23 files changed, 994 insertions, 81 deletions

diff --git a/meta-multimedia/recipes-multimedia/aom/aom_3.7.0.bb b/meta-multimedia/recipes-multimedia/aom/aom_3.12.1.bb
index 776dfa8783..681ebb4d3d 100644
--- a/meta-multimedia/recipes-multimedia/aom/aom_3.7.0.bb
+++ b/meta-multimedia/recipes-multimedia/aom/aom_3.12.1.bb
@@ -5,8 +5,8 @@ LICENSE = "BSD-2-Clause & AOM-Patent-License-1.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=6ea91368c1bbdf877159435572b931f5 \
                     file://PATENTS;md5=a111d47497d3bb49e04eef71377eb8ba \
                    "
-SRCREV = "6054fae218eda6e53e1e3b4f7ef0fff4877c7bf1"
-SRC_URI = "git://aomedia.googlesource.com/aom;protocol=https;branch=main \
+SRCREV = "10aece4157eb79315da205f39e19bf6ab3ee30d0"
+SRC_URI = "git://aomedia.googlesource.com/aom;protocol=https;branch=main;tag=v${PV} \
            file://0001-subpel_variance_neon-Provide-prototypes-for-missing-.patch"
 
 S = "${WORKDIR}/git"
diff --git a/meta-networking/dynamic-layers/meta-python/recipes-printing/system-config-printer/system-config-printer_1.5.18.bb b/meta-networking/dynamic-layers/meta-python/recipes-printing/system-config-printer/system-config-printer_1.5.18.bb
index f9a5e15689..6cd25e346a 100644
--- a/meta-networking/dynamic-layers/meta-python/recipes-printing/system-config-printer/system-config-printer_1.5.18.bb
+++ b/meta-networking/dynamic-layers/meta-python/recipes-printing/system-config-printer/system-config-printer_1.5.18.bb
@@ -26,12 +26,7 @@ do_install:append() {
     cp -rf ${B}/cupshelpers.egg-info ${D}${PYTHON_SITEPACKAGES_DIR}
     cp -rf ${B}/cupshelpers ${D}${PYTHON_SITEPACKAGES_DIR}
     rm -rf ${D}${PYTHON_SITEPACKAGES_DIR}/*.egg
-    for f in __init__.cpython-311.pyc cupshelpers.cpython-311.pyc \
-        config.cpython-311.pyc ppds.cpython-311.pyc \
-        installdriver.cpython-311.pyc openprinting.cpython-311.pyc \
-        xmldriverprefs.cpython-311.pyc; do
-        rm -rf ${D}${PYTHON_SITEPACKAGES_DIR}/cupshelpers/__pycache__/$f
-    done
+    rm -rf ${D}${PYTHON_SITEPACKAGES_DIR}/cupshelpers/__pycache__
 }
 
 FILES:${PN} += "${libdir} ${datadir}"
diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.50.0.bb b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.52.0.bb
index 702b80ac68..dd894c0900 100644
--- a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.50.0.bb
+++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.52.0.bb
@@ -25,32 +25,34 @@ DEPENDS = " \
     intltool-native \
     libxslt-native \
     libnl \
+    libnvme \
     udev \
     util-linux \
+    util-linux-libuuid \
     libndp \
     curl \
     dbus \
 "
 DEPENDS:append:class-target = " bash-completion"
 
-inherit gnomebase gettext update-rc.d systemd gobject-introspection gtk-doc update-alternatives upstream-version-is-even
+inherit meson gettext update-rc.d systemd gobject-introspection update-alternatives upstream-version-is-even pkgconfig
 
 SRC_URI = " \
-    ${GNOME_MIRROR}/NetworkManager/${@gnome_verdir("${PV}")}/NetworkManager-${PV}.tar.xz \
+    git://github.com/NetworkManager/NetworkManager.git;protocol=https;branch=main;tag=${PV} \
     file://${BPN}.initd \
     file://enable-dhcpcd.conf \
     file://enable-iwd.conf \
 "
 SRC_URI:append:libc-musl = "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-lld', ' file://0001-linker-scripts-Do-not-export-_IO_stdin_used.patch', '', d)}"
 
-SRC_URI[sha256sum] = "fc03e7388a656cebc454c5d89481626122b1975d7c26babc64dc7e488faa66e3"
+SRCREV = "995a28fa1ccc54ad22e794294c3c6783cc3f30ed"
 
-S = "${WORKDIR}/NetworkManager-${PV}"
+S = "${WORKDIR}/git"
 
 # ['auto', 'symlink', 'file', 'netconfig', 'resolvconf']
 NETWORKMANAGER_DNS_RC_MANAGER_DEFAULT ??= "auto"
 
-# ['dhcpcanon', 'dhclient', 'dhcpcd', 'internal', 'nettools']
+# ['dhclient', 'dhcpcd', 'internal', 'nettools']
 NETWORKMANAGER_DHCP_DEFAULT ??= "internal"
 
