build-appliance-image: Update to scarthgap head revision

(From OE-Core rev: a1f4ae4e569bc0e36c27c1e4651e502e54d63b28)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake/lib/bb/ui/knotty.py

@@ -131,7 +131,7 @@ class TerminalFilter(object):
     def getTerminalColumns(self):
         def ioctl_GWINSZ(fd):
             try:
-                cr = struct.unpack('hh', fcntl.ioctl(fd, self.termios.TIOCGWINSZ, '1234'))
+                cr = struct.unpack('hhhh', fcntl.ioctl(fd, self.termios.TIOCGWINSZ, b'12345678'))[0:2]
             except:
                 return None
             return cr
@@ -145,7 +145,7 @@ class TerminalFilter(object):
                 pass
         if not cr:
             try:
-                cr = (os.environ['LINES'], os.environ['COLUMNS'])
+                cr = (int(os.environ['LINES']), int(os.environ['COLUMNS']))
             except:
                 cr = (25, 80)
         return cr

documentation/Makefile

@@ -43,11 +43,11 @@ PNGs := $(foreach dir, $(IMAGEDIRS), $(patsubst %.svg,%.png,$(wildcard $(SOURCED
 
 # Pattern rule for converting SVG to PDF
 %.pdf : %.svg
-	$(SVG2PDF) --format=Pdf --output=$@ $<
+	$(SVG2PDF) --format=pdf --output=$@ $<
 
 # Pattern rule for converting SVG to PNG
 %.png : %.svg
-	$(SVG2PNG) --format=Png --output=$@ $<
+	$(SVG2PNG) --format=png --output=$@ $<
 
 clean:
 	@rm -rf $(BUILDDIR) $(PNGs) $(PDFs) poky.yaml sphinx-static/switchers.js releases.rst

documentation/contributor-guide/recipe-style-guide.rst

@@ -221,6 +221,20 @@ Recipes need to define both the :term:`LICENSE` and
    ``meta/files/common-licenses/`` or the :term:`SPDXLICENSEMAP` flag names
    defined in ``meta/conf/licenses.conf``.
 
+   .. note::
+
+      Setting a :term:`LICENSE` in a recipe applies to the software to be built
+      by this recipe, not to the recipe file itself. The license of recipes,
+      configuration files and scripts should also be clearly specified, for
+      example via comments or via a license found in the :term:`layer` that
+      holds these files. These license files are usually found at the root of
+      the layer. Exceptions should be clearly stated in the layer README or
+      LICENSE file.
+
+      For example, the :term:`OpenEmbedded-Core (OE-Core)` layer provides both
+      the GPL-2.0-only and MIT license files, and a "LICENSE" file to explain
+      how these two licenses are attributed to files found in the layer.
+
 -  :term:`LIC_FILES_CHKSUM`: The OpenEmbedded build system uses this
    variable to make sure the license text has not changed. If it has,
    the build produces an error and it affords you the chance to figure

documentation/contributor-guide/submit-changes.rst

@@ -329,10 +329,10 @@ Validating Patches with Patchtest
 
 ``patchtest`` is available in ``openembedded-core`` as a tool for making
 sure that your patches are well-formatted and contain important info for
-maintenance purposes, such as ``Signed-off-by`` and ``Upstream-Status``
-tags. Note that no functional testing of the changes will be performed by ``patchtest``.
-Currently, it only supports testing patches for ``openembedded-core`` branches.
-To setup, perform the following::
+maintenance purposes, such as the ``Signed-off-by`` presence. Note that no
+functional testing of the changes will be performed by ``patchtest``. Currently,
+it only supports testing patches for ``openembedded-core`` branches. To setup,
+perform the following::
 
     pip install -r meta/lib/patchtest/requirements.txt
     source oe-init-build-env

documentation/dev-manual/index.rst

@@ -41,7 +41,6 @@ Yocto Project Development Tasks Manual
    build-quality
    debugging
    licenses
-   security-subjects
    vulnerabilities
    sbom
    error-reporting-tool

documentation/dev-manual/packages.rst

@@ -274,8 +274,23 @@ with a number. The number used depends on the state of the PR Service:
 
    .. code-block:: none
 
-      hello-world-git_0.0+git0+b6558dd387-r0.0_armv7a-neon.ipk
-      hello-world-git_0.0+git1+dd2f5c3565-r0.0_armv7a-neon.ipk
+      hello-world-git_1.0+git0+b6558dd387-r0.0_armv7a-neon.ipk
+      hello-world-git_1.0+git1+dd2f5c3565-r0.1_armv7a-neon.ipk
+
+   Two numbers got incremented here:
+
+   -  ``gitX`` changed from ``git0`` to ``git1``. This is because there was a
+      change in the source code (``SRCREV``).
+
+   -  ``r0.X`` changed from ``r0.0`` to ``r0.1``. This is because the hash of
+      the :ref:`ref-tasks-package` task changed.
+
+      The reason for this change can be many. To understand why the hash of the
+      :ref:`ref-tasks-package` task changed, you can run the following command:
+
+      .. code-block:: console
+
+         $ bitbake-diffsigs -t hello-world package
 
 -  If PR Service is not enabled, the build system replaces the
    ``AUTOINC`` placeholder with zero (i.e. "0"). This results in
@@ -285,8 +300,8 @@ with a number. The number used depends on the state of the PR Service:
 
    .. code-block:: none
 
-      hello-world-git_0.0+git0+b6558dd387-r0.0_armv7a-neon.ipk
-      hello-world-git_0.0+git0+dd2f5c3565-r0.0_armv7a-neon.ipk
+      hello-world-git_1.0+git0+b6558dd387-r0_armv7a-neon.ipk
+      hello-world-git_1.0+git0+dd2f5c3565-r0_armv7a-neon.ipk
 
 In summary, the OpenEmbedded build system does not track the history of
 binary package versions for this purpose. ``AUTOINC``, in this case, is

documentation/dev-manual/security-subjects.rst

@@ -1,194 +0,0 @@
-.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
-
-Dealing with Vulnerability Reports
-**********************************
-
-The Yocto Project and OpenEmbedded are open-source, community-based projects
-used in numerous products. They assemble multiple other open-source projects,
-and need to handle security issues and practices both internal (in the code
-maintained by both projects), and external (maintained by other projects and
-organizations).
-
-This manual assembles security-related information concerning the whole
-ecosystem. It includes information on reporting a potential security issue,
-the operation of the YP Security team and how to contribute in the
-related code. It is written to be useful for both security researchers and
-YP developers.
-
-How to report a potential security vulnerability?
-=================================================
-
-If you would like to report a public issue (for example, one with a released
-CVE number), please report it using the
-:yocto_bugs:`Security Bugzilla </enter_bug.cgi?product=Security>`.
-
-If you are dealing with a not-yet-released issue, or an urgent one, please send
-a message to security AT yoctoproject DOT org, including as many details as
-possible: the layer or software module affected, the recipe and its version,
-and any example code, if available. This mailing list is monitored by the
-Yocto Project Security team.
-
-For each layer, you might also look for specific instructions (if any) for
-reporting potential security issues in the specific ``SECURITY.md`` file at the
-root of the repository. Instructions on how and where submit a patch are
-usually available in ``README.md``. If this is your first patch to the
-Yocto Project/OpenEmbedded, you might want to have a look into the
-Contributor's Manual section
-":ref:`contributor-guide/submit-changes:preparing changes for submission`".
-
-Branches maintained with security fixes
----------------------------------------
-
-See the
-:ref:`Release process <ref-manual/release-process:Stable Release Process>`
-documentation for details regarding the policies and maintenance of stable
-branches.
-
-The :yocto_home:`Releases </development/releases/>` page contains a list of all
-releases of the Yocto Project, grouped into current and previous releases.
-Previous releases are no longer actively maintained with security patches, but
-well-tested patches may still be accepted for them for significant issues.
-
-Security-related discussions at the Yocto Project
--------------------------------------------------
-
-We have set up two security-related emails/mailing lists:
-
-  -  Public Mailing List: yocto [dash] security [at] yoctoproject[dot] org
-
-     This is a public mailing list for anyone to subscribe to. This list is an
-     open list to discuss public security issues/patches and security-related
-     initiatives. For more information, including subscription information,
-     please see the  :yocto_lists:`yocto-security mailing list info page
-     </g/yocto-security>`.
-
-     This list requires moderator approval for new topics to be posted, to avoid
-     private security reports to be posted by mistake.
-
-  -  Yocto Project Security Team: security [at] yoctoproject [dot] org
-
-     This is an email for reporting non-published potential vulnerabilities.
-     Emails sent to this address are forwarded to the Yocto Project Security
-     Team members.
-
-
-What you should do if you find a security vulnerability
--------------------------------------------------------
-
-If you find a security flaw: a crash, an information leakage, or anything that
-can have a security impact if exploited in any Open Source software built or
-used by the Yocto Project, please report this to the Yocto Project Security
-Team. If you prefer to contact the upstream project directly, please send a
-copy to the security team at the Yocto Project as well. If you believe this is
-highly sensitive information, please report the vulnerability in a secure way,
-i.e. encrypt the email and send it to the private list. This ensures that
-the exploit is not leaked and exploited before a response/fix has been generated.
-
-Security team
-=============
-
-The Yocto Project/OpenEmbedded security team coordinates the work on security
-subjects in the project. All general discussion takes place publicly. The
-Security Team only uses confidential communication tools to deal with private
-vulnerability reports before they are released.
-
-Security team appointment
--------------------------
-
-The Yocto Project Security Team consists of at least three members. When new
-members are needed, the Yocto Project Technical Steering Committee (YP TSC)
-asks for nominations by public channels including a nomination deadline.
-Self-nominations are possible. When the limit time is
-reached, the YP TSC posts the list of candidates for the comments of project
-participants and developers. Comments may be sent publicly or privately to the
-YP and OE TSCs. The candidates are approved by both YP TSC and OpenEmbedded
-Technical Steering Committee (OE TSC) and the final list of the team members
-is announced publicly. The aim is to have people representing technical
-leadership, security knowledge and infrastructure present with enough people
-to provide backup/coverage but keep the notification list small enough to
-minimize information risk and maintain trust.
-
-YP Security Team members may resign at any time.
-
-Security Team Operations
-------------------------
-
-The work of the Security Team might require high confidentiality. Team members
-are individuals selected by merit and do not represent the companies they work
-for. They do not share information about confidential issues outside of the team
-and do not hint about ongoing embargoes.
-
-Team members can bring in domain experts as needed. Those people should be
-added to individual issues only and adhere to the same standards as the YP
-Security Team.
-
-The YP security team organizes its meetings and communication as needed.
-
-When the YP Security team receives a report about a potential security
-vulnerability, they quickly analyze and notify the reporter of the result.
-They might also request more information.
-
-If the issue is confirmed and affects the code maintained by the YP, they
-confidentially notify maintainers of that code and work with them to prepare
-a fix.
-
-If the issue is confirmed and affects an upstream project, the YP security team
-notifies the project. Usually, the upstream project analyzes the problem again.
-If they deem it a real security problem in their software, they develop and
-release a fix following their security policy. They may want to include the
-original reporter in the loop. There is also sometimes some coordination for
-handling patches, backporting patches etc, or just understanding the problem
-or what caused it.
-
-When the fix is publicly available, the YP security team member or the
-package maintainer sends patches against the YP code base, following usual
-procedures, including public code review.
-
-What Yocto Security Team does when it receives a security vulnerability
------------------------------------------------------------------------
-
-The YP Security Team team performs a quick analysis and would usually report
-the flaw to the upstream project. Normally the upstream project analyzes the
-problem. If they deem it a real security problem in their software, they
-develop and release a fix following their own security policy. They may want
-to include the original reporter in the loop. There is also sometimes some
-coordination for handling patches, backporting patches etc, or just
-understanding the problem or what caused it.
-
-The security policy of the upstream project might include a notification to
-Linux distributions or other important downstream projects in advance to
-discuss coordinated disclosure. These mailing lists are normally non-public.
-
-When the upstream project releases a version with the fix, they are responsible
-for contacting `Mitre <https://www.cve.org/>`__ to get a CVE number assigned and
-the CVE record published.
-
-If an upstream project does not respond quickly
------------------------------------------------
-
-If an upstream project does not fix the problem in a reasonable time,
-the Yocto's Security Team will contact other interested parties (usually
-other distributions) in the community and together try to solve the
-vulnerability as quickly as possible.
-
-The Yocto Project Security team adheres to the 90 days disclosure policy
-by default. An increase of the embargo time is possible when necessary.
-
-Current Security Team members
------------------------------
-
-For secure communications, please send your messages encrypted using the GPG
-keys. Remember, message headers are not encrypted so do not include sensitive
-information in the subject line.
-
-  -  Ross Burton: <ross@burtonini.com> `Public key <https://keys.openpgp.org/search?q=ross%40burtonini.com>`__
-
-  -  Michael Halstead: <mhalstead [at] linuxfoundation [dot] org>
-     `Public key <https://pgp.mit.edu/pks/lookup?op=vindex&search=0x3373170601861969>`__
-     or `Public key <https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xd1f2407285e571ed12a407a73373170601861969>`__
-
-  -  Richard Purdie: <richard.purdie@linuxfoundation.org> `Public key <https://keys.openpgp.org/search?q=richard.purdie%40linuxfoundation.org>`__
-
-  -  Marta Rybczynska: <marta DOT rybczynska [at] syslinbit [dot] com> `Public key <https://keys.openpgp.org/search?q=marta.rybczynska@syslinbit.com>`__
-
-  -  Steve Sakoman: <steve [at] sakoman [dot] com> `Public key <https://keys.openpgp.org/search?q=steve%40sakoman.com>`__

documentation/dev-manual/temporary-source-code.rst

@@ -36,11 +36,11 @@ The path to the work directory for the recipe
 (:term:`WORKDIR`) is defined as
 follows::
 
-   ${TMPDIR}/work/${MULTIMACH_TARGET_SYS}/${PN}/${EXTENDPE}${PV}-${PR}
+   ${BASE_WORKDIR}/${MULTIMACH_TARGET_SYS}/${PN}/${PV}
 
 The actual directory depends on several things:
 
--  :term:`TMPDIR`: The top-level build
+-  :term:`BASE_WORKDIR`: The top-level build
    output directory.
 
 -  :term:`MULTIMACH_TARGET_SYS`:
@@ -48,19 +48,13 @@ The actual directory depends on several things:
 
 -  :term:`PN`: The recipe name.
 
--  :term:`EXTENDPE`: The epoch --- if
-   :term:`PE` is not specified, which is
-   usually the case for most recipes, then :term:`EXTENDPE` is blank.
-
 -  :term:`PV`: The recipe version.
 
--  :term:`PR`: The recipe revision.
-
 As an example, assume a Source Directory top-level folder named
-``poky``, a default :term:`Build Directory` at ``poky/build``, and a
+``project``, a default :term:`Build Directory` at ``project/build``, and a
 ``qemux86-poky-linux`` machine target system. Furthermore, suppose your
 recipe is named ``foo_1.3.0.bb``. In this case, the work directory the
 build system uses to build the package would be as follows::
 
-   poky/build/tmp/work/qemux86-poky-linux/foo/1.3.0-r0
+   project/build/tmp/work/qemux86-poky-linux/foo/1.3.0
 

documentation/index.rst

@@ -20,7 +20,6 @@ Welcome to the Yocto Project Documentation
    Yocto Project Software Overview <https://www.yoctoproject.org/software-overview/>
    Tips and Tricks Wiki <https://wiki.yoctoproject.org/wiki/TipsAndTricks>
 
-
 .. toctree::
    :maxdepth: 1
    :caption: Manuals
@@ -37,6 +36,12 @@ Welcome to the Yocto Project Documentation
    Test Environment Manual <test-manual/index>
    bitbake
 
+.. toctree::
+   :maxdepth: 1
+   :caption: Security
+
+   Yocto Project Security Reference <security-reference/index>
+
 .. toctree::
    :maxdepth: 1
    :caption: Release Manuals

documentation/migration-guides/release-4.0.rst

@@ -38,3 +38,4 @@ Release 4.0 (kirkstone)
    release-notes-4.0.29
    release-notes-4.0.30
    release-notes-4.0.31
+   release-notes-4.0.32

documentation/migration-guides/release-5.0.rst

@@ -20,3 +20,5 @@ Release 5.0 (scarthgap)
    release-notes-5.0.11
    release-notes-5.0.12
    release-notes-5.0.13
+   release-notes-5.0.14
+   release-notes-5.0.15

documentation/migration-guides/release-notes-4.0.32.rst

@@ -0,0 +1,194 @@
+Release notes for Yocto-4.0.32 (Kirkstone)
+------------------------------------------
+
+Security Fixes in Yocto-4.0.32
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  bind: Fix :cve_nist:`2025-8677`, :cve_nist:`2025-40778` and :cve_nist:`2025-40780`
+-  binutils: Fix :cve_nist:`2025-11412` and :cve_nist:`2025-11413`
+-  curl: Ignore :cve_nist:`2025-10966`
+-  elfutils: Fix :cve_nist:`2025-1376` and :cve_nist:`2025-1377`
+-  gnutls: Fix :cve_nist:`2025-9820`
+-  go: Fix :cve_nist:`2024-24783`, :cve_nist:`2025-58187`, :cve_nist:`2025-58189`,
+   :cve_nist:`2025-61723` and :cve_nist:`2025-61724`
+-  libarchive: Fix :cve_nist:`2025-60753`
+-  libarchive: Fix 2 security issue (https://github.com/libarchive/libarchive/pull/2753 and
+   https://github.com/libarchive/libarchive/pull/2768)
+-  libpng: Fix :cve_nist:`2025-64505`, :cve_nist:`2025-64506`, :cve_nist:`2025-64720`,
+   :cve_nist:`2025-65018` and :cve_nist:`2025-66293`
+-  libxml2: Fix :cve_nist:`2025-7425`
+-  musl: Fix :cve_nist:`2025-26519`
+-  openssh: Fix :cve_nist:`2025-61984` and :cve_nist:`2025-61985`
+-  python3-idna: Fix :cve_nist:`2024-3651`
+-  python3-urllib3: Fix :cve_nist:`2024-37891`
+-  python3: fix :cve_nist:`2025-6075`
+-  ruby: Fix :cve_nist:`2024-35176`, :cve_nist:`2024-39908` and :cve_nist:`2024-41123`
+-  rust-cross-canadian: Ignore :cve_nist:`2024-43402`
+-  u-boot: Fix :cve_nist:`2024-42040`
+-  wpa-supplicant: Fix :cve_nist:`2025-24912`
+-  xserver-xorg: Fix :cve_nist:`2025-62229`, :cve_nist:`2025-62230` and :cve_nist:`2025-62231`
+-  xwayland: Fix :cve_nist:`2025-62229`, :cve_nist:`2025-62230` and :cve_nist:`2025-62231`
+
+
+Fixes in Yocto-4.0.32
+~~~~~~~~~~~~~~~~~~~~~
+
+-  babeltrace2: fetch with https protocol
+-  bind: upgrade to 9.18.41
+-  build-appliance-image: Update to kirkstone head revision
+-  dev-manual/layers.rst: document "bitbake-layers show-machines"
+-  dev-manual/new-recipe.rst: replace 'bitbake -e' with 'bitbake-getvar'
+-  dev-manual/new-recipe.rst: typo, "whith" -> "which"
+-  dev-manual/new-recipe.rst: update "recipetool -h" output
+-  dev-manual: debugging: use bitbake-getvar in Viewing Variable Values section
+-  documentation: link to the Releases page on yoctoproject.org instead of wiki
+-  efibootmgr: update :term:`SRC_URI` branch
+-  flac: patch seeking bug
+-  goarch.bbclass: do not leak :term:`TUNE_FEATURES` into crosssdk task signatures
+-  kernel-dev: add disable config example
+-  kernel-dev: common: migrate bitbake -e to bitbake-getvar
+-  libmicrohttpd: disable experimental code by default
+-  migration-guides: add release notes for 4.0.31
+-  oe-build-perf-report: relax metadata matching rules
+-  overview-manual: migrate to SVG + fix typo
+-  poky.conf: bump version for 4.0.32
+-  python3-urllib3: upgrade to 1.26.20
+-  recipes: Don't use ftp.gnome.org
+-  ref-manual: variables: migrate the :term:`OVERRIDES` note to bitbake-getvar
+-  systemd-bootchart: update :term:`SRC_URI` branch
+-  xf86-video-intel: correct :term:`SRC_URI` as freedesktop anongit is down
+
+
+Known Issues in Yocto-4.0.32
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.32
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+
+-  Alexander Kanavin
+-  Archana Polampalli
+-  Divya Chellam
+-  Gyorgy Sarvari
+-  Hitendra Prajapati
+-  Hongxu Jia
+-  Jason Schonberg
+-  Lee Chee Yang
+-  Peter Marko
+-  Praveen Kumar
+-  Quentin Schulz
+-  Richard Purdie
+-  Robert P. J. Day
+-  Ross Burton
+-  Saquib Iltaf
+-  Soumya Sambu
+-  Steve Sakoman
+-  Vijay Anusuri
+-  Walter Werner SCHNEIDER
+
+
+Repositories / Downloads for Yocto-4.0.32
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.32 </yocto-docs/log/?h=yocto-4.0.32>`
+-  Git Revision: :yocto_git:`4b9df539fa06fb19ed8b51ef2d46e5c56779de81 </yocto-docs/commit/?id=4b9df539fa06fb19ed8b51ef2d46e5c56779de81>`
+-  Release Artefact: yocto-docs-4b9df539fa06fb19ed8b51ef2d46e5c56779de81
+-  sha: 70ee2caf576683c5f31ac5a592cde1c0650ece25cfcd5ff3cc7eedf531575611
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.32/yocto-docs-4b9df539fa06fb19ed8b51ef2d46e5c56779de81.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.32/yocto-docs-4b9df539fa06fb19ed8b51ef2d46e5c56779de81.tar.bz2
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.32 </poky/log/?h=yocto-4.0.32>`
+-  Git Revision: :yocto_git:`2c05660b21c7cc1082aeac8b75d8a2d82e249f63 </poky/commit/?id=2c05660b21c7cc1082aeac8b75d8a2d82e249f63>`
+-  Release Artefact: poky-2c05660b21c7cc1082aeac8b75d8a2d82e249f63
+-  sha: d7a55a18a597a7b140a81586b7ca6379c208ebbb3285de36c48fde10882947d8
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.32/poky-2c05660b21c7cc1082aeac8b75d8a2d82e249f63.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.32/poky-2c05660b21c7cc1082aeac8b75d8a2d82e249f63.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+-  Tag:  :oe_git:`yocto-4.0.32 </openembedded-core/log/?h=yocto-4.0.32>`
+-  Git Revision: :oe_git:`2ed3f8b938579dbbb804e04c45a968cc57761db7 </openembedded-core/commit/?id=2ed3f8b938579dbbb804e04c45a968cc57761db7>`
+-  Release Artefact: oecore-2ed3f8b938579dbbb804e04c45a968cc57761db7
+-  sha: 11b9632586dfbf3f0ef69eca2014a8002f25ca8d53cfe9424e27361ba3a20831
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.32/oecore-2ed3f8b938579dbbb804e04c45a968cc57761db7.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.32/oecore-2ed3f8b938579dbbb804e04c45a968cc57761db7.tar.bz2
+
+meta-yocto
+
+-  Repository Location: :yocto_git:`/meta-yocto`
+-  Branch: :yocto_git:`kirkstone </meta-yocto/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.32 </meta-yocto/log/?h=yocto-4.0.32>`
+-  Git Revision: :yocto_git:`77b40877c179ea3ce5c37c7ba1831e9c0e289266 </meta-yocto/commit/?id=77b40877c179ea3ce5c37c7ba1831e9c0e289266>`
+-  Release Artefact: meta-yocto-77b40877c179ea3ce5c37c7ba1831e9c0e289266
+-  sha: e908d42690881cd6e07b9ca18a21eb8761a0ec72d940b12905622e75ba913974
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.32/meta-yocto-77b40877c179ea3ce5c37c7ba1831e9c0e289266.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.32/meta-yocto-77b40877c179ea3ce5c37c7ba1831e9c0e289266.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.32 </meta-mingw/log/?h=yocto-4.0.32>`
+-  Git Revision: :yocto_git:`87c22abb1f11be430caf4372e6b833dc7d77564e </meta-mingw/commit/?id=87c22abb1f11be430caf4372e6b833dc7d77564e>`
+-  Release Artefact: meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e
+-  sha: f0bc4873e2e0319fb9d6d6ab9b98eb3f89664d4339a167d2db6a787dd12bc1a8
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.32/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.32/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+
+meta-gplv2
+
+-  Repository Location: :yocto_git:`/meta-gplv2`
+-  Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.32 </meta-gplv2/log/?h=yocto-4.0.32>`
+-  Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+-  Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+-  sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.32/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.32/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+-  Tag:  :oe_git:`yocto-4.0.32 </bitbake/log/?h=yocto-4.0.32>`
+-  Git Revision: :oe_git:`8e2d1f8de055549b2101614d85454fcd1d0f94b2 </bitbake/commit/?id=8e2d1f8de055549b2101614d85454fcd1d0f94b2>`
+-  Release Artefact: bitbake-8e2d1f8de055549b2101614d85454fcd1d0f94b2
+-  sha: fad4e7699bae62082118e89785324b031b0af0743064caee87c91ba28549afb0
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.32/bitbake-8e2d1f8de055549b2101614d85454fcd1d0f94b2.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.32/bitbake-8e2d1f8de055549b2101614d85454fcd1d0f94b2.tar.bz2
+

documentation/migration-guides/release-notes-4.3.rst

@@ -274,7 +274,7 @@ New Features / Enhancements in 4.3
 
    -  New :doc:`../contributor-guide/index` document.
 
-   -  New :doc:`../dev-manual/security-subjects` chapter in the Development
+   -  New "Dealing with Vulnerability Reports" chapter in the Development
       Tasks Manual.
 
    -  Long overdue documentation for the :ref:`ref-classes-devicetree` class.

documentation/migration-guides/release-notes-5.0.14.rst

@@ -0,0 +1,211 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-5.0.14 (Scarthgap)
+------------------------------------------
+
+Security Fixes in Yocto-5.0.14
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  bind: Fix :cve_nist:`2025-8677`, :cve_nist:`2025-40778` and :cve_nist:`2025-40780`
+-  binutils: Fix :cve_nist:`2025-8225`, :cve_nist:`2025-11081`, :cve_nist:`2025-11082`,
+   :cve_nist:`2025-11083`, :cve_nist:`2025-11412`, :cve_nist:`2025-11413` and :cve_nist:`2025-11414`
+-  cmake: fix :cve_nist:`2025-9301`
+-  curl: Ignore :cve_nist:`2025-10966`
+-  elfutils: Fix :cve_nist:`2025-1376` and :cve_nist:`2025-1377`
+-  expat: Fix :cve_nist:`2025-59375`
+-  glib-networking: Fix :cve_nist:`2025-60018` and :cve_nist:`2025-60019`
+-  gnupg: Ignore :cve_nist:`2025-30258`
+-  go: Fix :cve_nist:`2025-47912`, :cve_nist:`2025-58185`, :cve_nist:`2025-58187`,
+   :cve_nist:`2025-58188`, :cve_nist:`2025-58189`, :cve_nist:`2025-61723` and :cve_nist:`2025-61724`
+-  libpam: Ignore :cve_nist:`2025-6018`
+-  lz4: Fix :cve_nist:`2025-62813`
+-  openssh: Fix :cve_nist:`2025-61984` and :cve_nist:`2025-61985`
+-  python3: Fix :cve_nist:`2025-59375`
+-  python3-xmltodict: Fix :cve_nist:`2025-9375`
+-  qemu: Fix :cve_nist:`2024-8354`
+-  tiff: Ignore :cve_nist:`2025-8961`
+-  u-boot: Fix :cve_nist:`2024-42040`
+-  wpa-supplicant: Fix :cve_nist:`2025-24912`
+
+
+Fixes in Yocto-5.0.14
+~~~~~~~~~~~~~~~~~~~~~
+
+-  bind: upgrade to 9.18.41
+-  bitbake: bb/fetch2/__init__.py: remove a DeprecationWarning in uri_replace()
+-  bitbake: fetch2/wget: Keep query parameters in URL during checkstatus
+-  build-appliance-image: Update to scarthgap head revision
+-  ca-certificates: Add comment for provenance of :term:`SRCREV`
+-  ca-certificates: fix on-target postinstall script
+-  ca-certificates: get sources from debian tarballs
+-  ca-certificates: submit sysroot patch upstream, drop default-sysroot.patch
+-  ca-certificates: upgrade to 20250419
+-  classes/create-spdx-2.2: align DEPLOY_DIR_SPDX with SPDX_VERSION layout
+-  classes/create-spdx-2.2: Handle empty packages
+-  classes-global/license: Move functions to library code
+-  classes-global/staging: Exclude do_create_spdx from automatic sysroot extension
+-  classes-recipe/baremetal-image: Add image file manifest
+-  classes-recipe/image: Add image file manifest
+-  curl: only set CA bundle in target build
+-  dev-manual, test-manual: Update autobuilder output links
+-  flex: fix build with gcc-15 on host
+-  glibc: stable 2.39 branch updates
+-  gstreamer1.0-plugins-bad: fix buffer allocation fail for v4l2codecs
+-  icu: Backport patch to fix build issues with long paths (>512 chars)
+-  iptables: remove /etc/ethertypes
+-  lib/license: Move package license skip to library
+-  lib: oe: license: Add missing import
+-  lib: oeqa: spdx: Add tests for extra options
+-  linux-yocto/6.6: update to v6.6.111
+-  meta: backport :term:`SPDX` 3.0 fixes and tasks from upstream version Walnascar
+-  migration-guides: add release notes for 4.0.30
+-  oe-build-perf-report: relax metadata matching rules
+-  oe-core: Remove empty file
+-  oeqa/runtime/ping: don't bother trying to ping localhost
+-  oeqa/selftest: Add :term:`SPDX` 3.0 include source case for work-share
+-  oeqa/selftest/devtool: Update after upstream repo changes
+-  oeqa: spdx: Add tar test for :term:`SPDX` 2.2
+-  overview-manual/yp-intro.rst: update on-target packaging info
+-  perf: add arm64 source files for unistd_64.h
+-  poky.conf: bump version for 5.0.14
+-  python3: upgrade to 3.12.12
+-  ref-manual/classes.rst: document the relative_symlinks class
+-  ref-manual/classes.rst: extend the uninative class documentation
+-  ref-manual/classes.rst: gettext: extend the documentation of the class
+-  ref-manual/variables.rst: document :term:`CCACHE_DISABLE` CHECKSUM :term:`UNINATIVE_URL`
+   :term:`REQUIRED_COMBINED_FEATURES` :term:`REQUIRED_IMAGE_FEATURES`
+   :term:`REQUIRED_MACHINE_FEATURES` :term:`USE_NLS` variable
+-  ref-manual/variables.rst: fix :term:`LAYERDEPENDS` description
+-  selftest: spdx: Add :term:`SPDX` 3.0 test cases
+-  selftest/spdx: Fix for SPDX_VERSION addition
+-  spdx 3.0: Rework how :term:`SPDX` aliases are linked
+-  spdx30_tasks: adapt CVE handling to new cve-check API
+-  spdx30_tasks: fix FetchData attribute in add_download_files
+-  util-linux: fix pointer usage in hwclock param handling
+-  vulnerabilities: update nvdcve file name
+-  webkitgtk: upgrade to 2.44.4
+-  wireless-regdb: upgrade to 2025.10.07
+-  xf86-video-intel: correct :term:`SRC_URI` as freedesktop anongit is down
+
+
+Known Issues in Yocto-5.0.14
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+Contributors to Yocto-5.0.14
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+-  Alexander Kanavin
+-  Anders Heimer
+-  Ankur Tyagi
+-  Antonin Godard
+-  Archana Polampalli
+-  Bastian Krause
+-  Bin Lan
+-  Bruce Ashfield
+-  Carlos Alberto Lopez Perez
+-  Daniel Semkowicz
+-  David Nyström
+-  Deepesh Varatharajan
+-  Gyorgy Sarvari
+-  Hongxu Jia
+-  Joshua Watt
+-  João Marcos Costa
+-  Kamel Bouhara (Schneider Electric)
+-  Lee Chee Yang
+-  Martin Jansa
+-  Matthias Schiffer
+-  Michael Haener
+-  Paul Barker
+-  Peter Marko
+-  Philippe-Alexandre Mathieu
+-  Praveen Kumar
+-  Rajeshkumar Ramasamy
+-  Rasmus Villemoes
+-  Richard Purdie
+-  Robert P. J. Day
+-  Saravanan
+-  Soumya Sambu
+-  Steve Sakoman
+-  Theodore A. Roth
+-  Wang Mingyu
+-  Yannic Moog
+-  Yash Shinde
+-  Yogita Urade
+
+Repositories / Downloads for Yocto-5.0.14
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`scarthgap </yocto-docs/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.14 </yocto-docs/log/?h=yocto-5.0.14>`
+-  Git Revision: :yocto_git:`a8687e4bb2e822670b6ad110613a12fa02943d3d </yocto-docs/commit/?id=a8687e4bb2e822670b6ad110613a12fa02943d3d>`
+-  Release Artefact: yocto-docs-a8687e4bb2e822670b6ad110613a12fa02943d3d
+-  sha: 72a51b6049a59f773720d9b0aa94f090222a41aeb22d65c5f4211c78418fb6fa
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.14/yocto-docs-a8687e4bb2e822670b6ad110613a12fa02943d3d.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.14/yocto-docs-a8687e4bb2e822670b6ad110613a12fa02943d3d.tar.bz2
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`scarthgap </poky/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.14 </poky/log/?h=yocto-5.0.14>`
+-  Git Revision: :yocto_git:`7e8674996b0164b07e56bc066d0fba790e627061 </poky/commit/?id=7e8674996b0164b07e56bc066d0fba790e627061>`
+-  Release Artefact: poky-7e8674996b0164b07e56bc066d0fba790e627061
+-  sha: 071e189ebccfad99d4d79ea9021475296fa642611828249f0963b019f842a021
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.14/poky-7e8674996b0164b07e56bc066d0fba790e627061.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.14/poky-7e8674996b0164b07e56bc066d0fba790e627061.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`scarthgap </openembedded-core/log/?h=scarthgap>`
+-  Tag:  :oe_git:`yocto-5.0.14 </openembedded-core/log/?h=yocto-5.0.14>`
+-  Git Revision: :oe_git:`471adaa5f77fa3b974eab60a2ded48e360042828 </openembedded-core/commit/?id=471adaa5f77fa3b974eab60a2ded48e360042828>`
+-  Release Artefact: oecore-471adaa5f77fa3b974eab60a2ded48e360042828
+-  sha: 4dfad047a68aea2293845cdb4a86911bb3b1b0444a63f51b4e5a2448018d6a5e
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.14/oecore-471adaa5f77fa3b974eab60a2ded48e360042828.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.14/oecore-471adaa5f77fa3b974eab60a2ded48e360042828.tar.bz2
+
+meta-yocto
+
+-  Repository Location: :yocto_git:`/meta-yocto`
+-  Branch: :yocto_git:`scarthgap </meta-yocto/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.14 </meta-yocto/log/?h=yocto-5.0.14>`
+-  Git Revision: :yocto_git:`bf6aea52c4009e08f26565c33ce432eec7cfb090 </meta-yocto/commit/?id=bf6aea52c4009e08f26565c33ce432eec7cfb090>`
+-  Release Artefact: meta-yocto-bf6aea52c4009e08f26565c33ce432eec7cfb090
+-  sha: 92c9da1027efaf945d80bcd44984d5f8e7606c7ded485b57c0c8f47c9fa1302d
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.14/meta-yocto-bf6aea52c4009e08f26565c33ce432eec7cfb090.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.14/meta-yocto-bf6aea52c4009e08f26565c33ce432eec7cfb090.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`scarthgap </meta-mingw/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.14 </meta-mingw/log/?h=yocto-5.0.14>`
+-  Git Revision: :yocto_git:`bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f </meta-mingw/commit/?id=bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f>`
+-  Release Artefact: meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f
+-  sha: ab073def6487f237ac125d239b3739bf02415270959546b6b287778664f0ae65
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.14/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.14/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.8 </bitbake/log/?h=2.8>`
+-  Tag:  :oe_git:`yocto-5.0.14 </bitbake/log/?h=yocto-5.0.14>`
+-  Git Revision: :oe_git:`8dcf084522b9c66a6639b5f117f554fde9b6b45a </bitbake/commit/?id=8dcf084522b9c66a6639b5f117f554fde9b6b45a>`
+-  Release Artefact: bitbake-8dcf084522b9c66a6639b5f117f554fde9b6b45a
+-  sha: 766eda21f2a914276d2723b1d8248be11507f954aef8fc5bb1767f3cb65688dd
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.14/bitbake-8dcf084522b9c66a6639b5f117f554fde9b6b45a.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.14/bitbake-8dcf084522b9c66a6639b5f117f554fde9b6b45a.tar.bz2

