build-appliance-image: Update to scarthgap head revision

(From OE-Core rev: 803cc32e72b4fc2fc28d92090e61f5dd288a10cb) Signed-off-by: Steve Sakoman <steve@sakoman.com>
poky.conf: bump version for 5.0.2
2026-01-30 05:18:43 +01:00 · 2024-06-24 06:49:29 -07:00 · 2024-06-24 06:46:52 -07:00 · 2024-06-24 06:46:52 -07:00 · 2024-06-24 06:46:52 -07:00 · 2024-06-24 06:46:52 -07:00
199 changed files with 2878 additions and 4232 deletions
--- a/bitbake/lib/bb/init.py
+++ b/bitbake/lib/bb/init.py
@@ -36,6 +36,7 @@ class BBHandledException(Exception):

 import os
 import logging
+from collections import namedtuple


 class NullHandler(logging.Handler):
@@ -227,3 +228,14 @@ def deprecate_import(current, modulename, fromlist, renames = None):

        setattr(sys.modules[current], newname, newobj)

+TaskData = namedtuple("TaskData", [
+    "pn",
+    "taskname",
+    "fn",
+    "deps",
+    "provides",
+    "taskhash",
+    "unihash",
+    "hashfn",
+    "taskhash_deps",
+])
--- a/bitbake/lib/bb/cooker.py
+++ b/bitbake/lib/bb/cooker.py
@@ -315,13 +315,13 @@ class BBCooker:
                dbfile = (self.data.getVar("PERSISTENT_DIR") or self.data.getVar("CACHE")) + "/hashserv.db"
                upstream = self.data.getVar("BB_HASHSERVE_UPSTREAM") or None
                if upstream:
-                    import socket
                    try:
-                        sock = socket.create_connection(upstream.split(":"), 5)
-                        sock.close()
-                    except socket.error as e:
+                        with hashserv.create_client(upstream) as client:
+                            client.ping()
+                    except (ConnectionError, ImportError) as e:
                        bb.warn("BB_HASHSERVE_UPSTREAM is not valid, unable to connect hash equivalence server at '%s': %s"
                                 % (upstream, repr(e)))
+                        upstream = None

                self.hashservaddr = "unix://%s/hashserve.sock" % self.data.getVar("TOPDIR")
                self.hashserv = hashserv.create_server(
@@ -1459,7 +1459,6 @@ class BBCooker:

                    if t in task or getAllTaskSignatures:
                        try:
-                            rq.rqdata.prepare_task_hash(tid)
                            sig.append([pn, t, rq.rqdata.get_task_unihash(tid)])
                        except KeyError:
                            sig.append(self.getTaskSignatures(target, [t])[0])
--- a/bitbake/lib/bb/fetch2/gcp.py
+++ b/bitbake/lib/bb/fetch2/gcp.py
@@ -23,6 +23,7 @@ import urllib.parse, urllib.error
 from bb.fetch2 import FetchMethod
 from bb.fetch2 import FetchError
 from bb.fetch2 import logger
+from bb.fetch2 import runfetchcmd

 class GCP(FetchMethod):
    """
--- a/bitbake/lib/bb/fetch2/wget.py
+++ b/bitbake/lib/bb/fetch2/wget.py
@@ -108,7 +108,8 @@ class Wget(FetchMethod):

        fetchcmd = self.basecmd

-        localpath = os.path.join(d.getVar("DL_DIR"), ud.localfile) + ".tmp"
+        dldir = os.path.realpath(d.getVar("DL_DIR"))
+        localpath = os.path.join(dldir, ud.localfile) + ".tmp"
        bb.utils.mkdirhier(os.path.dirname(localpath))
        fetchcmd += " -O %s" % shlex.quote(localpath)

@@ -128,12 +129,21 @@ class Wget(FetchMethod):
        uri = ud.url.split(";")[0]
        if os.path.exists(ud.localpath):
            # file exists, but we didnt complete it.. trying again..
-            fetchcmd += d.expand(" -c -P ${DL_DIR} '%s'" % uri)
+            fetchcmd += " -c -P " + dldir + " '" + uri + "'"
        else:
-            fetchcmd += d.expand(" -P ${DL_DIR} '%s'" % uri)
+            fetchcmd += " -P " + dldir + " '" + uri + "'"

        self._runwget(ud, d, fetchcmd, False)

+        # Sanity check since wget can pretend it succeed when it didn't
+        # Also, this used to happen if sourceforge sent us to the mirror page
+        if not os.path.exists(localpath):
+            raise FetchError("The fetch command returned success for url %s but %s doesn't exist?!" % (uri, localpath), uri)
+
+        if os.path.getsize(localpath) == 0:
+            os.remove(localpath)
+            raise FetchError("The fetch of %s resulted in a zero size file?! Deleting and failing since this isn't right." % (uri), uri)
+
        # Try and verify any checksum now, meaning if it isn't correct, we don't remove the
        # original file, which might be a race (imagine two recipes referencing the same
        # source, one with an incorrect checksum)
@@ -143,15 +153,6 @@ class Wget(FetchMethod):
        # Our lock prevents multiple writers but mirroring code may grab incomplete files
        os.rename(localpath, localpath[:-4])

-        # Sanity check since wget can pretend it succeed when it didn't
-        # Also, this used to happen if sourceforge sent us to the mirror page
-        if not os.path.exists(ud.localpath):
-            raise FetchError("The fetch command returned success for url %s but %s doesn't exist?!" % (uri, ud.localpath), uri)
-
-        if os.path.getsize(ud.localpath) == 0:
-            os.remove(ud.localpath)
-            raise FetchError("The fetch of %s resulted in a zero size file?! Deleting and failing since this isn't right." % (uri), uri)
-
        return True

    def checkstatus(self, fetch, ud, d, try_again=True):
--- a/bitbake/lib/bb/parse/init.py
+++ b/bitbake/lib/bb/parse/init.py
@@ -49,20 +49,23 @@ class SkipPackage(SkipRecipe):
 __mtime_cache = {}
 def cached_mtime(f):
    if f not in __mtime_cache:
-        __mtime_cache[f] = os.stat(f)[stat.ST_MTIME]
+        res = os.stat(f)
+        __mtime_cache[f] = (res.st_mtime_ns, res.st_size, res.st_ino)
    return __mtime_cache[f]

 def cached_mtime_noerror(f):
    if f not in __mtime_cache:
        try:
-            __mtime_cache[f] = os.stat(f)[stat.ST_MTIME]
+            res = os.stat(f)
+            __mtime_cache[f] = (res.st_mtime_ns, res.st_size, res.st_ino)
        except OSError:
            return 0
    return __mtime_cache[f]

 def check_mtime(f, mtime):
    try:
-        current_mtime = os.stat(f)[stat.ST_MTIME]
+        res = os.stat(f)
+        current_mtime = (res.st_mtime_ns, res.st_size, res.st_ino)
        __mtime_cache[f] = current_mtime
    except OSError:
        current_mtime = 0
@@ -70,7 +73,8 @@ def check_mtime(f, mtime):

 def update_mtime(f):
    try:
-        __mtime_cache[f] = os.stat(f)[stat.ST_MTIME]
+        res = os.stat(f)
+        __mtime_cache[f] = (res.st_mtime_ns, res.st_size, res.st_ino)
    except OSError:
        if f in __mtime_cache:
            del __mtime_cache[f]
--- a/bitbake/lib/bb/runqueue.py
+++ b/bitbake/lib/bb/runqueue.py
@@ -1273,27 +1273,41 @@ class RunQueueData:

        bb.parse.siggen.set_setscene_tasks(self.runq_setscene_tids)

+        starttime = time.time()
+        lasttime = starttime
+
        # Iterate over the task list and call into the siggen code
        dealtwith = set()
        todeal = set(self.runtaskentries)
        while todeal:
+            ready = set()
            for tid in todeal.copy():
                if not (self.runtaskentries[tid].depends - dealtwith):
-                    dealtwith.add(tid)
-                    todeal.remove(tid)
-                    self.prepare_task_hash(tid)
-                bb.event.check_for_interrupts(self.cooker.data)
+                    self.runtaskentries[tid].taskhash_deps = bb.parse.siggen.prep_taskhash(tid, self.runtaskentries[tid].depends, self.dataCaches)
+                    # get_taskhash for a given tid *must* be called before get_unihash* below
+                    self.runtaskentries[tid].hash = bb.parse.siggen.get_taskhash(tid, self.runtaskentries[tid].depends, self.dataCaches)
+                    ready.add(tid)
+            unihashes = bb.parse.siggen.get_unihashes(ready)
+            for tid in ready:
+                dealtwith.add(tid)
+                todeal.remove(tid)
+                self.runtaskentries[tid].unihash = unihashes[tid]
+
+            bb.event.check_for_interrupts(self.cooker.data)
+
+            if time.time() > (lasttime + 30):
+                lasttime = time.time()
+                hashequiv_logger.verbose("Initial setup loop progress: %s of %s in %s" % (len(todeal), len(self.runtaskentries), lasttime - starttime))
+
+        endtime = time.time()
+        if (endtime-starttime > 60):
+            hashequiv_logger.verbose("Initial setup loop took: %s" % (endtime-starttime))

        bb.parse.siggen.writeout_file_checksum_cache()

        #self.dump_data()
        return len(self.runtaskentries)

-    def prepare_task_hash(self, tid):
-        bb.parse.siggen.prep_taskhash(tid, self.runtaskentries[tid].depends, self.dataCaches)
-        self.runtaskentries[tid].hash = bb.parse.siggen.get_taskhash(tid, self.runtaskentries[tid].depends, self.dataCaches)
-        self.runtaskentries[tid].unihash = bb.parse.siggen.get_unihash(tid)
-
    def dump_data(self):
        """
        Dump some debug information on the internal data structures
@@ -2438,14 +2452,17 @@ class RunQueueExecute:
        taskdepdata_cache = {}
        for task in self.rqdata.runtaskentries:
            (mc, fn, taskname, taskfn) = split_tid_mcfn(task)
-            pn = self.rqdata.dataCaches[mc].pkg_fn[taskfn]
-            deps = self.rqdata.runtaskentries[task].depends
-            provides = self.rqdata.dataCaches[mc].fn_provides[taskfn]
-            taskhash = self.rqdata.runtaskentries[task].hash
-            unihash = self.rqdata.runtaskentries[task].unihash
-            deps = self.filtermcdeps(task, mc, deps)
-            hashfn = self.rqdata.dataCaches[mc].hashfn[taskfn]
-            taskdepdata_cache[task] = [pn, taskname, fn, deps, provides, taskhash, unihash, hashfn]
+            taskdepdata_cache[task] = bb.TaskData(
+                pn = self.rqdata.dataCaches[mc].pkg_fn[taskfn],
+                taskname = taskname,
+                fn = fn,
+                deps = self.filtermcdeps(task, mc, self.rqdata.runtaskentries[task].depends),
+                provides = self.rqdata.dataCaches[mc].fn_provides[taskfn],
+                taskhash = self.rqdata.runtaskentries[task].hash,
+                unihash = self.rqdata.runtaskentries[task].unihash,
+                hashfn = self.rqdata.dataCaches[mc].hashfn[taskfn],
+                taskhash_deps = self.rqdata.runtaskentries[task].taskhash_deps,
+            )

        self.taskdepdata_cache = taskdepdata_cache

@@ -2460,9 +2477,11 @@ class RunQueueExecute:
        while next:
            additional = []
            for revdep in next:
-                self.taskdepdata_cache[revdep][6] = self.rqdata.runtaskentries[revdep].unihash
+                self.taskdepdata_cache[revdep] = self.taskdepdata_cache[revdep]._replace(
+                    unihash=self.rqdata.runtaskentries[revdep].unihash
+                )
                taskdepdata[revdep] = self.taskdepdata_cache[revdep]
-                for revdep2 in self.taskdepdata_cache[revdep][3]:
+                for revdep2 in self.taskdepdata_cache[revdep].deps:
                    if revdep2 not in taskdepdata:
                        additional.append(revdep2)
            next = additional
@@ -2556,17 +2575,28 @@ class RunQueueExecute:
            elif self.rqdata.runtaskentries[p].depends.isdisjoint(total):
                next.add(p)

+        starttime = time.time()
+        lasttime = starttime
+
        # When an item doesn't have dependencies in total, we can process it. Drop items from total when handled
        while next:
            current = next.copy()
            next = set()
+            ready = {}
            for tid in current:
                if self.rqdata.runtaskentries[p].depends and not self.rqdata.runtaskentries[tid].depends.isdisjoint(total):
                    continue
+                # get_taskhash for a given tid *must* be called before get_unihash* below
+                ready[tid] = bb.parse.siggen.get_taskhash(tid, self.rqdata.runtaskentries[tid].depends, self.rqdata.dataCaches)
+
+            unihashes = bb.parse.siggen.get_unihashes(ready.keys())
+
+            for tid in ready:
                orighash = self.rqdata.runtaskentries[tid].hash
-                newhash = bb.parse.siggen.get_taskhash(tid, self.rqdata.runtaskentries[tid].depends, self.rqdata.dataCaches)
+                newhash = ready[tid]
                origuni = self.rqdata.runtaskentries[tid].unihash
-                newuni = bb.parse.siggen.get_unihash(tid)
+                newuni = unihashes[tid]
+
                # FIXME, need to check it can come from sstate at all for determinism?
                remapped = False
                if newuni == origuni:
@@ -2587,6 +2617,15 @@ class RunQueueExecute:
                next |= self.rqdata.runtaskentries[tid].revdeps
                total.remove(tid)
                next.intersection_update(total)
+                bb.event.check_for_interrupts(self.cooker.data)
+
+                if time.time() > (lasttime + 30):
+                    lasttime = time.time()
+                    hashequiv_logger.verbose("Rehash loop slow progress: %s in %s" % (len(total), lasttime - starttime))
+
+        endtime = time.time()
+        if (endtime-starttime > 60):
+            hashequiv_logger.verbose("Rehash loop took more than 60s: %s" % (endtime-starttime))

        if changed:
            for mc in self.rq.worker:
@@ -2806,13 +2845,19 @@ class RunQueueExecute:
            additional = []
            for revdep in next:
                (mc, fn, taskname, taskfn) = split_tid_mcfn(revdep)
-                pn = self.rqdata.dataCaches[mc].pkg_fn[taskfn]
                deps = getsetscenedeps(revdep)
-                provides = self.rqdata.dataCaches[mc].fn_provides[taskfn]
-                taskhash = self.rqdata.runtaskentries[revdep].hash
-                unihash = self.rqdata.runtaskentries[revdep].unihash
-                hashfn = self.rqdata.dataCaches[mc].hashfn[taskfn]
-                taskdepdata[revdep] = [pn, taskname, fn, deps, provides, taskhash, unihash, hashfn]
+
+                taskdepdata[revdep] = bb.TaskData(
+                    pn = self.rqdata.dataCaches[mc].pkg_fn[taskfn],
+                    taskname = taskname,
+                    fn = fn,
+                    deps = deps,
+                    provides = self.rqdata.dataCaches[mc].fn_provides[taskfn],
+                    taskhash = self.rqdata.runtaskentries[revdep].hash,
+                    unihash = self.rqdata.runtaskentries[revdep].unihash,
+                    hashfn = self.rqdata.dataCaches[mc].hashfn[taskfn],
+                    taskhash_deps = self.rqdata.runtaskentries[revdep].taskhash_deps,
+                )
                for revdep2 in deps:
                    if revdep2 not in taskdepdata:
                        additional.append(revdep2)
--- a/bitbake/lib/bb/siggen.py
+++ b/bitbake/lib/bb/siggen.py
@@ -381,7 +381,7 @@ class SignatureGeneratorBasic(SignatureGenerator):
            self.taints[tid] = taint
            logger.warning("%s is tainted from a forced run" % tid)

-        return
+        return set(dep for _, dep in self.runtaskdeps[tid])

    def get_taskhash(self, tid, deps, dataCaches):

@@ -726,10 +726,13 @@ class SignatureGeneratorUniHashMixIn(object):
            return result

        if self.max_parallel <= 1 or len(queries) <= 1:
-            # No parallelism required. Make the query serially with the single client
+            # No parallelism required. Make the query using a single client
            with self.client() as client:
-                for tid, args in queries.items():
-                    query_result[tid] = client.get_unihash(*args)
+                keys = list(queries.keys())
+                unihashes = client.get_unihash_batch(queries[k] for k in keys)
+
+                for idx, k in enumerate(keys):
+                    query_result[k] = unihashes[idx]
        else:
            with self.client_pool() as client_pool:
                query_result = client_pool.get_unihashes(queries)
--- a/bitbake/lib/bb/tests/fetch.py
+++ b/bitbake/lib/bb/tests/fetch.py
@@ -1421,7 +1421,7 @@ class FetchLatestVersionTest(FetcherTest):
        # combination version pattern
        ("sysprof", "git://gitlab.gnome.org/GNOME/sysprof.git;protocol=https;branch=master", "cd44ee6644c3641507fb53b8a2a69137f2971219", "", "")
            : "1.2.0",
-        ("u-boot-mkimage", "git://git.denx.de/u-boot.git;branch=master;protocol=git", "62c175fbb8a0f9a926c88294ea9f7e88eb898f6c", "", "")
+        ("u-boot-mkimage", "git://source.denx.de/u-boot/u-boot.git;branch=master;protocol=https", "62c175fbb8a0f9a926c88294ea9f7e88eb898f6c", "", "")
            : "2014.01",
        # version pattern "yyyymmdd"
        ("mobile-broadband-provider-info", "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=master", "4ed19e11c2975105b71b956440acdb25d46a347d", "", "")
@@ -1511,7 +1511,7 @@ class FetchLatestVersionTest(FetcherTest):

    def test_wget_latest_versionstring(self):
        testdata = os.path.dirname(os.path.abspath(__file__)) + "/fetch-testdata"
-        server = HTTPService(testdata)
+        server = HTTPService(testdata, host="127.0.0.1")
        server.start()
        port = server.port
        try:
@@ -1519,10 +1519,10 @@ class FetchLatestVersionTest(FetcherTest):
                self.d.setVar("PN", k[0])
                checkuri = ""
                if k[2]:
-                    checkuri = "http://localhost:%s/" % port + k[2]
+                    checkuri = "http://127.0.0.1:%s/" % port + k[2]
                self.d.setVar("UPSTREAM_CHECK_URI", checkuri)
                self.d.setVar("UPSTREAM_CHECK_REGEX", k[3])
-                url = "http://localhost:%s/" % port + k[1]
+                url = "http://127.0.0.1:%s/" % port + k[1]
                ud = bb.fetch2.FetchData(url, self.d)
                pupver = ud.method.latest_versionstring(ud, self.d)
                verstring = pupver[0]
--- a/bitbake/lib/hashserv/client.py
+++ b/bitbake/lib/hashserv/client.py
@@ -5,6 +5,7 @@

 import logging
 import socket
+import asyncio
 import bb.asyncrpc
 import json
 from . import create_async_client
@@ -13,6 +14,66 @@ from . import create_async_client
 logger = logging.getLogger("hashserv.client")


+class Batch(object):
+    def __init__(self):
+        self.done = False
+        self.cond = asyncio.Condition()
+        self.pending = []
+        self.results = []
+        self.sent_count = 0
+
+    async def recv(self, socket):
+        while True:
+            async with self.cond:
+                await self.cond.wait_for(lambda: self.pending or self.done)
+
+                if not self.pending:
+                    if self.done:
+                        return
+                    continue
+
+            r = await socket.recv()
+            self.results.append(r)
+
+            async with self.cond:
+                self.pending.pop(0)
+
+    async def send(self, socket, msgs):
+        try:
+            # In the event of a restart due to a reconnect, all in-flight
+            # messages need to be resent first to keep to result count in sync
+            for m in self.pending:
+                await socket.send(m)
+
+            for m in msgs:
+                # Add the message to the pending list before attempting to send
+                # it so that if the send fails it will be retried
+                async with self.cond:
+                    self.pending.append(m)
+                    self.cond.notify()
+                    self.sent_count += 1
+
+                await socket.send(m)
+
+        finally:
+            async with self.cond:
+                self.done = True
+                self.cond.notify()
+
+    async def process(self, socket, msgs):
+        await asyncio.gather(
+            self.recv(socket),
+            self.send(socket, msgs),
+        )
+
+        if len(self.results) != self.sent_count:
+            raise ValueError(
+                f"Expected result count {len(self.results)}. Expected {self.sent_count}"
+            )
+
+        return self.results
+
+
 class AsyncClient(bb.asyncrpc.AsyncClient):
    MODE_NORMAL = 0
    MODE_GET_STREAM = 1
@@ -36,11 +97,27 @@ class AsyncClient(bb.asyncrpc.AsyncClient):
            if become:
                await self.become_user(become)

-    async def send_stream(self, mode, msg):
+    async def send_stream_batch(self, mode, msgs):
+        """
+        Does a "batch" process of stream messages. This sends the query
+        messages as fast as possible, and simultaneously attempts to read the
+        messages back. This helps to mitigate the effects of latency to the
+        hash equivalence server be allowing multiple queries to be "in-flight"
+        at once
+
+        The implementation does more complicated tracking using a count of sent
+        messages so that `msgs` can be a generator function (i.e. its length is
+        unknown)
+
+        """
+
+        b = Batch()
+
        async def proc():
+            nonlocal b
+
            await self._set_mode(mode)
-            await self.socket.send(msg)
-            return await self.socket.recv()
+            return await b.process(self.socket, msgs)

        return await self._send_wrapper(proc)

@@ -89,10 +166,15 @@ class AsyncClient(bb.asyncrpc.AsyncClient):
        self.mode = new_mode

    async def get_unihash(self, method, taskhash):
-        r = await self.send_stream(self.MODE_GET_STREAM, "%s %s" % (method, taskhash))
-        if not r:
-            return None
-        return r
+        r = await self.get_unihash_batch([(method, taskhash)])
+        return r[0]
+
+    async def get_unihash_batch(self, args):
+        result = await self.send_stream_batch(
+            self.MODE_GET_STREAM,
+            (f"{method} {taskhash}" for method, taskhash in args),
+        )
+        return [r if r else None for r in result]

    async def report_unihash(self, taskhash, method, outhash, unihash, extra={}):
        m = extra.copy()
@@ -115,8 +197,12 @@ class AsyncClient(bb.asyncrpc.AsyncClient):
        )

    async def unihash_exists(self, unihash):
-        r = await self.send_stream(self.MODE_EXIST_STREAM, unihash)
-        return r == "true"
+        r = await self.unihash_exists_batch([unihash])
+        return r[0]
+
+    async def unihash_exists_batch(self, unihashes):
+        result = await self.send_stream_batch(self.MODE_EXIST_STREAM, unihashes)
+        return [r == "true" for r in result]

    async def get_outhash(self, method, outhash, taskhash, with_unihash=True):
        return await self.invoke(
@@ -237,10 +323,12 @@ class Client(bb.asyncrpc.Client):
            "connect_tcp",
            "connect_websocket",
            "get_unihash",
+            "get_unihash_batch",
            "report_unihash",
            "report_unihash_equiv",
            "get_taskhash",
            "unihash_exists",
+            "unihash_exists_batch",
            "get_outhash",
            "get_stats",
            "reset_stats",
--- a/bitbake/lib/hashserv/tests.py
+++ b/bitbake/lib/hashserv/tests.py
@@ -594,6 +594,43 @@ class HashEquivalenceCommonTests(object):
                7: None,
            })