 # The default gets detected based on whether /usr/sbin/nft or /usr/sbin/iptables is installed, with nftables preferred.
@@ -65,7 +67,6 @@ EXTRA_OEMESON = "\
     -Dqt=false \
     -Dconfig_dns_rc_manager_default=${NETWORKMANAGER_DNS_RC_MANAGER_DEFAULT} \
     -Dconfig_dhcp_default=${NETWORKMANAGER_DHCP_DEFAULT} \
-    -Ddhcpcanon=false \
     -Diptables=${sbindir}/iptables \
     -Dnft=${sbindir}/nft \
 "
diff --git a/meta-networking/recipes-connectivity/wolfssl/files/0001-wolfssl-wolfcrypt-logging.h-and-wolfcrypt-src-loggin.patch b/meta-networking/recipes-connectivity/wolfssl/files/0001-wolfssl-wolfcrypt-logging.h-and-wolfcrypt-src-loggin.patch
new file mode 100644
index 0000000000..f4f149c7e8
--- /dev/null
+++ b/meta-networking/recipes-connectivity/wolfssl/files/0001-wolfssl-wolfcrypt-logging.h-and-wolfcrypt-src-loggin.patch
@@ -0,0 +1,791 @@
+From 04975ac158e6d33875c2855f74792efb2258bb93 Mon Sep 17 00:00:00 2001
+From: Daniel Pouzzner <douzzer@wolfssl.com>
+Date: Tue, 13 May 2025 20:30:48 -0500
+Subject: [PATCH] wolfssl/wolfcrypt/logging.h and wolfcrypt/src/logging.c: add 
+  WOLFSSL_DEBUG_PRINTF() macro adapted from wolfssl_log(), refactor  
+ wolfssl_log() to use it, and move printf setup includes/prototypes from  
+ logging.c to logging.h;
+
+src/ssl_load.c: add source_name arg and WOLFSSL_DEBUG_CERTIFICATE_LOADS clauses
+  to ProcessBuffer() and ProcessChainBuffer(), and pass reasonable values from
+  callers;
+
+remove expired "Baltimore CyberTrust Root" from certs/external/ca_collection.pem
+  and certs/external/baltimore-cybertrust-root.pem.
+
+Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/55460a52619626f614e86d528b9a60445562eb34]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ certs/external/baltimore-cybertrust-root.pem |  21 ---
+ certs/external/ca_collection.pem             |  77 ----------
+ src/ssl_load.c                               | 111 +++++++++++----
+ wolfcrypt/src/error.c                        |   4 +-
+ wolfcrypt/src/logging.c                      | 142 ++-----------------
+ wolfssl/internal.h                           |   3 +-
+ wolfssl/wolfcrypt/logging.h                  |  93 +++++++++++-
+ 7 files changed, 190 insertions(+), 261 deletions(-)
+ delete mode 100644 certs/external/baltimore-cybertrust-root.pem
+
+diff --git a/certs/external/baltimore-cybertrust-root.pem b/certs/external/baltimore-cybertrust-root.pem
+deleted file mode 100644
+index 519028c63..000000000
+--- a/certs/external/baltimore-cybertrust-root.pem
++++ /dev/null
+@@ -1,21 +0,0 @@
+------BEGIN CERTIFICATE-----
+-MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
+-RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
+-VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
+-DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
+-ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
+-VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
+-mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
+-IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
+-mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
+-XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
+-dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
+-jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
+-BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
+-DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
+-9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
+-jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
+-Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
+-ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
+-R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
+------END CERTIFICATE-----
+diff --git a/certs/external/ca_collection.pem b/certs/external/ca_collection.pem
+index ddfdf9cee..c76d6c605 100644
+--- a/certs/external/ca_collection.pem
++++ b/certs/external/ca_collection.pem
+@@ -1,80 +1,3 @@
+-Certificate:
+-    Data:
+-        Version: 3 (0x2)
+-        Serial Number: 33554617 (0x20000b9)
+-        Signature Algorithm: sha1WithRSAEncryption
+-        Issuer: C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
+-        Validity
+-            Not Before: May 12 18:46:00 2000 GMT
+-            Not After : May 12 23:59:00 2025 GMT
+-        Subject: C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
+-        Subject Public Key Info:
+-            Public Key Algorithm: rsaEncryption
+-                RSA Public-Key: (2048 bit)
+-                Modulus:
+-                    00:a3:04:bb:22:ab:98:3d:57:e8:26:72:9a:b5:79:
+-                    d4:29:e2:e1:e8:95:80:b1:b0:e3:5b:8e:2b:29:9a:
+-                    64:df:a1:5d:ed:b0:09:05:6d:db:28:2e:ce:62:a2:
+-                    62:fe:b4:88:da:12:eb:38:eb:21:9d:c0:41:2b:01:
+-                    52:7b:88:77:d3:1c:8f:c7:ba:b9:88:b5:6a:09:e7:
+-                    73:e8:11:40:a7:d1:cc:ca:62:8d:2d:e5:8f:0b:a6:
+-                    50:d2:a8:50:c3:28:ea:f5:ab:25:87:8a:9a:96:1c:
+-                    a9:67:b8:3f:0c:d5:f7:f9:52:13:2f:c2:1b:d5:70:
+-                    70:f0:8f:c0:12:ca:06:cb:9a:e1:d9:ca:33:7a:77:
+-                    d6:f8:ec:b9:f1:68:44:42:48:13:d2:c0:c2:a4:ae:
+-                    5e:60:fe:b6:a6:05:fc:b4:dd:07:59:02:d4:59:18:
+-                    98:63:f5:a5:63:e0:90:0c:7d:5d:b2:06:7a:f3:85:
+-                    ea:eb:d4:03:ae:5e:84:3e:5f:ff:15:ed:69:bc:f9:
+-                    39:36:72:75:cf:77:52:4d:f3:c9:90:2c:b9:3d:e5:
+-                    c9:23:53:3f:1f:24:98:21:5c:07:99:29:bd:c6:3a:
+-                    ec:e7:6e:86:3a:6b:97:74:63:33:bd:68:18:31:f0:
+-                    78:8d:76:bf:fc:9e:8e:5d:2a:86:a7:4d:90:dc:27:
+-                    1a:39
+-                Exponent: 65537 (0x10001)
+-        X509v3 extensions:
+-            X509v3 Subject Key Identifier: 
+-                E5:9D:59:30:82:47:58:CC:AC:FA:08:54:36:86:7B:3A:B5:04:4D:F0
+-            X509v3 Basic Constraints: critical
+-                CA:TRUE, pathlen:3
+-            X509v3 Key Usage: critical
+-                Certificate Sign, CRL Sign
+-    Signature Algorithm: sha1WithRSAEncryption
+-         85:0c:5d:8e:e4:6f:51:68:42:05:a0:dd:bb:4f:27:25:84:03:
+-         bd:f7:64:fd:2d:d7:30:e3:a4:10:17:eb:da:29:29:b6:79:3f:
+-         76:f6:19:13:23:b8:10:0a:f9:58:a4:d4:61:70:bd:04:61:6a:
+-         12:8a:17:d5:0a:bd:c5:bc:30:7c:d6:e9:0c:25:8d:86:40:4f:
+-         ec:cc:a3:7e:38:c6:37:11:4f:ed:dd:68:31:8e:4c:d2:b3:01:
+-         74:ee:be:75:5e:07:48:1a:7f:70:ff:16:5c:84:c0:79:85:b8:
+-         05:fd:7f:be:65:11:a3:0f:c0:02:b4:f8:52:37:39:04:d5:a9:
+-         31:7a:18:bf:a0:2a:f4:12:99:f7:a3:45:82:e3:3c:5e:f5:9d:
+-         9e:b5:c8:9e:7c:2e:c8:a4:9e:4e:08:14:4b:6d:fd:70:6d:6b:
+-         1a:63:bd:64:e6:1f:b7:ce:f0:f2:9f:2e:bb:1b:b7:f2:50:88:
+-         73:92:c2:e2:e3:16:8d:9a:32:02:ab:8e:18:dd:e9:10:11:ee:
+-         7e:35:ab:90:af:3e:30:94:7a:d0:33:3d:a7:65:0f:f5:fc:8e:
+-         9e:62:cf:47:44:2c:01:5d:bb:1d:b5:32:d2:47:d2:38:2e:d0:
+-         fe:81:dc:32:6a:1e:b5:ee:3c:d5:fc:e7:81:1d:19:c3:24:42:
+-         ea:63:39:a9
+------BEGIN CERTIFICATE-----
+-MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
+-RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
+-VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
+-DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
+-ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
+-VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
+-mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
+-IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
+-mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
+-XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
+-dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
+-jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
+-BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
+-DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
+-9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
+-jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
+-Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
+-ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
+-R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
+------END CERTIFICATE-----
+ Certificate:
+     Data:
+         Version: 3 (0x2)
+diff --git a/src/ssl_load.c b/src/ssl_load.c
+index 24c8af1be..d803b4093 100644
+--- a/src/ssl_load.c
++++ b/src/ssl_load.c
+@@ -2352,11 +2352,13 @@ static int ProcessBufferResetSuites(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int type)
+  * @param [out]     used       Number of bytes consumed.
+  * @param [in[      userChain  Whether this certificate is for user's chain.
+  * @param [in]      verify     How to verify certificate.
++ * @param [in]      source_name Associated filename or other source ID.
+  * @return  1 on success.
+  * @return  Less than 1 on failure.
+  */
+ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
+-    int format, int type, WOLFSSL* ssl, long* used, int userChain, int verify)
++    int format, int type, WOLFSSL* ssl, long* used, int userChain, int verify,
++    const char *source_name)
+ {
