSLOTCON = 358,
+-     TK_SIPSLOTDIS = 359,
+-     TK_SIPSSIZET = 360,
+-     TK_SIZET = 361,
+-     TK_NUMBER_VALUE = 362,
+-     TK_REAL_VALUE = 363,
+-     TK_TYPEDEF = 364,
+-     TK_NAMESPACE = 365,
+-     TK_TIMELINE = 366,
+-     TK_PLATFORMS = 367,
+-     TK_FEATURE = 368,
+-     TK_LICENSE = 369,
+-     TK_QCHAR_VALUE = 370,
+-     TK_TRUE_VALUE = 371,
+-     TK_FALSE_VALUE = 372,
+-     TK_NULL_VALUE = 373,
+-     TK_OPERATOR = 374,
+-     TK_THROW = 375,
+-     TK_QOBJECT = 376,
+-     TK_EXCEPTION = 377,
+-     TK_RAISECODE = 378,
+-     TK_EXPLICIT = 379,
+-     TK_TEMPLATE = 380,
+-     TK_FINAL = 381,
+-     TK_ELLIPSIS = 382,
+-     TK_DEFMETATYPE = 383,
+-     TK_DEFSUPERTYPE = 384,
+-     TK_PROPERTY = 385,
+-     TK_HIDE_NS = 386,
+-     TK_FORMAT = 387,
+-     TK_GET = 388,
+-     TK_ID = 389,
+-     TK_KWARGS = 390,
+-     TK_LANGUAGE = 391,
+-     TK_LICENSEE = 392,
+-     TK_NAME = 393,
+-     TK_OPTIONAL = 394,
+-     TK_ORDER = 395,
+-     TK_REMOVELEADING = 396,
+-     TK_SET = 397,
+-     TK_SIGNATURE = 398,
+-     TK_TIMESTAMP = 399,
+-     TK_TYPE = 400,
+-     TK_USEARGNAMES = 401,
+-     TK_USELIMITEDAPI = 402,
+-     TK_ALLRAISEPYEXC = 403,
+-     TK_CALLSUPERINIT = 404,
+-     TK_DEFERRORHANDLER = 405,
+-     TK_VERSION = 406
+-   };
++  enum yytokentype
++  {
++    YYEMPTY = -2,
++    YYEOF = 0,                     /* "end of file"  */
++    YYerror = 256,                 /* error  */
++    YYUNDEF = 257,                 /* "invalid token"  */
++    TK_API = 258,                  /* TK_API  */
++    TK_AUTOPYNAME = 259,           /* TK_AUTOPYNAME  */
++    TK_DEFDOCSTRFMT = 260,         /* TK_DEFDOCSTRFMT  */
++    TK_DEFDOCSTRSIG = 261,         /* TK_DEFDOCSTRSIG  */
++    TK_DEFENCODING = 262,          /* TK_DEFENCODING  */
++    TK_PLUGIN = 263,               /* TK_PLUGIN  */
++    TK_VIRTERRORHANDLER = 264,     /* TK_VIRTERRORHANDLER  */
++    TK_EXPTYPEHINTCODE = 265,      /* TK_EXPTYPEHINTCODE  */
++    TK_TYPEHINTCODE = 266,         /* TK_TYPEHINTCODE  */
++    TK_DOCSTRING = 267,            /* TK_DOCSTRING  */
++    TK_DOC = 268,                  /* TK_DOC  */
++    TK_EXPORTEDDOC = 269,          /* TK_EXPORTEDDOC  */
++    TK_EXTRACT = 270,              /* TK_EXTRACT  */
++    TK_MAKEFILE = 271,             /* TK_MAKEFILE  */
++    TK_ACCESSCODE = 272,           /* TK_ACCESSCODE  */
++    TK_GETCODE = 273,              /* TK_GETCODE  */
++    TK_SETCODE = 274,              /* TK_SETCODE  */
++    TK_PREINITCODE = 275,          /* TK_PREINITCODE  */
++    TK_INITCODE = 276,             /* TK_INITCODE  */
++    TK_POSTINITCODE = 277,         /* TK_POSTINITCODE  */
++    TK_FINALCODE = 278,            /* TK_FINALCODE  */
++    TK_UNITCODE = 279,             /* TK_UNITCODE  */
++    TK_UNITPOSTINCLUDECODE = 280,  /* TK_UNITPOSTINCLUDECODE  */
++    TK_MODCODE = 281,              /* TK_MODCODE  */
++    TK_TYPECODE = 282,             /* TK_TYPECODE  */
++    TK_PREPYCODE = 283,            /* TK_PREPYCODE  */
++    TK_COPYING = 284,              /* TK_COPYING  */
++    TK_MAPPEDTYPE = 285,           /* TK_MAPPEDTYPE  */
++    TK_CODELINE = 286,             /* TK_CODELINE  */
++    TK_IF = 287,                   /* TK_IF  */
++    TK_END = 288,                  /* TK_END  */
++    TK_NAME_VALUE = 289,           /* TK_NAME_VALUE  */
++    TK_PATH_VALUE = 290,           /* TK_PATH_VALUE  */
++    TK_STRING_VALUE = 291,         /* TK_STRING_VALUE  */
++    TK_VIRTUALCATCHERCODE = 292,   /* TK_VIRTUALCATCHERCODE  */
++    TK_TRAVERSECODE = 293,         /* TK_TRAVERSECODE  */
++    TK_CLEARCODE = 294,            /* TK_CLEARCODE  */
++    TK_GETBUFFERCODE = 295,        /* TK_GETBUFFERCODE  */
++    TK_RELEASEBUFFERCODE = 296,    /* TK_RELEASEBUFFERCODE  */
++    TK_READBUFFERCODE = 297,       /* TK_READBUFFERCODE  */
++    TK_WRITEBUFFERCODE = 298,      /* TK_WRITEBUFFERCODE  */
++    TK_SEGCOUNTCODE = 299,         /* TK_SEGCOUNTCODE  */
++    TK_CHARBUFFERCODE = 300,       /* TK_CHARBUFFERCODE  */
++    TK_PICKLECODE = 301,           /* TK_PICKLECODE  */
++    TK_VIRTUALCALLCODE = 302,      /* TK_VIRTUALCALLCODE  */
++    TK_METHODCODE = 303,           /* TK_METHODCODE  */
++    TK_PREMETHODCODE = 304,        /* TK_PREMETHODCODE  */
++    TK_INSTANCECODE = 305,         /* TK_INSTANCECODE  */
++    TK_FROMTYPE = 306,             /* TK_FROMTYPE  */
++    TK_TOTYPE = 307,               /* TK_TOTYPE  */
++    TK_TOSUBCLASS = 308,           /* TK_TOSUBCLASS  */
++    TK_INCLUDE = 309,              /* TK_INCLUDE  */
++    TK_OPTINCLUDE = 310,           /* TK_OPTINCLUDE  */
++    TK_IMPORT = 311,               /* TK_IMPORT  */
++    TK_EXPHEADERCODE = 312,        /* TK_EXPHEADERCODE  */
++    TK_MODHEADERCODE = 313,        /* TK_MODHEADERCODE  */
++    TK_TYPEHEADERCODE = 314,       /* TK_TYPEHEADERCODE  */
++    TK_MODULE = 315,               /* TK_MODULE  */
++    TK_CMODULE = 316,              /* TK_CMODULE  */
++    TK_CONSMODULE = 317,           /* TK_CONSMODULE  */
++    TK_COMPOMODULE = 318,          /* TK_COMPOMODULE  */
++    TK_CLASS = 319,                /* TK_CLASS  */
++    TK_STRUCT = 320,               /* TK_STRUCT  */
++    TK_PUBLIC = 321,               /* TK_PUBLIC  */
++    TK_PROTECTED = 322,            /* TK_PROTECTED  */
++    TK_PRIVATE = 323,              /* TK_PRIVATE  */
++    TK_SIGNALS = 324,              /* TK_SIGNALS  */
++    TK_SIGNAL_METHOD = 325,        /* TK_SIGNAL_METHOD  */
++    TK_SLOTS = 326,                /* TK_SLOTS  */
++    TK_SLOT_METHOD = 327,          /* TK_SLOT_METHOD  */
++    TK_BOOL = 328,                 /* TK_BOOL  */
++    TK_SHORT = 329,                /* TK_SHORT  */
++    TK_INT = 330,                  /* TK_INT  */
++    TK_LONG = 331,                 /* TK_LONG  */
++    TK_FLOAT = 332,                /* TK_FLOAT  */
++    TK_DOUBLE = 333,               /* TK_DOUBLE  */
++    TK_CHAR = 334,                 /* TK_CHAR  */
++    TK_WCHAR_T = 335,              /* TK_WCHAR_T  */
++    TK_VOID = 336,                 /* TK_VOID  */
++    TK_PYOBJECT = 337,             /* TK_PYOBJECT  */
++    TK_PYTUPLE = 338,              /* TK_PYTUPLE  */
++    TK_PYLIST = 339,               /* TK_PYLIST  */
++    TK_PYDICT = 340,               /* TK_PYDICT  */
++    TK_PYCALLABLE = 341,           /* TK_PYCALLABLE  */
++    TK_PYSLICE = 342,              /* TK_PYSLICE  */
++    TK_PYTYPE = 343,               /* TK_PYTYPE  */
++    TK_PYBUFFER = 344,             /* TK_PYBUFFER  */
++    TK_VIRTUAL = 345,              /* TK_VIRTUAL  */
++    TK_ENUM = 346,                 /* TK_ENUM  */
++    TK_SIGNED = 347,               /* TK_SIGNED  */
++    TK_UNSIGNED = 348,             /* TK_UNSIGNED  */
++    TK_SCOPE = 349,                /* TK_SCOPE  */
++    TK_LOGICAL_OR = 350,           /* TK_LOGICAL_OR  */
++    TK_CONST = 351,                /* TK_CONST  */
++    TK_STATIC = 352,               /* TK_STATIC  */
++    TK_SIPSIGNAL = 353,            /* TK_SIPSIGNAL  */
++    TK_SIPSLOT = 354,              /* TK_SIPSLOT  */
++    TK_SIPANYSLOT = 355,           /* TK_SIPANYSLOT  */
++    TK_SIPRXCON = 356,             /* TK_SIPRXCON  */
++    TK_SIPRXDIS = 357,             /* TK_SIPRXDIS  */
++    TK_SIPSLOTCON = 358,           /* TK_SIPSLOTCON  */
++    TK_SIPSLOTDIS = 359,           /* TK_SIPSLOTDIS  */
++    TK_SIPSSIZET = 360,            /* TK_SIPSSIZET  */
++    TK_SIZET = 361,                /* TK_SIZET  */
++    TK_NUMBER_VALUE = 362,         /* TK_NUMBER_VALUE  */
++    TK_REAL_VALUE = 363,           /* TK_REAL_VALUE  */
++    TK_TYPEDEF = 364,              /* TK_TYPEDEF  */
++    TK_NAMESPACE = 365,            /* TK_NAMESPACE  */
++    TK_TIMELINE = 366,             /* TK_TIMELINE  */
++    TK_PLATFORMS = 367,            /* TK_PLATFORMS  */
++    TK_FEATURE = 368,              /* TK_FEATURE  */
++    TK_LICENSE = 369,              /* TK_LICENSE  */
++    TK_QCHAR_VALUE = 370,          /* TK_QCHAR_VALUE  */
++    TK_TRUE_VALUE = 371,           /* TK_TRUE_VALUE  */
++    TK_FALSE_VALUE = 372,          /* TK_FALSE_VALUE  */
++    TK_NULL_VALUE = 373,           /* TK_NULL_VALUE  */
++    TK_OPERATOR = 374,             /* TK_OPERATOR  */
++    TK_THROW = 375,                /* TK_THROW  */
++    TK_QOBJECT = 376,              /* TK_QOBJECT  */
++    TK_EXCEPTION = 377,            /* TK_EXCEPTION  */
++    TK_RAISECODE = 378,            /* TK_RAISECODE  */
++    TK_EXPLICIT = 379,             /* TK_EXPLICIT  */
++    TK_TEMPLATE = 380,             /* TK_TEMPLATE  */
++    TK_FINAL = 381,                /* TK_FINAL  */
++    TK_ELLIPSIS = 382,             /* TK_ELLIPSIS  */
++    TK_DEFMETATYPE = 383,          /* TK_DEFMETATYPE  */
++    TK_DEFSUPERTYPE = 384,         /* TK_DEFSUPERTYPE  */
++    TK_PROPERTY = 385,             /* TK_PROPERTY  */
++    TK_HIDE_NS = 386,              /* TK_HIDE_NS  */
++    TK_FORMAT = 387,               /* TK_FORMAT  */
++    TK_GET = 388,                  /* TK_GET  */
++    TK_ID = 389,                   /* TK_ID  */
++    TK_KWARGS = 390,               /* TK_KWARGS  */
++    TK_LANGUAGE = 391,             /* TK_LANGUAGE  */
++    TK_LICENSEE = 392,             /* TK_LICENSEE  */
++    TK_NAME = 393,                 /* TK_NAME  */
++    TK_OPTIONAL = 394,             /* TK_OPTIONAL  */
++    TK_ORDER = 395,                /* TK_ORDER  */
++    TK_REMOVELEADING = 396,        /* TK_REMOVELEADING  */
++    TK_SET = 397,                  /* TK_SET  */
++    TK_SIGNATURE = 398,            /* TK_SIGNATURE  */
++    TK_TIMESTAMP = 399,            /* TK_TIMESTAMP  */
++    TK_TYPE = 400,                 /* TK_TYPE  */
++    TK_USEARGNAMES = 401,          /* TK_USEARGNAMES  */
++    TK_PYSSIZETCLEAN = 402,        /* TK_PYSSIZETCLEAN  */
++    TK_USELIMITEDAPI = 403,        /* TK_USELIMITEDAPI  */
++    TK_ALLRAISEPYEXC = 404,        /* TK_ALLRAISEPYEXC  */
++    TK_CALLSUPERINIT = 405,        /* TK_CALLSUPERINIT  */
++    TK_DEFERRORHANDLER = 406,      /* TK_DEFERRORHANDLER  */
++    TK_VERSION = 407               /* TK_VERSION  */
++  };
++  typedef enum yytokentype yytoken_kind_t;
+ #endif
+-/* Tokens.  */
++/* Token kinds.  */
++#define YYEMPTY -2
++#define YYEOF 0
++#define YYerror 256
++#define YYUNDEF 257
+ #define TK_API 258
+ #define TK_AUTOPYNAME 259
+ #define TK_DEFDOCSTRFMT 260
+@@ -335,19 +356,19 @@
+ #define TK_TIMESTAMP 399
+ #define TK_TYPE 400
+ #define TK_USEARGNAMES 401
+-#define TK_USELIMITEDAPI 402
+-#define TK_ALLRAISEPYEXC 403
+-#define TK_CALLSUPERINIT 404
+-#define TK_DEFERRORHANDLER 405
+-#define TK_VERSION 406
+-
+-
+-
++#define TK_PYSSIZETCLEAN 402
++#define TK_USELIMITEDAPI 403
++#define TK_ALLRAISEPYEXC 404
++#define TK_CALLSUPERINIT 405
++#define TK_DEFERRORHANDLER 406
++#define TK_VERSION 407
+ 
++/* Value type.  */
+ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+-typedef union YYSTYPE
+-#line 202 "sip-4.19.23/sipgen/metasrc/parser.y"
++union YYSTYPE
+ {
++#line 202 "parser.y"
++
+     char            qchar;
+     char            *text;
+     long            number;
+@@ -390,14 +411,20 @@ typedef union YYSTYPE
+     variableCfg     variable;
+     vehCfg          veh;
+     int             token;
+-}
+-/* Line 1529 of yacc.c.  */
+-#line 396 "sip-4.19.23/sipgen/parser.h"
+-	YYSTYPE;
+-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+-# define YYSTYPE_IS_DECLARED 1
++
++#line 416 "../parser.h"
++
++};
++typedef union YYSTYPE YYSTYPE;
+ # define YYSTYPE_IS_TRIVIAL 1
++# define YYSTYPE_IS_DECLARED 1
+ #endif
+ 
++
+ extern YYSTYPE yylval;
+ 
++
++int yyparse (void);
++
++
++#endif /* !YY_YY_PARSER_H_INCLUDED  */
diff --git a/meta-oe/recipes-devtools/sip/sip3_4.19.23.bb b/meta-oe/recipes-devtools/sip/sip3_4.19.23.bb
index d6335585e2..dc3db1fcd4 100644
--- a/meta-oe/recipes-devtools/sip/sip3_4.19.23.bb
+++ b/meta-oe/recipes-devtools/sip/sip3_4.19.23.bb
@@ -5,7 +5,9 @@ LICENSE = "GPL-2.0-or-later"
 LIC_FILES_CHKSUM = "file://LICENSE-GPL2;md5=e91355d8a6f8bd8f7c699d62863c7303"
 
 SRC_URI = "https://www.riverbankcomputing.com/static/Downloads/sip/${PV}/sip-${PV}.tar.gz \
+    file://added-the-py_ssize_t_clean-argument-to-the-module-directive.patch \
 "
+
 SRC_URI[md5sum] = "70adc0c9734e2d9dcd241d3f931dfc74"
 SRC_URI[sha256sum] = "22ca9bcec5388114e40d4aafd7ccd0c4fe072297b628d0c5cdfa2f010c0bc7e7"
 
@@ -29,11 +31,28 @@ do_configure:prepend() {
     echo "sip_inc_dir = ${D}/${includedir}" >> sip.cfg
     echo "sip_module_dir = ${D}/${libdir}/python%(py_major).%(py_minor)/site-packages" >> sip.cfg
     echo "sip_sip_dir = ${D}/${datadir}/sip" >> sip.cfg
-    ${PYTHON} configure.py --configuration sip.cfg --sip-module PyQt5.sip --sysroot ${CONFIGURE_SYSROOT} CC="${CC}" CXX="${CXX}" LINK="${CXX}" STRIP="" LINK_SHLIB="${CXX}" CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" LFLAGS="${LDFLAGS}"
+    ${PYTHON} configure.py --configuration sip.cfg --destdir /${D}${libdir}/${PYTHON_DIR}/site-packages/ --sip-module PyQt5.sip --sysroot ${CONFIGURE_SYSROOT} CC="${CC}" CXX="${CXX}" LINK="${CXX}" STRIP="" LINK_SHLIB="${CXX}" CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" LFLAGS="${LDFLAGS}"
 }
 
 do_install() {
     oe_runmake install
+
+    sed -i \
+         -e "s@[^ ]*-fdebug-prefix-map=[^ ']*@@g" \
+         -e "s@[^ ]*-fmacro-prefix-map=[^ ']*@@g" \
+         -e "s@[^ ]*-ffile-prefix-map=[^ ']*@@g" \
+         ${D}${libdir}/${PYTHON_DIR}/site-packages/sipconfig.py
+
+    # Remove the destination directory
+    sed -i -e "s@${D}/@@g" ${D}${libdir}/${PYTHON_DIR}/site-packages/sipconfig.py
+
+    if [ -n "${STAGING_DIR_NATIVE}" ]; then
+        sed -i -e "s@${STAGING_DIR_NATIVE}@@g" ${D}${libdir}/${PYTHON_DIR}/site-packages/sipconfig.py
+    fi
+
+    if [ -n "${STAGING_DIR_TARGET}" ]; then
+       sed -i -e "s@${STAGING_DIR_TARGET}@@g" ${D}${libdir}/${PYTHON_DIR}/site-packages/sipconfig.py
+    fi
 }
 
 FILES:python3-sip3 = "${libdir}/${PYTHON_DIR}/site-packages/"
diff --git a/meta-oe/recipes-devtools/suitesparse/suitesparse_5.10.1.bb b/meta-oe/recipes-devtools/suitesparse/suitesparse_5.10.1.bb
index 38e34b93c6..56cbfce20e 100644
--- a/meta-oe/recipes-devtools/suitesparse/suitesparse_5.10.1.bb
+++ b/meta-oe/recipes-devtools/suitesparse/suitesparse_5.10.1.bb
@@ -1,6 +1,6 @@
 LICENSE = "GPL-2.0-only & GPL-3.0-only & BSD-3-Clause & LGPL-2.0-only & Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5fa987762101f748a6cdd951b64ffc6b"
-SRC_URI = "git://github.com/DrTimothyAldenDavis/SuiteSparse;protocol=https;branch=master \
+SRC_URI = "git://github.com/DrTimothyAldenDavis/SuiteSparse;protocol=https;branch=stable \
            file://0001-Preserve-CXXFLAGS-from-environment-in-Mongoose.patch \
            file://0002-Preserve-links-when-installing-libmetis.patch \
            file://0003-Add-version-information-to-libmetis.patch \
diff --git a/meta-oe/recipes-devtools/unifex/unifex_git.bb b/meta-oe/recipes-devtools/unifex/unifex_git.bb
index 85fe39b6de..f55d7e32c8 100644
--- a/meta-oe/recipes-devtools/unifex/unifex_git.bb
+++ b/meta-oe/recipes-devtools/unifex/unifex_git.bb
@@ -20,5 +20,3 @@ EXTRA_OECMAKE += " \
     -DCMAKE_CXX_STANDARD=20 \
     -DUNIFEX_BUILD_EXAMPLES=OFF \
     "
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch b/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch
new file mode 100644
index 0000000000..169784d427
--- /dev/null
+++ b/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch
@@ -0,0 +1,29 @@
+From 23a122eddaa28165a6c219000adcc31ff9a8a698 Mon Sep 17 00:00:00 2001
+From: "zhang.jiujiu" <282627424@qq.com>
+Date: Tue, 7 Dec 2021 22:37:02 +0800
+Subject: [PATCH] fix memory leaks
+
+Upstream-Status: Backport [https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698]
+CVE: CVE-2023-33460
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/yajl_tree.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/yajl_tree.c b/src/yajl_tree.c
+index 3d357a3..a71167e 100644
+--- a/src/yajl_tree.c
++++ b/src/yajl_tree.c
+@@ -445,6 +445,9 @@ yajl_val yajl_tree_parse (const char *input,
+              YA_FREE(&(handle->alloc), internal_err_str);
+         }
+         yajl_free (handle);
++	//If the requested memory is not released in time, it will cause memory leakage
++	if(ctx.root)
++	     yajl_tree_free(ctx.root);
+         return NULL;
+     }
+ 
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb b/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb
index cf8dbb183e..697f54d9fb 100644
--- a/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb
+++ b/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb
@@ -8,7 +8,9 @@ HOMEPAGE = "http://lloyd.github.com/yajl/"
 LICENSE = "ISC"
 LIC_FILES_CHKSUM = "file://COPYING;md5=39af6eb42999852bdd3ea00ad120a36d"
 
-SRC_URI = "git://github.com/lloyd/yajl;branch=master;protocol=https"
+SRC_URI = "git://github.com/lloyd/yajl;branch=master;protocol=https \
+           file://CVE-2023-33460.patch \
+          "
 SRCREV = "a0ecdde0c042b9256170f2f8890dd9451a4240aa"
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch
new file mode 100644
index 0000000000..ae10e99c2f
--- /dev/null
+++ b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch
@@ -0,0 +1,29 @@
+From b2cc5a1693b17ac415df76d0795b15994c106441 Mon Sep 17 00:00:00 2001
+From: Katsuhiko Gondow <gondow@cs.titech.ac.jp>
+Date: Tue, 13 Jun 2023 05:00:47 +0900
+Subject: [PATCH] Fix memory leak in bin-objfmt (#231)
+
+Upstream-Status: Backport [https://github.com/yasm/yasm/commit/b2cc5a1693b17ac415df76d0795b15994c106441]
+
+CVE: CVE-2023-31975
+---
+ modules/objfmts/bin/bin-objfmt.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/modules/objfmts/bin/bin-objfmt.c b/modules/objfmts/bin/bin-objfmt.c
+index 18026750..a38c3422 100644
+--- a/modules/objfmts/bin/bin-objfmt.c
++++ b/modules/objfmts/bin/bin-objfmt.c
+@@ -1680,6 +1680,10 @@ static void
+ bin_section_data_destroy(void *data)
+ {
+     bin_section_data *bsd = (bin_section_data *)data;
++    if (bsd->align)
++        yasm_xfree(bsd->align);
++    if (bsd->valign)
++        yasm_xfree(bsd->valign);
+     if (bsd->start)
+         yasm_expr_destroy(bsd->start);
+     if (bsd->vstart)
+--
+2.40.0
diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch
new file mode 100644
index 0000000000..1ca33f0a92
--- /dev/null
+++ b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch
@@ -0,0 +1,41 @@
+From 2cd3bb50e256f5ed5f611ac611d25fe673f2cec3 Mon Sep 17 00:00:00 2001
+From: Peter Johnson <johnson.peter@gmail.com>
+Date: Fri, 11 Aug 2023 10:49:51 +0000
+Subject: [PATCH] elf.c: Fix NULL deref on bad xsize expression (#234)
+
+CVE: CVE-2023-37732
+
+Upstream-Status: Backport [https://github.com/yasm/yasm/commit/2cd3bb50e256f5ed5f611ac611d25fe673f2cec3]
+
+Signed-off-by: Soumya <soumya.sambu@windriver.com>
+---
+ modules/objfmts/elf/elf.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/modules/objfmts/elf/elf.c b/modules/objfmts/elf/elf.c
+index 2486bba8..bab4c9ca 100644
+--- a/modules/objfmts/elf/elf.c
++++ b/modules/objfmts/elf/elf.c
+@@ -482,15 +482,15 @@ elf_symtab_write_to_file(FILE *f, elf_symtab_head *symtab,
+
+         /* get size (if specified); expr overrides stored integer */
+         if (entry->xsize) {
+-            size_intn = yasm_intnum_copy(
+-                yasm_expr_get_intnum(&entry->xsize, 1));
+-            if (!size_intn) {
++            yasm_intnum *intn = yasm_expr_get_intnum(&entry->xsize, 1);
++            if (!intn) {
+                 yasm_error_set(YASM_ERROR_VALUE,
+                                N_("size specifier not an integer expression"));
+                 yasm_errwarn_propagate(errwarns, entry->xsize->line);
+-            }
++            } else
++                size_intn = yasm_intnum_copy(intn);
+         }
+-        else
++        if (!size_intn)
+             size_intn = yasm_intnum_create_uint(entry->size);
+
+         /* get EQU value for constants */
+--
+2.40.0
diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-oe/recipes-devtools/yasm/yasm_git.bb
index 044fcbea74..60b00f7ff4 100644
--- a/meta-oe/recipes-devtools/yasm/yasm_git.bb
+++ b/meta-oe/recipes-devtools/yasm/yasm_git.bb
@@ -11,6 +11,8 @@ PV = "1.3.0+git${SRCPV}"
 SRCREV = "ba463d3c26c0ece2e797b8d6381b161633b5971a"
 SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \
            file://0001-Do-not-use-AC_HEADER_STDC.patch \
+           file://CVE-2023-31975.patch \
+           file://CVE-2023-37732.patch \
 "
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/0001-Fix-memory-leak.patch b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/0001-Fix-memory-leak.patch
new file mode 100644
index 0000000000..72e3b9802d
--- /dev/null
+++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/0001-Fix-memory-leak.patch
@@ -0,0 +1,34 @@
+From b6149e203f919c899fefc702a17fbb78bdec3700 Mon Sep 17 00:00:00 2001
+From: Le Van Khanh <Khanh.LeVan@vn.bosch.com>
+Date: Thu, 9 Feb 2023 03:17:13 -0500
+Subject: [PATCH] Fix memory leak
+
+Free the ecuid_conf in case of memory alllocated
+
+CVE: CVE-2023-26257
+
+Upstream-Status: Backport
+[https://github.com/COVESA/dlt-daemon/pull/441/commits/b6149e203f919c899fefc702a17fbb78bdec3700]
+
+Signed-off-by: Le Van Khanh <Khanh.LeVan@vn.bosch.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/console/dlt-control-common.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/console/dlt-control-common.c b/src/console/dlt-control-common.c
+index abcaf92..64951c1 100644
+--- a/src/console/dlt-control-common.c
++++ b/src/console/dlt-control-common.c
+@@ -124,6 +124,8 @@ void set_ecuid(char *ecuid)
+             if (dlt_parse_config_param("ECUId", &ecuid_conf) == 0) {
+                 memset(local_ecuid, 0, DLT_CTRL_ECUID_LEN);
+                 strncpy(local_ecuid, ecuid_conf, DLT_CTRL_ECUID_LEN);
++                if (ecuid_conf !=NULL)
++                    free(ecuid_conf);
+                 local_ecuid[DLT_CTRL_ECUID_LEN - 1] = '\0';
+             }
+             else {
+--
+2.34.1
diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb
index 7a613bcc93..b98cfadf3e 100644
--- a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb
+++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb
@@ -18,6 +18,7 @@ SRC_URI = "git://github.com/GENIVI/${BPN}.git;protocol=https;branch=master \
            file://0002-Don-t-execute-processes-as-a-specific-user.patch \
            file://0004-Modify-systemd-config-directory.patch \
            file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \
+           file://0001-Fix-memory-leak.patch \
            "
 SRCREV = "6a3bd901d825c7206797e36ea98e10a218f5aad2"
 
diff --git a/meta-oe/recipes-extended/duktape/duktape_2.7.0.bb b/meta-oe/recipes-extended/duktape/duktape_2.7.0.bb
index 7674785437..583e8337e7 100644
--- a/meta-oe/recipes-extended/duktape/duktape_2.7.0.bb
+++ b/meta-oe/recipes-extended/duktape/duktape_2.7.0.bb
@@ -4,7 +4,11 @@ HOMEPAGE = "https://duktape.org"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b7825df97b52f926fc71300f7880408"
 
-SRC_URI = "https://duktape.org/duktape-${PV}.tar.xz"
+SRC_URI = "https://duktape.org/duktape-${PV}.tar.xz \
+           file://run-ptest \
+          "
+inherit ptest
+
 SRC_URI[sha256sum] = "90f8d2fa8b5567c6899830ddef2c03f3c27960b11aca222fa17aa7ac613c2890"
 
 EXTRA_OEMAKE = "INSTALL_PREFIX='${prefix}' DESTDIR='${D}' LIBDIR='/${baselib}'"
@@ -13,8 +17,24 @@ do_compile () {
     oe_runmake -f Makefile.sharedlibrary INSTALL_PREFIX="${prefix}" DESTDIR="${D}"
 }
 
+do_compile_ptest() {
+    oe_runmake -f Makefile.hello INSTALL_PREFIX="${prefix}" DESTDIR="${D}"
+    oe_runmake -f Makefile.eval INSTALL_PREFIX="${prefix}" DESTDIR="${D}"
+    oe_runmake -f Makefile.eventloop INSTALL_PREFIX="${prefix}" DESTDIR="${D}"
+}
+
 do_install () {
     oe_runmake -f Makefile.sharedlibrary INSTALL_PREFIX="${prefix}" DESTDIR="${D}" install
     # libduktaped is identical to libduktape but has an hard-coded -g build flags, remove it
     rm -f ${D}${libdir}/libduktaped.so*
 }
+
+do_install_ptest() {
+    install -m 0755 "${WORKDIR}/duktape-2.7.0/hello" "${D}${PTEST_PATH}"
+    install -m 0755 "${WORKDIR}/duktape-2.7.0/eval" "${D}${PTEST_PATH}"
+    install -m 0755 "${WORKDIR}/duktape-2.7.0/evloop" "${D}${PTEST_PATH}"
+    install -m 0755 "${WORKDIR}/duktape-2.7.0/examples/eventloop/timer-test.js" "${D}${PTEST_PATH}"
+    install -m 0755 "${WORKDIR}/duktape-2.7.0/examples/eventloop/ecma_eventloop.js" "${D}${PTEST_PATH}"
+}
+
+RDEPENDS_${PN}-ptest += "make"
diff --git a/meta-oe/recipes-extended/duktape/files/run-ptest b/meta-oe/recipes-extended/duktape/files/run-ptest
new file mode 100644
index 0000000000..852fb15de4
--- /dev/null
+++ b/meta-oe/recipes-extended/duktape/files/run-ptest
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+./hello &> $test.output 2>&1
+out="Hello world!"
+
+if grep -i "$out" $test.output 2>&1 ; then
+   echo "PASS: Hello duktape"
+else
+   echo "FAIL: Hello duktape"
+fi
+rm -f $test.output
+
+./eval "print('Hello world!'); 123;" > out.log
+
+sed -n '2p' out.log > eval.log
+sed -n '3p' out.log >> eval.log
+
+if grep  -w 'Hello world!\|123' eval.log 2>&1; then
+   echo "PASS: eval duktape"
+else
+   echo "FAIL: eval duktape"
+fi
+rm -f eval.log out.log
+
+./evloop timer-test.js > evloop.log 2>&1
+
+if grep -i "no active timers and no sockets to poll" evloop.log 2>&1; then
+   echo "PASS: evloop duktape"
+else
+   echo "FAIL: evloop duktape"
+fi
+rm -f evloop.log
diff --git a/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch b/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch
new file mode 100644
index 0000000000..bfeb9b405d
--- /dev/null
+++ b/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch
@@ -0,0 +1,77 @@
+From ac1f8db9a0790d2bf153711ff4cbf6101f89aace Mon Sep 17 00:00:00 2001
+From: Brice Goglin <Brice.Goglin@inria.fr>
+Date: Wed, 23 Aug 2023 19:52:47 +0200
+Subject: [PATCH] linux: handle glibc cpuset allocation failures
+
+Closes #544
+CVE-2022-47022
+
+Signed-off-by: Brice Goglin <Brice.Goglin@inria.fr>
+
+CVE: CVE-2022-47022
+
+Upstream-Status: Backport [https://github.com/open-mpi/hwloc/commit/ac1f8db9a0790d2bf153711ff4cbf6101f89aace]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ src/topology-linux.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/src/topology-linux.c b/src/topology-linux.c
+index 62c3b44..86be150 100644
+--- a/src/topology-linux.c
++++ b/src/topology-linux.c
+@@ -623,6 +623,8 @@ hwloc_linux_set_tid_cpubind(hwloc_topology_t topology __hwloc_attribute_unused,
+
+   setsize = CPU_ALLOC_SIZE(last+1);
+   plinux_set = CPU_ALLOC(last+1);
++  if (!plinux_set)
++    return -1;
+
+   CPU_ZERO_S(setsize, plinux_set);
+   hwloc_bitmap_foreach_begin(cpu, hwloc_set)
+@@ -703,7 +705,10 @@ hwloc_linux_find_kernel_nr_cpus(hwloc_topology_t topology)
+   while (1) {
+     cpu_set_t *set = CPU_ALLOC(nr_cpus);
+     size_t setsize = CPU_ALLOC_SIZE(nr_cpus);
+-    int err = sched_getaffinity(0, setsize, set); /* always works, unless setsize is too small */
++    int err;
++    if (!set)
++      return -1; /* caller will return an error, and we'll try again later */
++    err = sched_getaffinity(0, setsize, set); /* always works, unless setsize is too small */
+     CPU_FREE(set);
+     nr_cpus = setsize * 8; /* that's the value that was actually tested */
+     if (!err)
+@@ -732,8 +737,12 @@ hwloc_linux_get_tid_cpubind(hwloc_topology_t topology __hwloc_attribute_unused,
+
+   /* find the kernel nr_cpus so as to use a large enough cpu_set size */
+   kernel_nr_cpus = hwloc_linux_find_kernel_nr_cpus(topology);
++  if (kernel_nr_cpus < 0)
++    return -1;
+   setsize = CPU_ALLOC_SIZE(kernel_nr_cpus);
+   plinux_set = CPU_ALLOC(kernel_nr_cpus);
++  if (!plinux_set)
++    return -1;
+
+   err = sched_getaffinity(tid, setsize, plinux_set);
+
+@@ -1092,6 +1101,8 @@ hwloc_linux_set_thread_cpubind(hwloc_topology_t topology, pthread_t tid, hwloc_c
+
+      setsize = CPU_ALLOC_SIZE(last+1);
+      plinux_set = CPU_ALLOC(last+1);
++     if (!plinux_set)
++       return -1;
+
+      CPU_ZERO_S(setsize, plinux_set);
+      hwloc_bitmap_foreach_begin(cpu, hwloc_set)
+@@ -1184,6 +1195,8 @@ hwloc_linux_get_thread_cpubind(hwloc_topology_t topology, pthread_t tid, hwloc_b
+
+      setsize = CPU_ALLOC_SIZE(last+1);
+      plinux_set = CPU_ALLOC(last+1);
++     if (!plinux_set)
++       return -1;
+
+      err = pthread_getaffinity_np(tid, setsize, plinux_set);
+      if (err) {
+--
+2.40.0
diff --git a/meta-oe/recipes-extended/hwloc/hwloc_1.11.13.bb b/meta-oe/recipes-extended/hwloc/hwloc_1.11.13.bb
index e6fed584f9..83c85dbe3e 100644
--- a/meta-oe/recipes-extended/hwloc/hwloc_1.11.13.bb
+++ b/meta-oe/recipes-extended/hwloc/hwloc_1.11.13.bb
@@ -7,7 +7,9 @@ SECTION = "base"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=3282e20dc3cec311deda3c6d4b1f990b"
 
-SRC_URI = "https://www.open-mpi.org/software/${BPN}/v1.11/downloads/${BP}.tar.bz2"
+SRC_URI = "https://www.open-mpi.org/software/${BPN}/v1.11/downloads/${BP}.tar.bz2 \
+           file://CVE-2022-47022.patch \
+          "
 SRC_URI[md5sum] = "3c792e23c209e9e1bafe9bdbc613d401"
 SRC_URI[sha256sum] = "a4494b7765f517c0990d1c7f09d98cb87755bb6b841e4e2cbfebca1b14bac9c8"
 
diff --git a/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0001.patch b/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0001.patch
new file mode 100644
index 0000000000..367202e3c5
--- /dev/null
+++ b/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0001.patch
@@ -0,0 +1,4196 @@
+From df4ab2d19e247d059e0025789ba513418073ab6f Mon Sep 17 00:00:00 2001
+From: Petr Písař <ppisar@redhat.com>
+Date: Thu, 19 Oct 2023 07:36:32 +0000
+Subject: [PATCH] Fix an out-of-buffer read in search_brace()/lexi() on an
+ condition without parentheses followed with an overlong comment
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reproducer:
+
+$ hexdump -C /tmp/short
+00000000  69 66 20 30 3b 65 6c 73  65 2f 2a 0a 0a 0a 0a 0a  |if 0;else/*.....|
+00000010  0a 0a 0a 0a 0a 0a 0a 0a  0a 0a 0a 0a 0a 0a 0a 0a  |................|
+*
+00000800  0a 0a 2a 2f 78 0a                                 |..*/x.|
+00000806
+
+$ valgrind -- ./indent -o /dev/null /tmp/short
+[...]
+==21830== Invalid read of size 1
+==21830==    at 0x40586A: lexi (lexi.c:251)
+==21830==    by 0x40198C: search_brace (indent.c:387)
+==21830==    by 0x401CC2: indent_main_loop (indent.c:548)
+==21830==    by 0x402298: indent (indent.c:758)
+==21830==    by 0x402941: indent_single_file (indent.c:1003)
+==21830==    by 0x402A0F: indent_all (indent.c:1041)
+==21830==    by 0x402BC5: main (indent.c:1122)
+==21830==  Address 0x4ab2210 is 0 bytes inside a block of size 2,048 free'd
+==21830==    at 0x4847A40: realloc (vg_replace_malloc.c:1649)
+==21830==    by 0x408BC0: xrealloc (globs.c:64)
+==21830==    by 0x40BF03: need_chars (handletoken.c:89)
+==21830==    by 0x401433: sw_buffer (indent.c:149)
+==21830==    by 0x401973: search_brace (indent.c:380)
+==21830==    by 0x401CC2: indent_main_loop (indent.c:548)
+==21830==    by 0x402298: indent (indent.c:758)
+==21830==    by 0x402941: indent_single_file (indent.c:1003)
+==21830==    by 0x402A0F: indent_all (indent.c:1041)
+==21830==    by 0x402BC5: main (indent.c:1122)
+==21830==  Block was alloc'd at
+==21830==    at 0x4847A40: realloc (vg_replace_malloc.c:1649)
+==21830==    by 0x408BC0: xrealloc (globs.c:64)
+==21830==    by 0x40BF03: need_chars (handletoken.c:89)
+==21830==    by 0x401696: search_brace (indent.c:281)
+==21830==    by 0x401CC2: indent_main_loop (indent.c:548)
+==21830==    by 0x402298: indent (indent.c:758)
+==21830==    by 0x402941: indent_single_file (indent.c:1003)
+==21830==    by 0x402A0F: indent_all (indent.c:1041)
+==21830==    by 0x402BC5: main (indent.c:1122)
+
+The cause was that need_chars(&save_com, ...) could reallocate save_com.ptr
+pointer keeping a dangling copy of that pointer saved to buf_ptr
+a line above.
+
+Related to CVE-2023-40305
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+CVE: CVE-2023-40305
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/indent.git/commit/?id=df4ab2d19e247d059e0025789ba513418073ab6f]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ regression/TEST                             |    3 +-
+ regression/input/comment-heap-overread.c    | 2040 ++++++++++++++++++
+ regression/standard/comment-heap-overread.c | 2042 +++++++++++++++++++
+ src/indent.c                                |    2 +-
+ 4 files changed, 4085 insertions(+), 2 deletions(-)
+ create mode 100644 regression/input/comment-heap-overread.c
+ create mode 100644 regression/standard/comment-heap-overread.c
+
+diff --git a/regression/TEST b/regression/TEST
+index 56f41d9..a7a6747 100755
+--- a/regression/TEST
++++ b/regression/TEST
+@@ -37,7 +37,8 @@ BUGS="case-label.c one-line-1.c one-line-2.c one-line-3.c \
+         one-line-4.c struct-decl.c sizeof-in-while.c line-break-comment.c \
+         macro.c enum.c elif.c nested.c wrapped-string.c minus_predecrement.c \
+         bug-gnu-33364.c float-constant-suffix.c block-comments.c \
+-        no-forced-nl-in-block-init.c hexadecimal_float.c"
++        no-forced-nl-in-block-init.c hexadecimal_float.c \
++        comment-heap-overread.c"
+
+ INDENTSRC="args.c backup.h backup.c dirent_def.h globs.c indent.h \
+         indent.c indent_globs.h io.c lexi.c memcpy.c parse.c pr_comment.c \
+diff --git a/regression/input/comment-heap-overread.c b/regression/input/comment-heap-overread.c
+new file mode 100644
+index 0000000..5b0b172
+--- /dev/null
++++ b/regression/input/comment-heap-overread.c
+@@ -0,0 +1,2040 @@
++if 0;else/*
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++*/x
+diff --git a/regression/standard/comment-heap-overread.c b/regression/standard/comment-heap-overread.c
+new file mode 100644
+index 0000000..e601fb4
+--- /dev/null
++++ b/regression/standard/comment-heap-overread.c
+@@ -0,0 +1,2042 @@
++if 0;
++else				/*
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++				 */
++  x
+diff --git a/src/indent.c b/src/indent.c
+index 0c2780b..208b48a 100644
+--- a/src/indent.c
++++ b/src/indent.c
+@@ -145,8 +145,8 @@ static void sw_buffer(void)
+     parser_state_tos->search_brace = false;
+     bp_save = buf_ptr;
+     be_save = buf_end;
+-    buf_ptr = save_com.ptr;
+     need_chars (&save_com, 1);
++    buf_ptr = save_com.ptr;
+     buf_end = save_com.end;
+     save_com.end = save_com.ptr;        /* make save_com empty */
+ }
+--
+2.35.5
diff --git a/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0002.patch b/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0002.patch
new file mode 100644
index 0000000000..d02521bb06
--- /dev/null
+++ b/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0002.patch
@@ -0,0 +1,4254 @@
+From 2685cc0bef0200733b634932ea7399b6cf91b6d7 Mon Sep 17 00:00:00 2001
+From: Petr Písař <ppisar@redhat.com>
+Date: Thu, 19 Oct 2023 08:42:59 +0000
+Subject: [PATCH] Fix a heap buffer overwrite in search_brace()
+ (CVE-2023-40305)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If there was a comment between if-condition and an statement opening
+bracket and the comment size aligned to an indent-internal 1024 B
+buffer for comments, indent attempted to write into a nonallocated
+memory on heap.
+
+$ hexdump -C /tmp/write1
+00000000  69 66 20 30 3b 65 6c 73  65 2f 2a 0a 0a 0a 0a 0a  |if 0;else/*.....|
+00000010  0a 0a 0a 0a 0a 0a 0a 0a  0a 0a 0a 0a 0a 0a 0a 0a  |................|
+*
+00000800  0a 0a 0a 0a 2a 2f 7b 0a                           |....*/{.|
+00000808
+
+$ valgrind -- ./indent -o /dev/null /tmp/write1 2>&1 | head -n 23
+==26345== Memcheck, a memory error detector
+==26345== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
+==26345== Using Valgrind-3.21.0 and LibVEX; rerun with -h for copyright info
+==26345== Command: ./indent -o /dev/null /tmp/write1
+==26345==
+==26345== Invalid write of size 1
+==26345==    at 0x401558: search_brace (indent.c:232)
+==26345==    by 0x401CB2: indent_main_loop (indent.c:548)
+==26345==    by 0x402288: indent (indent.c:758)
+==26345==    by 0x402931: indent_single_file (indent.c:1003)
+==26345==    by 0x4029FF: indent_all (indent.c:1041)
+==26345==    by 0x402BA6: main (indent.c:1122)
+==26345==  Address 0x4aa7830 is 0 bytes after a block of size 2,048 alloc'd
+==26345==    at 0x4847A40: realloc (vg_replace_malloc.c:1649)
+==26345==    by 0x408BA1: xrealloc (globs.c:64)
+==26345==    by 0x40BEE4: need_chars (handletoken.c:89)
+==26345==    by 0x401686: search_brace (indent.c:281)
+==26345==    by 0x401CB2: indent_main_loop (indent.c:548)
+==26345==    by 0x402288: indent (indent.c:758)
+==26345==    by 0x402931: indent_single_file (indent.c:1003)
+==26345==    by 0x4029FF: indent_all (indent.c:1041)
+==26345==    by 0x402BA6: main (indent.c:1122)
+
+The cause was that the buffer was exhausted by the comment text and no
+space left for the following new-line and curly bracket characters.
+
+This patch fixes it by enlarging the buffer two fit these two
+additional characters.
+
+<https://savannah.gnu.org/bugs/index.php?64503>
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+CVE: CVE-2023-40305
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/indent.git/commit/?id=2685cc0bef0200733b634932ea7399b6cf91b6d7]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ regression/TEST                               |   44 +-
+ regression/input/comment-heap-overwrite.c     | 2042 ++++++++++++++++
+ regression/standard/comment-heap-overwrite.c  | 2044 +++++++++++++++++
+ .../standard/comment-heap-overwrite.err       |    1 +
+ src/indent.c                                  |    1 +
+ 5 files changed, 4111 insertions(+), 21 deletions(-)
+ create mode 100644 regression/input/comment-heap-overwrite.c
+ create mode 100644 regression/standard/comment-heap-overwrite.c
+ create mode 100644 regression/standard/comment-heap-overwrite.err
+
+diff --git a/regression/TEST b/regression/TEST
+index a7a6747..a76c112 100755
+--- a/regression/TEST
++++ b/regression/TEST
+@@ -427,6 +427,7 @@ echo Testing new comment stuff...Done.
+
+
+ echo Testing bad code handling....
++ERR=output/errors
+
+ # print_comment() was reading past the end of the buffer...
+ echo -ne '/*' | $INDENT -npro -st > /dev/null 2>&1
+@@ -444,29 +445,30 @@ then
+     echo >> $ERR
+ fi
+
+-# This ends in a error from indent but it shouldn't coredump.
+-$INDENT -npro input/bug206785.c -o output/bug206785.c 2>output/bug206785.err
++# This ends in an error from indent but it shouldn't coredump.
++for TEST in bug206785 comment-heap-overwrite; do
++    $INDENT -npro input/"$TEST".c -o output/"$TEST".c 2>output/"$TEST".err
+
+-if [ $? -ne 2 ]
+-then
+-    printf ERROR: bad return status from indent. | tee -a $ERR
+-    echo >> $ERR
+-fi
+-cd output
++    if [ $? -ne 2 ]
++    then
++        printf "ERROR: bad return status from indent for %s.c" "$TEST" | tee -a $ERR
++        echo >> $ERR
++    fi
+
+-for i in bug206785.c bug206785.err
+-do
+-  printf ...$i...
+-  diff --initial-tab ../standard/$i $i > $i-diffs 2>&1
+-  if [ -s $i-diffs ]
+-  then
+-    printf ERROR: $i failed | tee -a $ERR
+-    echo >> $ERR
+-  else
+-    rm $i-diffs
+-    rm $i
+-  fi
+-  echo
++    for i in "$TEST".c "$TEST".err
++    do
++      printf "...%s..." "$i"
++      diff --initial-tab standard/"$i" output/"$i" > output/"$i"-diffs 2>&1
++      if [ -s output/"$i"-diffs ]
++      then
++        printf "ERROR: %s failed" "$i" | tee -a $ERR
++        echo >> $ERR
++      else
++        rm output/"$i"-diffs
++        rm output/"$i"
++      fi
++      echo
++    done
+ done
+
+ echo Testing bad code handling...Done.
+diff --git a/regression/input/comment-heap-overwrite.c b/regression/input/comment-heap-overwrite.c
+new file mode 100644
+index 0000000..5b1ca6a
+--- /dev/null
++++ b/regression/input/comment-heap-overwrite.c
+@@ -0,0 +1,2042 @@
++if 0;else/*
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++*/{
+diff --git a/regression/standard/comment-heap-overwrite.c b/regression/standard/comment-heap-overwrite.c
+new file mode 100644
+index 0000000..8650d51
+--- /dev/null
++++ b/regression/standard/comment-heap-overwrite.c
+@@ -0,0 +1,2044 @@
++if 0;
++else				/*
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++				 */
++  {
+diff --git a/regression/standard/comment-heap-overwrite.err b/regression/standard/comment-heap-overwrite.err
+new file mode 100644
+index 0000000..fa571c8
+--- /dev/null
++++ b/regression/standard/comment-heap-overwrite.err
+@@ -0,0 +1 @@
++indent: input/comment-heap-overwrite.c:2044: Error:Unexpected end of file
+diff --git a/src/indent.c b/src/indent.c
+index 208b48a..a9f88a2 100644
+--- a/src/indent.c
++++ b/src/indent.c
+@@ -228,6 +228,7 @@ static BOOLEAN search_brace(
+                  * a `dump_line' call, thus ensuring that the brace
+                  * will go into the right column. */
+
++		need_chars (&save_com, 2);
+                 *save_com.end++ = EOL;
+                 *save_com.end++ = '{';
+                 save_com.len += 2;
+--
+2.35.5
diff --git a/meta-oe/recipes-extended/indent/indent_2.2.12.bb b/meta-oe/recipes-extended/indent/indent_2.2.12.bb
index 1a7d61abc0..a846682c13 100644
--- a/meta-oe/recipes-extended/indent/indent_2.2.12.bb
+++ b/meta-oe/recipes-extended/indent/indent_2.2.12.bb
@@ -17,6 +17,8 @@ SRC_URI = "${GNU_MIRROR}/${BPN}/${BP}.tar.gz \
            file://0001-Makefile.am-remove-regression-dir.patch \
            file://0001-Fix-builds-with-recent-gettext.patch \
            file://0001-Remove-dead-paren_level-code.patch \
+           file://CVE-2023-40305_0001.patch \
+           file://CVE-2023-40305_0002.patch \
            "
 SRC_URI[md5sum] = "4764b6ac98f6654a35da117b8e5e8e14"
 SRC_URI[sha256sum] = "e77d68c0211515459b8812118d606812e300097cfac0b4e9fb3472664263bb8b"
diff --git a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb
index d6e56ea768..edc5e00f52 100644
--- a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb
+++ b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb
@@ -11,4 +11,7 @@ SRC_URI[sha256sum] = "f4f377da17b10201a60c1108613e78ee15df6b12016b116b6de42209f4
 
 inherit autotools pkgconfig
 
+# upstream considers it isn't a real bug https://github.com/akheron/jansson/issues/548
+CVE_CHECK_IGNORE = "CVE-2020-36325 "
+
 BBCLASSEXTEND = "native"
diff --git a/meta-oe/recipes-extended/liblockfile/liblockfile/0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch b/meta-oe/recipes-extended/liblockfile/liblockfile/0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch
new file mode 100644
index 0000000000..8ac61aa55d
--- /dev/null
+++ b/meta-oe/recipes-extended/liblockfile/liblockfile/0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch
@@ -0,0 +1,63 @@
+From db9b4be854bb9a84319b81ce0afecd98f4f84ff7 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 27 Feb 2023 08:28:21 +0000
+Subject: [PATCH] Makefile.in: fix install failure on host without ldconfig
+
+fix syntax error when ldconfig is not installed on host
+
+when ldconfig is not installed on the build host, install will failed with
+error:
+ln -sf nfslock.so.0.1 /mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image/usr/lib64/nfslock.so.0
+install -m 644 lockfile.h maillock.h /mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image/usr/include
+if test "/mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image" = ""; then ; fi
+if [ "mail" != "" ]; then\
+          install -g mail -m 2755 dotlockfile /mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image/usr/bin;\
+        else \
+          install -g root -m 755 dotlockfile /mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image/usr/bin; \
+        fi
+/bin/sh: -c: line 1: syntax error near unexpected token `;'
+/bin/sh: -c: line 1: `if test "/mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image" = ""; then ; fi'
+
+Upstream-Status: Submitted [https://github.com/miquels/liblockfile/pull/21]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ Makefile.in | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 6e53179..d003899 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -9,6 +9,10 @@ NFSVER		= 0.1
+ CFLAGS		= @CFLAGS@ -I.
+ LDFLAGS		= @LDFLAGS@
+ CC		= @CC@
++LDCONFIG       = @LDCONFIG@
++ifeq ($(LDCONFIG),)
++    LDCONFIG = ":"
++endif
+ 
+ prefix		= $(DESTDIR)@prefix@
+ exec_prefix	= @exec_prefix@
+@@ -58,7 +62,7 @@ install_shared:	shared install_static install_common
+ 			$(libdir)/liblockfile.so.$(SOVER)
+ 		ln -s liblockfile.so.$(SOVER) $(libdir)/liblockfile.so.$(MAJOR)
+ 		ln -s liblockfile.so.$(SOVER) $(libdir)/liblockfile.so
+-		if test "$(DESTDIR)" = ""; then @LDCONFIG@; fi
++		if test "$(DESTDIR)" = ""; then $(LDCONFIG); fi
+ 
+ install_common:
+ 		install -d -m 755 -g root -p $(includedir)
+@@ -79,7 +83,7 @@ install_nfslib:	nfslib
+ 		install -m 755 nfslock.so.$(NFSVER) $(nfslockdir)
+ 		ln -sf nfslock.so.$(NFSVER) $(libdir)/nfslock.so
+ 		ln -sf nfslock.so.$(NFSVER) $(libdir)/nfslock.so.0
+-		if test "$(DESTDIR)" = ""; then @LDCONFIG@; fi
++		if test "$(DESTDIR)" = ""; then $(LDCONFIG); fi
+ 
+ clean:
+ 		rm -f *.a *.o *.so *.so.* dotlockfile
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-extended/liblockfile/liblockfile_1.14.bb b/meta-oe/recipes-extended/liblockfile/liblockfile_1.14.bb
index bac3a2c0bd..eefc25dc46 100644
--- a/meta-oe/recipes-extended/liblockfile/liblockfile_1.14.bb
+++ b/meta-oe/recipes-extended/liblockfile/liblockfile_1.14.bb
@@ -10,6 +10,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/libl/liblockfile/liblockfile_1.14.orig.tar.gz \
     file://0001-Makefile.in-add-DESTDIR.patch \
     file://0001-Makefile.in-install-nfslock-libs.patch \
     file://liblockfile-fix-install-so-to-man-dir.patch \
+    file://0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch \
 "
 