documentation/migration-guides/release-notes-5.0.15.rst

@@ -0,0 +1,219 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-5.0.15 (Scarthgap)
+------------------------------------------
+
+Users of Alma 9, Rocky 9 and Centos Stream 9 rolling releases have seen obtuse failures in the execution of tar in various tasks after recent host distro updates. These newer versions of tar contain a CVE fix which uses a new glibc call/syscall (openat2). The fix is to update to a newer pseudo version which handles this syscall. This is not included in this stable release but we aim to include it in the next one.
+
+Security Fixes in Yocto-5.0.15
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  binutils: Fix :cve_nist:`2025-11494`, :cve_nist:`2025-11839` and :cve_nist:`2025-11840`
+-  cmake-native: Fix :cve_nist:`2025-9301`
+-  cups: Fix :cve_nist:`2025-58436` and :cve_nist:`2025-61915`
+-  gnutls: Fix CVE-2025-9820
+-  go: Fix :cve_nist:`2025-61727` and :cve_nist:`2025-61729`
+-  go: Update :cve_nist:`2025-58187` patches
+-  grub: Fix :cve_nist:`2025-54770`, :cve_nist:`2025-61661`, :cve_nist:`2025-61662`,
+   :cve_nist:`2025-61663` and :cve_nist:`2025-61664`
+-  libarchive: Fix :cve_nist:`2025-60753`
+-  libarchive: Fix 2 security issue (https://github.com/libarchive/libarchive/pull/2753 and
+   https://github.com/libarchive/libarchive/pull/2768)
+-  libmicrohttpd: Ignore :cve_nist:`2025-59777` and :cve_nist:`2025-62689`
+-  libpng: Fix :cve_nist:`2025-64505`, :cve_nist:`2025-64506`, :cve_nist:`2025-64720`,
+   :cve_nist:`2025-65018` and :cve_nist:`2025-66293`
+-  libsoup: Fix :cve_nist:`2025-12105`
+-  libssh2: Fix :cve_nist:`2023-48795`
+-  libxml2: Fix :cve_nist:`2025-7425`
+-  libxslt: Fix :cve_nist:`2025-11731`
+-  musl: Fix :cve_nist:`2025-26519`
+-  python3-urllib3: Fix :cve_nist:`2025-66418` and :cve_nist:`2025-66471`
+-  python3: Fix :cve_nist:`2025-6075`
+-  qemu: Fix :cve_nist:`2025-12464`
+-  rsync: Fix :cve_nist:`2025-10158`
+-  ruby: Fix :cve_nist:`2025-24294`, :cve_nist:`2025-25186` and :cve_nist:`2025-61594`
+-  sqlite3: Fix :cve_nist:`2025-7709`
+-  xserver-xorg: Fix :cve_nist:`2025-62229`, :cve_nist:`2025-62230` and :cve_nist:`2025-62231`
+-  xwayland: Fix :cve_nist:`2025-62229`, :cve_nist:`2025-62230` and :cve_nist:`2025-62231`
+
+
+Fixes and Feature Changes in Yocto-5.0.15
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  build-appliance-image: Update to scarthgap head revision
+-  classes/create-spdx-2.2: Define SPDX_VERSION to 2.2
+-  cml1.bbclass: use consistent make flags for menuconfig
+-  cross.bbclass: Propagate dependencies to outhash
+-  curl: Ensure 'CURL_CA_BUNDLE' from host env is indeed respected
+-  curl: Use host CA bundle by default for native(sdk) builds
+-  cve-check: extract extending :term:`CVE_STATUS` to library function
+-  dev-manual/layers.rst: document "bitbake-layers show-machines"
+-  dev-manual/new-recipe.rst: replace 'bitbake -e' with 'bitbake-getvar'
+-  dev-manual/new-recipe.rst: typo, "whith" -> "which"
+-  dev-manual/new-recipe.rst: update "recipetool -h" output
+-  dev-manual/sbom.rst: reflect that create-spdx is enabled by default
+-  dev-manual: debugging: use bitbake-getvar in Viewing Variable Values section
+-  documentation: link to the Releases page on yoctoproject.org instead of wiki
+-  glslang: fix compiling with gcc15
+-  go: add sdk test
+-  go: extend runtime test
+-  go: remove duplicate arch map in sdk test
+-  goarch.bbclass: do not leak :term:`TUNE_FEATURES` into crosssdk task signatures
+-  kernel-dev: add disable config example
+-  kernel-dev: common: migrate bitbake -e to bitbake-getvar
+-  kernel.bbclass: Add task to export kernel configuration to :term:`SPDX`
+-  libssh2: fix regression in KEX method validation (GH-1553)
+-  libssh2: upgrade to 1.11.1
+-  migration-guides: add release notes for 4.0.31 and 5.0.13
+-  oe/sdk: fix empty SDK manifests
+-  oeqa/sdk/buildepoxy: skip test in eSDK
+-  oeqa/selftest: oe-selftest: Add :term:`SPDX` tests for kernel config and :term:`PACKAGECONFIG`
+-  oeqa: drop unnecessary dependency from go runtime tests
+-  oeqa: fix package detection in go sdk tests
+-  overview-manual: migrate to SVG + fix typo
+-  poky.conf: bump version for 5.0.15
+-  ref-manual: variables: migrate the :term:`OVERRIDES` note to bitbake-getvar
+-  ruby: Upgrade to 3.3.10
+-  rust-target-config: fix nativesdk-libstd-rs build with baremetal
+-  scripts/install-buildtools: Update to 5.0.14
+-  spdx30: Provide software_packageUrl field in :term:`SPDX` 3.0 SBOM
+-  spdx30: fix cve status for patch files in VEX
+-  spdx30: provide all CVE_STATUS, not only Patched status
+-  spdx30_tasks: Add support for exporting :term:`PACKAGECONFIG` to :term:`SPDX`
+-  spdx: Revert "spdx: Update for bitbake changes"
+-  spdx: extend :term:`CVE_STATUS` variables
+-  testsdk: allow user to specify which tests to run
+-  vex.bbclass: add a new class
+-  vex: fix rootfs manifest
+-  xserver-xorg: remove redundant patch
+
+
+Known Issues in Yocto-5.0.15
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+Contributors to Yocto-5.0.15
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+
+-  Adarsh Jagadish Kamini
+-  Aleksandar Nikolic
+-  Alexander Kanavin
+-  Benjamin Robin (Schneider Electric)
+-  Changqing Li
+-  Daniel Turull
+-  Deepak Rathore
+-  Deepesh Varatharajan
+-  Enrico Jörns
+-  Gyorgy Sarvari
+-  Hitendra Prajapati
+-  Hongxu Jia
+-  Hugo SIMELIERE
+-  Jiaying Song
+-  Kai Kang
+-  Kamel Bouhara (Schneider Electric)
+-  Lee Chee Yang
+-  Martin Jansa
+-  Mingli Yu
+-  Moritz Haase
+-  Osama Abdelkader
+-  Ovidiu Panait
+-  Peter Marko
+-  Praveen Kumar
+-  Quentin Schulz
+-  Robert P. J. Day
+-  Ross Burton
+-  Steve Sakoman
+-  Vijay Anusuri
+-  Walter Werner SCHNEIDER
+-  Yash Shinde
+-  Yogita Urade
+
+Repositories / Downloads for Yocto-5.0.15
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`scarthgap </yocto-docs/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.15 </yocto-docs/log/?h=yocto-5.0.15>`
+-  Git Revision: :yocto_git:`b0f5cc276639916df197435780b3e94accd4af41 </yocto-docs/commit/?id=b0f5cc276639916df197435780b3e94accd4af41>`
+-  Release Artefact: yocto-docs-b0f5cc276639916df197435780b3e94accd4af41
+-  sha: 28ebedfa6471e4ed7583aca0925cd31f4429af3d27ffc0a7e250f7b75404edd7
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.15/yocto-docs-b0f5cc276639916df197435780b3e94accd4af41.tar.bz2
+
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.15/yocto-docs-b0f5cc276639916df197435780b3e94accd4af41.tar.bz2
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`scarthgap </poky/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.15 </poky/log/?h=yocto-5.0.15>`
+-  Git Revision: :yocto_git:`72983ac391008ebceb45edc7a8f0f6d5f4fe715c </poky/commit/?id=72983ac391008ebceb45edc7a8f0f6d5f4fe715c>`
+-  Release Artefact: poky-72983ac391008ebceb45edc7a8f0f6d5f4fe715c
+-  sha: d5336d1ef1dd48b88cb92748c669360901004d458b7786ddc1918da12fef4edd
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.15/poky-72983ac391008ebceb45edc7a8f0f6d5f4fe715c.tar.bz2
+
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.15/poky-72983ac391008ebceb45edc7a8f0f6d5f4fe715c.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`scarthgap </openembedded-core/log/?h=scarthgap>`
+-  Tag:  :oe_git:`yocto-5.0.15 </openembedded-core/log/?h=yocto-5.0.15>`
+-  Git Revision: :oe_git:`6988157ad983978ffd6b12bcefedd4deaffdbbd1 </openembedded-core/commit/?id=6988157ad983978ffd6b12bcefedd4deaffdbbd1>`
+-  Release Artefact: oecore-6988157ad983978ffd6b12bcefedd4deaffdbbd1
+-  sha: 98a691ce87f9aba57007e91b56bbe0af6d6c8f62aacb68820026478ff8e1f819
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.15/oecore-6988157ad983978ffd6b12bcefedd4deaffdbbd1.tar.bz2
+
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.15/oecore-6988157ad983978ffd6b12bcefedd4deaffdbbd1.tar.bz2
+
+meta-yocto
+
+-  Repository Location: :yocto_git:`/meta-yocto`
+-  Branch: :yocto_git:`scarthgap </meta-yocto/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.15 </meta-yocto/log/?h=yocto-5.0.15>`
+-  Git Revision: :yocto_git:`9bb6e6e8b016a0c9dfe290369a6ed91ef4020535 </meta-yocto/commit/?id=9bb6e6e8b016a0c9dfe290369a6ed91ef4020535>`
+-  Release Artefact: meta-yocto-9bb6e6e8b016a0c9dfe290369a6ed91ef4020535
+-  sha: 01778c43673ef11ec5d0fb76bd7c600031f5fc9bcfd9bfa586d5fb6b6babff95
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.15/meta-yocto-9bb6e6e8b016a0c9dfe290369a6ed91ef4020535.tar.bz2
+
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.15/meta-yocto-9bb6e6e8b016a0c9dfe290369a6ed91ef4020535.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`scarthgap </meta-mingw/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.15 </meta-mingw/log/?h=yocto-5.0.15>`
+-  Git Revision: :yocto_git:`bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f </meta-mingw/commit/?id=bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f>`
+-  Release Artefact: meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f
+-  sha: ab073def6487f237ac125d239b3739bf02415270959546b6b287778664f0ae65
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.15/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.15/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.8 </bitbake/log/?h=2.8>`
+-  Tag:  :oe_git:`yocto-5.0.15 </bitbake/log/?h=yocto-5.0.15>`
+-  Git Revision: :oe_git:`8dcf084522b9c66a6639b5f117f554fde9b6b45a </bitbake/commit/?id=8dcf084522b9c66a6639b5f117f554fde9b6b45a>`
+-  Release Artefact: bitbake-8dcf084522b9c66a6639b5f117f554fde9b6b45a
+-  sha: 766eda21f2a914276d2723b1d8248be11507f954aef8fc5bb1767f3cb65688dd
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.15/bitbake-8dcf084522b9c66a6639b5f117f554fde9b6b45a.tar.bz2
+
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.15/bitbake-8dcf084522b9c66a6639b5f117f554fde9b6b45a.tar.bz2

documentation/overview-manual/concepts.rst

@@ -162,7 +162,7 @@ The following diagram represents the high-level workflow of a build. The
 remainder of this section expands on the fundamental input, output,
 process, and metadata logical blocks that make up the workflow.
 
-.. image:: figures/YP-flow-diagram.png
+.. image:: svg/yp-flow-diagram.*
    :width: 100%
 
 In general, the build's workflow consists of several functional areas:

documentation/overview-manual/svg/yp-flow-diagram.svg

@@ -0,0 +1,950 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Generator: Adobe Illustrator 13.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 14948)  -->
+
+<svg
+   version="1.1"
+   id="Layer_1"
+   x="0px"
+   y="0px"
+   width="760.50098"
+   height="352.582"
+   viewBox="0 0 760.50095 352.582"
+   enable-background="new 0 0 758.189 424.276"
+   xml:space="preserve"
+   sodipodi:docname="yp-flow-diagram.svg"
+   inkscape:version="1.4.3 (0d15f75042, 2025-12-25)"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"><defs
+   id="defs86">
+		
+	</defs><sodipodi:namedview
+   id="namedview86"
+   pagecolor="#ffffff"
+   bordercolor="#000000"
+   borderopacity="0.25"
+   inkscape:showpageshadow="2"
+   inkscape:pageopacity="0.0"
+   inkscape:pagecheckerboard="0"
+   inkscape:deskcolor="#d1d1d1"
+   inkscape:zoom="2.8284271"
+   inkscape:cx="296.80807"
+   inkscape:cy="212.83914"
+   inkscape:window-width="1906"
+   inkscape:window-height="934"
+   inkscape:window-x="0"
+   inkscape:window-y="0"
+   inkscape:window-maximized="0"
+   inkscape:current-layer="Layer_1" />
+<g
+   id="g17"
+   transform="matrix(1,0,0,1.0035497,-2.0824824,-11.037238)"><rect
+     style="opacity:1;fill:#00b6de;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11"
+     width="484.25"
+     height="249"
+     x="90"
+     y="112.5" /><rect
+     style="fill:#00b6de;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-8"
+     width="12"
+     height="12"
+     x="507.56818"
+     y="-301.10004"
+     ry="0"
+     transform="rotate(44.313856)" /><rect
+     style="fill:#e6e6e6;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-8-1"
+     width="12"
+     height="12"
+     x="361.46231"
+     y="-89.463524"
+     ry="0"
+     transform="rotate(44.313856)" /><rect
+     style="fill:#e6e6e6;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-8-1-1"
+     width="12"
+     height="12"
+     x="389.40585"
+     y="-60.842598"
+     ry="0"
+     transform="rotate(44.313856)" /><rect
+     style="fill:#e6e6e6;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-8-1-1-0"
+     width="12"
+     height="12"
+     x="416.47607"
+     y="-33.116081"
+     ry="0"
+     transform="rotate(44.313856)" /></g><rect
+   style="fill:#e6e6e6;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+   id="rect11-9"
+   width="87"
+   height="216"
+   x="193.91776"
+   y="119.24599" /><rect
+   style="fill:#e6e6e6;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+   id="rect11-8-1-4"
+   width="12"
+   height="12"
+   x="487.27533"
+   y="-296.15897"
+   ry="0"
+   transform="rotate(44.313856)" /><rect
+   style="fill:#e6e6e6;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+   id="rect11-9-3"
+   width="85.75"
+   height="219.75"
+   x="470.16751"
+   y="119.49599" /><g
+   id="g2"
+   transform="translate(2.3119996,-71.694)">
+	<g
+   id="g1">
+		<polygon
+   fill="#00b6de"
+   points="703.77,340.194 712.852,349.277 721.934,340.194 758.189,340.194 758.189,256.861 723.582,256.861 713.171,267.274 702.758,256.861 628.582,256.861 618.171,267.274 607.758,256.861 561.523,256.861 561.523,340.194 609.104,340.194 618.186,349.277 627.268,340.194 "
+   id="polygon1" />
+	</g>
+</g>
+<g
+   id="g4"
+   transform="translate(2.3119996,-71.694)">
+	<g
+   id="g3">
+		<polygon
+   fill="#e6e6e6"
+   points="712.837,278.274 707.221,272.658 676.557,272.658 676.557,333.657 706.983,333.657 713.055,339.729 719.128,333.657 751.557,333.657 751.557,272.658 718.452,272.658 "
+   id="polygon2" />
+	</g>
+</g>
+<g
+   id="g6"
+   transform="translate(2.3119996,-71.694)">
+	<g
+   id="g5">
+		<polygon
+   fill="#e6e6e6"
+   points="618.171,278.274 611.555,271.658 581.558,271.658 581.558,332.657 611.983,332.657 618.056,338.729 624.128,332.657 656.558,332.657 656.558,271.658 624.786,271.658 "
+   id="polygon4" />
+	</g>
+</g>
+<g
+   id="g8"
+   transform="translate(2.3119996,-71.694)"
+   style="fill:#000080">
+	<g
+   id="g7"
+   style="fill:#000080">
+		<polygon
+   fill="#ed1849"
+   points="722.166,349.277 712.504,358.941 702.84,349.277 670.523,349.277 670.523,424.276 757.523,424.276 757.523,349.277 "
+   id="polygon6"
+   style="fill:#000080" />
+	</g>
+</g>
+<g
+   id="g10"
+   transform="translate(2.3119996,-71.694)"
+   style="fill:#000080">
+	<g
+   id="g9"
+   style="fill:#000080">
+		<polygon
+   fill="#ed1849"
+   points="628.371,348.611 618.043,358.941 607.713,348.611 575.523,348.611 575.523,423.61 662.523,423.61 662.523,348.611 "
+   id="polygon8"
+   style="fill:#000080" />
+	</g>
+</g>
+
+<g
+   id="g14"
+   transform="translate(2.3119996,-71.694)">
+	<g
+   id="g13">
+		<polygon
+   fill="#c1d82f"
+   points="575.428,217.35 575.428,250.526 610.09,250.526 618.171,258.607 626.251,250.526 705.09,250.526 713.171,258.607 721.251,250.526 757.427,250.526 757.427,173.527 575.428,173.527 575.428,199.703 584.252,208.525 "
+   id="polygon12" />
+	</g>
+</g>
+
+
+
+
+
+<g
+   id="g26"
+   transform="translate(0.4155534,-73.944)">
+	<g
+   id="g25">
+		<polygon
+   fill="#4a4a30"
+   points="177.974,133.944 125.111,133.944 118.043,141.013 110.974,133.944 86.834,133.944 86.834,166.944 178.263,166.944 184.834,173.514 191.403,166.944 281.833,166.944 281.833,133.944 258.611,133.944 251.543,141.013 244.474,133.944 192.111,133.944 185.043,141.013 "
+   id="polygon24" />
+	</g>
+</g>
+<g
+   id="g28"
+   transform="matrix(0.93986241,0,0,1,-22.331287,-17.694)">
+	<g
+   id="g27">
+		<polygon
+   fill="#e6e6e6"
+   points="330.188,290.202 330.188,296.444 511.188,296.444 511.188,289.015 517.259,282.942 511.188,276.87 511.188,268.444 330.188,268.444 330.188,277.683 336.447,283.942 "
+   id="polygon26" />
+	</g>
+</g>
+<g
+   id="g30"
+   transform="matrix(0.93986241,0,0,1,-22.331287,-17.694)">
+	<g
+   id="g29">
+		<polygon
+   fill="#e6e6e6"
+   points="330.188,251.536 330.188,257.944 511.188,257.944 511.188,250.515 517.259,244.442 511.188,238.37 511.188,229.944 330.188,229.944 330.188,239.016 336.447,245.276 "
+   id="polygon28" />
+	</g>
+</g>
+<g
+   id="g32"
+   transform="matrix(0.93986241,0,0,1,-22.331287,-17.694)">
+	<g
+   id="g31">
+		<polygon
+   fill="#e6e6e6"
+   points="330.188,211.18 330.188,218.444 511.188,218.444 511.188,211.015 517.259,204.942 511.188,198.87 511.188,190.444 330.188,190.444 330.188,199.372 336.092,205.276 "
+   id="polygon30" />
+	</g>
+</g>
+<g
+   id="g34"
+   transform="translate(-40.188,-71.694)">
+	<g
+   id="g33">
+		<polygon
+   fill="#e6e6e6"
+   points="144.188,342.944 144.188,406.944 225.188,406.944 225.188,381.515 231.259,375.442 225.188,369.37 225.188,342.944 190.445,342.944 184.043,349.348 177.639,342.944 "
+   id="polygon32" />
+	</g>
+</g>
+<g
+   id="g36"
+   transform="translate(-40.188,-71.694)">
+	<g
+   id="g35">
+		<polygon
+   fill="#e6e6e6"
+   points="177.618,330.944 184.188,337.514 190.757,330.944 225.188,330.944 225.188,266.944 190.778,266.944 183.71,274.014 176.64,266.944 144.188,266.944 144.188,330.944 "
+   id="polygon34" />
+	</g>
+</g>
+<g
+   id="g38"
+   transform="translate(-40.188,-71.694)">
+	<g
+   id="g37">
+		<polygon
+   fill="#e6e6e6"
+   points="177.118,254.944 183.688,261.514 190.257,254.944 224.688,254.944 224.688,190.944 191.445,190.944 184.376,198.014 177.306,190.944 143.688,190.944 143.688,254.944 "
+   id="polygon36" />
+	</g>
+</g>
+<g
+   id="g40"
+   transform="matrix(1,0,0,0.86327911,0.062,-77.645148)">
+	<g
+   id="g39">
+		<polygon
+   fill="#4a4a30"
+   points="81.188,221.611 0.188,221.611 0.188,285.61 81.188,285.61 81.188,260.181 87.259,254.109 81.188,248.037 "
+   id="polygon38" />
+	</g>
+</g><g
+   id="g40-0"
+   transform="matrix(1,0,0,0.86327911,0.312,-18.368819)">
+	<g
+   id="g39-6">
+		<polygon
+   fill="#4a4a30"
+   points="87.259,254.109 81.188,248.037 81.188,221.611 0.188,221.611 0.188,285.61 81.188,285.61 81.188,260.181 "
+   id="polygon38-4" />
+	</g>
+</g><g
+   id="g40-0-2"
+   transform="matrix(1,0,0,0.86327911,0.062,40.907511)">
+	<g
+   id="g39-6-5">
+		<polygon
+   fill="#4a4a30"
+   points="87.259,254.109 81.188,248.037 81.188,221.611 0.188,221.611 0.188,285.61 81.188,285.61 81.188,260.181 "
+   id="polygon38-4-8" />
+	</g>
+</g><g
+   id="g40-0-28"
+   transform="matrix(1,0,0,0.86327911,-0.188,100.18384)">
+	<g
+   id="g39-6-4">
+		<polygon
+   fill="#4a4a30"
+   points="81.188,285.61 81.188,260.181 87.259,254.109 81.188,248.037 81.188,221.611 0.188,221.611 0.188,285.61 "
+   id="polygon38-4-7" />
+	</g>
+</g>
+<g
+   id="g42"
+   transform="translate(0.062,-71.944)"
+   style="fill:#ff7f2a">
+	<g
+   id="g41"
+   style="fill:#ff7f2a">
+		<polygon
+   fill="#7e8082"
+   points="178.618,123.944 185.188,130.514 191.757,123.944 215.188,123.944 215.188,71.944 154.188,71.944 154.188,123.944 "
+   id="polygon40"
+   style="fill:#ff7f2a" />
+	</g>
+</g>
+<rect
+   x="126.062"
+   y="75.334"
+   fill="none"
+   width="116.666"
+   height="21.333"
+   id="rect42" />
+<text
+   fill="#ffffff"
+   font-family="MyriadPro-Regular"
+   font-size="12px"
+   id="text42"
+   x="139.47949"
+   y="82.440079"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Source Materials</text>
+<rect
+   x="155.41699"
+   y="10.834001"
+   fill="none"
+   width="58.666"
+   height="40.667"
+   id="rect43" />
+<text
+   id="text44"
+   x="190.00726"
+   y="29.10741"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:49.6985"
+   transform="translate(-5.5244746,-7.8775879)"
+   xml:space="preserve"><tspan
+     x="190.00726"
+     y="29.10741"
+     id="tspan1">Local<tspan
+   y="29.10741"
+   id="tspan2"> </tspan></tspan><tspan
+     x="190.00726"
+     y="42.440787"
+     id="tspan3">Projects</tspan></text>
+<g
+   id="g45"
+   transform="translate(0.062,-71.944)"
+   style="fill:#ff7f2a">
+	<g
+   id="g44"
+   style="fill:#ff7f2a">
+		<polygon
+   fill="#7e8082"
+   points="245.118,123.944 251.688,130.514 258.257,123.944 281.688,123.944 281.688,71.944 220.688,71.944 220.688,123.944 "
+   id="polygon44"
+   style="fill:#ff7f2a" />
+	</g>
+</g>
+<rect
+   x="221.91699"
+   y="7.8340006"
+   fill="none"
+   width="58.666"
+   height="40.667"
+   id="rect45" />
+<text
+   id="text47"
+   x="258.17291"
+   y="26.10741"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:56.5275;fill:#000000"
+   transform="translate(-6.4360358,-3.6326896)"
+   xml:space="preserve"><tspan
+     x="258.17291"
+     y="26.10741"
+     id="tspan4">SCMs<tspan
+   y="26.10741"
+   id="tspan5"> </tspan></tspan><tspan
+     x="258.17291"
+     y="39.440787"
+     id="tspan6">(optional)</tspan></text>
+<g
+   id="g48"
+   transform="translate(0.062,-71.944)"
+   style="fill:#ff7f2a">
+	<g
+   id="g47"
+   style="fill:#ff7f2a">
+		<polygon
+   fill="#7e8082"
+   points="111.618,123.944 118.188,130.514 124.757,123.944 148.188,123.944 148.188,71.944 87.188,71.944 87.188,123.944 "
+   id="polygon47"
+   style="fill:#ff7f2a" />
+	</g>
+</g>
+<rect
+   x="88.417007"
+   y="10.834001"
+   fill="none"
+   width="58.666"
+   height="40.667"
+   id="rect48" />
+<text
+   id="text49"
+   x="125.51399"
+   y="29.10741"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:64.823"
+   transform="translate(-8.2169997,-13.75401)"
+   xml:space="preserve"><tspan
+     x="125.51399"
+     y="29.10741"
+     id="tspan7">Upstream<tspan
+   y="29.10741"
+   id="tspan8"> </tspan></tspan><tspan
+     x="125.51399"
+     y="42.440787"
+     id="tspan9">Project<tspan
+   y="42.440787"
+   id="tspan10"> </tspan></tspan><tspan
+     x="125.51399"
+     y="55.774165"
+     id="tspan11">Releases</tspan></text>
+<rect
+   x="115.167"
+   y="137.084"
+   fill="none"
+   width="58.666"
+   height="40.667"
+   id="rect49" />
+<text
+   id="text51"
+   x="128.34723"
+   y="147.37112"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"><tspan
+     x="128.34723"
+     y="147.37112"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan50"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Source </tspan><tspan
+     x="123.54125"
+     y="161.77113"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan51"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Fetching</tspan></text>
+<rect
+   x="115.167"
+   y="215.08401"
+   fill="none"
+   width="58.666"
+   height="40.666"
+   id="rect51" />
+<text
+   id="text53"
+   x="131.82678"
+   y="224.31099"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"><tspan
+     x="131.82678"
+     y="224.31099"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan52"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Patch </tspan><tspan
+     x="117.00081"
+     y="238.70999"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan53"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Application</tspan></text>
+<rect
+   x="107.167"
+   y="279.08401"
+   fill="none"
+   width="74.166"
+   height="69.237"
+   id="rect53" />
+<text
+   id="text57"
+   x="149.00055"
+   y="297.35791"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:74.8743"
+   transform="translate(-3.496696,4.953096)"
+   xml:space="preserve"><tspan
+     x="149.00055"
+     y="297.35791"
+     id="tspan12">Configuration /<tspan
+   y="297.35791"
+   id="tspan13"> </tspan></tspan><tspan
+     x="149.00055"
+     y="310.69127"
+     id="tspan14">Compile</tspan></text>
+<rect
+   x="201.16699"
+   y="184.084"
+   fill="none"
+   width="74.166"
+   height="89.237"
+   id="rect57" />
+<text
+   id="text63"
+   x="221.86859"
+   y="192.60429"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"><tspan
+     x="221.86859"
+     y="192.60429"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan58"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Output </tspan><tspan
+     x="211.42859"
+     y="207.0043"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan59"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Analysis for </tspan><tspan
+     x="218.94058"
+     y="221.4043"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan60"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">package </tspan><tspan
+     x="207.54759"
+     y="235.80429"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan61"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">splitting plus </tspan><tspan
+     x="218.94058"
+     y="250.2043"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan62"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">package </tspan><tspan
+     x="207.81059"
+     y="264.60431"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan63"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">relationships</tspan></text><text
+   id="text63-1"
+   x="555.48315"
+   y="202.90402"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:31.0495"
+   transform="translate(-42.334211,23.629617)"
+   xml:space="preserve"><tspan
+     x="555.48315"
+     y="202.90402"
+     id="tspan15">QA<tspan
+   y="202.90402"
+   id="tspan16"> </tspan></tspan><tspan
+     x="555.48315"
+     y="216.2374"
+     id="tspan18">Tests</tspan></text>
+<rect
+   x="319.146"
+   y="127.084"
+   fill="none"
+   width="116.666"
+   height="21.333"
+   id="rect63" />
+<text
+   font-family="MyriadPro-Regular"
+   font-size="12px"
+   id="text64"
+   x="335.19238"
+   y="189.60429"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">.rpm generation</text>
+<rect
+   x="319.146"
+   y="166.584"
+   fill="none"
+   width="116.666"
+   height="21.333"
+   id="rect64" />
+<text
+   font-family="MyriadPro-Regular"
+   font-size="12px"
+   id="text65"
+   x="335.76849"
+   y="229.10429"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">.deb generation</text>
+<rect
+   x="319.146"
+   y="205.08401"
+   fill="none"
+   width="116.666"
+   height="21.333"
+   id="rect65" />
+<text
+   font-family="MyriadPro-Regular"
+   font-size="12px"
+   id="text66"
+   x="337.9404"
+   y="267.60391"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">.ipk generation</text>
+<rect
+   x="296.16699"
+   y="307.08401"
+   fill="none"
+   width="77.166"
+   height="30.237"
+   id="rect66" />
+
+<rect
+   x="299.66699"
+   y="261.08401"
+   fill="none"
+   width="71.853996"
+   height="33.664001"
+   id="rect67" />
+
+<rect
+   x="395.97998"
+   y="261.08401"
+   fill="none"
+   width="71.853996"
+   height="33.664001"
+   id="rect69" />
+
+<rect
+   x="390.66699"
+   y="307.08401"
+   fill="none"
+   width="77.166"
+   height="30.237"
+   id="rect71" />
+
+<rect
+   y="133"
+   fill="none"
+   width="81.666"
+   height="39.334"
+   id="rect73"
+   x="0.061999973" />
+<text
+   id="text75"
+   x="64.610138"
+   y="186.94585"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:66.7773"
+   transform="translate(-23.458902,-49.50401)"
+   xml:space="preserve"><tspan
+     x="64.610138"
+     y="186.94585"
+     id="tspan20"><tspan
+   style="fill:#ffffff"
+   id="tspan19">User</tspan>
+</tspan><tspan
+     x="64.610138"
+     y="200.27922"
+     id="tspan22"><tspan
+       style="fill:#ffffff"
+       id="tspan21">Configuration</tspan></tspan></text><text
+   id="text75-4"
+   x="64.610138"
+   y="186.94585"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:66.7773"
+   transform="translate(-24.603766,70.32617)"
+   xml:space="preserve"><tspan
+     x="64.610138"
+     y="186.94585"
+     id="tspan24"><tspan
+   style="fill:#ffffff"
+   id="tspan23">Machine BSP</tspan>
+</tspan><tspan
+     x="64.610138"
+     y="200.27922"
+     id="tspan26"><tspan
+       style="fill:#ffffff"
+       id="tspan25">Configuration</tspan></tspan></text><text
+   id="text75-4-6"
+   x="64.610138"
+   y="186.94585"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:66.7773"
+   transform="translate(-25.353766,128.82617)"
+   xml:space="preserve"><tspan
+     x="64.610138"
+     y="186.94585"
+     id="tspan28"><tspan
+   style="fill:#ffffff"
+   id="tspan27">Policy</tspan>
+</tspan><tspan
+     x="64.610138"
+     y="200.27922"
+     id="tspan30"><tspan
+       style="fill:#ffffff"
+       id="tspan29">Configuration</tspan></tspan></text>
+
+<rect
+   y="211.16798"
+   fill="none"
+   width="81.666"
+   height="39.333"
+   id="rect76"
+   x="0.061999973" />
+<text
+   id="text78"
+   x="70.02713"
+   y="265.4418"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:89.4625"
+   transform="translate(-28.848315,-69.549143)"
+   xml:space="preserve"><tspan
+     x="70.02713"
+     y="265.4418"
+     id="tspan32"><tspan
+       style="fill:#ffffff"
+       id="tspan31">Metadata
+</tspan></tspan><tspan
+     x="70.02713"
+     y="278.77516"
+     id="tspan34"><tspan
+       style="fill:#ffffff"
+       id="tspan33">(.bb + patches)</tspan></tspan></text>
+<rect
+   x="612.83502"
+   y="131.418"
+   fill="none"
+   width="112.186"
+   height="20.163"
+   id="rect78" />
+<text
+   font-family="MyriadPro-Regular"
+   font-size="12px"
+   id="text79"
+   x="629.87451"
+   y="142.68779"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Package Feeds</text>
+<rect
+   x="579.98102"
+   y="306.25101"
+   fill="none"
+   width="81.666"
+   height="39.332001"
+   id="rect79" />
+<text
+   fill="#ffffff"
+   font-family="MyriadPro-Regular"
+   font-size="12px"
+   id="text80"
+   x="604.24854"
+   y="319.7699"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Images</text>
+<rect
+   x="584.14703"
+   y="216.08499"
+   fill="none"
+   width="71.853996"
+   height="33.664001"
+   id="rect80" />
+<text
+   id="text81"
+   x="606.88434"
+   y="227.1058"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"><tspan
+     x="606.88434"
+     y="227.1058"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan80"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Image </tspan><tspan
+     x="594.48834"
+     y="241.50479"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan81"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Generation</tspan></text>
+<rect
+   x="678.83301"
+   y="215.08499"
+   fill="none"
+   width="77.166"
+   height="30.237"
+   id="rect81" />
+<text
+   id="text83"
+   x="708.21045"
+   y="228.6058"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"><tspan
+     x="708.21045"
+     y="228.6058"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan82"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">SDK </tspan><tspan
+     x="690.33142"
+     y="243.00479"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan83"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Generation</tspan></text>
+<rect
+   x="379.06299"
+   y="86.834"
+   fill="none"
+   width="199.03999"
+   height="21.164"
+   id="rect83" />
+<text
+   fill="#333333"
+   font-family="MyriadPro-Regular"
+   font-size="12px"
+   id="text84"
+   x="426.28253"
+   y="26.005543"
+   style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:12px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#333333">OpenEmbedded Architecture Workflow</text><g
+   id="g18"
+   transform="translate(-10.254525,-9.75401)"><rect
+     style="fill:#00b6de;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-5"
+     width="10"
+     height="9.9646282"
+     x="442.00568"
+     y="76.711205"
+     transform="matrix(1,0,0,1.0035497,0,-1.2832284)" /><text
+     fill="#333333"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="text84-6"
+     x="456.48013"
+     y="84.126945"
+     style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:12px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#333333"><tspan
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:9.33333px;font-family:Sans;-inkscape-font-specification:'Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"
+       id="tspan17">Build System</tspan></text></g><g
+   id="g18-4"
+   transform="translate(-10.254525,-25.970712)"><rect
+     style="fill:#4a4a30;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-5-8"
+     width="10"
+     height="9.9646282"
+     x="442.00568"
+     y="76.711205"
+     transform="matrix(1,0,0,1.0035497,0,-1.2832284)" /><text
+     fill="#333333"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="text84-6-0"
+     x="456.48013"
+     y="84.126945"
+     style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:12px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#333333"><tspan
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:9.33333px;font-family:Sans;-inkscape-font-specification:'Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"
+       id="tspan17-4">Metadata/Inputs</tspan></text></g><g
+   id="g18-4-9"
+   transform="translate(-10.254525,-42.187414)"><rect
+     style="fill:#ff7f2a;fill-opacity:1;stroke:#ff631a;stroke-width:0.49911493;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-5-8-6"
+     width="10"
+     height="9.9646282"
+     x="442.00568"
+     y="76.711205"
+     transform="matrix(1,0,0,1.0035497,0,-1.2832284)" /><text
+     fill="#333333"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="text84-6-0-1"
+     x="456.48013"
+     y="84.126945"
+     style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:12px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#333333"><tspan
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:9.33333px;font-family:Sans;-inkscape-font-specification:'Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"
+       id="tspan17-4-0">Upstream Source</tspan></text></g><g
+   id="g18-4-9-2"
+   transform="translate(101.50803,-40.934366)"><rect
+     style="fill:#c1d82f;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-5-8-6-2"
+     width="10"
+     height="9.9646282"
+     x="442.00568"
+     y="76.711205"
+     transform="matrix(1,0,0,1.0035497,0,-1.2832284)" /><text
+     fill="#333333"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="text84-6-0-1-2"
+     x="456.48013"
+     y="84.126945"
+     style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:12px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#333333"><tspan
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:9.33333px;font-family:Sans;-inkscape-font-specification:'Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"
+       id="tspan17-4-0-0">Output Packages</tspan></text></g><g
+   id="g18-4-9-2-5"
+   transform="translate(101.50803,-24.709046)"><rect
+     style="fill:#e6e6e6;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-5-8-6-2-2"
+     width="10"
+     height="9.9646282"
+     x="442.00568"
+     y="76.711205"
+     transform="matrix(1,0,0,1.0035497,0,-1.2832284)" /><text
+     fill="#333333"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="text84-6-0-1-2-9"
+     x="456.48013"
+     y="84.126945"
+     style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:12px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#333333"><tspan
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:9.33333px;font-family:Sans;-inkscape-font-specification:'Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"
+       id="tspan17-4-0-0-0">Process steps (tasks)</tspan></text></g><g
+   id="g18-4-9-2-5-8"
+   transform="translate(101.50803,-8.4837252)"><rect
+     style="fill:#000080;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-5-8-6-2-2-3"
+     width="10"
+     height="9.9646282"
+     x="442.00568"
+     y="76.711205"
+     transform="matrix(1,0,0,1.0035497,0,-1.2832284)" /><text
+     fill="#333333"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="text84-6-0-1-2-9-8"
+     x="456.48013"
+     y="84.126945"
+     style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:12px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#333333"><tspan
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:9.33333px;font-family:Sans;-inkscape-font-specification:'Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"
+       id="tspan17-4-0-0-0-0">Output Imaga Data</tspan></text></g>
+
+
+<rect
+   x="675.64801"
+   y="304.91699"
+   fill="none"
+   width="81.666"
+   height="39.332001"
+   id="rect85" />
+<text
+   id="text86"
+   x="720.58508"
+   y="322.93991"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:65.518"
+   transform="translate(-2.5824824,-12.25401)"
+   xml:space="preserve"><tspan
+     x="720.58508"
+     y="322.93991"
+     id="tspan36"><tspan
+   style="fill:#ffffff"
+   id="tspan35">Application</tspan><tspan
+   y="322.93991"
+   id="tspan37"> </tspan></tspan><tspan
+     x="720.58508"
+     y="336.27327"
+     id="tspan39"><tspan
+   style="fill:#ffffff"
+   id="tspan38">Development</tspan><tspan
+   y="336.27327"
+   id="tspan40"> </tspan></tspan><tspan
+     x="720.58508"
+     y="349.60665"
+     id="tspan42"><tspan
+       style="fill:#ffffff"
+       id="tspan41">SDK</tspan></tspan></text>
+</svg>

documentation/overview-manual/yp-intro.rst

@@ -44,7 +44,7 @@ Here are features and advantages of the Yocto Project:
    system, software, and service vendors adopt and support the Yocto
    Project in their products and services. For a look at the Yocto
    Project community and the companies involved with the Yocto Project,
-   see the "COMMUNITY" and "ECOSYSTEM" tabs on the
+   see the "COMMUNITY" and "ABOUT" tabs on the
    :yocto_home:`Yocto Project <>` home page.
 