+     DerBuffer*    der = NULL;
+     int           ret = 0;
+@@ -2367,6 +2369,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
+     EncryptedInfo  info[1];
+ #endif
+     int           algId = 0;
++#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
++    long usedAtStart = used ? *used : 0L;
++#else
++    (void)source_name;
++#endif
+ 
+     WOLFSSL_ENTER("ProcessBuffer");
+ 
+@@ -2444,6 +2451,22 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
+                 CLEAR_ASN_NO_PEM_HEADER_ERROR(pemErr);
+                 ret = 0;
+             }
++#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
++            if (ret < 0) {
++#ifdef NO_ERROR_STRINGS
++                WOLFSSL_DEBUG_PRINTF(
++                    "ERROR: ProcessUserChain: certificate from %s at offset %ld"
++                    " rejected with code %d\n",
++                    source_name, usedAtStart, ret);
++#else
++                WOLFSSL_DEBUG_PRINTF(
++                    "ERROR: ProcessUserChain: certificate from %s at offset %ld"
++                    " rejected with code %d: %s\n",
++                    source_name, usedAtStart, ret,
++                    wolfSSL_ERR_reason_error_string(ret));
++#endif
++            }
++#endif /* WOLFSSL_DEBUG_CERTIFICATE_LOADS */
+         }
+ 
+     #ifdef WOLFSSL_SMALL_STACK
+@@ -2455,6 +2478,22 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
+             /* Process the different types of certificates. */
+             ret = ProcessBufferCertTypes(ctx, ssl, buff, sz, der, format, type,
+                 verify);
++#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
++            if (ret < 0) {
++#ifdef NO_ERROR_STRINGS
++                WOLFSSL_DEBUG_PRINTF(
++                    "ERROR: ProcessBufferCertTypes: certificate from %s at"
++                    " offset %ld rejected with code %d\n",
++                    source_name, usedAtStart, ret);
++#else
++                WOLFSSL_DEBUG_PRINTF(
++                    "ERROR: ProcessBufferCertTypes: certificate from %s at"
++                    " offset %ld rejected with code %d: %s\n",
++                    source_name, usedAtStart, ret,
++                    wolfSSL_ERR_reason_error_string(ret));
++#endif
++            }
++#endif /* WOLFSSL_DEBUG_CERTIFICATE_LOADS */
+         }
+         else {
+             FreeDer(&der);
+@@ -2515,12 +2554,14 @@ static int ProcessChainBufferCRL(WOLFSSL_CTX* ctx, const unsigned char* buff,
+  * @param [in]      sz      Size of data in buffer.
+  * @param [in]      type    Type of data.
+  * @param [in]      verify  How to verify certificate.
++ * @param [in]      source_name   Associated filename or other source ID.
+  * @return  1 on success.
+  * @return  0 on failure.
+  * @return  MEMORY_E when dynamic memory allocation fails.
+  */
+ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+-    const unsigned char* buff, long sz, int type, int verify)
++    const unsigned char* buff, long sz, int type, int verify,
++    const char *source_name)
+ {
+     int  ret    = 0;
+     long used   = 0;
+@@ -2529,11 +2570,11 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+     WOLFSSL_MSG("Processing CA PEM file");
+     /* Keep processing file while no errors and data to parse. */
+     while ((ret >= 0) && (used < sz)) {
+-        long consumed = 0;
++        long consumed = used;
+ 
+         /* Process the buffer. */
+         ret = ProcessBuffer(ctx, buff + used, sz - used, WOLFSSL_FILETYPE_PEM,
+-            type, ssl, &consumed, 0, verify);
++            type, ssl, &consumed, 0, verify, source_name);
+         /* Memory allocation failure is fatal. */
+         if (ret == WC_NO_ERR_TRACE(MEMORY_E)) {
+             gotOne = 0;
+@@ -2665,6 +2706,12 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
+         {
+             /* Not a header that we support. */
+             WOLFSSL_MSG("Failed to detect certificate type");
++#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
++            WOLFSSL_DEBUG_PRINTF(
++                "ERROR: ProcessFile: Failed to detect certificate type"
++                " of \"%s\"\n",
++                fname);
++#endif
+             ret = WOLFSSL_BAD_CERTTYPE;
+         }
+     }
+@@ -2673,7 +2720,7 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
+         if (((type == CA_TYPE) || (type == TRUSTED_PEER_TYPE)) &&
+                 (format == WOLFSSL_FILETYPE_PEM)) {
+             ret = ProcessChainBuffer(ctx, ssl, content.buffer, sz, type,
+-                verify);
++                verify, fname);
+         }
+ #ifdef HAVE_CRL
+         else if (type == CRL_TYPE) {
+@@ -2690,18 +2737,18 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
+             long consumed = 0;
+ 
+             ret = ProcessBuffer(ctx, content.buffer, sz, format, type, ssl,
+-                &consumed, userChain, verify);
++                &consumed, userChain, verify, fname);
+             if ((ret == 1) && (consumed < sz)) {
+                 ret = ProcessBuffer(ctx, content.buffer + consumed,
+                     sz - consumed, format, ALT_PRIVATEKEY_TYPE, ssl, NULL, 0,
+-                    verify);
++                    verify, fname);
+             }
+         }
+ #endif
+         else {
+             /* Load all other certificate types. */
+             ret = ProcessBuffer(ctx, content.buffer, sz, format, type, ssl,
+-                NULL, userChain, verify);
++                NULL, userChain, verify, fname);
+         }
+     }
+ 
+@@ -3030,7 +3077,8 @@ static int LoadSystemCaCertsWindows(WOLFSSL_CTX* ctx, byte* loaded)
+                     if (ProcessBuffer(ctx, certCtx->pbCertEncoded,
+                           certCtx->cbCertEncoded, WOLFSSL_FILETYPE_ASN1,
+                           CA_TYPE, NULL, NULL, 0,
+-                          GET_VERIFY_SETTING_CTX(ctx)) == 1) {
++                          GET_VERIFY_SETTING_CTX(ctx),
++                          storeNames[i]) == 1) {
+                         /*
+                          * Set "loaded" as long as we've loaded one CA
+                          * cert.
+@@ -3105,7 +3153,8 @@ static int LoadSystemCaCertsMac(WOLFSSL_CTX* ctx, byte* loaded)
+                     if (ProcessBuffer(ctx, CFDataGetBytePtr(der),
+                           CFDataGetLength(der), WOLFSSL_FILETYPE_ASN1,
+                           CA_TYPE, NULL, NULL, 0,
+-                          GET_VERIFY_SETTING_CTX(ctx)) == 1) {
++                          GET_VERIFY_SETTING_CTX(ctx),
++                          "MacOSX trustDomains") == 1) {
+                         /*
+                          * Set "loaded" as long as we've loaded one CA
+                          * cert.
+@@ -3644,7 +3693,8 @@ int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509)
+         /* Get DER encoded certificate data from X509 object. */
+         ret = ProcessBuffer(NULL, x509->derCert->buffer, x509->derCert->length,
+             WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl, &idx, 0,
+-            GET_VERIFY_SETTING_SSL(ssl));
++            GET_VERIFY_SETTING_SSL(ssl),
++            "x509 buffer");
+     }
+ 
+     /* Return 1 on success or 0 on failure. */
+@@ -3676,7 +3726,8 @@ int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, const unsigned char* der,
+         long idx = 0;
+ 
+         ret = ProcessBuffer(NULL, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE,
+-            ssl, &idx, 0, GET_VERIFY_SETTING_SSL(ssl));
++            ssl, &idx, 0, GET_VERIFY_SETTING_SSL(ssl),
++            "asn1 buffer");
+     }
+ 
+     /* Return 1 on success or 0 on failure. */
+@@ -3884,12 +3935,13 @@ int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx, const unsigned char* in,
+ 
+     /* When PEM, treat as certificate chain of CA certificates. */
+     if (format == WOLFSSL_FILETYPE_PEM) {
+-        ret = ProcessChainBuffer(ctx, NULL, in, sz, CA_TYPE, verify);
++        ret = ProcessChainBuffer(ctx, NULL, in, sz, CA_TYPE, verify,
++                                 "PEM buffer");
+     }
+     /* When DER, load the CA certificate. */
+     else {
+         ret = ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL, NULL,
+-            userChain, verify);
++            userChain, verify, "buffer");
+     }
+ #if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS)
+     if (ret == 1) {
+@@ -3973,12 +4025,12 @@ int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
+         /* When PEM, treat as certificate chain of trusted peer certificates. */
+         if (format == WOLFSSL_FILETYPE_PEM) {
+             ret = ProcessChainBuffer(ctx, NULL, in, sz, TRUSTED_PEER_TYPE,
+-                verify);
++                verify, "peer");
+         }
+         /* When DER, load the trusted peer certificate. */
+         else {
+             ret = ProcessBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE, NULL,
+-                NULL, 0, verify);
++                NULL, 0, verify, "peer");
+         }
+     }
+ 
+@@ -4004,7 +4056,7 @@ int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
+ 