+    def test_get_unihash_batch(self):
+        TEST_INPUT = (
+            # taskhash                                   outhash                                                            unihash
+            ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', 'afe240a439959ce86f5e322f8c208e1fedefea9e813f2140c81af866cc9edf7e','218e57509998197d570e2c98512d0105985dffc9'),
+            # Duplicated taskhash with multiple output hashes and unihashes.
+            ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', 'ae9a7d252735f0dafcdb10e2e02561ca3a47314c'),
+            # Equivalent hash
+            ("044c2ec8aaf480685a00ff6ff49e6162e6ad34e1", '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', "def64766090d28f627e816454ed46894bb3aab36"),
+            ("e3da00593d6a7fb435c7e2114976c59c5fd6d561", "1cf8713e645f491eb9c959d20b5cae1c47133a292626dda9b10709857cbe688a", "3b5d3d83f07f259e9086fcb422c855286e18a57d"),
+            ('35788efcb8dfb0a02659d81cf2bfd695fb30faf9', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'f46d3fbb439bd9b921095da657a4de906510d2cd'),
+            ('35788efcb8dfb0a02659d81cf2bfd695fb30fafa', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'f46d3fbb439bd9b921095da657a4de906510d2ce'),
+            ('9d81d76242cc7cfaf7bf74b94b9cd2e29324ed74', '8470d56547eea6236d7c81a644ce74670ca0bbda998e13c629ef6bb3f0d60b69', '05d2a63c81e32f0a36542ca677e8ad852365c538'),
+        )
+        EXTRA_QUERIES = (
+            "6b6be7a84ab179b4240c4302518dc3f6",
+        )
+
+        for taskhash, outhash, unihash in TEST_INPUT:
+            self.client.report_unihash(taskhash, self.METHOD, outhash, unihash)
+
+
+        result = self.client.get_unihash_batch(
+            [(self.METHOD, data[0]) for data in TEST_INPUT] +
+            [(self.METHOD, e) for e in EXTRA_QUERIES]
+        )
+
+        self.assertListEqual(result, [
+            "218e57509998197d570e2c98512d0105985dffc9",
+            "218e57509998197d570e2c98512d0105985dffc9",
+            "218e57509998197d570e2c98512d0105985dffc9",
+            "3b5d3d83f07f259e9086fcb422c855286e18a57d",
+            "f46d3fbb439bd9b921095da657a4de906510d2cd",
+            "f46d3fbb439bd9b921095da657a4de906510d2cd",
+            "05d2a63c81e32f0a36542ca677e8ad852365c538",
+            None,
+        ])
+
    def test_client_pool_unihash_exists(self):
        TEST_INPUT = (
            # taskhash                                   outhash                                                            unihash
@@ -636,6 +673,44 @@ class HashEquivalenceCommonTests(object):
            result = client_pool.unihashes_exist(query)
            self.assertDictEqual(result, expected)

+    def test_unihash_exists_batch(self):
+        TEST_INPUT = (
+            # taskhash                                   outhash                                                            unihash
+            ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', 'afe240a439959ce86f5e322f8c208e1fedefea9e813f2140c81af866cc9edf7e','218e57509998197d570e2c98512d0105985dffc9'),
+            # Duplicated taskhash with multiple output hashes and unihashes.
+            ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', 'ae9a7d252735f0dafcdb10e2e02561ca3a47314c'),
+            # Equivalent hash
+            ("044c2ec8aaf480685a00ff6ff49e6162e6ad34e1", '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', "def64766090d28f627e816454ed46894bb3aab36"),
+            ("e3da00593d6a7fb435c7e2114976c59c5fd6d561", "1cf8713e645f491eb9c959d20b5cae1c47133a292626dda9b10709857cbe688a", "3b5d3d83f07f259e9086fcb422c855286e18a57d"),
+            ('35788efcb8dfb0a02659d81cf2bfd695fb30faf9', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'f46d3fbb439bd9b921095da657a4de906510d2cd'),
+            ('35788efcb8dfb0a02659d81cf2bfd695fb30fafa', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'f46d3fbb439bd9b921095da657a4de906510d2ce'),
+            ('9d81d76242cc7cfaf7bf74b94b9cd2e29324ed74', '8470d56547eea6236d7c81a644ce74670ca0bbda998e13c629ef6bb3f0d60b69', '05d2a63c81e32f0a36542ca677e8ad852365c538'),
+        )
+        EXTRA_QUERIES = (
+            "6b6be7a84ab179b4240c4302518dc3f6",
+        )
+
+        result_unihashes = set()
+
+
+        for taskhash, outhash, unihash in TEST_INPUT:
+            result = self.client.report_unihash(taskhash, self.METHOD, outhash, unihash)
+            result_unihashes.add(result["unihash"])
+
+        query = []
+        expected = []
+
+        for _, _, unihash in TEST_INPUT:
+            query.append(unihash)
+            expected.append(unihash in result_unihashes)
+
+
+        for unihash in EXTRA_QUERIES:
+            query.append(unihash)
+            expected.append(False)
+
+        result = self.client.unihash_exists_batch(query)
+        self.assertListEqual(result, expected)

    def test_auth_read_perms(self):
        admin_client = self.start_auth_server()
--- a/documentation/brief-yoctoprojectqs/index.rst
+++ b/documentation/brief-yoctoprojectqs/index.rst
@@ -251,11 +251,17 @@ an entire Linux distribution, including the toolchain, from source.
      To use such mirrors, uncomment the below lines in your ``conf/local.conf``
      file in the :term:`Build Directory`::

-         BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687"
+         BB_HASHSERVE_UPSTREAM = "wss://hashserv.yoctoproject.org/ws"
         SSTATE_MIRRORS ?= "file://.* http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH"
         BB_HASHSERVE = "auto"
         BB_SIGNATURE_HANDLER = "OEEquivHash"

+      The hash equivalence server needs the websockets python module version 9.1
+      or later. Debian GNU/Linux 12 (Bookworm) and later, Fedora, CentOS Stream
+      9 and later, and Ubuntu 22.04 (LTS) and later, all have a recent enough
+      package. Other supported distributions need to get the module some other
+      place than their package feed, e.g. via ``pip``.
+
 #. **Start the Build:** Continue with the following command to build an OS
   image for the target, which is ``core-image-sato`` in this example:

--- a/documentation/migration-guides/release-4.0.rst
+++ b/documentation/migration-guides/release-4.0.rst
@@ -24,3 +24,4 @@ Release 4.0 (kirkstone)
   release-notes-4.0.15
   release-notes-4.0.16
   release-notes-4.0.17
+   release-notes-4.0.18
--- a/documentation/migration-guides/release-notes-4.0.18.rst
+++ b/documentation/migration-guides/release-notes-4.0.18.rst
@@ -0,0 +1,191 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.0.18 (Kirkstone)
+------------------------------------------
+
+Security Fixes in Yocto-4.0.18
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  curl: Fix :cve:`2024-2398`
+-  expat: fix :cve:`2023-52426` and :cve:`2024-28757`
+-  libssh2: fix :cve:`2023-48795`
+-  ncurses: Fix :cve:`2023-50495`
+-  nghttp2: Fix :cve:`2024-28182` and :cve:`2023-44487`
+-  openssh: Ignore :cve:`2023-51767`
+-  openssl: Fix :cve:`2024-2511`
+-  perl: Ignore :cve:`2023-47100`
+-  python3-cryptography: Fix :cve:`2024-26130`
+-  python3-urllib3: Fix :cve:`2023-45803`
+-  qemu: Fix :cve:`2023-6683`
+-  ruby: fix :cve_mitre:`2024-27281`
+-  rust: Ignore :cve:`2024-24576`
+-  tiff: Fix :cve:`2023-52356` and :cve:`2023-6277`
+-  xserver-xorg: Fix :cve:`2024-31080` and :cve:`2024-31081`
+-  xwayland: Fix :cve:`2023-6816`, :cve:`2024-0408` and :cve:`2024-0409`
+
+
+Fixes in Yocto-4.0.18
+~~~~~~~~~~~~~~~~~~~~~
+
+-  build-appliance-image: Update to kirkstone head revision
+-  common-licenses: Backport missing license
+-  contributor-guide: add notes for tests
+-  contributor-guide: be more specific about meta-* trees
+-  cups: fix typo in :cve:`2023-32360` backport patch
+-  cve-update-nvd2-native: Add an age threshold for incremental update
+-  cve-update-nvd2-native: Fix CVE configuration update
+-  cve-update-nvd2-native: Fix typo in comment
+-  cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition
+-  cve-update-nvd2-native: Remove rejected CVE from database
+-  cve-update-nvd2-native: nvd_request_next: Improve comment
+-  dev-manual: improve descriptions of 'bitbake -S printdiff'
+-  dev-manual: packages: fix capitalization
+-  docs: conf.py: properly escape backslashes for latex_elements
+-  gcc: Backport sanitizer fix for 32-bit ALSR
+-  glibc: Fix subscript typos for get_nscd_addresses
+-  kernel-dev: join mkdir commands with -p
+-  linux-firmware: Upgrade to 20240220
+-  manuals: add initial sphinx-lint support
+-  manuals: add initial stylechecks with Vale
+-  manuals: document VIRTUAL-RUNTIME variables
+-  manuals: fix duplicate "stylecheck" target
+-  manuals: fix incorrect double backticks
+-  manuals: fix trailing spaces
+-  manuals: refer to new yocto-patches mailing list wherever appropriate
+-  manuals: remove tab characters
+-  manuals: replace hyphens with em dashes
+-  manuals: use "manual page(s)"
+-  migration-guides: add release notes for 4.0.17
+-  poky.conf: bump version for 4.0.18
+-  profile-manual: usage.rst: fix reference to bug report
+-  profile-manual: usage.rst: formatting fixes
+-  profile-manual: usage.rst: further style improvements
+-  python3-urllib3: Upgrade to v1.26.18
+-  ref-manual: add documentation of the variable :term:`SPDX_NAMESPACE_PREFIX`
+-  ref-manual: tasks: do_cleanall: recommend using '-f' instead
+-  ref-manual: tasks: do_cleansstate: recommend using '-f' instead for a shared sstate
+-  ref-manual: variables: adding multiple groups in :term:`GROUPADD_PARAM`
+-  ref-manual: variables: correct sdk installation default path
+-  stress-ng: avoid calling sync during do_compile
+-  systemd: Fix vlan qos mapping
+-  tcl: Add a way to skip ptests
+-  tcl: skip async and event tests in run-ptest
+-  tcl: skip timing-dependent tests in run-ptest
+-  valgrind: skip intermittently failing ptest
+-  wireless-regdb: Upgrade to 2024.01.23
+-  yocto-uninative: Update to 4.4 for glibc 2.39
+
+
+Known Issues in Yocto-4.0.18
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.18
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  Alex Kiernan
+-  Alex Stewart
+-  Alexander Kanavin
+-  BELOUARGA Mohamed
+-  Claus Stovgaard
+-  Colin McAllister
+-  Geoff Parker
+-  Haitao Liu
+-  Harish Sadineni
+-  Johan Bezem
+-  Jonathan GUILLOT
+-  Jörg Sommer
+-  Khem Raj
+-  Lee Chee Yang
+-  Luca Ceresoli
+-  Martin Jansa
+-  Meenali Gupta
+-  Michael Halstead
+-  Michael Opdenacker
+-  Peter Marko
+-  Quentin Schulz
+-  Ross Burton
+-  Sana Kazi
+-  Simone Weiß
+-  Soumya Sambu
+-  Steve Sakoman
+-  Tan Wen Yan
+-  Vijay Anusuri
+-  Wang Mingyu
+-  Yoann Congal
+-  Yogita Urade
+-  Zahir Hussain
+
+
+Repositories / Downloads for Yocto-4.0.18
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.18 </poky/log/?h=yocto-4.0.18>`
+-  Git Revision: :yocto_git:`31751bba1c789f15f574773a659b8017d7bcf440 </poky/commit/?id=31751bba1c789f15f574773a659b8017d7bcf440>`
+-  Release Artefact: poky-31751bba1c789f15f574773a659b8017d7bcf440
+-  sha: 72d5aa65c3c37766ebc24b212740272c1d52342468548f9c070241d3522ad2ca
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.18/poky-31751bba1c789f15f574773a659b8017d7bcf440.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.18/poky-31751bba1c789f15f574773a659b8017d7bcf440.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+-  Tag:  :oe_git:`yocto-4.0.18 </openembedded-core/log/?h=yocto-4.0.18>`
+-  Git Revision: :oe_git:`b7182571242dc4e23e5250a449d90348e62a6abc </openembedded-core/commit/?id=b7182571242dc4e23e5250a449d90348e62a6abc>`
+-  Release Artefact: oecore-b7182571242dc4e23e5250a449d90348e62a6abc
+-  sha: 6f257e50c10ebae673dcf61a833b3270db6d22781f02f6794a370aac839f1020
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.18/oecore-b7182571242dc4e23e5250a449d90348e62a6abc.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.18/oecore-b7182571242dc4e23e5250a449d90348e62a6abc.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.18 </meta-mingw/log/?h=yocto-4.0.18>`
+-  Git Revision: :yocto_git:`f6b38ce3c90e1600d41c2ebb41e152936a0357d7 </meta-mingw/commit/?id=f6b38ce3c90e1600d41c2ebb41e152936a0357d7>`
+-  Release Artefact: meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7
+-  sha: 7d57167c19077f4ab95623d55a24c2267a3a3fb5ed83688659b4c03586373b25
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.18/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.18/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2
+
+meta-gplv2
+
+-  Repository Location: :yocto_git:`/meta-gplv2`
+-  Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.18 </meta-gplv2/log/?h=yocto-4.0.18>`
+-  Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+-  Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+-  sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.18/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.18/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+-  Tag:  :oe_git:`yocto-4.0.18 </bitbake/log/?h=yocto-4.0.18>`
+-  Git Revision: :oe_git:`40fd5f4eef7460ca67f32cfce8e229e67e1ff607 </bitbake/commit/?id=40fd5f4eef7460ca67f32cfce8e229e67e1ff607>`
+-  Release Artefact: bitbake-40fd5f4eef7460ca67f32cfce8e229e67e1ff607
+-  sha: 5d20a0e4c5d0fce44bd84778168714a261a30a4b83f67c88df3b8a7e7115e444
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.18/bitbake-40fd5f4eef7460ca67f32cfce8e229e67e1ff607.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.18/bitbake-40fd5f4eef7460ca67f32cfce8e229e67e1ff607.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+-  Tag: :yocto_git:`yocto-4.0.18 </yocto-docs/log/?h=yocto-4.0.18>`
+-  Git Revision: :yocto_git:`fd1423141e7458ba557db465c171b0b4e9063987 </yocto-docs/commit/?id=fd1423141e7458ba557db465c171b0b4e9063987>`
+
--- a/documentation/migration-guides/release-notes-5.0.rst
+++ b/documentation/migration-guides/release-notes-5.0.rst
@@ -25,6 +25,10 @@ New Features / Enhancements in 5.0

   -  :term:`TARGET_DBGSRC_DIR`: specifies the target path to debug source files

+   -  :term:`USERADD_DEPENDS`: provides a way to declare dependencies on the users
+      and/or groups created by other recipes, resolving a long-standing build
+      ordering issue
+
 -  Architecture-specific enhancements:

   -  ``genericarm64``: a new :term:`MACHINE` to represent a 64-bit General Arm
@@ -84,6 +88,9 @@ New Features / Enhancements in 5.0
      a Sphinx extension to include jQuery on newer Sphinx releases. Recent
      versions of ``python3-sphinx-rtd-theme`` depend on it.

+   -  `python3-websockets <https://pypi.org/project/websockets/>`__: a
+      library for building WebSocket servers and clients in Python.
+
   -  `python3-yamllint <https://github.com/adrienverge/yamllint>`__: a linter
      for YAML files. In U-Boot, the ``binman`` tool uses this linter to verify the
      configurations at compile time.
@@ -155,6 +162,12 @@ New Features / Enhancements in 5.0

 -  Testing:

+   -  Move `patchtest` to the core (as ``scripts/patchtest``, test cases under
+      ``meta/lib/patchtest/tests``) and make a number of improvements to enable
+      it to validate patches submitted on the mailing list again. Additionally,
+      make it work with the original upstream version of
+      `Patchwork <http://jk.ozlabs.org/projects/patchwork/>`__.
+
   -  Add an optional ``unimplemented-ptest`` QA warning to detect upstream
      packages with tests, that do not use ptest.

@@ -163,6 +176,9 @@ New Features / Enhancements in 5.0

   -  ``oeqa``, ``oe-selftest``: add test cases for Maturin (SDK and runtime).

+   -  Proof-of-concept of screenshot-based runtime UI test
+      (``meta/lib/oeqa/runtime/cases/login.py``)
+
   -  Enable ptests for ``python3-attrs``, ``python3-pyyaml``, ``xz``

 -  Utility script changes:
@@ -191,8 +207,6 @@ New Features / Enhancements in 5.0
      extra tasks if the system load is too high, especially in distributions
      where ``/proc/pressure`` is disabled.

-   -  Add garbage collection to remove unused unihashes from the database.
-
   -  ``taskexp_ncurses``: add ncurses version of ``taskexp``, the dependency
      explorer originally implemented with GTK.

@@ -208,6 +222,17 @@ New Features / Enhancements in 5.0
   -  ``git-make-shallow`` script: add support for Git's ``safe.bareRepository=explicit``
      configuration setting.

+   -  Hash equivalence gained a number of scalability improvements including:
+
+      -  Support for a wide range of database backends through `SQLAlchemy`
+
+      -  Support for hash equivalence server and client to communicate over websockets
+
+      -  Support for per-user permissions in the hashserver, and on the client side
+         specifying credentials via the environment or ``.netrc``
+
+      -  Add garbage collection to remove unused unihashes from the database.
+
 -  devtool improvements:

   -  Introduce a new ``ide-sdk`` plugin to generate a configuration to use
@@ -255,6 +280,12 @@ New Features / Enhancements in 5.0
      incremental update can be configured with :term:`CVE_DB_INCR_UPDATE_AGE_THRES`
      variable.

+-  Toaster Web UI improvements:
+
+   - Numerous bugfixes, and additional input validation
+
+   - Add `pytest` support and add/update test cases
+
 -  Prominent documentation updates:

   -  Documentation for using the new ``devtool ide-sdk`` command and features.
@@ -318,6 +349,7 @@ The following corrections have been made to the :term:`LICENSE` values set by re