 -  *Architecture Agnostic:* Yocto Project supports Intel, ARM, MIPS,
@@ -60,10 +60,9 @@ Here are features and advantages of the Yocto Project:
    move between architectures without moving to new development
    environments. Additionally, if you have used the Yocto Project to
    create an image or application and you find yourself not able to
-   support it, commercial Linux vendors such as Wind River, Mentor
-   Graphics, Timesys, and ENEA could take it and provide ongoing
-   support. These vendors have offerings that are built using the Yocto
-   Project.
+   support it, commercial Linux vendors listed on :yocto_home:`/members/` and
+   :yocto_home:`/about/participants/` could take it and provide ongoing
+   support.
 
 -  *Flexibility:* Corporations use the Yocto Project many different
    ways. One example is to create an internal Linux distribution as a
@@ -735,7 +734,7 @@ The :term:`OpenEmbedded Build System` uses a "workflow" to
 accomplish image and SDK generation. The following figure overviews that
 workflow:
 
-.. image:: figures/YP-flow-diagram.png
+.. image:: svg/yp-flow-diagram.*
     :width: 100%
 
 Here is a brief summary of the "workflow":
@@ -761,7 +760,8 @@ Here is a brief summary of the "workflow":
    package feed that is used to create the final root file image.
 
 #. The build system generates the file system image and a customized
-   Extensible SDK (eSDK) for application development in parallel.
+   :doc:`SDK </sdk-manual/index>` (Software Development Kit) for application
+   development in parallel.
 
 For a very detailed look at this workflow, see the
 ":ref:`overview-manual/concepts:openembedded build system concepts`" section.

documentation/ref-manual/classes.rst

@@ -1248,6 +1248,53 @@ The :ref:`ref-classes-image_types` class also handles conversion and compression
    :term:`IMAGE_FSTYPES`. This would also be similar for Virtual Box Virtual Disk
    Image ("vdi") and QEMU Copy On Write Version 2 ("qcow2") images.
 
+.. _ref-classes-image-container:
+
+``image-container``
+===================
+
+The :ref:`ref-classes-image-container` class is automatically inherited in
+:doc:`image </ref-manual/images>` recipes that have the ``container`` image type
+in :term:`IMAGE_FSTYPES`. It provides relevant settings to generate an image
+ready for use with an :wikipedia:`OCI <Open_Container_Initiative>`-compliant
+container management tool, such as :wikipedia:`Podman <Podman>` or
+:wikipedia:`Docker <Docker_(software)>`.
+
+.. note::
+
+   This class neither builds nor installs container management tools on the
+   target. Those tools are available in the :yocto_git:`meta-virtualization
+   </meta-virtualization>` layer.
+
+You should set the :term:`PREFERRED_PROVIDER` for the Linux kernel to
+``linux-dummy`` in a :term:`configuration file`::
+
+   PREFERRED_PROVIDER_virtual/kernel = "linux-dummy"
+
+Otherwise an error is triggered. If desired, the
+:term:`IMAGE_CONTAINER_NO_DUMMY` variable can be set to "1" to avoid triggering
+this error.
+
+The ``linux-dummy`` recipe acts as a Linux kernel recipe but builds nothing. It
+is relevant to use as the preferred Linux kernel provider in this case as a
+container image does not need to include a Linux kernel. Selecting it as the
+preferred provider for the kernel will also decrease build time.
+
+Using this class only deploys an additional ``tar.bz2`` archive to
+:term:`DEPLOY_DIR_IMAGE`. This archive can be used in a container file (a file
+typically named ``Dockerfile`` or ``Containerfile``). For example, to be used with
+:wikipedia:`Podman <Podman>` or :wikipedia:`Docker <Docker_(software)>`, the
+`container file <https://docs.docker.com/reference/dockerfile/>`__ could contain
+the following instructions:
+
+.. code-block:: dockerfile
+
+   FROM scratch
+   ADD ./image-container-qemux86-64.rootfs.tar.bz2 /
+   ENTRYPOINT /bin/sh
+
+This is suitable to build a container using our generated root filesystem image.
+
 .. _ref-classes-image-live:
 
 ``image-live``

documentation/ref-manual/release-process.rst

@@ -45,6 +45,45 @@ release process validates the content of the new branch.
    Realize that there can be patches merged onto the stable release
    branches as and when they become available.
 
+.. _ref-yp-development-cycle:
+
+Development Cycle
+=================
+
+As explained in the previous :ref:`ref-manual/release-process:Major and Minor
+Release Cadence` section, a new release comes out every six months.
+
+During this six-months period of time, the Yocto Project releases four
+"Milestone" releases which represent distinct points of time. The milestone
+releases are tested through the :ref:`ref-manual/release-process:Testing and
+Quality Assurance` process and helps spotting issues before the actual release
+is out.
+
+The time span between milestone releases can vary, but they are in general
+evenly spaced out during this six-months period of time.
+
+These milestone releases are tagged with a capital "M" after the future release
+tag name. For example, the milestone tags "&DISTRO_RELEASE_SERIES;M1",
+"&DISTRO_RELEASE_SERIES;M2", and "&DISTRO_RELEASE_SERIES;M3" are released before
+the actual "&DISTRO_RELEASE_SERIES;" release.
+
+.. note::
+
+   The fourth milestone (M4) is not actually released and announced, but
+   represents a point of time for the Quality Assurance team to start the
+   :ref:`ref-manual/release-process:Testing and Quality Assurance` process
+   before tagging and delivering the final release.
+
+After the third milestone release (M3), the Yocto Project enters **Feature
+Freeze**. This means that the maintainers of :term:`OpenEmbedded-Core
+(OE-Core)`, :term:`BitBake` and other core repositories stop accepting
+significant changes on the "master" branch. Changes that may be accepted are
+minor upgrades to core components and security/bug fixes.
+
+During feature freeze, a new branch is created and maintained separately to
+test new features and enhancements received from contributors, but these changes
+will only make it to the master branch after the release is out.
+
 Major Release Codenames
 =======================
 

documentation/ref-manual/svg/releases.svg

@@ -608,7 +608,7 @@
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
          id="tspan10317-2-9-1-4">4.2</tspan></text>
     <rect
-       style="opacity:1;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
+       style="opacity:0.5;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
        id="rect917-0-0-4-4-9-4-5-3-9-2-3-6"
        width="140"
        height="45.000004"
@@ -632,7 +632,7 @@
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
          id="tspan10317-2-9-1-4-6-5-6">5.1</tspan></text>
     <rect
-       style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
+       style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1;opacity:0.5"
        id="rect917-0-0-4-4-9-4-5-3-9-2-3-6-2"
        width="140"
        height="45.000004"
@@ -656,26 +656,26 @@
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
          id="tspan10317-2-9-1-4-6-5-6-9">5.2</tspan></text>
     <rect
-       style="opacity:0.75;fill:#251f32;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
+       style="opacity:1;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
        id="rect917-0-0-4-4-9-4-5-3-9-2-3-67"
        width="140"
        height="45.000004"
-       x="1163.6425"
+       x="1223.8723"
        y="-382.27469"
        ry="2.2558987" />
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="1214.9716"
+       x="1275.2014"
        y="-363.89413"
        id="text1185-3-55-4-0-0-0-1-1-6-4-3-53"><tspan
          sodipodi:role="line"
-         x="1214.9716"
+         x="1275.2014"
          y="-363.89413"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
          id="tspan957-2-8-6-3-9-7-4-2-0-5-5">Whinlatter</tspan><tspan
          sodipodi:role="line"
-         x="1214.9716"
+         x="1275.2014"
          y="-345.89746"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
          id="tspan10317-2-9-1-4-6-5-6-6-6">5.3</tspan></text>
@@ -1847,7 +1847,7 @@
          x="2128.7158"
          y="-7.6722765"
          style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans';text-align:center;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none"
-         id="tspan10317-2-9-1-4-6-5-6-6-5-9-7">Current (Apr. 25)</tspan></text>
+         id="tspan10317-2-9-1-4-6-5-6-6-5-9-7">Current (Dec. 25)</tspan></text>
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"

documentation/ref-manual/variables.rst

@@ -1463,6 +1463,12 @@ system and gives an overview of their function and contents.
       :term:`CCACHE_DISABLE` variable can be set to "1" in a recipe to disable
       `Ccache` support. This is useful when the recipe is known to not support it.
 
+   :term:`CCACHE_TOP_DIR`
+      When inheriting the :ref:`ref-classes-ccache` class, the
+      :term:`CCACHE_TOP_DIR` variable can be set to the location of where
+      `Ccache` stores its cache files. This directory can be shared between
+      builds.
+
    :term:`CCLD`
       The minimal command and arguments used to run the linker when the C
       compiler is being used as the linker.
@@ -3837,6 +3843,24 @@ system and gives an overview of their function and contents.
       variable, see the :ref:`ref-classes-image_types`
       class file, which is ``meta/classes-recipe/image_types.bbclass``.
 
+   :term:`IMAGE_CONTAINER_NO_DUMMY`
+      When an image recipe has the ``container`` image type in
+      :term:`IMAGE_FSTYPES`, it expects the :term:`PREFERRED_PROVIDER` for
+      the Linux kernel (``virtual/kernel``) to be set to ``linux-dummy`` from a
+      :term:`configuration file`. Otherwise, an error is triggered.
+
+      When set to "1", the :term:`IMAGE_CONTAINER_NO_DUMMY` variable allows the
+      :term:`PREFERRED_PROVIDER` variable to be set to another value, thus
+      skipping the check and not triggering the build error. Any other value
+      will keep the check.
+
+      This variable should be set from the image recipe using the ``container``
+      image type.
+
+      See the documentation of the :ref:`ref-classes-image-container` class for
+      more information on why setting the :term:`PREFERRED_PROVIDER` to
+      ``linux-dummy`` is advised with this class.
+
    :term:`IMAGE_DEVICE_TABLES`
       Specifies one or more files that contain custom device tables that
       are passed to the ``makedevs`` command as part of creating an image.

documentation/sdk-manual/appendix-customizing.rst

@@ -147,7 +147,9 @@ from the :term:`DISTRO` variable.
 The
 :ref:`populate_sdk_base <ref-classes-populate-sdk-*>`
 class defines the default value of the :term:`SDK_TITLE` variable as
-follows::
+follows:
+
+.. code-block:: none
 
    SDK_TITLE ??= "${@d.getVar('DISTRO_NAME') or d.getVar('DISTRO')} SDK"
 
@@ -159,7 +161,9 @@ an example, assume you have your own layer for your distribution named
 does the default "poky" distribution. If so, you could update the
 :term:`SDK_TITLE` variable in the
 ``~/meta-mydistro/conf/distro/mydistro.conf`` file using the following
-form::
+form:
+
+.. code-block:: none
 
    SDK_TITLE = "your_title"
 
@@ -189,7 +193,9 @@ the installed SDKs to update the installed SDKs by using the
 #. Build the extensible SDK normally (i.e., use the
    ``bitbake -c populate_sdk_ext`` imagename command).
 
-#. Publish the SDK using the following command::
+#. Publish the SDK using the following command:
+
+   .. code-block:: console
 
       $ oe-publish-sdk some_path/sdk-installer.sh path_to_shared_http_directory
 
@@ -212,7 +218,9 @@ installation directory for the SDK is based on the
 :term:`SDKEXTPATH` variables from
 within the
 :ref:`populate_sdk_base <ref-classes-populate-sdk-*>`
-class as follows::
+class as follows:
+
+.. code-block:: none
 
    SDKEXTPATH ??= "~/${@d.getVar('DISTRO')}_sdk"
 
@@ -229,7 +237,9 @@ assume you have your own layer for your distribution named
 does the default "poky" distribution. If so, you could update the
 :term:`SDKEXTPATH` variable in the
 ``~/meta-mydistro/conf/distro/mydistro.conf`` file using the following
-form::
+form:
+
+.. code-block:: none
 
    SDKEXTPATH = "some_path_for_your_installed_sdk"
 
@@ -263,7 +273,9 @@ source, you need to do a number of things:
 
 #. Set the appropriate configuration so that the produced SDK knows how
    to find the configuration. The variable you need to set is
-   :term:`SSTATE_MIRRORS`::
+   :term:`SSTATE_MIRRORS`:
+
+   .. code-block:: none
 
       SSTATE_MIRRORS = "file://.* https://example.com/some_path/sstate-cache/PATH"
 
@@ -276,7 +288,9 @@ source, you need to do a number of things:
       side, and its contents will not interfere with the build), then
       you can set the variable in your ``local.conf`` or custom distro
       configuration file. You can then pass the variable to the SDK by
-      adding the following::
+      adding the following:
+
+      .. code-block:: none
 
          ESDK_LOCALCONF_ALLOW = "SSTATE_MIRRORS"
 
@@ -299,7 +313,9 @@ everything needed to reconstruct the image for which the SDK was built.
 This bundling can lead to an SDK installer file that is a Gigabyte or
 more in size. If the size of this file causes a problem, you can build
 an SDK that has just enough in it to install and provide access to the
-``devtool command`` by setting the following in your configuration::
+``devtool command`` by setting the following in your configuration:
+
+.. code-block:: none
 
    SDK_EXT_TYPE = "minimal"
 
@@ -321,7 +337,9 @@ information enables the ``devtool search`` command to return useful
 results.
 
 To facilitate this wider range of information, you would need to set the
-following::
+following:
+
+.. code-block:: none
 
    SDK_INCLUDE_PKGDATA = "1"
 

documentation/sdk-manual/appendix-obtain.rst

@@ -40,15 +40,20 @@ Follow these steps to locate and hand-install the toolchain:
    hardware, and image type.
 
    The installer files (``*.sh``) follow this naming convention:
-   ``poky-glibc-host_system-core-image-type-arch-toolchain[-ext]-release.sh``:
 
-   -  ``host_system``: string representing your development system: ``i686`` or ``x86_64``
+   .. parsed-literal::
 
-   -  ``type``: string representing the image: ``sato`` or ``minimal``
+      poky-glibc-*host_system*-core-image-*type*-*arch*-toolchain[-ext]-*release*.sh
 
-   -  ``arch``: string representing the target architecture such as ``cortexa57-qemuarm64``
+   With:
 
-   -  ``release``: version of the Yocto Project.
+   -  *host_system*: string representing your development system: ``i686`` or ``x86_64``
+
+   -  *type*: string representing the image: ``sato`` or ``minimal``
+
+   -  *arch*: string representing the target architecture such as ``cortexa57-qemuarm64``
+
+   -  *release*: version of the Yocto Project.
 
    .. note::
       The standard SDK installer does not have the ``-ext`` string as
@@ -61,13 +66,17 @@ Follow these steps to locate and hand-install the toolchain:
 
    For example, if your build host is a 64-bit x86 system and you need
    an extended SDK for a 64-bit core2 QEMU target, go into the ``x86_64``
-   folder and download the following installer::
+   folder and download the following installer:
+
+   .. code-block:: text
 
       poky-glibc-x86_64-core-image-sato-core2-64-qemux86-64-toolchain-&DISTRO;.sh
 
 #. *Run the Installer:* Be sure you have execution privileges and run
    the installer. Here is an example from the ``Downloads``
-   directory::
+   directory:
+
+   .. code-block:: console
 
       $ ~/Downloads/poky-glibc-x86_64-core-image-sato-core2-64-qemux86-64-toolchain-&DISTRO;.sh
 
@@ -104,7 +113,9 @@ build the SDK installer. Follow these steps:
    the Source Directory (i.e. ``poky``), run the
    :ref:`structure-core-script` environment
    setup script to define the OpenEmbedded build environment on your
-   build host::
+   build host:
+
+   .. code-block:: console
 
       $ source oe-init-build-env
 
@@ -130,7 +141,9 @@ build the SDK installer. Follow these steps:
       :term:`SDKMACHINE` value must be set for the architecture of the
       machine you are using to build the installer. If :term:`SDKMACHINE`
       is not set appropriately, the build fails and provides an error
-      message similar to the following::
+      message similar to the following:
+
+      .. code-block:: text
 
          The extensible SDK can currently only be built for the same
          architecture as the machine being built on - SDK_ARCH
@@ -141,11 +154,15 @@ build the SDK installer. Follow these steps:
 
 #. *Build the SDK Installer:* To build the SDK installer for a standard
    SDK and populate the SDK image, use the following command form. Be
-   sure to replace ``image`` with an image (e.g. "core-image-sato")::
+   sure to replace ``image`` with an image (e.g. "core-image-sato"):
+
+   .. code-block:: console
 
       $ bitbake image -c populate_sdk
 
-   You can do the same for the extensible SDK using this command form::
+   You can do the same for the extensible SDK using this command form:
+
+   .. code-block:: console
 
       $ bitbake image -c populate_sdk_ext
 
@@ -170,7 +187,9 @@ build the SDK installer. Follow these steps:
          libc-staticdev"
 
 #. *Run the Installer:* You can now run the SDK installer from
-   ``tmp/deploy/sdk`` in the :term:`Build Directory`. Here is an example::
+   ``tmp/deploy/sdk`` in the :term:`Build Directory`. Here is an example:
+
+   .. code-block:: console
 
       $ cd poky/build/tmp/deploy/sdk
       $ ./poky-glibc-x86_64-core-image-sato-core2-64-toolchain-ext-&DISTRO;.sh
@@ -209,14 +228,19 @@ Follow these steps to extract the root filesystem:
    also contain flattened root filesystem image files (``*.ext4``),
    which you can use with QEMU directly.
 
-   The pre-built root filesystem image files follow the
-   ``core-image-profile-machine.tar.bz2`` naming convention:
+   The pre-built root filesystem image files follow this naming convention:
 
-   -  ``profile``: filesystem image's profile, such as ``minimal``,
+   .. parsed-literal::
+
+      core-image-*profile*-*machine*.tar.bz2
+
+   With:
+
+   -  *profile*: filesystem image's profile, such as ``minimal``,
       ``minimal-dev`` or ``sato``. For information on these types of image
       profiles, see the "Images" chapter in the Yocto Project Reference Manual.
 
-   -  ``machine``:  same string as the name of the parent download directory.
+   -  *machine*:  same string as the name of the parent download directory.
 
    The root filesystems
    provided by the Yocto Project are based off of the
@@ -224,7 +248,9 @@ Follow these steps to extract the root filesystem:
 
    For example, if you plan on using a BeagleBone device as your target
    hardware and your image is a ``core-image-sato-sdk`` image, you can
-   download the following file::
+   download the following file:
+
+   .. code-block:: text
 
       core-image-sato-sdk-beaglebone-yocto.tar.bz2
 
@@ -236,7 +262,9 @@ Follow these steps to extract the root filesystem:
    installed the toolchain (e.g. ``poky_sdk``).
 
    Here is an example based on the toolchain installed in the
-   ":ref:`sdk-manual/appendix-obtain:locating pre-built sdk installers`" section::
+   ":ref:`sdk-manual/appendix-obtain:locating pre-built sdk installers`" section:
+
+   .. code-block:: console
 
       $ source poky_sdk/environment-setup-core2-64-poky-linux
 
@@ -247,7 +275,9 @@ Follow these steps to extract the root filesystem:
    from a previously built root filesystem image that was downloaded
    from the :yocto_dl:`Index of Releases </releases/yocto/&DISTRO_REL_LATEST_TAG;/machines/>`.
    This command extracts the root filesystem into the ``core2-64-sato``
-   directory::
+   directory:
+
+   .. code-block:: console
 
       $ runqemu-extract-sdk ~/Downloads/core-image-sato-sdk-beaglebone-yocto.tar.bz2 ~/beaglebone-sato
 
@@ -256,24 +286,52 @@ Follow these steps to extract the root filesystem:
 Installed Standard SDK Directory Structure
 ==========================================
 
-The following figure shows the resulting directory structure after you
-install the Standard SDK by running the ``*.sh`` SDK installation
-script:
+After you install the Standard SDK by running the ``*.sh`` SDK installation
+script, the following directory structure should be observed:
 
-.. image:: figures/sdk-installed-standard-sdk-directory.png
-   :scale: 100%
+.. parsed-literal::
+
+   *install_dir*/*version*/
+   ├── buildinfo
+   ├── environment-setup-*target*-poky-linux
+   ├── site-config-*target*-poky-linux
+   ├── sysroots/
+   │   ├── *target*-poky-linux/
+   │   │   ├── bin/
+   │   │   ├── boot/
+   │   │   ├── etc/
+   │   │   ├── home/
+   │   │   ├── lib/
+   │   │   ├── media/
+   │   │   ├── mnt/
+   │   │   ├── proc/
+   │   │   ├── run/
+   │   │   ├── sbin/
+   │   │   ├── sys/
+   │   │   ├── tmp/
+   │   │   ├── usr/
+   │   │   └── var/
+   │   └── *host*-pokysdk-linux/
+   │       ├── bin/
+   │       ├── environment-setup.d/
+   │       ├── etc/
+   │       ├── lib/
+   │       ├── sbin/
+   │       ├── usr/
+   │       └── var/
+   └── version-*target*-poky-linux
 
 The installed SDK consists of an environment setup script for the SDK, a
 configuration file for the target, a version file for the target, and
 the root filesystem (``sysroots``) needed to develop objects for the
 target system.
 
-Within the figure, italicized text is used to indicate replaceable
-portions of the file or directory name. For example, install_dir/version
-is the directory where the SDK is installed. By default, this directory
-is ``/opt/poky/``. And, version represents the specific snapshot of the
-SDK (e.g. &DISTRO;). Furthermore, target represents the target architecture
-(e.g. ``i586``) and host represents the development system's
+In the layout above, italicized text is used to indicate replaceable
+portions of the file or directory name. For example, *install_dir*/*version*
+is the directory where the SDK is installed. By default, *install_dir*
+is ``/opt/poky/``. And, *version* represents the specific snapshot of the
+SDK (e.g. &DISTRO;). Furthermore, *target* represents the target architecture
+(e.g. ``i586``) and *host* represents the development system's
 architecture (e.g. ``x86_64``). Thus, the complete names of the two
 directories within the ``sysroots`` could be ``i586-poky-linux`` and
 ``x86_64-pokysdk-linux`` for the target and host, respectively.
@@ -281,13 +339,29 @@ directories within the ``sysroots`` could be ``i586-poky-linux`` and
 Installed Extensible SDK Directory Structure
 ============================================
 
-The following figure shows the resulting directory structure after you
-install the Extensible SDK by running the ``*.sh`` SDK installation
-script:
+After you install the Extensible SDK by running the ``*.sh`` SDK installation
+script, the following directory structure should be observed:
 
-.. image:: figures/sdk-installed-extensible-sdk-directory.png
-   :scale: 80%
-   :align: center
+.. parsed-literal::
+
+   *install_dir*/
+   ├── bitbake-cookerdaemon.log
+   ├── buildinfo
+   ├── buildtools/
+   ├── cache/
+   ├── conf/
+   ├── .devtoolbase
+   ├── downloads/
+   ├── environment-setup-*target*-poky-linux
+   ├── layers/
+   ├── oe-time-dd-test.dat
+   ├── preparing_system_build.log
+   ├── site-config-*target*-poky-linux
+   ├── sstate-cache/
+   ├── sysroots/
+   ├── tmp/
+   ├── version-*target*-poky-linux
+   └── workspace/
 
 The installed directory structure for the extensible SDK is quite
 different than the installed structure for the standard SDK. The
@@ -300,7 +374,7 @@ the SDK, a configuration file for the target, a version file for the
 target, and log files for the OpenEmbedded build system preparation
 script run by the installer and BitBake.
 
-Within the figure, italicized text is used to indicate replaceable
-portions of the file or directory name. For example, install_dir is the
-directory where the SDK is installed, which is ``poky_sdk`` by default,
-and target represents the target architecture (e.g. ``i586``).
+In the layout above, italicized text is used to indicate replaceable
+portions of the file or directory name. For example, *install_dir* is the
+directory where the SDK is installed, which is by default ``poky_sdk`` in your
+home directory and *target* represents the target architecture (e.g. ``i586``).

documentation/sdk-manual/extensible.rst

@@ -71,7 +71,9 @@ Setting up the Extensible SDK environment directly in a Yocto build
 #. Set up all the needed layers and a Yocto :term:`Build Directory`, e.g. a regular Yocto
    build where ``bitbake`` can be executed.
 
-#. Run::
+#. Run:
+
+.. code-block:: console
 
       $ bitbake meta-ide-support
       $ bitbake -c populate_sysroot gtk+3
@@ -98,30 +100,27 @@ The names of the tarball installer scripts are such that a string
 representing the host system appears first in the filename and then is
 immediately followed by a string representing the target architecture.
 An extensible SDK has the string "-ext" as part of the name. Following
-is the general form::
+is the general form:
 
-   poky-glibc-host_system-image_type-arch-toolchain-ext-release_version.sh
+.. parsed-literal::
 
-   Where:
-       host_system is a string representing your development system:
+   poky-glibc-*host_system*-*image_type*-*arch*-toolchain-ext-*release_version*.sh
 
-                  i686 or x86_64.
+Where:
 
-       image_type is the image for which the SDK was built:
+-  *host_system* is a string representing your development system: ``i686`` or ``x86_64``.
 
-                  core-image-sato or core-image-minimal
+-  *image_type* is the image for which the SDK was built: ``core-image-sato`` or ``core-image-minimal``.
 
-       arch is a string representing the tuned target architecture:
+-  *arch* is a string representing the tuned target architecture: ``aarch64``, ``armv5e``, ``core2-64``, ``i586``, ``mips32r2``, ``mips64``, ``ppc7400``, or ``cortexa8hf-neon``.
 
-                  aarch64, armv5e, core2-64, i586, mips32r2, mips64, ppc7400, or cortexa8hf-neon
-
-       release_version is a string representing the release number of the Yocto Project:
-
-                  &DISTRO;, &DISTRO;+snapshot
+-  *release_version* is a string representing the release number of the Yocto Project: ``&DISTRO;``, ``&DISTRO;+snapshot``.
 
 For example, the following SDK installer is for a 64-bit
 development host system and a i586-tuned target architecture based off
-the SDK for ``core-image-sato`` and using the current &DISTRO; snapshot::
+the SDK for ``core-image-sato`` and using the current &DISTRO; snapshot:
+
+.. code-block:: text
 
    poky-glibc-x86_64-core-image-sato-i586-toolchain-ext-&DISTRO;.sh
 
@@ -142,7 +141,9 @@ must be writable for whichever users need to use the SDK.
 The following command shows how to run the installer given a toolchain
 tarball for a 64-bit x86 development host system and a 64-bit x86 target
 architecture. The example assumes the SDK installer is located in
-``~/Downloads/`` and has execution rights::
+``~/Downloads/`` and has execution rights:
+
+.. code-block:: console
 
    $ ./Downloads/poky-glibc-x86_64-core-image-minimal-core2-64-toolchain-ext-2.5.sh
    Poky (Yocto Project Reference Distro) Extensible SDK installer version 2.5
@@ -192,7 +193,9 @@ begin with the string "``environment-setup``" and include as part of
 their name the tuned target architecture. As an example, the following
 commands set the working directory to where the SDK was installed and
 then source the environment setup script. In this example, the setup
-script is for an IA-based target machine using i586 tuning::
+script is for an IA-based target machine using i586 tuning:
+
+.. code-block:: console
 
    $ cd /home/scottrif/poky_sdk
    $ source environment-setup-core2-64-poky-linux
@@ -200,7 +203,9 @@ script is for an IA-based target machine using i586 tuning::
    Run devtool --help for further details.
 
 When using the environment script directly in a Yocto build, it can
-be run similarly::
+be run similarly:
+
+.. code-block:: console
 
    $ source tmp/deploy/images/qemux86-64/environment-setup-core2-64-poky-linux
 
@@ -1585,7 +1590,9 @@ populated on-demand. Sometimes you must explicitly install extra items
 into the SDK. If you need these extra items, you can first search for
 the items using the ``devtool search`` command. For example, suppose you
 need to link to libGL but you are not sure which recipe provides libGL.
-You can use the following command to find out::
+You can use the following command to find out:
+
+.. code-block:: console
 
    $ devtool search libGL mesa
    A free implementation of the OpenGL API
@@ -1598,7 +1605,9 @@ When using the extensible SDK directly in a Yocto build
 
 In this scenario, the Yocto build tooling, e.g. ``bitbake``
 is directly accessible to build additional items, and it
-can simply be executed directly::
+can simply be executed directly:
+
+.. code-block:: console
 
    $ bitbake curl-native
    # Add newly built native items to native sysroot
@@ -1610,14 +1619,16 @@ can simply be executed directly::
 When using a standalone installer for the Extensible SDK
 --------------------------------------------------------
 
-::
+.. code-block:: console
 
    $ devtool sdk-install mesa
 
 By default, the ``devtool sdk-install`` command assumes
 the item is available in pre-built form from your SDK provider. If the
 item is not available and it is acceptable to build the item from
-source, you can add the "-s" option as follows::
+source, you can add the "-s" option as follows:
+
+.. code-block:: console
 
    $ devtool sdk-install -s mesa
 
@@ -1633,7 +1644,9 @@ If you are working with an installed extensible SDK that gets
 occasionally updated (e.g. a third-party SDK), then you will need to
 manually "pull down" the updates into the installed SDK.
 
-To update your installed SDK, use ``devtool`` as follows::
+To update your installed SDK, use ``devtool`` as follows:
+
+.. code-block:: console
 
    $ devtool sdk-update
 
@@ -1641,7 +1654,9 @@ The previous command assumes your SDK provider has set the default update URL
 for you through the :term:`SDK_UPDATE_URL` variable as described in the
 ":ref:`sdk-manual/appendix-customizing:Providing Updates to the Extensible SDK After Installation`"
 section. If the SDK provider has not set that default URL, you need to
-specify it yourself in the command as follows::
+specify it yourself in the command as follows:
+
+.. code-block:: console
 
    $ devtool sdk-update path_to_update_directory
 

documentation/sdk-manual/intro.rst

@@ -148,7 +148,7 @@ SDK Development Model
 
 Fundamentally, the SDK fits into the development process as follows:
 
-.. image:: figures/sdk-environment.png
+.. image:: svg/sdk-environment.*
    :width: 100%
 