+     WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_buffer");
+     ret = ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0,
+-        GET_VERIFY_SETTING_CTX(ctx));
++        GET_VERIFY_SETTING_CTX(ctx), "buffer");
+     WOLFSSL_LEAVE("wolfSSL_CTX_use_certificate_buffer", ret);
+ 
+     return ret;
+@@ -4030,7 +4082,7 @@ int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
+     WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_buffer");
+ 
+     ret = ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL, &consumed,
+-        0, GET_VERIFY_SETTING_CTX(ctx));
++        0, GET_VERIFY_SETTING_CTX(ctx), "key buffer");
+ #ifdef WOLFSSL_DUAL_ALG_CERTS
+     if ((ret == 1) && (consumed < sz)) {
+         /* When support for dual algorithm certificates is enabled, the
+@@ -4038,7 +4090,8 @@ int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
+          * private key. Hence, we have to parse both of them.
+          */
+         ret = ProcessBuffer(ctx, in + consumed, sz - consumed, format,
+-            ALT_PRIVATEKEY_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx));
++            ALT_PRIVATEKEY_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx),
++            "key buffer");
+     }
+ #endif
+ 
+@@ -4056,7 +4109,7 @@ int wolfSSL_CTX_use_AltPrivateKey_buffer(WOLFSSL_CTX* ctx,
+ 
+     WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_buffer");
+     ret = ProcessBuffer(ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, NULL,
+-        NULL, 0, GET_VERIFY_SETTING_CTX(ctx));
++        NULL, 0, GET_VERIFY_SETTING_CTX(ctx), "alt key buffer");
+     WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_buffer", ret);
+ 
+     return ret;
+@@ -4271,7 +4324,8 @@ static int wolfSSL_CTX_use_certificate_ex(WOLFSSL_CTX* ctx,
+     }
+ 
+     ret = ProcessBuffer(ctx, certData, certDataLen, certFormat,
+-        CERT_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx));
++        CERT_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx),
++        label ? label : "cert buffer");
+ 
+ exit:
+     XFREE(certData, ctx->heap, DYNAMIC_TYPE_CERT);
+@@ -4333,7 +4387,7 @@ int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx,
+ {
+     WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer_format");
+     return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 1,
+-        GET_VERIFY_SETTING_CTX(ctx));
++        GET_VERIFY_SETTING_CTX(ctx), "cert chain buffer");
+ }
+ 
+ /* Load a PEM encoded certificate chain in a buffer into SSL context.
+@@ -4376,7 +4430,7 @@ int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, const unsigned char* in,
+     }
+     else {
+         ret = ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 0,
+-            GET_VERIFY_SETTING_SSL(ssl));
++            GET_VERIFY_SETTING_SSL(ssl), "cert buffer");
+     }
+ 
+     return ret;
+@@ -4407,7 +4461,7 @@ int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
+     }
+     else {
+         ret = ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE, ssl,
+-            &consumed, 0, GET_VERIFY_SETTING_SSL(ssl));
++            &consumed, 0, GET_VERIFY_SETTING_SSL(ssl), "key buffer");
+     #ifdef WOLFSSL_DUAL_ALG_CERTS
+         if ((ret == 1) && (consumed < sz)) {
+             /* When support for dual algorithm certificates is enabled, the
+@@ -4415,7 +4469,8 @@ int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
+              * private key. Hence, we have to parse both of them.
+              */
+             ret = ProcessBuffer(ssl->ctx, in + consumed, sz - consumed, format,
+-                ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, GET_VERIFY_SETTING_SSL(ssl));
++                ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, GET_VERIFY_SETTING_SSL(ssl),
++                "key buffer");
+         }
+     #endif
+     }
+@@ -4431,7 +4486,7 @@ int wolfSSL_use_AltPrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
+ 
+     WOLFSSL_ENTER("wolfSSL_use_AltPrivateKey_buffer");
+     ret = ProcessBuffer(ssl->ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, ssl,
+-        NULL, 0, GET_VERIFY_SETTING_SSL(ssl));
++        NULL, 0, GET_VERIFY_SETTING_SSL(ssl), "alt key buffer");
+     WOLFSSL_LEAVE("wolfSSL_use_AltPrivateKey_buffer", ret);
+ 
+     return ret;
+@@ -4669,7 +4724,7 @@ int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl,
+     }
+     else {
+         ret = ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 1,
+-            GET_VERIFY_SETTING_SSL(ssl));
++            GET_VERIFY_SETTING_SSL(ssl), "cert chain buffer");
+     }
+ 
+     return ret;
+@@ -4826,7 +4881,7 @@ long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
+ 
+         /* Process buffer makes first certificate the leaf. */
+         ret = ProcessBuffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE,
+-            NULL, NULL, 1, GET_VERIFY_SETTING_CTX(ctx));
++            NULL, NULL, 1, GET_VERIFY_SETTING_CTX(ctx), "extra chain buffer");
+         if (ret != 1) {
+             ret = 0;
+         }
+diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
+index af5ba36b4..9ec9484d4 100644
+--- a/wolfcrypt/src/error.c
++++ b/wolfcrypt/src/error.c
+@@ -182,10 +182,10 @@ const char* wc_GetErrorString(int error)
+         return "ASN date error, bad size";
+ 
+     case ASN_BEFORE_DATE_E :
+-        return "ASN date error, current date before";
++        return "ASN date error, current date is before start of validity";
+ 
+     case ASN_AFTER_DATE_E :
+-        return "ASN date error, current date after";
++        return "ASN date error, current date is after expiration";
+ 
+     case ASN_SIG_OID_E :
+         return "ASN signature error, mismatched oid";
+diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c
+index 29b9221df..b80fc3a56 100644
+--- a/wolfcrypt/src/logging.c
++++ b/wolfcrypt/src/logging.c
+@@ -230,42 +230,6 @@ void WOLFSSL_TIME(int count)
+ 
+ #ifdef DEBUG_WOLFSSL
+ 
+-#if defined(ARDUINO)
+-    /* see Arduino wolfssl.h for wolfSSL_Arduino_Serial_Print */
+-#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+-    /* see wc_port.h for fio.h and nio.h includes */
+-#elif defined(WOLFSSL_SGX)
+-    /* Declare sprintf for ocall */
+-    int sprintf(char* buf, const char *fmt, ...);
+-#elif defined(WOLFSSL_DEOS)
+-#elif defined(MICRIUM)
+-    #if (BSP_SER_COMM_EN  == DEF_ENABLED)
+-        #include <bsp_ser.h>
+-    #endif
+-#elif defined(WOLFSSL_USER_LOG)
+-    /* user includes their own headers */
+-#elif defined(WOLFSSL_ESPIDF)
+-    #include "esp_types.h"
+-    #include "esp_log.h"
+-#elif defined(WOLFSSL_TELIT_M2MB)
+-    #include <stdio.h>
+-    #include "m2m_log.h"
+-#elif defined(WOLFSSL_ANDROID_DEBUG)
+-    #include <android/log.h>
+-#elif defined(WOLFSSL_XILINX)
+-    #include "xil_printf.h"
+-#elif defined(WOLFSSL_LINUXKM)
+-    /* the requisite linux/kernel.h is included in wc_port.h, with incompatible warnings masked out. */
+-#elif defined(FUSION_RTOS)
+-    #include <fclstdio.h>
+-    #define fprintf FCL_FPRINTF
+-#else
+-    #include <stdio.h>  /* for default printf stuff */
+-#endif
+-
+-#if defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
+-    int dc_log_printf(char*, ...);
+-#endif
+ 
+ #ifdef HAVE_STACK_SIZE_VERBOSE
+ #include <wolfssl/wolfcrypt/mem_track.h>
+@@ -281,106 +245,30 @@ static void wolfssl_log(const int logLevel, const char* const file_name,
+     else {
+ #if defined(WOLFSSL_USER_LOG)
+         WOLFSSL_USER_LOG(logMessage);
+-#elif defined(ARDUINO)
+-        wolfSSL_Arduino_Serial_Print(logMessage);
+-#elif defined(WOLFSSL_LOG_PRINTF)
+-        if (file_name != NULL)
+-            printf("[%s L %d] %s\n", file_name, line_number, logMessage);
+-        else
+-            printf("%s\n", logMessage);
+-#elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
+-        if (file_name != NULL)
+-            dc_log_printf("[%s L %d] %s\n", file_name, line_number, logMessage);
+-        else
+-            dc_log_printf("%s\n", logMessage);
+-#elif defined(WOLFSSL_DEOS)
+-        if (file_name != NULL)
+-            printf("[%s L %d] %s\r\n", file_name, line_number, logMessage);
+-        else
+-            printf("%s\r\n", logMessage);
+-#elif defined(MICRIUM)
+-        if (file_name != NULL)
+-            BSP_Ser_Printf("[%s L %d] %s\r\n",
+-                           file_name, line_number, logMessage);
+-        else
+-            BSP_Ser_Printf("%s\r\n", logMessage);
+-#elif defined(WOLFSSL_MDK_ARM)
+-        fflush(stdout) ;
+-        if (file_name != NULL)
+-            printf("[%s L %d] %s\n", file_name, line_number, logMessage);
+-        else
+-            printf("%s\n", logMessage);
+-        fflush(stdout) ;
+-#elif defined(WOLFSSL_UTASKER)
+-        fnDebugMsg((char*)logMessage);
+-        fnDebugMsg("\r\n");
+-#elif defined(MQX_USE_IO_OLD)
+-        if (file_name != NULL)
+-            fprintf(_mqxio_stderr, "[%s L %d] %s\n",
+-                    file_name, line_number, logMessage);
+-        else
+-            fprintf(_mqxio_stderr, "%s\n", logMessage);
+-#elif defined(WOLFSSL_APACHE_MYNEWT)