 -  ``elfutils``: split license for libraries & backend and utilities.
 -  ``ghostscript``: correct :term:`LICENSE` to ``AGPL-3.0-or-later``.
+-  ``kbd``: update license for consolefont and keymaps.
 -  ``libsystemd``: set its own :term:`LICENSE` value (``LGPL-2.1-or-later``) to add more granularity.
 -  ``libtest-warnings-perl``: update :term:`LICENSE` ``Artistic-1.0`` to ``Artistic-1.0-Perl``.
 -  ``linux-firmware``: set package :term:`LICENSE` appropriately for ``carl9170``, ``rockchip`` and ``powerpr``.
@@ -350,7 +382,7 @@ Security Fixes in 5.0
 -  libxml2: :cve:`2023-45322` (ignored)
 -  linux-yocto/6.6: :cve:`2020-16119`
 -  openssh: :cve:`2023-48795`, :cve:`2023-51384`, :cve:`2023-51385`
-  openssl: :cve:`2023-5363`, :cve:`2023-5678`, :cve:`2023-6129`, :cve_mitre:`2023-6237`, :cve:`2024-0727`
+-  openssl: :cve:`2023-5363`, :cve:`2023-5678`, :cve:`2023-6129`, :cve_mitre:`2023-6237`, :cve:`2024-0727`, :cve:`2024-2511`
 -  perl: :cve:`2023-47100`
 -  pixman: :cve:`2023-37769` (ignored)
 -  python3-cryptography{-vectors}: :cve:`2023-49083`, :cve:`2024-26130`
@@ -526,7 +558,7 @@ Recipe Upgrades in 5.0
 -  linux-yocto-dev 6.6+git -> 6.9+git
 -  linux-yocto-rt 6.1.78+git, 6.5.13+git -> 6.6.23+git
 -  linux-yocto-tiny 6.1.78+git, 6.5.13+git -> 6.6.23+git
-  llvm 17.0.3 -> 18.1.2
+-  llvm 17.0.3 -> 18.1.3
 -  lsof 4.98.0 -> 4.99.3
 -  ltp 20230516 -> 20240129
 -  lttng-modules 2.13.10 -> 2.13.12
@@ -562,7 +594,7 @@ Recipe Upgrades in 5.0
 -  ptest-runner 2.4.2+git -> 2.4.3+git
 -  pulseaudio 16.1 -> 17.0
 -  puzzles 0.0+git (2d9e414ee316…) -> 0.0+git (80aac3104096…)
-  python3 3.11.5 -> 3.12.2
+-  python3 3.11.5 -> 3.12.3
 -  python3-alabaster 0.7.13 -> 0.7.16
 -  python3-attrs 23.1.0 -> 23.2.0
 -  python3-babel 2.12.1 -> 2.14.0
@@ -904,3 +936,58 @@ Thanks to the following people who contributed to this release:
 Repositories / Downloads for Yocto-5.0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`scarthgap </poky/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0 </poky/log/?h=yocto-5.0>`
+-  Git Revision: :yocto_git:`fb91a49387cfb0c8d48303bb3354325ba2a05587 </poky/commit/?id=fb91a49387cfb0c8d48303bb3354325ba2a05587>`
+-  Release Artefact: poky-fb91a49387cfb0c8d48303bb3354325ba2a05587
+-  sha: 8a0dff4b677b9414ab814ed35d1880196123732ea16ab2fafa388bcc509b32ab
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-5.0/poky-fb91a49387cfb0c8d48303bb3354325ba2a05587.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-5.0/poky-fb91a49387cfb0c8d48303bb3354325ba2a05587.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`scarthgap </openembedded-core/log/?h=scarthgap>`
+-  Tag:  :oe_git:`yocto-5.0 </openembedded-core/log/?h=yocto-5.0>`
+-  Git Revision: :oe_git:`b65b4e5a8e4473d8ca43835ba17bc8bd4bdca277 </openembedded-core/commit/?id=b65b4e5a8e4473d8ca43835ba17bc8bd4bdca277>`
+-  Release Artefact: oecore-b65b4e5a8e4473d8ca43835ba17bc8bd4bdca277
+-  sha: c7fd05d1a00c70acba2540e60dce01a1bdc4701ebff9a808784960240c69261d
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-5.0/oecore-b65b4e5a8e4473d8ca43835ba17bc8bd4bdca277.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-5.0/oecore-b65b4e5a8e4473d8ca43835ba17bc8bd4bdca277.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`scarthgap </meta-mingw/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0 </meta-mingw/log/?h=yocto-5.0>`
+-  Git Revision: :yocto_git:`acbba477893ef87388effc4679b7f40ee49fc852 </meta-mingw/commit/?id=acbba477893ef87388effc4679b7f40ee49fc852>`
+-  Release Artefact: meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852
+-  sha: 3b7c2f475dad5130bace652b150367f587d44b391218b1364a8bbc430b48c54c
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-5.0/meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-5.0/meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.8 </bitbake/log/?h=2.8>`
+-  Tag:  :oe_git:`yocto-5.0 </bitbake/log/?h=yocto-5.0>`
+-  Git Revision: :oe_git:`c86466d51e8ff14e57a734c1eec5bb651fdc73ef </bitbake/commit/?id=c86466d51e8ff14e57a734c1eec5bb651fdc73ef>`
+-  Release Artefact: bitbake-c86466d51e8ff14e57a734c1eec5bb651fdc73ef
+-  sha: 45c91294c1fa5a0044f1bb72a9bb69456bb458747114115af85c7664bf672d48
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-5.0/bitbake-c86466d51e8ff14e57a734c1eec5bb651fdc73ef.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-5.0/bitbake-c86466d51e8ff14e57a734c1eec5bb651fdc73ef.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`scarthgap </yocto-docs/log/?h=scarthgap>`
+-  Tag: :yocto_git:`yocto-5.0 </yocto-docs/log/?h=yocto-5.0>`
+-  Git Revision: :yocto_git:`0cdc0afd3332459d30cfc8f4c2e62bdcc23f5ed5 </yocto-docs/commit/?id=0cdc0afd3332459d30cfc8f4c2e62bdcc23f5ed5>`
+
--- a/documentation/poky.yaml.in
+++ b/documentation/poky.yaml.in
@@ -1,10 +1,10 @@
-DISTRO : "4.3"
-DISTRO_NAME_NO_CAP : "nanbield"
-DISTRO_NAME : "Nanbield"
-DISTRO_NAME_NO_CAP_MINUS_ONE : "mickledore"
-DISTRO_NAME_NO_CAP_LTS : "kirkstone"
-YOCTO_DOC_VERSION : "4.3"
-DISTRO_REL_TAG : "yocto-4.3"
+DISTRO : "5.0"
+DISTRO_NAME_NO_CAP : "scarthgap"
+DISTRO_NAME : "Scarthgap"
+DISTRO_NAME_NO_CAP_MINUS_ONE : "nanbield"
+DISTRO_NAME_NO_CAP_LTS : "scarthgap"
+YOCTO_DOC_VERSION : "5.0"
+DISTRO_REL_TAG : "yocto-5.0"
 DOCCONF_VERSION : "dev"
 BITBAKE_SERIES : ""
 YOCTO_DL_URL : "https://downloads.yoctoproject.org"
@@ -12,18 +12,18 @@ YOCTO_AB_URL : "https://autobuilder.yoctoproject.org"
 YOCTO_RELEASE_DL_URL : "&YOCTO_DL_URL;/releases/yocto/yocto-&DISTRO;"
 UBUNTU_HOST_PACKAGES_ESSENTIAL : "gawk wget git diffstat unzip texinfo gcc \
     build-essential chrpath socat cpio python3 python3-pip python3-pexpect \
-     xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev \
-     python3-subunit mesa-common-dev zstd liblz4-tool file locales libacl1
+     xz-utils debianutils iputils-ping python3-git python3-jinja2 \
+     python3-subunit zstd liblz4-tool file locales libacl1
     \n\   $ sudo locale-gen en_US.UTF-8"
 FEDORA_HOST_PACKAGES_ESSENTIAL : "gawk make wget tar bzip2 gzip python3 unzip perl patch \
     diffutils diffstat git cpp gcc gcc-c++ glibc-devel texinfo chrpath \
     ccache perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue perl-bignum socat \
     python3-pexpect findutils which file cpio python python3-pip xz python3-GitPython \
-     python3-jinja2 SDL-devel rpcgen mesa-libGL-devel perl-FindBin perl-File-Compare \
+     python3-jinja2 rpcgen perl-FindBin perl-File-Compare \
     perl-File-Copy perl-locale zstd lz4 hostname glibc-langpack-en libacl"
 OPENSUSE_HOST_PACKAGES_ESSENTIAL : "python gcc gcc-c++ git chrpath make wget python-xml \
     diffstat makeinfo python-curses patch socat python3 python3-curses tar python3-pip \
-     python3-pexpect xz which python3-Jinja2 Mesa-libEGL1 libSDL-devel rpcgen Mesa-dri-devel \
+     python3-pexpect xz which python3-Jinja2 rpcgen \
     zstd lz4 bzip2 gzip hostname libacl1
     \n\   $ sudo pip3 install GitPython"
 ALMALINUX_HOST_PACKAGES_ESSENTIAL : "-y epel-release
@@ -33,8 +33,8 @@ ALMALINUX_HOST_PACKAGES_ESSENTIAL : "-y epel-release
     \n\   $ sudo dnf install gawk make wget tar bzip2 gzip python3 unzip perl patch \
     diffutils diffstat git cpp gcc gcc-c++ glibc-devel texinfo chrpath ccache \
     socat perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue python3-pip \
-     python3-GitPython python3-jinja2 python3-pexpect xz which SDL-devel \
-     rpcgen mesa-libGL-devel zstd lz4 cpio glibc-langpack-en libacl"
+     python3-GitPython python3-jinja2 python3-pexpect xz which \
+     rpcgen zstd lz4 cpio glibc-langpack-en libacl"
 PIP3_HOST_PACKAGES_DOC : "$ sudo pip3 install sphinx sphinx_rtd_theme pyyaml"
 MIN_PYTHON_VERSION : "3.8.0"
 MIN_TAR_VERSION : "1.28"
--- a/documentation/ref-manual/svg/releases.svg
+++ b/documentation/ref-manual/svg/releases.svg
@@ -3,8 +3,8 @@
   version="1.1"
   id="svg2"
   width="2040.0006"
-   height="624.30518"
-   viewBox="0 0 2040.0006 624.30515"
+   height="669.30511"
+   viewBox="0 0 2040.0006 669.30509"
   sodipodi:docname="releases.svg"
   inkscape:version="1.1.2 (0a00cf5339, 2022-02-04)"
   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
@@ -409,8 +409,8 @@
     id="namedview4"
     showgrid="true"
     inkscape:zoom="1.4472045"
-     inkscape:cx="736.24703"
-     inkscape:cy="312.32629"
+     inkscape:cx="987.76641"
+     inkscape:cy="357.93145"
     inkscape:window-x="1728"
     inkscape:window-y="0"
     inkscape:window-maximized="1"
@@ -427,13 +427,13 @@
       type="xygrid"
       id="grid1257"
       originx="-289.99936"
-       originy="325" />
+       originy="369.99998" />
  </sodipodi:namedview>
  <g
     inkscape:groupmode="layer"
     inkscape:label="Image"
     id="g10"
-     transform="translate(-289.99936,325.00004)">
+     transform="translate(-289.99936,370.00003)">
    <path
       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
       d="m 1080,220.00003 v -515.00007 0 0"
@@ -669,11 +669,11 @@
         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
         id="tspan10317-2-9-1-4">4.2</tspan></text>
    <g
-       id="g1379">
+       id="g1258">
      <rect
         style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
         id="rect917-0-0-4-4-9-4-5-38"
-         width="140.00003"
+         width="120.00002"
         height="45.000004"
         x="1220"
         y="-230.00005"
@@ -696,53 +696,76 @@
           id="tspan10317-2-9-1-4-6">4.3</tspan></text>
    </g>
    <rect
-       style="opacity:0.75;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
-       id="rect917-0-0-4-4-9-4-5-3-9"
-       width="979.99994"
+       style="opacity:0.75;fill:#241f31;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
+       id="rect917-0-0-4-4-9-4-5-3-9-2"
+       width="140"
       height="45.000004"
-       x="1320"
-       y="-285.00003"
+       x="1440"
+       y="-340.00003"
       ry="2.2558987" />
    <text
       xml:space="preserve"
       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="1373.233"
-       y="-265.32928"
-       id="text1185-3-55-4-0-0-0-1-1-6"><tspan
+       x="1487.233"
+       y="-320.32928"
+       id="text1185-3-55-4-0-0-0-1-1-6-4"><tspan
         sodipodi:role="line"
-         x="1373.233"
-         y="-265.32928"
+         x="1487.233"
+         y="-320.32928"
         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan957-2-8-6-3-9-7-4-2">Scarthgap</tspan><tspan
+         id="tspan957-2-8-6-3-9-7-4-2-0">Styhead</tspan><tspan
         sodipodi:role="line"
-         x="1373.233"
-         y="-247.33261"
+         x="1487.233"
+         y="-302.33261"
         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan10317-2-9-1-4-6-5">5.0</tspan></text>
-    <rect
-       style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
-       id="rect917-0-0-4-4-9-9"
-       width="960.00012"
-       height="45.000004"
-       x="859.99994"
-       y="-64.999992"
-       ry="2.2558987" />
-    <text
-       xml:space="preserve"
-       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="928.49872"
-       y="-45.648258"
-       id="text1185-3-55-4-0-0-9"><tspan
-         sodipodi:role="line"
+         id="tspan10317-2-9-1-4-6-5-6">5.1</tspan></text>
+    <g
+       id="g1591">
+      <rect
+         style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
+         id="rect917-0-0-4-4-9-9"
+         width="960.00012"
+         height="45.000004"
+         x="859.99994"
+         y="-64.999992"
+         ry="2.2558987" />
+      <text
+         xml:space="preserve"
+         style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
         x="928.49872"
         y="-45.648258"
-         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan957-2-8-6-3-6">Kirkstone (LTS)</tspan><tspan
+         id="text1185-3-55-4-0-0-9"><tspan
+           sodipodi:role="line"
+           x="928.49872"
+           y="-45.648258"
+           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
+           id="tspan957-2-8-6-3-6">Kirkstone (LTS)</tspan><tspan
+           sodipodi:role="line"
+           x="928.49872"
+           y="-27.651579"
+           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
+           id="tspan10317-2-9-0">4.0</tspan></text>
+    </g>
+    <path
+       id="rect917-0-0-4-4-9-9-9"
+       style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
+       d="m 1322.3015,-285.00003 c -1.2753,0 -2.302,1.00609 -2.302,2.25586 v 40.48828 c 0,1.24977 1.0267,2.25586 2.302,2.25586 h 975.0412 c 1.2754,0 2.302,-1.00609 2.302,-2.25586 v -40.48828 c 0,-1.24977 -1.0266,-2.25586 -2.302,-2.25586 z" />
+    <text
+       xml:space="preserve"
+       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       x="1390.4988"
+       y="-265.64832"
+       id="text1185-3-55-4-0-0-9-0"><tspan
         sodipodi:role="line"
-         x="928.49872"
-         y="-27.651579"
+         x="1390.4988"
+         y="-265.64832"
         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan10317-2-9-0">4.0</tspan></text>
+         id="tspan957-2-8-6-3-6-8">Scarthgap (LTS)</tspan><tspan
+         sodipodi:role="line"
+         x="1390.4988"
+         y="-247.65164"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
+         id="tspan10317-2-9-0-1">5.0</tspan></text>
    <text
       xml:space="preserve"
       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -9771,6 +9771,12 @@ system and gives an overview of their function and contents.
      ``meta-poky/conf/templates/default/local.conf.sample`` in the
      :term:`Source Directory`.

+   :term:`USERADD_DEPENDS`
+      Specifies a list of recipes that create users / groups (via
+      :term:`USERADD_PARAM` / :term:`GROUPADD_PARAM`) which a recipe
+      depends upon. This ensures that those users / groups are available
+      when building a recipe.
+
   :term:`USERADD_ERROR_DYNAMIC`
      If set to ``error``, forces the OpenEmbedded build system to produce
      an error if the user identification (``uid``) and group
--- a/documentation/set_versions.py
+++ b/documentation/set_versions.py
@@ -26,9 +26,9 @@ ourversion = None
 if len(sys.argv) == 2:
    ourversion = sys.argv[1]

-activereleases = ["nanbield", "kirkstone", "dunfell"]
-devbranch = "scarthgap"
-ltsseries = ["kirkstone", "dunfell"]
+activereleases = ["scarthgap", "nanbield", "kirkstone", "dunfell"]
+devbranch = "styhead"
+ltsseries = ["scarthgap", "kirkstone", "dunfell"]

 # used by run-docs-builds to get the default page
 if ourversion == "getlatest":
@@ -36,6 +36,7 @@ if ourversion == "getlatest":
    sys.exit(0)

 release_series = collections.OrderedDict()
+release_series["styhead"] = "5.1"
 release_series["scarthgap"] = "5.0"
 release_series["nanbield"] = "4.3"
 release_series["mickledore"] = "4.2"
@@ -68,6 +69,7 @@ release_series["laverne"] = "0.9"


 bitbake_mapping = {
+    "styhead" : "2.10",
    "scarthgap" : "2.8",
    "nanbield" : "2.6",
    "mickledore" : "2.4",
--- a/documentation/standards.md
+++ b/documentation/standards.md
@@ -70,28 +70,31 @@ cannot be split without infringing syntactic rules
 or reducing readability, as well as for command output
 which should be kept unmodified.

-### Project names
-
-Project names should be capitalized in the same
-way they are on Wikipedia, in particular:
-
-* BitBake
-* OpenEmbedded
-
-There are exceptions in which such names can be used
-in lower case:
-
-* When referring to a package name
-* When referring to the corresponding command name
-* When used in a cross-reference title. Such
-  titles are usually in lower case.
-
 ### File, tool and command names

-File, tool and command names should be double tick-quoted.
+File, tool, command and package names should be double tick-quoted.
 For example, ``` ``conf/local.conf`` ``` is preferred over
 `"conf/local.conf"`.

+### Project names
+
+Project names should be introduced with single quotes, to have them rendered
+with an italic font and make them easier to distinguish from command names
+(double tick-quoted) and from regular English words.
+
+An exception is when project names appear in hyperlinks, as nested markup
+is not supported by Sphinx yet.
+
+Project names should also be capitalized (or not) in the same way they are on
+Wikipedia, or on their own project pages if they are not described on
+Wikipedia. If a project name isn't capitalized, it should remain so even
+at the beginning of a sentence.
+
+For example:
+
+* ``` `BitBake` ```
+* ``` `ftrace` ```
+
 ### Variables

 Every variable should be mentioned with:
--- a/meta-poky/conf/distro/poky.conf
+++ b/meta-poky/conf/distro/poky.conf
@@ -1,6 +1,6 @@
 DISTRO = "poky"
 DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "5.0"
+DISTRO_VERSION = "5.0.2"
 DISTRO_CODENAME = "scarthgap"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}"
--- a/meta-poky/conf/templates/default/local.conf.sample
+++ b/meta-poky/conf/templates/default/local.conf.sample
@@ -238,7 +238,7 @@ BB_DISKMON_DIRS ??= "\
 # (CDN) kindly provided by JSDelivr, uncomment one of the SSTATE_MIRRORS lines, not both.
 # Using the CDN rather than the yoctoproject.org address is suggested/preferred.
 #
-#BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687"
+#BB_HASHSERVE_UPSTREAM = 'wss://hashserv.yoctoproject.org/ws'
 #SSTATE_MIRRORS ?= "file://.* http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH"
 #
 ###SSTATE_MIRRORS ?= "file://.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH"
--- a/meta-selftest/classes/localpkgfeed.bbclass
+++ b/meta-selftest/classes/localpkgfeed.bbclass
@@ -0,0 +1,27 @@
+# Create a subset of the package feed that just contain the
+# packages depended on by this recipe.
+
+LOCALPKGFEED_DIR = "${WORKDIR}/localpkgfeed"
+
+addtask localpkgfeed after do_build
+do_localpkgfeed[cleandirs] = "${LOCALPKGFEED_DIR}"
+do_localpkgfeed[nostamp] = "1"
+
+def get_packaging_class(d):
+    package_class = d.getVar("PACKAGE_CLASSES").split()[0]
+    return package_class.replace("package_", "")
+
+python () {
+    packaging = get_packaging_class(d)
+    d.setVarFlag("do_localpkgfeed", "rdeptask", "do_package_write_" + packaging)
+}
+
+python do_localpkgfeed() {
+    import oe.package_manager
+
+    packaging = get_packaging_class(d)
+    deploydir = d.getVar("DEPLOY_DIR_" + packaging.upper())
+    task = "package_write_" + packaging
+
+    oe.package_manager.create_packages_dir(d, d.getVar("LOCALPKGFEED_DIR"), deploydir, task, True, True)
+}
--- a/meta/classes-global/sstate.bbclass
+++ b/meta/classes-global/sstate.bbclass
@@ -1115,7 +1115,7 @@ def sstate_checkhashes(sq_data, d, siginfo=False, currentcount=0, summary=True,
        bb.parse.siggen.checkhashes(sq_data, missed, found, d)

    return found
-setscene_depvalid[vardepsexclude] = "SSTATE_EXCLUDEDEPS_SYSROOT"
+setscene_depvalid[vardepsexclude] = "SSTATE_EXCLUDEDEPS_SYSROOT _SSTATE_EXCLUDEDEPS_SYSROOT"

 BB_SETSCENE_DEPVALID = "setscene_depvalid"

--- a/meta/classes-recipe/go.bbclass
+++ b/meta/classes-recipe/go.bbclass
@@ -48,8 +48,6 @@ GO_RPATH:class-native = "${@'-r ${STAGING_LIBDIR_NATIVE}/go/pkg/${TARGET_GOTUPLE
 GO_RPATH_LINK:class-native = "${@'-Wl,-rpath-link=${STAGING_LIBDIR_NATIVE}/go/pkg/${TARGET_GOTUPLE}_dynlink' if d.getVar('GO_DYNLINK') else ''}"
 GO_EXTLDFLAGS ?= "${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS} ${GO_RPATH_LINK} ${LDFLAGS}"
 GO_LINKMODE ?= ""
-GO_LINKMODE:class-nativesdk = "--linkmode=external"
-GO_LINKMODE:class-native = "--linkmode=external"
 GO_EXTRA_LDFLAGS ?= ""
 GO_LINUXLOADER ?= "-I ${@get_linuxloader(d)}"
 # Use system loader. If uninative is used, the uninative loader will be patched automatically
--- a/meta/classes-recipe/goarch.bbclass
+++ b/meta/classes-recipe/goarch.bbclass
@@ -38,13 +38,13 @@ BASE_GOARM:armv5 = '5'
 # Go supports dynamic linking on a limited set of architectures.
 # See the supportsDynlink function in go/src/cmd/compile/internal/gc/main.go
 GO_DYNLINK = ""
-GO_DYNLINK:arm = ""
-GO_DYNLINK:aarch64 = ""
-GO_DYNLINK:x86 = ""
-GO_DYNLINK:x86-64 = ""
-GO_DYNLINK:powerpc64 = ""
-GO_DYNLINK:powerpc64le = ""
-GO_DYNLINK:class-native = ""
+GO_DYNLINK:arm ?= "1"
+GO_DYNLINK:aarch64 ?= "1"
+GO_DYNLINK:x86 ?= "1"
+GO_DYNLINK:x86-64 ?= "1"
+GO_DYNLINK:powerpc64 ?= "1"
+GO_DYNLINK:powerpc64le ?= "1"
+GO_DYNLINK:class-native ?= ""
 GO_DYNLINK:class-nativesdk = ""

 # define here because everybody inherits this class
--- a/meta/classes-recipe/image_types.bbclass
+++ b/meta/classes-recipe/image_types.bbclass
@@ -112,18 +112,22 @@ IMAGE_CMD:btrfs () {
 }

 oe_mksquashfs () {
-    local comp=$1
-    local suffix=$2
+    local comp=$1; shift
+    local extra_imagecmd="$@"
+
+    if [ "$comp" = "zstd" ]; then
+        suffix="zst"
+    fi

    # Use the bitbake reproducible timestamp instead of the hardcoded squashfs one
    export SOURCE_DATE_EPOCH=$(stat -c '%Y' ${IMAGE_ROOTFS})
-    mksquashfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}.squashfs${comp:+-}${suffix:-$comp} ${EXTRA_IMAGECMD} -noappend ${comp:+-comp }$comp
+    mksquashfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}.squashfs${comp:+-}${suffix:-$comp} -noappend ${comp:+-comp }$comp $extra_imagecmd
 }
-IMAGE_CMD:squashfs = "oe_mksquashfs"
-IMAGE_CMD:squashfs-xz = "oe_mksquashfs xz"
-IMAGE_CMD:squashfs-lzo = "oe_mksquashfs lzo"
-IMAGE_CMD:squashfs-lz4 = "oe_mksquashfs lz4"
-IMAGE_CMD:squashfs-zst = "oe_mksquashfs zstd zst"
+IMAGE_CMD:squashfs = "oe_mksquashfs '' ${EXTRA_IMAGECMD}"
+IMAGE_CMD:squashfs-xz = "oe_mksquashfs xz ${EXTRA_IMAGECMD}"
+IMAGE_CMD:squashfs-lzo = "oe_mksquashfs lzo ${EXTRA_IMAGECMD}"
+IMAGE_CMD:squashfs-lz4 = "oe_mksquashfs lz4 ${EXTRA_IMAGECMD}"
+IMAGE_CMD:squashfs-zst = "oe_mksquashfs zstd ${EXTRA_IMAGECMD}"

 IMAGE_CMD:erofs = "mkfs.erofs ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}.erofs ${IMAGE_ROOTFS}"
 IMAGE_CMD:erofs-lz4 = "mkfs.erofs -zlz4 ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}.erofs-lz4 ${IMAGE_ROOTFS}"
--- a/meta/classes-recipe/kernel.bbclass
+++ b/meta/classes-recipe/kernel.bbclass
@@ -463,7 +463,7 @@ kernel_do_install() {
 		rm -f "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/build"
 		rm -f "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/source"
 		# Remove empty module directories to prevent QA issues
-		find "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" -type d -empty -delete
+		[ -d "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" ] && find "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" -type d -empty -delete
 	else
 		bbnote "no modules to install"
 	fi
--- a/meta/classes-recipe/rootfs-postcommands.bbclass
+++ b/meta/classes-recipe/rootfs-postcommands.bbclass
@@ -206,7 +206,9 @@ read_only_rootfs_hook () {
 		# Also tweak the key location for dropbear in the same way.
 		if [ -d ${IMAGE_ROOTFS}/etc/dropbear ]; then
 			if [ ! -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then
-				echo "DROPBEAR_RSAKEY_DIR=/var/lib/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear
+				if ! grep -q "^DROPBEAR_RSAKEY_DIR=" ${IMAGE_ROOTFS}/etc/default/dropbear ; then
+					echo "DROPBEAR_RSAKEY_DIR=/var/lib/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear
+				fi
 			fi
 		fi
 	fi
--- a/meta/classes-recipe/uboot-sign.bbclass
+++ b/meta/classes-recipe/uboot-sign.bbclass
@@ -367,7 +367,7 @@ do_uboot_assemble_fitimage() {
 			done

 			for binary in ${UBOOT_BINARIES}; do
-				k=$(expr $j + 1);
+				k=$(expr $k + 1);
 				if [ $k -eq $i ]; then
 					break;
 				fi
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -190,7 +190,7 @@ RECIPE_MAINTAINER:pn-gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Khem Raj <r
 RECIPE_MAINTAINER:pn-gcc-crosssdk-${SDK_SYS} = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-gcc-runtime = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-gcc-sanitizers = "Khem Raj <raj.khem@gmail.com>"
-RECIPE_MAINTAINER:pn-gcc-source-13.2.0 = "Khem Raj <raj.khem@gmail.com>"
+RECIPE_MAINTAINER:pn-gcc-source-13.3.0 = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-gconf = "Ross Burton <ross.burton@arm.com>"
 RECIPE_MAINTAINER:pn-gcr = "Alexander Kanavin <alex.kanavin@gmail.com>"
 RECIPE_MAINTAINER:pn-gdb = "Khem Raj <raj.khem@gmail.com>"
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -7,9 +7,9 @@
 #