 The SDK is installed on any machine and can be used to develop applications,

documentation/sdk-manual/svg/sdk-environment.svg

@@ -0,0 +1,463 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="152.07843mm"
+   height="104.79381mm"
+   viewBox="0 0 152.07843 104.79381"
+   version="1.1"
+   id="svg1"
+   xml:space="preserve"
+   inkscape:version="1.4.3 (0d15f75042, 2025-12-25)"
+   sodipodi:docname="sdk-environment.svg"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"><sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="mm"
+     inkscape:zoom="1.7923962"
+     inkscape:cx="323.86813"
+     inkscape:cy="222.32808"
+     inkscape:window-width="2560"
+     inkscape:window-height="1440"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="0"
+     inkscape:current-layer="layer2" /><defs
+     id="defs1"><marker
+       style="overflow:visible"
+       id="marker27"
+       refX="0"
+       refY="0"
+       orient="auto-start-reverse"
+       inkscape:stockid="Triangle arrow"
+       markerWidth="1.5"
+       markerHeight="1"
+       viewBox="0 0 1 1"
+       inkscape:isstock="true"
+       inkscape:collect="always"
+       preserveAspectRatio="none"><path
+         transform="scale(0.5)"
+         style="fill:context-stroke;fill-rule:evenodd;stroke:context-stroke;stroke-width:1pt"
+         d="M 5.77,0 -2.88,5 V -5 Z"
+         id="path27" /></marker><marker
+       style="overflow:visible"
+       id="marker24"
+       refX="0"
+       refY="0"
+       orient="auto-start-reverse"
+       inkscape:stockid="Triangle arrow"
+       markerWidth="1.5"
+       markerHeight="1"
+       viewBox="0 0 1 1"
+       inkscape:isstock="true"
+       inkscape:collect="always"
+       preserveAspectRatio="none"><path
+         transform="scale(0.5)"
+         style="fill:context-stroke;fill-rule:evenodd;stroke:context-stroke;stroke-width:1pt"
+         d="M 5.77,0 -2.88,5 V -5 Z"
+         id="path24" /></marker><marker
+       style="overflow:visible"
+       id="Triangle"
+       refX="-1"
+       refY="0"
+       orient="auto-start-reverse"
+       inkscape:stockid="Triangle arrow"
+       markerWidth="0.25"
+       markerHeight="0.44999999"
+       viewBox="0 0 1 1"
+       inkscape:isstock="true"
+       inkscape:collect="always"
+       preserveAspectRatio="none"
+       markerUnits="strokeWidth"><path
+         transform="scale(0.5)"
+         style="fill:context-stroke;fill-rule:evenodd;stroke:context-stroke;stroke-width:1pt"
+         d="M 5.77,0 -2.88,5 V -5 Z"
+         id="path135" /></marker></defs><g
+     inkscape:groupmode="layer"
+     id="layer2"
+     inkscape:label="Layer 2"
+     style="display:inline"
+     transform="translate(-15.261151,-139.49913)"><g
+       id="g5"
+       inkscape:label="yp-machine"><rect
+         style="display:inline;fill:#7399cb;fill-opacity:1;stroke:#4d6fad;stroke-width:0.4;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect1"
+         width="79.70993"
+         height="38.067791"
+         x="15.552484"
+         y="150.90607"
+         inkscape:label="yp-machine-rect" /><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="19.153561"
+         y="161.57883"
+         id="text3"
+         inkscape:label="yp-machine-rect-hosts-yp-text"><tspan
+           sodipodi:role="line"
+           id="tspan3"
+           style="stroke-width:0"
+           x="19.153561"
+           y="161.57883">Hosts Yocto Project</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="19.240089"
+         y="166.77032"
+         id="text3-0"
+         inkscape:label="yp-machine-rect-host-sdk-text"><tspan
+           sodipodi:role="line"
+           id="tspan3-5"
+           style="stroke-width:0"
+           x="19.240089"
+           y="166.77032">Can Host an SDK</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="19.36305"
+         y="171.6631"
+         id="text3-0-3"
+         inkscape:label="yp-machine-rect-build-sdk-text"><tspan
+           sodipodi:role="line"
+           id="tspan3-5-3"
+           style="stroke-width:0"
+           x="19.36305"
+           y="171.6631">Can Build an SDK</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="19.291393"
+         y="176.81357"
+         id="text3-0-3-3"
+         inkscape:label="yp-machine-rect-build-img-text"><tspan
+           sodipodi:role="line"
+           id="tspan3-5-3-4"
+           style="stroke-width:0"
+           x="19.291393"
+           y="176.81357">Can Build an Image</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="19.267235"
+         y="181.81523"
+         id="text3-0-3-3-8"
+         inkscape:label="yp-machine-rect-build-app-text"><tspan
+           sodipodi:role="line"
+           id="tspan3-5-3-4-1"
+           style="stroke-width:0"
+           x="19.267235"
+           y="181.81523">Can Build an Application</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.93636px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#4d6fad;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="15.660255"
+         y="155.1917"
+         id="text2"
+         inkscape:label="yp-machine-text"
+         transform="scale(1.0510998,0.95138443)"><tspan
+           id="tspan2"
+           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.93636px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#000000;stroke:#000000;stroke-width:0;stroke-dasharray:none;stroke-opacity:1"
+           x="15.660255"
+           y="155.1917"
+           sodipodi:role="line">Yocto Project Machine</tspan></text></g><g
+       id="g7"
+       inkscape:label="target-hw"><rect
+         style="display:inline;fill:#ff8e98;fill-opacity:1;stroke:#4d6fad;stroke-width:0.4;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect5"
+         width="54.540253"
+         height="21.210974"
+         x="15.461151"
+         y="222.88196"
+         inkscape:label="target-hw-rect" /><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="19.230175"
+         y="229.96002"
+         id="text3-0-3-3-8-6"
+         inkscape:label="target-hw-rect-boot-run-app-text"><tspan
+           sodipodi:role="line"
+           id="tspan3-5-3-4-1-7"
+           style="stroke-width:0"
+           x="19.230175"
+           y="229.96002">Boots and Runs Images</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="19.216074"
+         y="235.00998"
+         id="text3-0-3-3-8-6-3"
+         inkscape:label="target-hw-rect-rt-debug-text"><tspan
+           sodipodi:role="line"
+           id="tspan3-5-3-4-1-7-7"
+           style="stroke-width:0"
+           x="19.216074"
+           y="235.00998">Real Time Debugging</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="19.318588"
+         y="239.95505"
+         id="text3-0-3-3-8-6-3-1"
+         inkscape:label="target-hw-rect-run-apps-text"><tspan
+           sodipodi:role="line"
+           id="tspan3-5-3-4-1-7-7-0"
+           style="stroke-width:0"
+           x="19.318588"
+           y="239.95505">Runs Applications</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.85198px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="15.431406"
+         y="240.36668"
+         id="text5"
+         transform="scale(1.0919034,0.9158319)"
+         inkscape:label="target-hw-text"><tspan
+           sodipodi:role="line"
+           id="tspan5"
+           style="stroke-width:0"
+           x="15.431406"
+           y="240.36668">Target Hardware</tspan></text></g><g
+       id="g22"
+       inkscape:label="sdk-machine-bot"
+       transform="translate(-0.02339256,71.952437)"
+       style="display:inline"><rect
+         style="display:inline;opacity:1;fill:#bcff75;fill-opacity:1;stroke:#4d6fad;stroke-width:0.4;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect18"
+         width="35.780399"
+         height="24.143047"
+         x="131.34613"
+         y="144.82916"
+         inkscape:label="sdk-machine-rect" /><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.18832"
+         y="163.78954"
+         id="text19"
+         inkscape:label="sdk-machine-rect-host-sdk-text"><tspan
+           sodipodi:role="line"
+           id="tspan19"
+           style="stroke-width:0"
+           x="135.18832"
+           y="163.78954">Hosts an SDK</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.28667"
+         y="158.73506"
+         id="text20"
+         inkscape:label="sdk-machine-rect-dbg-text"><tspan
+           sodipodi:role="line"
+           id="tspan20"
+           style="stroke-width:0"
+           x="135.28667"
+           y="158.73506">Debug Code</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.0829"
+         y="153.75328"
+         id="text21"
+         inkscape:label="sdk-machine-rect-compile-text"><tspan
+           sodipodi:role="line"
+           id="tspan21"
+           style="stroke-width:0"
+           x="135.0829"
+           y="153.75328">Compile Code</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.8036px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="123.12138"
+         y="153.16264"
+         id="text22"
+         transform="scale(1.0781897,0.92748058)"
+         inkscape:label="sdk-machine-text"><tspan
+           sodipodi:role="line"
+           id="tspan22"
+           style="stroke-width:0"
+           x="123.12138"
+           y="153.16264">SDK Machine</tspan></text></g><g
+       id="g11"
+       inkscape:label="sdk-machine-mid"
+       transform="translate(0.01304739,36.040971)"
+       style="display:inline"><rect
+         style="display:inline;opacity:1;fill:#bcff75;fill-opacity:1;stroke:#4d6fad;stroke-width:0.4;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect8"
+         width="35.780399"
+         height="24.143047"
+         x="131.34613"
+         y="144.82916"
+         inkscape:label="sdk-machine-rect" /><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.18832"
+         y="163.78954"
+         id="text8"
+         inkscape:label="sdk-machine-rect-host-sdk-text"><tspan
+           sodipodi:role="line"
+           id="tspan8"
+           style="stroke-width:0"
+           x="135.18832"
+           y="163.78954">Hosts an SDK</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.28667"
+         y="158.73506"
+         id="text9"
+         inkscape:label="sdk-machine-rect-dbg-text"><tspan
+           sodipodi:role="line"
+           id="tspan9"
+           style="stroke-width:0"
+           x="135.28667"
+           y="158.73506">Debug Code</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.0829"
+         y="153.75328"
+         id="text10"
+         inkscape:label="sdk-machine-rect-compile-text"><tspan
+           sodipodi:role="line"
+           id="tspan10"
+           style="stroke-width:0"
+           x="135.0829"
+           y="153.75328">Compile Code</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.8036px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="123.12138"
+         y="153.16264"
+         id="text11"
+         transform="scale(1.0781897,0.92748058)"
+         inkscape:label="sdk-machine-text"><tspan
+           sodipodi:role="line"
+           id="tspan11"
+           style="stroke-width:0"
+           x="123.12138"
+           y="153.16264">SDK Machine</tspan></text></g><g
+       id="g18"
+       inkscape:label="sdk-machine-top"
+       style="display:inline"><rect
+         style="display:inline;opacity:1;fill:#bcff75;fill-opacity:1;stroke:#4d6fad;stroke-width:0.4;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect15"
+         width="35.780399"
+         height="24.143047"
+         x="131.34613"
+         y="144.82916"
+         inkscape:label="sdk-machine-rect" /><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.18832"
+         y="163.78954"
+         id="text15"
+         inkscape:label="sdk-machine-rect-host-sdk-text"><tspan
+           sodipodi:role="line"
+           id="tspan15"
+           style="stroke-width:0"
+           x="135.18832"
+           y="163.78954">Hosts an SDK</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.28667"
+         y="158.73506"
+         id="text16"
+         inkscape:label="sdk-machine-rect-dbg-text"><tspan
+           sodipodi:role="line"
+           id="tspan16"
+           style="stroke-width:0"
+           x="135.28667"
+           y="158.73506">Debug Code</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.0829"
+         y="153.75328"
+         id="text17"
+         inkscape:label="sdk-machine-rect-compile-text"><tspan
+           sodipodi:role="line"
+           id="tspan17"
+           style="stroke-width:0"
+           x="135.0829"
+           y="153.75328">Compile Code</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.8036px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="123.12138"
+         y="153.16264"
+         id="text18"
+         transform="scale(1.0781897,0.92748058)"
+         inkscape:label="sdk-machine-text"><tspan
+           sodipodi:role="line"
+           id="tspan18"
+           style="stroke-width:0"
+           x="123.12138"
+           y="153.16264">SDK Machine</tspan></text></g><g
+       id="g24"
+       inkscape:label="deploy"><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="67.689835"
+         y="202.65199"
+         id="text4"
+         inkscape:label="deploy-text"><tspan
+           sodipodi:role="line"
+           id="tspan4"
+           style="stroke-width:0"
+           x="67.689835"
+           y="202.65199">Deploy</tspan></text><path
+         style="opacity:1;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:6;stroke-linecap:square;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;marker-end:url(#Triangle)"
+         d="m 61.112324,191.97241 -0.104376,23.8825"
+         id="path22"
+         sodipodi:nodetypes="cc"
+         inkscape:label="arrow-deploy" /></g><g
+       id="g27"
+       inkscape:label="objects-bot"
+       style="display:inline"><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.55315px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="112.58056"
+         y="228.37267"
+         id="text4-0-7-2"
+         inkscape:label="objects-text"
+         transform="scale(1.0071938,0.99285757)"><tspan
+           sodipodi:role="line"
+           id="tspan4-7-2-7"
+           style="stroke-width:0"
+           x="112.58056"
+           y="228.37267">Objects</tspan></text><path
+         style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.799999;stroke-linecap:square;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;marker-end:url(#marker27)"
+         d="m 130.78047,228.73371 -20.13864,0.0652 0.10438,-43.68265 -10.933713,-0.10439"
+         id="path26"
+         sodipodi:nodetypes="cccc"
+         inkscape:label="arrow" /></g><g
+       id="g26"
+       style="display:inline"
+       inkscape:label="objects-mid"><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.56577px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="104.3705"
+         y="170.58327"
+         id="text4-0-7"
+         inkscape:label="objects-text"
+         transform="scale(1.0107715,0.98934328)"><tspan
+           sodipodi:role="line"
+           id="tspan4-7-2"
+           style="stroke-width:0"
+           x="104.3705"
+           y="170.58327">Objects</tspan></text><path
+         style="display:inline;opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.8;stroke-linecap:square;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;marker-end:url(#marker24)"
+         d="m 130.9339,191.93551 -11.2556,-0.0369 0.18452,-21.88383 -20.038641,0.18453"
+         id="path25"
+         sodipodi:nodetypes="cccc"
+         inkscape:label="arrow" /></g><g
+       id="g25"
+       inkscape:label="objects-top"><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.55676px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="104.78993"
+         y="157.1425"
+         id="text4-0"
+         inkscape:label="objects-text"
+         transform="scale(1.0082173,0.99184966)"><tspan
+           sodipodi:role="line"
+           id="tspan4-7"
+           style="stroke-width:0"
+           x="104.78993"
+           y="157.1425">Objects</tspan></text><path
+         style="opacity:1;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0.9;stroke-linecap:square;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;marker-end:url(#marker24)"
+         d="m 130.91375,157.65432 -30.64596,-0.24975"
+         id="path23"
+         sodipodi:nodetypes="cc"
+         inkscape:label="arrow" /></g></g></svg>

documentation/sdk-manual/using.rst

@@ -52,32 +52,29 @@ libraries appropriate for developing against the corresponding image.
 
 The names of the tarball installer scripts are such that a string
 representing the host system appears first in the filename and then is
-immediately followed by a string representing the target architecture::
+immediately followed by a string representing the target architecture:
 
-   poky-glibc-host_system-image_type-arch-toolchain-release_version.sh
+.. parsed-literal::
 
-   Where:
-       host_system is a string representing your development system:
+   poky-glibc-*host_system*-*image_type*-*arch*-toolchain-*release_version*.sh
 
-                  i686 or x86_64.
+Where:
 
-       image_type is the image for which the SDK was built:
+-  *host_system* is a string representing your development system: ``i686`` or ``x86_64``.
 
-                  core-image-minimal or core-image-sato.
+-  *image_type* is the image for which the SDK was built: ``core-image-minimal`` or ``core-image-sato``.
 
-       arch is a string representing the tuned target architecture:
+-  *arch* is a string representing the tuned target architecture: ``aarch64``, ``armv5e``, ``core2-64``, ``i586``, ``mips32r2``, ``mips64``, ``ppc7400``, or ``cortexa8hf-neon``.
 
-                  aarch64, armv5e, core2-64, i586, mips32r2, mips64, ppc7400, or cortexa8hf-neon.
-
-       release_version is a string representing the release number of the Yocto Project:
-
-                  &DISTRO;, &DISTRO;+snapshot
+-  *release_version* is a string representing the release number of the Yocto Project: ``&DISTRO;``, ``&DISTRO;+snapshot``.
 
 For example, the following SDK installer is for a 64-bit
 development host system and a i586-tuned target architecture based off
-the SDK for ``core-image-sato`` and using the current DISTRO snapshot::
+the SDK for ``core-image-sato`` and the ``&DISTRO;`` release:
 
-   poky-glibc-x86_64-core-image-sato-i586-toolchain-DISTRO.sh
+.. code-block:: text
+
+   poky-glibc-x86_64-core-image-sato-i586-toolchain-&DISTRO;.sh
 
 .. note::
 
@@ -96,7 +93,9 @@ must be writable for whichever users need to use the SDK.
 The following command shows how to run the installer given a toolchain
 tarball for a 64-bit x86 development host system and a 64-bit x86 target
 architecture. The example assumes the SDK installer is located in
-``~/Downloads/`` and has execution rights::
+``~/Downloads/`` and has execution rights:
+
+.. code-block:: console
 
    $ ./Downloads/poky-glibc-x86_64-core-image-sato-i586-toolchain-&DISTRO;.sh
    Poky (Yocto Project Reference Distro) SDK installer version &DISTRO;
@@ -136,7 +135,9 @@ begin with the string "``environment-setup``" and include as part of
 their name the tuned target architecture. As an example, the following
 commands set the working directory to where the SDK was installed and
 then source the environment setup script. In this example, the setup
-script is for an IA-based target machine using i586 tuning::
+script is for an IA-based target machine using i586 tuning:
+
+.. code-block:: console
 
    $ source /opt/poky/&DISTRO;/environment-setup-i586-poky-linux
 

documentation/sdk-manual/working-projects.rst

@@ -33,7 +33,9 @@ project:
 
 #. *Create a Working Directory and Populate It:* Create a clean
    directory for your project and then make that directory your working
-   location::
+   location:
+
+   .. code-block:: console
 
       $ mkdir $HOME/helloworld
       $ cd $HOME/helloworld
@@ -45,14 +47,18 @@ project:
    respectively.
 
    Use the following command to create an empty README file, which is
-   required by GNU Coding Standards::
+   required by GNU Coding Standards:
+
+   .. code-block:: console
 
       $ touch README
 
    Create the remaining
    three files as follows:
 
-   -  ``hello.c``::
+   -  ``hello.c``:
+
+      .. code-block:: c
 
          #include <stdio.h>
 
@@ -62,7 +68,9 @@ project:
                  return 0;
              }
 
-   -  ``configure.ac``::
+   -  ``configure.ac``:
+
+      .. code-block:: none
 
          AC_INIT(hello,0.1)
          AM_INIT_AUTOMAKE([foreign])
@@ -70,7 +78,9 @@ project:
          AC_CONFIG_FILES(Makefile)
          AC_OUTPUT
 
-   -  ``Makefile.am``::
+   -  ``Makefile.am``:
+
+      .. code-block:: none
 
          bin_PROGRAMS = hello
          hello_SOURCES = hello.c
@@ -84,17 +94,23 @@ project:
    which is followed by the string "poky-linux". For this example, the
    command sources a script from the default SDK installation directory
    that uses the 32-bit Intel x86 Architecture and the &DISTRO; Yocto
-   Project release::
+   Project release:
+
+   .. code-block:: console
 
       $ source /opt/poky/&DISTRO;/environment-setup-i586-poky-linux
 
    Another example is sourcing the environment setup directly in a Yocto
-   build::
+   build:
+
+   .. code-block:: console
 
       $ source tmp/deploy/images/qemux86-64/environment-setup-core2-64-poky-linux
 
 #. *Create the configure Script:* Use the ``autoreconf`` command to
-   generate the ``configure`` script::
+   generate the ``configure`` script:
+
+   .. code-block:: console
 
       $ autoreconf
 
@@ -113,7 +129,9 @@ project:
    the cross-compiler. The
    :term:`CONFIGURE_FLAGS`
    environment variable provides the minimal arguments for GNU
-   configure::
+   configure:
+
+   .. code-block:: console
 
       $ ./configure ${CONFIGURE_FLAGS}
 
@@ -126,12 +144,16 @@ project:
    ``armv5te-poky-linux-gnueabi``. You will notice that the name of the
    script is ``environment-setup-armv5te-poky-linux-gnueabi``. Thus, the
    following command works to update your project and rebuild it using
-   the appropriate cross-toolchain tools::
+   the appropriate cross-toolchain tools:
+
+   .. code-block:: console
 
      $ ./configure --host=armv5te-poky-linux-gnueabi --with-libtool-sysroot=sysroot_dir
 
 #. *Make and Install the Project:* These two commands generate and
-   install the project into the destination directory::
+   install the project into the destination directory:
+
+   .. code-block:: console
 
       $ make
       $ make install DESTDIR=./tmp
@@ -146,13 +168,17 @@ project:
    This next command is a simple way to verify the installation of your
    project. Running the command prints the architecture on which the
    binary file can run. This architecture should be the same
-   architecture that the installed cross-toolchain supports::
+   architecture that the installed cross-toolchain supports:
+
+   .. code-block:: console
 
       $ file ./tmp/usr/local/bin/hello
 
 #. *Execute Your Project:* To execute the project, you would need to run
    it on your target hardware. If your target hardware happens to be
-   your build host, you could run the project as follows::
+   your build host, you could run the project as follows:
+
+   .. code-block:: console
 
       $ ./tmp/usr/local/bin/hello
 
@@ -198,7 +224,9 @@ regarding variable behavior:
 .. note::
 
    Regardless of how you set your variables, if you use the "-e" option
-   with ``make``, the variables from the SDK setup script take precedence::
+   with ``make``, the variables from the SDK setup script take precedence:
+
+   .. code-block:: console
 
       $ make -e target
 
@@ -209,7 +237,9 @@ demonstrates these variable behaviors.
 In a new shell environment variables are not established for the SDK
 until you run the setup script. For example, the following commands show
 a null value for the compiler variable (i.e.
-:term:`CC`)::
+:term:`CC`):
+
+.. code-block:: console
 
    $ echo ${CC}
 
@@ -219,7 +249,9 @@ Running the
 SDK setup script for a 64-bit build host and an i586-tuned target
 architecture for a ``core-image-sato`` image using the current &DISTRO;
 Yocto Project release and then echoing that variable shows the value
-established through the script::
+established through the script:
+
+.. code-block:: console
 
    $ source /opt/poky/&DISTRO;/environment-setup-i586-poky-linux
    $ echo ${CC}
@@ -230,7 +262,9 @@ example:
 
 #. *Create a Working Directory and Populate It:* Create a clean
    directory for your project and then make that directory your working
-   location::
+   location:
+
+   .. code-block:: console
 
       $ mkdir $HOME/helloworld
       $ cd $HOME/helloworld
@@ -243,7 +277,9 @@ example:
 
    Create the three files as follows:
 
-   -  ``main.c``::
+   -  ``main.c``:
+
+      .. code-block:: c
 
          #include "module.h"
          void sample_func();
@@ -253,12 +289,16 @@ example:
              return 0;
          }
 
-   -  ``module.h``::
+   -  ``module.h``:
+
+      .. code-block:: c
 
          #include <stdio.h>
          void sample_func();
 
-   -  ``module.c``::
+   -  ``module.c``:
+
+      .. code-block:: c
 
          #include "module.h"
          void sample_func()
@@ -276,12 +316,16 @@ example:
    which is followed by the string "poky-linux". For this example, the
    command sources a script from the default SDK installation directory
    that uses the 32-bit Intel x86 Architecture and the &DISTRO_NAME; Yocto
-   Project release::
+   Project release:
+
+   .. code-block:: console
 
       $ source /opt/poky/&DISTRO;/environment-setup-i586-poky-linux
 
    Another example is sourcing the environment setup directly in a Yocto
-   build::
+   build:
+
+   .. code-block:: console
 
       $ source tmp/deploy/images/qemux86-64/environment-setup-core2-64-poky-linux
 
@@ -289,7 +333,9 @@ example:
    two lines that can be used to set the :term:`CC` variable. One line is
    identical to the value that is set when you run the SDK environment
    setup script, and the other line sets :term:`CC` to "gcc", the default
-   GNU compiler on the build host::
+   GNU compiler on the build host:
+
+   .. code-block:: Makefile
 
       # CC=i586-poky-linux-gcc -m32 -march=i586 --sysroot=/opt/poky/2.5/sysroots/i586-poky-linux
       # CC="gcc"
@@ -306,7 +352,9 @@ example:
 #. *Make the Project:* Use the ``make`` command to create the binary
    output file. Because variables are commented out in the Makefile, the
    value used for :term:`CC` is the value set when the SDK environment setup
-   file was run::
+   file was run:
+
+   .. code-block:: console
 
       $ make
       i586-poky-linux-gcc -m32 -march=i586 --sysroot=/opt/poky/2.5/sysroots/i586-poky-linux -I . -c main.c
@@ -319,7 +367,9 @@ example:
 
    You can override the :term:`CC` environment variable with the same
    variable as set from the Makefile by uncommenting the line in the
-   Makefile and running ``make`` again::
+   Makefile and running ``make`` again:
+
+   .. code-block:: console
 
       $ make clean
       rm -rf *.o
@@ -340,7 +390,9 @@ example:
    variable as part of the command line. Go into the Makefile and
    re-insert the comment character so that running ``make`` uses the
    established SDK compiler. However, when you run ``make``, use a
-   command-line argument to set :term:`CC` to "gcc"::
+   command-line argument to set :term:`CC` to "gcc":
+
+   .. code-block:: console
 
       $ make clean
       rm -rf *.o
@@ -364,7 +416,9 @@ example:
    environment variable.
 
    In this last case, edit Makefile again to use the "gcc" compiler but
-   then use the "-e" option on the ``make`` command line::
+   then use the "-e" option on the ``make`` command line:
+
+   .. code-block:: console
 
       $ make clean
       rm -rf *.o
@@ -389,7 +443,9 @@ example:
    Makefile.
 
 #. *Execute Your Project:* To execute the project (i.e. ``target_bin``),
-   use the following command::
+   use the following command:
+
+   .. code-block:: console
 
       $ ./target_bin
       Hello World!

documentation/security-reference/index.rst

@@ -0,0 +1,14 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+================================
+Yocto Project Security Reference
+================================
+
+.. toctree::
+   :caption: Table of Contents
+   :numbered:
+
+   security-team
+   reporting-vulnerabilities
+
+.. include:: /boilerplate.rst

documentation/security-reference/reporting-vulnerabilities.rst

@@ -0,0 +1,85 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Reporting Vulnerabilities
+*************************
+
+The Yocto Project and OpenEmbedded are open-source, community-based projects
+used in numerous products. They assemble multiple other open-source projects,
+and need to handle security issues and practices both internal (in the code
+maintained by both projects), and external (maintained by other projects and
+organizations).
+
+This manual assembles security-related information concerning the whole
+ecosystem. It includes information on reporting a potential security issue,
+the operation of the YP Security team and how to contribute in the
+related code. It is written to be useful for both security researchers and
+YP developers.
+
+How to report a potential security vulnerability?
+=================================================
+
+If you would like to report a public issue (for example, one with a released
+CVE number), please report it using the
+:yocto_bugs:`Security Bugzilla </enter_bug.cgi?product=Security>`.
+
+If you are dealing with a not-yet-released issue, or an urgent one, please send
+a message to security AT yoctoproject DOT org, including as many details as
+possible: the layer or software module affected, the recipe and its version,
+and any example code, if available. This mailing list is monitored by the
+Yocto Project Security team.
+
+For each layer, you might also look for specific instructions (if any) for
+reporting potential security issues in the specific ``SECURITY.md`` file at the
+root of the repository. Instructions on how and where submit a patch are
+usually available in ``README.md``. If this is your first patch to the
+Yocto Project/OpenEmbedded, you might want to have a look into the
+Contributor's Manual section
+":ref:`contributor-guide/submit-changes:preparing changes for submission`".
+
+Branches maintained with security fixes
+---------------------------------------
+
+See the
+:ref:`Release process <ref-manual/release-process:Stable Release Process>`
+documentation for details regarding the policies and maintenance of stable
+branches.
+
+The :yocto_home:`Releases </development/releases/>` page contains a list of all
+releases of the Yocto Project, grouped into current and previous releases.
+Previous releases are no longer actively maintained with security patches, but
+well-tested patches may still be accepted for them for significant issues.
+
+Security-related discussions at the Yocto Project
+-------------------------------------------------
+
+We have set up two security-related emails/mailing lists:
+
+  -  Public Mailing List: yocto [dash] security [at] yoctoproject[dot] org
+
+     This is a public mailing list for anyone to subscribe to. This list is an
+     open list to discuss public security issues/patches and security-related
+     initiatives. For more information, including subscription information,
+     please see the  :yocto_lists:`yocto-security mailing list info page
+     </g/yocto-security>`.
+
+     This list requires moderator approval for new topics to be posted, to avoid
+     private security reports to be posted by mistake.
+
+  -  Yocto Project Security Team: security [at] yoctoproject [dot] org
+
+     This is an email for reporting non-published potential vulnerabilities.
+     Emails sent to this address are forwarded to the Yocto Project Security
+     Team members.
+
+
+What you should do if you find a security vulnerability
+-------------------------------------------------------
+
+If you find a security flaw: a crash, an information leakage, or anything that
+can have a security impact if exploited in any Open Source software built or
+used by the Yocto Project, please report this to the Yocto Project Security
+Team. If you prefer to contact the upstream project directly, please send a
+copy to the security team at the Yocto Project as well. If you believe this is
+highly sensitive information, please report the vulnerability in a secure way,
+i.e. encrypt the email and send it to the private list. This ensures that
+the exploit is not leaked and exploited before a response/fix has been generated.

documentation/security-reference/security-team.rst

@@ -0,0 +1,110 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Security team
+*************
+
+The Yocto Project/OpenEmbedded security team coordinates the work on security
+subjects in the project. All general discussion takes place publicly. The
+Security Team only uses confidential communication tools to deal with private
+vulnerability reports before they are released.
+
+Security team appointment
+=========================
+
+The Yocto Project Security Team consists of at least three members. When new
+members are needed, the Yocto Project Technical Steering Committee (YP TSC)
+asks for nominations by public channels including a nomination deadline.
+Self-nominations are possible. When the limit time is
+reached, the YP TSC posts the list of candidates for the comments of project
+participants and developers. Comments may be sent publicly or privately to the
+YP and OE TSCs. The candidates are approved by both YP TSC and OpenEmbedded
+Technical Steering Committee (OE TSC) and the final list of the team members
+is announced publicly. The aim is to have people representing technical
+leadership, security knowledge and infrastructure present with enough people
+to provide backup/coverage but keep the notification list small enough to
+minimize information risk and maintain trust.
+
+YP Security Team members may resign at any time.
+
+Security Team Operations
+========================
+
+The work of the Security Team might require high confidentiality. Team members
+are individuals selected by merit and do not represent the companies they work
+for. They do not share information about confidential issues outside of the team
+and do not hint about ongoing embargoes.
+
+Team members can bring in domain experts as needed. Those people should be
+added to individual issues only and adhere to the same standards as the YP
+Security Team.
+
+The YP security team organizes its meetings and communication as needed.
+
+When the YP Security team receives a report about a potential security
+vulnerability, they quickly analyze and notify the reporter of the result.
+They might also request more information.
+
+If the issue is confirmed and affects the code maintained by the YP, they
+confidentially notify maintainers of that code and work with them to prepare
+a fix.
+
+If the issue is confirmed and affects an upstream project, the YP security team
+notifies the project. Usually, the upstream project analyzes the problem again.
+If they deem it a real security problem in their software, they develop and
+release a fix following their security policy. They may want to include the
+original reporter in the loop. There is also sometimes some coordination for
+handling patches, backporting patches etc, or just understanding the problem
+or what caused it.
+
+When the fix is publicly available, the YP security team member or the
+package maintainer sends patches against the YP code base, following usual
+procedures, including public code review.
+
+What Yocto Security Team does when it receives a security vulnerability
+=======================================================================
+
+The YP Security Team team performs a quick analysis and would usually report
+the flaw to the upstream project. Normally the upstream project analyzes the
+problem. If they deem it a real security problem in their software, they
+develop and release a fix following their own security policy. They may want
+to include the original reporter in the loop. There is also sometimes some
+coordination for handling patches, backporting patches etc, or just
+understanding the problem or what caused it.
+
+The security policy of the upstream project might include a notification to
+Linux distributions or other important downstream projects in advance to
+discuss coordinated disclosure. These mailing lists are normally non-public.
+
+When the upstream project releases a version with the fix, they are responsible
+for contacting `Mitre <https://www.cve.org/>`__ to get a CVE number assigned and
+the CVE record published.
+
+If an upstream project does not respond quickly
+===============================================
+
+If an upstream project does not fix the problem in a reasonable time,
+the Yocto's Security Team will contact other interested parties (usually
+other distributions) in the community and together try to solve the
+vulnerability as quickly as possible.
+
+The Yocto Project Security team adheres to the 90 days disclosure policy
+by default. An increase of the embargo time is possible when necessary.
+
+Security Team Members
+=====================
+
+For secure communications, please send your messages encrypted using the GPG
+keys. Remember, message headers are not encrypted so do not include sensitive
+information in the subject line.
+
+-  Ross Burton: <ross [at] burtonini [dot] com> `Public key <https://keys.openpgp.org/search?q=ross%40burtonini.com>`__
+
+-  Michael Halstead: <mhalstead [at] linuxfoundation [dot] org>
+   `Public key <https://pgp.mit.edu/pks/lookup?op=vindex&search=0x3373170601861969>`__
+   or `Public key <https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xd1f2407285e571ed12a407a73373170601861969>`__
+
+-  Richard Purdie: <richard.purdie [at] linuxfoundation [dot] org> `Public key <https://keys.openpgp.org/search?q=richard.purdie%40linuxfoundation.org>`__
+
+-  Marta Rybczynska: <marta DOT rybczynska [at] syslinbit [dot] com> `Public key <https://keys.openpgp.org/search?q=marta.rybczynska@syslinbit.com>`__
+
+-  Steve Sakoman: <steve [at] sakoman [dot] com> `Public key <https://keys.openpgp.org/search?q=steve%40sakoman.com>`__

documentation/test-manual/ptest.rst

@@ -84,6 +84,25 @@ test. Here is what you have to do for each recipe:
       cd test
       make -k runtest-TESTS
 
+-  *Return an appropriate exit code*: The ``run-ptest`` script must return 0 on
+   success, 1 on failure. This is needed by ``ptest-runner`` to keep track of
+   the successful and failed tests.
+
+-  *Make sure the test prints at least one test result*: The execution of the
+   ``run-ptest`` script must result in at least one test result output on the
+   console, with the following format::
+
+      result: testname
+
+   Where ``result`` can be one of ``PASS``, ``SKIP``, or ``FAIL``. ``testname``
+   can be any name.
+
+   There can be as many test results as desired.
+
+   This information is read by the :ref:`ref-classes-testimage` class and
+   :oe_git:`logparser </openembedded-core/tree/meta/lib/oeqa/utils/logparser.py>`
+   module.
+
 -  *Ensure dependencies are met:* If the test adds build or runtime
    dependencies that normally do not exist for the package (such as
    requiring "make" to run the test suite), use the

meta/classes/create-spdx-2.2.bbclass

@@ -710,6 +710,7 @@ python do_create_spdx() {
 
             oe.sbom.write_doc(d, package_doc, pkg_arch, "packages", indent=get_json_indent(d))
 }
+do_create_spdx[vardeps] += "CVE_STATUS"
 do_create_spdx[vardepsexclude] += "BB_NUMBER_THREADS"
 # NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source
 addtask do_create_spdx after do_package do_packagedata do_unpack do_collect_spdx_deps before do_populate_sdk do_build do_rm_work

meta/classes/create-spdx-3.0.bbclass

@@ -159,6 +159,8 @@ do_create_spdx[vardeps] += "\
     SPDX_PROFILES \
     SPDX_NAMESPACE_PREFIX \
     SPDX_UUID_NAMESPACE \
+    CVE_STATUS \
+    CVE_CHECK_STATUSMAP \
     "
 
 addtask do_create_spdx after \

meta/classes/cve-check.bbclass

@@ -187,6 +187,7 @@ python do_cve_check () {
 }
 
 addtask cve_check before do_build
+do_cve_check[vardeps] += "CVE_STATUS CVE_CHECK_STATUSMAP"
 do_cve_check[depends] = "cve-update-nvd2-native:do_unpack"
 do_cve_check[nostamp] = "1"
 

meta/classes/vex.bbclass

@@ -160,6 +160,7 @@ python do_generate_vex () {
 
     cve_write_data_json(d, cve_data, cves_status)
 }
+do_generate_vex[vardeps] += "CVE_STATUS CVE_CHECK_STATUSMAP"
 
 addtask generate_vex before do_build
 

meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-1.patch

@@ -0,0 +1,41 @@
+From fd702c02497b2f398e739e3119bed0b23dd7aa7b Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Tue, 20 Jan 2026 01:10:36 -0800
+Subject: Fix injection bug with bogus user names
+
+Problem reported by Kyu Neushwaistein.
+* telnetd/utility.c (_var_short_name):
+Ignore user names that start with '-' or contain shell metacharacters.
+
+Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/inetutils.git/commit/?id=fd702c02497b2f398e739e3119bed0b23dd7aa7b]
+CVE: CVE-2026-24061
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ telnetd/utility.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/telnetd/utility.c b/telnetd/utility.c
+index b486226e..c02cd0e6 100644
+--- a/telnetd/utility.c
++++ b/telnetd/utility.c
+@@ -1733,7 +1733,14 @@ _var_short_name (struct line_expander *exp)
+       return user_name ? xstrdup (user_name) : NULL;
+ 
+     case 'U':
+-      return getenv ("USER") ? xstrdup (getenv ("USER")) : xstrdup ("");
++      {
++	/* Ignore user names starting with '-' or containing shell
++	   metachars, as they can cause trouble.  */
++	char const *u = getenv ("USER");
++	return xstrdup ((u && *u != '-'
++			 && !u[strcspn (u, "\t\n !\"#$&'()*;<=>?[\\^`{|}~")])
++			? u : "");
++      }
+ 
+     default:
+       exp->state = EXP_STATE_ERROR;
+-- 
+cgit v1.2.3
+

meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-2.patch

@@ -0,0 +1,85 @@
+From ccba9f748aa8d50a38d7748e2e60362edd6a32cc Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon@josefsson.org>
+Date: Tue, 20 Jan 2026 14:02:39 +0100
+Subject: telnetd: Sanitize all variable expansions
+
+* telnetd/utility.c (sanitize): New function.
+(_var_short_name): Use it for all variables.
+
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/inetutils.git/commit/?id=ccba9f748aa8d50a38d7748e2e60362edd6a32cc]
+CVE: CVE-2026-24061
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ telnetd/utility.c | 32 ++++++++++++++++++--------------
+ 1 file changed, 18 insertions(+), 14 deletions(-)
+
+diff --git a/telnetd/utility.c b/telnetd/utility.c
+index c02cd0e6..b21ad961 100644
+--- a/telnetd/utility.c
++++ b/telnetd/utility.c
+@@ -1684,6 +1684,17 @@ static void _expand_cond (struct line_expander *exp);
+ static void _skip_block (struct line_expander *exp);
+ static void _expand_block (struct line_expander *exp);
+ 
++static char *
++sanitize (const char *u)
++{
++  /* Ignore values starting with '-' or containing shell metachars, as
++     they can cause trouble.  */
++  if (u && *u != '-' && !u[strcspn (u, "\t\n !\"#$&'()*;<=>?[\\^`{|}~")])
++    return u;
++  else
++    return "";
++}
++
+ /* Expand a variable referenced by its short one-symbol name.
+    Input: exp->cp points to the variable name.
+    FIXME: not implemented */
+@@ -1710,13 +1721,13 @@ _var_short_name (struct line_expander *exp)
+       return xstrdup (timebuf);
+ 
+     case 'h':
+-      return xstrdup (remote_hostname);
++      return xstrdup (sanitize (remote_hostname));
+ 
+     case 'l':
+-      return xstrdup (local_hostname);
++      return xstrdup (sanitize (local_hostname));
+ 
+     case 'L':
+-      return xstrdup (line);
++      return xstrdup (sanitize (line));
+ 
+     case 't':
+       q = strchr (line + 1, '/');
+@@ -1724,23 +1735,16 @@ _var_short_name (struct line_expander *exp)
+ 	q++;
+       else
+ 	q = line;
+-      return xstrdup (q);
++      return xstrdup (sanitize (q));
+ 
+     case 'T':
+-      return terminaltype ? xstrdup (terminaltype) : NULL;
++      return terminaltype ? xstrdup (sanitize (terminaltype)) : NULL;
+ 
+     case 'u':
+-      return user_name ? xstrdup (user_name) : NULL;
++      return user_name ? xstrdup (sanitize (user_name)) : NULL;
+ 
+     case 'U':
+-      {
+-	/* Ignore user names starting with '-' or containing shell
+-	   metachars, as they can cause trouble.  */
+-	char const *u = getenv ("USER");
+-	return xstrdup ((u && *u != '-'
+-			 && !u[strcspn (u, "\t\n !\"#$&'()*;<=>?[\\^`{|}~")])
+-			? u : "");
+-      }
++      return xstrdup (sanitize (getenv ("USER")));
+ 
+     default:
+       exp->state = EXP_STATE_ERROR;
+-- 
+cgit v1.2.3
+

meta/recipes-connectivity/inetutils/inetutils_2.5.bb

@@ -18,6 +18,8 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
            file://rsh.xinetd.inetutils \
            file://telnet.xinetd.inetutils \
            file://tftpd.xinetd.inetutils \
+           file://CVE-2026-24061-1.patch \
+           file://CVE-2026-24061-2.patch \
            "
 