+-        if (file_name != NULL)
+-            LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "[%s L %d] %s\n",
+-                      file_name, line_number, logMessage);
+-        else
+-            LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "%s\n", logMessage);
+-#elif defined(WOLFSSL_ESPIDF)
+-        if (file_name != NULL)
+-            ESP_LOGI("wolfssl", "[%s L %d] %s",
+-                     file_name, line_number, logMessage);
+-        else
+-            ESP_LOGI("wolfssl", "%s", logMessage);
+-#elif defined(WOLFSSL_ZEPHYR)
+-        if (file_name != NULL)
+-            printk("[%s L %d] %s\n", file_name, line_number, logMessage);
+-        else
+-            printk("%s\n", logMessage);
+-#elif defined(WOLFSSL_TELIT_M2MB)
+-        if (file_name != NULL)
+-            M2M_LOG_INFO("[%s L %d] %s\n", file_name, line_number, logMessage);
+-        else
+-            M2M_LOG_INFO("%s\n", logMessage);
+-#elif defined(WOLFSSL_ANDROID_DEBUG)
+-        if (file_name != NULL)
+-            __android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "[%s L %d] %s",
+-                                file_name, line_number, logMessage);
+-        else
+-            __android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "%s",
+-                                logMessage);
+-#elif defined(WOLFSSL_XILINX)
+-        if (file_name != NULL)
+-            xil_printf("[%s L %d] %s\r\n", file_name, line_number, logMessage);
+-        else
+-            xil_printf("%s\r\n", logMessage);
+-#elif defined(WOLFSSL_LINUXKM)
+-        if (file_name != NULL)
+-            printk("[%s L %d] %s\n", file_name, line_number, logMessage);
+-        else
+-            printk("%s\n", logMessage);
+-#elif defined(WOLFSSL_RENESAS_RA6M4)
+-        if (file_name != NULL)
+-            myprintf("[%s L %d] %s\n", file_name, line_number, logMessage);
+-        else
+-            myprintf("%s\n", logMessage);
+-#elif defined(STACK_SIZE_CHECKPOINT_MSG) && \
+-      defined(HAVE_STACK_SIZE_VERBOSE) && defined(HAVE_STACK_SIZE_VERBOSE_LOG)
+-        STACK_SIZE_CHECKPOINT_MSG(logMessage);
+-#else
++#elif defined(WOLFSSL_DEBUG_PRINTF)
+         if (log_prefix != NULL) {
+             if (file_name != NULL)
+-                fprintf(stderr, "[%s]: [%s L %d] %s\n",
++                WOLFSSL_DEBUG_PRINTF("[%s]: [%s L %d] %s\n",
+                         log_prefix, file_name, line_number, logMessage);
+             else
+-                fprintf(stderr, "[%s]: %s\n", log_prefix, logMessage);
++                WOLFSSL_DEBUG_PRINTF("[%s]: %s\n", log_prefix, logMessage);
+         } else {
+             if (file_name != NULL)
+-                fprintf(stderr, "[%s L %d] %s\n",
++                WOLFSSL_DEBUG_PRINTF("[%s L %d] %s\n",
+                         file_name, line_number, logMessage);
+             else
+-                fprintf(stderr, "%s\n", logMessage);
++                WOLFSSL_DEBUG_PRINTF("%s\n", logMessage);
+         }
++#elif defined(ARDUINO)
++        wolfSSL_Arduino_Serial_Print(logMessage);
++#elif defined(WOLFSSL_UTASKER)
++        fnDebugMsg((char*)logMessage);
++        fnDebugMsg("\r\n");
++#elif defined(STACK_SIZE_CHECKPOINT_MSG) && \
++      defined(HAVE_STACK_SIZE_VERBOSE) && defined(HAVE_STACK_SIZE_VERBOSE_LOG)
++        STACK_SIZE_CHECKPOINT_MSG(logMessage);
++#else
++    #error No log method defined.
+ #endif
+     }
+ }
+diff --git a/wolfssl/internal.h b/wolfssl/internal.h
+index 9cdbdb697..dd191fb1a 100644
+--- a/wolfssl/internal.h
++++ b/wolfssl/internal.h
+@@ -6389,7 +6389,8 @@ WOLFSSL_TEST_VIS   void wolfSSL_ResourceFree(WOLFSSL* ssl);   /* Micrium uses */
+ 
+     WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
+                                     long sz, int format, int type, WOLFSSL* ssl,
+-                                    long* used, int userChain, int verify);
++                                    long* used, int userChain, int verify,
++                                    const char *source_name);
+     WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
+                                  int type, WOLFSSL* ssl, int userChain,
+                                 WOLFSSL_CRL* crl, int verify);
+diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h
+index 49de70147..8b3cf0fd8 100644
+--- a/wolfssl/wolfcrypt/logging.h
++++ b/wolfssl/wolfcrypt/logging.h
+@@ -89,11 +89,6 @@ enum wc_FuncNum {
+ };
+ #endif
+ 
+-#if defined(ARDUINO)
+-/* implemented in Arduino wolfssl.h */
+-extern WOLFSSL_API int wolfSSL_Arduino_Serial_Print(const char* const s);
+-#endif /* ARDUINO */
+-
+ typedef void (*wolfSSL_Logging_cb)(const int logLevel,
+                                    const char *const logMessage);
+ 
+@@ -157,6 +152,10 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
+     #define WOLFSSL_TIME(n)  WC_DO_NOTHING
+ #endif
+ 
++#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_CERTIFICATE_LOADS)
++    #define WOLFSSL_DEBUG_CERTIFICATE_LOADS
++#endif
++
+ #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY)
+     #if defined(_WIN32)
+         #if defined(INTIME_RTOS)
+@@ -268,6 +267,90 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
+     extern WOLFSSL_API THREAD_LS_T void *StackSizeCheck_stackOffsetPointer;
+ #endif
+ 
++/* Port-specific includes and printf methods: */
++
++#if defined(ARDUINO)
++    /* implemented in Arduino wolfssl.h */
++    extern WOLFSSL_API int wolfSSL_Arduino_Serial_Print(const char* const s);
++#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
++    /* see wc_port.h for fio.h and nio.h includes */
++#elif defined(WOLFSSL_SGX)
++    /* Declare sprintf for ocall */
++    int sprintf(char* buf, const char *fmt, ...);
++#elif defined(WOLFSSL_DEOS)
++#elif defined(MICRIUM)
++    #if (BSP_SER_COMM_EN  == DEF_ENABLED)
++        #include <bsp_ser.h>
++    #endif
++#elif defined(WOLFSSL_USER_LOG)
++    /* user includes their own headers */
++#elif defined(WOLFSSL_ESPIDF)
++    #include "esp_types.h"
++    #include "esp_log.h"
++#elif defined(WOLFSSL_TELIT_M2MB)
++    #include <stdio.h>
++    #include "m2m_log.h"
++#elif defined(WOLFSSL_ANDROID_DEBUG)
++    #include <android/log.h>
++#elif defined(WOLFSSL_XILINX)
++    #include "xil_printf.h"
++#elif defined(WOLFSSL_LINUXKM)
++    /* the requisite linux/kernel.h is included in linuxkm_wc_port.h, with
++     * incompatible warnings masked out.
++     */
++#elif defined(FUSION_RTOS)
++    #include <fclstdio.h>
++    #define fprintf FCL_FPRINTF
++#else
++    #include <stdio.h>  /* for default printf stuff */
++#endif
++
++#if defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
++    int dc_log_printf(char*, ...);
++#endif
++
++#ifdef WOLFSSL_DEBUG_PRINTF
++    /* user-supplied definition */
++#elif defined(ARDUINO)
++    /* ARDUINO only has print and sprintf, no printf. */
++#elif defined(WOLFSSL_LOG_PRINTF) || defined(WOLFSSL_DEOS)
++    #define WOLFSSL_DEBUG_PRINTF(...) printf(__VA_ARGS__)
++#elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
++    #define WOLFSSL_DEBUG_PRINTF(...) dc_log_printf(__VA_ARGS__)
++#elif defined(MICRIUM)
++    #define WOLFSSL_DEBUG_PRINTF(...) BSP_Ser_Printf(__VA_ARGS__)
++#elif defined(WOLFSSL_MDK_ARM)
++    #define WOLFSSL_DEBUG_PRINTF(...) do { \
++            fflush(stdout);                \
++            printf(__VA_ARGS__);           \
++            fflush(stdout);                \
++        } while (0)
++#elif defined(WOLFSSL_UTASKER)
++    /* WOLFSSL_UTASKER only has fnDebugMsg and related primitives, no printf. */
++#elif defined(MQX_USE_IO_OLD)
++    #define WOLFSSL_DEBUG_PRINTF(...) fprintf(_mqxio_stderr, __VAR_ARGS)
++#elif defined(WOLFSSL_APACHE_MYNEWT)
++    #define WOLFSSL_DEBUG_PRINTF(...) LOG_DEBUG(&mynewt_log, \
++        LOG_MODULE_DEFAULT, __VA_ARGS__)
++#elif defined(WOLFSSL_ESPIDF)
++    #define WOLFSSL_DEBUG_PRINTF(...) ESP_LOGI("wolfssl", __VA_ARGS__)
++#elif defined(WOLFSSL_ZEPHYR)
++    #define WOLFSSL_DEBUG_PRINTF(...) printk(__VA_ARGS__)
++#elif defined(WOLFSSL_TELIT_M2MB)
++    #define WOLFSSL_DEBUG_PRINTF(...) M2M_LOG_INFO(__VA_ARGS__)
++#elif defined(WOLFSSL_ANDROID_DEBUG)
++    #define WOLFSSL_DEBUG_PRINTF(...) __android_log_print(ANDROID_LOG_VERBOSE, \
++                                                    "[wolfSSL]", __VA_ARGS__)
++#elif defined(WOLFSSL_XILINX)
++    #define WOLFSSL_DEBUG_PRINTF(...) xil_printf(__VA_ARGS__)
++#elif defined(WOLFSSL_LINUXKM)
++    #define WOLFSSL_DEBUG_PRINTF(...) printk(__VA_ARGS__)
++#elif defined(WOLFSSL_RENESAS_RA6M4)
++    #define WOLFSSL_DEBUG_PRINTF(...) myprintf(__VA_ARGS__)
++#else
++    #define WOLFSSL_DEBUG_PRINTF(...) fprintf(stderr, __VA_ARGS__)
++#endif
++
+ #ifdef __cplusplus
+ }
+ #endif
diff --git a/meta-networking/recipes-connectivity/wolfssl/files/run-ptest b/meta-networking/recipes-connectivity/wolfssl/files/run-ptest
index ff66f4ef6c..fd260d441a 100644
--- a/meta-networking/recipes-connectivity/wolfssl/files/run-ptest
+++ b/meta-networking/recipes-connectivity/wolfssl/files/run-ptest
@@ -8,7 +8,9 @@ echo "Wolfssl ptest logs are stored in ${temp_dir}/${log_file}"
 