 UNINATIVE_MAXGLIBCVERSION = "2.39"
-UNINATIVE_VERSION = "4.4"
+UNINATIVE_VERSION = "4.5"

 UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
-UNINATIVE_CHECKSUM[aarch64] ?= "b61876130f494f75092f21086b4a64ea5fb064045769bf1d32e9cb6af17ea8ec"
-UNINATIVE_CHECKSUM[i686] ?= "9f28627828f0082cc0344eede4d9a861a9a064bfa8f36e072e46212f0fe45fcc"
-UNINATIVE_CHECKSUM[x86_64] ?= "d81c54284be2bb886931fc87281d58177a2cd381cf99d1981f8923039a72a302"
+UNINATIVE_CHECKSUM[aarch64] ?= "df2e29e2e6feb187a3499abf3b1322a3b251da819c77a7b19d4fe952351365ab"
+UNINATIVE_CHECKSUM[i686] ?= "8ef3eda53428b484c20157f6ec3c130b03080b3d4b3889067e0e184e05102d35"
+UNINATIVE_CHECKSUM[x86_64] ?= "43ee6a25bcf5fce16ea87076d6a96e79ead6ced90690a058d07432f902773473"
--- a/meta/lib/oe/package_manager/init.py
+++ b/meta/lib/oe/package_manager/init.py
@@ -449,7 +449,7 @@ class PackageManager(object, metaclass=ABCMeta):
            return res
        return _append(uris, base_paths)

-def create_packages_dir(d, subrepo_dir, deploydir, taskname, filterbydependencies):
+def create_packages_dir(d, subrepo_dir, deploydir, taskname, filterbydependencies, include_self=False):
    """
    Go through our do_package_write_X dependencies and hardlink the packages we depend
    upon into the repo directory. This prevents us seeing other packages that may
@@ -486,14 +486,17 @@ def create_packages_dir(d, subrepo_dir, deploydir, taskname, filterbydependencie
        bb.fatal("Couldn't find ourself in BB_TASKDEPDATA?")
    pkgdeps = set()
    start = [start]
-    seen = set(start)
+    if include_self:
+        seen = set()
+    else:
+        seen = set(start)
    # Support direct dependencies (do_rootfs -> do_package_write_X)
    # or indirect dependencies within PN (do_populate_sdk_ext -> do_rootfs -> do_package_write_X)
    while start:
        next = []
        for dep2 in start:
            for dep in taskdepdata[dep2][3]:
-                if taskdepdata[dep][0] != pn:
+                if include_self or taskdepdata[dep][0] != pn:
                    if "do_" + taskname in dep:
                        pkgdeps.add(dep)
                elif dep not in seen:
--- a/meta/lib/oe/package_manager/ipk/init.py
+++ b/meta/lib/oe/package_manager/ipk/init.py
@@ -4,6 +4,7 @@
 # SPDX-License-Identifier: GPL-2.0-only
 #

+import glob
 import re
 import shutil
 import subprocess
@@ -134,11 +135,16 @@ class OpkgDpkgPM(PackageManager):
        tmp_dir = tempfile.mkdtemp()
        current_dir = os.getcwd()
        os.chdir(tmp_dir)
-        data_tar = 'data.tar.zst'

        try:
            cmd = [ar_cmd, 'x', pkg_path]
            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+            data_tar = glob.glob("data.tar.*")
+            if len(data_tar) != 1:
+                bb.fatal("Unable to extract %s package. Failed to identify "
+                         "data tarball (found tarballs '%s').",
+                         pkg_path, data_tar)
+            data_tar = data_tar[0]
            cmd = [tar_cmd, 'xf', data_tar]
            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
        except subprocess.CalledProcessError as e:
@@ -153,6 +159,7 @@ class OpkgDpkgPM(PackageManager):
        bb.note("Extracted %s to %s" % (pkg_path, tmp_dir))
        bb.utils.remove(os.path.join(tmp_dir, "debian-binary"))
        bb.utils.remove(os.path.join(tmp_dir, "control.tar.gz"))
+        bb.utils.remove(os.path.join(tmp_dir, data_tar))
        os.chdir(current_dir)

        return tmp_dir
@@ -505,7 +512,4 @@ class OpkgPM(OpkgDpkgPM):
            bb.fatal("Unable to get information for package '%s' while "
                     "trying to extract the package."  % pkg)

-        tmp_dir = super(OpkgPM, self).extract(pkg, pkg_info)
-        bb.utils.remove(os.path.join(tmp_dir, "data.tar.zst"))
-
-        return tmp_dir
+        return super(OpkgPM, self).extract(pkg, pkg_info)
--- a/meta/lib/oeqa/sdk/cases/assimp.py
+++ b/meta/lib/oeqa/sdk/cases/assimp.py
@@ -25,10 +25,10 @@ class BuildAssimp(OESDKTestCase):

    def test_assimp(self):
        with tempfile.TemporaryDirectory(prefix="assimp", dir=self.tc.sdk_dir) as testdir:
-            tarball = self.fetch(testdir, self.td["DL_DIR"], "https://github.com/assimp/assimp/archive/v5.3.1.tar.gz")
+            tarball = self.fetch(testdir, self.td["DL_DIR"], "https://github.com/assimp/assimp/archive/v5.4.1.tar.gz")

            dirs = {}
-            dirs["source"] = os.path.join(testdir, "assimp-5.3.1")
+            dirs["source"] = os.path.join(testdir, "assimp-5.4.1")
            dirs["build"] = os.path.join(testdir, "build")
            dirs["install"] = os.path.join(testdir, "install")

@@ -39,7 +39,7 @@ class BuildAssimp(OESDKTestCase):
            self._run("sed -i '/#  ifdef _FILE_OFFSET_BITS/I,+2 d' {source}/contrib/zlib/gzguts.h".format(**dirs))
            os.makedirs(dirs["build"])

-            self._run("cd {build} && cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DASSIMP_BUILD_ZLIB=ON {source}".format(**dirs))
+            self._run("cd {build} && cmake -DASSIMP_WARNINGS_AS_ERRORS=OFF -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DASSIMP_BUILD_ZLIB=ON {source}".format(**dirs))
            self._run("cmake --build {build} -- -j".format(**dirs))
            self._run("cmake --build {build} --target install -- DESTDIR={install}".format(**dirs))
-            self.check_elf(os.path.join(dirs["install"], "usr", "local", "lib", "libassimp.so.5.3.0"))
+            self.check_elf(os.path.join(dirs["install"], "usr", "local", "lib", "libassimp.so.5.4.1"))
--- a/meta/lib/oeqa/sdkext/cases/devtool.py
+++ b/meta/lib/oeqa/sdkext/cases/devtool.py
@@ -69,10 +69,9 @@ class DevtoolTest(OESDKExtTestCase):
        self._test_devtool_build(self.myapp_cmake_dst)

    def test_extend_autotools_recipe_creation(self):
-        req = 'https://github.com/rdfa/librdfa'
-        recipe = "librdfa"
-        self._run('devtool sdk-install libxml2')
-        self._run('devtool add %s %s' % (recipe, req) )
+        recipe = "test-dbus-wait"
+        self._run('devtool sdk-install dbus')
+        self._run('devtool add %s https://git.yoctoproject.org/git/dbus-wait' % (recipe) )
        try:
            self._run('devtool build %s' % recipe)
        finally:
--- a/meta/lib/oeqa/selftest/cases/debuginfod.py
+++ b/meta/lib/oeqa/selftest/cases/debuginfod.py
@@ -62,7 +62,7 @@ class Debuginfod(OESelftestTestCase):

        raise TimeoutError("Cannot connect debuginfod, still %d scan jobs running" % latest)

-    def start_debuginfod(self):
+    def start_debuginfod(self, feed_dir):
        # We assume that the caller has already bitbake'd elfutils-native:do_addto_recipe_sysroot

        # Save some useful paths for later
@@ -82,7 +82,7 @@ class Debuginfod(OESelftestTestCase):
            # Disable rescanning, this is a one-shot test
            "--rescan-time=0",
            "--groom-time=0",
-            get_bb_var("DEPLOY_DIR"),
+            feed_dir,
        ]

        format = get_bb_var("PACKAGE_CLASSES").split()[0]
@@ -114,11 +114,12 @@ class Debuginfod(OESelftestTestCase):
        self.write_config("""
 TMPDIR = "${TOPDIR}/tmp-debuginfod"
 DISTRO_FEATURES:append = " debuginfod"
+INHERIT += "localpkgfeed"
 """)
-        bitbake("elfutils-native:do_addto_recipe_sysroot xz xz:do_package")
+        bitbake("elfutils-native:do_addto_recipe_sysroot xz xz:do_package xz:do_localpkgfeed")

        try:
-            self.start_debuginfod()
+            self.start_debuginfod(get_bb_var("LOCALPKGFEED_DIR", "xz"))

            env = os.environ.copy()
            env["DEBUGINFOD_URLS"] = "http://localhost:%d/" % self.port
@@ -141,12 +142,13 @@ DISTRO_FEATURES:append = " debuginfod"
        self.write_config("""
 TMPDIR = "${TOPDIR}/tmp-debuginfod"
 DISTRO_FEATURES:append = " debuginfod"
+INHERIT += "localpkgfeed"
 CORE_IMAGE_EXTRA_INSTALL += "elfutils xz"
        """)
-        bitbake("core-image-minimal elfutils-native:do_addto_recipe_sysroot")
+        bitbake("core-image-minimal elfutils-native:do_addto_recipe_sysroot xz:do_localpkgfeed")

        try:
-            self.start_debuginfod()
+            self.start_debuginfod(get_bb_var("LOCALPKGFEED_DIR", "xz"))

            with runqemu("core-image-minimal", runqemuparams="nographic") as qemu:
                cmd = "DEBUGINFOD_URLS=http://%s:%d/ debuginfod-find debuginfo /usr/bin/xz" % (qemu.server_ip, self.port)
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -286,10 +286,13 @@ class DevtoolTestCase(OESelftestTestCase):
        else:
            self.skipTest('No tap devices found - you must set up tap devices with scripts/runqemu-gen-tapdevs before running this test')

-    def _test_devtool_add_git_url(self, git_url, version, pn, resulting_src_uri):
+    def _test_devtool_add_git_url(self, git_url, version, pn, resulting_src_uri, srcrev=None):
        self.track_for_cleanup(self.workspacedir)
        self.add_command_to_tearDown('bitbake-layers remove-layer */workspace')
-        result = runCmd('devtool add --version %s %s %s' % (version, pn, git_url))
+        command = 'devtool add --version %s %s %s' % (version, pn, git_url)
+        if srcrev :
+            command += ' --srcrev %s' %srcrev
+        result = runCmd(command)
        self.assertExists(os.path.join(self.workspacedir, 'conf', 'layer.conf'), 'Workspace directory not created')
        # Check the recipe name is correct
        recipefile = get_bb_var('FILE', pn)
@@ -479,11 +482,12 @@ class DevtoolAddTests(DevtoolBase):

    def test_devtool_add_git_style2(self):
        version = 'v3.1.0'
+        srcrev = 'v3.1.0'
        pn = 'mbedtls'
        # this will trigger reformat_git_uri with branch parameter in url
        git_url = "'git://git@github.com/ARMmbed/mbedtls.git;protocol=https'"
-        resulting_src_uri = "gitsm://git@github.com/ARMmbed/mbedtls.git;protocol=https;branch=master"
-        self._test_devtool_add_git_url(git_url, version, pn, resulting_src_uri)
+        resulting_src_uri = "git://git@github.com/ARMmbed/mbedtls.git;protocol=https;branch=master"
+        self._test_devtool_add_git_url(git_url, version, pn, resulting_src_uri, srcrev)

    def test_devtool_add_library(self):
        # Fetch source
@@ -749,6 +753,25 @@ class DevtoolModifyTests(DevtoolBase):
        result = runCmd('devtool status')
        self.assertNotIn('mdadm', result.output)

+    def test_devtool_modify_go(self):
+        import oe.path
+        from tempfile import TemporaryDirectory
+        with TemporaryDirectory(prefix='devtoolqa') as tempdir:
+            self.track_for_cleanup(self.workspacedir)
+            self.add_command_to_tearDown('bitbake -c clean go-helloworld')
+            self.add_command_to_tearDown('bitbake-layers remove-layer */workspace')
+            result = runCmd('devtool modify go-helloworld -x %s' % tempdir)
+            self.assertExists(
+                oe.path.join(tempdir, 'src', 'golang.org', 'x', 'example', 'go.mod'),
+                             'Extracted source could not be found'
+            )
+            self.assertExists(
+                oe.path.join(self.workspacedir, 'conf', 'layer.conf'),
+                'Workspace directory not created'
+            )
+            matches = glob.glob(oe.path.join(self.workspacedir, 'appends', 'go-helloworld_*.bbappend'))
+            self.assertTrue(matches, 'bbappend not created %s' % result.output)
+
    def test_devtool_buildclean(self):
        def assertFile(path, *paths):
            f = os.path.join(path, *paths)
@@ -1405,14 +1428,30 @@ class DevtoolUpdateTests(DevtoolBase):
        runCmd('echo "Bar" > new-file', cwd=tempdir)
        runCmd('git add new-file', cwd=tempdir)
        runCmd('git commit -m "Add new file"', cwd=tempdir)
-        self.add_command_to_tearDown('cd %s; git clean -fd .; git checkout .' %
-                                     os.path.dirname(recipefile))
        runCmd('devtool update-recipe %s' % testrecipe)
        expected_status = [(' M', '.*/%s$' % os.path.basename(recipefile)),
                           (' M', '.*/makedevs/makedevs.c$'),
                           ('??', '.*/makedevs/new-local$'),
                           ('??', '.*/makedevs/0001-Add-new-file.patch$')]
        self._check_repo_status(os.path.dirname(recipefile), expected_status)
+        # Now try to update recipe in another layer, so first, clean it
+        runCmd('cd %s; git clean -fd .; git checkout .' % os.path.dirname(recipefile))
+        # Create a temporary layer and add it to bblayers.conf
+        self._create_temp_layer(templayerdir, True, 'templayer')
+        # Update recipe in templayer
+        result = runCmd('devtool update-recipe %s -a %s' % (testrecipe, templayerdir))
+        self.assertNotIn('WARNING:', result.output)
+        # Check recipe is still clean
+        self._check_repo_status(os.path.dirname(recipefile), [])
+        splitpath = os.path.dirname(recipefile).split(os.sep)
+        appenddir = os.path.join(templayerdir, splitpath[-2], splitpath[-1])
+        bbappendfile = self._check_bbappend(testrecipe, recipefile, appenddir)
+        patchfile = os.path.join(appenddir, testrecipe, '0001-Add-new-file.patch')
+        new_local_file = os.path.join(appenddir, testrecipe, 'new_local')
+        local_file = os.path.join(appenddir, testrecipe, 'makedevs.c')
+        self.assertExists(patchfile, 'Patch file 0001-Add-new-file.patch not created')
+        self.assertExists(local_file, 'File makedevs.c not created')
+        self.assertExists(patchfile, 'File new_local not created')

    def test_devtool_update_recipe_local_files_2(self):
        """Check local source files support when oe-local-files is in Git"""
--- a/meta/lib/oeqa/selftest/context.py
+++ b/meta/lib/oeqa/selftest/context.py
@@ -194,8 +194,23 @@ class OESelftestTestContextExecutor(OETestContextExecutor):
        parser.add_argument('-R', '--skip-tests', required=False, action='store',
                nargs='+', dest="skips", default=None,
                help='Skip the tests specified. Format should be <module>[.<class>[.<test_method>]]')
+
+        def check_parallel_support(parameter):
+            if not parameter.isdigit():
+                import argparse
+                raise argparse.ArgumentTypeError("argument -j/--num-processes: invalid int value: '%s' " % str(parameter))
+
+            processes = int(parameter)
+            if processes:
+                try:
+                    import testtools, subunit
+                except ImportError:
+                    print("Failed to import testtools or subunit, the testcases will run serially")
+                    processes = None
+            return processes
+
        parser.add_argument('-j', '--num-processes', dest='processes', action='store',
-                type=int, help="number of processes to execute in parallel with")
+                type=check_parallel_support, help="number of processes to execute in parallel with")

        parser.add_argument('-t', '--select-tag', dest="select_tags",
                action='append', default=None,
--- a/meta/lib/oeqa/utils/postactions.py
+++ b/meta/lib/oeqa/utils/postactions.py
@@ -25,7 +25,7 @@ def create_artifacts_directory(d, tc):
 def get_target_disk_usage(d, tc):
    output_file = os.path.join(get_json_result_dir(d), "artifacts", "target_disk_usage.txt")
    try:
-        (status, output) = tc.target.run('df -hl')
+        (status, output) = tc.target.run('df -h')
        with open(output_file, 'w') as f:
            f.write(output)
            f.write("\n")
--- a/meta/lib/patchtest/tests/test_metadata.py
+++ b/meta/lib/patchtest/tests/test_metadata.py
@@ -18,12 +18,12 @@ class TestMetadata(base.Metadata):
    lictag_re  = pyparsing.AtLineStart("License-Update:")
    lic_chksum_added = pyparsing.AtLineStart("+" + metadata_chksum)
    lic_chksum_removed = pyparsing.AtLineStart("-" + metadata_chksum)
-    add_mark = pyparsing.Regex('\+ ')
+    add_mark = pyparsing.Regex('\\+ ')
    max_length = 200
    metadata_src_uri  = 'SRC_URI'
    md5sum    = 'md5sum'
    sha256sum = 'sha256sum'
-    git_regex = pyparsing.Regex('^git\:\/\/.*')
+    git_regex = pyparsing.Regex('^git\\:\\/\\/.*')
    metadata_summary = 'SUMMARY'
    cve_check_ignore_var = 'CVE_CHECK_IGNORE'
    cve_status_var = 'CVE_STATUS'
--- a/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
+++ b/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
@@ -46,3 +46,9 @@ ALTERNATIVE_TARGET[rb] = "${bindir}/lrz"
 ALTERNATIVE_TARGET[sz] = "${bindir}/lsz"
 ALTERNATIVE_TARGET[sx] = "${bindir}/lsz"
 ALTERNATIVE_TARGET[sb] = "${bindir}/lsz"
+
+# http://errors.yoctoproject.org/Errors/Details/766929/
+# lrzsz-0.12.20/src/tcp.c:75:56: error: passing argument 3 of 'getsockname' from incompatible pointer type [-Wincompatible-pointer-types]
+# lrzsz-0.12.20/src/tcp.c:83:52: error: passing argument 3 of 'getsockname' from incompatible pointer type [-Wincompatible-pointer-types]
+# lrzsz-0.12.20/src/tcp.c:103:51: error: passing argument 3 of 'accept' from incompatible pointer type [-Wincompatible-pointer-types]
+CFLAGS += "-Wno-error=incompatible-pointer-types"
--- a/meta/recipes-connectivity/bind/bind_9.18.25.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.25.bb
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
           file://0001-avoid-start-failure-with-bind-user.patch \
           "

-SRC_URI[sha256sum] = "709d73023c9115ddad3bab65b6c8c79a590196d0d114f5d0ca2533dbd52ddf66"
+SRC_URI[sha256sum] = "5a4a70432a33d009f0e6e9dbb328aae7a5e27507e98e28bf3c0c6b250ccb2ab3"

 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
 # follow the ESV versions divisible by 2
--- a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
+++ b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
@@ -28,3 +28,7 @@ RDEPENDS:${PN} = "connman"
 do_install:append() {
    install -m 0644 ${WORKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/
 }
+
+# http://errors.yoctoproject.org/Errors/Details/766926/
+# connman-client.c:200:15: error: assignment to 'GtkTreeModel *' {aka 'struct _GtkTreeModel *'} from incompatible pointer type 'GtkTreeStore *' {aka 'struct _GtkTreeStore *'} [-Wincompatible-pointer-types]
+CFLAGS += "-Wno-error=incompatible-pointer-types"
--- a/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch
+++ b/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch
@@ -1,39 +0,0 @@
-From c25f8d1f7a6203dfeb10b39f80ffd314bb84a58d Mon Sep 17 00:00:00 2001
-From: Baruch Siach <baruch@tkos.co.il>
-Date: Thu, 22 Dec 2016 15:26:30 +0200
-Subject: [PATCH] libc-compat.h: add musl workaround
-
-The libc-compat.h kernel header uses glibc specific macros (__GLIBC__ and
-__USE_MISC) to solve conflicts with libc provided headers. This patch makes
-libc-compat.h work for musl libc as well.
-
-Upstream-Status: Pending
-
-Taken From:
-https://git.buildroot.net/buildroot/tree/package/iproute2/0001-Add-the-musl-workaround-to-the-libc-compat.h-copy.patch
-
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
-Signed-off-by: Maxin B. John <maxin.john@intel.com>
-
---
- include/uapi/linux/libc-compat.h | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/include/uapi/linux/libc-compat.h b/include/uapi/linux/libc-compat.h
-index a159991..22198fa 100644
--- a/include/uapi/linux/libc-compat.h
-+++ b/include/uapi/linux/libc-compat.h
-@@ -50,10 +50,12 @@
- #define _LIBC_COMPAT_H
- 
- /* We have included glibc headers... */
-#if defined(__GLIBC__)
-+#if 1
-+#define __USE_MISC
- 
- /* Coordinate with glibc net/if.h header. */
- #if defined(_NET_IF_H) && defined(__USE_MISC)
-+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 0
- 
- /* GLIBC headers included first so don't define anything
-  * that would already be defined. */
--- a/meta/recipes-connectivity/iproute2/iproute2_6.7.0.bb
+++ b/meta/recipes-connectivity/iproute2/iproute2_6.7.0.bb
@@ -11,9 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \

 DEPENDS = "flex-native bison-native iptables libcap"

-SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
-           file://0001-libc-compat.h-add-musl-workaround.patch \
-           "
+SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz"