 SRC_URI[md5sum] = "420c056ba0cc4d1477e402f70ba2f5eb"
diff --git a/meta-oe/recipes-extended/libqb/libqb_2.0.6.bb b/meta-oe/recipes-extended/libqb/libqb_2.0.8.bb
index ce3606d777..3db9e2e66f 100644
--- a/meta-oe/recipes-extended/libqb/libqb_2.0.6.bb
+++ b/meta-oe/recipes-extended/libqb/libqb_2.0.8.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=321bf41f280cf805086dd5a720b37785"
 
 inherit autotools pkgconfig
 
-SRCREV = "758044bed5f615c90818aa5431d00303288888e5"
+SRCREV = "002171bbcf4bc4728da56c1538afd9e9d814ecaf"
 SRC_URI = "git://github.com/ClusterLabs/${BPN}.git;branch=main;protocol=https \
           "
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch
new file mode 100644
index 0000000000..f3af3dbffd
--- /dev/null
+++ b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch
@@ -0,0 +1,57 @@
+From dc668d296f9f05aeab6315d44cff3208641e3096 Mon Sep 17 00:00:00 2001
+From: Michal Vasko <mvasko@cesnet.cz>
+Date: Mon, 13 Feb 2023 10:23:13 +0100
+Subject: [PATCH] schema compile UPDATE do not implement 2 same modules
+
+CVE: CVE-2023-26916
+Upstream-Status: Backport [https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096]
+
+Refs #1979
+---
+ src/schema_compile.c | 20 +++++++-------------
+ 1 file changed, 7 insertions(+), 13 deletions(-)
+
+diff --git a/src/schema_compile.c b/src/schema_compile.c
+index ed768ba0..68c0d681 100644
+--- a/src/schema_compile.c
++++ b/src/schema_compile.c
+@@ -1748,7 +1748,7 @@ lys_has_compiled_import_r(struct lys_module *mod)
+ LY_ERR
+ lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unres *unres)
+ {
+-    LY_ERR ret;
++    LY_ERR r;
+     struct lys_module *m;
+ 
+     assert(!mod->implemented);
+@@ -1757,21 +1757,15 @@ lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unr
+     m = ly_ctx_get_module_implemented(mod->ctx, mod->name);
+     if (m) {
+         assert(m != mod);
+-        if (!strcmp(mod->name, "yang") && (strcmp(m->revision, mod->revision) > 0)) {
+-            /* special case for newer internal module, continue */
+-            LOGVRB("Internal module \"%s@%s\" is already implemented in revision \"%s\", using it instead.",
+-                    mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>");
+-        } else {
+-            LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".",
+-                    mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>");
+-            return LY_EDENIED;
+-        }
++        LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".",
++                mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>");
++        return LY_EDENIED;
+     }
+ 
+     /* set features */
+-    ret = lys_set_features(mod->parsed, features);
+-    if (ret && (ret != LY_EEXIST)) {
+-        return ret;
++    r = lys_set_features(mod->parsed, features);
++    if (r && (r != LY_EEXIST)) {
++        return r;
+     }
+ 
+     /*
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch
new file mode 100644
index 0000000000..d7ba2fb9a0
--- /dev/null
+++ b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch
@@ -0,0 +1,40 @@
+From cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090 Mon Sep 17 00:00:00 2001
+From: Michal Vasko <mvasko@cesnet.cz>
+Date: Tue, 18 Jul 2023 10:41:21 +0000
+Subject: [PATCH] parser common BUGFIX handle missing YANG strings
+
+Fixes #1987
+
+CVE: CVE-2023-26917
+
+Upstream-Status:
+Backport[https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/parser_stmt.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/parser_stmt.c b/src/parser_stmt.c
+index 81ccbfca6..2ebf822ab 100644
+--- a/src/parser_stmt.c
++++ b/src/parser_stmt.c
+@@ -52,6 +52,16 @@ lysp_stmt_validate_value(struct lys_parser_ctx *ctx, enum yang_arg val_type, con
+     uint32_t c;
+     size_t utf8_char_len;
+
++    if (!val) {
++	    if (val_type == Y_MAYBE_STR_ARG) {
++		    /* fine */
++		    return LY_SUCCESS;
++	    }
++
++	    LOGVAL_PARSER(ctx, LYVE_SYNTAX, "Missing an expected string.");
++	    return LY_EVALID;
++    }
++
+     while (*val) {
+         LY_CHECK_ERR_RET(ly_getutf8(&val, &c, &utf8_char_len),
+                 LOGVAL_PARSER(ctx, LY_VCODE_INCHAR, (val)[-utf8_char_len]), LY_EVALID);
+--
+2.35.5
diff --git a/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb b/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb
index 2817be7c86..eb3f322519 100644
--- a/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb
+++ b/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb
@@ -11,6 +11,8 @@ SRCREV = "a0cc89516ab5eca84d01c85309f320a94752a64c"
 SRC_URI = "git://github.com/CESNET/libyang.git;branch=master;protocol=https \
            file://libyang-add-stdint-h.patch \
            file://run-ptest \
+           file://CVE-2023-26916.patch \
+	    file://CVE-2023-26917.patch \
            "
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb b/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb
index af0a3c2bd2..6801020ef9 100644
--- a/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb
+++ b/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb
@@ -17,7 +17,7 @@ REQUIRED_DISTRO_FEATURES = "pam"
 
 SRCREV = "d8eba6cb6682b59d84ca1da67a523520b879ade6"
 
-SRC_URI = "git://github.com/Openwsman/openwsman.git;branch=master;protocol=https \
+SRC_URI = "git://github.com/Openwsman/openwsman.git;branch=main;protocol=https \
            file://libssl-is-required-if-eventint-supported.patch \
            file://openwsmand.service \
            file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \
diff --git a/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch
new file mode 100644
index 0000000000..42ea716bea
--- /dev/null
+++ b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch
@@ -0,0 +1,30 @@
+From: Robert Luberda <robert@debian.org>
+Date: Sat, 19 Nov 2016 08:48:08 +0100
+Subject: Fix nullptr dereference (CVE-2016-9296)
+
+Patch taken from https://sourceforge.net/p/p7zip/bugs/185/
+
+CVE: CVE-2016-9296
+
+Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-debug/20180205T215659Z/pool/main/p/p7zip/p7zip_16.02%2Bdfsg-6.debian.tar.xz]
+
+Signed-off-by: Zahir Hussain <zahir.basha@kpit.com>
+Signed-off-by: aszh07 <mail2szahir@gmail.com>
+---
+ CPP/7zip/Archive/7z/7zIn.cpp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/Archive/7z/7zIn.cpp b/CPP/7zip/Archive/7z/7zIn.cpp
+index b0c6b98..7c6dde2 100644
+--- a/CPP/7zip/Archive/7z/7zIn.cpp
++++ b/CPP/7zip/Archive/7z/7zIn.cpp
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedStreams(
+       if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+         ThrowIncorrect();
+   }
+-  HeadersSize += folders.PackPositions[folders.NumPackStreams];
++  if (folders.PackPositions)
++      HeadersSize += folders.PackPositions[folders.NumPackStreams];
+   return S_OK;
+ }
+ 
diff --git a/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch b/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch
new file mode 100644
index 0000000000..6b337b8d2d
--- /dev/null
+++ b/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch
@@ -0,0 +1,228 @@
+From: Robert Luberda <robert@debian.org>
+Date: Sun, 28 Jan 2018 23:47:40 +0100
+Subject: CVE-2018-5996
+
+Hopefully fix Memory Corruptions via RAR PPMd (CVE-2018-5996) by
+applying a few changes from 7Zip 18.00-beta.
+
+Bug-Debian: https://bugs.debian.org/#888314
+
+CVE: CVE-2018-5996
+
+Upstream-Status: Backport [https://sources.debian.org/data/non-free/p/p7zip-rar/16.02-3/debian/patches/06-CVE-2018-5996.patch]
+
+Signed-off-by: Zahir Hussain <zahir.basha@kpit.com>
+Signed-off-by: aszh07 <mail2szahir@gmail.com>
+---
+ CPP/7zip/Compress/Rar1Decoder.cpp | 13 +++++++++----
+ CPP/7zip/Compress/Rar1Decoder.h   |  1 +
+ CPP/7zip/Compress/Rar2Decoder.cpp | 10 +++++++++-
+ CPP/7zip/Compress/Rar2Decoder.h   |  1 +
+ CPP/7zip/Compress/Rar3Decoder.cpp | 23 ++++++++++++++++++++---
+ CPP/7zip/Compress/Rar3Decoder.h   |  2 ++
+ 6 files changed, 42 insertions(+), 8 deletions(-)
+
+diff --git a/CPP/7zip/Compress/Rar1Decoder.cpp b/CPP/7zip/Compress/Rar1Decoder.cpp
+index 1aaedcc..68030c7 100644
+--- a/CPP/7zip/Compress/Rar1Decoder.cpp
++++ b/CPP/7zip/Compress/Rar1Decoder.cpp
+@@ -29,7 +29,7 @@ public:
+ };
+ */
+ 
+-CDecoder::CDecoder(): m_IsSolid(false) { }
++CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { }
+ 
+ void CDecoder::InitStructures()
+ {
+@@ -406,9 +406,14 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+   InitData();
+   if (!m_IsSolid)
+   {
++    _errorMode = false;
+     InitStructures();
+     InitHuff();
+   }
++
++  if (_errorMode)
++    return S_FALSE;
++
+   if (m_UnpackSize > 0)
+   {
+     GetFlagsBuf();
+@@ -477,9 +482,9 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream
+     const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress)
+ {
+   try { return CodeReal(inStream, outStream, inSize, outSize, progress); }
+-  catch(const CInBufferException &e) { return e.ErrorCode; }
+-  catch(const CLzOutWindowException &e) { return e.ErrorCode; }
+-  catch(...) { return S_FALSE; }
++  catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; }
++  catch(const CLzOutWindowException &e) { _errorMode = true; return e.ErrorCode; }
++  catch(...) { _errorMode = true; return S_FALSE; }
+ }
+ 
+ STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size)
+diff --git a/CPP/7zip/Compress/Rar1Decoder.h b/CPP/7zip/Compress/Rar1Decoder.h
+index 630f089..01b606b 100644
+--- a/CPP/7zip/Compress/Rar1Decoder.h
++++ b/CPP/7zip/Compress/Rar1Decoder.h
+@@ -39,6 +39,7 @@ public:
+ 
+   Int64 m_UnpackSize;
+   bool m_IsSolid;
++  bool _errorMode;
+ 
+   UInt32 ReadBits(int numBits);
+   HRESULT CopyBlock(UInt32 distance, UInt32 len);
+diff --git a/CPP/7zip/Compress/Rar2Decoder.cpp b/CPP/7zip/Compress/Rar2Decoder.cpp
+index b3f2b4b..0580c8d 100644
+--- a/CPP/7zip/Compress/Rar2Decoder.cpp
++++ b/CPP/7zip/Compress/Rar2Decoder.cpp
+@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << 20;
+ static const UInt32 kWindowReservSize = (1 << 22) + 256;
+ 
+ CDecoder::CDecoder():
+-  m_IsSolid(false)
++  m_IsSolid(false),
++  m_TablesOK(false)
+ {
+ }
+ 
+@@ -100,6 +101,8 @@ UInt32 CDecoder::ReadBits(unsigned numBits) { return m_InBitStream.ReadBits(numB
+ 
+ bool CDecoder::ReadTables(void)
+ {
++  m_TablesOK = false;
++
+   Byte levelLevels[kLevelTableSize];
+   Byte newLevels[kMaxTableSize];
+   m_AudioMode = (ReadBits(1) == 1);
+@@ -170,6 +173,8 @@ bool CDecoder::ReadTables(void)
+   }
+   
+   memcpy(m_LastLevels, newLevels, kMaxTableSize);
++  m_TablesOK = true;
++
+   return true;
+ }
+ 
+@@ -344,6 +349,9 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+       return S_FALSE;
+   }
+ 
++  if (!m_TablesOK)
++    return S_FALSE;
++
+   UInt64 startPos = m_OutWindowStream.GetProcessedSize();
+   while (pos < unPackSize)
+   {
+diff --git a/CPP/7zip/Compress/Rar2Decoder.h b/CPP/7zip/Compress/Rar2Decoder.h
+index 3a0535c..0e9005f 100644
+--- a/CPP/7zip/Compress/Rar2Decoder.h
++++ b/CPP/7zip/Compress/Rar2Decoder.h
+@@ -139,6 +139,7 @@ class CDecoder :
+ 
+   UInt64 m_PackSize;
+   bool m_IsSolid;
++  bool m_TablesOK;
+ 
+   void InitStructures();
+   UInt32 ReadBits(unsigned numBits);
+diff --git a/CPP/7zip/Compress/Rar3Decoder.cpp b/CPP/7zip/Compress/Rar3Decoder.cpp
+index 3bf2513..6cb8a6a 100644
+--- a/CPP/7zip/Compress/Rar3Decoder.cpp
++++ b/CPP/7zip/Compress/Rar3Decoder.cpp
+@@ -92,7 +92,8 @@ CDecoder::CDecoder():
+   _writtenFileSize(0),
+   _vmData(0),
+   _vmCode(0),
+-  m_IsSolid(false)
++  m_IsSolid(false),
++  _errorMode(false)
+ {
+   Ppmd7_Construct(&_ppmd);
+ }
+@@ -545,6 +546,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing)
+     return InitPPM();
+   }
+ 
++  TablesRead = false;
++  TablesOK = false;
++
+   _lzMode = true;
+   PrevAlignBits = 0;
+   PrevAlignCount = 0;
+@@ -606,6 +610,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing)
+       }
+     }
+   }
++  if (InputEofError())
++    return S_FALSE;
++
+   TablesRead = true;
+ 
+   // original code has check here:
+@@ -623,6 +630,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing)
+   RIF(m_LenDecoder.Build(&newLevels[kMainTableSize + kDistTableSize + kAlignTableSize]));
+ 
+   memcpy(m_LastLevels, newLevels, kTablesSizesSum);
++
++  TablesOK = true;
++
+   return S_OK;
+ }
+ 
+@@ -824,7 +834,12 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress)
+     PpmEscChar = 2;
+     PpmError = true;
+     InitFilters();
++    _errorMode = false;
+   }
++
++  if (_errorMode)
++    return S_FALSE;
++
+   if (!m_IsSolid || !TablesRead)
+   {
+     bool keepDecompressing;
+@@ -838,6 +853,8 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress)
+     bool keepDecompressing;
+     if (_lzMode)
+     {
++      if (!TablesOK)
++        return S_FALSE;
+       RINOK(DecodeLZ(keepDecompressing))
+     }
+     else
+@@ -901,8 +918,8 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream
+     _unpackSize = outSize ? *outSize : (UInt64)(Int64)-1;
+     return CodeReal(progress);
+   }
+-  catch(const CInBufferException &e)  { return e.ErrorCode; }
+-  catch(...) { return S_FALSE; }
++  catch(const CInBufferException &e)  { _errorMode = true; return e.ErrorCode; }
++  catch(...) { _errorMode = true; return S_FALSE; }
+   // CNewException is possible here. But probably CNewException is caused
+   // by error in data stream.
+ }
+diff --git a/CPP/7zip/Compress/Rar3Decoder.h b/CPP/7zip/Compress/Rar3Decoder.h
+index c130cec..2f72d7d 100644
+--- a/CPP/7zip/Compress/Rar3Decoder.h
++++ b/CPP/7zip/Compress/Rar3Decoder.h
+@@ -192,6 +192,7 @@ class CDecoder:
+   UInt32 _lastFilter;
+ 
+   bool m_IsSolid;
++  bool _errorMode;
+ 
+   bool _lzMode;
+   bool _unsupportedFilter;
+@@ -200,6 +201,7 @@ class CDecoder:
+   UInt32 PrevAlignCount;
+ 
+   bool TablesRead;
++  bool TablesOK;
+ 
+   CPpmd7 _ppmd;
+   int PpmEscChar;
diff --git a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb
index 04923116cf..e795482eb6 100644
--- a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb
+++ b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb
@@ -10,6 +10,8 @@ SRC_URI = "http://downloads.sourceforge.net/p7zip/p7zip/${PV}/p7zip_${PV}_src_al
            file://CVE-2017-17969.patch \
            file://0001-Fix-narrowing-errors-Wc-11-narrowing.patch \
            file://change_numMethods_from_bool_to_unsigned.patch \
+           file://CVE-2018-5996.patch \
+           file://CVE-2016-9296.patch \
            "
 
 SRC_URI[md5sum] = "a0128d661cfe7cc8c121e73519c54fbf"
diff --git a/meta-oe/recipes-extended/redis/redis-7/0001-src-Do-not-reset-FINAL_LIBS.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/0001-src-Do-not-reset-FINAL_LIBS.patch
index e8d8b1d53f..e8d8b1d53f 100644
--- a/meta-oe/recipes-extended/redis/redis-7/0001-src-Do-not-reset-FINAL_LIBS.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/0001-src-Do-not-reset-FINAL_LIBS.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/0006-Define-correct-gregs-for-RISCV32.patch
index 01f8421811..385b0aeed0 100644
--- a/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/0006-Define-correct-gregs-for-RISCV32.patch
@@ -1,4 +1,4 @@
-From f26a978c638bcbc621669dce0ab89e43af42af98 Mon Sep 17 00:00:00 2001
+From b6b2c652abfa98093401b232baca8719c50cadf4 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 26 Oct 2020 21:32:22 -0700
 Subject: [PATCH] Define correct gregs for RISCV32
@@ -6,18 +6,17 @@ Subject: [PATCH] Define correct gregs for RISCV32
 Upstream-Status: Pending
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 
-Updated patch for 6.2.1
-Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
-
+Updated patch for 6.2.8
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
 ---
  src/debug.c | 26 ++++++++++++++++++++++++--
  1 file changed, 24 insertions(+), 2 deletions(-)
 
 diff --git a/src/debug.c b/src/debug.c
-index 2da2c5d..1d778fa 100644
+index ebda858..90bc450 100644
 --- a/src/debug.c
 +++ b/src/debug.c
-@@ -1116,7 +1116,9 @@ static void *getMcontextEip(ucontext_t *uc) {
+@@ -1168,7 +1168,9 @@ static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) {
      #endif
  #elif defined(__linux__)
      /* Linux */
@@ -25,10 +24,10 @@ index 2da2c5d..1d778fa 100644
 +    #if defined(__riscv) && __riscv_xlen == 32
 +    return (void*) uc->uc_mcontext.__gregs[REG_PC];
 +    #elif defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__))
-     return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */
+     GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip);
      #elif defined(__X86_64__) || defined(__x86_64__)
-     return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */
-@@ -1298,8 +1300,28 @@ void logRegisters(ucontext_t *uc) {
+     GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip);
+@@ -1350,8 +1352,28 @@ void logRegisters(ucontext_t *uc) {
      #endif
  /* Linux */
  #elif defined(__linux__)
@@ -58,3 +57,6 @@ index 2da2c5d..1d778fa 100644
      serverLog(LL_WARNING,
      "\n"
      "EAX:%08lx EBX:%08lx ECX:%08lx EDX:%08lx\n"
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/GNU_SOURCE-7.patch
index 6e07c25c6a..6e07c25c6a 100644
--- a/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/GNU_SOURCE-7.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/hiredis-use-default-CC-if-it-is-set.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/hiredis-use-default-CC-if-it-is-set.patch
index 657b0923e2..657b0923e2 100644
--- a/meta-oe/recipes-extended/redis/redis-7/hiredis-use-default-CC-if-it-is-set.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/hiredis-use-default-CC-if-it-is-set.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/init-redis-server b/meta-oe/recipes-extended/redis/redis-7.0.13/init-redis-server
index 6014d70c0e..6014d70c0e 100755
--- a/meta-oe/recipes-extended/redis/redis-7/init-redis-server
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/init-redis-server
diff --git a/meta-oe/recipes-extended/redis/redis-7/lua-update-Makefile-to-use-environment-build-setting.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/lua-update-Makefile-to-use-environment-build-setting.patch
index c6c6fde162..c6c6fde162 100644
--- a/meta-oe/recipes-extended/redis/redis-7/lua-update-Makefile-to-use-environment-build-setting.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/lua-update-Makefile-to-use-environment-build-setting.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/oe-use-libc-malloc.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/oe-use-libc-malloc.patch
index bf6d0cf3c1..bf6d0cf3c1 100644
--- a/meta-oe/recipes-extended/redis/redis-7/oe-use-libc-malloc.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/oe-use-libc-malloc.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/redis.conf b/meta-oe/recipes-extended/redis/redis-7.0.13/redis.conf
index 75037d6dc8..75037d6dc8 100644
--- a/meta-oe/recipes-extended/redis/redis-7/redis.conf
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/redis.conf
diff --git a/meta-oe/recipes-extended/redis/redis-7/redis.service b/meta-oe/recipes-extended/redis/redis-7.0.13/redis.service
index a52204cc70..a52204cc70 100644
--- a/meta-oe/recipes-extended/redis/redis-7/redis.service
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/redis.service
diff --git a/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch b/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch
index b2d1a32eda..9d7e502717 100644
--- a/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch
+++ b/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch
@@ -1,4 +1,4 @@
-From 6134b471c35df826ccb41aab9a47e5c89e15a0c4 Mon Sep 17 00:00:00 2001
+From 26bd72f3b8de22e5036d86e6c79f815853b83473 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 26 Oct 2020 21:32:22 -0700
 Subject: [PATCH] Define correct gregs for RISCV32
@@ -13,10 +13,10 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
  1 file changed, 24 insertions(+), 2 deletions(-)
 
 diff --git a/src/debug.c b/src/debug.c
-index e7fec29..5abb404 100644
+index 5318c14..8c21b47 100644
 --- a/src/debug.c
 +++ b/src/debug.c
-@@ -1039,7 +1039,9 @@ static void *getMcontextEip(ucontext_t *uc) {
+@@ -1055,7 +1055,9 @@ static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) {
      #endif
  #elif defined(__linux__)
      /* Linux */
@@ -24,10 +24,10 @@ index e7fec29..5abb404 100644
 +    #if defined(__riscv) && __riscv_xlen == 32
 +    return (void*) uc->uc_mcontext.__gregs[REG_PC];
 +    #elif defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__))
-     return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */
+     GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip);
      #elif defined(__X86_64__) || defined(__x86_64__)
-     return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */
-@@ -1206,8 +1208,28 @@ void logRegisters(ucontext_t *uc) {
+     GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip);
+@@ -1222,8 +1224,28 @@ void logRegisters(ucontext_t *uc) {
      #endif
  /* Linux */
  #elif defined(__linux__)
@@ -57,3 +57,6 @@ index e7fec29..5abb404 100644
      serverLog(LL_WARNING,
      "\n"
      "EAX:%08lx EBX:%08lx ECX:%08lx EDX:%08lx\n"
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-extended/redis/redis_6.2.7.bb b/meta-oe/recipes-extended/redis/redis_6.2.12.bb
index 7f922a4e0f..3ed6867816 100644
--- a/meta-oe/recipes-extended/redis/redis_6.2.7.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.12.bb
@@ -17,7 +17,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
            file://GNU_SOURCE.patch \
            file://0006-Define-correct-gregs-for-RISCV32.patch \
            "
-SRC_URI[sha256sum] = "b7a79cc3b46d3c6eb52fa37dde34a4a60824079ebdfb3abfbbfa035947c55319"
+SRC_URI[sha256sum] = "75352eef41e97e84bfa94292cbac79e5add5345fc79787df5cbdff703353fb1b"
 
 inherit autotools-brokensep update-rc.d systemd useradd
 
diff --git a/meta-oe/recipes-extended/redis/redis_7.0.4.bb b/meta-oe/recipes-extended/redis/redis_7.0.13.bb
index 6eb6573768..e88ab4ddf5 100644
--- a/meta-oe/recipes-extended/redis/redis_7.0.4.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.0.13.bb
@@ -6,8 +6,6 @@ LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=8ffdd6c926faaece928cf9d9640132d2"
 DEPENDS = "readline lua ncurses"
 
-FILESPATH =. "${FILE_DIRNAME}/${PN}-7:"
-
 SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
            file://redis.conf \
            file://init-redis-server \
@@ -16,10 +14,10 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
            file://lua-update-Makefile-to-use-environment-build-setting.patch \
            file://oe-use-libc-malloc.patch \
            file://0001-src-Do-not-reset-FINAL_LIBS.patch \
-           file://GNU_SOURCE.patch \
+           file://GNU_SOURCE-7.patch \
            file://0006-Define-correct-gregs-for-RISCV32.patch \
            "
-SRC_URI[sha256sum] = "f0e65fda74c44a3dd4fa9d512d4d4d833dd0939c934e946a5c622a630d057f2f"
+SRC_URI[sha256sum] = "97065774d5fb8388eb0d8913458decfcb167d356e40d31dd01cd30c1cc391673"
 
 inherit autotools-brokensep update-rc.d systemd useradd
 
diff --git a/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb b/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb
index 6ef9f74c70..2f4f16589d 100644
--- a/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb
+++ b/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb
@@ -7,14 +7,24 @@ SRC_URI = "https://sourceforge.net/projects/${BPN}/files/${BPN}/${PV}/${BPN}-${P
 SRC_URI[md5sum] = "cd5c670c1086358598a6d4a9d166949d"
 SRC_URI[sha256sum] = "d4000e02102acaf259998c870e25214739d1f16f67f99cb35e4f46841399da68"
 
-inherit cmake features_check
+inherit cmake features_check pkgconfig
 
-# depends on virtual/libx11, virtual/libgl
-REQUIRED_DISTRO_FEATURES = "x11 opengl"
+# depends on virtual/libgl
+REQUIRED_DISTRO_FEATURES = "opengl"
 
+PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'wayland x11', d)}"
+PACKAGECONFIG[gles] = "-DFREEGLUT_GLES=ON,-DFREEGLUT_GLES=OFF,"
+PACKAGECONFIG[wayland] = "-DFREEGLUT_WAYLAND=ON,-DFREEGLUT_WAYLAND=OFF,libxkbcommon"
+PACKAGECONFIG[demos] = "-DFREEGLUT_BUILD_DEMOS=ON,-DFREEGLUT_BUILD_DEMOS=OFF,"
+PACKAGECONFIG[x11] = ",,virtual/libx11 libice libxmu libglu libxrandr libxext"
 # Do not use -fno-common, check back when upgrading to new version it might not be needed
 CFLAGS += "-fcommon"
 
 PROVIDES += "mesa-glut"
 
-DEPENDS = "virtual/libx11 libxmu libxi virtual/libgl libglu libxrandr"
+DEPENDS = "virtual/libgl libxi"
+
+do_install:append() {
+    # Remove buildpaths
+    sed -i "s#${RECIPE_SYSROOT}##g" ${D}${libdir}/cmake/FreeGLUT/FreeGLUTTargets.cmake
+}
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch
new file mode 100644
index 0000000000..a48f8aa06a
--- /dev/null
+++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch
@@ -0,0 +1,38 @@
+From 361f274ca901c3c476697a6404662d95f4dd43cb Mon Sep 17 00:00:00 2001
+From: Matthew Fernandez <matthew.fernandez@gmail.com>
+Date: Fri, 12 Jan 2024 17:06:17 +1100
+Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope 
+ 'gv_api'
+
+Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb]
+CVE: CVE-2023-46045
+ 
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ lib/gvc/gvconfig.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
+index 2d86321..f9d1dcc 100644
+--- a/lib/gvc/gvconfig.c
++++ b/lib/gvc/gvconfig.c
+@@ -173,7 +173,6 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
+ {
+     char *package_path, *name, *api;
+     const char *type;
+-    api_t gv_api;
+     int quality, rc;
+     int nest = 0;
+     gvplugin_package_t *package;
+@@ -188,7 +187,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
+         package = gvplugin_package_record(gvc, package_path, name);
+ 	do {
+ 	    api = token(&nest, &s);
+-	    gv_api = gvplugin_api(api);
++	    const api_t gv_api = gvplugin_api(api);
+ 	    do {
+ 		if (nest == 2) {
+ 		    type = token(&nest, &s);
+-- 
+2.40.0
+
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch
new file mode 100644
index 0000000000..4c70b1a877
--- /dev/null
+++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch
@@ -0,0 +1,39 @@
+From 3f31704cafd7da3e86bb2861accf5e90c973e62a Mon Sep 17 00:00:00 2001
+From: Matthew Fernandez <matthew.fernandez@gmail.com>
+Date: Fri, 12 Jan 2024 17:06:17 +1100
+Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope 
+ 'api'
+
+Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a]
+CVE: CVE-2023-46045
+
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ lib/gvc/gvconfig.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
+index f9d1dcc..95e8c6c 100644
+--- a/lib/gvc/gvconfig.c
++++ b/lib/gvc/gvconfig.c
+@@ -171,7 +171,7 @@ static char *token(int *nest, char **tokens)
+ 
+ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
+ {
+-    char *package_path, *name, *api;
++    char *package_path, *name;
+     const char *type;
+     int quality, rc;
+     int nest = 0;
+@@ -186,7 +186,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
+ 	    name = "x";
+         package = gvplugin_package_record(gvc, package_path, name);
+ 	do {
+-	    api = token(&nest, &s);
++	    const char *api = token(&nest, &s);
+ 	    const api_t gv_api = gvplugin_api(api);
+ 	    do {
+ 		if (nest == 2) {
+-- 
+2.40.0
+
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch
new file mode 100644
index 0000000000..4746265eeb
--- /dev/null
+++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch
@@ -0,0 +1,31 @@
+From a95f977f5d809915ec4b14836d2b5b7f5e74881e Mon Sep 17 00:00:00 2001
+From: Matthew Fernandez <matthew.fernandez@gmail.com>
+Date: Fri, 12 Jan 2024 17:06:17 +1100
+Subject: [PATCH] gvc: detect plugin installation failure and display an error
+
+Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e]
+CVE: CVE-2023-46045
+
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ lib/gvc/gvconfig.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
+index 95e8c6c..77d0865 100644
+--- a/lib/gvc/gvconfig.c
++++ b/lib/gvc/gvconfig.c
+@@ -188,6 +188,10 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
+ 	do {
+ 	    const char *api = token(&nest, &s);
+ 	    const api_t gv_api = gvplugin_api(api);
++	    if (gv_api == (api_t)-1) {
++		agerr(AGERR, "config error: %s %s not found\n", package_path, api);
++		return 0;
++	    }
+ 	    do {
+ 		if (nest == 2) {
+ 		    type = token(&nest, &s);
+-- 
+2.40.0
+
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb
index 4c51af669c..f06e2adb02 100644
--- a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb
+++ b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb
@@ -20,6 +20,9 @@ DEPENDS:append:class-nativesdk = " ${BPN}-native"
 inherit autotools-brokensep pkgconfig gettext qemu
 
 SRC_URI = "https://gitlab.com/api/v4/projects/4207231/packages/generic/${BPN}-releases/${PV}/${BP}.tar.xz \
+	   file://CVE-2023-46045-1.patch \
+           file://CVE-2023-46045-2.patch \
+           file://CVE-2023-46045-3.patch \
            "
 # Use native mkdefs
 SRC_URI:append:class-target = "\
diff --git a/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb b/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb
index 1a94215839..7f93f704e0 100644
--- a/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb
+++ b/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb
@@ -9,7 +9,7 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=d6fc0df890c5270ef045981b516bb8f2"
 
 # TODO: Pin upstream release (current v7.11.0-80-g419a757)
-SRC_URI = "git://github.com/lvgl/lv_drivers;destsuffix=${S};protocol=https;nobranch=1"
+SRC_URI = "git://github.com/lvgl/lv_drivers;protocol=https;branch=master"
 SRCREV = "419a757c23aaa67c676fe3a2196d64808fcf2254"
 
 DEPENDS = "libxkbcommon lvgl wayland"
@@ -19,15 +19,15 @@ REQUIRED_DISTRO_FEATURES = "wayland"
 inherit cmake
 inherit features_check
 
-S = "${WORKDIR}/${PN}-${PV}"
+S = "${WORKDIR}/git"
 
 LVGL_CONFIG_WAYLAND_HOR_RES ?= "480"
 LVGL_CONFIG_WAYLAND_VER_RES ?= "320"
 
-EXTRA_OECMAKE += "-Dinstall:BOOL=ON -DLIB_INSTALL_DIR=${BASELIB}"
+EXTRA_OECMAKE += "-Dinstall:BOOL=ON -DLIB_INSTALL_DIR=${baselib}"
 
 TARGET_CFLAGS += "-DLV_CONF_INCLUDE_SIMPLE=1"
-TARGET_CFLAGS += "-I${RECIPE_SYSROOT}/${includedir}/lvgl"
+TARGET_CFLAGS += "-I${STAGING_INCDIR}/lvgl"
 
 # Upstream does not support a default configuration
 # but propose a default "disabled" template, which is used as reference
diff --git a/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb b/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb
index 032e85f522..0049bbe237 100644
--- a/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb
+++ b/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb
@@ -8,21 +8,23 @@ DESCRIPTION = "Allow the use of PNG images in LVGL. This implementation uses lod
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=d6fc0df890c5270ef045981b516bb8f2"
 
-SRC_URI = "git://github.com/lvgl/lv_lib_png;destsuffix=${S};protocol=https;nobranch=1"
+SRC_URI = "git://github.com/lvgl/lv_lib_png;;protocol=https;branch=master"
 SRCREV = "bf1531afe07c9f861107559e29ab8a2d83e4715a"
 
+S = "${WORKDIR}/git"
+
 # because of lvgl dependency
 REQUIRED_DISTRO_FEATURES = "wayland"
 
 DEPENDS += "lvgl"
 
-EXTRA_OECMAKE += "-DLIB_INSTALL_DIR=${BASELIB}"
+EXTRA_OECMAKE += "-DLIB_INSTALL_DIR=${baselib}"
 
 inherit cmake
 inherit features_check
 
 TARGET_CFLAGS += "-DLV_CONF_INCLUDE_SIMPLE=1"
-TARGET_CFLAGS += "-I${RECIPE_SYSROOT}/${includedir}/lvgl"
+TARGET_CFLAGS += "-I${STAGING_INCDIR}/lvgl"
 
 FILES:${PN}-dev = "\
     ${includedir}/lvgl/lv_lib_png/ \
diff --git a/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb b/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb
index 2005afa2fd..0021da01fb 100644
--- a/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb
+++ b/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb
@@ -8,7 +8,7 @@ SUMMARY = "Light and Versatile Graphics Library"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENCE.txt;md5=bf1198c89ae87f043108cea62460b03a"
 
-SRC_URI = "gitsm://github.com/lvgl/lvgl;destsuffix=${S};protocol=https;nobranch=1"
+SRC_URI = "gitsm://github.com/lvgl/lvgl;protocol=https;branch=master"
 SRCREV = "d38eb1e689fa5a64c25e677275172d9c8a4ab2f0"
 
 REQUIRED_DISTRO_FEATURES = "wayland"
@@ -16,8 +16,8 @@ REQUIRED_DISTRO_FEATURES = "wayland"
 inherit cmake
 inherit features_check
 
-EXTRA_OECMAKE = "-DLIB_INSTALL_DIR=${BASELIB}"
-S = "${WORKDIR}/${PN}-${PV}"
+EXTRA_OECMAKE = "-DLIB_INSTALL_DIR=${baselib}"
+S = "${WORKDIR}/git"
 
 LVGL_CONFIG_LV_MEM_CUSTOM ?= "0"
 
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch
new file mode 100644
index 0000000000..0322f55cc7
--- /dev/null
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch
@@ -0,0 +1,45 @@
+From 7bd884f8750892de4f50bf4642fcfbe7011c6bdf Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 18 Feb 2024 17:02:25 +0100
+Subject: [PATCH] opj_decompress: fix off-by-one read heap-buffer-overflow in
+ sycc420_to_rgb() when x0 and y0 are odd (CVE-2021-3575, fixes #1347)
+
+Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/7bd884f8750892de4f50bf4642fcfbe7011c6bdf]
+CVE: CVE-2021-3575
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/bin/common/color.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/bin/common/color.c b/src/bin/common/color.c
+index 27f15f13..ae5d648d 100644
+--- a/src/bin/common/color.c
++++ b/src/bin/common/color.c
+@@ -358,7 +358,15 @@ static void sycc420_to_rgb(opj_image_t *img)
+     if (i < loopmaxh) {
+         size_t j;
+
+-        for (j = 0U; j < (maxw & ~(size_t)1U); j += 2U) {
++        if (offx > 0U) {
++            sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
++            ++y;
++            ++r;
++            ++g;
++            ++b;
++        }
++
++        for (j = 0U; j < (loopmaxw & ~(size_t)1U); j += 2U) {
+             sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+
+             ++y;
+@@ -375,7 +383,7 @@ static void sycc420_to_rgb(opj_image_t *img)
+             ++cb;
+             ++cr;
+         }
+-        if (j < maxw) {
++        if (j < loopmaxw) {
+             sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+         }
+     }
+--
+2.39.3
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
index 42d2b4efb0..a619c07aa4 100644
--- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
@@ -11,6 +11,7 @@ SRC_URI = " \
     file://0001-This-patch-fixed-include-dir-to-usr-include-.-Obviou.patch \
     file://CVE-2021-29338.patch \
     file://CVE-2022-1122.patch \
+    file://CVE-2021-3575.patch \
 "
 SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505"
 S = "${WORKDIR}/git"
@@ -26,4 +27,4 @@ EXTRA_OECMAKE += "-DOPENJPEG_INSTALL_LIB_DIR=${@d.getVar('baselib').replace('/',
 
 FILES:${PN} += "${libdir}/openjpeg*"
 
-BBCLASSEXTEND = "native nativesdk"
+BBCLASSEXTEND = "native"
diff --git a/meta-oe/recipes-graphics/tslib/tslib_1.22.bb b/meta-oe/recipes-graphics/tslib/tslib_1.22.bb
index c2000b264b..cb2563225f 100644
--- a/meta-oe/recipes-graphics/tslib/tslib_1.22.bb
+++ b/meta-oe/recipes-graphics/tslib/tslib_1.22.bb
@@ -81,3 +81,5 @@ FILES:tslib-uinput += "${bindir}/ts_uinput"
 
 FILES:tslib-tests = "${bindir}/ts_harvest ${bindir}/ts_print ${bindir}/ts_print_raw ${bindir}/ts_print_mt \
                      ${bindir}/ts_test ${bindir}/ts_test_mt ${bindir}/ts_verify ${bindir}/ts_finddev ${bindir}/ts_conf"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb b/meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb
index 6a05e98e32..d394b33de2 100644
--- a/meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb
+++ b/meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb
@@ -13,7 +13,5 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=64322fab5239f5c8d97cf6e0e14f1c62"
 
 DEPENDS += "libxaw libxkbfile"
 
-BBCLASSEXTEND = "native"
-
 SRC_URI[md5sum] = "502b14843f610af977dffc6cbf2102d5"
 SRC_URI[sha256sum] = "d2a18ab90275e8bca028773c44264d2266dab70853db4321bdbc18da75148130"
diff --git a/meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb b/meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb
index 30a1e089e3..a9a8acf05c 100644
--- a/meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb
+++ b/meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb
@@ -8,7 +8,6 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6ea29dbee22324787c061f039e0529de"
 
 DEPENDS += "xbitmaps libxcursor"
-BBCLASSEXTEND = "native"
 
 SRC_URI[md5sum] = "5fe769c8777a6e873ed1305e4ce2c353"
 SRC_URI[sha256sum] = "10c442ba23591fb5470cea477a0aa5f679371f4f879c8387a1d9d05637ae417c"
diff --git a/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.01.bb b/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.01.bb
index 2ab5297949..a5271f08bd 100644
--- a/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.01.bb
+++ b/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.01.bb
@@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://driver/xscreensaver.h;endline=10;md5=c3ce41cdff745eb1
 SRC_URI = "https://www.jwz.org/${BPN}/${BP}.tar.gz"
 SRC_URI[sha256sum] = "085484665d91f60b4a1dedacd94bcf9b74b0fb096bcedc89ff1c245168e5473b"
 
+MIRRORS += "https://www.jwz.org/${BPN} https://ftp.osuosl.org/pub/blfs/conglomeration/${BPN}"
+
 SRC_URI += " \
     file://xscreensaver.service \
     file://0001-build-Do-not-build-po-files.patch \
diff --git a/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb b/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb
index 461e6b05ed..5f687b27b3 100644
--- a/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb
+++ b/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb
@@ -17,6 +17,7 @@ COMPATIBLE_HOST = "(x86_64|i.86|aarch64|riscv64|powerpc64).*-linux"
 S = "${WORKDIR}/git/src"
 
 EXTRA_OEMAKE += "DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir}"
+EXTRA_OEMAKE:append:class-native = " UAPIDIR=${includedir}"
 
 inherit pkgconfig
 
@@ -27,3 +28,9 @@ do_compile() {
 do_install() {
 	oe_runmake install
 }
+
+do_install:append:class-native() {
+	oe_runmake install_uapi_headers
+}
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-oe/recipes-multimedia/jack/jack/0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch b/meta-oe/recipes-multimedia/jack/jack/0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch
new file mode 100644
index 0000000000..d3b203111f
--- /dev/null
+++ b/meta-oe/recipes-multimedia/jack/jack/0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch
@@ -0,0 +1,52 @@
+From 415d50fc56b82963e5570c7738c61b22f4a83748 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Mon, 11 Jul 2022 00:56:28 +0200
+Subject: [PATCH] Remove usage of 'U' mode bit for opening files in python
+
+The 'U' mode bit is removed in python 3.11. It has been
+deprecated for a long time. The 'U' mode bit has no effect
+so this change doesn't change any behavior.
+
+See https://docs.python.org/3.11/whatsnew/3.11.html#changes-in-the-python-api
+
+Upstream-Status: Submitted [https://github.com/jackaudio/jack2/pull/884]
+---
+ waflib/ConfigSet.py | 2 +-
+ waflib/Context.py   | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/waflib/ConfigSet.py b/waflib/ConfigSet.py
+index b300bb56..84736c9c 100644
+--- a/waflib/ConfigSet.py
++++ b/waflib/ConfigSet.py
+@@ -312,7 +312,7 @@ class ConfigSet(object):
+ 		:type filename: string
+ 		"""
+ 		tbl = self.table
+-		code = Utils.readf(filename, m='rU')
++		code = Utils.readf(filename, m='r')
+ 		for m in re_imp.finditer(code):
+ 			g = m.group
+ 			tbl[g(2)] = eval(g(3))
+diff --git a/waflib/Context.py b/waflib/Context.py
+index 9fee3fa1..761b521f 100644
+--- a/waflib/Context.py
++++ b/waflib/Context.py
+@@ -266,7 +266,7 @@ class Context(ctx):
+ 				cache[node] = True
+ 				self.pre_recurse(node)
+ 				try:
+-					function_code = node.read('rU', encoding)
++					function_code = node.read('r', encoding)
+ 					exec(compile(function_code, node.abspath(), 'exec'), self.exec_dict)
+ 				finally:
+ 					self.post_recurse(node)
+@@ -662,7 +662,7 @@ def load_module(path, encoding=None):
+ 
+ 	module = imp.new_module(WSCRIPT_FILE)
+ 	try:
+-		code = Utils.readf(path, m='rU', encoding=encoding)
++		code = Utils.readf(path, m='r', encoding=encoding)
+ 	except EnvironmentError:
+ 		raise Errors.WafError('Could not read the file %r' % path)
+ 
diff --git a/meta-oe/recipes-multimedia/jack/jack_1.19.20.bb b/meta-oe/recipes-multimedia/jack/jack_1.19.20.bb
index 452f066559..ea8c0f385a 100644
--- a/meta-oe/recipes-multimedia/jack/jack_1.19.20.bb
+++ b/meta-oe/recipes-multimedia/jack/jack_1.19.20.bb
@@ -14,7 +14,9 @@ LIC_FILES_CHKSUM = " \
 
 DEPENDS = "libsamplerate0 libsndfile1 readline"
 
-SRC_URI = "git://github.com/jackaudio/jack2.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/jackaudio/jack2.git;branch=master;protocol=https \
+    file://0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch \
+"
 SRCREV = "a2fe7ec2fdbd315f112c8035282d94a429451178"
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch
new file mode 100644
index 0000000000..fb8fa3427f
--- /dev/null
+++ b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch
@@ -0,0 +1,60 @@
+Origin: commit c187154f47697cdbf822c2f9d714d570ed4a0fd1
+From: Oliver Kiddle <opk@zsh.org>
+Date: Wed, 15 Dec 2021 01:56:40 +0100
+Subject: [PATCH 1/9] security/41: Don't perform PROMPT_SUBST evaluation on
+ %F/%K arguments
+
+Mitigates CVE-2021-45444
+
+https://salsa.debian.org/debian/zsh/-/raw/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_1.patch?inline=false
+Upstream-Status: Backport
+CVE: CVE-2021-45444
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ ChangeLog    |  5 +++++
+ Src/prompt.c | 10 ++++++++++
+ 2 files changed, 15 insertions(+)
+
+diff --git a/ChangeLog b/ChangeLog
+index 8d7dfc169..eb248ec06 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,8 @@
++2022-01-27  dana  <dana@dana.is>
++
++	* Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive
++	PROMPT_SUBST
++
+ 2020-02-14  dana  <dana@dana.is>
+ 
+ 	* unposted: Config/version.mk: Update for 5.8
+diff --git a/Src/prompt.c b/Src/prompt.c
+index b65bfb86b..91e21c8e9 100644
+--- a/Src/prompt.c
++++ b/Src/prompt.c
+@@ -244,6 +244,12 @@ parsecolorchar(zattr arg, int is_fg)
+ 	bv->fm += 2; /* skip over F{ */
+ 	if ((ep = strchr(bv->fm, '}'))) {
+ 	    char oc = *ep, *col, *coll;
++	    int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG];
++	    int opp = opts[PROMPTPERCENT];
++
++	    opts[PROMPTPERCENT] = 1;
++	    opts[PROMPTSUBST] = opts[PROMPTBANG] = 0;
++
+ 	    *ep = '\0';
+ 	    /* expand the contents of the argument so you can use
+ 	     * %v for example */
+@@ -252,6 +258,10 @@ parsecolorchar(zattr arg, int is_fg)
+ 	    arg = match_colour((const char **)&coll, is_fg, 0);
+ 	    free(col);
+ 	    bv->fm = ep;
++
++	    opts[PROMPTSUBST] = ops;
++	    opts[PROMPTBANG] = opb;
++	    opts[PROMPTPERCENT] = opp;
+ 	} else {
+ 	    arg = match_colour((const char **)&bv->fm, is_fg, 0);
+ 	    if (*bv->fm != '}')
+-- 
+2.34.1
diff --git a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch
new file mode 100644
index 0000000000..e5b6d7cdc9
--- /dev/null
+++ b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch
@@ -0,0 +1,140 @@
+From 8a4d65ef6d0023ab9b238529410afb433553d2fa Mon Sep 17 00:00:00 2001
+From: Marc Cornellà <hello@mcornella.com>
+Date: Mon, 24 Jan 2022 09:43:28 +0100
+Subject: [PATCH 2/9] security/89: Add patch which can optionally be used to
+ work around CVE-2021-45444 in VCS_Info
+Comment: Updated to use the same file name without blanks as actually
+ used in the final 5.8.1 release.
+
+
+https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_2.patch
+Upstream-Status: Backport
+CVE: CVE-2021-45444
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ ChangeLog                                    |  5 +
+ Etc/CVE-2021-45444-VCS_Info-workaround.patch | 98 ++++++++++++++++++++
+ 2 files changed, 103 insertions(+)
+ create mode 100644 Etc/CVE-2021-45444-VCS_Info-workaround.patch
+
+diff --git a/ChangeLog b/ChangeLog
+index eb248ec06..9a05a09e1 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,5 +1,10 @@
+ 2022-01-27  dana  <dana@dana.is>
+ 
++	* Marc Cornellà: security/89:
++	Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which
++	can optionally be used to work around recursive PROMPT_SUBST
++	issue in VCS_Info
++
+ 	* Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive
+ 	PROMPT_SUBST
+ 
+diff --git a/Etc/CVE-2021-45444-VCS_Info-workaround.patch b/Etc/CVE-2021-45444-VCS_Info-workaround.patch
+new file mode 100644
+index 000000000..13e54be77
+--- /dev/null
++++ b/Etc/CVE-2021-45444-VCS_Info-workaround.patch
+@@ -0,0 +1,98 @@
++From 972887bbe5eb6a00e5f0e73781d6d73bfdcafb93 Mon Sep 17 00:00:00 2001
++From: =?UTF-8?q?Marc=20Cornell=C3=A0?= <hello@mcornella.com>
++Date: Mon, 24 Jan 2022 09:43:28 +0100
++Subject: [PATCH] security/89: Partially work around CVE-2021-45444 in VCS_Info
++MIME-Version: 1.0
++Content-Type: text/plain; charset=UTF-8
++Content-Transfer-Encoding: 8bit
++
++This patch is a partial, VCS_Info-specific work-around for CVE-2021-45444,
++which is mitigated in the shell itself in 5.8.1 and later versions. It is
++offered for users who are concerned about an exploit but are unable to update
++their binaries to receive the complete fix.
++
++The patch works around the vulnerability by pre-escaping values substituted
++into format strings in VCS_Info. Please note that this may break some user
++configurations that rely on those values being un-escaped (which is why it was
++not included directly in 5.8.1). It may be possible to limit this breakage by
++adjusting exactly which ones are pre-escaped, but of course this may leave
++them vulnerable again.
++
++If applying the patch to the file system is inconvenient or not possible, the
++following script can be used to idempotently patch the relevant function
++running in memory (and thus must be re-run when the shell is restarted):
++
++
++# Impacted versions go from v5.0.3 to v5.8 (v5.8.1 is the first patched version)
++autoload -Uz is-at-least
++if is-at-least 5.8.1 || ! is-at-least 5.0.3; then
++  return
++fi
++
++# Quote necessary $hook_com[<field>] items just before they are used
++# in the line "VCS_INFO_hook 'post-backend'" of the VCS_INFO_formats
++# function, where <field> is:
++#
++#   base:       the full path of the repository's root directory.
++#   base-name:  the name of the repository's root directory.
++#   branch:     the name of the currently checked out branch.
++#   revision:   an identifier of the currently checked out revision.
++#   subdir:     the path of the current directory relative to the
++#               repository's root directory.
++#   misc:       a string that may contain anything the vcs_info backend wants.
++#
++# This patch %-quotes these fields previous to their use in vcs_info hooks and
++# the zformat call and, eventually, when they get expanded in the prompt.
++# It's important to quote these here, and not later after hooks have modified the
++# fields, because then we could be quoting % characters from valid prompt sequences,
++# like %F{color}, %B, etc.
++#
++#  32   │ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})"
++#  33   │ hook_com[subdir_orig]="${hook_com[subdir]}"
++#  34   │
++#  35 + │ for tmp in base base-name branch misc revision subdir; do
++#  36 + │     hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"
++#  37 + │ done
++#  38 + │
++#  39   │ VCS_INFO_hook 'post-backend'
++#
++# This is especially important so that no command substitution is performed
++# due to malicious input as a consequence of CVE-2021-45444, which affects
++# zsh versions from 5.0.3 to 5.8.
++#
++autoload -Uz +X regexp-replace VCS_INFO_formats
++
++# We use $tmp here because it's already a local variable in VCS_INFO_formats
++typeset PATCH='for tmp (base base-name branch misc revision subdir) hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"'
++# Unique string to avoid reapplying the patch if this code gets called twice
++typeset PATCH_ID=vcs_info-patch-9b9840f2-91e5-4471-af84-9e9a0dc68c1b
++# Only patch the VCS_INFO_formats function if not already patched
++if [[ "$functions[VCS_INFO_formats]" != *$PATCH_ID* ]]; then
++  regexp-replace 'functions[VCS_INFO_formats]' \
++    "VCS_INFO_hook 'post-backend'" \
++    ': ${PATCH_ID}; ${PATCH}; ${MATCH}'
++fi
++unset PATCH PATCH_ID
++
++
++---
++ Functions/VCS_Info/VCS_INFO_formats | 4 ++++
++ 1 file changed, 4 insertions(+)
++
++diff --git a/Functions/VCS_Info/VCS_INFO_formats b/Functions/VCS_Info/VCS_INFO_formats
++index e0e1dc738..4d88e28b6 100644
++--- a/Functions/VCS_Info/VCS_INFO_formats
+++++ b/Functions/VCS_Info/VCS_INFO_formats
++@@ -32,6 +32,10 @@ hook_com[base-name_orig]="${hook_com[base_name]}"
++ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})"
++ hook_com[subdir_orig]="${hook_com[subdir]}"
++ 
+++for tmp in base base-name branch misc revision subdir; do
+++    hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"
+++done
+++
++ VCS_INFO_hook 'post-backend'
++ 
++ ## description (for backend authors):
++-- 
++2.34.1
+-- 
+2.34.1
diff --git a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch
new file mode 100644
index 0000000000..adfc00ae57
--- /dev/null
+++ b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch
@@ -0,0 +1,77 @@
+From 4abf2fc193fc2f3e680deecbf81289a7b02e245b Mon Sep 17 00:00:00 2001
+From: dana <dana@dana.is>
+Date: Tue, 21 Dec 2021 13:13:33 -0600
+Subject: [PATCH 3/9] CVE-2021-45444: Update NEWS/README
+
+https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_3.patch
+Upstream-Status: Backport
+CVE: CVE-2021-45444
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ ChangeLog |  2 ++
+ NEWS      | 20 ++++++++++++++++++++
+ README    |  6 ++++++
+ 3 files changed, 28 insertions(+)
+
+diff --git a/ChangeLog b/ChangeLog
+index 9a05a09e1..93b0bc337 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,5 +1,7 @@
+ 2022-01-27  dana  <dana@dana.is>
+ 
++	* CVE-2021-45444: NEWS, README: Document preceding two changes
++
+ 	* Marc Cornellà: security/89:
+ 	Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which
+ 	can optionally be used to work around recursive PROMPT_SUBST
+diff --git a/NEWS b/NEWS
+index 964e1633f..d34b3f79e 100644
+--- a/NEWS
++++ b/NEWS
+@@ -4,6 +4,26 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH
+ 
+ Note also the list of incompatibilities in the README file.
+ 
++Changes since 5.8
++-----------------
++
++CVE-2021-45444: Some prompt expansion sequences, such as %F, support
++'arguments' which are themselves expanded in case they contain colour
++values, etc. This additional expansion would trigger PROMPT_SUBST
++evaluation, if enabled. This could be abused to execute code the user
++didn't expect. e.g., given a certain prompt configuration, an attacker
++could trick a user into executing arbitrary code by having them check
++out a Git branch with a specially crafted name.
++
++This is fixed in the shell itself by no longer performing PROMPT_SUBST
++evaluation on these prompt-expansion arguments.
++
++Users who are concerned about an exploit but unable to update their
++binaries may apply the partial work-around described in the file
++'Etc/CVE-2021-45444 VCS_Info workaround.patch' included with the shell
++source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to
++Marc Cornellà <hello@mcornella.com>. ]
++
+ Changes since 5.7.1-test-3
+ --------------------------
+ 
+diff --git a/README b/README
+index 7f1dd5f92..c9e994ab3 100644
+--- a/README
++++ b/README
+@@ -31,6 +31,12 @@ Zsh is a shell with lots of features.  For a list of some of these, see the
+ file FEATURES, and for the latest changes see NEWS.  For more
+ details, see the documentation.
+ 
++Incompatibilities since 5.8
++---------------------------
++
++PROMPT_SUBST expansion is no longer performed on arguments to prompt-
++expansion sequences such as %F.
++
+ Incompatibilities since 5.7.1
+ -----------------------------
+ 
+-- 
+2.34.1
diff --git a/meta-oe/recipes-shells/zsh/zsh_5.8.bb b/meta-oe/recipes-shells/zsh/zsh_5.8.bb
index 0429cb9cc7..7602ff9f64 100644
--- a/meta-oe/recipes-shells/zsh/zsh_5.8.bb
+++ b/meta-oe/recipes-shells/zsh/zsh_5.8.bb
@@ -10,7 +10,11 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=1a4c4cda3e8096d2fd483ff2f4514fec"
 