 inherit autotools gettext update-alternatives texinfo

meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch

@@ -0,0 +1,38 @@
+From 7224be0fe2f4beb916b7b69141f478facd0f0634 Mon Sep 17 00:00:00 2001
+From: Denis Ovsienko <denis@ovsienko.info>
+Date: Sat, 27 Dec 2025 21:36:11 +0000
+Subject: [PATCH] Rename one of the xdtoi() copies to simplify backporting.
+
+CVE: CVE-2025-11961
+Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/7224be0fe2f4beb916b7b69141f478facd0f0634]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ nametoaddr.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/nametoaddr.c b/nametoaddr.c
+index dc75495c..bdaacbf1 100644
+--- a/nametoaddr.c
++++ b/nametoaddr.c
+@@ -646,7 +646,7 @@ pcap_nametollc(const char *s)
+ 
+ /* Hex digit to 8-bit unsigned integer. */
+ static inline u_char
+-xdtoi(u_char c)
++pcapint_xdtoi(u_char c)
+ {
+ 	if (c >= '0' && c <= '9')
+ 		return (u_char)(c - '0');
+@@ -728,10 +728,10 @@ pcap_ether_aton(const char *s)
+ 	while (*s) {
+ 		if (*s == ':' || *s == '.' || *s == '-')
+ 			s += 1;
+-		d = xdtoi(*s++);
++		d = pcapint_xdtoi(*s++);
+ 		if (PCAP_ISXDIGIT(*s)) {
+ 			d <<= 4;
+-			d |= xdtoi(*s++);
++			d |= pcapint_xdtoi(*s++);
+ 		}
+ 		*ep++ = d;
+ 	}

meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch

@@ -0,0 +1,433 @@
+From b2d2f9a9a0581c40780bde509f7cc715920f1c02 Mon Sep 17 00:00:00 2001
+From: Denis Ovsienko <denis@ovsienko.info>
+Date: Fri, 19 Dec 2025 17:31:13 +0000
+Subject: [PATCH] CVE-2025-11961: Fix OOBR and OOBW in pcap_ether_aton().
+
+pcap_ether_aton() has for a long time required its string argument to be
+a well-formed MAC-48 address, which is always the case when the argument
+comes from other libpcap code, so the function has never validated the
+input and used a simple loop to parse any of the three common MAC-48
+address formats.  However, the function has also been a part of the
+public API, so calling it directly with a malformed address can cause
+the loop to read beyond the end of the input string and/or to write
+beyond the end of the allocated output buffer.
+
+To handle invalid input more appropriately, replace the simple loop with
+new functions and require the input to match a supported address format.
+
+This problem was reported by Jin Wei, Kunwei Qian and Ping Chen.
+
+(backported from commit dd08e53e9380e217ae7c7768da9cc3d7bf37bf83)
+
+CVE: CVE-2025-11961
+Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gencode.c    |   5 +
+ nametoaddr.c | 367 +++++++++++++++++++++++++++++++++++++++++++++++----
+ 2 files changed, 349 insertions(+), 23 deletions(-)
+
+diff --git a/gencode.c b/gencode.c
+index 3ddd15f8..76fb2d82 100644
+--- a/gencode.c
++++ b/gencode.c
+@@ -7228,6 +7228,11 @@ gen_ecode(compiler_state_t *cstate, const char *s, struct qual q)
+ 		return (NULL);
+ 
+ 	if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
++		/*
++		 * Because the lexer guards the input string format, in this
++		 * context the function returns NULL iff the implicit malloc()
++		 * has failed.
++		 */
+ 		cstate->e = pcap_ether_aton(s);
+ 		if (cstate->e == NULL)
+ 			bpf_error(cstate, "malloc");
+diff --git a/nametoaddr.c b/nametoaddr.c
+index f9fcd288..f50d0da5 100644
+--- a/nametoaddr.c
++++ b/nametoaddr.c
+@@ -703,39 +703,360 @@ __pcap_atodn(const char *s, bpf_u_int32 *addr)
+ 	return(32);
+ }
+ 
++// Man page: "xxxxxxxxxxxx", regexp: "^[0-9a-fA-F]{12}$".
++static u_char
++pcapint_atomac48_xxxxxxxxxxxx(const char *s, uint8_t *addr)
++{
++	if (strlen(s) == 12 &&
++	    PCAP_ISXDIGIT(s[0]) &&
++	    PCAP_ISXDIGIT(s[1]) &&
++	    PCAP_ISXDIGIT(s[2]) &&
++	    PCAP_ISXDIGIT(s[3]) &&
++	    PCAP_ISXDIGIT(s[4]) &&
++	    PCAP_ISXDIGIT(s[5]) &&
++	    PCAP_ISXDIGIT(s[6]) &&
++	    PCAP_ISXDIGIT(s[7]) &&
++	    PCAP_ISXDIGIT(s[8]) &&
++	    PCAP_ISXDIGIT(s[9]) &&
++	    PCAP_ISXDIGIT(s[10]) &&
++	    PCAP_ISXDIGIT(s[11])) {
++		addr[0] = pcapint_xdtoi(s[0]) << 4 | pcapint_xdtoi(s[1]);
++		addr[1] = pcapint_xdtoi(s[2]) << 4 | pcapint_xdtoi(s[3]);
++		addr[2] = pcapint_xdtoi(s[4]) << 4 | pcapint_xdtoi(s[5]);
++		addr[3] = pcapint_xdtoi(s[6]) << 4 | pcapint_xdtoi(s[7]);
++		addr[4] = pcapint_xdtoi(s[8]) << 4 | pcapint_xdtoi(s[9]);
++		addr[5] = pcapint_xdtoi(s[10]) << 4 | pcapint_xdtoi(s[11]);
++		return 1;
++	}
++	return 0;
++}
++
++// Man page: "xxxx.xxxx.xxxx", regexp: "^[0-9a-fA-F]{4}(\.[0-9a-fA-F]{4}){2}$".
++static u_char
++pcapint_atomac48_xxxx_3_times(const char *s, uint8_t *addr)
++{
++	const char sep = '.';
++	if (strlen(s) == 14 &&
++	    PCAP_ISXDIGIT(s[0]) &&
++	    PCAP_ISXDIGIT(s[1]) &&
++	    PCAP_ISXDIGIT(s[2]) &&
++	    PCAP_ISXDIGIT(s[3]) &&
++	    s[4] == sep &&
++	    PCAP_ISXDIGIT(s[5]) &&
++	    PCAP_ISXDIGIT(s[6]) &&
++	    PCAP_ISXDIGIT(s[7]) &&
++	    PCAP_ISXDIGIT(s[8]) &&
++	    s[9] == sep &&
++	    PCAP_ISXDIGIT(s[10]) &&
++	    PCAP_ISXDIGIT(s[11]) &&
++	    PCAP_ISXDIGIT(s[12]) &&
++	    PCAP_ISXDIGIT(s[13])) {
++		addr[0] = pcapint_xdtoi(s[0]) << 4 | pcapint_xdtoi(s[1]);
++		addr[1] = pcapint_xdtoi(s[2]) << 4 | pcapint_xdtoi(s[3]);
++		addr[2] = pcapint_xdtoi(s[5]) << 4 | pcapint_xdtoi(s[6]);
++		addr[3] = pcapint_xdtoi(s[7]) << 4 | pcapint_xdtoi(s[8]);
++		addr[4] = pcapint_xdtoi(s[10]) << 4 | pcapint_xdtoi(s[11]);
++		addr[5] = pcapint_xdtoi(s[12]) << 4 | pcapint_xdtoi(s[13]);
++		return 1;
++	}
++	return 0;
++}
++
+ /*
+- * Convert 's', which can have the one of the forms:
++ * Man page: "xx:xx:xx:xx:xx:xx", regexp: "^[0-9a-fA-F]{1,2}(:[0-9a-fA-F]{1,2}){5}$".
++ * Man page: "xx-xx-xx-xx-xx-xx", regexp: "^[0-9a-fA-F]{1,2}(-[0-9a-fA-F]{1,2}){5}$".
++ * Man page: "xx.xx.xx.xx.xx.xx", regexp: "^[0-9a-fA-F]{1,2}(\.[0-9a-fA-F]{1,2}){5}$".
++ * (Any "xx" above can be "x", which is equivalent to "0x".)
+  *
+- *	"xx:xx:xx:xx:xx:xx"
+- *	"xx.xx.xx.xx.xx.xx"
+- *	"xx-xx-xx-xx-xx-xx"
+- *	"xxxx.xxxx.xxxx"
+- *	"xxxxxxxxxxxx"
++ * An equivalent (and parametrisable for EUI-64) FSM could be implemented using
++ * a smaller graph, but that graph would be neither acyclic nor planar nor
++ * trivial to verify.
+  *
+- * (or various mixes of ':', '.', and '-') into a new
+- * ethernet address.  Assumes 's' is well formed.
++ *                |
++ *    [.]         v
++ * +<---------- START
++ * |              |
++ * |              | [0-9a-fA-F]
++ * |  [.]         v
++ * +<--------- BYTE0_X ----------+
++ * |              |              |
++ * |              | [0-9a-fA-F]  |
++ * |  [.]         v              |
++ * +<--------- BYTE0_XX          | [:\.-]
++ * |              |              |
++ * |              | [:\.-]       |
++ * |  [.]         v              |
++ * +<----- BYTE0_SEP_BYTE1 <-----+
++ * |              |
++ * |              | [0-9a-fA-F]
++ * |  [.]         v
++ * +<--------- BYTE1_X ----------+
++ * |              |              |
++ * |              | [0-9a-fA-F]  |
++ * |  [.]         v              |
++ * +<--------- BYTE1_XX          | <sep>
++ * |              |              |
++ * |              | <sep>        |
++ * |  [.]         v              |
++ * +<----- BYTE1_SEP_BYTE2 <-----+
++ * |              |
++ * |              | [0-9a-fA-F]
++ * |  [.]         v
++ * +<--------- BYTE2_X ----------+
++ * |              |              |
++ * |              | [0-9a-fA-F]  |
++ * |  [.]         v              |
++ * +<--------- BYTE2_XX          | <sep>
++ * |              |              |
++ * |              | <sep>        |
++ * |  [.]         v              |
++ * +<----- BYTE2_SEP_BYTE3 <-----+
++ * |              |
++ * |              | [0-9a-fA-F]
++ * |  [.]         v
++ * +<--------- BYTE3_X ----------+
++ * |              |              |
++ * |              | [0-9a-fA-F]  |
++ * |  [.]         v              |
++ * +<--------- BYTE3_XX          | <sep>
++ * |              |              |
++ * |              | <sep>        |
++ * |  [.]         v              |
++ * +<----- BYTE3_SEP_BYTE4 <-----+
++ * |              |
++ * |              | [0-9a-fA-F]
++ * |  [.]         v
++ * +<--------- BYTE4_X ----------+
++ * |              |              |
++ * |              | [0-9a-fA-F]  |
++ * |  [.]         v              |
++ * +<--------- BYTE4_XX          | <sep>
++ * |              |              |
++ * |              | <sep>        |
++ * |  [.]         v              |
++ * +<----- BYTE4_SEP_BYTE5 <-----+
++ * |              |
++ * |              | [0-9a-fA-F]
++ * |  [.]         v
++ * +<--------- BYTE5_X ----------+
++ * |              |              |
++ * |              | [0-9a-fA-F]  |
++ * |  [.]         v              |
++ * +<--------- BYTE5_XX          | \0
++ * |              |              |
++ * |              | \0           |
++ * |              |              v
++ * +--> (reject)  +---------> (accept)
++ *
++ */
++static u_char
++pcapint_atomac48_x_xx_6_times(const char *s, uint8_t *addr)
++{
++	enum {
++		START,
++		BYTE0_X,
++		BYTE0_XX,
++		BYTE0_SEP_BYTE1,
++		BYTE1_X,
++		BYTE1_XX,
++		BYTE1_SEP_BYTE2,
++		BYTE2_X,
++		BYTE2_XX,
++		BYTE2_SEP_BYTE3,
++		BYTE3_X,
++		BYTE3_XX,
++		BYTE3_SEP_BYTE4,
++		BYTE4_X,
++		BYTE4_XX,
++		BYTE4_SEP_BYTE5,
++		BYTE5_X,
++		BYTE5_XX,
++	} fsm_state = START;
++	uint8_t buf[6];
++	const char *seplist = ":.-";
++	char sep;
++
++	while (*s) {
++		switch (fsm_state) {
++		case START:
++			if (PCAP_ISXDIGIT(*s)) {
++				buf[0] = pcapint_xdtoi(*s);
++				fsm_state = BYTE0_X;
++				break;
++			}
++			goto reject;
++		case BYTE0_X:
++			if (strchr(seplist, *s)) {
++				sep = *s;
++				fsm_state = BYTE0_SEP_BYTE1;
++				break;
++			}
++			if (PCAP_ISXDIGIT(*s)) {
++				buf[0] = buf[0] << 4 | pcapint_xdtoi(*s);
++				fsm_state = BYTE0_XX;
++				break;
++			}
++			goto reject;
++		case BYTE0_XX:
++			if (strchr(seplist, *s)) {
++				sep = *s;
++				fsm_state = BYTE0_SEP_BYTE1;
++				break;
++			}
++			goto reject;
++		case BYTE0_SEP_BYTE1:
++			if (PCAP_ISXDIGIT(*s)) {
++				buf[1] = pcapint_xdtoi(*s);
++				fsm_state = BYTE1_X;
++				break;
++			}
++			goto reject;
++		case BYTE1_X:
++			if (*s == sep) {
++				fsm_state = BYTE1_SEP_BYTE2;
++				break;
++			}
++			if (PCAP_ISXDIGIT(*s)) {
++				buf[1] = buf[1] << 4 | pcapint_xdtoi(*s);
++				fsm_state = BYTE1_XX;
++				break;
++			}
++			goto reject;
++		case BYTE1_XX:
++			if (*s == sep) {
++				fsm_state = BYTE1_SEP_BYTE2;
++				break;
++			}
++			goto reject;
++		case BYTE1_SEP_BYTE2:
++			if (PCAP_ISXDIGIT(*s)) {
++				buf[2] = pcapint_xdtoi(*s);
++				fsm_state = BYTE2_X;
++				break;
++			}
++			goto reject;
++		case BYTE2_X:
++			if (*s == sep) {
++				fsm_state = BYTE2_SEP_BYTE3;
++				break;
++			}
++			if (PCAP_ISXDIGIT(*s)) {
++				buf[2] = buf[2] << 4 | pcapint_xdtoi(*s);
++				fsm_state = BYTE2_XX;
++				break;
++			}
++			goto reject;
++		case BYTE2_XX:
++			if (*s == sep) {
++				fsm_state = BYTE2_SEP_BYTE3;
++				break;
++			}
++			goto reject;
++		case BYTE2_SEP_BYTE3:
++			if (PCAP_ISXDIGIT(*s)) {
++				buf[3] = pcapint_xdtoi(*s);
++				fsm_state = BYTE3_X;
++				break;
++			}
++			goto reject;
++		case BYTE3_X:
++			if (*s == sep) {
++				fsm_state = BYTE3_SEP_BYTE4;
++				break;
++			}
++			if (PCAP_ISXDIGIT(*s)) {
++				buf[3] = buf[3] << 4 | pcapint_xdtoi(*s);
++				fsm_state = BYTE3_XX;
++				break;
++			}
++			goto reject;
++		case BYTE3_XX:
++			if (*s == sep) {
++				fsm_state = BYTE3_SEP_BYTE4;
++				break;
++			}
++			goto reject;
++		case BYTE3_SEP_BYTE4:
++			if (PCAP_ISXDIGIT(*s)) {
++				buf[4] = pcapint_xdtoi(*s);
++				fsm_state = BYTE4_X;
++				break;
++			}
++			goto reject;
++		case BYTE4_X:
++			if (*s == sep) {
++				fsm_state = BYTE4_SEP_BYTE5;
++				break;
++			}
++			if (PCAP_ISXDIGIT(*s)) {
++				buf[4] = buf[4] << 4 | pcapint_xdtoi(*s);
++				fsm_state = BYTE4_XX;
++				break;
++			}
++			goto reject;
++		case BYTE4_XX:
++			if (*s == sep) {
++				fsm_state = BYTE4_SEP_BYTE5;
++				break;
++			}
++			goto reject;
++		case BYTE4_SEP_BYTE5:
++			if (PCAP_ISXDIGIT(*s)) {
++				buf[5] = pcapint_xdtoi(*s);
++				fsm_state = BYTE5_X;
++				break;
++			}
++			goto reject;
++		case BYTE5_X:
++			if (PCAP_ISXDIGIT(*s)) {
++				buf[5] = buf[5] << 4 | pcapint_xdtoi(*s);
++				fsm_state = BYTE5_XX;
++				break;
++			}
++			goto reject;
++		case BYTE5_XX:
++			goto reject;
++		} // switch
++		s++;
++	} // while
++
++	if (fsm_state == BYTE5_X || fsm_state == BYTE5_XX) {
++		// accept
++		memcpy(addr, buf, sizeof(buf));
++		return 1;
++	}
++
++reject:
++	return 0;
++}
++
++// The 'addr' argument must point to an array of at least 6 elements.
++static int
++pcapint_atomac48(const char *s, uint8_t *addr)
++{
++	return s && (
++	    pcapint_atomac48_xxxxxxxxxxxx(s, addr) ||
++	    pcapint_atomac48_xxxx_3_times(s, addr) ||
++	    pcapint_atomac48_x_xx_6_times(s, addr)
++	);
++}
++
++/*
++ * If 's' is a MAC-48 address in one of the forms documented in pcap-filter(7)
++ * for "ether host", return a pointer to an allocated buffer with the binary
++ * value of the address.  Return NULL on any error.
+  */
+ u_char *
+ pcap_ether_aton(const char *s)
+ {
+-	register u_char *ep, *e;
+-	register u_char d;
++	uint8_t tmp[6];
++	if (! pcapint_atomac48(s, tmp))
++		return (NULL);
+ 
+-	e = ep = (u_char *)malloc(6);
++	u_char *e = malloc(6);
+ 	if (e == NULL)
+ 		return (NULL);
+-
+-	while (*s) {
+-		if (*s == ':' || *s == '.' || *s == '-')
+-			s += 1;
+-		d = pcapint_xdtoi(*s++);
+-		if (PCAP_ISXDIGIT(*s)) {
+-			d <<= 4;
+-			d |= pcapint_xdtoi(*s++);
+-		}
+-		*ep++ = d;
+-	}
+-
++	memcpy(e, tmp, sizeof(tmp));
+ 	return (e);
+ }
+ 

meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch

@@ -0,0 +1,33 @@
+From 7fabf607f2319a36a0bd78444247180acb838e69 Mon Sep 17 00:00:00 2001
+From: Guy Harris <gharris@sonic.net>
+Date: Sun, 7 Sep 2025 12:51:56 -0700
+Subject: [PATCH] Fix a copy-and-pasteo in utf_16le_to_utf_8_truncated().
+
+For the four octets of UTF-8 case, it was decrementing the remaining
+buffer length by 3, not 4.
+
+Thanks to a team of developers from the Univesity of Waterloo for
+reporting this.
+
+(cherry picked from commit aebfca1aea2fc8c177760a26e8f4de27b51d1b3b)
+
+CVE: CVE-2025-11964
+Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/7fabf607f2319a36a0bd78444247180acb838e69]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ fmtutils.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fmtutils.c b/fmtutils.c
+index a5a4fe62..78a0f8b7 100644
+--- a/fmtutils.c
++++ b/fmtutils.c
+@@ -235,7 +235,7 @@ utf_16le_to_utf_8_truncated(const wchar_t *utf_16, char *utf_8,
+ 			*utf_8++ = ((uc >> 12) & 0x3F) | 0x80;
+ 			*utf_8++ = ((uc >> 6) & 0x3F) | 0x80;
+ 			*utf_8++ = ((uc >> 0) & 0x3F) | 0x80;
+-			utf_8_len -= 3;
++			utf_8_len -= 4;
+ 		}
+ 	}
+ 

meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb

@@ -14,6 +14,9 @@ SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \
            file://CVE-2023-7256-pre1.patch \
            file://CVE-2023-7256.patch \
            file://CVE-2024-8006.patch \
+           file://CVE-2025-11961-01.patch \
+           file://CVE-2025-11961-02.patch \
+           file://CVE-2025-11964.patch \
           "
 
 SRC_URI[sha256sum] = "ed19a0383fad72e3ad435fd239d7cd80d64916b87269550159d20e47160ebe5f"

meta/recipes-core/dropbear/dropbear/CVE-2019-6111.patch

@@ -0,0 +1,157 @@
+From 48a17cff6aa104b8e806ddb2191f83f1024060f1 Mon Sep 17 00:00:00 2001
+From: Matt Johnston <matt@ucc.asn.au>
+Date: Tue, 9 Dec 2025 22:59:19 +0900
+Subject: [PATCH] scp CVE-2019-6111 fix
+
+Cherry-pick from OpenSSH portable
+
+391ffc4b9d31 ("upstream: check in scp client that filenames sent during")
+
+upstream: check in scp client that filenames sent during
+
+remote->local directory copies satisfy the wildcard specified by the user.
+
+This checking provides some protection against a malicious server
+sending unexpected filenames, but it comes at a risk of rejecting wanted
+files due to differences between client and server wildcard expansion rules.
+
+For this reason, this also adds a new -T flag to disable the check.
+
+reported by Harry Sintonen
+fix approach suggested by markus@;
+has been in snaps for ~1wk courtesy deraadt@
+
+CVE: CVE-2019-6111
+Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/48a17cff6aa104b8e806ddb2191f83f1024060f1]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ scp.c | 38 +++++++++++++++++++++++++++++---------
+ 1 file changed, 29 insertions(+), 9 deletions(-)
+
+diff --git a/scp.c b/scp.c
+index 384f2cb..bf98986 100644
+--- a/scp.c
++++ b/scp.c
+@@ -76,6 +76,8 @@
+ #include "includes.h"
+ /*RCSID("$OpenBSD: scp.c,v 1.130 2006/01/31 10:35:43 djm Exp $");*/
+ 
++#include <fnmatch.h>
++
+ #include "atomicio.h"
+ #include "compat.h"
+ #include "scpmisc.h"
+@@ -291,14 +293,14 @@ void verifydir(char *);
+ 
+ uid_t userid;
+ int errs, remin, remout;
+-int pflag, iamremote, iamrecursive, targetshouldbedirectory;
++int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory;
+ 
+ #define	CMDNEEDS	64
+ char cmd[CMDNEEDS];		/* must hold "rcp -r -p -d\0" */
+ 
+ int response(void);
+ void rsource(char *, struct stat *);
+-void sink(int, char *[]);
++void sink(int, char *[], const char *);
+ void source(int, char *[]);
+ void tolocal(int, char *[]);
+ void toremote(char *, int, char *[]);
+@@ -325,8 +327,8 @@ main(int argc, char **argv)
+ 	args.list = NULL;
+ 	addargs(&args, "%s", ssh_program);
+ 
+-	fflag = tflag = 0;
+-	while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1)
++	fflag = Tflag = tflag = 0;
++	while ((ch = getopt(argc, argv, "dfl:prtTvBCc:i:P:q1246S:o:F:")) != -1)
+ 		switch (ch) {
+ 		/* User-visible flags. */
+ 		case '1':
+@@ -389,9 +391,12 @@ main(int argc, char **argv)
+ 			setmode(0, O_BINARY);
+ #endif
+ 			break;
++		case 'T':
++			Tflag = 1;
++			break;
+ 		default:
+ 			usage();
+-		}
++	}
+ 	argc -= optind;
+ 	argv += optind;
+ 
+@@ -409,7 +414,7 @@ main(int argc, char **argv)
+ 	}
+ 	if (tflag) {
+ 		/* Receive data. */
+-		sink(argc, argv);
++		sink(argc, argv, NULL);
+ 		exit(errs != 0);
+ 	}
+ 	if (argc < 2)
+@@ -589,7 +594,7 @@ tolocal(int argc, char **argv)
+ 			continue;
+ 		}
+ 		xfree(bp);
+-		sink(1, argv + argc - 1);
++		sink(1, argv + argc - 1, src);
+ 		(void) close(remin);
+ 		remin = remout = -1;
+ 	}
+@@ -822,7 +827,7 @@ bwlimit(int amount)
+ }
+ 
+ void
+-sink(int argc, char **argv)
++sink(int argc, char **argv, const char *src)
+ {
+ 	static BUF buffer;
+ 	struct stat stb;
+@@ -836,6 +841,7 @@ sink(int argc, char **argv)
+ 	off_t size, statbytes;
+ 	int setimes, targisdir, wrerrno = 0;
+ 	char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
++	char *src_copy = NULL, *restrict_pattern = NULL;
+ 	struct timeval tv[2];
+ 
+ #define	atime	tv[0]
+@@ -857,6 +863,17 @@ sink(int argc, char **argv)
+ 	(void) atomicio(vwrite, remout, "", 1);
+ 	if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
+ 		targisdir = 1;
++	if (src != NULL && !iamrecursive && !Tflag) {
++		/*
++		 * Prepare to try to restrict incoming filenames to match
++		 * the requested destination file glob.
++		 */
++		if ((src_copy = strdup(src)) == NULL)
++			fatal("strdup failed");
++		if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) {
++			*restrict_pattern++ = '\0';
++		}
++	}
+ 	for (first = 1;; first = 0) {
+ 		cp = buf;
+ 		if (atomicio(read, remin, cp, 1) != 1)
+@@ -939,6 +956,9 @@ sink(int argc, char **argv)
+ 			run_err("error: unexpected filename: %s", cp);
+ 			exit(1);
+ 		}
++		if (restrict_pattern != NULL &&
++		    fnmatch(restrict_pattern, cp, 0) != 0)
++			SCREWUP("filename does not match request");
+ 		if (targisdir) {
+ 			static char *namebuf = NULL;
+ 			static size_t cursize = 0;
+@@ -977,7 +997,7 @@ sink(int argc, char **argv)
+ 					goto bad;
+ 			}
+ 			vect[0] = xstrdup(np);
+-			sink(1, vect);
++			sink(1, vect, src);
+ 			if (setimes) {
+ 				setimes = 0;
+ 				if (utimes(vect[0], tv) < 0)

meta/recipes-core/dropbear/dropbear_2022.83.bb

@@ -29,6 +29,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
            file://0001-cli-runopts.c-add-missing-DROPBEAR_CLI_PUBKEY_AUTH.patch \
            file://0001-Avoid-unused-variable-with-DROPBEAR_CLI_PUBKEY_AUTH-.patch \
            file://CVE-2025-47203.patch \
+           file://CVE-2019-6111.patch \
            "
 
 SRC_URI[sha256sum] = "bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b"

meta/recipes-core/expat/expat/CVE-2026-24515-01.patch

@@ -0,0 +1,43 @@
+From 86fc914a7acc49246d5fde0ab6ed97eb8a0f15f9 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sun, 18 Jan 2026 17:53:37 +0100
+Subject: [PATCH] lib: Make XML_ExternalEntityParserCreate copy unknown
+ encoding handler user data
+
+Patch suggested by Artiphishell Inc.
+
+CVE: CVE-2026-24515
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/86fc914a7acc49246d5fde0ab6ed97eb8a0f15f9]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/xmlparse.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index 593cd90d..18577ee3 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -1749,6 +1749,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
+   XML_ExternalEntityRefHandler oldExternalEntityRefHandler;
+   XML_SkippedEntityHandler oldSkippedEntityHandler;
+   XML_UnknownEncodingHandler oldUnknownEncodingHandler;
++  void *oldUnknownEncodingHandlerData;
+   XML_ElementDeclHandler oldElementDeclHandler;
+   XML_AttlistDeclHandler oldAttlistDeclHandler;
+   XML_EntityDeclHandler oldEntityDeclHandler;
+@@ -1794,6 +1795,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
+   oldExternalEntityRefHandler = parser->m_externalEntityRefHandler;
+   oldSkippedEntityHandler = parser->m_skippedEntityHandler;
+   oldUnknownEncodingHandler = parser->m_unknownEncodingHandler;
++  oldUnknownEncodingHandlerData = parser->m_unknownEncodingHandlerData;
+   oldElementDeclHandler = parser->m_elementDeclHandler;
+   oldAttlistDeclHandler = parser->m_attlistDeclHandler;
+   oldEntityDeclHandler = parser->m_entityDeclHandler;
+@@ -1854,6 +1856,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
+   parser->m_externalEntityRefHandler = oldExternalEntityRefHandler;
+   parser->m_skippedEntityHandler = oldSkippedEntityHandler;
+   parser->m_unknownEncodingHandler = oldUnknownEncodingHandler;
++  parser->m_unknownEncodingHandlerData = oldUnknownEncodingHandlerData;
+   parser->m_elementDeclHandler = oldElementDeclHandler;
+   parser->m_attlistDeclHandler = oldAttlistDeclHandler;
+   parser->m_entityDeclHandler = oldEntityDeclHandler;

meta/recipes-core/expat/expat/CVE-2026-24515-02.patch

@@ -0,0 +1,117 @@
+From 8efea3e255d55c7e0a5b70b226f4652ab00e1a27 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sun, 18 Jan 2026 17:26:31 +0100
+Subject: [PATCH] tests: Cover effect of XML_SetUnknownEncodingHandler user
+ data
+
+CVE: CVE-2026-24515
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/8efea3e255d55c7e0a5b70b226f4652ab00e1a27]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ tests/basic_tests.c | 42 +++++++++++++++++++++++++++++++++++++++
+ tests/handlers.c    | 10 ++++++++++
+ tests/handlers.h    |  3 +++
+ 3 files changed, 55 insertions(+)
+
+diff --git a/tests/basic_tests.c b/tests/basic_tests.c
+index 0231e094..0ed98d86 100644
+--- a/tests/basic_tests.c
++++ b/tests/basic_tests.c
+@@ -4527,6 +4527,46 @@ START_TEST(test_unknown_encoding_invalid_attr_value) {
+ }
+ END_TEST
+ 
++START_TEST(test_unknown_encoding_user_data_primary) {
++  // This test is based on ideas contributed by Artiphishell Inc.
++  const char *const text = "<?xml version='1.0' encoding='x-unk'?>\n"
++                           "<root />\n";
++  XML_Parser parser = XML_ParserCreate(NULL);
++  XML_SetUnknownEncodingHandler(parser,
++                                user_data_checking_unknown_encoding_handler,
++                                (void *)(intptr_t)0xC0FFEE);
++
++  assert_true(_XML_Parse_SINGLE_BYTES(parser, text, (int)strlen(text), XML_TRUE)
++              == XML_STATUS_OK);
++
++  XML_ParserFree(parser);
++}
++END_TEST
++
++START_TEST(test_unknown_encoding_user_data_secondary) {
++  // This test is based on ideas contributed by Artiphishell Inc.
++  const char *const text_main = "<!DOCTYPE r [\n"
++                                "  <!ENTITY ext SYSTEM 'ext.ent'>\n"
++                                "]>\n"
++                                "<r>&ext;</r>\n";
++  const char *const text_external = "<?xml version='1.0' encoding='x-unk'?>\n"
++                                    "<e>data</e>";
++  ExtTest2 test_data = {text_external, (int)strlen(text_external), NULL, NULL};
++  XML_Parser parser = XML_ParserCreate(NULL);
++  XML_SetExternalEntityRefHandler(parser, external_entity_loader2);
++  XML_SetUnknownEncodingHandler(parser,
++                                user_data_checking_unknown_encoding_handler,
++                                (void *)(intptr_t)0xC0FFEE);
++  XML_SetUserData(parser, &test_data);
++
++  assert_true(_XML_Parse_SINGLE_BYTES(parser, text_main, (int)strlen(text_main),
++                                      XML_TRUE)
++              == XML_STATUS_OK);
++
++  XML_ParserFree(parser);
++}
++END_TEST
++
+ /* Test an external entity parser set to use latin-1 detects UTF-16
+  * BOMs correctly.
+  */
+@@ -6372,6 +6412,8 @@ make_basic_test_case(Suite *s) {
+   tcase_add_test(tc_basic, test_unknown_encoding_invalid_surrogate);
+   tcase_add_test(tc_basic, test_unknown_encoding_invalid_high);
+   tcase_add_test(tc_basic, test_unknown_encoding_invalid_attr_value);
++  tcase_add_test(tc_basic, test_unknown_encoding_user_data_primary);
++  tcase_add_test(tc_basic, test_unknown_encoding_user_data_secondary);
+   tcase_add_test__if_xml_ge(tc_basic, test_ext_entity_latin1_utf16le_bom);
+   tcase_add_test__if_xml_ge(tc_basic, test_ext_entity_latin1_utf16be_bom);
+   tcase_add_test__if_xml_ge(tc_basic, test_ext_entity_latin1_utf16le_bom2);
+diff --git a/tests/handlers.c b/tests/handlers.c
+index 5bca2b1f..d077f688 100644
+--- a/tests/handlers.c
++++ b/tests/handlers.c
+@@ -45,6 +45,7 @@
+ #  undef NDEBUG /* because test suite relies on assert(...) at the moment */
+ #endif
+ 
++#include <stdint.h>
+ #include <stdio.h>
+ #include <string.h>
+ #include <assert.h>
+@@ -407,6 +408,15 @@ long_encoding_handler(void *userData, const XML_Char *encoding,
+   return XML_STATUS_OK;
+ }
+ 
++int XMLCALL
++user_data_checking_unknown_encoding_handler(void *userData,
++                                            const XML_Char *encoding,
++                                            XML_Encoding *info) {
++  const intptr_t number = (intptr_t)userData;
++  assert_true(number == 0xC0FFEE);
++  return long_encoding_handler(userData, encoding, info);
++}
++
+ /* External Entity Handlers */
+ 
+ int XMLCALL
+diff --git a/tests/handlers.h b/tests/handlers.h
+index fa6267fb..915040e5 100644
+--- a/tests/handlers.h
++++ b/tests/handlers.h
+@@ -159,6 +159,9 @@ extern int XMLCALL long_encoding_handler(void *userData,
+                                          const XML_Char *encoding,
+                                          XML_Encoding *info);
+ 
++extern int XMLCALL user_data_checking_unknown_encoding_handler(
++    void *userData, const XML_Char *encoding, XML_Encoding *info);
++
+ /* External Entity Handlers */
+ 
+ typedef struct ExtOption {

meta/recipes-core/expat/expat/CVE-2026-25210-01.patch

@@ -0,0 +1,27 @@
+From 7ddea353ad3795f7222441274d4d9a155b523cba Mon Sep 17 00:00:00 2001
+From: Matthew Fernandez <matthew.fernandez@gmail.com>
+Date: Thu, 2 Oct 2025 17:15:15 -0700
+Subject: [PATCH] lib: Make a doubling more readable
+
+Suggested-by: Sebastian Pipping <sebastian@pipping.org>
+
+CVE: CVE-2026-25210
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/7ddea353ad3795f7222441274d4d9a155b523cba]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/xmlparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index 8cf29257..2f9adffc 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -3499,7 +3499,7 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
+             tag->name.strLen = convLen;
+             break;
+           }
+-          bufSize = (int)(tag->bufEnd - tag->buf) << 1;
++          bufSize = (int)(tag->bufEnd - tag->buf) * 2;
+           {
+             char *temp = REALLOC(parser, tag->buf, bufSize);
+             if (temp == NULL)

meta/recipes-core/expat/expat/CVE-2026-25210-02.patch

@@ -0,0 +1,38 @@
+From 8855346359a475c022ec8c28484a76c852f144d9 Mon Sep 17 00:00:00 2001
+From: Matthew Fernandez <matthew.fernandez@gmail.com>
+Date: Thu, 2 Oct 2025 17:15:15 -0700
+Subject: [PATCH] lib: Realign a size with the `REALLOC` type signature it is
+ passed into
+
+Note that this implicitly assumes `tag->bufEnd >= tag->buf`, which should
+already be guaranteed true.
+
+CVE: CVE-2026-25210
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/8855346359a475c022ec8c28484a76c852f144d9]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+---
+ lib/xmlparse.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index 2f9adffc..ee18a87f 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -3488,7 +3488,6 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
+         const char *fromPtr = tag->rawName;
+         toPtr = (XML_Char *)tag->buf;
+         for (;;) {
+-          int bufSize;
+           int convLen;
+           const enum XML_Convert_Result convert_res
+               = XmlConvert(enc, &fromPtr, rawNameEnd, (ICHAR **)&toPtr,
+@@ -3499,7 +3498,7 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
+             tag->name.strLen = convLen;
+             break;
+           }
+-          bufSize = (int)(tag->bufEnd - tag->buf) * 2;
++          const size_t bufSize = (size_t)(tag->bufEnd - tag->buf) * 2;
+           {
+             char *temp = REALLOC(parser, tag->buf, bufSize);
+             if (temp == NULL)

meta/recipes-core/expat/expat/CVE-2026-25210-03.patch

@@ -0,0 +1,28 @@
+From 9c2d990389e6abe2e44527eeaa8b39f16fe859c7 Mon Sep 17 00:00:00 2001
+From: Matthew Fernandez <matthew.fernandez@gmail.com>
+Date: Thu, 2 Oct 2025 17:15:15 -0700
+Subject: [PATCH] lib: Introduce an integer overflow check for tag buffer
+ reallocation
+
+Suggested-by: Sebastian Pipping <sebastian@pipping.org>
+
+CVE: CVE-2026-25210
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/9c2d990389e6abe2e44527eeaa8b39f16fe859c7]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/xmlparse.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index ee18a87f..d8c54c38 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -3498,6 +3498,8 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
+             tag->name.strLen = convLen;
+             break;
+           }
++          if (SIZE_MAX / 2 < (size_t)(tag->bufEnd - tag->buf))
++            return XML_ERROR_NO_MEMORY;
+           const size_t bufSize = (size_t)(tag->bufEnd - tag->buf) * 2;
+           {
+             char *temp = REALLOC(parser, tag->buf, bufSize);

meta/recipes-core/expat/expat_2.6.4.bb

@@ -41,6 +41,11 @@ SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2  \
            file://CVE-2025-59375-22.patch \
            file://CVE-2025-59375-23.patch \
            file://CVE-2025-59375-24.patch \
+           file://CVE-2026-24515-01.patch \
+           file://CVE-2026-24515-02.patch \
+           file://CVE-2026-25210-01.patch \
+           file://CVE-2026-25210-02.patch \
+           file://CVE-2026-25210-03.patch \
            "
 
 GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/"

meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-01.patch

@@ -0,0 +1,125 @@
+From f28340ee62c655487972ad3c632d231ee098fb7f Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Thu, 13 Nov 2025 18:27:22 +0000
+Subject: [PATCH] gconvert: Error out if g_escape_uri_string() would overflow
+
+If the string to escape contains a very large number of unacceptable
+characters (which would need escaping), the calculation of the length of
+the escaped string could overflow, leading to a potential write off the
+end of the newly allocated string.
+
+In addition to that, the number of unacceptable characters was counted
+in a signed integer, which would overflow to become negative, making it
+easier for an attacker to craft an input string which would cause an
+out-of-bounds write.
+
+Fix that by validating the allocation length, and using an unsigned
+integer to count the number of unacceptable characters.
+
+Spotted by treeplus. Thanks to the Sovereign Tech Resilience programme
+from the Sovereign Tech Agency. ID: #YWH-PGM9867-134
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+Fixes: #3827
+
+CVE: CVE-2025-13601
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/f28340ee62c655487972ad3c632d231ee098fb7f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/gconvert.c | 36 +++++++++++++++++++++++++-----------
+ 1 file changed, 25 insertions(+), 11 deletions(-)
+
+diff --git a/glib/gconvert.c b/glib/gconvert.c
+index b066dd5a8..a02d2ea73 100644
+--- a/glib/gconvert.c
++++ b/glib/gconvert.c
+@@ -1428,8 +1428,9 @@ static const gchar hex[] = "0123456789ABCDEF";
+ /* Note: This escape function works on file: URIs, but if you want to
+  * escape something else, please read RFC-2396 */
+ static gchar *
+-g_escape_uri_string (const gchar *string, 
+-		     UnsafeCharacterSet mask)
++g_escape_uri_string (const gchar         *string,
++                     UnsafeCharacterSet   mask,
++                     GError             **error)
+ {
+ #define ACCEPTABLE(a) ((a)>=32 && (a)<128 && (acceptable[(a)-32] & use_mask))
+ 
+@@ -1437,7 +1438,7 @@ g_escape_uri_string (const gchar *string,
+   gchar *q;
+   gchar *result;
+   int c;
+-  gint unacceptable;
++  size_t unacceptable;
+   UnsafeCharacterSet use_mask;
+   
+   g_return_val_if_fail (mask == UNSAFE_ALL
+@@ -1454,7 +1455,14 @@ g_escape_uri_string (const gchar *string,
+       if (!ACCEPTABLE (c)) 
+ 	unacceptable++;
+     }
+-  
++
++  if (unacceptable >= (G_MAXSIZE - (p - string)) / 2)
++    {
++      g_set_error_literal (error, G_CONVERT_ERROR, G_CONVERT_ERROR_BAD_URI,
++                           _("The URI is too long"));
++      return NULL;
++    }
++
+   result = g_malloc (p - string + unacceptable * 2 + 1);
+   
+   use_mask = mask;
+@@ -1479,12 +1487,13 @@ g_escape_uri_string (const gchar *string,
+ 
+ 
+ static gchar *
+-g_escape_file_uri (const gchar *hostname,
+-		   const gchar *pathname)
++g_escape_file_uri (const gchar  *hostname,
++                   const gchar  *pathname,
++                   GError      **error)
+ {
+   char *escaped_hostname = NULL;
+-  char *escaped_path;
+-  char *res;
++  char *escaped_path = NULL;
++  char *res = NULL;
+ 
+ #ifdef G_OS_WIN32
+   char *p, *backslash;
+@@ -1505,10 +1514,14 @@ g_escape_file_uri (const gchar *hostname,
+ 
+   if (hostname && *hostname != '\0')
+     {
+-      escaped_hostname = g_escape_uri_string (hostname, UNSAFE_HOST);
++      escaped_hostname = g_escape_uri_string (hostname, UNSAFE_HOST, error);
++      if (escaped_hostname == NULL)
++        goto out;
+     }
+ 
+-  escaped_path = g_escape_uri_string (pathname, UNSAFE_PATH);
++  escaped_path = g_escape_uri_string (pathname, UNSAFE_PATH, error);
++  if (escaped_path == NULL)
++    goto out;
+ 
+   res = g_strconcat ("file://",
+ 		     (escaped_hostname) ? escaped_hostname : "",
+@@ -1516,6 +1529,7 @@ g_escape_file_uri (const gchar *hostname,
+ 		     escaped_path,
+ 		     NULL);
+ 
++out:
+ #ifdef G_OS_WIN32
+   g_free ((char *) pathname);
+ #endif
+@@ -1849,7 +1863,7 @@ g_filename_to_uri (const gchar *filename,
+     hostname = NULL;
+ #endif
+ 
+-  escaped_uri = g_escape_file_uri (hostname, filename);
++  escaped_uri = g_escape_file_uri (hostname, filename, error);
+ 
+   return escaped_uri;
+ }

meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-02.patch

@@ -0,0 +1,128 @@
+From 7bd3fc372040cdf8eada7f65c32c30da52a7461d Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Thu, 13 Nov 2025 18:31:43 +0000
+Subject: [PATCH] fuzzing: Add fuzz tests for g_filename_{to,from}_uri()
+
+These functions could be called on untrusted input data, and since they
+do URI escaping/unescaping, they have non-trivial string handling code.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+See: #3827
+
+CVE: CVE-2025-13601
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/7bd3fc372040cdf8eada7f65c32c30da52a7461d]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ fuzzing/fuzz_filename_from_uri.c | 40 ++++++++++++++++++++++++++++++++
+ fuzzing/fuzz_filename_to_uri.c   | 40 ++++++++++++++++++++++++++++++++
+ fuzzing/meson.build              |  2 ++
+ 3 files changed, 82 insertions(+)
+ create mode 100644 fuzzing/fuzz_filename_from_uri.c
+ create mode 100644 fuzzing/fuzz_filename_to_uri.c
+
+diff --git a/fuzzing/fuzz_filename_from_uri.c b/fuzzing/fuzz_filename_from_uri.c
+new file mode 100644
+index 000000000..9b7a715f0
+--- /dev/null
++++ b/fuzzing/fuzz_filename_from_uri.c
+@@ -0,0 +1,40 @@
++/*
++ * Copyright 2025 GNOME Foundation, Inc.
++ *
++ * SPDX-License-Identifier: LGPL-2.1-or-later
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include "fuzz.h"
++
++int
++LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
++{
++  unsigned char *nul_terminated_data = NULL;
++  char *filename = NULL;
++  GError *local_error = NULL;
++
++  fuzz_set_logging_func ();
++
++  /* ignore @size (g_filename_from_uri() doesn’t support it); ensure @data is nul-terminated */
++  nul_terminated_data = (unsigned char *) g_strndup ((const char *) data, size);
++  filename = g_filename_from_uri ((const char *) nul_terminated_data, NULL, &local_error);
++  g_free (nul_terminated_data);
++
++  g_free (filename);
++  g_clear_error (&local_error);
++
++  return 0;
++}
+diff --git a/fuzzing/fuzz_filename_to_uri.c b/fuzzing/fuzz_filename_to_uri.c
+new file mode 100644
+index 000000000..acb319203
+--- /dev/null
++++ b/fuzzing/fuzz_filename_to_uri.c
+@@ -0,0 +1,40 @@
++/*
++ * Copyright 2025 GNOME Foundation, Inc.
++ *
++ * SPDX-License-Identifier: LGPL-2.1-or-later
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include "fuzz.h"
++
++int
++LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
++{
++  unsigned char *nul_terminated_data = NULL;
++  char *uri = NULL;
++  GError *local_error = NULL;
++
++  fuzz_set_logging_func ();
++
++  /* ignore @size (g_filename_to_uri() doesn’t support it); ensure @data is nul-terminated */
++  nul_terminated_data = (unsigned char *) g_strndup ((const char *) data, size);
++  uri = g_filename_to_uri ((const char *) nul_terminated_data, NULL, &local_error);
++  g_free (nul_terminated_data);
++
++  g_free (uri);
++  g_clear_error (&local_error);
++
++  return 0;
++}
+diff --git a/fuzzing/meson.build b/fuzzing/meson.build
+index addbe9071..05f936eeb 100644
+--- a/fuzzing/meson.build
++++ b/fuzzing/meson.build
+@@ -22,6 +22,8 @@ fuzz_targets = [
+   'fuzz_date_parse',
+   'fuzz_date_time_new_from_iso8601',
+   'fuzz_dbus_message',
++  'fuzz_filename_from_uri',
++  'fuzz_filename_to_uri',
+   'fuzz_inet_address_mask_new_from_string',
+   'fuzz_inet_address_new_from_string',
+   'fuzz_inet_socket_address_new_from_string',

meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-01.patch

@@ -0,0 +1,69 @@
+From 31f82e22e21bae520b7228f7f57d357fb20df8a4 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Tue, 25 Nov 2025 19:02:56 +0000
+Subject: [PATCH] gvariant-parser: Fix potential integer overflow parsing
+ (byte)strings
+
+The termination condition for parsing string and bytestring literals in
+GVariant text format input was subject to an integer overflow for input
+string (or bytestring) literals longer than `INT_MAX`.
+
+Fix that by counting as a `size_t` rather than as an `int`. The counter
+can never correctly be negative.
+
+Spotted by treeplus. Thanks to the Sovereign Tech Resilience programme
+from the Sovereign Tech Agency. ID: #YWH-PGM9867-145
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+Fixes: #3834
+
+CVE: CVE-2025-14087
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/31f82e22e21bae520b7228f7f57d357fb20df8a4]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/gvariant-parser.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/glib/gvariant-parser.c b/glib/gvariant-parser.c
+index 2f1d3db9f..2d6e9856f 100644
+--- a/glib/gvariant-parser.c
++++ b/glib/gvariant-parser.c
+@@ -597,7 +597,7 @@ ast_resolve (AST     *ast,
+ {
+   GVariant *value;
+   gchar *pattern;
+-  gint i, j = 0;
++  size_t i, j = 0;
+ 
+   pattern = ast_get_pattern (ast, error);
+ 
+@@ -1621,9 +1621,9 @@ string_free (AST *ast)
+  * No leading/trailing space allowed. */
+ static gboolean
+ unicode_unescape (const gchar  *src,
+-                  gint         *src_ofs,
++                  size_t       *src_ofs,
+                   gchar        *dest,
+-                  gint         *dest_ofs,
++                  size_t       *dest_ofs,
+                   gsize         length,
+                   SourceRef    *ref,
+                   GError      **error)
+@@ -1684,7 +1684,7 @@ string_parse (TokenStream  *stream,
+   gsize length;
+   gchar quote;
+   gchar *str;
+-  gint i, j;
++  size_t i, j;
+ 
+   token_stream_start_ref (stream, &ref);
+   token = token_stream_get (stream);
+@@ -1814,7 +1814,7 @@ bytestring_parse (TokenStream  *stream,
+   gsize length;
+   gchar quote;
+   gchar *str;
+-  gint i, j;
++  size_t i, j;
+ 
+   token_stream_start_ref (stream, &ref);
+   token = token_stream_get (stream);

meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-02.patch

@@ -0,0 +1,240 @@
+From ac9de0871281cf734f6e269988f90a2521582a08 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Tue, 25 Nov 2025 19:19:16 +0000
+Subject: [PATCH] gvariant-parser: Use size_t to count numbers of child
+ elements
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Rather than using `gint`, which could overflow for arrays (or dicts, or
+tuples) longer than `INT_MAX`. There may be other limits which prevent
+parsed containers becoming that long, but we might as well make the type
+system reflect the programmer’s intention as best it can anyway.
+
+For arrays and tuples this is straightforward. For dictionaries, it’s
+slightly complicated by the fact that the code used
+`dict->n_children == -1` to indicate that the `Dictionary` struct in
+question actually represented a single freestanding dict entry. In
+GVariant text format, that would be `{1, "one"}`.
+
+The implementation previously didn’t define the semantics of
+`dict->n_children < -1`.
+
+Now, instead, change `Dictionary.n_children` to `size_t`, and define a
+magic value `DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY` to indicate that
+the `Dictionary` represents a single freestanding dict entry.
+
+This magic value is `SIZE_MAX`, and given that a dictionary entry takes
+more than one byte to represent in GVariant text format, that means it’s
+not possible to have that many entries in a parsed dictionary, so this
+magic value won’t be hit by a normal dictionary. An assertion checks
+this anyway.
+
+Spotted while working on #3834.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+CVE: CVE-2025-14087
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/ac9de0871281cf734f6e269988f90a2521582a08]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/gvariant-parser.c | 58 ++++++++++++++++++++++++------------------
+ 1 file changed, 33 insertions(+), 25 deletions(-)
+
+diff --git a/glib/gvariant-parser.c b/glib/gvariant-parser.c
+index 2d6e9856f..519baa3f3 100644
+--- a/glib/gvariant-parser.c
++++ b/glib/gvariant-parser.c
+@@ -650,9 +650,9 @@ static AST *parse (TokenStream  *stream,
+                    GError      **error);
+ 
+ static void
+-ast_array_append (AST  ***array,
+-                  gint   *n_items,
+-                  AST    *ast)
++ast_array_append (AST    ***array,
++                  size_t   *n_items,
++                  AST      *ast)
+ {
+   if ((*n_items & (*n_items - 1)) == 0)
+     *array = g_renew (AST *, *array, *n_items ? 2 ** n_items : 1);
+@@ -661,10 +661,10 @@ ast_array_append (AST  ***array,
+ }
+ 
+ static void
+-ast_array_free (AST  **array,
+-                gint   n_items)
++ast_array_free (AST    **array,
++                size_t   n_items)
+ {
+-  gint i;
++  size_t i;
+ 
+   for (i = 0; i < n_items; i++)
+     ast_free (array[i]);
+@@ -673,11 +673,11 @@ ast_array_free (AST  **array,
+ 
+ static gchar *
+ ast_array_get_pattern (AST    **array,
+-                       gint     n_items,
++                       size_t   n_items,
+                        GError **error)
+ {
+   gchar *pattern;
+-  gint i;
++  size_t i;
+ 
+   /* Find the pattern which applies to all children in the array, by l-folding a
+    * coalesce operation.
+@@ -709,7 +709,7 @@ ast_array_get_pattern (AST    **array,
+          * pair of values.
+          */
+         {
+-          int j = 0;
++          size_t j = 0;
+ 
+           while (TRUE)
+             {
+@@ -957,7 +957,7 @@ typedef struct
+   AST ast;
+ 
+   AST **children;
+-  gint n_children;
++  size_t n_children;
+ } Array;
+ 
+ static gchar *
+@@ -990,7 +990,7 @@ array_get_value (AST                 *ast,
+   Array *array = (Array *) ast;
+   const GVariantType *childtype;
+   GVariantBuilder builder;
+-  gint i;
++  size_t i;
+ 
+   if (!g_variant_type_is_array (type))
+     return ast_type_error (ast, type, error);
+@@ -1076,7 +1076,7 @@ typedef struct
+   AST ast;
+ 
+   AST **children;
+-  gint n_children;
++  size_t n_children;
+ } Tuple;
+ 
+ static gchar *
+@@ -1086,7 +1086,7 @@ tuple_get_pattern (AST     *ast,
+   Tuple *tuple = (Tuple *) ast;
+   gchar *result = NULL;
+   gchar **parts;
+-  gint i;
++  size_t i;
+ 
+   parts = g_new (gchar *, tuple->n_children + 4);
+   parts[tuple->n_children + 1] = (gchar *) ")";
+@@ -1116,7 +1116,7 @@ tuple_get_value (AST                 *ast,
+   Tuple *tuple = (Tuple *) ast;
+   const GVariantType *childtype;
+   GVariantBuilder builder;
+-  gint i;
++  size_t i;
+ 
+   if (!g_variant_type_is_tuple (type))
+     return ast_type_error (ast, type, error);
+@@ -1308,9 +1308,16 @@ typedef struct
+ 
+   AST **keys;
+   AST **values;
+-  gint n_children;
++
++  /* Iff this is DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY then this struct
++   * represents a single freestanding dict entry (`{1, "one"}`) rather than a
++   * full dict. In the freestanding case, @keys and @values have exactly one
++   * member each. */
++  size_t n_children;
+ } Dictionary;
+ 
++#define DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY ((size_t) -1)
++
+ static gchar *
+ dictionary_get_pattern (AST     *ast,
+                         GError **error)
+@@ -1325,7 +1332,7 @@ dictionary_get_pattern (AST     *ast,
+     return g_strdup ("Ma{**}");
+ 
+   key_pattern = ast_array_get_pattern (dict->keys,
+-                                       abs (dict->n_children),
++                                       (dict->n_children == DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY) ? 1 : dict->n_children,
+                                        error);
+ 
+   if (key_pattern == NULL)
+@@ -1356,7 +1363,7 @@ dictionary_get_pattern (AST     *ast,
+     return NULL;
+ 
+   result = g_strdup_printf ("M%s{%c%s}",
+-                            dict->n_children > 0 ? "a" : "",
++                            (dict->n_children > 0 && dict->n_children != DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY) ? "a" : "",
+                             key_char, value_pattern);
+   g_free (value_pattern);
+ 
+@@ -1370,7 +1377,7 @@ dictionary_get_value (AST                 *ast,
+ {
+   Dictionary *dict = (Dictionary *) ast;
+ 
+-  if (dict->n_children == -1)
++  if (dict->n_children == DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY)
+     {
+       const GVariantType *subtype;
+       GVariantBuilder builder;
+@@ -1403,7 +1410,7 @@ dictionary_get_value (AST                 *ast,
+     {
+       const GVariantType *entry, *key, *val;
+       GVariantBuilder builder;
+-      gint i;
++      size_t i;
+ 
+       if (!g_variant_type_is_subtype_of (type, G_VARIANT_TYPE_DICTIONARY))
+         return ast_type_error (ast, type, error);
+@@ -1444,12 +1451,12 @@ static void
+ dictionary_free (AST *ast)
+ {
+   Dictionary *dict = (Dictionary *) ast;
+-  gint n_children;
++  size_t n_children;
+ 
+-  if (dict->n_children > -1)
+-    n_children = dict->n_children;
+-  else
++  if (dict->n_children == DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY)
+     n_children = 1;
++  else
++    n_children = dict->n_children;
+ 
+   ast_array_free (dict->keys, n_children);
+   ast_array_free (dict->values, n_children);
+@@ -1467,7 +1474,7 @@ dictionary_parse (TokenStream  *stream,
+     maybe_wrapper, dictionary_get_value,
+     dictionary_free
+   };
+-  gint n_keys, n_values;
++  size_t n_keys, n_values;
+   gboolean only_one;
+   Dictionary *dict;
+   AST *first;
+@@ -1510,7 +1517,7 @@ dictionary_parse (TokenStream  *stream,
+         goto error;
+ 
+       g_assert (n_keys == 1 && n_values == 1);
+-      dict->n_children = -1;
++      dict->n_children = DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY;
+ 
+       return (AST *) dict;
+     }
+@@ -1543,6 +1550,7 @@ dictionary_parse (TokenStream  *stream,
+     }
+ 
+   g_assert (n_keys == n_values);
++  g_assert (n_keys != DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY);
+   dict->n_children = n_keys;
+ 
+   return (AST *) dict;

meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-03.patch

@@ -0,0 +1,150 @@
+From acaabfedff42e974334dd5368e6103d2845aaba6 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Tue, 25 Nov 2025 19:25:58 +0000
+Subject: [PATCH] gvariant-parser: Convert error handling code to use size_t
+
+The error handling code allows for printing out the range of input bytes
+related to a parsing error. This was previously done using `gint`, but
+the input could be longer than `INT_MAX`, so it should really be done
+using `size_t`.
+
+Spotted while working on #3834.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+CVE: CVE-2025-14087
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/acaabfedff42e974334dd5368e6103d2845aaba6]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/gvariant-parser.c | 36 +++++++++++++++++++++++-------------
+ 1 file changed, 23 insertions(+), 13 deletions(-)
+
+diff --git a/glib/gvariant-parser.c b/glib/gvariant-parser.c
+index 519baa3f3..1b1ddd654 100644
+--- a/glib/gvariant-parser.c
++++ b/glib/gvariant-parser.c
+@@ -91,7 +91,9 @@ g_variant_parser_get_error_quark (void)
+ 
+ typedef struct
+ {
+-  gint start, end;
++  /* Offsets from the start of the input, in bytes. Can be equal when referring
++   * to a point rather than a range. The invariant `end >= start` always holds. */
++  size_t start, end;
+ } SourceRef;
+ 
+ G_GNUC_PRINTF(5, 0)
+@@ -106,14 +108,16 @@ parser_set_error_va (GError      **error,
+   GString *msg = g_string_new (NULL);
+ 
+   if (location->start == location->end)
+-    g_string_append_printf (msg, "%d", location->start);
++    g_string_append_printf (msg, "%" G_GSIZE_FORMAT, location->start);
+   else
+-    g_string_append_printf (msg, "%d-%d", location->start, location->end);
++    g_string_append_printf (msg, "%" G_GSIZE_FORMAT "-%" G_GSIZE_FORMAT,
++                            location->start, location->end);
+ 
+   if (other != NULL)
+     {
+       g_assert (other->start != other->end);
+-      g_string_append_printf (msg, ",%d-%d", other->start, other->end);
++      g_string_append_printf (msg, ",%" G_GSIZE_FORMAT "-%" G_GSIZE_FORMAT,
++                              other->start, other->end);
+     }
+   g_string_append_c (msg, ':');
+ 
+@@ -140,11 +144,15 @@ parser_set_error (GError      **error,
+ 
+ typedef struct
+ {
++  /* We should always have the following ordering constraint:
++   *   start <= this <= stream <= end
++   * Additionally, unless in an error or EOF state, `this < stream`.
++   */
+   const gchar *start;
+   const gchar *stream;
+   const gchar *end;
+ 
+-  const gchar *this;
++  const gchar *this;  /* (nullable) */
+ } TokenStream;
+ 
+ 
+@@ -175,7 +183,7 @@ token_stream_set_error (TokenStream  *stream,
+ static gboolean
+ token_stream_prepare (TokenStream *stream)
+ {
+-  gint brackets = 0;
++  gssize brackets = 0;
+   const gchar *end;
+ 
+   if (stream->this != NULL)
+@@ -405,7 +413,7 @@ static void
+ pattern_copy (gchar       **out,
+               const gchar **in)
+ {
+-  gint brackets = 0;
++  gssize brackets = 0;
+ 
+   while (**in == 'a' || **in == 'm' || **in == 'M')
+     *(*out)++ = *(*in)++;
+@@ -2742,7 +2750,7 @@ g_variant_builder_add_parsed (GVariantBuilder *builder,
+ static gboolean
+ parse_num (const gchar *num,
+            const gchar *limit,
+-           guint       *result)
++           size_t      *result)
+ {
+   gchar *endptr;
+   gint64 bignum;
+@@ -2752,10 +2760,12 @@ parse_num (const gchar *num,
+   if (endptr != limit)
+     return FALSE;
+ 
++  /* The upper bound here is more restrictive than it technically needs to be,
++   * but should be enough for any practical situation: */
+   if (bignum < 0 || bignum > G_MAXINT)
+     return FALSE;
+ 
+-  *result = (guint) bignum;
++  *result = (size_t) bignum;
+ 
+   return TRUE;
+ }
+@@ -2766,7 +2776,7 @@ add_last_line (GString     *err,
+ {
+   const gchar *last_nl;
+   gchar *chomped;
+-  gint i;
++  size_t i;
+ 
+   /* This is an error at the end of input.  If we have a file
+    * with newlines, that's probably the empty string after the
+@@ -2911,7 +2921,7 @@ g_variant_parse_error_print_context (GError      *error,
+ 
+   if (dash == NULL || colon < dash)
+     {
+-      guint point;
++      size_t point;
+ 
+       /* we have a single point */
+       if (!parse_num (error->message, colon, &point))
+@@ -2929,7 +2939,7 @@ g_variant_parse_error_print_context (GError      *error,
+       /* We have one or two ranges... */
+       if (comma && comma < colon)
+         {
+-          guint start1, end1, start2, end2;
++          size_t start1, end1, start2, end2;
+           const gchar *dash2;
+ 
+           /* Two ranges */
+@@ -2945,7 +2955,7 @@ g_variant_parse_error_print_context (GError      *error,
+         }
+       else
+         {
+-          guint start, end;
++          size_t start, end;
+ 
+           /* One range */
+           if (!parse_num (error->message, dash, &start) || !parse_num (dash + 1, colon, &end))

meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14512.patch

@@ -0,0 +1,70 @@
+From 1909d8ea9297287f1ff6862968608dcf06e60523 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Thu, 4 Dec 2025 16:37:19 +0000
+Subject: [PATCH] gfileattribute: Fix integer overflow calculating escaping for
+ byte strings
+
+The number of invalid characters in the byte string (characters which
+would have to be percent-encoded) was only stored in an `int`, which
+gave the possibility of a long string largely full of invalid
+characters overflowing this and allowing an attacker-controlled buffer
+size to be allocated.
+
+This could be triggered by an attacker controlled file attribute (of
+type `G_FILE_ATTRIBUTE_TYPE_BYTE_STRING`), such as
+`G_FILE_ATTRIBUTE_THUMBNAIL_PATH` or `G_FILE_ATTRIBUTE_STANDARD_NAME`,
+being read by user code.
+
+Spotted by Codean Labs.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+Fixes: #3845
+
+CVE: CVE-2025-14512
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/1909d8ea9297287f1ff6862968608dcf06e60523]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gio/gfileattribute.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/gio/gfileattribute.c b/gio/gfileattribute.c
+index c6fde60fa..d3083e5bd 100644
+--- a/gio/gfileattribute.c
++++ b/gio/gfileattribute.c
+@@ -22,6 +22,7 @@
+ 
+ #include "config.h"
+ 
++#include <stdint.h>
+ #include <string.h>
+ 
+ #include "gfileattribute.h"
+@@ -273,11 +274,12 @@ valid_char (char c)
+   return c >= 32 && c <= 126 && c != '\\';
+ }
+ 
++/* Returns NULL on error */
+ static char *
+ escape_byte_string (const char *str)
+ {
+   size_t i, len;
+-  int num_invalid;
++  size_t num_invalid;
+   char *escaped_val, *p;
+   unsigned char c;
+   const char hex_digits[] = "0123456789abcdef";
+@@ -295,7 +297,12 @@ escape_byte_string (const char *str)
+     return g_strdup (str);
+   else
+     {
+-      escaped_val = g_malloc (len + num_invalid*3 + 1);
++      /* Check for overflow. We want to check the inequality:
++       * !(len + num_invalid * 3 + 1 > SIZE_MAX) */
++      if (num_invalid >= (SIZE_MAX - len) / 3)
++        return NULL;
++
++      escaped_val = g_malloc (len + num_invalid * 3 + 1);
+ 
+       p = escaped_val;
+       for (i = 0; i < len; i++)

meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-0988.patch

@@ -0,0 +1,58 @@
+From c5766cff61ffce0b8e787eae09908ac348338e5f Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Thu, 18 Dec 2025 23:12:18 +0000
+Subject: [PATCH] gbufferedinputstream: Fix a potential integer overflow in
+ peek()
+
+If the caller provides `offset` and `count` arguments which overflow,
+their sum will overflow and could lead to `memcpy()` reading out more
+memory than expected.
+
+Spotted by Codean Labs.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+Fixes: #3851
+
+CVE: CVE-2026-0988
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/c5766cff61ffce0b8e787eae09908ac348338e5f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gio/gbufferedinputstream.c        |  2 +-
+ gio/tests/buffered-input-stream.c | 10 ++++++++++
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/gio/gbufferedinputstream.c b/gio/gbufferedinputstream.c
+index 9e6bacc62..56d656be0 100644
+--- a/gio/gbufferedinputstream.c
++++ b/gio/gbufferedinputstream.c
+@@ -590,7 +590,7 @@ g_buffered_input_stream_peek (GBufferedInputStream *stream,
+ 
+   available = g_buffered_input_stream_get_available (stream);
+ 
+-  if (offset > available)
++  if (offset > available || offset > G_MAXSIZE - count)
+     return 0;
+ 
+   end = MIN (offset + count, available);
+diff --git a/gio/tests/buffered-input-stream.c b/gio/tests/buffered-input-stream.c
+index a1af4eeff..2b2a0d9aa 100644
+--- a/gio/tests/buffered-input-stream.c
++++ b/gio/tests/buffered-input-stream.c
+@@ -60,6 +60,16 @@ test_peek (void)
+   g_assert_cmpint (npeek, ==, 0);
+   g_free (buffer);
+ 
++  buffer = g_new0 (char, 64);
++  npeek = g_buffered_input_stream_peek (G_BUFFERED_INPUT_STREAM (in), buffer, 8, 0);
++  g_assert_cmpint (npeek, ==, 0);
++  g_free (buffer);
++
++  buffer = g_new0 (char, 64);
++  npeek = g_buffered_input_stream_peek (G_BUFFERED_INPUT_STREAM (in), buffer, 5, G_MAXSIZE);
++  g_assert_cmpint (npeek, ==, 0);
++  g_free (buffer);
++
+   g_object_unref (in);
+   g_object_unref (base);
+ }

meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb

@@ -33,6 +33,13 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
            file://CVE-2025-6052-01.patch \
            file://CVE-2025-6052-02.patch \
            file://CVE-2025-6052-03.patch \
+           file://CVE-2025-13601-01.patch \
+           file://CVE-2025-13601-02.patch \
+           file://CVE-2025-14087-01.patch \
+           file://CVE-2025-14087-02.patch \
+           file://CVE-2025-14087-03.patch \
+           file://CVE-2025-14512.patch \
+           file://CVE-2026-0988.patch \
            "
 SRC_URI:append:class-native = " file://relocate-modules.patch \
                                 file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \

meta/recipes-core/glibc/glibc-version.inc

@@ -1,6 +1,6 @@
 SRCBRANCH ?= "release/2.39/master"
 PV = "2.39+git"
-SRCREV_glibc ?= "58cbbd43fe82910cf8ae9008351b0b0665104500"
+SRCREV_glibc ?= "ce65d944e38a20cb70af2a48a4b8aa5d8fabe1cc"
 SRCREV_localedef ?= "cba02c503d7c853a38ccfb83c57e343ca5ecd7e5"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"

meta/recipes-core/glibc/glibc_2.39.bb

@@ -18,7 +18,7 @@ easier access for another. 'ASLR bypass itself is not a vulnerability.'"
 
 CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS"
 CVE_STATUS_STABLE_BACKPORTS = "CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2025-0395 \
-    CVE-2025-4802 CVE-2025-5702 CVE-2025-8058"
+    CVE-2025-4802 CVE-2025-5702 CVE-2025-8058 CVE-2025-15281 CVE-2026-0861 CVE-2026-0915"
 CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in used git hash"
 
 DEPENDS += "gperf-native bison-native"

meta/recipes-core/images/build-appliance-image_15.0.0.bb

@@ -26,7 +26,7 @@ inherit core-image setuptools3 features_check
 
 REQUIRED_DISTRO_FEATURES += "xattr"
 