 SRC_URI[sha256sum] = "ff942dd9828d7d1f867f61fe72ce433078c31e5d8e4a78e20f02cb5892e8841d"

@@ -28,6 +26,8 @@ PACKAGECONFIG[selinux] = ",,libselinux"

 IPROUTE2_MAKE_SUBDIRS = "lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc rdma', d)}"

+# This is needed with GCC-14 and musl
+CFLAGS += "-Wno-error=incompatible-pointer-types"
 # CFLAGS are computed in Makefile and reference CCOPTS
 #
 EXTRA_OEMAKE = "\
--- a/meta/recipes-connectivity/kea/files/0001-kea-fix-reproducible-build-failure.patch
+++ b/meta/recipes-connectivity/kea/files/0001-kea-fix-reproducible-build-failure.patch
@@ -1,62 +0,0 @@
-From f9bcfed5a1d44d9211c5f6eba403a9898c8c9057 Mon Sep 17 00:00:00 2001
-From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
-Date: Tue, 8 Aug 2023 19:03:13 +0100
-Subject: [PATCH] kea: fix reproducible build failure
-
-New version of Kea has started using path of build-dir instead of
-src-dir which results in reproducible builds failure.
-Use src-dir as is used in v2.2.0
-
-Upstream-Status: Pending
-https://gitlab.isc.org/isc-projects/kea/-/issues/3007
-
-Upstream has confirmed the patch will not be accepted but discussions
-with upstream is still going on, we might have a proper solution later.
-
-Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
---
- src/bin/admin/kea-admin.in | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/bin/admin/kea-admin.in b/src/bin/admin/kea-admin.in
-index 034a0ee..8ab11ab 100644
--- a/src/bin/admin/kea-admin.in
-+++ b/src/bin/admin/kea-admin.in
-@@ -51,14 +51,14 @@ dump_qry=""
- if test -f "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh"; then
-     . "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh"
- else
-    . "@abs_top_builddir@/src/bin/admin/admin-utils.sh"
-+    . "@abs_top_srcdir@/src/bin/admin/admin-utils.sh"
- fi
- 
- # Find the installed kea-lfc if available. Fallback to sources otherwise.
- if test -x "@sbindir@/kea-lfc"; then
-     kea_lfc="@sbindir@/kea-lfc"
- else
-    kea_lfc="@abs_top_builddir@/src/bin/lfc/kea-lfc"
-+    kea_lfc="@abs_top_srcdir@/src/bin/lfc/kea-lfc"
- fi
- 
- # Prints out usage version.
-@@ -355,7 +355,7 @@ mysql_upgrade() {
-     # Check if there are any files in it
-     num_files=$(find "${upgrade_scripts_dir}" -name 'upgrade*.sh' -type f | wc -l)
-     if [ "$num_files" -eq 0 ]; then
-        upgrade_scripts_dir=@abs_top_builddir@/src/share/database/scripts/mysql
-+        upgrade_scripts_dir=@abs_top_srcdir@/src/share/database/scripts/mysql
- 
-         # Check if the scripts directory exists at all.
-         if [ ! -d ${upgrade_scripts_dir} ]; then
-@@ -405,7 +405,7 @@ pgsql_upgrade() {
-     # Check if there are any files in it
-     num_files=$(find "${upgrade_scripts_dir}" -name 'upgrade*.sh' -type f | wc -l)
-     if [ "$num_files" -eq 0 ]; then
-        upgrade_scripts_dir=@abs_top_builddir@/src/share/database/scripts/pgsql
-+        upgrade_scripts_dir=@abs_top_srcdir@/src/share/database/scripts/pgsql
- 
-         # Check if the scripts directory exists at all.
-         if [ ! -d ${upgrade_scripts_dir} ]; then
-- 
-2.39.2
-
--- a/meta/recipes-connectivity/kea/kea_2.4.1.bb
+++ b/meta/recipes-connectivity/kea/kea_2.4.1.bb
@@ -17,7 +17,6 @@ SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \
           file://fix-multilib-conflict.patch \
           file://fix_pid_keactrl.patch \
           file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \
-           file://0001-kea-fix-reproducible-build-failure.patch \
           "
 SRC_URI[sha256sum] = "815c61f5c271caa4a1db31dd656eb50a7f6ea973da3690f7c8581408e180131a"

@@ -39,6 +38,7 @@ DEBUG_OPTIMIZATION:append:mipsel = " -O"
 BUILD_OPTIMIZATION:remove:mipsel = " -Og"
 BUILD_OPTIMIZATION:append:mipsel = " -O"

+CXXFLAGS:remove = "-fvisibility-inlines-hidden"
 EXTRA_OECONF = "--with-boost-libs=-lboost_system \
                --with-log4cplus=${STAGING_DIR_TARGET}${prefix} \
                --with-openssl=${STAGING_DIR_TARGET}${prefix}"
@@ -47,7 +47,7 @@ do_configure:prepend() {
    # replace abs_top_builddir to avoid introducing the build path
    # don't expand the abs_top_builddir on the target as the abs_top_builddir is meanlingless on the target
    find ${S} -type f -name *.sh.in | xargs sed -i  "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g"
-    sed -i "s:@abs_top_srcdir@:@abs_top_srcdir_placeholder@:g" ${S}/src/bin/admin/kea-admin.in
+    sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" ${S}/src/bin/admin/kea-admin.in
 }

 # patch out build host paths for reproducibility
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch
@@ -1,120 +0,0 @@
-From e9d7083e241670332e0443da0f0d4ffb52829f08 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 5 Mar 2024 15:43:53 +0000
-Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3
-
-In TLSv1.3 we create a new session object for each ticket that we send.
-We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
-use then the new session will be added to the session cache. However, if
-early data is not in use (and therefore anti-replay protection is being
-used), then multiple threads could be resuming from the same session
-simultaneously. If this happens and a problem occurs on one of the threads,
-then the original session object could be marked as not_resumable. When we
-duplicate the session object this not_resumable status gets copied into the
-new session object. The new session object is then added to the session
-cache even though it is not_resumable.
-
-Subsequently, another bug means that the session_id_length is set to 0 for
-sessions that are marked as not_resumable - even though that session is
-still in the cache. Once this happens the session can never be removed from
-the cache. When that object gets to be the session cache tail object the
-cache never shrinks again and grows indefinitely.
-
-CVE-2024-2511
-
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/24043)
-
-CVE: CVE-2024-2511
-Upstream-Status: Backport [https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08]
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
- ssl/ssl_lib.c            |  5 +++--
- ssl/ssl_sess.c           | 28 ++++++++++++++++++++++------
- ssl/statem/statem_srvr.c |  5 ++---
- 3 files changed, 27 insertions(+), 11 deletions(-)
-
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 4afb43bc86e54..c51529ddab5bb 100644
--- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -4457,9 +4457,10 @@ void ssl_update_cache(SSL_CONNECTION *s, int mode)
- 
-     /*
-      * If the session_id_length is 0, we are not supposed to cache it, and it
-     * would be rather hard to do anyway :-)
-+     * would be rather hard to do anyway :-). Also if the session has already
-+     * been marked as not_resumable we should not cache it for later reuse.
-      */
-    if (s->session->session_id_length == 0)
-+    if (s->session->session_id_length == 0 || s->session->not_resumable)
-         return;
- 
-     /*
-diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
-index 3dcc4d81e5bc6..1fa6d17c46863 100644
--- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -127,16 +127,11 @@ SSL_SESSION *SSL_SESSION_new(void)
-     return ss;
- }
- 
-SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
-{
-    return ssl_session_dup(src, 1);
-}
-
- /*
-  * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
-  * ticket == 0 then no ticket information is duplicated, otherwise it is.
-  */
-SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
-+static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
- {
-     SSL_SESSION *dest;
- 
-@@ -265,6 +260,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
-     return NULL;
- }
- 
-+SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
-+{
-+    return ssl_session_dup_intern(src, 1);
-+}
-+
-+/*
-+ * Used internally when duplicating a session which might be already shared.
-+ * We will have resumed the original session. Subsequently we might have marked
-+ * it as non-resumable (e.g. in another thread) - but this copy should be ok to
-+ * resume from.
-+ */
-+SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
-+{
-+    SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
-+
-+    if (sess != NULL)
-+        sess->not_resumable = 0;
-+
-+    return sess;
-+}
-+
- const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
- {
-     if (len)
-diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
-index 853af8c0aa9f9..d5f0ab091dacc 100644
--- a/ssl/statem/statem_srvr.c
-+++ b/ssl/statem/statem_srvr.c
-@@ -2445,9 +2445,8 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
-      * so the following won't overwrite an ID that we're supposed
-      * to send back.
-      */
-    if (s->session->not_resumable ||
-        (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER)
-         && !s->hit))
-+    if (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER)
-+            && !s->hit)
-         s->session->session_id_length = 0;
- 
-     if (usetls13) {
--- a/meta/recipes-connectivity/openssl/openssl/bti.patch
+++ b/meta/recipes-connectivity/openssl/openssl/bti.patch
@@ -1,58 +0,0 @@
-From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001
-From: Tom Cosgrove <tom.cosgrove@arm.com>
-Date: Tue, 26 Mar 2024 13:18:00 +0000
-Subject: [PATCH] aarch64: fix BTI in bsaes assembly code
-
-In Arm systems where BTI is enabled but the Crypto extensions are not (more
-likely in FVPs than in real hardware), the bit-sliced assembler code will
-be used. However, this wasn't annotated with BTI instructions when BTI was
-enabled, so the moment libssl jumps into this code it (correctly) aborts.
-
-Solve this by adding the missing BTI landing pads.
-
-Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
---
- crypto/aes/asm/bsaes-armv8.pl | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl
-index b3c97e439f..c3c5ff3e05 100644
--- a/crypto/aes/asm/bsaes-armv8.pl
-+++ b/crypto/aes/asm/bsaes-armv8.pl
-@@ -1018,6 +1018,7 @@ _bsaes_key_convert:
- //   Initialisation vector overwritten with last quadword of ciphertext
- //   No output registers, usual AAPCS64 register preservation
- ossl_bsaes_cbc_encrypt:
-+        AARCH64_VALID_CALL_TARGET
-         cmp     x2, #128
-         bhs     .Lcbc_do_bsaes
-         b       AES_cbc_encrypt
-@@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt:
- //   Output text filled in
- //   No output registers, usual AAPCS64 register preservation
- ossl_bsaes_ctr32_encrypt_blocks:
-
-+        AARCH64_VALID_CALL_TARGET
-         cmp     x2, #8                      // use plain AES for
-         blo     .Lctr_enc_short             // small sizes
- 
-@@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks:
- //   Output ciphertext filled in
- //   No output registers, usual AAPCS64 register preservation
- ossl_bsaes_xts_encrypt:
-+        AARCH64_VALID_CALL_TARGET
-         // Stack layout:
-         // sp ->
-         //        nrounds*128-96 bytes: key schedule
-@@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt:
- //   Output plaintext filled in
- //   No output registers, usual AAPCS64 register preservation
- ossl_bsaes_xts_decrypt:
-+        AARCH64_VALID_CALL_TARGET
-         // Stack layout:
-         // sp ->
-         //        nrounds*128-96 bytes: key schedule
-- 
-2.34.1
-
--- a/meta/recipes-connectivity/openssl/openssl_3.2.2.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.2.2.bb
@@ -12,15 +12,13 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
           file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
           file://0001-Configure-do-not-tweak-mips-cflags.patch \
           file://0001-Added-handshake-history-reporting-when-test-fails.patch \
-           file://bti.patch \
-           file://CVE-2024-2511.patch \
           "

 SRC_URI:append:class-nativesdk = " \
           file://environment.d-openssl.sh \
           "

-SRC_URI[sha256sum] = "83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39"
+SRC_URI[sha256sum] = "197149c18d9e9f292c43f0400acaba12e5f52cacfe050f3d199277ea738ec2e7"

 inherit lib_package multilib_header multilib_script ptest perlnative manpages
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--- a/meta/recipes-connectivity/ppp/ppp_2.5.0.bb
+++ b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb
@@ -5,7 +5,7 @@ SECTION = "console/network"
 HOMEPAGE = "http://samba.org/ppp/"
 BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"
 DEPENDS = "libpcap openssl virtual/crypt"
-LICENSE = "BSD-3-Clause & BSD-3-Clause-Attribution & GPL-2.0-or-later & LGPL-2.0-or-later & PD"
+LICENSE = "BSD-3-Clause & BSD-3-Clause-Attribution & GPL-2.0-or-later & LGPL-2.0-or-later & PD & RSA-MD"
 LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \
                    file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \
                    file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \
--- a/meta/recipes-core/base-files/base-files/profile
+++ b/meta/recipes-core/base-files/base-files/profile
@@ -58,7 +58,7 @@ resize() {
 	fi
 	# only do this for /dev/tty[A-z] which are typically
 	# serial ports
-	if [ $FIRSTTIMESETUP -eq 1 -a $SHLVL -eq 1 ] ; then
+	if [ $FIRSTTIMESETUP -eq 1 -a ${SHLVL:-1} -eq 1 ] ; then
 		case $(tty 2>/dev/null) in
 			/dev/tty[A-z]*) resize >/dev/null;;
 		esac
--- a/meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
+++ b/meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
@@ -5,7 +5,7 @@ Subject: [PATCH 1/2] libbb: sockaddr2str: ensure only printable characters are
 returned for the hostname part

 CVE: CVE-2022-28391
-Upstream-Status: Pending
+Upstream-Status: Submitted [https://bugs.busybox.net/show_bug.cgi?id=15001]
 Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>
 Signed-off-by: Steve Sakoman <steve@sakoman.com>
 ---
--- a/meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
+++ b/meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
@@ -8,7 +8,7 @@ Otherwise, terminal sequences can be injected, which enables various terminal in
 attacks from DNS results.

 CVE: CVE-2022-28391
-Upstream-Status: Pending
+Upstream-Status: Submitted [https://bugs.busybox.net/show_bug.cgi?id=15001]
 Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>
 Signed-off-by: Steve Sakoman <steve@sakoman.com>
 ---
--- a/meta/recipes-core/ell/ell_0.64.bb
+++ b/meta/recipes-core/ell/ell_0.64.bb
@@ -15,7 +15,7 @@ DEPENDS = "dbus"
 inherit autotools pkgconfig

 SRC_URI = "https://mirrors.edge.kernel.org/pub/linux/libs/${BPN}/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "7397c76996d7646b9917ebf016cd67586b10166295af2e0e18cdb5b8f6659965"
+SRC_URI[sha256sum] = "760f3901078409f66cadf1bb24c8bdc60f13d53f6dd66b88631221d2494f8405"

 do_configure:prepend () {
    mkdir -p ${S}/build-aux
--- a/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch
+++ b/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch
@@ -1,54 +0,0 @@
-From cce3ae98a2c1966719daabff5a4ec6cf94a846f6 Mon Sep 17 00:00:00 2001
-From: Philip Withnall <pwithnall@gnome.org>
-Date: Mon, 26 Feb 2024 16:55:44 +0000
-Subject: [PATCH] tests: Remove variable-length lookbehind tests for GRegex
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-PCRE2 10.43 has now introduced support for variable-length lookbehind,
-so these tests now fail if GLib is built against PCRE2 10.43 or higher.
-
-See
-https://github.com/PCRE2Project/pcre2/blob/e8db6fa7137f4c6f66cb87e0a3c9467252ec1ef7/ChangeLog#L94.
-
-Rather than making the tests conditional on the version of PCRE2 in use,
-just remove them. They are mostly testing the PCRE2 code rather than
-any code in GLib, so donâ€™t have much value.
-
-This should fix CI runs on msys2-mingw32, which updated to PCRE2 10.43 2
-days ago.
-
-Signed-off-by: Philip Withnall <pwithnall@gnome.org>
-
-Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/cce3ae98a2c1966719daabff5a4ec6cf94a846f6]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
- glib/tests/regex.c | 10 ----------
- 1 file changed, 10 deletions(-)
-
-diff --git a/glib/tests/regex.c b/glib/tests/regex.c
-index 1082526292..d7a698ec67 100644
--- a/glib/tests/regex.c
-+++ b/glib/tests/regex.c
-@@ -1885,16 +1885,6 @@ test_lookbehind (void)
-   g_match_info_free (match);
-   g_regex_unref (regex);
- 
-  regex = g_regex_new ("(?<!dogs?|cats?) x", G_REGEX_OPTIMIZE, G_REGEX_MATCH_DEFAULT, &error);
-  g_assert (regex == NULL);
-  g_assert_error (error, G_REGEX_ERROR, G_REGEX_ERROR_VARIABLE_LENGTH_LOOKBEHIND);
-  g_clear_error (&error);
-
-  regex = g_regex_new ("(?<=ab(c|de)) foo", G_REGEX_OPTIMIZE, G_REGEX_MATCH_DEFAULT, &error);
-  g_assert (regex == NULL);
-  g_assert_error (error, G_REGEX_ERROR, G_REGEX_ERROR_VARIABLE_LENGTH_LOOKBEHIND);
-  g_clear_error (&error);
-
-   regex = g_regex_new ("(?<=abc|abde)foo", G_REGEX_OPTIMIZE, G_REGEX_MATCH_DEFAULT, &error);
-   g_assert (regex);
-   g_assert_no_error (error);
-- 
-GitLab
-
-
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb
@@ -16,14 +16,13 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
           file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \
           file://0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch \
           file://memory-monitor.patch \
-           file://fix-regex.patch \
           file://skip-timeout.patch \
           "
 SRC_URI:append:class-native = " file://relocate-modules.patch \ 
                                file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \
                              "

-SRC_URI[sha256sum] = "24b8e0672dca120cc32d394bccb85844e732e04fe75d18bb0573b2dbc7548f63"
+SRC_URI[sha256sum] = "244854654dd82c7ebcb2f8e246156d2a05eb9cd1ad07ed7a779659b4602c9fae"

 # Find any meson cross files in FILESPATH that are relevant for the current
 # build (using siteinfo) and add them to EXTRA_OEMESON.
--- a/meta/recipes-core/glibc/glibc-common.inc
+++ b/meta/recipes-core/glibc/glibc-common.inc
@@ -2,7 +2,7 @@ SUMMARY = "GLIBC (GNU C Library)"
 DESCRIPTION = "The GNU C Library is used as the system C library in most systems with the Linux kernel."
 HOMEPAGE = "http://www.gnu.org/software/libc/libc.html"
 SECTION = "libs"
-LICENSE = "GPL-2.0-only & LGPL-2.1-only"
+LICENSE = "GPL-2.0-only & LGPL-2.1-or-later"

 LIC_FILES_CHKSUM ?= "file://LICENSES;md5=f77e878d320e99e94ae9a4aea7f491d1 \
      file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
 SRCBRANCH ?= "release/2.39/master"
 PV = "2.39+git"
-SRCREV_glibc ?= "1b9c1a0047fb26a65a9b2a7b8cd977243f7d353c"
+SRCREV_glibc ?= "273a835fe7c685cc54266bb8b502787bad5e9bae"
 SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc"

 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"
--- a/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
+++ b/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
@@ -11,16 +11,15 @@ Upstream-Status: Inappropriate [ OE-Specific ]

 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 ---
- sysdeps/aarch64/bits/wordsize.h | 8 ++++++--
- sysdeps/arm/bits/wordsize.h     | 1 +
- 2 files changed, 7 insertions(+), 2 deletions(-)
- create mode 120000 sysdeps/arm/bits/wordsize.h
+ sysdeps/aarch64/bits/wordsize.h | 11 +++++++++--
+ sysdeps/arm/bits/wordsize.h     | 22 +---------------------
+ 2 files changed, 10 insertions(+), 23 deletions(-)

 diff --git a/sysdeps/aarch64/bits/wordsize.h b/sysdeps/aarch64/bits/wordsize.h
-index 118e59172d..b4b0692eb5 100644
+index 118e59172d..ff86359fe8 100644
 --- a/sysdeps/aarch64/bits/wordsize.h
 +++ b/sysdeps/aarch64/bits/wordsize.h
-@@ -17,12 +17,16 @@
+@@ -17,12 +17,19 @@
    License along with the GNU C Library; if not, see
    <https://www.gnu.org/licenses/>.  */
 
@@ -33,12 +32,42 @@ index 118e59172d..b4b0692eb5 100644
 # define __WORDSIZE32_SIZE_ULONG	1
 # define __WORDSIZE32_PTRDIFF_LONG	1
 +#else
-+# define __WORDSIZE			32
-+# define __WORDSIZE32_SIZE_ULONG	0
-+# define __WORDSIZE32_PTRDIFF_LONG	0
+#define __WORDSIZE			32
+#define __WORDSIZE_TIME64_COMPAT32	1
+#define __WORDSIZE32_SIZE_ULONG		0
+#define __WORDSIZE32_PTRDIFF_LONG	0
 #endif
 
+#ifdef __aarch64__
 #define __WORDSIZE_TIME64_COMPAT32	0
+#endif
+diff --git a/sysdeps/arm/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h
+deleted file mode 100644
+index 6ecbfe7c86..0000000000
+--- a/sysdeps/arm/bits/wordsize.h
+++ /dev/null
+@@ -1,21 +0,0 @@
+-/* Copyright (C) 1999-2024 Free Software Foundation, Inc.
+-   This file is part of the GNU C Library.
+-
+-   The GNU C Library is free software; you can redistribute it and/or
+-   modify it under the terms of the GNU Lesser General Public
+-   License as published by the Free Software Foundation; either
+-   version 2.1 of the License, or (at your option) any later version.
+-
+-   The GNU C Library is distributed in the hope that it will be useful,
+-   but WITHOUT ANY WARRANTY; without even the implied warranty of
+-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+-   Lesser General Public License for more details.
+-
+-   You should have received a copy of the GNU Lesser General Public
+-   License along with the GNU C Library; if not, see
+-   <https://www.gnu.org/licenses/>.  */
+-
+-#define __WORDSIZE			32
+-#define __WORDSIZE_TIME64_COMPAT32	1
+-#define __WORDSIZE32_SIZE_ULONG		0
+-#define __WORDSIZE32_PTRDIFF_LONG	0
 diff --git a/sysdeps/arm/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h
 new file mode 120000
 index 0000000000..4c4a788ec2
--- a/meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch
+++ b/meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch
@@ -1,62 +0,0 @@
-From 73c26018ed0ecd9c807bb363cc2c2ab4aca66a82 Mon Sep 17 00:00:00 2001
-From: Szabolcs Nagy <szabolcs.nagy@arm.com>
-Date: Wed, 13 Mar 2024 14:34:14 +0000
-Subject: [PATCH] aarch64: fix check for SVE support in assembler
-
-Due to GCC bug 110901 -mcpu can override -march setting when compiling
-asm code and thus a compiler targetting a specific cpu can fail the
-configure check even when binutils gas supports SVE.
-
-The workaround is that explicit .arch directive overrides both -mcpu
-and -march, and since that's what the actual SVE memcpy uses the
-configure check should use that too even if the GCC issue is fixed
-independently.
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=73c26018ed0ecd9c807bb363cc2c2ab4aca66a82]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Reviewed-by: Florian Weimer <fweimer@redhat.com>
---
- sysdeps/aarch64/configure    | 5 +++--
- sysdeps/aarch64/configure.ac | 5 +++--
- 2 files changed, 6 insertions(+), 4 deletions(-)
- mode change 100644 => 100755 sysdeps/aarch64/configure
-
-diff --git a/sysdeps/aarch64/configure b/sysdeps/aarch64/configure
-old mode 100644
-new mode 100755
-index ca57edce47..9606137e8d
--- a/sysdeps/aarch64/configure
-+++ b/sysdeps/aarch64/configure
-@@ -325,9 +325,10 @@ then :
-   printf %s "(cached) " >&6
- else $as_nop
-   cat > conftest.s <<\EOF
-        ptrue p0.b
-+	.arch armv8.2-a+sve
-+	ptrue p0.b
- EOF
-if { ac_try='${CC-cc} -c -march=armv8.2-a+sve conftest.s 1>&5'
-+if { ac_try='${CC-cc} -c conftest.s 1>&5'
-   { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-diff --git a/sysdeps/aarch64/configure.ac b/sysdeps/aarch64/configure.ac
-index 27874eceb4..56d12d661d 100644
--- a/sysdeps/aarch64/configure.ac
-+++ b/sysdeps/aarch64/configure.ac
-@@ -90,9 +90,10 @@ LIBC_CONFIG_VAR([aarch64-variant-pcs], [$libc_cv_aarch64_variant_pcs])
- # Check if asm support armv8.2-a+sve
- AC_CACHE_CHECK([for SVE support in assembler], [libc_cv_aarch64_sve_asm], [dnl
- cat > conftest.s <<\EOF
-        ptrue p0.b
-+	.arch armv8.2-a+sve
-+	ptrue p0.b
- EOF
-if AC_TRY_COMMAND(${CC-cc} -c -march=armv8.2-a+sve conftest.s 1>&AS_MESSAGE_LOG_FD); then
-+if AC_TRY_COMMAND(${CC-cc} -c conftest.s 1>&AS_MESSAGE_LOG_FD); then
-   libc_cv_aarch64_sve_asm=yes
- else
-   libc_cv_aarch64_sve_asm=no
-- 
-2.44.0
-
--- a/meta/recipes-core/glibc/glibc/0023-qemu-stale-process.patch
+++ b/meta/recipes-core/glibc/glibc/0023-qemu-stale-process.patch
--- a/meta/recipes-core/glibc/glibc_2.39.bb
+++ b/meta/recipes-core/glibc/glibc_2.39.bb
@@ -16,6 +16,10 @@ CVE_STATUS[CVE-2019-1010025] = "disputed: \
 Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow \
 easier access for another. 'ASLR bypass itself is not a vulnerability.'"

+CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS"
+CVE_STATUS_STABLE_BACKPORTS = "CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602"
+CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in used git hash"
+
 DEPENDS += "gperf-native bison-native"

 NATIVESDKFIXES ?= ""
@@ -48,8 +52,7 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
           file://0020-tzselect.ksh-Use-bin-sh-default-shell-interpreter.patch \
           file://0021-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \
           file://0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch \
-           file://0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch \
-           file://0024-qemu-stale-process.patch \
+           file://0023-qemu-stale-process.patch \
 "
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build-${TARGET_SYS}"
--- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -26,8 +26,8 @@ inherit core-image setuptools3 features_check

 REQUIRED_DISTRO_FEATURES += "xattr"

-SRCREV ?= "17723c6e34096a53fb186cc70cfc604bb30da8b9"
-SRC_URI = "git://git.yoctoproject.org/poky;branch=master \
+SRCREV ?= "5d657e0f472ce481ab62bc9ebf3d2b81c04cf3f3"
+SRC_URI = "git://git.yoctoproject.org/poky;branch=scarthgap \
           file://Yocto_Build_Appliance.vmx \
           file://Yocto_Build_Appliance.vmxf \
           file://README_VirtualBox_Guest_Additions.txt \
--- a/meta/recipes-core/libcgroup/libcgroup/0001-include-Makefile-install-systemd.h-by-default.patch
+++ b/meta/recipes-core/libcgroup/libcgroup/0001-include-Makefile-install-systemd.h-by-default.patch
@@ -0,0 +1,37 @@
+From 592dcdcf243576bd2517d3da9bc18990de08e37e Mon Sep 17 00:00:00 2001
+From: Kamalesh Babulal <kamalesh.babulal@oracle.com>
+Date: Mon, 27 Nov 2023 20:07:33 +0530
+Subject: [PATCH 1/1] include/Makefile: install systemd.h by default
+
+Install systemd.h header file by default, as we have stub and defined
+versions of the systemd functions for both non-systemd and systemd
+enabled configurations.  This will help packagers to ship package
+without systemd support (--enable-systemd=no).
+
+Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
+Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
+
+Upstream-Status: Backport [https://github.com/libcgroup/libcgroup/commit/592dcdcf243576bd2517d3da9bc18990de08e37e]
+
+Signed-off-by: Adriaan Schmidt <adriaan.schmidt@siemens.com>
+---
+ include/Makefile.am | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/include/Makefile.am b/include/Makefile.am
+index 23cebaac..4cb05529 100644
+--- a/include/Makefile.am
+++ b/include/Makefile.am
+@@ -2,8 +2,4 @@
+ nobase_include_HEADERS = libcgroup.h libcgroup/error.h libcgroup/init.h \
+ 			 libcgroup/groups.h libcgroup/tasks.h \
+ 			 libcgroup/iterators.h libcgroup/config.h \
+-			 libcgroup/log.h libcgroup/tools.h
+-
+-if WITH_SYSTEMD
+-nobase_include_HEADERS += libcgroup/systemd.h
+-endif
+			 libcgroup/log.h libcgroup/tools.h libcgroup/systemd.h
+-- 
+2.39.2
+
--- a/meta/recipes-core/libcgroup/libcgroup_3.1.0.bb
+++ b/meta/recipes-core/libcgroup/libcgroup_3.1.0.bb
@@ -13,6 +13,7 @@ DEPENDS = "bison-native flex-native"
 DEPENDS:append:libc-musl = " fts"

 SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \
+           file://0001-include-Makefile-install-systemd.h-by-default.patch \
 "
 UPSTREAM_CHECK_URI = "https://github.com/libcgroup/libcgroup/tags"

--- a/meta/recipes-core/libxml/libxml2_2.12.6.bb
+++ b/meta/recipes-core/libxml/libxml2_2.12.6.bb
@@ -20,7 +20,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt
           file://install-tests.patch \
           "

-SRC_URI[archive.sha256sum] = "a972796696afd38073e0f59c283c3a2f5a560b5268b4babc391b286166526b21"
+SRC_URI[archive.sha256sum] = "889c593a881a3db5fdd96cc9318c87df34eb648edfc458272ad46fd607353fbb"
 SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273"

 # Disputed as a security issue, but fixed in d39f780
--- a/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/meta/recipes-core/meta/buildtools-tarball.bb
@@ -11,6 +11,7 @@ TOOLCHAIN_HOST_TASK ?= "\
    nativesdk-python3-git \
    nativesdk-python3-jinja2 \
    nativesdk-python3-testtools \
+    nativesdk-python3-pip \
    nativesdk-python3-setuptools \
    nativesdk-python3-subunit \
    nativesdk-python3-pyyaml \
--- a/meta/recipes-core/ncurses/files/CVE-2023-45918.patch
+++ b/meta/recipes-core/ncurses/files/CVE-2023-45918.patch
@@ -0,0 +1,180 @@
+From bcf02d3242f1c7d57224a95f7903fcf4b5e7695d Mon Sep 17 00:00:00 2001
+From: Thomas E. Dickey <dickey@invisible-island.net>
+Date: Fri, 16 Jun 2023 02:54:29 +0530
+Subject: [PATCH] Fix CVE-2023-45918
+
+CVE: CVE-2023-45918
+
+Upstream-Status: Backport [https://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=bcf02d3242f1c7d57224a95f7903fcf4b5e7695d]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ ncurses/tinfo/comp_error.c | 15 ++++++---
+ ncurses/tinfo/read_entry.c | 65 ++++++++++++++++++++++++++------------
+ 2 files changed, 56 insertions(+), 24 deletions(-)
+
+diff --git a/ncurses/tinfo/comp_error.c b/ncurses/tinfo/comp_error.c
+index 48f48784..ee518e28 100644
+--- a/ncurses/tinfo/comp_error.c
+++ b/ncurses/tinfo/comp_error.c
+@@ -60,8 +60,15 @@ _nc_get_source(void)
+ NCURSES_EXPORT(void)
+ _nc_set_source(const char *const name)
+ {
+-    FreeIfNeeded(SourceName);
+-    SourceName = strdup(name);
+    if (name == NULL) {
+	free(SourceName);
+	SourceName = NULL;
+    } else if (SourceName == NULL) {
+	SourceName = strdup(name);
+    } else if (strcmp(name, SourceName)) {
+	free(SourceName);
+	SourceName = strdup(name);
+    }
+ }
+
+ NCURSES_EXPORT(void)
+@@ -95,9 +102,9 @@ static NCURSES_INLINE void
+ where_is_problem(void)
+ {
+     fprintf(stderr, "\"%s\"", SourceName ? SourceName : "?");
+-    if (_nc_curr_line >= 0)
+    if (_nc_curr_line > 0)
+	fprintf(stderr, ", line %d", _nc_curr_line);
+-    if (_nc_curr_col >= 0)
+    if (_nc_curr_col > 0)
+	fprintf(stderr, ", col %d", _nc_curr_col);
+     if (TermType != 0 && TermType[0] != '\0')
+	fprintf(stderr, ", terminal '%s'", TermType);
+diff --git a/ncurses/tinfo/read_entry.c b/ncurses/tinfo/read_entry.c
+index 341337d2..b0c3ad26 100644
+--- a/ncurses/tinfo/read_entry.c
+++ b/ncurses/tinfo/read_entry.c
+@@ -138,12 +138,13 @@ convert_16bits(char *buf, NCURSES_INT2 *Numbers, int count)
+ }
+ #endif
+
+-static void
+-convert_strings(char *buf, char **Strings, int count, int size, char *table)
+static bool
+convert_strings(char *buf, char **Strings, int count, int size,
+		char *table, bool always)
+ {
+     int i;
+     char *p;
+-    bool corrupt = FALSE;
+    bool success = TRUE;
+
+     for (i = 0; i < count; i++) {
+	if (IS_NEG1(buf + 2 * i)) {
+@@ -159,13 +160,10 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table)
+		TR(TRACE_DATABASE, ("Strings[%d] = %s", i,
+				    _nc_visbuf(Strings[i])));
+	    } else {
+-		if (!corrupt) {
+-		    corrupt = TRUE;
+-		    TR(TRACE_DATABASE,
+-		       ("ignore out-of-range index %d to Strings[]", nn));
+-		    _nc_warning("corrupt data found in convert_strings");
+-		}
+-		Strings[i] = ABSENT_STRING;
+		TR(TRACE_DATABASE,
+		   ("found out-of-range index %d to Strings[%d]", nn, i));
+		success = FALSE;
+		break;
+	    }
+	}
+
+@@ -175,10 +173,25 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table)
+		if (*p == '\0')
+		    break;
+	    /* if there is no NUL, ignore the string */
+-	    if (p >= table + size)
+	    if (p >= table + size) {
+		Strings[i] = ABSENT_STRING;
+	    } else if (p == Strings[i] && always) {
+		TR(TRACE_DATABASE,
+		   ("found empty but required Strings[%d]", i));
+		success = FALSE;
+		break;
+	    }
+	} else if (always) {	/* names are always needed */
+	    TR(TRACE_DATABASE,
+	       ("found invalid but required Strings[%d]", i));
+	    success = FALSE;
+	    break;
+	}
+     }
+    if (!success) {
+	_nc_warning("corrupt data found in convert_strings");
+    }
+    return success;
+ }
+
+ static int
+@@ -382,7 +395,10 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit)
+	if (Read(string_table, (unsigned) str_size) != str_size) {
+	    returnDB(TGETENT_NO);
+	}
+-	convert_strings(buf, ptr->Strings, str_count, str_size, string_table);
+	if (!convert_strings(buf, ptr->Strings, str_count, str_size,
+			     string_table, FALSE)) {
+	    returnDB(TGETENT_NO);
+	}
+     }
+ #if NCURSES_XNAMES
+
+@@ -483,8 +499,10 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit)
+	       ("Before computing extended-string capabilities "
+		"str_count=%d, ext_str_count=%d",
+		str_count, ext_str_count));
+-	    convert_strings(buf, ptr->Strings + str_count, ext_str_count,
+-			    ext_str_limit, ptr->ext_str_table);
+	    if (!convert_strings(buf, ptr->Strings + str_count, ext_str_count,
+				 ext_str_limit, ptr->ext_str_table, FALSE)) {
+		returnDB(TGETENT_NO);
+	    }
+	    for (i = ext_str_count - 1; i >= 0; i--) {
+		TR(TRACE_DATABASE, ("MOVE from [%d:%d] %s",
+				    i, i + str_count,
+@@ -516,10 +534,13 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit)
+	    TR(TRACE_DATABASE,
+	       ("ext_NAMES starting @%d in extended_strings, first = %s",
+		base, _nc_visbuf(ptr->ext_str_table + base)));
+-	    convert_strings(buf + (2 * ext_str_count),
+-			    ptr->ext_Names,
+-			    (int) need,
+-			    ext_str_limit, ptr->ext_str_table + base);
+	    if (!convert_strings(buf + (2 * ext_str_count),
+				 ptr->ext_Names,
+				 (int) need,
+				 ext_str_limit, ptr->ext_str_table + base,
+				 TRUE)) {
+		returnDB(TGETENT_NO);
+	    }
+	}
+
+	TR(TRACE_DATABASE,
+@@ -572,13 +593,17 @@ _nc_read_file_entry(const char *const filename, TERMTYPE2 *ptr)
+	int limit;
+	char buffer[MAX_ENTRY_SIZE + 1];
+
+-	if ((limit = (int) fread(buffer, sizeof(char), sizeof(buffer), fp))
+-	    > 0) {
+	limit = (int) fread(buffer, sizeof(char), sizeof(buffer), fp);
+	if (limit > 0) {
+	    const char *old_source = _nc_get_source();
+
+	    TR(TRACE_DATABASE, ("read terminfo %s", filename));
+	    if (old_source == NULL)
+		_nc_set_source(filename);
+	    if ((code = _nc_read_termtype(ptr, buffer, limit)) == TGETENT_NO) {
+		_nc_free_termtype2(ptr);
+	    }
+	    _nc_set_source(old_source);
+	} else {
+	    code = TGETENT_NO;
+	}
+--
+2.40.0
--- a/meta/recipes-core/ncurses/files/CVE-2023-50495.patch
+++ b/meta/recipes-core/ncurses/files/CVE-2023-50495.patch
@@ -0,0 +1,301 @@
+From 7daae3f2139a678fe0ae0b42fcf8d807cbff485c Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Sun, 4 Feb 2024 13:42:38 +0800
+Subject: [PATCH] parse_entry.c: check return value of _nc_save_str
+
+* check return value of _nc_save_str(), in special case for tic where
+extended capabilities are processed but the terminal description was
+not initialized (report by Ziqiao Kong).
+
+* regenerate llib-* files.
+
+CVE: CVE-2023-50495
+
+Upstream-Status: Backport [http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=7723dd6799ab10b32047ec73b14df9f107bafe99]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ ncurses/llib-lncurses       | 15 +++++++++++++++
+ ncurses/llib-lncursest      | 15 +++++++++++++++
+ ncurses/llib-lncursestw     | 15 +++++++++++++++
+ ncurses/llib-lncursesw      | 15 +++++++++++++++
+ ncurses/llib-ltinfo         | 15 +++++++++++++++
+ ncurses/llib-ltinfot        | 15 +++++++++++++++
+ ncurses/llib-ltinfotw       | 15 +++++++++++++++
+ ncurses/llib-ltinfow        | 15 +++++++++++++++
+ ncurses/tinfo/parse_entry.c | 23 ++++++++++++++++-------
+ 9 files changed, 136 insertions(+), 7 deletions(-)
+
+diff --git a/ncurses/llib-lncurses b/ncurses/llib-lncurses
+index 211cf3b7..e4190aa2 100644
+--- a/ncurses/llib-lncurses
+++ b/ncurses/llib-lncurses
+@@ -3656,6 +3656,21 @@ char	*tiparm(
+ 		...)
+ 		{ return(*(char **)0); }
+ 
+#undef tiparm_s
+char	*tiparm_s(
+		int	num_expected,
+		int	tparm_type,
+		const char *string,
+		...)
+		{ return(*(char **)0); }
+
+#undef tiscan_s
+int	tiscan_s(
+		int	*num_expected,
+		int	*tparm_type,
+		const char *string)
+		{ return(*(int *)0); }
+
+ #undef _nc_tiparm
+ char	*_nc_tiparm(
+ 		int	expected,
+diff --git a/ncurses/llib-lncursest b/ncurses/llib-lncursest
+index 1b09d676..e07abba6 100644
+--- a/ncurses/llib-lncursest
+++ b/ncurses/llib-lncursest
+@@ -3741,6 +3741,21 @@ char	*tiparm(
+ 		...)
+ 		{ return(*(char **)0); }
+ 
+#undef tiparm_s
+char	*tiparm_s(
+		int	num_expected,
+		int	tparm_type,
+		const char *string,
+		...)
+		{ return(*(char **)0); }
+
+#undef tiscan_s
+int	tiscan_s(
+		int	*num_expected,
+		int	*tparm_type,
+		const char *string)
+		{ return(*(int *)0); }
+
+ #undef _nc_tiparm
+ char	*_nc_tiparm(
+ 		int	expected,
+diff --git a/ncurses/llib-lncursestw b/ncurses/llib-lncursestw
+index 4576e0fc..747c6be8 100644
+--- a/ncurses/llib-lncursestw
+++ b/ncurses/llib-lncursestw
+@@ -4702,6 +4702,21 @@ char	*tiparm(
+ 		...)
+ 		{ return(*(char **)0); }
+ 
+#undef tiparm_s
+char	*tiparm_s(
+		int	num_expected,
+		int	tparm_type,
+		const char *string,
+		...)
+		{ return(*(char **)0); }
+
+#undef tiscan_s
+int	tiscan_s(
+		int	*num_expected,
+		int	*tparm_type,
+		const char *string)
+		{ return(*(int *)0); }
+
+ #undef _nc_tiparm
+ char	*_nc_tiparm(
+ 		int	expected,
+diff --git a/ncurses/llib-lncursesw b/ncurses/llib-lncursesw
+index 127350d2..862305d9 100644
+--- a/ncurses/llib-lncursesw
+++ b/ncurses/llib-lncursesw
+@@ -4617,6 +4617,21 @@ char	*tiparm(
+ 		...)
+ 		{ return(*(char **)0); }
+ 
+#undef tiparm_s
+char	*tiparm_s(
+		int	num_expected,
+		int	tparm_type,
+		const char *string,
+		...)
+		{ return(*(char **)0); }
+
+#undef tiscan_s
+int	tiscan_s(
+		int	*num_expected,
+		int	*tparm_type,
+		const char *string)
+		{ return(*(int *)0); }
+
+ #undef _nc_tiparm
+ char	*_nc_tiparm(
+ 		int	expected,
+diff --git a/ncurses/llib-ltinfo b/ncurses/llib-ltinfo
+index a5cd7cd3..31e5e9a6 100644
+--- a/ncurses/llib-ltinfo
+++ b/ncurses/llib-ltinfo
+@@ -927,6 +927,21 @@ char	*tiparm(
+ 		...)
+ 		{ return(*(char **)0); }
+ 
+#undef tiparm_s
+char	*tiparm_s(
+		int	num_expected,
+		int	tparm_type,
+		const char *string,
+		...)
+		{ return(*(char **)0); }
+
+#undef tiscan_s
+int	tiscan_s(
+		int	*num_expected,
+		int	*tparm_type,
+		const char *string)
+		{ return(*(int *)0); }
+
+ #undef _nc_tiparm
+ char	*_nc_tiparm(
+ 		int	expected,
+diff --git a/ncurses/llib-ltinfot b/ncurses/llib-ltinfot
+index bd3de812..48e5c25a 100644
+--- a/ncurses/llib-ltinfot
+++ b/ncurses/llib-ltinfot
+@@ -1003,6 +1003,21 @@ char	*tiparm(
+ 		...)
+ 		{ return(*(char **)0); }
+ 
+#undef tiparm_s
+char	*tiparm_s(
+		int	num_expected,
+		int	tparm_type,
+		const char *string,
+		...)
+		{ return(*(char **)0); }
+
+#undef tiscan_s
+int	tiscan_s(
+		int	*num_expected,
+		int	*tparm_type,
+		const char *string)
+		{ return(*(int *)0); }
+
+ #undef _nc_tiparm
+ char	*_nc_tiparm(
+ 		int	expected,
+diff --git a/ncurses/llib-ltinfotw b/ncurses/llib-ltinfotw
+index 4d35a1e1..64dfdfa5 100644
+--- a/ncurses/llib-ltinfotw
+++ b/ncurses/llib-ltinfotw
+@@ -1025,6 +1025,21 @@ char	*tiparm(
+ 		...)
+ 		{ return(*(char **)0); }
+ 
+#undef tiparm_s
+char	*tiparm_s(
+		int	num_expected,
+		int	tparm_type,
+		const char *string,
+		...)
+		{ return(*(char **)0); }
+
+#undef tiscan_s
+int	tiscan_s(
+		int	*num_expected,
+		int	*tparm_type,
+		const char *string)
+		{ return(*(int *)0); }
+
+ #undef _nc_tiparm
+ char	*_nc_tiparm(
+ 		int	expected,
+diff --git a/ncurses/llib-ltinfow b/ncurses/llib-ltinfow
+index db846764..7e17a35f 100644
+--- a/ncurses/llib-ltinfow
+++ b/ncurses/llib-ltinfow
+@@ -949,6 +949,21 @@ char	*tiparm(
+ 		...)
+ 		{ return(*(char **)0); }
+ 
+#undef tiparm_s
+char	*tiparm_s(
+		int	num_expected,
+		int	tparm_type,
+		const char *string,
+		...)
+		{ return(*(char **)0); }
+
+#undef tiscan_s
+int	tiscan_s(
+		int	*num_expected,
+		int	*tparm_type,
+		const char *string)
+		{ return(*(int *)0); }
+
+ #undef _nc_tiparm
+ char	*_nc_tiparm(
+ 		int	expected,
+diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c
+index 14bcb67e..0a0b5637 100644
+--- a/ncurses/tinfo/parse_entry.c
+++ b/ncurses/tinfo/parse_entry.c
+@@ -110,7 +110,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
+ 	/* Well, we are given a cancel for a name that we don't recognize */
+ 	return _nc_extend_names(entryp, name, STRING);
+     default:
+-	return 0;
+	return NULL;
+     }
+ 
+     /* Adjust the 'offset' (insertion-point) to keep the lists of extended
+@@ -142,6 +142,11 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
+ 	for (last = (unsigned) (max - 1); last > tindex; last--)
+ 
+     if (!found) {
+	char *saved;
+
+	if ((saved = _nc_save_str(name)) == NULL)
+	    return NULL;
+
+ 	switch (token_type) {
+ 	case BOOLEAN:
+ 	    tp->ext_Booleans++;
+@@ -169,7 +174,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
+ 	TYPE_REALLOC(char *, actual, tp->ext_Names);
+ 	while (--actual > offset)
+ 	    tp->ext_Names[actual] = tp->ext_Names[actual - 1];
+-	tp->ext_Names[offset] = _nc_save_str(name);
+	tp->ext_Names[offset] = saved;
+     }
+ 
+     temp.nte_name = tp->ext_Names[offset];
+@@ -364,6 +369,8 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
+ 	bool is_use = (strcmp(_nc_curr_token.tk_name, "use") == 0);
+ 	bool is_tc = !is_use && (strcmp(_nc_curr_token.tk_name, "tc") == 0);
+ 	if (is_use || is_tc) {
+	    char *saved;
+
+ 	    if (!VALID_STRING(_nc_curr_token.tk_valstring)
+ 		|| _nc_curr_token.tk_valstring[0] == '\0') {
+ 		_nc_warning("missing name for use-clause");
+@@ -377,11 +384,13 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
+ 			    _nc_curr_token.tk_valstring);
+ 		continue;
+ 	    }
+-	    entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring);
+-	    entryp->uses[entryp->nuses].line = _nc_curr_line;
+-	    entryp->nuses++;
+-	    if (entryp->nuses > 1 && is_tc) {
+-		BAD_TC_USAGE
+	    if ((saved = _nc_save_str(_nc_curr_token.tk_valstring)) != NULL) {
+			entryp->uses[entryp->nuses].name = saved;
+			entryp->uses[entryp->nuses].line = _nc_curr_line;
+			entryp->nuses++;
+			if (entryp->nuses > 1 && is_tc) {
+			    BAD_TC_USAGE
+		    }
+ 	    }
+ 	} else {
+ 	    /* normal token lookup */
+-- 
+2.25.1
+
--- a/meta/recipes-core/ncurses/ncurses_6.4.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.4.bb
@@ -6,6 +6,8 @@ SRC_URI += "file://0001-tic-hang.patch \
           file://exit_prototype.patch \
           file://0001-Fix-CVE-2023-29491.patch \
           file://0001-Updating-reset-code-ncurses-6.4-patch-20231104.patch \
+           file://CVE-2023-50495.patch \
+           file://CVE-2023-45918.patch \
           "
 # commit id corresponds to the revision in package version
 SRCREV = "79b9071f2be20a24c7be031655a5638f6032f29f"
--- a/meta/recipes-core/newlib/libgloss_git.bb
+++ b/meta/recipes-core/newlib/libgloss_git.bb
@@ -6,7 +6,6 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/libgloss:"