 DEPENDS = "ncurses bison-native libcap libpcre gdbm groff-native"
 
-SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/5.8/${BP}.tar.xz"
+SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/5.8/${BP}.tar.xz \
+	file://CVE-2021-45444_1.patch \
+	file://CVE-2021-45444_2.patch \
+	file://CVE-2021-45444_3.patch \
+	"
 SRC_URI[sha256sum] = "dcc4b54cc5565670a65581760261c163d720991f0d06486da61f8d839b52de27"
 
 inherit autotools-brokensep gettext update-alternatives manpages
@@ -18,8 +22,8 @@ inherit autotools-brokensep gettext update-alternatives manpages
 EXTRA_OECONF = " \
     --bindir=${base_bindir} \
     --enable-etcdir=${sysconfdir} \
-    --enable-fndir=${datadir}/${PN}/${PV}/functions \
-    --enable-site-fndir=${datadir}/${PN}/site-functions \
+    --enable-fndir=${datadir}/${BPN}/${PV}/functions \
+    --enable-site-fndir=${datadir}/${BPN}/site-functions \
     --with-term-lib='ncursesw ncurses' \
     --with-tcsetpgrp \
     --enable-cap \
diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch
new file mode 100644
index 0000000000..328075ca64
--- /dev/null
+++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch
@@ -0,0 +1,66 @@
+From 9903253c347f9e0bffd285ae3829aef251cc852d Mon Sep 17 00:00:00 2001
+From: hopper-vul <118949689+hopper-vul@users.noreply.github.com>
+Date: Wed, 18 Jan 2023 22:14:26 +0800
+Subject: [PATCH] Add str len check in config_sortlist to avoid stack overflow
+ (#497)
+
+In ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse
+the input str and initialize a sortlist configuration.
+
+However, ares_set_sortlist has not any checks about the validity of the input str.
+It is very easy to create an arbitrary length stack overflow with the unchecked
+`memcpy(ipbuf, str, q-str);` and `memcpy(ipbufpfx, str, q-str);`
+statements in the config_sortlist call, which could potentially cause severe
+security impact in practical programs.
+
+This commit add necessary check for `ipbuf` and `ipbufpfx` which avoid the
+potential stack overflows.
+
+fixes #496
+
+Fix By: @hopper-vul
+
+CVE: CVE-2022-4904
+Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/9903253c347f9e0bffd285ae3829aef251cc852d]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/lib/ares_init.c    | 4 ++++
+ test/ares-test-init.cc | 2 ++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/src/lib/ares_init.c b/src/lib/ares_init.c
+index 51668a5c..3f9cec65 100644
+--- a/src/lib/ares_init.c
++++ b/src/lib/ares_init.c
+@@ -1913,6 +1913,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
+       q = str;
+       while (*q && *q != '/' && *q != ';' && !ISSPACE(*q))
+         q++;
++      if (q-str >= 16)
++        return ARES_EBADSTR;
+       memcpy(ipbuf, str, q-str);
+       ipbuf[q-str] = '\0';
+       /* Find the prefix */
+@@ -1921,6 +1923,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
+           const char *str2 = q+1;
+           while (*q && *q != ';' && !ISSPACE(*q))
+             q++;
++          if (q-str >= 32)
++            return ARES_EBADSTR;
+           memcpy(ipbufpfx, str, q-str);
+           ipbufpfx[q-str] = '\0';
+           str = str2;
+diff --git a/test/ares-test-init.cc b/test/ares-test-init.cc
+index 63c6a228..ee845181 100644
+--- a/test/ares-test-init.cc
++++ b/test/ares-test-init.cc
+@@ -275,6 +275,8 @@ TEST_F(DefaultChannelTest, SetAddresses) {
+ 
+ TEST_F(DefaultChannelTest, SetSortlistFailures) {
+   EXPECT_EQ(ARES_ENODATA, ares_set_sortlist(nullptr, "1.2.3.4"));
++  EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111*/16"));
++  EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111/255.255.255.240*"));
+   EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; lwk"));
+   EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; 0x123"));
+ }
diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31130.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31130.patch
new file mode 100644
index 0000000000..3e507f7cda
--- /dev/null
+++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31130.patch
@@ -0,0 +1,328 @@
+From f22cc01039b6473b736d3bf438f56a2654cdf2b2 Mon Sep 17 00:00:00 2001
+From: Brad House <brad@brad-house.com>
+Date: Mon, 22 May 2023 06:51:34 -0400
+Subject: [PATCH] Merge pull request from GHSA-x6mf-cxr9-8q6v
+
+* Merged latest OpenBSD changes for inet_net_pton_ipv6() into c-ares.
+* Always use our own IP conversion functions now, do not delegate to OS
+  so we can have consistency in testing and fuzzing.
+* Removed bogus test cases that never should have passed.
+* Add new test case for crash bug found.
+
+Fix By: Brad House (@bradh352)
+
+Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/f22cc01039b6473b736d3bf438f56a2654cdf2b2.patch]
+CVE: CVE-2023-31130
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/lib/inet_net_pton.c    | 155 ++++++++++++++++++++-----------------
+ test/ares-test-internal.cc |   7 +-
+ 2 files changed, 86 insertions(+), 76 deletions(-)
+
+diff --git a/src/lib/inet_net_pton.c b/src/lib/inet_net_pton.c
+index 840de50..fc50425 100644
+--- a/src/lib/inet_net_pton.c
++++ b/src/lib/inet_net_pton.c
+@@ -1,19 +1,20 @@
+ 
+ /*
+- * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
++ * Copyright (c) 2012 by Gilles Chehade <gilles@openbsd.org>
+  * Copyright (c) 1996,1999 by Internet Software Consortium.
+  *
+  * Permission to use, copy, modify, and distribute this software for any
+  * purpose with or without fee is hereby granted, provided that the above
+  * copyright notice and this permission notice appear in all copies.
+  *
+- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
+- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+- * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
+- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+- * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
++ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
++ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
++ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
++ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
++ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
++ * SOFTWARE.
+  */
+ 
+ #include "ares_setup.h"
+@@ -35,9 +36,6 @@
+ 
+ const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } } };
+ 
+-
+-#ifndef HAVE_INET_NET_PTON
+-
+ /*
+  * static int
+  * inet_net_pton_ipv4(src, dst, size)
+@@ -60,7 +58,7 @@ const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+  *      Paul Vixie (ISC), June 1996
+  */
+ static int
+-inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size)
++ares_inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size)
+ {
+   static const char xdigits[] = "0123456789abcdef";
+   static const char digits[] = "0123456789";
+@@ -261,19 +259,14 @@ getv4(const char *src, unsigned char *dst, int *bitsp)
+ }
+ 
+ static int
+-inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
++ares_inet_pton6(const char *src, unsigned char *dst)
+ {
+   static const char xdigits_l[] = "0123456789abcdef",
+-    xdigits_u[] = "0123456789ABCDEF";
++        xdigits_u[] = "0123456789ABCDEF";
+   unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
+   const char *xdigits, *curtok;
+-  int ch, saw_xdigit;
++  int ch, saw_xdigit, count_xdigit;
+   unsigned int val;
+-  int digits;
+-  int bits;
+-  size_t bytes;
+-  int words;
+-  int ipv4;
+ 
+   memset((tp = tmp), '\0', NS_IN6ADDRSZ);
+   endp = tp + NS_IN6ADDRSZ;
+@@ -283,22 +276,22 @@ inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
+     if (*++src != ':')
+       goto enoent;
+   curtok = src;
+-  saw_xdigit = 0;
++  saw_xdigit = count_xdigit = 0;
+   val = 0;
+-  digits = 0;
+-  bits = -1;
+-  ipv4 = 0;
+   while ((ch = *src++) != '\0') {
+     const char *pch;
+ 
+     if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
+       pch = strchr((xdigits = xdigits_u), ch);
+     if (pch != NULL) {
++      if (count_xdigit >= 4)
++        goto enoent;
+       val <<= 4;
+-      val |= aresx_sztoui(pch - xdigits);
+-      if (++digits > 4)
++      val |= (pch - xdigits);
++      if (val > 0xffff)
+         goto enoent;
+       saw_xdigit = 1;
++      count_xdigit++;
+       continue;
+     }
+     if (ch == ':') {
+@@ -308,78 +301,107 @@ inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
+           goto enoent;
+         colonp = tp;
+         continue;
+-      } else if (*src == '\0')
++      } else if (*src == '\0') {
+         goto enoent;
++      }
+       if (tp + NS_INT16SZ > endp)
+-        return (0);
+-      *tp++ = (unsigned char)((val >> 8) & 0xff);
+-      *tp++ = (unsigned char)(val & 0xff);
++        goto enoent;
++      *tp++ = (unsigned char) (val >> 8) & 0xff;
++      *tp++ = (unsigned char) val & 0xff;
+       saw_xdigit = 0;
+-      digits = 0;
++      count_xdigit = 0;
+       val = 0;
+       continue;
+     }
+     if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
+-        getv4(curtok, tp, &bits) > 0) {
+-      tp += NS_INADDRSZ;
++        ares_inet_net_pton_ipv4(curtok, tp, INADDRSZ) > 0) {
++      tp += INADDRSZ;
+       saw_xdigit = 0;
+-      ipv4 = 1;
++      count_xdigit = 0;
+       break;  /* '\0' was seen by inet_pton4(). */
+     }
+-    if (ch == '/' && getbits(src, &bits) > 0)
+-      break;
+     goto enoent;
+   }
+   if (saw_xdigit) {
+     if (tp + NS_INT16SZ > endp)
+       goto enoent;
+-    *tp++ = (unsigned char)((val >> 8) & 0xff);
+-    *tp++ = (unsigned char)(val & 0xff);
++    *tp++ = (unsigned char) (val >> 8) & 0xff;
++    *tp++ = (unsigned char) val & 0xff;
+   }
+-  if (bits == -1)
+-    bits = 128;
+-
+-  words = (bits + 15) / 16;
+-  if (words < 2)
+-    words = 2;
+-  if (ipv4)
+-    words = 8;
+-  endp =  tmp + 2 * words;
+-
+   if (colonp != NULL) {
+     /*
+      * Since some memmove()'s erroneously fail to handle
+      * overlapping regions, we'll do the shift by hand.
+      */
+-    const ares_ssize_t n = tp - colonp;
+-    ares_ssize_t i;
++    const int n = tp - colonp;
++    int i;
+ 
+     if (tp == endp)
+       goto enoent;
+     for (i = 1; i <= n; i++) {
+-      *(endp - i) = *(colonp + n - i);
+-      *(colonp + n - i) = 0;
++      endp[- i] = colonp[n - i];
++      colonp[n - i] = 0;
+     }
+     tp = endp;
+   }
+   if (tp != endp)
+     goto enoent;
+ 
+-  bytes = (bits + 7) / 8;
+-  if (bytes > size)
+-    goto emsgsize;
+-  memcpy(dst, tmp, bytes);
+-  return (bits);
++  memcpy(dst, tmp, NS_IN6ADDRSZ);
++  return (1);
+ 
+-  enoent:
++enoent:
+   SET_ERRNO(ENOENT);
+   return (-1);
+ 
+-  emsgsize:
++emsgsize:
+   SET_ERRNO(EMSGSIZE);
+   return (-1);
+ }
+ 
++static int
++ares_inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
++{
++  struct ares_in6_addr in6;
++  int                  ret;
++  int                  bits;
++  size_t               bytes;
++  char                 buf[INET6_ADDRSTRLEN + sizeof("/128")];
++  char                *sep;
++  const char          *errstr;
++
++  if (strlen(src) >= sizeof buf) {
++    SET_ERRNO(EMSGSIZE);
++    return (-1);
++  }
++  strncpy(buf, src, sizeof buf);
++
++  sep = strchr(buf, '/');
++  if (sep != NULL)
++    *sep++ = '\0';
++
++  ret = ares_inet_pton6(buf, (unsigned char *)&in6);
++  if (ret != 1)
++    return (-1);
++
++  if (sep == NULL)
++    bits = 128;
++  else {
++    if (!getbits(sep, &bits)) {
++      SET_ERRNO(ENOENT);
++      return (-1);
++    }
++  }
++
++  bytes = (bits + 7) / 8;
++  if (bytes > size) {
++    SET_ERRNO(EMSGSIZE);
++    return (-1);
++  }
++  memcpy(dst, &in6, bytes);
++  return (bits);
++}
++
+ /*
+  * int
+  * inet_net_pton(af, src, dst, size)
+@@ -403,18 +425,15 @@ ares_inet_net_pton(int af, const char *src, void *dst, size_t size)
+ {
+   switch (af) {
+   case AF_INET:
+-    return (inet_net_pton_ipv4(src, dst, size));
++    return (ares_inet_net_pton_ipv4(src, dst, size));
+   case AF_INET6:
+-    return (inet_net_pton_ipv6(src, dst, size));
++    return (ares_inet_net_pton_ipv6(src, dst, size));
+   default:
+     SET_ERRNO(EAFNOSUPPORT);
+     return (-1);
+   }
+ }
+ 
+-#endif /* HAVE_INET_NET_PTON */
+-
+-#ifndef HAVE_INET_PTON
+ int ares_inet_pton(int af, const char *src, void *dst)
+ {
+   int result;
+@@ -434,11 +453,3 @@ int ares_inet_pton(int af, const char *src, void *dst)
+     return 0;
+   return (result > -1 ? 1 : -1);
+ }
+-#else /* HAVE_INET_PTON */
+-int ares_inet_pton(int af, const char *src, void *dst)
+-{
+-  /* just relay this to the underlying function */
+-  return inet_pton(af, src, dst);
+-}
+-
+-#endif
+diff --git a/test/ares-test-internal.cc b/test/ares-test-internal.cc
+index 96d4ede..161f0a5 100644
+--- a/test/ares-test-internal.cc
++++ b/test/ares-test-internal.cc
+@@ -81,6 +81,7 @@ TEST_F(LibraryTest, InetPtoN) {
+   EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "12:34::ff/0", &a6, sizeof(a6)));
+   EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "12:34::ffff:0.2", &a6, sizeof(a6)));
+   EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234", &a6, sizeof(a6)));
++  EXPECT_EQ(2, ares_inet_net_pton(AF_INET6, "0::00:00:00/2", &a6, sizeof(a6)));
+ 
+   // Various malformed versions
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "", &a4, sizeof(a4)));
+@@ -118,11 +119,9 @@ TEST_F(LibraryTest, InetPtoN) {
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":1234:1234:1234:1234:1234:1234:1234:1234", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":1234:1234:1234:1234:1234:1234:1234:1234:", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678", &a6, sizeof(a6)));
+-  // TODO(drysdale): check whether the next two tests should give -1.
+-  EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678", &a6, sizeof(a6)));
+-  EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678:5678", &a6, sizeof(a6)));
++  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678", &a6, sizeof(a6)));
++  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678:5678", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:257.2.3.4", &a6, sizeof(a6)));
+-  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:002.2.3.4", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4.5.6", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4.5", &a6, sizeof(a6)));
+   EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.z", &a6, sizeof(a6)));
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31147.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31147.patch
new file mode 100644
index 0000000000..bbd6aa0aec
--- /dev/null
+++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31147.patch
@@ -0,0 +1,717 @@
+From c543406f44fa070ea101d4d4b173c2c88af0c2a5 Mon Sep 17 00:00:00 2001
+From: Brad House <brad@brad-house.com>
+Date: Mon, 22 May 2023 06:51:06 -0400
+Subject: [PATCH] Merge pull request from GHSA-8r8p-23f3-64c2
+
+* segment random number generation into own file
+
+* abstract random code to make it more modular so we can have multiple backends
+
+* rand: add support for arc4random_buf() and also direct CARES_RANDOM_FILE reading
+
+* autotools: fix detection of arc4random_buf
+
+* rework initial rc4 seed for PRNG as last fallback
+
+* rc4: more proper implementation, simplified for clarity
+
+* clarifications
+
+CVE: CVE-2023-31147
+Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/823df3b989e59465d17b0a2eb1239a5fc048b4e5]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ CMakeLists.txt              |   2 +
+ configure.ac                |   1 +
+ m4/cares-functions.m4       |  85 +++++++++++
+ src/lib/Makefile.inc        |   1 +
+ src/lib/ares_config.h.cmake |   3 +
+ src/lib/ares_destroy.c      |   3 +
+ src/lib/ares_init.c         |  82 ++---------
+ src/lib/ares_private.h      |  19 ++-
+ src/lib/ares_query.c        |  36 +----
+ src/lib/ares_rand.c         | 274 ++++++++++++++++++++++++++++++++++++
+ 10 files changed, 387 insertions(+), 119 deletions(-)
+ create mode 100644 src/lib/ares_rand.c
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 194485a..1fb9af5 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -386,6 +386,8 @@ CHECK_SYMBOL_EXISTS (strncasecmp     "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNCAS
+ CHECK_SYMBOL_EXISTS (strncmpi        "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNCMPI)
+ CHECK_SYMBOL_EXISTS (strnicmp        "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNICMP)
+ CHECK_SYMBOL_EXISTS (writev          "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_WRITEV)
++CHECK_SYMBOL_EXISTS (arc4random_buf  "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_ARC4RANDOM_BUF)
++
+ 
+ # On Android, the system headers may define __system_property_get(), but excluded
+ # from libc.  We need to perform a link test instead of a header/symbol test.
+diff --git a/configure.ac b/configure.ac
+index 1d0fb5c..9a76369 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -683,6 +683,7 @@ CARES_CHECK_FUNC_STRNCASECMP
+ CARES_CHECK_FUNC_STRNCMPI
+ CARES_CHECK_FUNC_STRNICMP
+ CARES_CHECK_FUNC_WRITEV
++CARES_CHECK_FUNC_ARC4RANDOM_BUF
+ 
+ 
+ dnl check for AF_INET6
+diff --git a/m4/cares-functions.m4 b/m4/cares-functions.m4
+index 0f3992c..d4f4f99 100644
+--- a/m4/cares-functions.m4
++++ b/m4/cares-functions.m4
+@@ -3753,3 +3753,88 @@ AC_DEFUN([CARES_CHECK_FUNC_WRITEV], [
+     ac_cv_func_writev="no"
+   fi
+ ])
++
++dnl CARES_CHECK_FUNC_ARC4RANDOM_BUF
++dnl -------------------------------------------------
++dnl Verify if arc4random_buf is available, prototyped, and
++dnl can be compiled. If all of these are true, and
++dnl usage has not been previously disallowed with
++dnl shell variable cares_disallow_arc4random_buf, then
++dnl HAVE_ARC4RANDOM_BUF will be defined.
++
++AC_DEFUN([CARES_CHECK_FUNC_ARC4RANDOM_BUF], [
++  AC_REQUIRE([CARES_INCLUDES_STDLIB])dnl
++  #
++  tst_links_arc4random_buf="unknown"
++  tst_proto_arc4random_buf="unknown"
++  tst_compi_arc4random_buf="unknown"
++  tst_allow_arc4random_buf="unknown"
++  #
++  AC_MSG_CHECKING([if arc4random_buf can be linked])
++  AC_LINK_IFELSE([
++    AC_LANG_FUNC_LINK_TRY([arc4random_buf])
++  ],[
++    AC_MSG_RESULT([yes])
++    tst_links_arc4random_buf="yes"
++  ],[
++    AC_MSG_RESULT([no])
++    tst_links_arc4random_buf="no"
++  ])
++  #
++  if test "$tst_links_arc4random_buf" = "yes"; then
++    AC_MSG_CHECKING([if arc4random_buf is prototyped])
++    AC_EGREP_CPP([arc4random_buf],[
++      $cares_includes_stdlib
++    ],[
++      AC_MSG_RESULT([yes])
++      tst_proto_arc4random_buf="yes"
++    ],[
++      AC_MSG_RESULT([no])
++      tst_proto_arc4random_buf="no"
++    ])
++  fi
++  #
++  if test "$tst_proto_arc4random_buf" = "yes"; then
++    AC_MSG_CHECKING([if arc4random_buf is compilable])
++    AC_COMPILE_IFELSE([
++      AC_LANG_PROGRAM([[
++        $cares_includes_stdlib
++      ]],[[
++          arc4random_buf(NULL, 0);
++          return 1;
++      ]])
++    ],[
++      AC_MSG_RESULT([yes])
++      tst_compi_arc4random_buf="yes"
++    ],[
++      AC_MSG_RESULT([no])
++      tst_compi_arc4random_buf="no"
++    ])
++  fi
++  #
++  if test "$tst_compi_arc4random_buf" = "yes"; then
++    AC_MSG_CHECKING([if arc4random_buf usage allowed])
++    if test "x$cares_disallow_arc4random_buf" != "xyes"; then
++      AC_MSG_RESULT([yes])
++      tst_allow_arc4random_buf="yes"
++    else
++      AC_MSG_RESULT([no])
++      tst_allow_arc4random_buf="no"
++    fi
++  fi
++  #
++  AC_MSG_CHECKING([if arc4random_buf might be used])
++  if test "$tst_links_arc4random_buf" = "yes" &&
++     test "$tst_proto_arc4random_buf" = "yes" &&
++     test "$tst_compi_arc4random_buf" = "yes" &&
++     test "$tst_allow_arc4random_buf" = "yes"; then
++    AC_MSG_RESULT([yes])
++    AC_DEFINE_UNQUOTED(HAVE_ARC4RANDOM_BUF, 1,
++      [Define to 1 if you have the arc4random_buf function.])
++    ac_cv_func_arc4random_buf="yes"
++  else
++    AC_MSG_RESULT([no])
++    ac_cv_func_arc4random_buf="no"
++  fi
++])
++
+diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc
+index a3b060c..72a7673 100644
+--- a/src/lib/Makefile.inc
++++ b/src/lib/Makefile.inc
+@@ -45,6 +45,7 @@ CSOURCES = ares__addrinfo2hostent.c	\
+   ares_platform.c			\
+   ares_process.c			\
+   ares_query.c				\
++  ares_rand.c \
+   ares_search.c				\
+   ares_send.c				\
+   ares_strcasecmp.c			\
+diff --git a/src/lib/ares_config.h.cmake b/src/lib/ares_config.h.cmake
+index fddb785..798820a 100644
+--- a/src/lib/ares_config.h.cmake
++++ b/src/lib/ares_config.h.cmake
+@@ -346,6 +346,9 @@
+ /* Define to 1 if you need the memory.h header file even with stdlib.h */
+ #cmakedefine NEED_MEMORY_H
+ 
++/* Define if have arc4random_buf() */
++#cmakedefine HAVE_ARC4RANDOM_BUF
++
+ /* a suitable file/device to read random data from */
+ #cmakedefine CARES_RANDOM_FILE "@CARES_RANDOM_FILE@"
+ 
+diff --git a/src/lib/ares_destroy.c b/src/lib/ares_destroy.c
+index fed2009..0447af4 100644
+--- a/src/lib/ares_destroy.c
++++ b/src/lib/ares_destroy.c
+@@ -90,6 +90,9 @@ void ares_destroy(ares_channel channel)
+   if (channel->resolvconf_path)
+     ares_free(channel->resolvconf_path);
+ 
++  if (channel->rand_state)
++    ares__destroy_rand_state(channel->rand_state);
++
+   ares_free(channel);
+ }
+ 
+diff --git a/src/lib/ares_init.c b/src/lib/ares_init.c
+index de5d86c..2607ed6 100644
+--- a/src/lib/ares_init.c
++++ b/src/lib/ares_init.c
+@@ -72,7 +72,6 @@ static int config_nameserver(struct server_state **servers, int *nservers,
+ static int set_search(ares_channel channel, const char *str);
+ static int set_options(ares_channel channel, const char *str);
+ static const char *try_option(const char *p, const char *q, const char *opt);
+-static int init_id_key(rc4_key* key,int key_data_len);
+ 
+ static int config_sortlist(struct apattern **sortlist, int *nsort,
+                            const char *str);
+@@ -149,6 +148,7 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options,
+   channel->sock_funcs = NULL;
+   channel->sock_func_cb_data = NULL;
+   channel->resolvconf_path = NULL;
++  channel->rand_state = NULL;
+ 
+   channel->last_server = 0;
+   channel->last_timeout_processed = (time_t)now.tv_sec;
+@@ -202,9 +202,13 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options,
+   /* Generate random key */
+ 
+   if (status == ARES_SUCCESS) {
+-    status = init_id_key(&channel->id_key, ARES_ID_KEY_LEN);
++    channel->rand_state = ares__init_rand_state();
++    if (channel->rand_state == NULL) {
++      status = ARES_ENOMEM;
++    }
++
+     if (status == ARES_SUCCESS)
+-      channel->next_id = ares__generate_new_id(&channel->id_key);
++      channel->next_id = ares__generate_new_id(channel->rand_state);
+     else
+       DEBUGF(fprintf(stderr, "Error: init_id_key failed: %s\n",
+                      ares_strerror(status)));
+@@ -224,6 +228,8 @@ done:
+         ares_free(channel->lookups);
+       if(channel->resolvconf_path)
+         ares_free(channel->resolvconf_path);
++      if (channel->rand_state)
++        ares__destroy_rand_state(channel->rand_state);
+       ares_free(channel);
+       return status;
+     }
+@@ -2495,76 +2501,6 @@ static int sortlist_alloc(struct apattern **sortlist, int *nsort,
+   return 1;
+ }
+ 
+-/* initialize an rc4 key. If possible a cryptographically secure random key
+-   is generated using a suitable function (for example win32's RtlGenRandom as
+-   described in
+-   http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx
+-   otherwise the code defaults to cross-platform albeit less secure mechanism
+-   using rand
+-*/
+-static void randomize_key(unsigned char* key,int key_data_len)
+-{
+-  int randomized = 0;
+-  int counter=0;
+-#ifdef WIN32
+-  BOOLEAN res;
+-  if (ares_fpSystemFunction036)
+-    {
+-      res = (*ares_fpSystemFunction036) (key, key_data_len);
+-      if (res)
+-        randomized = 1;
+-    }
+-#else /* !WIN32 */
+-#ifdef CARES_RANDOM_FILE
+-  FILE *f = fopen(CARES_RANDOM_FILE, "rb");
+-  if(f) {
+-    setvbuf(f, NULL, _IONBF, 0);
+-    counter = aresx_uztosi(fread(key, 1, key_data_len, f));
+-    fclose(f);
+-  }
+-#endif
+-#endif /* WIN32 */
+-
+-  if (!randomized) {
+-    for (;counter<key_data_len;counter++)
+-      key[counter]=(unsigned char)(rand() % 256);  /* LCOV_EXCL_LINE */
+-  }
+-}
+-
+-static int init_id_key(rc4_key* key,int key_data_len)
+-{
+-  unsigned char index1;
+-  unsigned char index2;
+-  unsigned char* state;
+-  short counter;
+-  unsigned char *key_data_ptr = 0;
+-
+-  key_data_ptr = ares_malloc(key_data_len);
+-  if (!key_data_ptr)
+-    return ARES_ENOMEM;
+-  memset(key_data_ptr, 0, key_data_len);
+-
+-  state = &key->state[0];
+-  for(counter = 0; counter < 256; counter++)
+-    /* unnecessary AND but it keeps some compilers happier */
+-    state[counter] = (unsigned char)(counter & 0xff);
+-  randomize_key(key->state,key_data_len);
+-  key->x = 0;
+-  key->y = 0;
+-  index1 = 0;
+-  index2 = 0;
+-  for(counter = 0; counter < 256; counter++)
+-  {
+-    index2 = (unsigned char)((key_data_ptr[index1] + state[counter] +
+-                              index2) % 256);
+-    ARES_SWAP_BYTE(&state[counter], &state[index2]);
+-
+-    index1 = (unsigned char)((index1 + 1) % key_data_len);
+-  }
+-  ares_free(key_data_ptr);
+-  return ARES_SUCCESS;
+-}
+-
+ void ares_set_local_ip4(ares_channel channel, unsigned int local_ip)
+ {
+   channel->local_ip4 = local_ip;
+diff --git a/src/lib/ares_private.h b/src/lib/ares_private.h
+index 60d69e0..518b5c3 100644
+--- a/src/lib/ares_private.h
++++ b/src/lib/ares_private.h
+@@ -101,8 +101,6 @@ W32_FUNC const char *_w32_GetHostsFile (void);
+ 
+ #endif
+ 
+-#define ARES_ID_KEY_LEN 31
+-
+ #include "ares_ipv6.h"
+ #include "ares_llist.h"
+ 
+@@ -262,12 +260,8 @@ struct apattern {
+   unsigned short type;
+ };
+ 
+-typedef struct rc4_key
+-{
+-  unsigned char state[256];
+-  unsigned char x;
+-  unsigned char y;
+-} rc4_key;
++struct ares_rand_state;
++typedef struct ares_rand_state ares_rand_state;
+ 
+ struct ares_channeldata {
+   /* Configuration data */
+@@ -302,8 +296,8 @@ struct ares_channeldata {
+ 
+   /* ID to use for next query */
+   unsigned short next_id;
+-  /* key to use when generating new ids */
+-  rc4_key id_key;
++  /* random state to use when generating new ids */
++  ares_rand_state *rand_state;
+ 
+   /* Generation number to use for the next TCP socket open/close */
+   int tcp_connection_generation;
+@@ -359,7 +353,10 @@ void ares__close_sockets(ares_channel channel, struct server_state *server);
+ int ares__get_hostent(FILE *fp, int family, struct hostent **host);
+ int ares__read_line(FILE *fp, char **buf, size_t *bufsize);
+ void ares__free_query(struct query *query);
+-unsigned short ares__generate_new_id(rc4_key* key);
++
++ares_rand_state *ares__init_rand_state(void);
++void ares__destroy_rand_state(ares_rand_state *state);
++unsigned short ares__generate_new_id(ares_rand_state *state);
+ struct timeval ares__tvnow(void);
+ int ares__expand_name_validated(const unsigned char *encoded,
+                                 const unsigned char *abuf,
+diff --git a/src/lib/ares_query.c b/src/lib/ares_query.c
+index 508274d..42323be 100644
+--- a/src/lib/ares_query.c
++++ b/src/lib/ares_query.c
+@@ -33,32 +33,6 @@ struct qquery {
+ 
+ static void qcallback(void *arg, int status, int timeouts, unsigned char *abuf, int alen);
+ 
+-static void rc4(rc4_key* key, unsigned char *buffer_ptr, int buffer_len)
+-{
+-  unsigned char x;
+-  unsigned char y;
+-  unsigned char* state;
+-  unsigned char xorIndex;
+-  int counter;
+-
+-  x = key->x;
+-  y = key->y;
+-
+-  state = &key->state[0];
+-  for(counter = 0; counter < buffer_len; counter ++)
+-  {
+-    x = (unsigned char)((x + 1) % 256);
+-    y = (unsigned char)((state[x] + y) % 256);
+-    ARES_SWAP_BYTE(&state[x], &state[y]);
+-
+-    xorIndex = (unsigned char)((state[x] + state[y]) % 256);
+-
+-    buffer_ptr[counter] = (unsigned char)(buffer_ptr[counter]^state[xorIndex]);
+-  }
+-  key->x = x;
+-  key->y = y;
+-}
+-
+ static struct query* find_query_by_id(ares_channel channel, unsigned short id)
+ {
+   unsigned short qid;
+@@ -78,7 +52,6 @@ static struct query* find_query_by_id(ares_channel channel, unsigned short id)
+   return NULL;
+ }
+ 
+-
+ /* a unique query id is generated using an rc4 key. Since the id may already
+    be used by a running query (as infrequent as it may be), a lookup is
+    performed per id generation. In practice this search should happen only
+@@ -89,19 +62,12 @@ static unsigned short generate_unique_id(ares_channel channel)
+   unsigned short id;
+ 
+   do {
+-    id = ares__generate_new_id(&channel->id_key);
++    id = ares__generate_new_id(channel->rand_state);
+   } while (find_query_by_id(channel, id));
+ 
+   return (unsigned short)id;
+ }
+ 
+-unsigned short ares__generate_new_id(rc4_key* key)
+-{
+-  unsigned short r=0;
+-  rc4(key, (unsigned char *)&r, sizeof(r));
+-  return r;
+-}
+-
+ void ares_query(ares_channel channel, const char *name, int dnsclass,
+                 int type, ares_callback callback, void *arg)
+ {
+diff --git a/src/lib/ares_rand.c b/src/lib/ares_rand.c
+new file mode 100644
+index 0000000..a564bc2
+--- /dev/null
++++ b/src/lib/ares_rand.c
+@@ -0,0 +1,274 @@
++/* Copyright 1998 by the Massachusetts Institute of Technology.
++ * Copyright (C) 2007-2013 by Daniel Stenberg
++ *
++ * Permission to use, copy, modify, and distribute this
++ * software and its documentation for any purpose and without
++ * fee is hereby granted, provided that the above copyright
++ * notice appear in all copies and that both that copyright
++ * notice and this permission notice appear in supporting
++ * documentation, and that the name of M.I.T. not be used in
++ * advertising or publicity pertaining to distribution of the
++ * software without specific, written prior permission.
++ * M.I.T. makes no representations about the suitability of
++ * this software for any purpose.  It is provided "as is"
++ * without express or implied warranty.
++ */
++
++#include "ares_setup.h"
++#include "ares.h"
++#include "ares_private.h"
++#include "ares_nowarn.h"
++#include <stdlib.h>
++
++typedef enum  {
++  ARES_RAND_OS   = 1,  /* OS-provided such as RtlGenRandom or arc4random */
++  ARES_RAND_FILE = 2,  /* OS file-backed random number generator */
++  ARES_RAND_RC4  = 3   /* Internal RC4 based PRNG */
++} ares_rand_backend;
++
++typedef struct ares_rand_rc4
++{
++  unsigned char S[256];
++  size_t        i;
++  size_t        j;
++} ares_rand_rc4;
++
++struct ares_rand_state
++{
++  ares_rand_backend type;
++  union {
++    FILE *rand_file;
++    ares_rand_rc4 rc4;
++  } state;
++};
++
++
++/* Define RtlGenRandom = SystemFunction036.  This is in advapi32.dll.  There is
++ * no need to dynamically load this, other software used widely does not.
++ * http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx
++ * https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-rtlgenrandom
++ */
++#ifdef _WIN32
++BOOLEAN WINAPI SystemFunction036(PVOID RandomBuffer, ULONG RandomBufferLength);
++#  ifndef RtlGenRandom
++#    define RtlGenRandom(a,b) SystemFunction036(a,b)
++#  endif
++#endif
++
++
++#define ARES_RC4_KEY_LEN 32 /* 256 bits */
++
++static unsigned int ares_u32_from_ptr(void *addr)
++{
++    if (sizeof(void *) == 8) {
++        return (unsigned int)((((size_t)addr >> 32) & 0xFFFFFFFF) | ((size_t)addr & 0xFFFFFFFF));
++    }
++    return (unsigned int)((size_t)addr & 0xFFFFFFFF);
++}
++
++
++/* initialize an rc4 key as the last possible fallback. */
++static void ares_rc4_generate_key(ares_rand_rc4 *rc4_state, unsigned char *key, size_t key_len)
++{
++  size_t         i;
++  size_t         len = 0;
++  unsigned int   data;
++  struct timeval tv;
++
++  if (key_len != ARES_RC4_KEY_LEN)
++    return;
++
++  /* Randomness is hard to come by.  Maybe the system randomizes heap and stack addresses.
++   * Maybe the current timestamp give us some randomness.
++   * Use  rc4_state (heap), &i (stack), and ares__tvnow()
++   */
++  data = ares_u32_from_ptr(rc4_state);
++  memcpy(key + len, &data, sizeof(data));
++  len += sizeof(data);
++
++  data = ares_u32_from_ptr(&i);
++  memcpy(key + len, &data, sizeof(data));
++  len += sizeof(data);
++
++  tv = ares__tvnow();
++  data = (unsigned int)((tv.tv_sec | tv.tv_usec) & 0xFFFFFFFF);
++  memcpy(key + len, &data, sizeof(data));
++  len += sizeof(data);
++
++  srand(ares_u32_from_ptr(rc4_state) | ares_u32_from_ptr(&i) | (unsigned int)((tv.tv_sec | tv.tv_usec) & 0xFFFFFFFF));
++
++  for (i=len; i<key_len; i++) {
++    key[i]=(unsigned char)(rand() % 256);  /* LCOV_EXCL_LINE */
++  }
++}
++
++
++static void ares_rc4_init(ares_rand_rc4 *rc4_state)
++{
++  unsigned char key[ARES_RC4_KEY_LEN];
++  size_t        i;
++  size_t        j;
++
++  ares_rc4_generate_key(rc4_state, key, sizeof(key));
++
++  for (i = 0; i < sizeof(rc4_state->S); i++) {
++    rc4_state->S[i] = i & 0xFF;
++  }
++
++  for(i = 0, j = 0; i < 256; i++) {
++    j = (j + rc4_state->S[i] + key[i % sizeof(key)]) % 256;
++    ARES_SWAP_BYTE(&rc4_state->S[i], &rc4_state->S[j]);
++  }
++
++  rc4_state->i = 0;
++  rc4_state->j = 0;
++}
++
++/* Just outputs the key schedule, no need to XOR with any data since we have none */
++static void ares_rc4_prng(ares_rand_rc4 *rc4_state, unsigned char *buf, int len)
++{
++  unsigned char *S = rc4_state->S;
++  size_t         i = rc4_state->i;
++  size_t         j = rc4_state->j;
++  size_t         cnt;
++
++  for (cnt=0; cnt<len; cnt++) {
++    i = (i + 1) % 256;
++    j = (j + S[i]) % 256;
++
++    ARES_SWAP_BYTE(&S[i], &S[j]);
++    buf[cnt] = S[(S[i] + S[j]) % 256];
++  }
++
++  rc4_state->i = i;
++  rc4_state->j = j;
++}
++
++
++static int ares__init_rand_engine(ares_rand_state *state)
++{
++  memset(state, 0, sizeof(*state));
++
++#if defined(HAVE_ARC4RANDOM_BUF) || defined(_WIN32)
++  state->type = ARES_RAND_OS;
++  return 1;
++#elif defined(CARES_RANDOM_FILE)
++  state->type            = ARES_RAND_FILE;
++  state->state.rand_file = fopen(CARES_RANDOM_FILE, "rb");
++  if (state->state.rand_file) {
++    setvbuf(state->state.rand_file, NULL, _IONBF, 0);
++    return 1;
++  }
++  /* Fall-Thru on failure to RC4 */
++#endif
++
++  state->type = ARES_RAND_RC4;
++  ares_rc4_init(&state->state.rc4);
++
++  /* Currently cannot fail */
++  return 1;
++}
++
++
++ares_rand_state *ares__init_rand_state()
++{
++  ares_rand_state *state = NULL;
++
++  state = ares_malloc(sizeof(*state));
++  if (!state)
++    return NULL;
++
++  if (!ares__init_rand_engine(state)) {
++    ares_free(state);
++    return NULL;
++  }
++
++  return state;
++}
++
++
++static void ares__clear_rand_state(ares_rand_state *state)
++{
++  if (!state)
++    return;
++
++  switch (state->type) {
++    case ARES_RAND_OS:
++      break;
++    case ARES_RAND_FILE:
++      fclose(state->state.rand_file);
++      break;
++    case ARES_RAND_RC4:
++      break;
++  }
++}
++
++
++static void ares__reinit_rand(ares_rand_state *state)
++{
++  ares__clear_rand_state(state);
++  ares__init_rand_engine(state);
++}
++
++
++void ares__destroy_rand_state(ares_rand_state *state)
++{
++  if (!state)
++    return;
++
++  ares__clear_rand_state(state);
++  ares_free(state);
++}
++
++
++static void ares__rand_bytes(ares_rand_state *state, unsigned char *buf, size_t len)
++{
++
++  while (1) {
++    size_t rv;
++    size_t bytes_read = 0;
++
++    switch (state->type) {
++      case ARES_RAND_OS:
++#ifdef _WIN32
++        RtlGenRandom(buf, len);
++        return;
++#elif defined(HAVE_ARC4RANDOM_BUF)
++        arc4random_buf(buf, len);
++        return;
++#else
++        /* Shouldn't be possible to be here */
++        break;
++#endif
++
++      case ARES_RAND_FILE:
++        while (1) {
++          size_t rv = fread(buf + bytes_read, 1, len - bytes_read, state->state.rand_file);
++          if (rv == 0)
++            break; /* critical error, will reinit rand state */
++
++          bytes_read += rv;
++          if (bytes_read == len)
++            return;
++        }
++        break;
++
++      case ARES_RAND_RC4:
++        ares_rc4_prng(&state->state.rc4, buf, len);
++        return;
++    }
++
++    /* If we didn't return before we got here, that means we had a critical rand
++     * failure and need to reinitialized */
++    ares__reinit_rand(state);
++  }
++}
++
++unsigned short ares__generate_new_id(ares_rand_state *state)
++{
++  unsigned short r=0;
++
++  ares__rand_bytes(state, (unsigned char *)&r, sizeof(r));
++  return r;
++}
++
+-- 
+2.30.2
+
diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-32067.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-32067.patch
new file mode 100644
index 0000000000..f6bcaee534
--- /dev/null
+++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-32067.patch
@@ -0,0 +1,85 @@
+From b9b8413cfdb70a3f99e1573333b23052d57ec1ae Mon Sep 17 00:00:00 2001
+From: Brad House <brad@brad-house.com>
+Date: Mon, 22 May 2023 06:51:49 -0400
+Subject: [PATCH] Merge pull request from GHSA-9g78-jv2r-p7vc
+
+Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/b9b8413cfdb70a3f99e1573333b23052d57ec1ae.patch]
+CVE: CVE-2023-32067
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/lib/ares_process.c | 41 +++++++++++++++++++++++++----------------
+ 1 file changed, 25 insertions(+), 16 deletions(-)
+
+diff --git a/src/lib/ares_process.c b/src/lib/ares_process.c
+index 87329e3..605e5f8 100644
+--- a/src/lib/ares_process.c
++++ b/src/lib/ares_process.c
+@@ -457,7 +457,7 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
+ {
+   struct server_state *server;
+   int i;
+-  ares_ssize_t count;
++  ares_ssize_t read_len;
+   unsigned char buf[MAXENDSSZ + 1];
+ #ifdef HAVE_RECVFROM
+   ares_socklen_t fromlen;
+@@ -500,32 +500,41 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
+       /* To reduce event loop overhead, read and process as many
+        * packets as we can. */
+       do {
+-        if (server->udp_socket == ARES_SOCKET_BAD)
+-          count = 0;
+-
+-        else {
+-          if (server->addr.family == AF_INET)
++        if (server->udp_socket == ARES_SOCKET_BAD) {
++          read_len = -1;
++        } else {
++          if (server->addr.family == AF_INET) {
+             fromlen = sizeof(from.sa4);
+-          else
++          } else {
+             fromlen = sizeof(from.sa6);
+-          count = socket_recvfrom(channel, server->udp_socket, (void *)buf,
+-                                  sizeof(buf), 0, &from.sa, &fromlen);
++          }
++          read_len = socket_recvfrom(channel, server->udp_socket, (void *)buf,
++                                     sizeof(buf), 0, &from.sa, &fromlen);
+         }
+ 
+-        if (count == -1 && try_again(SOCKERRNO))
++        if (read_len == 0) {
++          /* UDP is connectionless, so result code of 0 is a 0-length UDP
++           * packet, and not an indication the connection is closed like on
++           * tcp */
+           continue;
+-        else if (count <= 0)
++        } else if (read_len < 0) {
++          if (try_again(SOCKERRNO))
++            continue;
++
+           handle_error(channel, i, now);
++
+ #ifdef HAVE_RECVFROM
+-        else if (!same_address(&from.sa, &server->addr))
++        } else if (!same_address(&from.sa, &server->addr)) {
+           /* The address the response comes from does not match the address we
+            * sent the request to. Someone may be attempting to perform a cache
+            * poisoning attack. */
+-          break;
++          continue;
+ #endif
+-        else
+-          process_answer(channel, buf, (int)count, i, 0, now);
+-       } while (count > 0);
++
++        } else {
++          process_answer(channel, buf, (int)read_len, i, 0, now);
++        }
++      } while (read_len >= 0);
+     }
+ }
+ 
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch
new file mode 100644
index 0000000000..4c97eda3c7
--- /dev/null
+++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch
@@ -0,0 +1,34 @@
+From: a804c04ddc8245fc8adf0e92368709639125e183 Mon Sep 17 00:00:00 2001
+From: Brad House <brad@brad-house.com>
+Date: Mon, 11 Mar 2024 14:29:39 +0000
+Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q
+
+CVE: CVE-2024-25629
+Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/lib/ares__read_line.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/lib/ares__read_line.c b/src/lib/ares__read_line.c
+index c62ad2a..d6625a3 100644
+--- a/src/lib/ares__read_line.c
++++ b/src/lib/ares__read_line.c
+@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize)
+       if (!fgets(*buf + offset, bytestoread, fp))
+         return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
+       len = offset + strlen(*buf + offset);
++
++      /* Probably means there was an embedded NULL as the first character in
++       * the line, throw away line */
++      if (len == 0) {
++        offset = 0;
++        continue;
++      }
++
+       if ((*buf)[len - 1] == '\n')
+         {
+           (*buf)[len - 1] = 0;
+--
+2.40.0
diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
index 2cd00cb578..838046146f 100644
--- a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
+++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
@@ -5,7 +5,13 @@ SECTION = "libs"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006"
 
-SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https"
+SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https \
+           file://CVE-2022-4904.patch \
+           file://CVE-2023-31130.patch \
+           file://CVE-2023-32067.patch \
+           file://CVE-2023-31147.patch \
+           file://CVE-2024-25629.patch \
+          "
 SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed"
 
 UPSTREAM_CHECK_GITTAGREGEX = "cares-(?P<pver>\d+_(\d_?)+)"
@@ -19,3 +25,7 @@ PACKAGES =+ "${PN}-utils"
 FILES:${PN}-utils = "${bindir}"
 
 BBCLASSEXTEND = "native nativesdk"
+
+# this vulneribility applies only when cross-compiling using autotools
+# yocto cross-compiles via cmake which is also listed as official workaround
+CVE_CHECK_IGNORE += "CVE-2023-31124"
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index 31afe78e45..b210fa6340 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
 
 DEPENDS = "zlib expat"
 
-SRC_URI = "https://exiv2.org/releases/${BPN}-${PV}-Source.tar.gz"
+SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source.tar.gz"
 SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"
 
 # Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch
new file mode 100644
index 0000000000..a60b2854c8
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch
@@ -0,0 +1,53 @@
+https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0
+CVE: CVE-2022-39316
+Upstream-Status: Backport
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+
+From e865c24efc40ebc52e75979c94cdd4ee2c1495b0 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Thu, 13 Oct 2022 09:09:28 +0200
+Subject: [PATCH] Added missing length checks in zgfx_decompress_segment
+
+(cherry picked from commit 64716b335858109d14f27b51acc4c4d71a92a816)
+---
+ libfreerdp/codec/zgfx.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/libfreerdp/codec/zgfx.c b/libfreerdp/codec/zgfx.c
+index 20fbd354571..e260aa6e28a 100644
+--- a/libfreerdp/codec/zgfx.c
++++ b/libfreerdp/codec/zgfx.c
+@@ -230,19 +230,19 @@ static BOOL zgfx_decompress_segment(ZGFX_CONTEXT* zgfx, wStream* stream, size_t
+ 	BYTE* pbSegment;
+ 	size_t cbSegment;
+ 
+-	if (!zgfx || !stream)
++	if (!zgfx || !stream || (segmentSize < 2))
+ 		return FALSE;
+ 
+ 	cbSegment = segmentSize - 1;
+ 
+-	if ((Stream_GetRemainingLength(stream) < segmentSize) || (segmentSize < 1) ||
+-	    (segmentSize > UINT32_MAX))
++	if ((Stream_GetRemainingLength(stream) < segmentSize) || (segmentSize > UINT32_MAX))
+ 		return FALSE;
+ 
+ 	Stream_Read_UINT8(stream, flags); /* header (1 byte) */
+ 	zgfx->OutputCount = 0;
+ 	pbSegment = Stream_Pointer(stream);
+-	Stream_Seek(stream, cbSegment);
++	if (!Stream_SafeSeek(stream, cbSegment))
++		return FALSE;
+ 
+ 	if (!(flags & PACKET_COMPRESSED))
+ 	{
+@@ -346,6 +346,9 @@ static BOOL zgfx_decompress_segment(ZGFX_CONTEXT* zgfx, wStream* stream, size_t
+ 						if (count > sizeof(zgfx->OutputBuffer) - zgfx->OutputCount)
+ 							return FALSE;
+ 
++						if (count > zgfx->cBitsRemaining / 8)
++							return FALSE;
++
+ 						CopyMemory(&(zgfx->OutputBuffer[zgfx->OutputCount]), zgfx->pbInputCurrent,
+ 						           count);
+ 						zgfx_history_buffer_ring_write(zgfx, zgfx->pbInputCurrent, count);
diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch
new file mode 100644
index 0000000000..76a9e00dd3
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch
@@ -0,0 +1,41 @@
+https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea
+CVE: CVE-2022-39318 CVE-2022-39319
+Upstream-Status: Backport
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+
+From 80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Thu, 13 Oct 2022 08:27:41 +0200
+Subject: [PATCH] Fixed division by zero in urbdrc
+
+(cherry picked from commit 731f8419d04b481d7160de1f34062d630ed48765)
+---
+ channels/urbdrc/client/libusb/libusb_udevice.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/channels/urbdrc/client/libusb/libusb_udevice.c b/channels/urbdrc/client/libusb/libusb_udevice.c
+index 505c31d7b55..ef87f195f38 100644
+--- a/channels/urbdrc/client/libusb/libusb_udevice.c
++++ b/channels/urbdrc/client/libusb/libusb_udevice.c
+@@ -1221,12 +1221,18 @@ static int libusb_udev_isoch_transfer(IUDEVICE* idev, URBDRC_CHANNEL_CALLBACK* c
+ 	if (!Buffer)
+ 		Stream_Seek(user_data->data, (NumberOfPackets * 12));
+ 
+-	iso_packet_size = BufferSize / NumberOfPackets;
+-	iso_transfer = libusb_alloc_transfer(NumberOfPackets);
++	if (NumberOfPackets > 0)
++	{
++		iso_packet_size = BufferSize / NumberOfPackets;
++		iso_transfer = libusb_alloc_transfer((int)NumberOfPackets);
++	}
+ 
+ 	if (iso_transfer == NULL)
+ 	{
+-		WLog_Print(urbdrc->log, WLOG_ERROR, "Error: libusb_alloc_transfer.");
++		WLog_Print(urbdrc->log, WLOG_ERROR,
++		           "Error: libusb_alloc_transfer [NumberOfPackets=%" PRIu32 ", BufferSize=%" PRIu32
++		           " ]",
++		           NumberOfPackets, BufferSize);
+ 		async_transfer_user_data_free(user_data);
+ 		return -1;
+ 	}
diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
index ece2f56960..9da8b27c0d 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
@@ -16,6 +16,8 @@ PKGV = "${GITPKGVTAG}"
 SRCREV = "658a72980f6e93241d927c46cfa664bf2547b8b1"
 SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https \
     file://winpr-makecert-Build-with-install-RPATH.patch \
+    file://CVE-2022-39316.patch \
+    file://CVE-2022-39318-39319.patch \
 "
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/glog/glog_0.5.0.bb b/meta-oe/recipes-support/glog/glog_0.5.0.bb
index 61581d96d7..f0b1293965 100644
--- a/meta-oe/recipes-support/glog/glog_0.5.0.bb
+++ b/meta-oe/recipes-support/glog/glog_0.5.0.bb
@@ -7,7 +7,7 @@ LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=dc9db360e0bbd4e46672f3fd91dd6c4b"
 