-SRCREV ?= "828c9d09b4d056f77399fcb4bca8582f9c26ac84"
+SRCREV ?= "99047ec235e0aa53987fa93e906d97fca3ad205e"
 SRC_URI = "git://git.yoctoproject.org/poky;branch=scarthgap \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \

meta/recipes-core/libxml/libxml2/CVE-2026-0989.patch

@@ -0,0 +1,309 @@
+From 19549c61590c1873468c53e0026a2fbffae428ef Mon Sep 17 00:00:00 2001
+From: Daniel Garcia Moreno <daniel.garcia@suse.com>
+Date: Fri, 10 Oct 2025 09:38:31 +0200
+Subject: [PATCH] Add RelaxNG include limit
+
+This patch adds a default xmlRelaxNGIncludeLimit of 1.000, and that
+limit can be modified at runtime with the env variable
+RNG_INCLUDE_LIMIT.
+
+Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/998
+
+CVE: CVE-2026-0989
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/19549c61590c1873468c53e0026a2fbffae428ef]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ include/libxml/relaxng.h                 |  4 ++
+ relaxng.c                                | 63 ++++++++++++++++++++--
+ runtest.c                                | 67 ++++++++++++++++++++++++
+ test/relaxng/include/include-limit.rng   |  4 ++
+ test/relaxng/include/include-limit_1.rng |  4 ++
+ test/relaxng/include/include-limit_2.rng |  4 ++
+ test/relaxng/include/include-limit_3.rng |  8 +++
+ 7 files changed, 150 insertions(+), 4 deletions(-)
+ create mode 100644 test/relaxng/include/include-limit.rng
+ create mode 100644 test/relaxng/include/include-limit_1.rng
+ create mode 100644 test/relaxng/include/include-limit_2.rng
+ create mode 100644 test/relaxng/include/include-limit_3.rng
+
+diff --git a/include/libxml/relaxng.h b/include/libxml/relaxng.h
+index eafc6604..099dacd8 100644
+--- a/include/libxml/relaxng.h
++++ b/include/libxml/relaxng.h
+@@ -138,6 +138,10 @@ XMLPUBFUN int
+ 		    xmlRelaxParserSetFlag	(xmlRelaxNGParserCtxtPtr ctxt,
+ 						 int flag);
+ 
++XMLPUBFUN int
++		    xmlRelaxParserSetIncLImit	(xmlRelaxNGParserCtxt *ctxt,
++						 int limit);
++
+ XMLPUBFUN void
+ 		    xmlRelaxNGFreeParserCtxt	(xmlRelaxNGParserCtxtPtr ctxt);
+ XMLPUBFUN void
+diff --git a/relaxng.c b/relaxng.c
+index 1d74ba9f..c0e94a3c 100644
+--- a/relaxng.c
++++ b/relaxng.c
+@@ -18,6 +18,8 @@
+ 
+ #ifdef LIBXML_SCHEMAS_ENABLED
+ 
++#include <errno.h>
++#include <stdlib.h>
+ #include <string.h>
+ #include <stdio.h>
+ #include <stddef.h>
+@@ -44,6 +46,12 @@
+ static const xmlChar *xmlRelaxNGNs = (const xmlChar *)
+     "http://relaxng.org/ns/structure/1.0";
+ 
++/*
++ * Default include limit, this can be override with RNG_INCLUDE_LIMIT
++ * env variable
++ */
++static const int _xmlRelaxNGIncludeLimit = 1000;
++
+ #define IS_RELAXNG(node, typ)						\
+    ((node != NULL) && (node->ns != NULL) &&				\
+     (node->type == XML_ELEMENT_NODE) &&					\
+@@ -225,6 +233,7 @@ struct _xmlRelaxNGParserCtxt {
+     int incNr;                  /* Depth of the include parsing stack */
+     int incMax;                 /* Max depth of the parsing stack */
+     xmlRelaxNGIncludePtr *incTab;       /* array of incs */
++    int incLimit;               /* Include limit, to avoid stack-overflow on parse */
+ 
+     int idref;                  /* requires idref checking */
+ 
+@@ -1410,6 +1419,23 @@ xmlRelaxParserSetFlag(xmlRelaxNGParserCtxtPtr ctxt, int flags)
+     return(0);
+ }
+ 
++/**
++ * Semi private function used to set the include recursion limit to a
++ * parser context. Set to 0 to use the default value.
++ *
++ * @param ctxt  a RelaxNG parser context
++ * @param limit the new include depth limit
++ * @returns 0 if success and -1 in case of error
++ */
++int
++xmlRelaxParserSetIncLImit(xmlRelaxNGParserCtxt *ctxt, int limit)
++{
++    if (ctxt == NULL) return(-1);
++    if (limit < 0) return(-1);
++    ctxt->incLimit = limit;
++    return(0);
++}
++
+ /************************************************************************
+  *									*
+  *			Document functions				*
+@@ -1425,7 +1451,7 @@ static xmlDocPtr xmlRelaxNGCleanupDoc(xmlRelaxNGParserCtxtPtr ctxt,
+  *
+  * Pushes a new include on top of the include stack
+  *
+- * Returns 0 in case of error, the index in the stack otherwise
++ * Returns -1 in case of error, the index in the stack otherwise
+  */
+ static int
+ xmlRelaxNGIncludePush(xmlRelaxNGParserCtxtPtr ctxt,
+@@ -1439,9 +1465,15 @@ xmlRelaxNGIncludePush(xmlRelaxNGParserCtxtPtr ctxt,
+                                                sizeof(ctxt->incTab[0]));
+         if (ctxt->incTab == NULL) {
+             xmlRngPErrMemory(ctxt, "allocating include\n");
+-            return (0);
++            return (-1);
+         }
+     }
++    if (ctxt->incNr >= ctxt->incLimit) {
++        xmlRngPErr(ctxt, (xmlNodePtr)value->doc, XML_RNGP_PARSE_ERROR,
++                   "xmlRelaxNG: inclusion recursion limit reached\n", NULL, NULL);
++        return(-1);
++    }
++
+     if (ctxt->incNr >= ctxt->incMax) {
+         ctxt->incMax *= 2;
+         ctxt->incTab =
+@@ -1450,7 +1482,7 @@ xmlRelaxNGIncludePush(xmlRelaxNGParserCtxtPtr ctxt,
+                                                 sizeof(ctxt->incTab[0]));
+         if (ctxt->incTab == NULL) {
+             xmlRngPErrMemory(ctxt, "allocating include\n");
+-            return (0);
++            return (-1);
+         }
+     }
+     ctxt->incTab[ctxt->incNr] = value;
+@@ -1620,7 +1652,9 @@ xmlRelaxNGLoadInclude(xmlRelaxNGParserCtxtPtr ctxt, const xmlChar * URL,
+     /*
+      * push it on the stack
+      */
+-    xmlRelaxNGIncludePush(ctxt, ret);
++    if (xmlRelaxNGIncludePush(ctxt, ret) < 0) {
++        return (NULL);
++    }
+ 
+     /*
+      * Some preprocessing of the document content, this include recursing
+@@ -7357,11 +7391,32 @@ xmlRelaxNGParse(xmlRelaxNGParserCtxtPtr ctxt)
+     xmlDocPtr doc;
+     xmlNodePtr root;
+ 
++    const char *include_limit_env = getenv("RNG_INCLUDE_LIMIT");
++
+     xmlRelaxNGInitTypes();
+ 
+     if (ctxt == NULL)
+         return (NULL);
+ 
++    if (ctxt->incLimit == 0) {
++        ctxt->incLimit = _xmlRelaxNGIncludeLimit;
++        if (include_limit_env != NULL) {
++            char *strEnd;
++            unsigned long val = 0;
++            errno = 0;
++            val = strtoul(include_limit_env, &strEnd, 10);
++            if (errno != 0 || *strEnd != 0 || val > INT_MAX) {
++                xmlRngPErr(ctxt, NULL, XML_RNGP_PARSE_ERROR,
++                           "xmlRelaxNGParse: invalid RNG_INCLUDE_LIMIT %s\n",
++                           (const xmlChar*)include_limit_env,
++                           NULL);
++                return(NULL);
++            }
++            if (val)
++                ctxt->incLimit = val;
++        }
++    }
++
+     /*
+      * First step is to parse the input document into an DOM/Infoset
+      */
+diff --git a/runtest.c b/runtest.c
+index 49519aef..45109f0a 100644
+--- a/runtest.c
++++ b/runtest.c
+@@ -3781,6 +3781,70 @@ rngTest(const char *filename,
+     return(ret);
+ }
+ 
++/**
++ * Parse an RNG schemas with a custom RNG_INCLUDE_LIMIT
++ *
++ * @param filename  the schemas file
++ * @param result  the file with expected result
++ * @param err  the file with error messages
++ * @returns 0 in case of success, an error code otherwise
++ */
++static int
++rngIncludeTest(const char *filename,
++               const char *resul ATTRIBUTE_UNUSED,
++               const char *errr ATTRIBUTE_UNUSED,
++               int options ATTRIBUTE_UNUSED) {
++    xmlRelaxNGParserCtxtPtr ctxt;
++    xmlRelaxNGPtr schemas;
++    int ret = 0;
++
++    /* first compile the schemas if possible */
++    ctxt = xmlRelaxNGNewParserCtxt(filename);
++    xmlRelaxNGSetParserStructuredErrors(ctxt, testStructuredErrorHandler,
++                                        NULL);
++
++    /* Should work */
++    schemas = xmlRelaxNGParse(ctxt);
++    if (schemas == NULL) {
++        testErrorHandler(NULL, "Relax-NG schema %s failed to compile\n",
++                         filename);
++        ret = -1;
++        goto done;
++    }
++    xmlRelaxNGFree(schemas);
++    xmlRelaxNGFreeParserCtxt(ctxt);
++
++    ctxt = xmlRelaxNGNewParserCtxt(filename);
++    /* Should fail */
++    xmlRelaxParserSetIncLImit(ctxt, 2);
++    xmlRelaxNGSetParserStructuredErrors(ctxt, testStructuredErrorHandler,
++                                        NULL);
++    schemas = xmlRelaxNGParse(ctxt);
++    if (schemas != NULL) {
++        ret = -1;
++        xmlRelaxNGFree(schemas);
++    }
++    xmlRelaxNGFreeParserCtxt(ctxt);
++
++    ctxt = xmlRelaxNGNewParserCtxt(filename);
++    /* Should work */
++    xmlRelaxParserSetIncLImit(ctxt, 3);
++    xmlRelaxNGSetParserStructuredErrors(ctxt, testStructuredErrorHandler,
++                                        NULL);
++    schemas = xmlRelaxNGParse(ctxt);
++    if (schemas == NULL) {
++        testErrorHandler(NULL, "Relax-NG schema %s failed to compile\n",
++                         filename);
++        ret = -1;
++        goto done;
++    }
++    xmlRelaxNGFree(schemas);
++
++done:
++    xmlRelaxNGFreeParserCtxt(ctxt);
++    return(ret);
++}
++
+ #ifdef LIBXML_READER_ENABLED
+ /**
+  * rngStreamTest:
+@@ -5112,6 +5176,9 @@ testDesc testDescriptions[] = {
+     { "Relax-NG regression tests" ,
+       rngTest, "./test/relaxng/*.rng", NULL, NULL, NULL,
+       XML_PARSE_DTDATTR | XML_PARSE_NOENT },
++    { "Relax-NG include limit tests" ,
++      rngIncludeTest, "./test/relaxng/include/include-limit.rng", NULL, NULL, NULL,
++      0 },
+ #ifdef LIBXML_READER_ENABLED
+     { "Relax-NG streaming regression tests" ,
+       rngStreamTest, "./test/relaxng/*.rng", NULL, NULL, NULL,
+diff --git a/test/relaxng/include/include-limit.rng b/test/relaxng/include/include-limit.rng
+new file mode 100644
+index 00000000..51f03942
+--- /dev/null
++++ b/test/relaxng/include/include-limit.rng
+@@ -0,0 +1,4 @@
++<?xml version="1.0" encoding="UTF-8"?>
++<grammar xmlns="http://relaxng.org/ns/structure/1.0">
++    <include href="include-limit_1.rng"/>
++</grammar>
+diff --git a/test/relaxng/include/include-limit_1.rng b/test/relaxng/include/include-limit_1.rng
+new file mode 100644
+index 00000000..4672da38
+--- /dev/null
++++ b/test/relaxng/include/include-limit_1.rng
+@@ -0,0 +1,4 @@
++<?xml version="1.0" encoding="UTF-8"?>
++<grammar xmlns="http://relaxng.org/ns/structure/1.0">
++    <include href="include-limit_2.rng"/>
++</grammar>
+diff --git a/test/relaxng/include/include-limit_2.rng b/test/relaxng/include/include-limit_2.rng
+new file mode 100644
+index 00000000..b35ecaa8
+--- /dev/null
++++ b/test/relaxng/include/include-limit_2.rng
+@@ -0,0 +1,4 @@
++<?xml version="1.0" encoding="UTF-8"?>
++<grammar xmlns="http://relaxng.org/ns/structure/1.0">
++    <include href="include-limit_3.rng"/>
++</grammar>
+diff --git a/test/relaxng/include/include-limit_3.rng b/test/relaxng/include/include-limit_3.rng
+new file mode 100644
+index 00000000..86213c62
+--- /dev/null
++++ b/test/relaxng/include/include-limit_3.rng
+@@ -0,0 +1,8 @@
++<?xml version="1.0" encoding="UTF-8"?>
++<grammar xmlns="http://relaxng.org/ns/structure/1.0">
++    <start>
++        <element name="root">
++            <empty/>
++        </element>
++    </start>
++</grammar>

meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch

@@ -0,0 +1,76 @@
+From 1961208e958ca22f80a0b4e4c9d71cfa050aa982 Mon Sep 17 00:00:00 2001
+From: Daniel Garcia Moreno <daniel.garcia@suse.com>
+Date: Wed, 17 Dec 2025 15:24:08 +0100
+Subject: [PATCH] catalog: prevent inf recursion in xmlCatalogXMLResolveURI
+
+Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018
+
+CVE: CVE-2026-0989
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1961208e958ca22f80a0b4e4c9d71cfa050aa982]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ catalog.c | 31 +++++++++++++++++++++++--------
+ 1 file changed, 23 insertions(+), 8 deletions(-)
+
+diff --git a/catalog.c b/catalog.c
+index 76c063a8..46b877e6 100644
+--- a/catalog.c
++++ b/catalog.c
+@@ -2086,12 +2086,21 @@ static xmlChar *
+ xmlCatalogListXMLResolveURI(xmlCatalogEntryPtr catal, const xmlChar *URI) {
+     xmlChar *ret = NULL;
+     xmlChar *urnID = NULL;
++    xmlCatalogEntryPtr cur = NULL;
+ 
+     if (catal == NULL)
+         return(NULL);
+     if (URI == NULL)
+ 	return(NULL);
+ 
++    if (catal->depth > MAX_CATAL_DEPTH) {
++	xmlCatalogErr(catal, NULL, XML_CATALOG_RECURSION,
++		      "Detected recursion in catalog %s\n",
++		      catal->name, NULL, NULL);
++	return(NULL);
++    }
++    catal->depth++;
++
+     if (!xmlStrncmp(URI, BAD_CAST XML_URN_PUBID, sizeof(XML_URN_PUBID) - 1)) {
+ 	urnID = xmlCatalogUnWrapURN(URI);
+ 	if (xmlDebugCatalogs) {
+@@ -2105,21 +2114,27 @@ xmlCatalogListXMLResolveURI(xmlCatalogEntryPtr catal, const xmlChar *URI) {
+ 	ret = xmlCatalogListXMLResolve(catal, urnID, NULL);
+ 	if (urnID != NULL)
+ 	    xmlFree(urnID);
++	catal->depth--;
+ 	return(ret);
+     }
+-    while (catal != NULL) {
+-	if (catal->type == XML_CATA_CATALOG) {
+-	    if (catal->children == NULL) {
+-		xmlFetchXMLCatalogFile(catal);
++    cur = catal;
++    while (cur != NULL) {
++	if (cur->type == XML_CATA_CATALOG) {
++	    if (cur->children == NULL) {
++		xmlFetchXMLCatalogFile(cur);
+ 	    }
+-	    if (catal->children != NULL) {
+-		ret = xmlCatalogXMLResolveURI(catal->children, URI);
+-		if (ret != NULL)
++	    if (cur->children != NULL) {
++		ret = xmlCatalogXMLResolveURI(cur->children, URI);
++		if (ret != NULL) {
++		    catal->depth--;
+ 		    return(ret);
++		}
+ 	    }
+ 	}
+-	catal = catal->next;
++	cur = cur->next;
+     }
++
++    catal->depth--;
+     return(ret);
+ }
+ 

meta/recipes-core/libxml/libxml2/CVE-2026-0992-01.patch

@@ -0,0 +1,49 @@
+From f75abfcaa419a740a3191e56c60400f3ff18988d Mon Sep 17 00:00:00 2001
+From: Daniel Garcia Moreno <daniel.garcia@suse.com>
+Date: Fri, 19 Dec 2025 11:02:18 +0100
+Subject: [PATCH] catalog: Ignore repeated nextCatalog entries
+
+This patch makes the catalog parsing to ignore repeated entries of
+nextCatalog with the same value.
+
+Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019
+
+CVE: CVE-2026-0989
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/f75abfcaa419a740a3191e56c60400f3ff18988d]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ catalog.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/catalog.c b/catalog.c
+index 46b877e6..fa6d77ca 100644
+--- a/catalog.c
++++ b/catalog.c
+@@ -1266,9 +1266,27 @@ xmlParseXMLCatalogNode(xmlNodePtr cur, xmlCatalogPrefer prefer,
+ 		BAD_CAST "delegateURI", BAD_CAST "uriStartString",
+ 		BAD_CAST "catalog", prefer, cgroup);
+     } else if (xmlStrEqual(cur->name, BAD_CAST "nextCatalog")) {
++	xmlCatalogEntryPtr prev = parent->children;
++
+ 	entry = xmlParseXMLCatalogOneNode(cur, XML_CATA_NEXT_CATALOG,
+ 		BAD_CAST "nextCatalog", NULL,
+ 		BAD_CAST "catalog", prefer, cgroup);
++	/* Avoid duplication of nextCatalog */
++	while (prev != NULL) {
++	    if ((prev->type == XML_CATA_NEXT_CATALOG) &&
++		(xmlStrEqual (prev->URL, entry->URL)) &&
++		(xmlStrEqual (prev->value, entry->value)) &&
++		(prev->prefer == entry->prefer) &&
++		(prev->group == entry->group)) {
++		    if (xmlDebugCatalogs)
++			fprintf(stderr,
++			    "Ignoring repeated nextCatalog %s\n", entry->URL);
++		    xmlFreeCatalogEntry(entry, NULL);
++		    entry = NULL;
++		    break;
++	    }
++	    prev = prev->next;
++	}
+     }
+     if (entry != NULL) {
+         if (parent != NULL) {

meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch

@@ -0,0 +1,323 @@
+From f8399e62a31095bf1ced01827c33f9b29494046f Mon Sep 17 00:00:00 2001
+From: Daniel Garcia Moreno <daniel.garcia@suse.com>
+Date: Fri, 19 Dec 2025 12:27:54 +0100
+Subject: [PATCH] testcatalog: Add new tests for catalog.c
+
+Adds a new test program to run specific tests related to catalog
+parsing.
+
+This initial version includes a couple of tests, the first one to check
+the infinite recursion detection related to:
+https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018.
+
+The second one tests the nextCatalog element repeated parsing, related
+to:
+https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019
+https://gitlab.gnome.org/GNOME/libxml2/-/issues/1040
+
+CVE: CVE-2026-0992
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/f8399e62a31095bf1ced01827c33f9b29494046f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ CMakeLists.txt                          |  2 +
+ Makefile.am                             |  6 ++
+ catalog.c                               | 63 +++++++++++-----
+ include/libxml/catalog.h                |  2 +
+ test/catalogs/catalog-recursive.xml     |  3 +
+ test/catalogs/repeated-next-catalog.xml | 10 +++
+ testcatalog.c                           | 96 +++++++++++++++++++++++++
+ 7 files changed, 163 insertions(+), 19 deletions(-)
+ create mode 100644 test/catalogs/catalog-recursive.xml
+ create mode 100644 test/catalogs/repeated-next-catalog.xml
+ create mode 100644 testcatalog.c
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 163661f8..7d5702df 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -517,6 +517,7 @@ if(LIBXML2_WITH_TESTS)
+ 		runxmlconf
+ 		runsuite
+ 		testapi
++		testcatalog
+ 		testchar
+ 		testdict
+ 		testModule
+@@ -543,6 +544,7 @@ if(LIBXML2_WITH_TESTS)
+ 	if(NOT WIN32)
+ 		add_test(NAME testapi COMMAND testapi)
+ 	endif()
++	add_test(NAME testcatalog COMMAND testcatalog)
+ 	add_test(NAME testchar COMMAND testchar)
+ 	add_test(NAME testdict COMMAND testdict)
+ 	add_test(NAME testparser COMMAND testparser)
+diff --git a/Makefile.am b/Makefile.am
+index c51dfd8e..c794eac8 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -21,6 +21,7 @@ check_PROGRAMS = \
+ 	testModule \
+ 	testThreads \
+ 	testapi \
++	testcatalog \
+ 	testchar \
+ 	testdict \
+ 	testlimits \
+@@ -143,6 +144,10 @@ testlimits_SOURCES=testlimits.c
+ testlimits_DEPENDENCIES = $(DEPS)
+ testlimits_LDADD= $(LDADDS)
+ 
++testcatalog_SOURCES=testcatalog.c
++testcatalog_DEPENDENCIES = $(DEPS)
++testcatalog_LDADD= $(LDADDS)
++
+ testchar_SOURCES=testchar.c
+ testchar_DEPENDENCIES = $(DEPS)
+ testchar_LDADD= $(LDADDS)
+@@ -206,6 +211,7 @@ check-local:
+ 	$(CHECKER) ./runtest$(EXEEXT)
+ 	$(CHECKER) ./testrecurse$(EXEEXT)
+ 	$(CHECKER) ./testapi$(EXEEXT)
++	$(CHECKER) ./testcatalog$(EXEEXT)
+ 	$(CHECKER) ./testchar$(EXEEXT)
+ 	$(CHECKER) ./testdict$(EXEEXT)
+ 	$(CHECKER) ./testparser$(EXEEXT)
+diff --git a/catalog.c b/catalog.c
+index 401dbc14..eb889162 100644
+--- a/catalog.c
++++ b/catalog.c
+@@ -649,43 +649,54 @@ static void xmlDumpXMLCatalogNode(xmlCatalogEntryPtr catal, xmlNodePtr catalog,
+     }
+ }
+ 
+-static int
+-xmlDumpXMLCatalog(FILE *out, xmlCatalogEntryPtr catal) {
+-    int ret;
+-    xmlDocPtr doc;
++static xmlDocPtr
++xmlDumpXMLCatalogToDoc(xmlCatalogEntryPtr catal) {
+     xmlNsPtr ns;
+     xmlDtdPtr dtd;
+     xmlNodePtr catalog;
+-    xmlOutputBufferPtr buf;
++    xmlDocPtr doc = xmlNewDoc(NULL);
++    if (doc == NULL) {
++        return(NULL);
++    }
+ 
+-    /*
+-     * Rebuild a catalog
+-     */
+-    doc = xmlNewDoc(NULL);
+-    if (doc == NULL)
+-	return(-1);
+     dtd = xmlNewDtd(doc, BAD_CAST "catalog",
+-	       BAD_CAST "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN",
+-BAD_CAST "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd");
++                    BAD_CAST "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN",
++                    BAD_CAST "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd");
+ 
+     xmlAddChild((xmlNodePtr) doc, (xmlNodePtr) dtd);
+ 
+     ns = xmlNewNs(NULL, XML_CATALOGS_NAMESPACE, NULL);
+     if (ns == NULL) {
+-	xmlFreeDoc(doc);
+-	return(-1);
++        xmlFreeDoc(doc);
++        return(NULL);
+     }
+     catalog = xmlNewDocNode(doc, ns, BAD_CAST "catalog", NULL);
+     if (catalog == NULL) {
+-	xmlFreeNs(ns);
+-	xmlFreeDoc(doc);
+-	return(-1);
++        xmlFreeDoc(doc);
++        xmlFreeNs(ns);
++        return(NULL);
+     }
+     catalog->nsDef = ns;
+     xmlAddChild((xmlNodePtr) doc, catalog);
+-
+     xmlDumpXMLCatalogNode(catal, catalog, doc, ns, NULL);
+ 
++    return(doc);
++}
++
++static int
++xmlDumpXMLCatalog(FILE *out, xmlCatalogEntryPtr catal) {
++    int ret;
++    xmlDocPtr doc;
++    xmlOutputBufferPtr buf;
++
++    /*
++     * Rebuild a catalog
++     */
++    doc = xmlDumpXMLCatalogToDoc(catal);
++    if (doc == NULL) {
++        return(-1);
++    }
++
+     /*
+      * reserialize it
+      */
+@@ -3417,6 +3428,20 @@ xmlCatalogDump(FILE *out) {
+ 
+     xmlACatalogDump(xmlDefaultCatalog, out);
+ }
++
++/**
++ * Dump all the global catalog content as a xmlDoc
++ * This function is just for testing/debugging purposes
++ *
++ * @returns  The catalog as xmlDoc or NULL if failed, it must be freed by the caller.
++ */
++xmlDocPtr
++xmlCatalogDumpDoc(void) {
++    if (!xmlCatalogInitialized)
++        xmlInitializeCatalog();
++
++    return xmlDumpXMLCatalogToDoc(xmlDefaultCatalog->xml);
++}
+ #endif /* LIBXML_OUTPUT_ENABLED */
+ 
+ /**
+diff --git a/include/libxml/catalog.h b/include/libxml/catalog.h
+index 88a7483c..e1bc5feb 100644
+--- a/include/libxml/catalog.h
++++ b/include/libxml/catalog.h
+@@ -119,6 +119,8 @@ XMLPUBFUN void
+ #ifdef LIBXML_OUTPUT_ENABLED
+ XMLPUBFUN void
+ 		xmlCatalogDump		(FILE *out);
++XMLPUBFUN xmlDocPtr
++		xmlCatalogDumpDoc	(void);
+ #endif /* LIBXML_OUTPUT_ENABLED */
+ XMLPUBFUN xmlChar *
+ 		xmlCatalogResolve	(const xmlChar *pubID,
+diff --git a/test/catalogs/catalog-recursive.xml b/test/catalogs/catalog-recursive.xml
+new file mode 100644
+index 00000000..3b3d03f9
+--- /dev/null
++++ b/test/catalogs/catalog-recursive.xml
+@@ -0,0 +1,3 @@
++<catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog">
++    <delegateURI uriStartString="/foo" catalog="catalog-recursive.xml"/>
++</catalog>
+diff --git a/test/catalogs/repeated-next-catalog.xml b/test/catalogs/repeated-next-catalog.xml
+new file mode 100644
+index 00000000..76d34c3c
+--- /dev/null
++++ b/test/catalogs/repeated-next-catalog.xml
+@@ -0,0 +1,10 @@
++<catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog">
++  <nextCatalog catalog="registry.xml"/>
++  <nextCatalog catalog="registry.xml"/>
++  <nextCatalog catalog="./registry.xml"/>
++  <nextCatalog catalog="././registry.xml"/>
++  <nextCatalog catalog="./././registry.xml"/>
++  <nextCatalog catalog="./../catalogs/registry.xml"/>
++  <nextCatalog catalog="./../catalogs/./registry.xml"/>
++</catalog>
++
+diff --git a/testcatalog.c b/testcatalog.c
+new file mode 100644
+index 00000000..86d33bd0
+--- /dev/null
++++ b/testcatalog.c
+@@ -0,0 +1,96 @@
++/*
++ * testcatalog.c: C program to run libxml2 catalog.c unit tests
++ *
++ * To compile on Unixes:
++ * cc -o testcatalog `xml2-config --cflags` testcatalog.c `xml2-config --libs` -lpthread
++ *
++ * See Copyright for the status of this software.
++ *
++ * Author: Daniel Garcia <dani@danigm.net>
++ */
++
++
++#include "libxml.h"
++#include <stdio.h>
++
++#ifdef LIBXML_CATALOG_ENABLED
++#include <libxml/catalog.h>
++
++/* Test catalog resolve uri with recursive catalog */
++static int
++testRecursiveDelegateUri(void) {
++    int ret = 0;
++    const char *cat = "test/catalogs/catalog-recursive.xml";
++    const char *entity = "/foo.ent";
++    xmlChar *resolved = NULL;
++
++    xmlInitParser();
++    xmlLoadCatalog(cat);
++
++    /* This should trigger recursive error */
++    resolved = xmlCatalogResolveURI(BAD_CAST entity);
++    if (resolved != NULL) {
++        fprintf(stderr, "CATALOG-FAILURE: Catalog %s entity should fail to resolve\n", entity);
++        ret = 1;
++    }
++    xmlCatalogCleanup();
++
++    return ret;
++}
++
++/* Test parsing repeated NextCatalog */
++static int
++testRepeatedNextCatalog(void) {
++    int ret = 0;
++    int i = 0;
++    const char *cat = "test/catalogs/repeated-next-catalog.xml";
++    const char *entity = "/foo.ent";
++    xmlDocPtr doc = NULL;
++    xmlNodePtr node = NULL;
++
++    xmlInitParser();
++
++    xmlLoadCatalog(cat);
++    /* To force the complete recursive load */
++    xmlCatalogResolveURI(BAD_CAST entity);
++    /**
++     * Ensure that the doc doesn't contain the same nextCatalog
++     */
++    doc = xmlCatalogDumpDoc();
++    xmlCatalogCleanup();
++
++    if (doc == NULL) {
++        fprintf(stderr, "CATALOG-FAILURE: Failed to dump the catalog\n");
++        return 1;
++    }
++
++    /* Just the root "catalog" node with a series of nextCatalog */
++    node = xmlDocGetRootElement(doc);
++    node = node->children;
++    for (i=0; node != NULL; node=node->next, i++) {}
++    if (i > 1) {
++        fprintf(stderr, "CATALOG-FAILURE: Found %d nextCatalog entries and should be 1\n", i);
++        ret = 1;
++    }
++
++    xmlFreeDoc(doc);
++
++    return ret;
++}
++
++int
++main(void) {
++    int err = 0;
++
++    err |= testRecursiveDelegateUri();
++    err |= testRepeatedNextCatalog();
++
++    return err;
++}
++#else
++/* No catalog, so everything okay */
++int
++main(void) {
++    return 0;
++}
++#endif

meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch

@@ -0,0 +1,33 @@
+From deed3b7873dff30b7f87f7f33154c9932a772522 Mon Sep 17 00:00:00 2001
+From: Daniel Garcia Moreno <dani@danigm.net>
+Date: Sun, 18 Jan 2026 19:47:11 +0100
+Subject: [PATCH] catalog: Do not check value for duplication nextCatalog
+
+The value field stores the path as it appears in the catalog definition,
+the URL is built using xmlBuildURI that changes the relative paths to
+absolute.
+
+This change fixes the issue of using relative path to the same catalog
+in the same file.
+
+Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/1040
+
+CVE: CVE-2026-0992
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/deed3b7873dff30b7f87f7f33154c9932a772522]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ catalog.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/catalog.c b/catalog.c
+index eb889162..ba9ee7ae 100644
+--- a/catalog.c
++++ b/catalog.c
+@@ -1286,7 +1286,6 @@ xmlParseXMLCatalogNode(xmlNodePtr cur, xmlCatalogPrefer prefer,
+ 	while (prev != NULL) {
+ 	    if ((prev->type == XML_CATA_NEXT_CATALOG) &&
+ 		(xmlStrEqual (prev->URL, entry->URL)) &&
+-		(xmlStrEqual (prev->value, entry->value)) &&
+ 		(prev->prefer == entry->prefer) &&
+ 		(prev->group == entry->group)) {
+ 		    if (xmlDebugCatalogs)

meta/recipes-core/libxml/libxml2_2.12.10.bb

@@ -25,6 +25,11 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt
            file://CVE-2025-49795.patch \
            file://CVE-2025-6170.patch \
            file://CVE-2025-7425.patch \
+           file://CVE-2026-0989.patch \
+           file://CVE-2026-0990.patch \
+           file://CVE-2026-0992-01.patch \
+           file://CVE-2026-0992-02.patch \
+           file://CVE-2026-0992-03.patch \
            "
 
 SRC_URI[archive.sha256sum] = "c3d8c0c34aa39098f66576fe51969db12a5100b956233dc56506f7a8679be995"

meta/recipes-core/util-linux/util-linux.inc

@@ -44,6 +44,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
            file://CVE-2024-28085-0002.patch \
 	   file://fstab-isolation.patch \
            file://sys-utils-hwclock-rtc-fix-pointer-usage.patch \
+           file://CVE-2025-14104-01.patch \
+           file://CVE-2025-14104-02.patch \
            "
 
 SRC_URI[sha256sum] = "7b6605e48d1a49f43cc4b4cfc59f313d0dd5402fa40b96810bd572e167dfed0f"

meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch

@@ -0,0 +1,33 @@
+From aaa9e718c88d6916b003da7ebcfe38a3c88df8e6 Mon Sep 17 00:00:00 2001
+From: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
+Date: Sat, 24 May 2025 03:16:09 +0100
+Subject: [PATCH] Update setpwnam.c
+
+CVE: CVE-2025-14104
+Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/aaa9e718c88d6916b003da7ebcfe38a3c88df8e6]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ login-utils/setpwnam.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/login-utils/setpwnam.c b/login-utils/setpwnam.c
+index 3e3c1abde..95e470b5a 100644
+--- a/login-utils/setpwnam.c
++++ b/login-utils/setpwnam.c
+@@ -126,10 +126,12 @@ int setpwnam(struct passwd *pwd, const char *prefix)
+ 		}
+ 
+ 		/* Is this the username we were sent to change? */
+-		if (!found && linebuf[namelen] == ':' &&
+-		    !strncmp(linebuf, pwd->pw_name, namelen)) {
+-			/* Yes! So go forth in the name of the Lord and
+-			 * change it!  */
++		if (!found &&
++		    strncmp(linebuf, pwd->pw_name, namelen) == 0 &&
++		    strlen(linebuf) > namelen &&
++		    linebuf[namelen] == ':') {
++			/* Yes! But this time let’s not walk past the end of the buffer
++			 * in the name of the Lord, SUID, or anything else. */
+ 			if (putpwent(pwd, fp) < 0)
+ 				goto fail;
+ 			found = 1;

meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch

@@ -0,0 +1,28 @@
+From 9a36d77012c4c771f8d51eba46b6e62c29bf572a Mon Sep 17 00:00:00 2001
+From: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
+Date: Mon, 26 May 2025 10:06:02 +0100
+Subject: [PATCH] Update bufflen
+
+Update buflen
+
+CVE: CVE-2025-14104
+Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/9a36d77012c4c771f8d51eba46b6e62c29bf572a]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ login-utils/setpwnam.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/login-utils/setpwnam.c b/login-utils/setpwnam.c
+index 95e470b5a..7778e98f7 100644
+--- a/login-utils/setpwnam.c
++++ b/login-utils/setpwnam.c
+@@ -99,7 +99,8 @@ int setpwnam(struct passwd *pwd, const char *prefix)
+ 		goto fail;
+ 
+ 	namelen = strlen(pwd->pw_name);
+-
++	if (namelen > buflen)
++		buflen += namelen;
+ 	linebuf = malloc(buflen);
+ 	if (!linebuf)
+ 		goto fail;

meta/recipes-core/zlib/zlib_1.3.1.bb

@@ -46,5 +46,7 @@ do_install_ptest() {
 
 BBCLASSEXTEND = "native nativesdk"
 
-CVE_STATUS[CVE-2023-45853] = "not-applicable-config: we don't build minizip"
-CVE_STATUS[CVE-2023-6992] = "cpe-incorrect: this CVE is for cloudflare zlib"
+# Adding 'CVE_PRODUCT' to avoid false detection of CVEs
+CVE_PRODUCT = "zlib:zlib gnu:zlib"
+
+CVE_STATUS[CVE-2026-22184] = "not-applicable-config: vulnerable file is not compiled"

meta/recipes-devtools/docbook-xml/docbook-xml-dtd4_4.5.bb

@@ -25,11 +25,11 @@ LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE-OASIS;md5=c608985dd5f7f215e669e763
 # bitbake build system.
 #
 
-SRC_URI = "https://docbook.org/xml/4.1.2/docbkx412.zip;name=payload412;subdir=docbook-4.1.2 \
-           https://docbook.org/xml/4.2/docbook-xml-4.2.zip;name=payload42;subdir=docbook-4.2 \
-           https://docbook.org/xml/4.3/docbook-xml-4.3.zip;name=payload43;subdir=docbook-4.3 \
-           https://docbook.org/xml/4.4/docbook-xml-4.4.zip;name=payload44;subdir=docbook-4.4 \
-           https://docbook.org/xml/${PV}/docbook-xml-${PV}.zip;name=payloadPV;subdir=docbook-${PV} \
+SRC_URI = "https://archive.docbook.org/xml/4.1.2/docbkx412.zip;name=payload412;subdir=docbook-4.1.2 \
+           https://archive.docbook.org/xml/4.2/docbook-xml-4.2.zip;name=payload42;subdir=docbook-4.2 \
+           https://archive.docbook.org/xml/4.3/docbook-xml-4.3.zip;name=payload43;subdir=docbook-4.3 \
+           https://archive.docbook.org/xml/4.4/docbook-xml-4.4.zip;name=payload44;subdir=docbook-4.4 \
+           https://archive.docbook.org/xml/${PV}/docbook-xml-${PV}.zip;name=payloadPV;subdir=docbook-${PV} \
            file://docbook-xml-update-catalog.xml.patch \
            file://LICENSE-OASIS"
 

meta/recipes-devtools/pseudo/files/0001-configure-Prune-PIE-flags.patch

@@ -1,44 +0,0 @@
-From b5545c08e6c674c49aef14b47a56a3e92df4d2a7 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 17 Feb 2016 07:36:34 +0000
-Subject: [pseudo][PATCH] configure: Prune PIE flags
-
-LDFLAGS are not taken from environment and CFLAGS is used for LDFLAGS
-however when using security options -fpie and -pie options are coming
-as part of ARCH_FLAGS and they get into LDFLAGS of shared objects as
-well so we end up with conflicting options -shared -pie, which gold
-rejects outright and bfd linker lets the one appearning last in cmdline
-take effect. This create quite a unpleasant situation in OE when
-security flags are enabled and gold or not-gold options are used
-it errors out but errors are not same.
-
-Anyway, with this patch we filter pie options from ARCH_FLAGS
-ouright and take control of generating PIC objects
-
-Helps with errors like
-
-| /mnt/oe/build/tmp-glibc/sysroots/x86_64-linux/usr/libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/5.3.0/ld: pseudo_client.o: relocation R_X86_64_PC32 against symbol `pseudo_util_debug_flags' can not be used when making a shared object; recompile with -fPIC
-| /mnt/oe/build/tmp-glibc/sysroots/x86_64-linux/usr/libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/5.3.0/ld: final link failed: Bad value
-| collect2: error: ld returned 1 exit status
-| make: *** [lib/pseudo/lib64/libpseudo.so] Error 1
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Submitted
-
- configure | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/configure b/configure
-index e5ef9ce..83b0890 100755
---- a/configure
-+++ b/configure
-@@ -339,3 +339,5 @@ sed -e '
-   s,@ARCH@,'"$opt_arch"',g
-   s,@BITS@,'"$opt_bits"',g
- ' < Makefile.in > Makefile
-+
-+sed -i -e 's/\-[f]*pie//g' Makefile
--- 
-1.8.3.1
-

meta/recipes-devtools/pseudo/files/glibc238.patch

@@ -1,65 +0,0 @@
-glibc 2.38 would include  __isoc23_strtol and similar symbols. This is trggerd by
-_GNU_SOURCE but we have to set that for other definitions. Therefore play with defines
-to turn this off within pseudo_wrappers.c. Elsewhere we can switch to _DEFAULT_SOURCE
-rather than _GNU_SOURCE.
-
-Upstream-Status: Pending
-
-Index: git/pseudo_wrappers.c
-===================================================================
---- git.orig/pseudo_wrappers.c
-+++ git/pseudo_wrappers.c
-@@ -6,6 +6,18 @@
-  * SPDX-License-Identifier: LGPL-2.1-only
-  *
-  */
-+/* glibc 2.38 would include  __isoc23_strtol and similar symbols. This is trggerd by
-+ * _GNU_SOURCE but we have to set that for other definitions. Therefore play with defines
-+ * to turn this off.
-+ */
-+#include <features.h>
-+#undef __GLIBC_USE_ISOC2X
-+#undef __GLIBC_USE_C2X_STRTOL
-+#define __GLIBC_USE_C2X_STRTOL 0
-+#undef __GLIBC_USE_ISOC23
-+#undef __GLIBC_USE_C23_STRTOL
-+#define __GLIBC_USE_C23_STRTOL 0
-+
- #include <assert.h>
- #include <stdlib.h>
- #include <limits.h>
-Index: git/pseudo_util.c
-===================================================================
---- git.orig/pseudo_util.c
-+++ git/pseudo_util.c
-@@ -8,6 +8,17 @@
-  */
- /* we need access to RTLD_NEXT for a horrible workaround */
- #define _GNU_SOURCE
-+/* glibc 2.38 would include  __isoc23_strtol and similar symbols. This is trggerd by
-+ * _GNU_SOURCE but we have to set that for other definitions. Therefore play with defines
-+ * to turn this off.
-+ */
-+#include <features.h>
-+#undef __GLIBC_USE_ISOC2X
-+#undef __GLIBC_USE_C2X_STRTOL
-+#define __GLIBC_USE_C2X_STRTOL 0
-+#undef __GLIBC_USE_ISOC23
-+#undef __GLIBC_USE_C23_STRTOL
-+#define __GLIBC_USE_C23_STRTOL 0
- 
- #include <ctype.h>
- #include <errno.h>
-Index: git/pseudo_client.c
-===================================================================
---- git.orig/pseudo_client.c
-+++ git/pseudo_client.c
-@@ -6,7 +6,7 @@
-  * SPDX-License-Identifier: LGPL-2.1-only
-  *
-  */
--#define _GNU_SOURCE
-+#define _DEFAULT_SOURCE
- 
- #include <stdio.h>
- #include <signal.h>

meta/recipes-devtools/pseudo/files/older-glibc-symbols.patch

@@ -28,10 +28,10 @@ diff --git a/Makefile.in b/Makefile.in
 @@ -120,7 +120,7 @@ $(PSEUDODB): pseudodb.o $(SHOBJS) $(DBOBJS) pseudo_ipc.o | $(BIN)
  libpseudo: $(LIBPSEUDO)
  