 SRC_URI:append = " file://libgloss-build-without-nostdinc.patch"
 SRC_URI:append:powerpc = " file://fix-rs6000-crt0.patch"
-SRC_URI:append:powerpc = " file://fix-rs6000-cflags.patch"

 do_configure() {
 	${S}/libgloss/configure ${EXTRA_OECONF}
--- a/meta/recipes-core/systemd/systemd_255.4.bb
+++ b/meta/recipes-core/systemd/systemd_255.4.bb
@@ -271,14 +271,16 @@ WATCHDOG_TIMEOUT ??= "60"

 do_install() {
 	meson_do_install
-	# Change the root user's home directory in /lib/sysusers.d/basic.conf.
-	# This is done merely for backward compatibility with previous systemd recipes.
-	# systemd hardcodes root user's HOME to be "/root". Changing to use other values
-	# may have unexpected runtime behaviors.
-	if [ "${ROOT_HOME}" != "/root" ]; then
-		bbwarn "Using ${ROOT_HOME} as root user's home directory is not fully supported by systemd"
-		sed -i -e 's#/root#${ROOT_HOME}#g' ${D}${exec_prefix}/lib/sysusers.d/basic.conf
-	fi
+	if ${@bb.utils.contains('PACKAGECONFIG', 'sysusers', 'true', 'false', d)}; then
+            # Change the root user's home directory in /lib/sysusers.d/basic.conf.
+            # This is done merely for backward compatibility with previous systemd recipes.
+            # systemd hardcodes root user's HOME to be "/root". Changing to use other values
+            # may have unexpected runtime behaviors.
+            if [ "${ROOT_HOME}" != "/root" ]; then
+                    bbwarn "Using ${ROOT_HOME} as root user's home directory is not fully supported by systemd"
+                    sed -i -e 's#/root#${ROOT_HOME}#g' ${D}${exec_prefix}/lib/sysusers.d/basic.conf
+            fi
+        fi
 	install -d ${D}/${base_sbindir}
 	if ${@bb.utils.contains('PACKAGECONFIG', 'serial-getty-generator', 'false', 'true', d)}; then
 		# Provided by a separate recipe
--- a/meta/recipes-core/ttyrun/ttyrun_2.31.0.bb
+++ b/meta/recipes-core/ttyrun/ttyrun_2.31.0.bb
@@ -9,6 +9,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f5118f167b055bfd7c3450803f1847af"
 SRC_URI = "git://github.com/ibm-s390-linux/s390-tools;protocol=https;branch=master"
 SRCREV = "6f15ed326491a17d83ca60cd2bda47fb5e8a0175"

+CVE_PRODUCT = "s390-tools"
+
 S = "${WORKDIR}/git"

 EXTRA_OEMAKE = "\
--- a/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb
+++ b/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://update-rc.d;beginline=5;endline=15;md5=d40a07c27f5354

 SRC_URI = "git://git.yoctoproject.org/update-rc.d;branch=master;protocol=https"
 SRCREV = "b8f950105010270a768aa12245d6abf166346015"
+PV .= "+git"

 UPSTREAM_CHECK_COMMITS = "1"

--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -40,6 +40,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
           file://avoid_parallel_tests.patch \
           file://0001-login-utils-include-libgen.h-for-basename-API.patch \
           file://fcntl-lock.c \
+           file://CVE-2024-28085-0001.patch \
+           file://CVE-2024-28085-0002.patch \
           "

 SRC_URI[sha256sum] = "7b6605e48d1a49f43cc4b4cfc59f313d0dd5402fa40b96810bd572e167dfed0f"
--- a/meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0001.patch
+++ b/meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0001.patch
@@ -0,0 +1,36 @@
+From 07f0f0f5bd1e5e2268257ae1ff6d76a9b6c6ea8b Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Wed, 17 Jan 2024 12:37:08 +0100
+Subject: [PATCH] wall: fix calloc cal [-Werror=calloc-transposed-args]
+
+term-utils/wall.c:143:37: error: xcalloc sizes specified with sizeof in the earlier argument and not in the later argument [-Werror=calloc-transposed-args]
+  143 |         buf->groups = xcalloc(sizeof(*buf->groups), buf->ngroups);
+      |                                     ^
+term-utils/wall.c:143:37: note: earlier argument should specify number of elements, later size of each element
+
+Signed-off-by: Karel Zak <kzak@redhat.com>
+
+CVE: CVE-2024-28085
+
+Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/07f0f0f5bd1e5e2268257ae1ff6d76a9b6c6ea8b]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ term-utils/wall.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/term-utils/wall.c b/term-utils/wall.c
+index 377db45..85c006a 100644
+--- a/term-utils/wall.c
+++ b/term-utils/wall.c
+@@ -135,7 +135,7 @@ static struct group_workspace *init_group_workspace(const char *group)
+
+	buf->requested_group = get_group_gid(group);
+	buf->ngroups = sysconf(_SC_NGROUPS_MAX) + 1;  /* room for the primary gid */
+-	buf->groups = xcalloc(sizeof(*buf->groups), buf->ngroups);
+	buf->groups = xcalloc(buf->ngroups, sizeof(*buf->groups));
+
+	return buf;
+ }
+--
+2.40.0
--- a/meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0002.patch
+++ b/meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0002.patch
@@ -0,0 +1,34 @@
+From 404b0781f52f7c045ca811b2dceec526408ac253 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 21 Mar 2024 11:16:20 +0100
+Subject: [PATCH] wall: fix escape sequence Injection [CVE-2024-28085]
+
+Let's use for all cases the same output function.
+
+Reported-by: Skyler Ferrante <sjf5462@rit.edu>
+Signed-off-by: Karel Zak <kzak@redhat.com>
+
+CVE: CVE-2024-28085
+
+Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ term-utils/wall.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/term-utils/wall.c b/term-utils/wall.c
+index 85c006a..0212c03 100644
+--- a/term-utils/wall.c
+++ b/term-utils/wall.c
+@@ -328,7 +328,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
+		int i;
+
+		for (i = 0; i < mvecsz; i++) {
+-			fputs(mvec[i], fs);
+			fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH);
+			if (i < mvecsz - 1)
+				fputc(' ', fs);
+		}
+--
+2.40.0
--- a/meta/recipes-devtools/binutils/binutils-2.42.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.42.inc
@@ -36,5 +36,6 @@ SRC_URI = "\
     file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
     file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
     file://0015-gprofng-change-use-of-bignum-to-bigint.patch \
+     file://0016-aarch64-Remove-asserts-from-operand-qualifier-decode.patch \
 "
 S  = "${WORKDIR}/git"
--- a/meta/recipes-devtools/binutils/binutils/0016-aarch64-Remove-asserts-from-operand-qualifier-decode.patch
+++ b/meta/recipes-devtools/binutils/binutils/0016-aarch64-Remove-asserts-from-operand-qualifier-decode.patch
@@ -0,0 +1,382 @@
+From 5b1c70bfe0d8f84dc28237d6150b7b9d57c791a8 Mon Sep 17 00:00:00 2001
+From: Victor Do Nascimento <victor.donascimento@arm.com>
+Date: Tue, 16 Apr 2024 11:49:15 +0100
+Subject: [PATCH] aarch64: Remove asserts from operand qualifier decoders
+ [PR31595]
+
+Given that the disassembler should never abort when decoding
+(potentially random) data, assertion statements in the
+`get_*reg_qualifier_from_value' function family prove problematic.
+
+Consider the random 32-bit word W, encoded in a data segment and
+encountered on execution of `objdump -D <obj_name>'.
+
+If:
+
+  (W & ~opcode_mask) == valid instruction
+
+Then before `print_insn_aarch64_word' has a chance to report the
+instruction as potentially undefined, an attempt will be made to have
+the qualifiers for the instruction's register operands (if any)
+decoded.  If the relevant bits do not map onto a valid qualifier for
+the matched instruction-like word, an abort will be triggered and the
+execution of objdump aborted.
+
+As this scenario is perfectly feasible and, in light of the fact that
+objdump must successfully decode all sections of a given object file,
+it is not appropriate to assert in this family of functions.
+
+Therefore, we add a new pseudo-qualifier `AARCH64_OPND_QLF_ERR' for
+handling invalid qualifier-associated values and re-purpose the
+assertion conditions in qualifier-retrieving functions to be the
+predicate guarding the returning of the calculated qualifier type.
+If the predicate fails, we return this new qualifier and allow the
+caller to handle the error as appropriate.
+
+As these functions are called either from within
+`aarch64_extract_operand' or `do_special_decoding', both of which are
+expected to return non-zero values, it suffices that callers return
+zero upon encountering `AARCH64_OPND_QLF_ERR'.
+
+Ar present the error presented in the hypothetical scenario has been
+encountered in `get_sreg_qualifier_from_value', but the change is made
+to the whole family to keep the interface consistent.
+
+Bug: https://sourceware.org/PR31595
+
+Upstream-Status: Backport [commit 2601b201e95ea0edab89342ee7137c74e88a8a79]
+
+Signed-off-by: Mark Hatle <mark.hatle@amd.com>
+---
+ .../testsuite/binutils-all/aarch64/illegal.d  |  1 +
+ .../testsuite/binutils-all/aarch64/illegal.s  |  3 +
+ include/opcode/aarch64.h                      |  3 +
+ opcodes/aarch64-dis.c                         | 98 +++++++++++++++----
+ 4 files changed, 87 insertions(+), 18 deletions(-)
+
+diff --git a/binutils/testsuite/binutils-all/aarch64/illegal.d b/binutils/testsuite/binutils-all/aarch64/illegal.d
+index 4b90a1d9f39..b69318aec85 100644
+--- a/binutils/testsuite/binutils-all/aarch64/illegal.d
+++ b/binutils/testsuite/binutils-all/aarch64/illegal.d
+@@ -8,5 +8,6 @@ Disassembly of section \.text:
+ 
+ 0+000 <.*>:
+ [ 	]+0:[ 	]+68ea18cc[ 	]+.inst[ 	]+0x68ea18cc ; undefined
+[ 	]+4:[ 	]+9dc39839[ 	]+.inst[ 	]+0x9dc39839 ; undefined
+ #pass
+ 
+diff --git a/binutils/testsuite/binutils-all/aarch64/illegal.s b/binutils/testsuite/binutils-all/aarch64/illegal.s
+index 216cbe6f265..43668c6db55 100644
+--- a/binutils/testsuite/binutils-all/aarch64/illegal.s
+++ b/binutils/testsuite/binutils-all/aarch64/illegal.s
+@@ -4,4 +4,7 @@
+ 	# ldpsw   x12, x6, [x6],#-8 ; illegal because one of the dest regs is also the address reg
+ 	.inst 0x68ea18cc
+ 
+	# illegal, resembles the opcode `ldapur' with invalid qualifier bits
+	.inst 0x9dc39839
+
+ 	# FIXME: Add more illegal instructions here.
+diff --git a/include/opcode/aarch64.h b/include/opcode/aarch64.h
+index 2fca9528c20..e8fe93ef127 100644
+--- a/include/opcode/aarch64.h
+++ b/include/opcode/aarch64.h
+@@ -894,6 +894,9 @@ enum aarch64_opnd_qualifier
+   /* Special qualifier helping retrieve qualifier information during the
+      decoding time (currently not in use).  */
+   AARCH64_OPND_QLF_RETRIEVE,
+
+  /* Special qualifier used for indicating error in qualifier retrieval.  */
+  AARCH64_OPND_QLF_ERR,
+ };
+ 
+ /* Instruction class.  */
+diff --git a/opcodes/aarch64-dis.c b/opcodes/aarch64-dis.c
+index 96f42ae862a..b70e6da9eb7 100644
+--- a/opcodes/aarch64-dis.c
+++ b/opcodes/aarch64-dis.c
+@@ -219,9 +219,10 @@ static inline enum aarch64_opnd_qualifier
+ get_greg_qualifier_from_value (aarch64_insn value)
+ {
+   enum aarch64_opnd_qualifier qualifier = AARCH64_OPND_QLF_W + value;
+-  assert (value <= 0x1
+-	  && aarch64_get_qualifier_standard_value (qualifier) == value);
+-  return qualifier;
+  if (value <= 0x1
+      && aarch64_get_qualifier_standard_value (qualifier) == value)
+    return qualifier;
+  return AARCH64_OPND_QLF_ERR;
+ }
+ 
+ /* Given VALUE, return qualifier for a vector register.  This does not support
+@@ -237,9 +238,10 @@ get_vreg_qualifier_from_value (aarch64_insn value)
+   if (qualifier >= AARCH64_OPND_QLF_V_2H)
+     qualifier += 1;
+ 
+-  assert (value <= 0x8
+-	  && aarch64_get_qualifier_standard_value (qualifier) == value);
+-  return qualifier;
+  if (value <= 0x8
+      && aarch64_get_qualifier_standard_value (qualifier) == value)
+    return qualifier;
+  return AARCH64_OPND_QLF_ERR;
+ }
+ 
+ /* Given VALUE, return qualifier for an FP or AdvSIMD scalar register.  */
+@@ -248,9 +250,10 @@ get_sreg_qualifier_from_value (aarch64_insn value)
+ {
+   enum aarch64_opnd_qualifier qualifier = AARCH64_OPND_QLF_S_B + value;
+ 
+-  assert (value <= 0x4
+-	  && aarch64_get_qualifier_standard_value (qualifier) == value);
+-  return qualifier;
+  if (value <= 0x4
+      && aarch64_get_qualifier_standard_value (qualifier) == value)
+    return qualifier;
+  return AARCH64_OPND_QLF_ERR;
+ }
+ 
+ /* Given the instruction in *INST which is probably half way through the
+@@ -263,13 +266,17 @@ get_expected_qualifier (const aarch64_inst *inst, int i)
+ {
+   aarch64_opnd_qualifier_seq_t qualifiers;
+   /* Should not be called if the qualifier is known.  */
+-  assert (inst->operands[i].qualifier == AARCH64_OPND_QLF_NIL);
+-  int invalid_count;
+-  if (aarch64_find_best_match (inst, inst->opcode->qualifiers_list,
+-			       i, qualifiers, &invalid_count))
+-    return qualifiers[i];
+  if (inst->operands[i].qualifier == AARCH64_OPND_QLF_NIL)
+    {
+      int invalid_count;
+      if (aarch64_find_best_match (inst, inst->opcode->qualifiers_list,
+				   i, qualifiers, &invalid_count))
+	return qualifiers[i];
+      else
+	return AARCH64_OPND_QLF_NIL;
+    }
+   else
+-    return AARCH64_OPND_QLF_NIL;
+    return AARCH64_OPND_QLF_ERR;
+ }
+ 
+ /* Operand extractors.  */
+@@ -355,6 +362,8 @@ aarch64_ext_reglane (const aarch64_operand *self, aarch64_opnd_info *info,
+ 	  aarch64_insn value = extract_field (FLD_imm4_11, code, 0);
+ 	  /* Depend on AARCH64_OPND_Ed to determine the qualifier.  */
+ 	  info->qualifier = get_expected_qualifier (inst, info->idx);
+	  if (info->qualifier == AARCH64_OPND_QLF_ERR)
+	    return 0;
+ 	  shift = get_logsz (aarch64_get_qualifier_esize (info->qualifier));
+ 	  info->reglane.index = value >> shift;
+ 	}
+@@ -374,6 +383,8 @@ aarch64_ext_reglane (const aarch64_operand *self, aarch64_opnd_info *info,
+ 	  if (pos > 3)
+ 	    return false;
+ 	  info->qualifier = get_sreg_qualifier_from_value (pos);
+	  if (info->qualifier == AARCH64_OPND_QLF_ERR)
+	    return 0;
+ 	  info->reglane.index = (unsigned) (value >> 1);
+ 	}
+     }
+@@ -381,6 +392,8 @@ aarch64_ext_reglane (const aarch64_operand *self, aarch64_opnd_info *info,
+     {
+       /* Need information in other operand(s) to help decoding.  */
+       info->qualifier = get_expected_qualifier (inst, info->idx);
+      if (info->qualifier == AARCH64_OPND_QLF_ERR)
+	return 0;
+       switch (info->qualifier)
+ 	{
+ 	case AARCH64_OPND_QLF_S_4B:
+@@ -405,6 +418,8 @@ aarch64_ext_reglane (const aarch64_operand *self, aarch64_opnd_info *info,
+ 
+       /* Need information in other operand(s) to help decoding.  */
+       info->qualifier = get_expected_qualifier (inst, info->idx);
+      if (info->qualifier == AARCH64_OPND_QLF_ERR)
+	return 0;
+       switch (info->qualifier)
+ 	{
+ 	case AARCH64_OPND_QLF_S_H:
+@@ -644,9 +659,15 @@ aarch64_ext_advsimd_imm_shift (const aarch64_operand *self ATTRIBUTE_UNUSED,
+ 	 1xxx	1	2D  */
+       info->qualifier =
+ 	get_vreg_qualifier_from_value ((pos << 1) | (int) Q);
+      if (info->qualifier == AARCH64_OPND_QLF_ERR)
+	return false;
+     }
+   else
+-    info->qualifier = get_sreg_qualifier_from_value (pos);
+    {
+      info->qualifier = get_sreg_qualifier_from_value (pos);
+      if (info->qualifier == AARCH64_OPND_QLF_ERR)
+	return 0;
+    }
+ 
+   if (info->type == AARCH64_OPND_IMM_VLSR)
+     /* immh	<shift>
+@@ -773,6 +794,8 @@ aarch64_ext_advsimd_imm_modified (const aarch64_operand *self ATTRIBUTE_UNUSED,
+ 
+   /* cmode */
+   info->qualifier = get_expected_qualifier (inst, info->idx);
+  if (info->qualifier == AARCH64_OPND_QLF_ERR)
+    return 0;
+   switch (info->qualifier)
+     {
+     case AARCH64_OPND_QLF_NIL:
+@@ -1014,6 +1037,8 @@ aarch64_ext_ft (const aarch64_operand *self ATTRIBUTE_UNUSED,
+       if (value > 0x4)
+ 	return false;
+       info->qualifier = get_sreg_qualifier_from_value (value);
+      if (info->qualifier == AARCH64_OPND_QLF_ERR)
+	return 0;
+     }
+ 
+   return true;
+@@ -1086,6 +1111,8 @@ aarch64_ext_rcpc3_addr_offset (const aarch64_operand *self ATTRIBUTE_UNUSED,
+ 			       aarch64_operand_error *errors ATTRIBUTE_UNUSED)
+ {
+   info->qualifier = get_expected_qualifier (inst, info->idx);
+  if (info->qualifier == AARCH64_OPND_QLF_ERR)
+    return 0;
+ 
+   /* Rn */
+   info->addr.base_regno = extract_field (self->fields[0], code, 0);
+@@ -1105,6 +1132,8 @@ aarch64_ext_addr_offset (const aarch64_operand *self ATTRIBUTE_UNUSED,
+ 			 aarch64_operand_error *errors ATTRIBUTE_UNUSED)
+ {
+   info->qualifier = get_expected_qualifier (inst, info->idx);
+  if (info->qualifier == AARCH64_OPND_QLF_ERR)
+    return 0;
+ 
+   /* Rn */
+   info->addr.base_regno = extract_field (self->fields[0], code, 0);
+@@ -1154,6 +1183,8 @@ aarch64_ext_addr_regoff (const aarch64_operand *self ATTRIBUTE_UNUSED,
+       /* Need information in other operand(s) to help achieve the decoding
+ 	 from 'S' field.  */
+       info->qualifier = get_expected_qualifier (inst, info->idx);
+      if (info->qualifier == AARCH64_OPND_QLF_ERR)
+	return 0;
+       /* Get the size of the data element that is accessed, which may be
+ 	 different from that of the source register size, e.g. in strb/ldrb.  */
+       size = aarch64_get_qualifier_esize (info->qualifier);
+@@ -1172,6 +1203,8 @@ aarch64_ext_addr_simm (const aarch64_operand *self, aarch64_opnd_info *info,
+ {
+   aarch64_insn imm;
+   info->qualifier = get_expected_qualifier (inst, info->idx);
+  if (info->qualifier == AARCH64_OPND_QLF_ERR)
+    return 0;
+ 
+   /* Rn */
+   info->addr.base_regno = extract_field (FLD_Rn, code, 0);
+@@ -1210,6 +1243,8 @@ aarch64_ext_addr_uimm12 (const aarch64_operand *self, aarch64_opnd_info *info,
+ {
+   int shift;
+   info->qualifier = get_expected_qualifier (inst, info->idx);
+  if (info->qualifier == AARCH64_OPND_QLF_ERR)
+    return 0;
+   shift = get_logsz (aarch64_get_qualifier_esize (info->qualifier));
+   /* Rn */
+   info->addr.base_regno = extract_field (self->fields[0], code, 0);
+@@ -1228,6 +1263,8 @@ aarch64_ext_addr_simm10 (const aarch64_operand *self, aarch64_opnd_info *info,
+   aarch64_insn imm;
+ 
+   info->qualifier = get_expected_qualifier (inst, info->idx);
+  if (info->qualifier == AARCH64_OPND_QLF_ERR)
+    return 0;
+   /* Rn */
+   info->addr.base_regno = extract_field (self->fields[0], code, 0);
+   /* simm10 */
+@@ -2467,6 +2504,8 @@ decode_sizeq (aarch64_inst *inst)
+   if (mask == 0x7)
+     {
+       inst->operands[idx].qualifier = get_vreg_qualifier_from_value (value);
+      if (inst->operands[idx].qualifier == AARCH64_OPND_QLF_ERR)
+	return 0;
+       return 1;
+     }
+ 
+@@ -2649,6 +2688,8 @@ do_special_decoding (aarch64_inst *inst)
+       idx = select_operand_for_sf_field_coding (inst->opcode);
+       value = extract_field (FLD_sf, inst->value, 0);
+       inst->operands[idx].qualifier = get_greg_qualifier_from_value (value);
+      if (inst->operands[idx].qualifier == AARCH64_OPND_QLF_ERR)
+	return 0;
+       if ((inst->opcode->flags & F_N)
+ 	  && extract_field (FLD_N, inst->value, 0) != value)
+ 	return 0;
+@@ -2659,6 +2700,8 @@ do_special_decoding (aarch64_inst *inst)
+       idx = select_operand_for_sf_field_coding (inst->opcode);
+       value = extract_field (FLD_lse_sz, inst->value, 0);
+       inst->operands[idx].qualifier = get_greg_qualifier_from_value (value);
+      if (inst->operands[idx].qualifier == AARCH64_OPND_QLF_ERR)
+	return 0;
+     }
+   /* rcpc3 'size' field.  */
+   if (inst->opcode->flags & F_RCPC3_SIZE)
+@@ -2670,12 +2713,18 @@ do_special_decoding (aarch64_inst *inst)
+ 	{
+ 	  if (aarch64_operands[inst->operands[i].type].op_class
+ 	      == AARCH64_OPND_CLASS_INT_REG)
+-	    inst->operands[i].qualifier = get_greg_qualifier_from_value (value & 1);
+	    {
+	      inst->operands[i].qualifier = get_greg_qualifier_from_value (value & 1);
+	      if (inst->operands[i].qualifier == AARCH64_OPND_QLF_ERR)
+		return 0;
+	    }
+ 	  else if (aarch64_operands[inst->operands[i].type].op_class
+ 	      == AARCH64_OPND_CLASS_FP_REG)
+ 	    {
+ 	      value += (extract_field (FLD_opc1, inst->value, 0) << 2);
+ 	      inst->operands[i].qualifier = get_sreg_qualifier_from_value (value);
+	      if (inst->operands[i].qualifier == AARCH64_OPND_QLF_ERR)
+		return 0;
+ 	    }
+ 	}
+     }
+@@ -2709,7 +2758,11 @@ do_special_decoding (aarch64_inst *inst)
+       /* For most related instruciton, the 'size' field is fully available for
+ 	 operand encoding.  */
+       if (mask == 0x3)
+-	inst->operands[idx].qualifier = get_sreg_qualifier_from_value (value);
+	{
+	  inst->operands[idx].qualifier = get_sreg_qualifier_from_value (value);
+	  if (inst->operands[idx].qualifier == AARCH64_OPND_QLF_ERR)
+	    return 0;
+	}
+       else
+ 	{
+ 	  get_operand_possible_qualifiers (idx, inst->opcode->qualifiers_list,
+@@ -2744,6 +2797,9 @@ do_special_decoding (aarch64_inst *inst)
+       Q = (unsigned) extract_field (FLD_Q, inst->value, inst->opcode->mask);
+       inst->operands[0].qualifier =
+ 	get_vreg_qualifier_from_value ((num << 1) | Q);
+      if (inst->operands[0].qualifier == AARCH64_OPND_QLF_ERR)
+	return 0;
+
+     }
+ 
+   if ((inst->opcode->flags & F_OPD_SIZE) && inst->opcode->iclass == sve2_urqvs)
+@@ -2753,7 +2809,11 @@ do_special_decoding (aarch64_inst *inst)
+ 				       inst->opcode->mask);
+       inst->operands[0].qualifier
+ 	= get_vreg_qualifier_from_value (1 + (size << 1));
+      if (inst->operands[0].qualifier == AARCH64_OPND_QLF_ERR)
+	return 0;
+       inst->operands[2].qualifier = get_sreg_qualifier_from_value (size);
+      if (inst->operands[2].qualifier == AARCH64_OPND_QLF_ERR)
+	return 0;
+     }
+ 
+   if (inst->opcode->flags & F_GPRSIZE_IN_Q)
+@@ -2772,6 +2832,8 @@ do_special_decoding (aarch64_inst *inst)
+       assert (idx == 0 || idx == 1);
+       value = extract_field (FLD_Q, inst->value, 0);
+       inst->operands[idx].qualifier = get_greg_qualifier_from_value (value);
+      if (inst->operands[idx].qualifier == AARCH64_OPND_QLF_ERR)
+	return 0;
+     }
+ 
+   if (inst->opcode->flags & F_LDS_SIZE)
+-- 
+2.34.1
+
--- a/meta/recipes-devtools/cdrtools/cdrtools-native_3.01.bb
+++ b/meta/recipes-devtools/cdrtools/cdrtools-native_3.01.bb
@@ -13,20 +13,28 @@ DEPENDS += "gnu-config-native"
 SRC_URI = " \
 	${SOURCEFORGE_MIRROR}/project/cdrtools/cdrtools-${PV}.tar.bz2 \
 	file://0001-Don-t-set-uid-gid-during-install.patch \
-        file://riscv64-linux-gcc.rul \
+	file://riscv64-linux-gcc.rul \
+	file://gcc14-fix.patch \
 	"