 SRC_URI = " \
-    git://github.com/google/glog.git;nobranch=1;protocol=https \
+    git://github.com/google/glog.git;branch=master;protocol=https \
     file://libexecinfo.patch \
 "
 
diff --git a/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb b/meta-oe/recipes-support/gnulib/gnulib_2018-12-18.bb
index a27968079e..a27968079e 100644
--- a/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb
+++ b/meta-oe/recipes-support/gnulib/gnulib_2018-12-18.bb
diff --git a/meta-oe/recipes-support/hdf5/files/CVE-2021-37501.patch b/meta-oe/recipes-support/hdf5/files/CVE-2021-37501.patch
new file mode 100644
index 0000000000..01099f3438
--- /dev/null
+++ b/meta-oe/recipes-support/hdf5/files/CVE-2021-37501.patch
@@ -0,0 +1,37 @@
+From 602015eacc53bf2699bf4c4e5420b63c3f067547 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Mon, 11 Sep 2023 14:01:37 +0800
+Subject: [PATCH] Check for overflow when calculating on-disk attribute data
+ size
+
+Bogus sizes in this test case causes the on-disk data size
+calculation in H5O_attr_decode() to overflow so that the
+calculated size becomes 0. This causes the read to overflow
+and h5dump to segfault.
+
+CVE: CVE-2021-37501
+
+Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/b16ec83d4bd79f9ffaad85de16056419f3532887]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ src/H5Oattr.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/H5Oattr.c b/src/H5Oattr.c
+index c2c0fe3..c289344 100644
+--- a/src/H5Oattr.c
++++ b/src/H5Oattr.c
+@@ -217,6 +217,9 @@ H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED
+ 
+     /* Compute the size of the data */
+     H5_CHECKED_ASSIGN(attr->shared->data_size, size_t, H5S_GET_EXTENT_NPOINTS(attr->shared->ds) * H5T_get_size(attr->shared->dt), hsize_t);
++    /* Check if multiplication has overflown */
++    if ((attr->shared->data_size / H5T_get_size(attr->shared->dt)) != H5S_GET_EXTENT_NPOINTS(attr->shared->ds))
++        HGOTO_ERROR(H5E_RESOURCE, H5E_OVERFLOW, NULL, "data size exceeds addressable range");
+ 
+     /* Go get the data */
+     if(attr->shared->data_size) {
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-support/hdf5/hdf5_1.8.21.bb b/meta-oe/recipes-support/hdf5/hdf5_1.8.21.bb
index 7b886a4635..4110e9cea4 100644
--- a/meta-oe/recipes-support/hdf5/hdf5_1.8.21.bb
+++ b/meta-oe/recipes-support/hdf5/hdf5_1.8.21.bb
@@ -17,6 +17,7 @@ SRC_URI = " \
     file://0001-cross-compiling-support.patch \
     file://0002-Remove-suffix-shared-from-shared-library-name.patch \
     file://0001-cmake-remove-build-flags.patch \
+    file://CVE-2021-37501.patch \
 "
 SRC_URI[md5sum] = "2d2408f2a9dfb5c7b79998002e9a90e9"
 SRC_URI[sha256sum] = "e5b1b1dee44a64b795a91c3321ab7196d9e0871fe50d42969761794e3899f40d"
diff --git a/meta-oe/recipes-support/libbytesize/libbytesize_2.6.bb b/meta-oe/recipes-support/libbytesize/libbytesize_2.6.bb
index 154973254d..abafaaf7a7 100644
--- a/meta-oe/recipes-support/libbytesize/libbytesize_2.6.bb
+++ b/meta-oe/recipes-support/libbytesize/libbytesize_2.6.bb
@@ -10,7 +10,7 @@ S = "${WORKDIR}/git"
 B = "${S}"
 
 SRCREV = "c9864f4dd03736839f40d225da494cb1eb64e654"
-SRC_URI = "git://github.com/rhinstaller/libbytesize;branch=master;protocol=https"
+SRC_URI = "git://github.com/rhinstaller/libbytesize;branch=main;protocol=https"
 
 inherit gettext autotools pkgconfig python3native
 
diff --git a/meta-oe/recipes-support/libiio/libiio_git.bb b/meta-oe/recipes-support/libiio/libiio_git.bb
index bb253f421a..612dd897be 100644
--- a/meta-oe/recipes-support/libiio/libiio_git.bb
+++ b/meta-oe/recipes-support/libiio/libiio_git.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING.txt;md5=7c13b3376cea0ce68d2d2da0a1b3a72c"
 SRCREV = "92d6a35f3d8d721cda7d6fe664b435311dd368b4"
 PV = "0.23"
 
-SRC_URI = "git://github.com/analogdevicesinc/libiio.git;protocol=https;branch=master \
+SRC_URI = "git://github.com/analogdevicesinc/libiio.git;protocol=https;branch=main \
            file://0001-CMake-Move-include-CheckCSourceCompiles-before-its-m.patch \
 "
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
diff --git a/meta-oe/recipes-support/libmxml/libmxml_3.3.bb b/meta-oe/recipes-support/libmxml/libmxml_3.3.bb
index c8e2167795..5169337f58 100644
--- a/meta-oe/recipes-support/libmxml/libmxml_3.3.bb
+++ b/meta-oe/recipes-support/libmxml/libmxml_3.3.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
 HOMEPAGE = "https://www.msweet.org/mxml/"
 BUGTRACKER = "https://github.com/michaelrsweet/mxml/issues"
 
-SRC_URI = "git://github.com/michaelrsweet/mxml.git;nobranch=1;protocol=https"
+SRC_URI = "git://github.com/michaelrsweet/mxml.git;branch=master;protocol=https"
 SRCREV = "0237559fdbcecae34157b547aa2b99e12de305a2"
 S = "${WORKDIR}/git"
 
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch
new file mode 100644
index 0000000000..63b78688dd
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch
@@ -0,0 +1,44 @@
+From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 3 Jun 2020 10:04:09 +0200
+Subject: CVE-2020-16135: Add missing NULL check for ssh_buffer_new()
+
+Add a missing NULL check for the pointer returned by ssh_buffer_new() in
+sftpserver.c.
+
+Thanks to Ramin Farajpour Cami for spotting this.
+
+Fixes T232
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53)
+
+Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/patch/?id=0a9268a60f2d3748ca69bde5651f20e72761058c]
+CVE: CVE-2020-16135
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/sftpserver.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/sftpserver.c b/src/sftpserver.c
+index 1717aa417..1af8a0e76 100644
+--- a/src/sftpserver.c
++++ b/src/sftpserver.c
+@@ -64,6 +64,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
+ 
+   /* take a copy of the whole packet */
+   msg->complete_message = ssh_buffer_new();
++  if (msg->complete_message == NULL) {
++      ssh_set_error_oom(session);
++      sftp_client_message_free(msg);
++      return NULL;
++  }
++
+   ssh_buffer_add_data(msg->complete_message,
+                       ssh_buffer_get(payload),
+                       ssh_buffer_get_len(payload));
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-1.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-1.patch
new file mode 100644
index 0000000000..413e5b3d11
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-1.patch
@@ -0,0 +1,385 @@
+From 4cef5e965a46e9271aed62631b152e4bd23c1e3c Mon Sep 17 00:00:00 2001
+From: Aris Adamantiadis <aris@0xbadc0de.be>
+Date: Tue, 12 Dec 2023 23:09:57 +0100
+Subject: [PATCH] CVE-2023-48795: client side mitigation
+
+Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Upstream-Status: Backport [https://gitlab.com/libssh/libssh-mirror/-/commit/4cef5e965a46e9271aed62631b152e4bd23c1e3c]
+CVE: CVE-2023-48795
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ include/libssh/packet.h  |  1 +
+ include/libssh/session.h |  6 +++++
+ src/curve25519.c         | 18 +++----------
+ src/dh.c                 |  6 +----
+ src/ecdh.c               |  7 +----
+ src/ecdh_crypto.c        | 10 ++-----
+ src/ecdh_gcrypt.c        | 10 +++----
+ src/ecdh_mbedcrypto.c    | 11 +++-----
+ src/kex.c                | 34 ++++++++++++++++++++----
+ src/packet.c             | 56 +++++++++++++++++++++++++++++++++++++++-
+ src/packet_cb.c          | 12 +++++++++
+ 11 files changed, 118 insertions(+), 53 deletions(-)
+
+diff --git a/include/libssh/packet.h b/include/libssh/packet.h
+index fbe09700..8800e16b 100644
+--- a/include/libssh/packet.h
++++ b/include/libssh/packet.h
+@@ -63,6 +63,7 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info);
+ SSH_PACKET_CALLBACK(ssh_packet_kexdh_init);
+ #endif
+ 
++int ssh_packet_send_newkeys(ssh_session session);
+ int ssh_packet_send_unimplemented(ssh_session session, uint32_t seqnum);
+ int ssh_packet_parse_type(ssh_session session);
+ //int packet_flush(ssh_session session, int enforce_blocking);
+diff --git a/include/libssh/session.h b/include/libssh/session.h
+index 23633cc2..b8810f54 100644
+--- a/include/libssh/session.h
++++ b/include/libssh/session.h
+@@ -69,6 +69,12 @@ enum ssh_pending_call_e {
+ /* Client successfully authenticated */
+ #define SSH_SESSION_FLAG_AUTHENTICATED 2
+ 
++/* The current SSH2 session implements the "strict KEX" feature and should behave
++ * differently on SSH2_MSG_NEWKEYS. */
++#define SSH_SESSION_FLAG_KEX_STRICT 0x0010
++/* Unexpected packets have been sent while the session was still unencrypted */
++#define SSH_SESSION_FLAG_KEX_TAINTED 0x0020
++
+ /* codes to use with ssh_handle_packets*() */
+ /* Infinite timeout */
+ #define SSH_TIMEOUT_INFINITE -1
+diff --git a/src/curve25519.c b/src/curve25519.c
+index 167209f4..6eda5feb 100644
+--- a/src/curve25519.c
++++ b/src/curve25519.c
+@@ -166,12 +166,7 @@ int ssh_client_curve25519_reply(ssh_session session, ssh_buffer packet){
+   }
+ 
+   /* Send the MSG_NEWKEYS */
+-  if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
+-    goto error;
+-  }
+-
+-  rc=ssh_packet_send(session);
+-  SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
++  rc = ssh_packet_send_newkeys(session);
+   return rc;
+ error:
+   return SSH_ERROR;
+@@ -297,15 +292,10 @@ int ssh_server_curve25519_init(ssh_session session, ssh_buffer packet){
+         return SSH_ERROR;
+     }
+ 
+-    /* Send the MSG_NEWKEYS */
+-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
+-    if (rc < 0) {
+-        goto error;
+-    }
+-
+     session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+-    rc = ssh_packet_send(session);
+-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
++
++    /* Send the MSG_NEWKEYS */
++    rc = ssh_packet_send_newkeys(session);
+ 
+     return rc;
+ error:
+diff --git a/src/dh.c b/src/dh.c
+index cc12fd46..33883f2d 100644
+--- a/src/dh.c
++++ b/src/dh.c
+@@ -735,11 +735,7 @@ int ssh_client_dh_reply(ssh_session session, ssh_buffer packet){
+   }
+ 
+   /* Send the MSG_NEWKEYS */
+-  if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
+-    goto error;
+-  }
+-
+-  rc=ssh_packet_send(session);
++  rc = ssh_packet_send_newkeys(session);
+   SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
+   return rc;
+ error:
+diff --git a/src/ecdh.c b/src/ecdh.c
+index f7fcaf13..1fef7ec9 100644
+--- a/src/ecdh.c
++++ b/src/ecdh.c
+@@ -72,12 +72,7 @@ int ssh_client_ecdh_reply(ssh_session session, ssh_buffer packet){
+   }
+ 
+   /* Send the MSG_NEWKEYS */
+-  if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
+-    goto error;
+-  }
+-
+-  rc=ssh_packet_send(session);
+-  SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
++  rc = ssh_packet_send_newkeys(session);
+   return rc;
+ error:
+   return SSH_ERROR;
+diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c
+index 24f21c03..7e5f0cc7 100644
+--- a/src/ecdh_crypto.c
++++ b/src/ecdh_crypto.c
+@@ -318,15 +318,9 @@ int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet){
+         return SSH_ERROR;
+     }
+ 
+-    /* Send the MSG_NEWKEYS */
+-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
+-    if (rc < 0) {
+-        return SSH_ERROR;;
+-    }
+-
+     session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+-    rc = ssh_packet_send(session);
+-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
++    /* Send the MSG_NEWKEYS */
++    rc = ssh_packet_send_newkeys(session);
+ 
+     return rc;
+ }
+diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c
+index e43cacea..c1db7f5d 100644
+--- a/src/ecdh_gcrypt.c
++++ b/src/ecdh_gcrypt.c
+@@ -362,17 +362,13 @@ int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet) {
+         goto out;
+     }
+ 
+-
++    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+     /* Send the MSG_NEWKEYS */
+-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
+-    if (rc != SSH_OK) {
++    rc = ssh_packet_send_newkeys(session);
++    if (rc == SSH_ERROR) {
+         goto out;
+     }
+ 
+-    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+-    rc = ssh_packet_send(session);
+-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
+-
+  out:
+     gcry_sexp_release(param);
+     gcry_sexp_release(key);
+diff --git a/src/ecdh_mbedcrypto.c b/src/ecdh_mbedcrypto.c
+index fa350028..24924508 100644
+--- a/src/ecdh_mbedcrypto.c
++++ b/src/ecdh_mbedcrypto.c
+@@ -293,16 +293,13 @@ int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet)
+         goto out;
+     }
+ 
+-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
+-    if (rc < 0) {
+-        rc = SSH_ERROR;
++        session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
++	/* Send the MSG_NEWKEYS */
++	rc = ssh_packet_send_newkeys(session);
++	if (rc == SSH_ERROR) {
+         goto out;
+     }
+ 
+-    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+-    rc = ssh_packet_send(session);
+-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
+-
+ out:
+     mbedtls_ecp_group_free(&grp);
+     return rc;
+diff --git a/src/kex.c b/src/kex.c
+index 82686e4b..7f1bb324 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -105,6 +105,9 @@
+ 
+ /* RFC 8308 */
+ #define KEX_EXTENSION_CLIENT "ext-info-c"
++/* Strict kex mitigation against CVE-2023-48795 */
++#define KEX_STRICT_CLIENT "kex-strict-c-v00@openssh.com"
++#define KEX_STRICT_SERVER "kex-strict-s-v00@openssh.com"
+ 
+ /* NOTE: This is a fixed API and the index is defined by ssh_kex_types_e */
+ static const char *default_methods[] = {
+@@ -521,6 +524,27 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
+             goto error;
+         }
+ 
++	/*
++	 * handle the "strict KEX" feature. If supported by peer, then set up the
++	 * flag and verify packet sequence numbers.
++	 */
++	if (server_kex) {
++	    ok = ssh_match_group(session->next_crypto->client_kex.methods[SSH_KEX],
++			         KEX_STRICT_CLIENT);
++	    if (ok) {
++		SSH_LOG(SSH_LOG_DEBUG, "Client supports strict kex, enabling.");
++		session->flags |= SSH_SESSION_FLAG_KEX_STRICT;
++	    }
++	} else {
++	    /* client kex */
++	    ok = ssh_match_group(session->next_crypto->server_kex.methods[SSH_KEX],
++			         KEX_STRICT_SERVER);
++	    if (ok) {
++		SSH_LOG(SSH_LOG_DEBUG, "Server supports strict kex, enabling.");
++		session->flags |= SSH_SESSION_FLAG_KEX_STRICT;
++	    }
++	}
++
+         /*
+          * If client sent a ext-info-c message in the kex list, it supports
+          * RFC 8308 extension negotiation.
+@@ -778,21 +802,21 @@ int ssh_set_client_kex(ssh_session session)
+         return SSH_OK;
+     }
+ 
+-    /* Here we append  ext-info-c  to the list of kex algorithms */
++    /* Here we append ext-info-c and kex-strict-c-v00@openssh.com to the list of kex algorithms */
+     kex = client->methods[SSH_KEX];
+     len = strlen(kex);
+-    if (len + strlen(KEX_EXTENSION_CLIENT) + 2 < len) {
++    /* Comma, comma, nul byte */
++    kex_len = len + 1 + strlen(KEX_EXTENSION_CLIENT) + 1 + strlen(KEX_STRICT_CLIENT ) + 1;
++    if (kex_len >= MAX_PACKET_LEN) {
+         /* Overflow */
+         return SSH_ERROR;
+     }
+-    kex_len = len + strlen(KEX_EXTENSION_CLIENT) + 2; /* comma, NULL */
+     kex_tmp = realloc(kex, kex_len);
+     if (kex_tmp == NULL) {
+-        free(kex);
+         ssh_set_error_oom(session);
+         return SSH_ERROR;
+     }
+-    snprintf(kex_tmp + len, kex_len - len, ",%s", KEX_EXTENSION_CLIENT);
++    snprintf(kex_tmp + len, kex_len - len, ",%s,%s", KEX_EXTENSION_CLIENT, KEX_STRICT_CLIENT);
+     client->methods[SSH_KEX] = kex_tmp;
+ 
+     return SSH_OK;
+diff --git a/src/packet.c b/src/packet.c
+index 61a44237..8025a7ff 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -1126,6 +1126,19 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
+             }
+ #endif /* WITH_ZLIB */
+             payloadsize = ssh_buffer_get_len(session->in_buffer);
++	    if (session->recv_seq == UINT32_MAX) {
++		/* Overflowing sequence numbers is always fishy */
++		if (session->current_crypto == NULL) {
++		    /* don't allow sequence number overflow when unencrypted */
++		    ssh_set_error(session,
++				  SSH_FATAL,
++				  "Incoming sequence number overflow");
++		    goto error;
++		} else {
++		    SSH_LOG(SSH_LOG_WARNING,
++			    "Incoming sequence number overflow");
++		}
++	    }
+             session->recv_seq++;
+             if (session->raw_counter != NULL) {
+                 session->raw_counter->in_bytes += payloadsize;
+@@ -1141,7 +1154,19 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
+             SSH_LOG(SSH_LOG_PACKET,
+                     "packet: read type %hhd [len=%d,padding=%hhd,comp=%d,payload=%d]",
+                     session->in_packet.type, packet_len, padding, compsize, payloadsize);
+-
++	    if (session->current_crypto == NULL) {
++		/* In strict kex, only a few packets are allowed. Taint the session
++		 * if we received packets that are normally allowed but to be
++		 * refused if we are in strict kex when KEX is over.
++		 */
++		uint8_t type = session->in_packet.type;
++
++		if (type != SSH2_MSG_KEXINIT && type != SSH2_MSG_NEWKEYS &&
++		    (type < SSH2_MSG_KEXDH_INIT ||
++		     type > SSH2_MSG_KEX_DH_GEX_REQUEST)) {
++		    session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
++		}
++	    }
+             /* Check if the packet is expected */
+             filter_result = ssh_packet_incoming_filter(session);
+ 
+@@ -1153,6 +1178,9 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
+             case SSH_PACKET_DENIED:
+                 goto error;
+             case SSH_PACKET_UNKNOWN:
++		if (session->current_crypto == NULL) {
++		    session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
++		}
+                 ssh_packet_send_unimplemented(session, session->recv_seq - 1);
+                 break;
+             }
+@@ -1276,9 +1304,35 @@ void ssh_packet_process(ssh_session session, uint8_t type){
+ 	if(r==SSH_PACKET_NOT_USED){
+ 		SSH_LOG(SSH_LOG_RARE,"Couldn't do anything with packet type %d",type);
+ 		ssh_packet_send_unimplemented(session, session->recv_seq-1);
++		if (session->current_crypto == NULL) {
++		    session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
++		}
+ 	}
+ }
+ 
++/** @internal
++ * @brief sends a SSH_MSG_NEWKEYS when enabling the new negotiated ciphers
++ * @param session the SSH session
++ * @return SSH_ERROR on error, else SSH_OK
++ */
++int ssh_packet_send_newkeys(ssh_session session)
++{
++    int rc;
++
++    /* Send the MSG_NEWKEYS */
++    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
++    if (rc < 0) {
++	return rc;
++    }
++
++    rc = ssh_packet_send(session);
++    if (rc == SSH_ERROR) {
++	return rc;
++    }
++    SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent");
++    return rc;
++}
++
+ /** @internal
+  * @brief sends a SSH_MSG_UNIMPLEMENTED answer to an unhandled packet
+  * @param session the SSH session
+diff --git a/src/packet_cb.c b/src/packet_cb.c
+index 6aa64766..de03fb07 100644
+--- a/src/packet_cb.c
++++ b/src/packet_cb.c
+@@ -154,6 +154,18 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
+       goto error;
+   }
+ 
++  if (session->flags & SSH_SESSION_FLAG_KEX_STRICT) {
++      /* reset packet sequence number when running in strict kex mode */
++      session->recv_seq = 0;
++      /* Check that we aren't tainted */
++      if (session->flags & SSH_SESSION_FLAG_KEX_TAINTED) {
++	  ssh_set_error(session,
++			SSH_FATAL,
++			"Received unexpected packets in strict KEX mode.");
++	  goto error;
++      }
++}
++
+   if(session->server){
+     /* server things are done in server.c */
+     session->dh_handshake_state=DH_STATE_FINISHED;
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-2.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-2.patch
new file mode 100644
index 0000000000..fe3300503f
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-2.patch
@@ -0,0 +1,126 @@
+From 0870c8db28be9eb457ee3d4f9a168959d9507efd Mon Sep 17 00:00:00 2001
+From: Aris Adamantiadis <aris@0xbadc0de.be>
+Date: Tue, 12 Dec 2023 23:30:26 +0100
+Subject: [PATCH] CVE-2023-48795: Server side mitigations
+
+Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Upstream-Status: Backport [https://gitlab.com/libssh/libssh-mirror/-/commit/0870c8db28be9eb457ee3d4f9a168959d9507efd]
+CVE: CVE-2023-48795
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ include/libssh/kex.h |  1 +
+ src/kex.c            | 46 ++++++++++++++++++++++++++++++++++----------
+ src/server.c         |  8 +++++++-
+ 3 files changed, 44 insertions(+), 11 deletions(-)
+
+diff --git a/include/libssh/kex.h b/include/libssh/kex.h
+index a626d105..2b1a74d5 100644
+--- a/include/libssh/kex.h
++++ b/include/libssh/kex.h
+@@ -36,6 +36,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit);
+ int ssh_send_kex(ssh_session session, int server_kex);
+ void ssh_list_kex(struct ssh_kex_struct *kex);
+ int ssh_set_client_kex(ssh_session session);
++int ssh_kex_append_extensions(ssh_session session, struct ssh_kex_struct *pkex);
+ int ssh_kex_select_methods(ssh_session session);
+ int ssh_verify_existing_algo(enum ssh_kex_types_e algo, const char *name);
+ char *ssh_keep_known_algos(enum ssh_kex_types_e algo, const char *list);
+diff --git a/src/kex.c b/src/kex.c
+index 2ed90235..b03e6484 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -766,11 +766,8 @@ int ssh_set_client_kex(ssh_session session)
+ {
+     struct ssh_kex_struct *client= &session->next_crypto->client_kex;
+     const char *wanted;
+-    char *kex = NULL;
+-    char *kex_tmp = NULL;
+     int ok;
+     int i;
+-    size_t kex_len, len;
+ 
+     ok = ssh_get_random(client->cookie, 16, 0);
+     if (!ok) {
+@@ -802,11 +799,33 @@ int ssh_set_client_kex(ssh_session session)
+         return SSH_OK;
+     }
+ 
+-    /* Here we append ext-info-c and kex-strict-c-v00@openssh.com to the list of kex algorithms */
+-    kex = client->methods[SSH_KEX];
++    ok = ssh_kex_append_extensions(session, client);
++    if (ok != SSH_OK){
++	return ok;
++    }
++
++    return SSH_OK;
++}
++
++int ssh_kex_append_extensions(ssh_session session, struct ssh_kex_struct *pkex)
++{
++    char *kex = NULL;
++    char *kex_tmp = NULL;
++    size_t kex_len, len;
++
++    /* Here we append ext-info-c and kex-strict-c-v00@openssh.com for client
++     * and kex-strict-s-v00@openssh.com for server to the list of kex algorithms
++     */
++    kex = pkex->methods[SSH_KEX];
+     len = strlen(kex);
+-    /* Comma, comma, nul byte */
+-    kex_len = len + 1 + strlen(KEX_EXTENSION_CLIENT) + 1 + strlen(KEX_STRICT_CLIENT ) + 1;
++    if (session->server) {
++	/* Comma, nul byte */
++	kex_len = len + 1 + strlen(KEX_STRICT_SERVER) + 1;
++    } else {
++	/* Comma, comma, nul byte */
++	kex_len = len + 1 + strlen(KEX_EXTENSION_CLIENT) + 1 +
++		  strlen(KEX_STRICT_CLIENT) + 1;
++    }
+     if (kex_len >= MAX_PACKET_LEN) {
+         /* Overflow */
+         return SSH_ERROR;
+@@ -816,9 +835,16 @@ int ssh_set_client_kex(ssh_session session)
+         ssh_set_error_oom(session);
+         return SSH_ERROR;
+     }
+-    snprintf(kex_tmp + len, kex_len - len, ",%s,%s", KEX_EXTENSION_CLIENT, KEX_STRICT_CLIENT);
+-    client->methods[SSH_KEX] = kex_tmp;
+-
++    if (session->server){
++	snprintf(kex_tmp + len, kex_len - len, ",%s", KEX_STRICT_SERVER);
++    } else {
++	snprintf(kex_tmp + len,
++		 kex_len - len,
++		 ",%s,%s",
++		 KEX_EXTENSION_CLIENT,
++		 KEX_STRICT_CLIENT);
++    }
++    pkex->methods[SSH_KEX] = kex_tmp;
+     return SSH_OK;
+ }
+ 
+diff --git a/src/server.c b/src/server.c
+index bc98da4f..f3d24a7b 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -158,7 +158,13 @@ static int server_set_kex(ssh_session session) {
+     }
+   }
+ 
+-  return 0;
++  /* Do not append the extensions during rekey */
++  if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) {
++      return SSH_OK;
++  }
++
++  rc = ssh_kex_append_extensions(session, server);
++  return rc;
+ }
+ 
+ int ssh_server_init_kex(ssh_session session) {
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-3.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-3.patch
new file mode 100644
index 0000000000..1635a4c2dc
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-3.patch
@@ -0,0 +1,47 @@
+From 5846e57538c750c5ce67df887d09fa99861c79c6 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 14 Dec 2023 12:22:01 +0100
+Subject: [PATCH] CVE-2023-48795: Strip extensions from both kex lists for
+ matching
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Upstream-Status: Backport [https://gitlab.com/libssh/libssh-mirror/-/commit/5846e57538c750c5ce67df887d09fa99861c79c6]
+CVE: CVE-2023-48795
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/kex.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/src/kex.c b/src/kex.c
+index b03e6484..c100d908 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -857,11 +857,19 @@ int ssh_kex_select_methods (ssh_session session){
+     char *ext_start = NULL;
+     int i;
+ 
+-    /* Here we should drop the  ext-info-c  from the list so we avoid matching.
++    /* Here we should drop the extensions from the list so we avoid matching.
+      * it. We added it to the end, so we can just truncate the string here */
+-    ext_start = strstr(client->methods[SSH_KEX], ","KEX_EXTENSION_CLIENT);
+-    if (ext_start != NULL) {
+-        ext_start[0] = '\0';
++    if (session->client) {
++	ext_start = strstr(client->methods[SSH_KEX], "," KEX_EXTENSION_CLIENT);
++	if (ext_start != NULL) {
++	    ext_start[0] = '\0';
++	}
++    }
++    if (session->server) {
++	ext_start = strstr(server->methods[SSH_KEX], "," KEX_STRICT_SERVER);
++	if (ext_start != NULL) {
++	    ext_start[0] = '\0';
++	}
+     }
+ 
+     for (i = 0; i < KEX_METHODS_SIZE; i++) {
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb b/meta-oe/recipes-support/libssh/libssh_0.8.9.bb
index c7e9c3320c..530dda1f4a 100644
--- a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb
+++ b/meta-oe/recipes-support/libssh/libssh_0.8.9.bb
@@ -6,7 +6,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=dabb4958b830e5df11d2b0ed8ea255a0"
 
 DEPENDS = "zlib openssl"
 
-SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.8"
+SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.8 \
+           file://CVE-2020-16135.patch \
+           file://CVE-2023-48795-1.patch \
+           file://CVE-2023-48795-2.patch \
+           file://CVE-2023-48795-3.patch \
+          "
 SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8"
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch b/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch
new file mode 100644
index 0000000000..7cdb5f9bda
--- /dev/null
+++ b/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch
@@ -0,0 +1,164 @@
+From 0168696f95b5c610c3861ced8ef98accd1a83b91 Mon Sep 17 00:00:00 2001
+From: Benjamin Marzinski <bmarzins@redhat.com>
+Date: Tue, 27 Sep 2022 12:36:37 +0200
+Subject: [PATCH] multipathd: ignore duplicated multipathd command keys
+
+multipath adds rather than or-s the values of command keys. Fix this.
+Also, return an invalid fingerprint if a key is used more than once.
+
+CVE: CVE-2022-41974
+
+References:
+https://nvd.nist.gov/vuln/detail/CVE-2022-41974
+https://github.com/opensvc/multipath-tools/issues/59
+
+Upstream-Status: Backport
+[https://github.com/openSUSE/multipath-tools/commit/fbbf280a0e26026c19879d938ebb2a8200b6357c]
+
+Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ multipathd/cli.c  |   8 ++--
+ multipathd/main.c | 104 +++++++++++++++++++++++-----------------------
+ 2 files changed, 57 insertions(+), 55 deletions(-)
+
+diff --git a/multipathd/cli.c b/multipathd/cli.c
+index 800c0fbe..0a266761 100644
+--- a/multipathd/cli.c
++++ b/multipathd/cli.c
+@@ -336,9 +336,11 @@ fingerprint(vector vec)
+	if (!vec)
+		return 0;
+
+-	vector_foreach_slot(vec, kw, i)
+-		fp += kw->code;
+-
++	vector_foreach_slot(vec, kw, i) {
++		if (fp & kw->code)
++			return (uint64_t)-1;
++		fp |= kw->code;
++	}
+	return fp;
+ }
+
+diff --git a/multipathd/main.c b/multipathd/main.c
+index 8baf9abe..975287d2 100644
+--- a/multipathd/main.c
++++ b/multipathd/main.c
+@@ -1522,61 +1522,61 @@ uxlsnrloop (void * ap)
+	/* Tell main thread that thread has started */
+	post_config_state(DAEMON_CONFIGURE);
+
+-	set_handler_callback(LIST+PATHS, cli_list_paths);
+-	set_handler_callback(LIST+PATHS+FMT, cli_list_paths_fmt);
+-	set_handler_callback(LIST+PATHS+RAW+FMT, cli_list_paths_raw);
+-	set_handler_callback(LIST+PATH, cli_list_path);
+-	set_handler_callback(LIST+MAPS, cli_list_maps);
+-	set_handler_callback(LIST+STATUS, cli_list_status);
+-	set_unlocked_handler_callback(LIST+DAEMON, cli_list_daemon);
+-	set_handler_callback(LIST+MAPS+STATUS, cli_list_maps_status);
+-	set_handler_callback(LIST+MAPS+STATS, cli_list_maps_stats);
+-	set_handler_callback(LIST+MAPS+FMT, cli_list_maps_fmt);
+-	set_handler_callback(LIST+MAPS+RAW+FMT, cli_list_maps_raw);
+-	set_handler_callback(LIST+MAPS+TOPOLOGY, cli_list_maps_topology);
+-	set_handler_callback(LIST+TOPOLOGY, cli_list_maps_topology);
+-	set_handler_callback(LIST+MAPS+JSON, cli_list_maps_json);
+-	set_handler_callback(LIST+MAP+TOPOLOGY, cli_list_map_topology);
+-	set_handler_callback(LIST+MAP+FMT, cli_list_map_fmt);
+-	set_handler_callback(LIST+MAP+RAW+FMT, cli_list_map_fmt);
+-	set_handler_callback(LIST+MAP+JSON, cli_list_map_json);
+-	set_handler_callback(LIST+CONFIG+LOCAL, cli_list_config_local);
+-	set_handler_callback(LIST+CONFIG, cli_list_config);
+-	set_handler_callback(LIST+BLACKLIST, cli_list_blacklist);
+-	set_handler_callback(LIST+DEVICES, cli_list_devices);
+-	set_handler_callback(LIST+WILDCARDS, cli_list_wildcards);
+-	set_handler_callback(RESET+MAPS+STATS, cli_reset_maps_stats);
+-	set_handler_callback(RESET+MAP+STATS, cli_reset_map_stats);
+-	set_handler_callback(ADD+PATH, cli_add_path);
+-	set_handler_callback(DEL+PATH, cli_del_path);
+-	set_handler_callback(ADD+MAP, cli_add_map);
+-	set_handler_callback(DEL+MAP, cli_del_map);
+-	set_handler_callback(SWITCH+MAP+GROUP, cli_switch_group);
++	set_handler_callback(LIST|PATHS, cli_list_paths);
++	set_handler_callback(LIST|PATHS|FMT, cli_list_paths_fmt);
++	set_handler_callback(LIST|PATHS|RAW|FMT, cli_list_paths_raw);
++	set_handler_callback(LIST|PATH, cli_list_path);
++	set_handler_callback(LIST|MAPS, cli_list_maps);
++	set_handler_callback(LIST|STATUS, cli_list_status);
++	set_unlocked_handler_callback(LIST|DAEMON, cli_list_daemon);
++	set_handler_callback(LIST|MAPS|STATUS, cli_list_maps_status);
++	set_handler_callback(LIST|MAPS|STATS, cli_list_maps_stats);
++	set_handler_callback(LIST|MAPS|FMT, cli_list_maps_fmt);
++	set_handler_callback(LIST|MAPS|RAW|FMT, cli_list_maps_raw);
++	set_handler_callback(LIST|MAPS|TOPOLOGY, cli_list_maps_topology);
++	set_handler_callback(LIST|TOPOLOGY, cli_list_maps_topology);
++	set_handler_callback(LIST|MAPS|JSON, cli_list_maps_json);
++	set_handler_callback(LIST|MAP|TOPOLOGY, cli_list_map_topology);
++	set_handler_callback(LIST|MAP|FMT, cli_list_map_fmt);
++	set_handler_callback(LIST|MAP|RAW|FMT, cli_list_map_fmt);
++	set_handler_callback(LIST|MAP|JSON, cli_list_map_json);
++	set_handler_callback(LIST|CONFIG|LOCAL, cli_list_config_local);
++	set_handler_callback(LIST|CONFIG, cli_list_config);
++	set_handler_callback(LIST|BLACKLIST, cli_list_blacklist);
++	set_handler_callback(LIST|DEVICES, cli_list_devices);
++	set_handler_callback(LIST|WILDCARDS, cli_list_wildcards);
++	set_handler_callback(RESET|MAPS|STATS, cli_reset_maps_stats);
++	set_handler_callback(RESET|MAP|STATS, cli_reset_map_stats);
++	set_handler_callback(ADD|PATH, cli_add_path);
++	set_handler_callback(DEL|PATH, cli_del_path);
++	set_handler_callback(ADD|MAP, cli_add_map);
++	set_handler_callback(DEL|MAP, cli_del_map);
++	set_handler_callback(SWITCH|MAP|GROUP, cli_switch_group);
+	set_unlocked_handler_callback(RECONFIGURE, cli_reconfigure);
+-	set_handler_callback(SUSPEND+MAP, cli_suspend);
+-	set_handler_callback(RESUME+MAP, cli_resume);
+-	set_handler_callback(RESIZE+MAP, cli_resize);
+-	set_handler_callback(RELOAD+MAP, cli_reload);
+-	set_handler_callback(RESET+MAP, cli_reassign);
+-	set_handler_callback(REINSTATE+PATH, cli_reinstate);
+-	set_handler_callback(FAIL+PATH, cli_fail);
+-	set_handler_callback(DISABLEQ+MAP, cli_disable_queueing);
+-	set_handler_callback(RESTOREQ+MAP, cli_restore_queueing);
+-	set_handler_callback(DISABLEQ+MAPS, cli_disable_all_queueing);
+-	set_handler_callback(RESTOREQ+MAPS, cli_restore_all_queueing);
++	set_handler_callback(SUSPEND|MAP, cli_suspend);
++	set_handler_callback(RESUME|MAP, cli_resume);
++	set_handler_callback(RESIZE|MAP, cli_resize);
++	set_handler_callback(RELOAD|MAP, cli_reload);
++	set_handler_callback(RESET|MAP, cli_reassign);
++	set_handler_callback(REINSTATE|PATH, cli_reinstate);
++	set_handler_callback(FAIL|PATH, cli_fail);
++	set_handler_callback(DISABLEQ|MAP, cli_disable_queueing);
++	set_handler_callback(RESTOREQ|MAP, cli_restore_queueing);
++	set_handler_callback(DISABLEQ|MAPS, cli_disable_all_queueing);
++	set_handler_callback(RESTOREQ|MAPS, cli_restore_all_queueing);
+	set_unlocked_handler_callback(QUIT, cli_quit);
+	set_unlocked_handler_callback(SHUTDOWN, cli_shutdown);
+-	set_handler_callback(GETPRSTATUS+MAP, cli_getprstatus);
+-	set_handler_callback(SETPRSTATUS+MAP, cli_setprstatus);
+-	set_handler_callback(UNSETPRSTATUS+MAP, cli_unsetprstatus);
+-	set_handler_callback(FORCEQ+DAEMON, cli_force_no_daemon_q);
+-	set_handler_callback(RESTOREQ+DAEMON, cli_restore_no_daemon_q);
+-	set_handler_callback(GETPRKEY+MAP, cli_getprkey);
+-	set_handler_callback(SETPRKEY+MAP+KEY, cli_setprkey);
+-	set_handler_callback(UNSETPRKEY+MAP, cli_unsetprkey);
+-	set_handler_callback(SETMARGINAL+PATH, cli_set_marginal);
+-	set_handler_callback(UNSETMARGINAL+PATH, cli_unset_marginal);
+-	set_handler_callback(UNSETMARGINAL+MAP, cli_unset_all_marginal);
++	set_handler_callback(GETPRSTATUS|MAP, cli_getprstatus);
++	set_handler_callback(SETPRSTATUS|MAP, cli_setprstatus);
++	set_handler_callback(UNSETPRSTATUS|MAP, cli_unsetprstatus);
++	set_handler_callback(FORCEQ|DAEMON, cli_force_no_daemon_q);
++	set_handler_callback(RESTOREQ|DAEMON, cli_restore_no_daemon_q);
++	set_handler_callback(GETPRKEY|MAP, cli_getprkey);
++	set_handler_callback(SETPRKEY|MAP|KEY, cli_setprkey);
++	set_handler_callback(UNSETPRKEY|MAP, cli_unsetprkey);
++	set_handler_callback(SETMARGINAL|PATH, cli_set_marginal);
++	set_handler_callback(UNSETMARGINAL|PATH, cli_unset_marginal);
++	set_handler_callback(UNSETMARGINAL|MAP, cli_unset_all_marginal);
+
+	umask(077);
+	uxsock_listen(&uxsock_trigger, ux_sock, ap);
+--
+2.31.1
diff --git a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
index 2e929362d4..0d51263f66 100644
--- a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
+++ b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
@@ -49,6 +49,7 @@ SRC_URI = "git://github.com/opensvc/multipath-tools.git;protocol=http;branch=mas
            file://0001-fix-boolean-value-with-json-c-0.14.patch \
            file://0001-libmultipath-uevent.c-fix-error-handling-for-udev_mo.patch \
            file://0001-multipath-tools-use-run-instead-of-dev-shm.patch \
+	   file://CVE-2022-41974.patch \
            "
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
@@ -122,5 +123,5 @@ FILES:kpartx = "${base_sbindir}/kpartx \
 RDEPENDS:${PN} += "kpartx"
 PARALLEL_MAKE = ""
 
-FILES:${PN}-libs += "usr/lib"
+FILES:${PN}-libs += "usr/lib/*.so.*"
 FILES:${PN}-libs += "usr/lib/tmpfiles.d/*"
diff --git a/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch b/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch
index eb6174a7b0..950fae667a 100644
--- a/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch
+++ b/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch
@@ -18,7 +18,12 @@ diff --git a/nss/coreconf/arch.mk b/nss/coreconf/arch.mk
 index 2012d18..78fca62 100644
 --- a/nss/coreconf/arch.mk
 +++ b/nss/coreconf/arch.mk
-@@ -30,7 +30,7 @@ OS_TEST := $(shell uname -m)
+@@ -26,11 +26,11 @@ OS_ARCH := $(subst /,_,$(shell uname -s)
+ # Attempt to differentiate between sparc and x86 Solaris
+ #
+ 
+-OS_TEST := $(shell uname -m)
++OS_TEST ?= $(shell uname -m)
  ifeq ($(OS_TEST),i86pc)
      OS_RELEASE := $(shell uname -r)_$(OS_TEST)
  else
diff --git a/meta-oe/recipes-support/opencv/opencv/CVE-2023-2617.patch b/meta-oe/recipes-support/opencv/opencv/CVE-2023-2617.patch
new file mode 100644
index 0000000000..e5eafd4790
--- /dev/null
+++ b/meta-oe/recipes-support/opencv/opencv/CVE-2023-2617.patch
@@ -0,0 +1,88 @@
+commit ccc277247ac1a7aef0a90353edcdec35fbc5903c
+Author: Nano <nanoapezlk@gmail.com>
+Date:   Wed Apr 26 15:09:52 2023 +0800
+
+    fix(wechat_qrcode): Init nBytes after the count value is determined (#3480)
+
+    * fix(wechat_qrcode): Initialize nBytes after the count value is determined
+
+    * fix(wechat_qrcode): Incorrect count data repair
+
+    * chore: format expr
+
+    * fix(wechat_qrcode): Avoid null pointer exception
+
+    * fix(wechat_qrcode): return when bytes_ is empty
+
+    * test(wechat_qrcode): add test case
+
+    ---------
+
+    Co-authored-by: GZTime <Time.GZ@outlook.com>
+
+CVE: CVE-2023-2617
+
+Upstream-Status: Backport [https://github.com/opencv/opencv_contrib/commit/ccc277247ac1a7aef0a90353edcdec35fbc5903c]
+
+Signed-off-by: Soumya <soumya.sambu@windriver.com>
+---
+
+diff --git a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+index 05de793c..b3a0a69c 100644
+--- a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
++++ b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+@@ -65,7 +65,8 @@ void DecodedBitStreamParser::append(std::string& result, string const& in,
+
+ void DecodedBitStreamParser::append(std::string& result, const char* bufIn, size_t nIn,
+                                     ErrorHandler& err_handler) {
+-    if (err_handler.ErrCode()) return;
++    // avoid null pointer exception
++    if (err_handler.ErrCode() || bufIn == nullptr) return;
+ #ifndef NO_ICONV_INSIDE
+     if (nIn == 0) {
+         return;
+@@ -190,16 +191,20 @@ void DecodedBitStreamParser::decodeByteSegment(Ref<BitSource> bits_, string& res
+                                                CharacterSetECI* currentCharacterSetECI,
+                                                ArrayRef<ArrayRef<char> >& byteSegments,
+                                                ErrorHandler& err_handler) {
+-    int nBytes = count;
+     BitSource& bits(*bits_);
+     // Don't crash trying to read more bits than we have available.
+     int available = bits.available();
+     // try to repair count data if count data is invalid
+     if (count * 8 > available) {
+-        count = (available + 7 / 8);
++        count = (available + 7) / 8;
+     }
++    size_t nBytes = count;
++
++    ArrayRef<char> bytes_(nBytes);
++    // issue https://github.com/opencv/opencv_contrib/issues/3478
++    if (bytes_->empty())
++        return;
+
+-    ArrayRef<char> bytes_(count);
+     char* readBytes = &(*bytes_)[0];
+     for (int i = 0; i < count; i++) {
+         //    readBytes[i] = (char) bits.readBits(8);
+diff --git a/modules/wechat_qrcode/test/test_qrcode.cpp b/modules/wechat_qrcode/test/test_qrcode.cpp
+index d59932b8..ec2559b0 100644
+--- a/modules/wechat_qrcode/test/test_qrcode.cpp
++++ b/modules/wechat_qrcode/test/test_qrcode.cpp
+@@ -289,5 +289,16 @@ TEST_P(Objdetect_QRCode_Multi, regression) {
+ INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Curved, testing::ValuesIn(qrcode_images_curved));
+ // INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Multi, testing::ValuesIn(qrcode_images_multiple));
+
++TEST(Objdetect_QRCode_bug, issue_3478) {
++    auto detector = wechat_qrcode::WeChatQRCode();
++    std::string image_path = findDataFile("qrcode/issue_3478.png");
++    Mat src = imread(image_path, IMREAD_GRAYSCALE);
++    ASSERT_FALSE(src.empty()) << "Can't read image: " << image_path;
++    std::vector<std::string> outs = detector.detectAndDecode(src);
++    ASSERT_EQ(1, (int) outs.size());
++    ASSERT_EQ(16, (int) outs[0].size());
++    ASSERT_EQ("KFCVW50         ", outs[0]);
++}
++
+ }  // namespace
+ }  // namespace opencv_test
diff --git a/meta-oe/recipes-support/opencv/opencv/CVE-2023-2618.patch b/meta-oe/recipes-support/opencv/opencv/CVE-2023-2618.patch
new file mode 100644
index 0000000000..4cd3003e3c
--- /dev/null
+++ b/meta-oe/recipes-support/opencv/opencv/CVE-2023-2618.patch
@@ -0,0 +1,32 @@
+From 2b62ff6181163eea029ed1cab11363b4996e9cd6 Mon Sep 17 00:00:00 2001
+From: Nano <nanoapezlk@gmail.com>
+Date: Thu, 27 Apr 2023 17:38:35 +0800
+Subject: [PATCH] fix(wechat_qrcode): fixed memory leaks
+
+CVE: CVE-2023-2618
+
+Upstream-Status: Backport [https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ .../src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp   | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+index b3a0a69c..f02435d5 100644
+--- a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
++++ b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+@@ -127,7 +127,10 @@ void DecodedBitStreamParser::decodeHanziSegment(Ref<BitSource> bits_, string& re
+     while (count > 0) {
+         // Each 13 bits encodes a 2-byte character
+         int twoBytes = bits.readBits(13, err_handler);
+-        if (err_handler.ErrCode()) return;
++        if (err_handler.ErrCode()) {
++            delete[] buffer;
++            return;
++        }
+         int assembledTwoBytes = ((twoBytes / 0x060) << 8) | (twoBytes % 0x060);
+         if (assembledTwoBytes < 0x003BF) {
+             // In the 0xA1A1 to 0xAAFE range
+--
+2.40.0
diff --git a/meta-oe/recipes-support/opencv/opencv_4.5.5.bb b/meta-oe/recipes-support/opencv/opencv_4.5.5.bb
index e4fb676f7e..5b5685f990 100644
--- a/meta-oe/recipes-support/opencv/opencv_4.5.5.bb
+++ b/meta-oe/recipes-support/opencv/opencv_4.5.5.bb
@@ -39,12 +39,12 @@ IPP_MD5 = "${@ipp_md5sum(d)}"
 
 SRCREV_FORMAT = "opencv_contrib_ipp_boostdesc_vgg"
 SRC_URI = "git://github.com/opencv/opencv.git;name=opencv;branch=master;protocol=https \
-           git://github.com/opencv/opencv_contrib.git;destsuffix=contrib;name=contrib;branch=master;protocol=https \
-           git://github.com/opencv/opencv_3rdparty.git;branch=ippicv/master_20191018;destsuffix=ipp;name=ipp;protocol=https \
-           git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_boostdesc_20161012;destsuffix=boostdesc;name=boostdesc;protocol=https \
-           git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_vgg_20160317;destsuffix=vgg;name=vgg;protocol=https \
-           git://github.com/opencv/opencv_3rdparty.git;branch=contrib_face_alignment_20170818;destsuffix=face;name=face;protocol=https \
-           git://github.com/WeChatCV/opencv_3rdparty.git;branch=wechat_qrcode;destsuffix=wechat_qrcode;name=wechat-qrcode;protocol=https \
+           git://github.com/opencv/opencv_contrib.git;destsuffix=git/contrib;name=contrib;branch=master;protocol=https \
+           git://github.com/opencv/opencv_3rdparty.git;branch=ippicv/master_20191018;destsuffix=git/ipp;name=ipp;protocol=https \
+           git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_boostdesc_20161012;destsuffix=git/boostdesc;name=boostdesc;protocol=https \
+           git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_vgg_20160317;destsuffix=git/vgg;name=vgg;protocol=https \
+           git://github.com/opencv/opencv_3rdparty.git;branch=contrib_face_alignment_20170818;destsuffix=git/face;name=face;protocol=https \
+           git://github.com/WeChatCV/opencv_3rdparty.git;branch=wechat_qrcode;destsuffix=git/wechat_qrcode;name=wechat-qrcode;protocol=https \
            file://0001-3rdparty-ippicv-Use-pre-downloaded-ipp.patch \
            file://0003-To-fix-errors-as-following.patch \
            file://0001-Temporarliy-work-around-deprecated-ffmpeg-RAW-functi.patch \
@@ -52,8 +52,10 @@ SRC_URI = "git://github.com/opencv/opencv.git;name=opencv;branch=master;protocol
            file://download.patch \
            file://0001-Make-ts-module-external.patch \
            file://0001-core-vsx-update-vec_absd-workaround-condition.patch \
+           file://CVE-2023-2617.patch;patchdir=contrib \
+           file://CVE-2023-2618.patch;patchdir=contrib \
            "
-SRC_URI:append:riscv64 = " file://0001-Use-Os-to-compile-tinyxml2.cpp.patch;patchdir=../contrib"
+SRC_URI:append:riscv64 = " file://0001-Use-Os-to-compile-tinyxml2.cpp.patch;patchdir=contrib"
 
 S = "${WORKDIR}/git"
 
@@ -62,7 +64,7 @@ S = "${WORKDIR}/git"
 OPENCV_DLDIR = "${WORKDIR}/downloads"
 
 do_unpack_extra() {
-    tar xzf ${WORKDIR}/ipp/ippicv/${IPP_FILENAME} -C ${WORKDIR}
+    tar xzf ${S}/ipp/ippicv/${IPP_FILENAME} -C ${S}
 
     md5() {
         # Return the MD5 of $1
@@ -77,22 +79,22 @@ do_unpack_extra() {
             test -e $DEST || ln -s $F $DEST
         done
     }
-    cache xfeatures2d/boostdesc ${WORKDIR}/boostdesc/*.i
-    cache xfeatures2d/vgg ${WORKDIR}/vgg/*.i
-    cache data ${WORKDIR}/face/*.dat
-    cache wechat_qrcode ${WORKDIR}/wechat_qrcode/*.caffemodel
-    cache wechat_qrcode ${WORKDIR}/wechat_qrcode/*.prototxt
+    cache xfeatures2d/boostdesc ${S}/boostdesc/*.i
+    cache xfeatures2d/vgg ${S}/vgg/*.i
+    cache data ${S}/face/*.dat
+    cache wechat_qrcode ${S}/wechat_qrcode/*.caffemodel
+    cache wechat_qrcode ${S}/wechat_qrcode/*.prototxt
 }
 addtask unpack_extra after do_unpack before do_patch
 
 CMAKE_VERBOSE = "VERBOSE=1"
 