 ./test/unit.test > "$temp_dir/$log_file" 2>&1  
 
-echo "Test script returned: $?"
+ret=$?
+
+echo "Test script returned: $ret"
 
 MAGIC_SENTENCE=$(grep "unit_test: Success for all configured tests." $temp_dir/$log_file)
 
@@ -21,4 +23,4 @@ else
 fi
 NUM_FAILS=$(grep -c "Failed" $temp_dir/$log_file)
 
-exit $NUM_FAILS
+exit $ret
diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.7.2.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb
index b7ff23e719..b420795cee 100644
--- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.7.2.bb
+++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb
@@ -14,20 +14,25 @@ RPROVIDES:${PN} = "cyassl"
 
 SRC_URI = " \
     git://github.com/wolfSSL/wolfssl.git;protocol=https;branch=master \
+    file://0001-wolfssl-wolfcrypt-logging.h-and-wolfcrypt-src-loggin.patch \
     file://run-ptest \
 "
 
-SRCREV = "00e42151ca061463ba6a95adb2290f678cbca472"
+SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"
 
 S = "${WORKDIR}/git"
 
 inherit autotools ptest
 
+EXTRA_OECONF += "--enable-certreq --enable-dtls --enable-opensslextra --enable-certext --enable-certgen"
+
 PACKAGECONFIG ?= "reproducible-build"
 
 PACKAGECONFIG[reproducible-build] = "--enable-reproducible-build,--disable-reproducible-build,"
 BBCLASSEXTEND += "native nativesdk"
 
+CFLAGS += '-fPIC -DCERT_REL_PREFIX=\\"./\\"'
+
 RDEPENDS:${PN}-ptest += " bash"
 
 do_install_ptest() {
diff --git a/meta-networking/recipes-protocols/mdns/mdns/0001-Use-secure_getenv-on-Linux.patch b/meta-networking/recipes-protocols/mdns/mdns/0001-Use-secure_getenv-on-Linux.patch
new file mode 100644
index 0000000000..242aa7f7d8
--- /dev/null
+++ b/meta-networking/recipes-protocols/mdns/mdns/0001-Use-secure_getenv-on-Linux.patch
@@ -0,0 +1,30 @@
+From 1bf3be6cd775635aed95689f97a13fa6a037c741 Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alex.kiernan@gmail.com>
+Date: Tue, 27 May 2025 13:33:30 +0100
+Subject: [PATCH] Use secure_getenv on Linux
+
+Upstream-Status: Inactive-Upstream [Upstream does not take patches]
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ mDNSShared/dnssd_clientstub.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/mDNSShared/dnssd_clientstub.c b/mDNSShared/dnssd_clientstub.c
+index 6667276ee33a..e7b51813664e 100644
+--- a/mDNSShared/dnssd_clientstub.c
++++ b/mDNSShared/dnssd_clientstub.c
+@@ -801,10 +801,14 @@ static DNSServiceErrorType ConnectToServer(DNSServiceRef *ref, DNSServiceFlags f
+         #endif
+         #ifndef USE_TCP_LOOPBACK
+         char* uds_serverpath = NULL;
++#ifdef TARGET_OS_LINUX
++        uds_serverpath = secure_getenv(MDNS_UDS_SERVERPATH_ENVVAR);
++#else
+         if (!issetugid())
+         {
+             uds_serverpath = getenv(MDNS_UDS_SERVERPATH_ENVVAR);
+         }
++#endif
+         if (uds_serverpath == NULL)
+             uds_serverpath = MDNS_UDS_SERVERPATH;
+         else if (strlen(uds_serverpath) >= MAX_CTLPATH)
diff --git a/meta-networking/recipes-protocols/mdns/mdns/0005-Fix-missing-limit-declarations.patch b/meta-networking/recipes-protocols/mdns/mdns/0005-Fix-missing-limit-declarations.patch
deleted file mode 100644
index 41b8985e27..0000000000
--- a/meta-networking/recipes-protocols/mdns/mdns/0005-Fix-missing-limit-declarations.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 34285024531adbbc7b67506c9fc2e60f3b36b73b Mon Sep 17 00:00:00 2001
-From: Alex Kiernan <alexk@zuma.ai>
-Date: Sat, 26 Oct 2024 13:26:09 +0000
-Subject: [PATCH] Fix missing `limit` declarations
-
-`put_attribute_tlvs` needs a limit setting which is missing, add it in.
-
-Upstream-Status: Inactive-Upstream [Upstream does not take patches]
-Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
----
- mDNSShared/dnssd_clientstub.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/mDNSShared/dnssd_clientstub.c b/mDNSShared/dnssd_clientstub.c
-index 89cb90d947c7..316fc49ab078 100644
---- a/mDNSShared/dnssd_clientstub.c
-+++ b/mDNSShared/dnssd_clientstub.c
-@@ -2026,6 +2026,7 @@ DNSServiceErrorType DNSServiceRegisterInternal
-     ipc_msg_hdr *hdr;
-     DNSServiceErrorType err;
-     union { uint16_t s; u_char b[2]; } port = { portInNetworkByteOrder };
-+    const uint8_t *limit;
-     (void)attr;
- 
-     if (!sdRef || !regtype) return kDNSServiceErr_BadParam;
-@@ -2050,6 +2051,7 @@ DNSServiceErrorType DNSServiceRegisterInternal
-     if (!hdr) { DNSServiceRefDeallocate(*sdRef); *sdRef = NULL; return kDNSServiceErr_NoMemory; }
-     if (!callBack) hdr->ipc_flags |= IPC_FLAGS_NOREPLY;
- 
-+    limit = ptr + len;
-     put_flags(flags, &ptr);
-     put_uint32(interfaceIndex, &ptr);
-     put_string(name, &ptr);
-@@ -2326,6 +2328,7 @@ DNSServiceErrorType DNSServiceRegisterRecordInternal
-     ipc_msg_hdr *hdr = NULL;
-     DNSRecordRef rref = NULL;
-     DNSRecord **p;
-+    const uint8_t *limit;
-     (void)attr;
- 
-     // Verify that only one of the following flags is set.
-@@ -2375,6 +2378,7 @@ DNSServiceErrorType DNSServiceRegisterRecordInternal
-     hdr = create_hdr(reg_record_request, &len, &ptr, !(flags & kDNSServiceFlagsQueueRequest), sdRef);
-     if (!hdr) return kDNSServiceErr_NoMemory;
- 
-+    limit = ptr + len;
-     put_flags(flags, &ptr);
-     put_uint32(interfaceIndex, &ptr);
-     put_string(fullname, &ptr);
diff --git a/meta-networking/recipes-protocols/mdns/mdns_2600.100.147.bb b/meta-networking/recipes-protocols/mdns/mdns_2600.120.12.bb
index af1400ca6e..b6efa528d4 100644
--- a/meta-networking/recipes-protocols/mdns/mdns_2600.100.147.bb
+++ b/meta-networking/recipes-protocols/mdns/mdns_2600.120.12.bb
@@ -13,12 +13,12 @@ SRC_URI = "git://github.com/apple-oss-distributions/mDNSResponder;protocol=https
            file://0005-mDNSCore-Fix-broken-debug-parameter.patch \
            file://0006-make-Add-top-level-Makefile.patch \
            file://0009-remove-unneeded-headers.patch \
-           file://0005-Fix-missing-limit-declarations.patch \
            file://0001-Fix-build-with-gcc-15.patch \
+           file://0001-Use-secure_getenv-on-Linux.patch \
            file://mdns.service \
            "
-BRANCH = "main"
-SRCREV = "d89f8d1d0e001b810d6c055aa2a57b768bcf9aa2"
+BRANCH = "rel/mDNSResponder-2600"
+SRCREV = "3a0deda2995d98243dae379bcec10e57928c15e8"
 