 SRC_URI[md5sum] = "7d45c5b7e1f78d85d1583b361aee6e8b"
 SRC_URI[sha256sum] = "ed282eb6276c4154ce6a0b5dee0bdb81940d0cbbfc7d03f769c4735ef5f5860f"

-EXTRA_OEMAKE = "-e MAKEFLAGS="
+EXTRA_OEMAKE = "-e MAKEFLAGS= CPPOPTX='${CPPFLAGS}' COPTX='${CFLAGS}' C++OPTX='${CXXFLAGS}' LDOPTX='${LDFLAGS}' GMAKE_NOWARN='true'"

 # Stop failures when 'cc' can't be found
 export ac_cv_prog_CC = "${CC}"

 inherit native

+# Use -std=gnu89 to build with gcc-14 (https://bugs.gentoo.org/903876)
+# this needs to be after native inherit (which sets CFLAGS to BUILD_CFLAGS)
+CFLAGS += "-std=gnu89"
+
 do_configure() {
+        # cdda2wav does not build with GCC 14
+        rm -f ${S}/TARGETS/55cdda2wav
+
        install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S}/autoconf
        install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S}/autoconf
        install -m 0644 ${WORKDIR}/riscv64-linux-gcc.rul ${S}/RULES/
--- a/meta/recipes-devtools/cdrtools/cdrtools/gcc14-fix.patch
+++ b/meta/recipes-devtools/cdrtools/cdrtools/gcc14-fix.patch
@@ -0,0 +1,13 @@
+Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
+Upstream-Status: Inappropriate [native]
+--- cdrtools-3.01/autoconf/configure~	2015-07-06 23:41:27.000000000 +0200
+++ cdrtools-3.01/autoconf/configure	2024-05-01 09:37:40.897253690 +0200
+@@ -1205,7 +1205,7 @@
+ #line 1206 "configure"
+ #include "confdefs.h"
+ 
+-main(){return(0);}
+int main(){return(0);}
+ EOF
+ if { (eval echo configure:1211: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+   ac_cv_prog_cc_works=yes
--- a/meta/recipes-devtools/expect/expect/0001-Resolve-string-formatting-issues.patch
+++ b/meta/recipes-devtools/expect/expect/0001-Resolve-string-formatting-issues.patch
@@ -3,7 +3,7 @@ From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Thu, 23 Mar 2017 13:44:41 +0200
 Subject: [PATCH] Resolve string formatting issues.

-Upstream-Status: Inappropriate [upstream seems dead]
+Upstream-Status: Inactive-Upstream [no activity since 2018; cvs server went read-only]
 Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
 ---
 exp_clib.c | 4 ++--
--- a/meta/recipes-devtools/expect/expect/0001-configure.in.patch
+++ b/meta/recipes-devtools/expect/expect/0001-configure.in.patch
@@ -1,7 +1,7 @@
 Allow cross compiling.

 Signed-off-by: Anders Roxell <anders.roxell@enea.com>
-Upstream-Status: Pending
+Upstream-Status: Inactive-Upstream [no activity since 2018; cvs server went read-only]
 ---
 diff -uNr a/configure.in b/configure.in
 --- a/configure.in	2012-12-14 15:31:32.623180450 +0100
--- a/meta/recipes-devtools/expect/expect/0001-exp_main_sub.c-Use-PATH_MAX-for-path.patch
+++ b/meta/recipes-devtools/expect/expect/0001-exp_main_sub.c-Use-PATH_MAX-for-path.patch
@@ -10,7 +10,7 @@ Aborted (core dumped)

 Use PATH_MAX to fix the problem.

-Upstream-Status: Pending [Upstream seems dead]
+Upstream-Status: Inactive-Upstream [no activity since 2018; cvs server went read-only]

 Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
 ---
--- a/meta/recipes-devtools/expect/expect/0001-expect-Fix-segfaults-if-Tcl-is-built-with-stubs-and-.patch
+++ b/meta/recipes-devtools/expect/expect/0001-expect-Fix-segfaults-if-Tcl-is-built-with-stubs-and-.patch
@@ -42,7 +42,7 @@ Example:
 }
 Author: Sergei Golovan <sgolovan@debian.org>

-Upstream-Status: Pending
+Upstream-Status: Inactive-Upstream [no activity since 2018; cvs server went read-only]
 This patch is backported from fedora changes for expect:
 http://pkgs.fedoraproject.org/cgit/rpms/expect.git/commit/
 ?h=master&id=b6737eed550be93182f2ed194e836a6cbbcf4fa3
--- a/meta/recipes-devtools/expect/expect/0002-tcl.m4.patch
+++ b/meta/recipes-devtools/expect/expect/0002-tcl.m4.patch
@@ -1,7 +1,7 @@
 Use proper -L path when cross compiling.

 Signed-off-by: Anders Roxell <anders.roxell@enea.com>
-Upstream-Status: Pending
+Upstream-Status: Inactive-Upstream [no activity since 2018; cvs server went read-only]
 ---
 diff -uNr a/tclconfig/tcl.m4 b/tclconfig/tcl.m4
 --- a/tclconfig/tcl.m4	2012-12-14 09:16:58.789861281 +0100
--- a/meta/recipes-devtools/expect/expect_5.45.4.bb
+++ b/meta/recipes-devtools/expect/expect_5.45.4.bb
@@ -81,3 +81,7 @@ FILES:${PN} += "${libdir}/libexpect${PV}.so \
               "

 BBCLASSEXTEND = "native nativesdk"
+
+# http://errors.yoctoproject.org/Errors/Details/766950/
+# expect5.45.4/exp_chan.c:62:5: error: initialization of 'struct Tcl_ChannelTypeVersion_ *' from incompatible pointer type 'int (*)(void *, int)' [-Wincompatible-pointer-types]
+CFLAGS += "-Wno-error=incompatible-pointer-types"
--- a/meta/recipes-devtools/gcc/gcc-13.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-13.3.inc
@@ -2,11 +2,11 @@ require gcc-common.inc

 # Third digit in PV should be incremented after a minor release

-PV = "13.2.0"
+PV = "13.3.0"

 # BINV should be incremented to a revision after a minor gcc release

-BINV = "13.2.0"
+BINV = "13.3.0"

 FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc:${FILE_DIRNAME}/gcc/backport:"

@@ -65,11 +65,9 @@ SRC_URI = "${BASEURI} \
           file://0023-Fix-install-path-of-linux64.h.patch \
           file://0024-Avoid-hardcoded-build-paths-into-ppc-libgcc.patch \
           file://0025-gcc-testsuite-tweaks-for-mips-OE.patch \
-           file://CVE-2023-4039.patch \
-           file://0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch \
           file://0027-Fix-gcc-vect-module-testcases.patch \
 "
-SRC_URI[sha256sum] = "e275e76442a6067341a27f04c5c6b83d8613144004c0413528863dc6b5c743da"
+SRC_URI[sha256sum] = "0845e9621c9543a13f484e94584a49ffc0129970e9914624235fc1d061a0c083"

 S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/${SOURCEDIR}"
 B = "${WORKDIR}/gcc-${PV}/build.${HOST_SYS}.${TARGET_SYS}"
--- a/meta/recipes-devtools/gcc/gcc-cross-canadian_13.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-cross-canadian_13.3.bb
--- a/meta/recipes-devtools/gcc/gcc-cross_13.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-cross_13.3.bb
--- a/meta/recipes-devtools/gcc/gcc-crosssdk_13.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-crosssdk_13.3.bb
--- a/meta/recipes-devtools/gcc/gcc-runtime.inc
+++ b/meta/recipes-devtools/gcc/gcc-runtime.inc
@@ -92,7 +92,7 @@ do_install () {
 		mv ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include/* ${D}${libdir}/${TARGET_SYS}/${BINV}/include
 		rmdir --ignore-fail-on-non-empty -p ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include
 	fi
-	rm -rf ${D}${infodir}/libgomp.info ${D}${infodir}/dir
+	rm -rf ${D}${infodir}/libgomp.info* ${D}${infodir}/dir
 	rm -rf ${D}${infodir}/libitm.info ${D}${infodir}/dir
 	rm -rf ${D}${infodir}/libquadmath.info ${D}${infodir}/dir
 	if [ -d ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/finclude ]; then
--- a/meta/recipes-devtools/gcc/gcc-runtime_13.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-runtime_13.3.bb
--- a/meta/recipes-devtools/gcc/gcc-sanitizers_13.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-sanitizers_13.3.bb
--- a/meta/recipes-devtools/gcc/gcc-source_13.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-source_13.3.bb
--- a/meta/recipes-devtools/gcc/gcc/0007-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
+++ b/meta/recipes-devtools/gcc/gcc/0007-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
@@ -165,16 +165,21 @@ diff --git a/gcc/config/loongarch/gnu-user.h b/gcc/config/loongarch/gnu-user.h
 index aecaa02a199..62f88f7f9a2 100644
 --- a/gcc/config/loongarch/gnu-user.h
 +++ b/gcc/config/loongarch/gnu-user.h
-@@ -31,11 +31,11 @@ along with GCC; see the file COPYING3.  If not see
+@@ -31,16 +31,16 @@ along with GCC; see the file COPYING3.  If not see
 
 #undef GLIBC_DYNAMIC_LINKER
 #define GLIBC_DYNAMIC_LINKER \
 -  "/lib" ABI_GRLEN_SPEC "/ld-linux-loongarch-" ABI_SPEC ".so.1"
 +  SYSTEMLIBS_DIR "ld-linux-loongarch-" ABI_SPEC ".so.1"
+
+ #define MUSL_ABI_SPEC \
+   "%{mabi=lp64d:}" \
+   "%{mabi=lp64f:-sp}" \
+   "%{mabi=lp64s:-sf}"
 
 #undef MUSL_DYNAMIC_LINKER
 #define MUSL_DYNAMIC_LINKER \
-  "/lib" ABI_GRLEN_SPEC "/ld-musl-loongarch-" ABI_SPEC ".so.1"
+-  "/lib/ld-musl-loongarch" ABI_GRLEN_SPEC MUSL_ABI_SPEC ".so.1"
 +  SYSTEMLIBS_DIR "ld-musl-loongarch-" ABI_SPEC ".so.1"
 
 #undef GNU_USER_TARGET_LINK_SPEC
--- a/meta/recipes-devtools/gcc/gcc/0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch
+++ b/meta/recipes-devtools/gcc/gcc/0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch
@@ -1,117 +0,0 @@
-From adb60dc78e0da4877747f32347cee339364775be Mon Sep 17 00:00:00 2001
-From: Richard Sandiford <richard.sandiford@arm.com>
-Date: Fri, 15 Sep 2023 09:19:14 +0100
-Subject: [PATCH] aarch64: Fix loose ldpstp check [PR111411]
-
-aarch64_operands_ok_for_ldpstp contained the code:
-
-  /* One of the memory accesses must be a mempair operand.
-     If it is not the first one, they need to be swapped by the
-     peephole.  */
-  if (!aarch64_mem_pair_operand (mem_1, GET_MODE (mem_1))
-       && !aarch64_mem_pair_operand (mem_2, GET_MODE (mem_2)))
-    return false;
-
-But the requirement isn't just that one of the accesses must be a
-valid mempair operand.  It's that the lower access must be, since
-that's the access that will be used for the instruction operand.
-
-gcc/
-	PR target/111411
-	* config/aarch64/aarch64.cc (aarch64_operands_ok_for_ldpstp): Require
-	the lower memory access to a mem-pair operand.
-
-gcc/testsuite/
-	PR target/111411
-	* gcc.dg/rtl/aarch64/pr111411.c: New test.
-
-Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=2d38f45bcca62ca0c7afef4b579f82c5c2a01610]
-Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
---
- gcc/config/aarch64/aarch64.cc               |  8 ++-
- gcc/testsuite/gcc.dg/rtl/aarch64/pr111411.c | 57 +++++++++++++++++++++
- 2 files changed, 60 insertions(+), 5 deletions(-)
- create mode 100644 gcc/testsuite/gcc.dg/rtl/aarch64/pr111411.c
-
-diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
-index 6118a3354ac..9b1f791ca8b 100644
--- a/gcc/config/aarch64/aarch64.cc
-+++ b/gcc/config/aarch64/aarch64.cc
-@@ -26154,11 +26154,9 @@ aarch64_operands_ok_for_ldpstp (rtx *operands, bool load,
-   gcc_assert (known_eq (GET_MODE_SIZE (GET_MODE (mem_1)),
- 			GET_MODE_SIZE (GET_MODE (mem_2))));
- 
-  /* One of the memory accesses must be a mempair operand.
-     If it is not the first one, they need to be swapped by the
-     peephole.  */
-  if (!aarch64_mem_pair_operand (mem_1, GET_MODE (mem_1))
-       && !aarch64_mem_pair_operand (mem_2, GET_MODE (mem_2)))
-+  /* The lower memory access must be a mem-pair operand.  */
-+  rtx lower_mem = reversed ? mem_2 : mem_1;
-+  if (!aarch64_mem_pair_operand (lower_mem, GET_MODE (lower_mem)))
-     return false;
- 
-   if (REG_P (reg_1) && FP_REGNUM_P (REGNO (reg_1)))
-diff --git a/gcc/testsuite/gcc.dg/rtl/aarch64/pr111411.c b/gcc/testsuite/gcc.dg/rtl/aarch64/pr111411.c
-new file mode 100644
-index 00000000000..ad07e9c6c89
--- /dev/null
-+++ b/gcc/testsuite/gcc.dg/rtl/aarch64/pr111411.c
-@@ -0,0 +1,57 @@
-+/* { dg-do compile { target aarch64*-*-* } } */
-+/* { dg-require-effective-target lp64 } */
-+/* { dg-options "-O -fdisable-rtl-postreload -fpeephole2 -fno-schedule-fusion" } */
-+
-+extern int data[];
-+
-+void __RTL (startwith ("ira")) foo (void *ptr)
-+{
-+  (function "foo"
-+    (param "ptr"
-+      (DECL_RTL (reg/v:DI <0> [ ptr ]))
-+      (DECL_RTL_INCOMING (reg/v:DI x0 [ ptr ]))
-+    ) ;; param "ptr"
-+    (insn-chain
-+      (block 2
-+	(edge-from entry (flags "FALLTHRU"))
-+	(cnote 3 [bb 2] NOTE_INSN_BASIC_BLOCK)
-+	(insn 4 (set (reg:DI <0>) (reg:DI x0)))
-+	(insn 5 (set (reg:DI <1>)
-+		     (plus:DI (reg:DI <0>) (const_int 768))))
-+	(insn 6 (set (mem:SI (plus:DI (reg:DI <0>)
-+				      (const_int 508)) [1 &data+508 S4 A4])
-+		     (const_int 0)))
-+	(insn 7 (set (mem:SI (plus:DI (reg:DI <1>)
-+				      (const_int -256)) [1 &data+512 S4 A4])
-+		     (const_int 0)))
-+	(edge-to exit (flags "FALLTHRU"))
-+      ) ;; block 2
-+    ) ;; insn-chain
-+  ) ;; function
-+}
-+
-+void __RTL (startwith ("ira")) bar (void *ptr)
-+{
-+  (function "bar"
-+    (param "ptr"
-+      (DECL_RTL (reg/v:DI <0> [ ptr ]))
-+      (DECL_RTL_INCOMING (reg/v:DI x0 [ ptr ]))
-+    ) ;; param "ptr"
-+    (insn-chain
-+      (block 2
-+	(edge-from entry (flags "FALLTHRU"))
-+	(cnote 3 [bb 2] NOTE_INSN_BASIC_BLOCK)
-+	(insn 4 (set (reg:DI <0>) (reg:DI x0)))
-+	(insn 5 (set (reg:DI <1>)
-+		     (plus:DI (reg:DI <0>) (const_int 768))))
-+	(insn 6 (set (mem:SI (plus:DI (reg:DI <1>)
-+				      (const_int -256)) [1 &data+512 S4 A4])
-+		     (const_int 0)))
-+	(insn 7 (set (mem:SI (plus:DI (reg:DI <0>)
-+				      (const_int 508)) [1 &data+508 S4 A4])
-+		     (const_int 0)))
-+	(edge-to exit (flags "FALLTHRU"))
-+      ) ;; block 2
-+    ) ;; insn-chain
-+  ) ;; function
-+}
--- a/meta/recipes-devtools/gcc/gcc/CVE-2023-4039.patch
+++ b/meta/recipes-devtools/gcc/gcc/CVE-2023-4039.patch
--- a/meta/recipes-devtools/gcc/gcc_13.3.bb
+++ b/meta/recipes-devtools/gcc/gcc_13.3.bb
--- a/Show More
+++ b/Show More