-EXTRA_OECMAKE = "-DOPENCV_EXTRA_MODULES_PATH=${WORKDIR}/contrib/modules \
+EXTRA_OECMAKE = "-DOPENCV_EXTRA_MODULES_PATH=${S}/contrib/modules \
     -DWITH_1394=OFF \
     -DENABLE_PRECOMPILED_HEADERS=OFF \
     -DCMAKE_SKIP_RPATH=ON \
     -DOPENCV_ICV_HASH=${IPP_MD5} \
-    -DIPPROOT=${WORKDIR}/ippicv_lnx \
+    -DIPPROOT=${S}/ippicv_lnx \
     -DOPENCV_GENERATE_PKGCONFIG=ON \
     -DOPENCV_DOWNLOAD_PATH=${OPENCV_DLDIR} \
     -DOPENCV_ALLOW_DOWNLOADS=OFF \
diff --git a/meta-oe/recipes-support/openldap/openldap/0001-ldif-filter-fix-parallel-build-failure.patch b/meta-oe/recipes-support/openldap/openldap/0001-ldif-filter-fix-parallel-build-failure.patch
deleted file mode 100644
index b42bd9764f..0000000000
--- a/meta-oe/recipes-support/openldap/openldap/0001-ldif-filter-fix-parallel-build-failure.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 9e4ccd1e78ceac8de1ab66ee62ee216f1fbd4956 Mon Sep 17 00:00:00 2001
-From: Yi Zhao <yi.zhao@windriver.com>
-Date: Thu, 2 Dec 2021 11:38:15 +0800
-Subject: [PATCH] ldif-filter: fix parallel build failure
-
-Add slapd-common.o as dependency for ldif-filter to fix the parallel
-build failure:
-  ld: cannot find slapd-common.o: No such file or directory
-
-Upstream-Status: Pending
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- tests/progs/Makefile.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/progs/Makefile.in b/tests/progs/Makefile.in
-index 13f1e8be2..e4f4ccf98 100644
---- a/tests/progs/Makefile.in
-+++ b/tests/progs/Makefile.in
-@@ -56,7 +56,7 @@ slapd-modify: slapd-modify.o $(OBJS) $(XLIBS)
- slapd-bind: slapd-bind.o $(OBJS) $(XLIBS)
- 	$(LTLINK) -o $@ slapd-bind.o $(OBJS) $(LIBS)
- 
--ldif-filter: ldif-filter.o $(XLIBS)
-+ldif-filter: ldif-filter.o $(OBJS) $(XLIBS)
- 	$(LTLINK) -o $@ ldif-filter.o $(OBJS) $(LIBS)
- 
- slapd-mtread: slapd-mtread.o $(OBJS) $(XLIBS)
--- 
-2.25.1
-
diff --git a/meta-oe/recipes-support/openldap/openldap/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch b/meta-oe/recipes-support/openldap/openldap/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch
deleted file mode 100644
index 552726bb0a..0000000000
--- a/meta-oe/recipes-support/openldap/openldap/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 690f69791eb6cd0d7e94b4d73219ee864de27f62 Mon Sep 17 00:00:00 2001
-From: Yi Zhao <yi.zhao@windriver.com>
-Date: Mon, 10 Jan 2022 10:13:51 +0800
-Subject: [PATCH] libraries/Makefile.in: ignore the mkdir errors
-
-Ignore the mkdir errors to fix the parallel build failure:
-
-../../build/shtool mkdir -p TOPDIR/tmp-glibc/work/cortexa15t2hf-neon-wrs-linux-gnueabi/openldap/2.5.9-r0/image/usr/lib
-mkdir: cannot create directory 'TOPDIR/tmp-glibc/work/cortexa15t2hf-neon-wrs-linux-gnueabi/openldap/2.5.9-r0/image/usr/lib': File exists
-
-Upstream-Status: Pending
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- libraries/Makefile.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libraries/Makefile.in b/libraries/Makefile.in
-index d9cb2ff..c6b251f 100644
---- a/libraries/Makefile.in
-+++ b/libraries/Makefile.in
-@@ -24,7 +24,7 @@ PKGCONFIG_DIR=$(DESTDIR)$(libdir)/pkgconfig
- PKGCONFIG_SRCDIRS=liblber libldap
- 
- install-local:
--	@$(MKDIR) $(PKGCONFIG_DIR)
-+	@-$(MKDIR) $(PKGCONFIG_DIR)
- 	@for i in $(PKGCONFIG_SRCDIRS); do \
- 	    $(INSTALL_DATA) $$i/*.pc $(PKGCONFIG_DIR); \
- 	done
--- 
-2.17.1
-
diff --git a/meta-oe/recipes-support/openldap/openldap/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch b/meta-oe/recipes-support/openldap/openldap/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch
deleted file mode 100644
index bcd1525b67..0000000000
--- a/meta-oe/recipes-support/openldap/openldap/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 79381ab335898c9184e22dd25b544adefa9bf6c5 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 7 Feb 2022 16:26:57 -0800
-Subject: [PATCH] librewrite: include ldap_pvt_thread.h before redefining
- calloc
-
-This helps compiling with musl, where sched.h is included by
-ldap_pvt_thread.h which provides prototype for calloc() and conflicts
-
-/usr/include/sched.h:84:7: error: conflicting types for 'ber_memcalloc'
-| void *calloc(size_t, size_t);
-|       ^1
-|  warning and 1 error generated.
-| ./rewrite-int.h:44:21: note: expanded from macro 'calloc'
-| #define calloc(x,y)     ber_memcalloc(x,y)
-|                         ^
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- libraries/librewrite/rewrite-int.h | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/libraries/librewrite/rewrite-int.h b/libraries/librewrite/rewrite-int.h
-index 4481dd3..5ec226d 100644
---- a/libraries/librewrite/rewrite-int.h
-+++ b/libraries/librewrite/rewrite-int.h
-@@ -40,6 +40,11 @@
- 
- #include <rewrite.h>
- 
-+#ifndef NO_THREADS
-+#define USE_REWRITE_LDAP_PVT_THREADS
-+#include <ldap_pvt_thread.h>
-+#endif
-+
- #define malloc(x)	ber_memalloc(x)
- #define calloc(x,y)	ber_memcalloc(x,y)
- #define realloc(x,y)	ber_memrealloc(x,y)
-@@ -47,11 +52,6 @@
- #undef strdup
- #define	strdup(x)	ber_strdup(x)
- 
--#ifndef NO_THREADS
--#define USE_REWRITE_LDAP_PVT_THREADS
--#include <ldap_pvt_thread.h>
--#endif
--
- /*
-  * For details, see RATIONALE.
-  */
--- 
-2.35.1
-
diff --git a/meta-oe/recipes-support/openldap/openldap_2.5.12.bb b/meta-oe/recipes-support/openldap/openldap_2.5.16.bb
index e4475e5069..9e9d05917d 100644
--- a/meta-oe/recipes-support/openldap/openldap_2.5.12.bb
+++ b/meta-oe/recipes-support/openldap/openldap_2.5.16.bb
@@ -19,13 +19,10 @@ SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$
     file://initscript \
     file://slapd.service \
     file://remove-user-host-pwd-from-version.patch \
-    file://0001-ldif-filter-fix-parallel-build-failure.patch \
     file://0001-build-top.mk-unset-STRIP_OPTS.patch \
-    file://0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch \
-    file://0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch \
 "
 
-SRC_URI[sha256sum] = "d5086cbfc49597fa7d0670a429a9054552d441b16ee8b2435412797ab0e37b96"
+SRC_URI[sha256sum] = "546ba591822e8bb0e467d40c4d4a30f89d937c3a507fe83a578f582f6a211327"
 
 DEPENDS = "util-linux groff-native"
 
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch b/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch
new file mode 100644
index 0000000000..6a635a7ce6
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch
@@ -0,0 +1,53 @@
+commit 81944d1529202bd28359bede57c0a15deb65ba8a
+Author: fullwaywang <fullwaywang@tencent.com>
+Date:   Mon May 29 10:38:48 2023 +0800
+Subject: [PATCH] pkcs15init: correct left length calculation to fix buffer overrun bug.
+
+    Fixes #2785
+
+CVE: CVE-2023-2977
+
+Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/pull/2787/commits/3bf3ab2f9091f984cda6dd910654ccbbe3f06a40]
+
+Signed-off-by: Soumya <soumya.sambu@windriver.com>
+---
+
+diff --git a/src/pkcs15init/pkcs15-cardos.c b/src/pkcs15init/pkcs15-cardos.c
+index 9715cf39..f41f73c3 100644
+--- a/src/pkcs15init/pkcs15-cardos.c
++++ b/src/pkcs15init/pkcs15-cardos.c
+@@ -872,7 +872,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card)
+	sc_apdu_t apdu;
+         u8        rbuf[SC_MAX_APDU_BUFFER_SIZE];
+         int       r;
+-	const u8  *p = rbuf, *q;
++	const u8  *p = rbuf, *q, *pp;
+	size_t    len, tlen = 0, ilen = 0;
+
+	sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x88);
+@@ -888,13 +888,13 @@ static int cardos_have_verifyrc_package(sc_card_t *card)
+		return 0;
+
+	while (len != 0) {
+-		p = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen);
+-		if (p == NULL)
++		pp = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen);
++		if (pp == NULL)
+			return 0;
+		if (card->type == SC_CARD_TYPE_CARDOS_M4_3)	{
+			/* the verifyRC package on CardOS 4.3B use Manufacturer ID 0x01	*/
+			/* and Package Number 0x07					*/
+-			q = sc_asn1_find_tag(card->ctx, p, tlen, 0x01, &ilen);
++			q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x01, &ilen);
+			if (q == NULL || ilen != 4)
+				return 0;
+			if (q[0] == 0x07)
+@@ -902,7 +902,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card)
+		} else if (card->type == SC_CARD_TYPE_CARDOS_M4_4)	{
+			/* the verifyRC package on CardOS 4.4 use Manufacturer ID 0x03	*/
+			/* and Package Number 0x02					*/
+-			q = sc_asn1_find_tag(card->ctx, p, tlen, 0x03, &ilen);
++			q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x03, &ilen);
+			if (q == NULL || ilen != 4)
+				return 0;
+			if (q[0] == 0x02)
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40660.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40660.patch
new file mode 100644
index 0000000000..74e547298f
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40660.patch
@@ -0,0 +1,55 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/868f76fb31255fd3fdacfc3e476452efeb61c3e7
+From: Frank Morgner <frankmorgner@gmail.com>
+Date: Wed, 21 Jun 2023 12:27:23 +0200
+Subject: Fixed PIN authentication bypass
+
+If two processes are accessing a token, then one process may leave the
+card usable with an authenticated PIN so that a key may sign/decrypt any
+data. This is especially the case if the token does not support a way of
+resetting the authentication status (logout).
+
+We have some tracking of the authentication status in software via
+PKCS#11, Minidriver (os-wise) and CryptoTokenKit, which is why a
+PIN-prompt will appear even though the card may technically be unlocked
+as described in the above example. However, before this change, an empty
+PIN was not verified (likely yielding an error during PIN-verification),
+but it was just checked whether the PIN is authenticated. This defeats
+the purpose of the PIN verification, because an empty PIN is not the
+correct one. Especially during OS Logon, we don't want that kind of
+shortcut, but we want the user to verify the correct PIN (even though
+the token was left unattended and authentication at the computer).
+
+This essentially reverts commit e6f7373ef066cfab6e3162e8b5f692683db23864.
+
+CVE: CVE-2023-40660
+Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/940e8bc764047c873f88bb1396933a5368d03533]
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+---
+ src/libopensc/pkcs15-pin.c | 13 -------------
+ 1 file changed, 13 deletions(-)
+
+diff --git a/src/libopensc/pkcs15-pin.c b/src/libopensc/pkcs15-pin.c
+index 80a185fecd..393234efe4 100644
+--- a/src/libopensc/pkcs15-pin.c
++++ b/src/libopensc/pkcs15-pin.c
+@@ -307,19 +307,6 @@
+ 		LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_PIN_REFERENCE);
+ 	auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
+ 
+-	/*
+-	 * if pin cache is disabled, we can get here with no PIN data.
+-	 * in this case, to avoid error or unnecessary pin prompting on pinpad,
+-	 * check if the PIN has been already verified and the access condition
+-	 * is still open on card.
+-	 */
+-	if (pinlen == 0) {
+-	    r = sc_pkcs15_get_pin_info(p15card, pin_obj);
+-
+-	    if (r == SC_SUCCESS && auth_info->logged_in == SC_PIN_STATE_LOGGED_IN)
+-		LOG_FUNC_RETURN(ctx, r);
+-	}
+-
+ 	r = _validate_pin(p15card, auth_info, pinlen);
+ 
+ 	if (r)
+
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-1.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-1.patch
new file mode 100644
index 0000000000..3ecff558cf
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-1.patch
@@ -0,0 +1,47 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/245efe608d083fd4e4ec96793fdefd218e26fde7
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 17 Aug 2023 13:54:42 +0200
+Subject: pkcs15: Avoid buffer overflow when getting last update
+
+Thanks oss-fuzz
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60769
+
+CVE: CVE-2023-40661
+Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50]
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Hunk refreshed based on codebase.
+
+---
+ src/libopensc/pkcs15.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/src/libopensc/pkcs15.c b/src/libopensc/pkcs15.c
+index eb7fc6afcd..4215b733a8 100644
+--- a/src/libopensc/pkcs15.c
++++ b/src/libopensc/pkcs15.c
+@@ -528,7 +528,7 @@
+ 	struct sc_context *ctx  = p15card->card->ctx;
+ 	struct sc_file *file = NULL;
+ 	struct sc_asn1_entry asn1_last_update[C_ASN1_LAST_UPDATE_SIZE];
+-	unsigned char *content, last_update[32];
++        unsigned char *content, last_update[32] = {0};
+ 	size_t lupdate_len = sizeof(last_update) - 1;
+ 	int r, content_len;
+ 	size_t size;
+@@ -564,9 +564,11 @@
+ 	if (r < 0)
+ 		return NULL;
+ 
+-	p15card->tokeninfo->last_update.gtime = strdup((char *)last_update);
+-	if (!p15card->tokeninfo->last_update.gtime)
+-		return NULL;
++        if (asn1_last_update[0].flags & SC_ASN1_PRESENT) {
++                p15card->tokeninfo->last_update.gtime = strdup((char *)last_update);
++                if (!p15card->tokeninfo->last_update.gtime)
++                        return NULL;
++        }
+ done:
+ 	sc_log(ctx, "lastUpdate.gtime '%s'", p15card->tokeninfo->last_update.gtime);
+ 	return p15card->tokeninfo->last_update.gtime;
+
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-2.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-2.patch
new file mode 100644
index 0000000000..39e729c5a9
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-2.patch
@@ -0,0 +1,32 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/440ca666eff10cc7011901252d20f3fc4ea23651
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 17 Aug 2023 13:41:36 +0200
+Subject: setcos: Avoid buffer underflow
+
+Thanks oss-fuzz
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60672
+CVE: CVE-2023-40661
+Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50]
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Hunk refreshed based on codebase.
+---
+ src/pkcs15init/pkcs15-setcos.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/pkcs15init/pkcs15-setcos.c b/src/pkcs15init/pkcs15-setcos.c
+index 1b56afe6d9..1907b47f9d 100644
+--- a/src/pkcs15init/pkcs15-setcos.c
++++ b/src/pkcs15init/pkcs15-setcos.c
+@@ -346,6 +346,10 @@
+ 
+ 	/* Replace the path of instantiated key template by the path from the object data. */
+         memcpy(&file->path, &key_info->path, sizeof(file->path));
++	if (file->path.len < 2) {
++		sc_file_free(file);
++		LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid path");
++	}
+         file->id = file->path.value[file->path.len - 2] * 0x100
+ 		+ file->path.value[file->path.len - 1];
+ 
+
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-3.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-3.patch
new file mode 100644
index 0000000000..7950cf91df
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-3.patch
@@ -0,0 +1,31 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/41d61da8481582e12710b5858f8b635e0a71ab5e
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 20 Sep 2023 10:13:57 +0200
+Subject: oberthur: Avoid buffer overflow
+
+Thanks oss-fuzz
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60650
+CVE: CVE-2023-40661
+Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50]
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Hunk refreshed based on codebase.
+---
+ src/pkcs15init/pkcs15-oberthur.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/pkcs15init/pkcs15-oberthur.c b/src/pkcs15init/pkcs15-oberthur.c
+index ad2cabd530..c441ab1e76 100644
+--- a/src/pkcs15init/pkcs15-oberthur.c
++++ b/src/pkcs15init/pkcs15-oberthur.c
+@@ -688,6 +688,9 @@
+ 	if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
+ 		LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Create key failed: RSA only supported");
+ 
++	if (key_info->path.len < 2)
++		LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_VALID, "The path needs to be at least to bytes long");
++
+ 	sc_log(ctx,  "create private key ID:%s",  sc_pkcs15_print_id(&key_info->id));
+ 	/* Here, the path of private key file should be defined.
+ 	 * Nevertheless, we need to instantiate private key to get the ACLs. */
+
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-4.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-4.patch
new file mode 100644
index 0000000000..797f8ad3b1
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-4.patch
@@ -0,0 +1,28 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/578aed8391ef117ca64a9e0cba8e5c264368a0ec
+From: Frank Morgner <frankmorgner@gmail.com>
+Date: Thu, 8 Dec 2022 00:27:18 +0100
+Subject: sc_pkcs15init_rmdir: prevent out of bounds write
+
+fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53927
+CVE: CVE-2023-40661
+Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50]
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Hunk refreshed based on codebase.
+---
+ src/pkcs15init/pkcs15-lib.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
+index 91cee37310..3df03c6e1f 100644
+--- a/src/pkcs15init/pkcs15-lib.c
++++ b/src/pkcs15init/pkcs15-lib.c
+@@ -666,6 +666,8 @@
+ 
+ 		path = df->path;
+ 		path.len += 2;
++		if (path.len > SC_MAX_PATH_SIZE)
++			return SC_ERROR_INTERNAL;
+ 
+ 		nfids = r / 2;
+ 		while (r >= 0 && nfids--) {
+
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-5.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-5.patch
new file mode 100644
index 0000000000..e173e65575
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-5.patch
@@ -0,0 +1,30 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/c449a181a6988cc1e8dc8764d23574e48cdc3fa6
+From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
+Date: Mon, 19 Jun 2023 16:14:51 +0200
+Subject: pkcs15-cflex: check path length to prevent underflow
+
+Thanks OSS-Fuzz
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58932
+CVE: CVE-2023-40661
+Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50]
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Hunk refreshed based on codebase.
+---
+ src/pkcs15init/pkcs15-cflex.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/pkcs15init/pkcs15-cflex.c b/src/pkcs15init/pkcs15-cflex.c
+index d06568073d..ce1d48e62c 100644
+--- a/src/pkcs15init/pkcs15-cflex.c
++++ b/src/pkcs15init/pkcs15-cflex.c
+@@ -56,6 +56,9 @@
+         int             r = 0;
+         /* Select the parent DF */
+         path = df->path;
++		if (path.len < 2) {
++			return SC_ERROR_INVALID_ARGUMENTS;
++		}
+         path.len -= 2;
+         r = sc_select_file(p15card->card, &path, &parent);
+         if (r < 0)
+
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-6.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-6.patch
new file mode 100644
index 0000000000..abb524de29
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-6.patch
@@ -0,0 +1,30 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/df5a176bfdf8c52ba89c7fef1f82f6f3b9312bc1
+From: Veronika Hanulikova <xhanulik@fi.muni.cz>
+Date: Fri, 10 Feb 2023 11:47:34 +0100
+Subject: Check array bounds
+
+Thanks OSS-Fuzz
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54312
+CVE: CVE-2023-40661
+Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50]
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Hunk refreshed based on codebase.
+---
+ src/libopensc/muscle.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/libopensc/muscle.c b/src/libopensc/muscle.c
+index 61a4ec24d8..9d01e0c113 100644
+--- a/src/libopensc/muscle.c
++++ b/src/libopensc/muscle.c
+@@ -183,6 +183,9 @@
+ 	sc_apdu_t apdu;
+ 	int r;
+ 
++	if (dataLength + 9 > MSC_MAX_APDU)
++		return SC_ERROR_INVALID_ARGUMENTS;
++
+ 	sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x54, 0x00, 0x00);
+ 	apdu.lc = dataLength + 9;
+ 	if (card->ctx->debug >= 2)
+
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-7.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-7.patch
new file mode 100644
index 0000000000..858a996ed7
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-7.patch
@@ -0,0 +1,40 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/5631e9843c832a99769def85b7b9b68b4e3e3959
+From: Veronika Hanulikova <xhanulik@fi.muni.cz>
+Date: Fri, 3 Mar 2023 16:07:38 +0100
+Subject: Check length of string before making copy
+
+Thanks OSS-Fuzz
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55851
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55998
+CVE: CVE-2023-40661
+Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50]
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Hunk refreshed based on codebase.
+---
+ src/pkcs15init/profile.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/pkcs15init/profile.c b/src/pkcs15init/profile.c
+index 2b793b0282..3bad1e8536 100644
+--- a/src/pkcs15init/profile.c
++++ b/src/pkcs15init/profile.c
+@@ -1465,6 +1465,8 @@
+ 	while (argc--) {
+ 		unsigned int	op, method, id;
+ 
++		if (strlen(*argv) >= sizeof(oper))
++			goto bad;
+ 		strlcpy(oper, *argv++, sizeof(oper));
+ 		if ((what = strchr(oper, '=')) == NULL)
+ 			goto bad;
+@@ -2128,6 +2130,9 @@
+ 		return get_uint(cur, value, type);
+ 	}
+ 
++	if (strlen(value) >= sizeof(temp))
++		return 1;
++
+ 	n = strcspn(value, "0123456789x");
+ 	strlcpy(temp, value, (sizeof(temp) > n) ? n + 1 : sizeof(temp));
+ 
+
diff --git a/meta-oe/recipes-support/opensc/opensc_0.22.0.bb b/meta-oe/recipes-support/opensc/opensc_0.22.0.bb
index f8b4af0c4f..770c2d686b 100644
--- a/meta-oe/recipes-support/opensc/opensc_0.22.0.bb
+++ b/meta-oe/recipes-support/opensc/opensc_0.22.0.bb
@@ -14,7 +14,21 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=cb8aedd3bced19bd8026d96a8b6876d7"
 #v0.21.0
 SRCREV = "c902e1992195e00ada12d71beb1029287cd72037"
 SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \
+           file://CVE-2023-2977.patch \
+           file://CVE-2023-40660.patch \
+           file://CVE-2023-40661-1.patch \
+           file://CVE-2023-40661-2.patch \
+           file://CVE-2023-40661-3.patch \
+           file://CVE-2023-40661-4.patch \
+           file://CVE-2023-40661-5.patch \
+           file://CVE-2023-40661-6.patch \
+           file://CVE-2023-40661-7.patch \
           "
+
+# CVE-2021-34193 is a duplicate CVE covering the 5 individual
+# https://github.com/OpenSC/OpenSC/pull/2855/commits/7a049fc3922060fb75cb9fea9e58eef9edc357ae
+CVE_CHECK_IGNORE += "CVE-2021-34193"
+
 DEPENDS = "virtual/libiconv openssl"
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch b/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch
new file mode 100644
index 0000000000..4a8ea233c8
--- /dev/null
+++ b/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch
@@ -0,0 +1,41 @@
+From 27354e9d9696ee2bc063910a6c9a6b27c5184a52 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Thu, 25 Aug 2022 00:14:22 +0200
+Subject: [PATCH] JBIG2Stream: Fix crash on broken file
+
+https://github.com/jeffssh/CVE-2021-30860
+
+Thanks to David Warren for the heads up
+
+CVE: CVE-2021-30860
+
+References:
+https://nvd.nist.gov/vuln/detail/CVE-2021-30860
+
+Upstream-Status: Backport
+[https://gitlab.freedesktop.org/poppler/poppler/-/commit/27354e9d9696ee2bc063910a6c9a6b27c5184a52]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ poppler/JBIG2Stream.cc | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
+index 662276e5..9f70431d 100644
+--- a/poppler/JBIG2Stream.cc
++++ b/poppler/JBIG2Stream.cc
+@@ -1976,7 +1976,11 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm, bool lossless
+     for (i = 0; i < nRefSegs; ++i) {
+         if ((seg = findSegment(refSegs[i]))) {
+             if (seg->getType() == jbig2SegSymbolDict) {
+-                numSyms += ((JBIG2SymbolDict *)seg)->getSize();
++                const unsigned int segSize = ((JBIG2SymbolDict *)seg)->getSize();
++                if (unlikely(checkedAdd(numSyms, segSize, &numSyms))) {
++                    error(errSyntaxError, getPos(), "Too many symbols in JBIG2 text region");
++                    return;
++                }
+             } else if (seg->getType() == jbig2SegCodeTable) {
+                 codeTables.push_back(seg);
+             }
+--
+2.25.1
diff --git a/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch b/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch
new file mode 100644
index 0000000000..7fdc293aac
--- /dev/null
+++ b/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch
@@ -0,0 +1,46 @@
+From 591235c8b6c65a2eee88991b9ae73490fd9afdfe Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Fri, 18 Aug 2023 08:22:06 +0000
+Subject: [PATCH] OutlineItem::open: Fix crash on malformed files
+
+Fixes #1399
+
+CVE: CVE-2023-34872
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ poppler/Outline.cc | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/poppler/Outline.cc b/poppler/Outline.cc
+index cbb6cb4..4c68be9 100644
+--- a/poppler/Outline.cc
++++ b/poppler/Outline.cc
+@@ -14,7 +14,7 @@
+ // under GPL version 2 or later
+ //
+ // Copyright (C) 2005 Marco Pesenti Gritti <mpg@redhat.com>
+-// Copyright (C) 2008, 2016-2019, 2021 Albert Astals Cid <aacid@kde.org>
++// Copyright (C) 2008, 2016-2019, 2021, 2023 Albert Astals Cid <aacid@kde.org>
+ // Copyright (C) 2009 Nick Jones <nick.jones@network-box.com>
+ // Copyright (C) 2016 Jason Crain <jason@aquaticape.us>
+ // Copyright (C) 2017 Adrian Johnson <ajohnson@redneon.com>
+@@ -483,8 +483,12 @@ void OutlineItem::open()
+ {
+     if (!kids) {
+         Object itemDict = xref->fetch(ref);
+-        const Object &firstRef = itemDict.dictLookupNF("First");
+-        kids = readItemList(this, &firstRef, xref, doc);
++        if (itemDict.isDict()) {
++            const Object &firstRef = itemDict.dictLookupNF("First");
++            kids = readItemList(this, &firstRef, xref, doc);
++        } else {
++            kids = new std::vector<OutlineItem *>();
++        }
+     }
+ }
+
+--
+2.35.5
diff --git a/meta-oe/recipes-support/poppler/poppler_22.04.0.bb b/meta-oe/recipes-support/poppler/poppler_22.04.0.bb
index b7cdb4f1be..04106f11aa 100644
--- a/meta-oe/recipes-support/poppler/poppler_22.04.0.bb
+++ b/meta-oe/recipes-support/poppler/poppler_22.04.0.bb
@@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
 SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \
            file://0001-Do-not-overwrite-all-our-build-flags.patch \
            file://basename-include.patch \
+           file://0001-JBIG2Stream-Fix-crash-on-broken-file.patch \
+	   file://CVE-2023-34872.patch \
            "
 SRC_URI[sha256sum] = "813fb4b90e7bda63df53205c548602bae728887a60f4048aae4dbd9b1927deff"
 
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0001.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0001.patch
new file mode 100644
index 0000000000..7d1dd6582f
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0001.patch
@@ -0,0 +1,65 @@
+From b5a060f2ebb8d794f508436a12e4d4163f94b1b8 Mon Sep 17 00:00:00 2001
+From: Laszlo Varady <laszlo.varady@protonmail.com>
+Date: Sat, 20 Aug 2022 12:26:05 +0200
+Subject: [PATCH 1/8] syslogformat: fix out-of-bounds reading of data buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE: CVE-2022-38725
+
+Upstream-Status: Backport
+[https://github.com/syslog-ng/syslog-ng/commit/b5a060f2ebb8d794f508436a12e4d4163f94b1b8]
+
+Signed-off-by: László Várady <laszlo.varady@protonmail.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ modules/syslogformat/syslog-format.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/modules/syslogformat/syslog-format.c b/modules/syslogformat/syslog-format.c
+index aacb525b3..872cc1d71 100644
+--- a/modules/syslogformat/syslog-format.c
++++ b/modules/syslogformat/syslog-format.c
+@@ -223,6 +223,9 @@ log_msg_parse_cisco_timestamp_attributes(LogMessage *self, const guchar **data,
+   const guchar *src = *data;
+   gint left = *length;
+ 
++  if (!left)
++    return;
++
+   /* Cisco timestamp extensions, the first '*' indicates that the clock is
+    * unsynced, '.' if it is known to be synced */
+   if (G_UNLIKELY(src[0] == '*'))
+@@ -562,7 +565,7 @@ log_msg_parse_sd(LogMessage *self, const guchar **data, gint *length, const MsgF
+       open_sd++;
+       do
+         {
+-          if (!isascii(*src) || *src == '=' || *src == ' ' || *src == ']' || *src == '"')
++          if (!left || !isascii(*src) || *src == '=' || *src == ' ' || *src == ']' || *src == '"')
+             goto error;
+           /* read sd_id */
+           pos = 0;
+@@ -595,7 +598,8 @@ log_msg_parse_sd(LogMessage *self, const guchar **data, gint *length, const MsgF
+           sd_id_len = pos;
+           strcpy(sd_value_name, logmsg_sd_prefix);
+           strncpy(sd_value_name + logmsg_sd_prefix_len, sd_id_name, sizeof(sd_value_name) - logmsg_sd_prefix_len);
+-          if (*src == ']')
++
++          if (left && *src == ']')
+             {
+               log_msg_set_value_by_name(self, sd_value_name, "", 0);
+             }
+@@ -612,7 +616,7 @@ log_msg_parse_sd(LogMessage *self, const guchar **data, gint *length, const MsgF
+               else
+                 goto error;
+ 
+-              if (!isascii(*src) || *src == '=' || *src == ' ' || *src == ']' || *src == '"')
++              if (!left || !isascii(*src) || *src == '=' || *src == ' ' || *src == ']' || *src == '"')
+                 goto error;
+ 
+               /* read sd-param */
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0002.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0002.patch
new file mode 100644
index 0000000000..9ccb24ddea
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0002.patch
@@ -0,0 +1,150 @@
+From 81a07263f1e522a376d3a30f96f51df3f2879f8a Mon Sep 17 00:00:00 2001
+From: Laszlo Varady <laszlo.varady@protonmail.com>
+Date: Sat, 20 Aug 2022 12:22:44 +0200
+Subject: [PATCH 2/8] syslogformat: add bug reproducer test for non-zero terminated
+ input
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE: CVE-2022-38725
+
+Upstream-Status: Backport
+[https://github.com/syslog-ng/syslog-ng/commit/81a07263f1e522a376d3a30f96f51df3f2879f8a]
+
+Signed-off-by: László Várady <laszlo.varady@protonmail.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ modules/syslogformat/CMakeLists.txt           |  1 +
+ modules/syslogformat/Makefile.am              |  2 +
+ modules/syslogformat/tests/CMakeLists.txt     |  1 +
+ modules/syslogformat/tests/Makefile.am        |  9 +++
+ .../syslogformat/tests/test_syslog_format.c   | 72 +++++++++++++++++++
+ 5 files changed, 85 insertions(+)
+ create mode 100644 modules/syslogformat/tests/CMakeLists.txt
+ create mode 100644 modules/syslogformat/tests/Makefile.am
+ create mode 100644 modules/syslogformat/tests/test_syslog_format.c
+
+diff --git a/modules/syslogformat/CMakeLists.txt b/modules/syslogformat/CMakeLists.txt
+index 94ee01aa2..64848efee 100644
+--- a/modules/syslogformat/CMakeLists.txt
++++ b/modules/syslogformat/CMakeLists.txt
+@@ -14,3 +14,4 @@ add_module(
+   SOURCES ${SYSLOGFORMAT_SOURCES}
+ )
+ 
++add_test_subdirectory(tests)
+diff --git a/modules/syslogformat/Makefile.am b/modules/syslogformat/Makefile.am
+index f13f88c1b..14cdf589d 100644
+--- a/modules/syslogformat/Makefile.am
++++ b/modules/syslogformat/Makefile.am
+@@ -31,3 +31,5 @@ modules_syslogformat_libsyslogformat_la_DEPENDENCIES =	\
+ modules/syslogformat modules/syslogformat/ mod-syslogformat: \
+ 	modules/syslogformat/libsyslogformat.la
+ .PHONY: modules/syslogformat/ mod-syslogformat
++
++include modules/syslogformat/tests/Makefile.am
+diff --git a/modules/syslogformat/tests/CMakeLists.txt b/modules/syslogformat/tests/CMakeLists.txt
+new file mode 100644
+index 000000000..2e45b7194
+--- /dev/null
++++ b/modules/syslogformat/tests/CMakeLists.txt
+@@ -0,0 +1 @@
++add_unit_test(CRITERION TARGET test_syslog_format DEPENDS syslogformat)
+diff --git a/modules/syslogformat/tests/Makefile.am b/modules/syslogformat/tests/Makefile.am
+new file mode 100644
+index 000000000..7ee66a59c
+--- /dev/null
++++ b/modules/syslogformat/tests/Makefile.am
+@@ -0,0 +1,9 @@
++modules_syslogformat_tests_TESTS = \
++    modules/syslogformat/tests/test_syslog_format
++
++check_PROGRAMS += ${modules_syslogformat_tests_TESTS}
++
++EXTRA_DIST += modules/syslogformat/tests/CMakeLists.txt
++
++modules_syslogformat_tests_test_syslog_format_CFLAGS = $(TEST_CFLAGS) -I$(top_srcdir)/modules/syslogformat
++modules_syslogformat_tests_test_syslog_format_LDADD = $(TEST_LDADD) $(PREOPEN_SYSLOGFORMAT)
+diff --git a/modules/syslogformat/tests/test_syslog_format.c b/modules/syslogformat/tests/test_syslog_format.c
+new file mode 100644
+index 000000000..b247fe3c5
+--- /dev/null
++++ b/modules/syslogformat/tests/test_syslog_format.c
+@@ -0,0 +1,72 @@
++/*
++ * Copyright (c) 2022 One Identity
++ * Copyright (c) 2022 László Várady
++ *
++ * This program is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 as published
++ * by the Free Software Foundation, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
++ *
++ * As an additional exemption you are allowed to compile & link against the
++ * OpenSSL libraries as published by the OpenSSL project. See the file
++ * COPYING for details.
++ *
++ */
++
++#include <criterion/criterion.h>
++
++#include "apphook.h"
++#include "cfg.h"
++#include "syslog-format.h"
++#include "logmsg/logmsg.h"
++#include "msg-format.h"
++#include "scratch-buffers.h"
++
++#include <string.h>
++
++GlobalConfig *cfg;
++MsgFormatOptions parse_options;
++
++static void
++setup(void)
++{
++  app_startup();
++  syslog_format_init();
++
++  cfg = cfg_new_snippet();
++  msg_format_options_defaults(&parse_options);
++}
++
++static void
++teardown(void)
++{
++  scratch_buffers_explicit_gc();
++  app_shutdown();
++  cfg_free(cfg);
++}
++
++TestSuite(syslog_format, .init = setup, .fini = teardown);
++
++Test(syslog_format, parser_should_not_spin_on_non_zero_terminated_input, .timeout = 10)
++{
++  const gchar *data = "<182>2022-08-17T05:02:28.217 mymachine su: 'su root' failed for lonvick on /dev/pts/8";
++  /* chosen carefully to reproduce a bug */
++  gsize data_length = 27;
++
++  msg_format_options_init(&parse_options, cfg);
++  LogMessage *msg = msg_format_construct_message(&parse_options, (const guchar *) data, data_length);
++
++  gsize problem_position;
++  cr_assert(syslog_format_handler(&parse_options, msg, (const guchar *) data, data_length, &problem_position));
++
++  msg_format_options_destroy(&parse_options);
++  log_msg_unref(msg);
++}
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0003.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0003.patch
new file mode 100644
index 0000000000..5801165048
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0003.patch
@@ -0,0 +1,77 @@
+From 4b8dc56ca8eaeac4c8751a305eb7eeefab8dc89d Mon Sep 17 00:00:00 2001
+From: Laszlo Varady <laszlo.varady@protonmail.com>
+Date: Sun, 21 Aug 2022 18:44:28 +0200
+Subject: [PATCH 3/8] syslogformat: fix reading cisco sequence id out of bounds
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE: CVE-2022-38725
+
+Upstream-Status: Backport
+[https://github.com/syslog-ng/syslog-ng/commit/4b8dc56ca8eaeac4c8751a305eb7eeefab8dc89d]
+
+Signed-off-by: László Várady <laszlo.varady@protonmail.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ modules/syslogformat/syslog-format.c          |  2 +-
+ .../syslogformat/tests/test_syslog_format.c   | 32 +++++++++++++++++++
+ 2 files changed, 33 insertions(+), 1 deletion(-)
+
+diff --git a/modules/syslogformat/syslog-format.c b/modules/syslogformat/syslog-format.c
+index 872cc1d71..a3d48d6f2 100644
+--- a/modules/syslogformat/syslog-format.c
++++ b/modules/syslogformat/syslog-format.c
+@@ -207,7 +207,7 @@ log_msg_parse_cisco_sequence_id(LogMessage *self, const guchar **data, gint *len
+ 
+   /* if the next char is not space, then we may try to read a date */
+ 
+-  if (*src != ' ')
++  if (!left || *src != ' ')
+     return;
+ 
+   log_msg_set_value(self, handles.cisco_seqid, (gchar *) *data, *length - left - 1);
+diff --git a/modules/syslogformat/tests/test_syslog_format.c b/modules/syslogformat/tests/test_syslog_format.c
+index b247fe3c5..d0f5b4043 100644
+--- a/modules/syslogformat/tests/test_syslog_format.c
++++ b/modules/syslogformat/tests/test_syslog_format.c
+@@ -70,3 +70,35 @@ Test(syslog_format, parser_should_not_spin_on_non_zero_terminated_input, .timeou
+   msg_format_options_destroy(&parse_options);
+   log_msg_unref(msg);
+ }
++
++Test(syslog_format, cisco_sequence_id_non_zero_termination)
++{
++  const gchar *data = "<189>65536: ";
++  gsize data_length = strlen(data);
++
++  msg_format_options_init(&parse_options, cfg);
++  LogMessage *msg = msg_format_construct_message(&parse_options, (const guchar *) data, data_length);
++
++  gsize problem_position;
++  cr_assert(syslog_format_handler(&parse_options, msg, (const guchar *) data, data_length, &problem_position));
++  cr_assert_str_eq(log_msg_get_value_by_name(msg, ".SDATA.meta.sequenceId", NULL), "65536");
++
++  msg_format_options_destroy(&parse_options);
++  log_msg_unref(msg);
++}
++
++Test(syslog_format, minimal_non_zero_terminated_numeric_message_is_parsed_as_program_name)
++{
++  const gchar *data = "<189>65536";
++  gsize data_length = strlen(data);
++
++  msg_format_options_init(&parse_options, cfg);
++  LogMessage *msg = msg_format_construct_message(&parse_options, (const guchar *) data, data_length);
++
++  gsize problem_position;
++  cr_assert(syslog_format_handler(&parse_options, msg, (const guchar *) data, data_length, &problem_position));
++  cr_assert_str_eq(log_msg_get_value_by_name(msg, "PROGRAM", NULL), "65536");
++
++  msg_format_options_destroy(&parse_options);
++  log_msg_unref(msg);
++}
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch
new file mode 100644
index 0000000000..cb81b1c122
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch
@@ -0,0 +1,37 @@
+From 73b5c300b8fde5e7a4824baa83a04931279abb37 Mon Sep 17 00:00:00 2001
+From: Laszlo Varady <laszlo.varady@protonmail.com>
+Date: Sat, 20 Aug 2022 12:42:38 +0200
+Subject: [PATCH 4/8] timeutils: fix iterating out of the range of timestamp buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE: CVE-2022-38725
+
+Upstream-Status: Backport
+[https://github.com/syslog-ng/syslog-ng/commit/73b5c300b8fde5e7a4824baa83a04931279abb37]
+
+Signed-off-by: László Várady <laszlo.varady@protonmail.com>
+Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ lib/timeutils/scan-timestamp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c
+index 304a57673..4fbe94a36 100644
+--- a/lib/timeutils/scan-timestamp.c
++++ b/lib/timeutils/scan-timestamp.c
+@@ -332,7 +332,7 @@ __parse_usec(const guchar **data, gint *length)
+           src++;
+           (*length)--;
+         }
+-      while (isdigit(*src))
++      while (*length > 0 && isdigit(*src))
+         {
+           src++;
+           (*length)--;
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0005.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0005.patch
new file mode 100644
index 0000000000..70964b328b
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0005.patch
@@ -0,0 +1,211 @@
+From 45f051239312e43bd4f92b9339fe67c6798a0321 Mon Sep 17 00:00:00 2001
+From: Balazs Scheidler <bazsi77@gmail.com>
+Date: Sat, 20 Aug 2022 12:43:42 +0200
+Subject: [PATCH 5/8] timeutils: add tests for non-zero terminated inputs
+
+CVE: CVE-2022-38725
+
+Upstream-Status: Backport
+[https://github.com/syslog-ng/syslog-ng/commit/45f051239312e43bd4f92b9339fe67c6798a0321]
+
+Signed-off-by: Balazs Scheidler <bazsi77@gmail.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ lib/timeutils/tests/test_scan-timestamp.c | 126 +++++++++++++++++++---
+ 1 file changed, 113 insertions(+), 13 deletions(-)
+
+diff --git a/lib/timeutils/tests/test_scan-timestamp.c b/lib/timeutils/tests/test_scan-timestamp.c
+index 27b76f12d..468bbf779 100644
+--- a/lib/timeutils/tests/test_scan-timestamp.c
++++ b/lib/timeutils/tests/test_scan-timestamp.c
+@@ -50,17 +50,21 @@ fake_time_add(time_t diff)
+ }
+ 
+ static gboolean
+-_parse_rfc3164(const gchar *ts, gchar isotimestamp[32])
++_parse_rfc3164(const gchar *ts, gint len, gchar isotimestamp[32])
+ {
+   UnixTime stamp;
+-  const guchar *data = (const guchar *) ts;
+-  gint length = strlen(ts);
++  const guchar *tsu = (const guchar *) ts;
++  gint tsu_len = len < 0 ? strlen(ts) : len;
+   GString *result = g_string_new("");
+   WallClockTime wct = WALL_CLOCK_TIME_INIT;
+ 
+-
++  const guchar *data = tsu;
++  gint length = tsu_len;
+   gboolean success = scan_rfc3164_timestamp(&data, &length, &wct);
+ 
++  cr_assert(length >= 0);
++  cr_assert(data == &tsu[tsu_len - length]);
++
+   unix_time_unset(&stamp);
+   convert_wall_clock_time_to_unix_time(&wct, &stamp);
+ 
+@@ -71,16 +75,21 @@ _parse_rfc3164(const gchar *ts, gchar isotimestamp[32])
+ }
+ 
+ static gboolean
+-_parse_rfc5424(const gchar *ts, gchar isotimestamp[32])
++_parse_rfc5424(const gchar *ts, gint len, gchar isotimestamp[32])
+ {
+   UnixTime stamp;
+-  const guchar *data = (const guchar *) ts;
+-  gint length = strlen(ts);
++  const guchar *tsu = (const guchar *) ts;
++  gint tsu_len = len < 0 ? strlen(ts) : len;
+   GString *result = g_string_new("");
+   WallClockTime wct = WALL_CLOCK_TIME_INIT;
+ 
++  const guchar *data = tsu;
++  gint length = tsu_len;
+   gboolean success = scan_rfc5424_timestamp(&data, &length, &wct);
+ 
++  cr_assert(length >= 0);
++  cr_assert(data == &tsu[tsu_len - length]);
++
+   unix_time_unset(&stamp);
+   convert_wall_clock_time_to_unix_time(&wct, &stamp);
+ 
+@@ -91,31 +100,60 @@ _parse_rfc5424(const gchar *ts, gchar isotimestamp[32])
+ }
+ 
+ static gboolean
+-_rfc3164_timestamp_eq(const gchar *ts, const gchar *expected, gchar converted[32])
++_rfc3164_timestamp_eq(const gchar *ts, gint len, const gchar *expected, gchar converted[32])
+ {
+-  cr_assert(_parse_rfc3164(ts, converted));
++  cr_assert(_parse_rfc3164(ts, len, converted));
+   return strcmp(converted, expected) == 0;
+ }
+ 
+ static gboolean
+-_rfc5424_timestamp_eq(const gchar *ts, const gchar *expected, gchar converted[32])
++_rfc5424_timestamp_eq(const gchar *ts, gint len, const gchar *expected, gchar converted[32])
+ {
+-  cr_assert(_parse_rfc5424(ts, converted));
++  cr_assert(_parse_rfc5424(ts, len, converted));
+   return strcmp(converted, expected) == 0;
+ }
+ 
+ #define _expect_rfc3164_timestamp_eq(ts, expected) \
+   ({ \
+     gchar converted[32]; \
+-    cr_expect(_rfc3164_timestamp_eq(ts, expected, converted), "Parsed RFC3164 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \
++    cr_expect(_rfc3164_timestamp_eq(ts, -1, expected, converted), "Parsed RFC3164 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \
++  })
++
++#define _expect_rfc3164_timestamp_len_eq(ts, len, expected) \
++  ({ \
++    gchar converted[32]; \
++    cr_expect(_rfc3164_timestamp_eq(ts, len, expected, converted), "Parsed RFC3164 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \
++  })
++
++#define _expect_rfc3164_fails(ts, len) \
++  ({  \
++    WallClockTime wct = WALL_CLOCK_TIME_INIT; \
++    const guchar *data = (guchar *) ts; \
++    gint length = len < 0 ? strlen(ts) : len; \
++    cr_assert_not(scan_rfc3164_timestamp(&data, &length, &wct)); \
+   })
+ 
+ #define _expect_rfc5424_timestamp_eq(ts, expected) \
+   ({ \
+     gchar converted[32]; \
+-    cr_expect(_rfc5424_timestamp_eq(ts, expected, converted), "Parsed RFC5424 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \
++    cr_expect(_rfc5424_timestamp_eq(ts, -1, expected, converted), "Parsed RFC5424 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \
++  })
++
++#define _expect_rfc5424_timestamp_len_eq(ts, len, expected) \
++  ({ \
++    gchar converted[32]; \
++    cr_expect(_rfc5424_timestamp_eq(ts, len, expected, converted), "Parsed RFC5424 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \
++  })
++
++#define _expect_rfc5424_fails(ts, len) \
++  ({  \
++    WallClockTime wct = WALL_CLOCK_TIME_INIT; \
++    const guchar *data = (guchar *) ts; \
++    gint length = len < 0 ? strlen(ts) : len; \
++    cr_assert_not(scan_rfc5424_timestamp(&data, &length, &wct)); \
+   })
+ 
++
+ Test(parse_timestamp, standard_bsd_format)
+ {
+   _expect_rfc3164_timestamp_eq("Oct  1 17:46:12", "2017-10-01T17:46:12.000+02:00");
+@@ -164,6 +202,68 @@ Test(parse_timestamp, standard_bsd_format_year_in_the_past)
+   _expect_rfc3164_timestamp_eq("Dec 31 17:46:12", "2017-12-31T17:46:12.000+01:00");
+ }
+ 
++Test(parse_timestamp, non_zero_terminated_rfc3164_iso_input_is_handled_properly)
++{
++  gchar *ts = "2022-08-17T05:02:28.417Z whatever";
++  gint ts_len = 24;
++
++  _expect_rfc3164_timestamp_len_eq(ts, strlen(ts), "2022-08-17T05:02:28.417+00:00");
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len + 5, "2022-08-17T05:02:28.417+00:00");
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len, "2022-08-17T05:02:28.417+00:00");
++
++  /* no "Z" parsed, timezone defaults to local, forced CET */
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len - 1, "2022-08-17T05:02:28.417+02:00");
++
++  /* msec is partially parsed as we trim the string from the right */
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len - 2, "2022-08-17T05:02:28.410+02:00");
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len - 3, "2022-08-17T05:02:28.400+02:00");
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len - 4, "2022-08-17T05:02:28.000+02:00");
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len - 5, "2022-08-17T05:02:28.000+02:00");
++
++  for (gint i = 6; i < ts_len; i++)
++    _expect_rfc3164_fails(ts, ts_len - i);
++
++}
++
++Test(parse_timestamp, non_zero_terminated_rfc3164_bsd_pix_or_asa_input_is_handled_properly)
++{
++  gchar *ts = "Aug 17 2022 05:02:28: whatever";
++  gint ts_len = 21;
++
++  _expect_rfc3164_timestamp_len_eq(ts, strlen(ts), "2022-08-17T05:02:28.000+02:00");
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len + 5, "2022-08-17T05:02:28.000+02:00");
++  _expect_rfc3164_timestamp_len_eq(ts, ts_len, "2022-08-17T05:02:28.000+02:00");
++
++  /* no ":" at the end, that's a problem, unrecognized */
++  _expect_rfc3164_fails(ts, ts_len - 1);
++
++  for (gint i = 1; i < ts_len; i++)
++    _expect_rfc3164_fails(ts, ts_len - i);
++}
++
++Test(parse_timestamp, non_zero_terminated_rfc5424_input_is_handled_properly)
++{
++  gchar *ts = "2022-08-17T05:02:28.417Z whatever";
++  gint ts_len = 24;
++
++  _expect_rfc5424_timestamp_len_eq(ts, strlen(ts), "2022-08-17T05:02:28.417+00:00");
++  _expect_rfc5424_timestamp_len_eq(ts, ts_len + 5, "2022-08-17T05:02:28.417+00:00");
++  _expect_rfc5424_timestamp_len_eq(ts, ts_len, "2022-08-17T05:02:28.417+00:00");
++
++  /* no "Z" parsed, timezone defaults to local, forced CET */
++  _expect_rfc5424_timestamp_len_eq(ts, ts_len - 1, "2022-08-17T05:02:28.417+02:00");
++
++  /* msec is partially parsed as we trim the string from the right */
++  _expect_rfc5424_timestamp_len_eq(ts, ts_len - 2, "2022-08-17T05:02:28.410+02:00");
++  _expect_rfc5424_timestamp_len_eq(ts, ts_len - 3, "2022-08-17T05:02:28.400+02:00");
++  _expect_rfc5424_timestamp_len_eq(ts, ts_len - 4, "2022-08-17T05:02:28.000+02:00");
++  _expect_rfc5424_timestamp_len_eq(ts, ts_len - 5, "2022-08-17T05:02:28.000+02:00");
++
++  for (gint i = 6; i < ts_len; i++)
++    _expect_rfc5424_fails(ts, ts_len - i);
++
++}
++
+ 
+ Test(parse_timestamp, daylight_saving_behavior_at_spring_with_explicit_timezones)
+ {
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0006.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0006.patch
new file mode 100644
index 0000000000..81e36c6501
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0006.patch
@@ -0,0 +1,180 @@
+From 09f489c89c826293ff8cbd282cfc866ab56054c4 Mon Sep 17 00:00:00 2001
+From: Laszlo Varady <laszlo.varady@protonmail.com>
+Date: Sat, 20 Aug 2022 14:29:43 +0200
+Subject: [PATCH 6/8] timeutils: name repeating constant
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE: CVE-2022-38725
+
+Upstream-Status: Backport
+[https://github.com/syslog-ng/syslog-ng/commit/09f489c89c826293ff8cbd282cfc866ab56054c4]
+
+Signed-off-by: László Várady <laszlo.varady@protonmail.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ lib/timeutils/scan-timestamp.c | 54 ++++++++++++++++++----------------
+ 1 file changed, 29 insertions(+), 25 deletions(-)
+
+diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c
+index 4fbe94a36..d22d50973 100644
+--- a/lib/timeutils/scan-timestamp.c
++++ b/lib/timeutils/scan-timestamp.c
+@@ -34,41 +34,43 @@ scan_day_abbrev(const gchar **buf, gint *left, gint *wday)
+ {
+   *wday = -1;
+ 
+-  if (*left < 3)
++  const gsize abbrev_length = 3;
++
++  if (*left < abbrev_length)
+     return FALSE;
+ 
+   switch (**buf)
+     {
+     case 'S':
+-      if (strncasecmp(*buf, "Sun", 3) == 0)
++      if (strncasecmp(*buf, "Sun", abbrev_length) == 0)
+         *wday = 0;
+-      else if (strncasecmp(*buf, "Sat", 3) == 0)
++      else if (strncasecmp(*buf, "Sat", abbrev_length) == 0)
+         *wday = 6;
+       else
+         return FALSE;
+       break;
+     case 'M':
+-      if (strncasecmp(*buf, "Mon", 3) == 0)
++      if (strncasecmp(*buf, "Mon", abbrev_length) == 0)
+         *wday = 1;
+       else
+         return FALSE;
+       break;
+     case 'T':
+-      if (strncasecmp(*buf, "Tue", 3) == 0)
++      if (strncasecmp(*buf, "Tue", abbrev_length) == 0)
+         *wday = 2;
+-      else if (strncasecmp(*buf, "Thu", 3) == 0)
++      else if (strncasecmp(*buf, "Thu", abbrev_length) == 0)
+         *wday = 4;
+       else
+         return FALSE;
+       break;
+     case 'W':
+-      if (strncasecmp(*buf, "Wed", 3) == 0)
++      if (strncasecmp(*buf, "Wed", abbrev_length) == 0)
+         *wday = 3;
+       else
+         return FALSE;
+       break;
+     case 'F':
+-      if (strncasecmp(*buf, "Fri", 3) == 0)
++      if (strncasecmp(*buf, "Fri", abbrev_length) == 0)
+         *wday = 5;
+       else
+         return FALSE;
+@@ -77,8 +79,8 @@ scan_day_abbrev(const gchar **buf, gint *left, gint *wday)
+       return FALSE;
+     }
+ 
+-  (*buf) += 3;
+-  (*left) -= 3;
++  (*buf) += abbrev_length;
++  (*left) -= abbrev_length;
+   return TRUE;
+ }
+ 
+@@ -87,63 +89,65 @@ scan_month_abbrev(const gchar **buf, gint *left, gint *mon)
+ {
+   *mon = -1;
+ 
+-  if (*left < 3)
++  const gsize abbrev_length = 3;
++
++  if (*left < abbrev_length)
+     return FALSE;
+ 
+   switch (**buf)
+     {
+     case 'J':
+-      if (strncasecmp(*buf, "Jan", 3) == 0)
++      if (strncasecmp(*buf, "Jan", abbrev_length) == 0)
+         *mon = 0;
+-      else if (strncasecmp(*buf, "Jun", 3) == 0)
++      else if (strncasecmp(*buf, "Jun", abbrev_length) == 0)
+         *mon = 5;
+-      else if (strncasecmp(*buf, "Jul", 3) == 0)
++      else if (strncasecmp(*buf, "Jul", abbrev_length) == 0)
+         *mon = 6;
+       else
+         return FALSE;
+       break;
+     case 'F':
+-      if (strncasecmp(*buf, "Feb", 3) == 0)
++      if (strncasecmp(*buf, "Feb", abbrev_length) == 0)
+         *mon = 1;
+       else
+         return FALSE;
+       break;
+     case 'M':
+-      if (strncasecmp(*buf, "Mar", 3) == 0)
++      if (strncasecmp(*buf, "Mar", abbrev_length) == 0)
+         *mon = 2;
+-      else if (strncasecmp(*buf, "May", 3) == 0)
++      else if (strncasecmp(*buf, "May", abbrev_length) == 0)
+         *mon = 4;
+       else
+         return FALSE;
+       break;
+     case 'A':
+-      if (strncasecmp(*buf, "Apr", 3) == 0)
++      if (strncasecmp(*buf, "Apr", abbrev_length) == 0)
+         *mon = 3;
+-      else if (strncasecmp(*buf, "Aug", 3) == 0)
++      else if (strncasecmp(*buf, "Aug", abbrev_length) == 0)
+         *mon = 7;
+       else
+         return FALSE;
+       break;
+     case 'S':
+-      if (strncasecmp(*buf, "Sep", 3) == 0)
++      if (strncasecmp(*buf, "Sep", abbrev_length) == 0)
+         *mon = 8;
+       else
+         return FALSE;
+       break;
+     case 'O':
+-      if (strncasecmp(*buf, "Oct", 3) == 0)
++      if (strncasecmp(*buf, "Oct", abbrev_length) == 0)
+         *mon = 9;
+       else
+         return FALSE;
+       break;
+     case 'N':
+-      if (strncasecmp(*buf, "Nov", 3) == 0)
++      if (strncasecmp(*buf, "Nov", abbrev_length) == 0)
+         *mon = 10;
+       else
+         return FALSE;
+       break;
+     case 'D':
+-      if (strncasecmp(*buf, "Dec", 3) == 0)
++      if (strncasecmp(*buf, "Dec", abbrev_length) == 0)
+         *mon = 11;
+       else
+         return FALSE;
+@@ -152,8 +156,8 @@ scan_month_abbrev(const gchar **buf, gint *left, gint *mon)
+       return FALSE;
+     }
+ 
+-  (*buf) += 3;
+-  (*left) -= 3;
++  (*buf) += abbrev_length;
++  (*left) -= abbrev_length;
+   return TRUE;
+ }
+ 
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0007.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0007.patch
new file mode 100644
index 0000000000..abb36fdf5f
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0007.patch
@@ -0,0 +1,81 @@
+From 8c6e2c1c41b0fcc5fbd464c35f4dac7102235396 Mon Sep 17 00:00:00 2001
+From: Laszlo Varady <laszlo.varady@protonmail.com>
+Date: Sat, 20 Aug 2022 14:30:22 +0200
+Subject: [PATCH 7/8] timeutils: fix invalid calculation of ISO timestamp length
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE: CVE-2022-38725
+
+Upstream-Status: Backport
+[https://github.com/syslog-ng/syslog-ng/commit/8c6e2c1c41b0fcc5fbd464c35f4dac7102235396]
+
+Signed-off-by: László Várady <laszlo.varady@protonmail.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ lib/timeutils/scan-timestamp.c            | 8 ++++++--
+ lib/timeutils/tests/test_scan-timestamp.c | 7 +++++++
+ 2 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c
+index d22d50973..125264677 100644
+--- a/lib/timeutils/scan-timestamp.c
++++ b/lib/timeutils/scan-timestamp.c
+@@ -350,19 +350,21 @@ __parse_usec(const guchar **data, gint *length)
+ static gboolean
+ __has_iso_timezone(const guchar *src, gint length)
+ {
+-  return (length >= 5) &&
++  return (length >= 6) &&
+          (*src == '+' || *src == '-') &&
+          isdigit(*(src+1)) &&
+          isdigit(*(src+2)) &&
+          *(src+3) == ':' &&
+          isdigit(*(src+4)) &&
+          isdigit(*(src+5)) &&
+-         !isdigit(*(src+6));
++         (length < 7 || !isdigit(*(src+6)));
+ }
+ 
+ static guint32
+ __parse_iso_timezone(const guchar **data, gint *length)
+ {
++  g_assert(*length >= 6);
++
+   gint hours, mins;
+   const guchar *src = *data;
+   guint32 tz = 0;
+@@ -372,8 +374,10 @@ __parse_iso_timezone(const guchar **data, gint *length)
+   hours = (*(src + 1) - '0') * 10 + *(src + 2) - '0';
+   mins = (*(src + 4) - '0') * 10 + *(src + 5) - '0';
+   tz = sign * (hours * 3600 + mins * 60);
++
+   src += 6;
+   (*length) -= 6;
++
+   *data = src;
+   return tz;
+ }
+diff --git a/lib/timeutils/tests/test_scan-timestamp.c b/lib/timeutils/tests/test_scan-timestamp.c
+index 468bbf779..d18bdc65d 100644
+--- a/lib/timeutils/tests/test_scan-timestamp.c
++++ b/lib/timeutils/tests/test_scan-timestamp.c
+@@ -264,6 +264,13 @@ Test(parse_timestamp, non_zero_terminated_rfc5424_input_is_handled_properly)
+ 
+ }
+ 
++Test(parse_timestamp, non_zero_terminated_rfc5424_timestamp_only)
++{
++  const gchar *ts = "2022-08-17T05:02:28.417+03:00";
++  gint ts_len = strlen(ts);
++  _expect_rfc5424_timestamp_len_eq(ts, ts_len, ts);
++}
++
+ 
+ Test(parse_timestamp, daylight_saving_behavior_at_spring_with_explicit_timezones)
+ {
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0008.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0008.patch
new file mode 100644
index 0000000000..56c71e8a21
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0008.patch
@@ -0,0 +1,45 @@
+From 56f881c5eaa3d8c02c96607c4b9e4eaf959a044d Mon Sep 17 00:00:00 2001
+From: Laszlo Varady <laszlo.varady@protonmail.com>
+Date: Sat, 20 Aug 2022 14:30:51 +0200
+Subject: [PATCH 8/8/] timeutils: fix out-of-bounds reading of data buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE: CVE-2022-38725
+
+Upstream-Status: Backport
+[https://github.com/syslog-ng/syslog-ng/commit/56f881c5eaa3d8c02c96607c4b9e4eaf959a044d]
+
+Signed-off-by: László Várady <laszlo.varady@protonmail.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ lib/timeutils/scan-timestamp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c
+index 125264677..c00d8e6a9 100644
+--- a/lib/timeutils/scan-timestamp.c
++++ b/lib/timeutils/scan-timestamp.c
+@@ -431,7 +431,7 @@ __parse_bsd_timestamp(const guchar **data, gint *length, WallClockTime *wct)
+       if (!scan_pix_timestamp((const gchar **) &src, &left, wct))
+         return FALSE;
+ 
+-      if (*src == ':')
++      if (left && *src == ':')
+         {
+           src++;
+           left--;
+@@ -482,7 +482,7 @@ scan_rfc3164_timestamp(const guchar **data, gint *length, WallClockTime *wct)
+    * looking at you, skip that as well, so we can reliably detect IPv6
+    * addresses as hostnames, which would be using ":" as well. */
+ 
+-  if (*src == ':')
++  if (left && *src == ':')
+     {
+       ++src;
+       --left;
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/syslog-ng_3.36.1.bb b/meta-oe/recipes-support/syslog-ng/syslog-ng_3.36.1.bb
index 40bbfe495a..045b9b71c9 100644
--- a/meta-oe/recipes-support/syslog-ng/syslog-ng_3.36.1.bb
+++ b/meta-oe/recipes-support/syslog-ng/syslog-ng_3.36.1.bb
@@ -22,6 +22,14 @@ SRC_URI = "https://github.com/balabit/syslog-ng/releases/download/${BP}/${BP}.ta
            file://volatiles.03_syslog-ng \
            file://syslog-ng-tmp.conf \
            file://syslog-ng.service-the-syslog-ng-service.patch \
+	   file://CVE-2022-38725-0001.patch \
+           file://CVE-2022-38725-0002.patch \
+           file://CVE-2022-38725-0003.patch \
+           file://CVE-2022-38725-0004.patch \
+           file://CVE-2022-38725-0005.patch \
+           file://CVE-2022-38725-0006.patch \
+           file://CVE-2022-38725-0007.patch \
+           file://CVE-2022-38725-0008.patch \
 "
 