 # We install a stub Makefile in the top directory so that the various checks
 # in base.bbclass pass their tests for a Makefile, this ensures (that amongst
diff --git a/meta-oe/recipes-devtools/xerces-c/xerces-c_3.2.5.bb b/meta-oe/recipes-devtools/xerces-c/xerces-c_3.3.0.bb
index 9fd7e8fbab..2819366dc9 100644
--- a/meta-oe/recipes-devtools/xerces-c/xerces-c_3.2.5.bb
+++ b/meta-oe/recipes-devtools/xerces-c/xerces-c_3.3.0.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 SRC_URI = "http://archive.apache.org/dist/xerces/c/3/sources/${BP}.tar.bz2 \
     file://0001-aclocal.m4-don-t-use-full-path-of-with_curl-in-xerce.patch \
 "
-SRC_URI[sha256sum] = "1db4028c9b7f1f778efbf4a9462d65e13f9938f2c22f9e9994e12c49ba97e252"
+SRC_URI[sha256sum] = "ef752578587e26013a933f16d76305c9b43ca32f869e3d3426986e03efb01d64"
 
 inherit autotools
 
@@ -29,7 +29,7 @@ PACKAGES = "libxerces-c \
 
 RPROVIDES:${PN}-dbg += "libxerces-c-dbg xerces-c-samples-dbg"
 
-FILES:libxerces-c = "${libdir}/libxerces-c-3.2.so"
+FILES:libxerces-c = "${libdir}/libxerces-c-3.3.so"
 FILES:libxerces-c-dev = "${libdir}/lib*.la \
     ${libdir}/libxerces-c.so \
     ${libdir}/pkgconfig/xerces-c.pc \
diff --git a/meta-oe/recipes-extended/redis/redis-7.2.7/0001-hiredis-use-default-CC-if-it-is-set.patch b/meta-oe/recipes-extended/redis/redis-7.2.8/0001-hiredis-use-default-CC-if-it-is-set.patch
index 63bf403412..63bf403412 100644
--- a/meta-oe/recipes-extended/redis/redis-7.2.7/0001-hiredis-use-default-CC-if-it-is-set.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.2.8/0001-hiredis-use-default-CC-if-it-is-set.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7.2.7/0002-lua-update-Makefile-to-use-environment-build-setting.patch b/meta-oe/recipes-extended/redis/redis-7.2.8/0002-lua-update-Makefile-to-use-environment-build-setting.patch
index 46330f5064..46330f5064 100644
--- a/meta-oe/recipes-extended/redis/redis-7.2.7/0002-lua-update-Makefile-to-use-environment-build-setting.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.2.8/0002-lua-update-Makefile-to-use-environment-build-setting.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7.2.7/0003-hack-to-force-use-of-libc-malloc.patch b/meta-oe/recipes-extended/redis/redis-7.2.8/0003-hack-to-force-use-of-libc-malloc.patch
index 1f97f9783d..1f97f9783d 100644
--- a/meta-oe/recipes-extended/redis/redis-7.2.7/0003-hack-to-force-use-of-libc-malloc.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.2.8/0003-hack-to-force-use-of-libc-malloc.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7.2.7/0004-src-Do-not-reset-FINAL_LIBS.patch b/meta-oe/recipes-extended/redis/redis-7.2.8/0004-src-Do-not-reset-FINAL_LIBS.patch
index 974cf5169f..974cf5169f 100644
--- a/meta-oe/recipes-extended/redis/redis-7.2.7/0004-src-Do-not-reset-FINAL_LIBS.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.2.8/0004-src-Do-not-reset-FINAL_LIBS.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7.2.7/0005-Define-_GNU_SOURCE-to-get-PTHREAD_MUTEX_INITIALIZER.patch b/meta-oe/recipes-extended/redis/redis-7.2.8/0005-Define-_GNU_SOURCE-to-get-PTHREAD_MUTEX_INITIALIZER.patch
index 8e5f30993b..8e5f30993b 100644
--- a/meta-oe/recipes-extended/redis/redis-7.2.7/0005-Define-_GNU_SOURCE-to-get-PTHREAD_MUTEX_INITIALIZER.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.2.8/0005-Define-_GNU_SOURCE-to-get-PTHREAD_MUTEX_INITIALIZER.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7.2.7/0006-Define-correct-gregs-for-RISCV32.patch b/meta-oe/recipes-extended/redis/redis-7.2.8/0006-Define-correct-gregs-for-RISCV32.patch
index 7009048171..7009048171 100644
--- a/meta-oe/recipes-extended/redis/redis-7.2.7/0006-Define-correct-gregs-for-RISCV32.patch
+++ b/meta-oe/recipes-extended/redis/redis-7.2.8/0006-Define-correct-gregs-for-RISCV32.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7.2.7/init-redis-server b/meta-oe/recipes-extended/redis/redis-7.2.8/init-redis-server
index c5f335f57d..c5f335f57d 100644
--- a/meta-oe/recipes-extended/redis/redis-7.2.7/init-redis-server
+++ b/meta-oe/recipes-extended/redis/redis-7.2.8/init-redis-server
diff --git a/meta-oe/recipes-extended/redis/redis-7.2.7/redis.conf b/meta-oe/recipes-extended/redis/redis-7.2.8/redis.conf
index 75037d6dc8..75037d6dc8 100644
--- a/meta-oe/recipes-extended/redis/redis-7.2.7/redis.conf
+++ b/meta-oe/recipes-extended/redis/redis-7.2.8/redis.conf
diff --git a/meta-oe/recipes-extended/redis/redis-7.2.7/redis.service b/meta-oe/recipes-extended/redis/redis-7.2.8/redis.service
index b7791d0df4..b7791d0df4 100644
--- a/meta-oe/recipes-extended/redis/redis-7.2.7/redis.service
+++ b/meta-oe/recipes-extended/redis/redis-7.2.8/redis.service
diff --git a/meta-oe/recipes-extended/redis/redis_7.2.7.bb b/meta-oe/recipes-extended/redis/redis_7.2.8.bb
index c688e92cca..3c4d84085b 100644
--- a/meta-oe/recipes-extended/redis/redis_7.2.7.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.2.8.bb
@@ -18,7 +18,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
            file://0006-Define-correct-gregs-for-RISCV32.patch \
           "
 
-SRC_URI[sha256sum] = "72c081e3b8cfae7144273d26d76736f08319000af46c01515cad5d29765cead5"
+SRC_URI[sha256sum] = "6be4fdfcdb2e5ac91454438246d00842d2671f792673390e742dfcaf1bf01574"
 
 RPROVIDES:${PN} = "virtual-redis"
 
diff --git a/meta-oe/recipes-support/pcp/pcp/fix_parallel_make.patch b/meta-oe/recipes-support/pcp/pcp/fix_parallel_make.patch
index 9cb649a594..7bc045949b 100644
--- a/meta-oe/recipes-support/pcp/pcp/fix_parallel_make.patch
+++ b/meta-oe/recipes-support/pcp/pcp/fix_parallel_make.patch
@@ -1,13 +1,113 @@
-Upstream-Status: Pending
+From 92add24ccfc7e643349a1c091957595ce25a9915 Mon Sep 17 00:00:00 2001
+From: Yoann Congal <yoann.congal@smile.fr>
+Date: Tue, 27 May 2025 08:45:36 +0200
+Subject: [PATCH] QA: cleanup localconfig.h build dependencies
 