- $(LIBPSEUDO): $(WRAPOBJS) pseudo_client.o pseudo_ipc.o $(SHOBJS) | $(LIB)
+ $(LIBPSEUDO): $(WRAPOBJS) pseudo_client.o pseudo_client_scanf.o pseudo_ipc.o $(SHOBJS) | $(LIB)
 -	$(CC) $(CFLAGS) $(CFLAGS_PSEUDO) -shared -o $(LIBPSEUDO) \
 +	$(CC) $(CFLAGS)  -Lprebuilt/$(shell uname -m)-linux/lib/ $(CFLAGS_PSEUDO) -shared -o $(LIBPSEUDO) \
- 		pseudo_client.o pseudo_ipc.o \
+ 		pseudo_client.o pseudo_client_scanf.o pseudo_ipc.o \
  		$(WRAPOBJS) $(SHOBJS) $(LDFLAGS) $(CLIENT_LDFLAGS)
  
 diff --git a/pseudo_wrappers.c b/pseudo_wrappers.c

meta/recipes-devtools/pseudo/pseudo.inc

@@ -156,3 +156,10 @@ do_install:append:class-nativesdk () {
 }
 
 BBCLASSEXTEND = "native nativesdk"
+
+# Setscene tasks which run under fakeroot must not be executed before
+# pseudo-native and *all* its runtime dependencies are available in the
+# sysroot.
+PSEUDO_SETSCENE_DEPS = ""
+PSEUDO_SETSCENE_DEPS:class-native = "sqlite3-native:do_populate_sysroot"
+do_populate_sysroot_setscene[depends] += "${PSEUDO_SETSCENE_DEPS}"

meta/recipes-devtools/pseudo/pseudo_git.bb

@@ -1,8 +1,6 @@
 require pseudo.inc
 
 SRC_URI = "git://git.yoctoproject.org/pseudo;branch=master;protocol=https \
-           file://0001-configure-Prune-PIE-flags.patch \
-           file://glibc238.patch \
            file://fallback-passwd \
            file://fallback-group \
            "
@@ -14,9 +12,9 @@ SRC_URI:append:class-nativesdk = " \
     file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "28dcefb809ce95db997811b5662f0b893b9923e0"
+SRCREV = "9ab513512d8b5180a430ae4fa738cb531154cdef"
 S = "${WORKDIR}/git"
-PV = "1.9.0+git"
+PV = "1.9.3+git"
 
 # largefile and 64bit time_t support adds these macros via compiler flags globally
 # remove them for pseudo since pseudo intercepts some of the functions which will be

meta/recipes-devtools/python/python3-urllib3/CVE-2026-21441.patch

@@ -0,0 +1,105 @@
+From 686d2bdd4affd3c86e605f54a72afe53c920f72f Mon Sep 17 00:00:00 2001
+From: Illia Volochii <illia.volochii@gmail.com>
+Date: Wed, 7 Jan 2026 18:07:30 +0200
+Subject: [PATCH] Backport fix CVE-2026-21441 python urllib3
+
+Original commit: 8864ac407bba8607950025e0979c4c69bc7abc7b
+Original-author: Illia Volochii <illia.volochii@gmail.com>
+
+Bugfixes
+--------
+
+- Fixed a high-severity security issue where decompression-bomb safeguards of
+  the streaming API were bypassed when HTTP redirects were followed.
+  (`GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99>`__)
+
+* Stop decoding response content during redirects needlessly
+
+* Rename the new query parameter
+
+* Add a changelog entry
+
+Fixes CVE-2026-21441
+CVE: CVE-2026-21441
+
+Upstream-Status: Backport [https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b]
+
+Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
+---
+ dummyserver/app.py                           |  8 +++++++-
+ src/urllib3/response.py                      |  6 +++++-
+ test/with_dummyserver/test_connectionpool.py | 19 +++++++++++++++++++
+ 3 files changed, 31 insertions(+), 2 deletions(-)
+
+diff --git a/dummyserver/app.py b/dummyserver/app.py
+index 9fc9d1b7..c4978152 100644
+--- a/dummyserver/app.py
++++ b/dummyserver/app.py
+@@ -233,10 +233,16 @@ async def redirect() -> ResponseReturnValue:
+     values = await request.values
+     target = values.get("target", "/")
+     status = values.get("status", "303 See Other")
++    compressed = values.get("compressed") == "true"
+     status_code = status.split(" ")[0]
+ 
+     headers = [("Location", target)]
+-    return await make_response("", status_code, headers)
++    if compressed:
++        headers.append(("Content-Encoding", "gzip"))
++        data = gzip.compress(b"foo")
++    else:
++        data = b""
++    return await make_response(data, status_code, headers)
+ 
+ 
+ @hypercorn_app.route("/redirect_after")
+diff --git a/src/urllib3/response.py b/src/urllib3/response.py
+index a0273d65..909da62b 100644
+--- a/src/urllib3/response.py
++++ b/src/urllib3/response.py
+@@ -646,7 +646,11 @@ class HTTPResponse(BaseHTTPResponse):
+         Unread data in the HTTPResponse connection blocks the connection from being released back to the pool.
+         """
+         try:
+-            self.read()
++            self.read(
++                # Do not spend resources decoding the content unless
++                # decoding has already been initiated.
++                decode_content=self._has_decoded_content,
++            )
+         except (HTTPError, OSError, BaseSSLError, HTTPException):
+             pass
+ 
+diff --git a/test/with_dummyserver/test_connectionpool.py b/test/with_dummyserver/test_connectionpool.py
+index 4fbe6a4f..ebcdf9bf 100644
+--- a/test/with_dummyserver/test_connectionpool.py
++++ b/test/with_dummyserver/test_connectionpool.py
+@@ -480,6 +480,25 @@ class TestConnectionPool(HypercornDummyServerTestCase):
+             assert r.status == 200
+             assert r.data == b"Dummy server!"
+ 
++    @mock.patch("urllib3.response.GzipDecoder.decompress")
++    def test_no_decoding_with_redirect_when_preload_disabled(
++        self, gzip_decompress: mock.MagicMock
++    ) -> None:
++        """
++        Test that urllib3 does not attempt to decode a gzipped redirect
++        response when `preload_content` is set to `False`.
++        """
++        with HTTPConnectionPool(self.host, self.port) as pool:
++            # Three requests are expected: two redirects and one final / 200 OK.
++            response = pool.request(
++                "GET",
++                "/redirect",
++                fields={"target": "/redirect?compressed=true", "compressed": "true"},
++                preload_content=False,
++            )
++        assert response.status == 200
++        gzip_decompress.assert_not_called()
++
+     def test_303_redirect_makes_request_lose_body(self) -> None:
+         with HTTPConnectionPool(self.host, self.port) as pool:
+             response = pool.request(
+-- 
+2.44.0
+

meta/recipes-devtools/python/python3-urllib3_2.2.2.bb

@@ -11,6 +11,7 @@ SRC_URI += " \
     file://CVE-2025-50181.patch \
     file://CVE-2025-66418.patch \
     file://CVE-2025-66471.patch \
+    file://CVE-2026-21441.patch \
 "
 
 RDEPENDS:${PN} += "\

meta/recipes-devtools/python/python3/CVE-2025-12084.patch

@@ -0,0 +1,144 @@
+From 9c9dda6625a2a90d2a06c657eee021d6be19842d Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Mon, 22 Dec 2025 14:48:49 +0100
+Subject: [PATCH] [3.12] gh-142145: Remove quadratic behavior in node ID cache
+ clearing (GH-142146) (#142211)
+
+* gh-142145: Remove quadratic behavior in node ID cache clearing (GH-142146)
+* gh-142754: Ensure that Element & Attr instances have the ownerDocument attribute (GH-142794)
+(cherry picked from commit 1cc7551b3f9f71efbc88d96dce90f82de98b2454)
+(cherry picked from commit 08d8e18ad81cd45bc4a27d6da478b51ea49486e4)
+(cherry picked from commit 8d2d7bb2e754f8649a68ce4116271a4932f76907)
+
+Co-authored-by: Jacob Walls <38668450+jacobtylerwalls@users.noreply.github.com>
+Co-authored-by: Seth Michael Larson <seth@python.org>
+Co-authored-by: Petr Viktorin <encukou@gmail.com>
+Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
+Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
+Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
+Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
+Co-authored-by: Gregory P. Smith <greg@krypto.org>
+
+CVE: CVE-2025-12084
+Upstream-Status: Backport [https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ Lib/test/test_minidom.py                      | 33 ++++++++++++++++++-
+ Lib/xml/dom/minidom.py                        | 11 ++-----
+ ...-12-01-09-36-45.gh-issue-142145.tcAUhg.rst |  6 ++++
+ 3 files changed, 41 insertions(+), 9 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst
+
+diff --git a/Lib/test/test_minidom.py b/Lib/test/test_minidom.py
+index 699265ccadc..ab4823c8315 100644
+--- a/Lib/test/test_minidom.py
++++ b/Lib/test/test_minidom.py
+@@ -2,13 +2,14 @@
+ 
+ import copy
+ import pickle
++import time
+ import io
+ from test import support
+ import unittest
+ 
+ import xml.dom.minidom
+ 
+-from xml.dom.minidom import parse, Attr, Node, Document, parseString
++from xml.dom.minidom import parse, Attr, Node, Document, Element, parseString
+ from xml.dom.minidom import getDOMImplementation
+ from xml.parsers.expat import ExpatError
+ 
+@@ -176,6 +177,36 @@ class MinidomTest(unittest.TestCase):
+         self.confirm(dom.documentElement.childNodes[-1].data == "Hello")
+         dom.unlink()
+ 
++    @support.requires_resource('cpu')
++    def testAppendChildNoQuadraticComplexity(self):
++        impl = getDOMImplementation()
++
++        newdoc = impl.createDocument(None, "some_tag", None)
++        top_element = newdoc.documentElement
++        children = [newdoc.createElement(f"child-{i}") for i in range(1, 2 ** 15 + 1)]
++        element = top_element
++
++        start = time.monotonic()
++        for child in children:
++            element.appendChild(child)
++            element = child
++        end = time.monotonic()
++
++        # This example used to take at least 30 seconds.
++        # Conservative assertion due to the wide variety of systems and
++        # build configs timing based tests wind up run under.
++        # A --with-address-sanitizer --with-pydebug build on a rpi5 still
++        # completes this loop in <0.5 seconds.
++        self.assertLess(end - start, 4)
++
++    def testSetAttributeNodeWithoutOwnerDocument(self):
++        # regression test for gh-142754
++        elem = Element("test")
++        attr = Attr("id")
++        attr.value = "test-id"
++        elem.setAttributeNode(attr)
++        self.assertEqual(elem.getAttribute("id"), "test-id")
++
+     def testAppendChildFragment(self):
+         dom, orig, c1, c2, c3, frag = self._create_fragment_test_nodes()
+         dom.documentElement.appendChild(frag)
+diff --git a/Lib/xml/dom/minidom.py b/Lib/xml/dom/minidom.py
+index ef8a159833b..cada981f39f 100644
+--- a/Lib/xml/dom/minidom.py
++++ b/Lib/xml/dom/minidom.py
+@@ -292,13 +292,6 @@ def _append_child(self, node):
+     childNodes.append(node)
+     node.parentNode = self
+ 
+-def _in_document(node):
+-    # return True iff node is part of a document tree
+-    while node is not None:
+-        if node.nodeType == Node.DOCUMENT_NODE:
+-            return True
+-        node = node.parentNode
+-    return False
+ 
+ def _write_data(writer, data):
+     "Writes datachars to writer."
+@@ -355,6 +348,7 @@ class Attr(Node):
+     def __init__(self, qName, namespaceURI=EMPTY_NAMESPACE, localName=None,
+                  prefix=None):
+         self.ownerElement = None
++        self.ownerDocument = None
+         self._name = qName
+         self.namespaceURI = namespaceURI
+         self._prefix = prefix
+@@ -680,6 +674,7 @@ class Element(Node):
+ 
+     def __init__(self, tagName, namespaceURI=EMPTY_NAMESPACE, prefix=None,
+                  localName=None):
++        self.ownerDocument = None
+         self.parentNode = None
+         self.tagName = self.nodeName = tagName
+         self.prefix = prefix
+@@ -1539,7 +1534,7 @@ def _clear_id_cache(node):
+     if node.nodeType == Node.DOCUMENT_NODE:
+         node._id_cache.clear()
+         node._id_search_stack = None
+-    elif _in_document(node):
++    elif node.ownerDocument:
+         node.ownerDocument._id_cache.clear()
+         node.ownerDocument._id_search_stack= None
+ 
+diff --git a/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst b/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst
+new file mode 100644
+index 00000000000..05c7df35d14
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst
+@@ -0,0 +1,6 @@
++Remove quadratic behavior in ``xml.minidom`` node ID cache clearing.  In order
++to do this without breaking existing users, we also add the *ownerDocument*
++attribute to :mod:`xml.dom.minidom` elements and attributes created by directly
++instantiating the ``Element`` or ``Attr`` class. Note that this way of creating
++nodes is not supported; creator functions like
++:py:meth:`xml.dom.Document.documentElement` should be used instead.

meta/recipes-devtools/python/python3/CVE-2025-13836.patch

@@ -0,0 +1,162 @@
+From 14b1fdb0a94b96f86fc7b86671ea9582b8676628 Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Mon, 22 Dec 2025 14:50:18 +0100
+Subject: [PATCH] [3.12] gh-119451: Fix a potential denial of service in
+ http.client (GH-119454) (#142140)
+
+gh-119451: Fix a potential denial of service in http.client (GH-119454)
+
+Reading the whole body of the HTTP response could cause OOM if
+the Content-Length value is too large even if the server does not send
+a large amount of data. Now the HTTP client reads large data by chunks,
+therefore the amount of consumed memory is proportional to the amount
+of sent data.
+(cherry picked from commit 5a4c4a033a4a54481be6870aa1896fad732555b5)
+
+Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
+
+CVE: CVE-2025-13836
+Upstream-Status: Backport [https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ Lib/http/client.py                            | 28 ++++++--
+ Lib/test/test_httplib.py                      | 66 +++++++++++++++++++
+ ...-05-23-11-47-48.gh-issue-119451.qkJe9-.rst |  5 ++
+ 3 files changed, 95 insertions(+), 4 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst
+
+diff --git a/Lib/http/client.py b/Lib/http/client.py
+index fb29923d942..70451d67d4c 100644
+--- a/Lib/http/client.py
++++ b/Lib/http/client.py
+@@ -111,6 +111,11 @@ responses = {v: v.phrase for v in http.HTTPStatus.__members__.values()}
+ _MAXLINE = 65536
+ _MAXHEADERS = 100
+ 
++# Data larger than this will be read in chunks, to prevent extreme
++# overallocation.
++_MIN_READ_BUF_SIZE = 1 << 20
++
++
+ # Header name/value ABNF (http://tools.ietf.org/html/rfc7230#section-3.2)
+ #
+ # VCHAR          = %x21-7E
+@@ -639,10 +644,25 @@ class HTTPResponse(io.BufferedIOBase):
+         reading. If the bytes are truly not available (due to EOF), then the
+         IncompleteRead exception can be used to detect the problem.
+         """
+-        data = self.fp.read(amt)
+-        if len(data) < amt:
+-            raise IncompleteRead(data, amt-len(data))
+-        return data
++        cursize = min(amt, _MIN_READ_BUF_SIZE)
++        data = self.fp.read(cursize)
++        if len(data) >= amt:
++            return data
++        if len(data) < cursize:
++            raise IncompleteRead(data, amt - len(data))
++
++        data = io.BytesIO(data)
++        data.seek(0, 2)
++        while True:
++            # This is a geometric increase in read size (never more than
++            # doubling out the current length of data per loop iteration).
++            delta = min(cursize, amt - cursize)
++            data.write(self.fp.read(delta))
++            if data.tell() >= amt:
++                return data.getvalue()
++            cursize += delta
++            if data.tell() < cursize:
++                raise IncompleteRead(data.getvalue(), amt - data.tell())
+ 
+     def _safe_readinto(self, b):
+         """Same as _safe_read, but for reading into a buffer."""
+diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py
+index 01f5a101901..e46dac00779 100644
+--- a/Lib/test/test_httplib.py
++++ b/Lib/test/test_httplib.py
+@@ -1452,6 +1452,72 @@ class BasicTest(TestCase):
+         thread.join()
+         self.assertEqual(result, b"proxied data\n")
+ 
++    def test_large_content_length(self):
++        serv = socket.create_server((HOST, 0))
++        self.addCleanup(serv.close)
++
++        def run_server():
++            [conn, address] = serv.accept()
++            with conn:
++                while conn.recv(1024):
++                    conn.sendall(
++                        b"HTTP/1.1 200 Ok\r\n"
++                        b"Content-Length: %d\r\n"
++                        b"\r\n" % size)
++                    conn.sendall(b'A' * (size//3))
++                    conn.sendall(b'B' * (size - size//3))
++
++        thread = threading.Thread(target=run_server)
++        thread.start()
++        self.addCleanup(thread.join, 1.0)
++
++        conn = client.HTTPConnection(*serv.getsockname())
++        try:
++            for w in range(15, 27):
++                size = 1 << w
++                conn.request("GET", "/")
++                with conn.getresponse() as response:
++                    self.assertEqual(len(response.read()), size)
++        finally:
++            conn.close()
++            thread.join(1.0)
++
++    def test_large_content_length_truncated(self):
++        serv = socket.create_server((HOST, 0))
++        self.addCleanup(serv.close)
++
++        def run_server():
++            while True:
++                [conn, address] = serv.accept()
++                with conn:
++                    conn.recv(1024)
++                    if not size:
++                        break
++                    conn.sendall(
++                        b"HTTP/1.1 200 Ok\r\n"
++                        b"Content-Length: %d\r\n"
++                        b"\r\n"
++                        b"Text" % size)
++
++        thread = threading.Thread(target=run_server)
++        thread.start()
++        self.addCleanup(thread.join, 1.0)
++
++        conn = client.HTTPConnection(*serv.getsockname())
++        try:
++            for w in range(18, 65):
++                size = 1 << w
++                conn.request("GET", "/")
++                with conn.getresponse() as response:
++                    self.assertRaises(client.IncompleteRead, response.read)
++                conn.close()
++        finally:
++            conn.close()
++            size = 0
++            conn.request("GET", "/")
++            conn.close()
++            thread.join(1.0)
++
+     def test_putrequest_override_domain_validation(self):
+         """
+         It should be possible to override the default validation
+diff --git a/Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst b/Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst
+new file mode 100644
+index 00000000000..6d6f25cd2f8
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst
+@@ -0,0 +1,5 @@
++Fix a potential memory denial of service in the :mod:`http.client` module.
++When connecting to a malicious server, it could cause
++an arbitrary amount of memory to be allocated.
++This could have led to symptoms including a :exc:`MemoryError`, swapping, out
++of memory (OOM) killed processes or containers, or even system crashes.

meta/recipes-devtools/python/python3/CVE-2025-13837.patch

@@ -0,0 +1,162 @@
+From 5a8b19677d818fb41ee55f310233772e15aa1a2b Mon Sep 17 00:00:00 2001
+From: Serhiy Storchaka <storchaka@gmail.com>
+Date: Mon, 22 Dec 2025 15:49:44 +0200
+Subject: [PATCH] [3.12] gh-119342: Fix a potential denial of service in
+ plistlib (GH-119343) (#142149)
+
+Reading a specially prepared small Plist file could cause OOM because file's
+read(n) preallocates a bytes object for reading the specified amount of
+data. Now plistlib reads large data by chunks, therefore the upper limit of
+consumed memory is proportional to the size of the input file.
+(cherry picked from commit 694922cf40aa3a28f898b5f5ee08b71b4922df70)
+
+CVE: CVE-2025-13837
+Upstream-Status: Backport [https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ Lib/plistlib.py                               | 31 ++++++++++------
+ Lib/test/test_plistlib.py                     | 37 +++++++++++++++++--
+ ...-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst |  5 +++
+ 3 files changed, 59 insertions(+), 14 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst
+
+diff --git a/Lib/plistlib.py b/Lib/plistlib.py
+index 3292c30d5f..c5554ea1f7 100644
+--- a/Lib/plistlib.py
++++ b/Lib/plistlib.py
+@@ -73,6 +73,9 @@ from xml.parsers.expat import ParserCreate
+ PlistFormat = enum.Enum('PlistFormat', 'FMT_XML FMT_BINARY', module=__name__)
+ globals().update(PlistFormat.__members__)
+ 
++# Data larger than this will be read in chunks, to prevent extreme
++# overallocation.
++_MIN_READ_BUF_SIZE = 1 << 20
+ 
+ class UID:
+     def __init__(self, data):
+@@ -499,12 +502,24 @@ class _BinaryPlistParser:
+ 
+         return tokenL
+ 
++    def _read(self, size):
++        cursize = min(size, _MIN_READ_BUF_SIZE)
++        data = self._fp.read(cursize)
++        while True:
++            if len(data) != cursize:
++                raise InvalidFileException
++            if cursize == size:
++                return data
++            delta = min(cursize, size - cursize)
++            data += self._fp.read(delta)
++            cursize += delta
++
+     def _read_ints(self, n, size):
+-        data = self._fp.read(size * n)
++        data = self._read(size * n)
+         if size in _BINARY_FORMAT:
+             return struct.unpack(f'>{n}{_BINARY_FORMAT[size]}', data)
+         else:
+-            if not size or len(data) != size * n:
++            if not size:
+                 raise InvalidFileException()
+             return tuple(int.from_bytes(data[i: i + size], 'big')
+                          for i in range(0, size * n, size))
+@@ -561,22 +576,16 @@ class _BinaryPlistParser:
+ 
+         elif tokenH == 0x40:  # data
+             s = self._get_size(tokenL)
+-            result = self._fp.read(s)
+-            if len(result) != s:
+-                raise InvalidFileException()
++            result = self._read(s)
+ 
+         elif tokenH == 0x50:  # ascii string
+             s = self._get_size(tokenL)
+-            data = self._fp.read(s)
+-            if len(data) != s:
+-                raise InvalidFileException()
++            data = self._read(s)
+             result = data.decode('ascii')
+ 
+         elif tokenH == 0x60:  # unicode string
+             s = self._get_size(tokenL) * 2
+-            data = self._fp.read(s)
+-            if len(data) != s:
+-                raise InvalidFileException()
++            data = self._read(s)
+             result = data.decode('utf-16be')
+ 
+         elif tokenH == 0x80:  # UID
+diff --git a/Lib/test/test_plistlib.py b/Lib/test/test_plistlib.py
+index fa46050658..229a5a242e 100644
+--- a/Lib/test/test_plistlib.py
++++ b/Lib/test/test_plistlib.py
+@@ -841,8 +841,7 @@ class TestPlistlib(unittest.TestCase):
+ 
+ class TestBinaryPlistlib(unittest.TestCase):
+ 
+-    @staticmethod
+-    def decode(*objects, offset_size=1, ref_size=1):
++    def build(self, *objects, offset_size=1, ref_size=1):
+         data = [b'bplist00']
+         offset = 8
+         offsets = []
+@@ -854,7 +853,11 @@ class TestBinaryPlistlib(unittest.TestCase):
+                            len(objects), 0, offset)
+         data.extend(offsets)
+         data.append(tail)
+-        return plistlib.loads(b''.join(data), fmt=plistlib.FMT_BINARY)
++        return b''.join(data)
++
++    def decode(self, *objects, offset_size=1, ref_size=1):
++        data = self.build(*objects, offset_size=offset_size, ref_size=ref_size)
++        return plistlib.loads(data, fmt=plistlib.FMT_BINARY)
+ 
+     def test_nonstandard_refs_size(self):
+         # Issue #21538: Refs and offsets are 24-bit integers
+@@ -963,6 +966,34 @@ class TestBinaryPlistlib(unittest.TestCase):
+                 with self.assertRaises(plistlib.InvalidFileException):
+                     plistlib.loads(b'bplist00' + data, fmt=plistlib.FMT_BINARY)
+ 
++    def test_truncated_large_data(self):
++        self.addCleanup(os_helper.unlink, os_helper.TESTFN)
++        def check(data):
++            with open(os_helper.TESTFN, 'wb') as f:
++                f.write(data)
++            # buffered file
++            with open(os_helper.TESTFN, 'rb') as f:
++                with self.assertRaises(plistlib.InvalidFileException):
++                    plistlib.load(f, fmt=plistlib.FMT_BINARY)
++            # unbuffered file
++            with open(os_helper.TESTFN, 'rb', buffering=0) as f:
++                with self.assertRaises(plistlib.InvalidFileException):
++                    plistlib.load(f, fmt=plistlib.FMT_BINARY)
++        for w in range(20, 64):
++            s = 1 << w
++            # data
++            check(self.build(b'\x4f\x13' + s.to_bytes(8, 'big')))
++            # ascii string
++            check(self.build(b'\x5f\x13' + s.to_bytes(8, 'big')))
++            # unicode string
++            check(self.build(b'\x6f\x13' + s.to_bytes(8, 'big')))
++            # array
++            check(self.build(b'\xaf\x13' + s.to_bytes(8, 'big')))
++            # dict
++            check(self.build(b'\xdf\x13' + s.to_bytes(8, 'big')))
++            # number of objects
++            check(b'bplist00' + struct.pack('>6xBBQQQ', 1, 1, s, 0, 8))
++
+ 
+ class TestKeyedArchive(unittest.TestCase):
+     def test_keyed_archive_data(self):
+diff --git a/Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst b/Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst
+new file mode 100644
+index 0000000000..04fd8faca4
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst
+@@ -0,0 +1,5 @@
++Fix a potential memory denial of service in the :mod:`plistlib` module.
++When reading a Plist file received from untrusted source, it could cause
++an arbitrary amount of memory to be allocated.
++This could have led to symptoms including a :exc:`MemoryError`, swapping, out
++of memory (OOM) killed processes or containers, or even system crashes.

meta/recipes-devtools/python/python3_3.12.12.bb

@@ -35,6 +35,9 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
 	   file://0001-test_active_children-skip-problematic-test.patch \
            file://0001-test_readline-skip-limited-history-test.patch \
            file://CVE-2025-6075.patch \
+           file://CVE-2025-12084.patch \
+           file://CVE-2025-13836.patch \
+           file://CVE-2025-13837.patch \
            "
 
 SRC_URI:append:class-native = " \

meta/recipes-devtools/qemu/qemu.inc

@@ -88,6 +88,9 @@ CVE_STATUS[CVE-2023-1386] = "disputed: not an issue as per https://bugzilla.redh
 
 CVE_STATUS[CVE-2024-7730] = "fixed-version: this is fixed in v8.2.7"
 
+CVE_STATUS[CVE-2025-54566] = "cpe-incorrect: This issue was introduced in v10.0.0-rc0"
+CVE_STATUS[CVE-2025-54567] = "cpe-incorrect: This issue was introduced in v10.0.0-rc0"
+
 COMPATIBLE_HOST:mipsarchn32 = "null"
 COMPATIBLE_HOST:mipsarchn64 = "null"
 COMPATIBLE_HOST:riscv32 = "null"

meta/recipes-extended/cups/cups.inc

@@ -19,6 +19,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
            file://CVE-2025-58364.patch \
            file://CVE-2025-58436.patch \
            file://CVE-2025-61915.patch \
+           file://0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch \
            "
 
 GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"

meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch

@@ -0,0 +1,43 @@
+From 277d3b1c49895f070bbf4b73cada011d71fbf9f3 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Thu, 4 Dec 2025 09:04:37 +0100
+Subject: [PATCH] conf.c: Fix stopping scheduler on unknown directive
+
+Change the return value to do not trigger stopping the scheduler in case
+of unknown directive, because stopping the scheduler on config errors
+should only happen in case of syntax errors.
+
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/277d3b1c49895f070bbf4b73cada011d71fbf9f3]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ scheduler/conf.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/scheduler/conf.c b/scheduler/conf.c
+index 7d6da0252..0e7be0ef4 100644
+--- a/scheduler/conf.c
++++ b/scheduler/conf.c
+@@ -2697,16 +2697,16 @@ parse_variable(
+   {
+    /*
+     * Unknown directive!  Output an error message and continue...
++    *
++    * Return value 1 is on purpose - we ignore unknown directives to log
++    * error, but do not stop the scheduler in case error in configuration
++    * is set to be fatal.
+     */
+ 
+-    if (!value)
+-      cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.",
+-		      line, linenum, filename);
+-    else
+-      cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
+-		      line, linenum, filename);
++    cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
++		    line, linenum, filename);
+ 
+-    return (0);
++    return (1);
+   }
+ 
+   switch (var->type)

meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-02.patch

@@ -0,0 +1,46 @@
+From cfb02de558d843dc5355c4aa2aeb4af49f88bdb9 Mon Sep 17 00:00:00 2001
+From: Martin Matuska <martin@matuska.de>
+Date: Mon, 8 Dec 2025 21:40:46 +0100
+Subject: [PATCH] tar: fix off-bounds read resulting from #2787 (3150539ed)
+
+CVE: CVE-2025-60753
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/cfb02de558d843dc5355c4aa2aeb4af49f88bdb9]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ tar/subst.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/tar/subst.c b/tar/subst.c
+index a466f653..53497ad0 100644
+--- a/tar/subst.c
++++ b/tar/subst.c
+@@ -237,7 +237,7 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
+ 
+ 		char isEnd = 0;
+ 		do {
+-            isEnd = *name == '\0';
++			isEnd = *name == '\0';
+ 			if (regexec(&rule->re, name, 10, matches, 0))
+ 				break;
+ 
+@@ -293,13 +293,13 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
+ 
+ 			realloc_strcat(result, rule->result + j);
+ 			if (matches[0].rm_eo > 0) {
+-                name += matches[0].rm_eo;
+-            } else {
+-                // We skip a character because the match is 0-length
+-                // so we need to add it to the output
+-                realloc_strncat(result, name, 1);
+-                name += 1;
+-            }
++				name += matches[0].rm_eo;
++			} else if (!isEnd) {
++				// We skip a character because the match is 0-length
++				// so we need to add it to the output
++				realloc_strncat(result, name, 1);
++				name += 1;
++			}
+ 		} while (rule->global && !isEnd); // Testing one step after because sed et al. run 0-length patterns a last time on the empty string at the end
+ 	}
+ 

meta/recipes-extended/libarchive/libarchive_3.7.9.bb

@@ -42,7 +42,8 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
            file://0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch \
            file://0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch \
            file://0001-Merge-pull-request-2768-from-Commandoss-master.patch \
-           file://CVE-2025-60753.patch \
+           file://CVE-2025-60753-01.patch \
+           file://CVE-2025-60753-02.patch \
            "
 UPSTREAM_CHECK_URI = "http://libarchive.org/"
 

meta/recipes-extended/lighttpd/lighttpd/0001-mod_dirlisting.patch

@@ -0,0 +1,48 @@
+From 3d400ce06dcb950a61363f87330324db244f4bac Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Thu, 29 Feb 2024 20:59:57 -0500
+Subject: [PATCH] [mod_dirlisting] fix suffix display of '/' on file (fixes
+ #3242)
+
+fix incorrect suffix display of '/' on files
+
+(regression in lighttpd 1.4.74)
+
+(thx guy)
+
+Upstream-Status: Backport [https://github.com/lighttpd/lighttpd1.4/commit/3d400ce06dcb950a61363f87330324db244f4bac]
+
+References:
+[1] https://redmine.lighttpd.net/issues/3242
+
+Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+---
+ src/mod_dirlisting.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/src/mod_dirlisting.c b/src/mod_dirlisting.c
+index a3432211..2686cd3e 100644
+--- a/src/mod_dirlisting.c
++++ b/src/mod_dirlisting.c
+@@ -1022,10 +1022,19 @@ static void http_list_directory_dirname(buffer * const out, const dirls_entry_t
+ 	buffer_append_string_len(out, CONST_STR_LEN("</td><td class=\"s\">- &nbsp;</td><td class=\"t\">Directory</td></tr>\n"));
+ }
+ 
++static void http_list_file_ent(buffer * const out, const dirls_entry_t * const ent, const char * const name) {
++	buffer_append_string_encoded(out, name, ent->namelen, ENCODING_REL_URI_PART);
++	buffer_append_string_len(out, CONST_STR_LEN("\">"));
++	buffer_append_string_encoded(out, name, ent->namelen, ENCODING_MINIMAL_XML);
++	buffer_append_string_len(out, CONST_STR_LEN("</a></td><td class=\"m\">"));
++
++	http_list_directory_mtime(out, ent);
++}
++
+ static void http_list_directory_filename(buffer * const out, const dirls_entry_t * const ent, const char * const name, handler_ctx * const hctx) {
+ 	buffer_append_string_len(out, CONST_STR_LEN("<tr><td class=\"n\"><a href=\""));
+ 
+-	http_list_directory_ent(out, ent, name);
++	http_list_file_ent(out, ent, name);
+ 
+ 	const buffer *content_type;
+   #if defined(HAVE_XATTR) || defined(HAVE_EXTATTR) /*(pass full path)*/
+

meta/recipes-extended/lighttpd/lighttpd_1.4.74.bb

@@ -14,6 +14,7 @@ SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.t
            file://index.html.lighttpd \
            file://lighttpd.conf \
            file://lighttpd \
+           file://0001-mod_dirlisting.patch \
            "
 
 SRC_URI[sha256sum] = "5c08736e83088f7e019797159f306e88ec729abe976dc98fb3bed71b9d3e53b5"

meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35365.patch

@@ -1,62 +0,0 @@
-From ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5 Mon Sep 17 00:00:00 2001
-From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
-Date: Mon, 25 Mar 2024 16:54:25 +0100
-Subject: [PATCH] fftools/ffmpeg_mux_init: Fix double-free on error
-
-MATCH_PER_STREAM_OPT iterates over all options of a given
-OptionDef and tests whether they apply to the current stream;
-if so, they are set to ost->apad, otherwise, the code errors
-out. If no error happens, ost->apad is av_strdup'ed in order
-to take ownership of this pointer.
-
-But this means that setting it originally was premature,
-as it leads to double-frees when an error happens lateron.
-This can simply be reproduced with
-ffmpeg -filter_complex anullsrc  -apad bar -apad:n baz -f null -
-This is a regression since 83ace80bfd80fcdba2c65fa1d554923ea931d5bd.
-
-Fix this by using a temporary variable instead of directly
-setting ost->apad. Also only strdup the string if it actually
-is != NULL.
-
-Reviewed-by: Marth64 <marth64@proxyid.net>
-Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
-
-CVE: CVE-2024-35365
-
-Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5]
-
-Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
----
- fftools/ffmpeg_mux_init.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/fftools/ffmpeg_mux_init.c b/fftools/ffmpeg_mux_init.c
-index 63a25a3..685c064 100644
---- a/fftools/ffmpeg_mux_init.c
-+++ b/fftools/ffmpeg_mux_init.c
-@@ -845,6 +845,7 @@ static int new_stream_audio(Muxer *mux, const OptionsContext *o,
-         int channels = 0;
-         char *layout = NULL;
-         char *sample_fmt = NULL;
-+        const char *apad = NULL;
-
-         MATCH_PER_STREAM_OPT(audio_channels, i, channels, oc, st);
-         if (channels) {
-@@ -882,8 +883,12 @@ static int new_stream_audio(Muxer *mux, const OptionsContext *o,
-
-         MATCH_PER_STREAM_OPT(audio_sample_rate, i, audio_enc->sample_rate, oc, st);
-
--        MATCH_PER_STREAM_OPT(apad, str, ost->apad, oc, st);
--        ost->apad = av_strdup(ost->apad);
-+        MATCH_PER_STREAM_OPT(apad, str, apad, oc, st);
-+        if (apad) {
-+            ost->apad = av_strdup(apad);
-+            if (!ost->apad)
-+                return AVERROR(ENOMEM);
-+        }
-
- #if FFMPEG_OPT_MAP_CHANNEL
-         /* check for channel mapping for this audio stream */
---
-2.40.0

meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch

@@ -1,36 +0,0 @@
-From 7a089ed8e049e3bfcb22de1250b86f2106060857 Mon Sep 17 00:00:00 2001
-From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
-Date: Tue, 12 Mar 2024 23:23:17 +0100
-Subject: [PATCH] avformat/avidec: Fix integer overflow iff ULONG_MAX <
- INT64_MAX
-
-Affects many FATE-tests, see
-https://fate.ffmpeg.org/report.cgi?time=20240312011016&slot=ppc-linux-gcc-13.2-ubsan-altivec-qemu
-
-Reviewed-by: James Almer <jamrial@gmail.com>
-Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
-
-CVE: CVE-2024-36618
-
-Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857]
-
-Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
----
- libavformat/avidec.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libavformat/avidec.c b/libavformat/avidec.c
-index 00bd7a9..bc95466 100644
---- a/libavformat/avidec.c
-+++ b/libavformat/avidec.c
-@@ -1696,7 +1696,7 @@ static int check_stream_max_drift(AVFormatContext *s)
-     int *idx = av_calloc(s->nb_streams, sizeof(*idx));
-     if (!idx)
-         return AVERROR(ENOMEM);
--    for (min_pos = pos = 0; min_pos != INT64_MAX; pos = min_pos + 1LU) {
-+    for (min_pos = pos = 0; min_pos != INT64_MAX; pos = min_pos + 1ULL) {
-         int64_t max_dts = INT64_MIN / 2;
-         int64_t min_dts = INT64_MAX / 2;
-         int64_t max_buffer = 0;
---
-2.40.0