 SRC_URI[sha256sum] = "90a25c9767fe749db50f118ddfc92ec71399763d2ecd5ad4f11ff5eea049e60b"
diff --git a/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch b/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch
new file mode 100644
index 0000000000..7d37ad6042
--- /dev/null
+++ b/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch
@@ -0,0 +1,53 @@
+From 45f501e1be2db6b017cc242c79bfb9de32b332a1 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 29 Jan 2024 08:27:29 +0100
+Subject: [PATCH] PostgreSQL driver: Fix incompatible pointer-to-integer types
+
+These result in out-of-bounds stack writes on 64-bit architectures
+(caller has 4 bytes, callee writes 8 bytes), and seem to have gone
+unnoticed on little-endian architectures (although big-endian
+architectures must be broken).
+
+This change is required to avoid a build failure with GCC 14.
+
+CVE: CVE-2024-1013
+
+Upstream-Status: Backport [https://github.com/lurcher/unixODBC/commit/45f501e1be2db6b017cc242c79bfb9de32b332a1]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ Drivers/Postgre7.1/info.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/Drivers/Postgre7.1/info.c b/Drivers/Postgre7.1/info.c
+index 63ac91f..2216ecd 100755
+--- a/Drivers/Postgre7.1/info.c
++++ b/Drivers/Postgre7.1/info.c
+@@ -1779,14 +1779,14 @@ char *table_name;
+ char index_name[MAX_INFO_STRING];
+ short fields_vector[8];
+ char isunique[10], isclustered[10];
+-SDWORD index_name_len, fields_vector_len;
++SQLLEN index_name_len, fields_vector_len;
+ TupleNode *row;
+ int i;
+ HSTMT hcol_stmt;
+ StatementClass *col_stmt, *indx_stmt;
+ char column_name[MAX_INFO_STRING], relhasrules[MAX_INFO_STRING];
+ char **column_names = 0;
+-Int4 column_name_len;
++SQLLEN column_name_len;
+ int total_columns = 0;
+ char error = TRUE;
+ ConnInfo *ci;
+@@ -2136,7 +2136,7 @@ HSTMT htbl_stmt;
+ StatementClass *tbl_stmt;
+ char tables_query[STD_STATEMENT_LEN];
+ char attname[MAX_INFO_STRING];
+-SDWORD attname_len;
++SQLLEN attname_len;
+ char pktab[MAX_TABLE_LEN + 1];
+ Int2 result_cols;
+
+--
+2.40.0
diff --git a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.9.bb b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.9.bb
index c194739cb1..283546cf0e 100644
--- a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.9.bb
+++ b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.9.bb
@@ -10,6 +10,7 @@ DEPENDS = "libtool readline"
 
 SRC_URI = "http://ftp.unixodbc.org/unixODBC-${PV}.tar.gz \
            file://do-not-use-libltdl-source-directory.patch \
+           file://CVE-2024-1013.patch \
 "
 SRC_URI[sha256sum] = "52833eac3d681c8b0c9a5a65f2ebd745b3a964f208fc748f977e44015a31b207"
 
diff --git a/meta-oe/recipes-support/yaml-cpp/yaml-cpp/0001-Fix-CMake-export-files-1077.patch b/meta-oe/recipes-support/yaml-cpp/yaml-cpp/0001-Fix-CMake-export-files-1077.patch
new file mode 100644
index 0000000000..b6c4a3b883
--- /dev/null
+++ b/meta-oe/recipes-support/yaml-cpp/yaml-cpp/0001-Fix-CMake-export-files-1077.patch
@@ -0,0 +1,117 @@
+From 3d436f6cfc2dfe52fc1533c01f57c25ae7ffac9c Mon Sep 17 00:00:00 2001
+From: Felix Schwitzer <flx107809@gmail.com>
+Date: Fri, 1 Apr 2022 05:26:47 +0200
+Subject: [PATCH] Fix CMake export files (#1077)
+
+After configuring the file `yaml-cpp-config.cmake.in`, the result ends up with
+empty variables.  (see also the discussion in #774).
+
+Rework this file and the call to `configure_package_config_file` according the
+cmake documentation
+(https://cmake.org/cmake/help/v3.22/module/CMakePackageConfigHelpers.html?highlight=configure_package_config#command:configure_package_config_file)
+to overcome this issue and allow a simple `find_package` after install.
+
+As there was some discussion about the place where to install the
+`yaml-cpp-config.cmake` file, e.g. #1055, factor out the install location into
+an extra variable to make it easier changing this location in the future.
+
+Also untabify CMakeLists.txt in some places to align with the other code parts in this file.
+
+Upstream-Status: Accepted [https://github.com/jbeder/yaml-cpp/pull/1077]
+
+Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu> 
+---
+ CMakeLists.txt           | 29 ++++++++++++++++++-----------
+ yaml-cpp-config.cmake.in | 10 ++++++----
+ 2 files changed, 24 insertions(+), 15 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index b230b9e..983d1a4 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -127,10 +127,16 @@ set_target_properties(yaml-cpp PROPERTIES
+   PROJECT_LABEL "yaml-cpp ${yaml-cpp-label-postfix}"
+   DEBUG_POSTFIX "${CMAKE_DEBUG_POSTFIX}")
+ 
++# FIXME(felix2012): A more common place for the cmake export would be
++# `CMAKE_INSTALL_LIBDIR`, as e.g. done in ubuntu or in this project for GTest
++set(CONFIG_EXPORT_DIR "${CMAKE_INSTALL_DATADIR}/cmake/yaml-cpp")
++set(EXPORT_TARGETS yaml-cpp)
+ configure_package_config_file(
+   "${PROJECT_SOURCE_DIR}/yaml-cpp-config.cmake.in"
+   "${PROJECT_BINARY_DIR}/yaml-cpp-config.cmake"
+-  INSTALL_DESTINATION "${CMAKE_INSTALL_DATADIR}/cmake/yaml-cpp")
++  INSTALL_DESTINATION "${CONFIG_EXPORT_DIR}"
++  PATH_VARS CMAKE_INSTALL_INCLUDEDIR CONFIG_EXPORT_DIR)
++unset(EXPORT_TARGETS)
+ 
+ write_basic_package_version_file(
+   "${PROJECT_BINARY_DIR}/yaml-cpp-config-version.cmake"
+@@ -139,30 +145,31 @@ write_basic_package_version_file(
+ configure_file(yaml-cpp.pc.in yaml-cpp.pc @ONLY)
+ 
+ if (YAML_CPP_INSTALL)
+-	install(TARGETS yaml-cpp
++  install(TARGETS yaml-cpp
+     EXPORT yaml-cpp-targets
+     RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+     LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
+     ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
+-	install(DIRECTORY ${PROJECT_SOURCE_DIR}/include/
++  install(DIRECTORY ${PROJECT_SOURCE_DIR}/include/
+     DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
+-		FILES_MATCHING PATTERN "*.h")
++                FILES_MATCHING PATTERN "*.h")
+   install(EXPORT yaml-cpp-targets
+-    DESTINATION "${CMAKE_INSTALL_DATADIR}/cmake/yaml-cpp")
+-	install(FILES
+-		"${PROJECT_BINARY_DIR}/yaml-cpp-config.cmake"
+-		"${PROJECT_BINARY_DIR}/yaml-cpp-config-version.cmake"
+-    DESTINATION "${CMAKE_INSTALL_DATADIR}/cmake/yaml-cpp")
++    DESTINATION "${CONFIG_EXPORT_DIR}")
++  install(FILES
++      "${PROJECT_BINARY_DIR}/yaml-cpp-config.cmake"
++      "${PROJECT_BINARY_DIR}/yaml-cpp-config-version.cmake"
++    DESTINATION "${CONFIG_EXPORT_DIR}")
+   install(FILES "${PROJECT_BINARY_DIR}/yaml-cpp.pc"
+     DESTINATION ${CMAKE_INSTALL_DATADIR}/pkgconfig)
+ endif()
++unset(CONFIG_EXPORT_DIR)
+ 
+ if(YAML_CPP_BUILD_TESTS)
+-	add_subdirectory(test)
++  add_subdirectory(test)
+ endif()
+ 
+ if(YAML_CPP_BUILD_TOOLS)
+-	add_subdirectory(util)
++  add_subdirectory(util)
+ endif()
+ 
+ if (YAML_CPP_CLANG_FORMAT_EXE)
+diff --git a/yaml-cpp-config.cmake.in b/yaml-cpp-config.cmake.in
+index 7b41e3f..a7ace3d 100644
+--- a/yaml-cpp-config.cmake.in
++++ b/yaml-cpp-config.cmake.in
+@@ -3,12 +3,14 @@
+ #  YAML_CPP_INCLUDE_DIR - include directory
+ #  YAML_CPP_LIBRARIES    - libraries to link against
+ 
+-# Compute paths
+-get_filename_component(YAML_CPP_CMAKE_DIR "${CMAKE_CURRENT_LIST_FILE}" PATH)
+-set(YAML_CPP_INCLUDE_DIR "@CONFIG_INCLUDE_DIRS@")
++@PACKAGE_INIT@
++
++set_and_check(YAML_CPP_INCLUDE_DIR "@PACKAGE_CMAKE_INSTALL_INCLUDEDIR@")
+ 
+ # Our library dependencies (contains definitions for IMPORTED targets)
+-include("${YAML_CPP_CMAKE_DIR}/yaml-cpp-targets.cmake")
++include(@PACKAGE_CONFIG_EXPORT_DIR@/yaml-cpp-targets.cmake)
+ 
+ # These are IMPORTED targets created by yaml-cpp-targets.cmake
+ set(YAML_CPP_LIBRARIES "@EXPORT_TARGETS@")
++
++check_required_components(@EXPORT_TARGETS@)
+-- 
+2.39.2
+
diff --git a/meta-oe/recipes-support/yaml-cpp/yaml-cpp_0.7.0.bb b/meta-oe/recipes-support/yaml-cpp/yaml-cpp_0.7.0.bb
index d3984abe8b..e04d4705a4 100644
--- a/meta-oe/recipes-support/yaml-cpp/yaml-cpp_0.7.0.bb
+++ b/meta-oe/recipes-support/yaml-cpp/yaml-cpp_0.7.0.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=6a8aaf0595c2efc1a9c2e0913e9c1a2c"
 # yaml-cpp releases are stored as archive files in github.
 # download the exact revision of release
 SRC_URI = "git://github.com/jbeder/yaml-cpp.git;branch=master;protocol=https"
+SRC_URI += "file://0001-Fix-CMake-export-files-1077.patch"
 SRCREV = "0579ae3d976091d7d664aa9d2527e0d0cff25763"
 
 S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-test/googletest/files/0001-work-around-GCC-6-11-ADL-bug.patch b/meta-oe/recipes-test/googletest/files/0001-work-around-GCC-6-11-ADL-bug.patch
new file mode 100644
index 0000000000..c2828e6a94
--- /dev/null
+++ b/meta-oe/recipes-test/googletest/files/0001-work-around-GCC-6-11-ADL-bug.patch
@@ -0,0 +1,42 @@
+From 8c70e2680bec526012d96578160901e4c24e1c48 Mon Sep 17 00:00:00 2001
+From: Paul Groke <paul.groke@dynatrace.com>
+Date: Thu, 15 Sep 2022 13:36:49 +0200
+Subject: [PATCH] work around GCC 6~11 ADL bug
+
+see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=51577
+ADL seems to work properly when we do the SFINAE check via the return type, but not when using a dummy template parameter
+
+fix #3992
+Upstream-Status: Backport [https://github.com/google/googletest/pull/3993/commits/096014a45dc38dff993f5b7bb28a258d8323344b]
+Signed-off-by: Paul Groke <paul.groke@dynatrace.com>
+Signed-off-by: Sana Kazi <sana.kazi@kpit.com>
+---
+ googletest/include/gtest/gtest-printers.h | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/googletest/include/gtest/gtest-printers.h b/googletest/include/gtest/gtest-printers.h
+index 8e4d295344..19c3e0b69b 100644
+--- a/googletest/include/gtest/gtest-printers.h
++++ b/googletest/include/gtest/gtest-printers.h
+@@ -205,12 +205,13 @@ struct StreamPrinter {
+             // Don't accept member pointers here. We'd print them via implicit
+             // conversion to bool, which isn't useful.
+             typename = typename std::enable_if<
+-                !std::is_member_pointer<T>::value>::type,
+-            // Only accept types for which we can find a streaming operator via
+-            // ADL (possibly involving implicit conversions).
+-            typename = decltype(std::declval<std::ostream&>()
+-                                << std::declval<const T&>())>
+-  static void PrintValue(const T& value, ::std::ostream* os) {
++                !std::is_member_pointer<T>::value>::type>
++  // Only accept types for which we can find a streaming operator via
++  // ADL (possibly involving implicit conversions).
++  // (Use SFINAE via return type, because it seems GCC < 12 doesn't handle name
++  // lookup properly when we do it in the template parameter list.)
++  static auto PrintValue(const T& value, ::std::ostream* os) 
++  -> decltype((void)(*os << value)) {
+     // Call streaming operator found by ADL, possibly with implicit conversions
+     // of the arguments.
+     *os << value;
+-- 
+2.25.1
diff --git a/meta-oe/recipes-test/googletest/googletest_git.bb b/meta-oe/recipes-test/googletest/googletest_git.bb
index 869c2c86b6..917a68e95b 100644
--- a/meta-oe/recipes-test/googletest/googletest_git.bb
+++ b/meta-oe/recipes-test/googletest/googletest_git.bb
@@ -10,7 +10,8 @@ PROVIDES += "gmock gtest"
 
 S = "${WORKDIR}/git"
 SRCREV = "9e712372214d75bb30ec2847a44bf124d48096f3"
-SRC_URI = "git://github.com/google/googletest.git;branch=main;protocol=https"
+SRC_URI = "git://github.com/google/googletest.git;branch=main;protocol=https \
+           file://0001-work-around-GCC-6-11-ADL-bug.patch "
 
 inherit cmake
 
diff --git a/meta-perl/recipes-perl/libconfig/libconfig-autoconf-perl_0.319.bb b/meta-perl/recipes-perl/libconfig/libconfig-autoconf-perl_0.319.bb
index 5db0bb4269..5c3701f16b 100644
--- a/meta-perl/recipes-perl/libconfig/libconfig-autoconf-perl_0.319.bb
+++ b/meta-perl/recipes-perl/libconfig/libconfig-autoconf-perl_0.319.bb
@@ -38,4 +38,4 @@ S = "${WORKDIR}/Config-AutoConf-${PV}"
 
 inherit cpan ptest-perl
 
-BBCLASSEXTEND = "native nativesdk"
+BBCLASSEXTEND = "native"
diff --git a/meta-perl/recipes-perl/libcrypt/files/0001-Fix-for-Issue-31.patch b/meta-perl/recipes-perl/libcrypt/files/0001-Fix-for-Issue-31.patch
deleted file mode 100644
index a5ea43f88b..0000000000
--- a/meta-perl/recipes-perl/libcrypt/files/0001-Fix-for-Issue-31.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 5e8202458e41ba1f7801746c503fe7c60ae340d5 Mon Sep 17 00:00:00 2001
-From: kambe-mikb <77083885+kambe-mikb@users.noreply.github.com>
-Date: Tue, 28 Sep 2021 17:40:18 +1000
-Subject: [PATCH] Fix for Issue 31
-
-Fix Issue 31 by removing reference to RSA_SSLV23_PADDING (removed from OpenSSL starting from v3.0.0)
-
-Upstream-Status: Submitted [https://github.com/toddr/Crypt-OpenSSL-RSA/pull/32]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- RSA.xs | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/RSA.xs b/RSA.xs
-index 46cb199..4f65dfc 100644
---- a/RSA.xs
-+++ b/RSA.xs
-@@ -640,12 +640,16 @@ use_pkcs1_oaep_padding(p_rsa)
-   CODE:
-     p_rsa->padding = RSA_PKCS1_OAEP_PADDING;
- 
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-+
- void
- use_sslv23_padding(p_rsa)
-     rsaData* p_rsa;
-   CODE:
-     p_rsa->padding = RSA_SSLV23_PADDING;
- 
-+#endif
-+
- # Sign text. Returns the signature.
- 
- SV*
--- 
-2.33.1
-
diff --git a/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.32.bb b/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.33.bb
index fd92c8a8db..aa8d138f2c 100644
--- a/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.32.bb
+++ b/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.33.bb
@@ -4,10 +4,9 @@ LICENSE = "Artistic-1.0 | GPL-1.0-or-later"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=a67ceecc5d9a91a5a0d003ba50c26346"
 
 SRC_URI = "http://www.cpan.org/modules/by-module/Crypt/Crypt-OpenSSL-RSA-${PV}.tar.gz \
-           file://0001-Fix-for-Issue-31.patch \
 "
 
-SRC_URI[sha256sum] = "adc74f0ae125c77f65d5dd32abb9c3429300a79543bf263494f333f9c0b62a61"
+SRC_URI[sha256sum] = "bdbe630f6d6f540325746ad99977272ac8664ff81bd19f0adaba6d6f45efd864"
 
 DEPENDS += "libcrypt-openssl-guess-perl-native openssl"
 
diff --git a/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb b/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb
index 6249fd1d78..6e04e40dcf 100644
--- a/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb
+++ b/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb
@@ -42,5 +42,3 @@ do_install_ptest () {
     cp -r ${B}/t ${D}${PTEST_PATH}
     cp -r ${B}/certs ${D}${PTEST_PATH}
 }
-
-BBCLASSEXTEND = "native"
diff --git a/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb b/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb
index 2c7d793a7b..c768d64e32 100644
--- a/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb
+++ b/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb
@@ -61,5 +61,3 @@ python __anonymous () {
        raise bb.parse.SkipRecipe("incompatible with %s C library" %
                                    d.getVar('TCLIBC'))
 }
-
-BBCLASSEXTEND = "native"
diff --git a/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb b/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb
index dcc5ea88b1..a77381dce8 100644
--- a/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb
+++ b/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb
@@ -41,5 +41,3 @@ RDEPENDS:${PN}-ptest += " \
     perl-module-perlio \
     perl-module-test-more \
 "
-
-BBCLASSEXTEND = "native"
diff --git a/meta-perl/recipes-perl/libstatgrab/libunix-statgrab_0.112.bb b/meta-perl/recipes-perl/libstatgrab/libunix-statgrab_0.112.bb
index c568ade997..01261d547a 100644
--- a/meta-perl/recipes-perl/libstatgrab/libunix-statgrab_0.112.bb
+++ b/meta-perl/recipes-perl/libstatgrab/libunix-statgrab_0.112.bb
@@ -36,5 +36,3 @@ S = "${WORKDIR}/Unix-Statgrab-${PV}"
 export LD = "${CCLD}"
 
 inherit cpan pkgconfig ptest-perl
-
-BBCLASSEXTEND = "native"
diff --git a/meta-python/recipes-devtools/python/python3-aiohttp-jinja2_1.5.bb b/meta-python/recipes-devtools/python/python3-aiohttp-jinja2_1.5.bb
index c86ec092a6..871eb7cae9 100644
--- a/meta-python/recipes-devtools/python/python3-aiohttp-jinja2_1.5.bb
+++ b/meta-python/recipes-devtools/python/python3-aiohttp-jinja2_1.5.bb
@@ -11,5 +11,3 @@ RDEPENDS:${PN} += " \
     ${PYTHON_PN}-jinja2 \
     ${PYTHON_PN}-aiohttp \
 "
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-python/recipes-devtools/python/python3-aiohttp_3.8.1.bb b/meta-python/recipes-devtools/python/python3-aiohttp_3.8.6.bb
index f2b8d52a72..f8ca9a4739 100644
--- a/meta-python/recipes-devtools/python/python3-aiohttp_3.8.1.bb
+++ b/meta-python/recipes-devtools/python/python3-aiohttp_3.8.6.bb
@@ -2,9 +2,9 @@ SUMMARY = "Async http client/server framework"
 DESCRIPTION = "Asynchronous HTTP client/server framework for asyncio and Python"
 HOMEPAGE = "https://github.com/aio-libs/aiohttp"
 LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8074d6c6e217873b2a018a4522243ea3"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=748073912af33aa59430d3702aa32d41"
 
-SRC_URI[sha256sum] = "fc5471e1a54de15ef71c1bc6ebe80d4dc681ea600e68bfd1cbce40427f0b7578"
+SRC_URI[sha256sum] = "b0cf2a4501bff9330a8a5248b4ce951851e415bdcce9dc158e76cfd55e15085c"
 
 PYPI_PACKAGE = "aiohttp"
 inherit python_setuptools_build_meta pypi
diff --git a/meta-python/recipes-devtools/python/python3-autobahn_22.3.2.bb b/meta-python/recipes-devtools/python/python3-autobahn_22.3.2.bb
index 78514a412f..afb798bd71 100644
--- a/meta-python/recipes-devtools/python/python3-autobahn_22.3.2.bb
+++ b/meta-python/recipes-devtools/python/python3-autobahn_22.3.2.bb
@@ -19,5 +19,3 @@ RDEPENDS:${PN} += " \
     ${PYTHON_PN}-txaio \
     ${PYTHON_PN}-six \
 "
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-python/recipes-devtools/python/python3-can_4.0.0.bb b/meta-python/recipes-devtools/python/python3-can_4.0.0.bb
index 2cd2e624b9..79aa3e19ec 100644
--- a/meta-python/recipes-devtools/python/python3-can_4.0.0.bb
+++ b/meta-python/recipes-devtools/python/python3-can_4.0.0.bb
@@ -11,16 +11,19 @@ inherit pypi setuptools3
 
 RDEPENDS:${PN}:class-target += "\
     ${PYTHON_PN}-aenum \
-    ${PYTHON_PN}-ctypes \
     ${PYTHON_PN}-codecs \
     ${PYTHON_PN}-compression \
+    ${PYTHON_PN}-ctypes \
     ${PYTHON_PN}-fcntl \
     ${PYTHON_PN}-logging \
     ${PYTHON_PN}-misc \
     ${PYTHON_PN}-netserver \
+    ${PYTHON_PN}-packaging \
+    ${PYTHON_PN}-pkg-resources \
+    ${PYTHON_PN}-setuptools \
     ${PYTHON_PN}-sqlite3 \
+    ${PYTHON_PN}-typing-extensions \
     ${PYTHON_PN}-wrapt \
-    ${PYTHON_PN}-pkg-resources \
 "
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2023-31047.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2023-31047.patch
new file mode 100644
index 0000000000..ab29a2ed97
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2023-31047.patch
@@ -0,0 +1,352 @@
+From fd3215dec5d50aa1f09cb1f8eba193524e7379f3 Mon Sep 17 00:00:00 2001
+From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
+Date: Thu, 25 May 2023 14:49:15 +0000
+Subject: [PATCH] Fixed CVE-2023-31047, Fixed #31710
+
+-- Prevented potential bypass of validation when uploading multiple files using one form field.
+
+Thanks Moataz Al-Sharida and nawaik for reports.
+
+Co-authored-by: Shai Berger <shai@platonix.com>
+Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
+
+CVE: CVE-2023-31047
+
+Upstream-Status: Backport [https://github.com/django/django/commit/fb4c55d9ec4bb812a7fb91fa20510d91645e411b]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ django/forms/widgets.py                       | 26 ++++++-
+ docs/releases/2.2.28.txt                      | 18 +++++
+ docs/topics/http/file-uploads.txt             | 65 ++++++++++++++++--
+ .../forms_tests/field_tests/test_filefield.py | 68 ++++++++++++++++++-
+ .../widget_tests/test_clearablefileinput.py   |  5 ++
+ .../widget_tests/test_fileinput.py            | 44 ++++++++++++
+ 6 files changed, 218 insertions(+), 8 deletions(-)
+
+diff --git a/django/forms/widgets.py b/django/forms/widgets.py
+index e37036c..d0cc131 100644
+--- a/django/forms/widgets.py
++++ b/django/forms/widgets.py
+@@ -372,17 +372,41 @@ class MultipleHiddenInput(HiddenInput):
+
+
+ class FileInput(Input):
++    allow_multiple_selected = False
+     input_type = 'file'
+     needs_multipart_form = True
+     template_name = 'django/forms/widgets/file.html'
+
++    def __init__(self, attrs=None):
++        if (
++            attrs is not None
++            and not self.allow_multiple_selected
++            and attrs.get("multiple", False)
++        ):
++            raise ValueError(
++                "%s doesn't support uploading multiple files."
++                % self.__class__.__qualname__
++            )
++        if self.allow_multiple_selected:
++            if attrs is None:
++                attrs = {"multiple": True}
++            else:
++                attrs.setdefault("multiple", True)
++        super().__init__(attrs)
++
+     def format_value(self, value):
+         """File input never renders a value."""
+         return
+
+     def value_from_datadict(self, data, files, name):
+         "File widgets take data from FILES, not POST"
+-        return files.get(name)
++        getter = files.get
++        if self.allow_multiple_selected:
++            try:
++                getter = files.getlist
++            except AttributeError:
++                pass
++        return getter(name)
+
+     def value_omitted_from_data(self, data, files, name):
+         return name not in files
+diff --git a/docs/releases/2.2.28.txt b/docs/releases/2.2.28.txt
+index 43270fc..854c6b0 100644
+--- a/docs/releases/2.2.28.txt
++++ b/docs/releases/2.2.28.txt
+@@ -20,3 +20,21 @@ CVE-2022-28347: Potential SQL injection via ``QuerySet.explain(**options)`` on P
+ :meth:`.QuerySet.explain` method was subject to SQL injection in option names,
+ using a suitably crafted dictionary, with dictionary expansion, as the
+ ``**options`` argument.
++
++Backporting the CVE-2023-31047 fix on Django 2.2.28.
++
++CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field
++=================================================================================================
++
++Uploading multiple files using one form field has never been supported by
++:class:`.forms.FileField` or :class:`.forms.ImageField` as only the last
++uploaded file was validated. Unfortunately, :ref:`uploading_multiple_files`
++topic suggested otherwise.
++
++In order to avoid the vulnerability, :class:`~django.forms.ClearableFileInput`
++and :class:`~django.forms.FileInput` form widgets now raise ``ValueError`` when
++the ``multiple`` HTML attribute is set on them. To prevent the exception and
++keep the old behavior, set ``allow_multiple_selected`` to ``True``.
++
++For more details on using the new attribute and handling of multiple files
++through a single field, see :ref:`uploading_multiple_files`.
+diff --git a/docs/topics/http/file-uploads.txt b/docs/topics/http/file-uploads.txt
+index 21a6f06..c1ffb80 100644
+--- a/docs/topics/http/file-uploads.txt
++++ b/docs/topics/http/file-uploads.txt
+@@ -127,19 +127,54 @@ field in the model::
+             form = UploadFileForm()
+         return render(request, 'upload.html', {'form': form})
+
++.. _uploading_multiple_files:
++
+ Uploading multiple files
+ ------------------------
+
+-If you want to upload multiple files using one form field, set the ``multiple``
+-HTML attribute of field's widget:
++..
++    Tests in tests.forms_tests.field_tests.test_filefield.MultipleFileFieldTest
++    should be updated after any changes in the following snippets.
++
++If you want to upload multiple files using one form field, create a subclass
++of the field's widget and set the ``allow_multiple_selected`` attribute on it
++to ``True``.
++
++In order for such files to be all validated by your form (and have the value of
++the field include them all), you will also have to subclass ``FileField``. See
++below for an example.
++
++.. admonition:: Multiple file field
++
++    Django is likely to have a proper multiple file field support at some point
++    in the future.
+
+ .. code-block:: python
+     :caption: forms.py
+
+     from django import forms
+
++
++    class MultipleFileInput(forms.ClearableFileInput):
++        allow_multiple_selected = True
++
++
++    class MultipleFileField(forms.FileField):
++        def __init__(self, *args, **kwargs):
++            kwargs.setdefault("widget", MultipleFileInput())
++            super().__init__(*args, **kwargs)
++
++        def clean(self, data, initial=None):
++            single_file_clean = super().clean
++            if isinstance(data, (list, tuple)):
++                result = [single_file_clean(d, initial) for d in data]
++            else:
++                result = single_file_clean(data, initial)
++            return result
++
++
+     class FileFieldForm(forms.Form):
+-        file_field = forms.FileField(widget=forms.ClearableFileInput(attrs={'multiple': True}))
++        file_field = MultipleFileField()
+
+ Then override the ``post`` method of your
+ :class:`~django.views.generic.edit.FormView` subclass to handle multiple file
+@@ -159,14 +194,32 @@ uploads:
+         def post(self, request, *args, **kwargs):
+             form_class = self.get_form_class()
+             form = self.get_form(form_class)
+-            files = request.FILES.getlist('file_field')
+             if form.is_valid():
+-                for f in files:
+-                    ...  # Do something with each file.
+                 return self.form_valid(form)
+             else:
+                 return self.form_invalid(form)
+
++        def form_valid(self, form):
++            files = form.cleaned_data["file_field"]
++            for f in files:
++                ...  # Do something with each file.
++            return super().form_valid()
++
++.. warning::
++
++   This will allow you to handle multiple files at the form level only. Be
++   aware that you cannot use it to put multiple files on a single model
++   instance (in a single field), for example, even if the custom widget is used
++   with a form field related to a model ``FileField``.
++
++.. backportedfix:: 2.2.28
++
++   In previous versions, there was no support for the ``allow_multiple_selected``
++   class attribute, and users were advised to create the widget with the HTML
++   attribute ``multiple`` set through the ``attrs`` argument. However, this
++   caused validation of the form field to be applied only to the last file
++   submitted, which could have adverse security implications.
++
+ Upload Handlers
+ ===============
+
+diff --git a/tests/forms_tests/field_tests/test_filefield.py b/tests/forms_tests/field_tests/test_filefield.py
+index 3357444..ba559ee 100644
+--- a/tests/forms_tests/field_tests/test_filefield.py
++++ b/tests/forms_tests/field_tests/test_filefield.py
+@@ -1,7 +1,8 @@
+ import pickle
+
+ from django.core.files.uploadedfile import SimpleUploadedFile
+-from django.forms import FileField, ValidationError
++from django.core.validators import validate_image_file_extension
++from django.forms import FileField, FileInput, ValidationError
+ from django.test import SimpleTestCase
+
+
+@@ -82,3 +83,68 @@ class FileFieldTest(SimpleTestCase):
+
+     def test_file_picklable(self):
+         self.assertIsInstance(pickle.loads(pickle.dumps(FileField())), FileField)
++
++
++class MultipleFileInput(FileInput):
++    allow_multiple_selected = True
++
++
++class MultipleFileField(FileField):
++    def __init__(self, *args, **kwargs):
++        kwargs.setdefault("widget", MultipleFileInput())
++        super().__init__(*args, **kwargs)
++
++    def clean(self, data, initial=None):
++        single_file_clean = super().clean
++        if isinstance(data, (list, tuple)):
++            result = [single_file_clean(d, initial) for d in data]
++        else:
++            result = single_file_clean(data, initial)
++        return result
++
++
++class MultipleFileFieldTest(SimpleTestCase):
++    def test_file_multiple(self):
++        f = MultipleFileField()
++        files = [
++            SimpleUploadedFile("name1", b"Content 1"),
++            SimpleUploadedFile("name2", b"Content 2"),
++        ]
++        self.assertEqual(f.clean(files), files)
++
++    def test_file_multiple_empty(self):
++        f = MultipleFileField()
++        files = [
++            SimpleUploadedFile("empty", b""),
++            SimpleUploadedFile("nonempty", b"Some Content"),
++        ]
++        msg = "'The submitted file is empty.'"
++        with self.assertRaisesMessage(ValidationError, msg):
++            f.clean(files)
++        with self.assertRaisesMessage(ValidationError, msg):
++            f.clean(files[::-1])
++
++    def test_file_multiple_validation(self):
++        f = MultipleFileField(validators=[validate_image_file_extension])
++
++        good_files = [
++            SimpleUploadedFile("image1.jpg", b"fake JPEG"),
++            SimpleUploadedFile("image2.png", b"faux image"),
++            SimpleUploadedFile("image3.bmp", b"fraudulent bitmap"),
++        ]
++        self.assertEqual(f.clean(good_files), good_files)
++
++        evil_files = [
++            SimpleUploadedFile("image1.sh", b"#!/bin/bash -c 'echo pwned!'\n"),
++            SimpleUploadedFile("image2.png", b"faux image"),
++            SimpleUploadedFile("image3.jpg", b"fake JPEG"),
++        ]
++
++        evil_rotations = (
++            evil_files[i:] + evil_files[:i]  # Rotate by i.
++            for i in range(len(evil_files))
++        )
++        msg = "File extension “sh” is not allowed. Allowed extensions are: "
++        for rotated_evil_files in evil_rotations:
++            with self.assertRaisesMessage(ValidationError, msg):
++                f.clean(rotated_evil_files)
+diff --git a/tests/forms_tests/widget_tests/test_clearablefileinput.py b/tests/forms_tests/widget_tests/test_clearablefileinput.py
+index 2ba376d..8d9e38a 100644
+--- a/tests/forms_tests/widget_tests/test_clearablefileinput.py
++++ b/tests/forms_tests/widget_tests/test_clearablefileinput.py
+@@ -161,3 +161,8 @@ class ClearableFileInputTest(WidgetTest):
+         self.assertIs(widget.value_omitted_from_data({}, {}, 'field'), True)
+         self.assertIs(widget.value_omitted_from_data({}, {'field': 'x'}, 'field'), False)
+         self.assertIs(widget.value_omitted_from_data({'field-clear': 'y'}, {}, 'field'), False)
++
++    def test_multiple_error(self):
++        msg = "ClearableFileInput doesn't support uploading multiple files."
++        with self.assertRaisesMessage(ValueError, msg):
++            ClearableFileInput(attrs={"multiple": True})
+diff --git a/tests/forms_tests/widget_tests/test_fileinput.py b/tests/forms_tests/widget_tests/test_fileinput.py
+index bbd7c7f..24daf5d 100644
+--- a/tests/forms_tests/widget_tests/test_fileinput.py
++++ b/tests/forms_tests/widget_tests/test_fileinput.py
+@@ -1,4 +1,6 @@
++from django.core.files.uploadedfile import SimpleUploadedFile
+ from django.forms import FileInput
++from django.utils.datastructures import MultiValueDict
+
+ from .base import WidgetTest
+
+@@ -18,3 +20,45 @@ class FileInputTest(WidgetTest):
+     def test_value_omitted_from_data(self):
+         self.assertIs(self.widget.value_omitted_from_data({}, {}, 'field'), True)
+         self.assertIs(self.widget.value_omitted_from_data({}, {'field': 'value'}, 'field'), False)
++
++    def test_multiple_error(self):
++        msg = "FileInput doesn't support uploading multiple files."
++        with self.assertRaisesMessage(ValueError, msg):
++            FileInput(attrs={"multiple": True})
++
++    def test_value_from_datadict_multiple(self):
++        class MultipleFileInput(FileInput):
++            allow_multiple_selected = True
++
++        file_1 = SimpleUploadedFile("something1.txt", b"content 1")
++        file_2 = SimpleUploadedFile("something2.txt", b"content 2")
++        # Uploading multiple files is allowed.
++        widget = MultipleFileInput(attrs={"multiple": True})
++        value = widget.value_from_datadict(
++            data={"name": "Test name"},
++            files=MultiValueDict({"myfile": [file_1, file_2]}),
++            name="myfile",
++        )
++        self.assertEqual(value, [file_1, file_2])
++        # Uploading multiple files is not allowed.
++        widget = FileInput()
++        value = widget.value_from_datadict(
++            data={"name": "Test name"},
++            files=MultiValueDict({"myfile": [file_1, file_2]}),
++            name="myfile",
++        )
++        self.assertEqual(value, file_2)
++
++    def test_multiple_default(self):
++        class MultipleFileInput(FileInput):
++            allow_multiple_selected = True
++
++        tests = [
++            (None, True),
++            ({"class": "myclass"}, True),
++            ({"multiple": False}, False),
++        ]
++        for attrs, expected in tests:
++            with self.subTest(attrs=attrs):
++                widget = MultipleFileInput(attrs=attrs)
++                self.assertIs(widget.attrs["multiple"], expected)
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2023-36053.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2023-36053.patch
new file mode 100644
index 0000000000..2ad38d8e95
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2023-36053.patch
@@ -0,0 +1,263 @@
+From a0b2eeeb7350d0c3a9b9be191783ff15daeffec5 Mon Sep 17 00:00:00 2001
+From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
+Date: Thu, 27 Jul 2023 14:51:48 +0000
+Subject: [PATCH] Fixed CVE-2023-36053
+
+-- Prevented potential ReDoS in EmailValidator and URLValidator.
+
+Thanks Seokchan Yoon for reports.
+
+CVE: CVE-2023-36053
+
+Upstream-Status: Backport [https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ django/core/validators.py                     |  9 +++++++--
+ django/forms/fields.py                        |  3 +++
+ docs/ref/forms/fields.txt                     |  4 ++++
+ docs/ref/validators.txt                       | 19 ++++++++++++++++++-
+ docs/releases/2.2.28.txt                      |  9 +++++++++
+ .../field_tests/test_emailfield.py            |  5 ++++-
+ tests/forms_tests/tests/test_forms.py         | 19 +++++++++++++------
+ tests/validators/tests.py                     | 11 +++++++++++
+ 8 files changed, 69 insertions(+), 10 deletions(-)
+
+diff --git a/django/core/validators.py b/django/core/validators.py
+index 2da0688..2dbd3bf 100644
+--- a/django/core/validators.py
++++ b/django/core/validators.py
+@@ -102,6 +102,7 @@ class URLValidator(RegexValidator):
+     message = _('Enter a valid URL.')
+     schemes = ['http', 'https', 'ftp', 'ftps']
+     unsafe_chars = frozenset('\t\r\n')
++    max_length = 2048
+
+     def __init__(self, schemes=None, **kwargs):
+         super().__init__(**kwargs)
+@@ -109,7 +110,9 @@ class URLValidator(RegexValidator):
+             self.schemes = schemes
+
+     def __call__(self, value):
+-        if isinstance(value, str) and self.unsafe_chars.intersection(value):
++        if not isinstance(value, str) or len(value) > self.max_length:
++            raise ValidationError(self.message, code=self.code)
++        if self.unsafe_chars.intersection(value):
+             raise ValidationError(self.message, code=self.code)
+         # Check if the scheme is valid.
+         scheme = value.split('://')[0].lower()
+@@ -190,7 +193,9 @@ class EmailValidator:
+             self.domain_whitelist = whitelist
+
+     def __call__(self, value):
+-        if not value or '@' not in value:
++        # The maximum length of an email is 320 characters per RFC 3696
++        # section 3.
++        if not value or '@' not in value or len(value) > 320:
+             raise ValidationError(self.message, code=self.code)
+
+         user_part, domain_part = value.rsplit('@', 1)
+diff --git a/django/forms/fields.py b/django/forms/fields.py
+index a977256..f939338 100644
+--- a/django/forms/fields.py
++++ b/django/forms/fields.py
+@@ -542,6 +542,9 @@ class FileField(Field):
+     def __init__(self, *, max_length=None, allow_empty_file=False, **kwargs):
+         self.max_length = max_length
+         self.allow_empty_file = allow_empty_file
++        # The default maximum length of an email is 320 characters per RFC 3696
++        # section 3.
++        kwargs.setdefault("max_length", 320)
+         super().__init__(**kwargs)
+
+     def to_python(self, data):
+diff --git a/docs/ref/forms/fields.txt b/docs/ref/forms/fields.txt
+index 6f76d0d..3a888ef 100644
+--- a/docs/ref/forms/fields.txt
++++ b/docs/ref/forms/fields.txt
+@@ -592,6 +592,10 @@ For each field, we describe the default widget used if you don't specify
+     Has two optional arguments for validation, ``max_length`` and ``min_length``.
+     If provided, these arguments ensure that the string is at most or at least the
+     given length.
++    ``empty_value`` which work just as they do for :class:`CharField`. The
++    ``max_length`` argument defaults to 320 (see :rfc:`3696#section-3`).
++
++    The default value for ``max_length`` was changed to 320 characters.
+
+ ``FileField``
+ -------------
+diff --git a/docs/ref/validators.txt b/docs/ref/validators.txt
+index 75d1394..4178a1f 100644
+--- a/docs/ref/validators.txt
++++ b/docs/ref/validators.txt
+@@ -125,6 +125,11 @@ to, or in lieu of custom ``field.clean()`` methods.
+     :param code: If not ``None``, overrides :attr:`code`.
+     :param whitelist: If not ``None``, overrides :attr:`whitelist`.
+
++    An :class:`EmailValidator` ensures that a value looks like an email, and
++    raises a :exc:`~django.core.exceptions.ValidationError` with
++    :attr:`message` and :attr:`code` if it doesn't. Values longer than 320
++    characters are always considered invalid.
++
+     .. attribute:: message
+
+         The error message used by
+@@ -145,13 +150,17 @@ to, or in lieu of custom ``field.clean()`` methods.
+         ``['localhost']``. Other domains that don't contain a dot won't pass
+         validation, so you'd need to whitelist them as necessary.
+
++        In older versions, values longer than 320 characters could be
++        considered valid.
++
+ ``URLValidator``
+ ----------------
+
+ .. class:: URLValidator(schemes=None, regex=None, message=None, code=None)
+
+     A :class:`RegexValidator` that ensures a value looks like a URL, and raises
+-    an error code of ``'invalid'`` if it doesn't.
++    an error code of ``'invalid'`` if it doesn't. Values longer than
++    :attr:`max_length` characters are always considered invalid.
+
+     Loopback addresses and reserved IP spaces are considered valid. Literal
+     IPv6 addresses (:rfc:`3986#section-3.2.2`) and unicode domains are both
+@@ -168,6 +177,14 @@ to, or in lieu of custom ``field.clean()`` methods.
+
+         .. _valid URI schemes: https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml
+
++     .. attribute:: max_length
++
++        The maximum length of values that could be considered valid. Defaults
++        to 2048 characters.
++
++        In older versions, values longer than 2048 characters could be
++        considered valid.
++
+ ``validate_email``
+ ------------------
+
+diff --git a/docs/releases/2.2.28.txt b/docs/releases/2.2.28.txt
+index 854c6b0..ab4884b 100644
+--- a/docs/releases/2.2.28.txt
++++ b/docs/releases/2.2.28.txt
+@@ -38,3 +38,12 @@ keep the old behavior, set ``allow_multiple_selected`` to ``True``.
+
+ For more details on using the new attribute and handling of multiple files
+ through a single field, see :ref:`uploading_multiple_files`.
++
++Backporting the CVE-2023-36053 fix on Django 2.2.28.
++
++CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator``
++===================================================================================================================
++
++``EmailValidator`` and ``URLValidator`` were subject to potential regular
++expression denial of service attack via a very large number of domain name
++labels of emails and URLs.
+diff --git a/tests/forms_tests/field_tests/test_emailfield.py b/tests/forms_tests/field_tests/test_emailfield.py
+index 826524a..fe5b644 100644
+--- a/tests/forms_tests/field_tests/test_emailfield.py
++++ b/tests/forms_tests/field_tests/test_emailfield.py
+@@ -8,7 +8,10 @@ class EmailFieldTest(FormFieldAssertionsMixin, SimpleTestCase):
+
+     def test_emailfield_1(self):
+         f = EmailField()
+-        self.assertWidgetRendersTo(f, '<input type="email" name="f" id="id_f" required>')
++        self.assertEqual(f.max_length, 320)
++        self.assertWidgetRendersTo(
++            f, '<input type="email" name="f" id="id_f" maxlength="320" required>'
++        )
+         with self.assertRaisesMessage(ValidationError, "'This field is required.'"):
+             f.clean('')
+         with self.assertRaisesMessage(ValidationError, "'This field is required.'"):
+diff --git a/tests/forms_tests/tests/test_forms.py b/tests/forms_tests/tests/test_forms.py
+index d4e421d..8893f89 100644
+--- a/tests/forms_tests/tests/test_forms.py
++++ b/tests/forms_tests/tests/test_forms.py
+@@ -422,11 +422,18 @@ class FormsTestCase(SimpleTestCase):
+             get_spam = BooleanField()
+
+         f = SignupForm(auto_id=False)
+-        self.assertHTMLEqual(str(f['email']), '<input type="email" name="email" required>')
++        self.assertHTMLEqual(
++            str(f["email"]),
++            '<input type="email" name="email" maxlength="320" required>',
++        )
+         self.assertHTMLEqual(str(f['get_spam']), '<input type="checkbox" name="get_spam" required>')
+
+         f = SignupForm({'email': 'test@example.com', 'get_spam': True}, auto_id=False)
+-        self.assertHTMLEqual(str(f['email']), '<input type="email" name="email" value="test@example.com" required>')
++        self.assertHTMLEqual(
++            str(f["email"]),
++            '<input type="email" name="email" maxlength="320" value="test@example.com" '
++            "required>",
++        )
+         self.assertHTMLEqual(
+             str(f['get_spam']),
+             '<input checked type="checkbox" name="get_spam" required>',
+@@ -2780,7 +2787,7 @@ Good luck picking a username that doesn&#39;t already exist.</p>
+ <option value="true">Yes</option>
+ <option value="false">No</option>
+ </select></li>
+-<li><label for="id_email">Email:</label> <input type="email" name="email" id="id_email"></li>
++<li><label for="id_email">Email:</label> <input type="email" name="email" id="id_email" maxlength="320"></li>
+ <li class="required error"><ul class="errorlist"><li>This field is required.</li></ul>
+ <label class="required" for="id_age">Age:</label> <input type="number" name="age" id="id_age" required></li>"""
+         )
+@@ -2796,7 +2803,7 @@ Good luck picking a username that doesn&#39;t already exist.</p>
+ <option value="true">Yes</option>
+ <option value="false">No</option>
+ </select></p>
+-<p><label for="id_email">Email:</label> <input type="email" name="email" id="id_email"></p>
++<p><label for="id_email">Email:</label> <input type="email" name="email" id="id_email" maxlength="320"></p>
+ <ul class="errorlist"><li>This field is required.</li></ul>
+ <p class="required error"><label class="required" for="id_age">Age:</label>
+ <input type="number" name="age" id="id_age" required></p>"""
+@@ -2815,7 +2822,7 @@ Good luck picking a username that doesn&#39;t already exist.</p>
+ <option value="false">No</option>
+ </select></td></tr>
+ <tr><th><label for="id_email">Email:</label></th><td>
+-<input type="email" name="email" id="id_email"></td></tr>
++<input type="email" name="email" id="id_email" maxlength="320"></td></tr>
+ <tr class="required error"><th><label class="required" for="id_age">Age:</label></th>
+ <td><ul class="errorlist"><li>This field is required.</li></ul>
+ <input type="number" name="age" id="id_age" required></td></tr>"""
+@@ -3428,7 +3435,7 @@ Good luck picking a username that doesn&#39;t already exist.</p>
+         f = CommentForm(data, auto_id=False, error_class=DivErrorList)
+         self.assertHTMLEqual(f.as_p(), """<p>Name: <input type="text" name="name" maxlength="50"></p>
+ <div class="errorlist"><div class="error">Enter a valid email address.</div></div>
+-<p>Email: <input type="email" name="email" value="invalid" required></p>
++<p>Email: <input type="email" name="email" value="invalid" maxlength="320" required></p>
+ <div class="errorlist"><div class="error">This field is required.</div></div>
+ <p>Comment: <input type="text" name="comment" required></p>""")
+
+diff --git a/tests/validators/tests.py b/tests/validators/tests.py
+index 1f09fb5..8204f00 100644
+--- a/tests/validators/tests.py
++++ b/tests/validators/tests.py
+@@ -58,6 +58,7 @@ TEST_DATA = [
+
+     (validate_email, 'example@atm.%s' % ('a' * 64), ValidationError),
+     (validate_email, 'example@%s.atm.%s' % ('b' * 64, 'a' * 63), ValidationError),
++    (validate_email, "example@%scom" % (("a" * 63 + ".") * 100), ValidationError),
+     (validate_email, None, ValidationError),
+     (validate_email, '', ValidationError),
+     (validate_email, 'abc', ValidationError),
+@@ -242,6 +243,16 @@ TEST_DATA = [
+     (URLValidator(EXTENDED_SCHEMES), 'git+ssh://git@github.com/example/hg-git.git', None),
+
+     (URLValidator(EXTENDED_SCHEMES), 'git://-invalid.com', ValidationError),
++    (
++        URLValidator(),
++        "http://example." + ("a" * 63 + ".") * 1000 + "com",
++        ValidationError,
++    ),
++    (
++        URLValidator(),
++        "http://userid:password" + "d" * 2000 + "@example.aaaaaaaaaaaaa.com",
++        None,
++    ),
+     # Newlines and tabs are not accepted.
+     (URLValidator(), 'http://www.djangoproject.com/\n', ValidationError),
+     (URLValidator(), 'http://[::ffff:192.9.5.5]\n', ValidationError),
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2023-41164.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2023-41164.patch
new file mode 100644
index 0000000000..9bc38b0cca
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2023-41164.patch
@@ -0,0 +1,105 @@
+From 9c95e8fec62153f8dfcc45a70b8a68d74333a66f Mon Sep 17 00:00:00 2001
+From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
+Date: Tue, 26 Sep 2023 10:23:30 +0000
+Subject: [PATCH] Fixed CVE-2023-41164 -- Fixed potential DoS in
+ django.utils.encoding.uri_to_iri().
+
+Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
+
+Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
+
+CVE: CVE-2023-41164
+
+Upstream-Status: Backport [https://github.com/django/django/commit/3f41d6d62929dfe53eda8109b3b836f26645bdce]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ django/utils/encoding.py           |  6 ++++--
+ docs/releases/2.2.28.txt           |  9 +++++++++
+ tests/utils_tests/test_encoding.py | 21 ++++++++++++++++++++-
+ 3 files changed, 33 insertions(+), 3 deletions(-)
+
+diff --git a/django/utils/encoding.py b/django/utils/encoding.py
+index 98da647..3769702 100644
+--- a/django/utils/encoding.py
++++ b/django/utils/encoding.py
+@@ -225,6 +225,7 @@ def repercent_broken_unicode(path):
+     repercent-encode any octet produced that is not part of a strictly legal
+     UTF-8 octet sequence.
+     """
++    changed_parts = []
+     while True:
+         try:
+             path.decode()
+@@ -232,9 +233,10 @@ def repercent_broken_unicode(path):
+             # CVE-2019-14235: A recursion shouldn't be used since the exception
+             # handling uses massive amounts of memory
+             repercent = quote(path[e.start:e.end], safe=b"/#%[]=:;$&()+,!?*@'~")
+-            path = path[:e.start] + force_bytes(repercent) + path[e.end:]
++            changed_parts.append(path[: e.start] + repercent.encode())
++            path = path[e.end :]
+         else:
+-            return path
++            return b"".join(changed_parts) + path
+
+
+ def filepath_to_uri(path):
+diff --git a/docs/releases/2.2.28.txt b/docs/releases/2.2.28.txt
+index ab4884b..40eb230 100644
+--- a/docs/releases/2.2.28.txt
++++ b/docs/releases/2.2.28.txt
+@@ -47,3 +47,12 @@ CVE-2023-36053: Potential regular expression denial of service vulnerability in
+ ``EmailValidator`` and ``URLValidator`` were subject to potential regular
+ expression denial of service attack via a very large number of domain name
+ labels of emails and URLs.
++
++Backporting the CVE-2023-41164 fix on Django 2.2.28.
++
++CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``
++===================================================================================================
++
++``django.utils.encoding.uri_to_iri()`` was subject to potential denial of
++service attack via certain inputs with a very large number of Unicode
++characters.
+diff --git a/tests/utils_tests/test_encoding.py b/tests/utils_tests/test_encoding.py
+index ea7ba5f..93a3162 100644
+--- a/tests/utils_tests/test_encoding.py
++++ b/tests/utils_tests/test_encoding.py
+@@ -1,8 +1,9 @@
+ import datetime
++import inspect
+ import sys
+ import unittest
+ from unittest import mock
+-from urllib.parse import quote_plus
++from urllib.parse import quote, quote_plus
+
+ from django.test import SimpleTestCase
+ from django.utils.encoding import (
+@@ -100,6 +101,24 @@ class TestEncodingUtils(SimpleTestCase):
+         except RecursionError:
+             self.fail('Unexpected RecursionError raised.')
+
++    def test_repercent_broken_unicode_small_fragments(self):
++        data = b"test\xfctest\xfctest\xfc"
++        decoded_paths = []
++
++        def mock_quote(*args, **kwargs):
++            # The second frame is the call to repercent_broken_unicode().
++            decoded_paths.append(inspect.currentframe().f_back.f_locals["path"])
++            return quote(*args, **kwargs)
++
++        with mock.patch("django.utils.encoding.quote", mock_quote):
++            self.assertEqual(repercent_broken_unicode(data), b"test%FCtest%FCtest%FC")
++
++        # decode() is called on smaller fragment of the path each time.
++        self.assertEqual(
++            decoded_paths,
++            [b"test\xfctest\xfctest\xfc", b"test\xfctest\xfc", b"test\xfc"],
++        )
++
+
+ class TestRFC3987IEncodingUtils(unittest.TestCase):
+
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2023-43665.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2023-43665.patch
new file mode 100644
index 0000000000..dbfb9b68a8
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2023-43665.patch
@@ -0,0 +1,199 @@
+From b269a0063e9b10a6c88c92b24d1b92c7421950de Mon Sep 17 00:00:00 2001
+From: Natalia <124304+nessita@users.noreply.github.com>
+Date: Wed, 29 Nov 2023 12:20:01 +0000
+Subject: [PATCH 1/2] Fixed CVE-2023-43665 -- Mitigated potential DoS in
+ django.utils.text.Truncator when truncating HTML text.
+
+Thanks Wenchao Li of Alibaba Group for the report.
+
+CVE: CVE-2023-43665
+
+Upstream-Status: Backport [https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ django/utils/text.py            | 18 ++++++++++++++++-
+ docs/ref/templates/builtins.txt | 20 +++++++++++++++++++
+ docs/releases/2.2.28.txt        | 20 +++++++++++++++++++
+ tests/utils_tests/test_text.py  | 35 ++++++++++++++++++++++++---------
+ 4 files changed, 83 insertions(+), 10 deletions(-)
+
+diff --git a/django/utils/text.py b/django/utils/text.py
+index 1fae7b2..06a377b 100644
+--- a/django/utils/text.py
++++ b/django/utils/text.py
+@@ -57,7 +57,14 @@ def wrap(text, width):
+ class Truncator(SimpleLazyObject):
+     """
+     An object used to truncate text, either by characters or words.
++
++    When truncating HTML text (either chars or words), input will be limited to
++    at most `MAX_LENGTH_HTML` characters.
+     """
++
++    # 5 million characters are approximately 4000 text pages or 3 web pages.
++    MAX_LENGTH_HTML = 5_000_000
++
+     def __init__(self, text):
+         super().__init__(lambda: str(text))
+
+@@ -154,6 +161,11 @@ class Truncator(SimpleLazyObject):
+         if words and length <= 0:
+             return ''
+
++        size_limited = False
++        if len(text) > self.MAX_LENGTH_HTML:
++            text = text[: self.MAX_LENGTH_HTML]
++            size_limited = True
++
+         html4_singlets = (
+             'br', 'col', 'link', 'base', 'img',
+             'param', 'area', 'hr', 'input'
+@@ -203,10 +215,14 @@ class Truncator(SimpleLazyObject):
+                 # Add it to the start of the open tags list
+                 open_tags.insert(0, tagname)
+
++        truncate_text = self.add_truncation_text("", truncate)
++
+         if current_len <= length:
++            if size_limited and truncate_text:
++                text += truncate_text
+             return text
++
+         out = text[:end_text_pos]
+-        truncate_text = self.add_truncation_text('', truncate)
+         if truncate_text:
+             out += truncate_text
+         # Close any tags still open
+diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt
+index c4b0fa3..4faab38 100644
+--- a/docs/ref/templates/builtins.txt
++++ b/docs/ref/templates/builtins.txt
+@@ -2318,6 +2318,16 @@ If ``value`` is ``"<p>Joel is a slug</p>"``, the output will be
+
+ Newlines in the HTML content will be preserved.
+
++.. admonition:: Size of input string
++
++    Processing large, potentially malformed HTML strings can be
++    resource-intensive and impact service performance. ``truncatechars_html``
++    limits input to the first five million characters.
++
++.. versionchanged:: 2.2.28
++
++    In older versions, strings over five million characters were processed.
++
+ .. templatefilter:: truncatewords
+
+ ``truncatewords``
+@@ -2356,6 +2366,16 @@ If ``value`` is ``"<p>Joel is a slug</p>"``, the output will be
+
+ Newlines in the HTML content will be preserved.
+
++.. admonition:: Size of input string
++
++    Processing large, potentially malformed HTML strings can be
++    resource-intensive and impact service performance. ``truncatewords_html``
++    limits input to the first five million characters.
++
++.. versionchanged:: 2.2.28
++
++    In older versions, strings over five million characters were processed.
++
+ .. templatefilter:: unordered_list
+
+ ``unordered_list``
+diff --git a/docs/releases/2.2.28.txt b/docs/releases/2.2.28.txt
+index 40eb230..6a38e9c 100644
+--- a/docs/releases/2.2.28.txt
++++ b/docs/releases/2.2.28.txt
+@@ -56,3 +56,23 @@ CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.enco
+ ``django.utils.encoding.uri_to_iri()`` was subject to potential denial of
+ service attack via certain inputs with a very large number of Unicode
+ characters.
++
++Backporting the CVE-2023-43665 fix on Django 2.2.28.
++
++CVE-2023-43665: Denial-of-service possibility in ``django.utils.text.Truncator``
++================================================================================
++
++Following the fix for :cve:`2019-14232`, the regular expressions used in the
++implementation of ``django.utils.text.Truncator``'s ``chars()`` and ``words()``
++methods (with ``html=True``) were revised and improved. However, these regular
++expressions still exhibited linear backtracking complexity, so when given a
++very long, potentially malformed HTML input, the evaluation would still be
++slow, leading to a potential denial of service vulnerability.
++
++The ``chars()`` and ``words()`` methods are used to implement the
++:tfilter:`truncatechars_html` and :tfilter:`truncatewords_html` template
++filters, which were thus also vulnerable.
++
++The input processed by ``Truncator``, when operating in HTML mode, has been
++limited to the first five million characters in order to avoid potential
++performance and memory issues.
+diff --git a/tests/utils_tests/test_text.py b/tests/utils_tests/test_text.py
+index 27e440b..cb3063d 100644
+--- a/tests/utils_tests/test_text.py
++++ b/tests/utils_tests/test_text.py
+@@ -1,5 +1,6 @@
+ import json
+ import sys
++from unittest.mock import patch
+
+ from django.core.exceptions import SuspiciousFileOperation
+ from django.test import SimpleTestCase
+@@ -87,11 +88,17 @@ class TestUtilsText(SimpleTestCase):
+         # lazy strings are handled correctly
+         self.assertEqual(text.Truncator(lazystr('The quick brown fox')).chars(10), 'The quick…')
+
+-    def test_truncate_chars_html(self):
++    @patch("django.utils.text.Truncator.MAX_LENGTH_HTML", 10_000)
++    def test_truncate_chars_html_size_limit(self):
++        max_len = text.Truncator.MAX_LENGTH_HTML
++        bigger_len = text.Truncator.MAX_LENGTH_HTML + 1
++        valid_html = "<p>Joel is a slug</p>"  # 14 chars
+         perf_test_values = [
+-            (('</a' + '\t' * 50000) + '//>', None),
+-            ('&' * 50000, '&' * 9 + '…'),
+-            ('_X<<<<<<<<<<<>', None),
++            ("</a" + "\t" * (max_len - 6) + "//>", None),
++            ("</p" + "\t" * bigger_len + "//>", "</p" + "\t" * 6 + "…"),
++            ("&" * bigger_len, "&" * 9 + "…"),
++            ("_X<<<<<<<<<<<>", None),
++            (valid_html * bigger_len, "<p>Joel is a…</p>"),  # 10 chars
+         ]
+         for value, expected in perf_test_values:
+             with self.subTest(value=value):
+@@ -149,15 +156,25 @@ class TestUtilsText(SimpleTestCase):
+         truncator = text.Truncator('<p>I &lt;3 python, what about you?</p>')
+         self.assertEqual('<p>I &lt;3 python,…</p>', truncator.words(3, html=True))
+
++    @patch("django.utils.text.Truncator.MAX_LENGTH_HTML", 10_000)
++    def test_truncate_words_html_size_limit(self):
++        max_len = text.Truncator.MAX_LENGTH_HTML
++        bigger_len = text.Truncator.MAX_LENGTH_HTML + 1
++        valid_html = "<p>Joel is a slug</p>"  # 4 words
+         perf_test_values = [
+-            ('</a' + '\t' * 50000) + '//>',
+-            '&' * 50000,
+-            '_X<<<<<<<<<<<>',
++            ("</a" + "\t" * (max_len - 6) + "//>", None),
++            ("</p" + "\t" * bigger_len + "//>", "</p" + "\t" * (max_len - 3) + "…"),
++            ("&" * max_len, None),  # no change
++            ("&" * bigger_len, "&" * max_len + "…"),
++            ("_X<<<<<<<<<<<>", None),
++            (valid_html * bigger_len, valid_html * 12 + "<p>Joel is…</p>"),  # 50 words
+         ]
+-        for value in perf_test_values:
++        for value, expected in perf_test_values:
+             with self.subTest(value=value):
+                 truncator = text.Truncator(value)
+-                self.assertEqual(value, truncator.words(50, html=True))
++                self.assertEqual(
++                    expected if expected else value, truncator.words(50, html=True)
++                )
+
+     def test_wrap(self):
+         digits = '1234 67 9'
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2023-46695.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2023-46695.patch
new file mode 100644
index 0000000000..b7dda41f8f
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2023-46695.patch
@@ -0,0 +1,90 @@
+From 32bc7fa517be1d50239827520cc13f3112d3d748 Mon Sep 17 00:00:00 2001
+From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
+Date: Wed, 29 Nov 2023 12:49:41 +0000
+Subject: [PATCH 2/2] Fixed CVE-2023-46695 -- Fixed potential DoS in
+ UsernameField on Windows.
+
+Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
+
+CVE: CVE-2023-46695
+
+Upstream-Status: Backport [https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ django/contrib/auth/forms.py   | 10 +++++++++-
+ docs/releases/2.2.28.txt       | 14 ++++++++++++++
+ tests/auth_tests/test_forms.py |  8 +++++++-
+ 3 files changed, 30 insertions(+), 2 deletions(-)
+
+diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
+index e6f73fe..26d3ca7 100644
+--- a/django/contrib/auth/forms.py
++++ b/django/contrib/auth/forms.py
+@@ -68,7 +68,15 @@ class ReadOnlyPasswordHashField(forms.Field):
+
+ class UsernameField(forms.CharField):
+     def to_python(self, value):
+-        return unicodedata.normalize('NFKC', super().to_python(value))
++        value = super().to_python(value)
++        if self.max_length is not None and len(value) > self.max_length:
++            # Normalization can increase the string length (e.g.
++            # "ff" -> "ff", "½" -> "1⁄2") but cannot reduce it, so there is no
++            # point in normalizing invalid data. Moreover, Unicode
++            # normalization is very slow on Windows and can be a DoS attack
++            # vector.
++            return value
++        return unicodedata.normalize("NFKC", value)
+
+
+ class UserCreationForm(forms.ModelForm):
+diff --git a/docs/releases/2.2.28.txt b/docs/releases/2.2.28.txt
+index 6a38e9c..c653cb6 100644
+--- a/docs/releases/2.2.28.txt
++++ b/docs/releases/2.2.28.txt
+@@ -76,3 +76,17 @@ filters, which were thus also vulnerable.
+ The input processed by ``Truncator``, when operating in HTML mode, has been
+ limited to the first five million characters in order to avoid potential
+ performance and memory issues.
++
++Backporting the CVE-2023-46695 fix on Django 2.2.28.
++
++CVE-2023-46695: Potential denial of service vulnerability in ``UsernameField`` on Windows
++=========================================================================================
++
++The :func:`NFKC normalization <python:unicodedata.normalize>` is slow on
++Windows. As a consequence, ``django.contrib.auth.forms.UsernameField`` was
++subject to a potential denial of service attack via certain inputs with a very
++large number of Unicode characters.
++
++In order to avoid the vulnerability, invalid values longer than
++``UsernameField.max_length`` are no longer normalized, since they cannot pass
++validation anyway.
+diff --git a/tests/auth_tests/test_forms.py b/tests/auth_tests/test_forms.py
+index bed23af..e73d4b8 100644
+--- a/tests/auth_tests/test_forms.py
++++ b/tests/auth_tests/test_forms.py
+@@ -6,7 +6,7 @@ from django import forms
+ from django.contrib.auth.forms import (
+     AdminPasswordChangeForm, AuthenticationForm, PasswordChangeForm,
+     PasswordResetForm, ReadOnlyPasswordHashField, ReadOnlyPasswordHashWidget,
+-    SetPasswordForm, UserChangeForm, UserCreationForm,
++    SetPasswordForm, UserChangeForm, UserCreationForm, UsernameField,
+ )
+ from django.contrib.auth.models import User
+ from django.contrib.auth.signals import user_login_failed
+@@ -132,6 +132,12 @@ class UserCreationFormTest(TestDataMixin, TestCase):
+         self.assertNotEqual(user.username, ohm_username)
+         self.assertEqual(user.username, 'testΩ')  # U+03A9 GREEK CAPITAL LETTER OMEGA
+
++    def test_invalid_username_no_normalize(self):
++        field = UsernameField(max_length=254)
++        # Usernames are not normalized if they are too long.
++        self.assertEqual(field.to_python("½" * 255), "½" * 255)
++        self.assertEqual(field.to_python("ff" * 254), "ff" * 254)
++
+     def test_duplicate_normalized_unicode(self):
+         """
+         To prevent almost identical usernames, visually identical but differing
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
index 9ef988176e..8c955e6bd8 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -5,6 +5,13 @@ UPSTREAM_CHECK_REGEX = "/${PYPI_PACKAGE}/(?P<pver>(2\.2\.\d*)+)/"
 