+Some QA binaries include localconfig.h but there is no explicit dependencies
+between the binary build and the localconfig.h generation.
+On heavily loaded systems, this can result in the binary being built
+before localconf.h and a compilation error, e.g:
+| username.c:8:10: fatal error: localconfig.h: No such file or directory
+|     8 | #include "localconfig.h"
+|       |          ^~~~~~~~~~~~~~~
+| compilation terminated.
+
+This can be reproduced by adding "sleep 30" at the start of the
+localconfig.h generation rule.
+
+Fix this by adding the missing Makefile rule dependency between the
+binary (or its pre-link .o) and localconfig.h.
+
+Also remove an un-needed scale.o->localconfig.h dependency.
+
+Upstream-Status: Backport [https://github.com/performancecopilot/pcp/commit/8de7bbb06703f224b72fe0994acde3189b742fd2]
+Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
+---
+ qa/src/GNUlocaldefs | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/qa/src/GNUlocaldefs b/qa/src/GNUlocaldefs
+index f83826068..e47fbfd72 100644
 --- a/qa/src/GNUlocaldefs
 +++ b/qa/src/GNUlocaldefs
-@@ -728,7 +728,7 @@ scale.o:    localconfig.h
+@@ -299,7 +299,7 @@ diowr:      diowr.c
+        rm -f $@
+        $(CCF) $(CDEFS) -o $@ diowr.c
+ 
+-endian:        endian.c
++endian:        endian.c localconfig.h
+        rm -f $@
+        $(CCF) $(CDEFS) -o $@ endian.c
+ 
+@@ -331,15 +331,15 @@ exercise: exercise.c
+        rm -f $@
+        $(CCF) $(CDEFS) -o $@ exercise.c $(LDLIBS)
+ 
+-chkacc1:       chkacc1.c
++chkacc1:       chkacc1.c localconfig.h
+        rm -f $@
+        $(CCF) $(CDEFS) -o $@ chkacc1.c $(LDLIBS)
+ 
+-chkacc2:       chkacc2.c
++chkacc2:       chkacc2.c localconfig.h
+        rm -f $@
+        $(CCF) $(CDEFS) -o $@ chkacc2.c $(LDLIBS)
+ 
+-chkacc3:       chkacc3.c
++chkacc3:       chkacc3.c localconfig.h
+        rm -f $@
+        $(CCF) $(CDEFS) -o $@ chkacc3.c $(LDLIBS)
+ 
+@@ -489,7 +489,7 @@ pmdashutdown:       pmdashutdown.c
+        rm -f $@
+        $(CCF) $(CDEFS) -o $@ $@.c $(LDLIBS) -lpcp_pmda
+ 
+-dumb_pmda: dumb_pmda.c
++dumb_pmda: dumb_pmda.c localconfig.h
+        $(CCF) $(LCDEFS) $(LCOPTS) -o $@ $@.c $(LDLIBS) -lpcp_pmda
+ 
+ pmdacache: pmdacache.c
+@@ -633,7 +633,7 @@ else
+        $(CCF) $(CDEFS) -o $@ $@.c $(LIB_FOR_PTHREADS) $(LDLIBS)
+ endif
+ 
+-multithread2:  multithread2.c
++multithread2:  multithread2.c localconfig.h
+        rm -f $@
+        $(CCF) $(CDEFS) -o $@ $@.c $(LIB_FOR_PTHREADS) $(LDLIBS)
+ 
+@@ -786,7 +786,6 @@ $(NVIDIAQALIB):     nvidia-ml.o
+ endif
+ 
+ arch_maxfd.o:  localconfig.h
+-scale.o:       localconfig.h
+ 
  779246.o:      libpcp.h
  aggrstore.o:   libpcp.h
- badmmv.o:      libpcp.h
--chkacc1.o:     libpcp.h
-+chkacc1.o:     libpcp.h localconfig.h
- chkacc2.o:     libpcp.h
- chkacc3.o:     libpcp.h
- chkacc4.o:     libpcp.h
+@@ -847,14 +846,14 @@ multithread14.o:  libpcp.h
+ nameall.o:     libpcp.h
+ parsehostattrs.o:      libpcp.h
+ parsehostspec.o:       libpcp.h
+-pdubufbounds.o:        libpcp.h
+-pducheck.o:    libpcp.h
++pdubufbounds.o:        libpcp.h localconfig.h
++pducheck.o:    libpcp.h localconfig.h
+ pducrash.o:    libpcp.h
+-pdu-server.o:  libpcp.h
++pdu-server.o:  libpcp.h localconfig.h
+ pmcdgone.o:    libpcp.h
+ pmlcmacro.o:   libpcp.h
+ pmnsinarchives.o:      libpcp.h
+-pmnsunload.o:  libpcp.h
++pmnsunload.o:  libpcp.h localconfig.h
+ proc_test.o:   libpcp.h
+ qa_libpcp_compat.o:    libpcp.h
+ qa_timezone.o: libpcp.h
+@@ -874,6 +873,7 @@ torture_pmns.o:     libpcp.h
+ tztest.o:      libpcp.h
+ unpack.o:      libpcp.h
+ unpickargs.o:  libpcp.h
++username.o:    localconfig.h
+ xarch.o:       libpcp.h
+ xlog.o:        libpcp.h
+ xmktime.o:     libpcp.h
diff --git a/meta-oe/recipes-support/xmlstarlet/files/0001-Define-ATTRIBUTE_UNUSED-if-its-not-defined.patch b/meta-oe/recipes-support/xmlstarlet/files/0001-Define-ATTRIBUTE_UNUSED-if-its-not-defined.patch
new file mode 100644
index 0000000000..1468559e7f
--- /dev/null
+++ b/meta-oe/recipes-support/xmlstarlet/files/0001-Define-ATTRIBUTE_UNUSED-if-its-not-defined.patch
@@ -0,0 +1,37 @@
+From 4e94034e9231f5d8312497b7504f21b7a6062bf4 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 27 May 2025 16:12:01 -0700
+Subject: [PATCH] Define ATTRIBUTE_UNUSED if its not defined
+
+ATTRIBUTE_UNUSED is not defined in libxml2 2.14+, so check if the define is
+not there then define it.
+
+Fixes build errors e.g.
+../xmlstarlet-1.6.1/src/xml_pyx.c:203:36: error: expected ')'
+  203 | pyxExternalSubsetHandler(void *ctx ATTRIBUTE_UNUSED, const xmlChar *name,
+      |                                    ^
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/xml_pyx.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/xml_pyx.c b/src/xml_pyx.c
+index ab295f1..f1a1884 100644
+--- a/src/xml_pyx.c
++++ b/src/xml_pyx.c
+@@ -21,6 +21,13 @@
+ 
+ #include "xmlstar.h"
+ 
++/**
++ * Unbreak build with libxml2 2.14
++ */
++#ifndef ATTRIBUTE_UNUSED
++#define ATTRIBUTE_UNUSED __attribute__((unused))
++#endif
++
+ /**
+  *  Output newline and tab characters as escapes
+  *  Required both for attribute values and character data (#PCDATA)
diff --git a/meta-oe/recipes-support/xmlstarlet/xmlstarlet_1.6.1.bb b/meta-oe/recipes-support/xmlstarlet/xmlstarlet_1.6.1.bb
index 80fbe537e5..c8cfd884e2 100644
--- a/meta-oe/recipes-support/xmlstarlet/xmlstarlet_1.6.1.bb
+++ b/meta-oe/recipes-support/xmlstarlet/xmlstarlet_1.6.1.bb
@@ -16,7 +16,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/xmlstar/${BP}.tar.gz \
            file://configure.ac.patch \
            file://0001-usage2c.awk-fix-wrong-basename-regexp.patch \
            file://0001-Make-xmlError-struct-constant.patch \
-           file://0001-Fix-hash_key_put-signature.patch"
+           file://0001-Fix-hash_key_put-signature.patch \
+                   file://0001-Define-ATTRIBUTE_UNUSED-if-its-not-defined.patch"
 SRC_URI[sha256sum] = "15d838c4f3375332fd95554619179b69e4ec91418a3a5296e7c631b7ed19e7ca"
 
 inherit autotools