 inherit setuptools3
 
+SRC_URI += "file://CVE-2023-31047.patch \
+            file://CVE-2023-36053.patch \
+            file://CVE-2023-41164.patch \
+            file://CVE-2023-43665.patch \
+            file://CVE-2023-46695.patch \
+           "
+
 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
 
 RDEPENDS:${PN} += "\
diff --git a/meta-python/recipes-devtools/python/python3-django_3.2.12.bb b/meta-python/recipes-devtools/python/python3-django_3.2.23.bb
index adbc498bdf..beecaa607c 100644
--- a/meta-python/recipes-devtools/python/python3-django_3.2.12.bb
+++ b/meta-python/recipes-devtools/python/python3-django_3.2.23.bb
@@ -1,7 +1,7 @@
 require python-django.inc
 inherit setuptools3
 
-SRC_URI[sha256sum] = "9772e6935703e59e993960832d66a614cf0233a1c5123bc6224ecc6ad69e41e2"
+SRC_URI[sha256sum] = "82968f3640e29ef4a773af2c28448f5f7a08d001c6ac05b32d02aeee6509508b"
 
 RDEPENDS:${PN} += "\
     ${PYTHON_PN}-sqlparse \
@@ -9,5 +9,5 @@ RDEPENDS:${PN} += "\
 
 # Set DEFAULT_PREFERENCE so that the LTS version of django is built by
 # default. To build the 3.x branch, 
-# PREFERRED_VERSION_python3-django = "3.2.2" can be added to local.conf
+# PREFERRED_VERSION_python3-django = "3.2.23" can be added to local.conf
 DEFAULT_PREFERENCE = "-1"
diff --git a/meta-python/recipes-devtools/python/python3-django_4.0.2.bb b/meta-python/recipes-devtools/python/python3-django_4.2.10.bb
index 690b9809dc..a9f25ac2b3 100644
--- a/meta-python/recipes-devtools/python/python3-django_4.0.2.bb
+++ b/meta-python/recipes-devtools/python/python3-django_4.2.10.bb
@@ -1,7 +1,7 @@
 require python-django.inc
 inherit setuptools3
 
-SRC_URI[sha256sum] = "110fb58fb12eca59e072ad59fc42d771cd642dd7a2f2416582aa9da7a8ef954a"
+SRC_URI[sha256sum] = "b1260ed381b10a11753c73444408e19869f3241fc45c985cd55a30177c789d13"
 
 RDEPENDS:${PN} += "\
     ${PYTHON_PN}-sqlparse \
@@ -9,5 +9,5 @@ RDEPENDS:${PN} += "\
 
 # Set DEFAULT_PREFERENCE so that the LTS version of django is built by
 # default. To build the 4.x branch, 
-# PREFERRED_VERSION_python3-django = "4.0.2" can be added to local.conf
+# PREFERRED_VERSION_python3-django = "4.2.7" can be added to local.conf
 DEFAULT_PREFERENCE = "-1"
diff --git a/meta-python/recipes-devtools/python/python3-gcovr/0001-Fix-parsing-of-gcov-metadata-601.patch b/meta-python/recipes-devtools/python/python3-gcovr/0001-Fix-parsing-of-gcov-metadata-601.patch
new file mode 100644
index 0000000000..5530a39857
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-gcovr/0001-Fix-parsing-of-gcov-metadata-601.patch
@@ -0,0 +1,84 @@
+From c4f53f28c4c537b75b5912a44083c41262807504 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20F=C3=B6rderer?= <michael.foerderer@gmx.de>
+Date: Sun, 3 Apr 2022 22:58:33 +0200
+Subject: [PATCH] Fix parsing of gcov metadata (#601)
+
+gcc-11 has metadata line "-: 0:Source is newer than graph" which throws an error.
+
+Upstream-Status: Backport [https://github.com/gcovr/gcovr/commit/7b6947bd4b6fd28a477606313fff3c13fcea8d3d]
+
+Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
+---
+ gcovr/gcov.py        |  5 ++++-
+ gcovr/gcov_parser.py | 24 ++++++++++++++++++++----
+ 2 files changed, 24 insertions(+), 5 deletions(-)
+
+diff --git a/gcovr/gcov.py b/gcovr/gcov.py
+index cc7a9af4..ff4cdb0b 100644
+--- a/gcovr/gcov.py
++++ b/gcovr/gcov.py
+@@ -98,8 +98,11 @@ def process_gcov_data(data_fname, covdata, source_fname, options, currdir=None):
+     # Find the source file
+     # TODO: instead of heuristics, use "working directory" if available
+     metadata = parse_metadata(lines)
++    source = metadata.get("Source")
++    if source is None:
++        raise RuntimeError("Unexpected value 'None' for metadata 'Source'.")
+     fname = guess_source_file_name(
+-        metadata["Source"].strip(),
++        source,
+         data_fname,
+         source_fname,
+         root_dir=options.root_dir,
+diff --git a/gcovr/gcov_parser.py b/gcovr/gcov_parser.py
+index 391ecd78..523ea406 100644
+--- a/gcovr/gcov_parser.py
++++ b/gcovr/gcov_parser.py
+@@ -121,7 +121,7 @@ class _MetadataLine(NamedTuple):
+     """A gcov line with metadata: ``-: 0:KEY:VALUE``"""
+
+     key: str
+-    value: str
++    value: Optional[str]
+
+
+ class _BlockLine(NamedTuple):
+@@ -214,7 +214,19 @@ def parse_metadata(lines: List[str]) -> Dict[str, str]:
+     ...   -: 0:Foo:bar
+     ...   -: 0:Key:123
+     ... '''.splitlines())
+-    {'Foo': 'bar', 'Key': '123'}
++    Traceback (most recent call last):
++       ...
++    RuntimeError: Missing key 'Source' in metadata. GCOV data was >>
++      -: 0:Foo:bar
++      -: 0:Key:123<< End of GCOV data
++    >>> parse_metadata('-: 0:Source: file \n -: 0:Foo: bar \n -: 0:Key: 123 '.splitlines())
++    {'Source': 'file', 'Foo': 'bar', 'Key': '123'}
++    >>> parse_metadata('''
++    ...   -: 0:Source:file
++    ...   -: 0:Foo:bar
++    ...   -: 0:Key
++    ... '''.splitlines())
++    {'Source': 'file', 'Foo': 'bar', 'Key': None}
+     """
+     collected = {}
+     for line in lines:
+@@ -721,8 +733,12 @@ def _parse_line(line: str) -> _Line:
+
+         # METADATA (key, value)
+         if count_str == "-" and lineno == "0":
+-            key, value = source_code.split(":", 1)
+-            return _MetadataLine(key, value)
++            if ":" in source_code:
++                key, value = source_code.split(":", 1)
++                return _MetadataLine(key, value.strip())
++            else:
++                # Add a syntethic metadata with no value
++                return _MetadataLine(source_code, None)
+
+         if count_str == "-":
+             count = 0
+--
+2.41.0
+
diff --git a/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb b/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb
index 995f3b779b..5dcd9496c5 100644
--- a/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb
+++ b/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb
@@ -4,7 +4,8 @@ SECTION = "devel/python"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=08208c66520e8d69d5367483186d94ed"
 
-SRC_URI = "git://github.com/gcovr/gcovr.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/gcovr/gcovr.git;branch=main;protocol=https"
+SRC_URI += "file://0001-Fix-parsing-of-gcov-metadata-601.patch"
 SRCREV = "e71e883521b78122c49016eb4e510e6da06c6916"
 
 S = "${WORKDIR}/git"
@@ -12,6 +13,6 @@ S = "${WORKDIR}/git"
 inherit setuptools3
 PIP_INSTALL_PACKAGE = "gcovr"
 
-RDEPENDS:${PN} += "${PYTHON_PN}-jinja2 ${PYTHON_PN}-lxml ${PYTHON_PN}-setuptools ${PYTHON_PN}-pygments"
+RDEPENDS:${PN} += "${PYTHON_PN}-jinja2 ${PYTHON_PN}-lxml ${PYTHON_PN}-setuptools ${PYTHON_PN}-pygments ${PYTHON_PN}-multiprocessing"
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-python/recipes-devtools/python/python3-gevent/CVE-2023-41419.patch b/meta-python/recipes-devtools/python/python3-gevent/CVE-2023-41419.patch
new file mode 100644
index 0000000000..c92ba876a8
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-gevent/CVE-2023-41419.patch
@@ -0,0 +1,673 @@
+From f80ee15e27b67b6fdd101d5f91cf584d19b2b26e Mon Sep 17 00:00:00 2001
+From: Jason Madden <jamadden@gmail.com>
+Date: Fri, 6 Oct 2023 12:41:59 +0000
+Subject: [PATCH] gevent.pywsgi: Much improved handling of chunk trailers.
+ Validation is much stricter to the specification.
+
+Fixes #1989
+
+CVE: CVE-2023-41419
+
+Upstream-Status: Backport [https://github.com/gevent/gevent/commit/2f53c851eaf926767fbac62385615efd4886221c]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ docs/changes/1989.bugfix         |  26 ++++
+ src/gevent/pywsgi.py             | 229 ++++++++++++++++++++++++-------
+ src/gevent/subprocess.py         |   7 +-
+ src/gevent/testing/testcase.py   |   2 +-
+ src/gevent/tests/test__pywsgi.py | 193 ++++++++++++++++++++++++--
+ 5 files changed, 390 insertions(+), 67 deletions(-)
+ create mode 100644 docs/changes/1989.bugfix
+
+diff --git a/docs/changes/1989.bugfix b/docs/changes/1989.bugfix
+new file mode 100644
+index 0000000..7ce4a93
+--- /dev/null
++++ b/docs/changes/1989.bugfix
+@@ -0,0 +1,26 @@
++Make ``gevent.pywsgi`` comply more closely with the HTTP specification
++for chunked transfer encoding. In particular, we are much stricter
++about trailers, and trailers that are invalid (too long or featuring
++disallowed characters) forcibly close the connection to the client
++*after* the results have been sent.
++
++Trailers otherwise continue to be ignored and are not available to the
++WSGI application.
++
++Previously, carefully crafted invalid trailers in chunked requests on
++keep-alive connections might appear as two requests to
++``gevent.pywsgi``. Because this was handled exactly as a normal
++keep-alive connection with two requests, the WSGI application should
++handle it normally. However, if you were counting on some upstream
++server to filter incoming requests based on paths or header fields,
++and the upstream server simply passed trailers through without
++validating them, then this embedded second request would bypass those
++checks. (If the upstream server validated that the trailers meet the
++HTTP specification, this could not occur, because characters that are
++required in an HTTP request, like a space, are not allowed in
++trailers.) CVE-2023-41419 was reserved for this.
++
++Our thanks to the original reporters, Keran Mu
++(mkr22@mails.tsinghua.edu.cn) and Jianjun Chen
++(jianjun@tsinghua.edu.cn), from Tsinghua University and Zhongguancun
++Laboratory.
+diff --git a/src/gevent/pywsgi.py b/src/gevent/pywsgi.py
+index 0ebe095..078398a 100644
+--- a/src/gevent/pywsgi.py
++++ b/src/gevent/pywsgi.py
+@@ -1,13 +1,28 @@
+ # Copyright (c) 2005-2009, eventlet contributors
+ # Copyright (c) 2009-2018, gevent contributors
+ """
+-A pure-Python, gevent-friendly WSGI server.
++A pure-Python, gevent-friendly WSGI server implementing HTTP/1.1.
+
+ The server is provided in :class:`WSGIServer`, but most of the actual
+ WSGI work is handled by :class:`WSGIHandler` --- a new instance is
+ created for each request. The server can be customized to use
+ different subclasses of :class:`WSGIHandler`.
+
++.. important::
++   This server is intended primarily for development and testing, and
++   secondarily for other "safe" scenarios where it will not be exposed to
++   potentially malicious input. The code has not been security audited,
++   and is not intended for direct exposure to the public Internet. For production
++   usage on the Internet, either choose a production-strength server such as
++   gunicorn, or put a reverse proxy between gevent and the Internet.
++.. versionchanged:: NEXT
++   Complies more closely with the HTTP specification for chunked transfer encoding.
++   In particular, we are much stricter about trailers, and trailers that
++   are invalid (too long or featuring disallowed characters) forcibly close
++   the connection to the client *after* the results have been sent.
++   Trailers otherwise continue to be ignored and are not available to the
++   WSGI application.
++
+ """
+ from __future__ import absolute_import
+
+@@ -22,10 +37,7 @@ import time
+ import traceback
+ from datetime import datetime
+
+-try:
+-    from urllib import unquote
+-except ImportError:
+-    from urllib.parse import unquote # python 2 pylint:disable=import-error,no-name-in-module
++from urllib.parse import unquote
+
+ from gevent import socket
+ import gevent
+@@ -53,29 +65,52 @@ __all__ = [
+
+ MAX_REQUEST_LINE = 8192
+ # Weekday and month names for HTTP date/time formatting; always English!
+-_WEEKDAYNAME = ["Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"]
+-_MONTHNAME = [None,  # Dummy so we can use 1-based month numbers
++_WEEKDAYNAME = ("Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun")
++_MONTHNAME = (None,  # Dummy so we can use 1-based month numbers
+               "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+-              "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"]
++              "Jul", "Aug", "Sep", "Oct", "Nov", "Dec")
+
+ # The contents of the "HEX" grammar rule for HTTP, upper and lowercase A-F plus digits,
+ # in byte form for comparing to the network.
+ _HEX = string.hexdigits.encode('ascii')
+
++# The characters allowed in "token" rules.
++
++# token          = 1*tchar
++# tchar          = "!" / "#" / "$" / "%" / "&" / "'" / "*"
++#                / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
++#                / DIGIT / ALPHA
++#                ; any VCHAR, except delimiters
++# ALPHA          =  %x41-5A / %x61-7A   ; A-Z / a-z
++_ALLOWED_TOKEN_CHARS = frozenset(
++    # Remember we have to be careful because bytestrings
++    # inexplicably iterate as integers, which are not equal to bytes.
++
++    # explicit chars then DIGIT
++    (c.encode('ascii') for c in "!#$%&'*+-.^_`|~0123456789")
++    # Then we add ALPHA
++) | {c.encode('ascii') for c in string.ascii_letters}
++assert b'A' in _ALLOWED_TOKEN_CHARS
++
++
+ # Errors
+ _ERRORS = {}
+ _INTERNAL_ERROR_STATUS = '500 Internal Server Error'
+ _INTERNAL_ERROR_BODY = b'Internal Server Error'
+-_INTERNAL_ERROR_HEADERS = [('Content-Type', 'text/plain'),
+-                           ('Connection', 'close'),
+-                           ('Content-Length', str(len(_INTERNAL_ERROR_BODY)))]
++_INTERNAL_ERROR_HEADERS = (
++    ('Content-Type', 'text/plain'),
++    ('Connection', 'close'),
++    ('Content-Length', str(len(_INTERNAL_ERROR_BODY)))
++)
+ _ERRORS[500] = (_INTERNAL_ERROR_STATUS, _INTERNAL_ERROR_HEADERS, _INTERNAL_ERROR_BODY)
+
+ _BAD_REQUEST_STATUS = '400 Bad Request'
+ _BAD_REQUEST_BODY = ''
+-_BAD_REQUEST_HEADERS = [('Content-Type', 'text/plain'),
+-                        ('Connection', 'close'),
+-                        ('Content-Length', str(len(_BAD_REQUEST_BODY)))]
++_BAD_REQUEST_HEADERS = (
++    ('Content-Type', 'text/plain'),
++    ('Connection', 'close'),
++    ('Content-Length', str(len(_BAD_REQUEST_BODY)))
++)
+ _ERRORS[400] = (_BAD_REQUEST_STATUS, _BAD_REQUEST_HEADERS, _BAD_REQUEST_BODY)
+
+ _REQUEST_TOO_LONG_RESPONSE = b"HTTP/1.1 414 Request URI Too Long\r\nConnection: close\r\nContent-length: 0\r\n\r\n"
+@@ -204,23 +239,32 @@ class Input(object):
+         # Read and return the next integer chunk length. If no
+         # chunk length can be read, raises _InvalidClientInput.
+
+-        # Here's the production for a chunk:
+-        # (http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html)
+-        #   chunk          = chunk-size [ chunk-extension ] CRLF
+-        #                    chunk-data CRLF
+-        #   chunk-size     = 1*HEX
+-        #   chunk-extension= *( ";" chunk-ext-name [ "=" chunk-ext-val ] )
+-        #   chunk-ext-name = token
+-        #   chunk-ext-val  = token | quoted-string
+-
+-        # To cope with malicious or broken clients that fail to send valid
+-        # chunk lines, the strategy is to read character by character until we either reach
+-        # a ; or newline. If at any time we read a non-HEX digit, we bail. If we hit a
+-        # ;, indicating an chunk-extension, we'll read up to the next
+-        # MAX_REQUEST_LINE characters
+-        # looking for the CRLF, and if we don't find it, we bail. If we read more than 16 hex characters,
+-        # (the number needed to represent a 64-bit chunk size), we bail (this protects us from
+-        # a client that sends an infinite stream of `F`, for example).
++        # Here's the production for a chunk (actually the whole body):
++        # (https://www.rfc-editor.org/rfc/rfc7230#section-4.1)
++
++        # chunked-body   = *chunk
++        #                  last-chunk
++        #                  trailer-part
++        #                  CRLF
++        #
++        # chunk          = chunk-size [ chunk-ext ] CRLF
++        #                  chunk-data CRLF
++        # chunk-size     = 1*HEXDIG
++        # last-chunk     = 1*("0") [ chunk-ext ] CRLF
++        # trailer-part   = *( header-field CRLF )
++        # chunk-data     = 1*OCTET ; a sequence of chunk-size octets
++
++        # To cope with malicious or broken clients that fail to send
++        # valid chunk lines, the strategy is to read character by
++        # character until we either reach a ; or newline. If at any
++        # time we read a non-HEX digit, we bail. If we hit a ;,
++        # indicating an chunk-extension, we'll read up to the next
++        # MAX_REQUEST_LINE characters ("A server ought to limit the
++        # total length of chunk extensions received") looking for the
++        # CRLF, and if we don't find it, we bail. If we read more than
++        # 16 hex characters, (the number needed to represent a 64-bit
++        # chunk size), we bail (this protects us from a client that
++        # sends an infinite stream of `F`, for example).
+
+         buf = BytesIO()
+         while 1:
+@@ -228,16 +272,20 @@ class Input(object):
+             if not char:
+                 self._chunked_input_error = True
+                 raise _InvalidClientInput("EOF before chunk end reached")
+-            if char == b'\r':
+-                break
+-            if char == b';':
++
++            if char in (
++                b'\r', # Beginning EOL
++                b';', # Beginning extension
++            ):
+                 break
+
+-            if char not in _HEX:
++            if char not in _HEX: # Invalid data.
+                 self._chunked_input_error = True
+                 raise _InvalidClientInput("Non-hex data", char)
++
+             buf.write(char)
+-            if buf.tell() > 16:
++
++            if buf.tell() > 16: # Too many hex bytes
+                 self._chunked_input_error = True
+                 raise _InvalidClientInput("Chunk-size too large.")
+
+@@ -257,11 +305,72 @@ class Input(object):
+         if char == b'\r':
+             # We either got here from the main loop or from the
+             # end of an extension
++            self.__read_chunk_size_crlf(rfile, newline_only=True)
++            result = int(buf.getvalue(), 16)
++            if result == 0:
++                # The only time a chunk size of zero is allowed is the final
++                # chunk. It is either followed by another \r\n, or some trailers
++                # which are then followed by \r\n.
++                while self.__read_chunk_trailer(rfile):
++                    pass
++            return result
++
++    # Trailers have the following production (they are a header-field followed by CRLF)
++    # See above for the definition of "token".
++    #
++    # header-field   = field-name ":" OWS field-value OWS
++    # field-name     = token
++    # field-value    = *( field-content / obs-fold )
++    # field-content  = field-vchar [ 1*( SP / HTAB ) field-vchar ]
++    # field-vchar    = VCHAR / obs-text
++    # obs-fold       = CRLF 1*( SP / HTAB )
++    #                ; obsolete line folding
++    #                ; see Section 3.2.4
++
++
++    def __read_chunk_trailer(self, rfile, ):
++        # With rfile positioned just after a \r\n, read a trailer line.
++        # Return a true value if a non-empty trailer was read, and
++        # return false if an empty trailer was read (meaning the trailers are
++        # done).
++        # If a single line exceeds the MAX_REQUEST_LINE, raise an exception.
++        # If the field-name portion contains invalid characters, raise an exception.
++
++        i = 0
++        empty = True
++        seen_field_name = False
++        while i < MAX_REQUEST_LINE:
++            char = rfile.read(1)
++            if char == b'\r':
++                # Either read the next \n or raise an error.
++                self.__read_chunk_size_crlf(rfile, newline_only=True)
++                break
++            # Not a \r, so we are NOT an empty chunk.
++            empty = False
++            if char == b':' and i > 0:
++                # We're ending the field-name part; stop validating characters.
++                # Unless : was the first character...
++                seen_field_name = True
++            if not seen_field_name and char not in _ALLOWED_TOKEN_CHARS:
++                raise _InvalidClientInput('Invalid token character: %r' % (char,))
++            i += 1
++        else:
++            # We read too much
++            self._chunked_input_error = True
++            raise _InvalidClientInput("Too large chunk trailer")
++        return not empty
++
++    def __read_chunk_size_crlf(self, rfile, newline_only=False):
++        # Also for safety, correctly verify that we get \r\n when expected.
++        if not newline_only:
+             char = rfile.read(1)
+-            if char != b'\n':
++            if char != b'\r':
+                 self._chunked_input_error = True
+-                raise _InvalidClientInput("Line didn't end in CRLF")
+-            return int(buf.getvalue(), 16)
++                raise _InvalidClientInput("Line didn't end in CRLF: %r" % (char,))
++        char = rfile.read(1)
++        if char != b'\n':
++            self._chunked_input_error = True
++            raise _InvalidClientInput("Line didn't end in LF: %r" % (char,))
+
+     def _chunked_read(self, length=None, use_readline=False):
+         # pylint:disable=too-many-branches
+@@ -294,7 +403,7 @@ class Input(object):
+
+                 self.position += datalen
+                 if self.chunk_length == self.position:
+-                    rfile.readline()
++                    self.__read_chunk_size_crlf(rfile)
+
+                 if length is not None:
+                     length -= datalen
+@@ -307,9 +416,9 @@ class Input(object):
+                 # determine the next size to read
+                 self.chunk_length = self.__read_chunk_length(rfile)
+                 self.position = 0
+-                if self.chunk_length == 0:
+-                    # Last chunk. Terminates with a CRLF.
+-                    rfile.readline()
++                # If chunk_length was 0, we already read any trailers and
++                # validated that we have ended with \r\n\r\n.
++
+         return b''.join(response)
+
+     def read(self, length=None):
+@@ -532,7 +641,8 @@ class WSGIHandler(object):
+         elif len(words) == 2:
+             self.command, self.path = words
+             if self.command != "GET":
+-                raise _InvalidClientRequest('Expected GET method: %r' % (raw_requestline,))
++                raise _InvalidClientRequest('Expected GET method; Got command=%r; path=%r; raw=%r' % (
++                    self.command, self.path, raw_requestline,))
+             self.request_version = "HTTP/0.9"
+             # QQQ I'm pretty sure we can drop support for HTTP/0.9
+         else:
+@@ -1000,14 +1110,28 @@ class WSGIHandler(object):
+             finally:
+                 try:
+                     self.wsgi_input._discard()
+-                except (socket.error, IOError):
+-                    # Don't let exceptions during discarding
++                except _InvalidClientInput:
++                    # This one is deliberately raised to the outer
++                    # scope, because, with the incoming stream in some bad state,
++                    # we can't be sure we can synchronize and properly parse the next
++                    # request.
++                    raise
++                except socket.error
++                    # Don't let socket exceptions during discarding
+                     # input override any exception that may have been
+                     # raised by the application, such as our own _InvalidClientInput.
+                     # In the general case, these aren't even worth logging (see the comment
+                     # just below)
+                     pass
+-        except _InvalidClientInput:
++        except _InvalidClientInput as ex:
++            # DO log this one because:
++            # - Some of the data may have been read and acted on by the
++            #   application;
++            # - The response may or may not have been sent;
++            # - It's likely that the client is bad, or malicious, and
++            #   users might wish to take steps to block the client.
++            self._handle_client_error(ex)
++            self.close_connection = True
+             self._send_error_response_if_possible(400)
+         except socket.error as ex:
+             if ex.args[0] in self.ignored_socket_errors:
+@@ -1054,17 +1178,22 @@ class WSGIHandler(object):
+     def _handle_client_error(self, ex):
+         # Called for invalid client input
+         # Returns the appropriate error response.
+-        if not isinstance(ex, ValueError):
++        if not isinstance(ex, (ValueError, _InvalidClientInput)):
+             # XXX: Why not self._log_error to send it through the loop's
+             # handle_error method?
++            # _InvalidClientRequest is a ValueError; _InvalidClientInput is an IOError.
+             traceback.print_exc()
+         if isinstance(ex, _InvalidClientRequest):
+             # No formatting needed, that's already been handled. In fact, because the
+             # formatted message contains user input, it might have a % in it, and attempting
+             # to format that with no arguments would be an error.
+-            self.log_error(ex.formatted_message)
++            # However, the error messages do not include the requesting IP
++            # necessarily, so we do add that.
++            self.log_error('(from %s) %s', self.client_address, ex.formatted_message)
+         else:
+-            self.log_error('Invalid request: %s', str(ex) or ex.__class__.__name__)
++            self.log_error('Invalid request (from %s): %s',
++                           self.client_address,
++                           str(ex) or ex.__class__.__name__)
+         return ('400', _BAD_REQUEST_RESPONSE)
+
+     def _headers(self):
+diff --git a/src/gevent/subprocess.py b/src/gevent/subprocess.py
+index 38c9bd3..8a8ccad 100644
+--- a/src/gevent/subprocess.py
++++ b/src/gevent/subprocess.py
+@@ -352,10 +352,11 @@ def check_output(*popenargs, **kwargs):
+
+     To capture standard error in the result, use ``stderr=STDOUT``::
+
+-        >>> print(check_output(["/bin/sh", "-c",
++        >>> output = check_output(["/bin/sh", "-c",
+         ...               "ls -l non_existent_file ; exit 0"],
+-        ...              stderr=STDOUT).decode('ascii').strip())
+-        ls: non_existent_file: No such file or directory
++        ...              stderr=STDOUT).decode('ascii').strip()
++        >>> print(output.rsplit(':', 1)[1].strip())
++        No such file or directory
+
+     There is an additional optional argument, "input", allowing you to
+     pass a string to the subprocess's stdin.  If you use this argument
+diff --git a/src/gevent/testing/testcase.py b/src/gevent/testing/testcase.py
+index cd5db80..aa86dcf 100644
+--- a/src/gevent/testing/testcase.py
++++ b/src/gevent/testing/testcase.py
+@@ -225,7 +225,7 @@ class TestCaseMetaClass(type):
+                 classDict.pop(key)
+                 # XXX: When did we stop doing this?
+                 #value = wrap_switch_count_check(value)
+-                value = _wrap_timeout(timeout, value)
++                #value = _wrap_timeout(timeout, value)
+                 error_fatal = getattr(value, 'error_fatal', error_fatal)
+                 if error_fatal:
+                     value = errorhandler.wrap_error_fatal(value)
+diff --git a/src/gevent/tests/test__pywsgi.py b/src/gevent/tests/test__pywsgi.py
+index d2125a8..d46030b 100644
+--- a/src/gevent/tests/test__pywsgi.py
++++ b/src/gevent/tests/test__pywsgi.py
+@@ -25,21 +25,11 @@ from gevent import monkey
+ monkey.patch_all()
+
+ from contextlib import contextmanager
+-try:
+-    from urllib.parse import parse_qs
+-except ImportError:
+-    # Python 2
+-    from urlparse import parse_qs
++from urllib.parse import parse_qs
+ import os
+ import sys
+-try:
+-    # On Python 2, we want the C-optimized version if
+-    # available; it has different corner-case behaviour than
+-    # the Python implementation, and it used by socket.makefile
+-    # by default.
+-    from cStringIO import StringIO
+-except ImportError:
+-    from io import BytesIO as StringIO
++from io import BytesIO as StringIO
++
+ import weakref
+ import unittest
+ from wsgiref.validate import validator
+@@ -156,6 +146,10 @@ class Response(object):
+     @classmethod
+     def read(cls, fd, code=200, reason='default', version='1.1',
+              body=None, chunks=None, content_length=None):
++        """
++        Read an HTTP response, optionally perform assertions,
++        and return the Response object.
++        """
+         # pylint:disable=too-many-branches
+         _status_line, headers = read_headers(fd)
+         self = cls(_status_line, headers)
+@@ -716,7 +710,14 @@ class TestNegativeReadline(TestCase):
+
+ class TestChunkedPost(TestCase):
+
++    calls = 0
++
++    def setUp(self):
++        super().setUp()
++        self.calls = 0
++
+     def application(self, env, start_response):
++        self.calls += 1
+         self.assertTrue(env.get('wsgi.input_terminated'))
+         start_response('200 OK', [('Content-Type', 'text/plain')])
+         if env['PATH_INFO'] == '/a':
+@@ -730,6 +731,8 @@ class TestChunkedPost(TestCase):
+         if env['PATH_INFO'] == '/c':
+             return list(iter(lambda: env['wsgi.input'].read(1), b''))
+
++        return [b'We should not get here', env['PATH_INFO'].encode('ascii')]
++
+     def test_014_chunked_post(self):
+         data = (b'POST /a HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n'
+                 b'Transfer-Encoding: chunked\r\n\r\n'
+@@ -797,6 +800,170 @@ class TestChunkedPost(TestCase):
+             fd.write(data)
+             read_http(fd, code=400)
+
++    def test_trailers_keepalive_ignored(self):
++        # Trailers after a chunk are ignored.
++        data = (
++            b'POST /a HTTP/1.1\r\n'
++            b'Host: localhost\r\n'
++            b'Connection: keep-alive\r\n'
++            b'Transfer-Encoding: chunked\r\n'
++            b'\r\n'
++            b'2\r\noh\r\n'
++            b'4\r\n hai\r\n'
++            b'0\r\n' # last-chunk
++            # Normally the final CRLF would go here, but if you put in a
++            # trailer, it doesn't.
++            b'trailer1: value1\r\n'
++            b'trailer2: value2\r\n'
++            b'\r\n' # Really terminate the chunk.
++            b'POST /a HTTP/1.1\r\n'
++            b'Host: localhost\r\n'
++            b'Connection: close\r\n'
++            b'Transfer-Encoding: chunked\r\n'
++            b'\r\n'
++            b'2\r\noh\r\n'
++            b'4\r\n bye\r\n'
++            b'0\r\n' # last-chunk
++        )
++        with self.makefile() as fd:
++            fd.write(data)
++            read_http(fd, body='oh hai')
++            read_http(fd, body='oh bye')
++
++        self.assertEqual(self.calls, 2)
++
++    def test_trailers_too_long(self):
++        # Trailers after a chunk are ignored.
++        data = (
++            b'POST /a HTTP/1.1\r\n'
++            b'Host: localhost\r\n'
++            b'Connection: keep-alive\r\n'
++            b'Transfer-Encoding: chunked\r\n'
++            b'\r\n'
++            b'2\r\noh\r\n'
++            b'4\r\n hai\r\n'
++            b'0\r\n' # last-chunk
++            # Normally the final CRLF would go here, but if you put in a
++            # trailer, it doesn't.
++            b'trailer2: value2' # not lack of \r\n
++        )
++        data += b't' * pywsgi.MAX_REQUEST_LINE
++        # No termination, because we detect the trailer as being too
++        # long and abort the connection.
++        with self.makefile() as fd:
++            fd.write(data)
++            read_http(fd, body='oh hai')
++            with self.assertRaises(ConnectionClosed):
++                read_http(fd, body='oh bye')
++
++    def test_trailers_request_smuggling_missing_last_chunk_keep_alive(self):
++        # When something that looks like a request line comes in the trailer
++        # as the first line, immediately after an invalid last chunk.
++        # We detect this and abort the connection, because the
++        # whitespace in the GET line isn't a legal part of a trailer.
++        # If we didn't abort the connection, then, because we specified
++        # keep-alive, the server would be hanging around waiting for more input.
++        data = (
++            b'POST /a HTTP/1.1\r\n'
++            b'Host: localhost\r\n'
++            b'Connection: keep-alive\r\n'
++            b'Transfer-Encoding: chunked\r\n'
++            b'\r\n'
++            b'2\r\noh\r\n'
++            b'4\r\n hai\r\n'
++            b'0' # last-chunk, but missing the \r\n
++            # Normally the final CRLF would go here, but if you put in a
++            # trailer, it doesn't.
++            # b'\r\n'
++            b'GET /path2?a=:123 HTTP/1.1\r\n'
++            b'Host: a.com\r\n'
++            b'Connection: close\r\n'
++            b'\r\n'
++        )
++        with self.makefile() as fd:
++            fd.write(data)
++            read_http(fd, body='oh hai')
++            with self.assertRaises(ConnectionClosed):
++                read_http(fd)
++
++        self.assertEqual(self.calls, 1)
++
++    def test_trailers_request_smuggling_missing_last_chunk_close(self):
++        # Same as the above, except the trailers are actually valid
++        # and since we ask to close the connection we don't get stuck
++        # waiting for more input.
++        data = (
++            b'POST /a HTTP/1.1\r\n'
++            b'Host: localhost\r\n'
++            b'Connection: close\r\n'
++            b'Transfer-Encoding: chunked\r\n'
++            b'\r\n'
++            b'2\r\noh\r\n'
++            b'4\r\n hai\r\n'
++            b'0\r\n' # last-chunk
++            # Normally the final CRLF would go here, but if you put in a
++            # trailer, it doesn't.
++            # b'\r\n'
++            b'GETpath2a:123 HTTP/1.1\r\n'
++            b'Host: a.com\r\n'
++            b'Connection: close\r\n'
++            b'\r\n'
++        )
++        with self.makefile() as fd:
++            fd.write(data)
++            read_http(fd, body='oh hai')
++            with self.assertRaises(ConnectionClosed):
++                read_http(fd)
++
++    def test_trailers_request_smuggling_header_first(self):
++        # When something that looks like a header comes in the first line.
++        data = (
++            b'POST /a HTTP/1.1\r\n'
++            b'Host: localhost\r\n'
++            b'Connection: keep-alive\r\n'
++            b'Transfer-Encoding: chunked\r\n'
++            b'\r\n'
++            b'2\r\noh\r\n'
++            b'4\r\n hai\r\n'
++            b'0\r\n' # last-chunk, but only one CRLF
++            b'Header: value\r\n'
++            b'GET /path2?a=:123 HTTP/1.1\r\n'
++            b'Host: a.com\r\n'
++            b'Connection: close\r\n'
++            b'\r\n'
++        )
++        with self.makefile() as fd:
++            fd.write(data)
++            read_http(fd, body='oh hai')
++            with self.assertRaises(ConnectionClosed):
++                read_http(fd, code=400)
++
++        self.assertEqual(self.calls, 1)
++
++    def test_trailers_request_smuggling_request_terminates_then_header(self):
++        data = (
++            b'POST /a HTTP/1.1\r\n'
++            b'Host: localhost\r\n'
++            b'Connection: keep-alive\r\n'
++            b'Transfer-Encoding: chunked\r\n'
++            b'\r\n'
++            b'2\r\noh\r\n'
++            b'4\r\n hai\r\n'
++            b'0\r\n' # last-chunk
++            b'\r\n'
++            b'Header: value'
++            b'GET /path2?a=:123 HTTP/1.1\r\n'
++            b'Host: a.com\r\n'
++            b'Connection: close\r\n'
++            b'\r\n'
++        )
++        with self.makefile() as fd:
++            fd.write(data)
++            read_http(fd, body='oh hai')
++            read_http(fd, code=400)
++
++        self.assertEqual(self.calls, 1)
++
+
+ class TestUseWrite(TestCase):
+
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb b/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb
index 9efeec4d9f..fd6b0f531a 100644
--- a/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb
+++ b/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb
@@ -13,6 +13,8 @@ RDEPENDS:${PN} = "${PYTHON_PN}-greenlet \
 
 SRC_URI[sha256sum] = "f48b64578c367b91fa793bf8eaaaf4995cb93c8bc45860e473bf868070ad094e"
 
+SRC_URI += "file://CVE-2023-41419.patch"
+
 inherit pypi setuptools3
 
 # Don't embed libraries, link to the system instead
diff --git a/meta-python/recipes-devtools/python/python3-kivy_2.1.0..bb b/meta-python/recipes-devtools/python/python3-kivy_2.1.0..bb
index 684bca03e1..b02c55a85b 100644
--- a/meta-python/recipes-devtools/python/python3-kivy_2.1.0..bb
+++ b/meta-python/recipes-devtools/python/python3-kivy_2.1.0..bb
@@ -43,7 +43,9 @@ export KIVY_GRAPHICS
 KIVY_CROSS_SYSROOT="${RECIPE_SYSROOT}"
 export KIVY_CROSS_SYSROOT
 
-REQUIRED_DISTRO_FEATURES += "x11 opengl"
+REQUIRED_DISTRO_FEATURES += "opengl gobject-introspection-data"
+
+ANY_OF_DISTRO_FEATURES = "x11 wayland"
 
 DEPENDS += " \
     gstreamer1.0 \
diff --git a/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch b/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch
new file mode 100644
index 0000000000..cc915f1478
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch
@@ -0,0 +1,175 @@
+From 2fa92e048b76fcc7bf2d4f4443478c8292d17470 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
+Date: Thu, 1 Jun 2023 14:56:34 +0000
+Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA
+ decryption API (CVE-2020-25657)
+
+Fixes #282
+
+CVE: CVE-2020-25657
+
+Upstream-Status: Backport [https://gitlab.com/m2crypto/m2crypto/-/commit/84c53958def0f510e92119fca14d74f94215827a]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++--------
+ src/SWIG/_rsa.i           | 20 ++++++++++++--------
+ tests/test_rsa.py         | 15 +++++++--------
+ 3 files changed, 31 insertions(+), 24 deletions(-)
+
+diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c
+index 3db88b9..6aafe1f 100644
+--- a/src/SWIG/_m2crypto_wrap.c
++++ b/src/SWIG/_m2crypto_wrap.c
+@@ -7129,9 +7129,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7159,9 +7160,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7186,9 +7188,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7213,9 +7216,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+
+diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i
+index bc714e0..1377b8b 100644
+--- a/src/SWIG/_rsa.i
++++ b/src/SWIG/_rsa.i
+@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
+     tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
+         (unsigned char *)tbuf, rsa, padding);
+     if (tlen == -1) {
+-        m2_PyErr_Msg(_rsa_err);
++        ERR_clear_error();
++        PyErr_Clear();
+         PyMem_Free(tbuf);
+-        return NULL;
++        Py_RETURN_NONE;
+     }
+     ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+
+diff --git a/tests/test_rsa.py b/tests/test_rsa.py
+index 7bb3af7..5e75d68 100644
+--- a/tests/test_rsa.py
++++ b/tests/test_rsa.py
+@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase):
+         # The other paddings.
+         for padding in self.s_padding_nok:
+             p = getattr(RSA, padding)
+-            with self.assertRaises(RSA.RSAError):
+-                priv.private_encrypt(self.data, p)
++            # Exception disabled as a part of mitigation against CVE-2020-25657
++            # with self.assertRaises(RSA.RSAError):
++            priv.private_encrypt(self.data, p)
+         # Type-check the data to be encrypted.
+         with self.assertRaises(TypeError):
+             priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding)
+@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase):
+             self.assertEqual(ptxt, self.data)
+
+         # no_padding
+-        with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
+-            priv.public_encrypt(self.data, RSA.no_padding)
++        # Exception disabled as a part of mitigation against CVE-2020-25657
++        # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
++        priv.public_encrypt(self.data, RSA.no_padding)
+
+         # Type-check the data to be encrypted.
++        # Exception disabled as a part of mitigation against CVE-2020-25657
+         with self.assertRaises(TypeError):
+             priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding)
+
+@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase):
+                          b'\000\000\000\003\001\000\001')  # aka 65537 aka 0xf4
+         with self.assertRaises(RSA.RSAError):
+             setattr(rsa, 'e', '\000\000\000\003\001\000\001')
+-        with self.assertRaises(RSA.RSAError):
+-            rsa.private_encrypt(1)
+-        with self.assertRaises(RSA.RSAError):
+-            rsa.private_decrypt(1)
+         assert rsa.check_key()
+
+     def test_loadpub_bad(self):
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb b/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb
index 51a0dd676e..155a9066ca 100644
--- a/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb
+++ b/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \
            file://cross-compile-platform.patch \
            file://avoid-host-contamination.patch \
            file://0001-setup.py-address-openssl-3.x-build-issue.patch \
+           file://CVE-2020-25657.patch \
            "
 SRC_URI[sha256sum] = "99f2260a30901c949a8dc6d5f82cd5312ffb8abc92e76633baf231bbbcb2decb"
 
diff --git a/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch
new file mode 100644
index 0000000000..ad51f17288
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch
@@ -0,0 +1,156 @@
+From 1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 Mon Sep 17 00:00:00 2001
+From: Andrew Murray <radarhere@users.noreply.github.com>
+Date: Fri, 30 Jun 2023 23:32:26 +1000
+Subject: [PATCH] Added ImageFont.MAX_STRING_LENGTH
+
+Upstream-status: Backport [https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7]
+CVE: CVE-2023-44271
+Comment: Refresh hunk for test_imagefont.py, ImageFont.py and
+Remove hunk 10.0.0.rst because in our version it is 9.4.0
+
+Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
+Signed-off-by: Dnyandev Padalkar <padalkards17082001@gmail.com>
+---
+ Tests/test_imagefont.py      | 19 +++++++++++++++++++
+ docs/reference/ImageFont.rst | 18 ++++++++++++++++++
+ src/PIL/ImageFont.py         | 15 +++++++++++++++
+ 3 files changed, 52 insertions(+)
+
+diff --git a/Tests/test_imagefont.py b/Tests/test_imagefont.py
+index 7fa8ff8cbfd..c50447a153d 100644
+--- a/Tests/test_imagefont.py
++++ b/Tests/test_imagefont.py
+@@ -1107,6 +1107,25 @@
+     assert_image_equal_tofile(im, "Tests/images/text_mono.gif")
+ 
+ 
++def test_too_many_characters(font):
++    with pytest.raises(ValueError):
++        font.getlength("A" * 1000001)
++    with pytest.raises(ValueError):
++        font.getbbox("A" * 1000001)
++    with pytest.raises(ValueError):
++        font.getmask2("A" * 1000001)
++
++    transposed_font = ImageFont.TransposedFont(font)
++    with pytest.raises(ValueError):
++        transposed_font.getlength("A" * 1000001)
++
++    default_font = ImageFont.load_default()
++    with pytest.raises(ValueError):
++        default_font.getlength("A" * 1000001)
++    with pytest.raises(ValueError):
++        default_font.getbbox("A" * 1000001)
++
++
+ @pytest.mark.parametrize(
+     "test_file",
+     [
+diff --git a/docs/reference/ImageFont.rst b/docs/reference/ImageFont.rst
+index 946bd3c4bed..2abfa0cc997 100644
+--- a/docs/reference/ImageFont.rst
++++ b/docs/reference/ImageFont.rst
+@@ -18,6 +18,15 @@ OpenType fonts (as well as other font formats supported by the FreeType
+ library). For earlier versions, TrueType support is only available as part of
+ the imToolkit package.
+ 
++.. warning::
++    To protect against potential DOS attacks when using arbitrary strings as
++    text input, Pillow will raise a ``ValueError`` if the number of characters
++    is over a certain limit, :py:data:`MAX_STRING_LENGTH`.
++
++    This threshold can be changed by setting
++    :py:data:`MAX_STRING_LENGTH`. It can be disabled by setting
++    ``ImageFont.MAX_STRING_LENGTH = None``.
++
+ Example
+ -------
+ 
+@@ -73,3 +82,12 @@ Constants
+ 
+     Requires Raqm, you can check support using
+     :py:func:`PIL.features.check_feature` with ``feature="raqm"``.
++
++Constants
++---------
++
++.. data:: MAX_STRING_LENGTH
++
++    Set to 1,000,000, to protect against potential DOS attacks. Pillow will
++    raise a ``ValueError`` if the number of characters is over this limit. The
++    check can be disabled by setting ``ImageFont.MAX_STRING_LENGTH = None``. 
+diff --git a/src/PIL/ImageFont.py b/src/PIL/ImageFont.py
+index 3ddc1aaad64..1030985ebc4 100644
+--- a/src/PIL/ImageFont.py
++++ b/src/PIL/ImageFont.py
+@@ -43,6 +43,9 @@
+     RAQM = 1
+ 
+ 
++MAX_STRING_LENGTH = 1000000
++
++
+ def __getattr__(name):
+     for enum, prefix in {Layout: "LAYOUT_"}.items():
+         if name.startswith(prefix):
+@@ -67,6 +67,12 @@
+     core = _ImagingFtNotInstalled()
+ 
+ 
++def _string_length_check(text):
++    if MAX_STRING_LENGTH is not None and len(text) > MAX_STRING_LENGTH:
++        msg = "too many characters in string"
++        raise ValueError(msg)
++
++
+ _UNSPECIFIED = object()
+ 
+ 
+@@ -192,6 +192,7 @@
+ 
+         :return: ``(left, top, right, bottom)`` bounding box
+         """
++        _string_length_check(text)
+         width, height = self.font.getsize(text)
+         return 0, 0, width, height
+ 
+@@ -202,6 +202,7 @@
+ 
+         .. versionadded:: 9.2.0
+         """
++        _string_length_check(text)
+         width, height = self.font.getsize(text)
+         return width
+ 
+@@ -359,6 +359,7 @@
+ 
+         :return: Width for horizontal, height for vertical text.
+         """
++        _string_length_check(text)
+         return self.font.getlength(text, mode, direction, features, language) / 64
+ 
+     def getbbox(
+@@ -418,6 +418,7 @@
+ 
+         :return: ``(left, top, right, bottom)`` bounding box
+         """
++        _string_length_check(text)
+         size, offset = self.font.getsize(
+             text, mode, direction, features, language, anchor
+         )
+@@ -762,6 +762,7 @@
+                  :py:mod:`PIL.Image.core` interface module, and the text offset, the
+                  gap between the starting coordinate and the first marking
+         """
++        _string_length_check(text)
+         if fill is _UNSPECIFIED:
+             fill = Image.core.fill
+         else:
+@@ -924,6 +924,7 @@
+         if self.orientation in (Image.Transpose.ROTATE_90, Image.Transpose.ROTATE_270):
+             msg = "text length is undefined for text rotated by 90 or 270 degrees"
+             raise ValueError(msg)
++        _string_length_check(text)
+         return self.font.getlength(text, *args, **kwargs)
+ 
+ 
diff --git a/meta-python/recipes-devtools/python/python3-pillow/run-ptest b/meta-python/recipes-devtools/python/python3-pillow/run-ptest
new file mode 100644
index 0000000000..3385d68939
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pillow/run-ptest
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+pytest -o log_cli=true -o log_cli_level=INFO | sed -e 's/\[...%\]//g'| sed -e 's/PASSED/PASS/g'| sed -e 's/FAILED/FAIL/g'|sed -e 's/SKIPED/SKIP/g'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS"){printf "%s: %s\n", $NF, $0}else{print}}'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS") {$NF="";print $0}else{print}}'
diff --git a/meta-python/recipes-devtools/python/python3-pillow_9.0.1.bb b/meta-python/recipes-devtools/python/python3-pillow_9.0.1.bb
deleted file mode 100644
index fb86322f77..0000000000
--- a/meta-python/recipes-devtools/python/python3-pillow_9.0.1.bb
+++ /dev/null
@@ -1,42 +0,0 @@
-SUMMARY = "Python Imaging Library (Fork). Pillow is the friendly PIL fork by Alex \
-Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \
-Contributors."
-HOMEPAGE = "https://pillow.readthedocs.io"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=ad081a0aede51e89f8da13333a8fb849"
-
-SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=9.0.x;protocol=https \
-           file://0001-support-cross-compiling.patch \
-           file://0001-explicitly-set-compile-options.patch \
-"
-SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8"
-
-inherit setuptools3
-
-PIP_INSTALL_PACKAGE = "Pillow"
-PIP_INSTALL_DIST_PATH = "${S}/dist"
-
-DEPENDS += " \
-    zlib \
-    jpeg \
-    tiff \
-    freetype \
-    lcms \
-    openjpeg \
-"
-
-RDEPENDS:${PN} += " \
-    ${PYTHON_PN}-misc \
-    ${PYTHON_PN}-logging \
-    ${PYTHON_PN}-numbers \
-"
-
-CVE_PRODUCT = "pillow"
-
-S = "${WORKDIR}/git"
-
-RPROVIDES:${PN} += "python3-imaging"
-
-BBCLASSEXTEND = "native"
-
-SRCREV = "6deac9e3a23caffbfdd75c00d3f0a1cd36cdbd5d"
diff --git a/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb b/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb
new file mode 100644
index 0000000000..b9c09127c5
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb
@@ -0,0 +1,65 @@
+SUMMARY = "Python Imaging Library (Fork). Pillow is the friendly PIL fork by Alex \
+Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \
+Contributors."
+HOMEPAGE = "https://pillow.readthedocs.io"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=bc416d18f294943285560364be7cbec1"
+
+SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=main;protocol=https \
+           file://0001-support-cross-compiling.patch \
+           file://0001-explicitly-set-compile-options.patch \
+           file://run-ptest \
+           file://CVE-2023-44271.patch \
+           "
+SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8"
+
+inherit setuptools3 ptest
+
+PIP_INSTALL_PACKAGE = "Pillow"
+PIP_INSTALL_DIST_PATH = "${S}/dist"
+
+DEPENDS += " \
+    zlib \
+    jpeg \
+    tiff \
+    freetype \
+    lcms \
+    openjpeg \
+"
+
+RDEPENDS:${PN} += " \
+    ${PYTHON_PN}-misc \
+    ${PYTHON_PN}-logging \
+    ${PYTHON_PN}-numbers \
+"
+
+RDEPENDS:${PN}-ptest += " \
+    bash \
+    ghostscript \
+    jpeg-tools \
+    libwebp \
+    ${PYTHON_PN}-core \
+    ${PYTHON_PN}-distutils \
+    ${PYTHON_PN}-image \
+    ${PYTHON_PN}-mmap \
+    ${PYTHON_PN}-pytest \
+    ${PYTHON_PN}-pytest-timeout \
+    ${PYTHON_PN}-resource \
+    ${PYTHON_PN}-unixadmin\
+    ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'tk', '', d)} \
+"
+
+CVE_PRODUCT = "pillow"
+
+S = "${WORKDIR}/git"
+
+RPROVIDES:${PN} += "python3-imaging"
+
+do_install_ptest() {
+        install -d ${D}${PTEST_PATH}/Tests
+        cp -rf ${S}/Tests ${D}${PTEST_PATH}/
+}
+
+BBCLASSEXTEND = "native"
+
+SRCREV = "a5bbab1c1e63b439de191ef2040173713b26d2da"
diff --git a/meta-python/recipes-devtools/python/python3-pyudev_0.23.2.bb b/meta-python/recipes-devtools/python/python3-pyudev_0.23.2.bb
index 4c4c959eba..035e149518 100644
--- a/meta-python/recipes-devtools/python/python3-pyudev_0.23.2.bb
+++ b/meta-python/recipes-devtools/python/python3-pyudev_0.23.2.bb
@@ -21,4 +21,4 @@ RDEPENDS:${PN} = "\
     libudev \
 "
 
-BBCLASSEXTEND = "native nativesdk"
+BBCLASSEXTEND = "native"
diff --git a/meta-python/recipes-devtools/python/python3-robotframework-seriallibrary_0.3.1.bb b/meta-python/recipes-devtools/python/python3-robotframework-seriallibrary_0.3.1.bb
index d9465af081..ecc15499cf 100644
--- a/meta-python/recipes-devtools/python/python3-robotframework-seriallibrary_0.3.1.bb
+++ b/meta-python/recipes-devtools/python/python3-robotframework-seriallibrary_0.3.1.bb
@@ -16,5 +16,3 @@ RDEPENDS:${PN} += " \
     ${PYTHON_PN}-pyserial \
     ${PYTHON_PN}-robotframework \
 "
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-python/recipes-devtools/python/python3-snappy_0.6.1.bb b/meta-python/recipes-devtools/python/python3-snappy_0.6.1.bb
index 8a30f7cb78..bd0979d0b4 100644
--- a/meta-python/recipes-devtools/python/python3-snappy_0.6.1.bb
+++ b/meta-python/recipes-devtools/python/python3-snappy_0.6.1.bb
@@ -11,5 +11,3 @@ inherit pypi setuptools3
 PYPI_PACKAGE = "python-snappy"
 
 RDEPENDS:${PN} += "snappy"
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-python/recipes-devtools/python/python3-soupsieve_2.3.1.bb b/meta-python/recipes-devtools/python/python3-soupsieve_2.3.1.bb
index 7cb76b426f..631a45c99e 100644
--- a/meta-python/recipes-devtools/python/python3-soupsieve_2.3.1.bb
+++ b/meta-python/recipes-devtools/python/python3-soupsieve_2.3.1.bb
@@ -12,10 +12,6 @@ SRC_URI += " \
         file://run-ptest \
 "
 
-RDEPENDS:${PN} += "\
-        ${PYTHON_PN}-beautifulsoup4 \
-"
-
 RDEPENDS:${PN}-ptest += " \
         ${PYTHON_PN}-pytest \
         ${PYTHON_PN}-beautifulsoup4 \
diff --git a/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch b/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch
new file mode 100644
index 0000000000..41dbf088e1
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch
@@ -0,0 +1,75 @@
+From fa1cc25e1967228e5d47b9ddb626cc82dba92d7e Mon Sep 17 00:00:00 2001
+From: Andi Albrecht <albrecht.andi@gmail.com>
+Date: Wed, 31 May 2023 12:29:07 +0000
+Subject: [PATCH] Remove unnecessary parts in regex for bad escaping.
+
+The regex tried to deal with situations where escaping in the
+SQL to be parsed was suspicious.
+
+CVE: CVE-2023-30608
+
+Upstream-Status: Backport [https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ CHANGELOG            | 15 +++++++++++++++
+ sqlparse/keywords.py |  4 ++--
+ tests/test_split.py  |  4 ++--
+ 3 files changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 65e03fc..a584003 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -1,3 +1,18 @@
++Backport CVE-2023-30608 Fix
++---------------------------
++
++Notable Changes
++
++* IMPORTANT: This release fixes a security vulnerability in the
++  parser where a regular expression vulnerable to ReDOS (Regular
++  Expression Denial of Service) was used. See the security advisory
++  for details: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
++  The vulnerability was discovered by @erik-krogh from GitHub
++  Security Lab (GHSL). Thanks for reporting!
++
++* Fix regular expressions for string parsing.
++
++
+ Release 0.4.2 (Sep 10, 2021)
+ ----------------------------
+
+diff --git a/sqlparse/keywords.py b/sqlparse/keywords.py
+index 6850628..4e97477 100644
+--- a/sqlparse/keywords.py
++++ b/sqlparse/keywords.py
+@@ -66,9 +66,9 @@ SQL_REGEX = {
+         (r'(?![_A-ZÀ-Ü])-?(\d+(\.\d*)|\.\d+)(?![_A-ZÀ-Ü])',
+          tokens.Number.Float),
+         (r'(?![_A-ZÀ-Ü])-?\d+(?![_A-ZÀ-Ü])', tokens.Number.Integer),
+-        (r"'(''|\\\\|\\'|[^'])*'", tokens.String.Single),
++        (r"'(''|\\'|[^'])*'", tokens.String.Single),
+         # not a real string literal in ANSI SQL:
+-        (r'"(""|\\\\|\\"|[^"])*"', tokens.String.Symbol),
++        (r'"(""|\\"|[^"])*"', tokens.String.Symbol),
+         (r'(""|".*?[^\\]")', tokens.String.Symbol),
+         # sqlite names can be escaped with [square brackets]. left bracket
+         # cannot be preceded by word character or a right bracket --
+diff --git a/tests/test_split.py b/tests/test_split.py
+index a9d7576..e79750e 100644
+--- a/tests/test_split.py
++++ b/tests/test_split.py
+@@ -18,8 +18,8 @@ def test_split_semicolon():
+
+
+ def test_split_backslash():
+-    stmts = sqlparse.parse(r"select '\\'; select '\''; select '\\\'';")
+-    assert len(stmts) == 3
++    stmts = sqlparse.parse("select '\'; select '\'';")
++    assert len(stmts) == 2
+
+
+ @pytest.mark.parametrize('fn', ['function.sql',
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-sqlparse_0.4.2.bb b/meta-python/recipes-devtools/python/python3-sqlparse_0.4.2.bb
index 0980ff9c24..b5cc41e730 100644
--- a/meta-python/recipes-devtools/python/python3-sqlparse_0.4.2.bb
+++ b/meta-python/recipes-devtools/python/python3-sqlparse_0.4.2.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2b136f573f5386001ea3b7b9016222fc"
 
 SRC_URI += "file://0001-sqlparse-change-shebang-to-python3.patch \
             file://run-ptest \
+            file://CVE-2023-30608.patch \
 	    "
 
 SRC_URI[sha256sum] = "0c00730c74263a94e5a9919ade150dfc3b19c574389985446148402998287dae"
diff --git a/meta-python/recipes-devtools/python/python3-txaio_22.2.1.bb b/meta-python/recipes-devtools/python/python3-txaio_22.2.1.bb
index e2102695ec..50f14b17fd 100644
--- a/meta-python/recipes-devtools/python/python3-txaio_22.2.1.bb
+++ b/meta-python/recipes-devtools/python/python3-txaio_22.2.1.bb
@@ -10,5 +10,3 @@ inherit pypi setuptools3
 RDEPENDS:${PN} += " \
     ${PYTHON_PN}-twisted \
 "
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch
new file mode 100644
index 0000000000..3a0f4324a1
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch
@@ -0,0 +1,117 @@
+From db1457abec7fe27148673f5f8bfdf5c52eb7f29f Mon Sep 17 00:00:00 2001
+From: David Lord <davidism@gmail.com>
+Date: Wed, 10 May 2023 11:33:18 +0000
+Subject: [PATCH] Merge pull request from GHSA-px8h-6qxv-m22q
+
+don't strip leading `=` when parsing cookie
+
+"src/werkzeug/sansio/http.py" file is not available in the current recipe
+version 2.1.1 and this has been introduced from 2.2.0 version. Before 2.2.0
+version, this http.py file was only available in the "src/werkzeug/http.py"
+and we could see the same functions available there which are getting modified
+in the CVE fix commit. Hence, modifying the same at "src/werkzeug/http.py" file.
+
+CVE: CVE-2023-23934
+
+Upstream-Status: Backport [https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ CHANGES.rst               |  3 +++
+ src/werkzeug/_internal.py | 13 +++++++++----
+ src/werkzeug/http.py      |  4 ----
+ tests/test_http.py        |  4 +++-
+ 4 files changed, 15 insertions(+), 9 deletions(-)
+
+diff --git a/CHANGES.rst b/CHANGES.rst
+index 6e809ba..13ef75b 100644
+--- a/CHANGES.rst
++++ b/CHANGES.rst
+@@ -4,6 +4,9 @@
+     ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS
+     attack where a larger number of form/file parts would result in disproportionate
+     resource use.
++-   A cookie header that starts with ``=`` is treated as an empty key and discarded,
++    rather than stripping the leading ``==``.
++
+ 
+ Version 2.1.1
+ -------------
+diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
+index a8b3523..d6290ba 100644
+--- a/src/werkzeug/_internal.py
++++ b/src/werkzeug/_internal.py
+@@ -34,7 +34,7 @@ _quote_re = re.compile(rb"[\\].")
+ _legal_cookie_chars_re = rb"[\w\d!#%&\'~_`><@,:/\$\*\+\-\.\^\|\)\(\?\}\{\=]"
+ _cookie_re = re.compile(
+     rb"""
+-    (?P<key>[^=;]+)
++    (?P<key>[^=;]*)
+     (?:\s*=\s*
+         (?P<val>
+             "(?:[^\\"]|\\.)*" |
+@@ -382,16 +382,21 @@ def _cookie_parse_impl(b: bytes) -> t.Iterator[t.Tuple[bytes, bytes]]:
+     """Lowlevel cookie parsing facility that operates on bytes."""
+     i = 0
+     n = len(b)
++    b += b";"
+ 
+     while i < n:
+-        match = _cookie_re.search(b + b";", i)
++        match = _cookie_re.match(b, i)
++
+         if not match:
+             break
+ 
+-        key = match.group("key").strip()
+-        value = match.group("val") or b""
+         i = match.end(0)
++        key = match.group("key").strip()
++
++        if not key:
++            continue
+ 
++        value = match.group("val") or b""
+         yield key, _cookie_unquote(value)
+ 
+ 
+diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py
+index 9369900..ae133e3 100644
+--- a/src/werkzeug/http.py
++++ b/src/werkzeug/http.py
+@@ -1205,10 +1205,6 @@ def parse_cookie(
+     def _parse_pairs() -> t.Iterator[t.Tuple[str, str]]:
+         for key, val in _cookie_parse_impl(header):  # type: ignore
+             key_str = _to_str(key, charset, errors, allow_none_charset=True)
+-
+-            if not key_str:
+-                continue
+-
+             val_str = _to_str(val, charset, errors, allow_none_charset=True)
+             yield key_str, val_str
+ 
+diff --git a/tests/test_http.py b/tests/test_http.py
+index 5936bfa..59cc179 100644
+--- a/tests/test_http.py
++++ b/tests/test_http.py
+@@ -427,7 +427,8 @@ class TestHTTPUtility:
+     def test_parse_cookie(self):
+         cookies = http.parse_cookie(
+             "dismiss-top=6; CP=null*; PHPSESSID=0a539d42abc001cdc762809248d4beed;"
+-            'a=42; b="\\";"; ; fo234{=bar;blub=Blah; "__Secure-c"=d'
++            'a=42; b="\\";"; ; fo234{=bar;blub=Blah; "__Secure-c"=d;'
++            "==__Host-eq=bad;__Host-eq=good;"
+         )
+         assert cookies.to_dict() == {
+             "CP": "null*",
+@@ -438,6 +439,7 @@ class TestHTTPUtility:
+             "fo234{": "bar",
+             "blub": "Blah",
+             '"__Secure-c"': "d",
++            "__Host-eq": "good",
+         }
+ 
+     def test_dump_cookie(self):
+-- 
+2.40.0
+
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch
new file mode 100644
index 0000000000..61551d8fca
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch
@@ -0,0 +1,231 @@
+From 5a56cdcbaec2153cd67596c6c2c8056e1ea5ed56 Mon Sep 17 00:00:00 2001
+From: David Lord <davidism@gmail.com>
+Date: Tue, 2 May 2023 11:31:10 +0000
+Subject: [PATCH] Merge pull request from GHSA-xg9f-g7g7-2323
+
+limit the maximum number of multipart form parts
+
+CVE: CVE-2023-25577
+
+Upstream-Status: Backport [https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ CHANGES.rst                      |  5 +++++
+ docs/request_data.rst            | 37 +++++++++++++++++---------------
+ src/werkzeug/formparser.py       | 12 ++++++++++-
+ src/werkzeug/sansio/multipart.py |  8 +++++++
+ src/werkzeug/wrappers/request.py |  8 +++++++
+ tests/test_formparser.py         |  9 ++++++++
+ 6 files changed, 61 insertions(+), 18 deletions(-)
+
+diff --git a/CHANGES.rst b/CHANGES.rst
+index a351d7c..6e809ba 100644
+--- a/CHANGES.rst
++++ b/CHANGES.rst
+@@ -1,5 +1,10 @@
+ .. currentmodule:: werkzeug
+
++-   Specify a maximum number of multipart parts, default 1000, after which a
++    ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS
++    attack where a larger number of form/file parts would result in disproportionate
++    resource use.
++
+ Version 2.1.1
+ -------------
+
+diff --git a/docs/request_data.rst b/docs/request_data.rst
+index 83c6278..e55841e 100644
+--- a/docs/request_data.rst
++++ b/docs/request_data.rst
+@@ -73,23 +73,26 @@ read the stream *or* call :meth:`~Request.get_data`.
+ Limiting Request Data
+ ---------------------
+
+-To avoid being the victim of a DDOS attack you can set the maximum
+-accepted content length and request field sizes.  The :class:`Request`
+-class has two attributes for that: :attr:`~Request.max_content_length`
+-and :attr:`~Request.max_form_memory_size`.
+-
+-The first one can be used to limit the total content length.  For example
+-by setting it to ``1024 * 1024 * 16`` the request won't accept more than
+-16MB of transmitted data.
+-
+-Because certain data can't be moved to the hard disk (regular post data)
+-whereas temporary files can, there is a second limit you can set.  The
+-:attr:`~Request.max_form_memory_size` limits the size of `POST`
+-transmitted form data.  By setting it to ``1024 * 1024 * 2`` you can make
+-sure that all in memory-stored fields are not more than 2MB in size.
+-
+-This however does *not* affect in-memory stored files if the
+-`stream_factory` used returns a in-memory file.
++The :class:`Request` class provides a few attributes to control how much data is
++processed from the request body. This can help mitigate DoS attacks that craft the
++request in such a way that the server uses too many resources to handle it. Each of
++these limits will raise a :exc:`~werkzeug.exceptions.RequestEntityTooLarge` if they are
++exceeded.
++
++-   :attr:`~Request.max_content_length` Stop reading request data after this number
++    of bytes. It's better to configure this in the WSGI server or HTTP server, rather
++    than the WSGI application.
++-   :attr:`~Request.max_form_memory_size` Stop reading request data if any form part is
++    larger than this number of bytes. While file parts can be moved to disk, regular
++    form field data is stored in memory only.
++-   :attr:`~Request.max_form_parts` Stop reading request data if more than this number
++    of parts are sent in multipart form data. This is useful to stop a very large number
++    of very small parts, especially file parts. The default is 1000.
++
++Using Werkzeug to set these limits is only one layer of protection. WSGI servers
++and HTTPS servers should set their own limits on size and timeouts. The operating system
++or container manager should set limits on memory and processing time for server
++processes.
+
+
+ How to extend Parsing?
+diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py
+index 10d58ca..bebb2fc 100644
+--- a/src/werkzeug/formparser.py
++++ b/src/werkzeug/formparser.py
+@@ -179,6 +179,8 @@ class FormDataParser:
+     :param cls: an optional dict class to use.  If this is not specified
+                        or `None` the default :class:`MultiDict` is used.
+     :param silent: If set to False parsing errors will not be caught.
++    :param max_form_parts: The maximum number of parts to be parsed. If this is
++        exceeded, a :exc:`~exceptions.RequestEntityTooLarge` exception is raised.
+     """
+
+     def __init__(
+@@ -190,6 +192,8 @@ class FormDataParser:
+         max_content_length: t.Optional[int] = None,
+         cls: t.Optional[t.Type[MultiDict]] = None,
+         silent: bool = True,
++        *,
++        max_form_parts: t.Optional[int] = None,
+     ) -> None:
+         if stream_factory is None:
+             stream_factory = default_stream_factory
+@@ -199,6 +203,7 @@ class FormDataParser:
+         self.errors = errors
+         self.max_form_memory_size = max_form_memory_size
+         self.max_content_length = max_content_length
++        self.max_form_parts = max_form_parts
+
+         if cls is None:
+             cls = MultiDict
+@@ -281,6 +286,7 @@ class FormDataParser:
+             self.errors,
+             max_form_memory_size=self.max_form_memory_size,
+             cls=self.cls,
++            max_form_parts=self.max_form_parts,
+         )
+         boundary = options.get("boundary", "").encode("ascii")
+
+@@ -346,10 +352,12 @@ class MultiPartParser:
+         max_form_memory_size: t.Optional[int] = None,
+         cls: t.Optional[t.Type[MultiDict]] = None,
+         buffer_size: int = 64 * 1024,
++        max_form_parts: t.Optional[int] = None,
+     ) -> None:
+         self.charset = charset
+         self.errors = errors
+         self.max_form_memory_size = max_form_memory_size
++        self.max_form_parts = max_form_parts
+
+         if stream_factory is None:
+             stream_factory = default_stream_factory
+@@ -409,7 +417,9 @@ class MultiPartParser:
+             [None],
+         )
+
+-        parser = MultipartDecoder(boundary, self.max_form_memory_size)
++        parser = MultipartDecoder(
++            boundary, self.max_form_memory_size, max_parts=self.max_form_parts
++        )
+
+         fields = []
+         files = []
+diff --git a/src/werkzeug/sansio/multipart.py b/src/werkzeug/sansio/multipart.py
+index 2d54422..e7d742b 100644
+--- a/src/werkzeug/sansio/multipart.py
++++ b/src/werkzeug/sansio/multipart.py
+@@ -83,10 +83,13 @@ class MultipartDecoder:
+         self,
+         boundary: bytes,
+         max_form_memory_size: Optional[int] = None,
++        *,
++        max_parts: Optional[int] = None,
+     ) -> None:
+         self.buffer = bytearray()
+         self.complete = False
+         self.max_form_memory_size = max_form_memory_size
++        self.max_parts = max_parts
+         self.state = State.PREAMBLE
+         self.boundary = boundary
+
+@@ -113,6 +116,7 @@ class MultipartDecoder:
+             % (LINE_BREAK, re.escape(boundary), LINE_BREAK, LINE_BREAK),
+             re.MULTILINE,
+         )
++        self._parts_decoded = 0
+
+     def last_newline(self) -> int:
+         try:
+@@ -177,6 +181,10 @@ class MultipartDecoder:
+                         name=name,
+                     )
+                 self.state = State.DATA
++                self._parts_decoded += 1
++
++                if self.max_parts is not None and self._parts_decoded > self.max_parts:
++                    raise RequestEntityTooLarge()
+
+         elif self.state == State.DATA:
+             if self.buffer.find(b"--" + self.boundary) == -1:
+diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
+index 57b739c..a6d5429 100644
+--- a/src/werkzeug/wrappers/request.py
++++ b/src/werkzeug/wrappers/request.py
+@@ -83,6 +83,13 @@ class Request(_SansIORequest):
+     #: .. versionadded:: 0.5
+     max_form_memory_size: t.Optional[int] = None
+
++    #: The maximum number of multipart parts to parse, passed to
++    #: :attr:`form_data_parser_class`. Parsing form data with more than this
++    #: many parts will raise :exc:`~.RequestEntityTooLarge`.
++    #:
++    #: .. versionadded:: 2.2.3
++    max_form_parts = 1000
++
+     #: The form data parser that should be used.  Can be replaced to customize
+     #: the form date parsing.
+     form_data_parser_class: t.Type[FormDataParser] = FormDataParser
+@@ -246,6 +253,7 @@ class Request(_SansIORequest):
+             self.max_form_memory_size,
+             self.max_content_length,
+             self.parameter_storage_class,
++            max_form_parts=self.max_form_parts,
+         )
+
+     def _load_form_data(self) -> None:
+diff --git a/tests/test_formparser.py b/tests/test_formparser.py
+index 5fc803e..834324f 100644
+--- a/tests/test_formparser.py
++++ b/tests/test_formparser.py
+@@ -127,6 +127,15 @@ class TestFormParser:
+         req.max_form_memory_size = 400
+         assert req.form["foo"] == "Hello World"
+
++        req = Request.from_values(
++            input_stream=io.BytesIO(data),
++            content_length=len(data),
++            content_type="multipart/form-data; boundary=foo",
++            method="POST",
++        )
++        req.max_form_parts = 1
++        pytest.raises(RequestEntityTooLarge, lambda: req.form["foo"])
++
+     def test_missing_multipart_boundary(self):
+         data = (
+             b"--foo\r\nContent-Disposition: form-field; name=foo\r\n\r\n"
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb
index 476a3a5964..fc0789a73e 100644
--- a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb
+++ b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb
@@ -12,6 +12,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462"
 
 PYPI_PACKAGE = "Werkzeug"
 
+SRC_URI += "file://CVE-2023-25577.patch \
+            file://CVE-2023-23934.patch"
+
 SRC_URI[sha256sum] = "f8e89a20aeabbe8a893c24a461d3ee5dad2123b05cc6abd73ceed01d39c3ae74"
 
 inherit pypi setuptools3
diff --git a/meta-python/recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb b/meta-python/recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb
index 29e7a267d2..36ab065b51 100644
--- a/meta-python/recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb
+++ b/meta-python/recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb
@@ -9,7 +9,7 @@ S = "${WORKDIR}/git"
 B = "${S}"
 
 SRCREV = "42512ee48494cee71febf04078d9774f0146a085"
-SRC_URI = "git://github.com/storaged-project/blivet-gui.git;branch=master;protocol=https \
+SRC_URI = "git://github.com/storaged-project/blivet-gui.git;branch=main;protocol=https \
            file://0001-Use-setuptools-instead-of-distutils-in-setup.py.patch \
            file://0002-Use-symbolic-list-add-and-edit-icons.patch \
            "
diff --git a/meta-python/recipes-extended/python-cson/python3-cson_git.bb b/meta-python/recipes-extended/python-cson/python3-cson_git.bb
index c4fcc61ec0..1187d12af8 100644
--- a/meta-python/recipes-extended/python-cson/python3-cson_git.bb
+++ b/meta-python/recipes-extended/python-cson/python3-cson_git.bb
@@ -12,8 +12,7 @@ SRC_URI = "git://github.com/gt3389b/python-cson.git;branch=master;protocol=https
 
 S = "${WORKDIR}/git"
 
-RDEPENDS:${PN}:class-native = ""
-DEPENDS:append:class-native = " python-native "
+RDEPENDS:${PN} = "python3-json"
 
 inherit setuptools3
 
diff --git a/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb b/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb
index 3a9f0ad6fd..976dd12d52 100644
--- a/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb
+++ b/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb
@@ -35,5 +35,3 @@ RDEPENDS:${PN}:class-target += "\
     ${PYTHON_PN}-nocaselist \
     ${PYTHON_PN}-custom-inherit \
 "
-
-BBCLASSEXTEND = "native"
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb
index 37d498f52e..84b19de592 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb
@@ -27,7 +27,7 @@ SRC_URI:append:class-target = " \
            "
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3"
-SRC_URI[sha256sum] = "eb397feeefccaf254f8d45de3768d9d68e8e73851c49afd5b7176d1ecf80c340"
+SRC_URI[sha256sum] = "fa16d72a078210a54c47dd5bef2f8b9b8a01d94909a51453956b3ec6442ea4c5"
 
 S = "${WORKDIR}/httpd-${PV}"
 
@@ -35,7 +35,7 @@ inherit autotools update-rc.d pkgconfig systemd update-alternatives
 
 DEPENDS = "openssl expat pcre apr apr-util apache2-native "
 
-CVE_PRODUCT = "http_server"
+CVE_PRODUCT = "apache:http_server"
 
 SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"
 
diff --git a/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf b/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf
index ff2c587046..0852a8859a 100644
--- a/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf
+++ b/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf
@@ -1,2 +1,2 @@
-d  /var/run/apache2 0755 root root -
+d  /run/apache2 0755 root root -
 d  /var/log/apache2 0755 root root -
diff --git a/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch b/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch
new file mode 100644
index 0000000000..f4bab49aa7
--- /dev/null
+++ b/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch
@@ -0,0 +1,30 @@
+From 7f724bbafbb1e170401dd5de201273ab8c8bc75f Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sun, 28 Aug 2022 14:24:02 -0700
+Subject: [PATCH] fastcgi: Use value instead of address of sin6_port
+
+This seems to be wrongly assigned where ipv4 sin_port is
+equated to address of sin6_port and not value of sin6_port
+
+Upstream-Status: Submitted [https://github.com/monkey/monkey/pull/375]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ plugins/fastcgi/fcgi_handler.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plugins/fastcgi/fcgi_handler.c b/plugins/fastcgi/fcgi_handler.c
+index 9e095e3c..e8e1eec1 100644
+--- a/plugins/fastcgi/fcgi_handler.c
++++ b/plugins/fastcgi/fcgi_handler.c
+@@ -245,7 +245,7 @@ static inline int fcgi_add_param_net(struct fcgi_handler *handler)
+             struct sockaddr_in *s4 = (struct sockaddr_in *)&addr4;   
+             memset(&addr4, 0, sizeof(addr4));
+             addr4.sin_family = AF_INET;
+-            addr4.sin_port = &s->sin6_port;
++            addr4.sin_port = s->sin6_port;
+             memcpy(&addr4.sin_addr.s_addr, 
+                    s->sin6_addr.s6_addr + 12, 
+                    sizeof(addr4.sin_addr.s_addr));
+-- 
+2.37.2
+
diff --git a/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb b/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb
index fff406a3f2..d3e22757c4 100644
--- a/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb
+++ b/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb
@@ -7,11 +7,13 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2ee41112a44fe7014dce33e26468ba93"
 
 SECTION = "net"
 
-SRC_URI = "http://monkey-project.com/releases/1.6/monkey-${PV}.tar.gz \
+SRC_URI = "git://github.com/monkey/monkey;branch=1.6;protocol=https \
+           file://0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch \
            file://monkey.service \
            file://monkey.init"
 
-SRC_URI[sha256sum] = "f1122e89cda627123286542b0a18fcaa131cbe9d4f5dd897d9455157289148fb"
+SRCREV = "7999b487fded645381d387ec0e057e92407b0d2c"
+S = "${WORKDIR}/git"
 
 UPSTREAM_CHECK_URI = "https://github.com/monkey/monkey/releases"
 UPSTREAM_CHECK_REGEX = "v(?P<pver>\d+(\.\d+)+).tar.gz"
diff --git a/meta-webserver/recipes-httpd/nginx/files/0001-HTTP-2-per-iteration-stream-handling-limit.patch b/meta-webserver/recipes-httpd/nginx/files/0001-HTTP-2-per-iteration-stream-handling-limit.patch
new file mode 100644
index 0000000000..7dd1e721c0
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/files/0001-HTTP-2-per-iteration-stream-handling-limit.patch
@@ -0,0 +1,92 @@
+From 2b9667f36551406169e3e2a6a774466ac70a83c0 Mon Sep 17 00:00:00 2001
+From: Maxim Dounin <mdounin@mdounin.ru>
+Date: Tue, 10 Oct 2023 15:13:39 +0300
+Subject: [PATCH] HTTP/2: per-iteration stream handling limit.
+
+To ensure that attempts to flood servers with many streams are detected
+early, a limit of no more than 2 * max_concurrent_streams new streams per one
+event loop iteration was introduced.  This limit is applied even if
+max_concurrent_streams is not yet reached - for example, if corresponding
+streams are handled synchronously or reset.
+
+Further, refused streams are now limited to maximum of max_concurrent_streams
+and 100, similarly to priority_limit initial value, providing some tolerance
+to clients trying to open several streams at the connection start, yet
+low tolerance to flooding attempts.
+
+Upstream-Status: Backport
+[https://github.com/nginx/nginx/commit/6ceef192e7af1c507826ac38a2d43f08bf265fb9]
+
+Reduces the impact of HTTP/2 Stream Reset flooding in the nginx product
+(CVE-2023-44487).
+
+See: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
+
+This patch only reduces the impact and does not completely mitigate the CVE
+in question, the latter being due to a design flaw in the HTTP/2 protocol
+itself. For transparancy reasons I therefore opted to not mark the
+CVE as resolved, so that integrators can decide for themselves, wheither to
+enable HTTP/2 support or allow HTTP/1.1 connections only.
+
+Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
+---
+ src/http/v2/ngx_http_v2.c | 15 +++++++++++++++
+ src/http/v2/ngx_http_v2.h |  2 ++
+ 2 files changed, 17 insertions(+)
+
+diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
+index 3611a2e50..291677aca 100644
+--- a/src/http/v2/ngx_http_v2.c
++++ b/src/http/v2/ngx_http_v2.c
+@@ -361,6 +361,7 @@ ngx_http_v2_read_handler(ngx_event_t *rev)
+     ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http2 read handler");
+ 
+     h2c->blocked = 1;
++    h2c->new_streams = 0;
+ 
+     if (c->close) {
+         c->close = 0;
+@@ -1320,6 +1321,14 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos,
+         goto rst_stream;
+     }
+ 
++    if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) {
++        ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
++                      "client sent too many streams at once");
++
++        status = NGX_HTTP_V2_REFUSED_STREAM;
++        goto rst_stream;
++    }
++
+     if (!h2c->settings_ack
+         && !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG)
+         && h2scf->preread_size < NGX_HTTP_V2_DEFAULT_WINDOW)
+@@ -1385,6 +1394,12 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos,
+ 
+ rst_stream:
+ 
++    if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) {
++        ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
++                      "client sent too many refused streams");
++        return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR);
++    }
++
+     if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) {
+         return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR);
+     }
+diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h
+index 349229711..6a7aaa62c 100644
+--- a/src/http/v2/ngx_http_v2.h
++++ b/src/http/v2/ngx_http_v2.h
+@@ -125,6 +125,8 @@ struct ngx_http_v2_connection_s {
+     ngx_uint_t                       processing;
+     ngx_uint_t                       frames;
+     ngx_uint_t                       idle;
++    ngx_uint_t                       new_streams;
++    ngx_uint_t                       refused_streams;
+     ngx_uint_t                       priority_limit;
+ 
+     ngx_uint_t                       pushing;
+-- 
+2.42.1
+
diff --git a/meta-webserver/recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch b/meta-webserver/recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch
new file mode 100644
index 0000000000..7ba2a1fb85
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch
@@ -0,0 +1,39 @@
+From 0c3c669464a514cf8d0cac08282ecb2b486f440f Mon Sep 17 00:00:00 2001
+From: Joe Slater <joe.slater@windriver.com>
+Date: Tue, 3 Oct 2023 19:21:17 +0000
+Subject: [PATCH] configure: libxslt conf
+
+Modify to find libxslt related include files under sysroot.
+
+Upstream-Status: Pending
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+---
+ auto/lib/libxslt/conf | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/auto/lib/libxslt/conf b/auto/lib/libxslt/conf
+index 3063ac7..eb77886 100644
+--- a/auto/lib/libxslt/conf
++++ b/auto/lib/libxslt/conf
+@@ -12,7 +12,7 @@
+                       #include <libxslt/xsltInternals.h>
+                       #include <libxslt/transform.h>
+                       #include <libxslt/xsltutils.h>"
+-    ngx_feature_path="/usr/include/libxml2"
++    ngx_feature_path="=/usr/include/libxml2"
+     ngx_feature_libs="-lxml2 -lxslt"
+     ngx_feature_test="xmlParserCtxtPtr    ctxt = NULL;
+                       xsltStylesheetPtr   sheet = NULL;
+@@ -100,7 +100,7 @@ fi
+     ngx_feature_name=NGX_HAVE_EXSLT
+     ngx_feature_run=no
+     ngx_feature_incs="#include <libexslt/exslt.h>"
+-    ngx_feature_path="/usr/include/libxml2"
++    ngx_feature_path="=/usr/include/libxml2"
+     ngx_feature_libs="-lexslt"
+     ngx_feature_test="exsltRegisterAll();"
+     . auto/feature
+-- 
+2.35.5
+
diff --git a/meta-webserver/recipes-httpd/nginx/nginx.inc b/meta-webserver/recipes-httpd/nginx/nginx.inc
index dfced33300..9f93c7051d 100644
--- a/meta-webserver/recipes-httpd/nginx/nginx.inc
+++ b/meta-webserver/recipes-httpd/nginx/nginx.inc
@@ -22,6 +22,7 @@ SRC_URI = " \
     file://nginx-volatile.conf \
     file://nginx.service \
     file://nginx-fix-pidfile.patch \
+    file://0001-configure-libxslt-conf.patch \
 "
 
 inherit siteinfo update-rc.d useradd systemd
@@ -43,6 +44,9 @@ PACKAGECONFIG[gunzip] = "--with-http_gunzip_module,,"
 PACKAGECONFIG[http2] = "--with-http_v2_module,,"
 PACKAGECONFIG[ssl] = "--with-http_ssl_module,,openssl"
 PACKAGECONFIG[http-auth-request] = "--with-http_auth_request_module,,"
+PACKAGECONFIG[stream] = "--with-stream,,"
+
+PACKAGECONFIG[xslt] = "--with-http_xslt_module,,libxslt"
 
 do_configure () {
     if [ "${SITEINFO_BITS}" = "64" ]; then
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb
index 09a1b45591..8bed04d6d8 100644
--- a/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb
+++ b/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb
@@ -2,6 +2,7 @@ require nginx.inc
 
 SRC_URI += "file://CVE-2021-3618.patch \
             file://CVE-2022-41741-CVE-2022-41742.patch \
+            file://0001-HTTP-2-per-iteration-stream-handling-limit.patch \
            "
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=206629dc7c7b3e87acb31162363ae505"
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb
index b69fd7dab0..73b5c93c90 100644
--- a/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb
+++ b/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb
@@ -1,5 +1,7 @@
 require nginx.inc
 
+SRC_URI += "file://0001-HTTP-2-per-iteration-stream-handling-limit.patch"
+
 # 1.20.x branch is the current stable branch, the recommended default
 # 1.21.x is the current mainline branches containing all new features
 DEFAULT_PREFERENCE = "-1"
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb
new file mode 100644
index 0000000000..2e865e400e
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb
@@ -0,0 +1,6 @@
+require nginx.inc
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=175abb631c799f54573dc481454c8632"
+
+SRC_URI[sha256sum] = "77a2541637b92a621e3ee76776c8b7b40cf6d707e69ba53a940283e30ff2f55d"
+
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch
new file mode 100644
index 0000000000..707334a517
--- /dev/null
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch
@@ -0,0 +1,37 @@
+From 0842f11158699a979437125756b26eeabedab9ab Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Maur=C3=ADcio=20Meneghini=20Fauth?= <mauricio@fauth.dev>
+Date: Fri, 5 Aug 2022 20:18:16 -0300
+Subject: [PATCH] Fix not escaped title when using drag and drop upload
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
+
+Upstream-Status: Backport
+CVE: CVE-2023-25727
+
+Reference to upstream patch:
+https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e
+
+Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com>
+---
+ js/src/drag_drop_import.js | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/js/src/drag_drop_import.js b/js/src/drag_drop_import.js
+index 55250c2..9b8710e 100644
+--- a/js/src/drag_drop_import.js
++++ b/js/src/drag_drop_import.js
+@@ -130,7 +130,7 @@ var DragDropImport = {
+                                 var filename = $this.parent('span').attr('data-filename');
+                                 $('body').append('<div class="pma_drop_result"><h2>' +
+                                 Messages.dropImportImportResultHeader + ' - ' +
+-                                filename + '<span class="close">x</span></h2>' + value.message + '</div>');
++                                Functions.escapeHtml(filename) + '<span class="close">x</span></h2>' + value.message + '</div>');
+                                 $('.pma_drop_result').draggable();  // to make this dialog draggable
+                             }
+                         });
+-- 
+2.39.1
+
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb
index 7ccc05ec3e..3f19194391 100644
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 
 SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \
            file://apache.conf \
+           file://CVE-2023-25727.patch \
 "
 
 SRC_URI[sha256sum] = "c562feddc0f8ff5e69629113f273a0d024a65fb928c48e89ce614744d478296f"